cobaltstrike | e884d8a4840846396d52fdc4762bd188857c5d205f93e015601372784ae55f0c

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 14:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

3df16d8c969908ab6995f8141eac39ab
SHA1

955551a69484f06621511af216f19904aa540681
SHA256

e884d8a4840846396d52fdc4762bd188857c5d205f93e015601372784ae55f0c
SHA512

610cc5a40eec45e51f0b17169836eb35d9ee2a7693048a7a40f2b5092bb141c1bc8826dc87706a84251f0c5142ec86a82bc2432872b7bf557586f578993e4cb4
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUm:eOl56utgpPF8u/7m

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d68-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d6d-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d42-21.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d89-33.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000171a8-38.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173a7-41.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017488-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019023-59.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-64.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-74.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-89.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-94.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019582-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950c-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-79.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2380-0-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x0008000000016d68-11.dat	xmrig
behavioral1/memory/3068-14-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2960-10-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d6d-16.dat	xmrig
behavioral1/memory/2892-20-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d42-21.dat	xmrig
behavioral1/memory/1740-27-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2380-23-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2812-34-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d89-33.dat	xmrig
behavioral1/memory/2380-36-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2960-37-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x00070000000171a8-38.dat	xmrig
behavioral1/files/0x00070000000173a7-41.dat	xmrig
behavioral1/memory/2892-51-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2864-50-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2732-49-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/files/0x0009000000017488-52.dat	xmrig
behavioral1/files/0x0007000000019023-59.dat	xmrig
behavioral1/files/0x000500000001925e-64.dat	xmrig
behavioral1/files/0x0005000000019261-69.dat	xmrig
behavioral1/files/0x0005000000019282-74.dat	xmrig
behavioral1/files/0x00050000000193b4-89.dat	xmrig
behavioral1/files/0x00050000000193c2-94.dat	xmrig
behavioral1/files/0x00050000000193e1-99.dat	xmrig
behavioral1/files/0x0005000000019431-114.dat	xmrig
behavioral1/files/0x000500000001944f-122.dat	xmrig
behavioral1/files/0x0005000000019461-127.dat	xmrig
behavioral1/files/0x000500000001960b-154.dat	xmrig
behavioral1/files/0x000500000001960f-163.dat	xmrig
behavioral1/files/0x0005000000019611-170.dat	xmrig
behavioral1/files/0x000500000001960d-160.dat	xmrig
behavioral1/files/0x0005000000019613-173.dat	xmrig
behavioral1/files/0x0005000000019609-150.dat	xmrig
behavioral1/files/0x00050000000195c5-144.dat	xmrig
behavioral1/files/0x0005000000019582-139.dat	xmrig
behavioral1/files/0x000500000001950c-134.dat	xmrig
behavioral1/files/0x0005000000019441-119.dat	xmrig
behavioral1/files/0x0005000000019427-109.dat	xmrig
behavioral1/files/0x000500000001941e-104.dat	xmrig
behavioral1/files/0x0005000000019350-84.dat	xmrig
behavioral1/files/0x0005000000019334-79.dat	xmrig
behavioral1/memory/2772-1404-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2664-1437-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2636-1456-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2380-1462-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2728-1459-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/592-1467-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2380-1469-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/1436-1474-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2380-1483-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2916-1481-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2812-1580-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2380-2449-0x00000000024B0000-0x0000000002804000-memory.dmp	xmrig
behavioral1/memory/2380-2540-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/3068-3053-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2960-3052-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/1740-3088-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2892-3091-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2812-3108-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2732-3375-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2864-3386-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2960	NyNqjEH.exe
3068	jWYuewR.exe
2892	wnFsVTZ.exe
1740	KJApOWk.exe
2812	HLgpXQV.exe
2732	XGqATsF.exe
2864	vaVZkZR.exe
2916	IElQvCq.exe
2772	qPuZimo.exe
2664	LTKaZda.exe
2636	kMqrKih.exe
2728	ANEIOOc.exe
592	rwSRdWY.exe
1436	OUeyyGk.exe
1116	hNqeYeZ.exe
764	srCmnsw.exe
840	NTOrACA.exe
1688	YeaSorQ.exe
1800	ZWrofXr.exe
1812	TKcOBnn.exe
2392	mIjGdlj.exe
2004	xIhLdfH.exe
1276	ZivWYcO.exe
1332	nGHhfSt.exe
1932	pgkbpjM.exe
2844	fSMTEmk.exe
1744	VGaKnmu.exe
2708	lmxGkSd.exe
2500	vodFCbx.exe
2308	KktNUuu.exe
1508	KSffhwA.exe
1132	fxleOoh.exe
2920	HGhLyBO.exe
612	rKhoqGC.exe
1240	XsHilRD.exe
1280	fxmeofP.exe
2316	lyxQkLP.exe
2016	ojRUPbL.exe
1752	tsQWnUO.exe
916	jDaePsi.exe
1824	zHzFQMp.exe
2288	kQBrbmk.exe
784	vvTADoG.exe
2448	ZrEiPQr.exe
1156	lqTUQzF.exe
2132	BfugzFV.exe
2064	MuLAxDF.exe
2796	UIvgdCj.exe
2360	vVqszFF.exe
2440	xEBMNGR.exe
1860	KCBxxDD.exe
804	StfvISu.exe
1748	SvIdMJb.exe
1652	ywvDtoz.exe
2424	RHswHVI.exe
1556	njqhvtF.exe
1704	riZVYRk.exe
3020	IwJnfKT.exe
2084	UteGWzs.exe
2468	DYtSdgj.exe
2756	FwddJJS.exe
3064	DWwAYrM.exe
2824	ZevRbQi.exe
2828	UTjcSvv.exe

