cobaltstrike | e6d21c053ac46eebb166ac38264d62b18fb5f80df9528ec8a0a5c86fa140c823

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-09-2024 15:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

2d7bb2220680a8420261f901d467aa5d
SHA1

552f1b041da043220f3bf662714fd532d93b049a
SHA256

e6d21c053ac46eebb166ac38264d62b18fb5f80df9528ec8a0a5c86fa140c823
SHA512

1e8e5c6a0ec1a71d798b37a3c32c3d0f48f4eb16240bb9a8f434dc94e36af3235d45a12856c7a443c0011b5796c915e22e5a6288f6984d02572eb97e43f2b53e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU5:T+q56utgpPF8u/75

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012251-6.dat	cobalt_reflective_dll
behavioral1/files/0x000f000000018ab4-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b54-15.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b58-28.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018ffa-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019044-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019028-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019074-128.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000192d3-183.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191ed-177.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019206-173.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191d2-158.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000192e3-188.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000192ad-180.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191bb-145.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191f7-170.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001919b-138.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191da-162.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191c8-150.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191b3-144.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001915a-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001904d-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fca-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fcd-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fc4-59.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fc7-58.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fc2-50.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001903d-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001901a-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fe2-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b6e-46.dat	cobalt_reflective_dll
behavioral1/files/0x000f000000018afc-40.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b5d-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1656-0-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x000c000000012251-6.dat	xmrig
behavioral1/files/0x000f000000018ab4-11.dat	xmrig
behavioral1/files/0x0007000000018b54-15.dat	xmrig
behavioral1/files/0x0006000000018b58-28.dat	xmrig
behavioral1/memory/2936-30-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2332-25-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2788-24-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2432-21-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2976-37-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x0005000000018ffa-83.dat	xmrig
behavioral1/files/0x0005000000019044-117.dat	xmrig
behavioral1/files/0x0005000000019028-116.dat	xmrig
behavioral1/files/0x0005000000019074-128.dat	xmrig
behavioral1/memory/2332-1823-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2908-1973-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2680-1956-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2588-1942-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2052-1941-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2384-1940-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2260-1965-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2432-2019-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2936-2018-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2808-1895-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2944-1891-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2752-1889-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2976-1868-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2788-1828-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/1656-447-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2384-377-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2052-309-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2944-206-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x00040000000192d3-183.dat	xmrig
behavioral1/files/0x00040000000191ed-177.dat	xmrig
behavioral1/files/0x0004000000019206-173.dat	xmrig
behavioral1/files/0x00040000000191d2-158.dat	xmrig
behavioral1/files/0x00040000000192e3-188.dat	xmrig
behavioral1/files/0x00040000000192ad-180.dat	xmrig
behavioral1/files/0x00040000000191bb-145.dat	xmrig
behavioral1/files/0x00040000000191f7-170.dat	xmrig
behavioral1/files/0x000400000001919b-138.dat	xmrig
behavioral1/files/0x00040000000191da-162.dat	xmrig
behavioral1/files/0x00040000000191c8-150.dat	xmrig
behavioral1/files/0x00040000000191b3-144.dat	xmrig
behavioral1/files/0x000400000001915a-133.dat	xmrig
behavioral1/files/0x000500000001904d-123.dat	xmrig
behavioral1/memory/2680-106-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2588-105-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/1656-104-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2808-71-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x0005000000018fca-69.dat	xmrig
behavioral1/files/0x0005000000018fcd-67.dat	xmrig
behavioral1/memory/1656-63-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x0005000000018fc4-59.dat	xmrig
behavioral1/files/0x0005000000018fc7-58.dat	xmrig
behavioral1/memory/2752-54-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/files/0x0005000000018fc2-50.dat	xmrig
behavioral1/memory/2908-112-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001903d-111.dat	xmrig
behavioral1/memory/2260-110-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2944-43-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001901a-88.dat	xmrig
behavioral1/memory/2384-82-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/1656-80-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2332	wqPyfrm.exe
2432	gwyVFvr.exe
2788	dUwkFXi.exe
2936	NMerVce.exe
2976	KeerBxe.exe
2944	AnSCFng.exe
2752	wLRDJEE.exe
2808	RSIhXpJ.exe
2052	RBkPRqq.exe
2384	RwoYRDF.exe
2588	uuKZZxZ.exe
2680	jCrwMBi.exe
2260	TucyQuo.exe
2908	ekIvajE.exe
2584	ZxjRArG.exe
2164	VIwHIuQ.exe
2728	syRyrAf.exe
2892	EUhnIhx.exe
2740	cBPyQZV.exe
2136	pWrJgCq.exe
1692	RHaKxpN.exe
1484	SmVSjwk.exe
572	LdspcfR.exe
1176	GxlSLVg.exe
2216	XfPTtgZ.exe
2560	pWbtFdZ.exe
2484	RbonDvf.exe
2236	ysRukJu.exe
2208	mCaJCJV.exe
2436	RWwPHCz.exe
2156	EudwKAy.exe
1436	oqFgylP.exe
1636	BHqLJLG.exe
2520	OJKAuvf.exe
2312	DsJPBbd.exe
1540	sUJKRGd.exe
1408	nbLsrZN.exe
1820	OuMsqRV.exe
2440	pBSToRC.exe
2840	WGRvqZS.exe
1020	VNOKOSw.exe
2492	XTeiSYI.exe
2024	UMdicFP.exe
912	tJYJUde.exe
2064	SGJzTMs.exe
1956	CVDYveR.exe
2600	NsbUepX.exe
1640	ygIvtgp.exe
1164	EOwIxPN.exe
2120	ZuCbYam.exe
2416	aSbjGDY.exe
692	qyIPXxS.exe
1704	oSNrtXk.exe
2108	iBjmIXd.exe
2180	gKtiRey.exe
2732	XkEGaFB.exe
2860	vvHtFGA.exe
2792	pltmPTF.exe
2796	tIhotxT.exe
2324	AvLTYIs.exe
1188	VZWAfQB.exe
2172	LADOFZO.exe
2356	oGyibDQ.exe
3032	DexKbMi.exe

