cobaltstrike | 2bd64d687f593bca0b134919982408691831b2c477f50477ad81be0466c7732f

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 15:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

d78f68cc04f27491885c1c8b811779f8
SHA1

0a0f1cf6b40d6851d0765fc2cc3422d30dd76ef6
SHA256

2bd64d687f593bca0b134919982408691831b2c477f50477ad81be0466c7732f
SHA512

cf93a85a2000eb33a2e4829330e9f90ef75008b0e2588b129e53acc5efc8f7a1083e078d5fcd0734d1075bc293627dfe0cfc98a3b2671bfe44e4680f053b00aa
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUb:T+q56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 38 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\system\sVUefXH.exe	cobalt_reflective_dll
\Windows\system\KNcEqtZ.exe	cobalt_reflective_dll
C:\Windows\system\IqWazpw.exe	cobalt_reflective_dll
\Windows\system\ymnFxRu.exe	cobalt_reflective_dll
C:\Windows\system\eMdvOPD.exe	cobalt_reflective_dll
C:\Windows\system\qVpppJv.exe	cobalt_reflective_dll
C:\Windows\system\pEbEZOf.exe	cobalt_reflective_dll
\Windows\system\YQCekdt.exe	cobalt_reflective_dll
\Windows\system\TWgMLlR.exe	cobalt_reflective_dll
C:\Windows\system\VHtiUKD.exe	cobalt_reflective_dll
C:\Windows\system\dzCSQzs.exe	cobalt_reflective_dll
\Windows\system\EGkzQcG.exe	cobalt_reflective_dll
C:\Windows\system\HcBOtZq.exe	cobalt_reflective_dll
\Windows\system\UGFmSch.exe	cobalt_reflective_dll
\Windows\system\UcRorzp.exe	cobalt_reflective_dll
\Windows\system\qrODDrj.exe	cobalt_reflective_dll
\Windows\system\YdUnRjV.exe	cobalt_reflective_dll
\Windows\system\ZNMXwDv.exe	cobalt_reflective_dll
\Windows\system\okKTfLs.exe	cobalt_reflective_dll
C:\Windows\system\OtwkNmj.exe	cobalt_reflective_dll
\Windows\system\zhiPrYN.exe	cobalt_reflective_dll
\Windows\system\MEZtczN.exe	cobalt_reflective_dll
\Windows\system\coqLGQW.exe	cobalt_reflective_dll
C:\Windows\system\JofDlvx.exe	cobalt_reflective_dll
C:\Windows\system\djIkYyF.exe	cobalt_reflective_dll
C:\Windows\system\qCrJszy.exe	cobalt_reflective_dll
C:\Windows\system\fztzoLe.exe	cobalt_reflective_dll
C:\Windows\system\BLmIMNX.exe	cobalt_reflective_dll
C:\Windows\system\xIvHhEt.exe	cobalt_reflective_dll
C:\Windows\system\rNbdefI.exe	cobalt_reflective_dll
C:\Windows\system\vCtVgvV.exe	cobalt_reflective_dll
C:\Windows\system\yYHCSpw.exe	cobalt_reflective_dll
C:\Windows\system\szXMYNC.exe	cobalt_reflective_dll
C:\Windows\system\UjDWmcy.exe	cobalt_reflective_dll
C:\Windows\system\KtCYcVw.exe	cobalt_reflective_dll
C:\Windows\system\oDSGWZV.exe	cobalt_reflective_dll
C:\Windows\system\pytPZFg.exe	cobalt_reflective_dll
C:\Windows\system\UWiXJAY.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 62 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/1800-0-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
C:\Windows\system\sVUefXH.exe	xmrig
\Windows\system\KNcEqtZ.exe	xmrig
C:\Windows\system\IqWazpw.exe	xmrig
behavioral1/memory/2212-22-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/1800-23-0x00000000025A0000-0x00000000028F4000-memory.dmp	xmrig
\Windows\system\ymnFxRu.exe	xmrig
behavioral1/memory/1800-21-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2616-20-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2504-19-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/1800-17-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
C:\Windows\system\eMdvOPD.exe	xmrig
C:\Windows\system\qVpppJv.exe	xmrig
behavioral1/memory/2900-792-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/1800-612-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
C:\Windows\system\pEbEZOf.exe	xmrig
\Windows\system\YQCekdt.exe	xmrig
\Windows\system\TWgMLlR.exe	xmrig
C:\Windows\system\VHtiUKD.exe	xmrig
C:\Windows\system\dzCSQzs.exe	xmrig
\Windows\system\EGkzQcG.exe	xmrig
behavioral1/memory/1800-154-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2568-153-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2580-152-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2560-150-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
C:\Windows\system\HcBOtZq.exe	xmrig
\Windows\system\UGFmSch.exe	xmrig
behavioral1/memory/2696-138-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
\Windows\system\UcRorzp.exe	xmrig
\Windows\system\qrODDrj.exe	xmrig
\Windows\system\YdUnRjV.exe	xmrig
\Windows\system\ZNMXwDv.exe	xmrig
\Windows\system\okKTfLs.exe	xmrig
C:\Windows\system\OtwkNmj.exe	xmrig
\Windows\system\zhiPrYN.exe	xmrig
\Windows\system\MEZtczN.exe	xmrig
\Windows\system\coqLGQW.exe	xmrig
behavioral1/memory/2644-68-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
C:\Windows\system\JofDlvx.exe	xmrig
C:\Windows\system\djIkYyF.exe	xmrig
C:\Windows\system\qCrJszy.exe	xmrig
behavioral1/memory/2900-37-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
C:\Windows\system\fztzoLe.exe	xmrig
C:\Windows\system\BLmIMNX.exe	xmrig
C:\Windows\system\xIvHhEt.exe	xmrig
C:\Windows\system\rNbdefI.exe	xmrig
C:\Windows\system\vCtVgvV.exe	xmrig
C:\Windows\system\yYHCSpw.exe	xmrig
C:\Windows\system\szXMYNC.exe	xmrig
C:\Windows\system\UjDWmcy.exe	xmrig
C:\Windows\system\KtCYcVw.exe	xmrig
C:\Windows\system\oDSGWZV.exe	xmrig
C:\Windows\system\pytPZFg.exe	xmrig
behavioral1/memory/1800-72-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
C:\Windows\system\UWiXJAY.exe	xmrig
behavioral1/memory/2644-3850-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2696-3854-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2560-3856-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2900-3855-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2568-3853-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2580-3852-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2616-3851-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

