cobaltstrike | 3db0f3d433e5098884c60faf2d88d1e2dfcf3a5b88c4a547875f82bc27aa65e9

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 03:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

522b51528bdda14395cda2d63e66cfd3
SHA1

f04dc83c763b48ce0e19c01861c728854ed9f7b3
SHA256

3db0f3d433e5098884c60faf2d88d1e2dfcf3a5b88c4a547875f82bc27aa65e9
SHA512

d6b1bb1bc6c89276cb1a73a23658901fff1ecc7fd53e429e25234cae8a1868daf2f42b5f065ceaeb33a94b5d2e2e49f8098614115d9212dad5d67c222c4acfd0
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUy:T+q56utgpPF8u/7y

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016115-9.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000162b2-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016a66-45.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d64-67.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6d-82.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a9-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ea-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-183.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018728-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001873d-177.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186fd-167.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-162.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e4-152.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018676-143.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017492-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018683-146.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000171a8-107.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174cc-131.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-128.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016fdf-97.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a7-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017079-104.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d89-89.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d68-72.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d5e-58.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d29-53.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016814-39.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001642d-35.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000165c2-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2536-0-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0008000000016115-9.dat	xmrig
behavioral1/memory/2400-19-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x00080000000162b2-16.dat	xmrig
behavioral1/memory/1144-27-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/files/0x0007000000016a66-45.dat	xmrig
behavioral1/memory/3016-48-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d64-67.dat	xmrig
behavioral1/files/0x0006000000016d6d-82.dat	xmrig
behavioral1/memory/1568-93-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x00060000000173a9-136.dat	xmrig
behavioral1/files/0x00050000000186ea-157.dat	xmrig
behavioral1/files/0x0005000000018784-183.dat	xmrig
behavioral1/memory/1876-619-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/1568-928-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2356-1102-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2536-1462-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x00050000000187a5-192.dat	xmrig
behavioral1/files/0x0005000000018728-172.dat	xmrig
behavioral1/files/0x000500000001878f-187.dat	xmrig
behavioral1/files/0x000500000001873d-177.dat	xmrig
behavioral1/files/0x00050000000186fd-167.dat	xmrig
behavioral1/files/0x00050000000186ee-162.dat	xmrig
behavioral1/files/0x00050000000186e4-152.dat	xmrig
behavioral1/files/0x000d000000018676-143.dat	xmrig
behavioral1/files/0x0006000000017492-141.dat	xmrig
behavioral1/files/0x0005000000018683-146.dat	xmrig
behavioral1/memory/2640-110-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x00060000000171a8-107.dat	xmrig
behavioral1/files/0x00060000000174cc-131.dat	xmrig
behavioral1/files/0x0006000000017488-128.dat	xmrig
behavioral1/memory/2356-99-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x0006000000016fdf-97.dat	xmrig
behavioral1/files/0x00060000000173a7-115.dat	xmrig
behavioral1/memory/2536-114-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x0006000000017079-104.dat	xmrig
behavioral1/memory/2848-91-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d89-89.dat	xmrig
behavioral1/memory/1876-84-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2748-78-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2592-77-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/1832-75-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2640-69-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d68-72.dat	xmrig
behavioral1/memory/2848-55-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2972-63-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2536-62-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2536-61-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d5e-58.dat	xmrig
behavioral1/files/0x0008000000016d29-53.dat	xmrig
behavioral1/memory/2748-40-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/files/0x0007000000016814-39.dat	xmrig
behavioral1/memory/1832-38-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/1852-36-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x000800000001642d-35.dat	xmrig
behavioral1/memory/2536-32-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x00070000000165c2-30.dat	xmrig
behavioral1/memory/1260-23-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2972-4033-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2592-4035-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/3016-4039-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/1852-4038-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/1144-4037-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2400	UOguVbs.exe
1260	DGXxFWc.exe
1144	RRScyeU.exe
1852	xxVUdbH.exe
1832	rgqPSVL.exe
2748	LVvMFKY.exe
3016	cBrehbd.exe
2848	NXMoWAm.exe
2972	UOvccRb.exe
2640	QhxRqdU.exe
2592	cxPSLnM.exe
1876	NFBZunn.exe
1568	ptkJMhB.exe
2356	jdvnPuj.exe
2776	qWWrtXT.exe
2844	hODKADh.exe
1472	wzyFyhA.exe
1956	fOAOgpw.exe
2936	xhpBkbm.exe
2656	FwPVAvG.exe
2120	ACfyXSi.exe
2308	LWmjzmr.exe
2344	pFomeWn.exe
700	jUTysHZ.exe
632	PkKOVVG.exe
2312	vAnHmDu.exe
2964	fEoHIVO.exe
2068	lvnhvcv.exe
236	nSxhVKM.exe
2452	rjmKeqy.exe
3032	ygGREct.exe
1664	OqjSrhC.exe
1952	GwLJboY.exe
1352	COjbycw.exe
2460	sAfWZLp.exe
2424	eoECDRR.exe
692	aWouuPI.exe
1528	ccbsszO.exe
2572	OOthiDG.exe
2196	SmaKojF.exe
2412	pBIUICw.exe
2464	gDTnuEm.exe
2436	nDUGgHg.exe
580	OMzmiHR.exe
3048	liNsUFR.exe
2476	WUrbFzR.exe
2444	BxAxxNd.exe
300	FuJERxO.exe
880	btSMWiJ.exe
3024	zVEppSM.exe
2420	WAtshMC.exe
1560	psLyucO.exe
1720	kFaUOwr.exe
1864	WzzcqBl.exe
1140	fVtLmXn.exe
2092	fRbnIaB.exe
2604	TUKlutN.exe
2736	QVsxfzB.exe
2616	EFEvbGG.exe
2644	gynalPw.exe
2796	epyHkCX.exe
1844	KwecoZl.exe
2840	toHWmBb.exe
2968	hzqjOdr.exe

