cobaltstrike | 6952c3f2e02f261ca925369e89800bedb100ba73d945a6ecb789dca458e69837

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-09-2024 15:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

6ff24a6c11369f557712eb36570ff2d6
SHA1

e4392b9dd4bb6bd48a35f754e57d46ce42236dbb
SHA256

6952c3f2e02f261ca925369e89800bedb100ba73d945a6ecb789dca458e69837
SHA512

342df6a6673aa10fcd4ef711f998bbf99e2469981330e09b95cfc9a8f8fb496259de0f05c54e89dafbc114f9a322db18a1e1461790d6117f003687e9f0568bb9
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUX:T+q56utgpPF8u/7X

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012101-6.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001739b-11.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173b2-9.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173ee-22.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001746c-40.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016e73-30.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001925d-58.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000174bf-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-62.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938b-94.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193ec-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f3-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960e-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-181.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d9-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019537-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194bd-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019436-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019417-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941a-139.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d4-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-91.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019399-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-74.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019280-72.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c8-107.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b7-100.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017481-61.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017474-49.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2492-0-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x0007000000012101-6.dat	xmrig
behavioral1/files/0x000800000001739b-11.dat	xmrig
behavioral1/memory/2564-14-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/1584-12-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x00080000000173b2-9.dat	xmrig
behavioral1/memory/2092-20-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x00080000000173ee-22.dat	xmrig
behavioral1/memory/1952-29-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/files/0x000700000001746c-40.dat	xmrig
behavioral1/memory/1584-43-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x0009000000016e73-30.dat	xmrig
behavioral1/memory/2812-35-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2800-44-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2492-37-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2564-45-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/files/0x000600000001925d-58.dat	xmrig
behavioral1/files/0x00090000000174bf-55.dat	xmrig
behavioral1/files/0x0005000000019263-62.dat	xmrig
behavioral1/memory/2972-63-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/files/0x000500000001938b-94.dat	xmrig
behavioral1/files/0x00050000000193ec-129.dat	xmrig
behavioral1/files/0x00050000000194f3-160.dat	xmrig
behavioral1/files/0x000500000001960a-175.dat	xmrig
behavioral1/memory/2812-532-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2492-1352-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/1952-317-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/files/0x000500000001960d-186.dat	xmrig
behavioral1/files/0x000500000001960e-190.dat	xmrig
behavioral1/files/0x000500000001960c-181.dat	xmrig
behavioral1/files/0x00050000000195d9-170.dat	xmrig
behavioral1/files/0x0005000000019537-165.dat	xmrig
behavioral1/files/0x00050000000194bd-155.dat	xmrig
behavioral1/files/0x0005000000019436-145.dat	xmrig
behavioral1/files/0x0005000000019441-150.dat	xmrig
behavioral1/files/0x0005000000019417-135.dat	xmrig
behavioral1/files/0x000500000001941a-139.dat	xmrig
behavioral1/files/0x00050000000193d4-124.dat	xmrig
behavioral1/files/0x00050000000193c1-91.dat	xmrig
behavioral1/files/0x0005000000019399-83.dat	xmrig
behavioral1/memory/2632-79-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019278-74.dat	xmrig
behavioral1/files/0x0005000000019280-72.dat	xmrig
behavioral1/memory/2492-114-0x00000000024C0000-0x0000000002814000-memory.dmp	xmrig
behavioral1/memory/2736-113-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2092-109-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c8-107.dat	xmrig
behavioral1/memory/2492-105-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2344-104-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193b7-100.dat	xmrig
behavioral1/memory/2592-90-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000017481-61.dat	xmrig
behavioral1/memory/2492-53-0x00000000024C0000-0x0000000002814000-memory.dmp	xmrig
behavioral1/files/0x0007000000017474-49.dat	xmrig
behavioral1/memory/1584-4003-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2564-4004-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/1952-4005-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2092-4006-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2800-4007-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2812-4008-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2972-4009-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2592-4010-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2632-4011-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2736-4012-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1584	pwmjzNH.exe
2564	QsIxDTT.exe
2092	ewKjCGg.exe
1952	DMRowrj.exe
2812	gqQjfav.exe
2800	sNHlrUK.exe
2972	ivRFzAu.exe
2632	gdeWApX.exe
2736	LOqBKHz.exe
2592	wBNZeav.exe
2344	ocoDURT.exe
2620	DzIFQod.exe
1772	kDakxCN.exe
2820	SSlczjo.exe
1616	hFfOpBJ.exe
2676	JynpvIH.exe
1668	pycVzrw.exe
1100	EPtKIfp.exe
1316	JWAcvoz.exe
588	xRYAOfq.exe
1696	srljNQV.exe
1408	wQoVSYY.exe
1440	urWBmTa.exe
1500	uRdRpFy.exe
2312	SUEwfXc.exe
2084	EzeKkof.exe
2284	zvedOuy.exe
2696	YIhypBs.exe
1960	DzCLFFr.exe
1780	RRxWSPT.exe
852	FaEKHYI.exe
2996	zKgaQaP.exe
1656	ffYbbeG.exe
1380	WFAOQzW.exe
620	CmqaLrm.exe
1868	kfYlArl.exe
1548	jPIXpEt.exe
1312	yZuiBBJ.exe
1748	ZuUoxDG.exe
1740	etQXodf.exe
892	kYpbqhQ.exe
1156	WPCOyOp.exe
1840	CXuqkNL.exe
692	xbtIzTY.exe
3028	nvqZYoE.exe
3020	oyoQArm.exe
296	NeQggIO.exe
1036	hxUGmPn.exe
3008	vGEDULO.exe
3012	lNRwQST.exe
1796	WlBVows.exe
900	MQbIZrM.exe
1828	EaQRyWp.exe
2364	zXWsjfG.exe
1716	CCGUbQQ.exe
1604	WhxIDqx.exe
1860	BjtxWUI.exe
2692	BUrVtib.exe
2328	UMLZYuC.exe
2976	zIIwcKW.exe
2872	EModYPA.exe
1916	dfancyY.exe
2824	sgVzQEP.exe
2864	eFPIzOc.exe

