cobaltstrike | 3aeb4ebda474cedd2fbc0fadd510d9aa9163ac1801c85c24fcf1645ad2f92509

Analysis

max time kernel
149s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
24/09/2024, 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0bb5cf09008e7945e88d7b2249ca1da0
SHA1

26c910802f919620f86f4c8ad8efc7bd75ccc37f
SHA256

3aeb4ebda474cedd2fbc0fadd510d9aa9163ac1801c85c24fcf1645ad2f92509
SHA512

82d43c3fdcfb102ff31cf503954b37df944a3a1801ea196d31ad7f0db1cb4b8119b138e91aec48ee1173ef9e3d5c5686398f8ea558607d36df6cb96542152424
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUX:T+q56utgpPF8u/7X

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-6.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001939b-12.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b3-16.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193e8-23.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193f7-33.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001954e-52.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-59.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-64.dat	cobalt_reflective_dll
behavioral1/files/0x003200000001930d-67.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a9-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-71.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194d2-49.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194cd-44.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001949e-40.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2540-0-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-6.dat	xmrig
behavioral1/files/0x000700000001939b-12.dat	xmrig
behavioral1/files/0x00070000000193b3-16.dat	xmrig
behavioral1/memory/2892-18-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2300-20-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2100-21-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2540-22-0x00000000024C0000-0x0000000002814000-memory.dmp	xmrig
behavioral1/files/0x00060000000193e8-23.dat	xmrig
behavioral1/memory/2960-28-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2736-35-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/files/0x00060000000193f7-33.dat	xmrig
behavioral1/files/0x000600000001954e-52.dat	xmrig
behavioral1/files/0x000500000001a09e-59.dat	xmrig
behavioral1/files/0x000500000001a307-64.dat	xmrig
behavioral1/files/0x003200000001930d-67.dat	xmrig
behavioral1/files/0x000500000001a41b-75.dat	xmrig
behavioral1/files/0x000500000001a41e-81.dat	xmrig
behavioral1/files/0x000500000001a499-105.dat	xmrig
behavioral1/files/0x000500000001a4a9-115.dat	xmrig
behavioral1/files/0x000500000001a4af-119.dat	xmrig
behavioral1/files/0x000500000001a49a-111.dat	xmrig
behavioral1/memory/2540-125-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/1680-124-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2724-130-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4bb-182.dat	xmrig
behavioral1/memory/2724-1091-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2224-1094-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/604-1101-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/3032-1092-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2624-1090-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2736-910-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2960-794-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2540-287-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4bd-188.dat	xmrig
behavioral1/files/0x000500000001a4b7-173.dat	xmrig
behavioral1/files/0x000500000001a4b9-178.dat	xmrig
behavioral1/files/0x000500000001a4b3-163.dat	xmrig
behavioral1/files/0x000500000001a4b5-168.dat	xmrig
behavioral1/memory/2860-144-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/604-142-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b1-150.dat	xmrig
behavioral1/memory/2224-134-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/3032-132-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2540-131-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2624-128-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2540-127-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/1616-126-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2800-122-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x000500000001a48d-103.dat	xmrig
behavioral1/files/0x000500000001a48b-99.dat	xmrig
behavioral1/files/0x000500000001a46f-95.dat	xmrig
behavioral1/files/0x000500000001a42d-91.dat	xmrig
behavioral1/files/0x000500000001a427-87.dat	xmrig
behavioral1/files/0x000500000001a41d-80.dat	xmrig
behavioral1/files/0x000500000001a359-71.dat	xmrig
behavioral1/files/0x00060000000194d2-49.dat	xmrig
behavioral1/files/0x00080000000194cd-44.dat	xmrig
behavioral1/files/0x000600000001949e-40.dat	xmrig
behavioral1/memory/2300-3984-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2892-4010-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2100-3995-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2960-3993-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2736-4003-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2892	xwqAXxZ.exe
2300	uEjeahr.exe
2100	vMErWIJ.exe
2960	rGmFmfx.exe
2736	ToiIIWA.exe
2860	PwXEuLh.exe
2800	dBcQIld.exe
1680	OQwrrzy.exe
1616	KikjxWA.exe
2624	VYGsKvM.exe
2724	BZawDVJ.exe
3032	fGcYmlB.exe
2224	ySTNvwq.exe
604	zTCCqtL.exe
2260	HhuSEBs.exe
2368	TGuwXvl.exe
2452	GiEsaZY.exe
2520	IAkGbBj.exe
1676	CsJBPBh.exe
2588	fvJnvaU.exe
2492	wnfQsLB.exe
2692	YDUYmuo.exe
2028	WLRnKzw.exe
2864	NILpuqi.exe
1020	TPsEjFd.exe
2384	VJcbWhT.exe
2216	qxaIZsm.exe
2152	csUZpZp.exe
780	YqEEZEO.exe
1964	KHBvsIL.exe
1808	rjohGaX.exe
1868	hyAgGNd.exe
2408	FmpeLLI.exe
2420	zZAmpsv.exe
1344	jeSzBpy.exe
1436	GMeFrPs.exe
1400	HoKGUkq.exe
1748	mubOjiF.exe
1740	rirbqOQ.exe
1968	LizZhaQ.exe
1796	eVxZMZw.exe
944	ooQfYdb.exe
1916	fpMgTQl.exe
3052	rRlhszR.exe
1256	dNfHNwm.exe
2328	EHSpYXq.exe
1848	nZePDnn.exe
2992	nRhgwul.exe
892	gMXQZvl.exe
2988	zEjXuPk.exe
640	pwPoIzX.exe
1704	KFulGLM.exe
2244	wRLZsbS.exe
2828	tdpqGMe.exe
2196	JULSWPJ.exe
2836	VhRHvnE.exe
3016	OhufmRI.exe
2600	MriZVtA.exe
1092	UXSnIMD.exe
2620	jptUrEB.exe
2064	mwjiDfK.exe
1504	IKRBHBr.exe
1148	CPECMLN.exe
2592	BQLQUGX.exe

