cobaltstrike | 1b51c1884f60e56e52e15d67d084136617d710cae173af3890096c4b51451a29

Analysis

max time kernel
150s
max time network
27s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 03:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

9667b6d771e7f0cd336f2bf042f4120c
SHA1

c85770b84d0dc5e4e3ba2d7d98f34d1c2e58784a
SHA256

1b51c1884f60e56e52e15d67d084136617d710cae173af3890096c4b51451a29
SHA512

b77ef7729008111b71996adaa5a2f8c8910e9919718631370df0af1bef9c6513d4f34653eee56780cd0e2547774ffb27a47416b72d443520c8da62850e98c13f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUk:T+q56utgpPF8u/7k

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012251-6.dat	cobalt_reflective_dll
behavioral1/files/0x000f000000018ab4-7.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b54-16.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b58-18.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b5d-26.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b64-41.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018ffa-92.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001903d-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001904d-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019074-128.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191d2-156.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019206-178.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000192d3-188.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000192ad-183.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191ed-168.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191f7-173.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191da-163.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191bb-147.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191c8-152.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001919b-137.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191b3-142.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001915a-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019044-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019028-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fcd-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fc7-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fc2-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001901a-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fe2-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fca-64.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fc4-56.dat	cobalt_reflective_dll
behavioral1/files/0x000f000000018afc-46.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1972-0-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/files/0x000c000000012251-6.dat	xmrig
behavioral1/files/0x000f000000018ab4-7.dat	xmrig
behavioral1/files/0x0007000000018b54-16.dat	xmrig
behavioral1/files/0x0006000000018b58-18.dat	xmrig
behavioral1/files/0x0006000000018b5d-26.dat	xmrig
behavioral1/memory/1972-28-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2280-31-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2976-42-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000018b64-41.dat	xmrig
behavioral1/memory/2028-78-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2616-102-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x0005000000018ffa-92.dat	xmrig
behavioral1/files/0x000500000001903d-112.dat	xmrig
behavioral1/files/0x000500000001904d-122.dat	xmrig
behavioral1/files/0x0005000000019074-128.dat	xmrig
behavioral1/files/0x00040000000191d2-156.dat	xmrig
behavioral1/files/0x0004000000019206-178.dat	xmrig
behavioral1/memory/2744-1778-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2716-1798-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2192-1806-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2616-1805-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2324-1804-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2652-1803-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2976-1802-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2028-1801-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2056-1800-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2752-1799-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2872-1794-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2968-1763-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2280-1792-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2768-1770-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2028-428-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2056-360-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2752-302-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2976-301-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/files/0x00040000000192d3-188.dat	xmrig
behavioral1/files/0x00040000000192ad-183.dat	xmrig
behavioral1/files/0x00040000000191ed-168.dat	xmrig
behavioral1/files/0x00040000000191f7-173.dat	xmrig
behavioral1/files/0x00040000000191da-163.dat	xmrig
behavioral1/memory/1972-155-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/files/0x00040000000191bb-147.dat	xmrig
behavioral1/files/0x00040000000191c8-152.dat	xmrig
behavioral1/files/0x000400000001919b-137.dat	xmrig
behavioral1/files/0x00040000000191b3-142.dat	xmrig
behavioral1/files/0x000400000001915a-132.dat	xmrig
behavioral1/files/0x0005000000019044-117.dat	xmrig
behavioral1/files/0x0005000000019028-108.dat	xmrig
behavioral1/files/0x0005000000018fcd-90.dat	xmrig
behavioral1/files/0x0005000000018fc7-88.dat	xmrig
behavioral1/files/0x0005000000018fc2-86.dat	xmrig
behavioral1/memory/1972-104-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/2192-103-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2056-69-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2324-101-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2652-100-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x000500000001901a-95.dat	xmrig
behavioral1/memory/2716-74-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x0005000000018fe2-73.dat	xmrig
behavioral1/files/0x0005000000018fca-64.dat	xmrig
behavioral1/files/0x0005000000018fc4-56.dat	xmrig
behavioral1/memory/2752-55-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/files/0x000f000000018afc-46.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2968	Ovuqduy.exe
2280	uwOsXLz.exe
2768	PhnGSWz.exe
2872	DORcJwP.exe
2744	vhklgbW.exe
2976	MgeGRWd.exe
2752	JdaAmkj.exe
2716	YkwuVxr.exe
2056	UDBvTWJ.exe
2028	fWodvhy.exe
2652	igEbnzC.exe
2324	OInHVHI.exe
2616	kJofDDq.exe
2192	mtEHLDT.exe
1580	QogSrWz.exe
3068	iaUYBob.exe
2992	wNxEUOY.exe
2832	OmlyOgA.exe
3064	KWntCAA.exe
2224	vdjvhWU.exe
2676	zHlQDGq.exe
820	LrKzRoG.exe
1708	tKxrgya.exe
2472	oNEGYVL.exe
1176	Vooxuwu.exe
2096	TVyipCA.exe
2512	HrbYXkY.exe
2292	TAEenEV.exe
2236	dQtUVtp.exe
1436	Yvmgzpj.exe
2436	nUKVXjQ.exe
2520	eGJqmTv.exe
2128	gbbKwfV.exe
2080	exzijlY.exe
1992	aaFdega.exe
2440	ACPZyIe.exe
2312	lTpwcCc.exe
2488	xBgDBFn.exe
1528	mXUZavX.exe
2492	tzZVapO.exe
1408	lRZhbnc.exe
2024	yuaImcJ.exe
2840	rWObgEp.exe
1156	ZPshEFA.exe
956	FoQdZaf.exe
2088	EjoFsTk.exe
2064	HGMgdwk.exe
1632	SLJmvCy.exe
2424	uMGFzJG.exe
1400	PcAlHnm.exe
368	DiVhogr.exe
2072	RYOxkOK.exe
1724	zParOJP.exe
2608	pnMTFBG.exe
2100	twilbfz.exe
1700	HVXhdgf.exe
1800	vOqbNSR.exe
2780	MLPDcqr.exe
2848	nevQWlu.exe
2792	VGkCszu.exe
2648	okYshTy.exe
2360	RwxDnTN.exe
3020	OgPHVzP.exe
2704	sQfUntE.exe