Loads dropped DLL 64 IoCs

pid	Process
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2380-0-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x0008000000016d68-11.dat	upx
behavioral1/memory/3068-14-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2960-10-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x0008000000016d6d-16.dat	upx
behavioral1/memory/2892-20-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x0008000000016d42-21.dat	upx
behavioral1/memory/1740-27-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2812-34-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x0008000000016d89-33.dat	upx
behavioral1/memory/2380-36-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2960-37-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x00070000000171a8-38.dat	upx
behavioral1/files/0x00070000000173a7-41.dat	upx
behavioral1/memory/2892-51-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2864-50-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2732-49-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/files/0x0009000000017488-52.dat	upx
behavioral1/files/0x0007000000019023-59.dat	upx
behavioral1/files/0x000500000001925e-64.dat	upx
behavioral1/files/0x0005000000019261-69.dat	upx
behavioral1/files/0x0005000000019282-74.dat	upx
behavioral1/files/0x00050000000193b4-89.dat	upx
behavioral1/files/0x00050000000193c2-94.dat	upx
behavioral1/files/0x00050000000193e1-99.dat	upx
behavioral1/files/0x0005000000019431-114.dat	upx
behavioral1/files/0x000500000001944f-122.dat	upx
behavioral1/files/0x0005000000019461-127.dat	upx
behavioral1/files/0x000500000001960b-154.dat	upx
behavioral1/files/0x000500000001960f-163.dat	upx
behavioral1/files/0x0005000000019611-170.dat	upx
behavioral1/files/0x000500000001960d-160.dat	upx
behavioral1/files/0x0005000000019613-173.dat	upx
behavioral1/files/0x0005000000019609-150.dat	upx
behavioral1/files/0x00050000000195c5-144.dat	upx
behavioral1/files/0x0005000000019582-139.dat	upx
behavioral1/files/0x000500000001950c-134.dat	upx
behavioral1/files/0x0005000000019441-119.dat	upx
behavioral1/files/0x0005000000019427-109.dat	upx
behavioral1/files/0x000500000001941e-104.dat	upx
behavioral1/files/0x0005000000019350-84.dat	upx
behavioral1/files/0x0005000000019334-79.dat	upx
behavioral1/memory/2772-1404-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2664-1437-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2636-1456-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2728-1459-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/592-1467-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/1436-1474-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2916-1481-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2812-1580-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/3068-3053-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2960-3052-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/1740-3088-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2892-3091-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2812-3108-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2732-3375-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2864-3386-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2916-3409-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2772-3413-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2664-3423-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2636-3425-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2728-3431-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/592-3437-0x000000013FD00000-0x0000000140054000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IVWuBtI.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vmxGipS.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngHikKF.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wqblDLF.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fOpUjrW.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\feFyRBS.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\chDTvgs.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aValkfw.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fEFjvix.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JrvFEhj.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tUEkYKx.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\exLJJoy.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BUoXYQy.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ULQvmnC.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GPsKDcA.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SZfxZGA.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omCleyw.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DWufchb.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gQIRCkL.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\URkqXmS.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OhArViQ.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSNerxm.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NjahUbF.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGWGbnD.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VZGUmGz.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DHqahXh.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DGTFRYS.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ROaGCLH.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oVzpowz.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LAHHYvn.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWpjyxk.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVpXOUb.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CocdAbW.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPgjAaY.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dIjuWjI.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fmwiZmi.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DESCzMh.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UkeriGW.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCZWzvq.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tPqAswl.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YRrVXcB.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NVpWiNJ.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXsrSpf.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cyapxPe.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OUpHawj.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vvLfZWn.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lLqBjUc.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yqcVoXe.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QOlChPe.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LFFbbTA.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cOomGNS.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nydvTWN.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHYaeGX.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DdmBlfI.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TlBUiVA.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZNFnWzb.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gqHEJyG.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iQaUDJk.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSyDdTD.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjvEFPr.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mbrwgTc.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zMxKIiO.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WcRefnB.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kFlbjXR.exe	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2960	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 2960	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 2960	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 3068	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 3068	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 3068	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 2892	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 2892	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 2892	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 1740	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 1740	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 1740	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 2812	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2812	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2812	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2732	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 2732	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 2732	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 2864	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 2864	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 2864	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 2916	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 2916	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 2916	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 2772	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 2772	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 2772	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 2664	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 2664	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 2664	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 2636	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 2636	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 2636	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 2728	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 2728	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 2728	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 592	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 592	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 592	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 1436	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 1436	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 1436	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 1116	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 1116	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 1116	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 764	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 764	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 764	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 840	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 840	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 840	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 1688	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 1688	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 1688	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 1800	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 1800	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 1800	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 1812	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 1812	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 1812	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 2392	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2380 wrote to memory of 2392	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2380 wrote to memory of 2392	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2380 wrote to memory of 2004	2380	2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-09_3df16d8c969908ab6995f8141eac39ab_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\System\NyNqjEH.exe
  C:\Windows\System\NyNqjEH.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\jWYuewR.exe
  C:\Windows\System\jWYuewR.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\wnFsVTZ.exe
  C:\Windows\System\wnFsVTZ.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\KJApOWk.exe
  C:\Windows\System\KJApOWk.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\HLgpXQV.exe
  C:\Windows\System\HLgpXQV.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\XGqATsF.exe
  C:\Windows\System\XGqATsF.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\vaVZkZR.exe
  C:\Windows\System\vaVZkZR.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\IElQvCq.exe
  C:\Windows\System\IElQvCq.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\qPuZimo.exe
  C:\Windows\System\qPuZimo.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\LTKaZda.exe
  C:\Windows\System\LTKaZda.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\kMqrKih.exe
  C:\Windows\System\kMqrKih.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\ANEIOOc.exe
  C:\Windows\System\ANEIOOc.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\rwSRdWY.exe
  C:\Windows\System\rwSRdWY.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\OUeyyGk.exe
  C:\Windows\System\OUeyyGk.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\hNqeYeZ.exe
  C:\Windows\System\hNqeYeZ.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\srCmnsw.exe
  C:\Windows\System\srCmnsw.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\NTOrACA.exe
  C:\Windows\System\NTOrACA.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\YeaSorQ.exe
  C:\Windows\System\YeaSorQ.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\ZWrofXr.exe
  C:\Windows\System\ZWrofXr.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\TKcOBnn.exe
  C:\Windows\System\TKcOBnn.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\mIjGdlj.exe
  C:\Windows\System\mIjGdlj.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\xIhLdfH.exe
  C:\Windows\System\xIhLdfH.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\ZivWYcO.exe
  C:\Windows\System\ZivWYcO.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\nGHhfSt.exe
  C:\Windows\System\nGHhfSt.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\pgkbpjM.exe
  C:\Windows\System\pgkbpjM.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\fSMTEmk.exe
  C:\Windows\System\fSMTEmk.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\VGaKnmu.exe
  C:\Windows\System\VGaKnmu.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\lmxGkSd.exe
  C:\Windows\System\lmxGkSd.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\vodFCbx.exe
  C:\Windows\System\vodFCbx.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\KktNUuu.exe
  C:\Windows\System\KktNUuu.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\KSffhwA.exe
  C:\Windows\System\KSffhwA.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\fxleOoh.exe
  C:\Windows\System\fxleOoh.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\HGhLyBO.exe
  C:\Windows\System\HGhLyBO.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\rKhoqGC.exe
  C:\Windows\System\rKhoqGC.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\XsHilRD.exe
  C:\Windows\System\XsHilRD.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\fxmeofP.exe
  C:\Windows\System\fxmeofP.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\lyxQkLP.exe
  C:\Windows\System\lyxQkLP.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\ojRUPbL.exe
  C:\Windows\System\ojRUPbL.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\tsQWnUO.exe
  C:\Windows\System\tsQWnUO.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\jDaePsi.exe
  C:\Windows\System\jDaePsi.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\zHzFQMp.exe
  C:\Windows\System\zHzFQMp.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\kQBrbmk.exe
  C:\Windows\System\kQBrbmk.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\vvTADoG.exe
  C:\Windows\System\vvTADoG.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\ZrEiPQr.exe
  C:\Windows\System\ZrEiPQr.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\lqTUQzF.exe
  C:\Windows\System\lqTUQzF.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\BfugzFV.exe
