cobaltstrike | bdc1d3770a7ea59170c0860104093b256abb9b62a449063b6285b56c91356a2b

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-09-2024 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8c10a49c7d79839a14188de1079835ac
SHA1

356d50526aadfdfc5ded0ac6bb09c3be1108fb06
SHA256

bdc1d3770a7ea59170c0860104093b256abb9b62a449063b6285b56c91356a2b
SHA512

57b443776c2954b33d32cb7bd624e64e0ca1d609ff669f9340ad862626a205acda162beab367fefecc881589bf914c1b6cdfb902be59d442b64d17e37221a08b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUd:T+q56utgpPF8u/7d

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0003000000012000-6.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174cc-8.dat	cobalt_reflective_dll
behavioral1/files/0x000e000000018676-12.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186ea-38.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186fd-49.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019582-98.dat	cobalt_reflective_dll
behavioral1/files/0x00390000000173a9-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950c-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-77.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-71.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001873d-62.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186ee-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018683-37.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186e4-27.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1444-0-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x0003000000012000-6.dat	xmrig
behavioral1/files/0x00080000000174cc-8.dat	xmrig
behavioral1/files/0x000e000000018676-12.dat	xmrig
behavioral1/files/0x00060000000186ea-38.dat	xmrig
behavioral1/memory/2724-41-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x00060000000186fd-49.dat	xmrig
behavioral1/files/0x0005000000019441-67.dat	xmrig
behavioral1/memory/1820-74-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2604-80-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/1436-93-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019617-135.dat	xmrig
behavioral1/files/0x0005000000019623-163.dat	xmrig
behavioral1/memory/1444-485-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019625-167.dat	xmrig
behavioral1/files/0x0005000000019622-160.dat	xmrig
behavioral1/files/0x0005000000019621-156.dat	xmrig
behavioral1/files/0x000500000001961f-151.dat	xmrig
behavioral1/files/0x000500000001961b-144.dat	xmrig
behavioral1/files/0x000500000001961d-148.dat	xmrig
behavioral1/files/0x0005000000019619-140.dat	xmrig
behavioral1/files/0x0005000000019613-127.dat	xmrig
behavioral1/files/0x0005000000019615-132.dat	xmrig
behavioral1/files/0x0005000000019611-124.dat	xmrig
behavioral1/files/0x000500000001960f-119.dat	xmrig
behavioral1/files/0x000500000001960d-116.dat	xmrig
behavioral1/files/0x000500000001960b-111.dat	xmrig
behavioral1/files/0x0005000000019609-108.dat	xmrig
behavioral1/files/0x00050000000195c5-104.dat	xmrig
behavioral1/memory/1444-95-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/1444-94-0x0000000002210000-0x0000000002564000-memory.dmp	xmrig
behavioral1/files/0x0005000000019582-98.dat	xmrig
behavioral1/files/0x00390000000173a9-90.dat	xmrig
behavioral1/memory/2308-86-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/1444-79-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001950c-84.dat	xmrig
behavioral1/files/0x0005000000019461-77.dat	xmrig
behavioral1/memory/3064-68-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2628-66-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x000500000001944f-71.dat	xmrig
behavioral1/memory/1444-65-0x0000000002210000-0x0000000002564000-memory.dmp	xmrig
behavioral1/memory/1444-64-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x000700000001873d-62.dat	xmrig
behavioral1/memory/2564-61-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2736-48-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x00060000000186ee-45.dat	xmrig
behavioral1/memory/2716-40-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x0007000000018683-37.dat	xmrig
behavioral1/memory/1444-36-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2688-35-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2184-20-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2268-28-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x00060000000186e4-27.dat	xmrig
behavioral1/memory/2828-26-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2628-3782-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2736-3783-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2688-3788-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2828-3787-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2716-3816-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2184-3818-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2604-3852-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2308-3851-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/1436-3850-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2724-3866-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2268	AIDXdXL.exe
2184	zCuqbrL.exe
2828	zqwIGWh.exe
2688	fsAFAes.exe
2716	oYnXbVU.exe
2724	KmJraMb.exe
2736	FCOCZlD.exe
2564	hneNTPU.exe
2628	lEskQIf.exe
3064	CHIKcdT.exe
1820	dTZdcUs.exe
2604	KtpRsPt.exe
2308	DKheZjl.exe
1436	OyyTbBB.exe
1260	BTMGDNP.exe
1844	owuJeoO.exe
2092	mZTDPvw.exe
1564	cnKDfXg.exe
2948	dETwJSE.exe
1660	WwRRhlR.exe
376	LSneAGM.exe
536	TwPwyVh.exe
2236	OmJtfKy.exe
2224	okjZzHa.exe
2120	MvSDRaN.exe
1804	aIoSPth.exe
3024	hVzbund.exe
2272	MTFQWqW.exe
1716	fFWZKMq.exe
1360	INjWKjp.exe
2180	kAsCqYm.exe
3052	ktSvVgl.exe
1368	yssqqsi.exe
1864	KKlXCCU.exe
1644	feRbiaJ.exe
2204	kVaemdm.exe
956	lDKfvkv.exe
568	iTnDtGK.exe
920	yuvHXzV.exe
1720	COQWtLa.exe
1776	gUDqdcs.exe
1704	AsjDBup.exe
1312	lKIRjNx.exe
2008	MilsWoh.exe
2104	fLaJQnv.exe
2032	zMYnMIv.exe
1076	HyJFfgH.exe
2428	KHsOHMQ.exe
1404	SrLhQbe.exe
2496	rDfTBig.exe
344	bfUHFno.exe
2960	pwMWYoP.exe
1736	rAGuCgU.exe
1008	vAnyUkF.exe
556	oNAonnf.exe
1448	QzBOjxN.exe
2888	hObvdav.exe
2096	wMeTcuu.exe
2352	msvKFkC.exe
544	IFWrvYP.exe
2112	ALhGNxJ.exe
2644	NZLRSaR.exe
2324	kBnpDNZ.exe
2140	hlTdosz.exe