Loads dropped DLL 64 IoCs

pid	Process
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2536-0-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0008000000016115-9.dat	upx
behavioral1/memory/2400-19-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x00080000000162b2-16.dat	upx
behavioral1/memory/1144-27-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x0007000000016a66-45.dat	upx
behavioral1/memory/3016-48-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/files/0x0006000000016d64-67.dat	upx
behavioral1/files/0x0006000000016d6d-82.dat	upx
behavioral1/memory/1568-93-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x00060000000173a9-136.dat	upx
behavioral1/files/0x00050000000186ea-157.dat	upx
behavioral1/files/0x0005000000018784-183.dat	upx
behavioral1/memory/1876-619-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/1568-928-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2356-1102-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x00050000000187a5-192.dat	upx
behavioral1/files/0x0005000000018728-172.dat	upx
behavioral1/files/0x000500000001878f-187.dat	upx
behavioral1/files/0x000500000001873d-177.dat	upx
behavioral1/files/0x00050000000186fd-167.dat	upx
behavioral1/files/0x00050000000186ee-162.dat	upx
behavioral1/files/0x00050000000186e4-152.dat	upx
behavioral1/files/0x000d000000018676-143.dat	upx
behavioral1/files/0x0006000000017492-141.dat	upx
behavioral1/files/0x0005000000018683-146.dat	upx
behavioral1/memory/2640-110-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x00060000000171a8-107.dat	upx
behavioral1/files/0x00060000000174cc-131.dat	upx
behavioral1/files/0x0006000000017488-128.dat	upx
behavioral1/memory/2356-99-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x0006000000016fdf-97.dat	upx
behavioral1/files/0x00060000000173a7-115.dat	upx
behavioral1/files/0x0006000000017079-104.dat	upx
behavioral1/memory/2848-91-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x0006000000016d89-89.dat	upx
behavioral1/memory/1876-84-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2748-78-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2592-77-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/1832-75-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2640-69-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x0006000000016d68-72.dat	upx
behavioral1/memory/2848-55-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2972-63-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2536-61-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x0007000000016d5e-58.dat	upx
behavioral1/files/0x0008000000016d29-53.dat	upx
behavioral1/memory/2748-40-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x0007000000016814-39.dat	upx
behavioral1/memory/1832-38-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/1852-36-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x000800000001642d-35.dat	upx
behavioral1/files/0x00070000000165c2-30.dat	upx
behavioral1/memory/1260-23-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2972-4033-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2592-4035-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/3016-4039-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/1852-4038-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/1144-4037-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2400-4036-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/1568-4040-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2356-4041-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/1876-4042-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\clDnjQx.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FodIhvs.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dapOCef.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rjmKeqy.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wXyDWMM.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sFumwgJ.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PXNEafA.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CQcBRjM.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTscmyj.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FniDEro.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PGTNOxl.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jThVLWC.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkTRwsr.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XEJgOPs.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XypqZdV.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wWBmEeR.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NPKwDyx.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wwZdqXe.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXtXAOB.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MyucIBu.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OrDCPkv.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zjWMeAB.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FTehtar.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GPwrveV.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JIsXQJd.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\neKOyHi.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\foBAapX.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mjZivdH.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jJmAivA.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDUBFDS.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLiTYjB.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZiGLjG.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjnvLxx.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XdMOJPb.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CryHCnf.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JDjEpRQ.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vYDGuLZ.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xnEqlAk.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjUsiLk.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNpyoOt.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xFRNggl.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFIUaWM.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KymLIbQ.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ehVIqPn.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JscxLVy.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gxkBvHs.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYBHclV.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHFcOze.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EHaOheb.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uNtiyVK.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KdqZCqe.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MBGnexn.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ARjRqae.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fRbnIaB.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MVzatoB.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PcMFKdx.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cwqHpgY.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DuYaIyj.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdjPiEZ.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DcmlvIV.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AaHSvtN.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\apEcHby.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LjXgtfZ.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RheSbqP.exe	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2400	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2536 wrote to memory of 2400	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2536 wrote to memory of 2400	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2536 wrote to memory of 1260	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2536 wrote to memory of 1260	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2536 wrote to memory of 1260	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2536 wrote to memory of 1144	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2536 wrote to memory of 1144	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2536 wrote to memory of 1144	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2536 wrote to memory of 1832	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2536 wrote to memory of 1832	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2536 wrote to memory of 1832	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2536 wrote to memory of 1852	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2536 wrote to memory of 1852	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2536 wrote to memory of 1852	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2536 wrote to memory of 2748	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2536 wrote to memory of 2748	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2536 wrote to memory of 2748	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2536 wrote to memory of 3016	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2536 wrote to memory of 3016	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2536 wrote to memory of 3016	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2536 wrote to memory of 2848	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2536 wrote to memory of 2848	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2536 wrote to memory of 2848	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2536 wrote to memory of 2972	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2536 wrote to memory of 2972	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2536 wrote to memory of 2972	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2536 wrote to memory of 2640	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2536 wrote to memory of 2640	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2536 wrote to memory of 2640	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2536 wrote to memory of 2592	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2536 wrote to memory of 2592	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2536 wrote to memory of 2592	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2536 wrote to memory of 1876	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2536 wrote to memory of 1876	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2536 wrote to memory of 1876	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2536 wrote to memory of 1568	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2536 wrote to memory of 1568	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2536 wrote to memory of 1568	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2536 wrote to memory of 2356	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2536 wrote to memory of 2356	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2536 wrote to memory of 2356	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2536 wrote to memory of 2776	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2536 wrote to memory of 2776	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2536 wrote to memory of 2776	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2536 wrote to memory of 2936	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2536 wrote to memory of 2936	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2536 wrote to memory of 2936	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2536 wrote to memory of 2844	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2536 wrote to memory of 2844	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2536 wrote to memory of 2844	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2536 wrote to memory of 2656	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2536 wrote to memory of 2656	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2536 wrote to memory of 2656	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2536 wrote to memory of 1472	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2536 wrote to memory of 1472	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2536 wrote to memory of 1472	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2536 wrote to memory of 2120	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2536 wrote to memory of 2120	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2536 wrote to memory of 2120	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2536 wrote to memory of 1956	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2536 wrote to memory of 1956	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2536 wrote to memory of 1956	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2536 wrote to memory of 2308	2536	2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-23_522b51528bdda14395cda2d63e66cfd3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Windows\System\UOguVbs.exe
  C:\Windows\System\UOguVbs.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\DGXxFWc.exe
  C:\Windows\System\DGXxFWc.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\RRScyeU.exe
  C:\Windows\System\RRScyeU.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\rgqPSVL.exe
  C:\Windows\System\rgqPSVL.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\xxVUdbH.exe
  C:\Windows\System\xxVUdbH.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\LVvMFKY.exe
  C:\Windows\System\LVvMFKY.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\cBrehbd.exe
  C:\Windows\System\cBrehbd.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\NXMoWAm.exe
  C:\Windows\System\NXMoWAm.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\UOvccRb.exe
  C:\Windows\System\UOvccRb.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\QhxRqdU.exe
  C:\Windows\System\QhxRqdU.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\cxPSLnM.exe
  C:\Windows\System\cxPSLnM.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\NFBZunn.exe
  C:\Windows\System\NFBZunn.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\ptkJMhB.exe
  C:\Windows\System\ptkJMhB.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\jdvnPuj.exe
  C:\Windows\System\jdvnPuj.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\qWWrtXT.exe
  C:\Windows\System\qWWrtXT.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\xhpBkbm.exe
  C:\Windows\System\xhpBkbm.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\hODKADh.exe
  C:\Windows\System\hODKADh.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\FwPVAvG.exe
  C:\Windows\System\FwPVAvG.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\wzyFyhA.exe
  C:\Windows\System\wzyFyhA.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\ACfyXSi.exe
  C:\Windows\System\ACfyXSi.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\fOAOgpw.exe
  C:\Windows\System\fOAOgpw.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\LWmjzmr.exe
  C:\Windows\System\LWmjzmr.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\pFomeWn.exe
  C:\Windows\System\pFomeWn.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\jUTysHZ.exe
  C:\Windows\System\jUTysHZ.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\PkKOVVG.exe
  C:\Windows\System\PkKOVVG.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\vAnHmDu.exe
  C:\Windows\System\vAnHmDu.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\fEoHIVO.exe
  C:\Windows\System\fEoHIVO.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\lvnhvcv.exe
  C:\Windows\System\lvnhvcv.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\nSxhVKM.exe
  C:\Windows\System\nSxhVKM.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\rjmKeqy.exe
  C:\Windows\System\rjmKeqy.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\ygGREct.exe
  C:\Windows\System\ygGREct.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\OqjSrhC.exe
  C:\Windows\System\OqjSrhC.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\GwLJboY.exe
  C:\Windows\System\GwLJboY.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\eoECDRR.exe