sVUefXH.exeKNcEqtZ.exeIqWazpw.exeUWiXJAY.exeymnFxRu.exedjIkYyF.exeJofDlvx.exepytPZFg.exeoDSGWZV.exeOtwkNmj.exeKtCYcVw.exeUjDWmcy.exeszXMYNC.exeyYHCSpw.exevCtVgvV.exerNbdefI.exexIvHhEt.exeBLmIMNX.exeHcBOtZq.exefztzoLe.exeeMdvOPD.exedzCSQzs.exeVHtiUKD.exeqVpppJv.exeqCrJszy.exepEbEZOf.execoqLGQW.exeMEZtczN.exezhiPrYN.exeokKTfLs.exeZNMXwDv.exeYdUnRjV.exeqrODDrj.exeUcRorzp.exeUGFmSch.exeEGkzQcG.exeTWgMLlR.exeYQCekdt.exeoEDkSPH.exeJMctywP.exeKPhZLBF.exeVPINdTO.execGeADsr.exenfHlwBm.exesUsiJqF.exeaOPySRO.exenUpivqc.exevrHBiUn.exeaRCnslS.exeSMKhGwQ.exeOOSHYqh.exeuUKkzLe.exeZmOGboP.exeqmgfdKa.exebVWmPzv.exeegPsYtx.exesaXYlTc.exeDKILpJx.exehlsCAjt.exeGvPSeIY.exePhxyFsK.exeoLxJqrT.exeWkHzdat.exesPPiVbT.exe

pid	process
2504	sVUefXH.exe
2616	KNcEqtZ.exe
2212	IqWazpw.exe
2900	UWiXJAY.exe
2644	ymnFxRu.exe
2696	djIkYyF.exe
2560	JofDlvx.exe
2580	pytPZFg.exe
2568	oDSGWZV.exe
2660	OtwkNmj.exe
2164	KtCYcVw.exe
1112	UjDWmcy.exe
1404	szXMYNC.exe
1440	yYHCSpw.exe
2524	vCtVgvV.exe
2776	rNbdefI.exe
468	xIvHhEt.exe
2128	BLmIMNX.exe
1820	HcBOtZq.exe
408	fztzoLe.exe
2572	eMdvOPD.exe
2700	dzCSQzs.exe
2540	VHtiUKD.exe
2004	qVpppJv.exe
1088	qCrJszy.exe
2656	pEbEZOf.exe
1676	coqLGQW.exe
1380	MEZtczN.exe
2604	zhiPrYN.exe
664	okKTfLs.exe
1928	ZNMXwDv.exe
1376	YdUnRjV.exe
3012	qrODDrj.exe
3004	UcRorzp.exe
652	UGFmSch.exe
3024	EGkzQcG.exe
1608	TWgMLlR.exe
2228	YQCekdt.exe
916	oEDkSPH.exe
888	JMctywP.exe
1680	KPhZLBF.exe
2368	VPINdTO.exe
1552	cGeADsr.exe
1812	nfHlwBm.exe
2200	sUsiJqF.exe
2248	aOPySRO.exe
688	nUpivqc.exe
944	vrHBiUn.exe
1864	aRCnslS.exe
2196	SMKhGwQ.exe
2244	OOSHYqh.exe
2292	uUKkzLe.exe
788	ZmOGboP.exe
2304	qmgfdKa.exe
2160	bVWmPzv.exe
2800	egPsYtx.exe
2536	saXYlTc.exe
1560	DKILpJx.exe
1524	hlsCAjt.exe
1836	GvPSeIY.exe
1740	PhxyFsK.exe
2716	oLxJqrT.exe
2920	WkHzdat.exe
1020	sPPiVbT.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 57 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1800-0-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
C:\Windows\system\sVUefXH.exe	upx
\Windows\system\KNcEqtZ.exe	upx
C:\Windows\system\IqWazpw.exe	upx
behavioral1/memory/2212-22-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
\Windows\system\ymnFxRu.exe	upx
behavioral1/memory/2616-20-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2504-19-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
C:\Windows\system\eMdvOPD.exe	upx
C:\Windows\system\qVpppJv.exe	upx
behavioral1/memory/2900-792-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/1800-612-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
C:\Windows\system\pEbEZOf.exe	upx
\Windows\system\YQCekdt.exe	upx
\Windows\system\TWgMLlR.exe	upx
C:\Windows\system\VHtiUKD.exe	upx
C:\Windows\system\dzCSQzs.exe	upx
\Windows\system\EGkzQcG.exe	upx
behavioral1/memory/2568-153-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2580-152-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2560-150-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
C:\Windows\system\HcBOtZq.exe	upx
\Windows\system\UGFmSch.exe	upx
behavioral1/memory/2696-138-0x000000013F100000-0x000000013F454000-memory.dmp	upx
\Windows\system\UcRorzp.exe	upx
\Windows\system\qrODDrj.exe	upx
\Windows\system\YdUnRjV.exe	upx
\Windows\system\ZNMXwDv.exe	upx
\Windows\system\okKTfLs.exe	upx
C:\Windows\system\OtwkNmj.exe	upx
\Windows\system\zhiPrYN.exe	upx
\Windows\system\MEZtczN.exe	upx
\Windows\system\coqLGQW.exe	upx
behavioral1/memory/2644-68-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
C:\Windows\system\JofDlvx.exe	upx
C:\Windows\system\djIkYyF.exe	upx
C:\Windows\system\qCrJszy.exe	upx
behavioral1/memory/2900-37-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
C:\Windows\system\fztzoLe.exe	upx
C:\Windows\system\BLmIMNX.exe	upx
C:\Windows\system\xIvHhEt.exe	upx
C:\Windows\system\rNbdefI.exe	upx
C:\Windows\system\vCtVgvV.exe	upx
C:\Windows\system\yYHCSpw.exe	upx
C:\Windows\system\szXMYNC.exe	upx
C:\Windows\system\UjDWmcy.exe	upx
C:\Windows\system\KtCYcVw.exe	upx
C:\Windows\system\oDSGWZV.exe	upx
C:\Windows\system\pytPZFg.exe	upx
C:\Windows\system\UWiXJAY.exe	upx
behavioral1/memory/2644-3850-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2696-3854-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2560-3856-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2900-3855-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2568-3853-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2580-3852-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2616-3851-0x000000013F440000-0x000000013F794000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\ADFwnHv.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\azDzXzq.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\srxeQVy.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LeShDqW.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FdFAKyB.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uKjQjWz.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RiiOpqo.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oyowNFO.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PMLpAMm.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PCqkLQR.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\atPdKSs.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aCjOtHx.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uwXlLCl.