Loads dropped DLL 64 IoCs

pid	Process
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1444-0-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x0003000000012000-6.dat	upx
behavioral1/files/0x00080000000174cc-8.dat	upx
behavioral1/files/0x000e000000018676-12.dat	upx
behavioral1/files/0x00060000000186ea-38.dat	upx
behavioral1/memory/2724-41-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x00060000000186fd-49.dat	upx
behavioral1/files/0x0005000000019441-67.dat	upx
behavioral1/memory/1820-74-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2604-80-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/1436-93-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/files/0x0005000000019617-135.dat	upx
behavioral1/files/0x0005000000019623-163.dat	upx
behavioral1/files/0x0005000000019625-167.dat	upx
behavioral1/files/0x0005000000019622-160.dat	upx
behavioral1/files/0x0005000000019621-156.dat	upx
behavioral1/files/0x000500000001961f-151.dat	upx
behavioral1/files/0x000500000001961b-144.dat	upx
behavioral1/files/0x000500000001961d-148.dat	upx
behavioral1/files/0x0005000000019619-140.dat	upx
behavioral1/files/0x0005000000019613-127.dat	upx
behavioral1/files/0x0005000000019615-132.dat	upx
behavioral1/files/0x0005000000019611-124.dat	upx
behavioral1/files/0x000500000001960f-119.dat	upx
behavioral1/files/0x000500000001960d-116.dat	upx
behavioral1/files/0x000500000001960b-111.dat	upx
behavioral1/files/0x0005000000019609-108.dat	upx
behavioral1/files/0x00050000000195c5-104.dat	upx
behavioral1/files/0x0005000000019582-98.dat	upx
behavioral1/files/0x00390000000173a9-90.dat	upx
behavioral1/memory/2308-86-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x000500000001950c-84.dat	upx
behavioral1/files/0x0005000000019461-77.dat	upx
behavioral1/memory/3064-68-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2628-66-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x000500000001944f-71.dat	upx
behavioral1/memory/1444-64-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x000700000001873d-62.dat	upx
behavioral1/memory/2564-61-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2736-48-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x00060000000186ee-45.dat	upx
behavioral1/memory/2716-40-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/files/0x0007000000018683-37.dat	upx
behavioral1/memory/2688-35-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2184-20-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2268-28-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x00060000000186e4-27.dat	upx
behavioral1/memory/2828-26-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2628-3782-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2736-3783-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2688-3788-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2828-3787-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2716-3816-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2184-3818-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2604-3852-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2308-3851-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/1436-3850-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2724-3866-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/1820-3867-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/3064-3894-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZFCpTni.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NKSacKO.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FuIucPG.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PzfTZjg.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XDWOsjJ.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\liGLSpL.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kewPcoa.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdcbUOl.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LXitsPZ.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJCPcyA.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HsLmyUh.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OwYdwSl.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLmwMhG.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqOVcku.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qpQxBRH.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jHLfjnm.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lWvNZYU.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bGpvrgq.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KKiMJLX.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eDYrJCS.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hibaWjH.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FApinyu.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FIYYzgz.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TtBScyl.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CxkSoMC.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LVSqXIY.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mZoHGtb.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cvEjgzV.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdponHL.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftORQUv.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZSEPWH.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iSRpdlU.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yatIrjO.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BIgODIS.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVtHWmL.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bEPOhgN.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xDwPQXv.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DxwFuiO.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eJfTnzH.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\feRbiaJ.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rxqeEwZ.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mywNUkd.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HgVRrpA.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFjxdPs.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYuqTSP.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INjWKjp.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UnnWlWp.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TLjUbrH.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRTTVEr.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ixSZFVZ.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nwUsZJe.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dINdAVR.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VhbGNFk.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FPCtufW.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FVVhBxv.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhxfAaO.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VNDVURZ.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZgUKlds.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JryuzLq.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lCRvKPC.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tElBMcj.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAGoRLq.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dTZdcUs.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bfUHFno.exe	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1444 wrote to memory of 2268	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1444 wrote to memory of 2268	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1444 wrote to memory of 2268	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1444 wrote to memory of 2184	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1444 wrote to memory of 2184	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1444 wrote to memory of 2184	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1444 wrote to memory of 2828	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1444 wrote to memory of 2828	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1444 wrote to memory of 2828	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1444 wrote to memory of 2716	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1444 wrote to memory of 2716	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1444 wrote to memory of 2716	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1444 wrote to memory of 2688	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1444 wrote to memory of 2688	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1444 wrote to memory of 2688	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1444 wrote to memory of 2724	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1444 wrote to memory of 2724	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1444 wrote to memory of 2724	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1444 wrote to memory of 2736	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1444 wrote to memory of 2736	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1444 wrote to memory of 2736	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1444 wrote to memory of 2564	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1444 wrote to memory of 2564	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1444 wrote to memory of 2564	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1444 wrote to memory of 2628	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1444 wrote to memory of 2628	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1444 wrote to memory of 2628	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1444 wrote to memory of 3064	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1444 wrote to memory of 3064	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1444 wrote to memory of 3064	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1444 wrote to memory of 1820	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1444 wrote to memory of 1820	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1444 wrote to memory of 1820	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1444 wrote to memory of 2604	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1444 wrote to memory of 2604	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1444 wrote to memory of 2604	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1444 wrote to memory of 2308	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1444 wrote to memory of 2308	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1444 wrote to memory of 2308	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1444 wrote to memory of 1436	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1444 wrote to memory of 1436	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1444 wrote to memory of 1436	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1444 wrote to memory of 1260	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1444 wrote to memory of 1260	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1444 wrote to memory of 1260	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1444 wrote to memory of 1844	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1444 wrote to memory of 1844	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1444 wrote to memory of 1844	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1444 wrote to memory of 2092	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1444 wrote to memory of 2092	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1444 wrote to memory of 2092	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1444 wrote to memory of 1564	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1444 wrote to memory of 1564	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1444 wrote to memory of 1564	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1444 wrote to memory of 2948	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1444 wrote to memory of 2948	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1444 wrote to memory of 2948	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1444 wrote to memory of 1660	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1444 wrote to memory of 1660	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1444 wrote to memory of 1660	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1444 wrote to memory of 376	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1444 wrote to memory of 376	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1444 wrote to memory of 376	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1444 wrote to memory of 536	1444	2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-24_8c10a49c7d79839a14188de1079835ac_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1444
- C:\Windows\System\AIDXdXL.exe
  C:\Windows\System\AIDXdXL.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\zCuqbrL.exe
  C:\Windows\System\zCuqbrL.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\zqwIGWh.exe
  C:\Windows\System\zqwIGWh.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\oYnXbVU.exe
  C:\Windows\System\oYnXbVU.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\fsAFAes.exe
  C:\Windows\System\fsAFAes.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\KmJraMb.exe
  C:\Windows\System\KmJraMb.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\FCOCZlD.exe
  C:\Windows\System\FCOCZlD.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\hneNTPU.exe
  C:\Windows\System\hneNTPU.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\lEskQIf.exe
  C:\Windows\System\lEskQIf.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\CHIKcdT.exe
  C:\Windows\System\CHIKcdT.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\dTZdcUs.exe
  C:\Windows\System\dTZdcUs.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\KtpRsPt.exe
  C:\Windows\System\KtpRsPt.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\DKheZjl.exe
  C:\Windows\System\DKheZjl.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\OyyTbBB.exe
  C:\Windows\System\OyyTbBB.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\BTMGDNP.exe
  C:\Windows\System\BTMGDNP.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\owuJeoO.exe
  C:\Windows\System\owuJeoO.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\mZTDPvw.exe
  C:\Windows\System\mZTDPvw.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\cnKDfXg.exe
  C:\Windows\System\cnKDfXg.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\dETwJSE.exe
  C:\Windows\System\dETwJSE.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\WwRRhlR.exe
  C:\Windows\System\WwRRhlR.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\LSneAGM.exe
  C:\Windows\System\LSneAGM.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\TwPwyVh.exe
  C:\Windows\System\TwPwyVh.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\OmJtfKy.exe
  C:\Windows\System\OmJtfKy.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\okjZzHa.exe
  C:\Windows\System\okjZzHa.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\MvSDRaN.exe
  C:\Windows\System\MvSDRaN.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\aIoSPth.exe
  C:\Windows\System\aIoSPth.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\hVzbund.exe
  C:\Windows\System\hVzbund.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\MTFQWqW.exe
  C:\Windows\System\MTFQWqW.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\fFWZKMq.exe
  C:\Windows\System\fFWZKMq.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\INjWKjp.exe
  C:\Windows\System\INjWKjp.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\kAsCqYm.exe
  C:\Windows\System\kAsCqYm.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\ktSvVgl.exe
  C:\Windows\System\ktSvVgl.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\yssqqsi.exe
  C:\Windows\System\yssqqsi.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\KKlXCCU.exe
  C:\Windows\System\KKlXCCU.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\feRbiaJ.exe