Loads dropped DLL 64 IoCs

pid	Process
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2492-0-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x0007000000012101-6.dat	upx
behavioral1/files/0x000800000001739b-11.dat	upx
behavioral1/memory/2564-14-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/1584-12-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x00080000000173b2-9.dat	upx
behavioral1/memory/2092-20-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x00080000000173ee-22.dat	upx
behavioral1/memory/1952-29-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x000700000001746c-40.dat	upx
behavioral1/memory/1584-43-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x0009000000016e73-30.dat	upx
behavioral1/memory/2812-35-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2800-44-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2492-37-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2564-45-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/files/0x000600000001925d-58.dat	upx
behavioral1/files/0x00090000000174bf-55.dat	upx
behavioral1/files/0x0005000000019263-62.dat	upx
behavioral1/memory/2972-63-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/files/0x000500000001938b-94.dat	upx
behavioral1/files/0x00050000000193ec-129.dat	upx
behavioral1/files/0x00050000000194f3-160.dat	upx
behavioral1/files/0x000500000001960a-175.dat	upx
behavioral1/memory/2812-532-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/1952-317-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x000500000001960d-186.dat	upx
behavioral1/files/0x000500000001960e-190.dat	upx
behavioral1/files/0x000500000001960c-181.dat	upx
behavioral1/files/0x00050000000195d9-170.dat	upx
behavioral1/files/0x0005000000019537-165.dat	upx
behavioral1/files/0x00050000000194bd-155.dat	upx
behavioral1/files/0x0005000000019436-145.dat	upx
behavioral1/files/0x0005000000019441-150.dat	upx
behavioral1/files/0x0005000000019417-135.dat	upx
behavioral1/files/0x000500000001941a-139.dat	upx
behavioral1/files/0x00050000000193d4-124.dat	upx
behavioral1/files/0x00050000000193c1-91.dat	upx
behavioral1/files/0x0005000000019399-83.dat	upx
behavioral1/memory/2632-79-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/files/0x0005000000019278-74.dat	upx
behavioral1/files/0x0005000000019280-72.dat	upx
behavioral1/memory/2736-113-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2092-109-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x00050000000193c8-107.dat	upx
behavioral1/memory/2344-104-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x00050000000193b7-100.dat	upx
behavioral1/memory/2592-90-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x0007000000017481-61.dat	upx
behavioral1/files/0x0007000000017474-49.dat	upx
behavioral1/memory/1584-4003-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2564-4004-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/1952-4005-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2092-4006-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2800-4007-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2812-4008-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2972-4009-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2592-4010-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2632-4011-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2736-4012-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2344-4013-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JxsisDN.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KKogDjj.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFuxfjt.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eRmSSVk.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ApQuqdn.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jJqKKuz.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmqaLrm.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CrDwCbe.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSPCSkj.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QZYXnxT.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tpbsBWB.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CYwCbox.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\etRNblA.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MoGFLld.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SkkueCl.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AUUcxvr.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SGbqCVq.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BMueoMm.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cApepxf.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNUmYVq.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pfbkKoL.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uYnukzq.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUEwfXc.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\akysoCI.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YyQUOpw.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSeISky.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kCgDgVn.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mGaWVij.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qOWQeub.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TUrbKgM.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LMiAIem.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BWYHlaQ.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IchEjoD.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FhMvdNd.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kqyknHF.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztvGBEK.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UQbPoKN.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CnqtAup.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dIadHze.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YiHADZP.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNGrRYo.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GCnyokk.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkfIOQg.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVAQIbI.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMVNTym.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OgDjGep.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GWaqyru.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kzpQrty.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sBWxEqC.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZXfSDtp.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NcAoxIw.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZIDQtZf.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dIRMlPe.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQYTIPf.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JdKFHBJ.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KvkMwbK.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XfreFKH.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuhvyAV.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dDGRxOF.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgJzbup.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VxPsRrB.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QvWFhEY.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\beBqOln.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmxWeKP.exe	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 1584	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2492 wrote to memory of 1584	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2492 wrote to memory of 1584	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2492 wrote to memory of 2564	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2492 wrote to memory of 2564	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2492 wrote to memory of 2564	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2492 wrote to memory of 2092	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2492 wrote to memory of 2092	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2492 wrote to memory of 2092	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2492 wrote to memory of 1952	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2492 wrote to memory of 1952	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2492 wrote to memory of 1952	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2492 wrote to memory of 2812	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2492 wrote to memory of 2812	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2492 wrote to memory of 2812	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2492 wrote to memory of 2800	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2492 wrote to memory of 2800	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2492 wrote to memory of 2800	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2492 wrote to memory of 2972	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2492 wrote to memory of 2972	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2492 wrote to memory of 2972	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2492 wrote to memory of 2632	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2492 wrote to memory of 2632	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2492 wrote to memory of 2632	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2492 wrote to memory of 2620	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2492 wrote to memory of 2620	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2492 wrote to memory of 2620	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2492 wrote to memory of 2736	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2492 wrote to memory of 2736	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2492 wrote to memory of 2736	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2492 wrote to memory of 2820	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2492 wrote to memory of 2820	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2492 wrote to memory of 2820	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2492 wrote to memory of 2592	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2492 wrote to memory of 2592	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2492 wrote to memory of 2592	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2492 wrote to memory of 2676	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2492 wrote to memory of 2676	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2492 wrote to memory of 2676	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2492 wrote to memory of 2344	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2492 wrote to memory of 2344	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2492 wrote to memory of 2344	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2492 wrote to memory of 1668	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2492 wrote to memory of 1668	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2492 wrote to memory of 1668	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2492 wrote to memory of 1772	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2492 wrote to memory of 1772	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2492 wrote to memory of 1772	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2492 wrote to memory of 1100	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2492 wrote to memory of 1100	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2492 wrote to memory of 1100	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2492 wrote to memory of 1616	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2492 wrote to memory of 1616	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2492 wrote to memory of 1616	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2492 wrote to memory of 1316	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2492 wrote to memory of 1316	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2492 wrote to memory of 1316	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2492 wrote to memory of 588	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2492 wrote to memory of 588	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2492 wrote to memory of 588	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2492 wrote to memory of 1696	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2492 wrote to memory of 1696	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2492 wrote to memory of 1696	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2492 wrote to memory of 1408	2492	2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-24_6ff24a6c11369f557712eb36570ff2d6_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\System\pwmjzNH.exe
  C:\Windows\System\pwmjzNH.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\QsIxDTT.exe
  C:\Windows\System\QsIxDTT.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\ewKjCGg.exe
  C:\Windows\System\ewKjCGg.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\DMRowrj.exe
  C:\Windows\System\DMRowrj.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\gqQjfav.exe
  C:\Windows\System\gqQjfav.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\sNHlrUK.exe
  C:\Windows\System\sNHlrUK.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\ivRFzAu.exe
  C:\Windows\System\ivRFzAu.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\gdeWApX.exe
  C:\Windows\System\gdeWApX.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\DzIFQod.exe
  C:\Windows\System\DzIFQod.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\LOqBKHz.exe
  C:\Windows\System\LOqBKHz.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\SSlczjo.exe
  C:\Windows\System\SSlczjo.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\wBNZeav.exe
  C:\Windows\System\wBNZeav.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\JynpvIH.exe
  C:\Windows\System\JynpvIH.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\ocoDURT.exe
  C:\Windows\System\ocoDURT.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\pycVzrw.exe
  C:\Windows\System\pycVzrw.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\kDakxCN.exe
  C:\Windows\System\kDakxCN.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\EPtKIfp.exe
  C:\Windows\System\EPtKIfp.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\hFfOpBJ.exe
  C:\Windows\System\hFfOpBJ.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\JWAcvoz.exe
  C:\Windows\System\JWAcvoz.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\xRYAOfq.exe
  C:\Windows\System\xRYAOfq.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\srljNQV.exe
  C:\Windows\System\srljNQV.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\wQoVSYY.exe
  C:\Windows\System\wQoVSYY.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\urWBmTa.exe
  C:\Windows\System\urWBmTa.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\uRdRpFy.exe
  C:\Windows\System\uRdRpFy.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\SUEwfXc.exe
  C:\Windows\System\SUEwfXc.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\EzeKkof.exe
  C:\Windows\System\EzeKkof.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\zvedOuy.exe
  C:\Windows\System\zvedOuy.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\YIhypBs.exe
  C:\Windows\System\YIhypBs.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\DzCLFFr.exe
  C:\Windows\System\DzCLFFr.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\RRxWSPT.exe
  C:\Windows\System\RRxWSPT.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\FaEKHYI.exe
  C:\Windows\System\FaEKHYI.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\zKgaQaP.exe
  C:\Windows\System\zKgaQaP.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\ffYbbeG.exe
  C:\Windows\System\ffYbbeG.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\WFAOQzW.exe
  C:\Windows\System\WFAOQzW.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\kfYlArl.exe