Loads dropped DLL 64 IoCs

pid	Process
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1656-0-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x000c000000012251-6.dat	upx
behavioral1/files/0x000f000000018ab4-11.dat	upx
behavioral1/files/0x0007000000018b54-15.dat	upx
behavioral1/files/0x0006000000018b58-28.dat	upx
behavioral1/memory/2936-30-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2332-25-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2788-24-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2432-21-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2976-37-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x0005000000018ffa-83.dat	upx
behavioral1/files/0x0005000000019044-117.dat	upx
behavioral1/files/0x0005000000019028-116.dat	upx
behavioral1/files/0x0005000000019074-128.dat	upx
behavioral1/memory/2332-1823-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2908-1973-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2680-1956-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2588-1942-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2052-1941-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2384-1940-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2260-1965-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2432-2019-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2936-2018-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2808-1895-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2944-1891-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2752-1889-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2976-1868-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2788-1828-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2384-377-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2052-309-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2944-206-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x00040000000192d3-183.dat	upx
behavioral1/files/0x00040000000191ed-177.dat	upx
behavioral1/files/0x0004000000019206-173.dat	upx
behavioral1/files/0x00040000000191d2-158.dat	upx
behavioral1/files/0x00040000000192e3-188.dat	upx
behavioral1/files/0x00040000000192ad-180.dat	upx
behavioral1/files/0x00040000000191bb-145.dat	upx
behavioral1/files/0x00040000000191f7-170.dat	upx
behavioral1/files/0x000400000001919b-138.dat	upx
behavioral1/files/0x00040000000191da-162.dat	upx
behavioral1/files/0x00040000000191c8-150.dat	upx
behavioral1/files/0x00040000000191b3-144.dat	upx
behavioral1/files/0x000400000001915a-133.dat	upx
behavioral1/files/0x000500000001904d-123.dat	upx
behavioral1/memory/2680-106-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2588-105-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2808-71-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x0005000000018fca-69.dat	upx
behavioral1/files/0x0005000000018fcd-67.dat	upx
behavioral1/memory/1656-63-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x0005000000018fc4-59.dat	upx
behavioral1/files/0x0005000000018fc7-58.dat	upx
behavioral1/memory/2752-54-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/files/0x0005000000018fc2-50.dat	upx
behavioral1/memory/2908-112-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/files/0x000500000001903d-111.dat	upx
behavioral1/memory/2260-110-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2944-43-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x000500000001901a-88.dat	upx
behavioral1/memory/2384-82-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2432-79-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/files/0x0005000000018fe2-76.dat	upx
behavioral1/memory/2052-75-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FdwFkeG.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LKocCdc.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGSBpJA.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RVpJOgH.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\anEkwEe.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BaQdTzY.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gbTksxP.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SMqVfhl.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ShJYHIy.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bjSFXfp.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Zdchhia.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BbqTvLx.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fdkNDQQ.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EPtcERv.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXCChpD.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ozQBxgu.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGDmQmz.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GzMyCaU.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pTCHbeq.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RUMcKdM.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ccedlKg.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFMVFHC.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TTOqKoW.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yYHKwvn.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cwsRnXn.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TdpQKEl.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Lxmpdew.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKqfTmq.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNceyyx.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbxvFWy.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WvnzBGy.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nGKUZTs.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EwNfOkW.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWJxRXJ.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PutYVzs.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGhjxGV.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DiBvDHS.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VObwJOh.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BZCcnIS.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rxFGUXm.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUIaDvY.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jsaadLc.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXtYluw.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iVgEsmv.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QkQXxXY.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SGJzTMs.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjKvCMZ.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDFwGee.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjOFdgI.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNdSerY.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lcbyLuD.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RsIKqoy.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ujtCsci.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zqJeMMi.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JpYvNWN.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ngjreon.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LgZnzrK.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GtZYOqK.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WDZgAqd.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VbDDdXn.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oANRQuQ.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uemuNUt.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dQFnJNh.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dCulRyB.exe	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 2332	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1656 wrote to memory of 2332	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1656 wrote to memory of 2332	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1656 wrote to memory of 2432	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1656 wrote to memory of 2432	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1656 wrote to memory of 2432	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1656 wrote to memory of 2788	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1656 wrote to memory of 2788	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1656 wrote to memory of 2788	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1656 wrote to memory of 2936	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1656 wrote to memory of 2936	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1656 wrote to memory of 2936	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1656 wrote to memory of 2976	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1656 wrote to memory of 2976	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1656 wrote to memory of 2976	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1656 wrote to memory of 2944	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1656 wrote to memory of 2944	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1656 wrote to memory of 2944	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1656 wrote to memory of 2752	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1656 wrote to memory of 2752	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1656 wrote to memory of 2752	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1656 wrote to memory of 2680	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1656 wrote to memory of 2680	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1656 wrote to memory of 2680	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1656 wrote to memory of 2808	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1656 wrote to memory of 2808	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1656 wrote to memory of 2808	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1656 wrote to memory of 2260	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1656 wrote to memory of 2260	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1656 wrote to memory of 2260	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1656 wrote to memory of 2052	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1656 wrote to memory of 2052	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1656 wrote to memory of 2052	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1656 wrote to memory of 2908	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1656 wrote to memory of 2908	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1656 wrote to memory of 2908	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1656 wrote to memory of 2384	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1656 wrote to memory of 2384	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1656 wrote to memory of 2384	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1656 wrote to memory of 2584	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1656 wrote to memory of 2584	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1656 wrote to memory of 2584	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1656 wrote to memory of 2588	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1656 wrote to memory of 2588	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1656 wrote to memory of 2588	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1656 wrote to memory of 2728	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1656 wrote to memory of 2728	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1656 wrote to memory of 2728	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1656 wrote to memory of 2164	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1656 wrote to memory of 2164	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1656 wrote to memory of 2164	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1656 wrote to memory of 2892	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1656 wrote to memory of 2892	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1656 wrote to memory of 2892	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1656 wrote to memory of 2740	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1656 wrote to memory of 2740	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1656 wrote to memory of 2740	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1656 wrote to memory of 2136	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1656 wrote to memory of 2136	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1656 wrote to memory of 2136	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1656 wrote to memory of 1692	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1656 wrote to memory of 1692	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1656 wrote to memory of 1692	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1656 wrote to memory of 1484	1656	2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-24_2d7bb2220680a8420261f901d467aa5d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Windows\System\wqPyfrm.exe
  C:\Windows\System\wqPyfrm.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\gwyVFvr.exe
  C:\Windows\System\gwyVFvr.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\dUwkFXi.exe
  C:\Windows\System\dUwkFXi.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\NMerVce.exe
  C:\Windows\System\NMerVce.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\KeerBxe.exe
  C:\Windows\System\KeerBxe.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\AnSCFng.exe
  C:\Windows\System\AnSCFng.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\wLRDJEE.exe
  C:\Windows\System\wLRDJEE.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\jCrwMBi.exe
  C:\Windows\System\jCrwMBi.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\RSIhXpJ.exe
  C:\Windows\System\RSIhXpJ.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\TucyQuo.exe
  C:\Windows\System\TucyQuo.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\RBkPRqq.exe
  C:\Windows\System\RBkPRqq.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\ekIvajE.exe
  C:\Windows\System\ekIvajE.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\RwoYRDF.exe
  C:\Windows\System\RwoYRDF.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\ZxjRArG.exe
  C:\Windows\System\ZxjRArG.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\uuKZZxZ.exe
  C:\Windows\System\uuKZZxZ.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\syRyrAf.exe
  C:\Windows\System\syRyrAf.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\VIwHIuQ.exe
  C:\Windows\System\VIwHIuQ.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\EUhnIhx.exe
  C:\Windows\System\EUhnIhx.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\cBPyQZV.exe
  C:\Windows\System\cBPyQZV.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\pWrJgCq.exe
  C:\Windows\System\pWrJgCq.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\RHaKxpN.exe
  C:\Windows\System\RHaKxpN.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\SmVSjwk.exe
  C:\Windows\System\SmVSjwk.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\LdspcfR.exe
  C:\Windows\System\LdspcfR.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\XfPTtgZ.exe
  C:\Windows\System\XfPTtgZ.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\GxlSLVg.exe
  C:\Windows\System\GxlSLVg.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\pWbtFdZ.exe
  C:\Windows\System\pWbtFdZ.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\RbonDvf.exe
  C:\Windows\System\RbonDvf.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\mCaJCJV.exe
  C:\Windows\System\mCaJCJV.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\ysRukJu.exe
  C:\Windows\System\ysRukJu.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\oqFgylP.exe
  C:\Windows\System\oqFgylP.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\RWwPHCz.exe
  C:\Windows\System\RWwPHCz.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\OJKAuvf.exe
  C:\Windows\System\OJKAuvf.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\EudwKAy.exe