  C:\Windows\System\eoECDRR.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\COjbycw.exe
  C:\Windows\System\COjbycw.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\ccbsszO.exe
  C:\Windows\System\ccbsszO.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\sAfWZLp.exe
  C:\Windows\System\sAfWZLp.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\OOthiDG.exe
  C:\Windows\System\OOthiDG.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\aWouuPI.exe
  C:\Windows\System\aWouuPI.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\SmaKojF.exe
  C:\Windows\System\SmaKojF.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\pBIUICw.exe
  C:\Windows\System\pBIUICw.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\gDTnuEm.exe
  C:\Windows\System\gDTnuEm.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\nDUGgHg.exe
  C:\Windows\System\nDUGgHg.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\OMzmiHR.exe
  C:\Windows\System\OMzmiHR.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\liNsUFR.exe
  C:\Windows\System\liNsUFR.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\WUrbFzR.exe
  C:\Windows\System\WUrbFzR.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\BxAxxNd.exe
  C:\Windows\System\BxAxxNd.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\FuJERxO.exe
  C:\Windows\System\FuJERxO.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\btSMWiJ.exe
  C:\Windows\System\btSMWiJ.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\zVEppSM.exe
  C:\Windows\System\zVEppSM.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\WAtshMC.exe
  C:\Windows\System\WAtshMC.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\psLyucO.exe
  C:\Windows\System\psLyucO.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\kFaUOwr.exe
  C:\Windows\System\kFaUOwr.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\WzzcqBl.exe
  C:\Windows\System\WzzcqBl.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\fVtLmXn.exe
  C:\Windows\System\fVtLmXn.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\fRbnIaB.exe
  C:\Windows\System\fRbnIaB.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\TUKlutN.exe
  C:\Windows\System\TUKlutN.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\QVsxfzB.exe
  C:\Windows\System\QVsxfzB.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\EFEvbGG.exe
  C:\Windows\System\EFEvbGG.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\gynalPw.exe
  C:\Windows\System\gynalPw.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\epyHkCX.exe
  C:\Windows\System\epyHkCX.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\KwecoZl.exe
  C:\Windows\System\KwecoZl.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\toHWmBb.exe
  C:\Windows\System\toHWmBb.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\hzqjOdr.exe
  C:\Windows\System\hzqjOdr.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\QEiEczW.exe
  C:\Windows\System\QEiEczW.exe
  2⤵
  PID:1080
- C:\Windows\System\YlPPMVy.exe
  C:\Windows\System\YlPPMVy.exe
  2⤵
  PID:1076
- C:\Windows\System\DlCegYY.exe
  C:\Windows\System\DlCegYY.exe
  2⤵
  PID:1028
- C:\Windows\System\IWbvRgq.exe
  C:\Windows\System\IWbvRgq.exe
  2⤵
  PID:1196
- C:\Windows\System\VbTSpFO.exe
  C:\Windows\System\VbTSpFO.exe
  2⤵
  PID:536
- C:\Windows\System\eYDeCZJ.exe
  C:\Windows\System\eYDeCZJ.exe
  2⤵
  PID:352
- C:\Windows\System\nYYDYds.exe
  C:\Windows\System\nYYDYds.exe
  2⤵
  PID:1240
- C:\Windows\System\EstpqSq.exe
  C:\Windows\System\EstpqSq.exe
  2⤵
  PID:324
- C:\Windows\System\wWOsAFH.exe
  C:\Windows\System\wWOsAFH.exe
  2⤵
  PID:2580
- C:\Windows\System\twcCZXG.exe
  C:\Windows\System\twcCZXG.exe
  2⤵
  PID:2224
- C:\Windows\System\ZvFRfUQ.exe
  C:\Windows\System\ZvFRfUQ.exe
  2⤵
  PID:1868
- C:\Windows\System\fDbplMo.exe
  C:\Windows\System\fDbplMo.exe
  2⤵
  PID:2136
- C:\Windows\System\gtLWeSK.exe
  C:\Windows\System\gtLWeSK.exe
  2⤵
  PID:1680
- C:\Windows\System\LtkfLku.exe
  C:\Windows\System\LtkfLku.exe
  2⤵
  PID:2004
- C:\Windows\System\jJygGLC.exe
  C:\Windows\System\jJygGLC.exe
  2⤵
  PID:344
- C:\Windows\System\tKfIIiv.exe
  C:\Windows\System\tKfIIiv.exe
  2⤵
  PID:348
- C:\Windows\System\bXtXAOB.exe
  C:\Windows\System\bXtXAOB.exe
  2⤵
  PID:1692
- C:\Windows\System\eKNvimR.exe
  C:\Windows\System\eKNvimR.exe
  2⤵
  PID:468
- C:\Windows\System\BkTRwsr.exe
  C:\Windows\System\BkTRwsr.exe
  2⤵
  PID:1032
- C:\Windows\System\lpBAJqN.exe
  C:\Windows\System\lpBAJqN.exe
  2⤵
  PID:1320
- C:\Windows\System\ybDXKKf.exe
  C:\Windows\System\ybDXKKf.exe
  2⤵
  PID:2096
- C:\Windows\System\cbWZXEy.exe
  C:\Windows\System\cbWZXEy.exe
  2⤵
  PID:2328
- C:\Windows\System\DHGMiIZ.exe
  C:\Windows\System\DHGMiIZ.exe
  2⤵
  PID:2888
- C:\Windows\System\nQjcrUN.exe
  C:\Windows\System\nQjcrUN.exe
  2⤵
  PID:2596
- C:\Windows\System\KUrvZmF.exe
  C:\Windows\System\KUrvZmF.exe
  2⤵
  PID:2920
- C:\Windows\System\hrVhMmq.exe
  C:\Windows\System\hrVhMmq.exe
  2⤵
  PID:1176
- C:\Windows\System\mGyrMPE.exe
  C:\Windows\System\mGyrMPE.exe
  2⤵
  PID:1704
- C:\Windows\System\RYiuPpc.exe
  C:\Windows\System\RYiuPpc.exe
  2⤵
  PID:528
- C:\Windows\System\usnyamL.exe
  C:\Windows\System\usnyamL.exe
  2⤵
  PID:1676
- C:\Windows\System\VqsfPxV.exe
  C:\Windows\System\VqsfPxV.exe
  2⤵
  PID:2064
- C:\Windows\System\JujGxEf.exe
  C:\Windows\System\JujGxEf.exe
  2⤵
  PID:1348
- C:\Windows\System\eJmNirn.exe
  C:\Windows\System\eJmNirn.exe
  2⤵
  PID:1764
- C:\Windows\System\TifhZcQ.exe
  C:\Windows\System\TifhZcQ.exe
  2⤵
  PID:3092
- C:\Windows\System\hHPfWZj.exe
  C:\Windows\System\hHPfWZj.exe
  2⤵
  PID:3112
- C:\Windows\System\jPXEvuk.exe
  C:\Windows\System\jPXEvuk.exe
  2⤵
  PID:3136
- C:\Windows\System\qiqeaTo.exe
  C:\Windows\System\qiqeaTo.exe
  2⤵
  PID:3160
- C:\Windows\System\RoSMmsC.exe
  C:\Windows\System\RoSMmsC.exe
  2⤵
  PID:3176
- C:\Windows\System\TAbdpGi.exe
  C:\Windows\System\TAbdpGi.exe
  2⤵
  PID:3200
- C:\Windows\System\QaZaxYE.exe
  C:\Windows\System\QaZaxYE.exe
  2⤵
  PID:3216
- C:\Windows\System\EvTyUNJ.exe
  C:\Windows\System\EvTyUNJ.exe
  2⤵
  PID:3240
- C:\Windows\System\NnEEYUR.exe
  C:\Windows\System\NnEEYUR.exe
  2⤵
  PID:3260
- C:\Windows\System\NArYuxf.exe
  C:\Windows\System\NArYuxf.exe
  2⤵
  PID:3276
- C:\Windows\System\dAbSKrO.exe
  C:\Windows\System\dAbSKrO.exe
  2⤵
  PID:3292
- C:\Windows\System\jrUWBaT.exe
  C:\Windows\System\jrUWBaT.exe
  2⤵
  PID:3312
- C:\Windows\System\yhbTufP.exe
  C:\Windows\System\yhbTufP.exe
  2⤵
  PID:3328
- C:\Windows\System\FlEqRRt.exe
  C:\Windows\System\FlEqRRt.exe
  2⤵
  PID:3348
- C:\Windows\System\AXeUgqb.exe
  C:\Windows\System\AXeUgqb.exe
  2⤵
  PID:3368
- C:\Windows\System\edsNXrF.exe
  C:\Windows\System\edsNXrF.exe
  2⤵
  PID:3384
- C:\Windows\System\qZtToho.exe
  C:\Windows\System\qZtToho.exe
  2⤵
  PID:3412
- C:\Windows\System\HjGuDGT.exe
  C:\Windows\System\HjGuDGT.exe
  2⤵
  PID:3436
- C:\Windows\System\lZJQjdm.exe
  C:\Windows\System\lZJQjdm.exe
  2⤵
  PID:3456
- C:\Windows\System\kCUuywg.exe
  C:\Windows\System\kCUuywg.exe
  2⤵
  PID:3476
- C:\Windows\System\wEnalss.exe
  C:\Windows\System\wEnalss.exe
  2⤵
  PID:3492
- C:\Windows\System\pDtESon.exe
  C:\Windows\System\pDtESon.exe
  2⤵
  PID:3516
- C:\Windows\System\ggTMvMm.exe
  C:\Windows\System\ggTMvMm.exe
  2⤵
  PID:3540
- C:\Windows\System\NxqEnht.exe
  C:\Windows\System\NxqEnht.exe
  2⤵
  PID:3556
- C:\Windows\System\iZiGLjG.exe
  C:\Windows\System\iZiGLjG.exe
  2⤵
  PID:3584
- C:\Windows\System\Lyjfjdr.exe
  C:\Windows\System\Lyjfjdr.exe
  2⤵
  PID:3604
- C:\Windows\System\oiXIBPG.exe
  C:\Windows\System\oiXIBPG.exe
  2⤵
  PID:3620
- C:\Windows\System\MZRbCai.exe
  C:\Windows\System\MZRbCai.exe
  2⤵
  PID:3640
- C:\Windows\System\XkXTMQt.exe
  C:\Windows\System\XkXTMQt.exe
  2⤵
  PID:3656
- C:\Windows\System\whHFxiR.exe
  C:\Windows\System\whHFxiR.exe
  2⤵
  PID:3684
- C:\Windows\System\exSlelY.exe
  C:\Windows\System\exSlelY.exe
  2⤵
  PID:3700
- C:\Windows\System\xcbuuCj.exe
  C:\Windows\System\xcbuuCj.exe
  2⤵
  PID:3724
- C:\Windows\System\jxMxhzp.exe
  C:\Windows\System\jxMxhzp.exe
  2⤵
  PID:3740
- C:\Windows\System\OABqTTw.exe
  C:\Windows\System\OABqTTw.exe
  2⤵
  PID:3760
- C:\Windows\System\qWEyUIs.exe
  C:\Windows\System\qWEyUIs.exe
  2⤵
  PID:3776
- C:\Windows\System\NLkXKvD.exe
  C:\Windows\System\NLkXKvD.exe
  2⤵
  PID:3792
- C:\Windows\System\zGOlkRF.exe
  C:\Windows\System\zGOlkRF.exe
  2⤵
  PID:3808
- C:\Windows\System\ZdjwMZJ.exe
  C:\Windows\System\ZdjwMZJ.exe
  2⤵
  PID:3828
- C:\Windows\System\hFFHcoM.exe
  C:\Windows\System\hFFHcoM.exe
  2⤵
  PID:3852
- C:\Windows\System\oNtAByZ.exe
  C:\Windows\System\oNtAByZ.exe
  2⤵
  PID:3868
- C:\Windows\System\wJKgQet.exe
  C:\Windows\System\wJKgQet.exe
  2⤵
  PID:3884
- C:\Windows\System\fftQXjI.exe
  C:\Windows\System\fftQXjI.exe
  2⤵
  PID:3908
- C:\Windows\System\AeuZWEc.exe
  C:\Windows\System\AeuZWEc.exe
  2⤵
  PID:3924
- C:\Windows\System\LIQxVZY.exe
  C:\Windows\System\LIQxVZY.exe
  2⤵
  PID:3944
- C:\Windows\System\jMxMzmw.exe
  C:\Windows\System\jMxMzmw.exe
  2⤵
  PID:3964
- C:\Windows\System\tTAObwj.exe
  C:\Windows\System\tTAObwj.exe
  2⤵
  PID:3980
- C:\Windows\System\QmXpEYs.exe
  C:\Windows\System\QmXpEYs.exe
  2⤵
  PID:4004
- C:\Windows\System\LLLmEYN.exe
  C:\Windows\System\LLLmEYN.exe
  2⤵
  PID:4020
- C:\Windows\System\cPTohBn.exe
  C:\Windows\System\cPTohBn.exe
  2⤵
  PID:4044
- C:\Windows\System\kgmGTrQ.exe
  C:\Windows\System\kgmGTrQ.exe
  2⤵
  PID:4060
- C:\Windows\System\CWqgiuy.exe
  C:\Windows\System\CWqgiuy.exe
  2⤵
  PID:4080
- C:\Windows\System\NashkeX.exe
  C:\Windows\System\NashkeX.exe
  2⤵
  PID:1284
- C:\Windows\System\PUcVfZi.exe
  C:\Windows\System\PUcVfZi.exe
  2⤵
  PID:1760
- C:\Windows\System\dfqXqrA.exe
  C:\Windows\System\dfqXqrA.exe
  2⤵
  PID:2996
- C:\Windows\System\zAUxvLF.exe
  C:\Windows\System\zAUxvLF.exe
  2⤵
  PID:768
- C:\Windows\System\XsNrhkm.exe
  C:\Windows\System\XsNrhkm.exe
  2⤵
  PID:2928
- C:\Windows\System\JjbYffv.exe
  C:\Windows\System\JjbYffv.exe
  2⤵
  PID:292
- C:\Windows\System\sKCsWrL.exe
  C:\Windows\System\sKCsWrL.exe
  2⤵
  PID:3056
- C:\Windows\System\iRrlsIe.exe
  C:\Windows\System\iRrlsIe.exe
  2⤵
  PID:2352
- C:\Windows\System\ckRLJfj.exe
  C:\Windows\System\ckRLJfj.exe
  2⤵
  PID:2924
- C:\Windows\System\ZbjRKCu.exe
  C:\Windows\System\ZbjRKCu.exe
  2⤵
  PID:2032
- C:\Windows\System\GktkNZy.exe
  C:\Windows\System\GktkNZy.exe
  2⤵
  PID:1836
- C:\Windows\System\bqfLLsP.exe
  C:\Windows\System\bqfLLsP.exe
  2⤵
  PID:1840
- C:\Windows\System\HsIuHkx.exe
  C:\Windows\System\HsIuHkx.exe
  2⤵
  PID:2832
- C:\Windows\System\QqfoQBX.exe
  C:\Windows\System\QqfoQBX.exe
  2⤵
  PID:1136
- C:\Windows\System\WbUEBAZ.exe
  C:\Windows\System\WbUEBAZ.exe
  2⤵
  PID:3104
- C:\Windows\System\tEwnAAw.exe
  C:\Windows\System\tEwnAAw.exe
  2⤵
  PID:3148
- C:\Windows\System\ISonBus.exe
  C:\Windows\System\ISonBus.exe
  2⤵
  PID:1432
- C:\Windows\System\rdbsfsr.exe
  C:\Windows\System\rdbsfsr.exe
  2⤵
  PID:3192
- C:\Windows\System\IotlOnd.exe
  C:\Windows\System\IotlOnd.exe
  2⤵
  PID:3132
- C:\Windows\System\dtSKuxZ.exe
  C:\Windows\System\dtSKuxZ.exe
  2⤵
  PID:3172
- C:\Windows\System\aIecXDA.exe
  C:\Windows\System\aIecXDA.exe
  2⤵
  PID:3268
- C:\Windows\System\lXncRbA.exe
  C:\Windows\System\lXncRbA.exe
  2⤵
  PID:3208
- C:\Windows\System\oSqjadT.exe
  C:\Windows\System\oSqjadT.exe
  2⤵
  PID:3248
- C:\Windows\System\hZhfTLQ.exe
  C:\Windows\System\hZhfTLQ.exe
  2⤵
  PID:3344
- C:\Windows\System\jNummJw.exe
  C:\Windows\System\jNummJw.exe
  2⤵
  PID:3288
- C:\Windows\System\UxQZmEp.exe
  C:\Windows\System\UxQZmEp.exe
  2⤵
  PID:3432
- C:\Windows\System\rgpaGiw.exe
  C:\Windows\System\rgpaGiw.exe
  2⤵
  PID:3404
- C:\Windows\System\qIdDtbQ.exe
  C:\Windows\System\qIdDtbQ.exe
  2⤵
  PID:3444
- C:\Windows\System\AYBHclV.exe
  C:\Windows\System\AYBHclV.exe
  2⤵
  PID:3468
- C:\Windows\System\xYZivRV.exe
  C:\Windows\System\xYZivRV.exe
  2⤵
  PID:3512
- C:\Windows\System\QGWArtr.exe
  C:\Windows\System\QGWArtr.exe
  2⤵
  PID:3552
- C:\Windows\System\ZoyBJkh.exe
  C:\Windows\System\ZoyBJkh.exe
  2⤵
  PID:3532
- C:\Windows\System\VrBdYdF.exe
  C:\Windows\System\VrBdYdF.exe
  2⤵
  PID:3600
- C:\Windows\System\BXpZcSp.exe
  C:\Windows\System\BXpZcSp.exe
  2⤵
  PID:3576
- C:\Windows\System\TuLzXHI.exe
  C:\Windows\System\TuLzXHI.exe
  2⤵
  PID:3632
- C:\Windows\System\cqVhsJf.exe
  C:\Windows\System\cqVhsJf.exe
  2⤵
  PID:1496
- C:\Windows\System\INvOsmS.exe
  C:\Windows\System\INvOsmS.exe
  2⤵
  PID:3800
- C:\Windows\System\YljbyrN.exe
  C:\Windows\System\YljbyrN.exe
  2⤵
  PID:3840
- C:\Windows\System\DMNnKud.exe
  C:\Windows\System\DMNnKud.exe
  2⤵
  PID:2576
- C:\Windows\System\ADJOhrv.exe
  C:\Windows\System\ADJOhrv.exe
  2⤵
  PID:3692
- C:\Windows\System\qOMPQqe.exe
  C:\Windows\System\qOMPQqe.exe
  2⤵
  PID:2304
- C:\Windows\System\tjuYvgY.exe
  C:\Windows\System\tjuYvgY.exe
  2⤵
  PID:3732
- C:\Windows\System\BcRlksX.exe
  C:\Windows\System\BcRlksX.exe
  2⤵
  PID:1508
- C:\Windows\System\mMEsfRP.exe
  C:\Windows\System\mMEsfRP.exe
  2⤵
  PID:3076
- C:\Windows\System\nKlAZqa.exe
  C:\Windows\System\nKlAZqa.exe
  2⤵
  PID:3168
- C:\Windows\System\OFZCbse.exe
  C:\Windows\System\OFZCbse.exe
  2⤵
  PID:3340
- C:\Windows\System\RopWsYG.exe
  C:\Windows\System\RopWsYG.exe
  2⤵
  PID:3916
- C:\Windows\System\uTdDECF.exe
  C:\Windows\System\uTdDECF.exe
  2⤵
  PID:3960
- C:\Windows\System\szwagfi.exe
  C:\Windows\System\szwagfi.exe
  2⤵
  PID:4040
- C:\Windows\System\VSACDQM.exe
  C:\Windows\System\VSACDQM.exe
  2⤵
  PID:4032
- C:\Windows\System\Htftjei.exe
  C:\Windows\System\Htftjei.exe
  2⤵
  PID:3580
- C:\Windows\System\thNrZTH.exe
  C:\Windows\System\thNrZTH.exe
  2⤵
  PID:948
- C:\Windows\System\KnmRckJ.exe
  C:\Windows\System\KnmRckJ.exe
  2⤵
  PID:3252
- C:\Windows\System\zHFcOze.exe
  C:\Windows\System\zHFcOze.exe
  2⤵
  PID:3360
- C:\Windows\System\mPFPrKf.exe
  C:\Windows\System\mPFPrKf.exe
  2⤵
  PID:3524
- C:\Windows\System\UBBnZjo.exe
  C:\Windows\System\UBBnZjo.exe
  2⤵
  PID:3668
- C:\Windows\System\iPehaLx.exe
  C:\Windows\System\iPehaLx.exe
  2⤵
  PID:576
- C:\Windows\System\QdwkTgi.exe
  C:\Windows\System\QdwkTgi.exe
  2⤵
  PID:3816
- C:\Windows\System\PgBZJMP.exe
  C:\Windows\System\PgBZJMP.exe
  2⤵
  PID:3892
- C:\Windows\System\TOwhTSz.exe
  C:\Windows\System\TOwhTSz.exe
  2⤵
  PID:3932
- C:\Windows\System\JRugLJC.exe
  C:\Windows\System\JRugLJC.exe
  2⤵
  PID:4012
- C:\Windows\System\YBVRfBr.exe
  C:\Windows\System\YBVRfBr.exe
  2⤵
  PID:4092
- C:\Windows\System\AHZzEDf.exe
  C:\Windows\System\AHZzEDf.exe
  2⤵
  PID:1948
- C:\Windows\System\FZfAbSu.exe
  C:\Windows\System\FZfAbSu.exe
  2⤵
  PID:1652
- C:\Windows\System\AHPaYon.exe
  C:\Windows\System\AHPaYon.exe
  2⤵
  PID:604
- C:\Windows\System\ciEJnHt.exe
  C:\Windows\System\ciEJnHt.exe
  2⤵
  PID:2784
- C:\Windows\System\lNOwhbc.exe
  C:\Windows\System\lNOwhbc.exe
  2⤵
  PID:2524
- C:\Windows\System\jnyiCGH.exe
  C:\Windows\System\jnyiCGH.exe
  2⤵
  PID:1884
- C:\Windows\System\gJqwOOX.exe
  C:\Windows\System\gJqwOOX.exe
  2⤵
  PID:3108
- C:\Windows\System\DkAEqYf.exe
  C:\Windows\System\DkAEqYf.exe
  2⤵
  PID:672
- C:\Windows\System\MitVXmn.exe
  C:\Windows\System\MitVXmn.exe
  2⤵
  PID:3772
- C:\Windows\System\XUhAeXw.exe
  C:\Windows\System\XUhAeXw.exe
  2⤵
  PID:3400
- C:\Windows\System\GzIfrtE.exe
  C:\Windows\System\GzIfrtE.exe
  2⤵
  PID:4000
- C:\Windows\System\WXxFxAx.exe
  C:\Windows\System\WXxFxAx.exe
  2⤵
  PID:3592
- C:\Windows\System\HxrMglt.exe
  C:\Windows\System\HxrMglt.exe
  2⤵
  PID:3196
- C:\Windows\System\FYALWpN.exe
  C:\Windows\System\FYALWpN.exe
  2⤵
  PID:3452
- C:\Windows\System\ZIPokHW.exe
  C:\Windows\System\ZIPokHW.exe
  2⤵
  PID:832
- C:\Windows\System\olrntiP.exe
  C:\Windows\System\olrntiP.exe
  2⤵
  PID:3860
- C:\Windows\System\UTscmyj.exe
  C:\Windows\System\UTscmyj.exe
  2⤵
  PID:1756
- C:\Windows\System\clDnjQx.exe
  C:\Windows\System\clDnjQx.exe
  2⤵
  PID:3088
- C:\Windows\System\xtLwxbu.exe
