cobaltstrike | 6e29b697a5f60614a05631cdd8313ab1d3bfc9e33ace894045f1c8cc60653468

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24/09/2024, 15:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

834f35a7e2d91c6c474789e58a6275fd
SHA1

b17928caeaf21b33dab90f89a758e5f67a64a24e
SHA256

6e29b697a5f60614a05631cdd8313ab1d3bfc9e33ace894045f1c8cc60653468
SHA512

6b06afebd495d68b3b09886fbf596b10b0b872f57bbfd15f68dfb231355236ed2912f25f88ab36c2c199290addecfb633ca6c3aa091f3f135eb0b659d7189e32
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUs:T+q56utgpPF8u/7s

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000012102-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c47-7.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c53-14.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ccb-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d02-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0c-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d15-30.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d1f-31.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d4-41.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941a-53.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194bd-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019537-71.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019610-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960e-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d9-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f3-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-61.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019436-57.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019417-49.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193ec-45.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d27-37.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019614-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019616-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019612-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c38-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001997c-158.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ac-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001966c-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019618-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196e8-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962a-138.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1860-0-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/files/0x0008000000012102-3.dat	xmrig
behavioral1/files/0x0008000000016c47-7.dat	xmrig
behavioral1/files/0x0008000000016c53-14.dat	xmrig
behavioral1/files/0x0008000000016ccb-18.dat	xmrig
behavioral1/files/0x0007000000016d02-22.dat	xmrig
behavioral1/files/0x0007000000016d0c-25.dat	xmrig
behavioral1/files/0x0007000000016d15-30.dat	xmrig
behavioral1/files/0x0009000000016d1f-31.dat	xmrig
behavioral1/files/0x00050000000193d4-41.dat	xmrig
behavioral1/files/0x000500000001941a-53.dat	xmrig
behavioral1/files/0x00050000000194bd-65.dat	xmrig
behavioral1/files/0x0005000000019537-71.dat	xmrig
behavioral1/files/0x000500000001960a-81.dat	xmrig
behavioral1/files/0x000500000001960d-89.dat	xmrig
behavioral1/files/0x0005000000019610-96.dat	xmrig
behavioral1/files/0x000500000001960e-95.dat	xmrig
behavioral1/files/0x000500000001960c-86.dat	xmrig
behavioral1/files/0x00050000000195d9-77.dat	xmrig
behavioral1/files/0x00050000000194f3-69.dat	xmrig
behavioral1/files/0x0005000000019441-61.dat	xmrig
behavioral1/files/0x0005000000019436-57.dat	xmrig
behavioral1/files/0x0005000000019417-49.dat	xmrig
behavioral1/files/0x00050000000193ec-45.dat	xmrig
behavioral1/files/0x0008000000016d27-37.dat	xmrig
behavioral1/files/0x0005000000019614-129.dat	xmrig
behavioral1/files/0x0005000000019616-130.dat	xmrig
behavioral1/files/0x0005000000019612-121.dat	xmrig
behavioral1/files/0x0005000000019c38-164.dat	xmrig
behavioral1/files/0x000500000001997c-158.dat	xmrig
behavioral1/memory/1788-147-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/files/0x00050000000196ac-145.dat	xmrig
behavioral1/memory/2400-213-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2836-211-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2864-209-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/1632-207-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/1648-205-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2800-204-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2816-202-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2752-200-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2712-198-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/1948-196-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/1860-195-0x0000000002240000-0x0000000002594000-memory.dmp	xmrig
behavioral1/files/0x000500000001966c-153.dat	xmrig
behavioral1/memory/2892-194-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/1224-192-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/1344-190-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/files/0x0005000000019618-152.dat	xmrig
behavioral1/files/0x0005000000019c36-161.dat	xmrig
behavioral1/files/0x00050000000196e8-155.dat	xmrig
behavioral1/files/0x000500000001962a-138.dat	xmrig
behavioral1/memory/1860-1542-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/1224-3943-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/1632-3946-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2836-3977-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2752-3945-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/1948-3942-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/1344-3941-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/1648-3940-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2864-3939-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2816-3938-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2800-3937-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2400-3936-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2892-3935-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2400	MiwGAfL.exe
1788	xTSkbJK.exe
1344	nWrgiYC.exe
1224	DdSTPLQ.exe
2892	uEgkdGC.exe
1948	ATYzqld.exe
2712	SAWNqul.exe
2752	NMjzBmZ.exe
2816	TZwIpJh.exe
2800	onENntE.exe
1648	YADLccO.exe
1632	ZHdeRPo.exe
2864	duHAhEJ.exe
2836	PGbcfmf.exe
2868	hjgtuwB.exe
1168	SyjfrVN.exe
2616	FKChoiN.exe
2672	bKrThHq.exe
2036	XWhaWge.exe
2180	dsdVWWX.exe
2344	IZvnhMr.exe
932	Frxdggt.exe
2660	lOWjIVC.exe
2136	ZgkwLTK.exe
3056	dvyREKU.exe
2936	SpuwbNu.exe
2184	nRGeplP.exe
2152	jcXzqvT.exe
1852	XZaUoaJ.exe
2996	oTtpmwx.exe
980	qmSbvgz.exe
1672	NiCPZmp.exe
2140	xDvwaYk.exe
1040	gBlEMPA.exe
1244	KOWadFz.exe
1008	ciJQPkK.exe
2248	scJXnJM.exe
2948	pdPMXvp.exe
2992	JFIeNKL.exe
1628	YhHLxGS.exe
308	lebSPbt.exe
1368	NHDsWDf.exe
1752	EOcxJoM.exe
1776	KrzjBZt.exe
2444	NZuRFHK.exe
1064	RSoxrho.exe
1076	sQWcKtO.exe
3004	WefKPfE.exe
1620	xrNzAJT.exe
2524	tfPaOZJ.exe
2744	VgdHMCJ.exe
2704	Txgfdil.exe
2676	mXYfYEQ.exe
2552	canLyIO.exe
828	OpuvdqR.exe
2088	JENMjrd.exe
2728	RrSEqoT.exe
2784	CdoRkhT.exe
1144	eAjtJZH.exe
1444	BoQfiaR.exe
2012	MquSjtb.exe
2436	KHWenIl.exe
1560	UlPLFAa.exe
1988	JPLaVWF.exe

