cobaltstrike | 3ac38ce414f901aa980f3c153989168241e1aa1da79d6a68ac2ddb4c679d172c

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

6db0494f2e2e339de46a7661f0786024
SHA1

cb83f3528954c2f0e017ed22837a69ee624b41f3
SHA256

3ac38ce414f901aa980f3c153989168241e1aa1da79d6a68ac2ddb4c679d172c
SHA512

bf59de8ffecb9ff909639e71e2254cf525a7be38fb81d9a9db94c1ae36ec9d0fe3c3131f59b4c11cde988743d64045d8cecd5a8f76f152b7ee329b640f1d129c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUL:T+q56utgpPF8u/7L

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a0000000120d6-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015689-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015697-12.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000156b8-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ccf-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ce4-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cfd-36.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d0a-38.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016399-60.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000164de-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ca0-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d22-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d73-128.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd9-138.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f02-160.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edc-157.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df5-150.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df8-154.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de9-144.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd5-135.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d68-120.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4c-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cf0-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cab-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c89-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016b86-85.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016890-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016689-75.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001660e-70.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000162e4-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016141-50.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d15-45.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/1708-0-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x000a0000000120d6-3.dat	xmrig
behavioral1/files/0x0009000000015689-8.dat	xmrig
behavioral1/files/0x0008000000015697-12.dat	xmrig
behavioral1/files/0x00080000000156b8-21.dat	xmrig
behavioral1/files/0x0007000000015ccf-26.dat	xmrig
behavioral1/files/0x0007000000015ce4-30.dat	xmrig
behavioral1/files/0x0007000000015cfd-36.dat	xmrig
behavioral1/files/0x0008000000015d0a-38.dat	xmrig
behavioral1/files/0x0006000000016399-60.dat	xmrig
behavioral1/files/0x00060000000164de-65.dat	xmrig
behavioral1/files/0x0006000000016ca0-95.dat	xmrig
behavioral1/files/0x0006000000016d22-110.dat	xmrig
behavioral1/files/0x0006000000016d73-128.dat	xmrig
behavioral1/files/0x0006000000016dd9-138.dat	xmrig
behavioral1/files/0x0006000000016f02-160.dat	xmrig
behavioral1/memory/3004-542-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/1268-556-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2672-554-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/1708-1929-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2616-552-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2712-550-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/1880-548-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2636-546-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2476-544-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2704-540-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2840-538-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2728-536-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2244-534-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2340-532-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/1808-530-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016edc-157.dat	xmrig
behavioral1/files/0x0006000000016df5-150.dat	xmrig
behavioral1/files/0x0006000000016df8-154.dat	xmrig
behavioral1/files/0x0006000000016de9-144.dat	xmrig
behavioral1/files/0x0006000000016dd5-135.dat	xmrig
behavioral1/files/0x0006000000016d68-120.dat	xmrig
behavioral1/files/0x0006000000016d6f-125.dat	xmrig
behavioral1/files/0x0006000000016d4c-115.dat	xmrig
behavioral1/files/0x0006000000016cf0-105.dat	xmrig
behavioral1/files/0x0006000000016cab-100.dat	xmrig
behavioral1/files/0x0006000000016c89-90.dat	xmrig
behavioral1/files/0x0006000000016b86-85.dat	xmrig
behavioral1/files/0x0006000000016890-80.dat	xmrig
behavioral1/files/0x0006000000016689-75.dat	xmrig
behavioral1/files/0x000600000001660e-70.dat	xmrig
behavioral1/files/0x00060000000162e4-55.dat	xmrig
behavioral1/files/0x0006000000016141-50.dat	xmrig
behavioral1/files/0x0008000000015d15-45.dat	xmrig
behavioral1/memory/2728-3929-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2840-3948-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2672-3946-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2712-3939-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/1808-3938-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/3004-3937-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2244-3936-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2616-3935-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/1880-3934-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2476-3933-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/1268-3932-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2704-3931-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2340-3930-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2636-4165-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1268	cKwrawt.exe
1808	SlrmyCE.exe
2340	wkjkQke.exe
2244	uSWxWSD.exe
2728	HCIzmOw.exe
2840	gglSZsE.exe
2704	bfmPAVZ.exe
3004	SHNKsUZ.exe
2476	dkgPWfc.exe
2636	dEhMtGp.exe
1880	TdfbTVC.exe
2712	MOLxlLQ.exe
2616	vUYpEmA.exe
2672	CqBfMao.exe
2284	gtGUkLO.exe
2176	qzICnEQ.exe
1236	aAzRssE.exe
1548	IGJRnXp.exe
2940	ouzszax.exe
1120	eWXVtlj.exe
636	cYFROPw.exe
2844	eVswRxS.exe
264	yhzYmWI.exe
2364	BYZOYVq.exe
2020	WSolIyo.exe
1796	kEYDEhH.exe
2144	qBMNpeY.exe
3032	ENPqQoF.exe
920	RgNrGyN.exe
2472	iOwUCbQ.exe
1948	SWAkpbs.exe
2516	bHSQOEy.exe
1332	niZHbmX.exe
1400	hGVJWXs.exe
2980	fKrxXCN.exe
1676	XqqrEGp.exe
608	xdCUkuJ.exe
1696	UNNRosz.exe
1632	gvYSimT.exe
2932	bndpXoK.exe
896	zmsllhm.exe
2456	ezyXSkB.exe
1648	OyMkXFU.exe
1936	VeXPQCR.exe
1840	EaaynAb.exe
560	PbReAkT.exe
1836	WjkrsoP.exe
2544	FKnBdhr.exe
1744	rzBmncO.exe
800	zrHeqsb.exe
892	aqMhqVs.exe
1660	IzPVguY.exe
2524	nQejkHw.exe
1772	jLnoVwS.exe
2216	ectykXo.exe
2748	kdUDEgi.exe
1152	lDRebXA.exe
1608	pnJPCZQ.exe
2644	yKiSARH.exe
1784	xcWjHuQ.exe
2800	UCxJQpr.exe
2884	MlXAqSR.exe
2736	fNfgLiE.exe
2308	stZSIbR.exe