Loads dropped DLL 64 IoCs

pid	Process
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2540-0-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-6.dat	upx
behavioral1/files/0x000700000001939b-12.dat	upx
behavioral1/files/0x00070000000193b3-16.dat	upx
behavioral1/memory/2892-18-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2300-20-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2100-21-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x00060000000193e8-23.dat	upx
behavioral1/memory/2960-28-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2736-35-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x00060000000193f7-33.dat	upx
behavioral1/files/0x000600000001954e-52.dat	upx
behavioral1/files/0x000500000001a09e-59.dat	upx
behavioral1/files/0x000500000001a307-64.dat	upx
behavioral1/files/0x003200000001930d-67.dat	upx
behavioral1/files/0x000500000001a41b-75.dat	upx
behavioral1/files/0x000500000001a41e-81.dat	upx
behavioral1/files/0x000500000001a499-105.dat	upx
behavioral1/files/0x000500000001a4a9-115.dat	upx
behavioral1/files/0x000500000001a4af-119.dat	upx
behavioral1/files/0x000500000001a49a-111.dat	upx
behavioral1/memory/1680-124-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2724-130-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x000500000001a4bb-182.dat	upx
behavioral1/memory/2724-1091-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2224-1094-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/604-1101-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/3032-1092-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2624-1090-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2736-910-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2960-794-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2540-287-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x000500000001a4bd-188.dat	upx
behavioral1/files/0x000500000001a4b7-173.dat	upx
behavioral1/files/0x000500000001a4b9-178.dat	upx
behavioral1/files/0x000500000001a4b3-163.dat	upx
behavioral1/files/0x000500000001a4b5-168.dat	upx
behavioral1/memory/2860-144-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/604-142-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x000500000001a4b1-150.dat	upx
behavioral1/memory/2224-134-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/3032-132-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2624-128-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/1616-126-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2800-122-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x000500000001a48d-103.dat	upx
behavioral1/files/0x000500000001a48b-99.dat	upx
behavioral1/files/0x000500000001a46f-95.dat	upx
behavioral1/files/0x000500000001a42d-91.dat	upx
behavioral1/files/0x000500000001a427-87.dat	upx
behavioral1/files/0x000500000001a41d-80.dat	upx
behavioral1/files/0x000500000001a359-71.dat	upx
behavioral1/files/0x00060000000194d2-49.dat	upx
behavioral1/files/0x00080000000194cd-44.dat	upx
behavioral1/files/0x000600000001949e-40.dat	upx
behavioral1/memory/2300-3984-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2892-4010-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2100-3995-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2960-3993-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2736-4003-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2860-4032-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2624-4043-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/3032-4040-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/604-4050-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VtEpAea.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fzZYPkQ.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zWYnLCx.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZeVkcvO.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TKPsNjs.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMwUTUX.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KiaJOOD.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kCQtLQA.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnJVoHm.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hGGqvVn.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NCmgEIz.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKgDbVg.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGGLdyG.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bFDHFCc.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dNhZSFj.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WjulRDN.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sFWQIeH.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ymtlcIi.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgptqjT.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGEcVpg.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZIdGGR.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JypHkSp.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hNdjFYB.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GiEsaZY.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YGOcyDt.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZShduZi.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YVZRDwY.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NvMKGmb.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqwfuRr.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QlvRSOS.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fddONSP.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HZOSDDL.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QaUBaje.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XaOQWnw.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pSGMuMP.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xgrEomX.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JLAbBSw.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcnYSov.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LizZhaQ.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WueTvRY.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Zhqthku.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzKyyNc.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wFzXKER.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gNrQKyB.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VLSUsLP.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxrLYJj.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XufkBYB.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkGorih.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWoiDZk.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bJAdHjw.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSwopjC.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ISwmcjn.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rUwByzS.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fMRgDWO.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kmmzzVD.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btkfoIX.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNcsyxa.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\htAfgwD.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QYJZvUL.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OqTvOfq.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXeDVWm.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omxuZmm.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ssTCiwm.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ycRSOir.exe	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
12084	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 2892	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2540 wrote to memory of 2892	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2540 wrote to memory of 2892	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2540 wrote to memory of 2300	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2540 wrote to memory of 2300	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2540 wrote to memory of 2300	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2540 wrote to memory of 2100	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2540 wrote to memory of 2100	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2540 wrote to memory of 2100	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2540 wrote to memory of 2960	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2540 wrote to memory of 2960	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2540 wrote to memory of 2960	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2540 wrote to memory of 2736	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2540 wrote to memory of 2736	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2540 wrote to memory of 2736	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2540 wrote to memory of 2860	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2540 wrote to memory of 2860	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2540 wrote to memory of 2860	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2540 wrote to memory of 2800	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2540 wrote to memory of 2800	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2540 wrote to memory of 2800	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2540 wrote to memory of 1680	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2540 wrote to memory of 1680	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2540 wrote to memory of 1680	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2540 wrote to memory of 1616	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2540 wrote to memory of 1616	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2540 wrote to memory of 1616	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2540 wrote to memory of 2624	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2540 wrote to memory of 2624	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2540 wrote to memory of 2624	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2540 wrote to memory of 2724	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2540 wrote to memory of 2724	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2540 wrote to memory of 2724	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2540 wrote to memory of 3032	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2540 wrote to memory of 3032	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2540 wrote to memory of 3032	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2540 wrote to memory of 2224	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2540 wrote to memory of 2224	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2540 wrote to memory of 2224	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2540 wrote to memory of 604	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2540 wrote to memory of 604	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2540 wrote to memory of 604	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2540 wrote to memory of 2260	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2540 wrote to memory of 2260	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2540 wrote to memory of 2260	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2540 wrote to memory of 2368	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2540 wrote to memory of 2368	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2540 wrote to memory of 2368	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2540 wrote to memory of 2452	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2540 wrote to memory of 2452	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2540 wrote to memory of 2452	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2540 wrote to memory of 2520	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2540 wrote to memory of 2520	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2540 wrote to memory of 2520	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2540 wrote to memory of 1676	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2540 wrote to memory of 1676	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2540 wrote to memory of 1676	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2540 wrote to memory of 2588	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2540 wrote to memory of 2588	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2540 wrote to memory of 2588	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2540 wrote to memory of 2492	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2540 wrote to memory of 2492	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2540 wrote to memory of 2492	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2540 wrote to memory of 2692	2540	2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-24_0bb5cf09008e7945e88d7b2249ca1da0_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Windows\System\xwqAXxZ.exe
  C:\Windows\System\xwqAXxZ.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\uEjeahr.exe
  C:\Windows\System\uEjeahr.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\vMErWIJ.exe
  C:\Windows\System\vMErWIJ.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\rGmFmfx.exe
  C:\Windows\System\rGmFmfx.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\ToiIIWA.exe
  C:\Windows\System\ToiIIWA.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\PwXEuLh.exe
  C:\Windows\System\PwXEuLh.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\dBcQIld.exe
  C:\Windows\System\dBcQIld.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\OQwrrzy.exe
  C:\Windows\System\OQwrrzy.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\KikjxWA.exe
  C:\Windows\System\KikjxWA.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\VYGsKvM.exe
  C:\Windows\System\VYGsKvM.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\BZawDVJ.exe
  C:\Windows\System\BZawDVJ.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\fGcYmlB.exe
  C:\Windows\System\fGcYmlB.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\ySTNvwq.exe
  C:\Windows\System\ySTNvwq.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\zTCCqtL.exe
  C:\Windows\System\zTCCqtL.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\HhuSEBs.exe
  C:\Windows\System\HhuSEBs.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\TGuwXvl.exe
  C:\Windows\System\TGuwXvl.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\GiEsaZY.exe
  C:\Windows\System\GiEsaZY.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\IAkGbBj.exe
  C:\Windows\System\IAkGbBj.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\CsJBPBh.exe
  C:\Windows\System\CsJBPBh.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\fvJnvaU.exe
  C:\Windows\System\fvJnvaU.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\wnfQsLB.exe
  C:\Windows\System\wnfQsLB.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\YDUYmuo.exe
  C:\Windows\System\YDUYmuo.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\WLRnKzw.exe
  C:\Windows\System\WLRnKzw.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\NILpuqi.exe
  C:\Windows\System\NILpuqi.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\TPsEjFd.exe
  C:\Windows\System\TPsEjFd.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\VJcbWhT.exe
  C:\Windows\System\VJcbWhT.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\qxaIZsm.exe
  C:\Windows\System\qxaIZsm.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\csUZpZp.exe
  C:\Windows\System\csUZpZp.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\YqEEZEO.exe
  C:\Windows\System\YqEEZEO.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\KHBvsIL.exe
  C:\Windows\System\KHBvsIL.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\rjohGaX.exe
  C:\Windows\System\rjohGaX.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\hyAgGNd.exe
  C:\Windows\System\hyAgGNd.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\FmpeLLI.exe