  C:\Windows\System\kfYlArl.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\CmqaLrm.exe
  C:\Windows\System\CmqaLrm.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\yZuiBBJ.exe
  C:\Windows\System\yZuiBBJ.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\jPIXpEt.exe
  C:\Windows\System\jPIXpEt.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\ZuUoxDG.exe
  C:\Windows\System\ZuUoxDG.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\etQXodf.exe
  C:\Windows\System\etQXodf.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\kYpbqhQ.exe
  C:\Windows\System\kYpbqhQ.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\WPCOyOp.exe
  C:\Windows\System\WPCOyOp.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\CXuqkNL.exe
  C:\Windows\System\CXuqkNL.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\xbtIzTY.exe
  C:\Windows\System\xbtIzTY.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\nvqZYoE.exe
  C:\Windows\System\nvqZYoE.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\oyoQArm.exe
  C:\Windows\System\oyoQArm.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\NeQggIO.exe
  C:\Windows\System\NeQggIO.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\hxUGmPn.exe
  C:\Windows\System\hxUGmPn.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\vGEDULO.exe
  C:\Windows\System\vGEDULO.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\lNRwQST.exe
  C:\Windows\System\lNRwQST.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\WlBVows.exe
  C:\Windows\System\WlBVows.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\MQbIZrM.exe
  C:\Windows\System\MQbIZrM.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\EaQRyWp.exe
  C:\Windows\System\EaQRyWp.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\zXWsjfG.exe
  C:\Windows\System\zXWsjfG.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\CCGUbQQ.exe
  C:\Windows\System\CCGUbQQ.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\WhxIDqx.exe
  C:\Windows\System\WhxIDqx.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\BjtxWUI.exe
  C:\Windows\System\BjtxWUI.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\BUrVtib.exe
  C:\Windows\System\BUrVtib.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\UMLZYuC.exe
  C:\Windows\System\UMLZYuC.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\zIIwcKW.exe
  C:\Windows\System\zIIwcKW.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\EModYPA.exe
  C:\Windows\System\EModYPA.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\dfancyY.exe
  C:\Windows\System\dfancyY.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\sgVzQEP.exe
  C:\Windows\System\sgVzQEP.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\eFPIzOc.exe
  C:\Windows\System\eFPIzOc.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\vhwTXfK.exe
  C:\Windows\System\vhwTXfK.exe
  2⤵
  PID:2900
- C:\Windows\System\TuhvyAV.exe
  C:\Windows\System\TuhvyAV.exe
  2⤵
  PID:2644
- C:\Windows\System\canPfkJ.exe
  C:\Windows\System\canPfkJ.exe
  2⤵
  PID:1912
- C:\Windows\System\UuLoJKW.exe
  C:\Windows\System\UuLoJKW.exe
  2⤵
  PID:1844
- C:\Windows\System\ljMNMnd.exe
  C:\Windows\System\ljMNMnd.exe
  2⤵
  PID:2500
- C:\Windows\System\qFoYCgB.exe
  C:\Windows\System\qFoYCgB.exe
  2⤵
  PID:2656
- C:\Windows\System\kPsWpBm.exe
  C:\Windows\System\kPsWpBm.exe
  2⤵
  PID:952
- C:\Windows\System\sPZrceM.exe
  C:\Windows\System\sPZrceM.exe
  2⤵
  PID:1292
- C:\Windows\System\Jiqfknp.exe
  C:\Windows\System\Jiqfknp.exe
  2⤵
  PID:2120
- C:\Windows\System\tBFQMar.exe
  C:\Windows\System\tBFQMar.exe
  2⤵
  PID:3032
- C:\Windows\System\cbGsZyI.exe
  C:\Windows\System\cbGsZyI.exe
  2⤵
  PID:1448
- C:\Windows\System\lomjyLV.exe
  C:\Windows\System\lomjyLV.exe
  2⤵
  PID:2568
- C:\Windows\System\QTeSOFl.exe
  C:\Windows\System\QTeSOFl.exe
  2⤵
  PID:2356
- C:\Windows\System\yRzfqpD.exe
  C:\Windows\System\yRzfqpD.exe
  2⤵
  PID:2432
- C:\Windows\System\ijENLSa.exe
  C:\Windows\System\ijENLSa.exe
  2⤵
  PID:1140
- C:\Windows\System\pxIqJpi.exe
  C:\Windows\System\pxIqJpi.exe
  2⤵
  PID:1972
- C:\Windows\System\bMvHQti.exe
  C:\Windows\System\bMvHQti.exe
  2⤵
  PID:904
- C:\Windows\System\HPGBHiw.exe
  C:\Windows\System\HPGBHiw.exe
  2⤵
  PID:1792
- C:\Windows\System\BvNEARv.exe
  C:\Windows\System\BvNEARv.exe
  2⤵
  PID:1752
- C:\Windows\System\OprjIpk.exe
  C:\Windows\System\OprjIpk.exe
  2⤵
  PID:1540
- C:\Windows\System\zjeqgxq.exe
  C:\Windows\System\zjeqgxq.exe
  2⤵
  PID:796
- C:\Windows\System\PENhFVq.exe
  C:\Windows\System\PENhFVq.exe
  2⤵
  PID:3024
- C:\Windows\System\atlYYxx.exe
  C:\Windows\System\atlYYxx.exe
  2⤵
  PID:2216
- C:\Windows\System\xECoXHs.exe
  C:\Windows\System\xECoXHs.exe
  2⤵
  PID:288
- C:\Windows\System\ClyILkY.exe
  C:\Windows\System\ClyILkY.exe
  2⤵
  PID:1728
- C:\Windows\System\jQwUZCF.exe
  C:\Windows\System\jQwUZCF.exe
  2⤵
  PID:568
- C:\Windows\System\xWKTInj.exe
  C:\Windows\System\xWKTInj.exe
  2⤵
  PID:884
- C:\Windows\System\XMXjKUy.exe
  C:\Windows\System\XMXjKUy.exe
  2⤵
  PID:2388
- C:\Windows\System\GewhCHV.exe
  C:\Windows\System\GewhCHV.exe
  2⤵
  PID:1600
- C:\Windows\System\AcNkoEx.exe
  C:\Windows\System\AcNkoEx.exe
  2⤵
  PID:2376
- C:\Windows\System\jIYsrcM.exe
  C:\Windows\System\jIYsrcM.exe
  2⤵
  PID:2164
- C:\Windows\System\HUyhmhf.exe
  C:\Windows\System\HUyhmhf.exe
  2⤵
  PID:2728
- C:\Windows\System\eSvEJrg.exe
  C:\Windows\System\eSvEJrg.exe
  2⤵
  PID:2704
- C:\Windows\System\SnQBSoQ.exe
  C:\Windows\System\SnQBSoQ.exe
  2⤵
  PID:2108
- C:\Windows\System\UhDLqJy.exe
  C:\Windows\System\UhDLqJy.exe
  2⤵
  PID:2336
- C:\Windows\System\beBqOln.exe
  C:\Windows\System\beBqOln.exe
  2⤵
  PID:2616
- C:\Windows\System\uTvkglz.exe
  C:\Windows\System\uTvkglz.exe
  2⤵
  PID:1508
- C:\Windows\System\dxaqKXa.exe
  C:\Windows\System\dxaqKXa.exe
  2⤵
  PID:2660
- C:\Windows\System\uSyrfJa.exe
  C:\Windows\System\uSyrfJa.exe
  2⤵
  PID:1644
- C:\Windows\System\TSlKXWD.exe
  C:\Windows\System\TSlKXWD.exe
  2⤵
  PID:2416
- C:\Windows\System\kEawZpw.exe
  C:\Windows\System\kEawZpw.exe
  2⤵
  PID:2960
- C:\Windows\System\MTdJdEy.exe
  C:\Windows\System\MTdJdEy.exe
  2⤵
  PID:2060
- C:\Windows\System\kGzBvqL.exe
  C:\Windows\System\kGzBvqL.exe
  2⤵
  PID:844
- C:\Windows\System\pKphjqn.exe
  C:\Windows\System\pKphjqn.exe
  2⤵
  PID:960
- C:\Windows\System\wAXXSxx.exe
  C:\Windows\System\wAXXSxx.exe
  2⤵
  PID:316
- C:\Windows\System\AoaKJMp.exe
  C:\Windows\System\AoaKJMp.exe
  2⤵
  PID:2136
- C:\Windows\System\tVGROqW.exe
  C:\Windows\System\tVGROqW.exe
  2⤵
  PID:1556
- C:\Windows\System\lpxAPZx.exe
  C:\Windows\System\lpxAPZx.exe
  2⤵
  PID:2020
- C:\Windows\System\yymtOJG.exe
  C:\Windows\System\yymtOJG.exe
  2⤵
  PID:3016
- C:\Windows\System\trChAEJ.exe
  C:\Windows\System\trChAEJ.exe
  2⤵
  PID:1196
- C:\Windows\System\IWgXnhg.exe
  C:\Windows\System\IWgXnhg.exe
  2⤵
  PID:1596
- C:\Windows\System\BfUQlAA.exe
  C:\Windows\System\BfUQlAA.exe
  2⤵
  PID:1632
- C:\Windows\System\LPNEdGz.exe
  C:\Windows\System\LPNEdGz.exe
  2⤵
  PID:1280
- C:\Windows\System\jBMtUvt.exe
  C:\Windows\System\jBMtUvt.exe
  2⤵
  PID:2828
- C:\Windows\System\wEFCGnT.exe
  C:\Windows\System\wEFCGnT.exe
  2⤵
  PID:2272
- C:\Windows\System\PewNckm.exe
  C:\Windows\System\PewNckm.exe
  2⤵
  PID:2924
- C:\Windows\System\IgOnWuv.exe
  C:\Windows\System\IgOnWuv.exe
  2⤵
  PID:2628
- C:\Windows\System\LCgjuma.exe
  C:\Windows\System\LCgjuma.exe
  2⤵
  PID:3044
- C:\Windows\System\KQfjOlE.exe
  C:\Windows\System\KQfjOlE.exe
  2⤵
  PID:1808
- C:\Windows\System\BUJwEbo.exe
  C:\Windows\System\BUJwEbo.exe
  2⤵
  PID:440
- C:\Windows\System\UZnRExZ.exe
  C:\Windows\System\UZnRExZ.exe
  2⤵
  PID:1760
- C:\Windows\System\zWNIKle.exe
  C:\Windows\System\zWNIKle.exe
  2⤵
  PID:912
- C:\Windows\System\WHiNZUq.exe
  C:\Windows\System\WHiNZUq.exe
  2⤵
  PID:112
- C:\Windows\System\SMZvmcJ.exe
  C:\Windows\System\SMZvmcJ.exe
  2⤵
  PID:3048
- C:\Windows\System\eGhlCni.exe
  C:\Windows\System\eGhlCni.exe
  2⤵
  PID:1504
- C:\Windows\System\ornkGlq.exe
  C:\Windows\System\ornkGlq.exe
  2⤵
  PID:2528
- C:\Windows\System\enAfcfN.exe
  C:\Windows\System\enAfcfN.exe
  2⤵
  PID:2804
- C:\Windows\System\fpTVBMJ.exe
  C:\Windows\System\fpTVBMJ.exe
  2⤵
  PID:3084
- C:\Windows\System\BZxvjps.exe
  C:\Windows\System\BZxvjps.exe
  2⤵
  PID:3104
- C:\Windows\System\xZjRxCx.exe
  C:\Windows\System\xZjRxCx.exe
  2⤵
  PID:3124
- C:\Windows\System\ngiUWry.exe
  C:\Windows\System\ngiUWry.exe
  2⤵
  PID:3148
- C:\Windows\System\fzQgpIH.exe
  C:\Windows\System\fzQgpIH.exe
  2⤵
  PID:3168
- C:\Windows\System\RqOqDYh.exe
  C:\Windows\System\RqOqDYh.exe
  2⤵
  PID:3188
- C:\Windows\System\uvDPvTK.exe
  C:\Windows\System\uvDPvTK.exe
  2⤵
  PID:3204
- C:\Windows\System\RLMyZpl.exe
  C:\Windows\System\RLMyZpl.exe
  2⤵
  PID:3228
- C:\Windows\System\cmNbRvA.exe
  C:\Windows\System\cmNbRvA.exe
  2⤵
  PID:3248
- C:\Windows\System\GACeHSs.exe
  C:\Windows\System\GACeHSs.exe
  2⤵
  PID:3268
- C:\Windows\System\gTxwjgu.exe
  C:\Windows\System\gTxwjgu.exe
  2⤵
  PID:3288
- C:\Windows\System\LZDDSUV.exe
  C:\Windows\System\LZDDSUV.exe
  2⤵
  PID:3312
- C:\Windows\System\pOhEzqo.exe
  C:\Windows\System\pOhEzqo.exe
  2⤵
  PID:3332
- C:\Windows\System\sFvOcaQ.exe
  C:\Windows\System\sFvOcaQ.exe
  2⤵
  PID:3352
- C:\Windows\System\YlCcREZ.exe
  C:\Windows\System\YlCcREZ.exe
  2⤵
  PID:3372
- C:\Windows\System\FvGARHi.exe
  C:\Windows\System\FvGARHi.exe
  2⤵
  PID:3396
- C:\Windows\System\vJlryBn.exe
  C:\Windows\System\vJlryBn.exe
  2⤵
  PID:3416
- C:\Windows\System\GVjJIvN.exe
  C:\Windows\System\GVjJIvN.exe
  2⤵
  PID:3436
- C:\Windows\System\QsPnnog.exe
  C:\Windows\System\QsPnnog.exe
  2⤵
  PID:3452
- C:\Windows\System\YjjBmKs.exe
  C:\Windows\System\YjjBmKs.exe
  2⤵
  PID:3472
- C:\Windows\System\MIDiDlP.exe
  C:\Windows\System\MIDiDlP.exe
  2⤵
  PID:3492
- C:\Windows\System\MyTWfnH.exe
  C:\Windows\System\MyTWfnH.exe
  2⤵
  PID:3512
- C:\Windows\System\FrFJEdZ.exe
  C:\Windows\System\FrFJEdZ.exe
  2⤵
  PID:3532
- C:\Windows\System\bvXByFm.exe
  C:\Windows\System\bvXByFm.exe
  2⤵
  PID:3552
- C:\Windows\System\IUiuaWw.exe
  C:\Windows\System\IUiuaWw.exe
  2⤵
  PID:3572
- C:\Windows\System\wTRHtCS.exe
  C:\Windows\System\wTRHtCS.exe
  2⤵
  PID:3592
- C:\Windows\System\JbvzCRb.exe
  C:\Windows\System\JbvzCRb.exe
  2⤵
  PID:3616
- C:\Windows\System\qWHHpXl.exe
  C:\Windows\System\qWHHpXl.exe
  2⤵
  PID:3636
- C:\Windows\System\asNgFCZ.exe
  C:\Windows\System\asNgFCZ.exe
  2⤵
  PID:3652
- C:\Windows\System\iVBfGmZ.exe
  C:\Windows\System\iVBfGmZ.exe
  2⤵
  PID:3672
- C:\Windows\System\NjzYIRb.exe
  C:\Windows\System\NjzYIRb.exe
  2⤵
  PID:3696
- C:\Windows\System\jhWsCEN.exe
  C:\Windows\System\jhWsCEN.exe
  2⤵
  PID:3716
- C:\Windows\System\CfjYPeD.exe
  C:\Windows\System\CfjYPeD.exe
  2⤵
  PID:3736
- C:\Windows\System\RDvartP.exe
  C:\Windows\System\RDvartP.exe
  2⤵
  PID:3756
- C:\Windows\System\BMSjSVk.exe
  C:\Windows\System\BMSjSVk.exe
  2⤵
  PID:3776
- C:\Windows\System\IALRchq.exe
  C:\Windows\System\IALRchq.exe
  2⤵
  PID:3796
- C:\Windows\System\sySobot.exe
  C:\Windows\System\sySobot.exe
  2⤵
  PID:3816
- C:\Windows\System\eFtmgcF.exe
  C:\Windows\System\eFtmgcF.exe
  2⤵
  PID:3836
- C:\Windows\System\RqzjYSK.exe
  C:\Windows\System\RqzjYSK.exe
  2⤵
  PID:3856
- C:\Windows\System\UrAUTAW.exe
  C:\Windows\System\UrAUTAW.exe
  2⤵
  PID:3876
- C:\Windows\System\qNbYJUO.exe
  C:\Windows\System\qNbYJUO.exe
  2⤵
  PID:3892
- C:\Windows\System\zbxldTc.exe
  C:\Windows\System\zbxldTc.exe
  2⤵
  PID:3912
- C:\Windows\System\xiruhMF.exe
  C:\Windows\System\xiruhMF.exe
  2⤵
  PID:3936
- C:\Windows\System\UGagSnv.exe
  C:\Windows\System\UGagSnv.exe
  2⤵
  PID:3956
- C:\Windows\System\pbCCxww.exe
  C:\Windows\System\pbCCxww.exe
  2⤵
  PID:3976
- C:\Windows\System\TWPhWlO.exe
  C:\Windows\System\TWPhWlO.exe
  2⤵
  PID:3996
- C:\Windows\System\wAMqlDp.exe
  C:\Windows\System\wAMqlDp.exe
  2⤵
  PID:4016
- C:\Windows\System\CNLgvEl.exe
  C:\Windows\System\CNLgvEl.exe
  2⤵
  PID:4036
- C:\Windows\System\PyTZIoB.exe
  C:\Windows\System\PyTZIoB.exe
  2⤵
  PID:4052
- C:\Windows\System\pbXrGKf.exe
  C:\Windows\System\pbXrGKf.exe
  2⤵
  PID:4076
- C:\Windows\System\ToXrLCJ.exe
  C:\Windows\System\ToXrLCJ.exe
  2⤵
  PID:2732
- C:\Windows\System\kSymnly.exe
  C:\Windows\System\kSymnly.exe
  2⤵
  PID:2708
- C:\Windows\System\YWXJSDp.exe
  C:\Windows\System\YWXJSDp.exe
  2⤵
  PID:528
- C:\Windows\System\IyNAyWT.exe
  C:\Windows\System\IyNAyWT.exe
  2⤵
  PID:2056
- C:\Windows\System\dXmwNzb.exe
  C:\Windows\System\dXmwNzb.exe
  2⤵
  PID:1636
- C:\Windows\System\wDwtZlA.exe
  C:\Windows\System\wDwtZlA.exe
  2⤵
  PID:1924
- C:\Windows\System\QMLFrCW.exe
  C:\Windows\System\QMLFrCW.exe
  2⤵
  PID:2412
- C:\Windows\System\YCDcxoo.exe
  C:\Windows\System\YCDcxoo.exe
  2⤵
  PID:2128
- C:\Windows\System\bOKmwXZ.exe
  C:\Windows\System\bOKmwXZ.exe
  2⤵
  PID:3096
- C:\Windows\System\mYqhROJ.exe
  C:\Windows\System\mYqhROJ.exe
  2⤵
  PID:3144
- C:\Windows\System\UyEVtnY.exe
  C:\Windows\System\UyEVtnY.exe
  2⤵
  PID:3112
- C:\Windows\System\GsDZFuq.exe
  C:\Windows\System\GsDZFuq.exe
  2⤵
  PID:3212
- C:\Windows\System\ZuwBYms.exe
  C:\Windows\System\ZuwBYms.exe
  2⤵
  PID:3264
- C:\Windows\System\nfViGWf.exe
  C:\Windows\System\nfViGWf.exe
  2⤵
  PID:3304
- C:\Windows\System\mkJMkYT.exe
  C:\Windows\System\mkJMkYT.exe
  2⤵
  PID:3240
- C:\Windows\System\svxsjPl.exe
  C:\Windows\System\svxsjPl.exe
  2⤵
  PID:3320
- C:\Windows\System\piQbOnV.exe
  C:\Windows\System\piQbOnV.exe
  2⤵
  PID:3324
- C:\Windows\System\YitcjlO.exe
  C:\Windows\System\YitcjlO.exe
  2⤵
  PID:3360
- C:\Windows\System\ZSbsIqY.exe
  C:\Windows\System\ZSbsIqY.exe
  2⤵
  PID:3464
- C:\Windows\System\NvUDJgi.exe
  C:\Windows\System\NvUDJgi.exe
  2⤵
  PID:3444
- C:\Windows\System\HXdugIW.exe
  C:\Windows\System\HXdugIW.exe
  2⤵
  PID:3548
- C:\Windows\System\BJJpNmR.exe
  C:\Windows\System\BJJpNmR.exe
  2⤵
  PID:3580
- C:\Windows\System\TqKVnyv.exe
  C:\Windows\System\TqKVnyv.exe
  2⤵
  PID:3588
- C:\Windows\System\znJaMha.exe
  C:\Windows\System\znJaMha.exe
  2⤵
  PID:3560
- C:\Windows\System\geQinJe.exe
  C:\Windows\System\geQinJe.exe
  2⤵
  PID:3628
- C:\Windows\System\ynsXsBM.exe
  C:\Windows\System\ynsXsBM.exe
  2⤵
  PID:3712
- C:\Windows\System\ZhyyuPx.exe
  C:\Windows\System\ZhyyuPx.exe
  2⤵
  PID:3648
- C:\Windows\System\xHcnqam.exe
  C:\Windows\System\xHcnqam.exe
  2⤵
  PID:3732
- C:\Windows\System\lZtXJHg.exe
  C:\Windows\System\lZtXJHg.exe
  2⤵
  PID:3764
- C:\Windows\System\rRLnMua.exe
  C:\Windows\System\rRLnMua.exe
  2⤵
  PID:3768
- C:\Windows\System\KzJhrwK.exe
  C:\Windows\System\KzJhrwK.exe
  2⤵
  PID:3808
- C:\Windows\System\gOonOWi.exe
  C:\Windows\System\gOonOWi.exe
  2⤵
  PID:3868
- C:\Windows\System\tFcmYWR.exe
  C:\Windows\System\tFcmYWR.exe
  2⤵
  PID:3944
- C:\Windows\System\KWLYsdL.exe
  C:\Windows\System\KWLYsdL.exe
  2⤵
  PID:3924
- C:\Windows\System\GQUtHcZ.exe
  C:\Windows\System\GQUtHcZ.exe
  2⤵
  PID:3984
- C:\Windows\System\LwppuAT.exe
  C:\Windows\System\LwppuAT.exe
  2⤵
  PID:3968
- C:\Windows\System\aZSvHsv.exe
  C:\Windows\System\aZSvHsv.exe
  2⤵
  PID:4060
- C:\Windows\System\ojHeavj.exe
  C:\Windows\System\ojHeavj.exe
  2⤵
  PID:1296
- C:\Windows\System\WIkuJaK.exe
  C:\Windows\System\WIkuJaK.exe
  2⤵
  PID:4088
- C:\Windows\System\pmTRRJE.exe
  C:\Windows\System\pmTRRJE.exe
  2⤵
  PID:4092
- C:\Windows\System\bDjYfoW.exe
  C:\Windows\System\bDjYfoW.exe
  2⤵
  PID:596
- C:\Windows\System\KxXoXQK.exe
  C:\Windows\System\KxXoXQK.exe
  2⤵
  PID:2572
- C:\Windows\System\obDzdvJ.exe
  C:\Windows\System\obDzdvJ.exe
  2⤵
  PID:1744
- C:\Windows\System\eeUjyNb.exe
  C:\Windows\System\eeUjyNb.exe
  2⤵
  PID:3140
- C:\Windows\System\glLeovl.exe
  C:\Windows\System\glLeovl.exe
  2⤵
  PID:3100
- C:\Windows\System\aBxBbAK.exe
  C:\Windows\System\aBxBbAK.exe
  2⤵
  PID:3296
- C:\Windows\System\akysoCI.exe
  C:\Windows\System\akysoCI.exe
  2⤵
  PID:3216
- C:\Windows\System\AJLbopC.exe