  C:\Windows\System\xtLwxbu.exe
  2⤵
  PID:4100
- C:\Windows\System\enyxjqA.exe
  C:\Windows\System\enyxjqA.exe
  2⤵
  PID:4120
- C:\Windows\System\TDbtLsJ.exe
  C:\Windows\System\TDbtLsJ.exe
  2⤵
  PID:4136
- C:\Windows\System\yefeLqB.exe
  C:\Windows\System\yefeLqB.exe
  2⤵
  PID:4152
- C:\Windows\System\KymLIbQ.exe
  C:\Windows\System\KymLIbQ.exe
  2⤵
  PID:4176
- C:\Windows\System\PmbfzXm.exe
  C:\Windows\System\PmbfzXm.exe
  2⤵
  PID:4212
- C:\Windows\System\wgiAwrH.exe
  C:\Windows\System\wgiAwrH.exe
  2⤵
  PID:4244
- C:\Windows\System\FSBqbxv.exe
  C:\Windows\System\FSBqbxv.exe
  2⤵
  PID:4268
- C:\Windows\System\iRABMOf.exe
  C:\Windows\System\iRABMOf.exe
  2⤵
  PID:4284
- C:\Windows\System\LqeoKzP.exe
  C:\Windows\System\LqeoKzP.exe
  2⤵
  PID:4308
- C:\Windows\System\guxRgRY.exe
  C:\Windows\System\guxRgRY.exe
  2⤵
  PID:4336
- C:\Windows\System\bzfFONi.exe
  C:\Windows\System\bzfFONi.exe
  2⤵
  PID:4400
- C:\Windows\System\vcYGxRM.exe
  C:\Windows\System\vcYGxRM.exe
  2⤵
  PID:4420
- C:\Windows\System\meZdUKo.exe
  C:\Windows\System\meZdUKo.exe
  2⤵
  PID:4440
- C:\Windows\System\GhTggaS.exe
  C:\Windows\System\GhTggaS.exe
  2⤵
  PID:4456
- C:\Windows\System\WGCIJJh.exe
  C:\Windows\System\WGCIJJh.exe
  2⤵
  PID:4476
- C:\Windows\System\WKiUayo.exe
  C:\Windows\System\WKiUayo.exe
  2⤵
  PID:4496
- C:\Windows\System\PPVSSvb.exe
  C:\Windows\System\PPVSSvb.exe
  2⤵
  PID:4512
- C:\Windows\System\dcBSIbT.exe
  C:\Windows\System\dcBSIbT.exe
  2⤵
  PID:4532
- C:\Windows\System\PHbGLzi.exe
  C:\Windows\System\PHbGLzi.exe
  2⤵
  PID:4552
- C:\Windows\System\kPWxdZT.exe
  C:\Windows\System\kPWxdZT.exe
  2⤵
  PID:4568
- C:\Windows\System\pUfvNGC.exe
  C:\Windows\System\pUfvNGC.exe
  2⤵
  PID:4588
- C:\Windows\System\EatZUJg.exe
  C:\Windows\System\EatZUJg.exe
  2⤵
  PID:4608
- C:\Windows\System\yFoapun.exe
  C:\Windows\System\yFoapun.exe
  2⤵
  PID:4628
- C:\Windows\System\QXkTnjF.exe
  C:\Windows\System\QXkTnjF.exe
  2⤵
  PID:4644
- C:\Windows\System\djPEqTv.exe
  C:\Windows\System\djPEqTv.exe
  2⤵
  PID:4668
- C:\Windows\System\JizVvjL.exe
  C:\Windows\System\JizVvjL.exe
  2⤵
  PID:4684
- C:\Windows\System\YCfWIet.exe
  C:\Windows\System\YCfWIet.exe
  2⤵
  PID:4708
- C:\Windows\System\JIyrrJO.exe
  C:\Windows\System\JIyrrJO.exe
  2⤵
  PID:4728
- C:\Windows\System\HLrGuKy.exe
  C:\Windows\System\HLrGuKy.exe
  2⤵
  PID:4744
- C:\Windows\System\CQcBRjM.exe
  C:\Windows\System\CQcBRjM.exe
  2⤵
  PID:4760
- C:\Windows\System\AiDjzcJ.exe
  C:\Windows\System\AiDjzcJ.exe
  2⤵
  PID:4776
- C:\Windows\System\WtRNHEU.exe
  C:\Windows\System\WtRNHEU.exe
  2⤵
  PID:4792
- C:\Windows\System\sucokqH.exe
  C:\Windows\System\sucokqH.exe
  2⤵
  PID:4808
- C:\Windows\System\MQDvHTm.exe
  C:\Windows\System\MQDvHTm.exe
  2⤵
  PID:4824
- C:\Windows\System\JbXqvDo.exe
  C:\Windows\System\JbXqvDo.exe
  2⤵
  PID:4840
- C:\Windows\System\oKCXJOl.exe
  C:\Windows\System\oKCXJOl.exe
  2⤵
  PID:4856
- C:\Windows\System\VDlHVtQ.exe
  C:\Windows\System\VDlHVtQ.exe
  2⤵
  PID:4876
- C:\Windows\System\mYiojwx.exe
  C:\Windows\System\mYiojwx.exe
  2⤵
  PID:4892
- C:\Windows\System\ZBCLnQs.exe
  C:\Windows\System\ZBCLnQs.exe
  2⤵
  PID:4908
- C:\Windows\System\RQVYEtB.exe
  C:\Windows\System\RQVYEtB.exe
  2⤵
  PID:4928
- C:\Windows\System\WuGCGVM.exe
  C:\Windows\System\WuGCGVM.exe
  2⤵
  PID:4952
- C:\Windows\System\ffyoMwh.exe
  C:\Windows\System\ffyoMwh.exe
  2⤵
  PID:5020
- C:\Windows\System\SAIqvUx.exe
  C:\Windows\System\SAIqvUx.exe
  2⤵
  PID:5036
- C:\Windows\System\xLKNVks.exe
  C:\Windows\System\xLKNVks.exe
  2⤵
  PID:5052
- C:\Windows\System\LSviquh.exe
  C:\Windows\System\LSviquh.exe
  2⤵
  PID:5068
- C:\Windows\System\dbCifeS.exe
  C:\Windows\System\dbCifeS.exe
  2⤵
  PID:5088
- C:\Windows\System\xYSJzVq.exe
  C:\Windows\System\xYSJzVq.exe
  2⤵
  PID:5112
- C:\Windows\System\iuafSBF.exe
  C:\Windows\System\iuafSBF.exe
  2⤵
  PID:3996
- C:\Windows\System\bAWTrzl.exe
  C:\Windows\System\bAWTrzl.exe
  2⤵
  PID:3972
- C:\Windows\System\nKCdRoC.exe
  C:\Windows\System\nKCdRoC.exe
  2⤵
  PID:4168
- C:\Windows\System\iiEOdSL.exe
  C:\Windows\System\iiEOdSL.exe
  2⤵
  PID:4228
- C:\Windows\System\LrkaGPY.exe
  C:\Windows\System\LrkaGPY.exe
  2⤵
  PID:3572
- C:\Windows\System\swJYSqd.exe
  C:\Windows\System\swJYSqd.exe
  2⤵
  PID:4240
- C:\Windows\System\mfOsqBQ.exe
  C:\Windows\System\mfOsqBQ.exe
  2⤵
  PID:3900
- C:\Windows\System\pQBlPpn.exe
  C:\Windows\System\pQBlPpn.exe
  2⤵
  PID:4280
- C:\Windows\System\ANPPfIY.exe
  C:\Windows\System\ANPPfIY.exe
  2⤵
  PID:4320
- C:\Windows\System\NnJsHQU.exe
  C:\Windows\System\NnJsHQU.exe
  2⤵
  PID:4112
- C:\Windows\System\Wotkdmu.exe
  C:\Windows\System\Wotkdmu.exe
  2⤵
  PID:4256
- C:\Windows\System\VuRTyya.exe
  C:\Windows\System\VuRTyya.exe
  2⤵
  PID:3848
- C:\Windows\System\kZlwQJE.exe
  C:\Windows\System\kZlwQJE.exe
  2⤵
  PID:4260
- C:\Windows\System\XWrxqUy.exe
  C:\Windows\System\XWrxqUy.exe
  2⤵
  PID:4148
- C:\Windows\System\bPlRKGR.exe
  C:\Windows\System\bPlRKGR.exe
  2⤵
  PID:2208
- C:\Windows\System\AINFyyO.exe
  C:\Windows\System\AINFyyO.exe
  2⤵
  PID:3188
- C:\Windows\System\teGtrYm.exe
  C:\Windows\System\teGtrYm.exe
  2⤵
  PID:2504
- C:\Windows\System\KyrtCLF.exe
  C:\Windows\System\KyrtCLF.exe
  2⤵
  PID:4448
- C:\Windows\System\iNJHeNs.exe
  C:\Windows\System\iNJHeNs.exe
  2⤵
  PID:4492
- C:\Windows\System\ZKkVqUD.exe
  C:\Windows\System\ZKkVqUD.exe
  2⤵
  PID:4524
- C:\Windows\System\rRRwVFo.exe
  C:\Windows\System\rRRwVFo.exe
  2⤵
  PID:4344
- C:\Windows\System\RTHuLLt.exe
  C:\Windows\System\RTHuLLt.exe
  2⤵
  PID:4616
- C:\Windows\System\tboKZsY.exe
  C:\Windows\System\tboKZsY.exe
  2⤵
  PID:4468
- C:\Windows\System\SQPqPCB.exe
  C:\Windows\System\SQPqPCB.exe
  2⤵
  PID:4636
- C:\Windows\System\IgTobWw.exe
  C:\Windows\System\IgTobWw.exe
  2⤵
  PID:4716
- C:\Windows\System\EzDkFZp.exe
  C:\Windows\System\EzDkFZp.exe
  2⤵
  PID:4380
- C:\Windows\System\cLioInL.exe
  C:\Windows\System\cLioInL.exe
  2⤵
  PID:4392
- C:\Windows\System\rZOzFgv.exe
  C:\Windows\System\rZOzFgv.exe
  2⤵
  PID:4756
- C:\Windows\System\DFOgAXM.exe
  C:\Windows\System\DFOgAXM.exe
  2⤵
  PID:4820
- C:\Windows\System\vWNjWbJ.exe
  C:\Windows\System\vWNjWbJ.exe
  2⤵
  PID:4544
- C:\Windows\System\NBLxvyJ.exe
  C:\Windows\System\NBLxvyJ.exe
  2⤵
  PID:4580
- C:\Windows\System\oCIMANs.exe
  C:\Windows\System\oCIMANs.exe
  2⤵
  PID:4888
- C:\Windows\System\SFnrWJx.exe
  C:\Windows\System\SFnrWJx.exe
  2⤵
  PID:4960
- C:\Windows\System\zMgRinU.exe
  C:\Windows\System\zMgRinU.exe
  2⤵
  PID:4976
- C:\Windows\System\RQAxvwN.exe
  C:\Windows\System\RQAxvwN.exe
  2⤵
  PID:4992
- C:\Windows\System\mjZivdH.exe
  C:\Windows\System\mjZivdH.exe
  2⤵
  PID:4836
- C:\Windows\System\tFjndrI.exe
  C:\Windows\System\tFjndrI.exe
  2⤵
  PID:4804
- C:\Windows\System\KFojGHZ.exe
  C:\Windows\System\KFojGHZ.exe
  2⤵
  PID:4740
- C:\Windows\System\mVPZFyX.exe
  C:\Windows\System\mVPZFyX.exe
  2⤵
  PID:5076
- C:\Windows\System\YbWooEf.exe
  C:\Windows\System\YbWooEf.exe
  2⤵
  PID:3768
- C:\Windows\System\hZDjfcR.exe
  C:\Windows\System\hZDjfcR.exe
  2⤵
  PID:5108
- C:\Windows\System\FjKhXJm.exe
  C:\Windows\System\FjKhXJm.exe
  2⤵
  PID:5028
- C:\Windows\System\AexcQiu.exe
  C:\Windows\System\AexcQiu.exe
  2⤵
  PID:2772
- C:\Windows\System\OrOcrck.exe
  C:\Windows\System\OrOcrck.exe
  2⤵
  PID:3464
- C:\Windows\System\pXZkBql.exe
  C:\Windows\System\pXZkBql.exe
  2⤵
  PID:3568
- C:\Windows\System\wXyDWMM.exe
  C:\Windows\System\wXyDWMM.exe
  2⤵
  PID:4200
- C:\Windows\System\jpIAptD.exe
  C:\Windows\System\jpIAptD.exe
  2⤵
  PID:2724
- C:\Windows\System\DAgHqsO.exe
  C:\Windows\System\DAgHqsO.exe
  2⤵
  PID:2664
- C:\Windows\System\oaSDPuX.exe
  C:\Windows\System\oaSDPuX.exe
  2⤵
  PID:4116
- C:\Windows\System\NXnwdSX.exe
  C:\Windows\System\NXnwdSX.exe
  2⤵
  PID:3396
- C:\Windows\System\oljXUxL.exe
  C:\Windows\System\oljXUxL.exe
  2⤵
  PID:4596
- C:\Windows\System\tAEpDHH.exe
  C:\Windows\System\tAEpDHH.exe
  2⤵
  PID:4292
- C:\Windows\System\DNICyVp.exe
  C:\Windows\System\DNICyVp.exe
  2⤵
  PID:4276
- C:\Windows\System\aKJmJcN.exe
  C:\Windows\System\aKJmJcN.exe
  2⤵
  PID:4652
- C:\Windows\System\XdKHeYg.exe
  C:\Windows\System\XdKHeYg.exe
  2⤵
  PID:4600
- C:\Windows\System\TJpAYkV.exe
  C:\Windows\System\TJpAYkV.exe
  2⤵
  PID:4680
- C:\Windows\System\fFnuUFr.exe
  C:\Windows\System\fFnuUFr.exe
  2⤵
  PID:4576
- C:\Windows\System\ljNWlcy.exe
  C:\Windows\System\ljNWlcy.exe
  2⤵
  PID:4988
- C:\Windows\System\DenjcWk.exe
  C:\Windows\System\DenjcWk.exe
  2⤵
  PID:2404
- C:\Windows\System\AyBNEPV.exe
  C:\Windows\System\AyBNEPV.exe
  2⤵
  PID:3308
- C:\Windows\System\eqMXOKa.exe
  C:\Windows\System\eqMXOKa.exe
  2⤵
  PID:4720
- C:\Windows\System\WNdiTMt.exe
  C:\Windows\System\WNdiTMt.exe
  2⤵
  PID:4900
- C:\Windows\System\irFCKDC.exe
  C:\Windows\System\irFCKDC.exe
  2⤵
  PID:4656
- C:\Windows\System\NkPwCbp.exe
  C:\Windows\System\NkPwCbp.exe
  2⤵
  PID:4852
- C:\Windows\System\ofFIQsR.exe
  C:\Windows\System\ofFIQsR.exe
  2⤵
  PID:4944
- C:\Windows\System\fjVCtOg.exe
  C:\Windows\System\fjVCtOg.exe
  2⤵
  PID:5000
- C:\Windows\System\hKWeHVf.exe
  C:\Windows\System\hKWeHVf.exe
  2⤵
  PID:5096
- C:\Windows\System\neKOyHi.exe
  C:\Windows\System\neKOyHi.exe
  2⤵
  PID:4160
- C:\Windows\System\nlIWZWd.exe
  C:\Windows\System\nlIWZWd.exe
  2⤵
  PID:3836
- C:\Windows\System\MyucIBu.exe
  C:\Windows\System\MyucIBu.exe
  2⤵
  PID:5080
- C:\Windows\System\RlNYhlQ.exe
  C:\Windows\System\RlNYhlQ.exe
  2⤵
  PID:2672
- C:\Windows\System\chwwUKN.exe
  C:\Windows\System\chwwUKN.exe
  2⤵
  PID:2700
- C:\Windows\System\EJyDYHd.exe
  C:\Windows\System\EJyDYHd.exe
  2⤵
  PID:4204
- C:\Windows\System\oYzTgzX.exe
  C:\Windows\System\oYzTgzX.exe
  2⤵
  PID:4300
- C:\Windows\System\ZiDjibC.exe
  C:\Windows\System\ZiDjibC.exe
  2⤵
  PID:2768
- C:\Windows\System\thOHkkE.exe
  C:\Windows\System\thOHkkE.exe
  2⤵
  PID:4328
- C:\Windows\System\YuRpfJO.exe
  C:\Windows\System\YuRpfJO.exe
  2⤵
  PID:4816
- C:\Windows\System\BuDXlXf.exe
  C:\Windows\System\BuDXlXf.exe
  2⤵
  PID:4416
- C:\Windows\System\DRVgyds.exe
  C:\Windows\System\DRVgyds.exe
  2⤵
  PID:4520
- C:\Windows\System\FzQlDQy.exe
  C:\Windows\System\FzQlDQy.exe
  2⤵
  PID:4924
- C:\Windows\System\IKhlClR.exe
  C:\Windows\System\IKhlClR.exe
  2⤵
  PID:2884
- C:\Windows\System\vRjRBfT.exe
  C:\Windows\System\vRjRBfT.exe
  2⤵
  PID:4356
- C:\Windows\System\TiMKOnV.exe
  C:\Windows\System\TiMKOnV.exe
  2⤵
  PID:4904
- C:\Windows\System\ggRIyfb.exe
  C:\Windows\System\ggRIyfb.exe
  2⤵
  PID:4368
- C:\Windows\System\hRaWGCo.exe
  C:\Windows\System\hRaWGCo.exe
  2⤵
  PID:5104
- C:\Windows\System\OEnBDEv.exe
  C:\Windows\System\OEnBDEv.exe
  2⤵
  PID:5132
- C:\Windows\System\PPRduEZ.exe
  C:\Windows\System\PPRduEZ.exe
  2⤵
  PID:5168
- C:\Windows\System\JDjEpRQ.exe
  C:\Windows\System\JDjEpRQ.exe
  2⤵
  PID:5184
- C:\Windows\System\NWBHnML.exe
  C:\Windows\System\NWBHnML.exe
  2⤵
  PID:5200
- C:\Windows\System\RheSbqP.exe
  C:\Windows\System\RheSbqP.exe
  2⤵
  PID:5216
- C:\Windows\System\kDcOZrw.exe
  C:\Windows\System\kDcOZrw.exe
  2⤵
  PID:5232
- C:\Windows\System\PGltkHW.exe
  C:\Windows\System\PGltkHW.exe
  2⤵
  PID:5248
- C:\Windows\System\kytnXoA.exe
  C:\Windows\System\kytnXoA.exe
  2⤵
  PID:5264
- C:\Windows\System\rVhdpEB.exe
  C:\Windows\System\rVhdpEB.exe
  2⤵
  PID:5280
- C:\Windows\System\pBGQpJJ.exe
  C:\Windows\System\pBGQpJJ.exe
  2⤵
  PID:5296
- C:\Windows\System\AqcOvIw.exe
  C:\Windows\System\AqcOvIw.exe
  2⤵
  PID:5312
- C:\Windows\System\gxkBvHs.exe
  C:\Windows\System\gxkBvHs.exe
  2⤵
  PID:5328
- C:\Windows\System\DFtZrpp.exe
  C:\Windows\System\DFtZrpp.exe
  2⤵
  PID:5344
- C:\Windows\System\IAakDWk.exe
  C:\Windows\System\IAakDWk.exe
  2⤵
  PID:5360
- C:\Windows\System\rVXaZoH.exe
  C:\Windows\System\rVXaZoH.exe
  2⤵
  PID:5400
- C:\Windows\System\LQzlIMh.exe
  C:\Windows\System\LQzlIMh.exe
  2⤵
  PID:5416
- C:\Windows\System\hhNXUYj.exe
  C:\Windows\System\hhNXUYj.exe
  2⤵
  PID:5432
- C:\Windows\System\tFXiCKh.exe
  C:\Windows\System\tFXiCKh.exe
  2⤵
  PID:5448
- C:\Windows\System\oqxAeks.exe
  C:\Windows\System\oqxAeks.exe
  2⤵
  PID:5464
- C:\Windows\System\VHGbgZc.exe
  C:\Windows\System\VHGbgZc.exe
  2⤵
  PID:5480
- C:\Windows\System\LMXbYai.exe
  C:\Windows\System\LMXbYai.exe
  2⤵
  PID:5496
- C:\Windows\System\yRjkmOC.exe
  C:\Windows\System\yRjkmOC.exe
  2⤵
  PID:5512
- C:\Windows\System\LqdZvmt.exe
  C:\Windows\System\LqdZvmt.exe
  2⤵
  PID:5528
- C:\Windows\System\dmSCZGR.exe
  C:\Windows\System\dmSCZGR.exe
  2⤵
  PID:5544
- C:\Windows\System\vzoirjL.exe
  C:\Windows\System\vzoirjL.exe
  2⤵
  PID:5560
- C:\Windows\System\WjTyott.exe
  C:\Windows\System\WjTyott.exe
  2⤵
  PID:5576
- C:\Windows\System\iLuGHCz.exe
  C:\Windows\System\iLuGHCz.exe
  2⤵
  PID:5592
- C:\Windows\System\txnBgsR.exe
  C:\Windows\System\txnBgsR.exe
  2⤵
  PID:5608
- C:\Windows\System\HoXdBJO.exe
  C:\Windows\System\HoXdBJO.exe
  2⤵
  PID:5624
- C:\Windows\System\Tkzkigr.exe
  C:\Windows\System\Tkzkigr.exe
  2⤵
  PID:5640
- C:\Windows\System\TEVIPIE.exe
  C:\Windows\System\TEVIPIE.exe
  2⤵
  PID:5656
- C:\Windows\System\UBQgdQZ.exe
  C:\Windows\System\UBQgdQZ.exe
  2⤵
  PID:5672
- C:\Windows\System\XEJgOPs.exe
  C:\Windows\System\XEJgOPs.exe
  2⤵
  PID:5696
- C:\Windows\System\yvvAZfL.exe
  C:\Windows\System\yvvAZfL.exe
  2⤵
  PID:5740
- C:\Windows\System\aGWbTbJ.exe
  C:\Windows\System\aGWbTbJ.exe
  2⤵
  PID:5772
- C:\Windows\System\jUFhQwP.exe
  C:\Windows\System\jUFhQwP.exe
  2⤵
  PID:5796
- C:\Windows\System\xhjziSk.exe
  C:\Windows\System\xhjziSk.exe
  2⤵
  PID:5836
- C:\Windows\System\CSslxkK.exe
  C:\Windows\System\CSslxkK.exe
  2⤵
  PID:5852
- C:\Windows\System\MJeJeHv.exe
  C:\Windows\System\MJeJeHv.exe
  2⤵
  PID:5868
- C:\Windows\System\oeRTTvL.exe
  C:\Windows\System\oeRTTvL.exe
  2⤵
  PID:5884
- C:\Windows\System\TcrxYqQ.exe
  C:\Windows\System\TcrxYqQ.exe
  2⤵
  PID:5900
- C:\Windows\System\ZUikoTd.exe
  C:\Windows\System\ZUikoTd.exe
  2⤵
  PID:5916
- C:\Windows\System\PIqhwjt.exe
  C:\Windows\System\PIqhwjt.exe
  2⤵
  PID:5932
- C:\Windows\System\UPwwTLn.exe
  C:\Windows\System\UPwwTLn.exe
  2⤵
  PID:5952
- C:\Windows\System\UOjnXgw.exe
  C:\Windows\System\UOjnXgw.exe
  2⤵
  PID:6004
- C:\Windows\System\KZPOJXV.exe
  C:\Windows\System\KZPOJXV.exe
  2⤵
  PID:6036
- C:\Windows\System\IiAGsYq.exe
  C:\Windows\System\IiAGsYq.exe
  2⤵
  PID:6068
- C:\Windows\System\AAXQAhy.exe
  C:\Windows\System\AAXQAhy.exe
  2⤵
  PID:6088
- C:\Windows\System\nDPnGYo.exe
  C:\Windows\System\nDPnGYo.exe
  2⤵
  PID:6108
- C:\Windows\System\kvyavxV.exe
  C:\Windows\System\kvyavxV.exe
  2⤵
  PID:6128
- C:\Windows\System\JutIIFs.exe
  C:\Windows\System\JutIIFs.exe
  2⤵
  PID:3500
- C:\Windows\System\AvumNHx.exe
  C:\Windows\System\AvumNHx.exe
  2⤵
  PID:4304
- C:\Windows\System\EhHJoZa.exe
  C:\Windows\System\EhHJoZa.exe
  2⤵
  PID:4188
- C:\Windows\System\aitSJtr.exe
  C:\Windows\System\aitSJtr.exe
  2⤵
  PID:1768
- C:\Windows\System\vYDGuLZ.exe
  C:\Windows\System\vYDGuLZ.exe
  2⤵
  PID:5192
- C:\Windows\System\NcbJVFc.exe
  C:\Windows\System\NcbJVFc.exe
  2⤵
  PID:5260
- C:\Windows\System\upnFFiG.exe
  C:\Windows\System\upnFFiG.exe
  2⤵
  PID:5324
- C:\Windows\System\gnPQEva.exe
  C:\Windows\System\gnPQEva.exe
  2⤵
  PID:4376
- C:\Windows\System\vqyWgYL.exe
  C:\Windows\System\vqyWgYL.exe
  2⤵
  PID:4436
- C:\Windows\System\SBpBpIa.exe
  C:\Windows\System\SBpBpIa.exe
  2⤵
  PID:4540
- C:\Windows\System\BMQISdQ.exe
  C:\Windows\System\BMQISdQ.exe
  2⤵
  PID:2860
- C:\Windows\System\EROAqCE.exe
  C:\Windows\System\EROAqCE.exe
  2⤵
  PID:5060
- C:\Windows\System\OdvOfXt.exe
  C:\Windows\System\OdvOfXt.exe
  2⤵
  PID:1644
- C:\Windows\System\IddOpWs.exe
  C:\Windows\System\IddOpWs.exe
  2⤵
  PID:2800
- C:\Windows\System\qSrrZev.exe
  C:\Windows\System\qSrrZev.exe
  2⤵
  PID:3596
- C:\Windows\System\yHYCSyS.exe
  C:\Windows\System\yHYCSyS.exe
  2⤵
  PID:2704
- C:\Windows\System\tHlQfbG.exe
