cobaltstrike | 79df7abee41111f1f435a2b9a91975710d7e180354dc488d3830372dfff41d63

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 07:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b85c20251903312624d0e51a5ef68d43
SHA1

f55663f595b0d5e1bbe7e7b3a7b1c40f44cf7582
SHA256

79df7abee41111f1f435a2b9a91975710d7e180354dc488d3830372dfff41d63
SHA512

e8c9d624b60239e3249bcc7d0e9c9738ee29fe598ba2ff0ca2a2a45a7463ab3c585563ddd23310f529b0beb37e8912d71c9bc277e10a94042116edab7b9b82a1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUg:T+q56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120cd-6.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ee-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186fd-15.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001873d-17.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878f-26.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000187a5-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019023-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019261-45.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-55.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-61.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-71.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001977d-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019838-162.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197f8-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196b1-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196af-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-111.dat	cobalt_reflective_dll
behavioral1/files/0x0034000000018683-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-91.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-51.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001925e-41.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 55 IoCs

miner

resource	yara_rule
behavioral1/memory/2688-0-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x00080000000120cd-6.dat	xmrig
behavioral1/files/0x00070000000186ee-11.dat	xmrig
behavioral1/files/0x00070000000186fd-15.dat	xmrig
behavioral1/files/0x000700000001873d-17.dat	xmrig
behavioral1/files/0x000600000001878f-26.dat	xmrig
behavioral1/files/0x00060000000187a5-30.dat	xmrig
behavioral1/files/0x0007000000019023-36.dat	xmrig
behavioral1/files/0x0007000000019261-45.dat	xmrig
behavioral1/files/0x000500000001960b-55.dat	xmrig
behavioral1/files/0x000500000001960d-61.dat	xmrig
behavioral1/files/0x0005000000019611-71.dat	xmrig
behavioral1/files/0x0005000000019615-78.dat	xmrig
behavioral1/files/0x0005000000019617-85.dat	xmrig
behavioral1/files/0x000500000001961d-107.dat	xmrig
behavioral1/files/0x0005000000019622-122.dat	xmrig
behavioral1/files/0x0005000000019667-135.dat	xmrig
behavioral1/files/0x000500000001977d-148.dat	xmrig
behavioral1/memory/2676-738-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2408-790-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2708-881-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2660-975-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2912-898-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/files/0x0005000000019838-162.dat	xmrig
behavioral1/files/0x00050000000197f8-154.dat	xmrig
behavioral1/files/0x00050000000196b1-145.dat	xmrig
behavioral1/files/0x00050000000196af-141.dat	xmrig
behavioral1/files/0x0005000000019625-131.dat	xmrig
behavioral1/files/0x0005000000019623-126.dat	xmrig
behavioral1/files/0x0005000000019621-117.dat	xmrig
behavioral1/files/0x000500000001961f-111.dat	xmrig
behavioral1/files/0x0034000000018683-101.dat	xmrig
behavioral1/files/0x000500000001961b-97.dat	xmrig
behavioral1/memory/2688-93-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019619-91.dat	xmrig
behavioral1/files/0x0005000000019613-75.dat	xmrig
behavioral1/files/0x000500000001960f-65.dat	xmrig
behavioral1/files/0x0005000000019609-51.dat	xmrig
behavioral1/files/0x000800000001925e-41.dat	xmrig
behavioral1/memory/2552-1098-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2612-1237-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/3016-1242-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/1840-1244-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/1400-1246-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2344-1439-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2724-1569-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2888-1771-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2816-1820-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2688-2620-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2688-2982-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2688-3013-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2816-3901-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2408-3902-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2912-3903-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2888-3904-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2816	EPKFXFM.exe
2676	bSBEdIK.exe
2408	avVwGcI.exe
2708	cJOgzZP.exe
2912	bivQHGp.exe
2660	wUVaWzZ.exe
2552	ILWKNoz.exe
2612	OijKwJG.exe
3016	UshKQcT.exe
1840	ElWAKqC.exe
1400	dWKytVO.exe
2344	YOHMxaW.exe
2724	ppiVqVh.exe
2888	wxgoYoL.exe
2988	YsPzOkW.exe
2268	fAnPgRA.exe
2384	YZqPNlI.exe
1620	UoBIPZY.exe
2348	nlcjxpd.exe
2608	AASRKlq.exe
1744	coZTfgB.exe
1928	RLvIadF.exe
2944	yFMHaMd.exe
2960	KfKKDCe.exe
2732	YWLJRmx.exe
1296	yJYKdQQ.exe
2380	sEFGPzZ.exe
2500	HNcxOmM.exe
1640	USceyPh.exe
2036	DjeCBHE.exe
1624	HZsuPxB.exe
952	dFPPqYz.exe
668	RftmDgh.exe
2508	oNamsOl.exe
980	xwOXtEe.exe
1064	ZmXMLDs.exe
1692	gDnuWUp.exe
2056	DtjakRl.exe
2204	xYuYunZ.exe
1848	WxRvibt.exe
744	BppzUpO.exe
1856	Mjwtmhd.exe
2388	kLwIKYO.exe
600	FFAktUb.exe
2520	EqJxRiL.exe
2320	uFguEOh.exe
3064	rEOTAKT.exe
1616	QtTPZjv.exe
1432	ZqGyMTj.exe
2272	kPgkoIP.exe
2156	ZyAGLLn.exe
852	xXBcdnt.exe
3052	feeMHpo.exe
988	TSvmenj.exe
1992	XzdJeoF.exe
3048	ngahiLR.exe
1636	cJXqEwo.exe
2996	tazcrSg.exe
1528	UbbJNRC.exe
2700	ORJDXQn.exe
2728	OyxAXem.exe
2548	NphzrNv.exe
2668	zKugKST.exe
2904	DxMMmon.exe