  C:\Windows\System\BfugzFV.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\MuLAxDF.exe
  C:\Windows\System\MuLAxDF.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\UIvgdCj.exe
  C:\Windows\System\UIvgdCj.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\vVqszFF.exe
  C:\Windows\System\vVqszFF.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\xEBMNGR.exe
  C:\Windows\System\xEBMNGR.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\KCBxxDD.exe
  C:\Windows\System\KCBxxDD.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\StfvISu.exe
  C:\Windows\System\StfvISu.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\SvIdMJb.exe
  C:\Windows\System\SvIdMJb.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\ywvDtoz.exe
  C:\Windows\System\ywvDtoz.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\RHswHVI.exe
  C:\Windows\System\RHswHVI.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\njqhvtF.exe
  C:\Windows\System\njqhvtF.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\riZVYRk.exe
  C:\Windows\System\riZVYRk.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\IwJnfKT.exe
  C:\Windows\System\IwJnfKT.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\UteGWzs.exe
  C:\Windows\System\UteGWzs.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\DYtSdgj.exe
  C:\Windows\System\DYtSdgj.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\FwddJJS.exe
  C:\Windows\System\FwddJJS.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\DWwAYrM.exe
  C:\Windows\System\DWwAYrM.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\ZevRbQi.exe
  C:\Windows\System\ZevRbQi.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\UTjcSvv.exe
  C:\Windows\System\UTjcSvv.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\ywnFaPj.exe
  C:\Windows\System\ywnFaPj.exe
  2⤵
  PID:2860
- C:\Windows\System\KcrkBUt.exe
  C:\Windows\System\KcrkBUt.exe
  2⤵
  PID:2868
- C:\Windows\System\QGOLIjz.exe
  C:\Windows\System\QGOLIjz.exe
  2⤵
  PID:2968
- C:\Windows\System\ObwrLsA.exe
  C:\Windows\System\ObwrLsA.exe
  2⤵
  PID:2624
- C:\Windows\System\UzTBKNi.exe
  C:\Windows\System\UzTBKNi.exe
  2⤵
  PID:3040
- C:\Windows\System\cjYxJSa.exe
  C:\Windows\System\cjYxJSa.exe
  2⤵
  PID:1484
- C:\Windows\System\XECupWL.exe
  C:\Windows\System\XECupWL.exe
  2⤵
  PID:1988
- C:\Windows\System\icTqzWC.exe
  C:\Windows\System\icTqzWC.exe
  2⤵
  PID:1256
- C:\Windows\System\rzaeSws.exe
  C:\Windows\System\rzaeSws.exe
  2⤵
  PID:2368
- C:\Windows\System\DYakVTA.exe
  C:\Windows\System\DYakVTA.exe
  2⤵
  PID:548
- C:\Windows\System\zNhWnzT.exe
  C:\Windows\System\zNhWnzT.exe
  2⤵
  PID:2384
- C:\Windows\System\faoUFCa.exe
  C:\Windows\System\faoUFCa.exe
  2⤵
  PID:1796
- C:\Windows\System\RhefFfc.exe
  C:\Windows\System\RhefFfc.exe
  2⤵
  PID:2592
- C:\Windows\System\GsIJPOE.exe
  C:\Windows\System\GsIJPOE.exe
  2⤵
  PID:3060
- C:\Windows\System\vAbMXoR.exe
  C:\Windows\System\vAbMXoR.exe
  2⤵
  PID:2936
- C:\Windows\System\rvTdOMt.exe
  C:\Windows\System\rvTdOMt.exe
  2⤵
  PID:2152
- C:\Windows\System\ZvOXenf.exe
  C:\Windows\System\ZvOXenf.exe
  2⤵
  PID:2276
- C:\Windows\System\fGTMKvz.exe
  C:\Windows\System\fGTMKvz.exe
  2⤵
  PID:2232
- C:\Windows\System\LcOWkJX.exe
  C:\Windows\System\LcOWkJX.exe
  2⤵
  PID:2028
- C:\Windows\System\NhVrrUU.exe
  C:\Windows\System\NhVrrUU.exe
  2⤵
  PID:1592
- C:\Windows\System\qoLNvtj.exe
  C:\Windows\System\qoLNvtj.exe
  2⤵
  PID:1168
- C:\Windows\System\IMVqSgf.exe
  C:\Windows\System\IMVqSgf.exe
  2⤵
  PID:2988
- C:\Windows\System\REnzxMg.exe
  C:\Windows\System\REnzxMg.exe
  2⤵
  PID:1632
- C:\Windows\System\NcPvCrQ.exe
  C:\Windows\System\NcPvCrQ.exe
  2⤵
  PID:1172
- C:\Windows\System\SFLyJUQ.exe
  C:\Windows\System\SFLyJUQ.exe
  2⤵
  PID:536
- C:\Windows\System\XRaOkkD.exe
  C:\Windows\System\XRaOkkD.exe
  2⤵
  PID:768
- C:\Windows\System\zSFTVsZ.exe
  C:\Windows\System\zSFTVsZ.exe
  2⤵
  PID:1672
- C:\Windows\System\HHgorUX.exe
  C:\Windows\System\HHgorUX.exe
  2⤵
  PID:316
- C:\Windows\System\EjIvlxk.exe
  C:\Windows\System\EjIvlxk.exe
  2⤵
  PID:1044
- C:\Windows\System\GYjulpi.exe
  C:\Windows\System\GYjulpi.exe
  2⤵
  PID:892
- C:\Windows\System\XVJrAIv.exe
  C:\Windows\System\XVJrAIv.exe
  2⤵
  PID:2576
- C:\Windows\System\rRwBxQR.exe
  C:\Windows\System\rRwBxQR.exe
  2⤵
  PID:2768
- C:\Windows\System\sYJvNSy.exe
  C:\Windows\System\sYJvNSy.exe
  2⤵
  PID:2188
- C:\Windows\System\fKbILsC.exe
  C:\Windows\System\fKbILsC.exe
  2⤵
  PID:2804
- C:\Windows\System\oZAkuwO.exe
  C:\Windows\System\oZAkuwO.exe
  2⤵
  PID:3016
- C:\Windows\System\IHYEZeX.exe
  C:\Windows\System\IHYEZeX.exe
  2⤵
  PID:1444
- C:\Windows\System\FZloGsK.exe
  C:\Windows\System\FZloGsK.exe
  2⤵
  PID:3048
- C:\Windows\System\tVJfpvD.exe
  C:\Windows\System\tVJfpvD.exe
  2⤵
  PID:2888
- C:\Windows\System\WdhbHBG.exe
  C:\Windows\System\WdhbHBG.exe
  2⤵
  PID:2164
- C:\Windows\System\KsjuAPm.exe
  C:\Windows\System\KsjuAPm.exe
  2⤵
  PID:3052
- C:\Windows\System\KbPhPuS.exe
  C:\Windows\System\KbPhPuS.exe
  2⤵
  PID:1792
- C:\Windows\System\KtlJerM.exe
  C:\Windows\System\KtlJerM.exe
  2⤵
  PID:1288
- C:\Windows\System\QrkXYZu.exe
  C:\Windows\System\QrkXYZu.exe
  2⤵
  PID:1712
- C:\Windows\System\ZWIdILG.exe
  C:\Windows\System\ZWIdILG.exe
  2⤵
  PID:1828
- C:\Windows\System\gwCQWqu.exe
  C:\Windows\System\gwCQWqu.exe
  2⤵
  PID:1528
- C:\Windows\System\uJhCPhG.exe
  C:\Windows\System\uJhCPhG.exe
  2⤵
  PID:1724
- C:\Windows\System\NqqnZvh.exe
  C:\Windows\System\NqqnZvh.exe
  2⤵
  PID:1564
- C:\Windows\System\FgWjIni.exe
  C:\Windows\System\FgWjIni.exe
  2⤵
  PID:2104
- C:\Windows\System\WWlJugk.exe
  C:\Windows\System\WWlJugk.exe
  2⤵
  PID:904
- C:\Windows\System\JeORlQk.exe
  C:\Windows\System\JeORlQk.exe
  2⤵
  PID:1524
- C:\Windows\System\JmqdkAP.exe
  C:\Windows\System\JmqdkAP.exe
  2⤵
  PID:948
- C:\Windows\System\YtqSbhi.exe
  C:\Windows\System\YtqSbhi.exe
  2⤵
  PID:2436
- C:\Windows\System\ZzZMlxp.exe
  C:\Windows\System\ZzZMlxp.exe
  2⤵
  PID:1864
- C:\Windows\System\exmrjKO.exe
  C:\Windows\System\exmrjKO.exe
  2⤵
  PID:600
- C:\Windows\System\TwInrND.exe
  C:\Windows\System\TwInrND.exe
  2⤵
  PID:1584
- C:\Windows\System\ZOWBUQQ.exe
  C:\Windows\System\ZOWBUQQ.exe
  2⤵
  PID:3004
- C:\Windows\System\mdtbTOt.exe
  C:\Windows\System\mdtbTOt.exe
  2⤵
  PID:2952
- C:\Windows\System\bTBmThU.exe
  C:\Windows\System\bTBmThU.exe
  2⤵
  PID:2268
- C:\Windows\System\iNnjAWh.exe
  C:\Windows\System\iNnjAWh.exe
  2⤵
  PID:344
- C:\Windows\System\nIdzTeV.exe
  C:\Windows\System\nIdzTeV.exe
  2⤵
  PID:2744
- C:\Windows\System\YsGCPJu.exe
  C:\Windows\System\YsGCPJu.exe
  2⤵
  PID:2608
- C:\Windows\System\dAboEyh.exe
  C:\Windows\System\dAboEyh.exe
  2⤵
  PID:1696
- C:\Windows\System\SahinhY.exe
  C:\Windows\System\SahinhY.exe
  2⤵
  PID:1540
- C:\Windows\System\gTbbRPZ.exe
  C:\Windows\System\gTbbRPZ.exe
  2⤵
  PID:1804
- C:\Windows\System\vGxtHym.exe
  C:\Windows\System\vGxtHym.exe
  2⤵
  PID:2292
- C:\Windows\System\XBVLvIt.exe
  C:\Windows\System\XBVLvIt.exe
  2⤵
  PID:2000
- C:\Windows\System\WYPPvED.exe
  C:\Windows\System\WYPPvED.exe
  2⤵
  PID:1780
- C:\Windows\System\TamvpZT.exe
  C:\Windows\System\TamvpZT.exe
  2⤵
  PID:2484
- C:\Windows\System\EuQVgmc.exe
  C:\Windows\System\EuQVgmc.exe
  2⤵
  PID:328
- C:\Windows\System\ktnVIUu.exe
  C:\Windows\System\ktnVIUu.exe
  2⤵
  PID:1588
- C:\Windows\System\GfAmjLo.exe
  C:\Windows\System\GfAmjLo.exe
  2⤵
  PID:1144
- C:\Windows\System\qXjwWQG.exe
  C:\Windows\System\qXjwWQG.exe
  2⤵
  PID:2832
- C:\Windows\System\IJOxjpf.exe
  C:\Windows\System\IJOxjpf.exe
  2⤵
  PID:2840
- C:\Windows\System\YYbSQRH.exe
  C:\Windows\System\YYbSQRH.exe
  2⤵
  PID:1884
- C:\Windows\System\HBzCbif.exe
  C:\Windows\System\HBzCbif.exe
  2⤵
  PID:2472
- C:\Windows\System\VLoSNJz.exe
  C:\Windows\System\VLoSNJz.exe
  2⤵
  PID:356
- C:\Windows\System\NBsltch.exe
  C:\Windows\System\NBsltch.exe
  2⤵
  PID:1600
- C:\Windows\System\KBgmCib.exe
  C:\Windows\System\KBgmCib.exe
  2⤵
  PID:2108
- C:\Windows\System\kAYRQRE.exe
  C:\Windows\System\kAYRQRE.exe
  2⤵
  PID:3092
- C:\Windows\System\PKHNmdT.exe
  C:\Windows\System\PKHNmdT.exe
  2⤵
  PID:3116
- C:\Windows\System\IpPRqws.exe
  C:\Windows\System\IpPRqws.exe
  2⤵
  PID:3136
- C:\Windows\System\flUCZXu.exe
  C:\Windows\System\flUCZXu.exe
  2⤵
  PID:3156
- C:\Windows\System\DCaAIEv.exe
  C:\Windows\System\DCaAIEv.exe
  2⤵
  PID:3176
- C:\Windows\System\udGfPFg.exe
  C:\Windows\System\udGfPFg.exe
  2⤵
  PID:3196
- C:\Windows\System\nkCcIyH.exe
  C:\Windows\System\nkCcIyH.exe
  2⤵
  PID:3216
- C:\Windows\System\MqOnQUB.exe
  C:\Windows\System\MqOnQUB.exe
  2⤵
  PID:3232
- C:\Windows\System\wTMhoQh.exe
  C:\Windows\System\wTMhoQh.exe
  2⤵
  PID:3256
- C:\Windows\System\ghDZVxX.exe
  C:\Windows\System\ghDZVxX.exe
  2⤵
  PID:3276
- C:\Windows\System\fzmkCEr.exe
  C:\Windows\System\fzmkCEr.exe
  2⤵
  PID:3296
- C:\Windows\System\ckcJQwC.exe
  C:\Windows\System\ckcJQwC.exe
  2⤵
  PID:3312
- C:\Windows\System\ohHrHEs.exe
  C:\Windows\System\ohHrHEs.exe
  2⤵
  PID:3336
- C:\Windows\System\lkIYjen.exe
  C:\Windows\System\lkIYjen.exe
  2⤵
  PID:3356
- C:\Windows\System\UsQBZbA.exe
  C:\Windows\System\UsQBZbA.exe
  2⤵
  PID:3376
- C:\Windows\System\VdSNcjQ.exe
  C:\Windows\System\VdSNcjQ.exe
  2⤵
  PID:3392
- C:\Windows\System\HFhlQTo.exe
  C:\Windows\System\HFhlQTo.exe
  2⤵
  PID:3412
- C:\Windows\System\yxanfUJ.exe
  C:\Windows\System\yxanfUJ.exe
  2⤵
  PID:3436
- C:\Windows\System\YnWcnmc.exe
  C:\Windows\System\YnWcnmc.exe
  2⤵
  PID:3456
- C:\Windows\System\NFkkfXz.exe
  C:\Windows\System\NFkkfXz.exe
  2⤵
  PID:3476
- C:\Windows\System\XkPOKvi.exe
  C:\Windows\System\XkPOKvi.exe
  2⤵
  PID:3500
- C:\Windows\System\gychQsV.exe
  C:\Windows\System\gychQsV.exe
  2⤵
  PID:3520
- C:\Windows\System\rkYsIuz.exe
  C:\Windows\System\rkYsIuz.exe
  2⤵
  PID:3540
- C:\Windows\System\BMqDxDG.exe
  C:\Windows\System\BMqDxDG.exe
  2⤵
  PID:3560
- C:\Windows\System\vmDSJVU.exe
  C:\Windows\System\vmDSJVU.exe
  2⤵
  PID:3580
- C:\Windows\System\XxTCpLG.exe
  C:\Windows\System\XxTCpLG.exe
  2⤵
  PID:3596
- C:\Windows\System\NTMDzKf.exe
  C:\Windows\System\NTMDzKf.exe
  2⤵
  PID:3616
- C:\Windows\System\mAMLROB.exe
  C:\Windows\System\mAMLROB.exe
  2⤵
  PID:3636
- C:\Windows\System\HbzKlow.exe
  C:\Windows\System\HbzKlow.exe
  2⤵
  PID:3656
- C:\Windows\System\FWVWPaI.exe
  C:\Windows\System\FWVWPaI.exe
  2⤵
  PID:3680
- C:\Windows\System\RicBvCL.exe
  C:\Windows\System\RicBvCL.exe
  2⤵
  PID:3700
- C:\Windows\System\gERaksW.exe
  C:\Windows\System\gERaksW.exe
  2⤵
  PID:3716
- C:\Windows\System\HHmZLWT.exe
  C:\Windows\System\HHmZLWT.exe
  2⤵
  PID:3736
- C:\Windows\System\QCHrvIX.exe
  C:\Windows\System\QCHrvIX.exe
  2⤵
  PID:3756
- C:\Windows\System\aRcoLih.exe
  C:\Windows\System\aRcoLih.exe
  2⤵
  PID:3780
- C:\Windows\System\GKZtxDI.exe
  C:\Windows\System\GKZtxDI.exe
  2⤵
  PID:3800
- C:\Windows\System\xtGBKGQ.exe
  C:\Windows\System\xtGBKGQ.exe
  2⤵
  PID:3820
- C:\Windows\System\RBhCLnp.exe
  C:\Windows\System\RBhCLnp.exe
  2⤵
  PID:3836
- C:\Windows\System\tzajKLc.exe
  C:\Windows\System\tzajKLc.exe
  2⤵
  PID:3856
- C:\Windows\System\RzxdKcc.exe
  C:\Windows\System\RzxdKcc.exe
  2⤵
  PID:3876
- C:\Windows\System\MWhpFkZ.exe
  C:\Windows\System\MWhpFkZ.exe
  2⤵
  PID:3900
- C:\Windows\System\CEpdRJs.exe
  C:\Windows\System\CEpdRJs.exe
  2⤵
  PID:3916
- C:\Windows\System\FiIsfFx.exe
  C:\Windows\System\FiIsfFx.exe
  2⤵
  PID:3936
- C:\Windows\System\vFDOvxp.exe
  C:\Windows\System\vFDOvxp.exe
  2⤵
  PID:3956
- C:\Windows\System\NDtzSGz.exe
  C:\Windows\System\NDtzSGz.exe
  2⤵
  PID:3980
- C:\Windows\System\CUdLfgH.exe
  C:\Windows\System\CUdLfgH.exe
  2⤵
  PID:4000
- C:\Windows\System\IsaagWi.exe
  C:\Windows\System\IsaagWi.exe
  2⤵
  PID:4020
- C:\Windows\System\qzaTGcs.exe
  C:\Windows\System\qzaTGcs.exe
  2⤵
  PID:4036
- C:\Windows\System\WWGBQCB.exe
  C:\Windows\System\WWGBQCB.exe
  2⤵
  PID:4056
- C:\Windows\System\RfyBjkn.exe
  C:\Windows\System\RfyBjkn.exe
  2⤵
  PID:4080
- C:\Windows\System\fuxIRDU.exe
  C:\Windows\System\fuxIRDU.exe
  2⤵
  PID:320
- C:\Windows\System\Jahpxdi.exe
  C:\Windows\System\Jahpxdi.exe
  2⤵
  PID:2524
- C:\Windows\System\WJhEdWv.exe
  C:\Windows\System\WJhEdWv.exe
  2⤵
  PID:2752
- C:\Windows\System\faEEFpx.exe
  C:\Windows\System\faEEFpx.exe
  2⤵
  PID:1568
- C:\Windows\System\YcgVOtH.exe
  C:\Windows\System\YcgVOtH.exe
  2⤵
  PID:2656
- C:\Windows\System\IVWuBtI.exe
  C:\Windows\System\IVWuBtI.exe
  2⤵
  PID:960
- C:\Windows\System\hnWAUrE.exe
  C:\Windows\System\hnWAUrE.exe
  2⤵
  PID:3132
- C:\Windows\System\cRuqhTD.exe
  C:\Windows\System\cRuqhTD.exe
  2⤵
  PID:3128
- C:\Windows\System\thPHCtJ.exe
  C:\Windows\System\thPHCtJ.exe
  2⤵
  PID:908
- C:\Windows\System\PTAsDIv.exe
  C:\Windows\System\PTAsDIv.exe
  2⤵
  PID:3204
- C:\Windows\System\cNfNgRK.exe
  C:\Windows\System\cNfNgRK.exe
  2⤵
  PID:3240
- C:\Windows\System\iqaevXK.exe
  C:\Windows\System\iqaevXK.exe
  2⤵
  PID:3244
- C:\Windows\System\vIlYEza.exe
  C:\Windows\System\vIlYEza.exe
  2⤵
  PID:3272
- C:\Windows\System\VyQhCdA.exe
  C:\Windows\System\VyQhCdA.exe
  2⤵
  PID:3328
- C:\Windows\System\hOazfNW.exe
  C:\Windows\System\hOazfNW.exe
  2⤵
  PID:3348
- C:\Windows\System\ZsecJEG.exe
  C:\Windows\System\ZsecJEG.exe
  2⤵
  PID:3408
- C:\Windows\System\HoQRsLl.exe
  C:\Windows\System\HoQRsLl.exe
  2⤵
  PID:3424
- C:\Windows\System\JHfdbxr.exe
  C:\Windows\System\JHfdbxr.exe
  2⤵
  PID:3428
- C:\Windows\System\ojyaQZs.exe
  C:\Windows\System\ojyaQZs.exe
  2⤵
  PID:3536
- C:\Windows\System\TKEcEwa.exe
  C:\Windows\System\TKEcEwa.exe
  2⤵
  PID:3468
- C:\Windows\System\WngbNMY.exe
  C:\Windows\System\WngbNMY.exe
  2⤵
  PID:3572
- C:\Windows\System\eoTmFny.exe
  C:\Windows\System\eoTmFny.exe
  2⤵
  PID:3612
- C:\Windows\System\yEJKhGQ.exe
  C:\Windows\System\yEJKhGQ.exe
  2⤵
  PID:3588
- C:\Windows\System\edYrckb.exe
  C:\Windows\System\edYrckb.exe
  2⤵
  PID:3692
- C:\Windows\System\rjbwlbo.exe
  C:\Windows\System\rjbwlbo.exe
  2⤵
  PID:3672
- C:\Windows\System\YSMYIkl.exe
  C:\Windows\System\YSMYIkl.exe
  2⤵
  PID:3728
- C:\Windows\System\ODfnUNQ.exe
  C:\Windows\System\ODfnUNQ.exe
  2⤵
  PID:3768
- C:\Windows\System\CHwnJne.exe
  C:\Windows\System\CHwnJne.exe
  2⤵
  PID:3752
- C:\Windows\System\BugsgGs.exe
  C:\Windows\System\BugsgGs.exe
  2⤵
  PID:3788
- C:\Windows\System\InFXNpV.exe
  C:\Windows\System\InFXNpV.exe
  2⤵
  PID:3884
- C:\Windows\System\nxldiZg.exe
  C:\Windows\System\nxldiZg.exe
  2⤵
  PID:3832
- C:\Windows\System\CIqZtCe.exe
  C:\Windows\System\CIqZtCe.exe
  2⤵
  PID:3932
- C:\Windows\System\gHEkuxB.exe
  C:\Windows\System\gHEkuxB.exe
  2⤵
  PID:3948
- C:\Windows\System\YvMBfPk.exe
  C:\Windows\System\YvMBfPk.exe
  2⤵
  PID:3968
- C:\Windows\System\InZAKge.exe
  C:\Windows\System\InZAKge.exe
  2⤵
  PID:3996
- C:\Windows\System\nHYsZKe.exe
  C:\Windows\System\nHYsZKe.exe
  2⤵
  PID:4088
- C:\Windows\System\rVBcmmw.exe
  C:\Windows\System\rVBcmmw.exe
  2⤵
  PID:2692
- C:\Windows\System\pkUCTFn.exe
  C:\Windows\System\pkUCTFn.exe
  2⤵
  PID:1248
- C:\Windows\System\YtZbIcM.exe
  C:\Windows\System\YtZbIcM.exe
  2⤵
  PID:1648
- C:\Windows\System\eAWvSAk.exe
  C:\Windows\System\eAWvSAk.exe
  2⤵
  PID:3100
- C:\Windows\System\vtZMkGy.exe
  C:\Windows\System\vtZMkGy.exe
  2⤵
  PID:3152
- C:\Windows\System\grWSIWn.exe
  C:\Windows\System\grWSIWn.exe
  2⤵
  PID:3188
- C:\Windows\System\LmluNRS.exe
  C:\Windows\System\LmluNRS.exe
  2⤵
  PID:2052
- C:\Windows\System\MYWdooY.exe
  C:\Windows\System\MYWdooY.exe
  2⤵
  PID:3248
- C:\Windows\System\TLANIoE.exe
  C:\Windows\System\TLANIoE.exe
  2⤵
  PID:3352
- C:\Windows\System\JYxwnLt.exe
  C:\Windows\System\JYxwnLt.exe
  2⤵
  PID:3320
- C:\Windows\System\ftSIfkI.exe
