cobaltstrike | cc15cb2444bc19a83a4445b97485f298ce8125e01bdec631e5ba10fbbb116c6e

Analysis

max time kernel
148s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-09-2024 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

6849619e0e6230a7208607f9296f87bf
SHA1

9078d63a4b478831c6e34c394a25096a0649ef83
SHA256

cc15cb2444bc19a83a4445b97485f298ce8125e01bdec631e5ba10fbbb116c6e
SHA512

49bc4ce1cd8824b8280398dbcc20f2f96d891ec676df6de9d1fcc5bb8af90a3f4f72a800785a58455cf43ba95ca69b7b4825101b8b9c3106586b97a233e5a184
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU3:T+q56utgpPF8u/73

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x001500000000f6b0-3.dat	cobalt_reflective_dll
behavioral1/files/0x000e000000018dcf-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018ddd-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018dea-26.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018e46-31.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018e65-46.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018e96-54.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000192e3-83.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000192d3-81.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018e9f-65.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000192ad-71.dat	cobalt_reflective_dll
behavioral1/files/0x002b000000018cf2-43.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019308-98.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019319-107.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001934f-121.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019329-117.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019380-128.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019393-131.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000193a5-137.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000193b6-139.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000193d5-147.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001942a-149.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001946b-160.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001947d-165.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001949e-179.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000194e8-187.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000194f0-192.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001950e-201.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000194f7-197.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019489-177.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019481-172.dat	cobalt_reflective_dll
behavioral1/files/0x0004000000019461-156.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1568-0-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/files/0x001500000000f6b0-3.dat	xmrig
behavioral1/memory/1560-8-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x000e000000018dcf-9.dat	xmrig
behavioral1/memory/2232-15-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x0007000000018ddd-11.dat	xmrig
behavioral1/memory/2100-21-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2632-30-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x0007000000018dea-26.dat	xmrig
behavioral1/files/0x0006000000018e46-31.dat	xmrig
behavioral1/memory/2772-37-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/1568-38-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/1560-45-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x0006000000018e65-46.dat	xmrig
behavioral1/files/0x0006000000018e96-54.dat	xmrig
behavioral1/memory/2576-53-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2232-52-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2676-61-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2544-66-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x00040000000192e3-83.dat	xmrig
behavioral1/memory/2576-87-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/1568-88-0x0000000002410000-0x0000000002764000-memory.dmp	xmrig
behavioral1/memory/3040-82-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x00040000000192d3-81.dat	xmrig
behavioral1/memory/2520-89-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x0008000000018e9f-65.dat	xmrig
behavioral1/memory/1568-63-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2592-73-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x00040000000192ad-71.dat	xmrig
behavioral1/memory/2100-55-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2788-49-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x002b000000018cf2-43.dat	xmrig
behavioral1/memory/1568-90-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2544-91-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2592-93-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/3040-94-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x0004000000019308-98.dat	xmrig
behavioral1/memory/2520-106-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2512-105-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x0004000000019319-107.dat	xmrig
behavioral1/memory/2860-113-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x000400000001934f-121.dat	xmrig
behavioral1/files/0x0004000000019329-117.dat	xmrig
behavioral1/files/0x0004000000019380-128.dat	xmrig
behavioral1/files/0x0004000000019393-131.dat	xmrig
behavioral1/files/0x00040000000193a5-137.dat	xmrig
behavioral1/files/0x00040000000193b6-139.dat	xmrig
behavioral1/files/0x00040000000193d5-147.dat	xmrig
behavioral1/files/0x000400000001942a-149.dat	xmrig
behavioral1/files/0x000400000001946b-160.dat	xmrig
behavioral1/files/0x000400000001947d-165.dat	xmrig
behavioral1/files/0x000400000001949e-179.dat	xmrig
behavioral1/files/0x00040000000194e8-187.dat	xmrig
behavioral1/files/0x00040000000194f0-192.dat	xmrig
behavioral1/files/0x000400000001950e-201.dat	xmrig
behavioral1/files/0x00040000000194f7-197.dat	xmrig
behavioral1/files/0x0004000000019489-177.dat	xmrig
behavioral1/files/0x0004000000019481-172.dat	xmrig
behavioral1/files/0x0004000000019461-156.dat	xmrig
behavioral1/memory/1560-812-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2232-825-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2772-892-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2676-949-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2576-994-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1560	hUqeeYA.exe
2232	KAKjiqY.exe
2100	ggZlooh.exe
2632	uDQKXGG.exe
2772	vYeAjiW.exe
2788	ESvPTGr.exe
2576	nCyOUrp.exe
2676	wvMYzcn.exe
2544	havjEVa.exe
2592	FavpTxa.exe
3040	cQfpYtp.exe
2520	TWbHDki.exe
2512	FrDtWnv.exe
2860	jgckggA.exe
1312	ktrevqy.exe
1484	EuEaunU.exe
1488	bfdVqvR.exe
2852	ohAPmHU.exe
2904	gSVixmK.exe
2928	Znoggea.exe
2848	hdFaQPv.exe
640	ieTUbvu.exe
692	NxSaexW.exe
1628	gdoDRSr.exe
2980	MBsovbi.exe
2224	aKeHMrN.exe
2352	KaNrAqv.exe
2376	yNMzvdk.exe
2144	immdnLu.exe
2872	hlIIDSy.exe
2280	enqVwzW.exe
1748	ONPdvFM.exe
2132	AtiJOJW.exe
1084	aqxKMMX.exe
1744	zKaWXno.exe
828	XxBdpKL.exe
1676	txNIiBE.exe
932	dWQFXbr.exe
1988	cRgrzya.exe
592	ZktNnke.exe
2264	ASiMHVz.exe
2480	AfAXNty.exe
2300	xMbuCYp.exe
308	cTYKXCT.exe
1856	UXgyGQA.exe
2836	AhAaHFy.exe
888	LBaSHWF.exe
1768	vrHYpJQ.exe
696	hjcvGfa.exe
1588	IfVPaYh.exe
1616	MMkpSlr.exe
2648	bmlvQCW.exe
2792	yhkuIPQ.exe
2720	TSWoscu.exe
2028	llklqez.exe
2900	NGHcOiy.exe
2180	tZlsNKX.exe
2104	TbpCaKg.exe
2204	ICSmqzC.exe
2668	aWOlpdD.exe
3068	ehdTEXV.exe
3044	WnEDmVT.exe
2484	ISMgEvT.exe
1092	dGnyjoW.exe