  C:\Windows\System\EudwKAy.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\OuMsqRV.exe
  C:\Windows\System\OuMsqRV.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\BHqLJLG.exe
  C:\Windows\System\BHqLJLG.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\pBSToRC.exe
  C:\Windows\System\pBSToRC.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\DsJPBbd.exe
  C:\Windows\System\DsJPBbd.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\VNOKOSw.exe
  C:\Windows\System\VNOKOSw.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\sUJKRGd.exe
  C:\Windows\System\sUJKRGd.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\XTeiSYI.exe
  C:\Windows\System\XTeiSYI.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\nbLsrZN.exe
  C:\Windows\System\nbLsrZN.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\UMdicFP.exe
  C:\Windows\System\UMdicFP.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\WGRvqZS.exe
  C:\Windows\System\WGRvqZS.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\NsbUepX.exe
  C:\Windows\System\NsbUepX.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\tJYJUde.exe
  C:\Windows\System\tJYJUde.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\EOwIxPN.exe
  C:\Windows\System\EOwIxPN.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\SGJzTMs.exe
  C:\Windows\System\SGJzTMs.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\aSbjGDY.exe
  C:\Windows\System\aSbjGDY.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\CVDYveR.exe
  C:\Windows\System\CVDYveR.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\qyIPXxS.exe
  C:\Windows\System\qyIPXxS.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\ygIvtgp.exe
  C:\Windows\System\ygIvtgp.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\iBjmIXd.exe
  C:\Windows\System\iBjmIXd.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\ZuCbYam.exe
  C:\Windows\System\ZuCbYam.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\gKtiRey.exe
  C:\Windows\System\gKtiRey.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\oSNrtXk.exe
  C:\Windows\System\oSNrtXk.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\XkEGaFB.exe
  C:\Windows\System\XkEGaFB.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\vvHtFGA.exe
  C:\Windows\System\vvHtFGA.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\pltmPTF.exe
  C:\Windows\System\pltmPTF.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\tIhotxT.exe
  C:\Windows\System\tIhotxT.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\AvLTYIs.exe
  C:\Windows\System\AvLTYIs.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\VZWAfQB.exe
  C:\Windows\System\VZWAfQB.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\oGyibDQ.exe
  C:\Windows\System\oGyibDQ.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\LADOFZO.exe
  C:\Windows\System\LADOFZO.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\DhVSwtu.exe
  C:\Windows\System\DhVSwtu.exe
  2⤵
  PID:2284
- C:\Windows\System\DexKbMi.exe
  C:\Windows\System\DexKbMi.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\pcJZibG.exe
  C:\Windows\System\pcJZibG.exe
  2⤵
  PID:2980
- C:\Windows\System\fuokqEx.exe
  C:\Windows\System\fuokqEx.exe
  2⤵
  PID:2196
- C:\Windows\System\ctmMYpq.exe
  C:\Windows\System\ctmMYpq.exe
  2⤵
  PID:2836
- C:\Windows\System\rVOnpVy.exe
  C:\Windows\System\rVOnpVy.exe
  2⤵
  PID:2420
- C:\Windows\System\RcPnZks.exe
  C:\Windows\System\RcPnZks.exe
  2⤵
  PID:2272
- C:\Windows\System\FEBhZms.exe
  C:\Windows\System\FEBhZms.exe
  2⤵
  PID:2876
- C:\Windows\System\eqqPetN.exe
  C:\Windows\System\eqqPetN.exe
  2⤵
  PID:1696
- C:\Windows\System\pEsoFLt.exe
  C:\Windows\System\pEsoFLt.exe
  2⤵
  PID:2700
- C:\Windows\System\cfjtJxg.exe
  C:\Windows\System\cfjtJxg.exe
  2⤵
  PID:1312
- C:\Windows\System\IacEhcb.exe
  C:\Windows\System\IacEhcb.exe
  2⤵
  PID:2020
- C:\Windows\System\GaGWJDs.exe
  C:\Windows\System\GaGWJDs.exe
  2⤵
  PID:1080
- C:\Windows\System\qxLwrnl.exe
  C:\Windows\System\qxLwrnl.exe
  2⤵
  PID:2124
- C:\Windows\System\LUaxccp.exe
  C:\Windows\System\LUaxccp.exe
  2⤵
  PID:756
- C:\Windows\System\zwPFclQ.exe
  C:\Windows\System\zwPFclQ.exe
  2⤵
  PID:1744
- C:\Windows\System\WPilKQt.exe
  C:\Windows\System\WPilKQt.exe
  2⤵
  PID:2336
- C:\Windows\System\DgshqJw.exe
  C:\Windows\System\DgshqJw.exe
  2⤵
  PID:2464
- C:\Windows\System\TFMVFHC.exe
  C:\Windows\System\TFMVFHC.exe
  2⤵
  PID:1012
- C:\Windows\System\vWTbQBh.exe
  C:\Windows\System\vWTbQBh.exe
  2⤵
  PID:2468
- C:\Windows\System\tqzDPqF.exe
  C:\Windows\System\tqzDPqF.exe
  2⤵
  PID:1620
- C:\Windows\System\bjizAxv.exe
  C:\Windows\System\bjizAxv.exe
  2⤵
  PID:2252
- C:\Windows\System\vTIlmCV.exe
  C:\Windows\System\vTIlmCV.exe
  2⤵
  PID:2344
- C:\Windows\System\hMbuMjv.exe
  C:\Windows\System\hMbuMjv.exe
  2⤵
  PID:2092
- C:\Windows\System\NAjxfSH.exe
  C:\Windows\System\NAjxfSH.exe
  2⤵
  PID:2552
- C:\Windows\System\ehpUvKS.exe
  C:\Windows\System\ehpUvKS.exe
  2⤵
  PID:1768
- C:\Windows\System\OSogjAJ.exe
  C:\Windows\System\OSogjAJ.exe
  2⤵
  PID:2648
- C:\Windows\System\ALaEdbz.exe
  C:\Windows\System\ALaEdbz.exe
  2⤵
  PID:2920
- C:\Windows\System\utjTNLa.exe
  C:\Windows\System\utjTNLa.exe
  2⤵
  PID:2056
- C:\Windows\System\MrlurPF.exe
  C:\Windows\System\MrlurPF.exe
  2⤵
  PID:1276
- C:\Windows\System\DKvzNcQ.exe
  C:\Windows\System\DKvzNcQ.exe
  2⤵
  PID:2396
- C:\Windows\System\PyLtFkt.exe
  C:\Windows\System\PyLtFkt.exe
  2⤵
  PID:2912
- C:\Windows\System\cqTYdHO.exe
  C:\Windows\System\cqTYdHO.exe
  2⤵
  PID:2368
- C:\Windows\System\spJORlx.exe
  C:\Windows\System\spJORlx.exe
  2⤵
  PID:328
- C:\Windows\System\ZrazxiE.exe
  C:\Windows\System\ZrazxiE.exe
  2⤵
  PID:960
- C:\Windows\System\qmqKeJa.exe
  C:\Windows\System\qmqKeJa.exe
  2⤵
  PID:1192
- C:\Windows\System\JpYvNWN.exe
  C:\Windows\System\JpYvNWN.exe
  2⤵
  PID:1596
- C:\Windows\System\UKvUjDs.exe
  C:\Windows\System\UKvUjDs.exe
  2⤵
  PID:1952
- C:\Windows\System\YdepdrY.exe
  C:\Windows\System\YdepdrY.exe
  2⤵
  PID:632
- C:\Windows\System\tXVVKFK.exe
  C:\Windows\System\tXVVKFK.exe
  2⤵
  PID:524
- C:\Windows\System\pzAosxj.exe
  C:\Windows\System\pzAosxj.exe
  2⤵
  PID:1688
- C:\Windows\System\HPkfVvC.exe
  C:\Windows\System\HPkfVvC.exe
  2⤵
  PID:860
- C:\Windows\System\aIVnmko.exe
  C:\Windows\System\aIVnmko.exe
  2⤵
  PID:1136
- C:\Windows\System\SmeJIGs.exe
  C:\Windows\System\SmeJIGs.exe
  2⤵
  PID:2872
- C:\Windows\System\ZblvVLT.exe
  C:\Windows\System\ZblvVLT.exe
  2⤵
  PID:2968
- C:\Windows\System\wfGFuqX.exe
  C:\Windows\System\wfGFuqX.exe
  2⤵
  PID:864
- C:\Windows\System\eCLQZfa.exe
  C:\Windows\System\eCLQZfa.exe
  2⤵
  PID:1580
- C:\Windows\System\dYYSMBl.exe
  C:\Windows\System\dYYSMBl.exe
  2⤵
  PID:2352
- C:\Windows\System\YNVSzmY.exe
  C:\Windows\System\YNVSzmY.exe
  2⤵
  PID:2828
- C:\Windows\System\lIpoUpR.exe
  C:\Windows\System\lIpoUpR.exe
  2⤵
  PID:2472
- C:\Windows\System\DbvHUgr.exe
  C:\Windows\System\DbvHUgr.exe
  2⤵
  PID:1108
- C:\Windows\System\YSPmgRe.exe
  C:\Windows\System\YSPmgRe.exe
  2⤵
  PID:2212
- C:\Windows\System\lMtCpra.exe
  C:\Windows\System\lMtCpra.exe
  2⤵
  PID:1488
- C:\Windows\System\oYbGZiP.exe
  C:\Windows\System\oYbGZiP.exe
  2⤵
  PID:2328
- C:\Windows\System\vSWvSQq.exe
  C:\Windows\System\vSWvSQq.exe
  2⤵
  PID:916
- C:\Windows\System\GesktAb.exe
  C:\Windows\System\GesktAb.exe
  2⤵
  PID:3084
- C:\Windows\System\bVbuwcP.exe
  C:\Windows\System\bVbuwcP.exe
  2⤵
  PID:3100
- C:\Windows\System\QxLgexm.exe
  C:\Windows\System\QxLgexm.exe
  2⤵
  PID:3116
- C:\Windows\System\ufCKCwv.exe
  C:\Windows\System\ufCKCwv.exe
  2⤵
  PID:3132
- C:\Windows\System\YaMiBQS.exe
  C:\Windows\System\YaMiBQS.exe
  2⤵
  PID:3152
- C:\Windows\System\EoZUnIi.exe
  C:\Windows\System\EoZUnIi.exe
  2⤵
  PID:3180
- C:\Windows\System\PkNmVPR.exe
  C:\Windows\System\PkNmVPR.exe
  2⤵
  PID:3204
- C:\Windows\System\TcEsnxO.exe
  C:\Windows\System\TcEsnxO.exe
  2⤵
  PID:3228
- C:\Windows\System\NPbCJLk.exe
  C:\Windows\System\NPbCJLk.exe
  2⤵
  PID:3244
- C:\Windows\System\iFzTBcQ.exe
  C:\Windows\System\iFzTBcQ.exe
  2⤵
  PID:3264
- C:\Windows\System\owniFKA.exe
  C:\Windows\System\owniFKA.exe
  2⤵
  PID:3284
- C:\Windows\System\WZyOxid.exe
  C:\Windows\System\WZyOxid.exe
  2⤵
  PID:3308
- C:\Windows\System\vOHpmPh.exe
  C:\Windows\System\vOHpmPh.exe
  2⤵
  PID:3324
- C:\Windows\System\uNeuMbo.exe
  C:\Windows\System\uNeuMbo.exe
  2⤵
  PID:3340
- C:\Windows\System\ZWdhHIn.exe
  C:\Windows\System\ZWdhHIn.exe
  2⤵
  PID:3364
- C:\Windows\System\qDhDaeL.exe
  C:\Windows\System\qDhDaeL.exe
  2⤵
  PID:3388
- C:\Windows\System\ylNMLEW.exe
  C:\Windows\System\ylNMLEW.exe
  2⤵
  PID:3404
- C:\Windows\System\iSwYHUU.exe
  C:\Windows\System\iSwYHUU.exe
  2⤵
  PID:3444
- C:\Windows\System\kytMfHP.exe
  C:\Windows\System\kytMfHP.exe
  2⤵
  PID:3464
- C:\Windows\System\vFEnsYw.exe
  C:\Windows\System\vFEnsYw.exe
  2⤵
  PID:3484
- C:\Windows\System\kELzVkH.exe
  C:\Windows\System\kELzVkH.exe
  2⤵
  PID:3500
- C:\Windows\System\NGUYSvN.exe
  C:\Windows\System\NGUYSvN.exe
  2⤵
  PID:3516
- C:\Windows\System\HwAToGm.exe
  C:\Windows\System\HwAToGm.exe
  2⤵
  PID:3540
- C:\Windows\System\YlOZdWH.exe
  C:\Windows\System\YlOZdWH.exe
  2⤵
  PID:3560
- C:\Windows\System\oFwpgXU.exe
  C:\Windows\System\oFwpgXU.exe
  2⤵
  PID:3580
- C:\Windows\System\EINJBGX.exe
  C:\Windows\System\EINJBGX.exe
  2⤵
  PID:3608
- C:\Windows\System\QmUyyQT.exe
  C:\Windows\System\QmUyyQT.exe
  2⤵
  PID:3628
- C:\Windows\System\DXuNNro.exe
  C:\Windows\System\DXuNNro.exe
  2⤵
  PID:3652
- C:\Windows\System\HxYpGQe.exe
  C:\Windows\System\HxYpGQe.exe
  2⤵
  PID:3672
- C:\Windows\System\BkzQPbV.exe
  C:\Windows\System\BkzQPbV.exe
  2⤵
  PID:3692
- C:\Windows\System\LTEfjFO.exe
  C:\Windows\System\LTEfjFO.exe
  2⤵
  PID:3712
- C:\Windows\System\UXYvBNY.exe
  C:\Windows\System\UXYvBNY.exe
  2⤵
  PID:3732
- C:\Windows\System\jaiAZHz.exe
  C:\Windows\System\jaiAZHz.exe
  2⤵
  PID:3752
- C:\Windows\System\rOZQlWl.exe
  C:\Windows\System\rOZQlWl.exe
  2⤵
  PID:3772
- C:\Windows\System\CoxPFPO.exe
  C:\Windows\System\CoxPFPO.exe
  2⤵
  PID:3792
- C:\Windows\System\TqnQdVN.exe
  C:\Windows\System\TqnQdVN.exe
  2⤵
  PID:3808
- C:\Windows\System\rPyeeWc.exe
  C:\Windows\System\rPyeeWc.exe
  2⤵
  PID:3828
- C:\Windows\System\yzYIAel.exe
  C:\Windows\System\yzYIAel.exe
  2⤵
  PID:3852
- C:\Windows\System\cXTuNPU.exe
  C:\Windows\System\cXTuNPU.exe
  2⤵
  PID:3872
- C:\Windows\System\RVpJOgH.exe
  C:\Windows\System\RVpJOgH.exe
  2⤵
  PID:3892
- C:\Windows\System\LgZnzrK.exe
  C:\Windows\System\LgZnzrK.exe
  2⤵
  PID:3916
- C:\Windows\System\wzJWIZu.exe
  C:\Windows\System\wzJWIZu.exe
  2⤵
  PID:3936
- C:\Windows\System\fWKrVAv.exe
  C:\Windows\System\fWKrVAv.exe
  2⤵
  PID:3956
- C:\Windows\System\BEeblbz.exe
  C:\Windows\System\BEeblbz.exe
  2⤵
  PID:3972
- C:\Windows\System\lNoydBO.exe
  C:\Windows\System\lNoydBO.exe
  2⤵
  PID:3996
- C:\Windows\System\BQSKDkK.exe
  C:\Windows\System\BQSKDkK.exe
  2⤵
  PID:4016
- C:\Windows\System\rVLfDtG.exe
  C:\Windows\System\rVLfDtG.exe
  2⤵
  PID:4032
- C:\Windows\System\GsJPhVF.exe
  C:\Windows\System\GsJPhVF.exe
  2⤵
  PID:4048
- C:\Windows\System\tJJLMmF.exe
  C:\Windows\System\tJJLMmF.exe
  2⤵
  PID:4072
- C:\Windows\System\TodvYyG.exe
  C:\Windows\System\TodvYyG.exe
  2⤵
  PID:2824
- C:\Windows\System\Cldiswh.exe
  C:\Windows\System\Cldiswh.exe
  2⤵
  PID:2656
- C:\Windows\System\dEoZDef.exe
  C:\Windows\System\dEoZDef.exe
  2⤵
  PID:2496
- C:\Windows\System\qqyNRVD.exe
  C:\Windows\System\qqyNRVD.exe
  2⤵
  PID:2084
- C:\Windows\System\zwcFKiW.exe
  C:\Windows\System\zwcFKiW.exe
  2⤵
  PID:1524
- C:\Windows\System\QxamWuH.exe
  C:\Windows\System\QxamWuH.exe
  2⤵
  PID:3128
- C:\Windows\System\vtuTPrg.exe
  C:\Windows\System\vtuTPrg.exe
  2⤵
  PID:3164
- C:\Windows\System\XtGorLk.exe
  C:\Windows\System\XtGorLk.exe
  2⤵
  PID:2744
- C:\Windows\System\jtRLTjU.exe
  C:\Windows\System\jtRLTjU.exe
  2⤵
  PID:2132
- C:\Windows\System\MGXnzpb.exe
  C:\Windows\System\MGXnzpb.exe
  2⤵
  PID:2372
- C:\Windows\System\CZfacCd.exe
  C:\Windows\System\CZfacCd.exe
  2⤵
  PID:1212
- C:\Windows\System\eJDLaFC.exe
  C:\Windows\System\eJDLaFC.exe
  2⤵
  PID:2916
- C:\Windows\System\OKnZwpS.exe
  C:\Windows\System\OKnZwpS.exe
  2⤵
  PID:3304
- C:\Windows\System\kHGWxtw.exe
  C:\Windows\System\kHGWxtw.exe
  2⤵
  PID:3336
- C:\Windows\System\NCEvYnA.exe
  C:\Windows\System\NCEvYnA.exe
  2⤵
  PID:3140
- C:\Windows\System\fRXNObk.exe
  C:\Windows\System\fRXNObk.exe
  2⤵
  PID:3356
- C:\Windows\System\QzkQFOh.exe
  C:\Windows\System\QzkQFOh.exe
  2⤵
  PID:3352
- C:\Windows\System\LBXSoBb.exe
  C:\Windows\System\LBXSoBb.exe
  2⤵
  PID:3412
- C:\Windows\System\ZZOfFtl.exe
  C:\Windows\System\ZZOfFtl.exe
  2⤵
  PID:3272
- C:\Windows\System\oANRQuQ.exe
  C:\Windows\System\oANRQuQ.exe
  2⤵
  PID:3440
- C:\Windows\System\YLqCjxy.exe
  C:\Windows\System\YLqCjxy.exe
  2⤵
  PID:3456
- C:\Windows\System\BoKunNE.exe
  C:\Windows\System\BoKunNE.exe
  2⤵
  PID:3552
- C:\Windows\System\JxPPkna.exe
  C:\Windows\System\JxPPkna.exe
  2⤵
  PID:3192
- C:\Windows\System\PgQeuKc.exe
  C:\Windows\System\PgQeuKc.exe
  2⤵
  PID:3528
- C:\Windows\System\fZrVFSO.exe
  C:\Windows\System\fZrVFSO.exe
  2⤵
  PID:3648
- C:\Windows\System\hhJlLtV.exe
  C:\Windows\System\hhJlLtV.exe
  2⤵
  PID:3640
- C:\Windows\System\JfiJIAr.exe
  C:\Windows\System\JfiJIAr.exe
  2⤵
  PID:3688
- C:\Windows\System\AZMMVMU.exe
  C:\Windows\System\AZMMVMU.exe
  2⤵
  PID:3728
- C:\Windows\System\zHXSpqI.exe
  C:\Windows\System\zHXSpqI.exe
  2⤵
  PID:3748
- C:\Windows\System\cziBJRn.exe
  C:\Windows\System\cziBJRn.exe
  2⤵
  PID:3800
- C:\Windows\System\GNnghkf.exe
  C:\Windows\System\GNnghkf.exe
  2⤵
  PID:3780
- C:\Windows\System\qfxeNDv.exe
  C:\Windows\System\qfxeNDv.exe
  2⤵
  PID:3844
- C:\Windows\System\Ewjmzuf.exe
  C:\Windows\System\Ewjmzuf.exe
  2⤵
  PID:3868
- C:\Windows\System\btDLqLk.exe
  C:\Windows\System\btDLqLk.exe
  2⤵
  PID:3932
- C:\Windows\System\aQcyTpc.exe
  C:\Windows\System\aQcyTpc.exe
  2⤵
  PID:3964
- C:\Windows\System\NTrwTyY.exe
  C:\Windows\System\NTrwTyY.exe
  2⤵
  PID:4012
- C:\Windows\System\zRLCjgl.exe
  C:\Windows\System\zRLCjgl.exe
  2⤵
  PID:3988
- C:\Windows\System\ujUnBru.exe
  C:\Windows\System\ujUnBru.exe
  2⤵
  PID:4028
- C:\Windows\System\NtlMLJy.exe
  C:\Windows\System\NtlMLJy.exe
  2⤵
  PID:4056
- C:\Windows\System\nhoJCZe.exe
  C:\Windows\System\nhoJCZe.exe
  2⤵
  PID:3012
- C:\Windows\System\YOinWCp.exe
  C:\Windows\System\YOinWCp.exe
  2⤵
  PID:2780
- C:\Windows\System\BQVPnUg.exe
  C:\Windows\System\BQVPnUg.exe
  2⤵
  PID:880
- C:\Windows\System\ouaqRPq.exe
  C:\Windows\System\ouaqRPq.exe
  2⤵
  PID:1220
- C:\Windows\System\VowMMNr.exe
  C:\Windows\System\VowMMNr.exe
  2⤵
  PID:2684
- C:\Windows\System\kxDwIRo.exe
  C:\Windows\System\kxDwIRo.exe
  2⤵
  PID:3260
- C:\Windows\System\jRpIYXg.exe
  C:\Windows\System\jRpIYXg.exe
  2⤵
  PID:3212
- C:\Windows\System\DiTmasK.exe
  C:\Windows\System\DiTmasK.exe
  2⤵
  PID:3332
- C:\Windows\System\HGSwncR.exe
  C:\Windows\System\HGSwncR.exe
  2⤵
  PID:3196
- C:\Windows\System\bdqFGxr.exe
  C:\Windows\System\bdqFGxr.exe
  2⤵
  PID:3396
- C:\Windows\System\phFtUJE.exe
  C:\Windows\System\phFtUJE.exe
  2⤵
  PID:3320
- C:\Windows\System\KzgblhJ.exe
  C:\Windows\System\KzgblhJ.exe
  2⤵
  PID:3436
- C:\Windows\System\wXsyefw.exe
  C:\Windows\System\wXsyefw.exe
  2⤵
  PID:3592
- C:\Windows\System\lQaRRCD.exe
  C:\Windows\System\lQaRRCD.exe
  2⤵
  PID:3508
- C:\Windows\System\Nnbxyqg.exe
  C:\Windows\System\Nnbxyqg.exe
  2⤵
  PID:3524
- C:\Windows\System\avkDbVQ.exe
  C:\Windows\System\avkDbVQ.exe
  2⤵
  PID:3644
- C:\Windows\System\mcYBvyB.exe
  C:\Windows\System\mcYBvyB.exe
  2⤵
  PID:3700
- C:\Windows\System\FxidVqe.exe
  C:\Windows\System\FxidVqe.exe
  2⤵
  PID:3764
- C:\Windows\System\NiuEKjG.exe
  C:\Windows\System\NiuEKjG.exe
  2⤵
  PID:3888
- C:\Windows\System\yZxdfRC.exe
  C:\Windows\System\yZxdfRC.exe
  2⤵
  PID:3820
- C:\Windows\System\INoQkkJ.exe