  C:\Windows\System\AJLbopC.exe
  2⤵
  PID:3424
- C:\Windows\System\eDlCdZi.exe
  C:\Windows\System\eDlCdZi.exe
  2⤵
  PID:3412
- C:\Windows\System\HuBvjkO.exe
  C:\Windows\System\HuBvjkO.exe
  2⤵
  PID:3460
- C:\Windows\System\UQbPoKN.exe
  C:\Windows\System\UQbPoKN.exe
  2⤵
  PID:3484
- C:\Windows\System\JSCliJt.exe
  C:\Windows\System\JSCliJt.exe
  2⤵
  PID:3504
- C:\Windows\System\dsJWhaX.exe
  C:\Windows\System\dsJWhaX.exe
  2⤵
  PID:3668
- C:\Windows\System\UvqqwHK.exe
  C:\Windows\System\UvqqwHK.exe
  2⤵
  PID:3632
- C:\Windows\System\MRbZLoh.exe
  C:\Windows\System\MRbZLoh.exe
  2⤵
  PID:3680
- C:\Windows\System\qaerdmV.exe
  C:\Windows\System\qaerdmV.exe
  2⤵
  PID:3844
- C:\Windows\System\LlKThfs.exe
  C:\Windows\System\LlKThfs.exe
  2⤵
  PID:3804
- C:\Windows\System\DucsGrM.exe
  C:\Windows\System\DucsGrM.exe
  2⤵
  PID:3920
- C:\Windows\System\cQgftPK.exe
  C:\Windows\System\cQgftPK.exe
  2⤵
  PID:3848
- C:\Windows\System\JeivywC.exe
  C:\Windows\System\JeivywC.exe
  2⤵
  PID:3992
- C:\Windows\System\qbpSziI.exe
  C:\Windows\System\qbpSziI.exe
  2⤵
  PID:4028
- C:\Windows\System\CnqtAup.exe
  C:\Windows\System\CnqtAup.exe
  2⤵
  PID:2852
- C:\Windows\System\bBoUbia.exe
  C:\Windows\System\bBoUbia.exe
  2⤵
  PID:1000
- C:\Windows\System\mOchQzt.exe
  C:\Windows\System\mOchQzt.exe
  2⤵
  PID:1836
- C:\Windows\System\irdHePF.exe
  C:\Windows\System\irdHePF.exe
  2⤵
  PID:1964
- C:\Windows\System\ChdjMJh.exe
  C:\Windows\System\ChdjMJh.exe
  2⤵
  PID:3196
- C:\Windows\System\vpyheeB.exe
  C:\Windows\System\vpyheeB.exe
  2⤵
  PID:3388
- C:\Windows\System\dAziAlH.exe
  C:\Windows\System\dAziAlH.exe
  2⤵
  PID:3236
- C:\Windows\System\OSrdBkG.exe
  C:\Windows\System\OSrdBkG.exe
  2⤵
  PID:3428
- C:\Windows\System\kgAaeGG.exe
  C:\Windows\System\kgAaeGG.exe
  2⤵
  PID:3480
- C:\Windows\System\MRAMeIw.exe
  C:\Windows\System\MRAMeIw.exe
  2⤵
  PID:3604
- C:\Windows\System\CVWcjcW.exe
  C:\Windows\System\CVWcjcW.exe
  2⤵
  PID:3792
- C:\Windows\System\LueRQPr.exe
  C:\Windows\System\LueRQPr.exe
  2⤵
  PID:3744
- C:\Windows\System\mlLvYSo.exe
  C:\Windows\System\mlLvYSo.exe
  2⤵
  PID:3748
- C:\Windows\System\qfCQKOR.exe
  C:\Windows\System\qfCQKOR.exe
  2⤵
  PID:4112
- C:\Windows\System\HPwZWHu.exe
  C:\Windows\System\HPwZWHu.exe
  2⤵
  PID:4132
- C:\Windows\System\xsWZOJR.exe
  C:\Windows\System\xsWZOJR.exe
  2⤵
  PID:4152
- C:\Windows\System\bCmJGSP.exe
  C:\Windows\System\bCmJGSP.exe
  2⤵
  PID:4172
- C:\Windows\System\vzFAnHG.exe
  C:\Windows\System\vzFAnHG.exe
  2⤵
  PID:4192
- C:\Windows\System\OTxSpah.exe
  C:\Windows\System\OTxSpah.exe
  2⤵
  PID:4212
- C:\Windows\System\TnLqXnN.exe
  C:\Windows\System\TnLqXnN.exe
  2⤵
  PID:4232
- C:\Windows\System\VgvmuFu.exe
  C:\Windows\System\VgvmuFu.exe
  2⤵
  PID:4252
- C:\Windows\System\DvWwPBo.exe
  C:\Windows\System\DvWwPBo.exe
  2⤵
  PID:4272
- C:\Windows\System\zJoRarf.exe
  C:\Windows\System\zJoRarf.exe
  2⤵
  PID:4292
- C:\Windows\System\KmgohBp.exe
  C:\Windows\System\KmgohBp.exe
  2⤵
  PID:4312
- C:\Windows\System\guWTLjW.exe
  C:\Windows\System\guWTLjW.exe
  2⤵
  PID:4332
- C:\Windows\System\TaCUxkr.exe
  C:\Windows\System\TaCUxkr.exe
  2⤵
  PID:4352
- C:\Windows\System\kUZpHPq.exe
  C:\Windows\System\kUZpHPq.exe
  2⤵
  PID:4372
- C:\Windows\System\ERiqepZ.exe
  C:\Windows\System\ERiqepZ.exe
  2⤵
  PID:4392
- C:\Windows\System\KHvkRUr.exe
  C:\Windows\System\KHvkRUr.exe
  2⤵
  PID:4412
- C:\Windows\System\vLrnKkg.exe
  C:\Windows\System\vLrnKkg.exe
  2⤵
  PID:4432
- C:\Windows\System\oOtprAs.exe
  C:\Windows\System\oOtprAs.exe
  2⤵
  PID:4452
- C:\Windows\System\oPNhpCB.exe
  C:\Windows\System\oPNhpCB.exe
  2⤵
  PID:4472
- C:\Windows\System\NKYCvVF.exe
  C:\Windows\System\NKYCvVF.exe
  2⤵
  PID:4492
- C:\Windows\System\epXJbyl.exe
  C:\Windows\System\epXJbyl.exe
  2⤵
  PID:4512
- C:\Windows\System\NmCJUtV.exe
  C:\Windows\System\NmCJUtV.exe
  2⤵
  PID:4532
- C:\Windows\System\svHfdGj.exe
  C:\Windows\System\svHfdGj.exe
  2⤵
  PID:4552
- C:\Windows\System\yZhIcme.exe
  C:\Windows\System\yZhIcme.exe
  2⤵
  PID:4572
- C:\Windows\System\vehvBIp.exe
  C:\Windows\System\vehvBIp.exe
  2⤵
  PID:4592
- C:\Windows\System\XjmKMYO.exe
  C:\Windows\System\XjmKMYO.exe
  2⤵
  PID:4612
- C:\Windows\System\fCcYgsA.exe
  C:\Windows\System\fCcYgsA.exe
  2⤵
  PID:4632
- C:\Windows\System\guzEoSC.exe
  C:\Windows\System\guzEoSC.exe
  2⤵
  PID:4652
- C:\Windows\System\UlUcPBs.exe
  C:\Windows\System\UlUcPBs.exe
  2⤵
  PID:4672
- C:\Windows\System\plNiNtN.exe
  C:\Windows\System\plNiNtN.exe
  2⤵
  PID:4692
- C:\Windows\System\aDmqTpl.exe
  C:\Windows\System\aDmqTpl.exe
  2⤵
  PID:4712
- C:\Windows\System\jkKzYgL.exe
  C:\Windows\System\jkKzYgL.exe
  2⤵
  PID:4732
- C:\Windows\System\etRNblA.exe
  C:\Windows\System\etRNblA.exe
  2⤵
  PID:4752
- C:\Windows\System\cPWtpBV.exe
  C:\Windows\System\cPWtpBV.exe
  2⤵
  PID:4776
- C:\Windows\System\dDGRxOF.exe
  C:\Windows\System\dDGRxOF.exe
  2⤵
  PID:4792
- C:\Windows\System\HGguZFJ.exe
  C:\Windows\System\HGguZFJ.exe
  2⤵
  PID:4816
- C:\Windows\System\kOXVIkl.exe
  C:\Windows\System\kOXVIkl.exe
  2⤵
  PID:4836
- C:\Windows\System\ifYMWba.exe
  C:\Windows\System\ifYMWba.exe
  2⤵
  PID:4856
- C:\Windows\System\crFvzRs.exe
  C:\Windows\System\crFvzRs.exe
  2⤵
  PID:4876
- C:\Windows\System\rAOIfBq.exe
  C:\Windows\System\rAOIfBq.exe
  2⤵
  PID:4896
- C:\Windows\System\jVMcWFr.exe
  C:\Windows\System\jVMcWFr.exe
  2⤵
  PID:4916
- C:\Windows\System\WINrDBm.exe
  C:\Windows\System\WINrDBm.exe
  2⤵
  PID:4936
- C:\Windows\System\oAoQTOr.exe
  C:\Windows\System\oAoQTOr.exe
  2⤵
  PID:4956
- C:\Windows\System\yFPwrCF.exe
  C:\Windows\System\yFPwrCF.exe
  2⤵
  PID:4976
- C:\Windows\System\HhGjsWE.exe
  C:\Windows\System\HhGjsWE.exe
  2⤵
  PID:4996
- C:\Windows\System\YyQUOpw.exe
  C:\Windows\System\YyQUOpw.exe
  2⤵
  PID:5016
- C:\Windows\System\bFWyUQA.exe
  C:\Windows\System\bFWyUQA.exe
  2⤵
  PID:5036
- C:\Windows\System\jYMekal.exe
  C:\Windows\System\jYMekal.exe
  2⤵
  PID:5056
- C:\Windows\System\uHVMhHC.exe
  C:\Windows\System\uHVMhHC.exe
  2⤵
  PID:5076
- C:\Windows\System\IbTuRSq.exe
  C:\Windows\System\IbTuRSq.exe
  2⤵
  PID:5096
- C:\Windows\System\PRPjfVM.exe
  C:\Windows\System\PRPjfVM.exe
  2⤵
  PID:5116
- C:\Windows\System\tPFCCqX.exe
  C:\Windows\System\tPFCCqX.exe
  2⤵
  PID:3964
- C:\Windows\System\zlbpsTv.exe
  C:\Windows\System\zlbpsTv.exe
  2⤵
  PID:4072
- C:\Windows\System\Diyjnst.exe
  C:\Windows\System\Diyjnst.exe
  2⤵
  PID:2308
- C:\Windows\System\BrFVsnh.exe
  C:\Windows\System\BrFVsnh.exe
  2⤵
  PID:3160
- C:\Windows\System\MhiiQMx.exe
  C:\Windows\System\MhiiQMx.exe
  2⤵
  PID:3224
- C:\Windows\System\OKVheLU.exe
  C:\Windows\System\OKVheLU.exe
  2⤵
  PID:3468
- C:\Windows\System\QnSxOve.exe
  C:\Windows\System\QnSxOve.exe
  2⤵
  PID:3364
- C:\Windows\System\RcpKzCI.exe
  C:\Windows\System\RcpKzCI.exe
  2⤵
  PID:3692
- C:\Windows\System\oABPwzK.exe
  C:\Windows\System\oABPwzK.exe
  2⤵
  PID:3724
- C:\Windows\System\eurpwsu.exe
  C:\Windows\System\eurpwsu.exe
  2⤵
  PID:4120
- C:\Windows\System\siOLTUh.exe
  C:\Windows\System\siOLTUh.exe
  2⤵
  PID:4148
- C:\Windows\System\RGPbYCm.exe
  C:\Windows\System\RGPbYCm.exe
  2⤵
  PID:3092
- C:\Windows\System\oqLKrlv.exe
  C:\Windows\System\oqLKrlv.exe
  2⤵
  PID:4240
- C:\Windows\System\fWNKUaN.exe
  C:\Windows\System\fWNKUaN.exe
  2⤵
  PID:4280
- C:\Windows\System\paWQnHC.exe
  C:\Windows\System\paWQnHC.exe
  2⤵
  PID:4284
- C:\Windows\System\cpoZOvo.exe
  C:\Windows\System\cpoZOvo.exe
  2⤵
  PID:4304
- C:\Windows\System\CrDwCbe.exe
  C:\Windows\System\CrDwCbe.exe
  2⤵
  PID:4344
- C:\Windows\System\lEMCkMV.exe
  C:\Windows\System\lEMCkMV.exe
  2⤵
  PID:4388
- C:\Windows\System\fNKKXmL.exe
  C:\Windows\System\fNKKXmL.exe
  2⤵
  PID:4404
- C:\Windows\System\xdhIOyd.exe
  C:\Windows\System\xdhIOyd.exe
  2⤵
  PID:4424
- C:\Windows\System\zHjJhEH.exe
  C:\Windows\System\zHjJhEH.exe
  2⤵
  PID:4464
- C:\Windows\System\DHCcYsJ.exe
  C:\Windows\System\DHCcYsJ.exe
  2⤵
  PID:1060
- C:\Windows\System\qzylTsI.exe
  C:\Windows\System\qzylTsI.exe
  2⤵
  PID:4524
- C:\Windows\System\dIadHze.exe
  C:\Windows\System\dIadHze.exe
  2⤵
  PID:4548
- C:\Windows\System\DqgxWky.exe
  C:\Windows\System\DqgxWky.exe
  2⤵
  PID:4580
- C:\Windows\System\VOrhhEa.exe
  C:\Windows\System\VOrhhEa.exe
  2⤵
  PID:4608
- C:\Windows\System\fYVUOzM.exe
  C:\Windows\System\fYVUOzM.exe
  2⤵
  PID:4624
- C:\Windows\System\KNWcVcp.exe
  C:\Windows\System\KNWcVcp.exe
  2⤵
  PID:4688
- C:\Windows\System\jyxPdOe.exe
  C:\Windows\System\jyxPdOe.exe
  2⤵
  PID:4700
- C:\Windows\System\NUxcXKp.exe
  C:\Windows\System\NUxcXKp.exe
  2⤵
  PID:2584
- C:\Windows\System\LSvRgFi.exe
  C:\Windows\System\LSvRgFi.exe
  2⤵
  PID:4748
- C:\Windows\System\jAZfnTU.exe
  C:\Windows\System\jAZfnTU.exe
  2⤵
  PID:4812
- C:\Windows\System\eypRAVS.exe
  C:\Windows\System\eypRAVS.exe
  2⤵
  PID:2836
- C:\Windows\System\bzPvSSE.exe
  C:\Windows\System\bzPvSSE.exe
  2⤵
  PID:4848
- C:\Windows\System\FYETgNO.exe
  C:\Windows\System\FYETgNO.exe
  2⤵
  PID:4892
- C:\Windows\System\ElQColV.exe
  C:\Windows\System\ElQColV.exe
  2⤵
  PID:4912
- C:\Windows\System\jlqBDvd.exe
  C:\Windows\System\jlqBDvd.exe
  2⤵
  PID:4972
- C:\Windows\System\sPfMgRT.exe
  C:\Windows\System\sPfMgRT.exe
  2⤵
  PID:4984
- C:\Windows\System\wucYRni.exe
  C:\Windows\System\wucYRni.exe
  2⤵
  PID:5044
- C:\Windows\System\eNZkqgi.exe
  C:\Windows\System\eNZkqgi.exe
  2⤵
  PID:5048
- C:\Windows\System\vDYUqmT.exe
  C:\Windows\System\vDYUqmT.exe
  2⤵
  PID:3972
- C:\Windows\System\wDynYHu.exe
  C:\Windows\System\wDynYHu.exe
  2⤵
  PID:3136
- C:\Windows\System\MxnTXGr.exe
  C:\Windows\System\MxnTXGr.exe
  2⤵
  PID:5112
- C:\Windows\System\eAOeWCg.exe
  C:\Windows\System\eAOeWCg.exe
  2⤵
  PID:3156
- C:\Windows\System\JIrzIKA.exe
  C:\Windows\System\JIrzIKA.exe
  2⤵
  PID:3772
- C:\Windows\System\OlsWpHs.exe
  C:\Windows\System\OlsWpHs.exe
  2⤵
  PID:1004
- C:\Windows\System\rEVMUpn.exe
  C:\Windows\System\rEVMUpn.exe
  2⤵
  PID:3688
- C:\Windows\System\iTiqPRC.exe
  C:\Windows\System\iTiqPRC.exe
  2⤵
  PID:4144
- C:\Windows\System\ADfjciW.exe
  C:\Windows\System\ADfjciW.exe
  2⤵
  PID:4208
- C:\Windows\System\iJDAfpS.exe
  C:\Windows\System\iJDAfpS.exe
  2⤵
  PID:4200
- C:\Windows\System\rTolkER.exe
  C:\Windows\System\rTolkER.exe
  2⤵
  PID:2648
- C:\Windows\System\TzPhsOG.exe
  C:\Windows\System\TzPhsOG.exe
  2⤵
  PID:4328
- C:\Windows\System\cApepxf.exe
  C:\Windows\System\cApepxf.exe
  2⤵
  PID:4364
- C:\Windows\System\hYqGFtU.exe
  C:\Windows\System\hYqGFtU.exe
  2⤵
  PID:4468
- C:\Windows\System\bGadHPP.exe
  C:\Windows\System\bGadHPP.exe
  2⤵
  PID:4460
- C:\Windows\System\uDDhSCN.exe
  C:\Windows\System\uDDhSCN.exe
  2⤵
  PID:4528
- C:\Windows\System\QeViquO.exe
  C:\Windows\System\QeViquO.exe
  2⤵
  PID:4544
- C:\Windows\System\HWWjQko.exe
  C:\Windows\System\HWWjQko.exe
  2⤵
  PID:4620
- C:\Windows\System\pOOBcdZ.exe
  C:\Windows\System\pOOBcdZ.exe
  2⤵
  PID:4684
- C:\Windows\System\Ldpjmsk.exe
  C:\Windows\System\Ldpjmsk.exe
  2⤵
  PID:4760
- C:\Windows\System\JuOuyri.exe
  C:\Windows\System\JuOuyri.exe
  2⤵
  PID:4844
- C:\Windows\System\bFDFXnQ.exe
  C:\Windows\System\bFDFXnQ.exe
  2⤵
  PID:4868
- C:\Windows\System\xVDnfyu.exe
  C:\Windows\System\xVDnfyu.exe
  2⤵
  PID:4928
- C:\Windows\System\oKVijum.exe
  C:\Windows\System\oKVijum.exe
  2⤵
  PID:4944
- C:\Windows\System\YGlLmiv.exe
  C:\Windows\System\YGlLmiv.exe
  2⤵
  PID:4968
- C:\Windows\System\BWYHlaQ.exe
  C:\Windows\System\BWYHlaQ.exe
  2⤵
  PID:5088
- C:\Windows\System\bGvoXCb.exe
  C:\Windows\System\bGvoXCb.exe
  2⤵
  PID:600
- C:\Windows\System\pYXNJlp.exe
  C:\Windows\System\pYXNJlp.exe
  2⤵
  PID:4032
- C:\Windows\System\XqlmbeI.exe
  C:\Windows\System\XqlmbeI.exe
  2⤵
  PID:3256
- C:\Windows\System\EDNoAjR.exe
  C:\Windows\System\EDNoAjR.exe
  2⤵
  PID:3052
- C:\Windows\System\nPEjvnu.exe
  C:\Windows\System\nPEjvnu.exe
  2⤵
  PID:4264
- C:\Windows\System\EZmKFln.exe
  C:\Windows\System\EZmKFln.exe
  2⤵
  PID:4340
- C:\Windows\System\unVceWR.exe
  C:\Windows\System\unVceWR.exe
  2⤵
  PID:4772
- C:\Windows\System\MgMfgPB.exe
  C:\Windows\System\MgMfgPB.exe
  2⤵
  PID:4444
- C:\Windows\System\RyKyPJz.exe
  C:\Windows\System\RyKyPJz.exe
  2⤵
  PID:4484
- C:\Windows\System\roTqmcp.exe
  C:\Windows\System\roTqmcp.exe
  2⤵
  PID:4668
- C:\Windows\System\XMxjgTO.exe
  C:\Windows\System\XMxjgTO.exe
  2⤵
  PID:4728
- C:\Windows\System\brvPvni.exe
  C:\Windows\System\brvPvni.exe
  2⤵
  PID:4824
- C:\Windows\System\duzknqC.exe
  C:\Windows\System\duzknqC.exe
  2⤵
  PID:4904
- C:\Windows\System\qIyJanV.exe
  C:\Windows\System\qIyJanV.exe
  2⤵
  PID:3908
- C:\Windows\System\NipWYMO.exe
  C:\Windows\System\NipWYMO.exe
  2⤵
  PID:5072
- C:\Windows\System\DFAugVR.exe
  C:\Windows\System\DFAugVR.exe
  2⤵
  PID:3600
- C:\Windows\System\ETDnKye.exe
  C:\Windows\System\ETDnKye.exe
  2⤵
  PID:4100
- C:\Windows\System\REkyhTx.exe
  C:\Windows\System\REkyhTx.exe
  2⤵
  PID:4308
- C:\Windows\System\vXQWmhH.exe
  C:\Windows\System\vXQWmhH.exe
  2⤵
  PID:5132
- C:\Windows\System\XCJbKMx.exe
  C:\Windows\System\XCJbKMx.exe
  2⤵
  PID:5152
- C:\Windows\System\mKmzKwh.exe
  C:\Windows\System\mKmzKwh.exe
  2⤵
  PID:5172
- C:\Windows\System\fgJzbup.exe
  C:\Windows\System\fgJzbup.exe
  2⤵
  PID:5192
- C:\Windows\System\EEGXSCA.exe
  C:\Windows\System\EEGXSCA.exe
  2⤵
  PID:5208
- C:\Windows\System\YovsNSp.exe
  C:\Windows\System\YovsNSp.exe
  2⤵
  PID:5232
- C:\Windows\System\mTNCLLx.exe
  C:\Windows\System\mTNCLLx.exe
  2⤵
  PID:5252
- C:\Windows\System\RdgzadR.exe
  C:\Windows\System\RdgzadR.exe
  2⤵
  PID:5272
- C:\Windows\System\pXgbUaF.exe
  C:\Windows\System\pXgbUaF.exe
  2⤵
  PID:5288
- C:\Windows\System\uvHUhBY.exe
  C:\Windows\System\uvHUhBY.exe
  2⤵
  PID:5316
- C:\Windows\System\wSjTkkg.exe
  C:\Windows\System\wSjTkkg.exe
  2⤵
  PID:5336
- C:\Windows\System\pYpEqPC.exe
  C:\Windows\System\pYpEqPC.exe
  2⤵
  PID:5356
- C:\Windows\System\OgDjGep.exe
  C:\Windows\System\OgDjGep.exe
  2⤵
  PID:5376
- C:\Windows\System\tGxyIRr.exe
  C:\Windows\System\tGxyIRr.exe
  2⤵
  PID:5396
- C:\Windows\System\oJBkFdB.exe
  C:\Windows\System\oJBkFdB.exe
  2⤵
  PID:5416
- C:\Windows\System\lYHmbbA.exe
  C:\Windows\System\lYHmbbA.exe
  2⤵
  PID:5436
- C:\Windows\System\RaglGWh.exe
  C:\Windows\System\RaglGWh.exe
  2⤵
  PID:5456
- C:\Windows\System\vechoCn.exe
  C:\Windows\System\vechoCn.exe
  2⤵
  PID:5476
- C:\Windows\System\ieVAChu.exe
  C:\Windows\System\ieVAChu.exe
  2⤵
  PID:5496
- C:\Windows\System\xXjcUxX.exe
  C:\Windows\System\xXjcUxX.exe
  2⤵
  PID:5516
- C:\Windows\System\BDRVVeP.exe
  C:\Windows\System\BDRVVeP.exe
  2⤵
  PID:5544
- C:\Windows\System\tOGQJIN.exe
  C:\Windows\System\tOGQJIN.exe
  2⤵
  PID:5564
- C:\Windows\System\ulxrfPQ.exe
  C:\Windows\System\ulxrfPQ.exe
  2⤵
  PID:5584
- C:\Windows\System\sqdIYUz.exe
  C:\Windows\System\sqdIYUz.exe
  2⤵
  PID:5604
- C:\Windows\System\IslIzTJ.exe
  C:\Windows\System\IslIzTJ.exe
  2⤵
  PID:5624
- C:\Windows\System\JQDkZev.exe
  C:\Windows\System\JQDkZev.exe
  2⤵
  PID:5644
- C:\Windows\System\fbfVBjq.exe
  C:\Windows\System\fbfVBjq.exe
  2⤵
  PID:5664
- C:\Windows\System\RJmcLlW.exe
  C:\Windows\System\RJmcLlW.exe
  2⤵
  PID:5692
- C:\Windows\System\IKjLtjO.exe
  C:\Windows\System\IKjLtjO.exe
  2⤵
  PID:5708
- C:\Windows\System\dURAdAQ.exe
  C:\Windows\System\dURAdAQ.exe
  2⤵
  PID:5732
- C:\Windows\System\yNhRgzi.exe
  C:\Windows\System\yNhRgzi.exe
  2⤵
  PID:5752
- C:\Windows\System\roQxFTs.exe
  C:\Windows\System\roQxFTs.exe
  2⤵
  PID:5772
- C:\Windows\System\KsSGmIH.exe
  C:\Windows\System\KsSGmIH.exe
  2⤵
  PID:5792
- C:\Windows\System\WODXmpb.exe
  C:\Windows\System\WODXmpb.exe
  2⤵
  PID:5812
- C:\Windows\System\eRmSSVk.exe
  C:\Windows\System\eRmSSVk.exe
  2⤵
  PID:5832
- C:\Windows\System\DVNaiPF.exe
  C:\Windows\System\DVNaiPF.exe
  2⤵
  PID:5852
- C:\Windows\System\ZaSznat.exe
  C:\Windows\System\ZaSznat.exe
  2⤵
  PID:5872
- C:\Windows\System\IchEjoD.exe
