cobaltstrike | 0679083ad7846ed0ebc2b6fb9bed379cea25713fc534ae58c51721b5450dc207

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 14:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

697a43499dd72b4eb882313dbf44e286
SHA1

725fd4982b2dfee87c9c6a0bed04fb037fefaf24
SHA256

0679083ad7846ed0ebc2b6fb9bed379cea25713fc534ae58c51721b5450dc207
SHA512

7a93b2164053180d2726890b961a216cc1ce724ebf52bfecf29a910ef0a3b406be0c631ac07e16258221091511d214278901574902193b271081db271e9e453c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU4:T+q56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000700000001211a-3.dat	cobalt_reflective_dll
behavioral1/files/0x0013000000018701-9.dat	cobalt_reflective_dll
behavioral1/files/0x002d000000018681-11.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001870f-21.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191dc-28.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001924a-41.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019244-36.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001925d-51.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019266-58.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019620-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019702-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c53-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c51-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c50-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019994-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196bf-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967e-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963a-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019628-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962a-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019626-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e5-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a6-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019524-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ba-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019259-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018712-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2700-0-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x000700000001211a-3.dat	xmrig
behavioral1/memory/2700-6-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/files/0x0013000000018701-9.dat	xmrig
behavioral1/memory/3048-12-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x002d000000018681-11.dat	xmrig
behavioral1/files/0x000800000001870f-21.dat	xmrig
behavioral1/files/0x00070000000191dc-28.dat	xmrig
behavioral1/files/0x000600000001924a-41.dat	xmrig
behavioral1/files/0x0006000000019244-36.dat	xmrig
behavioral1/files/0x000800000001925d-51.dat	xmrig
behavioral1/files/0x0007000000019266-58.dat	xmrig
behavioral1/files/0x000500000001961c-83.dat	xmrig
behavioral1/files/0x0005000000019620-96.dat	xmrig
behavioral1/files/0x0005000000019622-105.dat	xmrig
behavioral1/files/0x0005000000019702-145.dat	xmrig
behavioral1/files/0x0005000000019c53-165.dat	xmrig
behavioral1/files/0x0005000000019c51-161.dat	xmrig
behavioral1/files/0x0005000000019c50-156.dat	xmrig
behavioral1/files/0x0005000000019994-150.dat	xmrig
behavioral1/files/0x00050000000196bf-140.dat	xmrig
behavioral1/files/0x000500000001967e-135.dat	xmrig
behavioral1/files/0x000500000001963a-130.dat	xmrig
behavioral1/files/0x0005000000019628-121.dat	xmrig
behavioral1/files/0x000500000001962a-125.dat	xmrig
behavioral1/files/0x0005000000019624-111.dat	xmrig
behavioral1/files/0x0005000000019626-115.dat	xmrig
behavioral1/files/0x0005000000019621-101.dat	xmrig
behavioral1/files/0x000500000001961e-90.dat	xmrig
behavioral1/files/0x00050000000195e5-80.dat	xmrig
behavioral1/files/0x00050000000195a6-75.dat	xmrig
behavioral1/files/0x0005000000019524-70.dat	xmrig
behavioral1/files/0x00050000000194ba-65.dat	xmrig
behavioral1/memory/2700-55-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2836-54-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2628-53-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x0006000000019259-46.dat	xmrig
behavioral1/files/0x0007000000018712-26.dat	xmrig
behavioral1/memory/2428-182-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2692-190-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2740-198-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2700-201-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/2556-226-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2496-285-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2788-294-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2416-283-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2716-290-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2464-264-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2784-856-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/1868-861-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2700-2426-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/3048-2552-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2628-2557-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2836-2633-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/3048-2638-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2556-2669-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2428-2670-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2416-2675-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2740-2676-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2692-2681-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2496-2688-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/1868-2710-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2716-2726-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2788-2718-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3048	rFQSQkY.exe
2628	TMFRskc.exe
2836	WbfzVIK.exe
2428	iWlSCKf.exe
2692	ihtggmZ.exe
2740	oLTTPBg.exe
2556	XcTgPqO.exe
2464	SbPCRsX.exe
2416	nmGScXZ.exe
2496	JghkoZk.exe
2716	mrwsOYK.exe
2788	qPJPjNG.exe
2784	tWTzvLd.exe
1868	mbqBCQy.exe
1824	wpwARdx.exe
1972	PTjSjZO.exe
2224	NMrRVHC.exe
1928	GuAqSjb.exe
1820	UwZOlqp.exe
1916	HuwijCe.exe
2408	oGFSVsI.exe
1008	XwzuvSd.exe
2280	ufzacxP.exe
2516	BjPxhMb.exe
1684	zZdEYDs.exe
2268	ozNSBHm.exe
676	ukGLEzt.exe
2768	zUFMCRy.exe
2088	RpbvwrM.exe
1792	iVkLRcV.exe
1140	PZhemcl.exe
2928	YUbJGtN.exe
708	lEKQNHg.exe
1376	ZSbJhGM.exe
2252	VhCkojR.exe
912	vyaYGwF.exe
1604	VPRPqpp.exe
332	HsVUpbP.exe
484	EbzxLLh.exe
652	qlzlwjC.exe
304	pJrsdoK.exe
2292	UQRXwFh.exe
1232	BctxKyk.exe
1752	ZAjPDwO.exe
1160	ifgaecC.exe
3008	ABIzgyG.exe
2344	rDSnlyg.exe
1740	IQEaNfY.exe
2208	dshtJfZ.exe
2016	cimjUfH.exe
1616	gRUQxgN.exe
2340	TpvzIDR.exe
2352	TLkzEei.exe
1596	EGJdkdP.exe
1704	WiswRmf.exe
2564	JDLJdQB.exe
2576	SyaFgyE.exe
2636	hWwGEaB.exe
2820	iXVdEnA.exe
2660	jnuKzPk.exe
2588	mIkMQOM.exe
1940	bQOWvSJ.exe
2220	pbMYxbk.exe
2520	coPMECe.exe