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LPnezIh.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFDEnpB.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HtIVuHb.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPFOwdM.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RhKEDDf.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WIhTDtI.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQTtyBL.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\blDAaLA.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mDtowZz.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vIRUUmc.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ELNthiO.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xsdoQYk.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\afrlxOX.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FcLdyYu.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iVRezSv.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSbMFeF.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\loJnPNj.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ebSzSLR.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xKGMTPz.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BLmIMNX.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SbNxiJC.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\THcsLnh.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QCMsZMr.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pjShwYA.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sTvgpwl.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdvxjrW.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kQxuedD.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UzciaXi.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wmGDvEN.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jOrTJzc.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pLMUIEU.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CSAziJh.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tdduGGH.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrIibmC.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaiYFfa.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpQdSGY.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JhUIpJQ.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LnYyHsW.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uPQkjIk.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HoYMuFS.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kpxqLqO.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JYjqJmz.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xljtvxZ.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SkONJTt.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzCSQzs.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EklLRmY.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VjGMeVP.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZNMXwDv.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yvLLlGY.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GJVBjbu.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qeMalfC.exe	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 1800 wrote to memory of 2504	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	sVUefXH.exe
PID 1800 wrote to memory of 2504	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	sVUefXH.exe
PID 1800 wrote to memory of 2504	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	sVUefXH.exe
PID 1800 wrote to memory of 2616	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	KNcEqtZ.exe
PID 1800 wrote to memory of 2616	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	KNcEqtZ.exe
PID 1800 wrote to memory of 2616	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	KNcEqtZ.exe
PID 1800 wrote to memory of 2212	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	IqWazpw.exe
PID 1800 wrote to memory of 2212	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	IqWazpw.exe
PID 1800 wrote to memory of 2212	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	IqWazpw.exe
PID 1800 wrote to memory of 2644	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	ymnFxRu.exe
PID 1800 wrote to memory of 2644	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	ymnFxRu.exe
PID 1800 wrote to memory of 2644	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	ymnFxRu.exe
PID 1800 wrote to memory of 2900	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	UWiXJAY.exe
PID 1800 wrote to memory of 2900	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	UWiXJAY.exe
PID 1800 wrote to memory of 2900	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	UWiXJAY.exe
PID 1800 wrote to memory of 2660	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	OtwkNmj.exe
PID 1800 wrote to memory of 2660	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	OtwkNmj.exe
PID 1800 wrote to memory of 2660	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	OtwkNmj.exe
PID 1800 wrote to memory of 2696	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	djIkYyF.exe
PID 1800 wrote to memory of 2696	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	djIkYyF.exe
PID 1800 wrote to memory of 2696	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	djIkYyF.exe
PID 1800 wrote to memory of 2572	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	eMdvOPD.exe
PID 1800 wrote to memory of 2572	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	eMdvOPD.exe