  C:\Windows\System\ftSIfkI.exe
  2⤵
  PID:3368
- C:\Windows\System\dIjuWjI.exe
  C:\Windows\System\dIjuWjI.exe
  2⤵
  PID:3568
- C:\Windows\System\tUXJarE.exe
  C:\Windows\System\tUXJarE.exe
  2⤵
  PID:3644
- C:\Windows\System\IOsetYZ.exe
  C:\Windows\System\IOsetYZ.exe
  2⤵
  PID:3556
- C:\Windows\System\DwddcZd.exe
  C:\Windows\System\DwddcZd.exe
  2⤵
  PID:3604
- C:\Windows\System\RHakRdm.exe
  C:\Windows\System\RHakRdm.exe
  2⤵
  PID:3772
- C:\Windows\System\rxhbzFv.exe
  C:\Windows\System\rxhbzFv.exe
  2⤵
  PID:3892
- C:\Windows\System\sOxRHAE.exe
  C:\Windows\System\sOxRHAE.exe
  2⤵
  PID:3732
- C:\Windows\System\UNHcgOh.exe
  C:\Windows\System\UNHcgOh.exe
  2⤵
  PID:3848
- C:\Windows\System\omCleyw.exe
  C:\Windows\System\omCleyw.exe
  2⤵
  PID:3924
- C:\Windows\System\DMVDNgo.exe
  C:\Windows\System\DMVDNgo.exe
  2⤵
  PID:3988
- C:\Windows\System\RaNlyWv.exe
  C:\Windows\System\RaNlyWv.exe
  2⤵
  PID:4044
- C:\Windows\System\ulrMPYF.exe
  C:\Windows\System\ulrMPYF.exe
  2⤵
  PID:4048
- C:\Windows\System\WqKQUsL.exe
  C:\Windows\System\WqKQUsL.exe
  2⤵
  PID:4072
- C:\Windows\System\GutLJQD.exe
  C:\Windows\System\GutLJQD.exe
  2⤵
  PID:1756
- C:\Windows\System\jkNridj.exe
  C:\Windows\System\jkNridj.exe
  2⤵
  PID:3112
- C:\Windows\System\mDJGnGN.exe
  C:\Windows\System\mDJGnGN.exe
  2⤵
  PID:3288
- C:\Windows\System\QiwkVmm.exe
  C:\Windows\System\QiwkVmm.exe
  2⤵
  PID:3184
- C:\Windows\System\nLtVNsI.exe
  C:\Windows\System\nLtVNsI.exe
  2⤵
  PID:3444
- C:\Windows\System\ZpcQnwc.exe
  C:\Windows\System\ZpcQnwc.exe
  2⤵
  PID:3516
- C:\Windows\System\LCvkjan.exe
  C:\Windows\System\LCvkjan.exe
  2⤵
  PID:3472
- C:\Windows\System\anyovIR.exe
  C:\Windows\System\anyovIR.exe
  2⤵
  PID:3688
- C:\Windows\System\jSzFYRa.exe
  C:\Windows\System\jSzFYRa.exe
  2⤵
  PID:3828
- C:\Windows\System\QNSKHaB.exe
  C:\Windows\System\QNSKHaB.exe
  2⤵
  PID:2740
- C:\Windows\System\LEFxlNa.exe
  C:\Windows\System\LEFxlNa.exe
  2⤵
  PID:3864
- C:\Windows\System\wigYYjM.exe
  C:\Windows\System\wigYYjM.exe
  2⤵
  PID:4068
- C:\Windows\System\NVpWiNJ.exe
  C:\Windows\System\NVpWiNJ.exe
  2⤵
  PID:3148
- C:\Windows\System\olzvldv.exe
  C:\Windows\System\olzvldv.exe
  2⤵
  PID:3208
- C:\Windows\System\MHiscyf.exe
  C:\Windows\System\MHiscyf.exe
  2⤵
  PID:3488
- C:\Windows\System\XyvAuoP.exe
  C:\Windows\System\XyvAuoP.exe
  2⤵
  PID:3168
- C:\Windows\System\CWUenkc.exe
  C:\Windows\System\CWUenkc.exe
  2⤵
  PID:3492
- C:\Windows\System\kpdOYGQ.exe
  C:\Windows\System\kpdOYGQ.exe
  2⤵
  PID:3844
- C:\Windows\System\aNdgfJq.exe
  C:\Windows\System\aNdgfJq.exe
  2⤵
  PID:3852
- C:\Windows\System\wWHUwLB.exe
  C:\Windows\System\wWHUwLB.exe
  2⤵
  PID:2872
- C:\Windows\System\iQaUDJk.exe
  C:\Windows\System\iQaUDJk.exe
  2⤵
  PID:4112
- C:\Windows\System\gkELcMU.exe
  C:\Windows\System\gkELcMU.exe
  2⤵
  PID:4132
- C:\Windows\System\XvsxcCu.exe
  C:\Windows\System\XvsxcCu.exe
  2⤵
  PID:4152
- C:\Windows\System\HQzoXbv.exe
  C:\Windows\System\HQzoXbv.exe
  2⤵
  PID:4172
- C:\Windows\System\fVMCVXN.exe
  C:\Windows\System\fVMCVXN.exe
  2⤵
  PID:4192
- C:\Windows\System\JIpzPgu.exe
  C:\Windows\System\JIpzPgu.exe
  2⤵
  PID:4212
- C:\Windows\System\dlLpvcl.exe
  C:\Windows\System\dlLpvcl.exe
  2⤵
  PID:4232
- C:\Windows\System\UctmnQY.exe
  C:\Windows\System\UctmnQY.exe
  2⤵
  PID:4252
- C:\Windows\System\vfgauZA.exe
  C:\Windows\System\vfgauZA.exe
  2⤵
  PID:4272
- C:\Windows\System\wnTEbmi.exe
  C:\Windows\System\wnTEbmi.exe
  2⤵
  PID:4292
- C:\Windows\System\SQRQpnd.exe
  C:\Windows\System\SQRQpnd.exe
  2⤵
  PID:4312
- C:\Windows\System\gchvNTX.exe
  C:\Windows\System\gchvNTX.exe
  2⤵
  PID:4332
- C:\Windows\System\ISOWHqK.exe
  C:\Windows\System\ISOWHqK.exe
  2⤵
  PID:4352
- C:\Windows\System\XmpXLVF.exe
  C:\Windows\System\XmpXLVF.exe
  2⤵
  PID:4372
- C:\Windows\System\yzuDibj.exe
  C:\Windows\System\yzuDibj.exe
  2⤵
  PID:4392
- C:\Windows\System\AXZEqYQ.exe
  C:\Windows\System\AXZEqYQ.exe
  2⤵
  PID:4412
- C:\Windows\System\IhGKjYJ.exe
  C:\Windows\System\IhGKjYJ.exe
  2⤵
  PID:4432
- C:\Windows\System\JQKJykS.exe
  C:\Windows\System\JQKJykS.exe
  2⤵
  PID:4452
- C:\Windows\System\KNmeuWz.exe
  C:\Windows\System\KNmeuWz.exe
  2⤵
  PID:4472
- C:\Windows\System\vcdhPTZ.exe
  C:\Windows\System\vcdhPTZ.exe
  2⤵
  PID:4492
- C:\Windows\System\IexFLiV.exe
  C:\Windows\System\IexFLiV.exe
  2⤵
  PID:4512
- C:\Windows\System\UVGzirA.exe
  C:\Windows\System\UVGzirA.exe
  2⤵
  PID:4532
- C:\Windows\System\kBsKofg.exe
  C:\Windows\System\kBsKofg.exe
  2⤵
  PID:4552
- C:\Windows\System\mPTfKzR.exe
  C:\Windows\System\mPTfKzR.exe
  2⤵
  PID:4572
- C:\Windows\System\JsbCztD.exe
  C:\Windows\System\JsbCztD.exe
  2⤵
  PID:4592
- C:\Windows\System\DRSUaLS.exe
  C:\Windows\System\DRSUaLS.exe
  2⤵
  PID:4612
- C:\Windows\System\SIJVsWJ.exe
  C:\Windows\System\SIJVsWJ.exe
  2⤵
  PID:4632
- C:\Windows\System\TqJCCwL.exe
  C:\Windows\System\TqJCCwL.exe
  2⤵
  PID:4652
- C:\Windows\System\ofOqRHD.exe
  C:\Windows\System\ofOqRHD.exe
  2⤵
  PID:4672
- C:\Windows\System\mqrJgAu.exe
  C:\Windows\System\mqrJgAu.exe
  2⤵
  PID:4692
- C:\Windows\System\IYzeclD.exe
  C:\Windows\System\IYzeclD.exe
  2⤵
  PID:4712
- C:\Windows\System\blSOFba.exe
  C:\Windows\System\blSOFba.exe
  2⤵
  PID:4732
- C:\Windows\System\TNEVGfr.exe
  C:\Windows\System\TNEVGfr.exe
  2⤵
  PID:4752
- C:\Windows\System\sFJWIFG.exe
  C:\Windows\System\sFJWIFG.exe
  2⤵
  PID:4772
- C:\Windows\System\XuXldNr.exe
  C:\Windows\System\XuXldNr.exe
  2⤵
  PID:4792
- C:\Windows\System\tyLhpBH.exe
  C:\Windows\System\tyLhpBH.exe
  2⤵
  PID:4812
- C:\Windows\System\zvXSTNq.exe
  C:\Windows\System\zvXSTNq.exe
  2⤵
  PID:4832
- C:\Windows\System\uqRTCYb.exe
  C:\Windows\System\uqRTCYb.exe
  2⤵
  PID:4852
- C:\Windows\System\IZlyhrs.exe
  C:\Windows\System\IZlyhrs.exe
  2⤵
  PID:4872
- C:\Windows\System\nuxOmJt.exe
  C:\Windows\System\nuxOmJt.exe
  2⤵
  PID:4892
- C:\Windows\System\tjCYwOp.exe
  C:\Windows\System\tjCYwOp.exe
  2⤵
  PID:4912
- C:\Windows\System\BzRQFAB.exe
  C:\Windows\System\BzRQFAB.exe
  2⤵
  PID:4932
- C:\Windows\System\tifAriw.exe
  C:\Windows\System\tifAriw.exe
  2⤵
  PID:4952
- C:\Windows\System\ctroqYS.exe
  C:\Windows\System\ctroqYS.exe
  2⤵
  PID:4976
- C:\Windows\System\GguLlXs.exe
  C:\Windows\System\GguLlXs.exe
  2⤵
  PID:4996
- C:\Windows\System\IWNevBg.exe
  C:\Windows\System\IWNevBg.exe
  2⤵
  PID:5016
- C:\Windows\System\FWQZMgT.exe
  C:\Windows\System\FWQZMgT.exe
  2⤵
  PID:5036
- C:\Windows\System\xjAOapy.exe
  C:\Windows\System\xjAOapy.exe
  2⤵
  PID:5056
- C:\Windows\System\zxtIPsn.exe
  C:\Windows\System\zxtIPsn.exe
  2⤵
  PID:5076
- C:\Windows\System\bYyusQb.exe
  C:\Windows\System\bYyusQb.exe
  2⤵
  PID:5096
- C:\Windows\System\qRrQsek.exe
  C:\Windows\System\qRrQsek.exe
  2⤵
  PID:5116
- C:\Windows\System\JZtvaWI.exe
  C:\Windows\System\JZtvaWI.exe
  2⤵
  PID:2932
- C:\Windows\System\fmwiZmi.exe
  C:\Windows\System\fmwiZmi.exe
  2⤵
  PID:996
- C:\Windows\System\LDHYvhw.exe
  C:\Windows\System\LDHYvhw.exe
  2⤵
  PID:3512
- C:\Windows\System\VXAXlri.exe
  C:\Windows\System\VXAXlri.exe
  2⤵
  PID:3812
- C:\Windows\System\RrlvuwX.exe
  C:\Windows\System\RrlvuwX.exe
  2⤵
  PID:3464
- C:\Windows\System\sOzwkrU.exe
  C:\Windows\System\sOzwkrU.exe
  2⤵
  PID:4108
- C:\Windows\System\GeBRHiI.exe
  C:\Windows\System\GeBRHiI.exe
  2⤵
  PID:4140
- C:\Windows\System\lJgwnsk.exe
  C:\Windows\System\lJgwnsk.exe
  2⤵
  PID:4188
- C:\Windows\System\wvmIfgY.exe
  C:\Windows\System\wvmIfgY.exe
  2⤵
  PID:4220
- C:\Windows\System\DYStlRH.exe
  C:\Windows\System\DYStlRH.exe
  2⤵
  PID:4248
- C:\Windows\System\yBONsHf.exe
  C:\Windows\System\yBONsHf.exe
  2⤵
  PID:4280
- C:\Windows\System\WkQzdzR.exe
  C:\Windows\System\WkQzdzR.exe
  2⤵
  PID:4284
- C:\Windows\System\pebEyLV.exe
  C:\Windows\System\pebEyLV.exe
  2⤵
  PID:4328
- C:\Windows\System\IuxAUDh.exe
  C:\Windows\System\IuxAUDh.exe
  2⤵
  PID:4388
- C:\Windows\System\pNxetMJ.exe
  C:\Windows\System\pNxetMJ.exe
  2⤵
  PID:4424
- C:\Windows\System\DPNvPtg.exe
  C:\Windows\System\DPNvPtg.exe
  2⤵
  PID:4460
- C:\Windows\System\nMqxrhS.exe
  C:\Windows\System\nMqxrhS.exe
  2⤵
  PID:4500
- C:\Windows\System\mSXSRrT.exe
  C:\Windows\System\mSXSRrT.exe
  2⤵
  PID:3192
- C:\Windows\System\npEGKiI.exe
  C:\Windows\System\npEGKiI.exe
  2⤵
  PID:4528
- C:\Windows\System\TgtpjcW.exe
  C:\Windows\System\TgtpjcW.exe
  2⤵
  PID:4568
- C:\Windows\System\tmUYpqF.exe
  C:\Windows\System\tmUYpqF.exe
  2⤵
  PID:4608
- C:\Windows\System\nttaoOP.exe
  C:\Windows\System\nttaoOP.exe
  2⤵
  PID:4640
- C:\Windows\System\TXsrSpf.exe
  C:\Windows\System\TXsrSpf.exe
  2⤵
  PID:4664
- C:\Windows\System\nxDNJSu.exe
  C:\Windows\System\nxDNJSu.exe
  2⤵
  PID:4708
- C:\Windows\System\gNnanWT.exe
  C:\Windows\System\gNnanWT.exe
  2⤵
  PID:4744
- C:\Windows\System\wJOBFQf.exe
  C:\Windows\System\wJOBFQf.exe
  2⤵
  PID:4760
- C:\Windows\System\lDKFblP.exe
  C:\Windows\System\lDKFblP.exe
  2⤵
  PID:4808
- C:\Windows\System\yinYEHo.exe
  C:\Windows\System\yinYEHo.exe
  2⤵
  PID:4840
- C:\Windows\System\jAjnkca.exe
  C:\Windows\System\jAjnkca.exe
  2⤵
  PID:4864
- C:\Windows\System\fDlGBdv.exe
  C:\Windows\System\fDlGBdv.exe
  2⤵
  PID:4884
- C:\Windows\System\ncLGlqF.exe
  C:\Windows\System\ncLGlqF.exe
  2⤵
  PID:4940
- C:\Windows\System\OCBVJdw.exe
  C:\Windows\System\OCBVJdw.exe
  2⤵
  PID:4968
- C:\Windows\System\mfeQnyX.exe
  C:\Windows\System\mfeQnyX.exe
  2⤵
  PID:5024
- C:\Windows\System\DCABIfT.exe
  C:\Windows\System\DCABIfT.exe
  2⤵
  PID:5044
- C:\Windows\System\vrBmzAC.exe
  C:\Windows\System\vrBmzAC.exe
  2⤵
  PID:5068
- C:\Windows\System\oOYfvQq.exe
  C:\Windows\System\oOYfvQq.exe
  2⤵
  PID:5112
- C:\Windows\System\sJqIyTs.exe
  C:\Windows\System\sJqIyTs.exe
  2⤵
  PID:1268
- C:\Windows\System\PAWLwTA.exe
  C:\Windows\System\PAWLwTA.exe
  2⤵
  PID:2644
- C:\Windows\System\UJdjQFB.exe
  C:\Windows\System\UJdjQFB.exe
  2⤵
  PID:4100
- C:\Windows\System\tJUJsUU.exe
  C:\Windows\System\tJUJsUU.exe
  2⤵
  PID:4120
- C:\Windows\System\iiHtqQl.exe
  C:\Windows\System\iiHtqQl.exe
  2⤵
  PID:4184
- C:\Windows\System\xmfzdSm.exe
  C:\Windows\System\xmfzdSm.exe
  2⤵
  PID:4208
- C:\Windows\System\aAovqRm.exe
  C:\Windows\System\aAovqRm.exe
  2⤵
  PID:4264
- C:\Windows\System\wJtarRi.exe
  C:\Windows\System\wJtarRi.exe
  2⤵
  PID:4368
- C:\Windows\System\TFbhzEc.exe
  C:\Windows\System\TFbhzEc.exe
  2⤵
  PID:4408
- C:\Windows\System\GLJybGn.exe
  C:\Windows\System\GLJybGn.exe
  2⤵
  PID:4404
- C:\Windows\System\evYvvcs.exe
  C:\Windows\System\evYvvcs.exe
  2⤵
  PID:4488
- C:\Windows\System\YGXCCeW.exe
  C:\Windows\System\YGXCCeW.exe
  2⤵
  PID:4580
- C:\Windows\System\NGwMmVJ.exe
  C:\Windows\System\NGwMmVJ.exe
  2⤵
  PID:4628
- C:\Windows\System\MEXarhL.exe
  C:\Windows\System\MEXarhL.exe
  2⤵
  PID:4688
- C:\Windows\System\MwKsqCk.exe
  C:\Windows\System\MwKsqCk.exe
  2⤵
  PID:4720
- C:\Windows\System\sacSUka.exe
  C:\Windows\System\sacSUka.exe
  2⤵
  PID:4828
- C:\Windows\System\JCYKmRb.exe
  C:\Windows\System\JCYKmRb.exe
  2⤵
  PID:4784
- C:\Windows\System\OIAnaap.exe
  C:\Windows\System\OIAnaap.exe
  2⤵
  PID:4844
- C:\Windows\System\SiEEoQJ.exe
  C:\Windows\System\SiEEoQJ.exe
  2⤵
  PID:4944
- C:\Windows\System\dSdNUuL.exe
  C:\Windows\System\dSdNUuL.exe
  2⤵
  PID:5004
- C:\Windows\System\zVlmqeT.exe
  C:\Windows\System\zVlmqeT.exe
  2⤵
  PID:5072
- C:\Windows\System\rtaoBvL.exe
  C:\Windows\System\rtaoBvL.exe
  2⤵
  PID:2884
- C:\Windows\System\oVeXVdP.exe
  C:\Windows\System\oVeXVdP.exe
  2⤵
  PID:4052
- C:\Windows\System\kNsDyqI.exe
  C:\Windows\System\kNsDyqI.exe
  2⤵
  PID:3292
- C:\Windows\System\LQDxnRT.exe
  C:\Windows\System\LQDxnRT.exe
  2⤵
  PID:4160
- C:\Windows\System\GMOlaPJ.exe
  C:\Windows\System\GMOlaPJ.exe
  2⤵
  PID:3044
- C:\Windows\System\iGmJtYO.exe
  C:\Windows\System\iGmJtYO.exe
  2⤵
  PID:4380
- C:\Windows\System\rwqBZbi.exe
  C:\Windows\System\rwqBZbi.exe
  2⤵
  PID:4348
- C:\Windows\System\owdzGPx.exe
  C:\Windows\System\owdzGPx.exe
  2⤵
  PID:4548
- C:\Windows\System\FagiGYG.exe
  C:\Windows\System\FagiGYG.exe
  2⤵
  PID:4604
- C:\Windows\System\GmIUdvO.exe
  C:\Windows\System\GmIUdvO.exe
  2⤵
  PID:4668
- C:\Windows\System\PmYTKoG.exe
  C:\Windows\System\PmYTKoG.exe
  2⤵
  PID:4788
- C:\Windows\System\vysFTep.exe
  C:\Windows\System\vysFTep.exe
  2⤵
  PID:4764
- C:\Windows\System\EtSDAlS.exe
  C:\Windows\System\EtSDAlS.exe
  2⤵
  PID:4920
- C:\Windows\System\FyJoxpp.exe
  C:\Windows\System\FyJoxpp.exe
  2⤵
  PID:5088
- C:\Windows\System\jigAqrF.exe
  C:\Windows\System\jigAqrF.exe
  2⤵
  PID:2116
- C:\Windows\System\hltqKYX.exe
  C:\Windows\System\hltqKYX.exe
  2⤵
  PID:3708
- C:\Windows\System\KZWgfbu.exe
  C:\Windows\System\KZWgfbu.exe
  2⤵
  PID:4168
- C:\Windows\System\kHgDBsI.exe
  C:\Windows\System\kHgDBsI.exe
  2⤵
  PID:4268
- C:\Windows\System\ulcERxO.exe
  C:\Windows\System\ulcERxO.exe
  2⤵
  PID:5128
- C:\Windows\System\EeyLENy.exe
  C:\Windows\System\EeyLENy.exe
  2⤵
  PID:5148
- C:\Windows\System\bgczHMl.exe
  C:\Windows\System\bgczHMl.exe
  2⤵
  PID:5168
- C:\Windows\System\cknJetT.exe
  C:\Windows\System\cknJetT.exe
  2⤵
  PID:5188
- C:\Windows\System\tdMRilb.exe
  C:\Windows\System\tdMRilb.exe
  2⤵
  PID:5208
- C:\Windows\System\fsCBxDg.exe
  C:\Windows\System\fsCBxDg.exe
  2⤵
  PID:5228
- C:\Windows\System\KvJFdkS.exe
  C:\Windows\System\KvJFdkS.exe
  2⤵
  PID:5248
- C:\Windows\System\hHPAHCh.exe
  C:\Windows\System\hHPAHCh.exe
  2⤵
  PID:5268
- C:\Windows\System\IMQYZgJ.exe
  C:\Windows\System\IMQYZgJ.exe
  2⤵
  PID:5288
- C:\Windows\System\vvxbmoP.exe
  C:\Windows\System\vvxbmoP.exe
  2⤵
  PID:5308
- C:\Windows\System\yEHgATU.exe
  C:\Windows\System\yEHgATU.exe
  2⤵
  PID:5328
- C:\Windows\System\vqInYRw.exe
  C:\Windows\System\vqInYRw.exe
  2⤵
  PID:5352
- C:\Windows\System\SkWxKCk.exe
  C:\Windows\System\SkWxKCk.exe
  2⤵
  PID:5372
- C:\Windows\System\RTljuga.exe
  C:\Windows\System\RTljuga.exe
  2⤵
  PID:5392
- C:\Windows\System\qbRUPbG.exe
  C:\Windows\System\qbRUPbG.exe
  2⤵
  PID:5412
- C:\Windows\System\okzBdQA.exe
  C:\Windows\System\okzBdQA.exe
  2⤵
  PID:5436
- C:\Windows\System\MWZCTzI.exe
  C:\Windows\System\MWZCTzI.exe
  2⤵
  PID:5456
- C:\Windows\System\oIDSJJs.exe
  C:\Windows\System\oIDSJJs.exe
  2⤵
  PID:5476
- C:\Windows\System\eHwAtWY.exe
  C:\Windows\System\eHwAtWY.exe
  2⤵
  PID:5496
- C:\Windows\System\zwbzEKo.exe
  C:\Windows\System\zwbzEKo.exe
  2⤵
  PID:5516
- C:\Windows\System\LqbYwJS.exe
  C:\Windows\System\LqbYwJS.exe
  2⤵
  PID:5536
- C:\Windows\System\QLgaghg.exe
  C:\Windows\System\QLgaghg.exe
  2⤵
  PID:5556
- C:\Windows\System\UFhudWi.exe
  C:\Windows\System\UFhudWi.exe
  2⤵
  PID:5576
- C:\Windows\System\ODAjhAo.exe
  C:\Windows\System\ODAjhAo.exe
  2⤵
  PID:5596
- C:\Windows\System\zQcjDpW.exe
  C:\Windows\System\zQcjDpW.exe
  2⤵
  PID:5616
- C:\Windows\System\rexEGIn.exe
  C:\Windows\System\rexEGIn.exe
  2⤵
  PID:5636
- C:\Windows\System\QBxJzUX.exe
  C:\Windows\System\QBxJzUX.exe
  2⤵
  PID:5656
- C:\Windows\System\SRrpBZc.exe
  C:\Windows\System\SRrpBZc.exe
  2⤵
  PID:5676
- C:\Windows\System\XWplzYc.exe
  C:\Windows\System\XWplzYc.exe
  2⤵
  PID:5696
- C:\Windows\System\QOnPfTB.exe
  C:\Windows\System\QOnPfTB.exe
  2⤵
  PID:5716
- C:\Windows\System\VgXchXl.exe
  C:\Windows\System\VgXchXl.exe
  2⤵
  PID:5736
- C:\Windows\System\aAzouMU.exe
  C:\Windows\System\aAzouMU.exe
  2⤵
  PID:5756
- C:\Windows\System\UCzYfQS.exe
  C:\Windows\System\UCzYfQS.exe
  2⤵
  PID:5776
- C:\Windows\System\kozdNyn.exe
  C:\Windows\System\kozdNyn.exe
  2⤵
  PID:5796
- C:\Windows\System\jeOensX.exe
  C:\Windows\System\jeOensX.exe
  2⤵
  PID:5816
- C:\Windows\System\mYOoaPb.exe
  C:\Windows\System\mYOoaPb.exe
  2⤵
  PID:5836
- C:\Windows\System\nGtijdx.exe
  C:\Windows\System\nGtijdx.exe
  2⤵