  C:\Windows\System\feRbiaJ.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\kVaemdm.exe
  C:\Windows\System\kVaemdm.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\lDKfvkv.exe
  C:\Windows\System\lDKfvkv.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\iTnDtGK.exe
  C:\Windows\System\iTnDtGK.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\yuvHXzV.exe
  C:\Windows\System\yuvHXzV.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\AsjDBup.exe
  C:\Windows\System\AsjDBup.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\COQWtLa.exe
  C:\Windows\System\COQWtLa.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\lKIRjNx.exe
  C:\Windows\System\lKIRjNx.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\gUDqdcs.exe
  C:\Windows\System\gUDqdcs.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\fLaJQnv.exe
  C:\Windows\System\fLaJQnv.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\MilsWoh.exe
  C:\Windows\System\MilsWoh.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\zMYnMIv.exe
  C:\Windows\System\zMYnMIv.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\HyJFfgH.exe
  C:\Windows\System\HyJFfgH.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\KHsOHMQ.exe
  C:\Windows\System\KHsOHMQ.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\SrLhQbe.exe
  C:\Windows\System\SrLhQbe.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\rDfTBig.exe
  C:\Windows\System\rDfTBig.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\bfUHFno.exe
  C:\Windows\System\bfUHFno.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\pwMWYoP.exe
  C:\Windows\System\pwMWYoP.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\rAGuCgU.exe
  C:\Windows\System\rAGuCgU.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\hObvdav.exe
  C:\Windows\System\hObvdav.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\vAnyUkF.exe
  C:\Windows\System\vAnyUkF.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\wMeTcuu.exe
  C:\Windows\System\wMeTcuu.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\oNAonnf.exe
  C:\Windows\System\oNAonnf.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\msvKFkC.exe
  C:\Windows\System\msvKFkC.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\QzBOjxN.exe
  C:\Windows\System\QzBOjxN.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\IFWrvYP.exe
  C:\Windows\System\IFWrvYP.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\ALhGNxJ.exe
  C:\Windows\System\ALhGNxJ.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\NZLRSaR.exe
  C:\Windows\System\NZLRSaR.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\kBnpDNZ.exe
  C:\Windows\System\kBnpDNZ.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\QTwsyQg.exe
  C:\Windows\System\QTwsyQg.exe
  2⤵
  PID:1580
- C:\Windows\System\hlTdosz.exe
  C:\Windows\System\hlTdosz.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\umTAziw.exe
  C:\Windows\System\umTAziw.exe
  2⤵
  PID:1684
- C:\Windows\System\lsZFIss.exe
  C:\Windows\System\lsZFIss.exe
  2⤵
  PID:2704
- C:\Windows\System\NTbHdHi.exe
  C:\Windows\System\NTbHdHi.exe
  2⤵
  PID:2844
- C:\Windows\System\sVTSbvw.exe
  C:\Windows\System\sVTSbvw.exe
  2⤵
  PID:2976
- C:\Windows\System\yEIECLB.exe
  C:\Windows\System\yEIECLB.exe
  2⤵
  PID:1784
- C:\Windows\System\qxtYCfU.exe
  C:\Windows\System\qxtYCfU.exe
  2⤵
  PID:2684
- C:\Windows\System\jyEmzxz.exe
  C:\Windows\System\jyEmzxz.exe
  2⤵
  PID:2580
- C:\Windows\System\ShqyMeK.exe
  C:\Windows\System\ShqyMeK.exe
  2⤵
  PID:572
- C:\Windows\System\zCcgZLj.exe
  C:\Windows\System\zCcgZLj.exe
  2⤵
  PID:2124
- C:\Windows\System\Piiesoj.exe
  C:\Windows\System\Piiesoj.exe
  2⤵
  PID:2780
- C:\Windows\System\FVVhBxv.exe
  C:\Windows\System\FVVhBxv.exe
  2⤵
  PID:2300
- C:\Windows\System\bUHqwSs.exe
  C:\Windows\System\bUHqwSs.exe
  2⤵
  PID:108
- C:\Windows\System\NgWLsco.exe
  C:\Windows\System\NgWLsco.exe
  2⤵
  PID:1652
- C:\Windows\System\gESfIDo.exe
  C:\Windows\System\gESfIDo.exe
  2⤵
  PID:480
- C:\Windows\System\vGqkyrD.exe
  C:\Windows\System\vGqkyrD.exe
  2⤵
  PID:2440
- C:\Windows\System\lTvqQEI.exe
  C:\Windows\System\lTvqQEI.exe
  2⤵
  PID:1636
- C:\Windows\System\JUuxfxi.exe
  C:\Windows\System\JUuxfxi.exe
  2⤵
  PID:2064
- C:\Windows\System\AUuQlMd.exe
  C:\Windows\System\AUuQlMd.exe
  2⤵
  PID:2436
- C:\Windows\System\XPDhXIN.exe
  C:\Windows\System\XPDhXIN.exe
  2⤵
  PID:2068
- C:\Windows\System\BOZywFT.exe
  C:\Windows\System\BOZywFT.exe
  2⤵
  PID:972
- C:\Windows\System\iHcSoff.exe
  C:\Windows\System\iHcSoff.exe
  2⤵
  PID:1000
- C:\Windows\System\uDIOwBA.exe
  C:\Windows\System\uDIOwBA.exe
  2⤵
  PID:1064
- C:\Windows\System\VLgnnIZ.exe
  C:\Windows\System\VLgnnIZ.exe
  2⤵
  PID:1016
- C:\Windows\System\sbcopGk.exe
  C:\Windows\System\sbcopGk.exe
  2⤵
  PID:976
- C:\Windows\System\uXAlMfO.exe
  C:\Windows\System\uXAlMfO.exe
  2⤵
  PID:3032
- C:\Windows\System\ydyRDGB.exe
  C:\Windows\System\ydyRDGB.exe
  2⤵
  PID:2460
- C:\Windows\System\KhdrLuQ.exe
  C:\Windows\System\KhdrLuQ.exe
  2⤵
  PID:2024
- C:\Windows\System\hTwRgdh.exe
  C:\Windows\System\hTwRgdh.exe
  2⤵
  PID:2544
- C:\Windows\System\HxzsbPC.exe
  C:\Windows\System\HxzsbPC.exe
  2⤵
  PID:284
- C:\Windows\System\JiidVKM.exe
  C:\Windows\System\JiidVKM.exe
  2⤵
  PID:1800
- C:\Windows\System\dGBagQp.exe
  C:\Windows\System\dGBagQp.exe
  2⤵
  PID:392
- C:\Windows\System\JqwFknj.exe
  C:\Windows\System\JqwFknj.exe
  2⤵
  PID:1596
- C:\Windows\System\vpPwucE.exe
  C:\Windows\System\vpPwucE.exe
  2⤵
  PID:2040
- C:\Windows\System\hucjVzO.exe
  C:\Windows\System\hucjVzO.exe
  2⤵
  PID:884
- C:\Windows\System\EKTwfcJ.exe
  C:\Windows\System\EKTwfcJ.exe
  2⤵
  PID:2836
- C:\Windows\System\zBNAQOX.exe
  C:\Windows\System\zBNAQOX.exe
  2⤵
  PID:2856
- C:\Windows\System\ECKtNmq.exe
  C:\Windows\System\ECKtNmq.exe
  2⤵
  PID:2648
- C:\Windows\System\ucsRadt.exe
  C:\Windows\System\ucsRadt.exe
  2⤵
  PID:1664
- C:\Windows\System\FNWbKnz.exe
  C:\Windows\System\FNWbKnz.exe
  2⤵
  PID:2620
- C:\Windows\System\wORvnCZ.exe
  C:\Windows\System\wORvnCZ.exe
  2⤵
  PID:2936
- C:\Windows\System\LNPnSMS.exe
  C:\Windows\System\LNPnSMS.exe
  2⤵
  PID:2084
- C:\Windows\System\vjUDAws.exe
  C:\Windows\System\vjUDAws.exe
  2⤵
  PID:2416
- C:\Windows\System\StNJHeZ.exe
  C:\Windows\System\StNJHeZ.exe
  2⤵
  PID:2256
- C:\Windows\System\DJIuBVT.exe
  C:\Windows\System\DJIuBVT.exe
  2⤵
  PID:1248
- C:\Windows\System\GVHCzre.exe
  C:\Windows\System\GVHCzre.exe
  2⤵
  PID:940
- C:\Windows\System\TRknsXO.exe
  C:\Windows\System\TRknsXO.exe
  2⤵
  PID:1972
- C:\Windows\System\GJgOtgK.exe
  C:\Windows\System\GJgOtgK.exe
  2⤵
  PID:1044
- C:\Windows\System\wGvyRqr.exe
  C:\Windows\System\wGvyRqr.exe
  2⤵
  PID:780
- C:\Windows\System\fuicVvA.exe
  C:\Windows\System\fuicVvA.exe
  2⤵
  PID:640
- C:\Windows\System\ddJelAA.exe
  C:\Windows\System\ddJelAA.exe
  2⤵
  PID:3088
- C:\Windows\System\hcWzCNQ.exe
  C:\Windows\System\hcWzCNQ.exe
  2⤵
  PID:3104
- C:\Windows\System\TQDHBQQ.exe
  C:\Windows\System\TQDHBQQ.exe
  2⤵
  PID:3120
- C:\Windows\System\KfqLjyj.exe
  C:\Windows\System\KfqLjyj.exe
  2⤵
  PID:3136
- C:\Windows\System\rckbKXD.exe
  C:\Windows\System\rckbKXD.exe
  2⤵
  PID:3152
- C:\Windows\System\fZyjECI.exe
  C:\Windows\System\fZyjECI.exe
  2⤵
  PID:3168
- C:\Windows\System\UIuUAbD.exe
  C:\Windows\System\UIuUAbD.exe
  2⤵
  PID:3184
- C:\Windows\System\kjrCsKt.exe
  C:\Windows\System\kjrCsKt.exe
  2⤵
  PID:3200
- C:\Windows\System\HLzoiuO.exe
  C:\Windows\System\HLzoiuO.exe
  2⤵
  PID:3216
- C:\Windows\System\PuxdGAa.exe
  C:\Windows\System\PuxdGAa.exe
  2⤵
  PID:3232
- C:\Windows\System\JfYlgBz.exe
  C:\Windows\System\JfYlgBz.exe
  2⤵
  PID:3248
- C:\Windows\System\ApSPAPR.exe
  C:\Windows\System\ApSPAPR.exe
  2⤵
  PID:3264
- C:\Windows\System\PpKlaBx.exe
  C:\Windows\System\PpKlaBx.exe
  2⤵
  PID:3280
- C:\Windows\System\aMfaHBd.exe
  C:\Windows\System\aMfaHBd.exe
  2⤵
  PID:3296
- C:\Windows\System\jggdNdf.exe
  C:\Windows\System\jggdNdf.exe
  2⤵
  PID:3312
- C:\Windows\System\HDvXMnv.exe
  C:\Windows\System\HDvXMnv.exe
  2⤵
  PID:3328
- C:\Windows\System\qCKoHHg.exe
  C:\Windows\System\qCKoHHg.exe
  2⤵
  PID:3344
- C:\Windows\System\jVhCqwz.exe
  C:\Windows\System\jVhCqwz.exe
  2⤵
  PID:3360
- C:\Windows\System\PHBVSiN.exe
  C:\Windows\System\PHBVSiN.exe
  2⤵
  PID:3376
- C:\Windows\System\XFYTVpC.exe
  C:\Windows\System\XFYTVpC.exe
  2⤵
  PID:3392
- C:\Windows\System\rKUBmRM.exe
  C:\Windows\System\rKUBmRM.exe
  2⤵
  PID:3408
- C:\Windows\System\LAulMNs.exe
  C:\Windows\System\LAulMNs.exe
  2⤵
  PID:3424
- C:\Windows\System\gZanUtU.exe
  C:\Windows\System\gZanUtU.exe
  2⤵
  PID:3440
- C:\Windows\System\OQXyyPd.exe
  C:\Windows\System\OQXyyPd.exe
  2⤵
  PID:3456
- C:\Windows\System\INrzRuk.exe
  C:\Windows\System\INrzRuk.exe
  2⤵
  PID:3472
- C:\Windows\System\USekqoV.exe
  C:\Windows\System\USekqoV.exe
  2⤵
  PID:3488
- C:\Windows\System\ZGkmsSN.exe
  C:\Windows\System\ZGkmsSN.exe
  2⤵
  PID:3504
- C:\Windows\System\lkbbwzw.exe
  C:\Windows\System\lkbbwzw.exe
  2⤵
  PID:3520
- C:\Windows\System\DkDzDFe.exe
  C:\Windows\System\DkDzDFe.exe
  2⤵
  PID:3536
- C:\Windows\System\xgaojwa.exe
  C:\Windows\System\xgaojwa.exe
  2⤵
  PID:3552
- C:\Windows\System\pMDgoRQ.exe
  C:\Windows\System\pMDgoRQ.exe
  2⤵
  PID:3568
- C:\Windows\System\VgOoLEJ.exe
  C:\Windows\System\VgOoLEJ.exe
  2⤵
  PID:3584
- C:\Windows\System\WoxVBoY.exe
  C:\Windows\System\WoxVBoY.exe
  2⤵
  PID:3600
- C:\Windows\System\NzZQZsM.exe
  C:\Windows\System\NzZQZsM.exe
  2⤵
  PID:3616
- C:\Windows\System\nqpACGo.exe
  C:\Windows\System\nqpACGo.exe
  2⤵
  PID:3632
- C:\Windows\System\dJkrqKQ.exe
  C:\Windows\System\dJkrqKQ.exe
  2⤵
  PID:3648
- C:\Windows\System\CSMFDgV.exe
  C:\Windows\System\CSMFDgV.exe
  2⤵
  PID:3664
- C:\Windows\System\chCXrCa.exe
  C:\Windows\System\chCXrCa.exe
  2⤵
  PID:3680
- C:\Windows\System\xtgMIBD.exe
  C:\Windows\System\xtgMIBD.exe
  2⤵
  PID:3696
- C:\Windows\System\NiIFVeJ.exe
  C:\Windows\System\NiIFVeJ.exe
  2⤵
  PID:3712
- C:\Windows\System\OhbQAQr.exe
  C:\Windows\System\OhbQAQr.exe
  2⤵
  PID:3728
- C:\Windows\System\FJjhDqb.exe
  C:\Windows\System\FJjhDqb.exe
  2⤵
  PID:3744
- C:\Windows\System\qMRSMAO.exe
  C:\Windows\System\qMRSMAO.exe
  2⤵
  PID:3760
- C:\Windows\System\qklemwO.exe
  C:\Windows\System\qklemwO.exe
  2⤵
  PID:3780
- C:\Windows\System\irRiwwB.exe
  C:\Windows\System\irRiwwB.exe
  2⤵
  PID:3796
- C:\Windows\System\JrwhLWE.exe
  C:\Windows\System\JrwhLWE.exe
  2⤵
  PID:3812
- C:\Windows\System\aiPvgWF.exe
  C:\Windows\System\aiPvgWF.exe
  2⤵
  PID:3828
- C:\Windows\System\YTVRwAR.exe
  C:\Windows\System\YTVRwAR.exe
  2⤵
  PID:3844
- C:\Windows\System\FifcYRZ.exe
  C:\Windows\System\FifcYRZ.exe
  2⤵
  PID:3860
- C:\Windows\System\IAtwnXc.exe
  C:\Windows\System\IAtwnXc.exe
  2⤵
  PID:3876
- C:\Windows\System\cWeblWB.exe
  C:\Windows\System\cWeblWB.exe
  2⤵
  PID:3892
- C:\Windows\System\UArmbnm.exe
  C:\Windows\System\UArmbnm.exe
  2⤵
  PID:3908
- C:\Windows\System\ITmlKva.exe
  C:\Windows\System\ITmlKva.exe
  2⤵
  PID:3928
- C:\Windows\System\ZFCpTni.exe
  C:\Windows\System\ZFCpTni.exe
  2⤵
  PID:3944
- C:\Windows\System\KJjsfYT.exe
  C:\Windows\System\KJjsfYT.exe
  2⤵
  PID:3960
- C:\Windows\System\oLCKNpY.exe
  C:\Windows\System\oLCKNpY.exe
  2⤵
  PID:3976
- C:\Windows\System\lOhuvbK.exe
  C:\Windows\System\lOhuvbK.exe
  2⤵
  PID:3992
- C:\Windows\System\uSxbRou.exe
  C:\Windows\System\uSxbRou.exe
  2⤵
  PID:4008
- C:\Windows\System\NpHimFD.exe
  C:\Windows\System\NpHimFD.exe
  2⤵
  PID:4024
- C:\Windows\System\CYHpMLl.exe
  C:\Windows\System\CYHpMLl.exe
  2⤵
  PID:4040
- C:\Windows\System\tVmlnfl.exe
  C:\Windows\System\tVmlnfl.exe
  2⤵
  PID:4056
- C:\Windows\System\eDYrJCS.exe
  C:\Windows\System\eDYrJCS.exe
  2⤵
  PID:4072
- C:\Windows\System\CQgdIFR.exe
  C:\Windows\System\CQgdIFR.exe
  2⤵
  PID:4088
- C:\Windows\System\SMYCFNm.exe
  C:\Windows\System\SMYCFNm.exe
  2⤵
  PID:820
- C:\Windows\System\KndtZXZ.exe
  C:\Windows\System\KndtZXZ.exe
  2⤵
  PID:2404
- C:\Windows\System\ZSGTTbl.exe
  C:\Windows\System\ZSGTTbl.exe
  2⤵
  PID:2372
- C:\Windows\System\RVwRJqF.exe
  C:\Windows\System\RVwRJqF.exe
  2⤵
  PID:1968
- C:\Windows\System\juWiQHa.exe
  C:\Windows\System\juWiQHa.exe
  2⤵
  PID:2028
- C:\Windows\System\gqruXSA.exe
  C:\Windows\System\gqruXSA.exe
  2⤵
  PID:2076
- C:\Windows\System\ulBJoED.exe
  C:\Windows\System\ulBJoED.exe
  2⤵
  PID:2336
- C:\Windows\System\VtBvEeK.exe
  C:\Windows\System\VtBvEeK.exe
  2⤵
  PID:1656
- C:\Windows\System\szzmkPx.exe
  C:\Windows\System\szzmkPx.exe
  2⤵
  PID:2072
- C:\Windows\System\krkUdgp.exe
  C:\Windows\System\krkUdgp.exe
  2⤵
  PID:3048
- C:\Windows\System\RhNXPcs.exe
  C:\Windows\System\RhNXPcs.exe
  2⤵
  PID:2448
- C:\Windows\System\iDDMnfj.exe
  C:\Windows\System\iDDMnfj.exe
  2⤵
  PID:3080
- C:\Windows\System\DaildPV.exe
  C:\Windows\System\DaildPV.exe
  2⤵
  PID:3132
- C:\Windows\System\qfbAvFj.exe
  C:\Windows\System\qfbAvFj.exe
  2⤵
  PID:3240
- C:\Windows\System\rxqeEwZ.exe
  C:\Windows\System\rxqeEwZ.exe
  2⤵
  PID:3640
- C:\Windows\System\ldHJJqa.exe
  C:\Windows\System\ldHJJqa.exe
  2⤵
  PID:3672
- C:\Windows\System\ObfDZiX.exe
  C:\Windows\System\ObfDZiX.exe
  2⤵
  PID:3736
- C:\Windows\System\mombLRV.exe
  C:\Windows\System\mombLRV.exe
  2⤵
  PID:3560
- C:\Windows\System\qQwkJSw.exe
  C:\Windows\System\qQwkJSw.exe
  2⤵
  PID:3624
- C:\Windows\System\eIqUKDg.exe
  C:\Windows\System\eIqUKDg.exe
  2⤵
  PID:3688
- C:\Windows\System\VbVSbwY.exe
  C:\Windows\System\VbVSbwY.exe
  2⤵
  PID:3724
- C:\Windows\System\JduRALV.exe
  C:\Windows\System\JduRALV.exe
  2⤵
  PID:3836
- C:\Windows\System\KzThGky.exe
  C:\Windows\System\KzThGky.exe
  2⤵
  PID:3900
- C:\Windows\System\aPkvGkO.exe
  C:\Windows\System\aPkvGkO.exe
  2⤵
  PID:3888
- C:\Windows\System\cyxGcdg.exe
  C:\Windows\System\cyxGcdg.exe
  2⤵
  PID:3824
- C:\Windows\System\DRkSyCe.exe
  C:\Windows\System\DRkSyCe.exe
  2⤵
  PID:3756
- C:\Windows\System\EVVyhry.exe
  C:\Windows\System\EVVyhry.exe
  2⤵
  PID:3972
- C:\Windows\System\qMRIBtw.exe
  C:\Windows\System\qMRIBtw.exe
  2⤵
  PID:4036
- C:\Windows\System\KenZLnL.exe
  C:\Windows\System\KenZLnL.exe
  2⤵
  PID:2464
- C:\Windows\System\SpBtlju.exe
  C:\Windows\System\SpBtlju.exe
  2⤵
  PID:2860
- C:\Windows\System\ZqRmFnX.exe
  C:\Windows\System\ZqRmFnX.exe
  2⤵
  PID:788
- C:\Windows\System\KDOZHeX.exe
  C:\Windows\System\KDOZHeX.exe
  2⤵
  PID:3952
- C:\Windows\System\TduZfCh.exe
  C:\Windows\System\TduZfCh.exe
  2⤵
  PID:4016
- C:\Windows\System\GEvqyaE.exe
  C:\Windows\System\GEvqyaE.exe
  2⤵
  PID:4048
- C:\Windows\System\IeGhtDj.exe
  C:\Windows\System\IeGhtDj.exe
  2⤵
  PID:2968
- C:\Windows\System\enGfbka.exe
  C:\Windows\System\enGfbka.exe
  2⤵
  PID:1204
- C:\Windows\System\VyJEuxq.exe
  C:\Windows\System\VyJEuxq.exe
  2⤵
  PID:3164
- C:\Windows\System\fYiUtfm.exe
  C:\Windows\System\fYiUtfm.exe
  2⤵
  PID:3388
- C:\Windows\System\hMPPgPk.exe
  C:\Windows\System\hMPPgPk.exe
  2⤵
  PID:3452
- C:\Windows\System\SRyjZBu.exe
  C:\Windows\System\SRyjZBu.exe
  2⤵
  PID:3308
- C:\Windows\System\vJjynku.exe
  C:\Windows\System\vJjynku.exe
  2⤵
  PID:3372
- C:\Windows\System\JSZIhLP.exe
  C:\Windows\System\JSZIhLP.exe
  2⤵
  PID:3436
- C:\Windows\System\ETPWqtZ.exe
  C:\Windows\System\ETPWqtZ.exe
  2⤵
  PID:2816
- C:\Windows\System\FiiwzVt.exe
  C:\Windows\System\FiiwzVt.exe
  2⤵
  PID:2444
- C:\Windows\System\NQVLlwK.exe
  C:\Windows\System\NQVLlwK.exe
  2⤵
  PID:3592
- C:\Windows\System\wuTKRpF.exe
  C:\Windows\System\wuTKRpF.exe
  2⤵
  PID:3872
- C:\Windows\System\DICGOfA.exe
  C:\Windows\System\DICGOfA.exe
  2⤵
  PID:3852
- C:\Windows\System\qpWAzVG.exe
  C:\Windows\System\qpWAzVG.exe
  2⤵
  PID:2312
- C:\Windows\System\PuPMxqU.exe
  C:\Windows\System\PuPMxqU.exe
  2⤵
  PID:3628
- C:\Windows\System\MiRyceh.exe
  C:\Windows\System\MiRyceh.exe
  2⤵
  PID:2328
- C:\Windows\System\lAVUSrX.exe
  C:\Windows\System\lAVUSrX.exe
  2⤵
  PID:3924
- C:\Windows\System\cMgoXEl.exe
  C:\Windows\System\cMgoXEl.exe