  C:\Windows\System\tHlQfbG.exe
  2⤵
  PID:5272
- C:\Windows\System\JSPRoGs.exe
  C:\Windows\System\JSPRoGs.exe
  2⤵
  PID:5336
- C:\Windows\System\sAaGIdy.exe
  C:\Windows\System\sAaGIdy.exe
  2⤵
  PID:5376
- C:\Windows\System\ehVIqPn.exe
  C:\Windows\System\ehVIqPn.exe
  2⤵
  PID:5392
- C:\Windows\System\JFUeFHz.exe
  C:\Windows\System\JFUeFHz.exe
  2⤵
  PID:5456
- C:\Windows\System\PcvrZUs.exe
  C:\Windows\System\PcvrZUs.exe
  2⤵
  PID:5504
- C:\Windows\System\KSuPdXe.exe
  C:\Windows\System\KSuPdXe.exe
  2⤵
  PID:5568
- C:\Windows\System\LGKNumI.exe
  C:\Windows\System\LGKNumI.exe
  2⤵
  PID:5604
- C:\Windows\System\UXvKMqo.exe
  C:\Windows\System\UXvKMqo.exe
  2⤵
  PID:5668
- C:\Windows\System\ORZLhzZ.exe
  C:\Windows\System\ORZLhzZ.exe
  2⤵
  PID:5716
- C:\Windows\System\RPQTKaz.exe
  C:\Windows\System\RPQTKaz.exe
  2⤵
  PID:5732
- C:\Windows\System\jdkCwcZ.exe
  C:\Windows\System\jdkCwcZ.exe
  2⤵
  PID:5488
- C:\Windows\System\wNxJnEY.exe
  C:\Windows\System\wNxJnEY.exe
  2⤵
  PID:5588
- C:\Windows\System\XnZmuMm.exe
  C:\Windows\System\XnZmuMm.exe
  2⤵
  PID:5768
- C:\Windows\System\UTuSvme.exe
  C:\Windows\System\UTuSvme.exe
  2⤵
  PID:5788
- C:\Windows\System\uuBkVxs.exe
  C:\Windows\System\uuBkVxs.exe
  2⤵
  PID:5804
- C:\Windows\System\Jlzpget.exe
  C:\Windows\System\Jlzpget.exe
  2⤵
  PID:5824
- C:\Windows\System\MjGmvoU.exe
  C:\Windows\System\MjGmvoU.exe
  2⤵
  PID:5896
- C:\Windows\System\CyXIcll.exe
  C:\Windows\System\CyXIcll.exe
  2⤵
  PID:5844
- C:\Windows\System\XTpmRmI.exe
  C:\Windows\System\XTpmRmI.exe
  2⤵
  PID:5912
- C:\Windows\System\ksIulpV.exe
  C:\Windows\System\ksIulpV.exe
  2⤵
  PID:6016
- C:\Windows\System\XypqZdV.exe
  C:\Windows\System\XypqZdV.exe
  2⤵
  PID:6032
- C:\Windows\System\edyeJvF.exe
  C:\Windows\System\edyeJvF.exe
  2⤵
  PID:6116
- C:\Windows\System\SpsZCUw.exe
  C:\Windows\System\SpsZCUw.exe
  2⤵
  PID:1304
- C:\Windows\System\bnDSnLc.exe
  C:\Windows\System\bnDSnLc.exe
  2⤵
  PID:4936
- C:\Windows\System\AflPCGE.exe
  C:\Windows\System\AflPCGE.exe
  2⤵
  PID:5140
- C:\Windows\System\OmJokLG.exe
  C:\Windows\System\OmJokLG.exe
  2⤵
  PID:5152
- C:\Windows\System\irkoiPR.exe
  C:\Windows\System\irkoiPR.exe
  2⤵
  PID:6052
- C:\Windows\System\EHaOheb.exe
  C:\Windows\System\EHaOheb.exe
  2⤵
  PID:6096
- C:\Windows\System\GZeesZR.exe
  C:\Windows\System\GZeesZR.exe
  2⤵
  PID:1900
- C:\Windows\System\CclCUnF.exe
  C:\Windows\System\CclCUnF.exe
  2⤵
  PID:5356
- C:\Windows\System\Cibuupu.exe
  C:\Windows\System\Cibuupu.exe
  2⤵
  PID:3612
- C:\Windows\System\mQBPrgW.exe
  C:\Windows\System\mQBPrgW.exe
  2⤵
  PID:5968
- C:\Windows\System\biQnipp.exe
  C:\Windows\System\biQnipp.exe
  2⤵
  PID:5984
- C:\Windows\System\yIHJrDP.exe
  C:\Windows\System\yIHJrDP.exe
  2⤵
  PID:6000
- C:\Windows\System\EmZroqC.exe
  C:\Windows\System\EmZroqC.exe
  2⤵
  PID:4396
- C:\Windows\System\RMnkOvf.exe
  C:\Windows\System\RMnkOvf.exe
  2⤵
  PID:6140
- C:\Windows\System\HaEgGud.exe
  C:\Windows\System\HaEgGud.exe
  2⤵
  PID:5712
- C:\Windows\System\kwNxvYY.exe
  C:\Windows\System\kwNxvYY.exe
  2⤵
  PID:5208
- C:\Windows\System\pxBbZCl.exe
  C:\Windows\System\pxBbZCl.exe
  2⤵
  PID:5536
- C:\Windows\System\zJnwVmJ.exe
  C:\Windows\System\zJnwVmJ.exe
  2⤵
  PID:5728
- C:\Windows\System\oenLETn.exe
  C:\Windows\System\oenLETn.exe
  2⤵
  PID:5724
- C:\Windows\System\OrDCPkv.exe
  C:\Windows\System\OrDCPkv.exe
  2⤵
  PID:4772
- C:\Windows\System\HKjeRNZ.exe
  C:\Windows\System\HKjeRNZ.exe
  2⤵
  PID:5552
- C:\Windows\System\ZQDFGmh.exe
  C:\Windows\System\ZQDFGmh.exe
  2⤵
  PID:5880
- C:\Windows\System\JMwXpRH.exe
  C:\Windows\System\JMwXpRH.exe
  2⤵
  PID:6124
- C:\Windows\System\xnEqlAk.exe
  C:\Windows\System\xnEqlAk.exe
  2⤵
  PID:2916
- C:\Windows\System\pWBxgnq.exe
  C:\Windows\System\pWBxgnq.exe
  2⤵
  PID:4704
- C:\Windows\System\ygkSnbK.exe
  C:\Windows\System\ygkSnbK.exe
  2⤵
  PID:5196
- C:\Windows\System\KhNlAXu.exe
  C:\Windows\System\KhNlAXu.exe
  2⤵
  PID:5976
- C:\Windows\System\CvGsXNG.exe
  C:\Windows\System\CvGsXNG.exe
  2⤵
  PID:5320
- C:\Windows\System\npXtQom.exe
  C:\Windows\System\npXtQom.exe
  2⤵
  PID:4196
- C:\Windows\System\lhAxKir.exe
  C:\Windows\System\lhAxKir.exe
  2⤵
  PID:5048
- C:\Windows\System\fOwFKKW.exe
  C:\Windows\System\fOwFKKW.exe
  2⤵
  PID:5304
- C:\Windows\System\POweCCj.exe
  C:\Windows\System\POweCCj.exe
  2⤵
  PID:5692
- C:\Windows\System\CNbOCnJ.exe
  C:\Windows\System\CNbOCnJ.exe
  2⤵
  PID:5760
- C:\Windows\System\uWGloGI.exe
  C:\Windows\System\uWGloGI.exe
  2⤵
  PID:5308
- C:\Windows\System\UjUsiLk.exe
  C:\Windows\System\UjUsiLk.exe
  2⤵
  PID:5816
- C:\Windows\System\YZPsTem.exe
  C:\Windows\System\YZPsTem.exe
  2⤵
  PID:5960
- C:\Windows\System\wWBmEeR.exe
  C:\Windows\System\wWBmEeR.exe
  2⤵
  PID:2124
- C:\Windows\System\TRsEZbh.exe
  C:\Windows\System\TRsEZbh.exe
  2⤵
  PID:6080
- C:\Windows\System\ICjQLcx.exe
  C:\Windows\System\ICjQLcx.exe
  2⤵
  PID:5016
- C:\Windows\System\VULFEkB.exe
  C:\Windows\System\VULFEkB.exe
  2⤵
  PID:1736
- C:\Windows\System\KAFhRPr.exe
  C:\Windows\System\KAFhRPr.exe
  2⤵
  PID:5996
- C:\Windows\System\ivOpPzd.exe
  C:\Windows\System\ivOpPzd.exe
  2⤵
  PID:5372
- C:\Windows\System\BZWGWtj.exe
  C:\Windows\System\BZWGWtj.exe
  2⤵
  PID:5176
- C:\Windows\System\APOkgDI.exe
  C:\Windows\System\APOkgDI.exe
  2⤵
  PID:5424
- C:\Windows\System\EWadVUU.exe
  C:\Windows\System\EWadVUU.exe
  2⤵
  PID:4768
- C:\Windows\System\PnUXfzL.exe
  C:\Windows\System\PnUXfzL.exe
  2⤵
  PID:5832
- C:\Windows\System\nzjhqDM.exe
  C:\Windows\System\nzjhqDM.exe
  2⤵
  PID:5688
- C:\Windows\System\MGiISOy.exe
  C:\Windows\System\MGiISOy.exe
  2⤵
  PID:1712
- C:\Windows\System\RoEXvGY.exe
  C:\Windows\System\RoEXvGY.exe
  2⤵
  PID:5556
- C:\Windows\System\uwTrJGo.exe
  C:\Windows\System\uwTrJGo.exe
  2⤵
  PID:2824
- C:\Windows\System\YnSYYfY.exe
  C:\Windows\System\YnSYYfY.exe
  2⤵
  PID:2988
- C:\Windows\System\fNpyoOt.exe
  C:\Windows\System\fNpyoOt.exe
  2⤵
  PID:5812
- C:\Windows\System\xifgzSZ.exe
  C:\Windows\System\xifgzSZ.exe
  2⤵
  PID:2408
- C:\Windows\System\npoomsA.exe
  C:\Windows\System\npoomsA.exe
  2⤵
  PID:5144
- C:\Windows\System\XrQQLuw.exe
  C:\Windows\System\XrQQLuw.exe
  2⤵
  PID:5180
- C:\Windows\System\GIgpLAz.exe
  C:\Windows\System\GIgpLAz.exe
  2⤵
  PID:6028
- C:\Windows\System\TnmNUHX.exe
  C:\Windows\System\TnmNUHX.exe
  2⤵
  PID:5876
- C:\Windows\System\jOnDYDp.exe
  C:\Windows\System\jOnDYDp.exe
  2⤵
  PID:1800
- C:\Windows\System\mdZEKLz.exe
  C:\Windows\System\mdZEKLz.exe
  2⤵
  PID:2252
- C:\Windows\System\yQcRjmI.exe
  C:\Windows\System\yQcRjmI.exe
  2⤵
  PID:1484
- C:\Windows\System\zEsxlLR.exe
  C:\Windows\System\zEsxlLR.exe
  2⤵
  PID:2000
- C:\Windows\System\DsPLHVz.exe
  C:\Windows\System\DsPLHVz.exe
  2⤵
  PID:6060
- C:\Windows\System\WfPbAyd.exe
  C:\Windows\System\WfPbAyd.exe
  2⤵
  PID:2732
- C:\Windows\System\UeJFtbV.exe
  C:\Windows\System\UeJFtbV.exe
  2⤵
  PID:5684
- C:\Windows\System\bAvqgpf.exe
  C:\Windows\System\bAvqgpf.exe
  2⤵
  PID:5648
- C:\Windows\System\tMuXDHR.exe
  C:\Windows\System\tMuXDHR.exe
  2⤵
  PID:5708
- C:\Windows\System\TAqdFZu.exe
  C:\Windows\System\TAqdFZu.exe
  2⤵
  PID:5164
- C:\Windows\System\JBSFqzq.exe
  C:\Windows\System\JBSFqzq.exe
  2⤵
  PID:6012
- C:\Windows\System\rcVjaHJ.exe
  C:\Windows\System\rcVjaHJ.exe
  2⤵
  PID:868
- C:\Windows\System\xsccURw.exe
  C:\Windows\System\xsccURw.exe
  2⤵
  PID:2852
- C:\Windows\System\MaDvCBO.exe
  C:\Windows\System\MaDvCBO.exe
  2⤵
  PID:5368
- C:\Windows\System\ZDtwLQI.exe
  C:\Windows\System\ZDtwLQI.exe
  2⤵
  PID:1872
- C:\Windows\System\qxlxKRd.exe
  C:\Windows\System\qxlxKRd.exe
  2⤵
  PID:3864
- C:\Windows\System\PCTeJEr.exe
  C:\Windows\System\PCTeJEr.exe
  2⤵
  PID:5680
- C:\Windows\System\KGykJiG.exe
  C:\Windows\System\KGykJiG.exe
  2⤵
  PID:5008
- C:\Windows\System\wcpFfWN.exe
  C:\Windows\System\wcpFfWN.exe
  2⤵
  PID:2836
- C:\Windows\System\ZUvMfhc.exe
  C:\Windows\System\ZUvMfhc.exe
  2⤵
  PID:6048
- C:\Windows\System\MtdSuDq.exe
  C:\Windows\System\MtdSuDq.exe
  2⤵
  PID:2432
- C:\Windows\System\brozZPo.exe
  C:\Windows\System\brozZPo.exe
  2⤵
  PID:2100
- C:\Windows\System\bcAsHwH.exe
  C:\Windows\System\bcAsHwH.exe
  2⤵
  PID:5756
- C:\Windows\System\LjXgtfZ.exe
  C:\Windows\System\LjXgtfZ.exe
  2⤵
  PID:6044
- C:\Windows\System\zXfAZjB.exe
  C:\Windows\System\zXfAZjB.exe
  2⤵
  PID:2740
- C:\Windows\System\GDHGGTx.exe
  C:\Windows\System\GDHGGTx.exe
  2⤵
  PID:1824
- C:\Windows\System\VjdKzLX.exe
  C:\Windows\System\VjdKzLX.exe
  2⤵
  PID:3976
- C:\Windows\System\utEqisU.exe
  C:\Windows\System\utEqisU.exe
  2⤵
  PID:2324
- C:\Windows\System\gghcKhO.exe
  C:\Windows\System\gghcKhO.exe
  2⤵
  PID:6160
- C:\Windows\System\xgLMadk.exe
  C:\Windows\System\xgLMadk.exe
  2⤵
  PID:6180
- C:\Windows\System\KudFuxv.exe
  C:\Windows\System\KudFuxv.exe
  2⤵
  PID:6196
- C:\Windows\System\vRbCcwv.exe
  C:\Windows\System\vRbCcwv.exe
  2⤵
  PID:6224
- C:\Windows\System\huVtdPh.exe
  C:\Windows\System\huVtdPh.exe
  2⤵
  PID:6248
- C:\Windows\System\INpvNJi.exe
  C:\Windows\System\INpvNJi.exe
  2⤵
  PID:6268
- C:\Windows\System\MyvYWAJ.exe
  C:\Windows\System\MyvYWAJ.exe
  2⤵
  PID:6284
- C:\Windows\System\nzuTxbE.exe
  C:\Windows\System\nzuTxbE.exe
  2⤵
  PID:6300
- C:\Windows\System\itNgriM.exe
  C:\Windows\System\itNgriM.exe
  2⤵
  PID:6320
- C:\Windows\System\jJmAivA.exe
  C:\Windows\System\jJmAivA.exe
  2⤵
  PID:6348
- C:\Windows\System\mSgrwme.exe
  C:\Windows\System\mSgrwme.exe
  2⤵
  PID:6372
- C:\Windows\System\uAlNrWg.exe
  C:\Windows\System\uAlNrWg.exe
  2⤵
  PID:6392
- C:\Windows\System\vHEVnPV.exe
  C:\Windows\System\vHEVnPV.exe
  2⤵
  PID:6428
- C:\Windows\System\QnHcMqh.exe
  C:\Windows\System\QnHcMqh.exe
  2⤵
  PID:6444
- C:\Windows\System\FStxSas.exe
  C:\Windows\System\FStxSas.exe
  2⤵
  PID:6460
- C:\Windows\System\DfPEMWI.exe
  C:\Windows\System\DfPEMWI.exe
  2⤵
  PID:6476
- C:\Windows\System\nXCmQUL.exe
  C:\Windows\System\nXCmQUL.exe
  2⤵
  PID:6496
- C:\Windows\System\SzajppV.exe
  C:\Windows\System\SzajppV.exe
  2⤵
  PID:6512
- C:\Windows\System\XgUXPnR.exe
  C:\Windows\System\XgUXPnR.exe
  2⤵
  PID:6532
- C:\Windows\System\rNQirCs.exe
  C:\Windows\System\rNQirCs.exe
  2⤵
  PID:6548
- C:\Windows\System\nXYwTHg.exe
  C:\Windows\System\nXYwTHg.exe
  2⤵
  PID:6564
- C:\Windows\System\kvFsVEx.exe
  C:\Windows\System\kvFsVEx.exe
  2⤵
  PID:6580
- C:\Windows\System\YjDbXcn.exe
  C:\Windows\System\YjDbXcn.exe
  2⤵
  PID:6600
- C:\Windows\System\oRXiVVv.exe
  C:\Windows\System\oRXiVVv.exe
  2⤵
  PID:6616
- C:\Windows\System\TzfrjcY.exe
  C:\Windows\System\TzfrjcY.exe
  2⤵
  PID:6632
- C:\Windows\System\TWhNKYQ.exe
  C:\Windows\System\TWhNKYQ.exe
  2⤵
  PID:6648
- C:\Windows\System\JJvAENz.exe
  C:\Windows\System\JJvAENz.exe
  2⤵
  PID:6672
- C:\Windows\System\VWtzvxs.exe
  C:\Windows\System\VWtzvxs.exe
  2⤵
  PID:6692
- C:\Windows\System\dGOGdlY.exe
  C:\Windows\System\dGOGdlY.exe
  2⤵
  PID:6708
- C:\Windows\System\QTQpoMi.exe
  C:\Windows\System\QTQpoMi.exe
  2⤵
  PID:6732
- C:\Windows\System\bQYXhIj.exe
  C:\Windows\System\bQYXhIj.exe
  2⤵
  PID:6776
- C:\Windows\System\SwOlyGv.exe
  C:\Windows\System\SwOlyGv.exe
  2⤵
  PID:6792
- C:\Windows\System\mXTjDla.exe
  C:\Windows\System\mXTjDla.exe
  2⤵
  PID:6824
- C:\Windows\System\NPKwDyx.exe
  C:\Windows\System\NPKwDyx.exe
  2⤵
  PID:6840
- C:\Windows\System\DANbsbn.exe
  C:\Windows\System\DANbsbn.exe
  2⤵
  PID:6856
- C:\Windows\System\SkcaqjO.exe
  C:\Windows\System\SkcaqjO.exe
  2⤵
  PID:6872
- C:\Windows\System\buRkIzG.exe
  C:\Windows\System\buRkIzG.exe
  2⤵
  PID:6888
- C:\Windows\System\EnRTHqs.exe
  C:\Windows\System\EnRTHqs.exe
  2⤵
  PID:6904
- C:\Windows\System\HjAVVvU.exe
  C:\Windows\System\HjAVVvU.exe
  2⤵
  PID:6920
- C:\Windows\System\Xvebzxg.exe
  C:\Windows\System\Xvebzxg.exe
  2⤵
  PID:6940
- C:\Windows\System\qrngWdb.exe
  C:\Windows\System\qrngWdb.exe
  2⤵
  PID:6956
- C:\Windows\System\OZCfqWi.exe
  C:\Windows\System\OZCfqWi.exe
  2⤵
  PID:6972
- C:\Windows\System\RNnvGIQ.exe
  C:\Windows\System\RNnvGIQ.exe
  2⤵
  PID:6992
- C:\Windows\System\hPAwIit.exe
  C:\Windows\System\hPAwIit.exe
  2⤵
  PID:7012
- C:\Windows\System\QpPvOeC.exe
  C:\Windows\System\QpPvOeC.exe
  2⤵
  PID:7032
- C:\Windows\System\pXomWti.exe
  C:\Windows\System\pXomWti.exe
  2⤵
  PID:7052
- C:\Windows\System\LcZUbKR.exe
  C:\Windows\System\LcZUbKR.exe
  2⤵
  PID:7072
- C:\Windows\System\YTxXUfo.exe
  C:\Windows\System\YTxXUfo.exe
  2⤵
  PID:7092
- C:\Windows\System\wzCuzsz.exe
  C:\Windows\System\wzCuzsz.exe
  2⤵
  PID:7108
- C:\Windows\System\kIhFrDi.exe
  C:\Windows\System\kIhFrDi.exe
  2⤵
  PID:7128
- C:\Windows\System\WEadQRl.exe
  C:\Windows\System\WEadQRl.exe
  2⤵
  PID:7148
- C:\Windows\System\MZxPukg.exe
  C:\Windows\System\MZxPukg.exe
  2⤵
  PID:7164
- C:\Windows\System\qhylafM.exe
  C:\Windows\System\qhylafM.exe
  2⤵
  PID:876
- C:\Windows\System\hRRBhcg.exe
  C:\Windows\System\hRRBhcg.exe
  2⤵
  PID:6156
- C:\Windows\System\cwqHpgY.exe
  C:\Windows\System\cwqHpgY.exe
  2⤵
  PID:6232
- C:\Windows\System\dpUBcFV.exe
  C:\Windows\System\dpUBcFV.exe
  2⤵
  PID:6292
- C:\Windows\System\GhSJwJe.exe
  C:\Windows\System\GhSJwJe.exe
  2⤵
  PID:6240
- C:\Windows\System\MAvsusC.exe
  C:\Windows\System\MAvsusC.exe
  2⤵
  PID:6308
- C:\Windows\System\CCPGLXb.exe
  C:\Windows\System\CCPGLXb.exe
  2⤵
  PID:6328
- C:\Windows\System\lCqncXd.exe
  C:\Windows\System\lCqncXd.exe
  2⤵
  PID:6344
- C:\Windows\System\spgJlDS.exe
  C:\Windows\System\spgJlDS.exe
  2⤵
  PID:6412
- C:\Windows\System\MzCtswG.exe
  C:\Windows\System\MzCtswG.exe
  2⤵
  PID:6416
- C:\Windows\System\tZBkGZb.exe
  C:\Windows\System\tZBkGZb.exe
  2⤵
  PID:6452
- C:\Windows\System\wLRNofR.exe
  C:\Windows\System\wLRNofR.exe
  2⤵
  PID:6492
- C:\Windows\System\qYoWnEV.exe
  C:\Windows\System\qYoWnEV.exe
  2⤵
  PID:6472
- C:\Windows\System\JZcDqLW.exe
  C:\Windows\System\JZcDqLW.exe
  2⤵
  PID:6528
- C:\Windows\System\nvjnouc.exe
  C:\Windows\System\nvjnouc.exe
  2⤵
  PID:6592
- C:\Windows\System\ndiZQDd.exe
  C:\Windows\System\ndiZQDd.exe
  2⤵
  PID:6508
- C:\Windows\System\FGYTKXg.exe
  C:\Windows\System\FGYTKXg.exe
  2⤵
  PID:6572
- C:\Windows\System\Rjpaibc.exe
  C:\Windows\System\Rjpaibc.exe
  2⤵
  PID:6640
- C:\Windows\System\URxXMSp.exe
  C:\Windows\System\URxXMSp.exe
  2⤵
  PID:6720
- C:\Windows\System\qvwtTrc.exe
  C:\Windows\System\qvwtTrc.exe
  2⤵
  PID:6784
- C:\Windows\System\aHveBCX.exe
  C:\Windows\System\aHveBCX.exe
  2⤵
  PID:6664
- C:\Windows\System\rVPAGOS.exe
  C:\Windows\System\rVPAGOS.exe
  2⤵
  PID:6748
- C:\Windows\System\JxBHrzr.exe
  C:\Windows\System\JxBHrzr.exe
  2⤵
  PID:6788
- C:\Windows\System\ucZijUD.exe
  C:\Windows\System\ucZijUD.exe
  2⤵
  PID:6816
- C:\Windows\System\RFcbabv.exe
  C:\Windows\System\RFcbabv.exe
  2⤵
  PID:6880
- C:\Windows\System\EpnenKY.exe
  C:\Windows\System\EpnenKY.exe
  2⤵
  PID:6952
- C:\Windows\System\yLdpZwe.exe
  C:\Windows\System\yLdpZwe.exe
  2⤵
  PID:7028
- C:\Windows\System\ViWJALF.exe
  C:\Windows\System\ViWJALF.exe
  2⤵
  PID:2128
- C:\Windows\System\GwrTxpw.exe
  C:\Windows\System\GwrTxpw.exe
  2⤵
  PID:5780
- C:\Windows\System\AZMspVC.exe
  C:\Windows\System\AZMspVC.exe
  2⤵
  PID:3664
- C:\Windows\System\wHkkgSc.exe
  C:\Windows\System\wHkkgSc.exe
  2⤵
  PID:2912
- C:\Windows\System\qLZEwdF.exe
  C:\Windows\System\qLZEwdF.exe
  2⤵
  PID:6192
- C:\Windows\System\TBFlCYH.exe
  C:\Windows\System\TBFlCYH.exe
  2⤵
  PID:7120
- C:\Windows\System\hfUdGYY.exe
  C:\Windows\System\hfUdGYY.exe
  2⤵
  PID:7156
- C:\Windows\System\SbGvyDF.exe
  C:\Windows\System\SbGvyDF.exe
  2⤵
  PID:6364
- C:\Windows\System\sbVzyog.exe
  C:\Windows\System\sbVzyog.exe
  2⤵
  PID:6836
- C:\Windows\System\zGufTCr.exe
  C:\Windows\System\zGufTCr.exe
  2⤵
  PID:6936
- C:\Windows\System\pGFDBIN.exe
  C:\Windows\System\pGFDBIN.exe
  2⤵
  PID:7004
- C:\Windows\System\yWHxMuf.exe
  C:\Windows\System\yWHxMuf.exe
  2⤵
  PID:7088
- C:\Windows\System\CNvlhSU.exe
  C:\Windows\System\CNvlhSU.exe
