cobaltstrike | bafdea7ad9d5fc0f4369f20651b23e195eb0034646265088a60d9d11aa46ecf0

Analysis

max time kernel
150s
max time network
23s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 13:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

2a38e6227003ed8d5bf7e9e44601bd23
SHA1

08aace6da45e08728391d5988d7e851e833fedb2
SHA256

bafdea7ad9d5fc0f4369f20651b23e195eb0034646265088a60d9d11aa46ecf0
SHA512

7131326c731b3486a8f0f9538a16f404e648484e6276721850e190e7600c963d090943285ccd36c8ca9da3fb032ef4727ce0b023d74706214b1a9c2ce23186d2
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUc:T+q56utgpPF8u/7c

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-3.dat	cobalt_reflective_dll
behavioral1/files/0x000f00000001932d-11.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001933b-10.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001939b-23.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b3-31.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193e8-40.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001949e-56.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193f7-51.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194cd-70.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194c4-61.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-199.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a9-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-77.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/588-0-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-3.dat	xmrig
behavioral1/memory/588-6-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/files/0x000f00000001932d-11.dat	xmrig
behavioral1/memory/2944-15-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2704-13-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x000700000001933b-10.dat	xmrig
behavioral1/memory/2724-22-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x000800000001939b-23.dat	xmrig
behavioral1/memory/2828-29-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x00070000000193b3-31.dat	xmrig
behavioral1/memory/2436-37-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2704-39-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/588-35-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x00060000000193e8-40.dat	xmrig
behavioral1/memory/2952-46-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x000600000001949e-56.dat	xmrig
behavioral1/memory/2612-60-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2724-52-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x00060000000193f7-51.dat	xmrig
behavioral1/files/0x00070000000194cd-70.dat	xmrig
behavioral1/memory/2588-73-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/588-74-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/files/0x00080000000194c4-61.dat	xmrig
behavioral1/memory/2828-62-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2740-67-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x000500000001a307-81.dat	xmrig
behavioral1/memory/2200-87-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/1308-79-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2436-78-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2784-86-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41b-103.dat	xmrig
behavioral1/memory/2156-96-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x000500000001a359-95.dat	xmrig
behavioral1/files/0x000500000001a427-124.dat	xmrig
behavioral1/files/0x000500000001a4b1-168.dat	xmrig
behavioral1/files/0x000500000001a4b5-174.dat	xmrig
behavioral1/files/0x000500000001a4bb-193.dat	xmrig
behavioral1/memory/588-991-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/1628-902-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2156-715-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2200-545-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/1308-398-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4bd-199.dat	xmrig
behavioral1/files/0x000500000001a4b9-189.dat	xmrig
behavioral1/files/0x000500000001a4b7-183.dat	xmrig
behavioral1/files/0x000500000001a4b3-171.dat	xmrig
behavioral1/files/0x000500000001a4af-163.dat	xmrig
behavioral1/files/0x000500000001a49a-153.dat	xmrig
behavioral1/files/0x000500000001a4a9-158.dat	xmrig
behavioral1/files/0x000500000001a499-149.dat	xmrig
behavioral1/files/0x000500000001a48d-143.dat	xmrig
behavioral1/files/0x000500000001a48b-138.dat	xmrig
behavioral1/files/0x000500000001a46f-133.dat	xmrig
behavioral1/files/0x000500000001a42d-128.dat	xmrig
behavioral1/files/0x000500000001a41d-114.dat	xmrig
behavioral1/memory/588-111-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41e-118.dat	xmrig
behavioral1/memory/2588-110-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/1628-106-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2740-105-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/588-104-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/memory/588-82-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/files/0x000500000001a09e-77.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2704	jWzBouK.exe
2944	NzwdXxI.exe
2724	JuTNhkt.exe
2828	MEuaxTU.exe
2436	RDYaATw.exe
2952	fTAcaQB.exe
2784	kqtVWeg.exe
2612	gCwkAEx.exe
2740	YsYPtFI.exe
2588	qOsWcMl.exe
1308	jCSPoTe.exe
2200	YpjYkQl.exe
2156	cwluLUL.exe
1628	MrukCGf.exe
1632	TXuOmVA.exe
2988	Vrsywgc.exe
2688	ZFJJXTk.exe
2888	eObexHz.exe
2976	CiOMltw.exe
2116	awHRbUn.exe
1056	CyUayVZ.exe
820	mmlwSlp.exe
1132	FiftiBv.exe
1036	CFaxtjV.exe
2124	jBfnhRS.exe
2252	QkvnvCE.exe
2136	pjNQzCy.exe
2216	WWGmsMH.exe
2220	sfTRGJv.exe
1384	dVTaQzV.exe
652	KzcxTtB.exe
1168	YePTBgQ.exe
1792	ZBwKfpW.exe
552	uqxETHz.exe
1048	ywboQyp.exe
944	OxEcdxB.exe
1796	QfabJWm.exe
1676	yNFRNGS.exe
1536	tXPdRRu.exe
1964	VDVwvys.exe
1880	XutFkvg.exe
1488	MQKaUIw.exe
2280	SMGIJac.exe
1924	mNLaofK.exe
1476	YSOZFcZ.exe
3068	vhfOlmc.exe
1884	DejkfHZ.exe
1352	MHJVHUO.exe
2208	NMQIvco.exe
3060	LoDpAGA.exe
352	hzalAWR.exe
2072	KigCEyF.exe
2024	mJEqBqZ.exe
1572	yOeOfmL.exe
2224	TZyPwmq.exe
1496	ELAYmKd.exe
1712	SoRbXWU.exe
2768	kdelmoG.exe
2448	jUAFrlQ.exe
2832	vZtwLVs.exe
2844	DjLRMSe.exe
2180	tifpjEu.exe
2660	TyLoJlV.exe
2084	GjfhLqK.exe

