cobaltstrike | 1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0968976dd42a6ab7a84960d9c431e95d
SHA1

7a3a42bc640b3814f93e62a961e13de3923911f0
SHA256

1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8
SHA512

17f980a1f9ea254153099df52cfb74ec86dacc5938f6192589c24b61a8f96f2bc6d5aa6640ae9b80a58ce8bfacd99fe35d933fa8d60233cd3730b33cbb56c62d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUe:T+q56utgpPF8u/7e

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001924c-11.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001926b-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019271-21.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019277-26.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019389-36.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000193c4-38.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019620-51.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c4a-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d54-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fc9-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a08b-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a078-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dc1-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019faf-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db5-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c63-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d2d-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c48-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c43-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998a-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196f6-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196be-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967d-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019639-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-56.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-45.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019382-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 60 IoCs

miner

resource	yara_rule
behavioral1/memory/2480-0-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x000700000001924c-11.dat	xmrig
behavioral1/files/0x000700000001926b-15.dat	xmrig
behavioral1/files/0x0007000000019271-21.dat	xmrig
behavioral1/files/0x0006000000019277-26.dat	xmrig
behavioral1/files/0x0006000000019389-36.dat	xmrig
behavioral1/files/0x00080000000193c4-38.dat	xmrig
behavioral1/files/0x0005000000019620-51.dat	xmrig
behavioral1/files/0x0005000000019623-60.dat	xmrig
behavioral1/files/0x0005000000019629-75.dat	xmrig
behavioral1/files/0x0005000000019c4a-115.dat	xmrig
behavioral1/files/0x0005000000019d54-130.dat	xmrig
behavioral1/files/0x0005000000019fc9-151.dat	xmrig
behavioral1/memory/652-650-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/1952-648-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2200-548-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a08b-161.dat	xmrig
behavioral1/files/0x000500000001a078-154.dat	xmrig
behavioral1/files/0x0005000000019dc1-140.dat	xmrig
behavioral1/files/0x0005000000019faf-144.dat	xmrig
behavioral1/files/0x0005000000019db5-135.dat	xmrig
behavioral1/files/0x0005000000019c63-120.dat	xmrig
behavioral1/files/0x0005000000019d2d-125.dat	xmrig
behavioral1/files/0x0005000000019c48-111.dat	xmrig
behavioral1/files/0x0005000000019c43-105.dat	xmrig
behavioral1/files/0x000500000001998a-100.dat	xmrig
behavioral1/memory/2256-652-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/files/0x00050000000196f6-95.dat	xmrig
behavioral1/files/0x00050000000196be-90.dat	xmrig
behavioral1/files/0x000500000001967d-85.dat	xmrig
behavioral1/files/0x0005000000019639-80.dat	xmrig
behavioral1/files/0x0005000000019627-70.dat	xmrig
behavioral1/files/0x0005000000019625-66.dat	xmrig
behavioral1/files/0x0005000000019621-56.dat	xmrig
behavioral1/files/0x000500000001961f-45.dat	xmrig
behavioral1/files/0x0006000000019382-30.dat	xmrig
behavioral1/memory/2756-654-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2884-659-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2424-671-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2772-669-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2480-1787-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2480-1866-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2108-860-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/1700-717-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2784-667-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2872-665-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2752-663-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2880-661-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2256-4077-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2880-4144-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2872-4136-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2424-4166-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/1952-4167-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2756-4154-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/652-4170-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2884-4228-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2784-4226-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2752-4219-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2772-4152-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1700	NjEGhrC.exe
2108	TJqGWdi.exe
2200	KqfHlZw.exe
1952	bRuJQHA.exe
652	LmOLFXi.exe
2256	KaFGomH.exe
2756	cyoxiNg.exe
2884	NTFONFx.exe
2880	FGEDMqe.exe
2752	sdyCKYt.exe
2872	BLTRtKr.exe
2784	SEknxvZ.exe
2772	BvaMaho.exe
2424	aInYhAr.exe
2648	eQRhpoB.exe
1396	mNlrqCH.exe
2436	sVbzvNB.exe
2004	psKbSLD.exe
892	vEhHmFt.exe
1652	cpgxXBP.exe
2792	sDzITRm.exe
2660	uqdhWLz.exe
2864	orljYJW.exe
2988	GZOBVpo.exe
1288	cALbJOO.exe
2328	AggmiSb.exe
2172	HFHnAEO.exe
2704	cTFwKlL.exe
2348	aXPYRmZ.exe
404	KxEcDzl.exe
2428	srwoNFb.exe
1356	dSgYMCY.exe
2940	WRFumqH.exe
1744	zNXzIqg.exe
1636	zgOZpUj.exe
2124	lmWfMHr.exe
2208	ruVKrxi.exe
1348	OQogLOl.exe
1776	EAuxFPO.exe
1772	rPidDna.exe
2308	gTcLnOR.exe
2664	YFEGBuO.exe
2460	DTqQKRb.exe
2560	swTHRbE.exe
564	EbdoXca.exe
1156	CVXZjNV.exe
1932	TozuboD.exe
1232	GzDsqvR.exe
548	XRVUYWl.exe
1748	sJmffaG.exe
1784	dJYVHdu.exe
2148	XxBFvJK.exe
1576	mUPvbER.exe
1584	lvBEhRo.exe
2284	yhSlVce.exe
2908	ouInYyV.exe
1620	YWKrmpm.exe
2224	tEprtXT.exe
2900	cRdvhmc.exe
2828	wYSrtbt.exe
2632	IBfkzms.exe
2652	aRoaguM.exe
1600	UaJapEK.exe
2960	VKfqyEG.exe