  C:\Windows\System\FmpeLLI.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\zZAmpsv.exe
  C:\Windows\System\zZAmpsv.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\GMeFrPs.exe
  C:\Windows\System\GMeFrPs.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\jeSzBpy.exe
  C:\Windows\System\jeSzBpy.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\HoKGUkq.exe
  C:\Windows\System\HoKGUkq.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\mubOjiF.exe
  C:\Windows\System\mubOjiF.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\rirbqOQ.exe
  C:\Windows\System\rirbqOQ.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\LizZhaQ.exe
  C:\Windows\System\LizZhaQ.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\eVxZMZw.exe
  C:\Windows\System\eVxZMZw.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\ooQfYdb.exe
  C:\Windows\System\ooQfYdb.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\fpMgTQl.exe
  C:\Windows\System\fpMgTQl.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\rRlhszR.exe
  C:\Windows\System\rRlhszR.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\dNfHNwm.exe
  C:\Windows\System\dNfHNwm.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\EHSpYXq.exe
  C:\Windows\System\EHSpYXq.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\nZePDnn.exe
  C:\Windows\System\nZePDnn.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\nRhgwul.exe
  C:\Windows\System\nRhgwul.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\gMXQZvl.exe
  C:\Windows\System\gMXQZvl.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\zEjXuPk.exe
  C:\Windows\System\zEjXuPk.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\pwPoIzX.exe
  C:\Windows\System\pwPoIzX.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\KFulGLM.exe
  C:\Windows\System\KFulGLM.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\wRLZsbS.exe
  C:\Windows\System\wRLZsbS.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\tdpqGMe.exe
  C:\Windows\System\tdpqGMe.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\JULSWPJ.exe
  C:\Windows\System\JULSWPJ.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\VhRHvnE.exe
  C:\Windows\System\VhRHvnE.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\OhufmRI.exe
  C:\Windows\System\OhufmRI.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\MriZVtA.exe
  C:\Windows\System\MriZVtA.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\UXSnIMD.exe
  C:\Windows\System\UXSnIMD.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\jptUrEB.exe
  C:\Windows\System\jptUrEB.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\mwjiDfK.exe
  C:\Windows\System\mwjiDfK.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\IKRBHBr.exe
  C:\Windows\System\IKRBHBr.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\CPECMLN.exe
  C:\Windows\System\CPECMLN.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\BQLQUGX.exe
  C:\Windows\System\BQLQUGX.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\LkpbuWI.exe
  C:\Windows\System\LkpbuWI.exe
  2⤵
  PID:2976
- C:\Windows\System\idvYoOu.exe
  C:\Windows\System\idvYoOu.exe
  2⤵
  PID:2192
- C:\Windows\System\UbGBboO.exe
  C:\Windows\System\UbGBboO.exe
  2⤵
  PID:880
- C:\Windows\System\KbrRXpR.exe
  C:\Windows\System\KbrRXpR.exe
  2⤵
  PID:1940
- C:\Windows\System\VuHsaOr.exe
  C:\Windows\System\VuHsaOr.exe
  2⤵
  PID:992
- C:\Windows\System\fhBQnbD.exe
  C:\Windows\System\fhBQnbD.exe
  2⤵
  PID:2568
- C:\Windows\System\yiCVipN.exe
  C:\Windows\System\yiCVipN.exe
  2⤵
  PID:1920
- C:\Windows\System\ExVSAUG.exe
  C:\Windows\System\ExVSAUG.exe
  2⤵
  PID:2560
- C:\Windows\System\WONDXvr.exe
  C:\Windows\System\WONDXvr.exe
  2⤵
  PID:1860
- C:\Windows\System\voCdfra.exe
  C:\Windows\System\voCdfra.exe
  2⤵
  PID:648
- C:\Windows\System\fXSgNka.exe
  C:\Windows\System\fXSgNka.exe
  2⤵
  PID:1688
- C:\Windows\System\BnRJsby.exe
  C:\Windows\System\BnRJsby.exe
  2⤵
  PID:932
- C:\Windows\System\QyNfQeI.exe
  C:\Windows\System\QyNfQeI.exe
  2⤵
  PID:928
- C:\Windows\System\UQNfZwI.exe
  C:\Windows\System\UQNfZwI.exe
  2⤵
  PID:2284
- C:\Windows\System\UltujST.exe
  C:\Windows\System\UltujST.exe
  2⤵
  PID:3068
- C:\Windows\System\rdDTeAg.exe
  C:\Windows\System\rdDTeAg.exe
  2⤵
  PID:1760
- C:\Windows\System\zcaeZzG.exe
  C:\Windows\System\zcaeZzG.exe
  2⤵
  PID:2320
- C:\Windows\System\bZbDOZa.exe
  C:\Windows\System\bZbDOZa.exe
  2⤵
  PID:2356
- C:\Windows\System\dRNLDqF.exe
  C:\Windows\System\dRNLDqF.exe
  2⤵
  PID:2888
- C:\Windows\System\adrtPex.exe
  C:\Windows\System\adrtPex.exe
  2⤵
  PID:704
- C:\Windows\System\ZsOxNJm.exe
  C:\Windows\System\ZsOxNJm.exe
  2⤵
  PID:2852
- C:\Windows\System\HpZcrrs.exe
  C:\Windows\System\HpZcrrs.exe
  2⤵
  PID:1388
- C:\Windows\System\DPcRdgM.exe
  C:\Windows\System\DPcRdgM.exe
  2⤵
  PID:2580
- C:\Windows\System\jBweXNB.exe
  C:\Windows\System\jBweXNB.exe
  2⤵
  PID:1708
- C:\Windows\System\nmFFyYg.exe
  C:\Windows\System\nmFFyYg.exe
  2⤵
  PID:2212
- C:\Windows\System\ULZMBVV.exe
  C:\Windows\System\ULZMBVV.exe
  2⤵
  PID:1044
- C:\Windows\System\hFaAoDs.exe
  C:\Windows\System\hFaAoDs.exe
  2⤵
  PID:1108
- C:\Windows\System\ioQTkjr.exe
  C:\Windows\System\ioQTkjr.exe
  2⤵
  PID:2428
- C:\Windows\System\xbmkrhc.exe
  C:\Windows\System\xbmkrhc.exe
  2⤵
  PID:2436
- C:\Windows\System\YWlhvIs.exe
  C:\Windows\System\YWlhvIs.exe
  2⤵
  PID:936
- C:\Windows\System\EsZVwHB.exe
  C:\Windows\System\EsZVwHB.exe
  2⤵
  PID:904
- C:\Windows\System\ksndBDW.exe
  C:\Windows\System\ksndBDW.exe
  2⤵
  PID:1536
- C:\Windows\System\vvAWlzH.exe
  C:\Windows\System\vvAWlzH.exe
  2⤵
  PID:2084
- C:\Windows\System\AcJsipr.exe
  C:\Windows\System\AcJsipr.exe
  2⤵
  PID:1736
- C:\Windows\System\GFxCzLT.exe
  C:\Windows\System\GFxCzLT.exe
  2⤵
  PID:3060
- C:\Windows\System\WxWpFBe.exe
  C:\Windows\System\WxWpFBe.exe
  2⤵
  PID:2148
- C:\Windows\System\VSeHeZN.exe
  C:\Windows\System\VSeHeZN.exe
  2⤵
  PID:1756
- C:\Windows\System\iVpNagr.exe
  C:\Windows\System\iVpNagr.exe
  2⤵
  PID:2116
- C:\Windows\System\jersDez.exe
  C:\Windows\System\jersDez.exe
  2⤵
  PID:1596
- C:\Windows\System\bqAStGx.exe
  C:\Windows\System\bqAStGx.exe
  2⤵
  PID:2668
- C:\Windows\System\FZIdGGR.exe
  C:\Windows\System\FZIdGGR.exe
  2⤵
  PID:1444
- C:\Windows\System\iVzSivg.exe
  C:\Windows\System\iVzSivg.exe
  2⤵
  PID:2292
- C:\Windows\System\pcCBuZq.exe
  C:\Windows\System\pcCBuZq.exe
  2⤵
  PID:2672
- C:\Windows\System\MKnuuRx.exe
  C:\Windows\System\MKnuuRx.exe
  2⤵
  PID:2332
- C:\Windows\System\RbtgBNR.exe
  C:\Windows\System\RbtgBNR.exe
  2⤵
  PID:2020
- C:\Windows\System\IjXuqKR.exe
  C:\Windows\System\IjXuqKR.exe
  2⤵
  PID:948
- C:\Windows\System\efgRbLi.exe
  C:\Windows\System\efgRbLi.exe
  2⤵
  PID:396
- C:\Windows\System\vhxIgpG.exe
  C:\Windows\System\vhxIgpG.exe
  2⤵
  PID:3088
- C:\Windows\System\uLhFrno.exe
  C:\Windows\System\uLhFrno.exe
  2⤵
  PID:3108
- C:\Windows\System\MjnTLKs.exe
  C:\Windows\System\MjnTLKs.exe
  2⤵
  PID:3128
- C:\Windows\System\zjzVXIH.exe
  C:\Windows\System\zjzVXIH.exe
  2⤵
  PID:3148
- C:\Windows\System\LvnZIGx.exe
  C:\Windows\System\LvnZIGx.exe
  2⤵
  PID:3164
- C:\Windows\System\JPJwWuu.exe
  C:\Windows\System\JPJwWuu.exe
  2⤵
  PID:3184
- C:\Windows\System\RpVUtzD.exe
  C:\Windows\System\RpVUtzD.exe
  2⤵
  PID:3208
- C:\Windows\System\hHDfAsv.exe
  C:\Windows\System\hHDfAsv.exe
  2⤵
  PID:3228
- C:\Windows\System\FpOXnid.exe
  C:\Windows\System\FpOXnid.exe
  2⤵
  PID:3248
- C:\Windows\System\qHBYBgK.exe
  C:\Windows\System\qHBYBgK.exe
  2⤵
  PID:3268
- C:\Windows\System\rhlzoOJ.exe
  C:\Windows\System\rhlzoOJ.exe
  2⤵
  PID:3288
- C:\Windows\System\bHNTUUh.exe
  C:\Windows\System\bHNTUUh.exe
  2⤵
  PID:3308
- C:\Windows\System\gdOWVzR.exe
  C:\Windows\System\gdOWVzR.exe
  2⤵
  PID:3328
- C:\Windows\System\xbBiAqG.exe
  C:\Windows\System\xbBiAqG.exe
  2⤵
  PID:3348
- C:\Windows\System\xBhvKmm.exe
  C:\Windows\System\xBhvKmm.exe
  2⤵
  PID:3368
- C:\Windows\System\YaRQkvH.exe
  C:\Windows\System\YaRQkvH.exe
  2⤵
  PID:3388
- C:\Windows\System\IzRKwen.exe
  C:\Windows\System\IzRKwen.exe
  2⤵
  PID:3404
- C:\Windows\System\yLUFmEA.exe
  C:\Windows\System\yLUFmEA.exe
  2⤵
  PID:3428
- C:\Windows\System\xecRcaD.exe
  C:\Windows\System\xecRcaD.exe
  2⤵
  PID:3444
- C:\Windows\System\mvxtKMO.exe
  C:\Windows\System\mvxtKMO.exe
  2⤵
  PID:3464
- C:\Windows\System\BEjhtAB.exe
  C:\Windows\System\BEjhtAB.exe
  2⤵
  PID:3488
- C:\Windows\System\fdRbhpA.exe
  C:\Windows\System\fdRbhpA.exe
  2⤵
  PID:3508
- C:\Windows\System\ItyUwsl.exe
  C:\Windows\System\ItyUwsl.exe
  2⤵
  PID:3528
- C:\Windows\System\pfoNTBO.exe
  C:\Windows\System\pfoNTBO.exe
  2⤵
  PID:3548
- C:\Windows\System\GEUbjbZ.exe
  C:\Windows\System\GEUbjbZ.exe
  2⤵
  PID:3568
- C:\Windows\System\DaVnZWD.exe
  C:\Windows\System\DaVnZWD.exe
  2⤵
  PID:3588
- C:\Windows\System\lNUhCmi.exe
  C:\Windows\System\lNUhCmi.exe
  2⤵
  PID:3608
- C:\Windows\System\JWDmBeP.exe
  C:\Windows\System\JWDmBeP.exe
  2⤵
  PID:3628
- C:\Windows\System\ZQxyNFN.exe
  C:\Windows\System\ZQxyNFN.exe
  2⤵
  PID:3648
- C:\Windows\System\JMUnCGh.exe
  C:\Windows\System\JMUnCGh.exe
  2⤵
  PID:3668
- C:\Windows\System\vMvsnxt.exe
  C:\Windows\System\vMvsnxt.exe
  2⤵
  PID:3684
- C:\Windows\System\vcbidhO.exe
  C:\Windows\System\vcbidhO.exe
  2⤵
  PID:3708
- C:\Windows\System\PJNIrsN.exe
  C:\Windows\System\PJNIrsN.exe
  2⤵
  PID:3724
- C:\Windows\System\yMrkBlh.exe
  C:\Windows\System\yMrkBlh.exe
  2⤵
  PID:3744
- C:\Windows\System\GGnCyHX.exe
  C:\Windows\System\GGnCyHX.exe
  2⤵
  PID:3764
- C:\Windows\System\NXxPYau.exe
  C:\Windows\System\NXxPYau.exe
  2⤵
  PID:3788
- C:\Windows\System\TlDjyTS.exe
  C:\Windows\System\TlDjyTS.exe
  2⤵
  PID:3808
- C:\Windows\System\KWHBsuO.exe
  C:\Windows\System\KWHBsuO.exe
  2⤵
  PID:3828
- C:\Windows\System\jzFNAIx.exe
  C:\Windows\System\jzFNAIx.exe
  2⤵
  PID:3844
- C:\Windows\System\qyFKLJN.exe
  C:\Windows\System\qyFKLJN.exe
  2⤵
  PID:3864
- C:\Windows\System\dANKaYc.exe
  C:\Windows\System\dANKaYc.exe
  2⤵
  PID:3884
- C:\Windows\System\tldaVHs.exe
  C:\Windows\System\tldaVHs.exe
  2⤵
  PID:3908
- C:\Windows\System\DSenRkK.exe
  C:\Windows\System\DSenRkK.exe
  2⤵
  PID:3928
- C:\Windows\System\gZfOphV.exe
  C:\Windows\System\gZfOphV.exe
  2⤵
  PID:3948
- C:\Windows\System\eXHFXbS.exe
  C:\Windows\System\eXHFXbS.exe
  2⤵
  PID:3964
- C:\Windows\System\yokrKYY.exe
  C:\Windows\System\yokrKYY.exe
  2⤵
  PID:3988
- C:\Windows\System\DdaTrxd.exe
  C:\Windows\System\DdaTrxd.exe
  2⤵
  PID:4008
- C:\Windows\System\bVhJiij.exe
  C:\Windows\System\bVhJiij.exe
  2⤵
  PID:4028
- C:\Windows\System\TkzUBVi.exe
  C:\Windows\System\TkzUBVi.exe
  2⤵
  PID:4048
- C:\Windows\System\bblTWYz.exe
  C:\Windows\System\bblTWYz.exe
  2⤵
  PID:4076
- C:\Windows\System\RMubRQy.exe
  C:\Windows\System\RMubRQy.exe
  2⤵
  PID:4092
- C:\Windows\System\JssNxKJ.exe
  C:\Windows\System\JssNxKJ.exe
  2⤵
  PID:2324
- C:\Windows\System\jjJzkTC.exe
  C:\Windows\System\jjJzkTC.exe
  2⤵
  PID:2352
- C:\Windows\System\DFefmua.exe
  C:\Windows\System\DFefmua.exe
  2⤵
  PID:1928
- C:\Windows\System\gGBrxUN.exe
  C:\Windows\System\gGBrxUN.exe
  2⤵
  PID:2108
- C:\Windows\System\kCCMwbu.exe
  C:\Windows\System\kCCMwbu.exe
  2⤵
  PID:1992
- C:\Windows\System\KfzTeVx.exe
  C:\Windows\System\KfzTeVx.exe
  2⤵
  PID:2556
- C:\Windows\System\xAtFsNw.exe
  C:\Windows\System\xAtFsNw.exe
  2⤵
  PID:1800
- C:\Windows\System\crfySQc.exe
  C:\Windows\System\crfySQc.exe
  2⤵
  PID:3096
- C:\Windows\System\WUdwygx.exe
  C:\Windows\System\WUdwygx.exe
  2⤵
  PID:3116
- C:\Windows\System\nSDwXIB.exe
  C:\Windows\System\nSDwXIB.exe
  2⤵
  PID:3124
- C:\Windows\System\IDxnDZH.exe
  C:\Windows\System\IDxnDZH.exe
  2⤵
  PID:3156
- C:\Windows\System\xaGnFDs.exe
  C:\Windows\System\xaGnFDs.exe
  2⤵
  PID:3160
- C:\Windows\System\izxUTQB.exe
  C:\Windows\System\izxUTQB.exe
  2⤵
  PID:3264
- C:\Windows\System\HpFvOHq.exe
  C:\Windows\System\HpFvOHq.exe
  2⤵
  PID:3276
- C:\Windows\System\yRNVQxr.exe
  C:\Windows\System\yRNVQxr.exe
  2⤵
  PID:3300
- C:\Windows\System\VnDJSUj.exe
  C:\Windows\System\VnDJSUj.exe
  2⤵
  PID:3324
- C:\Windows\System\wALhnQa.exe
  C:\Windows\System\wALhnQa.exe
  2⤵
  PID:3360
- C:\Windows\System\ghzpxen.exe
  C:\Windows\System\ghzpxen.exe
  2⤵
  PID:3424
- C:\Windows\System\ySjJtUm.exe
  C:\Windows\System\ySjJtUm.exe
  2⤵
  PID:3456
- C:\Windows\System\qkMuTrs.exe
  C:\Windows\System\qkMuTrs.exe
  2⤵
  PID:3440
- C:\Windows\System\DmZdOPf.exe
  C:\Windows\System\DmZdOPf.exe
  2⤵
  PID:3516
- C:\Windows\System\EGXexgB.exe
  C:\Windows\System\EGXexgB.exe
  2⤵
  PID:3544
- C:\Windows\System\eNexMUA.exe
  C:\Windows\System\eNexMUA.exe
  2⤵
  PID:3564
- C:\Windows\System\mgpzRCx.exe
  C:\Windows\System\mgpzRCx.exe
  2⤵
  PID:3624
- C:\Windows\System\pwUauwJ.exe
  C:\Windows\System\pwUauwJ.exe
  2⤵
  PID:3660
- C:\Windows\System\bsDVcTN.exe
  C:\Windows\System\bsDVcTN.exe
  2⤵
  PID:3644
- C:\Windows\System\UfjrtBP.exe
  C:\Windows\System\UfjrtBP.exe
  2⤵
  PID:3732
- C:\Windows\System\uQYJVMy.exe
  C:\Windows\System\uQYJVMy.exe
  2⤵
  PID:3776
- C:\Windows\System\sVUekMd.exe
  C:\Windows\System\sVUekMd.exe
  2⤵
  PID:3756
- C:\Windows\System\rPLONmG.exe
  C:\Windows\System\rPLONmG.exe
  2⤵
  PID:3820
- C:\Windows\System\rhQXtAk.exe
  C:\Windows\System\rhQXtAk.exe
  2⤵
  PID:3856
- C:\Windows\System\QderVNE.exe
  C:\Windows\System\QderVNE.exe
  2⤵
  PID:3836
- C:\Windows\System\jINXnmR.exe
  C:\Windows\System\jINXnmR.exe
  2⤵
  PID:3916
- C:\Windows\System\KjVxmMW.exe
  C:\Windows\System\KjVxmMW.exe
  2⤵
  PID:3920
- C:\Windows\System\wVcjqXA.exe
  C:\Windows\System\wVcjqXA.exe
  2⤵
  PID:4024
- C:\Windows\System\PEqVkvL.exe
  C:\Windows\System\PEqVkvL.exe
  2⤵
  PID:4004
- C:\Windows\System\dGkVgDz.exe
  C:\Windows\System\dGkVgDz.exe
  2⤵
  PID:4060
- C:\Windows\System\rjSqTiq.exe
  C:\Windows\System\rjSqTiq.exe
  2⤵
  PID:1700
- C:\Windows\System\LQsvXxf.exe
  C:\Windows\System\LQsvXxf.exe
  2⤵
  PID:3020
- C:\Windows\System\jkqnmAt.exe
  C:\Windows\System\jkqnmAt.exe
  2⤵
  PID:2496
- C:\Windows\System\SjsreHy.exe
  C:\Windows\System\SjsreHy.exe
  2⤵
  PID:1484
- C:\Windows\System\mEDHzBf.exe
  C:\Windows\System\mEDHzBf.exe
  2⤵
  PID:2220
- C:\Windows\System\lyrJeug.exe
  C:\Windows\System\lyrJeug.exe
  2⤵
  PID:3100
- C:\Windows\System\zbwpCaX.exe
  C:\Windows\System\zbwpCaX.exe
  2⤵
  PID:3180
- C:\Windows\System\UenKjhR.exe
  C:\Windows\System\UenKjhR.exe
  2⤵
  PID:3196
- C:\Windows\System\SyckCsY.exe
  C:\Windows\System\SyckCsY.exe
  2⤵
  PID:3280
- C:\Windows\System\CwyvohU.exe
  C:\Windows\System\CwyvohU.exe
  2⤵
  PID:3340
- C:\Windows\System\FtITUBD.exe
  C:\Windows\System\FtITUBD.exe
  2⤵
  PID:3316
- C:\Windows\System\cCSuDFr.exe
  C:\Windows\System\cCSuDFr.exe
  2⤵
  PID:3400
- C:\Windows\System\CUOdBSY.exe
  C:\Windows\System\CUOdBSY.exe
  2⤵
  PID:3500
- C:\Windows\System\WJHzYph.exe
  C:\Windows\System\WJHzYph.exe
  2⤵
  PID:3472
- C:\Windows\System\iYTpkTP.exe
  C:\Windows\System\iYTpkTP.exe
  2⤵
  PID:3536
- C:\Windows\System\PoVkVsP.exe
  C:\Windows\System\PoVkVsP.exe
  2⤵
  PID:3656
- C:\Windows\System\yszwDJN.exe
  C:\Windows\System\yszwDJN.exe
  2⤵
  PID:3700
- C:\Windows\System\denbkEN.exe
  C:\Windows\System\denbkEN.exe
  2⤵
  PID:3736
- C:\Windows\System\iioAbSa.exe
  C:\Windows\System\iioAbSa.exe
  2⤵
  PID:3720
- C:\Windows\System\KTEuDah.exe
  C:\Windows\System\KTEuDah.exe
  2⤵
  PID:3796
- C:\Windows\System\IeFcJEs.exe
  C:\Windows\System\IeFcJEs.exe
  2⤵
  PID:3900
- C:\Windows\System\fPeDieL.exe
  C:\Windows\System\fPeDieL.exe
  2⤵
  PID:3944
- C:\Windows\System\revxuwM.exe
  C:\Windows\System\revxuwM.exe
  2⤵
  PID:4036
- C:\Windows\System\XlgSceS.exe
  C:\Windows\System\XlgSceS.exe
  2⤵
  PID:3956
- C:\Windows\System\JwYFQTo.exe
  C:\Windows\System\JwYFQTo.exe
  2⤵
  PID:4084
- C:\Windows\System\FHNDnCr.exe
  C:\Windows\System\FHNDnCr.exe
  2⤵
  PID:2508
- C:\Windows\System\iVINxDE.exe
  C:\Windows\System\iVINxDE.exe
  2⤵
  PID:1604
- C:\Windows\System\szAycIJ.exe