  PID:5856
- C:\Windows\System\RvWZdTP.exe
  C:\Windows\System\RvWZdTP.exe
  2⤵
  PID:5876
- C:\Windows\System\HzGNnDE.exe
  C:\Windows\System\HzGNnDE.exe
  2⤵
  PID:5896
- C:\Windows\System\KDkOAMN.exe
  C:\Windows\System\KDkOAMN.exe
  2⤵
  PID:5912
- C:\Windows\System\PsLMEXW.exe
  C:\Windows\System\PsLMEXW.exe
  2⤵
  PID:5972
- C:\Windows\System\AdFHpeF.exe
  C:\Windows\System\AdFHpeF.exe
  2⤵
  PID:5996
- C:\Windows\System\XtaoJik.exe
  C:\Windows\System\XtaoJik.exe
  2⤵
  PID:6020
- C:\Windows\System\ddFASgJ.exe
  C:\Windows\System\ddFASgJ.exe
  2⤵
  PID:6040
- C:\Windows\System\zBeSvHo.exe
  C:\Windows\System\zBeSvHo.exe
  2⤵
  PID:6064
- C:\Windows\System\JmjhMov.exe
  C:\Windows\System\JmjhMov.exe
  2⤵
  PID:6080
- C:\Windows\System\GxIZRsp.exe
  C:\Windows\System\GxIZRsp.exe
  2⤵
  PID:6100
- C:\Windows\System\MtkWyvq.exe
  C:\Windows\System\MtkWyvq.exe
  2⤵
  PID:6116
- C:\Windows\System\DKIqiLj.exe
  C:\Windows\System\DKIqiLj.exe
  2⤵
  PID:6132
- C:\Windows\System\HEIQofE.exe
  C:\Windows\System\HEIQofE.exe
  2⤵
  PID:4480
- C:\Windows\System\lQIYLVB.exe
  C:\Windows\System\lQIYLVB.exe
  2⤵
  PID:4584
- C:\Windows\System\fmloCWx.exe
  C:\Windows\System\fmloCWx.exe
  2⤵
  PID:4800
- C:\Windows\System\NdftuGd.exe
  C:\Windows\System\NdftuGd.exe
  2⤵
  PID:5008
- C:\Windows\System\ykVJlIF.exe
  C:\Windows\System\ykVJlIF.exe
  2⤵
  PID:1888
- C:\Windows\System\IwDXezj.exe
  C:\Windows\System\IwDXezj.exe
  2⤵
  PID:4288
- C:\Windows\System\wSmmYhb.exe
  C:\Windows\System\wSmmYhb.exe
  2⤵
  PID:2416
- C:\Windows\System\oXROVtA.exe
  C:\Windows\System\oXROVtA.exe
  2⤵
  PID:5164
- C:\Windows\System\ARZotSt.exe
  C:\Windows\System\ARZotSt.exe
  2⤵
  PID:5196
- C:\Windows\System\LwuZRaW.exe
  C:\Windows\System\LwuZRaW.exe
  2⤵
  PID:5224
- C:\Windows\System\PmkHaJb.exe
  C:\Windows\System\PmkHaJb.exe
  2⤵
  PID:5256
- C:\Windows\System\TZjwBzg.exe
  C:\Windows\System\TZjwBzg.exe
  2⤵
  PID:5304
- C:\Windows\System\hRpDqfI.exe
  C:\Windows\System\hRpDqfI.exe
  2⤵
  PID:5368
- C:\Windows\System\ewuPZTi.exe
  C:\Windows\System\ewuPZTi.exe
  2⤵
  PID:5400
- C:\Windows\System\axTmTXs.exe
  C:\Windows\System\axTmTXs.exe
  2⤵
  PID:5428
- C:\Windows\System\BjYXOme.exe
  C:\Windows\System\BjYXOme.exe
  2⤵
  PID:5424
- C:\Windows\System\sxvPJEn.exe
  C:\Windows\System\sxvPJEn.exe
  2⤵
  PID:5524
- C:\Windows\System\Eskkrgk.exe
  C:\Windows\System\Eskkrgk.exe
  2⤵
  PID:5508
- C:\Windows\System\UjRAqjW.exe
  C:\Windows\System\UjRAqjW.exe
  2⤵
  PID:5552
- C:\Windows\System\lbmYpOv.exe
  C:\Windows\System\lbmYpOv.exe
  2⤵
  PID:5548
- C:\Windows\System\GSOjBnB.exe
  C:\Windows\System\GSOjBnB.exe
  2⤵
  PID:1320
- C:\Windows\System\jGVNkHh.exe
  C:\Windows\System\jGVNkHh.exe
  2⤵
  PID:5624
- C:\Windows\System\OGjrypk.exe
  C:\Windows\System\OGjrypk.exe
  2⤵
  PID:5684
- C:\Windows\System\JowGEba.exe
  C:\Windows\System\JowGEba.exe
  2⤵
  PID:5688
- C:\Windows\System\DESCzMh.exe
  C:\Windows\System\DESCzMh.exe
  2⤵
  PID:5708
- C:\Windows\System\NcCoWuk.exe
  C:\Windows\System\NcCoWuk.exe
  2⤵
  PID:5744
- C:\Windows\System\pQKPquO.exe
  C:\Windows\System\pQKPquO.exe
  2⤵
  PID:5812
- C:\Windows\System\nnBaJUq.exe
  C:\Windows\System\nnBaJUq.exe
  2⤵
  PID:1492
- C:\Windows\System\tHYaeGX.exe
  C:\Windows\System\tHYaeGX.exe
  2⤵
  PID:5828
- C:\Windows\System\CZjfUrx.exe
  C:\Windows\System\CZjfUrx.exe
  2⤵
  PID:5884
- C:\Windows\System\JXhrEes.exe
  C:\Windows\System\JXhrEes.exe
  2⤵
  PID:5868
- C:\Windows\System\jkkjzhL.exe
  C:\Windows\System\jkkjzhL.exe
  2⤵
  PID:5940
- C:\Windows\System\vsWxVvI.exe
  C:\Windows\System\vsWxVvI.exe
  2⤵
  PID:2428
- C:\Windows\System\VcdpvRb.exe
  C:\Windows\System\VcdpvRb.exe
  2⤵
  PID:1952
- C:\Windows\System\NGNgWWw.exe
  C:\Windows\System\NGNgWWw.exe
  2⤵
  PID:1700
- C:\Windows\System\WtESCOB.exe
  C:\Windows\System\WtESCOB.exe
  2⤵
  PID:1620
- C:\Windows\System\qQvRjrv.exe
  C:\Windows\System\qQvRjrv.exe
  2⤵
  PID:2784
- C:\Windows\System\WXNeBKN.exe
  C:\Windows\System\WXNeBKN.exe
  2⤵
  PID:2580
- C:\Windows\System\VfoWprg.exe
  C:\Windows\System\VfoWprg.exe
  2⤵
  PID:6016
- C:\Windows\System\uHpdEUK.exe
  C:\Windows\System\uHpdEUK.exe
  2⤵
  PID:6092
- C:\Windows\System\UCxVtFf.exe
  C:\Windows\System\UCxVtFf.exe
  2⤵
  PID:6108
- C:\Windows\System\UXpSjlM.exe
  C:\Windows\System\UXpSjlM.exe
  2⤵
  PID:4560
- C:\Windows\System\yMTselJ.exe
  C:\Windows\System\yMTselJ.exe
  2⤵
  PID:4540
- C:\Windows\System\OtNRpUR.exe
  C:\Windows\System\OtNRpUR.exe
  2⤵
  PID:5084
- C:\Windows\System\GcPieWM.exe
  C:\Windows\System\GcPieWM.exe
  2⤵
  PID:4464
- C:\Windows\System\alqpouO.exe
  C:\Windows\System\alqpouO.exe
  2⤵
  PID:5156
- C:\Windows\System\Fpqucnq.exe
  C:\Windows\System\Fpqucnq.exe
  2⤵
  PID:5124
- C:\Windows\System\TxNshPC.exe
  C:\Windows\System\TxNshPC.exe
  2⤵
  PID:5160
- C:\Windows\System\XzJxuei.exe
  C:\Windows\System\XzJxuei.exe
  2⤵
  PID:5240
- C:\Windows\System\NSxIAid.exe
  C:\Windows\System\NSxIAid.exe
  2⤵
  PID:5980
- C:\Windows\System\DoPNMsm.exe
  C:\Windows\System\DoPNMsm.exe
  2⤵
  PID:5360
- C:\Windows\System\bCeLfoV.exe
  C:\Windows\System\bCeLfoV.exe
  2⤵
  PID:5380
- C:\Windows\System\YxpgKRf.exe
  C:\Windows\System\YxpgKRf.exe
  2⤵
  PID:5484
- C:\Windows\System\TWPpamp.exe
  C:\Windows\System\TWPpamp.exe
  2⤵
  PID:5512
- C:\Windows\System\DWufchb.exe
  C:\Windows\System\DWufchb.exe
  2⤵
  PID:5568
- C:\Windows\System\qsXciBt.exe
  C:\Windows\System\qsXciBt.exe
  2⤵
  PID:5588
- C:\Windows\System\AfcwYBM.exe
  C:\Windows\System\AfcwYBM.exe
  2⤵
  PID:5664
- C:\Windows\System\wbVEVuB.exe
  C:\Windows\System\wbVEVuB.exe
  2⤵
  PID:5648
- C:\Windows\System\CnlAAKt.exe
  C:\Windows\System\CnlAAKt.exe
  2⤵
  PID:5728
- C:\Windows\System\SnurbZI.exe
  C:\Windows\System\SnurbZI.exe
  2⤵
  PID:5748
- C:\Windows\System\PkvDYBl.exe
  C:\Windows\System\PkvDYBl.exe
  2⤵
  PID:1104
- C:\Windows\System\yceWYSd.exe
  C:\Windows\System\yceWYSd.exe
  2⤵
  PID:5832
- C:\Windows\System\nKKPQZe.exe
  C:\Windows\System\nKKPQZe.exe
  2⤵
  PID:2676
- C:\Windows\System\dwNYbkN.exe
  C:\Windows\System\dwNYbkN.exe
  2⤵
  PID:2312
- C:\Windows\System\IXEjElp.exe
  C:\Windows\System\IXEjElp.exe
  2⤵
  PID:5872
- C:\Windows\System\jKmWpOL.exe
  C:\Windows\System\jKmWpOL.exe
  2⤵
  PID:2364
- C:\Windows\System\VCOLaly.exe
  C:\Windows\System\VCOLaly.exe
  2⤵
  PID:6056
- C:\Windows\System\VuHmWGA.exe
  C:\Windows\System\VuHmWGA.exe
  2⤵
  PID:4824
- C:\Windows\System\AuqCdUg.exe
  C:\Windows\System\AuqCdUg.exe
  2⤵
  PID:4924
- C:\Windows\System\xyosmbh.exe
  C:\Windows\System\xyosmbh.exe
  2⤵
  PID:4880
- C:\Windows\System\XXMyVmv.exe
  C:\Windows\System\XXMyVmv.exe
  2⤵
  PID:4428
- C:\Windows\System\FpeDBEk.exe
  C:\Windows\System\FpeDBEk.exe
  2⤵
  PID:3748
- C:\Windows\System\KfxPOal.exe
  C:\Windows\System\KfxPOal.exe
  2⤵
  PID:5572
- C:\Windows\System\NhSJYpF.exe
  C:\Windows\System\NhSJYpF.exe
  2⤵
  PID:5348
- C:\Windows\System\ypRafeK.exe
  C:\Windows\System\ypRafeK.exe
  2⤵
  PID:1192
- C:\Windows\System\JghAgor.exe
  C:\Windows\System\JghAgor.exe
  2⤵
  PID:5628
- C:\Windows\System\VpJJkIB.exe
  C:\Windows\System\VpJJkIB.exe
  2⤵
  PID:1552
- C:\Windows\System\UvzKOIj.exe
  C:\Windows\System\UvzKOIj.exe
  2⤵
  PID:4420
- C:\Windows\System\skCcIFq.exe
  C:\Windows\System\skCcIFq.exe
  2⤵
  PID:5864
- C:\Windows\System\semIhSN.exe
  C:\Windows\System\semIhSN.exe
  2⤵
  PID:6008
- C:\Windows\System\KnbHrkV.exe
  C:\Windows\System\KnbHrkV.exe
  2⤵
  PID:4660
- C:\Windows\System\ZckfdXZ.exe
  C:\Windows\System\ZckfdXZ.exe
  2⤵
  PID:4684
- C:\Windows\System\SlFTTCa.exe
  C:\Windows\System\SlFTTCa.exe
  2⤵
  PID:5244
- C:\Windows\System\KbjPXwv.exe
  C:\Windows\System\KbjPXwv.exe
  2⤵
  PID:5052
- C:\Windows\System\JJDDaSw.exe
  C:\Windows\System\JJDDaSw.exe
  2⤵
  PID:5804
- C:\Windows\System\DZIBTyl.exe
  C:\Windows\System\DZIBTyl.exe
  2⤵
  PID:1816
- C:\Windows\System\IzsdygC.exe
  C:\Windows\System\IzsdygC.exe
  2⤵
  PID:5952
- C:\Windows\System\KKlFcZf.exe
  C:\Windows\System\KKlFcZf.exe
  2⤵
  PID:5668
- C:\Windows\System\sjcAUhg.exe
  C:\Windows\System\sjcAUhg.exe
  2⤵
  PID:5340
- C:\Windows\System\ztZSVBm.exe
  C:\Windows\System\ztZSVBm.exe
  2⤵
  PID:1664
- C:\Windows\System\AiALwsd.exe
  C:\Windows\System\AiALwsd.exe
  2⤵
  PID:5848
- C:\Windows\System\RpKDxGx.exe
  C:\Windows\System\RpKDxGx.exe
  2⤵
  PID:6012
- C:\Windows\System\EITztOP.exe
  C:\Windows\System\EITztOP.exe
  2⤵
  PID:5280
- C:\Windows\System\zugOOjd.exe
  C:\Windows\System\zugOOjd.exe
  2⤵
  PID:1300
- C:\Windows\System\GurLtfa.exe
  C:\Windows\System\GurLtfa.exe
  2⤵
  PID:5724
- C:\Windows\System\hqnmGLk.exe
  C:\Windows\System\hqnmGLk.exe
  2⤵
  PID:3664
- C:\Windows\System\TDDgtSs.exe
  C:\Windows\System\TDDgtSs.exe
  2⤵
  PID:5608
- C:\Windows\System\PqNriIV.exe
  C:\Windows\System\PqNriIV.exe
  2⤵
  PID:5220
- C:\Windows\System\sUSZckV.exe
  C:\Windows\System\sUSZckV.exe
  2⤵
  PID:4644
- C:\Windows\System\fcTtMhc.exe
  C:\Windows\System\fcTtMhc.exe
  2⤵
  PID:6004
- C:\Windows\System\EaOXodd.exe
  C:\Windows\System\EaOXodd.exe
  2⤵
  PID:5364
- C:\Windows\System\ZNobBWx.exe
  C:\Windows\System\ZNobBWx.exe
  2⤵
  PID:5324
- C:\Windows\System\CBNrHZf.exe
  C:\Windows\System\CBNrHZf.exe
  2⤵
  PID:2208
- C:\Windows\System\pLPgwrs.exe
  C:\Windows\System\pLPgwrs.exe
  2⤵
  PID:3108
- C:\Windows\System\LmxSQVj.exe
  C:\Windows\System\LmxSQVj.exe
  2⤵
  PID:2076
- C:\Windows\System\pSxBMwU.exe
  C:\Windows\System\pSxBMwU.exe
  2⤵
  PID:5420
- C:\Windows\System\AXGDjGK.exe
  C:\Windows\System\AXGDjGK.exe
  2⤵
  PID:5204
- C:\Windows\System\awgZMiO.exe
  C:\Windows\System\awgZMiO.exe
  2⤵
  PID:4780
- C:\Windows\System\wPDEDPC.exe
  C:\Windows\System\wPDEDPC.exe
  2⤵
  PID:6076
- C:\Windows\System\ZmneDZm.exe
  C:\Windows\System\ZmneDZm.exe
  2⤵
  PID:6148
- C:\Windows\System\dvVzrlx.exe
  C:\Windows\System\dvVzrlx.exe
  2⤵
  PID:6168
- C:\Windows\System\KkdGFYk.exe
  C:\Windows\System\KkdGFYk.exe
  2⤵
  PID:6184
- C:\Windows\System\skjKbCa.exe
  C:\Windows\System\skjKbCa.exe
  2⤵
  PID:6216
- C:\Windows\System\ujXcCbW.exe
  C:\Windows\System\ujXcCbW.exe
  2⤵
  PID:6232
- C:\Windows\System\ycLuqCS.exe
  C:\Windows\System\ycLuqCS.exe
  2⤵
  PID:6248
- C:\Windows\System\pMyYbNF.exe
  C:\Windows\System\pMyYbNF.exe
  2⤵
  PID:6272
- C:\Windows\System\HNFZwSN.exe
  C:\Windows\System\HNFZwSN.exe
  2⤵
  PID:6288
- C:\Windows\System\FFUNFGH.exe
  C:\Windows\System\FFUNFGH.exe
  2⤵
  PID:6308
- C:\Windows\System\APhOJhB.exe
  C:\Windows\System\APhOJhB.exe
  2⤵
  PID:6324
- C:\Windows\System\xwsnCzT.exe
  C:\Windows\System\xwsnCzT.exe
  2⤵
  PID:6340
- C:\Windows\System\ycGsnof.exe
  C:\Windows\System\ycGsnof.exe
  2⤵
  PID:6356
- C:\Windows\System\YTNZTIh.exe
  C:\Windows\System\YTNZTIh.exe
  2⤵
  PID:6376
- C:\Windows\System\Esbsqpy.exe
  C:\Windows\System\Esbsqpy.exe
  2⤵
  PID:6392
- C:\Windows\System\bctsuUu.exe
  C:\Windows\System\bctsuUu.exe
  2⤵
  PID:6416
- C:\Windows\System\kPqYVtL.exe
  C:\Windows\System\kPqYVtL.exe
  2⤵
  PID:6440
- C:\Windows\System\BqhLPWx.exe
  C:\Windows\System\BqhLPWx.exe
  2⤵
  PID:6472
- C:\Windows\System\CsNajpe.exe
  C:\Windows\System\CsNajpe.exe
  2⤵
  PID:6488
- C:\Windows\System\vjSoqjq.exe
  C:\Windows\System\vjSoqjq.exe
  2⤵
  PID:6504
- C:\Windows\System\LqjuMhg.exe
  C:\Windows\System\LqjuMhg.exe
  2⤵
  PID:6520
- C:\Windows\System\JwlZhrB.exe
  C:\Windows\System\JwlZhrB.exe
  2⤵
  PID:6536
- C:\Windows\System\hqGDSGy.exe
  C:\Windows\System\hqGDSGy.exe
  2⤵
  PID:6552
- C:\Windows\System\retPyDX.exe
  C:\Windows\System\retPyDX.exe
  2⤵
  PID:6568
- C:\Windows\System\KwwUCCx.exe
  C:\Windows\System\KwwUCCx.exe
  2⤵
  PID:6596
- C:\Windows\System\TPEBOMj.exe
  C:\Windows\System\TPEBOMj.exe
  2⤵
  PID:6632
- C:\Windows\System\EBjoYmV.exe
  C:\Windows\System\EBjoYmV.exe
  2⤵
  PID:6648
- C:\Windows\System\mXwBXOv.exe
  C:\Windows\System\mXwBXOv.exe
  2⤵
  PID:6668
- C:\Windows\System\VsgSeIZ.exe
  C:\Windows\System\VsgSeIZ.exe
  2⤵
  PID:6684
- C:\Windows\System\PXrvwNS.exe
  C:\Windows\System\PXrvwNS.exe
  2⤵
  PID:6700
- C:\Windows\System\KetVHIZ.exe
  C:\Windows\System\KetVHIZ.exe
  2⤵
  PID:6716
- C:\Windows\System\BDZAWuC.exe
  C:\Windows\System\BDZAWuC.exe
  2⤵
  PID:6732
- C:\Windows\System\QuOWQJr.exe
  C:\Windows\System\QuOWQJr.exe
  2⤵
  PID:6748
- C:\Windows\System\UVERzxk.exe
  C:\Windows\System\UVERzxk.exe
  2⤵
  PID:6764
- C:\Windows\System\BJeYujf.exe
  C:\Windows\System\BJeYujf.exe
  2⤵
  PID:6780
- C:\Windows\System\LnbTpVC.exe
  C:\Windows\System\LnbTpVC.exe
  2⤵
  PID:6796
- C:\Windows\System\REtMTtf.exe
  C:\Windows\System\REtMTtf.exe
  2⤵
  PID:6816
- C:\Windows\System\meWgghR.exe
  C:\Windows\System\meWgghR.exe
  2⤵
  PID:6852
- C:\Windows\System\KKcvCnW.exe
  C:\Windows\System\KKcvCnW.exe
  2⤵
  PID:6868
- C:\Windows\System\BzSaRHU.exe
  C:\Windows\System\BzSaRHU.exe
  2⤵
  PID:6912
- C:\Windows\System\IRhldBm.exe
  C:\Windows\System\IRhldBm.exe
  2⤵
  PID:6928
- C:\Windows\System\geCRaHh.exe
  C:\Windows\System\geCRaHh.exe
  2⤵
  PID:6948
- C:\Windows\System\MwBtAxf.exe
  C:\Windows\System\MwBtAxf.exe
  2⤵
  PID:6964
- C:\Windows\System\HSeqjLx.exe
  C:\Windows\System\HSeqjLx.exe
  2⤵
  PID:6980
- C:\Windows\System\fWqXFKo.exe
  C:\Windows\System\fWqXFKo.exe
  2⤵
  PID:6996
- C:\Windows\System\ZLNzWnj.exe
  C:\Windows\System\ZLNzWnj.exe
  2⤵
  PID:7012
- C:\Windows\System\hCzfFUM.exe
  C:\Windows\System\hCzfFUM.exe
  2⤵
  PID:7028
- C:\Windows\System\deKwUWJ.exe
  C:\Windows\System\deKwUWJ.exe
  2⤵
  PID:7044
- C:\Windows\System\DRPmNqV.exe
  C:\Windows\System\DRPmNqV.exe
  2⤵
  PID:7060
- C:\Windows\System\KZztCiN.exe
  C:\Windows\System\KZztCiN.exe
  2⤵
  PID:7076
- C:\Windows\System\DPeFzbe.exe
  C:\Windows\System\DPeFzbe.exe
  2⤵
  PID:7092
- C:\Windows\System\aiXjJUI.exe
  C:\Windows\System\aiXjJUI.exe
  2⤵
  PID:7156
- C:\Windows\System\dUkfhug.exe
  C:\Windows\System\dUkfhug.exe
  2⤵
  PID:5320
- C:\Windows\System\ZJnovmO.exe
  C:\Windows\System\ZJnovmO.exe
  2⤵
  PID:2680
- C:\Windows\System\lQxbqbe.exe
  C:\Windows\System\lQxbqbe.exe
  2⤵
  PID:6160
- C:\Windows\System\pJFEiId.exe
  C:\Windows\System\pJFEiId.exe
  2⤵
  PID:6212
- C:\Windows\System\SVmKPNG.exe
  C:\Windows\System\SVmKPNG.exe
  2⤵
  PID:6264
- C:\Windows\System\rthQpgu.exe
  C:\Windows\System\rthQpgu.exe
  2⤵
  PID:6320
- C:\Windows\System\knrerXA.exe
  C:\Windows\System\knrerXA.exe
  2⤵
  PID:6332
- C:\Windows\System\TRdyMdo.exe
  C:\Windows\System\TRdyMdo.exe
  2⤵
  PID:6372
- C:\Windows\System\fAvXeRI.exe
  C:\Windows\System\fAvXeRI.exe
  2⤵
  PID:6400
- C:\Windows\System\tXXWYbr.exe
  C:\Windows\System\tXXWYbr.exe
  2⤵
  PID:6448
- C:\Windows\System\IAkWDVb.exe
  C:\Windows\System\IAkWDVb.exe
  2⤵
  PID:6388
- C:\Windows\System\VRWpZZg.exe
  C:\Windows\System\VRWpZZg.exe
  2⤵
  PID:6528
- C:\Windows\System\FLtnNPO.exe
  C:\Windows\System\FLtnNPO.exe
  2⤵
  PID:6484
- C:\Windows\System\RNvLitI.exe
  C:\Windows\System\RNvLitI.exe
  2⤵
  PID:6424
- C:\Windows\System\LylyAeo.exe
  C:\Windows\System\LylyAeo.exe
  2⤵
  PID:6612
- C:\Windows\System\UFZXydc.exe
  C:\Windows\System\UFZXydc.exe
  2⤵
  PID:6628
- C:\Windows\System\eJSKEwD.exe
  C:\Windows\System\eJSKEwD.exe
  2⤵
  PID:6692
- C:\Windows\System\TNzavOZ.exe
  C:\Windows\System\TNzavOZ.exe
  2⤵
  PID:6696
- C:\Windows\System\CiFkLdS.exe
  C:\Windows\System\CiFkLdS.exe
  2⤵
  PID:6680
- C:\Windows\System\xhthXKv.exe
  C:\Windows\System\xhthXKv.exe
  2⤵
  PID:6788
- C:\Windows\System\RxJsQqu.exe
  C:\Windows\System\RxJsQqu.exe
  2⤵
  PID:6740
- C:\Windows\System\xGGZbgO.exe
  C:\Windows\System\xGGZbgO.exe
  2⤵
  PID:6840
- C:\Windows\System\QRczAwp.exe
  C:\Windows\System\QRczAwp.exe
  2⤵
  PID:4960
- C:\Windows\System\buhjrIj.exe
  C:\Windows\System\buhjrIj.exe
  2⤵
  PID:6956
- C:\Windows\System\WEzaGgv.exe