Loads dropped DLL 64 IoCs

pid	Process
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2700-0-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x000700000001211a-3.dat	upx
behavioral1/memory/2700-6-0x00000000023A0000-0x00000000026F4000-memory.dmp	upx
behavioral1/files/0x0013000000018701-9.dat	upx
behavioral1/memory/3048-12-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x002d000000018681-11.dat	upx
behavioral1/files/0x000800000001870f-21.dat	upx
behavioral1/files/0x00070000000191dc-28.dat	upx
behavioral1/files/0x000600000001924a-41.dat	upx
behavioral1/files/0x0006000000019244-36.dat	upx
behavioral1/files/0x000800000001925d-51.dat	upx
behavioral1/files/0x0007000000019266-58.dat	upx
behavioral1/files/0x000500000001961c-83.dat	upx
behavioral1/files/0x0005000000019620-96.dat	upx
behavioral1/files/0x0005000000019622-105.dat	upx
behavioral1/files/0x0005000000019702-145.dat	upx
behavioral1/files/0x0005000000019c53-165.dat	upx
behavioral1/files/0x0005000000019c51-161.dat	upx
behavioral1/files/0x0005000000019c50-156.dat	upx
behavioral1/files/0x0005000000019994-150.dat	upx
behavioral1/files/0x00050000000196bf-140.dat	upx
behavioral1/files/0x000500000001967e-135.dat	upx
behavioral1/files/0x000500000001963a-130.dat	upx
behavioral1/files/0x0005000000019628-121.dat	upx
behavioral1/files/0x000500000001962a-125.dat	upx
behavioral1/files/0x0005000000019624-111.dat	upx
behavioral1/files/0x0005000000019626-115.dat	upx
behavioral1/files/0x0005000000019621-101.dat	upx
behavioral1/files/0x000500000001961e-90.dat	upx
behavioral1/files/0x00050000000195e5-80.dat	upx
behavioral1/files/0x00050000000195a6-75.dat	upx
behavioral1/files/0x0005000000019524-70.dat	upx
behavioral1/files/0x00050000000194ba-65.dat	upx
behavioral1/memory/2836-54-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2628-53-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x0006000000019259-46.dat	upx
behavioral1/files/0x0007000000018712-26.dat	upx
behavioral1/memory/2428-182-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2692-190-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2740-198-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2556-226-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2496-285-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2788-294-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2416-283-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2716-290-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2464-264-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2784-856-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/1868-861-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2700-2426-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/3048-2552-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2628-2557-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2836-2633-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/3048-2638-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2556-2669-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2428-2670-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2416-2675-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2740-2676-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2692-2681-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2496-2688-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/1868-2710-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2716-2726-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2788-2718-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2836-2715-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2784-2711-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZJhPHJy.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BEcYfjp.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ehSzeLT.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cpquMmB.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XeaIjUi.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NMmbiWA.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwMFATJ.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oICAYiB.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QTOZVME.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QFbNHmb.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kRToYGY.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eHghzDu.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dZSbCVr.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jgthufx.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bvcnkgj.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jDXetRn.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yCvUctk.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SKVYGSD.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WaQUQSo.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgVeVJg.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WCEhcVA.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xaQTRfs.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UumxQVo.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tWTzvLd.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WBJOzdm.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LopOeYt.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JYovDWg.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rInhuRc.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jZtPBtH.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PFlTTAg.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZaEBwAQ.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rXjUVAA.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nxbbkZM.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAjapYm.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ghZAJAv.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yeTtESX.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KAptNzg.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ehCCByp.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\suXNjfl.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pcpPihE.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ofCxLGf.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iAgEvZL.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XpIBgHc.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\muTVlqK.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iDfgEVL.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lLzLDgt.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FFNBBqS.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wXlWEgP.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fqKGyjx.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfPxXwt.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFtAUxs.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xJRUkuY.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZjjRYp.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WOJrMEU.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ASfebNc.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tZapRSl.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xgCKrxm.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\akOqmRT.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xINengH.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLgmVpz.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IFsNUpk.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\petAGdR.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMazdFr.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\raxKxxC.exe	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 3048	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2700 wrote to memory of 3048	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2700 wrote to memory of 3048	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2700 wrote to memory of 2628	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2700 wrote to memory of 2628	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2700 wrote to memory of 2628	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2700 wrote to memory of 2836	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2700 wrote to memory of 2836	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2700 wrote to memory of 2836	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2700 wrote to memory of 2428	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2700 wrote to memory of 2428	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2700 wrote to memory of 2428	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2700 wrote to memory of 2692	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2700 wrote to memory of 2692	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2700 wrote to memory of 2692	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2700 wrote to memory of 2740	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2700 wrote to memory of 2740	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2700 wrote to memory of 2740	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2700 wrote to memory of 2556	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2700 wrote to memory of 2556	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2700 wrote to memory of 2556	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2700 wrote to memory of 2464	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2700 wrote to memory of 2464	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2700 wrote to memory of 2464	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2700 wrote to memory of 2416	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2700 wrote to memory of 2416	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2700 wrote to memory of 2416	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2700 wrote to memory of 2496	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2700 wrote to memory of 2496	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2700 wrote to memory of 2496	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2700 wrote to memory of 2716	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2700 wrote to memory of 2716	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2700 wrote to memory of 2716	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2700 wrote to memory of 2788	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2700 wrote to memory of 2788	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2700 wrote to memory of 2788	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2700 wrote to memory of 2784	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2700 wrote to memory of 2784	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2700 wrote to memory of 2784	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2700 wrote to memory of 1868	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2700 wrote to memory of 1868	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2700 wrote to memory of 1868	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2700 wrote to memory of 1824	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2700 wrote to memory of 1824	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2700 wrote to memory of 1824	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2700 wrote to memory of 1972	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2700 wrote to memory of 1972	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2700 wrote to memory of 1972	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2700 wrote to memory of 2224	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2700 wrote to memory of 2224	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2700 wrote to memory of 2224	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2700 wrote to memory of 1928	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2700 wrote to memory of 1928	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2700 wrote to memory of 1928	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2700 wrote to memory of 1820	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2700 wrote to memory of 1820	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2700 wrote to memory of 1820	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2700 wrote to memory of 1916	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2700 wrote to memory of 1916	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2700 wrote to memory of 1916	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2700 wrote to memory of 2408	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2700 wrote to memory of 2408	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2700 wrote to memory of 2408	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2700 wrote to memory of 1008	2700	2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-23_697a43499dd72b4eb882313dbf44e286_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Windows\System\rFQSQkY.exe
  C:\Windows\System\rFQSQkY.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\TMFRskc.exe
  C:\Windows\System\TMFRskc.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\WbfzVIK.exe
  C:\Windows\System\WbfzVIK.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\iWlSCKf.exe
  C:\Windows\System\iWlSCKf.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\ihtggmZ.exe
  C:\Windows\System\ihtggmZ.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\oLTTPBg.exe
  C:\Windows\System\oLTTPBg.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\XcTgPqO.exe
  C:\Windows\System\XcTgPqO.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\SbPCRsX.exe
  C:\Windows\System\SbPCRsX.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\nmGScXZ.exe
  C:\Windows\System\nmGScXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\JghkoZk.exe
  C:\Windows\System\JghkoZk.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\mrwsOYK.exe
  C:\Windows\System\mrwsOYK.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\qPJPjNG.exe
  C:\Windows\System\qPJPjNG.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\tWTzvLd.exe
  C:\Windows\System\tWTzvLd.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\mbqBCQy.exe
  C:\Windows\System\mbqBCQy.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\wpwARdx.exe
  C:\Windows\System\wpwARdx.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\PTjSjZO.exe
  C:\Windows\System\PTjSjZO.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\NMrRVHC.exe
  C:\Windows\System\NMrRVHC.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\GuAqSjb.exe
  C:\Windows\System\GuAqSjb.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\UwZOlqp.exe
  C:\Windows\System\UwZOlqp.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\HuwijCe.exe
  C:\Windows\System\HuwijCe.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\oGFSVsI.exe
  C:\Windows\System\oGFSVsI.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\XwzuvSd.exe
  C:\Windows\System\XwzuvSd.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\ufzacxP.exe
  C:\Windows\System\ufzacxP.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\BjPxhMb.exe
  C:\Windows\System\BjPxhMb.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\zZdEYDs.exe
  C:\Windows\System\zZdEYDs.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\ozNSBHm.exe
  C:\Windows\System\ozNSBHm.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\ukGLEzt.exe
  C:\Windows\System\ukGLEzt.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\zUFMCRy.exe
  C:\Windows\System\zUFMCRy.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\RpbvwrM.exe
  C:\Windows\System\RpbvwrM.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\iVkLRcV.exe
  C:\Windows\System\iVkLRcV.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\PZhemcl.exe
  C:\Windows\System\PZhemcl.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\YUbJGtN.exe
  C:\Windows\System\YUbJGtN.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\lEKQNHg.exe