  2⤵
  PID:4112
- C:\Windows\System\AUmCkkh.exe
  C:\Windows\System\AUmCkkh.exe
  2⤵
  PID:4128
- C:\Windows\System\uaPNOlF.exe
  C:\Windows\System\uaPNOlF.exe
  2⤵
  PID:4144
- C:\Windows\System\rKtHNcD.exe
  C:\Windows\System\rKtHNcD.exe
  2⤵
  PID:4160
- C:\Windows\System\MOvgGDh.exe
  C:\Windows\System\MOvgGDh.exe
  2⤵
  PID:4176
- C:\Windows\System\PpITtEl.exe
  C:\Windows\System\PpITtEl.exe
  2⤵
  PID:4192
- C:\Windows\System\NhlZDdB.exe
  C:\Windows\System\NhlZDdB.exe
  2⤵
  PID:4208
- C:\Windows\System\WYPBJzX.exe
  C:\Windows\System\WYPBJzX.exe
  2⤵
  PID:4224
- C:\Windows\System\VZaervM.exe
  C:\Windows\System\VZaervM.exe
  2⤵
  PID:4240
- C:\Windows\System\flpbAus.exe
  C:\Windows\System\flpbAus.exe
  2⤵
  PID:4256
- C:\Windows\System\TAIFAjA.exe
  C:\Windows\System\TAIFAjA.exe
  2⤵
  PID:4272
- C:\Windows\System\jFrdkKM.exe
  C:\Windows\System\jFrdkKM.exe
  2⤵
  PID:4288
- C:\Windows\System\NMYcJgC.exe
  C:\Windows\System\NMYcJgC.exe
  2⤵
  PID:4304
- C:\Windows\System\YrRxqCS.exe
  C:\Windows\System\YrRxqCS.exe
  2⤵
  PID:4320
- C:\Windows\System\JpVpGIg.exe
  C:\Windows\System\JpVpGIg.exe
  2⤵
  PID:4336
- C:\Windows\System\SmXGKIG.exe
  C:\Windows\System\SmXGKIG.exe
  2⤵
  PID:4352
- C:\Windows\System\iNItZZQ.exe
  C:\Windows\System\iNItZZQ.exe
  2⤵
  PID:4368
- C:\Windows\System\GoUkoMl.exe
  C:\Windows\System\GoUkoMl.exe
  2⤵
  PID:4384
- C:\Windows\System\FHccSld.exe
  C:\Windows\System\FHccSld.exe
  2⤵
  PID:4400
- C:\Windows\System\OKYgVcJ.exe
  C:\Windows\System\OKYgVcJ.exe
  2⤵
  PID:4416
- C:\Windows\System\jVBOLOw.exe
  C:\Windows\System\jVBOLOw.exe
  2⤵
  PID:4432
- C:\Windows\System\SOSYABW.exe
  C:\Windows\System\SOSYABW.exe
  2⤵
  PID:4448
- C:\Windows\System\oUJRVxF.exe
  C:\Windows\System\oUJRVxF.exe
  2⤵
  PID:4464
- C:\Windows\System\VCIPPvy.exe
  C:\Windows\System\VCIPPvy.exe
  2⤵
  PID:4480
- C:\Windows\System\JDJhTHx.exe
  C:\Windows\System\JDJhTHx.exe
  2⤵
  PID:4496
- C:\Windows\System\rOtqFoJ.exe
  C:\Windows\System\rOtqFoJ.exe
  2⤵
  PID:4528
- C:\Windows\System\CjVmPVm.exe
  C:\Windows\System\CjVmPVm.exe
  2⤵
  PID:4544
- C:\Windows\System\DuoIiiF.exe
  C:\Windows\System\DuoIiiF.exe
  2⤵
  PID:4560
- C:\Windows\System\AhAMHfN.exe
  C:\Windows\System\AhAMHfN.exe
  2⤵
  PID:4576
- C:\Windows\System\lIGkQvB.exe
  C:\Windows\System\lIGkQvB.exe
  2⤵
  PID:4592
- C:\Windows\System\QCWAbMF.exe
  C:\Windows\System\QCWAbMF.exe
  2⤵
  PID:4608
- C:\Windows\System\NaNhnrd.exe
  C:\Windows\System\NaNhnrd.exe
  2⤵
  PID:4624
- C:\Windows\System\zKLNyuE.exe
  C:\Windows\System\zKLNyuE.exe
  2⤵
  PID:4640
- C:\Windows\System\HccXTfZ.exe
  C:\Windows\System\HccXTfZ.exe
  2⤵
  PID:4656
- C:\Windows\System\PClIUFY.exe
  C:\Windows\System\PClIUFY.exe
  2⤵
  PID:4672
- C:\Windows\System\DiwScsp.exe
  C:\Windows\System\DiwScsp.exe
  2⤵
  PID:4688
- C:\Windows\System\hibaWjH.exe
  C:\Windows\System\hibaWjH.exe
  2⤵
  PID:4704
- C:\Windows\System\skTnCll.exe
  C:\Windows\System\skTnCll.exe
  2⤵
  PID:4720
- C:\Windows\System\UQUHpci.exe
  C:\Windows\System\UQUHpci.exe
  2⤵
  PID:4736
- C:\Windows\System\xDSwyGn.exe
  C:\Windows\System\xDSwyGn.exe
  2⤵
  PID:4752
- C:\Windows\System\tCdUeWY.exe
  C:\Windows\System\tCdUeWY.exe
  2⤵
  PID:4768
- C:\Windows\System\XCDiwqx.exe
  C:\Windows\System\XCDiwqx.exe
  2⤵
  PID:4784
- C:\Windows\System\ytojeRH.exe
  C:\Windows\System\ytojeRH.exe
  2⤵
  PID:4800
- C:\Windows\System\sEsYzYJ.exe
  C:\Windows\System\sEsYzYJ.exe
  2⤵
  PID:4816
- C:\Windows\System\XDWOsjJ.exe
  C:\Windows\System\XDWOsjJ.exe
  2⤵
  PID:4832
- C:\Windows\System\cOhmZGs.exe
  C:\Windows\System\cOhmZGs.exe
  2⤵
  PID:4848
- C:\Windows\System\FApinyu.exe
  C:\Windows\System\FApinyu.exe
  2⤵
  PID:4864
- C:\Windows\System\YsoWvni.exe
  C:\Windows\System\YsoWvni.exe
  2⤵
  PID:4880
- C:\Windows\System\lIaXKNe.exe
  C:\Windows\System\lIaXKNe.exe
  2⤵
  PID:4896
- C:\Windows\System\dMDfhsu.exe
  C:\Windows\System\dMDfhsu.exe
  2⤵
  PID:4912
- C:\Windows\System\dIZmFHz.exe
  C:\Windows\System\dIZmFHz.exe
  2⤵
  PID:4928
- C:\Windows\System\RTkQVbd.exe
  C:\Windows\System\RTkQVbd.exe
  2⤵
  PID:4944
- C:\Windows\System\sUqtKFg.exe
  C:\Windows\System\sUqtKFg.exe
  2⤵
  PID:4960
- C:\Windows\System\HVrImrk.exe
  C:\Windows\System\HVrImrk.exe
  2⤵
  PID:4976
- C:\Windows\System\WqaiolI.exe
  C:\Windows\System\WqaiolI.exe
  2⤵
  PID:4992
- C:\Windows\System\EToKXJz.exe
  C:\Windows\System\EToKXJz.exe
  2⤵
  PID:5008
- C:\Windows\System\XoqMYhu.exe
  C:\Windows\System\XoqMYhu.exe
  2⤵
  PID:5024
- C:\Windows\System\yTmQWFK.exe
  C:\Windows\System\yTmQWFK.exe
  2⤵
  PID:5040
- C:\Windows\System\qIaacUK.exe
  C:\Windows\System\qIaacUK.exe
  2⤵
  PID:5056
- C:\Windows\System\TtQoPFi.exe
  C:\Windows\System\TtQoPFi.exe
  2⤵
  PID:5072
- C:\Windows\System\cZYIZRu.exe
  C:\Windows\System\cZYIZRu.exe
  2⤵
  PID:5088
- C:\Windows\System\kdcbUOl.exe
  C:\Windows\System\kdcbUOl.exe
  2⤵
  PID:5104
- C:\Windows\System\hyzhgtA.exe
  C:\Windows\System\hyzhgtA.exe
  2⤵
  PID:2456
- C:\Windows\System\jHLfjnm.exe
  C:\Windows\System\jHLfjnm.exe
  2⤵
  PID:3084
- C:\Windows\System\qKtNCJe.exe
  C:\Windows\System\qKtNCJe.exe
  2⤵
  PID:3100
- C:\Windows\System\QBKynRv.exe
  C:\Windows\System\QBKynRv.exe
  2⤵
  PID:3420
- C:\Windows\System\JqJsgbN.exe
  C:\Windows\System\JqJsgbN.exe
  2⤵
  PID:3208
- C:\Windows\System\UPnjoct.exe
  C:\Windows\System\UPnjoct.exe
  2⤵
  PID:3340
- C:\Windows\System\XhxfAaO.exe
  C:\Windows\System\XhxfAaO.exe
  2⤵
  PID:3708
- C:\Windows\System\cASYidC.exe
  C:\Windows\System\cASYidC.exe
  2⤵
  PID:4032
- C:\Windows\System\oNhKTsp.exe
  C:\Windows\System\oNhKTsp.exe
  2⤵
  PID:4120
- C:\Windows\System\bRbqgWs.exe
  C:\Windows\System\bRbqgWs.exe
  2⤵
  PID:1788
- C:\Windows\System\TFMUAfH.exe
  C:\Windows\System\TFMUAfH.exe
  2⤵
  PID:4216
- C:\Windows\System\AExwnSi.exe
  C:\Windows\System\AExwnSi.exe
  2⤵
  PID:4252
- C:\Windows\System\RgRcUHS.exe
  C:\Windows\System\RgRcUHS.exe
  2⤵
  PID:4316
- C:\Windows\System\QviIBEX.exe
  C:\Windows\System\QviIBEX.exe
  2⤵
  PID:4376
- C:\Windows\System\VakKekC.exe
  C:\Windows\System\VakKekC.exe
  2⤵
  PID:4440
- C:\Windows\System\IFSRclX.exe
  C:\Windows\System\IFSRclX.exe
  2⤵
  PID:1764
- C:\Windows\System\goJjkPd.exe
  C:\Windows\System\goJjkPd.exe
  2⤵
  PID:4084
- C:\Windows\System\AkyxEmC.exe
  C:\Windows\System\AkyxEmC.exe
  2⤵
  PID:3356
- C:\Windows\System\SeEtaDZ.exe
  C:\Windows\System\SeEtaDZ.exe
  2⤵
  PID:3516
- C:\Windows\System\oTLdGBA.exe
  C:\Windows\System\oTLdGBA.exe
  2⤵
  PID:3580
- C:\Windows\System\DCmyDUZ.exe
  C:\Windows\System\DCmyDUZ.exe
  2⤵
  PID:3432
- C:\Windows\System\uXeEHqQ.exe
  C:\Windows\System\uXeEHqQ.exe
  2⤵
  PID:3868
- C:\Windows\System\dagMFzu.exe
  C:\Windows\System\dagMFzu.exe
  2⤵
  PID:2052
- C:\Windows\System\UGlnRON.exe
  C:\Windows\System\UGlnRON.exe
  2⤵
  PID:4140
- C:\Windows\System\zgiblYv.exe
  C:\Windows\System\zgiblYv.exe
  2⤵
  PID:4472
- C:\Windows\System\ZlgPevr.exe
  C:\Windows\System\ZlgPevr.exe
  2⤵
  PID:4300
- C:\Windows\System\ODQXcmI.exe
  C:\Windows\System\ODQXcmI.exe
  2⤵
  PID:4364
- C:\Windows\System\MEYpPAE.exe
  C:\Windows\System\MEYpPAE.exe
  2⤵
  PID:4428
- C:\Windows\System\vtFPSxg.exe
  C:\Windows\System\vtFPSxg.exe
  2⤵
  PID:4488
- C:\Windows\System\RfqixSU.exe
  C:\Windows\System\RfqixSU.exe
  2⤵
  PID:4264
- C:\Windows\System\oaGVMlL.exe
  C:\Windows\System\oaGVMlL.exe
  2⤵
  PID:4556
- C:\Windows\System\aNdSKqZ.exe
  C:\Windows\System\aNdSKqZ.exe
  2⤵
  PID:4540
- C:\Windows\System\lBaKgiq.exe
  C:\Windows\System\lBaKgiq.exe
  2⤵
  PID:4600
- C:\Windows\System\VNDVURZ.exe
  C:\Windows\System\VNDVURZ.exe
  2⤵
  PID:4680
- C:\Windows\System\mEsjzMD.exe
  C:\Windows\System\mEsjzMD.exe
  2⤵
  PID:4636
- C:\Windows\System\ObVomSh.exe
  C:\Windows\System\ObVomSh.exe
  2⤵
  PID:4744
- C:\Windows\System\nBunEEM.exe
  C:\Windows\System\nBunEEM.exe
  2⤵
  PID:4728
- C:\Windows\System\chMQPLP.exe
  C:\Windows\System\chMQPLP.exe
  2⤵
  PID:4808
- C:\Windows\System\wIbxRKc.exe
  C:\Windows\System\wIbxRKc.exe
  2⤵
  PID:4840
- C:\Windows\System\TzppdPY.exe
  C:\Windows\System\TzppdPY.exe
  2⤵
  PID:4796
- C:\Windows\System\FIYYzgz.exe
  C:\Windows\System\FIYYzgz.exe
  2⤵
  PID:4828
- C:\Windows\System\mjUsClj.exe
  C:\Windows\System\mjUsClj.exe
  2⤵
  PID:4940
- C:\Windows\System\XUJAwBp.exe
  C:\Windows\System\XUJAwBp.exe
  2⤵
  PID:4860
- C:\Windows\System\cwaDwav.exe
  C:\Windows\System\cwaDwav.exe
  2⤵
  PID:4924
- C:\Windows\System\fHlEerr.exe
  C:\Windows\System\fHlEerr.exe
  2⤵
  PID:4956
- C:\Windows\System\eyLIKnh.exe
  C:\Windows\System\eyLIKnh.exe
  2⤵
  PID:4988
- C:\Windows\System\lGbSHVc.exe
  C:\Windows\System\lGbSHVc.exe
  2⤵
  PID:5016
- C:\Windows\System\MGoMjno.exe
  C:\Windows\System\MGoMjno.exe
  2⤵
  PID:5096
- C:\Windows\System\CsyGpgt.exe
  C:\Windows\System\CsyGpgt.exe
  2⤵
  PID:5084
- C:\Windows\System\wfcGEvY.exe
  C:\Windows\System\wfcGEvY.exe
  2⤵
  PID:1808
- C:\Windows\System\GZGAZIk.exe
  C:\Windows\System\GZGAZIk.exe
  2⤵
  PID:2468
- C:\Windows\System\CUAmnHX.exe
  C:\Windows\System\CUAmnHX.exe
  2⤵
  PID:3448
- C:\Windows\System\PtGnImb.exe
  C:\Windows\System\PtGnImb.exe
  2⤵
  PID:3176
- C:\Windows\System\AGkzDIG.exe
  C:\Windows\System\AGkzDIG.exe
  2⤵
  PID:3468
- C:\Windows\System\TEXewmO.exe
  C:\Windows\System\TEXewmO.exe
  2⤵
  PID:4348
- C:\Windows\System\pIBwZZI.exe
  C:\Windows\System\pIBwZZI.exe
  2⤵
  PID:3112
- C:\Windows\System\SbDkyhn.exe
  C:\Windows\System\SbDkyhn.exe
  2⤵
  PID:3324
- C:\Windows\System\cVnpvBM.exe
  C:\Windows\System\cVnpvBM.exe
  2⤵
  PID:2880
- C:\Windows\System\YDWQNaM.exe
  C:\Windows\System\YDWQNaM.exe
  2⤵
  PID:3720
- C:\Windows\System\ioFDdmx.exe
  C:\Windows\System\ioFDdmx.exe
  2⤵
  PID:4412
- C:\Windows\System\VfChGyF.exe
  C:\Windows\System\VfChGyF.exe
  2⤵
  PID:3484
- C:\Windows\System\PHpLUOV.exe
  C:\Windows\System\PHpLUOV.exe
  2⤵
  PID:4396
- C:\Windows\System\KzzrlcP.exe
  C:\Windows\System\KzzrlcP.exe
  2⤵
  PID:2424
- C:\Windows\System\toNUHUM.exe
  C:\Windows\System\toNUHUM.exe
  2⤵
  PID:4476
- C:\Windows\System\dyEKWpc.exe
  C:\Windows\System\dyEKWpc.exe
  2⤵
  PID:4360
- C:\Windows\System\VMCAjmg.exe
  C:\Windows\System\VMCAjmg.exe
  2⤵
  PID:4584
- C:\Windows\System\XMCPlfR.exe
  C:\Windows\System\XMCPlfR.exe
  2⤵
  PID:4648
- C:\Windows\System\ZJHYGqy.exe
  C:\Windows\System\ZJHYGqy.exe
  2⤵
  PID:4568
- C:\Windows\System\kgECEWY.exe
  C:\Windows\System\kgECEWY.exe
  2⤵
  PID:860
- C:\Windows\System\PIWEvGy.exe
  C:\Windows\System\PIWEvGy.exe
  2⤵
  PID:2744
- C:\Windows\System\HyFBtuj.exe
  C:\Windows\System\HyFBtuj.exe
  2⤵
  PID:4844
- C:\Windows\System\leEzEYm.exe
  C:\Windows\System\leEzEYm.exe
  2⤵
  PID:4936
- C:\Windows\System\KRAAQNc.exe
  C:\Windows\System\KRAAQNc.exe
  2⤵
  PID:4856
- C:\Windows\System\ZgUKlds.exe
  C:\Windows\System\ZgUKlds.exe
  2⤵
  PID:4572
- C:\Windows\System\liGLSpL.exe
  C:\Windows\System\liGLSpL.exe
  2⤵
  PID:5064
- C:\Windows\System\jamQAqc.exe
  C:\Windows\System\jamQAqc.exe
  2⤵
  PID:2376
- C:\Windows\System\VjrrHjI.exe
  C:\Windows\System\VjrrHjI.exe
  2⤵
  PID:2680
- C:\Windows\System\zaIouMn.exe
  C:\Windows\System\zaIouMn.exe
  2⤵
  PID:3416
- C:\Windows\System\hSTXhbO.exe
  C:\Windows\System\hSTXhbO.exe
  2⤵
  PID:4156
- C:\Windows\System\bkjuqKG.exe
  C:\Windows\System\bkjuqKG.exe
  2⤵
  PID:4020
- C:\Windows\System\UaMCnJT.exe
  C:\Windows\System\UaMCnJT.exe
  2⤵
  PID:2876
- C:\Windows\System\TYXvJUW.exe
  C:\Windows\System\TYXvJUW.exe
  2⤵
  PID:3576
- C:\Windows\System\xDwPQXv.exe
  C:\Windows\System\xDwPQXv.exe
  2⤵
  PID:4268
- C:\Windows\System\UMYRLaK.exe
  C:\Windows\System\UMYRLaK.exe
  2⤵
  PID:3404
- C:\Windows\System\JfiDUgN.exe
  C:\Windows\System\JfiDUgN.exe
  2⤵
  PID:4524
- C:\Windows\System\kUJlaPY.exe
  C:\Windows\System\kUJlaPY.exe
  2⤵
  PID:5132
- C:\Windows\System\MekclrY.exe
  C:\Windows\System\MekclrY.exe
  2⤵
  PID:5148
- C:\Windows\System\whnTvJO.exe
  C:\Windows\System\whnTvJO.exe
  2⤵
  PID:5164
- C:\Windows\System\YtzqLVj.exe
  C:\Windows\System\YtzqLVj.exe
  2⤵
  PID:5180
- C:\Windows\System\mLBqDDd.exe
  C:\Windows\System\mLBqDDd.exe
  2⤵
  PID:5196
- C:\Windows\System\aThytyh.exe
  C:\Windows\System\aThytyh.exe
  2⤵
  PID:5212
- C:\Windows\System\ZomcwJf.exe
  C:\Windows\System\ZomcwJf.exe
  2⤵
  PID:5228
- C:\Windows\System\dBOsEFC.exe
  C:\Windows\System\dBOsEFC.exe
  2⤵
  PID:5244
- C:\Windows\System\SIvRkHQ.exe
  C:\Windows\System\SIvRkHQ.exe
  2⤵
  PID:5260
- C:\Windows\System\sxqGsOl.exe
  C:\Windows\System\sxqGsOl.exe
  2⤵
  PID:5276
- C:\Windows\System\ltgiykO.exe
  C:\Windows\System\ltgiykO.exe
  2⤵
  PID:5292
- C:\Windows\System\gPVpaaN.exe
  C:\Windows\System\gPVpaaN.exe
  2⤵
  PID:5308
- C:\Windows\System\izzVnzl.exe
  C:\Windows\System\izzVnzl.exe
  2⤵
  PID:5324
- C:\Windows\System\gipmNjS.exe
  C:\Windows\System\gipmNjS.exe
  2⤵
  PID:5340
- C:\Windows\System\iMsAPVJ.exe
  C:\Windows\System\iMsAPVJ.exe
  2⤵
  PID:5356
- C:\Windows\System\yfYgOeG.exe
  C:\Windows\System\yfYgOeG.exe
  2⤵
  PID:5372
- C:\Windows\System\ikgoDwa.exe
  C:\Windows\System\ikgoDwa.exe
  2⤵
  PID:5388
- C:\Windows\System\QEqOXdl.exe
  C:\Windows\System\QEqOXdl.exe
  2⤵
  PID:5404
- C:\Windows\System\lWvNZYU.exe
  C:\Windows\System\lWvNZYU.exe
  2⤵
  PID:5420
- C:\Windows\System\EDvCfbu.exe
  C:\Windows\System\EDvCfbu.exe
  2⤵
  PID:5436
- C:\Windows\System\cdgwxAj.exe
  C:\Windows\System\cdgwxAj.exe
  2⤵
  PID:5452
- C:\Windows\System\cqptrKt.exe
  C:\Windows\System\cqptrKt.exe
  2⤵
  PID:5468
- C:\Windows\System\jZuGOmN.exe
  C:\Windows\System\jZuGOmN.exe
  2⤵
  PID:5484
- C:\Windows\System\ViUMche.exe
  C:\Windows\System\ViUMche.exe
  2⤵
  PID:5500
- C:\Windows\System\WlVUdAC.exe
  C:\Windows\System\WlVUdAC.exe
  2⤵
  PID:5516
- C:\Windows\System\QzHceyu.exe
  C:\Windows\System\QzHceyu.exe
  2⤵
  PID:5532
- C:\Windows\System\OzvgtTC.exe
  C:\Windows\System\OzvgtTC.exe
  2⤵
  PID:5548
- C:\Windows\System\qdzLQZS.exe
  C:\Windows\System\qdzLQZS.exe
  2⤵
  PID:5564
- C:\Windows\System\pIJCoOq.exe
  C:\Windows\System\pIJCoOq.exe
  2⤵
  PID:5580
- C:\Windows\System\mipyxhX.exe
  C:\Windows\System\mipyxhX.exe
  2⤵
  PID:5596
- C:\Windows\System\gzOwbuP.exe
  C:\Windows\System\gzOwbuP.exe
  2⤵
  PID:5612
- C:\Windows\System\qBRkaCv.exe
  C:\Windows\System\qBRkaCv.exe
  2⤵
  PID:5628
- C:\Windows\System\mloGGDi.exe
  C:\Windows\System\mloGGDi.exe
  2⤵
  PID:5644
- C:\Windows\System\OfuXKeM.exe
  C:\Windows\System\OfuXKeM.exe
  2⤵
  PID:5660
- C:\Windows\System\nwUsZJe.exe
  C:\Windows\System\nwUsZJe.exe
  2⤵
  PID:5676
- C:\Windows\System\VTjkunb.exe
  C:\Windows\System\VTjkunb.exe
  2⤵
  PID:5692
- C:\Windows\System\RJbwxKZ.exe
  C:\Windows\System\RJbwxKZ.exe
  2⤵
  PID:5708
- C:\Windows\System\QhKKiWP.exe
  C:\Windows\System\QhKKiWP.exe
  2⤵
  PID:5724
- C:\Windows\System\UjBhsLb.exe
  C:\Windows\System\UjBhsLb.exe
  2⤵
  PID:5740
- C:\Windows\System\pQQTzIN.exe
  C:\Windows\System\pQQTzIN.exe
  2⤵
  PID:5756
- C:\Windows\System\BEvHhxG.exe
  C:\Windows\System\BEvHhxG.exe
  2⤵
  PID:5772
- C:\Windows\System\gQrqsUi.exe
  C:\Windows\System\gQrqsUi.exe
  2⤵
  PID:5788
- C:\Windows\System\njmSXxo.exe
  C:\Windows\System\njmSXxo.exe
  2⤵
  PID:5804
- C:\Windows\System\gbFfool.exe
  C:\Windows\System\gbFfool.exe
  2⤵
  PID:5820
- C:\Windows\System\ovfFNGd.exe
  C:\Windows\System\ovfFNGd.exe
  2⤵
  PID:5836
- C:\Windows\System\CqWzxAy.exe
  C:\Windows\System\CqWzxAy.exe
  2⤵
  PID:5852
- C:\Windows\System\vPDSuzs.exe
  C:\Windows\System\vPDSuzs.exe
  2⤵
  PID:5872
- C:\Windows\System\kJFjQMX.exe
  C:\Windows\System\kJFjQMX.exe
  2⤵
  PID:5888
- C:\Windows\System\lNYVTKE.exe
  C:\Windows\System\lNYVTKE.exe
  2⤵
  PID:5904
- C:\Windows\System\YRuyQtX.exe
  C:\Windows\System\YRuyQtX.exe
  2⤵
  PID:5920
- C:\Windows\System\bZdDGCn.exe
  C:\Windows\System\bZdDGCn.exe
  2⤵
  PID:5936
- C:\Windows\System\OMkjilc.exe
  C:\Windows\System\OMkjilc.exe
  2⤵
  PID:5952
- C:\Windows\System\XFfRRoE.exe