Loads dropped DLL 64 IoCs

pid	Process
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1568-0-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/files/0x001500000000f6b0-3.dat	upx
behavioral1/memory/1560-8-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x000e000000018dcf-9.dat	upx
behavioral1/memory/2232-15-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/files/0x0007000000018ddd-11.dat	upx
behavioral1/memory/2100-21-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2632-30-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x0007000000018dea-26.dat	upx
behavioral1/files/0x0006000000018e46-31.dat	upx
behavioral1/memory/2772-37-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/1568-38-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/1560-45-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x0006000000018e65-46.dat	upx
behavioral1/files/0x0006000000018e96-54.dat	upx
behavioral1/memory/2576-53-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2232-52-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2676-61-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2544-66-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x00040000000192e3-83.dat	upx
behavioral1/memory/2576-87-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/3040-82-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x00040000000192d3-81.dat	upx
behavioral1/memory/2520-89-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x0008000000018e9f-65.dat	upx
behavioral1/memory/2592-73-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x00040000000192ad-71.dat	upx
behavioral1/memory/2100-55-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2788-49-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x002b000000018cf2-43.dat	upx
behavioral1/memory/2544-91-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2592-93-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/3040-94-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x0004000000019308-98.dat	upx
behavioral1/memory/2520-106-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2512-105-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x0004000000019319-107.dat	upx
behavioral1/memory/2860-113-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x000400000001934f-121.dat	upx
behavioral1/files/0x0004000000019329-117.dat	upx
behavioral1/files/0x0004000000019380-128.dat	upx
behavioral1/files/0x0004000000019393-131.dat	upx
behavioral1/files/0x00040000000193a5-137.dat	upx
behavioral1/files/0x00040000000193b6-139.dat	upx
behavioral1/files/0x00040000000193d5-147.dat	upx
behavioral1/files/0x000400000001942a-149.dat	upx
behavioral1/files/0x000400000001946b-160.dat	upx
behavioral1/files/0x000400000001947d-165.dat	upx
behavioral1/files/0x000400000001949e-179.dat	upx
behavioral1/files/0x00040000000194e8-187.dat	upx
behavioral1/files/0x00040000000194f0-192.dat	upx
behavioral1/files/0x000400000001950e-201.dat	upx
behavioral1/files/0x00040000000194f7-197.dat	upx
behavioral1/files/0x0004000000019489-177.dat	upx
behavioral1/files/0x0004000000019481-172.dat	upx
behavioral1/files/0x0004000000019461-156.dat	upx
behavioral1/memory/1560-812-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2232-825-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2772-892-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2676-949-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2576-994-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2544-998-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2592-992-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2788-919-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GchmGEA.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UiGwSzf.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tdTrjny.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ggKzxRn.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YnIhPSu.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SGnuyQw.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhZCHiJ.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdNvgzb.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XyAXBus.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGImxKT.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uuSrzcA.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zKaWXno.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rtADJaz.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sooicfC.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EQYQTaA.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uqRYwur.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KMagoVP.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BwKMrDe.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VhjeLfv.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRWDFAs.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JCWpgxH.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VrkSAMG.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xKzobrJ.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PpUUGiP.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vWNjRKL.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VgLksOT.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pZaqvSf.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OqYGTqu.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GVkXoST.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGtBPBx.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZaPawiE.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wOnslhr.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LqiYwAy.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\slSebTa.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SAarVCN.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OxOSliL.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\efXihCy.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ORiNxia.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\umcyyfA.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ongqyxQ.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SYdcUSp.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\roJduFr.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sZkfNQT.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XoQTTCi.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNPKvVX.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxgNsZe.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cLqSADb.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\puEvJjE.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xXaKOuK.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IhEiydM.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EukfKpC.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvPAtCH.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWXybbU.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tIMXMyL.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNSTlbA.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\biUnVbU.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gaWkCEF.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNcpMzj.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gExPHmP.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MaLIbkA.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITFjtDc.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpCPqzF.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFDaHBa.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mlJXEBN.exe	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 1560	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1568 wrote to memory of 1560	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1568 wrote to memory of 1560	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1568 wrote to memory of 2232	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1568 wrote to memory of 2232	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1568 wrote to memory of 2232	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1568 wrote to memory of 2100	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1568 wrote to memory of 2100	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1568 wrote to memory of 2100	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1568 wrote to memory of 2632	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1568 wrote to memory of 2632	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1568 wrote to memory of 2632	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1568 wrote to memory of 2772	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1568 wrote to memory of 2772	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1568 wrote to memory of 2772	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1568 wrote to memory of 2788	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1568 wrote to memory of 2788	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1568 wrote to memory of 2788	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1568 wrote to memory of 2576	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1568 wrote to memory of 2576	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1568 wrote to memory of 2576	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1568 wrote to memory of 2676	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1568 wrote to memory of 2676	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1568 wrote to memory of 2676	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1568 wrote to memory of 2544	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1568 wrote to memory of 2544	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1568 wrote to memory of 2544	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1568 wrote to memory of 2592	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1568 wrote to memory of 2592	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1568 wrote to memory of 2592	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1568 wrote to memory of 3040	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1568 wrote to memory of 3040	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1568 wrote to memory of 3040	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1568 wrote to memory of 2520	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1568 wrote to memory of 2520	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1568 wrote to memory of 2520	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1568 wrote to memory of 2512	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1568 wrote to memory of 2512	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1568 wrote to memory of 2512	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1568 wrote to memory of 2860	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1568 wrote to memory of 2860	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1568 wrote to memory of 2860	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1568 wrote to memory of 1312	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1568 wrote to memory of 1312	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1568 wrote to memory of 1312	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1568 wrote to memory of 1484	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1568 wrote to memory of 1484	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1568 wrote to memory of 1484	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1568 wrote to memory of 1488	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1568 wrote to memory of 1488	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1568 wrote to memory of 1488	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1568 wrote to memory of 2852	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1568 wrote to memory of 2852	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1568 wrote to memory of 2852	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1568 wrote to memory of 2904	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1568 wrote to memory of 2904	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1568 wrote to memory of 2904	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1568 wrote to memory of 2928	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1568 wrote to memory of 2928	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1568 wrote to memory of 2928	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1568 wrote to memory of 2848	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1568 wrote to memory of 2848	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1568 wrote to memory of 2848	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1568 wrote to memory of 640	1568	2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-24_6849619e0e6230a7208607f9296f87bf_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Windows\System\hUqeeYA.exe
  C:\Windows\System\hUqeeYA.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\KAKjiqY.exe
  C:\Windows\System\KAKjiqY.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\ggZlooh.exe
  C:\Windows\System\ggZlooh.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\uDQKXGG.exe
  C:\Windows\System\uDQKXGG.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\vYeAjiW.exe
  C:\Windows\System\vYeAjiW.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\ESvPTGr.exe
  C:\Windows\System\ESvPTGr.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\nCyOUrp.exe
  C:\Windows\System\nCyOUrp.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\wvMYzcn.exe
  C:\Windows\System\wvMYzcn.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\havjEVa.exe
  C:\Windows\System\havjEVa.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\FavpTxa.exe
  C:\Windows\System\FavpTxa.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\cQfpYtp.exe
  C:\Windows\System\cQfpYtp.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\TWbHDki.exe
  C:\Windows\System\TWbHDki.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\FrDtWnv.exe
  C:\Windows\System\FrDtWnv.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\jgckggA.exe
  C:\Windows\System\jgckggA.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\ktrevqy.exe
  C:\Windows\System\ktrevqy.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\EuEaunU.exe
  C:\Windows\System\EuEaunU.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\bfdVqvR.exe
  C:\Windows\System\bfdVqvR.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\ohAPmHU.exe
  C:\Windows\System\ohAPmHU.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\gSVixmK.exe
  C:\Windows\System\gSVixmK.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\Znoggea.exe
  C:\Windows\System\Znoggea.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\hdFaQPv.exe
  C:\Windows\System\hdFaQPv.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\ieTUbvu.exe
  C:\Windows\System\ieTUbvu.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\NxSaexW.exe
  C:\Windows\System\NxSaexW.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\gdoDRSr.exe
  C:\Windows\System\gdoDRSr.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\MBsovbi.exe
  C:\Windows\System\MBsovbi.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\aKeHMrN.exe
  C:\Windows\System\aKeHMrN.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\KaNrAqv.exe
  C:\Windows\System\KaNrAqv.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\yNMzvdk.exe
  C:\Windows\System\yNMzvdk.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\immdnLu.exe
  C:\Windows\System\immdnLu.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\hlIIDSy.exe
  C:\Windows\System\hlIIDSy.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\enqVwzW.exe
  C:\Windows\System\enqVwzW.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\ONPdvFM.exe
  C:\Windows\System\ONPdvFM.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\AtiJOJW.exe
  C:\Windows\System\AtiJOJW.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\aqxKMMX.exe