PID 1800 wrote to memory of 2572	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	eMdvOPD.exe
PID 1800 wrote to memory of 2560	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	JofDlvx.exe
PID 1800 wrote to memory of 2560	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	JofDlvx.exe
PID 1800 wrote to memory of 2560	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	JofDlvx.exe
PID 1800 wrote to memory of 2700	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	dzCSQzs.exe
PID 1800 wrote to memory of 2700	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	dzCSQzs.exe
PID 1800 wrote to memory of 2700	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	dzCSQzs.exe
PID 1800 wrote to memory of 2580	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	pytPZFg.exe
PID 1800 wrote to memory of 2580	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	pytPZFg.exe
PID 1800 wrote to memory of 2580	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	pytPZFg.exe
PID 1800 wrote to memory of 2540	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	VHtiUKD.exe
PID 1800 wrote to memory of 2540	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	VHtiUKD.exe
PID 1800 wrote to memory of 2540	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	VHtiUKD.exe
PID 1800 wrote to memory of 2568	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	oDSGWZV.exe
PID 1800 wrote to memory of 2568	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	oDSGWZV.exe
PID 1800 wrote to memory of 2568	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	oDSGWZV.exe
PID 1800 wrote to memory of 2656	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	pEbEZOf.exe
PID 1800 wrote to memory of 2656	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	pEbEZOf.exe
PID 1800 wrote to memory of 2656	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	pEbEZOf.exe
PID 1800 wrote to memory of 2164	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	KtCYcVw.exe
PID 1800 wrote to memory of 2164	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	KtCYcVw.exe
PID 1800 wrote to memory of 2164	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	KtCYcVw.exe
PID 1800 wrote to memory of 1676	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	coqLGQW.exe
PID 1800 wrote to memory of 1676	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	coqLGQW.exe
PID 1800 wrote to memory of 1676	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	coqLGQW.exe
PID 1800 wrote to memory of 1112	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	UjDWmcy.exe
PID 1800 wrote to memory of 1112	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	UjDWmcy.exe
PID 1800 wrote to memory of 1112	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	UjDWmcy.exe
PID 1800 wrote to memory of 1380	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	MEZtczN.exe
PID 1800 wrote to memory of 1380	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	MEZtczN.exe
PID 1800 wrote to memory of 1380	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	MEZtczN.exe
PID 1800 wrote to memory of 1404	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	szXMYNC.exe
PID 1800 wrote to memory of 1404	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	szXMYNC.exe
PID 1800 wrote to memory of 1404	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	szXMYNC.exe
PID 1800 wrote to memory of 2604	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	zhiPrYN.exe
PID 1800 wrote to memory of 2604	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	zhiPrYN.exe
PID 1800 wrote to memory of 2604	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	zhiPrYN.exe
PID 1800 wrote to memory of 1440	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	yYHCSpw.exe
PID 1800 wrote to memory of 1440	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	yYHCSpw.exe
PID 1800 wrote to memory of 1440	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	yYHCSpw.exe
PID 1800 wrote to memory of 664	1800	2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe	okKTfLs.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_d78f68cc04f27491885c1c8b811779f8_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Windows\System\sVUefXH.exe
  C:\Windows\System\sVUefXH.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\KNcEqtZ.exe
  C:\Windows\System\KNcEqtZ.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\IqWazpw.exe
  C:\Windows\System\IqWazpw.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\ymnFxRu.exe
  C:\Windows\System\ymnFxRu.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\UWiXJAY.exe
  C:\Windows\System\UWiXJAY.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\OtwkNmj.exe
  C:\Windows\System\OtwkNmj.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\djIkYyF.exe
  C:\Windows\System\djIkYyF.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\eMdvOPD.exe
  C:\Windows\System\eMdvOPD.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\JofDlvx.exe
  C:\Windows\System\JofDlvx.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\dzCSQzs.exe
  C:\Windows\System\dzCSQzs.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\pytPZFg.exe
  C:\Windows\System\pytPZFg.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\VHtiUKD.exe
  C:\Windows\System\VHtiUKD.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\oDSGWZV.exe
  C:\Windows\System\oDSGWZV.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\pEbEZOf.exe
  C:\Windows\System\pEbEZOf.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\KtCYcVw.exe