Loads dropped DLL 64 IoCs

pid	Process
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/588-0-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-3.dat	upx
behavioral1/files/0x000f00000001932d-11.dat	upx
behavioral1/memory/2944-15-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2704-13-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x000700000001933b-10.dat	upx
behavioral1/memory/2724-22-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x000800000001939b-23.dat	upx
behavioral1/memory/2828-29-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x00070000000193b3-31.dat	upx
behavioral1/memory/2436-37-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2704-39-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/588-35-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x00060000000193e8-40.dat	upx
behavioral1/memory/2952-46-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x000600000001949e-56.dat	upx
behavioral1/memory/2612-60-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2724-52-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x00060000000193f7-51.dat	upx
behavioral1/files/0x00070000000194cd-70.dat	upx
behavioral1/memory/2588-73-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x00080000000194c4-61.dat	upx
behavioral1/memory/2828-62-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2740-67-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x000500000001a307-81.dat	upx
behavioral1/memory/2200-87-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/1308-79-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2436-78-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2784-86-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x000500000001a41b-103.dat	upx
behavioral1/memory/2156-96-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x000500000001a359-95.dat	upx
behavioral1/files/0x000500000001a427-124.dat	upx
behavioral1/files/0x000500000001a4b1-168.dat	upx
behavioral1/files/0x000500000001a4b5-174.dat	upx
behavioral1/files/0x000500000001a4bb-193.dat	upx
behavioral1/memory/1628-902-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2156-715-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2200-545-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/1308-398-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x000500000001a4bd-199.dat	upx
behavioral1/files/0x000500000001a4b9-189.dat	upx
behavioral1/files/0x000500000001a4b7-183.dat	upx
behavioral1/files/0x000500000001a4b3-171.dat	upx
behavioral1/files/0x000500000001a4af-163.dat	upx
behavioral1/files/0x000500000001a49a-153.dat	upx
behavioral1/files/0x000500000001a4a9-158.dat	upx
behavioral1/files/0x000500000001a499-149.dat	upx
behavioral1/files/0x000500000001a48d-143.dat	upx
behavioral1/files/0x000500000001a48b-138.dat	upx
behavioral1/files/0x000500000001a46f-133.dat	upx
behavioral1/files/0x000500000001a42d-128.dat	upx
behavioral1/files/0x000500000001a41d-114.dat	upx
behavioral1/files/0x000500000001a41e-118.dat	upx
behavioral1/memory/2588-110-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/1628-106-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2740-105-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x000500000001a09e-77.dat	upx
behavioral1/memory/2944-3418-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2704-3419-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2724-3427-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2828-3486-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2436-3634-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2952-3676-0x000000013FD10000-0x0000000140064000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nXJTTiT.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZDqihE.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VhLFDwk.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iQLbBas.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sALnjxH.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ncwClyg.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TAJcGBf.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HhJgcEr.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dMNBMQo.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\drSrZav.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\naYtYhC.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cvJtdSC.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WLLAEZV.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxuiIeN.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wDIcoHc.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uPjzdtr.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jutKdZc.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DYmixJB.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NCLZdPx.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FxMQoii.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XaPISoG.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xmvkNaK.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNdkbmd.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OADGBBk.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKjGGBV.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KhmOfAh.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oeyOHzI.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSTMPUz.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PEotMIB.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hiSHGvS.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vEhoJbF.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yyFAWyI.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGSamfl.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCZluUc.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yzSHmQw.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nngNVZX.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cTHytyj.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ycKgTGC.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mKCPJgF.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CHrtXya.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uTaXUPe.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CQLxRQa.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJQYDlc.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DyhbRDo.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LFQnwLI.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oHEeoNc.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gqXAuUS.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tRdWJNm.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jvLAtnn.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OkHrMLe.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NSlZlmT.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AWrIBlx.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Rzfygks.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uOKxdUt.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MygsZrz.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\quabHYs.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvquWPL.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qhKlbXw.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TsUTiLF.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XMYGUCR.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QcIHLmg.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KrlsFsg.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnXiWSI.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JwdTXIy.exe	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 588 wrote to memory of 2704	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 588 wrote to memory of 2704	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 588 wrote to memory of 2704	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 588 wrote to memory of 2944	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 588 wrote to memory of 2944	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 588 wrote to memory of 2944	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 588 wrote to memory of 2724	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 588 wrote to memory of 2724	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 588 wrote to memory of 2724	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 588 wrote to memory of 2828	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 588 wrote to memory of 2828	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 588 wrote to memory of 2828	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 588 wrote to memory of 2436	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 588 wrote to memory of 2436	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 588 wrote to memory of 2436	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 588 wrote to memory of 2952	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 588 wrote to memory of 2952	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 588 wrote to memory of 2952	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 588 wrote to memory of 2784	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 588 wrote to memory of 2784	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 588 wrote to memory of 2784	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 588 wrote to memory of 2612	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 588 wrote to memory of 2612	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 588 wrote to memory of 2612	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 588 wrote to memory of 2740	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 588 wrote to memory of 2740	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 588 wrote to memory of 2740	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 588 wrote to memory of 2588	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 588 wrote to memory of 2588	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 588 wrote to memory of 2588	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 588 wrote to memory of 1308	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 588 wrote to memory of 1308	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 588 wrote to memory of 1308	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 588 wrote to memory of 2200	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 588 wrote to memory of 2200	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 588 wrote to memory of 2200	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 588 wrote to memory of 2156	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 588 wrote to memory of 2156	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 588 wrote to memory of 2156	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 588 wrote to memory of 1628	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 588 wrote to memory of 1628	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 588 wrote to memory of 1628	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 588 wrote to memory of 1632	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 588 wrote to memory of 1632	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 588 wrote to memory of 1632	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 588 wrote to memory of 2988	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 588 wrote to memory of 2988	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 588 wrote to memory of 2988	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 588 wrote to memory of 2688	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 588 wrote to memory of 2688	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 588 wrote to memory of 2688	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 588 wrote to memory of 2888	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 588 wrote to memory of 2888	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 588 wrote to memory of 2888	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 588 wrote to memory of 2976	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 588 wrote to memory of 2976	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 588 wrote to memory of 2976	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 588 wrote to memory of 2116	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 588 wrote to memory of 2116	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 588 wrote to memory of 2116	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 588 wrote to memory of 1056	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 588 wrote to memory of 1056	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 588 wrote to memory of 1056	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 588 wrote to memory of 820	588	2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_2a38e6227003ed8d5bf7e9e44601bd23_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:588
- C:\Windows\System\jWzBouK.exe
  C:\Windows\System\jWzBouK.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\NzwdXxI.exe
  C:\Windows\System\NzwdXxI.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\JuTNhkt.exe
  C:\Windows\System\JuTNhkt.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\MEuaxTU.exe
  C:\Windows\System\MEuaxTU.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\RDYaATw.exe
  C:\Windows\System\RDYaATw.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\fTAcaQB.exe
  C:\Windows\System\fTAcaQB.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\kqtVWeg.exe
  C:\Windows\System\kqtVWeg.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\gCwkAEx.exe
  C:\Windows\System\gCwkAEx.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\YsYPtFI.exe
  C:\Windows\System\YsYPtFI.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\qOsWcMl.exe
  C:\Windows\System\qOsWcMl.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\jCSPoTe.exe
  C:\Windows\System\jCSPoTe.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\YpjYkQl.exe
  C:\Windows\System\YpjYkQl.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\cwluLUL.exe
  C:\Windows\System\cwluLUL.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\MrukCGf.exe
  C:\Windows\System\MrukCGf.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\TXuOmVA.exe
  C:\Windows\System\TXuOmVA.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\Vrsywgc.exe
  C:\Windows\System\Vrsywgc.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\ZFJJXTk.exe
  C:\Windows\System\ZFJJXTk.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\eObexHz.exe
  C:\Windows\System\eObexHz.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\CiOMltw.exe
  C:\Windows\System\CiOMltw.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\awHRbUn.exe
  C:\Windows\System\awHRbUn.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\CyUayVZ.exe
  C:\Windows\System\CyUayVZ.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\mmlwSlp.exe
  C:\Windows\System\mmlwSlp.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\FiftiBv.exe
  C:\Windows\System\FiftiBv.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\CFaxtjV.exe
  C:\Windows\System\CFaxtjV.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\jBfnhRS.exe
  C:\Windows\System\jBfnhRS.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\QkvnvCE.exe
  C:\Windows\System\QkvnvCE.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\WWGmsMH.exe
  C:\Windows\System\WWGmsMH.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\pjNQzCy.exe
  C:\Windows\System\pjNQzCy.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\sfTRGJv.exe
  C:\Windows\System\sfTRGJv.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\dVTaQzV.exe
  C:\Windows\System\dVTaQzV.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\KzcxTtB.exe
  C:\Windows\System\KzcxTtB.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\YePTBgQ.exe
  C:\Windows\System\YePTBgQ.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\ZBwKfpW.exe