  C:\Windows\System\INoQkkJ.exe
  2⤵
  PID:3900
- C:\Windows\System\cWwQrTx.exe
  C:\Windows\System\cWwQrTx.exe
  2⤵
  PID:3968
- C:\Windows\System\SYhvOpp.exe
  C:\Windows\System\SYhvOpp.exe
  2⤵
  PID:4024
- C:\Windows\System\IZFJODR.exe
  C:\Windows\System\IZFJODR.exe
  2⤵
  PID:1156
- C:\Windows\System\BpFhfTH.exe
  C:\Windows\System\BpFhfTH.exe
  2⤵
  PID:4104
- C:\Windows\System\LBUhwUl.exe
  C:\Windows\System\LBUhwUl.exe
  2⤵
  PID:4124
- C:\Windows\System\DeuVcTX.exe
  C:\Windows\System\DeuVcTX.exe
  2⤵
  PID:4144
- C:\Windows\System\BBYdQyl.exe
  C:\Windows\System\BBYdQyl.exe
  2⤵
  PID:4164
- C:\Windows\System\svrjdTJ.exe
  C:\Windows\System\svrjdTJ.exe
  2⤵
  PID:4184
- C:\Windows\System\JJerceX.exe
  C:\Windows\System\JJerceX.exe
  2⤵
  PID:4204
- C:\Windows\System\phFByFH.exe
  C:\Windows\System\phFByFH.exe
  2⤵
  PID:4220
- C:\Windows\System\DCGemkN.exe
  C:\Windows\System\DCGemkN.exe
  2⤵
  PID:4244
- C:\Windows\System\wYSdfda.exe
  C:\Windows\System\wYSdfda.exe
  2⤵
  PID:4264
- C:\Windows\System\UZsyeDg.exe
  C:\Windows\System\UZsyeDg.exe
  2⤵
  PID:4284
- C:\Windows\System\CPSqyNn.exe
  C:\Windows\System\CPSqyNn.exe
  2⤵
  PID:4304
- C:\Windows\System\xILWriP.exe
  C:\Windows\System\xILWriP.exe
  2⤵
  PID:4320
- C:\Windows\System\WQOJTnD.exe
  C:\Windows\System\WQOJTnD.exe
  2⤵
  PID:4344
- C:\Windows\System\CaKHwPY.exe
  C:\Windows\System\CaKHwPY.exe
  2⤵
  PID:4360
- C:\Windows\System\lvAEgSk.exe
  C:\Windows\System\lvAEgSk.exe
  2⤵
  PID:4380
- C:\Windows\System\yUKXvLl.exe
  C:\Windows\System\yUKXvLl.exe
  2⤵
  PID:4404
- C:\Windows\System\vLGOhWX.exe
  C:\Windows\System\vLGOhWX.exe
  2⤵
  PID:4428
- C:\Windows\System\benMeyz.exe
  C:\Windows\System\benMeyz.exe
  2⤵
  PID:4448
- C:\Windows\System\qoHHTZS.exe
  C:\Windows\System\qoHHTZS.exe
  2⤵
  PID:4464
- C:\Windows\System\wIheEAP.exe
  C:\Windows\System\wIheEAP.exe
  2⤵
  PID:4488
- C:\Windows\System\WAAOqrr.exe
  C:\Windows\System\WAAOqrr.exe
  2⤵
  PID:4504
- C:\Windows\System\SBEWxjM.exe
  C:\Windows\System\SBEWxjM.exe
  2⤵
  PID:4528
- C:\Windows\System\kAVbLdg.exe
  C:\Windows\System\kAVbLdg.exe
  2⤵
  PID:4548
- C:\Windows\System\tYBMyqg.exe
  C:\Windows\System\tYBMyqg.exe
  2⤵
  PID:4572
- C:\Windows\System\IYVxBqe.exe
  C:\Windows\System\IYVxBqe.exe
  2⤵
  PID:4588
- C:\Windows\System\sxgJIrg.exe
  C:\Windows\System\sxgJIrg.exe
  2⤵
  PID:4612
- C:\Windows\System\QYsoTEr.exe
  C:\Windows\System\QYsoTEr.exe
  2⤵
  PID:4632
- C:\Windows\System\RsIKqoy.exe
  C:\Windows\System\RsIKqoy.exe
  2⤵
  PID:4652
- C:\Windows\System\SyARbpM.exe
  C:\Windows\System\SyARbpM.exe
  2⤵
  PID:4668
- C:\Windows\System\bQzLnpm.exe
  C:\Windows\System\bQzLnpm.exe
  2⤵
  PID:4692
- C:\Windows\System\YJxuaBQ.exe
  C:\Windows\System\YJxuaBQ.exe
  2⤵
  PID:4712
- C:\Windows\System\FhwkoPu.exe
  C:\Windows\System\FhwkoPu.exe
  2⤵
  PID:4728
- C:\Windows\System\FdefRit.exe
  C:\Windows\System\FdefRit.exe
  2⤵
  PID:4752
- C:\Windows\System\SqtmeeP.exe
  C:\Windows\System\SqtmeeP.exe
  2⤵
  PID:4772
- C:\Windows\System\cwsRnXn.exe
  C:\Windows\System\cwsRnXn.exe
  2⤵
  PID:4796
- C:\Windows\System\jHVqNJg.exe
  C:\Windows\System\jHVqNJg.exe
  2⤵
  PID:4816
- C:\Windows\System\ziKutEs.exe
  C:\Windows\System\ziKutEs.exe
  2⤵
  PID:4836
- C:\Windows\System\sjmAOST.exe
  C:\Windows\System\sjmAOST.exe
  2⤵
  PID:4856
- C:\Windows\System\RytMozb.exe
  C:\Windows\System\RytMozb.exe
  2⤵
  PID:4876
- C:\Windows\System\FsVizgc.exe
  C:\Windows\System\FsVizgc.exe
  2⤵
  PID:4896
- C:\Windows\System\GAOkUPr.exe
  C:\Windows\System\GAOkUPr.exe
  2⤵
  PID:4916
- C:\Windows\System\NVerHhT.exe
  C:\Windows\System\NVerHhT.exe
  2⤵
  PID:4936
- C:\Windows\System\cUhoZUn.exe
  C:\Windows\System\cUhoZUn.exe
  2⤵
  PID:4956
- C:\Windows\System\idQFvsI.exe
  C:\Windows\System\idQFvsI.exe
  2⤵
  PID:4976
- C:\Windows\System\LrhOBxg.exe
  C:\Windows\System\LrhOBxg.exe
  2⤵
  PID:4996
- C:\Windows\System\pVMpzbN.exe
  C:\Windows\System\pVMpzbN.exe
  2⤵
  PID:5012
- C:\Windows\System\AXgGdvr.exe
  C:\Windows\System\AXgGdvr.exe
  2⤵
  PID:5036
- C:\Windows\System\aPTEskp.exe
  C:\Windows\System\aPTEskp.exe
  2⤵
  PID:5060
- C:\Windows\System\LFRdKhN.exe
  C:\Windows\System\LFRdKhN.exe
  2⤵
  PID:5080
- C:\Windows\System\scsgyTV.exe
  C:\Windows\System\scsgyTV.exe
  2⤵
  PID:5100
- C:\Windows\System\MRpuHUk.exe
  C:\Windows\System\MRpuHUk.exe
  2⤵
  PID:3124
- C:\Windows\System\akjPlLC.exe
  C:\Windows\System\akjPlLC.exe
  2⤵
  PID:1616
- C:\Windows\System\WFdAeDB.exe
  C:\Windows\System\WFdAeDB.exe
  2⤵
  PID:3220
- C:\Windows\System\bPHezqW.exe
  C:\Windows\System\bPHezqW.exe
  2⤵
  PID:368
- C:\Windows\System\PoFpfsD.exe
  C:\Windows\System\PoFpfsD.exe
  2⤵
  PID:3188
- C:\Windows\System\HnfBeav.exe
  C:\Windows\System\HnfBeav.exe
  2⤵
  PID:3420
- C:\Windows\System\hjvWwmi.exe
  C:\Windows\System\hjvWwmi.exe
  2⤵
  PID:3476
- C:\Windows\System\UQpKmaq.exe
  C:\Windows\System\UQpKmaq.exe
  2⤵
  PID:3568
- C:\Windows\System\GZrlZKc.exe
  C:\Windows\System\GZrlZKc.exe
  2⤵
  PID:3604
- C:\Windows\System\NgSQsft.exe
  C:\Windows\System\NgSQsft.exe
  2⤵
  PID:3724
- C:\Windows\System\VObwJOh.exe
  C:\Windows\System\VObwJOh.exe
  2⤵
  PID:3816
- C:\Windows\System\BGDmQmz.exe
  C:\Windows\System\BGDmQmz.exe
  2⤵
  PID:4044
- C:\Windows\System\nFdBcpQ.exe
  C:\Windows\System\nFdBcpQ.exe
  2⤵
  PID:3096
- C:\Windows\System\EhVnkXr.exe
  C:\Windows\System\EhVnkXr.exe
  2⤵
  PID:4112
- C:\Windows\System\vzaSvIS.exe
  C:\Windows\System\vzaSvIS.exe
  2⤵
  PID:4068
- C:\Windows\System\FwgoyWs.exe
  C:\Windows\System\FwgoyWs.exe
  2⤵
  PID:4140
- C:\Windows\System\UWksxWn.exe
  C:\Windows\System\UWksxWn.exe
  2⤵
  PID:4196
- C:\Windows\System\LrPenFf.exe
  C:\Windows\System\LrPenFf.exe
  2⤵
  PID:4240
- C:\Windows\System\HlLCgMY.exe
  C:\Windows\System\HlLCgMY.exe
  2⤵
  PID:4252
- C:\Windows\System\egdRXSJ.exe
  C:\Windows\System\egdRXSJ.exe
  2⤵
  PID:4300
- C:\Windows\System\Lxmpdew.exe
  C:\Windows\System\Lxmpdew.exe
  2⤵
  PID:4296
- C:\Windows\System\CONhayE.exe
  C:\Windows\System\CONhayE.exe
  2⤵
  PID:4392
- C:\Windows\System\xlNCBwd.exe
  C:\Windows\System\xlNCBwd.exe
  2⤵
  PID:4372
- C:\Windows\System\tagGFdU.exe
  C:\Windows\System\tagGFdU.exe
  2⤵
  PID:4412
- C:\Windows\System\vycVLJR.exe
  C:\Windows\System\vycVLJR.exe
  2⤵
  PID:4476
- C:\Windows\System\OsUYJhx.exe
  C:\Windows\System\OsUYJhx.exe
  2⤵
  PID:4520
- C:\Windows\System\PsjdgZE.exe
  C:\Windows\System\PsjdgZE.exe
  2⤵
  PID:4500
- C:\Windows\System\uVgJBxH.exe
  C:\Windows\System\uVgJBxH.exe
  2⤵
  PID:4540
- C:\Windows\System\THsbjeN.exe
  C:\Windows\System\THsbjeN.exe
  2⤵
  PID:4580
- C:\Windows\System\KYIXkfr.exe
  C:\Windows\System\KYIXkfr.exe
  2⤵
  PID:4648
- C:\Windows\System\TISqQSQ.exe
  C:\Windows\System\TISqQSQ.exe
  2⤵
  PID:4676
- C:\Windows\System\aVkJhtO.exe
  C:\Windows\System\aVkJhtO.exe
  2⤵
  PID:4660
- C:\Windows\System\XNTpcSg.exe
  C:\Windows\System\XNTpcSg.exe
  2⤵
  PID:4708
- C:\Windows\System\VkxTFul.exe
  C:\Windows\System\VkxTFul.exe
  2⤵
  PID:4736
- C:\Windows\System\MvmcPOC.exe
  C:\Windows\System\MvmcPOC.exe
  2⤵
  PID:4808
- C:\Windows\System\kOJHfZs.exe
  C:\Windows\System\kOJHfZs.exe
  2⤵
  PID:4824
- C:\Windows\System\ZdCKnsf.exe
  C:\Windows\System\ZdCKnsf.exe
  2⤵
  PID:4864
- C:\Windows\System\tdIKKqJ.exe
  C:\Windows\System\tdIKKqJ.exe
  2⤵
  PID:4888
- C:\Windows\System\Aajowuy.exe
  C:\Windows\System\Aajowuy.exe
  2⤵
  PID:4964
- C:\Windows\System\TfkzOCO.exe
  C:\Windows\System\TfkzOCO.exe
  2⤵
  PID:4952
- C:\Windows\System\TGvHAQY.exe
  C:\Windows\System\TGvHAQY.exe
  2⤵
  PID:5048
- C:\Windows\System\GjDkiTq.exe
  C:\Windows\System\GjDkiTq.exe
  2⤵
  PID:2392
- C:\Windows\System\dDNAkvY.exe
  C:\Windows\System\dDNAkvY.exe
  2⤵
  PID:5068
- C:\Windows\System\SsLbuIL.exe
  C:\Windows\System\SsLbuIL.exe
  2⤵
  PID:5072
- C:\Windows\System\SHrVuIx.exe
  C:\Windows\System\SHrVuIx.exe
  2⤵
  PID:3252
- C:\Windows\System\bJSfZin.exe
  C:\Windows\System\bJSfZin.exe
  2⤵
  PID:3376
- C:\Windows\System\nhqNySK.exe
  C:\Windows\System\nhqNySK.exe
  2⤵
  PID:1036
- C:\Windows\System\SUlUkkS.exe
  C:\Windows\System\SUlUkkS.exe
  2⤵
  PID:3512
- C:\Windows\System\ppRwNZL.exe
  C:\Windows\System\ppRwNZL.exe
  2⤵
  PID:3240
- C:\Windows\System\NbVwWrp.exe
  C:\Windows\System\NbVwWrp.exe
  2⤵
  PID:3480
- C:\Windows\System\rOTiGTl.exe
  C:\Windows\System\rOTiGTl.exe
  2⤵
  PID:3840
- C:\Windows\System\FTsxZNP.exe
  C:\Windows\System\FTsxZNP.exe
  2⤵
  PID:1184
- C:\Windows\System\mPFonCT.exe
  C:\Windows\System\mPFonCT.exe
  2⤵
  PID:4132
- C:\Windows\System\fdkNDQQ.exe
  C:\Windows\System\fdkNDQQ.exe
  2⤵
  PID:4152
- C:\Windows\System\sNjjYze.exe
  C:\Windows\System\sNjjYze.exe
  2⤵
  PID:4256
- C:\Windows\System\LtDUPXZ.exe
  C:\Windows\System\LtDUPXZ.exe
  2⤵
  PID:4172
- C:\Windows\System\fiipARJ.exe
  C:\Windows\System\fiipARJ.exe
  2⤵
  PID:4216
- C:\Windows\System\hptqhpG.exe
  C:\Windows\System\hptqhpG.exe
  2⤵
  PID:4436
- C:\Windows\System\iDtIlHJ.exe
  C:\Windows\System\iDtIlHJ.exe
  2⤵
  PID:4368
- C:\Windows\System\zTchqmk.exe
  C:\Windows\System\zTchqmk.exe
  2⤵
  PID:4568
- C:\Windows\System\vlEfZaW.exe
  C:\Windows\System\vlEfZaW.exe
  2⤵
  PID:4416
- C:\Windows\System\EDPdfpS.exe
  C:\Windows\System\EDPdfpS.exe
  2⤵
  PID:4604
- C:\Windows\System\Cvolukn.exe
  C:\Windows\System\Cvolukn.exe
  2⤵
  PID:4768
- C:\Windows\System\WHcUlbE.exe
  C:\Windows\System\WHcUlbE.exe
  2⤵
  PID:4704
- C:\Windows\System\JoirAAK.exe
  C:\Windows\System\JoirAAK.exe
  2⤵
  PID:4724
- C:\Windows\System\PrtQQAm.exe
  C:\Windows\System\PrtQQAm.exe
  2⤵
  PID:2192
- C:\Windows\System\sXjLpGi.exe
  C:\Windows\System\sXjLpGi.exe
  2⤵
  PID:4828
- C:\Windows\System\QRdGqyb.exe
  C:\Windows\System\QRdGqyb.exe
  2⤵
  PID:4892
- C:\Windows\System\mRZvigX.exe
  C:\Windows\System\mRZvigX.exe
  2⤵
  PID:4904
- C:\Windows\System\SOJOWEV.exe
  C:\Windows\System\SOJOWEV.exe
  2⤵
  PID:4984
- C:\Windows\System\etXvWaF.exe
  C:\Windows\System\etXvWaF.exe
  2⤵
  PID:5044
- C:\Windows\System\PMOptBD.exe
  C:\Windows\System\PMOptBD.exe
  2⤵
  PID:5092
- C:\Windows\System\ziHxUKI.exe
  C:\Windows\System\ziHxUKI.exe
  2⤵
  PID:5108
- C:\Windows\System\AXtdFXI.exe
  C:\Windows\System\AXtdFXI.exe
  2⤵
  PID:1572
- C:\Windows\System\bkbdSiB.exe
  C:\Windows\System\bkbdSiB.exe
  2⤵
  PID:3380
- C:\Windows\System\GtZYOqK.exe
  C:\Windows\System\GtZYOqK.exe
  2⤵
  PID:3880
- C:\Windows\System\dJvtqOn.exe
  C:\Windows\System\dJvtqOn.exe
  2⤵
  PID:4160
- C:\Windows\System\YktJHKz.exe
  C:\Windows\System\YktJHKz.exe
  2⤵
  PID:4356
- C:\Windows\System\htmDFTU.exe
  C:\Windows\System\htmDFTU.exe
  2⤵
  PID:4064
- C:\Windows\System\Lrzgsug.exe
  C:\Windows\System\Lrzgsug.exe
  2⤵
  PID:4180
- C:\Windows\System\swVyPpo.exe
  C:\Windows\System\swVyPpo.exe
  2⤵
  PID:4688
- C:\Windows\System\RJspGvC.exe
  C:\Windows\System\RJspGvC.exe
  2⤵
  PID:4480
- C:\Windows\System\XHNWzjn.exe
  C:\Windows\System\XHNWzjn.exe
  2⤵
  PID:2852
- C:\Windows\System\uFoKUTu.exe
  C:\Windows\System\uFoKUTu.exe
  2⤵
  PID:2864
- C:\Windows\System\SJkfkGF.exe
  C:\Windows\System\SJkfkGF.exe
  2⤵
  PID:5136
- C:\Windows\System\YtdfnIZ.exe
  C:\Windows\System\YtdfnIZ.exe
  2⤵
  PID:5156
- C:\Windows\System\sSwrPgL.exe
  C:\Windows\System\sSwrPgL.exe
  2⤵
  PID:5176
- C:\Windows\System\wsfAuGF.exe
  C:\Windows\System\wsfAuGF.exe
  2⤵
  PID:5192
- C:\Windows\System\HwDjcXK.exe
  C:\Windows\System\HwDjcXK.exe
  2⤵
  PID:5216
- C:\Windows\System\sUbbOXU.exe
  C:\Windows\System\sUbbOXU.exe
  2⤵
  PID:5232
- C:\Windows\System\tVqDzod.exe
  C:\Windows\System\tVqDzod.exe
  2⤵
  PID:5252
- C:\Windows\System\IXfHHkh.exe
  C:\Windows\System\IXfHHkh.exe
  2⤵
  PID:5276
- C:\Windows\System\GgRssEi.exe
  C:\Windows\System\GgRssEi.exe
  2⤵
  PID:5292
- C:\Windows\System\mHWaZgA.exe
  C:\Windows\System\mHWaZgA.exe
  2⤵
  PID:5316
- C:\Windows\System\dXpKZOX.exe
  C:\Windows\System\dXpKZOX.exe
  2⤵
  PID:5332
- C:\Windows\System\bNcgMPg.exe
  C:\Windows\System\bNcgMPg.exe
  2⤵
  PID:5352
- C:\Windows\System\stAWFcz.exe
  C:\Windows\System\stAWFcz.exe
  2⤵
  PID:5372
- C:\Windows\System\mcvydKU.exe
  C:\Windows\System\mcvydKU.exe
  2⤵
  PID:5388
- C:\Windows\System\fwZBvwM.exe
  C:\Windows\System\fwZBvwM.exe
  2⤵
  PID:5412
- C:\Windows\System\NZzDusr.exe
  C:\Windows\System\NZzDusr.exe
  2⤵
  PID:5428
- C:\Windows\System\GjFLKGL.exe
  C:\Windows\System\GjFLKGL.exe
  2⤵
  PID:5456
- C:\Windows\System\hxLXmuL.exe
  C:\Windows\System\hxLXmuL.exe
  2⤵
  PID:5480
- C:\Windows\System\PvIPRLU.exe
  C:\Windows\System\PvIPRLU.exe
  2⤵
  PID:5500
- C:\Windows\System\zIWfXzg.exe
  C:\Windows\System\zIWfXzg.exe
  2⤵
  PID:5520
- C:\Windows\System\ROppehH.exe
  C:\Windows\System\ROppehH.exe
  2⤵
  PID:5544
- C:\Windows\System\QupMLkF.exe
  C:\Windows\System\QupMLkF.exe
  2⤵
  PID:5564
- C:\Windows\System\tYtUEJA.exe
  C:\Windows\System\tYtUEJA.exe
  2⤵
  PID:5580
- C:\Windows\System\lecDStl.exe
  C:\Windows\System\lecDStl.exe
  2⤵
  PID:5604
- C:\Windows\System\geSRZla.exe
  C:\Windows\System\geSRZla.exe
  2⤵
  PID:5624
- C:\Windows\System\ASFTznG.exe
  C:\Windows\System\ASFTznG.exe
  2⤵
  PID:5644
- C:\Windows\System\kXvpQiF.exe
  C:\Windows\System\kXvpQiF.exe
  2⤵
  PID:5664
- C:\Windows\System\HvHDSeC.exe
  C:\Windows\System\HvHDSeC.exe
  2⤵
  PID:5684
- C:\Windows\System\UIzCInG.exe
  C:\Windows\System\UIzCInG.exe
  2⤵
  PID:5704
- C:\Windows\System\QwbgasF.exe
  C:\Windows\System\QwbgasF.exe
  2⤵
  PID:5720
- C:\Windows\System\UbuvCOK.exe
  C:\Windows\System\UbuvCOK.exe
  2⤵
  PID:5740
- C:\Windows\System\MunSWMR.exe
  C:\Windows\System\MunSWMR.exe
  2⤵
  PID:5764
- C:\Windows\System\MAXNcHY.exe
  C:\Windows\System\MAXNcHY.exe
  2⤵
  PID:5780
- C:\Windows\System\VBEHVxG.exe
  C:\Windows\System\VBEHVxG.exe
  2⤵
  PID:5804
- C:\Windows\System\ldAWhjq.exe
  C:\Windows\System\ldAWhjq.exe
  2⤵
  PID:5820
- C:\Windows\System\uBjnyDH.exe
  C:\Windows\System\uBjnyDH.exe
  2⤵
  PID:5836
- C:\Windows\System\VkfxIjo.exe
  C:\Windows\System\VkfxIjo.exe
  2⤵
  PID:5868
- C:\Windows\System\idHomAJ.exe
  C:\Windows\System\idHomAJ.exe
  2⤵
  PID:5896
- C:\Windows\System\TUPJggi.exe
  C:\Windows\System\TUPJggi.exe
  2⤵
  PID:5916
- C:\Windows\System\TgBwfJd.exe
  C:\Windows\System\TgBwfJd.exe
  2⤵
  PID:5936
- C:\Windows\System\fkDZMYV.exe
  C:\Windows\System\fkDZMYV.exe
  2⤵
  PID:5952
- C:\Windows\System\hFvqTiu.exe
  C:\Windows\System\hFvqTiu.exe
  2⤵
  PID:5968
- C:\Windows\System\kDMpvGn.exe
  C:\Windows\System\kDMpvGn.exe
  2⤵
  PID:5992
- C:\Windows\System\BsjaDaO.exe
  C:\Windows\System\BsjaDaO.exe
  2⤵
  PID:6012
- C:\Windows\System\BZCcnIS.exe
  C:\Windows\System\BZCcnIS.exe
  2⤵
  PID:6028
- C:\Windows\System\OlEDiUH.exe
  C:\Windows\System\OlEDiUH.exe
  2⤵
  PID:6052
- C:\Windows\System\AuUwOHm.exe
  C:\Windows\System\AuUwOHm.exe
  2⤵
  PID:6072
- C:\Windows\System\dGrmGcz.exe
  C:\Windows\System\dGrmGcz.exe
  2⤵
  PID:6088
- C:\Windows\System\KbfagDn.exe
  C:\Windows\System\KbfagDn.exe
  2⤵
  PID:6112
- C:\Windows\System\ZbULjnY.exe
  C:\Windows\System\ZbULjnY.exe
  2⤵
  PID:6136
- C:\Windows\System\PtmDVXP.exe
  C:\Windows\System\PtmDVXP.exe
  2⤵
  PID:4928
- C:\Windows\System\rwxxEKH.exe
  C:\Windows\System\rwxxEKH.exe
  2⤵
  PID:5028
- C:\Windows\System\GyMddnC.exe
  C:\Windows\System\GyMddnC.exe
  2⤵
  PID:4844
- C:\Windows\System\hCJUYuY.exe
  C:\Windows\System\hCJUYuY.exe
  2⤵
  PID:5112
- C:\Windows\System\huGIuJh.exe
  C:\Windows\System\huGIuJh.exe
  2⤵
  PID:3496
- C:\Windows\System\OXwWtbQ.exe
  C:\Windows\System\OXwWtbQ.exe
  2⤵
  PID:4004
- C:\Windows\System\cvvCHHe.exe
  C:\Windows\System\cvvCHHe.exe
  2⤵
  PID:4092
- C:\Windows\System\HRRegrV.exe
  C:\Windows\System\HRRegrV.exe
  2⤵
  PID:4176
- C:\Windows\System\mFXYTxM.exe
  C:\Windows\System\mFXYTxM.exe
  2⤵
  PID:4624
- C:\Windows\System\SShSJko.exe
  C:\Windows\System\SShSJko.exe
  2⤵
  PID:4340
- C:\Windows\System\oNvjDJk.exe
  C:\Windows\System\oNvjDJk.exe
  2⤵
  PID:4680
- C:\Windows\System\JgTiYPU.exe
  C:\Windows\System\JgTiYPU.exe
  2⤵