Loads dropped DLL 64 IoCs

pid	Process
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1972-0-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/files/0x000c000000012251-6.dat	upx
behavioral1/files/0x000f000000018ab4-7.dat	upx
behavioral1/files/0x0007000000018b54-16.dat	upx
behavioral1/files/0x0006000000018b58-18.dat	upx
behavioral1/files/0x0006000000018b5d-26.dat	upx
behavioral1/memory/2280-31-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2976-42-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/files/0x0008000000018b64-41.dat	upx
behavioral1/memory/2028-78-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2616-102-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x0005000000018ffa-92.dat	upx
behavioral1/files/0x000500000001903d-112.dat	upx
behavioral1/files/0x000500000001904d-122.dat	upx
behavioral1/files/0x0005000000019074-128.dat	upx
behavioral1/files/0x00040000000191d2-156.dat	upx
behavioral1/files/0x0004000000019206-178.dat	upx
behavioral1/memory/2744-1778-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2716-1798-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2192-1806-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2616-1805-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2324-1804-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2652-1803-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2976-1802-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2028-1801-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2056-1800-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2752-1799-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2872-1794-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2968-1763-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2280-1792-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2768-1770-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2028-428-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2056-360-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2752-302-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2976-301-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/files/0x00040000000192d3-188.dat	upx
behavioral1/files/0x00040000000192ad-183.dat	upx
behavioral1/files/0x00040000000191ed-168.dat	upx
behavioral1/files/0x00040000000191f7-173.dat	upx
behavioral1/files/0x00040000000191da-163.dat	upx
behavioral1/memory/1972-155-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/files/0x00040000000191bb-147.dat	upx
behavioral1/files/0x00040000000191c8-152.dat	upx
behavioral1/files/0x000400000001919b-137.dat	upx
behavioral1/files/0x00040000000191b3-142.dat	upx
behavioral1/files/0x000400000001915a-132.dat	upx
behavioral1/files/0x0005000000019044-117.dat	upx
behavioral1/files/0x0005000000019028-108.dat	upx
behavioral1/files/0x0005000000018fcd-90.dat	upx
behavioral1/files/0x0005000000018fc7-88.dat	upx
behavioral1/files/0x0005000000018fc2-86.dat	upx
behavioral1/memory/2192-103-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2056-69-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2324-101-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2652-100-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x000500000001901a-95.dat	upx
behavioral1/memory/2716-74-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x0005000000018fe2-73.dat	upx
behavioral1/files/0x0005000000018fca-64.dat	upx
behavioral1/files/0x0005000000018fc4-56.dat	upx
behavioral1/memory/2752-55-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/files/0x000f000000018afc-46.dat	upx
behavioral1/memory/2968-39-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2744-38-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tjFkElP.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nvleIqj.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\frouask.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RwxDnTN.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\InJbfFN.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KIJOmka.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NqYPihm.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ysIOdpO.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxtXqeE.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNczGmL.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OQXrGHv.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fykdquA.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oIDSkmu.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNRdyBK.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JLBiFFo.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ICGTcVh.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jMtVklH.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\igPkWxE.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QDbACFr.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btUWAXx.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YZtxeIa.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYBYnSN.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YOdLoSi.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpNbyIT.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPVuIeO.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyqYfMD.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JpPWczW.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mljGTuK.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfAcbgA.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wBKuxNT.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qULTGcP.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yOXbMAt.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnniNms.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfdKYaw.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ynhCZul.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pgQQuro.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQLEzAK.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QgBUapu.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nyFMVLl.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vyblEcz.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qltpTsP.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rVIycPA.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XnXZFSA.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWNkLzz.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTOlLId.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EkfcitG.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xUVyfOw.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BrkqWKE.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OpTJrmC.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VbrvBxj.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\miFoxUv.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCdRErT.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecrBVqQ.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMisBTp.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EOzgDAT.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BgIQENg.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hIclsnB.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PPFAjMh.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kTiFnEl.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eUvsciG.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYUlEin.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VvaZFDE.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HXiohQK.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NpLFtJe.exe	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2968	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1972 wrote to memory of 2968	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1972 wrote to memory of 2968	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1972 wrote to memory of 2280	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1972 wrote to memory of 2280	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1972 wrote to memory of 2280	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1972 wrote to memory of 2768	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1972 wrote to memory of 2768	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1972 wrote to memory of 2768	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1972 wrote to memory of 2872	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1972 wrote to memory of 2872	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1972 wrote to memory of 2872	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1972 wrote to memory of 2744	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1972 wrote to memory of 2744	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1972 wrote to memory of 2744	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1972 wrote to memory of 2976	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1972 wrote to memory of 2976	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1972 wrote to memory of 2976	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1972 wrote to memory of 2752	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1972 wrote to memory of 2752	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1972 wrote to memory of 2752	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1972 wrote to memory of 2652	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1972 wrote to memory of 2652	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1972 wrote to memory of 2652	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1972 wrote to memory of 2716	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1972 wrote to memory of 2716	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1972 wrote to memory of 2716	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1972 wrote to memory of 2324	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1972 wrote to memory of 2324	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1972 wrote to memory of 2324	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1972 wrote to memory of 2056	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1972 wrote to memory of 2056	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1972 wrote to memory of 2056	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1972 wrote to memory of 2616	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1972 wrote to memory of 2616	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1972 wrote to memory of 2616	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1972 wrote to memory of 2028	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1972 wrote to memory of 2028	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1972 wrote to memory of 2028	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1972 wrote to memory of 2192	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1972 wrote to memory of 2192	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1972 wrote to memory of 2192	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1972 wrote to memory of 1580	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1972 wrote to memory of 1580	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1972 wrote to memory of 1580	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1972 wrote to memory of 3068	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1972 wrote to memory of 3068	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1972 wrote to memory of 3068	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1972 wrote to memory of 2992	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1972 wrote to memory of 2992	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1972 wrote to memory of 2992	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1972 wrote to memory of 2832	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1972 wrote to memory of 2832	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1972 wrote to memory of 2832	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1972 wrote to memory of 3064	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1972 wrote to memory of 3064	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1972 wrote to memory of 3064	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1972 wrote to memory of 2224	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1972 wrote to memory of 2224	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1972 wrote to memory of 2224	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1972 wrote to memory of 2676	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1972 wrote to memory of 2676	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1972 wrote to memory of 2676	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1972 wrote to memory of 820	1972	2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-23_9667b6d771e7f0cd336f2bf042f4120c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\System\Ovuqduy.exe
  C:\Windows\System\Ovuqduy.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\uwOsXLz.exe
  C:\Windows\System\uwOsXLz.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\PhnGSWz.exe
  C:\Windows\System\PhnGSWz.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\DORcJwP.exe
  C:\Windows\System\DORcJwP.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\vhklgbW.exe
  C:\Windows\System\vhklgbW.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\MgeGRWd.exe
  C:\Windows\System\MgeGRWd.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\JdaAmkj.exe
  C:\Windows\System\JdaAmkj.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\igEbnzC.exe
  C:\Windows\System\igEbnzC.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\YkwuVxr.exe
  C:\Windows\System\YkwuVxr.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\OInHVHI.exe
  C:\Windows\System\OInHVHI.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\UDBvTWJ.exe
  C:\Windows\System\UDBvTWJ.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\kJofDDq.exe
  C:\Windows\System\kJofDDq.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\fWodvhy.exe
  C:\Windows\System\fWodvhy.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\mtEHLDT.exe
  C:\Windows\System\mtEHLDT.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\QogSrWz.exe
  C:\Windows\System\QogSrWz.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\iaUYBob.exe
  C:\Windows\System\iaUYBob.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\wNxEUOY.exe
  C:\Windows\System\wNxEUOY.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\OmlyOgA.exe
  C:\Windows\System\OmlyOgA.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\KWntCAA.exe
  C:\Windows\System\KWntCAA.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\vdjvhWU.exe
  C:\Windows\System\vdjvhWU.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\zHlQDGq.exe
  C:\Windows\System\zHlQDGq.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\LrKzRoG.exe
  C:\Windows\System\LrKzRoG.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\tKxrgya.exe
  C:\Windows\System\tKxrgya.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\oNEGYVL.exe
  C:\Windows\System\oNEGYVL.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\Vooxuwu.exe
  C:\Windows\System\Vooxuwu.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\TVyipCA.exe
  C:\Windows\System\TVyipCA.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\HrbYXkY.exe
  C:\Windows\System\HrbYXkY.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\TAEenEV.exe
  C:\Windows\System\TAEenEV.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\dQtUVtp.exe
  C:\Windows\System\dQtUVtp.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\Yvmgzpj.exe
  C:\Windows\System\Yvmgzpj.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\nUKVXjQ.exe
  C:\Windows\System\nUKVXjQ.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\eGJqmTv.exe
  C:\Windows\System\eGJqmTv.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\gbbKwfV.exe