  C:\Windows\System\ZBwKfpW.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\uqxETHz.exe
  C:\Windows\System\uqxETHz.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\ywboQyp.exe
  C:\Windows\System\ywboQyp.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\OxEcdxB.exe
  C:\Windows\System\OxEcdxB.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\QfabJWm.exe
  C:\Windows\System\QfabJWm.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\yNFRNGS.exe
  C:\Windows\System\yNFRNGS.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\tXPdRRu.exe
  C:\Windows\System\tXPdRRu.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\VDVwvys.exe
  C:\Windows\System\VDVwvys.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\XutFkvg.exe
  C:\Windows\System\XutFkvg.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\MQKaUIw.exe
  C:\Windows\System\MQKaUIw.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\SMGIJac.exe
  C:\Windows\System\SMGIJac.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\mNLaofK.exe
  C:\Windows\System\mNLaofK.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\YSOZFcZ.exe
  C:\Windows\System\YSOZFcZ.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\vhfOlmc.exe
  C:\Windows\System\vhfOlmc.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\DejkfHZ.exe
  C:\Windows\System\DejkfHZ.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\MHJVHUO.exe
  C:\Windows\System\MHJVHUO.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\NMQIvco.exe
  C:\Windows\System\NMQIvco.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\LoDpAGA.exe
  C:\Windows\System\LoDpAGA.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\hzalAWR.exe
  C:\Windows\System\hzalAWR.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\KigCEyF.exe
  C:\Windows\System\KigCEyF.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\yOeOfmL.exe
  C:\Windows\System\yOeOfmL.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\mJEqBqZ.exe
  C:\Windows\System\mJEqBqZ.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\ELAYmKd.exe
  C:\Windows\System\ELAYmKd.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\TZyPwmq.exe
  C:\Windows\System\TZyPwmq.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\SoRbXWU.exe
  C:\Windows\System\SoRbXWU.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\kdelmoG.exe
  C:\Windows\System\kdelmoG.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\jUAFrlQ.exe
  C:\Windows\System\jUAFrlQ.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\vZtwLVs.exe
  C:\Windows\System\vZtwLVs.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\DjLRMSe.exe
  C:\Windows\System\DjLRMSe.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\tifpjEu.exe
  C:\Windows\System\tifpjEu.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\TyLoJlV.exe
  C:\Windows\System\TyLoJlV.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\GjfhLqK.exe
  C:\Windows\System\GjfhLqK.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\fOfXExa.exe
  C:\Windows\System\fOfXExa.exe
  2⤵
  PID:2376
- C:\Windows\System\aXeaave.exe
  C:\Windows\System\aXeaave.exe
  2⤵
  PID:2532
- C:\Windows\System\VIvuOkr.exe
  C:\Windows\System\VIvuOkr.exe
  2⤵
  PID:2680
- C:\Windows\System\HvzCaRi.exe
  C:\Windows\System\HvzCaRi.exe
  2⤵
  PID:2708
- C:\Windows\System\hAkzqHg.exe
  C:\Windows\System\hAkzqHg.exe
  2⤵
  PID:2880
- C:\Windows\System\IOIhdfD.exe
  C:\Windows\System\IOIhdfD.exe
  2⤵
  PID:1360
- C:\Windows\System\MvqTtaD.exe
  C:\Windows\System\MvqTtaD.exe
  2⤵
  PID:3048
- C:\Windows\System\SqgGNVo.exe
  C:\Windows\System\SqgGNVo.exe
  2⤵
  PID:408
- C:\Windows\System\DbdDWIq.exe
  C:\Windows\System\DbdDWIq.exe
  2⤵
  PID:2264
- C:\Windows\System\kyAnLQX.exe
  C:\Windows\System\kyAnLQX.exe
  2⤵
  PID:2340
- C:\Windows\System\ptsXZkD.exe
  C:\Windows\System\ptsXZkD.exe
  2⤵
  PID:772
- C:\Windows\System\vTgvSUd.exe
  C:\Windows\System\vTgvSUd.exe
  2⤵
  PID:2756
- C:\Windows\System\AzKpkEV.exe
  C:\Windows\System\AzKpkEV.exe
  2⤵
  PID:1856
- C:\Windows\System\KTWtaRO.exe
  C:\Windows\System\KTWtaRO.exe
  2⤵
  PID:2004
- C:\Windows\System\HsvPFwQ.exe
  C:\Windows\System\HsvPFwQ.exe
  2⤵
  PID:824
- C:\Windows\System\pLzsvoA.exe
  C:\Windows\System\pLzsvoA.exe
  2⤵
  PID:1932
- C:\Windows\System\mkvoiWt.exe
  C:\Windows\System\mkvoiWt.exe
  2⤵
  PID:940
- C:\Windows\System\NtZPBxd.exe
  C:\Windows\System\NtZPBxd.exe
  2⤵
  PID:1952
- C:\Windows\System\PNtANED.exe
  C:\Windows\System\PNtANED.exe
  2⤵
  PID:1692
- C:\Windows\System\DYIsRYo.exe
  C:\Windows\System\DYIsRYo.exe
  2⤵
  PID:584
- C:\Windows\System\EilPxYk.exe
  C:\Windows\System\EilPxYk.exe
  2⤵
  PID:1620
- C:\Windows\System\zEnWQkP.exe
  C:\Windows\System\zEnWQkP.exe
  2⤵
  PID:916
- C:\Windows\System\jHIcZKY.exe
  C:\Windows\System\jHIcZKY.exe
  2⤵
  PID:1928
- C:\Windows\System\TADAPUc.exe
  C:\Windows\System\TADAPUc.exe
  2⤵
  PID:2484
- C:\Windows\System\DIgJZlK.exe
  C:\Windows\System\DIgJZlK.exe
  2⤵
  PID:1592
- C:\Windows\System\ZBtOUca.exe
  C:\Windows\System\ZBtOUca.exe
  2⤵
  PID:992
- C:\Windows\System\qWfojDd.exe
  C:\Windows\System\qWfojDd.exe
  2⤵
  PID:1636
- C:\Windows\System\eadItDQ.exe
  C:\Windows\System\eadItDQ.exe
  2⤵
  PID:2244
- C:\Windows\System\GhZIktJ.exe
  C:\Windows\System\GhZIktJ.exe
  2⤵
  PID:2816
- C:\Windows\System\EZvJPaH.exe
  C:\Windows\System\EZvJPaH.exe
  2⤵
  PID:1644
- C:\Windows\System\HfIKYAu.exe
  C:\Windows\System\HfIKYAu.exe
  2⤵
  PID:2664
- C:\Windows\System\OtnqRvW.exe
  C:\Windows\System\OtnqRvW.exe
  2⤵
  PID:2736
- C:\Windows\System\hpnYuBq.exe
  C:\Windows\System\hpnYuBq.exe
  2⤵
  PID:1624
- C:\Windows\System\TOXkWni.exe
  C:\Windows\System\TOXkWni.exe
  2⤵
  PID:592
- C:\Windows\System\Oqnpdxo.exe
  C:\Windows\System\Oqnpdxo.exe
  2⤵
  PID:1944
- C:\Windows\System\vfHQpcT.exe
  C:\Windows\System\vfHQpcT.exe
  2⤵
  PID:2172
- C:\Windows\System\KzBSaGV.exe
  C:\Windows\System\KzBSaGV.exe
  2⤵
  PID:2236
- C:\Windows\System\JoYtwTw.exe
  C:\Windows\System\JoYtwTw.exe
  2⤵
  PID:2212
- C:\Windows\System\CLyfWhj.exe
  C:\Windows\System\CLyfWhj.exe
  2⤵
  PID:2148
- C:\Windows\System\HMNSlug.exe
  C:\Windows\System\HMNSlug.exe
  2⤵
  PID:264
- C:\Windows\System\vTHmqOx.exe
  C:\Windows\System\vTHmqOx.exe
  2⤵
  PID:2440
- C:\Windows\System\DHINyVl.exe
  C:\Windows\System\DHINyVl.exe
  2⤵
  PID:2300
- C:\Windows\System\wbiFEsU.exe
  C:\Windows\System\wbiFEsU.exe
  2⤵
  PID:1552
- C:\Windows\System\fKxOsuQ.exe
  C:\Windows\System\fKxOsuQ.exe
  2⤵
  PID:2000
- C:\Windows\System\HmbUDKU.exe
  C:\Windows\System\HmbUDKU.exe
  2⤵
  PID:2120
- C:\Windows\System\iMYByAe.exe
  C:\Windows\System\iMYByAe.exe
  2⤵
  PID:2696
- C:\Windows\System\yrTvtTE.exe
  C:\Windows\System\yrTvtTE.exe
  2⤵
  PID:1752
- C:\Windows\System\SKHtJIO.exe
  C:\Windows\System\SKHtJIO.exe
  2⤵
  PID:1492
- C:\Windows\System\QciKpgx.exe
  C:\Windows\System\QciKpgx.exe
  2⤵
  PID:1652
- C:\Windows\System\TEqDkOH.exe
  C:\Windows\System\TEqDkOH.exe
  2⤵
  PID:2760
- C:\Windows\System\ePWFoXO.exe
  C:\Windows\System\ePWFoXO.exe
  2⤵
  PID:3036
- C:\Windows\System\RecMCbm.exe
  C:\Windows\System\RecMCbm.exe
  2⤵
  PID:2248
- C:\Windows\System\WZkpsGl.exe
  C:\Windows\System\WZkpsGl.exe
  2⤵
  PID:2360
- C:\Windows\System\BLevvrw.exe
  C:\Windows\System\BLevvrw.exe
  2⤵
  PID:2900
- C:\Windows\System\uCiMWuM.exe
  C:\Windows\System\uCiMWuM.exe
  2⤵
  PID:348
- C:\Windows\System\wefefOx.exe
  C:\Windows\System\wefefOx.exe
  2⤵
  PID:2640
- C:\Windows\System\SJjVtBb.exe
  C:\Windows\System\SJjVtBb.exe
  2⤵
  PID:984
- C:\Windows\System\zJGypun.exe
  C:\Windows\System\zJGypun.exe
  2⤵
  PID:2316
- C:\Windows\System\Brqggol.exe
  C:\Windows\System\Brqggol.exe
  2⤵
  PID:2308
- C:\Windows\System\NtXFyFk.exe
  C:\Windows\System\NtXFyFk.exe
  2⤵
  PID:1392
- C:\Windows\System\tjWVqkF.exe
  C:\Windows\System\tjWVqkF.exe
  2⤵
  PID:920
- C:\Windows\System\VMbAQSa.exe
  C:\Windows\System\VMbAQSa.exe
  2⤵
  PID:1596
- C:\Windows\System\WDNwyte.exe
  C:\Windows\System\WDNwyte.exe
  2⤵
  PID:2916
- C:\Windows\System\OVBSJto.exe
  C:\Windows\System\OVBSJto.exe
  2⤵
  PID:2712
- C:\Windows\System\BPFsHPu.exe
  C:\Windows\System\BPFsHPu.exe
  2⤵
  PID:1288
- C:\Windows\System\tBnmSSe.exe
  C:\Windows\System\tBnmSSe.exe
  2⤵
  PID:1304
- C:\Windows\System\hwYLsmY.exe
  C:\Windows\System\hwYLsmY.exe
  2⤵
  PID:2652
- C:\Windows\System\iahxrlk.exe
  C:\Windows\System\iahxrlk.exe
  2⤵
  PID:3088
- C:\Windows\System\tMdAFUz.exe
  C:\Windows\System\tMdAFUz.exe
  2⤵
  PID:3108
- C:\Windows\System\mNqYItZ.exe
  C:\Windows\System\mNqYItZ.exe
  2⤵
  PID:3132
- C:\Windows\System\ycCOYRD.exe
  C:\Windows\System\ycCOYRD.exe
  2⤵
  PID:3152
- C:\Windows\System\ngMIbfx.exe
  C:\Windows\System\ngMIbfx.exe
  2⤵
  PID:3172
- C:\Windows\System\nCkZmys.exe
  C:\Windows\System\nCkZmys.exe
  2⤵
  PID:3192
- C:\Windows\System\ddYMfaS.exe
  C:\Windows\System\ddYMfaS.exe
  2⤵
  PID:3212
- C:\Windows\System\lLnfeyy.exe
  C:\Windows\System\lLnfeyy.exe
  2⤵
  PID:3232
- C:\Windows\System\oeOErzh.exe
  C:\Windows\System\oeOErzh.exe
  2⤵
  PID:3252
- C:\Windows\System\IwovyQC.exe
  C:\Windows\System\IwovyQC.exe
  2⤵
  PID:3272
- C:\Windows\System\xrYUYyq.exe
  C:\Windows\System\xrYUYyq.exe
  2⤵
  PID:3292
- C:\Windows\System\FOGRiSz.exe
  C:\Windows\System\FOGRiSz.exe
  2⤵
  PID:3312
- C:\Windows\System\tJDPgRz.exe
  C:\Windows\System\tJDPgRz.exe
  2⤵
  PID:3332
- C:\Windows\System\cYENUPi.exe
  C:\Windows\System\cYENUPi.exe
  2⤵
  PID:3352
- C:\Windows\System\ozAAqAR.exe
  C:\Windows\System\ozAAqAR.exe
  2⤵
  PID:3372
- C:\Windows\System\wSRguDB.exe
  C:\Windows\System\wSRguDB.exe
  2⤵
  PID:3396
- C:\Windows\System\JEXZfyx.exe
  C:\Windows\System\JEXZfyx.exe
  2⤵
  PID:3416
- C:\Windows\System\yIdbgEV.exe
  C:\Windows\System\yIdbgEV.exe
  2⤵
  PID:3436
- C:\Windows\System\JKIxNqX.exe
  C:\Windows\System\JKIxNqX.exe
  2⤵
  PID:3456
- C:\Windows\System\ywTpTGZ.exe
  C:\Windows\System\ywTpTGZ.exe
  2⤵
  PID:3476
- C:\Windows\System\OOUXDWd.exe
  C:\Windows\System\OOUXDWd.exe
  2⤵
  PID:3496
- C:\Windows\System\UPyAhvG.exe
  C:\Windows\System\UPyAhvG.exe
  2⤵
  PID:3516
- C:\Windows\System\ysjZWmq.exe
  C:\Windows\System\ysjZWmq.exe
  2⤵
  PID:3536
- C:\Windows\System\aYPymKA.exe
  C:\Windows\System\aYPymKA.exe
  2⤵
  PID:3556
- C:\Windows\System\sNzXaCW.exe
  C:\Windows\System\sNzXaCW.exe
  2⤵
  PID:3576
- C:\Windows\System\kWcbHVt.exe
  C:\Windows\System\kWcbHVt.exe
  2⤵
  PID:3596
- C:\Windows\System\YxRmOAY.exe
  C:\Windows\System\YxRmOAY.exe
  2⤵
  PID:3620
- C:\Windows\System\odVxlJG.exe
  C:\Windows\System\odVxlJG.exe
  2⤵
  PID:3640
- C:\Windows\System\jWCQJan.exe
  C:\Windows\System\jWCQJan.exe
  2⤵
  PID:3660
- C:\Windows\System\lqcDBjq.exe
  C:\Windows\System\lqcDBjq.exe
  2⤵
  PID:3680
- C:\Windows\System\CZAoCEA.exe
  C:\Windows\System\CZAoCEA.exe
  2⤵
  PID:3700
- C:\Windows\System\BEMVvVq.exe
  C:\Windows\System\BEMVvVq.exe
  2⤵
  PID:3720
- C:\Windows\System\ZLENJyB.exe
  C:\Windows\System\ZLENJyB.exe
  2⤵
  PID:3740
- C:\Windows\System\TDUMUrT.exe
  C:\Windows\System\TDUMUrT.exe
  2⤵
  PID:3760
- C:\Windows\System\SXqHiuK.exe
  C:\Windows\System\SXqHiuK.exe
  2⤵
  PID:3780
- C:\Windows\System\YPXEmvN.exe
  C:\Windows\System\YPXEmvN.exe
  2⤵
  PID:3800
- C:\Windows\System\LgJTQCb.exe
  C:\Windows\System\LgJTQCb.exe
  2⤵
  PID:3816
- C:\Windows\System\XQfYgjR.exe
  C:\Windows\System\XQfYgjR.exe
  2⤵
  PID:3840
- C:\Windows\System\GdWEJiX.exe
  C:\Windows\System\GdWEJiX.exe
  2⤵
  PID:3856
- C:\Windows\System\uhynoiy.exe
  C:\Windows\System\uhynoiy.exe
  2⤵
  PID:3880
- C:\Windows\System\APtoGMe.exe
  C:\Windows\System\APtoGMe.exe
  2⤵
  PID:3900
- C:\Windows\System\uoAidQu.exe
  C:\Windows\System\uoAidQu.exe
  2⤵
  PID:3924
- C:\Windows\System\VqvQKET.exe
  C:\Windows\System\VqvQKET.exe
  2⤵
  PID:3944
- C:\Windows\System\uNUkrCE.exe
  C:\Windows\System\uNUkrCE.exe
  2⤵
  PID:3964
- C:\Windows\System\zQEdQJn.exe
  C:\Windows\System\zQEdQJn.exe
  2⤵
  PID:3984
- C:\Windows\System\pUdGWDW.exe
  C:\Windows\System\pUdGWDW.exe
  2⤵
  PID:4004
- C:\Windows\System\RrNnaPP.exe
  C:\Windows\System\RrNnaPP.exe
  2⤵
  PID:4024
- C:\Windows\System\CKhJuVJ.exe
  C:\Windows\System\CKhJuVJ.exe
  2⤵
  PID:4044
- C:\Windows\System\qvpjTGH.exe
  C:\Windows\System\qvpjTGH.exe
  2⤵
  PID:4064
- C:\Windows\System\MvzbOmZ.exe
  C:\Windows\System\MvzbOmZ.exe
  2⤵
  PID:4084
- C:\Windows\System\GFyRolL.exe
  C:\Windows\System\GFyRolL.exe
  2⤵
  PID:1908
- C:\Windows\System\qOqiOJf.exe
  C:\Windows\System\qOqiOJf.exe
  2⤵
  PID:2692
- C:\Windows\System\HJYYLKr.exe
  C:\Windows\System\HJYYLKr.exe
  2⤵
  PID:1864
- C:\Windows\System\IjKhGfR.exe
  C:\Windows\System\IjKhGfR.exe
  2⤵
  PID:2192
- C:\Windows\System\GESHCJW.exe
  C:\Windows\System\GESHCJW.exe
  2⤵
  PID:2500
- C:\Windows\System\jVdwCDI.exe
  C:\Windows\System\jVdwCDI.exe
  2⤵
  PID:2584
- C:\Windows\System\oneIQrs.exe
  C:\Windows\System\oneIQrs.exe
  2⤵
  PID:3084
- C:\Windows\System\fZsTCjG.exe
  C:\Windows\System\fZsTCjG.exe
  2⤵
  PID:3120
- C:\Windows\System\mXCdcop.exe
  C:\Windows\System\mXCdcop.exe
  2⤵
  PID:3144
- C:\Windows\System\agaepMK.exe
  C:\Windows\System\agaepMK.exe
  2⤵
  PID:3184
- C:\Windows\System\BZnKhpA.exe
  C:\Windows\System\BZnKhpA.exe
  2⤵
  PID:3228
- C:\Windows\System\swZehXy.exe
  C:\Windows\System\swZehXy.exe
  2⤵
  PID:3244
- C:\Windows\System\ARdpbpk.exe
  C:\Windows\System\ARdpbpk.exe
  2⤵
  PID:3300
- C:\Windows\System\UWAYHwe.exe
  C:\Windows\System\UWAYHwe.exe
  2⤵
  PID:3348
- C:\Windows\System\fiBhKcq.exe
  C:\Windows\System\fiBhKcq.exe
  2⤵
  PID:3116
- C:\Windows\System\TTGwCVw.exe
  C:\Windows\System\TTGwCVw.exe
  2⤵
  PID:3364
- C:\Windows\System\RoqNlxD.exe
  C:\Windows\System\RoqNlxD.exe
  2⤵
  PID:3424
- C:\Windows\System\tGwPtHu.exe
  C:\Windows\System\tGwPtHu.exe
  2⤵
  PID:3444
- C:\Windows\System\fVItzep.exe
  C:\Windows\System\fVItzep.exe
  2⤵
  PID:3484
- C:\Windows\System\EiFEVTX.exe
  C:\Windows\System\EiFEVTX.exe
  2⤵
  PID:3544
- C:\Windows\System\xOVVIzc.exe
  C:\Windows\System\xOVVIzc.exe
  2⤵
  PID:3548
- C:\Windows\System\IEJKVkk.exe
  C:\Windows\System\IEJKVkk.exe
  2⤵
  PID:3572
- C:\Windows\System\axYCfsZ.exe
  C:\Windows\System\axYCfsZ.exe
  2⤵
  PID:2848
- C:\Windows\System\KrlsFsg.exe
  C:\Windows\System\KrlsFsg.exe
  2⤵
  PID:3648
- C:\Windows\System\dksJKih.exe
  C:\Windows\System\dksJKih.exe
  2⤵
  PID:3688
- C:\Windows\System\sZzhzLf.exe
  C:\Windows\System\sZzhzLf.exe
  2⤵
  PID:3692
- C:\Windows\System\cefBRyb.exe
  C:\Windows\System\cefBRyb.exe
  2⤵
  PID:3728
- C:\Windows\System\bduQVHY.exe
  C:\Windows\System\bduQVHY.exe
  2⤵
  PID:3792
- C:\Windows\System\qvHwgTq.exe
  C:\Windows\System\qvHwgTq.exe
  2⤵
  PID:3836
- C:\Windows\System\vWIDogN.exe
  C:\Windows\System\vWIDogN.exe
  2⤵
  PID:3812
- C:\Windows\System\gBobPnH.exe
  C:\Windows\System\gBobPnH.exe
  2⤵
  PID:3908
- C:\Windows\System\mKCPJgF.exe
  C:\Windows\System\mKCPJgF.exe
  2⤵
  PID:3912
- C:\Windows\System\VJreqee.exe
  C:\Windows\System\VJreqee.exe
  2⤵
  PID:3940
- C:\Windows\System\abIvYIK.exe
  C:\Windows\System\abIvYIK.exe
  2⤵
  PID:3976
- C:\Windows\System\xXNBwlc.exe
  C:\Windows\System\xXNBwlc.exe
  2⤵
  PID:4012
- C:\Windows\System\qLbYAVD.exe
  C:\Windows\System\qLbYAVD.exe
  2⤵
  PID:4016
- C:\Windows\System\yJpgmtE.exe
  C:\Windows\System\yJpgmtE.exe
  2⤵
  PID:4080
- C:\Windows\System\luXDXBu.exe
  C:\Windows\System\luXDXBu.exe
  2⤵
  PID:1220
- C:\Windows\System\TcMThEA.exe
  C:\Windows\System\TcMThEA.exe
  2⤵
  PID:2564
- C:\Windows\System\RxSWoSH.exe
  C:\Windows\System\RxSWoSH.exe
  2⤵
  PID:2356
- C:\Windows\System\eaIjLVN.exe
  C:\Windows\System\eaIjLVN.exe
  2⤵
  PID:880
- C:\Windows\System\naYtYhC.exe
  C:\Windows\System\naYtYhC.exe
  2⤵
  PID:1260
- C:\Windows\System\gquynuC.exe
  C:\Windows\System\gquynuC.exe
  2⤵
  PID:3124
- C:\Windows\System\zIHwnpb.exe
  C:\Windows\System\zIHwnpb.exe
  2⤵
  PID:3208
- C:\Windows\System\FjyPThz.exe
  C:\Windows\System\FjyPThz.exe
  2⤵
  PID:3260
- C:\Windows\System\IAZSuil.exe
  C:\Windows\System\IAZSuil.exe