  C:\Windows\System\szAycIJ.exe
  2⤵
  PID:2400
- C:\Windows\System\porxbxE.exe
  C:\Windows\System\porxbxE.exe
  2⤵
  PID:3144
- C:\Windows\System\wOHswtd.exe
  C:\Windows\System\wOHswtd.exe
  2⤵
  PID:3256
- C:\Windows\System\IbUJrxk.exe
  C:\Windows\System\IbUJrxk.exe
  2⤵
  PID:3380
- C:\Windows\System\HCHVpNK.exe
  C:\Windows\System\HCHVpNK.exe
  2⤵
  PID:3496
- C:\Windows\System\tlqdlDk.exe
  C:\Windows\System\tlqdlDk.exe
  2⤵
  PID:3420
- C:\Windows\System\AOxhiRa.exe
  C:\Windows\System\AOxhiRa.exe
  2⤵
  PID:3600
- C:\Windows\System\SCLNTLu.exe
  C:\Windows\System\SCLNTLu.exe
  2⤵
  PID:3696
- C:\Windows\System\AMFyInE.exe
  C:\Windows\System\AMFyInE.exe
  2⤵
  PID:3800
- C:\Windows\System\nOTtEwG.exe
  C:\Windows\System\nOTtEwG.exe
  2⤵
  PID:3872
- C:\Windows\System\SgcMCNQ.exe
  C:\Windows\System\SgcMCNQ.exe
  2⤵
  PID:3984
- C:\Windows\System\MRlgeNN.exe
  C:\Windows\System\MRlgeNN.exe
  2⤵
  PID:2848
- C:\Windows\System\PDwmTWJ.exe
  C:\Windows\System\PDwmTWJ.exe
  2⤵
  PID:3960
- C:\Windows\System\GPqEeAR.exe
  C:\Windows\System\GPqEeAR.exe
  2⤵
  PID:2748
- C:\Windows\System\LqXOMvm.exe
  C:\Windows\System\LqXOMvm.exe
  2⤵
  PID:3296
- C:\Windows\System\yJVJfeo.exe
  C:\Windows\System\yJVJfeo.exe
  2⤵
  PID:3412
- C:\Windows\System\tuMitrE.exe
  C:\Windows\System\tuMitrE.exe
  2⤵
  PID:3480
- C:\Windows\System\QKZGSLy.exe
  C:\Windows\System\QKZGSLy.exe
  2⤵
  PID:4068
- C:\Windows\System\CRLESJc.exe
  C:\Windows\System\CRLESJc.exe
  2⤵
  PID:4116
- C:\Windows\System\RLmROUW.exe
  C:\Windows\System\RLmROUW.exe
  2⤵
  PID:4136
- C:\Windows\System\CAOmcib.exe
  C:\Windows\System\CAOmcib.exe
  2⤵
  PID:4156
- C:\Windows\System\vRCfEtY.exe
  C:\Windows\System\vRCfEtY.exe
  2⤵
  PID:4172
- C:\Windows\System\taNruRj.exe
  C:\Windows\System\taNruRj.exe
  2⤵
  PID:4200
- C:\Windows\System\kdlSkSU.exe
  C:\Windows\System\kdlSkSU.exe
  2⤵
  PID:4216
- C:\Windows\System\fWsHpKE.exe
  C:\Windows\System\fWsHpKE.exe
  2⤵
  PID:4240
- C:\Windows\System\cKCjKFP.exe
  C:\Windows\System\cKCjKFP.exe
  2⤵
  PID:4260
- C:\Windows\System\rciPVDH.exe
  C:\Windows\System\rciPVDH.exe
  2⤵
  PID:4280
- C:\Windows\System\SdKkAzq.exe
  C:\Windows\System\SdKkAzq.exe
  2⤵
  PID:4300
- C:\Windows\System\VuWIfvI.exe
  C:\Windows\System\VuWIfvI.exe
  2⤵
  PID:4320
- C:\Windows\System\NzGdcgo.exe
  C:\Windows\System\NzGdcgo.exe
  2⤵
  PID:4340
- C:\Windows\System\RWjCXkk.exe
  C:\Windows\System\RWjCXkk.exe
  2⤵
  PID:4360
- C:\Windows\System\LNAYgbX.exe
  C:\Windows\System\LNAYgbX.exe
  2⤵
  PID:4380
- C:\Windows\System\UWVfFwH.exe
  C:\Windows\System\UWVfFwH.exe
  2⤵
  PID:4400
- C:\Windows\System\ZWrxzyM.exe
  C:\Windows\System\ZWrxzyM.exe
  2⤵
  PID:4420
- C:\Windows\System\qyPCMgj.exe
  C:\Windows\System\qyPCMgj.exe
  2⤵
  PID:4440
- C:\Windows\System\HjAFwqm.exe
  C:\Windows\System\HjAFwqm.exe
  2⤵
  PID:4460
- C:\Windows\System\TdeOcWd.exe
  C:\Windows\System\TdeOcWd.exe
  2⤵
  PID:4480
- C:\Windows\System\IAqDNor.exe
  C:\Windows\System\IAqDNor.exe
  2⤵
  PID:4500
- C:\Windows\System\weCYUtU.exe
  C:\Windows\System\weCYUtU.exe
  2⤵
  PID:4520
- C:\Windows\System\MEousJn.exe
  C:\Windows\System\MEousJn.exe
  2⤵
  PID:4540
- C:\Windows\System\PQyugHH.exe
  C:\Windows\System\PQyugHH.exe
  2⤵
  PID:4560
- C:\Windows\System\ZnrVcNr.exe
  C:\Windows\System\ZnrVcNr.exe
  2⤵
  PID:4576
- C:\Windows\System\WRDBsxu.exe
  C:\Windows\System\WRDBsxu.exe
  2⤵
  PID:4600
- C:\Windows\System\VhADDEt.exe
  C:\Windows\System\VhADDEt.exe
  2⤵
  PID:4620
- C:\Windows\System\fXxvEBW.exe
  C:\Windows\System\fXxvEBW.exe
  2⤵
  PID:4640
- C:\Windows\System\OMDamGi.exe
  C:\Windows\System\OMDamGi.exe
  2⤵
  PID:4664
- C:\Windows\System\gnIRqSc.exe
  C:\Windows\System\gnIRqSc.exe
  2⤵
  PID:4684
- C:\Windows\System\sZBHwiC.exe
  C:\Windows\System\sZBHwiC.exe
  2⤵
  PID:4704
- C:\Windows\System\XvTSAcq.exe
  C:\Windows\System\XvTSAcq.exe
  2⤵
  PID:4724
- C:\Windows\System\CnYHMVX.exe
  C:\Windows\System\CnYHMVX.exe
  2⤵
  PID:4740
- C:\Windows\System\SydkOwD.exe
  C:\Windows\System\SydkOwD.exe
  2⤵
  PID:4764
- C:\Windows\System\NkshkCB.exe
  C:\Windows\System\NkshkCB.exe
  2⤵
  PID:4780
- C:\Windows\System\NlXRjFF.exe
  C:\Windows\System\NlXRjFF.exe
  2⤵
  PID:4800
- C:\Windows\System\XZOfxOF.exe
  C:\Windows\System\XZOfxOF.exe
  2⤵
  PID:4824
- C:\Windows\System\ausgmly.exe
  C:\Windows\System\ausgmly.exe
  2⤵
  PID:4844
- C:\Windows\System\AOXobHc.exe
  C:\Windows\System\AOXobHc.exe
  2⤵
  PID:4860
- C:\Windows\System\QSeELOX.exe
  C:\Windows\System\QSeELOX.exe
  2⤵
  PID:4880
- C:\Windows\System\zMJWvyc.exe
  C:\Windows\System\zMJWvyc.exe
  2⤵
  PID:4904
- C:\Windows\System\vrWeJoZ.exe
  C:\Windows\System\vrWeJoZ.exe
  2⤵
  PID:4924
- C:\Windows\System\GbaoEwO.exe
  C:\Windows\System\GbaoEwO.exe
  2⤵
  PID:4940
- C:\Windows\System\dwmyxvt.exe
  C:\Windows\System\dwmyxvt.exe
  2⤵
  PID:4964
- C:\Windows\System\npJVfrN.exe
  C:\Windows\System\npJVfrN.exe
  2⤵
  PID:4980
- C:\Windows\System\IygonpQ.exe
  C:\Windows\System\IygonpQ.exe
  2⤵
  PID:5004
- C:\Windows\System\LnbRHlQ.exe
  C:\Windows\System\LnbRHlQ.exe
  2⤵
  PID:5020
- C:\Windows\System\fQoRGez.exe
  C:\Windows\System\fQoRGez.exe
  2⤵
  PID:5044
- C:\Windows\System\MNcsyxa.exe
  C:\Windows\System\MNcsyxa.exe
  2⤵
  PID:5064
- C:\Windows\System\lcUQrEH.exe
  C:\Windows\System\lcUQrEH.exe
  2⤵
  PID:5084
- C:\Windows\System\RficJXj.exe
  C:\Windows\System\RficJXj.exe
  2⤵
  PID:5104
- C:\Windows\System\MIPxmMK.exe
  C:\Windows\System\MIPxmMK.exe
  2⤵
  PID:3704
- C:\Windows\System\EgqBCUi.exe
  C:\Windows\System\EgqBCUi.exe
  2⤵
  PID:3896
- C:\Windows\System\vsIyryW.exe
  C:\Windows\System\vsIyryW.exe
  2⤵
  PID:4040
- C:\Windows\System\TCEWKaz.exe
  C:\Windows\System\TCEWKaz.exe
  2⤵
  PID:3940
- C:\Windows\System\krxafxI.exe
  C:\Windows\System\krxafxI.exe
  2⤵
  PID:2424
- C:\Windows\System\AYxjtlU.exe
  C:\Windows\System\AYxjtlU.exe
  2⤵
  PID:3244
- C:\Windows\System\caJAGTD.exe
  C:\Windows\System\caJAGTD.exe
  2⤵
  PID:3140
- C:\Windows\System\heNFQoZ.exe
  C:\Windows\System\heNFQoZ.exe
  2⤵
  PID:3664
- C:\Windows\System\iqmwWGC.exe
  C:\Windows\System\iqmwWGC.exe
  2⤵
  PID:4128
- C:\Windows\System\ZBsubof.exe
  C:\Windows\System\ZBsubof.exe
  2⤵
  PID:4188
- C:\Windows\System\tulOhmS.exe
  C:\Windows\System\tulOhmS.exe
  2⤵
  PID:4232
- C:\Windows\System\ePmYlGo.exe
  C:\Windows\System\ePmYlGo.exe
  2⤵
  PID:4268
- C:\Windows\System\xJimohs.exe
  C:\Windows\System\xJimohs.exe
  2⤵
  PID:4252
- C:\Windows\System\BjCKWhl.exe
  C:\Windows\System\BjCKWhl.exe
  2⤵
  PID:4348
- C:\Windows\System\iCmiRKV.exe
  C:\Windows\System\iCmiRKV.exe
  2⤵
  PID:4352
- C:\Windows\System\SBmvzOp.exe
  C:\Windows\System\SBmvzOp.exe
  2⤵
  PID:4428
- C:\Windows\System\UxGsFbv.exe
  C:\Windows\System\UxGsFbv.exe
  2⤵
  PID:4432
- C:\Windows\System\OItNeld.exe
  C:\Windows\System\OItNeld.exe
  2⤵
  PID:4416
- C:\Windows\System\hOMwwIm.exe
  C:\Windows\System\hOMwwIm.exe
  2⤵
  PID:4508
- C:\Windows\System\qGqSEIO.exe
  C:\Windows\System\qGqSEIO.exe
  2⤵
  PID:4512
- C:\Windows\System\tGAnKgp.exe
  C:\Windows\System\tGAnKgp.exe
  2⤵
  PID:4552
- C:\Windows\System\SrDWwjp.exe
  C:\Windows\System\SrDWwjp.exe
  2⤵
  PID:4588
- C:\Windows\System\ZShduZi.exe
  C:\Windows\System\ZShduZi.exe
  2⤵
  PID:4608
- C:\Windows\System\HZOSDDL.exe
  C:\Windows\System\HZOSDDL.exe
  2⤵
  PID:4672
- C:\Windows\System\vDLXiKI.exe
  C:\Windows\System\vDLXiKI.exe
  2⤵
  PID:4656
- C:\Windows\System\rFqBdGs.exe
  C:\Windows\System\rFqBdGs.exe
  2⤵
  PID:4716
- C:\Windows\System\CmBdKOS.exe
  C:\Windows\System\CmBdKOS.exe
  2⤵
  PID:4756
- C:\Windows\System\BijrRAc.exe
  C:\Windows\System\BijrRAc.exe
  2⤵
  PID:4792
- C:\Windows\System\gdpRdFb.exe
  C:\Windows\System\gdpRdFb.exe
  2⤵
  PID:4772
- C:\Windows\System\acyNfsW.exe
  C:\Windows\System\acyNfsW.exe
  2⤵
  PID:4816
- C:\Windows\System\ycLrEZl.exe
  C:\Windows\System\ycLrEZl.exe
  2⤵
  PID:4892
- C:\Windows\System\JQxignC.exe
  C:\Windows\System\JQxignC.exe
  2⤵
  PID:4896
- C:\Windows\System\PagXZaE.exe
  C:\Windows\System\PagXZaE.exe
  2⤵
  PID:4932
- C:\Windows\System\ZKuGYhB.exe
  C:\Windows\System\ZKuGYhB.exe
  2⤵
  PID:5000
- C:\Windows\System\uzecJDO.exe
  C:\Windows\System\uzecJDO.exe
  2⤵
  PID:5032
- C:\Windows\System\xgrEomX.exe
  C:\Windows\System\xgrEomX.exe
  2⤵
  PID:5080
- C:\Windows\System\gvxaxXH.exe
  C:\Windows\System\gvxaxXH.exe
  2⤵
  PID:5100
- C:\Windows\System\dJvDcTz.exe
  C:\Windows\System\dJvDcTz.exe
  2⤵
  PID:3876
- C:\Windows\System\KuMoMPf.exe
  C:\Windows\System\KuMoMPf.exe
  2⤵
  PID:2072
- C:\Windows\System\gCmMFwg.exe
  C:\Windows\System\gCmMFwg.exe
  2⤵
  PID:4100
- C:\Windows\System\fUnvNTH.exe
  C:\Windows\System\fUnvNTH.exe
  2⤵
  PID:3076
- C:\Windows\System\UbbicoX.exe
  C:\Windows\System\UbbicoX.exe
  2⤵
  PID:4168
- C:\Windows\System\HJxEgYx.exe
  C:\Windows\System\HJxEgYx.exe
  2⤵
  PID:4276
- C:\Windows\System\KrbMtyn.exe
  C:\Windows\System\KrbMtyn.exe
  2⤵
  PID:4356
- C:\Windows\System\NgpNaWg.exe
  C:\Windows\System\NgpNaWg.exe
  2⤵
  PID:4316
- C:\Windows\System\ApgyGuC.exe
  C:\Windows\System\ApgyGuC.exe
  2⤵
  PID:4388
- C:\Windows\System\OHzqlOP.exe
  C:\Windows\System\OHzqlOP.exe
  2⤵
  PID:4472
- C:\Windows\System\XIMqAPE.exe
  C:\Windows\System\XIMqAPE.exe
  2⤵
  PID:4476
- C:\Windows\System\RGQLoSc.exe
  C:\Windows\System\RGQLoSc.exe
  2⤵
  PID:4536
- C:\Windows\System\sLJFhRT.exe
  C:\Windows\System\sLJFhRT.exe
  2⤵
  PID:4596
- C:\Windows\System\pekmQkY.exe
  C:\Windows\System\pekmQkY.exe
  2⤵
  PID:4760
- C:\Windows\System\mECdQjh.exe
  C:\Windows\System\mECdQjh.exe
  2⤵
  PID:4692
- C:\Windows\System\OWFEhhg.exe
  C:\Windows\System\OWFEhhg.exe
  2⤵
  PID:4812
- C:\Windows\System\MFcZcpU.exe
  C:\Windows\System\MFcZcpU.exe
  2⤵
  PID:4972
- C:\Windows\System\HwFbFlB.exe
  C:\Windows\System\HwFbFlB.exe
  2⤵
  PID:4852
- C:\Windows\System\lTIeXEN.exe
  C:\Windows\System\lTIeXEN.exe
  2⤵
  PID:4836
- C:\Windows\System\ACKDOFR.exe
  C:\Windows\System\ACKDOFR.exe
  2⤵
  PID:4820
- C:\Windows\System\VojyVCE.exe
  C:\Windows\System\VojyVCE.exe
  2⤵
  PID:5012
- C:\Windows\System\xvlZnyu.exe
  C:\Windows\System\xvlZnyu.exe
  2⤵
  PID:3880
- C:\Windows\System\jnyTXZP.exe
  C:\Windows\System\jnyTXZP.exe
  2⤵
  PID:2752
- C:\Windows\System\ZGVKQyV.exe
  C:\Windows\System\ZGVKQyV.exe
  2⤵
  PID:3344
- C:\Windows\System\KMXuoCQ.exe
  C:\Windows\System\KMXuoCQ.exe
  2⤵
  PID:4184
- C:\Windows\System\CyvawKY.exe
  C:\Windows\System\CyvawKY.exe
  2⤵
  PID:4392
- C:\Windows\System\MOariaT.exe
  C:\Windows\System\MOariaT.exe
  2⤵
  PID:2944
- C:\Windows\System\LZtaqVX.exe
  C:\Windows\System\LZtaqVX.exe
  2⤵
  PID:4372
- C:\Windows\System\utiTcxy.exe
  C:\Windows\System\utiTcxy.exe
  2⤵
  PID:4572
- C:\Windows\System\RUFOcYO.exe
  C:\Windows\System\RUFOcYO.exe
  2⤵
  PID:444
- C:\Windows\System\TnidqUy.exe
  C:\Windows\System\TnidqUy.exe
  2⤵
  PID:4888
- C:\Windows\System\BSWLUqs.exe
  C:\Windows\System\BSWLUqs.exe
  2⤵
  PID:2184
- C:\Windows\System\kylQVkH.exe
  C:\Windows\System\kylQVkH.exe
  2⤵
  PID:2092
- C:\Windows\System\qJSVFtR.exe
  C:\Windows\System\qJSVFtR.exe
  2⤵
  PID:1016
- C:\Windows\System\fvhbNwz.exe
  C:\Windows\System\fvhbNwz.exe
  2⤵
  PID:2756
- C:\Windows\System\PkPTIav.exe
  C:\Windows\System\PkPTIav.exe
  2⤵
  PID:2716
- C:\Windows\System\stivuLv.exe
  C:\Windows\System\stivuLv.exe
  2⤵
  PID:2740
- C:\Windows\System\yqoHdnz.exe
  C:\Windows\System\yqoHdnz.exe
  2⤵
  PID:1060
- C:\Windows\System\mXNcdij.exe
  C:\Windows\System\mXNcdij.exe
  2⤵
  PID:2372
- C:\Windows\System\Gxckpec.exe
  C:\Windows\System\Gxckpec.exe
  2⤵
  PID:3024
- C:\Windows\System\UyKuiAE.exe
  C:\Windows\System\UyKuiAE.exe
  2⤵
  PID:1640
- C:\Windows\System\KsrdNWp.exe
  C:\Windows\System\KsrdNWp.exe
  2⤵
  PID:4648
- C:\Windows\System\sidGluw.exe
  C:\Windows\System\sidGluw.exe
  2⤵
  PID:2500
- C:\Windows\System\aJIKqlM.exe
  C:\Windows\System\aJIKqlM.exe
  2⤵
  PID:3028
- C:\Windows\System\IZsSEEE.exe
  C:\Windows\System\IZsSEEE.exe
  2⤵
  PID:2572
- C:\Windows\System\fhFuSvv.exe
  C:\Windows\System\fhFuSvv.exe
  2⤵
  PID:2264
- C:\Windows\System\MBgRGOK.exe
  C:\Windows\System\MBgRGOK.exe
  2⤵
  PID:5056
- C:\Windows\System\qaxExRN.exe
  C:\Windows\System\qaxExRN.exe
  2⤵
  PID:2056
- C:\Windows\System\tIQkZbH.exe
  C:\Windows\System\tIQkZbH.exe
  2⤵
  PID:1820
- C:\Windows\System\CGedxNk.exe
  C:\Windows\System\CGedxNk.exe
  2⤵
  PID:4104
- C:\Windows\System\VdxgRkJ.exe
  C:\Windows\System\VdxgRkJ.exe
  2⤵
  PID:3852
- C:\Windows\System\fGOZEnt.exe
  C:\Windows\System\fGOZEnt.exe
  2⤵
  PID:1160
- C:\Windows\System\EwWvTHu.exe
  C:\Windows\System\EwWvTHu.exe
  2⤵
  PID:4568
- C:\Windows\System\bdKQIhA.exe
  C:\Windows\System\bdKQIhA.exe
  2⤵
  PID:1780
- C:\Windows\System\vIHkfZo.exe
  C:\Windows\System\vIHkfZo.exe
  2⤵
  PID:544
- C:\Windows\System\ERbpnZt.exe
  C:\Windows\System\ERbpnZt.exe
  2⤵
  PID:1648
- C:\Windows\System\ghVmrER.exe
  C:\Windows\System\ghVmrER.exe
  2⤵
  PID:2172
- C:\Windows\System\PbvOiMl.exe
  C:\Windows\System\PbvOiMl.exe
  2⤵
  PID:2696
- C:\Windows\System\FlpPPoj.exe
  C:\Windows\System\FlpPPoj.exe
  2⤵
  PID:4072
- C:\Windows\System\cDEwEfb.exe
  C:\Windows\System\cDEwEfb.exe
  2⤵
  PID:2832
- C:\Windows\System\htzkpFD.exe
  C:\Windows\System\htzkpFD.exe
  2⤵
  PID:4712
- C:\Windows\System\ybcxiWx.exe
  C:\Windows\System\ybcxiWx.exe
  2⤵
  PID:4752
- C:\Windows\System\WOzERZy.exe
  C:\Windows\System\WOzERZy.exe
  2⤵
  PID:2312
- C:\Windows\System\QTcZvGG.exe
  C:\Windows\System\QTcZvGG.exe
  2⤵
  PID:1692
- C:\Windows\System\PKtQQmn.exe
  C:\Windows\System\PKtQQmn.exe
  2⤵
  PID:4960
- C:\Windows\System\FwVUdkO.exe
  C:\Windows\System\FwVUdkO.exe
  2⤵
  PID:4992
- C:\Windows\System\xSSuCMc.exe
  C:\Windows\System\xSSuCMc.exe
  2⤵
  PID:4936
- C:\Windows\System\IDjExGc.exe
  C:\Windows\System\IDjExGc.exe
  2⤵
  PID:4208
- C:\Windows\System\vPkUowa.exe
  C:\Windows\System\vPkUowa.exe
  2⤵
  PID:4592
- C:\Windows\System\gCYXCfS.exe
  C:\Windows\System\gCYXCfS.exe
  2⤵
  PID:1580
- C:\Windows\System\MFycXWH.exe
  C:\Windows\System\MFycXWH.exe
  2⤵
  PID:4148
- C:\Windows\System\bvLeuOk.exe
  C:\Windows\System\bvLeuOk.exe
  2⤵
  PID:2416
- C:\Windows\System\wKbAwEL.exe
  C:\Windows\System\wKbAwEL.exe
  2⤵
  PID:308
- C:\Windows\System\hemDmMS.exe
  C:\Windows\System\hemDmMS.exe
  2⤵
  PID:1164
- C:\Windows\System\WueTvRY.exe
  C:\Windows\System\WueTvRY.exe
  2⤵
  PID:2040
- C:\Windows\System\rerZosL.exe
  C:\Windows\System\rerZosL.exe
  2⤵
  PID:2612
- C:\Windows\System\gOhNLwQ.exe
  C:\Windows\System\gOhNLwQ.exe
  2⤵
  PID:2876
- C:\Windows\System\WJSAOAG.exe
  C:\Windows\System\WJSAOAG.exe
  2⤵
  PID:2448
- C:\Windows\System\bAiNaqc.exe
  C:\Windows\System\bAiNaqc.exe
  2⤵
  PID:4952
- C:\Windows\System\jjZCgbn.exe
  C:\Windows\System\jjZCgbn.exe
  2⤵
  PID:4528
- C:\Windows\System\mxSItBR.exe
  C:\Windows\System\mxSItBR.exe
  2⤵
  PID:2388
- C:\Windows\System\PCeCOtY.exe
  C:\Windows\System\PCeCOtY.exe
  2⤵
  PID:4700
- C:\Windows\System\jWYVhCZ.exe
  C:\Windows\System\jWYVhCZ.exe
  2⤵
  PID:2712
- C:\Windows\System\hjIXWwy.exe
  C:\Windows\System\hjIXWwy.exe
  2⤵
  PID:2664
- C:\Windows\System\SfeZUBa.exe
  C:\Windows\System\SfeZUBa.exe
  2⤵
  PID:4112
- C:\Windows\System\YEZiXXw.exe
  C:\Windows\System\YEZiXXw.exe
  2⤵
  PID:3584
- C:\Windows\System\SjJnQBJ.exe
  C:\Windows\System\SjJnQBJ.exe
  2⤵
  PID:2044
- C:\Windows\System\rxzSJuB.exe
  C:\Windows\System\rxzSJuB.exe
  2⤵
  PID:5040
- C:\Windows\System\JXIFyUH.exe
  C:\Windows\System\JXIFyUH.exe
  2⤵
  PID:4468
- C:\Windows\System\aOlSSrk.exe
  C:\Windows\System\aOlSSrk.exe
  2⤵
  PID:5148
- C:\Windows\System\ogltHCA.exe
  C:\Windows\System\ogltHCA.exe
  2⤵
  PID:5164
- C:\Windows\System\bFvfpjV.exe
  C:\Windows\System\bFvfpjV.exe
  2⤵
  PID:5188
- C:\Windows\System\YeXUwsA.exe
  C:\Windows\System\YeXUwsA.exe
  2⤵
  PID:5204
- C:\Windows\System\UoJnkPW.exe
  C:\Windows\System\UoJnkPW.exe
  2⤵
  PID:5220
- C:\Windows\System\MaAyMpB.exe
  C:\Windows\System\MaAyMpB.exe
  2⤵
  PID:5236