Loads dropped DLL 64 IoCs

pid	Process
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1708-0-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x000a0000000120d6-3.dat	upx
behavioral1/files/0x0009000000015689-8.dat	upx
behavioral1/files/0x0008000000015697-12.dat	upx
behavioral1/files/0x00080000000156b8-21.dat	upx
behavioral1/files/0x0007000000015ccf-26.dat	upx
behavioral1/files/0x0007000000015ce4-30.dat	upx
behavioral1/files/0x0007000000015cfd-36.dat	upx
behavioral1/files/0x0008000000015d0a-38.dat	upx
behavioral1/files/0x0006000000016399-60.dat	upx
behavioral1/files/0x00060000000164de-65.dat	upx
behavioral1/files/0x0006000000016ca0-95.dat	upx
behavioral1/files/0x0006000000016d22-110.dat	upx
behavioral1/files/0x0006000000016d73-128.dat	upx
behavioral1/files/0x0006000000016dd9-138.dat	upx
behavioral1/files/0x0006000000016f02-160.dat	upx
behavioral1/memory/3004-542-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/1268-556-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2672-554-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/1708-1929-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2616-552-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2712-550-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/1880-548-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2636-546-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2476-544-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2704-540-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2840-538-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2728-536-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2244-534-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2340-532-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/1808-530-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x0006000000016edc-157.dat	upx
behavioral1/files/0x0006000000016df5-150.dat	upx
behavioral1/files/0x0006000000016df8-154.dat	upx
behavioral1/files/0x0006000000016de9-144.dat	upx
behavioral1/files/0x0006000000016dd5-135.dat	upx
behavioral1/files/0x0006000000016d68-120.dat	upx
behavioral1/files/0x0006000000016d6f-125.dat	upx
behavioral1/files/0x0006000000016d4c-115.dat	upx
behavioral1/files/0x0006000000016cf0-105.dat	upx
behavioral1/files/0x0006000000016cab-100.dat	upx
behavioral1/files/0x0006000000016c89-90.dat	upx
behavioral1/files/0x0006000000016b86-85.dat	upx
behavioral1/files/0x0006000000016890-80.dat	upx
behavioral1/files/0x0006000000016689-75.dat	upx
behavioral1/files/0x000600000001660e-70.dat	upx
behavioral1/files/0x00060000000162e4-55.dat	upx
behavioral1/files/0x0006000000016141-50.dat	upx
behavioral1/files/0x0008000000015d15-45.dat	upx
behavioral1/memory/2728-3929-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2840-3948-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2672-3946-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2712-3939-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/1808-3938-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/3004-3937-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2244-3936-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2616-3935-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/1880-3934-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2476-3933-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/1268-3932-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2704-3931-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2340-3930-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2636-4165-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ODRKKew.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDmIBvD.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ilhXxpn.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zniznmu.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iHZOjHF.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mlFjYMo.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SHNKsUZ.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rzBmncO.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jLIwfgH.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KSSGnQU.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eUVBPDS.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\stdeIsm.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kgcGiWN.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JeWhHOc.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdDPEsP.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yQsUWJW.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Qkdeyoh.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AytfMjl.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WUsxUMv.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bsSSccl.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNyuGxF.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mflNEPB.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGEDuZh.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RgccSrj.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JNDFbJy.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pFGacTq.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lShxRej.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BMbsfmz.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oIOqgVn.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WSolIyo.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fdJXNJx.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NHyvpTy.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GgTRyPK.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bgTuHDr.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oBzPOWp.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OUmpldv.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IsqLEVf.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxBfawN.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpuNndW.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JwWUJYy.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uzFhhXB.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbfFDtT.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XECpkti.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjcLxRG.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GSsRylX.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JAwBMxO.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IZZtOdd.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QmonEpY.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VLwGfFo.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZfYStAL.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CtchniG.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zEwRIoQ.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hxrocXb.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yAufpjd.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JYmqvuu.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yJxlODK.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvNQnpH.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ggaJDPo.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rQqBfIb.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aqMhqVs.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WJBdGTx.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PmmwASl.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HNcOAyE.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHyqwgz.exe	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 1268	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1708 wrote to memory of 1268	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1708 wrote to memory of 1268	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1708 wrote to memory of 1808	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1708 wrote to memory of 1808	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1708 wrote to memory of 1808	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1708 wrote to memory of 2340	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1708 wrote to memory of 2340	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1708 wrote to memory of 2340	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1708 wrote to memory of 2244	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1708 wrote to memory of 2244	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1708 wrote to memory of 2244	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1708 wrote to memory of 2728	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1708 wrote to memory of 2728	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1708 wrote to memory of 2728	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1708 wrote to memory of 2840	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1708 wrote to memory of 2840	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1708 wrote to memory of 2840	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1708 wrote to memory of 2704	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1708 wrote to memory of 2704	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1708 wrote to memory of 2704	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1708 wrote to memory of 3004	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1708 wrote to memory of 3004	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1708 wrote to memory of 3004	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1708 wrote to memory of 2476	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1708 wrote to memory of 2476	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1708 wrote to memory of 2476	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1708 wrote to memory of 2636	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1708 wrote to memory of 2636	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1708 wrote to memory of 2636	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1708 wrote to memory of 1880	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1708 wrote to memory of 1880	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1708 wrote to memory of 1880	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1708 wrote to memory of 2712	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1708 wrote to memory of 2712	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1708 wrote to memory of 2712	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1708 wrote to memory of 2616	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1708 wrote to memory of 2616	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1708 wrote to memory of 2616	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1708 wrote to memory of 2672	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1708 wrote to memory of 2672	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1708 wrote to memory of 2672	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1708 wrote to memory of 2284	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1708 wrote to memory of 2284	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1708 wrote to memory of 2284	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1708 wrote to memory of 2176	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1708 wrote to memory of 2176	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1708 wrote to memory of 2176	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1708 wrote to memory of 1236	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1708 wrote to memory of 1236	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1708 wrote to memory of 1236	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1708 wrote to memory of 1548	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1708 wrote to memory of 1548	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1708 wrote to memory of 1548	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1708 wrote to memory of 2940	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1708 wrote to memory of 2940	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1708 wrote to memory of 2940	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1708 wrote to memory of 1120	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1708 wrote to memory of 1120	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1708 wrote to memory of 1120	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1708 wrote to memory of 636	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1708 wrote to memory of 636	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1708 wrote to memory of 636	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1708 wrote to memory of 2844	1708	2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-23_6db0494f2e2e339de46a7661f0786024_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\System\cKwrawt.exe
  C:\Windows\System\cKwrawt.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\SlrmyCE.exe
  C:\Windows\System\SlrmyCE.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\wkjkQke.exe
  C:\Windows\System\wkjkQke.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\uSWxWSD.exe
  C:\Windows\System\uSWxWSD.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\HCIzmOw.exe
  C:\Windows\System\HCIzmOw.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\gglSZsE.exe
  C:\Windows\System\gglSZsE.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\bfmPAVZ.exe
  C:\Windows\System\bfmPAVZ.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\SHNKsUZ.exe
  C:\Windows\System\SHNKsUZ.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\dkgPWfc.exe
  C:\Windows\System\dkgPWfc.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\dEhMtGp.exe
  C:\Windows\System\dEhMtGp.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\TdfbTVC.exe
  C:\Windows\System\TdfbTVC.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\MOLxlLQ.exe
  C:\Windows\System\MOLxlLQ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\vUYpEmA.exe
  C:\Windows\System\vUYpEmA.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\CqBfMao.exe
  C:\Windows\System\CqBfMao.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\gtGUkLO.exe
  C:\Windows\System\gtGUkLO.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\qzICnEQ.exe
  C:\Windows\System\qzICnEQ.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\aAzRssE.exe
  C:\Windows\System\aAzRssE.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\IGJRnXp.exe
  C:\Windows\System\IGJRnXp.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\ouzszax.exe
  C:\Windows\System\ouzszax.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\eWXVtlj.exe
  C:\Windows\System\eWXVtlj.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\cYFROPw.exe
  C:\Windows\System\cYFROPw.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\eVswRxS.exe
  C:\Windows\System\eVswRxS.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\yhzYmWI.exe
  C:\Windows\System\yhzYmWI.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\BYZOYVq.exe
  C:\Windows\System\BYZOYVq.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\WSolIyo.exe
  C:\Windows\System\WSolIyo.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\kEYDEhH.exe
  C:\Windows\System\kEYDEhH.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\qBMNpeY.exe
  C:\Windows\System\qBMNpeY.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\ENPqQoF.exe
  C:\Windows\System\ENPqQoF.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\RgNrGyN.exe
  C:\Windows\System\RgNrGyN.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\iOwUCbQ.exe
  C:\Windows\System\iOwUCbQ.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\SWAkpbs.exe
  C:\Windows\System\SWAkpbs.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\hGVJWXs.exe
  C:\Windows\System\hGVJWXs.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\bHSQOEy.exe
  C:\Windows\System\bHSQOEy.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\fKrxXCN.exe