Loads dropped DLL 64 IoCs

pid	Process
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1860-0-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/files/0x0008000000012102-3.dat	upx
behavioral1/files/0x0008000000016c47-7.dat	upx
behavioral1/files/0x0008000000016c53-14.dat	upx
behavioral1/files/0x0008000000016ccb-18.dat	upx
behavioral1/files/0x0007000000016d02-22.dat	upx
behavioral1/files/0x0007000000016d0c-25.dat	upx
behavioral1/files/0x0007000000016d15-30.dat	upx
behavioral1/files/0x0009000000016d1f-31.dat	upx
behavioral1/files/0x00050000000193d4-41.dat	upx
behavioral1/files/0x000500000001941a-53.dat	upx
behavioral1/files/0x00050000000194bd-65.dat	upx
behavioral1/files/0x0005000000019537-71.dat	upx
behavioral1/files/0x000500000001960a-81.dat	upx
behavioral1/files/0x000500000001960d-89.dat	upx
behavioral1/files/0x0005000000019610-96.dat	upx
behavioral1/files/0x000500000001960e-95.dat	upx
behavioral1/files/0x000500000001960c-86.dat	upx
behavioral1/files/0x00050000000195d9-77.dat	upx
behavioral1/files/0x00050000000194f3-69.dat	upx
behavioral1/files/0x0005000000019441-61.dat	upx
behavioral1/files/0x0005000000019436-57.dat	upx
behavioral1/files/0x0005000000019417-49.dat	upx
behavioral1/files/0x00050000000193ec-45.dat	upx
behavioral1/files/0x0008000000016d27-37.dat	upx
behavioral1/files/0x0005000000019614-129.dat	upx
behavioral1/files/0x0005000000019616-130.dat	upx
behavioral1/files/0x0005000000019612-121.dat	upx
behavioral1/files/0x0005000000019c38-164.dat	upx
behavioral1/files/0x000500000001997c-158.dat	upx
behavioral1/memory/1788-147-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/files/0x00050000000196ac-145.dat	upx
behavioral1/memory/2400-213-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2836-211-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2864-209-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/1632-207-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/1648-205-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2800-204-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2816-202-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2752-200-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2712-198-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/1948-196-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x000500000001966c-153.dat	upx
behavioral1/memory/2892-194-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/1224-192-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/1344-190-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/files/0x0005000000019618-152.dat	upx
behavioral1/files/0x0005000000019c36-161.dat	upx
behavioral1/files/0x00050000000196e8-155.dat	upx
behavioral1/files/0x000500000001962a-138.dat	upx
behavioral1/memory/1860-1542-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/1224-3943-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/1632-3946-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2836-3977-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2752-3945-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/1948-3942-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/1344-3941-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/1648-3940-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2864-3939-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2816-3938-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2800-3937-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2400-3936-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2892-3935-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/1788-3934-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\fMKcUmQ.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\maXIqfZ.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XovDdTo.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oCNifKL.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UOiilNh.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NICXkmz.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGelheO.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AaRLHKv.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kEAlsIg.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLmXpmF.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hcosCoG.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tiKsLhY.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JmedDCl.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjSOgUt.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DJEGfoa.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BoQfiaR.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PqMfAyU.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AtzRmOA.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HAUgaMY.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\crOsGCj.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XVwOCai.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWEvPAp.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KHWenIl.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yapaXql.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CGGEkRd.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EbqKYTU.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rgmwGUB.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wfVuRNK.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rDczoav.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwHbteD.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QZgZaVE.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGtaaLj.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\insQSeE.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpyQazL.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYcrlWK.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kVomAkl.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WVAQshC.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ythhilJ.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ggDbGsG.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VLeiORE.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lWtMenT.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXmeuvs.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IKtSqfE.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\smyLZoD.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tUhpHla.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkKqifq.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YaTQAoh.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGeCkQN.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yYbDfab.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LsYXyVb.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iEKokVs.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffBKqCV.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\meGXAMY.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wPSRiFn.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xHLVoiV.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nBDCvqx.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AcnPOhn.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SraloaU.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lbXYSwD.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sjWmgsZ.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KuDtFlS.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MiwGAfL.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pDnpVmt.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XsatJwt.exe	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 2400	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1860 wrote to memory of 2400	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1860 wrote to memory of 2400	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1860 wrote to memory of 1788	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1860 wrote to memory of 1788	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1860 wrote to memory of 1788	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1860 wrote to memory of 1344	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1860 wrote to memory of 1344	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1860 wrote to memory of 1344	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1860 wrote to memory of 1224	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1860 wrote to memory of 1224	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1860 wrote to memory of 1224	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1860 wrote to memory of 2892	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1860 wrote to memory of 2892	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1860 wrote to memory of 2892	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1860 wrote to memory of 1948	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1860 wrote to memory of 1948	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1860 wrote to memory of 1948	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1860 wrote to memory of 2712	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1860 wrote to memory of 2712	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1860 wrote to memory of 2712	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1860 wrote to memory of 2752	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1860 wrote to memory of 2752	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1860 wrote to memory of 2752	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1860 wrote to memory of 2816	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1860 wrote to memory of 2816	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1860 wrote to memory of 2816	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1860 wrote to memory of 2800	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1860 wrote to memory of 2800	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1860 wrote to memory of 2800	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1860 wrote to memory of 1648	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1860 wrote to memory of 1648	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1860 wrote to memory of 1648	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1860 wrote to memory of 1632	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1860 wrote to memory of 1632	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1860 wrote to memory of 1632	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1860 wrote to memory of 2864	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1860 wrote to memory of 2864	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1860 wrote to memory of 2864	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1860 wrote to memory of 2836	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1860 wrote to memory of 2836	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1860 wrote to memory of 2836	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1860 wrote to memory of 2868	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1860 wrote to memory of 2868	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1860 wrote to memory of 2868	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1860 wrote to memory of 1168	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1860 wrote to memory of 1168	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1860 wrote to memory of 1168	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1860 wrote to memory of 2616	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1860 wrote to memory of 2616	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1860 wrote to memory of 2616	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1860 wrote to memory of 2672	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1860 wrote to memory of 2672	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1860 wrote to memory of 2672	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1860 wrote to memory of 2036	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1860 wrote to memory of 2036	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1860 wrote to memory of 2036	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1860 wrote to memory of 2180	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1860 wrote to memory of 2180	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1860 wrote to memory of 2180	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1860 wrote to memory of 2344	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1860 wrote to memory of 2344	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1860 wrote to memory of 2344	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1860 wrote to memory of 932	1860	2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-24_834f35a7e2d91c6c474789e58a6275fd_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Windows\System\MiwGAfL.exe
  C:\Windows\System\MiwGAfL.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\xTSkbJK.exe
  C:\Windows\System\xTSkbJK.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\nWrgiYC.exe
  C:\Windows\System\nWrgiYC.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\DdSTPLQ.exe
  C:\Windows\System\DdSTPLQ.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\uEgkdGC.exe
  C:\Windows\System\uEgkdGC.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\ATYzqld.exe
  C:\Windows\System\ATYzqld.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\SAWNqul.exe
  C:\Windows\System\SAWNqul.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\NMjzBmZ.exe
  C:\Windows\System\NMjzBmZ.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\TZwIpJh.exe
  C:\Windows\System\TZwIpJh.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\onENntE.exe
  C:\Windows\System\onENntE.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\YADLccO.exe
  C:\Windows\System\YADLccO.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\ZHdeRPo.exe
  C:\Windows\System\ZHdeRPo.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\duHAhEJ.exe
  C:\Windows\System\duHAhEJ.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\PGbcfmf.exe
  C:\Windows\System\PGbcfmf.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\hjgtuwB.exe
  C:\Windows\System\hjgtuwB.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\SyjfrVN.exe
  C:\Windows\System\SyjfrVN.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\FKChoiN.exe
  C:\Windows\System\FKChoiN.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\bKrThHq.exe
  C:\Windows\System\bKrThHq.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\XWhaWge.exe
  C:\Windows\System\XWhaWge.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\dsdVWWX.exe
  C:\Windows\System\dsdVWWX.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\IZvnhMr.exe
  C:\Windows\System\IZvnhMr.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\Frxdggt.exe
  C:\Windows\System\Frxdggt.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\lOWjIVC.exe
  C:\Windows\System\lOWjIVC.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\ZgkwLTK.exe
  C:\Windows\System\ZgkwLTK.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\SpuwbNu.exe
  C:\Windows\System\SpuwbNu.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\dvyREKU.exe
  C:\Windows\System\dvyREKU.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\nRGeplP.exe
  C:\Windows\System\nRGeplP.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\jcXzqvT.exe
  C:\Windows\System\jcXzqvT.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\gBlEMPA.exe
  C:\Windows\System\gBlEMPA.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\XZaUoaJ.exe
  C:\Windows\System\XZaUoaJ.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\pdPMXvp.exe
  C:\Windows\System\pdPMXvp.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\oTtpmwx.exe
  C:\Windows\System\oTtpmwx.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\JFIeNKL.exe
  C:\Windows\System\JFIeNKL.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\qmSbvgz.exe