Loads dropped DLL 64 IoCs

pid	Process
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 52 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2688-0-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x00080000000120cd-6.dat	upx
behavioral1/files/0x00070000000186ee-11.dat	upx
behavioral1/files/0x00070000000186fd-15.dat	upx
behavioral1/files/0x000700000001873d-17.dat	upx
behavioral1/files/0x000600000001878f-26.dat	upx
behavioral1/files/0x00060000000187a5-30.dat	upx
behavioral1/files/0x0007000000019023-36.dat	upx
behavioral1/files/0x0007000000019261-45.dat	upx
behavioral1/files/0x000500000001960b-55.dat	upx
behavioral1/files/0x000500000001960d-61.dat	upx
behavioral1/files/0x0005000000019611-71.dat	upx
behavioral1/files/0x0005000000019615-78.dat	upx
behavioral1/files/0x0005000000019617-85.dat	upx
behavioral1/files/0x000500000001961d-107.dat	upx
behavioral1/files/0x0005000000019622-122.dat	upx
behavioral1/files/0x0005000000019667-135.dat	upx
behavioral1/files/0x000500000001977d-148.dat	upx
behavioral1/memory/2676-738-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2408-790-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2708-881-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2660-975-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2912-898-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x0005000000019838-162.dat	upx
behavioral1/files/0x00050000000197f8-154.dat	upx
behavioral1/files/0x00050000000196b1-145.dat	upx
behavioral1/files/0x00050000000196af-141.dat	upx
behavioral1/files/0x0005000000019625-131.dat	upx
behavioral1/files/0x0005000000019623-126.dat	upx
behavioral1/files/0x0005000000019621-117.dat	upx
behavioral1/files/0x000500000001961f-111.dat	upx
behavioral1/files/0x0034000000018683-101.dat	upx
behavioral1/files/0x000500000001961b-97.dat	upx
behavioral1/files/0x0005000000019619-91.dat	upx
behavioral1/files/0x0005000000019613-75.dat	upx
behavioral1/files/0x000500000001960f-65.dat	upx
behavioral1/files/0x0005000000019609-51.dat	upx
behavioral1/files/0x000800000001925e-41.dat	upx
behavioral1/memory/2552-1098-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2612-1237-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/3016-1242-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/1840-1244-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/1400-1246-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2344-1439-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2724-1569-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2888-1771-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2816-1820-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2688-2620-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2816-3901-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2408-3902-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2912-3903-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2888-3904-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\aHPPCVe.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LhGPbSG.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WJtMmJY.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEUykDy.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EPKFXFM.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DRMgFOS.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrGAgmV.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UWXOnxw.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvmAxQN.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jZbwHEx.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZKwwDtB.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xunRSJO.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MBHOUXY.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rAyXtwT.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iaWysjV.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ArfcAUF.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jTmQgUP.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ufLkpnr.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EWyIFjh.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xTFxXqq.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sWmgKmp.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WeawrwR.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gBsfoIp.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FiLDmug.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyxAXem.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpdBoHj.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XcLSgXO.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FjIoopC.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zaOSrzp.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fAnPgRA.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BppzUpO.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vZShiCo.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HwkSqPU.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PNjzpOU.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\teGIMkV.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcEzvTl.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lsCUzhE.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IpDffxY.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KHyuCsA.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YOoGENK.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WxwgAfu.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rJTVDBu.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TICyTyX.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DiGGdyb.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JYJltYb.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JUnEZvI.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mhmsURA.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\neXYlnZ.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HerFwPG.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jLcijjR.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vFFfsyE.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXUcUKv.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iolPIFt.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aKNncQS.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhnyakK.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lyvuVjH.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eqYxMEQ.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRfZUfr.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dAXXKiw.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fcbtHfp.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DEUZnWM.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oeJJaGI.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhGwDdf.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yckYVsS.exe	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 2816	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2688 wrote to memory of 2816	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2688 wrote to memory of 2816	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2688 wrote to memory of 2676	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2688 wrote to memory of 2676	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2688 wrote to memory of 2676	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2688 wrote to memory of 2408	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2688 wrote to memory of 2408	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2688 wrote to memory of 2408	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2688 wrote to memory of 2708	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2688 wrote to memory of 2708	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2688 wrote to memory of 2708	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2688 wrote to memory of 2912	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2688 wrote to memory of 2912	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2688 wrote to memory of 2912	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2688 wrote to memory of 2660	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2688 wrote to memory of 2660	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2688 wrote to memory of 2660	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2688 wrote to memory of 2552	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2688 wrote to memory of 2552	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2688 wrote to memory of 2552	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2688 wrote to memory of 2612	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2688 wrote to memory of 2612	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2688 wrote to memory of 2612	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2688 wrote to memory of 3016	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2688 wrote to memory of 3016	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2688 wrote to memory of 3016	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2688 wrote to memory of 1840	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2688 wrote to memory of 1840	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2688 wrote to memory of 1840	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2688 wrote to memory of 1400	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2688 wrote to memory of 1400	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2688 wrote to memory of 1400	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2688 wrote to memory of 2344	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2688 wrote to memory of 2344	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2688 wrote to memory of 2344	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2688 wrote to memory of 2724	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2688 wrote to memory of 2724	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2688 wrote to memory of 2724	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2688 wrote to memory of 2888	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2688 wrote to memory of 2888	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2688 wrote to memory of 2888	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2688 wrote to memory of 2988	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2688 wrote to memory of 2988	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2688 wrote to memory of 2988	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2688 wrote to memory of 2268	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2688 wrote to memory of 2268	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2688 wrote to memory of 2268	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2688 wrote to memory of 2384	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2688 wrote to memory of 2384	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2688 wrote to memory of 2384	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2688 wrote to memory of 1620	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2688 wrote to memory of 1620	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2688 wrote to memory of 1620	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2688 wrote to memory of 2348	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2688 wrote to memory of 2348	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2688 wrote to memory of 2348	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2688 wrote to memory of 2608	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2688 wrote to memory of 2608	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2688 wrote to memory of 2608	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2688 wrote to memory of 1744	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2688 wrote to memory of 1744	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2688 wrote to memory of 1744	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2688 wrote to memory of 1928	2688	2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-14_b85c20251903312624d0e51a5ef68d43_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\System\EPKFXFM.exe
  C:\Windows\System\EPKFXFM.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\bSBEdIK.exe
  C:\Windows\System\bSBEdIK.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\avVwGcI.exe
  C:\Windows\System\avVwGcI.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\cJOgzZP.exe
  C:\Windows\System\cJOgzZP.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\bivQHGp.exe
  C:\Windows\System\bivQHGp.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\wUVaWzZ.exe
  C:\Windows\System\wUVaWzZ.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\ILWKNoz.exe
  C:\Windows\System\ILWKNoz.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\OijKwJG.exe
  C:\Windows\System\OijKwJG.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\UshKQcT.exe
  C:\Windows\System\UshKQcT.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\ElWAKqC.exe
  C:\Windows\System\ElWAKqC.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\dWKytVO.exe
  C:\Windows\System\dWKytVO.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\YOHMxaW.exe
  C:\Windows\System\YOHMxaW.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\ppiVqVh.exe
  C:\Windows\System\ppiVqVh.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\wxgoYoL.exe
  C:\Windows\System\wxgoYoL.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\YsPzOkW.exe
  C:\Windows\System\YsPzOkW.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\fAnPgRA.exe
  C:\Windows\System\fAnPgRA.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\YZqPNlI.exe
  C:\Windows\System\YZqPNlI.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\UoBIPZY.exe
  C:\Windows\System\UoBIPZY.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\nlcjxpd.exe
  C:\Windows\System\nlcjxpd.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\AASRKlq.exe
  C:\Windows\System\AASRKlq.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\coZTfgB.exe
  C:\Windows\System\coZTfgB.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\RLvIadF.exe
  C:\Windows\System\RLvIadF.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\yFMHaMd.exe
  C:\Windows\System\yFMHaMd.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\KfKKDCe.exe
  C:\Windows\System\KfKKDCe.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\YWLJRmx.exe
  C:\Windows\System\YWLJRmx.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\yJYKdQQ.exe
  C:\Windows\System\yJYKdQQ.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\sEFGPzZ.exe
  C:\Windows\System\sEFGPzZ.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\HNcxOmM.exe
  C:\Windows\System\HNcxOmM.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\USceyPh.exe
  C:\Windows\System\USceyPh.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\HZsuPxB.exe
  C:\Windows\System\HZsuPxB.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\DjeCBHE.exe
  C:\Windows\System\DjeCBHE.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\dFPPqYz.exe
  C:\Windows\System\dFPPqYz.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\RftmDgh.exe
  C:\Windows\System\RftmDgh.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\oNamsOl.exe
  C:\Windows\System\oNamsOl.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\xwOXtEe.exe
  C:\Windows\System\xwOXtEe.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\ZmXMLDs.exe
  C:\Windows\System\ZmXMLDs.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\gDnuWUp.exe
  C:\Windows\System\gDnuWUp.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\DtjakRl.exe
  C:\Windows\System\DtjakRl.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\xYuYunZ.exe
  C:\Windows\System\xYuYunZ.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\WxRvibt.exe