  C:\Windows\System\fKrxXCN.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\niZHbmX.exe
  C:\Windows\System\niZHbmX.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\xdCUkuJ.exe
  C:\Windows\System\xdCUkuJ.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\XqqrEGp.exe
  C:\Windows\System\XqqrEGp.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\UNNRosz.exe
  C:\Windows\System\UNNRosz.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\gvYSimT.exe
  C:\Windows\System\gvYSimT.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\zmsllhm.exe
  C:\Windows\System\zmsllhm.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\bndpXoK.exe
  C:\Windows\System\bndpXoK.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\ezyXSkB.exe
  C:\Windows\System\ezyXSkB.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\OyMkXFU.exe
  C:\Windows\System\OyMkXFU.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\VeXPQCR.exe
  C:\Windows\System\VeXPQCR.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\EaaynAb.exe
  C:\Windows\System\EaaynAb.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\PbReAkT.exe
  C:\Windows\System\PbReAkT.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\WjkrsoP.exe
  C:\Windows\System\WjkrsoP.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\FKnBdhr.exe
  C:\Windows\System\FKnBdhr.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\rzBmncO.exe
  C:\Windows\System\rzBmncO.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\zrHeqsb.exe
  C:\Windows\System\zrHeqsb.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\aqMhqVs.exe
  C:\Windows\System\aqMhqVs.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\IzPVguY.exe
  C:\Windows\System\IzPVguY.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\nQejkHw.exe
  C:\Windows\System\nQejkHw.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\pnJPCZQ.exe
  C:\Windows\System\pnJPCZQ.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\jLnoVwS.exe
  C:\Windows\System\jLnoVwS.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\xcWjHuQ.exe
  C:\Windows\System\xcWjHuQ.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\ectykXo.exe
  C:\Windows\System\ectykXo.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\UCxJQpr.exe
  C:\Windows\System\UCxJQpr.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\kdUDEgi.exe
  C:\Windows\System\kdUDEgi.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\MlXAqSR.exe
  C:\Windows\System\MlXAqSR.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\lDRebXA.exe
  C:\Windows\System\lDRebXA.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\fNfgLiE.exe
  C:\Windows\System\fNfgLiE.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\yKiSARH.exe
  C:\Windows\System\yKiSARH.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\stZSIbR.exe
  C:\Windows\System\stZSIbR.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\ohkmtef.exe
  C:\Windows\System\ohkmtef.exe
  2⤵
  PID:2008
- C:\Windows\System\VBksxgR.exe
  C:\Windows\System\VBksxgR.exe
  2⤵
  PID:1984
- C:\Windows\System\rXsGIoy.exe
  C:\Windows\System\rXsGIoy.exe
  2⤵
  PID:2908
- C:\Windows\System\KkGQFcc.exe
  C:\Windows\System\KkGQFcc.exe
  2⤵
  PID:2776
- C:\Windows\System\oQpzSLA.exe
  C:\Windows\System\oQpzSLA.exe
  2⤵
  PID:2012
- C:\Windows\System\mSuRXaA.exe
  C:\Windows\System\mSuRXaA.exe
  2⤵
  PID:700
- C:\Windows\System\laByRUp.exe
  C:\Windows\System\laByRUp.exe
  2⤵
  PID:1516
- C:\Windows\System\VaPDqBs.exe
  C:\Windows\System\VaPDqBs.exe
  2⤵
  PID:3012
- C:\Windows\System\rWaxfmC.exe
  C:\Windows\System\rWaxfmC.exe
  2⤵
  PID:1340
- C:\Windows\System\aKabWMU.exe
  C:\Windows\System\aKabWMU.exe
  2⤵
  PID:2868
- C:\Windows\System\GJxpjZO.exe
  C:\Windows\System\GJxpjZO.exe
  2⤵
  PID:2372
- C:\Windows\System\jhTDoma.exe
  C:\Windows\System\jhTDoma.exe
  2⤵
  PID:276
- C:\Windows\System\vetIHrr.exe
  C:\Windows\System\vetIHrr.exe
  2⤵
  PID:3020
- C:\Windows\System\hcLoXwA.exe
  C:\Windows\System\hcLoXwA.exe
  2⤵
  PID:3068
- C:\Windows\System\iIANApc.exe
  C:\Windows\System\iIANApc.exe
  2⤵
  PID:1540
- C:\Windows\System\HINNTPt.exe
  C:\Windows\System\HINNTPt.exe
  2⤵
  PID:2292
- C:\Windows\System\YYurSlg.exe
  C:\Windows\System\YYurSlg.exe
  2⤵
  PID:2368
- C:\Windows\System\WJBdGTx.exe
  C:\Windows\System\WJBdGTx.exe
  2⤵
  PID:684
- C:\Windows\System\YWIpBim.exe
  C:\Windows\System\YWIpBim.exe
  2⤵
  PID:880
- C:\Windows\System\KTjpqTA.exe
  C:\Windows\System\KTjpqTA.exe
  2⤵
  PID:1576
- C:\Windows\System\mcKBIQi.exe
  C:\Windows\System\mcKBIQi.exe
  2⤵
  PID:2488
- C:\Windows\System\LTIKKCF.exe
  C:\Windows\System\LTIKKCF.exe
  2⤵
  PID:844
- C:\Windows\System\rtVLWxX.exe
  C:\Windows\System\rtVLWxX.exe
  2⤵
  PID:1008
- C:\Windows\System\nOdNdvg.exe
  C:\Windows\System\nOdNdvg.exe
  2⤵
  PID:2640
- C:\Windows\System\fdJXNJx.exe
  C:\Windows\System\fdJXNJx.exe
  2⤵
  PID:1560
- C:\Windows\System\outQSSJ.exe
  C:\Windows\System\outQSSJ.exe
  2⤵
  PID:2928
- C:\Windows\System\FZiaaMH.exe
  C:\Windows\System\FZiaaMH.exe
  2⤵
  PID:1028
- C:\Windows\System\qeogrzH.exe
  C:\Windows\System\qeogrzH.exe
  2⤵
  PID:1508
- C:\Windows\System\AeszAkm.exe
  C:\Windows\System\AeszAkm.exe
  2⤵
  PID:2424
- C:\Windows\System\lShxRej.exe
  C:\Windows\System\lShxRej.exe
  2⤵
  PID:1792
- C:\Windows\System\bGRXxqk.exe
  C:\Windows\System\bGRXxqk.exe
  2⤵
  PID:2496
- C:\Windows\System\LWMFszW.exe
  C:\Windows\System\LWMFszW.exe
  2⤵
  PID:3016
- C:\Windows\System\HGoKBae.exe
  C:\Windows\System\HGoKBae.exe
  2⤵
  PID:1580
- C:\Windows\System\pbfIbea.exe
  C:\Windows\System\pbfIbea.exe
  2⤵
  PID:1988
- C:\Windows\System\qmgygve.exe
  C:\Windows\System\qmgygve.exe
  2⤵
  PID:836
- C:\Windows\System\TLzrDAs.exe
  C:\Windows\System\TLzrDAs.exe
  2⤵
  PID:2972
- C:\Windows\System\eHLaiDC.exe
  C:\Windows\System\eHLaiDC.exe
  2⤵
  PID:796
- C:\Windows\System\ZiEnhOO.exe
  C:\Windows\System\ZiEnhOO.exe
  2⤵
  PID:1768
- C:\Windows\System\SfWAUcs.exe
  C:\Windows\System\SfWAUcs.exe
  2⤵
  PID:2260
- C:\Windows\System\SNcbsrp.exe
  C:\Windows\System\SNcbsrp.exe
  2⤵
  PID:816
- C:\Windows\System\iuGRdic.exe
  C:\Windows\System\iuGRdic.exe
  2⤵
  PID:2956
- C:\Windows\System\VDckiCZ.exe
  C:\Windows\System\VDckiCZ.exe
  2⤵
  PID:2072
- C:\Windows\System\WBbpmpk.exe
  C:\Windows\System\WBbpmpk.exe
  2⤵
  PID:1504
- C:\Windows\System\hHeLRHP.exe
  C:\Windows\System\hHeLRHP.exe
  2⤵
  PID:2312
- C:\Windows\System\MkZSaec.exe
  C:\Windows\System\MkZSaec.exe
  2⤵
  PID:1888
- C:\Windows\System\CefJVkX.exe
  C:\Windows\System\CefJVkX.exe
  2⤵
  PID:316
- C:\Windows\System\KODDITX.exe
  C:\Windows\System\KODDITX.exe
  2⤵
  PID:764
- C:\Windows\System\AytfMjl.exe
  C:\Windows\System\AytfMjl.exe
  2⤵
  PID:2596
- C:\Windows\System\pHlQYKs.exe
  C:\Windows\System\pHlQYKs.exe
  2⤵
  PID:1056
- C:\Windows\System\AbODmVS.exe
  C:\Windows\System\AbODmVS.exe
  2⤵
  PID:1592
- C:\Windows\System\OLHYMOU.exe
  C:\Windows\System\OLHYMOU.exe
  2⤵
  PID:2200
- C:\Windows\System\vkwlwlr.exe
  C:\Windows\System\vkwlwlr.exe
  2⤵
  PID:2232
- C:\Windows\System\AHoahsW.exe
  C:\Windows\System\AHoahsW.exe
  2⤵
  PID:1132
- C:\Windows\System\AhpUKyx.exe
  C:\Windows\System\AhpUKyx.exe
  2⤵
  PID:2052
- C:\Windows\System\CtchniG.exe
  C:\Windows\System\CtchniG.exe
  2⤵
  PID:2152
- C:\Windows\System\aGhvqmJ.exe
  C:\Windows\System\aGhvqmJ.exe
  2⤵
  PID:2912
- C:\Windows\System\dVJuWBN.exe
  C:\Windows\System\dVJuWBN.exe
  2⤵
  PID:3076
- C:\Windows\System\qiyhBSj.exe
  C:\Windows\System\qiyhBSj.exe
  2⤵
  PID:3092
- C:\Windows\System\woqygin.exe
  C:\Windows\System\woqygin.exe
  2⤵
  PID:3112
- C:\Windows\System\XQMQfve.exe
  C:\Windows\System\XQMQfve.exe
  2⤵
  PID:3140
- C:\Windows\System\PZODWDg.exe
  C:\Windows\System\PZODWDg.exe
  2⤵
  PID:3164
- C:\Windows\System\LzrXIrT.exe
  C:\Windows\System\LzrXIrT.exe
  2⤵
  PID:3180
- C:\Windows\System\FdQazQG.exe
  C:\Windows\System\FdQazQG.exe
  2⤵
  PID:3204
- C:\Windows\System\MXsUCGs.exe
  C:\Windows\System\MXsUCGs.exe
  2⤵
  PID:3220
- C:\Windows\System\SbcVrxm.exe
  C:\Windows\System\SbcVrxm.exe
  2⤵
  PID:3244
- C:\Windows\System\DuXFego.exe
  C:\Windows\System\DuXFego.exe
  2⤵
  PID:3260
- C:\Windows\System\uQeHqCw.exe
  C:\Windows\System\uQeHqCw.exe
  2⤵
  PID:3280
- C:\Windows\System\KlJMwzK.exe
  C:\Windows\System\KlJMwzK.exe
  2⤵
  PID:3300
- C:\Windows\System\ZrCkoPK.exe
  C:\Windows\System\ZrCkoPK.exe
  2⤵
  PID:3324
- C:\Windows\System\xabIlVa.exe
  C:\Windows\System\xabIlVa.exe
  2⤵
  PID:3344
- C:\Windows\System\IrXeVly.exe
  C:\Windows\System\IrXeVly.exe
  2⤵
  PID:3360
- C:\Windows\System\vhNeuxp.exe
  C:\Windows\System\vhNeuxp.exe
  2⤵
  PID:3384
- C:\Windows\System\ruzbvCs.exe
  C:\Windows\System\ruzbvCs.exe
  2⤵
  PID:3400
- C:\Windows\System\GAJnied.exe
  C:\Windows\System\GAJnied.exe
  2⤵
  PID:3416
- C:\Windows\System\IaQRdIU.exe
  C:\Windows\System\IaQRdIU.exe
  2⤵
  PID:3440
- C:\Windows\System\nYsxnBR.exe
  C:\Windows\System\nYsxnBR.exe
  2⤵
  PID:3456
- C:\Windows\System\WJigAqL.exe
  C:\Windows\System\WJigAqL.exe
  2⤵
  PID:3480
- C:\Windows\System\GeEROco.exe
  C:\Windows\System\GeEROco.exe
  2⤵
  PID:3496
- C:\Windows\System\mlxWBdC.exe
  C:\Windows\System\mlxWBdC.exe
  2⤵
  PID:3512
- C:\Windows\System\zznapBQ.exe
  C:\Windows\System\zznapBQ.exe
  2⤵
  PID:3532
- C:\Windows\System\xfGlGfk.exe
  C:\Windows\System\xfGlGfk.exe
  2⤵
  PID:3548
- C:\Windows\System\fdxXSdr.exe
  C:\Windows\System\fdxXSdr.exe
  2⤵
  PID:3564
- C:\Windows\System\TgtVUIF.exe
  C:\Windows\System\TgtVUIF.exe
  2⤵
  PID:3580
- C:\Windows\System\vmlWWzB.exe
  C:\Windows\System\vmlWWzB.exe
  2⤵
  PID:3600
- C:\Windows\System\hyoAUlS.exe
  C:\Windows\System\hyoAUlS.exe
  2⤵
  PID:3620
- C:\Windows\System\VwpvuAZ.exe
  C:\Windows\System\VwpvuAZ.exe
  2⤵
  PID:3640
- C:\Windows\System\qhdHCGf.exe
  C:\Windows\System\qhdHCGf.exe
  2⤵
  PID:3660
- C:\Windows\System\IlWGNJM.exe
  C:\Windows\System\IlWGNJM.exe
  2⤵
  PID:3676
- C:\Windows\System\PvMtldi.exe
  C:\Windows\System\PvMtldi.exe
  2⤵
  PID:3700
- C:\Windows\System\Fcrfemq.exe
  C:\Windows\System\Fcrfemq.exe
  2⤵
  PID:3716
- C:\Windows\System\fjMYYyR.exe
  C:\Windows\System\fjMYYyR.exe
  2⤵
  PID:3732
- C:\Windows\System\ODRKKew.exe
  C:\Windows\System\ODRKKew.exe
  2⤵
  PID:3748
- C:\Windows\System\WczhkVa.exe
  C:\Windows\System\WczhkVa.exe
  2⤵
  PID:3764
- C:\Windows\System\BiRqztm.exe
  C:\Windows\System\BiRqztm.exe
  2⤵
  PID:3780
- C:\Windows\System\FMAvodp.exe
  C:\Windows\System\FMAvodp.exe
  2⤵
  PID:3796
- C:\Windows\System\iejHdiD.exe
  C:\Windows\System\iejHdiD.exe
  2⤵
  PID:3928
- C:\Windows\System\HoQFeBK.exe
  C:\Windows\System\HoQFeBK.exe
  2⤵
  PID:3992
- C:\Windows\System\zEwRIoQ.exe
  C:\Windows\System\zEwRIoQ.exe
  2⤵
  PID:4008
- C:\Windows\System\AjgzDTQ.exe
  C:\Windows\System\AjgzDTQ.exe
  2⤵
  PID:4024
- C:\Windows\System\bfPrGzk.exe
  C:\Windows\System\bfPrGzk.exe
  2⤵
  PID:4040
- C:\Windows\System\stIqTuK.exe
  C:\Windows\System\stIqTuK.exe
  2⤵
  PID:4056
- C:\Windows\System\Tyuivhy.exe
  C:\Windows\System\Tyuivhy.exe
  2⤵
  PID:4072
- C:\Windows\System\rODlanB.exe
  C:\Windows\System\rODlanB.exe
  2⤵
  PID:4088
- C:\Windows\System\QqCHRdi.exe
  C:\Windows\System\QqCHRdi.exe
  2⤵
  PID:1700
- C:\Windows\System\jMqtjhm.exe
  C:\Windows\System\jMqtjhm.exe
  2⤵
  PID:940
- C:\Windows\System\rMjsETY.exe
  C:\Windows\System\rMjsETY.exe
  2⤵
  PID:1652
- C:\Windows\System\jRecyPs.exe
  C:\Windows\System\jRecyPs.exe
  2⤵
  PID:1376
- C:\Windows\System\ugfkuJb.exe
  C:\Windows\System\ugfkuJb.exe
  2⤵
  PID:3088
- C:\Windows\System\PUVrIHc.exe
  C:\Windows\System\PUVrIHc.exe
  2⤵
  PID:992
- C:\Windows\System\QuzwJyL.exe
  C:\Windows\System\QuzwJyL.exe
  2⤵
  PID:3124
- C:\Windows\System\xfCEkEw.exe
  C:\Windows\System\xfCEkEw.exe
  2⤵
  PID:3172
- C:\Windows\System\aLvjphW.exe
  C:\Windows\System\aLvjphW.exe
  2⤵
  PID:3100
- C:\Windows\System\sGvWFMb.exe
  C:\Windows\System\sGvWFMb.exe
  2⤵
  PID:1556
- C:\Windows\System\VEQFvJL.exe
  C:\Windows\System\VEQFvJL.exe
  2⤵
  PID:3212
- C:\Windows\System\xRLNseC.exe
  C:\Windows\System\xRLNseC.exe
  2⤵
  PID:3152
- C:\Windows\System\rbkebSD.exe
  C:\Windows\System\rbkebSD.exe
  2⤵
  PID:3256
- C:\Windows\System\gDGXLwI.exe
  C:\Windows\System\gDGXLwI.exe
  2⤵
  PID:3292
- C:\Windows\System\lOkefdL.exe
  C:\Windows\System\lOkefdL.exe
  2⤵
  PID:3332
- C:\Windows\System\ZqIDUWK.exe
  C:\Windows\System\ZqIDUWK.exe
  2⤵
  PID:3372
- C:\Windows\System\wiwBWlV.exe
  C:\Windows\System\wiwBWlV.exe
  2⤵
  PID:3396
- C:\Windows\System\VdHGYYH.exe
  C:\Windows\System\VdHGYYH.exe
  2⤵
  PID:3272
- C:\Windows\System\MEwUYWG.exe
  C:\Windows\System\MEwUYWG.exe
  2⤵
  PID:3320
- C:\Windows\System\VIQQFLa.exe
  C:\Windows\System\VIQQFLa.exe
  2⤵
  PID:3424
- C:\Windows\System\QKTcTpt.exe
  C:\Windows\System\QKTcTpt.exe
  2⤵
  PID:3448
- C:\Windows\System\JwECTtT.exe
  C:\Windows\System\JwECTtT.exe
  2⤵
  PID:3472
- C:\Windows\System\bomWkFa.exe
  C:\Windows\System\bomWkFa.exe
  2⤵
  PID:3488
- C:\Windows\System\GTEySol.exe
  C:\Windows\System\GTEySol.exe
  2⤵
  PID:3556
- C:\Windows\System\IDzdlRz.exe
  C:\Windows\System\IDzdlRz.exe
  2⤵
  PID:2508
- C:\Windows\System\aBVcAsl.exe
  C:\Windows\System\aBVcAsl.exe
  2⤵
  PID:3668
- C:\Windows\System\lRKTxMi.exe
  C:\Windows\System\lRKTxMi.exe
  2⤵
  PID:3696
- C:\Windows\System\QNMBiUx.exe
  C:\Windows\System\QNMBiUx.exe
  2⤵
  PID:3744
- C:\Windows\System\tFynGiM.exe
  C:\Windows\System\tFynGiM.exe
  2⤵
  PID:3808
- C:\Windows\System\BMbsfmz.exe
  C:\Windows\System\BMbsfmz.exe
  2⤵
  PID:3760
- C:\Windows\System\DmmSaJI.exe
  C:\Windows\System\DmmSaJI.exe
  2⤵
  PID:3392
- C:\Windows\System\uwHyEzI.exe
  C:\Windows\System\uwHyEzI.exe
  2⤵
  PID:3616
- C:\Windows\System\OqlLIEK.exe
  C:\Windows\System\OqlLIEK.exe
  2⤵
  PID:3684
- C:\Windows\System\RyvhDzT.exe
  C:\Windows\System\RyvhDzT.exe
  2⤵
  PID:3508
- C:\Windows\System\GMTCzqx.exe
  C:\Windows\System\GMTCzqx.exe
  2⤵
  PID:3940
- C:\Windows\System\aBUjZeM.exe
  C:\Windows\System\aBUjZeM.exe
  2⤵
  PID:3956
- C:\Windows\System\hixjxqc.exe
  C:\Windows\System\hixjxqc.exe
  2⤵
  PID:3972
- C:\Windows\System\dBAvaMn.exe
  C:\Windows\System\dBAvaMn.exe
  2⤵
  PID:4000
- C:\Windows\System\sunWYAZ.exe
  C:\Windows\System\sunWYAZ.exe
  2⤵
  PID:4036
- C:\Windows\System\HOJLQCp.exe
  C:\Windows\System\HOJLQCp.exe
  2⤵
  PID:4048
- C:\Windows\System\DKCqMjC.exe
  C:\Windows\System\DKCqMjC.exe
  2⤵
  PID:4080
- C:\Windows\System\XKqXjGN.exe
  C:\Windows\System\XKqXjGN.exe
  2⤵
  PID:2816
- C:\Windows\System\ovzPYrf.exe
  C:\Windows\System\ovzPYrf.exe
  2⤵
  PID:1732
- C:\Windows\System\LPkXpWj.exe
  C:\Windows\System\LPkXpWj.exe
  2⤵
  PID:3120
- C:\Windows\System\mFamtwU.exe
  C:\Windows\System\mFamtwU.exe
  2⤵
  PID:3036
- C:\Windows\System\PIrIqNY.exe
  C:\Windows\System\PIrIqNY.exe
  2⤵
  PID:2752
- C:\Windows\System\ptidLXJ.exe
  C:\Windows\System\ptidLXJ.exe
  2⤵
  PID:3200
- C:\Windows\System\DPQeWMw.exe
  C:\Windows\System\DPQeWMw.exe
  2⤵
  PID:3148
- C:\Windows\System\lpnVhun.exe
  C:\Windows\System\lpnVhun.exe
  2⤵
  PID:3236
- C:\Windows\System\wtyoRnQ.exe
  C:\Windows\System\wtyoRnQ.exe
  2⤵
  PID:3368
- C:\Windows\System\pYVQDVK.exe
  C:\Windows\System\pYVQDVK.exe
  2⤵
  PID:3312
- C:\Windows\System\RdaNYyN.exe
  C:\Windows\System\RdaNYyN.exe
  2⤵
  PID:3268
- C:\Windows\System\XCgZkPP.exe
  C:\Windows\System\XCgZkPP.exe
  2⤵
  PID:3692
- C:\Windows\System\oXPxOlo.exe
  C:\Windows\System\oXPxOlo.exe
  2⤵
  PID:3464
- C:\Windows\System\fwHbyWG.exe
  C:\Windows\System\fwHbyWG.exe
  2⤵
  PID:3636
- C:\Windows\System\USFXedS.exe
  C:\Windows\System\USFXedS.exe
  2⤵
  PID:3468
- C:\Windows\System\DEfHeUf.exe
  C:\Windows\System\DEfHeUf.exe
  2⤵
  PID:3728
- C:\Windows\System\qJbQMaQ.exe
  C:\Windows\System\qJbQMaQ.exe
  2⤵
  PID:3612
- C:\Windows\System\cjFlQhm.exe
  C:\Windows\System\cjFlQhm.exe
  2⤵
  PID:3540
- C:\Windows\System\CVcbXiI.exe
  C:\Windows\System\CVcbXiI.exe
  2⤵
  PID:3952
- C:\Windows\System\sbFOBUw.exe