  2⤵
  PID:3288
- C:\Windows\System\grgkgOg.exe
  C:\Windows\System\grgkgOg.exe
  2⤵
  PID:3388
- C:\Windows\System\YhXSfZS.exe
  C:\Windows\System\YhXSfZS.exe
  2⤵
  PID:3472
- C:\Windows\System\EwRqPzN.exe
  C:\Windows\System\EwRqPzN.exe
  2⤵
  PID:3412
- C:\Windows\System\bHeNVwO.exe
  C:\Windows\System\bHeNVwO.exe
  2⤵
  PID:3468
- C:\Windows\System\fDlkwvv.exe
  C:\Windows\System\fDlkwvv.exe
  2⤵
  PID:3528
- C:\Windows\System\dqpEdPi.exe
  C:\Windows\System\dqpEdPi.exe
  2⤵
  PID:2892
- C:\Windows\System\UyYnsps.exe
  C:\Windows\System\UyYnsps.exe
  2⤵
  PID:3656
- C:\Windows\System\blzcpUL.exe
  C:\Windows\System\blzcpUL.exe
  2⤵
  PID:3768
- C:\Windows\System\nRLjwVo.exe
  C:\Windows\System\nRLjwVo.exe
  2⤵
  PID:3180
- C:\Windows\System\MRSDFjF.exe
  C:\Windows\System\MRSDFjF.exe
  2⤵
  PID:3832
- C:\Windows\System\aikWxAE.exe
  C:\Windows\System\aikWxAE.exe
  2⤵
  PID:3872
- C:\Windows\System\PIcbLQf.exe
  C:\Windows\System\PIcbLQf.exe
  2⤵
  PID:3972
- C:\Windows\System\jQahwWz.exe
  C:\Windows\System\jQahwWz.exe
  2⤵
  PID:3956
- C:\Windows\System\zVHXLsn.exe
  C:\Windows\System\zVHXLsn.exe
  2⤵
  PID:4032
- C:\Windows\System\aMkXZxe.exe
  C:\Windows\System\aMkXZxe.exe
  2⤵
  PID:1608
- C:\Windows\System\VopMlLS.exe
  C:\Windows\System\VopMlLS.exe
  2⤵
  PID:2060
- C:\Windows\System\rcOMjsE.exe
  C:\Windows\System\rcOMjsE.exe
  2⤵
  PID:3100
- C:\Windows\System\aEWxZPz.exe
  C:\Windows\System\aEWxZPz.exe
  2⤵
  PID:3040
- C:\Windows\System\cRjNgLS.exe
  C:\Windows\System\cRjNgLS.exe
  2⤵
  PID:3220
- C:\Windows\System\WjRZdre.exe
  C:\Windows\System\WjRZdre.exe
  2⤵
  PID:3304
- C:\Windows\System\RYiKNPY.exe
  C:\Windows\System\RYiKNPY.exe
  2⤵
  PID:3344
- C:\Windows\System\HFUaPws.exe
  C:\Windows\System\HFUaPws.exe
  2⤵
  PID:3464
- C:\Windows\System\DhDIIYQ.exe
  C:\Windows\System\DhDIIYQ.exe
  2⤵
  PID:3636
- C:\Windows\System\PWPPKDV.exe
  C:\Windows\System\PWPPKDV.exe
  2⤵
  PID:3796
- C:\Windows\System\fFAxKIU.exe
  C:\Windows\System\fFAxKIU.exe
  2⤵
  PID:3808
- C:\Windows\System\gNjWYKl.exe
  C:\Windows\System\gNjWYKl.exe
  2⤵
  PID:2964
- C:\Windows\System\cHPcDQB.exe
  C:\Windows\System\cHPcDQB.exe
  2⤵
  PID:2080
- C:\Windows\System\cGEJRJv.exe
  C:\Windows\System\cGEJRJv.exe
  2⤵
  PID:3920
- C:\Windows\System\rllhRpK.exe
  C:\Windows\System\rllhRpK.exe
  2⤵
  PID:4020
- C:\Windows\System\QOzeOhH.exe
  C:\Windows\System\QOzeOhH.exe
  2⤵
  PID:3992
- C:\Windows\System\DcEQwZo.exe
  C:\Windows\System\DcEQwZo.exe
  2⤵
  PID:4072
- C:\Windows\System\VwhQyWv.exe
  C:\Windows\System\VwhQyWv.exe
  2⤵
  PID:2836
- C:\Windows\System\MGcWJOF.exe
  C:\Windows\System\MGcWJOF.exe
  2⤵
  PID:3204
- C:\Windows\System\JozzPDS.exe
  C:\Windows\System\JozzPDS.exe
  2⤵
  PID:1196
- C:\Windows\System\CdxniYq.exe
  C:\Windows\System\CdxniYq.exe
  2⤵
  PID:3488
- C:\Windows\System\UFwOyEh.exe
  C:\Windows\System\UFwOyEh.exe
  2⤵
  PID:3532
- C:\Windows\System\qRoOwJG.exe
  C:\Windows\System\qRoOwJG.exe
  2⤵
  PID:3552
- C:\Windows\System\OSEEEaq.exe
  C:\Windows\System\OSEEEaq.exe
  2⤵
  PID:3788
- C:\Windows\System\xZdFmeo.exe
  C:\Windows\System\xZdFmeo.exe
  2⤵
  PID:3960
- C:\Windows\System\erMxRHL.exe
  C:\Windows\System\erMxRHL.exe
  2⤵
  PID:2920
- C:\Windows\System\FpHWGTV.exe
  C:\Windows\System\FpHWGTV.exe
  2⤵
  PID:2648
- C:\Windows\System\jKjGGBV.exe
  C:\Windows\System\jKjGGBV.exe
  2⤵
  PID:2068
- C:\Windows\System\XqbzDpp.exe
  C:\Windows\System\XqbzDpp.exe
  2⤵
  PID:2400
- C:\Windows\System\royCvxe.exe
  C:\Windows\System\royCvxe.exe
  2⤵
  PID:3324
- C:\Windows\System\COPuEfm.exe
  C:\Windows\System\COPuEfm.exe
  2⤵
  PID:4112
- C:\Windows\System\AWrIBlx.exe
  C:\Windows\System\AWrIBlx.exe
  2⤵
  PID:4132
- C:\Windows\System\eqGwPrG.exe
  C:\Windows\System\eqGwPrG.exe
  2⤵
  PID:4152
- C:\Windows\System\SZMrnAv.exe
  C:\Windows\System\SZMrnAv.exe
  2⤵
  PID:4172
- C:\Windows\System\gbbDOOM.exe
  C:\Windows\System\gbbDOOM.exe
  2⤵
  PID:4192
- C:\Windows\System\CynHrlK.exe
  C:\Windows\System\CynHrlK.exe
  2⤵
  PID:4212
- C:\Windows\System\BsEVRQp.exe
  C:\Windows\System\BsEVRQp.exe
  2⤵
  PID:4232
- C:\Windows\System\jyQjVpM.exe
  C:\Windows\System\jyQjVpM.exe
  2⤵
  PID:4252
- C:\Windows\System\XfuHCld.exe
  C:\Windows\System\XfuHCld.exe
  2⤵
  PID:4272
- C:\Windows\System\qsayzFE.exe
  C:\Windows\System\qsayzFE.exe
  2⤵
  PID:4292
- C:\Windows\System\VenGCdV.exe
  C:\Windows\System\VenGCdV.exe
  2⤵
  PID:4312
- C:\Windows\System\EqQEuxS.exe
  C:\Windows\System\EqQEuxS.exe
  2⤵
  PID:4332
- C:\Windows\System\coDUEQq.exe
  C:\Windows\System\coDUEQq.exe
  2⤵
  PID:4352
- C:\Windows\System\WXpAazg.exe
  C:\Windows\System\WXpAazg.exe
  2⤵
  PID:4372
- C:\Windows\System\AYaPQMf.exe
  C:\Windows\System\AYaPQMf.exe
  2⤵
  PID:4392
- C:\Windows\System\fJuvvkv.exe
  C:\Windows\System\fJuvvkv.exe
  2⤵
  PID:4412
- C:\Windows\System\wxiIWvg.exe
  C:\Windows\System\wxiIWvg.exe
  2⤵
  PID:4432
- C:\Windows\System\BnsjMVf.exe
  C:\Windows\System\BnsjMVf.exe
  2⤵
  PID:4452
- C:\Windows\System\CMhKqjY.exe
  C:\Windows\System\CMhKqjY.exe
  2⤵
  PID:4472
- C:\Windows\System\deSurSb.exe
  C:\Windows\System\deSurSb.exe
  2⤵
  PID:4492
- C:\Windows\System\YLaQDlq.exe
  C:\Windows\System\YLaQDlq.exe
  2⤵
  PID:4512
- C:\Windows\System\rVKPHbQ.exe
  C:\Windows\System\rVKPHbQ.exe
  2⤵
  PID:4532
- C:\Windows\System\PEyDzgP.exe
  C:\Windows\System\PEyDzgP.exe
  2⤵
  PID:4560
- C:\Windows\System\EUvtXcj.exe
  C:\Windows\System\EUvtXcj.exe
  2⤵
  PID:4580
- C:\Windows\System\yAFBWRW.exe
  C:\Windows\System\yAFBWRW.exe
  2⤵
  PID:4600
- C:\Windows\System\bhiFVVb.exe
  C:\Windows\System\bhiFVVb.exe
  2⤵
  PID:4620
- C:\Windows\System\tFLhdob.exe
  C:\Windows\System\tFLhdob.exe
  2⤵
  PID:4636
- C:\Windows\System\LzgxcMB.exe
  C:\Windows\System\LzgxcMB.exe
  2⤵
  PID:4660
- C:\Windows\System\CjHMNoC.exe
  C:\Windows\System\CjHMNoC.exe
  2⤵
  PID:4680
- C:\Windows\System\RpsUCrT.exe
  C:\Windows\System\RpsUCrT.exe
  2⤵
  PID:4700
- C:\Windows\System\UuMxgaO.exe
  C:\Windows\System\UuMxgaO.exe
  2⤵
  PID:4720
- C:\Windows\System\pEaTyEn.exe
  C:\Windows\System\pEaTyEn.exe
  2⤵
  PID:4740
- C:\Windows\System\rYstJod.exe
  C:\Windows\System\rYstJod.exe
  2⤵
  PID:4756
- C:\Windows\System\iLvqbTF.exe
  C:\Windows\System\iLvqbTF.exe
  2⤵
  PID:4780
- C:\Windows\System\zUXvMHr.exe
  C:\Windows\System\zUXvMHr.exe
  2⤵
  PID:4800
- C:\Windows\System\vwxbcCl.exe
  C:\Windows\System\vwxbcCl.exe
  2⤵
  PID:4820
- C:\Windows\System\CRArCda.exe
  C:\Windows\System\CRArCda.exe
  2⤵
  PID:4840
- C:\Windows\System\ovlqSAc.exe
  C:\Windows\System\ovlqSAc.exe
  2⤵
  PID:4860
- C:\Windows\System\cMDSvLC.exe
  C:\Windows\System\cMDSvLC.exe
  2⤵
  PID:4880
- C:\Windows\System\UwVCDHa.exe
  C:\Windows\System\UwVCDHa.exe
  2⤵
  PID:4900
- C:\Windows\System\DMfYwVq.exe
  C:\Windows\System\DMfYwVq.exe
  2⤵
  PID:4920
- C:\Windows\System\jYolPDr.exe
  C:\Windows\System\jYolPDr.exe
  2⤵
  PID:4940
- C:\Windows\System\UUvkogj.exe
  C:\Windows\System\UUvkogj.exe
  2⤵
  PID:4956
- C:\Windows\System\ftehaEU.exe
  C:\Windows\System\ftehaEU.exe
  2⤵
  PID:4980
- C:\Windows\System\QTETKEZ.exe
  C:\Windows\System\QTETKEZ.exe
  2⤵
  PID:5000
- C:\Windows\System\fheAydP.exe
  C:\Windows\System\fheAydP.exe
  2⤵
  PID:5024
- C:\Windows\System\TTqIRKU.exe
  C:\Windows\System\TTqIRKU.exe
  2⤵
  PID:5040
- C:\Windows\System\SFxuvhz.exe
  C:\Windows\System\SFxuvhz.exe
  2⤵
  PID:5060
- C:\Windows\System\xqvZWTq.exe
  C:\Windows\System\xqvZWTq.exe
  2⤵
  PID:5080
- C:\Windows\System\ClfzHLL.exe
  C:\Windows\System\ClfzHLL.exe
  2⤵
  PID:5100
- C:\Windows\System\EyqLvpH.exe
  C:\Windows\System\EyqLvpH.exe
  2⤵
  PID:3588
- C:\Windows\System\SQyAwyB.exe
  C:\Windows\System\SQyAwyB.exe
  2⤵
  PID:3848
- C:\Windows\System\nHZeuSb.exe
  C:\Windows\System\nHZeuSb.exe
  2⤵
  PID:3752
- C:\Windows\System\KsEbCVL.exe
  C:\Windows\System\KsEbCVL.exe
  2⤵
  PID:2632
- C:\Windows\System\vKpvKyM.exe
  C:\Windows\System\vKpvKyM.exe
  2⤵
  PID:2656
- C:\Windows\System\alKKKbF.exe
  C:\Windows\System\alKKKbF.exe
  2⤵
  PID:4120
- C:\Windows\System\lnYaChy.exe
  C:\Windows\System\lnYaChy.exe
  2⤵
  PID:4124
- C:\Windows\System\lXuHRIN.exe
  C:\Windows\System\lXuHRIN.exe
  2⤵
  PID:1896
- C:\Windows\System\jItVGJe.exe
  C:\Windows\System\jItVGJe.exe
  2⤵
  PID:4184
- C:\Windows\System\QZyzOit.exe
  C:\Windows\System\QZyzOit.exe
  2⤵
  PID:4244
- C:\Windows\System\GOwMMGi.exe
  C:\Windows\System\GOwMMGi.exe
  2⤵
  PID:4284
- C:\Windows\System\UzxvnLY.exe
  C:\Windows\System\UzxvnLY.exe
  2⤵
  PID:4328
- C:\Windows\System\VgDfvSQ.exe
  C:\Windows\System\VgDfvSQ.exe
  2⤵
  PID:4360
- C:\Windows\System\IgfSery.exe
  C:\Windows\System\IgfSery.exe
  2⤵
  PID:4400
- C:\Windows\System\zlTYQlL.exe
  C:\Windows\System\zlTYQlL.exe
  2⤵
  PID:4408
- C:\Windows\System\dIyVcGT.exe
  C:\Windows\System\dIyVcGT.exe
  2⤵
  PID:4424
- C:\Windows\System\CziMoIc.exe
  C:\Windows\System\CziMoIc.exe
  2⤵
  PID:4468
- C:\Windows\System\zbclMmL.exe
  C:\Windows\System\zbclMmL.exe
  2⤵
  PID:4508
- C:\Windows\System\ZtABNQq.exe
  C:\Windows\System\ZtABNQq.exe
  2⤵
  PID:4524
- C:\Windows\System\wwYSmDt.exe
  C:\Windows\System\wwYSmDt.exe
  2⤵
  PID:4544
- C:\Windows\System\ftnBMGd.exe
  C:\Windows\System\ftnBMGd.exe
  2⤵
  PID:4644
- C:\Windows\System\hViNwdl.exe
  C:\Windows\System\hViNwdl.exe
  2⤵
  PID:4648
- C:\Windows\System\QJooBFd.exe
  C:\Windows\System\QJooBFd.exe
  2⤵
  PID:4692
- C:\Windows\System\qlfaILp.exe
  C:\Windows\System\qlfaILp.exe
  2⤵
  PID:4736
- C:\Windows\System\fdyMAlP.exe
  C:\Windows\System\fdyMAlP.exe
  2⤵
  PID:4732
- C:\Windows\System\VMtIBKd.exe
  C:\Windows\System\VMtIBKd.exe
  2⤵
  PID:4768
- C:\Windows\System\pZbLXnM.exe
  C:\Windows\System\pZbLXnM.exe
  2⤵
  PID:4812
- C:\Windows\System\VzkCgRO.exe
  C:\Windows\System\VzkCgRO.exe
  2⤵
  PID:4856
- C:\Windows\System\svSgkyN.exe
  C:\Windows\System\svSgkyN.exe
  2⤵
  PID:4868
- C:\Windows\System\BwlnBNg.exe
  C:\Windows\System\BwlnBNg.exe
  2⤵
  PID:4892
- C:\Windows\System\CimBqon.exe
  C:\Windows\System\CimBqon.exe
  2⤵
  PID:4972
- C:\Windows\System\xGMPDfk.exe
  C:\Windows\System\xGMPDfk.exe
  2⤵
  PID:5016
- C:\Windows\System\zLntNOE.exe
  C:\Windows\System\zLntNOE.exe
  2⤵
  PID:5048
- C:\Windows\System\xrrNAsi.exe
  C:\Windows\System\xrrNAsi.exe
  2⤵
  PID:4988
- C:\Windows\System\SEdSEXF.exe
  C:\Windows\System\SEdSEXF.exe
  2⤵
  PID:5096
- C:\Windows\System\NIBZoqA.exe
  C:\Windows\System\NIBZoqA.exe
  2⤵
  PID:5076
- C:\Windows\System\LymejnJ.exe
  C:\Windows\System\LymejnJ.exe
  2⤵
  PID:5116
- C:\Windows\System\xmumJDx.exe
  C:\Windows\System\xmumJDx.exe
  2⤵
  PID:2716
- C:\Windows\System\wEexAvP.exe
  C:\Windows\System\wEexAvP.exe
  2⤵
  PID:2684
- C:\Windows\System\bYcxQzY.exe
  C:\Windows\System\bYcxQzY.exe
  2⤵
  PID:2928
- C:\Windows\System\IClDDXw.exe
  C:\Windows\System\IClDDXw.exe
  2⤵
  PID:3504
- C:\Windows\System\eREFfYq.exe
  C:\Windows\System\eREFfYq.exe
  2⤵
  PID:4208
- C:\Windows\System\jutKdZc.exe
  C:\Windows\System\jutKdZc.exe
  2⤵
  PID:4180
- C:\Windows\System\NfilcPr.exe
  C:\Windows\System\NfilcPr.exe
  2⤵
  PID:4260
- C:\Windows\System\PWCZaOs.exe
  C:\Windows\System\PWCZaOs.exe
  2⤵
  PID:4340
- C:\Windows\System\xIjlZDX.exe
  C:\Windows\System\xIjlZDX.exe
  2⤵
  PID:4428
- C:\Windows\System\xJmIrPM.exe
  C:\Windows\System\xJmIrPM.exe
  2⤵
  PID:4488
- C:\Windows\System\yBhidNz.exe
  C:\Windows\System\yBhidNz.exe
  2⤵
  PID:4548
- C:\Windows\System\CjWLZaK.exe
  C:\Windows\System\CjWLZaK.exe
  2⤵
  PID:4528
- C:\Windows\System\cvJtdSC.exe
  C:\Windows\System\cvJtdSC.exe
  2⤵
  PID:3392
- C:\Windows\System\JQAwwwc.exe
  C:\Windows\System\JQAwwwc.exe
  2⤵
  PID:4616
- C:\Windows\System\wFcLHaO.exe
  C:\Windows\System\wFcLHaO.exe
  2⤵
  PID:4688
- C:\Windows\System\MJaZNNR.exe
  C:\Windows\System\MJaZNNR.exe
  2⤵
  PID:4712
- C:\Windows\System\DaUYkeB.exe
  C:\Windows\System\DaUYkeB.exe
  2⤵
  PID:4796
- C:\Windows\System\ooMFTvm.exe
  C:\Windows\System\ooMFTvm.exe
  2⤵
  PID:4836
- C:\Windows\System\kjaRKVG.exe
  C:\Windows\System\kjaRKVG.exe
  2⤵
  PID:2908
- C:\Windows\System\zvYcsRR.exe
  C:\Windows\System\zvYcsRR.exe
  2⤵
  PID:4932
- C:\Windows\System\uDdQIxp.exe
  C:\Windows\System\uDdQIxp.exe
  2⤵
  PID:4916
- C:\Windows\System\CDSDiuB.exe
  C:\Windows\System\CDSDiuB.exe
  2⤵
  PID:5036
- C:\Windows\System\ibNuham.exe
  C:\Windows\System\ibNuham.exe
  2⤵
  PID:3732
- C:\Windows\System\LUrizIE.exe
  C:\Windows\System\LUrizIE.exe
  2⤵
  PID:2820
- C:\Windows\System\aQsIoIk.exe
  C:\Windows\System\aQsIoIk.exe
  2⤵
  PID:1992
- C:\Windows\System\JbxoVQJ.exe
  C:\Windows\System\JbxoVQJ.exe
  2⤵
  PID:2160
- C:\Windows\System\EwySeHQ.exe
  C:\Windows\System\EwySeHQ.exe
  2⤵
  PID:4320
- C:\Windows\System\kWoisiT.exe
  C:\Windows\System\kWoisiT.exe
  2⤵
  PID:4364
- C:\Windows\System\eajDWSW.exe
  C:\Windows\System\eajDWSW.exe
  2⤵
  PID:4440
- C:\Windows\System\HUwjnBC.exe
  C:\Windows\System\HUwjnBC.exe
  2⤵
  PID:2616
- C:\Windows\System\WulRagG.exe
  C:\Windows\System\WulRagG.exe
  2⤵
  PID:2328
- C:\Windows\System\SLwYZuH.exe
  C:\Windows\System\SLwYZuH.exe
  2⤵
  PID:4592
- C:\Windows\System\cNOoBQU.exe
  C:\Windows\System\cNOoBQU.exe
  2⤵
  PID:4608
- C:\Windows\System\SwRupuI.exe
  C:\Windows\System\SwRupuI.exe
  2⤵
  PID:1568
- C:\Windows\System\ZdRDSNk.exe
  C:\Windows\System\ZdRDSNk.exe
  2⤵
  PID:4816
- C:\Windows\System\BBmJudy.exe
  C:\Windows\System\BBmJudy.exe
  2⤵
  PID:1032
- C:\Windows\System\kGxmkTF.exe
  C:\Windows\System\kGxmkTF.exe
  2⤵
  PID:2204
- C:\Windows\System\TYTjOvS.exe
  C:\Windows\System\TYTjOvS.exe
  2⤵
  PID:4936
- C:\Windows\System\sejfeqB.exe
  C:\Windows\System\sejfeqB.exe
  2⤵
  PID:4948
- C:\Windows\System\pbSYKmI.exe
  C:\Windows\System\pbSYKmI.exe
  2⤵
  PID:4996
- C:\Windows\System\KsqCgHy.exe
  C:\Windows\System\KsqCgHy.exe
  2⤵
  PID:2424
- C:\Windows\System\PaDAMAe.exe
  C:\Windows\System\PaDAMAe.exe
  2⤵
  PID:5112
- C:\Windows\System\UyPxOmF.exe
  C:\Windows\System\UyPxOmF.exe
  2⤵
  PID:1016
- C:\Windows\System\uHtcppE.exe
  C:\Windows\System\uHtcppE.exe
  2⤵
  PID:4104
- C:\Windows\System\ALcEhwW.exe
  C:\Windows\System\ALcEhwW.exe
  2⤵
  PID:4224
- C:\Windows\System\HvoUCxX.exe
  C:\Windows\System\HvoUCxX.exe
  2⤵
  PID:3672
- C:\Windows\System\WhZFaBX.exe
  C:\Windows\System\WhZFaBX.exe
  2⤵
  PID:4572
- C:\Windows\System\eBwLiWU.exe
  C:\Windows\System\eBwLiWU.exe
  2⤵
  PID:4672
- C:\Windows\System\diFEXPv.exe
  C:\Windows\System\diFEXPv.exe
  2⤵
  PID:668
- C:\Windows\System\hthpdpO.exe
  C:\Windows\System\hthpdpO.exe
  2⤵
  PID:332
- C:\Windows\System\cLevYQO.exe
  C:\Windows\System\cLevYQO.exe
  2⤵
  PID:2008
- C:\Windows\System\wKdyXGw.exe
  C:\Windows\System\wKdyXGw.exe
  2⤵
  PID:236
- C:\Windows\System\VKFIdrV.exe
  C:\Windows\System\VKFIdrV.exe
  2⤵
  PID:4952
- C:\Windows\System\wTGEAJX.exe
  C:\Windows\System\wTGEAJX.exe
  2⤵
  PID:3168
- C:\Windows\System\jWvXooz.exe
  C:\Windows\System\jWvXooz.exe
  2⤵
  PID:1124
- C:\Windows\System\RGdnfjD.exe
  C:\Windows\System\RGdnfjD.exe
  2⤵
  PID:908
- C:\Windows\System\jfzItRR.exe
  C:\Windows\System\jfzItRR.exe
  2⤵
  PID:3032
- C:\Windows\System\UyTmbGY.exe
  C:\Windows\System\UyTmbGY.exe
  2⤵
  PID:2040
- C:\Windows\System\SVNBHpI.exe
  C:\Windows\System\SVNBHpI.exe
  2⤵
  PID:2568
- C:\Windows\System\LUVLSZl.exe
  C:\Windows\System\LUVLSZl.exe
  2⤵
  PID:1804
- C:\Windows\System\JPspjSU.exe
  C:\Windows\System\JPspjSU.exe
  2⤵
  PID:4676
- C:\Windows\System\MGHGQnb.exe
  C:\Windows\System\MGHGQnb.exe
  2⤵
  PID:4752
- C:\Windows\System\juYFuVu.exe
  C:\Windows\System\juYFuVu.exe
  2⤵
  PID:4460
- C:\Windows\System\sPsCNQg.exe
  C:\Windows\System\sPsCNQg.exe
  2⤵
  PID:2872
- C:\Windows\System\oFjkZzn.exe
  C:\Windows\System\oFjkZzn.exe
  2⤵
  PID:2468
- C:\Windows\System\tiKxbWG.exe
  C:\Windows\System\tiKxbWG.exe
  2⤵
  PID:3932
- C:\Windows\System\cANBmCF.exe
  C:\Windows\System\cANBmCF.exe
  2⤵
  PID:2996
- C:\Windows\System\wnccSTz.exe
  C:\Windows\System\wnccSTz.exe
  2⤵
  PID:2428