Loads dropped DLL 64 IoCs

pid	Process
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2480-0-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x000700000001924c-11.dat	upx
behavioral1/files/0x000700000001926b-15.dat	upx
behavioral1/files/0x0007000000019271-21.dat	upx
behavioral1/files/0x0006000000019277-26.dat	upx
behavioral1/files/0x0006000000019389-36.dat	upx
behavioral1/files/0x00080000000193c4-38.dat	upx
behavioral1/files/0x0005000000019620-51.dat	upx
behavioral1/files/0x0005000000019623-60.dat	upx
behavioral1/files/0x0005000000019629-75.dat	upx
behavioral1/files/0x0005000000019c4a-115.dat	upx
behavioral1/files/0x0005000000019d54-130.dat	upx
behavioral1/files/0x0005000000019fc9-151.dat	upx
behavioral1/memory/652-650-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/1952-648-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2200-548-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x000500000001a08b-161.dat	upx
behavioral1/files/0x000500000001a078-154.dat	upx
behavioral1/files/0x0005000000019dc1-140.dat	upx
behavioral1/files/0x0005000000019faf-144.dat	upx
behavioral1/files/0x0005000000019db5-135.dat	upx
behavioral1/files/0x0005000000019c63-120.dat	upx
behavioral1/files/0x0005000000019d2d-125.dat	upx
behavioral1/files/0x0005000000019c48-111.dat	upx
behavioral1/files/0x0005000000019c43-105.dat	upx
behavioral1/files/0x000500000001998a-100.dat	upx
behavioral1/memory/2256-652-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/files/0x00050000000196f6-95.dat	upx
behavioral1/files/0x00050000000196be-90.dat	upx
behavioral1/files/0x000500000001967d-85.dat	upx
behavioral1/files/0x0005000000019639-80.dat	upx
behavioral1/files/0x0005000000019627-70.dat	upx
behavioral1/files/0x0005000000019625-66.dat	upx
behavioral1/files/0x0005000000019621-56.dat	upx
behavioral1/files/0x000500000001961f-45.dat	upx
behavioral1/files/0x0006000000019382-30.dat	upx
behavioral1/memory/2756-654-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2884-659-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2424-671-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2772-669-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2480-1787-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2108-860-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/1700-717-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2784-667-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2872-665-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2752-663-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2880-661-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2256-4077-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2880-4144-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2872-4136-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2424-4166-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/1952-4167-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2756-4154-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/652-4170-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2884-4228-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2784-4226-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2752-4219-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2772-4152-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ReLQoMS.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cOdCECV.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pmLafEK.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QSWsvvC.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ubQeeHG.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hidgSnO.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FhXOoYX.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GHAXqSF.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MagjzeT.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DtzJsrx.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dMPqIpc.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwQZkLS.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yZxsLct.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBviDJx.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYNdcmc.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oIAmeTG.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OJoOzZD.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KaBRkck.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMLnLCO.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PuNkwya.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KldNcUs.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\StzYIwr.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhGZvxM.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFxUtnL.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uzGcMnl.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fbQVwEi.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZXbjXXL.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lmWfMHr.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nmPQXgG.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\haSUGhi.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yqMBZCu.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\khPfIew.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ttucdre.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EKlzCOY.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YnMpUzu.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXFErUh.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVCFFJj.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oylxeCu.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VpxGLzm.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\scrkmDT.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jxytxbs.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VknPDot.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AggmiSb.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gTcLnOR.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NxcNUKA.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ETSJHUZ.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gnUrBYe.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kmkDjUj.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GMIbxIx.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iPehDDP.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ruVKrxi.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gSUMhHR.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PzgbyQG.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lSQkhqC.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NTQmigD.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kMLTFLZ.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ypjymJT.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\weqhxgJ.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZNzCUw.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RTSqUkf.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WjacdAF.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DSfMNOw.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MwBghxm.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbXgKhX.exe	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 1700	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2480 wrote to memory of 1700	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2480 wrote to memory of 1700	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2480 wrote to memory of 2108	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2480 wrote to memory of 2108	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2480 wrote to memory of 2108	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2480 wrote to memory of 2200	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2480 wrote to memory of 2200	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2480 wrote to memory of 2200	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2480 wrote to memory of 1952	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2480 wrote to memory of 1952	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2480 wrote to memory of 1952	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2480 wrote to memory of 652	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2480 wrote to memory of 652	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2480 wrote to memory of 652	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2480 wrote to memory of 2256	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2480 wrote to memory of 2256	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2480 wrote to memory of 2256	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2480 wrote to memory of 2756	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2480 wrote to memory of 2756	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2480 wrote to memory of 2756	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2480 wrote to memory of 2884	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2480 wrote to memory of 2884	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2480 wrote to memory of 2884	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2480 wrote to memory of 2880	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2480 wrote to memory of 2880	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2480 wrote to memory of 2880	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2480 wrote to memory of 2752	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2480 wrote to memory of 2752	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2480 wrote to memory of 2752	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2480 wrote to memory of 2872	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2480 wrote to memory of 2872	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2480 wrote to memory of 2872	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2480 wrote to memory of 2784	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2480 wrote to memory of 2784	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2480 wrote to memory of 2784	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2480 wrote to memory of 2772	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2480 wrote to memory of 2772	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2480 wrote to memory of 2772	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2480 wrote to memory of 2424	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2480 wrote to memory of 2424	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2480 wrote to memory of 2424	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2480 wrote to memory of 2648	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2480 wrote to memory of 2648	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2480 wrote to memory of 2648	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2480 wrote to memory of 1396	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2480 wrote to memory of 1396	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2480 wrote to memory of 1396	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2480 wrote to memory of 2436	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2480 wrote to memory of 2436	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2480 wrote to memory of 2436	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2480 wrote to memory of 2004	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2480 wrote to memory of 2004	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2480 wrote to memory of 2004	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2480 wrote to memory of 892	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2480 wrote to memory of 892	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2480 wrote to memory of 892	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2480 wrote to memory of 1652	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2480 wrote to memory of 1652	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2480 wrote to memory of 1652	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2480 wrote to memory of 2792	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2480 wrote to memory of 2792	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2480 wrote to memory of 2792	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2480 wrote to memory of 2660	2480	2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-23_0968976dd42a6ab7a84960d9c431e95d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Windows\System\NjEGhrC.exe
  C:\Windows\System\NjEGhrC.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\TJqGWdi.exe
  C:\Windows\System\TJqGWdi.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\KqfHlZw.exe
  C:\Windows\System\KqfHlZw.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\bRuJQHA.exe
  C:\Windows\System\bRuJQHA.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\LmOLFXi.exe
  C:\Windows\System\LmOLFXi.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\KaFGomH.exe
  C:\Windows\System\KaFGomH.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\cyoxiNg.exe
  C:\Windows\System\cyoxiNg.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\NTFONFx.exe
  C:\Windows\System\NTFONFx.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\FGEDMqe.exe
  C:\Windows\System\FGEDMqe.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\sdyCKYt.exe
  C:\Windows\System\sdyCKYt.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\BLTRtKr.exe
  C:\Windows\System\BLTRtKr.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\SEknxvZ.exe
  C:\Windows\System\SEknxvZ.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\BvaMaho.exe
  C:\Windows\System\BvaMaho.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\aInYhAr.exe
  C:\Windows\System\aInYhAr.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\eQRhpoB.exe
  C:\Windows\System\eQRhpoB.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\mNlrqCH.exe
  C:\Windows\System\mNlrqCH.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\sVbzvNB.exe
  C:\Windows\System\sVbzvNB.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\psKbSLD.exe
  C:\Windows\System\psKbSLD.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\vEhHmFt.exe
  C:\Windows\System\vEhHmFt.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\cpgxXBP.exe
  C:\Windows\System\cpgxXBP.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\sDzITRm.exe
  C:\Windows\System\sDzITRm.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\uqdhWLz.exe
  C:\Windows\System\uqdhWLz.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\orljYJW.exe
  C:\Windows\System\orljYJW.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\GZOBVpo.exe
  C:\Windows\System\GZOBVpo.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\cALbJOO.exe
  C:\Windows\System\cALbJOO.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\AggmiSb.exe
  C:\Windows\System\AggmiSb.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\HFHnAEO.exe
  C:\Windows\System\HFHnAEO.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\cTFwKlL.exe
  C:\Windows\System\cTFwKlL.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\aXPYRmZ.exe
  C:\Windows\System\aXPYRmZ.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\KxEcDzl.exe
  C:\Windows\System\KxEcDzl.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\srwoNFb.exe
  C:\Windows\System\srwoNFb.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\dSgYMCY.exe
  C:\Windows\System\dSgYMCY.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\WRFumqH.exe
  C:\Windows\System\WRFumqH.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\zNXzIqg.exe
  C:\Windows\System\zNXzIqg.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\zgOZpUj.exe
  C:\Windows\System\zgOZpUj.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\ruVKrxi.exe
  C:\Windows\System\ruVKrxi.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\lmWfMHr.exe