  C:\Windows\System\qmSbvgz.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\YhHLxGS.exe
  C:\Windows\System\YhHLxGS.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\NiCPZmp.exe
  C:\Windows\System\NiCPZmp.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\lebSPbt.exe
  C:\Windows\System\lebSPbt.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\xDvwaYk.exe
  C:\Windows\System\xDvwaYk.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\NHDsWDf.exe
  C:\Windows\System\NHDsWDf.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\KOWadFz.exe
  C:\Windows\System\KOWadFz.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\EOcxJoM.exe
  C:\Windows\System\EOcxJoM.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\ciJQPkK.exe
  C:\Windows\System\ciJQPkK.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\KrzjBZt.exe
  C:\Windows\System\KrzjBZt.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\scJXnJM.exe
  C:\Windows\System\scJXnJM.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\NZuRFHK.exe
  C:\Windows\System\NZuRFHK.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\RSoxrho.exe
  C:\Windows\System\RSoxrho.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\WefKPfE.exe
  C:\Windows\System\WefKPfE.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\sQWcKtO.exe
  C:\Windows\System\sQWcKtO.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\canLyIO.exe
  C:\Windows\System\canLyIO.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\xrNzAJT.exe
  C:\Windows\System\xrNzAJT.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\OpuvdqR.exe
  C:\Windows\System\OpuvdqR.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\tfPaOZJ.exe
  C:\Windows\System\tfPaOZJ.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\JENMjrd.exe
  C:\Windows\System\JENMjrd.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\VgdHMCJ.exe
  C:\Windows\System\VgdHMCJ.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\RrSEqoT.exe
  C:\Windows\System\RrSEqoT.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\Txgfdil.exe
  C:\Windows\System\Txgfdil.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\CdoRkhT.exe
  C:\Windows\System\CdoRkhT.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\mXYfYEQ.exe
  C:\Windows\System\mXYfYEQ.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\eAjtJZH.exe
  C:\Windows\System\eAjtJZH.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\BoQfiaR.exe
  C:\Windows\System\BoQfiaR.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\MquSjtb.exe
  C:\Windows\System\MquSjtb.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\KHWenIl.exe
  C:\Windows\System\KHWenIl.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\UlPLFAa.exe
  C:\Windows\System\UlPLFAa.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\JPLaVWF.exe
  C:\Windows\System\JPLaVWF.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\ULiCgXW.exe
  C:\Windows\System\ULiCgXW.exe
  2⤵
  PID:2576
- C:\Windows\System\OerEGLL.exe
  C:\Windows\System\OerEGLL.exe
  2⤵
  PID:2408
- C:\Windows\System\creEPkr.exe
  C:\Windows\System\creEPkr.exe
  2⤵
  PID:2204
- C:\Windows\System\gixmxvV.exe
  C:\Windows\System\gixmxvV.exe
  2⤵
  PID:2968
- C:\Windows\System\VgJcanH.exe
  C:\Windows\System\VgJcanH.exe
  2⤵
  PID:2796
- C:\Windows\System\cBNMYZL.exe
  C:\Windows\System\cBNMYZL.exe
  2⤵
  PID:2748
- C:\Windows\System\pIuNXMX.exe
  C:\Windows\System\pIuNXMX.exe
  2⤵
  PID:2600
- C:\Windows\System\zwOltin.exe
  C:\Windows\System\zwOltin.exe
  2⤵
  PID:2084
- C:\Windows\System\PqMfAyU.exe
  C:\Windows\System\PqMfAyU.exe
  2⤵
  PID:1464
- C:\Windows\System\gDifzxd.exe
  C:\Windows\System\gDifzxd.exe
  2⤵
  PID:684
- C:\Windows\System\hmJsbeC.exe
  C:\Windows\System\hmJsbeC.exe
  2⤵
  PID:2640
- C:\Windows\System\THPafQT.exe
  C:\Windows\System\THPafQT.exe
  2⤵
  PID:1760
- C:\Windows\System\TWmwvNf.exe
  C:\Windows\System\TWmwvNf.exe
  2⤵
  PID:1324
- C:\Windows\System\mqYSzaA.exe
  C:\Windows\System\mqYSzaA.exe
  2⤵
  PID:1376
- C:\Windows\System\yOTtUdF.exe
  C:\Windows\System\yOTtUdF.exe
  2⤵
  PID:3052
- C:\Windows\System\elmUzdT.exe
  C:\Windows\System\elmUzdT.exe
  2⤵
  PID:3048
- C:\Windows\System\jncOIxs.exe
  C:\Windows\System\jncOIxs.exe
  2⤵
  PID:2024
- C:\Windows\System\UsFbMVj.exe
  C:\Windows\System\UsFbMVj.exe
  2⤵
  PID:1356
- C:\Windows\System\hfWDBna.exe
  C:\Windows\System\hfWDBna.exe
  2⤵
  PID:1708
- C:\Windows\System\ybGlmPq.exe
  C:\Windows\System\ybGlmPq.exe
  2⤵
  PID:1000
- C:\Windows\System\tDAxZQo.exe
  C:\Windows\System\tDAxZQo.exe
  2⤵
  PID:892
- C:\Windows\System\EZRmVXy.exe
  C:\Windows\System\EZRmVXy.exe
  2⤵
  PID:2200
- C:\Windows\System\jIfZdCV.exe
  C:\Windows\System\jIfZdCV.exe
  2⤵
  PID:2292
- C:\Windows\System\XTYUuEJ.exe
  C:\Windows\System\XTYUuEJ.exe
  2⤵
  PID:1252
- C:\Windows\System\GXfEWqD.exe
  C:\Windows\System\GXfEWqD.exe
  2⤵
  PID:2844
- C:\Windows\System\FXxbJks.exe
  C:\Windows\System\FXxbJks.exe
  2⤵
  PID:1656
- C:\Windows\System\hmdLJBN.exe
  C:\Windows\System\hmdLJBN.exe
  2⤵
  PID:1616
- C:\Windows\System\VFZIlAA.exe
  C:\Windows\System\VFZIlAA.exe
  2⤵
  PID:2876
- C:\Windows\System\drxzKRP.exe
  C:\Windows\System\drxzKRP.exe
  2⤵
  PID:2612
- C:\Windows\System\qnjrvGr.exe
  C:\Windows\System\qnjrvGr.exe
  2⤵
  PID:2548
- C:\Windows\System\YvypsOa.exe
  C:\Windows\System\YvypsOa.exe
  2⤵
  PID:2000
- C:\Windows\System\OwYfxvI.exe
  C:\Windows\System\OwYfxvI.exe
  2⤵
  PID:580
- C:\Windows\System\kVoWexp.exe
  C:\Windows\System\kVoWexp.exe
  2⤵
  PID:1744
- C:\Windows\System\sUGjAWn.exe
  C:\Windows\System\sUGjAWn.exe
  2⤵
  PID:2384
- C:\Windows\System\RSIzcyg.exe
  C:\Windows\System\RSIzcyg.exe
  2⤵
  PID:2348
- C:\Windows\System\txzEoxp.exe
  C:\Windows\System\txzEoxp.exe
  2⤵
  PID:2824
- C:\Windows\System\GjFEDWY.exe
  C:\Windows\System\GjFEDWY.exe
  2⤵
  PID:2736
- C:\Windows\System\pyOUMrY.exe
  C:\Windows\System\pyOUMrY.exe
  2⤵
  PID:2628
- C:\Windows\System\lAHFWdC.exe
  C:\Windows\System\lAHFWdC.exe
  2⤵
  PID:1120
- C:\Windows\System\dGIYyFJ.exe
  C:\Windows\System\dGIYyFJ.exe
  2⤵
  PID:2412
- C:\Windows\System\NbXsmKR.exe
  C:\Windows\System\NbXsmKR.exe
  2⤵
  PID:1820
- C:\Windows\System\LTgwLeW.exe
  C:\Windows\System\LTgwLeW.exe
  2⤵
  PID:924
- C:\Windows\System\OBFxjWX.exe
  C:\Windows\System\OBFxjWX.exe
  2⤵
  PID:1552
- C:\Windows\System\rMmbMXg.exe
  C:\Windows\System\rMmbMXg.exe
  2⤵
  PID:2368
- C:\Windows\System\nYglAIk.exe
  C:\Windows\System\nYglAIk.exe
  2⤵
  PID:1284
- C:\Windows\System\qbAQxCK.exe
  C:\Windows\System\qbAQxCK.exe
  2⤵
  PID:1384
- C:\Windows\System\CTYBdOE.exe
  C:\Windows\System\CTYBdOE.exe
  2⤵
  PID:572
- C:\Windows\System\GEraNqy.exe
  C:\Windows\System\GEraNqy.exe
  2⤵
  PID:2392
- C:\Windows\System\CJvSpdA.exe
  C:\Windows\System\CJvSpdA.exe
  2⤵
  PID:1164
- C:\Windows\System\iExigIk.exe
  C:\Windows\System\iExigIk.exe
  2⤵
  PID:2656
- C:\Windows\System\hKWTSKF.exe
  C:\Windows\System\hKWTSKF.exe
  2⤵
  PID:2972
- C:\Windows\System\uIZFuhn.exe
  C:\Windows\System\uIZFuhn.exe
  2⤵
  PID:1496
- C:\Windows\System\oHjAWmU.exe
  C:\Windows\System\oHjAWmU.exe
  2⤵
  PID:1588
- C:\Windows\System\InTDSsd.exe
  C:\Windows\System\InTDSsd.exe
  2⤵
  PID:1968
- C:\Windows\System\NlbuOyH.exe
  C:\Windows\System\NlbuOyH.exe
  2⤵
  PID:2840
- C:\Windows\System\Rvvbebs.exe
  C:\Windows\System\Rvvbebs.exe
  2⤵
  PID:2872
- C:\Windows\System\zvIllrh.exe
  C:\Windows\System\zvIllrh.exe
  2⤵
  PID:1112
- C:\Windows\System\ELlLTIa.exe
  C:\Windows\System\ELlLTIa.exe
  2⤵
  PID:2188
- C:\Windows\System\GnbfMPv.exe
  C:\Windows\System\GnbfMPv.exe
  2⤵
  PID:1600
- C:\Windows\System\MJSFyQv.exe
  C:\Windows\System\MJSFyQv.exe
  2⤵
  PID:444
- C:\Windows\System\hcosCoG.exe
  C:\Windows\System\hcosCoG.exe
  2⤵
  PID:884
- C:\Windows\System\nwHSNpk.exe
  C:\Windows\System\nwHSNpk.exe
  2⤵
  PID:2956
- C:\Windows\System\SRceBSa.exe
  C:\Windows\System\SRceBSa.exe
  2⤵
  PID:1664
- C:\Windows\System\JFDyfUe.exe
  C:\Windows\System\JFDyfUe.exe
  2⤵
  PID:2888
- C:\Windows\System\yNUsFNj.exe
  C:\Windows\System\yNUsFNj.exe
  2⤵
  PID:1584
- C:\Windows\System\ATpMopj.exe
  C:\Windows\System\ATpMopj.exe
  2⤵
  PID:3084
- C:\Windows\System\tiKsLhY.exe
  C:\Windows\System\tiKsLhY.exe
  2⤵
  PID:3104
- C:\Windows\System\ErzNMxE.exe
  C:\Windows\System\ErzNMxE.exe
  2⤵
  PID:3124
- C:\Windows\System\cCsoiAw.exe
  C:\Windows\System\cCsoiAw.exe
  2⤵
  PID:3140
- C:\Windows\System\QTemXri.exe
  C:\Windows\System\QTemXri.exe
  2⤵
  PID:3160
- C:\Windows\System\upijRnS.exe
  C:\Windows\System\upijRnS.exe
  2⤵
  PID:3176
- C:\Windows\System\OnDmTSh.exe
  C:\Windows\System\OnDmTSh.exe
  2⤵
  PID:3200
- C:\Windows\System\FbGaXlm.exe
  C:\Windows\System\FbGaXlm.exe
  2⤵
  PID:3220
- C:\Windows\System\YBGcCZj.exe
  C:\Windows\System\YBGcCZj.exe
  2⤵
  PID:3244
- C:\Windows\System\PiXwpkq.exe
  C:\Windows\System\PiXwpkq.exe
  2⤵
  PID:3264
- C:\Windows\System\YzYTKqg.exe
  C:\Windows\System\YzYTKqg.exe
  2⤵
  PID:3284
- C:\Windows\System\BUmIsbV.exe
  C:\Windows\System\BUmIsbV.exe
  2⤵
  PID:3304
- C:\Windows\System\xToZjsz.exe
  C:\Windows\System\xToZjsz.exe
  2⤵
  PID:3324
- C:\Windows\System\JRpeeIQ.exe
  C:\Windows\System\JRpeeIQ.exe
  2⤵
  PID:3344
- C:\Windows\System\GycXShC.exe
  C:\Windows\System\GycXShC.exe
  2⤵
  PID:3364
- C:\Windows\System\UsbsMdV.exe
  C:\Windows\System\UsbsMdV.exe
  2⤵
  PID:3384
- C:\Windows\System\NLcqyUk.exe
  C:\Windows\System\NLcqyUk.exe
  2⤵
  PID:3404
- C:\Windows\System\APMQvne.exe
  C:\Windows\System\APMQvne.exe
  2⤵
  PID:3420
- C:\Windows\System\GaSzqSi.exe
  C:\Windows\System\GaSzqSi.exe
  2⤵
  PID:3440
- C:\Windows\System\SPyWvFQ.exe
  C:\Windows\System\SPyWvFQ.exe
  2⤵
  PID:3464
- C:\Windows\System\OneVjka.exe
  C:\Windows\System\OneVjka.exe
  2⤵
  PID:3484
- C:\Windows\System\wiLcyNO.exe
  C:\Windows\System\wiLcyNO.exe
  2⤵
  PID:3504
- C:\Windows\System\dtpEdVT.exe
  C:\Windows\System\dtpEdVT.exe
  2⤵
  PID:3524
- C:\Windows\System\QlaNJQm.exe
  C:\Windows\System\QlaNJQm.exe
  2⤵
  PID:3540
- C:\Windows\System\NICXkmz.exe
  C:\Windows\System\NICXkmz.exe
  2⤵
  PID:3564
- C:\Windows\System\qeFXMdi.exe
  C:\Windows\System\qeFXMdi.exe
  2⤵
  PID:3588
- C:\Windows\System\qWTKMOW.exe
  C:\Windows\System\qWTKMOW.exe
  2⤵
  PID:3608
- C:\Windows\System\OYhhjAX.exe
  C:\Windows\System\OYhhjAX.exe
  2⤵
  PID:3628
- C:\Windows\System\IsULIkg.exe
  C:\Windows\System\IsULIkg.exe
  2⤵
  PID:3648
- C:\Windows\System\iCcXdMp.exe
  C:\Windows\System\iCcXdMp.exe
  2⤵
  PID:3668
- C:\Windows\System\VTUhKnW.exe
  C:\Windows\System\VTUhKnW.exe
  2⤵
  PID:3688
- C:\Windows\System\GsEmzeo.exe
  C:\Windows\System\GsEmzeo.exe
  2⤵
  PID:3708
- C:\Windows\System\rMzLXPG.exe
  C:\Windows\System\rMzLXPG.exe
  2⤵
  PID:3724
- C:\Windows\System\zMrSNvo.exe
  C:\Windows\System\zMrSNvo.exe
  2⤵
  PID:3744
- C:\Windows\System\wgvSrrC.exe
  C:\Windows\System\wgvSrrC.exe
  2⤵
  PID:3764
- C:\Windows\System\zTpVOAG.exe
  C:\Windows\System\zTpVOAG.exe
  2⤵
  PID:3788
- C:\Windows\System\UCYIAEm.exe
  C:\Windows\System\UCYIAEm.exe
  2⤵
  PID:3808
- C:\Windows\System\zRHHeiG.exe
  C:\Windows\System\zRHHeiG.exe
  2⤵
  PID:3828
- C:\Windows\System\oEQUaJP.exe
  C:\Windows\System\oEQUaJP.exe
  2⤵
  PID:3848
- C:\Windows\System\lkiVnmv.exe
  C:\Windows\System\lkiVnmv.exe
  2⤵
  PID:3868
- C:\Windows\System\JKwCQpl.exe
  C:\Windows\System\JKwCQpl.exe
  2⤵
  PID:3884
- C:\Windows\System\ZesLFOA.exe
  C:\Windows\System\ZesLFOA.exe
  2⤵
  PID:3908
- C:\Windows\System\utfddry.exe
  C:\Windows\System\utfddry.exe
  2⤵
  PID:3924
- C:\Windows\System\hBngbWu.exe
  C:\Windows\System\hBngbWu.exe
  2⤵
  PID:3948
- C:\Windows\System\KDsLoVd.exe
  C:\Windows\System\KDsLoVd.exe
  2⤵
  PID:3964
- C:\Windows\System\UswVbUl.exe
  C:\Windows\System\UswVbUl.exe
  2⤵
  PID:3980
- C:\Windows\System\pjhHHgK.exe
  C:\Windows\System\pjhHHgK.exe
  2⤵
  PID:4004
- C:\Windows\System\WNnHChj.exe
  C:\Windows\System\WNnHChj.exe
  2⤵
  PID:4028
- C:\Windows\System\QePpPzp.exe
  C:\Windows\System\QePpPzp.exe
  2⤵
  PID:4048
- C:\Windows\System\kpEjRtl.exe
  C:\Windows\System\kpEjRtl.exe
  2⤵
  PID:4068
- C:\Windows\System\CREeWDz.exe
  C:\Windows\System\CREeWDz.exe
  2⤵
  PID:4088
- C:\Windows\System\QZyfQpe.exe
  C:\Windows\System\QZyfQpe.exe
  2⤵
  PID:1952
- C:\Windows\System\dblQRPk.exe
  C:\Windows\System\dblQRPk.exe
  2⤵
  PID:2732
- C:\Windows\System\rrnSynF.exe
  C:\Windows\System\rrnSynF.exe
  2⤵
  PID:2912
- C:\Windows\System\DATfuYn.exe
  C:\Windows\System\DATfuYn.exe
  2⤵
  PID:1524
- C:\Windows\System\KBvPbyR.exe
  C:\Windows\System\KBvPbyR.exe
  2⤵
  PID:2160
- C:\Windows\System\LimFKof.exe
  C:\Windows\System\LimFKof.exe
  2⤵
  PID:2440
- C:\Windows\System\aLgxClW.exe
  C:\Windows\System\aLgxClW.exe
  2⤵
  PID:3064
- C:\Windows\System\GrkHgXe.exe
  C:\Windows\System\GrkHgXe.exe
  2⤵
  PID:3132
- C:\Windows\System\LDkukCx.exe
  C:\Windows\System\LDkukCx.exe
  2⤵
  PID:3080
- C:\Windows\System\KOYnwnx.exe
  C:\Windows\System\KOYnwnx.exe
  2⤵
  PID:3172
- C:\Windows\System\fiYbzrL.exe
  C:\Windows\System\fiYbzrL.exe
  2⤵
  PID:3212
- C:\Windows\System\aloZXhS.exe
  C:\Windows\System\aloZXhS.exe
  2⤵
  PID:3184
- C:\Windows\System\bWSfvBR.exe
  C:\Windows\System\bWSfvBR.exe
  2⤵
  PID:3236
- C:\Windows\System\LyBnpqO.exe
  C:\Windows\System\LyBnpqO.exe
  2⤵
  PID:3292
- C:\Windows\System\cgwealJ.exe
  C:\Windows\System\cgwealJ.exe
  2⤵
  PID:3340
- C:\Windows\System\GQqegqo.exe
  C:\Windows\System\GQqegqo.exe
  2⤵
  PID:3372
- C:\Windows\System\sjdnJoo.exe
  C:\Windows\System\sjdnJoo.exe
  2⤵
  PID:3360
- C:\Windows\System\SUeyzPO.exe
  C:\Windows\System\SUeyzPO.exe
  2⤵
  PID:3396
- C:\Windows\System\izZqjtX.exe
  C:\Windows\System\izZqjtX.exe
  2⤵
  PID:3452
- C:\Windows\System\aMuaYSi.exe
  C:\Windows\System\aMuaYSi.exe
  2⤵
  PID:3496
- C:\Windows\System\expXrap.exe
  C:\Windows\System\expXrap.exe
  2⤵
  PID:3512
- C:\Windows\System\OBnQzRP.exe
  C:\Windows\System\OBnQzRP.exe
  2⤵
  PID:3584
- C:\Windows\System\BoEjCbR.exe
  C:\Windows\System\BoEjCbR.exe
  2⤵
  PID:3560
- C:\Windows\System\cgYZpDC.exe
  C:\Windows\System\cgYZpDC.exe
  2⤵
  PID:3596
- C:\Windows\System\YAgWcIL.exe
  C:\Windows\System\YAgWcIL.exe
  2⤵
  PID:3664
- C:\Windows\System\ibUtYZQ.exe
  C:\Windows\System\ibUtYZQ.exe
  2⤵
  PID:3640
- C:\Windows\System\TnzRMYQ.exe
  C:\Windows\System\TnzRMYQ.exe
  2⤵
  PID:3732
- C:\Windows\System\USnWvJY.exe
  C:\Windows\System\USnWvJY.exe
  2⤵
  PID:3784
- C:\Windows\System\YekzQwn.exe
  C:\Windows\System\YekzQwn.exe
  2⤵
  PID:3752
- C:\Windows\System\TxcLGjw.exe
  C:\Windows\System\TxcLGjw.exe
  2⤵
  PID:3824
- C:\Windows\System\kFtTbyZ.exe
  C:\Windows\System\kFtTbyZ.exe
  2⤵
  PID:3864
- C:\Windows\System\hZeOvTl.exe
  C:\Windows\System\hZeOvTl.exe
  2⤵
  PID:3904
- C:\Windows\System\QFiPoKc.exe
  C:\Windows\System\QFiPoKc.exe
  2⤵
  PID:3936
- C:\Windows\System\bpyQazL.exe
  C:\Windows\System\bpyQazL.exe
  2⤵
  PID:3972
- C:\Windows\System\AIHMlHU.exe
  C:\Windows\System\AIHMlHU.exe
  2⤵
  PID:3956
- C:\Windows\System\nYcrlWK.exe
  C:\Windows\System\nYcrlWK.exe
  2⤵
  PID:3996
- C:\Windows\System\NrqTNFW.exe
  C:\Windows\System\NrqTNFW.exe
  2⤵
  PID:4040
- C:\Windows\System\DcJbSVJ.exe
  C:\Windows\System\DcJbSVJ.exe
  2⤵
  PID:2708
- C:\Windows\System\tvTiNWP.exe
  C:\Windows\System\tvTiNWP.exe
  2⤵
  PID:4080
- C:\Windows\System\JjhBHHe.exe
  C:\Windows\System\JjhBHHe.exe
  2⤵
  PID:1856
- C:\Windows\System\gGIiaXN.exe
  C:\Windows\System\gGIiaXN.exe
  2⤵
  PID:2304
- C:\Windows\System\ZWZBJYu.exe
  C:\Windows\System\ZWZBJYu.exe
  2⤵
  PID:2208
- C:\Windows\System\TBeyrDR.exe
  C:\Windows\System\TBeyrDR.exe
  2⤵
  PID:3100
- C:\Windows\System\VorhurI.exe
  C:\Windows\System\VorhurI.exe
  2⤵
  PID:3120
- C:\Windows\System\CgsYNpV.exe
  C:\Windows\System\CgsYNpV.exe
  2⤵
  PID:3196
- C:\Windows\System\iGelheO.exe
  C:\Windows\System\iGelheO.exe
  2⤵
  PID:3332
- C:\Windows\System\aBEsNYF.exe
  C:\Windows\System\aBEsNYF.exe
  2⤵