- C:\Windows\System\teMzbKy.exe
  C:\Windows\System\teMzbKy.exe
  2⤵
  PID:5276
- C:\Windows\System\AGoOdfG.exe
  C:\Windows\System\AGoOdfG.exe
  2⤵
  PID:5292
- C:\Windows\System\jSzVdNO.exe
  C:\Windows\System\jSzVdNO.exe
  2⤵
  PID:5316
- C:\Windows\System\PTvwyJl.exe
  C:\Windows\System\PTvwyJl.exe
  2⤵
  PID:5332
- C:\Windows\System\KJWaLvd.exe
  C:\Windows\System\KJWaLvd.exe
  2⤵
  PID:5348
- C:\Windows\System\GehuOdy.exe
  C:\Windows\System\GehuOdy.exe
  2⤵
  PID:5368
- C:\Windows\System\QRvYgVl.exe
  C:\Windows\System\QRvYgVl.exe
  2⤵
  PID:5384
- C:\Windows\System\qgUPntg.exe
  C:\Windows\System\qgUPntg.exe
  2⤵
  PID:5400
- C:\Windows\System\JiDsoSZ.exe
  C:\Windows\System\JiDsoSZ.exe
  2⤵
  PID:5420
- C:\Windows\System\EkgzCpB.exe
  C:\Windows\System\EkgzCpB.exe
  2⤵
  PID:5440
- C:\Windows\System\ZTUbThL.exe
  C:\Windows\System\ZTUbThL.exe
  2⤵
  PID:5460
- C:\Windows\System\kefxeWU.exe
  C:\Windows\System\kefxeWU.exe
  2⤵
  PID:5484
- C:\Windows\System\ngFwjkW.exe
  C:\Windows\System\ngFwjkW.exe
  2⤵
  PID:5500
- C:\Windows\System\KfYhhGL.exe
  C:\Windows\System\KfYhhGL.exe
  2⤵
  PID:5528
- C:\Windows\System\ikYMjIP.exe
  C:\Windows\System\ikYMjIP.exe
  2⤵
  PID:5556
- C:\Windows\System\JByJlPZ.exe
  C:\Windows\System\JByJlPZ.exe
  2⤵
  PID:5572
- C:\Windows\System\vknDpJE.exe
  C:\Windows\System\vknDpJE.exe
  2⤵
  PID:5588
- C:\Windows\System\PLiLKQC.exe
  C:\Windows\System\PLiLKQC.exe
  2⤵
  PID:5604
- C:\Windows\System\kimThYQ.exe
  C:\Windows\System\kimThYQ.exe
  2⤵
  PID:5620
- C:\Windows\System\mLDDmvX.exe
  C:\Windows\System\mLDDmvX.exe
  2⤵
  PID:5636
- C:\Windows\System\pxMgzZa.exe
  C:\Windows\System\pxMgzZa.exe
  2⤵
  PID:5656
- C:\Windows\System\ZIbEbLI.exe
  C:\Windows\System\ZIbEbLI.exe
  2⤵
  PID:5672
- C:\Windows\System\zghLhln.exe
  C:\Windows\System\zghLhln.exe
  2⤵
  PID:5692
- C:\Windows\System\pjvnPUv.exe
  C:\Windows\System\pjvnPUv.exe
  2⤵
  PID:5712
- C:\Windows\System\UvpESID.exe
  C:\Windows\System\UvpESID.exe
  2⤵
  PID:5736
- C:\Windows\System\MZGafAs.exe
  C:\Windows\System\MZGafAs.exe
  2⤵
  PID:5756
- C:\Windows\System\fwhfdnc.exe
  C:\Windows\System\fwhfdnc.exe
  2⤵
  PID:5772
- C:\Windows\System\uJXvirU.exe
  C:\Windows\System\uJXvirU.exe
  2⤵
  PID:5792
- C:\Windows\System\fviNctj.exe
  C:\Windows\System\fviNctj.exe
  2⤵
  PID:5808
- C:\Windows\System\htAfgwD.exe
  C:\Windows\System\htAfgwD.exe
  2⤵
  PID:5860
- C:\Windows\System\gOZJWak.exe
  C:\Windows\System\gOZJWak.exe
  2⤵
  PID:5876
- C:\Windows\System\uBozQAX.exe
  C:\Windows\System\uBozQAX.exe
  2⤵
  PID:5904
- C:\Windows\System\kIkuOnL.exe
  C:\Windows\System\kIkuOnL.exe
  2⤵
  PID:5920
- C:\Windows\System\HTVaUmB.exe
  C:\Windows\System\HTVaUmB.exe
  2⤵
  PID:5936
- C:\Windows\System\ATTnksk.exe
  C:\Windows\System\ATTnksk.exe
  2⤵
  PID:5964
- C:\Windows\System\sySDSCN.exe
  C:\Windows\System\sySDSCN.exe
  2⤵
  PID:5980
- C:\Windows\System\wKBhhmX.exe
  C:\Windows\System\wKBhhmX.exe
  2⤵
  PID:5996
- C:\Windows\System\hhBgxcc.exe
  C:\Windows\System\hhBgxcc.exe
  2⤵
  PID:6012
- C:\Windows\System\PCmKPDk.exe
  C:\Windows\System\PCmKPDk.exe
  2⤵
  PID:6028
- C:\Windows\System\hwRlAMd.exe
  C:\Windows\System\hwRlAMd.exe
  2⤵
  PID:6044
- C:\Windows\System\VrWhoSj.exe
  C:\Windows\System\VrWhoSj.exe
  2⤵
  PID:6060
- C:\Windows\System\RqxbVPH.exe
  C:\Windows\System\RqxbVPH.exe
  2⤵
  PID:6084
- C:\Windows\System\kBJNdMn.exe
  C:\Windows\System\kBJNdMn.exe
  2⤵
  PID:6120
- C:\Windows\System\qYfEeso.exe
  C:\Windows\System\qYfEeso.exe
  2⤵
  PID:6140
- C:\Windows\System\KQprhIr.exe
  C:\Windows\System\KQprhIr.exe
  2⤵
  PID:5096
- C:\Windows\System\bjifeKI.exe
  C:\Windows\System\bjifeKI.exe
  2⤵
  PID:5132
- C:\Windows\System\MPfZjNt.exe
  C:\Windows\System\MPfZjNt.exe
  2⤵
  PID:1872
- C:\Windows\System\tovirhu.exe
  C:\Windows\System\tovirhu.exe
  2⤵
  PID:5180
- C:\Windows\System\UBtHVVh.exe
  C:\Windows\System\UBtHVVh.exe
  2⤵
  PID:3816
- C:\Windows\System\XAqjeqH.exe
  C:\Windows\System\XAqjeqH.exe
  2⤵
  PID:4272
- C:\Windows\System\idrHtoZ.exe
  C:\Windows\System\idrHtoZ.exe
  2⤵
  PID:2288
- C:\Windows\System\aozXadS.exe
  C:\Windows\System\aozXadS.exe
  2⤵
  PID:5228
- C:\Windows\System\AElwaZb.exe
  C:\Windows\System\AElwaZb.exe
  2⤵
  PID:5244
- C:\Windows\System\jYJLoGP.exe
  C:\Windows\System\jYJLoGP.exe
  2⤵
  PID:5116
- C:\Windows\System\kUXHuBz.exe
  C:\Windows\System\kUXHuBz.exe
  2⤵
  PID:5300
- C:\Windows\System\GFWBPRx.exe
  C:\Windows\System\GFWBPRx.exe
  2⤵
  PID:5308
- C:\Windows\System\cBdjvgP.exe
  C:\Windows\System\cBdjvgP.exe
  2⤵
  PID:5408
- C:\Windows\System\hVwDvUL.exe
  C:\Windows\System\hVwDvUL.exe
  2⤵
  PID:5452
- C:\Windows\System\SnBwLTq.exe
  C:\Windows\System\SnBwLTq.exe
  2⤵
  PID:5496
- C:\Windows\System\CKjMIQN.exe
  C:\Windows\System\CKjMIQN.exe
  2⤵
  PID:5468
- C:\Windows\System\MlWQotX.exe
  C:\Windows\System\MlWQotX.exe
  2⤵
  PID:5480
- C:\Windows\System\GJpqaDd.exe
  C:\Windows\System\GJpqaDd.exe
  2⤵
  PID:5428
- C:\Windows\System\YKwowgQ.exe
  C:\Windows\System\YKwowgQ.exe
  2⤵
  PID:5548
- C:\Windows\System\ANWiIWp.exe
  C:\Windows\System\ANWiIWp.exe
  2⤵
  PID:5612
- C:\Windows\System\NcKFEZr.exe
  C:\Windows\System\NcKFEZr.exe
  2⤵
  PID:5680
- C:\Windows\System\viaMdYV.exe
  C:\Windows\System\viaMdYV.exe
  2⤵
  PID:5764
- C:\Windows\System\sneuudl.exe
  C:\Windows\System\sneuudl.exe
  2⤵
  PID:5632
- C:\Windows\System\ASfOOvo.exe
  C:\Windows\System\ASfOOvo.exe
  2⤵
  PID:5704
- C:\Windows\System\upwBtGc.exe
  C:\Windows\System\upwBtGc.exe
  2⤵
  PID:5788
- C:\Windows\System\ssAnEWz.exe
  C:\Windows\System\ssAnEWz.exe
  2⤵
  PID:5868
- C:\Windows\System\zKYZUrP.exe
  C:\Windows\System\zKYZUrP.exe
  2⤵
  PID:5872
- C:\Windows\System\pajcGPw.exe
  C:\Windows\System\pajcGPw.exe
  2⤵
  PID:5896
- C:\Windows\System\xIGSkmF.exe
  C:\Windows\System\xIGSkmF.exe
  2⤵
  PID:5916
- C:\Windows\System\CihspGK.exe
  C:\Windows\System\CihspGK.exe
  2⤵
  PID:5932
- C:\Windows\System\skNuDKv.exe
  C:\Windows\System\skNuDKv.exe
  2⤵
  PID:5992
- C:\Windows\System\lVHomMQ.exe
  C:\Windows\System\lVHomMQ.exe
  2⤵
  PID:6056
- C:\Windows\System\dToeTwg.exe
  C:\Windows\System\dToeTwg.exe
  2⤵
  PID:6100
- C:\Windows\System\QClfjQX.exe
  C:\Windows\System\QClfjQX.exe
  2⤵
  PID:6004
- C:\Windows\System\HRfxIxl.exe
  C:\Windows\System\HRfxIxl.exe
  2⤵
  PID:6096
- C:\Windows\System\iGNgCLu.exe
  C:\Windows\System\iGNgCLu.exe
  2⤵
  PID:5136
- C:\Windows\System\MzBFPcl.exe
  C:\Windows\System\MzBFPcl.exe
  2⤵
  PID:2272
- C:\Windows\System\WyMKWFq.exe
  C:\Windows\System\WyMKWFq.exe
  2⤵
  PID:5112
- C:\Windows\System\dwAnLzr.exe
  C:\Windows\System\dwAnLzr.exe
  2⤵
  PID:4976
- C:\Windows\System\wdrugae.exe
  C:\Windows\System\wdrugae.exe
  2⤵
  PID:5304
- C:\Windows\System\NzYjFgn.exe
  C:\Windows\System\NzYjFgn.exe
  2⤵
  PID:5264
- C:\Windows\System\aGtnkyo.exe
  C:\Windows\System\aGtnkyo.exe
  2⤵
  PID:5364
- C:\Windows\System\YBrmSGO.exe
  C:\Windows\System\YBrmSGO.exe
  2⤵
  PID:4016
- C:\Windows\System\qLjVJHR.exe
  C:\Windows\System\qLjVJHR.exe
  2⤵
  PID:5200
- C:\Windows\System\nGkEzOH.exe
  C:\Windows\System\nGkEzOH.exe
  2⤵
  PID:5584
- C:\Windows\System\hlFzuiw.exe
  C:\Windows\System\hlFzuiw.exe
  2⤵
  PID:5688
- C:\Windows\System\Kpmeuwt.exe
  C:\Windows\System\Kpmeuwt.exe
  2⤵
  PID:5356
- C:\Windows\System\VfEkVfN.exe
  C:\Windows\System\VfEkVfN.exe
  2⤵
  PID:5564
- C:\Windows\System\TmrubMM.exe
  C:\Windows\System\TmrubMM.exe
  2⤵
  PID:5600
- C:\Windows\System\oqqNBSV.exe
  C:\Windows\System\oqqNBSV.exe
  2⤵
  PID:5820
- C:\Windows\System\QwxCySP.exe
  C:\Windows\System\QwxCySP.exe
  2⤵
  PID:5840
- C:\Windows\System\aNtPsun.exe
  C:\Windows\System\aNtPsun.exe
  2⤵
  PID:5892
- C:\Windows\System\HqRVIkX.exe
  C:\Windows\System\HqRVIkX.exe
  2⤵
  PID:6092
- C:\Windows\System\guEkknD.exe
  C:\Windows\System\guEkknD.exe
  2⤵
  PID:6132
- C:\Windows\System\nLOrUUY.exe
  C:\Windows\System\nLOrUUY.exe
  2⤵
  PID:5748
- C:\Windows\System\QcvVqhq.exe
  C:\Windows\System\QcvVqhq.exe
  2⤵
  PID:5284
- C:\Windows\System\gEeJhzd.exe
  C:\Windows\System\gEeJhzd.exe
  2⤵
  PID:5824
- C:\Windows\System\ijLOAHR.exe
  C:\Windows\System\ijLOAHR.exe
  2⤵
  PID:1696
- C:\Windows\System\MRqJtBS.exe
  C:\Windows\System\MRqJtBS.exe
  2⤵
  PID:5952
- C:\Windows\System\CZZVWhz.exe
  C:\Windows\System\CZZVWhz.exe
  2⤵
  PID:5852
- C:\Windows\System\GIeSzVl.exe
  C:\Windows\System\GIeSzVl.exe
  2⤵
  PID:5544
- C:\Windows\System\sBNiWbs.exe
  C:\Windows\System\sBNiWbs.exe
  2⤵
  PID:6052
- C:\Windows\System\jaFitwP.exe
  C:\Windows\System\jaFitwP.exe
  2⤵
  PID:6080
- C:\Windows\System\lUDxsIt.exe
  C:\Windows\System\lUDxsIt.exe
  2⤵
  PID:5176
- C:\Windows\System\fmuhpwc.exe
  C:\Windows\System\fmuhpwc.exe
  2⤵
  PID:5912
- C:\Windows\System\TsDbfbC.exe
  C:\Windows\System\TsDbfbC.exe
  2⤵
  PID:5476
- C:\Windows\System\IsrnYIl.exe
  C:\Windows\System\IsrnYIl.exe
  2⤵
  PID:5744
- C:\Windows\System\NxwWdej.exe
  C:\Windows\System\NxwWdej.exe
  2⤵
  PID:5784
- C:\Windows\System\AYxFAWe.exe
  C:\Windows\System\AYxFAWe.exe
  2⤵
  PID:6024
- C:\Windows\System\YSBauhR.exe
  C:\Windows\System\YSBauhR.exe
  2⤵
  PID:5728
- C:\Windows\System\lhFaieJ.exe
  C:\Windows\System\lhFaieJ.exe
  2⤵
  PID:5248
- C:\Windows\System\DSIqXJz.exe
  C:\Windows\System\DSIqXJz.exe
  2⤵
  PID:5512
- C:\Windows\System\YXdNGWV.exe
  C:\Windows\System\YXdNGWV.exe
  2⤵
  PID:5700
- C:\Windows\System\LGJrvLW.exe
  C:\Windows\System\LGJrvLW.exe
  2⤵
  PID:5628
- C:\Windows\System\efQcVZv.exe
  C:\Windows\System\efQcVZv.exe
  2⤵
  PID:5888
- C:\Windows\System\MgDCTnX.exe
  C:\Windows\System\MgDCTnX.exe
  2⤵
  PID:6152
- C:\Windows\System\hawXiCV.exe
  C:\Windows\System\hawXiCV.exe
  2⤵
  PID:6172
- C:\Windows\System\DhzikkY.exe
  C:\Windows\System\DhzikkY.exe
  2⤵
  PID:6192
- C:\Windows\System\NFhQkyu.exe
  C:\Windows\System\NFhQkyu.exe
  2⤵
  PID:6208
- C:\Windows\System\ayrzEGL.exe
  C:\Windows\System\ayrzEGL.exe
  2⤵
  PID:6224
- C:\Windows\System\IgROTtW.exe
  C:\Windows\System\IgROTtW.exe
  2⤵
  PID:6240
- C:\Windows\System\PhTjBlh.exe
  C:\Windows\System\PhTjBlh.exe
  2⤵
  PID:6256
- C:\Windows\System\qMZBcde.exe
  C:\Windows\System\qMZBcde.exe
  2⤵
  PID:6272
- C:\Windows\System\vGmDdhR.exe
  C:\Windows\System\vGmDdhR.exe
  2⤵
  PID:6288
- C:\Windows\System\MmZhmYG.exe
  C:\Windows\System\MmZhmYG.exe
  2⤵
  PID:6304
- C:\Windows\System\jxfiAdd.exe
  C:\Windows\System\jxfiAdd.exe
  2⤵
  PID:6320
- C:\Windows\System\hqpqpsO.exe
  C:\Windows\System\hqpqpsO.exe
  2⤵
  PID:6336
- C:\Windows\System\wcikmKr.exe
  C:\Windows\System\wcikmKr.exe
  2⤵
  PID:6352
- C:\Windows\System\vZIPeKn.exe
  C:\Windows\System\vZIPeKn.exe
  2⤵
  PID:6368
- C:\Windows\System\BPEXsnH.exe
  C:\Windows\System\BPEXsnH.exe
  2⤵
  PID:6384
- C:\Windows\System\YTYSabe.exe
  C:\Windows\System\YTYSabe.exe
  2⤵
  PID:6400
- C:\Windows\System\EVHurkW.exe
  C:\Windows\System\EVHurkW.exe
  2⤵
  PID:6420
- C:\Windows\System\wsueGIw.exe
  C:\Windows\System\wsueGIw.exe
  2⤵
  PID:6436
- C:\Windows\System\COdFktf.exe
  C:\Windows\System\COdFktf.exe
  2⤵
  PID:6452
- C:\Windows\System\mxHMQwb.exe
  C:\Windows\System\mxHMQwb.exe
  2⤵
  PID:6468
- C:\Windows\System\gvOTDXp.exe
  C:\Windows\System\gvOTDXp.exe
  2⤵
  PID:6484
- C:\Windows\System\hMfoehf.exe
  C:\Windows\System\hMfoehf.exe
  2⤵
  PID:6500
- C:\Windows\System\dyiiqZD.exe
  C:\Windows\System\dyiiqZD.exe
  2⤵
  PID:6516
- C:\Windows\System\CaHfpUv.exe
  C:\Windows\System\CaHfpUv.exe
  2⤵
  PID:6532
- C:\Windows\System\WAAttGe.exe
  C:\Windows\System\WAAttGe.exe
  2⤵
  PID:6548
- C:\Windows\System\wKcRuep.exe
  C:\Windows\System\wKcRuep.exe
  2⤵
  PID:6564
- C:\Windows\System\KIMtWBK.exe
  C:\Windows\System\KIMtWBK.exe
  2⤵
  PID:6580
- C:\Windows\System\lPOhbNw.exe
  C:\Windows\System\lPOhbNw.exe
  2⤵
  PID:6596
- C:\Windows\System\TyydtHZ.exe
  C:\Windows\System\TyydtHZ.exe
  2⤵
  PID:6612
- C:\Windows\System\ecYWKAe.exe
  C:\Windows\System\ecYWKAe.exe
  2⤵
  PID:6628
- C:\Windows\System\DAnHDom.exe
  C:\Windows\System\DAnHDom.exe
  2⤵
  PID:6644
- C:\Windows\System\CSrhTou.exe
  C:\Windows\System\CSrhTou.exe
  2⤵
  PID:6660
- C:\Windows\System\egVEwFp.exe
  C:\Windows\System\egVEwFp.exe
  2⤵
  PID:6676
- C:\Windows\System\qBjbRMZ.exe
  C:\Windows\System\qBjbRMZ.exe
  2⤵
  PID:6692
- C:\Windows\System\kfzINNF.exe
  C:\Windows\System\kfzINNF.exe
  2⤵
  PID:6708
- C:\Windows\System\CsNHBZh.exe
  C:\Windows\System\CsNHBZh.exe
  2⤵
  PID:6724
- C:\Windows\System\JpXCXww.exe
  C:\Windows\System\JpXCXww.exe
  2⤵
  PID:6740
- C:\Windows\System\ZtrHepp.exe
  C:\Windows\System\ZtrHepp.exe
  2⤵
  PID:6756
- C:\Windows\System\zEMtHAu.exe
  C:\Windows\System\zEMtHAu.exe
  2⤵
  PID:6776
- C:\Windows\System\VlUnxxj.exe
  C:\Windows\System\VlUnxxj.exe
  2⤵
  PID:6792
- C:\Windows\System\JDadPHm.exe
  C:\Windows\System\JDadPHm.exe
  2⤵
  PID:6808
- C:\Windows\System\GtKmyAa.exe
  C:\Windows\System\GtKmyAa.exe
  2⤵
  PID:6824
- C:\Windows\System\TRmWTmh.exe
  C:\Windows\System\TRmWTmh.exe
  2⤵
  PID:6840
- C:\Windows\System\ycRSOir.exe
  C:\Windows\System\ycRSOir.exe
  2⤵
  PID:6856
- C:\Windows\System\SqwfuRr.exe
  C:\Windows\System\SqwfuRr.exe
  2⤵
  PID:6872
- C:\Windows\System\fYqfMWN.exe
  C:\Windows\System\fYqfMWN.exe
  2⤵
  PID:6888
- C:\Windows\System\gbRyEZk.exe
  C:\Windows\System\gbRyEZk.exe
  2⤵
  PID:6904
- C:\Windows\System\WIhJtft.exe
  C:\Windows\System\WIhJtft.exe
  2⤵
  PID:6920
- C:\Windows\System\zGGLdyG.exe
  C:\Windows\System\zGGLdyG.exe
  2⤵
  PID:6936
- C:\Windows\System\jWHhXHF.exe
  C:\Windows\System\jWHhXHF.exe
  2⤵
  PID:6952
- C:\Windows\System\oLQITgK.exe
  C:\Windows\System\oLQITgK.exe
  2⤵
  PID:6976
- C:\Windows\System\lIxhjmG.exe
  C:\Windows\System\lIxhjmG.exe
  2⤵
  PID:6992
- C:\Windows\System\NIZSmmC.exe
  C:\Windows\System\NIZSmmC.exe
  2⤵
  PID:7008
- C:\Windows\System\tjeEIil.exe
  C:\Windows\System\tjeEIil.exe
  2⤵
  PID:7024
- C:\Windows\System\qzQWFwj.exe
  C:\Windows\System\qzQWFwj.exe
  2⤵
  PID:7044
- C:\Windows\System\poBdQrq.exe
  C:\Windows\System\poBdQrq.exe
  2⤵
  PID:7060
- C:\Windows\System\CoagMrS.exe
  C:\Windows\System\CoagMrS.exe
  2⤵
  PID:7080
- C:\Windows\System\MdWmQZt.exe
  C:\Windows\System\MdWmQZt.exe
  2⤵
  PID:7100
- C:\Windows\System\sXadmQn.exe
  C:\Windows\System\sXadmQn.exe
  2⤵
  PID:7116
- C:\Windows\System\TKPsNjs.exe
  C:\Windows\System\TKPsNjs.exe
  2⤵
  PID:7132
- C:\Windows\System\dyFhIPB.exe
  C:\Windows\System\dyFhIPB.exe
  2⤵
  PID:7148
- C:\Windows\System\uigyBho.exe
  C:\Windows\System\uigyBho.exe
  2⤵
  PID:7164
- C:\Windows\System\INKNCDg.exe
  C:\Windows\System\INKNCDg.exe
  2⤵
  PID:4652
- C:\Windows\System\dCcFsGz.exe
  C:\Windows\System\dCcFsGz.exe
  2⤵
  PID:6168
- C:\Windows\System\zkZEhwl.exe
  C:\Windows\System\zkZEhwl.exe
  2⤵
  PID:5144
- C:\Windows\System\eEAhLjY.exe
  C:\Windows\System\eEAhLjY.exe
  2⤵
  PID:5652
- C:\Windows\System\zdRhJlB.exe
  C:\Windows\System\zdRhJlB.exe
  2⤵
  PID:5272
- C:\Windows\System\wZaHMte.exe
  C:\Windows\System\wZaHMte.exe
  2⤵
  PID:6148
- C:\Windows\System\vyeHAiW.exe
  C:\Windows\System\vyeHAiW.exe
  2⤵
  PID:6200
- C:\Windows\System\UyKzCGl.exe
  C:\Windows\System\UyKzCGl.exe
  2⤵
  PID:6264
- C:\Windows\System\Mmemeeo.exe
  C:\Windows\System\Mmemeeo.exe
  2⤵
  PID:6328
- C:\Windows\System\OpJmXsc.exe
  C:\Windows\System\OpJmXsc.exe
  2⤵
  PID:6188
- C:\Windows\System\fcuWkcH.exe
  C:\Windows\System\fcuWkcH.exe
  2⤵
  PID:6392
- C:\Windows\System\TqQUxFk.exe
  C:\Windows\System\TqQUxFk.exe
  2⤵
  PID:6284
- C:\Windows\System\tLixnwe.exe
  C:\Windows\System\tLixnwe.exe
  2⤵
  PID:6432
- C:\Windows\System\ZZkgOyX.exe
  C:\Windows\System\ZZkgOyX.exe
  2⤵
  PID:6376
- C:\Windows\System\kVImmvj.exe
  C:\Windows\System\kVImmvj.exe
  2⤵
  PID:6416
- C:\Windows\System\jborMbX.exe
  C:\Windows\System\jborMbX.exe
  2⤵
  PID:6444
- C:\Windows\System\aHdcVjW.exe
  C:\Windows\System\aHdcVjW.exe
  2⤵
  PID:6448
- C:\Windows\System\XHSQZIN.exe
  C:\Windows\System\XHSQZIN.exe
  2⤵
  PID:6556
- C:\Windows\System\ihgXNor.exe