  C:\Windows\System\WxRvibt.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\BppzUpO.exe
  C:\Windows\System\BppzUpO.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\Mjwtmhd.exe
  C:\Windows\System\Mjwtmhd.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\kLwIKYO.exe
  C:\Windows\System\kLwIKYO.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\FFAktUb.exe
  C:\Windows\System\FFAktUb.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\EqJxRiL.exe
  C:\Windows\System\EqJxRiL.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\uFguEOh.exe
  C:\Windows\System\uFguEOh.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\rEOTAKT.exe
  C:\Windows\System\rEOTAKT.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\QtTPZjv.exe
  C:\Windows\System\QtTPZjv.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\ZqGyMTj.exe
  C:\Windows\System\ZqGyMTj.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\kPgkoIP.exe
  C:\Windows\System\kPgkoIP.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\ZyAGLLn.exe
  C:\Windows\System\ZyAGLLn.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\xXBcdnt.exe
  C:\Windows\System\xXBcdnt.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\feeMHpo.exe
  C:\Windows\System\feeMHpo.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\TSvmenj.exe
  C:\Windows\System\TSvmenj.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\XzdJeoF.exe
  C:\Windows\System\XzdJeoF.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\tazcrSg.exe
  C:\Windows\System\tazcrSg.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\ngahiLR.exe
  C:\Windows\System\ngahiLR.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\UbbJNRC.exe
  C:\Windows\System\UbbJNRC.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\cJXqEwo.exe
  C:\Windows\System\cJXqEwo.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\ORJDXQn.exe
  C:\Windows\System\ORJDXQn.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\OyxAXem.exe
  C:\Windows\System\OyxAXem.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\dkVUGFh.exe
  C:\Windows\System\dkVUGFh.exe
  2⤵
  PID:3036
- C:\Windows\System\NphzrNv.exe
  C:\Windows\System\NphzrNv.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\BTsOZWp.exe
  C:\Windows\System\BTsOZWp.exe
  2⤵
  PID:2568
- C:\Windows\System\zKugKST.exe
  C:\Windows\System\zKugKST.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\IRfZUfr.exe
  C:\Windows\System\IRfZUfr.exe
  2⤵
  PID:2844
- C:\Windows\System\DxMMmon.exe
  C:\Windows\System\DxMMmon.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\JlzkBUG.exe
  C:\Windows\System\JlzkBUG.exe
  2⤵
  PID:2920
- C:\Windows\System\bazQZxw.exe
  C:\Windows\System\bazQZxw.exe
  2⤵
  PID:1612
- C:\Windows\System\aKNncQS.exe
  C:\Windows\System\aKNncQS.exe
  2⤵
  PID:536
- C:\Windows\System\FoyFQIe.exe
  C:\Windows\System\FoyFQIe.exe
  2⤵
  PID:2052
- C:\Windows\System\THyKoAt.exe
  C:\Windows\System\THyKoAt.exe
  2⤵
  PID:1660
- C:\Windows\System\bSUmzTD.exe
  C:\Windows\System\bSUmzTD.exe
  2⤵
  PID:1824
- C:\Windows\System\EttHcIC.exe
  C:\Windows\System\EttHcIC.exe
  2⤵
  PID:2360
- C:\Windows\System\ZiuOTKZ.exe
  C:\Windows\System\ZiuOTKZ.exe
  2⤵
  PID:2376
- C:\Windows\System\ZSKXiUp.exe
  C:\Windows\System\ZSKXiUp.exe
  2⤵
  PID:2352
- C:\Windows\System\izleuUk.exe
  C:\Windows\System\izleuUk.exe
  2⤵
  PID:1100
- C:\Windows\System\WenRAxg.exe
  C:\Windows\System\WenRAxg.exe
  2⤵
  PID:1908
- C:\Windows\System\gKhmLqn.exe
  C:\Windows\System\gKhmLqn.exe
  2⤵
  PID:1536
- C:\Windows\System\FiopUzT.exe
  C:\Windows\System\FiopUzT.exe
  2⤵
  PID:1544
- C:\Windows\System\EcGzQDS.exe
  C:\Windows\System\EcGzQDS.exe
  2⤵
  PID:1960
- C:\Windows\System\koivAxb.exe
  C:\Windows\System\koivAxb.exe
  2⤵
  PID:1700
- C:\Windows\System\hhXzNXS.exe
  C:\Windows\System\hhXzNXS.exe
  2⤵
  PID:1272
- C:\Windows\System\ICQtijg.exe
  C:\Windows\System\ICQtijg.exe
  2⤵
  PID:1884
- C:\Windows\System\ecynaIb.exe
  C:\Windows\System\ecynaIb.exe
  2⤵
  PID:1984
- C:\Windows\System\sSHSPvg.exe
  C:\Windows\System\sSHSPvg.exe
  2⤵
  PID:2296
- C:\Windows\System\CgYwKNm.exe
  C:\Windows\System\CgYwKNm.exe
  2⤵
  PID:2328
- C:\Windows\System\DRMgFOS.exe
  C:\Windows\System\DRMgFOS.exe
  2⤵
  PID:1352
- C:\Windows\System\xhDIsyU.exe
  C:\Windows\System\xhDIsyU.exe
  2⤵
  PID:1836
- C:\Windows\System\ATbseBG.exe
  C:\Windows\System\ATbseBG.exe
  2⤵
  PID:1720
- C:\Windows\System\YWEUAKT.exe
  C:\Windows\System\YWEUAKT.exe
  2⤵
  PID:2288
- C:\Windows\System\CGMzQVb.exe
  C:\Windows\System\CGMzQVb.exe
  2⤵
  PID:2796
- C:\Windows\System\RwZhIfN.exe
  C:\Windows\System\RwZhIfN.exe
  2⤵
  PID:1888
- C:\Windows\System\LqrWkgN.exe
  C:\Windows\System\LqrWkgN.exe
  2⤵
  PID:1244
- C:\Windows\System\ciLuDqg.exe
  C:\Windows\System\ciLuDqg.exe
  2⤵
  PID:2564
- C:\Windows\System\aXNhYKW.exe
  C:\Windows\System\aXNhYKW.exe
  2⤵
  PID:1712
- C:\Windows\System\MUaqIhK.exe
  C:\Windows\System\MUaqIhK.exe
  2⤵
  PID:3012
- C:\Windows\System\eASZyld.exe
  C:\Windows\System\eASZyld.exe
  2⤵
  PID:3000
- C:\Windows\System\TBUdDMX.exe
  C:\Windows\System\TBUdDMX.exe
  2⤵
  PID:2224
- C:\Windows\System\egFteZB.exe
  C:\Windows\System\egFteZB.exe
  2⤵
  PID:912
- C:\Windows\System\XkalRWF.exe
  C:\Windows\System\XkalRWF.exe
  2⤵
  PID:2528
- C:\Windows\System\OiFovyc.exe
  C:\Windows\System\OiFovyc.exe
  2⤵
  PID:1608
- C:\Windows\System\dalaVnX.exe
  C:\Windows\System\dalaVnX.exe
  2⤵
  PID:1952
- C:\Windows\System\lOaIQOT.exe
  C:\Windows\System\lOaIQOT.exe
  2⤵
  PID:876
- C:\Windows\System\aHPPCVe.exe
  C:\Windows\System\aHPPCVe.exe
  2⤵
  PID:1956
- C:\Windows\System\AcwAoBy.exe
  C:\Windows\System\AcwAoBy.exe
  2⤵
  PID:280
- C:\Windows\System\fxcwkqn.exe
  C:\Windows\System\fxcwkqn.exe
  2⤵
  PID:1448
- C:\Windows\System\ommySmj.exe
  C:\Windows\System\ommySmj.exe
  2⤵
  PID:2492
- C:\Windows\System\jrGAgmV.exe
  C:\Windows\System\jrGAgmV.exe
  2⤵
  PID:1828
- C:\Windows\System\HCBuAxB.exe
  C:\Windows\System\HCBuAxB.exe
  2⤵
  PID:2800
- C:\Windows\System\jdgmvUO.exe
  C:\Windows\System\jdgmvUO.exe
  2⤵
  PID:2524
- C:\Windows\System\SwsQZfn.exe
  C:\Windows\System\SwsQZfn.exe
  2⤵
  PID:2000
- C:\Windows\System\RIeXFdf.exe
  C:\Windows\System\RIeXFdf.exe
  2⤵
  PID:3028
- C:\Windows\System\COiFQxg.exe
  C:\Windows\System\COiFQxg.exe
  2⤵
  PID:1652
- C:\Windows\System\NSpwhuv.exe
  C:\Windows\System\NSpwhuv.exe
  2⤵
  PID:1452
- C:\Windows\System\azYpnQq.exe
  C:\Windows\System\azYpnQq.exe
  2⤵
  PID:580
- C:\Windows\System\lPLUEfX.exe
  C:\Windows\System\lPLUEfX.exe
  2⤵
  PID:1520
- C:\Windows\System\kjokNEI.exe
  C:\Windows\System\kjokNEI.exe
  2⤵
  PID:2808
- C:\Windows\System\GGkVuiy.exe
  C:\Windows\System\GGkVuiy.exe
  2⤵
  PID:2252
- C:\Windows\System\bvmkIfX.exe
  C:\Windows\System\bvmkIfX.exe
  2⤵
  PID:948
- C:\Windows\System\zXpTkRI.exe
  C:\Windows\System\zXpTkRI.exe
  2⤵
  PID:1732
- C:\Windows\System\FWiHTUQ.exe
  C:\Windows\System\FWiHTUQ.exe
  2⤵
  PID:3080
- C:\Windows\System\oMGZaJi.exe
  C:\Windows\System\oMGZaJi.exe
  2⤵
  PID:3100
- C:\Windows\System\PvMshsN.exe
  C:\Windows\System\PvMshsN.exe
  2⤵
  PID:3116
- C:\Windows\System\hAxBUDB.exe
  C:\Windows\System\hAxBUDB.exe
  2⤵
  PID:3144
- C:\Windows\System\UWXOnxw.exe
  C:\Windows\System\UWXOnxw.exe
  2⤵
  PID:3164
- C:\Windows\System\neXYlnZ.exe
  C:\Windows\System\neXYlnZ.exe
  2⤵
  PID:3188
- C:\Windows\System\SCfMjyB.exe
  C:\Windows\System\SCfMjyB.exe
  2⤵
  PID:3204
- C:\Windows\System\OVEFQrT.exe
  C:\Windows\System\OVEFQrT.exe
  2⤵
  PID:3220
- C:\Windows\System\IaKeZrD.exe
  C:\Windows\System\IaKeZrD.exe
  2⤵
  PID:3244
- C:\Windows\System\eBEIyoX.exe
  C:\Windows\System\eBEIyoX.exe
  2⤵
  PID:3268
- C:\Windows\System\vFtySNZ.exe
  C:\Windows\System\vFtySNZ.exe
  2⤵
  PID:3284
- C:\Windows\System\ZNmfxpl.exe
  C:\Windows\System\ZNmfxpl.exe
  2⤵
  PID:3308
- C:\Windows\System\NlvZpjX.exe
  C:\Windows\System\NlvZpjX.exe
  2⤵
  PID:3328
- C:\Windows\System\QeQSPOR.exe
  C:\Windows\System\QeQSPOR.exe
  2⤵
  PID:3348
- C:\Windows\System\MfBSsrX.exe
  C:\Windows\System\MfBSsrX.exe
  2⤵
  PID:3368
- C:\Windows\System\TElcJob.exe
  C:\Windows\System\TElcJob.exe
  2⤵
  PID:3384
- C:\Windows\System\AsZCPIv.exe
  C:\Windows\System\AsZCPIv.exe
  2⤵
  PID:3400
- C:\Windows\System\vZShiCo.exe
  C:\Windows\System\vZShiCo.exe
  2⤵
  PID:3424
- C:\Windows\System\erksHAA.exe
  C:\Windows\System\erksHAA.exe
  2⤵
  PID:3448
- C:\Windows\System\PzIgzcG.exe
  C:\Windows\System\PzIgzcG.exe
  2⤵
  PID:3464
- C:\Windows\System\ZKwwDtB.exe
  C:\Windows\System\ZKwwDtB.exe
  2⤵
  PID:3484
- C:\Windows\System\lNMSDDc.exe
  C:\Windows\System\lNMSDDc.exe
  2⤵
  PID:3500
- C:\Windows\System\rPmhptY.exe
  C:\Windows\System\rPmhptY.exe
  2⤵
  PID:3532
- C:\Windows\System\BsvSiwz.exe
  C:\Windows\System\BsvSiwz.exe
  2⤵
  PID:3552
- C:\Windows\System\AKOODiz.exe
  C:\Windows\System\AKOODiz.exe
  2⤵
  PID:3572
- C:\Windows\System\SkDnuDB.exe
  C:\Windows\System\SkDnuDB.exe
  2⤵
  PID:3588
- C:\Windows\System\NVYfNDg.exe
  C:\Windows\System\NVYfNDg.exe
  2⤵
  PID:3608
- C:\Windows\System\bfjzfck.exe
  C:\Windows\System\bfjzfck.exe
  2⤵
  PID:3632
- C:\Windows\System\lpdBoHj.exe
  C:\Windows\System\lpdBoHj.exe
  2⤵
  PID:3652
- C:\Windows\System\vbvvOgY.exe
  C:\Windows\System\vbvvOgY.exe
  2⤵
  PID:3672
- C:\Windows\System\PBhFsDU.exe
  C:\Windows\System\PBhFsDU.exe
  2⤵
  PID:3692
- C:\Windows\System\AchhnlL.exe
  C:\Windows\System\AchhnlL.exe
  2⤵
  PID:3708
- C:\Windows\System\YfJVVGR.exe
  C:\Windows\System\YfJVVGR.exe
  2⤵
  PID:3732
- C:\Windows\System\EGGqfFW.exe
  C:\Windows\System\EGGqfFW.exe
  2⤵
  PID:3748
- C:\Windows\System\SMWGizV.exe
  C:\Windows\System\SMWGizV.exe
  2⤵
  PID:3772
- C:\Windows\System\ClXUTIj.exe
  C:\Windows\System\ClXUTIj.exe
  2⤵
  PID:3788
- C:\Windows\System\gERbghQ.exe
  C:\Windows\System\gERbghQ.exe
  2⤵
  PID:3808
- C:\Windows\System\rVuvLYD.exe
  C:\Windows\System\rVuvLYD.exe
  2⤵
  PID:3828
- C:\Windows\System\zPQbWsq.exe
  C:\Windows\System\zPQbWsq.exe
  2⤵
  PID:3852
- C:\Windows\System\YecAnFM.exe
  C:\Windows\System\YecAnFM.exe
  2⤵
  PID:3872
- C:\Windows\System\AAnYxRw.exe
  C:\Windows\System\AAnYxRw.exe
  2⤵
  PID:3888
- C:\Windows\System\chxvzkv.exe
  C:\Windows\System\chxvzkv.exe
  2⤵
  PID:3908
- C:\Windows\System\IOQUJay.exe
  C:\Windows\System\IOQUJay.exe
  2⤵
  PID:3932
- C:\Windows\System\VBmYtMn.exe
  C:\Windows\System\VBmYtMn.exe
  2⤵
  PID:3948
- C:\Windows\System\ePUjJwn.exe
  C:\Windows\System\ePUjJwn.exe
  2⤵
  PID:3968
- C:\Windows\System\uFuBPnW.exe
  C:\Windows\System\uFuBPnW.exe
  2⤵
  PID:3984
- C:\Windows\System\TOvWMOc.exe
  C:\Windows\System\TOvWMOc.exe
  2⤵
  PID:4008
- C:\Windows\System\hirMzIa.exe
  C:\Windows\System\hirMzIa.exe
  2⤵
  PID:4028
- C:\Windows\System\DQEycDN.exe
  C:\Windows\System\DQEycDN.exe
  2⤵
  PID:4044
- C:\Windows\System\txEKsRi.exe
  C:\Windows\System\txEKsRi.exe
  2⤵
  PID:4068
- C:\Windows\System\UDLOyYK.exe
  C:\Windows\System\UDLOyYK.exe
  2⤵
  PID:4088
- C:\Windows\System\xbDHfai.exe
  C:\Windows\System\xbDHfai.exe
  2⤵
  PID:1492
- C:\Windows\System\kPBLrKK.exe
  C:\Windows\System\kPBLrKK.exe
  2⤵
  PID:1980
- C:\Windows\System\xulbFsG.exe
  C:\Windows\System\xulbFsG.exe
  2⤵
  PID:1476
- C:\Windows\System\jiGhHkB.exe
  C:\Windows\System\jiGhHkB.exe
  2⤵
  PID:2200
- C:\Windows\System\uqxeMCG.exe
  C:\Windows\System\uqxeMCG.exe
  2⤵
  PID:1044
- C:\Windows\System\TgVSOGA.exe
  C:\Windows\System\TgVSOGA.exe
  2⤵
  PID:1184
- C:\Windows\System\AYDFNFt.exe
  C:\Windows\System\AYDFNFt.exe
  2⤵
  PID:688
- C:\Windows\System\jQpvvHE.exe
  C:\Windows\System\jQpvvHE.exe
  2⤵
  PID:1676
- C:\Windows\System\lngnRGB.exe
  C:\Windows\System\lngnRGB.exe
  2⤵
  PID:2600
- C:\Windows\System\ldTJbIx.exe
  C:\Windows\System\ldTJbIx.exe
  2⤵
  PID:1776
- C:\Windows\System\VZePlzY.exe
  C:\Windows\System\VZePlzY.exe
  2⤵
  PID:3156
- C:\Windows\System\NLJLljc.exe
  C:\Windows\System\NLJLljc.exe
  2⤵
  PID:3096
- C:\Windows\System\wXarilL.exe
  C:\Windows\System\wXarilL.exe
  2⤵
  PID:1128
- C:\Windows\System\ZohoXYE.exe
  C:\Windows\System\ZohoXYE.exe
  2⤵
  PID:3200
- C:\Windows\System\zSduROL.exe
  C:\Windows\System\zSduROL.exe
  2⤵
  PID:3232
- C:\Windows\System\pdpeqzv.exe
  C:\Windows\System\pdpeqzv.exe
  2⤵
  PID:3180
- C:\Windows\System\XwUmmcW.exe
  C:\Windows\System\XwUmmcW.exe
  2⤵
  PID:3252
- C:\Windows\System\HwkSqPU.exe
  C:\Windows\System\HwkSqPU.exe
  2⤵
  PID:3296
- C:\Windows\System\abTqXce.exe
  C:\Windows\System\abTqXce.exe
  2⤵
  PID:3364
- C:\Windows\System\OfRuyCW.exe
  C:\Windows\System\OfRuyCW.exe
  2⤵
  PID:3412
- C:\Windows\System\XZMrJum.exe
  C:\Windows\System\XZMrJum.exe
  2⤵
  PID:3440
- C:\Windows\System\jahfWQt.exe
  C:\Windows\System\jahfWQt.exe
  2⤵
  PID:3480
- C:\Windows\System\gMALUgC.exe
  C:\Windows\System\gMALUgC.exe
  2⤵
  PID:3512
- C:\Windows\System\WOiGHyA.exe
  C:\Windows\System\WOiGHyA.exe
  2⤵
  PID:3516
- C:\Windows\System\XTOpaCY.exe
  C:\Windows\System\XTOpaCY.exe
  2⤵
  PID:3568
- C:\Windows\System\OdUBwto.exe
  C:\Windows\System\OdUBwto.exe
  2⤵
  PID:3584
- C:\Windows\System\sdwwNyj.exe
  C:\Windows\System\sdwwNyj.exe
  2⤵
  PID:3644
- C:\Windows\System\DSgRCve.exe
  C:\Windows\System\DSgRCve.exe
  2⤵
  PID:3688
- C:\Windows\System\EbtYtAr.exe
  C:\Windows\System\EbtYtAr.exe
  2⤵
  PID:3720
- C:\Windows\System\mtQJwwP.exe
  C:\Windows\System\mtQJwwP.exe
  2⤵
  PID:3704
- C:\Windows\System\pHCUKkc.exe
  C:\Windows\System\pHCUKkc.exe
  2⤵
  PID:3768
- C:\Windows\System\dAXXKiw.exe
  C:\Windows\System\dAXXKiw.exe
  2⤵
  PID:3836
- C:\Windows\System\vGPsFEl.exe
  C:\Windows\System\vGPsFEl.exe
  2⤵
  PID:3880
- C:\Windows\System\hAbMiXq.exe
  C:\Windows\System\hAbMiXq.exe
  2⤵
  PID:3820
- C:\Windows\System\TJqfXzC.exe
  C:\Windows\System\TJqfXzC.exe
  2⤵
  PID:3928
- C:\Windows\System\jGEKHkL.exe
  C:\Windows\System\jGEKHkL.exe
  2⤵
  PID:3992
- C:\Windows\System\vArezco.exe
  C:\Windows\System\vArezco.exe
  2⤵
  PID:4036
- C:\Windows\System\LXHNnsS.exe
  C:\Windows\System\LXHNnsS.exe
  2⤵
  PID:3864
- C:\Windows\System\yqOuAmC.exe
  C:\Windows\System\yqOuAmC.exe
  2⤵
  PID:3900
- C:\Windows\System\TICyTyX.exe
  C:\Windows\System\TICyTyX.exe
  2⤵
  PID:2636
- C:\Windows\System\IsQepAG.exe
  C:\Windows\System\IsQepAG.exe
  2⤵
  PID:1420
- C:\Windows\System\jlJfPay.exe
  C:\Windows\System\jlJfPay.exe
  2⤵
  PID:2664
- C:\Windows\System\hvMopPK.exe
  C:\Windows\System\hvMopPK.exe
  2⤵
  PID:4064
- C:\Windows\System\SBaaIkQ.exe
  C:\Windows\System\SBaaIkQ.exe
  2⤵
  PID:2116
- C:\Windows\System\PotLAvn.exe
  C:\Windows\System\PotLAvn.exe
  2⤵
  PID:3136
- C:\Windows\System\EKEPNci.exe
  C:\Windows\System\EKEPNci.exe
  2⤵
  PID:756
- C:\Windows\System\qilEOgM.exe
  C:\Windows\System\qilEOgM.exe
  2⤵
  PID:1704
- C:\Windows\System\ruzfiAT.exe
  C:\Windows\System\ruzfiAT.exe
  2⤵
  PID:3292
- C:\Windows\System\RRIrDev.exe
  C:\Windows\System\RRIrDev.exe
  2⤵
  PID:3396
- C:\Windows\System\uzglLBg.exe
  C:\Windows\System\uzglLBg.exe
  2⤵
  PID:3408
- C:\Windows\System\uhnyakK.exe
  C:\Windows\System\uhnyakK.exe
  2⤵
  PID:3476
- C:\Windows\System\OCjoiHN.exe
  C:\Windows\System\OCjoiHN.exe
  2⤵
  PID:3600
- C:\Windows\System\mQuPqnB.exe
  C:\Windows\System\mQuPqnB.exe
  2⤵
  PID:3316
- C:\Windows\System\AsUbBmx.exe
  C:\Windows\System\AsUbBmx.exe
  2⤵
  PID:3304
- C:\Windows\System\AXjgDVB.exe
  C:\Windows\System\AXjgDVB.exe
  2⤵
  PID:3240
- C:\Windows\System\nOqovBn.exe
  C:\Windows\System\nOqovBn.exe
  2⤵
  PID:3420
- C:\Windows\System\uHWjiTn.exe
  C:\Windows\System\uHWjiTn.exe
  2⤵
  PID:3816
- C:\Windows\System\LhGPbSG.exe
  C:\Windows\System\LhGPbSG.exe
  2⤵
  PID:3496
- C:\Windows\System\pohCFoN.exe
  C:\Windows\System\pohCFoN.exe
  2⤵
  PID:3492
- C:\Windows\System\osRTgOe.exe
  C:\Windows\System\osRTgOe.exe
  2⤵
  PID:3648
- C:\Windows\System\BtWOjlq.exe