  PID:3380
- C:\Windows\System\JjnVXSt.exe
  C:\Windows\System\JjnVXSt.exe
  2⤵
  PID:3320
- C:\Windows\System\iwjFoPI.exe
  C:\Windows\System\iwjFoPI.exe
  2⤵
  PID:3412
- C:\Windows\System\NeuCMoy.exe
  C:\Windows\System\NeuCMoy.exe
  2⤵
  PID:3492
- C:\Windows\System\xSeSCZr.exe
  C:\Windows\System\xSeSCZr.exe
  2⤵
  PID:3552
- C:\Windows\System\Egpwcds.exe
  C:\Windows\System\Egpwcds.exe
  2⤵
  PID:3656
- C:\Windows\System\LtkmloP.exe
  C:\Windows\System\LtkmloP.exe
  2⤵
  PID:3700
- C:\Windows\System\RfuAJnz.exe
  C:\Windows\System\RfuAJnz.exe
  2⤵
  PID:3704
- C:\Windows\System\OeuYxad.exe
  C:\Windows\System\OeuYxad.exe
  2⤵
  PID:3736
- C:\Windows\System\LljXjdx.exe
  C:\Windows\System\LljXjdx.exe
  2⤵
  PID:3836
- C:\Windows\System\cYseITE.exe
  C:\Windows\System\cYseITE.exe
  2⤵
  PID:3876
- C:\Windows\System\QsAkUnr.exe
  C:\Windows\System\QsAkUnr.exe
  2⤵
  PID:3880
- C:\Windows\System\JccaqUY.exe
  C:\Windows\System\JccaqUY.exe
  2⤵
  PID:4016
- C:\Windows\System\VsBgjuy.exe
  C:\Windows\System\VsBgjuy.exe
  2⤵
  PID:4044
- C:\Windows\System\hcTZzGl.exe
  C:\Windows\System\hcTZzGl.exe
  2⤵
  PID:1640
- C:\Windows\System\OHDWVaJ.exe
  C:\Windows\System\OHDWVaJ.exe
  2⤵
  PID:1568
- C:\Windows\System\oGzSmZQ.exe
  C:\Windows\System\oGzSmZQ.exe
  2⤵
  PID:3092
- C:\Windows\System\YGWzHnM.exe
  C:\Windows\System\YGWzHnM.exe
  2⤵
  PID:2132
- C:\Windows\System\EkrFdAg.exe
  C:\Windows\System\EkrFdAg.exe
  2⤵
  PID:3152
- C:\Windows\System\xTvGIRL.exe
  C:\Windows\System\xTvGIRL.exe
  2⤵
  PID:3460
- C:\Windows\System\HdjmbhU.exe
  C:\Windows\System\HdjmbhU.exe
  2⤵
  PID:3276
- C:\Windows\System\CSMFgVx.exe
  C:\Windows\System\CSMFgVx.exe
  2⤵
  PID:3556
- C:\Windows\System\skKVxsu.exe
  C:\Windows\System\skKVxsu.exe
  2⤵
  PID:3620
- C:\Windows\System\TXGOXsr.exe
  C:\Windows\System\TXGOXsr.exe
  2⤵
  PID:3720
- C:\Windows\System\KeKBDIR.exe
  C:\Windows\System\KeKBDIR.exe
  2⤵
  PID:3804
- C:\Windows\System\nwNvWFK.exe
  C:\Windows\System\nwNvWFK.exe
  2⤵
  PID:3844
- C:\Windows\System\NVBiVVz.exe
  C:\Windows\System\NVBiVVz.exe
  2⤵
  PID:3932
- C:\Windows\System\EoYlwUs.exe
  C:\Windows\System\EoYlwUs.exe
  2⤵
  PID:3920
- C:\Windows\System\XDfoldG.exe
  C:\Windows\System\XDfoldG.exe
  2⤵
  PID:2632
- C:\Windows\System\kbAbSrB.exe
  C:\Windows\System\kbAbSrB.exe
  2⤵
  PID:3208
- C:\Windows\System\vEwTFjh.exe
  C:\Windows\System\vEwTFjh.exe
  2⤵
  PID:4116
- C:\Windows\System\bkrRQVR.exe
  C:\Windows\System\bkrRQVR.exe
  2⤵
  PID:4136
- C:\Windows\System\PjTEbep.exe
  C:\Windows\System\PjTEbep.exe
  2⤵
  PID:4156
- C:\Windows\System\nGMsAsh.exe
  C:\Windows\System\nGMsAsh.exe
  2⤵
  PID:4176
- C:\Windows\System\BqjQuBD.exe
  C:\Windows\System\BqjQuBD.exe
  2⤵
  PID:4196
- C:\Windows\System\yapaXql.exe
  C:\Windows\System\yapaXql.exe
  2⤵
  PID:4216
- C:\Windows\System\QQkGGBm.exe
  C:\Windows\System\QQkGGBm.exe
  2⤵
  PID:4236
- C:\Windows\System\mgKFYuT.exe
  C:\Windows\System\mgKFYuT.exe
  2⤵
  PID:4256
- C:\Windows\System\iqXhzxS.exe
  C:\Windows\System\iqXhzxS.exe
  2⤵
  PID:4276
- C:\Windows\System\vfazCOo.exe
  C:\Windows\System\vfazCOo.exe
  2⤵
  PID:4292
- C:\Windows\System\YUGCFpI.exe
  C:\Windows\System\YUGCFpI.exe
  2⤵
  PID:4308
- C:\Windows\System\OkwsVfH.exe
  C:\Windows\System\OkwsVfH.exe
  2⤵
  PID:4328
- C:\Windows\System\HCIfOiY.exe
  C:\Windows\System\HCIfOiY.exe
  2⤵
  PID:4344
- C:\Windows\System\FcvvSXu.exe
  C:\Windows\System\FcvvSXu.exe
  2⤵
  PID:4368
- C:\Windows\System\cCRtbrJ.exe
  C:\Windows\System\cCRtbrJ.exe
  2⤵
  PID:4388
- C:\Windows\System\qojsLkt.exe
  C:\Windows\System\qojsLkt.exe
  2⤵
  PID:4408
- C:\Windows\System\KMiIBRH.exe
  C:\Windows\System\KMiIBRH.exe
  2⤵
  PID:4424
- C:\Windows\System\iJesByk.exe
  C:\Windows\System\iJesByk.exe
  2⤵
  PID:4448
- C:\Windows\System\AtzRmOA.exe
  C:\Windows\System\AtzRmOA.exe
  2⤵
  PID:4472
- C:\Windows\System\eMaKUep.exe
  C:\Windows\System\eMaKUep.exe
  2⤵
  PID:4492
- C:\Windows\System\jFwGsjI.exe
  C:\Windows\System\jFwGsjI.exe
  2⤵
  PID:4516
- C:\Windows\System\CjZJmvR.exe
  C:\Windows\System\CjZJmvR.exe
  2⤵
  PID:4536
- C:\Windows\System\KXXFIGU.exe
  C:\Windows\System\KXXFIGU.exe
  2⤵
  PID:4556
- C:\Windows\System\LGIlhvr.exe
  C:\Windows\System\LGIlhvr.exe
  2⤵
  PID:4576
- C:\Windows\System\cipOmME.exe
  C:\Windows\System\cipOmME.exe
  2⤵
  PID:4596
- C:\Windows\System\IKtSqfE.exe
  C:\Windows\System\IKtSqfE.exe
  2⤵
  PID:4616
- C:\Windows\System\HzKYdHs.exe
  C:\Windows\System\HzKYdHs.exe
  2⤵
  PID:4636
- C:\Windows\System\vFKljZD.exe
  C:\Windows\System\vFKljZD.exe
  2⤵
  PID:4656
- C:\Windows\System\nncmMZv.exe
  C:\Windows\System\nncmMZv.exe
  2⤵
  PID:4676
- C:\Windows\System\MYhbHiB.exe
  C:\Windows\System\MYhbHiB.exe
  2⤵
  PID:4696
- C:\Windows\System\usXmhJT.exe
  C:\Windows\System\usXmhJT.exe
  2⤵
  PID:4716
- C:\Windows\System\dTjRpzm.exe
  C:\Windows\System\dTjRpzm.exe
  2⤵
  PID:4736
- C:\Windows\System\lIXafLA.exe
  C:\Windows\System\lIXafLA.exe
  2⤵
  PID:4756
- C:\Windows\System\qCHfxUp.exe
  C:\Windows\System\qCHfxUp.exe
  2⤵
  PID:4776
- C:\Windows\System\ZzmqkhZ.exe
  C:\Windows\System\ZzmqkhZ.exe
  2⤵
  PID:4796
- C:\Windows\System\tHXtkIN.exe
  C:\Windows\System\tHXtkIN.exe
  2⤵
  PID:4812
- C:\Windows\System\FUGkFGa.exe
  C:\Windows\System\FUGkFGa.exe
  2⤵
  PID:4836
- C:\Windows\System\JKcxtJr.exe
  C:\Windows\System\JKcxtJr.exe
  2⤵
  PID:4856
- C:\Windows\System\svsPfOT.exe
  C:\Windows\System\svsPfOT.exe
  2⤵
  PID:4876
- C:\Windows\System\EuQvBxd.exe
  C:\Windows\System\EuQvBxd.exe
  2⤵
  PID:4896
- C:\Windows\System\ITGhscZ.exe
  C:\Windows\System\ITGhscZ.exe
  2⤵
  PID:4916
- C:\Windows\System\RSmRcNp.exe
  C:\Windows\System\RSmRcNp.exe
  2⤵
  PID:4936
- C:\Windows\System\HbkEnLS.exe
  C:\Windows\System\HbkEnLS.exe
  2⤵
  PID:4956
- C:\Windows\System\btPPhpi.exe
  C:\Windows\System\btPPhpi.exe
  2⤵
  PID:4972
- C:\Windows\System\gqnfPRZ.exe
  C:\Windows\System\gqnfPRZ.exe
  2⤵
  PID:4992
- C:\Windows\System\xNXaMCe.exe
  C:\Windows\System\xNXaMCe.exe
  2⤵
  PID:5016
- C:\Windows\System\dtDVhOg.exe
  C:\Windows\System\dtDVhOg.exe
  2⤵
  PID:5032
- C:\Windows\System\ZKWjyMu.exe
  C:\Windows\System\ZKWjyMu.exe
  2⤵
  PID:5056
- C:\Windows\System\fMKcUmQ.exe
  C:\Windows\System\fMKcUmQ.exe
  2⤵
  PID:5080
- C:\Windows\System\ZKwyBZR.exe
  C:\Windows\System\ZKwyBZR.exe
  2⤵
  PID:5100
- C:\Windows\System\IdEYaxP.exe
  C:\Windows\System\IdEYaxP.exe
  2⤵
  PID:5116
- C:\Windows\System\JEsGlhv.exe
  C:\Windows\System\JEsGlhv.exe
  2⤵
  PID:3256
- C:\Windows\System\xdFKwvF.exe
  C:\Windows\System\xdFKwvF.exe
  2⤵
  PID:3312
- C:\Windows\System\jPwJcpJ.exe
  C:\Windows\System\jPwJcpJ.exe
  2⤵
  PID:3400
- C:\Windows\System\DUnIguh.exe
  C:\Windows\System\DUnIguh.exe
  2⤵
  PID:3716
- C:\Windows\System\OXEfZWi.exe
  C:\Windows\System\OXEfZWi.exe
  2⤵
  PID:3892
- C:\Windows\System\tGlhIsB.exe
  C:\Windows\System\tGlhIsB.exe
  2⤵
  PID:3896
- C:\Windows\System\jFjHbpv.exe
  C:\Windows\System\jFjHbpv.exe
  2⤵
  PID:4104
- C:\Windows\System\kPepWGc.exe
  C:\Windows\System\kPepWGc.exe
  2⤵
  PID:4152
- C:\Windows\System\CGGEkRd.exe
  C:\Windows\System\CGGEkRd.exe
  2⤵
  PID:1260
- C:\Windows\System\kVomAkl.exe
  C:\Windows\System\kVomAkl.exe
  2⤵
  PID:4228
- C:\Windows\System\VFoUATh.exe
  C:\Windows\System\VFoUATh.exe
  2⤵
  PID:4164
- C:\Windows\System\yYbDfab.exe
  C:\Windows\System\yYbDfab.exe
  2⤵
  PID:4204
- C:\Windows\System\bPYQoVN.exe
  C:\Windows\System\bPYQoVN.exe
  2⤵
  PID:4336
- C:\Windows\System\VGFxDUO.exe
  C:\Windows\System\VGFxDUO.exe
  2⤵
  PID:4376
- C:\Windows\System\TjyTqTE.exe
  C:\Windows\System\TjyTqTE.exe
  2⤵
  PID:4316
- C:\Windows\System\etZpDHN.exe
  C:\Windows\System\etZpDHN.exe
  2⤵
  PID:4420
- C:\Windows\System\GHpapFw.exe
  C:\Windows\System\GHpapFw.exe
  2⤵
  PID:4364
- C:\Windows\System\SXnlmKr.exe
  C:\Windows\System\SXnlmKr.exe
  2⤵
  PID:4396
- C:\Windows\System\NYxgYyA.exe
  C:\Windows\System\NYxgYyA.exe
  2⤵
  PID:4440
- C:\Windows\System\JpfbCTK.exe
  C:\Windows\System\JpfbCTK.exe
  2⤵
  PID:4512
- C:\Windows\System\HxfsnbE.exe
  C:\Windows\System\HxfsnbE.exe
  2⤵
  PID:4544
- C:\Windows\System\AcRgMGA.exe
  C:\Windows\System\AcRgMGA.exe
  2⤵
  PID:4532
- C:\Windows\System\uESBJSA.exe
  C:\Windows\System\uESBJSA.exe
  2⤵
  PID:1316
- C:\Windows\System\vydzTgX.exe
  C:\Windows\System\vydzTgX.exe
  2⤵
  PID:4564
- C:\Windows\System\LtsISIk.exe
  C:\Windows\System\LtsISIk.exe
  2⤵
  PID:4604
- C:\Windows\System\nvNgLYV.exe
  C:\Windows\System\nvNgLYV.exe
  2⤵
  PID:4632
- C:\Windows\System\nxWdYES.exe
  C:\Windows\System\nxWdYES.exe
  2⤵
  PID:4672
- C:\Windows\System\PeeGLoQ.exe
  C:\Windows\System\PeeGLoQ.exe
  2⤵
  PID:4704
- C:\Windows\System\wTpBRZX.exe
  C:\Windows\System\wTpBRZX.exe
  2⤵
  PID:4692
- C:\Windows\System\nOnpPrJ.exe
  C:\Windows\System\nOnpPrJ.exe
  2⤵
  PID:4744
- C:\Windows\System\ZGmQyio.exe
  C:\Windows\System\ZGmQyio.exe
  2⤵
  PID:3020
- C:\Windows\System\FYuzcqr.exe
  C:\Windows\System\FYuzcqr.exe
  2⤵
  PID:4792
- C:\Windows\System\jgCjGoL.exe
  C:\Windows\System\jgCjGoL.exe
  2⤵
  PID:4820
- C:\Windows\System\LwvtnsH.exe
  C:\Windows\System\LwvtnsH.exe
  2⤵
  PID:4772
- C:\Windows\System\cJhbyLa.exe
  C:\Windows\System\cJhbyLa.exe
  2⤵
  PID:4868
- C:\Windows\System\DxzzPEO.exe
  C:\Windows\System\DxzzPEO.exe
  2⤵
  PID:4884
- C:\Windows\System\nKOefpt.exe
  C:\Windows\System\nKOefpt.exe
  2⤵
  PID:4952
- C:\Windows\System\WEUfzVI.exe
  C:\Windows\System\WEUfzVI.exe
  2⤵
  PID:4980
- C:\Windows\System\PavURKm.exe
  C:\Windows\System\PavURKm.exe
  2⤵
  PID:2068
- C:\Windows\System\LxLlALw.exe
  C:\Windows\System\LxLlALw.exe
  2⤵
  PID:4964
- C:\Windows\System\MKaLEeW.exe
  C:\Windows\System\MKaLEeW.exe
  2⤵
  PID:5000
- C:\Windows\System\OemCZsJ.exe
  C:\Windows\System\OemCZsJ.exe
  2⤵
  PID:2364
- C:\Windows\System\yZtrWWG.exe
  C:\Windows\System\yZtrWWG.exe
  2⤵
  PID:5008
- C:\Windows\System\DDtPEYP.exe
  C:\Windows\System\DDtPEYP.exe
  2⤵
  PID:5048
- C:\Windows\System\ewAQSPH.exe
  C:\Windows\System\ewAQSPH.exe
  2⤵
  PID:3476
- C:\Windows\System\THGyWCc.exe
  C:\Windows\System\THGyWCc.exe
  2⤵
  PID:3392
- C:\Windows\System\mhFoQab.exe
  C:\Windows\System\mhFoQab.exe
  2⤵
  PID:3228
- C:\Windows\System\NQOSNWs.exe
  C:\Windows\System\NQOSNWs.exe
  2⤵
  PID:3548
- C:\Windows\System\UqifFwz.exe
  C:\Windows\System\UqifFwz.exe
  2⤵
  PID:3696
- C:\Windows\System\kCGbAKD.exe
  C:\Windows\System\kCGbAKD.exe
  2⤵
  PID:2080
- C:\Windows\System\bypxuhB.exe
  C:\Windows\System\bypxuhB.exe
  2⤵
  PID:4060
- C:\Windows\System\XlTEFpc.exe
  C:\Windows\System\XlTEFpc.exe
  2⤵
  PID:4184
- C:\Windows\System\hvcwNOB.exe
  C:\Windows\System\hvcwNOB.exe
  2⤵
  PID:2148
- C:\Windows\System\EVMojPc.exe
  C:\Windows\System\EVMojPc.exe
  2⤵
  PID:1448
- C:\Windows\System\mkvNRcP.exe
  C:\Windows\System\mkvNRcP.exe
  2⤵
  PID:4168
- C:\Windows\System\ZOpzVwu.exe
  C:\Windows\System\ZOpzVwu.exe
  2⤵
  PID:4132
- C:\Windows\System\ZiHsIvB.exe
  C:\Windows\System\ZiHsIvB.exe
  2⤵
  PID:4248
- C:\Windows\System\NtfDdnK.exe
  C:\Windows\System\NtfDdnK.exe
  2⤵
  PID:4300
- C:\Windows\System\FRulwUm.exe
  C:\Windows\System\FRulwUm.exe
  2⤵
  PID:4460
- C:\Windows\System\ojeQRGS.exe
  C:\Windows\System\ojeQRGS.exe
  2⤵
  PID:4500
- C:\Windows\System\SDRSYiJ.exe
  C:\Windows\System\SDRSYiJ.exe
  2⤵
  PID:4384
- C:\Windows\System\HAUgaMY.exe
  C:\Windows\System\HAUgaMY.exe
  2⤵
  PID:4588
- C:\Windows\System\JzaWMkh.exe
  C:\Windows\System\JzaWMkh.exe
  2⤵
  PID:4708
- C:\Windows\System\dWSadZp.exe
  C:\Windows\System\dWSadZp.exe
  2⤵
  PID:864
- C:\Windows\System\EBBVHeI.exe
  C:\Windows\System\EBBVHeI.exe
  2⤵
  PID:4404
- C:\Windows\System\PNdaeSW.exe
  C:\Windows\System\PNdaeSW.exe
  2⤵
  PID:4488
- C:\Windows\System\EbqKYTU.exe
  C:\Windows\System\EbqKYTU.exe
  2⤵
  PID:4808
- C:\Windows\System\BOGbeMH.exe
  C:\Windows\System\BOGbeMH.exe
  2⤵
  PID:4624
- C:\Windows\System\yydMszv.exe
  C:\Windows\System\yydMszv.exe
  2⤵
  PID:4684
- C:\Windows\System\gxUunGq.exe
  C:\Windows\System\gxUunGq.exe
  2⤵
  PID:4728
- C:\Windows\System\MWhvFdP.exe
  C:\Windows\System\MWhvFdP.exe
  2⤵
  PID:4892
- C:\Windows\System\WVAQshC.exe
  C:\Windows\System\WVAQshC.exe
  2⤵
  PID:4988
- C:\Windows\System\snPaEid.exe
  C:\Windows\System\snPaEid.exe
  2⤵
  PID:2228
- C:\Windows\System\gLdRKvD.exe
  C:\Windows\System\gLdRKvD.exe
  2⤵
  PID:5076
- C:\Windows\System\ETAYtZb.exe
  C:\Windows\System\ETAYtZb.exe
  2⤵
  PID:4272
- C:\Windows\System\zBdTXUW.exe
  C:\Windows\System\zBdTXUW.exe
  2⤵
  PID:4888
- C:\Windows\System\WGvcVcE.exe
  C:\Windows\System\WGvcVcE.exe
  2⤵
  PID:4872
- C:\Windows\System\aACDbmV.exe
  C:\Windows\System\aACDbmV.exe
  2⤵
  PID:4416
- C:\Windows\System\LsYXyVb.exe
  C:\Windows\System\LsYXyVb.exe
  2⤵
  PID:4528
- C:\Windows\System\KpjVCEU.exe
  C:\Windows\System\KpjVCEU.exe
  2⤵
  PID:696
- C:\Windows\System\IEqmTod.exe
  C:\Windows\System\IEqmTod.exe
  2⤵
  PID:5108
- C:\Windows\System\AmwhYwK.exe
  C:\Windows\System\AmwhYwK.exe
  2⤵
  PID:5088
- C:\Windows\System\DfUqWZy.exe
  C:\Windows\System\DfUqWZy.exe
  2⤵
  PID:3580
- C:\Windows\System\tTpFePc.exe
  C:\Windows\System\tTpFePc.exe
  2⤵
  PID:4108
- C:\Windows\System\cQvhUHM.exe
  C:\Windows\System\cQvhUHM.exe
  2⤵
  PID:4144
- C:\Windows\System\RBeZKuo.exe
  C:\Windows\System\RBeZKuo.exe
  2⤵
  PID:5012
- C:\Windows\System\pewzOrz.exe
  C:\Windows\System\pewzOrz.exe
  2⤵
  PID:1920
- C:\Windows\System\rnTEkrd.exe
  C:\Windows\System\rnTEkrd.exe
  2⤵
  PID:4356
- C:\Windows\System\jifGkXI.exe
  C:\Windows\System\jifGkXI.exe
  2⤵
  PID:4664
- C:\Windows\System\MBQreme.exe
  C:\Windows\System\MBQreme.exe
  2⤵
  PID:4732
- C:\Windows\System\kuNtbSX.exe
  C:\Windows\System\kuNtbSX.exe
  2⤵
  PID:5068
- C:\Windows\System\QdrgAMx.exe
  C:\Windows\System\QdrgAMx.exe
  2⤵
  PID:2144
- C:\Windows\System\HpBBPBA.exe
  C:\Windows\System\HpBBPBA.exe
  2⤵
  PID:2908
- C:\Windows\System\vAXESRd.exe
  C:\Windows\System\vAXESRd.exe
  2⤵
  PID:4932
- C:\Windows\System\RuAvitH.exe
  C:\Windows\System\RuAvitH.exe
  2⤵
  PID:5004
- C:\Windows\System\issQoCN.exe
  C:\Windows\System\issQoCN.exe
  2⤵
  PID:4224
- C:\Windows\System\VnpRdzW.exe
  C:\Windows\System\VnpRdzW.exe
  2⤵
  PID:3992
- C:\Windows\System\fIMjQhy.exe
  C:\Windows\System\fIMjQhy.exe
  2⤵
  PID:3272
- C:\Windows\System\YPDaDoQ.exe
  C:\Windows\System\YPDaDoQ.exe
  2⤵
  PID:2560
- C:\Windows\System\WLaTwUh.exe
  C:\Windows\System\WLaTwUh.exe
  2⤵
  PID:4788
- C:\Windows\System\HXyLgSm.exe
  C:\Windows\System\HXyLgSm.exe
  2⤵
  PID:5128
- C:\Windows\System\HHaQtUR.exe
  C:\Windows\System\HHaQtUR.exe
  2⤵
  PID:5144
- C:\Windows\System\qciCPsH.exe
  C:\Windows\System\qciCPsH.exe
  2⤵
  PID:5164
- C:\Windows\System\PZOylIx.exe
  C:\Windows\System\PZOylIx.exe
  2⤵
  PID:5184
- C:\Windows\System\rEXyilD.exe
  C:\Windows\System\rEXyilD.exe
  2⤵
  PID:5204
- C:\Windows\System\qDVEMTH.exe
  C:\Windows\System\qDVEMTH.exe
  2⤵
  PID:5224
- C:\Windows\System\GXdIJQF.exe
  C:\Windows\System\GXdIJQF.exe
  2⤵
  PID:5240
- C:\Windows\System\weJxIOA.exe
  C:\Windows\System\weJxIOA.exe
  2⤵
  PID:5256
- C:\Windows\System\LcTyxHc.exe
  C:\Windows\System\LcTyxHc.exe
  2⤵
  PID:5276
- C:\Windows\System\zLIPmoW.exe
  C:\Windows\System\zLIPmoW.exe
  2⤵
  PID:5300
- C:\Windows\System\vplkaQq.exe
  C:\Windows\System\vplkaQq.exe
  2⤵
  PID:5332
- C:\Windows\System\OvUCFfc.exe
  C:\Windows\System\OvUCFfc.exe
  2⤵
  PID:5372
- C:\Windows\System\textTGr.exe
  C:\Windows\System\textTGr.exe
  2⤵
  PID:5396
- C:\Windows\System\EetwilL.exe
  C:\Windows\System\EetwilL.exe
  2⤵
  PID:5412
- C:\Windows\System\oyJCEjW.exe
  C:\Windows\System\oyJCEjW.exe
  2⤵
  PID:5428
- C:\Windows\System\AaRLHKv.exe
  C:\Windows\System\AaRLHKv.exe
  2⤵
  PID:5448
- C:\Windows\System\PZbOfuB.exe
  C:\Windows\System\PZbOfuB.exe
  2⤵
  PID:5464
- C:\Windows\System\GyRZvgF.exe
  C:\Windows\System\GyRZvgF.exe
  2⤵
  PID:5488
- C:\Windows\System\DXiwayB.exe
  C:\Windows\System\DXiwayB.exe
  2⤵
  PID:5508
- C:\Windows\System\rITZxRy.exe