  C:\Windows\System\XFfRRoE.exe
  2⤵
  PID:5968
- C:\Windows\System\JiDHhxh.exe
  C:\Windows\System\JiDHhxh.exe
  2⤵
  PID:5984
- C:\Windows\System\RpBzEKm.exe
  C:\Windows\System\RpBzEKm.exe
  2⤵
  PID:6000
- C:\Windows\System\UYiBswJ.exe
  C:\Windows\System\UYiBswJ.exe
  2⤵
  PID:6016
- C:\Windows\System\JQuxYTu.exe
  C:\Windows\System\JQuxYTu.exe
  2⤵
  PID:6032
- C:\Windows\System\eETYire.exe
  C:\Windows\System\eETYire.exe
  2⤵
  PID:6048
- C:\Windows\System\YbnYZdi.exe
  C:\Windows\System\YbnYZdi.exe
  2⤵
  PID:6064
- C:\Windows\System\AdLpKML.exe
  C:\Windows\System\AdLpKML.exe
  2⤵
  PID:6080
- C:\Windows\System\qvJbYau.exe
  C:\Windows\System\qvJbYau.exe
  2⤵
  PID:6096
- C:\Windows\System\CMDGuCT.exe
  C:\Windows\System\CMDGuCT.exe
  2⤵
  PID:6112
- C:\Windows\System\MQjtGDs.exe
  C:\Windows\System\MQjtGDs.exe
  2⤵
  PID:6128
- C:\Windows\System\FOEbHAJ.exe
  C:\Windows\System\FOEbHAJ.exe
  2⤵
  PID:4460
- C:\Windows\System\dGGfdBH.exe
  C:\Windows\System\dGGfdBH.exe
  2⤵
  PID:4552
- C:\Windows\System\QTtkLXm.exe
  C:\Windows\System\QTtkLXm.exe
  2⤵
  PID:4668
- C:\Windows\System\iRGoxuw.exe
  C:\Windows\System\iRGoxuw.exe
  2⤵
  PID:764
- C:\Windows\System\sSDCUQQ.exe
  C:\Windows\System\sSDCUQQ.exe
  2⤵
  PID:4908
- C:\Windows\System\fyQkzkJ.exe
  C:\Windows\System\fyQkzkJ.exe
  2⤵
  PID:2100
- C:\Windows\System\RIvCvJz.exe
  C:\Windows\System\RIvCvJz.exe
  2⤵
  PID:5048
- C:\Windows\System\LyJKcKu.exe
  C:\Windows\System\LyJKcKu.exe
  2⤵
  PID:2380
- C:\Windows\System\Lotbkqj.exe
  C:\Windows\System\Lotbkqj.exe
  2⤵
  PID:3532
- C:\Windows\System\JqsuwvW.exe
  C:\Windows\System\JqsuwvW.exe
  2⤵
  PID:3272
- C:\Windows\System\dLPuiwn.exe
  C:\Windows\System\dLPuiwn.exe
  2⤵
  PID:2292
- C:\Windows\System\XzeuqXh.exe
  C:\Windows\System\XzeuqXh.exe
  2⤵
  PID:4172
- C:\Windows\System\mywNUkd.exe
  C:\Windows\System\mywNUkd.exe
  2⤵
  PID:5156
- C:\Windows\System\zrNrZlJ.exe
  C:\Windows\System\zrNrZlJ.exe
  2⤵
  PID:5188
- C:\Windows\System\xAdqbtI.exe
  C:\Windows\System\xAdqbtI.exe
  2⤵
  PID:5220
- C:\Windows\System\urwcrgB.exe
  C:\Windows\System\urwcrgB.exe
  2⤵
  PID:5256
- C:\Windows\System\LmAxyZh.exe
  C:\Windows\System\LmAxyZh.exe
  2⤵
  PID:5288
- C:\Windows\System\MIkALHP.exe
  C:\Windows\System\MIkALHP.exe
  2⤵
  PID:5300
- C:\Windows\System\hbifrBF.exe
  C:\Windows\System\hbifrBF.exe
  2⤵
  PID:5348
- C:\Windows\System\BFgpByy.exe
  C:\Windows\System\BFgpByy.exe
  2⤵
  PID:5380
- C:\Windows\System\NnyarnH.exe
  C:\Windows\System\NnyarnH.exe
  2⤵
  PID:5412
- C:\Windows\System\KpyWqDn.exe
  C:\Windows\System\KpyWqDn.exe
  2⤵
  PID:5448
- C:\Windows\System\kJggWJZ.exe
  C:\Windows\System\kJggWJZ.exe
  2⤵
  PID:5476
- C:\Windows\System\CnDhkOP.exe
  C:\Windows\System\CnDhkOP.exe
  2⤵
  PID:5464
- C:\Windows\System\folQNPq.exe
  C:\Windows\System\folQNPq.exe
  2⤵
  PID:5540
- C:\Windows\System\BLjKdwx.exe
  C:\Windows\System\BLjKdwx.exe
  2⤵
  PID:5528
- C:\Windows\System\zbIyzIr.exe
  C:\Windows\System\zbIyzIr.exe
  2⤵
  PID:1676
- C:\Windows\System\jINJYRZ.exe
  C:\Windows\System\jINJYRZ.exe
  2⤵
  PID:5560
- C:\Windows\System\NuoxLvB.exe
  C:\Windows\System\NuoxLvB.exe
  2⤵
  PID:6152
- C:\Windows\System\eoUQLPv.exe
  C:\Windows\System\eoUQLPv.exe
  2⤵
  PID:6528
- C:\Windows\System\BzQaZog.exe
  C:\Windows\System\BzQaZog.exe
  2⤵
  PID:6544
- C:\Windows\System\WQRxKxy.exe
  C:\Windows\System\WQRxKxy.exe
  2⤵
  PID:6560
- C:\Windows\System\JHuLSZT.exe
  C:\Windows\System\JHuLSZT.exe
  2⤵
  PID:6576
- C:\Windows\System\qxYvBdz.exe
  C:\Windows\System\qxYvBdz.exe
  2⤵
  PID:6592
- C:\Windows\System\GjCuGyV.exe
  C:\Windows\System\GjCuGyV.exe
  2⤵
  PID:6608
- C:\Windows\System\yIlqmfl.exe
  C:\Windows\System\yIlqmfl.exe
  2⤵
  PID:6624
- C:\Windows\System\ugbBqTa.exe
  C:\Windows\System\ugbBqTa.exe
  2⤵
  PID:6640
- C:\Windows\System\rwZFOqC.exe
  C:\Windows\System\rwZFOqC.exe
  2⤵
  PID:6656
- C:\Windows\System\ujhgFop.exe
  C:\Windows\System\ujhgFop.exe
  2⤵
  PID:6672
- C:\Windows\System\CgfLgoS.exe
  C:\Windows\System\CgfLgoS.exe
  2⤵
  PID:6688
- C:\Windows\System\twQUaKI.exe
  C:\Windows\System\twQUaKI.exe
  2⤵
  PID:6704
- C:\Windows\System\KmfsrGg.exe
  C:\Windows\System\KmfsrGg.exe
  2⤵
  PID:6720
- C:\Windows\System\QTyEGvS.exe
  C:\Windows\System\QTyEGvS.exe
  2⤵
  PID:6736
- C:\Windows\System\FeuhTzV.exe
  C:\Windows\System\FeuhTzV.exe
  2⤵
  PID:6752
- C:\Windows\System\VotWCCU.exe
  C:\Windows\System\VotWCCU.exe
  2⤵
  PID:6768
- C:\Windows\System\vsFuWWf.exe
  C:\Windows\System\vsFuWWf.exe
  2⤵
  PID:6784
- C:\Windows\System\JMiPWro.exe
  C:\Windows\System\JMiPWro.exe
  2⤵
  PID:6800
- C:\Windows\System\eMEiCgh.exe
  C:\Windows\System\eMEiCgh.exe
  2⤵
  PID:6816
- C:\Windows\System\djgfarN.exe
  C:\Windows\System\djgfarN.exe
  2⤵
  PID:6836
- C:\Windows\System\eDZEDIr.exe
  C:\Windows\System\eDZEDIr.exe
  2⤵
  PID:6852
- C:\Windows\System\ZWVSdMv.exe
  C:\Windows\System\ZWVSdMv.exe
  2⤵
  PID:6868
- C:\Windows\System\tgGoExt.exe
  C:\Windows\System\tgGoExt.exe
  2⤵
  PID:6884
- C:\Windows\System\pAqHUjJ.exe
  C:\Windows\System\pAqHUjJ.exe
  2⤵
  PID:6900
- C:\Windows\System\aQbTQoD.exe
  C:\Windows\System\aQbTQoD.exe
  2⤵
  PID:6916
- C:\Windows\System\wqQQMbR.exe
  C:\Windows\System\wqQQMbR.exe
  2⤵
  PID:6932
- C:\Windows\System\kjRJSyP.exe
  C:\Windows\System\kjRJSyP.exe
  2⤵
  PID:6948
- C:\Windows\System\FPzxQgb.exe
  C:\Windows\System\FPzxQgb.exe
  2⤵
  PID:6964
- C:\Windows\System\lDkkOjK.exe
  C:\Windows\System\lDkkOjK.exe
  2⤵
  PID:6980
- C:\Windows\System\HohjDqZ.exe
  C:\Windows\System\HohjDqZ.exe
  2⤵
  PID:6996
- C:\Windows\System\wPgjgiJ.exe
  C:\Windows\System\wPgjgiJ.exe
  2⤵
  PID:7012
- C:\Windows\System\JTCOFms.exe
  C:\Windows\System\JTCOFms.exe
  2⤵
  PID:7028
- C:\Windows\System\JntfmwF.exe
  C:\Windows\System\JntfmwF.exe
  2⤵
  PID:7044
- C:\Windows\System\yaCyEmh.exe
  C:\Windows\System\yaCyEmh.exe
  2⤵
  PID:7060
- C:\Windows\System\kewPcoa.exe
  C:\Windows\System\kewPcoa.exe
  2⤵
  PID:7076
- C:\Windows\System\IXfuMLk.exe
  C:\Windows\System\IXfuMLk.exe
  2⤵
  PID:7092
- C:\Windows\System\cTkWYGS.exe
  C:\Windows\System\cTkWYGS.exe
  2⤵
  PID:7108
- C:\Windows\System\kHAHdIX.exe
  C:\Windows\System\kHAHdIX.exe
  2⤵
  PID:7124
- C:\Windows\System\PNHScZw.exe
  C:\Windows\System\PNHScZw.exe
  2⤵
  PID:7140
- C:\Windows\System\PXeATRP.exe
  C:\Windows\System\PXeATRP.exe
  2⤵
  PID:7156
- C:\Windows\System\BLZJlIW.exe
  C:\Windows\System\BLZJlIW.exe
  2⤵
  PID:3788
- C:\Windows\System\uMocKqz.exe
  C:\Windows\System\uMocKqz.exe
  2⤵
  PID:5140
- C:\Windows\System\ZGuLmzM.exe
  C:\Windows\System\ZGuLmzM.exe
  2⤵
  PID:5240
- C:\Windows\System\dcGGuKg.exe
  C:\Windows\System\dcGGuKg.exe
  2⤵
  PID:5384
- C:\Windows\System\rQlUApR.exe
  C:\Windows\System\rQlUApR.exe
  2⤵
  PID:5512
- C:\Windows\System\LnjGzCc.exe
  C:\Windows\System\LnjGzCc.exe
  2⤵
  PID:5636
- C:\Windows\System\QEAEiRJ.exe
  C:\Windows\System\QEAEiRJ.exe
  2⤵
  PID:5668
- C:\Windows\System\WEKuGMb.exe
  C:\Windows\System\WEKuGMb.exe
  2⤵
  PID:5704
- C:\Windows\System\ltEhCTo.exe
  C:\Windows\System\ltEhCTo.exe
  2⤵
  PID:5720
- C:\Windows\System\FqtbmVv.exe
  C:\Windows\System\FqtbmVv.exe
  2⤵
  PID:2188
- C:\Windows\System\TICyWAM.exe
  C:\Windows\System\TICyWAM.exe
  2⤵
  PID:5732
- C:\Windows\System\fQeBGIv.exe
  C:\Windows\System\fQeBGIv.exe
  2⤵
  PID:5684
- C:\Windows\System\wfTOUsh.exe
  C:\Windows\System\wfTOUsh.exe
  2⤵
  PID:5780
- C:\Windows\System\nnnzekN.exe
  C:\Windows\System\nnnzekN.exe
  2⤵
  PID:5812
- C:\Windows\System\oUgbGfN.exe
  C:\Windows\System\oUgbGfN.exe
  2⤵
  PID:5932
- C:\Windows\System\FLRGviV.exe
  C:\Windows\System\FLRGviV.exe
  2⤵
  PID:2864
- C:\Windows\System\mTFEjOO.exe
  C:\Windows\System\mTFEjOO.exe
  2⤵
  PID:5964
- C:\Windows\System\ZjDnNjk.exe
  C:\Windows\System\ZjDnNjk.exe
  2⤵
  PID:5944
- C:\Windows\System\hoebvyA.exe
  C:\Windows\System\hoebvyA.exe
  2⤵
  PID:6040
- C:\Windows\System\atvKcCM.exe
  C:\Windows\System\atvKcCM.exe
  2⤵
  PID:6092
- C:\Windows\System\nWxtalC.exe
  C:\Windows\System\nWxtalC.exe
  2⤵
  PID:6072
- C:\Windows\System\yQmraCc.exe
  C:\Windows\System\yQmraCc.exe
  2⤵
  PID:4824
- C:\Windows\System\GGzXsaO.exe
  C:\Windows\System\GGzXsaO.exe
  2⤵
  PID:2692
- C:\Windows\System\eaAFfkB.exe
  C:\Windows\System\eaAFfkB.exe
  2⤵
  PID:4984
- C:\Windows\System\QBdxMrM.exe
  C:\Windows\System\QBdxMrM.exe
  2⤵
  PID:2700
- C:\Windows\System\GwfyWaG.exe
  C:\Windows\System\GwfyWaG.exe
  2⤵
  PID:5268
- C:\Windows\System\pSaZDBu.exe
  C:\Windows\System\pSaZDBu.exe
  2⤵
  PID:5480
- C:\Windows\System\OMUStZO.exe
  C:\Windows\System\OMUStZO.exe
  2⤵
  PID:6172
- C:\Windows\System\wkPtpgO.exe
  C:\Windows\System\wkPtpgO.exe
  2⤵
  PID:6188
- C:\Windows\System\vSkNoHq.exe
  C:\Windows\System\vSkNoHq.exe
  2⤵
  PID:6204
- C:\Windows\System\tEPJLYu.exe
  C:\Windows\System\tEPJLYu.exe
  2⤵
  PID:6220
- C:\Windows\System\qpiPLBx.exe
  C:\Windows\System\qpiPLBx.exe
  2⤵
  PID:6236
- C:\Windows\System\JBdmOam.exe
  C:\Windows\System\JBdmOam.exe
  2⤵
  PID:6252
- C:\Windows\System\OKwQXEj.exe
  C:\Windows\System\OKwQXEj.exe
  2⤵
  PID:6272
- C:\Windows\System\RcukoVQ.exe
  C:\Windows\System\RcukoVQ.exe
  2⤵
  PID:6296
- C:\Windows\System\eeSksBT.exe
  C:\Windows\System\eeSksBT.exe
  2⤵
  PID:6280
- C:\Windows\System\hDEmGps.exe
  C:\Windows\System\hDEmGps.exe
  2⤵
  PID:6320
- C:\Windows\System\sAOEmHZ.exe
  C:\Windows\System\sAOEmHZ.exe
  2⤵
  PID:6336
- C:\Windows\System\BFedkwt.exe
  C:\Windows\System\BFedkwt.exe
  2⤵
  PID:6352
- C:\Windows\System\NIeehdJ.exe
  C:\Windows\System\NIeehdJ.exe
  2⤵
  PID:5604
- C:\Windows\System\QbZRejw.exe
  C:\Windows\System\QbZRejw.exe
  2⤵
  PID:2640
- C:\Windows\System\RyyZbjU.exe
  C:\Windows\System\RyyZbjU.exe
  2⤵
  PID:4764
- C:\Windows\System\NKSacKO.exe
  C:\Windows\System\NKSacKO.exe
  2⤵
  PID:6364
- C:\Windows\System\uIsmOyH.exe
  C:\Windows\System\uIsmOyH.exe
  2⤵
  PID:6380
- C:\Windows\System\hkmBYwY.exe
  C:\Windows\System\hkmBYwY.exe
  2⤵
  PID:6412
- C:\Windows\System\GVFxCMX.exe
  C:\Windows\System\GVFxCMX.exe
  2⤵
  PID:6428
- C:\Windows\System\JryuzLq.exe
  C:\Windows\System\JryuzLq.exe
  2⤵
  PID:6444
- C:\Windows\System\SgxMzao.exe
  C:\Windows\System\SgxMzao.exe
  2⤵
  PID:6460
- C:\Windows\System\ldFtqvD.exe
  C:\Windows\System\ldFtqvD.exe
  2⤵
  PID:6476
- C:\Windows\System\RbdisrS.exe
  C:\Windows\System\RbdisrS.exe
  2⤵
  PID:6492
- C:\Windows\System\wvLzjiY.exe
  C:\Windows\System\wvLzjiY.exe
  2⤵
  PID:6520
- C:\Windows\System\KVyRHJn.exe
  C:\Windows\System\KVyRHJn.exe
  2⤵
  PID:6696
- C:\Windows\System\IltvNez.exe
  C:\Windows\System\IltvNez.exe
  2⤵
  PID:1624
- C:\Windows\System\dmkWKCo.exe
  C:\Windows\System\dmkWKCo.exe
  2⤵
  PID:1152
- C:\Windows\System\jijswZY.exe
  C:\Windows\System\jijswZY.exe
  2⤵
  PID:1732
- C:\Windows\System\WWARNCH.exe
  C:\Windows\System\WWARNCH.exe
  2⤵
  PID:6848
- C:\Windows\System\SeWaCuI.exe
  C:\Windows\System\SeWaCuI.exe
  2⤵
  PID:2652
- C:\Windows\System\MLIjAYE.exe
  C:\Windows\System\MLIjAYE.exe
  2⤵
  PID:3044
- C:\Windows\System\ptmppir.exe
  C:\Windows\System\ptmppir.exe
  2⤵
  PID:1148
- C:\Windows\System\liAYFbz.exe
  C:\Windows\System\liAYFbz.exe
  2⤵
  PID:6940
- C:\Windows\System\yElPFYU.exe
  C:\Windows\System\yElPFYU.exe
  2⤵
  PID:2984
- C:\Windows\System\ZJRShMH.exe
  C:\Windows\System\ZJRShMH.exe
  2⤵
  PID:7036
- C:\Windows\System\jRJSfCe.exe
  C:\Windows\System\jRJSfCe.exe
  2⤵
  PID:6992
- C:\Windows\System\gACqigM.exe
  C:\Windows\System\gACqigM.exe
  2⤵
  PID:7040
- C:\Windows\System\MHEpOpG.exe
  C:\Windows\System\MHEpOpG.exe
  2⤵
  PID:3036
- C:\Windows\System\OptqBJt.exe
  C:\Windows\System\OptqBJt.exe
  2⤵
  PID:7052
- C:\Windows\System\YxwceNS.exe
  C:\Windows\System\YxwceNS.exe
  2⤵
  PID:7132
- C:\Windows\System\cvEjgzV.exe
  C:\Windows\System\cvEjgzV.exe
  2⤵
  PID:7164
- C:\Windows\System\Xlladai.exe
  C:\Windows\System\Xlladai.exe
  2⤵
  PID:7148
- C:\Windows\System\tpDkHTd.exe
  C:\Windows\System\tpDkHTd.exe
  2⤵
  PID:5128
- C:\Windows\System\LJSyXBr.exe
  C:\Windows\System\LJSyXBr.exe
  2⤵
  PID:5332
- C:\Windows\System\WjsVire.exe
  C:\Windows\System\WjsVire.exe
  2⤵
  PID:5624
- C:\Windows\System\fhhupVS.exe
  C:\Windows\System\fhhupVS.exe
  2⤵
  PID:5700
- C:\Windows\System\HZIFVPc.exe
  C:\Windows\System\HZIFVPc.exe
  2⤵
  PID:5752
- C:\Windows\System\csVfjfn.exe
  C:\Windows\System\csVfjfn.exe
  2⤵
  PID:5900
- C:\Windows\System\FDdgcCx.exe
  C:\Windows\System\FDdgcCx.exe
  2⤵
  PID:5880
- C:\Windows\System\yuuMlvl.exe
  C:\Windows\System\yuuMlvl.exe
  2⤵
  PID:5784
- C:\Windows\System\xlKucUd.exe
  C:\Windows\System\xlKucUd.exe
  2⤵
  PID:5912
- C:\Windows\System\xPUtsee.exe
  C:\Windows\System\xPUtsee.exe
  2⤵
  PID:2600
- C:\Windows\System\MDDYUTp.exe
  C:\Windows\System\MDDYUTp.exe
  2⤵
  PID:2392
- C:\Windows\System\NDmlFqJ.exe
  C:\Windows\System\NDmlFqJ.exe
  2⤵
  PID:6056
- C:\Windows\System\WCyYWeo.exe
  C:\Windows\System\WCyYWeo.exe
  2⤵
  PID:6060
- C:\Windows\System\NnzQSCd.exe
  C:\Windows\System\NnzQSCd.exe
  2⤵
  PID:2164
- C:\Windows\System\tHuIeJb.exe
  C:\Windows\System\tHuIeJb.exe
  2⤵
  PID:3884
- C:\Windows\System\rNeFDpw.exe
  C:\Windows\System\rNeFDpw.exe
  2⤵
  PID:2584
- C:\Windows\System\jnWbpwV.exe
  C:\Windows\System\jnWbpwV.exe
  2⤵
  PID:5396
- C:\Windows\System\YDIKUsE.exe
  C:\Windows\System\YDIKUsE.exe
  2⤵
  PID:5172
- C:\Windows\System\aHIyEjX.exe
  C:\Windows\System\aHIyEjX.exe
  2⤵
  PID:6180
- C:\Windows\System\ydPyQrZ.exe
  C:\Windows\System\ydPyQrZ.exe
  2⤵
  PID:2412
- C:\Windows\System\FatUglj.exe
  C:\Windows\System\FatUglj.exe
  2⤵
  PID:6216
- C:\Windows\System\dTpoDsV.exe
  C:\Windows\System\dTpoDsV.exe
  2⤵
  PID:6228
- C:\Windows\System\iOXLzNc.exe
  C:\Windows\System\iOXLzNc.exe
  2⤵
  PID:6300
- C:\Windows\System\SoyQqGi.exe
  C:\Windows\System\SoyQqGi.exe
  2⤵
  PID:6312
- C:\Windows\System\MTbqecz.exe
  C:\Windows\System\MTbqecz.exe
  2⤵
  PID:2484
- C:\Windows\System\OwYdwSl.exe
  C:\Windows\System\OwYdwSl.exe
  2⤵
  PID:1036
- C:\Windows\System\QCFSwGP.exe
  C:\Windows\System\QCFSwGP.exe
  2⤵
  PID:6332
- C:\Windows\System\ALuBMrq.exe
  C:\Windows\System\ALuBMrq.exe
  2⤵
  PID:6108
- C:\Windows\System\KsalDOg.exe
  C:\Windows\System\KsalDOg.exe
  2⤵
  PID:6388
- C:\Windows\System\cBAruyR.exe
  C:\Windows\System\cBAruyR.exe
  2⤵
  PID:6392
- C:\Windows\System\cRFPdEh.exe
  C:\Windows\System\cRFPdEh.exe
  2⤵
  PID:6440
- C:\Windows\System\DxwFuiO.exe
  C:\Windows\System\DxwFuiO.exe
  2⤵
  PID:1348
- C:\Windows\System\grfsVzQ.exe
  C:\Windows\System\grfsVzQ.exe
  2⤵
  PID:2964
- C:\Windows\System\wYdzJfd.exe
  C:\Windows\System\wYdzJfd.exe
  2⤵
  PID:6424
- C:\Windows\System\oheTxSP.exe
  C:\Windows\System\oheTxSP.exe
  2⤵
  PID:6488
- C:\Windows\System\sIXPZLY.exe
  C:\Windows\System\sIXPZLY.exe
  2⤵
  PID:6516
- C:\Windows\System\BRdwdmK.exe
  C:\Windows\System\BRdwdmK.exe
  2⤵
  PID:6368
- C:\Windows\System\wyKtAbj.exe
  C:\Windows\System\wyKtAbj.exe
  2⤵
  PID:1680
- C:\Windows\System\MXullxJ.exe
  C:\Windows\System\MXullxJ.exe
  2⤵
  PID:6588
- C:\Windows\System\nivOOGT.exe
  C:\Windows\System\nivOOGT.exe
  2⤵
  PID:6540
- C:\Windows\System\xzbclQr.exe
  C:\Windows\System\xzbclQr.exe
  2⤵
  PID:6648
- C:\Windows\System\QGydTfz.exe
  C:\Windows\System\QGydTfz.exe
  2⤵
  PID:6748
- C:\Windows\System\WsTCfEV.exe
  C:\Windows\System\WsTCfEV.exe
  2⤵
  PID:6712
- C:\Windows\System\hUJxtnZ.exe
  C:\Windows\System\hUJxtnZ.exe
  2⤵
  PID:6632
- C:\Windows\System\RAytpuN.exe
  C:\Windows\System\RAytpuN.exe
  2⤵
  PID:6728
- C:\Windows\System\VZLvPLB.exe
  C:\Windows\System\VZLvPLB.exe
  2⤵
  PID:6776
- C:\Windows\System\sMXooys.exe
  C:\Windows\System\sMXooys.exe
  2⤵
  PID:6808
- C:\Windows\System\NIKwUPm.exe
  C:\Windows\System\NIKwUPm.exe
  2⤵
  PID:6844
- C:\Windows\System\kfFjnGX.exe
  C:\Windows\System\kfFjnGX.exe
  2⤵
  PID:6876
- C:\Windows\System\JpaZRaa.exe
  C:\Windows\System\JpaZRaa.exe
  2⤵
  PID:6924
- C:\Windows\System\txCAeAk.exe