  C:\Windows\System\lmWfMHr.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\OQogLOl.exe
  C:\Windows\System\OQogLOl.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\EAuxFPO.exe
  C:\Windows\System\EAuxFPO.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\rPidDna.exe
  C:\Windows\System\rPidDna.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\gTcLnOR.exe
  C:\Windows\System\gTcLnOR.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\YFEGBuO.exe
  C:\Windows\System\YFEGBuO.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\DTqQKRb.exe
  C:\Windows\System\DTqQKRb.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\swTHRbE.exe
  C:\Windows\System\swTHRbE.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\EbdoXca.exe
  C:\Windows\System\EbdoXca.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\CVXZjNV.exe
  C:\Windows\System\CVXZjNV.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\TozuboD.exe
  C:\Windows\System\TozuboD.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\GzDsqvR.exe
  C:\Windows\System\GzDsqvR.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\XRVUYWl.exe
  C:\Windows\System\XRVUYWl.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\sJmffaG.exe
  C:\Windows\System\sJmffaG.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\dJYVHdu.exe
  C:\Windows\System\dJYVHdu.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\XxBFvJK.exe
  C:\Windows\System\XxBFvJK.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\mUPvbER.exe
  C:\Windows\System\mUPvbER.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\lvBEhRo.exe
  C:\Windows\System\lvBEhRo.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\yhSlVce.exe
  C:\Windows\System\yhSlVce.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\YWKrmpm.exe
  C:\Windows\System\YWKrmpm.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\ouInYyV.exe
  C:\Windows\System\ouInYyV.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\wYSrtbt.exe
  C:\Windows\System\wYSrtbt.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\tEprtXT.exe
  C:\Windows\System\tEprtXT.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\yZRXalB.exe
  C:\Windows\System\yZRXalB.exe
  2⤵
  PID:2812
- C:\Windows\System\cRdvhmc.exe
  C:\Windows\System\cRdvhmc.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\IVHrPqE.exe
  C:\Windows\System\IVHrPqE.exe
  2⤵
  PID:2744
- C:\Windows\System\IBfkzms.exe
  C:\Windows\System\IBfkzms.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\CySvRny.exe
  C:\Windows\System\CySvRny.exe
  2⤵
  PID:1796
- C:\Windows\System\aRoaguM.exe
  C:\Windows\System\aRoaguM.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\CQTfZDN.exe
  C:\Windows\System\CQTfZDN.exe
  2⤵
  PID:844
- C:\Windows\System\UaJapEK.exe
  C:\Windows\System\UaJapEK.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\eAWAyfY.exe
  C:\Windows\System\eAWAyfY.exe
  2⤵
  PID:3024
- C:\Windows\System\VKfqyEG.exe
  C:\Windows\System\VKfqyEG.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\htuKiXP.exe
  C:\Windows\System\htuKiXP.exe
  2⤵
  PID:3012
- C:\Windows\System\OQFsrPm.exe
  C:\Windows\System\OQFsrPm.exe
  2⤵
  PID:2360
- C:\Windows\System\UhAIfTw.exe
  C:\Windows\System\UhAIfTw.exe
  2⤵
  PID:1268
- C:\Windows\System\JbrbPsN.exe
  C:\Windows\System\JbrbPsN.exe
  2⤵
  PID:616
- C:\Windows\System\KiPxNgT.exe
  C:\Windows\System\KiPxNgT.exe
  2⤵
  PID:868
- C:\Windows\System\MZXtHGF.exe
  C:\Windows\System\MZXtHGF.exe
  2⤵
  PID:1060
- C:\Windows\System\NxcNUKA.exe
  C:\Windows\System\NxcNUKA.exe
  2⤵
  PID:1532
- C:\Windows\System\XnozsWo.exe
  C:\Windows\System\XnozsWo.exe
  2⤵
  PID:924
- C:\Windows\System\DpizNez.exe
  C:\Windows\System\DpizNez.exe
  2⤵
  PID:716
- C:\Windows\System\erGabOa.exe
  C:\Windows\System\erGabOa.exe
  2⤵
  PID:2088
- C:\Windows\System\wjJcTDF.exe
  C:\Windows\System\wjJcTDF.exe
  2⤵
  PID:2364
- C:\Windows\System\pirsTqj.exe
  C:\Windows\System\pirsTqj.exe
  2⤵
  PID:592
- C:\Windows\System\tMXISRj.exe
  C:\Windows\System\tMXISRj.exe
  2⤵
  PID:524
- C:\Windows\System\MsZwqOc.exe
  C:\Windows\System\MsZwqOc.exe
  2⤵
  PID:1580
- C:\Windows\System\dAmutwa.exe
  C:\Windows\System\dAmutwa.exe
  2⤵
  PID:1332
- C:\Windows\System\OiLOVsq.exe
  C:\Windows\System\OiLOVsq.exe
  2⤵
  PID:2452
- C:\Windows\System\GMytNdz.exe
  C:\Windows\System\GMytNdz.exe
  2⤵
  PID:1640
- C:\Windows\System\kRiADFW.exe
  C:\Windows\System\kRiADFW.exe
  2⤵
  PID:896
- C:\Windows\System\ycFfkjU.exe
  C:\Windows\System\ycFfkjU.exe
  2⤵
  PID:600
- C:\Windows\System\NBDtWtC.exe
  C:\Windows\System\NBDtWtC.exe
  2⤵
  PID:2620
- C:\Windows\System\UDXNHCL.exe
  C:\Windows\System\UDXNHCL.exe
  2⤵
  PID:2012
- C:\Windows\System\AlcYcNh.exe
  C:\Windows\System\AlcYcNh.exe
  2⤵
  PID:2528
- C:\Windows\System\lxCEDZf.exe
  C:\Windows\System\lxCEDZf.exe
  2⤵
  PID:2848
- C:\Windows\System\olRGXzR.exe
  C:\Windows\System\olRGXzR.exe
  2⤵
  PID:2800
- C:\Windows\System\QKspWcZ.exe
  C:\Windows\System\QKspWcZ.exe
  2⤵
  PID:2432
- C:\Windows\System\oYtTEQU.exe
  C:\Windows\System\oYtTEQU.exe
  2⤵
  PID:2584
- C:\Windows\System\KQOQBlC.exe
  C:\Windows\System\KQOQBlC.exe
  2⤵
  PID:1244
- C:\Windows\System\uHjSlec.exe
  C:\Windows\System\uHjSlec.exe
  2⤵
  PID:304
- C:\Windows\System\CguhYyX.exe
  C:\Windows\System\CguhYyX.exe
  2⤵
  PID:1048
- C:\Windows\System\KlOGuIo.exe
  C:\Windows\System\KlOGuIo.exe
  2⤵
  PID:2036
- C:\Windows\System\JIeRhZB.exe
  C:\Windows\System\JIeRhZB.exe
  2⤵
  PID:2232
- C:\Windows\System\oYaqQXU.exe
  C:\Windows\System\oYaqQXU.exe
  2⤵
  PID:1872
- C:\Windows\System\QfKodvg.exe
  C:\Windows\System\QfKodvg.exe
  2⤵
  PID:2376
- C:\Windows\System\LUluILU.exe
  C:\Windows\System\LUluILU.exe
  2⤵
  PID:316
- C:\Windows\System\eWzIVrQ.exe
  C:\Windows\System\eWzIVrQ.exe
  2⤵
  PID:1560
- C:\Windows\System\VGCpfGg.exe
  C:\Windows\System\VGCpfGg.exe
  2⤵
  PID:812
- C:\Windows\System\kZCXWmG.exe
  C:\Windows\System\kZCXWmG.exe
  2⤵
  PID:700
- C:\Windows\System\cXqvvBy.exe
  C:\Windows\System\cXqvvBy.exe
  2⤵
  PID:2520
- C:\Windows\System\sbHPeAb.exe
  C:\Windows\System\sbHPeAb.exe
  2⤵
  PID:2668
- C:\Windows\System\ZohopCd.exe
  C:\Windows\System\ZohopCd.exe
  2⤵
  PID:808
- C:\Windows\System\YvZWBVl.exe
  C:\Windows\System\YvZWBVl.exe
  2⤵
  PID:2868
- C:\Windows\System\NeyANCG.exe
  C:\Windows\System\NeyANCG.exe
  2⤵
  PID:1520
- C:\Windows\System\iAvwGvl.exe
  C:\Windows\System\iAvwGvl.exe
  2⤵
  PID:1380
- C:\Windows\System\DKydQvq.exe
  C:\Windows\System\DKydQvq.exe
  2⤵
  PID:1152
- C:\Windows\System\PRJZIhO.exe
  C:\Windows\System\PRJZIhO.exe
  2⤵
  PID:1668
- C:\Windows\System\SFaHvrl.exe
  C:\Windows\System\SFaHvrl.exe
  2⤵
  PID:968
- C:\Windows\System\vIsOgmT.exe
  C:\Windows\System\vIsOgmT.exe
  2⤵
  PID:3084
- C:\Windows\System\KWHQDsP.exe
  C:\Windows\System\KWHQDsP.exe
  2⤵
  PID:3104
- C:\Windows\System\XwQZkLS.exe
  C:\Windows\System\XwQZkLS.exe
  2⤵
  PID:3124
- C:\Windows\System\CoawaCV.exe
  C:\Windows\System\CoawaCV.exe
  2⤵
  PID:3152
- C:\Windows\System\ISXaKwp.exe
  C:\Windows\System\ISXaKwp.exe
  2⤵
  PID:3168
- C:\Windows\System\CADHqYt.exe
  C:\Windows\System\CADHqYt.exe
  2⤵
  PID:3188
- C:\Windows\System\qKBgNPr.exe
  C:\Windows\System\qKBgNPr.exe
  2⤵
  PID:3208
- C:\Windows\System\crXjckM.exe
  C:\Windows\System\crXjckM.exe
  2⤵
  PID:3228
- C:\Windows\System\IQGaJQt.exe
  C:\Windows\System\IQGaJQt.exe
  2⤵
  PID:3244
- C:\Windows\System\CvRCgcg.exe
  C:\Windows\System\CvRCgcg.exe
  2⤵
  PID:3264
- C:\Windows\System\bHKrfJd.exe
  C:\Windows\System\bHKrfJd.exe
  2⤵
  PID:3280
- C:\Windows\System\mKtyWWb.exe
  C:\Windows\System\mKtyWWb.exe
  2⤵
  PID:3304
- C:\Windows\System\qDlaliN.exe
  C:\Windows\System\qDlaliN.exe
  2⤵
  PID:3320
- C:\Windows\System\ZKXmTWX.exe
  C:\Windows\System\ZKXmTWX.exe
  2⤵
  PID:3344
- C:\Windows\System\pQMCSQj.exe
  C:\Windows\System\pQMCSQj.exe
  2⤵
  PID:3360
- C:\Windows\System\PoPgbjl.exe
  C:\Windows\System\PoPgbjl.exe
  2⤵
  PID:3380
- C:\Windows\System\HWZmIky.exe
  C:\Windows\System\HWZmIky.exe
  2⤵
  PID:3396
- C:\Windows\System\KmIjdst.exe
  C:\Windows\System\KmIjdst.exe
  2⤵
  PID:3420
- C:\Windows\System\OPqOgMH.exe
  C:\Windows\System\OPqOgMH.exe
  2⤵
  PID:3436
- C:\Windows\System\mFQfEGN.exe
  C:\Windows\System\mFQfEGN.exe
  2⤵
  PID:3452
- C:\Windows\System\ioQByka.exe
  C:\Windows\System\ioQByka.exe
  2⤵
  PID:3468
- C:\Windows\System\SUhEFeA.exe
  C:\Windows\System\SUhEFeA.exe
  2⤵
  PID:3484
- C:\Windows\System\HgihhrZ.exe
  C:\Windows\System\HgihhrZ.exe
  2⤵
  PID:3500
- C:\Windows\System\DxMfadt.exe
  C:\Windows\System\DxMfadt.exe
  2⤵
  PID:3516
- C:\Windows\System\eCIwKRY.exe
  C:\Windows\System\eCIwKRY.exe
  2⤵
  PID:3536
- C:\Windows\System\spawuGK.exe
  C:\Windows\System\spawuGK.exe
  2⤵
  PID:3552
- C:\Windows\System\phjStdP.exe
  C:\Windows\System\phjStdP.exe
  2⤵
  PID:3576
- C:\Windows\System\mJCApRE.exe
  C:\Windows\System\mJCApRE.exe
  2⤵
  PID:3592
- C:\Windows\System\xKtAurZ.exe
  C:\Windows\System\xKtAurZ.exe
  2⤵
  PID:3608
- C:\Windows\System\sKVBDzB.exe
  C:\Windows\System\sKVBDzB.exe
  2⤵
  PID:3624
- C:\Windows\System\whFSsOe.exe
  C:\Windows\System\whFSsOe.exe
  2⤵
  PID:3644
- C:\Windows\System\ytVbzuz.exe
  C:\Windows\System\ytVbzuz.exe
  2⤵
  PID:3664
- C:\Windows\System\QXDIqRy.exe
  C:\Windows\System\QXDIqRy.exe
  2⤵
  PID:3684
- C:\Windows\System\bPPakHk.exe
  C:\Windows\System\bPPakHk.exe
  2⤵
  PID:3704
- C:\Windows\System\fkuasIv.exe
  C:\Windows\System\fkuasIv.exe
  2⤵
  PID:3720
- C:\Windows\System\lCaRtpN.exe
  C:\Windows\System\lCaRtpN.exe
  2⤵
  PID:3760
- C:\Windows\System\hZxDlkC.exe
  C:\Windows\System\hZxDlkC.exe
  2⤵
  PID:3776
- C:\Windows\System\whdkGaT.exe
  C:\Windows\System\whdkGaT.exe
  2⤵
  PID:3792
- C:\Windows\System\fwSmSCJ.exe
  C:\Windows\System\fwSmSCJ.exe
  2⤵
  PID:3808
- C:\Windows\System\xbObCmT.exe
  C:\Windows\System\xbObCmT.exe
  2⤵
  PID:3824
- C:\Windows\System\LmSsIjg.exe
  C:\Windows\System\LmSsIjg.exe
  2⤵
  PID:3840
- C:\Windows\System\OEzPgSB.exe
  C:\Windows\System\OEzPgSB.exe
  2⤵
  PID:3868
- C:\Windows\System\UeGPgZD.exe
  C:\Windows\System\UeGPgZD.exe
  2⤵
  PID:3884
- C:\Windows\System\dKcdToW.exe
  C:\Windows\System\dKcdToW.exe
  2⤵
  PID:3900
- C:\Windows\System\YsueAhO.exe
  C:\Windows\System\YsueAhO.exe
  2⤵
  PID:3916
- C:\Windows\System\fMzGoGJ.exe
  C:\Windows\System\fMzGoGJ.exe
  2⤵
  PID:3936
- C:\Windows\System\gIGFFZA.exe
  C:\Windows\System\gIGFFZA.exe
  2⤵
  PID:3952
- C:\Windows\System\srDwdYf.exe
  C:\Windows\System\srDwdYf.exe
  2⤵
  PID:3968
- C:\Windows\System\sCHHHjh.exe
  C:\Windows\System\sCHHHjh.exe
  2⤵
  PID:3988
- C:\Windows\System\zjEyprF.exe
  C:\Windows\System\zjEyprF.exe
  2⤵
  PID:4004
- C:\Windows\System\zggYDRm.exe
  C:\Windows\System\zggYDRm.exe
  2⤵
  PID:4024
- C:\Windows\System\zSMfecD.exe
  C:\Windows\System\zSMfecD.exe
  2⤵
  PID:4040
- C:\Windows\System\NpZSeey.exe
  C:\Windows\System\NpZSeey.exe
  2⤵
  PID:4084
- C:\Windows\System\HcLzrfc.exe
  C:\Windows\System\HcLzrfc.exe
  2⤵
  PID:1032
- C:\Windows\System\cOpnZQM.exe
  C:\Windows\System\cOpnZQM.exe
  2⤵
  PID:2748
- C:\Windows\System\dRvhBYs.exe
  C:\Windows\System\dRvhBYs.exe
  2⤵
  PID:1604
- C:\Windows\System\KGCzmVz.exe
  C:\Windows\System\KGCzmVz.exe
  2⤵
  PID:2760
- C:\Windows\System\eKeqoMb.exe
  C:\Windows\System\eKeqoMb.exe
  2⤵
  PID:2476
- C:\Windows\System\HRqPjXN.exe
  C:\Windows\System\HRqPjXN.exe
  2⤵
  PID:2952
- C:\Windows\System\NcLhHGK.exe
  C:\Windows\System\NcLhHGK.exe
  2⤵
  PID:1740
- C:\Windows\System\NyHjTrz.exe
  C:\Windows\System\NyHjTrz.exe
  2⤵
  PID:1780
- C:\Windows\System\xNCCQpb.exe
  C:\Windows\System\xNCCQpb.exe
  2⤵
  PID:3196
- C:\Windows\System\jfdwbsg.exe
  C:\Windows\System\jfdwbsg.exe
  2⤵
  PID:3240
- C:\Windows\System\LytDeJT.exe
  C:\Windows\System\LytDeJT.exe
  2⤵
  PID:3352
- C:\Windows\System\VjWERnN.exe
  C:\Windows\System\VjWERnN.exe
  2⤵
  PID:3252
- C:\Windows\System\tFnrOWf.exe
  C:\Windows\System\tFnrOWf.exe
  2⤵
  PID:3136
- C:\Windows\System\bAMeqTR.exe
  C:\Windows\System\bAMeqTR.exe
  2⤵
  PID:3300
- C:\Windows\System\wPFTaKi.exe
  C:\Windows\System\wPFTaKi.exe
  2⤵
  PID:2072
- C:\Windows\System\TsBnMnL.exe
  C:\Windows\System\TsBnMnL.exe
  2⤵
  PID:3340
- C:\Windows\System\NuEzMXG.exe
  C:\Windows\System\NuEzMXG.exe
  2⤵
  PID:3092
- C:\Windows\System\zdNEKuT.exe
  C:\Windows\System\zdNEKuT.exe
  2⤵
  PID:3376
- C:\Windows\System\bbRRIfU.exe
  C:\Windows\System\bbRRIfU.exe
  2⤵
  PID:3224
- C:\Windows\System\vmZAXwP.exe
  C:\Windows\System\vmZAXwP.exe
  2⤵
  PID:3408
- C:\Windows\System\seOoJJT.exe
  C:\Windows\System\seOoJJT.exe
  2⤵
  PID:3492
- C:\Windows\System\kNTGXNP.exe
  C:\Windows\System\kNTGXNP.exe
  2⤵
  PID:3532
- C:\Windows\System\WbalIvT.exe
  C:\Windows\System\WbalIvT.exe
  2⤵
  PID:3572
- C:\Windows\System\xhsoqNS.exe
  C:\Windows\System\xhsoqNS.exe
  2⤵
  PID:3636
- C:\Windows\System\tbRaxjK.exe
  C:\Windows\System\tbRaxjK.exe
  2⤵
  PID:3680
- C:\Windows\System\XxOvlcU.exe
  C:\Windows\System\XxOvlcU.exe
  2⤵
  PID:3476
- C:\Windows\System\xyiXjAw.exe
  C:\Windows\System\xyiXjAw.exe
  2⤵
  PID:3772
- C:\Windows\System\pknRiLz.exe
  C:\Windows\System\pknRiLz.exe
  2⤵
  PID:3548
- C:\Windows\System\nAaKdXb.exe
  C:\Windows\System\nAaKdXb.exe
  2⤵
  PID:3620
- C:\Windows\System\ckweWvV.exe
  C:\Windows\System\ckweWvV.exe
  2⤵
  PID:3692
- C:\Windows\System\rlluQFY.exe
  C:\Windows\System\rlluQFY.exe
  2⤵
  PID:3732
- C:\Windows\System\NZckbYT.exe
  C:\Windows\System\NZckbYT.exe
  2⤵
  PID:3748
- C:\Windows\System\ZTZUmZk.exe
  C:\Windows\System\ZTZUmZk.exe
  2⤵
  PID:3788
- C:\Windows\System\NANITpo.exe
  C:\Windows\System\NANITpo.exe
  2⤵
  PID:3804
- C:\Windows\System\yZxsLct.exe
  C:\Windows\System\yZxsLct.exe
  2⤵
  PID:3880
- C:\Windows\System\cWNKxJs.exe
  C:\Windows\System\cWNKxJs.exe
  2⤵
  PID:3948
- C:\Windows\System\obVnvRY.exe
  C:\Windows\System\obVnvRY.exe
  2⤵
  PID:4012
- C:\Windows\System\mMbZZdA.exe
  C:\Windows\System\mMbZZdA.exe
  2⤵
  PID:4060
- C:\Windows\System\FfcRrdG.exe
  C:\Windows\System\FfcRrdG.exe
  2⤵
  PID:4076
- C:\Windows\System\iWNGmXo.exe
  C:\Windows\System\iWNGmXo.exe
  2⤵
  PID:3604
- C:\Windows\System\QBviDJx.exe
  C:\Windows\System\QBviDJx.exe
  2⤵
  PID:3676
- C:\Windows\System\jfLXYOP.exe
  C:\Windows\System\jfLXYOP.exe
  2⤵
  PID:3700
- C:\Windows\System\nCCsiVc.exe
  C:\Windows\System\nCCsiVc.exe
  2⤵
  PID:3876
- C:\Windows\System\wlWaWTu.exe
  C:\Windows\System\wlWaWTu.exe
  2⤵
  PID:4036
- C:\Windows\System\Mdcnppa.exe
  C:\Windows\System\Mdcnppa.exe
  2⤵
  PID:3960
- C:\Windows\System\hYETqYN.exe
  C:\Windows\System\hYETqYN.exe
  2⤵
  PID:3892
- C:\Windows\System\EqsmArO.exe
  C:\Windows\System\EqsmArO.exe
  2⤵
  PID:4092
- C:\Windows\System\dLhKbQI.exe
  C:\Windows\System\dLhKbQI.exe
  2⤵
  PID:3656
- C:\Windows\System\FIaidfE.exe
  C:\Windows\System\FIaidfE.exe
  2⤵
  PID:3820
- C:\Windows\System\ayeJOwD.exe
  C:\Windows\System\ayeJOwD.exe
  2⤵
  PID:4048
- C:\Windows\System\OhkMNlc.exe
  C:\Windows\System\OhkMNlc.exe
  2⤵
  PID:3112
- C:\Windows\System\rNUlwGd.exe
  C:\Windows\System\rNUlwGd.exe
  2⤵
  PID:3312
- C:\Windows\System\cXmmqle.exe
  C:\Windows\System\cXmmqle.exe
  2⤵
  PID:2944
- C:\Windows\System\CouIZwJ.exe
  C:\Windows\System\CouIZwJ.exe
  2⤵
  PID:3848
- C:\Windows\System\TKWEtyM.exe
  C:\Windows\System\TKWEtyM.exe
  2⤵
  PID:3864
- C:\Windows\System\RxpfMvF.exe
  C:\Windows\System\RxpfMvF.exe
  2⤵
  PID:3180
- C:\Windows\System\qIpumwm.exe
  C:\Windows\System\qIpumwm.exe
  2⤵
  PID:3564
- C:\Windows\System\eOizIPc.exe
  C:\Windows\System\eOizIPc.exe
  2⤵
  PID:4108
- C:\Windows\System\iygVWfJ.exe
  C:\Windows\System\iygVWfJ.exe
  2⤵
  PID:4124
- C:\Windows\System\BDOSIHJ.exe
  C:\Windows\System\BDOSIHJ.exe
  2⤵
  PID:4140
- C:\Windows\System\KQWQRJs.exe
  C:\Windows\System\KQWQRJs.exe
  2⤵
  PID:4156
- C:\Windows\System\cdbMZpC.exe
  C:\Windows\System\cdbMZpC.exe
  2⤵