  C:\Windows\System\BtWOjlq.exe
  2⤵
  PID:3728
- C:\Windows\System\xunRSJO.exe
  C:\Windows\System\xunRSJO.exe
  2⤵
  PID:1668
- C:\Windows\System\KIQtFpk.exe
  C:\Windows\System\KIQtFpk.exe
  2⤵
  PID:880
- C:\Windows\System\RYuTtsS.exe
  C:\Windows\System\RYuTtsS.exe
  2⤵
  PID:3744
- C:\Windows\System\XVImAKI.exe
  C:\Windows\System\XVImAKI.exe
  2⤵
  PID:3924
- C:\Windows\System\TZYmJhn.exe
  C:\Windows\System\TZYmJhn.exe
  2⤵
  PID:3108
- C:\Windows\System\Eovmmfd.exe
  C:\Windows\System\Eovmmfd.exe
  2⤵
  PID:1132
- C:\Windows\System\nzkxKlR.exe
  C:\Windows\System\nzkxKlR.exe
  2⤵
  PID:1424
- C:\Windows\System\ZkhvHcO.exe
  C:\Windows\System\ZkhvHcO.exe
  2⤵
  PID:3380
- C:\Windows\System\IoguUoR.exe
  C:\Windows\System\IoguUoR.exe
  2⤵
  PID:3524
- C:\Windows\System\JRxKOJV.exe
  C:\Windows\System\JRxKOJV.exe
  2⤵
  PID:2848
- C:\Windows\System\WZoDLGh.exe
  C:\Windows\System\WZoDLGh.exe
  2⤵
  PID:2712
- C:\Windows\System\VNtXoQU.exe
  C:\Windows\System\VNtXoQU.exe
  2⤵
  PID:2872
- C:\Windows\System\DTkXAGS.exe
  C:\Windows\System\DTkXAGS.exe
  2⤵
  PID:1936
- C:\Windows\System\KSZSALC.exe
  C:\Windows\System\KSZSALC.exe
  2⤵
  PID:3032
- C:\Windows\System\SSVWohf.exe
  C:\Windows\System\SSVWohf.exe
  2⤵
  PID:2880
- C:\Windows\System\SIhUMwS.exe
  C:\Windows\System\SIhUMwS.exe
  2⤵
  PID:1932
- C:\Windows\System\AcTJTcP.exe
  C:\Windows\System\AcTJTcP.exe
  2⤵
  PID:1924
- C:\Windows\System\hOwAiEC.exe
  C:\Windows\System\hOwAiEC.exe
  2⤵
  PID:2584
- C:\Windows\System\ZkkyKtm.exe
  C:\Windows\System\ZkkyKtm.exe
  2⤵
  PID:2952
- C:\Windows\System\ArfHQal.exe
  C:\Windows\System\ArfHQal.exe
  2⤵
  PID:2420
- C:\Windows\System\ITnIplE.exe
  C:\Windows\System\ITnIplE.exe
  2⤵
  PID:4080
- C:\Windows\System\yeFqMMw.exe
  C:\Windows\System\yeFqMMw.exe
  2⤵
  PID:2396
- C:\Windows\System\hIUzmAG.exe
  C:\Windows\System\hIUzmAG.exe
  2⤵
  PID:3716
- C:\Windows\System\BmuLJMe.exe
  C:\Windows\System\BmuLJMe.exe
  2⤵
  PID:3964
- C:\Windows\System\thsrxpd.exe
  C:\Windows\System\thsrxpd.exe
  2⤵
  PID:2740
- C:\Windows\System\WZDuLOT.exe
  C:\Windows\System\WZDuLOT.exe
  2⤵
  PID:3940
- C:\Windows\System\GEdbKQb.exe
  C:\Windows\System\GEdbKQb.exe
  2⤵
  PID:1868
- C:\Windows\System\QTiATPB.exe
  C:\Windows\System\QTiATPB.exe
  2⤵
  PID:544
- C:\Windows\System\wVuqfOV.exe
  C:\Windows\System\wVuqfOV.exe
  2⤵
  PID:4004
- C:\Windows\System\xAzIKJK.exe
  C:\Windows\System\xAzIKJK.exe
  2⤵
  PID:4060
- C:\Windows\System\CTkspjY.exe
  C:\Windows\System\CTkspjY.exe
  2⤵
  PID:3160
- C:\Windows\System\THHCNTg.exe
  C:\Windows\System\THHCNTg.exe
  2⤵
  PID:3528
- C:\Windows\System\wdoeeAF.exe
  C:\Windows\System\wdoeeAF.exe
  2⤵
  PID:3624
- C:\Windows\System\WbuKQqm.exe
  C:\Windows\System\WbuKQqm.exe
  2⤵
  PID:2656
- C:\Windows\System\JKdvtsr.exe
  C:\Windows\System\JKdvtsr.exe
  2⤵
  PID:2936
- C:\Windows\System\RUHBYpr.exe
  C:\Windows\System\RUHBYpr.exe
  2⤵
  PID:2868
- C:\Windows\System\GuIGjUP.exe
  C:\Windows\System\GuIGjUP.exe
  2⤵
  PID:1532
- C:\Windows\System\jtWfWJk.exe
  C:\Windows\System\jtWfWJk.exe
  2⤵
  PID:1572
- C:\Windows\System\ToyiTbU.exe
  C:\Windows\System\ToyiTbU.exe
  2⤵
  PID:3128
- C:\Windows\System\CZkfTCu.exe
  C:\Windows\System\CZkfTCu.exe
  2⤵
  PID:1736
- C:\Windows\System\ZuNfgWa.exe
  C:\Windows\System\ZuNfgWa.exe
  2⤵
  PID:3960
- C:\Windows\System\imalvzx.exe
  C:\Windows\System\imalvzx.exe
  2⤵
  PID:3668
- C:\Windows\System\XcLSgXO.exe
  C:\Windows\System\XcLSgXO.exe
  2⤵
  PID:1584
- C:\Windows\System\nsJlEun.exe
  C:\Windows\System\nsJlEun.exe
  2⤵
  PID:2756
- C:\Windows\System\ilbWmHm.exe
  C:\Windows\System\ilbWmHm.exe
  2⤵
  PID:2356
- C:\Windows\System\gQuCyMo.exe
  C:\Windows\System\gQuCyMo.exe
  2⤵
  PID:2648
- C:\Windows\System\drcXxKW.exe
  C:\Windows\System\drcXxKW.exe
  2⤵
  PID:2080
- C:\Windows\System\shvDtUa.exe
  C:\Windows\System\shvDtUa.exe
  2⤵
  PID:1280
- C:\Windows\System\SYXvevW.exe
  C:\Windows\System\SYXvevW.exe
  2⤵
  PID:620
- C:\Windows\System\YfApTVw.exe
  C:\Windows\System\YfApTVw.exe
  2⤵
  PID:2188
- C:\Windows\System\xdROmvW.exe
  C:\Windows\System\xdROmvW.exe
  2⤵
  PID:4100
- C:\Windows\System\sPFxZkx.exe
  C:\Windows\System\sPFxZkx.exe
  2⤵
  PID:4116
- C:\Windows\System\ueWGhrM.exe
  C:\Windows\System\ueWGhrM.exe
  2⤵
  PID:4136
- C:\Windows\System\bJuDNfK.exe
  C:\Windows\System\bJuDNfK.exe
  2⤵
  PID:4152
- C:\Windows\System\JweVazO.exe
  C:\Windows\System\JweVazO.exe
  2⤵
  PID:4168
- C:\Windows\System\ADdwYkr.exe
  C:\Windows\System\ADdwYkr.exe
  2⤵
  PID:4184
- C:\Windows\System\QmhpiMN.exe
  C:\Windows\System\QmhpiMN.exe
  2⤵
  PID:4204
- C:\Windows\System\TgJJBOh.exe
  C:\Windows\System\TgJJBOh.exe
  2⤵
  PID:4220
- C:\Windows\System\YWmqkHt.exe
  C:\Windows\System\YWmqkHt.exe
  2⤵
  PID:4236
- C:\Windows\System\DBvpFSN.exe
  C:\Windows\System\DBvpFSN.exe
  2⤵
  PID:4256
- C:\Windows\System\BoKCfCa.exe
  C:\Windows\System\BoKCfCa.exe
  2⤵
  PID:4276
- C:\Windows\System\tHmlqRY.exe
  C:\Windows\System\tHmlqRY.exe
  2⤵
  PID:4292
- C:\Windows\System\kQSrSnn.exe
  C:\Windows\System\kQSrSnn.exe
  2⤵
  PID:4320
- C:\Windows\System\mRjfrVD.exe
  C:\Windows\System\mRjfrVD.exe
  2⤵
  PID:4340
- C:\Windows\System\vMbqAIJ.exe
  C:\Windows\System\vMbqAIJ.exe
  2⤵
  PID:4376
- C:\Windows\System\bhQTHqH.exe
  C:\Windows\System\bhQTHqH.exe
  2⤵
  PID:4392
- C:\Windows\System\ITGWfqh.exe
  C:\Windows\System\ITGWfqh.exe
  2⤵
  PID:4412
- C:\Windows\System\nqWgFHd.exe
  C:\Windows\System\nqWgFHd.exe
  2⤵
  PID:4432
- C:\Windows\System\ePIHybQ.exe
  C:\Windows\System\ePIHybQ.exe
  2⤵
  PID:4452
- C:\Windows\System\YbkSylt.exe
  C:\Windows\System\YbkSylt.exe
  2⤵
  PID:4468
- C:\Windows\System\jKqlmLQ.exe
  C:\Windows\System\jKqlmLQ.exe
  2⤵
  PID:4492
- C:\Windows\System\lXglESF.exe
  C:\Windows\System\lXglESF.exe
  2⤵
  PID:4508
- C:\Windows\System\TLMGIrd.exe
  C:\Windows\System\TLMGIrd.exe
  2⤵
  PID:4532
- C:\Windows\System\ywvbYWf.exe
  C:\Windows\System\ywvbYWf.exe
  2⤵
  PID:4548
- C:\Windows\System\SLyYaiO.exe
  C:\Windows\System\SLyYaiO.exe
  2⤵
  PID:4564
- C:\Windows\System\BbCaTIC.exe
  C:\Windows\System\BbCaTIC.exe
  2⤵
  PID:4584
- C:\Windows\System\PNjzpOU.exe
  C:\Windows\System\PNjzpOU.exe
  2⤵
  PID:4604
- C:\Windows\System\cGrzVBM.exe
  C:\Windows\System\cGrzVBM.exe
  2⤵
  PID:4620
- C:\Windows\System\CnYxoHk.exe
  C:\Windows\System\CnYxoHk.exe
  2⤵
  PID:4640
- C:\Windows\System\JVCigqa.exe
  C:\Windows\System\JVCigqa.exe
  2⤵
  PID:4660
- C:\Windows\System\qDWSJBQ.exe
  C:\Windows\System\qDWSJBQ.exe
  2⤵
  PID:4676
- C:\Windows\System\OJHpPGr.exe
  C:\Windows\System\OJHpPGr.exe
  2⤵
  PID:4692
- C:\Windows\System\mjBnRho.exe
  C:\Windows\System\mjBnRho.exe
  2⤵
  PID:4708
- C:\Windows\System\dBbbwYG.exe
  C:\Windows\System\dBbbwYG.exe
  2⤵
  PID:4724
- C:\Windows\System\iPLnrgo.exe
  C:\Windows\System\iPLnrgo.exe
  2⤵
  PID:4740
- C:\Windows\System\oUecQqW.exe
  C:\Windows\System\oUecQqW.exe
  2⤵
  PID:4760
- C:\Windows\System\venwrZY.exe
  C:\Windows\System\venwrZY.exe
  2⤵
  PID:4776
- C:\Windows\System\IoSRdAF.exe
  C:\Windows\System\IoSRdAF.exe
  2⤵
  PID:4796
- C:\Windows\System\qTovNfn.exe
  C:\Windows\System\qTovNfn.exe
  2⤵
  PID:4812
- C:\Windows\System\HerFwPG.exe
  C:\Windows\System\HerFwPG.exe
  2⤵
  PID:4828
- C:\Windows\System\DiGGdyb.exe
  C:\Windows\System\DiGGdyb.exe
  2⤵
  PID:4856
- C:\Windows\System\PSjNmUc.exe
  C:\Windows\System\PSjNmUc.exe
  2⤵
  PID:4872
- C:\Windows\System\DmvKtRP.exe
  C:\Windows\System\DmvKtRP.exe
  2⤵
  PID:4896
- C:\Windows\System\fcbtHfp.exe
  C:\Windows\System\fcbtHfp.exe
  2⤵
  PID:4916
- C:\Windows\System\EnkKRRc.exe
  C:\Windows\System\EnkKRRc.exe
  2⤵
  PID:4936
- C:\Windows\System\mrmlAsg.exe
  C:\Windows\System\mrmlAsg.exe
  2⤵
  PID:4956
- C:\Windows\System\FjIoopC.exe
  C:\Windows\System\FjIoopC.exe
  2⤵
  PID:5052
- C:\Windows\System\aeGwSxe.exe
  C:\Windows\System\aeGwSxe.exe
  2⤵
  PID:5068
- C:\Windows\System\WJllrYz.exe
  C:\Windows\System\WJllrYz.exe
  2⤵
  PID:5084
- C:\Windows\System\kIqxEiz.exe
  C:\Windows\System\kIqxEiz.exe
  2⤵
  PID:4112
- C:\Windows\System\MBHOUXY.exe
  C:\Windows\System\MBHOUXY.exe
  2⤵
  PID:4176
- C:\Windows\System\rKTDsuB.exe
  C:\Windows\System\rKTDsuB.exe
  2⤵
  PID:4244
- C:\Windows\System\qFjVHrY.exe
  C:\Windows\System\qFjVHrY.exe
  2⤵
  PID:4288
- C:\Windows\System\CjIuSfs.exe
  C:\Windows\System\CjIuSfs.exe
  2⤵
  PID:4192
- C:\Windows\System\KwetuJB.exe
  C:\Windows\System\KwetuJB.exe
  2⤵
  PID:4424
- C:\Windows\System\EVeAcwr.exe
  C:\Windows\System\EVeAcwr.exe
  2⤵
  PID:4464
- C:\Windows\System\TMlJxvZ.exe
  C:\Windows\System\TMlJxvZ.exe
  2⤵
  PID:4544
- C:\Windows\System\OOysEIm.exe
  C:\Windows\System\OOysEIm.exe
  2⤵
  PID:3848
- C:\Windows\System\Sjkucfd.exe
  C:\Windows\System\Sjkucfd.exe
  2⤵
  PID:4652
- C:\Windows\System\lRLOrbm.exe
  C:\Windows\System\lRLOrbm.exe
  2⤵
  PID:540
- C:\Windows\System\uTSjgoC.exe
  C:\Windows\System\uTSjgoC.exe
  2⤵
  PID:3660
- C:\Windows\System\Jbblljq.exe
  C:\Windows\System\Jbblljq.exe
  2⤵
  PID:4748
- C:\Windows\System\gcyswao.exe
  C:\Windows\System\gcyswao.exe
  2⤵
  PID:4788
- C:\Windows\System\oYEKltq.exe
  C:\Windows\System\oYEKltq.exe
  2⤵
  PID:2744
- C:\Windows\System\AtBGoAt.exe
  C:\Windows\System\AtBGoAt.exe
  2⤵
  PID:2932
- C:\Windows\System\OAnbDDZ.exe
  C:\Windows\System\OAnbDDZ.exe
  2⤵
  PID:2776
- C:\Windows\System\WeawrwR.exe
  C:\Windows\System\WeawrwR.exe
  2⤵
  PID:3764
- C:\Windows\System\hWDtuZu.exe
  C:\Windows\System\hWDtuZu.exe
  2⤵
  PID:4160
- C:\Windows\System\jEUuwbp.exe
  C:\Windows\System\jEUuwbp.exe
  2⤵
  PID:4864
- C:\Windows\System\IPWTtrh.exe
  C:\Windows\System\IPWTtrh.exe
  2⤵
  PID:4264
- C:\Windows\System\rvHqdOe.exe
  C:\Windows\System\rvHqdOe.exe
  2⤵
  PID:4308
- C:\Windows\System\pjLOEpm.exe
  C:\Windows\System\pjLOEpm.exe
  2⤵
  PID:4352
- C:\Windows\System\quQGRsu.exe
  C:\Windows\System\quQGRsu.exe
  2⤵
  PID:4368
- C:\Windows\System\ytbygyF.exe
  C:\Windows\System\ytbygyF.exe
  2⤵
  PID:4944
- C:\Windows\System\srnOvMV.exe
  C:\Windows\System\srnOvMV.exe
  2⤵
  PID:4404
- C:\Windows\System\JYJltYb.exe
  C:\Windows\System\JYJltYb.exe
  2⤵
  PID:4600
- C:\Windows\System\crgYAxO.exe
  C:\Windows\System\crgYAxO.exe
  2⤵
  PID:4668
- C:\Windows\System\ESpdVkb.exe
  C:\Windows\System\ESpdVkb.exe
  2⤵
  PID:4736
- C:\Windows\System\LgjInXn.exe
  C:\Windows\System\LgjInXn.exe
  2⤵
  PID:4808
- C:\Windows\System\yRglKrQ.exe
  C:\Windows\System\yRglKrQ.exe
  2⤵
  PID:4848
- C:\Windows\System\TlxrsIt.exe
  C:\Windows\System\TlxrsIt.exe
  2⤵
  PID:4888
- C:\Windows\System\PuzygBo.exe
  C:\Windows\System\PuzygBo.exe
  2⤵
  PID:4932
- C:\Windows\System\vCeyWsV.exe
  C:\Windows\System\vCeyWsV.exe
  2⤵
  PID:4980
- C:\Windows\System\ZabMeBR.exe
  C:\Windows\System\ZabMeBR.exe
  2⤵
  PID:4996
- C:\Windows\System\lscMLVU.exe
  C:\Windows\System\lscMLVU.exe
  2⤵
  PID:5012
- C:\Windows\System\enBBVaB.exe
  C:\Windows\System\enBBVaB.exe
  2⤵
  PID:5028
- C:\Windows\System\OwfuNuT.exe
  C:\Windows\System\OwfuNuT.exe
  2⤵
  PID:5044
- C:\Windows\System\njlobrY.exe
  C:\Windows\System\njlobrY.exe
  2⤵
  PID:5060
- C:\Windows\System\bKhwYWk.exe
  C:\Windows\System\bKhwYWk.exe
  2⤵
  PID:4148
- C:\Windows\System\reoYUMG.exe
  C:\Windows\System\reoYUMG.exe
  2⤵
  PID:884
- C:\Windows\System\whNoUiN.exe
  C:\Windows\System\whNoUiN.exe
  2⤵
  PID:4420
- C:\Windows\System\DgTuieO.exe
  C:\Windows\System\DgTuieO.exe
  2⤵
  PID:4336
- C:\Windows\System\ZrYrRNE.exe
  C:\Windows\System\ZrYrRNE.exe
  2⤵
  PID:4540
- C:\Windows\System\laWPDCZ.exe
  C:\Windows\System\laWPDCZ.exe
  2⤵
  PID:4580
- C:\Windows\System\sYZuLPr.exe
  C:\Windows\System\sYZuLPr.exe
  2⤵
  PID:568
- C:\Windows\System\WbGCpyi.exe
  C:\Windows\System\WbGCpyi.exe
  2⤵
  PID:3236
- C:\Windows\System\vzxWzwD.exe
  C:\Windows\System\vzxWzwD.exe
  2⤵
  PID:2860
- C:\Windows\System\MhOqWjy.exe
  C:\Windows\System\MhOqWjy.exe
  2⤵
  PID:4196
- C:\Windows\System\lbSEsXh.exe
  C:\Windows\System\lbSEsXh.exe
  2⤵
  PID:4272
- C:\Windows\System\OQcnbXT.exe
  C:\Windows\System\OQcnbXT.exe
  2⤵
  PID:4952
- C:\Windows\System\IYuUhQE.exe
  C:\Windows\System\IYuUhQE.exe
  2⤵
  PID:3680
- C:\Windows\System\cStRjrF.exe
  C:\Windows\System\cStRjrF.exe
  2⤵
  PID:4972
- C:\Windows\System\PjnqyJk.exe
  C:\Windows\System\PjnqyJk.exe
  2⤵
  PID:4968
- C:\Windows\System\nMfzJSf.exe
  C:\Windows\System\nMfzJSf.exe
  2⤵
  PID:5020
- C:\Windows\System\pZFnnqS.exe
  C:\Windows\System\pZFnnqS.exe
  2⤵
  PID:3780
- C:\Windows\System\bfLXKDB.exe
  C:\Windows\System\bfLXKDB.exe
  2⤵
  PID:4128
- C:\Windows\System\zwWGfXE.exe
  C:\Windows\System\zwWGfXE.exe
  2⤵
  PID:4232
- C:\Windows\System\bBRwakE.exe
  C:\Windows\System\bBRwakE.exe
  2⤵
  PID:4912
- C:\Windows\System\BqEAHnq.exe
  C:\Windows\System\BqEAHnq.exe
  2⤵
  PID:4516
- C:\Windows\System\vAciyMt.exe
  C:\Windows\System\vAciyMt.exe
  2⤵
  PID:4560
- C:\Windows\System\ZsYhYrg.exe
  C:\Windows\System\ZsYhYrg.exe
  2⤵
  PID:4596
- C:\Windows\System\NLWiOgx.exe
  C:\Windows\System\NLWiOgx.exe
  2⤵
  PID:4840
- C:\Windows\System\wsTJgmb.exe
  C:\Windows\System\wsTJgmb.exe
  2⤵
  PID:4284
- C:\Windows\System\ZLCFmFJ.exe
  C:\Windows\System\ZLCFmFJ.exe
  2⤵
  PID:4616
- C:\Windows\System\PAtDABB.exe
  C:\Windows\System\PAtDABB.exe
  2⤵
  PID:4756
- C:\Windows\System\lvbqNmX.exe
  C:\Windows\System\lvbqNmX.exe
  2⤵
  PID:3956
- C:\Windows\System\cgWJVYJ.exe
  C:\Windows\System\cgWJVYJ.exe
  2⤵
  PID:4460
- C:\Windows\System\gFWzkji.exe
  C:\Windows\System\gFWzkji.exe
  2⤵
  PID:2140
- C:\Windows\System\ehXiCJW.exe
  C:\Windows\System\ehXiCJW.exe
  2⤵
  PID:4884
- C:\Windows\System\qWSWpdq.exe
  C:\Windows\System\qWSWpdq.exe
  2⤵
  PID:3980
- C:\Windows\System\gVedEiF.exe
  C:\Windows\System\gVedEiF.exe
  2⤵
  PID:4476
- C:\Windows\System\EvbfauT.exe
  C:\Windows\System\EvbfauT.exe
  2⤵
  PID:4928
- C:\Windows\System\QIywJeJ.exe
  C:\Windows\System\QIywJeJ.exe
  2⤵
  PID:4108
- C:\Windows\System\ubujEtk.exe
  C:\Windows\System\ubujEtk.exe
  2⤵
  PID:4732
- C:\Windows\System\ryAPXDB.exe
  C:\Windows\System\ryAPXDB.exe
  2⤵
  PID:2456
- C:\Windows\System\shOMwUt.exe
  C:\Windows\System\shOMwUt.exe
  2⤵
  PID:4824
- C:\Windows\System\BfRUryE.exe
  C:\Windows\System\BfRUryE.exe
  2⤵
  PID:3596
- C:\Windows\System\YLzfUba.exe
  C:\Windows\System\YLzfUba.exe
  2⤵
  PID:2372
- C:\Windows\System\QRUoKEE.exe
  C:\Windows\System\QRUoKEE.exe
  2⤵
  PID:5208
- C:\Windows\System\DEUZnWM.exe
  C:\Windows\System\DEUZnWM.exe
  2⤵
  PID:5256
- C:\Windows\System\IGQvbEl.exe
  C:\Windows\System\IGQvbEl.exe
  2⤵
  PID:5296
- C:\Windows\System\gMnFbNS.exe
  C:\Windows\System\gMnFbNS.exe
  2⤵
  PID:5340
- C:\Windows\System\cDEGPgm.exe
  C:\Windows\System\cDEGPgm.exe
  2⤵
  PID:5372
- C:\Windows\System\lLGfJSL.exe
  C:\Windows\System\lLGfJSL.exe
  2⤵
  PID:5404
- C:\Windows\System\tmQEMAJ.exe
  C:\Windows\System\tmQEMAJ.exe
  2⤵
  PID:5424
- C:\Windows\System\bJtakjr.exe
  C:\Windows\System\bJtakjr.exe
  2⤵
  PID:5444
- C:\Windows\System\sXkUUrs.exe
  C:\Windows\System\sXkUUrs.exe
  2⤵
  PID:5464
- C:\Windows\System\pUPYpDI.exe
  C:\Windows\System\pUPYpDI.exe
  2⤵
  PID:5484
- C:\Windows\System\JPjvBSZ.exe
  C:\Windows\System\JPjvBSZ.exe
  2⤵
  PID:5504
- C:\Windows\System\jBTDgCe.exe
  C:\Windows\System\jBTDgCe.exe
  2⤵
  PID:5524
- C:\Windows\System\WRWsgLT.exe
  C:\Windows\System\WRWsgLT.exe
  2⤵
  PID:5540
- C:\Windows\System\jTmozRw.exe
  C:\Windows\System\jTmozRw.exe
  2⤵
  PID:5556
- C:\Windows\System\vqkpMTm.exe
  C:\Windows\System\vqkpMTm.exe
  2⤵
  PID:5572
- C:\Windows\System\lkoKuIA.exe
  C:\Windows\System\lkoKuIA.exe
  2⤵
  PID:5588
- C:\Windows\System\wBeaJcl.exe
  C:\Windows\System\wBeaJcl.exe
  2⤵
  PID:5604
- C:\Windows\System\tIdUcEV.exe
  C:\Windows\System\tIdUcEV.exe
  2⤵
  PID:5624
- C:\Windows\System\lyvuVjH.exe
  C:\Windows\System\lyvuVjH.exe
  2⤵
  PID:5640
- C:\Windows\System\XmgvgQx.exe