- C:\Windows\System\wEVhAEV.exe
  C:\Windows\System\wEVhAEV.exe
  2⤵
  PID:1544
- C:\Windows\System\xyWfUOH.exe
  C:\Windows\System\xyWfUOH.exe
  2⤵
  PID:4484
- C:\Windows\System\IoEukkR.exe
  C:\Windows\System\IoEukkR.exe
  2⤵
  PID:2332
- C:\Windows\System\XANcKqG.exe
  C:\Windows\System\XANcKqG.exe
  2⤵
  PID:2132
- C:\Windows\System\NZplesT.exe
  C:\Windows\System\NZplesT.exe
  2⤵
  PID:2536
- C:\Windows\System\zaBmDWq.exe
  C:\Windows\System\zaBmDWq.exe
  2⤵
  PID:2868
- C:\Windows\System\vMddnqc.exe
  C:\Windows\System\vMddnqc.exe
  2⤵
  PID:768
- C:\Windows\System\VkCqPZr.exe
  C:\Windows\System\VkCqPZr.exe
  2⤵
  PID:2380
- C:\Windows\System\QIZMrPB.exe
  C:\Windows\System\QIZMrPB.exe
  2⤵
  PID:5160
- C:\Windows\System\evnKFWV.exe
  C:\Windows\System\evnKFWV.exe
  2⤵
  PID:5176
- C:\Windows\System\TZYkOxT.exe
  C:\Windows\System\TZYkOxT.exe
  2⤵
  PID:5196
- C:\Windows\System\pumKCHl.exe
  C:\Windows\System\pumKCHl.exe
  2⤵
  PID:5212
- C:\Windows\System\rpVUBsV.exe
  C:\Windows\System\rpVUBsV.exe
  2⤵
  PID:5228
- C:\Windows\System\USKWseF.exe
  C:\Windows\System\USKWseF.exe
  2⤵
  PID:5248
- C:\Windows\System\WTqjYhZ.exe
  C:\Windows\System\WTqjYhZ.exe
  2⤵
  PID:5280
- C:\Windows\System\CUtDxOY.exe
  C:\Windows\System\CUtDxOY.exe
  2⤵
  PID:5296
- C:\Windows\System\QcbCLGY.exe
  C:\Windows\System\QcbCLGY.exe
  2⤵
  PID:5312
- C:\Windows\System\CaltRbW.exe
  C:\Windows\System\CaltRbW.exe
  2⤵
  PID:5328
- C:\Windows\System\YHUXyDA.exe
  C:\Windows\System\YHUXyDA.exe
  2⤵
  PID:5344
- C:\Windows\System\tNTyDDo.exe
  C:\Windows\System\tNTyDDo.exe
  2⤵
  PID:5360
- C:\Windows\System\HkokwtF.exe
  C:\Windows\System\HkokwtF.exe
  2⤵
  PID:5376
- C:\Windows\System\gKrupTF.exe
  C:\Windows\System\gKrupTF.exe
  2⤵
  PID:5392
- C:\Windows\System\nEunlJV.exe
  C:\Windows\System\nEunlJV.exe
  2⤵
  PID:5432
- C:\Windows\System\ExPsFPm.exe
  C:\Windows\System\ExPsFPm.exe
  2⤵
  PID:5448
- C:\Windows\System\ZHYGpGJ.exe
  C:\Windows\System\ZHYGpGJ.exe
  2⤵
  PID:5464
- C:\Windows\System\kClJPjR.exe
  C:\Windows\System\kClJPjR.exe
  2⤵
  PID:5480
- C:\Windows\System\Zvicqsb.exe
  C:\Windows\System\Zvicqsb.exe
  2⤵
  PID:5500
- C:\Windows\System\RqdnbJx.exe
  C:\Windows\System\RqdnbJx.exe
  2⤵
  PID:5516
- C:\Windows\System\DxgrbMo.exe
  C:\Windows\System\DxgrbMo.exe
  2⤵
  PID:5532
- C:\Windows\System\XAVidvU.exe
  C:\Windows\System\XAVidvU.exe
  2⤵
  PID:5548
- C:\Windows\System\bvjEWIz.exe
  C:\Windows\System\bvjEWIz.exe
  2⤵
  PID:5564
- C:\Windows\System\tsrIoJE.exe
  C:\Windows\System\tsrIoJE.exe
  2⤵
  PID:5592
- C:\Windows\System\kVQHzQz.exe
  C:\Windows\System\kVQHzQz.exe
  2⤵
  PID:5608
- C:\Windows\System\lWxcmKP.exe
  C:\Windows\System\lWxcmKP.exe
  2⤵
  PID:5624
- C:\Windows\System\iYBESxk.exe
  C:\Windows\System\iYBESxk.exe
  2⤵
  PID:5640
- C:\Windows\System\BjPDlpQ.exe
  C:\Windows\System\BjPDlpQ.exe
  2⤵
  PID:5656
- C:\Windows\System\xxvxFGa.exe
  C:\Windows\System\xxvxFGa.exe
  2⤵
  PID:5696
- C:\Windows\System\WCnBakf.exe
  C:\Windows\System\WCnBakf.exe
  2⤵
  PID:5712
- C:\Windows\System\YlmOMUC.exe
  C:\Windows\System\YlmOMUC.exe
  2⤵
  PID:5728
- C:\Windows\System\oWFWwbb.exe
  C:\Windows\System\oWFWwbb.exe
  2⤵
  PID:5784
- C:\Windows\System\gWQOInC.exe
  C:\Windows\System\gWQOInC.exe
  2⤵
  PID:5800
- C:\Windows\System\mXptvkl.exe
  C:\Windows\System\mXptvkl.exe
  2⤵
  PID:5816
- C:\Windows\System\fhfHPUu.exe
  C:\Windows\System\fhfHPUu.exe
  2⤵
  PID:5836
- C:\Windows\System\OrvenAU.exe
  C:\Windows\System\OrvenAU.exe
  2⤵
  PID:5852
- C:\Windows\System\JjnJRUk.exe
  C:\Windows\System\JjnJRUk.exe
  2⤵
  PID:5868
- C:\Windows\System\wxrqHPS.exe
  C:\Windows\System\wxrqHPS.exe
  2⤵
  PID:5884
- C:\Windows\System\GpHWcUj.exe
  C:\Windows\System\GpHWcUj.exe
  2⤵
  PID:5904
- C:\Windows\System\RvrLPUP.exe
  C:\Windows\System\RvrLPUP.exe
  2⤵
  PID:5928
- C:\Windows\System\VZqMnhr.exe
  C:\Windows\System\VZqMnhr.exe
  2⤵
  PID:5948
- C:\Windows\System\ctvWUJh.exe
  C:\Windows\System\ctvWUJh.exe
  2⤵
  PID:5964
- C:\Windows\System\NQaoxDt.exe
  C:\Windows\System\NQaoxDt.exe
  2⤵
  PID:5988
- C:\Windows\System\zCBgFyc.exe
  C:\Windows\System\zCBgFyc.exe
  2⤵
  PID:6004
- C:\Windows\System\SrjLNse.exe
  C:\Windows\System\SrjLNse.exe
  2⤵
  PID:6020
- C:\Windows\System\dgnCBFo.exe
  C:\Windows\System\dgnCBFo.exe
  2⤵
  PID:6036
- C:\Windows\System\spRYlxZ.exe
  C:\Windows\System\spRYlxZ.exe
  2⤵
  PID:6060
- C:\Windows\System\OtQZYNZ.exe
  C:\Windows\System\OtQZYNZ.exe
  2⤵
  PID:6080
- C:\Windows\System\cyJbvdY.exe
  C:\Windows\System\cyJbvdY.exe
  2⤵
  PID:6096
- C:\Windows\System\AZfXUyW.exe
  C:\Windows\System\AZfXUyW.exe
  2⤵
  PID:6112
- C:\Windows\System\UGEKWpm.exe
  C:\Windows\System\UGEKWpm.exe
  2⤵
  PID:6128
- C:\Windows\System\KyUkHtT.exe
  C:\Windows\System\KyUkHtT.exe
  2⤵
  PID:4656
- C:\Windows\System\QkyZpjQ.exe
  C:\Windows\System\QkyZpjQ.exe
  2⤵
  PID:4480
- C:\Windows\System\NzLVodb.exe
  C:\Windows\System\NzLVodb.exe
  2⤵
  PID:5172
- C:\Windows\System\edjUkRa.exe
  C:\Windows\System\edjUkRa.exe
  2⤵
  PID:5220
- C:\Windows\System\qprNrMU.exe
  C:\Windows\System\qprNrMU.exe
  2⤵
  PID:5208
- C:\Windows\System\xTeFqNG.exe
  C:\Windows\System\xTeFqNG.exe
  2⤵
  PID:5244
- C:\Windows\System\oScoutN.exe
  C:\Windows\System\oScoutN.exe
  2⤵
  PID:5304
- C:\Windows\System\yjGuYJm.exe
  C:\Windows\System\yjGuYJm.exe
  2⤵
  PID:5372
- C:\Windows\System\kZvjSnw.exe
  C:\Windows\System\kZvjSnw.exe
  2⤵
  PID:5428
- C:\Windows\System\nCdCXJL.exe
  C:\Windows\System\nCdCXJL.exe
  2⤵
  PID:5384
- C:\Windows\System\QpzpPCm.exe
  C:\Windows\System\QpzpPCm.exe
  2⤵
  PID:5460
- C:\Windows\System\prHckGu.exe
  C:\Windows\System\prHckGu.exe
  2⤵
  PID:5556
- C:\Windows\System\zUpxWdz.exe
  C:\Windows\System\zUpxWdz.exe
  2⤵
  PID:5632
- C:\Windows\System\YYldzsb.exe
  C:\Windows\System\YYldzsb.exe
  2⤵
  PID:5672
- C:\Windows\System\svDKlqz.exe
  C:\Windows\System\svDKlqz.exe
  2⤵
  PID:5684
- C:\Windows\System\WsbMCUq.exe
  C:\Windows\System\WsbMCUq.exe
  2⤵
  PID:5588
- C:\Windows\System\AkoAbDl.exe
  C:\Windows\System\AkoAbDl.exe
  2⤵
  PID:5652
- C:\Windows\System\cosSscx.exe
  C:\Windows\System\cosSscx.exe
  2⤵
  PID:5472
- C:\Windows\System\CynKCmN.exe
  C:\Windows\System\CynKCmN.exe
  2⤵
  PID:5772
- C:\Windows\System\hEAnlxY.exe
  C:\Windows\System\hEAnlxY.exe
  2⤵
  PID:5576
- C:\Windows\System\MvtuAIa.exe
  C:\Windows\System\MvtuAIa.exe
  2⤵
  PID:5792
- C:\Windows\System\NPObfRm.exe
  C:\Windows\System\NPObfRm.exe
  2⤵
  PID:5832
- C:\Windows\System\GzoATDm.exe
  C:\Windows\System\GzoATDm.exe
  2⤵
  PID:5940
- C:\Windows\System\ZSTMPUz.exe
  C:\Windows\System\ZSTMPUz.exe
  2⤵
  PID:5976
- C:\Windows\System\vvMrPic.exe
  C:\Windows\System\vvMrPic.exe
  2⤵
  PID:6016
- C:\Windows\System\JtHqcJS.exe
  C:\Windows\System\JtHqcJS.exe
  2⤵
  PID:6044
- C:\Windows\System\zgesKqg.exe
  C:\Windows\System\zgesKqg.exe
  2⤵
  PID:5848
- C:\Windows\System\shlZXeO.exe
  C:\Windows\System\shlZXeO.exe
  2⤵
  PID:6104
- C:\Windows\System\eLFZrSf.exe
  C:\Windows\System\eLFZrSf.exe
  2⤵
  PID:6120
- C:\Windows\System\UrZlezy.exe
  C:\Windows\System\UrZlezy.exe
  2⤵
  PID:5844
- C:\Windows\System\zNoZCzs.exe
  C:\Windows\System\zNoZCzs.exe
  2⤵
  PID:4992
- C:\Windows\System\vzEmxJD.exe
  C:\Windows\System\vzEmxJD.exe
  2⤵
  PID:5136
- C:\Windows\System\SAQcxXM.exe
  C:\Windows\System\SAQcxXM.exe
  2⤵
  PID:2140
- C:\Windows\System\DTloMHI.exe
  C:\Windows\System\DTloMHI.exe
  2⤵
  PID:5260
- C:\Windows\System\vqamSNK.exe
  C:\Windows\System\vqamSNK.exe
  2⤵
  PID:5336
- C:\Windows\System\teOrcWu.exe
  C:\Windows\System\teOrcWu.exe
  2⤵
  PID:5168
- C:\Windows\System\BWYvziU.exe
  C:\Windows\System\BWYvziU.exe
  2⤵
  PID:5324
- C:\Windows\System\nPLRbNv.exe
  C:\Windows\System\nPLRbNv.exe
  2⤵
  PID:5524
- C:\Windows\System\VcsrqhX.exe
  C:\Windows\System\VcsrqhX.exe
  2⤵
  PID:5540
- C:\Windows\System\EhrQORV.exe
  C:\Windows\System\EhrQORV.exe
  2⤵
  PID:5736
- C:\Windows\System\DXisKOA.exe
  C:\Windows\System\DXisKOA.exe
  2⤵
  PID:5424
- C:\Windows\System\eXfxNYm.exe
  C:\Windows\System\eXfxNYm.exe
  2⤵
  PID:5744
- C:\Windows\System\QUMduMm.exe
  C:\Windows\System\QUMduMm.exe
  2⤵
  PID:5600
- C:\Windows\System\pVAlUFY.exe
  C:\Windows\System\pVAlUFY.exe
  2⤵
  PID:5572
- C:\Windows\System\BbExbJn.exe
  C:\Windows\System\BbExbJn.exe
  2⤵
  PID:5828
- C:\Windows\System\vjxXsKN.exe
  C:\Windows\System\vjxXsKN.exe
  2⤵
  PID:5896
- C:\Windows\System\vTJELev.exe
  C:\Windows\System\vTJELev.exe
  2⤵
  PID:5980
- C:\Windows\System\HTwdVAw.exe
  C:\Windows\System\HTwdVAw.exe
  2⤵
  PID:5924
- C:\Windows\System\XZlQXeA.exe
  C:\Windows\System\XZlQXeA.exe
  2⤵
  PID:5984
- C:\Windows\System\vwPbukO.exe
  C:\Windows\System\vwPbukO.exe
  2⤵
  PID:6136
- C:\Windows\System\bzweFdL.exe
  C:\Windows\System\bzweFdL.exe
  2⤵
  PID:6000
- C:\Windows\System\eombznw.exe
  C:\Windows\System\eombznw.exe
  2⤵
  PID:5148
- C:\Windows\System\MuesIqH.exe
  C:\Windows\System\MuesIqH.exe
  2⤵
  PID:5276
- C:\Windows\System\ssffdsM.exe
  C:\Windows\System\ssffdsM.exe
  2⤵
  PID:5124
- C:\Windows\System\FYuGoQA.exe
  C:\Windows\System\FYuGoQA.exe
  2⤵
  PID:5708
- C:\Windows\System\SdRlgLS.exe
  C:\Windows\System\SdRlgLS.exe
  2⤵
  PID:5508
- C:\Windows\System\yaTyCgb.exe
  C:\Windows\System\yaTyCgb.exe
  2⤵
  PID:5668
- C:\Windows\System\jQdslJf.exe
  C:\Windows\System\jQdslJf.exe
  2⤵
  PID:5720
- C:\Windows\System\axjCxop.exe
  C:\Windows\System\axjCxop.exe
  2⤵
  PID:5584
- C:\Windows\System\vuHhiLe.exe
  C:\Windows\System\vuHhiLe.exe
  2⤵
  PID:5440
- C:\Windows\System\kEHqzZD.exe
  C:\Windows\System\kEHqzZD.exe
  2⤵
  PID:5916
- C:\Windows\System\hDSakJu.exe
  C:\Windows\System\hDSakJu.exe
  2⤵
  PID:4872
- C:\Windows\System\hwOmPHt.exe
  C:\Windows\System\hwOmPHt.exe
  2⤵
  PID:5192
- C:\Windows\System\YxvmOqd.exe
  C:\Windows\System\YxvmOqd.exe
  2⤵
  PID:6148
- C:\Windows\System\edaUQIu.exe
  C:\Windows\System\edaUQIu.exe
  2⤵
  PID:6168
- C:\Windows\System\pHUPgJy.exe
  C:\Windows\System\pHUPgJy.exe
  2⤵
  PID:6188
- C:\Windows\System\AKEUGdy.exe
  C:\Windows\System\AKEUGdy.exe
  2⤵
  PID:6204
- C:\Windows\System\ZeYMQiH.exe
  C:\Windows\System\ZeYMQiH.exe
  2⤵
  PID:6264
- C:\Windows\System\LjeykNk.exe
  C:\Windows\System\LjeykNk.exe
  2⤵
  PID:6280
- C:\Windows\System\eULoMbV.exe
  C:\Windows\System\eULoMbV.exe
  2⤵
  PID:6296
- C:\Windows\System\YjFUfSA.exe
  C:\Windows\System\YjFUfSA.exe
  2⤵
  PID:6312
- C:\Windows\System\UxQtxzk.exe
  C:\Windows\System\UxQtxzk.exe
  2⤵
  PID:6336
- C:\Windows\System\CQLxRQa.exe
  C:\Windows\System\CQLxRQa.exe
  2⤵
  PID:6356
- C:\Windows\System\mokdjHn.exe
  C:\Windows\System\mokdjHn.exe
  2⤵
  PID:6372
- C:\Windows\System\UjazFSJ.exe
  C:\Windows\System\UjazFSJ.exe
  2⤵
  PID:6388
- C:\Windows\System\Rzfygks.exe
  C:\Windows\System\Rzfygks.exe
  2⤵
  PID:6404
- C:\Windows\System\UTlfXuc.exe
  C:\Windows\System\UTlfXuc.exe
  2⤵
  PID:6420
- C:\Windows\System\GPSLHBr.exe
  C:\Windows\System\GPSLHBr.exe
  2⤵
  PID:6444
- C:\Windows\System\PTODVCt.exe
  C:\Windows\System\PTODVCt.exe
  2⤵
  PID:6460
- C:\Windows\System\XaPISoG.exe
  C:\Windows\System\XaPISoG.exe
  2⤵
  PID:6476
- C:\Windows\System\oCZIrZl.exe
  C:\Windows\System\oCZIrZl.exe
  2⤵
  PID:6492
- C:\Windows\System\isJhbvh.exe
  C:\Windows\System\isJhbvh.exe
  2⤵
  PID:6512
- C:\Windows\System\llNLJew.exe
  C:\Windows\System\llNLJew.exe
  2⤵
  PID:6532
- C:\Windows\System\NSlZlmT.exe
  C:\Windows\System\NSlZlmT.exe
  2⤵
  PID:6548
- C:\Windows\System\ZlOwzuW.exe
  C:\Windows\System\ZlOwzuW.exe
  2⤵
  PID:6564
- C:\Windows\System\htmcQMK.exe
  C:\Windows\System\htmcQMK.exe
  2⤵
  PID:6600
- C:\Windows\System\cYoFotL.exe
  C:\Windows\System\cYoFotL.exe
  2⤵
  PID:6620
- C:\Windows\System\OAeMaSR.exe
  C:\Windows\System\OAeMaSR.exe
  2⤵
  PID:6648
- C:\Windows\System\nGbCCLk.exe
  C:\Windows\System\nGbCCLk.exe
  2⤵
  PID:6672
- C:\Windows\System\UmctbDQ.exe
  C:\Windows\System\UmctbDQ.exe
  2⤵
  PID:6708
- C:\Windows\System\tgQqspl.exe
  C:\Windows\System\tgQqspl.exe
  2⤵
  PID:6724
- C:\Windows\System\iSGNjmf.exe
  C:\Windows\System\iSGNjmf.exe
  2⤵
  PID:6740
- C:\Windows\System\AnQTnci.exe
  C:\Windows\System\AnQTnci.exe
  2⤵
  PID:6760
- C:\Windows\System\FJTPbRR.exe
  C:\Windows\System\FJTPbRR.exe
  2⤵
  PID:6776
- C:\Windows\System\yxhjFGP.exe
  C:\Windows\System\yxhjFGP.exe
  2⤵
  PID:6796
- C:\Windows\System\JlxgcCk.exe
  C:\Windows\System\JlxgcCk.exe
  2⤵
  PID:6816
- C:\Windows\System\kAtGxPn.exe
  C:\Windows\System\kAtGxPn.exe
  2⤵
  PID:6840
- C:\Windows\System\Blozshs.exe
  C:\Windows\System\Blozshs.exe
  2⤵
  PID:6860
- C:\Windows\System\VPjFMjG.exe
  C:\Windows\System\VPjFMjG.exe
  2⤵
  PID:6876
- C:\Windows\System\BdMYmaF.exe
  C:\Windows\System\BdMYmaF.exe
  2⤵
  PID:6904
- C:\Windows\System\sDxCzQz.exe
  C:\Windows\System\sDxCzQz.exe
  2⤵
  PID:6920
- C:\Windows\System\NzeyZzd.exe
  C:\Windows\System\NzeyZzd.exe
  2⤵
  PID:6944
- C:\Windows\System\qHWLtWY.exe
  C:\Windows\System\qHWLtWY.exe
  2⤵
  PID:6960
- C:\Windows\System\VopDlBp.exe
  C:\Windows\System\VopDlBp.exe
  2⤵
  PID:6980
- C:\Windows\System\GsXqLKA.exe
  C:\Windows\System\GsXqLKA.exe
  2⤵
  PID:6996
- C:\Windows\System\ThwrxMu.exe
  C:\Windows\System\ThwrxMu.exe
  2⤵
  PID:7016
- C:\Windows\System\iBctihz.exe
  C:\Windows\System\iBctihz.exe
  2⤵
  PID:7032
- C:\Windows\System\LZrlYgq.exe
  C:\Windows\System\LZrlYgq.exe
  2⤵
  PID:7048
- C:\Windows\System\OrEDEUR.exe
  C:\Windows\System\OrEDEUR.exe
  2⤵
  PID:7068
- C:\Windows\System\tbFsgOR.exe
  C:\Windows\System\tbFsgOR.exe
  2⤵
  PID:7088
- C:\Windows\System\pDvYamF.exe
  C:\Windows\System\pDvYamF.exe
  2⤵
  PID:7104
- C:\Windows\System\qcivlUU.exe
  C:\Windows\System\qcivlUU.exe
  2⤵
  PID:7128
- C:\Windows\System\iPkGqJE.exe
  C:\Windows\System\iPkGqJE.exe
  2⤵
  PID:7156
- C:\Windows\System\yyFAWyI.exe
  C:\Windows\System\yyFAWyI.exe
  2⤵
  PID:5412
- C:\Windows\System\wrGipjb.exe
  C:\Windows\System\wrGipjb.exe
  2⤵
  PID:5240
- C:\Windows\System\PEotMIB.exe
  C:\Windows\System\PEotMIB.exe
  2⤵
  PID:5152
- C:\Windows\System\Lvlgulm.exe
  C:\Windows\System\Lvlgulm.exe
  2⤵
  PID:6012
- C:\Windows\System\xhBWJnn.exe
  C:\Windows\System\xhBWJnn.exe
  2⤵
  PID:5912
- C:\Windows\System\DbIsGGX.exe
  C:\Windows\System\DbIsGGX.exe
  2⤵
  PID:6184
- C:\Windows\System\pYZWPnV.exe
  C:\Windows\System\pYZWPnV.exe
  2⤵
  PID:6232
- C:\Windows\System\mPIdGox.exe
  C:\Windows\System\mPIdGox.exe
  2⤵
  PID:6248
- C:\Windows\System\kiNqvEU.exe
  C:\Windows\System\kiNqvEU.exe
  2⤵
  PID:6256
- C:\Windows\System\ZhMyxMF.exe
  C:\Windows\System\ZhMyxMF.exe
  2⤵
  PID:6292
- C:\Windows\System\kovEbUw.exe
  C:\Windows\System\kovEbUw.exe
  2⤵
  PID:5764
- C:\Windows\System\ahRnvrX.exe
  C:\Windows\System\ahRnvrX.exe
  2⤵
  PID:6328
- C:\Windows\System\eWwQeNi.exe
  C:\Windows\System\eWwQeNi.exe
  2⤵
  PID:6432
- C:\Windows\System\bUSXgjk.exe
  C:\Windows\System\bUSXgjk.exe
  2⤵
  PID:6500
- C:\Windows\System\nbTZwrx.exe
  C:\Windows\System\nbTZwrx.exe
  2⤵
  PID:6344
- C:\Windows\System\CZmBoNt.exe
  C:\Windows\System\CZmBoNt.exe
  2⤵
  PID:6576
- C:\Windows\System\fTMayik.exe
  C:\Windows\System\fTMayik.exe
  2⤵
  PID:6592
- C:\Windows\System\XJkDJmv.exe
  C:\Windows\System\XJkDJmv.exe
  2⤵
  PID:6488
- C:\Windows\System\xQjZYaw.exe
  C:\Windows\System\xQjZYaw.exe
  2⤵
  PID:6416
- C:\Windows\System\QrlyrjJ.exe
  C:\Windows\System\QrlyrjJ.exe
  2⤵
  PID:6644
- C:\Windows\System\xUMvAlK.exe
  C:\Windows\System\xUMvAlK.exe
  2⤵
  PID:6528
- C:\Windows\System\KRktEjb.exe
  C:\Windows\System\KRktEjb.exe
  2⤵
  PID:6688
- C:\Windows\System\AerxcCw.exe
  C:\Windows\System\AerxcCw.exe
  2⤵
  PID:6380
- C:\Windows\System\ODxYjbs.exe
  C:\Windows\System\ODxYjbs.exe
  2⤵
  PID:6660
- C:\Windows\System\GboFCJH.exe
  C:\Windows\System\GboFCJH.exe
  2⤵
  PID:6772
- C:\Windows\System\XHcEMrd.exe
  C:\Windows\System\XHcEMrd.exe
  2⤵
  PID:6748
- C:\Windows\System\aQyZIFL.exe
  C:\Windows\System\aQyZIFL.exe
  2⤵
  PID:6852
- C:\Windows\System\YMxVsfM.exe