  C:\Windows\System\KtCYcVw.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\coqLGQW.exe
  C:\Windows\System\coqLGQW.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\UjDWmcy.exe
  C:\Windows\System\UjDWmcy.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\MEZtczN.exe
  C:\Windows\System\MEZtczN.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\szXMYNC.exe
  C:\Windows\System\szXMYNC.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\zhiPrYN.exe
  C:\Windows\System\zhiPrYN.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\yYHCSpw.exe
  C:\Windows\System\yYHCSpw.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\okKTfLs.exe
  C:\Windows\System\okKTfLs.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\vCtVgvV.exe
  C:\Windows\System\vCtVgvV.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\ZNMXwDv.exe
  C:\Windows\System\ZNMXwDv.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\rNbdefI.exe
  C:\Windows\System\rNbdefI.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\YdUnRjV.exe
  C:\Windows\System\YdUnRjV.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\xIvHhEt.exe
  C:\Windows\System\xIvHhEt.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\qrODDrj.exe
  C:\Windows\System\qrODDrj.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\BLmIMNX.exe
  C:\Windows\System\BLmIMNX.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\UcRorzp.exe
  C:\Windows\System\UcRorzp.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\HcBOtZq.exe
  C:\Windows\System\HcBOtZq.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\UGFmSch.exe
  C:\Windows\System\UGFmSch.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\fztzoLe.exe
  C:\Windows\System\fztzoLe.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\EGkzQcG.exe
  C:\Windows\System\EGkzQcG.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\qVpppJv.exe
  C:\Windows\System\qVpppJv.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\TWgMLlR.exe
  C:\Windows\System\TWgMLlR.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\qCrJszy.exe
  C:\Windows\System\qCrJszy.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\YQCekdt.exe
  C:\Windows\System\YQCekdt.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\oEDkSPH.exe
  C:\Windows\System\oEDkSPH.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\aOPySRO.exe
  C:\Windows\System\aOPySRO.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\JMctywP.exe
  C:\Windows\System\JMctywP.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\nUpivqc.exe
  C:\Windows\System\nUpivqc.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\KPhZLBF.exe
  C:\Windows\System\KPhZLBF.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\vrHBiUn.exe
  C:\Windows\System\vrHBiUn.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\VPINdTO.exe
  C:\Windows\System\VPINdTO.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\aRCnslS.exe
  C:\Windows\System\aRCnslS.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\cGeADsr.exe
  C:\Windows\System\cGeADsr.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\SMKhGwQ.exe
  C:\Windows\System\SMKhGwQ.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\nfHlwBm.exe
  C:\Windows\System\nfHlwBm.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\OOSHYqh.exe
  C:\Windows\System\OOSHYqh.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\sUsiJqF.exe
  C:\Windows\System\sUsiJqF.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\uUKkzLe.exe
  C:\Windows\System\uUKkzLe.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\ZmOGboP.exe
  C:\Windows\System\ZmOGboP.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\bVWmPzv.exe
  C:\Windows\System\bVWmPzv.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\qmgfdKa.exe
  C:\Windows\System\qmgfdKa.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\egPsYtx.exe
  C:\Windows\System\egPsYtx.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\saXYlTc.exe
  C:\Windows\System\saXYlTc.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\DKILpJx.exe
  C:\Windows\System\DKILpJx.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\hlsCAjt.exe
  C:\Windows\System\hlsCAjt.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\GvPSeIY.exe
  C:\Windows\System\GvPSeIY.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\PhxyFsK.exe
  C:\Windows\System\PhxyFsK.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\oLxJqrT.exe
  C:\Windows\System\oLxJqrT.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\WkHzdat.exe
  C:\Windows\System\WkHzdat.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\sPPiVbT.exe
  C:\Windows\System\sPPiVbT.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\PWdXkmM.exe
  C:\Windows\System\PWdXkmM.exe
  2⤵
  PID:1984
- C:\Windows\System\tKydWtl.exe
  C:\Windows\System\tKydWtl.exe
  2⤵
  PID:848
- C:\Windows\System\LwGKHKZ.exe
  C:\Windows\System\LwGKHKZ.exe
  2⤵
  PID:1316
- C:\Windows\System\PyGqtdT.exe
  C:\Windows\System\PyGqtdT.exe
  2⤵
  PID:2988
- C:\Windows\System\ZZibpmy.exe
  C:\Windows\System\ZZibpmy.exe
  2⤵
  PID:2760
- C:\Windows\System\hMaDJbu.exe
  C:\Windows\System\hMaDJbu.exe
  2⤵
  PID:1164
- C:\Windows\System\UNinBmy.exe
  C:\Windows\System\UNinBmy.exe
  2⤵
  PID:2872
- C:\Windows\System\AqOEuzi.exe
  C:\Windows\System\AqOEuzi.exe
  2⤵
  PID:2272
- C:\Windows\System\sLooowd.exe
  C:\Windows\System\sLooowd.exe
  2⤵
  PID:1792
- C:\Windows\System\ceDUVQw.exe
  C:\Windows\System\ceDUVQw.exe
  2⤵
  PID:2768