  C:\Windows\System\lEKQNHg.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\ZSbJhGM.exe
  C:\Windows\System\ZSbJhGM.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\VhCkojR.exe
  C:\Windows\System\VhCkojR.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\vyaYGwF.exe
  C:\Windows\System\vyaYGwF.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\VPRPqpp.exe
  C:\Windows\System\VPRPqpp.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\HsVUpbP.exe
  C:\Windows\System\HsVUpbP.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\EbzxLLh.exe
  C:\Windows\System\EbzxLLh.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\qlzlwjC.exe
  C:\Windows\System\qlzlwjC.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\pJrsdoK.exe
  C:\Windows\System\pJrsdoK.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\UQRXwFh.exe
  C:\Windows\System\UQRXwFh.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\BctxKyk.exe
  C:\Windows\System\BctxKyk.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\ZAjPDwO.exe
  C:\Windows\System\ZAjPDwO.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\ifgaecC.exe
  C:\Windows\System\ifgaecC.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\ABIzgyG.exe
  C:\Windows\System\ABIzgyG.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\rDSnlyg.exe
  C:\Windows\System\rDSnlyg.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\IQEaNfY.exe
  C:\Windows\System\IQEaNfY.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\dshtJfZ.exe
  C:\Windows\System\dshtJfZ.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\cimjUfH.exe
  C:\Windows\System\cimjUfH.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\gRUQxgN.exe
  C:\Windows\System\gRUQxgN.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\TpvzIDR.exe
  C:\Windows\System\TpvzIDR.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\TLkzEei.exe
  C:\Windows\System\TLkzEei.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\EGJdkdP.exe
  C:\Windows\System\EGJdkdP.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\WiswRmf.exe
  C:\Windows\System\WiswRmf.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\JDLJdQB.exe
  C:\Windows\System\JDLJdQB.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\SyaFgyE.exe
  C:\Windows\System\SyaFgyE.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\hWwGEaB.exe
  C:\Windows\System\hWwGEaB.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\iXVdEnA.exe
  C:\Windows\System\iXVdEnA.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\jnuKzPk.exe
  C:\Windows\System\jnuKzPk.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\mIkMQOM.exe
  C:\Windows\System\mIkMQOM.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\bQOWvSJ.exe
  C:\Windows\System\bQOWvSJ.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\pbMYxbk.exe
  C:\Windows\System\pbMYxbk.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\coPMECe.exe
  C:\Windows\System\coPMECe.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\YHSEqKL.exe
  C:\Windows\System\YHSEqKL.exe
  2⤵
  PID:2508
- C:\Windows\System\LoeMIkz.exe
  C:\Windows\System\LoeMIkz.exe
  2⤵
  PID:2908
- C:\Windows\System\QgNsJHr.exe
  C:\Windows\System\QgNsJHr.exe
  2⤵
  PID:1876
- C:\Windows\System\NDhhbqv.exe
  C:\Windows\System\NDhhbqv.exe
  2⤵
  PID:1728
- C:\Windows\System\glYUKvj.exe
  C:\Windows\System\glYUKvj.exe
  2⤵
  PID:1516
- C:\Windows\System\btJDHpP.exe
  C:\Windows\System\btJDHpP.exe
  2⤵
  PID:2480
- C:\Windows\System\uxPAHzv.exe
  C:\Windows\System\uxPAHzv.exe
  2⤵
  PID:2080
- C:\Windows\System\EBLEzEJ.exe
  C:\Windows\System\EBLEzEJ.exe
  2⤵
  PID:2244
- C:\Windows\System\VBsFgiR.exe
  C:\Windows\System\VBsFgiR.exe
  2⤵
  PID:2776
- C:\Windows\System\TmSZAHv.exe
  C:\Windows\System\TmSZAHv.exe
  2⤵
  PID:448
- C:\Windows\System\ebSdIDT.exe
  C:\Windows\System\ebSdIDT.exe
  2⤵
  PID:2944
- C:\Windows\System\JDyASnO.exe
  C:\Windows\System\JDyASnO.exe
  2⤵
  PID:2312
- C:\Windows\System\sEipXSl.exe
  C:\Windows\System\sEipXSl.exe
  2⤵
  PID:2388
- C:\Windows\System\xQdQkFY.exe
  C:\Windows\System\xQdQkFY.exe
  2⤵
  PID:1092
- C:\Windows\System\mWwOKhp.exe
  C:\Windows\System\mWwOKhp.exe
  2⤵
  PID:1544
- C:\Windows\System\NiRSSGF.exe
  C:\Windows\System\NiRSSGF.exe
  2⤵
  PID:1084
- C:\Windows\System\FqDnjxH.exe
  C:\Windows\System\FqDnjxH.exe
  2⤵
  PID:2708
- C:\Windows\System\QcvNGhW.exe
  C:\Windows\System\QcvNGhW.exe
  2⤵
  PID:2004
- C:\Windows\System\toKcydx.exe
  C:\Windows\System\toKcydx.exe
  2⤵
  PID:2640
- C:\Windows\System\WBJOzdm.exe
  C:\Windows\System\WBJOzdm.exe
  2⤵
  PID:2104
- C:\Windows\System\WiMhiZJ.exe
  C:\Windows\System\WiMhiZJ.exe
  2⤵
  PID:2532
- C:\Windows\System\YqIdYvh.exe
  C:\Windows\System\YqIdYvh.exe
  2⤵
  PID:2204
- C:\Windows\System\ZWbePkT.exe
  C:\Windows\System\ZWbePkT.exe
  2⤵
  PID:876
- C:\Windows\System\JfgznmR.exe
  C:\Windows\System\JfgznmR.exe
  2⤵
  PID:2948
- C:\Windows\System\FFrXKDy.exe
  C:\Windows\System\FFrXKDy.exe
  2⤵
  PID:1652
- C:\Windows\System\EvVQxDa.exe
  C:\Windows\System\EvVQxDa.exe
  2⤵
  PID:836
- C:\Windows\System\XyWMLEH.exe
  C:\Windows\System\XyWMLEH.exe
  2⤵
  PID:1756
- C:\Windows\System\eSplqiA.exe
  C:\Windows\System\eSplqiA.exe
  2⤵
  PID:1284
- C:\Windows\System\dIvCQAI.exe
  C:\Windows\System\dIvCQAI.exe
  2⤵
  PID:2892
- C:\Windows\System\QEyHNDd.exe
  C:\Windows\System\QEyHNDd.exe
  2⤵
  PID:2864
- C:\Windows\System\QZUxnxm.exe
  C:\Windows\System\QZUxnxm.exe
  2⤵
  PID:2760
- C:\Windows\System\WjNlsOc.exe
  C:\Windows\System\WjNlsOc.exe
  2⤵
  PID:1524
- C:\Windows\System\xpHnKAH.exe
  C:\Windows\System\xpHnKAH.exe
  2⤵
  PID:2316
- C:\Windows\System\mHleqHN.exe
  C:\Windows\System\mHleqHN.exe
  2⤵
  PID:2420
- C:\Windows\System\zGIjhvV.exe
  C:\Windows\System\zGIjhvV.exe
  2⤵
  PID:2144
- C:\Windows\System\RrZkjnZ.exe
  C:\Windows\System\RrZkjnZ.exe
  2⤵
  PID:1572
- C:\Windows\System\tmfDrBL.exe
  C:\Windows\System\tmfDrBL.exe
  2⤵
  PID:2704
- C:\Windows\System\ARzFOPP.exe
  C:\Windows\System\ARzFOPP.exe
  2⤵
  PID:2952
- C:\Windows\System\EZlEWCI.exe
  C:\Windows\System\EZlEWCI.exe
  2⤵
  PID:628
- C:\Windows\System\kPotmwq.exe
  C:\Windows\System\kPotmwq.exe
  2⤵
  PID:2272
- C:\Windows\System\QdICzFY.exe
  C:\Windows\System\QdICzFY.exe
  2⤵
  PID:2304
- C:\Windows\System\wMdsriY.exe
  C:\Windows\System\wMdsriY.exe
  2⤵
  PID:3020
- C:\Windows\System\qVSOQvw.exe
  C:\Windows\System\qVSOQvw.exe
  2⤵
  PID:1488
- C:\Windows\System\loVivZR.exe
  C:\Windows\System\loVivZR.exe
  2⤵
  PID:1628
- C:\Windows\System\VVTgvss.exe
  C:\Windows\System\VVTgvss.exe
  2⤵
  PID:1744
- C:\Windows\System\EgkaQQT.exe
  C:\Windows\System\EgkaQQT.exe
  2⤵
  PID:2500
- C:\Windows\System\MauvOic.exe
  C:\Windows\System\MauvOic.exe
  2⤵
  PID:2116
- C:\Windows\System\YVEfDvf.exe
  C:\Windows\System\YVEfDvf.exe
  2⤵
  PID:1760
- C:\Windows\System\gudAURu.exe
  C:\Windows\System\gudAURu.exe
  2⤵
  PID:1588
- C:\Windows\System\FktglVj.exe
  C:\Windows\System\FktglVj.exe
  2⤵
  PID:2620
- C:\Windows\System\RgqVsca.exe
  C:\Windows\System\RgqVsca.exe
  2⤵
  PID:2824
- C:\Windows\System\JfPpjdd.exe
  C:\Windows\System\JfPpjdd.exe
  2⤵
  PID:2744
- C:\Windows\System\LleCLWL.exe
  C:\Windows\System\LleCLWL.exe
  2⤵
  PID:2476
- C:\Windows\System\gLuWmOE.exe
  C:\Windows\System\gLuWmOE.exe
  2⤵
  PID:1512
- C:\Windows\System\aiGkmCd.exe
  C:\Windows\System\aiGkmCd.exe
  2⤵
  PID:1984
- C:\Windows\System\UKpZvTR.exe
  C:\Windows\System\UKpZvTR.exe
  2⤵
  PID:1724
- C:\Windows\System\dfeIcAc.exe
  C:\Windows\System\dfeIcAc.exe
  2⤵
  PID:1960
- C:\Windows\System\fXSYMEx.exe
  C:\Windows\System\fXSYMEx.exe
  2⤵
  PID:2652
- C:\Windows\System\GOIYyqS.exe
  C:\Windows\System\GOIYyqS.exe
  2⤵
  PID:540
- C:\Windows\System\DVYTytV.exe
  C:\Windows\System\DVYTytV.exe
  2⤵
  PID:2980
- C:\Windows\System\KyFeYDy.exe
  C:\Windows\System\KyFeYDy.exe
  2⤵
  PID:2456
- C:\Windows\System\WQSZdKk.exe
  C:\Windows\System\WQSZdKk.exe
  2⤵
  PID:2724
- C:\Windows\System\JbqoSIB.exe
  C:\Windows\System\JbqoSIB.exe
  2⤵
  PID:2012
- C:\Windows\System\sBrolOE.exe
  C:\Windows\System\sBrolOE.exe
  2⤵
  PID:2076
- C:\Windows\System\UHWhDvQ.exe
  C:\Windows\System\UHWhDvQ.exe
  2⤵
  PID:2964
- C:\Windows\System\QZMnfiG.exe
  C:\Windows\System\QZMnfiG.exe
  2⤵
  PID:2932
- C:\Windows\System\ewEtPwA.exe
  C:\Windows\System\ewEtPwA.exe
  2⤵
  PID:1188
- C:\Windows\System\amgCXtQ.exe
  C:\Windows\System\amgCXtQ.exe
  2⤵
  PID:1612
- C:\Windows\System\WhRUimc.exe
  C:\Windows\System\WhRUimc.exe
  2⤵
  PID:2656
- C:\Windows\System\LRORkZn.exe
  C:\Windows\System\LRORkZn.exe
  2⤵
  PID:536
- C:\Windows\System\jwTWEwx.exe
  C:\Windows\System\jwTWEwx.exe
  2⤵
  PID:2384
- C:\Windows\System\XrIvHij.exe
  C:\Windows\System\XrIvHij.exe
  2⤵
  PID:1620
- C:\Windows\System\iKiLoAJ.exe
  C:\Windows\System\iKiLoAJ.exe
  2⤵
  PID:276
- C:\Windows\System\WvhnOCt.exe
  C:\Windows\System\WvhnOCt.exe
  2⤵
  PID:340
- C:\Windows\System\uSNylrf.exe
  C:\Windows\System\uSNylrf.exe
  2⤵
  PID:2560
- C:\Windows\System\aIlbYFj.exe
  C:\Windows\System\aIlbYFj.exe
  2⤵
  PID:2444
- C:\Windows\System\TmBNBWZ.exe
  C:\Windows\System\TmBNBWZ.exe
  2⤵
  PID:2468
- C:\Windows\System\akOqmRT.exe
  C:\Windows\System\akOqmRT.exe
  2⤵
  PID:320
- C:\Windows\System\WTvYfJO.exe
  C:\Windows\System\WTvYfJO.exe
  2⤵
  PID:1460
- C:\Windows\System\oJsvPVw.exe
  C:\Windows\System\oJsvPVw.exe
  2⤵
  PID:1484
- C:\Windows\System\DnXzmUw.exe
  C:\Windows\System\DnXzmUw.exe
  2⤵
  PID:884
- C:\Windows\System\JRSkcwN.exe
  C:\Windows\System\JRSkcwN.exe
  2⤵
  PID:1224
- C:\Windows\System\WbhPWyI.exe
  C:\Windows\System\WbhPWyI.exe
  2⤵
  PID:1780
- C:\Windows\System\njUUKka.exe
  C:\Windows\System\njUUKka.exe
  2⤵
  PID:1796
- C:\Windows\System\ROasEwh.exe
  C:\Windows\System\ROasEwh.exe
  2⤵
  PID:1372
- C:\Windows\System\gGrPmci.exe
  C:\Windows\System\gGrPmci.exe
  2⤵
  PID:316
- C:\Windows\System\JibOGKI.exe
  C:\Windows\System\JibOGKI.exe
  2⤵
  PID:2672
- C:\Windows\System\YWaiWFv.exe
  C:\Windows\System\YWaiWFv.exe
  2⤵
  PID:608
- C:\Windows\System\VkJCQcJ.exe
  C:\Windows\System\VkJCQcJ.exe
  2⤵
  PID:1052
- C:\Windows\System\dnOjMJF.exe
  C:\Windows\System\dnOjMJF.exe
  2⤵
  PID:832
- C:\Windows\System\tLXDJis.exe
  C:\Windows\System\tLXDJis.exe
  2⤵
  PID:1776
- C:\Windows\System\vAZsOKD.exe
  C:\Windows\System\vAZsOKD.exe
  2⤵
  PID:2308
- C:\Windows\System\ZPwmRVX.exe
  C:\Windows\System\ZPwmRVX.exe
  2⤵
  PID:3012
- C:\Windows\System\tZHNwBz.exe
  C:\Windows\System\tZHNwBz.exe
  2⤵
  PID:2124
- C:\Windows\System\LrWmtyM.exe
  C:\Windows\System\LrWmtyM.exe
  2⤵
  PID:2256
- C:\Windows\System\cGUVLyO.exe
  C:\Windows\System\cGUVLyO.exe
  2⤵
  PID:2644
- C:\Windows\System\ooHxUSc.exe
  C:\Windows\System\ooHxUSc.exe
  2⤵
  PID:2380
- C:\Windows\System\iHYnOVN.exe
  C:\Windows\System\iHYnOVN.exe
  2⤵
  PID:1152
- C:\Windows\System\NqcaIVz.exe
  C:\Windows\System\NqcaIVz.exe
  2⤵
  PID:2856
- C:\Windows\System\pokCIXX.exe
  C:\Windows\System\pokCIXX.exe
  2⤵
  PID:2756
- C:\Windows\System\ZPWjOSz.exe
  C:\Windows\System\ZPWjOSz.exe
  2⤵
  PID:2040
- C:\Windows\System\ELngiDr.exe
  C:\Windows\System\ELngiDr.exe
  2⤵
  PID:2056
- C:\Windows\System\ulmWlVV.exe
  C:\Windows\System\ulmWlVV.exe
  2⤵
  PID:1700
- C:\Windows\System\flFGvvN.exe
  C:\Windows\System\flFGvvN.exe
  2⤵
  PID:2400
- C:\Windows\System\SbbzFBI.exe
  C:\Windows\System\SbbzFBI.exe
  2⤵
  PID:2404
- C:\Windows\System\dwCegoB.exe
  C:\Windows\System\dwCegoB.exe
  2⤵
  PID:2392
- C:\Windows\System\cSXEgiQ.exe
  C:\Windows\System\cSXEgiQ.exe
  2⤵
  PID:2536
- C:\Windows\System\AiGJEVc.exe
  C:\Windows\System\AiGJEVc.exe
  2⤵
  PID:1564
- C:\Windows\System\EOERSVs.exe
  C:\Windows\System\EOERSVs.exe
  2⤵
  PID:1328
- C:\Windows\System\iMnbMiR.exe
  C:\Windows\System\iMnbMiR.exe
  2⤵
  PID:2240
- C:\Windows\System\EmwlHim.exe
  C:\Windows\System\EmwlHim.exe
  2⤵
  PID:3076
- C:\Windows\System\QSlATkG.exe
  C:\Windows\System\QSlATkG.exe
  2⤵
  PID:3096
- C:\Windows\System\JJweics.exe
  C:\Windows\System\JJweics.exe
  2⤵
  PID:3112
- C:\Windows\System\fNBFApD.exe
  C:\Windows\System\fNBFApD.exe
  2⤵
  PID:3128
- C:\Windows\System\SgdKsFC.exe
  C:\Windows\System\SgdKsFC.exe
  2⤵
  PID:3144
- C:\Windows\System\tzipzEu.exe
  C:\Windows\System\tzipzEu.exe
  2⤵
  PID:3160
- C:\Windows\System\HHOidwm.exe
  C:\Windows\System\HHOidwm.exe
  2⤵
  PID:3176
- C:\Windows\System\vyBJYze.exe
  C:\Windows\System\vyBJYze.exe
  2⤵
  PID:3192
- C:\Windows\System\njHjaXM.exe
  C:\Windows\System\njHjaXM.exe
  2⤵
  PID:3208
- C:\Windows\System\QdfWQvw.exe
  C:\Windows\System\QdfWQvw.exe
  2⤵
  PID:3224
- C:\Windows\System\uTRhMHC.exe
  C:\Windows\System\uTRhMHC.exe
  2⤵
  PID:3252
- C:\Windows\System\SlJgidj.exe
  C:\Windows\System\SlJgidj.exe
  2⤵
  PID:3268
- C:\Windows\System\KpEqfcK.exe
  C:\Windows\System\KpEqfcK.exe
  2⤵
  PID:3292
- C:\Windows\System\dIxawTP.exe
  C:\Windows\System\dIxawTP.exe
  2⤵
  PID:3308
- C:\Windows\System\utyQzCe.exe
  C:\Windows\System\utyQzCe.exe
  2⤵
  PID:3332
- C:\Windows\System\sFsrzeQ.exe
  C:\Windows\System\sFsrzeQ.exe
  2⤵
  PID:3348
- C:\Windows\System\CErmsgo.exe
  C:\Windows\System\CErmsgo.exe
  2⤵
  PID:3364
- C:\Windows\System\suxELAV.exe
  C:\Windows\System\suxELAV.exe
  2⤵
  PID:3380
- C:\Windows\System\lZOVVYV.exe
  C:\Windows\System\lZOVVYV.exe
  2⤵
  PID:3396
- C:\Windows\System\UdXWkhv.exe
  C:\Windows\System\UdXWkhv.exe
  2⤵
  PID:3412
- C:\Windows\System\UksKXDt.exe
  C:\Windows\System\UksKXDt.exe
  2⤵
  PID:3428
- C:\Windows\System\BKiVsYa.exe
  C:\Windows\System\BKiVsYa.exe
  2⤵
  PID:3444
- C:\Windows\System\ApvNEyY.exe
  C:\Windows\System\ApvNEyY.exe
  2⤵
  PID:3460
- C:\Windows\System\OimuBgY.exe
  C:\Windows\System\OimuBgY.exe
  2⤵
  PID:3476
- C:\Windows\System\KgGIxop.exe
  C:\Windows\System\KgGIxop.exe
  2⤵
  PID:3492
- C:\Windows\System\Fpyyxyg.exe
  C:\Windows\System\Fpyyxyg.exe
  2⤵
  PID:3508
- C:\Windows\System\lpXjIXf.exe
  C:\Windows\System\lpXjIXf.exe
  2⤵
  PID:3524
- C:\Windows\System\pdhliTK.exe
  C:\Windows\System\pdhliTK.exe
  2⤵
  PID:3540
- C:\Windows\System\GNpogRe.exe
  C:\Windows\System\GNpogRe.exe
  2⤵
  PID:3556
- C:\Windows\System\ejogfHN.exe
  C:\Windows\System\ejogfHN.exe
  2⤵
  PID:3572
- C:\Windows\System\ubmNCIP.exe
  C:\Windows\System\ubmNCIP.exe
  2⤵
  PID:3588
- C:\Windows\System\odCHwZQ.exe
  C:\Windows\System\odCHwZQ.exe
  2⤵
  PID:3604
- C:\Windows\System\pTNDoIg.exe
  C:\Windows\System\pTNDoIg.exe
  2⤵
  PID:3620
- C:\Windows\System\aAQBuNG.exe
  C:\Windows\System\aAQBuNG.exe
  2⤵
  PID:3804
- C:\Windows\System\jdlKhKP.exe
  C:\Windows\System\jdlKhKP.exe
  2⤵
  PID:3824
- C:\Windows\System\bSjEVJO.exe
  C:\Windows\System\bSjEVJO.exe
  2⤵
  PID:3840
- C:\Windows\System\XCMzvcq.exe
  C:\Windows\System\XCMzvcq.exe
  2⤵
  PID:3856
- C:\Windows\System\vGnlamH.exe
  C:\Windows\System\vGnlamH.exe
  2⤵
  PID:3872
- C:\Windows\System\bZQcZps.exe
  C:\Windows\System\bZQcZps.exe
  2⤵
  PID:3888
- C:\Windows\System\xDqgDgg.exe
  C:\Windows\System\xDqgDgg.exe
  2⤵
  PID:3904
- C:\Windows\System\MMGoMYS.exe
  C:\Windows\System\MMGoMYS.exe
  2⤵
  PID:3920
- C:\Windows\System\sxBlgqc.exe
  C:\Windows\System\sxBlgqc.exe
  2⤵
  PID:3940
- C:\Windows\System\LopOeYt.exe
  C:\Windows\System\LopOeYt.exe
  2⤵
  PID:3964
- C:\Windows\System\iCMqhQn.exe
  C:\Windows\System\iCMqhQn.exe
  2⤵
  PID:3980
- C:\Windows\System\bLmuYGQ.exe
  C:\Windows\System\bLmuYGQ.exe
  2⤵
  PID:3996
- C:\Windows\System\qZLvzCL.exe
  C:\Windows\System\qZLvzCL.exe
  2⤵
  PID:4012
- C:\Windows\System\NluSJti.exe
  C:\Windows\System\NluSJti.exe
  2⤵
  PID:4028
- C:\Windows\System\zsLaMmN.exe
  C:\Windows\System\zsLaMmN.exe
  2⤵
  PID:4044
- C:\Windows\System\YLHZDGz.exe
  C:\Windows\System\YLHZDGz.exe
  2⤵
  PID:4060
- C:\Windows\System\TEVtliD.exe
  C:\Windows\System\TEVtliD.exe
  2⤵
  PID:4076
- C:\Windows\System\cwqSuaC.exe
  C:\Windows\System\cwqSuaC.exe
  2⤵
  PID:4092
- C:\Windows\System\XLLNklg.exe
  C:\Windows\System\XLLNklg.exe
  2⤵
  PID:2424
- C:\Windows\System\fOtCAxF.exe
  C:\Windows\System\fOtCAxF.exe