  C:\Windows\System\aqxKMMX.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\zKaWXno.exe
  C:\Windows\System\zKaWXno.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\XxBdpKL.exe
  C:\Windows\System\XxBdpKL.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\txNIiBE.exe
  C:\Windows\System\txNIiBE.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\dWQFXbr.exe
  C:\Windows\System\dWQFXbr.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\cRgrzya.exe
  C:\Windows\System\cRgrzya.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\ZktNnke.exe
  C:\Windows\System\ZktNnke.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\ASiMHVz.exe
  C:\Windows\System\ASiMHVz.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\AfAXNty.exe
  C:\Windows\System\AfAXNty.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\xMbuCYp.exe
  C:\Windows\System\xMbuCYp.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\cTYKXCT.exe
  C:\Windows\System\cTYKXCT.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\UXgyGQA.exe
  C:\Windows\System\UXgyGQA.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\AhAaHFy.exe
  C:\Windows\System\AhAaHFy.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\LBaSHWF.exe
  C:\Windows\System\LBaSHWF.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\vrHYpJQ.exe
  C:\Windows\System\vrHYpJQ.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\hjcvGfa.exe
  C:\Windows\System\hjcvGfa.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\IfVPaYh.exe
  C:\Windows\System\IfVPaYh.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\MMkpSlr.exe
  C:\Windows\System\MMkpSlr.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\bmlvQCW.exe
  C:\Windows\System\bmlvQCW.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\TSWoscu.exe
  C:\Windows\System\TSWoscu.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\yhkuIPQ.exe
  C:\Windows\System\yhkuIPQ.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\NGHcOiy.exe
  C:\Windows\System\NGHcOiy.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\llklqez.exe
  C:\Windows\System\llklqez.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\tZlsNKX.exe
  C:\Windows\System\tZlsNKX.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\TbpCaKg.exe
  C:\Windows\System\TbpCaKg.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\aWOlpdD.exe
  C:\Windows\System\aWOlpdD.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\ICSmqzC.exe
  C:\Windows\System\ICSmqzC.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\ehdTEXV.exe
  C:\Windows\System\ehdTEXV.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\WnEDmVT.exe
  C:\Windows\System\WnEDmVT.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\ISMgEvT.exe
  C:\Windows\System\ISMgEvT.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\dGnyjoW.exe
  C:\Windows\System\dGnyjoW.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\mlJXEBN.exe
  C:\Windows\System\mlJXEBN.exe
  2⤵
  PID:1208
- C:\Windows\System\HABcziu.exe
  C:\Windows\System\HABcziu.exe
  2⤵
  PID:2120
- C:\Windows\System\DoIhCtz.exe
  C:\Windows\System\DoIhCtz.exe
  2⤵
  PID:2324
- C:\Windows\System\QeQftVC.exe
  C:\Windows\System\QeQftVC.exe
  2⤵
  PID:2156
- C:\Windows\System\dkAZxQc.exe
  C:\Windows\System\dkAZxQc.exe
  2⤵
  PID:2588
- C:\Windows\System\qJtygTB.exe
  C:\Windows\System\qJtygTB.exe
  2⤵
  PID:2616
- C:\Windows\System\yiPMKQw.exe
  C:\Windows\System\yiPMKQw.exe
  2⤵
  PID:1788
- C:\Windows\System\NeuzEfm.exe
  C:\Windows\System\NeuzEfm.exe
  2⤵
  PID:2580
- C:\Windows\System\raGsYBn.exe
  C:\Windows\System\raGsYBn.exe
  2⤵
  PID:1504
- C:\Windows\System\VJBYTpC.exe
  C:\Windows\System\VJBYTpC.exe
  2⤵
  PID:2328
- C:\Windows\System\eAMVGSM.exe
  C:\Windows\System\eAMVGSM.exe
  2⤵
  PID:2256
- C:\Windows\System\DCfPETd.exe
  C:\Windows\System\DCfPETd.exe
  2⤵
  PID:1860
- C:\Windows\System\xyLdbFW.exe
  C:\Windows\System\xyLdbFW.exe
  2⤵
  PID:1864
- C:\Windows\System\qNVHELX.exe
  C:\Windows\System\qNVHELX.exe
  2⤵
  PID:2176
- C:\Windows\System\miDquAD.exe
  C:\Windows\System\miDquAD.exe
  2⤵
  PID:2192
- C:\Windows\System\JYTiFxi.exe
  C:\Windows\System\JYTiFxi.exe
  2⤵
  PID:2332
- C:\Windows\System\XpIVqoq.exe
  C:\Windows\System\XpIVqoq.exe
  2⤵
  PID:2336
- C:\Windows\System\PylcTgj.exe
  C:\Windows\System\PylcTgj.exe
  2⤵
  PID:1060
- C:\Windows\System\wXozqlL.exe
  C:\Windows\System\wXozqlL.exe
  2⤵
  PID:2564
- C:\Windows\System\tdTrjny.exe
  C:\Windows\System\tdTrjny.exe
  2⤵
  PID:1516
- C:\Windows\System\tsFhyRa.exe
  C:\Windows\System\tsFhyRa.exe
  2⤵
  PID:924
- C:\Windows\System\kxKnoYe.exe
  C:\Windows\System\kxKnoYe.exe
  2⤵
  PID:1216
- C:\Windows\System\ESRtQjB.exe
  C:\Windows\System\ESRtQjB.exe
  2⤵
  PID:2868
- C:\Windows\System\jNhZTOT.exe
  C:\Windows\System\jNhZTOT.exe
  2⤵
  PID:1256
- C:\Windows\System\buANLsq.exe
  C:\Windows\System\buANLsq.exe
  2⤵
  PID:1964
- C:\Windows\System\BTQjOAj.exe
  C:\Windows\System\BTQjOAj.exe
  2⤵
  PID:2248
- C:\Windows\System\krqjLBA.exe
  C:\Windows\System\krqjLBA.exe
  2⤵
  PID:1532
- C:\Windows\System\CilDAlq.exe
  C:\Windows\System\CilDAlq.exe
  2⤵
  PID:1520
- C:\Windows\System\JKspEWG.exe
  C:\Windows\System\JKspEWG.exe
  2⤵
  PID:1716
- C:\Windows\System\ZnyPWOJ.exe
  C:\Windows\System\ZnyPWOJ.exe
  2⤵
  PID:2400
- C:\Windows\System\cHaFtNZ.exe
  C:\Windows\System\cHaFtNZ.exe
  2⤵
  PID:2812
- C:\Windows\System\dSscCqD.exe
  C:\Windows\System\dSscCqD.exe
  2⤵
  PID:2216
- C:\Windows\System\SNPKvVX.exe
  C:\Windows\System\SNPKvVX.exe
  2⤵
  PID:536
- C:\Windows\System\FJndhMp.exe
  C:\Windows\System\FJndhMp.exe
  2⤵
  PID:936
- C:\Windows\System\hIQadTm.exe
  C:\Windows\System\hIQadTm.exe
  2⤵
  PID:1708
- C:\Windows\System\DjDvqrL.exe
  C:\Windows\System\DjDvqrL.exe
  2⤵
  PID:544
- C:\Windows\System\pVEYqZN.exe
  C:\Windows\System\pVEYqZN.exe
  2⤵
  PID:2696
- C:\Windows\System\iLxpQDk.exe
  C:\Windows\System\iLxpQDk.exe
  2⤵
  PID:2504
- C:\Windows\System\uJivSYz.exe
  C:\Windows\System\uJivSYz.exe
  2⤵
  PID:3052
- C:\Windows\System\dNbxQXh.exe
  C:\Windows\System\dNbxQXh.exe
  2⤵
  PID:1096
- C:\Windows\System\COmbNCF.exe
  C:\Windows\System\COmbNCF.exe
  2⤵
  PID:2096
- C:\Windows\System\QLgpvCc.exe
  C:\Windows\System\QLgpvCc.exe
  2⤵
  PID:2776
- C:\Windows\System\ghSRlgv.exe
  C:\Windows\System\ghSRlgv.exe
  2⤵
  PID:2708
- C:\Windows\System\rbkYduD.exe
  C:\Windows\System\rbkYduD.exe
  2⤵
  PID:2012
- C:\Windows\System\jlHjTGU.exe
  C:\Windows\System\jlHjTGU.exe
  2⤵
  PID:2584
- C:\Windows\System\zRGnolr.exe
  C:\Windows\System\zRGnolr.exe
  2⤵
  PID:2828
- C:\Windows\System\XfgvBnF.exe
  C:\Windows\System\XfgvBnF.exe
  2⤵
  PID:1740
- C:\Windows\System\yNXPyRy.exe
  C:\Windows\System\yNXPyRy.exe
  2⤵
  PID:2664
- C:\Windows\System\HHeMSbd.exe
  C:\Windows\System\HHeMSbd.exe
  2⤵
  PID:2044
- C:\Windows\System\KCSVXKg.exe
  C:\Windows\System\KCSVXKg.exe
  2⤵
  PID:1316
- C:\Windows\System\bcLDDos.exe
  C:\Windows\System\bcLDDos.exe
  2⤵
  PID:832
- C:\Windows\System\xFKCmGi.exe
  C:\Windows\System\xFKCmGi.exe
  2⤵
  PID:2692
- C:\Windows\System\ciLnszP.exe
  C:\Windows\System\ciLnszP.exe
  2⤵
  PID:2712
- C:\Windows\System\CeVcPTA.exe
  C:\Windows\System\CeVcPTA.exe
  2⤵
  PID:2528
- C:\Windows\System\wOnslhr.exe
  C:\Windows\System\wOnslhr.exe
  2⤵
  PID:1992
- C:\Windows\System\vXtkEtn.exe
  C:\Windows\System\vXtkEtn.exe
  2⤵
  PID:2372
- C:\Windows\System\wqOYKxd.exe
  C:\Windows\System\wqOYKxd.exe
  2⤵
  PID:2380
- C:\Windows\System\nkgqeaF.exe
  C:\Windows\System\nkgqeaF.exe
  2⤵
  PID:2288
- C:\Windows\System\ZkIBDzj.exe
  C:\Windows\System\ZkIBDzj.exe
  2⤵
  PID:976
- C:\Windows\System\cbDYUUu.exe
  C:\Windows\System\cbDYUUu.exe
  2⤵
  PID:1500
- C:\Windows\System\rjXouuW.exe
  C:\Windows\System\rjXouuW.exe
  2⤵
  PID:2348
- C:\Windows\System\aFKofGQ.exe
  C:\Windows\System\aFKofGQ.exe
  2⤵
  PID:856
- C:\Windows\System\MMzIonq.exe
  C:\Windows\System\MMzIonq.exe
  2⤵
  PID:956
- C:\Windows\System\dMGYIno.exe
  C:\Windows\System\dMGYIno.exe
  2⤵
  PID:2284
- C:\Windows\System\WPlQQom.exe
  C:\Windows\System\WPlQQom.exe
  2⤵
  PID:2476
- C:\Windows\System\xKzobrJ.exe
  C:\Windows\System\xKzobrJ.exe
  2⤵
  PID:1720
- C:\Windows\System\pJJrMKd.exe
  C:\Windows\System\pJJrMKd.exe
  2⤵
  PID:1996
- C:\Windows\System\KSJCxpt.exe
  C:\Windows\System\KSJCxpt.exe
  2⤵
  PID:2272
- C:\Windows\System\BJtZiZk.exe
  C:\Windows\System\BJtZiZk.exe
  2⤵
  PID:2032
- C:\Windows\System\YYsOoFZ.exe
  C:\Windows\System\YYsOoFZ.exe
  2⤵
  PID:2940
- C:\Windows\System\wVmHOye.exe
  C:\Windows\System\wVmHOye.exe
  2⤵
  PID:2704
- C:\Windows\System\QGAvttS.exe
  C:\Windows\System\QGAvttS.exe
  2⤵
  PID:900
- C:\Windows\System\hyeSXvy.exe
  C:\Windows\System\hyeSXvy.exe
  2⤵
  PID:2560
- C:\Windows\System\CKOuwAP.exe
  C:\Windows\System\CKOuwAP.exe
  2⤵
  PID:2916
- C:\Windows\System\utMnkcp.exe
  C:\Windows\System\utMnkcp.exe
  2⤵
  PID:868
- C:\Windows\System\yubjnom.exe
  C:\Windows\System\yubjnom.exe
  2⤵
  PID:2356
- C:\Windows\System\TjpgDOn.exe
  C:\Windows\System\TjpgDOn.exe
  2⤵
  PID:2060
- C:\Windows\System\NVXGqvC.exe
  C:\Windows\System\NVXGqvC.exe
  2⤵
  PID:3056
- C:\Windows\System\MmDPIfa.exe
  C:\Windows\System\MmDPIfa.exe
  2⤵
  PID:1912
- C:\Windows\System\RnCBYOW.exe
  C:\Windows\System\RnCBYOW.exe
  2⤵
  PID:2024
- C:\Windows\System\QSJGdTR.exe
  C:\Windows\System\QSJGdTR.exe
  2⤵
  PID:1252
- C:\Windows\System\ggKzxRn.exe
  C:\Windows\System\ggKzxRn.exe
  2⤵
  PID:2548
- C:\Windows\System\CfmvXxc.exe
  C:\Windows\System\CfmvXxc.exe
  2⤵
  PID:1108
- C:\Windows\System\Jaiesme.exe
  C:\Windows\System\Jaiesme.exe
  2⤵
  PID:2240
- C:\Windows\System\jggwvDu.exe
  C:\Windows\System\jggwvDu.exe
  2⤵
  PID:1120
- C:\Windows\System\mLdqaLW.exe
  C:\Windows\System\mLdqaLW.exe
  2⤵
  PID:588
- C:\Windows\System\kGRjInL.exe
  C:\Windows\System\kGRjInL.exe
  2⤵
  PID:880
- C:\Windows\System\hqqGVJs.exe
  C:\Windows\System\hqqGVJs.exe
  2⤵
  PID:572
- C:\Windows\System\SrmjCrJ.exe
  C:\Windows\System\SrmjCrJ.exe
  2⤵
  PID:1796
- C:\Windows\System\SlBGVqz.exe
  C:\Windows\System\SlBGVqz.exe
  2⤵
  PID:1872
- C:\Windows\System\YKSGbNX.exe
  C:\Windows\System\YKSGbNX.exe
  2⤵
  PID:2972
- C:\Windows\System\PrubCjI.exe
  C:\Windows\System\PrubCjI.exe
  2⤵
  PID:2652
- C:\Windows\System\FTxvxow.exe
  C:\Windows\System\FTxvxow.exe
  2⤵
  PID:2124
- C:\Windows\System\hcpGkIs.exe
  C:\Windows\System\hcpGkIs.exe
  2⤵
  PID:2596
- C:\Windows\System\mHDVxJY.exe
  C:\Windows\System\mHDVxJY.exe
  2⤵
  PID:1012
- C:\Windows\System\WIMJYrj.exe
  C:\Windows\System\WIMJYrj.exe
  2⤵
  PID:2884
- C:\Windows\System\tkqwavH.exe
  C:\Windows\System\tkqwavH.exe
  2⤵
  PID:3016
- C:\Windows\System\LukSxVc.exe
  C:\Windows\System\LukSxVc.exe
  2⤵
  PID:804
- C:\Windows\System\SYdyrgB.exe
  C:\Windows\System\SYdyrgB.exe
  2⤵
  PID:2552
- C:\Windows\System\XoTyqKF.exe
  C:\Windows\System\XoTyqKF.exe
  2⤵
  PID:2244
- C:\Windows\System\yzGfOsD.exe
  C:\Windows\System\yzGfOsD.exe
  2⤵
  PID:1980
- C:\Windows\System\egjtOwE.exe
  C:\Windows\System\egjtOwE.exe
  2⤵
  PID:2008
- C:\Windows\System\ocdIran.exe
  C:\Windows\System\ocdIran.exe
  2⤵
  PID:2304
- C:\Windows\System\rdcLBZK.exe
  C:\Windows\System\rdcLBZK.exe
  2⤵
  PID:3028
- C:\Windows\System\syKXBAG.exe
  C:\Windows\System\syKXBAG.exe
  2⤵
  PID:2440
- C:\Windows\System\TpvPKAY.exe
  C:\Windows\System\TpvPKAY.exe
  2⤵
  PID:2308
- C:\Windows\System\hDEPxrK.exe
  C:\Windows\System\hDEPxrK.exe
  2⤵
  PID:1296
- C:\Windows\System\KrZrdsG.exe
  C:\Windows\System\KrZrdsG.exe
  2⤵
  PID:2508
- C:\Windows\System\cYNjDzp.exe
  C:\Windows\System\cYNjDzp.exe
  2⤵
  PID:2968
- C:\Windows\System\CBUweCE.exe
  C:\Windows\System\CBUweCE.exe
  2⤵
  PID:2068
- C:\Windows\System\DdbomsU.exe
  C:\Windows\System\DdbomsU.exe
  2⤵
  PID:1384
- C:\Windows\System\uxzevIE.exe
  C:\Windows\System\uxzevIE.exe
  2⤵
  PID:2820
- C:\Windows\System\texVnlA.exe
  C:\Windows\System\texVnlA.exe
  2⤵
  PID:2700
- C:\Windows\System\ezGehPB.exe
  C:\Windows\System\ezGehPB.exe
  2⤵
  PID:2628
- C:\Windows\System\RHVEcMj.exe
  C:\Windows\System\RHVEcMj.exe
  2⤵
  PID:1380
- C:\Windows\System\nMUGufB.exe
  C:\Windows\System\nMUGufB.exe
  2⤵
  PID:2020
- C:\Windows\System\DfnYULq.exe
  C:\Windows\System\DfnYULq.exe
  2⤵
  PID:3080
- C:\Windows\System\fOTEEUj.exe
  C:\Windows\System\fOTEEUj.exe
  2⤵
  PID:3096
- C:\Windows\System\gCzmlVv.exe
  C:\Windows\System\gCzmlVv.exe
  2⤵
  PID:3116
- C:\Windows\System\knZuOZh.exe
  C:\Windows\System\knZuOZh.exe
  2⤵
  PID:3132
- C:\Windows\System\DzcguAe.exe
  C:\Windows\System\DzcguAe.exe
  2⤵
  PID:3148
- C:\Windows\System\RbHYrFb.exe
  C:\Windows\System\RbHYrFb.exe
  2⤵
  PID:3168
- C:\Windows\System\GsuntUt.exe
  C:\Windows\System\GsuntUt.exe
  2⤵
  PID:3184
- C:\Windows\System\RXaeHPx.exe
  C:\Windows\System\RXaeHPx.exe
  2⤵
  PID:3212
- C:\Windows\System\DvcsboN.exe
  C:\Windows\System\DvcsboN.exe
  2⤵
  PID:3228
- C:\Windows\System\XiKdlIo.exe
  C:\Windows\System\XiKdlIo.exe
  2⤵
  PID:3244
- C:\Windows\System\kiaMbpk.exe
  C:\Windows\System\kiaMbpk.exe
  2⤵
  PID:3260
- C:\Windows\System\nXnZEGm.exe
  C:\Windows\System\nXnZEGm.exe
  2⤵
  PID:3276
- C:\Windows\System\zQrmeoV.exe
  C:\Windows\System\zQrmeoV.exe
  2⤵
  PID:3296
- C:\Windows\System\SuACUCs.exe
  C:\Windows\System\SuACUCs.exe
  2⤵
  PID:3312
- C:\Windows\System\ZjqIieB.exe
  C:\Windows\System\ZjqIieB.exe
  2⤵
  PID:3328
- C:\Windows\System\ItctArP.exe
  C:\Windows\System\ItctArP.exe
  2⤵
  PID:3344
- C:\Windows\System\sIRfsWl.exe
  C:\Windows\System\sIRfsWl.exe
  2⤵
  PID:3360
- C:\Windows\System\fDsWuVd.exe
  C:\Windows\System\fDsWuVd.exe
  2⤵
  PID:3380
- C:\Windows\System\jgKTYZM.exe
  C:\Windows\System\jgKTYZM.exe
  2⤵
  PID:3400
- C:\Windows\System\FNYDSnM.exe
  C:\Windows\System\FNYDSnM.exe
  2⤵
  PID:3416
- C:\Windows\System\LWHgVqV.exe
  C:\Windows\System\LWHgVqV.exe
  2⤵
  PID:3432
- C:\Windows\System\eEqrZwu.exe
  C:\Windows\System\eEqrZwu.exe
  2⤵
  PID:3448
- C:\Windows\System\JAkIZhf.exe
  C:\Windows\System\JAkIZhf.exe
  2⤵
  PID:3476
- C:\Windows\System\lFBgcCL.exe
  C:\Windows\System\lFBgcCL.exe
  2⤵
  PID:3496
- C:\Windows\System\rlPVEvs.exe
  C:\Windows\System\rlPVEvs.exe
  2⤵
  PID:3520
- C:\Windows\System\cRGmupE.exe
  C:\Windows\System\cRGmupE.exe
  2⤵
  PID:3560
- C:\Windows\System\LBxhLzp.exe
  C:\Windows\System\LBxhLzp.exe
  2⤵
  PID:3580
- C:\Windows\System\KPXyfbL.exe
  C:\Windows\System\KPXyfbL.exe
  2⤵
  PID:3668
- C:\Windows\System\YHTndgr.exe
  C:\Windows\System\YHTndgr.exe
  2⤵
  PID:3688
- C:\Windows\System\LUWZamE.exe
  C:\Windows\System\LUWZamE.exe
  2⤵
  PID:3708
- C:\Windows\System\fQHKgkT.exe
  C:\Windows\System\fQHKgkT.exe
  2⤵
  PID:3732
- C:\Windows\System\FzWmPWR.exe
  C:\Windows\System\FzWmPWR.exe
  2⤵
  PID:3748
- C:\Windows\System\vuyJJAf.exe
  C:\Windows\System\vuyJJAf.exe
  2⤵
  PID:3764
- C:\Windows\System\AKyyCbc.exe
  C:\Windows\System\AKyyCbc.exe
  2⤵
  PID:3784
- C:\Windows\System\DSaPFwx.exe
  C:\Windows\System\DSaPFwx.exe
  2⤵
  PID:3812
- C:\Windows\System\QUJRXsH.exe
  C:\Windows\System\QUJRXsH.exe
  2⤵
  PID:3828
- C:\Windows\System\GchmGEA.exe
  C:\Windows\System\GchmGEA.exe
  2⤵
  PID:3844
- C:\Windows\System\FVlcsjz.exe
  C:\Windows\System\FVlcsjz.exe
  2⤵
  PID:3860
- C:\Windows\System\WWxUjPX.exe
  C:\Windows\System\WWxUjPX.exe
  2⤵
  PID:3888
- C:\Windows\System\jvBgffo.exe
  C:\Windows\System\jvBgffo.exe
  2⤵
  PID:3912
- C:\Windows\System\oBuwnOr.exe
  C:\Windows\System\oBuwnOr.exe
  2⤵
  PID:3932
- C:\Windows\System\yduafTJ.exe
  C:\Windows\System\yduafTJ.exe
  2⤵
  PID:3948
- C:\Windows\System\tXBWvyp.exe
  C:\Windows\System\tXBWvyp.exe
  2⤵
  PID:3968
- C:\Windows\System\BtPCzoZ.exe
  C:\Windows\System\BtPCzoZ.exe
  2⤵
  PID:3984
- C:\Windows\System\jneTDGG.exe
  C:\Windows\System\jneTDGG.exe
  2⤵
  PID:4008
- C:\Windows\System\HEdRaER.exe
  C:\Windows\System\HEdRaER.exe
  2⤵
  PID:4028
- C:\Windows\System\ZqZsZgt.exe
  C:\Windows\System\ZqZsZgt.exe
  2⤵
  PID:4052