  C:\Windows\System\txCAeAk.exe
  2⤵
  PID:6976
- C:\Windows\System\CHRthxi.exe
  C:\Windows\System\CHRthxi.exe
  2⤵
  PID:6960
- C:\Windows\System\pgmlwtV.exe
  C:\Windows\System\pgmlwtV.exe
  2⤵
  PID:6892
- C:\Windows\System\XHldkTg.exe
  C:\Windows\System\XHldkTg.exe
  2⤵
  PID:908
- C:\Windows\System\qLmdHru.exe
  C:\Windows\System\qLmdHru.exe
  2⤵
  PID:5236
- C:\Windows\System\jmRkalv.exe
  C:\Windows\System\jmRkalv.exe
  2⤵
  PID:5656
- C:\Windows\System\TlPHHlM.exe
  C:\Windows\System\TlPHHlM.exe
  2⤵
  PID:5764
- C:\Windows\System\KFeKDON.exe
  C:\Windows\System\KFeKDON.exe
  2⤵
  PID:5592
- C:\Windows\System\AJFKSGW.exe
  C:\Windows\System\AJFKSGW.exe
  2⤵
  PID:5848
- C:\Windows\System\DpIwyRl.exe
  C:\Windows\System\DpIwyRl.exe
  2⤵
  PID:6136
- C:\Windows\System\VZZmVOI.exe
  C:\Windows\System\VZZmVOI.exe
  2⤵
  PID:2916
- C:\Windows\System\MJwTeiT.exe
  C:\Windows\System\MJwTeiT.exe
  2⤵
  PID:5352
- C:\Windows\System\sMcgcwx.exe
  C:\Windows\System\sMcgcwx.exe
  2⤵
  PID:6012
- C:\Windows\System\jjtuvcZ.exe
  C:\Windows\System\jjtuvcZ.exe
  2⤵
  PID:6076
- C:\Windows\System\oZStBBF.exe
  C:\Windows\System\oZStBBF.exe
  2⤵
  PID:6184
- C:\Windows\System\hOjKhbn.exe
  C:\Windows\System\hOjKhbn.exe
  2⤵
  PID:6264
- C:\Windows\System\omucaLL.exe
  C:\Windows\System\omucaLL.exe
  2⤵
  PID:6360
- C:\Windows\System\uUoaGcR.exe
  C:\Windows\System\uUoaGcR.exe
  2⤵
  PID:6288
- C:\Windows\System\LnnBFHe.exe
  C:\Windows\System\LnnBFHe.exe
  2⤵
  PID:6104
- C:\Windows\System\iZycjfS.exe
  C:\Windows\System\iZycjfS.exe
  2⤵
  PID:6408
- C:\Windows\System\jReqsJu.exe
  C:\Windows\System\jReqsJu.exe
  2⤵
  PID:2944
- C:\Windows\System\IaNIXJO.exe
  C:\Windows\System\IaNIXJO.exe
  2⤵
  PID:6376
- C:\Windows\System\HOXMkEY.exe
  C:\Windows\System\HOXMkEY.exe
  2⤵
  PID:2160
- C:\Windows\System\NqgVqft.exe
  C:\Windows\System\NqgVqft.exe
  2⤵
  PID:6420
- C:\Windows\System\Fglnuqj.exe
  C:\Windows\System\Fglnuqj.exe
  2⤵
  PID:6700
- C:\Windows\System\mlZJuSY.exe
  C:\Windows\System\mlZJuSY.exe
  2⤵
  PID:6864
- C:\Windows\System\BIgODIS.exe
  C:\Windows\System\BIgODIS.exe
  2⤵
  PID:2932
- C:\Windows\System\Wwisnfh.exe
  C:\Windows\System\Wwisnfh.exe
  2⤵
  PID:7116
- C:\Windows\System\tDYcKTN.exe
  C:\Windows\System\tDYcKTN.exe
  2⤵
  PID:6536
- C:\Windows\System\mYfCJLw.exe
  C:\Windows\System\mYfCJLw.exe
  2⤵
  PID:6744
- C:\Windows\System\wJYytmZ.exe
  C:\Windows\System\wJYytmZ.exe
  2⤵
  PID:6796
- C:\Windows\System\FUamJIE.exe
  C:\Windows\System\FUamJIE.exe
  2⤵
  PID:6972
- C:\Windows\System\wEobVkf.exe
  C:\Windows\System\wEobVkf.exe
  2⤵
  PID:2820
- C:\Windows\System\ajvCmvB.exe
  C:\Windows\System\ajvCmvB.exe
  2⤵
  PID:5672
- C:\Windows\System\ozriGvE.exe
  C:\Windows\System\ozriGvE.exe
  2⤵
  PID:2808
- C:\Windows\System\BGKyKon.exe
  C:\Windows\System\BGKyKon.exe
  2⤵
  PID:1576
- C:\Windows\System\EakgbxP.exe
  C:\Windows\System\EakgbxP.exe
  2⤵
  PID:5160
- C:\Windows\System\aXwArmU.exe
  C:\Windows\System\aXwArmU.exe
  2⤵
  PID:6168
- C:\Windows\System\tyFnuoj.exe
  C:\Windows\System\tyFnuoj.exe
  2⤵
  PID:6404
- C:\Windows\System\WcJOXCJ.exe
  C:\Windows\System\WcJOXCJ.exe
  2⤵
  PID:3020
- C:\Windows\System\NcweOYy.exe
  C:\Windows\System\NcweOYy.exe
  2⤵
  PID:2920
- C:\Windows\System\EwBMhUV.exe
  C:\Windows\System\EwBMhUV.exe
  2⤵
  PID:6584
- C:\Windows\System\PjIjXeK.exe
  C:\Windows\System\PjIjXeK.exe
  2⤵
  PID:6508
- C:\Windows\System\Uhjajcb.exe
  C:\Windows\System\Uhjajcb.exe
  2⤵
  PID:6760
- C:\Windows\System\aPdqgnb.exe
  C:\Windows\System\aPdqgnb.exe
  2⤵
  PID:5844
- C:\Windows\System\LDLmmGV.exe
  C:\Windows\System\LDLmmGV.exe
  2⤵
  PID:700
- C:\Windows\System\tUSbPPe.exe
  C:\Windows\System\tUSbPPe.exe
  2⤵
  PID:7104
- C:\Windows\System\JEUpYIE.exe
  C:\Windows\System\JEUpYIE.exe
  2⤵
  PID:6896
- C:\Windows\System\FetRtCD.exe
  C:\Windows\System\FetRtCD.exe
  2⤵
  PID:2740
- C:\Windows\System\qwipevw.exe
  C:\Windows\System\qwipevw.exe
  2⤵
  PID:6436
- C:\Windows\System\DHQkjId.exe
  C:\Windows\System\DHQkjId.exe
  2⤵
  PID:5544
- C:\Windows\System\FdYnQdY.exe
  C:\Windows\System\FdYnQdY.exe
  2⤵
  PID:7176
- C:\Windows\System\vYaCzYO.exe
  C:\Windows\System\vYaCzYO.exe
  2⤵
  PID:7196
- C:\Windows\System\IfjQdar.exe
  C:\Windows\System\IfjQdar.exe
  2⤵
  PID:7212
- C:\Windows\System\oWDumsS.exe
  C:\Windows\System\oWDumsS.exe
  2⤵
  PID:7228
- C:\Windows\System\FpCBMlH.exe
  C:\Windows\System\FpCBMlH.exe
  2⤵
  PID:7244
- C:\Windows\System\RZBSLEL.exe
  C:\Windows\System\RZBSLEL.exe
  2⤵
  PID:7260
- C:\Windows\System\OqOtYCM.exe
  C:\Windows\System\OqOtYCM.exe
  2⤵
  PID:7276
- C:\Windows\System\TYqmKzu.exe
  C:\Windows\System\TYqmKzu.exe
  2⤵
  PID:7292
- C:\Windows\System\OxkXtLt.exe
  C:\Windows\System\OxkXtLt.exe
  2⤵
  PID:7312
- C:\Windows\System\WFFvcOM.exe
  C:\Windows\System\WFFvcOM.exe
  2⤵
  PID:7328
- C:\Windows\System\BDvKtmL.exe
  C:\Windows\System\BDvKtmL.exe
  2⤵
  PID:7344
- C:\Windows\System\bKXIDWB.exe
  C:\Windows\System\bKXIDWB.exe
  2⤵
  PID:7360
- C:\Windows\System\JRVcuKw.exe
  C:\Windows\System\JRVcuKw.exe
  2⤵
  PID:7376
- C:\Windows\System\zIzgUgu.exe
  C:\Windows\System\zIzgUgu.exe
  2⤵
  PID:7392
- C:\Windows\System\EqOWbzY.exe
  C:\Windows\System\EqOWbzY.exe
  2⤵
  PID:7412
- C:\Windows\System\FasYkjo.exe
  C:\Windows\System\FasYkjo.exe
  2⤵
  PID:7428
- C:\Windows\System\qkOlWlc.exe
  C:\Windows\System\qkOlWlc.exe
  2⤵
  PID:7444
- C:\Windows\System\gzGNpHU.exe
  C:\Windows\System\gzGNpHU.exe
  2⤵
  PID:7460
- C:\Windows\System\mwKzzoo.exe
  C:\Windows\System\mwKzzoo.exe
  2⤵
  PID:7476
- C:\Windows\System\RXLrhmI.exe
  C:\Windows\System\RXLrhmI.exe
  2⤵
  PID:7492
- C:\Windows\System\vuKYUrO.exe
  C:\Windows\System\vuKYUrO.exe
  2⤵
  PID:7508
- C:\Windows\System\GevKKlK.exe
  C:\Windows\System\GevKKlK.exe
  2⤵
  PID:7524
- C:\Windows\System\TtBScyl.exe
  C:\Windows\System\TtBScyl.exe
  2⤵
  PID:7540
- C:\Windows\System\WulKtNJ.exe
  C:\Windows\System\WulKtNJ.exe
  2⤵
  PID:7556
- C:\Windows\System\YYGVgjA.exe
  C:\Windows\System\YYGVgjA.exe
  2⤵
  PID:7572
- C:\Windows\System\pbFwGRR.exe
  C:\Windows\System\pbFwGRR.exe
  2⤵
  PID:7588
- C:\Windows\System\MxILNYB.exe
  C:\Windows\System\MxILNYB.exe
  2⤵
  PID:7608
- C:\Windows\System\XvWeCYN.exe
  C:\Windows\System\XvWeCYN.exe
  2⤵
  PID:7624
- C:\Windows\System\KYAXszk.exe
  C:\Windows\System\KYAXszk.exe
  2⤵
  PID:7640
- C:\Windows\System\klXhmmO.exe
  C:\Windows\System\klXhmmO.exe
  2⤵
  PID:7656
- C:\Windows\System\iQcxvKf.exe
  C:\Windows\System\iQcxvKf.exe
  2⤵
  PID:7672
- C:\Windows\System\DuuJOxe.exe
  C:\Windows\System\DuuJOxe.exe
  2⤵
  PID:7688
- C:\Windows\System\dZpreqg.exe
  C:\Windows\System\dZpreqg.exe
  2⤵
  PID:7708
- C:\Windows\System\yxkzfNf.exe
  C:\Windows\System\yxkzfNf.exe
  2⤵
  PID:7724
- C:\Windows\System\YGPViIl.exe
  C:\Windows\System\YGPViIl.exe
  2⤵
  PID:7740
- C:\Windows\System\GJKRbTr.exe
  C:\Windows\System\GJKRbTr.exe
  2⤵
  PID:7756
- C:\Windows\System\kdIKhqF.exe
  C:\Windows\System\kdIKhqF.exe
  2⤵
  PID:7772
- C:\Windows\System\ucmzhLS.exe
  C:\Windows\System\ucmzhLS.exe
  2⤵
  PID:7788
- C:\Windows\System\TyRAOli.exe
  C:\Windows\System\TyRAOli.exe
  2⤵
  PID:7804
- C:\Windows\System\LXitsPZ.exe
  C:\Windows\System\LXitsPZ.exe
  2⤵
  PID:7820
- C:\Windows\System\EXyYDPx.exe
  C:\Windows\System\EXyYDPx.exe
  2⤵
  PID:7836
- C:\Windows\System\yKaUWCv.exe
  C:\Windows\System\yKaUWCv.exe
  2⤵
  PID:7852
- C:\Windows\System\IbXNPvW.exe
  C:\Windows\System\IbXNPvW.exe
  2⤵
  PID:7868
- C:\Windows\System\JxzxJgq.exe
  C:\Windows\System\JxzxJgq.exe
  2⤵
  PID:7884
- C:\Windows\System\caCnPbK.exe
  C:\Windows\System\caCnPbK.exe
  2⤵
  PID:7900
- C:\Windows\System\NhzCLLM.exe
  C:\Windows\System\NhzCLLM.exe
  2⤵
  PID:7916
- C:\Windows\System\yHpBfIR.exe
  C:\Windows\System\yHpBfIR.exe
  2⤵
  PID:7932
- C:\Windows\System\pVZiNrk.exe
  C:\Windows\System\pVZiNrk.exe
  2⤵
  PID:7948
- C:\Windows\System\efcjDXB.exe
  C:\Windows\System\efcjDXB.exe
  2⤵
  PID:7964
- C:\Windows\System\GVHgWNN.exe
  C:\Windows\System\GVHgWNN.exe
  2⤵
  PID:7980
- C:\Windows\System\wbqFBAT.exe
  C:\Windows\System\wbqFBAT.exe
  2⤵
  PID:7996
- C:\Windows\System\EvsDABa.exe
  C:\Windows\System\EvsDABa.exe
  2⤵
  PID:8012
- C:\Windows\System\cNpkWZe.exe
  C:\Windows\System\cNpkWZe.exe
  2⤵
  PID:8028
- C:\Windows\System\RJrnFNC.exe
  C:\Windows\System\RJrnFNC.exe
  2⤵
  PID:8044
- C:\Windows\System\YXJWVcs.exe
  C:\Windows\System\YXJWVcs.exe
  2⤵
  PID:8060
- C:\Windows\System\UuODswq.exe
  C:\Windows\System\UuODswq.exe
  2⤵
  PID:8076
- C:\Windows\System\BObMmVI.exe
  C:\Windows\System\BObMmVI.exe
  2⤵
  PID:8092
- C:\Windows\System\hPQXyOh.exe
  C:\Windows\System\hPQXyOh.exe
  2⤵
  PID:8108
- C:\Windows\System\ypDvGjq.exe
  C:\Windows\System\ypDvGjq.exe
  2⤵
  PID:8124
- C:\Windows\System\XPHhjjI.exe
  C:\Windows\System\XPHhjjI.exe
  2⤵
  PID:8140
- C:\Windows\System\ZfjZyLk.exe
  C:\Windows\System\ZfjZyLk.exe
  2⤵
  PID:8156
- C:\Windows\System\NbcUibt.exe
  C:\Windows\System\NbcUibt.exe
  2⤵
  PID:8172
- C:\Windows\System\sBnRpcA.exe
  C:\Windows\System\sBnRpcA.exe
  2⤵
  PID:8188
- C:\Windows\System\HeKJGvR.exe
  C:\Windows\System\HeKJGvR.exe
  2⤵
  PID:5204
- C:\Windows\System\WKIomnE.exe
  C:\Windows\System\WKIomnE.exe
  2⤵
  PID:7020
- C:\Windows\System\yrXPInT.exe
  C:\Windows\System\yrXPInT.exe
  2⤵
  PID:7220
- C:\Windows\System\ndLMwdl.exe
  C:\Windows\System\ndLMwdl.exe
  2⤵
  PID:6244
- C:\Windows\System\LsIGmzk.exe
  C:\Windows\System\LsIGmzk.exe
  2⤵
  PID:7284
- C:\Windows\System\VhuDxpM.exe
  C:\Windows\System\VhuDxpM.exe
  2⤵
  PID:7352
- C:\Windows\System\TJCPcyA.exe
  C:\Windows\System\TJCPcyA.exe
  2⤵
  PID:4700
- C:\Windows\System\oBJYxaa.exe
  C:\Windows\System\oBJYxaa.exe
  2⤵
  PID:7172
- C:\Windows\System\BBBnYps.exe
  C:\Windows\System\BBBnYps.exe
  2⤵
  PID:7268
- C:\Windows\System\gbneSUZ.exe
  C:\Windows\System\gbneSUZ.exe
  2⤵
  PID:7336
- C:\Windows\System\NdponHL.exe
  C:\Windows\System\NdponHL.exe
  2⤵
  PID:7308
- C:\Windows\System\IiDUFzh.exe
  C:\Windows\System\IiDUFzh.exe
  2⤵
  PID:7400
- C:\Windows\System\bGwAWef.exe
  C:\Windows\System\bGwAWef.exe
  2⤵
  PID:7440
- C:\Windows\System\jIggsEN.exe
  C:\Windows\System\jIggsEN.exe
  2⤵
  PID:7504
- C:\Windows\System\fvYCWaK.exe
  C:\Windows\System\fvYCWaK.exe
  2⤵
  PID:7532
- C:\Windows\System\anQybey.exe
  C:\Windows\System\anQybey.exe
  2⤵
  PID:7548
- C:\Windows\System\jEeNecY.exe
  C:\Windows\System\jEeNecY.exe
  2⤵
  PID:7632
- C:\Windows\System\RKtoLHM.exe
  C:\Windows\System\RKtoLHM.exe
  2⤵
  PID:7696
- C:\Windows\System\uQYpJkS.exe
  C:\Windows\System\uQYpJkS.exe
  2⤵
  PID:7620
- C:\Windows\System\wymrdxW.exe
  C:\Windows\System\wymrdxW.exe
  2⤵
  PID:7684
- C:\Windows\System\jfBXcjv.exe
  C:\Windows\System\jfBXcjv.exe
  2⤵
  PID:7736
- C:\Windows\System\SqHTRTV.exe
  C:\Windows\System\SqHTRTV.exe
  2⤵
  PID:7796
- C:\Windows\System\rAmQHrT.exe
  C:\Windows\System\rAmQHrT.exe
  2⤵
  PID:7864
- C:\Windows\System\fXNIFXg.exe
  C:\Windows\System\fXNIFXg.exe
  2⤵
  PID:7584
- C:\Windows\System\mjMECyw.exe
  C:\Windows\System\mjMECyw.exe
  2⤵
  PID:7848
- C:\Windows\System\xgxjthp.exe
  C:\Windows\System\xgxjthp.exe
  2⤵
  PID:7784
- C:\Windows\System\CwcXvKg.exe
  C:\Windows\System\CwcXvKg.exe
  2⤵
  PID:7944
- C:\Windows\System\BrTakrf.exe
  C:\Windows\System\BrTakrf.exe
  2⤵
  PID:8008
- C:\Windows\System\UnnWlWp.exe
  C:\Windows\System\UnnWlWp.exe
  2⤵
  PID:7956
- C:\Windows\System\tSMxbZb.exe
  C:\Windows\System\tSMxbZb.exe
  2⤵
  PID:8116
- C:\Windows\System\PUUaAvT.exe
  C:\Windows\System\PUUaAvT.exe
  2⤵
  PID:8020
- C:\Windows\System\CLNHWhA.exe
  C:\Windows\System\CLNHWhA.exe
  2⤵
  PID:8088
- C:\Windows\System\dggnwdT.exe
  C:\Windows\System\dggnwdT.exe
  2⤵
  PID:8104
- C:\Windows\System\YLRaHiC.exe
  C:\Windows\System\YLRaHiC.exe
  2⤵
  PID:8168
- C:\Windows\System\iAczNcw.exe
  C:\Windows\System\iAczNcw.exe
  2⤵
  PID:8148
- C:\Windows\System\GmZnROO.exe
  C:\Windows\System\GmZnROO.exe
  2⤵
  PID:7252
- C:\Windows\System\mxqhpjC.exe
  C:\Windows\System\mxqhpjC.exe
  2⤵
  PID:7356
- C:\Windows\System\xhbAwbv.exe
  C:\Windows\System\xhbAwbv.exe
  2⤵
  PID:7192
- C:\Windows\System\swjIUyb.exe
  C:\Windows\System\swjIUyb.exe
  2⤵
  PID:7208
- C:\Windows\System\UQGXFJs.exe
  C:\Windows\System\UQGXFJs.exe
  2⤵
  PID:7484
- C:\Windows\System\QqIhvxu.exe
  C:\Windows\System\QqIhvxu.exe
  2⤵
  PID:7236
- C:\Windows\System\OtrmlsR.exe
  C:\Windows\System\OtrmlsR.exe
  2⤵
  PID:7720
- C:\Windows\System\znLrPhw.exe
  C:\Windows\System\znLrPhw.exe
  2⤵
  PID:7860
- C:\Windows\System\QCXUrhZ.exe
  C:\Windows\System\QCXUrhZ.exe
  2⤵
  PID:7940
- C:\Windows\System\wnAKLCt.exe
  C:\Windows\System\wnAKLCt.exe
  2⤵
  PID:7992
- C:\Windows\System\CsLSZsl.exe
  C:\Windows\System\CsLSZsl.exe
  2⤵
  PID:7184
- C:\Windows\System\VKCipAT.exe
  C:\Windows\System\VKCipAT.exe
  2⤵
  PID:7472
- C:\Windows\System\mhcXHVU.exe
  C:\Windows\System\mhcXHVU.exe
  2⤵
  PID:7384
- C:\Windows\System\sXWHBoF.exe
  C:\Windows\System\sXWHBoF.exe
  2⤵
  PID:7424
- C:\Windows\System\TLjUbrH.exe
  C:\Windows\System\TLjUbrH.exe
  2⤵
  PID:7456
- C:\Windows\System\sGEnLWK.exe
  C:\Windows\System\sGEnLWK.exe
  2⤵
  PID:7600
- C:\Windows\System\RzkTvQJ.exe
  C:\Windows\System\RzkTvQJ.exe
  2⤵
  PID:8084
- C:\Windows\System\LXoWFKm.exe
  C:\Windows\System\LXoWFKm.exe
  2⤵
  PID:7780
- C:\Windows\System\lZqfdSi.exe
  C:\Windows\System\lZqfdSi.exe
  2⤵
  PID:8004
- C:\Windows\System\MCNuEcl.exe
  C:\Windows\System\MCNuEcl.exe
  2⤵
  PID:8164
- C:\Windows\System\tAcTnZL.exe
  C:\Windows\System\tAcTnZL.exe
  2⤵
  PID:7388
- C:\Windows\System\XRTTVEr.exe
  C:\Windows\System\XRTTVEr.exe
  2⤵
  PID:8040
- C:\Windows\System\imZSQfI.exe
  C:\Windows\System\imZSQfI.exe
  2⤵
  PID:7320
- C:\Windows\System\cBsYexm.exe
  C:\Windows\System\cBsYexm.exe
  2⤵
  PID:6484
- C:\Windows\System\IjWGYnh.exe
  C:\Windows\System\IjWGYnh.exe
  2⤵
  PID:7568
- C:\Windows\System\pgGDRcd.exe
  C:\Windows\System\pgGDRcd.exe
  2⤵
  PID:8136
- C:\Windows\System\EbpJCci.exe
  C:\Windows\System\EbpJCci.exe
  2⤵
  PID:7752
- C:\Windows\System\ThXAELU.exe
  C:\Windows\System\ThXAELU.exe
  2⤵
  PID:8204
- C:\Windows\System\qJCRsxg.exe
  C:\Windows\System\qJCRsxg.exe
  2⤵
  PID:8220
- C:\Windows\System\eRAraIs.exe
  C:\Windows\System\eRAraIs.exe
  2⤵
  PID:8236
- C:\Windows\System\Lohlixz.exe
  C:\Windows\System\Lohlixz.exe
  2⤵
  PID:8252
- C:\Windows\System\mwafvzv.exe
  C:\Windows\System\mwafvzv.exe
  2⤵
  PID:8268
- C:\Windows\System\dbfIDCF.exe
  C:\Windows\System\dbfIDCF.exe
  2⤵
  PID:8284
- C:\Windows\System\gMjupcr.exe
  C:\Windows\System\gMjupcr.exe
  2⤵
  PID:8300
- C:\Windows\System\osxFLbr.exe
  C:\Windows\System\osxFLbr.exe
  2⤵
  PID:8316
- C:\Windows\System\bKLMdbl.exe
  C:\Windows\System\bKLMdbl.exe
  2⤵
  PID:8332
- C:\Windows\System\JvJGRev.exe
  C:\Windows\System\JvJGRev.exe
  2⤵
  PID:8352
- C:\Windows\System\IetWLCQ.exe
  C:\Windows\System\IetWLCQ.exe
  2⤵
  PID:8368
- C:\Windows\System\OTfUOwg.exe
  C:\Windows\System\OTfUOwg.exe
  2⤵
  PID:8384
- C:\Windows\System\NLmwMhG.exe
  C:\Windows\System\NLmwMhG.exe
  2⤵
  PID:8416
- C:\Windows\System\OirADql.exe
  C:\Windows\System\OirADql.exe
  2⤵
  PID:8432
- C:\Windows\System\fxtnvjQ.exe
  C:\Windows\System\fxtnvjQ.exe
  2⤵
  PID:8448
- C:\Windows\System\IUONrTr.exe
  C:\Windows\System\IUONrTr.exe
  2⤵
  PID:8464
- C:\Windows\System\nLRotes.exe
  C:\Windows\System\nLRotes.exe
  2⤵
  PID:8480
- C:\Windows\System\JSEqOAn.exe
  C:\Windows\System\JSEqOAn.exe
  2⤵
  PID:8496
- C:\Windows\System\gyXOrfe.exe
  C:\Windows\System\gyXOrfe.exe
  2⤵
  PID:8512
- C:\Windows\System\tuOmKZf.exe
  C:\Windows\System\tuOmKZf.exe
  2⤵
  PID:8532
- C:\Windows\System\ZsvrUMP.exe
  C:\Windows\System\ZsvrUMP.exe
  2⤵
  PID:8548
- C:\Windows\System\wIhTIkq.exe
  C:\Windows\System\wIhTIkq.exe
  2⤵
  PID:8564
- C:\Windows\System\TmwabAm.exe
  C:\Windows\System\TmwabAm.exe
  2⤵
  PID:8580
- C:\Windows\System\hiKaLRp.exe