  C:\Windows\System\IchEjoD.exe
  2⤵
  PID:5892
- C:\Windows\System\VcwhQBI.exe
  C:\Windows\System\VcwhQBI.exe
  2⤵
  PID:5912
- C:\Windows\System\hyThrnY.exe
  C:\Windows\System\hyThrnY.exe
  2⤵
  PID:5932
- C:\Windows\System\DdnzjPI.exe
  C:\Windows\System\DdnzjPI.exe
  2⤵
  PID:5952
- C:\Windows\System\oaJhmgA.exe
  C:\Windows\System\oaJhmgA.exe
  2⤵
  PID:5972
- C:\Windows\System\OTwZNFS.exe
  C:\Windows\System\OTwZNFS.exe
  2⤵
  PID:5992
- C:\Windows\System\XlXeEzX.exe
  C:\Windows\System\XlXeEzX.exe
  2⤵
  PID:6012
- C:\Windows\System\FIMDijl.exe
  C:\Windows\System\FIMDijl.exe
  2⤵
  PID:6032
- C:\Windows\System\XAbrBVB.exe
  C:\Windows\System\XAbrBVB.exe
  2⤵
  PID:6052
- C:\Windows\System\pkhVktg.exe
  C:\Windows\System\pkhVktg.exe
  2⤵
  PID:6072
- C:\Windows\System\PJDOtzh.exe
  C:\Windows\System\PJDOtzh.exe
  2⤵
  PID:6092
- C:\Windows\System\ojfVdGI.exe
  C:\Windows\System\ojfVdGI.exe
  2⤵
  PID:6112
- C:\Windows\System\xpgzCdZ.exe
  C:\Windows\System\xpgzCdZ.exe
  2⤵
  PID:6132
- C:\Windows\System\cTgGPCG.exe
  C:\Windows\System\cTgGPCG.exe
  2⤵
  PID:4348
- C:\Windows\System\PoQewkV.exe
  C:\Windows\System\PoQewkV.exe
  2⤵
  PID:4604
- C:\Windows\System\EsOICAt.exe
  C:\Windows\System\EsOICAt.exe
  2⤵
  PID:4724
- C:\Windows\System\kLbDIxH.exe
  C:\Windows\System\kLbDIxH.exe
  2⤵
  PID:3612
- C:\Windows\System\BRyYVbT.exe
  C:\Windows\System\BRyYVbT.exe
  2⤵
  PID:4828
- C:\Windows\System\vCYmskk.exe
  C:\Windows\System\vCYmskk.exe
  2⤵
  PID:4104
- C:\Windows\System\rfhalLW.exe
  C:\Windows\System\rfhalLW.exe
  2⤵
  PID:4224
- C:\Windows\System\WnCIzAS.exe
  C:\Windows\System\WnCIzAS.exe
  2⤵
  PID:5144
- C:\Windows\System\GWaqyru.exe
  C:\Windows\System\GWaqyru.exe
  2⤵
  PID:5160
- C:\Windows\System\veIwQPk.exe
  C:\Windows\System\veIwQPk.exe
  2⤵
  PID:5168
- C:\Windows\System\KBmIHKV.exe
  C:\Windows\System\KBmIHKV.exe
  2⤵
  PID:5204
- C:\Windows\System\HKDPgLc.exe
  C:\Windows\System\HKDPgLc.exe
  2⤵
  PID:5244
- C:\Windows\System\LHgfLfE.exe
  C:\Windows\System\LHgfLfE.exe
  2⤵
  PID:5308
- C:\Windows\System\mDmvHXN.exe
  C:\Windows\System\mDmvHXN.exe
  2⤵
  PID:5332
- C:\Windows\System\sjcdrls.exe
  C:\Windows\System\sjcdrls.exe
  2⤵
  PID:5364
- C:\Windows\System\qHBiFYm.exe
  C:\Windows\System\qHBiFYm.exe
  2⤵
  PID:5404
- C:\Windows\System\nFJqtmW.exe
  C:\Windows\System\nFJqtmW.exe
  2⤵
  PID:5428
- C:\Windows\System\jDsQbeC.exe
  C:\Windows\System\jDsQbeC.exe
  2⤵
  PID:5512
- C:\Windows\System\kJPMbRM.exe
  C:\Windows\System\kJPMbRM.exe
  2⤵
  PID:5444
- C:\Windows\System\wuBwkQJ.exe
  C:\Windows\System\wuBwkQJ.exe
  2⤵
  PID:5488
- C:\Windows\System\XdZtxkD.exe
  C:\Windows\System\XdZtxkD.exe
  2⤵
  PID:5600
- C:\Windows\System\VWgADhh.exe
  C:\Windows\System\VWgADhh.exe
  2⤵
  PID:5672
- C:\Windows\System\MoGFLld.exe
  C:\Windows\System\MoGFLld.exe
  2⤵
  PID:5612
- C:\Windows\System\axZABpZ.exe
  C:\Windows\System\axZABpZ.exe
  2⤵
  PID:5656
- C:\Windows\System\KmxWeKP.exe
  C:\Windows\System\KmxWeKP.exe
  2⤵
  PID:5700
- C:\Windows\System\CDVOWEV.exe
  C:\Windows\System\CDVOWEV.exe
  2⤵
  PID:5768
- C:\Windows\System\ZZxNRHq.exe
  C:\Windows\System\ZZxNRHq.exe
  2⤵
  PID:5780
- C:\Windows\System\oulWWCn.exe
  C:\Windows\System\oulWWCn.exe
  2⤵
  PID:5828
- C:\Windows\System\KAvtmmf.exe
  C:\Windows\System\KAvtmmf.exe
  2⤵
  PID:5860
- C:\Windows\System\bHgwAEO.exe
  C:\Windows\System\bHgwAEO.exe
  2⤵
  PID:5864
- C:\Windows\System\wTdybXJ.exe
  C:\Windows\System\wTdybXJ.exe
  2⤵
  PID:5908
- C:\Windows\System\KUqKeIJ.exe
  C:\Windows\System\KUqKeIJ.exe
  2⤵
  PID:5940
- C:\Windows\System\iuUulBn.exe
  C:\Windows\System\iuUulBn.exe
  2⤵
  PID:6008
- C:\Windows\System\aMBcgnJ.exe
  C:\Windows\System\aMBcgnJ.exe
  2⤵
  PID:6040
- C:\Windows\System\umqluvM.exe
  C:\Windows\System\umqluvM.exe
  2⤵
  PID:6080
- C:\Windows\System\vFgvszX.exe
  C:\Windows\System\vFgvszX.exe
  2⤵
  PID:6064
- C:\Windows\System\oPXvzlb.exe
  C:\Windows\System\oPXvzlb.exe
  2⤵
  PID:6108
- C:\Windows\System\iYVEaSa.exe
  C:\Windows\System\iYVEaSa.exe
  2⤵
  PID:6140
- C:\Windows\System\tFHgmjX.exe
  C:\Windows\System\tFHgmjX.exe
  2⤵
  PID:4884
- C:\Windows\System\UxWpVJo.exe
  C:\Windows\System\UxWpVJo.exe
  2⤵
  PID:4220
- C:\Windows\System\sVzEaQs.exe
  C:\Windows\System\sVzEaQs.exe
  2⤵
  PID:5528
- C:\Windows\System\ECvJLRN.exe
  C:\Windows\System\ECvJLRN.exe
  2⤵
  PID:4180
- C:\Windows\System\vXvmaCr.exe
  C:\Windows\System\vXvmaCr.exe
  2⤵
  PID:2888
- C:\Windows\System\SkkueCl.exe
  C:\Windows\System\SkkueCl.exe
  2⤵
  PID:5260
- C:\Windows\System\iGuohap.exe
  C:\Windows\System\iGuohap.exe
  2⤵
  PID:2772
- C:\Windows\System\YZjSkGT.exe
  C:\Windows\System\YZjSkGT.exe
  2⤵
  PID:2152
- C:\Windows\System\lsNPuxc.exe
  C:\Windows\System\lsNPuxc.exe
  2⤵
  PID:2712
- C:\Windows\System\KzdPXub.exe
  C:\Windows\System\KzdPXub.exe
  2⤵
  PID:5388
- C:\Windows\System\JRnwcsl.exe
  C:\Windows\System\JRnwcsl.exe
  2⤵
  PID:5472
- C:\Windows\System\QZYXnxT.exe
  C:\Windows\System\QZYXnxT.exe
  2⤵
  PID:5556
- C:\Windows\System\FIAsRnq.exe
  C:\Windows\System\FIAsRnq.exe
  2⤵
  PID:2672
- C:\Windows\System\qOWQeub.exe
  C:\Windows\System\qOWQeub.exe
  2⤵
  PID:5640
- C:\Windows\System\sBWxEqC.exe
  C:\Windows\System\sBWxEqC.exe
  2⤵
  PID:5576
- C:\Windows\System\DvqVHQE.exe
  C:\Windows\System\DvqVHQE.exe
  2⤵
  PID:5724
- C:\Windows\System\LEpGvxx.exe
  C:\Windows\System\LEpGvxx.exe
  2⤵
  PID:5804
- C:\Windows\System\HRDhCiz.exe
  C:\Windows\System\HRDhCiz.exe
  2⤵
  PID:5848
- C:\Windows\System\huPRVSL.exe
  C:\Windows\System\huPRVSL.exe
  2⤵
  PID:5844
- C:\Windows\System\ySlBfoq.exe
  C:\Windows\System\ySlBfoq.exe
  2⤵
  PID:5900
- C:\Windows\System\aQwCIVt.exe
  C:\Windows\System\aQwCIVt.exe
  2⤵
  PID:5980
- C:\Windows\System\fWUEsNr.exe
  C:\Windows\System\fWUEsNr.exe
  2⤵
  PID:6044
- C:\Windows\System\blDivIe.exe
  C:\Windows\System\blDivIe.exe
  2⤵
  PID:6028
- C:\Windows\System\dLhpcia.exe
  C:\Windows\System\dLhpcia.exe
  2⤵
  PID:6100
- C:\Windows\System\NcSceNP.exe
  C:\Windows\System\NcSceNP.exe
  2⤵
  PID:3368
- C:\Windows\System\FGASKDO.exe
  C:\Windows\System\FGASKDO.exe
  2⤵
  PID:4932
- C:\Windows\System\msiiGPP.exe
  C:\Windows\System\msiiGPP.exe
  2⤵
  PID:5128
- C:\Windows\System\kuWWxkQ.exe
  C:\Windows\System\kuWWxkQ.exe
  2⤵
  PID:5200
- C:\Windows\System\tczfzrk.exe
  C:\Windows\System\tczfzrk.exe
  2⤵
  PID:5304
- C:\Windows\System\kzpQrty.exe
  C:\Windows\System\kzpQrty.exe
  2⤵
  PID:5372
- C:\Windows\System\Eraectl.exe
  C:\Windows\System\Eraectl.exe
  2⤵
  PID:5408
- C:\Windows\System\AUUcxvr.exe
  C:\Windows\System\AUUcxvr.exe
  2⤵
  PID:5560
- C:\Windows\System\IfvqNGh.exe
  C:\Windows\System\IfvqNGh.exe
  2⤵
  PID:2788
- C:\Windows\System\oSdhEaI.exe
  C:\Windows\System\oSdhEaI.exe
  2⤵
  PID:5616
- C:\Windows\System\nITBwfT.exe
  C:\Windows\System\nITBwfT.exe
  2⤵
  PID:5652
- C:\Windows\System\sayvjIZ.exe
  C:\Windows\System\sayvjIZ.exe
  2⤵
  PID:5740
- C:\Windows\System\WeMavVl.exe
  C:\Windows\System\WeMavVl.exe
  2⤵
  PID:5968
- C:\Windows\System\sBkCfpj.exe
  C:\Windows\System\sBkCfpj.exe
  2⤵
  PID:5984
- C:\Windows\System\yNpicxA.exe
  C:\Windows\System\yNpicxA.exe
  2⤵
  PID:5760
- C:\Windows\System\LDaVUtl.exe
  C:\Windows\System\LDaVUtl.exe
  2⤵
  PID:6128
- C:\Windows\System\OnPhbQI.exe
  C:\Windows\System\OnPhbQI.exe
  2⤵
  PID:4428
- C:\Windows\System\nvwcdqq.exe
  C:\Windows\System\nvwcdqq.exe
  2⤵
  PID:2940
- C:\Windows\System\dJdnrrj.exe
  C:\Windows\System\dJdnrrj.exe
  2⤵
  PID:572
- C:\Windows\System\zUDwRed.exe
  C:\Windows\System\zUDwRed.exe
  2⤵
  PID:5300
- C:\Windows\System\IpBYSJS.exe
  C:\Windows\System\IpBYSJS.exe
  2⤵
  PID:2776
- C:\Windows\System\ZIRalot.exe
  C:\Windows\System\ZIRalot.exe
  2⤵
  PID:1516
- C:\Windows\System\oJFiktg.exe
  C:\Windows\System\oJFiktg.exe
  2⤵
  PID:5492
- C:\Windows\System\HELXqnB.exe
  C:\Windows\System\HELXqnB.exe
  2⤵
  PID:5744
- C:\Windows\System\sptRQXI.exe
  C:\Windows\System\sptRQXI.exe
  2⤵
  PID:5888
- C:\Windows\System\tJicdhd.exe
  C:\Windows\System\tJicdhd.exe
  2⤵
  PID:2140
- C:\Windows\System\pAeXkfN.exe
  C:\Windows\System\pAeXkfN.exe
  2⤵
  PID:5944
- C:\Windows\System\WIBuHin.exe
  C:\Windows\System\WIBuHin.exe
  2⤵
  PID:4564
- C:\Windows\System\YFCOmZl.exe
  C:\Windows\System\YFCOmZl.exe
  2⤵
  PID:5140
- C:\Windows\System\NucFqiK.exe
  C:\Windows\System\NucFqiK.exe
  2⤵
  PID:5228
- C:\Windows\System\UPtlVMW.exe
  C:\Windows\System\UPtlVMW.exe
  2⤵
  PID:5504
- C:\Windows\System\mbPQVbQ.exe
  C:\Windows\System\mbPQVbQ.exe
  2⤵
  PID:5728
- C:\Windows\System\gFXMgEU.exe
  C:\Windows\System\gFXMgEU.exe
  2⤵
  PID:5572
- C:\Windows\System\LZjGkGK.exe
  C:\Windows\System\LZjGkGK.exe
  2⤵
  PID:1052
- C:\Windows\System\efZxMof.exe
  C:\Windows\System\efZxMof.exe
  2⤵
  PID:6060
- C:\Windows\System\bnfIxZm.exe
  C:\Windows\System\bnfIxZm.exe
  2⤵
  PID:4628
- C:\Windows\System\jPOkXVY.exe
  C:\Windows\System\jPOkXVY.exe
  2⤵
  PID:1264
- C:\Windows\System\PUtfrcW.exe
  C:\Windows\System\PUtfrcW.exe
  2⤵
  PID:472
- C:\Windows\System\gUtvsjg.exe
  C:\Windows\System\gUtvsjg.exe
  2⤵
  PID:5468
- C:\Windows\System\enkViqF.exe
  C:\Windows\System\enkViqF.exe
  2⤵
  PID:1524
- C:\Windows\System\HzCxfNQ.exe
  C:\Windows\System\HzCxfNQ.exe
  2⤵
  PID:404
- C:\Windows\System\uaMFLWX.exe
  C:\Windows\System\uaMFLWX.exe
  2⤵
  PID:5868
- C:\Windows\System\fNhYynH.exe
  C:\Windows\System\fNhYynH.exe
  2⤵
  PID:1900
- C:\Windows\System\GarKYSN.exe
  C:\Windows\System\GarKYSN.exe
  2⤵
  PID:876
- C:\Windows\System\xgiadVv.exe
  C:\Windows\System\xgiadVv.exe
  2⤵
  PID:772
- C:\Windows\System\HsWyyLq.exe
  C:\Windows\System\HsWyyLq.exe
  2⤵
  PID:520
- C:\Windows\System\sSbUgee.exe
  C:\Windows\System\sSbUgee.exe
  2⤵
  PID:2600
- C:\Windows\System\rMQNLMp.exe
  C:\Windows\System\rMQNLMp.exe
  2⤵
  PID:4168
- C:\Windows\System\qlCuCdF.exe
  C:\Windows\System\qlCuCdF.exe
  2⤵
  PID:1736
- C:\Windows\System\qqHYKEu.exe
  C:\Windows\System\qqHYKEu.exe
  2⤵
  PID:1720
- C:\Windows\System\OhLIlHn.exe
  C:\Windows\System\OhLIlHn.exe
  2⤵
  PID:2580
- C:\Windows\System\TUrbKgM.exe
  C:\Windows\System\TUrbKgM.exe
  2⤵
  PID:2636
- C:\Windows\System\JdKFHBJ.exe
  C:\Windows\System\JdKFHBJ.exe
  2⤵
  PID:6148
- C:\Windows\System\WFFkDoK.exe
  C:\Windows\System\WFFkDoK.exe
  2⤵
  PID:6168
- C:\Windows\System\nIpZakt.exe
  C:\Windows\System\nIpZakt.exe
  2⤵
  PID:6188
- C:\Windows\System\XxjqmwA.exe
  C:\Windows\System\XxjqmwA.exe
  2⤵
  PID:6216
- C:\Windows\System\oIGmuiT.exe
  C:\Windows\System\oIGmuiT.exe
  2⤵
  PID:6232
- C:\Windows\System\qrBRrwv.exe
  C:\Windows\System\qrBRrwv.exe
  2⤵
  PID:6256
- C:\Windows\System\ICdntqL.exe
  C:\Windows\System\ICdntqL.exe
  2⤵
  PID:6276
- C:\Windows\System\zfYvbbC.exe
  C:\Windows\System\zfYvbbC.exe
  2⤵
  PID:6292
- C:\Windows\System\ejQtnvb.exe
  C:\Windows\System\ejQtnvb.exe
  2⤵
  PID:6320
- C:\Windows\System\IQcEGRc.exe
  C:\Windows\System\IQcEGRc.exe
  2⤵
  PID:6336
- C:\Windows\System\EtNeaID.exe
  C:\Windows\System\EtNeaID.exe
  2⤵
  PID:6356
- C:\Windows\System\lBWVXFK.exe
  C:\Windows\System\lBWVXFK.exe
  2⤵
  PID:6384
- C:\Windows\System\oaYiCXT.exe
  C:\Windows\System\oaYiCXT.exe
  2⤵
  PID:6400
- C:\Windows\System\AmckbqB.exe
  C:\Windows\System\AmckbqB.exe
  2⤵
  PID:6420
- C:\Windows\System\FNiwoDH.exe
  C:\Windows\System\FNiwoDH.exe
  2⤵
  PID:6436
- C:\Windows\System\IiYteFW.exe
  C:\Windows\System\IiYteFW.exe
  2⤵
  PID:6452
- C:\Windows\System\RjwjiDN.exe
  C:\Windows\System\RjwjiDN.exe
  2⤵
  PID:6472
- C:\Windows\System\mrAbyIB.exe
  C:\Windows\System\mrAbyIB.exe
  2⤵
  PID:6488
- C:\Windows\System\mnPvgEN.exe
  C:\Windows\System\mnPvgEN.exe
  2⤵
  PID:6504
- C:\Windows\System\CMeYhoi.exe
  C:\Windows\System\CMeYhoi.exe
  2⤵
  PID:6524
- C:\Windows\System\WHvQMsx.exe
  C:\Windows\System\WHvQMsx.exe
  2⤵
  PID:6544
- C:\Windows\System\FIsJOkU.exe
  C:\Windows\System\FIsJOkU.exe
  2⤵
  PID:6568
- C:\Windows\System\Khufuej.exe
  C:\Windows\System\Khufuej.exe
  2⤵
  PID:6584
- C:\Windows\System\jVYljpA.exe
  C:\Windows\System\jVYljpA.exe
  2⤵
  PID:6624
- C:\Windows\System\qJuXQcA.exe
  C:\Windows\System\qJuXQcA.exe
  2⤵
  PID:6640
- C:\Windows\System\DvTbghX.exe
  C:\Windows\System\DvTbghX.exe
  2⤵
  PID:6656
- C:\Windows\System\IiiJLPC.exe
  C:\Windows\System\IiiJLPC.exe
  2⤵
  PID:6672
- C:\Windows\System\GcohgGO.exe
  C:\Windows\System\GcohgGO.exe
  2⤵
  PID:6688
- C:\Windows\System\pdjnutF.exe
  C:\Windows\System\pdjnutF.exe
  2⤵
  PID:6704
- C:\Windows\System\oqoeKYk.exe
  C:\Windows\System\oqoeKYk.exe
  2⤵
  PID:6720
- C:\Windows\System\saIOYrY.exe
  C:\Windows\System\saIOYrY.exe
  2⤵
  PID:6736
- C:\Windows\System\LMiAIem.exe
  C:\Windows\System\LMiAIem.exe
  2⤵
  PID:6752
- C:\Windows\System\DvnVxJz.exe
  C:\Windows\System\DvnVxJz.exe
  2⤵
  PID:6768
- C:\Windows\System\jHPGyWQ.exe
  C:\Windows\System\jHPGyWQ.exe
  2⤵
  PID:6784
- C:\Windows\System\QPxYQvO.exe
  C:\Windows\System\QPxYQvO.exe
  2⤵
  PID:6800
- C:\Windows\System\hSTjtca.exe
  C:\Windows\System\hSTjtca.exe
  2⤵
  PID:6816
- C:\Windows\System\ygzCJHs.exe
  C:\Windows\System\ygzCJHs.exe
  2⤵
  PID:6832
- C:\Windows\System\rVhHLFS.exe
  C:\Windows\System\rVhHLFS.exe
  2⤵
  PID:6880
- C:\Windows\System\laBdFKg.exe
  C:\Windows\System\laBdFKg.exe
  2⤵
  PID:6908
- C:\Windows\System\pIxTCpH.exe
  C:\Windows\System\pIxTCpH.exe
  2⤵
  PID:6948
- C:\Windows\System\FXsffry.exe
  C:\Windows\System\FXsffry.exe
  2⤵
  PID:6964
- C:\Windows\System\yfcNKZK.exe
  C:\Windows\System\yfcNKZK.exe
  2⤵
  PID:6980
- C:\Windows\System\ETnttCA.exe
  C:\Windows\System\ETnttCA.exe
  2⤵
  PID:7000
- C:\Windows\System\eQNptMn.exe
  C:\Windows\System\eQNptMn.exe
  2⤵
  PID:7024
- C:\Windows\System\ZUcRAzY.exe
  C:\Windows\System\ZUcRAzY.exe
  2⤵
  PID:7040
- C:\Windows\System\osBWgVs.exe
  C:\Windows\System\osBWgVs.exe
  2⤵
  PID:7068
- C:\Windows\System\ApQuqdn.exe
  C:\Windows\System\ApQuqdn.exe
  2⤵
  PID:7096
- C:\Windows\System\fJxvEgl.exe
  C:\Windows\System\fJxvEgl.exe
  2⤵
  PID:7116
- C:\Windows\System\uPgAufK.exe
  C:\Windows\System\uPgAufK.exe
  2⤵
  PID:7140
- C:\Windows\System\jdfRMUV.exe
  C:\Windows\System\jdfRMUV.exe
  2⤵
  PID:6156
- C:\Windows\System\ATjWjWQ.exe
  C:\Windows\System\ATjWjWQ.exe
  2⤵
  PID:6196
- C:\Windows\System\mSRLmhE.exe
  C:\Windows\System\mSRLmhE.exe
  2⤵
  PID:2760
- C:\Windows\System\pqfMPCO.exe
  C:\Windows\System\pqfMPCO.exe
  2⤵
  PID:6240
- C:\Windows\System\nYcueCE.exe
  C:\Windows\System\nYcueCE.exe
  2⤵
  PID:1492
- C:\Windows\System\SpFSkFh.exe
  C:\Windows\System\SpFSkFh.exe
  2⤵
  PID:6180
- C:\Windows\System\jgzGHUD.exe
  C:\Windows\System\jgzGHUD.exe
  2⤵
  PID:6272
- C:\Windows\System\aOidsYV.exe
  C:\Windows\System\aOidsYV.exe
  2⤵
  PID:6332
- C:\Windows\System\OGiYWWY.exe
  C:\Windows\System\OGiYWWY.exe
  2⤵
  PID:6312
- C:\Windows\System\hlcfjGJ.exe
  C:\Windows\System\hlcfjGJ.exe
  2⤵
  PID:6344
- C:\Windows\System\ubalUoc.exe
  C:\Windows\System\ubalUoc.exe
  2⤵
  PID:6408
- C:\Windows\System\PfpzlHS.exe
  C:\Windows\System\PfpzlHS.exe
  2⤵
  PID:6448
- C:\Windows\System\UsQYiWn.exe
  C:\Windows\System\UsQYiWn.exe
  2⤵
  PID:6376
- C:\Windows\System\YeYVmUc.exe
  C:\Windows\System\YeYVmUc.exe
  2⤵
  PID:6592
- C:\Windows\System\ulCHZfW.exe
  C:\Windows\System\ulCHZfW.exe
  2⤵
  PID:6536
- C:\Windows\System\LMkBTIT.exe
  C:\Windows\System\LMkBTIT.exe
  2⤵
  PID:6540
- C:\Windows\System\Xwefgcy.exe
  C:\Windows\System\Xwefgcy.exe
  2⤵
  PID:6620
- C:\Windows\System\YOHkECf.exe
  C:\Windows\System\YOHkECf.exe
  2⤵
  PID:6728
- C:\Windows\System\scvdAWh.exe
  C:\Windows\System\scvdAWh.exe
  2⤵
  PID:6792
- C:\Windows\System\KoxwRSo.exe
  C:\Windows\System\KoxwRSo.exe
  2⤵
  PID:6700
- C:\Windows\System\rfLURfK.exe
  C:\Windows\System\rfLURfK.exe
  2⤵
  PID:6648
- C:\Windows\System\RKVmXsU.exe
  C:\Windows\System\RKVmXsU.exe
  2⤵
  PID:6716
- C:\Windows\System\EWuVspl.exe
  C:\Windows\System\EWuVspl.exe
  2⤵
  PID:6888
- C:\Windows\System\xlDkbVP.exe