- C:\Windows\System\ySyPrSr.exe
  C:\Windows\System\ySyPrSr.exe
  2⤵
  PID:2352
- C:\Windows\System\UeCGewo.exe
  C:\Windows\System\UeCGewo.exe
  2⤵
  PID:1956
- C:\Windows\System\mXNmADh.exe
  C:\Windows\System\mXNmADh.exe
  2⤵
  PID:2404
- C:\Windows\System\zQXCQcY.exe
  C:\Windows\System\zQXCQcY.exe
  2⤵
  PID:2204
- C:\Windows\System\IvqRLtx.exe
  C:\Windows\System\IvqRLtx.exe
  2⤵
  PID:1572
- C:\Windows\System\PdpKmHh.exe
  C:\Windows\System\PdpKmHh.exe
  2⤵
  PID:1184
- C:\Windows\System\qBSgXnf.exe
  C:\Windows\System\qBSgXnf.exe
  2⤵
  PID:2144
- C:\Windows\System\CavYYmF.exe
  C:\Windows\System\CavYYmF.exe
  2⤵
  PID:2424
- C:\Windows\System\pXZsOjk.exe
  C:\Windows\System\pXZsOjk.exe
  2⤵
  PID:1028
- C:\Windows\System\iJqWluo.exe
  C:\Windows\System\iJqWluo.exe
  2⤵
  PID:1744
- C:\Windows\System\JflMCdJ.exe
  C:\Windows\System\JflMCdJ.exe
  2⤵
  PID:2640
- C:\Windows\System\GZWrrwy.exe
  C:\Windows\System\GZWrrwy.exe
  2⤵
  PID:3000
- C:\Windows\System\rrqJyBu.exe
  C:\Windows\System\rrqJyBu.exe
  2⤵
  PID:2784
- C:\Windows\System\qTkOkKt.exe
  C:\Windows\System\qTkOkKt.exe
  2⤵
  PID:1816
- C:\Windows\System\qnfoFJY.exe
  C:\Windows\System\qnfoFJY.exe
  2⤵
  PID:2100
- C:\Windows\System\gptgjUq.exe
  C:\Windows\System\gptgjUq.exe
  2⤵
  PID:1624
- C:\Windows\System\ANYXNFo.exe
  C:\Windows\System\ANYXNFo.exe
  2⤵
  PID:1384
- C:\Windows\System\WoLMlCk.exe
  C:\Windows\System\WoLMlCk.exe
  2⤵
  PID:2588
- C:\Windows\System\eHEjrei.exe
  C:\Windows\System\eHEjrei.exe
  2⤵
  PID:2976
- C:\Windows\System\CjtfjaC.exe
  C:\Windows\System\CjtfjaC.exe
  2⤵
  PID:1488
- C:\Windows\System\QYsnlaq.exe
  C:\Windows\System\QYsnlaq.exe
  2⤵
  PID:2024
- C:\Windows\System\pqCauwK.exe
  C:\Windows\System\pqCauwK.exe
  2⤵
  PID:1760
- C:\Windows\System\ehGLYco.exe
  C:\Windows\System\ehGLYco.exe
  2⤵
  PID:1012
- C:\Windows\System\chWTiwb.exe
  C:\Windows\System\chWTiwb.exe
  2⤵
  PID:320
- C:\Windows\System\LilAUVx.exe
  C:\Windows\System\LilAUVx.exe
  2⤵
  PID:1644
- C:\Windows\System\RIXTJYj.exe
  C:\Windows\System\RIXTJYj.exe
  2⤵
  PID:3060
- C:\Windows\System\GiBixLY.exe
  C:\Windows\System\GiBixLY.exe
  2⤵
  PID:2448
- C:\Windows\System\oRvLZwB.exe
  C:\Windows\System\oRvLZwB.exe
  2⤵
  PID:1256
- C:\Windows\System\uFePHAG.exe
  C:\Windows\System\uFePHAG.exe
  2⤵
  PID:2544
- C:\Windows\System\eikBNEu.exe
  C:\Windows\System\eikBNEu.exe
  2⤵
  PID:1764
- C:\Windows\System\qXPLZtR.exe
  C:\Windows\System\qXPLZtR.exe
  2⤵
  PID:3076
- C:\Windows\System\hccZIRU.exe
  C:\Windows\System\hccZIRU.exe
  2⤵
  PID:3092
- C:\Windows\System\cvryWsb.exe
  C:\Windows\System\cvryWsb.exe
  2⤵
  PID:3112
- C:\Windows\System\VNBRvmC.exe
  C:\Windows\System\VNBRvmC.exe
  2⤵
  PID:3132
- C:\Windows\System\deAYalf.exe
  C:\Windows\System\deAYalf.exe
  2⤵
  PID:3152
- C:\Windows\System\PtXlzjB.exe
  C:\Windows\System\PtXlzjB.exe
  2⤵
  PID:3172
- C:\Windows\System\PCdHtHD.exe
  C:\Windows\System\PCdHtHD.exe
  2⤵
  PID:3192
- C:\Windows\System\kZPlbsi.exe
  C:\Windows\System\kZPlbsi.exe
  2⤵
  PID:3216
- C:\Windows\System\aySccuj.exe
  C:\Windows\System\aySccuj.exe
  2⤵
  PID:3232
- C:\Windows\System\GKUliBa.exe
  C:\Windows\System\GKUliBa.exe
  2⤵
  PID:3252
- C:\Windows\System\fvuxazA.exe
  C:\Windows\System\fvuxazA.exe
  2⤵
  PID:3272
- C:\Windows\System\lNCIjAZ.exe
  C:\Windows\System\lNCIjAZ.exe
  2⤵
  PID:3292
- C:\Windows\System\MJfNMyf.exe
  C:\Windows\System\MJfNMyf.exe
  2⤵
  PID:3312
- C:\Windows\System\iDNIAKC.exe
  C:\Windows\System\iDNIAKC.exe
  2⤵
  PID:3336
- C:\Windows\System\AJvrrtJ.exe
  C:\Windows\System\AJvrrtJ.exe
  2⤵
  PID:3352
- C:\Windows\System\KlDGvzo.exe
  C:\Windows\System\KlDGvzo.exe
  2⤵
  PID:3376
- C:\Windows\System\CodeEVO.exe
  C:\Windows\System\CodeEVO.exe
  2⤵
  PID:3396
- C:\Windows\System\LPnezIh.exe
  C:\Windows\System\LPnezIh.exe
  2⤵
  PID:3412
- C:\Windows\System\rqDzNyf.exe
  C:\Windows\System\rqDzNyf.exe
  2⤵
  PID:3432
- C:\Windows\System\UMqzBvE.exe
  C:\Windows\System\UMqzBvE.exe
  2⤵
  PID:3456
- C:\Windows\System\qXnwWlL.exe
  C:\Windows\System\qXnwWlL.exe
  2⤵
  PID:3472
- C:\Windows\System\WemAufi.exe
  C:\Windows\System\WemAufi.exe
  2⤵
  PID:3492
- C:\Windows\System\ROJiDqB.exe
  C:\Windows\System\ROJiDqB.exe
  2⤵
  PID:3512
- C:\Windows\System\lIyXVxH.exe
  C:\Windows\System\lIyXVxH.exe
  2⤵
  PID:3536
- C:\Windows\System\PlgtOum.exe
  C:\Windows\System\PlgtOum.exe
  2⤵
  PID:3556
- C:\Windows\System\WIhTDtI.exe
  C:\Windows\System\WIhTDtI.exe
  2⤵
  PID:3576
- C:\Windows\System\yvLLlGY.exe
  C:\Windows\System\yvLLlGY.exe
  2⤵
  PID:3592
- C:\Windows\System\pKdikOJ.exe
  C:\Windows\System\pKdikOJ.exe
  2⤵
  PID:3616
- C:\Windows\System\RWGyHkk.exe
  C:\Windows\System\RWGyHkk.exe
  2⤵
  PID:3636
- C:\Windows\System\ZOyuoxq.exe
  C:\Windows\System\ZOyuoxq.exe
  2⤵
  PID:3656
- C:\Windows\System\NhyKekv.exe
  C:\Windows\System\NhyKekv.exe
  2⤵
  PID:3672
- C:\Windows\System\tIzGQtr.exe
  C:\Windows\System\tIzGQtr.exe
  2⤵
  PID:3692
- C:\Windows\System\xZMquCJ.exe
  C:\Windows\System\xZMquCJ.exe
  2⤵
  PID:3712
- C:\Windows\System\HKkcnpo.exe
  C:\Windows\System\HKkcnpo.exe
  2⤵
  PID:3728
- C:\Windows\System\oKKpHuY.exe
  C:\Windows\System\oKKpHuY.exe
  2⤵
  PID:3756
- C:\Windows\System\wUuCDai.exe
  C:\Windows\System\wUuCDai.exe
  2⤵
  PID:3776
- C:\Windows\System\vQIAIYP.exe
  C:\Windows\System\vQIAIYP.exe
  2⤵
  PID:3796
- C:\Windows\System\nIWcLTZ.exe
  C:\Windows\System\nIWcLTZ.exe
  2⤵
  PID:3812
- C:\Windows\System\XIgavzC.exe
  C:\Windows\System\XIgavzC.exe