  C:\Windows\System\rITZxRy.exe
  2⤵
  PID:5528
- C:\Windows\System\mrWeMgB.exe
  C:\Windows\System\mrWeMgB.exe
  2⤵
  PID:5548
- C:\Windows\System\ujRyqZu.exe
  C:\Windows\System\ujRyqZu.exe
  2⤵
  PID:5568
- C:\Windows\System\DycdREh.exe
  C:\Windows\System\DycdREh.exe
  2⤵
  PID:5584
- C:\Windows\System\FElhytq.exe
  C:\Windows\System\FElhytq.exe
  2⤵
  PID:5604
- C:\Windows\System\smyLZoD.exe
  C:\Windows\System\smyLZoD.exe
  2⤵
  PID:5620
- C:\Windows\System\yADtlAu.exe
  C:\Windows\System\yADtlAu.exe
  2⤵
  PID:5640
- C:\Windows\System\xKLZFUU.exe
  C:\Windows\System\xKLZFUU.exe
  2⤵
  PID:5656
- C:\Windows\System\zuWyjxQ.exe
  C:\Windows\System\zuWyjxQ.exe
  2⤵
  PID:5720
- C:\Windows\System\yDKimQq.exe
  C:\Windows\System\yDKimQq.exe
  2⤵
  PID:5740
- C:\Windows\System\VazWClH.exe
  C:\Windows\System\VazWClH.exe
  2⤵
  PID:5760
- C:\Windows\System\MzSfBcN.exe
  C:\Windows\System\MzSfBcN.exe
  2⤵
  PID:5776
- C:\Windows\System\mZxTwVD.exe
  C:\Windows\System\mZxTwVD.exe
  2⤵
  PID:5792
- C:\Windows\System\vvHbudI.exe
  C:\Windows\System\vvHbudI.exe
  2⤵
  PID:5812
- C:\Windows\System\aEaEcCU.exe
  C:\Windows\System\aEaEcCU.exe
  2⤵
  PID:5828
- C:\Windows\System\BmtWOSi.exe
  C:\Windows\System\BmtWOSi.exe
  2⤵
  PID:5844
- C:\Windows\System\cSYOZIo.exe
  C:\Windows\System\cSYOZIo.exe
  2⤵
  PID:5860
- C:\Windows\System\Btztvum.exe
  C:\Windows\System\Btztvum.exe
  2⤵
  PID:5876
- C:\Windows\System\AbzHWWE.exe
  C:\Windows\System\AbzHWWE.exe
  2⤵
  PID:5892
- C:\Windows\System\qBfmyQO.exe
  C:\Windows\System\qBfmyQO.exe
  2⤵
  PID:5908
- C:\Windows\System\PHAbHVy.exe
  C:\Windows\System\PHAbHVy.exe
  2⤵
  PID:5924
- C:\Windows\System\Vmbgwiu.exe
  C:\Windows\System\Vmbgwiu.exe
  2⤵
  PID:5960
- C:\Windows\System\WaaTffa.exe
  C:\Windows\System\WaaTffa.exe
  2⤵
  PID:5976
- C:\Windows\System\VIeupAt.exe
  C:\Windows\System\VIeupAt.exe
  2⤵
  PID:5992
- C:\Windows\System\HjgALFj.exe
  C:\Windows\System\HjgALFj.exe
  2⤵
  PID:6008
- C:\Windows\System\pmfMBls.exe
  C:\Windows\System\pmfMBls.exe
  2⤵
  PID:6024
- C:\Windows\System\STsshpE.exe
  C:\Windows\System\STsshpE.exe
  2⤵
  PID:6040
- C:\Windows\System\QNiGgOt.exe
  C:\Windows\System\QNiGgOt.exe
  2⤵
  PID:6056
- C:\Windows\System\Lwykqmg.exe
  C:\Windows\System\Lwykqmg.exe
  2⤵
  PID:6072
- C:\Windows\System\magajAo.exe
  C:\Windows\System\magajAo.exe
  2⤵
  PID:6088
- C:\Windows\System\pjvywQu.exe
  C:\Windows\System\pjvywQu.exe
  2⤵
  PID:6104
- C:\Windows\System\EDwExjT.exe
  C:\Windows\System\EDwExjT.exe
  2⤵
  PID:6120
- C:\Windows\System\UFCUHGj.exe
  C:\Windows\System\UFCUHGj.exe
  2⤵
  PID:6136
- C:\Windows\System\NaOcahF.exe
  C:\Windows\System\NaOcahF.exe
  2⤵
  PID:4904
- C:\Windows\System\BaZmtQa.exe
  C:\Windows\System\BaZmtQa.exe
  2⤵
  PID:648
- C:\Windows\System\wLzdbTS.exe
  C:\Windows\System\wLzdbTS.exe
  2⤵
  PID:5160
- C:\Windows\System\NQTLRZz.exe
  C:\Windows\System\NQTLRZz.exe
  2⤵
  PID:5264
- C:\Windows\System\vBeQeNY.exe
  C:\Windows\System\vBeQeNY.exe
  2⤵
  PID:5312
- C:\Windows\System\lmvItAy.exe
  C:\Windows\System\lmvItAy.exe
  2⤵
  PID:5328
- C:\Windows\System\VZHmxFW.exe
  C:\Windows\System\VZHmxFW.exe
  2⤵
  PID:5380
- C:\Windows\System\crOsGCj.exe
  C:\Windows\System\crOsGCj.exe
  2⤵
  PID:5384
- C:\Windows\System\HTnZAVr.exe
  C:\Windows\System\HTnZAVr.exe
  2⤵
  PID:5500
- C:\Windows\System\DrHfoKM.exe
  C:\Windows\System\DrHfoKM.exe
  2⤵
  PID:5576
- C:\Windows\System\bNimQTb.exe
  C:\Windows\System\bNimQTb.exe
  2⤵
  PID:5648
- C:\Windows\System\UKMzthS.exe
  C:\Windows\System\UKMzthS.exe
  2⤵
  PID:3776
- C:\Windows\System\AswOXUf.exe
  C:\Windows\System\AswOXUf.exe
  2⤵
  PID:5136
- C:\Windows\System\SOsHTtk.exe
  C:\Windows\System\SOsHTtk.exe
  2⤵
  PID:5180
- C:\Windows\System\OgXKLTM.exe
  C:\Windows\System\OgXKLTM.exe
  2⤵
  PID:5252
- C:\Windows\System\gTSxVNI.exe
  C:\Windows\System\gTSxVNI.exe
  2⤵
  PID:5628
- C:\Windows\System\tyDdUyW.exe
  C:\Windows\System\tyDdUyW.exe
  2⤵
  PID:5340
- C:\Windows\System\CGeuSeA.exe
  C:\Windows\System\CGeuSeA.exe
  2⤵
  PID:5364
- C:\Windows\System\GKMKQcK.exe
  C:\Windows\System\GKMKQcK.exe
  2⤵
  PID:5444
- C:\Windows\System\zeSlYOf.exe
  C:\Windows\System\zeSlYOf.exe
  2⤵
  PID:5520
- C:\Windows\System\Vhovcgc.exe
  C:\Windows\System\Vhovcgc.exe
  2⤵
  PID:5592
- C:\Windows\System\moWFqHN.exe
  C:\Windows\System\moWFqHN.exe
  2⤵
  PID:5668
- C:\Windows\System\YwHDmLQ.exe
  C:\Windows\System\YwHDmLQ.exe
  2⤵
  PID:5692
- C:\Windows\System\zITYXMe.exe
  C:\Windows\System\zITYXMe.exe
  2⤵
  PID:5712
- C:\Windows\System\ZhoVhOY.exe
  C:\Windows\System\ZhoVhOY.exe
  2⤵
  PID:5856
- C:\Windows\System\NsFFWMA.exe
  C:\Windows\System\NsFFWMA.exe
  2⤵
  PID:5772
- C:\Windows\System\ITqNOuM.exe
  C:\Windows\System\ITqNOuM.exe
  2⤵
  PID:5836
- C:\Windows\System\nwiXOuz.exe
  C:\Windows\System\nwiXOuz.exe
  2⤵
  PID:5904
- C:\Windows\System\ZiGaQXR.exe
  C:\Windows\System\ZiGaQXR.exe
  2⤵
  PID:5944
- C:\Windows\System\Xsankuz.exe
  C:\Windows\System\Xsankuz.exe
  2⤵
  PID:6016
- C:\Windows\System\dJqKptG.exe
  C:\Windows\System\dJqKptG.exe
  2⤵
  PID:6080
- C:\Windows\System\ynXrnWy.exe
  C:\Windows\System\ynXrnWy.exe
  2⤵
  PID:4548
- C:\Windows\System\tUZNQyv.exe
  C:\Windows\System\tUZNQyv.exe
  2⤵
  PID:4076
- C:\Windows\System\zfswerW.exe
  C:\Windows\System\zfswerW.exe
  2⤵
  PID:5872
- C:\Windows\System\ckGCbNd.exe
  C:\Windows\System\ckGCbNd.exe
  2⤵
  PID:1844
- C:\Windows\System\IBTqjRz.exe
  C:\Windows\System\IBTqjRz.exe
  2⤵
  PID:5616
- C:\Windows\System\SbkswPO.exe
  C:\Windows\System\SbkswPO.exe
  2⤵
  PID:5516
- C:\Windows\System\bIxQBLa.exe
  C:\Windows\System\bIxQBLa.exe
  2⤵
  PID:5296
- C:\Windows\System\dTYaFDr.exe
  C:\Windows\System\dTYaFDr.exe
  2⤵
  PID:5440
- C:\Windows\System\FzAxXJx.exe
  C:\Windows\System\FzAxXJx.exe
  2⤵
  PID:6032
- C:\Windows\System\bsqAWdN.exe
  C:\Windows\System\bsqAWdN.exe
  2⤵
  PID:6100
- C:\Windows\System\IaWcNVD.exe
  C:\Windows\System\IaWcNVD.exe
  2⤵
  PID:5728
- C:\Windows\System\GceCLeX.exe
  C:\Windows\System\GceCLeX.exe
  2⤵
  PID:5688
- C:\Windows\System\hXLsAwV.exe
  C:\Windows\System\hXLsAwV.exe
  2⤵
  PID:5752
- C:\Windows\System\MGXKfvt.exe
  C:\Windows\System\MGXKfvt.exe
  2⤵
  PID:5196
- C:\Windows\System\aqwQAgo.exe
  C:\Windows\System\aqwQAgo.exe
  2⤵
  PID:5324
- C:\Windows\System\kLPcNPR.exe
  C:\Windows\System\kLPcNPR.exe
  2⤵
  PID:5536
- C:\Windows\System\DqdLsXd.exe
  C:\Windows\System\DqdLsXd.exe
  2⤵
  PID:4188
- C:\Windows\System\sjWmgsZ.exe
  C:\Windows\System\sjWmgsZ.exe
  2⤵
  PID:5352
- C:\Windows\System\FlHYJph.exe
  C:\Windows\System\FlHYJph.exe
  2⤵
  PID:5636
- C:\Windows\System\iEKokVs.exe
  C:\Windows\System\iEKokVs.exe
  2⤵
  PID:5700
- C:\Windows\System\lIuZPYz.exe
  C:\Windows\System\lIuZPYz.exe
  2⤵
  PID:5804
- C:\Windows\System\Opouhgt.exe
  C:\Windows\System\Opouhgt.exe
  2⤵
  PID:5808
- C:\Windows\System\UYGXnWI.exe
  C:\Windows\System\UYGXnWI.exe
  2⤵
  PID:4568
- C:\Windows\System\DOCpHmy.exe
  C:\Windows\System\DOCpHmy.exe
  2⤵
  PID:6112
- C:\Windows\System\lvOCDKq.exe
  C:\Windows\System\lvOCDKq.exe
  2⤵
  PID:6052
- C:\Windows\System\kYMGwsA.exe
  C:\Windows\System\kYMGwsA.exe
  2⤵
  PID:4832
- C:\Windows\System\JCwvhGG.exe
  C:\Windows\System\JCwvhGG.exe
  2⤵
  PID:5612
- C:\Windows\System\jbAjHNS.exe
  C:\Windows\System\jbAjHNS.exe
  2⤵
  PID:6132
- C:\Windows\System\ISYIgih.exe
  C:\Windows\System\ISYIgih.exe
  2⤵
  PID:5408
- C:\Windows\System\ZNWJKAD.exe
  C:\Windows\System\ZNWJKAD.exe
  2⤵
  PID:996
- C:\Windows\System\zhUBrLx.exe
  C:\Windows\System\zhUBrLx.exe
  2⤵
  PID:5392
- C:\Windows\System\xexfAoi.exe
  C:\Windows\System\xexfAoi.exe
  2⤵
  PID:5176
- C:\Windows\System\luKuFFk.exe
  C:\Windows\System\luKuFFk.exe
  2⤵
  PID:5420
- C:\Windows\System\ejlsQMr.exe
  C:\Windows\System\ejlsQMr.exe
  2⤵
  PID:6068
- C:\Windows\System\zhvkJSi.exe
  C:\Windows\System\zhvkJSi.exe
  2⤵
  PID:3000
- C:\Windows\System\aYFfjej.exe
  C:\Windows\System\aYFfjej.exe
  2⤵
  PID:5424
- C:\Windows\System\QkPDmVU.exe
  C:\Windows\System\QkPDmVU.exe
  2⤵
  PID:6156
- C:\Windows\System\cTRjhWY.exe
  C:\Windows\System\cTRjhWY.exe
  2⤵
  PID:6176
- C:\Windows\System\tITtJdk.exe
  C:\Windows\System\tITtJdk.exe
  2⤵
  PID:6192
- C:\Windows\System\utrjqwR.exe
  C:\Windows\System\utrjqwR.exe
  2⤵
  PID:6212
- C:\Windows\System\fXzTQnV.exe
  C:\Windows\System\fXzTQnV.exe
  2⤵
  PID:6228
- C:\Windows\System\WXudcMJ.exe
  C:\Windows\System\WXudcMJ.exe
  2⤵
  PID:6248
- C:\Windows\System\UMjUWAC.exe
  C:\Windows\System\UMjUWAC.exe
  2⤵
  PID:6268
- C:\Windows\System\JAEzOdQ.exe
  C:\Windows\System\JAEzOdQ.exe
  2⤵
  PID:6284
- C:\Windows\System\oJPxutd.exe
  C:\Windows\System\oJPxutd.exe
  2⤵
  PID:6300
- C:\Windows\System\uGjFBRj.exe
  C:\Windows\System\uGjFBRj.exe
  2⤵
  PID:6320
- C:\Windows\System\cBFLqYl.exe
  C:\Windows\System\cBFLqYl.exe
  2⤵
  PID:6336
- C:\Windows\System\umiKmCB.exe
  C:\Windows\System\umiKmCB.exe
  2⤵
  PID:6352
- C:\Windows\System\NjIcnez.exe
  C:\Windows\System\NjIcnez.exe
  2⤵
  PID:6368
- C:\Windows\System\poyaDRS.exe
  C:\Windows\System\poyaDRS.exe
  2⤵
  PID:6384
- C:\Windows\System\DMVaWmp.exe
  C:\Windows\System\DMVaWmp.exe
  2⤵
  PID:6400
- C:\Windows\System\nczFdXs.exe
  C:\Windows\System\nczFdXs.exe
  2⤵
  PID:6520
- C:\Windows\System\Nlehlcr.exe
  C:\Windows\System\Nlehlcr.exe
  2⤵
  PID:6536
- C:\Windows\System\btLDloc.exe
  C:\Windows\System\btLDloc.exe
  2⤵
  PID:6552
- C:\Windows\System\DEItXZC.exe
  C:\Windows\System\DEItXZC.exe
  2⤵
  PID:6572
- C:\Windows\System\fdGxRuR.exe
  C:\Windows\System\fdGxRuR.exe
  2⤵
  PID:6588
- C:\Windows\System\NYoqQVB.exe
  C:\Windows\System\NYoqQVB.exe
  2⤵
  PID:6604
- C:\Windows\System\sBGKccP.exe
  C:\Windows\System\sBGKccP.exe
  2⤵
  PID:6624
- C:\Windows\System\udmxdIk.exe
  C:\Windows\System\udmxdIk.exe
  2⤵
  PID:6640
- C:\Windows\System\rjKAGgP.exe
  C:\Windows\System\rjKAGgP.exe
  2⤵
  PID:6660
- C:\Windows\System\maXIqfZ.exe
  C:\Windows\System\maXIqfZ.exe
  2⤵
  PID:6680
- C:\Windows\System\kEAlsIg.exe
  C:\Windows\System\kEAlsIg.exe
  2⤵
  PID:6696
- C:\Windows\System\yuaOxPn.exe
  C:\Windows\System\yuaOxPn.exe
  2⤵
  PID:6748
- C:\Windows\System\XhgPaMa.exe
  C:\Windows\System\XhgPaMa.exe
  2⤵
  PID:6764
- C:\Windows\System\yBMLMzh.exe
  C:\Windows\System\yBMLMzh.exe
  2⤵
  PID:6780
- C:\Windows\System\HxXJBbe.exe
  C:\Windows\System\HxXJBbe.exe
  2⤵
  PID:6796
- C:\Windows\System\pIVGQRW.exe
  C:\Windows\System\pIVGQRW.exe
  2⤵
  PID:6812
- C:\Windows\System\rdsIeBy.exe
  C:\Windows\System\rdsIeBy.exe
  2⤵
  PID:6832
- C:\Windows\System\zztlFEe.exe
  C:\Windows\System\zztlFEe.exe
  2⤵
  PID:6852
- C:\Windows\System\ZOckdZM.exe
  C:\Windows\System\ZOckdZM.exe
  2⤵
  PID:6868
- C:\Windows\System\XovDdTo.exe
  C:\Windows\System\XovDdTo.exe
  2⤵
  PID:6884
- C:\Windows\System\bGMbQnx.exe
  C:\Windows\System\bGMbQnx.exe
  2⤵
  PID:6904
- C:\Windows\System\gbbMayT.exe
  C:\Windows\System\gbbMayT.exe
  2⤵
  PID:6924
- C:\Windows\System\GSuDefz.exe
  C:\Windows\System\GSuDefz.exe
  2⤵
  PID:6944
- C:\Windows\System\EMXyLYb.exe
  C:\Windows\System\EMXyLYb.exe
  2⤵
  PID:6964
- C:\Windows\System\bkCdpDT.exe
  C:\Windows\System\bkCdpDT.exe
  2⤵
  PID:6980
- C:\Windows\System\HayybVR.exe
  C:\Windows\System\HayybVR.exe
  2⤵
  PID:7000
- C:\Windows\System\SPVQKAF.exe
  C:\Windows\System\SPVQKAF.exe
  2⤵
  PID:7016
- C:\Windows\System\GFVQmpJ.exe
  C:\Windows\System\GFVQmpJ.exe
  2⤵
  PID:7032
- C:\Windows\System\KWfJAok.exe
  C:\Windows\System\KWfJAok.exe
  2⤵
  PID:7048
- C:\Windows\System\HnIDyWD.exe
  C:\Windows\System\HnIDyWD.exe
  2⤵
  PID:7068
- C:\Windows\System\ytSPllO.exe
  C:\Windows\System\ytSPllO.exe
  2⤵
  PID:7084
- C:\Windows\System\GikIzMe.exe
  C:\Windows\System\GikIzMe.exe
  2⤵
  PID:7100
- C:\Windows\System\tmxIbtG.exe
  C:\Windows\System\tmxIbtG.exe
  2⤵
  PID:7116
- C:\Windows\System\mGYBkpb.exe
  C:\Windows\System\mGYBkpb.exe
  2⤵
  PID:7132
- C:\Windows\System\nmAImPq.exe
  C:\Windows\System\nmAImPq.exe
  2⤵
  PID:7152
- C:\Windows\System\MitppmE.exe
  C:\Windows\System\MitppmE.exe
  2⤵
  PID:5852
- C:\Windows\System\RuQDbtQ.exe
  C:\Windows\System\RuQDbtQ.exe
  2⤵
  PID:5824
- C:\Windows\System\DBWURIw.exe
  C:\Windows\System\DBWURIw.exe
  2⤵
  PID:5308
- C:\Windows\System\mtgFztG.exe
  C:\Windows\System\mtgFztG.exe
  2⤵
  PID:6204
- C:\Windows\System\hXXMDEA.exe
  C:\Windows\System\hXXMDEA.exe
  2⤵
  PID:6312
- C:\Windows\System\geKFOys.exe
  C:\Windows\System\geKFOys.exe
  2⤵
  PID:6408
- C:\Windows\System\wAxGuhH.exe
  C:\Windows\System\wAxGuhH.exe
  2⤵
  PID:6436
- C:\Windows\System\ITbMOpa.exe
  C:\Windows\System\ITbMOpa.exe
  2⤵
  PID:6448
- C:\Windows\System\sPYcmNq.exe
  C:\Windows\System\sPYcmNq.exe
  2⤵
  PID:6464
- C:\Windows\System\ZrMeslY.exe
  C:\Windows\System\ZrMeslY.exe
  2⤵
  PID:6480
- C:\Windows\System\bNMYRMZ.exe
  C:\Windows\System\bNMYRMZ.exe
  2⤵
  PID:6036
- C:\Windows\System\KQXMzOn.exe
  C:\Windows\System\KQXMzOn.exe
  2⤵
  PID:6364
- C:\Windows\System\KuDtFlS.exe
  C:\Windows\System\KuDtFlS.exe
  2⤵
  PID:5732
- C:\Windows\System\HpXCIHV.exe
  C:\Windows\System\HpXCIHV.exe
  2⤵
  PID:5920
- C:\Windows\System\pDnpVmt.exe
  C:\Windows\System\pDnpVmt.exe
  2⤵
  PID:5940
- C:\Windows\System\xsGEWGU.exe
  C:\Windows\System\xsGEWGU.exe
  2⤵
  PID:5680
- C:\Windows\System\FmfLVYF.exe
  C:\Windows\System\FmfLVYF.exe
  2⤵
  PID:5956
- C:\Windows\System\kTCoawH.exe
  C:\Windows\System\kTCoawH.exe
  2⤵
  PID:6152
- C:\Windows\System\KqxBkza.exe
  C:\Windows\System\KqxBkza.exe
  2⤵
  PID:6292
- C:\Windows\System\NSwfdKy.exe
  C:\Windows\System\NSwfdKy.exe
  2⤵
  PID:6516
- C:\Windows\System\OiAffCE.exe
  C:\Windows\System\OiAffCE.exe
  2⤵
  PID:6584
- C:\Windows\System\hiCZNsP.exe
  C:\Windows\System\hiCZNsP.exe
  2⤵
  PID:6648
- C:\Windows\System\cAUoUQN.exe
  C:\Windows\System\cAUoUQN.exe
  2⤵
  PID:6632
- C:\Windows\System\AmbKJDv.exe
  C:\Windows\System\AmbKJDv.exe
  2⤵
  PID:6560
- C:\Windows\System\AAvEWWT.exe
  C:\Windows\System\AAvEWWT.exe
  2⤵
  PID:6600
- C:\Windows\System\fjOsLNG.exe
  C:\Windows\System\fjOsLNG.exe
  2⤵
  PID:6704
- C:\Windows\System\ARcOYTO.exe
  C:\Windows\System\ARcOYTO.exe
  2⤵
  PID:6720
- C:\Windows\System\lWtMenT.exe
  C:\Windows\System\lWtMenT.exe
  2⤵
  PID:6740
- C:\Windows\System\hzpGpBh.exe
  C:\Windows\System\hzpGpBh.exe
  2⤵
  PID:6824
- C:\Windows\System\YWRByrA.exe
  C:\Windows\System\YWRByrA.exe
  2⤵
  PID:6864
- C:\Windows\System\hFprach.exe
  C:\Windows\System\hFprach.exe
  2⤵
  PID:6936
- C:\Windows\System\rrfesNg.exe
  C:\Windows\System\rrfesNg.exe
  2⤵
  PID:7044
- C:\Windows\System\DMytcdJ.exe
  C:\Windows\System\DMytcdJ.exe
  2⤵
  PID:5900
- C:\Windows\System\GAiqDwy.exe
  C:\Windows\System\GAiqDwy.exe
  2⤵
  PID:6380
- C:\Windows\System\TpXnozf.exe
  C:\Windows\System\TpXnozf.exe
  2⤵
  PID:6476
- C:\Windows\System\JhswIIg.exe
  C:\Windows\System\JhswIIg.exe
  2⤵
  PID:6804
- C:\Windows\System\gTBYDTX.exe
  C:\Windows\System\gTBYDTX.exe
  2⤵
  PID:6168
- C:\Windows\System\rIFNpUU.exe
  C:\Windows\System\rIFNpUU.exe
  2⤵
  PID:4288
- C:\Windows\System\GQQmyrg.exe
  C:\Windows\System\GQQmyrg.exe
  2⤵
  PID:6316
- C:\Windows\System\IJbvmZf.exe
  C:\Windows\System\IJbvmZf.exe
  2⤵
  PID:6916
- C:\Windows\System\osifPCB.exe
  C:\Windows\System\osifPCB.exe
  2⤵
  PID:6996
- C:\Windows\System\zPokOrL.exe
  C:\Windows\System\zPokOrL.exe
  2⤵
  PID:7092
- C:\Windows\System\mRXzAww.exe
  C:\Windows\System\mRXzAww.exe
  2⤵
  PID:6172
- C:\Windows\System\oCNifKL.exe
  C:\Windows\System\oCNifKL.exe
  2⤵
  PID:6432
- C:\Windows\System\UEIqIAZ.exe
  C:\Windows\System\UEIqIAZ.exe
  2⤵
  PID:6456
- C:\Windows\System\JmpUVsl.exe
  C:\Windows\System\JmpUVsl.exe
  2⤵
  PID:6500
- C:\Windows\System\YxidMkO.exe
  C:\Windows\System\YxidMkO.exe
  2⤵
  PID:5232
- C:\Windows\System\MApHewF.exe
  C:\Windows\System\MApHewF.exe
  2⤵
  PID:5476
- C:\Windows\System\iZgkxRT.exe
  C:\Windows\System\iZgkxRT.exe
  2⤵
  PID:6672
- C:\Windows\System\VwpsBvb.exe