- C:\Windows\System\zFwNXDj.exe
  C:\Windows\System\zFwNXDj.exe
  2⤵
  PID:4068
- C:\Windows\System\qLUtxfG.exe
  C:\Windows\System\qLUtxfG.exe
  2⤵
  PID:4084
- C:\Windows\System\iQJqrWb.exe
  C:\Windows\System\iQJqrWb.exe
  2⤵
  PID:2188
- C:\Windows\System\frRWCrG.exe
  C:\Windows\System\frRWCrG.exe
  2⤵
  PID:1784
- C:\Windows\System\DqYQKLU.exe
  C:\Windows\System\DqYQKLU.exe
  2⤵
  PID:3108
- C:\Windows\System\HisIfIP.exe
  C:\Windows\System\HisIfIP.exe
  2⤵
  PID:3180
- C:\Windows\System\wIQTBkR.exe
  C:\Windows\System\wIQTBkR.exe
  2⤵
  PID:3124
- C:\Windows\System\pDELJtS.exe
  C:\Windows\System\pDELJtS.exe
  2⤵
  PID:3128
- C:\Windows\System\yWXybbU.exe
  C:\Windows\System\yWXybbU.exe
  2⤵
  PID:3240
- C:\Windows\System\btfGwko.exe
  C:\Windows\System\btfGwko.exe
  2⤵
  PID:3272
- C:\Windows\System\WtMfPIz.exe
  C:\Windows\System\WtMfPIz.exe
  2⤵
  PID:3292
- C:\Windows\System\LqfywEa.exe
  C:\Windows\System\LqfywEa.exe
  2⤵
  PID:3356
- C:\Windows\System\NuayAqk.exe
  C:\Windows\System\NuayAqk.exe
  2⤵
  PID:3428
- C:\Windows\System\MhWyXwa.exe
  C:\Windows\System\MhWyXwa.exe
  2⤵
  PID:3460
- C:\Windows\System\UOeFKjC.exe
  C:\Windows\System\UOeFKjC.exe
  2⤵
  PID:3492
- C:\Windows\System\kSikFzC.exe
  C:\Windows\System\kSikFzC.exe
  2⤵
  PID:3516
- C:\Windows\System\hznHoqs.exe
  C:\Windows\System\hznHoqs.exe
  2⤵
  PID:3536
- C:\Windows\System\UKDQcaG.exe
  C:\Windows\System\UKDQcaG.exe
  2⤵
  PID:3552
- C:\Windows\System\PKCUcLl.exe
  C:\Windows\System\PKCUcLl.exe
  2⤵
  PID:3600
- C:\Windows\System\zuVYoPp.exe
  C:\Windows\System\zuVYoPp.exe
  2⤵
  PID:3628
- C:\Windows\System\HlMWEXc.exe
  C:\Windows\System\HlMWEXc.exe
  2⤵
  PID:3640
- C:\Windows\System\CbDdLym.exe
  C:\Windows\System\CbDdLym.exe
  2⤵
  PID:3592
- C:\Windows\System\OgoxQQW.exe
  C:\Windows\System\OgoxQQW.exe
  2⤵
  PID:3696
- C:\Windows\System\xBGkrsj.exe
  C:\Windows\System\xBGkrsj.exe
  2⤵
  PID:3720
- C:\Windows\System\lHJmpfj.exe
  C:\Windows\System\lHJmpfj.exe
  2⤵
  PID:3760
- C:\Windows\System\gZIaFdo.exe
  C:\Windows\System\gZIaFdo.exe
  2⤵
  PID:3796
- C:\Windows\System\vjbgRoz.exe
  C:\Windows\System\vjbgRoz.exe
  2⤵
  PID:3868
- C:\Windows\System\kzSCwhV.exe
  C:\Windows\System\kzSCwhV.exe
  2⤵
  PID:3884
- C:\Windows\System\zMoollu.exe
  C:\Windows\System\zMoollu.exe
  2⤵
  PID:3908
- C:\Windows\System\XglBOCI.exe
  C:\Windows\System\XglBOCI.exe
  2⤵
  PID:3928
- C:\Windows\System\hPEvMKR.exe
  C:\Windows\System\hPEvMKR.exe
  2⤵
  PID:3940
- C:\Windows\System\TkxXYqC.exe
  C:\Windows\System\TkxXYqC.exe
  2⤵
  PID:3996
- C:\Windows\System\SoDoFWA.exe
  C:\Windows\System\SoDoFWA.exe
  2⤵
  PID:4040
- C:\Windows\System\tsEkqzL.exe
  C:\Windows\System\tsEkqzL.exe
  2⤵
  PID:2556
- C:\Windows\System\pNmIGrU.exe
  C:\Windows\System\pNmIGrU.exe
  2⤵
  PID:2312
- C:\Windows\System\dXCTRvR.exe
  C:\Windows\System\dXCTRvR.exe
  2⤵
  PID:3156
- C:\Windows\System\oxgNsZe.exe
  C:\Windows\System\oxgNsZe.exe
  2⤵
  PID:3104
- C:\Windows\System\ipKDoLj.exe
  C:\Windows\System\ipKDoLj.exe
  2⤵
  PID:3200
- C:\Windows\System\kslXGKh.exe
  C:\Windows\System\kslXGKh.exe
  2⤵
  PID:3308
- C:\Windows\System\NFCUHFl.exe
  C:\Windows\System\NFCUHFl.exe
  2⤵
  PID:3268
- C:\Windows\System\twnJXeP.exe
  C:\Windows\System\twnJXeP.exe
  2⤵
  PID:3372
- C:\Windows\System\pBgdEgH.exe
  C:\Windows\System\pBgdEgH.exe
  2⤵
  PID:3456
- C:\Windows\System\fNmigEZ.exe
  C:\Windows\System\fNmigEZ.exe
  2⤵
  PID:3568
- C:\Windows\System\VgLksOT.exe
  C:\Windows\System\VgLksOT.exe
  2⤵
  PID:3648
- C:\Windows\System\CqnKivK.exe
  C:\Windows\System\CqnKivK.exe
  2⤵
  PID:3652
- C:\Windows\System\FMaZoyx.exe
  C:\Windows\System\FMaZoyx.exe
  2⤵
  PID:3728
- C:\Windows\System\BhNegTj.exe
  C:\Windows\System\BhNegTj.exe
  2⤵
  PID:3772
- C:\Windows\System\puEvJjE.exe
  C:\Windows\System\puEvJjE.exe
  2⤵
  PID:3804
- C:\Windows\System\yYQfcAv.exe
  C:\Windows\System\yYQfcAv.exe
  2⤵
  PID:3876
- C:\Windows\System\tqrgfsx.exe
  C:\Windows\System\tqrgfsx.exe
  2⤵
  PID:3808
- C:\Windows\System\zIrCFpe.exe
  C:\Windows\System\zIrCFpe.exe
  2⤵
  PID:4004
- C:\Windows\System\DVIPVSV.exe
  C:\Windows\System\DVIPVSV.exe
  2⤵
  PID:4016
- C:\Windows\System\ulYntba.exe
  C:\Windows\System\ulYntba.exe
  2⤵
  PID:4076
- C:\Windows\System\VEYtdKh.exe
  C:\Windows\System\VEYtdKh.exe
  2⤵
  PID:3144
- C:\Windows\System\LaIcjPN.exe
  C:\Windows\System\LaIcjPN.exe
  2⤵
  PID:3088
- C:\Windows\System\isvcnao.exe
  C:\Windows\System\isvcnao.exe
  2⤵
  PID:3352
- C:\Windows\System\sDdiyUk.exe
  C:\Windows\System\sDdiyUk.exe
  2⤵
  PID:3548
- C:\Windows\System\hGekdTr.exe
  C:\Windows\System\hGekdTr.exe
  2⤵
  PID:3220
- C:\Windows\System\yaDLYgW.exe
  C:\Windows\System\yaDLYgW.exe
  2⤵
  PID:3612
- C:\Windows\System\bOkHvUy.exe
  C:\Windows\System\bOkHvUy.exe
  2⤵
  PID:3604
- C:\Windows\System\CmCMWAn.exe
  C:\Windows\System\CmCMWAn.exe
  2⤵
  PID:3596
- C:\Windows\System\mZbyKuA.exe
  C:\Windows\System\mZbyKuA.exe
  2⤵
  PID:3920
- C:\Windows\System\JMtsLAq.exe
  C:\Windows\System\JMtsLAq.exe
  2⤵
  PID:3964
- C:\Windows\System\vpcpTgf.exe
  C:\Windows\System\vpcpTgf.exe
  2⤵
  PID:4036
- C:\Windows\System\sKthLBb.exe
  C:\Windows\System\sKthLBb.exe
  2⤵
  PID:1804
- C:\Windows\System\soRxNiL.exe
  C:\Windows\System\soRxNiL.exe
  2⤵
  PID:3112
- C:\Windows\System\HghryfO.exe
  C:\Windows\System\HghryfO.exe
  2⤵
  PID:3544
- C:\Windows\System\WNOAAVs.exe
  C:\Windows\System\WNOAAVs.exe
  2⤵
  PID:3724
- C:\Windows\System\JpgzrJq.exe
  C:\Windows\System\JpgzrJq.exe
  2⤵
  PID:3780
- C:\Windows\System\ZpHGfeC.exe
  C:\Windows\System\ZpHGfeC.exe
  2⤵
  PID:3820
- C:\Windows\System\CxlaYpb.exe
  C:\Windows\System\CxlaYpb.exe
  2⤵
  PID:3196
- C:\Windows\System\OhoeJQQ.exe
  C:\Windows\System\OhoeJQQ.exe
  2⤵
  PID:3576
- C:\Windows\System\uFKCYDK.exe
  C:\Windows\System\uFKCYDK.exe
  2⤵
  PID:3288
- C:\Windows\System\lorbZQD.exe
  C:\Windows\System\lorbZQD.exe
  2⤵
  PID:3700
- C:\Windows\System\BtZtiJq.exe
  C:\Windows\System\BtZtiJq.exe
  2⤵
  PID:3664
- C:\Windows\System\ozVlwVH.exe
  C:\Windows\System\ozVlwVH.exe
  2⤵
  PID:3904
- C:\Windows\System\OGkWZhl.exe
  C:\Windows\System\OGkWZhl.exe
  2⤵
  PID:2492
- C:\Windows\System\PznxVKn.exe
  C:\Windows\System\PznxVKn.exe
  2⤵
  PID:3484
- C:\Windows\System\NyEnEER.exe
  C:\Windows\System\NyEnEER.exe
  2⤵
  PID:3616
- C:\Windows\System\uYeejBP.exe
  C:\Windows\System\uYeejBP.exe
  2⤵
  PID:4104
- C:\Windows\System\bOvkInB.exe
  C:\Windows\System\bOvkInB.exe
  2⤵
  PID:4124
- C:\Windows\System\EXRTMMG.exe
  C:\Windows\System\EXRTMMG.exe
  2⤵
  PID:4140
- C:\Windows\System\cGKstIa.exe
  C:\Windows\System\cGKstIa.exe
  2⤵
  PID:4164
- C:\Windows\System\XpTelWT.exe
  C:\Windows\System\XpTelWT.exe
  2⤵
  PID:4188
- C:\Windows\System\zUymLug.exe
  C:\Windows\System\zUymLug.exe
  2⤵
  PID:4204
- C:\Windows\System\WTcTvtV.exe
  C:\Windows\System\WTcTvtV.exe
  2⤵
  PID:4224
- C:\Windows\System\UKVAtKn.exe
  C:\Windows\System\UKVAtKn.exe
  2⤵
  PID:4244
- C:\Windows\System\mAynhVP.exe
  C:\Windows\System\mAynhVP.exe
  2⤵
  PID:4264
- C:\Windows\System\ujqpNls.exe
  C:\Windows\System\ujqpNls.exe
  2⤵
  PID:4288
- C:\Windows\System\oMrTiDB.exe
  C:\Windows\System\oMrTiDB.exe
  2⤵
  PID:4316
- C:\Windows\System\rvWzcia.exe
  C:\Windows\System\rvWzcia.exe
  2⤵
  PID:4336
- C:\Windows\System\xYALzzp.exe
  C:\Windows\System\xYALzzp.exe
  2⤵
  PID:4352
- C:\Windows\System\GLAqXPj.exe
  C:\Windows\System\GLAqXPj.exe
  2⤵
  PID:4376
- C:\Windows\System\EFZwcyS.exe
  C:\Windows\System\EFZwcyS.exe
  2⤵
  PID:4392
- C:\Windows\System\OlDnhdw.exe
  C:\Windows\System\OlDnhdw.exe
  2⤵
  PID:4408
- C:\Windows\System\fBYdnVk.exe
  C:\Windows\System\fBYdnVk.exe
  2⤵
  PID:4440
- C:\Windows\System\UuLoLfU.exe
  C:\Windows\System\UuLoLfU.exe
  2⤵
  PID:4456
- C:\Windows\System\zWGQMIm.exe
  C:\Windows\System\zWGQMIm.exe
  2⤵
  PID:4476
- C:\Windows\System\EmoZQGm.exe
  C:\Windows\System\EmoZQGm.exe
  2⤵
  PID:4496
- C:\Windows\System\EJsvfmw.exe
  C:\Windows\System\EJsvfmw.exe
  2⤵
  PID:4520
- C:\Windows\System\CaDmRCB.exe
  C:\Windows\System\CaDmRCB.exe
  2⤵
  PID:4536
- C:\Windows\System\owdLNyc.exe
  C:\Windows\System\owdLNyc.exe
  2⤵
  PID:4552
- C:\Windows\System\AugJvlx.exe
  C:\Windows\System\AugJvlx.exe
  2⤵
  PID:4580
- C:\Windows\System\gnHeWtx.exe
  C:\Windows\System\gnHeWtx.exe
  2⤵
  PID:4596
- C:\Windows\System\sPffZra.exe
  C:\Windows\System\sPffZra.exe
  2⤵
  PID:4616
- C:\Windows\System\OywcZEf.exe
  C:\Windows\System\OywcZEf.exe
  2⤵
  PID:4636
- C:\Windows\System\vFsrclR.exe
  C:\Windows\System\vFsrclR.exe
  2⤵
  PID:4660
- C:\Windows\System\QrnCcZQ.exe
  C:\Windows\System\QrnCcZQ.exe
  2⤵
  PID:4676
- C:\Windows\System\EuDJxzB.exe
  C:\Windows\System\EuDJxzB.exe
  2⤵
  PID:4696
- C:\Windows\System\ewKIFOV.exe
  C:\Windows\System\ewKIFOV.exe
  2⤵
  PID:4716
- C:\Windows\System\EAHZODu.exe
  C:\Windows\System\EAHZODu.exe
  2⤵
  PID:4736
- C:\Windows\System\KfrTqBB.exe
  C:\Windows\System\KfrTqBB.exe
  2⤵
  PID:4756
- C:\Windows\System\OYfhgsc.exe
  C:\Windows\System\OYfhgsc.exe
  2⤵
  PID:4772
- C:\Windows\System\xArKZxR.exe
  C:\Windows\System\xArKZxR.exe
  2⤵
  PID:4800
- C:\Windows\System\SdWPVpH.exe
  C:\Windows\System\SdWPVpH.exe
  2⤵
  PID:4816
- C:\Windows\System\XdDkjDJ.exe
  C:\Windows\System\XdDkjDJ.exe
  2⤵
  PID:4832
- C:\Windows\System\KbNrUdj.exe
  C:\Windows\System\KbNrUdj.exe
  2⤵
  PID:4848
- C:\Windows\System\BwdlSeK.exe
  C:\Windows\System\BwdlSeK.exe
  2⤵
  PID:4876
- C:\Windows\System\SlyDCzE.exe
  C:\Windows\System\SlyDCzE.exe
  2⤵
  PID:4900
- C:\Windows\System\sIwLPEW.exe
  C:\Windows\System\sIwLPEW.exe
  2⤵
  PID:4924
- C:\Windows\System\YCygLji.exe
  C:\Windows\System\YCygLji.exe
  2⤵
  PID:4940
- C:\Windows\System\zHcGWIh.exe
  C:\Windows\System\zHcGWIh.exe
  2⤵
  PID:4956
- C:\Windows\System\OiaYsHW.exe
  C:\Windows\System\OiaYsHW.exe
  2⤵
  PID:4972
- C:\Windows\System\CBMSxtR.exe
  C:\Windows\System\CBMSxtR.exe
  2⤵
  PID:4988
- C:\Windows\System\SuPGOEP.exe
  C:\Windows\System\SuPGOEP.exe
  2⤵
  PID:5004
- C:\Windows\System\JLChgZe.exe
  C:\Windows\System\JLChgZe.exe
  2⤵
  PID:5028
- C:\Windows\System\MCsAjTF.exe
  C:\Windows\System\MCsAjTF.exe
  2⤵
  PID:5064
- C:\Windows\System\uhGcSnB.exe
  C:\Windows\System\uhGcSnB.exe
  2⤵
  PID:5084
- C:\Windows\System\EaMGZFH.exe
  C:\Windows\System\EaMGZFH.exe
  2⤵
  PID:5100
- C:\Windows\System\IrxopcZ.exe
  C:\Windows\System\IrxopcZ.exe
  2⤵
  PID:3632
- C:\Windows\System\ovrVElP.exe
  C:\Windows\System\ovrVElP.exe
  2⤵
  PID:4172
- C:\Windows\System\VfhnThZ.exe
  C:\Windows\System\VfhnThZ.exe
  2⤵
  PID:4156
- C:\Windows\System\ORiNxia.exe
  C:\Windows\System\ORiNxia.exe
  2⤵
  PID:4176
- C:\Windows\System\AUcgSdR.exe
  C:\Windows\System\AUcgSdR.exe
  2⤵
  PID:4232
- C:\Windows\System\PrRknxO.exe
  C:\Windows\System\PrRknxO.exe
  2⤵
  PID:4236
- C:\Windows\System\iInTtma.exe
  C:\Windows\System\iInTtma.exe
  2⤵
  PID:4276
- C:\Windows\System\xXaKOuK.exe
  C:\Windows\System\xXaKOuK.exe
  2⤵
  PID:3992
- C:\Windows\System\QozjdME.exe
  C:\Windows\System\QozjdME.exe
  2⤵
  PID:4308
- C:\Windows\System\cAXBQrv.exe
  C:\Windows\System\cAXBQrv.exe
  2⤵
  PID:4324
- C:\Windows\System\osvIvzY.exe
  C:\Windows\System\osvIvzY.exe
  2⤵
  PID:4364
- C:\Windows\System\AuBMOKy.exe
  C:\Windows\System\AuBMOKy.exe
  2⤵
  PID:4428
- C:\Windows\System\etOndIP.exe
  C:\Windows\System\etOndIP.exe
  2⤵
  PID:4372
- C:\Windows\System\jwyUSLt.exe
  C:\Windows\System\jwyUSLt.exe
  2⤵
  PID:4404
- C:\Windows\System\uTZnIzF.exe
  C:\Windows\System\uTZnIzF.exe
  2⤵
  PID:4472
- C:\Windows\System\esIVXZu.exe
  C:\Windows\System\esIVXZu.exe
  2⤵
  PID:4516
- C:\Windows\System\xNXFUic.exe
  C:\Windows\System\xNXFUic.exe
  2⤵
  PID:4532
- C:\Windows\System\otEGBLT.exe
  C:\Windows\System\otEGBLT.exe
  2⤵
  PID:4588
- C:\Windows\System\nwnFErQ.exe
  C:\Windows\System\nwnFErQ.exe
  2⤵
  PID:4612
- C:\Windows\System\ShvjBgq.exe
  C:\Windows\System\ShvjBgq.exe
  2⤵
  PID:4628
- C:\Windows\System\GjJJVmc.exe
  C:\Windows\System\GjJJVmc.exe
  2⤵
  PID:4692
- C:\Windows\System\ZuFOaYw.exe
  C:\Windows\System\ZuFOaYw.exe
  2⤵
  PID:4712
- C:\Windows\System\xxlujYb.exe
  C:\Windows\System\xxlujYb.exe
  2⤵
  PID:4732
- C:\Windows\System\vyDaDRQ.exe
  C:\Windows\System\vyDaDRQ.exe
  2⤵
  PID:4788
- C:\Windows\System\WNdqQQf.exe
  C:\Windows\System\WNdqQQf.exe
  2⤵
  PID:4856
- C:\Windows\System\cXxaZCH.exe
  C:\Windows\System\cXxaZCH.exe
  2⤵
  PID:4868
- C:\Windows\System\JRviwqI.exe
  C:\Windows\System\JRviwqI.exe
  2⤵
  PID:4892
- C:\Windows\System\afTzAZp.exe
  C:\Windows\System\afTzAZp.exe
  2⤵
  PID:4936
- C:\Windows\System\BgCUZXb.exe
  C:\Windows\System\BgCUZXb.exe
  2⤵
  PID:4948
- C:\Windows\System\hOepCkX.exe
  C:\Windows\System\hOepCkX.exe
  2⤵
  PID:5016
- C:\Windows\System\ihuuNAX.exe
  C:\Windows\System\ihuuNAX.exe
  2⤵
  PID:4964
- C:\Windows\System\jgdRACA.exe
  C:\Windows\System\jgdRACA.exe
  2⤵
  PID:5044
- C:\Windows\System\gKcuOkm.exe
  C:\Windows\System\gKcuOkm.exe
  2⤵
  PID:5108
- C:\Windows\System\qLwsMbr.exe
  C:\Windows\System\qLwsMbr.exe
  2⤵
  PID:4080
- C:\Windows\System\LrgBgiX.exe
  C:\Windows\System\LrgBgiX.exe
  2⤵
  PID:4160
- C:\Windows\System\tlpNqnS.exe
  C:\Windows\System\tlpNqnS.exe
  2⤵
  PID:4212
- C:\Windows\System\jjKvByY.exe
  C:\Windows\System\jjKvByY.exe
  2⤵
  PID:4284
- C:\Windows\System\ytZCczP.exe
  C:\Windows\System\ytZCczP.exe
  2⤵
  PID:4328
- C:\Windows\System\JrMvkFO.exe
  C:\Windows\System\JrMvkFO.exe
  2⤵
  PID:3224
- C:\Windows\System\oRoGIHs.exe
  C:\Windows\System\oRoGIHs.exe
  2⤵
  PID:4300
- C:\Windows\System\UNjlGsI.exe
  C:\Windows\System\UNjlGsI.exe
  2⤵
  PID:4488
- C:\Windows\System\ynapCYI.exe
  C:\Windows\System\ynapCYI.exe
  2⤵
  PID:4572
- C:\Windows\System\umcyyfA.exe
  C:\Windows\System\umcyyfA.exe
  2⤵
  PID:4492
- C:\Windows\System\cHavQnV.exe
  C:\Windows\System\cHavQnV.exe
  2⤵
  PID:4564
- C:\Windows\System\DMDjIwd.exe
  C:\Windows\System\DMDjIwd.exe
  2⤵
  PID:4656
- C:\Windows\System\GVkXoST.exe
  C:\Windows\System\GVkXoST.exe
  2⤵
  PID:4684
- C:\Windows\System\FVWhsPL.exe
  C:\Windows\System\FVWhsPL.exe
  2⤵
  PID:4708
- C:\Windows\System\TknDlto.exe
  C:\Windows\System\TknDlto.exe
  2⤵
  PID:4768
- C:\Windows\System\QDunTBl.exe
  C:\Windows\System\QDunTBl.exe
  2⤵
  PID:4840
- C:\Windows\System\geqcYWf.exe
  C:\Windows\System\geqcYWf.exe
  2⤵
  PID:4968
- C:\Windows\System\jTPFEBb.exe
  C:\Windows\System\jTPFEBb.exe
  2⤵
  PID:5024
- C:\Windows\System\wWGyCrN.exe
  C:\Windows\System\wWGyCrN.exe
  2⤵
  PID:4368
- C:\Windows\System\MLLKlIC.exe
  C:\Windows\System\MLLKlIC.exe
  2⤵
  PID:5012
- C:\Windows\System\wqscNPo.exe
  C:\Windows\System\wqscNPo.exe
  2⤵
  PID:5096
- C:\Windows\System\dZMIPai.exe
  C:\Windows\System\dZMIPai.exe
  2⤵
  PID:4184
- C:\Windows\System\BaAPRQk.exe
  C:\Windows\System\BaAPRQk.exe
  2⤵
  PID:3424
- C:\Windows\System\crOjQtD.exe
  C:\Windows\System\crOjQtD.exe
  2⤵
  PID:4424
- C:\Windows\System\neqmaXJ.exe
  C:\Windows\System\neqmaXJ.exe
  2⤵
  PID:4448
- C:\Windows\System\MXVkpyQ.exe
  C:\Windows\System\MXVkpyQ.exe
  2⤵
  PID:4528
- C:\Windows\System\PTvmJQD.exe
  C:\Windows\System\PTvmJQD.exe
  2⤵
  PID:4652
- C:\Windows\System\YhtSnJG.exe
  C:\Windows\System\YhtSnJG.exe
  2⤵
  PID:4568
- C:\Windows\System\PpOYotF.exe
  C:\Windows\System\PpOYotF.exe
  2⤵
  PID:4812
- C:\Windows\System\DkomsyV.exe
  C:\Windows\System\DkomsyV.exe
  2⤵
  PID:4896
- C:\Windows\System\lBlfdLq.exe
  C:\Windows\System\lBlfdLq.exe
  2⤵
  PID:4916
- C:\Windows\System\GrcxSir.exe
  C:\Windows\System\GrcxSir.exe
  2⤵
  PID:5112
- C:\Windows\System\kSZYnQw.exe
  C:\Windows\System\kSZYnQw.exe
  2⤵
  PID:5116
- C:\Windows\System\TFIrxKO.exe
  C:\Windows\System\TFIrxKO.exe
  2⤵
  PID:3392
- C:\Windows\System\wPYSKHw.exe
  C:\Windows\System\wPYSKHw.exe
  2⤵
  PID:4504
- C:\Windows\System\OSJKOye.exe
  C:\Windows\System\OSJKOye.exe
  2⤵
  PID:4872
- C:\Windows\System\THowupe.exe
  C:\Windows\System\THowupe.exe
  2⤵
  PID:4608