  C:\Windows\System\xlDkbVP.exe
  2⤵
  PID:6856
- C:\Windows\System\iQZoXXq.exe
  C:\Windows\System\iQZoXXq.exe
  2⤵
  PID:6680
- C:\Windows\System\oLrufRZ.exe
  C:\Windows\System\oLrufRZ.exe
  2⤵
  PID:6924
- C:\Windows\System\WsIzwOz.exe
  C:\Windows\System\WsIzwOz.exe
  2⤵
  PID:6944
- C:\Windows\System\AdotCvL.exe
  C:\Windows\System\AdotCvL.exe
  2⤵
  PID:7012
- C:\Windows\System\WxEmBpv.exe
  C:\Windows\System\WxEmBpv.exe
  2⤵
  PID:6996
- C:\Windows\System\xLkchab.exe
  C:\Windows\System\xLkchab.exe
  2⤵
  PID:7104
- C:\Windows\System\EVOkNWu.exe
  C:\Windows\System\EVOkNWu.exe
  2⤵
  PID:7108
- C:\Windows\System\QIVKRgs.exe
  C:\Windows\System\QIVKRgs.exe
  2⤵
  PID:7084
- C:\Windows\System\xTOwbpj.exe
  C:\Windows\System\xTOwbpj.exe
  2⤵
  PID:7164
- C:\Windows\System\HNXEJvP.exe
  C:\Windows\System\HNXEJvP.exe
  2⤵
  PID:6244
- C:\Windows\System\VTWWkca.exe
  C:\Windows\System\VTWWkca.exe
  2⤵
  PID:5688
- C:\Windows\System\pgtjuok.exe
  C:\Windows\System\pgtjuok.exe
  2⤵
  PID:6268
- C:\Windows\System\mMzVewK.exe
  C:\Windows\System\mMzVewK.exe
  2⤵
  PID:6212
- C:\Windows\System\ykPRmDo.exe
  C:\Windows\System\ykPRmDo.exe
  2⤵
  PID:6396
- C:\Windows\System\KPDbwTC.exe
  C:\Windows\System\KPDbwTC.exe
  2⤵
  PID:6432
- C:\Windows\System\xboMGQR.exe
  C:\Windows\System\xboMGQR.exe
  2⤵
  PID:6176
- C:\Windows\System\KPoxBfG.exe
  C:\Windows\System\KPoxBfG.exe
  2⤵
  PID:6368
- C:\Windows\System\FqrAHtL.exe
  C:\Windows\System\FqrAHtL.exe
  2⤵
  PID:6464
- C:\Windows\System\Ptcuben.exe
  C:\Windows\System\Ptcuben.exe
  2⤵
  PID:6520
- C:\Windows\System\hzliRxm.exe
  C:\Windows\System\hzliRxm.exe
  2⤵
  PID:6564
- C:\Windows\System\JLwQweQ.exe
  C:\Windows\System\JLwQweQ.exe
  2⤵
  PID:6608
- C:\Windows\System\RXpqEZq.exe
  C:\Windows\System\RXpqEZq.exe
  2⤵
  PID:6828
- C:\Windows\System\tLFYEAO.exe
  C:\Windows\System\tLFYEAO.exe
  2⤵
  PID:6776
- C:\Windows\System\lUxBSpd.exe
  C:\Windows\System\lUxBSpd.exe
  2⤵
  PID:6636
- C:\Windows\System\WzfrKfY.exe
  C:\Windows\System\WzfrKfY.exe
  2⤵
  PID:6876
- C:\Windows\System\LtKVuJv.exe
  C:\Windows\System\LtKVuJv.exe
  2⤵
  PID:6840
- C:\Windows\System\NBqNnUW.exe
  C:\Windows\System\NBqNnUW.exe
  2⤵
  PID:6900
- C:\Windows\System\gmLhtCw.exe
  C:\Windows\System\gmLhtCw.exe
  2⤵
  PID:6696
- C:\Windows\System\sufeazW.exe
  C:\Windows\System\sufeazW.exe
  2⤵
  PID:6976
- C:\Windows\System\XopRKYj.exe
  C:\Windows\System\XopRKYj.exe
  2⤵
  PID:5684
- C:\Windows\System\wGafdcV.exe
  C:\Windows\System\wGafdcV.exe
  2⤵
  PID:6632
- C:\Windows\System\OEeAaGa.exe
  C:\Windows\System\OEeAaGa.exe
  2⤵
  PID:6936
- C:\Windows\System\hFbyVmx.exe
  C:\Windows\System\hFbyVmx.exe
  2⤵
  PID:6988
- C:\Windows\System\QnFFjNY.exe
  C:\Windows\System\QnFFjNY.exe
  2⤵
  PID:7020
- C:\Windows\System\wFYoIMO.exe
  C:\Windows\System\wFYoIMO.exe
  2⤵
  PID:7136
- C:\Windows\System\gjPCDwM.exe
  C:\Windows\System\gjPCDwM.exe
  2⤵
  PID:6992
- C:\Windows\System\cmzOkld.exe
  C:\Windows\System\cmzOkld.exe
  2⤵
  PID:6288
- C:\Windows\System\msmhadQ.exe
  C:\Windows\System\msmhadQ.exe
  2⤵
  PID:6560
- C:\Windows\System\mhvqLnC.exe
  C:\Windows\System\mhvqLnC.exe
  2⤵
  PID:6444
- C:\Windows\System\ZxFiamG.exe
  C:\Windows\System\ZxFiamG.exe
  2⤵
  PID:7076
- C:\Windows\System\JKwwFbs.exe
  C:\Windows\System\JKwwFbs.exe
  2⤵
  PID:6500
- C:\Windows\System\TlKVSuN.exe
  C:\Windows\System\TlKVSuN.exe
  2⤵
  PID:6664
- C:\Windows\System\wmYfweI.exe
  C:\Windows\System\wmYfweI.exe
  2⤵
  PID:6416
- C:\Windows\System\JRewzaQ.exe
  C:\Windows\System\JRewzaQ.exe
  2⤵
  PID:6920
- C:\Windows\System\jafxiIj.exe
  C:\Windows\System\jafxiIj.exe
  2⤵
  PID:7148
- C:\Windows\System\rGQVuKQ.exe
  C:\Windows\System\rGQVuKQ.exe
  2⤵
  PID:7056
- C:\Windows\System\vhkGPWU.exe
  C:\Windows\System\vhkGPWU.exe
  2⤵
  PID:6512
- C:\Windows\System\uUKPxot.exe
  C:\Windows\System\uUKPxot.exe
  2⤵
  PID:6684
- C:\Windows\System\mHgHYYm.exe
  C:\Windows\System\mHgHYYm.exe
  2⤵
  PID:6872
- C:\Windows\System\KSSSMPH.exe
  C:\Windows\System\KSSSMPH.exe
  2⤵
  PID:6960
- C:\Windows\System\HesslPS.exe
  C:\Windows\System\HesslPS.exe
  2⤵
  PID:6308
- C:\Windows\System\alHJWhT.exe
  C:\Windows\System\alHJWhT.exe
  2⤵
  PID:6372
- C:\Windows\System\aEazeYH.exe
  C:\Windows\System\aEazeYH.exe
  2⤵
  PID:7172
- C:\Windows\System\LYQgVkS.exe
  C:\Windows\System\LYQgVkS.exe
  2⤵
  PID:7188
- C:\Windows\System\siCnySe.exe
  C:\Windows\System\siCnySe.exe
  2⤵
  PID:7204
- C:\Windows\System\sKHRdLS.exe
  C:\Windows\System\sKHRdLS.exe
  2⤵
  PID:7220
- C:\Windows\System\JQJqjiG.exe
  C:\Windows\System\JQJqjiG.exe
  2⤵
  PID:7244
- C:\Windows\System\tfCvsFr.exe
  C:\Windows\System\tfCvsFr.exe
  2⤵
  PID:7284
- C:\Windows\System\GnYuSDR.exe
  C:\Windows\System\GnYuSDR.exe
  2⤵
  PID:7308
- C:\Windows\System\dSeISky.exe
  C:\Windows\System\dSeISky.exe
  2⤵
  PID:7324
- C:\Windows\System\UiZakDS.exe
  C:\Windows\System\UiZakDS.exe
  2⤵
  PID:7344
- C:\Windows\System\HnvbRSB.exe
  C:\Windows\System\HnvbRSB.exe
  2⤵
  PID:7360
- C:\Windows\System\cIdfSNi.exe
  C:\Windows\System\cIdfSNi.exe
  2⤵
  PID:7376
- C:\Windows\System\PJjnoBe.exe
  C:\Windows\System\PJjnoBe.exe
  2⤵
  PID:7392
- C:\Windows\System\xwNHXnQ.exe
  C:\Windows\System\xwNHXnQ.exe
  2⤵
  PID:7408
- C:\Windows\System\sDmeBiC.exe
  C:\Windows\System\sDmeBiC.exe
  2⤵
  PID:7424
- C:\Windows\System\kUljtZX.exe
  C:\Windows\System\kUljtZX.exe
  2⤵
  PID:7440
- C:\Windows\System\dhiZoGL.exe
  C:\Windows\System\dhiZoGL.exe
  2⤵
  PID:7456
- C:\Windows\System\kCgDgVn.exe
  C:\Windows\System\kCgDgVn.exe
  2⤵
  PID:7472
- C:\Windows\System\vCxtpLE.exe
  C:\Windows\System\vCxtpLE.exe
  2⤵
  PID:7488
- C:\Windows\System\CPtXlEM.exe
  C:\Windows\System\CPtXlEM.exe
  2⤵
  PID:7504
- C:\Windows\System\iUupBZd.exe
  C:\Windows\System\iUupBZd.exe
  2⤵
  PID:7520
- C:\Windows\System\pYGOTib.exe
  C:\Windows\System\pYGOTib.exe
  2⤵
  PID:7540
- C:\Windows\System\EPYRjHo.exe
  C:\Windows\System\EPYRjHo.exe
  2⤵
  PID:7556
- C:\Windows\System\iEIRSTV.exe
  C:\Windows\System\iEIRSTV.exe
  2⤵
  PID:7584
- C:\Windows\System\lZuhPTc.exe
  C:\Windows\System\lZuhPTc.exe
  2⤵
  PID:7600
- C:\Windows\System\tvKNmLG.exe
  C:\Windows\System\tvKNmLG.exe
  2⤵
  PID:7628
- C:\Windows\System\ornWuHl.exe
  C:\Windows\System\ornWuHl.exe
  2⤵
  PID:7644
- C:\Windows\System\TXWpXKF.exe
  C:\Windows\System\TXWpXKF.exe
  2⤵
  PID:7660
- C:\Windows\System\rIycZpk.exe
  C:\Windows\System\rIycZpk.exe
  2⤵
  PID:7676
- C:\Windows\System\OjThmBy.exe
  C:\Windows\System\OjThmBy.exe
  2⤵
  PID:7700
- C:\Windows\System\JUEHIZJ.exe
  C:\Windows\System\JUEHIZJ.exe
  2⤵
  PID:7724
- C:\Windows\System\YKCByMb.exe
  C:\Windows\System\YKCByMb.exe
  2⤵
  PID:7740
- C:\Windows\System\CeaHyzz.exe
  C:\Windows\System\CeaHyzz.exe
  2⤵
  PID:7756
- C:\Windows\System\EvodMln.exe
  C:\Windows\System\EvodMln.exe
  2⤵
  PID:7772
- C:\Windows\System\KdLYveX.exe
  C:\Windows\System\KdLYveX.exe
  2⤵
  PID:7788
- C:\Windows\System\yhAYVuQ.exe
  C:\Windows\System\yhAYVuQ.exe
  2⤵
  PID:7804
- C:\Windows\System\KvkMwbK.exe
  C:\Windows\System\KvkMwbK.exe
  2⤵
  PID:7820
- C:\Windows\System\OQBWeDg.exe
  C:\Windows\System\OQBWeDg.exe
  2⤵
  PID:7836
- C:\Windows\System\xtaWEZK.exe
  C:\Windows\System\xtaWEZK.exe
  2⤵
  PID:7852
- C:\Windows\System\lFOkQCe.exe
  C:\Windows\System\lFOkQCe.exe
  2⤵
  PID:7868
- C:\Windows\System\oqBpgHg.exe
  C:\Windows\System\oqBpgHg.exe
  2⤵
  PID:7888
- C:\Windows\System\YjZNBds.exe
  C:\Windows\System\YjZNBds.exe
  2⤵
  PID:7904
- C:\Windows\System\hbMzlZa.exe
  C:\Windows\System\hbMzlZa.exe
  2⤵
  PID:7920
- C:\Windows\System\FPfieUV.exe
  C:\Windows\System\FPfieUV.exe
  2⤵
  PID:7936
- C:\Windows\System\pjYAZOT.exe
  C:\Windows\System\pjYAZOT.exe
  2⤵
  PID:7952
- C:\Windows\System\hnPKjih.exe
  C:\Windows\System\hnPKjih.exe
  2⤵
  PID:7968
- C:\Windows\System\btoZNgO.exe
  C:\Windows\System\btoZNgO.exe
  2⤵
  PID:7984
- C:\Windows\System\uXyADPU.exe
  C:\Windows\System\uXyADPU.exe
  2⤵
  PID:8000
- C:\Windows\System\jTcuBog.exe
  C:\Windows\System\jTcuBog.exe
  2⤵
  PID:8016
- C:\Windows\System\rCNFWxw.exe
  C:\Windows\System\rCNFWxw.exe
  2⤵
  PID:8032
- C:\Windows\System\uXRZesU.exe
  C:\Windows\System\uXRZesU.exe
  2⤵
  PID:8048
- C:\Windows\System\QsqMzvF.exe
  C:\Windows\System\QsqMzvF.exe
  2⤵
  PID:8064
- C:\Windows\System\fSStzJc.exe
  C:\Windows\System\fSStzJc.exe
  2⤵
  PID:8080
- C:\Windows\System\znPqVFz.exe
  C:\Windows\System\znPqVFz.exe
  2⤵
  PID:8096
- C:\Windows\System\FWcMnKA.exe
  C:\Windows\System\FWcMnKA.exe
  2⤵
  PID:8112
- C:\Windows\System\fPFZSST.exe
  C:\Windows\System\fPFZSST.exe
  2⤵
  PID:8128
- C:\Windows\System\CUoqiEq.exe
  C:\Windows\System\CUoqiEq.exe
  2⤵
  PID:8144
- C:\Windows\System\WWOhHmw.exe
  C:\Windows\System\WWOhHmw.exe
  2⤵
  PID:8160
- C:\Windows\System\dfgKcJj.exe
  C:\Windows\System\dfgKcJj.exe
  2⤵
  PID:8176
- C:\Windows\System\aZINkpe.exe
  C:\Windows\System\aZINkpe.exe
  2⤵
  PID:7016
- C:\Windows\System\yMutnlH.exe
  C:\Windows\System\yMutnlH.exe
  2⤵
  PID:7196
- C:\Windows\System\jyJPiBI.exe
  C:\Windows\System\jyJPiBI.exe
  2⤵
  PID:7236
- C:\Windows\System\NansVJO.exe
  C:\Windows\System\NansVJO.exe
  2⤵
  PID:7216
- C:\Windows\System\RqTjdcN.exe
  C:\Windows\System\RqTjdcN.exe
  2⤵
  PID:6392
- C:\Windows\System\CEeNLso.exe
  C:\Windows\System\CEeNLso.exe
  2⤵
  PID:7256
- C:\Windows\System\zLFScoA.exe
  C:\Windows\System\zLFScoA.exe
  2⤵
  PID:7300
- C:\Windows\System\zaipAOX.exe
  C:\Windows\System\zaipAOX.exe
  2⤵
  PID:7260
- C:\Windows\System\JwVufDV.exe
  C:\Windows\System\JwVufDV.exe
  2⤵
  PID:7332
- C:\Windows\System\VrtQnmQ.exe
  C:\Windows\System\VrtQnmQ.exe
  2⤵
  PID:7372
- C:\Windows\System\fhqYuvK.exe
  C:\Windows\System\fhqYuvK.exe
  2⤵
  PID:7060
- C:\Windows\System\RmIRJYJ.exe
  C:\Windows\System\RmIRJYJ.exe
  2⤵
  PID:7468
- C:\Windows\System\pvEAujO.exe
  C:\Windows\System\pvEAujO.exe
  2⤵
  PID:7564
- C:\Windows\System\FjBBXJM.exe
  C:\Windows\System\FjBBXJM.exe
  2⤵
  PID:7480
- C:\Windows\System\UUrJBLp.exe
  C:\Windows\System\UUrJBLp.exe
  2⤵
  PID:7552
- C:\Windows\System\eJnuiOi.exe
  C:\Windows\System\eJnuiOi.exe
  2⤵
  PID:7608
- C:\Windows\System\jgfRphR.exe
  C:\Windows\System\jgfRphR.exe
  2⤵
  PID:7452
- C:\Windows\System\sUoJCRO.exe
  C:\Windows\System\sUoJCRO.exe
  2⤵
  PID:7596
- C:\Windows\System\WcTfnuZ.exe
  C:\Windows\System\WcTfnuZ.exe
  2⤵
  PID:7640
- C:\Windows\System\OXMxrMt.exe
  C:\Windows\System\OXMxrMt.exe
  2⤵
  PID:7624
- C:\Windows\System\rkXYVHY.exe
  C:\Windows\System\rkXYVHY.exe
  2⤵
  PID:7692
- C:\Windows\System\LdesqzY.exe
  C:\Windows\System\LdesqzY.exe
  2⤵
  PID:7764
- C:\Windows\System\cOsYJFk.exe
  C:\Windows\System\cOsYJFk.exe
  2⤵
  PID:7708
- C:\Windows\System\VxPsRrB.exe
  C:\Windows\System\VxPsRrB.exe
  2⤵
  PID:7780
- C:\Windows\System\MkbteGU.exe
  C:\Windows\System\MkbteGU.exe
  2⤵
  PID:7848
- C:\Windows\System\QesHHzg.exe
  C:\Windows\System\QesHHzg.exe
  2⤵
  PID:8028
- C:\Windows\System\yaPWjQO.exe
  C:\Windows\System\yaPWjQO.exe
  2⤵
  PID:8012
- C:\Windows\System\bfYKagy.exe
  C:\Windows\System\bfYKagy.exe
  2⤵
  PID:8108
- C:\Windows\System\DBExYYR.exe
  C:\Windows\System\DBExYYR.exe
  2⤵
  PID:8172
- C:\Windows\System\zrojzJg.exe
  C:\Windows\System\zrojzJg.exe
  2⤵
  PID:8120
- C:\Windows\System\ckyMgcR.exe
  C:\Windows\System\ckyMgcR.exe
  2⤵
  PID:8188
- C:\Windows\System\GfQYEui.exe
  C:\Windows\System\GfQYEui.exe
  2⤵
  PID:7268
- C:\Windows\System\QeADWNL.exe
  C:\Windows\System\QeADWNL.exe
  2⤵
  PID:6460
- C:\Windows\System\IYQgGqp.exe
  C:\Windows\System\IYQgGqp.exe
  2⤵
  PID:7184
- C:\Windows\System\QktmJQO.exe
  C:\Windows\System\QktmJQO.exe
  2⤵
  PID:7352
- C:\Windows\System\khmJmNi.exe
  C:\Windows\System\khmJmNi.exe
  2⤵
  PID:7436
- C:\Windows\System\ehuuLRk.exe
  C:\Windows\System\ehuuLRk.exe
  2⤵
  PID:7528
- C:\Windows\System\JpQiyMJ.exe
  C:\Windows\System\JpQiyMJ.exe
  2⤵
  PID:7616
- C:\Windows\System\qRcqkFn.exe
  C:\Windows\System\qRcqkFn.exe
  2⤵
  PID:7580
- C:\Windows\System\tzRPZqF.exe
  C:\Windows\System\tzRPZqF.exe
  2⤵
  PID:7384
- C:\Windows\System\rxYfcgf.exe
  C:\Windows\System\rxYfcgf.exe
  2⤵
  PID:7784
- C:\Windows\System\mtSEzJU.exe
  C:\Windows\System\mtSEzJU.exe
  2⤵
  PID:7736
- C:\Windows\System\ABZmkmc.exe
  C:\Windows\System\ABZmkmc.exe
  2⤵
  PID:7812
- C:\Windows\System\vjPmUET.exe
  C:\Windows\System\vjPmUET.exe
  2⤵
  PID:7860
- C:\Windows\System\HtxNsXz.exe
  C:\Windows\System\HtxNsXz.exe
  2⤵
  PID:7884
- C:\Windows\System\xahEykA.exe
  C:\Windows\System\xahEykA.exe
  2⤵
  PID:7932
- C:\Windows\System\sSMTSTH.exe
  C:\Windows\System\sSMTSTH.exe
  2⤵
  PID:7944
- C:\Windows\System\ZLVrnYx.exe
  C:\Windows\System\ZLVrnYx.exe
  2⤵
  PID:7976
- C:\Windows\System\KWXuHgv.exe
  C:\Windows\System\KWXuHgv.exe
  2⤵
  PID:8140
- C:\Windows\System\QSaUKKP.exe
  C:\Windows\System\QSaUKKP.exe
  2⤵
  PID:8024
- C:\Windows\System\ZeSSkot.exe
  C:\Windows\System\ZeSSkot.exe
  2⤵
  PID:7996
- C:\Windows\System\NGGkIAW.exe
  C:\Windows\System\NGGkIAW.exe
  2⤵
  PID:8184
- C:\Windows\System\OaaeMNX.exe
  C:\Windows\System\OaaeMNX.exe
  2⤵
  PID:6364
- C:\Windows\System\MfzzuzN.exe
  C:\Windows\System\MfzzuzN.exe
  2⤵
  PID:7252
- C:\Windows\System\tpbsBWB.exe
  C:\Windows\System\tpbsBWB.exe
  2⤵
  PID:7368
- C:\Windows\System\rCbHFBp.exe
  C:\Windows\System\rCbHFBp.exe
  2⤵
  PID:7448
- C:\Windows\System\FqUKVUO.exe
  C:\Windows\System\FqUKVUO.exe
  2⤵
  PID:7716
- C:\Windows\System\EeQrxBE.exe
  C:\Windows\System\EeQrxBE.exe
  2⤵
  PID:7576
- C:\Windows\System\DJYcsly.exe
  C:\Windows\System\DJYcsly.exe
  2⤵
  PID:8008
- C:\Windows\System\alDWxnG.exe
  C:\Windows\System\alDWxnG.exe
  2⤵
  PID:6712
- C:\Windows\System\PhBRPVL.exe
  C:\Windows\System\PhBRPVL.exe
  2⤵
  PID:8104
- C:\Windows\System\YxkBchk.exe
  C:\Windows\System\YxkBchk.exe
  2⤵
  PID:7832
- C:\Windows\System\MpOctBj.exe
  C:\Windows\System\MpOctBj.exe
  2⤵
  PID:7992
- C:\Windows\System\vNbRQTq.exe
  C:\Windows\System\vNbRQTq.exe
  2⤵
  PID:8196
- C:\Windows\System\VLZlKJz.exe
  C:\Windows\System\VLZlKJz.exe
  2⤵
  PID:8212
- C:\Windows\System\wHSrejT.exe
  C:\Windows\System\wHSrejT.exe
  2⤵
  PID:8228
- C:\Windows\System\ptDJTgS.exe
  C:\Windows\System\ptDJTgS.exe
  2⤵
  PID:8256
- C:\Windows\System\UUIiYzI.exe
  C:\Windows\System\UUIiYzI.exe
  2⤵
  PID:8276
- C:\Windows\System\crcBIFo.exe
  C:\Windows\System\crcBIFo.exe
  2⤵
  PID:8300
- C:\Windows\System\zocijfF.exe
  C:\Windows\System\zocijfF.exe
  2⤵
  PID:8316
- C:\Windows\System\KBzBAEL.exe
  C:\Windows\System\KBzBAEL.exe
  2⤵
  PID:8332
- C:\Windows\System\opqXSjF.exe
  C:\Windows\System\opqXSjF.exe
  2⤵
  PID:8348
- C:\Windows\System\ZedlqzW.exe
  C:\Windows\System\ZedlqzW.exe
  2⤵
  PID:8368
- C:\Windows\System\FqPLyar.exe
  C:\Windows\System\FqPLyar.exe
  2⤵
  PID:8392
- C:\Windows\System\nCKPMjj.exe
  C:\Windows\System\nCKPMjj.exe
  2⤵
  PID:8408
- C:\Windows\System\jITDLtp.exe
  C:\Windows\System\jITDLtp.exe
  2⤵
  PID:8424
- C:\Windows\System\awiYGtP.exe
  C:\Windows\System\awiYGtP.exe
  2⤵
  PID:8440
- C:\Windows\System\bCSsSYG.exe
  C:\Windows\System\bCSsSYG.exe
  2⤵
  PID:8456
- C:\Windows\System\TcOzGce.exe
  C:\Windows\System\TcOzGce.exe
  2⤵
  PID:8472
- C:\Windows\System\Sflqycv.exe
  C:\Windows\System\Sflqycv.exe
  2⤵
  PID:8488
- C:\Windows\System\lraKlWL.exe
  C:\Windows\System\lraKlWL.exe
  2⤵
  PID:8504
- C:\Windows\System\FhMvdNd.exe
  C:\Windows\System\FhMvdNd.exe
  2⤵
  PID:8520
- C:\Windows\System\PRbQZgn.exe
  C:\Windows\System\PRbQZgn.exe
  2⤵
  PID:8536
- C:\Windows\System\IdzgvqG.exe
  C:\Windows\System\IdzgvqG.exe
  2⤵
  PID:8552
- C:\Windows\System\nZQLQMV.exe
  C:\Windows\System\nZQLQMV.exe
  2⤵
  PID:8568
- C:\Windows\System\mGkoHbo.exe
  C:\Windows\System\mGkoHbo.exe
  2⤵
  PID:8584
- C:\Windows\System\kcYlGKQ.exe
  C:\Windows\System\kcYlGKQ.exe
  2⤵
  PID:8600
- C:\Windows\System\YJwxImF.exe
  C:\Windows\System\YJwxImF.exe
  2⤵
  PID:8616