  C:\Windows\System\VwpsBvb.exe
  2⤵
  PID:6220
- C:\Windows\System\wZcaHuw.exe
  C:\Windows\System\wZcaHuw.exe
  2⤵
  PID:6736
- C:\Windows\System\MwicPAq.exe
  C:\Windows\System\MwicPAq.exe
  2⤵
  PID:6860
- C:\Windows\System\gAKivQO.exe
  C:\Windows\System\gAKivQO.exe
  2⤵
  PID:7012
- C:\Windows\System\PVGmYBF.exe
  C:\Windows\System\PVGmYBF.exe
  2⤵
  PID:5788
- C:\Windows\System\TBrissJ.exe
  C:\Windows\System\TBrissJ.exe
  2⤵
  PID:5124
- C:\Windows\System\tydmQSd.exe
  C:\Windows\System\tydmQSd.exe
  2⤵
  PID:6264
- C:\Windows\System\nhmmsLE.exe
  C:\Windows\System\nhmmsLE.exe
  2⤵
  PID:6692
- C:\Windows\System\mEEpUle.exe
  C:\Windows\System\mEEpUle.exe
  2⤵
  PID:1580
- C:\Windows\System\Xqsrupf.exe
  C:\Windows\System\Xqsrupf.exe
  2⤵
  PID:6444
- C:\Windows\System\eblyrzN.exe
  C:\Windows\System\eblyrzN.exe
  2⤵
  PID:6348
- C:\Windows\System\wUTcXAK.exe
  C:\Windows\System\wUTcXAK.exe
  2⤵
  PID:5496
- C:\Windows\System\DYrNaGX.exe
  C:\Windows\System\DYrNaGX.exe
  2⤵
  PID:6808
- C:\Windows\System\ujRZaEv.exe
  C:\Windows\System\ujRZaEv.exe
  2⤵
  PID:6880
- C:\Windows\System\cAwFdak.exe
  C:\Windows\System\cAwFdak.exe
  2⤵
  PID:6508
- C:\Windows\System\AZtUulR.exe
  C:\Windows\System\AZtUulR.exe
  2⤵
  PID:7128
- C:\Windows\System\EQgkaot.exe
  C:\Windows\System\EQgkaot.exe
  2⤵
  PID:6428
- C:\Windows\System\BSfMKle.exe
  C:\Windows\System\BSfMKle.exe
  2⤵
  PID:5460
- C:\Windows\System\CLvePNR.exe
  C:\Windows\System\CLvePNR.exe
  2⤵
  PID:6616
- C:\Windows\System\xHLVoiV.exe
  C:\Windows\System\xHLVoiV.exe
  2⤵
  PID:6656
- C:\Windows\System\sFogipU.exe
  C:\Windows\System\sFogipU.exe
  2⤵
  PID:7112
- C:\Windows\System\yqNIQeU.exe
  C:\Windows\System\yqNIQeU.exe
  2⤵
  PID:7144
- C:\Windows\System\QHIGGyV.exe
  C:\Windows\System\QHIGGyV.exe
  2⤵
  PID:5360
- C:\Windows\System\nZkBjpI.exe
  C:\Windows\System\nZkBjpI.exe
  2⤵
  PID:6528
- C:\Windows\System\vaEEAeC.exe
  C:\Windows\System\vaEEAeC.exe
  2⤵
  PID:6256
- C:\Windows\System\qpguMni.exe
  C:\Windows\System\qpguMni.exe
  2⤵
  PID:7160
- C:\Windows\System\gSlGHyh.exe
  C:\Windows\System\gSlGHyh.exe
  2⤵
  PID:6716
- C:\Windows\System\VtARDvp.exe
  C:\Windows\System\VtARDvp.exe
  2⤵
  PID:7028
- C:\Windows\System\WbYulOl.exe
  C:\Windows\System\WbYulOl.exe
  2⤵
  PID:6460
- C:\Windows\System\GfSHkOF.exe
  C:\Windows\System\GfSHkOF.exe
  2⤵
  PID:6848
- C:\Windows\System\KycJpXD.exe
  C:\Windows\System\KycJpXD.exe
  2⤵
  PID:6988
- C:\Windows\System\bteuiWa.exe
  C:\Windows\System\bteuiWa.exe
  2⤵
  PID:6580
- C:\Windows\System\ywybsQN.exe
  C:\Windows\System\ywybsQN.exe
  2⤵
  PID:5484
- C:\Windows\System\mvFabgr.exe
  C:\Windows\System\mvFabgr.exe
  2⤵
  PID:5272
- C:\Windows\System\yyluuSb.exe
  C:\Windows\System\yyluuSb.exe
  2⤵
  PID:7108
- C:\Windows\System\NrIFLXB.exe
  C:\Windows\System\NrIFLXB.exe
  2⤵
  PID:6224
- C:\Windows\System\EhDxImP.exe
  C:\Windows\System\EhDxImP.exe
  2⤵
  PID:6956
- C:\Windows\System\RfKQrsr.exe
  C:\Windows\System\RfKQrsr.exe
  2⤵
  PID:7184
- C:\Windows\System\rYFnBJH.exe
  C:\Windows\System\rYFnBJH.exe
  2⤵
  PID:7204
- C:\Windows\System\bPTWWtf.exe
  C:\Windows\System\bPTWWtf.exe
  2⤵
  PID:7228
- C:\Windows\System\hRMyHMC.exe
  C:\Windows\System\hRMyHMC.exe
  2⤵
  PID:7252
- C:\Windows\System\eClLwZF.exe
  C:\Windows\System\eClLwZF.exe
  2⤵
  PID:7268
- C:\Windows\System\acIwiKy.exe
  C:\Windows\System\acIwiKy.exe
  2⤵
  PID:7288
- C:\Windows\System\PVjJzst.exe
  C:\Windows\System\PVjJzst.exe
  2⤵
  PID:7308
- C:\Windows\System\nBDCvqx.exe
  C:\Windows\System\nBDCvqx.exe
  2⤵
  PID:7324
- C:\Windows\System\IBoqMyR.exe
  C:\Windows\System\IBoqMyR.exe
  2⤵
  PID:7340
- C:\Windows\System\DjllLxn.exe
  C:\Windows\System\DjllLxn.exe
  2⤵
  PID:7356
- C:\Windows\System\GNjObvV.exe
  C:\Windows\System\GNjObvV.exe
  2⤵
  PID:7380
- C:\Windows\System\JVdbbrL.exe
  C:\Windows\System\JVdbbrL.exe
  2⤵
  PID:7400
- C:\Windows\System\uQXvKEt.exe
  C:\Windows\System\uQXvKEt.exe
  2⤵
  PID:7416
- C:\Windows\System\tBOztze.exe
  C:\Windows\System\tBOztze.exe
  2⤵
  PID:7436
- C:\Windows\System\ncqWfzi.exe
  C:\Windows\System\ncqWfzi.exe
  2⤵
  PID:7456
- C:\Windows\System\vwZCGHD.exe
  C:\Windows\System\vwZCGHD.exe
  2⤵
  PID:7476
- C:\Windows\System\aiJJDph.exe
  C:\Windows\System\aiJJDph.exe
  2⤵
  PID:7500
- C:\Windows\System\oYbRLCd.exe
  C:\Windows\System\oYbRLCd.exe
  2⤵
  PID:7520
- C:\Windows\System\NzScNrw.exe
  C:\Windows\System\NzScNrw.exe
  2⤵
  PID:7536
- C:\Windows\System\CTBLVmH.exe
  C:\Windows\System\CTBLVmH.exe
  2⤵
  PID:7556
- C:\Windows\System\LbIhORO.exe
  C:\Windows\System\LbIhORO.exe
  2⤵
  PID:7580
- C:\Windows\System\oXjtdLC.exe
  C:\Windows\System\oXjtdLC.exe
  2⤵
  PID:7596
- C:\Windows\System\wWwukas.exe
  C:\Windows\System\wWwukas.exe
  2⤵
  PID:7660
- C:\Windows\System\mwKgxIG.exe
  C:\Windows\System\mwKgxIG.exe
  2⤵
  PID:7676
- C:\Windows\System\ryLGTTo.exe
  C:\Windows\System\ryLGTTo.exe
  2⤵
  PID:7692
- C:\Windows\System\AToKZPq.exe
  C:\Windows\System\AToKZPq.exe
  2⤵
  PID:7708
- C:\Windows\System\jFdtXCU.exe
  C:\Windows\System\jFdtXCU.exe
  2⤵
  PID:7724
- C:\Windows\System\UrwLdPd.exe
  C:\Windows\System\UrwLdPd.exe
  2⤵
  PID:7740
- C:\Windows\System\UVDzrTE.exe
  C:\Windows\System\UVDzrTE.exe
  2⤵
  PID:7760
- C:\Windows\System\IClttnO.exe
  C:\Windows\System\IClttnO.exe
  2⤵
  PID:7780
- C:\Windows\System\xSyCGkN.exe
  C:\Windows\System\xSyCGkN.exe
  2⤵
  PID:7796
- C:\Windows\System\tqZMsas.exe
  C:\Windows\System\tqZMsas.exe
  2⤵
  PID:7816
- C:\Windows\System\WgdqdiI.exe
  C:\Windows\System\WgdqdiI.exe
  2⤵
  PID:7836
- C:\Windows\System\UUmuooo.exe
  C:\Windows\System\UUmuooo.exe
  2⤵
  PID:7852
- C:\Windows\System\sYXIisR.exe
  C:\Windows\System\sYXIisR.exe
  2⤵
  PID:7868
- C:\Windows\System\GXOwcGU.exe
  C:\Windows\System\GXOwcGU.exe
  2⤵
  PID:7884
- C:\Windows\System\soSJJNs.exe
  C:\Windows\System\soSJJNs.exe
  2⤵
  PID:7904
- C:\Windows\System\xKXiVsp.exe
  C:\Windows\System\xKXiVsp.exe
  2⤵
  PID:7936
- C:\Windows\System\LRYiSPG.exe
  C:\Windows\System\LRYiSPG.exe
  2⤵
  PID:7956
- C:\Windows\System\ffBKqCV.exe
  C:\Windows\System\ffBKqCV.exe
  2⤵
  PID:7972
- C:\Windows\System\INWmYKu.exe
  C:\Windows\System\INWmYKu.exe
  2⤵
  PID:8024
- C:\Windows\System\uprtmEV.exe
  C:\Windows\System\uprtmEV.exe
  2⤵
  PID:8044
- C:\Windows\System\WjrUxXU.exe
  C:\Windows\System\WjrUxXU.exe
  2⤵
  PID:8060
- C:\Windows\System\AINcXHx.exe
  C:\Windows\System\AINcXHx.exe
  2⤵
  PID:8080
- C:\Windows\System\ZIWMpHf.exe
  C:\Windows\System\ZIWMpHf.exe
  2⤵
  PID:8104
- C:\Windows\System\NhbTMaa.exe
  C:\Windows\System\NhbTMaa.exe
  2⤵
  PID:8120
- C:\Windows\System\SZoUQza.exe
  C:\Windows\System\SZoUQza.exe
  2⤵
  PID:8136
- C:\Windows\System\TPBQHSG.exe
  C:\Windows\System\TPBQHSG.exe
  2⤵
  PID:8156
- C:\Windows\System\jgyUToe.exe
  C:\Windows\System\jgyUToe.exe
  2⤵
  PID:8172
- C:\Windows\System\MBgbcPD.exe
  C:\Windows\System\MBgbcPD.exe
  2⤵
  PID:8188
- C:\Windows\System\FQgvTXY.exe
  C:\Windows\System\FQgvTXY.exe
  2⤵
  PID:6240
- C:\Windows\System\BDmlWQk.exe
  C:\Windows\System\BDmlWQk.exe
  2⤵
  PID:6932
- C:\Windows\System\FQeuWKC.exe
  C:\Windows\System\FQeuWKC.exe
  2⤵
  PID:6776
- C:\Windows\System\AvjVEIh.exe
  C:\Windows\System\AvjVEIh.exe
  2⤵
  PID:6712
- C:\Windows\System\RezFbiD.exe
  C:\Windows\System\RezFbiD.exe
  2⤵
  PID:7240
- C:\Windows\System\MlBHLgX.exe
  C:\Windows\System\MlBHLgX.exe
  2⤵
  PID:7196
- C:\Windows\System\xfxbfkZ.exe
  C:\Windows\System\xfxbfkZ.exe
  2⤵
  PID:7320
- C:\Windows\System\BvMprsi.exe
  C:\Windows\System\BvMprsi.exe
  2⤵
  PID:7392
- C:\Windows\System\nTtOsmm.exe
  C:\Windows\System\nTtOsmm.exe
  2⤵
  PID:7464
- C:\Windows\System\JmDuGEz.exe
  C:\Windows\System\JmDuGEz.exe
  2⤵
  PID:7508
- C:\Windows\System\meGXAMY.exe
  C:\Windows\System\meGXAMY.exe
  2⤵
  PID:7548
- C:\Windows\System\OLrVcwH.exe
  C:\Windows\System\OLrVcwH.exe
  2⤵
  PID:6844
- C:\Windows\System\wfVuRNK.exe
  C:\Windows\System\wfVuRNK.exe
  2⤵
  PID:7260
- C:\Windows\System\WAMRACp.exe
  C:\Windows\System\WAMRACp.exe
  2⤵
  PID:5436
- C:\Windows\System\SWXlWaG.exe
  C:\Windows\System\SWXlWaG.exe
  2⤵
  PID:7568
- C:\Windows\System\bRZrOLK.exe
  C:\Windows\System\bRZrOLK.exe
  2⤵
  PID:7364
- C:\Windows\System\pDEhDTZ.exe
  C:\Windows\System\pDEhDTZ.exe
  2⤵
  PID:7444
- C:\Windows\System\nOjHezN.exe
  C:\Windows\System\nOjHezN.exe
  2⤵
  PID:7296
- C:\Windows\System\qEkTKmH.exe
  C:\Windows\System\qEkTKmH.exe
  2⤵
  PID:7376
- C:\Windows\System\DLWUjAP.exe
  C:\Windows\System\DLWUjAP.exe
  2⤵
  PID:7492
- C:\Windows\System\moWbDIl.exe
  C:\Windows\System\moWbDIl.exe
  2⤵
  PID:7652
- C:\Windows\System\kzVFurI.exe
  C:\Windows\System\kzVFurI.exe
  2⤵
  PID:7628
- C:\Windows\System\VZXeLDi.exe
  C:\Windows\System\VZXeLDi.exe
  2⤵
  PID:7648
- C:\Windows\System\DlEyMay.exe
  C:\Windows\System\DlEyMay.exe
  2⤵
  PID:7700
- C:\Windows\System\vBbNJXv.exe
  C:\Windows\System\vBbNJXv.exe
  2⤵
  PID:7720
- C:\Windows\System\JkJWmiH.exe
  C:\Windows\System\JkJWmiH.exe
  2⤵
  PID:7768
- C:\Windows\System\yGpmzCe.exe
  C:\Windows\System\yGpmzCe.exe
  2⤵
  PID:7812
- C:\Windows\System\fxzDBDW.exe
  C:\Windows\System\fxzDBDW.exe
  2⤵
  PID:7736
- C:\Windows\System\iWFTWDd.exe
  C:\Windows\System\iWFTWDd.exe
  2⤵
  PID:7916
- C:\Windows\System\xlMFrPE.exe
  C:\Windows\System\xlMFrPE.exe
  2⤵
  PID:7828
- C:\Windows\System\ocRyttg.exe
  C:\Windows\System\ocRyttg.exe
  2⤵
  PID:8020
- C:\Windows\System\lRuSmPH.exe
  C:\Windows\System\lRuSmPH.exe
  2⤵
  PID:7788
- C:\Windows\System\UlRSVul.exe
  C:\Windows\System\UlRSVul.exe
  2⤵
  PID:7896
- C:\Windows\System\XVwOCai.exe
  C:\Windows\System\XVwOCai.exe
  2⤵
  PID:7980
- C:\Windows\System\kfePrvg.exe
  C:\Windows\System\kfePrvg.exe
  2⤵
  PID:8000
- C:\Windows\System\OFkooCO.exe
  C:\Windows\System\OFkooCO.exe
  2⤵
  PID:8088
- C:\Windows\System\wPSRiFn.exe
  C:\Windows\System\wPSRiFn.exe
  2⤵
  PID:8144
- C:\Windows\System\dJjGhuA.exe
  C:\Windows\System\dJjGhuA.exe
  2⤵
  PID:6332
- C:\Windows\System\msUFTgY.exe
  C:\Windows\System\msUFTgY.exe
  2⤵
  PID:5404
- C:\Windows\System\lVlDmWn.exe
  C:\Windows\System\lVlDmWn.exe
  2⤵
  PID:7472
- C:\Windows\System\TOBQNZe.exe
  C:\Windows\System\TOBQNZe.exe
  2⤵
  PID:6512
- C:\Windows\System\vNYVbra.exe
  C:\Windows\System\vNYVbra.exe
  2⤵
  PID:6328
- C:\Windows\System\VnXPVgF.exe
  C:\Windows\System\VnXPVgF.exe
  2⤵
  PID:7452
- C:\Windows\System\zEMnXMt.exe
  C:\Windows\System\zEMnXMt.exe
  2⤵
  PID:7668
- C:\Windows\System\OOUZPcs.exe
  C:\Windows\System\OOUZPcs.exe
  2⤵
  PID:7880
- C:\Windows\System\yPETQRd.exe
  C:\Windows\System\yPETQRd.exe
  2⤵
  PID:7968
- C:\Windows\System\IfasbtY.exe
  C:\Windows\System\IfasbtY.exe
  2⤵
  PID:8036
- C:\Windows\System\AwohPPv.exe
  C:\Windows\System\AwohPPv.exe
  2⤵
  PID:8052
- C:\Windows\System\nrDoGKP.exe
  C:\Windows\System\nrDoGKP.exe
  2⤵
  PID:8152
- C:\Windows\System\Stjrejp.exe
  C:\Windows\System\Stjrejp.exe
  2⤵
  PID:7532
- C:\Windows\System\ujivLEA.exe
  C:\Windows\System\ujivLEA.exe
  2⤵
  PID:8128
- C:\Windows\System\DQdmUSa.exe
  C:\Windows\System\DQdmUSa.exe
  2⤵
  PID:7644
- C:\Windows\System\CbekwDl.exe
  C:\Windows\System\CbekwDl.exe
  2⤵
  PID:7952
- C:\Windows\System\aKTJKAR.exe
  C:\Windows\System\aKTJKAR.exe
  2⤵
  PID:7772
- C:\Windows\System\FrThPlq.exe
  C:\Windows\System\FrThPlq.exe
  2⤵
  PID:7276
- C:\Windows\System\dMTAmfK.exe
  C:\Windows\System\dMTAmfK.exe
  2⤵
  PID:7860
- C:\Windows\System\OSiFgSF.exe
  C:\Windows\System\OSiFgSF.exe
  2⤵
  PID:7848
- C:\Windows\System\oasTnWp.exe
  C:\Windows\System\oasTnWp.exe
  2⤵
  PID:7684
- C:\Windows\System\NlzLYNF.exe
  C:\Windows\System\NlzLYNF.exe
  2⤵
  PID:7544
- C:\Windows\System\PMSmFyd.exe
  C:\Windows\System\PMSmFyd.exe
  2⤵
  PID:6732
- C:\Windows\System\AcnPOhn.exe
  C:\Windows\System\AcnPOhn.exe
  2⤵
  PID:6900
- C:\Windows\System\VSJSZqB.exe
  C:\Windows\System\VSJSZqB.exe
  2⤵
  PID:7396
- C:\Windows\System\KGdZnxp.exe
  C:\Windows\System\KGdZnxp.exe
  2⤵
  PID:7588
- C:\Windows\System\xRpQxwF.exe
  C:\Windows\System\xRpQxwF.exe
  2⤵
  PID:7408
- C:\Windows\System\SebiZYK.exe
  C:\Windows\System\SebiZYK.exe
  2⤵
  PID:7804
- C:\Windows\System\kGKaXlh.exe
  C:\Windows\System\kGKaXlh.exe
  2⤵
  PID:8008
- C:\Windows\System\NSFliOG.exe
  C:\Windows\System\NSFliOG.exe
  2⤵
  PID:8112
- C:\Windows\System\cgsRJoO.exe
  C:\Windows\System\cgsRJoO.exe
  2⤵
  PID:8100
- C:\Windows\System\RBsDvIC.exe
  C:\Windows\System\RBsDvIC.exe
  2⤵
  PID:8032
- C:\Windows\System\lOFNOPW.exe
  C:\Windows\System\lOFNOPW.exe
  2⤵
  PID:7484
- C:\Windows\System\azAoDUU.exe
  C:\Windows\System\azAoDUU.exe
  2⤵
  PID:7624
- C:\Windows\System\MBWMQpR.exe
  C:\Windows\System\MBWMQpR.exe
  2⤵
  PID:7572
- C:\Windows\System\DiTMqfv.exe
  C:\Windows\System\DiTMqfv.exe
  2⤵
  PID:7900
- C:\Windows\System\JbeIZcU.exe
  C:\Windows\System\JbeIZcU.exe
  2⤵
  PID:5820
- C:\Windows\System\HXZWUhw.exe
  C:\Windows\System\HXZWUhw.exe
  2⤵
  PID:7948
- C:\Windows\System\Ivrmysw.exe
  C:\Windows\System\Ivrmysw.exe
  2⤵
  PID:8180
- C:\Windows\System\YoAjqHL.exe
  C:\Windows\System\YoAjqHL.exe
  2⤵
  PID:7864
- C:\Windows\System\qnxztQR.exe
  C:\Windows\System\qnxztQR.exe
  2⤵
  PID:6496
- C:\Windows\System\NZYfirb.exe
  C:\Windows\System\NZYfirb.exe
  2⤵
  PID:8212
- C:\Windows\System\rgneHaV.exe
  C:\Windows\System\rgneHaV.exe
  2⤵
  PID:8228
- C:\Windows\System\BaoxpXc.exe
  C:\Windows\System\BaoxpXc.exe
  2⤵
  PID:8248
- C:\Windows\System\mBxLzrJ.exe
  C:\Windows\System\mBxLzrJ.exe
  2⤵
  PID:8272
- C:\Windows\System\FhEWrgZ.exe
  C:\Windows\System\FhEWrgZ.exe
  2⤵
  PID:8312
- C:\Windows\System\aFkxEre.exe
  C:\Windows\System\aFkxEre.exe
  2⤵
  PID:8348
- C:\Windows\System\OWvoSsM.exe
  C:\Windows\System\OWvoSsM.exe
  2⤵
  PID:8364
- C:\Windows\System\teqsUCE.exe
  C:\Windows\System\teqsUCE.exe
  2⤵
  PID:8380
- C:\Windows\System\GNyPSNp.exe
  C:\Windows\System\GNyPSNp.exe
  2⤵
  PID:8396
- C:\Windows\System\EFVHnTs.exe
  C:\Windows\System\EFVHnTs.exe
  2⤵
  PID:8412
- C:\Windows\System\PWPplWT.exe
  C:\Windows\System\PWPplWT.exe
  2⤵
  PID:8428
- C:\Windows\System\yFOBzqX.exe
  C:\Windows\System\yFOBzqX.exe
  2⤵
  PID:8444
- C:\Windows\System\GqUxvwH.exe
  C:\Windows\System\GqUxvwH.exe
  2⤵
  PID:8484
- C:\Windows\System\lpTMHyD.exe
  C:\Windows\System\lpTMHyD.exe
  2⤵
  PID:8504
- C:\Windows\System\eHhErDk.exe
  C:\Windows\System\eHhErDk.exe
  2⤵
  PID:8520
- C:\Windows\System\SmyNUea.exe
  C:\Windows\System\SmyNUea.exe
  2⤵
  PID:8544
- C:\Windows\System\hCUbbLZ.exe
  C:\Windows\System\hCUbbLZ.exe
  2⤵
  PID:8560
- C:\Windows\System\qsCCQsV.exe
  C:\Windows\System\qsCCQsV.exe
  2⤵
  PID:8592
- C:\Windows\System\aXwOAgP.exe
  C:\Windows\System\aXwOAgP.exe
  2⤵
  PID:8608
- C:\Windows\System\wxpYLpd.exe
  C:\Windows\System\wxpYLpd.exe
  2⤵
  PID:8624
- C:\Windows\System\yBicPgq.exe
  C:\Windows\System\yBicPgq.exe
  2⤵
  PID:8640
- C:\Windows\System\uWddTvE.exe
  C:\Windows\System\uWddTvE.exe
  2⤵
  PID:8660
- C:\Windows\System\QlZjKIZ.exe
  C:\Windows\System\QlZjKIZ.exe
  2⤵
  PID:8688
- C:\Windows\System\LzPlezw.exe
  C:\Windows\System\LzPlezw.exe
  2⤵
  PID:8712
- C:\Windows\System\aWYQUTd.exe
  C:\Windows\System\aWYQUTd.exe
  2⤵
  PID:8728
- C:\Windows\System\SQrfqlg.exe
  C:\Windows\System\SQrfqlg.exe
  2⤵
  PID:8744
- C:\Windows\System\mTmMDOa.exe
  C:\Windows\System\mTmMDOa.exe
  2⤵
  PID:8772
- C:\Windows\System\rBKPoLD.exe
  C:\Windows\System\rBKPoLD.exe
  2⤵
  PID:8792
- C:\Windows\System\mHVevwV.exe
  C:\Windows\System\mHVevwV.exe
  2⤵
  PID:8808
- C:\Windows\System\pSXvqPk.exe
  C:\Windows\System\pSXvqPk.exe
  2⤵
  PID:8824
- C:\Windows\System\kQbLHYK.exe
  C:\Windows\System\kQbLHYK.exe
  2⤵
  PID:8840
- C:\Windows\System\eEOXJeP.exe
  C:\Windows\System\eEOXJeP.exe
  2⤵
  PID:8856
- C:\Windows\System\RTSfRTi.exe
  C:\Windows\System\RTSfRTi.exe
  2⤵
  PID:8872
- C:\Windows\System\FxZIJtu.exe
  C:\Windows\System\FxZIJtu.exe
  2⤵
  PID:8888
- C:\Windows\System\QbntNff.exe
  C:\Windows\System\QbntNff.exe