- C:\Windows\System\whBDFji.exe
  C:\Windows\System\whBDFji.exe
  2⤵
  PID:5052
- C:\Windows\System\hRcTjmG.exe
  C:\Windows\System\hRcTjmG.exe
  2⤵
  PID:4996
- C:\Windows\System\WylmGXN.exe
  C:\Windows\System\WylmGXN.exe
  2⤵
  PID:4220
- C:\Windows\System\kzeRnCs.exe
  C:\Windows\System\kzeRnCs.exe
  2⤵
  PID:4668
- C:\Windows\System\tsXwMcD.exe
  C:\Windows\System\tsXwMcD.exe
  2⤵
  PID:4388
- C:\Windows\System\lZBpXop.exe
  C:\Windows\System\lZBpXop.exe
  2⤵
  PID:4912
- C:\Windows\System\VndTXhT.exe
  C:\Windows\System\VndTXhT.exe
  2⤵
  PID:4272
- C:\Windows\System\coLfcjK.exe
  C:\Windows\System\coLfcjK.exe
  2⤵
  PID:4332
- C:\Windows\System\sgfPGdU.exe
  C:\Windows\System\sgfPGdU.exe
  2⤵
  PID:4844
- C:\Windows\System\MVyUThe.exe
  C:\Windows\System\MVyUThe.exe
  2⤵
  PID:5124
- C:\Windows\System\llARooz.exe
  C:\Windows\System\llARooz.exe
  2⤵
  PID:5144
- C:\Windows\System\BwKMrDe.exe
  C:\Windows\System\BwKMrDe.exe
  2⤵
  PID:5160
- C:\Windows\System\nGsVSip.exe
  C:\Windows\System\nGsVSip.exe
  2⤵
  PID:5180
- C:\Windows\System\bXDYwqE.exe
  C:\Windows\System\bXDYwqE.exe
  2⤵
  PID:5196
- C:\Windows\System\RyMsNUR.exe
  C:\Windows\System\RyMsNUR.exe
  2⤵
  PID:5240
- C:\Windows\System\XoQTTCi.exe
  C:\Windows\System\XoQTTCi.exe
  2⤵
  PID:5256
- C:\Windows\System\jPTidER.exe
  C:\Windows\System\jPTidER.exe
  2⤵
  PID:5272
- C:\Windows\System\gRCjjmb.exe
  C:\Windows\System\gRCjjmb.exe
  2⤵
  PID:5296
- C:\Windows\System\iHHxqku.exe
  C:\Windows\System\iHHxqku.exe
  2⤵
  PID:5316
- C:\Windows\System\ADxHkPU.exe
  C:\Windows\System\ADxHkPU.exe
  2⤵
  PID:5336
- C:\Windows\System\mRydbyG.exe
  C:\Windows\System\mRydbyG.exe
  2⤵
  PID:5360
- C:\Windows\System\JZVjZaN.exe
  C:\Windows\System\JZVjZaN.exe
  2⤵
  PID:5384
- C:\Windows\System\qkghviD.exe
  C:\Windows\System\qkghviD.exe
  2⤵
  PID:5416
- C:\Windows\System\igLOveX.exe
  C:\Windows\System\igLOveX.exe
  2⤵
  PID:5436
- C:\Windows\System\OKzNszP.exe
  C:\Windows\System\OKzNszP.exe
  2⤵
  PID:5452
- C:\Windows\System\hmnDPSC.exe
  C:\Windows\System\hmnDPSC.exe
  2⤵
  PID:5472
- C:\Windows\System\zvYmQTg.exe
  C:\Windows\System\zvYmQTg.exe
  2⤵
  PID:5492
- C:\Windows\System\pUNrThD.exe
  C:\Windows\System\pUNrThD.exe
  2⤵
  PID:5512
- C:\Windows\System\aMgnfot.exe
  C:\Windows\System\aMgnfot.exe
  2⤵
  PID:5528
- C:\Windows\System\jiOrsUA.exe
  C:\Windows\System\jiOrsUA.exe
  2⤵
  PID:5548
- C:\Windows\System\uxoQOzL.exe
  C:\Windows\System\uxoQOzL.exe
  2⤵
  PID:5572
- C:\Windows\System\aCWBBcy.exe
  C:\Windows\System\aCWBBcy.exe
  2⤵
  PID:5600
- C:\Windows\System\IhEiydM.exe
  C:\Windows\System\IhEiydM.exe
  2⤵
  PID:5620
- C:\Windows\System\wfitijB.exe
  C:\Windows\System\wfitijB.exe
  2⤵
  PID:5640
- C:\Windows\System\Ruttvvb.exe
  C:\Windows\System\Ruttvvb.exe
  2⤵
  PID:5668
- C:\Windows\System\umuQGFz.exe
  C:\Windows\System\umuQGFz.exe
  2⤵
  PID:5684
- C:\Windows\System\FYSuBKH.exe
  C:\Windows\System\FYSuBKH.exe
  2⤵
  PID:5704
- C:\Windows\System\aTsfoSn.exe
  C:\Windows\System\aTsfoSn.exe
  2⤵
  PID:5720
- C:\Windows\System\ITFjtDc.exe
  C:\Windows\System\ITFjtDc.exe
  2⤵
  PID:5736
- C:\Windows\System\xQRbmpU.exe
  C:\Windows\System\xQRbmpU.exe
  2⤵
  PID:5752
- C:\Windows\System\aUommJT.exe
  C:\Windows\System\aUommJT.exe
  2⤵
  PID:5792
- C:\Windows\System\PQvxdTr.exe
  C:\Windows\System\PQvxdTr.exe
  2⤵
  PID:5808
- C:\Windows\System\ITYyGsT.exe
  C:\Windows\System\ITYyGsT.exe
  2⤵
  PID:5824
- C:\Windows\System\XTzXxpS.exe
  C:\Windows\System\XTzXxpS.exe
  2⤵
  PID:5840
- C:\Windows\System\fGVEaMZ.exe
  C:\Windows\System\fGVEaMZ.exe
  2⤵
  PID:5872
- C:\Windows\System\grSwdgI.exe
  C:\Windows\System\grSwdgI.exe
  2⤵
  PID:5888
- C:\Windows\System\svujSTh.exe
  C:\Windows\System\svujSTh.exe
  2⤵
  PID:5908
- C:\Windows\System\LYIghLV.exe
  C:\Windows\System\LYIghLV.exe
  2⤵
  PID:5932
- C:\Windows\System\TEIsMjS.exe
  C:\Windows\System\TEIsMjS.exe
  2⤵
  PID:5948
- C:\Windows\System\uckeXqp.exe
  C:\Windows\System\uckeXqp.exe
  2⤵
  PID:5964
- C:\Windows\System\fgXvyJT.exe
  C:\Windows\System\fgXvyJT.exe
  2⤵
  PID:5992
- C:\Windows\System\EFnUuZP.exe
  C:\Windows\System\EFnUuZP.exe
  2⤵
  PID:6008
- C:\Windows\System\DpfcDaW.exe
  C:\Windows\System\DpfcDaW.exe
  2⤵
  PID:6032
- C:\Windows\System\XBHBIzt.exe
  C:\Windows\System\XBHBIzt.exe
  2⤵
  PID:6048
- C:\Windows\System\XayvByq.exe
  C:\Windows\System\XayvByq.exe
  2⤵
  PID:6072
- C:\Windows\System\HCzuuPS.exe
  C:\Windows\System\HCzuuPS.exe
  2⤵
  PID:6088
- C:\Windows\System\DIwrTwK.exe
  C:\Windows\System\DIwrTwK.exe
  2⤵
  PID:6104
- C:\Windows\System\hhylTGs.exe
  C:\Windows\System\hhylTGs.exe
  2⤵
  PID:6124
- C:\Windows\System\qeiJiQz.exe
  C:\Windows\System\qeiJiQz.exe
  2⤵
  PID:4748
- C:\Windows\System\JBAAIOE.exe
  C:\Windows\System\JBAAIOE.exe
  2⤵
  PID:5132
- C:\Windows\System\PalftBZ.exe
  C:\Windows\System\PalftBZ.exe
  2⤵
  PID:5208
- C:\Windows\System\hrVJgLe.exe
  C:\Windows\System\hrVJgLe.exe
  2⤵
  PID:4348
- C:\Windows\System\NYbGxJH.exe
  C:\Windows\System\NYbGxJH.exe
  2⤵
  PID:5156
- C:\Windows\System\kNLSCkf.exe
  C:\Windows\System\kNLSCkf.exe
  2⤵
  PID:5236
- C:\Windows\System\crjieRq.exe
  C:\Windows\System\crjieRq.exe
  2⤵
  PID:5280
- C:\Windows\System\pzvhNfZ.exe
  C:\Windows\System\pzvhNfZ.exe
  2⤵
  PID:5288
- C:\Windows\System\pWnTrPs.exe
  C:\Windows\System\pWnTrPs.exe
  2⤵
  PID:5356
- C:\Windows\System\EZOWMPo.exe
  C:\Windows\System\EZOWMPo.exe
  2⤵
  PID:5372
- C:\Windows\System\egvBjeu.exe
  C:\Windows\System\egvBjeu.exe
  2⤵
  PID:5424
- C:\Windows\System\JhtgpBm.exe
  C:\Windows\System\JhtgpBm.exe
  2⤵
  PID:5448
- C:\Windows\System\YYqbrvJ.exe
  C:\Windows\System\YYqbrvJ.exe
  2⤵
  PID:5488
- C:\Windows\System\rBKNSmw.exe
  C:\Windows\System\rBKNSmw.exe
  2⤵
  PID:5504
- C:\Windows\System\EaAtLTg.exe
  C:\Windows\System\EaAtLTg.exe
  2⤵
  PID:5540
- C:\Windows\System\LTSXKDd.exe
  C:\Windows\System\LTSXKDd.exe
  2⤵
  PID:5412
- C:\Windows\System\uKksseA.exe
  C:\Windows\System\uKksseA.exe
  2⤵
  PID:5608
- C:\Windows\System\azeijkp.exe
  C:\Windows\System\azeijkp.exe
  2⤵
  PID:5592
- C:\Windows\System\rFeRhXM.exe
  C:\Windows\System\rFeRhXM.exe
  2⤵
  PID:5636
- C:\Windows\System\WzDeyfw.exe
  C:\Windows\System\WzDeyfw.exe
  2⤵
  PID:5700
- C:\Windows\System\dJDPnoW.exe
  C:\Windows\System\dJDPnoW.exe
  2⤵
  PID:5772
- C:\Windows\System\cjCnlXu.exe
  C:\Windows\System\cjCnlXu.exe
  2⤵
  PID:5716
- C:\Windows\System\WnsWQbI.exe
  C:\Windows\System\WnsWQbI.exe
  2⤵
  PID:5788
- C:\Windows\System\xXORRFa.exe
  C:\Windows\System\xXORRFa.exe
  2⤵
  PID:5800
- C:\Windows\System\cXbJwMi.exe
  C:\Windows\System\cXbJwMi.exe
  2⤵
  PID:5832
- C:\Windows\System\JKfbNRs.exe
  C:\Windows\System\JKfbNRs.exe
  2⤵
  PID:5900
- C:\Windows\System\flnxFRw.exe
  C:\Windows\System\flnxFRw.exe
  2⤵
  PID:5920
- C:\Windows\System\BAmtjDV.exe
  C:\Windows\System\BAmtjDV.exe
  2⤵
  PID:5972
- C:\Windows\System\PHjaoGS.exe
  C:\Windows\System\PHjaoGS.exe
  2⤵
  PID:5980
- C:\Windows\System\ZbMxIYN.exe
  C:\Windows\System\ZbMxIYN.exe
  2⤵
  PID:6028
- C:\Windows\System\VRLnaaR.exe
  C:\Windows\System\VRLnaaR.exe
  2⤵
  PID:6060
- C:\Windows\System\kTrBdIo.exe
  C:\Windows\System\kTrBdIo.exe
  2⤵
  PID:6132
- C:\Windows\System\tScOLXS.exe
  C:\Windows\System\tScOLXS.exe
  2⤵
  PID:5168
- C:\Windows\System\QpPrbNX.exe
  C:\Windows\System\QpPrbNX.exe
  2⤵
  PID:5216
- C:\Windows\System\dxxZgYK.exe
  C:\Windows\System\dxxZgYK.exe
  2⤵
  PID:4508
- C:\Windows\System\GsLIOke.exe
  C:\Windows\System\GsLIOke.exe
  2⤵
  PID:4808
- C:\Windows\System\tnDSuny.exe
  C:\Windows\System\tnDSuny.exe
  2⤵
  PID:5228
- C:\Windows\System\QxazjhK.exe
  C:\Windows\System\QxazjhK.exe
  2⤵
  PID:5352
- C:\Windows\System\xUbsxwY.exe
  C:\Windows\System\xUbsxwY.exe
  2⤵
  PID:5408
- C:\Windows\System\UIZJteN.exe
  C:\Windows\System\UIZJteN.exe
  2⤵
  PID:5368
- C:\Windows\System\nYHXMuW.exe
  C:\Windows\System\nYHXMuW.exe
  2⤵
  PID:5480
- C:\Windows\System\WwzXxvE.exe
  C:\Windows\System\WwzXxvE.exe
  2⤵
  PID:5520
- C:\Windows\System\cSxvbDd.exe
  C:\Windows\System\cSxvbDd.exe
  2⤵
  PID:5588
- C:\Windows\System\WTwJzlu.exe
  C:\Windows\System\WTwJzlu.exe
  2⤵
  PID:5656
- C:\Windows\System\lqwrUAq.exe
  C:\Windows\System\lqwrUAq.exe
  2⤵
  PID:5696
- C:\Windows\System\DYMqMgT.exe
  C:\Windows\System\DYMqMgT.exe
  2⤵
  PID:5732
- C:\Windows\System\JFZNrus.exe
  C:\Windows\System\JFZNrus.exe
  2⤵
  PID:5816
- C:\Windows\System\EXOQDwq.exe
  C:\Windows\System\EXOQDwq.exe
  2⤵
  PID:5868
- C:\Windows\System\LqiYwAy.exe
  C:\Windows\System\LqiYwAy.exe
  2⤵
  PID:5880
- C:\Windows\System\igqqERk.exe
  C:\Windows\System\igqqERk.exe
  2⤵
  PID:6004
- C:\Windows\System\zEEuKVG.exe
  C:\Windows\System\zEEuKVG.exe
  2⤵
  PID:6000
- C:\Windows\System\qGJQkek.exe
  C:\Windows\System\qGJQkek.exe
  2⤵
  PID:6040
- C:\Windows\System\ctPtJwL.exe
  C:\Windows\System\ctPtJwL.exe
  2⤵
  PID:5176
- C:\Windows\System\tIMXMyL.exe
  C:\Windows\System\tIMXMyL.exe
  2⤵
  PID:6120
- C:\Windows\System\oxiDUYc.exe
  C:\Windows\System\oxiDUYc.exe
  2⤵
  PID:5188
- C:\Windows\System\THYDCiN.exe
  C:\Windows\System\THYDCiN.exe
  2⤵
  PID:5344
- C:\Windows\System\lrDBBFL.exe
  C:\Windows\System\lrDBBFL.exe
  2⤵
  PID:5392
- C:\Windows\System\sptQUYl.exe
  C:\Windows\System\sptQUYl.exe
  2⤵
  PID:5768
- C:\Windows\System\yjDUYDH.exe
  C:\Windows\System\yjDUYDH.exe
  2⤵
  PID:5400
- C:\Windows\System\ImGywuM.exe
  C:\Windows\System\ImGywuM.exe
  2⤵
  PID:5348
- C:\Windows\System\WnvslOx.exe
  C:\Windows\System\WnvslOx.exe
  2⤵
  PID:5712
- C:\Windows\System\ZETXXBU.exe
  C:\Windows\System\ZETXXBU.exe
  2⤵
  PID:5804
- C:\Windows\System\cBQqOXU.exe
  C:\Windows\System\cBQqOXU.exe
  2⤵
  PID:5944
- C:\Windows\System\WgkrLqF.exe
  C:\Windows\System\WgkrLqF.exe
  2⤵
  PID:6020
- C:\Windows\System\AVXcKxc.exe
  C:\Windows\System\AVXcKxc.exe
  2⤵
  PID:6096
- C:\Windows\System\OgVwccb.exe
  C:\Windows\System\OgVwccb.exe
  2⤵
  PID:5444
- C:\Windows\System\mPHMrqY.exe
  C:\Windows\System\mPHMrqY.exe
  2⤵
  PID:5232
- C:\Windows\System\ssInmPx.exe
  C:\Windows\System\ssInmPx.exe
  2⤵
  PID:5564
- C:\Windows\System\wmPJxhP.exe
  C:\Windows\System\wmPJxhP.exe
  2⤵
  PID:5632
- C:\Windows\System\fYAkpzG.exe
  C:\Windows\System\fYAkpzG.exe
  2⤵
  PID:5760
- C:\Windows\System\GffzWuY.exe
  C:\Windows\System\GffzWuY.exe
  2⤵
  PID:6056
- C:\Windows\System\dIWbWLi.exe
  C:\Windows\System\dIWbWLi.exe
  2⤵
  PID:6068
- C:\Windows\System\TzgaZSk.exe
  C:\Windows\System\TzgaZSk.exe
  2⤵
  PID:6116
- C:\Windows\System\sDgXUKP.exe
  C:\Windows\System\sDgXUKP.exe
  2⤵
  PID:4728
- C:\Windows\System\XQVmMFA.exe
  C:\Windows\System\XQVmMFA.exe
  2⤵
  PID:5596
- C:\Windows\System\OSvmCaT.exe
  C:\Windows\System\OSvmCaT.exe
  2⤵
  PID:5140
- C:\Windows\System\nVQEFaH.exe
  C:\Windows\System\nVQEFaH.exe
  2⤵
  PID:5664
- C:\Windows\System\HIlJEpc.exe
  C:\Windows\System\HIlJEpc.exe
  2⤵
  PID:5292
- C:\Windows\System\qGBehoZ.exe
  C:\Windows\System\qGBehoZ.exe
  2⤵
  PID:5252
- C:\Windows\System\iQXODGb.exe
  C:\Windows\System\iQXODGb.exe
  2⤵
  PID:6160
- C:\Windows\System\uezdNjl.exe
  C:\Windows\System\uezdNjl.exe
  2⤵
  PID:6184
- C:\Windows\System\HRbRRbS.exe
  C:\Windows\System\HRbRRbS.exe
  2⤵
  PID:6204
- C:\Windows\System\viliaJv.exe
  C:\Windows\System\viliaJv.exe
  2⤵
  PID:6220
- C:\Windows\System\EReQFEI.exe
  C:\Windows\System\EReQFEI.exe
  2⤵
  PID:6240
- C:\Windows\System\tgYHzal.exe
  C:\Windows\System\tgYHzal.exe
  2⤵
  PID:6256
- C:\Windows\System\fkLdOQL.exe
  C:\Windows\System\fkLdOQL.exe
  2⤵
  PID:6280
- C:\Windows\System\EwwgGSs.exe
  C:\Windows\System\EwwgGSs.exe
  2⤵
  PID:6304
- C:\Windows\System\eGjLJiE.exe
  C:\Windows\System\eGjLJiE.exe
  2⤵
  PID:6320
- C:\Windows\System\lAbdPwH.exe
  C:\Windows\System\lAbdPwH.exe
  2⤵
  PID:6344
- C:\Windows\System\ahSBYFm.exe
  C:\Windows\System\ahSBYFm.exe
  2⤵
  PID:6364
- C:\Windows\System\cEplsFZ.exe
  C:\Windows\System\cEplsFZ.exe
  2⤵
  PID:6384
- C:\Windows\System\gRedIIP.exe
  C:\Windows\System\gRedIIP.exe
  2⤵
  PID:6400
- C:\Windows\System\kmrAnwJ.exe
  C:\Windows\System\kmrAnwJ.exe
  2⤵
  PID:6424
- C:\Windows\System\rtADJaz.exe
  C:\Windows\System\rtADJaz.exe
  2⤵
  PID:6440
- C:\Windows\System\ldzoNoP.exe
  C:\Windows\System\ldzoNoP.exe
  2⤵
  PID:6464
- C:\Windows\System\rMsEQsF.exe
  C:\Windows\System\rMsEQsF.exe
  2⤵
  PID:6492
- C:\Windows\System\QDfUJeS.exe
  C:\Windows\System\QDfUJeS.exe
  2⤵
  PID:6512
- C:\Windows\System\vpCPqzF.exe
  C:\Windows\System\vpCPqzF.exe
  2⤵
  PID:6528
- C:\Windows\System\UqTszGL.exe
  C:\Windows\System\UqTszGL.exe
  2⤵
  PID:6548
- C:\Windows\System\YQurYMy.exe
  C:\Windows\System\YQurYMy.exe
  2⤵
  PID:6568
- C:\Windows\System\IFHwwgr.exe
  C:\Windows\System\IFHwwgr.exe
  2⤵
  PID:6592
- C:\Windows\System\xRVociv.exe
  C:\Windows\System\xRVociv.exe
  2⤵
  PID:6612
- C:\Windows\System\cdEBTyE.exe
  C:\Windows\System\cdEBTyE.exe
  2⤵
  PID:6636
- C:\Windows\System\sBiqrqE.exe
  C:\Windows\System\sBiqrqE.exe
  2⤵
  PID:6652
- C:\Windows\System\UojAJVP.exe
  C:\Windows\System\UojAJVP.exe
  2⤵
  PID:6668
- C:\Windows\System\FiNiWix.exe
  C:\Windows\System\FiNiWix.exe
  2⤵
  PID:6688
- C:\Windows\System\LzuJzhD.exe
  C:\Windows\System\LzuJzhD.exe
  2⤵
  PID:6712
- C:\Windows\System\ceNjjoV.exe
  C:\Windows\System\ceNjjoV.exe
  2⤵
  PID:6728
- C:\Windows\System\ilNciqT.exe
  C:\Windows\System\ilNciqT.exe
  2⤵
  PID:6748
- C:\Windows\System\DlfMrLD.exe
  C:\Windows\System\DlfMrLD.exe
  2⤵
  PID:6772
- C:\Windows\System\SglMNPp.exe
  C:\Windows\System\SglMNPp.exe
  2⤵
  PID:6788
- C:\Windows\System\ZapAuWn.exe
  C:\Windows\System\ZapAuWn.exe
  2⤵
  PID:6808
- C:\Windows\System\kCGViHd.exe
  C:\Windows\System\kCGViHd.exe
  2⤵
  PID:6836
- C:\Windows\System\hYBxRjh.exe
  C:\Windows\System\hYBxRjh.exe
  2⤵
  PID:6852
- C:\Windows\System\XJvyJES.exe
  C:\Windows\System\XJvyJES.exe
  2⤵
  PID:6872
- C:\Windows\System\nXojbep.exe
  C:\Windows\System\nXojbep.exe
  2⤵
  PID:6892
- C:\Windows\System\MIkDmCM.exe
  C:\Windows\System\MIkDmCM.exe
  2⤵
  PID:6916
- C:\Windows\System\hODYYdu.exe
  C:\Windows\System\hODYYdu.exe
  2⤵
  PID:6932
- C:\Windows\System\zzsgJxu.exe
  C:\Windows\System\zzsgJxu.exe
  2⤵
  PID:6952
- C:\Windows\System\cBKTvrh.exe
  C:\Windows\System\cBKTvrh.exe
  2⤵
  PID:6976
- C:\Windows\System\kbbZvFd.exe
  C:\Windows\System\kbbZvFd.exe
  2⤵
  PID:6992
- C:\Windows\System\dHkjMRZ.exe
  C:\Windows\System\dHkjMRZ.exe
  2⤵
  PID:7012
- C:\Windows\System\ZsDcCGv.exe
  C:\Windows\System\ZsDcCGv.exe
  2⤵
  PID:7032
- C:\Windows\System\kwQGAEo.exe
  C:\Windows\System\kwQGAEo.exe
  2⤵
  PID:7052
- C:\Windows\System\FoSqmba.exe
  C:\Windows\System\FoSqmba.exe
  2⤵
  PID:7068
- C:\Windows\System\qkSygjz.exe
  C:\Windows\System\qkSygjz.exe
  2⤵
  PID:7084
- C:\Windows\System\wNPQpIL.exe
  C:\Windows\System\wNPQpIL.exe
  2⤵
  PID:7100
- C:\Windows\System\zXQqudu.exe
  C:\Windows\System\zXQqudu.exe
  2⤵
  PID:7132
- C:\Windows\System\YnIhPSu.exe
  C:\Windows\System\YnIhPSu.exe
  2⤵
  PID:7148
- C:\Windows\System\QRSwxNp.exe
  C:\Windows\System\QRSwxNp.exe
  2⤵
  PID:5680
- C:\Windows\System\NLuinQq.exe
  C:\Windows\System\NLuinQq.exe
  2⤵
  PID:5380
- C:\Windows\System\sXjnoDy.exe
  C:\Windows\System\sXjnoDy.exe
  2⤵
  PID:6168
- C:\Windows\System\LbnmkLK.exe
  C:\Windows\System\LbnmkLK.exe
  2⤵
  PID:5764
- C:\Windows\System\RlxgFmt.exe
  C:\Windows\System\RlxgFmt.exe
  2⤵
  PID:6236
- C:\Windows\System\DdrvnSX.exe
  C:\Windows\System\DdrvnSX.exe
  2⤵
  PID:6276
- C:\Windows\System\hdXmhPL.exe
  C:\Windows\System\hdXmhPL.exe
  2⤵
  PID:6296
- C:\Windows\System\nikZGcB.exe
  C:\Windows\System\nikZGcB.exe
  2⤵
  PID:6352
- C:\Windows\System\bNeBuLJ.exe
  C:\Windows\System\bNeBuLJ.exe
  2⤵
  PID:6376
- C:\Windows\System\EvQwnCN.exe
  C:\Windows\System\EvQwnCN.exe
  2⤵
  PID:6416
- C:\Windows\System\ZaJPsqh.exe
  C:\Windows\System\ZaJPsqh.exe
  2⤵
  PID:6436
- C:\Windows\System\SJvtWUz.exe
  C:\Windows\System\SJvtWUz.exe
  2⤵
  PID:6460
- C:\Windows\System\PcgUbzM.exe