  PID:5148
- C:\Windows\System\MWlBAhC.exe
  C:\Windows\System\MWlBAhC.exe
  2⤵
  PID:5188
- C:\Windows\System\BxnWRgJ.exe
  C:\Windows\System\BxnWRgJ.exe
  2⤵
  PID:5168
- C:\Windows\System\netDVhi.exe
  C:\Windows\System\netDVhi.exe
  2⤵
  PID:5212
- C:\Windows\System\OKttFmE.exe
  C:\Windows\System\OKttFmE.exe
  2⤵
  PID:5248
- C:\Windows\System\ihHnGgz.exe
  C:\Windows\System\ihHnGgz.exe
  2⤵
  PID:5304
- C:\Windows\System\jqHoPuh.exe
  C:\Windows\System\jqHoPuh.exe
  2⤵
  PID:5380
- C:\Windows\System\LxqBHFg.exe
  C:\Windows\System\LxqBHFg.exe
  2⤵
  PID:5420
- C:\Windows\System\TwNAbwG.exe
  C:\Windows\System\TwNAbwG.exe
  2⤵
  PID:5424
- C:\Windows\System\MmjWqTn.exe
  C:\Windows\System\MmjWqTn.exe
  2⤵
  PID:5468
- C:\Windows\System\GXVVSwy.exe
  C:\Windows\System\GXVVSwy.exe
  2⤵
  PID:5452
- C:\Windows\System\KatfUFL.exe
  C:\Windows\System\KatfUFL.exe
  2⤵
  PID:5496
- C:\Windows\System\hBcxwKC.exe
  C:\Windows\System\hBcxwKC.exe
  2⤵
  PID:5556
- C:\Windows\System\nslKfzk.exe
  C:\Windows\System\nslKfzk.exe
  2⤵
  PID:5528
- C:\Windows\System\gGxJiDr.exe
  C:\Windows\System\gGxJiDr.exe
  2⤵
  PID:5572
- C:\Windows\System\MAxOYGU.exe
  C:\Windows\System\MAxOYGU.exe
  2⤵
  PID:2304
- C:\Windows\System\JRAmVJG.exe
  C:\Windows\System\JRAmVJG.exe
  2⤵
  PID:5612
- C:\Windows\System\IBzmugD.exe
  C:\Windows\System\IBzmugD.exe
  2⤵
  PID:5712
- C:\Windows\System\pLhivsU.exe
  C:\Windows\System\pLhivsU.exe
  2⤵
  PID:5700
- C:\Windows\System\ZFftgur.exe
  C:\Windows\System\ZFftgur.exe
  2⤵
  PID:5752
- C:\Windows\System\XESzIPU.exe
  C:\Windows\System\XESzIPU.exe
  2⤵
  PID:5800
- C:\Windows\System\FnJhTYR.exe
  C:\Windows\System\FnJhTYR.exe
  2⤵
  PID:2868
- C:\Windows\System\AHiEYcn.exe
  C:\Windows\System\AHiEYcn.exe
  2⤵
  PID:5888
- C:\Windows\System\WyMzVys.exe
  C:\Windows\System\WyMzVys.exe
  2⤵
  PID:5924
- C:\Windows\System\TmRlqso.exe
  C:\Windows\System\TmRlqso.exe
  2⤵
  PID:5848
- C:\Windows\System\bzONwVx.exe
  C:\Windows\System\bzONwVx.exe
  2⤵
  PID:5904
- C:\Windows\System\yTxSway.exe
  C:\Windows\System\yTxSway.exe
  2⤵
  PID:6004
- C:\Windows\System\wePovNb.exe
  C:\Windows\System\wePovNb.exe
  2⤵
  PID:5944
- C:\Windows\System\gbvFmbQ.exe
  C:\Windows\System\gbvFmbQ.exe
  2⤵
  PID:5988
- C:\Windows\System\xxHCrUa.exe
  C:\Windows\System\xxHCrUa.exe
  2⤵
  PID:6024
- C:\Windows\System\djngGmG.exe
  C:\Windows\System\djngGmG.exe
  2⤵
  PID:6128
- C:\Windows\System\LjlnIhf.exe
  C:\Windows\System\LjlnIhf.exe
  2⤵
  PID:6096
- C:\Windows\System\YxLSusy.exe
  C:\Windows\System\YxLSusy.exe
  2⤵
  PID:5008
- C:\Windows\System\xUPOFHX.exe
  C:\Windows\System\xUPOFHX.exe
  2⤵
  PID:4720
- C:\Windows\System\bUCvAEN.exe
  C:\Windows\System\bUCvAEN.exe
  2⤵
  PID:3740
- C:\Windows\System\nZjTtTN.exe
  C:\Windows\System\nZjTtTN.exe
  2⤵
  PID:3548
- C:\Windows\System\mrkgIeb.exe
  C:\Windows\System\mrkgIeb.exe
  2⤵
  PID:4332
- C:\Windows\System\xjiwnHZ.exe
  C:\Windows\System\xjiwnHZ.exe
  2⤵
  PID:4512
- C:\Windows\System\PxQbISa.exe
  C:\Windows\System\PxQbISa.exe
  2⤵
  PID:4472
- C:\Windows\System\SwIUiBG.exe
  C:\Windows\System\SwIUiBG.exe
  2⤵
  PID:5184
- C:\Windows\System\bmYMeub.exe
  C:\Windows\System\bmYMeub.exe
  2⤵
  PID:5228
- C:\Windows\System\tOoPmAL.exe
  C:\Windows\System\tOoPmAL.exe
  2⤵
  PID:5348
- C:\Windows\System\eMNUVVc.exe
  C:\Windows\System\eMNUVVc.exe
  2⤵
  PID:5300
- C:\Windows\System\YQooKtA.exe
  C:\Windows\System\YQooKtA.exe
  2⤵
  PID:5324
- C:\Windows\System\ZaIXYYE.exe
  C:\Windows\System\ZaIXYYE.exe
  2⤵
  PID:5400
- C:\Windows\System\NuYYxuu.exe
  C:\Windows\System\NuYYxuu.exe
  2⤵
  PID:5440
- C:\Windows\System\FRAFYoR.exe
  C:\Windows\System\FRAFYoR.exe
  2⤵
  PID:5532
- C:\Windows\System\RZPMqIN.exe
  C:\Windows\System\RZPMqIN.exe
  2⤵
  PID:5576
- C:\Windows\System\BNuUPmv.exe
  C:\Windows\System\BNuUPmv.exe
  2⤵
  PID:5652
- C:\Windows\System\ZBejnHD.exe
  C:\Windows\System\ZBejnHD.exe
  2⤵
  PID:2928
- C:\Windows\System\IhFdnhR.exe
  C:\Windows\System\IhFdnhR.exe
  2⤵
  PID:5760
- C:\Windows\System\nawXmIT.exe
  C:\Windows\System\nawXmIT.exe
  2⤵
  PID:5876
- C:\Windows\System\yMTgFKS.exe
  C:\Windows\System\yMTgFKS.exe
  2⤵
  PID:5828
- C:\Windows\System\nUCjJxq.exe
  C:\Windows\System\nUCjJxq.exe
  2⤵
  PID:6000
- C:\Windows\System\NZSTadM.exe
  C:\Windows\System\NZSTadM.exe
  2⤵
  PID:6044
- C:\Windows\System\dxxNqNm.exe
  C:\Windows\System\dxxNqNm.exe
  2⤵
  PID:5856
- C:\Windows\System\DGJMDvL.exe
  C:\Windows\System\DGJMDvL.exe
  2⤵
  PID:6040
- C:\Windows\System\ZwuYBei.exe
  C:\Windows\System\ZwuYBei.exe
  2⤵
  PID:6080
- C:\Windows\System\pvrTVoL.exe
  C:\Windows\System\pvrTVoL.exe
  2⤵
  PID:4944
- C:\Windows\System\wNSpyOV.exe
  C:\Windows\System\wNSpyOV.exe
  2⤵
  PID:3704
- C:\Windows\System\dpJqNkp.exe
  C:\Windows\System\dpJqNkp.exe
  2⤵
  PID:4352
- C:\Windows\System\uHwonlO.exe
  C:\Windows\System\uHwonlO.exe
  2⤵
  PID:5164
- C:\Windows\System\fiEKtKL.exe
  C:\Windows\System\fiEKtKL.exe
  2⤵
  PID:5268
- C:\Windows\System\qlghrKW.exe
  C:\Windows\System\qlghrKW.exe
  2⤵
  PID:5328
- C:\Windows\System\BjUUESD.exe
  C:\Windows\System\BjUUESD.exe
  2⤵
  PID:5208
- C:\Windows\System\vZblphF.exe
  C:\Windows\System\vZblphF.exe
  2⤵
  PID:5308
- C:\Windows\System\LgaPHOH.exe
  C:\Windows\System\LgaPHOH.exe
  2⤵
  PID:5672
- C:\Windows\System\kwwhlyn.exe
  C:\Windows\System\kwwhlyn.exe
  2⤵
  PID:5592
- C:\Windows\System\iGJKRGm.exe
  C:\Windows\System\iGJKRGm.exe
  2⤵
  PID:5732
- C:\Windows\System\kHnzDph.exe
  C:\Windows\System\kHnzDph.exe
  2⤵
  PID:2412
- C:\Windows\System\wFSZrky.exe
  C:\Windows\System\wFSZrky.exe
  2⤵
  PID:5932
- C:\Windows\System\FkRLLwl.exe
  C:\Windows\System\FkRLLwl.exe
  2⤵
  PID:5844
- C:\Windows\System\PScTivg.exe
  C:\Windows\System\PScTivg.exe
  2⤵
  PID:5960
- C:\Windows\System\soGvQgI.exe
  C:\Windows\System\soGvQgI.exe
  2⤵
  PID:6156
- C:\Windows\System\HeIyHRQ.exe
  C:\Windows\System\HeIyHRQ.exe
  2⤵
  PID:6176
- C:\Windows\System\wYrnMFd.exe
  C:\Windows\System\wYrnMFd.exe
  2⤵
  PID:6192
- C:\Windows\System\WpuUwcb.exe
  C:\Windows\System\WpuUwcb.exe
  2⤵
  PID:6216
- C:\Windows\System\AMdFWJQ.exe
  C:\Windows\System\AMdFWJQ.exe
  2⤵
  PID:6236
- C:\Windows\System\DThvrmK.exe
  C:\Windows\System\DThvrmK.exe
  2⤵
  PID:6252
- C:\Windows\System\PFBWIRc.exe
  C:\Windows\System\PFBWIRc.exe
  2⤵
  PID:6276
- C:\Windows\System\BbqTvLx.exe
  C:\Windows\System\BbqTvLx.exe
  2⤵
  PID:6296
- C:\Windows\System\lSiOJvv.exe
  C:\Windows\System\lSiOJvv.exe
  2⤵
  PID:6312
- C:\Windows\System\onzaVsa.exe
  C:\Windows\System\onzaVsa.exe
  2⤵
  PID:6332
- C:\Windows\System\BsvpmxP.exe
  C:\Windows\System\BsvpmxP.exe
  2⤵
  PID:6356
- C:\Windows\System\MSBsWBT.exe
  C:\Windows\System\MSBsWBT.exe
  2⤵
  PID:6372
- C:\Windows\System\bJvfRWT.exe
  C:\Windows\System\bJvfRWT.exe
  2⤵
  PID:6392
- C:\Windows\System\Oepqrfd.exe
  C:\Windows\System\Oepqrfd.exe
  2⤵
  PID:6408
- C:\Windows\System\nobQZIr.exe
  C:\Windows\System\nobQZIr.exe
  2⤵
  PID:6432
- C:\Windows\System\cfjssvU.exe
  C:\Windows\System\cfjssvU.exe
  2⤵
  PID:6452
- C:\Windows\System\ZyWZOAp.exe
  C:\Windows\System\ZyWZOAp.exe
  2⤵
  PID:6472
- C:\Windows\System\bjSFXfp.exe
  C:\Windows\System\bjSFXfp.exe
  2⤵
  PID:6496
- C:\Windows\System\NOnDJbd.exe
  C:\Windows\System\NOnDJbd.exe
  2⤵
  PID:6516
- C:\Windows\System\MKpcmhj.exe
  C:\Windows\System\MKpcmhj.exe
  2⤵
  PID:6540
- C:\Windows\System\QNcGfVF.exe
  C:\Windows\System\QNcGfVF.exe
  2⤵
  PID:6560
- C:\Windows\System\UjKvCMZ.exe
  C:\Windows\System\UjKvCMZ.exe
  2⤵
  PID:6580
- C:\Windows\System\FoaEZkK.exe
  C:\Windows\System\FoaEZkK.exe
  2⤵
  PID:6600
- C:\Windows\System\NDFxweD.exe
  C:\Windows\System\NDFxweD.exe
  2⤵
  PID:6620
- C:\Windows\System\YmuPrnM.exe
  C:\Windows\System\YmuPrnM.exe
  2⤵
  PID:6640
- C:\Windows\System\loVbHQD.exe
  C:\Windows\System\loVbHQD.exe
  2⤵
  PID:6660
- C:\Windows\System\PvNzJSe.exe
  C:\Windows\System\PvNzJSe.exe
  2⤵
  PID:6680
- C:\Windows\System\yUoVADF.exe
  C:\Windows\System\yUoVADF.exe
  2⤵
  PID:6700
- C:\Windows\System\gQTKiMS.exe
  C:\Windows\System\gQTKiMS.exe
  2⤵
  PID:6716
- C:\Windows\System\wGEhqkU.exe
  C:\Windows\System\wGEhqkU.exe
  2⤵
  PID:6740
- C:\Windows\System\aqJkIwZ.exe
  C:\Windows\System\aqJkIwZ.exe
  2⤵
  PID:6760
- C:\Windows\System\qzemJue.exe
  C:\Windows\System\qzemJue.exe
  2⤵
  PID:6780
- C:\Windows\System\TYefIeZ.exe
  C:\Windows\System\TYefIeZ.exe
  2⤵
  PID:6800
- C:\Windows\System\geyvkGx.exe
  C:\Windows\System\geyvkGx.exe
  2⤵
  PID:6824
- C:\Windows\System\WdfZDsw.exe
  C:\Windows\System\WdfZDsw.exe
  2⤵
  PID:6844
- C:\Windows\System\MWcXGyA.exe
  C:\Windows\System\MWcXGyA.exe
  2⤵
  PID:6864
- C:\Windows\System\WvnzBGy.exe
  C:\Windows\System\WvnzBGy.exe
  2⤵
  PID:6880
- C:\Windows\System\OqGCRYk.exe
  C:\Windows\System\OqGCRYk.exe
  2⤵
  PID:6900
- C:\Windows\System\zEgEqRC.exe
  C:\Windows\System\zEgEqRC.exe
  2⤵
  PID:6924
- C:\Windows\System\uYNPPHk.exe
  C:\Windows\System\uYNPPHk.exe
  2⤵
  PID:6944
- C:\Windows\System\sNrXDZt.exe
  C:\Windows\System\sNrXDZt.exe
  2⤵
  PID:6964
- C:\Windows\System\nLHkdoJ.exe
  C:\Windows\System\nLHkdoJ.exe
  2⤵
  PID:6980
- C:\Windows\System\WNbVHQH.exe
  C:\Windows\System\WNbVHQH.exe
  2⤵
  PID:7000
- C:\Windows\System\LOGkomS.exe
  C:\Windows\System\LOGkomS.exe
  2⤵
  PID:7024
- C:\Windows\System\Wuhvbrs.exe
  C:\Windows\System\Wuhvbrs.exe
  2⤵
  PID:7044
- C:\Windows\System\MCuOLoI.exe
  C:\Windows\System\MCuOLoI.exe
  2⤵
  PID:7060
- C:\Windows\System\nGKUZTs.exe
  C:\Windows\System\nGKUZTs.exe
  2⤵
  PID:7080
- C:\Windows\System\enGCpLf.exe
  C:\Windows\System\enGCpLf.exe
  2⤵
  PID:7100
- C:\Windows\System\qnpWLaq.exe
  C:\Windows\System\qnpWLaq.exe
  2⤵
  PID:7124
- C:\Windows\System\rqWASGZ.exe
  C:\Windows\System\rqWASGZ.exe
  2⤵
  PID:7144
- C:\Windows\System\RHPqdYd.exe
  C:\Windows\System\RHPqdYd.exe
  2⤵
  PID:7164
- C:\Windows\System\SXKnkys.exe
  C:\Windows\System\SXKnkys.exe
  2⤵
  PID:6020
- C:\Windows\System\NlkcEZG.exe
  C:\Windows\System\NlkcEZG.exe
  2⤵
  PID:3620
- C:\Windows\System\EPtcERv.exe
  C:\Windows\System\EPtcERv.exe
  2⤵
  PID:3848
- C:\Windows\System\jbyixYr.exe
  C:\Windows\System\jbyixYr.exe
  2⤵
  PID:5152
- C:\Windows\System\XfLIkUu.exe
  C:\Windows\System\XfLIkUu.exe
  2⤵
  PID:5132
- C:\Windows\System\qVwiZYs.exe
  C:\Windows\System\qVwiZYs.exe
  2⤵
  PID:5284
- C:\Windows\System\cKVbbxC.exe
  C:\Windows\System\cKVbbxC.exe
  2⤵
  PID:5676
- C:\Windows\System\fLdUdSc.exe
  C:\Windows\System\fLdUdSc.exe
  2⤵
  PID:5368
- C:\Windows\System\akVbpex.exe
  C:\Windows\System\akVbpex.exe
  2⤵
  PID:2660
- C:\Windows\System\NzGblqZ.exe
  C:\Windows\System\NzGblqZ.exe
  2⤵
  PID:6200
- C:\Windows\System\KhHUqZG.exe
  C:\Windows\System\KhHUqZG.exe
  2⤵
  PID:2388
- C:\Windows\System\zuUcgPz.exe
  C:\Windows\System\zuUcgPz.exe
  2⤵
  PID:5772
- C:\Windows\System\wIqzlUb.exe
  C:\Windows\System\wIqzlUb.exe
  2⤵
  PID:6244
- C:\Windows\System\eivGVMR.exe
  C:\Windows\System\eivGVMR.exe
  2⤵
  PID:6320
- C:\Windows\System\XoHyMmU.exe
  C:\Windows\System\XoHyMmU.exe
  2⤵
  PID:6148
- C:\Windows\System\CPgJfEG.exe
  C:\Windows\System\CPgJfEG.exe
  2⤵
  PID:6224
- C:\Windows\System\rxFGUXm.exe
  C:\Windows\System\rxFGUXm.exe
  2⤵
  PID:6260
- C:\Windows\System\HbQMCHu.exe
  C:\Windows\System\HbQMCHu.exe
  2⤵
  PID:6404
- C:\Windows\System\PxHLPXl.exe
  C:\Windows\System\PxHLPXl.exe
  2⤵
  PID:6344
- C:\Windows\System\pZmulJu.exe
  C:\Windows\System\pZmulJu.exe
  2⤵
  PID:6328
- C:\Windows\System\WVXihbg.exe
  C:\Windows\System\WVXihbg.exe
  2⤵
  PID:6492
- C:\Windows\System\kocLnZy.exe
  C:\Windows\System\kocLnZy.exe
  2⤵
  PID:6420
- C:\Windows\System\GmBoIdz.exe
  C:\Windows\System\GmBoIdz.exe
  2⤵
  PID:6532
- C:\Windows\System\WYACyWr.exe
  C:\Windows\System\WYACyWr.exe
  2⤵
  PID:6512
- C:\Windows\System\VuQACzU.exe
  C:\Windows\System\VuQACzU.exe
  2⤵
  PID:6576
- C:\Windows\System\bOMgRQw.exe
  C:\Windows\System\bOMgRQw.exe
  2⤵
  PID:6612
- C:\Windows\System\FeRrKok.exe
  C:\Windows\System\FeRrKok.exe
  2⤵
  PID:6628
- C:\Windows\System\SgSpyKM.exe
  C:\Windows\System\SgSpyKM.exe
  2⤵
  PID:6676
- C:\Windows\System\BcIFhYP.exe
  C:\Windows\System\BcIFhYP.exe
  2⤵
  PID:6724
- C:\Windows\System\hJESIRd.exe
  C:\Windows\System\hJESIRd.exe
  2⤵
  PID:6768
- C:\Windows\System\HFXYSdV.exe
  C:\Windows\System\HFXYSdV.exe
  2⤵
  PID:6748
- C:\Windows\System\abZxlsi.exe
  C:\Windows\System\abZxlsi.exe
  2⤵
  PID:6820
- C:\Windows\System\aUIaDvY.exe
  C:\Windows\System\aUIaDvY.exe
  2⤵
  PID:6856
- C:\Windows\System\HPJatUe.exe
  C:\Windows\System\HPJatUe.exe
  2⤵
  PID:6832
- C:\Windows\System\IsujNlp.exe
  C:\Windows\System\IsujNlp.exe
  2⤵
  PID:6936
- C:\Windows\System\ejIlroT.exe
  C:\Windows\System\ejIlroT.exe
  2⤵
  PID:6972
- C:\Windows\System\Mdelqzk.exe
  C:\Windows\System\Mdelqzk.exe
  2⤵
  PID:6952
- C:\Windows\System\AcQGJRp.exe
  C:\Windows\System\AcQGJRp.exe
  2⤵
  PID:7012
- C:\Windows\System\CGRrXpw.exe
  C:\Windows\System\CGRrXpw.exe
  2⤵
  PID:7096
- C:\Windows\System\QOxFkLf.exe
  C:\Windows\System\QOxFkLf.exe
  2⤵
  PID:6996
- C:\Windows\System\yQxSdut.exe
  C:\Windows\System\yQxSdut.exe
  2⤵
  PID:7040
- C:\Windows\System\eUtDqmW.exe
  C:\Windows\System\eUtDqmW.exe
  2⤵
  PID:6048
- C:\Windows\System\jwmpmsj.exe
  C:\Windows\System\jwmpmsj.exe
  2⤵
  PID:2812
- C:\Windows\System\pXCfEgH.exe
  C:\Windows\System\pXCfEgH.exe
  2⤵
  PID:4460
- C:\Windows\System\OCXRjxA.exe
  C:\Windows\System\OCXRjxA.exe
  2⤵
  PID:2692
- C:\Windows\System\TWiwYja.exe
  C:\Windows\System\TWiwYja.exe
  2⤵
  PID:2664
- C:\Windows\System\abfNEfJ.exe
  C:\Windows\System\abfNEfJ.exe
  2⤵
  PID:5796
- C:\Windows\System\dOxofpL.exe
  C:\Windows\System\dOxofpL.exe
  2⤵
  PID:5404
- C:\Windows\System\HppXmKy.exe
  C:\Windows\System\HppXmKy.exe
  2⤵
  PID:5444
- C:\Windows\System\BAbWduF.exe
  C:\Windows\System\BAbWduF.exe
  2⤵
  PID:6368
- C:\Windows\System\lojVwbL.exe
  C:\Windows\System\lojVwbL.exe
  2⤵
  PID:5540
- C:\Windows\System\VltMEvg.exe
  C:\Windows\System\VltMEvg.exe
  2⤵
  PID:3056
- C:\Windows\System\TpTHqqF.exe
  C:\Windows\System\TpTHqqF.exe
  2⤵
  PID:6488
- C:\Windows\System\ztaRqny.exe
  C:\Windows\System\ztaRqny.exe
  2⤵
  PID:6292
- C:\Windows\System\YnqDNre.exe
  C:\Windows\System\YnqDNre.exe
  2⤵
  PID:6264
- C:\Windows\System\VlrmvnP.exe
  C:\Windows\System\VlrmvnP.exe
  2⤵
  PID:6440
- C:\Windows\System\XUWLEvo.exe
  C:\Windows\System\XUWLEvo.exe
  2⤵
  PID:6592
- C:\Windows\System\UelSJCY.exe
  C:\Windows\System\UelSJCY.exe
  2⤵
  PID:6460
- C:\Windows\System\rsDzTxZ.exe
  C:\Windows\System\rsDzTxZ.exe
  2⤵
  PID:6552
- C:\Windows\System\MiknVew.exe
  C:\Windows\System\MiknVew.exe
  2⤵
  PID:6712
- C:\Windows\System\mApxqqq.exe
  C:\Windows\System\mApxqqq.exe
  2⤵
  PID:6812
- C:\Windows\System\NXCChpD.exe
  C:\Windows\System\NXCChpD.exe
  2⤵
  PID:6652
- C:\Windows\System\NPtAcVl.exe
  C:\Windows\System\NPtAcVl.exe
  2⤵
  PID:6916
- C:\Windows\System\cvBEfcQ.exe
  C:\Windows\System\cvBEfcQ.exe
  2⤵
  PID:6808
- C:\Windows\System\CMavzks.exe
  C:\Windows\System\CMavzks.exe
  2⤵
  PID:6872
- C:\Windows\System\XwtjquE.exe
  C:\Windows\System\XwtjquE.exe
  2⤵
  PID:7116
- C:\Windows\System\DAdnvwH.exe
  C:\Windows\System\DAdnvwH.exe
  2⤵
  PID:2712
- C:\Windows\System\wgEqsCh.exe
  C:\Windows\System\wgEqsCh.exe
  2⤵
  PID:108
- C:\Windows\System\SotlkQZ.exe
  C:\Windows\System\SotlkQZ.exe
  2⤵
  PID:6108
- C:\Windows\System\HquZvKL.exe
  C:\Windows\System\HquZvKL.exe
  2⤵
  PID:5748
- C:\Windows\System\puAWQcc.exe
  C:\Windows\System\puAWQcc.exe
  2⤵
  PID:6184
- C:\Windows\System\XGRkokt.exe
  C:\Windows\System\XGRkokt.exe
  2⤵
  PID:6608
- C:\Windows\System\ZxCwDDS.exe
  C:\Windows\System\ZxCwDDS.exe
  2⤵
  PID:6364
- C:\Windows\System\dOCCbUM.exe
  C:\Windows\System\dOCCbUM.exe
  2⤵
  PID:6920
- C:\Windows\System\FtOBXtf.exe
  C:\Windows\System\FtOBXtf.exe
  2⤵
  PID:6380
- C:\Windows\System\rabNnLM.exe
  C:\Windows\System\rabNnLM.exe
  2⤵
  PID:6504
- C:\Windows\System\aCyJDEe.exe