  2⤵
  PID:3832
- C:\Windows\System\IrcTIYi.exe
  C:\Windows\System\IrcTIYi.exe
  2⤵
  PID:3856
- C:\Windows\System\uLcOBnU.exe
  C:\Windows\System\uLcOBnU.exe
  2⤵
  PID:3876
- C:\Windows\System\Hwxeusr.exe
  C:\Windows\System\Hwxeusr.exe
  2⤵
  PID:3896
- C:\Windows\System\OtnuCXB.exe
  C:\Windows\System\OtnuCXB.exe
  2⤵
  PID:3916
- C:\Windows\System\eVNEymH.exe
  C:\Windows\System\eVNEymH.exe
  2⤵
  PID:3936
- C:\Windows\System\oDgQTNB.exe
  C:\Windows\System\oDgQTNB.exe
  2⤵
  PID:3952
- C:\Windows\System\KcNWeWh.exe
  C:\Windows\System\KcNWeWh.exe
  2⤵
  PID:3972
- C:\Windows\System\hirdodb.exe
  C:\Windows\System\hirdodb.exe
  2⤵
  PID:3996
- C:\Windows\System\QOwcaru.exe
  C:\Windows\System\QOwcaru.exe
  2⤵
  PID:4016
- C:\Windows\System\UAHuxEt.exe
  C:\Windows\System\UAHuxEt.exe
  2⤵
  PID:4036
- C:\Windows\System\rvScWNa.exe
  C:\Windows\System\rvScWNa.exe
  2⤵
  PID:4052
- C:\Windows\System\SbNxiJC.exe
  C:\Windows\System\SbNxiJC.exe
  2⤵
  PID:4072
- C:\Windows\System\SpTVsCe.exe
  C:\Windows\System\SpTVsCe.exe
  2⤵
  PID:276
- C:\Windows\System\LNvsnPs.exe
  C:\Windows\System\LNvsnPs.exe
  2⤵
  PID:1704
- C:\Windows\System\TRUPPOn.exe
  C:\Windows\System\TRUPPOn.exe
  2⤵
  PID:2556
- C:\Windows\System\PrZMogi.exe
  C:\Windows\System\PrZMogi.exe
  2⤵
  PID:2380
- C:\Windows\System\iUMxjre.exe
  C:\Windows\System\iUMxjre.exe
  2⤵
  PID:1756
- C:\Windows\System\PmNKPvP.exe
  C:\Windows\System\PmNKPvP.exe
  2⤵
  PID:2348
- C:\Windows\System\seSNLoH.exe
  C:\Windows\System\seSNLoH.exe
  2⤵
  PID:1720
- C:\Windows\System\sTvgpwl.exe
  C:\Windows\System\sTvgpwl.exe
  2⤵
  PID:2104
- C:\Windows\System\gpYtKHx.exe
  C:\Windows\System\gpYtKHx.exe
  2⤵
  PID:2496
- C:\Windows\System\OggeQWF.exe
  C:\Windows\System\OggeQWF.exe
  2⤵
  PID:2408
- C:\Windows\System\BQmBSlx.exe
  C:\Windows\System\BQmBSlx.exe
  2⤵
  PID:3084
- C:\Windows\System\axsnHnl.exe
  C:\Windows\System\axsnHnl.exe
  2⤵
  PID:2772
- C:\Windows\System\FTCPZSt.exe
  C:\Windows\System\FTCPZSt.exe
  2⤵
  PID:3168
- C:\Windows\System\edEIHYs.exe
  C:\Windows\System\edEIHYs.exe
  2⤵
  PID:3108
- C:\Windows\System\gdnFTfL.exe
  C:\Windows\System\gdnFTfL.exe
  2⤵
  PID:3240
- C:\Windows\System\ZcblTyX.exe
  C:\Windows\System\ZcblTyX.exe
  2⤵
  PID:3244
- C:\Windows\System\hTnppFS.exe
  C:\Windows\System\hTnppFS.exe
  2⤵
  PID:3268
- C:\Windows\System\otDKVyi.exe
  C:\Windows\System\otDKVyi.exe
  2⤵
  PID:3332
- C:\Windows\System\CMIriHY.exe
  C:\Windows\System\CMIriHY.exe
  2⤵
  PID:3360
- C:\Windows\System\AlveSEJ.exe
  C:\Windows\System\AlveSEJ.exe
  2⤵
  PID:3364
- C:\Windows\System\tEVDmHm.exe
  C:\Windows\System\tEVDmHm.exe
  2⤵
  PID:3408
- C:\Windows\System\OFDEnpB.exe
  C:\Windows\System\OFDEnpB.exe
  2⤵
  PID:3444
- C:\Windows\System\ivauTrt.exe
  C:\Windows\System\ivauTrt.exe
  2⤵
  PID:3484
- C:\Windows\System\qjQyRrz.exe
  C:\Windows\System\qjQyRrz.exe
  2⤵
  PID:3500
- C:\Windows\System\WDQxSek.exe
  C:\Windows\System\WDQxSek.exe
  2⤵
  PID:3528
- C:\Windows\System\zOwyjPX.exe
  C:\Windows\System\zOwyjPX.exe
  2⤵
  PID:3552
- C:\Windows\System\nMjxZnR.exe
  C:\Windows\System\nMjxZnR.exe
  2⤵
  PID:3604
- C:\Windows\System\ZIxoghU.exe
  C:\Windows\System\ZIxoghU.exe
  2⤵
  PID:3624
- C:\Windows\System\ZWkigtf.exe
  C:\Windows\System\ZWkigtf.exe
  2⤵
  PID:3688
- C:\Windows\System\eUJQfZl.exe
  C:\Windows\System\eUJQfZl.exe
  2⤵
  PID:3704
- C:\Windows\System\ytDqsSg.exe
  C:\Windows\System\ytDqsSg.exe
  2⤵
  PID:3764
- C:\Windows\System\FUalDXN.exe
  C:\Windows\System\FUalDXN.exe
  2⤵
  PID:3772
- C:\Windows\System\UsOEHwU.exe
  C:\Windows\System\UsOEHwU.exe
  2⤵
  PID:3792
- C:\Windows\System\NfOMtES.exe
  C:\Windows\System\NfOMtES.exe
  2⤵
  PID:3820
- C:\Windows\System\JIyTabJ.exe
  C:\Windows\System\JIyTabJ.exe
  2⤵
  PID:3872
- C:\Windows\System\cmWlQGa.exe
  C:\Windows\System\cmWlQGa.exe
  2⤵
  PID:3908
- C:\Windows\System\lemfHiz.exe
  C:\Windows\System\lemfHiz.exe
  2⤵
  PID:3968
- C:\Windows\System\BUnXvDR.exe
  C:\Windows\System\BUnXvDR.exe
  2⤵
  PID:4004
- C:\Windows\System\YIVseUJ.exe
  C:\Windows\System\YIVseUJ.exe
  2⤵
  PID:4008
- C:\Windows\System\pDNLAJC.exe
  C:\Windows\System\pDNLAJC.exe
  2⤵
  PID:4032
- C:\Windows\System\ZBpzzcr.exe
  C:\Windows\System\ZBpzzcr.exe
  2⤵
  PID:4068
- C:\Windows\System\YUrzLRH.exe
  C:\Windows\System\YUrzLRH.exe
  2⤵
  PID:2816
- C:\Windows\System\LnYyHsW.exe
  C:\Windows\System\LnYyHsW.exe
  2⤵
  PID:2820
- C:\Windows\System\oRhtzvM.exe
  C:\Windows\System\oRhtzvM.exe
  2⤵
  PID:2468
- C:\Windows\System\KwJLzbX.exe
  C:\Windows\System\KwJLzbX.exe
  2⤵
  PID:792
- C:\Windows\System\LCanAlO.exe
  C:\Windows\System\LCanAlO.exe
  2⤵
  PID:692
- C:\Windows\System\Bbqqnti.exe
  C:\Windows\System\Bbqqnti.exe
  2⤵
  PID:1368
- C:\Windows\System\kcYBZCY.exe
  C:\Windows\System\kcYBZCY.exe
  2⤵
  PID:3120
- C:\Windows\System\GpEeACY.exe
  C:\Windows\System\GpEeACY.exe
  2⤵
  PID:3212
- C:\Windows\System\MSUMFtM.exe
  C:\Windows\System\MSUMFtM.exe
  2⤵
  PID:3100
- C:\Windows\System\hOAydvL.exe
  C:\Windows\System\hOAydvL.exe
  2⤵
  PID:3224
- C:\Windows\System\dVRzCqM.exe
  C:\Windows\System\dVRzCqM.exe
  2⤵
  PID:3300
- C:\Windows\System\KewWAlW.exe
  C:\Windows\System\KewWAlW.exe
  2⤵
  PID:3372
- C:\Windows\System\ffVUGVm.exe
  C:\Windows\System\ffVUGVm.exe
  2⤵
  PID:3448
- C:\Windows\System\dcYNVqI.exe
  C:\Windows\System\dcYNVqI.exe
  2⤵
  PID:3524
- C:\Windows\System\bzSSYTV.exe
  C:\Windows\System\bzSSYTV.exe
  2⤵
  PID:3584
- C:\Windows\System\vziDHra.exe