  2⤵
  PID:8904
- C:\Windows\System\zdJwXBX.exe
  C:\Windows\System\zdJwXBX.exe
  2⤵
  PID:8920
- C:\Windows\System\wNPQvEv.exe
  C:\Windows\System\wNPQvEv.exe
  2⤵
  PID:8936
- C:\Windows\System\vfLsIbW.exe
  C:\Windows\System\vfLsIbW.exe
  2⤵
  PID:8952
- C:\Windows\System\eEqdcDV.exe
  C:\Windows\System\eEqdcDV.exe
  2⤵
  PID:8968
- C:\Windows\System\IAcycYa.exe
  C:\Windows\System\IAcycYa.exe
  2⤵
  PID:8984
- C:\Windows\System\clfwfzE.exe
  C:\Windows\System\clfwfzE.exe
  2⤵
  PID:9000
- C:\Windows\System\UiNaxGm.exe
  C:\Windows\System\UiNaxGm.exe
  2⤵
  PID:9016
- C:\Windows\System\ipkDUvj.exe
  C:\Windows\System\ipkDUvj.exe
  2⤵
  PID:9032
- C:\Windows\System\FWkZSFB.exe
  C:\Windows\System\FWkZSFB.exe
  2⤵
  PID:9056
- C:\Windows\System\lwddJDB.exe
  C:\Windows\System\lwddJDB.exe
  2⤵
  PID:9100
- C:\Windows\System\kqkmnsx.exe
  C:\Windows\System\kqkmnsx.exe
  2⤵
  PID:9116
- C:\Windows\System\WWoNrYD.exe
  C:\Windows\System\WWoNrYD.exe
  2⤵
  PID:9132
- C:\Windows\System\NFekLLq.exe
  C:\Windows\System\NFekLLq.exe
  2⤵
  PID:9196
- C:\Windows\System\gERPgAq.exe
  C:\Windows\System\gERPgAq.exe
  2⤵
  PID:9212
- C:\Windows\System\rDczoav.exe
  C:\Windows\System\rDczoav.exe
  2⤵
  PID:8224
- C:\Windows\System\hxWWTqd.exe
  C:\Windows\System\hxWWTqd.exe
  2⤵
  PID:8268
- C:\Windows\System\XnLpCqe.exe
  C:\Windows\System\XnLpCqe.exe
  2⤵
  PID:7716
- C:\Windows\System\ZNFEdGx.exe
  C:\Windows\System\ZNFEdGx.exe
  2⤵
  PID:8196
- C:\Windows\System\OCYbjSo.exe
  C:\Windows\System\OCYbjSo.exe
  2⤵
  PID:8240
- C:\Windows\System\Kamhxzk.exe
  C:\Windows\System\Kamhxzk.exe
  2⤵
  PID:7236
- C:\Windows\System\MUFtNlb.exe
  C:\Windows\System\MUFtNlb.exe
  2⤵
  PID:7640
- C:\Windows\System\SraloaU.exe
  C:\Windows\System\SraloaU.exe
  2⤵
  PID:6688
- C:\Windows\System\Xuhuouz.exe
  C:\Windows\System\Xuhuouz.exe
  2⤵
  PID:7732
- C:\Windows\System\ZdFqVTe.exe
  C:\Windows\System\ZdFqVTe.exe
  2⤵
  PID:8280
- C:\Windows\System\NybtEYY.exe
  C:\Windows\System\NybtEYY.exe
  2⤵
  PID:8304
- C:\Windows\System\JXmBeer.exe
  C:\Windows\System\JXmBeer.exe
  2⤵
  PID:8324
- C:\Windows\System\FbwBFau.exe
  C:\Windows\System\FbwBFau.exe
  2⤵
  PID:8340
- C:\Windows\System\UvsPBhz.exe
  C:\Windows\System\UvsPBhz.exe
  2⤵
  PID:8376
- C:\Windows\System\tmFiWQu.exe
  C:\Windows\System\tmFiWQu.exe
  2⤵
  PID:7336
- C:\Windows\System\DAkCPle.exe
  C:\Windows\System\DAkCPle.exe
  2⤵
  PID:8420
- C:\Windows\System\sgugyUr.exe
  C:\Windows\System\sgugyUr.exe
  2⤵
  PID:8480
- C:\Windows\System\cawnfJQ.exe
  C:\Windows\System\cawnfJQ.exe
  2⤵
  PID:8464
- C:\Windows\System\ClzGjKw.exe
  C:\Windows\System\ClzGjKw.exe
  2⤵
  PID:8528
- C:\Windows\System\GYeYnBS.exe
  C:\Windows\System\GYeYnBS.exe
  2⤵
  PID:8456
- C:\Windows\System\rYaISJu.exe
  C:\Windows\System\rYaISJu.exe
  2⤵
  PID:8516
- C:\Windows\System\CuWJbkH.exe
  C:\Windows\System\CuWJbkH.exe
  2⤵
  PID:8580
- C:\Windows\System\cFTRgTn.exe
  C:\Windows\System\cFTRgTn.exe
  2⤵
  PID:8616
- C:\Windows\System\sFMdymC.exe
  C:\Windows\System\sFMdymC.exe
  2⤵
  PID:8656
- C:\Windows\System\ubrvBAb.exe
  C:\Windows\System\ubrvBAb.exe
  2⤵
  PID:8632
- C:\Windows\System\CDHdlWU.exe
  C:\Windows\System\CDHdlWU.exe
  2⤵
  PID:8492
- C:\Windows\System\vBqHXxv.exe
  C:\Windows\System\vBqHXxv.exe
  2⤵
  PID:8724
- C:\Windows\System\fLheByA.exe
  C:\Windows\System\fLheByA.exe
  2⤵
  PID:8740
- C:\Windows\System\YCMnRXS.exe
  C:\Windows\System\YCMnRXS.exe
  2⤵
  PID:8764
- C:\Windows\System\buCnbvS.exe
  C:\Windows\System\buCnbvS.exe
  2⤵
  PID:8784
- C:\Windows\System\CXQGfmF.exe
  C:\Windows\System\CXQGfmF.exe
  2⤵
  PID:8836
- C:\Windows\System\UwkOaTz.exe
  C:\Windows\System\UwkOaTz.exe
  2⤵
  PID:8820
- C:\Windows\System\kGvwJdW.exe
  C:\Windows\System\kGvwJdW.exe
  2⤵
  PID:8912
- C:\Windows\System\vKjjdnz.exe
  C:\Windows\System\vKjjdnz.exe
  2⤵
  PID:8980
- C:\Windows\System\GgHhBxM.exe
  C:\Windows\System\GgHhBxM.exe
  2⤵
  PID:8948
- C:\Windows\System\JtXExGo.exe
  C:\Windows\System\JtXExGo.exe
  2⤵
  PID:8928
- C:\Windows\System\mUKnzyz.exe
  C:\Windows\System\mUKnzyz.exe
  2⤵
  PID:8996
- C:\Windows\System\mpWEBLv.exe
  C:\Windows\System\mpWEBLv.exe
  2⤵
  PID:9064
- C:\Windows\System\ntbFode.exe
  C:\Windows\System\ntbFode.exe
  2⤵
  PID:9072
- C:\Windows\System\KERwpoY.exe
  C:\Windows\System\KERwpoY.exe
  2⤵
  PID:9084
- C:\Windows\System\YirnNUM.exe
  C:\Windows\System\YirnNUM.exe
  2⤵
  PID:9140
- C:\Windows\System\bsNBKwb.exe
  C:\Windows\System\bsNBKwb.exe
  2⤵
  PID:9164
- C:\Windows\System\HHiTgPc.exe
  C:\Windows\System\HHiTgPc.exe
  2⤵
  PID:9172
- C:\Windows\System\oiIEeRg.exe
  C:\Windows\System\oiIEeRg.exe
  2⤵
  PID:9188
- C:\Windows\System\VhVIllK.exe
  C:\Windows\System\VhVIllK.exe
  2⤵
  PID:8220
- C:\Windows\System\DBxZuUA.exe
  C:\Windows\System\DBxZuUA.exe
  2⤵
  PID:7224
- C:\Windows\System\MRIlqdT.exe
  C:\Windows\System\MRIlqdT.exe
  2⤵
  PID:7372
- C:\Windows\System\wyKSUyF.exe
  C:\Windows\System\wyKSUyF.exe
  2⤵
  PID:8072
- C:\Windows\System\qFnylvI.exe
  C:\Windows\System\qFnylvI.exe
  2⤵
  PID:7792
- C:\Windows\System\lfqvqWU.exe
  C:\Windows\System\lfqvqWU.exe
  2⤵
  PID:8472
- C:\Windows\System\dnwFWvP.exe
  C:\Windows\System\dnwFWvP.exe
  2⤵
  PID:8572
- C:\Windows\System\TZGDaAy.exe
  C:\Windows\System\TZGDaAy.exe
  2⤵
  PID:8388
- C:\Windows\System\GBBnUGT.exe
  C:\Windows\System\GBBnUGT.exe
  2⤵
  PID:8600
- C:\Windows\System\incNbDr.exe
  C:\Windows\System\incNbDr.exe
  2⤵
  PID:9012
- C:\Windows\System\MTFnlOx.exe
  C:\Windows\System\MTFnlOx.exe
  2⤵
  PID:8964
- C:\Windows\System\erfNvaf.exe
  C:\Windows\System\erfNvaf.exe
  2⤵
  PID:7944
- C:\Windows\System\odEYHRS.exe
  C:\Windows\System\odEYHRS.exe
  2⤵
  PID:9184
- C:\Windows\System\bEuPAPf.exe
  C:\Windows\System\bEuPAPf.exe
  2⤵
  PID:8236
- C:\Windows\System\TFWWYEV.exe
  C:\Windows\System\TFWWYEV.exe
  2⤵
  PID:8332
- C:\Windows\System\fhNCgtC.exe
  C:\Windows\System\fhNCgtC.exe
  2⤵
  PID:7412
- C:\Windows\System\zIGnyIb.exe
  C:\Windows\System\zIGnyIb.exe
  2⤵
  PID:8392
- C:\Windows\System\lSnuSGr.exe
  C:\Windows\System\lSnuSGr.exe
  2⤵
  PID:8588
- C:\Windows\System\kxishjQ.exe
  C:\Windows\System\kxishjQ.exe
  2⤵
  PID:8620
- C:\Windows\System\proyBWV.exe
  C:\Windows\System\proyBWV.exe
  2⤵
  PID:8852
- C:\Windows\System\RUkWCrs.exe
  C:\Windows\System\RUkWCrs.exe
  2⤵
  PID:8756
- C:\Windows\System\vDccuni.exe
  C:\Windows\System\vDccuni.exe
  2⤵
  PID:8816
- C:\Windows\System\rLiLEof.exe
  C:\Windows\System\rLiLEof.exe
  2⤵
  PID:8788
- C:\Windows\System\CSYxfZJ.exe
  C:\Windows\System\CSYxfZJ.exe
  2⤵
  PID:8992
- C:\Windows\System\OwtldTJ.exe
  C:\Windows\System\OwtldTJ.exe
  2⤵
  PID:9052
- C:\Windows\System\oeylxKZ.exe
  C:\Windows\System\oeylxKZ.exe
  2⤵
  PID:9124
- C:\Windows\System\yOtZpgF.exe
  C:\Windows\System\yOtZpgF.exe
  2⤵
  PID:8264
- C:\Windows\System\FrABZaK.exe
  C:\Windows\System\FrABZaK.exe
  2⤵
  PID:9088
- C:\Windows\System\ztuDeHt.exe
  C:\Windows\System\ztuDeHt.exe
  2⤵
  PID:8292
- C:\Windows\System\BknOwxq.exe
  C:\Windows\System\BknOwxq.exe
  2⤵
  PID:8636
- C:\Windows\System\GbGFpxt.exe
  C:\Windows\System\GbGFpxt.exe
  2⤵
  PID:8648
- C:\Windows\System\fgAPLvf.exe
  C:\Windows\System\fgAPLvf.exe
  2⤵
  PID:8680
- C:\Windows\System\BoYQJvz.exe
  C:\Windows\System\BoYQJvz.exe
  2⤵
  PID:9180
- C:\Windows\System\ZNyFDfv.exe
  C:\Windows\System\ZNyFDfv.exe
  2⤵
  PID:9208
- C:\Windows\System\OtxdPCB.exe
  C:\Windows\System\OtxdPCB.exe
  2⤵
  PID:9220
- C:\Windows\System\HYIXIaa.exe
  C:\Windows\System\HYIXIaa.exe
  2⤵
  PID:9236
- C:\Windows\System\WDnpTmN.exe
  C:\Windows\System\WDnpTmN.exe
  2⤵
  PID:9256
- C:\Windows\System\ihDFeVf.exe
  C:\Windows\System\ihDFeVf.exe
  2⤵
  PID:9272
- C:\Windows\System\WAApGKe.exe
  C:\Windows\System\WAApGKe.exe
  2⤵
  PID:9288
- C:\Windows\System\jxyitLL.exe
  C:\Windows\System\jxyitLL.exe
  2⤵
  PID:9308
- C:\Windows\System\ArXjVNM.exe
  C:\Windows\System\ArXjVNM.exe
  2⤵
  PID:9332
- C:\Windows\System\XIeAAIV.exe
  C:\Windows\System\XIeAAIV.exe
  2⤵
  PID:9348
- C:\Windows\System\VUUbguO.exe
  C:\Windows\System\VUUbguO.exe
  2⤵
  PID:9364
- C:\Windows\System\utOgrdc.exe
  C:\Windows\System\utOgrdc.exe
  2⤵
  PID:9380
- C:\Windows\System\YAsmaOA.exe
  C:\Windows\System\YAsmaOA.exe
  2⤵
  PID:9400
- C:\Windows\System\fQXPxdX.exe
  C:\Windows\System\fQXPxdX.exe
  2⤵
  PID:9416
- C:\Windows\System\dWSYyMC.exe
  C:\Windows\System\dWSYyMC.exe
  2⤵
  PID:9432
- C:\Windows\System\MDIrycw.exe
  C:\Windows\System\MDIrycw.exe
  2⤵
  PID:9448
- C:\Windows\System\HmIicCz.exe
  C:\Windows\System\HmIicCz.exe
  2⤵
  PID:9464
- C:\Windows\System\YXmeuvs.exe
  C:\Windows\System\YXmeuvs.exe
  2⤵
  PID:9480
- C:\Windows\System\wdmAOlT.exe
  C:\Windows\System\wdmAOlT.exe
  2⤵
  PID:9500
- C:\Windows\System\OnLVhlC.exe
  C:\Windows\System\OnLVhlC.exe
  2⤵
  PID:9516
- C:\Windows\System\zJeTonv.exe
  C:\Windows\System\zJeTonv.exe
  2⤵
  PID:9532
- C:\Windows\System\ythhilJ.exe
  C:\Windows\System\ythhilJ.exe
  2⤵
  PID:9548
- C:\Windows\System\YkHZuUr.exe
  C:\Windows\System\YkHZuUr.exe
  2⤵
  PID:9564
- C:\Windows\System\oEOPesI.exe
  C:\Windows\System\oEOPesI.exe
  2⤵
  PID:9584
- C:\Windows\System\AGeCkQN.exe
  C:\Windows\System\AGeCkQN.exe
  2⤵
  PID:9600
- C:\Windows\System\kAtQDKw.exe
  C:\Windows\System\kAtQDKw.exe
  2⤵
  PID:9616
- C:\Windows\System\nDyuqKh.exe
  C:\Windows\System\nDyuqKh.exe
  2⤵
  PID:9632
- C:\Windows\System\IfomWjF.exe
  C:\Windows\System\IfomWjF.exe
  2⤵
  PID:9648
- C:\Windows\System\yqBCqbL.exe
  C:\Windows\System\yqBCqbL.exe
  2⤵
  PID:9664
- C:\Windows\System\TxFoGGP.exe
  C:\Windows\System\TxFoGGP.exe
  2⤵
  PID:9680
- C:\Windows\System\kLHHmMI.exe
  C:\Windows\System\kLHHmMI.exe
  2⤵
  PID:9696
- C:\Windows\System\HqNdtnv.exe
  C:\Windows\System\HqNdtnv.exe
  2⤵
  PID:9712
- C:\Windows\System\kDztBQN.exe
  C:\Windows\System\kDztBQN.exe
  2⤵
  PID:9728
- C:\Windows\System\KnXBsYK.exe
  C:\Windows\System\KnXBsYK.exe
  2⤵
  PID:9744
- C:\Windows\System\omSTFGt.exe
  C:\Windows\System\omSTFGt.exe
  2⤵
  PID:9760
- C:\Windows\System\VeOfHYv.exe
  C:\Windows\System\VeOfHYv.exe
  2⤵
  PID:9776
- C:\Windows\System\kfiDYGW.exe
  C:\Windows\System\kfiDYGW.exe
  2⤵
  PID:9792
- C:\Windows\System\UaZefzE.exe
  C:\Windows\System\UaZefzE.exe
  2⤵
  PID:9808
- C:\Windows\System\YHulscc.exe
  C:\Windows\System\YHulscc.exe
  2⤵
  PID:9824
- C:\Windows\System\fjSOgUt.exe
  C:\Windows\System\fjSOgUt.exe
  2⤵
  PID:9840
- C:\Windows\System\oIuMFrx.exe
  C:\Windows\System\oIuMFrx.exe
  2⤵
  PID:9856
- C:\Windows\System\LYXUljS.exe
  C:\Windows\System\LYXUljS.exe
  2⤵
  PID:9872
- C:\Windows\System\jitxszi.exe
  C:\Windows\System\jitxszi.exe
  2⤵
  PID:9888
- C:\Windows\System\vqbzcco.exe
  C:\Windows\System\vqbzcco.exe
  2⤵
  PID:9904
- C:\Windows\System\hrRknRS.exe
  C:\Windows\System\hrRknRS.exe
  2⤵
  PID:9920
- C:\Windows\System\gLLHdwB.exe
  C:\Windows\System\gLLHdwB.exe
  2⤵
  PID:9936
- C:\Windows\System\pRmPkoM.exe
  C:\Windows\System\pRmPkoM.exe
  2⤵
  PID:9952
- C:\Windows\System\wkKqifq.exe
  C:\Windows\System\wkKqifq.exe
  2⤵
  PID:9968
- C:\Windows\System\YHkdpqK.exe
  C:\Windows\System\YHkdpqK.exe
  2⤵
  PID:9984
- C:\Windows\System\IwDCgAf.exe
  C:\Windows\System\IwDCgAf.exe
  2⤵
  PID:10000
- C:\Windows\System\dIBkIJM.exe
  C:\Windows\System\dIBkIJM.exe
  2⤵
  PID:10016
- C:\Windows\System\YBrPPBK.exe
  C:\Windows\System\YBrPPBK.exe
  2⤵
  PID:10032
- C:\Windows\System\YGeTrFp.exe
  C:\Windows\System\YGeTrFp.exe
  2⤵
  PID:10048
- C:\Windows\System\UOiilNh.exe
  C:\Windows\System\UOiilNh.exe
  2⤵
  PID:10088
- C:\Windows\System\UYHpNiT.exe
  C:\Windows\System\UYHpNiT.exe
  2⤵
  PID:10144
- C:\Windows\System\QGDiDRj.exe
  C:\Windows\System\QGDiDRj.exe
  2⤵
  PID:10160
- C:\Windows\System\xatlsZX.exe
  C:\Windows\System\xatlsZX.exe
  2⤵
  PID:10180
- C:\Windows\System\mEYVotL.exe
  C:\Windows\System\mEYVotL.exe
  2⤵
  PID:9324
- C:\Windows\System\ysobGSd.exe
  C:\Windows\System\ysobGSd.exe
  2⤵
  PID:7076
- C:\Windows\System\WjRVnQF.exe
  C:\Windows\System\WjRVnQF.exe
  2⤵
  PID:8804
- C:\Windows\System\UKQzLsj.exe
  C:\Windows\System\UKQzLsj.exe
  2⤵
  PID:8696
- C:\Windows\System\cDUrIRw.exe
  C:\Windows\System\cDUrIRw.exe
  2⤵
  PID:9344
- C:\Windows\System\fGKIcJd.exe
  C:\Windows\System\fGKIcJd.exe
  2⤵
  PID:9372
- C:\Windows\System\SskkLYq.exe
  C:\Windows\System\SskkLYq.exe
  2⤵
  PID:9424
- C:\Windows\System\HwMYldp.exe
  C:\Windows\System\HwMYldp.exe
  2⤵
  PID:9512
- C:\Windows\System\vYJzoOq.exe
  C:\Windows\System\vYJzoOq.exe
  2⤵
  PID:9572
- C:\Windows\System\igEyuCe.exe
  C:\Windows\System\igEyuCe.exe
  2⤵
  PID:9556
- C:\Windows\System\azIYSlM.exe
  C:\Windows\System\azIYSlM.exe
  2⤵
  PID:9460
- C:\Windows\System\owxmsxT.exe
  C:\Windows\System\owxmsxT.exe
  2⤵
  PID:9628
- C:\Windows\System\GpGxZnb.exe
  C:\Windows\System\GpGxZnb.exe
  2⤵
  PID:9692
- C:\Windows\System\LiamfCI.exe
  C:\Windows\System\LiamfCI.exe
  2⤵
  PID:9456
- C:\Windows\System\VQPiydg.exe
  C:\Windows\System\VQPiydg.exe
  2⤵
  PID:9820
- C:\Windows\System\KpkUQLP.exe
  C:\Windows\System\KpkUQLP.exe
  2⤵
  PID:9884
- C:\Windows\System\MEAjuIk.exe
  C:\Windows\System\MEAjuIk.exe
  2⤵
  PID:9580
- C:\Windows\System\hjQadIU.exe
  C:\Windows\System\hjQadIU.exe
  2⤵
  PID:9880
- C:\Windows\System\SpTdoZI.exe
  C:\Windows\System\SpTdoZI.exe
  2⤵
  PID:9704
- C:\Windows\System\LSRsRnC.exe
  C:\Windows\System\LSRsRnC.exe
  2⤵
  PID:9864
- C:\Windows\System\bhyarxL.exe
  C:\Windows\System\bhyarxL.exe
  2⤵
  PID:9992
- C:\Windows\System\sqtQcYR.exe
  C:\Windows\System\sqtQcYR.exe
  2⤵
  PID:9740
- C:\Windows\System\rRYahqU.exe
  C:\Windows\System\rRYahqU.exe
  2⤵
  PID:10012
- C:\Windows\System\oLrvADl.exe
  C:\Windows\System\oLrvADl.exe
  2⤵
  PID:9964
- C:\Windows\System\KeDDMkF.exe
  C:\Windows\System\KeDDMkF.exe
  2⤵
  PID:10056
- C:\Windows\System\geTYRut.exe
  C:\Windows\System\geTYRut.exe
  2⤵
  PID:10064
- C:\Windows\System\vKFqdlI.exe
  C:\Windows\System\vKFqdlI.exe
  2⤵
  PID:10080
- C:\Windows\System\SjnkWMQ.exe
  C:\Windows\System\SjnkWMQ.exe
  2⤵
  PID:10120
- C:\Windows\System\wgHojwx.exe
  C:\Windows\System\wgHojwx.exe
  2⤵
  PID:10132
- C:\Windows\System\HPkgyMd.exe
  C:\Windows\System\HPkgyMd.exe
  2⤵
  PID:10168
- C:\Windows\System\ogbaKKZ.exe
  C:\Windows\System\ogbaKKZ.exe
  2⤵
  PID:10196
- C:\Windows\System\UTOyBXz.exe
  C:\Windows\System\UTOyBXz.exe
  2⤵
  PID:10212
- C:\Windows\System\eVycgBZ.exe
  C:\Windows\System\eVycgBZ.exe
  2⤵
  PID:10236
- C:\Windows\System\gRysdhS.exe
  C:\Windows\System\gRysdhS.exe
  2⤵
  PID:9248
- C:\Windows\System\NFTplBT.exe
  C:\Windows\System\NFTplBT.exe
  2⤵
  PID:9356
- C:\Windows\System\JkcLyaD.exe
  C:\Windows\System\JkcLyaD.exe
  2⤵
  PID:9316
- C:\Windows\System\xqobfBn.exe
  C:\Windows\System\xqobfBn.exe
  2⤵
  PID:9044
- C:\Windows\System\KBCmHgM.exe
  C:\Windows\System\KBCmHgM.exe
  2⤵
  PID:9576
- C:\Windows\System\eJQCWMC.exe
  C:\Windows\System\eJQCWMC.exe
  2⤵
  PID:9596
- C:\Windows\System\GWtYGeC.exe
  C:\Windows\System\GWtYGeC.exe
  2⤵
  PID:9624
- C:\Windows\System\mwMFIIb.exe
  C:\Windows\System\mwMFIIb.exe
  2⤵
  PID:9948
- C:\Windows\System\YUnzvaw.exe
  C:\Windows\System\YUnzvaw.exe
  2⤵
  PID:9836
- C:\Windows\System\CtaFsQF.exe
  C:\Windows\System\CtaFsQF.exe
  2⤵
  PID:9896
- C:\Windows\System\GDDbCAE.exe
  C:\Windows\System\GDDbCAE.exe
  2⤵
  PID:10096
- C:\Windows\System\dScuxLM.exe
  C:\Windows\System\dScuxLM.exe
  2⤵
  PID:10152
- C:\Windows\System\LlsMkSs.exe
  C:\Windows\System\LlsMkSs.exe
  2⤵
  PID:8848
- C:\Windows\System\bfsVIwc.exe
  C:\Windows\System\bfsVIwc.exe
  2⤵
  PID:9232
- C:\Windows\System\MjLlCWR.exe
  C:\Windows\System\MjLlCWR.exe
  2⤵
  PID:9612
- C:\Windows\System\BckqJTk.exe
  C:\Windows\System\BckqJTk.exe
  2⤵
  PID:10156
- C:\Windows\System\IpxdrJY.exe
  C:\Windows\System\IpxdrJY.exe
  2⤵
  PID:10244
- C:\Windows\System\GgaieEL.exe
  C:\Windows\System\GgaieEL.exe
  2⤵
  PID:10260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ATYzqld.exe