  C:\Windows\System\XmgvgQx.exe
  2⤵
  PID:5656
- C:\Windows\System\rAyXtwT.exe
  C:\Windows\System\rAyXtwT.exe
  2⤵
  PID:5672
- C:\Windows\System\MAoLFBp.exe
  C:\Windows\System\MAoLFBp.exe
  2⤵
  PID:5688
- C:\Windows\System\gEGNuCm.exe
  C:\Windows\System\gEGNuCm.exe
  2⤵
  PID:5704
- C:\Windows\System\eTnwHdr.exe
  C:\Windows\System\eTnwHdr.exe
  2⤵
  PID:5720
- C:\Windows\System\NlLchoh.exe
  C:\Windows\System\NlLchoh.exe
  2⤵
  PID:5736
- C:\Windows\System\MxhbydM.exe
  C:\Windows\System\MxhbydM.exe
  2⤵
  PID:5752
- C:\Windows\System\yRMzjUP.exe
  C:\Windows\System\yRMzjUP.exe
  2⤵
  PID:5768
- C:\Windows\System\PqdyRxY.exe
  C:\Windows\System\PqdyRxY.exe
  2⤵
  PID:5784
- C:\Windows\System\giQZnBh.exe
  C:\Windows\System\giQZnBh.exe
  2⤵
  PID:5800
- C:\Windows\System\XxfZydx.exe
  C:\Windows\System\XxfZydx.exe
  2⤵
  PID:5816
- C:\Windows\System\Iodqndj.exe
  C:\Windows\System\Iodqndj.exe
  2⤵
  PID:5836
- C:\Windows\System\efOeNpr.exe
  C:\Windows\System\efOeNpr.exe
  2⤵
  PID:5856
- C:\Windows\System\GoubVxa.exe
  C:\Windows\System\GoubVxa.exe
  2⤵
  PID:5876
- C:\Windows\System\roKGwfH.exe
  C:\Windows\System\roKGwfH.exe
  2⤵
  PID:5892
- C:\Windows\System\CQbSUQl.exe
  C:\Windows\System\CQbSUQl.exe
  2⤵
  PID:5912
- C:\Windows\System\tAVnKyZ.exe
  C:\Windows\System\tAVnKyZ.exe
  2⤵
  PID:5928
- C:\Windows\System\tYhUlDS.exe
  C:\Windows\System\tYhUlDS.exe
  2⤵
  PID:5944
- C:\Windows\System\VsltZgh.exe
  C:\Windows\System\VsltZgh.exe
  2⤵
  PID:5960
- C:\Windows\System\yBaKwUu.exe
  C:\Windows\System\yBaKwUu.exe
  2⤵
  PID:5976
- C:\Windows\System\KqThLlO.exe
  C:\Windows\System\KqThLlO.exe
  2⤵
  PID:5996
- C:\Windows\System\ERuFgwS.exe
  C:\Windows\System\ERuFgwS.exe
  2⤵
  PID:6016
- C:\Windows\System\tzvkomt.exe
  C:\Windows\System\tzvkomt.exe
  2⤵
  PID:6036
- C:\Windows\System\IyjxXwi.exe
  C:\Windows\System\IyjxXwi.exe
  2⤵
  PID:6056
- C:\Windows\System\XCmJMrf.exe
  C:\Windows\System\XCmJMrf.exe
  2⤵
  PID:6076
- C:\Windows\System\ZjHCxBO.exe
  C:\Windows\System\ZjHCxBO.exe
  2⤵
  PID:6092
- C:\Windows\System\MSYUsnN.exe
  C:\Windows\System\MSYUsnN.exe
  2⤵
  PID:6108
- C:\Windows\System\dchKpZJ.exe
  C:\Windows\System\dchKpZJ.exe
  2⤵
  PID:6124
- C:\Windows\System\zvzTLEq.exe
  C:\Windows\System\zvzTLEq.exe
  2⤵
  PID:6140
- C:\Windows\System\jwLigTb.exe
  C:\Windows\System\jwLigTb.exe
  2⤵
  PID:4704
- C:\Windows\System\ZlhMEzh.exe
  C:\Windows\System\ZlhMEzh.exe
  2⤵
  PID:4444
- C:\Windows\System\EkEuTmO.exe
  C:\Windows\System\EkEuTmO.exe
  2⤵
  PID:344
- C:\Windows\System\QtyWNYV.exe
  C:\Windows\System\QtyWNYV.exe
  2⤵
  PID:5124
- C:\Windows\System\mpAMkhl.exe
  C:\Windows\System\mpAMkhl.exe
  2⤵
  PID:5144
- C:\Windows\System\KYGpqRc.exe
  C:\Windows\System\KYGpqRc.exe
  2⤵
  PID:5160
- C:\Windows\System\yExLett.exe
  C:\Windows\System\yExLett.exe
  2⤵
  PID:5176
- C:\Windows\System\rOOocww.exe
  C:\Windows\System\rOOocww.exe
  2⤵
  PID:5196
- C:\Windows\System\jLcijjR.exe
  C:\Windows\System\jLcijjR.exe
  2⤵
  PID:5276
- C:\Windows\System\FnVRgty.exe
  C:\Windows\System\FnVRgty.exe
  2⤵
  PID:5292
- C:\Windows\System\ifnglHw.exe
  C:\Windows\System\ifnglHw.exe
  2⤵
  PID:4716
- C:\Windows\System\xJjaPmq.exe
  C:\Windows\System\xJjaPmq.exe
  2⤵
  PID:5360
- C:\Windows\System\nYWzIDi.exe
  C:\Windows\System\nYWzIDi.exe
  2⤵
  PID:5216
- C:\Windows\System\EzupeAd.exe
  C:\Windows\System\EzupeAd.exe
  2⤵
  PID:5236
- C:\Windows\System\pQsgfXG.exe
  C:\Windows\System\pQsgfXG.exe
  2⤵
  PID:5304
- C:\Windows\System\LJeLQhU.exe
  C:\Windows\System\LJeLQhU.exe
  2⤵
  PID:5320
- C:\Windows\System\uSgrfbT.exe
  C:\Windows\System\uSgrfbT.exe
  2⤵
  PID:5380
- C:\Windows\System\fKSKUys.exe
  C:\Windows\System\fKSKUys.exe
  2⤵
  PID:5416
- C:\Windows\System\rDcJXGZ.exe
  C:\Windows\System\rDcJXGZ.exe
  2⤵
  PID:5460
- C:\Windows\System\AaBWjom.exe
  C:\Windows\System\AaBWjom.exe
  2⤵
  PID:5492
- C:\Windows\System\gwbKfJB.exe
  C:\Windows\System\gwbKfJB.exe
  2⤵
  PID:5512
- C:\Windows\System\KUztUud.exe
  C:\Windows\System\KUztUud.exe
  2⤵
  PID:5612
- C:\Windows\System\qIORJgD.exe
  C:\Windows\System\qIORJgD.exe
  2⤵
  PID:5652
- C:\Windows\System\gqjOdzx.exe
  C:\Windows\System\gqjOdzx.exe
  2⤵
  PID:5716
- C:\Windows\System\UBqjTtZ.exe
  C:\Windows\System\UBqjTtZ.exe
  2⤵
  PID:5812
- C:\Windows\System\GNoYXIE.exe
  C:\Windows\System\GNoYXIE.exe
  2⤵
  PID:5888
- C:\Windows\System\vItuTGs.exe
  C:\Windows\System\vItuTGs.exe
  2⤵
  PID:5988
- C:\Windows\System\SmLOWGB.exe
  C:\Windows\System\SmLOWGB.exe
  2⤵
  PID:6132
- C:\Windows\System\gWELhly.exe
  C:\Windows\System\gWELhly.exe
  2⤵
  PID:5288
- C:\Windows\System\rYOWUlV.exe
  C:\Windows\System\rYOWUlV.exe
  2⤵
  PID:5224
- C:\Windows\System\KPQxFMk.exe
  C:\Windows\System\KPQxFMk.exe
  2⤵
  PID:5384
- C:\Windows\System\jhVLwOm.exe
  C:\Windows\System\jhVLwOm.exe
  2⤵
  PID:5396
- C:\Windows\System\KluVxqh.exe
  C:\Windows\System\KluVxqh.exe
  2⤵
  PID:5580
- C:\Windows\System\vNrpNfw.exe
  C:\Windows\System\vNrpNfw.exe
  2⤵
  PID:5936
- C:\Windows\System\sSxroto.exe
  C:\Windows\System\sSxroto.exe
  2⤵
  PID:5868
- C:\Windows\System\Tenoqxx.exe
  C:\Windows\System\Tenoqxx.exe
  2⤵
  PID:5908
- C:\Windows\System\szsukfL.exe
  C:\Windows\System\szsukfL.exe
  2⤵
  PID:6052
- C:\Windows\System\jRdCIDx.exe
  C:\Windows\System\jRdCIDx.exe
  2⤵
  PID:6120
- C:\Windows\System\FjGwVml.exe
  C:\Windows\System\FjGwVml.exe
  2⤵
  PID:5004
- C:\Windows\System\IPlMgIH.exe
  C:\Windows\System\IPlMgIH.exe
  2⤵
  PID:5168
- C:\Windows\System\IVivmET.exe
  C:\Windows\System\IVivmET.exe
  2⤵
  PID:5268
- C:\Windows\System\FWXElbM.exe
  C:\Windows\System\FWXElbM.exe
  2⤵
  PID:5356
- C:\Windows\System\tNCggAh.exe
  C:\Windows\System\tNCggAh.exe
  2⤵
  PID:5328
- C:\Windows\System\EZxQoXi.exe
  C:\Windows\System\EZxQoXi.exe
  2⤵
  PID:5452
- C:\Windows\System\FzoeaVZ.exe
  C:\Windows\System\FzoeaVZ.exe
  2⤵
  PID:5548
- C:\Windows\System\xojYTrF.exe
  C:\Windows\System\xojYTrF.exe
  2⤵
  PID:5776
- C:\Windows\System\YrEVoUj.exe
  C:\Windows\System\YrEVoUj.exe
  2⤵
  PID:5952
- C:\Windows\System\kOVCiui.exe
  C:\Windows\System\kOVCiui.exe
  2⤵
  PID:5712
- C:\Windows\System\fpeNRGh.exe
  C:\Windows\System\fpeNRGh.exe
  2⤵
  PID:6104
- C:\Windows\System\ICWxHnH.exe
  C:\Windows\System\ICWxHnH.exe
  2⤵
  PID:5152
- C:\Windows\System\fJuCAQq.exe
  C:\Windows\System\fJuCAQq.exe
  2⤵
  PID:5192
- C:\Windows\System\WYbSvdr.exe
  C:\Windows\System\WYbSvdr.exe
  2⤵
  PID:4484
- C:\Windows\System\ELkMxXe.exe
  C:\Windows\System\ELkMxXe.exe
  2⤵
  PID:5472
- C:\Windows\System\gskwuYB.exe
  C:\Windows\System\gskwuYB.exe
  2⤵
  PID:5828
- C:\Windows\System\VzacjcL.exe
  C:\Windows\System\VzacjcL.exe
  2⤵
  PID:5536
- C:\Windows\System\MCEnbtb.exe
  C:\Windows\System\MCEnbtb.exe
  2⤵
  PID:5600
- C:\Windows\System\BVxxUKm.exe
  C:\Windows\System\BVxxUKm.exe
  2⤵
  PID:5668
- C:\Windows\System\quEZmlv.exe
  C:\Windows\System\quEZmlv.exe
  2⤵
  PID:5732
- C:\Windows\System\iNeRujY.exe
  C:\Windows\System\iNeRujY.exe
  2⤵
  PID:5796
- C:\Windows\System\AIFHeQX.exe
  C:\Windows\System\AIFHeQX.exe
  2⤵
  PID:6012
- C:\Windows\System\AXLrEso.exe
  C:\Windows\System\AXLrEso.exe
  2⤵
  PID:5388
- C:\Windows\System\HAKkIgS.exe
  C:\Windows\System\HAKkIgS.exe
  2⤵
  PID:316
- C:\Windows\System\PvdCYkH.exe
  C:\Windows\System\PvdCYkH.exe
  2⤵
  PID:5248
- C:\Windows\System\UODstcg.exe
  C:\Windows\System\UODstcg.exe
  2⤵
  PID:5884
- C:\Windows\System\sMdNLTr.exe
  C:\Windows\System\sMdNLTr.exe
  2⤵
  PID:6068
- C:\Windows\System\MtJfwTL.exe
  C:\Windows\System\MtJfwTL.exe
  2⤵
  PID:5136
- C:\Windows\System\hlOGxxU.exe
  C:\Windows\System\hlOGxxU.exe
  2⤵
  PID:5984
- C:\Windows\System\UMOMIVn.exe
  C:\Windows\System\UMOMIVn.exe
  2⤵
  PID:5336
- C:\Windows\System\CiWmPrT.exe
  C:\Windows\System\CiWmPrT.exe
  2⤵
  PID:4908
- C:\Windows\System\SLYhWGS.exe
  C:\Windows\System\SLYhWGS.exe
  2⤵
  PID:5284
- C:\Windows\System\sKOIomq.exe
  C:\Windows\System\sKOIomq.exe
  2⤵
  PID:5596
- C:\Windows\System\OVXeIjw.exe
  C:\Windows\System\OVXeIjw.exe
  2⤵
  PID:5420
- C:\Windows\System\HlJOtvt.exe
  C:\Windows\System\HlJOtvt.exe
  2⤵
  PID:5636
- C:\Windows\System\lRzWsxj.exe
  C:\Windows\System\lRzWsxj.exe
  2⤵
  PID:5832
- C:\Windows\System\RFVmkHY.exe
  C:\Windows\System\RFVmkHY.exe
  2⤵
  PID:5900
- C:\Windows\System\hcDjVpY.exe
  C:\Windows\System\hcDjVpY.exe
  2⤵
  PID:4880
- C:\Windows\System\yFEmlPg.exe
  C:\Windows\System\yFEmlPg.exe
  2⤵
  PID:6116
- C:\Windows\System\dfhDffx.exe
  C:\Windows\System\dfhDffx.exe
  2⤵
  PID:4364
- C:\Windows\System\skQTVwu.exe
  C:\Windows\System\skQTVwu.exe
  2⤵
  PID:6028
- C:\Windows\System\RRevBMB.exe
  C:\Windows\System\RRevBMB.exe
  2⤵
  PID:5440
- C:\Windows\System\AwnBvBi.exe
  C:\Windows\System\AwnBvBi.exe
  2⤵
  PID:5368
- C:\Windows\System\KvoTuCf.exe
  C:\Windows\System\KvoTuCf.exe
  2⤵
  PID:5864
- C:\Windows\System\qdOQOTy.exe
  C:\Windows\System\qdOQOTy.exe
  2⤵
  PID:4016
- C:\Windows\System\NpwGupu.exe
  C:\Windows\System\NpwGupu.exe
  2⤵
  PID:6160
- C:\Windows\System\LIapUjO.exe
  C:\Windows\System\LIapUjO.exe
  2⤵
  PID:6180
- C:\Windows\System\BirMSOH.exe
  C:\Windows\System\BirMSOH.exe
  2⤵
  PID:6196
- C:\Windows\System\DxDlbEC.exe
  C:\Windows\System\DxDlbEC.exe
  2⤵
  PID:6220
- C:\Windows\System\LqpdDPt.exe
  C:\Windows\System\LqpdDPt.exe
  2⤵
  PID:6236
- C:\Windows\System\hHSnsWL.exe
  C:\Windows\System\hHSnsWL.exe
  2⤵
  PID:6252
- C:\Windows\System\rNIVxKP.exe
  C:\Windows\System\rNIVxKP.exe
  2⤵
  PID:6276
- C:\Windows\System\qlqPQEw.exe
  C:\Windows\System\qlqPQEw.exe
  2⤵
  PID:6292
- C:\Windows\System\ChcDbNh.exe
  C:\Windows\System\ChcDbNh.exe
  2⤵
  PID:6308
- C:\Windows\System\FNuGPJj.exe
  C:\Windows\System\FNuGPJj.exe
  2⤵
  PID:6324
- C:\Windows\System\sfzIkLK.exe
  C:\Windows\System\sfzIkLK.exe
  2⤵
  PID:6340
- C:\Windows\System\cvEGwtH.exe
  C:\Windows\System\cvEGwtH.exe
  2⤵
  PID:6356
- C:\Windows\System\PZpwiJC.exe
  C:\Windows\System\PZpwiJC.exe
  2⤵
  PID:6372
- C:\Windows\System\xunXTzt.exe
  C:\Windows\System\xunXTzt.exe
  2⤵
  PID:6388
- C:\Windows\System\MZZeofx.exe
  C:\Windows\System\MZZeofx.exe
  2⤵
  PID:6404
- C:\Windows\System\wHaTxKK.exe
  C:\Windows\System\wHaTxKK.exe
  2⤵
  PID:6420
- C:\Windows\System\zfVSjex.exe
  C:\Windows\System\zfVSjex.exe
  2⤵
  PID:6436
- C:\Windows\System\cZOMZkW.exe
  C:\Windows\System\cZOMZkW.exe
  2⤵
  PID:6452
- C:\Windows\System\vLATODp.exe
  C:\Windows\System\vLATODp.exe
  2⤵
  PID:6468
- C:\Windows\System\NkuziHB.exe
  C:\Windows\System\NkuziHB.exe
  2⤵
  PID:6492
- C:\Windows\System\axXTPnK.exe
  C:\Windows\System\axXTPnK.exe
  2⤵
  PID:6512
- C:\Windows\System\cKMnxLR.exe
  C:\Windows\System\cKMnxLR.exe
  2⤵
  PID:6528
- C:\Windows\System\QFYihVO.exe
  C:\Windows\System\QFYihVO.exe
  2⤵
  PID:6544
- C:\Windows\System\FHOSJjj.exe
  C:\Windows\System\FHOSJjj.exe
  2⤵
  PID:6560
- C:\Windows\System\OQYPCAx.exe
  C:\Windows\System\OQYPCAx.exe
  2⤵
  PID:6576
- C:\Windows\System\CLQHOJL.exe
  C:\Windows\System\CLQHOJL.exe
  2⤵
  PID:6592
- C:\Windows\System\NbZewLV.exe
  C:\Windows\System\NbZewLV.exe
  2⤵
  PID:6608
- C:\Windows\System\WIzVyTU.exe
  C:\Windows\System\WIzVyTU.exe
  2⤵
  PID:6624
- C:\Windows\System\CclhrXn.exe
  C:\Windows\System\CclhrXn.exe
  2⤵
  PID:6644
- C:\Windows\System\EHgpdEw.exe
  C:\Windows\System\EHgpdEw.exe
  2⤵
  PID:6664
- C:\Windows\System\teGIMkV.exe
  C:\Windows\System\teGIMkV.exe
  2⤵
  PID:6680
- C:\Windows\System\BLYwaWK.exe
  C:\Windows\System\BLYwaWK.exe
  2⤵
  PID:6696
- C:\Windows\System\UxcqYFC.exe
  C:\Windows\System\UxcqYFC.exe
  2⤵
  PID:6712
- C:\Windows\System\rcEzvTl.exe
  C:\Windows\System\rcEzvTl.exe
  2⤵
  PID:6728
- C:\Windows\System\LYoEiLa.exe
  C:\Windows\System\LYoEiLa.exe
  2⤵
  PID:6744
- C:\Windows\System\Laubkgp.exe
  C:\Windows\System\Laubkgp.exe
  2⤵
  PID:6764
- C:\Windows\System\dxgwMFX.exe
  C:\Windows\System\dxgwMFX.exe
  2⤵
  PID:6792
- C:\Windows\System\SNSWPNa.exe
  C:\Windows\System\SNSWPNa.exe
  2⤵
  PID:6812
- C:\Windows\System\eXRdxei.exe
  C:\Windows\System\eXRdxei.exe
  2⤵
  PID:6832
- C:\Windows\System\tgIyVlq.exe
  C:\Windows\System\tgIyVlq.exe
  2⤵
  PID:6848
- C:\Windows\System\fjKDLVK.exe
  C:\Windows\System\fjKDLVK.exe
  2⤵
  PID:6872
- C:\Windows\System\SlQwJwA.exe
  C:\Windows\System\SlQwJwA.exe
  2⤵
  PID:6888
- C:\Windows\System\beLmQkv.exe
  C:\Windows\System\beLmQkv.exe
  2⤵
  PID:7064
- C:\Windows\System\xMhvTkY.exe
  C:\Windows\System\xMhvTkY.exe
  2⤵
  PID:7084
- C:\Windows\System\BnQwIGB.exe
  C:\Windows\System\BnQwIGB.exe
  2⤵
  PID:7104
- C:\Windows\System\NFaFaST.exe
  C:\Windows\System\NFaFaST.exe
  2⤵
  PID:7124
- C:\Windows\System\DgJVhvz.exe
  C:\Windows\System\DgJVhvz.exe
  2⤵
  PID:7144
- C:\Windows\System\cWysKbC.exe
  C:\Windows\System\cWysKbC.exe
  2⤵
  PID:7160
- C:\Windows\System\dbQjSYC.exe
  C:\Windows\System\dbQjSYC.exe
  2⤵
  PID:5500
- C:\Windows\System\StFwwKG.exe
  C:\Windows\System\StFwwKG.exe
  2⤵
  PID:6148
- C:\Windows\System\DrQbKVs.exe
  C:\Windows\System\DrQbKVs.exe
  2⤵
  PID:4820
- C:\Windows\System\SnAULTB.exe
  C:\Windows\System\SnAULTB.exe
  2⤵
  PID:6192
- C:\Windows\System\WGnPdie.exe
  C:\Windows\System\WGnPdie.exe
  2⤵
  PID:6264
- C:\Windows\System\QswOGVh.exe
  C:\Windows\System\QswOGVh.exe
  2⤵
  PID:6304
- C:\Windows\System\UeovZZS.exe
  C:\Windows\System\UeovZZS.exe
  2⤵
  PID:6044
- C:\Windows\System\qFGJqCo.exe
  C:\Windows\System\qFGJqCo.exe
  2⤵
  PID:6432
- C:\Windows\System\KokNjTn.exe
  C:\Windows\System\KokNjTn.exe
  2⤵
  PID:5728
- C:\Windows\System\kAudMMh.exe
  C:\Windows\System\kAudMMh.exe
  2⤵
  PID:4332
- C:\Windows\System\vCGHvdt.exe
  C:\Windows\System\vCGHvdt.exe
  2⤵
  PID:5852
- C:\Windows\System\KPnmfeE.exe
  C:\Windows\System\KPnmfeE.exe
  2⤵
  PID:6172
- C:\Windows\System\yUemEfD.exe
  C:\Windows\System\yUemEfD.exe
  2⤵
  PID:6216
- C:\Windows\System\USsTmdN.exe
  C:\Windows\System\USsTmdN.exe
  2⤵
  PID:6320
- C:\Windows\System\pjSHxos.exe
  C:\Windows\System\pjSHxos.exe
  2⤵
  PID:6412
- C:\Windows\System\bsHwQTr.exe
  C:\Windows\System\bsHwQTr.exe
  2⤵
  PID:6488
- C:\Windows\System\TtiaQtK.exe
  C:\Windows\System\TtiaQtK.exe
  2⤵
  PID:6504
- C:\Windows\System\tXqEaGG.exe
  C:\Windows\System\tXqEaGG.exe
  2⤵
  PID:6520
- C:\Windows\System\VIdVowZ.exe
  C:\Windows\System\VIdVowZ.exe
  2⤵
  PID:6632
- C:\Windows\System\uAdJaMg.exe
  C:\Windows\System\uAdJaMg.exe
  2⤵
  PID:6724
- C:\Windows\System\uUMoygY.exe
  C:\Windows\System\uUMoygY.exe
  2⤵
  PID:6756
- C:\Windows\System\waFRBBp.exe
  C:\Windows\System\waFRBBp.exe
  2⤵
  PID:6772
- C:\Windows\System\bjBdBJY.exe
  C:\Windows\System\bjBdBJY.exe
  2⤵
  PID:6800
- C:\Windows\System\tSAecdg.exe
  C:\Windows\System\tSAecdg.exe
  2⤵
  PID:6844
- C:\Windows\System\LXEaoDs.exe
  C:\Windows\System\LXEaoDs.exe
  2⤵
  PID:6856
- C:\Windows\System\hvcNChP.exe
  C:\Windows\System\hvcNChP.exe
  2⤵
  PID:6884
- C:\Windows\System\vmihfJz.exe
  C:\Windows\System\vmihfJz.exe
  2⤵
  PID:6912
- C:\Windows\System\xFVJQXV.exe
  C:\Windows\System\xFVJQXV.exe
  2⤵
  PID:6924
- C:\Windows\System\fUCcuto.exe
  C:\Windows\System\fUCcuto.exe
  2⤵
  PID:6940
- C:\Windows\System\FLmSdzl.exe
  C:\Windows\System\FLmSdzl.exe
  2⤵
  PID:6988
- C:\Windows\System\gDfOzHh.exe
  C:\Windows\System\gDfOzHh.exe
  2⤵
  PID:7008
- C:\Windows\System\WJtMmJY.exe
  C:\Windows\System\WJtMmJY.exe
  2⤵
  PID:7028
- C:\Windows\System\Vtovjcx.exe
  C:\Windows\System\Vtovjcx.exe
  2⤵
  PID:7072
- C:\Windows\System\fldSCpj.exe
  C:\Windows\System\fldSCpj.exe
  2⤵
  PID:7044
- C:\Windows\System\YdhdHFe.exe
  C:\Windows\System\YdhdHFe.exe
  2⤵
  PID:7112
- C:\Windows\System\AsRhzBf.exe
  C:\Windows\System\AsRhzBf.exe
  2⤵
  PID:7132
- C:\Windows\System\SWWeifD.exe
  C:\Windows\System\SWWeifD.exe
  2⤵
  PID:4520
- C:\Windows\System\eXockZX.exe
  C:\Windows\System\eXockZX.exe
  2⤵
  PID:6064
- C:\Windows\System\vfCXabL.exe