  2⤵
  PID:6264
- C:\Windows\System\NtaeYaJ.exe
  C:\Windows\System\NtaeYaJ.exe
  2⤵
  PID:6388
- C:\Windows\System\jTFeGtp.exe
  C:\Windows\System\jTFeGtp.exe
  2⤵
  PID:624
- C:\Windows\System\gkBuahJ.exe
  C:\Windows\System\gkBuahJ.exe
  2⤵
  PID:6680
- C:\Windows\System\CuRqzNb.exe
  C:\Windows\System\CuRqzNb.exe
  2⤵
  PID:6756
- C:\Windows\System\EDNxguO.exe
  C:\Windows\System\EDNxguO.exe
  2⤵
  PID:6852
- C:\Windows\System\QIGJfKH.exe
  C:\Windows\System\QIGJfKH.exe
  2⤵
  PID:7104
- C:\Windows\System\PSOtSPJ.exe
  C:\Windows\System\PSOtSPJ.exe
  2⤵
  PID:5244
- C:\Windows\System\KXVyfCK.exe
  C:\Windows\System\KXVyfCK.exe
  2⤵
  PID:6808
- C:\Windows\System\PgVuCuP.exe
  C:\Windows\System\PgVuCuP.exe
  2⤵
  PID:6208
- C:\Windows\System\kmpMJCn.exe
  C:\Windows\System\kmpMJCn.exe
  2⤵
  PID:2600
- C:\Windows\System\aHuymuA.exe
  C:\Windows\System\aHuymuA.exe
  2⤵
  PID:6948
- C:\Windows\System\pwpNRnB.exe
  C:\Windows\System\pwpNRnB.exe
  2⤵
  PID:6524
- C:\Windows\System\DVKUHih.exe
  C:\Windows\System\DVKUHih.exe
  2⤵
  PID:6932
- C:\Windows\System\baUPnAq.exe
  C:\Windows\System\baUPnAq.exe
  2⤵
  PID:7068
- C:\Windows\System\dfKyjVs.exe
  C:\Windows\System\dfKyjVs.exe
  2⤵
  PID:956
- C:\Windows\System\MTbEYAw.exe
  C:\Windows\System\MTbEYAw.exe
  2⤵
  PID:6336
- C:\Windows\System\kvjAjPr.exe
  C:\Windows\System\kvjAjPr.exe
  2⤵
  PID:6468
- C:\Windows\System\PVJOEqE.exe
  C:\Windows\System\PVJOEqE.exe
  2⤵
  PID:6176
- C:\Windows\System\lYpEMYd.exe
  C:\Windows\System\lYpEMYd.exe
  2⤵
  PID:6384
- C:\Windows\System\cJuWTcI.exe
  C:\Windows\System\cJuWTcI.exe
  2⤵
  PID:6764
- C:\Windows\System\vVDbknx.exe
  C:\Windows\System\vVDbknx.exe
  2⤵
  PID:7140
- C:\Windows\System\ZeytHYH.exe
  C:\Windows\System\ZeytHYH.exe
  2⤵
  PID:2496
- C:\Windows\System\fAiKtiE.exe
  C:\Windows\System\fAiKtiE.exe
  2⤵
  PID:6688
- C:\Windows\System\bFruxlf.exe
  C:\Windows\System\bFruxlf.exe
  2⤵
  PID:6988
- C:\Windows\System\GpcbjMx.exe
  C:\Windows\System\GpcbjMx.exe
  2⤵
  PID:6204
- C:\Windows\System\OOkOSKZ.exe
  C:\Windows\System\OOkOSKZ.exe
  2⤵
  PID:6728
- C:\Windows\System\gVgzLBH.exe
  C:\Windows\System\gVgzLBH.exe
  2⤵
  PID:7064
- C:\Windows\System\VgapFdj.exe
  C:\Windows\System\VgapFdj.exe
  2⤵
  PID:6912
- C:\Windows\System\Xzwjvjt.exe
  C:\Windows\System\Xzwjvjt.exe
  2⤵
  PID:1208
- C:\Windows\System\jCRuPfQ.exe
  C:\Windows\System\jCRuPfQ.exe
  2⤵
  PID:6540
- C:\Windows\System\EWNgJUy.exe
  C:\Windows\System\EWNgJUy.exe
  2⤵
  PID:6316
- C:\Windows\System\kBkAGhN.exe
  C:\Windows\System\kBkAGhN.exe
  2⤵
  PID:6832
- C:\Windows\System\bwwVjei.exe
  C:\Windows\System\bwwVjei.exe
  2⤵
  PID:1916
- C:\Windows\System\tCKQkCc.exe
  C:\Windows\System\tCKQkCc.exe
  2⤵
  PID:7024
- C:\Windows\System\jTIQwpr.exe
  C:\Windows\System\jTIQwpr.exe
  2⤵
  PID:2676
- C:\Windows\System\SIxMLEY.exe
  C:\Windows\System\SIxMLEY.exe
  2⤵
  PID:6544
- C:\Windows\System\EuzoygG.exe
  C:\Windows\System\EuzoygG.exe
  2⤵
  PID:1404
- C:\Windows\System\CaLnJvY.exe
  C:\Windows\System\CaLnJvY.exe
  2⤵
  PID:6484
- C:\Windows\System\qGkxrob.exe
  C:\Windows\System\qGkxrob.exe
  2⤵
  PID:6312
- C:\Windows\System\bdYBexC.exe
  C:\Windows\System\bdYBexC.exe
  2⤵
  PID:6260
- C:\Windows\System\aBFtqQD.exe
  C:\Windows\System\aBFtqQD.exe
  2⤵
  PID:6216
- C:\Windows\System\dgFrgBY.exe
  C:\Windows\System\dgFrgBY.exe
  2⤵
  PID:6608
- C:\Windows\System\pROfgCB.exe
  C:\Windows\System\pROfgCB.exe
  2⤵
  PID:7180
- C:\Windows\System\ESnKuAm.exe
  C:\Windows\System\ESnKuAm.exe
  2⤵
  PID:7204
- C:\Windows\System\FcksgoY.exe
  C:\Windows\System\FcksgoY.exe
  2⤵
  PID:7252
- C:\Windows\System\xFRNggl.exe
  C:\Windows\System\xFRNggl.exe
  2⤵
  PID:7272
- C:\Windows\System\byeLjdm.exe
  C:\Windows\System\byeLjdm.exe
  2⤵
  PID:7288
- C:\Windows\System\MdLFCoe.exe
  C:\Windows\System\MdLFCoe.exe
  2⤵
  PID:7308
- C:\Windows\System\oXmnzZA.exe
  C:\Windows\System\oXmnzZA.exe
  2⤵
  PID:7328
- C:\Windows\System\WbfNznd.exe
  C:\Windows\System\WbfNznd.exe
  2⤵
  PID:7344
- C:\Windows\System\pSXpvhc.exe
  C:\Windows\System\pSXpvhc.exe
  2⤵
  PID:7368
- C:\Windows\System\DLdVJkY.exe
  C:\Windows\System\DLdVJkY.exe
  2⤵
  PID:7384
- C:\Windows\System\oABsSzf.exe
  C:\Windows\System\oABsSzf.exe
  2⤵
  PID:7404
- C:\Windows\System\UMDvZbu.exe
  C:\Windows\System\UMDvZbu.exe
  2⤵
  PID:7424
- C:\Windows\System\MARNTmU.exe
  C:\Windows\System\MARNTmU.exe
  2⤵
  PID:7448
- C:\Windows\System\dGYwcpG.exe
  C:\Windows\System\dGYwcpG.exe
  2⤵
  PID:7476
- C:\Windows\System\HiEDcxC.exe
  C:\Windows\System\HiEDcxC.exe
  2⤵
  PID:7496
- C:\Windows\System\yezZElu.exe
  C:\Windows\System\yezZElu.exe
  2⤵
  PID:7516
- C:\Windows\System\uEjqbhg.exe
  C:\Windows\System\uEjqbhg.exe
  2⤵
  PID:7532
- C:\Windows\System\rnnktWU.exe
  C:\Windows\System\rnnktWU.exe
  2⤵
  PID:7552
- C:\Windows\System\agGPMIh.exe
  C:\Windows\System\agGPMIh.exe
  2⤵
  PID:7568
- C:\Windows\System\AanCEet.exe
  C:\Windows\System\AanCEet.exe
  2⤵
  PID:7588
- C:\Windows\System\hysdEDZ.exe
  C:\Windows\System\hysdEDZ.exe
  2⤵
  PID:7604
- C:\Windows\System\ENwMHag.exe
  C:\Windows\System\ENwMHag.exe
  2⤵
  PID:7624
- C:\Windows\System\acBsSqJ.exe
  C:\Windows\System\acBsSqJ.exe
  2⤵
  PID:7640
- C:\Windows\System\OpXDcjH.exe
  C:\Windows\System\OpXDcjH.exe
  2⤵
  PID:7660
- C:\Windows\System\aJtCWUH.exe
  C:\Windows\System\aJtCWUH.exe
  2⤵
  PID:7700
- C:\Windows\System\tmfvcaZ.exe
  C:\Windows\System\tmfvcaZ.exe
  2⤵
  PID:7716
- C:\Windows\System\pbcLrMI.exe
  C:\Windows\System\pbcLrMI.exe
  2⤵
  PID:7736
- C:\Windows\System\IyZAlgo.exe
  C:\Windows\System\IyZAlgo.exe
  2⤵
  PID:7752
- C:\Windows\System\CPMTqfx.exe
  C:\Windows\System\CPMTqfx.exe
  2⤵
  PID:7768
- C:\Windows\System\qqwjbrZ.exe
  C:\Windows\System\qqwjbrZ.exe
  2⤵
  PID:7788
- C:\Windows\System\AWQBEfd.exe
  C:\Windows\System\AWQBEfd.exe
  2⤵
  PID:7808
- C:\Windows\System\YxpyojE.exe
  C:\Windows\System\YxpyojE.exe
  2⤵
  PID:7824
- C:\Windows\System\BHOFmvE.exe
  C:\Windows\System\BHOFmvE.exe
  2⤵
  PID:7844
- C:\Windows\System\HRrmhOU.exe
  C:\Windows\System\HRrmhOU.exe
  2⤵
  PID:7864
- C:\Windows\System\oFCTVrl.exe
  C:\Windows\System\oFCTVrl.exe
  2⤵
  PID:7900
- C:\Windows\System\hJDGfVD.exe
  C:\Windows\System\hJDGfVD.exe
  2⤵
  PID:7916
- C:\Windows\System\FDdkizm.exe
  C:\Windows\System\FDdkizm.exe
  2⤵
  PID:7940
- C:\Windows\System\MYUyyGU.exe
  C:\Windows\System\MYUyyGU.exe
  2⤵
  PID:7956
- C:\Windows\System\OVACQWR.exe
  C:\Windows\System\OVACQWR.exe
  2⤵
  PID:7976
- C:\Windows\System\baXmirE.exe
  C:\Windows\System\baXmirE.exe
  2⤵
  PID:7992
- C:\Windows\System\cYMxXwK.exe
  C:\Windows\System\cYMxXwK.exe
  2⤵
  PID:8008
- C:\Windows\System\TKHgTWq.exe
  C:\Windows\System\TKHgTWq.exe
  2⤵
  PID:8032
- C:\Windows\System\pWFEmEV.exe
  C:\Windows\System\pWFEmEV.exe
  2⤵
  PID:8048
- C:\Windows\System\MpoSTPg.exe
  C:\Windows\System\MpoSTPg.exe
  2⤵
  PID:8064
- C:\Windows\System\LDvDIpK.exe
  C:\Windows\System\LDvDIpK.exe
  2⤵
  PID:8104
- C:\Windows\System\bSQqmdb.exe
  C:\Windows\System\bSQqmdb.exe
  2⤵
  PID:8120
- C:\Windows\System\mpUSqMm.exe
  C:\Windows\System\mpUSqMm.exe
  2⤵
  PID:8136
- C:\Windows\System\uGPngND.exe
  C:\Windows\System\uGPngND.exe
  2⤵
  PID:8152
- C:\Windows\System\euoglsi.exe
  C:\Windows\System\euoglsi.exe
  2⤵
  PID:8172
- C:\Windows\System\DuYaIyj.exe
  C:\Windows\System\DuYaIyj.exe
  2⤵
  PID:5412
- C:\Windows\System\IAdMLxZ.exe
  C:\Windows\System\IAdMLxZ.exe
  2⤵
  PID:6716
- C:\Windows\System\GJAyTlb.exe
  C:\Windows\System\GJAyTlb.exe
  2⤵
  PID:7192
- C:\Windows\System\pJkehpj.exe
  C:\Windows\System\pJkehpj.exe
  2⤵
  PID:2172
- C:\Windows\System\hpMaAfZ.exe
  C:\Windows\System\hpMaAfZ.exe
  2⤵
  PID:7176
- C:\Windows\System\qUuilfK.exe
  C:\Windows\System\qUuilfK.exe
  2⤵
  PID:7084
- C:\Windows\System\xLeWtsJ.exe
  C:\Windows\System\xLeWtsJ.exe
  2⤵
  PID:7236
- C:\Windows\System\etYdWbL.exe
  C:\Windows\System\etYdWbL.exe
  2⤵
  PID:7216
- C:\Windows\System\akPmrAh.exe
  C:\Windows\System\akPmrAh.exe
  2⤵
  PID:7300
- C:\Windows\System\FmuWVsl.exe
  C:\Windows\System\FmuWVsl.exe
  2⤵
  PID:7340
- C:\Windows\System\hwAZrjF.exe
  C:\Windows\System\hwAZrjF.exe
  2⤵
  PID:7420
- C:\Windows\System\JxOnTHs.exe
  C:\Windows\System\JxOnTHs.exe
  2⤵
  PID:7356
- C:\Windows\System\kPwLoCz.exe
  C:\Windows\System\kPwLoCz.exe
  2⤵
  PID:7432
- C:\Windows\System\kuMmxpT.exe
  C:\Windows\System\kuMmxpT.exe
  2⤵
  PID:2584
- C:\Windows\System\JEBlcAX.exe
  C:\Windows\System\JEBlcAX.exe
  2⤵
  PID:7540
- C:\Windows\System\rNlMshR.exe
  C:\Windows\System\rNlMshR.exe
  2⤵
  PID:7584
- C:\Windows\System\qkeveFG.exe
  C:\Windows\System\qkeveFG.exe
  2⤵
  PID:7616
- C:\Windows\System\XMiNgtj.exe
  C:\Windows\System\XMiNgtj.exe
  2⤵
  PID:7656
- C:\Windows\System\MKSVSgj.exe
  C:\Windows\System\MKSVSgj.exe
  2⤵
  PID:7632
- C:\Windows\System\cyzPMPk.exe
  C:\Windows\System\cyzPMPk.exe
  2⤵
  PID:7564
- C:\Windows\System\PWHyofR.exe
  C:\Windows\System\PWHyofR.exe
  2⤵
  PID:7696
- C:\Windows\System\DKjwwWW.exe
  C:\Windows\System\DKjwwWW.exe
  2⤵
  PID:7780
- C:\Windows\System\AuCrVhF.exe
  C:\Windows\System\AuCrVhF.exe
  2⤵
  PID:7676
- C:\Windows\System\tkXwAQa.exe
  C:\Windows\System\tkXwAQa.exe
  2⤵
  PID:7836
- C:\Windows\System\bzcaIKe.exe
  C:\Windows\System\bzcaIKe.exe
  2⤵
  PID:7732
- C:\Windows\System\aifBJNX.exe
  C:\Windows\System\aifBJNX.exe
  2⤵
  PID:7880
- C:\Windows\System\pDBDsIP.exe
  C:\Windows\System\pDBDsIP.exe
  2⤵
  PID:7876
- C:\Windows\System\wwZdqXe.exe
  C:\Windows\System\wwZdqXe.exe
  2⤵
  PID:7952
- C:\Windows\System\qFdBUxM.exe
  C:\Windows\System\qFdBUxM.exe
  2⤵
  PID:8020
- C:\Windows\System\IRhHJox.exe
  C:\Windows\System\IRhHJox.exe
  2⤵
  PID:8060
- C:\Windows\System\iQSiiyB.exe
  C:\Windows\System\iQSiiyB.exe
  2⤵
  PID:8092
- C:\Windows\System\yiTeIyb.exe
  C:\Windows\System\yiTeIyb.exe
  2⤵
  PID:8000
- C:\Windows\System\pnNQAax.exe
  C:\Windows\System\pnNQAax.exe
  2⤵
  PID:8076
- C:\Windows\System\UYmWjrl.exe
  C:\Windows\System\UYmWjrl.exe
  2⤵
  PID:8116
- C:\Windows\System\gvfSNDC.exe
  C:\Windows\System\gvfSNDC.exe
  2⤵
  PID:8184
- C:\Windows\System\IQVkysF.exe
  C:\Windows\System\IQVkysF.exe
  2⤵
  PID:1436
- C:\Windows\System\DVLNYUc.exe
  C:\Windows\System\DVLNYUc.exe
  2⤵
  PID:2976
- C:\Windows\System\MAiIMFO.exe
  C:\Windows\System\MAiIMFO.exe
  2⤵
  PID:7320
- C:\Windows\System\fVpKYGH.exe
  C:\Windows\System\fVpKYGH.exe
  2⤵
  PID:2396
- C:\Windows\System\NCqYgiJ.exe
  C:\Windows\System\NCqYgiJ.exe
  2⤵
  PID:8160
- C:\Windows\System\fxrzrbt.exe
  C:\Windows\System\fxrzrbt.exe
  2⤵
  PID:7504
- C:\Windows\System\KQjVLrE.exe
  C:\Windows\System\KQjVLrE.exe
  2⤵
  PID:1468
- C:\Windows\System\FZFFPIK.exe
  C:\Windows\System\FZFFPIK.exe
  2⤵
  PID:7396
- C:\Windows\System\EfOEegT.exe
  C:\Windows\System\EfOEegT.exe
  2⤵
  PID:7392
- C:\Windows\System\EJhqGTN.exe
  C:\Windows\System\EJhqGTN.exe
  2⤵
  PID:7488
- C:\Windows\System\LJYCNbe.exe
  C:\Windows\System\LJYCNbe.exe
  2⤵
  PID:7524
- C:\Windows\System\jiBzEMA.exe
  C:\Windows\System\jiBzEMA.exe
  2⤵
  PID:7672
- C:\Windows\System\aEEBGHM.exe
  C:\Windows\System\aEEBGHM.exe
  2⤵
  PID:7560
- C:\Windows\System\EHyntZZ.exe
  C:\Windows\System\EHyntZZ.exe
  2⤵
  PID:7548
- C:\Windows\System\AUCWLCH.exe
  C:\Windows\System\AUCWLCH.exe
  2⤵
  PID:7748
- C:\Windows\System\BgVimJL.exe
  C:\Windows\System\BgVimJL.exe
  2⤵
  PID:7764
- C:\Windows\System\XzApqeD.exe
  C:\Windows\System\XzApqeD.exe
  2⤵
  PID:7888
- C:\Windows\System\xNgZUCz.exe
  C:\Windows\System\xNgZUCz.exe
  2⤵
  PID:7964
- C:\Windows\System\oQHuVpW.exe
  C:\Windows\System\oQHuVpW.exe
  2⤵
  PID:7804
- C:\Windows\System\uNtiyVK.exe
  C:\Windows\System\uNtiyVK.exe
  2⤵
  PID:7232
- C:\Windows\System\xatpWqu.exe
  C:\Windows\System\xatpWqu.exe
  2⤵
  PID:7188
- C:\Windows\System\dWcGwof.exe
  C:\Windows\System\dWcGwof.exe
  2⤵
  PID:332
- C:\Windows\System\CerYyUK.exe
  C:\Windows\System\CerYyUK.exe
  2⤵
  PID:8164
- C:\Windows\System\nBVtVud.exe
  C:\Windows\System\nBVtVud.exe
  2⤵
  PID:6504
- C:\Windows\System\GwkHUIS.exe
  C:\Windows\System\GwkHUIS.exe
  2⤵
  PID:8132
- C:\Windows\System\hEugvEq.exe
  C:\Windows\System\hEugvEq.exe
  2⤵
  PID:7508
- C:\Windows\System\YayidKs.exe
  C:\Windows\System\YayidKs.exe
  2⤵
  PID:7576
- C:\Windows\System\qhGPvUc.exe
  C:\Windows\System\qhGPvUc.exe
  2⤵
  PID:8016
- C:\Windows\System\VMPjlGF.exe
  C:\Windows\System\VMPjlGF.exe
  2⤵
  PID:7596
- C:\Windows\System\FymmsMW.exe
  C:\Windows\System\FymmsMW.exe
  2⤵
  PID:7708
- C:\Windows\System\fzjNkJI.exe
  C:\Windows\System\fzjNkJI.exe
  2⤵
  PID:7908
- C:\Windows\System\bRxrCtV.exe
  C:\Windows\System\bRxrCtV.exe
  2⤵
  PID:1556
- C:\Windows\System\tnfglDa.exe
  C:\Windows\System\tnfglDa.exe
  2⤵
  PID:6560
- C:\Windows\System\iBeRMuu.exe
  C:\Windows\System\iBeRMuu.exe
  2⤵
  PID:1672
- C:\Windows\System\fkSkSbP.exe
  C:\Windows\System\fkSkSbP.exe
  2⤵
  PID:7872
- C:\Windows\System\ojFsYXk.exe
  C:\Windows\System\ojFsYXk.exe
  2⤵
  PID:7832
- C:\Windows\System\VpbzqhE.exe
  C:\Windows\System\VpbzqhE.exe
  2⤵
  PID:8056
- C:\Windows\System\WWYoYOw.exe
  C:\Windows\System\WWYoYOw.exe
  2⤵
  PID:7668
- C:\Windows\System\gRZDeBu.exe
  C:\Windows\System\gRZDeBu.exe
  2⤵
  PID:7760
- C:\Windows\System\oLTAEcb.exe
  C:\Windows\System\oLTAEcb.exe
  2⤵
  PID:8100
- C:\Windows\System\necwMaP.exe
  C:\Windows\System\necwMaP.exe
  2⤵
  PID:8072
- C:\Windows\System\rBibJZJ.exe
  C:\Windows\System\rBibJZJ.exe
  2⤵
  PID:8128
- C:\Windows\System\nHesUMK.exe
  C:\Windows\System\nHesUMK.exe
  2⤵
  PID:7376
- C:\Windows\System\qTOjLKh.exe
  C:\Windows\System\qTOjLKh.exe
  2⤵
  PID:7464
- C:\Windows\System\mcZcrfU.exe
  C:\Windows\System\mcZcrfU.exe
  2⤵
  PID:8112
- C:\Windows\System\tGAqqIJ.exe
  C:\Windows\System\tGAqqIJ.exe
  2⤵
  PID:7652
- C:\Windows\System\MQhaLbC.exe
  C:\Windows\System\MQhaLbC.exe
  2⤵
  PID:7352
- C:\Windows\System\QpAaPCz.exe
  C:\Windows\System\QpAaPCz.exe
  2⤵
  PID:6660
- C:\Windows\System\zjWMeAB.exe
  C:\Windows\System\zjWMeAB.exe
  2⤵
  PID:7248
- C:\Windows\System\hZpPDmP.exe
  C:\Windows\System\hZpPDmP.exe
  2⤵
  PID:8044
- C:\Windows\System\VNSJvHG.exe
  C:\Windows\System\VNSJvHG.exe
  2⤵
  PID:8196
- C:\Windows\System\mQpMUKx.exe
  C:\Windows\System\mQpMUKx.exe
  2⤵
  PID:8212
- C:\Windows\System\bGrqfJy.exe
  C:\Windows\System\bGrqfJy.exe
  2⤵
  PID:8228
- C:\Windows\System\SjFdZtG.exe
  C:\Windows\System\SjFdZtG.exe
  2⤵
  PID:8244
- C:\Windows\System\GXRJyUQ.exe
  C:\Windows\System\GXRJyUQ.exe
  2⤵
  PID:8260
- C:\Windows\System\TmKhqIX.exe
  C:\Windows\System\TmKhqIX.exe
  2⤵
  PID:8276
- C:\Windows\System\wxNEGbJ.exe
  C:\Windows\System\wxNEGbJ.exe
  2⤵
  PID:8292
- C:\Windows\System\nYgkReF.exe
  C:\Windows\System\nYgkReF.exe
  2⤵
  PID:8308
- C:\Windows\System\ZkBuqcD.exe
  C:\Windows\System\ZkBuqcD.exe
  2⤵
  PID:8324
- C:\Windows\System\rwwvEpC.exe
  C:\Windows\System\rwwvEpC.exe
  2⤵
  PID:8340
- C:\Windows\System\mNDThZN.exe
  C:\Windows\System\mNDThZN.exe
  2⤵
  PID:8356
- C:\Windows\System\xzKxGeP.exe
  C:\Windows\System\xzKxGeP.exe
  2⤵
  PID:8372
- C:\Windows\System\KdqZCqe.exe
  C:\Windows\System\KdqZCqe.exe
  2⤵
  PID:8392
- C:\Windows\System\ySyoBqH.exe
  C:\Windows\System\ySyoBqH.exe
  2⤵
  PID:8408
- C:\Windows\System\neMvUJR.exe
  C:\Windows\System\neMvUJR.exe
  2⤵
  PID:8424
- C:\Windows\System\YQFhIii.exe
  C:\Windows\System\YQFhIii.exe
  2⤵
  PID:8440
- C:\Windows\System\MEjmpNs.exe
  C:\Windows\System\MEjmpNs.exe
  2⤵
  PID:8456
- C:\Windows\System\CryHCnf.exe
  C:\Windows\System\CryHCnf.exe
  2⤵
  PID:8472
- C:\Windows\System\QOOLzlv.exe
  C:\Windows\System\QOOLzlv.exe
  2⤵
  PID:8488
- C:\Windows\System\lZaGwij.exe
  C:\Windows\System\lZaGwij.exe
  2⤵
  PID:8504
- C:\Windows\System\jkLrvbU.exe
  C:\Windows\System\jkLrvbU.exe
  2⤵
  PID:8520
- C:\Windows\System\SNwBYlT.exe
  C:\Windows\System\SNwBYlT.exe
  2⤵
  PID:8536
- C:\Windows\System\sFMGwGc.exe
  C:\Windows\System\sFMGwGc.exe
  2⤵
  PID:8560