  2⤵
  PID:1976
- C:\Windows\System\PQJnJyq.exe
  C:\Windows\System\PQJnJyq.exe
  2⤵
  PID:3184
- C:\Windows\System\yZfMLlT.exe
  C:\Windows\System\yZfMLlT.exe
  2⤵
  PID:3140
- C:\Windows\System\ujXHbql.exe
  C:\Windows\System\ujXHbql.exe
  2⤵
  PID:3200
- C:\Windows\System\bCvnnTs.exe
  C:\Windows\System\bCvnnTs.exe
  2⤵
  PID:3104
- C:\Windows\System\JLEnaTE.exe
  C:\Windows\System\JLEnaTE.exe
  2⤵
  PID:3124
- C:\Windows\System\uSdqoRk.exe
  C:\Windows\System\uSdqoRk.exe
  2⤵
  PID:2924
- C:\Windows\System\eHghzDu.exe
  C:\Windows\System\eHghzDu.exe
  2⤵
  PID:1828
- C:\Windows\System\GaCamLH.exe
  C:\Windows\System\GaCamLH.exe
  2⤵
  PID:2440
- C:\Windows\System\sqOuYEh.exe
  C:\Windows\System\sqOuYEh.exe
  2⤵
  PID:3280
- C:\Windows\System\rjBQDsI.exe
  C:\Windows\System\rjBQDsI.exe
  2⤵
  PID:3316
- C:\Windows\System\uqUDsUY.exe
  C:\Windows\System\uqUDsUY.exe
  2⤵
  PID:3328
- C:\Windows\System\pVyCYVM.exe
  C:\Windows\System\pVyCYVM.exe
  2⤵
  PID:3300
- C:\Windows\System\hmcKFLn.exe
  C:\Windows\System\hmcKFLn.exe
  2⤵
  PID:3376
- C:\Windows\System\BOyPlNU.exe
  C:\Windows\System\BOyPlNU.exe
  2⤵
  PID:3484
- C:\Windows\System\suGvivy.exe
  C:\Windows\System\suGvivy.exe
  2⤵
  PID:3548
- C:\Windows\System\PemQPwO.exe
  C:\Windows\System\PemQPwO.exe
  2⤵
  PID:3616
- C:\Windows\System\wxwvjhA.exe
  C:\Windows\System\wxwvjhA.exe
  2⤵
  PID:3420
- C:\Windows\System\AETiVjl.exe
  C:\Windows\System\AETiVjl.exe
  2⤵
  PID:3472
- C:\Windows\System\bivbtfV.exe
  C:\Windows\System\bivbtfV.exe
  2⤵
  PID:3568
- C:\Windows\System\DKwEfrc.exe
  C:\Windows\System\DKwEfrc.exe
  2⤵
  PID:3536
- C:\Windows\System\sczYKRm.exe
  C:\Windows\System\sczYKRm.exe
  2⤵
  PID:3636
- C:\Windows\System\xTztsBI.exe
  C:\Windows\System\xTztsBI.exe
  2⤵
  PID:3656
- C:\Windows\System\pGqjqDE.exe
  C:\Windows\System\pGqjqDE.exe
  2⤵
  PID:3672
- C:\Windows\System\qHNOlXS.exe
  C:\Windows\System\qHNOlXS.exe
  2⤵
  PID:3688
- C:\Windows\System\BdVrPNi.exe
  C:\Windows\System\BdVrPNi.exe
  2⤵
  PID:3468
- C:\Windows\System\qrBCUaq.exe
  C:\Windows\System\qrBCUaq.exe
  2⤵
  PID:3564
- C:\Windows\System\LEiglWS.exe
  C:\Windows\System\LEiglWS.exe
  2⤵
  PID:3500
- C:\Windows\System\eSgDmgj.exe
  C:\Windows\System\eSgDmgj.exe
  2⤵
  PID:3652
- C:\Windows\System\JiUNMAm.exe
  C:\Windows\System\JiUNMAm.exe
  2⤵
  PID:3708
- C:\Windows\System\VwMnDRE.exe
  C:\Windows\System\VwMnDRE.exe
  2⤵
  PID:3732
- C:\Windows\System\dRQSXGw.exe
  C:\Windows\System\dRQSXGw.exe
  2⤵
  PID:3752
- C:\Windows\System\ioWsZbo.exe
  C:\Windows\System\ioWsZbo.exe
  2⤵
  PID:3772
- C:\Windows\System\CofDxbp.exe
  C:\Windows\System\CofDxbp.exe
  2⤵
  PID:3788
- C:\Windows\System\PcuacHo.exe
  C:\Windows\System\PcuacHo.exe
  2⤵
  PID:3632
- C:\Windows\System\DgiSxES.exe
  C:\Windows\System\DgiSxES.exe
  2⤵
  PID:3852
- C:\Windows\System\ECdXFUF.exe
  C:\Windows\System\ECdXFUF.exe
  2⤵
  PID:3912
- C:\Windows\System\gPFOVzY.exe
  C:\Windows\System\gPFOVzY.exe
  2⤵
  PID:3928
- C:\Windows\System\BBiqINi.exe
  C:\Windows\System\BBiqINi.exe
  2⤵
  PID:3952
- C:\Windows\System\EiBJwdu.exe
  C:\Windows\System\EiBJwdu.exe
  2⤵
  PID:4004
- C:\Windows\System\CPaSdsp.exe
  C:\Windows\System\CPaSdsp.exe
  2⤵
  PID:4024
- C:\Windows\System\DUVdJwM.exe
  C:\Windows\System\DUVdJwM.exe
  2⤵
  PID:4052
- C:\Windows\System\tUYyssB.exe
  C:\Windows\System\tUYyssB.exe
  2⤵
  PID:4072
- C:\Windows\System\JkWaGkh.exe
  C:\Windows\System\JkWaGkh.exe
  2⤵
  PID:636
- C:\Windows\System\FgzeREL.exe
  C:\Windows\System\FgzeREL.exe
  2⤵
  PID:3092
- C:\Windows\System\AiFffvA.exe
  C:\Windows\System\AiFffvA.exe
  2⤵
  PID:2372
- C:\Windows\System\GoTIMTL.exe
  C:\Windows\System\GoTIMTL.exe
  2⤵
  PID:3320
- C:\Windows\System\kfkIbnS.exe
  C:\Windows\System\kfkIbnS.exe
  2⤵
  PID:3552
- C:\Windows\System\ZxtTLgj.exe
  C:\Windows\System\ZxtTLgj.exe
  2⤵
  PID:3424
- C:\Windows\System\NeNlivS.exe
  C:\Windows\System\NeNlivS.exe
  2⤵
  PID:3392
- C:\Windows\System\hkvtIza.exe
  C:\Windows\System\hkvtIza.exe
  2⤵
  PID:3260
- C:\Windows\System\oeYzdUH.exe
  C:\Windows\System\oeYzdUH.exe
  2⤵
  PID:3084
- C:\Windows\System\Fgwkfig.exe
  C:\Windows\System\Fgwkfig.exe
  2⤵
  PID:3204
- C:\Windows\System\TjuZTog.exe
  C:\Windows\System\TjuZTog.exe
  2⤵
  PID:3644
- C:\Windows\System\PVpqFcW.exe
  C:\Windows\System\PVpqFcW.exe
  2⤵
  PID:3692
- C:\Windows\System\nxbbkZM.exe
  C:\Windows\System\nxbbkZM.exe
  2⤵
  PID:3716
- C:\Windows\System\hsBNyYv.exe
  C:\Windows\System\hsBNyYv.exe
  2⤵
  PID:3816
- C:\Windows\System\fLpscRV.exe
  C:\Windows\System\fLpscRV.exe
  2⤵
  PID:3744
- C:\Windows\System\mDlTHef.exe
  C:\Windows\System\mDlTHef.exe
  2⤵
  PID:3784
- C:\Windows\System\fcCWVUp.exe
  C:\Windows\System\fcCWVUp.exe
  2⤵
  PID:3900
- C:\Windows\System\PtbLdGE.exe
  C:\Windows\System\PtbLdGE.exe
  2⤵
  PID:3108
- C:\Windows\System\VGijwBX.exe
  C:\Windows\System\VGijwBX.exe
  2⤵
  PID:780
- C:\Windows\System\vuheEfR.exe
  C:\Windows\System\vuheEfR.exe
  2⤵
  PID:3664
- C:\Windows\System\LyUXcXe.exe
  C:\Windows\System\LyUXcXe.exe
  2⤵
  PID:3704
- C:\Windows\System\KyXWcuy.exe
  C:\Windows\System\KyXWcuy.exe
  2⤵
  PID:3780
- C:\Windows\System\fouSGkl.exe
  C:\Windows\System\fouSGkl.exe
  2⤵
  PID:4036
- C:\Windows\System\OCMKeZm.exe
  C:\Windows\System\OCMKeZm.exe
  2⤵
  PID:1296
- C:\Windows\System\udikgxr.exe
  C:\Windows\System\udikgxr.exe
  2⤵
  PID:3360
- C:\Windows\System\RpTuStr.exe
  C:\Windows\System\RpTuStr.exe
  2⤵
  PID:3720
- C:\Windows\System\cEARYNi.exe
  C:\Windows\System\cEARYNi.exe
  2⤵
  PID:3796
- C:\Windows\System\Uvnsule.exe
  C:\Windows\System\Uvnsule.exe
  2⤵
  PID:3936
- C:\Windows\System\DVssVQa.exe
  C:\Windows\System\DVssVQa.exe
  2⤵
  PID:3684
- C:\Windows\System\YraBuRh.exe
  C:\Windows\System\YraBuRh.exe
  2⤵
  PID:1808
- C:\Windows\System\fQCJxIv.exe
  C:\Windows\System\fQCJxIv.exe
  2⤵
  PID:4100
- C:\Windows\System\PcXTbcw.exe
  C:\Windows\System\PcXTbcw.exe
  2⤵
  PID:4120
- C:\Windows\System\oqhBcVo.exe
  C:\Windows\System\oqhBcVo.exe
  2⤵
  PID:4140
- C:\Windows\System\NoDqZEE.exe
  C:\Windows\System\NoDqZEE.exe
  2⤵
  PID:4180
- C:\Windows\System\duUsBkU.exe
  C:\Windows\System\duUsBkU.exe
  2⤵
  PID:4196
- C:\Windows\System\GwTGAPY.exe
  C:\Windows\System\GwTGAPY.exe
  2⤵
  PID:4216
- C:\Windows\System\iKpqRaE.exe
  C:\Windows\System\iKpqRaE.exe
  2⤵
  PID:4232
- C:\Windows\System\EpvLvJQ.exe
  C:\Windows\System\EpvLvJQ.exe
  2⤵
  PID:4248
- C:\Windows\System\FVmszPH.exe
  C:\Windows\System\FVmszPH.exe
  2⤵
  PID:4264
- C:\Windows\System\QJdPKgv.exe
  C:\Windows\System\QJdPKgv.exe
  2⤵
  PID:4280
- C:\Windows\System\iAtczbJ.exe
  C:\Windows\System\iAtczbJ.exe
  2⤵
  PID:4296
- C:\Windows\System\RiLgYPW.exe
  C:\Windows\System\RiLgYPW.exe
  2⤵
  PID:4312
- C:\Windows\System\nSJmXEQ.exe
  C:\Windows\System\nSJmXEQ.exe
  2⤵
  PID:4328
- C:\Windows\System\WaQUQSo.exe
  C:\Windows\System\WaQUQSo.exe
  2⤵
  PID:4344
- C:\Windows\System\gaAUkSt.exe
  C:\Windows\System\gaAUkSt.exe
  2⤵
  PID:4360
- C:\Windows\System\yVHyePF.exe
  C:\Windows\System\yVHyePF.exe
  2⤵
  PID:4392
- C:\Windows\System\jIQcmiS.exe
  C:\Windows\System\jIQcmiS.exe
  2⤵
  PID:4412
- C:\Windows\System\zYkVmgl.exe
  C:\Windows\System\zYkVmgl.exe
  2⤵
  PID:4448
- C:\Windows\System\wZDvjNE.exe
  C:\Windows\System\wZDvjNE.exe
  2⤵
  PID:4464
- C:\Windows\System\szcSZsI.exe
  C:\Windows\System\szcSZsI.exe
  2⤵
  PID:4480
- C:\Windows\System\xGIvuJF.exe
  C:\Windows\System\xGIvuJF.exe
  2⤵
  PID:4496
- C:\Windows\System\XpmARtT.exe
  C:\Windows\System\XpmARtT.exe
  2⤵
  PID:4512
- C:\Windows\System\iQxDzJv.exe
  C:\Windows\System\iQxDzJv.exe
  2⤵
  PID:4528
- C:\Windows\System\JDQrtVq.exe
  C:\Windows\System\JDQrtVq.exe
  2⤵
  PID:4548
- C:\Windows\System\lcPomtu.exe
  C:\Windows\System\lcPomtu.exe
  2⤵
  PID:4568
- C:\Windows\System\tmWMibi.exe
  C:\Windows\System\tmWMibi.exe
  2⤵
  PID:4584
- C:\Windows\System\uJUMCSx.exe
  C:\Windows\System\uJUMCSx.exe
  2⤵
  PID:4600
- C:\Windows\System\HKqOCwD.exe
  C:\Windows\System\HKqOCwD.exe
  2⤵
  PID:4616
- C:\Windows\System\voFKTlw.exe
  C:\Windows\System\voFKTlw.exe
  2⤵
  PID:4632
- C:\Windows\System\kTpvpyu.exe
  C:\Windows\System\kTpvpyu.exe
  2⤵
  PID:4648
- C:\Windows\System\TGnApJB.exe
  C:\Windows\System\TGnApJB.exe
  2⤵
  PID:4668
- C:\Windows\System\uFRhApi.exe
  C:\Windows\System\uFRhApi.exe
  2⤵
  PID:4704
- C:\Windows\System\vOaAIaV.exe
  C:\Windows\System\vOaAIaV.exe
  2⤵
  PID:4720
- C:\Windows\System\gMHvkxh.exe
  C:\Windows\System\gMHvkxh.exe
  2⤵
  PID:4736
- C:\Windows\System\AkUMcHw.exe
  C:\Windows\System\AkUMcHw.exe
  2⤵
  PID:4752
- C:\Windows\System\oaDLGev.exe
  C:\Windows\System\oaDLGev.exe
  2⤵
  PID:4780
- C:\Windows\System\jsAyiDo.exe
  C:\Windows\System\jsAyiDo.exe
  2⤵
  PID:4800
- C:\Windows\System\mubxfIc.exe
  C:\Windows\System\mubxfIc.exe
  2⤵
  PID:4816
- C:\Windows\System\OzLtgrW.exe
  C:\Windows\System\OzLtgrW.exe
  2⤵
  PID:4836
- C:\Windows\System\iDfgEVL.exe
  C:\Windows\System\iDfgEVL.exe
  2⤵
  PID:4852
- C:\Windows\System\UsOQSgK.exe
  C:\Windows\System\UsOQSgK.exe
  2⤵
  PID:4868
- C:\Windows\System\YnzyVen.exe
  C:\Windows\System\YnzyVen.exe
  2⤵
  PID:4884
- C:\Windows\System\iXKhTwI.exe
  C:\Windows\System\iXKhTwI.exe
  2⤵
  PID:4900
- C:\Windows\System\gxtPCYh.exe
  C:\Windows\System\gxtPCYh.exe
  2⤵
  PID:4916
- C:\Windows\System\jZrqpUP.exe
  C:\Windows\System\jZrqpUP.exe
  2⤵
  PID:4932
- C:\Windows\System\qxEAfrx.exe
  C:\Windows\System\qxEAfrx.exe
  2⤵
  PID:4948
- C:\Windows\System\UjPjZTk.exe
  C:\Windows\System\UjPjZTk.exe
  2⤵
  PID:4968
- C:\Windows\System\DcqONoC.exe
  C:\Windows\System\DcqONoC.exe
  2⤵
  PID:4984
- C:\Windows\System\quZjZwk.exe
  C:\Windows\System\quZjZwk.exe
  2⤵
  PID:5008
- C:\Windows\System\ewmpTNr.exe
  C:\Windows\System\ewmpTNr.exe
  2⤵
  PID:5096
- C:\Windows\System\ChUZBMG.exe
  C:\Windows\System\ChUZBMG.exe
  2⤵
  PID:5116
- C:\Windows\System\oICAYiB.exe
  C:\Windows\System\oICAYiB.exe
  2⤵
  PID:3584
- C:\Windows\System\wERRuFu.exe
  C:\Windows\System\wERRuFu.exe
  2⤵
  PID:4116
- C:\Windows\System\MimsufS.exe
  C:\Windows\System\MimsufS.exe
  2⤵
  PID:4156
- C:\Windows\System\EODOyTf.exe
  C:\Windows\System\EODOyTf.exe
  2⤵
  PID:3948
- C:\Windows\System\sFebJtC.exe
  C:\Windows\System\sFebJtC.exe
  2⤵
  PID:3372
- C:\Windows\System\NnOdfWe.exe
  C:\Windows\System\NnOdfWe.exe
  2⤵
  PID:4132
- C:\Windows\System\HurFsjk.exe
  C:\Windows\System\HurFsjk.exe
  2⤵
  PID:3956
- C:\Windows\System\ckkPNQv.exe
  C:\Windows\System\ckkPNQv.exe
  2⤵
  PID:4176
- C:\Windows\System\yZeQxyX.exe
  C:\Windows\System\yZeQxyX.exe
  2⤵
  PID:4204
- C:\Windows\System\DZhEroq.exe
  C:\Windows\System\DZhEroq.exe
  2⤵
  PID:4188
- C:\Windows\System\rObJkkg.exe
  C:\Windows\System\rObJkkg.exe
  2⤵
  PID:4256
- C:\Windows\System\EMIMQjl.exe
  C:\Windows\System\EMIMQjl.exe
  2⤵
  PID:4352
- C:\Windows\System\GOHwYlu.exe
  C:\Windows\System\GOHwYlu.exe
  2⤵
  PID:4320
- C:\Windows\System\IDUwOmC.exe
  C:\Windows\System\IDUwOmC.exe
  2⤵
  PID:4420
- C:\Windows\System\eEznkbm.exe
  C:\Windows\System\eEznkbm.exe
  2⤵
  PID:4444
- C:\Windows\System\MPaGcGB.exe
  C:\Windows\System\MPaGcGB.exe
  2⤵
  PID:4504
- C:\Windows\System\qCfkqTF.exe
  C:\Windows\System\qCfkqTF.exe
  2⤵
  PID:4544
- C:\Windows\System\euRDDHg.exe
  C:\Windows\System\euRDDHg.exe
  2⤵
  PID:4612
- C:\Windows\System\xYLwnoh.exe
  C:\Windows\System\xYLwnoh.exe
  2⤵
  PID:4680
- C:\Windows\System\gesdLfJ.exe
  C:\Windows\System\gesdLfJ.exe
  2⤵
  PID:4684
- C:\Windows\System\OLpKiPS.exe
  C:\Windows\System\OLpKiPS.exe
  2⤵
  PID:4768
- C:\Windows\System\Mqigvcj.exe
  C:\Windows\System\Mqigvcj.exe
  2⤵
  PID:4876
- C:\Windows\System\xpIByWA.exe
  C:\Windows\System\xpIByWA.exe
  2⤵
  PID:4940
- C:\Windows\System\akaflay.exe
  C:\Windows\System\akaflay.exe
  2⤵
  PID:4976
- C:\Windows\System\KMGChmU.exe
  C:\Windows\System\KMGChmU.exe
  2⤵
  PID:4828
- C:\Windows\System\rInhuRc.exe
  C:\Windows\System\rInhuRc.exe
  2⤵
  PID:4956
- C:\Windows\System\SiUFRPJ.exe
  C:\Windows\System\SiUFRPJ.exe
  2⤵
  PID:5000
- C:\Windows\System\TTmlMAh.exe
  C:\Windows\System\TTmlMAh.exe
  2⤵
  PID:4832
- C:\Windows\System\anmKlRP.exe
  C:\Windows\System\anmKlRP.exe
  2⤵
  PID:4712
- C:\Windows\System\UFGCQzD.exe
  C:\Windows\System\UFGCQzD.exe
  2⤵
  PID:4596
- C:\Windows\System\neVxHYT.exe
  C:\Windows\System\neVxHYT.exe
  2⤵
  PID:4524
- C:\Windows\System\EUrkRrP.exe
  C:\Windows\System\EUrkRrP.exe
  2⤵
  PID:5024
- C:\Windows\System\ZozAXkm.exe
  C:\Windows\System\ZozAXkm.exe
  2⤵
  PID:5036
- C:\Windows\System\qRtBbEE.exe
  C:\Windows\System\qRtBbEE.exe
  2⤵
  PID:5052
- C:\Windows\System\nfrHzBk.exe
  C:\Windows\System\nfrHzBk.exe
  2⤵
  PID:5068
- C:\Windows\System\KbwhPhe.exe
  C:\Windows\System\KbwhPhe.exe
  2⤵
  PID:5084
- C:\Windows\System\fOIjDlQ.exe
  C:\Windows\System\fOIjDlQ.exe
  2⤵
  PID:3288
- C:\Windows\System\PNWYzLP.exe
  C:\Windows\System\PNWYzLP.exe
  2⤵
  PID:5108
- C:\Windows\System\UtnvDMA.exe
  C:\Windows\System\UtnvDMA.exe
  2⤵
  PID:4152
- C:\Windows\System\PvyBLlq.exe
  C:\Windows\System\PvyBLlq.exe
  2⤵
  PID:3748
- C:\Windows\System\FfqnDDe.exe
  C:\Windows\System\FfqnDDe.exe
  2⤵
  PID:4228
- C:\Windows\System\acfbzyG.exe
  C:\Windows\System\acfbzyG.exe
  2⤵
  PID:4212
- C:\Windows\System\lqITNbD.exe
  C:\Windows\System\lqITNbD.exe
  2⤵
  PID:4260
- C:\Windows\System\mqWAvrc.exe
  C:\Windows\System\mqWAvrc.exe
  2⤵
  PID:4324
- C:\Windows\System\SvkJWAf.exe
  C:\Windows\System\SvkJWAf.exe
  2⤵
  PID:4696
- C:\Windows\System\RWShjyi.exe
  C:\Windows\System\RWShjyi.exe
  2⤵
  PID:4760
- C:\Windows\System\QgPJTUl.exe
  C:\Windows\System\QgPJTUl.exe
  2⤵
  PID:4912
- C:\Windows\System\GSyUqFk.exe
  C:\Windows\System\GSyUqFk.exe
  2⤵
  PID:4812
- C:\Windows\System\szHXktA.exe
  C:\Windows\System\szHXktA.exe
  2⤵
  PID:4928
- C:\Windows\System\utLpccY.exe
  C:\Windows\System\utLpccY.exe
  2⤵
  PID:4776
- C:\Windows\System\NljwWZq.exe
  C:\Windows\System\NljwWZq.exe
  2⤵
  PID:4996
- C:\Windows\System\kjzbyhw.exe
  C:\Windows\System\kjzbyhw.exe
  2⤵
  PID:4748
- C:\Windows\System\otKKwEy.exe
  C:\Windows\System\otKKwEy.exe
  2⤵
  PID:4560
- C:\Windows\System\WEidCln.exe
  C:\Windows\System\WEidCln.exe
  2⤵
  PID:5092
- C:\Windows\System\XVpEEII.exe
  C:\Windows\System\XVpEEII.exe
  2⤵
  PID:5044
- C:\Windows\System\yOydRrC.exe
  C:\Windows\System\yOydRrC.exe
  2⤵
  PID:4168
- C:\Windows\System\KjBtFlq.exe
  C:\Windows\System\KjBtFlq.exe
  2⤵
  PID:4128
- C:\Windows\System\bLmfZSZ.exe
  C:\Windows\System\bLmfZSZ.exe
  2⤵
  PID:4276
- C:\Windows\System\KJOcCSY.exe
  C:\Windows\System\KJOcCSY.exe
  2⤵
  PID:4340
- C:\Windows\System\dNdpQzb.exe
  C:\Windows\System\dNdpQzb.exe
  2⤵
  PID:4380
- C:\Windows\System\yzYzztr.exe
  C:\Windows\System\yzYzztr.exe
  2⤵
  PID:4540
- C:\Windows\System\gnxJpmr.exe
  C:\Windows\System\gnxJpmr.exe
  2⤵
  PID:4436
- C:\Windows\System\aNjrtlv.exe
  C:\Windows\System\aNjrtlv.exe
  2⤵
  PID:4864
- C:\Windows\System\rNCuFJM.exe
  C:\Windows\System\rNCuFJM.exe
  2⤵
  PID:4608
- C:\Windows\System\LARruxk.exe
  C:\Windows\System\LARruxk.exe
  2⤵
  PID:4716
- C:\Windows\System\PFgXCnY.exe
  C:\Windows\System\PFgXCnY.exe
  2⤵
  PID:4404
- C:\Windows\System\bfXtUTX.exe
  C:\Windows\System\bfXtUTX.exe
  2⤵
  PID:4792
- C:\Windows\System\xkaqusU.exe
  C:\Windows\System\xkaqusU.exe
  2⤵
  PID:4732
- C:\Windows\System\bAatkWZ.exe
  C:\Windows\System\bAatkWZ.exe
  2⤵
  PID:2840
- C:\Windows\System\uTFpsIN.exe
  C:\Windows\System\uTFpsIN.exe
  2⤵
  PID:5048
- C:\Windows\System\omDPvXp.exe
  C:\Windows\System\omDPvXp.exe
  2⤵
  PID:4208
- C:\Windows\System\whxtqyo.exe
  C:\Windows\System\whxtqyo.exe
  2⤵
  PID:4336
- C:\Windows\System\lAQUVPd.exe
  C:\Windows\System\lAQUVPd.exe
  2⤵
  PID:4860
- C:\Windows\System\qCzIMyK.exe
  C:\Windows\System\qCzIMyK.exe
  2⤵
  PID:4456
- C:\Windows\System\WSLszns.exe
  C:\Windows\System\WSLszns.exe
  2⤵
  PID:5124
- C:\Windows\System\JquJyMD.exe
  C:\Windows\System\JquJyMD.exe
  2⤵
  PID:5140