  C:\Windows\System\vfCXabL.exe
  2⤵
  PID:6336
- C:\Windows\System\CdLuFZt.exe
  C:\Windows\System\CdLuFZt.exe
  2⤵
  PID:5520
- C:\Windows\System\awcVjPn.exe
  C:\Windows\System\awcVjPn.exe
  2⤵
  PID:5036
- C:\Windows\System\pddokGf.exe
  C:\Windows\System\pddokGf.exe
  2⤵
  PID:6380
- C:\Windows\System\RowZsWF.exe
  C:\Windows\System\RowZsWF.exe
  2⤵
  PID:5792
- C:\Windows\System\sYbvVnD.exe
  C:\Windows\System\sYbvVnD.exe
  2⤵
  PID:6400
- C:\Windows\System\jMptmML.exe
  C:\Windows\System\jMptmML.exe
  2⤵
  PID:5972
- C:\Windows\System\ahcPbSD.exe
  C:\Windows\System\ahcPbSD.exe
  2⤵
  PID:6168
- C:\Windows\System\hZGKNCx.exe
  C:\Windows\System\hZGKNCx.exe
  2⤵
  PID:6288
- C:\Windows\System\xyHfUXX.exe
  C:\Windows\System\xyHfUXX.exe
  2⤵
  PID:6484
- C:\Windows\System\TfHHLFg.exe
  C:\Windows\System\TfHHLFg.exe
  2⤵
  PID:6616
- C:\Windows\System\lQPeSgJ.exe
  C:\Windows\System\lQPeSgJ.exe
  2⤵
  PID:6788
- C:\Windows\System\YIfCVcm.exe
  C:\Windows\System\YIfCVcm.exe
  2⤵
  PID:6720
- C:\Windows\System\kZmJFBO.exe
  C:\Windows\System\kZmJFBO.exe
  2⤵
  PID:6736
- C:\Windows\System\eqttWOA.exe
  C:\Windows\System\eqttWOA.exe
  2⤵
  PID:6864
- C:\Windows\System\lveFuoe.exe
  C:\Windows\System\lveFuoe.exe
  2⤵
  PID:6980
- C:\Windows\System\KryBWvM.exe
  C:\Windows\System\KryBWvM.exe
  2⤵
  PID:7004
- C:\Windows\System\SAfuTqM.exe
  C:\Windows\System\SAfuTqM.exe
  2⤵
  PID:7076
- C:\Windows\System\nyRgrEu.exe
  C:\Windows\System\nyRgrEu.exe
  2⤵
  PID:7136
- C:\Windows\System\YichDsr.exe
  C:\Windows\System\YichDsr.exe
  2⤵
  PID:6956
- C:\Windows\System\oeJJaGI.exe
  C:\Windows\System\oeJJaGI.exe
  2⤵
  PID:7016
- C:\Windows\System\FbuazMb.exe
  C:\Windows\System\FbuazMb.exe
  2⤵
  PID:6244
- C:\Windows\System\IjFocrc.exe
  C:\Windows\System\IjFocrc.exe
  2⤵
  PID:7052
- C:\Windows\System\ozYnrnb.exe
  C:\Windows\System\ozYnrnb.exe
  2⤵
  PID:7020
- C:\Windows\System\JFJsbcS.exe
  C:\Windows\System\JFJsbcS.exe
  2⤵
  PID:6540
- C:\Windows\System\oIEACsz.exe
  C:\Windows\System\oIEACsz.exe
  2⤵
  PID:4992
- C:\Windows\System\LvJwECk.exe
  C:\Windows\System\LvJwECk.exe
  2⤵
  PID:6708
- C:\Windows\System\AvruWxI.exe
  C:\Windows\System\AvruWxI.exe
  2⤵
  PID:6828
- C:\Windows\System\BUnKtjm.exe
  C:\Windows\System\BUnKtjm.exe
  2⤵
  PID:6900
- C:\Windows\System\vaGwmhm.exe
  C:\Windows\System\vaGwmhm.exe
  2⤵
  PID:6904
- C:\Windows\System\sWoAnGW.exe
  C:\Windows\System\sWoAnGW.exe
  2⤵
  PID:6928
- C:\Windows\System\CXJVmXJ.exe
  C:\Windows\System\CXJVmXJ.exe
  2⤵
  PID:7100
- C:\Windows\System\SiuMWOs.exe
  C:\Windows\System\SiuMWOs.exe
  2⤵
  PID:6984
- C:\Windows\System\oltdMbU.exe
  C:\Windows\System\oltdMbU.exe
  2⤵
  PID:6368
- C:\Windows\System\YoUBXsa.exe
  C:\Windows\System\YoUBXsa.exe
  2⤵
  PID:7056
- C:\Windows\System\xSAUcJU.exe
  C:\Windows\System\xSAUcJU.exe
  2⤵
  PID:6952
- C:\Windows\System\jPNZHlp.exe
  C:\Windows\System\jPNZHlp.exe
  2⤵
  PID:6840
- C:\Windows\System\UYXVjEQ.exe
  C:\Windows\System\UYXVjEQ.exe
  2⤵
  PID:6232
- C:\Windows\System\jRSVLXA.exe
  C:\Windows\System\jRSVLXA.exe
  2⤵
  PID:6272
- C:\Windows\System\tdnUkPo.exe
  C:\Windows\System\tdnUkPo.exe
  2⤵
  PID:6352
- C:\Windows\System\ShMrROz.exe
  C:\Windows\System\ShMrROz.exe
  2⤵
  PID:6780
- C:\Windows\System\OvhSBNf.exe
  C:\Windows\System\OvhSBNf.exe
  2⤵
  PID:6588
- C:\Windows\System\fxmldgr.exe
  C:\Windows\System\fxmldgr.exe
  2⤵
  PID:6996
- C:\Windows\System\uABDCVz.exe
  C:\Windows\System\uABDCVz.exe
  2⤵
  PID:7080
- C:\Windows\System\fbhEIdE.exe
  C:\Windows\System\fbhEIdE.exe
  2⤵
  PID:6920
- C:\Windows\System\BynNupc.exe
  C:\Windows\System\BynNupc.exe
  2⤵
  PID:6284
- C:\Windows\System\komvyFc.exe
  C:\Windows\System\komvyFc.exe
  2⤵
  PID:6740
- C:\Windows\System\PGlhBvX.exe
  C:\Windows\System\PGlhBvX.exe
  2⤵
  PID:7212
- C:\Windows\System\WFeFmoj.exe
  C:\Windows\System\WFeFmoj.exe
  2⤵
  PID:7232
- C:\Windows\System\jdsakpM.exe
  C:\Windows\System\jdsakpM.exe
  2⤵
  PID:7248
- C:\Windows\System\aDuGPDw.exe
  C:\Windows\System\aDuGPDw.exe
  2⤵
  PID:7264
- C:\Windows\System\EHTLymU.exe
  C:\Windows\System\EHTLymU.exe
  2⤵
  PID:7280
- C:\Windows\System\qmIXJkA.exe
  C:\Windows\System\qmIXJkA.exe
  2⤵
  PID:7296
- C:\Windows\System\hmVRNyp.exe
  C:\Windows\System\hmVRNyp.exe
  2⤵
  PID:7312
- C:\Windows\System\qxbwXRU.exe
  C:\Windows\System\qxbwXRU.exe
  2⤵
  PID:7328
- C:\Windows\System\eNgXmdO.exe
  C:\Windows\System\eNgXmdO.exe
  2⤵
  PID:7348
- C:\Windows\System\oMtKoIG.exe
  C:\Windows\System\oMtKoIG.exe
  2⤵
  PID:7368
- C:\Windows\System\cLeiSXJ.exe
  C:\Windows\System\cLeiSXJ.exe
  2⤵
  PID:7392
- C:\Windows\System\zDOYOCK.exe
  C:\Windows\System\zDOYOCK.exe
  2⤵
  PID:7408
- C:\Windows\System\ZIPsBCG.exe
  C:\Windows\System\ZIPsBCG.exe
  2⤵
  PID:7456
- C:\Windows\System\vYFlYPe.exe
  C:\Windows\System\vYFlYPe.exe
  2⤵
  PID:7472
- C:\Windows\System\KaVatUH.exe
  C:\Windows\System\KaVatUH.exe
  2⤵
  PID:7488
- C:\Windows\System\CpVNbbe.exe
  C:\Windows\System\CpVNbbe.exe
  2⤵
  PID:7504
- C:\Windows\System\UBCktiJ.exe
  C:\Windows\System\UBCktiJ.exe
  2⤵
  PID:7520
- C:\Windows\System\ZwQsdPt.exe
  C:\Windows\System\ZwQsdPt.exe
  2⤵
  PID:7536
- C:\Windows\System\MDPnwWb.exe
  C:\Windows\System\MDPnwWb.exe
  2⤵
  PID:7552
- C:\Windows\System\jdvjTFG.exe
  C:\Windows\System\jdvjTFG.exe
  2⤵
  PID:7568
- C:\Windows\System\AqpMGwN.exe
  C:\Windows\System\AqpMGwN.exe
  2⤵
  PID:7584
- C:\Windows\System\bgeVXPR.exe
  C:\Windows\System\bgeVXPR.exe
  2⤵
  PID:7600
- C:\Windows\System\lPLKdQU.exe
  C:\Windows\System\lPLKdQU.exe
  2⤵
  PID:7628
- C:\Windows\System\PDlnqLd.exe
  C:\Windows\System\PDlnqLd.exe
  2⤵
  PID:7648
- C:\Windows\System\iBSatKL.exe
  C:\Windows\System\iBSatKL.exe
  2⤵
  PID:7664
- C:\Windows\System\oiGcUYv.exe
  C:\Windows\System\oiGcUYv.exe
  2⤵
  PID:7680
- C:\Windows\System\mllUUKI.exe
  C:\Windows\System\mllUUKI.exe
  2⤵
  PID:7696
- C:\Windows\System\PKsruPH.exe
  C:\Windows\System\PKsruPH.exe
  2⤵
  PID:7712
- C:\Windows\System\mHncKuQ.exe
  C:\Windows\System\mHncKuQ.exe
  2⤵
  PID:7728
- C:\Windows\System\WlstnMi.exe
  C:\Windows\System\WlstnMi.exe
  2⤵
  PID:7748
- C:\Windows\System\EGNqQul.exe
  C:\Windows\System\EGNqQul.exe
  2⤵
  PID:7764
- C:\Windows\System\tiJCtcE.exe
  C:\Windows\System\tiJCtcE.exe
  2⤵
  PID:7780
- C:\Windows\System\lZbKDRi.exe
  C:\Windows\System\lZbKDRi.exe
  2⤵
  PID:7796
- C:\Windows\System\dNrlrQI.exe
  C:\Windows\System\dNrlrQI.exe
  2⤵
  PID:7812
- C:\Windows\System\TFBHrhi.exe
  C:\Windows\System\TFBHrhi.exe
  2⤵
  PID:7828
- C:\Windows\System\QKuoJNW.exe
  C:\Windows\System\QKuoJNW.exe
  2⤵
  PID:7844
- C:\Windows\System\oaYNRpf.exe
  C:\Windows\System\oaYNRpf.exe
  2⤵
  PID:7860
- C:\Windows\System\iaWysjV.exe
  C:\Windows\System\iaWysjV.exe
  2⤵
  PID:7876
- C:\Windows\System\xpXGBFs.exe
  C:\Windows\System\xpXGBFs.exe
  2⤵
  PID:7892
- C:\Windows\System\rCqMeKO.exe
  C:\Windows\System\rCqMeKO.exe
  2⤵
  PID:7908
- C:\Windows\System\vFFfsyE.exe
  C:\Windows\System\vFFfsyE.exe
  2⤵
  PID:7924
- C:\Windows\System\tBOBydK.exe
  C:\Windows\System\tBOBydK.exe
  2⤵
  PID:7940
- C:\Windows\System\RGMaCfN.exe
  C:\Windows\System\RGMaCfN.exe
  2⤵
  PID:7956
- C:\Windows\System\CgnzALv.exe
  C:\Windows\System\CgnzALv.exe
  2⤵
  PID:7972
- C:\Windows\System\mTCYKlJ.exe
  C:\Windows\System\mTCYKlJ.exe
  2⤵
  PID:7988
- C:\Windows\System\oNXfvEh.exe
  C:\Windows\System\oNXfvEh.exe
  2⤵
  PID:8004
- C:\Windows\System\bowknIi.exe
  C:\Windows\System\bowknIi.exe
  2⤵
  PID:8020
- C:\Windows\System\VZgAWvI.exe
  C:\Windows\System\VZgAWvI.exe
  2⤵
  PID:8036
- C:\Windows\System\hDEBdGx.exe
  C:\Windows\System\hDEBdGx.exe
  2⤵
  PID:8052
- C:\Windows\System\gMcltYj.exe
  C:\Windows\System\gMcltYj.exe
  2⤵
  PID:8068
- C:\Windows\System\neeMUCo.exe
  C:\Windows\System\neeMUCo.exe
  2⤵
  PID:8088
- C:\Windows\System\fVBfnLc.exe
  C:\Windows\System\fVBfnLc.exe
  2⤵
  PID:8104
- C:\Windows\System\iCnOljF.exe
  C:\Windows\System\iCnOljF.exe
  2⤵
  PID:8120
- C:\Windows\System\PkKoBEN.exe
  C:\Windows\System\PkKoBEN.exe
  2⤵
  PID:8136
- C:\Windows\System\IwTHwXT.exe
  C:\Windows\System\IwTHwXT.exe
  2⤵
  PID:8152
- C:\Windows\System\CmqcQgW.exe
  C:\Windows\System\CmqcQgW.exe
  2⤵
  PID:8172
- C:\Windows\System\zYEuOJw.exe
  C:\Windows\System\zYEuOJw.exe
  2⤵
  PID:8188
- C:\Windows\System\zRGbHMo.exe
  C:\Windows\System\zRGbHMo.exe
  2⤵
  PID:6572
- C:\Windows\System\BaSSZGg.exe
  C:\Windows\System\BaSSZGg.exe
  2⤵
  PID:5264
- C:\Windows\System\ziVxWVn.exe
  C:\Windows\System\ziVxWVn.exe
  2⤵
  PID:7308
- C:\Windows\System\LQRpqRL.exe
  C:\Windows\System\LQRpqRL.exe
  2⤵
  PID:7384
- C:\Windows\System\RjHAMMO.exe
  C:\Windows\System\RjHAMMO.exe
  2⤵
  PID:7444
- C:\Windows\System\iGNszXC.exe
  C:\Windows\System\iGNszXC.exe
  2⤵
  PID:7560
- C:\Windows\System\pnVlgPf.exe
  C:\Windows\System\pnVlgPf.exe
  2⤵
  PID:7644
- C:\Windows\System\vmcfsDZ.exe
  C:\Windows\System\vmcfsDZ.exe
  2⤵
  PID:7744
- C:\Windows\System\JUnEZvI.exe
  C:\Windows\System\JUnEZvI.exe
  2⤵
  PID:7480
- C:\Windows\System\hUjUuEQ.exe
  C:\Windows\System\hUjUuEQ.exe
  2⤵
  PID:7756
- C:\Windows\System\FnzsmeE.exe
  C:\Windows\System\FnzsmeE.exe
  2⤵
  PID:7616
- C:\Windows\System\KGtaMPY.exe
  C:\Windows\System\KGtaMPY.exe
  2⤵
  PID:7660
- C:\Windows\System\fKbzTfp.exe
  C:\Windows\System\fKbzTfp.exe
  2⤵
  PID:7760
- C:\Windows\System\cqOQPpL.exe
  C:\Windows\System\cqOQPpL.exe
  2⤵
  PID:7820
- C:\Windows\System\dBoABGi.exe
  C:\Windows\System\dBoABGi.exe
  2⤵
  PID:7900
- C:\Windows\System\kQYdjGS.exe
  C:\Windows\System\kQYdjGS.exe
  2⤵
  PID:7592
- C:\Windows\System\WzLadSW.exe
  C:\Windows\System\WzLadSW.exe
  2⤵
  PID:7852
- C:\Windows\System\kyBORMT.exe
  C:\Windows\System\kyBORMT.exe
  2⤵
  PID:7980
- C:\Windows\System\falIcyW.exe
  C:\Windows\System\falIcyW.exe
  2⤵
  PID:8060
- C:\Windows\System\eiyZFsX.exe
  C:\Windows\System\eiyZFsX.exe
  2⤵
  PID:8128
- C:\Windows\System\vgPzfXX.exe
  C:\Windows\System\vgPzfXX.exe
  2⤵
  PID:7984
- C:\Windows\System\cTxARLK.exe
  C:\Windows\System\cTxARLK.exe
  2⤵
  PID:8148
- C:\Windows\System\FHXHBhQ.exe
  C:\Windows\System\FHXHBhQ.exe
  2⤵
  PID:8084
- C:\Windows\System\snmNehP.exe
  C:\Windows\System\snmNehP.exe
  2⤵
  PID:6936
- C:\Windows\System\WYWAMPq.exe
  C:\Windows\System\WYWAMPq.exe
  2⤵
  PID:8184
- C:\Windows\System\MGObCVB.exe
  C:\Windows\System\MGObCVB.exe
  2⤵
  PID:6552
- C:\Windows\System\sinYPyV.exe
  C:\Windows\System\sinYPyV.exe
  2⤵
  PID:6208
- C:\Windows\System\CiREmjR.exe
  C:\Windows\System\CiREmjR.exe
  2⤵
  PID:7200
- C:\Windows\System\KmvjZHB.exe
  C:\Windows\System\KmvjZHB.exe
  2⤵
  PID:7240
- C:\Windows\System\lsCUzhE.exe
  C:\Windows\System\lsCUzhE.exe
  2⤵
  PID:7256
- C:\Windows\System\mlVioGY.exe
  C:\Windows\System\mlVioGY.exe
  2⤵
  PID:7320
- C:\Windows\System\qcOTmcW.exe
  C:\Windows\System\qcOTmcW.exe
  2⤵
  PID:7364
- C:\Windows\System\aGqVUTf.exe
  C:\Windows\System\aGqVUTf.exe
  2⤵
  PID:7400
- C:\Windows\System\gBsfoIp.exe
  C:\Windows\System\gBsfoIp.exe
  2⤵
  PID:7344
- C:\Windows\System\kVHbgTl.exe
  C:\Windows\System\kVHbgTl.exe
  2⤵
  PID:7380
- C:\Windows\System\SIruDcc.exe
  C:\Windows\System\SIruDcc.exe
  2⤵
  PID:7440
- C:\Windows\System\BTILAvH.exe
  C:\Windows\System\BTILAvH.exe
  2⤵
  PID:7452
- C:\Windows\System\POKcMYS.exe
  C:\Windows\System\POKcMYS.exe
  2⤵
  PID:8076
- C:\Windows\System\YRKileW.exe
  C:\Windows\System\YRKileW.exe
  2⤵
  PID:7676
- C:\Windows\System\qDvkwJa.exe
  C:\Windows\System\qDvkwJa.exe
  2⤵
  PID:7736
- C:\Windows\System\KSMYuKS.exe
  C:\Windows\System\KSMYuKS.exe
  2⤵
  PID:7612
- C:\Windows\System\OScVzqU.exe
  C:\Windows\System\OScVzqU.exe
  2⤵
  PID:7516
- C:\Windows\System\eOFkoqm.exe
  C:\Windows\System\eOFkoqm.exe
  2⤵
  PID:7836
- C:\Windows\System\MINddXm.exe
  C:\Windows\System\MINddXm.exe
  2⤵
  PID:7804
- C:\Windows\System\FmANdHD.exe
  C:\Windows\System\FmANdHD.exe
  2⤵
  PID:7596
- C:\Windows\System\cmoATCX.exe
  C:\Windows\System\cmoATCX.exe
  2⤵
  PID:7884
- C:\Windows\System\UzXPYFh.exe
  C:\Windows\System\UzXPYFh.exe
  2⤵
  PID:7968
- C:\Windows\System\UccgXdM.exe
  C:\Windows\System\UccgXdM.exe
  2⤵
  PID:8028
- C:\Windows\System\FYafyjp.exe
  C:\Windows\System\FYafyjp.exe
  2⤵
  PID:8112
- C:\Windows\System\HhqFslj.exe
  C:\Windows\System\HhqFslj.exe
  2⤵
  PID:8168
- C:\Windows\System\vhErgSJ.exe
  C:\Windows\System\vhErgSJ.exe
  2⤵
  PID:8016
- C:\Windows\System\XaFRCpz.exe
  C:\Windows\System\XaFRCpz.exe
  2⤵
  PID:6508
- C:\Windows\System\cPaNojv.exe
  C:\Windows\System\cPaNojv.exe
  2⤵
  PID:7180
- C:\Windows\System\GRSjlfg.exe
  C:\Windows\System\GRSjlfg.exe
  2⤵
  PID:7228
- C:\Windows\System\hyhUTwx.exe
  C:\Windows\System\hyhUTwx.exe
  2⤵
  PID:7376
- C:\Windows\System\pYBvgZZ.exe
  C:\Windows\System\pYBvgZZ.exe
  2⤵
  PID:7636
- C:\Windows\System\MVildOl.exe
  C:\Windows\System\MVildOl.exe
  2⤵
  PID:7512
- C:\Windows\System\vrJYMlN.exe
  C:\Windows\System\vrJYMlN.exe
  2⤵
  PID:7496
- C:\Windows\System\fXBeCVr.exe
  C:\Windows\System\fXBeCVr.exe
  2⤵
  PID:7704
- C:\Windows\System\hBVfYiZ.exe
  C:\Windows\System\hBVfYiZ.exe
  2⤵
  PID:7872
- C:\Windows\System\lytNDVu.exe
  C:\Windows\System\lytNDVu.exe
  2⤵
  PID:7932
- C:\Windows\System\snaRmLI.exe
  C:\Windows\System\snaRmLI.exe
  2⤵
  PID:7580
- C:\Windows\System\VEaiChP.exe
  C:\Windows\System\VEaiChP.exe
  2⤵
  PID:7304
- C:\Windows\System\OYcGeNf.exe
  C:\Windows\System\OYcGeNf.exe
  2⤵
  PID:7224
- C:\Windows\System\KVVGxfP.exe
  C:\Windows\System\KVVGxfP.exe
  2⤵
  PID:7272
- C:\Windows\System\lqkfxOt.exe
  C:\Windows\System\lqkfxOt.exe
  2⤵
  PID:7532
- C:\Windows\System\FDpyNVc.exe
  C:\Windows\System\FDpyNVc.exe
  2⤵
  PID:7920
- C:\Windows\System\HLRLQeE.exe
  C:\Windows\System\HLRLQeE.exe
  2⤵
  PID:7708
- C:\Windows\System\sPnSLOx.exe
  C:\Windows\System\sPnSLOx.exe
  2⤵
  PID:7808
- C:\Windows\System\XFrUCei.exe
  C:\Windows\System\XFrUCei.exe
  2⤵
  PID:8080
- C:\Windows\System\BVYvjRE.exe
  C:\Windows\System\BVYvjRE.exe
  2⤵
  PID:8204
- C:\Windows\System\VHxCays.exe
  C:\Windows\System\VHxCays.exe
  2⤵
  PID:8220
- C:\Windows\System\yDYPAwH.exe
  C:\Windows\System\yDYPAwH.exe
  2⤵
  PID:8244
- C:\Windows\System\UjYjjRp.exe
  C:\Windows\System\UjYjjRp.exe
  2⤵
  PID:8272
- C:\Windows\System\eUJwzsQ.exe
  C:\Windows\System\eUJwzsQ.exe
  2⤵
  PID:8308
- C:\Windows\System\TEozmVi.exe
  C:\Windows\System\TEozmVi.exe
  2⤵
  PID:8332
- C:\Windows\System\xfJQTEz.exe
  C:\Windows\System\xfJQTEz.exe
  2⤵
  PID:8348
- C:\Windows\System\bsDjChD.exe
  C:\Windows\System\bsDjChD.exe
  2⤵
  PID:8364
- C:\Windows\System\qfFfEDq.exe
  C:\Windows\System\qfFfEDq.exe
  2⤵
  PID:8380
- C:\Windows\System\EztiySv.exe
  C:\Windows\System\EztiySv.exe
  2⤵
  PID:8396
- C:\Windows\System\AJuNMMc.exe
  C:\Windows\System\AJuNMMc.exe
  2⤵
  PID:8412
- C:\Windows\System\kBasbrG.exe
  C:\Windows\System\kBasbrG.exe
  2⤵
  PID:8432
- C:\Windows\System\cuPtlYz.exe
  C:\Windows\System\cuPtlYz.exe
  2⤵
  PID:8448
- C:\Windows\System\DOtamrT.exe
  C:\Windows\System\DOtamrT.exe
  2⤵
  PID:8464
- C:\Windows\System\bsaeqdP.exe
  C:\Windows\System\bsaeqdP.exe
  2⤵
  PID:8480
- C:\Windows\System\orqNlav.exe
  C:\Windows\System\orqNlav.exe
  2⤵
  PID:8504
- C:\Windows\System\vLOpkOr.exe
  C:\Windows\System\vLOpkOr.exe
  2⤵
  PID:8520
- C:\Windows\System\xWZjmia.exe
  C:\Windows\System\xWZjmia.exe
  2⤵
  PID:8540
- C:\Windows\System\aiEwFzc.exe
  C:\Windows\System\aiEwFzc.exe
  2⤵
  PID:8560
- C:\Windows\System\gyWTnHH.exe
  C:\Windows\System\gyWTnHH.exe
  2⤵
  PID:8584
- C:\Windows\System\vQealRE.exe
  C:\Windows\System\vQealRE.exe
  2⤵
  PID:8604
- C:\Windows\System\vYScnyQ.exe
  C:\Windows\System\vYScnyQ.exe
  2⤵
  PID:8624
- C:\Windows\System\TsFPPmK.exe
  C:\Windows\System\TsFPPmK.exe
  2⤵
  PID:8640
- C:\Windows\System\pcSVBTm.exe
  C:\Windows\System\pcSVBTm.exe
  2⤵
  PID:8696
- C:\Windows\System\YNtQidW.exe