- C:\Windows\System\TcbJNBD.exe
  C:\Windows\System\TcbJNBD.exe
  2⤵
  PID:8576
- C:\Windows\System\lKNYNyB.exe
  C:\Windows\System\lKNYNyB.exe
  2⤵
  PID:8596
- C:\Windows\System\XRwngWw.exe
  C:\Windows\System\XRwngWw.exe
  2⤵
  PID:8612
- C:\Windows\System\Qxpnjlw.exe
  C:\Windows\System\Qxpnjlw.exe
  2⤵
  PID:8628
- C:\Windows\System\faJdjwM.exe
  C:\Windows\System\faJdjwM.exe
  2⤵
  PID:8644
- C:\Windows\System\FodIhvs.exe
  C:\Windows\System\FodIhvs.exe
  2⤵
  PID:8660
- C:\Windows\System\RUXSfJS.exe
  C:\Windows\System\RUXSfJS.exe
  2⤵
  PID:8676
- C:\Windows\System\gzRKZdO.exe
  C:\Windows\System\gzRKZdO.exe
  2⤵
  PID:8828
- C:\Windows\System\UYdAcKU.exe
  C:\Windows\System\UYdAcKU.exe
  2⤵
  PID:8844
- C:\Windows\System\FLbCPjv.exe
  C:\Windows\System\FLbCPjv.exe
  2⤵
  PID:8864
- C:\Windows\System\mzhGjUu.exe
  C:\Windows\System\mzhGjUu.exe
  2⤵
  PID:8884
- C:\Windows\System\KgxoKne.exe
  C:\Windows\System\KgxoKne.exe
  2⤵
  PID:8900
- C:\Windows\System\CIZQaOW.exe
  C:\Windows\System\CIZQaOW.exe
  2⤵
  PID:8920
- C:\Windows\System\LlYaTCm.exe
  C:\Windows\System\LlYaTCm.exe
  2⤵
  PID:8936
- C:\Windows\System\NElPZrH.exe
  C:\Windows\System\NElPZrH.exe
  2⤵
  PID:8952
- C:\Windows\System\vSPMfxO.exe
  C:\Windows\System\vSPMfxO.exe
  2⤵
  PID:8968
- C:\Windows\System\HPKUTTZ.exe
  C:\Windows\System\HPKUTTZ.exe
  2⤵
  PID:9012
- C:\Windows\System\RnGWEBb.exe
  C:\Windows\System\RnGWEBb.exe
  2⤵
  PID:9028
- C:\Windows\System\lrAvgik.exe
  C:\Windows\System\lrAvgik.exe
  2⤵
  PID:9044
- C:\Windows\System\itIppyz.exe
  C:\Windows\System\itIppyz.exe
  2⤵
  PID:9060
- C:\Windows\System\SuJGqMZ.exe
  C:\Windows\System\SuJGqMZ.exe
  2⤵
  PID:9076
- C:\Windows\System\BZlyBgg.exe
  C:\Windows\System\BZlyBgg.exe
  2⤵
  PID:9100
- C:\Windows\System\tcWdetb.exe
  C:\Windows\System\tcWdetb.exe
  2⤵
  PID:9116
- C:\Windows\System\BmiKIpO.exe
  C:\Windows\System\BmiKIpO.exe
  2⤵
  PID:9132
- C:\Windows\System\hFIUaWM.exe
  C:\Windows\System\hFIUaWM.exe
  2⤵
  PID:9148
- C:\Windows\System\zJpJTfl.exe
  C:\Windows\System\zJpJTfl.exe
  2⤵
  PID:9164
- C:\Windows\System\iNcgGFw.exe
  C:\Windows\System\iNcgGFw.exe
  2⤵
  PID:9180
- C:\Windows\System\xnBKvIp.exe
  C:\Windows\System\xnBKvIp.exe
  2⤵
  PID:8204
- C:\Windows\System\XTQUHnu.exe
  C:\Windows\System\XTQUHnu.exe
  2⤵
  PID:8220
- C:\Windows\System\xKpxJZl.exe
  C:\Windows\System\xKpxJZl.exe
  2⤵
  PID:8316
- C:\Windows\System\YtqZeJM.exe
  C:\Windows\System\YtqZeJM.exe
  2⤵
  PID:8384
- C:\Windows\System\XTOYonH.exe
  C:\Windows\System\XTOYonH.exe
  2⤵
  PID:7744
- C:\Windows\System\HkWLVue.exe
  C:\Windows\System\HkWLVue.exe
  2⤵
  PID:8364
- C:\Windows\System\kAFOioR.exe
  C:\Windows\System\kAFOioR.exe
  2⤵
  PID:7648
- C:\Windows\System\iURIxSV.exe
  C:\Windows\System\iURIxSV.exe
  2⤵
  PID:8452
- C:\Windows\System\uzYpBNY.exe
  C:\Windows\System\uzYpBNY.exe
  2⤵
  PID:8512
- C:\Windows\System\FniDEro.exe
  C:\Windows\System\FniDEro.exe
  2⤵
  PID:8544
- C:\Windows\System\leaoLhV.exe
  C:\Windows\System\leaoLhV.exe
  2⤵
  PID:8464
- C:\Windows\System\HellPyl.exe
  C:\Windows\System\HellPyl.exe
  2⤵
  PID:8532
- C:\Windows\System\gWKPCcc.exe
  C:\Windows\System\gWKPCcc.exe
  2⤵
  PID:8588
- C:\Windows\System\TlmkmgF.exe
  C:\Windows\System\TlmkmgF.exe
  2⤵
  PID:8620
- C:\Windows\System\FamajtR.exe
  C:\Windows\System\FamajtR.exe
  2⤵
  PID:8652
- C:\Windows\System\kwxWzfH.exe
  C:\Windows\System\kwxWzfH.exe
  2⤵
  PID:8668
- C:\Windows\System\ZzndkgL.exe
  C:\Windows\System\ZzndkgL.exe
  2⤵
  PID:8700
- C:\Windows\System\muHthZf.exe
  C:\Windows\System\muHthZf.exe
  2⤵
  PID:8708
- C:\Windows\System\VzTwbiF.exe
  C:\Windows\System\VzTwbiF.exe
  2⤵
  PID:8728
- C:\Windows\System\oELBcCa.exe
  C:\Windows\System\oELBcCa.exe
  2⤵
  PID:8724
- C:\Windows\System\LynhUTf.exe
  C:\Windows\System\LynhUTf.exe
  2⤵
  PID:8752
- C:\Windows\System\mARHdWY.exe
  C:\Windows\System\mARHdWY.exe
  2⤵
  PID:8772
- C:\Windows\System\gqQxnaj.exe
  C:\Windows\System\gqQxnaj.exe
  2⤵
  PID:8784
- C:\Windows\System\yzQiynF.exe
  C:\Windows\System\yzQiynF.exe
  2⤵
  PID:8800
- C:\Windows\System\rhlPmaz.exe
  C:\Windows\System\rhlPmaz.exe
  2⤵
  PID:8820
- C:\Windows\System\GAKUvvr.exe
  C:\Windows\System\GAKUvvr.exe
  2⤵
  PID:8840
- C:\Windows\System\ALeoahv.exe
  C:\Windows\System\ALeoahv.exe
  2⤵
  PID:8876
- C:\Windows\System\jRoSVpn.exe
  C:\Windows\System\jRoSVpn.exe
  2⤵
  PID:8916
- C:\Windows\System\BXvvEVV.exe
  C:\Windows\System\BXvvEVV.exe
  2⤵
  PID:8932
- C:\Windows\System\Alikoiv.exe
  C:\Windows\System\Alikoiv.exe
  2⤵
  PID:8912
- C:\Windows\System\kaVtPJp.exe
  C:\Windows\System\kaVtPJp.exe
  2⤵
  PID:8996
- C:\Windows\System\vRAEfqu.exe
  C:\Windows\System\vRAEfqu.exe
  2⤵
  PID:9024
- C:\Windows\System\FCNygvP.exe
  C:\Windows\System\FCNygvP.exe
  2⤵
  PID:9036
- C:\Windows\System\nwyzWKX.exe
  C:\Windows\System\nwyzWKX.exe
  2⤵
  PID:9112
- C:\Windows\System\mXMjHNS.exe
  C:\Windows\System\mXMjHNS.exe
  2⤵
  PID:9172
- C:\Windows\System\OyKKTzV.exe
  C:\Windows\System\OyKKTzV.exe
  2⤵
  PID:9092
- C:\Windows\System\kydYWDw.exe
  C:\Windows\System\kydYWDw.exe
  2⤵
  PID:9160
- C:\Windows\System\wErusSJ.exe
  C:\Windows\System\wErusSJ.exe
  2⤵
  PID:9128
- C:\Windows\System\mYKgPBI.exe
  C:\Windows\System\mYKgPBI.exe
  2⤵
  PID:9208
- C:\Windows\System\SDeHyIw.exe
  C:\Windows\System\SDeHyIw.exe
  2⤵
  PID:8240
- C:\Windows\System\ThAMiSF.exe
  C:\Windows\System\ThAMiSF.exe
  2⤵
  PID:8252
- C:\Windows\System\FeJIkYy.exe
  C:\Windows\System\FeJIkYy.exe
  2⤵
  PID:8208
- C:\Windows\System\rdjPiEZ.exe
  C:\Windows\System\rdjPiEZ.exe
  2⤵
  PID:8268
- C:\Windows\System\VtuzhVC.exe
  C:\Windows\System\VtuzhVC.exe
  2⤵
  PID:8432
- C:\Windows\System\Putsteq.exe
  C:\Windows\System\Putsteq.exe
  2⤵
  PID:8436
- C:\Windows\System\ZcZnWxu.exe
  C:\Windows\System\ZcZnWxu.exe
  2⤵
  PID:8604
- C:\Windows\System\TTVJOuN.exe
  C:\Windows\System\TTVJOuN.exe
  2⤵
  PID:8716
- C:\Windows\System\dqGosYn.exe
  C:\Windows\System\dqGosYn.exe
  2⤵
  PID:8748
- C:\Windows\System\qZPZJfD.exe
  C:\Windows\System\qZPZJfD.exe
  2⤵
  PID:8812
- C:\Windows\System\RVMwrQA.exe
  C:\Windows\System\RVMwrQA.exe
  2⤵
  PID:8892
- C:\Windows\System\JmxYbCX.exe
  C:\Windows\System\JmxYbCX.exe
  2⤵
  PID:8592
- C:\Windows\System\qyGeLcn.exe
  C:\Windows\System\qyGeLcn.exe
  2⤵
  PID:8640
- C:\Windows\System\jlpuLtq.exe
  C:\Windows\System\jlpuLtq.exe
  2⤵
  PID:8764
- C:\Windows\System\XuYsETb.exe
  C:\Windows\System\XuYsETb.exe
  2⤵
  PID:8852
- C:\Windows\System\mzpqNNs.exe
  C:\Windows\System\mzpqNNs.exe
  2⤵
  PID:9056
- C:\Windows\System\amOdvOL.exe
  C:\Windows\System\amOdvOL.exe
  2⤵
  PID:8908
- C:\Windows\System\CbyIwNy.exe
  C:\Windows\System\CbyIwNy.exe
  2⤵
  PID:9188
- C:\Windows\System\UjbeRRo.exe
  C:\Windows\System\UjbeRRo.exe
  2⤵
  PID:9072
- C:\Windows\System\MBGnexn.exe
  C:\Windows\System\MBGnexn.exe
  2⤵
  PID:9156
- C:\Windows\System\HvCxNMP.exe
  C:\Windows\System\HvCxNMP.exe
  2⤵
  PID:9212
- C:\Windows\System\pQUtfeD.exe
  C:\Windows\System\pQUtfeD.exe
  2⤵
  PID:8352
- C:\Windows\System\EiwCZjp.exe
  C:\Windows\System\EiwCZjp.exe
  2⤵
  PID:8420
- C:\Windows\System\krOybzo.exe
  C:\Windows\System\krOybzo.exe
  2⤵
  PID:9224
- C:\Windows\System\sFumwgJ.exe
  C:\Windows\System\sFumwgJ.exe
  2⤵
  PID:9240
- C:\Windows\System\jOWbDLF.exe
  C:\Windows\System\jOWbDLF.exe
  2⤵
  PID:9256
- C:\Windows\System\hPPhaxH.exe
  C:\Windows\System\hPPhaxH.exe
  2⤵
  PID:9272
- C:\Windows\System\zOUAwQc.exe
  C:\Windows\System\zOUAwQc.exe
  2⤵
  PID:9288
- C:\Windows\System\ozwpNif.exe
  C:\Windows\System\ozwpNif.exe
  2⤵
  PID:9304
- C:\Windows\System\zKQLrsU.exe
  C:\Windows\System\zKQLrsU.exe
  2⤵
  PID:9320
- C:\Windows\System\VDvpeGp.exe
  C:\Windows\System\VDvpeGp.exe
  2⤵
  PID:9336
- C:\Windows\System\BXaWBlO.exe
  C:\Windows\System\BXaWBlO.exe
  2⤵
  PID:9352
- C:\Windows\System\UjnvLxx.exe
  C:\Windows\System\UjnvLxx.exe
  2⤵
  PID:9376
- C:\Windows\System\oIDlZwr.exe
  C:\Windows\System\oIDlZwr.exe
  2⤵
  PID:9392
- C:\Windows\System\VuojcuK.exe
  C:\Windows\System\VuojcuK.exe
  2⤵
  PID:9408
- C:\Windows\System\TxpEypU.exe
  C:\Windows\System\TxpEypU.exe
  2⤵
  PID:9424
- C:\Windows\System\ZxeQrql.exe
  C:\Windows\System\ZxeQrql.exe
  2⤵
  PID:9464
- C:\Windows\System\usVBCLc.exe
  C:\Windows\System\usVBCLc.exe
  2⤵
  PID:9492
- C:\Windows\System\GtdCgBf.exe
  C:\Windows\System\GtdCgBf.exe
  2⤵
  PID:9584
- C:\Windows\System\FmrPAFr.exe
  C:\Windows\System\FmrPAFr.exe
  2⤵
  PID:9600
- C:\Windows\System\ARjRqae.exe
  C:\Windows\System\ARjRqae.exe
  2⤵
  PID:9616
- C:\Windows\System\vnyICIr.exe
  C:\Windows\System\vnyICIr.exe
  2⤵
  PID:9652
- C:\Windows\System\RouhLRG.exe
  C:\Windows\System\RouhLRG.exe
  2⤵
  PID:9680
- C:\Windows\System\WELFXzG.exe
  C:\Windows\System\WELFXzG.exe
  2⤵
  PID:9728
- C:\Windows\System\FTUAasv.exe
  C:\Windows\System\FTUAasv.exe
  2⤵
  PID:9744
- C:\Windows\System\rHGLQuB.exe
  C:\Windows\System\rHGLQuB.exe
  2⤵
  PID:9764
- C:\Windows\System\TUwErxg.exe
  C:\Windows\System\TUwErxg.exe
  2⤵
  PID:9792
- C:\Windows\System\JMYQNyu.exe
  C:\Windows\System\JMYQNyu.exe
  2⤵
  PID:9812
- C:\Windows\System\OXiPgbh.exe
  C:\Windows\System\OXiPgbh.exe
  2⤵
  PID:9832
- C:\Windows\System\SMzWZvT.exe
  C:\Windows\System\SMzWZvT.exe
  2⤵
  PID:9928
- C:\Windows\System\xcaixHB.exe
  C:\Windows\System\xcaixHB.exe
  2⤵
  PID:9988
- C:\Windows\System\YKhKRqk.exe
  C:\Windows\System\YKhKRqk.exe
  2⤵
  PID:10012
- C:\Windows\System\nMpRywK.exe
  C:\Windows\System\nMpRywK.exe
  2⤵
  PID:10028
- C:\Windows\System\TdQFuvu.exe
  C:\Windows\System\TdQFuvu.exe
  2⤵
  PID:10044
- C:\Windows\System\iXGRSxI.exe
  C:\Windows\System\iXGRSxI.exe
  2⤵
  PID:10060
- C:\Windows\System\DHTwulb.exe
  C:\Windows\System\DHTwulb.exe
  2⤵
  PID:10076
- C:\Windows\System\mscvwoQ.exe
  C:\Windows\System\mscvwoQ.exe
  2⤵
  PID:10092
- C:\Windows\System\wtBFyCC.exe
  C:\Windows\System\wtBFyCC.exe
  2⤵
  PID:10108
- C:\Windows\System\NSpXSXq.exe
  C:\Windows\System\NSpXSXq.exe
  2⤵
  PID:10124
- C:\Windows\System\bkDEWqp.exe
  C:\Windows\System\bkDEWqp.exe
  2⤵
  PID:10140
- C:\Windows\System\iJsiTGG.exe
  C:\Windows\System\iJsiTGG.exe
  2⤵
  PID:10164
- C:\Windows\System\FrUYmTE.exe
  C:\Windows\System\FrUYmTE.exe
  2⤵
  PID:10184
- C:\Windows\System\OYyUblj.exe
  C:\Windows\System\OYyUblj.exe
  2⤵
  PID:10208
- C:\Windows\System\GdyMLsK.exe
  C:\Windows\System\GdyMLsK.exe
  2⤵
  PID:10224
- C:\Windows\System\mWTofoU.exe
  C:\Windows\System\mWTofoU.exe
  2⤵
  PID:1372
- C:\Windows\System\dwAPSzF.exe
  C:\Windows\System\dwAPSzF.exe
  2⤵
  PID:8976
- C:\Windows\System\OsiurIf.exe
  C:\Windows\System\OsiurIf.exe
  2⤵
  PID:8288
- C:\Windows\System\KivErva.exe
  C:\Windows\System\KivErva.exe
  2⤵
  PID:8796
- C:\Windows\System\xEqTVtt.exe
  C:\Windows\System\xEqTVtt.exe
  2⤵
  PID:8584
- C:\Windows\System\YtHcMeu.exe
  C:\Windows\System\YtHcMeu.exe
  2⤵
  PID:8568
- C:\Windows\System\jNqInDE.exe
  C:\Windows\System\jNqInDE.exe
  2⤵
  PID:9020
- C:\Windows\System\vCnAtFm.exe
  C:\Windows\System\vCnAtFm.exe
  2⤵
  PID:8760
- C:\Windows\System\FtFEYub.exe
  C:\Windows\System\FtFEYub.exe
  2⤵
  PID:8636
- C:\Windows\System\FgcSaPK.exe
  C:\Windows\System\FgcSaPK.exe
  2⤵
  PID:8516
- C:\Windows\System\EISvufw.exe
  C:\Windows\System\EISvufw.exe
  2⤵
  PID:9348
- C:\Windows\System\wXIQHYA.exe
  C:\Windows\System\wXIQHYA.exe
  2⤵
  PID:9296
- C:\Windows\System\ubzSigZ.exe
  C:\Windows\System\ubzSigZ.exe
  2⤵
  PID:9404
- C:\Windows\System\PFmBhLG.exe
  C:\Windows\System\PFmBhLG.exe
  2⤵
  PID:9440
- C:\Windows\System\JghyohU.exe
  C:\Windows\System\JghyohU.exe
  2⤵
  PID:9460
- C:\Windows\System\LBEVInX.exe
  C:\Windows\System\LBEVInX.exe
  2⤵
  PID:2956
- C:\Windows\System\MyrJobe.exe
  C:\Windows\System\MyrJobe.exe
  2⤵
  PID:9516
- C:\Windows\System\BogzXFL.exe
  C:\Windows\System\BogzXFL.exe
  2⤵
  PID:9536
- C:\Windows\System\JyNCCKl.exe
  C:\Windows\System\JyNCCKl.exe
  2⤵
  PID:9580
- C:\Windows\System\IvedOJG.exe
  C:\Windows\System\IvedOJG.exe
  2⤵
  PID:9632
- C:\Windows\System\VkVOUgk.exe
  C:\Windows\System\VkVOUgk.exe
  2⤵
  PID:9672
- C:\Windows\System\yfQKpRr.exe
  C:\Windows\System\yfQKpRr.exe
  2⤵
  PID:9736
- C:\Windows\System\ogfRzvC.exe
  C:\Windows\System\ogfRzvC.exe
  2⤵
  PID:9716
- C:\Windows\System\FGKPdXZ.exe
  C:\Windows\System\FGKPdXZ.exe
  2⤵
  PID:9752
- C:\Windows\System\PGTNOxl.exe
  C:\Windows\System\PGTNOxl.exe
  2⤵
  PID:9772
- C:\Windows\System\kEIgrWC.exe
  C:\Windows\System\kEIgrWC.exe
  2⤵
  PID:9776
- C:\Windows\System\uTfRiob.exe
  C:\Windows\System\uTfRiob.exe
  2⤵
  PID:9804
- C:\Windows\System\KvKkPeq.exe
  C:\Windows\System\KvKkPeq.exe
  2⤵
  PID:9852
- C:\Windows\System\HUChqrZ.exe
  C:\Windows\System\HUChqrZ.exe
  2⤵
  PID:9872
- C:\Windows\System\RyRrOXO.exe
  C:\Windows\System\RyRrOXO.exe
  2⤵
  PID:9940
- C:\Windows\System\LZrDqlx.exe
  C:\Windows\System\LZrDqlx.exe
  2⤵
  PID:9900
- C:\Windows\System\hSqiJjd.exe
  C:\Windows\System\hSqiJjd.exe
  2⤵
  PID:9844
- C:\Windows\System\mmufnLe.exe
  C:\Windows\System\mmufnLe.exe
  2⤵
  PID:10000
- C:\Windows\System\CISkaUH.exe
  C:\Windows\System\CISkaUH.exe
  2⤵
  PID:10040
- C:\Windows\System\IwuDtXJ.exe
  C:\Windows\System\IwuDtXJ.exe
  2⤵
  PID:9984
- C:\Windows\System\bQieIUP.exe
  C:\Windows\System\bQieIUP.exe
  2⤵
  PID:10056
- C:\Windows\System\yskmFjD.exe
  C:\Windows\System\yskmFjD.exe
  2⤵
  PID:10152
- C:\Windows\System\dwyIVUT.exe
  C:\Windows\System\dwyIVUT.exe
  2⤵
  PID:10052
- C:\Windows\System\eLqmpAJ.exe
  C:\Windows\System\eLqmpAJ.exe
  2⤵
  PID:10160
- C:\Windows\System\jgrjJBr.exe
  C:\Windows\System\jgrjJBr.exe
  2⤵
  PID:10176
- C:\Windows\System\oCgevQM.exe
  C:\Windows\System\oCgevQM.exe
  2⤵
  PID:8856
- C:\Windows\System\sSebFAB.exe
  C:\Windows\System\sSebFAB.exe
  2⤵
  PID:9068
- C:\Windows\System\XtIETyX.exe
  C:\Windows\System\XtIETyX.exe
  2⤵
  PID:8836
- C:\Windows\System\rqFQHOc.exe
  C:\Windows\System\rqFQHOc.exe
  2⤵
  PID:9052
- C:\Windows\System\VCZDecm.exe
  C:\Windows\System\VCZDecm.exe
  2⤵
  PID:9312
- C:\Windows\System\ApMvgoz.exe
  C:\Windows\System\ApMvgoz.exe
  2⤵
  PID:9248
- C:\Windows\System\xpiCRXY.exe
  C:\Windows\System\xpiCRXY.exe
  2⤵
  PID:9332
- C:\Windows\System\KEfjNlC.exe
  C:\Windows\System\KEfjNlC.exe
  2⤵
  PID:9372
- C:\Windows\System\CHmmuuU.exe
  C:\Windows\System\CHmmuuU.exe
  2⤵
  PID:9456
- C:\Windows\System\dORsJBJ.exe
  C:\Windows\System\dORsJBJ.exe
  2⤵
  PID:9476
- C:\Windows\System\IrmkghV.exe
  C:\Windows\System\IrmkghV.exe
  2⤵
  PID:9532
- C:\Windows\System\cmadfBB.exe
  C:\Windows\System\cmadfBB.exe
  2⤵
  PID:9576
- C:\Windows\System\ipqTUAe.exe
  C:\Windows\System\ipqTUAe.exe
  2⤵
  PID:9820
- C:\Windows\System\vQQkgMP.exe
  C:\Windows\System\vQQkgMP.exe
  2⤵
  PID:9692
- C:\Windows\System\kWTHsid.exe
  C:\Windows\System\kWTHsid.exe
  2⤵
  PID:9784
- C:\Windows\System\VOOfKuL.exe
  C:\Windows\System\VOOfKuL.exe
  2⤵
  PID:9840
- C:\Windows\System\NEykvVD.exe
  C:\Windows\System\NEykvVD.exe
  2⤵
  PID:9888
- C:\Windows\System\jWgQWim.exe
  C:\Windows\System\jWgQWim.exe
  2⤵
  PID:9808
- C:\Windows\System\SikbCUT.exe
  C:\Windows\System\SikbCUT.exe
  2⤵
  PID:10036
- C:\Windows\System\kcDrBhT.exe
  C:\Windows\System\kcDrBhT.exe
  2⤵
  PID:9512
- C:\Windows\System\xjCmoFQ.exe
  C:\Windows\System\xjCmoFQ.exe
  2⤵
  PID:9868
- C:\Windows\System\ghSxylY.exe
  C:\Windows\System\ghSxylY.exe
  2⤵
  PID:9960
- C:\Windows\System\RqnroEY.exe
  C:\Windows\System\RqnroEY.exe
  2⤵
  PID:9976
- C:\Windows\System\dBzIjwG.exe
  C:\Windows\System\dBzIjwG.exe
  2⤵
  PID:10024
- C:\Windows\System\vZtfnyh.exe
  C:\Windows\System\vZtfnyh.exe
  2⤵
  PID:10196
- C:\Windows\System\TxTHHdq.exe
  C:\Windows\System\TxTHHdq.exe
  2⤵
  PID:10100
- C:\Windows\System\WCmAmQe.exe
  C:\Windows\System\WCmAmQe.exe
  2⤵
  PID:10088
- C:\Windows\System\GgGiLZX.exe
  C:\Windows\System\GgGiLZX.exe
  2⤵
  PID:9144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ACfyXSi.exe