  C:\Windows\System\sbFOBUw.exe
  2⤵
  PID:4104
- C:\Windows\System\ywmhhNE.exe
  C:\Windows\System\ywmhhNE.exe
  2⤵
  PID:4120
- C:\Windows\System\PByJwmK.exe
  C:\Windows\System\PByJwmK.exe
  2⤵
  PID:4136
- C:\Windows\System\ttDvwDj.exe
  C:\Windows\System\ttDvwDj.exe
  2⤵
  PID:4152
- C:\Windows\System\zrLiPRZ.exe
  C:\Windows\System\zrLiPRZ.exe
  2⤵
  PID:4168
- C:\Windows\System\ppRNRce.exe
  C:\Windows\System\ppRNRce.exe
  2⤵
  PID:4184
- C:\Windows\System\VKCCAPy.exe
  C:\Windows\System\VKCCAPy.exe
  2⤵
  PID:4200
- C:\Windows\System\CClWxca.exe
  C:\Windows\System\CClWxca.exe
  2⤵
  PID:4216
- C:\Windows\System\UDeAewi.exe
  C:\Windows\System\UDeAewi.exe
  2⤵
  PID:4232
- C:\Windows\System\JxVnCqz.exe
  C:\Windows\System\JxVnCqz.exe
  2⤵
  PID:4248
- C:\Windows\System\XcWruNE.exe
  C:\Windows\System\XcWruNE.exe
  2⤵
  PID:4264
- C:\Windows\System\dfPpwxe.exe
  C:\Windows\System\dfPpwxe.exe
  2⤵
  PID:4280
- C:\Windows\System\URmeDWd.exe
  C:\Windows\System\URmeDWd.exe
  2⤵
  PID:4296
- C:\Windows\System\lwUstAv.exe
  C:\Windows\System\lwUstAv.exe
  2⤵
  PID:4312
- C:\Windows\System\eCQqugv.exe
  C:\Windows\System\eCQqugv.exe
  2⤵
  PID:4328
- C:\Windows\System\IMXEmVT.exe
  C:\Windows\System\IMXEmVT.exe
  2⤵
  PID:4344
- C:\Windows\System\ppunDjD.exe
  C:\Windows\System\ppunDjD.exe
  2⤵
  PID:4360
- C:\Windows\System\gUFCoML.exe
  C:\Windows\System\gUFCoML.exe
  2⤵
  PID:4376
- C:\Windows\System\YZuwqVR.exe
  C:\Windows\System\YZuwqVR.exe
  2⤵
  PID:4392
- C:\Windows\System\TWGNiCL.exe
  C:\Windows\System\TWGNiCL.exe
  2⤵
  PID:4408
- C:\Windows\System\NSkRLjz.exe
  C:\Windows\System\NSkRLjz.exe
  2⤵
  PID:4424
- C:\Windows\System\boNGeYR.exe
  C:\Windows\System\boNGeYR.exe
  2⤵
  PID:4440
- C:\Windows\System\amSssFr.exe
  C:\Windows\System\amSssFr.exe
  2⤵
  PID:4456
- C:\Windows\System\gubkXrH.exe
  C:\Windows\System\gubkXrH.exe
  2⤵
  PID:4472
- C:\Windows\System\WveRzRr.exe
  C:\Windows\System\WveRzRr.exe
  2⤵
  PID:4488
- C:\Windows\System\yAufpjd.exe
  C:\Windows\System\yAufpjd.exe
  2⤵
  PID:4504
- C:\Windows\System\WUsxUMv.exe
  C:\Windows\System\WUsxUMv.exe
  2⤵
  PID:4520
- C:\Windows\System\wcjOVZk.exe
  C:\Windows\System\wcjOVZk.exe
  2⤵
  PID:4536
- C:\Windows\System\kfrUVev.exe
  C:\Windows\System\kfrUVev.exe
  2⤵
  PID:4552
- C:\Windows\System\rpGvlJA.exe
  C:\Windows\System\rpGvlJA.exe
  2⤵
  PID:4572
- C:\Windows\System\iMWvBPf.exe
  C:\Windows\System\iMWvBPf.exe
  2⤵
  PID:4588
- C:\Windows\System\WIuFHtp.exe
  C:\Windows\System\WIuFHtp.exe
  2⤵
  PID:4604
- C:\Windows\System\JUePZru.exe
  C:\Windows\System\JUePZru.exe
  2⤵
  PID:4620
- C:\Windows\System\stdeIsm.exe
  C:\Windows\System\stdeIsm.exe
  2⤵
  PID:4636
- C:\Windows\System\CwXBDda.exe
  C:\Windows\System\CwXBDda.exe
  2⤵
  PID:4652
- C:\Windows\System\VAmhMNW.exe
  C:\Windows\System\VAmhMNW.exe
  2⤵
  PID:4668
- C:\Windows\System\jkxHjGp.exe
  C:\Windows\System\jkxHjGp.exe
  2⤵
  PID:4684
- C:\Windows\System\IZVAGZu.exe
  C:\Windows\System\IZVAGZu.exe
  2⤵
  PID:4700
- C:\Windows\System\mMLvFaU.exe
  C:\Windows\System\mMLvFaU.exe
  2⤵
  PID:4716
- C:\Windows\System\gIcwOzc.exe
  C:\Windows\System\gIcwOzc.exe
  2⤵
  PID:4732
- C:\Windows\System\QPkOrow.exe
  C:\Windows\System\QPkOrow.exe
  2⤵
  PID:4748
- C:\Windows\System\vCfEVeR.exe
  C:\Windows\System\vCfEVeR.exe
  2⤵
  PID:4764
- C:\Windows\System\wqtLyJq.exe
  C:\Windows\System\wqtLyJq.exe
  2⤵
  PID:4780
- C:\Windows\System\mqsQAhB.exe
  C:\Windows\System\mqsQAhB.exe
  2⤵
  PID:4796
- C:\Windows\System\brdPtji.exe
  C:\Windows\System\brdPtji.exe
  2⤵
  PID:4812
- C:\Windows\System\vHoVzWL.exe
  C:\Windows\System\vHoVzWL.exe
  2⤵
  PID:4828
- C:\Windows\System\wZgIIQj.exe
  C:\Windows\System\wZgIIQj.exe
  2⤵
  PID:4844
- C:\Windows\System\KGOHcfD.exe
  C:\Windows\System\KGOHcfD.exe
  2⤵
  PID:4860
- C:\Windows\System\THtXsHy.exe
  C:\Windows\System\THtXsHy.exe
  2⤵
  PID:4876
- C:\Windows\System\QwyCdsl.exe
  C:\Windows\System\QwyCdsl.exe
  2⤵
  PID:4892
- C:\Windows\System\aMRrmTx.exe
  C:\Windows\System\aMRrmTx.exe
  2⤵
  PID:4908
- C:\Windows\System\tduaFTJ.exe
  C:\Windows\System\tduaFTJ.exe
  2⤵
  PID:4924
- C:\Windows\System\aeSCcaV.exe
  C:\Windows\System\aeSCcaV.exe
  2⤵
  PID:4940
- C:\Windows\System\StXOkiD.exe
  C:\Windows\System\StXOkiD.exe
  2⤵
  PID:4956
- C:\Windows\System\UpDkCkk.exe
  C:\Windows\System\UpDkCkk.exe
  2⤵
  PID:4972
- C:\Windows\System\vBJUWOA.exe
  C:\Windows\System\vBJUWOA.exe
  2⤵
  PID:4988
- C:\Windows\System\uxZneGW.exe
  C:\Windows\System\uxZneGW.exe
  2⤵
  PID:5004
- C:\Windows\System\pQYMVkJ.exe
  C:\Windows\System\pQYMVkJ.exe
  2⤵
  PID:5020
- C:\Windows\System\yGAQkLj.exe
  C:\Windows\System\yGAQkLj.exe
  2⤵
  PID:5036
- C:\Windows\System\OfRTlDs.exe
  C:\Windows\System\OfRTlDs.exe
  2⤵
  PID:5052
- C:\Windows\System\RfkRilF.exe
  C:\Windows\System\RfkRilF.exe
  2⤵
  PID:5068
- C:\Windows\System\GyFwtnq.exe
  C:\Windows\System\GyFwtnq.exe
  2⤵
  PID:5084
- C:\Windows\System\OHHiZWO.exe
  C:\Windows\System\OHHiZWO.exe
  2⤵
  PID:5100
- C:\Windows\System\cMZYZVj.exe
  C:\Windows\System\cMZYZVj.exe
  2⤵
  PID:5116
- C:\Windows\System\TNvqzdF.exe
  C:\Windows\System\TNvqzdF.exe
  2⤵
  PID:3984
- C:\Windows\System\wItqEzF.exe
  C:\Windows\System\wItqEzF.exe
  2⤵
  PID:3132
- C:\Windows\System\pzBQYXv.exe
  C:\Windows\System\pzBQYXv.exe
  2⤵
  PID:552
- C:\Windows\System\tedxNhR.exe
  C:\Windows\System\tedxNhR.exe
  2⤵
  PID:3408
- C:\Windows\System\QVWOTJz.exe
  C:\Windows\System\QVWOTJz.exe
  2⤵
  PID:3316
- C:\Windows\System\xNyuGxF.exe
  C:\Windows\System\xNyuGxF.exe
  2⤵
  PID:3352
- C:\Windows\System\mequOiG.exe
  C:\Windows\System\mequOiG.exe
  2⤵
  PID:3528
- C:\Windows\System\WIeBhdS.exe
  C:\Windows\System\WIeBhdS.exe
  2⤵
  PID:3804
- C:\Windows\System\RNVtFlv.exe
  C:\Windows\System\RNVtFlv.exe
  2⤵
  PID:3924
- C:\Windows\System\PbeVvNV.exe
  C:\Windows\System\PbeVvNV.exe
  2⤵
  PID:4100
- C:\Windows\System\cJTORpS.exe
  C:\Windows\System\cJTORpS.exe
  2⤵
  PID:4112
- C:\Windows\System\OTPqvAk.exe
  C:\Windows\System\OTPqvAk.exe
  2⤵
  PID:4116
- C:\Windows\System\JYmqvuu.exe
  C:\Windows\System\JYmqvuu.exe
  2⤵
  PID:4196
- C:\Windows\System\sxXeNpj.exe
  C:\Windows\System\sxXeNpj.exe
  2⤵
  PID:4180
- C:\Windows\System\GJopWeK.exe
  C:\Windows\System\GJopWeK.exe
  2⤵
  PID:4256
- C:\Windows\System\zFFJCnD.exe
  C:\Windows\System\zFFJCnD.exe
  2⤵
  PID:4240
- C:\Windows\System\sHHMFix.exe
  C:\Windows\System\sHHMFix.exe
  2⤵
  PID:4324
- C:\Windows\System\rzNUWjS.exe
  C:\Windows\System\rzNUWjS.exe
  2⤵
  PID:4308
- C:\Windows\System\YYvuSVR.exe
  C:\Windows\System\YYvuSVR.exe
  2⤵
  PID:4340
- C:\Windows\System\idvTXcV.exe
  C:\Windows\System\idvTXcV.exe
  2⤵
  PID:4368
- C:\Windows\System\NsUzDVI.exe
  C:\Windows\System\NsUzDVI.exe
  2⤵
  PID:4448
- C:\Windows\System\KKdzvdw.exe
  C:\Windows\System\KKdzvdw.exe
  2⤵
  PID:4480
- C:\Windows\System\DyNzmWi.exe
  C:\Windows\System\DyNzmWi.exe
  2⤵
  PID:4436
- C:\Windows\System\osCeMfo.exe
  C:\Windows\System\osCeMfo.exe
  2⤵
  PID:4544
- C:\Windows\System\NjzRbNH.exe
  C:\Windows\System\NjzRbNH.exe
  2⤵
  PID:4560
- C:\Windows\System\PNdrZsF.exe
  C:\Windows\System\PNdrZsF.exe
  2⤵
  PID:4596
- C:\Windows\System\WLgwEYc.exe
  C:\Windows\System\WLgwEYc.exe
  2⤵
  PID:4644
- C:\Windows\System\gREGXzp.exe
  C:\Windows\System\gREGXzp.exe
  2⤵
  PID:4676
- C:\Windows\System\DNkNsrf.exe
  C:\Windows\System\DNkNsrf.exe
  2⤵
  PID:4708
- C:\Windows\System\adNuCfd.exe
  C:\Windows\System\adNuCfd.exe
  2⤵
  PID:4772
- C:\Windows\System\zkGWvtS.exe
  C:\Windows\System\zkGWvtS.exe
  2⤵
  PID:4836
- C:\Windows\System\AnioSNn.exe
  C:\Windows\System\AnioSNn.exe
  2⤵
  PID:4900
- C:\Windows\System\rzAfWJm.exe
  C:\Windows\System\rzAfWJm.exe
  2⤵
  PID:4964
- C:\Windows\System\kgcGiWN.exe
  C:\Windows\System\kgcGiWN.exe
  2⤵
  PID:4728
- C:\Windows\System\SabYAsm.exe
  C:\Windows\System\SabYAsm.exe
  2⤵
  PID:4996
- C:\Windows\System\FfEVDZo.exe
  C:\Windows\System\FfEVDZo.exe
  2⤵
  PID:5028
- C:\Windows\System\tDFQfjm.exe
  C:\Windows\System\tDFQfjm.exe
  2⤵
  PID:5092
- C:\Windows\System\tfpCdJX.exe
  C:\Windows\System\tfpCdJX.exe
  2⤵
  PID:4820
- C:\Windows\System\pKPSaFC.exe
  C:\Windows\System\pKPSaFC.exe
  2⤵
  PID:4884
- C:\Windows\System\tRQSxPa.exe
  C:\Windows\System\tRQSxPa.exe
  2⤵
  PID:4916
- C:\Windows\System\uzFhhXB.exe
  C:\Windows\System\uzFhhXB.exe
  2⤵
  PID:4980
- C:\Windows\System\Rpavjuq.exe
  C:\Windows\System\Rpavjuq.exe
  2⤵
  PID:5044
- C:\Windows\System\WNGZEks.exe
  C:\Windows\System\WNGZEks.exe
  2⤵
  PID:3596
- C:\Windows\System\SZtxjYe.exe
  C:\Windows\System\SZtxjYe.exe
  2⤵
  PID:3740
- C:\Windows\System\qZZrseJ.exe
  C:\Windows\System\qZZrseJ.exe
  2⤵
  PID:5108
- C:\Windows\System\wMlvPsO.exe
  C:\Windows\System\wMlvPsO.exe
  2⤵
  PID:4128
- C:\Windows\System\sdXJVLB.exe
  C:\Windows\System\sdXJVLB.exe
  2⤵
  PID:3240
- C:\Windows\System\svKtIie.exe
  C:\Windows\System\svKtIie.exe
  2⤵
  PID:4164
- C:\Windows\System\VMckXaK.exe
  C:\Windows\System\VMckXaK.exe
  2⤵
  PID:3988
- C:\Windows\System\NVaveHh.exe
  C:\Windows\System\NVaveHh.exe
  2⤵
  PID:4148
- C:\Windows\System\tPjNisT.exe
  C:\Windows\System\tPjNisT.exe
  2⤵
  PID:4288
- C:\Windows\System\FOGCoLD.exe
  C:\Windows\System\FOGCoLD.exe
  2⤵
  PID:4420
- C:\Windows\System\DwgNcNt.exe
  C:\Windows\System\DwgNcNt.exe
  2⤵
  PID:4528
- C:\Windows\System\jVmtbdK.exe
  C:\Windows\System\jVmtbdK.exe
  2⤵
  PID:4616
- C:\Windows\System\nbvljpt.exe
  C:\Windows\System\nbvljpt.exe
  2⤵
  PID:4468
- C:\Windows\System\IaRJZlq.exe
  C:\Windows\System\IaRJZlq.exe
  2⤵
  PID:4664
- C:\Windows\System\bzOOfFe.exe
  C:\Windows\System\bzOOfFe.exe
  2⤵
  PID:4932
- C:\Windows\System\eCBRNCA.exe
  C:\Windows\System\eCBRNCA.exe
  2⤵
  PID:4756
- C:\Windows\System\rfnqpes.exe
  C:\Windows\System\rfnqpes.exe
  2⤵
  PID:4740
- C:\Windows\System\sXYjPlb.exe
  C:\Windows\System\sXYjPlb.exe
  2⤵
  PID:4852
- C:\Windows\System\CPlVPFm.exe
  C:\Windows\System\CPlVPFm.exe
  2⤵
  PID:4696
- C:\Windows\System\MBlnhaZ.exe
  C:\Windows\System\MBlnhaZ.exe
  2⤵
  PID:4952
- C:\Windows\System\qsKurJg.exe
  C:\Windows\System\qsKurJg.exe
  2⤵
  PID:5112
- C:\Windows\System\BBToxCN.exe
  C:\Windows\System\BBToxCN.exe
  2⤵
  PID:2400
- C:\Windows\System\IPfKwED.exe
  C:\Windows\System\IPfKwED.exe
  2⤵
  PID:5080
- C:\Windows\System\JJclFMl.exe
  C:\Windows\System\JJclFMl.exe
  2⤵
  PID:4228
- C:\Windows\System\hZKjRSh.exe
  C:\Windows\System\hZKjRSh.exe
  2⤵
  PID:3792
- C:\Windows\System\aziHpvY.exe
  C:\Windows\System\aziHpvY.exe
  2⤵
  PID:5128
- C:\Windows\System\utJpYAE.exe
  C:\Windows\System\utJpYAE.exe
  2⤵
  PID:5144
- C:\Windows\System\HhiWTbm.exe
  C:\Windows\System\HhiWTbm.exe
  2⤵
  PID:5160
- C:\Windows\System\vSKYplw.exe
  C:\Windows\System\vSKYplw.exe
  2⤵
  PID:5176
- C:\Windows\System\tvXPytq.exe
  C:\Windows\System\tvXPytq.exe
  2⤵
  PID:5192
- C:\Windows\System\bzeNlOz.exe
  C:\Windows\System\bzeNlOz.exe
  2⤵
  PID:5208
- C:\Windows\System\JSratQV.exe
  C:\Windows\System\JSratQV.exe
  2⤵
  PID:5224
- C:\Windows\System\amnSxOc.exe
  C:\Windows\System\amnSxOc.exe
  2⤵
  PID:5240
- C:\Windows\System\mWdrGUr.exe
  C:\Windows\System\mWdrGUr.exe
  2⤵
  PID:5256
- C:\Windows\System\Odilopr.exe
  C:\Windows\System\Odilopr.exe
  2⤵
  PID:5272
- C:\Windows\System\UJZNUXM.exe
  C:\Windows\System\UJZNUXM.exe
  2⤵
  PID:5288
- C:\Windows\System\GpFuMIr.exe
  C:\Windows\System\GpFuMIr.exe
  2⤵
  PID:5304
- C:\Windows\System\lGiUTIR.exe
  C:\Windows\System\lGiUTIR.exe
  2⤵
  PID:5320
- C:\Windows\System\prbhMSC.exe
  C:\Windows\System\prbhMSC.exe
  2⤵
  PID:5336
- C:\Windows\System\KqZcFoP.exe
  C:\Windows\System\KqZcFoP.exe
  2⤵
  PID:5352
- C:\Windows\System\yzWQZTU.exe
  C:\Windows\System\yzWQZTU.exe
  2⤵
  PID:5368
- C:\Windows\System\bTLVvqv.exe
  C:\Windows\System\bTLVvqv.exe
  2⤵
  PID:5384
- C:\Windows\System\qjRjwuA.exe
  C:\Windows\System\qjRjwuA.exe
  2⤵
  PID:5400
- C:\Windows\System\fzHrsHo.exe
  C:\Windows\System\fzHrsHo.exe
  2⤵
  PID:5420
- C:\Windows\System\gGJblYt.exe
  C:\Windows\System\gGJblYt.exe
  2⤵
  PID:5436
- C:\Windows\System\DjCSKhz.exe
  C:\Windows\System\DjCSKhz.exe
  2⤵
  PID:5452
- C:\Windows\System\LfCCeDD.exe
  C:\Windows\System\LfCCeDD.exe
  2⤵
  PID:5468
- C:\Windows\System\cjthiAD.exe
  C:\Windows\System\cjthiAD.exe
  2⤵
  PID:5484
- C:\Windows\System\EhOczZR.exe
  C:\Windows\System\EhOczZR.exe
  2⤵
  PID:5500
- C:\Windows\System\yUcqZym.exe
  C:\Windows\System\yUcqZym.exe
  2⤵
  PID:5516
- C:\Windows\System\GfqcAvt.exe
  C:\Windows\System\GfqcAvt.exe
  2⤵
  PID:5532
- C:\Windows\System\DAvqDje.exe
  C:\Windows\System\DAvqDje.exe
  2⤵
  PID:5548
- C:\Windows\System\kWPvWWc.exe
  C:\Windows\System\kWPvWWc.exe
  2⤵
  PID:5564
- C:\Windows\System\BcOxOMA.exe
  C:\Windows\System\BcOxOMA.exe
  2⤵
  PID:5580
- C:\Windows\System\mEVLUpC.exe
  C:\Windows\System\mEVLUpC.exe
  2⤵
  PID:5596
- C:\Windows\System\vrEYKeF.exe
  C:\Windows\System\vrEYKeF.exe
  2⤵
  PID:5612
- C:\Windows\System\APuTUbB.exe
  C:\Windows\System\APuTUbB.exe
  2⤵
  PID:5628
- C:\Windows\System\jNoVFqI.exe
  C:\Windows\System\jNoVFqI.exe
  2⤵
  PID:5644
- C:\Windows\System\GPXoyQu.exe
  C:\Windows\System\GPXoyQu.exe
  2⤵
  PID:5660
- C:\Windows\System\DAJJMBD.exe
  C:\Windows\System\DAJJMBD.exe
  2⤵
  PID:5676
- C:\Windows\System\wxUMTmu.exe
  C:\Windows\System\wxUMTmu.exe
  2⤵
  PID:5692
- C:\Windows\System\eXxrBiy.exe
  C:\Windows\System\eXxrBiy.exe
  2⤵
  PID:5708
- C:\Windows\System\YaBPODa.exe
  C:\Windows\System\YaBPODa.exe
  2⤵
  PID:5724
- C:\Windows\System\btuYSaJ.exe
  C:\Windows\System\btuYSaJ.exe
  2⤵
  PID:5740
- C:\Windows\System\VHqyNPz.exe
  C:\Windows\System\VHqyNPz.exe
  2⤵
  PID:5756
- C:\Windows\System\AMFeqsj.exe
  C:\Windows\System\AMFeqsj.exe
  2⤵
  PID:5772
- C:\Windows\System\dcKFgNH.exe
  C:\Windows\System\dcKFgNH.exe
  2⤵
  PID:5788
- C:\Windows\System\TowuKKN.exe
  C:\Windows\System\TowuKKN.exe
  2⤵
  PID:5804
- C:\Windows\System\TKGzQiJ.exe
  C:\Windows\System\TKGzQiJ.exe
  2⤵
  PID:5820
- C:\Windows\System\qqihqtc.exe
  C:\Windows\System\qqihqtc.exe
  2⤵
  PID:5836
- C:\Windows\System\QQolFqe.exe
  C:\Windows\System\QQolFqe.exe
  2⤵
  PID:5852
- C:\Windows\System\qTPSYAc.exe
  C:\Windows\System\qTPSYAc.exe
  2⤵
  PID:5868
- C:\Windows\System\uIAzVzt.exe
  C:\Windows\System\uIAzVzt.exe
  2⤵
  PID:5884
- C:\Windows\System\fCxmiRJ.exe
  C:\Windows\System\fCxmiRJ.exe
  2⤵
  PID:5900
- C:\Windows\System\vnIqKXk.exe
  C:\Windows\System\vnIqKXk.exe
  2⤵
  PID:5916
- C:\Windows\System\gYELJyq.exe
  C:\Windows\System\gYELJyq.exe
  2⤵
  PID:5932
- C:\Windows\System\yfDBJqF.exe
  C:\Windows\System\yfDBJqF.exe
  2⤵
  PID:5948
- C:\Windows\System\lgSguLO.exe
  C:\Windows\System\lgSguLO.exe
  2⤵
  PID:5964
- C:\Windows\System\pTltUxm.exe
  C:\Windows\System\pTltUxm.exe
  2⤵
  PID:5980
- C:\Windows\System\SZfLAsS.exe
  C:\Windows\System\SZfLAsS.exe
  2⤵
  PID:5996
- C:\Windows\System\NKJjmeK.exe
  C:\Windows\System\NKJjmeK.exe
  2⤵
  PID:6012
- C:\Windows\System\dqCwQda.exe
  C:\Windows\System\dqCwQda.exe
  2⤵
  PID:6028
- C:\Windows\System\PVzfqxR.exe
  C:\Windows\System\PVzfqxR.exe
  2⤵
  PID:6044
- C:\Windows\System\LbIeqGA.exe
  C:\Windows\System\LbIeqGA.exe
  2⤵
  PID:6060
- C:\Windows\System\jONAwoZ.exe
  C:\Windows\System\jONAwoZ.exe
  2⤵
  PID:6076
- C:\Windows\System\iiFySzF.exe
  C:\Windows\System\iiFySzF.exe
  2⤵
  PID:6092
- C:\Windows\System\qgtWRAx.exe
  C:\Windows\System\qgtWRAx.exe
  2⤵
  PID:6108
- C:\Windows\System\hLQvEcn.exe
  C:\Windows\System\hLQvEcn.exe
  2⤵
  PID:6124
- C:\Windows\System\KVnCdGX.exe
  C:\Windows\System\KVnCdGX.exe
  2⤵
  PID:6140
- C:\Windows\System\BKZhCzQ.exe
  C:\Windows\System\BKZhCzQ.exe
  2⤵
  PID:4516
- C:\Windows\System\HNcOAyE.exe
  C:\Windows\System\HNcOAyE.exe
  2⤵
  PID:4600
- C:\Windows\System\mYRzfSf.exe
  C:\Windows\System\mYRzfSf.exe
  2⤵
  PID:4584
- C:\Windows\System\MDDIOSW.exe
  C:\Windows\System\MDDIOSW.exe
  2⤵
  PID:5064
- C:\Windows\System\EnQvZcM.exe
  C:\Windows\System\EnQvZcM.exe