  C:\Windows\System\WEzaGgv.exe
  2⤵
  PID:6900
- C:\Windows\System\kYppXhr.exe
  C:\Windows\System\kYppXhr.exe
  2⤵
  PID:6908
- C:\Windows\System\UkcwndI.exe
  C:\Windows\System\UkcwndI.exe
  2⤵
  PID:6976
- C:\Windows\System\WFmlpkU.exe
  C:\Windows\System\WFmlpkU.exe
  2⤵
  PID:7040
- C:\Windows\System\BvTCMle.exe
  C:\Windows\System\BvTCMle.exe
  2⤵
  PID:7104
- C:\Windows\System\QsQQWaZ.exe
  C:\Windows\System\QsQQWaZ.exe
  2⤵
  PID:7124
- C:\Windows\System\tsYEVBw.exe
  C:\Windows\System\tsYEVBw.exe
  2⤵
  PID:7140
- C:\Windows\System\YnJKvhZ.exe
  C:\Windows\System\YnJKvhZ.exe
  2⤵
  PID:7084
- C:\Windows\System\kPRGUKi.exe
  C:\Windows\System\kPRGUKi.exe
  2⤵
  PID:6180
- C:\Windows\System\fEFjvix.exe
  C:\Windows\System\fEFjvix.exe
  2⤵
  PID:1984
- C:\Windows\System\DIROdnM.exe
  C:\Windows\System\DIROdnM.exe
  2⤵
  PID:6228
- C:\Windows\System\alWIVJk.exe
  C:\Windows\System\alWIVJk.exe
  2⤵
  PID:6348
- C:\Windows\System\TguZVct.exe
  C:\Windows\System\TguZVct.exe
  2⤵
  PID:6404
- C:\Windows\System\jbPyZDu.exe
  C:\Windows\System\jbPyZDu.exe
  2⤵
  PID:6384
- C:\Windows\System\qcHNUJp.exe
  C:\Windows\System\qcHNUJp.exe
  2⤵
  PID:6456
- C:\Windows\System\mXCenot.exe
  C:\Windows\System\mXCenot.exe
  2⤵
  PID:6744
- C:\Windows\System\SgeJbfn.exe
  C:\Windows\System\SgeJbfn.exe
  2⤵
  PID:6624
- C:\Windows\System\xisLOPO.exe
  C:\Windows\System\xisLOPO.exe
  2⤵
  PID:6580
- C:\Windows\System\ArMkXPF.exe
  C:\Windows\System\ArMkXPF.exe
  2⤵
  PID:6828
- C:\Windows\System\OIfsbum.exe
  C:\Windows\System\OIfsbum.exe
  2⤵
  PID:6608
- C:\Windows\System\vVThpxp.exe
  C:\Windows\System\vVThpxp.exe
  2⤵
  PID:6576
- C:\Windows\System\RSTkQwu.exe
  C:\Windows\System\RSTkQwu.exe
  2⤵
  PID:6896
- C:\Windows\System\BCDKhLT.exe
  C:\Windows\System\BCDKhLT.exe
  2⤵
  PID:6884
- C:\Windows\System\xguhjTa.exe
  C:\Windows\System\xguhjTa.exe
  2⤵
  PID:6880
- C:\Windows\System\OkmMYHW.exe
  C:\Windows\System\OkmMYHW.exe
  2⤵
  PID:7120
- C:\Windows\System\TxnDtiE.exe
  C:\Windows\System\TxnDtiE.exe
  2⤵
  PID:6960
- C:\Windows\System\vmxGipS.exe
  C:\Windows\System\vmxGipS.exe
  2⤵
  PID:7020
- C:\Windows\System\hKctSLh.exe
  C:\Windows\System\hKctSLh.exe
  2⤵
  PID:7132
- C:\Windows\System\iqApOmH.exe
  C:\Windows\System\iqApOmH.exe
  2⤵
  PID:6192
- C:\Windows\System\GfqNoRi.exe
  C:\Windows\System\GfqNoRi.exe
  2⤵
  PID:6364
- C:\Windows\System\VPbXgmC.exe
  C:\Windows\System\VPbXgmC.exe
  2⤵
  PID:6712
- C:\Windows\System\fKjWLbf.exe
  C:\Windows\System\fKjWLbf.exe
  2⤵
  PID:6772
- C:\Windows\System\ooCDddB.exe
  C:\Windows\System\ooCDddB.exe
  2⤵
  PID:6468
- C:\Windows\System\nuSmpwz.exe
  C:\Windows\System\nuSmpwz.exe
  2⤵
  PID:6776
- C:\Windows\System\UWKzKYw.exe
  C:\Windows\System\UWKzKYw.exe
  2⤵
  PID:6888
- C:\Windows\System\iWwWqqB.exe
  C:\Windows\System\iWwWqqB.exe
  2⤵
  PID:6992
- C:\Windows\System\GQEnixS.exe
  C:\Windows\System\GQEnixS.exe
  2⤵
  PID:6924
- C:\Windows\System\HstJTlG.exe
  C:\Windows\System\HstJTlG.exe
  2⤵
  PID:7024
- C:\Windows\System\AZOGnLa.exe
  C:\Windows\System\AZOGnLa.exe
  2⤵
  PID:7108
- C:\Windows\System\cKriDsv.exe
  C:\Windows\System\cKriDsv.exe
  2⤵
  PID:7148
- C:\Windows\System\tlKqYAO.exe
  C:\Windows\System\tlKqYAO.exe
  2⤵
  PID:6368
- C:\Windows\System\qJYiZnB.exe
  C:\Windows\System\qJYiZnB.exe
  2⤵
  PID:6280
- C:\Windows\System\IoLwrik.exe
  C:\Windows\System\IoLwrik.exe
  2⤵
  PID:6940
- C:\Windows\System\lmabzVJ.exe
  C:\Windows\System\lmabzVJ.exe
  2⤵
  PID:6516
- C:\Windows\System\DZDMjoN.exe
  C:\Windows\System\DZDMjoN.exe
  2⤵
  PID:7100
- C:\Windows\System\aRlBAQv.exe
  C:\Windows\System\aRlBAQv.exe
  2⤵
  PID:2488
- C:\Windows\System\FzpIMXU.exe
  C:\Windows\System\FzpIMXU.exe
  2⤵
  PID:6268
- C:\Windows\System\BbMmHuP.exe
  C:\Windows\System\BbMmHuP.exe
  2⤵
  PID:6756
- C:\Windows\System\JKcEcmV.exe
  C:\Windows\System\JKcEcmV.exe
  2⤵
  PID:6920
- C:\Windows\System\YQIVloY.exe
  C:\Windows\System\YQIVloY.exe
  2⤵
  PID:6824
- C:\Windows\System\tUkpXxR.exe
  C:\Windows\System\tUkpXxR.exe
  2⤵
  PID:6848
- C:\Windows\System\xOahDpu.exe
  C:\Windows\System\xOahDpu.exe
  2⤵
  PID:7152
- C:\Windows\System\mACZpPV.exe
  C:\Windows\System\mACZpPV.exe
  2⤵
  PID:7180
- C:\Windows\System\LMdkcXa.exe
  C:\Windows\System\LMdkcXa.exe
  2⤵
  PID:7200
- C:\Windows\System\CemHGGZ.exe
  C:\Windows\System\CemHGGZ.exe
  2⤵
  PID:7220
- C:\Windows\System\zfmtVcv.exe
  C:\Windows\System\zfmtVcv.exe
  2⤵
  PID:7236
- C:\Windows\System\iFluwus.exe
  C:\Windows\System\iFluwus.exe
  2⤵
  PID:7252
- C:\Windows\System\zpfWxhj.exe
  C:\Windows\System\zpfWxhj.exe
  2⤵
  PID:7272
- C:\Windows\System\MQRhdlf.exe
  C:\Windows\System\MQRhdlf.exe
  2⤵
  PID:7292
- C:\Windows\System\qWieeVg.exe
  C:\Windows\System\qWieeVg.exe
  2⤵
  PID:7336
- C:\Windows\System\XDKNVhW.exe
  C:\Windows\System\XDKNVhW.exe
  2⤵
  PID:7352
- C:\Windows\System\jCURdau.exe
  C:\Windows\System\jCURdau.exe
  2⤵
  PID:7368
- C:\Windows\System\tkYqgLz.exe
  C:\Windows\System\tkYqgLz.exe
  2⤵
  PID:7384
- C:\Windows\System\NFPWqUa.exe
  C:\Windows\System\NFPWqUa.exe
  2⤵
  PID:7400
- C:\Windows\System\vIjrQeg.exe
  C:\Windows\System\vIjrQeg.exe
  2⤵
  PID:7416
- C:\Windows\System\rKiqMuw.exe
  C:\Windows\System\rKiqMuw.exe
  2⤵
  PID:7432
- C:\Windows\System\xbwwgui.exe
  C:\Windows\System\xbwwgui.exe
  2⤵
  PID:7448
- C:\Windows\System\WQdafhi.exe
  C:\Windows\System\WQdafhi.exe
  2⤵
  PID:7484
- C:\Windows\System\eVwyYvt.exe
  C:\Windows\System\eVwyYvt.exe
  2⤵
  PID:7512
- C:\Windows\System\GoxCYYP.exe
  C:\Windows\System\GoxCYYP.exe
  2⤵
  PID:7536
- C:\Windows\System\fMUnDQN.exe
  C:\Windows\System\fMUnDQN.exe
  2⤵
  PID:7552
- C:\Windows\System\JQfWVzn.exe
  C:\Windows\System\JQfWVzn.exe
  2⤵
  PID:7576
- C:\Windows\System\yHhJrYy.exe
  C:\Windows\System\yHhJrYy.exe
  2⤵
  PID:7592
- C:\Windows\System\ItZmWdH.exe
  C:\Windows\System\ItZmWdH.exe
  2⤵
  PID:7608
- C:\Windows\System\upGRwRO.exe
  C:\Windows\System\upGRwRO.exe
  2⤵
  PID:7624
- C:\Windows\System\zwWxoEt.exe
  C:\Windows\System\zwWxoEt.exe
  2⤵
  PID:7648
- C:\Windows\System\gFZIiZP.exe
  C:\Windows\System\gFZIiZP.exe
  2⤵
  PID:7668
- C:\Windows\System\FKgLQyW.exe
  C:\Windows\System\FKgLQyW.exe
  2⤵
  PID:7684
- C:\Windows\System\fgPriDM.exe
  C:\Windows\System\fgPriDM.exe
  2⤵
  PID:7708
- C:\Windows\System\OESpAZG.exe
  C:\Windows\System\OESpAZG.exe
  2⤵
  PID:7732
- C:\Windows\System\lbqATns.exe
  C:\Windows\System\lbqATns.exe
  2⤵
  PID:7748
- C:\Windows\System\TyOdqwF.exe
  C:\Windows\System\TyOdqwF.exe
  2⤵
  PID:7768
- C:\Windows\System\gnuznvF.exe
  C:\Windows\System\gnuznvF.exe
  2⤵
  PID:7784
- C:\Windows\System\VslxhCD.exe
  C:\Windows\System\VslxhCD.exe
  2⤵
  PID:7800
- C:\Windows\System\RhimksZ.exe
  C:\Windows\System\RhimksZ.exe
  2⤵
  PID:7820
- C:\Windows\System\DXZQksY.exe
  C:\Windows\System\DXZQksY.exe
  2⤵
  PID:7848
- C:\Windows\System\JREqLTB.exe
  C:\Windows\System\JREqLTB.exe
  2⤵
  PID:7872
- C:\Windows\System\nXlITZM.exe
  C:\Windows\System\nXlITZM.exe
  2⤵
  PID:7892
- C:\Windows\System\RzGBMqq.exe
  C:\Windows\System\RzGBMqq.exe
  2⤵
  PID:7912
- C:\Windows\System\ztikUXl.exe
  C:\Windows\System\ztikUXl.exe
  2⤵
  PID:7928
- C:\Windows\System\FBZFcbk.exe
  C:\Windows\System\FBZFcbk.exe
  2⤵
  PID:7944
- C:\Windows\System\gAUInVM.exe
  C:\Windows\System\gAUInVM.exe
  2⤵
  PID:7964
- C:\Windows\System\kofkcbW.exe
  C:\Windows\System\kofkcbW.exe
  2⤵
  PID:7984
- C:\Windows\System\iPtNmIg.exe
  C:\Windows\System\iPtNmIg.exe
  2⤵
  PID:8008
- C:\Windows\System\wKNDZCk.exe
  C:\Windows\System\wKNDZCk.exe
  2⤵
  PID:8024
- C:\Windows\System\CLaDhmX.exe
  C:\Windows\System\CLaDhmX.exe
  2⤵
  PID:8044
- C:\Windows\System\WoFitqy.exe
  C:\Windows\System\WoFitqy.exe
  2⤵
  PID:8060
- C:\Windows\System\RmfulUG.exe
  C:\Windows\System\RmfulUG.exe
  2⤵
  PID:8080
- C:\Windows\System\sRvbDSx.exe
  C:\Windows\System\sRvbDSx.exe
  2⤵
  PID:8104
- C:\Windows\System\pBpnIMe.exe
  C:\Windows\System\pBpnIMe.exe
  2⤵
  PID:8128
- C:\Windows\System\NUajNLW.exe
  C:\Windows\System\NUajNLW.exe
  2⤵
  PID:8148
- C:\Windows\System\xWBIHxL.exe
  C:\Windows\System\xWBIHxL.exe
  2⤵
  PID:8164
- C:\Windows\System\wIuEhdU.exe
  C:\Windows\System\wIuEhdU.exe
  2⤵
  PID:8180
- C:\Windows\System\xUVDmDA.exe
  C:\Windows\System\xUVDmDA.exe
  2⤵
  PID:6224
- C:\Windows\System\GZMuTuc.exe
  C:\Windows\System\GZMuTuc.exe
  2⤵
  PID:7228
- C:\Windows\System\HmvzxvD.exe
  C:\Windows\System\HmvzxvD.exe
  2⤵
  PID:6620
- C:\Windows\System\ozgGcfP.exe
  C:\Windows\System\ozgGcfP.exe
  2⤵
  PID:7304
- C:\Windows\System\rSNCUnC.exe
  C:\Windows\System\rSNCUnC.exe
  2⤵
  PID:6644
- C:\Windows\System\vTAwMHf.exe
  C:\Windows\System\vTAwMHf.exe
  2⤵
  PID:7320
- C:\Windows\System\SjnHTwN.exe
  C:\Windows\System\SjnHTwN.exe
  2⤵
  PID:7392
- C:\Windows\System\WwbrKDn.exe
  C:\Windows\System\WwbrKDn.exe
  2⤵
  PID:7456
- C:\Windows\System\XTroTnp.exe
  C:\Windows\System\XTroTnp.exe
  2⤵
  PID:7408
- C:\Windows\System\BCnJqwE.exe
  C:\Windows\System\BCnJqwE.exe
  2⤵
  PID:7464
- C:\Windows\System\gTLLjtc.exe
  C:\Windows\System\gTLLjtc.exe
  2⤵
  PID:7492
- C:\Windows\System\jgepHCM.exe
  C:\Windows\System\jgepHCM.exe
  2⤵
  PID:7508
- C:\Windows\System\mGMmICB.exe
  C:\Windows\System\mGMmICB.exe
  2⤵
  PID:7560
- C:\Windows\System\qDBJjyC.exe
  C:\Windows\System\qDBJjyC.exe
  2⤵
  PID:7588
- C:\Windows\System\uOyeaZl.exe
  C:\Windows\System\uOyeaZl.exe
  2⤵
  PID:7636
- C:\Windows\System\EkMCOdl.exe
  C:\Windows\System\EkMCOdl.exe
  2⤵
  PID:7620
- C:\Windows\System\QmfKGfd.exe
  C:\Windows\System\QmfKGfd.exe
  2⤵
  PID:7664
- C:\Windows\System\cLWDguW.exe
  C:\Windows\System\cLWDguW.exe
  2⤵
  PID:7704
- C:\Windows\System\zxMoMHT.exe
  C:\Windows\System\zxMoMHT.exe
  2⤵
  PID:7724
- C:\Windows\System\zBtrpzx.exe
  C:\Windows\System\zBtrpzx.exe
  2⤵
  PID:7776
- C:\Windows\System\JFeHpBH.exe
  C:\Windows\System\JFeHpBH.exe
  2⤵
  PID:7796
- C:\Windows\System\EVfhcYV.exe
  C:\Windows\System\EVfhcYV.exe
  2⤵
  PID:7816
- C:\Windows\System\iusRPVe.exe
  C:\Windows\System\iusRPVe.exe
  2⤵
  PID:7956
- C:\Windows\System\QBtTSEl.exe
  C:\Windows\System\QBtTSEl.exe
  2⤵
  PID:8000
- C:\Windows\System\TxuWXXP.exe
  C:\Windows\System\TxuWXXP.exe
  2⤵
  PID:7936
- C:\Windows\System\eWxMVFt.exe
  C:\Windows\System\eWxMVFt.exe
  2⤵
  PID:7904
- C:\Windows\System\HZwKndQ.exe
  C:\Windows\System\HZwKndQ.exe
  2⤵
  PID:8052
- C:\Windows\System\AOiIEAt.exe
  C:\Windows\System\AOiIEAt.exe
  2⤵
  PID:8016
- C:\Windows\System\YjIAFAu.exe
  C:\Windows\System\YjIAFAu.exe
  2⤵
  PID:8136
- C:\Windows\System\mHBJCki.exe
  C:\Windows\System\mHBJCki.exe
  2⤵
  PID:8188
- C:\Windows\System\xcNjinw.exe
  C:\Windows\System\xcNjinw.exe
  2⤵
  PID:7244
- C:\Windows\System\BGhZAeU.exe
  C:\Windows\System\BGhZAeU.exe
  2⤵
  PID:7172
- C:\Windows\System\OWLMNwf.exe
  C:\Windows\System\OWLMNwf.exe
  2⤵
  PID:8144
- C:\Windows\System\STvpajW.exe
  C:\Windows\System\STvpajW.exe
  2⤵
  PID:7332
- C:\Windows\System\tLaEPzF.exe
  C:\Windows\System\tLaEPzF.exe
  2⤵
  PID:7364
- C:\Windows\System\fimBzhJ.exe
  C:\Windows\System\fimBzhJ.exe
  2⤵
  PID:7472
- C:\Windows\System\xJBmjoG.exe
  C:\Windows\System\xJBmjoG.exe
  2⤵
  PID:7520
- C:\Windows\System\lzoBxpo.exe
  C:\Windows\System\lzoBxpo.exe
  2⤵
  PID:7500
- C:\Windows\System\ZozobfG.exe
  C:\Windows\System\ZozobfG.exe
  2⤵
  PID:7444
- C:\Windows\System\LSwMtsK.exe
  C:\Windows\System\LSwMtsK.exe
  2⤵
  PID:7740
- C:\Windows\System\FrZzPQd.exe
  C:\Windows\System\FrZzPQd.exe
  2⤵
  PID:7840
- C:\Windows\System\hxIvCYr.exe
  C:\Windows\System\hxIvCYr.exe
  2⤵
  PID:7600
- C:\Windows\System\gbVKjgK.exe
  C:\Windows\System\gbVKjgK.exe
  2⤵
  PID:7700
- C:\Windows\System\mrGmmRC.exe
  C:\Windows\System\mrGmmRC.exe
  2⤵
  PID:7812
- C:\Windows\System\hYBFicB.exe
  C:\Windows\System\hYBFicB.exe
  2⤵
  PID:8112
- C:\Windows\System\gKAVYvk.exe
  C:\Windows\System\gKAVYvk.exe
  2⤵
  PID:7972
- C:\Windows\System\AOdrwVL.exe
  C:\Windows\System\AOdrwVL.exe
  2⤵
  PID:7864
- C:\Windows\System\JBmgiie.exe
  C:\Windows\System\JBmgiie.exe
  2⤵
  PID:8160
- C:\Windows\System\RWIOYda.exe
  C:\Windows\System\RWIOYda.exe
  2⤵
  PID:7260
- C:\Windows\System\yqcVoXe.exe
  C:\Windows\System\yqcVoXe.exe
  2⤵
  PID:7284
- C:\Windows\System\nSZjYOB.exe
  C:\Windows\System\nSZjYOB.exe
  2⤵
  PID:7428
- C:\Windows\System\SnItLnW.exe
  C:\Windows\System\SnItLnW.exe
  2⤵
  PID:7656
- C:\Windows\System\vxbXQXq.exe
  C:\Windows\System\vxbXQXq.exe
  2⤵
  PID:7728
- C:\Windows\System\pfuwMDM.exe
  C:\Windows\System\pfuwMDM.exe
  2⤵
  PID:7544
- C:\Windows\System\gCeyjIa.exe
  C:\Windows\System\gCeyjIa.exe
  2⤵
  PID:7760
- C:\Windows\System\MPMlIVN.exe
  C:\Windows\System\MPMlIVN.exe
  2⤵
  PID:8036
- C:\Windows\System\qKdjMhi.exe
  C:\Windows\System\qKdjMhi.exe
  2⤵
  PID:8120
- C:\Windows\System\axipMDH.exe
  C:\Windows\System\axipMDH.exe
  2⤵
  PID:7196
- C:\Windows\System\qgBlHjf.exe
  C:\Windows\System\qgBlHjf.exe
  2⤵
  PID:6500
- C:\Windows\System\mfzDDQe.exe
  C:\Windows\System\mfzDDQe.exe
  2⤵
  PID:7176
- C:\Windows\System\mPNRWPw.exe
  C:\Windows\System\mPNRWPw.exe
  2⤵
  PID:7312
- C:\Windows\System\bSIcekN.exe
  C:\Windows\System\bSIcekN.exe
  2⤵
  PID:7716
- C:\Windows\System\lgIQvSe.exe
  C:\Windows\System\lgIQvSe.exe
  2⤵
  PID:8100
- C:\Windows\System\swTNETh.exe
  C:\Windows\System\swTNETh.exe
  2⤵
  PID:7532
- C:\Windows\System\hzCSvZw.exe
  C:\Windows\System\hzCSvZw.exe
  2⤵
  PID:7952
- C:\Windows\System\RwIeKWG.exe
  C:\Windows\System\RwIeKWG.exe
  2⤵
  PID:8092
- C:\Windows\System\cpyaLfo.exe
  C:\Windows\System\cpyaLfo.exe
  2⤵
  PID:7880
- C:\Windows\System\llzLUmG.exe
  C:\Windows\System\llzLUmG.exe
  2⤵
  PID:7232
- C:\Windows\System\qlWGpqA.exe
  C:\Windows\System\qlWGpqA.exe
  2⤵
  PID:7888
- C:\Windows\System\YBqOEBg.exe
  C:\Windows\System\YBqOEBg.exe
  2⤵
  PID:6864
- C:\Windows\System\VhkcJVE.exe
  C:\Windows\System\VhkcJVE.exe
  2⤵
  PID:7900
- C:\Windows\System\ziSBGiY.exe
  C:\Windows\System\ziSBGiY.exe
  2⤵
  PID:8196
- C:\Windows\System\skbtBiN.exe
  C:\Windows\System\skbtBiN.exe
  2⤵
  PID:8212
- C:\Windows\System\SWtzPIO.exe
  C:\Windows\System\SWtzPIO.exe
  2⤵
  PID:8236
- C:\Windows\System\DLiKzpv.exe
  C:\Windows\System\DLiKzpv.exe
  2⤵
  PID:8256
- C:\Windows\System\XnAQqkM.exe
  C:\Windows\System\XnAQqkM.exe
  2⤵
  PID:8276
- C:\Windows\System\hxumFwF.exe
  C:\Windows\System\hxumFwF.exe
  2⤵
  PID:8296
- C:\Windows\System\uuoXmzO.exe
  C:\Windows\System\uuoXmzO.exe
  2⤵
  PID:8316
- C:\Windows\System\AHusIFc.exe
  C:\Windows\System\AHusIFc.exe
  2⤵
  PID:8336
- C:\Windows\System\OyuvEQz.exe
  C:\Windows\System\OyuvEQz.exe
  2⤵
  PID:8352
- C:\Windows\System\ymRlEha.exe
  C:\Windows\System\ymRlEha.exe
  2⤵
  PID:8380
- C:\Windows\System\zVdPXvN.exe
  C:\Windows\System\zVdPXvN.exe
  2⤵
  PID:8404
- C:\Windows\System\HPthhIH.exe
  C:\Windows\System\HPthhIH.exe
  2⤵
  PID:8420
- C:\Windows\System\FAvBudf.exe
  C:\Windows\System\FAvBudf.exe
  2⤵
  PID:8436
- C:\Windows\System\eYAhzXy.exe
  C:\Windows\System\eYAhzXy.exe
  2⤵
  PID:8484
- C:\Windows\System\WdRuVRa.exe
  C:\Windows\System\WdRuVRa.exe
  2⤵
  PID:8504
- C:\Windows\System\WsHSwiy.exe
  C:\Windows\System\WsHSwiy.exe
  2⤵
  PID:8520
- C:\Windows\System\kCzSyJo.exe
  C:\Windows\System\kCzSyJo.exe
  2⤵
  PID:8540
- C:\Windows\System\MeVdBNP.exe
  C:\Windows\System\MeVdBNP.exe
  2⤵
  PID:8556
- C:\Windows\System\vkpdqcD.exe
  C:\Windows\System\vkpdqcD.exe
  2⤵
  PID:8576
- C:\Windows\System\tpGYkUu.exe
  C:\Windows\System\tpGYkUu.exe
  2⤵
  PID:8596
- C:\Windows\System\dnfpovB.exe
  C:\Windows\System\dnfpovB.exe
  2⤵
  PID:8616
- C:\Windows\System\gBdKbnJ.exe
  C:\Windows\System\gBdKbnJ.exe
  2⤵
  PID:8632
- C:\Windows\System\WbspOJO.exe
  C:\Windows\System\WbspOJO.exe