Filesize
6.0MB

MD5
3da539e77f15d73e12f3d52933a2c4d6

SHA1
3033f1d9172b850e2506d04bdf1ce36509f86d71

SHA256
abfd89b61b498cf993d11f506109abe95fd5f9cb64328942ad50da8130134886

SHA512
2f532b20fd110447b5d0e250d8554c35c428559e9584c8c65b49cf45e7e236969d5983edbe7ce4c323bb238faf7e8d6850adb4344e5830a317ac13666a282f30

Download Submit
C:\Windows\system\DGXxFWc.exe

Filesize
6.0MB

MD5
d590f5d71488f320e1b5fa0813deca5d

SHA1
63f6315606f9876ed593b7cf04677460ae2a87ac

SHA256
e9a186687b668bb94c8cf9d98083fd7f05d2810d49ecc135f787e9e2ccd70b9a

SHA512
0bea7846d78c71ef9ea16cef10da3a0a698c9bed901a4ea3deed59437ef315ba786e433b60b633a1677dd50e394c225e40881eff9139cfb2170cc4807c03e65b

Download Submit
C:\Windows\system\FwPVAvG.exe

Filesize
6.0MB

MD5
8abf9720141fefe5e501b6e85b310671

SHA1
702856fc731ec48bd5120e4ec3a08a2e682f58f7

SHA256
01bdab9042e5de53ca104be31b9185339caf10947a47f959a0ccca3ec209a045

SHA512
163e4afdaee3861169515eecbca86543d1ff2cd986e548111c3e25f0e958fea24b78f78aa4e78214c6e80bbb6fd22a3e3e725257dff95b64156da25f4a220957

Download Submit
C:\Windows\system\LVvMFKY.exe

Filesize
6.0MB

MD5
92375a2a84ae7bb92e8f35faf7c60b7b

SHA1
aa583fcd4a6639f2cbf7c34d0f51e4ba32d8272e

SHA256
23385cdcc4584d57bf4e0d6a148ffb323753042edfe5e6c66d22277604d8465a

SHA512
017cb3fbef67ae3ad5fa198d2b4a371ac943e7cee137f56f9ff9072746346e449895365b7a07adc3e0ad008c077f17e7c7cd171caaaeb3d1cf62cb165f82f8f1

Download Submit
C:\Windows\system\LWmjzmr.exe

Filesize
6.0MB

MD5
5f4411c3514727caf0f30db9dda86305

SHA1
72e787760ebfbc0b5989d488c4f8a14ca1cade56

SHA256
a43789f7f5d54a5afd003fe5a7a12cdf717e9c0b5d9370ca77b0fe6ea2cd50bb

SHA512
38b01bb8f9d3b8487fd24c02d25dd82b8423504201217257f780c67471cd6fbeb0c0b60f6969a7226adc59e821bf0de44de073b678a9d6aa7603b3f4c89660e5

Download Submit
C:\Windows\system\NFBZunn.exe

Filesize
6.0MB

MD5
7032dbfbb09844df5c05564fa9dce8fd

SHA1
2aaec810ea0c458f047628d033d9a5c3532c224f

SHA256
f8c81866ef34d509ac1a65fdd9af2e7ceefcb2543f57d00aa387e8ffd0512438

SHA512
079c88067b13b0a53f91dcbce33f077056e2ea51a80cd4f33f58e73094d1e09d828cfeb2cb07ecbd965e4e41bd63b47639d64503d603e77e606df7f56cf11e04

Download Submit
C:\Windows\system\NXMoWAm.exe

Filesize
6.0MB

MD5
7f8d173be0b0fbe772a4936c2986bbb1

SHA1
4f341bc01d44219174ee82c0ea11801fd4f41614

SHA256
01f05e46f685050e6ed64a7d5bc6da5133b03c95ce03b525681429874b8fb595

SHA512
610323d14db28941296e6bc76e86943ca9a9990f36eb3f787d3a0cd8252bdfeb1263dae4b9ac44b75630f84acb6e1a716351a9077718abbf3b7bc0428aba62cf

Download Submit
C:\Windows\system\OqjSrhC.exe

Filesize
6.0MB

MD5
c6dad5290f125476cd9ffe232180a2a1

SHA1
71075a460825cab712a47c1ae84bf13315c94275

SHA256
8d97f239e99c05ef5de49eec72b271e0149d5676521ac5df3ce6853f487aa487

SHA512
b9b28060a050f57288e51ac87a30ee98271df02dc3452a56733f3dd94d3521630e900373c58bd9d1dc2632126b2238df90383d41f79cd8a6edc7b6fe765ec710

Download Submit
C:\Windows\system\PkKOVVG.exe

Filesize
6.0MB

MD5
dc4b2028e6a00a167b0384eae698b69a

SHA1
ff63da9fe7b84485ce781afaa7238cb411588beb

SHA256
85676b30170115d3efc73ca2db134eacb8e321224407bc7543eac765f6e83eae

SHA512
37d257754627b81ab2909581e291c478d03817ce5fbe41243c38d9a5de10ddfa293a6fb5bde5d54f752f397f55f402069fb4bcc0997eeaeafdc4b183128ceea0

Download Submit
C:\Windows\system\QhxRqdU.exe

Filesize
6.0MB

MD5
2beda090602b43405be6ec8389834cb1

SHA1
4cca53175101fcbf6951d842d40108012155f8e3

SHA256
908f687b7a8c5de812bf0d6a9bd98a41ac64cfd610d21cef4acf67e3b40e96bd

SHA512
9a4b502ca45c52588c74ec43b1d0b8f99dd5afe400ba6ab37652436e0e9bc8c3a7b09b913e8a8b515854741b6210193d99146ee13a7ddfff440e91c5d8935f0c

Download Submit
C:\Windows\system\RRScyeU.exe

Filesize
6.0MB

MD5
b18acc2cd5871fbac0049de31438ed5c

SHA1
a062a98408ff46e575acb11b57996f8c6694a9fd

SHA256
713b84771c0a94cb6005893b0bddcb30865dbf2a66dee7bb288b89625d1e49e3

SHA512
5c236ac58a94266ec63a55f30ca411bb8f018942c7743c8aa55adc32d66289a9fd59bf4f071e3d8a401987241287156e5a53732bfc304a896f64f37463b90673

Download Submit
C:\Windows\system\UOguVbs.exe

Filesize
6.0MB

MD5
dd67135c3bb20a9fb5b22291a6dafaeb

SHA1
ae16bf42aa15c8fce80e863dab8abd53dadb3ace

SHA256
e275f9cfa233d703d7f7fdffe27d41f668b60c919ef9e4b476bf9cece967327f

SHA512
2c4ed351b735caa30613743ec5e29291e4965bfe795cfbf07a7641aba4c07e38733ff232f7e1473de092c694a3d92a64f04bbca225d614293d021a8fb3b6454a

Download Submit
C:\Windows\system\UOvccRb.exe

Filesize
6.0MB

MD5
d4567e126adc31acfad0d19efc1bfe0b

SHA1
b2795109521948b0dde9915dbfd89ca7561c7a9c

SHA256
828e95eb10d25379c6f9f781c3fb79dadea2821c97244a700343826ed2224f9d

SHA512
a561a6c2086507735651e2f8425933d7312126b83479639bac341fa1059ffc322eb008a95a218259558df90f3d1f7b9a97645d8b8c916b5e0d390c36713c0bc3

Download Submit
C:\Windows\system\cBrehbd.exe

Filesize
6.0MB

MD5
4fd3d7f17fb45f17677112827dc9c6fe

SHA1
ab0b551b8f0a5e06e07c4c1dd9689b72caccf3c7

SHA256
587a78ae0f4d3a2125952fd23618ba7070d8804d8a5fc7b6391a34e466cbf6f2

SHA512
f7afec13d4acf0b53f038dac381058d54dfcfcd532a674b24428ad1ce023920e7a8ac559f87fc596380adf9651001f9aa6a5d7896a465b238666dbb186fe1ed1

Download Submit
C:\Windows\system\cxPSLnM.exe

Filesize
6.0MB

MD5
24eceed69b23d3f47cc6fb29925a5c27

SHA1
42716d066993e5a4a5724356e6bc727fb68a3225

SHA256
dcfd7c3aa68a5df43d807e7ba9071309474ce90b5fa6b55ab341618885acfcc9

SHA512
5337f635ea07d9d926bfe133d7478ec7f75a09c476591746cfc4ab1a76c9a3aa60ed289c26e009eb7425f7f27fa727d65915f79a0986e8ec4eabf5f4d6ebaf5d

Download Submit
C:\Windows\system\fEoHIVO.exe

Filesize
6.0MB

MD5
71ea6217510328e77ab94aa4375a1e47

SHA1
5cc6ab23ea30cd8731efa58bf1b7c1f07ab0a3f6

SHA256
a96ddb7ac454ebf48491416d46049770804f88f02dbe58509debb016681d5526

SHA512
bec7360e7e9249a564129ad780f84caba958450cb2de687a9f2d94da4d3ac45495aaab7502f17e17e64eeab8005b88ca1ee6556fbc36e9485ed231eae674aca7

Download Submit
C:\Windows\system\fOAOgpw.exe

Filesize
6.0MB

MD5
fb36c00fc05ffdf897f513e8869ea02e

SHA1
fbc2837f022dd1df59c6f73ec3a371afa03654ed

SHA256
c69e66dd672d24b7d918a88586a0abc8c293bad33599cfda91fd7b3adf2e6a24

SHA512
5dd320ed76d51bf5c38ca6e1cc132780741243e3fb2906df19457120e9267f4c4a40010edb7978fd9f1e939680e14cb50275c3d082b530d12b3f9f402ed748f0

Download Submit
C:\Windows\system\hODKADh.exe

Filesize
6.0MB

MD5
b4d591ff84cc1de7eaafce7de6eb8655

SHA1
29135ed4e270f3800f2128246211365a5c218505

SHA256
11f4151f29ad94e950c028795ee8c26b9e9e92d2ed4f45d3047c671388ab261e

SHA512
da040e68efd7dafd6a2e7ab1c416976d1dfa838d40fc4100b8bf63b9ad63534514c8d8ab10e0beaadc2cc0659566d0157ce9c22476ffa0d4ea40807fc3240daf

Download Submit
C:\Windows\system\jUTysHZ.exe

Filesize
6.0MB

MD5
0e1a39407f8421f076aa62a69860c20e

SHA1
cf7d659398a3a6e5f3ccc08fb45c3498fe4e4b6d

SHA256
02f7b432a2e4d48d0c1e93f8fb76dca4a10d36018233612b31bdb6c7dcf5727d

SHA512
ddc493e036c36365459bfc3f0ee606a086c7ab41608670c4e0d1e822783752e409f55c6dd2e4b7a4020b5eb5a08b342e0f6c46f687d1f16dcf94b47183ccc054

Download Submit
C:\Windows\system\jdvnPuj.exe

Filesize
6.0MB

MD5
6c8fe08eb6b31859ab8d052539422ec3

SHA1
a35f099810aee90c7cc068e0bd921fa5d71ab3d0

SHA256
c0663bfbe3f20f214cfa5fd6626c9ea974902be50fe2c26175e13099b8855154

SHA512
ec2479799c2c145a5933240b02f7214915bf4d567dabbd734d438ba7a0ecde74d4c219549d6c67b853d5e253a878a5248e9303c61600b370f5aef8af89a83391

Download Submit
C:\Windows\system\lvnhvcv.exe

Filesize
6.0MB

MD5
e7be753c0a6270b752334304e45db4bc

SHA1
2e744144251aba05a25b12cb67c572316e242c96

SHA256
6356693fa7262fe13c8e79917bc80f3b42e0eae66220bbbcac4f686c092e95c4

SHA512
3b4cd21b65f4dfbd72a98f6f99c9b44b27a7531a0092b8fd90e50bb124ffb2679925922787e641590520a786044f775734b0e4bbfe801dcad1f6de3d8fe9f621

Download Submit
C:\Windows\system\nSxhVKM.exe

Filesize
6.0MB

MD5
699b2484fb3b6b120812faeb5970fdc1

SHA1
4aae54c00dce23a34446f5efc886b3eb1eddb998

SHA256
7a1f5ff5a6352e50cf614d802081d97614accc382571627652c7a13867a31d05

SHA512
aa2dfe0773dd070122f8e46ddff1985841037abcf6352e26bc39ff1f9210ce2cb8021552b9294b01695c1b08f3ef1d1fea1a56db3c5b37909cbe66efe0d68377

Download Submit
C:\Windows\system\pFomeWn.exe

Filesize
6.0MB

MD5
337b8e1e71e5ce1f1e0173ac421c4e0f

SHA1
1be11b8881ea348d6fae13dce020c22750bc62e4

SHA256
5b0fea7dbbd1621dac243cb034cb3516c8ac7e220209b7cb3cc50216431d7900

SHA512
a20f0729a7c5ef67f7db9fca4c23ae01d00bc4cf5f0223cc7562e294f4c0839a2bcf4bf22dc70d8be055ad68776f4674cb93189baef8ffbb02ddd6217712b7be

Download Submit
C:\Windows\system\ptkJMhB.exe

Filesize
6.0MB

MD5
487a87b71b51786da4cc4ab5feb83547

SHA1
e43b84e7562951f6dbe476ee5f51c059c9395be6

SHA256
a2eda89c91d5a5428b5f50721fdc9145fe87cb146f8b56765e6c588ace97ee33

SHA512
7c3c5e60ae9637fb5f3a53451eb2b22b743d5d21f296855b1214a08e193ed9d3a112d26778f5d4484e5d7ab0a58000800b41e37499fdff4c1009ed0eb23c5885

Download Submit
C:\Windows\system\qWWrtXT.exe

Filesize
6.0MB

MD5
6616fff53377fdd0a5167780d92b8097

SHA1
008cbc51ecafddf69c2828296c1055b69b1c0b7c

SHA256
e1b4d4dfe69c215175bc325711911a40ca74ab089ae72b8dc554f6afa1f1e0ee

SHA512
c15edfd4d2ba75e94a4b67ca3fff5749244311523ed960547990e0a34eb3d3ae21848ae489dd5dac906392b8c45abc17dd5c38d4dd6ef7d5c81b3c9fa2e941a5

Download Submit
C:\Windows\system\rgqPSVL.exe

Filesize
6.0MB

MD5
8535a92fc44e6ea368ba3b484517e542

SHA1
fefa83fd570579d07b7b0a3b8237a916ccf96fb3

SHA256
5e63db3fd7b61bd5390ffeb2b96f690804ad99b43daef8adfdfb4706e2152336

SHA512
552451aacfec38fbb5a3b86d026d597ae207c30ca8880ebecc99fcce87d6d28815691deb408f11d077bbd23af4ff88f5df3585207c1a6d58bdad9abf35eb62b9

Download Submit
C:\Windows\system\rjmKeqy.exe

Filesize
6.0MB

MD5
39de77eda82bcbec3b347a947bc82f32

SHA1
bcd3701aafaf48987e81eab876349f2174d4c90d

SHA256
dc6ada6505f010d1b02fdb7f539089c57d0c9823d83410776e88bae614794a06

SHA512
8fa47343306bb4f3616008c5b81c36c4daea6280f28a923ec302cb22d88ef881ad0f90e9665d4de552e63e665d0550a4a4eeea4e7939d47e0a40057c200aa545

Download Submit
C:\Windows\system\vAnHmDu.exe

Filesize
6.0MB

MD5
0c06b3d423aab589998119bdaa857ca9

SHA1
28cd943bb4111345235a82030d871acbd03cf6b4

SHA256
d7473bbbd9165d408a311cd0e9824a5804cd61e8cc56c11954731b81571dc5bf

SHA512
a170f1cfd8efb41cad9e01538aa954c7ae3a0f1a40b8012e992c514683dc46b24bfa731921d5c5384058da6c884aa5283eb480db59582677214ecc80bbdb08f2

Download Submit
C:\Windows\system\wzyFyhA.exe

Filesize
6.0MB

MD5
db7a7d000bab2285e9cae7e7c0548632

SHA1
6c9ea04ec6e854662907fa17a9ba0738891b636e

SHA256
31ff1e6da5b00dca4cac6aa304f2441b2994ca0f141b465a419066ab782e7973

SHA512
dd20bb6fec58b1376ecdfff1ca1df6875c47dfe0389581e3a08eccad9c173cab981448f52bc4f9f73b0805bfccae2de3b1e7e0fefae4484d9c5921f948eddd3b

Download Submit
C:\Windows\system\xxVUdbH.exe

Filesize
6.0MB

MD5
3fd7461289d842377f4a660f305682c0

SHA1
a41a5e5267b7bad8dc00e06c0b8ffa7c4a8b4832

SHA256
e1503b6b0f61484e753d27c10014177af49971509da70822771877445309227b

SHA512
b07ab27bb1f4e74a6ddbecc09452074510fbf54f7a1d1165b11d98c03e7b502801afcabafcf84f110167167369fb0ea1c1a733578cd9bb05fed5f17aed7c8d40

Download Submit
C:\Windows\system\ygGREct.exe

Filesize
6.0MB

MD5
31bdf399c1ec65dc5cf4956278c3e954

SHA1
d192fac0f6421132489beb37e8b235f4912bc13f

SHA256
2033317d2d9349e14d7259e7225657cab1f7ef34227cb5a17830a185ade227b6

SHA512
c9bb58c7927b38022b910d848a30c0755b1ddc5136a24ea27fa4025f74706c01f4e0eee4a051699d1223c5e700ea36453b72f93df77013f9cedaf9ea2853065d

Download Submit
\Windows\system\xhpBkbm.exe

Filesize
6.0MB

MD5
0cc87dd83539ec06dcd6a06dd3a3673f

SHA1
d24b8f5905b761df4f26d4e1149860b7344a8639

SHA256
53edd1b8097066f81cb0fdc603604b11bb4b95f3bf687e6c21e853e6fa8d7c37

SHA512
1d57ed1cf3b7669f22965b0360a79f0e307bf500e8593c6578c9b2fcbd12962eee0ec78bdf453db020a2915eea11c8234f942eddcbd66101752a1c3d6175690a

Download Submit
memory/1144-4037-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1144-27-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1260-23-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1260-4044-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-93-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-4040-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-928-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-38-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/1832-4045-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/1832-75-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/1852-36-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1852-4038-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1876-619-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1876-84-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1876-4042-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2356-99-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2356-1102-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2356-4041-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2400-4036-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2400-19-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2536-927-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-114-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2536-321-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-106-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-1462-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2536-64-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2536-83-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-0-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-62-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-61-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-15-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-92-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-47-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-76-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2536-617-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-37-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-34-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2536-54-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2536-32-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2536-98-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-4035-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-77-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-110-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2640-69-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2748-40-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2748-4043-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2748-78-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2848-55-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2848-91-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2848-4046-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2972-4033-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-63-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-4039-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/3016-48-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download