  C:\Windows\System\YNtQidW.exe
  2⤵
  PID:8724
- C:\Windows\System\otYdmyC.exe
  C:\Windows\System\otYdmyC.exe
  2⤵
  PID:8744
- C:\Windows\System\HdnKxid.exe
  C:\Windows\System\HdnKxid.exe
  2⤵
  PID:8764
- C:\Windows\System\mCyTDtm.exe
  C:\Windows\System\mCyTDtm.exe
  2⤵
  PID:8788
- C:\Windows\System\OJROdHs.exe
  C:\Windows\System\OJROdHs.exe
  2⤵
  PID:8808
- C:\Windows\System\xEvwBDn.exe
  C:\Windows\System\xEvwBDn.exe
  2⤵
  PID:8828
- C:\Windows\System\JRlthgg.exe
  C:\Windows\System\JRlthgg.exe
  2⤵
  PID:8844
- C:\Windows\System\iAaItPK.exe
  C:\Windows\System\iAaItPK.exe
  2⤵
  PID:8864
- C:\Windows\System\myLuKNi.exe
  C:\Windows\System\myLuKNi.exe
  2⤵
  PID:8884
- C:\Windows\System\YWZgDbj.exe
  C:\Windows\System\YWZgDbj.exe
  2⤵
  PID:8900
- C:\Windows\System\LGBXqZv.exe
  C:\Windows\System\LGBXqZv.exe
  2⤵
  PID:8920
- C:\Windows\System\qYmxqny.exe
  C:\Windows\System\qYmxqny.exe
  2⤵
  PID:8936
- C:\Windows\System\ZDObpIq.exe
  C:\Windows\System\ZDObpIq.exe
  2⤵
  PID:8952
- C:\Windows\System\zhGwDdf.exe
  C:\Windows\System\zhGwDdf.exe
  2⤵
  PID:8968
- C:\Windows\System\eYFtNlE.exe
  C:\Windows\System\eYFtNlE.exe
  2⤵
  PID:8984
- C:\Windows\System\GCxXrcw.exe
  C:\Windows\System\GCxXrcw.exe
  2⤵
  PID:9004
- C:\Windows\System\ZaISkBa.exe
  C:\Windows\System\ZaISkBa.exe
  2⤵
  PID:9024
- C:\Windows\System\WQdjWSZ.exe
  C:\Windows\System\WQdjWSZ.exe
  2⤵
  PID:9068
- C:\Windows\System\kVyYXhe.exe
  C:\Windows\System\kVyYXhe.exe
  2⤵
  PID:9096
- C:\Windows\System\HRKdatK.exe
  C:\Windows\System\HRKdatK.exe
  2⤵
  PID:9116
- C:\Windows\System\MnLJDoA.exe
  C:\Windows\System\MnLJDoA.exe
  2⤵
  PID:9140
- C:\Windows\System\rLEFoeP.exe
  C:\Windows\System\rLEFoeP.exe
  2⤵
  PID:9164
- C:\Windows\System\liHdYlm.exe
  C:\Windows\System\liHdYlm.exe
  2⤵
  PID:9180
- C:\Windows\System\QIQRxzv.exe
  C:\Windows\System\QIQRxzv.exe
  2⤵
  PID:9208
- C:\Windows\System\JuWAseD.exe
  C:\Windows\System\JuWAseD.exe
  2⤵
  PID:7720
- C:\Windows\System\axdClyy.exe
  C:\Windows\System\axdClyy.exe
  2⤵
  PID:7888
- C:\Windows\System\MYIhLpR.exe
  C:\Windows\System\MYIhLpR.exe
  2⤵
  PID:7948
- C:\Windows\System\UyLtHqR.exe
  C:\Windows\System\UyLtHqR.exe
  2⤵
  PID:8228
- C:\Windows\System\ldnPoei.exe
  C:\Windows\System\ldnPoei.exe
  2⤵
  PID:8264
- C:\Windows\System\cHAFDOW.exe
  C:\Windows\System\cHAFDOW.exe
  2⤵
  PID:8256
- C:\Windows\System\kwGUURu.exe
  C:\Windows\System\kwGUURu.exe
  2⤵
  PID:8292
- C:\Windows\System\HISOBnS.exe
  C:\Windows\System\HISOBnS.exe
  2⤵
  PID:8316
- C:\Windows\System\GiWEBTG.exe
  C:\Windows\System\GiWEBTG.exe
  2⤵
  PID:8372
- C:\Windows\System\HdVrqLD.exe
  C:\Windows\System\HdVrqLD.exe
  2⤵
  PID:8408
- C:\Windows\System\pHfhtzY.exe
  C:\Windows\System\pHfhtzY.exe
  2⤵
  PID:8492
- C:\Windows\System\fHdmLQn.exe
  C:\Windows\System\fHdmLQn.exe
  2⤵
  PID:8456
- C:\Windows\System\wJneYkZ.exe
  C:\Windows\System\wJneYkZ.exe
  2⤵
  PID:8536
- C:\Windows\System\VMBtTjg.exe
  C:\Windows\System\VMBtTjg.exe
  2⤵
  PID:8580
- C:\Windows\System\hfVxJqQ.exe
  C:\Windows\System\hfVxJqQ.exe
  2⤵
  PID:8556
- C:\Windows\System\DDlGFdU.exe
  C:\Windows\System\DDlGFdU.exe
  2⤵
  PID:7788
- C:\Windows\System\RaDNGoT.exe
  C:\Windows\System\RaDNGoT.exe
  2⤵
  PID:8636
- C:\Windows\System\nlEbjMi.exe
  C:\Windows\System\nlEbjMi.exe
  2⤵
  PID:8652
- C:\Windows\System\ioqedhN.exe
  C:\Windows\System\ioqedhN.exe
  2⤵
  PID:8668
- C:\Windows\System\ArfcAUF.exe
  C:\Windows\System\ArfcAUF.exe
  2⤵
  PID:8684
- C:\Windows\System\vxVNQAg.exe
  C:\Windows\System\vxVNQAg.exe
  2⤵
  PID:8716
- C:\Windows\System\EMnUKrW.exe
  C:\Windows\System\EMnUKrW.exe
  2⤵
  PID:8752
- C:\Windows\System\UQtvrjM.exe
  C:\Windows\System\UQtvrjM.exe
  2⤵
  PID:8780
- C:\Windows\System\MlcRrBd.exe
  C:\Windows\System\MlcRrBd.exe
  2⤵
  PID:8804
- C:\Windows\System\HciSEdF.exe
  C:\Windows\System\HciSEdF.exe
  2⤵
  PID:8820
- C:\Windows\System\ALxPUMn.exe
  C:\Windows\System\ALxPUMn.exe
  2⤵
  PID:8852
- C:\Windows\System\gmocwXH.exe
  C:\Windows\System\gmocwXH.exe
  2⤵
  PID:8880
- C:\Windows\System\mhmsURA.exe
  C:\Windows\System\mhmsURA.exe
  2⤵
  PID:8980
- C:\Windows\System\GanMaZE.exe
  C:\Windows\System\GanMaZE.exe
  2⤵
  PID:8944
- C:\Windows\System\OxAXsOc.exe
  C:\Windows\System\OxAXsOc.exe
  2⤵
  PID:9020
- C:\Windows\System\RhsvXzw.exe
  C:\Windows\System\RhsvXzw.exe
  2⤵
  PID:8960
- C:\Windows\System\UyGRrGl.exe
  C:\Windows\System\UyGRrGl.exe
  2⤵
  PID:9000
- C:\Windows\System\YidSgdh.exe
  C:\Windows\System\YidSgdh.exe
  2⤵
  PID:9052
- C:\Windows\System\TqZjxnk.exe
  C:\Windows\System\TqZjxnk.exe
  2⤵
  PID:9064
- C:\Windows\System\hjPTzgZ.exe
  C:\Windows\System\hjPTzgZ.exe
  2⤵
  PID:9108
- C:\Windows\System\ueYWcDK.exe
  C:\Windows\System\ueYWcDK.exe
  2⤵
  PID:9128
- C:\Windows\System\bjDxvfP.exe
  C:\Windows\System\bjDxvfP.exe
  2⤵
  PID:9160
- C:\Windows\System\strvJxQ.exe
  C:\Windows\System\strvJxQ.exe
  2⤵
  PID:9196
- C:\Windows\System\cLpQHPP.exe
  C:\Windows\System\cLpQHPP.exe
  2⤵
  PID:9048
- C:\Windows\System\LOuzJyi.exe
  C:\Windows\System\LOuzJyi.exe
  2⤵
  PID:7432
- C:\Windows\System\FUxlxBm.exe
  C:\Windows\System\FUxlxBm.exe
  2⤵
  PID:8284
- C:\Windows\System\jCladGq.exe
  C:\Windows\System\jCladGq.exe
  2⤵
  PID:8388
- C:\Windows\System\gmXfzKh.exe
  C:\Windows\System\gmXfzKh.exe
  2⤵
  PID:8280
- C:\Windows\System\PzqtxZL.exe
  C:\Windows\System\PzqtxZL.exe
  2⤵
  PID:8376
- C:\Windows\System\SlgmqNX.exe
  C:\Windows\System\SlgmqNX.exe
  2⤵
  PID:8496
- C:\Windows\System\HyvOwfM.exe
  C:\Windows\System\HyvOwfM.exe
  2⤵
  PID:8532
- C:\Windows\System\ixkOgwg.exe
  C:\Windows\System\ixkOgwg.exe
  2⤵
  PID:8620
- C:\Windows\System\rWaZDfD.exe
  C:\Windows\System\rWaZDfD.exe
  2⤵
  PID:8772
- C:\Windows\System\eqYxMEQ.exe
  C:\Windows\System\eqYxMEQ.exe
  2⤵
  PID:8872
- C:\Windows\System\bGFCOcX.exe
  C:\Windows\System\bGFCOcX.exe
  2⤵
  PID:9040
- C:\Windows\System\jNmlXod.exe
  C:\Windows\System\jNmlXod.exe
  2⤵
  PID:9152
- C:\Windows\System\bearouh.exe
  C:\Windows\System\bearouh.exe
  2⤵
  PID:8236
- C:\Windows\System\xRGrhCm.exe
  C:\Windows\System\xRGrhCm.exe
  2⤵
  PID:8444
- C:\Windows\System\hZevtgy.exe
  C:\Windows\System\hZevtgy.exe
  2⤵
  PID:8976
- C:\Windows\System\jpoDAOW.exe
  C:\Windows\System\jpoDAOW.exe
  2⤵
  PID:9060
- C:\Windows\System\bcCVEvv.exe
  C:\Windows\System\bcCVEvv.exe
  2⤵
  PID:9188
- C:\Windows\System\NJlNEdq.exe
  C:\Windows\System\NJlNEdq.exe
  2⤵
  PID:8288
- C:\Windows\System\dcUHMZm.exe
  C:\Windows\System\dcUHMZm.exe
  2⤵
  PID:8304
- C:\Windows\System\XtfJWVh.exe
  C:\Windows\System\XtfJWVh.exe
  2⤵
  PID:8712
- C:\Windows\System\jJsLXcw.exe
  C:\Windows\System\jJsLXcw.exe
  2⤵
  PID:8708
- C:\Windows\System\jiMAdtr.exe
  C:\Windows\System\jiMAdtr.exe
  2⤵
  PID:8472
- C:\Windows\System\SzDWKsS.exe
  C:\Windows\System\SzDWKsS.exe
  2⤵
  PID:9124
- C:\Windows\System\jhqzYeh.exe
  C:\Windows\System\jhqzYeh.exe
  2⤵
  PID:8420
- C:\Windows\System\NdbEhIR.exe
  C:\Windows\System\NdbEhIR.exe
  2⤵
  PID:8568
- C:\Windows\System\IpDffxY.exe
  C:\Windows\System\IpDffxY.exe
  2⤵
  PID:8664
- C:\Windows\System\JfuzWxW.exe
  C:\Windows\System\JfuzWxW.exe
  2⤵
  PID:8688
- C:\Windows\System\DGjAVJn.exe
  C:\Windows\System\DGjAVJn.exe
  2⤵
  PID:8732
- C:\Windows\System\WgKIpOy.exe
  C:\Windows\System\WgKIpOy.exe
  2⤵
  PID:8836
- C:\Windows\System\zErRRRt.exe
  C:\Windows\System\zErRRRt.exe
  2⤵
  PID:8992
- C:\Windows\System\unbCMKK.exe
  C:\Windows\System\unbCMKK.exe
  2⤵
  PID:8360
- C:\Windows\System\jTmQgUP.exe
  C:\Windows\System\jTmQgUP.exe
  2⤵
  PID:8488
- C:\Windows\System\xMHbpgr.exe
  C:\Windows\System\xMHbpgr.exe
  2⤵
  PID:9232
- C:\Windows\System\HqmJdtf.exe
  C:\Windows\System\HqmJdtf.exe
  2⤵
  PID:9248
- C:\Windows\System\wDMuFhn.exe
  C:\Windows\System\wDMuFhn.exe
  2⤵
  PID:9264
- C:\Windows\System\zvGoBvo.exe
  C:\Windows\System\zvGoBvo.exe
  2⤵
  PID:9288
- C:\Windows\System\uRYPJEs.exe
  C:\Windows\System\uRYPJEs.exe
  2⤵
  PID:9360
- C:\Windows\System\oEUbSNm.exe
  C:\Windows\System\oEUbSNm.exe
  2⤵
  PID:9384
- C:\Windows\System\vkVWHFi.exe
  C:\Windows\System\vkVWHFi.exe
  2⤵
  PID:9400
- C:\Windows\System\XNqWaiK.exe
  C:\Windows\System\XNqWaiK.exe
  2⤵
  PID:9420
- C:\Windows\System\CIQQSoV.exe
  C:\Windows\System\CIQQSoV.exe
  2⤵
  PID:9440
- C:\Windows\System\XZCGbAc.exe
  C:\Windows\System\XZCGbAc.exe
  2⤵
  PID:9460
- C:\Windows\System\PrBhwgl.exe
  C:\Windows\System\PrBhwgl.exe
  2⤵
  PID:9476
- C:\Windows\System\SgLomrU.exe
  C:\Windows\System\SgLomrU.exe
  2⤵
  PID:9492
- C:\Windows\System\mEUykDy.exe
  C:\Windows\System\mEUykDy.exe
  2⤵
  PID:9512
- C:\Windows\System\GjIYUzo.exe
  C:\Windows\System\GjIYUzo.exe
  2⤵
  PID:9528
- C:\Windows\System\bXtFTeg.exe
  C:\Windows\System\bXtFTeg.exe
  2⤵
  PID:9544
- C:\Windows\System\gnrQiGu.exe
  C:\Windows\System\gnrQiGu.exe
  2⤵
  PID:9560
- C:\Windows\System\ZodjISu.exe
  C:\Windows\System\ZodjISu.exe
  2⤵
  PID:9580
- C:\Windows\System\yckYVsS.exe
  C:\Windows\System\yckYVsS.exe
  2⤵
  PID:9600
- C:\Windows\System\iLjTWdM.exe
  C:\Windows\System\iLjTWdM.exe
  2⤵
  PID:9620
- C:\Windows\System\cFbuBGx.exe
  C:\Windows\System\cFbuBGx.exe
  2⤵
  PID:9640
- C:\Windows\System\VGvBdtS.exe
  C:\Windows\System\VGvBdtS.exe
  2⤵
  PID:9656
- C:\Windows\System\ePdABdh.exe
  C:\Windows\System\ePdABdh.exe
  2⤵
  PID:9680
- C:\Windows\System\xabPvmM.exe
  C:\Windows\System\xabPvmM.exe
  2⤵
  PID:9700
- C:\Windows\System\MWIyYnl.exe
  C:\Windows\System\MWIyYnl.exe
  2⤵
  PID:9716
- C:\Windows\System\fzqNivm.exe
  C:\Windows\System\fzqNivm.exe
  2⤵
  PID:9736
- C:\Windows\System\EEgDFUo.exe
  C:\Windows\System\EEgDFUo.exe
  2⤵
  PID:9752
- C:\Windows\System\iGMZzCP.exe
  C:\Windows\System\iGMZzCP.exe
  2⤵
  PID:9772
- C:\Windows\System\YCdPFWs.exe
  C:\Windows\System\YCdPFWs.exe
  2⤵
  PID:9792
- C:\Windows\System\FDRuHuk.exe
  C:\Windows\System\FDRuHuk.exe
  2⤵
  PID:9808
- C:\Windows\System\QamHvvW.exe
  C:\Windows\System\QamHvvW.exe
  2⤵
  PID:9828
- C:\Windows\System\zAgSwmT.exe
  C:\Windows\System\zAgSwmT.exe
  2⤵
  PID:9852
- C:\Windows\System\GawTSDz.exe
  C:\Windows\System\GawTSDz.exe
  2⤵
  PID:9880
- C:\Windows\System\kInAOdT.exe
  C:\Windows\System\kInAOdT.exe
  2⤵
  PID:9896
- C:\Windows\System\BJNTqqh.exe
  C:\Windows\System\BJNTqqh.exe
  2⤵
  PID:9912
- C:\Windows\System\jfsncke.exe
  C:\Windows\System\jfsncke.exe
  2⤵
  PID:9928
- C:\Windows\System\vqAonjc.exe
  C:\Windows\System\vqAonjc.exe
  2⤵
  PID:9948
- C:\Windows\System\AlEwuTd.exe
  C:\Windows\System\AlEwuTd.exe
  2⤵
  PID:9964
- C:\Windows\System\KiqYdtW.exe
  C:\Windows\System\KiqYdtW.exe
  2⤵
  PID:10044
- C:\Windows\System\tzvzlTj.exe
  C:\Windows\System\tzvzlTj.exe
  2⤵
  PID:10064
- C:\Windows\System\gQSsHjR.exe
  C:\Windows\System\gQSsHjR.exe
  2⤵
  PID:10084
- C:\Windows\System\YBHRefe.exe
  C:\Windows\System\YBHRefe.exe
  2⤵
  PID:10104
- C:\Windows\System\KkJcAQw.exe
  C:\Windows\System\KkJcAQw.exe
  2⤵
  PID:10120
- C:\Windows\System\IzLNQMU.exe
  C:\Windows\System\IzLNQMU.exe
  2⤵
  PID:10140
- C:\Windows\System\SKMDdoG.exe
  C:\Windows\System\SKMDdoG.exe
  2⤵
  PID:10156
- C:\Windows\System\hFQGGPs.exe
  C:\Windows\System\hFQGGPs.exe
  2⤵
  PID:10172
- C:\Windows\System\TvbVJue.exe
  C:\Windows\System\TvbVJue.exe
  2⤵
  PID:10188
- C:\Windows\System\CnDaYzL.exe
  C:\Windows\System\CnDaYzL.exe
  2⤵
  PID:10204
- C:\Windows\System\CctyPyw.exe
  C:\Windows\System\CctyPyw.exe
  2⤵
  PID:10224
- C:\Windows\System\PRDraeZ.exe
  C:\Windows\System\PRDraeZ.exe
  2⤵
  PID:7740
- C:\Windows\System\FiLDmug.exe
  C:\Windows\System\FiLDmug.exe
  2⤵
  PID:9240
- C:\Windows\System\mdxJRoP.exe
  C:\Windows\System\mdxJRoP.exe
  2⤵
  PID:9284
- C:\Windows\System\AoAVZQO.exe
  C:\Windows\System\AoAVZQO.exe
  2⤵
  PID:8784
- C:\Windows\System\YqhbfOm.exe
  C:\Windows\System\YqhbfOm.exe
  2⤵
  PID:9228
- C:\Windows\System\fFPmKoC.exe
  C:\Windows\System\fFPmKoC.exe
  2⤵
  PID:9304
- C:\Windows\System\caOiqmq.exe
  C:\Windows\System\caOiqmq.exe
  2⤵
  PID:9324
- C:\Windows\System\DRLredQ.exe
  C:\Windows\System\DRLredQ.exe
  2⤵
  PID:9344
- C:\Windows\System\BmhieZx.exe
  C:\Windows\System\BmhieZx.exe
  2⤵
  PID:8928
- C:\Windows\System\FKwuboa.exe
  C:\Windows\System\FKwuboa.exe
  2⤵
  PID:9376
- C:\Windows\System\hGeSeUD.exe
  C:\Windows\System\hGeSeUD.exe
  2⤵
  PID:9484
- C:\Windows\System\dnxPkxL.exe
  C:\Windows\System\dnxPkxL.exe
  2⤵
  PID:9552
- C:\Windows\System\qQohCMO.exe
  C:\Windows\System\qQohCMO.exe
  2⤵
  PID:9588
- C:\Windows\System\jcxdFKV.exe
  C:\Windows\System\jcxdFKV.exe
  2⤵
  PID:9632
- C:\Windows\System\HaquNSr.exe
  C:\Windows\System\HaquNSr.exe
  2⤵
  PID:9436
- C:\Windows\System\AvDyfFI.exe
  C:\Windows\System\AvDyfFI.exe
  2⤵
  PID:9540
- C:\Windows\System\emvwmtm.exe
  C:\Windows\System\emvwmtm.exe
  2⤵
  PID:9744
- C:\Windows\System\vpDGKku.exe
  C:\Windows\System\vpDGKku.exe
  2⤵
  PID:9676
- C:\Windows\System\eMCiOwD.exe
  C:\Windows\System\eMCiOwD.exe
  2⤵
  PID:9860
- C:\Windows\System\UzJqTop.exe
  C:\Windows\System\UzJqTop.exe
  2⤵
  PID:9652
- C:\Windows\System\VjtVNUJ.exe
  C:\Windows\System\VjtVNUJ.exe
  2⤵
  PID:9724
- C:\Windows\System\dfGNDBb.exe
  C:\Windows\System\dfGNDBb.exe
  2⤵
  PID:9768
- C:\Windows\System\MuZTIHT.exe
  C:\Windows\System\MuZTIHT.exe
  2⤵
  PID:9788
- C:\Windows\System\mLcVykV.exe
  C:\Windows\System\mLcVykV.exe
  2⤵
  PID:9936
- C:\Windows\System\sbuOXJX.exe
  C:\Windows\System\sbuOXJX.exe
  2⤵
  PID:9976
- C:\Windows\System\xrBzpVn.exe
  C:\Windows\System\xrBzpVn.exe
  2⤵
  PID:9992
- C:\Windows\System\sqolvzk.exe
  C:\Windows\System\sqolvzk.exe
  2⤵
  PID:9888
- C:\Windows\System\BCYuZFK.exe
  C:\Windows\System\BCYuZFK.exe
  2⤵
  PID:10024
- C:\Windows\System\daHzDAf.exe
  C:\Windows\System\daHzDAf.exe
  2⤵
  PID:10040
- C:\Windows\System\ymNRLoc.exe
  C:\Windows\System\ymNRLoc.exe
  2⤵
  PID:9840
- C:\Windows\System\mMsmpmM.exe
  C:\Windows\System\mMsmpmM.exe
  2⤵
  PID:9920
- C:\Windows\System\tBTuQjI.exe
  C:\Windows\System\tBTuQjI.exe
  2⤵
  PID:10076
- C:\Windows\System\NOrtzkY.exe
  C:\Windows\System\NOrtzkY.exe
  2⤵
  PID:10148
- C:\Windows\System\hOFeAXI.exe
  C:\Windows\System\hOFeAXI.exe
  2⤵
  PID:10184
- C:\Windows\System\RkAwjxB.exe
  C:\Windows\System\RkAwjxB.exe
  2⤵
  PID:10056
- C:\Windows\System\DrCQrra.exe
  C:\Windows\System\DrCQrra.exe
  2⤵
  PID:10128
- C:\Windows\System\hjrLwEV.exe
  C:\Windows\System\hjrLwEV.exe
  2⤵
  PID:10216
- C:\Windows\System\GcliwIG.exe
  C:\Windows\System\GcliwIG.exe
  2⤵
  PID:10196
- C:\Windows\System\zaOSrzp.exe
  C:\Windows\System\zaOSrzp.exe
  2⤵
  PID:8892
- C:\Windows\System\QYSeopO.exe
  C:\Windows\System\QYSeopO.exe
  2⤵
  PID:8800
- C:\Windows\System\xqjxeFB.exe
  C:\Windows\System\xqjxeFB.exe
  2⤵
  PID:8460
- C:\Windows\System\cxEMzjq.exe
  C:\Windows\System\cxEMzjq.exe
  2⤵
  PID:8612
- C:\Windows\System\KvoMJru.exe
  C:\Windows\System\KvoMJru.exe
  2⤵
  PID:9084
- C:\Windows\System\dkYuRNB.exe
  C:\Windows\System\dkYuRNB.exe
  2⤵
  PID:9224
- C:\Windows\System\ZVPbqnX.exe
  C:\Windows\System\ZVPbqnX.exe
  2⤵
  PID:9296
- C:\Windows\System\vhLSXSN.exe
  C:\Windows\System\vhLSXSN.exe
  2⤵
  PID:9332
- C:\Windows\System\xHVgkLX.exe
  C:\Windows\System\xHVgkLX.exe
  2⤵
  PID:9452
- C:\Windows\System\amYopuw.exe
  C:\Windows\System\amYopuw.exe
  2⤵
  PID:9520
- C:\Windows\System\JnXskZA.exe
  C:\Windows\System\JnXskZA.exe
  2⤵
  PID:9820
- C:\Windows\System\RdeEQEJ.exe
  C:\Windows\System\RdeEQEJ.exe
  2⤵
  PID:9612
- C:\Windows\System\EGgbJhy.exe
  C:\Windows\System\EGgbJhy.exe
  2⤵
  PID:9984
- C:\Windows\System\yZZQrkh.exe
  C:\Windows\System\yZZQrkh.exe
  2⤵
  PID:9760
- C:\Windows\System\qPgOSje.exe
  C:\Windows\System\qPgOSje.exe
  2⤵
  PID:9960
- C:\Windows\System\oLKzLch.exe
  C:\Windows\System\oLKzLch.exe
  2⤵
  PID:9016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AASRKlq.exe