  C:\Windows\System\PcgUbzM.exe
  2⤵
  PID:6480
- C:\Windows\System\GwBiHFU.exe
  C:\Windows\System\GwBiHFU.exe
  2⤵
  PID:6508
- C:\Windows\System\NUwTKfo.exe
  C:\Windows\System\NUwTKfo.exe
  2⤵
  PID:6544
- C:\Windows\System\oGNBNzb.exe
  C:\Windows\System\oGNBNzb.exe
  2⤵
  PID:6620
- C:\Windows\System\pTZFFMr.exe
  C:\Windows\System\pTZFFMr.exe
  2⤵
  PID:6624
- C:\Windows\System\zEyMeEA.exe
  C:\Windows\System\zEyMeEA.exe
  2⤵
  PID:6696
- C:\Windows\System\DcLokRG.exe
  C:\Windows\System\DcLokRG.exe
  2⤵
  PID:6740
- C:\Windows\System\dGSwONs.exe
  C:\Windows\System\dGSwONs.exe
  2⤵
  PID:6756
- C:\Windows\System\ganxwsZ.exe
  C:\Windows\System\ganxwsZ.exe
  2⤵
  PID:6724
- C:\Windows\System\oDPcxci.exe
  C:\Windows\System\oDPcxci.exe
  2⤵
  PID:6820
- C:\Windows\System\rfZOgIE.exe
  C:\Windows\System\rfZOgIE.exe
  2⤵
  PID:6800
- C:\Windows\System\fAizRbZ.exe
  C:\Windows\System\fAizRbZ.exe
  2⤵
  PID:6904
- C:\Windows\System\zUxPtrQ.exe
  C:\Windows\System\zUxPtrQ.exe
  2⤵
  PID:6908
- C:\Windows\System\JDNWuqw.exe
  C:\Windows\System\JDNWuqw.exe
  2⤵
  PID:6944
- C:\Windows\System\BwWAeMx.exe
  C:\Windows\System\BwWAeMx.exe
  2⤵
  PID:6972
- C:\Windows\System\dMknQcm.exe
  C:\Windows\System\dMknQcm.exe
  2⤵
  PID:7004
- C:\Windows\System\WDjEjPD.exe
  C:\Windows\System\WDjEjPD.exe
  2⤵
  PID:7064
- C:\Windows\System\EvRLshD.exe
  C:\Windows\System\EvRLshD.exe
  2⤵
  PID:7048
- C:\Windows\System\Ooavthx.exe
  C:\Windows\System\Ooavthx.exe
  2⤵
  PID:7044
- C:\Windows\System\pBFMooG.exe
  C:\Windows\System\pBFMooG.exe
  2⤵
  PID:7160
- C:\Windows\System\TZiIjOj.exe
  C:\Windows\System\TZiIjOj.exe
  2⤵
  PID:5916
- C:\Windows\System\sKncMZa.exe
  C:\Windows\System\sKncMZa.exe
  2⤵
  PID:6180
- C:\Windows\System\wCdBGjD.exe
  C:\Windows\System\wCdBGjD.exe
  2⤵
  PID:6192
- C:\Windows\System\DmEPMDA.exe
  C:\Windows\System\DmEPMDA.exe
  2⤵
  PID:2116
- C:\Windows\System\rnzvWbN.exe
  C:\Windows\System\rnzvWbN.exe
  2⤵
  PID:6252
- C:\Windows\System\OveIuFy.exe
  C:\Windows\System\OveIuFy.exe
  2⤵
  PID:6300
- C:\Windows\System\MKnjXLn.exe
  C:\Windows\System\MKnjXLn.exe
  2⤵
  PID:6408
- C:\Windows\System\vCrgjrs.exe
  C:\Windows\System\vCrgjrs.exe
  2⤵
  PID:6456
- C:\Windows\System\RMwCYbp.exe
  C:\Windows\System\RMwCYbp.exe
  2⤵
  PID:6556
- C:\Windows\System\SEjXqNT.exe
  C:\Windows\System\SEjXqNT.exe
  2⤵
  PID:6536
- C:\Windows\System\BOYeTKK.exe
  C:\Windows\System\BOYeTKK.exe
  2⤵
  PID:6564
- C:\Windows\System\THSyJOD.exe
  C:\Windows\System\THSyJOD.exe
  2⤵
  PID:6744
- C:\Windows\System\BBMMBRo.exe
  C:\Windows\System\BBMMBRo.exe
  2⤵
  PID:6816
- C:\Windows\System\eJcwrAM.exe
  C:\Windows\System\eJcwrAM.exe
  2⤵
  PID:6680
- C:\Windows\System\aMJpcZY.exe
  C:\Windows\System\aMJpcZY.exe
  2⤵
  PID:6804
- C:\Windows\System\jrygNNW.exe
  C:\Windows\System\jrygNNW.exe
  2⤵
  PID:6860
- C:\Windows\System\ZXVVUHF.exe
  C:\Windows\System\ZXVVUHF.exe
  2⤵
  PID:6964
- C:\Windows\System\AmEVqpt.exe
  C:\Windows\System\AmEVqpt.exe
  2⤵
  PID:6984
- C:\Windows\System\xFJwyDf.exe
  C:\Windows\System\xFJwyDf.exe
  2⤵
  PID:7060
- C:\Windows\System\YyieauJ.exe
  C:\Windows\System\YyieauJ.exe
  2⤵
  PID:7144
- C:\Windows\System\npAcHfG.exe
  C:\Windows\System\npAcHfG.exe
  2⤵
  PID:6216
- C:\Windows\System\DDZIyhK.exe
  C:\Windows\System\DDZIyhK.exe
  2⤵
  PID:5852
- C:\Windows\System\OStlfCv.exe
  C:\Windows\System\OStlfCv.exe
  2⤵
  PID:6200
- C:\Windows\System\yxpJNow.exe
  C:\Windows\System\yxpJNow.exe
  2⤵
  PID:6268
- C:\Windows\System\WOVMukZ.exe
  C:\Windows\System\WOVMukZ.exe
  2⤵
  PID:6484
- C:\Windows\System\spZOnyr.exe
  C:\Windows\System\spZOnyr.exe
  2⤵
  PID:5928
- C:\Windows\System\yTlFDHm.exe
  C:\Windows\System\yTlFDHm.exe
  2⤵
  PID:6520
- C:\Windows\System\hweVOtb.exe
  C:\Windows\System\hweVOtb.exe
  2⤵
  PID:2688
- C:\Windows\System\kChAiYz.exe
  C:\Windows\System\kChAiYz.exe
  2⤵
  PID:6600
- C:\Windows\System\aZhswOX.exe
  C:\Windows\System\aZhswOX.exe
  2⤵
  PID:6628
- C:\Windows\System\cpAqCNl.exe
  C:\Windows\System\cpAqCNl.exe
  2⤵
  PID:6880
- C:\Windows\System\HunZMmi.exe
  C:\Windows\System\HunZMmi.exe
  2⤵
  PID:6884
- C:\Windows\System\hXZZdve.exe
  C:\Windows\System\hXZZdve.exe
  2⤵
  PID:6928
- C:\Windows\System\VnesxYf.exe
  C:\Windows\System\VnesxYf.exe
  2⤵
  PID:7028
- C:\Windows\System\AjqrWKD.exe
  C:\Windows\System\AjqrWKD.exe
  2⤵
  PID:776
- C:\Windows\System\qYZLRWs.exe
  C:\Windows\System\qYZLRWs.exe
  2⤵
  PID:6248
- C:\Windows\System\EAIiIMW.exe
  C:\Windows\System\EAIiIMW.exe
  2⤵
  PID:6396
- C:\Windows\System\dEtyIqr.exe
  C:\Windows\System\dEtyIqr.exe
  2⤵
  PID:2748
- C:\Windows\System\ClhlOKL.exe
  C:\Windows\System\ClhlOKL.exe
  2⤵
  PID:6356
- C:\Windows\System\VmDyjOj.exe
  C:\Windows\System\VmDyjOj.exe
  2⤵
  PID:6392
- C:\Windows\System\EGCbxRj.exe
  C:\Windows\System\EGCbxRj.exe
  2⤵
  PID:6660
- C:\Windows\System\JmgmsFp.exe
  C:\Windows\System\JmgmsFp.exe
  2⤵
  PID:6832
- C:\Windows\System\nLeKaOl.exe
  C:\Windows\System\nLeKaOl.exe
  2⤵
  PID:7112
- C:\Windows\System\WxnvIHr.exe
  C:\Windows\System\WxnvIHr.exe
  2⤵
  PID:7124
- C:\Windows\System\oSdOVNG.exe
  C:\Windows\System\oSdOVNG.exe
  2⤵
  PID:6576
- C:\Windows\System\tjDIhVf.exe
  C:\Windows\System\tjDIhVf.exe
  2⤵
  PID:6924
- C:\Windows\System\IBrPfZA.exe
  C:\Windows\System\IBrPfZA.exe
  2⤵
  PID:6372
- C:\Windows\System\wZqnCwf.exe
  C:\Windows\System\wZqnCwf.exe
  2⤵
  PID:7040
- C:\Windows\System\qxsBbDv.exe
  C:\Windows\System\qxsBbDv.exe
  2⤵
  PID:6700
- C:\Windows\System\wBjiIlN.exe
  C:\Windows\System\wBjiIlN.exe
  2⤵
  PID:6784
- C:\Windows\System\NBUjDtB.exe
  C:\Windows\System\NBUjDtB.exe
  2⤵
  PID:3000
- C:\Windows\System\VghJKOG.exe
  C:\Windows\System\VghJKOG.exe
  2⤵
  PID:7184
- C:\Windows\System\vubwSdw.exe
  C:\Windows\System\vubwSdw.exe
  2⤵
  PID:7200
- C:\Windows\System\GYSToaI.exe
  C:\Windows\System\GYSToaI.exe
  2⤵
  PID:7216
- C:\Windows\System\chYuQwE.exe
  C:\Windows\System\chYuQwE.exe
  2⤵
  PID:7236
- C:\Windows\System\AlcDMyp.exe
  C:\Windows\System\AlcDMyp.exe
  2⤵
  PID:7252
- C:\Windows\System\sCqisrW.exe
  C:\Windows\System\sCqisrW.exe
  2⤵
  PID:7268
- C:\Windows\System\SylkKmH.exe
  C:\Windows\System\SylkKmH.exe
  2⤵
  PID:7328
- C:\Windows\System\IsQaUoF.exe
  C:\Windows\System\IsQaUoF.exe
  2⤵
  PID:7344
- C:\Windows\System\janirRj.exe
  C:\Windows\System\janirRj.exe
  2⤵
  PID:7360
- C:\Windows\System\EcNvosM.exe
  C:\Windows\System\EcNvosM.exe
  2⤵
  PID:7376
- C:\Windows\System\pDXRTKA.exe
  C:\Windows\System\pDXRTKA.exe
  2⤵
  PID:7392
- C:\Windows\System\tgljhkw.exe
  C:\Windows\System\tgljhkw.exe
  2⤵
  PID:7428
- C:\Windows\System\NFmcvTo.exe
  C:\Windows\System\NFmcvTo.exe
  2⤵
  PID:7448
- C:\Windows\System\GwvlFfL.exe
  C:\Windows\System\GwvlFfL.exe
  2⤵
  PID:7464
- C:\Windows\System\baocfhZ.exe
  C:\Windows\System\baocfhZ.exe
  2⤵
  PID:7480
- C:\Windows\System\uhaVISF.exe
  C:\Windows\System\uhaVISF.exe
  2⤵
  PID:7496
- C:\Windows\System\yOTWOTP.exe
  C:\Windows\System\yOTWOTP.exe
  2⤵
  PID:7516
- C:\Windows\System\ISsFsXo.exe
  C:\Windows\System\ISsFsXo.exe
  2⤵
  PID:7532
- C:\Windows\System\lfyqlfc.exe
  C:\Windows\System\lfyqlfc.exe
  2⤵
  PID:7552
- C:\Windows\System\NWmJNXZ.exe
  C:\Windows\System\NWmJNXZ.exe
  2⤵
  PID:7568
- C:\Windows\System\kpxeQlD.exe
  C:\Windows\System\kpxeQlD.exe
  2⤵
  PID:7584
- C:\Windows\System\eFMfhqI.exe
  C:\Windows\System\eFMfhqI.exe
  2⤵
  PID:7604
- C:\Windows\System\dpSmWTn.exe
  C:\Windows\System\dpSmWTn.exe
  2⤵
  PID:7628
- C:\Windows\System\nEutOUk.exe
  C:\Windows\System\nEutOUk.exe
  2⤵
  PID:7652
- C:\Windows\System\RJFkvUv.exe
  C:\Windows\System\RJFkvUv.exe
  2⤵
  PID:7672
- C:\Windows\System\itNnQbC.exe
  C:\Windows\System\itNnQbC.exe
  2⤵
  PID:7692
- C:\Windows\System\bLmMlkU.exe
  C:\Windows\System\bLmMlkU.exe
  2⤵
  PID:7712
- C:\Windows\System\fiPOcjk.exe
  C:\Windows\System\fiPOcjk.exe
  2⤵
  PID:7728
- C:\Windows\System\UjtmEzZ.exe
  C:\Windows\System\UjtmEzZ.exe
  2⤵
  PID:7752
- C:\Windows\System\APLSiQJ.exe
  C:\Windows\System\APLSiQJ.exe
  2⤵
  PID:7768
- C:\Windows\System\cLqSADb.exe
  C:\Windows\System\cLqSADb.exe
  2⤵
  PID:7788
- C:\Windows\System\KkFcprf.exe
  C:\Windows\System\KkFcprf.exe
  2⤵
  PID:7804
- C:\Windows\System\VDKSAog.exe
  C:\Windows\System\VDKSAog.exe
  2⤵
  PID:7824
- C:\Windows\System\nGlrHpA.exe
  C:\Windows\System\nGlrHpA.exe
  2⤵
  PID:7840
- C:\Windows\System\KpdbXJf.exe
  C:\Windows\System\KpdbXJf.exe
  2⤵
  PID:7856
- C:\Windows\System\fLYjUnY.exe
  C:\Windows\System\fLYjUnY.exe
  2⤵
  PID:7880
- C:\Windows\System\JxrXMbo.exe
  C:\Windows\System\JxrXMbo.exe
  2⤵
  PID:7896
- C:\Windows\System\bkGlDQj.exe
  C:\Windows\System\bkGlDQj.exe
  2⤵
  PID:7916
- C:\Windows\System\sOMMyEx.exe
  C:\Windows\System\sOMMyEx.exe
  2⤵
  PID:7936
- C:\Windows\System\CQxSTIU.exe
  C:\Windows\System\CQxSTIU.exe
  2⤵
  PID:7952
- C:\Windows\System\EsDdNlc.exe
  C:\Windows\System\EsDdNlc.exe
  2⤵
  PID:7968
- C:\Windows\System\NtDNnkx.exe
  C:\Windows\System\NtDNnkx.exe
  2⤵
  PID:8000
- C:\Windows\System\ekSnzPF.exe
  C:\Windows\System\ekSnzPF.exe
  2⤵
  PID:8016
- C:\Windows\System\dPuyRnY.exe
  C:\Windows\System\dPuyRnY.exe
  2⤵
  PID:8032
- C:\Windows\System\IGCIJiC.exe
  C:\Windows\System\IGCIJiC.exe
  2⤵
  PID:8052
- C:\Windows\System\SAlPvvS.exe
  C:\Windows\System\SAlPvvS.exe
  2⤵
  PID:8072
- C:\Windows\System\YDIWNRb.exe
  C:\Windows\System\YDIWNRb.exe
  2⤵
  PID:8088
- C:\Windows\System\FlzcgJC.exe
  C:\Windows\System\FlzcgJC.exe
  2⤵
  PID:8104
- C:\Windows\System\atQlxoF.exe
  C:\Windows\System\atQlxoF.exe
  2⤵
  PID:8128
- C:\Windows\System\eEDLsGY.exe
  C:\Windows\System\eEDLsGY.exe
  2⤵
  PID:8148
- C:\Windows\System\ixTjJyc.exe
  C:\Windows\System\ixTjJyc.exe
  2⤵
  PID:8168
- C:\Windows\System\yVsFRef.exe
  C:\Windows\System\yVsFRef.exe
  2⤵
  PID:8184
- C:\Windows\System\xANJxUX.exe
  C:\Windows\System\xANJxUX.exe
  2⤵
  PID:7080
- C:\Windows\System\oDnnTsP.exe
  C:\Windows\System\oDnnTsP.exe
  2⤵
  PID:6312
- C:\Windows\System\XgZVrag.exe
  C:\Windows\System\XgZVrag.exe
  2⤵
  PID:7288
- C:\Windows\System\LdxEQGh.exe
  C:\Windows\System\LdxEQGh.exe
  2⤵
  PID:7300
- C:\Windows\System\tpUGZPG.exe
  C:\Windows\System\tpUGZPG.exe
  2⤵
  PID:7308
- C:\Windows\System\ziJiQXR.exe
  C:\Windows\System\ziJiQXR.exe
  2⤵
  PID:2732
- C:\Windows\System\tMhBTlA.exe
  C:\Windows\System\tMhBTlA.exe
  2⤵
  PID:7260
- C:\Windows\System\HojBuBf.exe
  C:\Windows\System\HojBuBf.exe
  2⤵
  PID:7384
- C:\Windows\System\OVnNvAk.exe
  C:\Windows\System\OVnNvAk.exe
  2⤵
  PID:7368
- C:\Windows\System\PesacLu.exe
  C:\Windows\System\PesacLu.exe
  2⤵
  PID:7400
- C:\Windows\System\RlaRoYh.exe
  C:\Windows\System\RlaRoYh.exe
  2⤵
  PID:7440
- C:\Windows\System\wnUMPdJ.exe
  C:\Windows\System\wnUMPdJ.exe
  2⤵
  PID:7456
- C:\Windows\System\WlxDxAH.exe
  C:\Windows\System\WlxDxAH.exe
  2⤵
  PID:7540
- C:\Windows\System\cUBasQs.exe
  C:\Windows\System\cUBasQs.exe
  2⤵
  PID:7576
- C:\Windows\System\CCrxPMM.exe
  C:\Windows\System\CCrxPMM.exe
  2⤵
  PID:7612
- C:\Windows\System\mWNeTCn.exe
  C:\Windows\System\mWNeTCn.exe
  2⤵
  PID:7620
- C:\Windows\System\CDVjWht.exe
  C:\Windows\System\CDVjWht.exe
  2⤵
  PID:7660
- C:\Windows\System\dgYJesa.exe
  C:\Windows\System\dgYJesa.exe
  2⤵
  PID:7668
- C:\Windows\System\IcqCgCt.exe
  C:\Windows\System\IcqCgCt.exe
  2⤵
  PID:7688
- C:\Windows\System\FKODmzS.exe
  C:\Windows\System\FKODmzS.exe
  2⤵
  PID:7744
- C:\Windows\System\lgGqgkC.exe
  C:\Windows\System\lgGqgkC.exe
  2⤵
  PID:7764
- C:\Windows\System\Ieqlyga.exe
  C:\Windows\System\Ieqlyga.exe
  2⤵
  PID:7800
- C:\Windows\System\QsHlKzC.exe
  C:\Windows\System\QsHlKzC.exe
  2⤵
  PID:7836
- C:\Windows\System\NQCQPIG.exe
  C:\Windows\System\NQCQPIG.exe
  2⤵
  PID:7868
- C:\Windows\System\zKiKxUz.exe
  C:\Windows\System\zKiKxUz.exe
  2⤵
  PID:7928
- C:\Windows\System\mTmfSqz.exe
  C:\Windows\System\mTmfSqz.exe
  2⤵
  PID:7960
- C:\Windows\System\fGeVMMy.exe
  C:\Windows\System\fGeVMMy.exe
  2⤵
  PID:7992
- C:\Windows\System\zSbwGll.exe
  C:\Windows\System\zSbwGll.exe
  2⤵
  PID:7984
- C:\Windows\System\dXmTehm.exe
  C:\Windows\System\dXmTehm.exe
  2⤵
  PID:8028
- C:\Windows\System\HjQWqCd.exe
  C:\Windows\System\HjQWqCd.exe
  2⤵
  PID:8064
- C:\Windows\System\HdxSkkg.exe
  C:\Windows\System\HdxSkkg.exe
  2⤵
  PID:8120
- C:\Windows\System\RSZPBwC.exe
  C:\Windows\System\RSZPBwC.exe
  2⤵
  PID:8156
- C:\Windows\System\HKDnCnT.exe
  C:\Windows\System\HKDnCnT.exe
  2⤵
  PID:8176
- C:\Windows\System\qxmVYTW.exe
  C:\Windows\System\qxmVYTW.exe
  2⤵
  PID:7276
- C:\Windows\System\JxSpAqm.exe
  C:\Windows\System\JxSpAqm.exe
  2⤵
  PID:7248
- C:\Windows\System\ongqyxQ.exe
  C:\Windows\System\ongqyxQ.exe
  2⤵
  PID:7224
- C:\Windows\System\natTKjN.exe
  C:\Windows\System\natTKjN.exe
  2⤵
  PID:6264
- C:\Windows\System\YoNFGwx.exe
  C:\Windows\System\YoNFGwx.exe
  2⤵
  PID:7336
- C:\Windows\System\bOQyUst.exe
  C:\Windows\System\bOQyUst.exe
  2⤵
  PID:7436
- C:\Windows\System\QIZsvJD.exe
  C:\Windows\System\QIZsvJD.exe
  2⤵
  PID:7488
- C:\Windows\System\nnHLDFw.exe
  C:\Windows\System\nnHLDFw.exe
  2⤵
  PID:7528
- C:\Windows\System\oSGzdDM.exe
  C:\Windows\System\oSGzdDM.exe
  2⤵
  PID:7564
- C:\Windows\System\BgZnxqh.exe
  C:\Windows\System\BgZnxqh.exe
  2⤵
  PID:7616
- C:\Windows\System\dSRToCX.exe
  C:\Windows\System\dSRToCX.exe
  2⤵
  PID:7680
- C:\Windows\System\VhjeLfv.exe
  C:\Windows\System\VhjeLfv.exe
  2⤵
  PID:7760
- C:\Windows\System\yESADvb.exe
  C:\Windows\System\yESADvb.exe
  2⤵
  PID:7816
- C:\Windows\System\MkIcwwx.exe
  C:\Windows\System\MkIcwwx.exe
  2⤵
  PID:7888
- C:\Windows\System\NkdJkVt.exe
  C:\Windows\System\NkdJkVt.exe
  2⤵
  PID:7904
- C:\Windows\System\XSPfzth.exe
  C:\Windows\System\XSPfzth.exe
  2⤵
  PID:7512
- C:\Windows\System\RJpyhiV.exe
  C:\Windows\System\RJpyhiV.exe
  2⤵
  PID:8048
- C:\Windows\System\zOUibQH.exe
  C:\Windows\System\zOUibQH.exe
  2⤵
  PID:8080
- C:\Windows\System\lzMOHKr.exe
  C:\Windows\System\lzMOHKr.exe
  2⤵
  PID:8140
- C:\Windows\System\gLFpJzT.exe
  C:\Windows\System\gLFpJzT.exe
  2⤵
  PID:8144
- C:\Windows\System\sCLEZJn.exe
  C:\Windows\System\sCLEZJn.exe
  2⤵
  PID:7000
- C:\Windows\System\MEilWUj.exe
  C:\Windows\System\MEilWUj.exe
  2⤵
  PID:7352
- C:\Windows\System\HcRTOeq.exe
  C:\Windows\System\HcRTOeq.exe
  2⤵
  PID:7356
- C:\Windows\System\OxIVNGw.exe
  C:\Windows\System\OxIVNGw.exe
  2⤵
  PID:7600
- C:\Windows\System\oxOivQW.exe
  C:\Windows\System\oxOivQW.exe
  2⤵
  PID:7724
- C:\Windows\System\YOOGgcO.exe
  C:\Windows\System\YOOGgcO.exe
  2⤵
  PID:7636
- C:\Windows\System\QlfJenu.exe
  C:\Windows\System\QlfJenu.exe
  2⤵
  PID:7944
- C:\Windows\System\pxgXaaq.exe
  C:\Windows\System\pxgXaaq.exe
  2⤵
  PID:8008
- C:\Windows\System\yqdrAUH.exe
  C:\Windows\System\yqdrAUH.exe
  2⤵
  PID:8100
- C:\Windows\System\YEgfiVX.exe
  C:\Windows\System\YEgfiVX.exe
  2⤵
  PID:7208
- C:\Windows\System\PpxqmcV.exe
  C:\Windows\System\PpxqmcV.exe
  2⤵
  PID:7196
- C:\Windows\System\TsnQbtj.exe
  C:\Windows\System\TsnQbtj.exe
  2⤵
  PID:7548
- C:\Windows\System\IsZmzqL.exe
  C:\Windows\System\IsZmzqL.exe
  2⤵
  PID:7232
- C:\Windows\System\YPjNVAz.exe
  C:\Windows\System\YPjNVAz.exe
  2⤵
  PID:7776
- C:\Windows\System\IREEmlP.exe
  C:\Windows\System\IREEmlP.exe
  2⤵
  PID:7864
- C:\Windows\System\NxjVQNo.exe
  C:\Windows\System\NxjVQNo.exe
  2⤵
  PID:7980
- C:\Windows\System\MPppvgc.exe
  C:\Windows\System\MPppvgc.exe
  2⤵
  PID:6676
- C:\Windows\System\gaWkCEF.exe
  C:\Windows\System\gaWkCEF.exe
  2⤵
  PID:7424
- C:\Windows\System\bAADDXe.exe
  C:\Windows\System\bAADDXe.exe
  2⤵
  PID:7524
- C:\Windows\System\fOCZcTh.exe
  C:\Windows\System\fOCZcTh.exe
  2⤵
  PID:7720
- C:\Windows\System\VaRYOpl.exe
  C:\Windows\System\VaRYOpl.exe
  2⤵
  PID:7340
- C:\Windows\System\ZOllSVg.exe
  C:\Windows\System\ZOllSVg.exe
  2⤵
  PID:7876
- C:\Windows\System\yDfwiAq.exe
  C:\Windows\System\yDfwiAq.exe
  2⤵
  PID:7948
- C:\Windows\System\SGnuyQw.exe
  C:\Windows\System\SGnuyQw.exe