  C:\Windows\System\gbbKwfV.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\exzijlY.exe
  C:\Windows\System\exzijlY.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\aaFdega.exe
  C:\Windows\System\aaFdega.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\ACPZyIe.exe
  C:\Windows\System\ACPZyIe.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\lTpwcCc.exe
  C:\Windows\System\lTpwcCc.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\xBgDBFn.exe
  C:\Windows\System\xBgDBFn.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\mXUZavX.exe
  C:\Windows\System\mXUZavX.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\tzZVapO.exe
  C:\Windows\System\tzZVapO.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\lRZhbnc.exe
  C:\Windows\System\lRZhbnc.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\yuaImcJ.exe
  C:\Windows\System\yuaImcJ.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\rWObgEp.exe
  C:\Windows\System\rWObgEp.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\ZPshEFA.exe
  C:\Windows\System\ZPshEFA.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\FoQdZaf.exe
  C:\Windows\System\FoQdZaf.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\EjoFsTk.exe
  C:\Windows\System\EjoFsTk.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\HGMgdwk.exe
  C:\Windows\System\HGMgdwk.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\SLJmvCy.exe
  C:\Windows\System\SLJmvCy.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\uMGFzJG.exe
  C:\Windows\System\uMGFzJG.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\PcAlHnm.exe
  C:\Windows\System\PcAlHnm.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\DiVhogr.exe
  C:\Windows\System\DiVhogr.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\RYOxkOK.exe
  C:\Windows\System\RYOxkOK.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\zParOJP.exe
  C:\Windows\System\zParOJP.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\pnMTFBG.exe
  C:\Windows\System\pnMTFBG.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\twilbfz.exe
  C:\Windows\System\twilbfz.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\HVXhdgf.exe
  C:\Windows\System\HVXhdgf.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\vOqbNSR.exe
  C:\Windows\System\vOqbNSR.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\MLPDcqr.exe
  C:\Windows\System\MLPDcqr.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\nevQWlu.exe
  C:\Windows\System\nevQWlu.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\VGkCszu.exe
  C:\Windows\System\VGkCszu.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\okYshTy.exe
  C:\Windows\System\okYshTy.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\RwxDnTN.exe
  C:\Windows\System\RwxDnTN.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\OgPHVzP.exe
  C:\Windows\System\OgPHVzP.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\sQfUntE.exe
  C:\Windows\System\sQfUntE.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\jRcIkdS.exe
  C:\Windows\System\jRcIkdS.exe
  2⤵
  PID:3036
- C:\Windows\System\FWFXtfj.exe
  C:\Windows\System\FWFXtfj.exe
  2⤵
  PID:1652
- C:\Windows\System\TggShiy.exe
  C:\Windows\System\TggShiy.exe
  2⤵
  PID:2904
- C:\Windows\System\rAeOJeD.exe
  C:\Windows\System\rAeOJeD.exe
  2⤵
  PID:2836
- C:\Windows\System\AVHtqvr.exe
  C:\Windows\System\AVHtqvr.exe
  2⤵
  PID:2460
- C:\Windows\System\AVsTzBC.exe
  C:\Windows\System\AVsTzBC.exe
  2⤵
  PID:2136
- C:\Windows\System\xinpnGd.exe
  C:\Windows\System\xinpnGd.exe
  2⤵
  PID:1320
- C:\Windows\System\lECAXsi.exe
  C:\Windows\System\lECAXsi.exe
  2⤵
  PID:2184
- C:\Windows\System\RNMXVvQ.exe
  C:\Windows\System\RNMXVvQ.exe
  2⤵
  PID:2428
- C:\Windows\System\hpCWspu.exe
  C:\Windows\System\hpCWspu.exe
  2⤵
  PID:2476
- C:\Windows\System\rQUGYLn.exe
  C:\Windows\System\rQUGYLn.exe
  2⤵
  PID:1760
- C:\Windows\System\nqoaOqw.exe
  C:\Windows\System\nqoaOqw.exe
  2⤵
  PID:1152
- C:\Windows\System\azPYzmq.exe
  C:\Windows\System\azPYzmq.exe
  2⤵
  PID:2536
- C:\Windows\System\aBvyIcP.exe
  C:\Windows\System\aBvyIcP.exe
  2⤵
  PID:1108
- C:\Windows\System\xgYwvUE.exe
  C:\Windows\System\xgYwvUE.exe
  2⤵
  PID:2464
- C:\Windows\System\YSdnZIM.exe
  C:\Windows\System\YSdnZIM.exe
  2⤵
  PID:1488
- C:\Windows\System\cmtEafT.exe
  C:\Windows\System\cmtEafT.exe
  2⤵
  PID:2036
- C:\Windows\System\giLYRAT.exe
  C:\Windows\System\giLYRAT.exe
  2⤵
  PID:2168
- C:\Windows\System\sAJTeSf.exe
  C:\Windows\System\sAJTeSf.exe
  2⤵
  PID:756
- C:\Windows\System\QsQZnYZ.exe
  C:\Windows\System\QsQZnYZ.exe
  2⤵
  PID:912
- C:\Windows\System\TktPVJe.exe
  C:\Windows\System\TktPVJe.exe
  2⤵
  PID:472
- C:\Windows\System\HoKCKsp.exe
  C:\Windows\System\HoKCKsp.exe
  2⤵
  PID:940
- C:\Windows\System\skxIaCE.exe
  C:\Windows\System\skxIaCE.exe
  2⤵
  PID:2176
- C:\Windows\System\JqcEQue.exe
  C:\Windows\System\JqcEQue.exe
  2⤵
  PID:1372
- C:\Windows\System\mhbFuRO.exe
  C:\Windows\System\mhbFuRO.exe
  2⤵
  PID:1568
- C:\Windows\System\LsRNpIK.exe
  C:\Windows\System\LsRNpIK.exe
  2⤵
  PID:2732
- C:\Windows\System\CLuAZmj.exe
  C:\Windows\System\CLuAZmj.exe
  2⤵
  PID:2644
- C:\Windows\System\JYnImTa.exe
  C:\Windows\System\JYnImTa.exe
  2⤵
  PID:1704
- C:\Windows\System\TnniNms.exe
  C:\Windows\System\TnniNms.exe
  2⤵
  PID:2772
- C:\Windows\System\DvQxUEn.exe
  C:\Windows\System\DvQxUEn.exe
  2⤵
  PID:2812
- C:\Windows\System\MyllGjn.exe
  C:\Windows\System\MyllGjn.exe
  2⤵
  PID:3004
- C:\Windows\System\zLYYJSy.exe
  C:\Windows\System\zLYYJSy.exe
  2⤵
  PID:2220
- C:\Windows\System\lNPOIMV.exe
  C:\Windows\System\lNPOIMV.exe
  2⤵
  PID:1276
- C:\Windows\System\yIpanHt.exe
  C:\Windows\System\yIpanHt.exe
  2⤵
  PID:2888
- C:\Windows\System\zfGyqTN.exe
  C:\Windows\System\zfGyqTN.exe
  2⤵
  PID:2148
- C:\Windows\System\xUeQTcR.exe
  C:\Windows\System\xUeQTcR.exe
  2⤵
  PID:624
- C:\Windows\System\duVszvj.exe
  C:\Windows\System\duVszvj.exe
  2⤵
  PID:1788
- C:\Windows\System\WvYBrej.exe
  C:\Windows\System\WvYBrej.exe
  2⤵
  PID:1820
- C:\Windows\System\UfdeeAn.exe
  C:\Windows\System\UfdeeAn.exe
  2⤵
  PID:1808
- C:\Windows\System\dwyFkgq.exe
  C:\Windows\System\dwyFkgq.exe
  2⤵
  PID:1696
- C:\Windows\System\YZtxeIa.exe
  C:\Windows\System\YZtxeIa.exe
  2⤵
  PID:1460
- C:\Windows\System\oyKzCWu.exe
  C:\Windows\System\oyKzCWu.exe
  2⤵
  PID:1080
- C:\Windows\System\IWXGNJi.exe
  C:\Windows\System\IWXGNJi.exe
  2⤵
  PID:2160
- C:\Windows\System\hKJsFAw.exe
  C:\Windows\System\hKJsFAw.exe
  2⤵
  PID:1164
- C:\Windows\System\tffhrJc.exe
  C:\Windows\System\tffhrJc.exe
  2⤵
  PID:1952
- C:\Windows\System\WtzXcDx.exe
  C:\Windows\System\WtzXcDx.exe
  2⤵
  PID:936
- C:\Windows\System\UKTfxUn.exe
  C:\Windows\System\UKTfxUn.exe
  2⤵
  PID:2244
- C:\Windows\System\jXspzry.exe
  C:\Windows\System\jXspzry.exe
  2⤵
  PID:2580
- C:\Windows\System\ZFAGSAA.exe
  C:\Windows\System\ZFAGSAA.exe
  2⤵
  PID:2564
- C:\Windows\System\KOJpDRt.exe
  C:\Windows\System\KOJpDRt.exe
  2⤵
  PID:1824
- C:\Windows\System\myKRSNQ.exe
  C:\Windows\System\myKRSNQ.exe
  2⤵
  PID:1612
- C:\Windows\System\jMZrPpf.exe
  C:\Windows\System\jMZrPpf.exe
  2⤵
  PID:2480
- C:\Windows\System\CPfmgqc.exe
  C:\Windows\System\CPfmgqc.exe
  2⤵
  PID:1588
- C:\Windows\System\hUbLfTh.exe
  C:\Windows\System\hUbLfTh.exe
  2⤵
  PID:2032
- C:\Windows\System\mkagErO.exe
  C:\Windows\System\mkagErO.exe
  2⤵
  PID:1140
- C:\Windows\System\OAbFOzq.exe
  C:\Windows\System\OAbFOzq.exe
  2⤵
  PID:656
- C:\Windows\System\OZpqUzH.exe
  C:\Windows\System\OZpqUzH.exe
  2⤵
  PID:2104
- C:\Windows\System\LGUGUZn.exe
  C:\Windows\System\LGUGUZn.exe
  2⤵
  PID:872
- C:\Windows\System\EOzgDAT.exe
  C:\Windows\System\EOzgDAT.exe
  2⤵
  PID:3084
- C:\Windows\System\BaXEGtJ.exe
  C:\Windows\System\BaXEGtJ.exe
  2⤵
  PID:3104
- C:\Windows\System\TQhAumC.exe
  C:\Windows\System\TQhAumC.exe
  2⤵
  PID:3120
- C:\Windows\System\LjbHTmO.exe
  C:\Windows\System\LjbHTmO.exe
  2⤵
  PID:3136
- C:\Windows\System\DHsAdoh.exe
  C:\Windows\System\DHsAdoh.exe
  2⤵
  PID:3152
- C:\Windows\System\AJrOBhO.exe
  C:\Windows\System\AJrOBhO.exe
  2⤵
  PID:3168
- C:\Windows\System\crDxBjt.exe
  C:\Windows\System\crDxBjt.exe
  2⤵
  PID:3184
- C:\Windows\System\WzfhAzA.exe
  C:\Windows\System\WzfhAzA.exe
  2⤵
  PID:3204
- C:\Windows\System\WWwaPHp.exe
  C:\Windows\System\WWwaPHp.exe
  2⤵
  PID:3232
- C:\Windows\System\AKzGLfK.exe
  C:\Windows\System\AKzGLfK.exe
  2⤵
  PID:3256
- C:\Windows\System\vIoFxtJ.exe
  C:\Windows\System\vIoFxtJ.exe
  2⤵
  PID:3280
- C:\Windows\System\NjKvKzy.exe
  C:\Windows\System\NjKvKzy.exe
  2⤵
  PID:3304
- C:\Windows\System\UloFGSe.exe
  C:\Windows\System\UloFGSe.exe
  2⤵
  PID:3324
- C:\Windows\System\pzqvCuO.exe
  C:\Windows\System\pzqvCuO.exe
  2⤵
  PID:3344
- C:\Windows\System\uPJCOUf.exe
  C:\Windows\System\uPJCOUf.exe
  2⤵
  PID:3364
- C:\Windows\System\HJMwjPV.exe
  C:\Windows\System\HJMwjPV.exe
  2⤵
  PID:3384
- C:\Windows\System\TQmNRSO.exe
  C:\Windows\System\TQmNRSO.exe
  2⤵
  PID:3404
- C:\Windows\System\NvdoKxs.exe
  C:\Windows\System\NvdoKxs.exe
  2⤵
  PID:3424
- C:\Windows\System\CDBGaYH.exe
  C:\Windows\System\CDBGaYH.exe
  2⤵
  PID:3440
- C:\Windows\System\ulCDvTW.exe
  C:\Windows\System\ulCDvTW.exe
  2⤵
  PID:3468
- C:\Windows\System\jcCtwWj.exe
  C:\Windows\System\jcCtwWj.exe
  2⤵
  PID:3488
- C:\Windows\System\JNprEKy.exe
  C:\Windows\System\JNprEKy.exe
  2⤵
  PID:3508
- C:\Windows\System\HcyGqDx.exe
  C:\Windows\System\HcyGqDx.exe
  2⤵
  PID:3528
- C:\Windows\System\ERHrvkP.exe
  C:\Windows\System\ERHrvkP.exe
  2⤵
  PID:3548
- C:\Windows\System\IqmdflU.exe
  C:\Windows\System\IqmdflU.exe
  2⤵
  PID:3564
- C:\Windows\System\tgNIvVg.exe
  C:\Windows\System\tgNIvVg.exe
  2⤵
  PID:3588
- C:\Windows\System\lcYKSuO.exe
  C:\Windows\System\lcYKSuO.exe
  2⤵
  PID:3608
- C:\Windows\System\GlnLgco.exe
  C:\Windows\System\GlnLgco.exe
  2⤵
  PID:3628
- C:\Windows\System\zwKaFZg.exe
  C:\Windows\System\zwKaFZg.exe
  2⤵
  PID:3648
- C:\Windows\System\lnEGfkp.exe
  C:\Windows\System\lnEGfkp.exe
  2⤵
  PID:3668
- C:\Windows\System\zvnOncl.exe
  C:\Windows\System\zvnOncl.exe
  2⤵
  PID:3688
- C:\Windows\System\dbfoJcB.exe
  C:\Windows\System\dbfoJcB.exe
  2⤵
  PID:3704
- C:\Windows\System\qizoOmy.exe
  C:\Windows\System\qizoOmy.exe
  2⤵
  PID:3728
- C:\Windows\System\LqWdiRS.exe
  C:\Windows\System\LqWdiRS.exe
  2⤵
  PID:3748
- C:\Windows\System\bhjAsYo.exe
  C:\Windows\System\bhjAsYo.exe
  2⤵
  PID:3768
- C:\Windows\System\XwSFjDa.exe
  C:\Windows\System\XwSFjDa.exe
  2⤵
  PID:3788
- C:\Windows\System\kCMfGSY.exe
  C:\Windows\System\kCMfGSY.exe
  2⤵
  PID:3808
- C:\Windows\System\pbeTrea.exe
  C:\Windows\System\pbeTrea.exe
  2⤵
  PID:3828
- C:\Windows\System\FwUUxEX.exe
  C:\Windows\System\FwUUxEX.exe
  2⤵
  PID:3848
- C:\Windows\System\QHCPDWJ.exe
  C:\Windows\System\QHCPDWJ.exe
  2⤵
  PID:3868
- C:\Windows\System\aGltnLg.exe
  C:\Windows\System\aGltnLg.exe
  2⤵
  PID:3892
- C:\Windows\System\BjSFWCM.exe
  C:\Windows\System\BjSFWCM.exe
  2⤵
  PID:3912
- C:\Windows\System\PxAQdRQ.exe
  C:\Windows\System\PxAQdRQ.exe
  2⤵
  PID:3932
- C:\Windows\System\amNBzhW.exe
  C:\Windows\System\amNBzhW.exe
  2⤵
  PID:3952
- C:\Windows\System\JNPJskZ.exe
  C:\Windows\System\JNPJskZ.exe
  2⤵
  PID:3972
- C:\Windows\System\StWVJoy.exe
  C:\Windows\System\StWVJoy.exe
  2⤵
  PID:3992
- C:\Windows\System\XFuEexm.exe
  C:\Windows\System\XFuEexm.exe
  2⤵
  PID:4012
- C:\Windows\System\AZRNVYX.exe
  C:\Windows\System\AZRNVYX.exe
  2⤵
  PID:4032
- C:\Windows\System\HSCqOBM.exe
  C:\Windows\System\HSCqOBM.exe
  2⤵
  PID:4052
- C:\Windows\System\hSNgoHd.exe
  C:\Windows\System\hSNgoHd.exe
  2⤵
  PID:4072
- C:\Windows\System\xslOpGJ.exe
  C:\Windows\System\xslOpGJ.exe
  2⤵
  PID:4092
- C:\Windows\System\IMfvdeN.exe
  C:\Windows\System\IMfvdeN.exe
  2⤵
  PID:2980
- C:\Windows\System\tTzhXSS.exe
  C:\Windows\System\tTzhXSS.exe
  2⤵
  PID:2156
- C:\Windows\System\uaBsmtC.exe
  C:\Windows\System\uaBsmtC.exe
  2⤵
  PID:1192
- C:\Windows\System\RbHZLSd.exe
  C:\Windows\System\RbHZLSd.exe
  2⤵
  PID:824
- C:\Windows\System\TrhOzJV.exe
  C:\Windows\System\TrhOzJV.exe
  2⤵
  PID:2724
- C:\Windows\System\eVGxMfs.exe
  C:\Windows\System\eVGxMfs.exe
  2⤵
  PID:2108
- C:\Windows\System\AApvPHp.exe
  C:\Windows\System\AApvPHp.exe
  2⤵
  PID:1308
- C:\Windows\System\nCkRZvf.exe
  C:\Windows\System\nCkRZvf.exe
  2⤵
  PID:3080
- C:\Windows\System\Auihagm.exe
  C:\Windows\System\Auihagm.exe
  2⤵
  PID:3192
- C:\Windows\System\rCjiuaM.exe
  C:\Windows\System\rCjiuaM.exe
  2⤵
  PID:3252
- C:\Windows\System\ujqajgq.exe
  C:\Windows\System\ujqajgq.exe
  2⤵
  PID:3148
- C:\Windows\System\RutCMSH.exe
  C:\Windows\System\RutCMSH.exe
  2⤵
  PID:3224
- C:\Windows\System\oIypUBV.exe
  C:\Windows\System\oIypUBV.exe
  2⤵
  PID:3300
- C:\Windows\System\IEaZJct.exe
  C:\Windows\System\IEaZJct.exe
  2⤵
  PID:3332
- C:\Windows\System\gerfSqu.exe
  C:\Windows\System\gerfSqu.exe
  2⤵
  PID:3316
- C:\Windows\System\rsxFfLq.exe
  C:\Windows\System\rsxFfLq.exe
  2⤵
  PID:3460
- C:\Windows\System\MiyqRcW.exe
  C:\Windows\System\MiyqRcW.exe
  2⤵
  PID:3392
- C:\Windows\System\XTqjOpS.exe
  C:\Windows\System\XTqjOpS.exe
  2⤵
  PID:3452
- C:\Windows\System\twqRLOQ.exe
  C:\Windows\System\twqRLOQ.exe
  2⤵
  PID:3476
- C:\Windows\System\svGzPxP.exe
  C:\Windows\System\svGzPxP.exe
  2⤵
  PID:3480
- C:\Windows\System\gcLsiAl.exe
  C:\Windows\System\gcLsiAl.exe
  2⤵
  PID:3520
- C:\Windows\System\lPvyFNl.exe
  C:\Windows\System\lPvyFNl.exe
  2⤵
  PID:3580
- C:\Windows\System\kWNkLzz.exe
  C:\Windows\System\kWNkLzz.exe
  2⤵
  PID:3604
- C:\Windows\System\wiUJjHs.exe
  C:\Windows\System\wiUJjHs.exe
  2⤵
  PID:3656
- C:\Windows\System\JGWUbUE.exe
  C:\Windows\System\JGWUbUE.exe
  2⤵
  PID:3696
- C:\Windows\System\nOefaGh.exe
  C:\Windows\System\nOefaGh.exe
  2⤵
  PID:3712
- C:\Windows\System\jlyZhML.exe
  C:\Windows\System\jlyZhML.exe
  2⤵
  PID:3716
- C:\Windows\System\LWiTtER.exe
  C:\Windows\System\LWiTtER.exe
  2⤵
  PID:3784
- C:\Windows\System\VYJKmqB.exe
  C:\Windows\System\VYJKmqB.exe
  2⤵
  PID:3820
- C:\Windows\System\dYiolRi.exe
  C:\Windows\System\dYiolRi.exe
  2⤵
  PID:3856
- C:\Windows\System\mmScIMH.exe
  C:\Windows\System\mmScIMH.exe
  2⤵
  PID:3908
- C:\Windows\System\keGQKjV.exe
  C:\Windows\System\keGQKjV.exe
  2⤵
  PID:3920
- C:\Windows\System\pLuOXOv.exe
  C:\Windows\System\pLuOXOv.exe
  2⤵
  PID:3944
- C:\Windows\System\wmAHDyI.exe
  C:\Windows\System\wmAHDyI.exe
  2⤵
  PID:3968
- C:\Windows\System\GkAWLUN.exe
  C:\Windows\System\GkAWLUN.exe
  2⤵
  PID:4024
- C:\Windows\System\WHTLIjl.exe
  C:\Windows\System\WHTLIjl.exe
  2⤵
  PID:4064
- C:\Windows\System\SruZRSk.exe
  C:\Windows\System\SruZRSk.exe
  2⤵
  PID:4044
- C:\Windows\System\dvqXrOx.exe
  C:\Windows\System\dvqXrOx.exe
  2⤵
  PID:2736
- C:\Windows\System\ixoxwIm.exe
  C:\Windows\System\ixoxwIm.exe
  2⤵
  PID:328
- C:\Windows\System\YKWlTwH.exe
  C:\Windows\System\YKWlTwH.exe
  2⤵
  PID:540
- C:\Windows\System\pMAaUrk.exe
  C:\Windows\System\pMAaUrk.exe
  2⤵
  PID:1988
- C:\Windows\System\qULTGcP.exe
  C:\Windows\System\qULTGcP.exe
  2⤵
  PID:3132
- C:\Windows\System\KbVsCHd.exe
  C:\Windows\System\KbVsCHd.exe
  2⤵
  PID:3144
- C:\Windows\System\nibuibe.exe
  C:\Windows\System\nibuibe.exe
  2⤵
  PID:3180
- C:\Windows\System\MZzYJYR.exe
  C:\Windows\System\MZzYJYR.exe
  2⤵
  PID:3220
- C:\Windows\System\UErhjja.exe
  C:\Windows\System\UErhjja.exe
  2⤵
  PID:3272
- C:\Windows\System\dlrXwWR.exe
  C:\Windows\System\dlrXwWR.exe
  2⤵
  PID:3376
- C:\Windows\System\cKLzDLk.exe
  C:\Windows\System\cKLzDLk.exe
  2⤵
  PID:3436
- C:\Windows\System\qKqqEUr.exe
  C:\Windows\System\qKqqEUr.exe
  2⤵
  PID:3500
- C:\Windows\System\QPATUwZ.exe
  C:\Windows\System\QPATUwZ.exe
  2⤵
  PID:3596
- C:\Windows\System\qOfBhUD.exe
  C:\Windows\System\qOfBhUD.exe
  2⤵
  PID:3644
- C:\Windows\System\NUCowXs.exe
  C:\Windows\System\NUCowXs.exe
  2⤵
  PID:3572
- C:\Windows\System\ntyfTiv.exe
  C:\Windows\System\ntyfTiv.exe
  2⤵
  PID:3744
- C:\Windows\System\PZjrnXl.exe
  C:\Windows\System\PZjrnXl.exe