  C:\Windows\System\YMxVsfM.exe
  2⤵
  PID:6832
- C:\Windows\System\YEWAkbM.exe
  C:\Windows\System\YEWAkbM.exe
  2⤵
  PID:6788
- C:\Windows\System\nAvyHfn.exe
  C:\Windows\System\nAvyHfn.exe
  2⤵
  PID:6912
- C:\Windows\System\QGqLMER.exe
  C:\Windows\System\QGqLMER.exe
  2⤵
  PID:6928
- C:\Windows\System\pxfKNSB.exe
  C:\Windows\System\pxfKNSB.exe
  2⤵
  PID:6968
- C:\Windows\System\qscyYNl.exe
  C:\Windows\System\qscyYNl.exe
  2⤵
  PID:7012
- C:\Windows\System\KLrOhTJ.exe
  C:\Windows\System\KLrOhTJ.exe
  2⤵
  PID:7112
- C:\Windows\System\nQvYhHf.exe
  C:\Windows\System\nQvYhHf.exe
  2⤵
  PID:7100
- C:\Windows\System\GWPbgKU.exe
  C:\Windows\System\GWPbgKU.exe
  2⤵
  PID:7164
- C:\Windows\System\ghlZnrv.exe
  C:\Windows\System\ghlZnrv.exe
  2⤵
  PID:7140
- C:\Windows\System\iyOHsyQ.exe
  C:\Windows\System\iyOHsyQ.exe
  2⤵
  PID:7152
- C:\Windows\System\NkNhaRh.exe
  C:\Windows\System\NkNhaRh.exe
  2⤵
  PID:5776
- C:\Windows\System\whlTwPU.exe
  C:\Windows\System\whlTwPU.exe
  2⤵
  PID:5272
- C:\Windows\System\AIIuZgl.exe
  C:\Windows\System\AIIuZgl.exe
  2⤵
  PID:6228
- C:\Windows\System\yffUvtn.exe
  C:\Windows\System\yffUvtn.exe
  2⤵
  PID:5824
- C:\Windows\System\RgNGDZs.exe
  C:\Windows\System\RgNGDZs.exe
  2⤵
  PID:6176
- C:\Windows\System\ZOXIEkL.exe
  C:\Windows\System\ZOXIEkL.exe
  2⤵
  PID:6288
- C:\Windows\System\uSsFyLe.exe
  C:\Windows\System\uSsFyLe.exe
  2⤵
  PID:6368
- C:\Windows\System\LJEmqry.exe
  C:\Windows\System\LJEmqry.exe
  2⤵
  PID:6440
- C:\Windows\System\pOnlUXo.exe
  C:\Windows\System\pOnlUXo.exe
  2⤵
  PID:6508
- C:\Windows\System\fkgaxmG.exe
  C:\Windows\System\fkgaxmG.exe
  2⤵
  PID:6540
- C:\Windows\System\jbAskFM.exe
  C:\Windows\System\jbAskFM.exe
  2⤵
  PID:6524
- C:\Windows\System\XvMXEaV.exe
  C:\Windows\System\XvMXEaV.exe
  2⤵
  PID:6612
- C:\Windows\System\lCoDAtF.exe
  C:\Windows\System\lCoDAtF.exe
  2⤵
  PID:6484
- C:\Windows\System\CLKowOM.exe
  C:\Windows\System\CLKowOM.exe
  2⤵
  PID:6616
- C:\Windows\System\OeKGjOF.exe
  C:\Windows\System\OeKGjOF.exe
  2⤵
  PID:6680
- C:\Windows\System\ILeJXxB.exe
  C:\Windows\System\ILeJXxB.exe
  2⤵
  PID:6848
- C:\Windows\System\VKwOAqW.exe
  C:\Windows\System\VKwOAqW.exe
  2⤵
  PID:6868
- C:\Windows\System\KhmOfAh.exe
  C:\Windows\System\KhmOfAh.exe
  2⤵
  PID:7004
- C:\Windows\System\mocKHyD.exe
  C:\Windows\System\mocKHyD.exe
  2⤵
  PID:6808
- C:\Windows\System\TYRofGi.exe
  C:\Windows\System\TYRofGi.exe
  2⤵
  PID:6828
- C:\Windows\System\emobPeZ.exe
  C:\Windows\System\emobPeZ.exe
  2⤵
  PID:7080
- C:\Windows\System\lCgZmAy.exe
  C:\Windows\System\lCgZmAy.exe
  2⤵
  PID:7124
- C:\Windows\System\CCqRaaM.exe
  C:\Windows\System\CCqRaaM.exe
  2⤵
  PID:5920
- C:\Windows\System\TUmecxY.exe
  C:\Windows\System\TUmecxY.exe
  2⤵
  PID:6224
- C:\Windows\System\BsoIJRy.exe
  C:\Windows\System\BsoIJRy.exe
  2⤵
  PID:6952
- C:\Windows\System\NbKnEMs.exe
  C:\Windows\System\NbKnEMs.exe
  2⤵
  PID:5692
- C:\Windows\System\KVONlDG.exe
  C:\Windows\System\KVONlDG.exe
  2⤵
  PID:6400
- C:\Windows\System\RucOWGV.exe
  C:\Windows\System\RucOWGV.exe
  2⤵
  PID:6588
- C:\Windows\System\xwjthjf.exe
  C:\Windows\System\xwjthjf.exe
  2⤵
  PID:6244
- C:\Windows\System\RnpMCMY.exe
  C:\Windows\System\RnpMCMY.exe
  2⤵
  PID:6664
- C:\Windows\System\qdmZaPT.exe
  C:\Windows\System\qdmZaPT.exe
  2⤵
  PID:6752
- C:\Windows\System\OHLvgmi.exe
  C:\Windows\System\OHLvgmi.exe
  2⤵
  PID:6900
- C:\Windows\System\UVIiXQO.exe
  C:\Windows\System\UVIiXQO.exe
  2⤵
  PID:7136
- C:\Windows\System\DwfvGLL.exe
  C:\Windows\System\DwfvGLL.exe
  2⤵
  PID:7060
- C:\Windows\System\PMXVQHy.exe
  C:\Windows\System\PMXVQHy.exe
  2⤵
  PID:6324
- C:\Windows\System\XvBhzRT.exe
  C:\Windows\System\XvBhzRT.exe
  2⤵
  PID:5724
- C:\Windows\System\ZyBUOUF.exe
  C:\Windows\System\ZyBUOUF.exe
  2⤵
  PID:6240
- C:\Windows\System\qKUQccx.exe
  C:\Windows\System\qKUQccx.exe
  2⤵
  PID:6972
- C:\Windows\System\etBiiJx.exe
  C:\Windows\System\etBiiJx.exe
  2⤵
  PID:7064
- C:\Windows\System\iEkdNWk.exe
  C:\Windows\System\iEkdNWk.exe
  2⤵
  PID:6200
- C:\Windows\System\BbKMfRg.exe
  C:\Windows\System\BbKMfRg.exe
  2⤵
  PID:6352
- C:\Windows\System\cBAzPxM.exe
  C:\Windows\System\cBAzPxM.exe
  2⤵
  PID:7096
- C:\Windows\System\CABTHtm.exe
  C:\Windows\System\CABTHtm.exe
  2⤵
  PID:6364
- C:\Windows\System\gFleZLb.exe
  C:\Windows\System\gFleZLb.exe
  2⤵
  PID:6668
- C:\Windows\System\SqABqIm.exe
  C:\Windows\System\SqABqIm.exe
  2⤵
  PID:5752
- C:\Windows\System\LmQmCuZ.exe
  C:\Windows\System\LmQmCuZ.exe
  2⤵
  PID:6956
- C:\Windows\System\wymxiNu.exe
  C:\Windows\System\wymxiNu.exe
  2⤵
  PID:7028
- C:\Windows\System\MTlXrhC.exe
  C:\Windows\System\MTlXrhC.exe
  2⤵
  PID:6560
- C:\Windows\System\MNBAAhr.exe
  C:\Windows\System\MNBAAhr.exe
  2⤵
  PID:5780
- C:\Windows\System\yzqVVdO.exe
  C:\Windows\System\yzqVVdO.exe
  2⤵
  PID:7056
- C:\Windows\System\rezUwdw.exe
  C:\Windows\System\rezUwdw.exe
  2⤵
  PID:7176
- C:\Windows\System\xebtwhv.exe
  C:\Windows\System\xebtwhv.exe
  2⤵
  PID:7192
- C:\Windows\System\jBPSuYp.exe
  C:\Windows\System\jBPSuYp.exe
  2⤵
  PID:7208
- C:\Windows\System\PYdbPtB.exe
  C:\Windows\System\PYdbPtB.exe
  2⤵
  PID:7244
- C:\Windows\System\dAnMXCI.exe
  C:\Windows\System\dAnMXCI.exe
  2⤵
  PID:7260
- C:\Windows\System\dpGPFUG.exe
  C:\Windows\System\dpGPFUG.exe
  2⤵
  PID:7276
- C:\Windows\System\MZuSgtz.exe
  C:\Windows\System\MZuSgtz.exe
  2⤵
  PID:7304
- C:\Windows\System\ntQtPqh.exe
  C:\Windows\System\ntQtPqh.exe
  2⤵
  PID:7324
- C:\Windows\System\ClZBZpZ.exe
  C:\Windows\System\ClZBZpZ.exe
  2⤵
  PID:7340
- C:\Windows\System\GYpqDxU.exe
  C:\Windows\System\GYpqDxU.exe
  2⤵
  PID:7360
- C:\Windows\System\uOUsnSG.exe
  C:\Windows\System\uOUsnSG.exe
  2⤵
  PID:7376
- C:\Windows\System\xyplqxA.exe
  C:\Windows\System\xyplqxA.exe
  2⤵
  PID:7392
- C:\Windows\System\fIwpqLP.exe
  C:\Windows\System\fIwpqLP.exe
  2⤵
  PID:7408
- C:\Windows\System\WUXbPhF.exe
  C:\Windows\System\WUXbPhF.exe
  2⤵
  PID:7424
- C:\Windows\System\jvRYXhL.exe
  C:\Windows\System\jvRYXhL.exe
  2⤵
  PID:7444
- C:\Windows\System\VppFNJV.exe
  C:\Windows\System\VppFNJV.exe
  2⤵
  PID:7464
- C:\Windows\System\CCZMGkK.exe
  C:\Windows\System\CCZMGkK.exe
  2⤵
  PID:7480
- C:\Windows\System\eYOZPio.exe
  C:\Windows\System\eYOZPio.exe
  2⤵
  PID:7500
- C:\Windows\System\BqSmTyN.exe
  C:\Windows\System\BqSmTyN.exe
  2⤵
  PID:7516
- C:\Windows\System\lICINEm.exe
  C:\Windows\System\lICINEm.exe
  2⤵
  PID:7572
- C:\Windows\System\RqaHWDa.exe
  C:\Windows\System\RqaHWDa.exe
  2⤵
  PID:7588
- C:\Windows\System\EZSbGvx.exe
  C:\Windows\System\EZSbGvx.exe
  2⤵
  PID:7604
- C:\Windows\System\xmRSBqV.exe
  C:\Windows\System\xmRSBqV.exe
  2⤵
  PID:7624
- C:\Windows\System\YpRAPbt.exe
  C:\Windows\System\YpRAPbt.exe
  2⤵
  PID:7640
- C:\Windows\System\PPXWKsU.exe
  C:\Windows\System\PPXWKsU.exe
  2⤵
  PID:7656
- C:\Windows\System\NZFWwON.exe
  C:\Windows\System\NZFWwON.exe
  2⤵
  PID:7676
- C:\Windows\System\XOTjkHM.exe
  C:\Windows\System\XOTjkHM.exe
  2⤵
  PID:7696
- C:\Windows\System\nBfOClq.exe
  C:\Windows\System\nBfOClq.exe
  2⤵
  PID:7716
- C:\Windows\System\HstDTVA.exe
  C:\Windows\System\HstDTVA.exe
  2⤵
  PID:7756
- C:\Windows\System\jkYQwLe.exe
  C:\Windows\System\jkYQwLe.exe
  2⤵
  PID:7772
- C:\Windows\System\VTWRsMq.exe
  C:\Windows\System\VTWRsMq.exe
  2⤵
  PID:7788
- C:\Windows\System\HbPwRNV.exe
  C:\Windows\System\HbPwRNV.exe
  2⤵
  PID:7808
- C:\Windows\System\dkyjRQT.exe
  C:\Windows\System\dkyjRQT.exe
  2⤵
  PID:7824
- C:\Windows\System\yzSHmQw.exe
  C:\Windows\System\yzSHmQw.exe
  2⤵
  PID:7844
- C:\Windows\System\OcAmNjP.exe
  C:\Windows\System\OcAmNjP.exe
  2⤵
  PID:7860
- C:\Windows\System\QbkLtAp.exe
  C:\Windows\System\QbkLtAp.exe
  2⤵
  PID:7880
- C:\Windows\System\bnaytYB.exe
  C:\Windows\System\bnaytYB.exe
  2⤵
  PID:7896
- C:\Windows\System\bSMZVHC.exe
  C:\Windows\System\bSMZVHC.exe
  2⤵
  PID:7912
- C:\Windows\System\SmNJbqK.exe
  C:\Windows\System\SmNJbqK.exe
  2⤵
  PID:7932
- C:\Windows\System\OHSZOJw.exe
  C:\Windows\System\OHSZOJw.exe
  2⤵
  PID:7952
- C:\Windows\System\vQYJsOh.exe
  C:\Windows\System\vQYJsOh.exe
  2⤵
  PID:7968
- C:\Windows\System\xgKlsCB.exe
  C:\Windows\System\xgKlsCB.exe
  2⤵
  PID:7984
- C:\Windows\System\EBNyRmJ.exe
  C:\Windows\System\EBNyRmJ.exe
  2⤵
  PID:8016
- C:\Windows\System\CSosmkz.exe
  C:\Windows\System\CSosmkz.exe
  2⤵
  PID:8044
- C:\Windows\System\WrnnIwe.exe
  C:\Windows\System\WrnnIwe.exe
  2⤵
  PID:8060
- C:\Windows\System\CItYxpV.exe
  C:\Windows\System\CItYxpV.exe
  2⤵
  PID:8080
- C:\Windows\System\qiQBRaR.exe
  C:\Windows\System\qiQBRaR.exe
  2⤵
  PID:8096
- C:\Windows\System\CDIOZhW.exe
  C:\Windows\System\CDIOZhW.exe
  2⤵
  PID:8112
- C:\Windows\System\zKUfNQD.exe
  C:\Windows\System\zKUfNQD.exe
  2⤵
  PID:8128
- C:\Windows\System\NMiMOez.exe
  C:\Windows\System\NMiMOez.exe
  2⤵
  PID:8148
- C:\Windows\System\YBVmReG.exe
  C:\Windows\System\YBVmReG.exe
  2⤵
  PID:8168
- C:\Windows\System\mATEjXS.exe
  C:\Windows\System\mATEjXS.exe
  2⤵
  PID:8188
- C:\Windows\System\qCHPCvh.exe
  C:\Windows\System\qCHPCvh.exe
  2⤵
  PID:7200
- C:\Windows\System\ylNZJTb.exe
  C:\Windows\System\ylNZJTb.exe
  2⤵
  PID:7188
- C:\Windows\System\quabHYs.exe
  C:\Windows\System\quabHYs.exe
  2⤵
  PID:7256
- C:\Windows\System\DegMZIX.exe
  C:\Windows\System\DegMZIX.exe
  2⤵
  PID:7300
- C:\Windows\System\OitGvsl.exe
  C:\Windows\System\OitGvsl.exe
  2⤵
  PID:7400
- C:\Windows\System\FZfcCNw.exe
  C:\Windows\System\FZfcCNw.exe
  2⤵
  PID:7232
- C:\Windows\System\NybZEJY.exe
  C:\Windows\System\NybZEJY.exe
  2⤵
  PID:7476
- C:\Windows\System\KTfGPpL.exe
  C:\Windows\System\KTfGPpL.exe
  2⤵
  PID:7388
- C:\Windows\System\eLjrMoz.exe
  C:\Windows\System\eLjrMoz.exe
  2⤵
  PID:7460
- C:\Windows\System\gGgEGPF.exe
  C:\Windows\System\gGgEGPF.exe
  2⤵
  PID:7584
- C:\Windows\System\jfYetBo.exe
  C:\Windows\System\jfYetBo.exe
  2⤵
  PID:7648
- C:\Windows\System\cTYXpJt.exe
  C:\Windows\System\cTYXpJt.exe
  2⤵
  PID:7532
- C:\Windows\System\VqkXuDs.exe
  C:\Windows\System\VqkXuDs.exe
  2⤵
  PID:7348
- C:\Windows\System\iDOmJzM.exe
  C:\Windows\System\iDOmJzM.exe
  2⤵
  PID:7596
- C:\Windows\System\eTNAPOD.exe
  C:\Windows\System\eTNAPOD.exe
  2⤵
  PID:7724
- C:\Windows\System\ZCZcuUN.exe
  C:\Windows\System\ZCZcuUN.exe
  2⤵
  PID:7564
- C:\Windows\System\JLQRaOa.exe
  C:\Windows\System\JLQRaOa.exe
  2⤵
  PID:7708
- C:\Windows\System\bnrhGbY.exe
  C:\Windows\System\bnrhGbY.exe
  2⤵
  PID:7732
- C:\Windows\System\DDWxIvW.exe
  C:\Windows\System\DDWxIvW.exe
  2⤵
  PID:7744
- C:\Windows\System\qJXWApp.exe
  C:\Windows\System\qJXWApp.exe
  2⤵
  PID:7784
- C:\Windows\System\oHhRNTN.exe
  C:\Windows\System\oHhRNTN.exe
  2⤵
  PID:7856
- C:\Windows\System\CzrVFPp.exe
  C:\Windows\System\CzrVFPp.exe
  2⤵
  PID:7924
- C:\Windows\System\hKbfNDK.exe
  C:\Windows\System\hKbfNDK.exe
  2⤵
  PID:7928
- C:\Windows\System\LEeSBGT.exe
  C:\Windows\System\LEeSBGT.exe
  2⤵
  PID:8004
- C:\Windows\System\ZiktjEB.exe
  C:\Windows\System\ZiktjEB.exe
  2⤵
  PID:7980
- C:\Windows\System\DbRtGUu.exe
  C:\Windows\System\DbRtGUu.exe
  2⤵
  PID:7948
- C:\Windows\System\VZBchFU.exe
  C:\Windows\System\VZBchFU.exe
  2⤵
  PID:8088
- C:\Windows\System\cZjdNyh.exe
  C:\Windows\System\cZjdNyh.exe
  2⤵
  PID:8160
- C:\Windows\System\QNQQyCY.exe
  C:\Windows\System\QNQQyCY.exe
  2⤵
  PID:7908
- C:\Windows\System\xVlaQYs.exe
  C:\Windows\System\xVlaQYs.exe
  2⤵
  PID:8040
- C:\Windows\System\uFVmlhP.exe
  C:\Windows\System\uFVmlhP.exe
  2⤵
  PID:8104
- C:\Windows\System\QYdEQJI.exe
  C:\Windows\System\QYdEQJI.exe
  2⤵
  PID:6628
- C:\Windows\System\QckYzmj.exe
  C:\Windows\System\QckYzmj.exe
  2⤵
  PID:8184
- C:\Windows\System\HnCyymd.exe
  C:\Windows\System\HnCyymd.exe
  2⤵
  PID:8072
- C:\Windows\System\cALzwlZ.exe
  C:\Windows\System\cALzwlZ.exe
  2⤵
  PID:6892
- C:\Windows\System\FClPZTN.exe
  C:\Windows\System\FClPZTN.exe
  2⤵
  PID:7456
- C:\Windows\System\EaEhINY.exe
  C:\Windows\System\EaEhINY.exe
  2⤵
  PID:7440
- C:\Windows\System\NOOgSug.exe
  C:\Windows\System\NOOgSug.exe
  2⤵
  PID:7228
- C:\Windows\System\icTQjrs.exe
  C:\Windows\System\icTQjrs.exe
  2⤵
  PID:7384
- C:\Windows\System\PqkvpZv.exe
  C:\Windows\System\PqkvpZv.exe
  2⤵
  PID:7312
- C:\Windows\System\qUIaAtA.exe
  C:\Windows\System\qUIaAtA.exe
  2⤵
  PID:7552
- C:\Windows\System\PZctcMT.exe
  C:\Windows\System\PZctcMT.exe
  2⤵
  PID:7664
- C:\Windows\System\zqtnZiw.exe
  C:\Windows\System\zqtnZiw.exe
  2⤵
  PID:7740
- C:\Windows\System\dWPnTNG.exe
  C:\Windows\System\dWPnTNG.exe
  2⤵
  PID:7528
- C:\Windows\System\mYmdOwU.exe
  C:\Windows\System\mYmdOwU.exe
  2⤵
  PID:7800
- C:\Windows\System\FAveRLg.exe
  C:\Windows\System\FAveRLg.exe
  2⤵
  PID:8012
- C:\Windows\System\AGCzCOa.exe
  C:\Windows\System\AGCzCOa.exe
  2⤵
  PID:8000
- C:\Windows\System\STgYyVO.exe
  C:\Windows\System\STgYyVO.exe
  2⤵
  PID:8156
- C:\Windows\System\WXzGipU.exe
  C:\Windows\System\WXzGipU.exe
  2⤵
  PID:7940
- C:\Windows\System\UVBSKjU.exe
  C:\Windows\System\UVBSKjU.exe
  2⤵
  PID:6308
- C:\Windows\System\LTzCmkR.exe
  C:\Windows\System\LTzCmkR.exe
  2⤵
  PID:7876
- C:\Windows\System\HDcQjVI.exe
  C:\Windows\System\HDcQjVI.exe
  2⤵
  PID:8140
- C:\Windows\System\lAUyRQL.exe
  C:\Windows\System\lAUyRQL.exe
  2⤵
  PID:8036
- C:\Windows\System\YIwIHrb.exe
  C:\Windows\System\YIwIHrb.exe
  2⤵
  PID:8068
- C:\Windows\System\FLpRRPS.exe
  C:\Windows\System\FLpRRPS.exe
  2⤵
  PID:7420
- C:\Windows\System\CPrrYpo.exe
  C:\Windows\System\CPrrYpo.exe
  2⤵
  PID:7512
- C:\Windows\System\acdlrpg.exe
  C:\Windows\System\acdlrpg.exe
  2⤵
  PID:7544
- C:\Windows\System\UtoupmM.exe
  C:\Windows\System\UtoupmM.exe
  2⤵
  PID:7580
- C:\Windows\System\cRAxEdz.exe
  C:\Windows\System\cRAxEdz.exe
  2⤵
  PID:7524
- C:\Windows\System\RtrGWZs.exe
  C:\Windows\System\RtrGWZs.exe
  2⤵
  PID:7836
- C:\Windows\System\MyaSozR.exe
  C:\Windows\System\MyaSozR.exe
  2⤵
  PID:7692
- C:\Windows\System\ZPnaOEh.exe
  C:\Windows\System\ZPnaOEh.exe
  2⤵
  PID:7752
- C:\Windows\System\XUPqLro.exe
  C:\Windows\System\XUPqLro.exe
  2⤵
  PID:5604
- C:\Windows\System\sGqMKas.exe
  C:\Windows\System\sGqMKas.exe
  2⤵
  PID:8124
- C:\Windows\System\odRgXZA.exe
  C:\Windows\System\odRgXZA.exe
  2⤵
  PID:7452
- C:\Windows\System\PXsqMHi.exe
  C:\Windows\System\PXsqMHi.exe
  2⤵
  PID:7944
- C:\Windows\System\uMuCYXT.exe
  C:\Windows\System\uMuCYXT.exe
  2⤵
  PID:7688
- C:\Windows\System\HIXavtS.exe
  C:\Windows\System\HIXavtS.exe
  2⤵
  PID:7172
- C:\Windows\System\wQDbSAf.exe
  C:\Windows\System\wQDbSAf.exe
  2⤵
  PID:7636
- C:\Windows\System\hHglEYQ.exe
  C:\Windows\System\hHglEYQ.exe
  2⤵
  PID:7332
- C:\Windows\System\slpcxhp.exe
  C:\Windows\System\slpcxhp.exe
  2⤵
  PID:7240
- C:\Windows\System\svnlBRv.exe
  C:\Windows\System\svnlBRv.exe
  2⤵
  PID:7568
- C:\Windows\System\LfpVncb.exe
  C:\Windows\System\LfpVncb.exe
  2⤵
  PID:7832
- C:\Windows\System\QdhKIDx.exe
  C:\Windows\System\QdhKIDx.exe
  2⤵
  PID:7892
- C:\Windows\System\dwjcXWz.exe
  C:\Windows\System\dwjcXWz.exe
  2⤵
  PID:7560
- C:\Windows\System\jQUfgcD.exe
  C:\Windows\System\jQUfgcD.exe
  2⤵
  PID:6052
- C:\Windows\System\sSHtCtd.exe
  C:\Windows\System\sSHtCtd.exe
  2⤵
  PID:8176
- C:\Windows\System\nXJTTiT.exe
  C:\Windows\System\nXJTTiT.exe
  2⤵
  PID:7548
- C:\Windows\System\eKiQsPO.exe
  C:\Windows\System\eKiQsPO.exe
  2⤵
  PID:8208
- C:\Windows\System\vgFlvHb.exe
  C:\Windows\System\vgFlvHb.exe
  2⤵
  PID:8232
- C:\Windows\System\IsgFXWW.exe
  C:\Windows\System\IsgFXWW.exe
  2⤵
  PID:8260
- C:\Windows\System\TqKBugr.exe
  C:\Windows\System\TqKBugr.exe
  2⤵
  PID:8276
- C:\Windows\System\drSrZav.exe
  C:\Windows\System\drSrZav.exe
  2⤵
  PID:8296
- C:\Windows\System\WKEgwyF.exe
  C:\Windows\System\WKEgwyF.exe
  2⤵
  PID:8328
- C:\Windows\System\idWPQFO.exe
  C:\Windows\System\idWPQFO.exe
  2⤵
  PID:8348
- C:\Windows\System\UNqLpKA.exe
  C:\Windows\System\UNqLpKA.exe
  2⤵
  PID:8364
- C:\Windows\System\iFnfxHa.exe
  C:\Windows\System\iFnfxHa.exe