  C:\Windows\System\aCyJDEe.exe
  2⤵
  PID:7160
- C:\Windows\System\gtrOdOn.exe
  C:\Windows\System\gtrOdOn.exe
  2⤵
  PID:7068
- C:\Windows\System\qwGTPnz.exe
  C:\Windows\System\qwGTPnz.exe
  2⤵
  PID:6060
- C:\Windows\System\mOOpgNv.exe
  C:\Windows\System\mOOpgNv.exe
  2⤵
  PID:6696
- C:\Windows\System\HqzACGz.exe
  C:\Windows\System\HqzACGz.exe
  2⤵
  PID:6168
- C:\Windows\System\ixEePON.exe
  C:\Windows\System\ixEePON.exe
  2⤵
  PID:7184
- C:\Windows\System\kArwybc.exe
  C:\Windows\System\kArwybc.exe
  2⤵
  PID:7204
- C:\Windows\System\zDfSbhG.exe
  C:\Windows\System\zDfSbhG.exe
  2⤵
  PID:7224
- C:\Windows\System\ZIWPiCv.exe
  C:\Windows\System\ZIWPiCv.exe
  2⤵
  PID:7248
- C:\Windows\System\IrsNXWV.exe
  C:\Windows\System\IrsNXWV.exe
  2⤵
  PID:7264
- C:\Windows\System\jMAzwza.exe
  C:\Windows\System\jMAzwza.exe
  2⤵
  PID:7280
- C:\Windows\System\AsQZtuz.exe
  C:\Windows\System\AsQZtuz.exe
  2⤵
  PID:7296
- C:\Windows\System\YozPXKD.exe
  C:\Windows\System\YozPXKD.exe
  2⤵
  PID:7316
- C:\Windows\System\zeylWgv.exe
  C:\Windows\System\zeylWgv.exe
  2⤵
  PID:7400
- C:\Windows\System\eWcEEYD.exe
  C:\Windows\System\eWcEEYD.exe
  2⤵
  PID:7424
- C:\Windows\System\IneilNr.exe
  C:\Windows\System\IneilNr.exe
  2⤵
  PID:7440
- C:\Windows\System\AhyzuIj.exe
  C:\Windows\System\AhyzuIj.exe
  2⤵
  PID:7472
- C:\Windows\System\CdEkVZe.exe
  C:\Windows\System\CdEkVZe.exe
  2⤵
  PID:7488
- C:\Windows\System\Busmbcs.exe
  C:\Windows\System\Busmbcs.exe
  2⤵
  PID:7508
- C:\Windows\System\NdpsxoT.exe
  C:\Windows\System\NdpsxoT.exe
  2⤵
  PID:7524
- C:\Windows\System\wQukppA.exe
  C:\Windows\System\wQukppA.exe
  2⤵
  PID:7540
- C:\Windows\System\JwyBHDd.exe
  C:\Windows\System\JwyBHDd.exe
  2⤵
  PID:7560
- C:\Windows\System\ZyRlHBZ.exe
  C:\Windows\System\ZyRlHBZ.exe
  2⤵
  PID:7576
- C:\Windows\System\KhSVGAD.exe
  C:\Windows\System\KhSVGAD.exe
  2⤵
  PID:7596
- C:\Windows\System\rYsLaKJ.exe
  C:\Windows\System\rYsLaKJ.exe
  2⤵
  PID:7652
- C:\Windows\System\WbXGlaT.exe
  C:\Windows\System\WbXGlaT.exe
  2⤵
  PID:7688
- C:\Windows\System\OAQSkra.exe
  C:\Windows\System\OAQSkra.exe
  2⤵
  PID:7704
- C:\Windows\System\jhUZnKt.exe
  C:\Windows\System\jhUZnKt.exe
  2⤵
  PID:7724
- C:\Windows\System\ArZXnlU.exe
  C:\Windows\System\ArZXnlU.exe
  2⤵
  PID:7740
- C:\Windows\System\QGrUIIv.exe
  C:\Windows\System\QGrUIIv.exe
  2⤵
  PID:7764
- C:\Windows\System\mnCiWzm.exe
  C:\Windows\System\mnCiWzm.exe
  2⤵
  PID:7780
- C:\Windows\System\PLPNpML.exe
  C:\Windows\System\PLPNpML.exe
  2⤵
  PID:7796
- C:\Windows\System\CNeVsjP.exe
  C:\Windows\System\CNeVsjP.exe
  2⤵
  PID:7812
- C:\Windows\System\sSFnUnk.exe
  C:\Windows\System\sSFnUnk.exe
  2⤵
  PID:7828
- C:\Windows\System\TScHJhK.exe
  C:\Windows\System\TScHJhK.exe
  2⤵
  PID:7848
- C:\Windows\System\hMccjyP.exe
  C:\Windows\System\hMccjyP.exe
  2⤵
  PID:7868
- C:\Windows\System\UVBPqBi.exe
  C:\Windows\System\UVBPqBi.exe
  2⤵
  PID:7892
- C:\Windows\System\cKAILnK.exe
  C:\Windows\System\cKAILnK.exe
  2⤵
  PID:7912
- C:\Windows\System\sDihTAC.exe
  C:\Windows\System\sDihTAC.exe
  2⤵
  PID:7928
- C:\Windows\System\ahyDmOB.exe
  C:\Windows\System\ahyDmOB.exe
  2⤵
  PID:7944
- C:\Windows\System\WOrEdcK.exe
  C:\Windows\System\WOrEdcK.exe
  2⤵
  PID:7960
- C:\Windows\System\jynIRGT.exe
  C:\Windows\System\jynIRGT.exe
  2⤵
  PID:7976
- C:\Windows\System\pCchRDn.exe
  C:\Windows\System\pCchRDn.exe
  2⤵
  PID:7992
- C:\Windows\System\OiKQuQE.exe
  C:\Windows\System\OiKQuQE.exe
  2⤵
  PID:8044
- C:\Windows\System\jsljSsc.exe
  C:\Windows\System\jsljSsc.exe
  2⤵
  PID:8060
- C:\Windows\System\txRBtWO.exe
  C:\Windows\System\txRBtWO.exe
  2⤵
  PID:8076
- C:\Windows\System\YPrinQC.exe
  C:\Windows\System\YPrinQC.exe
  2⤵
  PID:8092
- C:\Windows\System\QAJSeBW.exe
  C:\Windows\System\QAJSeBW.exe
  2⤵
  PID:8108
- C:\Windows\System\nyHeSDy.exe
  C:\Windows\System\nyHeSDy.exe
  2⤵
  PID:8124
- C:\Windows\System\YYZMJCL.exe
  C:\Windows\System\YYZMJCL.exe
  2⤵
  PID:8140
- C:\Windows\System\BUckswP.exe
  C:\Windows\System\BUckswP.exe
  2⤵
  PID:8156
- C:\Windows\System\zaawZvs.exe
  C:\Windows\System\zaawZvs.exe
  2⤵
  PID:8176
- C:\Windows\System\lbbGMvH.exe
  C:\Windows\System\lbbGMvH.exe
  2⤵
  PID:3040
- C:\Windows\System\MLXXtfV.exe
  C:\Windows\System\MLXXtfV.exe
  2⤵
  PID:7108
- C:\Windows\System\TyKHAlk.exe
  C:\Windows\System\TyKHAlk.exe
  2⤵
  PID:6188
- C:\Windows\System\wjKukYd.exe
  C:\Windows\System\wjKukYd.exe
  2⤵
  PID:5088
- C:\Windows\System\uNMwSPQ.exe
  C:\Windows\System\uNMwSPQ.exe
  2⤵
  PID:7232
- C:\Windows\System\tPPuCWL.exe
  C:\Windows\System\tPPuCWL.exe
  2⤵
  PID:6772
- C:\Windows\System\tccWtgv.exe
  C:\Windows\System\tccWtgv.exe
  2⤵
  PID:2576
- C:\Windows\System\gNeehBO.exe
  C:\Windows\System\gNeehBO.exe
  2⤵
  PID:6888
- C:\Windows\System\TZesGUO.exe
  C:\Windows\System\TZesGUO.exe
  2⤵
  PID:7276
- C:\Windows\System\AzaVXvo.exe
  C:\Windows\System\AzaVXvo.exe
  2⤵
  PID:5240
- C:\Windows\System\uiLTpTA.exe
  C:\Windows\System\uiLTpTA.exe
  2⤵
  PID:6484
- C:\Windows\System\TZDVibP.exe
  C:\Windows\System\TZDVibP.exe
  2⤵
  PID:6228
- C:\Windows\System\GVslfLR.exe
  C:\Windows\System\GVslfLR.exe
  2⤵
  PID:7304
- C:\Windows\System\gdMbIzt.exe
  C:\Windows\System\gdMbIzt.exe
  2⤵
  PID:2972
- C:\Windows\System\QPynnKn.exe
  C:\Windows\System\QPynnKn.exe
  2⤵
  PID:2088
- C:\Windows\System\fGuSdEN.exe
  C:\Windows\System\fGuSdEN.exe
  2⤵
  PID:6172
- C:\Windows\System\GWyZufi.exe
  C:\Windows\System\GWyZufi.exe
  2⤵
  PID:2768
- C:\Windows\System\dNxYmur.exe
  C:\Windows\System\dNxYmur.exe
  2⤵
  PID:7412
- C:\Windows\System\ODFvMCb.exe
  C:\Windows\System\ODFvMCb.exe
  2⤵
  PID:7496
- C:\Windows\System\nwolSaL.exe
  C:\Windows\System\nwolSaL.exe
  2⤵
  PID:7536
- C:\Windows\System\woXuGjC.exe
  C:\Windows\System\woXuGjC.exe
  2⤵
  PID:7368
- C:\Windows\System\pLadvNN.exe
  C:\Windows\System\pLadvNN.exe
  2⤵
  PID:7380
- C:\Windows\System\vJKxBlr.exe
  C:\Windows\System\vJKxBlr.exe
  2⤵
  PID:7388
- C:\Windows\System\zBCiwVA.exe
  C:\Windows\System\zBCiwVA.exe
  2⤵
  PID:7484
- C:\Windows\System\XCLyJxU.exe
  C:\Windows\System\XCLyJxU.exe
  2⤵
  PID:7548
- C:\Windows\System\aAwKRcw.exe
  C:\Windows\System\aAwKRcw.exe
  2⤵
  PID:7588
- C:\Windows\System\zbYMZLy.exe
  C:\Windows\System\zbYMZLy.exe
  2⤵
  PID:7696
- C:\Windows\System\ylVyNNh.exe
  C:\Windows\System\ylVyNNh.exe
  2⤵
  PID:2848
- C:\Windows\System\HsDjieH.exe
  C:\Windows\System\HsDjieH.exe
  2⤵
  PID:7808
- C:\Windows\System\AuGcprX.exe
  C:\Windows\System\AuGcprX.exe
  2⤵
  PID:7840
- C:\Windows\System\AVVIpsm.exe
  C:\Windows\System\AVVIpsm.exe
  2⤵
  PID:7884
- C:\Windows\System\qrfEXSZ.exe
  C:\Windows\System\qrfEXSZ.exe
  2⤵
  PID:7684
- C:\Windows\System\FrJRRtG.exe
  C:\Windows\System\FrJRRtG.exe
  2⤵
  PID:7920
- C:\Windows\System\agnAfXL.exe
  C:\Windows\System\agnAfXL.exe
  2⤵
  PID:7956
- C:\Windows\System\gkxNQEC.exe
  C:\Windows\System\gkxNQEC.exe
  2⤵
  PID:7672
- C:\Windows\System\ZikhfRU.exe
  C:\Windows\System\ZikhfRU.exe
  2⤵
  PID:7716
- C:\Windows\System\EwNfOkW.exe
  C:\Windows\System\EwNfOkW.exe
  2⤵
  PID:7756
- C:\Windows\System\UDlHtKw.exe
  C:\Windows\System\UDlHtKw.exe
  2⤵
  PID:7824
- C:\Windows\System\JMThTlz.exe
  C:\Windows\System\JMThTlz.exe
  2⤵
  PID:7864
- C:\Windows\System\iZkuUNK.exe
  C:\Windows\System\iZkuUNK.exe
  2⤵
  PID:8056
- C:\Windows\System\dEpDikN.exe
  C:\Windows\System\dEpDikN.exe
  2⤵
  PID:8116
- C:\Windows\System\wHBlmrW.exe
  C:\Windows\System\wHBlmrW.exe
  2⤵
  PID:8000
- C:\Windows\System\rCgVUhN.exe
  C:\Windows\System\rCgVUhN.exe
  2⤵
  PID:8016
- C:\Windows\System\ghBMaFx.exe
  C:\Windows\System\ghBMaFx.exe
  2⤵
  PID:8032
- C:\Windows\System\kQrgZbm.exe
  C:\Windows\System\kQrgZbm.exe
  2⤵
  PID:8072
- C:\Windows\System\DSNneZm.exe
  C:\Windows\System\DSNneZm.exe
  2⤵
  PID:8104
- C:\Windows\System\ncOpPAW.exe
  C:\Windows\System\ncOpPAW.exe
  2⤵
  PID:8136
- C:\Windows\System\XCZulRC.exe
  C:\Windows\System\XCZulRC.exe
  2⤵
  PID:6348
- C:\Windows\System\tpeykuQ.exe
  C:\Windows\System\tpeykuQ.exe
  2⤵
  PID:6840
- C:\Windows\System\dcQquZN.exe
  C:\Windows\System\dcQquZN.exe
  2⤵
  PID:2624
- C:\Windows\System\VCcXZpC.exe
  C:\Windows\System\VCcXZpC.exe
  2⤵
  PID:6528
- C:\Windows\System\CLvuyFA.exe
  C:\Windows\System\CLvuyFA.exe
  2⤵
  PID:7244
- C:\Windows\System\aslweVb.exe
  C:\Windows\System\aslweVb.exe
  2⤵
  PID:6548
- C:\Windows\System\hsCtGtd.exe
  C:\Windows\System\hsCtGtd.exe
  2⤵
  PID:6416
- C:\Windows\System\twDPTHd.exe
  C:\Windows\System\twDPTHd.exe
  2⤵
  PID:7312
- C:\Windows\System\onvvAsk.exe
  C:\Windows\System\onvvAsk.exe
  2⤵
  PID:2880
- C:\Windows\System\tLBycqe.exe
  C:\Windows\System\tLBycqe.exe
  2⤵
  PID:2888
- C:\Windows\System\NDFwGee.exe
  C:\Windows\System\NDFwGee.exe
  2⤵
  PID:6728
- C:\Windows\System\DKUKtGL.exe
  C:\Windows\System\DKUKtGL.exe
  2⤵
  PID:6400
- C:\Windows\System\TpKcUxX.exe
  C:\Windows\System\TpKcUxX.exe
  2⤵
  PID:1480
- C:\Windows\System\hVipRbe.exe
  C:\Windows\System\hVipRbe.exe
  2⤵
  PID:7348
- C:\Windows\System\ctyrgys.exe
  C:\Windows\System\ctyrgys.exe
  2⤵
  PID:1148
- C:\Windows\System\ByHMMAU.exe
  C:\Windows\System\ByHMMAU.exe
  2⤵
  PID:7356
- C:\Windows\System\QDtFdBI.exe
  C:\Windows\System\QDtFdBI.exe
  2⤵
  PID:2512
- C:\Windows\System\UiIZWSE.exe
  C:\Windows\System\UiIZWSE.exe
  2⤵
  PID:2096
- C:\Windows\System\JcclZpz.exe
  C:\Windows\System\JcclZpz.exe
  2⤵
  PID:2452
- C:\Windows\System\oBKCJdc.exe
  C:\Windows\System\oBKCJdc.exe
  2⤵
  PID:7292
- C:\Windows\System\SlZuRgo.exe
  C:\Windows\System\SlZuRgo.exe
  2⤵
  PID:7216
- C:\Windows\System\vrWlbof.exe
  C:\Windows\System\vrWlbof.exe
  2⤵
  PID:7468
- C:\Windows\System\DZtRXxi.exe
  C:\Windows\System\DZtRXxi.exe
  2⤵
  PID:7532
- C:\Windows\System\TSTMoth.exe
  C:\Windows\System\TSTMoth.exe
  2⤵
  PID:3020
- C:\Windows\System\iGmuCdg.exe
  C:\Windows\System\iGmuCdg.exe
  2⤵
  PID:7376
- C:\Windows\System\ozXoViw.exe
  C:\Windows\System\ozXoViw.exe
  2⤵
  PID:7480
- C:\Windows\System\ywKrsCm.exe
  C:\Windows\System\ywKrsCm.exe
  2⤵
  PID:7572
- C:\Windows\System\HDunlcp.exe
  C:\Windows\System\HDunlcp.exe
  2⤵
  PID:2784
- C:\Windows\System\WXKRmsQ.exe
  C:\Windows\System\WXKRmsQ.exe
  2⤵
  PID:7936
- C:\Windows\System\uhQeTZY.exe
  C:\Windows\System\uhQeTZY.exe
  2⤵
  PID:7788
- C:\Windows\System\VBsjGOe.exe
  C:\Windows\System\VBsjGOe.exe
  2⤵
  PID:7644
- C:\Windows\System\WkVynEC.exe
  C:\Windows\System\WkVynEC.exe
  2⤵
  PID:8028
- C:\Windows\System\RvNFWmz.exe
  C:\Windows\System\RvNFWmz.exe
  2⤵
  PID:8024
- C:\Windows\System\UJpGKLb.exe
  C:\Windows\System\UJpGKLb.exe
  2⤵
  PID:7888
- C:\Windows\System\KcVexuL.exe
  C:\Windows\System\KcVexuL.exe
  2⤵
  PID:7664
- C:\Windows\System\NKuElEi.exe
  C:\Windows\System\NKuElEi.exe
  2⤵
  PID:7860
- C:\Windows\System\DoqQfbg.exe
  C:\Windows\System\DoqQfbg.exe
  2⤵
  PID:1812
- C:\Windows\System\oUiyBLl.exe
  C:\Windows\System\oUiyBLl.exe
  2⤵
  PID:4764
- C:\Windows\System\XPKTeCE.exe
  C:\Windows\System\XPKTeCE.exe
  2⤵
  PID:7136
- C:\Windows\System\zkNfvbL.exe
  C:\Windows\System\zkNfvbL.exe
  2⤵
  PID:8184
- C:\Windows\System\jjmsSyo.exe
  C:\Windows\System\jjmsSyo.exe
  2⤵
  PID:7200
- C:\Windows\System\pWiBQNf.exe
  C:\Windows\System\pWiBQNf.exe
  2⤵
  PID:6568
- C:\Windows\System\kxSDsEb.exe
  C:\Windows\System\kxSDsEb.exe
  2⤵
  PID:2988
- C:\Windows\System\OELJpRB.exe
  C:\Windows\System\OELJpRB.exe
  2⤵
  PID:320
- C:\Windows\System\TZtedNN.exe
  C:\Windows\System\TZtedNN.exe
  2⤵
  PID:1824
- C:\Windows\System\kvFNkEX.exe
  C:\Windows\System\kvFNkEX.exe
  2⤵
  PID:2428
- C:\Windows\System\TgiOgRM.exe
  C:\Windows\System\TgiOgRM.exe
  2⤵
  PID:924
- C:\Windows\System\pbOhAMB.exe
  C:\Windows\System\pbOhAMB.exe
  2⤵
  PID:8172
- C:\Windows\System\jKvmBvL.exe
  C:\Windows\System\jKvmBvL.exe
  2⤵
  PID:7032
- C:\Windows\System\FkcGpFt.exe
  C:\Windows\System\FkcGpFt.exe
  2⤵
  PID:7456
- C:\Windows\System\aCwHcXK.exe
  C:\Windows\System\aCwHcXK.exe
  2⤵
  PID:7736
- C:\Windows\System\rXYykhm.exe
  C:\Windows\System\rXYykhm.exe
  2⤵
  PID:7452
- C:\Windows\System\TmnxRbQ.exe
  C:\Windows\System\TmnxRbQ.exe
  2⤵
  PID:7732
- C:\Windows\System\RonNlxj.exe
  C:\Windows\System\RonNlxj.exe
  2⤵
  PID:7908
- C:\Windows\System\jjZWHAq.exe
  C:\Windows\System\jjZWHAq.exe
  2⤵
  PID:7876
- C:\Windows\System\DODsmce.exe
  C:\Windows\System\DODsmce.exe
  2⤵
  PID:7660
- C:\Windows\System\ryDAZaI.exe
  C:\Windows\System\ryDAZaI.exe
  2⤵
  PID:8012
- C:\Windows\System\uPimrUo.exe
  C:\Windows\System\uPimrUo.exe
  2⤵
  PID:6736
- C:\Windows\System\cifVOPQ.exe
  C:\Windows\System\cifVOPQ.exe
  2⤵
  PID:8164
- C:\Windows\System\daFaGVo.exe
  C:\Windows\System\daFaGVo.exe
  2⤵
  PID:2756
- C:\Windows\System\dCulRyB.exe
  C:\Windows\System\dCulRyB.exe
  2⤵
  PID:6816
- C:\Windows\System\IQaQUqV.exe
  C:\Windows\System\IQaQUqV.exe
  2⤵
  PID:7256
- C:\Windows\System\eWAOUSn.exe
  C:\Windows\System\eWAOUSn.exe
  2⤵
  PID:7416
- C:\Windows\System\hBbqXDU.exe
  C:\Windows\System\hBbqXDU.exe
  2⤵
  PID:7436
- C:\Windows\System\VFdaPuW.exe
  C:\Windows\System\VFdaPuW.exe
  2⤵
  PID:1608
- C:\Windows\System\dXrRrTM.exe
  C:\Windows\System\dXrRrTM.exe
  2⤵
  PID:8100
- C:\Windows\System\KgIXWgS.exe
  C:\Windows\System\KgIXWgS.exe
  2⤵
  PID:7520
- C:\Windows\System\rLXSSLB.exe
  C:\Windows\System\rLXSSLB.exe
  2⤵
  PID:6248
- C:\Windows\System\pIQtfVF.exe
  C:\Windows\System\pIQtfVF.exe
  2⤵
  PID:3004
- C:\Windows\System\HeVpLBx.exe
  C:\Windows\System\HeVpLBx.exe
  2⤵
  PID:7344
- C:\Windows\System\EzzIPBP.exe
  C:\Windows\System\EzzIPBP.exe
  2⤵
  PID:2256
- C:\Windows\System\kEZhWNJ.exe
  C:\Windows\System\kEZhWNJ.exe
  2⤵
  PID:7748
- C:\Windows\System\eVOMxPF.exe
  C:\Windows\System\eVOMxPF.exe
  2⤵
  PID:6796
- C:\Windows\System\ioUMYgf.exe
  C:\Windows\System\ioUMYgf.exe
  2⤵
  PID:8120
- C:\Windows\System\tnJSMDg.exe
  C:\Windows\System\tnJSMDg.exe
  2⤵
  PID:3028
- C:\Windows\System\qmkkbLU.exe
  C:\Windows\System\qmkkbLU.exe
  2⤵
  PID:584
- C:\Windows\System\FdwFkeG.exe
  C:\Windows\System\FdwFkeG.exe
  2⤵
  PID:8200
- C:\Windows\System\dEECLVy.exe
  C:\Windows\System\dEECLVy.exe
  2⤵
  PID:8216
- C:\Windows\System\yrNXHkN.exe
  C:\Windows\System\yrNXHkN.exe
  2⤵
  PID:8232
- C:\Windows\System\vAnPWsK.exe
  C:\Windows\System\vAnPWsK.exe
  2⤵
  PID:8248
- C:\Windows\System\aQXkgBD.exe
  C:\Windows\System\aQXkgBD.exe
  2⤵
  PID:8264
- C:\Windows\System\JzdcVDX.exe
  C:\Windows\System\JzdcVDX.exe
  2⤵
  PID:8280
- C:\Windows\System\oApQKkI.exe
  C:\Windows\System\oApQKkI.exe
  2⤵
  PID:8296
- C:\Windows\System\qEgJwbQ.exe
  C:\Windows\System\qEgJwbQ.exe
  2⤵
  PID:8312
- C:\Windows\System\ASbuDYx.exe
  C:\Windows\System\ASbuDYx.exe
  2⤵
  PID:8328
- C:\Windows\System\aepPowe.exe
  C:\Windows\System\aepPowe.exe
  2⤵
  PID:8344
- C:\Windows\System\LkOJrTC.exe
  C:\Windows\System\LkOJrTC.exe
  2⤵
  PID:8360
- C:\Windows\System\heXLVWV.exe
  C:\Windows\System\heXLVWV.exe
  2⤵
  PID:8376
- C:\Windows\System\hLjUObW.exe
  C:\Windows\System\hLjUObW.exe
  2⤵
  PID:8392
- C:\Windows\System\EwLPmcU.exe
  C:\Windows\System\EwLPmcU.exe
  2⤵
  PID:8408
- C:\Windows\System\nmmtfeb.exe
  C:\Windows\System\nmmtfeb.exe
  2⤵
  PID:8424
- C:\Windows\System\pdYwMbW.exe
  C:\Windows\System\pdYwMbW.exe
  2⤵
  PID:8440
- C:\Windows\System\UfGloGj.exe
  C:\Windows\System\UfGloGj.exe
  2⤵
  PID:8456
- C:\Windows\System\UxytLFH.exe
  C:\Windows\System\UxytLFH.exe
  2⤵
  PID:8472
- C:\Windows\System\aGisEFQ.exe
  C:\Windows\System\aGisEFQ.exe
  2⤵
  PID:8492
- C:\Windows\System\CYAVZIL.exe
  C:\Windows\System\CYAVZIL.exe
  2⤵
  PID:8508
- C:\Windows\System\cwGBxfx.exe
  C:\Windows\System\cwGBxfx.exe
  2⤵
  PID:8524
- C:\Windows\System\avQnfln.exe
  C:\Windows\System\avQnfln.exe
  2⤵
  PID:8540
- C:\Windows\System\aFRfeXd.exe
  C:\Windows\System\aFRfeXd.exe
  2⤵
  PID:8556
- C:\Windows\System\KnUCiYi.exe
  C:\Windows\System\KnUCiYi.exe
  2⤵
  PID:8576
- C:\Windows\System\RfbyAGO.exe
  C:\Windows\System\RfbyAGO.exe