  2⤵
  PID:4920
- C:\Windows\System\Sjlespl.exe
  C:\Windows\System\Sjlespl.exe
  2⤵
  PID:3412
- C:\Windows\System\rOBAdVX.exe
  C:\Windows\System\rOBAdVX.exe
  2⤵
  PID:3196
- C:\Windows\System\WlWBEUj.exe
  C:\Windows\System\WlWBEUj.exe
  2⤵
  PID:4356
- C:\Windows\System\boPFBlO.exe
  C:\Windows\System\boPFBlO.exe
  2⤵
  PID:5136
- C:\Windows\System\jujqfre.exe
  C:\Windows\System\jujqfre.exe
  2⤵
  PID:5168
- C:\Windows\System\BAuLcOt.exe
  C:\Windows\System\BAuLcOt.exe
  2⤵
  PID:5184
- C:\Windows\System\tHyqwgz.exe
  C:\Windows\System\tHyqwgz.exe
  2⤵
  PID:5216
- C:\Windows\System\XVddVlO.exe
  C:\Windows\System\XVddVlO.exe
  2⤵
  PID:5248
- C:\Windows\System\XDdyaLV.exe
  C:\Windows\System\XDdyaLV.exe
  2⤵
  PID:5280
- C:\Windows\System\RPGVmJb.exe
  C:\Windows\System\RPGVmJb.exe
  2⤵
  PID:5328
- C:\Windows\System\lEcmkqN.exe
  C:\Windows\System\lEcmkqN.exe
  2⤵
  PID:5348
- C:\Windows\System\RRtXrii.exe
  C:\Windows\System\RRtXrii.exe
  2⤵
  PID:5392
- C:\Windows\System\ljfdOda.exe
  C:\Windows\System\ljfdOda.exe
  2⤵
  PID:5408
- C:\Windows\System\yXBEgnk.exe
  C:\Windows\System\yXBEgnk.exe
  2⤵
  PID:5460
- C:\Windows\System\hAhKTsy.exe
  C:\Windows\System\hAhKTsy.exe
  2⤵
  PID:5492
- C:\Windows\System\ZcbUdzA.exe
  C:\Windows\System\ZcbUdzA.exe
  2⤵
  PID:5512
- C:\Windows\System\StlrBCk.exe
  C:\Windows\System\StlrBCk.exe
  2⤵
  PID:5556
- C:\Windows\System\MydoBLZ.exe
  C:\Windows\System\MydoBLZ.exe
  2⤵
  PID:5588
- C:\Windows\System\XiAPaYP.exe
  C:\Windows\System\XiAPaYP.exe
  2⤵
  PID:5620
- C:\Windows\System\lXDTSmL.exe
  C:\Windows\System\lXDTSmL.exe
  2⤵
  PID:5652
- C:\Windows\System\BTMaJuW.exe
  C:\Windows\System\BTMaJuW.exe
  2⤵
  PID:5684
- C:\Windows\System\NivRvnv.exe
  C:\Windows\System\NivRvnv.exe
  2⤵
  PID:5700
- C:\Windows\System\cwoxTrg.exe
  C:\Windows\System\cwoxTrg.exe
  2⤵
  PID:5748
- C:\Windows\System\OSaXsLA.exe
  C:\Windows\System\OSaXsLA.exe
  2⤵
  PID:5780
- C:\Windows\System\DxFfVBG.exe
  C:\Windows\System\DxFfVBG.exe
  2⤵
  PID:5812
- C:\Windows\System\hMgkvyl.exe
  C:\Windows\System\hMgkvyl.exe
  2⤵
  PID:5828
- C:\Windows\System\sPErrfm.exe
  C:\Windows\System\sPErrfm.exe
  2⤵
  PID:5876
- C:\Windows\System\LOLJnFU.exe
  C:\Windows\System\LOLJnFU.exe
  2⤵
  PID:5908
- C:\Windows\System\DstSazB.exe
  C:\Windows\System\DstSazB.exe
  2⤵
  PID:5928
- C:\Windows\System\DwnkSrd.exe
  C:\Windows\System\DwnkSrd.exe
  2⤵
  PID:5976
- C:\Windows\System\rdhXDjg.exe
  C:\Windows\System\rdhXDjg.exe
  2⤵
  PID:5992
- C:\Windows\System\PybGbpt.exe
  C:\Windows\System\PybGbpt.exe
  2⤵
  PID:6036
- C:\Windows\System\FQECCQk.exe
  C:\Windows\System\FQECCQk.exe
  2⤵
  PID:6068
- C:\Windows\System\YhecORL.exe
  C:\Windows\System\YhecORL.exe
  2⤵
  PID:6088
- C:\Windows\System\iQYcqwG.exe
  C:\Windows\System\iQYcqwG.exe
  2⤵
  PID:6116
- C:\Windows\System\ExHvkel.exe
  C:\Windows\System\ExHvkel.exe
  2⤵
  PID:4336
- C:\Windows\System\AgXwWvH.exe
  C:\Windows\System\AgXwWvH.exe
  2⤵
  PID:4808
- C:\Windows\System\PaKQtaQ.exe
  C:\Windows\System\PaKQtaQ.exe
  2⤵
  PID:5060
- C:\Windows\System\rUenkhU.exe
  C:\Windows\System\rUenkhU.exe
  2⤵
  PID:1600
- C:\Windows\System\YZvolzE.exe
  C:\Windows\System\YZvolzE.exe
  2⤵
  PID:4272
- C:\Windows\System\qwMajkH.exe
  C:\Windows\System\qwMajkH.exe
  2⤵
  PID:5204
- C:\Windows\System\HKEnggl.exe
  C:\Windows\System\HKEnggl.exe
  2⤵
  PID:5252
- C:\Windows\System\UBjRHOc.exe
  C:\Windows\System\UBjRHOc.exe
  2⤵
  PID:5300
- C:\Windows\System\CZKKIzE.exe
  C:\Windows\System\CZKKIzE.exe
  2⤵
  PID:5396
- C:\Windows\System\KgIZBtx.exe
  C:\Windows\System\KgIZBtx.exe
  2⤵
  PID:5432
- C:\Windows\System\MKRqIIz.exe
  C:\Windows\System\MKRqIIz.exe
  2⤵
  PID:5528
- C:\Windows\System\kfPvNtv.exe
  C:\Windows\System\kfPvNtv.exe
  2⤵
  PID:5592
- C:\Windows\System\xnHaIVJ.exe
  C:\Windows\System\xnHaIVJ.exe
  2⤵
  PID:5656
- C:\Windows\System\NDmIBvD.exe
  C:\Windows\System\NDmIBvD.exe
  2⤵
  PID:5720
- C:\Windows\System\GNaYcpP.exe
  C:\Windows\System\GNaYcpP.exe
  2⤵
  PID:5752
- C:\Windows\System\qFiRbXt.exe
  C:\Windows\System\qFiRbXt.exe
  2⤵
  PID:5800
- C:\Windows\System\Dgakqme.exe
  C:\Windows\System\Dgakqme.exe
  2⤵
  PID:5912
- C:\Windows\System\HTBsijH.exe
  C:\Windows\System\HTBsijH.exe
  2⤵
  PID:5988
- C:\Windows\System\UNCOVyU.exe
  C:\Windows\System\UNCOVyU.exe
  2⤵
  PID:5416
- C:\Windows\System\vltYmCF.exe
  C:\Windows\System\vltYmCF.exe
  2⤵
  PID:6072
- C:\Windows\System\bhYKtPY.exe
  C:\Windows\System\bhYKtPY.exe
  2⤵
  PID:4512
- C:\Windows\System\ScOOmck.exe
  C:\Windows\System\ScOOmck.exe
  2⤵
  PID:4692
- C:\Windows\System\WCEmALv.exe
  C:\Windows\System\WCEmALv.exe
  2⤵
  PID:4132
- C:\Windows\System\MBpFgve.exe
  C:\Windows\System\MBpFgve.exe
  2⤵
  PID:6156
- C:\Windows\System\hVATGwI.exe
  C:\Windows\System\hVATGwI.exe
  2⤵
  PID:6172
- C:\Windows\System\zHAZojq.exe
  C:\Windows\System\zHAZojq.exe
  2⤵
  PID:6188
- C:\Windows\System\jNSEnrB.exe
  C:\Windows\System\jNSEnrB.exe
  2⤵
  PID:6204
- C:\Windows\System\gihrYnF.exe
  C:\Windows\System\gihrYnF.exe
  2⤵
  PID:6220
- C:\Windows\System\ytbcyms.exe
  C:\Windows\System\ytbcyms.exe
  2⤵
  PID:6236
- C:\Windows\System\ArPradf.exe
  C:\Windows\System\ArPradf.exe
  2⤵
  PID:6252
- C:\Windows\System\kLkgeFN.exe
  C:\Windows\System\kLkgeFN.exe
  2⤵
  PID:6268
- C:\Windows\System\wsPBrnr.exe
  C:\Windows\System\wsPBrnr.exe
  2⤵
  PID:6284
- C:\Windows\System\VkaKvvO.exe
  C:\Windows\System\VkaKvvO.exe
  2⤵
  PID:6300
- C:\Windows\System\zNBhQYw.exe
  C:\Windows\System\zNBhQYw.exe
  2⤵
  PID:6316
- C:\Windows\System\lqhOOqv.exe
  C:\Windows\System\lqhOOqv.exe
  2⤵
  PID:6332
- C:\Windows\System\QVQrlIN.exe
  C:\Windows\System\QVQrlIN.exe
  2⤵
  PID:6348
- C:\Windows\System\BVAZqdG.exe
  C:\Windows\System\BVAZqdG.exe
  2⤵
  PID:6364
- C:\Windows\System\EqyTkBA.exe
  C:\Windows\System\EqyTkBA.exe
  2⤵
  PID:6380
- C:\Windows\System\fcAxBVl.exe
  C:\Windows\System\fcAxBVl.exe
  2⤵
  PID:6400
- C:\Windows\System\iAEZiPq.exe
  C:\Windows\System\iAEZiPq.exe
  2⤵
  PID:6416
- C:\Windows\System\NhOVvXx.exe
  C:\Windows\System\NhOVvXx.exe
  2⤵
  PID:6432
- C:\Windows\System\RMOKLAK.exe
  C:\Windows\System\RMOKLAK.exe
  2⤵
  PID:6448
- C:\Windows\System\mflNEPB.exe
  C:\Windows\System\mflNEPB.exe
  2⤵
  PID:6464
- C:\Windows\System\JnCzxTt.exe
  C:\Windows\System\JnCzxTt.exe
  2⤵
  PID:6480
- C:\Windows\System\AiolrkQ.exe
  C:\Windows\System\AiolrkQ.exe
  2⤵
  PID:6496
- C:\Windows\System\GXJsESl.exe
  C:\Windows\System\GXJsESl.exe
  2⤵
  PID:6512
- C:\Windows\System\UrCuOpl.exe
  C:\Windows\System\UrCuOpl.exe
  2⤵
  PID:6528
- C:\Windows\System\EnsHBjK.exe
  C:\Windows\System\EnsHBjK.exe
  2⤵
  PID:6544
- C:\Windows\System\KNdXvoO.exe
  C:\Windows\System\KNdXvoO.exe
  2⤵
  PID:6560
- C:\Windows\System\DQWJQYt.exe
  C:\Windows\System\DQWJQYt.exe
  2⤵
  PID:6576
- C:\Windows\System\NnGJGUV.exe
  C:\Windows\System\NnGJGUV.exe
  2⤵
  PID:6592
- C:\Windows\System\csPKGWw.exe
  C:\Windows\System\csPKGWw.exe
  2⤵
  PID:6608
- C:\Windows\System\ONHYwge.exe
  C:\Windows\System\ONHYwge.exe
  2⤵
  PID:6624
- C:\Windows\System\SYYjiyv.exe
  C:\Windows\System\SYYjiyv.exe
  2⤵
  PID:6640
- C:\Windows\System\LucLbNH.exe
  C:\Windows\System\LucLbNH.exe
  2⤵
  PID:6656
- C:\Windows\System\uGcWrVn.exe
  C:\Windows\System\uGcWrVn.exe
  2⤵
  PID:6672
- C:\Windows\System\wHAqNww.exe
  C:\Windows\System\wHAqNww.exe
  2⤵
  PID:6688
- C:\Windows\System\PyLerOe.exe
  C:\Windows\System\PyLerOe.exe
  2⤵
  PID:6704
- C:\Windows\System\NLDjkef.exe
  C:\Windows\System\NLDjkef.exe
  2⤵
  PID:6720
- C:\Windows\System\xqbwYrF.exe
  C:\Windows\System\xqbwYrF.exe
  2⤵
  PID:6736
- C:\Windows\System\rOGPbef.exe
  C:\Windows\System\rOGPbef.exe
  2⤵
  PID:6752
- C:\Windows\System\zdKNbzn.exe
  C:\Windows\System\zdKNbzn.exe
  2⤵
  PID:6768
- C:\Windows\System\FfjtYLM.exe
  C:\Windows\System\FfjtYLM.exe
  2⤵
  PID:6784
- C:\Windows\System\ohMVvOa.exe
  C:\Windows\System\ohMVvOa.exe
  2⤵
  PID:6800
- C:\Windows\System\GSsRylX.exe
  C:\Windows\System\GSsRylX.exe
  2⤵
  PID:6816
- C:\Windows\System\ypVuSci.exe
  C:\Windows\System\ypVuSci.exe
  2⤵
  PID:6832
- C:\Windows\System\KYfPceV.exe
  C:\Windows\System\KYfPceV.exe
  2⤵
  PID:6848
- C:\Windows\System\BraqiiC.exe
  C:\Windows\System\BraqiiC.exe
  2⤵
  PID:6864
- C:\Windows\System\NlQsmlL.exe
  C:\Windows\System\NlQsmlL.exe
  2⤵
  PID:6880
- C:\Windows\System\ZiyIFnY.exe
  C:\Windows\System\ZiyIFnY.exe
  2⤵
  PID:6896
- C:\Windows\System\jiaVmoU.exe
  C:\Windows\System\jiaVmoU.exe
  2⤵
  PID:6912
- C:\Windows\System\MRAUmnz.exe
  C:\Windows\System\MRAUmnz.exe
  2⤵
  PID:6932
- C:\Windows\System\PjCLSjw.exe
  C:\Windows\System\PjCLSjw.exe
  2⤵
  PID:6948
- C:\Windows\System\eGEDuZh.exe
  C:\Windows\System\eGEDuZh.exe
  2⤵
  PID:6964
- C:\Windows\System\lXwJVHE.exe
  C:\Windows\System\lXwJVHE.exe
  2⤵
  PID:6980
- C:\Windows\System\mUwnrkE.exe
  C:\Windows\System\mUwnrkE.exe
  2⤵
  PID:6996
- C:\Windows\System\JAwBMxO.exe
  C:\Windows\System\JAwBMxO.exe
  2⤵
  PID:7012
- C:\Windows\System\yrmzttR.exe
  C:\Windows\System\yrmzttR.exe
  2⤵
  PID:7028
- C:\Windows\System\CmpvxYy.exe
  C:\Windows\System\CmpvxYy.exe
  2⤵
  PID:7044
- C:\Windows\System\bnxKYdE.exe
  C:\Windows\System\bnxKYdE.exe
  2⤵
  PID:7060
- C:\Windows\System\vlEtOAn.exe
  C:\Windows\System\vlEtOAn.exe
  2⤵
  PID:7076
- C:\Windows\System\XqwSwVg.exe
  C:\Windows\System\XqwSwVg.exe
  2⤵
  PID:7092
- C:\Windows\System\vSWNhQY.exe
  C:\Windows\System\vSWNhQY.exe
  2⤵
  PID:7108
- C:\Windows\System\zdtCRns.exe
  C:\Windows\System\zdtCRns.exe
  2⤵
  PID:7124
- C:\Windows\System\DooYmOG.exe
  C:\Windows\System\DooYmOG.exe
  2⤵
  PID:7140
- C:\Windows\System\HwyXDqE.exe
  C:\Windows\System\HwyXDqE.exe
  2⤵
  PID:7156
- C:\Windows\System\SfJXKCj.exe
  C:\Windows\System\SfJXKCj.exe
  2⤵
  PID:5188
- C:\Windows\System\UzPxrJZ.exe
  C:\Windows\System\UzPxrJZ.exe
  2⤵
  PID:5344
- C:\Windows\System\YbsFRWF.exe
  C:\Windows\System\YbsFRWF.exe
  2⤵
  PID:5476
- C:\Windows\System\TWVurrD.exe
  C:\Windows\System\TWVurrD.exe
  2⤵
  PID:5604
- C:\Windows\System\FemRzAP.exe
  C:\Windows\System\FemRzAP.exe
  2⤵
  PID:5732
- C:\Windows\System\EOHfwGs.exe
  C:\Windows\System\EOHfwGs.exe
  2⤵
  PID:5924
- C:\Windows\System\oftUprf.exe
  C:\Windows\System\oftUprf.exe
  2⤵
  PID:6004
- C:\Windows\System\XmUowmC.exe
  C:\Windows\System\XmUowmC.exe
  2⤵
  PID:6132
- C:\Windows\System\UBfvJtl.exe
  C:\Windows\System\UBfvJtl.exe
  2⤵
  PID:5076
- C:\Windows\System\fGDNdkr.exe
  C:\Windows\System\fGDNdkr.exe
  2⤵
  PID:6164
- C:\Windows\System\tlVsFCz.exe
  C:\Windows\System\tlVsFCz.exe
  2⤵
  PID:6196
- C:\Windows\System\rJnmfFM.exe
  C:\Windows\System\rJnmfFM.exe
  2⤵
  PID:6228
- C:\Windows\System\OsnQxDW.exe
  C:\Windows\System\OsnQxDW.exe
  2⤵
  PID:6260
- C:\Windows\System\XhbPwzr.exe
  C:\Windows\System\XhbPwzr.exe
  2⤵
  PID:2416
- C:\Windows\System\CSnuvTg.exe
  C:\Windows\System\CSnuvTg.exe
  2⤵
  PID:6312
- C:\Windows\System\VEJURFn.exe
  C:\Windows\System\VEJURFn.exe
  2⤵
  PID:6328
- C:\Windows\System\lTKvygq.exe
  C:\Windows\System\lTKvygq.exe
  2⤵
  PID:6376
- C:\Windows\System\lojrdEf.exe
  C:\Windows\System\lojrdEf.exe
  2⤵
  PID:6412
- C:\Windows\System\bdVznCF.exe
  C:\Windows\System\bdVznCF.exe
  2⤵
  PID:6444
- C:\Windows\System\UKJEgaK.exe
  C:\Windows\System\UKJEgaK.exe
  2⤵
  PID:6476
- C:\Windows\System\UGzOMBj.exe
  C:\Windows\System\UGzOMBj.exe
  2⤵
  PID:6508
- C:\Windows\System\VLfumRA.exe
  C:\Windows\System\VLfumRA.exe
  2⤵
  PID:6540
- C:\Windows\System\FZafuwj.exe
  C:\Windows\System\FZafuwj.exe
  2⤵
  PID:6572
- C:\Windows\System\FnBRSHj.exe
  C:\Windows\System\FnBRSHj.exe
  2⤵
  PID:6604
- C:\Windows\System\IRrmtir.exe
  C:\Windows\System\IRrmtir.exe
  2⤵
  PID:6636
- C:\Windows\System\DTiTHEd.exe
  C:\Windows\System\DTiTHEd.exe
  2⤵
  PID:6668
- C:\Windows\System\BVccAyV.exe
  C:\Windows\System\BVccAyV.exe
  2⤵
  PID:6700
- C:\Windows\System\RiybRNj.exe
  C:\Windows\System\RiybRNj.exe
  2⤵
  PID:6732
- C:\Windows\System\mcscibk.exe
  C:\Windows\System\mcscibk.exe
  2⤵
  PID:6764
- C:\Windows\System\IZZtOdd.exe
  C:\Windows\System\IZZtOdd.exe
  2⤵
  PID:6796
- C:\Windows\System\ilhXxpn.exe
  C:\Windows\System\ilhXxpn.exe
  2⤵
  PID:6828
- C:\Windows\System\ynNoqVZ.exe
  C:\Windows\System\ynNoqVZ.exe
  2⤵
  PID:6860
- C:\Windows\System\dJyLoDz.exe
  C:\Windows\System\dJyLoDz.exe
  2⤵
  PID:6892
- C:\Windows\System\hciCqrp.exe
  C:\Windows\System\hciCqrp.exe
  2⤵
  PID:6924
- C:\Windows\System\nuEWawZ.exe
  C:\Windows\System\nuEWawZ.exe
  2⤵
  PID:6960
- C:\Windows\System\LGKIbIW.exe
  C:\Windows\System\LGKIbIW.exe
  2⤵
  PID:6992
- C:\Windows\System\cyGOFOt.exe
  C:\Windows\System\cyGOFOt.exe
  2⤵
  PID:7008
- C:\Windows\System\rcKwfTl.exe
  C:\Windows\System\rcKwfTl.exe
  2⤵
  PID:7056
- C:\Windows\System\XfZmATE.exe
  C:\Windows\System\XfZmATE.exe
  2⤵
  PID:7088
- C:\Windows\System\nuWEnOu.exe
  C:\Windows\System\nuWEnOu.exe
  2⤵
  PID:7120
- C:\Windows\System\CahpUEv.exe
  C:\Windows\System\CahpUEv.exe
  2⤵
  PID:7152
- C:\Windows\System\UMTTbBX.exe
  C:\Windows\System\UMTTbBX.exe
  2⤵
  PID:5332
- C:\Windows\System\gFUXXpO.exe
  C:\Windows\System\gFUXXpO.exe
  2⤵
  PID:5496
- C:\Windows\System\HUfSLwE.exe
  C:\Windows\System\HUfSLwE.exe
  2⤵
  PID:5624
- C:\Windows\System\JFSSGAO.exe
  C:\Windows\System\JFSSGAO.exe
  2⤵
  PID:5956
- C:\Windows\System\AfbueyT.exe
  C:\Windows\System\AfbueyT.exe
  2⤵
  PID:4628
- C:\Windows\System\OzaHxlo.exe
  C:\Windows\System\OzaHxlo.exe
  2⤵
  PID:6168
- C:\Windows\System\GgTRyPK.exe
  C:\Windows\System\GgTRyPK.exe
  2⤵
  PID:6248
- C:\Windows\System\KHMPFHT.exe
  C:\Windows\System\KHMPFHT.exe
  2⤵
  PID:6296
- C:\Windows\System\NIxCPlz.exe
  C:\Windows\System\NIxCPlz.exe
  2⤵
  PID:6372
- C:\Windows\System\lQRzPYN.exe
  C:\Windows\System\lQRzPYN.exe
  2⤵
  PID:6428
- C:\Windows\System\gYiGVVg.exe
  C:\Windows\System\gYiGVVg.exe
  2⤵
  PID:6504
- C:\Windows\System\svSILLO.exe
  C:\Windows\System\svSILLO.exe
  2⤵
  PID:6568
- C:\Windows\System\gLqpeKA.exe
  C:\Windows\System\gLqpeKA.exe
  2⤵
  PID:6620
- C:\Windows\System\ppTfioC.exe
  C:\Windows\System\ppTfioC.exe
  2⤵
  PID:6696
- C:\Windows\System\ONtyxFP.exe
  C:\Windows\System\ONtyxFP.exe
  2⤵
  PID:6760
- C:\Windows\System\WUlEoPo.exe
  C:\Windows\System\WUlEoPo.exe
  2⤵
  PID:6840
- C:\Windows\System\bxHYcMr.exe
  C:\Windows\System\bxHYcMr.exe
  2⤵
  PID:6920
- C:\Windows\System\YpxNffo.exe
  C:\Windows\System\YpxNffo.exe
  2⤵
  PID:6908
- C:\Windows\System\DvHvANn.exe
  C:\Windows\System\DvHvANn.exe
  2⤵
  PID:6940
- C:\Windows\System\zytNIUJ.exe
  C:\Windows\System\zytNIUJ.exe
  2⤵
  PID:7024
- C:\Windows\System\ifzWmDh.exe
  C:\Windows\System\ifzWmDh.exe
  2⤵
  PID:7068
- C:\Windows\System\vJoUEgy.exe
  C:\Windows\System\vJoUEgy.exe
  2⤵
  PID:7132
- C:\Windows\System\qeMTfWg.exe
  C:\Windows\System\qeMTfWg.exe
  2⤵
  PID:3840
- C:\Windows\System\FJHPWPJ.exe
  C:\Windows\System\FJHPWPJ.exe
  2⤵
  PID:5880
- C:\Windows\System\WZvIqAd.exe
  C:\Windows\System\WZvIqAd.exe
  2⤵
  PID:6280
- C:\Windows\System\TgAAkZy.exe
  C:\Windows\System\TgAAkZy.exe
  2⤵
  PID:6340
- C:\Windows\System\jizNnnW.exe
  C:\Windows\System\jizNnnW.exe
  2⤵
  PID:6292
- C:\Windows\System\eaQGGrq.exe
  C:\Windows\System\eaQGGrq.exe
  2⤵
  PID:6472
- C:\Windows\System\cfyGpNB.exe
  C:\Windows\System\cfyGpNB.exe
  2⤵
  PID:6600
- C:\Windows\System\GXNvNLl.exe
  C:\Windows\System\GXNvNLl.exe
  2⤵
  PID:6652
- C:\Windows\System\LkTOmIK.exe
  C:\Windows\System\LkTOmIK.exe
  2⤵
  PID:6780
- C:\Windows\System\JJvTKfH.exe
  C:\Windows\System\JJvTKfH.exe
  2⤵
  PID:6876
- C:\Windows\System\wzKIvlY.exe
  C:\Windows\System\wzKIvlY.exe
  2⤵
  PID:3864
- C:\Windows\System\DsldmPB.exe
  C:\Windows\System\DsldmPB.exe
  2⤵
  PID:7020
- C:\Windows\System\HOuhPsL.exe
  C:\Windows\System\HOuhPsL.exe
  2⤵
  PID:4496
- C:\Windows\System\kRsrnVJ.exe
  C:\Windows\System\kRsrnVJ.exe
  2⤵
  PID:5364
- C:\Windows\System\BhaUhcq.exe
  C:\Windows\System\BhaUhcq.exe