- C:\Windows\System\hKNwJyK.exe
  C:\Windows\System\hKNwJyK.exe
  2⤵
  PID:5156
- C:\Windows\System\bfaEjFm.exe
  C:\Windows\System\bfaEjFm.exe
  2⤵
  PID:5172
- C:\Windows\System\CsMTYeX.exe
  C:\Windows\System\CsMTYeX.exe
  2⤵
  PID:5188
- C:\Windows\System\uVViBWP.exe
  C:\Windows\System\uVViBWP.exe
  2⤵
  PID:5204
- C:\Windows\System\yROhYNm.exe
  C:\Windows\System\yROhYNm.exe
  2⤵
  PID:5220
- C:\Windows\System\qNCPkjr.exe
  C:\Windows\System\qNCPkjr.exe
  2⤵
  PID:5236
- C:\Windows\System\nenoHEg.exe
  C:\Windows\System\nenoHEg.exe
  2⤵
  PID:5252
- C:\Windows\System\ySFZehF.exe
  C:\Windows\System\ySFZehF.exe
  2⤵
  PID:5268
- C:\Windows\System\MopWLHn.exe
  C:\Windows\System\MopWLHn.exe
  2⤵
  PID:5288
- C:\Windows\System\EAiabhd.exe
  C:\Windows\System\EAiabhd.exe
  2⤵
  PID:5312
- C:\Windows\System\OSkzBiw.exe
  C:\Windows\System\OSkzBiw.exe
  2⤵
  PID:5328
- C:\Windows\System\JdSRTZY.exe
  C:\Windows\System\JdSRTZY.exe
  2⤵
  PID:5344
- C:\Windows\System\oTQMShQ.exe
  C:\Windows\System\oTQMShQ.exe
  2⤵
  PID:5360
- C:\Windows\System\jNSoTAk.exe
  C:\Windows\System\jNSoTAk.exe
  2⤵
  PID:5396
- C:\Windows\System\vPkBhIL.exe
  C:\Windows\System\vPkBhIL.exe
  2⤵
  PID:5480
- C:\Windows\System\STeLivj.exe
  C:\Windows\System\STeLivj.exe
  2⤵
  PID:5500
- C:\Windows\System\nwfzxtA.exe
  C:\Windows\System\nwfzxtA.exe
  2⤵
  PID:5536
- C:\Windows\System\eTfAorp.exe
  C:\Windows\System\eTfAorp.exe
  2⤵
  PID:5552
- C:\Windows\System\ASfebNc.exe
  C:\Windows\System\ASfebNc.exe
  2⤵
  PID:5568
- C:\Windows\System\ykChEWM.exe
  C:\Windows\System\ykChEWM.exe
  2⤵
  PID:5584
- C:\Windows\System\XExZVbe.exe
  C:\Windows\System\XExZVbe.exe
  2⤵
  PID:5600
- C:\Windows\System\nsDsONe.exe
  C:\Windows\System\nsDsONe.exe
  2⤵
  PID:5616
- C:\Windows\System\tPoxSMG.exe
  C:\Windows\System\tPoxSMG.exe
  2⤵
  PID:5632
- C:\Windows\System\zuQrEXw.exe
  C:\Windows\System\zuQrEXw.exe
  2⤵
  PID:5648
- C:\Windows\System\aRNLYCo.exe
  C:\Windows\System\aRNLYCo.exe
  2⤵
  PID:5664
- C:\Windows\System\eUViVJm.exe
  C:\Windows\System\eUViVJm.exe
  2⤵
  PID:5680
- C:\Windows\System\HbCSaml.exe
  C:\Windows\System\HbCSaml.exe
  2⤵
  PID:5696
- C:\Windows\System\jeawgjD.exe
  C:\Windows\System\jeawgjD.exe
  2⤵
  PID:5712
- C:\Windows\System\dOSrVaO.exe
  C:\Windows\System\dOSrVaO.exe
  2⤵
  PID:5728
- C:\Windows\System\RdpFiQP.exe
  C:\Windows\System\RdpFiQP.exe
  2⤵
  PID:5744
- C:\Windows\System\AftWOUO.exe
  C:\Windows\System\AftWOUO.exe
  2⤵
  PID:5760
- C:\Windows\System\JavhgmG.exe
  C:\Windows\System\JavhgmG.exe
  2⤵
  PID:5792
- C:\Windows\System\PkBllAr.exe
  C:\Windows\System\PkBllAr.exe
  2⤵
  PID:5820
- C:\Windows\System\FnpNqOh.exe
  C:\Windows\System\FnpNqOh.exe
  2⤵
  PID:5872
- C:\Windows\System\DUlMvdU.exe
  C:\Windows\System\DUlMvdU.exe
  2⤵
  PID:5900
- C:\Windows\System\dpLHFIc.exe
  C:\Windows\System\dpLHFIc.exe
  2⤵
  PID:5916
- C:\Windows\System\rFVJpfP.exe
  C:\Windows\System\rFVJpfP.exe
  2⤵
  PID:5932
- C:\Windows\System\cKDZrrG.exe
  C:\Windows\System\cKDZrrG.exe
  2⤵
  PID:5948
- C:\Windows\System\tZapRSl.exe
  C:\Windows\System\tZapRSl.exe
  2⤵
  PID:5964
- C:\Windows\System\yGsdLYu.exe
  C:\Windows\System\yGsdLYu.exe
  2⤵
  PID:5980
- C:\Windows\System\VWawOlt.exe
  C:\Windows\System\VWawOlt.exe
  2⤵
  PID:6000
- C:\Windows\System\qqxBXCV.exe
  C:\Windows\System\qqxBXCV.exe
  2⤵
  PID:6024
- C:\Windows\System\KHAyZrj.exe
  C:\Windows\System\KHAyZrj.exe
  2⤵
  PID:6044
- C:\Windows\System\IqNkUKQ.exe
  C:\Windows\System\IqNkUKQ.exe
  2⤵
  PID:6064
- C:\Windows\System\NANaVOM.exe
  C:\Windows\System\NANaVOM.exe
  2⤵
  PID:6084
- C:\Windows\System\DgCZLaS.exe
  C:\Windows\System\DgCZLaS.exe
  2⤵
  PID:6104
- C:\Windows\System\RwPQkFp.exe
  C:\Windows\System\RwPQkFp.exe
  2⤵
  PID:6140
- C:\Windows\System\evTnRNq.exe
  C:\Windows\System\evTnRNq.exe
  2⤵
  PID:4428
- C:\Windows\System\wKLYLbQ.exe
  C:\Windows\System\wKLYLbQ.exe
  2⤵
  PID:5152
- C:\Windows\System\TWgGDVQ.exe
  C:\Windows\System\TWgGDVQ.exe
  2⤵
  PID:5216
- C:\Windows\System\DeOWZfC.exe
  C:\Windows\System\DeOWZfC.exe
  2⤵
  PID:5280
- C:\Windows\System\CWSxCJX.exe
  C:\Windows\System\CWSxCJX.exe
  2⤵
  PID:5324
- C:\Windows\System\QTOZVME.exe
  C:\Windows\System\QTOZVME.exe
  2⤵
  PID:5296
- C:\Windows\System\eGluEqZ.exe
  C:\Windows\System\eGluEqZ.exe
  2⤵
  PID:5300
- C:\Windows\System\QCmILid.exe
  C:\Windows\System\QCmILid.exe
  2⤵
  PID:4676
- C:\Windows\System\SjOPkKz.exe
  C:\Windows\System\SjOPkKz.exe
  2⤵
  PID:5264
- C:\Windows\System\FeQHSUT.exe
  C:\Windows\System\FeQHSUT.exe
  2⤵
  PID:5164
- C:\Windows\System\kZrdtdE.exe
  C:\Windows\System\kZrdtdE.exe
  2⤵
  PID:4556
- C:\Windows\System\lGkzxNa.exe
  C:\Windows\System\lGkzxNa.exe
  2⤵
  PID:4408
- C:\Windows\System\zvpyLQu.exe
  C:\Windows\System\zvpyLQu.exe
  2⤵
  PID:5392
- C:\Windows\System\qrpPogX.exe
  C:\Windows\System\qrpPogX.exe
  2⤵
  PID:5416
- C:\Windows\System\dGqbQoZ.exe
  C:\Windows\System\dGqbQoZ.exe
  2⤵
  PID:5444
- C:\Windows\System\ikqWpCV.exe
  C:\Windows\System\ikqWpCV.exe
  2⤵
  PID:5460
- C:\Windows\System\KXdaeaI.exe
  C:\Windows\System\KXdaeaI.exe
  2⤵
  PID:5476
- C:\Windows\System\PVwZPhF.exe
  C:\Windows\System\PVwZPhF.exe
  2⤵
  PID:5524
- C:\Windows\System\gquQoHr.exe
  C:\Windows\System\gquQoHr.exe
  2⤵
  PID:5560
- C:\Windows\System\RIiwqUU.exe
  C:\Windows\System\RIiwqUU.exe
  2⤵
  PID:5624
- C:\Windows\System\eiPQhGz.exe
  C:\Windows\System\eiPQhGz.exe
  2⤵
  PID:5756
- C:\Windows\System\kactFXx.exe
  C:\Windows\System\kactFXx.exe
  2⤵
  PID:5808
- C:\Windows\System\XciTahZ.exe
  C:\Windows\System\XciTahZ.exe
  2⤵
  PID:5772
- C:\Windows\System\PKtHKRw.exe
  C:\Windows\System\PKtHKRw.exe
  2⤵
  PID:5816
- C:\Windows\System\clWKUJU.exe
  C:\Windows\System\clWKUJU.exe
  2⤵
  PID:5544
- C:\Windows\System\FKavOlH.exe
  C:\Windows\System\FKavOlH.exe
  2⤵
  PID:5608
- C:\Windows\System\UEtHstj.exe
  C:\Windows\System\UEtHstj.exe
  2⤵
  PID:5672
- C:\Windows\System\ihRWBgD.exe
  C:\Windows\System\ihRWBgD.exe
  2⤵
  PID:5880
- C:\Windows\System\asZFqET.exe
  C:\Windows\System\asZFqET.exe
  2⤵
  PID:5896
- C:\Windows\System\IxQXEnR.exe
  C:\Windows\System\IxQXEnR.exe
  2⤵
  PID:5844
- C:\Windows\System\gOPQGYL.exe
  C:\Windows\System\gOPQGYL.exe
  2⤵
  PID:5996
- C:\Windows\System\XHOQiRm.exe
  C:\Windows\System\XHOQiRm.exe
  2⤵
  PID:6036
- C:\Windows\System\tqHNKXV.exe
  C:\Windows\System\tqHNKXV.exe
  2⤵
  PID:5860
- C:\Windows\System\XpIBgHc.exe
  C:\Windows\System\XpIBgHc.exe
  2⤵
  PID:6120
- C:\Windows\System\zCogbTx.exe
  C:\Windows\System\zCogbTx.exe
  2⤵
  PID:6012
- C:\Windows\System\ETbngLQ.exe
  C:\Windows\System\ETbngLQ.exe
  2⤵
  PID:6060
- C:\Windows\System\OawUGfO.exe
  C:\Windows\System\OawUGfO.exe
  2⤵
  PID:6132
- C:\Windows\System\HleAAOG.exe
  C:\Windows\System\HleAAOG.exe
  2⤵
  PID:5940
- C:\Windows\System\oTSzzzP.exe
  C:\Windows\System\oTSzzzP.exe
  2⤵
  PID:5972
- C:\Windows\System\NRfakMV.exe
  C:\Windows\System\NRfakMV.exe
  2⤵
  PID:5148
- C:\Windows\System\YMdmvOV.exe
  C:\Windows\System\YMdmvOV.exe
  2⤵
  PID:5368
- C:\Windows\System\JPzrGFI.exe
  C:\Windows\System\JPzrGFI.exe
  2⤵
  PID:5184
- C:\Windows\System\UJnumum.exe
  C:\Windows\System\UJnumum.exe
  2⤵
  PID:5384
- C:\Windows\System\mhtiOip.exe
  C:\Windows\System\mhtiOip.exe
  2⤵
  PID:4728
- C:\Windows\System\QkiGyQK.exe
  C:\Windows\System\QkiGyQK.exe
  2⤵
  PID:5196
- C:\Windows\System\rXxtGob.exe
  C:\Windows\System\rXxtGob.exe
  2⤵
  PID:4388
- C:\Windows\System\IJBnuPg.exe
  C:\Windows\System\IJBnuPg.exe
  2⤵
  PID:4304
- C:\Windows\System\WSFnmMF.exe
  C:\Windows\System\WSFnmMF.exe
  2⤵
  PID:5408
- C:\Windows\System\kBEbTLW.exe
  C:\Windows\System\kBEbTLW.exe
  2⤵
  PID:5440
- C:\Windows\System\HdbKXKS.exe
  C:\Windows\System\HdbKXKS.exe
  2⤵
  PID:5464
- C:\Windows\System\XGcIdup.exe
  C:\Windows\System\XGcIdup.exe
  2⤵
  PID:5644
- C:\Windows\System\nbXfGrW.exe
  C:\Windows\System\nbXfGrW.exe
  2⤵
  PID:5828
- C:\Windows\System\yjvFnWy.exe
  C:\Windows\System\yjvFnWy.exe
  2⤵
  PID:5840
- C:\Windows\System\MwzOXYa.exe
  C:\Windows\System\MwzOXYa.exe
  2⤵
  PID:6112
- C:\Windows\System\nvpaBcQ.exe
  C:\Windows\System\nvpaBcQ.exe
  2⤵
  PID:5496
- C:\Windows\System\IHQCtWZ.exe
  C:\Windows\System\IHQCtWZ.exe
  2⤵
  PID:4660
- C:\Windows\System\ABugexT.exe
  C:\Windows\System\ABugexT.exe
  2⤵
  PID:5372
- C:\Windows\System\zLvrWzS.exe
  C:\Windows\System\zLvrWzS.exe
  2⤵
  PID:3880
- C:\Windows\System\QhUbbig.exe
  C:\Windows\System\QhUbbig.exe
  2⤵
  PID:5956
- C:\Windows\System\tBEZYnO.exe
  C:\Windows\System\tBEZYnO.exe
  2⤵
  PID:5908
- C:\Windows\System\oDkCygI.exe
  C:\Windows\System\oDkCygI.exe
  2⤵
  PID:5200
- C:\Windows\System\yeTtESX.exe
  C:\Windows\System\yeTtESX.exe
  2⤵
  PID:5520
- C:\Windows\System\ERzzPPi.exe
  C:\Windows\System\ERzzPPi.exe
  2⤵
  PID:5432
- C:\Windows\System\iEfebHq.exe
  C:\Windows\System\iEfebHq.exe
  2⤵
  PID:6124
- C:\Windows\System\MILeRQj.exe
  C:\Windows\System\MILeRQj.exe
  2⤵
  PID:5912
- C:\Windows\System\vdTaRHT.exe
  C:\Windows\System\vdTaRHT.exe
  2⤵
  PID:5596
- C:\Windows\System\xniCEee.exe
  C:\Windows\System\xniCEee.exe
  2⤵
  PID:5692
- C:\Windows\System\oeOVviw.exe
  C:\Windows\System\oeOVviw.exe
  2⤵
  PID:5580
- C:\Windows\System\zguoeFk.exe
  C:\Windows\System\zguoeFk.exe
  2⤵
  PID:5924
- C:\Windows\System\IPXiDnE.exe
  C:\Windows\System\IPXiDnE.exe
  2⤵
  PID:6056
- C:\Windows\System\lDLCAfC.exe
  C:\Windows\System\lDLCAfC.exe
  2⤵
  PID:5832
- C:\Windows\System\IPRKdFh.exe
  C:\Windows\System\IPRKdFh.exe
  2⤵
  PID:3600
- C:\Windows\System\XZgIxbK.exe
  C:\Windows\System\XZgIxbK.exe
  2⤵
  PID:5356
- C:\Windows\System\kAquxzg.exe
  C:\Windows\System\kAquxzg.exe
  2⤵
  PID:5380
- C:\Windows\System\JYovDWg.exe
  C:\Windows\System\JYovDWg.exe
  2⤵
  PID:5104
- C:\Windows\System\KaiXdst.exe
  C:\Windows\System\KaiXdst.exe
  2⤵
  PID:5740
- C:\Windows\System\zDxJwVd.exe
  C:\Windows\System\zDxJwVd.exe
  2⤵
  PID:6152
- C:\Windows\System\JVldbEX.exe
  C:\Windows\System\JVldbEX.exe
  2⤵
  PID:6168
- C:\Windows\System\UpiQalI.exe
  C:\Windows\System\UpiQalI.exe
  2⤵
  PID:6188
- C:\Windows\System\kAYnYEj.exe
  C:\Windows\System\kAYnYEj.exe
  2⤵
  PID:6204
- C:\Windows\System\oFoQAGA.exe
  C:\Windows\System\oFoQAGA.exe
  2⤵
  PID:6220
- C:\Windows\System\mMxyQCc.exe
  C:\Windows\System\mMxyQCc.exe
  2⤵
  PID:6240
- C:\Windows\System\PNeaqBd.exe
  C:\Windows\System\PNeaqBd.exe
  2⤵
  PID:6256
- C:\Windows\System\ZHtNNbL.exe
  C:\Windows\System\ZHtNNbL.exe
  2⤵
  PID:6272
- C:\Windows\System\dQVViyD.exe
  C:\Windows\System\dQVViyD.exe
  2⤵
  PID:6288
- C:\Windows\System\kMmzTgp.exe
  C:\Windows\System\kMmzTgp.exe
  2⤵
  PID:6304
- C:\Windows\System\QCScrEr.exe
  C:\Windows\System\QCScrEr.exe
  2⤵
  PID:6320
- C:\Windows\System\RmbtyQp.exe
  C:\Windows\System\RmbtyQp.exe
  2⤵
  PID:6336
- C:\Windows\System\KcdjsTP.exe
  C:\Windows\System\KcdjsTP.exe
  2⤵
  PID:6352
- C:\Windows\System\bLvgPkS.exe
  C:\Windows\System\bLvgPkS.exe
  2⤵
  PID:6368
- C:\Windows\System\VifnYhH.exe
  C:\Windows\System\VifnYhH.exe
  2⤵
  PID:6384
- C:\Windows\System\URHFHgt.exe
  C:\Windows\System\URHFHgt.exe
  2⤵
  PID:6400
- C:\Windows\System\JELUwDI.exe
  C:\Windows\System\JELUwDI.exe
  2⤵
  PID:6416
- C:\Windows\System\PDZOZdT.exe
  C:\Windows\System\PDZOZdT.exe
  2⤵
  PID:6432
- C:\Windows\System\wXIxzGR.exe
  C:\Windows\System\wXIxzGR.exe
  2⤵
  PID:6448
- C:\Windows\System\lcIdrdW.exe
  C:\Windows\System\lcIdrdW.exe
  2⤵
  PID:6464
- C:\Windows\System\JxBUBxv.exe
  C:\Windows\System\JxBUBxv.exe
  2⤵
  PID:6600
- C:\Windows\System\kyfYaGD.exe
  C:\Windows\System\kyfYaGD.exe
  2⤵
  PID:6616
- C:\Windows\System\KEvPOPt.exe
  C:\Windows\System\KEvPOPt.exe
  2⤵
  PID:6636
- C:\Windows\System\NfPQLkA.exe
  C:\Windows\System\NfPQLkA.exe
  2⤵
  PID:6652
- C:\Windows\System\MNhdxJd.exe
  C:\Windows\System\MNhdxJd.exe
  2⤵
  PID:6668
- C:\Windows\System\SUaeXYz.exe
  C:\Windows\System\SUaeXYz.exe
  2⤵
  PID:6692
- C:\Windows\System\BJrfTfb.exe
  C:\Windows\System\BJrfTfb.exe
  2⤵
  PID:6712
- C:\Windows\System\gUxRDmh.exe
  C:\Windows\System\gUxRDmh.exe
  2⤵
  PID:6728
- C:\Windows\System\uaTxpnS.exe
  C:\Windows\System\uaTxpnS.exe
  2⤵
  PID:6748
- C:\Windows\System\ExGFLiD.exe
  C:\Windows\System\ExGFLiD.exe
  2⤵
  PID:6772
- C:\Windows\System\crbqUDT.exe
  C:\Windows\System\crbqUDT.exe
  2⤵
  PID:6792
- C:\Windows\System\ReWfdMk.exe
  C:\Windows\System\ReWfdMk.exe
  2⤵
  PID:6812
- C:\Windows\System\MSZbHmF.exe
  C:\Windows\System\MSZbHmF.exe
  2⤵
  PID:6828
- C:\Windows\System\PhfqEWK.exe
  C:\Windows\System\PhfqEWK.exe
  2⤵
  PID:6848
- C:\Windows\System\vwuyVhA.exe
  C:\Windows\System\vwuyVhA.exe
  2⤵
  PID:6864
- C:\Windows\System\lutbDIa.exe
  C:\Windows\System\lutbDIa.exe
  2⤵
  PID:6888
- C:\Windows\System\EUmpUSG.exe
  C:\Windows\System\EUmpUSG.exe
  2⤵
  PID:6904
- C:\Windows\System\cRaUOhI.exe
  C:\Windows\System\cRaUOhI.exe
  2⤵
  PID:6920
- C:\Windows\System\UTNlNil.exe
  C:\Windows\System\UTNlNil.exe
  2⤵
  PID:6936
- C:\Windows\System\DiHjnbz.exe
  C:\Windows\System\DiHjnbz.exe
  2⤵
  PID:6956
- C:\Windows\System\SxeFWPC.exe
  C:\Windows\System\SxeFWPC.exe
  2⤵
  PID:6972
- C:\Windows\System\HxkyBCD.exe
  C:\Windows\System\HxkyBCD.exe
  2⤵
  PID:6996
- C:\Windows\System\eDUjNux.exe
  C:\Windows\System\eDUjNux.exe
  2⤵
  PID:7024
- C:\Windows\System\tjhpRhb.exe
  C:\Windows\System\tjhpRhb.exe
  2⤵
  PID:7040
- C:\Windows\System\CkmbPDr.exe
  C:\Windows\System\CkmbPDr.exe
  2⤵
  PID:7056
- C:\Windows\System\BICCczH.exe
  C:\Windows\System\BICCczH.exe
  2⤵
  PID:7072
- C:\Windows\System\xJRUkuY.exe
  C:\Windows\System\xJRUkuY.exe
  2⤵
  PID:7088
- C:\Windows\System\gmkJulw.exe
  C:\Windows\System\gmkJulw.exe
  2⤵
  PID:7104
- C:\Windows\System\aqSTEXJ.exe
  C:\Windows\System\aqSTEXJ.exe
  2⤵
  PID:7120
- C:\Windows\System\eltKsiI.exe
  C:\Windows\System\eltKsiI.exe
  2⤵
  PID:7136
- C:\Windows\System\klBiZZq.exe
  C:\Windows\System\klBiZZq.exe
  2⤵
  PID:7152
- C:\Windows\System\dKiGKpB.exe
  C:\Windows\System\dKiGKpB.exe
  2⤵
  PID:5436
- C:\Windows\System\lxDBKpc.exe
  C:\Windows\System\lxDBKpc.exe
  2⤵
  PID:6076
- C:\Windows\System\GEotJZq.exe
  C:\Windows\System\GEotJZq.exe
  2⤵
  PID:5456
- C:\Windows\System\FxDQxkV.exe
  C:\Windows\System\FxDQxkV.exe
  2⤵
  PID:5660
- C:\Windows\System\lWCZAst.exe
  C:\Windows\System\lWCZAst.exe
  2⤵
  PID:5340
- C:\Windows\System\ixZRvQt.exe
  C:\Windows\System\ixZRvQt.exe
  2⤵
  PID:5276
- C:\Windows\System\uUjxCNS.exe
  C:\Windows\System\uUjxCNS.exe
  2⤵
  PID:6176
- C:\Windows\System\gPqqjmG.exe
  C:\Windows\System\gPqqjmG.exe
  2⤵
  PID:6216
- C:\Windows\System\NdTXQMW.exe
  C:\Windows\System\NdTXQMW.exe
  2⤵
  PID:6284
- C:\Windows\System\MSqJXpk.exe
  C:\Windows\System\MSqJXpk.exe
  2⤵
  PID:6348
- C:\Windows\System\XmuKTVN.exe
  C:\Windows\System\XmuKTVN.exe
  2⤵
  PID:5228
- C:\Windows\System\UqEDwDy.exe
  C:\Windows\System\UqEDwDy.exe
  2⤵
  PID:6424
- C:\Windows\System\XRdYvww.exe
  C:\Windows\System\XRdYvww.exe
  2⤵
  PID:6160
- C:\Windows\System\aJbvSKK.exe
  C:\Windows\System\aJbvSKK.exe
  2⤵
  PID:6232
- C:\Windows\System\GMFtbQY.exe
  C:\Windows\System\GMFtbQY.exe
  2⤵
  PID:6328
- C:\Windows\System\wVIxVjl.exe
  C:\Windows\System\wVIxVjl.exe
  2⤵
  PID:6364
- C:\Windows\System\hdJOvSa.exe
  C:\Windows\System\hdJOvSa.exe
  2⤵
  PID:6456
- C:\Windows\System\JdBycnQ.exe
  C:\Windows\System\JdBycnQ.exe
  2⤵
  PID:6556
- C:\Windows\System\dueMGEy.exe
  C:\Windows\System\dueMGEy.exe
  2⤵
  PID:6480
- C:\Windows\System\AzxDvOR.exe
  C:\Windows\System\AzxDvOR.exe
  2⤵
  PID:6492
- C:\Windows\System\RedsjbO.exe
  C:\Windows\System\RedsjbO.exe
  2⤵
  PID:6512
- C:\Windows\System\WTVtbdl.exe
  C:\Windows\System\WTVtbdl.exe
  2⤵
  PID:6536
- C:\Windows\System\WcmEVJr.exe
  C:\Windows\System\WcmEVJr.exe
  2⤵
  PID:6560
- C:\Windows\System\WUnOqNz.exe
  C:\Windows\System\WUnOqNz.exe
  2⤵
  PID:6212
- C:\Windows\System\JpPRBEf.exe
  C:\Windows\System\JpPRBEf.exe
  2⤵
  PID:6592
- C:\Windows\System\UmtVamg.exe