  2⤵
  PID:8592
- C:\Windows\System\WkrcPOF.exe
  C:\Windows\System\WkrcPOF.exe
  2⤵
  PID:8608
- C:\Windows\System\ugxzIeA.exe
  C:\Windows\System\ugxzIeA.exe
  2⤵
  PID:8628
- C:\Windows\System\tZIsvjw.exe
  C:\Windows\System\tZIsvjw.exe
  2⤵
  PID:8644
- C:\Windows\System\BlIsHeV.exe
  C:\Windows\System\BlIsHeV.exe
  2⤵
  PID:8660
- C:\Windows\System\OoybAGh.exe
  C:\Windows\System\OoybAGh.exe
  2⤵
  PID:8676
- C:\Windows\System\xsIzQJw.exe
  C:\Windows\System\xsIzQJw.exe
  2⤵
  PID:8692
- C:\Windows\System\OXcQshU.exe
  C:\Windows\System\OXcQshU.exe
  2⤵
  PID:8708
- C:\Windows\System\HkkCviC.exe
  C:\Windows\System\HkkCviC.exe
  2⤵
  PID:8724
- C:\Windows\System\yeGsuvr.exe
  C:\Windows\System\yeGsuvr.exe
  2⤵
  PID:8740
- C:\Windows\System\bKACmdR.exe
  C:\Windows\System\bKACmdR.exe
  2⤵
  PID:8756
- C:\Windows\System\lckClFC.exe
  C:\Windows\System\lckClFC.exe
  2⤵
  PID:8772
- C:\Windows\System\JtBCOyB.exe
  C:\Windows\System\JtBCOyB.exe
  2⤵
  PID:8792
- C:\Windows\System\YpnzLBn.exe
  C:\Windows\System\YpnzLBn.exe
  2⤵
  PID:8808
- C:\Windows\System\RjOFdgI.exe
  C:\Windows\System\RjOFdgI.exe
  2⤵
  PID:8824
- C:\Windows\System\UzJlHcm.exe
  C:\Windows\System\UzJlHcm.exe
  2⤵
  PID:8840
- C:\Windows\System\VgZMLxa.exe
  C:\Windows\System\VgZMLxa.exe
  2⤵
  PID:8856
- C:\Windows\System\UlIsjpp.exe
  C:\Windows\System\UlIsjpp.exe
  2⤵
  PID:8872
- C:\Windows\System\YgCjtNP.exe
  C:\Windows\System\YgCjtNP.exe
  2⤵
  PID:8888
- C:\Windows\System\dgDGzkW.exe
  C:\Windows\System\dgDGzkW.exe
  2⤵
  PID:8904
- C:\Windows\System\QPoVoRN.exe
  C:\Windows\System\QPoVoRN.exe
  2⤵
  PID:8920
- C:\Windows\System\KBLuMpZ.exe
  C:\Windows\System\KBLuMpZ.exe
  2⤵
  PID:8936
- C:\Windows\System\bkFBfbo.exe
  C:\Windows\System\bkFBfbo.exe
  2⤵
  PID:8952
- C:\Windows\System\oSfsjvT.exe
  C:\Windows\System\oSfsjvT.exe
  2⤵
  PID:8968
- C:\Windows\System\VuMvKoL.exe
  C:\Windows\System\VuMvKoL.exe
  2⤵
  PID:8984
- C:\Windows\System\kREhjjU.exe
  C:\Windows\System\kREhjjU.exe
  2⤵
  PID:9000
- C:\Windows\System\WohyFmV.exe
  C:\Windows\System\WohyFmV.exe
  2⤵
  PID:9016
- C:\Windows\System\YJhDvjA.exe
  C:\Windows\System\YJhDvjA.exe
  2⤵
  PID:9036
- C:\Windows\System\ZojDceS.exe
  C:\Windows\System\ZojDceS.exe
  2⤵
  PID:9056
- C:\Windows\System\LIUEzlP.exe
  C:\Windows\System\LIUEzlP.exe
  2⤵
  PID:9120
- C:\Windows\System\qPxlbnV.exe
  C:\Windows\System\qPxlbnV.exe
  2⤵
  PID:9136
- C:\Windows\System\ajEcaNc.exe
  C:\Windows\System\ajEcaNc.exe
  2⤵
  PID:9152
- C:\Windows\System\TgWbhxx.exe
  C:\Windows\System\TgWbhxx.exe
  2⤵
  PID:9168
- C:\Windows\System\dGYHfze.exe
  C:\Windows\System\dGYHfze.exe
  2⤵
  PID:9184
- C:\Windows\System\XarYGdg.exe
  C:\Windows\System\XarYGdg.exe
  2⤵
  PID:9200
- C:\Windows\System\GzMyCaU.exe
  C:\Windows\System\GzMyCaU.exe
  2⤵
  PID:3068
- C:\Windows\System\CLQzCwR.exe
  C:\Windows\System\CLQzCwR.exe
  2⤵
  PID:7904
- C:\Windows\System\PgYzBLN.exe
  C:\Windows\System\PgYzBLN.exe
  2⤵
  PID:8244
- C:\Windows\System\rxxsjQI.exe
  C:\Windows\System\rxxsjQI.exe
  2⤵
  PID:8288
- C:\Windows\System\CaikDWp.exe
  C:\Windows\System\CaikDWp.exe
  2⤵
  PID:8324
- C:\Windows\System\DjCTkXa.exe
  C:\Windows\System\DjCTkXa.exe
  2⤵
  PID:8308
- C:\Windows\System\VgkANyW.exe
  C:\Windows\System\VgkANyW.exe
  2⤵
  PID:8372
- C:\Windows\System\dpzpxxC.exe
  C:\Windows\System\dpzpxxC.exe
  2⤵
  PID:8404
- C:\Windows\System\xACShle.exe
  C:\Windows\System\xACShle.exe
  2⤵
  PID:8452
- C:\Windows\System\RySNLYX.exe
  C:\Windows\System\RySNLYX.exe
  2⤵
  PID:8464
- C:\Windows\System\CiWSqQk.exe
  C:\Windows\System\CiWSqQk.exe
  2⤵
  PID:8516
- C:\Windows\System\DWrytfX.exe
  C:\Windows\System\DWrytfX.exe
  2⤵
  PID:8532
- C:\Windows\System\VQUzncl.exe
  C:\Windows\System\VQUzncl.exe
  2⤵
  PID:8564
- C:\Windows\System\NCJxWwD.exe
  C:\Windows\System\NCJxWwD.exe
  2⤵
  PID:8616
- C:\Windows\System\xFLXbnW.exe
  C:\Windows\System\xFLXbnW.exe
  2⤵
  PID:8600
- C:\Windows\System\RDtmWrO.exe
  C:\Windows\System\RDtmWrO.exe
  2⤵
  PID:8656
- C:\Windows\System\GIztior.exe
  C:\Windows\System\GIztior.exe
  2⤵
  PID:8716
- C:\Windows\System\Ngjreon.exe
  C:\Windows\System\Ngjreon.exe
  2⤵
  PID:8704
- C:\Windows\System\bkYWJby.exe
  C:\Windows\System\bkYWJby.exe
  2⤵
  PID:8736
- C:\Windows\System\zEevqDi.exe
  C:\Windows\System\zEevqDi.exe
  2⤵
  PID:8788
- C:\Windows\System\tILHrZw.exe
  C:\Windows\System\tILHrZw.exe
  2⤵
  PID:8852
- C:\Windows\System\xylQzlt.exe
  C:\Windows\System\xylQzlt.exe
  2⤵
  PID:8832
- C:\Windows\System\bPXxBIq.exe
  C:\Windows\System\bPXxBIq.exe
  2⤵
  PID:8912
- C:\Windows\System\VrybkRn.exe
  C:\Windows\System\VrybkRn.exe
  2⤵
  PID:8836
- C:\Windows\System\anEkwEe.exe
  C:\Windows\System\anEkwEe.exe
  2⤵
  PID:8932
- C:\Windows\System\YCMHzXz.exe
  C:\Windows\System\YCMHzXz.exe
  2⤵
  PID:8996
- C:\Windows\System\GTLLCzs.exe
  C:\Windows\System\GTLLCzs.exe
  2⤵
  PID:8976
- C:\Windows\System\KBKcbYO.exe
  C:\Windows\System\KBKcbYO.exe
  2⤵
  PID:9048
- C:\Windows\System\HMcSBmt.exe
  C:\Windows\System\HMcSBmt.exe
  2⤵
  PID:9068
- C:\Windows\System\LcJYLwO.exe
  C:\Windows\System\LcJYLwO.exe
  2⤵
  PID:9084
- C:\Windows\System\hOvrdXY.exe
  C:\Windows\System\hOvrdXY.exe
  2⤵
  PID:9100
- C:\Windows\System\XVBIdxU.exe
  C:\Windows\System\XVBIdxU.exe
  2⤵
  PID:9128
- C:\Windows\System\PJadHjc.exe
  C:\Windows\System\PJadHjc.exe
  2⤵
  PID:9160
- C:\Windows\System\rfddTBi.exe
  C:\Windows\System\rfddTBi.exe
  2⤵
  PID:9164
- C:\Windows\System\yWWmOLY.exe
  C:\Windows\System\yWWmOLY.exe
  2⤵
  PID:8260
- C:\Windows\System\hGTGizX.exe
  C:\Windows\System\hGTGizX.exe
  2⤵
  PID:8356
- C:\Windows\System\nNbQukU.exe
  C:\Windows\System\nNbQukU.exe
  2⤵
  PID:8212
- C:\Windows\System\WygNqQi.exe
  C:\Windows\System\WygNqQi.exe
  2⤵
  PID:8292
- C:\Windows\System\pSdVXOj.exe
  C:\Windows\System\pSdVXOj.exe
  2⤵
  PID:8520
- C:\Windows\System\owdfLfW.exe
  C:\Windows\System\owdfLfW.exe
  2⤵
  PID:8340
- C:\Windows\System\cDFDOia.exe
  C:\Windows\System\cDFDOia.exe
  2⤵
  PID:8420
- C:\Windows\System\NZFkiwz.exe
  C:\Windows\System\NZFkiwz.exe
  2⤵
  PID:2596
- C:\Windows\System\mbOHaSn.exe
  C:\Windows\System\mbOHaSn.exe
  2⤵
  PID:9032
- C:\Windows\System\HnvfElk.exe
  C:\Windows\System\HnvfElk.exe
  2⤵
  PID:2176
- C:\Windows\System\yHwFtTv.exe
  C:\Windows\System\yHwFtTv.exe
  2⤵
  PID:8720
- C:\Windows\System\aEYPnom.exe
  C:\Windows\System\aEYPnom.exe
  2⤵
  PID:8652
- C:\Windows\System\UebZcTW.exe
  C:\Windows\System\UebZcTW.exe
  2⤵
  PID:8884
- C:\Windows\System\WNuiuVZ.exe
  C:\Windows\System\WNuiuVZ.exe
  2⤵
  PID:8960
- C:\Windows\System\xYXsFkS.exe
  C:\Windows\System\xYXsFkS.exe
  2⤵
  PID:8900
- C:\Windows\System\LxaCPsf.exe
  C:\Windows\System\LxaCPsf.exe
  2⤵
  PID:9080
- C:\Windows\System\BaQdTzY.exe
  C:\Windows\System\BaQdTzY.exe
  2⤵
  PID:9108
- C:\Windows\System\NZXgBgu.exe
  C:\Windows\System\NZXgBgu.exe
  2⤵
  PID:9132
- C:\Windows\System\oLgsTdH.exe
  C:\Windows\System\oLgsTdH.exe
  2⤵
  PID:8400
- C:\Windows\System\fwmYHDM.exe
  C:\Windows\System\fwmYHDM.exe
  2⤵
  PID:9092
- C:\Windows\System\teXtFXk.exe
  C:\Windows\System\teXtFXk.exe
  2⤵
  PID:8228
- C:\Windows\System\IBgbFYQ.exe
  C:\Windows\System\IBgbFYQ.exe
  2⤵
  PID:8320
- C:\Windows\System\VqSEdsG.exe
  C:\Windows\System\VqSEdsG.exe
  2⤵
  PID:8504
- C:\Windows\System\JVPujlG.exe
  C:\Windows\System\JVPujlG.exe
  2⤵
  PID:1736
- C:\Windows\System\hsdmUbr.exe
  C:\Windows\System\hsdmUbr.exe
  2⤵
  PID:8636
- C:\Windows\System\VkpRSrf.exe
  C:\Windows\System\VkpRSrf.exe
  2⤵
  PID:8800
- C:\Windows\System\WlgWltA.exe
  C:\Windows\System\WlgWltA.exe
  2⤵
  PID:8668
- C:\Windows\System\VCHZgSm.exe
  C:\Windows\System\VCHZgSm.exe
  2⤵
  PID:8916
- C:\Windows\System\MBQranM.exe
  C:\Windows\System\MBQranM.exe
  2⤵
  PID:9180
- C:\Windows\System\olESZLO.exe
  C:\Windows\System\olESZLO.exe
  2⤵
  PID:9148
- C:\Windows\System\IwPzHBc.exe
  C:\Windows\System\IwPzHBc.exe
  2⤵
  PID:1624
- C:\Windows\System\cKzPxoK.exe
  C:\Windows\System\cKzPxoK.exe
  2⤵
  PID:9212
- C:\Windows\System\iuEQvXS.exe
  C:\Windows\System\iuEQvXS.exe
  2⤵
  PID:7640
- C:\Windows\System\xbBFTWa.exe
  C:\Windows\System\xbBFTWa.exe
  2⤵
  PID:7636
- C:\Windows\System\zQuBzcj.exe
  C:\Windows\System\zQuBzcj.exe
  2⤵
  PID:9064
- C:\Windows\System\XALsxtZ.exe
  C:\Windows\System\XALsxtZ.exe
  2⤵
  PID:2772
- C:\Windows\System\jZqrhOn.exe
  C:\Windows\System\jZqrhOn.exe
  2⤵
  PID:8784
- C:\Windows\System\lMKBydP.exe
  C:\Windows\System\lMKBydP.exe
  2⤵
  PID:8588
- C:\Windows\System\qaatlHp.exe
  C:\Windows\System\qaatlHp.exe
  2⤵
  PID:2748
- C:\Windows\System\BUvfppz.exe
  C:\Windows\System\BUvfppz.exe
  2⤵
  PID:9224
- C:\Windows\System\mYjBThD.exe
  C:\Windows\System\mYjBThD.exe
  2⤵
  PID:9240
- C:\Windows\System\hXgHoXo.exe
  C:\Windows\System\hXgHoXo.exe
  2⤵
  PID:9256
- C:\Windows\System\hcOqBYB.exe
  C:\Windows\System\hcOqBYB.exe
  2⤵
  PID:9272
- C:\Windows\System\CsEDHhc.exe
  C:\Windows\System\CsEDHhc.exe
  2⤵
  PID:9288
- C:\Windows\System\GtzNqUx.exe
  C:\Windows\System\GtzNqUx.exe
  2⤵
  PID:9304
- C:\Windows\System\fvKGtyG.exe
  C:\Windows\System\fvKGtyG.exe
  2⤵
  PID:9320
- C:\Windows\System\OJPPgrz.exe
  C:\Windows\System\OJPPgrz.exe
  2⤵
  PID:9336
- C:\Windows\System\jahgEIJ.exe
  C:\Windows\System\jahgEIJ.exe
  2⤵
  PID:9352
- C:\Windows\System\GWtpMHC.exe
  C:\Windows\System\GWtpMHC.exe
  2⤵
  PID:9368
- C:\Windows\System\HYPJyEX.exe
  C:\Windows\System\HYPJyEX.exe
  2⤵
  PID:9384
- C:\Windows\System\WDZgAqd.exe
  C:\Windows\System\WDZgAqd.exe
  2⤵
  PID:9400
- C:\Windows\System\KUtvyAg.exe
  C:\Windows\System\KUtvyAg.exe
  2⤵
  PID:9416
- C:\Windows\System\nkxfqtN.exe
  C:\Windows\System\nkxfqtN.exe
  2⤵
  PID:9436
- C:\Windows\System\WmkjwRB.exe
  C:\Windows\System\WmkjwRB.exe
  2⤵
  PID:9452
- C:\Windows\System\MwIqxZD.exe
  C:\Windows\System\MwIqxZD.exe
  2⤵
  PID:9468
- C:\Windows\System\dQFnJNh.exe
  C:\Windows\System\dQFnJNh.exe
  2⤵
  PID:9484
- C:\Windows\System\OWOnJdo.exe
  C:\Windows\System\OWOnJdo.exe
  2⤵
  PID:9500
- C:\Windows\System\UIOhKaE.exe
  C:\Windows\System\UIOhKaE.exe
  2⤵
  PID:9516
- C:\Windows\System\ilHUEst.exe
  C:\Windows\System\ilHUEst.exe
  2⤵
  PID:9532
- C:\Windows\System\IbOeGAJ.exe
  C:\Windows\System\IbOeGAJ.exe
  2⤵
  PID:9548
- C:\Windows\System\UwwIhLg.exe
  C:\Windows\System\UwwIhLg.exe
  2⤵
  PID:9564
- C:\Windows\System\gXMvGvE.exe
  C:\Windows\System\gXMvGvE.exe
  2⤵
  PID:9580
- C:\Windows\System\wctyZjt.exe
  C:\Windows\System\wctyZjt.exe
  2⤵
  PID:9596
- C:\Windows\System\vvjcmCX.exe
  C:\Windows\System\vvjcmCX.exe
  2⤵
  PID:9612
- C:\Windows\System\NJmrsVa.exe
  C:\Windows\System\NJmrsVa.exe
  2⤵
  PID:9628
- C:\Windows\System\ovRlxpN.exe
  C:\Windows\System\ovRlxpN.exe
  2⤵
  PID:9644
- C:\Windows\System\dhYSPpr.exe
  C:\Windows\System\dhYSPpr.exe
  2⤵
  PID:9660
- C:\Windows\System\cSMUSiQ.exe
  C:\Windows\System\cSMUSiQ.exe
  2⤵
  PID:9676
- C:\Windows\System\OjKfHzQ.exe
  C:\Windows\System\OjKfHzQ.exe
  2⤵
  PID:9692
- C:\Windows\System\GQUFcor.exe
  C:\Windows\System\GQUFcor.exe
  2⤵
  PID:9708
- C:\Windows\System\fBPfVoc.exe
  C:\Windows\System\fBPfVoc.exe
  2⤵
  PID:9724
- C:\Windows\System\BKIjaFd.exe
  C:\Windows\System\BKIjaFd.exe
  2⤵
  PID:9740
- C:\Windows\System\URhrWIG.exe
  C:\Windows\System\URhrWIG.exe
  2⤵
  PID:9756
- C:\Windows\System\NVNIgIS.exe
  C:\Windows\System\NVNIgIS.exe
  2⤵
  PID:9772
- C:\Windows\System\ggNfXbc.exe
  C:\Windows\System\ggNfXbc.exe
  2⤵
  PID:9788
- C:\Windows\System\VbaikkT.exe
  C:\Windows\System\VbaikkT.exe
  2⤵
  PID:9804
- C:\Windows\System\toEzxbM.exe
  C:\Windows\System\toEzxbM.exe
  2⤵
  PID:9820
- C:\Windows\System\YbhuWfn.exe
  C:\Windows\System\YbhuWfn.exe
  2⤵
  PID:9836
- C:\Windows\System\dCvRUlP.exe
  C:\Windows\System\dCvRUlP.exe
  2⤵
  PID:9852
- C:\Windows\System\bUXeRAd.exe
  C:\Windows\System\bUXeRAd.exe
  2⤵
  PID:9868
- C:\Windows\System\rGtzjxl.exe
  C:\Windows\System\rGtzjxl.exe
  2⤵
  PID:9884
- C:\Windows\System\CsqQQeZ.exe
  C:\Windows\System\CsqQQeZ.exe
  2⤵
  PID:9900
- C:\Windows\System\GEyBGVO.exe
  C:\Windows\System\GEyBGVO.exe
  2⤵
  PID:9916
- C:\Windows\System\Zdchhia.exe
  C:\Windows\System\Zdchhia.exe
  2⤵
  PID:9932
- C:\Windows\System\okBxiGH.exe
  C:\Windows\System\okBxiGH.exe
  2⤵
  PID:9948
- C:\Windows\System\boJSBNG.exe
  C:\Windows\System\boJSBNG.exe
  2⤵
  PID:9964
- C:\Windows\System\JzcYUJC.exe
  C:\Windows\System\JzcYUJC.exe
  2⤵
  PID:9980
- C:\Windows\System\fplmuOj.exe
  C:\Windows\System\fplmuOj.exe
  2⤵
  PID:9996
- C:\Windows\System\Dimsuea.exe
  C:\Windows\System\Dimsuea.exe
  2⤵
  PID:10016
- C:\Windows\System\HcmahHW.exe
  C:\Windows\System\HcmahHW.exe
  2⤵
  PID:10032
- C:\Windows\System\rKerTnE.exe
  C:\Windows\System\rKerTnE.exe
  2⤵
  PID:10048
- C:\Windows\System\JbNuNAq.exe
  C:\Windows\System\JbNuNAq.exe
  2⤵
  PID:10064
- C:\Windows\System\ByXJkjZ.exe
  C:\Windows\System\ByXJkjZ.exe
  2⤵
  PID:10080
- C:\Windows\System\OqgxHoE.exe
  C:\Windows\System\OqgxHoE.exe
  2⤵
  PID:10096
- C:\Windows\System\QJmnhrX.exe
  C:\Windows\System\QJmnhrX.exe
  2⤵
  PID:10112
- C:\Windows\System\SuJxsfH.exe
  C:\Windows\System\SuJxsfH.exe
  2⤵
  PID:10128
- C:\Windows\System\pTYOint.exe
  C:\Windows\System\pTYOint.exe
  2⤵
  PID:10144
- C:\Windows\System\eDuqklL.exe
  C:\Windows\System\eDuqklL.exe
  2⤵
  PID:10160
- C:\Windows\System\qptAaJo.exe
  C:\Windows\System\qptAaJo.exe
  2⤵
  PID:10180
- C:\Windows\System\jHtYUri.exe
  C:\Windows\System\jHtYUri.exe
  2⤵
  PID:10196
- C:\Windows\System\SGiolMr.exe
  C:\Windows\System\SGiolMr.exe
  2⤵
  PID:10212
- C:\Windows\System\uIobKoN.exe
  C:\Windows\System\uIobKoN.exe
  2⤵
  PID:10228
- C:\Windows\System\mAiTuVK.exe
  C:\Windows\System\mAiTuVK.exe
  2⤵
  PID:9008
- C:\Windows\System\STrDdZw.exe
  C:\Windows\System\STrDdZw.exe
  2⤵
  PID:1308
- C:\Windows\System\hloWRbg.exe
  C:\Windows\System\hloWRbg.exe
  2⤵
  PID:9220
- C:\Windows\System\GeGJtDf.exe
  C:\Windows\System\GeGJtDf.exe
  2⤵
  PID:9232
- C:\Windows\System\rBubuiy.exe
  C:\Windows\System\rBubuiy.exe
  2⤵
  PID:9284
- C:\Windows\System\FgnikPv.exe
  C:\Windows\System\FgnikPv.exe
  2⤵
  PID:9316
- C:\Windows\System\DZlIIUp.exe
  C:\Windows\System\DZlIIUp.exe
  2⤵
  PID:9360
- C:\Windows\System\iDVXHgW.exe
  C:\Windows\System\iDVXHgW.exe
  2⤵
  PID:9364
- C:\Windows\System\FZvwUqZ.exe
  C:\Windows\System\FZvwUqZ.exe
  2⤵
  PID:9392
- C:\Windows\System\ltJOtef.exe
  C:\Windows\System\ltJOtef.exe
  2⤵
  PID:9444
- C:\Windows\System\PLmvoks.exe
  C:\Windows\System\PLmvoks.exe
  2⤵
  PID:9464
- C:\Windows\System\tKnWsum.exe
  C:\Windows\System\tKnWsum.exe
  2⤵
  PID:9524
- C:\Windows\System\IDMSdFL.exe
  C:\Windows\System\IDMSdFL.exe
  2⤵
  PID:9588
- C:\Windows\System\ZQRBTzG.exe
  C:\Windows\System\ZQRBTzG.exe
  2⤵
  PID:9572
- C:\Windows\System\oyuDnBB.exe
  C:\Windows\System\oyuDnBB.exe
  2⤵
  PID:9592
- C:\Windows\System\ngEZbrP.exe
  C:\Windows\System\ngEZbrP.exe
  2⤵
  PID:9656
- C:\Windows\System\eoLIaiy.exe
  C:\Windows\System\eoLIaiy.exe
  2⤵
  PID:9668
- C:\Windows\System\wcAoteX.exe
  C:\Windows\System\wcAoteX.exe
  2⤵
  PID:9684
- C:\Windows\System\kjhDmMq.exe
  C:\Windows\System\kjhDmMq.exe
  2⤵
  PID:9732
- C:\Windows\System\edHNeRR.exe
  C:\Windows\System\edHNeRR.exe
  2⤵
  PID:9768
- C:\Windows\System\JsgHqvt.exe
  C:\Windows\System\JsgHqvt.exe
  2⤵
  PID:9832
- C:\Windows\System\YhozDoB.exe
  C:\Windows\System\YhozDoB.exe
  2⤵
  PID:9892
- C:\Windows\System\VuwPpmo.exe
  C:\Windows\System\VuwPpmo.exe
  2⤵
  PID:9816
- C:\Windows\System\bFZrxDw.exe
  C:\Windows\System\bFZrxDw.exe
  2⤵
  PID:9876
- C:\Windows\System\gikqDtt.exe
  C:\Windows\System\gikqDtt.exe
  2⤵
  PID:9912
- C:\Windows\System\ojYRICE.exe
  C:\Windows\System\ojYRICE.exe
  2⤵
  PID:9956
- C:\Windows\System\PEqwcwi.exe
  C:\Windows\System\PEqwcwi.exe
  2⤵
  PID:10024
- C:\Windows\System\qGsgVYM.exe
  C:\Windows\System\qGsgVYM.exe
  2⤵
  PID:10028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AnSCFng.exe