  2⤵
  PID:7976
- C:\Windows\System\YXnbKQd.exe
  C:\Windows\System\YXnbKQd.exe
  2⤵
  PID:8232
- C:\Windows\System\wGoOyZM.exe
  C:\Windows\System\wGoOyZM.exe
  2⤵
  PID:8248
- C:\Windows\System\fWmrQlZ.exe
  C:\Windows\System\fWmrQlZ.exe
  2⤵
  PID:8264
- C:\Windows\System\LXVRxLr.exe
  C:\Windows\System\LXVRxLr.exe
  2⤵
  PID:8284
- C:\Windows\System\WxwtJSl.exe
  C:\Windows\System\WxwtJSl.exe
  2⤵
  PID:8300
- C:\Windows\System\RqxpwBm.exe
  C:\Windows\System\RqxpwBm.exe
  2⤵
  PID:8316
- C:\Windows\System\ZyTCwPU.exe
  C:\Windows\System\ZyTCwPU.exe
  2⤵
  PID:8336
- C:\Windows\System\yZrmDxB.exe
  C:\Windows\System\yZrmDxB.exe
  2⤵
  PID:8352
- C:\Windows\System\COyOsJd.exe
  C:\Windows\System\COyOsJd.exe
  2⤵
  PID:8368
- C:\Windows\System\tLbYKoB.exe
  C:\Windows\System\tLbYKoB.exe
  2⤵
  PID:8384
- C:\Windows\System\UgDduzb.exe
  C:\Windows\System\UgDduzb.exe
  2⤵
  PID:8400
- C:\Windows\System\OxOSliL.exe
  C:\Windows\System\OxOSliL.exe
  2⤵
  PID:8416
- C:\Windows\System\NeZqCSq.exe
  C:\Windows\System\NeZqCSq.exe
  2⤵
  PID:8432
- C:\Windows\System\DxFrIzr.exe
  C:\Windows\System\DxFrIzr.exe
  2⤵
  PID:8464
- C:\Windows\System\VVfmhkF.exe
  C:\Windows\System\VVfmhkF.exe
  2⤵
  PID:8488
- C:\Windows\System\FXjjooA.exe
  C:\Windows\System\FXjjooA.exe
  2⤵
  PID:8504
- C:\Windows\System\smwNgOe.exe
  C:\Windows\System\smwNgOe.exe
  2⤵
  PID:8528
- C:\Windows\System\mJIJbdV.exe
  C:\Windows\System\mJIJbdV.exe
  2⤵
  PID:8544
- C:\Windows\System\miSCsah.exe
  C:\Windows\System\miSCsah.exe
  2⤵
  PID:8560
- C:\Windows\System\ZVMLYcc.exe
  C:\Windows\System\ZVMLYcc.exe
  2⤵
  PID:8580
- C:\Windows\System\eOkzdRL.exe
  C:\Windows\System\eOkzdRL.exe
  2⤵
  PID:8596
- C:\Windows\System\UVethvP.exe
  C:\Windows\System\UVethvP.exe
  2⤵
  PID:8620
- C:\Windows\System\TsEqTKQ.exe
  C:\Windows\System\TsEqTKQ.exe
  2⤵
  PID:8644
- C:\Windows\System\wAiTcwz.exe
  C:\Windows\System\wAiTcwz.exe
  2⤵
  PID:8664
- C:\Windows\System\oEEdNpq.exe
  C:\Windows\System\oEEdNpq.exe
  2⤵
  PID:8684
- C:\Windows\System\BUpjmjU.exe
  C:\Windows\System\BUpjmjU.exe
  2⤵
  PID:8704
- C:\Windows\System\GhZCHiJ.exe
  C:\Windows\System\GhZCHiJ.exe
  2⤵
  PID:8724
- C:\Windows\System\ciYuOyw.exe
  C:\Windows\System\ciYuOyw.exe
  2⤵
  PID:8740
- C:\Windows\System\jsyRPcF.exe
  C:\Windows\System\jsyRPcF.exe
  2⤵
  PID:8756
- C:\Windows\System\GMpFYYh.exe
  C:\Windows\System\GMpFYYh.exe
  2⤵
  PID:8772
- C:\Windows\System\plUgECx.exe
  C:\Windows\System\plUgECx.exe
  2⤵
  PID:8788
- C:\Windows\System\qRhHdAB.exe
  C:\Windows\System\qRhHdAB.exe
  2⤵
  PID:8804
- C:\Windows\System\SoForQS.exe
  C:\Windows\System\SoForQS.exe
  2⤵
  PID:8820
- C:\Windows\System\nNSTlbA.exe
  C:\Windows\System\nNSTlbA.exe
  2⤵
  PID:8836
- C:\Windows\System\ixjQaVZ.exe
  C:\Windows\System\ixjQaVZ.exe
  2⤵
  PID:8856
- C:\Windows\System\HpzzZbj.exe
  C:\Windows\System\HpzzZbj.exe
  2⤵
  PID:8872
- C:\Windows\System\KjpJeJW.exe
  C:\Windows\System\KjpJeJW.exe
  2⤵
  PID:8888
- C:\Windows\System\rGJNehU.exe
  C:\Windows\System\rGJNehU.exe
  2⤵
  PID:8904
- C:\Windows\System\lbKEgHM.exe
  C:\Windows\System\lbKEgHM.exe
  2⤵
  PID:8920
- C:\Windows\System\seUqrad.exe
  C:\Windows\System\seUqrad.exe
  2⤵
  PID:8936
- C:\Windows\System\RBXCjBf.exe
  C:\Windows\System\RBXCjBf.exe
  2⤵
  PID:8952
- C:\Windows\System\MGaWSgz.exe
  C:\Windows\System\MGaWSgz.exe
  2⤵
  PID:8968
- C:\Windows\System\cyxFZjz.exe
  C:\Windows\System\cyxFZjz.exe
  2⤵
  PID:8984
- C:\Windows\System\jkUVDVa.exe
  C:\Windows\System\jkUVDVa.exe
  2⤵
  PID:9000
- C:\Windows\System\uuchtLs.exe
  C:\Windows\System\uuchtLs.exe
  2⤵
  PID:9020
- C:\Windows\System\glhahlJ.exe
  C:\Windows\System\glhahlJ.exe
  2⤵
  PID:9036
- C:\Windows\System\RyHEVCL.exe
  C:\Windows\System\RyHEVCL.exe
  2⤵
  PID:9052
- C:\Windows\System\tpxWxvh.exe
  C:\Windows\System\tpxWxvh.exe
  2⤵
  PID:9068
- C:\Windows\System\siGeUZn.exe
  C:\Windows\System\siGeUZn.exe
  2⤵
  PID:9092
- C:\Windows\System\hgIpnsu.exe
  C:\Windows\System\hgIpnsu.exe
  2⤵
  PID:9112
- C:\Windows\System\nEODSLf.exe
  C:\Windows\System\nEODSLf.exe
  2⤵
  PID:9128
- C:\Windows\System\AZDZBSJ.exe
  C:\Windows\System\AZDZBSJ.exe
  2⤵
  PID:9144
- C:\Windows\System\ZkYrSBl.exe
  C:\Windows\System\ZkYrSBl.exe
  2⤵
  PID:9160
- C:\Windows\System\OcHBYjg.exe
  C:\Windows\System\OcHBYjg.exe
  2⤵
  PID:9176
- C:\Windows\System\oLTHgoO.exe
  C:\Windows\System\oLTHgoO.exe
  2⤵
  PID:9192
- C:\Windows\System\JEyJIJN.exe
  C:\Windows\System\JEyJIJN.exe
  2⤵
  PID:9208
- C:\Windows\System\cCvuSJB.exe
  C:\Windows\System\cCvuSJB.exe
  2⤵
  PID:7444
- C:\Windows\System\BCbOgMM.exe
  C:\Windows\System\BCbOgMM.exe
  2⤵
  PID:7264
- C:\Windows\System\mLTGWeI.exe
  C:\Windows\System\mLTGWeI.exe
  2⤵
  PID:8240
- C:\Windows\System\pyhzFSU.exe
  C:\Windows\System\pyhzFSU.exe
  2⤵
  PID:8272
- C:\Windows\System\bPXGfAG.exe
  C:\Windows\System\bPXGfAG.exe
  2⤵
  PID:8308
- C:\Windows\System\GeOBSfO.exe
  C:\Windows\System\GeOBSfO.exe
  2⤵
  PID:8328
- C:\Windows\System\CVmfpbg.exe
  C:\Windows\System\CVmfpbg.exe
  2⤵
  PID:8348
- C:\Windows\System\fvZlxef.exe
  C:\Windows\System\fvZlxef.exe
  2⤵
  PID:8380
- C:\Windows\System\ZIASYXH.exe
  C:\Windows\System\ZIASYXH.exe
  2⤵
  PID:8392
- C:\Windows\System\gQUBdOy.exe
  C:\Windows\System\gQUBdOy.exe
  2⤵
  PID:8448
- C:\Windows\System\RTFpfGj.exe
  C:\Windows\System\RTFpfGj.exe
  2⤵
  PID:8472
- C:\Windows\System\aVwZglC.exe
  C:\Windows\System\aVwZglC.exe
  2⤵
  PID:8496
- C:\Windows\System\cKQinrY.exe
  C:\Windows\System\cKQinrY.exe
  2⤵
  PID:8516
- C:\Windows\System\nEhImFP.exe
  C:\Windows\System\nEhImFP.exe
  2⤵
  PID:8556
- C:\Windows\System\uzHwypb.exe
  C:\Windows\System\uzHwypb.exe
  2⤵
  PID:8588
- C:\Windows\System\AqJfBvb.exe
  C:\Windows\System\AqJfBvb.exe
  2⤵
  PID:8612
- C:\Windows\System\unedywJ.exe
  C:\Windows\System\unedywJ.exe
  2⤵
  PID:8660
- C:\Windows\System\lICmZEp.exe
  C:\Windows\System\lICmZEp.exe
  2⤵
  PID:8636
- C:\Windows\System\fOmrYmE.exe
  C:\Windows\System\fOmrYmE.exe
  2⤵
  PID:8680
- C:\Windows\System\YmUBwzt.exe
  C:\Windows\System\YmUBwzt.exe
  2⤵
  PID:8716
- C:\Windows\System\JQKyzws.exe
  C:\Windows\System\JQKyzws.exe
  2⤵
  PID:8764
- C:\Windows\System\jENJWNj.exe
  C:\Windows\System\jENJWNj.exe
  2⤵
  PID:8796
- C:\Windows\System\pZaqvSf.exe
  C:\Windows\System\pZaqvSf.exe
  2⤵
  PID:8832
- C:\Windows\System\VuYRFxh.exe
  C:\Windows\System\VuYRFxh.exe
  2⤵
  PID:8864
- C:\Windows\System\HWWiudl.exe
  C:\Windows\System\HWWiudl.exe
  2⤵
  PID:8896
- C:\Windows\System\cRBbiOP.exe
  C:\Windows\System\cRBbiOP.exe
  2⤵
  PID:8916
- C:\Windows\System\DVEKQGp.exe
  C:\Windows\System\DVEKQGp.exe
  2⤵
  PID:8964
- C:\Windows\System\gRAdmlm.exe
  C:\Windows\System\gRAdmlm.exe
  2⤵
  PID:8996
- C:\Windows\System\LWYGFdr.exe
  C:\Windows\System\LWYGFdr.exe
  2⤵
  PID:9012
- C:\Windows\System\AcQdDRo.exe
  C:\Windows\System\AcQdDRo.exe
  2⤵
  PID:9044
- C:\Windows\System\svwwbLp.exe
  C:\Windows\System\svwwbLp.exe
  2⤵
  PID:9084
- C:\Windows\System\yEkDIPX.exe
  C:\Windows\System\yEkDIPX.exe
  2⤵
  PID:9104
- C:\Windows\System\DyyYMOH.exe
  C:\Windows\System\DyyYMOH.exe
  2⤵
  PID:9168
- C:\Windows\System\MfwKASf.exe
  C:\Windows\System\MfwKASf.exe
  2⤵
  PID:9152
- C:\Windows\System\LWaBFgK.exe
  C:\Windows\System\LWaBFgK.exe
  2⤵
  PID:9188
- C:\Windows\System\cKscRHu.exe
  C:\Windows\System\cKscRHu.exe
  2⤵
  PID:8196
- C:\Windows\System\DSTADmy.exe
  C:\Windows\System\DSTADmy.exe
  2⤵
  PID:1848
- C:\Windows\System\TnnTanp.exe
  C:\Windows\System\TnnTanp.exe
  2⤵
  PID:8324
- C:\Windows\System\sRCoPlI.exe
  C:\Windows\System\sRCoPlI.exe
  2⤵
  PID:8364
- C:\Windows\System\SqQkBHG.exe
  C:\Windows\System\SqQkBHG.exe
  2⤵
  PID:8396
- C:\Windows\System\BevyjRn.exe
  C:\Windows\System\BevyjRn.exe
  2⤵
  PID:8480
- C:\Windows\System\krAWCmV.exe
  C:\Windows\System\krAWCmV.exe
  2⤵
  PID:8552
- C:\Windows\System\cJTwCjc.exe
  C:\Windows\System\cJTwCjc.exe
  2⤵
  PID:8540
- C:\Windows\System\JCWpgxH.exe
  C:\Windows\System\JCWpgxH.exe
  2⤵
  PID:8628
- C:\Windows\System\cLRsdLq.exe
  C:\Windows\System\cLRsdLq.exe
  2⤵
  PID:8656
- C:\Windows\System\qxXhfEH.exe
  C:\Windows\System\qxXhfEH.exe
  2⤵
  PID:8784
- C:\Windows\System\cxoxcvS.exe
  C:\Windows\System\cxoxcvS.exe
  2⤵
  PID:8812
- C:\Windows\System\wdNvgzb.exe
  C:\Windows\System\wdNvgzb.exe
  2⤵
  PID:8828
- C:\Windows\System\sRWDFAs.exe
  C:\Windows\System\sRWDFAs.exe
  2⤵
  PID:8928
- C:\Windows\System\fRsVxsz.exe
  C:\Windows\System\fRsVxsz.exe
  2⤵
  PID:8980
- C:\Windows\System\muqjuJS.exe
  C:\Windows\System\muqjuJS.exe
  2⤵
  PID:9028
- C:\Windows\System\aqYTkQi.exe
  C:\Windows\System\aqYTkQi.exe
  2⤵
  PID:9100
- C:\Windows\System\XmjdiUu.exe
  C:\Windows\System\XmjdiUu.exe
  2⤵
  PID:9140
- C:\Windows\System\sEeqzHq.exe
  C:\Windows\System\sEeqzHq.exe
  2⤵
  PID:8296
- C:\Windows\System\tlhNjbd.exe
  C:\Windows\System\tlhNjbd.exe
  2⤵
  PID:8332
- C:\Windows\System\EUcSrAI.exe
  C:\Windows\System\EUcSrAI.exe
  2⤵
  PID:8520
- C:\Windows\System\kHGTZOU.exe
  C:\Windows\System\kHGTZOU.exe
  2⤵
  PID:8608
- C:\Windows\System\MqDrofb.exe
  C:\Windows\System\MqDrofb.exe
  2⤵
  PID:8712
- C:\Windows\System\UTMBDgn.exe
  C:\Windows\System\UTMBDgn.exe
  2⤵
  PID:8848
- C:\Windows\System\qEToXnz.exe
  C:\Windows\System\qEToXnz.exe
  2⤵
  PID:8932
- C:\Windows\System\BEUECJX.exe
  C:\Windows\System\BEUECJX.exe
  2⤵
  PID:9080
- C:\Windows\System\TqLmiZV.exe
  C:\Windows\System\TqLmiZV.exe
  2⤵
  PID:9172
- C:\Windows\System\KDMRHOG.exe
  C:\Windows\System\KDMRHOG.exe
  2⤵
  PID:9184
- C:\Windows\System\RCrFQCm.exe
  C:\Windows\System\RCrFQCm.exe
  2⤵
  PID:8228
- C:\Windows\System\xnZTxlD.exe
  C:\Windows\System\xnZTxlD.exe
  2⤵
  PID:8460
- C:\Windows\System\IQSvnms.exe
  C:\Windows\System\IQSvnms.exe
  2⤵
  PID:8880
- C:\Windows\System\qKihsHc.exe
  C:\Windows\System\qKihsHc.exe
  2⤵
  PID:8652
- C:\Windows\System\ZPDMGtQ.exe
  C:\Windows\System\ZPDMGtQ.exe
  2⤵
  PID:7320
- C:\Windows\System\srrhWZa.exe
  C:\Windows\System\srrhWZa.exe
  2⤵
  PID:8428
- C:\Windows\System\PlkFQHb.exe
  C:\Windows\System\PlkFQHb.exe
  2⤵
  PID:9076
- C:\Windows\System\sIrQtSc.exe
  C:\Windows\System\sIrQtSc.exe
  2⤵
  PID:9108
- C:\Windows\System\wzRZKdR.exe
  C:\Windows\System\wzRZKdR.exe
  2⤵
  PID:8852
- C:\Windows\System\RzHsuWb.exe
  C:\Windows\System\RzHsuWb.exe
  2⤵
  PID:8676
- C:\Windows\System\zXfvIvN.exe
  C:\Windows\System\zXfvIvN.exe
  2⤵
  PID:9228
- C:\Windows\System\jXFTEoL.exe
  C:\Windows\System\jXFTEoL.exe
  2⤵
  PID:9244
- C:\Windows\System\nwjYfvW.exe
  C:\Windows\System\nwjYfvW.exe
  2⤵
  PID:9260
- C:\Windows\System\pvlbnNp.exe
  C:\Windows\System\pvlbnNp.exe
  2⤵
  PID:9276
- C:\Windows\System\hJlIebm.exe
  C:\Windows\System\hJlIebm.exe
  2⤵
  PID:9292
- C:\Windows\System\GuastUQ.exe
  C:\Windows\System\GuastUQ.exe
  2⤵
  PID:9308
- C:\Windows\System\yHklczc.exe
  C:\Windows\System\yHklczc.exe
  2⤵
  PID:9324
- C:\Windows\System\Aqsncsj.exe
  C:\Windows\System\Aqsncsj.exe
  2⤵
  PID:9340
- C:\Windows\System\iOcWlMq.exe
  C:\Windows\System\iOcWlMq.exe
  2⤵
  PID:9356
- C:\Windows\System\XlxFgIf.exe
  C:\Windows\System\XlxFgIf.exe
  2⤵
  PID:9376
- C:\Windows\System\kUGPbwT.exe
  C:\Windows\System\kUGPbwT.exe
  2⤵
  PID:9392
- C:\Windows\System\RCkeuje.exe
  C:\Windows\System\RCkeuje.exe
  2⤵
  PID:9416
- C:\Windows\System\nOWshoG.exe
  C:\Windows\System\nOWshoG.exe
  2⤵
  PID:9448
- C:\Windows\System\onwFmbx.exe
  C:\Windows\System\onwFmbx.exe
  2⤵
  PID:9468
- C:\Windows\System\waXbjkC.exe
  C:\Windows\System\waXbjkC.exe
  2⤵
  PID:9488
- C:\Windows\System\swYvUbA.exe
  C:\Windows\System\swYvUbA.exe
  2⤵
  PID:9508
- C:\Windows\System\cQOYljW.exe
  C:\Windows\System\cQOYljW.exe
  2⤵
  PID:9524
- C:\Windows\System\MUribML.exe
  C:\Windows\System\MUribML.exe
  2⤵
  PID:9540
- C:\Windows\System\qvQiQRd.exe
  C:\Windows\System\qvQiQRd.exe
  2⤵
  PID:9568
- C:\Windows\System\HVwROeK.exe
  C:\Windows\System\HVwROeK.exe
  2⤵
  PID:9608
- C:\Windows\System\IwvHgpx.exe
  C:\Windows\System\IwvHgpx.exe
  2⤵
  PID:9628
- C:\Windows\System\DnXpTLE.exe
  C:\Windows\System\DnXpTLE.exe
  2⤵
  PID:9648
- C:\Windows\System\cVTYKXv.exe
  C:\Windows\System\cVTYKXv.exe
  2⤵
  PID:9664
- C:\Windows\System\cpkyXWS.exe
  C:\Windows\System\cpkyXWS.exe
  2⤵
  PID:9684
- C:\Windows\System\WDnwvNA.exe
  C:\Windows\System\WDnwvNA.exe
  2⤵
  PID:9700
- C:\Windows\System\hCwpeoe.exe
  C:\Windows\System\hCwpeoe.exe
  2⤵
  PID:9720
- C:\Windows\System\SsswAgo.exe
  C:\Windows\System\SsswAgo.exe
  2⤵
  PID:9748
- C:\Windows\System\fYpHpam.exe
  C:\Windows\System\fYpHpam.exe
  2⤵
  PID:9772
- C:\Windows\System\UTxDZvQ.exe
  C:\Windows\System\UTxDZvQ.exe
  2⤵
  PID:9804
- C:\Windows\System\JjSjfPU.exe
  C:\Windows\System\JjSjfPU.exe
  2⤵
  PID:9828
- C:\Windows\System\LaEmTLK.exe
  C:\Windows\System\LaEmTLK.exe
  2⤵
  PID:9848
- C:\Windows\System\CNxrAJt.exe
  C:\Windows\System\CNxrAJt.exe
  2⤵
  PID:9876
- C:\Windows\System\QXgLHAq.exe
  C:\Windows\System\QXgLHAq.exe
  2⤵
  PID:9896
- C:\Windows\System\KYrJIiF.exe
  C:\Windows\System\KYrJIiF.exe
  2⤵
  PID:9916
- C:\Windows\System\hIEpTez.exe
  C:\Windows\System\hIEpTez.exe
  2⤵
  PID:9932
- C:\Windows\System\ZYXPytN.exe
  C:\Windows\System\ZYXPytN.exe
  2⤵
  PID:9960
- C:\Windows\System\ygTRqRK.exe
  C:\Windows\System\ygTRqRK.exe
  2⤵
  PID:9980
- C:\Windows\System\oJUdAvB.exe
  C:\Windows\System\oJUdAvB.exe
  2⤵
  PID:9996
- C:\Windows\System\IPSVqSf.exe
  C:\Windows\System\IPSVqSf.exe
  2⤵
  PID:10032
- C:\Windows\System\BPwSTzm.exe
  C:\Windows\System\BPwSTzm.exe
  2⤵
  PID:10048
- C:\Windows\System\reeCxzd.exe
  C:\Windows\System\reeCxzd.exe
  2⤵
  PID:10064
- C:\Windows\System\bbUOppS.exe
  C:\Windows\System\bbUOppS.exe
  2⤵
  PID:10080
- C:\Windows\System\nFkEduz.exe
  C:\Windows\System\nFkEduz.exe
  2⤵
  PID:10096
- C:\Windows\System\FpAJIeT.exe
  C:\Windows\System\FpAJIeT.exe
  2⤵
  PID:10112
- C:\Windows\System\IKkTEXH.exe
  C:\Windows\System\IKkTEXH.exe
  2⤵
  PID:10132
- C:\Windows\System\eCPuKpk.exe
  C:\Windows\System\eCPuKpk.exe
  2⤵
  PID:10160
- C:\Windows\System\gffyCse.exe
  C:\Windows\System\gffyCse.exe
  2⤵
  PID:10208
- C:\Windows\System\KVpPhuG.exe
  C:\Windows\System\KVpPhuG.exe
  2⤵
  PID:10232
- C:\Windows\System\hZZOytZ.exe
  C:\Windows\System\hZZOytZ.exe
  2⤵
  PID:9236
- C:\Windows\System\ZqEUXiT.exe
  C:\Windows\System\ZqEUXiT.exe
  2⤵
  PID:9288
- C:\Windows\System\rpuqVHX.exe
  C:\Windows\System\rpuqVHX.exe
  2⤵
  PID:9268
- C:\Windows\System\anVaMHg.exe
  C:\Windows\System\anVaMHg.exe
  2⤵
  PID:9352
- C:\Windows\System\lWhIaAA.exe
  C:\Windows\System\lWhIaAA.exe
  2⤵
  PID:9388
- C:\Windows\System\WAERpBf.exe
  C:\Windows\System\WAERpBf.exe
  2⤵
  PID:9412
- C:\Windows\System\BgZSpNp.exe
  C:\Windows\System\BgZSpNp.exe
  2⤵
  PID:9436
- C:\Windows\System\dtyNohT.exe
  C:\Windows\System\dtyNohT.exe
  2⤵
  PID:9480
- C:\Windows\System\dkwKJJt.exe
  C:\Windows\System\dkwKJJt.exe
  2⤵
  PID:9520
- C:\Windows\System\JUWpQCA.exe
  C:\Windows\System\JUWpQCA.exe
  2⤵
  PID:9496
- C:\Windows\System\IBMkQIC.exe
  C:\Windows\System\IBMkQIC.exe
  2⤵
  PID:9536
- C:\Windows\System\WKUdDAu.exe
  C:\Windows\System\WKUdDAu.exe
  2⤵
  PID:9584
- C:\Windows\System\YQLTQgv.exe
  C:\Windows\System\YQLTQgv.exe
  2⤵
  PID:9616
- C:\Windows\System\EVgARAU.exe
  C:\Windows\System\EVgARAU.exe
  2⤵
  PID:9636
- C:\Windows\System\UDVtFOz.exe
  C:\Windows\System\UDVtFOz.exe
  2⤵
  PID:9680
- C:\Windows\System\XjHMRsj.exe
  C:\Windows\System\XjHMRsj.exe
  2⤵
  PID:9728
- C:\Windows\System\fIdXQDp.exe
  C:\Windows\System\fIdXQDp.exe
  2⤵
  PID:9744
- C:\Windows\System\hOmqngT.exe
  C:\Windows\System\hOmqngT.exe
  2⤵
  PID:9784
- C:\Windows\System\GRkSOML.exe
  C:\Windows\System\GRkSOML.exe
  2⤵
  PID:9796
- C:\Windows\System\LvExRoW.exe
  C:\Windows\System\LvExRoW.exe
  2⤵
  PID:1792
- C:\Windows\System\nGrtkmc.exe
  C:\Windows\System\nGrtkmc.exe
  2⤵
  PID:9836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ESvPTGr.exe