  2⤵
  PID:3824
- C:\Windows\System\QsWHDQo.exe
  C:\Windows\System\QsWHDQo.exe
  2⤵
  PID:3860
- C:\Windows\System\jTBAvMV.exe
  C:\Windows\System\jTBAvMV.exe
  2⤵
  PID:3948
- C:\Windows\System\WKfQhgE.exe
  C:\Windows\System\WKfQhgE.exe
  2⤵
  PID:3880
- C:\Windows\System\VkKCHsW.exe
  C:\Windows\System\VkKCHsW.exe
  2⤵
  PID:3960
- C:\Windows\System\UplZpig.exe
  C:\Windows\System\UplZpig.exe
  2⤵
  PID:4104
- C:\Windows\System\NLsAzRN.exe
  C:\Windows\System\NLsAzRN.exe
  2⤵
  PID:4124
- C:\Windows\System\ycHbLEF.exe
  C:\Windows\System\ycHbLEF.exe
  2⤵
  PID:4144
- C:\Windows\System\oZLJqha.exe
  C:\Windows\System\oZLJqha.exe
  2⤵
  PID:4164
- C:\Windows\System\cbffJUG.exe
  C:\Windows\System\cbffJUG.exe
  2⤵
  PID:4180
- C:\Windows\System\oxdSBTi.exe
  C:\Windows\System\oxdSBTi.exe
  2⤵
  PID:4204
- C:\Windows\System\NFQGwwI.exe
  C:\Windows\System\NFQGwwI.exe
  2⤵
  PID:4220
- C:\Windows\System\KxnMPEe.exe
  C:\Windows\System\KxnMPEe.exe
  2⤵
  PID:4248
- C:\Windows\System\aEhYhzb.exe
  C:\Windows\System\aEhYhzb.exe
  2⤵
  PID:4264
- C:\Windows\System\cPjPmrF.exe
  C:\Windows\System\cPjPmrF.exe
  2⤵
  PID:4284
- C:\Windows\System\myTqHhO.exe
  C:\Windows\System\myTqHhO.exe
  2⤵
  PID:4308
- C:\Windows\System\IgZVSCy.exe
  C:\Windows\System\IgZVSCy.exe
  2⤵
  PID:4328
- C:\Windows\System\AmNuNAH.exe
  C:\Windows\System\AmNuNAH.exe
  2⤵
  PID:4348
- C:\Windows\System\NpLFtJe.exe
  C:\Windows\System\NpLFtJe.exe
  2⤵
  PID:4368
- C:\Windows\System\biCJvBW.exe
  C:\Windows\System\biCJvBW.exe
  2⤵
  PID:4388
- C:\Windows\System\YlRSJId.exe
  C:\Windows\System\YlRSJId.exe
  2⤵
  PID:4408
- C:\Windows\System\gAHevua.exe
  C:\Windows\System\gAHevua.exe
  2⤵
  PID:4428
- C:\Windows\System\TYSxCNS.exe
  C:\Windows\System\TYSxCNS.exe
  2⤵
  PID:4448
- C:\Windows\System\etAAQOD.exe
  C:\Windows\System\etAAQOD.exe
  2⤵
  PID:4472
- C:\Windows\System\geHRyeP.exe
  C:\Windows\System\geHRyeP.exe
  2⤵
  PID:4488
- C:\Windows\System\ccQhTrH.exe
  C:\Windows\System\ccQhTrH.exe
  2⤵
  PID:4512
- C:\Windows\System\pPcREJT.exe
  C:\Windows\System\pPcREJT.exe
  2⤵
  PID:4532
- C:\Windows\System\VLhWQZo.exe
  C:\Windows\System\VLhWQZo.exe
  2⤵
  PID:4556
- C:\Windows\System\XJgAdIt.exe
  C:\Windows\System\XJgAdIt.exe
  2⤵
  PID:4572
- C:\Windows\System\cboYBUj.exe
  C:\Windows\System\cboYBUj.exe
  2⤵
  PID:4596
- C:\Windows\System\kMOwjuH.exe
  C:\Windows\System\kMOwjuH.exe
  2⤵
  PID:4612
- C:\Windows\System\gviuXrj.exe
  C:\Windows\System\gviuXrj.exe
  2⤵
  PID:4632
- C:\Windows\System\TQFCvxy.exe
  C:\Windows\System\TQFCvxy.exe
  2⤵
  PID:4648
- C:\Windows\System\XncAVOn.exe
  C:\Windows\System\XncAVOn.exe
  2⤵
  PID:4664
- C:\Windows\System\yHTVQfX.exe
  C:\Windows\System\yHTVQfX.exe
  2⤵
  PID:4684
- C:\Windows\System\QvKgZoF.exe
  C:\Windows\System\QvKgZoF.exe
  2⤵
  PID:4700
- C:\Windows\System\tjFkElP.exe
  C:\Windows\System\tjFkElP.exe
  2⤵
  PID:4728
- C:\Windows\System\evvnTck.exe
  C:\Windows\System\evvnTck.exe
  2⤵
  PID:4744
- C:\Windows\System\fnompnh.exe
  C:\Windows\System\fnompnh.exe
  2⤵
  PID:4768
- C:\Windows\System\eCMgEfJ.exe
  C:\Windows\System\eCMgEfJ.exe
  2⤵
  PID:4792
- C:\Windows\System\cOhgZGz.exe
  C:\Windows\System\cOhgZGz.exe
  2⤵
  PID:4808
- C:\Windows\System\AyAOrNh.exe
  C:\Windows\System\AyAOrNh.exe
  2⤵
  PID:4836
- C:\Windows\System\LNJjUzP.exe
  C:\Windows\System\LNJjUzP.exe
  2⤵
  PID:4856
- C:\Windows\System\IOXHhsr.exe
  C:\Windows\System\IOXHhsr.exe
  2⤵
  PID:4928
- C:\Windows\System\IYWIzJA.exe
  C:\Windows\System\IYWIzJA.exe
  2⤵
  PID:4960
- C:\Windows\System\edhaCDA.exe
  C:\Windows\System\edhaCDA.exe
  2⤵
  PID:4980
- C:\Windows\System\hPeFLhw.exe
  C:\Windows\System\hPeFLhw.exe
  2⤵
  PID:4996
- C:\Windows\System\JQMcGZA.exe
  C:\Windows\System\JQMcGZA.exe
  2⤵
  PID:5020
- C:\Windows\System\QHgJazD.exe
  C:\Windows\System\QHgJazD.exe
  2⤵
  PID:5036
- C:\Windows\System\GXapvrj.exe
  C:\Windows\System\GXapvrj.exe
  2⤵
  PID:5060
- C:\Windows\System\pYucAfo.exe
  C:\Windows\System\pYucAfo.exe
  2⤵
  PID:5076
- C:\Windows\System\MAurqRw.exe
  C:\Windows\System\MAurqRw.exe
  2⤵
  PID:5096
- C:\Windows\System\kqhSoBt.exe
  C:\Windows\System\kqhSoBt.exe
  2⤵
  PID:5116
- C:\Windows\System\FKSDwPS.exe
  C:\Windows\System\FKSDwPS.exe
  2⤵
  PID:4088
- C:\Windows\System\fjEgfmS.exe
  C:\Windows\System\fjEgfmS.exe
  2⤵
  PID:4084
- C:\Windows\System\tCFTESt.exe
  C:\Windows\System\tCFTESt.exe
  2⤵
  PID:920
- C:\Windows\System\wJWJgxX.exe
  C:\Windows\System\wJWJgxX.exe
  2⤵
  PID:3980
- C:\Windows\System\SlgIsij.exe
  C:\Windows\System\SlgIsij.exe
  2⤵
  PID:3312
- C:\Windows\System\XuNZKwe.exe
  C:\Windows\System\XuNZKwe.exe
  2⤵
  PID:3276
- C:\Windows\System\xxaOGpC.exe
  C:\Windows\System\xxaOGpC.exe
  2⤵
  PID:3420
- C:\Windows\System\vdBesNH.exe
  C:\Windows\System\vdBesNH.exe
  2⤵
  PID:3560
- C:\Windows\System\LwdYTrN.exe
  C:\Windows\System\LwdYTrN.exe
  2⤵
  PID:3576
- C:\Windows\System\RycVpxL.exe
  C:\Windows\System\RycVpxL.exe
  2⤵
  PID:3764
- C:\Windows\System\oSocXXB.exe
  C:\Windows\System\oSocXXB.exe
  2⤵
  PID:3876
- C:\Windows\System\pHAVixt.exe
  C:\Windows\System\pHAVixt.exe
  2⤵
  PID:3796
- C:\Windows\System\ANHttUU.exe
  C:\Windows\System\ANHttUU.exe
  2⤵
  PID:3988
- C:\Windows\System\YDlocEa.exe
  C:\Windows\System\YDlocEa.exe
  2⤵
  PID:4136
- C:\Windows\System\dnNhcqw.exe
  C:\Windows\System\dnNhcqw.exe
  2⤵
  PID:4008
- C:\Windows\System\uzhJfCJ.exe
  C:\Windows\System\uzhJfCJ.exe
  2⤵
  PID:4260
- C:\Windows\System\soCKOcx.exe
  C:\Windows\System\soCKOcx.exe
  2⤵
  PID:4344
- C:\Windows\System\LiCKSUr.exe
  C:\Windows\System\LiCKSUr.exe
  2⤵
  PID:4196
- C:\Windows\System\tGPixJD.exe
  C:\Windows\System\tGPixJD.exe
  2⤵
  PID:4376
- C:\Windows\System\irgZyyZ.exe
  C:\Windows\System\irgZyyZ.exe
  2⤵
  PID:4420
- C:\Windows\System\zuxsfFN.exe
  C:\Windows\System\zuxsfFN.exe
  2⤵
  PID:2252
- C:\Windows\System\IdTbeOd.exe
  C:\Windows\System\IdTbeOd.exe
  2⤵
  PID:4240
- C:\Windows\System\NmtCRex.exe
  C:\Windows\System\NmtCRex.exe
  2⤵
  PID:4500
- C:\Windows\System\zMAiENG.exe
  C:\Windows\System\zMAiENG.exe
  2⤵
  PID:4540
- C:\Windows\System\EFcgvPx.exe
  C:\Windows\System\EFcgvPx.exe
  2⤵
  PID:4360
- C:\Windows\System\WkTyqXD.exe
  C:\Windows\System\WkTyqXD.exe
  2⤵
  PID:4400
- C:\Windows\System\elkPDCD.exe
  C:\Windows\System\elkPDCD.exe
  2⤵
  PID:4584
- C:\Windows\System\UmWOcCc.exe
  C:\Windows\System\UmWOcCc.exe
  2⤵
  PID:4480
- C:\Windows\System\wBKuxNT.exe
  C:\Windows\System\wBKuxNT.exe
  2⤵
  PID:4656
- C:\Windows\System\QSBgOtl.exe
  C:\Windows\System\QSBgOtl.exe
  2⤵
  PID:4568
- C:\Windows\System\FaGgiER.exe
  C:\Windows\System\FaGgiER.exe
  2⤵
  PID:4788
- C:\Windows\System\MhjfKpM.exe
  C:\Windows\System\MhjfKpM.exe
  2⤵
  PID:4820
- C:\Windows\System\QtmqYdj.exe
  C:\Windows\System\QtmqYdj.exe
  2⤵
  PID:4676
- C:\Windows\System\hvbOGGL.exe
  C:\Windows\System\hvbOGGL.exe
  2⤵
  PID:4760
- C:\Windows\System\BSUYjgJ.exe
  C:\Windows\System\BSUYjgJ.exe
  2⤵
  PID:4848
- C:\Windows\System\jbnavQu.exe
  C:\Windows\System\jbnavQu.exe
  2⤵
  PID:4756
- C:\Windows\System\nyFMVLl.exe
  C:\Windows\System\nyFMVLl.exe
  2⤵
  PID:5012
- C:\Windows\System\JMNyhMo.exe
  C:\Windows\System\JMNyhMo.exe
  2⤵
  PID:5044
- C:\Windows\System\Womxdtd.exe
  C:\Windows\System\Womxdtd.exe
  2⤵
  PID:4952
- C:\Windows\System\KrrbGzv.exe
  C:\Windows\System\KrrbGzv.exe
  2⤵
  PID:5056
- C:\Windows\System\UxQOnTf.exe
  C:\Windows\System\UxQOnTf.exe
  2⤵
  PID:5084
- C:\Windows\System\AyrHduG.exe
  C:\Windows\System\AyrHduG.exe
  2⤵
  PID:3336
- C:\Windows\System\CSExFbB.exe
  C:\Windows\System\CSExFbB.exe
  2⤵
  PID:5108
- C:\Windows\System\CnVLAhn.exe
  C:\Windows\System\CnVLAhn.exe
  2⤵
  PID:1776
- C:\Windows\System\SVHaYge.exe
  C:\Windows\System\SVHaYge.exe
  2⤵
  PID:3296
- C:\Windows\System\OvMeKsP.exe
  C:\Windows\System\OvMeKsP.exe
  2⤵
  PID:3200
- C:\Windows\System\YhOeZch.exe
  C:\Windows\System\YhOeZch.exe
  2⤵
  PID:3840
- C:\Windows\System\rVIycPA.exe
  C:\Windows\System\rVIycPA.exe
  2⤵
  PID:3844
- C:\Windows\System\Dfsexij.exe
  C:\Windows\System\Dfsexij.exe
  2⤵
  PID:3760
- C:\Windows\System\eASMbag.exe
  C:\Windows\System\eASMbag.exe
  2⤵
  PID:4212
- C:\Windows\System\IrhjeEB.exe
  C:\Windows\System\IrhjeEB.exe
  2⤵
  PID:4132
- C:\Windows\System\VMjswIY.exe
  C:\Windows\System\VMjswIY.exe
  2⤵
  PID:4192
- C:\Windows\System\QjiiQhZ.exe
  C:\Windows\System\QjiiQhZ.exe
  2⤵
  PID:4116
- C:\Windows\System\AazGXEJ.exe
  C:\Windows\System\AazGXEJ.exe
  2⤵
  PID:4272
- C:\Windows\System\muFOQlC.exe
  C:\Windows\System\muFOQlC.exe
  2⤵
  PID:4380
- C:\Windows\System\JUtrVIX.exe
  C:\Windows\System\JUtrVIX.exe
  2⤵
  PID:4232
- C:\Windows\System\jKVJVYk.exe
  C:\Windows\System\jKVJVYk.exe
  2⤵
  PID:4320
- C:\Windows\System\EJIaobW.exe
  C:\Windows\System\EJIaobW.exe
  2⤵
  PID:4520
- C:\Windows\System\rhEvoRm.exe
  C:\Windows\System\rhEvoRm.exe
  2⤵
  PID:4620
- C:\Windows\System\UbdUGqR.exe
  C:\Windows\System\UbdUGqR.exe
  2⤵
  PID:4640
- C:\Windows\System\qvhbHtH.exe
  C:\Windows\System\qvhbHtH.exe
  2⤵
  PID:4564
- C:\Windows\System\fuFMYXK.exe
  C:\Windows\System\fuFMYXK.exe
  2⤵
  PID:4716
- C:\Windows\System\mtFySyq.exe
  C:\Windows\System\mtFySyq.exe
  2⤵
  PID:4720
- C:\Windows\System\CQAjYyR.exe
  C:\Windows\System\CQAjYyR.exe
  2⤵
  PID:4844
- C:\Windows\System\twdBCBX.exe
  C:\Windows\System\twdBCBX.exe
  2⤵
  PID:5008
- C:\Windows\System\ntyshnY.exe
  C:\Windows\System\ntyshnY.exe
  2⤵
  PID:5104
- C:\Windows\System\juDTrNK.exe
  C:\Windows\System\juDTrNK.exe
  2⤵
  PID:4992
- C:\Windows\System\RaXCFAg.exe
  C:\Windows\System\RaXCFAg.exe
  2⤵
  PID:4040
- C:\Windows\System\GnxKeRT.exe
  C:\Windows\System\GnxKeRT.exe
  2⤵
  PID:3432
- C:\Windows\System\LpFwsVr.exe
  C:\Windows\System\LpFwsVr.exe
  2⤵
  PID:3636
- C:\Windows\System\ftKIKBN.exe
  C:\Windows\System\ftKIKBN.exe
  2⤵
  PID:3160
- C:\Windows\System\iIKWxCR.exe
  C:\Windows\System\iIKWxCR.exe
  2⤵
  PID:5136
- C:\Windows\System\ftTDUmT.exe
  C:\Windows\System\ftTDUmT.exe
  2⤵
  PID:5152
- C:\Windows\System\cIDNnDi.exe
  C:\Windows\System\cIDNnDi.exe
  2⤵
  PID:5172
- C:\Windows\System\aKFZWxU.exe
  C:\Windows\System\aKFZWxU.exe
  2⤵
  PID:5196
- C:\Windows\System\lErIdYn.exe
  C:\Windows\System\lErIdYn.exe
  2⤵
  PID:5216
- C:\Windows\System\nQEMVwS.exe
  C:\Windows\System\nQEMVwS.exe
  2⤵
  PID:5240
- C:\Windows\System\TvAlByM.exe
  C:\Windows\System\TvAlByM.exe
  2⤵
  PID:5260
- C:\Windows\System\Atkcten.exe
  C:\Windows\System\Atkcten.exe
  2⤵
  PID:5280
- C:\Windows\System\VMgGygD.exe
  C:\Windows\System\VMgGygD.exe
  2⤵
  PID:5300
- C:\Windows\System\aJZausQ.exe
  C:\Windows\System\aJZausQ.exe
  2⤵
  PID:5320
- C:\Windows\System\VOEjnCr.exe
  C:\Windows\System\VOEjnCr.exe
  2⤵
  PID:5340
- C:\Windows\System\uCuwbTX.exe
  C:\Windows\System\uCuwbTX.exe
  2⤵
  PID:5356
- C:\Windows\System\agLhtkI.exe
  C:\Windows\System\agLhtkI.exe
  2⤵
  PID:5376
- C:\Windows\System\qdsULJm.exe
  C:\Windows\System\qdsULJm.exe
  2⤵
  PID:5396
- C:\Windows\System\mwkUeCo.exe
  C:\Windows\System\mwkUeCo.exe
  2⤵
  PID:5416
- C:\Windows\System\SFrMPml.exe
  C:\Windows\System\SFrMPml.exe
  2⤵
  PID:5440
- C:\Windows\System\bYiSPJo.exe
  C:\Windows\System\bYiSPJo.exe
  2⤵
  PID:5464
- C:\Windows\System\EpNbyIT.exe
  C:\Windows\System\EpNbyIT.exe
  2⤵
  PID:5484
- C:\Windows\System\pCsgEys.exe
  C:\Windows\System\pCsgEys.exe
  2⤵
  PID:5504
- C:\Windows\System\UHQQiNx.exe
  C:\Windows\System\UHQQiNx.exe
  2⤵
  PID:5528
- C:\Windows\System\hrGKdPm.exe
  C:\Windows\System\hrGKdPm.exe
  2⤵
  PID:5548
- C:\Windows\System\wZYZaUe.exe
  C:\Windows\System\wZYZaUe.exe
  2⤵
  PID:5568
- C:\Windows\System\BrRTGii.exe
  C:\Windows\System\BrRTGii.exe
  2⤵
  PID:5588
- C:\Windows\System\LozcqPX.exe
  C:\Windows\System\LozcqPX.exe
  2⤵
  PID:5608
- C:\Windows\System\IDWfhVh.exe
  C:\Windows\System\IDWfhVh.exe
  2⤵
  PID:5624
- C:\Windows\System\pcFTLBt.exe
  C:\Windows\System\pcFTLBt.exe
  2⤵
  PID:5648
- C:\Windows\System\CLZxXfL.exe
  C:\Windows\System\CLZxXfL.exe
  2⤵
  PID:5668
- C:\Windows\System\jCmkxsh.exe
  C:\Windows\System\jCmkxsh.exe
  2⤵
  PID:5692
- C:\Windows\System\znKCDEV.exe
  C:\Windows\System\znKCDEV.exe
  2⤵
  PID:5708
- C:\Windows\System\hufyVhr.exe
  C:\Windows\System\hufyVhr.exe
  2⤵
  PID:5732
- C:\Windows\System\qdBnZgL.exe
  C:\Windows\System\qdBnZgL.exe
  2⤵
  PID:5756
- C:\Windows\System\yXniQIV.exe
  C:\Windows\System\yXniQIV.exe
  2⤵
  PID:5776
- C:\Windows\System\NbvJQRo.exe
  C:\Windows\System\NbvJQRo.exe
  2⤵
  PID:5800
- C:\Windows\System\zpHNskA.exe
  C:\Windows\System\zpHNskA.exe
  2⤵
  PID:5820
- C:\Windows\System\nxMMART.exe
  C:\Windows\System\nxMMART.exe
  2⤵
  PID:5836
- C:\Windows\System\pgQQuro.exe
  C:\Windows\System\pgQQuro.exe
  2⤵
  PID:5856
- C:\Windows\System\qKDTxvB.exe
  C:\Windows\System\qKDTxvB.exe
  2⤵
  PID:5872
- C:\Windows\System\VhyewFc.exe
  C:\Windows\System\VhyewFc.exe
  2⤵
  PID:5892
- C:\Windows\System\cDQyCWn.exe
  C:\Windows\System\cDQyCWn.exe
  2⤵
  PID:5924
- C:\Windows\System\HnvGvOD.exe
  C:\Windows\System\HnvGvOD.exe
  2⤵
  PID:5944
- C:\Windows\System\tZMutwX.exe
  C:\Windows\System\tZMutwX.exe
  2⤵
  PID:5964
- C:\Windows\System\yPzEzIF.exe
  C:\Windows\System\yPzEzIF.exe
  2⤵
  PID:5984
- C:\Windows\System\ezNAvcp.exe
  C:\Windows\System\ezNAvcp.exe
  2⤵
  PID:6000
- C:\Windows\System\oIaZkXX.exe
  C:\Windows\System\oIaZkXX.exe
  2⤵
  PID:6016
- C:\Windows\System\YJLrYzd.exe
  C:\Windows\System\YJLrYzd.exe
  2⤵
  PID:6040
- C:\Windows\System\NNxRTtY.exe
  C:\Windows\System\NNxRTtY.exe
  2⤵
  PID:6068
- C:\Windows\System\PnMwpXc.exe
  C:\Windows\System\PnMwpXc.exe
  2⤵
  PID:6088
- C:\Windows\System\QDbACFr.exe
  C:\Windows\System\QDbACFr.exe
  2⤵
  PID:6108
- C:\Windows\System\xtFIBOg.exe
  C:\Windows\System\xtFIBOg.exe
  2⤵
  PID:6128
- C:\Windows\System\tRkVKlt.exe
  C:\Windows\System\tRkVKlt.exe
  2⤵
  PID:3620
- C:\Windows\System\uTLIzUa.exe
  C:\Windows\System\uTLIzUa.exe
  2⤵
  PID:3680
- C:\Windows\System\dsbWAag.exe
  C:\Windows\System\dsbWAag.exe
  2⤵
  PID:4316
- C:\Windows\System\CpUylaE.exe
  C:\Windows\System\CpUylaE.exe
  2⤵
  PID:4464
- C:\Windows\System\ynhCZul.exe
  C:\Windows\System\ynhCZul.exe
  2⤵
  PID:4424
- C:\Windows\System\HmPzwhp.exe
  C:\Windows\System\HmPzwhp.exe
  2⤵
  PID:4544
- C:\Windows\System\MPVgPyb.exe
  C:\Windows\System\MPVgPyb.exe
  2⤵
  PID:4724
- C:\Windows\System\wUXVVqA.exe
  C:\Windows\System\wUXVVqA.exe
  2⤵
  PID:5016
- C:\Windows\System\ghOEYTN.exe
  C:\Windows\System\ghOEYTN.exe
  2⤵
  PID:4628
- C:\Windows\System\ajYyVvu.exe
  C:\Windows\System\ajYyVvu.exe
  2⤵
  PID:4936
- C:\Windows\System\HFPWORw.exe
  C:\Windows\System\HFPWORw.exe
  2⤵
  PID:3524
- C:\Windows\System\IxXPVIu.exe
  C:\Windows\System\IxXPVIu.exe
  2⤵
  PID:5112
- C:\Windows\System\rJgfZzd.exe
  C:\Windows\System\rJgfZzd.exe
  2⤵
  PID:3888
- C:\Windows\System\hUYLWQa.exe
  C:\Windows\System\hUYLWQa.exe
  2⤵
  PID:3724
- C:\Windows\System\NPnUETN.exe
  C:\Windows\System\NPnUETN.exe
  2⤵
  PID:5192
- C:\Windows\System\NAkUQtx.exe
  C:\Windows\System\NAkUQtx.exe
  2⤵
  PID:5124
- C:\Windows\System\oOjJdDy.exe
  C:\Windows\System\oOjJdDy.exe
  2⤵
  PID:5164
- C:\Windows\System\rASAXnK.exe
  C:\Windows\System\rASAXnK.exe
  2⤵
  PID:2204
- C:\Windows\System\yKsyEVH.exe
  C:\Windows\System\yKsyEVH.exe
  2⤵
  PID:5248
- C:\Windows\System\ucRKYgl.exe
  C:\Windows\System\ucRKYgl.exe
  2⤵
  PID:5296
- C:\Windows\System\hgSJuTz.exe
  C:\Windows\System\hgSJuTz.exe
  2⤵
  PID:5384
- C:\Windows\System\LSJRScv.exe
  C:\Windows\System\LSJRScv.exe
  2⤵
  PID:5432
- C:\Windows\System\jgcdvKc.exe
  C:\Windows\System\jgcdvKc.exe
  2⤵
  PID:5328
- C:\Windows\System\ROVamws.exe
  C:\Windows\System\ROVamws.exe
  2⤵
  PID:5412
- C:\Windows\System\ezoXNNb.exe
  C:\Windows\System\ezoXNNb.exe
  2⤵
  PID:5448
- C:\Windows\System\uXcuaLi.exe
  C:\Windows\System\uXcuaLi.exe
  2⤵
  PID:5524
- C:\Windows\System\FGIrVvO.exe
  C:\Windows\System\FGIrVvO.exe
  2⤵
  PID:5536