  C:\Windows\System\UmtVamg.exe
  2⤵
  PID:6608
- C:\Windows\System\FTeOeNM.exe
  C:\Windows\System\FTeOeNM.exe
  2⤵
  PID:6648
- C:\Windows\System\cmIlFYU.exe
  C:\Windows\System\cmIlFYU.exe
  2⤵
  PID:6684
- C:\Windows\System\ZkHJodm.exe
  C:\Windows\System\ZkHJodm.exe
  2⤵
  PID:6664
- C:\Windows\System\GacObdF.exe
  C:\Windows\System\GacObdF.exe
  2⤵
  PID:6736
- C:\Windows\System\sIMjzTC.exe
  C:\Windows\System\sIMjzTC.exe
  2⤵
  PID:6764
- C:\Windows\System\wrjXKxC.exe
  C:\Windows\System\wrjXKxC.exe
  2⤵
  PID:6740
- C:\Windows\System\VyFVcsI.exe
  C:\Windows\System\VyFVcsI.exe
  2⤵
  PID:6840
- C:\Windows\System\YwZkNhX.exe
  C:\Windows\System\YwZkNhX.exe
  2⤵
  PID:6876
- C:\Windows\System\IqPjRuh.exe
  C:\Windows\System\IqPjRuh.exe
  2⤵
  PID:6780
- C:\Windows\System\OHCARaH.exe
  C:\Windows\System\OHCARaH.exe
  2⤵
  PID:6948
- C:\Windows\System\CbcTpia.exe
  C:\Windows\System\CbcTpia.exe
  2⤵
  PID:6988
- C:\Windows\System\ImKWMmN.exe
  C:\Windows\System\ImKWMmN.exe
  2⤵
  PID:6856
- C:\Windows\System\DwpXGeW.exe
  C:\Windows\System\DwpXGeW.exe
  2⤵
  PID:7184
- C:\Windows\System\CvgEUQi.exe
  C:\Windows\System\CvgEUQi.exe
  2⤵
  PID:7200
- C:\Windows\System\EVnPldO.exe
  C:\Windows\System\EVnPldO.exe
  2⤵
  PID:7224
- C:\Windows\System\XDqNcOV.exe
  C:\Windows\System\XDqNcOV.exe
  2⤵
  PID:7248
- C:\Windows\System\PKyCuoB.exe
  C:\Windows\System\PKyCuoB.exe
  2⤵
  PID:7268
- C:\Windows\System\RLHchnt.exe
  C:\Windows\System\RLHchnt.exe
  2⤵
  PID:7296
- C:\Windows\System\oLQsisG.exe
  C:\Windows\System\oLQsisG.exe
  2⤵
  PID:7320
- C:\Windows\System\pvTyhyu.exe
  C:\Windows\System\pvTyhyu.exe
  2⤵
  PID:7416
- C:\Windows\System\tFzCNkV.exe
  C:\Windows\System\tFzCNkV.exe
  2⤵
  PID:7476
- C:\Windows\System\LrsSWQH.exe
  C:\Windows\System\LrsSWQH.exe
  2⤵
  PID:7492
- C:\Windows\System\HwAJAov.exe
  C:\Windows\System\HwAJAov.exe
  2⤵
  PID:7508
- C:\Windows\System\nXuwnqR.exe
  C:\Windows\System\nXuwnqR.exe
  2⤵
  PID:7524
- C:\Windows\System\cpquMmB.exe
  C:\Windows\System\cpquMmB.exe
  2⤵
  PID:7544
- C:\Windows\System\yxSJkxX.exe
  C:\Windows\System\yxSJkxX.exe
  2⤵
  PID:7560
- C:\Windows\System\ztrfywc.exe
  C:\Windows\System\ztrfywc.exe
  2⤵
  PID:7576
- C:\Windows\System\wiwoVYG.exe
  C:\Windows\System\wiwoVYG.exe
  2⤵
  PID:7592
- C:\Windows\System\BEcYfjp.exe
  C:\Windows\System\BEcYfjp.exe
  2⤵
  PID:7608
- C:\Windows\System\ijoVrOd.exe
  C:\Windows\System\ijoVrOd.exe
  2⤵
  PID:7624
- C:\Windows\System\UQROoRt.exe
  C:\Windows\System\UQROoRt.exe
  2⤵
  PID:7640
- C:\Windows\System\hjSgKfO.exe
  C:\Windows\System\hjSgKfO.exe
  2⤵
  PID:7656
- C:\Windows\System\jMJydxP.exe
  C:\Windows\System\jMJydxP.exe
  2⤵
  PID:7672
- C:\Windows\System\XsmEEde.exe
  C:\Windows\System\XsmEEde.exe
  2⤵
  PID:7688
- C:\Windows\System\fzThFxN.exe
  C:\Windows\System\fzThFxN.exe
  2⤵
  PID:7704
- C:\Windows\System\ivnCzEr.exe
  C:\Windows\System\ivnCzEr.exe
  2⤵
  PID:7720
- C:\Windows\System\AjhvfOa.exe
  C:\Windows\System\AjhvfOa.exe
  2⤵
  PID:7736
- C:\Windows\System\wZFqqSl.exe
  C:\Windows\System\wZFqqSl.exe
  2⤵
  PID:7752
- C:\Windows\System\KZhBhvB.exe
  C:\Windows\System\KZhBhvB.exe
  2⤵
  PID:7768
- C:\Windows\System\PiJxico.exe
  C:\Windows\System\PiJxico.exe
  2⤵
  PID:7784
- C:\Windows\System\UqTAEpQ.exe
  C:\Windows\System\UqTAEpQ.exe
  2⤵
  PID:7800
- C:\Windows\System\zxzMLJi.exe
  C:\Windows\System\zxzMLJi.exe
  2⤵
  PID:7816
- C:\Windows\System\GlEOyil.exe
  C:\Windows\System\GlEOyil.exe
  2⤵
  PID:7832
- C:\Windows\System\HavUUTb.exe
  C:\Windows\System\HavUUTb.exe
  2⤵
  PID:7848
- C:\Windows\System\hQFfBzd.exe
  C:\Windows\System\hQFfBzd.exe
  2⤵
  PID:7864
- C:\Windows\System\DjeDfOI.exe
  C:\Windows\System\DjeDfOI.exe
  2⤵
  PID:7880
- C:\Windows\System\BpUObWT.exe
  C:\Windows\System\BpUObWT.exe
  2⤵
  PID:7896
- C:\Windows\System\SIusswl.exe
  C:\Windows\System\SIusswl.exe
  2⤵
  PID:7912
- C:\Windows\System\CvPWDMo.exe
  C:\Windows\System\CvPWDMo.exe
  2⤵
  PID:7928
- C:\Windows\System\JgwverR.exe
  C:\Windows\System\JgwverR.exe
  2⤵
  PID:7944
- C:\Windows\System\UcaGHuu.exe
  C:\Windows\System\UcaGHuu.exe
  2⤵
  PID:7960
- C:\Windows\System\WQRYsXz.exe
  C:\Windows\System\WQRYsXz.exe
  2⤵
  PID:7976
- C:\Windows\System\JULIGfu.exe
  C:\Windows\System\JULIGfu.exe
  2⤵
  PID:7992
- C:\Windows\System\vgSfDvZ.exe
  C:\Windows\System\vgSfDvZ.exe
  2⤵
  PID:8008
- C:\Windows\System\XsZgOPO.exe
  C:\Windows\System\XsZgOPO.exe
  2⤵
  PID:8024
- C:\Windows\System\rqAmima.exe
  C:\Windows\System\rqAmima.exe
  2⤵
  PID:8040
- C:\Windows\System\PkFrHMK.exe
  C:\Windows\System\PkFrHMK.exe
  2⤵
  PID:8056
- C:\Windows\System\QibSIrZ.exe
  C:\Windows\System\QibSIrZ.exe
  2⤵
  PID:8072
- C:\Windows\System\VcayPpo.exe
  C:\Windows\System\VcayPpo.exe
  2⤵
  PID:8092
- C:\Windows\System\IJBrwUc.exe
  C:\Windows\System\IJBrwUc.exe
  2⤵
  PID:8108
- C:\Windows\System\LqqgmiJ.exe
  C:\Windows\System\LqqgmiJ.exe
  2⤵
  PID:8124
- C:\Windows\System\PCNknAu.exe
  C:\Windows\System\PCNknAu.exe
  2⤵
  PID:8140
- C:\Windows\System\ndzsNLG.exe
  C:\Windows\System\ndzsNLG.exe
  2⤵
  PID:8156
- C:\Windows\System\nRyDKXV.exe
  C:\Windows\System\nRyDKXV.exe
  2⤵
  PID:8172
- C:\Windows\System\DzOkUHO.exe
  C:\Windows\System\DzOkUHO.exe
  2⤵
  PID:8188
- C:\Windows\System\GbUuKcC.exe
  C:\Windows\System\GbUuKcC.exe
  2⤵
  PID:7008
- C:\Windows\System\CGDCmrj.exe
  C:\Windows\System\CGDCmrj.exe
  2⤵
  PID:7036
- C:\Windows\System\pKNmVKg.exe
  C:\Windows\System\pKNmVKg.exe
  2⤵
  PID:7064
- C:\Windows\System\iSqCJRu.exe
  C:\Windows\System\iSqCJRu.exe
  2⤵
  PID:7132
- C:\Windows\System\hXfFAWe.exe
  C:\Windows\System\hXfFAWe.exe
  2⤵
  PID:6624
- C:\Windows\System\XOxbxoy.exe
  C:\Windows\System\XOxbxoy.exe
  2⤵
  PID:6148
- C:\Windows\System\IqVccie.exe
  C:\Windows\System\IqVccie.exe
  2⤵
  PID:5780
- C:\Windows\System\dyISiJn.exe
  C:\Windows\System\dyISiJn.exe
  2⤵
  PID:6396
- C:\Windows\System\lfAExBq.exe
  C:\Windows\System\lfAExBq.exe
  2⤵
  PID:6504
- C:\Windows\System\LmPSoJs.exe
  C:\Windows\System\LmPSoJs.exe
  2⤵
  PID:6588
- C:\Windows\System\uVJVTfG.exe
  C:\Windows\System\uVJVTfG.exe
  2⤵
  PID:6756
- C:\Windows\System\qesOIkx.exe
  C:\Windows\System\qesOIkx.exe
  2⤵
  PID:6884
- C:\Windows\System\jhHRYDs.exe
  C:\Windows\System\jhHRYDs.exe
  2⤵
  PID:7172
- C:\Windows\System\nIXTMLx.exe
  C:\Windows\System\nIXTMLx.exe
  2⤵
  PID:7212
- C:\Windows\System\JkapyOb.exe
  C:\Windows\System\JkapyOb.exe
  2⤵
  PID:7260
- C:\Windows\System\uTLFeEW.exe
  C:\Windows\System\uTLFeEW.exe
  2⤵
  PID:7308
- C:\Windows\System\hRaInzY.exe
  C:\Windows\System\hRaInzY.exe
  2⤵
  PID:6680
- C:\Windows\System\DjvGlZL.exe
  C:\Windows\System\DjvGlZL.exe
  2⤵
  PID:7284
- C:\Windows\System\ZRAMybM.exe
  C:\Windows\System\ZRAMybM.exe
  2⤵
  PID:6632
- C:\Windows\System\tuMsHhS.exe
  C:\Windows\System\tuMsHhS.exe
  2⤵
  PID:6872
- C:\Windows\System\aSLOBox.exe
  C:\Windows\System\aSLOBox.exe
  2⤵
  PID:6080
- C:\Windows\System\OEJipni.exe
  C:\Windows\System\OEJipni.exe
  2⤵
  PID:7240
- C:\Windows\System\XBXvYkf.exe
  C:\Windows\System\XBXvYkf.exe
  2⤵
  PID:7276
- C:\Windows\System\dZbJEVd.exe
  C:\Windows\System\dZbJEVd.exe
  2⤵
  PID:6360
- C:\Windows\System\SJRkUMW.exe
  C:\Windows\System\SJRkUMW.exe
  2⤵
  PID:7052
- C:\Windows\System\vTdcbrD.exe
  C:\Windows\System\vTdcbrD.exe
  2⤵
  PID:6496
- C:\Windows\System\XENiLJv.exe
  C:\Windows\System\XENiLJv.exe
  2⤵
  PID:6476
- C:\Windows\System\khHlQnA.exe
  C:\Windows\System\khHlQnA.exe
  2⤵
  PID:5424
- C:\Windows\System\dmhHnbg.exe
  C:\Windows\System\dmhHnbg.exe
  2⤵
  PID:7004
- C:\Windows\System\JHFncsp.exe
  C:\Windows\System\JHFncsp.exe
  2⤵
  PID:6928
- C:\Windows\System\nEIsPpF.exe
  C:\Windows\System\nEIsPpF.exe
  2⤵
  PID:4992
- C:\Windows\System\NcmXjgW.exe
  C:\Windows\System\NcmXjgW.exe
  2⤵
  PID:5428
- C:\Windows\System\kriyZoU.exe
  C:\Windows\System\kriyZoU.exe
  2⤵
  PID:7144
- C:\Windows\System\iDOSrjx.exe
  C:\Windows\System\iDOSrjx.exe
  2⤵
  PID:7380
- C:\Windows\System\ManjyCb.exe
  C:\Windows\System\ManjyCb.exe
  2⤵
  PID:7400
- C:\Windows\System\EeZlTNE.exe
  C:\Windows\System\EeZlTNE.exe
  2⤵
  PID:7412
- C:\Windows\System\pZReUUe.exe
  C:\Windows\System\pZReUUe.exe
  2⤵
  PID:7440
- C:\Windows\System\pmqrUkO.exe
  C:\Windows\System\pmqrUkO.exe
  2⤵
  PID:7456
- C:\Windows\System\wuAaMsS.exe
  C:\Windows\System\wuAaMsS.exe
  2⤵
  PID:7472
- C:\Windows\System\fXmkYSV.exe
  C:\Windows\System\fXmkYSV.exe
  2⤵
  PID:7536
- C:\Windows\System\vWHIwCf.exe
  C:\Windows\System\vWHIwCf.exe
  2⤵
  PID:7488
- C:\Windows\System\DUfLTHY.exe
  C:\Windows\System\DUfLTHY.exe
  2⤵
  PID:7604
- C:\Windows\System\mygixqb.exe
  C:\Windows\System\mygixqb.exe
  2⤵
  PID:7668
- C:\Windows\System\bgTDMcO.exe
  C:\Windows\System\bgTDMcO.exe
  2⤵
  PID:7552
- C:\Windows\System\aKXZawC.exe
  C:\Windows\System\aKXZawC.exe
  2⤵
  PID:7728
- C:\Windows\System\SGogCsO.exe
  C:\Windows\System\SGogCsO.exe
  2⤵
  PID:7684
- C:\Windows\System\zEvnnpJ.exe
  C:\Windows\System\zEvnnpJ.exe
  2⤵
  PID:7760
- C:\Windows\System\NkRjhQz.exe
  C:\Windows\System\NkRjhQz.exe
  2⤵
  PID:7716
- C:\Windows\System\gBOUcHY.exe
  C:\Windows\System\gBOUcHY.exe
  2⤵
  PID:7776
- C:\Windows\System\xaPMFmO.exe
  C:\Windows\System\xaPMFmO.exe
  2⤵
  PID:7856
- C:\Windows\System\FtyLdLi.exe
  C:\Windows\System\FtyLdLi.exe
  2⤵
  PID:7840
- C:\Windows\System\OzteqyV.exe
  C:\Windows\System\OzteqyV.exe
  2⤵
  PID:7920
- C:\Windows\System\bamSfwV.exe
  C:\Windows\System\bamSfwV.exe
  2⤵
  PID:7924
- C:\Windows\System\EEEsRQT.exe
  C:\Windows\System\EEEsRQT.exe
  2⤵
  PID:7988
- C:\Windows\System\FSPhGPM.exe
  C:\Windows\System\FSPhGPM.exe
  2⤵
  PID:8048
- C:\Windows\System\addGCNS.exe
  C:\Windows\System\addGCNS.exe
  2⤵
  PID:8120
- C:\Windows\System\iLckOIz.exe
  C:\Windows\System\iLckOIz.exe
  2⤵
  PID:8004
- C:\Windows\System\NmwKiZd.exe
  C:\Windows\System\NmwKiZd.exe
  2⤵
  PID:8068
- C:\Windows\System\JLsUFmI.exe
  C:\Windows\System\JLsUFmI.exe
  2⤵
  PID:8152
- C:\Windows\System\VVpKZyt.exe
  C:\Windows\System\VVpKZyt.exe
  2⤵
  PID:8168
- C:\Windows\System\gjtDSId.exe
  C:\Windows\System\gjtDSId.exe
  2⤵
  PID:7100
- C:\Windows\System\DjKuFKm.exe
  C:\Windows\System\DjKuFKm.exe
  2⤵
  PID:7128
- C:\Windows\System\ReAqdFN.exe
  C:\Windows\System\ReAqdFN.exe
  2⤵
  PID:6584
- C:\Windows\System\FXzPnje.exe
  C:\Windows\System\FXzPnje.exe
  2⤵
  PID:6280
- C:\Windows\System\RqfWHql.exe
  C:\Windows\System\RqfWHql.exe
  2⤵
  PID:6724
- C:\Windows\System\rthfPIC.exe
  C:\Windows\System\rthfPIC.exe
  2⤵
  PID:6820
- C:\Windows\System\fDUdsHg.exe
  C:\Windows\System\fDUdsHg.exe
  2⤵
  PID:6980
- C:\Windows\System\TuPUueg.exe
  C:\Windows\System\TuPUueg.exe
  2⤵
  PID:6528
- C:\Windows\System\BfQXPJh.exe
  C:\Windows\System\BfQXPJh.exe
  2⤵
  PID:6408
- C:\Windows\System\TkIJyLW.exe
  C:\Windows\System\TkIJyLW.exe
  2⤵
  PID:7232
- C:\Windows\System\cQfdpxV.exe
  C:\Windows\System\cQfdpxV.exe
  2⤵
  PID:6576
- C:\Windows\System\ChSnKVj.exe
  C:\Windows\System\ChSnKVj.exe
  2⤵
  PID:6932
- C:\Windows\System\WVZrFjq.exe
  C:\Windows\System\WVZrFjq.exe
  2⤵
  PID:6984
- C:\Windows\System\sRWNiDp.exe
  C:\Windows\System\sRWNiDp.exe
  2⤵
  PID:6568
- C:\Windows\System\rVkWqDE.exe
  C:\Windows\System\rVkWqDE.exe
  2⤵
  PID:7012
- C:\Windows\System\bCRAQdW.exe
  C:\Windows\System\bCRAQdW.exe
  2⤵
  PID:7384
- C:\Windows\System\YeDbFcS.exe
  C:\Windows\System\YeDbFcS.exe
  2⤵
  PID:7424
- C:\Windows\System\vIjTvMM.exe
  C:\Windows\System\vIjTvMM.exe
  2⤵
  PID:7448
- C:\Windows\System\ShITqAB.exe
  C:\Windows\System\ShITqAB.exe
  2⤵
  PID:7504
- C:\Windows\System\lUqAGRn.exe
  C:\Windows\System\lUqAGRn.exe
  2⤵
  PID:7568
- C:\Windows\System\QEUvtXx.exe
  C:\Windows\System\QEUvtXx.exe
  2⤵
  PID:7520
- C:\Windows\System\LXrkXHT.exe
  C:\Windows\System\LXrkXHT.exe
  2⤵
  PID:4272
- C:\Windows\System\PpVBUPH.exe
  C:\Windows\System\PpVBUPH.exe
  2⤵
  PID:7956
- C:\Windows\System\AOvZZav.exe
  C:\Windows\System\AOvZZav.exe
  2⤵
  PID:7432
- C:\Windows\System\WVHrWiq.exe
  C:\Windows\System\WVHrWiq.exe
  2⤵
  PID:7828
- C:\Windows\System\UZyKmSK.exe
  C:\Windows\System\UZyKmSK.exe
  2⤵
  PID:6784
- C:\Windows\System\bbYfUjt.exe
  C:\Windows\System\bbYfUjt.exe
  2⤵
  PID:7748
- C:\Windows\System\mtWlOdh.exe
  C:\Windows\System\mtWlOdh.exe
  2⤵
  PID:7940
- C:\Windows\System\JfYNbab.exe
  C:\Windows\System\JfYNbab.exe
  2⤵
  PID:8036
- C:\Windows\System\LtMenYu.exe
  C:\Windows\System\LtMenYu.exe
  2⤵
  PID:7020
- C:\Windows\System\xgCKrxm.exe
  C:\Windows\System\xgCKrxm.exe
  2⤵
  PID:8132
- C:\Windows\System\dDOEnbs.exe
  C:\Windows\System\dDOEnbs.exe
  2⤵
  PID:6552
- C:\Windows\System\wdnuBqS.exe
  C:\Windows\System\wdnuBqS.exe
  2⤵
  PID:6804
- C:\Windows\System\gIzlkeC.exe
  C:\Windows\System\gIzlkeC.exe
  2⤵
  PID:6836
- C:\Windows\System\eCuqLUC.exe
  C:\Windows\System\eCuqLUC.exe
  2⤵
  PID:7196
- C:\Windows\System\cYPsIVU.exe
  C:\Windows\System\cYPsIVU.exe
  2⤵
  PID:6964
- C:\Windows\System\yJJzuHM.exe
  C:\Windows\System\yJJzuHM.exe
  2⤵
  PID:5944
- C:\Windows\System\afecPmg.exe
  C:\Windows\System\afecPmg.exe
  2⤵
  PID:7080
- C:\Windows\System\peabIHn.exe
  C:\Windows\System\peabIHn.exe
  2⤵
  PID:7636
- C:\Windows\System\iaMDHAs.exe
  C:\Windows\System\iaMDHAs.exe
  2⤵
  PID:7600
- C:\Windows\System\OAiDdPf.exe
  C:\Windows\System\OAiDdPf.exe
  2⤵
  PID:7588
- C:\Windows\System\SxLMDgx.exe
  C:\Windows\System\SxLMDgx.exe
  2⤵
  PID:8020
- C:\Windows\System\qusbTOQ.exe
  C:\Windows\System\qusbTOQ.exe
  2⤵
  PID:7972
- C:\Windows\System\SpnxfNl.exe
  C:\Windows\System\SpnxfNl.exe
  2⤵
  PID:7164
- C:\Windows\System\lNZySaO.exe
  C:\Windows\System\lNZySaO.exe
  2⤵
  PID:8136
- C:\Windows\System\YjolWdi.exe
  C:\Windows\System\YjolWdi.exe
  2⤵
  PID:7180
- C:\Windows\System\gXsnusA.exe
  C:\Windows\System\gXsnusA.exe
  2⤵
  PID:6800
- C:\Windows\System\rTNfHdX.exe
  C:\Windows\System\rTNfHdX.exe
  2⤵
  PID:7908
- C:\Windows\System\ehSzeLT.exe
  C:\Windows\System\ehSzeLT.exe
  2⤵
  PID:7876
- C:\Windows\System\qxEghhH.exe
  C:\Windows\System\qxEghhH.exe
  2⤵
  PID:8184
- C:\Windows\System\dlZCLAE.exe
  C:\Windows\System\dlZCLAE.exe
  2⤵
  PID:6612
- C:\Windows\System\tgskZHJ.exe
  C:\Windows\System\tgskZHJ.exe
  2⤵
  PID:7904
- C:\Windows\System\NDsJWHh.exe
  C:\Windows\System\NDsJWHh.exe
  2⤵
  PID:7116
- C:\Windows\System\nEuCqMC.exe
  C:\Windows\System\nEuCqMC.exe
  2⤵
  PID:8208
- C:\Windows\System\KYGBbzZ.exe
  C:\Windows\System\KYGBbzZ.exe
  2⤵
  PID:8228
- C:\Windows\System\uvGOmNl.exe
  C:\Windows\System\uvGOmNl.exe
  2⤵
  PID:8244
- C:\Windows\System\TlTxKvf.exe
  C:\Windows\System\TlTxKvf.exe
  2⤵
  PID:8272
- C:\Windows\System\DKbThZC.exe
  C:\Windows\System\DKbThZC.exe
  2⤵
  PID:8288
- C:\Windows\System\iyjaRdt.exe
  C:\Windows\System\iyjaRdt.exe
  2⤵
  PID:8312
- C:\Windows\System\KbyirBt.exe
  C:\Windows\System\KbyirBt.exe
  2⤵
  PID:8344
- C:\Windows\System\NhENIgm.exe
  C:\Windows\System\NhENIgm.exe
  2⤵
  PID:8368
- C:\Windows\System\FsYWqnt.exe
  C:\Windows\System\FsYWqnt.exe
  2⤵
  PID:8384
- C:\Windows\System\McaLqpV.exe
  C:\Windows\System\McaLqpV.exe
  2⤵
  PID:8400
- C:\Windows\System\GujznSx.exe
  C:\Windows\System\GujznSx.exe
  2⤵
  PID:8416
- C:\Windows\System\qkGGnKf.exe
  C:\Windows\System\qkGGnKf.exe
  2⤵
  PID:8436
- C:\Windows\System\VrEKFsD.exe
  C:\Windows\System\VrEKFsD.exe
  2⤵
  PID:8456
- C:\Windows\System\sULKJCo.exe
  C:\Windows\System\sULKJCo.exe
  2⤵
  PID:8476
- C:\Windows\System\MuWflRC.exe
  C:\Windows\System\MuWflRC.exe
  2⤵
  PID:8492
- C:\Windows\System\vmKwMdl.exe
  C:\Windows\System\vmKwMdl.exe
  2⤵
  PID:8512
- C:\Windows\System\ZmgBqad.exe
  C:\Windows\System\ZmgBqad.exe
  2⤵
  PID:8540
- C:\Windows\System\eCLuPUN.exe
  C:\Windows\System\eCLuPUN.exe
  2⤵
  PID:8564
- C:\Windows\System\OPcZkya.exe
  C:\Windows\System\OPcZkya.exe
  2⤵
  PID:8580
- C:\Windows\System\qmyfRNs.exe
  C:\Windows\System\qmyfRNs.exe
  2⤵
  PID:8604
- C:\Windows\System\aIegfZf.exe
  C:\Windows\System\aIegfZf.exe