  PID:4180
- C:\Windows\System\ZQFZEev.exe
  C:\Windows\System\ZQFZEev.exe
  2⤵
  PID:4196
- C:\Windows\System\jiUKocl.exe
  C:\Windows\System\jiUKocl.exe
  2⤵
  PID:4212
- C:\Windows\System\PpSuDVQ.exe
  C:\Windows\System\PpSuDVQ.exe
  2⤵
  PID:4228
- C:\Windows\System\fUgMyFd.exe
  C:\Windows\System\fUgMyFd.exe
  2⤵
  PID:4244
- C:\Windows\System\xYNdcmc.exe
  C:\Windows\System\xYNdcmc.exe
  2⤵
  PID:4268
- C:\Windows\System\VXjwesH.exe
  C:\Windows\System\VXjwesH.exe
  2⤵
  PID:4300
- C:\Windows\System\CVLrWRc.exe
  C:\Windows\System\CVLrWRc.exe
  2⤵
  PID:4364
- C:\Windows\System\ERJcMhP.exe
  C:\Windows\System\ERJcMhP.exe
  2⤵
  PID:4384
- C:\Windows\System\WxSTMLL.exe
  C:\Windows\System\WxSTMLL.exe
  2⤵
  PID:4404
- C:\Windows\System\shsseWH.exe
  C:\Windows\System\shsseWH.exe
  2⤵
  PID:4420
- C:\Windows\System\wIsXzII.exe
  C:\Windows\System\wIsXzII.exe
  2⤵
  PID:4436
- C:\Windows\System\hWyeISg.exe
  C:\Windows\System\hWyeISg.exe
  2⤵
  PID:4460
- C:\Windows\System\QxtVuur.exe
  C:\Windows\System\QxtVuur.exe
  2⤵
  PID:4480
- C:\Windows\System\QIjeZdL.exe
  C:\Windows\System\QIjeZdL.exe
  2⤵
  PID:4500
- C:\Windows\System\gSUMhHR.exe
  C:\Windows\System\gSUMhHR.exe
  2⤵
  PID:4524
- C:\Windows\System\BoUjRkl.exe
  C:\Windows\System\BoUjRkl.exe
  2⤵
  PID:4544
- C:\Windows\System\ssrbWmu.exe
  C:\Windows\System\ssrbWmu.exe
  2⤵
  PID:4564
- C:\Windows\System\yCgXHAQ.exe
  C:\Windows\System\yCgXHAQ.exe
  2⤵
  PID:4580
- C:\Windows\System\CrJkJfE.exe
  C:\Windows\System\CrJkJfE.exe
  2⤵
  PID:4600
- C:\Windows\System\siKPtki.exe
  C:\Windows\System\siKPtki.exe
  2⤵
  PID:4620
- C:\Windows\System\qtoKquu.exe
  C:\Windows\System\qtoKquu.exe
  2⤵
  PID:4644
- C:\Windows\System\wzzqhRo.exe
  C:\Windows\System\wzzqhRo.exe
  2⤵
  PID:4660
- C:\Windows\System\ZbEwkyg.exe
  C:\Windows\System\ZbEwkyg.exe
  2⤵
  PID:4680
- C:\Windows\System\OBLdXSJ.exe
  C:\Windows\System\OBLdXSJ.exe
  2⤵
  PID:4700
- C:\Windows\System\gHFMiNU.exe
  C:\Windows\System\gHFMiNU.exe
  2⤵
  PID:4716
- C:\Windows\System\MYojuDm.exe
  C:\Windows\System\MYojuDm.exe
  2⤵
  PID:4736
- C:\Windows\System\umdWrxS.exe
  C:\Windows\System\umdWrxS.exe
  2⤵
  PID:4756
- C:\Windows\System\RTBWJMb.exe
  C:\Windows\System\RTBWJMb.exe
  2⤵
  PID:4792
- C:\Windows\System\CuFxMUt.exe
  C:\Windows\System\CuFxMUt.exe
  2⤵
  PID:4812
- C:\Windows\System\EMLnLCO.exe
  C:\Windows\System\EMLnLCO.exe
  2⤵
  PID:4828
- C:\Windows\System\sjkYnBr.exe
  C:\Windows\System\sjkYnBr.exe
  2⤵
  PID:4848
- C:\Windows\System\YYFWXrS.exe
  C:\Windows\System\YYFWXrS.exe
  2⤵
  PID:4864
- C:\Windows\System\asOiYyg.exe
  C:\Windows\System\asOiYyg.exe
  2⤵
  PID:4884
- C:\Windows\System\nKRBmse.exe
  C:\Windows\System\nKRBmse.exe
  2⤵
  PID:4904
- C:\Windows\System\GSHEkSh.exe
  C:\Windows\System\GSHEkSh.exe
  2⤵
  PID:4924
- C:\Windows\System\qBQoimv.exe
  C:\Windows\System\qBQoimv.exe
  2⤵
  PID:4948
- C:\Windows\System\AfjvVtO.exe
  C:\Windows\System\AfjvVtO.exe
  2⤵
  PID:4968
- C:\Windows\System\QJiQTfp.exe
  C:\Windows\System\QJiQTfp.exe
  2⤵
  PID:4984
- C:\Windows\System\FrRtNDP.exe
  C:\Windows\System\FrRtNDP.exe
  2⤵
  PID:5004
- C:\Windows\System\rOqlRPh.exe
  C:\Windows\System\rOqlRPh.exe
  2⤵
  PID:5028
- C:\Windows\System\FfdjcSx.exe
  C:\Windows\System\FfdjcSx.exe
  2⤵
  PID:5048
- C:\Windows\System\LoCKvtq.exe
  C:\Windows\System\LoCKvtq.exe
  2⤵
  PID:5064
- C:\Windows\System\WrCHSRJ.exe
  C:\Windows\System\WrCHSRJ.exe
  2⤵
  PID:5080
- C:\Windows\System\OTCBKen.exe
  C:\Windows\System\OTCBKen.exe
  2⤵
  PID:5112
- C:\Windows\System\DJUXjLQ.exe
  C:\Windows\System\DJUXjLQ.exe
  2⤵
  PID:4000
- C:\Windows\System\afsXySq.exe
  C:\Windows\System\afsXySq.exe
  2⤵
  PID:2160
- C:\Windows\System\Qcprrxx.exe
  C:\Windows\System\Qcprrxx.exe
  2⤵
  PID:680
- C:\Windows\System\lfNcRFa.exe
  C:\Windows\System\lfNcRFa.exe
  2⤵
  PID:3368
- C:\Windows\System\AFxUtnL.exe
  C:\Windows\System\AFxUtnL.exe
  2⤵
  PID:4148
- C:\Windows\System\IVyCAXY.exe
  C:\Windows\System\IVyCAXY.exe
  2⤵
  PID:3588
- C:\Windows\System\PuNkwya.exe
  C:\Windows\System\PuNkwya.exe
  2⤵
  PID:4068
- C:\Windows\System\dhbuUeT.exe
  C:\Windows\System\dhbuUeT.exe
  2⤵
  PID:4264
- C:\Windows\System\apvTRbo.exe
  C:\Windows\System\apvTRbo.exe
  2⤵
  PID:4320
- C:\Windows\System\BwtBkiL.exe
  C:\Windows\System\BwtBkiL.exe
  2⤵
  PID:4344
- C:\Windows\System\pwWvRLj.exe
  C:\Windows\System\pwWvRLj.exe
  2⤵
  PID:4360
- C:\Windows\System\tXypXbc.exe
  C:\Windows\System\tXypXbc.exe
  2⤵
  PID:4164
- C:\Windows\System\UROPnoT.exe
  C:\Windows\System\UROPnoT.exe
  2⤵
  PID:4204
- C:\Windows\System\xySReEa.exe
  C:\Windows\System\xySReEa.exe
  2⤵
  PID:4280
- C:\Windows\System\WfDmknM.exe
  C:\Windows\System\WfDmknM.exe
  2⤵
  PID:4100
- C:\Windows\System\HlLARcW.exe
  C:\Windows\System\HlLARcW.exe
  2⤵
  PID:3164
- C:\Windows\System\XiiYstp.exe
  C:\Windows\System\XiiYstp.exe
  2⤵
  PID:3896
- C:\Windows\System\DvDFpnq.exe
  C:\Windows\System\DvDFpnq.exe
  2⤵
  PID:4468
- C:\Windows\System\NhxxSjR.exe
  C:\Windows\System\NhxxSjR.exe
  2⤵
  PID:4516
- C:\Windows\System\DsWImhK.exe
  C:\Windows\System\DsWImhK.exe
  2⤵
  PID:4560
- C:\Windows\System\JNYGixn.exe
  C:\Windows\System\JNYGixn.exe
  2⤵
  PID:4412
- C:\Windows\System\FtrIzpI.exe
  C:\Windows\System\FtrIzpI.exe
  2⤵
  PID:4452
- C:\Windows\System\IVwQmEZ.exe
  C:\Windows\System\IVwQmEZ.exe
  2⤵
  PID:4540
- C:\Windows\System\CvAgMyV.exe
  C:\Windows\System\CvAgMyV.exe
  2⤵
  PID:4536
- C:\Windows\System\KAzqpHH.exe
  C:\Windows\System\KAzqpHH.exe
  2⤵
  PID:4676
- C:\Windows\System\uYOkepd.exe
  C:\Windows\System\uYOkepd.exe
  2⤵
  PID:4612
- C:\Windows\System\DxpFhgz.exe
  C:\Windows\System\DxpFhgz.exe
  2⤵
  PID:4748
- C:\Windows\System\PpDCCZE.exe
  C:\Windows\System\PpDCCZE.exe
  2⤵
  PID:4800
- C:\Windows\System\ttEVRcc.exe
  C:\Windows\System\ttEVRcc.exe
  2⤵
  PID:4724
- C:\Windows\System\rtZDmwe.exe
  C:\Windows\System\rtZDmwe.exe
  2⤵
  PID:4840
- C:\Windows\System\NaBoOMb.exe
  C:\Windows\System\NaBoOMb.exe
  2⤵
  PID:4872
- C:\Windows\System\ASXJGmQ.exe
  C:\Windows\System\ASXJGmQ.exe
  2⤵
  PID:4788
- C:\Windows\System\UEpmLBO.exe
  C:\Windows\System\UEpmLBO.exe
  2⤵
  PID:4964
- C:\Windows\System\NJOvNRO.exe
  C:\Windows\System\NJOvNRO.exe
  2⤵
  PID:4856
- C:\Windows\System\WzSHjvy.exe
  C:\Windows\System\WzSHjvy.exe
  2⤵
  PID:4940
- C:\Windows\System\QiWoqxV.exe
  C:\Windows\System\QiWoqxV.exe
  2⤵
  PID:5036
- C:\Windows\System\BNPaqQU.exe
  C:\Windows\System\BNPaqQU.exe
  2⤵
  PID:4980
- C:\Windows\System\NBjEANn.exe
  C:\Windows\System\NBjEANn.exe
  2⤵
  PID:3740
- C:\Windows\System\NHbEuZm.exe
  C:\Windows\System\NHbEuZm.exe
  2⤵
  PID:5060
- C:\Windows\System\VHHDaST.exe
  C:\Windows\System\VHHDaST.exe
  2⤵
  PID:5056
- C:\Windows\System\QLnEGwS.exe
  C:\Windows\System\QLnEGwS.exe
  2⤵
  PID:4120
- C:\Windows\System\qgHlfXD.exe
  C:\Windows\System\qgHlfXD.exe
  2⤵
  PID:3996
- C:\Windows\System\aYeeAZo.exe
  C:\Windows\System\aYeeAZo.exe
  2⤵
  PID:4316
- C:\Windows\System\mxmVuEM.exe
  C:\Windows\System\mxmVuEM.exe
  2⤵
  PID:4188
- C:\Windows\System\LxvSUEZ.exe
  C:\Windows\System\LxvSUEZ.exe
  2⤵
  PID:3616
- C:\Windows\System\awldCrF.exe
  C:\Windows\System\awldCrF.exe
  2⤵
  PID:4176
- C:\Windows\System\mhAelBK.exe
  C:\Windows\System\mhAelBK.exe
  2⤵
  PID:4328
- C:\Windows\System\GHAXqSF.exe
  C:\Windows\System\GHAXqSF.exe
  2⤵
  PID:3944
- C:\Windows\System\ETSJHUZ.exe
  C:\Windows\System\ETSJHUZ.exe
  2⤵
  PID:4400
- C:\Windows\System\Wcaqcjd.exe
  C:\Windows\System\Wcaqcjd.exe
  2⤵
  PID:4476
- C:\Windows\System\kaDTDOS.exe
  C:\Windows\System\kaDTDOS.exe
  2⤵
  PID:4488
- C:\Windows\System\JXxSAUF.exe
  C:\Windows\System\JXxSAUF.exe
  2⤵
  PID:3132
- C:\Windows\System\LThaHcB.exe
  C:\Windows\System\LThaHcB.exe
  2⤵
  PID:4632
- C:\Windows\System\wJqkiCY.exe
  C:\Windows\System\wJqkiCY.exe
  2⤵
  PID:4772
- C:\Windows\System\sPNNhQe.exe
  C:\Windows\System\sPNNhQe.exe
  2⤵
  PID:4956
- C:\Windows\System\uixXEyI.exe
  C:\Windows\System\uixXEyI.exe
  2⤵
  PID:4512
- C:\Windows\System\ihZIBST.exe
  C:\Windows\System\ihZIBST.exe
  2⤵
  PID:4732
- C:\Windows\System\eDlrQGa.exe
  C:\Windows\System\eDlrQGa.exe
  2⤵
  PID:5072
- C:\Windows\System\MwBghxm.exe
  C:\Windows\System\MwBghxm.exe
  2⤵
  PID:4652
- C:\Windows\System\PDLMENI.exe
  C:\Windows\System\PDLMENI.exe
  2⤵
  PID:5104
- C:\Windows\System\WTVlcdo.exe
  C:\Windows\System\WTVlcdo.exe
  2⤵
  PID:4784
- C:\Windows\System\LagIuTr.exe
  C:\Windows\System\LagIuTr.exe
  2⤵
  PID:4288
- C:\Windows\System\GINgwha.exe
  C:\Windows\System\GINgwha.exe
  2⤵
  PID:4860
- C:\Windows\System\MESaJQS.exe
  C:\Windows\System\MESaJQS.exe
  2⤵
  PID:4688
- C:\Windows\System\PNedOcK.exe
  C:\Windows\System\PNedOcK.exe
  2⤵
  PID:4876
- C:\Windows\System\STxhCGg.exe
  C:\Windows\System\STxhCGg.exe
  2⤵
  PID:4432
- C:\Windows\System\ssPBPpc.exe
  C:\Windows\System\ssPBPpc.exe
  2⤵
  PID:5136
- C:\Windows\System\bNkqqgR.exe
  C:\Windows\System\bNkqqgR.exe
  2⤵
  PID:5168
- C:\Windows\System\mUhOXjN.exe
  C:\Windows\System\mUhOXjN.exe
  2⤵
  PID:5184
- C:\Windows\System\mdcxNGW.exe
  C:\Windows\System\mdcxNGW.exe
  2⤵
  PID:5204
- C:\Windows\System\qIvLHms.exe
  C:\Windows\System\qIvLHms.exe
  2⤵
  PID:5220
- C:\Windows\System\QZExTTV.exe
  C:\Windows\System\QZExTTV.exe
  2⤵
  PID:5240
- C:\Windows\System\yurAwBq.exe
  C:\Windows\System\yurAwBq.exe
  2⤵
  PID:5260
- C:\Windows\System\AOZqrii.exe
  C:\Windows\System\AOZqrii.exe
  2⤵
  PID:5276
- C:\Windows\System\CqHOWUO.exe
  C:\Windows\System\CqHOWUO.exe
  2⤵
  PID:5292
- C:\Windows\System\RIAHsAX.exe
  C:\Windows\System\RIAHsAX.exe
  2⤵
  PID:5308
- C:\Windows\System\egqiZQH.exe
  C:\Windows\System\egqiZQH.exe
  2⤵
  PID:5332
- C:\Windows\System\ypjymJT.exe
  C:\Windows\System\ypjymJT.exe
  2⤵
  PID:5348
- C:\Windows\System\YNHiGDP.exe
  C:\Windows\System\YNHiGDP.exe
  2⤵
  PID:5364
- C:\Windows\System\JhJikEg.exe
  C:\Windows\System\JhJikEg.exe
  2⤵
  PID:5380
- C:\Windows\System\YslQrSY.exe
  C:\Windows\System\YslQrSY.exe
  2⤵
  PID:5396
- C:\Windows\System\vyDYqkz.exe
  C:\Windows\System\vyDYqkz.exe
  2⤵
  PID:5412
- C:\Windows\System\fXkvwEV.exe
  C:\Windows\System\fXkvwEV.exe
  2⤵
  PID:5428
- C:\Windows\System\nfDkefq.exe
  C:\Windows\System\nfDkefq.exe
  2⤵
  PID:5444
- C:\Windows\System\rRnsruE.exe
  C:\Windows\System\rRnsruE.exe
  2⤵
  PID:5460
- C:\Windows\System\OAzIMth.exe
  C:\Windows\System\OAzIMth.exe
  2⤵
  PID:5476
- C:\Windows\System\IEJLMtv.exe
  C:\Windows\System\IEJLMtv.exe
  2⤵
  PID:5492
- C:\Windows\System\QTZeQGD.exe
  C:\Windows\System\QTZeQGD.exe
  2⤵
  PID:5508
- C:\Windows\System\xByWYDt.exe
  C:\Windows\System\xByWYDt.exe
  2⤵
  PID:5524
- C:\Windows\System\hLclmGi.exe
  C:\Windows\System\hLclmGi.exe
  2⤵
  PID:5540
- C:\Windows\System\COoyJLY.exe
  C:\Windows\System\COoyJLY.exe
  2⤵
  PID:5556
- C:\Windows\System\fIMziun.exe
  C:\Windows\System\fIMziun.exe
  2⤵
  PID:5572
- C:\Windows\System\ZMBLSzx.exe
  C:\Windows\System\ZMBLSzx.exe
  2⤵
  PID:5620
- C:\Windows\System\BevgYGU.exe
  C:\Windows\System\BevgYGU.exe
  2⤵
  PID:5636
- C:\Windows\System\EvdKYxa.exe
  C:\Windows\System\EvdKYxa.exe
  2⤵
  PID:5652
- C:\Windows\System\eXFXWCZ.exe
  C:\Windows\System\eXFXWCZ.exe
  2⤵
  PID:5668
- C:\Windows\System\YBhkKMc.exe
  C:\Windows\System\YBhkKMc.exe
  2⤵
  PID:5688
- C:\Windows\System\kFYtttO.exe
  C:\Windows\System\kFYtttO.exe
  2⤵
  PID:5704
- C:\Windows\System\oyhAyLS.exe
  C:\Windows\System\oyhAyLS.exe
  2⤵
  PID:5724
- C:\Windows\System\AwPNIkW.exe
  C:\Windows\System\AwPNIkW.exe
  2⤵
  PID:5740
- C:\Windows\System\UFKmRPm.exe
  C:\Windows\System\UFKmRPm.exe
  2⤵
  PID:5760
- C:\Windows\System\zqbknhJ.exe
  C:\Windows\System\zqbknhJ.exe
  2⤵
  PID:5776
- C:\Windows\System\WysdPHh.exe
  C:\Windows\System\WysdPHh.exe
  2⤵
  PID:5792
- C:\Windows\System\NWwVEqr.exe
  C:\Windows\System\NWwVEqr.exe
  2⤵
  PID:5808
- C:\Windows\System\tbHgHtG.exe
  C:\Windows\System\tbHgHtG.exe
  2⤵
  PID:5836
- C:\Windows\System\uzGcMnl.exe
  C:\Windows\System\uzGcMnl.exe
  2⤵
  PID:5852
- C:\Windows\System\TzdOygW.exe
  C:\Windows\System\TzdOygW.exe
  2⤵
  PID:5868
- C:\Windows\System\TDPENbc.exe
  C:\Windows\System\TDPENbc.exe
  2⤵
  PID:5884
- C:\Windows\System\ITLhSwT.exe
  C:\Windows\System\ITLhSwT.exe
  2⤵
  PID:5900
- C:\Windows\System\YheMBPj.exe
  C:\Windows\System\YheMBPj.exe
  2⤵
  PID:5916
- C:\Windows\System\jbdfqZT.exe
  C:\Windows\System\jbdfqZT.exe
  2⤵
  PID:5932
- C:\Windows\System\PzgbyQG.exe
  C:\Windows\System\PzgbyQG.exe
  2⤵
  PID:5948
- C:\Windows\System\tNnToLz.exe
  C:\Windows\System\tNnToLz.exe
  2⤵
  PID:5964
- C:\Windows\System\FCDBkVJ.exe
  C:\Windows\System\FCDBkVJ.exe
  2⤵
  PID:5980
- C:\Windows\System\kvPJdbX.exe
  C:\Windows\System\kvPJdbX.exe
  2⤵
  PID:5996
- C:\Windows\System\khPfIew.exe
  C:\Windows\System\khPfIew.exe
  2⤵
  PID:6012
- C:\Windows\System\lseNrHW.exe
  C:\Windows\System\lseNrHW.exe
  2⤵
  PID:6028
- C:\Windows\System\KldNcUs.exe
  C:\Windows\System\KldNcUs.exe
  2⤵
  PID:6044
- C:\Windows\System\AYRZFzo.exe
  C:\Windows\System\AYRZFzo.exe
  2⤵
  PID:6060
- C:\Windows\System\rhJESpH.exe
  C:\Windows\System\rhJESpH.exe
  2⤵
  PID:6076
- C:\Windows\System\ctRbCWu.exe
  C:\Windows\System\ctRbCWu.exe
  2⤵
  PID:6092
- C:\Windows\System\eBOyaVN.exe
  C:\Windows\System\eBOyaVN.exe
  2⤵
  PID:6108
- C:\Windows\System\kiaOSZH.exe
  C:\Windows\System\kiaOSZH.exe
  2⤵
  PID:6124
- C:\Windows\System\ownAqhC.exe
  C:\Windows\System\ownAqhC.exe
  2⤵
  PID:6140
- C:\Windows\System\OCzrpsY.exe
  C:\Windows\System\OCzrpsY.exe
  2⤵
  PID:5092
- C:\Windows\System\nmPQXgG.exe
  C:\Windows\System\nmPQXgG.exe
  2⤵
  PID:5108
- C:\Windows\System\bVStWDP.exe
  C:\Windows\System\bVStWDP.exe
  2⤵
  PID:3860
- C:\Windows\System\OVCFFJj.exe
  C:\Windows\System\OVCFFJj.exe
  2⤵
  PID:4708
- C:\Windows\System\fShgOdH.exe
  C:\Windows\System\fShgOdH.exe
  2⤵
  PID:4936
- C:\Windows\System\XagHijm.exe
  C:\Windows\System\XagHijm.exe
  2⤵
  PID:4844
- C:\Windows\System\UdaixJR.exe
  C:\Windows\System\UdaixJR.exe
  2⤵
  PID:4336
- C:\Windows\System\TeqrYLE.exe
  C:\Windows\System\TeqrYLE.exe
  2⤵
  PID:5124
- C:\Windows\System\StzYIwr.exe
  C:\Windows\System\StzYIwr.exe
  2⤵
  PID:4276
- C:\Windows\System\EuShRvP.exe
  C:\Windows\System\EuShRvP.exe
  2⤵
  PID:4668
- C:\Windows\System\swgqqTv.exe
  C:\Windows\System\swgqqTv.exe
  2⤵
  PID:4576
- C:\Windows\System\KeSPVLn.exe
  C:\Windows\System\KeSPVLn.exe
  2⤵
  PID:4728
- C:\Windows\System\uUUkcNq.exe
  C:\Windows\System\uUUkcNq.exe
  2⤵
  PID:3288
- C:\Windows\System\BLjPHBN.exe
  C:\Windows\System\BLjPHBN.exe
  2⤵
  PID:5252
- C:\Windows\System\eZgrJdg.exe
  C:\Windows\System\eZgrJdg.exe
  2⤵
  PID:5164
- C:\Windows\System\gIoYoaP.exe
  C:\Windows\System\gIoYoaP.exe
  2⤵
  PID:5316
- C:\Windows\System\hZvJCNn.exe
  C:\Windows\System\hZvJCNn.exe
  2⤵
  PID:5356
- C:\Windows\System\dRQYzUN.exe
  C:\Windows\System\dRQYzUN.exe
  2⤵
  PID:4444
- C:\Windows\System\gKCHzIr.exe
  C:\Windows\System\gKCHzIr.exe
  2⤵
  PID:5156
- C:\Windows\System\VmvGozj.exe
  C:\Windows\System\VmvGozj.exe
  2⤵
  PID:5200
- C:\Windows\System\lSQkhqC.exe
  C:\Windows\System\lSQkhqC.exe
  2⤵
  PID:5160
- C:\Windows\System\loWfnXh.exe
  C:\Windows\System\loWfnXh.exe
  2⤵
  PID:5392
- C:\Windows\System\kDIAYDs.exe
  C:\Windows\System\kDIAYDs.exe
  2⤵
  PID:5456
- C:\Windows\System\VJvdqyg.exe
  C:\Windows\System\VJvdqyg.exe
  2⤵
  PID:5520
- C:\Windows\System\uILCsEO.exe
  C:\Windows\System\uILCsEO.exe
  2⤵
  PID:5020
- C:\Windows\System\fofarUR.exe
  C:\Windows\System\fofarUR.exe
  2⤵
  PID:3512
- C:\Windows\System\AbgFjGl.exe
  C:\Windows\System\AbgFjGl.exe
  2⤵
  PID:5340
- C:\Windows\System\yZSWWBs.exe
  C:\Windows\System\yZSWWBs.exe
  2⤵
  PID:5588
- C:\Windows\System\lgtAknp.exe
  C:\Windows\System\lgtAknp.exe
  2⤵
  PID:5604
- C:\Windows\System\ZSJGxIp.exe
  C:\Windows\System\ZSJGxIp.exe
  2⤵
  PID:5584
- C:\Windows\System\GxHdPxR.exe