- C:\Windows\System\fZQoAkU.exe
  C:\Windows\System\fZQoAkU.exe
  2⤵
  PID:5544
- C:\Windows\System\UurFogL.exe
  C:\Windows\System\UurFogL.exe
  2⤵
  PID:5600
- C:\Windows\System\FmsciLX.exe
  C:\Windows\System\FmsciLX.exe
  2⤵
  PID:5680
- C:\Windows\System\uNRZrao.exe
  C:\Windows\System\uNRZrao.exe
  2⤵
  PID:5620
- C:\Windows\System\ymAAjJB.exe
  C:\Windows\System\ymAAjJB.exe
  2⤵
  PID:5656
- C:\Windows\System\ygtffLO.exe
  C:\Windows\System\ygtffLO.exe
  2⤵
  PID:5704
- C:\Windows\System\ahqLbcj.exe
  C:\Windows\System\ahqLbcj.exe
  2⤵
  PID:5748
- C:\Windows\System\HQuhYgU.exe
  C:\Windows\System\HQuhYgU.exe
  2⤵
  PID:5844
- C:\Windows\System\UjdTxCK.exe
  C:\Windows\System\UjdTxCK.exe
  2⤵
  PID:5880
- C:\Windows\System\IeqiJzP.exe
  C:\Windows\System\IeqiJzP.exe
  2⤵
  PID:5868
- C:\Windows\System\gDgrpIT.exe
  C:\Windows\System\gDgrpIT.exe
  2⤵
  PID:5908
- C:\Windows\System\JCxKopL.exe
  C:\Windows\System\JCxKopL.exe
  2⤵
  PID:5972
- C:\Windows\System\TxStNwy.exe
  C:\Windows\System\TxStNwy.exe
  2⤵
  PID:5956
- C:\Windows\System\wXKkPWP.exe
  C:\Windows\System\wXKkPWP.exe
  2⤵
  PID:6064
- C:\Windows\System\XhXeOjV.exe
  C:\Windows\System\XhXeOjV.exe
  2⤵
  PID:5992
- C:\Windows\System\OokPcgM.exe
  C:\Windows\System\OokPcgM.exe
  2⤵
  PID:6032
- C:\Windows\System\VGzLndZ.exe
  C:\Windows\System\VGzLndZ.exe
  2⤵
  PID:6136
- C:\Windows\System\jPaeDPm.exe
  C:\Windows\System\jPaeDPm.exe
  2⤵
  PID:4152
- C:\Windows\System\FlAotRJ.exe
  C:\Windows\System\FlAotRJ.exe
  2⤵
  PID:1768
- C:\Windows\System\mPsFRPb.exe
  C:\Windows\System\mPsFRPb.exe
  2⤵
  PID:4176
- C:\Windows\System\PXDoker.exe
  C:\Windows\System\PXDoker.exe
  2⤵
  PID:4672
- C:\Windows\System\mhYkMdJ.exe
  C:\Windows\System\mhYkMdJ.exe
  2⤵
  PID:4444
- C:\Windows\System\StdIJHb.exe
  C:\Windows\System\StdIJHb.exe
  2⤵
  PID:324
- C:\Windows\System\msDLCxo.exe
  C:\Windows\System\msDLCxo.exe
  2⤵
  PID:2496
- C:\Windows\System\FrBYKxb.exe
  C:\Windows\System\FrBYKxb.exe
  2⤵
  PID:5184
- C:\Windows\System\fBHBveQ.exe
  C:\Windows\System\fBHBveQ.exe
  2⤵
  PID:5160
- C:\Windows\System\fufvHho.exe
  C:\Windows\System\fufvHho.exe
  2⤵
  PID:5224
- C:\Windows\System\prdAqYj.exe
  C:\Windows\System\prdAqYj.exe
  2⤵
  PID:5312
- C:\Windows\System\uFtdQsh.exe
  C:\Windows\System\uFtdQsh.exe
  2⤵
  PID:2620
- C:\Windows\System\mtErMfl.exe
  C:\Windows\System\mtErMfl.exe
  2⤵
  PID:5408
- C:\Windows\System\lGgFsIW.exe
  C:\Windows\System\lGgFsIW.exe
  2⤵
  PID:5500
- C:\Windows\System\prBANvd.exe
  C:\Windows\System\prBANvd.exe
  2⤵
  PID:5288
- C:\Windows\System\QhGfirM.exe
  C:\Windows\System\QhGfirM.exe
  2⤵
  PID:5580
- C:\Windows\System\tYZZjTa.exe
  C:\Windows\System\tYZZjTa.exe
  2⤵
  PID:2376
- C:\Windows\System\DHzXSWM.exe
  C:\Windows\System\DHzXSWM.exe
  2⤵
  PID:5512
- C:\Windows\System\SxpbQUL.exe
  C:\Windows\System\SxpbQUL.exe
  2⤵
  PID:5596
- C:\Windows\System\oPijCCY.exe
  C:\Windows\System\oPijCCY.exe
  2⤵
  PID:5812
- C:\Windows\System\qsxJcom.exe
  C:\Windows\System\qsxJcom.exe
  2⤵
  PID:5864
- C:\Windows\System\PmfRjgp.exe
  C:\Windows\System\PmfRjgp.exe
  2⤵
  PID:6008
- C:\Windows\System\pPtFJsb.exe
  C:\Windows\System\pPtFJsb.exe
  2⤵
  PID:5728
- C:\Windows\System\GXCJXvg.exe
  C:\Windows\System\GXCJXvg.exe
  2⤵
  PID:5852
- C:\Windows\System\RRywJLt.exe
  C:\Windows\System\RRywJLt.exe
  2⤵
  PID:5788
- C:\Windows\System\FNXLTDI.exe
  C:\Windows\System\FNXLTDI.exe
  2⤵
  PID:2400
- C:\Windows\System\lKYQiCy.exe
  C:\Windows\System\lKYQiCy.exe
  2⤵
  PID:6104
- C:\Windows\System\NFbvlZm.exe
  C:\Windows\System\NFbvlZm.exe
  2⤵
  PID:4100
- C:\Windows\System\jCPaVvj.exe
  C:\Windows\System\jCPaVvj.exe
  2⤵
  PID:4624
- C:\Windows\System\lvCCfTp.exe
  C:\Windows\System\lvCCfTp.exe
  2⤵
  PID:4280
- C:\Windows\System\JPVuIeO.exe
  C:\Windows\System\JPVuIeO.exe
  2⤵
  PID:5128
- C:\Windows\System\RcGgNiw.exe
  C:\Windows\System\RcGgNiw.exe
  2⤵
  PID:5308
- C:\Windows\System\vFaeJpC.exe
  C:\Windows\System\vFaeJpC.exe
  2⤵
  PID:5476
- C:\Windows\System\hNWyIQx.exe
  C:\Windows\System\hNWyIQx.exe
  2⤵
  PID:4832
- C:\Windows\System\jRhOrFt.exe
  C:\Windows\System\jRhOrFt.exe
  2⤵
  PID:3016
- C:\Windows\System\MBrRdcj.exe
  C:\Windows\System\MBrRdcj.exe
  2⤵
  PID:4696
- C:\Windows\System\SBOMmZx.exe
  C:\Windows\System\SBOMmZx.exe
  2⤵
  PID:5168
- C:\Windows\System\KBictTu.exe
  C:\Windows\System\KBictTu.exe
  2⤵
  PID:2364
- C:\Windows\System\sArHPlr.exe
  C:\Windows\System\sArHPlr.exe
  2⤵
  PID:5816
- C:\Windows\System\dYKlyqE.exe
  C:\Windows\System\dYKlyqE.exe
  2⤵
  PID:5364
- C:\Windows\System\jNRdyBK.exe
  C:\Windows\System\jNRdyBK.exe
  2⤵
  PID:5676
- C:\Windows\System\tphuGwC.exe
  C:\Windows\System\tphuGwC.exe
  2⤵
  PID:5996
- C:\Windows\System\ZdYIjSE.exe
  C:\Windows\System\ZdYIjSE.exe
  2⤵
  PID:5520
- C:\Windows\System\gyqYfMD.exe
  C:\Windows\System\gyqYfMD.exe
  2⤵
  PID:3028
- C:\Windows\System\XjUMgzz.exe
  C:\Windows\System\XjUMgzz.exe
  2⤵
  PID:3044
- C:\Windows\System\iBXKWbA.exe
  C:\Windows\System\iBXKWbA.exe
  2⤵
  PID:6084
- C:\Windows\System\ZiAWSHT.exe
  C:\Windows\System\ZiAWSHT.exe
  2⤵
  PID:5936
- C:\Windows\System\aUogbUU.exe
  C:\Windows\System\aUogbUU.exe
  2⤵
  PID:4644
- C:\Windows\System\SkDATmC.exe
  C:\Windows\System\SkDATmC.exe
  2⤵
  PID:4300
- C:\Windows\System\KwrtKlQ.exe
  C:\Windows\System\KwrtKlQ.exe
  2⤵
  PID:4976
- C:\Windows\System\NtwvBdJ.exe
  C:\Windows\System\NtwvBdJ.exe
  2⤵
  PID:5276
- C:\Windows\System\SszAdzU.exe
  C:\Windows\System\SszAdzU.exe
  2⤵
  PID:2660
- C:\Windows\System\ZqbLByZ.exe
  C:\Windows\System\ZqbLByZ.exe
  2⤵
  PID:2256
- C:\Windows\System\YZotUuV.exe
  C:\Windows\System\YZotUuV.exe
  2⤵
  PID:5724
- C:\Windows\System\YEzSyhb.exe
  C:\Windows\System\YEzSyhb.exe
  2⤵
  PID:6152
- C:\Windows\System\AOeUSBK.exe
  C:\Windows\System\AOeUSBK.exe
  2⤵
  PID:6176
- C:\Windows\System\rgRZKdb.exe
  C:\Windows\System\rgRZKdb.exe
  2⤵
  PID:6196
- C:\Windows\System\xilrkvM.exe
  C:\Windows\System\xilrkvM.exe
  2⤵
  PID:6216
- C:\Windows\System\eOvjQaK.exe
  C:\Windows\System\eOvjQaK.exe
  2⤵
  PID:6240
- C:\Windows\System\uIOhHPw.exe
  C:\Windows\System\uIOhHPw.exe
  2⤵
  PID:6264
- C:\Windows\System\htNwaAe.exe
  C:\Windows\System\htNwaAe.exe
  2⤵
  PID:6280
- C:\Windows\System\cryGCqi.exe
  C:\Windows\System\cryGCqi.exe
  2⤵
  PID:6300
- C:\Windows\System\iirfeiJ.exe
  C:\Windows\System\iirfeiJ.exe
  2⤵
  PID:6316
- C:\Windows\System\IMTkmHu.exe
  C:\Windows\System\IMTkmHu.exe
  2⤵
  PID:6340
- C:\Windows\System\tRxgDsN.exe
  C:\Windows\System\tRxgDsN.exe
  2⤵
  PID:6364
- C:\Windows\System\ZMJpQQp.exe
  C:\Windows\System\ZMJpQQp.exe
  2⤵
  PID:6380
- C:\Windows\System\FIiarQM.exe
  C:\Windows\System\FIiarQM.exe
  2⤵
  PID:6396
- C:\Windows\System\KlYKpCN.exe
  C:\Windows\System\KlYKpCN.exe
  2⤵
  PID:6424
- C:\Windows\System\AxovJQq.exe
  C:\Windows\System\AxovJQq.exe
  2⤵
  PID:6444
- C:\Windows\System\kHwRnkS.exe
  C:\Windows\System\kHwRnkS.exe
  2⤵
  PID:6460
- C:\Windows\System\wgseCEU.exe
  C:\Windows\System\wgseCEU.exe
  2⤵
  PID:6484
- C:\Windows\System\ZktZqxv.exe
  C:\Windows\System\ZktZqxv.exe
  2⤵
  PID:6500
- C:\Windows\System\BrYlTNu.exe
  C:\Windows\System\BrYlTNu.exe
  2⤵
  PID:6516
- C:\Windows\System\wzQcHli.exe
  C:\Windows\System\wzQcHli.exe
  2⤵
  PID:6544
- C:\Windows\System\jMXcPsn.exe
  C:\Windows\System\jMXcPsn.exe
  2⤵
  PID:6560
- C:\Windows\System\HLaCcoy.exe
  C:\Windows\System\HLaCcoy.exe
  2⤵
  PID:6576
- C:\Windows\System\ATQaFQV.exe
  C:\Windows\System\ATQaFQV.exe
  2⤵
  PID:6600
- C:\Windows\System\HDVVrYw.exe
  C:\Windows\System\HDVVrYw.exe
  2⤵
  PID:6620
- C:\Windows\System\kaGXWMv.exe
  C:\Windows\System\kaGXWMv.exe
  2⤵
  PID:6640
- C:\Windows\System\yMTfRQC.exe
  C:\Windows\System\yMTfRQC.exe
  2⤵
  PID:6664
- C:\Windows\System\ZdhXZJO.exe
  C:\Windows\System\ZdhXZJO.exe
  2⤵
  PID:6680
- C:\Windows\System\pCJGULh.exe
  C:\Windows\System\pCJGULh.exe
  2⤵
  PID:6704
- C:\Windows\System\HZZxdXK.exe
  C:\Windows\System\HZZxdXK.exe
  2⤵
  PID:6724
- C:\Windows\System\jSjQBaH.exe
  C:\Windows\System\jSjQBaH.exe
  2⤵
  PID:6748
- C:\Windows\System\baJpZYo.exe
  C:\Windows\System\baJpZYo.exe
  2⤵
  PID:6768
- C:\Windows\System\pXsgpHK.exe
  C:\Windows\System\pXsgpHK.exe
  2⤵
  PID:6788
- C:\Windows\System\TptEJon.exe
  C:\Windows\System\TptEJon.exe
  2⤵
  PID:6808
- C:\Windows\System\LHWjxFE.exe
  C:\Windows\System\LHWjxFE.exe
  2⤵
  PID:6824
- C:\Windows\System\gMHYiOt.exe
  C:\Windows\System\gMHYiOt.exe
  2⤵
  PID:6848
- C:\Windows\System\IgOruCg.exe
  C:\Windows\System\IgOruCg.exe
  2⤵
  PID:6868
- C:\Windows\System\qqhZWAQ.exe
  C:\Windows\System\qqhZWAQ.exe
  2⤵
  PID:6888
- C:\Windows\System\GrLqFDi.exe
  C:\Windows\System\GrLqFDi.exe
  2⤵
  PID:6904
- C:\Windows\System\xBWJCMD.exe
  C:\Windows\System\xBWJCMD.exe
  2⤵
  PID:6924
- C:\Windows\System\fkKRmOw.exe
  C:\Windows\System\fkKRmOw.exe
  2⤵
  PID:6944
- C:\Windows\System\ERmaRot.exe
  C:\Windows\System\ERmaRot.exe
  2⤵
  PID:6964
- C:\Windows\System\vyblEcz.exe
  C:\Windows\System\vyblEcz.exe
  2⤵
  PID:6988
- C:\Windows\System\CFCzsFu.exe
  C:\Windows\System\CFCzsFu.exe
  2⤵
  PID:7004
- C:\Windows\System\meXFBlZ.exe
  C:\Windows\System\meXFBlZ.exe
  2⤵
  PID:7028
- C:\Windows\System\AFTaUfn.exe
  C:\Windows\System\AFTaUfn.exe
  2⤵
  PID:7044
- C:\Windows\System\GoWgjxR.exe
  C:\Windows\System\GoWgjxR.exe
  2⤵
  PID:7064
- C:\Windows\System\rIoYiQh.exe
  C:\Windows\System\rIoYiQh.exe
  2⤵
  PID:7080
- C:\Windows\System\IvLOMmU.exe
  C:\Windows\System\IvLOMmU.exe
  2⤵
  PID:7096
- C:\Windows\System\XmHYhvI.exe
  C:\Windows\System\XmHYhvI.exe
  2⤵
  PID:7120
- C:\Windows\System\miFoxUv.exe
  C:\Windows\System\miFoxUv.exe
  2⤵
  PID:7144
- C:\Windows\System\BrkqWKE.exe
  C:\Windows\System\BrkqWKE.exe
  2⤵
  PID:7160
- C:\Windows\System\NqYPihm.exe
  C:\Windows\System\NqYPihm.exe
  2⤵
  PID:5252
- C:\Windows\System\LScZJIv.exe
  C:\Windows\System\LScZJIv.exe
  2⤵
  PID:5208
- C:\Windows\System\HmnjqLh.exe
  C:\Windows\System\HmnjqLh.exe
  2⤵
  PID:5976
- C:\Windows\System\GeQlDeH.exe
  C:\Windows\System\GeQlDeH.exe
  2⤵
  PID:5720
- C:\Windows\System\PwApfXY.exe
  C:\Windows\System\PwApfXY.exe
  2⤵
  PID:5740
- C:\Windows\System\aYTNSVP.exe
  C:\Windows\System\aYTNSVP.exe
  2⤵
  PID:4876
- C:\Windows\System\LnXwtGC.exe
  C:\Windows\System\LnXwtGC.exe
  2⤵
  PID:5316
- C:\Windows\System\szsecAn.exe
  C:\Windows\System\szsecAn.exe
  2⤵
  PID:2924
- C:\Windows\System\tkszVUM.exe
  C:\Windows\System\tkszVUM.exe
  2⤵
  PID:6184
- C:\Windows\System\ArfMUuh.exe
  C:\Windows\System\ArfMUuh.exe
  2⤵
  PID:2776
- C:\Windows\System\xsOjNBK.exe
  C:\Windows\System\xsOjNBK.exe
  2⤵
  PID:6232
- C:\Windows\System\BcpfqWx.exe
  C:\Windows\System\BcpfqWx.exe
  2⤵
  PID:6164
- C:\Windows\System\BmnFXOK.exe
  C:\Windows\System\BmnFXOK.exe
  2⤵
  PID:6272
- C:\Windows\System\vQOHcPi.exe
  C:\Windows\System\vQOHcPi.exe
  2⤵
  PID:6352
- C:\Windows\System\iImsqye.exe
  C:\Windows\System\iImsqye.exe
  2⤵
  PID:6252
- C:\Windows\System\OvMqcCW.exe
  C:\Windows\System\OvMqcCW.exe
  2⤵
  PID:6296
- C:\Windows\System\PQSjrTK.exe
  C:\Windows\System\PQSjrTK.exe
  2⤵
  PID:6324
- C:\Windows\System\frmOZij.exe
  C:\Windows\System\frmOZij.exe
  2⤵
  PID:6716
- C:\Windows\System\dRiMDlW.exe
  C:\Windows\System\dRiMDlW.exe
  2⤵
  PID:6660
- C:\Windows\System\rmDxlnl.exe
  C:\Windows\System\rmDxlnl.exe
  2⤵
  PID:6804
- C:\Windows\System\MLCjwta.exe
  C:\Windows\System\MLCjwta.exe
  2⤵
  PID:6696
- C:\Windows\System\IPKjHdi.exe
  C:\Windows\System\IPKjHdi.exe
  2⤵
  PID:6692
- C:\Windows\System\FNBhtyv.exe
  C:\Windows\System\FNBhtyv.exe
  2⤵
  PID:6884
- C:\Windows\System\mtdUIkm.exe
  C:\Windows\System\mtdUIkm.exe
  2⤵
  PID:6916
- C:\Windows\System\XOgWrjR.exe
  C:\Windows\System\XOgWrjR.exe
  2⤵
  PID:6956
- C:\Windows\System\QvZKWFf.exe
  C:\Windows\System\QvZKWFf.exe
  2⤵
  PID:6816
- C:\Windows\System\IICKslG.exe
  C:\Windows\System\IICKslG.exe
  2⤵
  PID:7076
- C:\Windows\System\bLTuRjl.exe
  C:\Windows\System\bLTuRjl.exe
  2⤵
  PID:7116
- C:\Windows\System\qVHcrhD.exe
  C:\Windows\System\qVHcrhD.exe
  2⤵
  PID:5268
- C:\Windows\System\xkMNqRR.exe
  C:\Windows\System\xkMNqRR.exe
  2⤵
  PID:5920
- C:\Windows\System\awbGqCm.exe
  C:\Windows\System\awbGqCm.exe
  2⤵
  PID:3060
- C:\Windows\System\rRpAsUf.exe
  C:\Windows\System\rRpAsUf.exe
  2⤵
  PID:6120
- C:\Windows\System\HMEtDrw.exe
  C:\Windows\System\HMEtDrw.exe
  2⤵
  PID:6932
- C:\Windows\System\FGfmGsN.exe
  C:\Windows\System\FGfmGsN.exe
  2⤵
  PID:2420
- C:\Windows\System\LaURySN.exe
  C:\Windows\System\LaURySN.exe
  2⤵
  PID:6288
- C:\Windows\System\skLZGZR.exe
  C:\Windows\System\skLZGZR.exe
  2⤵
  PID:7012
- C:\Windows\System\Fphbjfa.exe
  C:\Windows\System\Fphbjfa.exe
  2⤵
  PID:7052
- C:\Windows\System\cwmSeeT.exe
  C:\Windows\System\cwmSeeT.exe
  2⤵
  PID:7092
- C:\Windows\System\tykHvyK.exe
  C:\Windows\System\tykHvyK.exe
  2⤵
  PID:7136
- C:\Windows\System\wGGQlWR.exe
  C:\Windows\System\wGGQlWR.exe
  2⤵
  PID:5828
- C:\Windows\System\wIZydBa.exe
  C:\Windows\System\wIZydBa.exe
  2⤵
  PID:5456
- C:\Windows\System\QlIdzcX.exe
  C:\Windows\System\QlIdzcX.exe
  2⤵
  PID:6028
- C:\Windows\System\iilTJGM.exe
  C:\Windows\System\iilTJGM.exe
  2⤵
  PID:6208
- C:\Windows\System\frXOCVi.exe
  C:\Windows\System\frXOCVi.exe
  2⤵
  PID:1716
- C:\Windows\System\hZVxYlG.exe
  C:\Windows\System\hZVxYlG.exe
  2⤵
  PID:2116
- C:\Windows\System\TeAPlsP.exe
  C:\Windows\System\TeAPlsP.exe
  2⤵
  PID:2456
- C:\Windows\System\CHCqLAh.exe
  C:\Windows\System\CHCqLAh.exe
  2⤵
  PID:2432
- C:\Windows\System\DIdKFNL.exe
  C:\Windows\System\DIdKFNL.exe
  2⤵
  PID:1060
- C:\Windows\System\xusDMDU.exe
  C:\Windows\System\xusDMDU.exe
  2⤵
  PID:1628
- C:\Windows\System\TkGRYaB.exe
  C:\Windows\System\TkGRYaB.exe
  2⤵
  PID:2484
- C:\Windows\System\OyYLkEJ.exe
  C:\Windows\System\OyYLkEJ.exe
  2⤵
  PID:6224
- C:\Windows\System\csvMKuC.exe
  C:\Windows\System\csvMKuC.exe
  2⤵
  PID:6116
- C:\Windows\System\ybWdXnN.exe
  C:\Windows\System\ybWdXnN.exe
  2⤵
  PID:2372
- C:\Windows\System\pNmizkI.exe
  C:\Windows\System\pNmizkI.exe
  2⤵
  PID:2568
- C:\Windows\System\bzLmzkn.exe
  C:\Windows\System\bzLmzkn.exe
  2⤵
  PID:2664
- C:\Windows\System\CHmmIhJ.exe
  C:\Windows\System\CHmmIhJ.exe
  2⤵
  PID:6160
- C:\Windows\System\hqCEKvV.exe
  C:\Windows\System\hqCEKvV.exe
  2⤵
  PID:6556
- C:\Windows\System\lqyQarU.exe
  C:\Windows\System\lqyQarU.exe
  2⤵
  PID:6584
- C:\Windows\System\PLqlzqF.exe
  C:\Windows\System\PLqlzqF.exe
  2⤵
  PID:6596
- C:\Windows\System\NOUfxVe.exe
  C:\Windows\System\NOUfxVe.exe
  2⤵
  PID:2740
- C:\Windows\System\imIjRkZ.exe
  C:\Windows\System\imIjRkZ.exe
  2⤵
  PID:3032
- C:\Windows\System\kqXlaSZ.exe
  C:\Windows\System\kqXlaSZ.exe
  2⤵
  PID:1000
- C:\Windows\System\QrnParT.exe
  C:\Windows\System\QrnParT.exe
  2⤵
  PID:2972
- C:\Windows\System\fGoydLB.exe
  C:\Windows\System\fGoydLB.exe
  2⤵
  PID:1904
- C:\Windows\System\GSFghPz.exe
  C:\Windows\System\GSFghPz.exe
  2⤵
  PID:6760
- C:\Windows\System\RJCoMFg.exe
  C:\Windows\System\RJCoMFg.exe
  2⤵
  PID:2404
- C:\Windows\System\dTpxvRp.exe
  C:\Windows\System\dTpxvRp.exe
  2⤵
  PID:6800
- C:\Windows\System\exqOmyA.exe
  C:\Windows\System\exqOmyA.exe
  2⤵
  PID:2216
- C:\Windows\System\rtZCjlK.exe
  C:\Windows\System\rtZCjlK.exe
  2⤵
  PID:2540
- C:\Windows\System\uZsADTl.exe
  C:\Windows\System\uZsADTl.exe
  2⤵
  PID:6836
- C:\Windows\System\pQJRfVk.exe
  C:\Windows\System\pQJRfVk.exe
  2⤵
  PID:2748
- C:\Windows\System\NPNarET.exe
  C:\Windows\System\NPNarET.exe
  2⤵
  PID:6776
- C:\Windows\System\hsksPkm.exe
  C:\Windows\System\hsksPkm.exe
  2⤵
  PID:6780
- C:\Windows\System\LfYLtAn.exe
  C:\Windows\System\LfYLtAn.exe
  2⤵
  PID:6720
- C:\Windows\System\PJiHmpi.exe
  C:\Windows\System\PJiHmpi.exe
  2⤵
  PID:5744
- C:\Windows\System\QkkkuIW.exe
  C:\Windows\System\QkkkuIW.exe
  2⤵
  PID:7000
- C:\Windows\System\iMKrbeZ.exe
  C:\Windows\System\iMKrbeZ.exe
  2⤵
  PID:6984
- C:\Windows\System\feAsSqT.exe