  C:\Windows\System\ihgXNor.exe
  2⤵
  PID:6540
- C:\Windows\System\mAbgKum.exe
  C:\Windows\System\mAbgKum.exe
  2⤵
  PID:6604
- C:\Windows\System\fmXxnJV.exe
  C:\Windows\System\fmXxnJV.exe
  2⤵
  PID:6624
- C:\Windows\System\cMywHIl.exe
  C:\Windows\System\cMywHIl.exe
  2⤵
  PID:6688
- C:\Windows\System\xgreCqr.exe
  C:\Windows\System\xgreCqr.exe
  2⤵
  PID:6704
- C:\Windows\System\WFLruLv.exe
  C:\Windows\System\WFLruLv.exe
  2⤵
  PID:6720
- C:\Windows\System\qXozYMJ.exe
  C:\Windows\System\qXozYMJ.exe
  2⤵
  PID:6788
- C:\Windows\System\GhHRdMG.exe
  C:\Windows\System\GhHRdMG.exe
  2⤵
  PID:6852
- C:\Windows\System\DPhUKpl.exe
  C:\Windows\System\DPhUKpl.exe
  2⤵
  PID:6864
- C:\Windows\System\wXEmzfI.exe
  C:\Windows\System\wXEmzfI.exe
  2⤵
  PID:6764
- C:\Windows\System\NdjJKFz.exe
  C:\Windows\System\NdjJKFz.exe
  2⤵
  PID:6804
- C:\Windows\System\FTJikNI.exe
  C:\Windows\System\FTJikNI.exe
  2⤵
  PID:6912
- C:\Windows\System\gWMEZdF.exe
  C:\Windows\System\gWMEZdF.exe
  2⤵
  PID:6932
- C:\Windows\System\xdNZvph.exe
  C:\Windows\System\xdNZvph.exe
  2⤵
  PID:6960
- C:\Windows\System\TImiUyA.exe
  C:\Windows\System\TImiUyA.exe
  2⤵
  PID:6968
- C:\Windows\System\myCgPzu.exe
  C:\Windows\System\myCgPzu.exe
  2⤵
  PID:7004
- C:\Windows\System\rbXyBWE.exe
  C:\Windows\System\rbXyBWE.exe
  2⤵
  PID:7068
- C:\Windows\System\ZyrwVEK.exe
  C:\Windows\System\ZyrwVEK.exe
  2⤵
  PID:7092
- C:\Windows\System\hpAVfRa.exe
  C:\Windows\System\hpAVfRa.exe
  2⤵
  PID:7156
- C:\Windows\System\tAQLpBs.exe
  C:\Windows\System\tAQLpBs.exe
  2⤵
  PID:7108
- C:\Windows\System\vXGHZyO.exe
  C:\Windows\System\vXGHZyO.exe
  2⤵
  PID:6076
- C:\Windows\System\VupVMCn.exe
  C:\Windows\System\VupVMCn.exe
  2⤵
  PID:6040
- C:\Windows\System\iQMzGMi.exe
  C:\Windows\System\iQMzGMi.exe
  2⤵
  PID:5456
- C:\Windows\System\zmFpYIM.exe
  C:\Windows\System\zmFpYIM.exe
  2⤵
  PID:6180
- C:\Windows\System\wdFGGXn.exe
  C:\Windows\System\wdFGGXn.exe
  2⤵
  PID:6360
- C:\Windows\System\lRnabfT.exe
  C:\Windows\System\lRnabfT.exe
  2⤵
  PID:6348
- C:\Windows\System\suqxVlk.exe
  C:\Windows\System\suqxVlk.exe
  2⤵
  PID:6300
- C:\Windows\System\EuZrmAB.exe
  C:\Windows\System\EuZrmAB.exe
  2⤵
  PID:6316
- C:\Windows\System\qbXtuSN.exe
  C:\Windows\System\qbXtuSN.exe
  2⤵
  PID:6480
- C:\Windows\System\PYREXdV.exe
  C:\Windows\System\PYREXdV.exe
  2⤵
  PID:6608
- C:\Windows\System\IssRCGS.exe
  C:\Windows\System\IssRCGS.exe
  2⤵
  PID:6572
- C:\Windows\System\NKncejV.exe
  C:\Windows\System\NKncejV.exe
  2⤵
  PID:6848
- C:\Windows\System\nhvDDCx.exe
  C:\Windows\System\nhvDDCx.exe
  2⤵
  PID:6700
- C:\Windows\System\HJMvWEs.exe
  C:\Windows\System\HJMvWEs.exe
  2⤵
  PID:6784
- C:\Windows\System\qwyoAmp.exe
  C:\Windows\System\qwyoAmp.exe
  2⤵
  PID:6984
- C:\Windows\System\jrHOXAn.exe
  C:\Windows\System\jrHOXAn.exe
  2⤵
  PID:6944
- C:\Windows\System\SDJDoQk.exe
  C:\Windows\System\SDJDoQk.exe
  2⤵
  PID:7052
- C:\Windows\System\KYMOvpj.exe
  C:\Windows\System\KYMOvpj.exe
  2⤵
  PID:6928
- C:\Windows\System\USDiVfy.exe
  C:\Windows\System\USDiVfy.exe
  2⤵
  PID:7140
- C:\Windows\System\sjKYwQf.exe
  C:\Windows\System\sjKYwQf.exe
  2⤵
  PID:6220
- C:\Windows\System\FAgQBfE.exe
  C:\Windows\System\FAgQBfE.exe
  2⤵
  PID:5580
- C:\Windows\System\MuslCUj.exe
  C:\Windows\System\MuslCUj.exe
  2⤵
  PID:6236
- C:\Windows\System\ZEeAqtX.exe
  C:\Windows\System\ZEeAqtX.exe
  2⤵
  PID:6396
- C:\Windows\System\JdejRvp.exe
  C:\Windows\System\JdejRvp.exe
  2⤵
  PID:6820
- C:\Windows\System\dSLYkJn.exe
  C:\Windows\System\dSLYkJn.exe
  2⤵
  PID:6280
- C:\Windows\System\KkVHsNz.exe
  C:\Windows\System\KkVHsNz.exe
  2⤵
  PID:6772
- C:\Windows\System\DRjlAaZ.exe
  C:\Windows\System\DRjlAaZ.exe
  2⤵
  PID:7032
- C:\Windows\System\aXWHWkA.exe
  C:\Windows\System\aXWHWkA.exe
  2⤵
  PID:7020
- C:\Windows\System\RBfpFBV.exe
  C:\Windows\System\RBfpFBV.exe
  2⤵
  PID:5268
- C:\Windows\System\KIcwWrj.exe
  C:\Windows\System\KIcwWrj.exe
  2⤵
  PID:7180
- C:\Windows\System\BlFMBke.exe
  C:\Windows\System\BlFMBke.exe
  2⤵
  PID:7196
- C:\Windows\System\bFDHFCc.exe
  C:\Windows\System\bFDHFCc.exe
  2⤵
  PID:7212
- C:\Windows\System\WonSYSh.exe
  C:\Windows\System\WonSYSh.exe
  2⤵
  PID:7228
- C:\Windows\System\falsMEt.exe
  C:\Windows\System\falsMEt.exe
  2⤵
  PID:7244
- C:\Windows\System\JYBrcKt.exe
  C:\Windows\System\JYBrcKt.exe
  2⤵
  PID:7260
- C:\Windows\System\sNfPmQr.exe
  C:\Windows\System\sNfPmQr.exe
  2⤵
  PID:7276
- C:\Windows\System\djSINFv.exe
  C:\Windows\System\djSINFv.exe
  2⤵
  PID:7292
- C:\Windows\System\FvUsfyU.exe
  C:\Windows\System\FvUsfyU.exe
  2⤵
  PID:7308
- C:\Windows\System\UdADSUY.exe
  C:\Windows\System\UdADSUY.exe
  2⤵
  PID:7324
- C:\Windows\System\ZSwopjC.exe
  C:\Windows\System\ZSwopjC.exe
  2⤵
  PID:7340
- C:\Windows\System\bOtQZJz.exe
  C:\Windows\System\bOtQZJz.exe
  2⤵
  PID:7356
- C:\Windows\System\UxxmEND.exe
  C:\Windows\System\UxxmEND.exe
  2⤵
  PID:7372
- C:\Windows\System\LtqkMNv.exe
  C:\Windows\System\LtqkMNv.exe
  2⤵
  PID:7388
- C:\Windows\System\IHXZXvZ.exe
  C:\Windows\System\IHXZXvZ.exe
  2⤵
  PID:7404
- C:\Windows\System\AnaPdTr.exe
  C:\Windows\System\AnaPdTr.exe
  2⤵
  PID:7420
- C:\Windows\System\ZqJBjHm.exe
  C:\Windows\System\ZqJBjHm.exe
  2⤵
  PID:7436
- C:\Windows\System\WhUnJmM.exe
  C:\Windows\System\WhUnJmM.exe
  2⤵
  PID:7452
- C:\Windows\System\JbumHvt.exe
  C:\Windows\System\JbumHvt.exe
  2⤵
  PID:7468
- C:\Windows\System\EFnxmHC.exe
  C:\Windows\System\EFnxmHC.exe
  2⤵
  PID:7484
- C:\Windows\System\ZUnFZbX.exe
  C:\Windows\System\ZUnFZbX.exe
  2⤵
  PID:7500
- C:\Windows\System\upDvqri.exe
  C:\Windows\System\upDvqri.exe
  2⤵
  PID:7516
- C:\Windows\System\IUtoVNR.exe
  C:\Windows\System\IUtoVNR.exe
  2⤵
  PID:7532
- C:\Windows\System\OfJRgCG.exe
  C:\Windows\System\OfJRgCG.exe
  2⤵
  PID:7548
- C:\Windows\System\DRwyukN.exe
  C:\Windows\System\DRwyukN.exe
  2⤵
  PID:7564
- C:\Windows\System\ExkQmWd.exe
  C:\Windows\System\ExkQmWd.exe
  2⤵
  PID:7580
- C:\Windows\System\VkUELRj.exe
  C:\Windows\System\VkUELRj.exe
  2⤵
  PID:7596
- C:\Windows\System\vhIbxHK.exe
  C:\Windows\System\vhIbxHK.exe
  2⤵
  PID:7612
- C:\Windows\System\hUulkPc.exe
  C:\Windows\System\hUulkPc.exe
  2⤵
  PID:7628
- C:\Windows\System\GQBDWeQ.exe
  C:\Windows\System\GQBDWeQ.exe
  2⤵
  PID:7648
- C:\Windows\System\EVIgzML.exe
  C:\Windows\System\EVIgzML.exe
  2⤵
  PID:7664
- C:\Windows\System\PatFAyp.exe
  C:\Windows\System\PatFAyp.exe
  2⤵
  PID:7680
- C:\Windows\System\vwXvnQK.exe
  C:\Windows\System\vwXvnQK.exe
  2⤵
  PID:7696
- C:\Windows\System\LNUOxyI.exe
  C:\Windows\System\LNUOxyI.exe
  2⤵
  PID:7712
- C:\Windows\System\TxjMTwJ.exe
  C:\Windows\System\TxjMTwJ.exe
  2⤵
  PID:7728
- C:\Windows\System\rLqAWia.exe
  C:\Windows\System\rLqAWia.exe
  2⤵
  PID:7744
- C:\Windows\System\Onqmuld.exe
  C:\Windows\System\Onqmuld.exe
  2⤵
  PID:7764
- C:\Windows\System\IUnbooV.exe
  C:\Windows\System\IUnbooV.exe
  2⤵
  PID:7780
- C:\Windows\System\UCRargi.exe
  C:\Windows\System\UCRargi.exe
  2⤵
  PID:7796
- C:\Windows\System\jRkVsWT.exe
  C:\Windows\System\jRkVsWT.exe
  2⤵
  PID:7812
- C:\Windows\System\DSaHxhX.exe
  C:\Windows\System\DSaHxhX.exe
  2⤵
  PID:7828
- C:\Windows\System\mbNfYao.exe
  C:\Windows\System\mbNfYao.exe
  2⤵
  PID:7844
- C:\Windows\System\atuqPgZ.exe
  C:\Windows\System\atuqPgZ.exe
  2⤵
  PID:7860
- C:\Windows\System\byJzxoM.exe
  C:\Windows\System\byJzxoM.exe
  2⤵
  PID:7876
- C:\Windows\System\lQGVOmm.exe
  C:\Windows\System\lQGVOmm.exe
  2⤵
  PID:7892
- C:\Windows\System\BWoxqLD.exe
  C:\Windows\System\BWoxqLD.exe
  2⤵
  PID:7908
- C:\Windows\System\iyHntMd.exe
  C:\Windows\System\iyHntMd.exe
  2⤵
  PID:7928
- C:\Windows\System\vJVZmxm.exe
  C:\Windows\System\vJVZmxm.exe
  2⤵
  PID:7944
- C:\Windows\System\DBtOidx.exe
  C:\Windows\System\DBtOidx.exe
  2⤵
  PID:7960
- C:\Windows\System\mNyLQWU.exe
  C:\Windows\System\mNyLQWU.exe
  2⤵
  PID:7976
- C:\Windows\System\IkcxolP.exe
  C:\Windows\System\IkcxolP.exe
  2⤵
  PID:7992
- C:\Windows\System\JtdFhIP.exe
  C:\Windows\System\JtdFhIP.exe
  2⤵
  PID:8008
- C:\Windows\System\TTAJiNS.exe
  C:\Windows\System\TTAJiNS.exe
  2⤵
  PID:8024
- C:\Windows\System\fbiBPFc.exe
  C:\Windows\System\fbiBPFc.exe
  2⤵
  PID:8040
- C:\Windows\System\dtpuoxs.exe
  C:\Windows\System\dtpuoxs.exe
  2⤵
  PID:8056
- C:\Windows\System\ZYfDIad.exe
  C:\Windows\System\ZYfDIad.exe
  2⤵
  PID:8072
- C:\Windows\System\TxXmGyH.exe
  C:\Windows\System\TxXmGyH.exe
  2⤵
  PID:8088
- C:\Windows\System\zzVohHH.exe
  C:\Windows\System\zzVohHH.exe
  2⤵
  PID:8104
- C:\Windows\System\rISdOTp.exe
  C:\Windows\System\rISdOTp.exe
  2⤵
  PID:8120
- C:\Windows\System\PwRDYAi.exe
  C:\Windows\System\PwRDYAi.exe
  2⤵
  PID:8136
- C:\Windows\System\fJdVDJv.exe
  C:\Windows\System\fJdVDJv.exe
  2⤵
  PID:8152
- C:\Windows\System\XuZHrAY.exe
  C:\Windows\System\XuZHrAY.exe
  2⤵
  PID:8168
- C:\Windows\System\pHDsoTt.exe
  C:\Windows\System\pHDsoTt.exe
  2⤵
  PID:8184
- C:\Windows\System\TTiTqcD.exe
  C:\Windows\System\TTiTqcD.exe
  2⤵
  PID:1568
- C:\Windows\System\yAlqDis.exe
  C:\Windows\System\yAlqDis.exe
  2⤵
  PID:6528
- C:\Windows\System\grgDRAp.exe
  C:\Windows\System\grgDRAp.exe
  2⤵
  PID:5172
- C:\Windows\System\FzRyPXQ.exe
  C:\Windows\System\FzRyPXQ.exe
  2⤵
  PID:7192
- C:\Windows\System\jifdTsV.exe
  C:\Windows\System\jifdTsV.exe
  2⤵
  PID:7256
- C:\Windows\System\DrUSOAi.exe
  C:\Windows\System\DrUSOAi.exe
  2⤵
  PID:7348
- C:\Windows\System\xPdOgRV.exe
  C:\Windows\System\xPdOgRV.exe
  2⤵
  PID:7384
- C:\Windows\System\PUAgUpb.exe
  C:\Windows\System\PUAgUpb.exe
  2⤵
  PID:6836
- C:\Windows\System\knIgPmK.exe
  C:\Windows\System\knIgPmK.exe
  2⤵
  PID:6736
- C:\Windows\System\PlFLqiY.exe
  C:\Windows\System\PlFLqiY.exe
  2⤵
  PID:7204
- C:\Windows\System\dtcdUxy.exe
  C:\Windows\System\dtcdUxy.exe
  2⤵
  PID:7272
- C:\Windows\System\tMJCxjA.exe
  C:\Windows\System\tMJCxjA.exe
  2⤵
  PID:7364
- C:\Windows\System\vBkmMXF.exe
  C:\Windows\System\vBkmMXF.exe
  2⤵
  PID:7428
- C:\Windows\System\OZCNJcA.exe
  C:\Windows\System\OZCNJcA.exe
  2⤵
  PID:7444
- C:\Windows\System\vTIJNLL.exe
  C:\Windows\System\vTIJNLL.exe
  2⤵
  PID:7416
- C:\Windows\System\CZHThWS.exe
  C:\Windows\System\CZHThWS.exe
  2⤵
  PID:7508
- C:\Windows\System\GRIMzyx.exe
  C:\Windows\System\GRIMzyx.exe
  2⤵
  PID:7544
- C:\Windows\System\XZyvmTl.exe
  C:\Windows\System\XZyvmTl.exe
  2⤵
  PID:7604
- C:\Windows\System\qrLcvEQ.exe
  C:\Windows\System\qrLcvEQ.exe
  2⤵
  PID:2804
- C:\Windows\System\jguCVVg.exe
  C:\Windows\System\jguCVVg.exe
  2⤵
  PID:7644
- C:\Windows\System\TgmVZON.exe
  C:\Windows\System\TgmVZON.exe
  2⤵
  PID:7736
- C:\Windows\System\pDdcwbY.exe
  C:\Windows\System\pDdcwbY.exe
  2⤵
  PID:7620
- C:\Windows\System\GhCULtV.exe
  C:\Windows\System\GhCULtV.exe
  2⤵
  PID:7660
- C:\Windows\System\sSyCoLN.exe
  C:\Windows\System\sSyCoLN.exe
  2⤵
  PID:7760
- C:\Windows\System\aQnpbPy.exe
  C:\Windows\System\aQnpbPy.exe
  2⤵
  PID:7788
- C:\Windows\System\ydVwiXx.exe
  C:\Windows\System\ydVwiXx.exe
  2⤵
  PID:7820
- C:\Windows\System\ygofxYf.exe
  C:\Windows\System\ygofxYf.exe
  2⤵
  PID:7852
- C:\Windows\System\hOQVrsg.exe
  C:\Windows\System\hOQVrsg.exe
  2⤵
  PID:7872
- C:\Windows\System\YbLiVQk.exe
  C:\Windows\System\YbLiVQk.exe
  2⤵
  PID:7936
- C:\Windows\System\ruVQIfs.exe
  C:\Windows\System\ruVQIfs.exe
  2⤵
  PID:8004
- C:\Windows\System\RahPeiS.exe
  C:\Windows\System\RahPeiS.exe
  2⤵
  PID:8068
- C:\Windows\System\AvQQjhN.exe
  C:\Windows\System\AvQQjhN.exe
  2⤵
  PID:7952
- C:\Windows\System\KPZnAxV.exe
  C:\Windows\System\KPZnAxV.exe
  2⤵
  PID:7988
- C:\Windows\System\BrAwKeN.exe
  C:\Windows\System\BrAwKeN.exe
  2⤵
  PID:8052
- C:\Windows\System\HJisPVr.exe
  C:\Windows\System\HJisPVr.exe
  2⤵
  PID:8116
- C:\Windows\System\NzIcSjl.exe
  C:\Windows\System\NzIcSjl.exe
  2⤵
  PID:8132
- C:\Windows\System\IOySLma.exe
  C:\Windows\System\IOySLma.exe
  2⤵
  PID:6344
- C:\Windows\System\dqmIfVQ.exe
  C:\Windows\System\dqmIfVQ.exe
  2⤵
  PID:7040
- C:\Windows\System\aisdqHK.exe
  C:\Windows\System\aisdqHK.exe
  2⤵
  PID:7320
- C:\Windows\System\OcHfuOU.exe
  C:\Windows\System\OcHfuOU.exe
  2⤵
  PID:7128
- C:\Windows\System\xdTZrNF.exe
  C:\Windows\System\xdTZrNF.exe
  2⤵
  PID:7252
- C:\Windows\System\xBlvBTO.exe
  C:\Windows\System\xBlvBTO.exe
  2⤵
  PID:6716
- C:\Windows\System\qPHuOrt.exe
  C:\Windows\System\qPHuOrt.exe
  2⤵
  PID:7304
- C:\Windows\System\fCDcqsw.exe
  C:\Windows\System\fCDcqsw.exe
  2⤵
  PID:7396
- C:\Windows\System\CetpUXc.exe
  C:\Windows\System\CetpUXc.exe
  2⤵
  PID:7412
- C:\Windows\System\AqhecDr.exe
  C:\Windows\System\AqhecDr.exe
  2⤵
  PID:7572
- C:\Windows\System\BpsIsOG.exe
  C:\Windows\System\BpsIsOG.exe
  2⤵
  PID:7708
- C:\Windows\System\xWiLZxy.exe
  C:\Windows\System\xWiLZxy.exe
  2⤵
  PID:7688
- C:\Windows\System\WOzaCON.exe
  C:\Windows\System\WOzaCON.exe
  2⤵
  PID:7772
- C:\Windows\System\LyEoMAN.exe
  C:\Windows\System\LyEoMAN.exe
  2⤵
  PID:7900
- C:\Windows\System\zEourKU.exe
  C:\Windows\System\zEourKU.exe
  2⤵
  PID:7972
- C:\Windows\System\NxrODRu.exe
  C:\Windows\System\NxrODRu.exe
  2⤵
  PID:7808
- C:\Windows\System\COnGuFm.exe
  C:\Windows\System\COnGuFm.exe
  2⤵
  PID:8000
- C:\Windows\System\rhPbVml.exe
  C:\Windows\System\rhPbVml.exe
  2⤵
  PID:8020
- C:\Windows\System\shRmqTx.exe
  C:\Windows\System\shRmqTx.exe
  2⤵
  PID:8112
- C:\Windows\System\MjvEPgr.exe
  C:\Windows\System\MjvEPgr.exe
  2⤵
  PID:8160
- C:\Windows\System\MWPzZcw.exe
  C:\Windows\System\MWPzZcw.exe
  2⤵
  PID:7332
- C:\Windows\System\yFmpvnP.exe
  C:\Windows\System\yFmpvnP.exe
  2⤵
  PID:7076
- C:\Windows\System\MSmLAqX.exe
  C:\Windows\System\MSmLAqX.exe
  2⤵
  PID:7316
- C:\Windows\System\QtilOmo.exe
  C:\Windows\System\QtilOmo.exe
  2⤵
  PID:7464
- C:\Windows\System\iSVvUte.exe
  C:\Windows\System\iSVvUte.exe
  2⤵
  PID:7592
- C:\Windows\System\KtHmxLY.exe
  C:\Windows\System\KtHmxLY.exe
  2⤵
  PID:7676
- C:\Windows\System\qNTHEFq.exe
  C:\Windows\System\qNTHEFq.exe
  2⤵
  PID:7916
- C:\Windows\System\tHjGtPz.exe
  C:\Windows\System\tHjGtPz.exe
  2⤵
  PID:7804
- C:\Windows\System\wTNMJPF.exe
  C:\Windows\System\wTNMJPF.exe
  2⤵
  PID:8128
- C:\Windows\System\OaGbZkA.exe
  C:\Windows\System\OaGbZkA.exe
  2⤵
  PID:7284
- C:\Windows\System\hQFDMdT.exe
  C:\Windows\System\hQFDMdT.exe
  2⤵
  PID:7236
- C:\Windows\System\HJMvvvT.exe
  C:\Windows\System\HJMvvvT.exe
  2⤵
  PID:7588
- C:\Windows\System\xrqNijt.exe
  C:\Windows\System\xrqNijt.exe
  2⤵
  PID:8164
- C:\Windows\System\pydYXMD.exe
  C:\Windows\System\pydYXMD.exe
  2⤵
  PID:7984
- C:\Windows\System\svewOcf.exe
  C:\Windows\System\svewOcf.exe
  2⤵
  PID:8196
- C:\Windows\System\Eywyrjk.exe
  C:\Windows\System\Eywyrjk.exe
  2⤵
  PID:8212
- C:\Windows\System\aUGOTaw.exe
  C:\Windows\System\aUGOTaw.exe
  2⤵
  PID:8228
- C:\Windows\System\FIiXygd.exe
  C:\Windows\System\FIiXygd.exe
  2⤵
  PID:8244
- C:\Windows\System\EVrABIJ.exe
  C:\Windows\System\EVrABIJ.exe
  2⤵
  PID:8260
- C:\Windows\System\QDiOOXw.exe
  C:\Windows\System\QDiOOXw.exe
  2⤵
  PID:8276
- C:\Windows\System\MEycDjS.exe
  C:\Windows\System\MEycDjS.exe
  2⤵
  PID:8292
- C:\Windows\System\PpFJBAG.exe
  C:\Windows\System\PpFJBAG.exe
  2⤵
  PID:8316
- C:\Windows\System\rznZLIJ.exe
  C:\Windows\System\rznZLIJ.exe
  2⤵
  PID:8332
- C:\Windows\System\NihEyWP.exe
  C:\Windows\System\NihEyWP.exe
  2⤵
  PID:8348
- C:\Windows\System\ftGzKze.exe
  C:\Windows\System\ftGzKze.exe
  2⤵
  PID:8364
- C:\Windows\System\spporGe.exe
  C:\Windows\System\spporGe.exe
  2⤵
  PID:8384
- C:\Windows\System\xQpBEvs.exe
  C:\Windows\System\xQpBEvs.exe
  2⤵
  PID:8404
- C:\Windows\System\AufYJjy.exe
  C:\Windows\System\AufYJjy.exe
  2⤵
  PID:8420
- C:\Windows\System\FbbwklM.exe
  C:\Windows\System\FbbwklM.exe
  2⤵
  PID:8436
- C:\Windows\System\nBdfOtW.exe
  C:\Windows\System\nBdfOtW.exe
  2⤵
  PID:8456
- C:\Windows\System\OpKYZGD.exe
  C:\Windows\System\OpKYZGD.exe
  2⤵
  PID:8472
- C:\Windows\System\VbhxTfh.exe
  C:\Windows\System\VbhxTfh.exe