- C:\Windows\System\tnaLEhz.exe
  C:\Windows\System\tnaLEhz.exe
  2⤵
  PID:8632
- C:\Windows\System\cLplGNt.exe
  C:\Windows\System\cLplGNt.exe
  2⤵
  PID:8648
- C:\Windows\System\ppTEGWZ.exe
  C:\Windows\System\ppTEGWZ.exe
  2⤵
  PID:8664
- C:\Windows\System\qJhizNb.exe
  C:\Windows\System\qJhizNb.exe
  2⤵
  PID:8680
- C:\Windows\System\iHDEskN.exe
  C:\Windows\System\iHDEskN.exe
  2⤵
  PID:8696
- C:\Windows\System\GFVErBY.exe
  C:\Windows\System\GFVErBY.exe
  2⤵
  PID:8712
- C:\Windows\System\yARDrtR.exe
  C:\Windows\System\yARDrtR.exe
  2⤵
  PID:8772
- C:\Windows\System\FzkDGzr.exe
  C:\Windows\System\FzkDGzr.exe
  2⤵
  PID:8804
- C:\Windows\System\EkzviVb.exe
  C:\Windows\System\EkzviVb.exe
  2⤵
  PID:8924
- C:\Windows\System\kqyknHF.exe
  C:\Windows\System\kqyknHF.exe
  2⤵
  PID:8940
- C:\Windows\System\zhEJTfG.exe
  C:\Windows\System\zhEJTfG.exe
  2⤵
  PID:8956
- C:\Windows\System\uJTnWlA.exe
  C:\Windows\System\uJTnWlA.exe
  2⤵
  PID:8976
- C:\Windows\System\CQVYEkx.exe
  C:\Windows\System\CQVYEkx.exe
  2⤵
  PID:8996
- C:\Windows\System\sJBqiAa.exe
  C:\Windows\System\sJBqiAa.exe
  2⤵
  PID:9016
- C:\Windows\System\ECIraBF.exe
  C:\Windows\System\ECIraBF.exe
  2⤵
  PID:9036
- C:\Windows\System\dKkQbkT.exe
  C:\Windows\System\dKkQbkT.exe
  2⤵
  PID:8204
- C:\Windows\System\aPAdjQh.exe
  C:\Windows\System\aPAdjQh.exe
  2⤵
  PID:7980
- C:\Windows\System\RypqiLt.exe
  C:\Windows\System\RypqiLt.exe
  2⤵
  PID:8244
- C:\Windows\System\qKgAeHF.exe
  C:\Windows\System\qKgAeHF.exe
  2⤵
  PID:8268
- C:\Windows\System\jNUmYVq.exe
  C:\Windows\System\jNUmYVq.exe
  2⤵
  PID:8376
- C:\Windows\System\CuiAsDI.exe
  C:\Windows\System\CuiAsDI.exe
  2⤵
  PID:8388
- C:\Windows\System\zzzrDac.exe
  C:\Windows\System\zzzrDac.exe
  2⤵
  PID:8464
- C:\Windows\System\SjOFoKV.exe
  C:\Windows\System\SjOFoKV.exe
  2⤵
  PID:8564
- C:\Windows\System\ZYhbFGw.exe
  C:\Windows\System\ZYhbFGw.exe
  2⤵
  PID:8628
- C:\Windows\System\GRgZmBk.exe
  C:\Windows\System\GRgZmBk.exe
  2⤵
  PID:8416
- C:\Windows\System\GetUAbN.exe
  C:\Windows\System\GetUAbN.exe
  2⤵
  PID:8576
- C:\Windows\System\XeLdkep.exe
  C:\Windows\System\XeLdkep.exe
  2⤵
  PID:8704
- C:\Windows\System\qVVeNpw.exe
  C:\Windows\System\qVVeNpw.exe
  2⤵
  PID:8672
- C:\Windows\System\iZkGMlm.exe
  C:\Windows\System\iZkGMlm.exe
  2⤵
  PID:8512
- C:\Windows\System\CYwCbox.exe
  C:\Windows\System\CYwCbox.exe
  2⤵
  PID:8732
- C:\Windows\System\yTavZHY.exe
  C:\Windows\System\yTavZHY.exe
  2⤵
  PID:8752
- C:\Windows\System\pGWashS.exe
  C:\Windows\System\pGWashS.exe
  2⤵
  PID:8788
- C:\Windows\System\GCnYkBe.exe
  C:\Windows\System\GCnYkBe.exe
  2⤵
  PID:8816
- C:\Windows\System\sURFAaT.exe
  C:\Windows\System\sURFAaT.exe
  2⤵
  PID:8824
- C:\Windows\System\QsnRPPm.exe
  C:\Windows\System\QsnRPPm.exe
  2⤵
  PID:8852
- C:\Windows\System\aLWQYZq.exe
  C:\Windows\System\aLWQYZq.exe
  2⤵
  PID:8876
- C:\Windows\System\UbyCfOT.exe
  C:\Windows\System\UbyCfOT.exe
  2⤵
  PID:8896
- C:\Windows\System\rRtCVoq.exe
  C:\Windows\System\rRtCVoq.exe
  2⤵
  PID:8916
- C:\Windows\System\uKNnFwR.exe
  C:\Windows\System\uKNnFwR.exe
  2⤵
  PID:8952
- C:\Windows\System\PMTFvjp.exe
  C:\Windows\System\PMTFvjp.exe
  2⤵
  PID:8988
- C:\Windows\System\KYiDRtm.exe
  C:\Windows\System\KYiDRtm.exe
  2⤵
  PID:9028
- C:\Windows\System\WUHJydK.exe
  C:\Windows\System\WUHJydK.exe
  2⤵
  PID:9048
- C:\Windows\System\FoIJGes.exe
  C:\Windows\System\FoIJGes.exe
  2⤵
  PID:9068
- C:\Windows\System\QAwYjLj.exe
  C:\Windows\System\QAwYjLj.exe
  2⤵
  PID:9104
- C:\Windows\System\dgQlWUv.exe
  C:\Windows\System\dgQlWUv.exe
  2⤵
  PID:9120
- C:\Windows\System\mxVnIVR.exe
  C:\Windows\System\mxVnIVR.exe
  2⤵
  PID:9136
- C:\Windows\System\uAtbjCz.exe
  C:\Windows\System\uAtbjCz.exe
  2⤵
  PID:9164
- C:\Windows\System\wtAQClx.exe
  C:\Windows\System\wtAQClx.exe
  2⤵
  PID:7572
- C:\Windows\System\IUWKLvB.exe
  C:\Windows\System\IUWKLvB.exe
  2⤵
  PID:9172
- C:\Windows\System\ZIDQtZf.exe
  C:\Windows\System\ZIDQtZf.exe
  2⤵
  PID:9208
- C:\Windows\System\tNuxfhP.exe
  C:\Windows\System\tNuxfhP.exe
  2⤵
  PID:7916
- C:\Windows\System\rpSCxSX.exe
  C:\Windows\System\rpSCxSX.exe
  2⤵
  PID:7964
- C:\Windows\System\pxBxZms.exe
  C:\Windows\System\pxBxZms.exe
  2⤵
  PID:7880
- C:\Windows\System\FHAIxWh.exe
  C:\Windows\System\FHAIxWh.exe
  2⤵
  PID:7232
- C:\Windows\System\XyJkFhk.exe
  C:\Windows\System\XyJkFhk.exe
  2⤵
  PID:8248
- C:\Windows\System\PYtuinK.exe
  C:\Windows\System\PYtuinK.exe
  2⤵
  PID:8360
- C:\Windows\System\IVYwqWe.exe
  C:\Windows\System\IVYwqWe.exe
  2⤵
  PID:8400
- C:\Windows\System\qXxMPJG.exe
  C:\Windows\System\qXxMPJG.exe
  2⤵
  PID:8432
- C:\Windows\System\Alxylda.exe
  C:\Windows\System\Alxylda.exe
  2⤵
  PID:8660
- C:\Windows\System\USzXSIC.exe
  C:\Windows\System\USzXSIC.exe
  2⤵
  PID:8688
- C:\Windows\System\zjMFLas.exe
  C:\Windows\System\zjMFLas.exe
  2⤵
  PID:8624
- C:\Windows\System\ntspBEW.exe
  C:\Windows\System\ntspBEW.exe
  2⤵
  PID:8548
- C:\Windows\System\NWXzJXG.exe
  C:\Windows\System\NWXzJXG.exe
  2⤵
  PID:8764
- C:\Windows\System\tskEflD.exe
  C:\Windows\System\tskEflD.exe
  2⤵
  PID:8812
- C:\Windows\System\MjPmxQZ.exe
  C:\Windows\System\MjPmxQZ.exe
  2⤵
  PID:8828
- C:\Windows\System\wEprESg.exe
  C:\Windows\System\wEprESg.exe
  2⤵
  PID:8860
- C:\Windows\System\nWitQrW.exe
  C:\Windows\System\nWitQrW.exe
  2⤵
  PID:8884
- C:\Windows\System\apHIAzl.exe
  C:\Windows\System\apHIAzl.exe
  2⤵
  PID:8948
- C:\Windows\System\hFcCNIt.exe
  C:\Windows\System\hFcCNIt.exe
  2⤵
  PID:9024
- C:\Windows\System\rzpCnmc.exe
  C:\Windows\System\rzpCnmc.exe
  2⤵
  PID:9044
- C:\Windows\System\OYqwfXE.exe
  C:\Windows\System\OYqwfXE.exe
  2⤵
  PID:9072
- C:\Windows\System\bYOgAip.exe
  C:\Windows\System\bYOgAip.exe
  2⤵
  PID:9192
- C:\Windows\System\vOUjuCS.exe
  C:\Windows\System\vOUjuCS.exe
  2⤵
  PID:8044
- C:\Windows\System\zXWmxEK.exe
  C:\Windows\System\zXWmxEK.exe
  2⤵
  PID:9116
- C:\Windows\System\vrJEijp.exe
  C:\Windows\System\vrJEijp.exe
  2⤵
  PID:9184
- C:\Windows\System\aAxQYGO.exe
  C:\Windows\System\aAxQYGO.exe
  2⤵
  PID:7500
- C:\Windows\System\BtAoVSv.exe
  C:\Windows\System\BtAoVSv.exe
  2⤵
  PID:7816
- C:\Windows\System\sylTVSe.exe
  C:\Windows\System\sylTVSe.exe
  2⤵
  PID:8356
- C:\Windows\System\SOlLDlZ.exe
  C:\Windows\System\SOlLDlZ.exe
  2⤵
  PID:8532
- C:\Windows\System\pkHAAbN.exe
  C:\Windows\System\pkHAAbN.exe
  2⤵
  PID:8340
- C:\Windows\System\cFHZUSo.exe
  C:\Windows\System\cFHZUSo.exe
  2⤵
  PID:8448
- C:\Windows\System\KdQkSzt.exe
  C:\Windows\System\KdQkSzt.exe
  2⤵
  PID:8644
- C:\Windows\System\TktNaSw.exe
  C:\Windows\System\TktNaSw.exe
  2⤵
  PID:8544
- C:\Windows\System\OgJBSpt.exe
  C:\Windows\System\OgJBSpt.exe
  2⤵
  PID:8756
- C:\Windows\System\CoUBUUo.exe
  C:\Windows\System\CoUBUUo.exe
  2⤵
  PID:8848
- C:\Windows\System\sMdWciW.exe
  C:\Windows\System\sMdWciW.exe
  2⤵
  PID:9012
- C:\Windows\System\jJqKKuz.exe
  C:\Windows\System\jJqKKuz.exe
  2⤵
  PID:8868
- C:\Windows\System\JlVfSnq.exe
  C:\Windows\System\JlVfSnq.exe
  2⤵
  PID:8832
- C:\Windows\System\vaHHPsd.exe
  C:\Windows\System\vaHHPsd.exe
  2⤵
  PID:9132
- C:\Windows\System\nSLJvJl.exe
  C:\Windows\System\nSLJvJl.exe
  2⤵
  PID:9212
- C:\Windows\System\WvIZvfY.exe
  C:\Windows\System\WvIZvfY.exe
  2⤵
  PID:8324
- C:\Windows\System\gVMLUMa.exe
  C:\Windows\System\gVMLUMa.exe
  2⤵
  PID:2184
- C:\Windows\System\VGcuyYq.exe
  C:\Windows\System\VGcuyYq.exe
  2⤵
  PID:8500
- C:\Windows\System\DjcxmBt.exe
  C:\Windows\System\DjcxmBt.exe
  2⤵
  PID:7876
- C:\Windows\System\kXgDVbj.exe
  C:\Windows\System\kXgDVbj.exe
  2⤵
  PID:8784
- C:\Windows\System\tFytgrf.exe
  C:\Windows\System\tFytgrf.exe
  2⤵
  PID:8796
- C:\Windows\System\blPmtUv.exe
  C:\Windows\System\blPmtUv.exe
  2⤵
  PID:8936
- C:\Windows\System\agorwdN.exe
  C:\Windows\System\agorwdN.exe
  2⤵
  PID:9076
- C:\Windows\System\ODhSojP.exe
  C:\Windows\System\ODhSojP.exe
  2⤵
  PID:8156
- C:\Windows\System\CVixuGL.exe
  C:\Windows\System\CVixuGL.exe
  2⤵
  PID:9200
- C:\Windows\System\ILpBpKA.exe
  C:\Windows\System\ILpBpKA.exe
  2⤵
  PID:9152
- C:\Windows\System\OGxRhod.exe
  C:\Windows\System\OGxRhod.exe
  2⤵
  PID:8676
- C:\Windows\System\gHKfKKM.exe
  C:\Windows\System\gHKfKKM.exe
  2⤵
  PID:8904
- C:\Windows\System\XrTKlOn.exe
  C:\Windows\System\XrTKlOn.exe
  2⤵
  PID:8744
- C:\Windows\System\XInqzXi.exe
  C:\Windows\System\XInqzXi.exe
  2⤵
  PID:8288
- C:\Windows\System\xhCHlSy.exe
  C:\Windows\System\xhCHlSy.exe
  2⤵
  PID:9256
- C:\Windows\System\joEFZiZ.exe
  C:\Windows\System\joEFZiZ.exe
  2⤵
  PID:9280
- C:\Windows\System\hitpERP.exe
  C:\Windows\System\hitpERP.exe
  2⤵
  PID:9296
- C:\Windows\System\gFuuljY.exe
  C:\Windows\System\gFuuljY.exe
  2⤵
  PID:9320
- C:\Windows\System\YkIyJOB.exe
  C:\Windows\System\YkIyJOB.exe
  2⤵
  PID:9336
- C:\Windows\System\KQpIvcR.exe
  C:\Windows\System\KQpIvcR.exe
  2⤵
  PID:9352
- C:\Windows\System\mkwifTG.exe
  C:\Windows\System\mkwifTG.exe
  2⤵
  PID:9368
- C:\Windows\System\eptINdN.exe
  C:\Windows\System\eptINdN.exe
  2⤵
  PID:9384
- C:\Windows\System\XfreFKH.exe
  C:\Windows\System\XfreFKH.exe
  2⤵
  PID:9408
- C:\Windows\System\XoxyPPc.exe
  C:\Windows\System\XoxyPPc.exe
  2⤵
  PID:9428
- C:\Windows\System\CPIpPlc.exe
  C:\Windows\System\CPIpPlc.exe
  2⤵
  PID:9448
- C:\Windows\System\lJLPLLX.exe
  C:\Windows\System\lJLPLLX.exe
  2⤵
  PID:9464
- C:\Windows\System\ztvGBEK.exe
  C:\Windows\System\ztvGBEK.exe
  2⤵
  PID:9484
- C:\Windows\System\OZfXfFR.exe
  C:\Windows\System\OZfXfFR.exe
  2⤵
  PID:9504
- C:\Windows\System\jEEvFxA.exe
  C:\Windows\System\jEEvFxA.exe
  2⤵
  PID:9520
- C:\Windows\System\HUJlfIh.exe
  C:\Windows\System\HUJlfIh.exe
  2⤵
  PID:9536
- C:\Windows\System\JpJNsMg.exe
  C:\Windows\System\JpJNsMg.exe
  2⤵
  PID:9568
- C:\Windows\System\oFoVvtr.exe
  C:\Windows\System\oFoVvtr.exe
  2⤵
  PID:9588
- C:\Windows\System\PsQlvuU.exe
  C:\Windows\System\PsQlvuU.exe
  2⤵
  PID:9604
- C:\Windows\System\glHkiXZ.exe
  C:\Windows\System\glHkiXZ.exe
  2⤵
  PID:9624
- C:\Windows\System\FxVFQTf.exe
  C:\Windows\System\FxVFQTf.exe
  2⤵
  PID:9644
- C:\Windows\System\nzbvurc.exe
  C:\Windows\System\nzbvurc.exe
  2⤵
  PID:9660
- C:\Windows\System\UUrVQxS.exe
  C:\Windows\System\UUrVQxS.exe
  2⤵
  PID:9680
- C:\Windows\System\WFBkCAe.exe
  C:\Windows\System\WFBkCAe.exe
  2⤵
  PID:9696
- C:\Windows\System\FsiAMYw.exe
  C:\Windows\System\FsiAMYw.exe
  2⤵
  PID:9712
- C:\Windows\System\kyLhbRr.exe
  C:\Windows\System\kyLhbRr.exe
  2⤵
  PID:9728
- C:\Windows\System\qoyZbsh.exe
  C:\Windows\System\qoyZbsh.exe
  2⤵
  PID:9772
- C:\Windows\System\eoZhvdp.exe
  C:\Windows\System\eoZhvdp.exe
  2⤵
  PID:9792
- C:\Windows\System\nopgAxQ.exe
  C:\Windows\System\nopgAxQ.exe
  2⤵
  PID:9812
- C:\Windows\System\TpCHHlS.exe
  C:\Windows\System\TpCHHlS.exe
  2⤵
  PID:9828
- C:\Windows\System\KPVQPTp.exe
  C:\Windows\System\KPVQPTp.exe
  2⤵
  PID:9852
- C:\Windows\System\SGbqCVq.exe
  C:\Windows\System\SGbqCVq.exe
  2⤵
  PID:9876
- C:\Windows\System\simUloX.exe
  C:\Windows\System\simUloX.exe
  2⤵
  PID:9896
- C:\Windows\System\UAPtkcw.exe
  C:\Windows\System\UAPtkcw.exe
  2⤵
  PID:9912
- C:\Windows\System\IMIynXY.exe
  C:\Windows\System\IMIynXY.exe
  2⤵
  PID:9928
- C:\Windows\System\PzlsXrl.exe
  C:\Windows\System\PzlsXrl.exe
  2⤵
  PID:9960
- C:\Windows\System\kcFPhQh.exe
  C:\Windows\System\kcFPhQh.exe
  2⤵
  PID:9976
- C:\Windows\System\IykvTQD.exe
  C:\Windows\System\IykvTQD.exe
  2⤵
  PID:10004
- C:\Windows\System\bIbGRUj.exe
  C:\Windows\System\bIbGRUj.exe
  2⤵
  PID:10020
- C:\Windows\System\NjuDmWt.exe
  C:\Windows\System\NjuDmWt.exe
  2⤵
  PID:10036
- C:\Windows\System\vDfFCdO.exe
  C:\Windows\System\vDfFCdO.exe
  2⤵
  PID:10056
- C:\Windows\System\FnGhlcf.exe
  C:\Windows\System\FnGhlcf.exe
  2⤵
  PID:10072
- C:\Windows\System\PyGDgiW.exe
  C:\Windows\System\PyGDgiW.exe
  2⤵
  PID:10108
- C:\Windows\System\ueSAbsg.exe
  C:\Windows\System\ueSAbsg.exe
  2⤵
  PID:10124
- C:\Windows\System\dTEHgOM.exe
  C:\Windows\System\dTEHgOM.exe
  2⤵
  PID:10144
- C:\Windows\System\OmhOixm.exe
  C:\Windows\System\OmhOixm.exe
  2⤵
  PID:10168
- C:\Windows\System\bFqBLhz.exe
  C:\Windows\System\bFqBLhz.exe
  2⤵
  PID:10188
- C:\Windows\System\fAOKjaz.exe
  C:\Windows\System\fAOKjaz.exe
  2⤵
  PID:10208
- C:\Windows\System\HikLNUK.exe
  C:\Windows\System\HikLNUK.exe
  2⤵
  PID:10224
- C:\Windows\System\VPHyFdn.exe
  C:\Windows\System\VPHyFdn.exe
  2⤵
  PID:9240
- C:\Windows\System\rRSSHVh.exe
  C:\Windows\System\rRSSHVh.exe
  2⤵
  PID:9252
- C:\Windows\System\dIRMlPe.exe
  C:\Windows\System\dIRMlPe.exe
  2⤵
  PID:9064
- C:\Windows\System\GCnyokk.exe
  C:\Windows\System\GCnyokk.exe
  2⤵
  PID:8932
- C:\Windows\System\ZdwilsY.exe
  C:\Windows\System\ZdwilsY.exe
  2⤵
  PID:9108
- C:\Windows\System\QSJCQaz.exe
  C:\Windows\System\QSJCQaz.exe
  2⤵
  PID:9288
- C:\Windows\System\ZtJPWVO.exe
  C:\Windows\System\ZtJPWVO.exe
  2⤵
  PID:8364
- C:\Windows\System\NQTjZtJ.exe
  C:\Windows\System\NQTjZtJ.exe
  2⤵
  PID:9332
- C:\Windows\System\cjcPlCb.exe
  C:\Windows\System\cjcPlCb.exe
  2⤵
  PID:9348
- C:\Windows\System\exQJNAD.exe
  C:\Windows\System\exQJNAD.exe
  2⤵
  PID:9476
- C:\Windows\System\dpXykvD.exe
  C:\Windows\System\dpXykvD.exe
  2⤵
  PID:9544
- C:\Windows\System\uolHfxm.exe
  C:\Windows\System\uolHfxm.exe
  2⤵
  PID:9456
- C:\Windows\System\zDTDTgc.exe
  C:\Windows\System\zDTDTgc.exe
  2⤵
  PID:9556
- C:\Windows\System\byUsiEO.exe
  C:\Windows\System\byUsiEO.exe
  2⤵
  PID:9460
- C:\Windows\System\TPMuqPl.exe
  C:\Windows\System\TPMuqPl.exe
  2⤵
  PID:9632
- C:\Windows\System\DOzuUBw.exe
  C:\Windows\System\DOzuUBw.exe
  2⤵
  PID:9616
- C:\Windows\System\jvmpvOd.exe
  C:\Windows\System\jvmpvOd.exe
  2⤵
  PID:9668
- C:\Windows\System\rBlPIVO.exe
  C:\Windows\System\rBlPIVO.exe
  2⤵
  PID:9688
- C:\Windows\System\QCaRCCi.exe
  C:\Windows\System\QCaRCCi.exe
  2⤵
  PID:9736
- C:\Windows\System\xayPIgi.exe
  C:\Windows\System\xayPIgi.exe
  2⤵
  PID:9724
- C:\Windows\System\jtDLeFr.exe
  C:\Windows\System\jtDLeFr.exe
  2⤵
  PID:9768
- C:\Windows\System\ctYbuiB.exe
  C:\Windows\System\ctYbuiB.exe
  2⤵
  PID:9804
- C:\Windows\System\DEwyjLD.exe
  C:\Windows\System\DEwyjLD.exe
  2⤵
  PID:9844
- C:\Windows\System\SeFDYOU.exe
  C:\Windows\System\SeFDYOU.exe
  2⤵
  PID:9872
- C:\Windows\System\HSwfxpi.exe
  C:\Windows\System\HSwfxpi.exe
  2⤵
  PID:9824
- C:\Windows\System\JxsisDN.exe
  C:\Windows\System\JxsisDN.exe
  2⤵
  PID:9944
- C:\Windows\System\lNOLkKB.exe
  C:\Windows\System\lNOLkKB.exe
  2⤵
  PID:9952
- C:\Windows\System\XRKjqqm.exe
  C:\Windows\System\XRKjqqm.exe
  2⤵
  PID:9972
- C:\Windows\System\RtUMtnn.exe
  C:\Windows\System\RtUMtnn.exe
  2⤵
  PID:10048
- C:\Windows\System\XDjXtAP.exe
  C:\Windows\System\XDjXtAP.exe
  2⤵
  PID:9996
- C:\Windows\System\othFCvq.exe
  C:\Windows\System\othFCvq.exe
  2⤵
  PID:10068
- C:\Windows\System\SRzLYpW.exe
  C:\Windows\System\SRzLYpW.exe
  2⤵
  PID:10132
- C:\Windows\System\zDzmyRj.exe
  C:\Windows\System\zDzmyRj.exe
  2⤵
  PID:10156
- C:\Windows\System\WXEdrCx.exe
  C:\Windows\System\WXEdrCx.exe
  2⤵
  PID:10232
- C:\Windows\System\zYTFAPG.exe
  C:\Windows\System\zYTFAPG.exe
  2⤵
  PID:9232
- C:\Windows\System\SjaNVaB.exe
  C:\Windows\System\SjaNVaB.exe
  2⤵
  PID:8312
- C:\Windows\System\qJaJCZF.exe
  C:\Windows\System\qJaJCZF.exe
  2⤵
  PID:9264
- C:\Windows\System\GvmSBGq.exe
  C:\Windows\System\GvmSBGq.exe
  2⤵
  PID:9328
- C:\Windows\System\YWXIQAO.exe
  C:\Windows\System\YWXIQAO.exe
  2⤵
  PID:9392
- C:\Windows\System\roMylqb.exe
  C:\Windows\System\roMylqb.exe
  2⤵
  PID:9444
- C:\Windows\System\AxQASBu.exe
  C:\Windows\System\AxQASBu.exe
  2⤵
  PID:9532
- C:\Windows\System\AHTkpEJ.exe
  C:\Windows\System\AHTkpEJ.exe
  2⤵
  PID:9548
- C:\Windows\System\UxwGAtN.exe
  C:\Windows\System\UxwGAtN.exe
  2⤵
  PID:9580
- C:\Windows\System\WQheiwL.exe
  C:\Windows\System\WQheiwL.exe
  2⤵
  PID:9564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DzCLFFr.exe