Filesize
6.0MB

MD5
6fb9229d8df84eef4aa5f82a993f50e6

SHA1
8c78b2055effff5ddb56ac32146db77034eb8186

SHA256
b227aa5db81bfdc799a7b4d23982cbfb311fbd62aeda2a85b29878f9d41938ae

SHA512
cd1d8ede63e068b668ec87768bd990496c6ce3fe90561f43dd740989b5bd91e7fad32139ddd91e4eeb73bb48c9ed334fdbe89c2a71ab94c31fdb909cc336ad0e

Download Submit
C:\Windows\system\DdSTPLQ.exe

Filesize
6.0MB

MD5
9a7740e915a94bb2e76685a7129c24c4

SHA1
17499ca2d481b298cf610bbe5b7aa3b296ba03de

SHA256
ffc8a2e8a85942b9321af5060195fb493e0e9803a0935c2e31d91132b33f873b

SHA512
19a705e7926cc6defc681622fe00381b91009a49f23c26693c9edb39246fe311a332b0e6716725d364a876fea2c82ae8e095f069680235b795c38ba95b90566a

Download Submit
C:\Windows\system\FKChoiN.exe

Filesize
6.0MB

MD5
c3e3ffdc20e236ca17c108d7e106c393

SHA1
0e79c833f8264ff58a381efc28e29138065b8a37

SHA256
43dbe7efb865ae971841d12d40f0bfd13482c815a9307539820ca68f29344aa4

SHA512
128ed05c82ce3fffa1410ae9f9ab12254e25cf7acc85b7ec5c1f4afd6779439198b0f2310e6c4928b91acb97e1f1984bc1f7e2f2553f2f0b8c4f3d2058fe4c2e

Download Submit
C:\Windows\system\Frxdggt.exe

Filesize
6.0MB

MD5
fcba411d251185246be952ebe956e7cb

SHA1
33a3296c73b6863055b4f172cc5a0435cc2c3f4a

SHA256
e8f591afd8a1d27fc8f45b235bb7756a6a201a04997f2b25cfef01f4042f3645

SHA512
ea0c751c9528396de9056b98f8586c396b214ed84c3833643632b3e56acdfc56b6a5b0229dea5c17555bb76f01e8ea21b1d109b2c49da0d7f96d4c8d3623435e

Download Submit
C:\Windows\system\IZvnhMr.exe

Filesize
6.0MB

MD5
a50a332e6eb09ca71c6f739da2d581ad

SHA1
7d447e53ad7b12779b08cb26a9ff7d0fca10ee56

SHA256
e5bea4dda96a7ebb01cbed442db69cd6b71cab24cd302826d74af045e5985c23

SHA512
fc70b507bcaa7587457119ae44e1f24d704c8cef5dc5fca8b6961edfdb7698e2dd85a3868844fe23431326f45b23a93fa529fa1aec62e764b408fcb33d06ea94

Download Submit
C:\Windows\system\PGbcfmf.exe

Filesize
6.0MB

MD5
bdcd9d02586bd72728661c7719c6f05c

SHA1
f113ba0a089df4caaf8266b02b76e4e6279a7391

SHA256
34a4e5f4a744eb0659ddac8ae7cdad8a319aa29621999aeb4f677de13169c2a6

SHA512
c8719a693fdb75a14ab4483ee3791084a058c191410e9aa5a8f85946e710c19eeaad1b17a1d7cf39af3fceed09c20a3d39dac61ee140f9c9e59bcc811bfd991d

Download Submit
C:\Windows\system\SAWNqul.exe

Filesize
6.0MB

MD5
32dad94c86cc48fd365efe4a41357b9b

SHA1
5e66e205f73544a309d01169d63cd802a4fd4826

SHA256
03815481fd6b51a45e36568ddfd84e6e5b358688f9e89769744ea3e98b7c348e

SHA512
85e74f4634ac221a9ab7a37be4d9d8320106192a776532048ff2b2d6a429c40e4f736d98e99955cacd246ad783d967444f2790f5609103a9eacd9e3d67282cc4

Download Submit
C:\Windows\system\SyjfrVN.exe

Filesize
6.0MB

MD5
89d05e92eb0c25c86f5dbb294f14fd36

SHA1
71cc96751eead260e3f2b28fa1faf06f3707692a

SHA256
0fc90552afb2ededb5e352cf7e3af97a35d647e8ee4dc203dd8ef3c8dc687569

SHA512
b8df9d36fd83070f1a40b09ff23777e6d8e2268325777a184cb48b5d73cef830ffb77c485eab95db890136ad7c33e2db47191ad1ff531ee7ba604d3e3dd39c35

Download Submit
C:\Windows\system\TZwIpJh.exe

Filesize
6.0MB

MD5
e21696e186f8dffd339eac3a818f28ab

SHA1
06fc9a45fa08a8207e2b169539b6d47d1a39ea73

SHA256
b0f4726a1a30bc2cd03c149c64c2a911f7608b75a91823de96500d51e4e4871b

SHA512
53d6f10b498e11d5d050fffa8262b8fdd3189111f1edb87fe9a9de42082242727ac67919fbe24ee528d87340c38993f7fad550726bc3a7b7b3ea9a383c4a2072

Download Submit
C:\Windows\system\XWhaWge.exe

Filesize
6.0MB

MD5
65b1de16f11f59da83a4bed377bb3066

SHA1
63bd791eb07fa9b8bf934445498f1ac4f8f9fe16

SHA256
5ddc8c5fe0625770d07e6e78a026341077e25e4441d3f82b876dc627c06abe37

SHA512
7b5a733db001b70ee860213e1c4abd743af175cc346e1a213042ca85d22e519d22aae3e1f8a6a96e8b3f8162bbc4f3b99a0515aa1031652b568bf31a37b6d72f

Download Submit
C:\Windows\system\XZaUoaJ.exe

Filesize
6.0MB

MD5
8a9148fd129680399ec6d729b30e54b9

SHA1
b3a08c0b09d317dbb7f1dc8c848428291b1d6add

SHA256
e827ade099fe6dc8903a6cfa333e6376df805aabf13de5b3ac50a2646a04dbe2

SHA512
359c70a2892094a4b9a16b7ef27f062057699a85060e9a594307c91db186a17457dc17b30d8aab69dc6ad043d678461b9d5df8775247ac0f94d8832c66476ab1

Download Submit
C:\Windows\system\YADLccO.exe

Filesize
6.0MB

MD5
e8ea2862b2047f09e253e823c03680e9

SHA1
d7ffee1c42f786915593f94afd318e009fdedf80

SHA256
aedbcde7429314d34fc81c7a875f1cffc73952a0c98cfadf60cc2ecdf70cc3ac

SHA512
277c3a46345278ac3c5b1e45979c6f62a28b059e36ec5403a562b51c9d71ff28f246ee57055d130ae5ebbed93d558338a3f65b6fc258613cef00f42d3050529b

Download Submit
C:\Windows\system\ZHdeRPo.exe

Filesize
6.0MB

MD5
55c1cb85ce3983bf5739bc50a2d4e226

SHA1
e1e60748f3e3d7c10e6adab2c3b07532038c7aac

SHA256
1ac33a8f47c5b3e1063491774a05f90f44257eff8a4c7aff17fa6c07d4ca3c53

SHA512
14875f654ce729887b49f0f3cb78bbc950a6ff24f278ca27caaeb48fe9dc37d6a550c01335d2835b572520649211937f1eda578e10929b575b8132c23c45ff54

Download Submit
C:\Windows\system\dsdVWWX.exe

Filesize
6.0MB

MD5
d5bd7c067e6801638b0a538bab203a28

SHA1
c02317194996f74a64e218e6901ba58a9708e30f

SHA256
a4b1dbdf46bf17bae6eb2f53e182d361cb9bea2359409e45a5e18a062dff8005

SHA512
5acb98d554a51a8fd295907a349776633b1a3dbb906c2a149b6c2819c8df92b83fa8e2cafd7a103732de20bc93a3af3e4196b545cc1190ad563f7a23bbb35bb1

Download Submit
C:\Windows\system\duHAhEJ.exe

Filesize
6.0MB

MD5
df744b1c7c9bf194b99a6dbd58778f22

SHA1
2ad5ccdf4bae3f2ee82b8790d258384b7f04325f

SHA256
bae28c450649446087704893527b61cc431abacf6660d8aaa3128ab68210e95d

SHA512
dfe8a533c24909c15420be820fd42a6c461c8e3b34ab25ce7a39d094e4c1d53fa0da6470fac5262a1697b457095c0b29b58d9153fbab4c7b8028b5acd1633961

Download Submit
C:\Windows\system\dvyREKU.exe

Filesize
6.0MB

MD5
47a2219ba4b364e8791a9911519976d9

SHA1
fee39b6f526d9f3be7e93792536a071549e9fcc9

SHA256
9ce496a15c845555f278b6350d469e86583c7b0c03c27c0ab47ad4809ec584f6

SHA512
7ab0c812c16b57d9ea25d3cc5a7d8d6f56ec7121155f0fdb5944be4a86544937dcf7695f103abc6a66908f22d797d8ae58fbf2285cbc202cbf105b215c8303c1

Download Submit
C:\Windows\system\hjgtuwB.exe

Filesize
6.0MB

MD5
445bb4d6194a012b8528932b23ca4d71

SHA1
55cc6602614b15be5d98a90d056c2f935b7cb1e8

SHA256
5647986331d92c78a27a4e4e316ab08e01eec54fe06ac51fe46420dd0fd24ced

SHA512
06e7772fbb2839649cee1b6c240868230fbcd5731318653576f4c3881a27ce5bd34e98c7a415b1b034d734097dcff0edcdb39289bea38ee90573c45de7a0a5a3

Download Submit
C:\Windows\system\jcXzqvT.exe

Filesize
6.0MB

MD5
f174523f1e402f67ba5db0f8469ed14c

SHA1
710e8fa267dab0114f3e16c35134da24cdc16db4

SHA256
3fadc993685fbacf794cf896191e0fc9991321480be721c5aa80c639e027e9f2

SHA512
1cea5afefa39df73127e97cc8ec4925c30572d3954a6f720656bbda14fd39e54a75ccdbefbe0a5e654546b4e3f9f44f72a7b34042c40b09f1dee3fe828c5efd5

Download Submit
C:\Windows\system\lOWjIVC.exe

Filesize
6.0MB

MD5
e79c6127351d9822dd95f02ec74e620a

SHA1
bf12ee2c3821df934806c0bd530afe63cf299dc5

SHA256
75f9785f588b652365a3dc73c122cfb1df17d920366a8f9b4ed5f93caec212be

SHA512
d1abee6d3d54bf6b0d0cf7fa74b205d222141ede1bb73c1f80118065e54af8869cabf8039bedd0f5c9bd1a4e5f89b5deb379922cd1ea34ee240e7d2166c89e10

Download Submit
C:\Windows\system\nWrgiYC.exe

Filesize
6.0MB

MD5
0bb1a54b0ae47473c6b056cbada85d1b

SHA1
c6f97a6e67f11a4334d5e1d5db00355894c1c65a

SHA256
a6ae49d86d5d2361cf247e65ea0b5a12038b49c01c3ae67164050e61b1cd1b9d

SHA512
4951705a6d006c5e7a555035a9ad7e5e037cb0e49fab8659d2be0874225a199c7cb56520fca0252595b3ad8032c615442c14839640274696d02b7b6c4dd6505e

Download Submit
C:\Windows\system\onENntE.exe

Filesize
6.0MB

MD5
4865091ea0c8318ff04ba2f18353b5ee

SHA1
f29af3a62888e2f6359f5268ceafb430de937d21

SHA256
596eb37d8bc4bfbaa5ca1aaf4f18990a2b0d3a899aba856e7f622021ac6eef06

SHA512
bdc5c2445ab3062c5c6c45674620ba5a5d6730d6fa6fd2dbab429f2369fb0ea07e9fc43d99e5fa69d82b38c422cafe6de176619ecdc69618ed33aff4731dbf06

Download Submit
C:\Windows\system\uEgkdGC.exe

Filesize
6.0MB

MD5
1bc83a9d5606a140cf5ee50fc8c5c496

SHA1
dc5d9c36fd410f5f588aaf3d8f0f66d03520819f

SHA256
89e4c60660bcbc1f28a3489db6c486af42099580124ff0c860e2d7596fab6ff6

SHA512
6941a5277795dfe4ae97707b3f298b3c0f76e6c847b0311149c8a365b33be0e42cb56f00266badcc77dd2906e4e7a1949326eba6a198f9531120234fb266c543

Download Submit
\Windows\system\JFIeNKL.exe

Filesize
6.0MB

MD5
6452c82b5054c77991113216d804537a

SHA1
b7f785af5ed64b12c25797c74d62f48562c1c05b

SHA256
50509ac378a7596e4930285a0e260c24a3672082a840037d12a60fdf81502d99

SHA512
37f086be357059008d3c8402ac74717a5ef946ef4647ea6af1b7310b1cc0f49efe39cb9c8433083fcc416c918ea9273c27df2b96561b81770346d4f056245193

Download Submit
\Windows\system\MiwGAfL.exe

Filesize
6.0MB

MD5
e83a1b37e1203ef7ec7bfc7a1c200948

SHA1
9a7b40339a73765dac1584f8ffa0818622322774

SHA256
a73c7cce0b6d7f89922f67955eb4465af6d62426e2f7832400e76d2f4acd64ab

SHA512
47c8b6c79b9582b54c132e101cd2ecbac0c31a25a04364fc2e7659705f9edb4756d3e3c62d9edeee831af236102375b64fe92913472c2fb609c990271f25bbf4

Download Submit
\Windows\system\NMjzBmZ.exe

Filesize
6.0MB

MD5
54b34153ff79f3fe0295f1be563372fc

SHA1
224e6b31b459a71798fd81cbfd543d4e868c654d

SHA256
4a945fe2012e60768c6ef868f079cdd08757cfef41dc22bab5a1087735f02526

SHA512
7ef2cf9a424dec75bb9631b5528207a7d24655c9022f0c3418f53a2b632d09e46f95f6a1bb178e01cf1f59f4359f3d6b4f7ba4b3a6ec7a684a57a2c0fef6dbd2

Download Submit
\Windows\system\SpuwbNu.exe

Filesize
6.0MB

MD5
73ddc27da083973dabdc63ede862895a

SHA1
06ec0dc2a4c581baca149f461934851fc01f6d6d

SHA256
8bcc10b50fab66f8f74740f7212637149f7b083b3a9b3a60b5dabf6d78e2ecb0

SHA512
44c80545f7221b75784ce29f327a2ecd9427147272143782f26dfefa95caeef6415e6f6f3ed061597b65111c6a2d446c12f7ba4d2f843d49db9003589662a363

Download Submit
\Windows\system\YhHLxGS.exe

Filesize
6.0MB

MD5
fda8310efe185da202faa5847e568456

SHA1
0cbcae95d5ff6176cd2d5de801b8eefc60ef7fa9

SHA256
ce496f7bf43f83ca2400ac8b61da6dc484bfbb344fa288c56d6d877fc6fc61f0

SHA512
2e25f83618aec3d0de9b67142c469e37e6b2ac2eef3ee6dc45db74e73845e8a51417120b2fe882bd319147a287591c80c3dbb6bee3fa5a6ff134058f5c938bb7

Download Submit
\Windows\system\ZgkwLTK.exe

Filesize
6.0MB

MD5
0440a86942eeb79fbc5d760d24217dca

SHA1
28a3b2b6011cd9a627dee483235a59d28097789a

SHA256
2f2fa33e21695608284569acc543e180b80e2084610f726e540707fbf0f9856f

SHA512
2b53b18babade3ade91e1cc6bcad2acd87f72a3d389ec5ad9fb4b58b338938d305fe21dcec0bbf3ab866b9629fd80ef96139f68fbc54d925b9b02b2105461561

Download Submit
\Windows\system\bKrThHq.exe

Filesize
6.0MB

MD5
4f52317241a9766c9c00c7945101c23f

SHA1
e3c2c90a542e7b13c9ef9ded27739d2cb6b40519

SHA256
ebc1970b1977f85b2a4fb4dcbcc8c40d5fe4154ed04f745ea1c16bab0c01e94d

SHA512
a0fb0b79a601e8371dfd747e5a0d85e94b69a9fa4b93addc9dfced1b8c511f6d331f0da71c87f868826343eb8ee7cb6fa29aa80c34f8c727d6345e4197557eeb

Download Submit
\Windows\system\gBlEMPA.exe

Filesize
6.0MB

MD5
86c0e668b98adbe6467fbd50d9420b9c

SHA1
9f7c19643aec4ae155509c56b1f1b75d8804375b

SHA256
7c6f5c6a8f05da0a329d7a296864f97c85a31a74c6a7007f4f4c30ebc476aeae

SHA512
aa9858fb687bd5441c288e96e5085c93af8c451235d48f9d5c682ae1d5a060cd52c628a56fe4cd12ae373d97e1e75511700c754d9ed7ae2d8a56117b9d0c4eb0

Download Submit
\Windows\system\nRGeplP.exe

Filesize
6.0MB

MD5
6f730d698f6de5146d9a1ecb63e147ff

SHA1
b585856fde59cb587831b438447509336d92e6f2

SHA256
f1c94bf648bc41f2a0cbf8599a6ab9329c094f4b42dc368cba3c942238262439

SHA512
9b602bb0d0797b3213a780e7429a075f0f83263ba82778cae3765bc458d04011d01b0781e897589443cf15e3fbf7ed0848106967e64e8216a283911c645cb373

Download Submit
\Windows\system\oTtpmwx.exe

Filesize
6.0MB

MD5
5d6a02cfe9eb43f97aa01a7625580d92

SHA1
afee5840abaacb15e57fe1321f435423b4e9bb6c

SHA256
7f2a7d638099c3b8f4dbd1a864432732198920dd0f4c6218187cc9b6177f3738

SHA512
68953e6844a82d8c604d3cdfb0cfd562f3543e2975b53e8076616774e45d2830bb266af45ee694525c7054e0d652f04477bd7e10b79286cbb8c3443e975cfa80

Download Submit
\Windows\system\pdPMXvp.exe

Filesize
6.0MB

MD5
4203b6f716f9d23ce96fba2e5f81dc16

SHA1
b4626a3286817f03a9c47fc819b9aff1e5ca2c31

SHA256
1e301c3a0f6471ece6f824b82c423995412ebb986feead850f37db3874b89840

SHA512
85be2c06f8258e52e70fe00fb3a2fe632df0de9cd99972e29b41005a7148f4fb080bbff2899ec5509b1efc2056472058380389f218da737488b97f5cad2a4351

Download Submit
\Windows\system\qmSbvgz.exe

Filesize
6.0MB

MD5
0be8b0963f6dda74522a0112a7209ae6

SHA1
5ffdda79390e6c99db8d55fc5993dabb1293fd26

SHA256
b1b49af9dc5dbe02728010090c9fa8621364beaa2f8396d2e85dfdf9e723b7c8

SHA512
81db78999218a8a9dd1eb94c6eb00d96d3c96fc2fb6c50f0687f2e7b8f551aa919a94a2f75fd4a22834d5435a8590cb0659c2dca8f2fb882fcd52b80c8214c96

Download Submit
\Windows\system\xTSkbJK.exe

Filesize
6.0MB

MD5
3ae72694ac5b9f08a7bcf2dbbeecaf3c

SHA1
fe71f3bb086036de6b275ce6e660c42e813e2400

SHA256
8d27be289e780b93e182ea1238124a4e284b0d16dd6560316584dfbc2ceb6f68

SHA512
7b8a44f829e677906adc34021b1fd63b1b86b7883230acd2778688f247175c85fb1bf0370e1032e78b6dd2c5610fae2dc485a93deeb52a254c8068885d591419

Download Submit
memory/1224-3943-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1224-192-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1344-190-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/1344-3941-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/1632-3946-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1632-207-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1648-3940-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1648-205-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1788-147-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/1788-3934-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/1860-1904-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/1860-1745-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/1860-201-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/1860-150-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/1860-199-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/1860-210-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/1860-197-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-1899-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-195-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/1860-126-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/1860-212-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/1860-193-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-203-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1860-191-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/1860-1923-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/1860-206-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1860-208-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-0-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1860-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1860-1542-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1860-1559-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/1860-1881-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1860-1855-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/1948-196-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1948-3942-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2400-213-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2400-3936-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3933-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-198-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-200-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3945-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2800-204-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3937-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3938-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2816-202-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2836-211-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3977-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-3939-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-209-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3935-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-194-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download