  2⤵
  PID:8488
- C:\Windows\System\BbNidWw.exe
  C:\Windows\System\BbNidWw.exe
  2⤵
  PID:8504
- C:\Windows\System\ZZyBQCE.exe
  C:\Windows\System\ZZyBQCE.exe
  2⤵
  PID:8520
- C:\Windows\System\ZCrPPAO.exe
  C:\Windows\System\ZCrPPAO.exe
  2⤵
  PID:8536
- C:\Windows\System\oZUEFrU.exe
  C:\Windows\System\oZUEFrU.exe
  2⤵
  PID:8556
- C:\Windows\System\KloZtRl.exe
  C:\Windows\System\KloZtRl.exe
  2⤵
  PID:8576
- C:\Windows\System\bobvQft.exe
  C:\Windows\System\bobvQft.exe
  2⤵
  PID:8592
- C:\Windows\System\YZmMkNj.exe
  C:\Windows\System\YZmMkNj.exe
  2⤵
  PID:8608
- C:\Windows\System\xsHrGUU.exe
  C:\Windows\System\xsHrGUU.exe
  2⤵
  PID:8624
- C:\Windows\System\thAXNrb.exe
  C:\Windows\System\thAXNrb.exe
  2⤵
  PID:8640
- C:\Windows\System\qYGDrsW.exe
  C:\Windows\System\qYGDrsW.exe
  2⤵
  PID:8656
- C:\Windows\System\xcOhdce.exe
  C:\Windows\System\xcOhdce.exe
  2⤵
  PID:8672
- C:\Windows\System\radmjQn.exe
  C:\Windows\System\radmjQn.exe
  2⤵
  PID:8696
- C:\Windows\System\PFsbooz.exe
  C:\Windows\System\PFsbooz.exe
  2⤵
  PID:8712
- C:\Windows\System\GxYapeA.exe
  C:\Windows\System\GxYapeA.exe
  2⤵
  PID:8728
- C:\Windows\System\IBNtjtB.exe
  C:\Windows\System\IBNtjtB.exe
  2⤵
  PID:8780
- C:\Windows\System\luMJkEm.exe
  C:\Windows\System\luMJkEm.exe
  2⤵
  PID:8824
- C:\Windows\System\TPDYEmL.exe
  C:\Windows\System\TPDYEmL.exe
  2⤵
  PID:8840
- C:\Windows\System\LxcAWHD.exe
  C:\Windows\System\LxcAWHD.exe
  2⤵
  PID:8856
- C:\Windows\System\jqzYbSq.exe
  C:\Windows\System\jqzYbSq.exe
  2⤵
  PID:8872
- C:\Windows\System\MrwLuPW.exe
  C:\Windows\System\MrwLuPW.exe
  2⤵
  PID:8888
- C:\Windows\System\usEcCUA.exe
  C:\Windows\System\usEcCUA.exe
  2⤵
  PID:8904
- C:\Windows\System\JPgIGad.exe
  C:\Windows\System\JPgIGad.exe
  2⤵
  PID:8920
- C:\Windows\System\FdJFrRM.exe
  C:\Windows\System\FdJFrRM.exe
  2⤵
  PID:8944
- C:\Windows\System\qxUvMUs.exe
  C:\Windows\System\qxUvMUs.exe
  2⤵
  PID:8960
- C:\Windows\System\VsuEMgr.exe
  C:\Windows\System\VsuEMgr.exe
  2⤵
  PID:8976
- C:\Windows\System\GVbzfjg.exe
  C:\Windows\System\GVbzfjg.exe
  2⤵
  PID:8992
- C:\Windows\System\ybyVSYY.exe
  C:\Windows\System\ybyVSYY.exe
  2⤵
  PID:9008
- C:\Windows\System\KnaRbUb.exe
  C:\Windows\System\KnaRbUb.exe
  2⤵
  PID:9024
- C:\Windows\System\wjjEeqC.exe
  C:\Windows\System\wjjEeqC.exe
  2⤵
  PID:9040
- C:\Windows\System\UbxKPgV.exe
  C:\Windows\System\UbxKPgV.exe
  2⤵
  PID:9056
- C:\Windows\System\GMNkTEc.exe
  C:\Windows\System\GMNkTEc.exe
  2⤵
  PID:9072
- C:\Windows\System\zjgDmcR.exe
  C:\Windows\System\zjgDmcR.exe
  2⤵
  PID:9088
- C:\Windows\System\LpcdnNm.exe
  C:\Windows\System\LpcdnNm.exe
  2⤵
  PID:9104
- C:\Windows\System\gOqiuTg.exe
  C:\Windows\System\gOqiuTg.exe
  2⤵
  PID:9120
- C:\Windows\System\VgiXCex.exe
  C:\Windows\System\VgiXCex.exe
  2⤵
  PID:9136
- C:\Windows\System\FPjSufd.exe
  C:\Windows\System\FPjSufd.exe
  2⤵
  PID:9156
- C:\Windows\System\nrMiTji.exe
  C:\Windows\System\nrMiTji.exe
  2⤵
  PID:9176
- C:\Windows\System\CAgMrvZ.exe
  C:\Windows\System\CAgMrvZ.exe
  2⤵
  PID:9192
- C:\Windows\System\lYypeNm.exe
  C:\Windows\System\lYypeNm.exe
  2⤵
  PID:9208
- C:\Windows\System\fmFAqgS.exe
  C:\Windows\System\fmFAqgS.exe
  2⤵
  PID:2840
- C:\Windows\System\pbSDxdt.exe
  C:\Windows\System\pbSDxdt.exe
  2⤵
  PID:8256
- C:\Windows\System\VtEpAea.exe
  C:\Windows\System\VtEpAea.exe
  2⤵
  PID:7656
- C:\Windows\System\jphaYXf.exe
  C:\Windows\System\jphaYXf.exe
  2⤵
  PID:8204
- C:\Windows\System\ZdbOBCB.exe
  C:\Windows\System\ZdbOBCB.exe
  2⤵
  PID:8300
- C:\Windows\System\xzPxwDP.exe
  C:\Windows\System\xzPxwDP.exe
  2⤵
  PID:8304
- C:\Windows\System\wMcVgqF.exe
  C:\Windows\System\wMcVgqF.exe
  2⤵
  PID:8376
- C:\Windows\System\EosXpps.exe
  C:\Windows\System\EosXpps.exe
  2⤵
  PID:8444
- C:\Windows\System\CECDwaB.exe
  C:\Windows\System\CECDwaB.exe
  2⤵
  PID:8396
- C:\Windows\System\ceUOFlp.exe
  C:\Windows\System\ceUOFlp.exe
  2⤵
  PID:8356
- C:\Windows\System\nUAKEOq.exe
  C:\Windows\System\nUAKEOq.exe
  2⤵
  PID:8496
- C:\Windows\System\AfdPrTQ.exe
  C:\Windows\System\AfdPrTQ.exe
  2⤵
  PID:8512
- C:\Windows\System\zjRFCJb.exe
  C:\Windows\System\zjRFCJb.exe
  2⤵
  PID:8552
- C:\Windows\System\MFejtEx.exe
  C:\Windows\System\MFejtEx.exe
  2⤵
  PID:8568
- C:\Windows\System\QcGgReg.exe
  C:\Windows\System\QcGgReg.exe
  2⤵
  PID:8600
- C:\Windows\System\zgaXrgK.exe
  C:\Windows\System\zgaXrgK.exe
  2⤵
  PID:8684
- C:\Windows\System\DbyyXYJ.exe
  C:\Windows\System\DbyyXYJ.exe
  2⤵
  PID:8752
- C:\Windows\System\ktaRPAN.exe
  C:\Windows\System\ktaRPAN.exe
  2⤵
  PID:8772
- C:\Windows\System\dmIbhgq.exe
  C:\Windows\System\dmIbhgq.exe
  2⤵
  PID:8792
- C:\Windows\System\AFePNXt.exe
  C:\Windows\System\AFePNXt.exe
  2⤵
  PID:8808
- C:\Windows\System\gNoxOoH.exe
  C:\Windows\System\gNoxOoH.exe
  2⤵
  PID:8864
- C:\Windows\System\AdbUepE.exe
  C:\Windows\System\AdbUepE.exe
  2⤵
  PID:8928
- C:\Windows\System\vqshYYk.exe
  C:\Windows\System\vqshYYk.exe
  2⤵
  PID:8884
- C:\Windows\System\dvjidvg.exe
  C:\Windows\System\dvjidvg.exe
  2⤵
  PID:8940
- C:\Windows\System\YTHrmjz.exe
  C:\Windows\System\YTHrmjz.exe
  2⤵
  PID:8916
- C:\Windows\System\DiXhvRd.exe
  C:\Windows\System\DiXhvRd.exe
  2⤵
  PID:9004
- C:\Windows\System\onYvosZ.exe
  C:\Windows\System\onYvosZ.exe
  2⤵
  PID:9020
- C:\Windows\System\iUUbiZK.exe
  C:\Windows\System\iUUbiZK.exe
  2⤵
  PID:9080
- C:\Windows\System\mSapVoX.exe
  C:\Windows\System\mSapVoX.exe
  2⤵
  PID:9096
- C:\Windows\System\BdsNALM.exe
  C:\Windows\System\BdsNALM.exe
  2⤵
  PID:9148
- C:\Windows\System\UxrLYJj.exe
  C:\Windows\System\UxrLYJj.exe
  2⤵
  PID:9188
- C:\Windows\System\PpETfDf.exe
  C:\Windows\System\PpETfDf.exe
  2⤵
  PID:8288
- C:\Windows\System\QsdfBYf.exe
  C:\Windows\System\QsdfBYf.exe
  2⤵
  PID:8220
- C:\Windows\System\kQVJpZJ.exe
  C:\Windows\System\kQVJpZJ.exe
  2⤵
  PID:8268
- C:\Windows\System\nhokZdB.exe
  C:\Windows\System\nhokZdB.exe
  2⤵
  PID:8272
- C:\Windows\System\MCWOuZa.exe
  C:\Windows\System\MCWOuZa.exe
  2⤵
  PID:8360
- C:\Windows\System\cyyGeAs.exe
  C:\Windows\System\cyyGeAs.exe
  2⤵
  PID:8548
- C:\Windows\System\IukdsWk.exe
  C:\Windows\System\IukdsWk.exe
  2⤵
  PID:8484
- C:\Windows\System\EHdjRQk.exe
  C:\Windows\System\EHdjRQk.exe
  2⤵
  PID:8616
- C:\Windows\System\lRfURmw.exe
  C:\Windows\System\lRfURmw.exe
  2⤵
  PID:8720
- C:\Windows\System\KroCBAi.exe
  C:\Windows\System\KroCBAi.exe
  2⤵
  PID:8652
- C:\Windows\System\QaUBaje.exe
  C:\Windows\System\QaUBaje.exe
  2⤵
  PID:8760
- C:\Windows\System\gFIQpjL.exe
  C:\Windows\System\gFIQpjL.exe
  2⤵
  PID:8896
- C:\Windows\System\LAqTQiL.exe
  C:\Windows\System\LAqTQiL.exe
  2⤵
  PID:8956
- C:\Windows\System\kKrEBpe.exe
  C:\Windows\System\kKrEBpe.exe
  2⤵
  PID:8776
- C:\Windows\System\gROGoBV.exe
  C:\Windows\System\gROGoBV.exe
  2⤵
  PID:8816
- C:\Windows\System\wwJmUOE.exe
  C:\Windows\System\wwJmUOE.exe
  2⤵
  PID:8988
- C:\Windows\System\AyWEPPI.exe
  C:\Windows\System\AyWEPPI.exe
  2⤵
  PID:9036
- C:\Windows\System\AXwLnEm.exe
  C:\Windows\System\AXwLnEm.exe
  2⤵
  PID:9164
- C:\Windows\System\kMKBogY.exe
  C:\Windows\System\kMKBogY.exe
  2⤵
  PID:9144
- C:\Windows\System\FFuBcZN.exe
  C:\Windows\System\FFuBcZN.exe
  2⤵
  PID:8240
- C:\Windows\System\DRmlJvR.exe
  C:\Windows\System\DRmlJvR.exe
  2⤵
  PID:8412
- C:\Windows\System\iDhfRCr.exe
  C:\Windows\System\iDhfRCr.exe
  2⤵
  PID:8428
- C:\Windows\System\BCTyHxP.exe
  C:\Windows\System\BCTyHxP.exe
  2⤵
  PID:8584
- C:\Windows\System\WjulRDN.exe
  C:\Windows\System\WjulRDN.exe
  2⤵
  PID:8804
- C:\Windows\System\fIWVqby.exe
  C:\Windows\System\fIWVqby.exe
  2⤵
  PID:8724
- C:\Windows\System\FfnJINN.exe
  C:\Windows\System\FfnJINN.exe
  2⤵
  PID:8852
- C:\Windows\System\leJWzea.exe
  C:\Windows\System\leJWzea.exe
  2⤵
  PID:8788
- C:\Windows\System\jweyOrJ.exe
  C:\Windows\System\jweyOrJ.exe
  2⤵
  PID:9116
- C:\Windows\System\JptjRjy.exe
  C:\Windows\System\JptjRjy.exe
  2⤵
  PID:7836
- C:\Windows\System\FqEepkl.exe
  C:\Windows\System\FqEepkl.exe
  2⤵
  PID:8648
- C:\Windows\System\RnRVaGf.exe
  C:\Windows\System\RnRVaGf.exe
  2⤵
  PID:8820
- C:\Windows\System\gODhcDX.exe
  C:\Windows\System\gODhcDX.exe
  2⤵
  PID:9128
- C:\Windows\System\HlyWidd.exe
  C:\Windows\System\HlyWidd.exe
  2⤵
  PID:8252
- C:\Windows\System\bwSKTTx.exe
  C:\Windows\System\bwSKTTx.exe
  2⤵
  PID:8564
- C:\Windows\System\qNSAkuf.exe
  C:\Windows\System\qNSAkuf.exe
  2⤵
  PID:8936
- C:\Windows\System\QtfRKeL.exe
  C:\Windows\System\QtfRKeL.exe
  2⤵
  PID:8324
- C:\Windows\System\bAwSCGH.exe
  C:\Windows\System\bAwSCGH.exe
  2⤵
  PID:8604
- C:\Windows\System\qeDLtUS.exe
  C:\Windows\System\qeDLtUS.exe
  2⤵
  PID:8372
- C:\Windows\System\yWnAORo.exe
  C:\Windows\System\yWnAORo.exe
  2⤵
  PID:9232
- C:\Windows\System\ZhGHxkg.exe
  C:\Windows\System\ZhGHxkg.exe
  2⤵
  PID:9248
- C:\Windows\System\rHSsGaQ.exe
  C:\Windows\System\rHSsGaQ.exe
  2⤵
  PID:9264
- C:\Windows\System\GsrtCiy.exe
  C:\Windows\System\GsrtCiy.exe
  2⤵
  PID:9280
- C:\Windows\System\BuTkAnU.exe
  C:\Windows\System\BuTkAnU.exe
  2⤵
  PID:9296
- C:\Windows\System\cFabMcN.exe
  C:\Windows\System\cFabMcN.exe
  2⤵
  PID:9312
- C:\Windows\System\yFlNcQM.exe
  C:\Windows\System\yFlNcQM.exe
  2⤵
  PID:9328
- C:\Windows\System\JkjBDbs.exe
  C:\Windows\System\JkjBDbs.exe
  2⤵
  PID:9344
- C:\Windows\System\FyVtPaE.exe
  C:\Windows\System\FyVtPaE.exe
  2⤵
  PID:9360
- C:\Windows\System\AWvIogT.exe
  C:\Windows\System\AWvIogT.exe
  2⤵
  PID:9376
- C:\Windows\System\CpSboMC.exe
  C:\Windows\System\CpSboMC.exe
  2⤵
  PID:9392
- C:\Windows\System\CCykoub.exe
  C:\Windows\System\CCykoub.exe
  2⤵
  PID:9408
- C:\Windows\System\BPasioo.exe
  C:\Windows\System\BPasioo.exe
  2⤵
  PID:9424
- C:\Windows\System\asowwZJ.exe
  C:\Windows\System\asowwZJ.exe
  2⤵
  PID:9440
- C:\Windows\System\ysRASEa.exe
  C:\Windows\System\ysRASEa.exe
  2⤵
  PID:9456
- C:\Windows\System\YpyDdDC.exe
  C:\Windows\System\YpyDdDC.exe
  2⤵
  PID:9472
- C:\Windows\System\RGucMrN.exe
  C:\Windows\System\RGucMrN.exe
  2⤵
  PID:9488
- C:\Windows\System\peCwdsy.exe
  C:\Windows\System\peCwdsy.exe
  2⤵
  PID:9504
- C:\Windows\System\UhsiSGz.exe
  C:\Windows\System\UhsiSGz.exe
  2⤵
  PID:9520
- C:\Windows\System\AvgKIxo.exe
  C:\Windows\System\AvgKIxo.exe
  2⤵
  PID:9536
- C:\Windows\System\qfPvobl.exe
  C:\Windows\System\qfPvobl.exe
  2⤵
  PID:9552
- C:\Windows\System\RZDndhk.exe
  C:\Windows\System\RZDndhk.exe
  2⤵
  PID:9568
- C:\Windows\System\kosDLSq.exe
  C:\Windows\System\kosDLSq.exe
  2⤵
  PID:9584
- C:\Windows\System\RXHsuUw.exe
  C:\Windows\System\RXHsuUw.exe
  2⤵
  PID:9600
- C:\Windows\System\vprkquv.exe
  C:\Windows\System\vprkquv.exe
  2⤵
  PID:9616
- C:\Windows\System\PlKvfAd.exe
  C:\Windows\System\PlKvfAd.exe
  2⤵
  PID:9632
- C:\Windows\System\BCWRokV.exe
  C:\Windows\System\BCWRokV.exe
  2⤵
  PID:9648
- C:\Windows\System\IQhDwBS.exe
  C:\Windows\System\IQhDwBS.exe
  2⤵
  PID:9664
- C:\Windows\System\bsyVSVY.exe
  C:\Windows\System\bsyVSVY.exe
  2⤵
  PID:9680
- C:\Windows\System\cfAcxlk.exe
  C:\Windows\System\cfAcxlk.exe
  2⤵
  PID:9696
- C:\Windows\System\IbIAGin.exe
  C:\Windows\System\IbIAGin.exe
  2⤵
  PID:9712
- C:\Windows\System\ZIQUmkU.exe
  C:\Windows\System\ZIQUmkU.exe
  2⤵
  PID:9728
- C:\Windows\System\avTXECC.exe
  C:\Windows\System\avTXECC.exe
  2⤵
  PID:9744
- C:\Windows\System\IshBCrN.exe
  C:\Windows\System\IshBCrN.exe
  2⤵
  PID:9760
- C:\Windows\System\Oadkhmh.exe
  C:\Windows\System\Oadkhmh.exe
  2⤵
  PID:9780
- C:\Windows\System\drKAelS.exe
  C:\Windows\System\drKAelS.exe
  2⤵
  PID:9804
- C:\Windows\System\yOORGSZ.exe
  C:\Windows\System\yOORGSZ.exe
  2⤵
  PID:9820
- C:\Windows\System\dvNOiFp.exe
  C:\Windows\System\dvNOiFp.exe
  2⤵
  PID:9840
- C:\Windows\System\PSgqNnS.exe
  C:\Windows\System\PSgqNnS.exe
  2⤵
  PID:9856
- C:\Windows\System\heWEUPN.exe
  C:\Windows\System\heWEUPN.exe
  2⤵
  PID:9884
- C:\Windows\System\IhidNQy.exe
  C:\Windows\System\IhidNQy.exe
  2⤵
  PID:9908
- C:\Windows\System\MDsfBvv.exe
  C:\Windows\System\MDsfBvv.exe
  2⤵
  PID:9928
- C:\Windows\System\rRBxNHb.exe
  C:\Windows\System\rRBxNHb.exe
  2⤵
  PID:9956
- C:\Windows\System\AkrjROp.exe
  C:\Windows\System\AkrjROp.exe
  2⤵
  PID:9972
- C:\Windows\System\CEGEdfY.exe
  C:\Windows\System\CEGEdfY.exe
  2⤵
  PID:10000
- C:\Windows\System\kJuFCVB.exe
  C:\Windows\System\kJuFCVB.exe
  2⤵
  PID:10016
- C:\Windows\System\lGUFsPX.exe
  C:\Windows\System\lGUFsPX.exe
  2⤵
  PID:10036
- C:\Windows\System\isuqhcd.exe
  C:\Windows\System\isuqhcd.exe
  2⤵
  PID:10052
- C:\Windows\System\ytcneOA.exe
  C:\Windows\System\ytcneOA.exe
  2⤵
  PID:10068
- C:\Windows\System\DHxkKkm.exe
  C:\Windows\System\DHxkKkm.exe
  2⤵
  PID:10084
- C:\Windows\System\IaoZWOn.exe
  C:\Windows\System\IaoZWOn.exe
  2⤵
  PID:10100
- C:\Windows\System\QmRAurB.exe
  C:\Windows\System\QmRAurB.exe
  2⤵
  PID:10116
- C:\Windows\System\YHuhYRp.exe
  C:\Windows\System\YHuhYRp.exe
  2⤵
  PID:10132
- C:\Windows\System\cfHLUpQ.exe
  C:\Windows\System\cfHLUpQ.exe
  2⤵
  PID:10156
- C:\Windows\System\SBCLmit.exe
  C:\Windows\System\SBCLmit.exe
  2⤵
  PID:10184
- C:\Windows\System\durQJQk.exe
  C:\Windows\System\durQJQk.exe
  2⤵
  PID:10200
- C:\Windows\System\RyRZFKd.exe
  C:\Windows\System\RyRZFKd.exe
  2⤵
  PID:9260
- C:\Windows\System\AsazFkB.exe
  C:\Windows\System\AsazFkB.exe
  2⤵
  PID:9320
- C:\Windows\System\NCmgEIz.exe
  C:\Windows\System\NCmgEIz.exe
  2⤵
  PID:9384
- C:\Windows\System\MVCQbKV.exe
  C:\Windows\System\MVCQbKV.exe
  2⤵
  PID:9448
- C:\Windows\System\GrwsbKU.exe
  C:\Windows\System\GrwsbKU.exe
  2⤵
  PID:9372
- C:\Windows\System\HSqQByL.exe
  C:\Windows\System\HSqQByL.exe
  2⤵
  PID:9464
- C:\Windows\System\kvNVhis.exe
  C:\Windows\System\kvNVhis.exe
  2⤵
  PID:9436
- C:\Windows\System\HwLmeNN.exe
  C:\Windows\System\HwLmeNN.exe
  2⤵
  PID:9532
- C:\Windows\System\dZRosfX.exe
  C:\Windows\System\dZRosfX.exe
  2⤵
  PID:9576
- C:\Windows\System\sGnSxkf.exe
  C:\Windows\System\sGnSxkf.exe
  2⤵
  PID:9624
- C:\Windows\System\RyoUhyq.exe
  C:\Windows\System\RyoUhyq.exe
  2⤵
  PID:9656
- C:\Windows\System\EwvbjEl.exe
  C:\Windows\System\EwvbjEl.exe
  2⤵
  PID:9692
- C:\Windows\System\iuvoUsx.exe
  C:\Windows\System\iuvoUsx.exe
  2⤵
  PID:9676
- C:\Windows\System\EchiVAP.exe
  C:\Windows\System\EchiVAP.exe
  2⤵
  PID:9796
- C:\Windows\System\aiocYBF.exe
  C:\Windows\System\aiocYBF.exe
  2⤵
  PID:9812
- C:\Windows\System\rreUxUs.exe
  C:\Windows\System\rreUxUs.exe
  2⤵
  PID:9836
- C:\Windows\System\DWLkEig.exe
  C:\Windows\System\DWLkEig.exe
  2⤵
  PID:9880
- C:\Windows\System\NPOcfAz.exe
  C:\Windows\System\NPOcfAz.exe
  2⤵
  PID:9892
- C:\Windows\System\pQGVbSc.exe
  C:\Windows\System\pQGVbSc.exe
  2⤵
  PID:9924
- C:\Windows\System\SFUesGa.exe
  C:\Windows\System\SFUesGa.exe
  2⤵
  PID:9940
- C:\Windows\System\hWmaCuY.exe
  C:\Windows\System\hWmaCuY.exe
  2⤵
  PID:9564
- C:\Windows\System\SEJrqNq.exe
  C:\Windows\System\SEJrqNq.exe
  2⤵
  PID:9628
- C:\Windows\System\pOHiivM.exe
  C:\Windows\System\pOHiivM.exe
  2⤵
  PID:9688
- C:\Windows\System\wzVIhas.exe
  C:\Windows\System\wzVIhas.exe
  2⤵
  PID:9704
- C:\Windows\System\kmHkuKr.exe
  C:\Windows\System\kmHkuKr.exe
  2⤵
  PID:9896
- C:\Windows\System\YKLoCNi.exe
  C:\Windows\System\YKLoCNi.exe
  2⤵
  PID:9920
- C:\Windows\System\mJiINhx.exe
  C:\Windows\System\mJiINhx.exe
  2⤵
  PID:9224
- C:\Windows\System\WpLdiTP.exe
  C:\Windows\System\WpLdiTP.exe
  2⤵
  PID:9276
- C:\Windows\System\zNvPKEP.exe
  C:\Windows\System\zNvPKEP.exe
  2⤵
  PID:9420
- C:\Windows\System\LpWCYlX.exe
  C:\Windows\System\LpWCYlX.exe
  2⤵
  PID:9356
- C:\Windows\System\MEinhpr.exe
  C:\Windows\System\MEinhpr.exe
  2⤵
  PID:9404
- C:\Windows\System\LqyFtgM.exe
  C:\Windows\System\LqyFtgM.exe
  2⤵
  PID:9496
- C:\Windows\System\OMcItXb.exe
  C:\Windows\System\OMcItXb.exe
  2⤵
  PID:9984
- C:\Windows\System\ngnXWsQ.exe
  C:\Windows\System\ngnXWsQ.exe
  2⤵
  PID:9792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BZawDVJ.exe