  C:\Windows\System\GxHdPxR.exe
  2⤵
  PID:5680
- C:\Windows\System\tCTBPMe.exe
  C:\Windows\System\tCTBPMe.exe
  2⤵
  PID:5720
- C:\Windows\System\DfVZmzs.exe
  C:\Windows\System\DfVZmzs.exe
  2⤵
  PID:5784
- C:\Windows\System\OIKzkuk.exe
  C:\Windows\System\OIKzkuk.exe
  2⤵
  PID:5828
- C:\Windows\System\kjjbODZ.exe
  C:\Windows\System\kjjbODZ.exe
  2⤵
  PID:5820
- C:\Windows\System\kCUnrhS.exe
  C:\Windows\System\kCUnrhS.exe
  2⤵
  PID:5696
- C:\Windows\System\AuPZDio.exe
  C:\Windows\System\AuPZDio.exe
  2⤵
  PID:5768
- C:\Windows\System\AQcPELi.exe
  C:\Windows\System\AQcPELi.exe
  2⤵
  PID:5844
- C:\Windows\System\ViYzeal.exe
  C:\Windows\System\ViYzeal.exe
  2⤵
  PID:5628
- C:\Windows\System\ShyfhYb.exe
  C:\Windows\System\ShyfhYb.exe
  2⤵
  PID:5504
- C:\Windows\System\AgsOcLl.exe
  C:\Windows\System\AgsOcLl.exe
  2⤵
  PID:5440
- C:\Windows\System\NHkSLkB.exe
  C:\Windows\System\NHkSLkB.exe
  2⤵
  PID:5864
- C:\Windows\System\AQIprzc.exe
  C:\Windows\System\AQIprzc.exe
  2⤵
  PID:5896
- C:\Windows\System\dFXaUiN.exe
  C:\Windows\System\dFXaUiN.exe
  2⤵
  PID:5960
- C:\Windows\System\zfozutv.exe
  C:\Windows\System\zfozutv.exe
  2⤵
  PID:5944
- C:\Windows\System\ASTXZkF.exe
  C:\Windows\System\ASTXZkF.exe
  2⤵
  PID:5992
- C:\Windows\System\DqIFCGX.exe
  C:\Windows\System\DqIFCGX.exe
  2⤵
  PID:6024
- C:\Windows\System\bhnobMg.exe
  C:\Windows\System\bhnobMg.exe
  2⤵
  PID:6056
- C:\Windows\System\SFGdjiy.exe
  C:\Windows\System\SFGdjiy.exe
  2⤵
  PID:6068
- C:\Windows\System\OsMednL.exe
  C:\Windows\System\OsMednL.exe
  2⤵
  PID:6104
- C:\Windows\System\ZrtTvLF.exe
  C:\Windows\System\ZrtTvLF.exe
  2⤵
  PID:3836
- C:\Windows\System\wNxMitV.exe
  C:\Windows\System\wNxMitV.exe
  2⤵
  PID:3856
- C:\Windows\System\dIAbuJs.exe
  C:\Windows\System\dIAbuJs.exe
  2⤵
  PID:4136
- C:\Windows\System\NEYkZkR.exe
  C:\Windows\System\NEYkZkR.exe
  2⤵
  PID:5096
- C:\Windows\System\ABPhwiX.exe
  C:\Windows\System\ABPhwiX.exe
  2⤵
  PID:4240
- C:\Windows\System\BbhfMtf.exe
  C:\Windows\System\BbhfMtf.exe
  2⤵
  PID:5832
- C:\Windows\System\Jxytxbs.exe
  C:\Windows\System\Jxytxbs.exe
  2⤵
  PID:4752
- C:\Windows\System\CeHMwZj.exe
  C:\Windows\System\CeHMwZj.exe
  2⤵
  PID:5216
- C:\Windows\System\xcfedLX.exe
  C:\Windows\System\xcfedLX.exe
  2⤵
  PID:4376
- C:\Windows\System\aJrLLIl.exe
  C:\Windows\System\aJrLLIl.exe
  2⤵
  PID:4372
- C:\Windows\System\hegIGhv.exe
  C:\Windows\System\hegIGhv.exe
  2⤵
  PID:5192
- C:\Windows\System\fhSNiur.exe
  C:\Windows\System\fhSNiur.exe
  2⤵
  PID:5196
- C:\Windows\System\jxnKtBe.exe
  C:\Windows\System\jxnKtBe.exe
  2⤵
  PID:5488
- C:\Windows\System\ywyXxJi.exe
  C:\Windows\System\ywyXxJi.exe
  2⤵
  PID:3768
- C:\Windows\System\GUARdlp.exe
  C:\Windows\System\GUARdlp.exe
  2⤵
  PID:5596
- C:\Windows\System\vfCqSMA.exe
  C:\Windows\System\vfCqSMA.exe
  2⤵
  PID:5580
- C:\Windows\System\KEBvgSx.exe
  C:\Windows\System\KEBvgSx.exe
  2⤵
  PID:5752
- C:\Windows\System\fgnyQWb.exe
  C:\Windows\System\fgnyQWb.exe
  2⤵
  PID:5372
- C:\Windows\System\CddqPED.exe
  C:\Windows\System\CddqPED.exe
  2⤵
  PID:5732
- C:\Windows\System\CRGVRlg.exe
  C:\Windows\System\CRGVRlg.exe
  2⤵
  PID:5800
- C:\Windows\System\LcOQJTd.exe
  C:\Windows\System\LcOQJTd.exe
  2⤵
  PID:5472
- C:\Windows\System\gDvINEo.exe
  C:\Windows\System\gDvINEo.exe
  2⤵
  PID:5848
- C:\Windows\System\XisdRXi.exe
  C:\Windows\System\XisdRXi.exe
  2⤵
  PID:5912
- C:\Windows\System\mtRQOkP.exe
  C:\Windows\System\mtRQOkP.exe
  2⤵
  PID:5976
- C:\Windows\System\nwbkoCb.exe
  C:\Windows\System\nwbkoCb.exe
  2⤵
  PID:6088
- C:\Windows\System\IUpmHyL.exe
  C:\Windows\System\IUpmHyL.exe
  2⤵
  PID:6136
- C:\Windows\System\NHIyptd.exe
  C:\Windows\System\NHIyptd.exe
  2⤵
  PID:4532
- C:\Windows\System\DHEQlwB.exe
  C:\Windows\System\DHEQlwB.exe
  2⤵
  PID:4428
- C:\Windows\System\CimDNgQ.exe
  C:\Windows\System\CimDNgQ.exe
  2⤵
  PID:5132
- C:\Windows\System\AzcaopL.exe
  C:\Windows\System\AzcaopL.exe
  2⤵
  PID:5248
- C:\Windows\System\feAMXfU.exe
  C:\Windows\System\feAMXfU.exe
  2⤵
  PID:5148
- C:\Windows\System\JWeVOXb.exe
  C:\Windows\System\JWeVOXb.exe
  2⤵
  PID:5424
- C:\Windows\System\iGfzUan.exe
  C:\Windows\System\iGfzUan.exe
  2⤵
  PID:5304
- C:\Windows\System\mwSBCVu.exe
  C:\Windows\System\mwSBCVu.exe
  2⤵
  PID:5552
- C:\Windows\System\xCjdEWK.exe
  C:\Windows\System\xCjdEWK.exe
  2⤵
  PID:6152
- C:\Windows\System\JWQeyWA.exe
  C:\Windows\System\JWQeyWA.exe
  2⤵
  PID:6168
- C:\Windows\System\qnIzqOp.exe
  C:\Windows\System\qnIzqOp.exe
  2⤵
  PID:6184
- C:\Windows\System\oylxeCu.exe
  C:\Windows\System\oylxeCu.exe
  2⤵
  PID:6200
- C:\Windows\System\bjjoVKw.exe
  C:\Windows\System\bjjoVKw.exe
  2⤵
  PID:6216
- C:\Windows\System\MagjzeT.exe
  C:\Windows\System\MagjzeT.exe
  2⤵
  PID:6232
- C:\Windows\System\DoqoBpA.exe
  C:\Windows\System\DoqoBpA.exe
  2⤵
  PID:6248
- C:\Windows\System\YjIEtrD.exe
  C:\Windows\System\YjIEtrD.exe
  2⤵
  PID:6264
- C:\Windows\System\knmZuhc.exe
  C:\Windows\System\knmZuhc.exe
  2⤵
  PID:6280
- C:\Windows\System\rQhHrMA.exe
  C:\Windows\System\rQhHrMA.exe
  2⤵
  PID:6296
- C:\Windows\System\REHKznE.exe
  C:\Windows\System\REHKznE.exe
  2⤵
  PID:6312
- C:\Windows\System\okVHvMK.exe
  C:\Windows\System\okVHvMK.exe
  2⤵
  PID:6328
- C:\Windows\System\bwbPplb.exe
  C:\Windows\System\bwbPplb.exe
  2⤵
  PID:6344
- C:\Windows\System\cLyZhVD.exe
  C:\Windows\System\cLyZhVD.exe
  2⤵
  PID:6360
- C:\Windows\System\uGYpETZ.exe
  C:\Windows\System\uGYpETZ.exe
  2⤵
  PID:6376
- C:\Windows\System\tNDVKPV.exe
  C:\Windows\System\tNDVKPV.exe
  2⤵
  PID:6392
- C:\Windows\System\jFdzyrT.exe
  C:\Windows\System\jFdzyrT.exe
  2⤵
  PID:6408
- C:\Windows\System\OuHqDub.exe
  C:\Windows\System\OuHqDub.exe
  2⤵
  PID:6428
- C:\Windows\System\fbQVwEi.exe
  C:\Windows\System\fbQVwEi.exe
  2⤵
  PID:6444
- C:\Windows\System\ywEwOdN.exe
  C:\Windows\System\ywEwOdN.exe
  2⤵
  PID:6460
- C:\Windows\System\jaYGaMo.exe
  C:\Windows\System\jaYGaMo.exe
  2⤵
  PID:6476
- C:\Windows\System\PmxdNOA.exe
  C:\Windows\System\PmxdNOA.exe
  2⤵
  PID:6492
- C:\Windows\System\IBvmDEE.exe
  C:\Windows\System\IBvmDEE.exe
  2⤵
  PID:6508
- C:\Windows\System\haSUGhi.exe
  C:\Windows\System\haSUGhi.exe
  2⤵
  PID:6524
- C:\Windows\System\IBJkGtw.exe
  C:\Windows\System\IBJkGtw.exe
  2⤵
  PID:6540
- C:\Windows\System\nYAyudd.exe
  C:\Windows\System\nYAyudd.exe
  2⤵
  PID:6556
- C:\Windows\System\rTMNPbK.exe
  C:\Windows\System\rTMNPbK.exe
  2⤵
  PID:6572
- C:\Windows\System\QSKUBlN.exe
  C:\Windows\System\QSKUBlN.exe
  2⤵
  PID:6588
- C:\Windows\System\PpgETUZ.exe
  C:\Windows\System\PpgETUZ.exe
  2⤵
  PID:6604
- C:\Windows\System\jcLOXtV.exe
  C:\Windows\System\jcLOXtV.exe
  2⤵
  PID:6620
- C:\Windows\System\Fngwkpf.exe
  C:\Windows\System\Fngwkpf.exe
  2⤵
  PID:6636
- C:\Windows\System\QgKMFBi.exe
  C:\Windows\System\QgKMFBi.exe
  2⤵
  PID:6652
- C:\Windows\System\VcCxuxs.exe
  C:\Windows\System\VcCxuxs.exe
  2⤵
  PID:6668
- C:\Windows\System\zpuUccW.exe
  C:\Windows\System\zpuUccW.exe
  2⤵
  PID:6684
- C:\Windows\System\fFkDABa.exe
  C:\Windows\System\fFkDABa.exe
  2⤵
  PID:6700
- C:\Windows\System\bzIUkuz.exe
  C:\Windows\System\bzIUkuz.exe
  2⤵
  PID:6716
- C:\Windows\System\vBxNAhC.exe
  C:\Windows\System\vBxNAhC.exe
  2⤵
  PID:6732
- C:\Windows\System\bwDuNZl.exe
  C:\Windows\System\bwDuNZl.exe
  2⤵
  PID:6748
- C:\Windows\System\gnUrBYe.exe
  C:\Windows\System\gnUrBYe.exe
  2⤵
  PID:6764
- C:\Windows\System\qWZkxpC.exe
  C:\Windows\System\qWZkxpC.exe
  2⤵
  PID:6780
- C:\Windows\System\mgZDCLL.exe
  C:\Windows\System\mgZDCLL.exe
  2⤵
  PID:6796
- C:\Windows\System\ZNdQHwP.exe
  C:\Windows\System\ZNdQHwP.exe
  2⤵
  PID:6812
- C:\Windows\System\eReQynx.exe
  C:\Windows\System\eReQynx.exe
  2⤵
  PID:6828
- C:\Windows\System\eWzHSTS.exe
  C:\Windows\System\eWzHSTS.exe
  2⤵
  PID:6844
- C:\Windows\System\tZTDYvm.exe
  C:\Windows\System\tZTDYvm.exe
  2⤵
  PID:6860
- C:\Windows\System\atNHWvU.exe
  C:\Windows\System\atNHWvU.exe
  2⤵
  PID:6876
- C:\Windows\System\DHwZKGf.exe
  C:\Windows\System\DHwZKGf.exe
  2⤵
  PID:6892
- C:\Windows\System\xAMNsSp.exe
  C:\Windows\System\xAMNsSp.exe
  2⤵
  PID:6908
- C:\Windows\System\hkttDLd.exe
  C:\Windows\System\hkttDLd.exe
  2⤵
  PID:6924
- C:\Windows\System\nrGMjFT.exe
  C:\Windows\System\nrGMjFT.exe
  2⤵
  PID:6940
- C:\Windows\System\arytKgT.exe
  C:\Windows\System\arytKgT.exe
  2⤵
  PID:6956
- C:\Windows\System\OuCWtRY.exe
  C:\Windows\System\OuCWtRY.exe
  2⤵
  PID:6972
- C:\Windows\System\ytzQNGK.exe
  C:\Windows\System\ytzQNGK.exe
  2⤵
  PID:6988
- C:\Windows\System\DkEdQDl.exe
  C:\Windows\System\DkEdQDl.exe
  2⤵
  PID:7004
- C:\Windows\System\HPxTldb.exe
  C:\Windows\System\HPxTldb.exe
  2⤵
  PID:7020
- C:\Windows\System\ZYYIYZB.exe
  C:\Windows\System\ZYYIYZB.exe
  2⤵
  PID:7036
- C:\Windows\System\HMyVwsL.exe
  C:\Windows\System\HMyVwsL.exe
  2⤵
  PID:7052
- C:\Windows\System\zzvpYgG.exe
  C:\Windows\System\zzvpYgG.exe
  2⤵
  PID:7068
- C:\Windows\System\aTsgbfj.exe
  C:\Windows\System\aTsgbfj.exe
  2⤵
  PID:7084
- C:\Windows\System\SSuAYxJ.exe
  C:\Windows\System\SSuAYxJ.exe
  2⤵
  PID:7100
- C:\Windows\System\yWbYcap.exe
  C:\Windows\System\yWbYcap.exe
  2⤵
  PID:7116
- C:\Windows\System\QcFYTFr.exe
  C:\Windows\System\QcFYTFr.exe
  2⤵
  PID:7132
- C:\Windows\System\ByXUEFD.exe
  C:\Windows\System\ByXUEFD.exe
  2⤵
  PID:7148
- C:\Windows\System\eTuytTT.exe
  C:\Windows\System\eTuytTT.exe
  2⤵
  PID:7164
- C:\Windows\System\tiEMNch.exe
  C:\Windows\System\tiEMNch.exe
  2⤵
  PID:5816
- C:\Windows\System\KygxGjg.exe
  C:\Windows\System\KygxGjg.exe
  2⤵
  PID:5632
- C:\Windows\System\XVhYGNp.exe
  C:\Windows\System\XVhYGNp.exe
  2⤵
  PID:5880
- C:\Windows\System\hOSaiDA.exe
  C:\Windows\System\hOSaiDA.exe
  2⤵
  PID:6008
- C:\Windows\System\JUVClez.exe
  C:\Windows\System\JUVClez.exe
  2⤵
  PID:3784
- C:\Windows\System\Ismphod.exe
  C:\Windows\System\Ismphod.exe
  2⤵
  PID:4236
- C:\Windows\System\rVCfGEU.exe
  C:\Windows\System\rVCfGEU.exe
  2⤵
  PID:4744
- C:\Windows\System\BXmIGgW.exe
  C:\Windows\System\BXmIGgW.exe
  2⤵
  PID:5236
- C:\Windows\System\CkuDuHt.exe
  C:\Windows\System\CkuDuHt.exe
  2⤵
  PID:5676
- C:\Windows\System\ydToWgc.exe
  C:\Windows\System\ydToWgc.exe
  2⤵
  PID:6164
- C:\Windows\System\LhblMPR.exe
  C:\Windows\System\LhblMPR.exe
  2⤵
  PID:6208
- C:\Windows\System\dgldbAW.exe
  C:\Windows\System\dgldbAW.exe
  2⤵
  PID:6240
- C:\Windows\System\IdoWJTC.exe
  C:\Windows\System\IdoWJTC.exe
  2⤵
  PID:6260
- C:\Windows\System\NASMAwd.exe
  C:\Windows\System\NASMAwd.exe
  2⤵
  PID:6292
- C:\Windows\System\lUYLtXq.exe
  C:\Windows\System\lUYLtXq.exe
  2⤵
  PID:6320
- C:\Windows\System\WmemHBL.exe
  C:\Windows\System\WmemHBL.exe
  2⤵
  PID:6340
- C:\Windows\System\qVzsGUt.exe
  C:\Windows\System\qVzsGUt.exe
  2⤵
  PID:6372
- C:\Windows\System\pDloKWx.exe
  C:\Windows\System\pDloKWx.exe
  2⤵
  PID:6404
- C:\Windows\System\rxIUkNt.exe
  C:\Windows\System\rxIUkNt.exe
  2⤵
  PID:6440
- C:\Windows\System\QrBamYM.exe
  C:\Windows\System\QrBamYM.exe
  2⤵
  PID:6472
- C:\Windows\System\yfCyoaU.exe
  C:\Windows\System\yfCyoaU.exe
  2⤵
  PID:6504
- C:\Windows\System\ESXXQPC.exe
  C:\Windows\System\ESXXQPC.exe
  2⤵
  PID:6536
- C:\Windows\System\FikDDSR.exe
  C:\Windows\System\FikDDSR.exe
  2⤵
  PID:6568
- C:\Windows\System\AAhBJvO.exe
  C:\Windows\System\AAhBJvO.exe
  2⤵
  PID:6628
- C:\Windows\System\AcDjAnP.exe
  C:\Windows\System\AcDjAnP.exe
  2⤵
  PID:6644
- C:\Windows\System\oUCVicK.exe
  C:\Windows\System\oUCVicK.exe
  2⤵
  PID:6676
- C:\Windows\System\nxlcaHh.exe
  C:\Windows\System\nxlcaHh.exe
  2⤵
  PID:6708
- C:\Windows\System\eSPAWQr.exe
  C:\Windows\System\eSPAWQr.exe
  2⤵
  PID:6740
- C:\Windows\System\cMonIgd.exe
  C:\Windows\System\cMonIgd.exe
  2⤵
  PID:6772
- C:\Windows\System\gEGsCar.exe
  C:\Windows\System\gEGsCar.exe
  2⤵
  PID:6804
- C:\Windows\System\LWJRcNm.exe
  C:\Windows\System\LWJRcNm.exe
  2⤵
  PID:6836
- C:\Windows\System\MzQWtQf.exe
  C:\Windows\System\MzQWtQf.exe
  2⤵
  PID:6868
- C:\Windows\System\lpNxwym.exe
  C:\Windows\System\lpNxwym.exe
  2⤵
  PID:6900
- C:\Windows\System\DJcTYOY.exe
  C:\Windows\System\DJcTYOY.exe
  2⤵
  PID:6932
- C:\Windows\System\VNJTWKb.exe
  C:\Windows\System\VNJTWKb.exe
  2⤵
  PID:6952
- C:\Windows\System\vXSsrjA.exe
  C:\Windows\System\vXSsrjA.exe
  2⤵
  PID:6424
- C:\Windows\System\KgLGyHl.exe
  C:\Windows\System\KgLGyHl.exe
  2⤵
  PID:7000
- C:\Windows\System\LbzNcAi.exe
  C:\Windows\System\LbzNcAi.exe
  2⤵
  PID:7048
- C:\Windows\System\RSIAtOS.exe
  C:\Windows\System\RSIAtOS.exe
  2⤵
  PID:7076
- C:\Windows\System\ZdwkEmO.exe
  C:\Windows\System\ZdwkEmO.exe
  2⤵
  PID:1824
- C:\Windows\System\aDCcJYe.exe
  C:\Windows\System\aDCcJYe.exe
  2⤵
  PID:7124
- C:\Windows\System\ZXbjXXL.exe
  C:\Windows\System\ZXbjXXL.exe
  2⤵
  PID:2656
- C:\Windows\System\UWMUItK.exe
  C:\Windows\System\UWMUItK.exe
  2⤵
  PID:7160
- C:\Windows\System\ssXPsuW.exe
  C:\Windows\System\ssXPsuW.exe
  2⤵
  PID:5660
- C:\Windows\System\tthOjZo.exe
  C:\Windows\System\tthOjZo.exe
  2⤵
  PID:2836
- C:\Windows\System\dUOxUxT.exe
  C:\Windows\System\dUOxUxT.exe
  2⤵
  PID:1860
- C:\Windows\System\VpxGLzm.exe
  C:\Windows\System\VpxGLzm.exe
  2⤵
  PID:5128
- C:\Windows\System\Jlqftgy.exe
  C:\Windows\System\Jlqftgy.exe
  2⤵
  PID:5152
- C:\Windows\System\QROLHdy.exe
  C:\Windows\System\QROLHdy.exe
  2⤵
  PID:6180
- C:\Windows\System\lzZmCJb.exe
  C:\Windows\System\lzZmCJb.exe
  2⤵
  PID:6244
- C:\Windows\System\tQKXYxQ.exe
  C:\Windows\System\tQKXYxQ.exe
  2⤵
  PID:6276
- C:\Windows\System\nIMoRoJ.exe
  C:\Windows\System\nIMoRoJ.exe
  2⤵
  PID:4016
- C:\Windows\System\bUpKNrq.exe
  C:\Windows\System\bUpKNrq.exe
  2⤵
  PID:6400
- C:\Windows\System\EEhUkOO.exe
  C:\Windows\System\EEhUkOO.exe
  2⤵
  PID:6468
- C:\Windows\System\JdNezyE.exe
  C:\Windows\System\JdNezyE.exe
  2⤵
  PID:6488
- C:\Windows\System\yIskeKu.exe
  C:\Windows\System\yIskeKu.exe
  2⤵
  PID:3080
- C:\Windows\System\WxwTNOo.exe
  C:\Windows\System\WxwTNOo.exe
  2⤵
  PID:6596
- C:\Windows\System\lZVOyKH.exe
  C:\Windows\System\lZVOyKH.exe
  2⤵
  PID:6664
- C:\Windows\System\ZSfcfco.exe
  C:\Windows\System\ZSfcfco.exe
  2⤵
  PID:6728
- C:\Windows\System\hseWwCG.exe
  C:\Windows\System\hseWwCG.exe
  2⤵
  PID:6792
- C:\Windows\System\yNtzQCr.exe
  C:\Windows\System\yNtzQCr.exe
  2⤵
  PID:6852
- C:\Windows\System\XMxJFSN.exe
  C:\Windows\System\XMxJFSN.exe
  2⤵
  PID:3388
- C:\Windows\System\FpZtwyZ.exe
  C:\Windows\System\FpZtwyZ.exe
  2⤵
  PID:1928
- C:\Windows\System\SwGZmvC.exe
  C:\Windows\System\SwGZmvC.exe
  2⤵
  PID:7012
- C:\Windows\System\xcVZrGf.exe
  C:\Windows\System\xcVZrGf.exe
  2⤵
  PID:7032
- C:\Windows\System\ESWRJBo.exe
  C:\Windows\System\ESWRJBo.exe
  2⤵
  PID:7092
- C:\Windows\System\PYLvzGE.exe
  C:\Windows\System\PYLvzGE.exe
  2⤵
  PID:7128
- C:\Windows\System\QWevtxz.exe
  C:\Windows\System\QWevtxz.exe
  2⤵
  PID:5536
- C:\Windows\System\ttucdre.exe
  C:\Windows\System\ttucdre.exe
  2⤵
  PID:4356
- C:\Windows\System\AsIKhAo.exe
  C:\Windows\System\AsIKhAo.exe
  2⤵
  PID:5300
- C:\Windows\System\EZymEhU.exe
  C:\Windows\System\EZymEhU.exe
  2⤵
  PID:6212
- C:\Windows\System\qsZbIQC.exe
  C:\Windows\System\qsZbIQC.exe
  2⤵
  PID:6308
- C:\Windows\System\BiofvoW.exe
  C:\Windows\System\BiofvoW.exe
  2⤵
  PID:6388
- C:\Windows\System\negFwSM.exe
  C:\Windows\System\negFwSM.exe
  2⤵
  PID:6616
- C:\Windows\System\xvRyUCm.exe
  C:\Windows\System\xvRyUCm.exe
  2⤵
  PID:6712
- C:\Windows\System\wTgDyuv.exe
  C:\Windows\System\wTgDyuv.exe
  2⤵
  PID:6888
- C:\Windows\System\fFrkIKn.exe
  C:\Windows\System\fFrkIKn.exe
  2⤵
  PID:3140
- C:\Windows\System\xhWGpGh.exe
  C:\Windows\System\xhWGpGh.exe
  2⤵
  PID:6920
- C:\Windows\System\uaqwqpo.exe
  C:\Windows\System\uaqwqpo.exe
  2⤵
  PID:6996
- C:\Windows\System\XbXgKhX.exe
  C:\Windows\System\XbXgKhX.exe
  2⤵
  PID:7096
- C:\Windows\System\gqWnLfF.exe
  C:\Windows\System\gqWnLfF.exe
  2⤵