  C:\Windows\System\feAsSqT.exe
  2⤵
  PID:6228
- C:\Windows\System\exlRpUb.exe
  C:\Windows\System\exlRpUb.exe
  2⤵
  PID:6940
- C:\Windows\System\oYUlEin.exe
  C:\Windows\System\oYUlEin.exe
  2⤵
  PID:7024
- C:\Windows\System\zRpDKoV.exe
  C:\Windows\System\zRpDKoV.exe
  2⤵
  PID:5832
- C:\Windows\System\DdSzDxv.exe
  C:\Windows\System\DdSzDxv.exe
  2⤵
  PID:6508
- C:\Windows\System\DTEQwJK.exe
  C:\Windows\System\DTEQwJK.exe
  2⤵
  PID:7060
- C:\Windows\System\nTYmTYx.exe
  C:\Windows\System\nTYmTYx.exe
  2⤵
  PID:5424
- C:\Windows\System\kkyDQyF.exe
  C:\Windows\System\kkyDQyF.exe
  2⤵
  PID:2760
- C:\Windows\System\AbTvEhk.exe
  C:\Windows\System\AbTvEhk.exe
  2⤵
  PID:2668
- C:\Windows\System\ACnTwKB.exe
  C:\Windows\System\ACnTwKB.exe
  2⤵
  PID:1564
- C:\Windows\System\EVFObbe.exe
  C:\Windows\System\EVFObbe.exe
  2⤵
  PID:6672
- C:\Windows\System\DwjPuMR.exe
  C:\Windows\System\DwjPuMR.exe
  2⤵
  PID:6392
- C:\Windows\System\fGozvZZ.exe
  C:\Windows\System\fGozvZZ.exe
  2⤵
  PID:6248
- C:\Windows\System\dowEpUN.exe
  C:\Windows\System\dowEpUN.exe
  2⤵
  PID:2940
- C:\Windows\System\sYJqskQ.exe
  C:\Windows\System\sYJqskQ.exe
  2⤵
  PID:6612
- C:\Windows\System\MxCitsT.exe
  C:\Windows\System\MxCitsT.exe
  2⤵
  PID:2988
- C:\Windows\System\SKPNRiH.exe
  C:\Windows\System\SKPNRiH.exe
  2⤵
  PID:1028
- C:\Windows\System\JfQrNIj.exe
  C:\Windows\System\JfQrNIj.exe
  2⤵
  PID:6764
- C:\Windows\System\AJQogCL.exe
  C:\Windows\System\AJQogCL.exe
  2⤵
  PID:1044
- C:\Windows\System\fUDmCBb.exe
  C:\Windows\System\fUDmCBb.exe
  2⤵
  PID:6656
- C:\Windows\System\rqKLCPO.exe
  C:\Windows\System\rqKLCPO.exe
  2⤵
  PID:2076
- C:\Windows\System\oyjViMf.exe
  C:\Windows\System\oyjViMf.exe
  2⤵
  PID:6732
- C:\Windows\System\hUlIGIL.exe
  C:\Windows\System\hUlIGIL.exe
  2⤵
  PID:5212
- C:\Windows\System\DgnHZJK.exe
  C:\Windows\System\DgnHZJK.exe
  2⤵
  PID:6876
- C:\Windows\System\bYJdvRP.exe
  C:\Windows\System\bYJdvRP.exe
  2⤵
  PID:6900
- C:\Windows\System\eLuYBSG.exe
  C:\Windows\System\eLuYBSG.exe
  2⤵
  PID:2368
- C:\Windows\System\HpoDCGq.exe
  C:\Windows\System\HpoDCGq.exe
  2⤵
  PID:2696
- C:\Windows\System\llYplrk.exe
  C:\Windows\System\llYplrk.exe
  2⤵
  PID:2632
- C:\Windows\System\dLVniJy.exe
  C:\Windows\System\dLVniJy.exe
  2⤵
  PID:5604
- C:\Windows\System\McfVPoY.exe
  C:\Windows\System\McfVPoY.exe
  2⤵
  PID:6532
- C:\Windows\System\sHkmTXp.exe
  C:\Windows\System\sHkmTXp.exe
  2⤵
  PID:2012
- C:\Windows\System\GcnYmGN.exe
  C:\Windows\System\GcnYmGN.exe
  2⤵
  PID:2164
- C:\Windows\System\YGVzMyH.exe
  C:\Windows\System\YGVzMyH.exe
  2⤵
  PID:4920
- C:\Windows\System\DmflsYG.exe
  C:\Windows\System\DmflsYG.exe
  2⤵
  PID:6376
- C:\Windows\System\VdLPeOX.exe
  C:\Windows\System\VdLPeOX.exe
  2⤵
  PID:1148
- C:\Windows\System\EmYbHFd.exe
  C:\Windows\System\EmYbHFd.exe
  2⤵
  PID:2508
- C:\Windows\System\jaULfPw.exe
  C:\Windows\System\jaULfPw.exe
  2⤵
  PID:6312
- C:\Windows\System\LqGXwlO.exe
  C:\Windows\System\LqGXwlO.exe
  2⤵
  PID:7152
- C:\Windows\System\wyrbjBf.exe
  C:\Windows\System\wyrbjBf.exe
  2⤵
  PID:6332
- C:\Windows\System\PSGsmcN.exe
  C:\Windows\System\PSGsmcN.exe
  2⤵
  PID:2800
- C:\Windows\System\stNmoso.exe
  C:\Windows\System\stNmoso.exe
  2⤵
  PID:6260
- C:\Windows\System\VvFXNEX.exe
  C:\Windows\System\VvFXNEX.exe
  2⤵
  PID:2316
- C:\Windows\System\oqnclwu.exe
  C:\Windows\System\oqnclwu.exe
  2⤵
  PID:6784
- C:\Windows\System\ZpojOKG.exe
  C:\Windows\System\ZpojOKG.exe
  2⤵
  PID:108
- C:\Windows\System\qAyBiqH.exe
  C:\Windows\System\qAyBiqH.exe
  2⤵
  PID:7072
- C:\Windows\System\BMbgZqn.exe
  C:\Windows\System\BMbgZqn.exe
  2⤵
  PID:2288
- C:\Windows\System\ALSuBmH.exe
  C:\Windows\System\ALSuBmH.exe
  2⤵
  PID:6148
- C:\Windows\System\ruayPFw.exe
  C:\Windows\System\ruayPFw.exe
  2⤵
  PID:2784
- C:\Windows\System\vWtPTOL.exe
  C:\Windows\System\vWtPTOL.exe
  2⤵
  PID:6212
- C:\Windows\System\sobGTAw.exe
  C:\Windows\System\sobGTAw.exe
  2⤵
  PID:7180
- C:\Windows\System\AetINuQ.exe
  C:\Windows\System\AetINuQ.exe
  2⤵
  PID:7196
- C:\Windows\System\leFpIOw.exe
  C:\Windows\System\leFpIOw.exe
  2⤵
  PID:7212
- C:\Windows\System\eZMydGg.exe
  C:\Windows\System\eZMydGg.exe
  2⤵
  PID:7228
- C:\Windows\System\fykdquA.exe
  C:\Windows\System\fykdquA.exe
  2⤵
  PID:7244
- C:\Windows\System\ouHzYjx.exe
  C:\Windows\System\ouHzYjx.exe
  2⤵
  PID:7260
- C:\Windows\System\XebqQbg.exe
  C:\Windows\System\XebqQbg.exe
  2⤵
  PID:7280
- C:\Windows\System\TSUbyXL.exe
  C:\Windows\System\TSUbyXL.exe
  2⤵
  PID:7296
- C:\Windows\System\VVZJsJO.exe
  C:\Windows\System\VVZJsJO.exe
  2⤵
  PID:7316
- C:\Windows\System\KQLEzAK.exe
  C:\Windows\System\KQLEzAK.exe
  2⤵
  PID:7336
- C:\Windows\System\rWKJmuQ.exe
  C:\Windows\System\rWKJmuQ.exe
  2⤵
  PID:7352
- C:\Windows\System\yfQIroc.exe
  C:\Windows\System\yfQIroc.exe
  2⤵
  PID:7368
- C:\Windows\System\VnjpJJy.exe
  C:\Windows\System\VnjpJJy.exe
  2⤵
  PID:7384
- C:\Windows\System\QQXMjrg.exe
  C:\Windows\System\QQXMjrg.exe
  2⤵
  PID:7404
- C:\Windows\System\qcCPZJT.exe
  C:\Windows\System\qcCPZJT.exe
  2⤵
  PID:7420
- C:\Windows\System\xUVyfOw.exe
  C:\Windows\System\xUVyfOw.exe
  2⤵
  PID:7436
- C:\Windows\System\YGuLMCl.exe
  C:\Windows\System\YGuLMCl.exe
  2⤵
  PID:7452
- C:\Windows\System\WOpfdhP.exe
  C:\Windows\System\WOpfdhP.exe
  2⤵
  PID:7576
- C:\Windows\System\wxKzcON.exe
  C:\Windows\System\wxKzcON.exe
  2⤵
  PID:7592
- C:\Windows\System\PYGesLu.exe
  C:\Windows\System\PYGesLu.exe
  2⤵
  PID:7624
- C:\Windows\System\pSazTlh.exe
  C:\Windows\System\pSazTlh.exe
  2⤵
  PID:7640
- C:\Windows\System\EKAAFFC.exe
  C:\Windows\System\EKAAFFC.exe
  2⤵
  PID:7672
- C:\Windows\System\ghjFhiS.exe
  C:\Windows\System\ghjFhiS.exe
  2⤵
  PID:7692
- C:\Windows\System\hnTzRGa.exe
  C:\Windows\System\hnTzRGa.exe
  2⤵
  PID:7708
- C:\Windows\System\caugXDU.exe
  C:\Windows\System\caugXDU.exe
  2⤵
  PID:7724
- C:\Windows\System\sjGXjew.exe
  C:\Windows\System\sjGXjew.exe
  2⤵
  PID:7744
- C:\Windows\System\UYYlUSD.exe
  C:\Windows\System\UYYlUSD.exe
  2⤵
  PID:7760
- C:\Windows\System\JfEqmwq.exe
  C:\Windows\System\JfEqmwq.exe
  2⤵
  PID:7776
- C:\Windows\System\iunkbFn.exe
  C:\Windows\System\iunkbFn.exe
  2⤵
  PID:7792
- C:\Windows\System\aFNZDyf.exe
  C:\Windows\System\aFNZDyf.exe
  2⤵
  PID:7808
- C:\Windows\System\JpPWczW.exe
  C:\Windows\System\JpPWczW.exe
  2⤵
  PID:7824
- C:\Windows\System\mrcAMoB.exe
  C:\Windows\System\mrcAMoB.exe
  2⤵
  PID:7840
- C:\Windows\System\CCsUsvs.exe
  C:\Windows\System\CCsUsvs.exe
  2⤵
  PID:7856
- C:\Windows\System\pyvvoHq.exe
  C:\Windows\System\pyvvoHq.exe
  2⤵
  PID:7872
- C:\Windows\System\drortJD.exe
  C:\Windows\System\drortJD.exe
  2⤵
  PID:7888
- C:\Windows\System\QurlABZ.exe
  C:\Windows\System\QurlABZ.exe
  2⤵
  PID:7908
- C:\Windows\System\TvWpjIr.exe
  C:\Windows\System\TvWpjIr.exe
  2⤵
  PID:7924
- C:\Windows\System\ELxfWcM.exe
  C:\Windows\System\ELxfWcM.exe
  2⤵
  PID:7940
- C:\Windows\System\BkleBbx.exe
  C:\Windows\System\BkleBbx.exe
  2⤵
  PID:7960
- C:\Windows\System\akScWdL.exe
  C:\Windows\System\akScWdL.exe
  2⤵
  PID:7976
- C:\Windows\System\dDUwivH.exe
  C:\Windows\System\dDUwivH.exe
  2⤵
  PID:7996
- C:\Windows\System\lRKgBxT.exe
  C:\Windows\System\lRKgBxT.exe
  2⤵
  PID:8012
- C:\Windows\System\UNewRYm.exe
  C:\Windows\System\UNewRYm.exe
  2⤵
  PID:8028
- C:\Windows\System\Ryanscl.exe
  C:\Windows\System\Ryanscl.exe
  2⤵
  PID:8044
- C:\Windows\System\OKWhfVP.exe
  C:\Windows\System\OKWhfVP.exe
  2⤵
  PID:8060
- C:\Windows\System\fqwunnh.exe
  C:\Windows\System\fqwunnh.exe
  2⤵
  PID:8076
- C:\Windows\System\yIFNgHu.exe
  C:\Windows\System\yIFNgHu.exe
  2⤵
  PID:8092
- C:\Windows\System\XdVKnot.exe
  C:\Windows\System\XdVKnot.exe
  2⤵
  PID:8108
- C:\Windows\System\pwIZVuU.exe
  C:\Windows\System\pwIZVuU.exe
  2⤵
  PID:8124
- C:\Windows\System\rzOpADC.exe
  C:\Windows\System\rzOpADC.exe
  2⤵
  PID:8140
- C:\Windows\System\YyrzxYH.exe
  C:\Windows\System\YyrzxYH.exe
  2⤵
  PID:8156
- C:\Windows\System\XuLvVWi.exe
  C:\Windows\System\XuLvVWi.exe
  2⤵
  PID:8172
- C:\Windows\System\akwYNMC.exe
  C:\Windows\System\akwYNMC.exe
  2⤵
  PID:8188
- C:\Windows\System\CvuXKtA.exe
  C:\Windows\System\CvuXKtA.exe
  2⤵
  PID:6436
- C:\Windows\System\RSQZGYb.exe
  C:\Windows\System\RSQZGYb.exe
  2⤵
  PID:7224
- C:\Windows\System\IImfsiR.exe
  C:\Windows\System\IImfsiR.exe
  2⤵
  PID:7204
- C:\Windows\System\keOxASQ.exe
  C:\Windows\System\keOxASQ.exe
  2⤵
  PID:7236
- C:\Windows\System\rekzsuu.exe
  C:\Windows\System\rekzsuu.exe
  2⤵
  PID:7276
- C:\Windows\System\frEnKiU.exe
  C:\Windows\System\frEnKiU.exe
  2⤵
  PID:7344
- C:\Windows\System\OjKYYRJ.exe
  C:\Windows\System\OjKYYRJ.exe
  2⤵
  PID:7348
- C:\Windows\System\ZmclIVE.exe
  C:\Windows\System\ZmclIVE.exe
  2⤵
  PID:7396
- C:\Windows\System\NXIGUlZ.exe
  C:\Windows\System\NXIGUlZ.exe
  2⤵
  PID:7460
- C:\Windows\System\MfBWbZq.exe
  C:\Windows\System\MfBWbZq.exe
  2⤵
  PID:7448
- C:\Windows\System\rhlkYjd.exe
  C:\Windows\System\rhlkYjd.exe
  2⤵
  PID:7476
- C:\Windows\System\GgGxkGB.exe
  C:\Windows\System\GgGxkGB.exe
  2⤵
  PID:7492
- C:\Windows\System\EcuoKNy.exe
  C:\Windows\System\EcuoKNy.exe
  2⤵
  PID:7508
- C:\Windows\System\mljGTuK.exe
  C:\Windows\System\mljGTuK.exe
  2⤵
  PID:7524
- C:\Windows\System\HSqCsdD.exe
  C:\Windows\System\HSqCsdD.exe
  2⤵
  PID:7548
- C:\Windows\System\pCsLWya.exe
  C:\Windows\System\pCsLWya.exe
  2⤵
  PID:7564
- C:\Windows\System\YjSUtuw.exe
  C:\Windows\System\YjSUtuw.exe
  2⤵
  PID:7604
- C:\Windows\System\qJJHCAw.exe
  C:\Windows\System\qJJHCAw.exe
  2⤵
  PID:7620
- C:\Windows\System\JlHmmEG.exe
  C:\Windows\System\JlHmmEG.exe
  2⤵
  PID:7660
- C:\Windows\System\qNntBmR.exe
  C:\Windows\System\qNntBmR.exe
  2⤵
  PID:7636
- C:\Windows\System\GXOksWA.exe
  C:\Windows\System\GXOksWA.exe
  2⤵
  PID:7680
- C:\Windows\System\LonzgcL.exe
  C:\Windows\System\LonzgcL.exe
  2⤵
  PID:7720
- C:\Windows\System\YMGvDHI.exe
  C:\Windows\System\YMGvDHI.exe
  2⤵
  PID:7716
- C:\Windows\System\bagONoz.exe
  C:\Windows\System\bagONoz.exe
  2⤵
  PID:7800
- C:\Windows\System\ZzIBibu.exe
  C:\Windows\System\ZzIBibu.exe
  2⤵
  PID:7864
- C:\Windows\System\mQbGonw.exe
  C:\Windows\System\mQbGonw.exe
  2⤵
  PID:7896
- C:\Windows\System\NFcnAUm.exe
  C:\Windows\System\NFcnAUm.exe
  2⤵
  PID:7852
- C:\Windows\System\LBqoPqI.exe
  C:\Windows\System\LBqoPqI.exe
  2⤵
  PID:7936
- C:\Windows\System\zICCggl.exe
  C:\Windows\System\zICCggl.exe
  2⤵
  PID:7948
- C:\Windows\System\TZGzpyh.exe
  C:\Windows\System\TZGzpyh.exe
  2⤵
  PID:7984
- C:\Windows\System\rIrjOxj.exe
  C:\Windows\System\rIrjOxj.exe
  2⤵
  PID:7988
- C:\Windows\System\eGQrrwa.exe
  C:\Windows\System\eGQrrwa.exe
  2⤵
  PID:8072
- C:\Windows\System\zUWVzII.exe
  C:\Windows\System\zUWVzII.exe
  2⤵
  PID:8100
- C:\Windows\System\DsEMMqt.exe
  C:\Windows\System\DsEMMqt.exe
  2⤵
  PID:8132
- C:\Windows\System\JltEmMR.exe
  C:\Windows\System\JltEmMR.exe
  2⤵
  PID:2692
- C:\Windows\System\SoNqtKH.exe
  C:\Windows\System\SoNqtKH.exe
  2⤵
  PID:7192
- C:\Windows\System\gtApVLq.exe
  C:\Windows\System\gtApVLq.exe
  2⤵
  PID:7268
- C:\Windows\System\XkwyWox.exe
  C:\Windows\System\XkwyWox.exe
  2⤵
  PID:7304
- C:\Windows\System\rUJYLSV.exe
  C:\Windows\System\rUJYLSV.exe
  2⤵
  PID:7332
- C:\Windows\System\bMCqHWz.exe
  C:\Windows\System\bMCqHWz.exe
  2⤵
  PID:7392
- C:\Windows\System\agXZuJL.exe
  C:\Windows\System\agXZuJL.exe
  2⤵
  PID:7416
- C:\Windows\System\qLgcxgT.exe
  C:\Windows\System\qLgcxgT.exe
  2⤵
  PID:7488
- C:\Windows\System\LkoITgw.exe
  C:\Windows\System\LkoITgw.exe
  2⤵
  PID:7500
- C:\Windows\System\oTOlLId.exe
  C:\Windows\System\oTOlLId.exe
  2⤵
  PID:7540
- C:\Windows\System\isaQLXv.exe
  C:\Windows\System\isaQLXv.exe
  2⤵
  PID:7572
- C:\Windows\System\ACjsnuL.exe
  C:\Windows\System\ACjsnuL.exe
  2⤵
  PID:7588
- C:\Windows\System\kYTGHij.exe
  C:\Windows\System\kYTGHij.exe
  2⤵
  PID:7732
- C:\Windows\System\bxSKGEW.exe
  C:\Windows\System\bxSKGEW.exe
  2⤵
  PID:7736
- C:\Windows\System\gVgKqJf.exe
  C:\Windows\System\gVgKqJf.exe
  2⤵
  PID:7772
- C:\Windows\System\StcSPXW.exe
  C:\Windows\System\StcSPXW.exe
  2⤵
  PID:7916
- C:\Windows\System\UEewCPU.exe
  C:\Windows\System\UEewCPU.exe
  2⤵
  PID:7904
- C:\Windows\System\tbcNPYE.exe
  C:\Windows\System\tbcNPYE.exe
  2⤵
  PID:8004
- C:\Windows\System\cutjVft.exe
  C:\Windows\System\cutjVft.exe
  2⤵
  PID:8036
- C:\Windows\System\ocGgRdV.exe
  C:\Windows\System\ocGgRdV.exe
  2⤵
  PID:8116
- C:\Windows\System\ZyctGnq.exe
  C:\Windows\System\ZyctGnq.exe
  2⤵
  PID:8120
- C:\Windows\System\QmKKsmE.exe
  C:\Windows\System\QmKKsmE.exe
  2⤵
  PID:7328
- C:\Windows\System\HJSXOzJ.exe
  C:\Windows\System\HJSXOzJ.exe
  2⤵
  PID:7532
- C:\Windows\System\aJsBhCK.exe
  C:\Windows\System\aJsBhCK.exe
  2⤵
  PID:8152
- C:\Windows\System\rHsOFwP.exe
  C:\Windows\System\rHsOFwP.exe
  2⤵
  PID:7308
- C:\Windows\System\NxPASIH.exe
  C:\Windows\System\NxPASIH.exe
  2⤵
  PID:7520
- C:\Windows\System\cWamMfY.exe
  C:\Windows\System\cWamMfY.exe
  2⤵
  PID:7704
- C:\Windows\System\qVQLOAp.exe
  C:\Windows\System\qVQLOAp.exe
  2⤵
  PID:7920
- C:\Windows\System\bXmlMZX.exe
  C:\Windows\System\bXmlMZX.exe
  2⤵
  PID:7688
- C:\Windows\System\iaXUZHZ.exe
  C:\Windows\System\iaXUZHZ.exe
  2⤵
  PID:7832
- C:\Windows\System\GjvqKmF.exe
  C:\Windows\System\GjvqKmF.exe
  2⤵
  PID:8052
- C:\Windows\System\aUNcMEY.exe
  C:\Windows\System\aUNcMEY.exe
  2⤵
  PID:7188
- C:\Windows\System\GalbRli.exe
  C:\Windows\System\GalbRli.exe
  2⤵
  PID:7480
- C:\Windows\System\IoqWmxG.exe
  C:\Windows\System\IoqWmxG.exe
  2⤵
  PID:7464
- C:\Windows\System\VvaZFDE.exe
  C:\Windows\System\VvaZFDE.exe
  2⤵
  PID:7784
- C:\Windows\System\LQjvSAC.exe
  C:\Windows\System\LQjvSAC.exe
  2⤵
  PID:8088
- C:\Windows\System\GPnADyC.exe
  C:\Windows\System\GPnADyC.exe
  2⤵
  PID:8084
- C:\Windows\System\ihGolEc.exe
  C:\Windows\System\ihGolEc.exe
  2⤵
  PID:7252
- C:\Windows\System\saYlCIX.exe
  C:\Windows\System\saYlCIX.exe
  2⤵
  PID:7600
- C:\Windows\System\FigBxMq.exe
  C:\Windows\System\FigBxMq.exe
  2⤵
  PID:7768
- C:\Windows\System\JLBiFFo.exe
  C:\Windows\System\JLBiFFo.exe
  2⤵
  PID:8200
- C:\Windows\System\ZDQEdpj.exe
  C:\Windows\System\ZDQEdpj.exe
  2⤵
  PID:8216
- C:\Windows\System\FGMyyGe.exe
  C:\Windows\System\FGMyyGe.exe
  2⤵
  PID:8236
- C:\Windows\System\QGQcWTd.exe
  C:\Windows\System\QGQcWTd.exe
  2⤵
  PID:8256
- C:\Windows\System\HsajQkI.exe
  C:\Windows\System\HsajQkI.exe
  2⤵
  PID:8272
- C:\Windows\System\SecAzqP.exe
  C:\Windows\System\SecAzqP.exe
  2⤵
  PID:8288
- C:\Windows\System\JrEFvFe.exe
  C:\Windows\System\JrEFvFe.exe
  2⤵
  PID:8304
- C:\Windows\System\BdkmKQy.exe
  C:\Windows\System\BdkmKQy.exe
  2⤵
  PID:8320
- C:\Windows\System\aAdOlOd.exe
  C:\Windows\System\aAdOlOd.exe
  2⤵
  PID:8336
- C:\Windows\System\dwVeWgh.exe
  C:\Windows\System\dwVeWgh.exe
  2⤵
  PID:8352
- C:\Windows\System\OKlizEs.exe
  C:\Windows\System\OKlizEs.exe
  2⤵
  PID:8368
- C:\Windows\System\UFPwdgC.exe
  C:\Windows\System\UFPwdgC.exe
  2⤵
  PID:8384
- C:\Windows\System\JnMcRxG.exe
  C:\Windows\System\JnMcRxG.exe
  2⤵
  PID:8400
- C:\Windows\System\ZGCdACY.exe
  C:\Windows\System\ZGCdACY.exe
  2⤵
  PID:8416
- C:\Windows\System\gVfxKws.exe
  C:\Windows\System\gVfxKws.exe
  2⤵
  PID:8432
- C:\Windows\System\aGBSlAH.exe
  C:\Windows\System\aGBSlAH.exe
  2⤵
  PID:8448
- C:\Windows\System\GoahgqQ.exe
  C:\Windows\System\GoahgqQ.exe
  2⤵
  PID:8464
- C:\Windows\System\TYUBeML.exe
  C:\Windows\System\TYUBeML.exe
  2⤵
  PID:8480
- C:\Windows\System\hsoYhRe.exe
  C:\Windows\System\hsoYhRe.exe
  2⤵
  PID:8496
- C:\Windows\System\IHRoTaB.exe
  C:\Windows\System\IHRoTaB.exe
  2⤵
  PID:8512
- C:\Windows\System\bVcOqdP.exe
  C:\Windows\System\bVcOqdP.exe
  2⤵
  PID:8912
- C:\Windows\System\UTUuanu.exe
  C:\Windows\System\UTUuanu.exe
  2⤵
  PID:8932
- C:\Windows\System\wOuSsIR.exe
  C:\Windows\System\wOuSsIR.exe
  2⤵
  PID:8952
- C:\Windows\System\RNvShxM.exe
  C:\Windows\System\RNvShxM.exe