  C:\Windows\System\hiKaLRp.exe
  2⤵
  PID:8596
- C:\Windows\System\bpbvwXW.exe
  C:\Windows\System\bpbvwXW.exe
  2⤵
  PID:8612
- C:\Windows\System\cvuNsQS.exe
  C:\Windows\System\cvuNsQS.exe
  2⤵
  PID:8628
- C:\Windows\System\MMgHoyY.exe
  C:\Windows\System\MMgHoyY.exe
  2⤵
  PID:8648
- C:\Windows\System\bfuYoDN.exe
  C:\Windows\System\bfuYoDN.exe
  2⤵
  PID:8664
- C:\Windows\System\gTRGLPP.exe
  C:\Windows\System\gTRGLPP.exe
  2⤵
  PID:8680
- C:\Windows\System\EqOVcku.exe
  C:\Windows\System\EqOVcku.exe
  2⤵
  PID:8696
- C:\Windows\System\cqCILEB.exe
  C:\Windows\System\cqCILEB.exe
  2⤵
  PID:8712
- C:\Windows\System\HgVRrpA.exe
  C:\Windows\System\HgVRrpA.exe
  2⤵
  PID:8728
- C:\Windows\System\hQlFaxB.exe
  C:\Windows\System\hQlFaxB.exe
  2⤵
  PID:8744
- C:\Windows\System\LPFMHAO.exe
  C:\Windows\System\LPFMHAO.exe
  2⤵
  PID:8760
- C:\Windows\System\RDqaWAn.exe
  C:\Windows\System\RDqaWAn.exe
  2⤵
  PID:8776
- C:\Windows\System\MzTUTew.exe
  C:\Windows\System\MzTUTew.exe
  2⤵
  PID:8792
- C:\Windows\System\SweOBbM.exe
  C:\Windows\System\SweOBbM.exe
  2⤵
  PID:8808
- C:\Windows\System\vCmntJp.exe
  C:\Windows\System\vCmntJp.exe
  2⤵
  PID:8824
- C:\Windows\System\bwfZlos.exe
  C:\Windows\System\bwfZlos.exe
  2⤵
  PID:8840
- C:\Windows\System\dMmTIaz.exe
  C:\Windows\System\dMmTIaz.exe
  2⤵
  PID:8856
- C:\Windows\System\CxkSoMC.exe
  C:\Windows\System\CxkSoMC.exe
  2⤵
  PID:8872
- C:\Windows\System\zFaISVJ.exe
  C:\Windows\System\zFaISVJ.exe
  2⤵
  PID:8888
- C:\Windows\System\zBZOhlN.exe
  C:\Windows\System\zBZOhlN.exe
  2⤵
  PID:8904
- C:\Windows\System\hMbgiJA.exe
  C:\Windows\System\hMbgiJA.exe
  2⤵
  PID:8920
- C:\Windows\System\NJZpIBZ.exe
  C:\Windows\System\NJZpIBZ.exe
  2⤵
  PID:8936
- C:\Windows\System\iJjtGRO.exe
  C:\Windows\System\iJjtGRO.exe
  2⤵
  PID:8952
- C:\Windows\System\SzPbQAx.exe
  C:\Windows\System\SzPbQAx.exe
  2⤵
  PID:8968
- C:\Windows\System\junxcPW.exe
  C:\Windows\System\junxcPW.exe
  2⤵
  PID:8984
- C:\Windows\System\QkwjYAX.exe
  C:\Windows\System\QkwjYAX.exe
  2⤵
  PID:9000
- C:\Windows\System\bxZkJdg.exe
  C:\Windows\System\bxZkJdg.exe
  2⤵
  PID:9016
- C:\Windows\System\eFPphMT.exe
  C:\Windows\System\eFPphMT.exe
  2⤵
  PID:9032
- C:\Windows\System\ZsQYBbt.exe
  C:\Windows\System\ZsQYBbt.exe
  2⤵
  PID:9052
- C:\Windows\System\ocitbun.exe
  C:\Windows\System\ocitbun.exe
  2⤵
  PID:9068
- C:\Windows\System\BHFjPSD.exe
  C:\Windows\System\BHFjPSD.exe
  2⤵
  PID:9084
- C:\Windows\System\XketFjd.exe
  C:\Windows\System\XketFjd.exe
  2⤵
  PID:9100
- C:\Windows\System\RCNIGZr.exe
  C:\Windows\System\RCNIGZr.exe
  2⤵
  PID:9116
- C:\Windows\System\RcCJExs.exe
  C:\Windows\System\RcCJExs.exe
  2⤵
  PID:9132
- C:\Windows\System\WwvAMOF.exe
  C:\Windows\System\WwvAMOF.exe
  2⤵
  PID:9148
- C:\Windows\System\JEQZHjW.exe
  C:\Windows\System\JEQZHjW.exe
  2⤵
  PID:9164
- C:\Windows\System\QktOsJs.exe
  C:\Windows\System\QktOsJs.exe
  2⤵
  PID:9180
- C:\Windows\System\MOlcFYv.exe
  C:\Windows\System\MOlcFYv.exe
  2⤵
  PID:9196
- C:\Windows\System\cyQKqdB.exe
  C:\Windows\System\cyQKqdB.exe
  2⤵
  PID:2772
- C:\Windows\System\UciXrYn.exe
  C:\Windows\System\UciXrYn.exe
  2⤵
  PID:7912
- C:\Windows\System\tPvHycF.exe
  C:\Windows\System\tPvHycF.exe
  2⤵
  PID:7768
- C:\Windows\System\ISRuuxt.exe
  C:\Windows\System\ISRuuxt.exe
  2⤵
  PID:2192
- C:\Windows\System\aWuQUlf.exe
  C:\Windows\System\aWuQUlf.exe
  2⤵
  PID:6600
- C:\Windows\System\sESvGYc.exe
  C:\Windows\System\sESvGYc.exe
  2⤵
  PID:7272
- C:\Windows\System\lZnwdjb.exe
  C:\Windows\System\lZnwdjb.exe
  2⤵
  PID:8260
- C:\Windows\System\yPHOAOb.exe
  C:\Windows\System\yPHOAOb.exe
  2⤵
  PID:8324
- C:\Windows\System\ptWCDou.exe
  C:\Windows\System\ptWCDou.exe
  2⤵
  PID:8244
- C:\Windows\System\AirBPYB.exe
  C:\Windows\System\AirBPYB.exe
  2⤵
  PID:8248
- C:\Windows\System\lADdNwn.exe
  C:\Windows\System\lADdNwn.exe
  2⤵
  PID:8340
- C:\Windows\System\xyTzrpk.exe
  C:\Windows\System\xyTzrpk.exe
  2⤵
  PID:8376
- C:\Windows\System\IDsnoaZ.exe
  C:\Windows\System\IDsnoaZ.exe
  2⤵
  PID:8392
- C:\Windows\System\Xwsyelp.exe
  C:\Windows\System\Xwsyelp.exe
  2⤵
  PID:8408
- C:\Windows\System\BCtxwJf.exe
  C:\Windows\System\BCtxwJf.exe
  2⤵
  PID:8472
- C:\Windows\System\VKREQaF.exe
  C:\Windows\System\VKREQaF.exe
  2⤵
  PID:8540
- C:\Windows\System\qNSmFrX.exe
  C:\Windows\System\qNSmFrX.exe
  2⤵
  PID:8604
- C:\Windows\System\tGFxvru.exe
  C:\Windows\System\tGFxvru.exe
  2⤵
  PID:8520
- C:\Windows\System\gAIbWFH.exe
  C:\Windows\System\gAIbWFH.exe
  2⤵
  PID:8624
- C:\Windows\System\UilAINz.exe
  C:\Windows\System\UilAINz.exe
  2⤵
  PID:8560
- C:\Windows\System\wPWUrjA.exe
  C:\Windows\System\wPWUrjA.exe
  2⤵
  PID:8488
- C:\Windows\System\bonViQJ.exe
  C:\Windows\System\bonViQJ.exe
  2⤵
  PID:8672
- C:\Windows\System\tNwwQbf.exe
  C:\Windows\System\tNwwQbf.exe
  2⤵
  PID:8688
- C:\Windows\System\IWYNNEo.exe
  C:\Windows\System\IWYNNEo.exe
  2⤵
  PID:8736
- C:\Windows\System\AiImjSA.exe
  C:\Windows\System\AiImjSA.exe
  2⤵
  PID:8800
- C:\Windows\System\PehrIZV.exe
  C:\Windows\System\PehrIZV.exe
  2⤵
  PID:8756
- C:\Windows\System\abCfRxD.exe
  C:\Windows\System\abCfRxD.exe
  2⤵
  PID:8816
- C:\Windows\System\lrdbDtn.exe
  C:\Windows\System\lrdbDtn.exe
  2⤵
  PID:8864
- C:\Windows\System\WtcUyRE.exe
  C:\Windows\System\WtcUyRE.exe
  2⤵
  PID:8928
- C:\Windows\System\NiGXuDm.exe
  C:\Windows\System\NiGXuDm.exe
  2⤵
  PID:8884
- C:\Windows\System\RAVkSdx.exe
  C:\Windows\System\RAVkSdx.exe
  2⤵
  PID:8960
- C:\Windows\System\mhobOMG.exe
  C:\Windows\System\mhobOMG.exe
  2⤵
  PID:9024
- C:\Windows\System\CAEhIOj.exe
  C:\Windows\System\CAEhIOj.exe
  2⤵
  PID:8980
- C:\Windows\System\umTOkLY.exe
  C:\Windows\System\umTOkLY.exe
  2⤵
  PID:9040
- C:\Windows\System\ApwdDgS.exe
  C:\Windows\System\ApwdDgS.exe
  2⤵
  PID:9064
- C:\Windows\System\JjptkuU.exe
  C:\Windows\System\JjptkuU.exe
  2⤵
  PID:9096
- C:\Windows\System\huGlHKO.exe
  C:\Windows\System\huGlHKO.exe
  2⤵
  PID:9112
- C:\Windows\System\ESXOcwP.exe
  C:\Windows\System\ESXOcwP.exe
  2⤵
  PID:9160
- C:\Windows\System\YpaxtOV.exe
  C:\Windows\System\YpaxtOV.exe
  2⤵
  PID:9192
- C:\Windows\System\WedRMfE.exe
  C:\Windows\System\WedRMfE.exe
  2⤵
  PID:9208
- C:\Windows\System\HePjart.exe
  C:\Windows\System\HePjart.exe
  2⤵
  PID:8200
- C:\Windows\System\opvrrkF.exe
  C:\Windows\System\opvrrkF.exe
  2⤵
  PID:7976
- C:\Windows\System\wwcrZIo.exe
  C:\Windows\System\wwcrZIo.exe
  2⤵
  PID:8308
- C:\Windows\System\FuIucPG.exe
  C:\Windows\System\FuIucPG.exe
  2⤵
  PID:8232
- C:\Windows\System\GUvxSRa.exe
  C:\Windows\System\GUvxSRa.exe
  2⤵
  PID:8312
- C:\Windows\System\RBRUxLl.exe
  C:\Windows\System\RBRUxLl.exe
  2⤵
  PID:8364
- C:\Windows\System\UtgYtOb.exe
  C:\Windows\System\UtgYtOb.exe
  2⤵
  PID:8492
- C:\Windows\System\QaRCncm.exe
  C:\Windows\System\QaRCncm.exe
  2⤵
  PID:8644
- C:\Windows\System\UFiDbYh.exe
  C:\Windows\System\UFiDbYh.exe
  2⤵
  PID:8832
- C:\Windows\System\eJfTnzH.exe
  C:\Windows\System\eJfTnzH.exe
  2⤵
  PID:8992
- C:\Windows\System\qMuOMjt.exe
  C:\Windows\System\qMuOMjt.exe
  2⤵
  PID:9076
- C:\Windows\System\lxWCctJ.exe
  C:\Windows\System\lxWCctJ.exe
  2⤵
  PID:8896
- C:\Windows\System\ZPHAmam.exe
  C:\Windows\System\ZPHAmam.exe
  2⤵
  PID:8620
- C:\Windows\System\PnPxmSv.exe
  C:\Windows\System\PnPxmSv.exe
  2⤵
  PID:8656
- C:\Windows\System\ocjOywG.exe
  C:\Windows\System\ocjOywG.exe
  2⤵
  PID:8900
- C:\Windows\System\vpmzeTM.exe
  C:\Windows\System\vpmzeTM.exe
  2⤵
  PID:9156
- C:\Windows\System\IHmXeCE.exe
  C:\Windows\System\IHmXeCE.exe
  2⤵
  PID:7368
- C:\Windows\System\noumLFX.exe
  C:\Windows\System\noumLFX.exe
  2⤵
  PID:9176
- C:\Windows\System\zPhBGJB.exe
  C:\Windows\System\zPhBGJB.exe
  2⤵
  PID:7520
- C:\Windows\System\IqUuQAC.exe
  C:\Windows\System\IqUuQAC.exe
  2⤵
  PID:8636
- C:\Windows\System\QpVvzEb.exe
  C:\Windows\System\QpVvzEb.exe
  2⤵
  PID:8880
- C:\Windows\System\ZUdfyXf.exe
  C:\Windows\System\ZUdfyXf.exe
  2⤵
  PID:8588
- C:\Windows\System\uUqFYfc.exe
  C:\Windows\System\uUqFYfc.exe
  2⤵
  PID:9128
- C:\Windows\System\JIAzLDQ.exe
  C:\Windows\System\JIAzLDQ.exe
  2⤵
  PID:7436
- C:\Windows\System\QsSnQBn.exe
  C:\Windows\System\QsSnQBn.exe
  2⤵
  PID:8508
- C:\Windows\System\IVrSTcj.exe
  C:\Windows\System\IVrSTcj.exe
  2⤵
  PID:9228
- C:\Windows\System\xrEiuBy.exe
  C:\Windows\System\xrEiuBy.exe
  2⤵
  PID:9244
- C:\Windows\System\YQnEtdr.exe
  C:\Windows\System\YQnEtdr.exe
  2⤵
  PID:9260
- C:\Windows\System\JaUiYOp.exe
  C:\Windows\System\JaUiYOp.exe
  2⤵
  PID:9276
- C:\Windows\System\JbnjDhZ.exe
  C:\Windows\System\JbnjDhZ.exe
  2⤵
  PID:9292
- C:\Windows\System\MkorLFy.exe
  C:\Windows\System\MkorLFy.exe
  2⤵
  PID:9308
- C:\Windows\System\bVhEJer.exe
  C:\Windows\System\bVhEJer.exe
  2⤵
  PID:9324
- C:\Windows\System\dINdAVR.exe
  C:\Windows\System\dINdAVR.exe
  2⤵
  PID:9340
- C:\Windows\System\GiNznky.exe
  C:\Windows\System\GiNznky.exe
  2⤵
  PID:9356
- C:\Windows\System\hoNSION.exe
  C:\Windows\System\hoNSION.exe
  2⤵
  PID:9372
- C:\Windows\System\KrAbmSh.exe
  C:\Windows\System\KrAbmSh.exe
  2⤵
  PID:9388
- C:\Windows\System\TYDvtXd.exe
  C:\Windows\System\TYDvtXd.exe
  2⤵
  PID:9404
- C:\Windows\System\UpqSGCU.exe
  C:\Windows\System\UpqSGCU.exe
  2⤵
  PID:9420
- C:\Windows\System\VvppBOe.exe
  C:\Windows\System\VvppBOe.exe
  2⤵
  PID:9436
- C:\Windows\System\aUFbanQ.exe
  C:\Windows\System\aUFbanQ.exe
  2⤵
  PID:9452
- C:\Windows\System\IcFkgby.exe
  C:\Windows\System\IcFkgby.exe
  2⤵
  PID:9468
- C:\Windows\System\ytmHqIS.exe
  C:\Windows\System\ytmHqIS.exe
  2⤵
  PID:9484
- C:\Windows\System\DsVuedV.exe
  C:\Windows\System\DsVuedV.exe
  2⤵
  PID:9584
- C:\Windows\System\FCJBItk.exe
  C:\Windows\System\FCJBItk.exe
  2⤵
  PID:9600
- C:\Windows\System\EqduQup.exe
  C:\Windows\System\EqduQup.exe
  2⤵
  PID:9620
- C:\Windows\System\yOjdNjq.exe
  C:\Windows\System\yOjdNjq.exe
  2⤵
  PID:9652
- C:\Windows\System\exfMUty.exe
  C:\Windows\System\exfMUty.exe
  2⤵
  PID:9672
- C:\Windows\System\RWratpJ.exe
  C:\Windows\System\RWratpJ.exe
  2⤵
  PID:9688
- C:\Windows\System\BQftrJT.exe
  C:\Windows\System\BQftrJT.exe
  2⤵
  PID:9704
- C:\Windows\System\HdssQWE.exe
  C:\Windows\System\HdssQWE.exe
  2⤵
  PID:9720
- C:\Windows\System\twJJBfC.exe
  C:\Windows\System\twJJBfC.exe
  2⤵
  PID:9736
- C:\Windows\System\ixSZFVZ.exe
  C:\Windows\System\ixSZFVZ.exe
  2⤵
  PID:9752
- C:\Windows\System\guoDPmq.exe
  C:\Windows\System\guoDPmq.exe
  2⤵
  PID:9772
- C:\Windows\System\RXFwBrV.exe
  C:\Windows\System\RXFwBrV.exe
  2⤵
  PID:9788
- C:\Windows\System\wrpPKfx.exe
  C:\Windows\System\wrpPKfx.exe
  2⤵
  PID:9804
- C:\Windows\System\dUATvtd.exe
  C:\Windows\System\dUATvtd.exe
  2⤵
  PID:9820
- C:\Windows\System\ueafhjC.exe
  C:\Windows\System\ueafhjC.exe
  2⤵
  PID:9836
- C:\Windows\System\fBaTDhm.exe
  C:\Windows\System\fBaTDhm.exe
  2⤵
  PID:9852
- C:\Windows\System\PLkvUwS.exe
  C:\Windows\System\PLkvUwS.exe
  2⤵
  PID:9872
- C:\Windows\System\sjhaLBt.exe
  C:\Windows\System\sjhaLBt.exe
  2⤵
  PID:10052
- C:\Windows\System\TDpsqVL.exe
  C:\Windows\System\TDpsqVL.exe
  2⤵
  PID:10084
- C:\Windows\System\CVJbYvO.exe
  C:\Windows\System\CVJbYvO.exe
  2⤵
  PID:10100
- C:\Windows\System\lVLxKXq.exe
  C:\Windows\System\lVLxKXq.exe
  2⤵
  PID:10116
- C:\Windows\System\wLaKiiA.exe
  C:\Windows\System\wLaKiiA.exe
  2⤵
  PID:10132
- C:\Windows\System\KukwLfi.exe
  C:\Windows\System\KukwLfi.exe
  2⤵
  PID:10148
- C:\Windows\System\GdwBJoT.exe
  C:\Windows\System\GdwBJoT.exe
  2⤵
  PID:10168
- C:\Windows\System\VAqtKbr.exe
  C:\Windows\System\VAqtKbr.exe
  2⤵
  PID:10184
- C:\Windows\System\MKEmthn.exe
  C:\Windows\System\MKEmthn.exe
  2⤵
  PID:10200
- C:\Windows\System\dhtIAan.exe
  C:\Windows\System\dhtIAan.exe
  2⤵
  PID:10216
- C:\Windows\System\xMmslDD.exe
  C:\Windows\System\xMmslDD.exe
  2⤵
  PID:10232
- C:\Windows\System\UhCAHrx.exe
  C:\Windows\System\UhCAHrx.exe
  2⤵
  PID:8460
- C:\Windows\System\HxuGpzi.exe
  C:\Windows\System\HxuGpzi.exe
  2⤵
  PID:9320
- C:\Windows\System\cEFBAgR.exe
  C:\Windows\System\cEFBAgR.exe
  2⤵
  PID:9416
- C:\Windows\System\eNpBZSK.exe
  C:\Windows\System\eNpBZSK.exe
  2⤵
  PID:8752
- C:\Windows\System\wWxcAjx.exe
  C:\Windows\System\wWxcAjx.exe
  2⤵
  PID:9268
- C:\Windows\System\UHkhsRt.exe
  C:\Windows\System\UHkhsRt.exe
  2⤵
  PID:9368
- C:\Windows\System\TIXfNzp.exe
  C:\Windows\System\TIXfNzp.exe
  2⤵
  PID:8772
- C:\Windows\System\LpzxHPN.exe
  C:\Windows\System\LpzxHPN.exe
  2⤵
  PID:9012
- C:\Windows\System\PxQkiUS.exe
  C:\Windows\System\PxQkiUS.exe
  2⤵
  PID:9060
- C:\Windows\System\AkHrrLN.exe
  C:\Windows\System\AkHrrLN.exe
  2⤵
  PID:9504
- C:\Windows\System\psnFLhG.exe
  C:\Windows\System\psnFLhG.exe
  2⤵
  PID:9524
- C:\Windows\System\Mazmtyy.exe
  C:\Windows\System\Mazmtyy.exe
  2⤵
  PID:9552
- C:\Windows\System\YvcIAxV.exe
  C:\Windows\System\YvcIAxV.exe
  2⤵
  PID:9628
- C:\Windows\System\qkgsadR.exe
  C:\Windows\System\qkgsadR.exe
  2⤵
  PID:9648
- C:\Windows\System\HgQlShB.exe
  C:\Windows\System\HgQlShB.exe
  2⤵
  PID:9608
- C:\Windows\System\kPBPhmV.exe
  C:\Windows\System\kPBPhmV.exe
  2⤵
  PID:9664
- C:\Windows\System\VWxMFtT.exe
  C:\Windows\System\VWxMFtT.exe
  2⤵
  PID:9716
- C:\Windows\System\mVFNcLk.exe
  C:\Windows\System\mVFNcLk.exe
  2⤵
  PID:9764
- C:\Windows\System\NXIJjLL.exe
  C:\Windows\System\NXIJjLL.exe
  2⤵
  PID:9860
- C:\Windows\System\YpbtFFE.exe
  C:\Windows\System\YpbtFFE.exe
  2⤵
  PID:9868
- C:\Windows\System\TbaCklF.exe
  C:\Windows\System\TbaCklF.exe
  2⤵
  PID:9896
- C:\Windows\System\ylRMQbD.exe
  C:\Windows\System\ylRMQbD.exe
  2⤵
  PID:9916
- C:\Windows\System\WkjPqvA.exe
  C:\Windows\System\WkjPqvA.exe
  2⤵
  PID:9932
- C:\Windows\System\gCoFdFF.exe
  C:\Windows\System\gCoFdFF.exe
  2⤵
  PID:9944
- C:\Windows\System\kSKkDjI.exe
  C:\Windows\System\kSKkDjI.exe
  2⤵
  PID:9972
- C:\Windows\System\JwZVkhz.exe
  C:\Windows\System\JwZVkhz.exe
  2⤵
  PID:9988
- C:\Windows\System\yCwhWod.exe
  C:\Windows\System\yCwhWod.exe
  2⤵
  PID:10012
- C:\Windows\System\QAFhhhv.exe
  C:\Windows\System\QAFhhhv.exe
  2⤵
  PID:10044
- C:\Windows\System\gYvoQLl.exe
  C:\Windows\System\gYvoQLl.exe
  2⤵
  PID:10036
- C:\Windows\System\GcfkpAs.exe
  C:\Windows\System\GcfkpAs.exe
  2⤵
  PID:10092
- C:\Windows\System\jZRKcnq.exe
  C:\Windows\System\jZRKcnq.exe
  2⤵
  PID:10124
- C:\Windows\System\MqMAmex.exe
  C:\Windows\System\MqMAmex.exe
  2⤵
  PID:10192
- C:\Windows\System\BFjxdPs.exe
  C:\Windows\System\BFjxdPs.exe
  2⤵
  PID:9224
- C:\Windows\System\LdABrhe.exe
  C:\Windows\System\LdABrhe.exe
  2⤵
  PID:10080
- C:\Windows\System\eYArvYL.exe
  C:\Windows\System\eYArvYL.exe
  2⤵
  PID:10208
- C:\Windows\System\hTZjDQD.exe
  C:\Windows\System\hTZjDQD.exe
  2⤵
  PID:9288
- C:\Windows\System\YUaLOTY.exe
  C:\Windows\System\YUaLOTY.exe
  2⤵
  PID:9304
- C:\Windows\System\UlsvJwj.exe
  C:\Windows\System\UlsvJwj.exe
  2⤵
  PID:9124
- C:\Windows\System\dgyfSdJ.exe
  C:\Windows\System\dgyfSdJ.exe
  2⤵
  PID:9532
- C:\Windows\System\OozmFtZ.exe
  C:\Windows\System\OozmFtZ.exe
  2⤵
  PID:9548
- C:\Windows\System\XUJYTTs.exe
  C:\Windows\System\XUJYTTs.exe
  2⤵
  PID:9616
- C:\Windows\System\dorSgOt.exe
  C:\Windows\System\dorSgOt.exe
  2⤵
  PID:9728
- C:\Windows\System\uOOtAuE.exe
  C:\Windows\System\uOOtAuE.exe
  2⤵
  PID:9760
- C:\Windows\System\pGQMKYy.exe
  C:\Windows\System\pGQMKYy.exe
  2⤵
  PID:9844
- C:\Windows\System\TdMlEzD.exe
  C:\Windows\System\TdMlEzD.exe
  2⤵
  PID:9912
- C:\Windows\System\dnjnVHl.exe
  C:\Windows\System\dnjnVHl.exe
  2⤵
  PID:9512
- C:\Windows\System\HEqtfIX.exe
  C:\Windows\System\HEqtfIX.exe
  2⤵
  PID:9460
- C:\Windows\System\TMnTRZL.exe
  C:\Windows\System\TMnTRZL.exe
  2⤵
  PID:8784
- C:\Windows\System\fRLxltY.exe
  C:\Windows\System\fRLxltY.exe
  2⤵
  PID:9428
- C:\Windows\System\lCRvKPC.exe
  C:\Windows\System\lCRvKPC.exe
  2⤵
  PID:8296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AIDXdXL.exe