  2⤵
  PID:7180
- C:\Windows\System\TgwCLVt.exe
  C:\Windows\System\TgwCLVt.exe
  2⤵
  PID:7196
- C:\Windows\System\ZdbSitg.exe
  C:\Windows\System\ZdbSitg.exe
  2⤵
  PID:7212
- C:\Windows\System\rnJfkDW.exe
  C:\Windows\System\rnJfkDW.exe
  2⤵
  PID:7228
- C:\Windows\System\JStCSiF.exe
  C:\Windows\System\JStCSiF.exe
  2⤵
  PID:7244
- C:\Windows\System\aoLeuVG.exe
  C:\Windows\System\aoLeuVG.exe
  2⤵
  PID:7260
- C:\Windows\System\rJsxMQY.exe
  C:\Windows\System\rJsxMQY.exe
  2⤵
  PID:7276
- C:\Windows\System\szgrrAl.exe
  C:\Windows\System\szgrrAl.exe
  2⤵
  PID:7292
- C:\Windows\System\UANrsfE.exe
  C:\Windows\System\UANrsfE.exe
  2⤵
  PID:7308
- C:\Windows\System\nZdcCzM.exe
  C:\Windows\System\nZdcCzM.exe
  2⤵
  PID:7324
- C:\Windows\System\ZvbOrOm.exe
  C:\Windows\System\ZvbOrOm.exe
  2⤵
  PID:7340
- C:\Windows\System\fPFhdrB.exe
  C:\Windows\System\fPFhdrB.exe
  2⤵
  PID:7356
- C:\Windows\System\zlLiNmt.exe
  C:\Windows\System\zlLiNmt.exe
  2⤵
  PID:7372
- C:\Windows\System\RtrxIeo.exe
  C:\Windows\System\RtrxIeo.exe
  2⤵
  PID:7388
- C:\Windows\System\mluOvZM.exe
  C:\Windows\System\mluOvZM.exe
  2⤵
  PID:7404
- C:\Windows\System\pLkQpbU.exe
  C:\Windows\System\pLkQpbU.exe
  2⤵
  PID:7420
- C:\Windows\System\nLpbMSm.exe
  C:\Windows\System\nLpbMSm.exe
  2⤵
  PID:7436
- C:\Windows\System\ifYBgwS.exe
  C:\Windows\System\ifYBgwS.exe
  2⤵
  PID:7452
- C:\Windows\System\EdgoGNc.exe
  C:\Windows\System\EdgoGNc.exe
  2⤵
  PID:7468
- C:\Windows\System\ftAqWgr.exe
  C:\Windows\System\ftAqWgr.exe
  2⤵
  PID:7484
- C:\Windows\System\xyolEjf.exe
  C:\Windows\System\xyolEjf.exe
  2⤵
  PID:7500
- C:\Windows\System\opfCfSL.exe
  C:\Windows\System\opfCfSL.exe
  2⤵
  PID:7516
- C:\Windows\System\jvWYDVh.exe
  C:\Windows\System\jvWYDVh.exe
  2⤵
  PID:7532
- C:\Windows\System\NbUFynl.exe
  C:\Windows\System\NbUFynl.exe
  2⤵
  PID:7548
- C:\Windows\System\QIxGThA.exe
  C:\Windows\System\QIxGThA.exe
  2⤵
  PID:7564
- C:\Windows\System\iVVzfjL.exe
  C:\Windows\System\iVVzfjL.exe
  2⤵
  PID:7580
- C:\Windows\System\MNREKHB.exe
  C:\Windows\System\MNREKHB.exe
  2⤵
  PID:7596
- C:\Windows\System\iqXmiYR.exe
  C:\Windows\System\iqXmiYR.exe
  2⤵
  PID:7612
- C:\Windows\System\yvdVipQ.exe
  C:\Windows\System\yvdVipQ.exe
  2⤵
  PID:7628
- C:\Windows\System\tUOERhq.exe
  C:\Windows\System\tUOERhq.exe
  2⤵
  PID:7644
- C:\Windows\System\BPylKnY.exe
  C:\Windows\System\BPylKnY.exe
  2⤵
  PID:7660
- C:\Windows\System\bOQNoXP.exe
  C:\Windows\System\bOQNoXP.exe
  2⤵
  PID:7676
- C:\Windows\System\OstFMeO.exe
  C:\Windows\System\OstFMeO.exe
  2⤵
  PID:7692
- C:\Windows\System\rFljtgZ.exe
  C:\Windows\System\rFljtgZ.exe
  2⤵
  PID:7708
- C:\Windows\System\UVGzPgd.exe
  C:\Windows\System\UVGzPgd.exe
  2⤵
  PID:7724
- C:\Windows\System\GqbqCZo.exe
  C:\Windows\System\GqbqCZo.exe
  2⤵
  PID:7740
- C:\Windows\System\kugJNob.exe
  C:\Windows\System\kugJNob.exe
  2⤵
  PID:7756
- C:\Windows\System\dNLowVu.exe
  C:\Windows\System\dNLowVu.exe
  2⤵
  PID:7772
- C:\Windows\System\vAEsRzZ.exe
  C:\Windows\System\vAEsRzZ.exe
  2⤵
  PID:7788
- C:\Windows\System\oeiHYxk.exe
  C:\Windows\System\oeiHYxk.exe
  2⤵
  PID:7804
- C:\Windows\System\xzVBzjW.exe
  C:\Windows\System\xzVBzjW.exe
  2⤵
  PID:7820
- C:\Windows\System\gzSvBrp.exe
  C:\Windows\System\gzSvBrp.exe
  2⤵
  PID:7836
- C:\Windows\System\GOyRFSS.exe
  C:\Windows\System\GOyRFSS.exe
  2⤵
  PID:7852
- C:\Windows\System\RfFDttp.exe
  C:\Windows\System\RfFDttp.exe
  2⤵
  PID:7868
- C:\Windows\System\cBkSfZM.exe
  C:\Windows\System\cBkSfZM.exe
  2⤵
  PID:7884
- C:\Windows\System\rZRSHDC.exe
  C:\Windows\System\rZRSHDC.exe
  2⤵
  PID:7900
- C:\Windows\System\eFMNVth.exe
  C:\Windows\System\eFMNVth.exe
  2⤵
  PID:7916
- C:\Windows\System\NFLVDEX.exe
  C:\Windows\System\NFLVDEX.exe
  2⤵
  PID:7932
- C:\Windows\System\NyMIdyk.exe
  C:\Windows\System\NyMIdyk.exe
  2⤵
  PID:7948
- C:\Windows\System\vfgCzVp.exe
  C:\Windows\System\vfgCzVp.exe
  2⤵
  PID:7964
- C:\Windows\System\jMRgTOA.exe
  C:\Windows\System\jMRgTOA.exe
  2⤵
  PID:7980
- C:\Windows\System\BjBBfgp.exe
  C:\Windows\System\BjBBfgp.exe
  2⤵
  PID:7996
- C:\Windows\System\yqdokgq.exe
  C:\Windows\System\yqdokgq.exe
  2⤵
  PID:8012
- C:\Windows\System\REiGvdk.exe
  C:\Windows\System\REiGvdk.exe
  2⤵
  PID:8028
- C:\Windows\System\nXteQFo.exe
  C:\Windows\System\nXteQFo.exe
  2⤵
  PID:8044
- C:\Windows\System\HFBnFSx.exe
  C:\Windows\System\HFBnFSx.exe
  2⤵
  PID:8060
- C:\Windows\System\TkuzhfJ.exe
  C:\Windows\System\TkuzhfJ.exe
  2⤵
  PID:8076
- C:\Windows\System\TkJPfKx.exe
  C:\Windows\System\TkJPfKx.exe
  2⤵
  PID:8096
- C:\Windows\System\hlGvMri.exe
  C:\Windows\System\hlGvMri.exe
  2⤵
  PID:8116
- C:\Windows\System\VCQOQZc.exe
  C:\Windows\System\VCQOQZc.exe
  2⤵
  PID:8132
- C:\Windows\System\aTDQxwO.exe
  C:\Windows\System\aTDQxwO.exe
  2⤵
  PID:8148
- C:\Windows\System\OqZzjQT.exe
  C:\Windows\System\OqZzjQT.exe
  2⤵
  PID:8164
- C:\Windows\System\mMNOszI.exe
  C:\Windows\System\mMNOszI.exe
  2⤵
  PID:8180
- C:\Windows\System\xAzeoVJ.exe
  C:\Windows\System\xAzeoVJ.exe
  2⤵
  PID:3812
- C:\Windows\System\fbKUruF.exe
  C:\Windows\System\fbKUruF.exe
  2⤵
  PID:3828
- C:\Windows\System\fbVQoqY.exe
  C:\Windows\System\fbVQoqY.exe
  2⤵
  PID:6664
- C:\Windows\System\qGwHXjp.exe
  C:\Windows\System\qGwHXjp.exe
  2⤵
  PID:6792
- C:\Windows\System\UQgijsM.exe
  C:\Windows\System\UQgijsM.exe
  2⤵
  PID:7116
- C:\Windows\System\rMxkYqk.exe
  C:\Windows\System\rMxkYqk.exe
  2⤵
  PID:5688
- C:\Windows\System\vGMwRJX.exe
  C:\Windows\System\vGMwRJX.exe
  2⤵
  PID:7104
- C:\Windows\System\BRUAtcs.exe
  C:\Windows\System\BRUAtcs.exe
  2⤵
  PID:7176
- C:\Windows\System\RgccSrj.exe
  C:\Windows\System\RgccSrj.exe
  2⤵
  PID:7236
- C:\Windows\System\zmUfLEE.exe
  C:\Windows\System\zmUfLEE.exe
  2⤵
  PID:7268
- C:\Windows\System\QmonEpY.exe
  C:\Windows\System\QmonEpY.exe
  2⤵
  PID:7272
- C:\Windows\System\mKkgNdZ.exe
  C:\Windows\System\mKkgNdZ.exe
  2⤵
  PID:7284
- C:\Windows\System\ibstOKo.exe
  C:\Windows\System\ibstOKo.exe
  2⤵
  PID:7320
- C:\Windows\System\NTDGzJa.exe
  C:\Windows\System\NTDGzJa.exe
  2⤵
  PID:7396
- C:\Windows\System\XYwJoXQ.exe
  C:\Windows\System\XYwJoXQ.exe
  2⤵
  PID:7412
- C:\Windows\System\HuiMvpf.exe
  C:\Windows\System\HuiMvpf.exe
  2⤵
  PID:7444
- C:\Windows\System\WmvUDzk.exe
  C:\Windows\System\WmvUDzk.exe
  2⤵
  PID:7464
- C:\Windows\System\xylGILF.exe
  C:\Windows\System\xylGILF.exe
  2⤵
  PID:7480
- C:\Windows\System\lFnUVrw.exe
  C:\Windows\System\lFnUVrw.exe
  2⤵
  PID:7524
- C:\Windows\System\bSPdtxD.exe
  C:\Windows\System\bSPdtxD.exe
  2⤵
  PID:7556
- C:\Windows\System\ATanmUt.exe
  C:\Windows\System\ATanmUt.exe
  2⤵
  PID:2828
- C:\Windows\System\EuvFrgu.exe
  C:\Windows\System\EuvFrgu.exe
  2⤵
  PID:7624
- C:\Windows\System\eboPIBi.exe
  C:\Windows\System\eboPIBi.exe
  2⤵
  PID:7636
- C:\Windows\System\SgSniJi.exe
  C:\Windows\System\SgSniJi.exe
  2⤵
  PID:7688
- C:\Windows\System\wsZIvJd.exe
  C:\Windows\System\wsZIvJd.exe
  2⤵
  PID:3904
- C:\Windows\System\pEhpZnR.exe
  C:\Windows\System\pEhpZnR.exe
  2⤵
  PID:3832
- C:\Windows\System\dUZSAmw.exe
  C:\Windows\System\dUZSAmw.exe
  2⤵
  PID:7748
- C:\Windows\System\zkCLOQK.exe
  C:\Windows\System\zkCLOQK.exe
  2⤵
  PID:7764
- C:\Windows\System\qPKKZrF.exe
  C:\Windows\System\qPKKZrF.exe
  2⤵
  PID:7768
- C:\Windows\System\pkCnCuG.exe
  C:\Windows\System\pkCnCuG.exe
  2⤵
  PID:7816
- C:\Windows\System\nyjqdgG.exe
  C:\Windows\System\nyjqdgG.exe
  2⤵
  PID:2896
- C:\Windows\System\CUitehr.exe
  C:\Windows\System\CUitehr.exe
  2⤵
  PID:2708
- C:\Windows\System\yFoMtHS.exe
  C:\Windows\System\yFoMtHS.exe
  2⤵
  PID:7924
- C:\Windows\System\cfPyzQj.exe
  C:\Windows\System\cfPyzQj.exe
  2⤵
  PID:7960
- C:\Windows\System\rtUiPXH.exe
  C:\Windows\System\rtUiPXH.exe
  2⤵
  PID:8004
- C:\Windows\System\MocYPuE.exe
  C:\Windows\System\MocYPuE.exe
  2⤵
  PID:8024
- C:\Windows\System\FtzPQKH.exe
  C:\Windows\System\FtzPQKH.exe
  2⤵
  PID:2652
- C:\Windows\System\NEpQmIc.exe
  C:\Windows\System\NEpQmIc.exe
  2⤵
  PID:2812
- C:\Windows\System\TguAsUv.exe
  C:\Windows\System\TguAsUv.exe
  2⤵
  PID:8140
- C:\Windows\System\xxykntB.exe
  C:\Windows\System\xxykntB.exe
  2⤵
  PID:8172
- C:\Windows\System\CtxyAPH.exe
  C:\Windows\System\CtxyAPH.exe
  2⤵
  PID:6200
- C:\Windows\System\qTUYdIy.exe
  C:\Windows\System\qTUYdIy.exe
  2⤵
  PID:6928
- C:\Windows\System\nbRVepq.exe
  C:\Windows\System\nbRVepq.exe
  2⤵
  PID:6524
- C:\Windows\System\hLilUUS.exe
  C:\Windows\System\hLilUUS.exe
  2⤵
  PID:3868
- C:\Windows\System\zUqVUGQ.exe
  C:\Windows\System\zUqVUGQ.exe
  2⤵
  PID:7192
- C:\Windows\System\jkToTSx.exe
  C:\Windows\System\jkToTSx.exe
  2⤵
  PID:7304
- C:\Windows\System\MEwfPwA.exe
  C:\Windows\System\MEwfPwA.exe
  2⤵
  PID:6976
- C:\Windows\System\hUNKIUJ.exe
  C:\Windows\System\hUNKIUJ.exe
  2⤵
  PID:2396
- C:\Windows\System\cnnxZRZ.exe
  C:\Windows\System\cnnxZRZ.exe
  2⤵
  PID:1328
- C:\Windows\System\MRLUZFr.exe
  C:\Windows\System\MRLUZFr.exe
  2⤵
  PID:2492
- C:\Windows\System\qmayJOS.exe
  C:\Windows\System\qmayJOS.exe
  2⤵
  PID:956
- C:\Windows\System\xUJYOzO.exe
  C:\Windows\System\xUJYOzO.exe
  2⤵
  PID:1956
- C:\Windows\System\AzIlGsh.exe
  C:\Windows\System\AzIlGsh.exe
  2⤵
  PID:2252
- C:\Windows\System\PCiAjmX.exe
  C:\Windows\System\PCiAjmX.exe
  2⤵
  PID:7416
- C:\Windows\System\woWVpWz.exe
  C:\Windows\System\woWVpWz.exe
  2⤵
  PID:2792
- C:\Windows\System\CKbaoDJ.exe
  C:\Windows\System\CKbaoDJ.exe
  2⤵
  PID:3916
- C:\Windows\System\zohgULO.exe
  C:\Windows\System\zohgULO.exe
  2⤵
  PID:7560
- C:\Windows\System\KoymVkL.exe
  C:\Windows\System\KoymVkL.exe
  2⤵
  PID:7668
- C:\Windows\System\UuaZyRw.exe
  C:\Windows\System\UuaZyRw.exe
  2⤵
  PID:7720
- C:\Windows\System\timUZXK.exe
  C:\Windows\System\timUZXK.exe
  2⤵
  PID:7800
- C:\Windows\System\MLdrAWs.exe
  C:\Windows\System\MLdrAWs.exe
  2⤵
  PID:7684
- C:\Windows\System\aiHoOYA.exe
  C:\Windows\System\aiHoOYA.exe
  2⤵
  PID:3920
- C:\Windows\System\bzzFofp.exe
  C:\Windows\System\bzzFofp.exe
  2⤵
  PID:7828
- C:\Windows\System\YLZCnZN.exe
  C:\Windows\System\YLZCnZN.exe
  2⤵
  PID:7860
- C:\Windows\System\PHltCWF.exe
  C:\Windows\System\PHltCWF.exe
  2⤵
  PID:1944
- C:\Windows\System\oWTyPai.exe
  C:\Windows\System\oWTyPai.exe
  2⤵
  PID:8020
- C:\Windows\System\zniznmu.exe
  C:\Windows\System\zniznmu.exe
  2⤵
  PID:8052
- C:\Windows\System\JNDFbJy.exe
  C:\Windows\System\JNDFbJy.exe
  2⤵
  PID:8036
- C:\Windows\System\teEaRxZ.exe
  C:\Windows\System\teEaRxZ.exe
  2⤵
  PID:8128
- C:\Windows\System\yZQPcvk.exe
  C:\Windows\System\yZQPcvk.exe
  2⤵
  PID:2656
- C:\Windows\System\ZbTDvHR.exe
  C:\Windows\System\ZbTDvHR.exe
  2⤵
  PID:3816
- C:\Windows\System\zrxRIPY.exe
  C:\Windows\System\zrxRIPY.exe
  2⤵
  PID:6812
- C:\Windows\System\kcWiYYP.exe
  C:\Windows\System\kcWiYYP.exe
  2⤵
  PID:7220
- C:\Windows\System\yyXckUm.exe
  C:\Windows\System\yyXckUm.exe
  2⤵
  PID:7348
- C:\Windows\System\NQUYAyb.exe
  C:\Windows\System\NQUYAyb.exe
  2⤵
  PID:2328
- C:\Windows\System\tEftumt.exe
  C:\Windows\System\tEftumt.exe
  2⤵
  PID:7364
- C:\Windows\System\lUXneJD.exe
  C:\Windows\System\lUXneJD.exe
  2⤵
  PID:3896
- C:\Windows\System\IsqLEVf.exe
  C:\Windows\System\IsqLEVf.exe
  2⤵
  PID:3900
- C:\Windows\System\KnICDNB.exe
  C:\Windows\System\KnICDNB.exe
  2⤵
  PID:2848
- C:\Windows\System\cHzsZLx.exe
  C:\Windows\System\cHzsZLx.exe
  2⤵
  PID:7620
- C:\Windows\System\ojsItBI.exe
  C:\Windows\System\ojsItBI.exe
  2⤵
  PID:7380
- C:\Windows\System\AuSzFny.exe
  C:\Windows\System\AuSzFny.exe
  2⤵
  PID:2796
- C:\Windows\System\gtiVThB.exe
  C:\Windows\System\gtiVThB.exe
  2⤵
  PID:7896
- C:\Windows\System\cesmxXK.exe
  C:\Windows\System\cesmxXK.exe
  2⤵
  PID:8088
- C:\Windows\System\YxdyMXl.exe
  C:\Windows\System\YxdyMXl.exe
  2⤵
  PID:2984
- C:\Windows\System\MSOZIay.exe
  C:\Windows\System\MSOZIay.exe
  2⤵
  PID:2784
- C:\Windows\System\yDIwwgh.exe
  C:\Windows\System\yDIwwgh.exe
  2⤵
  PID:8156
- C:\Windows\System\BDbTmwS.exe
  C:\Windows\System\BDbTmwS.exe
  2⤵
  PID:8068
- C:\Windows\System\gIYDMwh.exe
  C:\Windows\System\gIYDMwh.exe
  2⤵
  PID:8124
- C:\Windows\System\NaGPdrh.exe
  C:\Windows\System\NaGPdrh.exe
  2⤵
  PID:2156
- C:\Windows\System\UhSIiAl.exe
  C:\Windows\System\UhSIiAl.exe
  2⤵
  PID:2744
- C:\Windows\System\PCuPRXD.exe
  C:\Windows\System\PCuPRXD.exe
  2⤵
  PID:7384
- C:\Windows\System\ZqhAdmE.exe
  C:\Windows\System\ZqhAdmE.exe
  2⤵
  PID:2460
- C:\Windows\System\CtRRRUw.exe
  C:\Windows\System\CtRRRUw.exe
  2⤵
  PID:7848
- C:\Windows\System\bniUuPL.exe
  C:\Windows\System\bniUuPL.exe
  2⤵
  PID:7944
- C:\Windows\System\elaEYqJ.exe
  C:\Windows\System\elaEYqJ.exe
  2⤵
  PID:2820
- C:\Windows\System\THMDaYc.exe
  C:\Windows\System\THMDaYc.exe
  2⤵
  PID:8092
- C:\Windows\System\JeWhHOc.exe
  C:\Windows\System\JeWhHOc.exe
  2⤵
  PID:1620
- C:\Windows\System\zCIvnlR.exe
  C:\Windows\System\zCIvnlR.exe
  2⤵
  PID:7576
- C:\Windows\System\VLwGfFo.exe
  C:\Windows\System\VLwGfFo.exe
  2⤵
  PID:2148
- C:\Windows\System\rSQLQmN.exe
  C:\Windows\System\rSQLQmN.exe
  2⤵
  PID:2624
- C:\Windows\System\HsBTrFe.exe
  C:\Windows\System\HsBTrFe.exe
  2⤵
  PID:8196
- C:\Windows\System\uTdVAMJ.exe
  C:\Windows\System\uTdVAMJ.exe
  2⤵
  PID:8212
- C:\Windows\System\fHRiKWg.exe
  C:\Windows\System\fHRiKWg.exe
  2⤵
  PID:8228
- C:\Windows\System\OzLmVzr.exe
  C:\Windows\System\OzLmVzr.exe
  2⤵
  PID:8244
- C:\Windows\System\jxfkZTe.exe
  C:\Windows\System\jxfkZTe.exe
  2⤵
  PID:8260
- C:\Windows\System\ushdZCG.exe
  C:\Windows\System\ushdZCG.exe
  2⤵
  PID:8276
- C:\Windows\System\VSBsPzG.exe
  C:\Windows\System\VSBsPzG.exe
  2⤵
  PID:8292
- C:\Windows\System\OpoAETC.exe
  C:\Windows\System\OpoAETC.exe
  2⤵
  PID:8308
- C:\Windows\System\TzQeipe.exe
  C:\Windows\System\TzQeipe.exe
  2⤵
  PID:8324
- C:\Windows\System\mxpcWjL.exe
  C:\Windows\System\mxpcWjL.exe
  2⤵
  PID:8340
- C:\Windows\System\XwyBAGM.exe
  C:\Windows\System\XwyBAGM.exe
  2⤵
  PID:8356
- C:\Windows\System\lgOtPwI.exe
  C:\Windows\System\lgOtPwI.exe
  2⤵
  PID:8372
- C:\Windows\System\OaynHKw.exe
  C:\Windows\System\OaynHKw.exe
  2⤵
  PID:8388
- C:\Windows\System\JyklUlq.exe
  C:\Windows\System\JyklUlq.exe
  2⤵
  PID:8404
- C:\Windows\System\VoXtxCQ.exe
  C:\Windows\System\VoXtxCQ.exe
  2⤵
  PID:8420
- C:\Windows\System\ysTrzfq.exe
  C:\Windows\System\ysTrzfq.exe
  2⤵
  PID:8436
- C:\Windows\System\eGiYkAJ.exe
  C:\Windows\System\eGiYkAJ.exe
  2⤵
  PID:8452
- C:\Windows\System\pyVAvIP.exe
  C:\Windows\System\pyVAvIP.exe
  2⤵
  PID:8468
- C:\Windows\System\stnrpsU.exe
  C:\Windows\System\stnrpsU.exe
  2⤵
  PID:8484
- C:\Windows\System\oxUdiBD.exe
  C:\Windows\System\oxUdiBD.exe
  2⤵
  PID:8500
- C:\Windows\System\cozvMYU.exe
  C:\Windows\System\cozvMYU.exe
  2⤵
  PID:8516
- C:\Windows\System\cpPaHzO.exe
  C:\Windows\System\cpPaHzO.exe
  2⤵
  PID:8532
- C:\Windows\System\Oheudco.exe
  C:\Windows\System\Oheudco.exe
  2⤵
  PID:8548
- C:\Windows\System\jqzOJWr.exe
  C:\Windows\System\jqzOJWr.exe
  2⤵
  PID:8564
- C:\Windows\System\wFZRjJv.exe
  C:\Windows\System\wFZRjJv.exe
  2⤵
  PID:8580
- C:\Windows\System\qsMPALs.exe
  C:\Windows\System\qsMPALs.exe
  2⤵
  PID:8596
- C:\Windows\System\TXKrMNr.exe
  C:\Windows\System\TXKrMNr.exe
  2⤵
  PID:8612
- C:\Windows\System\WBVILjX.exe
  C:\Windows\System\WBVILjX.exe
  2⤵
  PID:8628
- C:\Windows\System\xaYOABJ.exe
  C:\Windows\System\xaYOABJ.exe
  2⤵
  PID:8644
- C:\Windows\System\rdYVvyn.exe
  C:\Windows\System\rdYVvyn.exe
  2⤵
  PID:8660
- C:\Windows\System\lURrXtY.exe
  C:\Windows\System\lURrXtY.exe
  2⤵
  PID:8676
- C:\Windows\System\pRtJksx.exe
  C:\Windows\System\pRtJksx.exe
  2⤵
  PID:8692
- C:\Windows\System\oRxCRYQ.exe
  C:\Windows\System\oRxCRYQ.exe
  2⤵
  PID:8708
- C:\Windows\System\ZXtiBZU.exe
  C:\Windows\System\ZXtiBZU.exe
  2⤵
  PID:8724
- C:\Windows\System\lSDQcGm.exe
  C:\Windows\System\lSDQcGm.exe
  2⤵
  PID:8740
- C:\Windows\System\oIPXeLr.exe
  C:\Windows\System\oIPXeLr.exe
  2⤵
  PID:8756