  PID:2080
- C:\Windows\System\GgpiMbf.exe
  C:\Windows\System\GgpiMbf.exe
  2⤵
  PID:2064
- C:\Windows\System\IMdqClw.exe
  C:\Windows\System\IMdqClw.exe
  2⤵
  PID:6288
- C:\Windows\System\zhUEuDr.exe
  C:\Windows\System\zhUEuDr.exe
  2⤵
  PID:3236
- C:\Windows\System\cUsmGpl.exe
  C:\Windows\System\cUsmGpl.exe
  2⤵
  PID:7180
- C:\Windows\System\pLJUtwm.exe
  C:\Windows\System\pLJUtwm.exe
  2⤵
  PID:7196
- C:\Windows\System\oJwEydq.exe
  C:\Windows\System\oJwEydq.exe
  2⤵
  PID:7212
- C:\Windows\System\PLVwiAR.exe
  C:\Windows\System\PLVwiAR.exe
  2⤵
  PID:7228
- C:\Windows\System\gQiEANJ.exe
  C:\Windows\System\gQiEANJ.exe
  2⤵
  PID:7244
- C:\Windows\System\mpMsuwA.exe
  C:\Windows\System\mpMsuwA.exe
  2⤵
  PID:7260
- C:\Windows\System\SoCsiSe.exe
  C:\Windows\System\SoCsiSe.exe
  2⤵
  PID:7276
- C:\Windows\System\Kyjgwgp.exe
  C:\Windows\System\Kyjgwgp.exe
  2⤵
  PID:7292
- C:\Windows\System\YvHLsUN.exe
  C:\Windows\System\YvHLsUN.exe
  2⤵
  PID:7312
- C:\Windows\System\QSWsvvC.exe
  C:\Windows\System\QSWsvvC.exe
  2⤵
  PID:7328
- C:\Windows\System\TtlNEOq.exe
  C:\Windows\System\TtlNEOq.exe
  2⤵
  PID:7344
- C:\Windows\System\jkLSjiO.exe
  C:\Windows\System\jkLSjiO.exe
  2⤵
  PID:7360
- C:\Windows\System\MzcgLZj.exe
  C:\Windows\System\MzcgLZj.exe
  2⤵
  PID:7376
- C:\Windows\System\ZMcfrce.exe
  C:\Windows\System\ZMcfrce.exe
  2⤵
  PID:7392
- C:\Windows\System\MOztqLf.exe
  C:\Windows\System\MOztqLf.exe
  2⤵
  PID:7408
- C:\Windows\System\kOHxyqC.exe
  C:\Windows\System\kOHxyqC.exe
  2⤵
  PID:7424
- C:\Windows\System\DWfqrnR.exe
  C:\Windows\System\DWfqrnR.exe
  2⤵
  PID:7440
- C:\Windows\System\nDbnkWt.exe
  C:\Windows\System\nDbnkWt.exe
  2⤵
  PID:7456
- C:\Windows\System\fTLpkZS.exe
  C:\Windows\System\fTLpkZS.exe
  2⤵
  PID:7472
- C:\Windows\System\MYfxZaw.exe
  C:\Windows\System\MYfxZaw.exe
  2⤵
  PID:7488
- C:\Windows\System\ObokBNQ.exe
  C:\Windows\System\ObokBNQ.exe
  2⤵
  PID:7504
- C:\Windows\System\LVfajkT.exe
  C:\Windows\System\LVfajkT.exe
  2⤵
  PID:7520
- C:\Windows\System\ygoSsWx.exe
  C:\Windows\System\ygoSsWx.exe
  2⤵
  PID:7536
- C:\Windows\System\QZavZGA.exe
  C:\Windows\System\QZavZGA.exe
  2⤵
  PID:7552
- C:\Windows\System\bUGcaJX.exe
  C:\Windows\System\bUGcaJX.exe
  2⤵
  PID:7568
- C:\Windows\System\bwbWbmg.exe
  C:\Windows\System\bwbWbmg.exe
  2⤵
  PID:7584
- C:\Windows\System\FysQIFy.exe
  C:\Windows\System\FysQIFy.exe
  2⤵
  PID:7600
- C:\Windows\System\mkpCIqS.exe
  C:\Windows\System\mkpCIqS.exe
  2⤵
  PID:7616
- C:\Windows\System\mSQLqqu.exe
  C:\Windows\System\mSQLqqu.exe
  2⤵
  PID:7632
- C:\Windows\System\BrjloTw.exe
  C:\Windows\System\BrjloTw.exe
  2⤵
  PID:7648
- C:\Windows\System\jWzotUQ.exe
  C:\Windows\System\jWzotUQ.exe
  2⤵
  PID:7664
- C:\Windows\System\dmMeJgr.exe
  C:\Windows\System\dmMeJgr.exe
  2⤵
  PID:7680
- C:\Windows\System\dimkIVj.exe
  C:\Windows\System\dimkIVj.exe
  2⤵
  PID:7696
- C:\Windows\System\VORqWgK.exe
  C:\Windows\System\VORqWgK.exe
  2⤵
  PID:7712
- C:\Windows\System\VOcasvG.exe
  C:\Windows\System\VOcasvG.exe
  2⤵
  PID:7728
- C:\Windows\System\fqFGRfC.exe
  C:\Windows\System\fqFGRfC.exe
  2⤵
  PID:7744
- C:\Windows\System\kYrvAvL.exe
  C:\Windows\System\kYrvAvL.exe
  2⤵
  PID:7768
- C:\Windows\System\sXWTrsA.exe
  C:\Windows\System\sXWTrsA.exe
  2⤵
  PID:7784
- C:\Windows\System\cJGawtl.exe
  C:\Windows\System\cJGawtl.exe
  2⤵
  PID:7800
- C:\Windows\System\uoFgvwB.exe
  C:\Windows\System\uoFgvwB.exe
  2⤵
  PID:7816
- C:\Windows\System\QLBDHzW.exe
  C:\Windows\System\QLBDHzW.exe
  2⤵
  PID:7832
- C:\Windows\System\BwJFtSG.exe
  C:\Windows\System\BwJFtSG.exe
  2⤵
  PID:7848
- C:\Windows\System\HazeYDW.exe
  C:\Windows\System\HazeYDW.exe
  2⤵
  PID:7864
- C:\Windows\System\ZhHycjF.exe
  C:\Windows\System\ZhHycjF.exe
  2⤵
  PID:7880
- C:\Windows\System\kbDlHPn.exe
  C:\Windows\System\kbDlHPn.exe
  2⤵
  PID:7896
- C:\Windows\System\khIccYo.exe
  C:\Windows\System\khIccYo.exe
  2⤵
  PID:7912
- C:\Windows\System\jQmhRGh.exe
  C:\Windows\System\jQmhRGh.exe
  2⤵
  PID:7928
- C:\Windows\System\UIosccD.exe
  C:\Windows\System\UIosccD.exe
  2⤵
  PID:7944
- C:\Windows\System\XVpTQBi.exe
  C:\Windows\System\XVpTQBi.exe
  2⤵
  PID:7960
- C:\Windows\System\jlrdigv.exe
  C:\Windows\System\jlrdigv.exe
  2⤵
  PID:7976
- C:\Windows\System\XwXdJTk.exe
  C:\Windows\System\XwXdJTk.exe
  2⤵
  PID:7992
- C:\Windows\System\CGpbgva.exe
  C:\Windows\System\CGpbgva.exe
  2⤵
  PID:8008
- C:\Windows\System\Pgmyaso.exe
  C:\Windows\System\Pgmyaso.exe
  2⤵
  PID:8024
- C:\Windows\System\mRfiFVx.exe
  C:\Windows\System\mRfiFVx.exe
  2⤵
  PID:8040
- C:\Windows\System\zSChYdo.exe
  C:\Windows\System\zSChYdo.exe
  2⤵
  PID:8056
- C:\Windows\System\weqhxgJ.exe
  C:\Windows\System\weqhxgJ.exe
  2⤵
  PID:8072
- C:\Windows\System\AXpTXvM.exe
  C:\Windows\System\AXpTXvM.exe
  2⤵
  PID:8088
- C:\Windows\System\ScHyXns.exe
  C:\Windows\System\ScHyXns.exe
  2⤵
  PID:8104
- C:\Windows\System\xGjuHkW.exe
  C:\Windows\System\xGjuHkW.exe
  2⤵
  PID:8120
- C:\Windows\System\vKwJihS.exe
  C:\Windows\System\vKwJihS.exe
  2⤵
  PID:8136
- C:\Windows\System\WJGELCA.exe
  C:\Windows\System\WJGELCA.exe
  2⤵
  PID:8152
- C:\Windows\System\ZXotiNZ.exe
  C:\Windows\System\ZXotiNZ.exe
  2⤵
  PID:8168
- C:\Windows\System\kQySdwV.exe
  C:\Windows\System\kQySdwV.exe
  2⤵
  PID:8184
- C:\Windows\System\YfOyOgD.exe
  C:\Windows\System\YfOyOgD.exe
  2⤵
  PID:6632
- C:\Windows\System\rXknnSS.exe
  C:\Windows\System\rXknnSS.exe
  2⤵
  PID:3372
- C:\Windows\System\BpoyInh.exe
  C:\Windows\System\BpoyInh.exe
  2⤵
  PID:7028
- C:\Windows\System\ZkySphU.exe
  C:\Windows\System\ZkySphU.exe
  2⤵
  PID:5468
- C:\Windows\System\dgKFAsS.exe
  C:\Windows\System\dgKFAsS.exe
  2⤵
  PID:5940
- C:\Windows\System\IBRvZtd.exe
  C:\Windows\System\IBRvZtd.exe
  2⤵
  PID:6148
- C:\Windows\System\mkUHGNG.exe
  C:\Windows\System\mkUHGNG.exe
  2⤵
  PID:6456
- C:\Windows\System\gsEjYZl.exe
  C:\Windows\System\gsEjYZl.exe
  2⤵
  PID:7208
- C:\Windows\System\AMtYtUL.exe
  C:\Windows\System\AMtYtUL.exe
  2⤵
  PID:7240
- C:\Windows\System\hsRezqu.exe
  C:\Windows\System\hsRezqu.exe
  2⤵
  PID:7324
- C:\Windows\System\hxajCCN.exe
  C:\Windows\System\hxajCCN.exe
  2⤵
  PID:7356
- C:\Windows\System\QujSYAG.exe
  C:\Windows\System\QujSYAG.exe
  2⤵
  PID:7400
- C:\Windows\System\WnikWDT.exe
  C:\Windows\System\WnikWDT.exe
  2⤵
  PID:7420
- C:\Windows\System\HfsQnTz.exe
  C:\Windows\System\HfsQnTz.exe
  2⤵
  PID:7452
- C:\Windows\System\obiCpUN.exe
  C:\Windows\System\obiCpUN.exe
  2⤵
  PID:2776
- C:\Windows\System\WJmlMje.exe
  C:\Windows\System\WJmlMje.exe
  2⤵
  PID:7708
- C:\Windows\System\QgjSFGk.exe
  C:\Windows\System\QgjSFGk.exe
  2⤵
  PID:7792
- C:\Windows\System\JwZGxfF.exe
  C:\Windows\System\JwZGxfF.exe
  2⤵
  PID:7548
- C:\Windows\System\KBQzGby.exe
  C:\Windows\System\KBQzGby.exe
  2⤵
  PID:7580
- C:\Windows\System\jnErqGb.exe
  C:\Windows\System\jnErqGb.exe
  2⤵
  PID:2876
- C:\Windows\System\KwjNcds.exe
  C:\Windows\System\KwjNcds.exe
  2⤵
  PID:2968
- C:\Windows\System\eBGlvoA.exe
  C:\Windows\System\eBGlvoA.exe
  2⤵
  PID:7764
- C:\Windows\System\jWJJyVA.exe
  C:\Windows\System\jWJJyVA.exe
  2⤵
  PID:7828
- C:\Windows\System\MUwqRWj.exe
  C:\Windows\System\MUwqRWj.exe
  2⤵
  PID:3008
- C:\Windows\System\BhvIeLC.exe
  C:\Windows\System\BhvIeLC.exe
  2⤵
  PID:2856
- C:\Windows\System\CTJDpiK.exe
  C:\Windows\System\CTJDpiK.exe
  2⤵
  PID:2904
- C:\Windows\System\RtEVQXt.exe
  C:\Windows\System\RtEVQXt.exe
  2⤵
  PID:7844
- C:\Windows\System\uWieIFi.exe
  C:\Windows\System\uWieIFi.exe
  2⤵
  PID:7872
- C:\Windows\System\KjYAlLM.exe
  C:\Windows\System\KjYAlLM.exe
  2⤵
  PID:2604
- C:\Windows\System\UpStSSY.exe
  C:\Windows\System\UpStSSY.exe
  2⤵
  PID:7924
- C:\Windows\System\mDfjxud.exe
  C:\Windows\System\mDfjxud.exe
  2⤵
  PID:7936
- C:\Windows\System\RktzXzy.exe
  C:\Windows\System\RktzXzy.exe
  2⤵
  PID:7984
- C:\Windows\System\wfogFxx.exe
  C:\Windows\System\wfogFxx.exe
  2⤵
  PID:8000
- C:\Windows\System\VvRzrAB.exe
  C:\Windows\System\VvRzrAB.exe
  2⤵
  PID:8020
- C:\Windows\System\ZprhyZo.exe
  C:\Windows\System\ZprhyZo.exe
  2⤵
  PID:8036
- C:\Windows\System\eqaBkOc.exe
  C:\Windows\System\eqaBkOc.exe
  2⤵
  PID:1144
- C:\Windows\System\rdyibLU.exe
  C:\Windows\System\rdyibLU.exe
  2⤵
  PID:1956
- C:\Windows\System\ZzbVsvd.exe
  C:\Windows\System\ZzbVsvd.exe
  2⤵
  PID:544
- C:\Windows\System\FXNYhMH.exe
  C:\Windows\System\FXNYhMH.exe
  2⤵
  PID:2112
- C:\Windows\System\zezRvZf.exe
  C:\Windows\System\zezRvZf.exe
  2⤵
  PID:2936
- C:\Windows\System\YMTbtoU.exe
  C:\Windows\System\YMTbtoU.exe
  2⤵
  PID:3000
- C:\Windows\System\EYUufBG.exe
  C:\Windows\System\EYUufBG.exe
  2⤵
  PID:4768
- C:\Windows\System\rmFOOhO.exe
  C:\Windows\System\rmFOOhO.exe
  2⤵
  PID:6936
- C:\Windows\System\fvWfPyl.exe
  C:\Windows\System\fvWfPyl.exe
  2⤵
  PID:6600
- C:\Windows\System\wAMVhaq.exe
  C:\Windows\System\wAMVhaq.exe
  2⤵
  PID:5324
- C:\Windows\System\XbZzAeK.exe
  C:\Windows\System\XbZzAeK.exe
  2⤵
  PID:7176
- C:\Windows\System\yGgozkF.exe
  C:\Windows\System\yGgozkF.exe
  2⤵
  PID:7268
- C:\Windows\System\DNVEWeZ.exe
  C:\Windows\System\DNVEWeZ.exe
  2⤵
  PID:7336
- C:\Windows\System\uudZisw.exe
  C:\Windows\System\uudZisw.exe
  2⤵
  PID:7464
- C:\Windows\System\uXnpodD.exe
  C:\Windows\System\uXnpodD.exe
  2⤵
  PID:7368
- C:\Windows\System\fPfKZLI.exe
  C:\Windows\System\fPfKZLI.exe
  2⤵
  PID:7612
- C:\Windows\System\YqoFNuq.exe
  C:\Windows\System\YqoFNuq.exe
  2⤵
  PID:7660
- C:\Windows\System\eVBiCyY.exe
  C:\Windows\System\eVBiCyY.exe
  2⤵
  PID:7720
- C:\Windows\System\oIAmeTG.exe
  C:\Windows\System\oIAmeTG.exe
  2⤵
  PID:7724
- C:\Windows\System\KARMypO.exe
  C:\Windows\System\KARMypO.exe
  2⤵
  PID:2084
- C:\Windows\System\xGJOmPW.exe
  C:\Windows\System\xGJOmPW.exe
  2⤵
  PID:3036
- C:\Windows\System\qkHzIoj.exe
  C:\Windows\System\qkHzIoj.exe
  2⤵
  PID:7704
- C:\Windows\System\qJZKRYh.exe
  C:\Windows\System\qJZKRYh.exe
  2⤵
  PID:7288
- C:\Windows\System\GUZfvbW.exe
  C:\Windows\System\GUZfvbW.exe
  2⤵
  PID:7500
- C:\Windows\System\ZOypPYA.exe
  C:\Windows\System\ZOypPYA.exe
  2⤵
  PID:7528
- C:\Windows\System\vGBLnfH.exe
  C:\Windows\System\vGBLnfH.exe
  2⤵
  PID:7320
- C:\Windows\System\IEXPoXy.exe
  C:\Windows\System\IEXPoXy.exe
  2⤵
  PID:7300
- C:\Windows\System\JCiUrJp.exe
  C:\Windows\System\JCiUrJp.exe
  2⤵
  PID:2596
- C:\Windows\System\EKlzCOY.exe
  C:\Windows\System\EKlzCOY.exe
  2⤵
  PID:7776
- C:\Windows\System\uvycFZY.exe
  C:\Windows\System\uvycFZY.exe
  2⤵
  PID:2028
- C:\Windows\System\HuLrYbk.exe
  C:\Windows\System\HuLrYbk.exe
  2⤵
  PID:7576
- C:\Windows\System\VIsWkSH.exe
  C:\Windows\System\VIsWkSH.exe
  2⤵
  PID:7760
- C:\Windows\System\furPfuL.exe
  C:\Windows\System\furPfuL.exe
  2⤵
  PID:236
- C:\Windows\System\HlMcovN.exe
  C:\Windows\System\HlMcovN.exe
  2⤵
  PID:2920
- C:\Windows\System\kfQgMNJ.exe
  C:\Windows\System\kfQgMNJ.exe
  2⤵
  PID:8180
- C:\Windows\System\MOPTBkA.exe
  C:\Windows\System\MOPTBkA.exe
  2⤵
  PID:2352
- C:\Windows\System\DOewMOr.exe
  C:\Windows\System\DOewMOr.exe
  2⤵
  PID:7952
- C:\Windows\System\bFKYpKX.exe
  C:\Windows\System\bFKYpKX.exe
  2⤵
  PID:1840
- C:\Windows\System\vxteydU.exe
  C:\Windows\System\vxteydU.exe
  2⤵
  PID:8068
- C:\Windows\System\kuPTutq.exe
  C:\Windows\System\kuPTutq.exe
  2⤵
  PID:8160
- C:\Windows\System\uKAADrn.exe
  C:\Windows\System\uKAADrn.exe
  2⤵
  PID:7204
- C:\Windows\System\BCGgLMI.exe
  C:\Windows\System\BCGgLMI.exe
  2⤵
  PID:7656
- C:\Windows\System\uQpfiJF.exe
  C:\Windows\System\uQpfiJF.exe
  2⤵
  PID:7856
- C:\Windows\System\UsAigQd.exe
  C:\Windows\System\UsAigQd.exe
  2⤵
  PID:3428
- C:\Windows\System\zdNULGr.exe
  C:\Windows\System\zdNULGr.exe
  2⤵
  PID:2816
- C:\Windows\System\oplnvnS.exe
  C:\Windows\System\oplnvnS.exe
  2⤵
  PID:7388
- C:\Windows\System\dsnvhZa.exe
  C:\Windows\System\dsnvhZa.exe
  2⤵
  PID:552
- C:\Windows\System\NnCBKUq.exe
  C:\Windows\System\NnCBKUq.exe
  2⤵
  PID:1712
- C:\Windows\System\lXHoZTF.exe
  C:\Windows\System\lXHoZTF.exe
  2⤵
  PID:2720
- C:\Windows\System\EagyNTY.exe
  C:\Windows\System\EagyNTY.exe
  2⤵
  PID:7780
- C:\Windows\System\VnxJujq.exe
  C:\Windows\System\VnxJujq.exe
  2⤵
  PID:7532
- C:\Windows\System\EKflRky.exe
  C:\Windows\System\EKflRky.exe
  2⤵
  PID:7824
- C:\Windows\System\xYZVwSE.exe
  C:\Windows\System\xYZVwSE.exe
  2⤵
  PID:8128
- C:\Windows\System\wFKwCSI.exe
  C:\Windows\System\wFKwCSI.exe
  2⤵
  PID:2076
- C:\Windows\System\jEPubNG.exe
  C:\Windows\System\jEPubNG.exe
  2⤵
  PID:7892
- C:\Windows\System\DcmWrGj.exe
  C:\Windows\System\DcmWrGj.exe
  2⤵
  PID:7608
- C:\Windows\System\VxDFQFD.exe
  C:\Windows\System\VxDFQFD.exe
  2⤵
  PID:8112
- C:\Windows\System\icsPIsx.exe
  C:\Windows\System\icsPIsx.exe
  2⤵
  PID:7672
- C:\Windows\System\qZZSAht.exe
  C:\Windows\System\qZZSAht.exe
  2⤵
  PID:7968
- C:\Windows\System\lJSemyC.exe
  C:\Windows\System\lJSemyC.exe
  2⤵
  PID:6532
- C:\Windows\System\joYQyJz.exe
  C:\Windows\System\joYQyJz.exe
  2⤵
  PID:7644
- C:\Windows\System\FTdKQnI.exe
  C:\Windows\System\FTdKQnI.exe
  2⤵
  PID:7624
- C:\Windows\System\SLfdOUr.exe
  C:\Windows\System\SLfdOUr.exe
  2⤵
  PID:1868
- C:\Windows\System\VNNunlt.exe
  C:\Windows\System\VNNunlt.exe
  2⤵
  PID:8196
- C:\Windows\System\CmWsRWn.exe
  C:\Windows\System\CmWsRWn.exe
  2⤵
  PID:8212
- C:\Windows\System\bZQkyFR.exe
  C:\Windows\System\bZQkyFR.exe
  2⤵
  PID:8228
- C:\Windows\System\XAHWCbZ.exe
  C:\Windows\System\XAHWCbZ.exe
  2⤵
  PID:8244
- C:\Windows\System\czTudVK.exe
  C:\Windows\System\czTudVK.exe
  2⤵
  PID:8260
- C:\Windows\System\VknPDot.exe
  C:\Windows\System\VknPDot.exe
  2⤵
  PID:8276
- C:\Windows\System\wnDtgAs.exe
  C:\Windows\System\wnDtgAs.exe
  2⤵
  PID:8292
- C:\Windows\System\JwZSKtJ.exe
  C:\Windows\System\JwZSKtJ.exe
  2⤵
  PID:8308
- C:\Windows\System\VFPxZbp.exe
  C:\Windows\System\VFPxZbp.exe
  2⤵
  PID:8324
- C:\Windows\System\BfBEmZM.exe
  C:\Windows\System\BfBEmZM.exe
  2⤵
  PID:8340
- C:\Windows\System\GcSWegR.exe
  C:\Windows\System\GcSWegR.exe
  2⤵
  PID:8356
- C:\Windows\System\VsYeXFH.exe
  C:\Windows\System\VsYeXFH.exe
  2⤵
  PID:8372
- C:\Windows\System\SnOUhVP.exe
  C:\Windows\System\SnOUhVP.exe
  2⤵
  PID:8388
- C:\Windows\System\aMsFwNk.exe
  C:\Windows\System\aMsFwNk.exe
  2⤵
  PID:8404
- C:\Windows\System\OGIOEKZ.exe
  C:\Windows\System\OGIOEKZ.exe
  2⤵
  PID:8420
- C:\Windows\System\vhQkaFU.exe
  C:\Windows\System\vhQkaFU.exe
  2⤵
  PID:8436
- C:\Windows\System\dirZehP.exe
  C:\Windows\System\dirZehP.exe
  2⤵
  PID:8452
- C:\Windows\System\LnfMdas.exe
  C:\Windows\System\LnfMdas.exe
  2⤵
  PID:8468
- C:\Windows\System\KFOSlEY.exe
  C:\Windows\System\KFOSlEY.exe
  2⤵
  PID:8484
- C:\Windows\System\BRjdlVm.exe
  C:\Windows\System\BRjdlVm.exe
  2⤵
  PID:8500
- C:\Windows\System\QlqJvKA.exe
  C:\Windows\System\QlqJvKA.exe
  2⤵
  PID:8516
- C:\Windows\System\ubQeeHG.exe
  C:\Windows\System\ubQeeHG.exe
  2⤵
  PID:8532
- C:\Windows\System\agimGdq.exe
  C:\Windows\System\agimGdq.exe
  2⤵
  PID:8548
- C:\Windows\System\uzVAjbP.exe
  C:\Windows\System\uzVAjbP.exe
  2⤵
  PID:8564
- C:\Windows\System\tFAgEuq.exe
  C:\Windows\System\tFAgEuq.exe
  2⤵
  PID:8580
- C:\Windows\System\jZoTPNU.exe
  C:\Windows\System\jZoTPNU.exe
  2⤵
  PID:8596
- C:\Windows\System\yvoYixE.exe
  C:\Windows\System\yvoYixE.exe
  2⤵
  PID:8612
- C:\Windows\System\psYlaYC.exe
  C:\Windows\System\psYlaYC.exe
  2⤵
  PID:8628
- C:\Windows\System\LPmHsBd.exe
  C:\Windows\System\LPmHsBd.exe
  2⤵
  PID:8648
- C:\Windows\System\jwzQsoa.exe
  C:\Windows\System\jwzQsoa.exe
  2⤵
  PID:8664
- C:\Windows\System\OyVmEAl.exe
  C:\Windows\System\OyVmEAl.exe
  2⤵
  PID:8680
- C:\Windows\System\iEMEtKK.exe
  C:\Windows\System\iEMEtKK.exe
  2⤵
  PID:8696
- C:\Windows\System\hZMFKQb.exe
  C:\Windows\System\hZMFKQb.exe
  2⤵
  PID:8712
- C:\Windows\System\DrjttxK.exe
  C:\Windows\System\DrjttxK.exe
  2⤵
  PID:8728
- C:\Windows\System\pPeJieI.exe