  2⤵
  PID:8988
- C:\Windows\System\VOCYezd.exe
  C:\Windows\System\VOCYezd.exe
  2⤵
  PID:9012
- C:\Windows\System\quePeVH.exe
  C:\Windows\System\quePeVH.exe
  2⤵
  PID:9040
- C:\Windows\System\QdCSRUF.exe
  C:\Windows\System\QdCSRUF.exe
  2⤵
  PID:9060
- C:\Windows\System\EPqMTgr.exe
  C:\Windows\System\EPqMTgr.exe
  2⤵
  PID:9092
- C:\Windows\System\ZDOoxbf.exe
  C:\Windows\System\ZDOoxbf.exe
  2⤵
  PID:9108
- C:\Windows\System\DDeCVCf.exe
  C:\Windows\System\DDeCVCf.exe
  2⤵
  PID:9132
- C:\Windows\System\IPRgNyE.exe
  C:\Windows\System\IPRgNyE.exe
  2⤵
  PID:9148
- C:\Windows\System\iGFYkFH.exe
  C:\Windows\System\iGFYkFH.exe
  2⤵
  PID:9164
- C:\Windows\System\RvDvJRT.exe
  C:\Windows\System\RvDvJRT.exe
  2⤵
  PID:9180
- C:\Windows\System\YswaKVz.exe
  C:\Windows\System\YswaKVz.exe
  2⤵
  PID:9196
- C:\Windows\System\mHqTruT.exe
  C:\Windows\System\mHqTruT.exe
  2⤵
  PID:9212
- C:\Windows\System\FTGayrw.exe
  C:\Windows\System\FTGayrw.exe
  2⤵
  PID:8196
- C:\Windows\System\RCdRErT.exe
  C:\Windows\System\RCdRErT.exe
  2⤵
  PID:8068
- C:\Windows\System\aRKJmbw.exe
  C:\Windows\System\aRKJmbw.exe
  2⤵
  PID:8280
- C:\Windows\System\efpeZHO.exe
  C:\Windows\System\efpeZHO.exe
  2⤵
  PID:8232
- C:\Windows\System\iAzoSXi.exe
  C:\Windows\System\iAzoSXi.exe
  2⤵
  PID:8264
- C:\Windows\System\nGJnhRu.exe
  C:\Windows\System\nGJnhRu.exe
  2⤵
  PID:8348
- C:\Windows\System\zFmlffG.exe
  C:\Windows\System\zFmlffG.exe
  2⤵
  PID:8328
- C:\Windows\System\poIsTpf.exe
  C:\Windows\System\poIsTpf.exe
  2⤵
  PID:8360
- C:\Windows\System\CzRshnB.exe
  C:\Windows\System\CzRshnB.exe
  2⤵
  PID:8428
- C:\Windows\System\dHihXhB.exe
  C:\Windows\System\dHihXhB.exe
  2⤵
  PID:8504
- C:\Windows\System\lPaqjdQ.exe
  C:\Windows\System\lPaqjdQ.exe
  2⤵
  PID:8492
- C:\Windows\System\tOLwCIq.exe
  C:\Windows\System\tOLwCIq.exe
  2⤵
  PID:8528
- C:\Windows\System\FrcaeZU.exe
  C:\Windows\System\FrcaeZU.exe
  2⤵
  PID:8544
- C:\Windows\System\FZlJzlx.exe
  C:\Windows\System\FZlJzlx.exe
  2⤵
  PID:8560
- C:\Windows\System\iNBHuQm.exe
  C:\Windows\System\iNBHuQm.exe
  2⤵
  PID:8580
- C:\Windows\System\ReyAqWh.exe
  C:\Windows\System\ReyAqWh.exe
  2⤵
  PID:8604
- C:\Windows\System\pTEcXlg.exe
  C:\Windows\System\pTEcXlg.exe
  2⤵
  PID:8616
- C:\Windows\System\WFlCgQe.exe
  C:\Windows\System\WFlCgQe.exe
  2⤵
  PID:8632
- C:\Windows\System\oKOqmgK.exe
  C:\Windows\System\oKOqmgK.exe
  2⤵
  PID:8644
- C:\Windows\System\ASbBZNI.exe
  C:\Windows\System\ASbBZNI.exe
  2⤵
  PID:8660
- C:\Windows\System\GHgtLuY.exe
  C:\Windows\System\GHgtLuY.exe
  2⤵
  PID:8680
- C:\Windows\System\KbEQJsE.exe
  C:\Windows\System\KbEQJsE.exe
  2⤵
  PID:8692
- C:\Windows\System\rGAgjdE.exe
  C:\Windows\System\rGAgjdE.exe
  2⤵
  PID:8708
- C:\Windows\System\HGxYkLF.exe
  C:\Windows\System\HGxYkLF.exe
  2⤵
  PID:8724
- C:\Windows\System\NcEGVWF.exe
  C:\Windows\System\NcEGVWF.exe
  2⤵
  PID:8740
- C:\Windows\System\tQRHwXV.exe
  C:\Windows\System\tQRHwXV.exe
  2⤵
  PID:8756
- C:\Windows\System\WBExrtD.exe
  C:\Windows\System\WBExrtD.exe
  2⤵
  PID:8772
- C:\Windows\System\UUSZRRW.exe
  C:\Windows\System\UUSZRRW.exe
  2⤵
  PID:8788
- C:\Windows\System\dNkusnp.exe
  C:\Windows\System\dNkusnp.exe
  2⤵
  PID:8804
- C:\Windows\System\kQXotwo.exe
  C:\Windows\System\kQXotwo.exe
  2⤵
  PID:8820
- C:\Windows\System\OthIxBC.exe
  C:\Windows\System\OthIxBC.exe
  2⤵
  PID:556
- C:\Windows\System\hqWyPDd.exe
  C:\Windows\System\hqWyPDd.exe
  2⤵
  PID:944
- C:\Windows\System\wDsZEmk.exe
  C:\Windows\System\wDsZEmk.exe
  2⤵
  PID:1816
- C:\Windows\System\wrqbayo.exe
  C:\Windows\System\wrqbayo.exe
  2⤵
  PID:8920
- C:\Windows\System\jwAKHEW.exe
  C:\Windows\System\jwAKHEW.exe
  2⤵
  PID:8856
- C:\Windows\System\YOdLoSi.exe
  C:\Windows\System\YOdLoSi.exe
  2⤵
  PID:8864
- C:\Windows\System\bawMEXg.exe
  C:\Windows\System\bawMEXg.exe
  2⤵
  PID:8880
- C:\Windows\System\kiEZEFe.exe
  C:\Windows\System\kiEZEFe.exe
  2⤵
  PID:8896
- C:\Windows\System\WehfjwF.exe
  C:\Windows\System\WehfjwF.exe
  2⤵
  PID:6404
- C:\Windows\System\ujUmQRG.exe
  C:\Windows\System\ujUmQRG.exe
  2⤵
  PID:8944
- C:\Windows\System\DFpWPFa.exe
  C:\Windows\System\DFpWPFa.exe
  2⤵
  PID:9004
- C:\Windows\System\LyXMcvn.exe
  C:\Windows\System\LyXMcvn.exe
  2⤵
  PID:8976
- C:\Windows\System\anxSvLP.exe
  C:\Windows\System\anxSvLP.exe
  2⤵
  PID:9020
- C:\Windows\System\xKWSdqb.exe
  C:\Windows\System\xKWSdqb.exe
  2⤵
  PID:9036
- C:\Windows\System\xJjRssl.exe
  C:\Windows\System\xJjRssl.exe
  2⤵
  PID:2756
- C:\Windows\System\tDLzIaT.exe
  C:\Windows\System\tDLzIaT.exe
  2⤵
  PID:9084
- C:\Windows\System\tCtDEKW.exe
  C:\Windows\System\tCtDEKW.exe
  2⤵
  PID:2388
- C:\Windows\System\utbHHWK.exe
  C:\Windows\System\utbHHWK.exe
  2⤵
  PID:8836
- C:\Windows\System\OZGcEAH.exe
  C:\Windows\System\OZGcEAH.exe
  2⤵
  PID:9128
- C:\Windows\System\uguYfZJ.exe
  C:\Windows\System\uguYfZJ.exe
  2⤵
  PID:9144
- C:\Windows\System\klvDxMF.exe
  C:\Windows\System\klvDxMF.exe
  2⤵
  PID:9204
- C:\Windows\System\qbyMNVs.exe
  C:\Windows\System\qbyMNVs.exe
  2⤵
  PID:8228
- C:\Windows\System\QexXfXE.exe
  C:\Windows\System\QexXfXE.exe
  2⤵
  PID:8316
- C:\Windows\System\XHWFdEx.exe
  C:\Windows\System\XHWFdEx.exe
  2⤵
  PID:9192
- C:\Windows\System\LfpFoWU.exe
  C:\Windows\System\LfpFoWU.exe
  2⤵
  PID:8248
- C:\Windows\System\UyVkqIo.exe
  C:\Windows\System\UyVkqIo.exe
  2⤵
  PID:8364
- C:\Windows\System\mJHaUaq.exe
  C:\Windows\System\mJHaUaq.exe
  2⤵
  PID:8444
- C:\Windows\System\mfkyhPE.exe
  C:\Windows\System\mfkyhPE.exe
  2⤵
  PID:8536
- C:\Windows\System\DwfFgNE.exe
  C:\Windows\System\DwfFgNE.exe
  2⤵
  PID:8608
- C:\Windows\System\LhgQzjB.exe
  C:\Windows\System\LhgQzjB.exe
  2⤵
  PID:8168
- C:\Windows\System\yOPegli.exe
  C:\Windows\System\yOPegli.exe
  2⤵
  PID:8588
- C:\Windows\System\yKQrLur.exe
  C:\Windows\System\yKQrLur.exe
  2⤵
  PID:8676
- C:\Windows\System\yvngEIq.exe
  C:\Windows\System\yvngEIq.exe
  2⤵
  PID:8732
- C:\Windows\System\xrTtNxR.exe
  C:\Windows\System\xrTtNxR.exe
  2⤵
  PID:8664
- C:\Windows\System\grnzXix.exe
  C:\Windows\System\grnzXix.exe
  2⤵
  PID:8716
- C:\Windows\System\AibOzuC.exe
  C:\Windows\System\AibOzuC.exe
  2⤵
  PID:8752
- C:\Windows\System\hVrrJRw.exe
  C:\Windows\System\hVrrJRw.exe
  2⤵
  PID:8800
- C:\Windows\System\CjpxsyS.exe
  C:\Windows\System\CjpxsyS.exe
  2⤵
  PID:8816
- C:\Windows\System\XfrhGBo.exe
  C:\Windows\System\XfrhGBo.exe
  2⤵
  PID:6456
- C:\Windows\System\QbOXvho.exe
  C:\Windows\System\QbOXvho.exe
  2⤵
  PID:8876
- C:\Windows\System\jvDiEDx.exe
  C:\Windows\System\jvDiEDx.exe
  2⤵
  PID:9052
- C:\Windows\System\zXZjXBL.exe
  C:\Windows\System\zXZjXBL.exe
  2⤵
  PID:8924
- C:\Windows\System\iBPsomx.exe
  C:\Windows\System\iBPsomx.exe
  2⤵
  PID:8996
- C:\Windows\System\UVxYNav.exe
  C:\Windows\System\UVxYNav.exe
  2⤵
  PID:9048
- C:\Windows\System\ukvAkMu.exe
  C:\Windows\System\ukvAkMu.exe
  2⤵
  PID:9032
- C:\Windows\System\trLBtTQ.exe
  C:\Windows\System\trLBtTQ.exe
  2⤵
  PID:2528
- C:\Windows\System\kTYWuXV.exe
  C:\Windows\System\kTYWuXV.exe
  2⤵
  PID:9116
- C:\Windows\System\ZlBddbw.exe
  C:\Windows\System\ZlBddbw.exe
  2⤵
  PID:9176
- C:\Windows\System\JJRfCtm.exe
  C:\Windows\System\JJRfCtm.exe
  2⤵
  PID:8224
- C:\Windows\System\akDRhEE.exe
  C:\Windows\System\akDRhEE.exe
  2⤵
  PID:8424
- C:\Windows\System\eNXVUHo.exe
  C:\Windows\System\eNXVUHo.exe
  2⤵
  PID:8412
- C:\Windows\System\tUmwqRQ.exe
  C:\Windows\System\tUmwqRQ.exe
  2⤵
  PID:8612
- C:\Windows\System\LXjmANu.exe
  C:\Windows\System\LXjmANu.exe
  2⤵
  PID:8700
- C:\Windows\System\ToCRocX.exe
  C:\Windows\System\ToCRocX.exe
  2⤵
  PID:8640
- C:\Windows\System\WOfMwHS.exe
  C:\Windows\System\WOfMwHS.exe
  2⤵
  PID:8796
- C:\Windows\System\fbhAYhf.exe
  C:\Windows\System\fbhAYhf.exe
  2⤵
  PID:1576
- C:\Windows\System\XOxqEHr.exe
  C:\Windows\System\XOxqEHr.exe
  2⤵
  PID:2068
- C:\Windows\System\AJICgWJ.exe
  C:\Windows\System\AJICgWJ.exe
  2⤵
  PID:8848
- C:\Windows\System\UgxOcKA.exe
  C:\Windows\System\UgxOcKA.exe
  2⤵
  PID:8888
- C:\Windows\System\UHbsDPL.exe
  C:\Windows\System\UHbsDPL.exe
  2⤵
  PID:9072
- C:\Windows\System\eCbZDRQ.exe
  C:\Windows\System\eCbZDRQ.exe
  2⤵
  PID:9056
- C:\Windows\System\HiXdznm.exe
  C:\Windows\System\HiXdznm.exe
  2⤵
  PID:9156
- C:\Windows\System\huwaZMD.exe
  C:\Windows\System\huwaZMD.exe
  2⤵
  PID:7956
- C:\Windows\System\xBrqxIR.exe
  C:\Windows\System\xBrqxIR.exe
  2⤵
  PID:8552
- C:\Windows\System\sakTpKh.exe
  C:\Windows\System\sakTpKh.exe
  2⤵
  PID:8704
- C:\Windows\System\cHhgZXz.exe
  C:\Windows\System\cHhgZXz.exe
  2⤵
  PID:8596
- C:\Windows\System\JfSHFBs.exe
  C:\Windows\System\JfSHFBs.exe
  2⤵
  PID:8904
- C:\Windows\System\XHGBaby.exe
  C:\Windows\System\XHGBaby.exe
  2⤵
  PID:8980
- C:\Windows\System\jbGbQyv.exe
  C:\Windows\System\jbGbQyv.exe
  2⤵
  PID:2960
- C:\Windows\System\gkIhIsC.exe
  C:\Windows\System\gkIhIsC.exe
  2⤵
  PID:8396
- C:\Windows\System\BgIQENg.exe
  C:\Windows\System\BgIQENg.exe
  2⤵
  PID:8720
- C:\Windows\System\XjfxCZO.exe
  C:\Windows\System\XjfxCZO.exe
  2⤵
  PID:9140
- C:\Windows\System\pobcnMS.exe
  C:\Windows\System\pobcnMS.exe
  2⤵
  PID:9188
- C:\Windows\System\FEVEzts.exe
  C:\Windows\System\FEVEzts.exe
  2⤵
  PID:8656
- C:\Windows\System\nlyIHLz.exe
  C:\Windows\System\nlyIHLz.exe
  2⤵
  PID:9232
- C:\Windows\System\ALyxBQr.exe
  C:\Windows\System\ALyxBQr.exe
  2⤵
  PID:9248
- C:\Windows\System\qWUFVjB.exe
  C:\Windows\System\qWUFVjB.exe
  2⤵
  PID:9268
- C:\Windows\System\seWbclX.exe
  C:\Windows\System\seWbclX.exe
  2⤵
  PID:9284
- C:\Windows\System\wlpxEsN.exe
  C:\Windows\System\wlpxEsN.exe
  2⤵
  PID:9300
- C:\Windows\System\paGZEWG.exe
  C:\Windows\System\paGZEWG.exe
  2⤵
  PID:9316
- C:\Windows\System\pPRwFBT.exe
  C:\Windows\System\pPRwFBT.exe
  2⤵
  PID:9336
- C:\Windows\System\avqRXZB.exe
  C:\Windows\System\avqRXZB.exe
  2⤵
  PID:9352
- C:\Windows\System\ueulwzl.exe
  C:\Windows\System\ueulwzl.exe
  2⤵
  PID:9368
- C:\Windows\System\YQhjGwC.exe
  C:\Windows\System\YQhjGwC.exe
  2⤵
  PID:9388
- C:\Windows\System\ZgYGDMK.exe
  C:\Windows\System\ZgYGDMK.exe
  2⤵
  PID:9404
- C:\Windows\System\mPcVZXr.exe
  C:\Windows\System\mPcVZXr.exe
  2⤵
  PID:9420
- C:\Windows\System\CQVtPkY.exe
  C:\Windows\System\CQVtPkY.exe
  2⤵
  PID:9436
- C:\Windows\System\jnkStlm.exe
  C:\Windows\System\jnkStlm.exe
  2⤵
  PID:9452
- C:\Windows\System\irLbYkd.exe
  C:\Windows\System\irLbYkd.exe
  2⤵
  PID:9484
- C:\Windows\System\LAtlxOR.exe
  C:\Windows\System\LAtlxOR.exe
  2⤵
  PID:9544
- C:\Windows\System\KmOwhQi.exe
  C:\Windows\System\KmOwhQi.exe
  2⤵
  PID:9572
- C:\Windows\System\LQSqmbz.exe
  C:\Windows\System\LQSqmbz.exe
  2⤵
  PID:9648
- C:\Windows\System\PiUJVTh.exe
  C:\Windows\System\PiUJVTh.exe
  2⤵
  PID:9668
- C:\Windows\System\EOjogSz.exe
  C:\Windows\System\EOjogSz.exe
  2⤵
  PID:9684
- C:\Windows\System\KQKCGon.exe
  C:\Windows\System\KQKCGon.exe
  2⤵
  PID:9708
- C:\Windows\System\HwInpFM.exe
  C:\Windows\System\HwInpFM.exe
  2⤵
  PID:9724
- C:\Windows\System\luhBFjK.exe
  C:\Windows\System\luhBFjK.exe
  2⤵
  PID:9740
- C:\Windows\System\VhYIIuW.exe
  C:\Windows\System\VhYIIuW.exe
  2⤵
  PID:9764
- C:\Windows\System\QbKdVfz.exe
  C:\Windows\System\QbKdVfz.exe
  2⤵
  PID:9780
- C:\Windows\System\wHqhHNw.exe
  C:\Windows\System\wHqhHNw.exe
  2⤵
  PID:9796
- C:\Windows\System\nvleIqj.exe
  C:\Windows\System\nvleIqj.exe
  2⤵
  PID:9812
- C:\Windows\System\LrPpezW.exe
  C:\Windows\System\LrPpezW.exe
  2⤵
  PID:9828
- C:\Windows\System\nUgEYDe.exe
  C:\Windows\System\nUgEYDe.exe
  2⤵
  PID:9844
- C:\Windows\System\aouzJSz.exe
  C:\Windows\System\aouzJSz.exe
  2⤵
  PID:9860
- C:\Windows\System\wMXHvsM.exe
  C:\Windows\System\wMXHvsM.exe
  2⤵
  PID:9876
- C:\Windows\System\UfhZUVt.exe
  C:\Windows\System\UfhZUVt.exe
  2⤵
  PID:9892
- C:\Windows\System\jtHPmbO.exe
  C:\Windows\System\jtHPmbO.exe
  2⤵
  PID:9908
- C:\Windows\System\SAFoRbE.exe
  C:\Windows\System\SAFoRbE.exe
  2⤵
  PID:9928
- C:\Windows\System\vfIwSSz.exe
  C:\Windows\System\vfIwSSz.exe
  2⤵
  PID:9944
- C:\Windows\System\yvRqnfa.exe
  C:\Windows\System\yvRqnfa.exe
  2⤵
  PID:9964
- C:\Windows\System\fHFEzTx.exe
  C:\Windows\System\fHFEzTx.exe
  2⤵
  PID:9980
- C:\Windows\System\ONHRfOo.exe
  C:\Windows\System\ONHRfOo.exe
  2⤵
  PID:9996
- C:\Windows\System\WvEzKvb.exe
  C:\Windows\System\WvEzKvb.exe
  2⤵
  PID:10012
- C:\Windows\System\WXhQeNJ.exe
  C:\Windows\System\WXhQeNJ.exe
  2⤵
  PID:10028
- C:\Windows\System\xJIxYzE.exe
  C:\Windows\System\xJIxYzE.exe
  2⤵
  PID:10044
- C:\Windows\System\LIjduJo.exe
  C:\Windows\System\LIjduJo.exe
  2⤵
  PID:10060
- C:\Windows\System\xNnUgtB.exe
  C:\Windows\System\xNnUgtB.exe
  2⤵
  PID:10076
- C:\Windows\System\rCzxqFy.exe
  C:\Windows\System\rCzxqFy.exe
  2⤵
  PID:10092
- C:\Windows\System\STXhzMf.exe
  C:\Windows\System\STXhzMf.exe
  2⤵
  PID:10108
- C:\Windows\System\hmotvTC.exe
  C:\Windows\System\hmotvTC.exe
  2⤵
  PID:10124
- C:\Windows\System\cawYlVy.exe
  C:\Windows\System\cawYlVy.exe
  2⤵
  PID:10140
- C:\Windows\System\VGkatZz.exe
  C:\Windows\System\VGkatZz.exe
  2⤵
  PID:10160
- C:\Windows\System\waUSTLU.exe
  C:\Windows\System\waUSTLU.exe
  2⤵
  PID:10176
- C:\Windows\System\LGubPiP.exe
  C:\Windows\System\LGubPiP.exe
  2⤵
  PID:10196
- C:\Windows\System\lUrfptT.exe
  C:\Windows\System\lUrfptT.exe
  2⤵
  PID:10220
- C:\Windows\System\GyfdESS.exe
  C:\Windows\System\GyfdESS.exe
  2⤵
  PID:10236
- C:\Windows\System\FIRrMxc.exe
  C:\Windows\System\FIRrMxc.exe
  2⤵
  PID:2140
- C:\Windows\System\UUCcEqC.exe
  C:\Windows\System\UUCcEqC.exe
  2⤵
  PID:9264
- C:\Windows\System\EqlHowh.exe
  C:\Windows\System\EqlHowh.exe
  2⤵
  PID:9280
- C:\Windows\System\bVJlxyr.exe
  C:\Windows\System\bVJlxyr.exe
  2⤵
  PID:9332
- C:\Windows\System\YjfhLqY.exe
  C:\Windows\System\YjfhLqY.exe
  2⤵
  PID:9360
- C:\Windows\System\XVjtbzX.exe
  C:\Windows\System\XVjtbzX.exe
  2⤵
  PID:8960
- C:\Windows\System\fQMZWeD.exe
  C:\Windows\System\fQMZWeD.exe
  2⤵
  PID:9400
- C:\Windows\System\GlKqEXv.exe
  C:\Windows\System\GlKqEXv.exe
  2⤵
  PID:9416
- C:\Windows\System\fLlNhPm.exe
  C:\Windows\System\fLlNhPm.exe
  2⤵
  PID:9384
- C:\Windows\System\AXMpYXc.exe
  C:\Windows\System\AXMpYXc.exe
  2⤵
  PID:9480
- C:\Windows\System\psAgeGQ.exe
  C:\Windows\System\psAgeGQ.exe
  2⤵
  PID:9496
- C:\Windows\System\gTaZjoH.exe
  C:\Windows\System\gTaZjoH.exe
  2⤵
  PID:9516
- C:\Windows\System\hfdKYaw.exe
  C:\Windows\System\hfdKYaw.exe
  2⤵
  PID:9532
- C:\Windows\System\AFOxUvp.exe
  C:\Windows\System\AFOxUvp.exe
  2⤵
  PID:9560
- C:\Windows\System\btUWAXx.exe
  C:\Windows\System\btUWAXx.exe
  2⤵
  PID:9584
- C:\Windows\System\QtuwaxM.exe
  C:\Windows\System\QtuwaxM.exe
  2⤵
  PID:9600
- C:\Windows\System\aysMmml.exe
  C:\Windows\System\aysMmml.exe
  2⤵
  PID:9616
- C:\Windows\System\vHIPvQi.exe
  C:\Windows\System\vHIPvQi.exe
  2⤵
  PID:9632
- C:\Windows\System\fPTKTyE.exe
  C:\Windows\System\fPTKTyE.exe
  2⤵
  PID:9664
- C:\Windows\System\quSJdky.exe
  C:\Windows\System\quSJdky.exe
  2⤵
  PID:9704
- C:\Windows\System\vGlaUvT.exe
  C:\Windows\System\vGlaUvT.exe
  2⤵
  PID:9644
- C:\Windows\System\aYENKBa.exe
  C:\Windows\System\aYENKBa.exe
  2⤵
  PID:9804
- C:\Windows\System\pZpDqgC.exe
  C:\Windows\System\pZpDqgC.exe
  2⤵
  PID:9748
- C:\Windows\System\TywzJOj.exe
  C:\Windows\System\TywzJOj.exe
  2⤵
  PID:9820
- C:\Windows\System\Awtxcoy.exe
  C:\Windows\System\Awtxcoy.exe
  2⤵
  PID:9900
- C:\Windows\System\BeNekEj.exe
  C:\Windows\System\BeNekEj.exe
  2⤵
  PID:9884
- C:\Windows\System\WyYJdbL.exe
  C:\Windows\System\WyYJdbL.exe
  2⤵
  PID:9464
- C:\Windows\System\ufpsRcg.exe
  C:\Windows\System\ufpsRcg.exe
  2⤵
  PID:9956
- C:\Windows\System\rWAumLC.exe
  C:\Windows\System\rWAumLC.exe
  2⤵
  PID:9992
- C:\Windows\System\LqWIxRl.exe
  C:\Windows\System\LqWIxRl.exe
  2⤵
  PID:10040
- C:\Windows\System\KdCwLgg.exe
  C:\Windows\System\KdCwLgg.exe
  2⤵
  PID:10100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\HrbYXkY.exe