- C:\Windows\System\AubkDCj.exe
  C:\Windows\System\AubkDCj.exe
  2⤵
  PID:8772
- C:\Windows\System\hTxbFbc.exe
  C:\Windows\System\hTxbFbc.exe
  2⤵
  PID:8788
- C:\Windows\System\ylBrKXx.exe
  C:\Windows\System\ylBrKXx.exe
  2⤵
  PID:8804
- C:\Windows\System\nbbIObY.exe
  C:\Windows\System\nbbIObY.exe
  2⤵
  PID:8820
- C:\Windows\System\agzfBed.exe
  C:\Windows\System\agzfBed.exe
  2⤵
  PID:8840
- C:\Windows\System\fIfsXoa.exe
  C:\Windows\System\fIfsXoa.exe
  2⤵
  PID:8856
- C:\Windows\System\EONuUxN.exe
  C:\Windows\System\EONuUxN.exe
  2⤵
  PID:8872
- C:\Windows\System\YIUUTEq.exe
  C:\Windows\System\YIUUTEq.exe
  2⤵
  PID:8888
- C:\Windows\System\msnfEyf.exe
  C:\Windows\System\msnfEyf.exe
  2⤵
  PID:8904
- C:\Windows\System\rCLhzuR.exe
  C:\Windows\System\rCLhzuR.exe
  2⤵
  PID:8920
- C:\Windows\System\fCDHTun.exe
  C:\Windows\System\fCDHTun.exe
  2⤵
  PID:8940
- C:\Windows\System\htZDDqM.exe
  C:\Windows\System\htZDDqM.exe
  2⤵
  PID:8956
- C:\Windows\System\xhfpyRa.exe
  C:\Windows\System\xhfpyRa.exe
  2⤵
  PID:8972
- C:\Windows\System\MvjhchU.exe
  C:\Windows\System\MvjhchU.exe
  2⤵
  PID:8992
- C:\Windows\System\IfBWEKN.exe
  C:\Windows\System\IfBWEKN.exe
  2⤵
  PID:9008
- C:\Windows\System\ivJDQdC.exe
  C:\Windows\System\ivJDQdC.exe
  2⤵
  PID:9024
- C:\Windows\System\axDbqXP.exe
  C:\Windows\System\axDbqXP.exe
  2⤵
  PID:9040
- C:\Windows\System\CmQXxRA.exe
  C:\Windows\System\CmQXxRA.exe
  2⤵
  PID:9056
- C:\Windows\System\iHZOjHF.exe
  C:\Windows\System\iHZOjHF.exe
  2⤵
  PID:9072
- C:\Windows\System\ApqYgPK.exe
  C:\Windows\System\ApqYgPK.exe
  2⤵
  PID:9088
- C:\Windows\System\sdDPEsP.exe
  C:\Windows\System\sdDPEsP.exe
  2⤵
  PID:9140
- C:\Windows\System\FzMiynR.exe
  C:\Windows\System\FzMiynR.exe
  2⤵
  PID:9156
- C:\Windows\System\ukPUEnV.exe
  C:\Windows\System\ukPUEnV.exe
  2⤵
  PID:9172
- C:\Windows\System\NVdirjM.exe
  C:\Windows\System\NVdirjM.exe
  2⤵
  PID:9188
- C:\Windows\System\ufBypnX.exe
  C:\Windows\System\ufBypnX.exe
  2⤵
  PID:9212
- C:\Windows\System\DQoKUaN.exe
  C:\Windows\System\DQoKUaN.exe
  2⤵
  PID:8084
- C:\Windows\System\YCUgTNw.exe
  C:\Windows\System\YCUgTNw.exe
  2⤵
  PID:7492
- C:\Windows\System\yQsUWJW.exe
  C:\Windows\System\yQsUWJW.exe
  2⤵
  PID:760
- C:\Windows\System\fsMaDYV.exe
  C:\Windows\System\fsMaDYV.exe
  2⤵
  PID:8208
- C:\Windows\System\TEqCkmQ.exe
  C:\Windows\System\TEqCkmQ.exe
  2⤵
  PID:8268
- C:\Windows\System\QqNCkGZ.exe
  C:\Windows\System\QqNCkGZ.exe
  2⤵
  PID:8316
- C:\Windows\System\vfPpVUr.exe
  C:\Windows\System\vfPpVUr.exe
  2⤵
  PID:8352
- C:\Windows\System\PYwrzyc.exe
  C:\Windows\System\PYwrzyc.exe
  2⤵
  PID:704
- C:\Windows\System\wGCXFKB.exe
  C:\Windows\System\wGCXFKB.exe
  2⤵
  PID:8476
- C:\Windows\System\GBWMhXX.exe
  C:\Windows\System\GBWMhXX.exe
  2⤵
  PID:8400
- C:\Windows\System\skGyCam.exe
  C:\Windows\System\skGyCam.exe
  2⤵
  PID:8336
- C:\Windows\System\NJZhkJB.exe
  C:\Windows\System\NJZhkJB.exe
  2⤵
  PID:8464
- C:\Windows\System\ySRxZnr.exe
  C:\Windows\System\ySRxZnr.exe
  2⤵
  PID:8544
- C:\Windows\System\mVETeoK.exe
  C:\Windows\System\mVETeoK.exe
  2⤵
  PID:8608
- C:\Windows\System\EcjWlXg.exe
  C:\Windows\System\EcjWlXg.exe
  2⤵
  PID:8496
- C:\Windows\System\QEdrvzX.exe
  C:\Windows\System\QEdrvzX.exe
  2⤵
  PID:8620
- C:\Windows\System\XvuVIQp.exe
  C:\Windows\System\XvuVIQp.exe
  2⤵
  PID:8668
- C:\Windows\System\iXIGMle.exe
  C:\Windows\System\iXIGMle.exe
  2⤵
  PID:8732
- C:\Windows\System\gynHJFv.exe
  C:\Windows\System\gynHJFv.exe
  2⤵
  PID:8800
- C:\Windows\System\GcxIZUE.exe
  C:\Windows\System\GcxIZUE.exe
  2⤵
  PID:8684
- C:\Windows\System\bQDXpQP.exe
  C:\Windows\System\bQDXpQP.exe
  2⤵
  PID:8748
- C:\Windows\System\PlfvTIO.exe
  C:\Windows\System\PlfvTIO.exe
  2⤵
  PID:8836
- C:\Windows\System\mlFjYMo.exe
  C:\Windows\System\mlFjYMo.exe
  2⤵
  PID:8900
- C:\Windows\System\mZcqoDw.exe
  C:\Windows\System\mZcqoDw.exe
  2⤵
  PID:8968
- C:\Windows\System\kdFIFXe.exe
  C:\Windows\System\kdFIFXe.exe
  2⤵
  PID:9036
- C:\Windows\System\ZvroijK.exe
  C:\Windows\System\ZvroijK.exe
  2⤵
  PID:8912
- C:\Windows\System\SyNbgFI.exe
  C:\Windows\System\SyNbgFI.exe
  2⤵
  PID:9096
- C:\Windows\System\nGOZXzO.exe
  C:\Windows\System\nGOZXzO.exe
  2⤵
  PID:9112
- C:\Windows\System\ykLRgEk.exe
  C:\Windows\System\ykLRgEk.exe
  2⤵
  PID:9132
- C:\Windows\System\RFDXbCd.exe
  C:\Windows\System\RFDXbCd.exe
  2⤵
  PID:8980
- C:\Windows\System\fmUQTOo.exe
  C:\Windows\System\fmUQTOo.exe
  2⤵
  PID:9048
- C:\Windows\System\WcOoXnU.exe
  C:\Windows\System\WcOoXnU.exe
  2⤵
  PID:8272
- C:\Windows\System\STHCNUK.exe
  C:\Windows\System\STHCNUK.exe
  2⤵
  PID:8460
- C:\Windows\System\zltJbGn.exe
  C:\Windows\System\zltJbGn.exe
  2⤵
  PID:8304
- C:\Windows\System\diGhojH.exe
  C:\Windows\System\diGhojH.exe
  2⤵
  PID:8528
- C:\Windows\System\KQOJlTN.exe
  C:\Windows\System\KQOJlTN.exe
  2⤵
  PID:8672
- C:\Windows\System\zHRRKpb.exe
  C:\Windows\System\zHRRKpb.exe
  2⤵
  PID:8592
- C:\Windows\System\yJxlODK.exe
  C:\Windows\System\yJxlODK.exe
  2⤵
  PID:8780
- C:\Windows\System\KiHRsqD.exe
  C:\Windows\System\KiHRsqD.exe
  2⤵
  PID:9068
- C:\Windows\System\msEtARK.exe
  C:\Windows\System\msEtARK.exe
  2⤵
  PID:8852
- C:\Windows\System\xQiEMyU.exe
  C:\Windows\System\xQiEMyU.exe
  2⤵
  PID:8716
- C:\Windows\System\hepBfGm.exe
  C:\Windows\System\hepBfGm.exe
  2⤵
  PID:9004
- C:\Windows\System\wGwKVgk.exe
  C:\Windows\System\wGwKVgk.exe
  2⤵
  PID:9124
- C:\Windows\System\cInjVYE.exe
  C:\Windows\System\cInjVYE.exe
  2⤵
  PID:2780
- C:\Windows\System\iQkNpYg.exe
  C:\Windows\System\iQkNpYg.exe
  2⤵
  PID:9208
- C:\Windows\System\cNoSduY.exe
  C:\Windows\System\cNoSduY.exe
  2⤵
  PID:7732
- C:\Windows\System\VYjRVxw.exe
  C:\Windows\System\VYjRVxw.exe
  2⤵
  PID:9204
- C:\Windows\System\UeBRslq.exe
  C:\Windows\System\UeBRslq.exe
  2⤵
  PID:8252
- C:\Windows\System\pkUrAin.exe
  C:\Windows\System\pkUrAin.exe
  2⤵
  PID:8412
- C:\Windows\System\bkJMynv.exe
  C:\Windows\System\bkJMynv.exe
  2⤵
  PID:8432
- C:\Windows\System\pFGacTq.exe
  C:\Windows\System\pFGacTq.exe
  2⤵
  PID:8560
- C:\Windows\System\IbfFDtT.exe
  C:\Windows\System\IbfFDtT.exe
  2⤵
  PID:8936
- C:\Windows\System\zrsiXjp.exe
  C:\Windows\System\zrsiXjp.exe
  2⤵
  PID:8768
- C:\Windows\System\yAringi.exe
  C:\Windows\System\yAringi.exe
  2⤵
  PID:8828
- C:\Windows\System\BBKuveg.exe
  C:\Windows\System\BBKuveg.exe
  2⤵
  PID:8448
- C:\Windows\System\KBImlqE.exe
  C:\Windows\System\KBImlqE.exe
  2⤵
  PID:8540
- C:\Windows\System\YtiZTpd.exe
  C:\Windows\System\YtiZTpd.exe
  2⤵
  PID:9228
- C:\Windows\System\NbCqRsD.exe
  C:\Windows\System\NbCqRsD.exe
  2⤵
  PID:9244
- C:\Windows\System\XGuWEoL.exe
  C:\Windows\System\XGuWEoL.exe
  2⤵
  PID:9260
- C:\Windows\System\FYvSioH.exe
  C:\Windows\System\FYvSioH.exe
  2⤵
  PID:9276
- C:\Windows\System\EaJZRMP.exe
  C:\Windows\System\EaJZRMP.exe
  2⤵
  PID:9292
- C:\Windows\System\yEhPpiA.exe
  C:\Windows\System\yEhPpiA.exe
  2⤵
  PID:9308
- C:\Windows\System\dWKJjig.exe
  C:\Windows\System\dWKJjig.exe
  2⤵
  PID:9328
- C:\Windows\System\ORVtFns.exe
  C:\Windows\System\ORVtFns.exe
  2⤵
  PID:9344
- C:\Windows\System\mvNQnpH.exe
  C:\Windows\System\mvNQnpH.exe
  2⤵
  PID:9360
- C:\Windows\System\xTxyqDJ.exe
  C:\Windows\System\xTxyqDJ.exe
  2⤵
  PID:9376
- C:\Windows\System\DPOAirS.exe
  C:\Windows\System\DPOAirS.exe
  2⤵
  PID:9392
- C:\Windows\System\diqFrbM.exe
  C:\Windows\System\diqFrbM.exe
  2⤵
  PID:9408
- C:\Windows\System\lZyjcQI.exe
  C:\Windows\System\lZyjcQI.exe
  2⤵
  PID:9424
- C:\Windows\System\tTqUSBN.exe
  C:\Windows\System\tTqUSBN.exe
  2⤵
  PID:9440
- C:\Windows\System\ajyxQuI.exe
  C:\Windows\System\ajyxQuI.exe
  2⤵
  PID:9456
- C:\Windows\System\zFkDCvZ.exe
  C:\Windows\System\zFkDCvZ.exe
  2⤵
  PID:9472
- C:\Windows\System\WVTHHNC.exe
  C:\Windows\System\WVTHHNC.exe
  2⤵
  PID:9488
- C:\Windows\System\RLOYjMw.exe
  C:\Windows\System\RLOYjMw.exe
  2⤵
  PID:9504
- C:\Windows\System\ZstKRMJ.exe
  C:\Windows\System\ZstKRMJ.exe
  2⤵
  PID:9520
- C:\Windows\System\gBMbDZL.exe
  C:\Windows\System\gBMbDZL.exe
  2⤵
  PID:9536
- C:\Windows\System\jOPOkLn.exe
  C:\Windows\System\jOPOkLn.exe
  2⤵
  PID:9552
- C:\Windows\System\Hrrayoz.exe
  C:\Windows\System\Hrrayoz.exe
  2⤵
  PID:9568
- C:\Windows\System\EoLGCUI.exe
  C:\Windows\System\EoLGCUI.exe
  2⤵
  PID:9584
- C:\Windows\System\VXyKEbu.exe
  C:\Windows\System\VXyKEbu.exe
  2⤵
  PID:9600
- C:\Windows\System\BuGkHRW.exe
  C:\Windows\System\BuGkHRW.exe
  2⤵
  PID:9616
- C:\Windows\System\ypfzSSi.exe
  C:\Windows\System\ypfzSSi.exe
  2⤵
  PID:9632
- C:\Windows\System\aqoNRyq.exe
  C:\Windows\System\aqoNRyq.exe
  2⤵
  PID:9648
- C:\Windows\System\wZiguIb.exe
  C:\Windows\System\wZiguIb.exe
  2⤵
  PID:9664
- C:\Windows\System\HsISykz.exe
  C:\Windows\System\HsISykz.exe
  2⤵
  PID:9680
- C:\Windows\System\lnnNzLC.exe
  C:\Windows\System\lnnNzLC.exe
  2⤵
  PID:9696
- C:\Windows\System\TdghpIS.exe
  C:\Windows\System\TdghpIS.exe
  2⤵
  PID:9720
- C:\Windows\System\skHXGaW.exe
  C:\Windows\System\skHXGaW.exe
  2⤵
  PID:9736
- C:\Windows\System\YmHFSnB.exe
  C:\Windows\System\YmHFSnB.exe
  2⤵
  PID:9752
- C:\Windows\System\yZoKGLQ.exe
  C:\Windows\System\yZoKGLQ.exe
  2⤵
  PID:9768
- C:\Windows\System\ZfYStAL.exe
  C:\Windows\System\ZfYStAL.exe
  2⤵
  PID:9784
- C:\Windows\System\IfWhDaS.exe
  C:\Windows\System\IfWhDaS.exe
  2⤵
  PID:9804
- C:\Windows\System\cfRcPmB.exe
  C:\Windows\System\cfRcPmB.exe
  2⤵
  PID:9820
- C:\Windows\System\PDJhXVl.exe
  C:\Windows\System\PDJhXVl.exe
  2⤵
  PID:9836
- C:\Windows\System\OXGvjGL.exe
  C:\Windows\System\OXGvjGL.exe
  2⤵
  PID:9852
- C:\Windows\System\XWEMIFY.exe
  C:\Windows\System\XWEMIFY.exe
  2⤵
  PID:9868
- C:\Windows\System\dDrMNuk.exe
  C:\Windows\System\dDrMNuk.exe
  2⤵
  PID:9884
- C:\Windows\System\DaQvSwW.exe
  C:\Windows\System\DaQvSwW.exe
  2⤵
  PID:9900
- C:\Windows\System\JjEEepf.exe
  C:\Windows\System\JjEEepf.exe
  2⤵
  PID:9916
- C:\Windows\System\fewdVTm.exe
  C:\Windows\System\fewdVTm.exe
  2⤵
  PID:9932
- C:\Windows\System\WVsckKn.exe
  C:\Windows\System\WVsckKn.exe
  2⤵
  PID:9948
- C:\Windows\System\TWoQlkN.exe
  C:\Windows\System\TWoQlkN.exe
  2⤵
  PID:9964
- C:\Windows\System\WHtydWp.exe
  C:\Windows\System\WHtydWp.exe
  2⤵
  PID:9980
- C:\Windows\System\Mjllqqg.exe
  C:\Windows\System\Mjllqqg.exe
  2⤵
  PID:9996
- C:\Windows\System\xRvftpv.exe
  C:\Windows\System\xRvftpv.exe
  2⤵
  PID:10012
- C:\Windows\System\tZheHyE.exe
  C:\Windows\System\tZheHyE.exe
  2⤵
  PID:10028
- C:\Windows\System\uSRftoi.exe
  C:\Windows\System\uSRftoi.exe
  2⤵
  PID:10044
- C:\Windows\System\xSBoVIL.exe
  C:\Windows\System\xSBoVIL.exe
  2⤵
  PID:10060
- C:\Windows\System\mQLSMlr.exe
  C:\Windows\System\mQLSMlr.exe
  2⤵
  PID:10076
- C:\Windows\System\IejlcCu.exe
  C:\Windows\System\IejlcCu.exe
  2⤵
  PID:10092
- C:\Windows\System\ITQNSuy.exe
  C:\Windows\System\ITQNSuy.exe
  2⤵
  PID:10108
- C:\Windows\System\pmvUOWz.exe
  C:\Windows\System\pmvUOWz.exe
  2⤵
  PID:10124
- C:\Windows\System\butOPyr.exe
  C:\Windows\System\butOPyr.exe
  2⤵
  PID:10140
- C:\Windows\System\lmeFcAF.exe
  C:\Windows\System\lmeFcAF.exe
  2⤵
  PID:10156
- C:\Windows\System\IfjvXAD.exe
  C:\Windows\System\IfjvXAD.exe
  2⤵
  PID:10172
- C:\Windows\System\pMBNAKo.exe
  C:\Windows\System\pMBNAKo.exe
  2⤵
  PID:10188
- C:\Windows\System\bBHXqrW.exe
  C:\Windows\System\bBHXqrW.exe
  2⤵
  PID:10204
- C:\Windows\System\HiGtYcu.exe
  C:\Windows\System\HiGtYcu.exe
  2⤵
  PID:10220
- C:\Windows\System\bGoaTNS.exe
  C:\Windows\System\bGoaTNS.exe
  2⤵
  PID:10236
- C:\Windows\System\xCjWaMn.exe
  C:\Windows\System\xCjWaMn.exe
  2⤵
  PID:8812
- C:\Windows\System\NxVpqBV.exe
  C:\Windows\System\NxVpqBV.exe
  2⤵
  PID:8868
- C:\Windows\System\DmyejmK.exe
  C:\Windows\System\DmyejmK.exe
  2⤵
  PID:9200
- C:\Windows\System\lvkfVAG.exe
  C:\Windows\System\lvkfVAG.exe
  2⤵
  PID:2960
- C:\Windows\System\eiuwgiz.exe
  C:\Windows\System\eiuwgiz.exe
  2⤵
  PID:9256
- C:\Windows\System\ERQPVfe.exe
  C:\Windows\System\ERQPVfe.exe
  2⤵
  PID:8368
- C:\Windows\System\qxTcodh.exe
  C:\Windows\System\qxTcodh.exe
  2⤵
  PID:9240
- C:\Windows\System\OWZtrTp.exe
  C:\Windows\System\OWZtrTp.exe
  2⤵
  PID:8396
- C:\Windows\System\vAuWzSM.exe
  C:\Windows\System\vAuWzSM.exe
  2⤵
  PID:9336
- C:\Windows\System\QXDfjRN.exe
  C:\Windows\System\QXDfjRN.exe
  2⤵
  PID:9400
- C:\Windows\System\XjaEtBf.exe
  C:\Windows\System\XjaEtBf.exe
  2⤵
  PID:9464
- C:\Windows\System\VDkCXhw.exe
  C:\Windows\System\VDkCXhw.exe
  2⤵
  PID:9528
- C:\Windows\System\wkCULob.exe
  C:\Windows\System\wkCULob.exe
  2⤵
  PID:9316
- C:\Windows\System\WNQAbTA.exe
  C:\Windows\System\WNQAbTA.exe
  2⤵
  PID:9384
- C:\Windows\System\SkjtrIX.exe
  C:\Windows\System\SkjtrIX.exe
  2⤵
  PID:9448
- C:\Windows\System\HOkljtG.exe
  C:\Windows\System\HOkljtG.exe
  2⤵
  PID:9512
- C:\Windows\System\KSSGnQU.exe
  C:\Windows\System\KSSGnQU.exe
  2⤵
  PID:9560
- C:\Windows\System\jZqZinK.exe
  C:\Windows\System\jZqZinK.exe
  2⤵
  PID:9580
- C:\Windows\System\qEtctjq.exe
  C:\Windows\System\qEtctjq.exe
  2⤵
  PID:9608
- C:\Windows\System\qppXGiD.exe
  C:\Windows\System\qppXGiD.exe
  2⤵
  PID:9676
- C:\Windows\System\phalwDv.exe
  C:\Windows\System\phalwDv.exe
  2⤵
  PID:9656
- C:\Windows\System\iuEUiRQ.exe
  C:\Windows\System\iuEUiRQ.exe
  2⤵
  PID:9704
- C:\Windows\System\BWqPzLe.exe
  C:\Windows\System\BWqPzLe.exe
  2⤵
  PID:9728
- C:\Windows\System\GyunPKt.exe
  C:\Windows\System\GyunPKt.exe
  2⤵
  PID:9792
- C:\Windows\System\CruLfOq.exe
  C:\Windows\System\CruLfOq.exe
  2⤵
  PID:9776
- C:\Windows\System\vFCZbyu.exe
  C:\Windows\System\vFCZbyu.exe
  2⤵
  PID:9832
- C:\Windows\System\audRwEC.exe
  C:\Windows\System\audRwEC.exe
  2⤵
  PID:9848
- C:\Windows\System\vmNRSOA.exe
  C:\Windows\System\vmNRSOA.exe
  2⤵
  PID:9896
- C:\Windows\System\AGmgfuP.exe
  C:\Windows\System\AGmgfuP.exe
  2⤵
  PID:9912
- C:\Windows\System\MsrRTqo.exe
  C:\Windows\System\MsrRTqo.exe
  2⤵
  PID:9944
- C:\Windows\System\quwsFlh.exe
  C:\Windows\System\quwsFlh.exe
  2⤵
  PID:9992
- C:\Windows\System\RMmLHFJ.exe
  C:\Windows\System\RMmLHFJ.exe
  2⤵
  PID:10004
- C:\Windows\System\BLJuhjr.exe
  C:\Windows\System\BLJuhjr.exe
  2⤵
  PID:10036
- C:\Windows\System\kdTwjGC.exe
  C:\Windows\System\kdTwjGC.exe
  2⤵
  PID:10056
- C:\Windows\System\EWvMtLX.exe
  C:\Windows\System\EWvMtLX.exe
  2⤵
  PID:10120
- C:\Windows\System\HmEcwda.exe
  C:\Windows\System\HmEcwda.exe
  2⤵
  PID:9136
- C:\Windows\System\bmYOjWz.exe
  C:\Windows\System\bmYOjWz.exe
  2⤵
  PID:10100
- C:\Windows\System\UomWOZi.exe
  C:\Windows\System\UomWOZi.exe
  2⤵
  PID:10164
- C:\Windows\System\YTsAJvc.exe
  C:\Windows\System\YTsAJvc.exe
  2⤵
  PID:10228
- C:\Windows\System\OmaLzIG.exe
  C:\Windows\System\OmaLzIG.exe
  2⤵
  PID:2004
- C:\Windows\System\rmDveyI.exe
  C:\Windows\System\rmDveyI.exe
  2⤵
  PID:2768
- C:\Windows\System\MIrUmax.exe
  C:\Windows\System\MIrUmax.exe
  2⤵
  PID:9224
- C:\Windows\System\MqGVBrD.exe
  C:\Windows\System\MqGVBrD.exe
  2⤵
  PID:8952
- C:\Windows\System\oqjRmaH.exe
  C:\Windows\System\oqjRmaH.exe
  2⤵
  PID:9304
- C:\Windows\System\hgmAAwY.exe
  C:\Windows\System\hgmAAwY.exe
  2⤵
  PID:9372
- C:\Windows\System\vzmjAAP.exe
  C:\Windows\System\vzmjAAP.exe
  2⤵
  PID:9436
- C:\Windows\System\fUTKnQT.exe
  C:\Windows\System\fUTKnQT.exe
  2⤵
  PID:8984
- C:\Windows\System\HsWgiMj.exe
  C:\Windows\System\HsWgiMj.exe
  2⤵
  PID:9168
- C:\Windows\System\xmfHCaU.exe
  C:\Windows\System\xmfHCaU.exe
  2⤵
  PID:9712
- C:\Windows\System\ggaJDPo.exe
  C:\Windows\System\ggaJDPo.exe
  2⤵
  PID:9496
- C:\Windows\System\CYqEqLO.exe
  C:\Windows\System\CYqEqLO.exe
  2⤵
  PID:9484
- C:\Windows\System\bgTuHDr.exe
  C:\Windows\System\bgTuHDr.exe
  2⤵
  PID:9672
- C:\Windows\System\rgOAJAj.exe
  C:\Windows\System\rgOAJAj.exe
  2⤵
  PID:9748
- C:\Windows\System\ULCYSva.exe
  C:\Windows\System\ULCYSva.exe
  2⤵
  PID:9816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BYZOYVq.exe