  C:\Windows\System\pPeJieI.exe
  2⤵
  PID:8744
- C:\Windows\System\DTdHYca.exe
  C:\Windows\System\DTdHYca.exe
  2⤵
  PID:8760
- C:\Windows\System\DzMCLng.exe
  C:\Windows\System\DzMCLng.exe
  2⤵
  PID:8776
- C:\Windows\System\VkantnM.exe
  C:\Windows\System\VkantnM.exe
  2⤵
  PID:8792
- C:\Windows\System\IWCpVWL.exe
  C:\Windows\System\IWCpVWL.exe
  2⤵
  PID:8808
- C:\Windows\System\flEqJhe.exe
  C:\Windows\System\flEqJhe.exe
  2⤵
  PID:8824
- C:\Windows\System\sXNBMvi.exe
  C:\Windows\System\sXNBMvi.exe
  2⤵
  PID:8840
- C:\Windows\System\jSoxpgE.exe
  C:\Windows\System\jSoxpgE.exe
  2⤵
  PID:8856
- C:\Windows\System\ECCuaLT.exe
  C:\Windows\System\ECCuaLT.exe
  2⤵
  PID:8872
- C:\Windows\System\IROgWJl.exe
  C:\Windows\System\IROgWJl.exe
  2⤵
  PID:8888
- C:\Windows\System\rhnGKul.exe
  C:\Windows\System\rhnGKul.exe
  2⤵
  PID:8904
- C:\Windows\System\wyFdgtP.exe
  C:\Windows\System\wyFdgtP.exe
  2⤵
  PID:8920
- C:\Windows\System\LlGhdRC.exe
  C:\Windows\System\LlGhdRC.exe
  2⤵
  PID:8936
- C:\Windows\System\nzPrqIg.exe
  C:\Windows\System\nzPrqIg.exe
  2⤵
  PID:8952
- C:\Windows\System\onpRvPF.exe
  C:\Windows\System\onpRvPF.exe
  2⤵
  PID:8968
- C:\Windows\System\cCGqnqD.exe
  C:\Windows\System\cCGqnqD.exe
  2⤵
  PID:8984
- C:\Windows\System\BtNGDQW.exe
  C:\Windows\System\BtNGDQW.exe
  2⤵
  PID:9000
- C:\Windows\System\ATMDrww.exe
  C:\Windows\System\ATMDrww.exe
  2⤵
  PID:9016
- C:\Windows\System\DtzJsrx.exe
  C:\Windows\System\DtzJsrx.exe
  2⤵
  PID:9032
- C:\Windows\System\SSGWVAL.exe
  C:\Windows\System\SSGWVAL.exe
  2⤵
  PID:9048
- C:\Windows\System\MDtACdL.exe
  C:\Windows\System\MDtACdL.exe
  2⤵
  PID:9064
- C:\Windows\System\apLxVcS.exe
  C:\Windows\System\apLxVcS.exe
  2⤵
  PID:9080
- C:\Windows\System\UXxBPpV.exe
  C:\Windows\System\UXxBPpV.exe
  2⤵
  PID:9096
- C:\Windows\System\aASvMrJ.exe
  C:\Windows\System\aASvMrJ.exe
  2⤵
  PID:9112
- C:\Windows\System\lhpxIvY.exe
  C:\Windows\System\lhpxIvY.exe
  2⤵
  PID:9128
- C:\Windows\System\XKocXsE.exe
  C:\Windows\System\XKocXsE.exe
  2⤵
  PID:9144
- C:\Windows\System\imPhrjZ.exe
  C:\Windows\System\imPhrjZ.exe
  2⤵
  PID:9160
- C:\Windows\System\AmDXHyW.exe
  C:\Windows\System\AmDXHyW.exe
  2⤵
  PID:9176
- C:\Windows\System\AiCsDLz.exe
  C:\Windows\System\AiCsDLz.exe
  2⤵
  PID:9192
- C:\Windows\System\dHgwBhl.exe
  C:\Windows\System\dHgwBhl.exe
  2⤵
  PID:9208
- C:\Windows\System\BZzyuVt.exe
  C:\Windows\System\BZzyuVt.exe
  2⤵
  PID:8048
- C:\Windows\System\OohYAnm.exe
  C:\Windows\System\OohYAnm.exe
  2⤵
  PID:2832
- C:\Windows\System\ySOoynZ.exe
  C:\Windows\System\ySOoynZ.exe
  2⤵
  PID:7480
- C:\Windows\System\nizExhk.exe
  C:\Windows\System\nizExhk.exe
  2⤵
  PID:8224
- C:\Windows\System\oSssqjS.exe
  C:\Windows\System\oSssqjS.exe
  2⤵
  PID:8316
- C:\Windows\System\XvxoGCV.exe
  C:\Windows\System\XvxoGCV.exe
  2⤵
  PID:3416
- C:\Windows\System\quyUOeo.exe
  C:\Windows\System\quyUOeo.exe
  2⤵
  PID:2332
- C:\Windows\System\BcWOAiK.exe
  C:\Windows\System\BcWOAiK.exe
  2⤵
  PID:8204
- C:\Windows\System\OghDmFO.exe
  C:\Windows\System\OghDmFO.exe
  2⤵
  PID:8300
- C:\Windows\System\oSKaBCs.exe
  C:\Windows\System\oSKaBCs.exe
  2⤵
  PID:8336
- C:\Windows\System\lphZWpj.exe
  C:\Windows\System\lphZWpj.exe
  2⤵
  PID:8412
- C:\Windows\System\fjfcsIT.exe
  C:\Windows\System\fjfcsIT.exe
  2⤵
  PID:8476
- C:\Windows\System\zzfkCHm.exe
  C:\Windows\System\zzfkCHm.exe
  2⤵
  PID:8540
- C:\Windows\System\VTNlzGd.exe
  C:\Windows\System\VTNlzGd.exe
  2⤵
  PID:8604
- C:\Windows\System\TemfiYW.exe
  C:\Windows\System\TemfiYW.exe
  2⤵
  PID:8368
- C:\Windows\System\tafyRza.exe
  C:\Windows\System\tafyRza.exe
  2⤵
  PID:8588
- C:\Windows\System\YSYGIaZ.exe
  C:\Windows\System\YSYGIaZ.exe
  2⤵
  PID:8492
- C:\Windows\System\HbEsdru.exe
  C:\Windows\System\HbEsdru.exe
  2⤵
  PID:8620
- C:\Windows\System\WWgdCko.exe
  C:\Windows\System\WWgdCko.exe
  2⤵
  PID:8660
- C:\Windows\System\qgbqImg.exe
  C:\Windows\System\qgbqImg.exe
  2⤵
  PID:8672
- C:\Windows\System\gCZHjIL.exe
  C:\Windows\System\gCZHjIL.exe
  2⤵
  PID:8740
- C:\Windows\System\bNjgIXl.exe
  C:\Windows\System\bNjgIXl.exe
  2⤵
  PID:8692
- C:\Windows\System\voTIEHV.exe
  C:\Windows\System\voTIEHV.exe
  2⤵
  PID:8768
- C:\Windows\System\LHLbAjC.exe
  C:\Windows\System\LHLbAjC.exe
  2⤵
  PID:8832
- C:\Windows\System\UbXajMB.exe
  C:\Windows\System\UbXajMB.exe
  2⤵
  PID:8864
- C:\Windows\System\LPZBavc.exe
  C:\Windows\System\LPZBavc.exe
  2⤵
  PID:8816
- C:\Windows\System\ttPTXmv.exe
  C:\Windows\System\ttPTXmv.exe
  2⤵
  PID:8852
- C:\Windows\System\yKNEyYI.exe
  C:\Windows\System\yKNEyYI.exe
  2⤵
  PID:8880
- C:\Windows\System\bUpFBDd.exe
  C:\Windows\System\bUpFBDd.exe
  2⤵
  PID:8960
- C:\Windows\System\ewDakYP.exe
  C:\Windows\System\ewDakYP.exe
  2⤵
  PID:9024
- C:\Windows\System\oNfsPYn.exe
  C:\Windows\System\oNfsPYn.exe
  2⤵
  PID:8976
- C:\Windows\System\RAExdiN.exe
  C:\Windows\System\RAExdiN.exe
  2⤵
  PID:9124
- C:\Windows\System\Mqluyly.exe
  C:\Windows\System\Mqluyly.exe
  2⤵
  PID:9188
- C:\Windows\System\AfFCfEx.exe
  C:\Windows\System\AfFCfEx.exe
  2⤵
  PID:7940
- C:\Windows\System\izRptDh.exe
  C:\Windows\System\izRptDh.exe
  2⤵
  PID:8236
- C:\Windows\System\BzytDOe.exe
  C:\Windows\System\BzytDOe.exe
  2⤵
  PID:8380
- C:\Windows\System\YQgGuII.exe
  C:\Windows\System\YQgGuII.exe
  2⤵
  PID:9168
- C:\Windows\System\XwhYIqX.exe
  C:\Windows\System\XwhYIqX.exe
  2⤵
  PID:9044
- C:\Windows\System\XukxxKj.exe
  C:\Windows\System\XukxxKj.exe
  2⤵
  PID:9136
- C:\Windows\System\VgSmsid.exe
  C:\Windows\System\VgSmsid.exe
  2⤵
  PID:9204
- C:\Windows\System\zRveHoE.exe
  C:\Windows\System\zRveHoE.exe
  2⤵
  PID:8252
- C:\Windows\System\lliGkdb.exe
  C:\Windows\System\lliGkdb.exe
  2⤵
  PID:8332
- C:\Windows\System\ywDXiSE.exe
  C:\Windows\System\ywDXiSE.exe
  2⤵
  PID:8572
- C:\Windows\System\esYzrtB.exe
  C:\Windows\System\esYzrtB.exe
  2⤵
  PID:8508
- C:\Windows\System\XUyCjhe.exe
  C:\Windows\System\XUyCjhe.exe
  2⤵
  PID:8432
- C:\Windows\System\tsmTeOp.exe
  C:\Windows\System\tsmTeOp.exe
  2⤵
  PID:8384
- C:\Windows\System\bJhGewG.exe
  C:\Windows\System\bJhGewG.exe
  2⤵
  PID:8708
- C:\Windows\System\OCpcGAW.exe
  C:\Windows\System\OCpcGAW.exe
  2⤵
  PID:8676
- C:\Windows\System\CEIbWSP.exe
  C:\Windows\System\CEIbWSP.exe
  2⤵
  PID:8944
- C:\Windows\System\NQXXoqW.exe
  C:\Windows\System\NQXXoqW.exe
  2⤵
  PID:9056
- C:\Windows\System\HhnUzQq.exe
  C:\Windows\System\HhnUzQq.exe
  2⤵
  PID:8288
- C:\Windows\System\bAJrxhY.exe
  C:\Windows\System\bAJrxhY.exe
  2⤵
  PID:9076
- C:\Windows\System\vzxMqgc.exe
  C:\Windows\System\vzxMqgc.exe
  2⤵
  PID:8912
- C:\Windows\System\XhMIrtl.exe
  C:\Windows\System\XhMIrtl.exe
  2⤵
  PID:8688
- C:\Windows\System\mMGFuqr.exe
  C:\Windows\System\mMGFuqr.exe
  2⤵
  PID:8996
- C:\Windows\System\GlGUWhr.exe
  C:\Windows\System\GlGUWhr.exe
  2⤵
  PID:2608
- C:\Windows\System\JoxmlLd.exe
  C:\Windows\System\JoxmlLd.exe
  2⤵
  PID:8524
- C:\Windows\System\UBItDeP.exe
  C:\Windows\System\UBItDeP.exe
  2⤵
  PID:7676
- C:\Windows\System\IoOdtRi.exe
  C:\Windows\System\IoOdtRi.exe
  2⤵
  PID:9108
- C:\Windows\System\cMYNwRG.exe
  C:\Windows\System\cMYNwRG.exe
  2⤵
  PID:8448
- C:\Windows\System\RGYIIpv.exe
  C:\Windows\System\RGYIIpv.exe
  2⤵
  PID:8644
- C:\Windows\System\pkLoqaw.exe
  C:\Windows\System\pkLoqaw.exe
  2⤵
  PID:8804
- C:\Windows\System\lAZbdDg.exe
  C:\Windows\System\lAZbdDg.exe
  2⤵
  PID:9184
- C:\Windows\System\CpTTfIl.exe
  C:\Windows\System\CpTTfIl.exe
  2⤵
  PID:8272
- C:\Windows\System\scrkmDT.exe
  C:\Windows\System\scrkmDT.exe
  2⤵
  PID:9200
- C:\Windows\System\USvTIZj.exe
  C:\Windows\System\USvTIZj.exe
  2⤵
  PID:9224
- C:\Windows\System\dAtbEcn.exe
  C:\Windows\System\dAtbEcn.exe
  2⤵
  PID:9240
- C:\Windows\System\gJZBSXe.exe
  C:\Windows\System\gJZBSXe.exe
  2⤵
  PID:9256
- C:\Windows\System\ysnRaiC.exe
  C:\Windows\System\ysnRaiC.exe
  2⤵
  PID:9272
- C:\Windows\System\oTDGRbs.exe
  C:\Windows\System\oTDGRbs.exe
  2⤵
  PID:9288
- C:\Windows\System\aDgOHdh.exe
  C:\Windows\System\aDgOHdh.exe
  2⤵
  PID:9304
- C:\Windows\System\BakWPPH.exe
  C:\Windows\System\BakWPPH.exe
  2⤵
  PID:9320
- C:\Windows\System\PZfjUZe.exe
  C:\Windows\System\PZfjUZe.exe
  2⤵
  PID:9336
- C:\Windows\System\JJerLAw.exe
  C:\Windows\System\JJerLAw.exe
  2⤵
  PID:9352
- C:\Windows\System\aLcrfBs.exe
  C:\Windows\System\aLcrfBs.exe
  2⤵
  PID:9368
- C:\Windows\System\xuTYbVy.exe
  C:\Windows\System\xuTYbVy.exe
  2⤵
  PID:9384
- C:\Windows\System\izbYszN.exe
  C:\Windows\System\izbYszN.exe
  2⤵
  PID:9400
- C:\Windows\System\QfyvErF.exe
  C:\Windows\System\QfyvErF.exe
  2⤵
  PID:9420
- C:\Windows\System\ClbxnwN.exe
  C:\Windows\System\ClbxnwN.exe
  2⤵
  PID:9440
- C:\Windows\System\ZXlVjZd.exe
  C:\Windows\System\ZXlVjZd.exe
  2⤵
  PID:9456
- C:\Windows\System\uzZpfay.exe
  C:\Windows\System\uzZpfay.exe
  2⤵
  PID:9472
- C:\Windows\System\EXlcEuS.exe
  C:\Windows\System\EXlcEuS.exe
  2⤵
  PID:9488
- C:\Windows\System\BlqaBUt.exe
  C:\Windows\System\BlqaBUt.exe
  2⤵
  PID:9504
- C:\Windows\System\SjYBaSy.exe
  C:\Windows\System\SjYBaSy.exe
  2⤵
  PID:9520
- C:\Windows\System\liXRfEn.exe
  C:\Windows\System\liXRfEn.exe
  2⤵
  PID:9536
- C:\Windows\System\bZUnnGO.exe
  C:\Windows\System\bZUnnGO.exe
  2⤵
  PID:9552
- C:\Windows\System\qzMzFid.exe
  C:\Windows\System\qzMzFid.exe
  2⤵
  PID:9568
- C:\Windows\System\iyLaJIR.exe
  C:\Windows\System\iyLaJIR.exe
  2⤵
  PID:9584
- C:\Windows\System\nyzactG.exe
  C:\Windows\System\nyzactG.exe
  2⤵
  PID:9600
- C:\Windows\System\kEwcdOE.exe
  C:\Windows\System\kEwcdOE.exe
  2⤵
  PID:9616
- C:\Windows\System\IFGkqWc.exe
  C:\Windows\System\IFGkqWc.exe
  2⤵
  PID:9632
- C:\Windows\System\bJoiIjO.exe
  C:\Windows\System\bJoiIjO.exe
  2⤵
  PID:9648
- C:\Windows\System\sgvNBub.exe
  C:\Windows\System\sgvNBub.exe
  2⤵
  PID:9664
- C:\Windows\System\oFnyWcy.exe
  C:\Windows\System\oFnyWcy.exe
  2⤵
  PID:9680
- C:\Windows\System\DnXXhZV.exe
  C:\Windows\System\DnXXhZV.exe
  2⤵
  PID:9696
- C:\Windows\System\LkOGBTB.exe
  C:\Windows\System\LkOGBTB.exe
  2⤵
  PID:9712
- C:\Windows\System\LlLEfJk.exe
  C:\Windows\System\LlLEfJk.exe
  2⤵
  PID:9728
- C:\Windows\System\XWSEshK.exe
  C:\Windows\System\XWSEshK.exe
  2⤵
  PID:9744
- C:\Windows\System\TQUuGsY.exe
  C:\Windows\System\TQUuGsY.exe
  2⤵
  PID:9760
- C:\Windows\System\QdYYaLZ.exe
  C:\Windows\System\QdYYaLZ.exe
  2⤵
  PID:9776
- C:\Windows\System\LMqikNQ.exe
  C:\Windows\System\LMqikNQ.exe
  2⤵
  PID:9792
- C:\Windows\System\AhGcpBd.exe
  C:\Windows\System\AhGcpBd.exe
  2⤵
  PID:9808
- C:\Windows\System\PxpCgzR.exe
  C:\Windows\System\PxpCgzR.exe
  2⤵
  PID:9824
- C:\Windows\System\JGiCuNl.exe
  C:\Windows\System\JGiCuNl.exe
  2⤵
  PID:9840
- C:\Windows\System\ZdSFAIS.exe
  C:\Windows\System\ZdSFAIS.exe
  2⤵
  PID:9856
- C:\Windows\System\szbsWMR.exe
  C:\Windows\System\szbsWMR.exe
  2⤵
  PID:9872
- C:\Windows\System\jeJJcQM.exe
  C:\Windows\System\jeJJcQM.exe
  2⤵
  PID:9888
- C:\Windows\System\cIGIWIr.exe
  C:\Windows\System\cIGIWIr.exe
  2⤵
  PID:9904
- C:\Windows\System\QTnqopz.exe
  C:\Windows\System\QTnqopz.exe
  2⤵
  PID:9920
- C:\Windows\System\efHkuSS.exe
  C:\Windows\System\efHkuSS.exe
  2⤵
  PID:9936
- C:\Windows\System\pzTnToW.exe
  C:\Windows\System\pzTnToW.exe
  2⤵
  PID:9952
- C:\Windows\System\bkuRqmt.exe
  C:\Windows\System\bkuRqmt.exe
  2⤵
  PID:9968
- C:\Windows\System\kmkDjUj.exe
  C:\Windows\System\kmkDjUj.exe
  2⤵
  PID:9984
- C:\Windows\System\YVedFPa.exe
  C:\Windows\System\YVedFPa.exe
  2⤵
  PID:10000
- C:\Windows\System\MipcYcB.exe
  C:\Windows\System\MipcYcB.exe
  2⤵
  PID:10016
- C:\Windows\System\duFFplO.exe
  C:\Windows\System\duFFplO.exe
  2⤵
  PID:10032
- C:\Windows\System\BVukMSc.exe
  C:\Windows\System\BVukMSc.exe
  2⤵
  PID:10048
- C:\Windows\System\vRWhvSO.exe
  C:\Windows\System\vRWhvSO.exe
  2⤵
  PID:10064
- C:\Windows\System\uJdWlgc.exe
  C:\Windows\System\uJdWlgc.exe
  2⤵
  PID:10080
- C:\Windows\System\YjoXrml.exe
  C:\Windows\System\YjoXrml.exe
  2⤵
  PID:10096
- C:\Windows\System\mOhpxwE.exe
  C:\Windows\System\mOhpxwE.exe
  2⤵
  PID:10112
- C:\Windows\System\UadMKtu.exe
  C:\Windows\System\UadMKtu.exe
  2⤵
  PID:10128
- C:\Windows\System\GEAvtzT.exe
  C:\Windows\System\GEAvtzT.exe
  2⤵
  PID:10144
- C:\Windows\System\wYRzzmj.exe
  C:\Windows\System\wYRzzmj.exe
  2⤵
  PID:10160
- C:\Windows\System\BeGTQMD.exe
  C:\Windows\System\BeGTQMD.exe
  2⤵
  PID:10176
- C:\Windows\System\NvjbyZJ.exe
  C:\Windows\System\NvjbyZJ.exe
  2⤵
  PID:10192
- C:\Windows\System\zhGZvxM.exe
  C:\Windows\System\zhGZvxM.exe
  2⤵
  PID:10208
- C:\Windows\System\gbpWUnN.exe
  C:\Windows\System\gbpWUnN.exe
  2⤵
  PID:10224
- C:\Windows\System\TvvPApE.exe
  C:\Windows\System\TvvPApE.exe
  2⤵
  PID:8848
- C:\Windows\System\kLnvzAr.exe
  C:\Windows\System\kLnvzAr.exe
  2⤵
  PID:8724
- C:\Windows\System\YzpLYtg.exe
  C:\Windows\System\YzpLYtg.exe
  2⤵
  PID:8932
- C:\Windows\System\MhfroQa.exe
  C:\Windows\System\MhfroQa.exe
  2⤵
  PID:8592
- C:\Windows\System\BiFXmqD.exe
  C:\Windows\System\BiFXmqD.exe
  2⤵
  PID:8016
- C:\Windows\System\pAuWTMV.exe
  C:\Windows\System\pAuWTMV.exe
  2⤵
  PID:9268
- C:\Windows\System\vXYRUhT.exe
  C:\Windows\System\vXYRUhT.exe
  2⤵
  PID:9248
- C:\Windows\System\HIGOFWN.exe
  C:\Windows\System\HIGOFWN.exe
  2⤵
  PID:9448
- C:\Windows\System\LPvVsZw.exe
  C:\Windows\System\LPvVsZw.exe
  2⤵
  PID:9380
- C:\Windows\System\TqMVYoF.exe
  C:\Windows\System\TqMVYoF.exe
  2⤵
  PID:9480
- C:\Windows\System\QqMyqlc.exe
  C:\Windows\System\QqMyqlc.exe
  2⤵
  PID:9264
- C:\Windows\System\OHMeDpb.exe
  C:\Windows\System\OHMeDpb.exe
  2⤵
  PID:9296
- C:\Windows\System\OtWkhfA.exe
  C:\Windows\System\OtWkhfA.exe
  2⤵
  PID:9392
- C:\Windows\System\SZXTjvT.exe
  C:\Windows\System\SZXTjvT.exe
  2⤵
  PID:9468
- C:\Windows\System\GPSuwpX.exe
  C:\Windows\System\GPSuwpX.exe
  2⤵
  PID:9532
- C:\Windows\System\Heykslw.exe
  C:\Windows\System\Heykslw.exe
  2⤵
  PID:9596
- C:\Windows\System\gGnmxqq.exe
  C:\Windows\System\gGnmxqq.exe
  2⤵
  PID:9656
- C:\Windows\System\QFEzjxe.exe
  C:\Windows\System\QFEzjxe.exe
  2⤵
  PID:9692
- C:\Windows\System\Loxllve.exe
  C:\Windows\System\Loxllve.exe
  2⤵
  PID:9640
- C:\Windows\System\GXNuliW.exe
  C:\Windows\System\GXNuliW.exe
  2⤵
  PID:9704
- C:\Windows\System\gVonDYH.exe
  C:\Windows\System\gVonDYH.exe
  2⤵
  PID:9752
- C:\Windows\System\TdkxItO.exe
  C:\Windows\System\TdkxItO.exe
  2⤵
  PID:9768
- C:\Windows\System\iOmyeCW.exe
  C:\Windows\System\iOmyeCW.exe
  2⤵
  PID:9788
- C:\Windows\System\vliqWaF.exe
  C:\Windows\System\vliqWaF.exe
  2⤵
  PID:9880
- C:\Windows\System\ZPPAGmm.exe
  C:\Windows\System\ZPPAGmm.exe
  2⤵
  PID:9832
- C:\Windows\System\WwWqoLZ.exe
  C:\Windows\System\WwWqoLZ.exe
  2⤵
  PID:9916
- C:\Windows\System\GZqTilw.exe
  C:\Windows\System\GZqTilw.exe
  2⤵
  PID:9980
- C:\Windows\System\nNnFYdy.exe
  C:\Windows\System\nNnFYdy.exe
  2⤵
  PID:9964
- C:\Windows\System\DPXwFNN.exe
  C:\Windows\System\DPXwFNN.exe
  2⤵
  PID:9848
- C:\Windows\System\XbwEZfM.exe
  C:\Windows\System\XbwEZfM.exe
  2⤵
  PID:10072
- C:\Windows\System\IUSdTPQ.exe
  C:\Windows\System\IUSdTPQ.exe
  2⤵
  PID:9836
- C:\Windows\System\yEzHddV.exe
  C:\Windows\System\yEzHddV.exe
  2⤵
  PID:10120
- C:\Windows\System\CFNBBgI.exe
  C:\Windows\System\CFNBBgI.exe
  2⤵
  PID:8560
- C:\Windows\System\QoqSdXX.exe
  C:\Windows\System\QoqSdXX.exe
  2⤵
  PID:10220
- C:\Windows\System\YaUKRfW.exe
  C:\Windows\System\YaUKRfW.exe
  2⤵
  PID:10232
- C:\Windows\System\RTSqUkf.exe
  C:\Windows\System\RTSqUkf.exe
  2⤵
  PID:8444
- C:\Windows\System\HCrWNQN.exe
  C:\Windows\System\HCrWNQN.exe
  2⤵
  PID:9120
- C:\Windows\System\pGjhPzu.exe
  C:\Windows\System\pGjhPzu.exe
  2⤵
  PID:9284
- C:\Windows\System\NTZLTmz.exe
  C:\Windows\System\NTZLTmz.exe
  2⤵
  PID:9300
- C:\Windows\System\eXFbLgZ.exe
  C:\Windows\System\eXFbLgZ.exe
  2⤵
  PID:9376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AggmiSb.exe