  2⤵
  PID:8380
- C:\Windows\System\NEHLpnr.exe
  C:\Windows\System\NEHLpnr.exe
  2⤵
  PID:8396
- C:\Windows\System\lKXlsqV.exe
  C:\Windows\System\lKXlsqV.exe
  2⤵
  PID:8428
- C:\Windows\System\JfqQrMf.exe
  C:\Windows\System\JfqQrMf.exe
  2⤵
  PID:8444
- C:\Windows\System\qJxboGe.exe
  C:\Windows\System\qJxboGe.exe
  2⤵
  PID:8460
- C:\Windows\System\FXPCsqq.exe
  C:\Windows\System\FXPCsqq.exe
  2⤵
  PID:8476
- C:\Windows\System\YNyaJTW.exe
  C:\Windows\System\YNyaJTW.exe
  2⤵
  PID:8492
- C:\Windows\System\LngOXqh.exe
  C:\Windows\System\LngOXqh.exe
  2⤵
  PID:8516
- C:\Windows\System\gxbNuoI.exe
  C:\Windows\System\gxbNuoI.exe
  2⤵
  PID:8532
- C:\Windows\System\megwYGr.exe
  C:\Windows\System\megwYGr.exe
  2⤵
  PID:8552
- C:\Windows\System\SdmFxCb.exe
  C:\Windows\System\SdmFxCb.exe
  2⤵
  PID:8580
- C:\Windows\System\fNDaxrc.exe
  C:\Windows\System\fNDaxrc.exe
  2⤵
  PID:8596
- C:\Windows\System\eNdbQQr.exe
  C:\Windows\System\eNdbQQr.exe
  2⤵
  PID:8632
- C:\Windows\System\csWcqek.exe
  C:\Windows\System\csWcqek.exe
  2⤵
  PID:8652
- C:\Windows\System\KjbeNRR.exe
  C:\Windows\System\KjbeNRR.exe
  2⤵
  PID:8672
- C:\Windows\System\clTVhrl.exe
  C:\Windows\System\clTVhrl.exe
  2⤵
  PID:8688
- C:\Windows\System\TuxcSSA.exe
  C:\Windows\System\TuxcSSA.exe
  2⤵
  PID:8708
- C:\Windows\System\nVaUady.exe
  C:\Windows\System\nVaUady.exe
  2⤵
  PID:8728
- C:\Windows\System\MrUeeqb.exe
  C:\Windows\System\MrUeeqb.exe
  2⤵
  PID:8752
- C:\Windows\System\gzrEcfl.exe
  C:\Windows\System\gzrEcfl.exe
  2⤵
  PID:8772
- C:\Windows\System\tQolglM.exe
  C:\Windows\System\tQolglM.exe
  2⤵
  PID:8788
- C:\Windows\System\FdEQILC.exe
  C:\Windows\System\FdEQILC.exe
  2⤵
  PID:8804
- C:\Windows\System\MpICSqQ.exe
  C:\Windows\System\MpICSqQ.exe
  2⤵
  PID:8820
- C:\Windows\System\HbosOSV.exe
  C:\Windows\System\HbosOSV.exe
  2⤵
  PID:8848
- C:\Windows\System\ypCamUo.exe
  C:\Windows\System\ypCamUo.exe
  2⤵
  PID:8864
- C:\Windows\System\ThsEPeR.exe
  C:\Windows\System\ThsEPeR.exe
  2⤵
  PID:8892
- C:\Windows\System\ZKQdHwB.exe
  C:\Windows\System\ZKQdHwB.exe
  2⤵
  PID:8912
- C:\Windows\System\aYfRZOX.exe
  C:\Windows\System\aYfRZOX.exe
  2⤵
  PID:8932
- C:\Windows\System\WGSamfl.exe
  C:\Windows\System\WGSamfl.exe
  2⤵
  PID:8956
- C:\Windows\System\isUymDx.exe
  C:\Windows\System\isUymDx.exe
  2⤵
  PID:8972
- C:\Windows\System\kVzICRy.exe
  C:\Windows\System\kVzICRy.exe
  2⤵
  PID:8992
- C:\Windows\System\GEXSzon.exe
  C:\Windows\System\GEXSzon.exe
  2⤵
  PID:9008
- C:\Windows\System\uFvKfSU.exe
  C:\Windows\System\uFvKfSU.exe
  2⤵
  PID:9028
- C:\Windows\System\lnXiWSI.exe
  C:\Windows\System\lnXiWSI.exe
  2⤵
  PID:9044
- C:\Windows\System\EwnSvLj.exe
  C:\Windows\System\EwnSvLj.exe
  2⤵
  PID:9068
- C:\Windows\System\ynyHsyg.exe
  C:\Windows\System\ynyHsyg.exe
  2⤵
  PID:9096
- C:\Windows\System\EWjDgUO.exe
  C:\Windows\System\EWjDgUO.exe
  2⤵
  PID:9116
- C:\Windows\System\qtAgbYv.exe
  C:\Windows\System\qtAgbYv.exe
  2⤵
  PID:9132
- C:\Windows\System\iKryPKf.exe
  C:\Windows\System\iKryPKf.exe
  2⤵
  PID:9148
- C:\Windows\System\tRYELqW.exe
  C:\Windows\System\tRYELqW.exe
  2⤵
  PID:9164
- C:\Windows\System\IcITsPd.exe
  C:\Windows\System\IcITsPd.exe
  2⤵
  PID:9180
- C:\Windows\System\SiWMrKt.exe
  C:\Windows\System\SiWMrKt.exe
  2⤵
  PID:9196
- C:\Windows\System\ljbxGbN.exe
  C:\Windows\System\ljbxGbN.exe
  2⤵
  PID:8200
- C:\Windows\System\OlEtHSi.exe
  C:\Windows\System\OlEtHSi.exe
  2⤵
  PID:8244
- C:\Windows\System\aMGoOLA.exe
  C:\Windows\System\aMGoOLA.exe
  2⤵
  PID:8256
- C:\Windows\System\UqTmLRC.exe
  C:\Windows\System\UqTmLRC.exe
  2⤵
  PID:8292
- C:\Windows\System\LvQZAEy.exe
  C:\Windows\System\LvQZAEy.exe
  2⤵
  PID:7496
- C:\Windows\System\wQxbYrS.exe
  C:\Windows\System\wQxbYrS.exe
  2⤵
  PID:8376
- C:\Windows\System\dmkQZTT.exe
  C:\Windows\System\dmkQZTT.exe
  2⤵
  PID:8452
- C:\Windows\System\BKeooFN.exe
  C:\Windows\System\BKeooFN.exe
  2⤵
  PID:8440
- C:\Windows\System\rdbWwhM.exe
  C:\Windows\System\rdbWwhM.exe
  2⤵
  PID:8500
- C:\Windows\System\uRwJJmo.exe
  C:\Windows\System\uRwJJmo.exe
  2⤵
  PID:8504
- C:\Windows\System\uvdKyzc.exe
  C:\Windows\System\uvdKyzc.exe
  2⤵
  PID:8572
- C:\Windows\System\LivNzyu.exe
  C:\Windows\System\LivNzyu.exe
  2⤵
  PID:8612
- C:\Windows\System\RfQsmdW.exe
  C:\Windows\System\RfQsmdW.exe
  2⤵
  PID:2368
- C:\Windows\System\qWgXSiH.exe
  C:\Windows\System\qWgXSiH.exe
  2⤵
  PID:8644
- C:\Windows\System\DZBikCA.exe
  C:\Windows\System\DZBikCA.exe
  2⤵
  PID:8696
- C:\Windows\System\DrdqFbv.exe
  C:\Windows\System\DrdqFbv.exe
  2⤵
  PID:8684
- C:\Windows\System\uoZwBvp.exe
  C:\Windows\System\uoZwBvp.exe
  2⤵
  PID:8716
- C:\Windows\System\vBHqVhl.exe
  C:\Windows\System\vBHqVhl.exe
  2⤵
  PID:8724
- C:\Windows\System\OdyRAJr.exe
  C:\Windows\System\OdyRAJr.exe
  2⤵
  PID:8768
- C:\Windows\System\rHbMgNm.exe
  C:\Windows\System\rHbMgNm.exe
  2⤵
  PID:8872
- C:\Windows\System\KkOOiZG.exe
  C:\Windows\System\KkOOiZG.exe
  2⤵
  PID:8888
- C:\Windows\System\WdcSZFN.exe
  C:\Windows\System\WdcSZFN.exe
  2⤵
  PID:8908
- C:\Windows\System\EmaktKG.exe
  C:\Windows\System\EmaktKG.exe
  2⤵
  PID:8984
- C:\Windows\System\uYNsTYy.exe
  C:\Windows\System\uYNsTYy.exe
  2⤵
  PID:9024
- C:\Windows\System\ttPUXQw.exe
  C:\Windows\System\ttPUXQw.exe
  2⤵
  PID:9036
- C:\Windows\System\sfxdAgF.exe
  C:\Windows\System\sfxdAgF.exe
  2⤵
  PID:9040
- C:\Windows\System\WYAGZPb.exe
  C:\Windows\System\WYAGZPb.exe
  2⤵
  PID:9088
- C:\Windows\System\GURlDQP.exe
  C:\Windows\System\GURlDQP.exe
  2⤵
  PID:9112
- C:\Windows\System\MVGCTzA.exe
  C:\Windows\System\MVGCTzA.exe
  2⤵
  PID:9124
- C:\Windows\System\gZDqihE.exe
  C:\Windows\System\gZDqihE.exe
  2⤵
  PID:8228
- C:\Windows\System\EpSJvVm.exe
  C:\Windows\System\EpSJvVm.exe
  2⤵
  PID:8308
- C:\Windows\System\kYzoKER.exe
  C:\Windows\System\kYzoKER.exe
  2⤵
  PID:8204
- C:\Windows\System\DkoZAvt.exe
  C:\Windows\System\DkoZAvt.exe
  2⤵
  PID:8272
- C:\Windows\System\UffAzLw.exe
  C:\Windows\System\UffAzLw.exe
  2⤵
  PID:8372
- C:\Windows\System\zkfLYIr.exe
  C:\Windows\System\zkfLYIr.exe
  2⤵
  PID:8412
- C:\Windows\System\bryPSrE.exe
  C:\Windows\System\bryPSrE.exe
  2⤵
  PID:8488
- C:\Windows\System\pkcBlIt.exe
  C:\Windows\System\pkcBlIt.exe
  2⤵
  PID:8512
- C:\Windows\System\HzVKhxz.exe
  C:\Windows\System\HzVKhxz.exe
  2⤵
  PID:8604
- C:\Windows\System\sAKNwrc.exe
  C:\Windows\System\sAKNwrc.exe
  2⤵
  PID:8320
- C:\Windows\System\BjYpTin.exe
  C:\Windows\System\BjYpTin.exe
  2⤵
  PID:8704
- C:\Windows\System\CpItRbM.exe
  C:\Windows\System\CpItRbM.exe
  2⤵
  PID:8812
- C:\Windows\System\mJfEqdi.exe
  C:\Windows\System\mJfEqdi.exe
  2⤵
  PID:8828
- C:\Windows\System\hJvbkUe.exe
  C:\Windows\System\hJvbkUe.exe
  2⤵
  PID:8884
- C:\Windows\System\FdgONQv.exe
  C:\Windows\System\FdgONQv.exe
  2⤵
  PID:8924
- C:\Windows\System\beMbFTR.exe
  C:\Windows\System\beMbFTR.exe
  2⤵
  PID:9020
- C:\Windows\System\EhpKsSJ.exe
  C:\Windows\System\EhpKsSJ.exe
  2⤵
  PID:9060
- C:\Windows\System\WloTdpD.exe
  C:\Windows\System\WloTdpD.exe
  2⤵
  PID:9144
- C:\Windows\System\XWpBNUS.exe
  C:\Windows\System\XWpBNUS.exe
  2⤵
  PID:8284
- C:\Windows\System\vvttmvN.exe
  C:\Windows\System\vvttmvN.exe
  2⤵
  PID:9092
- C:\Windows\System\WnzJoMm.exe
  C:\Windows\System\WnzJoMm.exe
  2⤵
  PID:8404
- C:\Windows\System\VoQqbyg.exe
  C:\Windows\System\VoQqbyg.exe
  2⤵
  PID:8528
- C:\Windows\System\uOKxdUt.exe
  C:\Windows\System\uOKxdUt.exe
  2⤵
  PID:8436
- C:\Windows\System\FacBWcQ.exe
  C:\Windows\System\FacBWcQ.exe
  2⤵
  PID:8540
- C:\Windows\System\XxVdsRO.exe
  C:\Windows\System\XxVdsRO.exe
  2⤵
  PID:8664
- C:\Windows\System\BQfRske.exe
  C:\Windows\System\BQfRske.exe
  2⤵
  PID:8784
- C:\Windows\System\baiFWEB.exe
  C:\Windows\System\baiFWEB.exe
  2⤵
  PID:8764
- C:\Windows\System\ZmtrJJY.exe
  C:\Windows\System\ZmtrJJY.exe
  2⤵
  PID:8844
- C:\Windows\System\aeyIjJn.exe
  C:\Windows\System\aeyIjJn.exe
  2⤵
  PID:8252
- C:\Windows\System\nmXWEfQ.exe
  C:\Windows\System\nmXWEfQ.exe
  2⤵
  PID:9000
- C:\Windows\System\gxHgfui.exe
  C:\Windows\System\gxHgfui.exe
  2⤵
  PID:8340
- C:\Windows\System\SGmgJqE.exe
  C:\Windows\System\SGmgJqE.exe
  2⤵
  PID:9104
- C:\Windows\System\AGNSVhc.exe
  C:\Windows\System\AGNSVhc.exe
  2⤵
  PID:9160
- C:\Windows\System\eNKuoVr.exe
  C:\Windows\System\eNKuoVr.exe
  2⤵
  PID:8648
- C:\Windows\System\PhJvxSL.exe
  C:\Windows\System\PhJvxSL.exe
  2⤵
  PID:8620
- C:\Windows\System\yAVRSzT.exe
  C:\Windows\System\yAVRSzT.exe
  2⤵
  PID:8800
- C:\Windows\System\VIbucbq.exe
  C:\Windows\System\VIbucbq.exe
  2⤵
  PID:9212
- C:\Windows\System\EGjKKwP.exe
  C:\Windows\System\EGjKKwP.exe
  2⤵
  PID:9156
- C:\Windows\System\OFCbXEF.exe
  C:\Windows\System\OFCbXEF.exe
  2⤵
  PID:8744
- C:\Windows\System\aqiomSM.exe
  C:\Windows\System\aqiomSM.exe
  2⤵
  PID:8640
- C:\Windows\System\OfvwMDu.exe
  C:\Windows\System\OfvwMDu.exe
  2⤵
  PID:9084
- C:\Windows\System\PnSiNsd.exe
  C:\Windows\System\PnSiNsd.exe
  2⤵
  PID:8220
- C:\Windows\System\VLueoCx.exe
  C:\Windows\System\VLueoCx.exe
  2⤵
  PID:8900
- C:\Windows\System\amonhHg.exe
  C:\Windows\System\amonhHg.exe
  2⤵
  PID:9056
- C:\Windows\System\RiWOpTb.exe
  C:\Windows\System\RiWOpTb.exe
  2⤵
  PID:8472
- C:\Windows\System\uRkPeVb.exe
  C:\Windows\System\uRkPeVb.exe
  2⤵
  PID:8700
- C:\Windows\System\oQcEdOt.exe
  C:\Windows\System\oQcEdOt.exe
  2⤵
  PID:9080
- C:\Windows\System\eVEYkjj.exe
  C:\Windows\System\eVEYkjj.exe
  2⤵
  PID:9228
- C:\Windows\System\tEjeDSG.exe
  C:\Windows\System\tEjeDSG.exe
  2⤵
  PID:9244
- C:\Windows\System\GtyZHwT.exe
  C:\Windows\System\GtyZHwT.exe
  2⤵
  PID:9268
- C:\Windows\System\XmumoLF.exe
  C:\Windows\System\XmumoLF.exe
  2⤵
  PID:9288
- C:\Windows\System\HiLbcwB.exe
  C:\Windows\System\HiLbcwB.exe
  2⤵
  PID:9312
- C:\Windows\System\VhLFDwk.exe
  C:\Windows\System\VhLFDwk.exe
  2⤵
  PID:9328
- C:\Windows\System\jDCvzsE.exe
  C:\Windows\System\jDCvzsE.exe
  2⤵
  PID:9348
- C:\Windows\System\GJhuawu.exe
  C:\Windows\System\GJhuawu.exe
  2⤵
  PID:9372
- C:\Windows\System\jsEbwXH.exe
  C:\Windows\System\jsEbwXH.exe
  2⤵
  PID:9396
- C:\Windows\System\XQXPTtB.exe
  C:\Windows\System\XQXPTtB.exe
  2⤵
  PID:9412
- C:\Windows\System\nDDfksW.exe
  C:\Windows\System\nDDfksW.exe
  2⤵
  PID:9428
- C:\Windows\System\aiHsBvL.exe
  C:\Windows\System\aiHsBvL.exe
  2⤵
  PID:9448
- C:\Windows\System\IWffXiQ.exe
  C:\Windows\System\IWffXiQ.exe
  2⤵
  PID:9464
- C:\Windows\System\ccOEAKO.exe
  C:\Windows\System\ccOEAKO.exe
  2⤵
  PID:9484
- C:\Windows\System\JRlgypR.exe
  C:\Windows\System\JRlgypR.exe
  2⤵
  PID:9504
- C:\Windows\System\QnJWsZs.exe
  C:\Windows\System\QnJWsZs.exe
  2⤵
  PID:9536
- C:\Windows\System\CKbjZVt.exe
  C:\Windows\System\CKbjZVt.exe
  2⤵
  PID:9552
- C:\Windows\System\ttOeHUO.exe
  C:\Windows\System\ttOeHUO.exe
  2⤵
  PID:9568
- C:\Windows\System\wucSmMw.exe
  C:\Windows\System\wucSmMw.exe
  2⤵
  PID:9592
- C:\Windows\System\MsLvgDo.exe
  C:\Windows\System\MsLvgDo.exe
  2⤵
  PID:9608
- C:\Windows\System\fjmhUxl.exe
  C:\Windows\System\fjmhUxl.exe
  2⤵
  PID:9628
- C:\Windows\System\mudcUiQ.exe
  C:\Windows\System\mudcUiQ.exe
  2⤵
  PID:9644
- C:\Windows\System\fOtnSlZ.exe
  C:\Windows\System\fOtnSlZ.exe
  2⤵
  PID:9660
- C:\Windows\System\kKoDJHf.exe
  C:\Windows\System\kKoDJHf.exe
  2⤵
  PID:9676
- C:\Windows\System\ZukesVm.exe
  C:\Windows\System\ZukesVm.exe
  2⤵
  PID:9692
- C:\Windows\System\wQSrSzU.exe
  C:\Windows\System\wQSrSzU.exe
  2⤵
  PID:9708
- C:\Windows\System\GwofoXk.exe
  C:\Windows\System\GwofoXk.exe
  2⤵
  PID:9724
- C:\Windows\System\zXJpSPa.exe
  C:\Windows\System\zXJpSPa.exe
  2⤵
  PID:9740
- C:\Windows\System\vdUItBz.exe
  C:\Windows\System\vdUItBz.exe
  2⤵
  PID:9800
- C:\Windows\System\GEdeYKE.exe
  C:\Windows\System\GEdeYKE.exe
  2⤵
  PID:9820
- C:\Windows\System\tEiMkEy.exe
  C:\Windows\System\tEiMkEy.exe
  2⤵
  PID:9836
- C:\Windows\System\HamCQfo.exe
  C:\Windows\System\HamCQfo.exe
  2⤵
  PID:9856
- C:\Windows\System\bEbnbfG.exe
  C:\Windows\System\bEbnbfG.exe
  2⤵
  PID:9872
- C:\Windows\System\RyPHHSX.exe
  C:\Windows\System\RyPHHSX.exe
  2⤵
  PID:9892
- C:\Windows\System\fZUtowm.exe
  C:\Windows\System\fZUtowm.exe
  2⤵
  PID:9908
- C:\Windows\System\viZxpDl.exe
  C:\Windows\System\viZxpDl.exe
  2⤵
  PID:9924
- C:\Windows\System\AKqQZry.exe
  C:\Windows\System\AKqQZry.exe
  2⤵
  PID:9948
- C:\Windows\System\isebqAk.exe
  C:\Windows\System\isebqAk.exe
  2⤵
  PID:9964
- C:\Windows\System\zpqxtaw.exe
  C:\Windows\System\zpqxtaw.exe
  2⤵
  PID:9996
- C:\Windows\System\TkKFLUG.exe
  C:\Windows\System\TkKFLUG.exe
  2⤵
  PID:10012
- C:\Windows\System\mMXXwOz.exe
  C:\Windows\System\mMXXwOz.exe
  2⤵
  PID:10028
- C:\Windows\System\EyUOfoC.exe
  C:\Windows\System\EyUOfoC.exe
  2⤵
  PID:10044
- C:\Windows\System\wnRspNA.exe
  C:\Windows\System\wnRspNA.exe
  2⤵
  PID:10060
- C:\Windows\System\RTuPfbx.exe
  C:\Windows\System\RTuPfbx.exe
  2⤵
  PID:10076
- C:\Windows\System\ODGUXsH.exe
  C:\Windows\System\ODGUXsH.exe
  2⤵
  PID:10092
- C:\Windows\System\jtEkYCz.exe
  C:\Windows\System\jtEkYCz.exe
  2⤵
  PID:10108
- C:\Windows\System\iBYYzwj.exe
  C:\Windows\System\iBYYzwj.exe
  2⤵
  PID:10124
- C:\Windows\System\jGMGyil.exe
  C:\Windows\System\jGMGyil.exe
  2⤵
  PID:10140
- C:\Windows\System\qXjQmmO.exe
  C:\Windows\System\qXjQmmO.exe
  2⤵
  PID:10200
- C:\Windows\System\ySyAgRx.exe
  C:\Windows\System\ySyAgRx.exe
  2⤵
  PID:10220
- C:\Windows\System\xufmvyF.exe
  C:\Windows\System\xufmvyF.exe
  2⤵
  PID:10236
- C:\Windows\System\futOPrM.exe
  C:\Windows\System\futOPrM.exe
  2⤵
  PID:9256
- C:\Windows\System\SYHxrWs.exe
  C:\Windows\System\SYHxrWs.exe
  2⤵
  PID:9276
- C:\Windows\System\SPQotDS.exe
  C:\Windows\System\SPQotDS.exe
  2⤵
  PID:9324
- C:\Windows\System\eUrDmpo.exe
  C:\Windows\System\eUrDmpo.exe
  2⤵
  PID:9304
- C:\Windows\System\RFHaCBd.exe
  C:\Windows\System\RFHaCBd.exe
  2⤵
  PID:9356
- C:\Windows\System\jimtjCn.exe
  C:\Windows\System\jimtjCn.exe
  2⤵
  PID:9380
- C:\Windows\System\LJIgyYg.exe
  C:\Windows\System\LJIgyYg.exe
  2⤵
  PID:9424
- C:\Windows\System\qsZRHTj.exe
  C:\Windows\System\qsZRHTj.exe
  2⤵
  PID:9476
- C:\Windows\System\obeUZYv.exe
  C:\Windows\System\obeUZYv.exe
  2⤵
  PID:9496
- C:\Windows\System\kViAUFC.exe
  C:\Windows\System\kViAUFC.exe
  2⤵
  PID:9544
- C:\Windows\System\BnFpMjP.exe
  C:\Windows\System\BnFpMjP.exe
  2⤵
  PID:9616
- C:\Windows\System\OhkhDnc.exe
  C:\Windows\System\OhkhDnc.exe
  2⤵
  PID:9588
- C:\Windows\System\yzDZupY.exe
  C:\Windows\System\yzDZupY.exe
  2⤵
  PID:9600
- C:\Windows\System\VHJbSAg.exe
  C:\Windows\System\VHJbSAg.exe
  2⤵
  PID:9668
- C:\Windows\System\DcXeAzk.exe
  C:\Windows\System\DcXeAzk.exe
  2⤵
  PID:9684
- C:\Windows\System\pFlqBpS.exe
  C:\Windows\System\pFlqBpS.exe
  2⤵
  PID:9748
- C:\Windows\System\KHqyYYq.exe
  C:\Windows\System\KHqyYYq.exe
  2⤵
  PID:9768
- C:\Windows\System\MTAisWD.exe
  C:\Windows\System\MTAisWD.exe
  2⤵
  PID:9784
- C:\Windows\System\UaImMBz.exe
  C:\Windows\System\UaImMBz.exe
  2⤵
  PID:9808
- C:\Windows\System\OzvQsBo.exe
  C:\Windows\System\OzvQsBo.exe
  2⤵
  PID:9868
- C:\Windows\System\xEYBwcT.exe
  C:\Windows\System\xEYBwcT.exe
  2⤵
  PID:9880
- C:\Windows\System\BEIqkNc.exe
  C:\Windows\System\BEIqkNc.exe
  2⤵
  PID:9920
- C:\Windows\System\TOJRKeu.exe
  C:\Windows\System\TOJRKeu.exe
  2⤵
  PID:10068
- C:\Windows\System\cFLwGYK.exe
  C:\Windows\System\cFLwGYK.exe
  2⤵
  PID:10004
- C:\Windows\System\diRgpiB.exe
  C:\Windows\System\diRgpiB.exe
  2⤵
  PID:9980
- C:\Windows\System\mjDVAqz.exe
  C:\Windows\System\mjDVAqz.exe
  2⤵
  PID:10020
- C:\Windows\System\llVYLGU.exe
  C:\Windows\System\llVYLGU.exe
  2⤵
  PID:10088
- C:\Windows\System\XlZiVju.exe
  C:\Windows\System\XlZiVju.exe
  2⤵
  PID:10072
- C:\Windows\System\MGoAloR.exe
  C:\Windows\System\MGoAloR.exe
  2⤵
  PID:10136
- C:\Windows\System\FrrZVqI.exe
  C:\Windows\System\FrrZVqI.exe
  2⤵
  PID:10160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CFaxtjV.exe