Filesize
6.0MB

MD5
9da7197dc84446de9b04fdad14a8e8e3

SHA1
e19ffee23f961d1fccd69dc328fa7ce990513604

SHA256
e2ebb609eb0450e1e38b3ec23a7154a1b7948a9afc6da3ab00a011a8f5155bdc

SHA512
688a3970ad67c715a0fe5920ab3bf3dc5efb4259ec74e3b6b2e2ef40da2d68eac7171364c72497155336f1f91b4b9643c8b937219573761224566db2a375c03a

Download Submit
C:\Windows\system\EuEaunU.exe

Filesize
6.0MB

MD5
e0a641ccb32109970dcfeaced1b88dd1

SHA1
1c378da7e29259bfa360aa2194f41a0a99534b1b

SHA256
e1cd780a9ec1c58738fe29dc42efc86a7f33e917e72f0153a5a627b68fe13bbc

SHA512
14acfac7d803f7064bac681fc6aa67a8cb2b0ba20e9e3376d343f24e733282e9a13758897006a0652001844df295a9ba025f45ed2a124ab77a4736f90d41e653

Download Submit
C:\Windows\system\FavpTxa.exe

Filesize
6.0MB

MD5
b19ebecae434a56a3c496817e65ae12d

SHA1
fb1b63a5cf4a0f0236b68430a0676fd360659b10

SHA256
6a9688788e6a563ac8cb3303a14f17ae36c275e9d386ac3fa153b0b0ae39b168

SHA512
8db7dccd99c2f6108f6d04d820d878431226064d95fe3a6c472ae52bbbf179db18ba7478b2cb4e5380f8b5994c9bbc9dcf7a4cec3082dd9b7f376db56ddb7eb9

Download Submit
C:\Windows\system\KaNrAqv.exe

Filesize
6.0MB

MD5
04a5cb4834ac21a4855caeb3841f8415

SHA1
b825e1f6cc85044a1a442ad1975e47d4225db4f9

SHA256
f093ae86e46e71bada87d63734920cf74f4e20a98d409b8f00d658d59b3c72e3

SHA512
eccd903cc4a6cbf28cbe002e3076859d24982b3e7caccf359249f1e7f02dc956b23fcb560f75d4fc2e4b204ee20a88e62507dd985c3f05cc0ea317abdba741bc

Download Submit
C:\Windows\system\NxSaexW.exe

Filesize
6.0MB

MD5
73f51c73c7d049ef00d393abe9658fb4

SHA1
43278506e91743db178c220c41a7570eba4c8671

SHA256
bfc0356b115ef93d457290edc451dbabb6b600c330ce0ac0939ff239c5066df7

SHA512
e4ede353f3d7ed0c8c936dc9e8c8af51877f34302d58215b756da3ab0f134477e6116e7225f7d50885674fb88d37977c969fc4e59b8c463510030a54acd81baa

Download Submit
C:\Windows\system\ONPdvFM.exe

Filesize
6.0MB

MD5
92e5acedbd3965f7e7552aac9599b3a7

SHA1
7c27b1d37c9d0e72dcb184986e8c6a6494eea853

SHA256
6186021e643156ba136fea75777ece90d97d7a3e2491a859cd6625ad369c1880

SHA512
9e83671b13e8035d350ff4e828c7f98c91917d0f9a114d93b703b1c6f3965bf8aa98df181129afccbc0218cb1e35e2a8518f4729bad03e94afe642963d4e60e1

Download Submit
C:\Windows\system\aKeHMrN.exe

Filesize
6.0MB

MD5
4201248ac4e80fcb5ace1602db314814

SHA1
2c02e9e18cebe40f314ae4d309f5fdea274ce3a2

SHA256
4b209ca107b58f043ffcc4f9f5effb41a2253fe951728516a7251d8141650a62

SHA512
66f76caa89d4ca495c0385bba08f3a7805ba13971d97e202d962515c9074d686d82f3af75bcfd0436a6c06177cbbf0777edfca1f6a8a740f96d843f0656c26a2

Download Submit
C:\Windows\system\bfdVqvR.exe

Filesize
6.0MB

MD5
9c10409a00c57c472583292987960c37

SHA1
245f31bb74134687afe140dac444c0d7f74a8bff

SHA256
0b7ec8385b0a410b2ec9a1d94743a6b932b8015ad1b77b7dfcd7c717cd154596

SHA512
aaed4cca2e6a6c7487c703ce3ebaa32b3c8b8486f4b3f9e8396c5a8e1c59be7ecee2395045af73aa46f6fcc79a5afb0009f72b2974d2ce8683c785d39cd2a16e

Download Submit
C:\Windows\system\cQfpYtp.exe

Filesize
6.0MB

MD5
ae702d250f0338458f6a01cd7a4d0003

SHA1
49d92afb507da8103210d94dd373966c2b57447d

SHA256
3b5600e696fc7d6ddb139469a9229aee6d566e75d29661a7631a239ec80ce042

SHA512
9458dd80998b9433a144436a9862ce51dc4e3ed186bbfdc2e3d1d3ead8457bf4abb1edd5721017dca871a935c215759b8f94ab034c994a0ea8cd6dd00c5290f0

Download Submit
C:\Windows\system\enqVwzW.exe

Filesize
6.0MB

MD5
8c2f957265d2c12dd31f0c44d4832176

SHA1
e5e3c2308c7de54310c0c4363af2380fbc53aac4

SHA256
a0a1c1a627b00898164cc0bfc2fff1b9da14a9c414b02aaaddb6d39d09116ab1

SHA512
557b78541a0c998f1b289641ad771217d6a0e4f5398e5c759e111147a9725773aeee7193b8b477125b3c717c798403be4492ecf57da3919538e67de1934dc9e4

Download Submit
C:\Windows\system\gSVixmK.exe

Filesize
6.0MB

MD5
6a02a5b53c716a681d626a42cee03b2e

SHA1
ae5325f60ec652f2d566dfb12164cc9ca2332319

SHA256
2b9389385868474a48798c2770042275505f92be9e74250e812eb41d13780865

SHA512
3fedf48ea02386258d5202858c4f2436116d7e4c20b8d1b8d739e4da25ff8bece34df79a162781c6524dbdf19b0d408fccf7cadc2fd11d815ad4293b883e320e

Download Submit
C:\Windows\system\gdoDRSr.exe

Filesize
6.0MB

MD5
edb4b3a1a9e4631304fd872636601e7d

SHA1
55214c2f7ad0cb6fea6658e2bd6206bbd8486ef8

SHA256
530d6166988d6d95fcd5a3a4024b73264d29c8028f3f1ff0382c59834bc937db

SHA512
3c043b2268b2111ed51771099a9248d7136ca87e38016baf3ecd6cfad3aa33dc906f54fee03e6ea1ec91f85491e72e493bbf30630d61b76a79c2c4c2411f6300

Download Submit
C:\Windows\system\ggZlooh.exe

Filesize
6.0MB

MD5
484ee35f5f3f238fa983fae6434c635f

SHA1
78279bce8b8f316f9b1d47cf66152a6bd3900dd6

SHA256
9a7ea5ccbf2e44a15d5529eefabdfeda035eb37faac1fe6c34baf4e354380a87

SHA512
24e67c266e72571a90022736f9496a39260e3cb15b9ef65436e112461bdadd72459e2e2d762c2a1aedfabc1826fae3c26fda5b75c0a102fccb200cd2e2c6b0d2

Download Submit
C:\Windows\system\havjEVa.exe

Filesize
6.0MB

MD5
f29c1ce825aafc7696cecbaa0e73a31f

SHA1
ee5d7d410f28d1047010d1fa59fab9a91574a547

SHA256
53f134f3d83e02d82306c23fbdd33c30603aa9d44143a5c358305f2b15a30bea

SHA512
ed73bd481be3f556fc6607e88fa5c639cf50e8a9648a407593317a58db44ec470dce69291dc97325d29330a3fd11fb134057990ca3d23552c67bcaea898da8ce

Download Submit
C:\Windows\system\hdFaQPv.exe

Filesize
6.0MB

MD5
dbdc4f0f419eef848c026c33dd48e980

SHA1
422f4d2b58055ab56db573bae7209599c6b95053

SHA256
06b24ff78194acecaac3319509dd796b96b92fd03b4d158d476438cabc95bcf0

SHA512
390abdc796dea26ffbca1ee14a6d6c945b6b1fa569c9696bf548c0a5103b4d2e5d51fc287756dca96dc168ed6f6889e29cf061b969a1fd3891a3783e59ee8e02

Download Submit
C:\Windows\system\hlIIDSy.exe

Filesize
6.0MB

MD5
7781bc4407a450328f61c74259247827

SHA1
40bc22acaa039b5c2151eede6eb2181cc5431520

SHA256
1e9ec7e024fe67a3ce22a15d058e7d9b5a33ab45c70af1858bb57b5d42d50124

SHA512
beb11b600bbe40c17dcde86dee2cce9de8b3e59f2f7a2d2a42fc697fa77cd1a41aae68dc6b61497b8b5fb57933cb2322783dbc152b0ab0e00729979b7fe11b34

Download Submit
C:\Windows\system\immdnLu.exe

Filesize
6.0MB

MD5
eb492115a5df3578719c69f50e2e2d6e

SHA1
c6fdb92a1f1692695471f2e940b3ed583ab9dba5

SHA256
d7e3cd23167fae7f484c37e3672c293296f6dce0fb65b29804ee1f722be58762

SHA512
1753bce0f5645ec9030ee4384d83814d8beeb2fe55a65d89dbe40d346badbeb1ac488520a76ddf9ab2418dada6d185ce38f06beeb4c352280f5f3c60505fe663

Download Submit
C:\Windows\system\ktrevqy.exe

Filesize
6.0MB

MD5
bbbb77255b4766a4eb22c2f844c16353

SHA1
fad8d97301420c452bd8db81549c6367769afe44

SHA256
1089e76c77c25dc0d590587b037204322edc6cbb520d8dc7856bea1a4cd306d8

SHA512
f9e2fc10f2d195fb15845914ff005f338bbd50a9c90b671f435675abefea102a4f0e163c64fff42863d25e637c7cfcef86cebd5215a290eec9f97b5645a583ff

Download Submit
C:\Windows\system\ohAPmHU.exe

Filesize
6.0MB

MD5
e3a7b214009408dd78f5456f2212757b

SHA1
9858be71ec262c8759f6879639d076c5a5588d79

SHA256
6a5a4ee2a04e7940fec02c51ef18afc72017115f92af54cf262bbb634c2b6fe0

SHA512
89a45430e98faf73d2b1439d8f02359fe0b9583ba869d0d95d34906d0e14d67fb723ac17b02e7b5b988c21edc9c858afccbdd621e069f4fac0eb6dfca4c8c556

Download Submit
C:\Windows\system\uDQKXGG.exe

Filesize
6.0MB

MD5
20e89be33eadea10b4103bcf13bf73f4

SHA1
88816014827658f113219dad46e56bc5dd4cb42f

SHA256
73713d7913768c5d2d7fafc1a43bb87036d4ce37c91014d3f09862accb6b5dbe

SHA512
30576e475d05a7f58352172f5a7d3b3b4963a4c51a004a92763c894fa449b5f6d1325ded6815c87ef5f056a89b02da24b3c8b1e12834c8d1ea398658c8fe8803

Download Submit
\Windows\system\FrDtWnv.exe

Filesize
6.0MB

MD5
7bbce26e63d54d2bd53986e811258526

SHA1
0801303951e46155448c68a4bbcdf11dfc383300

SHA256
e4c8213d9d82447fc10fb14ff099699a92dfdd16abf2a9e0c9512d5635816841

SHA512
b0ff5552b94b12dabf91271a3ee23329657b23e5bc866347743b18751abca79b354da85375c0556e650f05d70b7d1d79f10b18f52d2c25054344ccdc9653d764

Download Submit
\Windows\system\KAKjiqY.exe

Filesize
6.0MB

MD5
21a3b3605cb27488885aa0b8c2365fce

SHA1
a0d2607134268e8be636acd58a6341e3ce6bd04e

SHA256
fe3d68a2ebf87700fae6c87ef8daec1d58f8709bf7fa37f3a46a7253bfd6bfb0

SHA512
6afc8bf7d757588c658b6912e75541ff2be71983f53de0fb52ed5c8e0a0d11729f1dc2dc65a76a36957c0358fa8c82058b3f1046ade007dc0b00d28a2d3d7063

Download Submit
\Windows\system\MBsovbi.exe

Filesize
6.0MB

MD5
952b8c4631c054ba90d376b1902980b9

SHA1
5eda63e0444f1a66272b85385de32e2457cd5027

SHA256
3110498b5cda98d8fcec03a96339ddfa45819eaa1fa8da856f90143c9dcfb1f7

SHA512
94d523f1b897a5911b465220db1b3f444b0b77d8db7b13137ff965c66f34929d8eddaaa19a27c0ce29a403e9ee39eb62650a2a77ee044e32f3893786520c0515

Download Submit
\Windows\system\TWbHDki.exe

Filesize
6.0MB

MD5
6da5a77bb66501fe356be049da5abcb6

SHA1
a4c8e47d0da00188357a3c0629965f7ab469de44

SHA256
a5728fd68c808efa6f067f5f5267a29f8b3ae9ea3e779fccd63a539cce3d4b43

SHA512
19d4c4459cf605ec148da3155ba24c18a67dfa9917d789ef7fbcd2be4463c5ae14604fa01a40d93796e25edaef95a0fdad4f991c9694e7c8e7c7d8210e0ff0d5

Download Submit
\Windows\system\Znoggea.exe

Filesize
6.0MB

MD5
8826f0aa58245fb95871b92140ca992e

SHA1
df8e0f1c120d394f7df649f7a540c9a5cc9e4b20

SHA256
3e92978cbfc866836c90488c1de108b59c079b591f489b3a472dff064d7eefcc

SHA512
fe845032707b13ffef3728753524f9091fb632a43c7cc124b2631561d70327698223224ce0e4126edce9dacd88cf46ddcc3de7e9e0a12469c393342e8acdb942

Download Submit
\Windows\system\hUqeeYA.exe

Filesize
6.0MB

MD5
04997c64a1d2ce6af729dac6799e92d7

SHA1
50369fe75073b7f9914fb8a7e3171601d008463c

SHA256
212bc0621bd11e6fdde2e73f77335df8d31bbf80837abd14da428369000a0458

SHA512
0c8ba7d012b64ca3bad79d72b62b226d5e24d006f4164257b645217939d124ac79ebeba7fe96b108c2084156397a7bab51b299af4f487a71648d5b17e772916b

Download Submit
\Windows\system\ieTUbvu.exe

Filesize
6.0MB

MD5
77758c0e642c5174774da5ccb4169d16

SHA1
06edf4f8208c56c6c5a220159bbbf8ef09146bc9

SHA256
963d3e7d425fb6a7178a7bf4c4287a75162a4c2232a0a01aa15b71b6afdc23ee

SHA512
c943ff27e1e110ae6c5a63dda0156c42455570baf8d564d2caaf637982ac887533a5645640c39518dee3d9c526cf0e1d1159e148aca0c33e47fff679c4464dd2

Download Submit
\Windows\system\jgckggA.exe

Filesize
6.0MB

MD5
320707bc6bfe3ec37d87f309da890bab

SHA1
1623c48aa584bd80f0f5a8d948c020066465606f

SHA256
72f62a26059eddf6972ec3d9ebf3440269dd0e79543d7c2b56e8d881bbab4ffd

SHA512
2adaaab3b31c922e06051d7ad208b86cbf165063d46bae8fc6087ece3589d71ad62b9276bf95d0842779b84d48160b411d7a73539ce5ea87c9f4c58ffa443155

Download Submit
\Windows\system\nCyOUrp.exe

Filesize
6.0MB

MD5
44f5222333474bc9840482e4bcca9e4e

SHA1
8b3dcb745fa3fe2792a999a8fa628ac90d8ca150

SHA256
cbee77f31d4fa6e92269dd99613556d26ea3b2d2581124890a190bf9120bb722

SHA512
2685dc366c9e375d1817741f7999fee30390a3c9705ddb162d6f2bb0681ac6b262bf9a5710201ab6b6351dd4adb9acc5ba8815696cfd07865659de9ca414fc4a

Download Submit
\Windows\system\vYeAjiW.exe

Filesize
6.0MB

MD5
aab188c23e17f4316974b676fbafa825

SHA1
c3def07a2629b219604718364ace94e6db9d72eb

SHA256
bd1cb8c880685078e4c85de3962588bed7ebb7f13bc73771c3051fa9eb6b333d

SHA512
c2060149642d6a43b65b8949139bc38ae71816935c78ff00e09272b330b0e8802415e6a447f61f86288f96fc6d1c7520203a41307ed51084432a7e395d096f7c

Download Submit
\Windows\system\wvMYzcn.exe

Filesize
6.0MB

MD5
cae029b38b44107a81540fd2346d3d4b

SHA1
15dcb2281f8f26deb224fd12657b16f82547f8b0

SHA256
9cb00eba3707c2c47dd2b886399bc7afabd946e3d8df9766b3413ef72e6a8242

SHA512
500e12a8f2faa9eb89803fc2b6f888ad8db3083fb22b4eaabeddc2e6da1c8a0b7125aedb27ec904530b6aab8e4561ab8a81542455667f6a48ad3582b9ff0c1ce

Download Submit
\Windows\system\yNMzvdk.exe

Filesize
6.0MB

MD5
9ef57b6784b43ccf72934a4a9a67389c

SHA1
711b8b5aa3f7a5d3c214cc81a1cb09f1d3362219

SHA256
ecf1a6ca57553441a9bd99fcc5a41e0232162ac7e76baa8c4cac16a62853dae0

SHA512
52abe4bf65c718a111c179ff48cdf9b471aff46c4c0d499450fabca7041b3fb6f1ff92a1a7710ffc5195e14adeef436e4bde7b824d6368e309850be07c9c39b2

Download Submit
memory/1560-45-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1560-8-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1560-812-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1568-59-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1568-19-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-115-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-63-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1568-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/1568-6-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1568-70-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1568-14-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1568-88-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1568-90-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1568-28-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1568-92-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1568-72-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1568-50-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1568-36-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1568-38-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-41-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1568-104-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-0-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-112-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1568-84-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/1568-102-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2100-21-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-55-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-826-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-52-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2232-15-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2232-825-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1464-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-105-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-89-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2520-106-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2520-1453-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2544-66-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2544-998-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2544-91-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2576-87-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2576-994-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2576-53-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2592-992-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2592-73-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2592-93-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2632-30-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2632-828-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2676-61-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2676-949-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2772-892-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-37-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-919-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2788-49-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2860-113-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-1483-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-94-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-82-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-1459-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download