Filesize
6.0MB

MD5
43f8dc04e30bc3bab8bd4a9792538e66

SHA1
437cc7163bd521b3f4f4cf0001b9f7ccc929e334

SHA256
4df8562fb7a1eaad9c8b60b26a4311e3d45be92d3306213bc1e5fb2b90dbcd12

SHA512
2102d6668dbcd8502bede3ed9a72dabad7cbf4959416d246c85df1585a25cbe68af3e45f5a531ed5cc1d3fe74009be7a4b462ff8efcf79ecb1e8e0a42d56edf9

Download Submit
C:\Windows\system\BLTRtKr.exe

Filesize
6.0MB

MD5
c590bf684a27ec4d48a74e98b9d61603

SHA1
dd8e3889a6fd559b10d01b33d8dd4bea7567353a

SHA256
54998f9a51aebcecbbb84e89ed396b1bf99e4bd6d11a5c1ca2c653f63480f35c

SHA512
35396a73f7b3666dd06e2c893c7a3be2abb92bcdc2c2b933fb9ee20c51ab733af0efd7e128c1c9d8d49950017006ac8d183d35e17e641447249d3aca2e16e8fa

Download Submit
C:\Windows\system\BvaMaho.exe

Filesize
6.0MB

MD5
4891a24cac43bf838329796b0ef70878

SHA1
c64b9c2983f31d9d867a0b606fff7832097ef276

SHA256
bdddfb723d6b88f0f91439174332c15d8cb7c01ecad2e98263fd2b8a22c2dead

SHA512
366b67ea5ff36b2b48466ff7ec5408b592d8e17517efcf78eec4e4d1fe5293a53430c98c056d861fcec04910b208305f6b2abdc90b4c6fc127753e041e59fe19

Download Submit
C:\Windows\system\FGEDMqe.exe

Filesize
6.0MB

MD5
96610effb3182abc14c6e03ac6ea0afc

SHA1
61ede144b30f39fb526f30ae72a025c15932e491

SHA256
87272147276dec5bed797d3abf73908fd17ddbefb96a50848be8111e403e3069

SHA512
3d01fe8728687b63a61f4122b31991fdf63a3f18df908ec0f41d4bb0aa6774e1901810927d0a6b55a9f285782f9704da6878b00b70adcef1cf73015a242c156f

Download Submit
C:\Windows\system\GZOBVpo.exe

Filesize
6.0MB

MD5
2ecc34242aea8867a9a9aa9b16e705db

SHA1
adce79ce8cc78d28b0193a854149779ba9f691a4

SHA256
9e9fb607e72687eb9d3abe1409961c9142c28b7325e8f94eae92186225b027db

SHA512
8fb538d55ed96aec37c0925f68f7653ebf4095fd553a1494383e53a3ec69567fb93accaf4fe5848d32d11d81c73e0c0d3d1edd62b97479f65ab9696ad3ef5891

Download Submit
C:\Windows\system\HFHnAEO.exe

Filesize
6.0MB

MD5
91d92e278c2739df55a5ae41cb1c07af

SHA1
18f0f55532c7edd450edf2e330d4aa22fca1c890

SHA256
e8b4a1e87c18d574c31a5f9698509d814e7d26a8d5152f6be75702ca44aba7df

SHA512
a48a0776b2f5dca31ca750524b0fd83478b9e0b497784fb585e7ec39aa817bcee0c6af26c2992fc7947c81ae60c281775115b988ec9d45fa3d4be9957e4a128e

Download Submit
C:\Windows\system\KaFGomH.exe

Filesize
6.0MB

MD5
776d25af14eac6d50bf6484a1cdc1773

SHA1
2dfab66e581cd245554193278a88df96dcdc86f8

SHA256
b0d5d51817d21006895485cbd6d51f370b68a5ddf9d4f7140e45ba98419eb7de

SHA512
6e5e9eddebc777a85ab93820a8a29021fd9dd0b1f229d0b3c59ae72b241798100dc06d236ec7afce5c7b85a6faab0732979bcae22669d6086cce1de31e0de61f

Download Submit
C:\Windows\system\KqfHlZw.exe

Filesize
6.0MB

MD5
05a48c043ac4881f080e55ffd19ef5a4

SHA1
5f1dcd7e30feb688fbfdb8a7a07f3b19e3be9776

SHA256
f5d161b360cc37a0c7d1fd707a828f217033cbe94564f87c7d906206a8d8d725

SHA512
c972510450b44828b012fb29b4bada2013feedd240db3520bdb4673d626d12f83286681e232605b955c259003545bea03e47388394151adf6d6f0b6d80d699fe

Download Submit
C:\Windows\system\KxEcDzl.exe

Filesize
6.0MB

MD5
a1088541707bca737df76ccc11c00605

SHA1
9a6f9c4dd70ffc1654307f0ec9c9c1e46b448494

SHA256
9071eac7d3dccb160cc1dc8d36c538aa95f4e6fab14969af1ecbf0181f577fdd

SHA512
3a20ec1b6133468b8435c6e887d26fdb4ed79165f3a4186288b2899448cbffda89d2fa9a5159588760ee7897e80b4469d5d2c28ca98e8b88cab9b017f4c61964

Download Submit
C:\Windows\system\LmOLFXi.exe

Filesize
6.0MB

MD5
55be4f3b97a1718ec399a885441f8271

SHA1
3e825b3ce317e6d79be785335bb91408bae45fb0

SHA256
c0081e13bafc98a87a146062cfb1b3a5995caa37a1bdb239301a7c0e944e0452

SHA512
d20a78b65b00f174f8fc90e44b94b5127961a0fb2d0320d074a424a0e4ab0a45c936fd5f9c9298c4cd145829b13174d51ce9c534065a856891d47c0107fe7bc2

Download Submit
C:\Windows\system\NjEGhrC.exe

Filesize
6.0MB

MD5
6639a649e385df0b6d64f73acc34b15f

SHA1
28d6a3b3d9083b76a94b495a5d64aa830c57e185

SHA256
17fe0f997548014ef622f28191d49c789a9af28725ecf20d4bff678fb9bef3a0

SHA512
f5e48a734fd71b4cb1347e36399bc8105d3b8b96772582a066a042f2bc48e24b47a43f32b3abebb55fdb12fd81f7feb424322982f335990554eb9e8f01f3d029

Download Submit
C:\Windows\system\SEknxvZ.exe

Filesize
6.0MB

MD5
95294552cce6a9f27d62e19cf0bdcf28

SHA1
51f6ff2a1d6a94a87c35d2079dec93b1b0b8f77b

SHA256
a19bdb3cfd14144b5c63e0fcbd8654b49d6e85ec146d2b43f0b38053d83f8e3c

SHA512
75d57285eded4fc028f6c52864334cc2ebff944683809e9fff0012ed06611da77afad508ddff47769ccc3862448e5d7a91f79add2f9bfe4590d95923aa732a05

Download Submit
C:\Windows\system\TJqGWdi.exe

Filesize
6.0MB

MD5
1120f308d672e90bd21b7f807a9a19ca

SHA1
f8812abd4eaef381d3b286c7860fc17aad4ef952

SHA256
ac1cc594f11c07780b75827b9ef619b35276157ef795d9ba595f3c39b05aff21

SHA512
8775b9ffb1a9cfbbc9fde88e396b53cb9f40d1ffac4c4a8832c3c40a2dd57d2c2cb23aec48ba4996514a43c15f8899e8b65059ff58803e186fd66318b0c156dc

Download Submit
C:\Windows\system\aInYhAr.exe

Filesize
6.0MB

MD5
ef1d64fa316d4338abb7c8d4c7978aaa

SHA1
03441d7fc45ae9a89161aa9a7c1229c488ef5898

SHA256
eab504883aff072008d29485fa2533c6581132b2ebbbe2f64f9d45ca41c4bcdd

SHA512
1da252295bec5e19a019d3575d581ef00dc8716e7c8c6c1d43f7338da89da01c0926f2e9b0bcc791299aa433347c9c4bd30929941c6e09cb11d774fdd88f9741

Download Submit
C:\Windows\system\aXPYRmZ.exe

Filesize
6.0MB

MD5
455107a4891ca11a33e74dc627e03130

SHA1
b03cc9c27b1df87f5e2ecad2aa29ac573e8dcde5

SHA256
25ebb8e2e228ff095795f13ed9bc29ab5ffa51bedb47176d602c2f4383973a85

SHA512
28081e59849b854ff5ce3e120bc98d62b6ecc0582d1e37cc2a12d0a676487a952061c8a4e5b2aa7125644547282a4e1709be2414d466cb0ba3caabc9b9602cd9

Download Submit
C:\Windows\system\bRuJQHA.exe

Filesize
6.0MB

MD5
2bd800256ae9a7e83d6c6140892dfa9e

SHA1
05703a21823b6bfa3941dee47759504f2355446c

SHA256
4c7c2e87eba4c19bf4b080b9bb268f9846e4e36157cc8f900cf5f250efdf16a6

SHA512
f6854d765bca87541b73a15a348bd647f6120c75a73eef7229fc449b201dac9fe4fe0be0bd8b315082628e05bf165df7f263360873ed29a2f57d0d61027b94f5

Download Submit
C:\Windows\system\cALbJOO.exe

Filesize
6.0MB

MD5
c2898a6f41568953c03bde80afd06fbb

SHA1
08a4192a51c8ecd2c8a3ff6065bc77ded985b62e

SHA256
26d413428fb4f771b416806bea02811d2b0a4948f4200b8ee4e53583216fdc3a

SHA512
989a011ac28040f74e6dbc8d81775803db1cd8a4ee1474bf57f8b3ce47a9a9e7cc2ea80cdbb924c51c2cfd981c94d03cfa88d5ff5ff581ad524eb792b19900ac

Download Submit
C:\Windows\system\cTFwKlL.exe

Filesize
6.0MB

MD5
a59fb694124649548259f57010569e76

SHA1
6ce2fc7413610c945ca3a920de3fbb7079d896f2

SHA256
79ba3ca9f11c3053ac2f3801435fe35d95dd0ecf07949d06e50f779d16634742

SHA512
484f7da17d2988be1b7f63d737b8fdad8a3ef9648b246f482042dfbf3c778db4c2047964a7e000c42396317fb06e0797b212052292fc55dbd3c0978d3a588303

Download Submit
C:\Windows\system\cpgxXBP.exe

Filesize
6.0MB

MD5
37e6677c632a389da817c1452067b401

SHA1
1c41a78489b71a77684c547b6d90126631e0d85e

SHA256
c561743afd33d20d4ea6fbf8d274bf8b23071e46e49821db742bd06a4da757e1

SHA512
4b531fe1050eb465e3a00b1ad93e895748beb596cbe21d09e5b0be0a053dc14ef7d43904bf83cc878f035dea4db86065bee0486d83812235bb038ef6bf5ec506

Download Submit
C:\Windows\system\cyoxiNg.exe

Filesize
6.0MB

MD5
92c7335bb53b9a4f25ea22ddbfdf51a3

SHA1
a85968b2e194a94eb12921ad6d8f890a6c643ec5

SHA256
502975ad4e46e3a1650c9cf6ffd04745752ce66d9ad2d586145b919cd7f48dcf

SHA512
24c16c95433615e74da424f14e734af2ba0df4d54dad3bfba21ebe429d5374e9b5a7b0c0a4c058349499d2a78e3b81013b78395be16ceb9d21b25e16c028ad59

Download Submit
C:\Windows\system\dSgYMCY.exe

Filesize
6.0MB

MD5
efd4aba7293a4bc1acdd9013956b7399

SHA1
eb57d6b45ba7c41dd08f56c020e7745bbd7e4189

SHA256
6dc9495ef23ea48a8fc29f2044db4d3599c2942259a2e4a438ef5ea00e0a9a86

SHA512
cfd80b7cc6d7894d4081296eb789b8edfadb862556f6140b5393668478a6412ce1fdbcf8bc33b123abad6325f3c2d730125fbca9c7906ebff059399d2d2a7439

Download Submit
C:\Windows\system\eQRhpoB.exe

Filesize
6.0MB

MD5
28db3632573782a04e7284d46a4b7a74

SHA1
ed0071c0dce154d60ee66eae5e61cd658fed3b92

SHA256
6b32efd32d9cfb0963869c2ae79074aadf1993b13918591bd58f4a49dc0541c0

SHA512
d75ba9edf3b43fc6d3cf35799368588e067a4db83801c1101c13f5dc949506eb20e34ea0d7aa22a1cc7ced6f74f61217c10b42cc3bba2581b6ce72f68458c5fb

Download Submit
C:\Windows\system\mNlrqCH.exe

Filesize
6.0MB

MD5
bb2425b76bbc084e8ee4ac6bcd7f992e

SHA1
0915d542f25479ad7b27c6943f4fc562cc97d22e

SHA256
9dab267265e45acdd7c0bbb19411ac1c13c306fb3d5cdc8901f297200408db10

SHA512
a4583a60092cda9e4d3e7f2186f60eade3aed42445b3adcbbcdd74622c080176bd20c35c017703c1edfbc5c7893759ad9ddda99812afe8369758f459dd37e791

Download Submit
C:\Windows\system\orljYJW.exe

Filesize
6.0MB

MD5
4db7ce738a1efc99359f8308c7b1d043

SHA1
a54feceb6df33900322836971d715f6e70e22db1

SHA256
df0f0fc8648f5a86096186f549fd5c0417c73ee27dff7b892f6e43a2b6c1044d

SHA512
bf1fd33681844580573f5bb488e077d2d928610605ceeac3067c4cd5c0c0750aba5ae31901f84732e999b5251b4765b71f1ed1a9bdb45af95747ec969618d197

Download Submit
C:\Windows\system\psKbSLD.exe

Filesize
6.0MB

MD5
ca62b099cc18d9ba3956c917859fbc2b

SHA1
77496cb9572345e1886c1f1dfa80d8195ec430fe

SHA256
ef19642b1a19d20955f505bd5e70aea3885c2fb219e76addc3593eee22ec921d

SHA512
ee1b0dc6af844003d53fffdd1abe0337686a55050c280d001374af6eba948f6fb62457f799d41b4109bba64c256c321f128c14202824032a8cb1ed723cd4093e

Download Submit
C:\Windows\system\sDzITRm.exe

Filesize
6.0MB

MD5
12dee9ac0621838d33f99815b0d36721

SHA1
88e8dd50257ffff8372f1e489df0ef4950de0ffe

SHA256
3e839687c421480bc4e293323eba129eef0b87153f9238cb61855ac23dae16ba

SHA512
7e8f1d0e0b2a24f794c5c3a47ebf36bd579566d6328e1a48f1231f5cc2e4d9b7897f604d591fcea8e208012cebcd663ca374f8c5f5d15007fed10ad143ff8c22

Download Submit
C:\Windows\system\sVbzvNB.exe

Filesize
6.0MB

MD5
24ba7a5e6c287c2966a25a1898320a28

SHA1
e2190b776dd8919a314a2b142a4975732297e4c0

SHA256
ca6a8ee8559deada89748977f1e35313ddfff1d92bb1bd1fdf4e01629ad7e4a0

SHA512
b8666e36b5b16bf07fb75b8898db493cbc4af4dc4dcfb0967f6805bbbdebdf21ca23f438707a35ddb066cb203a2531ec29960567d43e52ac4a0017fa843ccfcb

Download Submit
C:\Windows\system\sdyCKYt.exe

Filesize
6.0MB

MD5
649c68f32184221bb2b034db6121d8fd

SHA1
a2e517c10d3435d88451547fde75518ae7814994

SHA256
920551cb08229ff0324b76c2a7898328b171be1ea8ee0eb8d505ced31be8f9b5

SHA512
067cf7aea1204b5fdcae9e48483760ca562529ad88943862a80690f09650d96f5d52825f09228a58adf71d9453ab71f69ea4c4d065af5e37f2b44305671f38c3

Download Submit
C:\Windows\system\srwoNFb.exe

Filesize
6.0MB

MD5
ef85df4eef81af30bfca5cf7c8063a01

SHA1
12dfefb4fa2ad5abedee524175156acb0b820aad

SHA256
653b4a0e0c076578c137b58f007229c468c578e540030c03a4f6fa1ae697eb87

SHA512
63616e4e54caa0eeb8dc95f181947522570a0baf32701385e78f67e841f9c255c1fa78942838b0da09ade6ed206f3a2b5d764ecb1ad5293de1025631bf1c1cf6

Download Submit
C:\Windows\system\uqdhWLz.exe

Filesize
6.0MB

MD5
66b9f0ee5fff03916c73ff26ef29ccba

SHA1
3a4796bd7bde628595ec8d131d4c4074c8bf3343

SHA256
c35de165c5f4eb95b4a3ce573134b0d2b148eb9dfed1bf32838488a7ed5183e8

SHA512
3fb7149879a8706ff779890438d7ee9f47b2e6ec5fa6c86a5e07bd16431ffbfd81c7c674e8fab0ba3a2fc78e2f1b536d8995a477d8ca19ce9f31cddc5cb691ce

Download Submit
C:\Windows\system\vEhHmFt.exe

Filesize
6.0MB

MD5
696b97e2d7ff8ae227758d93fe92030a

SHA1
1260c7b68b0730e84451cf3ec2bd3e2994f2beff

SHA256
3ef799ef4267b60f4dd0a6dfe968085d1e496e1c33139dc1599649d6faa85f25

SHA512
a4b7832b955a55a9007219a77cfc4e632d421b7f66c44f71c911bd3afbf6c58372c20e5f0529a9396739f281bf767d73fd2972715d69e0a07f6e4fefeb03e08d

Download Submit
\Windows\system\NTFONFx.exe

Filesize
6.0MB

MD5
8ba5d62615d2c68bf098ed4d7c81164a

SHA1
937739c287fb93f72820ba66eb713a7e297329c9

SHA256
d1975c597547f385a89be5a282fe331a6de732d4f514d1874f16d3623c615110

SHA512
bd56992f8d33809251fca7c0ad27eac27ef7fb41f109e67cb053a6cc9250d17ca4c3d1f767944483c1908964770e3f5380aac48caa6c64251486c5dbfe0d26a4

Download Submit
memory/652-650-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/652-4170-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1700-717-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/1952-648-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1952-4167-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2108-860-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2200-548-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-4077-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2256-652-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2424-4166-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2424-671-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-542-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2480-458-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2480-655-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-653-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2480-672-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2480-670-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2480-651-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1788-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1787-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1861-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1862-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1860-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1863-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1864-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1865-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1867-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1866-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1878-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1892-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1922-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1921-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1920-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2480-649-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2480-0-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-668-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2480-647-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2480-666-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-660-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-664-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2480-662-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2752-4219-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2752-663-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2756-654-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2756-4154-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2772-4152-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2772-669-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2784-667-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-4226-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-4136-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2872-665-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2880-4144-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-661-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-659-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-4228-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download