  2⤵
  PID:8656
- C:\Windows\System\FyTdcnH.exe
  C:\Windows\System\FyTdcnH.exe
  2⤵
  PID:8676
- C:\Windows\System\DIexqDq.exe
  C:\Windows\System\DIexqDq.exe
  2⤵
  PID:8692
- C:\Windows\System\iKfUTPa.exe
  C:\Windows\System\iKfUTPa.exe
  2⤵
  PID:8716
- C:\Windows\System\AeVYQXb.exe
  C:\Windows\System\AeVYQXb.exe
  2⤵
  PID:8740
- C:\Windows\System\dCMYObM.exe
  C:\Windows\System\dCMYObM.exe
  2⤵
  PID:8764
- C:\Windows\System\eBFdZGA.exe
  C:\Windows\System\eBFdZGA.exe
  2⤵
  PID:8780
- C:\Windows\System\ZVSEhaY.exe
  C:\Windows\System\ZVSEhaY.exe
  2⤵
  PID:8804
- C:\Windows\System\ZOJwBVQ.exe
  C:\Windows\System\ZOJwBVQ.exe
  2⤵
  PID:8820
- C:\Windows\System\OiWmxpL.exe
  C:\Windows\System\OiWmxpL.exe
  2⤵
  PID:8836
- C:\Windows\System\cNmriYT.exe
  C:\Windows\System\cNmriYT.exe
  2⤵
  PID:8856
- C:\Windows\System\MCOyUje.exe
  C:\Windows\System\MCOyUje.exe
  2⤵
  PID:8888
- C:\Windows\System\famzZaq.exe
  C:\Windows\System\famzZaq.exe
  2⤵
  PID:8904
- C:\Windows\System\oKckyMe.exe
  C:\Windows\System\oKckyMe.exe
  2⤵
  PID:8924
- C:\Windows\System\FtMCJvA.exe
  C:\Windows\System\FtMCJvA.exe
  2⤵
  PID:8944
- C:\Windows\System\HSDSqnf.exe
  C:\Windows\System\HSDSqnf.exe
  2⤵
  PID:8960
- C:\Windows\System\xMcWWYh.exe
  C:\Windows\System\xMcWWYh.exe
  2⤵
  PID:8976
- C:\Windows\System\eVIrLUf.exe
  C:\Windows\System\eVIrLUf.exe
  2⤵
  PID:8992
- C:\Windows\System\tCAYmoq.exe
  C:\Windows\System\tCAYmoq.exe
  2⤵
  PID:9028
- C:\Windows\System\mPkivJt.exe
  C:\Windows\System\mPkivJt.exe
  2⤵
  PID:9044
- C:\Windows\System\MbpyPIr.exe
  C:\Windows\System\MbpyPIr.exe
  2⤵
  PID:9064
- C:\Windows\System\SgwZOpY.exe
  C:\Windows\System\SgwZOpY.exe
  2⤵
  PID:9084
- C:\Windows\System\wNxdtoo.exe
  C:\Windows\System\wNxdtoo.exe
  2⤵
  PID:9104
- C:\Windows\System\xRpPwjy.exe
  C:\Windows\System\xRpPwjy.exe
  2⤵
  PID:9128
- C:\Windows\System\eQzfCCY.exe
  C:\Windows\System\eQzfCCY.exe
  2⤵
  PID:9144
- C:\Windows\System\AYWGFZx.exe
  C:\Windows\System\AYWGFZx.exe
  2⤵
  PID:9168
- C:\Windows\System\HpUGsjk.exe
  C:\Windows\System\HpUGsjk.exe
  2⤵
  PID:9184
- C:\Windows\System\ZRgthPj.exe
  C:\Windows\System\ZRgthPj.exe
  2⤵
  PID:9204
- C:\Windows\System\zAalTNq.exe
  C:\Windows\System\zAalTNq.exe
  2⤵
  PID:8176
- C:\Windows\System\CbjuCJi.exe
  C:\Windows\System\CbjuCJi.exe
  2⤵
  PID:8248
- C:\Windows\System\RcxkDss.exe
  C:\Windows\System\RcxkDss.exe
  2⤵
  PID:8292
- C:\Windows\System\YtTqMTq.exe
  C:\Windows\System\YtTqMTq.exe
  2⤵
  PID:8364
- C:\Windows\System\dAOIlQW.exe
  C:\Windows\System\dAOIlQW.exe
  2⤵
  PID:6676
- C:\Windows\System\ikhfClk.exe
  C:\Windows\System\ikhfClk.exe
  2⤵
  PID:8232
- C:\Windows\System\XOdEVAw.exe
  C:\Windows\System\XOdEVAw.exe
  2⤵
  PID:8308
- C:\Windows\System\lbhrNCW.exe
  C:\Windows\System\lbhrNCW.exe
  2⤵
  PID:7360
- C:\Windows\System\NjahUbF.exe
  C:\Windows\System\NjahUbF.exe
  2⤵
  PID:8388
- C:\Windows\System\IUKLWJH.exe
  C:\Windows\System\IUKLWJH.exe
  2⤵
  PID:8456
- C:\Windows\System\RyJdJNN.exe
  C:\Windows\System\RyJdJNN.exe
  2⤵
  PID:8476
- C:\Windows\System\jXHRheL.exe
  C:\Windows\System\jXHRheL.exe
  2⤵
  PID:8492
- C:\Windows\System\ApITNFT.exe
  C:\Windows\System\ApITNFT.exe
  2⤵
  PID:8496
- C:\Windows\System\wywVLvL.exe
  C:\Windows\System\wywVLvL.exe
  2⤵
  PID:8552
- C:\Windows\System\ntCpULU.exe
  C:\Windows\System\ntCpULU.exe
  2⤵
  PID:8592
- C:\Windows\System\hycnABg.exe
  C:\Windows\System\hycnABg.exe
  2⤵
  PID:8664
- C:\Windows\System\BVWMUdW.exe
  C:\Windows\System\BVWMUdW.exe
  2⤵
  PID:8708
- C:\Windows\System\dohYRsk.exe
  C:\Windows\System\dohYRsk.exe
  2⤵
  PID:8684
- C:\Windows\System\tVwgZXg.exe
  C:\Windows\System\tVwgZXg.exe
  2⤵
  PID:8724
- C:\Windows\System\OvqHZMB.exe
  C:\Windows\System\OvqHZMB.exe
  2⤵
  PID:8760
- C:\Windows\System\ufgwPop.exe
  C:\Windows\System\ufgwPop.exe
  2⤵
  PID:8800
- C:\Windows\System\KzYlJOc.exe
  C:\Windows\System\KzYlJOc.exe
  2⤵
  PID:8832
- C:\Windows\System\DyALQZY.exe
  C:\Windows\System\DyALQZY.exe
  2⤵
  PID:8848
- C:\Windows\System\PoTasnR.exe
  C:\Windows\System\PoTasnR.exe
  2⤵
  PID:8912
- C:\Windows\System\MqfMnVg.exe
  C:\Windows\System\MqfMnVg.exe
  2⤵
  PID:8952
- C:\Windows\System\CCDXsMw.exe
  C:\Windows\System\CCDXsMw.exe
  2⤵
  PID:8984
- C:\Windows\System\UXLuaUW.exe
  C:\Windows\System\UXLuaUW.exe
  2⤵
  PID:9004
- C:\Windows\System\oGtGtVi.exe
  C:\Windows\System\oGtGtVi.exe
  2⤵
  PID:9024
- C:\Windows\System\qSXiTeu.exe
  C:\Windows\System\qSXiTeu.exe
  2⤵
  PID:9072
- C:\Windows\System\AykWJsY.exe
  C:\Windows\System\AykWJsY.exe
  2⤵
  PID:9096
- C:\Windows\System\LANIfcr.exe
  C:\Windows\System\LANIfcr.exe
  2⤵
  PID:9136
- C:\Windows\System\NQxCsua.exe
  C:\Windows\System\NQxCsua.exe
  2⤵
  PID:9160
- C:\Windows\System\pYxvTdG.exe
  C:\Windows\System\pYxvTdG.exe
  2⤵
  PID:8880
- C:\Windows\System\wKFEqmj.exe
  C:\Windows\System\wKFEqmj.exe
  2⤵
  PID:8244
- C:\Windows\System\LcPtEQJ.exe
  C:\Windows\System\LcPtEQJ.exe
  2⤵
  PID:8344
- C:\Windows\System\ZGUfAQO.exe
  C:\Windows\System\ZGUfAQO.exe
  2⤵
  PID:8368
- C:\Windows\System\GYjQrVE.exe
  C:\Windows\System\GYjQrVE.exe
  2⤵
  PID:8288
- C:\Windows\System\DkobxoG.exe
  C:\Windows\System\DkobxoG.exe
  2⤵
  PID:8396
- C:\Windows\System\YEUTSAC.exe
  C:\Windows\System\YEUTSAC.exe
  2⤵
  PID:8428
- C:\Windows\System\GHAXCOs.exe
  C:\Windows\System\GHAXCOs.exe
  2⤵
  PID:8480
- C:\Windows\System\joAwGRU.exe
  C:\Windows\System\joAwGRU.exe
  2⤵
  PID:8572
- C:\Windows\System\ROaGCLH.exe
  C:\Windows\System\ROaGCLH.exe
  2⤵
  PID:7380
- C:\Windows\System\agqJjXc.exe
  C:\Windows\System\agqJjXc.exe
  2⤵
  PID:8536
- C:\Windows\System\XlVhHsL.exe
  C:\Windows\System\XlVhHsL.exe
  2⤵
  PID:8652
- C:\Windows\System\IGhJbfD.exe
  C:\Windows\System\IGhJbfD.exe
  2⤵
  PID:8736
- C:\Windows\System\EifnHkI.exe
  C:\Windows\System\EifnHkI.exe
  2⤵
  PID:8776
- C:\Windows\System\kAIEtsC.exe
  C:\Windows\System\kAIEtsC.exe
  2⤵
  PID:8852
- C:\Windows\System\HHTjulj.exe
  C:\Windows\System\HHTjulj.exe
  2⤵
  PID:8896
- C:\Windows\System\rHizMVm.exe
  C:\Windows\System\rHizMVm.exe
  2⤵
  PID:8608
- C:\Windows\System\lhwlfmd.exe
  C:\Windows\System\lhwlfmd.exe
  2⤵
  PID:9012
- C:\Windows\System\FWmVwDu.exe
  C:\Windows\System\FWmVwDu.exe
  2⤵
  PID:9080
- C:\Windows\System\qYxPmHh.exe
  C:\Windows\System\qYxPmHh.exe
  2⤵
  PID:9124
- C:\Windows\System\zDgJGFR.exe
  C:\Windows\System\zDgJGFR.exe
  2⤵
  PID:8208
- C:\Windows\System\FWtryzr.exe
  C:\Windows\System\FWtryzr.exe
  2⤵
  PID:8360
- C:\Windows\System\wAHPElc.exe
  C:\Windows\System\wAHPElc.exe
  2⤵
  PID:8228
- C:\Windows\System\bJBcInQ.exe
  C:\Windows\System\bJBcInQ.exe
  2⤵
  PID:8448
- C:\Windows\System\bsBDSLh.exe
  C:\Windows\System\bsBDSLh.exe
  2⤵
  PID:7376
- C:\Windows\System\dwJhCzd.exe
  C:\Windows\System\dwJhCzd.exe
  2⤵
  PID:8568
- C:\Windows\System\cplFjqY.exe
  C:\Windows\System\cplFjqY.exe
  2⤵
  PID:8788
- C:\Windows\System\cRRiwQK.exe
  C:\Windows\System\cRRiwQK.exe
  2⤵
  PID:8884
- C:\Windows\System\LNUcVAb.exe
  C:\Windows\System\LNUcVAb.exe
  2⤵
  PID:8732
- C:\Windows\System\pxFnBbV.exe
  C:\Windows\System\pxFnBbV.exe
  2⤵
  PID:8844
- C:\Windows\System\CEMIGIW.exe
  C:\Windows\System\CEMIGIW.exe
  2⤵
  PID:9000
- C:\Windows\System\vKwhjET.exe
  C:\Windows\System\vKwhjET.exe
  2⤵
  PID:9112
- C:\Windows\System\mGxEWNV.exe
  C:\Windows\System\mGxEWNV.exe
  2⤵
  PID:9180
- C:\Windows\System\urTSPXQ.exe
  C:\Windows\System\urTSPXQ.exe
  2⤵
  PID:8224
- C:\Windows\System\ugiRzln.exe
  C:\Windows\System\ugiRzln.exe
  2⤵
  PID:8284
- C:\Windows\System\oVgMVlJ.exe
  C:\Windows\System\oVgMVlJ.exe
  2⤵
  PID:8416
- C:\Windows\System\SrleFzR.exe
  C:\Windows\System\SrleFzR.exe
  2⤵
  PID:8752
- C:\Windows\System\RfODBtU.exe
  C:\Windows\System\RfODBtU.exe
  2⤵
  PID:8816
- C:\Windows\System\WcvdYHS.exe
  C:\Windows\System\WcvdYHS.exe
  2⤵
  PID:9056
- C:\Windows\System\hUUDRXb.exe
  C:\Windows\System\hUUDRXb.exe
  2⤵
  PID:9120
- C:\Windows\System\rgnFWRF.exe
  C:\Windows\System\rgnFWRF.exe
  2⤵
  PID:7632
- C:\Windows\System\sRGCPvZ.exe
  C:\Windows\System\sRGCPvZ.exe
  2⤵
  PID:8612
- C:\Windows\System\OHBvsRi.exe
  C:\Windows\System\OHBvsRi.exe
  2⤵
  PID:8648
- C:\Windows\System\xQOpVXa.exe
  C:\Windows\System\xQOpVXa.exe
  2⤵
  PID:8748
- C:\Windows\System\raDZnxU.exe
  C:\Windows\System\raDZnxU.exe
  2⤵
  PID:9152
- C:\Windows\System\uSyDdTD.exe
  C:\Windows\System\uSyDdTD.exe
  2⤵
  PID:8872
- C:\Windows\System\CefPEMW.exe
  C:\Windows\System\CefPEMW.exe
  2⤵
  PID:8988
- C:\Windows\System\tZBrhyu.exe
  C:\Windows\System\tZBrhyu.exe
  2⤵
  PID:7480
- C:\Windows\System\KbpuZTe.exe
  C:\Windows\System\KbpuZTe.exe
  2⤵
  PID:9192
- C:\Windows\System\biCLUeM.exe
  C:\Windows\System\biCLUeM.exe
  2⤵
  PID:8916
- C:\Windows\System\ZeaLLfE.exe
  C:\Windows\System\ZeaLLfE.exe
  2⤵
  PID:9224
- C:\Windows\System\AdEkRkW.exe
  C:\Windows\System\AdEkRkW.exe
  2⤵
  PID:9244
- C:\Windows\System\NMImysG.exe
  C:\Windows\System\NMImysG.exe
  2⤵
  PID:9260
- C:\Windows\System\LeNDyEF.exe
  C:\Windows\System\LeNDyEF.exe
  2⤵
  PID:9276
- C:\Windows\System\UGIYcOL.exe
  C:\Windows\System\UGIYcOL.exe
  2⤵
  PID:9292
- C:\Windows\System\cyapxPe.exe
  C:\Windows\System\cyapxPe.exe
  2⤵
  PID:9312
- C:\Windows\System\iHkBVEg.exe
  C:\Windows\System\iHkBVEg.exe
  2⤵
  PID:9336
- C:\Windows\System\xWOAwYV.exe
  C:\Windows\System\xWOAwYV.exe
  2⤵
  PID:9352
- C:\Windows\System\oSWsFpR.exe
  C:\Windows\System\oSWsFpR.exe
  2⤵
  PID:9384
- C:\Windows\System\QfNUDUW.exe
  C:\Windows\System\QfNUDUW.exe
  2⤵
  PID:9400
- C:\Windows\System\TArAnGI.exe
  C:\Windows\System\TArAnGI.exe
  2⤵
  PID:9416
- C:\Windows\System\ArozSbG.exe
  C:\Windows\System\ArozSbG.exe
  2⤵
  PID:9436
- C:\Windows\System\lgnLWfc.exe
  C:\Windows\System\lgnLWfc.exe
  2⤵
  PID:9456
- C:\Windows\System\REKhGDX.exe
  C:\Windows\System\REKhGDX.exe
  2⤵
  PID:9480
- C:\Windows\System\RoHhcUB.exe
  C:\Windows\System\RoHhcUB.exe
  2⤵
  PID:9500
- C:\Windows\System\SQIGWzi.exe
  C:\Windows\System\SQIGWzi.exe
  2⤵
  PID:9520
- C:\Windows\System\HUdaXVO.exe
  C:\Windows\System\HUdaXVO.exe
  2⤵
  PID:9540
- C:\Windows\System\AezthOj.exe
  C:\Windows\System\AezthOj.exe
  2⤵
  PID:9556
- C:\Windows\System\JSOliIR.exe
  C:\Windows\System\JSOliIR.exe
  2⤵
  PID:9576
- C:\Windows\System\XNTlKua.exe
  C:\Windows\System\XNTlKua.exe
  2⤵
  PID:9596
- C:\Windows\System\dJGbnbW.exe
  C:\Windows\System\dJGbnbW.exe
  2⤵
  PID:9620
- C:\Windows\System\WwBfDYw.exe
  C:\Windows\System\WwBfDYw.exe
  2⤵
  PID:9636
- C:\Windows\System\gNvUgPy.exe
  C:\Windows\System\gNvUgPy.exe
  2⤵
  PID:9652
- C:\Windows\System\hjATsbs.exe
  C:\Windows\System\hjATsbs.exe
  2⤵
  PID:9684
- C:\Windows\System\oqyBIet.exe
  C:\Windows\System\oqyBIet.exe
  2⤵
  PID:9700
- C:\Windows\System\OoMvVAv.exe
  C:\Windows\System\OoMvVAv.exe
  2⤵
  PID:9716
- C:\Windows\System\kUTROAg.exe
  C:\Windows\System\kUTROAg.exe
  2⤵
  PID:9736
- C:\Windows\System\lKWFcsq.exe
  C:\Windows\System\lKWFcsq.exe
  2⤵
  PID:9752
- C:\Windows\System\bFXzxyg.exe
  C:\Windows\System\bFXzxyg.exe
  2⤵
  PID:9772
- C:\Windows\System\hwMnefC.exe
  C:\Windows\System\hwMnefC.exe
  2⤵
  PID:9788
- C:\Windows\System\MzoiGpS.exe
  C:\Windows\System\MzoiGpS.exe
  2⤵
  PID:9820
- C:\Windows\System\xOpbdsu.exe
  C:\Windows\System\xOpbdsu.exe
  2⤵
  PID:9844
- C:\Windows\System\UrOleop.exe
  C:\Windows\System\UrOleop.exe
  2⤵
  PID:9860
- C:\Windows\System\sNdzaIt.exe
  C:\Windows\System\sNdzaIt.exe
  2⤵
  PID:9880
- C:\Windows\System\kbNGXIQ.exe
  C:\Windows\System\kbNGXIQ.exe
  2⤵
  PID:9904
- C:\Windows\System\jPKTJkI.exe
  C:\Windows\System\jPKTJkI.exe
  2⤵
  PID:9920
- C:\Windows\System\norjIFF.exe
  C:\Windows\System\norjIFF.exe
  2⤵
  PID:9944
- C:\Windows\System\oknUapp.exe
  C:\Windows\System\oknUapp.exe
  2⤵
  PID:9968
- C:\Windows\System\UjvEFPr.exe
  C:\Windows\System\UjvEFPr.exe
  2⤵
  PID:9984
- C:\Windows\System\kQqmLAt.exe
  C:\Windows\System\kQqmLAt.exe
  2⤵
  PID:10008
- C:\Windows\System\txzFkFT.exe
  C:\Windows\System\txzFkFT.exe
  2⤵
  PID:10024
- C:\Windows\System\gHACTem.exe
  C:\Windows\System\gHACTem.exe
  2⤵
  PID:10048
- C:\Windows\System\TsxLxix.exe
  C:\Windows\System\TsxLxix.exe
  2⤵
  PID:10064
- C:\Windows\System\nqGPmOl.exe
  C:\Windows\System\nqGPmOl.exe
  2⤵
  PID:10084
- C:\Windows\System\ZsdBmhW.exe
  C:\Windows\System\ZsdBmhW.exe
  2⤵
  PID:10100
- C:\Windows\System\FgZLksC.exe
  C:\Windows\System\FgZLksC.exe
  2⤵
  PID:10116
- C:\Windows\System\LvSskiw.exe
  C:\Windows\System\LvSskiw.exe
  2⤵
  PID:10148
- C:\Windows\System\qTmnabB.exe
  C:\Windows\System\qTmnabB.exe
  2⤵
  PID:10168
- C:\Windows\System\lDZJiHW.exe
  C:\Windows\System\lDZJiHW.exe
  2⤵
  PID:10188
- C:\Windows\System\SJgKNfY.exe
  C:\Windows\System\SJgKNfY.exe
  2⤵
  PID:10204
- C:\Windows\System\HkJiWqb.exe
  C:\Windows\System\HkJiWqb.exe
  2⤵
  PID:10232
- C:\Windows\System\CaAbHOM.exe
  C:\Windows\System\CaAbHOM.exe
  2⤵
  PID:9236
- C:\Windows\System\BIOEcqm.exe
  C:\Windows\System\BIOEcqm.exe
  2⤵
  PID:9268
- C:\Windows\System\JDbobDj.exe
  C:\Windows\System\JDbobDj.exe
  2⤵
  PID:9288
- C:\Windows\System\PpfdjIN.exe
  C:\Windows\System\PpfdjIN.exe
  2⤵
  PID:9332
- C:\Windows\System\sDEkmrV.exe
  C:\Windows\System\sDEkmrV.exe
  2⤵
  PID:9376
- C:\Windows\System\tGMBEzD.exe
  C:\Windows\System\tGMBEzD.exe
  2⤵
  PID:9428
- C:\Windows\System\hsvkwBm.exe
  C:\Windows\System\hsvkwBm.exe
  2⤵
  PID:9448
- C:\Windows\System\KArxPod.exe
  C:\Windows\System\KArxPod.exe
  2⤵
  PID:9496
- C:\Windows\System\RFPxOgD.exe
  C:\Windows\System\RFPxOgD.exe
  2⤵
  PID:9512
- C:\Windows\System\OTwLNZP.exe
  C:\Windows\System\OTwLNZP.exe
  2⤵
  PID:9536
- C:\Windows\System\ahvakzi.exe
  C:\Windows\System\ahvakzi.exe
  2⤵
  PID:9532
- C:\Windows\System\IFPctNn.exe
  C:\Windows\System\IFPctNn.exe
  2⤵
  PID:9612
- C:\Windows\System\ZJXFqkn.exe
  C:\Windows\System\ZJXFqkn.exe
  2⤵
  PID:9672
- C:\Windows\System\SavPBhq.exe
  C:\Windows\System\SavPBhq.exe
  2⤵
  PID:9692
- C:\Windows\System\AFZZduw.exe
  C:\Windows\System\AFZZduw.exe
  2⤵
  PID:9748
- C:\Windows\System\UnhqOYu.exe
  C:\Windows\System\UnhqOYu.exe
  2⤵
  PID:9768
- C:\Windows\System\thIpiLy.exe
  C:\Windows\System\thIpiLy.exe
  2⤵
  PID:9808
- C:\Windows\System\cEgMHON.exe
  C:\Windows\System\cEgMHON.exe
  2⤵
  PID:9828
- C:\Windows\System\oOuWgyn.exe
  C:\Windows\System\oOuWgyn.exe
  2⤵
  PID:9856
- C:\Windows\System\OSoOcNJ.exe
  C:\Windows\System\OSoOcNJ.exe
  2⤵
  PID:9900
- C:\Windows\System\vbNPumI.exe
  C:\Windows\System\vbNPumI.exe
  2⤵
  PID:9952
- C:\Windows\System\qXQaMPu.exe
  C:\Windows\System\qXQaMPu.exe
  2⤵
  PID:9956
- C:\Windows\System\JrvFEhj.exe
  C:\Windows\System\JrvFEhj.exe
  2⤵
  PID:9980
- C:\Windows\System\LEPEUoF.exe
  C:\Windows\System\LEPEUoF.exe
  2⤵
  PID:9040
- C:\Windows\System\uHfMePc.exe
  C:\Windows\System\uHfMePc.exe
  2⤵
  PID:10036
- C:\Windows\System\QtTdWRM.exe
  C:\Windows\System\QtTdWRM.exe
  2⤵
  PID:10080
- C:\Windows\System\dgvKhmj.exe
  C:\Windows\System\dgvKhmj.exe
  2⤵
  PID:10164
- C:\Windows\System\LPrqoHh.exe
  C:\Windows\System\LPrqoHh.exe
  2⤵
  PID:10180
- C:\Windows\System\gQwvDLR.exe
  C:\Windows\System\gQwvDLR.exe
  2⤵
  PID:10200
- C:\Windows\System\ZfqTyMD.exe
  C:\Windows\System\ZfqTyMD.exe
  2⤵
  PID:10224
- C:\Windows\System\QVDfWpV.exe
  C:\Windows\System\QVDfWpV.exe
  2⤵
  PID:9256
- C:\Windows\System\kxuQKKt.exe
  C:\Windows\System\kxuQKKt.exe
  2⤵
  PID:10144
- C:\Windows\System\ZxNbCGO.exe
  C:\Windows\System\ZxNbCGO.exe
  2⤵
  PID:9284
- C:\Windows\System\xTpVCqH.exe
  C:\Windows\System\xTpVCqH.exe
  2⤵
  PID:9396
- C:\Windows\System\JDXilyz.exe
  C:\Windows\System\JDXilyz.exe
  2⤵
  PID:9412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ANEIOOc.exe