  2⤵
  PID:8636
- C:\Windows\System\waNzcSa.exe
  C:\Windows\System\waNzcSa.exe
  2⤵
  PID:8652
- C:\Windows\System\TtVMLeb.exe
  C:\Windows\System\TtVMLeb.exe
  2⤵
  PID:8672
- C:\Windows\System\WdZgAWT.exe
  C:\Windows\System\WdZgAWT.exe
  2⤵
  PID:8696
- C:\Windows\System\mrLSWhB.exe
  C:\Windows\System\mrLSWhB.exe
  2⤵
  PID:8720
- C:\Windows\System\NLqiVfb.exe
  C:\Windows\System\NLqiVfb.exe
  2⤵
  PID:8740
- C:\Windows\System\SbOADiQ.exe
  C:\Windows\System\SbOADiQ.exe
  2⤵
  PID:8760
- C:\Windows\System\ifQCluz.exe
  C:\Windows\System\ifQCluz.exe
  2⤵
  PID:8776
- C:\Windows\System\KqeIiqR.exe
  C:\Windows\System\KqeIiqR.exe
  2⤵
  PID:8800
- C:\Windows\System\QBOpYQm.exe
  C:\Windows\System\QBOpYQm.exe
  2⤵
  PID:8816
- C:\Windows\System\gMJsHsq.exe
  C:\Windows\System\gMJsHsq.exe
  2⤵
  PID:8832
- C:\Windows\System\AxthDaC.exe
  C:\Windows\System\AxthDaC.exe
  2⤵
  PID:8852
- C:\Windows\System\uXQnigv.exe
  C:\Windows\System\uXQnigv.exe
  2⤵
  PID:8880
- C:\Windows\System\nyQwKno.exe
  C:\Windows\System\nyQwKno.exe
  2⤵
  PID:8904
- C:\Windows\System\JyVEbLa.exe
  C:\Windows\System\JyVEbLa.exe
  2⤵
  PID:8920
- C:\Windows\System\yvpIVaK.exe
  C:\Windows\System\yvpIVaK.exe
  2⤵
  PID:8936
- C:\Windows\System\ocmQwQb.exe
  C:\Windows\System\ocmQwQb.exe
  2⤵
  PID:8960
- C:\Windows\System\zprAFUN.exe
  C:\Windows\System\zprAFUN.exe
  2⤵
  PID:8980
- C:\Windows\System\wYJharX.exe
  C:\Windows\System\wYJharX.exe
  2⤵
  PID:9000
- C:\Windows\System\OWqRPIc.exe
  C:\Windows\System\OWqRPIc.exe
  2⤵
  PID:9020
- C:\Windows\System\QbkZYST.exe
  C:\Windows\System\QbkZYST.exe
  2⤵
  PID:9040
- C:\Windows\System\pNJQSlt.exe
  C:\Windows\System\pNJQSlt.exe
  2⤵
  PID:9060
- C:\Windows\System\xaHmxnV.exe
  C:\Windows\System\xaHmxnV.exe
  2⤵
  PID:9104
- C:\Windows\System\EEiSJDw.exe
  C:\Windows\System\EEiSJDw.exe
  2⤵
  PID:9120
- C:\Windows\System\uClTwkU.exe
  C:\Windows\System\uClTwkU.exe
  2⤵
  PID:9136
- C:\Windows\System\tbeQsZy.exe
  C:\Windows\System\tbeQsZy.exe
  2⤵
  PID:9156
- C:\Windows\System\mvSeOPN.exe
  C:\Windows\System\mvSeOPN.exe
  2⤵
  PID:9176
- C:\Windows\System\rAnWvhc.exe
  C:\Windows\System\rAnWvhc.exe
  2⤵
  PID:9192
- C:\Windows\System\xjLOBXS.exe
  C:\Windows\System\xjLOBXS.exe
  2⤵
  PID:9208
- C:\Windows\System\nAoCrjV.exe
  C:\Windows\System\nAoCrjV.exe
  2⤵
  PID:8200
- C:\Windows\System\aAmDryB.exe
  C:\Windows\System\aAmDryB.exe
  2⤵
  PID:6200
- C:\Windows\System\DzxJscP.exe
  C:\Windows\System\DzxJscP.exe
  2⤵
  PID:8064
- C:\Windows\System\iRrbetQ.exe
  C:\Windows\System\iRrbetQ.exe
  2⤵
  PID:8084
- C:\Windows\System\kpyBVFm.exe
  C:\Windows\System\kpyBVFm.exe
  2⤵
  PID:8000
- C:\Windows\System\WRpKTRF.exe
  C:\Windows\System\WRpKTRF.exe
  2⤵
  PID:8240
- C:\Windows\System\VuPmwSZ.exe
  C:\Windows\System\VuPmwSZ.exe
  2⤵
  PID:8252
- C:\Windows\System\xOhjLNQ.exe
  C:\Windows\System\xOhjLNQ.exe
  2⤵
  PID:8304
- C:\Windows\System\zOILvem.exe
  C:\Windows\System\zOILvem.exe
  2⤵
  PID:8328
- C:\Windows\System\lHNAWat.exe
  C:\Windows\System\lHNAWat.exe
  2⤵
  PID:8376
- C:\Windows\System\dwBeFYc.exe
  C:\Windows\System\dwBeFYc.exe
  2⤵
  PID:8364
- C:\Windows\System\USaPsuk.exe
  C:\Windows\System\USaPsuk.exe
  2⤵
  PID:8520
- C:\Windows\System\fxYCrEa.exe
  C:\Windows\System\fxYCrEa.exe
  2⤵
  PID:8500
- C:\Windows\System\EIgfrSm.exe
  C:\Windows\System\EIgfrSm.exe
  2⤵
  PID:8548
- C:\Windows\System\AWZAYaP.exe
  C:\Windows\System\AWZAYaP.exe
  2⤵
  PID:8592
- C:\Windows\System\lFxiwrl.exe
  C:\Windows\System\lFxiwrl.exe
  2⤵
  PID:8620
- C:\Windows\System\psJyhDy.exe
  C:\Windows\System\psJyhDy.exe
  2⤵
  PID:8664
- C:\Windows\System\cMZNGge.exe
  C:\Windows\System\cMZNGge.exe
  2⤵
  PID:8532
- C:\Windows\System\ffNMaIB.exe
  C:\Windows\System\ffNMaIB.exe
  2⤵
  PID:8560
- C:\Windows\System\ISQBwxa.exe
  C:\Windows\System\ISQBwxa.exe
  2⤵
  PID:8784
- C:\Windows\System\ttlDFZR.exe
  C:\Windows\System\ttlDFZR.exe
  2⤵
  PID:8824
- C:\Windows\System\xYISzNn.exe
  C:\Windows\System\xYISzNn.exe
  2⤵
  PID:8840
- C:\Windows\System\HxcEaYy.exe
  C:\Windows\System\HxcEaYy.exe
  2⤵
  PID:8812
- C:\Windows\System\SRIytSU.exe
  C:\Windows\System\SRIytSU.exe
  2⤵
  PID:8872
- C:\Windows\System\RiLFnqb.exe
  C:\Windows\System\RiLFnqb.exe
  2⤵
  PID:8944
- C:\Windows\System\YQgmNuD.exe
  C:\Windows\System\YQgmNuD.exe
  2⤵
  PID:8896
- C:\Windows\System\LNcuauk.exe
  C:\Windows\System\LNcuauk.exe
  2⤵
  PID:8892
- C:\Windows\System\qUGBVGu.exe
  C:\Windows\System\qUGBVGu.exe
  2⤵
  PID:8968
- C:\Windows\System\rBUCAjq.exe
  C:\Windows\System\rBUCAjq.exe
  2⤵
  PID:9016
- C:\Windows\System\WOJrMEU.exe
  C:\Windows\System\WOJrMEU.exe
  2⤵
  PID:8900
- C:\Windows\System\nUHRlLK.exe
  C:\Windows\System\nUHRlLK.exe
  2⤵
  PID:9048
- C:\Windows\System\nwMrjJz.exe
  C:\Windows\System\nwMrjJz.exe
  2⤵
  PID:8708
- C:\Windows\System\UvlDCxT.exe
  C:\Windows\System\UvlDCxT.exe
  2⤵
  PID:9116
- C:\Windows\System\oycBCbm.exe
  C:\Windows\System\oycBCbm.exe
  2⤵
  PID:9152
- C:\Windows\System\jgFylDJ.exe
  C:\Windows\System\jgFylDJ.exe
  2⤵
  PID:9184
- C:\Windows\System\SZELhPs.exe
  C:\Windows\System\SZELhPs.exe
  2⤵
  PID:9068
- C:\Windows\System\EvhNZgf.exe
  C:\Windows\System\EvhNZgf.exe
  2⤵
  PID:7256
- C:\Windows\System\hrNBLmC.exe
  C:\Windows\System\hrNBLmC.exe
  2⤵
  PID:7664
- C:\Windows\System\XXUccjF.exe
  C:\Windows\System\XXUccjF.exe
  2⤵
  PID:6544
- C:\Windows\System\nGNCEGA.exe
  C:\Windows\System\nGNCEGA.exe
  2⤵
  PID:8296
- C:\Windows\System\araBcDY.exe
  C:\Windows\System\araBcDY.exe
  2⤵
  PID:9084
- C:\Windows\System\zOWveWL.exe
  C:\Windows\System\zOWveWL.exe
  2⤵
  PID:8324
- C:\Windows\System\obWxTeq.exe
  C:\Windows\System\obWxTeq.exe
  2⤵
  PID:8524
- C:\Windows\System\nmgBhDT.exe
  C:\Windows\System\nmgBhDT.exe
  2⤵
  PID:8596
- C:\Windows\System\OFSToVe.exe
  C:\Windows\System\OFSToVe.exe
  2⤵
  PID:8684
- C:\Windows\System\McuMKdA.exe
  C:\Windows\System\McuMKdA.exe
  2⤵
  PID:8576
- C:\Windows\System\WfWSBZl.exe
  C:\Windows\System\WfWSBZl.exe
  2⤵
  PID:8644
- C:\Windows\System\avazMym.exe
  C:\Windows\System\avazMym.exe
  2⤵
  PID:8728
- C:\Windows\System\ZdTKcSB.exe
  C:\Windows\System\ZdTKcSB.exe
  2⤵
  PID:8788
- C:\Windows\System\rpPnpTa.exe
  C:\Windows\System\rpPnpTa.exe
  2⤵
  PID:8864
- C:\Windows\System\ecjOnbh.exe
  C:\Windows\System\ecjOnbh.exe
  2⤵
  PID:8916
- C:\Windows\System\KQBSZbx.exe
  C:\Windows\System\KQBSZbx.exe
  2⤵
  PID:8996
- C:\Windows\System\HmDhVDg.exe
  C:\Windows\System\HmDhVDg.exe
  2⤵
  PID:9012
- C:\Windows\System\BOCNJHR.exe
  C:\Windows\System\BOCNJHR.exe
  2⤵
  PID:9052
- C:\Windows\System\xjPQDGj.exe
  C:\Windows\System\xjPQDGj.exe
  2⤵
  PID:9112
- C:\Windows\System\MgdwsSk.exe
  C:\Windows\System\MgdwsSk.exe
  2⤵
  PID:9200
- C:\Windows\System\wUwSZlW.exe
  C:\Windows\System\wUwSZlW.exe
  2⤵
  PID:7808
- C:\Windows\System\rQQLLbv.exe
  C:\Windows\System\rQQLLbv.exe
  2⤵
  PID:6268
- C:\Windows\System\QTiGLtc.exe
  C:\Windows\System\QTiGLtc.exe
  2⤵
  PID:9076
- C:\Windows\System\leKzsuX.exe
  C:\Windows\System\leKzsuX.exe
  2⤵
  PID:8356
- C:\Windows\System\jYnCYUW.exe
  C:\Windows\System\jYnCYUW.exe
  2⤵
  PID:8428
- C:\Windows\System\FyWlDjx.exe
  C:\Windows\System\FyWlDjx.exe
  2⤵
  PID:6660
- C:\Windows\System\eNAAwTS.exe
  C:\Windows\System\eNAAwTS.exe
  2⤵
  PID:8716
- C:\Windows\System\dSStpVg.exe
  C:\Windows\System\dSStpVg.exe
  2⤵
  PID:8768
- C:\Windows\System\YPJImcv.exe
  C:\Windows\System\YPJImcv.exe
  2⤵
  PID:8912
- C:\Windows\System\gQIGfMQ.exe
  C:\Windows\System\gQIGfMQ.exe
  2⤵
  PID:8972
- C:\Windows\System\saZvVva.exe
  C:\Windows\System\saZvVva.exe
  2⤵
  PID:9144
- C:\Windows\System\jjSQehM.exe
  C:\Windows\System\jjSQehM.exe
  2⤵
  PID:9204
- C:\Windows\System\TsMjefu.exe
  C:\Windows\System\TsMjefu.exe
  2⤵
  PID:8216
- C:\Windows\System\tmYYyjD.exe
  C:\Windows\System\tmYYyjD.exe
  2⤵
  PID:8340
- C:\Windows\System\cgMJKmG.exe
  C:\Windows\System\cgMJKmG.exe
  2⤵
  PID:8424
- C:\Windows\System\PADfieY.exe
  C:\Windows\System\PADfieY.exe
  2⤵
  PID:8796
- C:\Windows\System\ZWSJovh.exe
  C:\Windows\System\ZWSJovh.exe
  2⤵
  PID:8868
- C:\Windows\System\epwdSyJ.exe
  C:\Windows\System\epwdSyJ.exe
  2⤵
  PID:8116
- C:\Windows\System\pGyGOPb.exe
  C:\Windows\System\pGyGOPb.exe
  2⤵
  PID:8452
- C:\Windows\System\gYIFHLi.exe
  C:\Windows\System\gYIFHLi.exe
  2⤵
  PID:8488
- C:\Windows\System\VRMfcSk.exe
  C:\Windows\System\VRMfcSk.exe
  2⤵
  PID:8632
- C:\Windows\System\gcVFrIm.exe
  C:\Windows\System\gcVFrIm.exe
  2⤵
  PID:9008
- C:\Windows\System\OrlOGhK.exe
  C:\Windows\System\OrlOGhK.exe
  2⤵
  PID:5836
- C:\Windows\System\GLOuBow.exe
  C:\Windows\System\GLOuBow.exe
  2⤵
  PID:8736
- C:\Windows\System\bqXtjCA.exe
  C:\Windows\System\bqXtjCA.exe
  2⤵
  PID:8236
- C:\Windows\System\XXsiumh.exe
  C:\Windows\System\XXsiumh.exe
  2⤵
  PID:8528
- C:\Windows\System\LAIFcOS.exe
  C:\Windows\System\LAIFcOS.exe
  2⤵
  PID:8472
- C:\Windows\System\nDdxfVa.exe
  C:\Windows\System\nDdxfVa.exe
  2⤵
  PID:8572
- C:\Windows\System\HUXwIKE.exe
  C:\Windows\System\HUXwIKE.exe
  2⤵
  PID:9232
- C:\Windows\System\MovXUcE.exe
  C:\Windows\System\MovXUcE.exe
  2⤵
  PID:9248
- C:\Windows\System\TvqGwzz.exe
  C:\Windows\System\TvqGwzz.exe
  2⤵
  PID:9272
- C:\Windows\System\KiSktav.exe
  C:\Windows\System\KiSktav.exe
  2⤵
  PID:9300
- C:\Windows\System\JyLWgkq.exe
  C:\Windows\System\JyLWgkq.exe
  2⤵
  PID:9316
- C:\Windows\System\BokIvZC.exe
  C:\Windows\System\BokIvZC.exe
  2⤵
  PID:9332
- C:\Windows\System\FhLnYfY.exe
  C:\Windows\System\FhLnYfY.exe
  2⤵
  PID:9348
- C:\Windows\System\cqGCWgi.exe
  C:\Windows\System\cqGCWgi.exe
  2⤵
  PID:9364
- C:\Windows\System\ulxncvP.exe
  C:\Windows\System\ulxncvP.exe
  2⤵
  PID:9380
- C:\Windows\System\pkuMqVy.exe
  C:\Windows\System\pkuMqVy.exe
  2⤵
  PID:9396
- C:\Windows\System\tzsAWxJ.exe
  C:\Windows\System\tzsAWxJ.exe
  2⤵
  PID:9416
- C:\Windows\System\MBxOiqI.exe
  C:\Windows\System\MBxOiqI.exe
  2⤵
  PID:9432
- C:\Windows\System\kNulRhm.exe
  C:\Windows\System\kNulRhm.exe
  2⤵
  PID:9452
- C:\Windows\System\vyuvFvT.exe
  C:\Windows\System\vyuvFvT.exe
  2⤵
  PID:9488
- C:\Windows\System\QrVHTni.exe
  C:\Windows\System\QrVHTni.exe
  2⤵
  PID:9504
- C:\Windows\System\xDQkedr.exe
  C:\Windows\System\xDQkedr.exe
  2⤵
  PID:9520
- C:\Windows\System\MsSPoYn.exe
  C:\Windows\System\MsSPoYn.exe
  2⤵
  PID:9536
- C:\Windows\System\CGTDxSc.exe
  C:\Windows\System\CGTDxSc.exe
  2⤵
  PID:9556
- C:\Windows\System\bGWeQJo.exe
  C:\Windows\System\bGWeQJo.exe
  2⤵
  PID:9612
- C:\Windows\System\VXwsoQO.exe
  C:\Windows\System\VXwsoQO.exe
  2⤵
  PID:9628
- C:\Windows\System\ZMiKzOt.exe
  C:\Windows\System\ZMiKzOt.exe
  2⤵
  PID:9656
- C:\Windows\System\KDdNuKv.exe
  C:\Windows\System\KDdNuKv.exe
  2⤵
  PID:9684
- C:\Windows\System\uHJVHEN.exe
  C:\Windows\System\uHJVHEN.exe
  2⤵
  PID:9708
- C:\Windows\System\unhghTa.exe
  C:\Windows\System\unhghTa.exe
  2⤵
  PID:9724
- C:\Windows\System\YBTGeAJ.exe
  C:\Windows\System\YBTGeAJ.exe
  2⤵
  PID:9740
- C:\Windows\System\IAQxXHq.exe
  C:\Windows\System\IAQxXHq.exe
  2⤵
  PID:9756
- C:\Windows\System\jPZJTwE.exe
  C:\Windows\System\jPZJTwE.exe
  2⤵
  PID:9772
- C:\Windows\System\eaarbNj.exe
  C:\Windows\System\eaarbNj.exe
  2⤵
  PID:9788
- C:\Windows\System\hGEyaVz.exe
  C:\Windows\System\hGEyaVz.exe
  2⤵
  PID:9804
- C:\Windows\System\ARrzPvv.exe
  C:\Windows\System\ARrzPvv.exe
  2⤵
  PID:9820
- C:\Windows\System\GCPFSmQ.exe
  C:\Windows\System\GCPFSmQ.exe
  2⤵
  PID:9836
- C:\Windows\System\qywNDQJ.exe
  C:\Windows\System\qywNDQJ.exe
  2⤵
  PID:9852
- C:\Windows\System\DDxTizv.exe
  C:\Windows\System\DDxTizv.exe
  2⤵
  PID:9868
- C:\Windows\System\idvPFge.exe
  C:\Windows\System\idvPFge.exe
  2⤵
  PID:9884
- C:\Windows\System\uJzFbDG.exe
  C:\Windows\System\uJzFbDG.exe
  2⤵
  PID:9900
- C:\Windows\System\NETftnU.exe
  C:\Windows\System\NETftnU.exe
  2⤵
  PID:9916
- C:\Windows\System\QcGSYkY.exe
  C:\Windows\System\QcGSYkY.exe
  2⤵
  PID:9932
- C:\Windows\System\nXoSWev.exe
  C:\Windows\System\nXoSWev.exe
  2⤵
  PID:9948
- C:\Windows\System\oNILcpw.exe
  C:\Windows\System\oNILcpw.exe
  2⤵
  PID:9964
- C:\Windows\System\PUiiZkz.exe
  C:\Windows\System\PUiiZkz.exe
  2⤵
  PID:9980
- C:\Windows\System\ONJWlIR.exe
  C:\Windows\System\ONJWlIR.exe
  2⤵
  PID:9996
- C:\Windows\System\nUPoWdI.exe
  C:\Windows\System\nUPoWdI.exe
  2⤵
  PID:10012
- C:\Windows\System\HTkRmEp.exe
  C:\Windows\System\HTkRmEp.exe
  2⤵
  PID:10028
- C:\Windows\System\dpWAzdg.exe
  C:\Windows\System\dpWAzdg.exe
  2⤵
  PID:10044
- C:\Windows\System\XAWkuMv.exe
  C:\Windows\System\XAWkuMv.exe
  2⤵
  PID:10060
- C:\Windows\System\AhMTfWr.exe
  C:\Windows\System\AhMTfWr.exe
  2⤵
  PID:10076
- C:\Windows\System\BEGigzB.exe
  C:\Windows\System\BEGigzB.exe
  2⤵
  PID:10092
- C:\Windows\System\nGgdGlm.exe
  C:\Windows\System\nGgdGlm.exe
  2⤵
  PID:10108
- C:\Windows\System\Jvbuwlx.exe
  C:\Windows\System\Jvbuwlx.exe
  2⤵
  PID:10124
- C:\Windows\System\UKfnDzd.exe
  C:\Windows\System\UKfnDzd.exe
  2⤵
  PID:10140
- C:\Windows\System\MAkzAts.exe
  C:\Windows\System\MAkzAts.exe
  2⤵
  PID:10156
- C:\Windows\System\xhjGrhk.exe
  C:\Windows\System\xhjGrhk.exe
  2⤵
  PID:10172
- C:\Windows\System\NooBywF.exe
  C:\Windows\System\NooBywF.exe
  2⤵
  PID:10188
- C:\Windows\System\sQXohqe.exe
  C:\Windows\System\sQXohqe.exe
  2⤵
  PID:10204
- C:\Windows\System\VEESJgt.exe
  C:\Windows\System\VEESJgt.exe
  2⤵
  PID:10220
- C:\Windows\System\asUxmnK.exe
  C:\Windows\System\asUxmnK.exe
  2⤵
  PID:10236
- C:\Windows\System\fAekTKY.exe
  C:\Windows\System\fAekTKY.exe
  2⤵
  PID:8808
- C:\Windows\System\HfnVavh.exe
  C:\Windows\System\HfnVavh.exe
  2⤵
  PID:9288
- C:\Windows\System\RKEShjj.exe
  C:\Windows\System\RKEShjj.exe
  2⤵
  PID:9328
- C:\Windows\System\YAUOfud.exe
  C:\Windows\System\YAUOfud.exe
  2⤵
  PID:9392
- C:\Windows\System\upEKZFr.exe
  C:\Windows\System\upEKZFr.exe
  2⤵
  PID:9460
- C:\Windows\System\NQTuDHo.exe
  C:\Windows\System\NQTuDHo.exe
  2⤵
  PID:9256
- C:\Windows\System\LFoqdaK.exe
  C:\Windows\System\LFoqdaK.exe
  2⤵
  PID:9268
- C:\Windows\System\QWZorFI.exe
  C:\Windows\System\QWZorFI.exe
  2⤵
  PID:9308
- C:\Windows\System\dmjuFJi.exe
  C:\Windows\System\dmjuFJi.exe
  2⤵
  PID:9312
- C:\Windows\System\YMbtzQh.exe
  C:\Windows\System\YMbtzQh.exe
  2⤵
  PID:9376
- C:\Windows\System\pyUCaKd.exe
  C:\Windows\System\pyUCaKd.exe
  2⤵
  PID:9500
- C:\Windows\System\XnpSgZo.exe
  C:\Windows\System\XnpSgZo.exe
  2⤵
  PID:9440
- C:\Windows\System\azjhuVv.exe
  C:\Windows\System\azjhuVv.exe
  2⤵
  PID:8432
- C:\Windows\System\AKrdagW.exe
  C:\Windows\System\AKrdagW.exe
  2⤵
  PID:9568
- C:\Windows\System\ThjorWH.exe
  C:\Windows\System\ThjorWH.exe
  2⤵
  PID:9584
- C:\Windows\System\tPVGyBG.exe
  C:\Windows\System\tPVGyBG.exe
  2⤵
  PID:9668
- C:\Windows\System\ZiItjAr.exe
  C:\Windows\System\ZiItjAr.exe
  2⤵
  PID:9680
- C:\Windows\System\EiDlSjX.exe
  C:\Windows\System\EiDlSjX.exe
  2⤵
  PID:9752
- C:\Windows\System\VVkiQyo.exe
  C:\Windows\System\VVkiQyo.exe
  2⤵
  PID:9816
- C:\Windows\System\yyHazxc.exe
  C:\Windows\System\yyHazxc.exe
  2⤵
  PID:9700
- C:\Windows\System\dVKTwIy.exe
  C:\Windows\System\dVKTwIy.exe
  2⤵
  PID:9596
- C:\Windows\System\AdEUbiZ.exe
  C:\Windows\System\AdEUbiZ.exe
  2⤵
  PID:9876
- C:\Windows\System\FtHYvIy.exe
  C:\Windows\System\FtHYvIy.exe
  2⤵
  PID:9736
- C:\Windows\System\SsIPMfY.exe
  C:\Windows\System\SsIPMfY.exe
  2⤵
  PID:9800
- C:\Windows\System\xsEPtSe.exe
  C:\Windows\System\xsEPtSe.exe
  2⤵
  PID:9644
- C:\Windows\System\QwNOxhN.exe
  C:\Windows\System\QwNOxhN.exe
  2⤵
  PID:9860
- C:\Windows\System\wmQnsGt.exe
  C:\Windows\System\wmQnsGt.exe
  2⤵
  PID:9940
- C:\Windows\System\GRUiSAH.exe
  C:\Windows\System\GRUiSAH.exe
  2⤵
  PID:9928
- C:\Windows\System\WPmynVc.exe
  C:\Windows\System\WPmynVc.exe
  2⤵
  PID:10036
- C:\Windows\System\oFntJGE.exe
  C:\Windows\System\oFntJGE.exe
  2⤵
  PID:9956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BjPxhMb.exe