Filesize
6.0MB

MD5
b81452ebe24eec222c32de305c125de6

SHA1
278e32695d5e961820b03b4363b751c98fecaa6f

SHA256
f4418a841ea93df7ffa3857a97e1dc383cb435a20acc6f4b4c03cbd25004add6

SHA512
0f35f4c83c2171e8842407cf7b132a929a700f9eb9bf5bf369b4a1c3accee4bb25037e57635e527eb21fffd0e6d2abf1f77363e5955260daca60b0f01ee907b6

Download Submit
C:\Windows\system\BTMGDNP.exe

Filesize
6.0MB

MD5
282c03653dafb97d7e8ac223b0cc43e5

SHA1
9c11e8874151e812cb1ece6a8f98bec69b9fddf5

SHA256
0144c76bdbdee5b67668aae31601a51296c83eabb9e9de4baf493f6f5aa553f6

SHA512
2268e77fcf336a4d2a1598bdad298c476fee937e52c641e3a4b0416058bbe0e8ec9ab405568ec001cc0ba6fae1d6f3bdd66ccb56f42d7926878760decb930fbe

Download Submit
C:\Windows\system\CHIKcdT.exe

Filesize
6.0MB

MD5
1278f98f5e91039b41c68e491feb2b10

SHA1
6f1614261a2fa9e0881112513d4c47697d7286d3

SHA256
ab7f01fb0217160ba6794f765a156dc20f3ede96ace9dc601b35a6f5a6f4d987

SHA512
94077f748f6a239106889eef4ddacbaed3e97876561a05ceac6e853ebc4957dc0ff47b28c2dea62cb18801b03d09b5c53fc40f1845abfaeacbce116096dc0edc

Download Submit
C:\Windows\system\DKheZjl.exe

Filesize
6.0MB

MD5
eeeb14f4d8ae0119da66d86454d84330

SHA1
6687d0ac4e7a57958d605d1d15ecdf383e28185f

SHA256
80b11a0a5e9f5ccb596752e7cdc20c46133c53f3d1c480762f1b369a6cbdbe12

SHA512
d35f74fae0576af5f47dcb94376767305336e067f8a1824e8c2473884d66926f7ca9228721cc12e591a1ac0ab3aef4036acd18cde89c176796fc2d7c3acfa123

Download Submit
C:\Windows\system\FCOCZlD.exe

Filesize
6.0MB

MD5
1d5100a563fe48251c818ac1caa7b5e4

SHA1
2274ecc6186623c517444eafbd3497a9ec606abc

SHA256
2a7e99acf0065141bf2435b5dde3600e2a8a17f8491149613e3ec73244829243

SHA512
13135d1e46d3c79a7e14d51e0ebd800b3f14abae7d2cef28aa3aed79a28514d697fa84bbb3945cedd63d54847225a67b837dbb4ce7a5a88243f887ec0a3a2186

Download Submit
C:\Windows\system\INjWKjp.exe

Filesize
6.0MB

MD5
201035c4167da8c1b5064b38000f44d1

SHA1
99fc4365e53a0a168324050e96607e9674d5ed09

SHA256
f2f56c43d6c239f2a001eed195631fc6ec320c3e331831aaa8b0189daee27ad9

SHA512
c1500328f324a5eeb59b5bd8e7460c00117400efe8284cf61b92c9ac76dedd606d262898463c091babdaaab042ad5100add0ec60e86c591032703081f0fc6ca2

Download Submit
C:\Windows\system\KmJraMb.exe

Filesize
6.0MB

MD5
5e9184024b29d71fb29619db885e7deb

SHA1
7b9a1f2113c1a429e339168aa52e951a740d4545

SHA256
ccdade293256f9e1e332a72ba96e2cfb389fac2824c81d598c84b38fbc014fea

SHA512
9ddcf0b092031a84f1b5ad0189d5dbabc34498eb695fc6760a5ed0ec3be820b1613c940ef0c910920bf12df386a37237ed0fb68600ceec75849b6f89cac3512c

Download Submit
C:\Windows\system\KtpRsPt.exe

Filesize
6.0MB

MD5
2c9905e9c0c986faebbf142dc74cfe96

SHA1
5b2f0953b7dbd2b23b2b801ede85eb305c4f0cf6

SHA256
b2e4e59e4ceaeb6b53e2efe7933f0a657787fa3d5723095813c2128fa81764c7

SHA512
765404ec086bf1d4ef467842b78a5c2a5d5a4b0e2b91cd226027379fef29a22045f81f4f3407c13b456283de1982550f8567314852327e711a2f3ab42ed73582

Download Submit
C:\Windows\system\LSneAGM.exe

Filesize
6.0MB

MD5
a66fba0a57de659fbe6b389fda91ff45

SHA1
96eeadaaecefc2168a990dbbed6b88d37e8f9b23

SHA256
0aa23057ef35c35f1263fdd62f4de3d47fdcbc0ba2a4f0dc30697c9bb0b6eb63

SHA512
5e6dcd1255a0611d2641e2af1329b06ce5ceb8fafce70c39912ba703c98a552e15fd0c85be4ea01166fa97fdb29214d822866dfd6fc780058f4813875439780c

Download Submit
C:\Windows\system\MTFQWqW.exe

Filesize
6.0MB

MD5
502bc8749a05da57ab6c48d7b8bb2679

SHA1
5f116144265f35cfbd0b8ffb59dc11dccfa59ecc

SHA256
f17e7c2ebdbd6aebcf9ed592bcbd8ba9a5affe2916a414c93f966418df19bceb

SHA512
66cee30097de8d7f3e6c9e2945ab9093dd477bcfafb5f6e161325fc00e478240844c6bbc689e2133e511e32db2d4720260716075c5d8d5c329b90fab620bad9b

Download Submit
C:\Windows\system\MvSDRaN.exe

Filesize
6.0MB

MD5
741274752b1212994f24faa435b11c08

SHA1
1ba417692c8466b95e7f763aeacc5b8f030af907

SHA256
ae5bece069d4345f633ce8ca507754543d011457075ffed61ec6a75bfd55391f

SHA512
91b2e2450211e702f51eec93b565750fea923bbd13ed8e8fc9755c67a2f29248c610c5ba918e709172750c1f0e41176333701ebd8eefa35b7d0f39f22df6be7e

Download Submit
C:\Windows\system\OmJtfKy.exe

Filesize
6.0MB

MD5
f83447ab0d1b3069034d2037e58b0cd4

SHA1
404313f4eeaa8dbcad827a8a859774b0b88596ef

SHA256
09a3d4b27017651cf3a601e634ade749f99687316efc7c872ec8ec86e2813714

SHA512
3b6a5f42ed22d52b539783554d55b3beacef5420832ddf5dd0ca322892c9c60dbd98ec6ec71315a157fd2644d4b7399b3b886da832dad7279f1528350c4c5f36

Download Submit
C:\Windows\system\OyyTbBB.exe

Filesize
6.0MB

MD5
a643cb0dd2a8f9195b7b21cce0f8a00c

SHA1
9ddb3272074a51667b1132ca9f3ab6966cc9a667

SHA256
fdcdb91e1e143acaf3e1602e985950c1adf50b871f8d9f95d008b3e4e33aadfb

SHA512
ebb0dea169629c3dfa2ef5f9a5a4473be81a69449a3546c2d4c5818b21f40ef07b2aa594c374a3305f121d568cba747c6a20044f01f577997052a8bf7614f845

Download Submit
C:\Windows\system\TwPwyVh.exe

Filesize
6.0MB

MD5
759cb37d5b0682a979c5aec71665442b

SHA1
53c5785b24c2454253bfaae04cb102fb346dd604

SHA256
b49e729ed54e15fcabc2374cec4dbc7a9efc789607e48733ac77ec24cabe8fe1

SHA512
714cca07eabe9d76d259075d1213178c1c3c9c02b6f5bb460d72117267fdd79cef2edd364e74be29e1e5df62836fbe8686276a78d61d1f232035e16274e870af

Download Submit
C:\Windows\system\WwRRhlR.exe

Filesize
6.0MB

MD5
172bc0a211967d3238da4150a98711d3

SHA1
f4d10cf6f3dba1250bf885e86e749f37bf09164b

SHA256
0395e9ccb6465e8fc2d009f3bb64508c6d63715ccd432685b7f05f3a02c59c54

SHA512
267e8314bf7093cbc9a83125774bfd8c37392e3f0744766525cbb1efc780fe8ee959de3ffd0dcd06d3a3cb6c96e3a68370e2ac90b6b151dc2f8023d72286c92e

Download Submit
C:\Windows\system\aIoSPth.exe

Filesize
6.0MB

MD5
28143a144a767ae949681ba7b4aaa9a9

SHA1
b8f6cdf36931179bedf59f935be0081e4ae17433

SHA256
03d7a507b6c8984b3c8dfc400419a24189b2726226072ad99f75a609136503c4

SHA512
d68bae1763954f3356e047a4a4f5fb1ec67526fba9b586750dcb009e073ae53a70be547aaec21ca2dac805acca5abf9c4c8ac3e882df8ce10ffccc2474db49c9

Download Submit
C:\Windows\system\cnKDfXg.exe

Filesize
6.0MB

MD5
649006ffdc1cf0e07adf7366afc78563

SHA1
6ca6bf210da082d43ce62846ec1618c0523aa7a1

SHA256
168d7549a2551623267485455509e63bf07007b899c0fe561dc489122c6463bf

SHA512
9ed26b7cd2421ac689b5f1e6157315b48cc1809e8b83550bcd5f3d0cae64de9ef925f9253945fd6cfcac7f187e446262886fcf69fa10f17c25fa7673e087df52

Download Submit
C:\Windows\system\dETwJSE.exe

Filesize
6.0MB

MD5
028784a5355851aa42d58427adffd9d0

SHA1
8504967a4524add3ae218bdf460554c05a064144

SHA256
07d34bbb076a03172cacd39b0140e036ca6b47f0570e696103784e34a746efd0

SHA512
444eee48639b20d22b40653cef0b7d29d80c2488ef0e9f13830a5eac23cc9d2054410d743c2cdccd2d016bcd710583021bbc396b26353d253403778c0eda7e6c

Download Submit
C:\Windows\system\dTZdcUs.exe

Filesize
6.0MB

MD5
a20152ce5a000ba81245220650dd9b05

SHA1
59326b345927b086042173bdae73f36212d4c23d

SHA256
ad4d7723cb4fb23f7524de8a01c2da80f4dd1d061d166ad8476ddb0d0cfe0cec

SHA512
e78fa543f7dcd05109a2c5637eed973dccaf6530a42d93be5c6a5edaaf3fb196800df41cbdaa7c2fa25b2e621b916838e5b4334a9d47b65791caa943966f0871

Download Submit
C:\Windows\system\fFWZKMq.exe

Filesize
6.0MB

MD5
09aec2f811b12c85ed6840c70e6605c9

SHA1
7a6627325472d55b33436b8f1c906f2153a6c12b

SHA256
d759af18c14acb9cfb6edcd9d96279e8c76a50dab873ac740632d0eec8a6d3ef

SHA512
7d256d578b79d621d5a894248019bfb3b8daf666a903975dc8b9d98d87fcb2cb5eac1a7c1dcce43390ce39111e212146b3fb84bf0be59855e2d56c6c1db954ba

Download Submit
C:\Windows\system\fsAFAes.exe

Filesize
6.0MB

MD5
ecb018acd6b5e810c29edf1d6263ae7e

SHA1
f06ce9040dc184770dc1ac45ae3d4c31fb6af970

SHA256
f322a4b76bb193303579a6e90a4ca94effd0c5b7a1b73fe17e7b41751ffc8b34

SHA512
a5901edaaf45fdcdd45853dc93504f4aff5f8396e0033ceefc018ea6cc09ca9fc8df6c57b83765ea5297d875be361ceb58dd5079baf281d038c08e72536500ec

Download Submit
C:\Windows\system\hVzbund.exe

Filesize
6.0MB

MD5
c1acea63c1803a2916fa10d57f884516

SHA1
6bef8d1def9ee09c98a7cf9a9e9a0095e92d49d6

SHA256
6542157f85b2785daf91c61f4ce1e19187f40977ca423c5484215f9de990b4c4

SHA512
ed8f5f12f09d2cef22251ea462af6e089c60a0767285433e359caaf729ebf8c1cd62f8923a01f3d9270c275c7b331c5025f17b7a1c5ae67a1c71031b8509e4ea

Download Submit
C:\Windows\system\kAsCqYm.exe

Filesize
6.0MB

MD5
86187903c0c53055b7d5259c226001e0

SHA1
b648e5ae6192d70d06b6d1024d5656daf0311a96

SHA256
45cfaa436dd0ff7eb91e7e15f753b47e4f670ba7cb999c8f52307d11d54086cc

SHA512
26cbed513f06574c1014f5909c4d39e3d00cfe95d1a99c5e2c19aad30aa05a686988594e7a542c4f5928a4c410169952ad47b827400c88a0e6bea49ff8b4a33b

Download Submit
C:\Windows\system\ktSvVgl.exe

Filesize
6.0MB

MD5
b81c6438c98901fc91d316e4bfc2436a

SHA1
783026a86768bcd97bfb1f7b4fb9233b8684614d

SHA256
02693e36ff329a6a73d70e3b28e14e889a9c1fd2f1cb6bc571404d8f3193d4b5

SHA512
b4c9fb67f4212818b2ebd09fa46c54b51c5173359a0cb2c7277d5cca4f4608f1e87f7a32f6d19233e9e96f6e300beaf5f83466672bfe72d33b5901941106f152

Download Submit
C:\Windows\system\lEskQIf.exe

Filesize
6.0MB

MD5
534dda71989b6e6b620c3c5e5796a5ac

SHA1
5e6a7b9842431ec3bbd062458e53ad1ffa499c69

SHA256
4f90d73d978063b4b7e96a7f4eb221a7c3c7fa294514163321286d10b6de31a0

SHA512
d5fdfe114609e7229dd02ad548f728bca8c23505bf89cc6eae999fcdf1df5c693c25ce882a4a0cc819b9958de2dda32b6c59d35e0cce6ced70f8532638320326

Download Submit
C:\Windows\system\mZTDPvw.exe

Filesize
6.0MB

MD5
5a4821e372e264a6210eb478fd7e0bfe

SHA1
0759b6c5b8aa7e0b571bbb2571902dc0b998c5d5

SHA256
bbf4dcc2a3b5c4c57487bebf7534b748e9ffd8472a054b8f6dd216bcbb579b6d

SHA512
d469d355860426639150fa2ef2856bd7c3bddc1ee49395386d0bc43f76bff4301bd0f689cead3fae33efb3ddd48e46ce9570ad1cf1c55600ad9f6cd15f2cb8a9

Download Submit
C:\Windows\system\oYnXbVU.exe

Filesize
6.0MB

MD5
37b16cffd6f21306913ab4d6a5b3e9ff

SHA1
0e608b843eb9c177dd383f04ea88d2d6f4af490c

SHA256
afedd3d9fd2949a4e3d3834374886c29c54638ce673676fb1e3e69988bf19eb5

SHA512
b2060fd9f5cd11f530868c378c0a536a023e0c3bbfc25d791d732e7fe7cab0115b9bfe9042c3e29c28bd7f09ad1dd9894388394bed8bdc68969cb12520c899fd

Download Submit
C:\Windows\system\okjZzHa.exe

Filesize
6.0MB

MD5
c996189297f0221262b271bd01af3654

SHA1
ca7284174ee60a3b43226b6d617c58e38099b648

SHA256
7bcab648dd6b2190a8911684e43ec17714b4a756c3689a3509e87e398b5c537a

SHA512
725ac93c72b3d7164e1c31517b76c7e78865bd5ca6f54b729e222ecc7ce39a8ae19b8f49628c70ea41dfc2a872263b6f9a0adf6a8f606fb30317b0e540665053

Download Submit
C:\Windows\system\owuJeoO.exe

Filesize
6.0MB

MD5
bcf915691f15103e3f16568ee4fc5170

SHA1
d9544b821c2eb090419b9ed351c3a5d5b137c35a

SHA256
6d4df061d99ac62eb31b52194c58a3de1bd836da8c8296d0b97051b46eba28b9

SHA512
c378ea0cb83155f58b84c098d3fa7efddea9d2ced54a8950dda19b9a89c7157bd9ad9160049056ed682d9d6206f75b125c665e21bcfca01ae2f46d36e97ce581

Download Submit
\Windows\system\hneNTPU.exe

Filesize
6.0MB

MD5
26d9f544ae00d6795d6cbd9f11fe49c9

SHA1
f25e8fbc0cbf489132f2ef913887e8e306c2cfb8

SHA256
262a766fedbb4ccd58cbd595db26e1fbd5f5bcee02bdd54e429edf788a113607

SHA512
f7906763f9340e492bd4495d640ae9e333c8b1320797f3f18fb1a9242065b0dda5b9910bf0c961f94039b7f741092ecd170e71d68733c48f2e827f9628180fa0

Download Submit
\Windows\system\zCuqbrL.exe

Filesize
6.0MB

MD5
79605af20d0c1ae1689771d7f086b847

SHA1
fb87ed55d79969a924a2f847416c509c6a8ace89

SHA256
b997b4b9f2b35c2fecc182eae53bc9c404b55651f8c7f0adc80e5b4b77abc06c

SHA512
b0178977aab6301f16303883c80e4054e3e37c2eae693ccb149397fa4d9abe0e4966355b7188f8ee059d119e4a84007171a7e8e2f1428a54c2d76bbec3d6280e

Download Submit
\Windows\system\zqwIGWh.exe

Filesize
6.0MB

MD5
6212e559d2688b8c7cce148bbe226e17

SHA1
8a50c2ebbac91aa277cf2f3efa85757c05c6bae6

SHA256
cb65e0deff4e6c036b45f860716aee2ec681e124a33dc199d2d53ff1cfc67aba

SHA512
e8af98d113520e15a952c06c7f516982c691b799231d97234899e340c030261a5c1c6f7b903be02416908c6d63cf1ed97e7f12189bedf3ed7f3f3841cf112c86

Download Submit
memory/1436-3850-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/1436-93-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/1444-65-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/1444-3114-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/1444-100-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1444-57-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/1444-92-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/1444-485-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1444-94-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/1444-85-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/1444-79-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1444-30-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/1444-31-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/1444-73-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1444-18-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1444-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1444-95-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1444-0-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1444-64-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1444-36-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/1444-87-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/1444-47-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/1820-3867-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1820-74-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2184-3818-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-20-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-28-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2308-86-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2308-3851-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2564-61-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3852-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-80-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-66-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2628-3782-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3788-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-35-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-40-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3816-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3866-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-41-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-48-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3783-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2828-26-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3787-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/3064-68-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/3064-3894-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download