Filesize
6.0MB

MD5
6f13444ae525bc7d87eff4095f59e155

SHA1
0ea463d932efe9bcb64a9a31b175133680043b7f

SHA256
81cd004e579c78f617f0dd19767a58165a58e895560a3e3659fc35e6d72d586b

SHA512
45b8322c61e945c55cb95b8254da1ae57cf546e6d4d5da1af6efac29de2b3f8de6299a3c0b941fbd6ee9e2a6acbcc74d359043e45080d14d006dbd4c3fc20b8f

Download Submit
C:\Windows\system\CqBfMao.exe

Filesize
6.0MB

MD5
25d0064413e0a6f398c0704b8fc4d887

SHA1
6b0e2a6a592da6bf51db4a3d2e8fb6ecacb935dc

SHA256
b6b9abd0325e6b2712036dcfc1ac5c279e8ef4169c0200465d2669597a18d777

SHA512
529497cf56fe376addd09a73552420fa63aff0bf125a67a1141e5fad662395b15ff9e4d7743e1f6e2501e1cee6ef567eb9fd8d6d6d51a54310c828c757bc8d69

Download Submit
C:\Windows\system\HCIzmOw.exe

Filesize
6.0MB

MD5
865aaca6937ee5a03629162d95fc861d

SHA1
b050081a9bd85315a48545c1d24d3893e86b3b5b

SHA256
1d0f28476ca70f3a9fbd6f4c112d3f5d14d5427fc1ee0bbccf5a0fc6f45f8cc3

SHA512
0eca7a3829457efc5ebb03b132454944be06d3ed7ef115107811d71acd1a3cd20a31612e54761592da5834b5174234ed236d92699be0188e63784bb99670fe33

Download Submit
C:\Windows\system\IGJRnXp.exe

Filesize
6.0MB

MD5
7e1faebdce221bff9898fd1bbf3fc75a

SHA1
6351d2c21c2a239f19c217a4882c5bdaf443a86f

SHA256
dd1d61a92ba363008227128ec169c5c42f023d6d6f53b946d8d1b6dfa0b39d55

SHA512
5df6a91e74939b4757c491b14bdd919858e91bb5c04f6927a0ea4c0385c72d67f92224242053badafb01eade986702b7063e98d93b286425a6441669d9c77476

Download Submit
C:\Windows\system\MOLxlLQ.exe

Filesize
6.0MB

MD5
182a19412958ec72238639bf2382bb75

SHA1
1a6cecf13151066da5d474e7f7ad2ce31750d9a3

SHA256
a0b5016472ab0ed2595eb9d7f675d4f73ae05ec05fac179b54665dd6ab44992a

SHA512
0ede0ad6b98c61494c669c9fc97ef3c7e97425543b92b5ebabeee26a4d6dd80a5dcc054fe511128144b52e8cbaa1884a5621cf7aba35273a409add421db6107a

Download Submit
C:\Windows\system\RgNrGyN.exe

Filesize
6.0MB

MD5
ccea346808e72446866be1829e0a885a

SHA1
a2b20c29e2593f117d05f185ef6b46b595739dce

SHA256
e349b430b4c0a3917b0b3775c06f769cdc2f370028fe7eef686528fe0a9dce3f

SHA512
467cfa4a53c36d99bf311d44bbf01abd87c4448709cd0d887f085a849e37dcdca4f5efbfab70d24fd88bab727aa91d38b1c0c280c7fb9631ab99436b56a276e5

Download Submit
C:\Windows\system\SWAkpbs.exe

Filesize
6.0MB

MD5
773c6e0c59d90206f0e2abd4cbe34521

SHA1
a2fb777a364d2291c6c0f73130bff4dbc54984dc

SHA256
0f60bbc0ecf02b4e357589fd5b13f1f539b9d625e5b9ef098bb5d57251168355

SHA512
59fa1233440627364c6450bc61100358f8880e9d1435269634ac2bf6cce7234f8618326c136f2fcf51d55f47eca7845c0ac0994b1f88c38c6119ff8740ec319b

Download Submit
C:\Windows\system\TdfbTVC.exe

Filesize
6.0MB

MD5
9291605afb15c67e3b120f6cdaad0e72

SHA1
a9273a712c286b9ed84dee13f6623ffb20db2975

SHA256
8434444bb75036a6f503f8da7d7812775407916f3362d5df1a420270b0d24a26

SHA512
11d827fc2d377f05dab1afeb4a35823d0b47d42cc93263233e650a1a18f2fb6299e683102d5b147dfdbf6f047a88b409e423703543e9cb7b74ee6420debb1b43

Download Submit
C:\Windows\system\WSolIyo.exe

Filesize
6.0MB

MD5
e7e8a7d8fccf74dd5f18cddbbb07c444

SHA1
36129357c33f51b0aaeba429b3ff16ca739b233c

SHA256
3901dcaecfb37b12091922d6131ff482caee187b2e615c1ea3ab5c869ad4a22c

SHA512
2b5ad07ab7acd01cd91ed5b9cd8d43987ff83975e9a858899a18322d771483eb390c155513bf1b44bd04933f122d8be636fa84dc809bcfbcf03d4054cb68f38a

Download Submit
C:\Windows\system\aAzRssE.exe

Filesize
6.0MB

MD5
31345027b7f5ddf9a864d3fd9ee9479e

SHA1
3f578c16f83c6ee2d654673f35fa8f140bfcd9d1

SHA256
0a676824343f4a184b0be6be8fa1eabd1bed5845a21f9392f611cbb2e545c149

SHA512
06b5cdb15156e411b6194d57d011026df53c35a0a5b2b36be6ab5ae92ec1725a0ed43ae017fe4d37de9bed9804a272e011078e0276eb18b705ceb98101e52e31

Download Submit
C:\Windows\system\bfmPAVZ.exe

Filesize
6.0MB

MD5
e6a0868f879cb3fcf9f2f0606ab9f663

SHA1
cc60120be69484eb8da59b6848cadc4fdc11c7e4

SHA256
63e5e1671d316b95856e1b240d012575c32cb727bf174c6ec964caea4e8b6352

SHA512
203125e981cc5235bfc783cef5c8a65bc9b662e67714299554862346f0ba3b4afe31545c751b6d8411e984f306b1213441f01d284996ac290f7b8631dd3b8dd9

Download Submit
C:\Windows\system\cYFROPw.exe

Filesize
6.0MB

MD5
389b2940383e0fe4ca645896763c5687

SHA1
264b4beb1cc86dd292589860784f3a656561ff35

SHA256
c7652ff5962d0ad6fe7e73b1d667c5a498dd3aea06c3d88cd933fb91db5d1d71

SHA512
069327b533cd1837229246927c385c65b44e759885bfee6ed335377b9ab7baf31f1d3776df3f3ca399859af93685d772548abfe6d8681c1f0005431e39d77596

Download Submit
C:\Windows\system\dEhMtGp.exe

Filesize
6.0MB

MD5
4816246e1a6eb0bd6a242f2922b41fe1

SHA1
7414bd0fcf335264e5ded8449f4ec6400a1efa8d

SHA256
0bc76061887c49e87b83295e1ef2bc295635dfd31b9841e8119eb7aa2cde6a8a

SHA512
76750a0f62770a29d46772f3bb65e724930209fb8c469526c95331be0c1631cf7970c355e8c96a36f0f09e4aa80264b549d84dd4189cd8dd028092d9e60ec314

Download Submit
C:\Windows\system\dkgPWfc.exe

Filesize
6.0MB

MD5
65c7066dd707493017f19b943346224d

SHA1
bdd740183aafc40b2a3b4b2f972fd6cb8cd03dc8

SHA256
9f2430f2a208c754588249a2efcbfd858f2ba2f303c13d242dfbcec9d66ab0a3

SHA512
e1e0c92243a8968cf71d04d541e574551ed1e8b74d8343a0765c6b57b7cfac42a5932a871121b4da2877cc730098b06b6cd38c4a027c737f981114578191db3e

Download Submit
C:\Windows\system\eVswRxS.exe

Filesize
6.0MB

MD5
24fd9b306de0034d98a36671d9428f3a

SHA1
147d2e9f496f871eb992f1cb4ade9b507c16759f

SHA256
e0200e2d7796dcd409e34a41af2fda062ed730b38dcd47e6df921f519b393bcb

SHA512
ca544a197e3f61762d88e96ed7a7969f998a71c3c89a19142ef6ed6327d9316d0e3cff4c0a6602dc190e3fa2275cf7179f69de3f40fbbf1a1ea4113c4b50e083

Download Submit
C:\Windows\system\eWXVtlj.exe

Filesize
6.0MB

MD5
9a203414bf8df69d1259383bf662cb0a

SHA1
42be97a05b00957fa79b4f604d7cfb624654819c

SHA256
9d08f5a2e853aafbd8150cd329191226e2657ad73aeec45bd17a075ae34970b8

SHA512
92ee9622eb23d64ce4d0d46c21c88f51779d80672c7558f8a3388cd19755ce19f6856d90e6cc336c2cb563b67ba5747d68c778c3ac0d919fea8a497408e92e67

Download Submit
C:\Windows\system\gglSZsE.exe

Filesize
6.0MB

MD5
168bfc43ad75e0218e08c476a8262948

SHA1
5e0970c4a06acb9db3d421b60251d7a0df00dde7

SHA256
397dbce5b58525eef9e0d380e7a657ec063fba226df9e743029c16ae47361816

SHA512
f103c1d240908c216bcf5e95924a7ca16b36eb1d1466d49c9f41b1978f8d35c8217721fdaa5d85605e23c6a691e93d6b768802d409eb223f107ede6ad09c1044

Download Submit
C:\Windows\system\gtGUkLO.exe

Filesize
6.0MB

MD5
ee0b747c483623fd5ee6a8691dfab4a9

SHA1
3174d7c60dc3a863e40162c9f4a75c28de9f664b

SHA256
01f70dfbd00d0ce89659850090f8b7011970dde72da8bd2ee84824a09beffa36

SHA512
d101f3b317e81d5ec284045e9fd977ca24220b44bf0eb4db26beb188fc1ecb5e86c39bc02fc0182bdb9718032bba29ec4a157e6034c02698d739e6d923e02889

Download Submit
C:\Windows\system\iOwUCbQ.exe

Filesize
6.0MB

MD5
25fcba6ab195d8884ebd9babe6475b74

SHA1
15b8a4cfc0efd8a94e943064e11ed8b4faea6a38

SHA256
a415bdc4ccb93a6b1d7e3906677ed20dd577d1437460e116b4927e49b17d6454

SHA512
e72f5ffc3b87ce53301977469cced8af64f646ab3899f7a22b56b1682a941a5a56313f2f267d00146fb1597b694a19cfa112c8c019f85eeda0cf4b9d7e108b3d

Download Submit
C:\Windows\system\ouzszax.exe

Filesize
6.0MB

MD5
2488ba0d08c1a2c604a2f42a8914b19d

SHA1
bbcec5d5da1ecf28853117d3d73f4ff585bc291d

SHA256
bb14ca2b7edf949023e29e34a92b96eeac8d03b3e34ffe204283d4be52afeb3e

SHA512
80ddf590c4d10f1899cf02642f9557fb754f4f92d8d08d167cced0853a8273b8d297db28dc2159f3c478b27d34a1596bed79836f6bf1c6aebfef93f290163de8

Download Submit
C:\Windows\system\qBMNpeY.exe

Filesize
6.0MB

MD5
00e0b2c8757b06b54153dc3ca1dc6c7c

SHA1
ed0bc2629c94f29142495311cf5dc9f861df775d

SHA256
fcd6281a36b7800220be4bb53cc354fff5cd99b2195d8c66ac188cb983d91d81

SHA512
d47dd6433643ed7bb8a9a200018188b136233282172bc166a2adca9987801570c1b07d0882ccbac838c7fb29aa2886ec54b0c0b8fccd8fb2489f517ebff2a70b

Download Submit
C:\Windows\system\qzICnEQ.exe

Filesize
6.0MB

MD5
1c04795cdba0f55150fb3a57d6303701

SHA1
8d428db20f5f47befe123ed419a8922bfedaa10d

SHA256
5fa5019145e0fc2cda5eae242d7c72182450387df3c9b8bd83c7236c5b1dba28

SHA512
00aaf58f2fa49f2308ffa7d893067729925274a6dff7f579ab34181d4196fabec6e767d76f5cf25daa146f6903c921d2d1b2ef61bd4b3042749bbb898fa75743

Download Submit
C:\Windows\system\uSWxWSD.exe

Filesize
6.0MB

MD5
bee7af0575494a0f1568de0473727e69

SHA1
fdff5085d190a1e056aecf86e08f3dd596893e19

SHA256
212ef50796e45074bfc26f293cae3fdf88f8db25a2a95b21fb6a337b52b5fb7d

SHA512
36d9ac736f2ab5e97f917dd55674ffc1829fd3ce38503ef3719c77e9afd0ace5efc1374e31da96b36151787ab597fffb1d9edaebe5740cba61f0442887fb27f1

Download Submit
C:\Windows\system\vUYpEmA.exe

Filesize
6.0MB

MD5
4e9adf11799def0f81137b90767a6964

SHA1
1b7ed4e5498a623ef23ddb6c8c76318c13963c84

SHA256
78f45e42f23dcf4eb51d6bb26c6e69576eb0a6aec54fb90b3e933df3723ca3d1

SHA512
99db355e7e2933209176635fb4fde676453213edc9ef3d7f5500a5d94cd88cef020f9d827ab27ccf1adb6e3e2e0bd58e40c62f54ee510d0a84d24722b7e2bfd6

Download Submit
C:\Windows\system\yhzYmWI.exe

Filesize
6.0MB

MD5
67ce07dd6df47c5eba2fa1f1100a17d7

SHA1
e2ad3a37461f838ba8338fbc1a7b50d8406d4f73

SHA256
c34fc6a17f2e413aa7c05256ce7091ebbb3986b9dd88caca3360a2d9602c157e

SHA512
48b905cb5afbad01ed6864906746ff23783dbb485784537263af248972234133ee4ef47cc01e7e2c537c2624dd2233c153c66e161943051c66cf1a4f1187e007

Download Submit
\Windows\system\ENPqQoF.exe

Filesize
6.0MB

MD5
2429625963a857541e041ff1fef7d908

SHA1
5d35a228702dede5a6a536ec0e1c2485ce6c6e06

SHA256
a4771e3b76493fdfe2d95fbde984884a527ed68fb2d168ee1fcdf99e1c03d04c

SHA512
163709e5f6984dee9552f95b6db0bacbc3060c2528da7364a8fbe571f8d8bea47a1320a574ce9347d256c4008862a84cedb1f9d56e7b906cdac4792c780e4343

Download Submit
\Windows\system\SHNKsUZ.exe

Filesize
6.0MB

MD5
96dfcda763f2574788b33b7cef577091

SHA1
32820eacb11cd62bc89ec23de6d44c91ea82a14e

SHA256
925c28e1765e95fdd599c0b8037e93787e7d051184a91744ac3ca97a890fb8e5

SHA512
9cb2dcdfaae2e77a696ff6858a55b7add3a21800542cc965763c458f2ffbfc920d98bd89563a293d074dc707ff6355b11fa1ad34b6f1582bb3fd0aa9d000f901

Download Submit
\Windows\system\SlrmyCE.exe

Filesize
6.0MB

MD5
e97d058a5c612dd4b35f76daf5c399fb

SHA1
037171f9a8f0ea5240b7ee3e9389871812e14e23

SHA256
a034529f94d62a18dc19f3292f3c562827000b4538718c4aca0d2e03671fb86e

SHA512
c953be2cf5a2105a2e0a4479701e1d83c83d09a5660f534a50cfbe483b50dda6febef48f00109107c58e88aa117105733a8c5d7d63c17497f3ea9b10aae34c34

Download Submit
\Windows\system\bHSQOEy.exe

Filesize
6.0MB

MD5
78a3844f108ef54bc33e36f559bb2d63

SHA1
bed4b638a627e5e8e193f5d8fc9d870824665cd2

SHA256
263a6950927fb4ff56d4c658151698af16462f201b64f0a9cf53c53511c861f9

SHA512
b64128fa4d1da29d701012b0e0d198d8c437eb1e717448141aa654940dd470bbfb7c462394fbee81e0af3a860bad4cbb9db0813ca89664b351913374a58e804d

Download Submit
\Windows\system\cKwrawt.exe

Filesize
6.0MB

MD5
77f94d7cbbdd7cdfc0725e39320bd5e2

SHA1
76c0fb1827958444e3149ed307e161e665cdb7c3

SHA256
7cff2c825afbefa18a4bf50cb9775dcb9edaae29aae3bb80a3fa2a9bd956e894

SHA512
8247e04e30fa0ac25f20d48c7374e7ae51d351a879ef8430356deca5d49419b066574ceda10ba762fcd98ef823108f29bc31b4ccc0ca76792c5c335156654341

Download Submit
\Windows\system\hGVJWXs.exe

Filesize
6.0MB

MD5
be1b2821d7084a808c673c8fb53647b2

SHA1
ffadd685ba4331a8394c048b637f38dff2f82fae

SHA256
7b07d7cf53999aac1f48656937dcb1a8e60538c5a43dc61655dec5b6f11dbd95

SHA512
c3f97dc37bfa292ae7cde111a688db6674f2ad7763a9209299d7673621a84563f33548e925c05156a8350cf7d79681c4b7ab44c65c265a564d38d95ebb9eba3c

Download Submit
\Windows\system\kEYDEhH.exe

Filesize
6.0MB

MD5
f6df6eaf28cf81e2a0e3118df15120fa

SHA1
5a737407bf57059edf7968a0d2c095514eba528a

SHA256
4d5f0e7b10ddc3c146f19e150f9bacf9399254871ee34c923057e6a1f700b3fb

SHA512
7415b8dfbf6239e6f5332b145d808b13d2ab9e4fc1e480d7c723b8f400d752aae9fc97e80b578f177db3142d78185ec7c7b4a2228456ec03f46a216d497403f8

Download Submit
\Windows\system\wkjkQke.exe

Filesize
6.0MB

MD5
31c622ed1fe801b5b93317b85a3e88eb

SHA1
c6d211bfefb4adf7a6fbe6a90fc8ec43e1081154

SHA256
61f502864f839666b2c549e1d5b73fe8527edb10ab4e9d65abf4f8024f811cb3

SHA512
6a1259bddd4afbb5bee89ade7ca1a7b519f0807901881bb48a8791263fb3591d4d58f0800064ea7ae6b57724634341e3569f97ce9c48332dcc82f65cf9e99eb8

Download Submit
memory/1268-556-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1268-3932-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1708-1929-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2047-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/1708-555-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1708-549-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1708-551-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1708-547-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-553-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-545-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-0-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-543-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-541-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2046-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/1708-539-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1708-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1708-537-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2062-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-535-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2048-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1708-533-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2060-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-531-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2053-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/1708-499-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1708-490-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2061-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-1937-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2043-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2044-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2045-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2066-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1808-530-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1808-3938-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1880-548-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1880-3934-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-534-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2244-3936-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2340-532-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-3930-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-544-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-3933-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-552-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3935-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-546-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-4165-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-554-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3946-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3931-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2704-540-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3939-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-550-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3929-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2728-536-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3948-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2840-538-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/3004-3937-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/3004-542-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download