Filesize
6.0MB

MD5
1e1fd9d88ea4182d44d5a8816f4e0b9b

SHA1
d9b767570b58d5841ac865004183a549aff2a837

SHA256
3f673d575c09a32e539ed328d274a086eb331a382dd8bb9110cb17474869062f

SHA512
4bbd26a4eb1f585d9b6062f0069f66927cc6d7543562e9b8572aed3d5cc6dd0d534dd4dc57d2cb6885dee19a51195db18e1e1e92ff9a1f739ec60a13534b2d8b

Download Submit
C:\Windows\system\GuAqSjb.exe

Filesize
6.0MB

MD5
233cc6a220dc396e1b9e74c28e4c51f9

SHA1
177dbab5e141680e4908d78baed2d7e3de5745ff

SHA256
6e3b5d5051f9b6f461821dcd49dcc3009e6de1f703060321a6acba7a7fa4dd89

SHA512
7d12335207b417ee9a0066a36c6fc768355767035aab3c56ab21b25f3219c64af0e442c5980580f575cc8f84e66c340e110f39842ed39ba3d759701e6cbe5b0b

Download Submit
C:\Windows\system\HuwijCe.exe

Filesize
6.0MB

MD5
27beb1cb74ae1250e52b37418ff27a83

SHA1
964c590e2216857894fdbca199422d277b2bbd6d

SHA256
99dd961bbe94145555f78bfc82aa06828ab3126a627258d617ef4b12ce9f67f6

SHA512
c93c52c16bb89cc348be38567c18d17499ac2b0ccb4cdcf32b060887698ac5f4eafc6370b98f31b39e8812bff412e05a4a02af783e4fb9f5d689da37aedfb67b

Download Submit
C:\Windows\system\JghkoZk.exe

Filesize
6.0MB

MD5
b1e5abefbaced799b7c0bc0483d252e9

SHA1
6a8a0e3379d5987842a2a2cc1bea890a3c049627

SHA256
9f30e9b38fd70abe0fa5b10b4007af0d0b3262f0016f53d999136124313cd770

SHA512
9cabc7d4afba8de1f7a04ce1e5266a42bf2792ed97a20dd74179ebfa7e64473e67cdb769fea01c27c6bfc5ee56c8f610b083abbbcea995ce01753c8e80472707

Download Submit
C:\Windows\system\NMrRVHC.exe

Filesize
6.0MB

MD5
c8b3ff5a51beb4c83bc5a91be98f17f2

SHA1
470ebf03f591c7b2181871419b9ebbdfbb094181

SHA256
c8db2901ef4f81da8e8df0e97c82a5299c8a2385b16bd343764f6fc4164ca393

SHA512
83b59feee707d627eabc40ad890f0f96fe25745027685c96e134f7364fb816898152e251d2ded60c6a9db6d087360075f9f13873d9fa222666a8a473b14f139a

Download Submit
C:\Windows\system\PZhemcl.exe

Filesize
6.0MB

MD5
bdf86047cef554910f0af6ab91e3b05a

SHA1
4f0a721873bd958c37d29852ec8197eac09b8af2

SHA256
ddb2eda0209fec65881331b9ecc799365c4e5f4f7393c592b3efc790b4bf545e

SHA512
79b1816e16571a78ff5f0bd710431d59293c4286fdc4ee54fe57177d1b645b71b52ed32208db368da916e4c1edede514147c22bfdc9ae0852a4f9b5d0e1ceeb2

Download Submit
C:\Windows\system\RpbvwrM.exe

Filesize
6.0MB

MD5
1d43ef8afb4582ff41f922f708a0384f

SHA1
92bffab2b9fa322af114f59bd7059e041aacb5d9

SHA256
2dfa42f67fee54aa2e9a2a4e6ab027513ef496a07e269bfb64e14563f52ac563

SHA512
eaa0fab3480dc7a5701fc9ff57abbee8435dff1039ef55ee4661473a065acaf6a158ce0dee76e9a28b067d80ae3a262a84ef86f1674ba5ae4135801e30cb3140

Download Submit
C:\Windows\system\SbPCRsX.exe

Filesize
6.0MB

MD5
808e814d4db805b47586d61e420715f2

SHA1
31903fc288c622293453df5212c3240ec90332de

SHA256
cea167b2aa5340ef1c7e78199bb51de2fe280e49633a4890347379c78f710e77

SHA512
40996349b34869118d23e3eafce6c10faf351d7c86d27e031f5b26c3134ca0e20b2ef5c62bdb8d2e5416efaa15fe03d577e843904bf229d82e85e6971194c6bd

Download Submit
C:\Windows\system\UwZOlqp.exe

Filesize
6.0MB

MD5
0d2c9b0777a774813e57b22c37d925f1

SHA1
a91c2c684d7233d1e7e085cf4d77c256258a8a88

SHA256
81592bed1f67fd37983c35cde24df7a48d26c1db923e349b594858213ca0892d

SHA512
a74804e4331cd056188392028e766b709322722695e9c617fd73e98f53d508bacaa0bdc5f8bd78b9ab0075dc4b93a8ca85e813247246d8d522cc431efb0f940e

Download Submit
C:\Windows\system\WbfzVIK.exe

Filesize
6.0MB

MD5
2345ff234179df785df7ce955a6162ac

SHA1
cca462e8ee482b2113a8cd06f5bf211779b4c04d

SHA256
93387d37c0855a5ee2f27a229ee8ec0371952dd2854579c5d58706207a1205a4

SHA512
685ed184bce47109a67ca5360dfd3777f0bdb08b193069d25e205eec9aff864c514b7597a8ef7bb8e0d9a3e929f956f4d425c71566b5f2488514d4ccd1b3606c

Download Submit
C:\Windows\system\XcTgPqO.exe

Filesize
6.0MB

MD5
43ee9b3cc560020ca79e6eb76a11ad96

SHA1
2c09a645edb02107e1a67e30fec05b09754d4358

SHA256
d2da35dd77492cf8ede3db30cfdaf9211a7e77e22aa8bcd9b2676b350e1f3655

SHA512
005fd46f04e4d9e43d0c494c894774f7405003b3739c11db52d7ef19600afcf6a27cfd91d91ace6c6d3263a3aaba7b311fe58d5134729cc72c89911f8ae308ea

Download Submit
C:\Windows\system\XwzuvSd.exe

Filesize
6.0MB

MD5
51961a5c5cd9541a3a082090bc2471f2

SHA1
48b2a379225fd50ca1ff5f17413fce1f1769d444

SHA256
a9d3cf3bfe88b1064932e700defce87c35c84b9d5d107ee51d95597064fc8671

SHA512
40d64e258973ceac3ad458b753db4a159183262a789cc8b0d578cb89fbc9dc99fc567c84aa309cc2ce26d4d21e9569d1c5cb544c3031bdbdc1bcb858a8a4d869

Download Submit
C:\Windows\system\YUbJGtN.exe

Filesize
6.0MB

MD5
c07db8960dde303125b5a4c09a2de25f

SHA1
38f33f5d7030bfd36ff90329f62b663ac8bfbb03

SHA256
4a13ae46e2acb7d77ecf3ad9175b20b184fd58051243de05832204e5f64986bf

SHA512
d2f63ff522efe3a85925cd542bce81cbd67ad20fd30bdce5c5fbf03b27c03c2d30f8c01ec36bfe81abf24fb9482faedf0cf5e221c85ae71ed11668fc086d2117

Download Submit
C:\Windows\system\iVkLRcV.exe

Filesize
6.0MB

MD5
9473950615028196c5e7d8f31484bce5

SHA1
6d5c382cd64159d309d31ba2ffb7582050b491b6

SHA256
8666843f0df2892031abefe262f9f8170ad2c397318503df1ea1dd9734cc7bc3

SHA512
cbce2561685324848776743173df46c1a20b14333bae9500637226bee574330f5e4eaa3b0af05b30067f3c3ffd016cf8fa59e506c124f770f912ff832eb33c76

Download Submit
C:\Windows\system\iWlSCKf.exe

Filesize
6.0MB

MD5
ee345ba36115334a3a740b5fd1639128

SHA1
83a7077f79da91df377101df48559e9cc94c1980

SHA256
695dfc06c4512b6abce3ce5927c87a915d6e36cc25b7ec372a9af5e7e36d6120

SHA512
507e4c4e4bf06bae5e7a73d8f0d9c09b8ccab894c37ad8a841158671ec1bfe149cf92b5bb499a12dec937eeb69494ef7e095e47de9041455da6cdca46b598a91

Download Submit
C:\Windows\system\ihtggmZ.exe

Filesize
6.0MB

MD5
7e91f3cfb143b09f94ae3ff2b7a91162

SHA1
4e223c60b3bf12fef051fa53d84ba212760c2c09

SHA256
d78bd78fe7c8e5f4c139ffeea63a1bfa99c1eaf7c423140e19e9c737596864c5

SHA512
6b94652d113de84a3a00d28a2d29ed8fe578157659d731b915ec7be36d5e0b9656bb7399a3cdc84f1cf1f182e2ae08ac6ed1d6047e483aca1b4fb4eb68fc4c14

Download Submit
C:\Windows\system\jebyMHr.exe

Filesize
8B

MD5
a6acf608ab3602e5d1f53f3ca0bdfb50

SHA1
600f894957c8d4d9da04b42c0c077c37af7ecc22

SHA256
e3fc0884a8547c028c51e810e8592d6834ce191504aca4f2bf9b42c70beac917

SHA512
e87258ceb01c1918239b1a9fac823665df97cd0413c512b0fdff3451ca1345a5d527523b3476ec8c10318fa2336ce182e4b65d9a9ce0a587973280b578d94b43

Download Submit
C:\Windows\system\mbqBCQy.exe

Filesize
6.0MB

MD5
ee41b0b81e101478d1c7dc80b19b4fad

SHA1
bc76cfb164ab4eeded15e4d8d951b3d024397f1e

SHA256
7fc58473e450985567ea6eaf59911691fe8b1fd984f875bd72a0b9b2038c5c8a

SHA512
e9c58c0dde248a8e25ff71a58d8068b5dd9f58a6eed63e0f58eedec32ef18a4e7590e3ccd10774f0e6586da81e31103c38c1884390e5a3f1cc84ff6775d92370

Download Submit
C:\Windows\system\mrwsOYK.exe

Filesize
6.0MB

MD5
16d2c144e2bce3087864f69c12c90bce

SHA1
362bcbba0f9912e53b3039512fdb4dca041f58e3

SHA256
30ce7efd0005ac1986b75ec7d4d867b3703abd8c7db9b2954c944c4ec42ff9a7

SHA512
616ee1980844e26712d6cedc67aa67da0649790d2c3d70dee98db066e2d2665e999d0d0d70436fc3b22cb4bd835cb491b6617244f0e9d8986f5d731fdf2ff576

Download Submit
C:\Windows\system\nmGScXZ.exe

Filesize
6.0MB

MD5
43ae30c548fc85f7e40a4d8f1b4f3514

SHA1
2562e44935d3e5f4446b05d7c1ebca65064b2d5a

SHA256
c3f7c577407d0a2644e1c1f52d2bcf69e5459164b3c3e127d9ed517aac5828b7

SHA512
2ce1643b3f1837b178bcf3c7119460e39cee8b2a89e915ae262354cb5dd0adf765688e429fc1114dabf37ec11344577a2a10ceb12b43e4662819758669e7c50f

Download Submit
C:\Windows\system\oGFSVsI.exe

Filesize
6.0MB

MD5
39803fa20cb67d1351670e39468116b0

SHA1
c224a5a40cd424c178d1c1d7868f5d05752c49d9

SHA256
f85df7a783cb17bb6bab93e47e14ed07daf993838966092548ecef5b156cedbe

SHA512
b9716d0cbdac5917483dffcc9656b5db26246d3c4e5ed317afacd50be6f098568e6232c3c729014a3451e76eb91e20e36dfe375adf8f01993910d6d5c00277a6

Download Submit
C:\Windows\system\ozNSBHm.exe

Filesize
6.0MB

MD5
391d1d81def9fcd46abcc43f9b6071b6

SHA1
f558b844aa687cf1afc7a7ebb60a65063cd0e657

SHA256
9c7e5c11bd327332742bf91e254df6e11310265a5cfdb5c07ca8501d7292da30

SHA512
e5ab1c5f5a575b096c64a04f8951e90f90d68a78b6e75e872d629cba451c6b94bccd75a6a79ab04f58ec69428cb6417655a69f0bf63b6b73f59f8435fbcddd6c

Download Submit
C:\Windows\system\qPJPjNG.exe

Filesize
6.0MB

MD5
f56ab43b5a416b3b2150d2677be5aea0

SHA1
d9314ed636d1382a3883cd952b209d7e56f7a63a

SHA256
1336929e43da968ec1231ecc6b647a291dd6cd811d52a9cf33f3c0abefda334b

SHA512
a3268b2e6e569f75be21701cbfda0aed362ac12f164fed28260b612d9785a7566219c6f875d0df2c67f00b96085b7d77b1ce90952c8111b9647366330134440a

Download Submit
C:\Windows\system\tWTzvLd.exe

Filesize
6.0MB

MD5
2aab668f794e2131de9a7744b2724014

SHA1
9ad3c475b8e6a23b892ade95a59a0a08418e53aa

SHA256
b9bd911325eb1045b3176dc0c6ddd57255816d546676bb71c6586a089ebaf14a

SHA512
cae7d4c6637eb0cbac89ef11b4f95b93acdcae991c0e8d376dc9d7ae0cc9f2c82c2548873505fbd48182c1d57ae41592723fb0682d0845220515971a501e35d4

Download Submit
C:\Windows\system\ufzacxP.exe

Filesize
6.0MB

MD5
298bd6bdc2f5923b2838cbd450aa021d

SHA1
0a907ad3110fc3860f72679470ecf452abd2d0a3

SHA256
470926ab772e106647f953e083aa976425fe572cef79ae9cd720abc6342ba4a2

SHA512
ba526743001e59407cb1e748fdc4227b19c0f6da06f4c86e7b4b6f48978f72a7024376f41d9fd35c191cbe0e7f5716f361e54d4e6335fb2c3edef4a3bc882aa6

Download Submit
C:\Windows\system\ukGLEzt.exe

Filesize
6.0MB

MD5
33aead8eba1dc1135030f41e73d42cf5

SHA1
65039dd7ced3267c62571d10980461e5ed2736df

SHA256
331eea2a7a94ffb2a39b14a66704d12530a67f24de7a3e5c46f26b0e0520d46a

SHA512
1b86274cd5374ff620cb0a50a236a52c39842d7aebb1074400de6b2c82e2133f4e4c772d1d8e71b403a1ccb577ab6957e4419ae608aa23b73be48167dfeadc08

Download Submit
C:\Windows\system\wpwARdx.exe

Filesize
6.0MB

MD5
923fa0da65f5bb58b72b41e9dab11677

SHA1
1cab646cd82e81f129f451cc1d187b935bd3829c

SHA256
a4766212e5bc10208e695b98dbd26f1c67954c7041df75312267295bad9d505e

SHA512
9e4a37a517b07884ab4d3490c8cc143d245f6c9e3b4ca5ed509cfefb56cf227fbf777b031581da2f69270a258224bcf0a928823a8a447dcb3d4ff6780cddca50

Download Submit
C:\Windows\system\zUFMCRy.exe

Filesize
6.0MB

MD5
f30b49b4ce3f449a6ed9e20e8867dbdd

SHA1
ee13f415129d7d089477f1eeb9a0929086b437e9

SHA256
b3ddbe442ce3ae04af1326deeead6affd84a59a9dc0e37fae4eacbd1eb5bece7

SHA512
efedf7aa3e55c659af83893c2d38a90cd414dee3d64c8b3a407cdb7a22a7f868424d3843073e5ac279125d7d65d8674b149f348399e3f208be5f571bf6cf6e1a

Download Submit
C:\Windows\system\zZdEYDs.exe

Filesize
6.0MB

MD5
23cc6f5ddffb13542751260324c91ea3

SHA1
7729d68f0307e6fdfa6d7cc84d847987ffccc360

SHA256
52532479fc189c8392ec7660b4f4fffc5830ba58dc493a6b235317dfa1f5cf6e

SHA512
946171ff226a72b5e0cbc63dad975b0f09bd9d51f2b0dc57b7846737829aa2e6301c8c757cbd73ca447dac0a2b231ffe41c56c579463f6d45b5e6cf8ba994f62

Download Submit
\Windows\system\PTjSjZO.exe

Filesize
6.0MB

MD5
3715aacd10177cf4751e36c80649ec9d

SHA1
46c24fe7ee2b7cd1aa7529195ad9fd1167458dd7

SHA256
849de4e3ccc9e739b23a3531aa73eff00be6476b8b656ebb80d984931eee00aa

SHA512
b65857d5f85df1cfb2e4c94d9e70fb3da1dc29af2e26241137c33af21839c0b815f052475698f8e11ec8cffe17d4ce4cb1d116174dacd49452c34831e5f221ae

Download Submit
\Windows\system\TMFRskc.exe

Filesize
6.0MB

MD5
88d392a5a5f6aca7eab8e16747469afe

SHA1
beb4da6f28ed06bc4d012b06df806a1c86b83c4c

SHA256
2f631e191775a8065f96dfd57a69553b770d05da3b929497d3f63cfe4aac5955

SHA512
f8bd9c4c9340b197178a1019efceecd0778755606374d6001553c91a59b109374f3fd82a01a78bcb0e00d0d99fe631981bd8d6e17ee17849d50c25b3af0c9c31

Download Submit
\Windows\system\oLTTPBg.exe

Filesize
6.0MB

MD5
e282baf58c5e54c998f47f0ffccb3310

SHA1
c5ef8c94656676bf5cc2de35fbe2e535ef22065a

SHA256
121fccb785f06e0aced14c7d7da29d04a93fa6befa891b4b119bbde22b372cd9

SHA512
3a81ebb53fc02f6738236bf4881f6721baefea07a2df281b0ca76c0fdd80db4d441e5b8ba2af13644ea981496a6cc9a27bba097bbf9d1342c5dea0bd47d9da4c

Download Submit
\Windows\system\rFQSQkY.exe

Filesize
6.0MB

MD5
fc2a78f64c9af17a24172b662319b307

SHA1
74f8cc3df90f56cba445d3aa35e508ad4d0edf20

SHA256
278f12879f2b10286e28085ffed2422ddf870f0b3eb43c93ab6491bcba7441c1

SHA512
a5a9b96c1d6737b163c4aee93f893636c2da32c21cfeae815439b337c653c386612cb1ae60321098a1495ef00b4fcc601457001c366bea41ee00c90dd0d76f9b

Download Submit
memory/1868-2710-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1868-861-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2416-2675-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-283-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-2670-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-182-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2464-264-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2496-285-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2496-2688-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2556-226-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-2669-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-2686-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2628-2557-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2628-53-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2692-190-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-2681-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2636-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2772-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-291-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2700-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2700-272-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-192-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-398-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-201-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-858-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2700-875-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-868-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2700-871-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2687-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-864-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2426-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2695-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2551-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-188-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2697-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2701-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2637-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2769-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2635-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2661-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2700-243-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2700-284-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2700-55-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2774-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-0-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2689-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2700-6-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2705-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-290-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-2726-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-2676-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-198-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-856-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2784-2711-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2788-294-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2788-2718-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2715-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2633-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-54-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-2552-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/3048-2638-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/3048-12-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download