Filesize
6.0MB

MD5
7c5072d553736f1907c5e04f54410497

SHA1
9220f2556b804c14bd50524686f5eea1cfa9e2e9

SHA256
0516f1b00ccab0e24b9bb7ac7f8de25182e697316f1878c7092e58625bd5a880

SHA512
af2ba297fb7ed24dbcceb3aabbe5aaedb1294c8dda2c31c807cb36b0dc8f7974b33f098135b25ed1d3344ca1dac281e545bddea9ad2dde4438ea08adcfda2a7d

Download Submit
C:\Windows\system\CsJBPBh.exe

Filesize
6.0MB

MD5
e414368ba549789ec83e0c5fdc3b5aaf

SHA1
9af259796517c1dcb5ada0d8a8fa34bab11fb226

SHA256
c2ae07c8fc73490bda94cfa97da842ae21ad469ef2dc6c0d6a8b25a5bebf9b3e

SHA512
1155b732abe2b4d45e5400a08cef7aaf316cf730c1d3e58f755ae162121d79be6ce66ee8a64602aeeacdcef1c556938e1c223b06ca5e6bf8c135b93820504826

Download Submit
C:\Windows\system\GiEsaZY.exe

Filesize
6.0MB

MD5
b950906ded392af7687a897554782187

SHA1
e9604b27eb2b622ef6964c421dac0cd6488186cd

SHA256
92856aeec9532692296d26fddcf63ecf4be114d73cb87a7df4fac4967effa4af

SHA512
44e2d0345c138dadb993ffdb768795268d5ca331d5fc9280bfa6e9a9f16a4f1ac9f90f3a02fef1645e33ba3c56ad60d7f38d4b9dfc34295ad0de8c45d77b6a20

Download Submit
C:\Windows\system\HhuSEBs.exe

Filesize
6.0MB

MD5
0d8cce3cf00c17a42e78e58d4bb90f4c

SHA1
212a677560fd451eebc8a2d3fa715ecf07057731

SHA256
702ce344c479a84f07d2b01887b314cfa4d1c731850994496b939acc84860fd2

SHA512
3fd5a8083211ebf01183b2dac727450962878d4f2627c2fc30b12486852f3f6ea2301f2df1390700ff9714c0c4b8730917d84bb7fe0da5a7d883c6257a8ab201

Download Submit
C:\Windows\system\IAkGbBj.exe

Filesize
6.0MB

MD5
667e1c1b57c9bb653aea2530f3a66bd8

SHA1
6481832dae1ef9ea4f28ec5d00b4737471c60573

SHA256
b17bf17390bedd8d60c75cd51cb14d1af2f32ce8eb0d03300bb9971a9a31090f

SHA512
27231ab5a754f585b9a1e283b758d6c6e065a31eac9c51549d57f2db97083f4a8088cc5c383d6b379e40bb3db1ceb5379b10635bac35e91006f49e36137f6e25

Download Submit
C:\Windows\system\KHBvsIL.exe

Filesize
6.0MB

MD5
299b0abf942acf82d2a9072482f8393e

SHA1
df1b1905666aa6bd470a698540b1428caf80663c

SHA256
35fdba093c09c799e6d1567312650afcb6748240ec2d5054e5d9d2f2528ca776

SHA512
a31f3082b0e70c3895b4e1404ce1006290bd967bdad7b69cd0cadbf1e6e09e418441101961c817213343ea9361decd55c47b90c0c92eeb56462572c1a7d401dc

Download Submit
C:\Windows\system\KikjxWA.exe

Filesize
6.0MB

MD5
29a786bea5aadcdbb909ab921c9e17d9

SHA1
e279535c0faecd244b7080c9077153566a38a0dd

SHA256
d3a78f1c3dfb8bdef2e7659f69a7db732f21f3a7852a29f1bf495c88b2efb740

SHA512
a20b4c7d8b7962ae0a0f838e1734b6a7e9c0fba01de22f9c0d7d6dfbef0eaaa8063417d2b2a31b81414aac206e724b5ef98a6559c3f9c49ca8e121975dc68930

Download Submit
C:\Windows\system\NILpuqi.exe

Filesize
6.0MB

MD5
7a20a7132570511920204907cd3f6c00

SHA1
b6ce08dfb3f21725738fa3a3f2131761e6cbec28

SHA256
97d75aa0415d5e161ff435224293d0748f91629200c6f0368dcad6603fd37c69

SHA512
b96b4c82b2a79ff3a84341bff538b4710869d4d5bd10f516a068f74da306755551d4c3a24479c352597f11ee9b88ceda64c67bd25f0c631653f67f6429543abc

Download Submit
C:\Windows\system\OQwrrzy.exe

Filesize
6.0MB

MD5
2c60c33d3a1fcdc9a3da05bf25a5294d

SHA1
06ef56d917c052489e21f5414f33e324b96d1b12

SHA256
e45d82d3ba65823ce3cf12e4de67e686702446f39f723646fea32796bb48fd6e

SHA512
647b18e291c2c520e7e372b970bbd27312600580ed076305466cb4eb4e73ca9a214077c5b224105abb2b2b16081b10b46b71628034006da684483a74f0a4c10b

Download Submit
C:\Windows\system\PwXEuLh.exe

Filesize
6.0MB

MD5
b024e973d1f665f7393329e737dd9b24

SHA1
bc284b32858847a0e2c17018449a01f6c200eea9

SHA256
f2e3e4ee3d86c685f88470233add1e017231194952e85ca85238bd1c5a79b988

SHA512
7c18a2f358abb120308b0f53f42cbb68752555ac1df5aadef6277c5ffb16f304ee405e121c93574589db4f48a07a4c6894af7a5eb510f3bc1708899966e459e3

Download Submit
C:\Windows\system\TPsEjFd.exe

Filesize
6.0MB

MD5
47157122a3850cc338c6d2e714895a46

SHA1
cc44bb8f99e31387a17816a8bda8a543a3bef4be

SHA256
c3a19caab083f9096aedf408068ec38024c5f934961b4e0c64748704b7b94a60

SHA512
ce3e626e862cdbeb63765f8a39f8ffa5d9855f6423b465b25838f466807a731f018e1881ea73e4a3a3164d8ac00b63714501182f1228d0dad307413b629c53f3

Download Submit
C:\Windows\system\ToiIIWA.exe

Filesize
6.0MB

MD5
d2ece0e168ab70a53e22c6f07e201507

SHA1
8368dd3c0f07e89cec28242d0d62720aad9bab3a

SHA256
eb0b4fc784d31387c762c27c7fd0f8098a9bb965b2ccd9701abcd0e1c72f9c3e

SHA512
ec6a3393fa2143967504537bbe0219780bbb7507d6cdb59eba915a48b2aaf153c48fbec73f85502c05f3dc1c21deed04141a9dc86ea7c051017e04dfc9096473

Download Submit
C:\Windows\system\VJcbWhT.exe

Filesize
6.0MB

MD5
3d6f9f6cf93bba6283d5288d63896974

SHA1
4a4dd7eb4ae0184892ec068f5c0647a4e060dbec

SHA256
3e698ca3103708b00cfff6085df10cbc97c494b21e6156712f828870e5865088

SHA512
529c31539bfd5ad28e731c374fa8fe7920332a4d7857a23c73c6fa478f5c8bce28216155ad5010e86b64ed46a377cc7efe737f2a8078522b2e340626689a80ca

Download Submit
C:\Windows\system\VYGsKvM.exe

Filesize
6.0MB

MD5
e19ce5381ab1ffe2aaa9ef7d9ee1abe2

SHA1
8a90b312b39f7f7560a4b51fdf511ea4084d0cb6

SHA256
a612d3dc143f16de50b76226d6f581dc7db046e50103bbe22496ca9aba1acd3f

SHA512
e3ec54572d3893c343e8347de3917d2ec4df5e6f51aec36813c4a0fa9d5a920ffa751af3048b2904046943b83289f61f8d3203d885b75299f766203abefdb513

Download Submit
C:\Windows\system\WLRnKzw.exe

Filesize
6.0MB

MD5
7ba5db92b88b0bf93a0aed027bc838f8

SHA1
ce8cb3c10b6db421470730deda651921ba2af31d

SHA256
f78ffd82cb942afb1d31c4a3efc8086a14a090e07fe21efbc21b9ac1da3dbd07

SHA512
d472edad45252990fb2c068b3f3a12e251f741a3819679801dcf3f9a1725f55ecab799314e420993ee659a31e6560caf42634e93fb444de1ee8e7baedd0830df

Download Submit
C:\Windows\system\YqEEZEO.exe

Filesize
6.0MB

MD5
f97b072ce09fec0929d65de04610a0b4

SHA1
a31496beb93bd99aa66dc4854dc97bd351acdfb3

SHA256
3327313aff641dfa85492ffc3d17cef46880f77874533605d7c0642ba35b22d8

SHA512
205daedba3453fc6a854fbc279e74ff886b662b18f0ce2bb55f93637369a10e581338e0416cd1f7542147cd06391e8038d8f33d757b14f1359492b7eb56e1a0a

Download Submit
C:\Windows\system\bihdugD.exe

Filesize
8B

MD5
e26af5bba182f5ae21d866e95be58acb

SHA1
6355a57a0c4463303343211568c68a84accc98b8

SHA256
8755d9aa995ba16c91281f5d5c77aa24eb9328ec2db29558f5b185dd7569df87

SHA512
000df3331366617a9c113ff257282ac5d38068c7c0edf7028bb88f90bfad6565c7c2573bc180daf566072dcf621ee1775afdd2f8619d5ac74de7c34712a1eeb7

Download Submit
C:\Windows\system\csUZpZp.exe

Filesize
6.0MB

MD5
a15f74c7ddbf9a210157167a56101158

SHA1
491615dd5f7da7e3b5de12f33411a35da8bdf45f

SHA256
e384f4e237562429ddfe21450a2e9ff9ff91f4ffae9ed865994bf2d014dfbd27

SHA512
a14295f6ac6c5887af9b5916da36da29266a65b97d713648074999bfea43d7561a308e2b29bc9cd5519b712bdc717330d58c290fcbda761573465cb19522bfe4

Download Submit
C:\Windows\system\dBcQIld.exe

Filesize
6.0MB

MD5
0dc2d7c0bc4382c4c56d938b496e4a0d

SHA1
ac8ba9b7c6caeed6a7d27bc52c922767069a577f

SHA256
1c7f9494c1dcb8dbdc9f16c5cb78c36890837855c2853fcde0b19ca76519663b

SHA512
9ac3078d717c41b69cb87fc92a3e70b08df11c33f7ca0256dee5c482008f5d9b33af754b055989506fada384d75f3b78e6f3eea469a1bdf97ce37f51552cc01e

Download Submit
C:\Windows\system\fGcYmlB.exe

Filesize
6.0MB

MD5
cfd5527202f2c3934c9dc48d345dde62

SHA1
e45504274c11e76f78519cb87d59d6d7798d318f

SHA256
8c5ce2a7ac8732147758a5c4042ad86454e92e1ac75d09c4f04e461743e42d75

SHA512
c4035e8746e32cebea687cd301b8ee7ca31c2d12a5e093f1622eca977ffc6534588df407e3c33fd302d14ad55ef4b240765b54cbb9a4ca6fcc888228b92cc89c

Download Submit
C:\Windows\system\fvJnvaU.exe

Filesize
6.0MB

MD5
fcd97400e1cfaeb94dc3b7d2e21507cc

SHA1
0c86cc75c4aa433e7e8b69a1c1dade9376c9b623

SHA256
aa9bdb3b6c776616cad6c20dce80d51e2563c5625132c62f8e14a9905ea8cc48

SHA512
62f663eb674b299b8a0ac5986e805c687c6904ed57b5f7098a48f80d856e2890ef3e42091352e67e0bfce908f95cdd6012c10c04d96f0fd5fe6d71d6da0326cd

Download Submit
C:\Windows\system\hyAgGNd.exe

Filesize
6.0MB

MD5
6db0b61555382c33b8c645467b99e0e6

SHA1
0b86197ecf4fbaff652ad216b001175ee8ca2d4d

SHA256
1a3b3b80bfb12e1b5ddba4bb0b1900f4cd6b61686bb0e237404ce36b8687b90c

SHA512
acdfc29002b47c9db7e0b30c991c87bf92b9a5f6ce117443931e65ebbb3f8680509d5f9ed85452a8996eae2c9b964ca0bb6a32c33a8cbd79d554b5b1f8b88d49

Download Submit
C:\Windows\system\qxaIZsm.exe

Filesize
6.0MB

MD5
a1d2d0e561190b4eed40210de3256c3e

SHA1
0d49f18b60e916c1ed9171941cbdc11945198222

SHA256
b5157861f141775279bf1c9b3f19fdd783c0bb5afd50c336405ec9051d38714c

SHA512
e2196e7248d662af8fe03bcb8a50a9888c64f5a9b9adcd35f41cfc825db9061c32c09bc5d25be85365b22fb5f567844af872d2c097f229c8d0c560b8427ce36c

Download Submit
C:\Windows\system\rjohGaX.exe

Filesize
6.0MB

MD5
feec110df7eaa36df7f5bd1b1ff78ad8

SHA1
066c5b8c23cb84cad0138c9c5850ac6ca4df6aa7

SHA256
36bfb74b34cc1f1ed0a88c36309221be2a83eb7578aded98cc2de93bd74acbef

SHA512
203dea1a022204b1ade590e3a50167701e992f7a3b369584e22cc2cda338f7da07626228a963d7c24b82c7e234e25727e39a3803af7659e9ddbf1bd0b1bff2e1

Download Submit
C:\Windows\system\uEjeahr.exe

Filesize
6.0MB

MD5
a01c950a88eaa668493f17b6f4a4cb36

SHA1
651d16e8cd7845ea13fa470245949a5f12d5f7ca

SHA256
1ba1a34bac52f9a32519560d2d59b9e016e129f46cb7a0ed45b77ae94fa60088

SHA512
23556a430c4f6fa47073475f686da0c9c50cce21fa63f91a318ffccd5aeb94f91c52cea931f50fdb15727d81b149c52d65309e3a2f11731901f95268ffae06c8

Download Submit
C:\Windows\system\vMErWIJ.exe

Filesize
6.0MB

MD5
0c84e7740426101cc92c44306aa20216

SHA1
ccfc32526768ca9ffe87fc101c2445847589706c

SHA256
6378fa6469f0eeed334f106a7196ff794be30fdda51139c6bfa2a9640b615876

SHA512
ea3264470c6a254b7ad3c5fca76730458b25df5804b100694634dfc49172773283e755bfefa0b8913519a7571b248a1f6945bf27cf75adc7dd89472bc9e14bfa

Download Submit
C:\Windows\system\wnfQsLB.exe

Filesize
6.0MB

MD5
9d1b3f7cede105cbd22c7b47c3dca214

SHA1
ab9c27ab6336fca664899e1761b9a3fddf9019e2

SHA256
03094567492a495d692e8732ba03cef6cd07279cc8e66d9b4b3c2524f11f40d0

SHA512
d1e3222980f66e4e5f89d73c45ea495536c0818fe5dab847208beb77a87f9311330d444784322b41a1e3dc053b8dc39cf9183d2bf191eb5ab8960afd17bcb4f7

Download Submit
C:\Windows\system\xwqAXxZ.exe

Filesize
6.0MB

MD5
768de0a35799c8600313b346d047c47b

SHA1
a0c572a95680c7bdcbb219b6a06bb89ceb2dfb80

SHA256
0cb4cea96cc1db769ecef92201658813143acdc15be3b56c7ff0c10e14cbafcc

SHA512
15b63b183d23486494fe749a744c21c1a12bd8811a7c7a3eadfd1b9c6dc59e2a6bd7d6d5424caeb51bd37087dff427a6b6ee02aa61e07ddad9d92a1a61e9bc34

Download Submit
C:\Windows\system\ySTNvwq.exe

Filesize
6.0MB

MD5
5c5aab86605de1d4f08574111daa0c74

SHA1
3c2471b1ee12d8b6adab5dae84b8d184a794d0b3

SHA256
9767a817775e48da237f13593f3f678739cfb5002dff7602b7189a61575b3557

SHA512
27b84031d1bc9e349ddaa9054300e4cd354918e3371bdf41c61e851413241ecb437e074aefbfefc6266a9fdeb5ed5e5b389a55a92f906d2732f92d9ae743c20a

Download Submit
C:\Windows\system\zTCCqtL.exe

Filesize
6.0MB

MD5
fdd194cb844deaaae211a9b41d7da0f2

SHA1
03a3e51839e05a0b19dcb17c3d4efad78a180eff

SHA256
a0462054e91f5b176e5b448355dbe5104e33b2e1034aa738778a8a01f43c6c15

SHA512
5c7bd21713d3878e065329b70560c9bb633b4222fc2f6c729dce61e8c2e4f4ab442264f42eb8ab97013966a3d3f43fb02c507998c66bfa3a1550ffd8d0d34155

Download Submit
\Windows\system\TGuwXvl.exe

Filesize
6.0MB

MD5
9908f49183a618a373b9513884a306a6

SHA1
3cf08b2f9dacc0f54c62ecde5b2f91ce0bd70c32

SHA256
338f23a75674fe5fd28c579713f2ff96ffe7921615115eca06356d14461586d7

SHA512
d2d1390a21d0e98020db055046c20d7a74d6620583e5ad02e0b9486768ab683c25dde19d4972d92f0a8dd76637ff22967966fe140eea294958b816bcd2cc5271

Download Submit
\Windows\system\YDUYmuo.exe

Filesize
6.0MB

MD5
61142f414083ebba4b4d8b4e55a298bc

SHA1
56a338a8c6640853772627986d91afa6386c1f11

SHA256
b6e1980b15d6399337ceed113f493af62053017dbe3987a89c98eaf2f4c232b0

SHA512
ca3320defee5777bc4acdc1cd29ca18479358ce138dc70abf682b9231c03ac8562933966de469d43cc9573894ef10ba3c6366fe96709a278052a35f213e5119a

Download Submit
\Windows\system\rGmFmfx.exe

Filesize
6.0MB

MD5
52a52aaf65c5924790c400b77cc0900c

SHA1
b499cb793e2820832548428dc6f7bc0a2e3da264

SHA256
9d5c01ed2d29bb1cbf163fa3f2181af7b13c6ed35b2524994f9da3dac95141cd

SHA512
432de8ece1b9ca3d727fe657896f44b0080a643c585eb7a07c1df0d01da585bb3cdb55cc44a3d86481be29c421feb93433e98870cff5567f1675578b6e63d4da

Download Submit
memory/604-142-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/604-1101-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/604-4050-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1616-126-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1680-124-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-3995-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2100-21-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2224-1094-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2224-134-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2224-4067-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2300-3984-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2300-20-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2540-681-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2540-8-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2540-0-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2540-145-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2540-22-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2540-143-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2540-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2540-287-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2540-135-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2540-26-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2540-133-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2540-576-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2540-131-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-129-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2540-32-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2540-127-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2540-1134-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2540-125-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2540-121-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-123-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-1093-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2624-1090-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4043-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2624-128-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2724-4070-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2724-130-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1091-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2736-910-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2736-35-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2736-4003-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2800-122-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2860-144-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-4032-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-4010-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-18-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-28-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2960-3993-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2960-794-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/3032-4040-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-1092-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-132-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download