Filesize
6.0MB

MD5
a275962c2de2b48d82d3acb587088626

SHA1
1605f752839607371b2d4aff58cb28a2107888da

SHA256
179272349190aa06aa700a814c852ee0e7b88c891409af2b93be9ebcb7699a02

SHA512
243360e1e71ec1816dcacd6fba3f00d9593353cad9a85cc08656aeebf3b17355402ffb5fb62da017e11586ca3a0733ecbafb0669df30752e4eeaee1a78f1c8c8

Download Submit
C:\Windows\system\CiOMltw.exe

Filesize
6.0MB

MD5
f9f27a0f9b6a7d2f0a55d21cab805482

SHA1
1a02654a58e8c0ed45f277320e884645c6bf9a86

SHA256
ddcd08a5edd7a1aaa7fe8a590f7a2e9b25cafbd59a1d1530dc132d9719cb2885

SHA512
f90e14d54031f7e9bf9903d5e53bc622c68120991ae3b2e2373c473ba0e59e04f785b2652c21c6fb850ddd8c902a612407145950cf60f4836b40a23e26655917

Download Submit
C:\Windows\system\CyUayVZ.exe

Filesize
6.0MB

MD5
515e83cd2a9cb2a0ebdcbc819e85b5c5

SHA1
77c564464283e7adc4af010ea955556b2c684fc5

SHA256
662cedbe919dba271b37121afdc54c0cf388bd14ae482d579513d42a6ffd9308

SHA512
8a28ae7ba010cdca026357f99db8f03bccceedcfe704086beeb4ec88c77b211547daac2e5ba0ea3dab0429d49b427149f82bdf5137c5773b60a3c356d4684a99

Download Submit
C:\Windows\system\FiftiBv.exe

Filesize
6.0MB

MD5
014fa3da2eb8437119cde3522a5a5e22

SHA1
4242559602cf5f24c76109d736ab1e9dbb97697f

SHA256
4246e6aca2c2aaab65ebbbfe48d0c4bfa5b848a064676cd45ac51034e52eef66

SHA512
5a182d1b9be99490e291576d8092092ea835b92ccd65bb0c910276b79e0d9e99b88960acd6599101b5d318e01fe070ac48d44986f2165745b2f57f3af5d7173c

Download Submit
C:\Windows\system\JuTNhkt.exe

Filesize
6.0MB

MD5
2d1d539c3b223dce8b1382f5319d872c

SHA1
90810ccefb1f7d337ac42b309b12fa7c63708d94

SHA256
e3ae51d840b3230800705d652604abc84a9aab988618718e06dc7745e1f1012b

SHA512
74b7527965ee5d54189f34460df988046f1520a00f51bc85e2ca2fc947f87eba20c46d26426521086f5e097df6edd8e21935103cbea8da4710a33dcdb649f83a

Download Submit
C:\Windows\system\KzcxTtB.exe

Filesize
6.0MB

MD5
51f8f5d4cd6d549d23afd3323c16aef1

SHA1
1128dfd9427a4b407aa1de7be3d2985b35606f5f

SHA256
7f3af1513227fc41f36c7763b0fc40dcdbc124696683fe5ba448be80f01a248a

SHA512
fd8fd2b86c6af54d570ceefee8c08af6dafbcd340b52e4fc10ce8f4b63e568b0c87c9fb523313cf95d149278a3ee3311ec0294ca4eaec5f1a1d40c2f54f99353

Download Submit
C:\Windows\system\MrukCGf.exe

Filesize
6.0MB

MD5
4276cd03303c1141cb886c8e760f1ed9

SHA1
6bb89cf76961a52bde7495a3e993fe54dc5f3430

SHA256
fec7e19cc656a94fe33e68cdbf906ddc9ffd3d61e213229377038bc72d23edb1

SHA512
154a80d130e4ff7c4bf2c02c5486839a19e3448c9d0089a706eb91798a7f6517f9d7a3c38bc73ba1745c60c09a2b336e6dd99382c02782c355cd8570760fa929

Download Submit
C:\Windows\system\NzwdXxI.exe

Filesize
6.0MB

MD5
12111374549ed67e4e8a9a93031a0494

SHA1
faebef3c6845d1eba5bd0c933da0c4c71cc340ca

SHA256
5de880d0ae11d123defb1e6cd5e3db5f4f6719ea5a3ac2a7fd71a57d7af621cf

SHA512
c5e8ec3a825d0dba04d58add1b5a1f854c376566c1b7914a776820e44c4575b4ce18f6d95be014bdafc7cc6ee384fe767d8639e6f625b79db7129cad1305e968

Download Submit
C:\Windows\system\QDtkiBE.exe

Filesize
8B

MD5
c8230b42d85139b7ba8736c2590cbd60

SHA1
ded03c5d540e863d87fd995f2ebd957adf91f77f

SHA256
f64fba4059215094f20af4131eac76500f3f6811f0db0a6921162f3a8883f404

SHA512
0a34b6550f67610c5a24100d138df50102d48b2fffaa6afd2569eb4549829cd89914fa646ba3d1e3e3e1ba13eae4abc1fb9e8d13e0c6b7948be8f38c05a49417

Download Submit
C:\Windows\system\QkvnvCE.exe

Filesize
6.0MB

MD5
d4cf67810fe7e82435b23c94928a4d41

SHA1
348d69a3eca896ca73c60f8a7b943fc5a499498b

SHA256
1d515fcaa0b31b330b85998fec2713c8da9909119e5172ad6f2f3b3b4840b0c5

SHA512
346096c406fd08b2797127fe9996e29ba5eb397a5651abeab74fcc07630c5e0481a3330e2659504eeb43534e5f04678146d4b4d274e9bff6d7959c30952f808e

Download Submit
C:\Windows\system\TXuOmVA.exe

Filesize
6.0MB

MD5
8e59d79b9c41b58e55a843c464188c5b

SHA1
6b60980db36bca349efbfccaa3d5789312aa4b02

SHA256
18068c32aa2e1db74e42776f29ed556a78b0a658627647afcabf163f09c47d48

SHA512
0c4a2d23a013e518af97fcbea750cef180cf8af4aa7cae822dd810e6b417efdbc538d50da764963c07b86ba138d2f371793e8aa32209f860aefe2053919fd95f

Download Submit
C:\Windows\system\Vrsywgc.exe

Filesize
6.0MB

MD5
6c5e67948ddf17d67a46e51f7540f5d9

SHA1
36461bba3d0f577ebc95e1f0fdf3a634710328d1

SHA256
143a1aff5f34f875d96a126c6c0c0d5f2c1fe722a4e0bd082bf633d3d1b08f51

SHA512
49b0a400c9fa6513ad523dda51289d08af7b85f12d0171cff0fe1a957be3e17c97f9487c080658783b652bc1a9136253345cdd39b078d9c6cd163917bbb95e22

Download Submit
C:\Windows\system\YePTBgQ.exe

Filesize
6.0MB

MD5
e89fc08bb6935512f33c6c32d843466b

SHA1
bacd2a0e0cd1f808a8eb0aa88906ac1fa95b1bf6

SHA256
a692cf44a375ff9d153f702ebeaafea940324b360ee44528ad0a2bb8af816793

SHA512
69f1dbf3e3d5c886fa188dd5fd41c1b6e53e22e3d0fbf0fcb83f839381dd70959497b35385d4a91bd414397065ac1c6fe7312e700be661d49fd4efff9ee89e1c

Download Submit
C:\Windows\system\ZFJJXTk.exe

Filesize
6.0MB

MD5
8fb5ed5b0ece92490297cf70748d366c

SHA1
3c49546fd8b05229b7aaecad25923cb4d0c9702e

SHA256
f391081fd9eb22893bf2ad27e974fe7751132356a59e109866b8b13cac4c1197

SHA512
b316b2813354c7aa142b49cd3d80f7987e2ececa45cfeb91478ca969462a7a3e9a0fc91adecca1899b03e1ed57c5e8c38b3649821d5993a7eea5ad94429796b4

Download Submit
C:\Windows\system\awHRbUn.exe

Filesize
6.0MB

MD5
a9d6ca34482b4abe2fd96517d152ca23

SHA1
b309d81b1e694c5028be6e0ce14655590692f37b

SHA256
51708297fe9e354c401f308cb87407ebafb2e98e6f281c9273d18701884961cf

SHA512
d47ed9f2b7b9f11bbadd1b9d43df0d18f5cee9fce7ab5ed0a6aa49229f1349ca283a49134da491688368089cc4980028444837a5f239fc5d1e087e3cb9b659b9

Download Submit
C:\Windows\system\cwluLUL.exe

Filesize
6.0MB

MD5
86897209cc3a315337046219c7f9e08a

SHA1
995ce2db7e592d1a9490c6b10d682465ad9529d9

SHA256
df0aac5f80c739a73975f883d5851eabdfa6390020362b0e0947553c23e7f0c3

SHA512
b29460bd0a26db29ef1fce06f36500bad43ee621cf58479595630a56d2a44e4666bbe20c215afd97a2254ee9029ff338c12855d57c6a911c588447e93e3e7007

Download Submit
C:\Windows\system\dVTaQzV.exe

Filesize
6.0MB

MD5
b423f88e15b16dbbb72aef51229ab7c2

SHA1
9da421814070a87479435a1e0815831ab9832472

SHA256
d086b681a81f51c2fe5b1e4b74e2aac739afdbddd253960d0eba6a0466ab0d5b

SHA512
55ce1de1c54d383f82918431b5ca89c35731e65925123df02ce4da1bb0209638864956ef26e03c7ddaaa2c12f817f25e5751e4cb50201288043efbf3283a4f56

Download Submit
C:\Windows\system\eObexHz.exe

Filesize
6.0MB

MD5
6259d7498eadc130ebcccaa4494e2777

SHA1
0b1fb710034139c2432cbe1fdbd40e5780879c05

SHA256
3bf933bf8adefc614090f9ee205acb2d17206d6fa21a16c60b6b0aa525549d87

SHA512
26e28be1d0f0a37e9b83f37d10a047e5597328036e89327601ef0fe1acecf97ddc1447807c8e560a9186306a19e48565191bc20d12486d097a255cda799c3639

Download Submit
C:\Windows\system\gCwkAEx.exe

Filesize
6.0MB

MD5
3bbae3388bda5f419ec76857146d9209

SHA1
10c9ec9a99cb4b12df8ef39904e3a1a819710f7c

SHA256
3ca7a619adf8cfe45a39cb9ce34765bc097f9c5d1289c88bcfd813c2fad8264d

SHA512
b9513f03fac26e678f299a70cc09550574c6e03c3475392ceae107f628f5ce6ca0ce2732b69bf302a7220848e6927017b17e230ba8076eb1313f319e72f109dd

Download Submit
C:\Windows\system\jBfnhRS.exe

Filesize
6.0MB

MD5
b537a9a8bb73cf72dc102e2f643d1d9f

SHA1
7f14de12647385ffcf89bdd542d41a9b07c234f4

SHA256
3e1c5f7f1fbef9c267615a37accd4f9c1d73fdb4a908087a88e2dd63b875f084

SHA512
c76fef1fbde8ef43b7796c86d28ecd6e9a0a8eec56787be82ddb04d3dcaeb9f51562252206a3a4a5891c4065cbbaf1420c37b2760d6197e7dea69280259dafd8

Download Submit
C:\Windows\system\jCSPoTe.exe

Filesize
6.0MB

MD5
0f601ead043d496551f9e29543a144fd

SHA1
8b82aaa533afb063b5d7d90d4b61590a03e91acd

SHA256
8bc96ea637b8b318b47adf267f1fa98a931dd50a283be57dac07597eb5fdb4c8

SHA512
244de210abb615f25d2e1473da6a136d8743d929c2651e82481beb51a0fbab03798d1a9a7614f2243a9bfff32c224195fe595cde36bcf20b9e80e5c841156acc

Download Submit
C:\Windows\system\kqtVWeg.exe

Filesize
6.0MB

MD5
4b43041b5750902f89e07a077247c2ba

SHA1
143a7c3004858e5b9e57fc809295ccb0facfd89d

SHA256
f7de7ffcede4d71081edf759a692e347a8cff62b5f4632a932aa21892b27768a

SHA512
446a4aa910903b3f5ff8b890f3f87ae31a8de93d81d3b0bfb5454d0e13ae9e1261478199db8bc5a405082b180d53b458e6b50f34832337bc7238087de858cd94

Download Submit
C:\Windows\system\mmlwSlp.exe

Filesize
6.0MB

MD5
460fb20cb4f5f7e11cd07a402199c5d1

SHA1
1aa042cfb531ce687d0a156e0c1f730b66f852cb

SHA256
063fbe591e1b9bf50e184519df32be0ec2458e864229d123497232810f33e1a5

SHA512
b8f6a76ec63f9d5316e69ddc56f8bf7834b17829fdb31e1273c6b7c59c3f64a664f82246898d7ccacdcd9f9c2ae3b9f5966f1a2bf9edc20334bdd5ae34794d21

Download Submit
C:\Windows\system\qOsWcMl.exe

Filesize
6.0MB

MD5
f753541e6d21ca0d352b47b45a95eccf

SHA1
d269d81d1a5cdc62107d93c3b01cf2c64ec74aa3

SHA256
43889e36acb3f7dcd70aed2c21d3f90df327b9c5988a66e0ac2107f59c3940a7

SHA512
eb3c503c0877ababaa5b20f7cba888b7182345ecb3db89131eb7c651aea0f0e62ecb2fa5f3deef77bd8a94f1ea1623ffc14068d43cb45702783cb92a36e9a3e4

Download Submit
C:\Windows\system\sfTRGJv.exe

Filesize
6.0MB

MD5
7e2452b993cc55aafbe4f1bdac720ac5

SHA1
2b9debd8537ea60741014d3948f90f168bc33f8f

SHA256
38fb4b16e221922fe316444e2854ef730b1f6fee52b52918f847191064cb469b

SHA512
4882240a1aa9591aecc25a84ba6fdee89d54e59bc201706fc3290755a2815dcc1a651f6487b18cea45b3e50af33099544b54a56176ae2292ea5f98b9e01d4c03

Download Submit
\Windows\system\MEuaxTU.exe

Filesize
6.0MB

MD5
ec43b3b02e180a9cd73b57b9de68804b

SHA1
522cd2b49e583e5fd228ba4eb695afa07a0001e8

SHA256
0bc8131a647dc21c16befeb1d9ee2db49402bd4fca764950e90a0ddd283b770d

SHA512
78951565785b0158e04052c6198abb827ca7ac1718614176da8729be6b0dfc8a2fccf7a4726f17c1211158939f208779b3733f0526e768a31dc18749e2309418

Download Submit
\Windows\system\RDYaATw.exe

Filesize
6.0MB

MD5
5868d4f87b328252ed40eec7887984de

SHA1
431380a638236f9104992801ab39d2f6591d7aa7

SHA256
8e8907e4aa3c82559d847aea77d094984fe44e6787f4d48f328ce6e4d245ee31

SHA512
735ae6e2a5b46eeca565d8f9451bc98f4596a0d1063598fb2604ba16cc65f74246a424eaf911175ad4cb894535adb6c495d5d9caae3e9edeb2d61afce6a2af21

Download Submit
\Windows\system\WWGmsMH.exe

Filesize
6.0MB

MD5
3eaa291765ace91aa5f39a8dddebb1d9

SHA1
13278c682646deede72b30e245c11c2540316025

SHA256
8d80a87456d7e8a68b67d4936e89e016f6ab63707e2ad26af7b5e6a9e3ab6534

SHA512
97ec46ab79ef3fb9b9f564c6c0a15f0dc2fa558bf048cb42c64a495fa9dcf8959ad7b75bb821da83d1ed7a14b4677c67b84058ad3074c0c158ce901e530f198d

Download Submit
\Windows\system\YpjYkQl.exe

Filesize
6.0MB

MD5
f738b0d6fcbfc3a668bfed34dd31aca9

SHA1
27af660078644ff28a5c4f5a9167ced7482ff337

SHA256
6302885840e5fec1dc6894638dc42665de3312157ee8bc60553379fc9e32b8f7

SHA512
718aa9fa8ab7f1ad0bfb04ae844bc2e69fb3af50a9a82f5d9be76d5b9fe7100b226e1fac06aadc39a4e63df9eb6e39e41a04c0fbc9e7266e618e170a4614b13f

Download Submit
\Windows\system\YsYPtFI.exe

Filesize
6.0MB

MD5
b0adf723e419538a21b7bb65a06ff812

SHA1
1e8a30f531f88e338a8b58d279225a81819db213

SHA256
d5cd96184fedf09ab39be9ace1c9fd2b92bde30c332f3ab3b33315c0f1445e4d

SHA512
fbf759befc3b6140a181935219ad056ef92554ffd44bd21e308289bf139386a919b4200d001a34f92b4d19ff1ba6da26b34f0749318def4716642542461ed7d1

Download Submit
\Windows\system\fTAcaQB.exe

Filesize
6.0MB

MD5
11d79b0b1b87fd9b36708e250ddf313f

SHA1
4d1d0e34f3bfdcc4afa49adb2ac8563d4b22947b

SHA256
967f047659e6207ac00e39f348b7cb39410514c2b6e27a3a470fcddcafd3faff

SHA512
4b1310635365ae369c4c3bd2e9cf9e5c8e35240645b6f89870a591e4b0c6b865b1502bd0528c06dc73ae6dda19766964683347e21cdccb0e54ce9715f23a748b

Download Submit
\Windows\system\jWzBouK.exe

Filesize
6.0MB

MD5
ecd2fafe62c4b7473ff8280c1245e426

SHA1
72fc0f590510fc086a0632200c7f16922865f116

SHA256
55a8e49147f7da496c5023c31d3c05fa560809fcadd77c4209998f0d80ecb9ad

SHA512
a305a8407313f18ce35ba8e97d687a55a2c1a106123ca6124d204340fdc63adb72fa51e381ff48c398fb1a35f6e91d44b6fa6fb9bd98959aa7430a48ed286526

Download Submit
\Windows\system\pjNQzCy.exe

Filesize
6.0MB

MD5
6a7e14849361d3682e7875eb5125692a

SHA1
431abc18b1ba8205b74beff086832a02259bffc5

SHA256
76dc159cbdb20f3adf8f4d55599c0d77f6e64e6ec9d1ebd1f763303541d4f573

SHA512
27c2a09e07233496760d87b713ba29391ca2a3109d0282edf646e1c80e999eab30108be62742df03bfb444f578044c40b4058ed31f043056d39b560f8f702555

Download Submit
memory/588-991-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/588-63-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/588-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/588-6-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/588-82-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/588-100-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/588-101-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/588-104-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/588-74-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/588-92-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/588-50-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/588-93-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/588-111-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/588-0-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/588-24-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/588-811-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/588-20-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/588-623-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/588-19-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/588-489-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/588-38-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/588-59-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/588-35-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/588-43-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1308-3782-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1308-398-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1308-79-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-3755-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-902-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-106-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-715-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2156-3760-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2156-96-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2200-545-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2200-87-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2200-3754-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2436-37-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-78-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-3634-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-73-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2588-3747-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2588-110-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3678-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2612-60-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2704-13-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-39-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3419-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-52-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2724-22-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3427-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2740-105-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2740-3718-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2740-67-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2784-86-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3680-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2828-62-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3486-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2828-29-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2944-15-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2944-3418-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2952-3676-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2952-46-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download