Filesize
6.0MB

MD5
683d65b0cc721a067cad561dae8b2736

SHA1
86802c2d742d902046d3503b489fa4443c078857

SHA256
f9da3b0829cfb462b0d07aa050969df592efc9d9e5fa154b83fe2f25c45fc079

SHA512
28e34a234d1d9129db68687f61007c5a115779877e68e9bf761719828cc9778dc98ec65b61687c11450aefd4050d11cc850b3f67bb8082c19491fbaebe00b3b2

Download Submit
C:\Windows\system\JdaAmkj.exe

Filesize
6.0MB

MD5
72a7ba10e8f8e415e508150fe43b0a23

SHA1
d9fe1cf4b962c896dbba63918e45e630b4a9a91d

SHA256
7ecba7e8fb185001c397860f6524f55404cc26ce7c76d468bafe0dd40b5d78f0

SHA512
b437f782fa54c75ba2508a143acbeb25bad912ac919a73cbefd27082842d53024e6b886155bd6542e24c3336adb97da0f885003226453fe4dac672d2250410fa

Download Submit
C:\Windows\system\KWntCAA.exe

Filesize
6.0MB

MD5
2f2163f8ed38f713980276f5842a6dc5

SHA1
61f923415cdb54a34b2b3e385093f49dffc7f455

SHA256
bdc90adf46eefe190e0be8dec5243ad338a2963429aae8057bb3fa99394855e8

SHA512
2975f2bfd0a84c17145fda7c2159eeab6322d68f9bd0d2ba328f033a853bc3fb5cb55b0c3476889f1a35423868ff195ad81c073807f901df0c4a30a6d1f04fcd

Download Submit
C:\Windows\system\LrKzRoG.exe

Filesize
6.0MB

MD5
9162c24f1cd843f8046ebaa1829e38af

SHA1
97ad7ddf60c73054932535517310569182efad69

SHA256
5e6a32336e86c4168781e5f482d0eaa9856793f291e39a9ed4319a14fd242960

SHA512
ffaf9da28c385970991505ccb4cd1d2d5a73061a3ee528dfedf752219349edb74c7ad3edad8958f924d95ae642ebcc252ce9ea7bc610b13485249c28dcbb2f1e

Download Submit
C:\Windows\system\MgeGRWd.exe

Filesize
6.0MB

MD5
bbf4146dbdbfbebf2a2f84087420e25e

SHA1
8e5991482ab8a8153056a089dcf1fcd5e14b71ff

SHA256
a122ffa2fde2ccd5efd9fded90edca3a9d821991b31fc86dff00f5a7d6e18e6b

SHA512
d572dd281bf2d9286f882238eb3a952c153e93d033708f6ea4483d57599374d78b8cc0c63e71003f6c846fc3b869265b30e929427ae9944c8381a85cc30df571

Download Submit
C:\Windows\system\OInHVHI.exe

Filesize
6.0MB

MD5
44f33bdeeaeb1c7dc1d44088c385c10f

SHA1
2f5919004963dd9ca8d8c1e99beff583b762c2f1

SHA256
3959276e516f3e287eba70c8a991705393c244a15f3acf902f79bc1569818eb6

SHA512
5fdb867aaabce12b2ce960ea4e50618ef5ceda1fdcea7efe7604edfbe7dc2a326cf7a736b97dece639c1ea802fb4b82b01cbcad3e057e12576936b027e23281f

Download Submit
C:\Windows\system\OmlyOgA.exe

Filesize
6.0MB

MD5
920db7611af2388dfff08ffa5c340ad1

SHA1
b601d5df9663863dad806d4834ba94c91ca8bc27

SHA256
59b28b26f5d21a186a334da1d73248ed5af4492b94ccb3c093155b362c17a057

SHA512
6c5d61cd826cdd1819dcb80b0b49ff3b6f154f54161ac305f9bb36ed54c68e0c804843cf0189b62604973459a6d57062083122de7ec2b45ce64a17d6b25a86e0

Download Submit
C:\Windows\system\Ovuqduy.exe

Filesize
6.0MB

MD5
b3b6f733c60e3ab939fdaa98bfbec41e

SHA1
91aedfe2af3332d7581badb242c306a68a3b0f96

SHA256
32b729b751e7f120a043a0dc71a207fb63df09871eaa89576516a46d9c238733

SHA512
2e636df403706687dcbabdb93f2319a6032c37a9f2a0de49c0d4bafbbcb202d43484100c994e12979336ff15468927cbeb437e80a7d47a717933f5abf7636d2e

Download Submit
C:\Windows\system\PhnGSWz.exe

Filesize
6.0MB

MD5
1b372a31371b351cc36182fa538e4314

SHA1
64a017afe7a3299f1e762211e432b19bb20dff8d

SHA256
b009e30ba917e0d078b4ed1a35535cfb4ebed5ace11527f19dc5827b8d85314b

SHA512
e2e9282bbc7d826e6900ed3385da37bc65ea1a34333cff8bac472665928311798cdb4a4448233c251b556100c14a101909d1e17f8505f805ec50302c02d20aa0

Download Submit
C:\Windows\system\QogSrWz.exe

Filesize
6.0MB

MD5
830072bacd4fe75c34e645b27682edc3

SHA1
41c8927e59a2a943ecb40771217114ca2a999fba

SHA256
386e69a4fa18d78e78751ca342e53523e53abc820fe8008d50c1ad912a9374ba

SHA512
b3cab72529d947d25712b06a056ee9141d586c93fec8a1bd05e9c3455bec31ae891ba6c54522fb88e69d416f4e57ee4182cbcd35fac9e3ab66c9284fcd7ffa34

Download Submit
C:\Windows\system\TAEenEV.exe

Filesize
6.0MB

MD5
5cf3439f621bd1b2e7ae7c2eb4e4dc7e

SHA1
62053e80594cc305c44d0d7908419b9640f4b577

SHA256
99baea84bfb62df58a8618fc76e1bf88ee26c32ec3a71a7ce612ac8a691703b7

SHA512
d9382baeb4d9486b699a909209b70abac808e1747d1115b29e966e92e46f6c8ef550cb475869e42ce6d20caa95f26e3a335a083f81657d4598025beb79e52ad7

Download Submit
C:\Windows\system\UDBvTWJ.exe

Filesize
6.0MB

MD5
3b2ad7ddb1cf533e55400981bab21d0a

SHA1
2731a17b4335c6ebdbb7399cf8d4927fca41bbf8

SHA256
e37c70fd2b5f94b8a301c0f68d13a25c7a12986d75fa3f22bf97f2d5ac525cdb

SHA512
da9af52b6cee93cdd9256516d690bba62feb992f76537bd6c682dd84858ed35372e69fa593be2411520375e27718922b5554abd1cd93634c733e632742fa8fc2

Download Submit
C:\Windows\system\Vooxuwu.exe

Filesize
6.0MB

MD5
c6bea07c3da1025a88e1a8b6259d60e8

SHA1
c5115416986e52a5cd767a1a742df3f675244adc

SHA256
5739fffd043e3f268ed80851130936d313d8a941a5262d017e65416fef249832

SHA512
0b6f677626131991b3783feded98320630d473e281af4ccddaa68a84a288ca2aa3e498338c8fbfd7da819764c9aeca626be021bc2d75f2fdd87bab9c5ab033a7

Download Submit
C:\Windows\system\YkwuVxr.exe

Filesize
6.0MB

MD5
1cd1bdb34593d1baae260b42791fb76d

SHA1
d1558916aebd1396c3cc58e6acbe3e173f761d69

SHA256
566cf7804e5039e659ae9a50f6225c92b32ea5ed2ade40bad9b8b1ebf471b2d6

SHA512
691a41b3b5673e7b18b12e5fa2dc21de1f97fd1f9342fff24b2eadae174c336d4ed2394f7ed177e9149948fb7f5fe3772b1f5880f4361375243a93a5d1a28c5f

Download Submit
C:\Windows\system\Yvmgzpj.exe

Filesize
6.0MB

MD5
c30dcb6a15d87aeb594fc0411d1baf7e

SHA1
075af92f96fbf9a3d68e24f01b4d8ebe02d3b636

SHA256
af3dee8b843ee96ba2f03f238edbd6efa0b63d6da1d453e828e514630dc0f9a1

SHA512
fdaa59a82490d5df4353e6fbe1ff748f2c4158f07ea3bb74571734125a6633e31ec09926f309ff0f6d776f1c236705af946c028d671df4e995ae7e43dde8e55d

Download Submit
C:\Windows\system\dQtUVtp.exe

Filesize
6.0MB

MD5
c042c69f8e14f7b73db62848528b64e0

SHA1
9f30df77ddb666b3cd2e48f83ef0916639612936

SHA256
e5491c4b3a2129c5e3691a12c64dda2a7348cd49ae5ed536aa529bd1678cf8af

SHA512
1366df36e81e23e85be32c4acb86d8672c9770eee26665bf6eedf47dd0dac77a9b8c0cac48d83bb9696755aa928f49d9688fbb3fb2e59719424f71415b1b145f

Download Submit
C:\Windows\system\eGJqmTv.exe

Filesize
6.0MB

MD5
9c82d30ddcc17ff514a90babee2dadc7

SHA1
f5860a107c416799caeeb8875eead8010fd645cd

SHA256
91611c50793894e559df39f2d76a8b26f790498d78d2cf786e1f3805644e10a1

SHA512
500b95e4f38ea388d20d52a1e684f3f54769db6b90e588571fe282b78665e12c34b354514184b95cc6cf9217f211871fa75e8b9bcdf40787fd132296f50f92e3

Download Submit
C:\Windows\system\fWodvhy.exe

Filesize
6.0MB

MD5
32e98cb8e39718e951983e7c030c5c03

SHA1
d792a203dd4ee172da6d6da1051c0825f02b36ee

SHA256
993e07f0344aa6599d8006ea62b39e998f9da7c6439d3c4544610c2168e9d62e

SHA512
b68dc8226b7aedda9d7f7f0152de5cc1da842a16ed62aa28fcdfe6790dd23e654ddccec410881c683c810479a59f779d682a13d1c764c414c726575fca9cfa5e

Download Submit
C:\Windows\system\iaUYBob.exe

Filesize
6.0MB

MD5
90666aa0e9c543254422745ee71bfd5d

SHA1
5b00ab7b2edfa8c3f4cab0e0a8c1ce0b1c33f58d

SHA256
bc7d63c10d0f917005dd35f47cd33ff32174977c5de82a72662c8ba9a768d0d0

SHA512
19de63ccf0ee4d536b9bcdaf17ee927d79cca9430a51ae95cc7fca8134b2c59e977dd12164f66e6bfaf341502f4bdf508de417a9f8922102bf6c0b9a85d2daa9

Download Submit
C:\Windows\system\igEbnzC.exe

Filesize
6.0MB

MD5
f5b7eb55d9123ee13d62c42320d005bb

SHA1
b6883bc59c943275f071ee4f6e314e409e8bd02a

SHA256
701e4aeac7457c287a089d16061769b25cb54616b72cedab606e59d73b3760ca

SHA512
5ceb83f74fd434d6dbd6b9ac5795caf92fe6a1588994ce1fa7defc09cc932605070f1519c3940ec1b3b572d121b0e7818ffdfd9272741ec20b68ca54ce818702

Download Submit
C:\Windows\system\kJofDDq.exe

Filesize
6.0MB

MD5
f62362fc5f939c3fcefb87fa0cecf357

SHA1
214ef18297275231ce8081b4330e87cff542200f

SHA256
d078efd8af752eed6047a66886ebe566deb3f0caa643ff09b3df0dd85f3fb185

SHA512
097dd87254fea773a49f30ad0db4c497087b1fac1ff1c841a852594639b749043dd72f1b91ad5c1b10845eb77b880a1729ee7e89a5b5341641fa392203874df6

Download Submit
C:\Windows\system\mtEHLDT.exe

Filesize
6.0MB

MD5
532a633ea7350356288bd4f3633ca64c

SHA1
4ce5f5bc37c1cd7ad2b6a4ee0be2c04805e068bc

SHA256
714e7750dd946eeafd11d4413b52859a1572d482b2ac09964897c6bee4ca1e49

SHA512
b813d5f210a0b5e625982a3b7c875a98d3301e1b95a84bbf4c47a9207c08a71f0bbb42fcd3deba2987e95c3a99579f3507df6a800269b82b347b25b742ec696b

Download Submit
C:\Windows\system\nUKVXjQ.exe

Filesize
6.0MB

MD5
0a7eaeca9ab818965da6a956c25fb754

SHA1
230da995e45a252908877f7b9e6198706998f528

SHA256
bef8b75f39fcb1ed3e6040933b36d20bac9d92c7a4753a1905849c98a480120f

SHA512
2ae25e614ce90d7cdc73fa16dbc7c888f79652ff40d6cfdfe93f1f799e100edc63254a304826716bd1f717ffce9531f604d480e796403c57421aef412e34feb0

Download Submit
C:\Windows\system\oNEGYVL.exe

Filesize
6.0MB

MD5
4e6c7c73630f3fd9e50efa07834c740b

SHA1
17b413e1242aac0fadb3f64d52269f1692ca3524

SHA256
27c3b256b52babb8d5598cadd6389a7d542fb8809ddb5f5d9a357e7a483fa78a

SHA512
d9716fc52eb3dfa006d071f69f76fad9dbc15a5f463f5508c8e41ed27b4a4faf547f3c1834236cf250bf7c8c5f146ef3c0462ed2b219d2c704f357c9f1ff6c1e

Download Submit
C:\Windows\system\tKxrgya.exe

Filesize
6.0MB

MD5
5d1c8c33802f9d9880991306a538b866

SHA1
b1e0345f6c83afc5d6a3f463b8ce0a795b733080

SHA256
e8fcc5141ca56a5e508f0076e896c707b33344ef3726a39fd207d4bf92c997d2

SHA512
02e1e3520bad9ceac8cba5f856505324fc3c53b25aaf4b041dac50afe7b03366c273cd5444cec1cee4009710c866d4300d664b220fb9553145a6a181a11b2375

Download Submit
C:\Windows\system\vdjvhWU.exe

Filesize
6.0MB

MD5
33063cb0c780f656d1871498a61136fe

SHA1
76456cfc0e5460e7895432faa60fcc8fd22843ce

SHA256
a6963858dde51629d68b9574efb72914239f4f913209b86abac91cf06ab12390

SHA512
d7400cd323b9f03711458fc563b649a98237c7b1b2c77b4cf4a76f45e4bb4ff4f84d978d3041cfffd705d8d44a9c2868544e58f7196ec60cf5ea2ca700ab1bfe

Download Submit
C:\Windows\system\vhklgbW.exe

Filesize
6.0MB

MD5
612cf74e81284a25264e113f2653358a

SHA1
3239f18541fa9c402cdc4739adacb69616a9cc21

SHA256
90f275f79d9fcf5b97bded9663318ca169e36b53a2ea0220cb36a967422425d7

SHA512
e4da7da24c94c1b73e5e815d0d9958728b04629dc4afaa60a2c3472d10356f967192bdd1c0f0815b4b1ea6d9d88e5aa7c750a5e88b3be9d0421d4e3aa71b9cab

Download Submit
C:\Windows\system\wNxEUOY.exe

Filesize
6.0MB

MD5
01072d87067a91083a3c6313a903c1d4

SHA1
bf70ea2ee91cdd1ded488ae014e3c446d038f604

SHA256
4e3fda41be6b9e2bb7d8a7a94d8589e0d3d354af903a5a2cfb2334c3e34b82f8

SHA512
44f8173843bf25bb9bc0fa197fee72a23a3df6c88936653cc6f8ae4890c4ba4069b6209b66f42ef4c8d1805f05812652ecfb4740b37375ba5b60cfa14f06e1d0

Download Submit
C:\Windows\system\zHlQDGq.exe

Filesize
6.0MB

MD5
0f226529c17ca5b81d63537ea619703b

SHA1
c4e84b4b4620b431e5bfbecf7778c6a780efea0c

SHA256
8d00a32646475015c93c3a0fa2ef4432f90999085210f2eae0d697c5b5306e9e

SHA512
70fc13707e33ffa78dabf6971ab34c8b18bc5118235104573886788a1ee558c97c2d21ade5a1466cde776ab8d311eb51e11a2ce3cdf825271704da101c87d800

Download Submit
\Windows\system\DORcJwP.exe

Filesize
6.0MB

MD5
7b515c60057e01547f6847df81311634

SHA1
a9e62537a6a43f3298d907999d659c440f1758b6

SHA256
b464ec14dc15ec750cb30ef31864d32a80224e3d958a66d842ab37d769145094

SHA512
b0bd16773e56437215bc6141659f2dbe0e72b03b956199fe31bd69ad727149cf9d684bf672ed034aadb8a826bc5b9f9b5c27caf3a247e24e71e841e283ad1daf

Download Submit
\Windows\system\TVyipCA.exe

Filesize
6.0MB

MD5
9504bc95053355477bcb0dbb63f39c14

SHA1
0df25396a042485e76cdfa01abbb0a3a9ef75a19

SHA256
897bc03ad16208df421986e0335b8bf7b6943cc598fc202d9d1cc054b8cc2151

SHA512
9b4ce5cb6de318300be84a88a4e568b331247ac44ad3e77b4db780202aa426925b26e7acb6498eeaa1042800e3a89cc10234bf00a90e04a3608bf5ca8fb704df

Download Submit
\Windows\system\uwOsXLz.exe

Filesize
6.0MB

MD5
ae2ed6d31a976930c19e9b369d84957c

SHA1
e95cb3cae2f7dcead25fa40833898fefab52b30f

SHA256
dd09ed13407a600c9f122049839e902abbbe29c5158b5fce1cacb35a2b1e787c

SHA512
bf5b6d2b0e8fcf13ce86e638a3e83c511271f0fe60a8b5d624f4d10fd8cfc3238a1fcc22c79a2ce5fb4e1a06121cc9a5b063cf0d228bd48d300f0b3e2f002d49

Download Submit
memory/1972-99-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1972-28-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/1972-427-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1972-30-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1972-32-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1972-35-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1972-37-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1972-40-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1972-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1972-65-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1972-75-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/1972-155-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1972-76-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1972-77-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1972-0-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1972-50-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/1972-104-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2028-78-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-1801-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-428-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-360-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2056-69-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2056-1800-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2192-1806-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-103-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-1792-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2280-31-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2324-1804-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2324-101-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2616-102-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2616-1805-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2652-100-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2652-1803-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2716-74-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2716-1798-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2744-1778-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2744-38-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1799-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2752-302-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2752-55-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2768-1770-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-33-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-36-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1794-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2968-39-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2968-1763-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2976-42-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-301-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1802-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download