Filesize
6.0MB

MD5
e6dc373e4f84811a72675f7fd9657202

SHA1
ea0d80e70a5fd4fd25f1758b9f8e64aaf8215d9b

SHA256
b7c25b677961c62f36ee0b24ead9234c6684eacafc667980314b14c0dabc7e4a

SHA512
1721c290182aa5eeeeab9ab596fb4bb7d495039320db9dbb51a523ad4ffa7c357291ada2d37612de4dd84635c5c4c4c6bfadddcae1eb70c97b149e33228595e1

Download Submit
C:\Windows\system\EzeKkof.exe

Filesize
6.0MB

MD5
75509e7e7db0b613d41081266a758ad9

SHA1
39ee4c07b7022a9996565f9a9be7d5a9f7d5b399

SHA256
9e4799ccf69383c055e5d5ad6e919566e4dac8dfb058b1f9e42d3fd25fe36a7a

SHA512
1188b1d49891c4a0538c934c247c64b82a19f2c1ef61de4e86aa54dfa3458289edda382b5e8d41876aeb4dbaac66063a7bec94637516aad01205b8ba457d9903

Download Submit
C:\Windows\system\FaEKHYI.exe

Filesize
6.0MB

MD5
500ffa951bc963e7296174d6658200f8

SHA1
3c06471c95e4253467f63b4e07572f81ad366f70

SHA256
46cfa9d0bfd2dbcde1330ff196194721613e95d98f64a384ba4ddce82cb2641b

SHA512
c1f5aedc34ef277b0416b3f21d432690d5f5ca7c13bbcea1b8b9d8b0cb8881f89885f536b0d878c446449011a0e6ee22b687f3b336a2f1b2da332af68c12608d

Download Submit
C:\Windows\system\JWAcvoz.exe

Filesize
6.0MB

MD5
79352e495a29525d9d8651895367cee8

SHA1
5e7254930679e3e4950d50bab3d4eb2b0b456904

SHA256
5430f985b1b31c5f64c7877d02547b16f4bb1ac4b7b3057fd6c8e2c94e987890

SHA512
93b54239bb00b9320faf4b6439df2abe876dfd84c1da3f70328a953779f0f3a4467fcc9e054707f991d4545b433bba7209a1f95e3f128af453dd9bb3d1777e0c

Download Submit
C:\Windows\system\QsIxDTT.exe

Filesize
6.0MB

MD5
440be64fbda5b8dbe18a9aa001f9f4a0

SHA1
5125f3ddce5a674becccbccd18b4810d18c44dd5

SHA256
ec9b228c627cb3d1259a3d750d4af9449e1db4213ac9b3e0bf41579df1499bd8

SHA512
ed2cf196432cc66329b3bca74091a2ee73068bd9a9c6950fbdb058e40941df322ebdf0255c76372779a1e76ac07b5cbe5dbafe64d1ebcb70f35ec16493655456

Download Submit
C:\Windows\system\RRxWSPT.exe

Filesize
6.0MB

MD5
6f0822198277c2ef09213d8fa8519a7c

SHA1
73348f7219d01ffb98656584a53100577f9198b2

SHA256
ff448503bcf4c5e8fc1d319bde0964a10a5c852db223fd3a14d8461115a3b0ac

SHA512
3f4a98c24af24ad555051830bf7b167f0f328d922f023cf96105e8d06cc5b76d03c774c09bf526d438ab2b0673273476520d51b8965ac10527e00a6e248780c7

Download Submit
C:\Windows\system\SUEwfXc.exe

Filesize
6.0MB

MD5
c68f4bd64417bb26ff478a9aede13b67

SHA1
b3c18205f09540cc394e775c1a324079fe7d939e

SHA256
e2322df64747f72ce9efce2b07b38f01f23fb804923a6f7c6852e1545931e25a

SHA512
0d4a116be376832265581e685b79ed6cda4ba4224250dde83498a3abb611e95f390a97b53fd5f6efbaa986b016e48b16bb116801320f6647ef3b4753a6974e6a

Download Submit
C:\Windows\system\YIhypBs.exe

Filesize
6.0MB

MD5
15210a9aedce01960a0902ead3709e81

SHA1
06656cca19ac96d209ca57cf2ba266709172ed36

SHA256
64f885f88bb88e52f9210b2b03166017485cb889940ac4f71d02b0a7d22ca84e

SHA512
102bc951aa69093567e4401b2618b5bd9d60884f3f25bc2069aa7508a4d58cec5d81188404b1037617d226f197cef586007da63dd6e5394ad2eccb08df2b6de0

Download Submit
C:\Windows\system\ewKjCGg.exe

Filesize
6.0MB

MD5
88863e2ea2ac4ff1ebb2594572fc1f8b

SHA1
9e8292661822db6211b9c93a6c12f93f40cb6c52

SHA256
a3ee4def101b35a4285ca3d6e0a830ef7d599c835e3a648fc0b917a205aeab7a

SHA512
ebbc47b657b954b54f3869af760b41cf85e23a49b857d1088e893788078925543c15130bf431b8fcda23519820bf8fb5d1ac49091fde4019202e4af5143b4eec

Download Submit
C:\Windows\system\gdeWApX.exe

Filesize
6.0MB

MD5
dfdbc9b5214b324a5e031de2b88b960b

SHA1
78d2528a66da958a2f38c50e22f118de973e18d1

SHA256
205ada00f36ca33f72809dd950130720f75fdbc878ba3bb8b47499fcf6b329c6

SHA512
84327691c8020708ba8d2a4a920509cd5ca2d64855719f6b3080545b0a9175838f519f06506a64a291b48bbcdf31c104da590864e78459db6d32ea79fe2c14c8

Download Submit
C:\Windows\system\hFfOpBJ.exe

Filesize
6.0MB

MD5
5403aebb152a5d0fe787852a9b988bbe

SHA1
19b24c67f6ebb1987cfc51cb2a28ec88d13deb08

SHA256
688c402c41ad3c05d5ed7bf5882ca13e7e3b55ae7b12e6e50895b1226d3a48ba

SHA512
73ba72fb013e13ac2090983b0c03777d7cc697fe18d66057bbce66beb9da2c20f7e0f49aaab08aa9a07afc68349f509df78698507448fc9dcc99326864821bc1

Download Submit
C:\Windows\system\ivRFzAu.exe

Filesize
6.0MB

MD5
3c4773f1a69d2947d173a4f9f175bc5b

SHA1
b07ad20a3592c49e903d4c99e3bb54828d5bff24

SHA256
db10709459ee44de8f5b9f7d802c398b71072db50dc3d5ec6743b6c8be7c2567

SHA512
f4b40e218e71c884197e96f1f6da36579e58801dfcbbffcbccb52ce11293836326a24e4b0a9ad2aac824ab33ce00ac749609cf447e0363a60b7ad8dadefb4117

Download Submit
C:\Windows\system\kDakxCN.exe

Filesize
6.0MB

MD5
9dff3097e2c13c659a8ba5bc62c36eea

SHA1
5fdea6b2a0b3f7849029e0306b4e5b4ddf085823

SHA256
d275dd2873e745b4a56380cb32959aecc91df7163e9199504ecf5aa6da590182

SHA512
4c840bae95d94cc623a60bcfc50c71253c6dc391196f1c7565543226e839b587b6d28bbc0b078ccc6f8b4cfe0fb4464bf61dae0a8e132d355603f100c5f0cb5e

Download Submit
C:\Windows\system\ocoDURT.exe

Filesize
6.0MB

MD5
7213bed098df67e37aa55048f6102a3d

SHA1
783bd08b3e95995604c52ef3d85922f6c4d60666

SHA256
0321b4671a56ce6e15a8217e6fdd7eb39b74a83c16ec168a02563a0684174cef

SHA512
509a36832c88b6936cdefef7eae99262cc97a3aa4ddd510311d32c52a687432ca2c2e7d1c14b1dcf7e6ead71d3ca00e2754f3c6183bf139b5e5b0752ec20181e

Download Submit
C:\Windows\system\pwmjzNH.exe

Filesize
6.0MB

MD5
ad20a1e23587b18b75a1279f13f67a26

SHA1
196f70745cc699926c5784827a3e4e83ea0d098e

SHA256
77a52c6713b7e7c76a66eb4cbd3ef03e45c26650a8a2eb8857d17521cf4ff694

SHA512
a5160a8951ca2af5ce9acfacc2b0516a19a4e8176c18a22e1ecab3ea20fbd16906c7ac78ce92af6c354aad52440c028cd8f24017f9cb15af08745ba08aff32f0

Download Submit
C:\Windows\system\sNHlrUK.exe

Filesize
6.0MB

MD5
ea68f3a065781f8f1a038bfefbd1dc5f

SHA1
d99e2a0ddf18ece5035473cb92282705862904c8

SHA256
b47d87d01f8d0e577ed9941cc1512037fd62e8037483ebd36b1d9d77279c754d

SHA512
e6d99416055186891520c87ce2d7bd43ba7623a81b0cfa06368fe371f5985c89f4b410f69316e6124ed60f4d1c7a98f6e8c72c0ce679d66b12283d34287c0c10

Download Submit
C:\Windows\system\srljNQV.exe

Filesize
6.0MB

MD5
e1e54e9bfe891d39ca94d675ce6ec37f

SHA1
69f0c81df440a237671c7e609843bad6992455c0

SHA256
51d50b107a3358d0e2a5df5eeffb4bca732c027b3cce59cee1a13b3774addb28

SHA512
e09df0ce0e421f2bdedcc67d89191512d1ac26e9fd7407706d59a4e8568e068b610564cff17bcdd104f18e0f2062d1e88b55b3412e88912a9b9e3bcc1a69e8c9

Download Submit
C:\Windows\system\uRdRpFy.exe

Filesize
6.0MB

MD5
44be8309091625e46b19c74ee579b7fb

SHA1
4c29c496e2daa2e1bc4629eebe531cb1567db66e

SHA256
437db444d345d702e415fa932a246b8b80e28d48de2eaad7e85ad3a7e5a71921

SHA512
e26aa5da6e8e48a20f4e6024a6e6dda9f4006cf12cf4f58f717020d2f4481fe31944650d8ab3ce0bda15b759d83ae71cdf39b4e426ccd6a65523dae04fbdb3fb

Download Submit
C:\Windows\system\urWBmTa.exe

Filesize
6.0MB

MD5
dd7a159857d6391b1a4cef97f0eeec62

SHA1
04247e655cdf21cc4d0fd479b9d8c8aca135b3b7

SHA256
a3b3653e3486ea78338af03aa1740b407bb76d664d3bdbaa1d7ffd08e70e0e00

SHA512
138d0411b988d1fc1cb3c3e61067f9a5153fae3df496d8cf29a96a3eb842cecaac8f4f7380e047074e6505449aa636e46665d963969a0daa243de236bed184d0

Download Submit
C:\Windows\system\wBNZeav.exe

Filesize
6.0MB

MD5
2a9974af7f778d1c9153038ad20a579d

SHA1
626bc6c6dc7264b54b5b5861185b472095076e82

SHA256
c1f3dbce49012f30b9302cd97b2600383c73287bf4e3c1d48141a133a3a18eb2

SHA512
44c4d3c206a988cb45850af8438b634b00a994d1099a132ca09f754c42d425c8c5c9fbb45952f17a6d311cd27a75c83d480ad91f954983c7826dbb63cf25548c

Download Submit
C:\Windows\system\wQoVSYY.exe

Filesize
6.0MB

MD5
e128e608e6fb3c92156b83f2309ec8e9

SHA1
ea8ee88b2256e614b13c13dccdcbb88216bf80bd

SHA256
45cab8073a0f71f83ad1cb322e86814276a79ed4abe4b8f89df124e80fe940fe

SHA512
b81266cf3ec2b12b93f4ad8c1717428c10f231807f3cba4bfa89635cd9cac6990bdef2bf91eb83ce40dc1ed0952a89333627c6cb2180c297d3ca9bad0af5e5ed

Download Submit
C:\Windows\system\xRYAOfq.exe

Filesize
6.0MB

MD5
0efc373b2a415177696db630f3b9184f

SHA1
89984769e16c2811371ccb14d9fa81d8880d9095

SHA256
cfbe33f623a6eabc2342351dfe13c83b931af779248816443d9b516e6d062887

SHA512
d54f4e11b4decc8f66ccad490727c241818b8954aa7bf29a253924958b113ce22d882c72b074f41ac24514d820b038b097c20dd93bbde801bc38a5ec6747ca47

Download Submit
C:\Windows\system\zKgaQaP.exe

Filesize
6.0MB

MD5
6754aa3179f112808c54942c9335d6ee

SHA1
8c51ae56c326084d7811b0b4877449deb2ef9c52

SHA256
c76e507eadb0766371a0d31a70f931a95be517cf37459b5e992524737c04268f

SHA512
9d414e51381be8149167c3857b81a817d6331e06723a4b9beae48a79e752d88db44441f6255cc925780d5622311ec0fac615a3f4e7f65db9bdb930e0efe91c4c

Download Submit
C:\Windows\system\zvedOuy.exe

Filesize
6.0MB

MD5
ba4ee1545f57ce0a05e93dc0ed2e3efb

SHA1
429c4426ef01764f73c4a7a80d10a5565a7a4955

SHA256
485a0182923d8b47dfe96e29f6809459151e784017f0ced6c8e0eb96663a370f

SHA512
b0df6a7048a6f49795e522a6771f53f196479ca7dbc5077d1a525f0077f77c6ab9d3d6961dc71e58f2f496f05218c1921f626abac929c3ab74d976242e07fd3b

Download Submit
\Windows\system\DMRowrj.exe

Filesize
6.0MB

MD5
6a6f98899c45947a4e1e23efd4aad84e

SHA1
9afcde781ab44de4116efa742444ab42f70ead44

SHA256
5dead0c5267bd5b2c728a9ccbdb82de6e5d1e465eb17012ee8b7a3c2348dc122

SHA512
f1a6810d266674f5516cab6a32f129719082ca8537bfe2d4a55f3e6031130e8ffc34b3fcc5d72afa638b0ea2cc9a39d3c0bf57653dc8236bfbfcc5a9e6e16a28

Download Submit
\Windows\system\DzIFQod.exe

Filesize
6.0MB

MD5
15f3db3d26fd41a7f21333cbf0da51d1

SHA1
2eea4eeeaf143354234f5a2adeafd5198eb03035

SHA256
e5b231b5ead7f20b7179059dec372ca7344dcaeb87e8fa027438c2857c55f78b

SHA512
e1a3a7c54c989496716b784c0c3f4989e4a62de26cafe9de5259cde4943702295dc4cc7d43050845086e1dedd94ad5ebb68ec04f13f139e6bf466616113dde3d

Download Submit
\Windows\system\EPtKIfp.exe

Filesize
6.0MB

MD5
25e7167e75b293d5cdbf24786576f318

SHA1
4294cdef6e00f7f478c468d23dcdd6350a782fba

SHA256
84533033faf6436f6cac538ef702b5668487d5e6435654cbd9f628e696990339

SHA512
3f7ef8f85e0599cffcfea1fd07878498d002e108807d40b51557b0372cdb604bd31b401251ad23cd65f7814f04aa4b3fc595c4ead3456344befc8305928895b4

Download Submit
\Windows\system\JynpvIH.exe

Filesize
6.0MB

MD5
1135fec66332cd9ddf9a5453440b58ea

SHA1
c6106e2474c49600971e862ed6278de0a71b40e1

SHA256
8eef93b9744d3f5157012981a530999c4bb02ed9fd5c60551717c709aebd5d01

SHA512
3b47d23ec6c42bafb08f38084e1714a4469058db4cb2e323d051dcaf7d07eb0fa7011e34886f03c032a62b63c080949b2b2656de9673214f5f8c78cba2b08db4

Download Submit
\Windows\system\LOqBKHz.exe

Filesize
6.0MB

MD5
e5e9d758c91c86faf2fa3fd4b064f4f7

SHA1
eab870a1c67431834f3cc451f7fc69c8eab69299

SHA256
ad362f892efb383cdac151852c4cbf443296f4a5db14bfbe2507c963334102b9

SHA512
a74c4417d18dc0f5a86fcd859c9e7f0b52ecf45aed9a2981fcba8db8cb13a3036e84ab54cac333f94af575fbad3b5bbd4ba893d411d3908ae639e681b0258c53

Download Submit
\Windows\system\SSlczjo.exe

Filesize
6.0MB

MD5
e9cd8a076af5e7fcba9a10f89491c2f0

SHA1
fe90748c22ec18a14d0d27b1c99e059228d3d05e

SHA256
acd134de49d522f8f454c1f8c024b19667ed9e548abd8f17cca16499390162b6

SHA512
a14b07b6350e22130620940aed3ef578f6fd37e108ca8748fe0098901d77ac48ddb7fc6cdf73331717331a9044e703926f581ffc7d532db658050859e2c229db

Download Submit
\Windows\system\gqQjfav.exe

Filesize
6.0MB

MD5
c60b29e41a7bc944fe249d744c675a1c

SHA1
46f13e6e3f4537354334848ae465a6438be31275

SHA256
4b596df10e3d4778f0de41b7e9b2834d5ab3f923d724070bc9fc3666555a2e34

SHA512
093c0f81584c644b17cd485866a44f2d1a42bd9dd312766b75217e42253ddee89bba23d663575882139b87bd0ed29f346583345ee061bc516edba05d8504236a

Download Submit
\Windows\system\pycVzrw.exe

Filesize
6.0MB

MD5
f5dafb4d726b891bef7b75cc4f011b55

SHA1
99e8d6c03b124095639dedcf55d732a8fef53fd3

SHA256
932698184ef72e11046d0275574e2895f4976069c18cafc4f3e421753dab41c1

SHA512
61d3163f6af7442e2c3ae4bfe10fb6811035220296ba46f3b8c153bdbeff10f3e13c265361768edb33eb8f50ec0c9d2aeaf79f0c82bd18be8922d0e2f3802cd2

Download Submit
memory/1584-43-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1584-4003-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1584-12-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1952-29-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1952-317-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1952-4005-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2092-109-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-20-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-4006-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-104-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-4013-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-37-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2492-1047-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2492-1352-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-1353-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2492-1046-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2492-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2492-85-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2492-115-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2492-15-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2492-76-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2492-112-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-70-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2492-116-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2492-114-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2492-18-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-23-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2492-108-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2492-0-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2492-105-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2492-53-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2492-103-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2492-31-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2564-4004-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2564-14-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2564-45-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2592-4010-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-90-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-4011-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2632-79-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2736-4012-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2736-113-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2800-4007-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2800-44-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2812-4008-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2812-35-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2812-532-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2972-4009-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2972-63-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download