Filesize
6.1MB

MD5
61e113e8fc6eac42b262356af6dd75dc

SHA1
cd33f9d807cec4baab9a4b29e3abd8ffd1d83a21

SHA256
4f462c9016b087d6ef87cc6d9d08d907d344c36fd2221ee33676c6eecf188365

SHA512
566c963362d29df733393bf4888a6224211ad41817dda6a651081d9cd7beaa6d68990d17d55fa1800154c6bfd6e14765d68440dfb15ca4119631e17f7d5ee17b

Download Submit
C:\Windows\system\HLgpXQV.exe

Filesize
6.1MB

MD5
0bedb28e00bb809d2e8b2b60a5bec5ea

SHA1
60fc3659f62b297e8a85b4c000a6d7b5562609f9

SHA256
ef647f2dcad7d328effe24a8af12451c9d160cc3b02133bdaa1c718e908af41a

SHA512
fa89626f2358bc355a025f498f3154b3953e86a131dd3b389ab608f66835541396d1567c74160e5a66ea864de899f209bd931a8d1d65549723303c99d02704df

Download Submit
C:\Windows\system\KSffhwA.exe

Filesize
6.1MB

MD5
7a7cc3302636ebfb0fae30ed4b905b65

SHA1
874a2f03bc1c1bca4b00c26f9894c1a4bf3317b1

SHA256
e1130035084360773d5119f4c2b3ecd9ca7ab92cab3ef2c1b3f2302a8d28b0c7

SHA512
e5bf75162ca2676137cd6732e59c863a40ce071ca06139251285d022cfd6b20320a5978dff0ad86b4b84b6b39a1fec7a5e1d526bc8988faa906e169946dcd3c1

Download Submit
C:\Windows\system\KktNUuu.exe

Filesize
6.1MB

MD5
a3e227a05423c02df66824213fded9d4

SHA1
33617d4b96411e56e787f568669a165f4ab3cfec

SHA256
64a899bdd22f6b1a6252d600f59e5adfac3213d1a0ff96813de66e495c39c7bb

SHA512
62e2e5589d542dc9a03b98f6038a0ab660f3afed9a0e42377330b2b0b36e508058fed0f26007db25f46e9a1d7221eb2e1877375653792b1f6593f28167c857c5

Download Submit
C:\Windows\system\LTKaZda.exe

Filesize
6.1MB

MD5
093418e83c2f6e965cc8d781693e765a

SHA1
be2e963cb7b6bafd0db950ab7e6c592f3d81ece4

SHA256
75114a7b301452d95e2391fc7ed357ac150355c0f4025fc5c629f80e25a5ec04

SHA512
00948b869998a6e420410a079d3c818069698609b6d1de8b24e9a9b86eda1e517a2f4a9274c6d537a0ab30f8fc8f45667994ee035c65d479d618a4282d185859

Download Submit
C:\Windows\system\NTOrACA.exe

Filesize
6.1MB

MD5
33f9ee9fb6b0300d534a7b76775fa759

SHA1
dda9cadac7ba30cefd7d583151afb42c87594319

SHA256
905add8f853df7ba03c330f381461bb0035dcab58c5caada86a4c5fba45897e8

SHA512
a843afae8638c70e44e559858d5ee3ede76c3fdfd2f23956a279b71a2140306cd3f298d0c86dd93df3ed9a9fb84aea36fc8342cacc61fdd4b887458b84b02723

Download Submit
C:\Windows\system\OUeyyGk.exe

Filesize
6.1MB

MD5
e2a547b975eb2b2fe39856f0d63bf8de

SHA1
f5cb9bbe3ace86e2b4a6561ab40a827bd782fa85

SHA256
8ef2bab9cd8723761404d35302b663c5b749c4583d1ee3ba53d27e95387fe4de

SHA512
6ab75f8e6828641e2aa980856bc1a22d4e394f36f447335ae0d752a0c7e7fa74c95f2bb484b27b52020b4f19489a728ec2e080d1f4aa8b818d3f32f7e54aeabe

Download Submit
C:\Windows\system\TKcOBnn.exe

Filesize
6.1MB

MD5
1950fefb2bca3083d78b919d1a81767b

SHA1
c908a9d4feeab4b11cb6901a8d80bf2c375ad473

SHA256
6feb35d7bd4ed9c367627172a7ccd062a4cdc84c9fb155aaf36e7bb53c50d7e2

SHA512
e1aefe69fc6be2ca5e0b04d24a063c3773aba4a3057bc69d44b60619f4dcfce6f99486fe660c378ecb676c30c0d6ef2253a752171c0d2bf0b2475983d62f8284

Download Submit
C:\Windows\system\VGaKnmu.exe

Filesize
6.1MB

MD5
fd5315f57a625c6e7f8547d51f993923

SHA1
4c5e68c41b4f792a665f23f67a9164057842b089

SHA256
38db676130a017618a88e61febd9bb0d6d6c69b8b807cf1db4cd865a6eeb9b80

SHA512
e52f0186499476c16b47c5ecbc3321b28503e58b5086bc34e1b94976a08f60db902630605601b0a59a191823e7fae726386e15284ef386c4d3b8df0a5e5c1ed9

Download Submit
C:\Windows\system\YeaSorQ.exe

Filesize
6.1MB

MD5
abd41cb5216f25c21ac96ae27747087c

SHA1
70e6ce4589f47cd45015719175ac548dc0d2fd01

SHA256
f901106cf518e550d9ca9b5fd49a930f638dd519151e8f06ba3f7995d9eb8798

SHA512
1dda400e1d42f6bb4e79c0d21a5eb3b09e8b27e82d93ef714e79ba13fc4ac0f84fa64ef4bc34fa3020294b0aef175cea36b604ed3dc6dda3222b6ea59ded05a2

Download Submit
C:\Windows\system\ZWrofXr.exe

Filesize
6.1MB

MD5
f043b1d4c41b344faeafb0945d7c33c5

SHA1
873dccf9e4af794fc6d866b5c8f013e5f4137e74

SHA256
903784d7f2833b0ce6e4534232ad2c0534e6703f3eee45a83e20888e6d1a197a

SHA512
58140878940f61b4c2cdb18d2197e21a0ab330a133d54a5ba2a64b9899fb725b38d658e8d3fd739b54762018e179c9dc38079f1d64d081c35041ef44c77f90b2

Download Submit
C:\Windows\system\fSMTEmk.exe

Filesize
6.1MB

MD5
dc7c1e8be5f54c1f4d5a2374660c5215

SHA1
229118440944ea89e68e7f1ae8676a525156485c

SHA256
8d9bdf961b2194e7c73569da4c2a7d76c4d630eee19edcd3677336dbfa9e3afe

SHA512
3c885cb393faae96982b1fcaf9d3ab88ef9bf4cc522e74d3cddd1817ad300d64e857beb26c78bf339d489d2e5f2f946ac8389b4362c19da86a44c32bbd0f034d

Download Submit
C:\Windows\system\fxleOoh.exe

Filesize
6.1MB

MD5
1b70fd6bfedc338ef8f7e52a8ae9d9a0

SHA1
55ff80cb889461377cf14e32bf4f55d476844e50

SHA256
35281974a88388561066e32fceac3ad141f7050946e3f05793b17e4acd89a960

SHA512
13ff2501b2646bc9242f0be5bc3f3c61de335c6fd0124ccd655d3cea511b1dc09d7827149f8e6fd211383d9a506173ef26473acf71e5a20da97d31ccaffa0d3d

Download Submit
C:\Windows\system\hNqeYeZ.exe

Filesize
6.1MB

MD5
9c2a43b8668b502f56ed79f4afe9b3cb

SHA1
6368aff812e948bfd36fbe198b89f26bb0b3aa1d

SHA256
e220878acb6db9a50f8d45b8035c5eae09fab0bffaed2eac4b92845b161865bb

SHA512
1ba679735191273f041a0e2a9885049ce718cfd88278d4b8773a2127e57c8c7642751cc0a55c8f1ccc6acd0594d621cb7bf9c521870a19492dca9c1aa70be857

Download Submit
C:\Windows\system\jWYuewR.exe

Filesize
6.1MB

MD5
4fa212804c6d05e4da32f048927f456e

SHA1
0cba7305512cc2f992ae54f0bc005303a272bba9

SHA256
e203485dd224da45353503d10faffd162704a12d915996e9215c2d57254246c7

SHA512
7d515c07ee794da9b410dd4b7c723e9b388855c62da58c1dbaeb5579d6003d211d46ac2b43f0d44e16dd1b88afbd47aa939ab0b6d946a35ac3bcc26a77a18995

Download Submit
C:\Windows\system\kMqrKih.exe

Filesize
6.1MB

MD5
a806c37f5e5710be68b10ec4a81f1041

SHA1
320d9805126e6743b8acc6cfffd43d8f6287439c

SHA256
76fc8f76b1b4fc498f14e3ee6274c237257bb37a06dcf503278b1424be3ef08f

SHA512
ee3dd6986cae2c15c7afd7ebf4f6bf31eff8d2aff6b69e8840e1fdbf70dfe12bc5bf43b1b6f0e6c29f65820aca43e00090e1cba2e262e99b2c02ae5f37aca013

Download Submit
C:\Windows\system\lmxGkSd.exe

Filesize
6.1MB

MD5
94c243a9a76264c01db7dfc2841a0e92

SHA1
f3107ad81169adc733559a8d571792b69016ac02

SHA256
2147468f5faacbe69516b6f8784a3e085b6ae8796afac0c42da679412da6ce29

SHA512
5775f005c74f2940eb2f74636cc0717fee8e35080d64461ff130435e2ae54ab30344eaa2c3eab46dd2930297e245d4d4bb995821c25f0709afea9c34e2617442

Download Submit
C:\Windows\system\mIjGdlj.exe

Filesize
6.1MB

MD5
1086468ef0b686aa193b3c8496db458d

SHA1
0c69b47b0158952249d76321753bdc23238a9887

SHA256
9c7cf0808f2d1f136ce934ab05fc55dd3be42447ac951850e20293f51b9ae6a4

SHA512
75b3fe676a22265871e4b0f40470a84cb3f4b1f9a9672e73d00e29d63821d9b86e30182f77562be0cdb7fc2ea17da26b6685847551795958c49cbf9e37b3c49b

Download Submit
C:\Windows\system\nGHhfSt.exe

Filesize
6.1MB

MD5
f51bac50741fd0436e17e438856eca2c

SHA1
1b8c793e9278e9c0ea6231bec3956b5c138fe27b

SHA256
f3f5b0a9110bca91591e664da9ffdb1b1a4a61980d6ce7e99378382ce131c497

SHA512
9298d640a508a6246199ba1df49b79c242d4ef39e502c9897c574c527f8db34cc41d3d6d537cf75ef069fffecd720276e66def69d9ac03447d0293460381d5cc

Download Submit
C:\Windows\system\pgkbpjM.exe

Filesize
6.1MB

MD5
e3d45151c9cc73f3b561ef13fb68c329

SHA1
a97a6e66c0e815b9b1af792ac2db3a5d74ce156e

SHA256
d5b16912eea54dbeab28566b9bc2413a5bd76f0216c94533d14141b6fcc71843

SHA512
39d0edf67afb1c4193965a87faf3325cd688ef0f5768ea64fa4f33e86d43cf75bd2dba123f14dde41a89546d192ad37b9ab96c136fcd09364d078e53804b4a08

Download Submit
C:\Windows\system\qPuZimo.exe

Filesize
6.1MB

MD5
df7051fc658c68efbbe075a8eaaa6009

SHA1
22e78e6297896cc5632f853b698aa30007172057

SHA256
5a06553a3831c67803d8c843ad751439027911876dd82e9f98527167c54979d4

SHA512
93933cfa2c7c6ffb1191a6658bff8db65b840870cb4c2f6f4397dc172e7fab53a375fd0779e592c95babcd2f6d6e19cb3d819bfa5c35788aa490ac8b2978bc20

Download Submit
C:\Windows\system\rwSRdWY.exe

Filesize
6.1MB

MD5
3cca0122c3d97d197ed37ac692af2bf7

SHA1
6724cc801e1dd5b42ce2e120fed31fad223a07d4

SHA256
d043f8f78750bb4cac6ca29f1b2cb3e56cb8730a3c462e4c91067855028ef49b

SHA512
d5359103967b756af69152cc99033c95cab9983cc74c98c77d88e9cde773ef567040e5060f5fa5528d836a8d6dad034c62121fa0056d04423261f8838674dacb

Download Submit
C:\Windows\system\srCmnsw.exe

Filesize
6.1MB

MD5
261fb3c73a8b0f29e074d9007285f927

SHA1
386fd746de8a0b12d98dde9854046ba4dcddd287

SHA256
9988f9274dfecb8c74c23f40d67cdb97d3aaf934ba3080af21fd371d00b6c931

SHA512
3b6d7b949f80ebfaffa2c46ae018ef26670197eeca1ae13461b1e2f3aba86ae46578424233cad7686277059d11e9c5a4724085dade281a119376ee2d04f4b9b3

Download Submit
C:\Windows\system\vodFCbx.exe

Filesize
6.1MB

MD5
c63ee643e7f4b2f893bdb99afd574a23

SHA1
c6a068ad2649da48ec4d3fb4e901cef4706b8978

SHA256
e0456c6f364887196deb9fa4315facf2a680b7f54a73a84c1396cd4a664a1f47

SHA512
40e78c6c5736239a498fce48fcccb4b9e21890bebdf95d7b73be7dc96f90fbe0c760f70e2770f15af32579bc0633820e4bef3be177d3d73eb871e841030ca73e

Download Submit
C:\Windows\system\yGXetqa.exe

Filesize
8B

MD5
8a4affa2d795214032b9e173d824d122

SHA1
492e5c1f94657ae0297c29d08902b1cd2d7e97fe

SHA256
fc0601e36187211ac7b9b1f0e3b92c867cb82b67f3f4562d366da0d2ad7ac944

SHA512
5118aa9cc98643095ebc02365c92fbb3583a7618eef8a2d47cb6998491f948e2b3a4649d4d2a9423d5dfb5eddd18bcff05326e92b374566411e275f9b8d97315

Download Submit
\Windows\system\IElQvCq.exe

Filesize
6.1MB

MD5
991cf3ca9174875aa6ec307d4ea10fa9

SHA1
5b90d4138a2e12265eaa55662117e24ce14b21c3

SHA256
474a635f4237f4b88c545605cb1a7829275aef0556c707fcb9a5aa3d7951aaeb

SHA512
0841e34d2ac2fc0557af3b8eaf3e5f7cab53507d773c4034f0258932dbd42828a2fee9a52c8db05f41ad43ec9a4a85c2ee587d30554200c6299ac55b8e8be44e

Download Submit
\Windows\system\KJApOWk.exe

Filesize
6.1MB

MD5
e15541342f1e0930abd28d05a18f8c0b

SHA1
0752b2ab1feef319356363af0d5e173049c400f2

SHA256
2fdb238fe603df074226d9329742927b7c4229b09290b7933a5745dd85bae9d2

SHA512
a145e173dd6e4d50bf37146ae7ebe3ddde6fc0f3fefe0831e44e6442bfc91a0052652cf1c4e5d1344d14750c2abdd86a84892632eb62843be42fb3d33566247f

Download Submit
\Windows\system\NyNqjEH.exe

Filesize
6.1MB

MD5
67b7a8b2b7e7ccb02ee6282220982415

SHA1
8bd7f22745209c3d8fedec7e8f5a7c07d808a70f

SHA256
8eb66c5d04343da089196efafacfffae5b650687b3828098fe040b42e1928471

SHA512
1fd5b3991318da426c6c16dd7d0c0d90a63baa68ca77c1c0de923848edc58c58c1550530a8f97b6da53224ec47f6cb05b38c1ad421f7a28f6daf5b144948caec

Download Submit
\Windows\system\XGqATsF.exe

Filesize
6.1MB

MD5
abd4838170b9a3865f07832bed0e6a4a

SHA1
38602e2eff918692c97c5f1e101f246fed84d4ac

SHA256
3d40a418b313b98f6dd48c6cfcc82bc430e498647c58c4d4684c44bede9a2469

SHA512
dc88b3bc20c5553827098f8fcc7e8d2908a61f3bda1ef0490a076ce4c9c5dfa1cfd9fec3001e6570ebf2eef4159b0805513d989802ed7d841ccbd774a4c8a824

Download Submit
\Windows\system\ZivWYcO.exe

Filesize
6.1MB

MD5
3f7cdd5cbccfb4435a3498be5b3dc6de

SHA1
e7597e908782074f7df8c6c727c432ee52f6e5e6

SHA256
3d6b9d5f63f4d160bb0323f9b44824c251ae625df37d0148c5f5b4e455942348

SHA512
ca66c8618a0f6d9bca84050a26571735ab0f45a2188772a7a0473534f3bb4a752f412ad35b2b2c47d76f014205faacc83f4ea8c02fc4715cc523df4c525af073

Download Submit
\Windows\system\vaVZkZR.exe

Filesize
6.1MB

MD5
b398a685da26834098e1ecb435292d8a

SHA1
69df226d840313e3d96d665f6bcc6fb7e8750c5a

SHA256
026731083d9d776cfb385a2a9c8d141baf7d46397a3de62d613242ceac68195b

SHA512
baad4a88a9f2aca48e7b768cad4c6d00f07c325a2f3f330ca3e7c84ba4731278a8215d10316249da8bb4034080346ddbd5cd516245c95651819f6afde49e09e6

Download Submit
\Windows\system\wnFsVTZ.exe

Filesize
6.1MB

MD5
a91772fdd043cf036c435d248ea2c3bb

SHA1
4cb4b534c71116a17cb1d568f9c3ba747013e2f8

SHA256
02db465e7f1616c14bf13e11affe8a0c60f0bdc5dd4142ac7f15310e33d6c7ec

SHA512
9c7b5107fdffb8df4d81b88f7f1e3018657a7a535e1e977dcf640b4febc9d0aba7b01cfc2b4bd983e3f0aaeb09cd25030d7ce70ab013e69dd7f8d95c12b548c7

Download Submit
\Windows\system\xIhLdfH.exe

Filesize
6.1MB

MD5
b11ab47418b1f816555ccec2f1527c93

SHA1
7714f2a50b3a9e65ea61b7607a6eb4a80f633c7b

SHA256
9ae871398ff6b7570b1d758f0ff30e2929416954a44d09c8db7cddcd5835dd1d

SHA512
dc7691f88e8cff2b7555b4d436a610229304c1a032fceec969dfd41c5909aa343b49fd0e55d896f3c359d357dc82146a61b9235ec0ac06f79ea64246f14f372c

Download Submit
memory/592-1467-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/592-3437-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/1436-1474-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1436-3440-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1740-27-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1740-3088-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1469-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1458-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2380-23-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2380-30-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2380-36-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2451-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2457-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2380-15-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2380-1395-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1408-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2540-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2450-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1440-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2449-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2448-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1462-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2456-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2455-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2380-46-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-0-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1477-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1483-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-1456-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2636-3425-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3423-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-1437-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-1459-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3431-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2732-49-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3375-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2772-1404-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3413-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-34-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1580-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3108-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2864-50-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-3386-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-51-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3091-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2892-20-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2916-3409-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2916-1481-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2960-3052-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-37-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-10-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3053-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-14-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download