Filesize
6.0MB

MD5
00bdcdd0f9e4a7731a4f5d47a3dc1e0d

SHA1
8f8ee9d52a55cdd572fb59171ba2fb0ff85467c7

SHA256
ba5db51ae2d84d3da3ed6a544882ea7128749784a603351ea06ae2381330cfe7

SHA512
684eedd4e3a2f387b34167f942573d7376574553d6ebcbc616c703c3241d4a26358b7cd84cf556bf7da012dadf02095a001aa13fc62fda74016518f68264bc4e

Download Submit
C:\Windows\system\EUhnIhx.exe

Filesize
6.0MB

MD5
6811cd815d64bb916cd0eefea5cf9b85

SHA1
3dc9d81ab1f651df951e0e211232a31ca5b52d1c

SHA256
fe5ba6c83c0a622f47c8de0a2fda311a5aef6435b5d061e694f300b2e77a1034

SHA512
3cedcf9f2aeec748cb0d325a59f8171695b1820339b5307b82bebcfeeffee2325b42c2fc5580ede9a85b491891ed8b58f0cf992bb4f26d0ea71d36fb25a430a4

Download Submit
C:\Windows\system\EudwKAy.exe

Filesize
6.0MB

MD5
7ec75be55b4f9601134729819aa77e4a

SHA1
f195d5b2ec3e55d38c163c7cce61c2ed2f11a402

SHA256
27bb7bb35a340d2964690be2dfa4224d6269bd262c3969855f1e305a2db5d1e5

SHA512
9e7943034aa6e2260bf8ed54fff405d06f6a3e3497c98491fb8635003b00f9814528fd9154dc367f6d9bdc5b290d615ceaef397eacf4f3f4cdb4db771cf70185

Download Submit
C:\Windows\system\GxlSLVg.exe

Filesize
6.0MB

MD5
c801803db5140a9ebdc87744b49a3dc4

SHA1
91827ce6632c60934cbd2278c200dc108727297e

SHA256
8b3f59c97d4d50850cad0925290a4c3eed750520787655f157746e3f6699a10c

SHA512
5a15a2e4a980cc1d6cbc756e111dfe39262033200c3e79bc790c8e05cfd707204c5f89e7085f2b551a1dca2f8b00fe97fa7042adf635bf58904649f2dc58267a

Download Submit
C:\Windows\system\KeerBxe.exe

Filesize
6.0MB

MD5
98310d42825eda2d836ba2eb57a8f7de

SHA1
34cc27c5ce4f9020cf12d839eb3a6e74756d509b

SHA256
6c6e7b4553897b9bf24958502e1ef8f0adf41351f13481547abf57b9ae82c61c

SHA512
7fb47a0bd2409f56d742749b70db3e5a5833f4167dab11cf4e2e30f6068118cd9a01f600bdd12b607e51e7d5295e48fd446e2e59fc502ed6240a51fdb58c160f

Download Submit
C:\Windows\system\LdspcfR.exe

Filesize
6.0MB

MD5
aa850ef6c129e9b068071244122d17bc

SHA1
6e83557c1409b4f1ed7297490a8511b9f46a4f00

SHA256
74f2e0fe181cd756bdbf95d66043fd4d039a8a2086684834b8c09f7a3c21e1b6

SHA512
f371f583333540d0a13ebe78c272b2f24331db99475bcd596a4fdfa61e08c186d307d276e590bb840a2aeea948215be891acb57c047552c0385d7d42ac09d81e

Download Submit
C:\Windows\system\NMerVce.exe

Filesize
6.0MB

MD5
5e884eb67321c1a56c54151f25555b65

SHA1
dfb0deaa8fcaf9b91a20feda7fb24072cf285e6e

SHA256
1a6643430729d46eb802755b520e0e1717598cf7ffe904fd40a7281ab62cd40a

SHA512
0f66ccd58c35621b23347c19b4882bcbd08784afdcbd1e587c0194c1d716e49927ff9198241d5d3be2b13bf996d49c562a0d8f4809730d93a8ccb8ea99ba0406

Download Submit
C:\Windows\system\RBkPRqq.exe

Filesize
6.0MB

MD5
fb92fac53e333184e77ed86331116148

SHA1
1d5f2b5ac9e6ed917cf9465e2a3c15e8a38209ed

SHA256
86c85b452fabbeccf9874f2b924baf37879f40975ca7c0452e7309b3a8e612d0

SHA512
aa35ac8d3fc5e49ec6f2d09cdeeac7978a143f411a14eb22b0eb9f89916c4b0f88626e41e99773ddddcf07b21741cb15c39729241bedf0d181a44fe299f46535

Download Submit
C:\Windows\system\RHaKxpN.exe

Filesize
6.0MB

MD5
448c3e9d3b243c8b15197072101623b4

SHA1
3e78f3383ebe657da7b126bd89253663400b8b31

SHA256
d9e94f099fb705f224cb32ee4412de0af352719fcd313e6bd73455eebdf1f4c1

SHA512
21bf9bc4bdc79983898ce453105428f8426bf5753df4657f892d860b2d6ce2b5067350281c854c776859590c12eb80929cf621af37a1a6ea95b9f3022b42573c

Download Submit
C:\Windows\system\RSIhXpJ.exe

Filesize
6.0MB

MD5
db4c87a7e34e578efb866952af653bba

SHA1
fd26924edbc568bd07ace22297fc81edeba6e4c5

SHA256
e5a75fe98c05f10622669dad07aa903fc564e3688c23ad0d1f8bd62b438f5387

SHA512
161dbf90e71e04b582c43b9b76e5439616b173ddc8838c3a9200f9434c6864b12371f361f938b450b07bf3128a3a88a3e365185a15740ca03d14c4cb0208f06d

Download Submit
C:\Windows\system\RWwPHCz.exe

Filesize
6.0MB

MD5
1fe4ef247f2fb38c2e4963ce96c96f41

SHA1
bea6e38c1c7ddc58e9eb26a9e708207e1cb33b14

SHA256
3778a3f2bc247368e86bfaf4883ff0c4049f8bcbd8508fcedf33ecccc431f416

SHA512
e1c17a20d853111d0c6200e54d7ddb217a243605975368434988c04c9a0af23d940c6d7bbaeb13aa81620d3665fa1aaf8d22ec3b82eecb6114dddb5c3a9eb6a8

Download Submit
C:\Windows\system\RbonDvf.exe

Filesize
6.0MB

MD5
69efa91e99bc53d54f0376b0a7f223d6

SHA1
d554bca015fe0da4ea0345e819ea17a72a54dd30

SHA256
2bb1aafafef2f19a5bdfb5ca85971f0cb31af83a007fcee7a67e6d18d6b9b279

SHA512
a0b187a53afeb5941e445b07b480e1ead186738d76b9863e5cffc4ec1a0b029ea13b66b0a7bb0dc6ae1bf6a8452db4b2e5b55fa190e0e87b582112ca789d0d0e

Download Submit
C:\Windows\system\RwoYRDF.exe

Filesize
6.0MB

MD5
ead88d3993dbd2dab913fddd0b159fa0

SHA1
9a5151f273d76ba8f128719d3be7d7e679962659

SHA256
443f44aec0661fbb91e8feedfb9d66d88691d14713c2d89a023ecd16425b5e4a

SHA512
2b91ea8da34ddc849af29202090c95b404633cd8b4b4fbc33031808eb0fe7066e71783d6ae58c2efa6d20f10c94aa2b63982052b14ea5734034f96911ff3941d

Download Submit
C:\Windows\system\SmVSjwk.exe

Filesize
6.0MB

MD5
efda961c356ee77f7f247643ae642717

SHA1
f1722484195e7bab66684af6f288a368d8df1471

SHA256
da53941055cc459b5060cd616aa0367a6e3b8dc46d428d25a1560ceb1418f905

SHA512
e289d0e0adef11286a3c8f8651689fba1658a6765a3b47036bfaf46ef2a8fc739cb1806a227123b628a5ff0eedd40a0ae55edc9d03befb32577ae7aa20786b25

Download Submit
C:\Windows\system\VIwHIuQ.exe

Filesize
6.0MB

MD5
9d0ceca1ac3bfed2c0353363505eb4f1

SHA1
a5caeb642c91407d46443f3376f3bbc46b8241ac

SHA256
16396172da58df6865757105f3ef2936b717e3a04a400153d7be89ebd84a5d23

SHA512
d2148798481238dfa1bf45434a15c031d0a4fd63856874a6d58f3ef9cad95d1207edc081c7bff5e3f78bb4e288d9f98e4ecb94d8075814ed337942f41243b2e3

Download Submit
C:\Windows\system\cBPyQZV.exe

Filesize
6.0MB

MD5
d00713cf724b19e998456eb6888bf383

SHA1
f041b7979eb38a8fdd7afd4d0e8957bc37efaaab

SHA256
15fa624e4150142ce07236f991a1a478c020c4596c8209808b4dfca376bbb5e9

SHA512
8cc30613a3ba9d39aa51cab80c9a1811cc0bfc30d6ceccfff573e5b5cac9389a1f563583ac0aa61f9d06cb8bb4d2de62a1c22aee2b69ee83f92e8a17173432bc

Download Submit
C:\Windows\system\dUwkFXi.exe

Filesize
6.0MB

MD5
51a6ed49ad1beddbeaa0e16a10e7bd99

SHA1
9aa389973d0ad05112a5e01b27d6ef63450395f8

SHA256
a0883289d794bc1406970c8ec037eaa79edd3fd58cc9739e46f55a29a1df2451

SHA512
506da0b93a3f505d53f6cd955bb3f136dc91e10494d77a318ab41a92e603b67c3a8618b1c34f7ae6e0f50f6149213d2253cd85b08ed9e6baf1cc28c0dff4cd66

Download Submit
C:\Windows\system\gwyVFvr.exe

Filesize
6.0MB

MD5
30613a63d9869d43f07708996b7404c7

SHA1
72a57f71efd9d956a8b0c695d828510b691cc3df

SHA256
2285910f0522b35d75af858e7a16ea26e2adcb3ca768a2cafe22cc8d1c6f30e3

SHA512
44f28a9f3a66588171c407a7973209426e29cdf6f8f88bdf685da035a981f00414a8282faabe438787bd1e0915f998ea639d5c7b627b4d824d83e7c2368e458f

Download Submit
C:\Windows\system\mCaJCJV.exe

Filesize
6.0MB

MD5
432c856b5cea6716538ece8212b72e23

SHA1
15e2146cdcc66aaee4d28bee06820115f0d48ce8

SHA256
1958b5aeb34a1784612850f9e13a494e729e48d431534bf63ec515d17d41f278

SHA512
bb36c5de19ea574bc6d920bb7cf9bf660bdd868bdef86240eec6896631f896adba4c7ac33828ac289e0d08dd276e08ff25c1f21924fd0889ed5f46c3c695174e

Download Submit
C:\Windows\system\pWbtFdZ.exe

Filesize
6.0MB

MD5
b708527c005475072abf958f9ea252b2

SHA1
a0ca3ddf742758daf052bd4469c64fd015e17efa

SHA256
a546e81304ff1fcc0d95168f1febe14e70ba0d7bddf4dd6099f6b2419c5a2aa5

SHA512
7094d840cb185e96eb5ea22750e766fb8b79b299330279f29363c100652639f50795ab6e1a48127e1b1db28690a597ad690d44967c00bc2d8b47f411121c59e9

Download Submit
C:\Windows\system\pWrJgCq.exe

Filesize
6.0MB

MD5
49d48b706f2d3717caa110ae944dc577

SHA1
c8256de3e5f7f9cf998aeee114d15cfab1fd2ad6

SHA256
f3ad85d8a5bf5a320e10b0903d5c87306df72f68c56b0672c0bdc52a8d591e6c

SHA512
37772c61e058f9d555c682516eb2a54e45ed5a722233beb1a23c296123505e6eedd0bb3b4be3c0aaa2a0980b1d2dff2bec904a46a5ed42725f37025a51f9d689

Download Submit
C:\Windows\system\syRyrAf.exe

Filesize
6.0MB

MD5
6089a85b195fe16f1bb07591230483fd

SHA1
f7b729ed84ec786b40ae99bda3fb5890f94ab2be

SHA256
ec9cfc994756896240fb2d9a7241fbee82aaf9cbe8276d367685d6797587d1cb

SHA512
90522d8eb94b56a0cc48d6818aec9a68bd3706c1e8e05847011808464f5c3c94c080bbdf56c33d42167a8fbd11cd26a9aab48c103b876bdd006f93d64325c5d5

Download Submit
C:\Windows\system\uuKZZxZ.exe

Filesize
6.0MB

MD5
313d1ec6cae68140bd22f7303cb2f3a8

SHA1
07bbc6a5748b9a33f2bcd72c14c173f40776a740

SHA256
a8b915593a6471af00c496b6d321b8440c88cf1e4150e4aeac296716ce2736c6

SHA512
54a70fbb579db9800011b62ec7d2774dfde4e96b61129e153bc1a784feabe3469f627468f6bd32d6b0618115409a08bb28da69d69e422124fdd0fcebcdfbd1dc

Download Submit
C:\Windows\system\wLRDJEE.exe

Filesize
6.0MB

MD5
bd457d2bf384b232b7e90ece8d9f19fc

SHA1
af1ab77ebd6faec7e8f267435cd55e62dab75962

SHA256
1260ab560b90a7485ff4a5bd937101529080f86c48a428b35b02de45f80f2df8

SHA512
ac904a9177eb9b0f91664d75ce24aba573c6b2c13d855189980861bcc913f8f70b81123acde7c4bc5c8572362c09f286659617f4171295684b32c33e2fc8fe0b

Download Submit
C:\Windows\system\wqPyfrm.exe

Filesize
6.0MB

MD5
f8139b5c08c5e342207a37c61dc911c2

SHA1
3286727be5f3c525024b31b19cf04d44302fe949

SHA256
e036d0bdd4394a2d7f83c472a6ec1d079f26d13f42b383a9a607498c9ae41900

SHA512
cb5d4ff75b3e0768a7c405d32058bc9e40c76ba8a1d5df3d3a4db173f10bed15a870dfdb173745e64869763c13d2c4bbedd828d57a511ba83261d2a40642d40b

Download Submit
C:\Windows\system\ysRukJu.exe

Filesize
6.0MB

MD5
c26b7d4de40e5b17128f5754419de672

SHA1
6ef119aac3813cb827720309c9b2c2301e7b9659

SHA256
d79236370f93b377ead3ca70aa3028f89fc3f4a11f90d7e48a8aeda435df0928

SHA512
04de97b4a4e12404a810cd5c0ad1f2bae089cf06dad2c4a9f8a67634c3db8b7c5525fbd75a71acebbd02a664a93efbd45cc9bdac91c452b9a838d7e3c7c57cfc

Download Submit
\Windows\system\OJKAuvf.exe

Filesize
6.0MB

MD5
1e4ef54d225bebf213a2019b82209e6d

SHA1
677d1815dced88255d292c7c329eadcf06e56dd0

SHA256
4525d7562bc78370ce5ef9f44ec6a8ce69171f858667c8a9d6562a96e8a0226c

SHA512
5a8cdbcb8495f1b3f464dac07091e9176fb0d7d1814879deaae0e579b0ef9c1a99b71362bf68bbf02ec6ed0f40e62b589102bc9747c1b778b7564d0f85741c26

Download Submit
\Windows\system\TucyQuo.exe

Filesize
6.0MB

MD5
066463c60ac626c9c10b969299459205

SHA1
5b900b00d666db4c1b47399d7d53759b20ca31b7

SHA256
33ab019712288713462dc4929bc1e0d06acc13ddedcc4472ae470410454a32da

SHA512
0cdf6d3d9f587e26b84914a7c9cc04a69fe5a88a5ea2f26f4e9babe86e217ad22931cb5a4bcb56b098e96ea6ef56fd08283d5fa5d1f0082036a5ac5c26707ce6

Download Submit
\Windows\system\XfPTtgZ.exe

Filesize
6.0MB

MD5
6b0ab6ed8b68d9dfb01232dddb472241

SHA1
a791dbc779cf7cacf6f6430a37d56b65c626173c

SHA256
34d0772272a5b8f266d3c634513c8db9fb50a042bd1450026f21c014458ef8a1

SHA512
58c46a0bc88b8610865d9c2d6f31a6d5a1fdeea3d96726fc9745689eeec96b96f28fdb209897b485c47acc1e394e0324f40baefdba4141fa0a3c2e3749489391

Download Submit
\Windows\system\ZxjRArG.exe

Filesize
6.0MB

MD5
1bac623ea1018e48ac4033991ca95ff1

SHA1
29385133b819e10b770c66d91d3b11e810625578

SHA256
095cf716b3a57717ad8056d86853ac34c47c105d498bc31dda15c612d0102df0

SHA512
9aec4259e8e1bddeddc1e0af9f18863db1ea2a2c004e7c2966d4386df16830462aaa74597f76fc6ad0c4e8e88967e35bb9ead445b905bb740e0aec6dad0cd875

Download Submit
\Windows\system\ekIvajE.exe

Filesize
6.0MB

MD5
36ecae824ed0447f63c4dc654f25d7e7

SHA1
61347690f624e8fe687572a30d516aa00f9fd2f1

SHA256
1d0bcf1069b5bfa2aab4d61b8d58e026d28afa11251455413ee385b38a2f62d2

SHA512
cb33970141d8b220057332d31d8a66d750540cca1afb35d118052a31701623748070a789e4b73e9ab5f429e5d7d96e4ab54041cf017cccf22f17643772b713ee

Download Submit
\Windows\system\jCrwMBi.exe

Filesize
6.0MB

MD5
b79332faf2f78cb6564c2744ca3cadfd

SHA1
36194f15092c54943f23f5a1b037167318afc1e5

SHA256
8bd16c788fd881810c1689876f35e771f34ff3b78c3075bbe3916d5cff7f9b82

SHA512
e28298bb39f2294319f015f9c4485a61700be88392d1bc2b77edc8d8d5de0a54f37a32718107ee468f61fa4eff44350b7fd73670153f872bbf3d7e6a314ed12f

Download Submit
\Windows\system\oqFgylP.exe

Filesize
6.0MB

MD5
c775f2242c0883d1bfb934e8ce0296a0

SHA1
51bbf1c53e105741fd3829811419a2ab6b81019e

SHA256
f96f8f165af37238ec4f1c584ec208a04343db2f9b1b61c0c1d13ebde1e03045

SHA512
9876994bdd56ca3ff14a9f830b927af6f9a82b0510a86e6ba93d605e046b52f6e0b60c16f16dc8df4e918e7b39be2dddbefbc701031145f906cb544bb813866a

Download Submit
memory/1656-0-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1656-26-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-16-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1656-42-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-27-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-77-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/1656-78-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1656-104-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/1656-80-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1656-81-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1656-357-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1656-63-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1656-23-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1656-36-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/1656-53-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-447-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/1656-403-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1656-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2052-309-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2052-75-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2052-1941-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2260-110-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2260-1965-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2332-1823-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2332-25-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2384-377-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1940-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2384-82-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2432-21-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-79-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-2019-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-105-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2588-1942-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2680-1956-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-106-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-54-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1889-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2788-24-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1828-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1895-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2808-71-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2908-1973-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-112-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-2018-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-30-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-206-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-43-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-1891-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1868-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2976-37-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download