Filesize
6.0MB

MD5
846e933ec8a16878057fc79e8bd88308

SHA1
7fc2612e93eadef16adcf2052f5bd81e0542701a

SHA256
185d348e118c751523a1222bb68e30644c7cab583f3ce8cc06163d31d39e876e

SHA512
bc4d2ce47976f83ef4d3b0d828d96c8e02c5b98e3cb5ed129e355e99cb66090cb727c528397c90fae8afeed10c887fc524a64dcc7a2fd6eef667962648f76894

Download Submit
C:\Windows\system\DjeCBHE.exe

Filesize
6.0MB

MD5
aab42ba46757acfbf88ffe04f9cd49e0

SHA1
12fee67565eb03ce4ae6a589911b17851b05489e

SHA256
18bd1c2d5a6712ccfbca29cb437abaa0ecd48101d6beacaa864054e5fc2b5bc3

SHA512
8bf77d23f734ba2d46b0e5f016092f3e98a825d1eed57c89e3d658a78cfabf027c05b67bbca4b84ac649e2779ab42df3e5ef95fb7a1137d6ddb32221a19bcdf1

Download Submit
C:\Windows\system\EPKFXFM.exe

Filesize
6.0MB

MD5
3be22c9e20bed8f51732b0545be0a7cf

SHA1
44f6acbf4fa038c3c36fcb93978a1a4e508d4507

SHA256
f37d870325502064e0ad65e4f8e60bbbd042a2b1eb145d648fd94b48de284438

SHA512
26c143fe2b6decac3b3995f8957238b0dff181d79328c83aa1b8d7e0941115e45e369f68ce2a2fbc40f7b0437b0266349353bbec38bb83771c30039606db3cd5

Download Submit
C:\Windows\system\ElWAKqC.exe

Filesize
6.0MB

MD5
4a15522aeef3badcaba0f89b51ff0472

SHA1
dfee8ea9f608077305920f30db1b7e340431d468

SHA256
76d8d4787dc9aef744115dfe7e0d1a680ed2265618812c7be4cb52eb94fe7a34

SHA512
9caea0e706db671c7363f8964c41f93c4412b32621ff739673d18b96c875950b0887689851826bb01abd724794de80edbdcb820b2cc32c443942f828a9b2bc68

Download Submit
C:\Windows\system\HNcxOmM.exe

Filesize
6.0MB

MD5
7e1150d2b914f088acd477cff3774371

SHA1
3432c931ede06adede9d14dc1583098229e27817

SHA256
36d963fde8c2a1508bd59199a97bdcca3eaebde7e70d68c59f023e691d6444d0

SHA512
9da8d6b346e061dd50fcadb385879e8675004536284123e9256f772b2c824ca9eca454814c1fc825019666d247f2b93fdfc528424b5a979612387faee2a3e58b

Download Submit
C:\Windows\system\ILWKNoz.exe

Filesize
6.0MB

MD5
ab00ed20d09ecea0c906823d3de7cba0

SHA1
7cb5f00d06d8aca157a2f624400679ba04728f84

SHA256
9fc3e2d600d6048ea7418ad005fb1e283cfcddc60b535d3dd16fc88f424fd55e

SHA512
9a8091ea0698e2acb54577e0551e20a7f38d71d610d389b9a57131fa759a14daca65ec079ad99372db7d0ae8a319a74106c33466a5f667d92619aa308c2bf229

Download Submit
C:\Windows\system\KfKKDCe.exe

Filesize
6.0MB

MD5
86d2aa76d435e281404c8c5834322634

SHA1
89eda8d96f7eae94298da68544996cc72b7dd95f

SHA256
3334ec2a570fe6c60be0d1299af5cc94f9336ea96143bc6eda22f32e7cac0d73

SHA512
b41f72602a97e239888d7bbc076174528753ac6c07b2706255a8b1024d1de5aa6e9e26147609df8691107cb54bb7dfebdb243aa32d40c567eb17280cf4ebdd2c

Download Submit
C:\Windows\system\OijKwJG.exe

Filesize
6.0MB

MD5
cd5f2fec117fab146e508c13992bd51a

SHA1
5b11248efab4177c2bc50442a90c989d9f04184a

SHA256
f015d4dde28d9356cafeca8d6b6b7430b4c9f595ab3ef2995de7dc9e939ecb96

SHA512
c2bdd64c78e4dcf38d5e78811560d9cfd01f5048e84a5d8150cc215899136fb3b6a80e152a3e409a53b4ad3fd1565aae8be152c8bb7d84d936dad38c6900cade

Download Submit
C:\Windows\system\RLvIadF.exe

Filesize
6.0MB

MD5
e30d5d21167a7025c0e26a8225fc2b33

SHA1
94cd7caec77104ea9dbe087f0df3744d44012594

SHA256
4f0578b09ec6855629fdf04997fd5358fea4a1e5705aa91b1d2fa76c3fbb8e74

SHA512
8d5abe2f42435cc26f7e50f96992a414a8ab379ab1201305d17d32b224d7122eb47f1c84e571e62dd281784f9d7ea6f4a5146d1945a5c4e1166a63df75e5fd51

Download Submit
C:\Windows\system\USceyPh.exe

Filesize
6.0MB

MD5
8e7b1f8fe96c1336306d053c753fd149

SHA1
eefc228f80378d92b2b9e03a6a0bb9669e987c5a

SHA256
1fdb487c6ac2d31ebc6420b55793e67966a1809c7ac2f50b081b1f4a1ca04b79

SHA512
2a5406c0a56bab4f06dc17924eb8d2e0381aa724ec41b8ca6e5335794e7c11b71f4abe84539a1ba79ee88f5537ebee58bb211204948d7149decd0dbc67827ff6

Download Submit
C:\Windows\system\UoBIPZY.exe

Filesize
6.0MB

MD5
58add1d17a96b21d1f75da6a1d64672f

SHA1
b637661a7f1a4424884845c8a0964acffe814d82

SHA256
9fe5b6ee9deb31a980c02b90c51a2c60aa079ed717f0206e50b41712dc416ad5

SHA512
733706c6499f9a5cc91f26f74c689b430451140da8d9815f5ce8e6fd9e933fdd4b3bf91608dd2df61e734e84be27d54bbb3c11fa3742d17c5b612eece608d860

Download Submit
C:\Windows\system\UshKQcT.exe

Filesize
6.0MB

MD5
6ceca6cb9187374dc2317e9e37475e74

SHA1
879ed20821a9d84ba70a5773ca2f31236714c157

SHA256
a97ab138dd26cc6fc0ca3cefb64fa0db268ec7ec624d90d6d62d41c5c6970f73

SHA512
2302ec3a0a5e67fb4d87c537b82fe51fff04c0621839453ac57e156cdd725a258568d778ed509d080679baa593630e9b1254ff226db361568f1ebcdba3563991

Download Submit
C:\Windows\system\YOHMxaW.exe

Filesize
6.0MB

MD5
0d40b3cfd1c41590b6b9a59e4ffe45b9

SHA1
f370271a75d742a8a256588f7bd9f0104202c07f

SHA256
93cb4e9ec47ae52ef31b5d5eab50ca2d6cd7eca13155d12948ee632d3ea923fc

SHA512
436fcd8efc4eccd2de9a6d4d957752d90f24368a1b284ace3bf8494d494b790fa19a5f59666c1cce75c27787fd331858a82a371003d320501119ab0657dccb60

Download Submit
C:\Windows\system\YWLJRmx.exe

Filesize
6.0MB

MD5
edd9cff198a1825164433b6291c74f9b

SHA1
af1f7fe6ed67027c957d6eb70985bc1bd9168ac5

SHA256
a180123a80e01937d4d8d28a821ed75463864fec49dceb66eaab3e9db0c32ccc

SHA512
6b11b823dcf4c3a30d66d2943f97cb28fc8d3fb91fc18508427c5c8df00043e287aba4d4c3a4ce2fe938431502e5def756688ad1c0d61aace75481af1c9f54c8

Download Submit
C:\Windows\system\YZqPNlI.exe

Filesize
6.0MB

MD5
bc8dc4e036d627496a630fa82cb9849c

SHA1
b680e4bc7825d63323b514b7c9916b05031db086

SHA256
51bd12defe5a0d7a31fa9484110d2136982491d4f16661a19702bcbcdc0dee2e

SHA512
f293372833cf7b6a29c18ed8a7aaa73db5b5438651d5aa76bc6de21d95620a912b6165f7cc1e36cb67e16969dc22ecedefa3ce133d467d822b80cad99c84e5a3

Download Submit
C:\Windows\system\YsPzOkW.exe

Filesize
6.0MB

MD5
891d90d85b578af0a85111b0d52a2567

SHA1
fb22d56f975444fc76deec42f773eedc9408a0ce

SHA256
5a62c705bbde6dafd5d32a970d8b6cfc8965f103c615d3588c35ec5baf1a8e35

SHA512
0c8d277747c8438b4d7a6eb9d2bd53bf64216a52947f9be847baeb745dfa9218ba69d3a1686044fad42c3a51aa6b3408c1fe4559d0d390613b153dcf14fc39c2

Download Submit
C:\Windows\system\avVwGcI.exe

Filesize
6.0MB

MD5
3026b78e625a888e0f3c89f05c6b509a

SHA1
ba1bd8c0e9e6466b9e536597b46fc3eeaede3538

SHA256
f88bbaa825dfae9d31b6bdc2fb463063d025d39e0d250eed8ef1dbf1e8419ebe

SHA512
73b1d2500735d5411e14e54073ec5a23b090a0211982253fe0f0b9313ec5531bd323156399a5ac198809d1aa2541f79f089b2c57598c1338ad4b9082e1fa4f0f

Download Submit
C:\Windows\system\bSBEdIK.exe

Filesize
6.0MB

MD5
5d90bb9f87e38d6b32d5338c7e13fbbd

SHA1
d60caf8350cf3d001c828b9abf8173412352e276

SHA256
0965bc76476d3a64389aa13f47de68de16f4c7afd68daaf4ef1e50f5f1987f54

SHA512
e61d0e65ac02a79d301357b8ee6fc23a9d0689fe98ed9ce17c5dc4adfd57b9673607cc3ba2b17edbff79c0c6219ffb11607d35ae38d524a048474cce8d816a3a

Download Submit
C:\Windows\system\bivQHGp.exe

Filesize
6.0MB

MD5
1ae591163e516838796d302cffea1ec4

SHA1
d3b98ee6383ced2046f3fb7fb5713927bbf5d281

SHA256
b9861ab9477c3d50f604cc853c672ee25a5c67fe984a16e7424df5a9f7f03480

SHA512
c41dd7bfa8fd8a7d0834e4443e4eb3f4bd36eb5c8c56cda66ba1536c65ef1134b79c369cf89aa9986eafb88639b7e7e54ea722b8899e77d6211bd8e94452b474

Download Submit
C:\Windows\system\coZTfgB.exe

Filesize
6.0MB

MD5
f1549449ad506d5da0c5ca84654baa30

SHA1
f99efed0db72e6086d5edb315b6823a6c789ee07

SHA256
7750710d12682d6dd64313bec2a91433d518002d959c063a9a8a262c50306fd1

SHA512
f8dcfc527fa8c8af0889cc211861373a0a08066cbc1bfe8ac6c7f6f5481cac4feb91d0e2740be02302b875e022e93797256e4364c99a83b9513cc4dd479ff4db

Download Submit
C:\Windows\system\dFPPqYz.exe

Filesize
6.0MB

MD5
5b21bdcc13dccf56f73d941e6a7db622

SHA1
18ec641e4d05e9831fe7d11d0b9774d3de044b7e

SHA256
ddf81b4a4402ce634f5220ad96fd0ba34ac7c07a692e794c6ac10318b61616c4

SHA512
3a246c43c28454b742185939e9cb94e9686b2316154fbc7f0296ec40ecc688fdc5ac347d4c7e1c494f2e7c9f7b003a06775f9a8c8b8ee93fec0718520c355e79

Download Submit
C:\Windows\system\dWKytVO.exe

Filesize
6.0MB

MD5
db895eb9bd59f869a0582fb23be96102

SHA1
c48f440d0bbd9a58de0fc0281a64efc28e961cbf

SHA256
f0d6b431f62e02d02b3ba967e2085a1dadf7d102ac79b9d5dfea51c1d187175c

SHA512
92c27e8da633e6843b400ba434acad33bc7c0d8892fc45fe07f1b3e11601321ed909c770ea9aa9009d99e8fceb17e4e49068545c19c8a262dbebf1765e6852f1

Download Submit
C:\Windows\system\nlcjxpd.exe

Filesize
6.0MB

MD5
b614a077b75637a0d71eb159ad591fbb

SHA1
5e1cb68f90372d355287c5a3e728ba0cdc978ce3

SHA256
98a2540d8b8733707ef7dc80c2f469ad8961ee54e2f076d5f945347c997a7bf9

SHA512
f00682b3ac941e247d7843a105c6cd4ddf7bc331884624467920563da698869ffd01ca13c756d1a99a17038d7af106031b29f3842a611421b8ba3103d0543799

Download Submit
C:\Windows\system\ppiVqVh.exe

Filesize
6.0MB

MD5
85e8238123aa7ed144b33c84b3ba6474

SHA1
8087e733f1d4efa85ca1f4d86ccfe64bfa796a4a

SHA256
841cf793412323fd01f915c34c5585ed7dc774b85555bc08aea836e74108ced1

SHA512
5b89c4ff661b7439f2999dc53a2c19674f25a77a6704c244ad98981fae4f161a35757d5568decbd2558b0bcbb7584d942fe642540e04d7c99fc1a7a1a5e61505

Download Submit
C:\Windows\system\sEFGPzZ.exe

Filesize
6.0MB

MD5
d234ad96ce4a50e594890746283bc878

SHA1
ac7098a332236707025a8cdb8045fc10ff3c8851

SHA256
72060e38805a17b7284343e51fdd7a60309f7d7212017589ad14f11c75e336f4

SHA512
7c749e16d7ac90d69d362cf13cf49036a5c594146d8b82fbe80938a59aa5e3205e36fa8754b73e8a071c0035236a3dacfe8959d11e72664b3eda3101521134d8

Download Submit
C:\Windows\system\wUVaWzZ.exe

Filesize
6.0MB

MD5
80e279c28903733e33fa98bc88ce3c6a

SHA1
c3a752234f1ffe08286bee18b58598f84c274918

SHA256
34bf787c52a85d9f079e48df01aa2d14f97ade98ea3412ba8c3ee885f62c9eec

SHA512
1477cd2c93141afacfaee8b42798ed207b65b8c9d0c3fd65dc2149035f3b309832a6ad8669094af553edddb04939b6d3054c4e84e26e3db47ec20fb5bea54bc0

Download Submit
C:\Windows\system\wxgoYoL.exe

Filesize
6.0MB

MD5
2efa3d4b43263aee0ff23b093f38fe2c

SHA1
b659fb21db5fe467a06797376404c11b75faaef9

SHA256
86e588e01b718e2837ce36dd5477063452926a58f66ef9bb0df629bd4dbc5d39

SHA512
70ae8f978e2bcbe955b2fdaec0316874452a7c5c59fb7ce5f04859b51074a09b2d504d5de8f4b4cdf2a0a69f4d0616f7e9e3716c7d9ff99ef64bada60afa8eed

Download Submit
C:\Windows\system\yFMHaMd.exe

Filesize
6.0MB

MD5
c8270f3fd22e44d192425208f64b0319

SHA1
46a89bb86d8f39919cc1e1e2adf3b9fad4ee6e32

SHA256
ef0791c99ded3c32a644e862ab0d40b51c769896cf5163d9bef8cf2ccef6dc49

SHA512
4ae9defdcc72301c2eb5dcb055c2a7159d397400bad60f3ccf4bc690e437453e5cc86074818fdba344b97a56b266c67e7cdc57c26fef7a3d3515bab917cfec27

Download Submit
C:\Windows\system\yJYKdQQ.exe

Filesize
6.0MB

MD5
f380c0982ef7fce02c6e0bec260b8518

SHA1
e2217614f129ed1322ce4c57322c715c4adcb069

SHA256
25d2ac772576b4a333061746eafef38b726272f1207506e2548a2187f1423427

SHA512
fe0d249dd233591c87ade9aeba072363bdf1bdb57add6dbe26afba9c6d48115def549d619b57cde3a789c68def6f5625ef1acf58ebedaad9a9f02c5a01e0b6c8

Download Submit
\Windows\system\HZsuPxB.exe

Filesize
6.0MB

MD5
b45ab4b307c854e32c589201fe37b3dd

SHA1
785e81a9e47ed4e948951704f9f2a503952b5035

SHA256
4dc8c8b3a77605d74991aebfcd27ad2c243460cf00974d0fa34b9080e1ee9160

SHA512
00016ebc75f5f9bcd800391399f1fea4a496ebb388e34e04632aba379d630ed379df6c1c8ec506b77738fcd388e6b4e1531832ad1c78e3267c041ecc9896f981

Download Submit
\Windows\system\cJOgzZP.exe

Filesize
6.0MB

MD5
770b70ce47912167adc4a6f79cb4c082

SHA1
92fa8cd3da5880da21d587c520e6203e00901a1d

SHA256
e5ae9176dba88b67558bdd8c55c0e8d9f1021bd6bfcbeaf2c5ec5fb37a1f3b5f

SHA512
482998a57b4e16d5d9998be3fd14bd5c1efff2c92dc156c78c0ba451497f534c2ad5c7ae4c719456576eb1ffe73b421ec5cbe93f8b765ae6695ae71c56c9d9be

Download Submit
\Windows\system\fAnPgRA.exe

Filesize
6.0MB

MD5
a51c751e40d94f2ea313010fb4da8ad3

SHA1
88ff136f7d2589f843dd33a25e65531cc0de079e

SHA256
9c5bea2536b753ef0673742517783508cf4e8ff7f3bc0da4aa537a7afc955a20

SHA512
7b80434e4d1a0c771686c13180e142d614324e53dc1346e5c36081173d5249d05fe299778ee7fa5e0a016f16028b0bd8129f4407ccc4f0be7041cf32fa9818f3

Download Submit
memory/1400-1246-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1840-1244-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2344-1439-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2408-790-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2408-3902-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2552-1098-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2612-1237-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-975-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-738-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-744-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1821-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2688-902-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2688-1138-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2688-980-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1239-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3013-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1243-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3018-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1245-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2688-882-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1247-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2688-807-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2688-0-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1519-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1570-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3020-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1774-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3121-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3004-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2688-93-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2688-2620-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2688-2768-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2688-2881-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2688-2886-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2688-2892-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2688-2914-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2688-2916-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2688-2967-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2688-2989-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2688-2982-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3006-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2708-881-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1569-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1820-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3901-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2888-1771-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3904-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-898-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2912-3903-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/3016-1242-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download