  C:\Windows\System\vziDHra.exe
  2⤵
  PID:3548
- C:\Windows\System\uwXzrzE.exe
  C:\Windows\System\uwXzrzE.exe
  2⤵
  PID:3632
- C:\Windows\System\snuGVll.exe
  C:\Windows\System\snuGVll.exe
  2⤵
  PID:3700
- C:\Windows\System\QVJChhc.exe
  C:\Windows\System\QVJChhc.exe
  2⤵
  PID:3668
- C:\Windows\System\VmGjWou.exe
  C:\Windows\System\VmGjWou.exe
  2⤵
  PID:3804
- C:\Windows\System\SQRxfBK.exe
  C:\Windows\System\SQRxfBK.exe
  2⤵
  PID:3844
- C:\Windows\System\uBwBIcx.exe
  C:\Windows\System\uBwBIcx.exe
  2⤵
  PID:3888
- C:\Windows\System\YeCYlIn.exe
  C:\Windows\System\YeCYlIn.exe
  2⤵
  PID:3948
- C:\Windows\System\phNSart.exe
  C:\Windows\System\phNSart.exe
  2⤵
  PID:4080
- C:\Windows\System\YbmPNmp.exe
  C:\Windows\System\YbmPNmp.exe
  2⤵
  PID:3988
- C:\Windows\System\FehqWbd.exe
  C:\Windows\System\FehqWbd.exe
  2⤵
  PID:4088
- C:\Windows\System\Qaklzsr.exe
  C:\Windows\System\Qaklzsr.exe
  2⤵
  PID:896
- C:\Windows\System\SOaaWFN.exe
  C:\Windows\System\SOaaWFN.exe
  2⤵
  PID:2112
- C:\Windows\System\mXaCaPq.exe
  C:\Windows\System\mXaCaPq.exe
  2⤵
  PID:2732
- C:\Windows\System\bkOVYyF.exe
  C:\Windows\System\bkOVYyF.exe
  2⤵
  PID:2184
- C:\Windows\System\dCJnjTR.exe
  C:\Windows\System\dCJnjTR.exe
  2⤵
  PID:3208
- C:\Windows\System\hBcEPQH.exe
  C:\Windows\System\hBcEPQH.exe
  2⤵
  PID:3148
- C:\Windows\System\VigQFRw.exe
  C:\Windows\System\VigQFRw.exe
  2⤵
  PID:3284
- C:\Windows\System\MrIibmC.exe
  C:\Windows\System\MrIibmC.exe
  2⤵
  PID:3572
- C:\Windows\System\wNguAis.exe
  C:\Windows\System\wNguAis.exe
  2⤵
  PID:3740
- C:\Windows\System\EORHvsq.exe
  C:\Windows\System\EORHvsq.exe
  2⤵
  PID:3392
- C:\Windows\System\XiXSsvb.exe
  C:\Windows\System\XiXSsvb.exe
  2⤵
  PID:3904
- C:\Windows\System\mSEwwtA.exe
  C:\Windows\System\mSEwwtA.exe
  2⤵
  PID:4048
- C:\Windows\System\iCGmtfj.exe
  C:\Windows\System\iCGmtfj.exe
  2⤵
  PID:2672
- C:\Windows\System\WLuhGhz.exe
  C:\Windows\System\WLuhGhz.exe
  2⤵
  PID:3864
- C:\Windows\System\GywhlWF.exe
  C:\Windows\System\GywhlWF.exe
  2⤵
  PID:4112
- C:\Windows\System\HOTRhPs.exe
  C:\Windows\System\HOTRhPs.exe
  2⤵
  PID:4136
- C:\Windows\System\CzDhjJT.exe
  C:\Windows\System\CzDhjJT.exe
  2⤵
  PID:4156
- C:\Windows\System\GQHEGli.exe
  C:\Windows\System\GQHEGli.exe
  2⤵
  PID:4172
- C:\Windows\System\ozzMeez.exe
  C:\Windows\System\ozzMeez.exe
  2⤵
  PID:4196
- C:\Windows\System\RRtsNAE.exe
  C:\Windows\System\RRtsNAE.exe
  2⤵
  PID:4212
- C:\Windows\System\IELKlHH.exe
  C:\Windows\System\IELKlHH.exe
  2⤵
  PID:4228
- C:\Windows\System\BDhWtpc.exe
  C:\Windows\System\BDhWtpc.exe
  2⤵
  PID:4248
- C:\Windows\System\VbqWXfE.exe
  C:\Windows\System\VbqWXfE.exe
  2⤵
  PID:4268
- C:\Windows\System\tkMrFhJ.exe
  C:\Windows\System\tkMrFhJ.exe
  2⤵
  PID:4284
- C:\Windows\System\bblsilI.exe
  C:\Windows\System\bblsilI.exe
  2⤵
  PID:4300
- C:\Windows\System\MFuBnJY.exe
  C:\Windows\System\MFuBnJY.exe
  2⤵
  PID:4324
- C:\Windows\System\EklLRmY.exe
  C:\Windows\System\EklLRmY.exe
  2⤵
  PID:4356
- C:\Windows\System\ZYDkajK.exe
  C:\Windows\System\ZYDkajK.exe
  2⤵
  PID:4376
- C:\Windows\System\fgCaDMJ.exe
  C:\Windows\System\fgCaDMJ.exe
  2⤵
  PID:4392
- C:\Windows\System\djeNFqZ.exe
  C:\Windows\System\djeNFqZ.exe
  2⤵
  PID:4408
- C:\Windows\System\AImySHY.exe
  C:\Windows\System\AImySHY.exe
  2⤵
  PID:4424
- C:\Windows\System\qtxbRpu.exe
  C:\Windows\System\qtxbRpu.exe
  2⤵
  PID:4448
- C:\Windows\System\OSxYxYr.exe
  C:\Windows\System\OSxYxYr.exe
  2⤵
  PID:4476
- C:\Windows\System\ZhLNzdI.exe
  C:\Windows\System\ZhLNzdI.exe
  2⤵
  PID:4496
- C:\Windows\System\RaHdgWI.exe
  C:\Windows\System\RaHdgWI.exe
  2⤵
  PID:4512
- C:\Windows\System\FcFDKSB.exe
  C:\Windows\System\FcFDKSB.exe
  2⤵
  PID:4536
- C:\Windows\System\rhLpdbS.exe
  C:\Windows\System\rhLpdbS.exe
  2⤵
  PID:4556
- C:\Windows\System\XfxkqMK.exe
  C:\Windows\System\XfxkqMK.exe
  2⤵
  PID:4572
- C:\Windows\System\HexyZdG.exe
  C:\Windows\System\HexyZdG.exe
  2⤵
  PID:4592
- C:\Windows\System\vfWmlgL.exe
  C:\Windows\System\vfWmlgL.exe
  2⤵
  PID:4616
- C:\Windows\System\dojZXEa.exe
  C:\Windows\System\dojZXEa.exe
  2⤵
  PID:4636
- C:\Windows\System\HZsqYMu.exe
  C:\Windows\System\HZsqYMu.exe
  2⤵
  PID:4656
- C:\Windows\System\XrfhBOo.exe
  C:\Windows\System\XrfhBOo.exe
  2⤵
  PID:4680
- C:\Windows\System\SuMyVce.exe
  C:\Windows\System\SuMyVce.exe
  2⤵
  PID:4696
- C:\Windows\System\pnWwAof.exe
  C:\Windows\System\pnWwAof.exe
  2⤵
  PID:4716
- C:\Windows\System\qJNKFPz.exe
  C:\Windows\System\qJNKFPz.exe
  2⤵
  PID:4740
- C:\Windows\System\olBXsBA.exe
  C:\Windows\System\olBXsBA.exe
  2⤵
  PID:4756
- C:\Windows\System\AcYxkoV.exe
  C:\Windows\System\AcYxkoV.exe
  2⤵
  PID:4780
- C:\Windows\System\wkBsZSW.exe
  C:\Windows\System\wkBsZSW.exe
  2⤵
  PID:4800
- C:\Windows\System\reRERYV.exe
  C:\Windows\System\reRERYV.exe
  2⤵
  PID:4820
- C:\Windows\System\ezlBSoI.exe
  C:\Windows\System\ezlBSoI.exe
  2⤵
  PID:4840
- C:\Windows\System\CUvLOTI.exe
  C:\Windows\System\CUvLOTI.exe
  2⤵
  PID:4860
- C:\Windows\System\LPhlHmn.exe
  C:\Windows\System\LPhlHmn.exe
  2⤵
  PID:4880
- C:\Windows\System\CRLKrAK.exe
  C:\Windows\System\CRLKrAK.exe
  2⤵
  PID:4896
- C:\Windows\System\QujLHRh.exe
  C:\Windows\System\QujLHRh.exe
  2⤵
  PID:4920
- C:\Windows\System\bxKJTOF.exe
  C:\Windows\System\bxKJTOF.exe
  2⤵
  PID:4940
- C:\Windows\System\lKXWSmX.exe
  C:\Windows\System\lKXWSmX.exe
  2⤵
  PID:4960
- C:\Windows\System\uPQkjIk.exe
  C:\Windows\System\uPQkjIk.exe
  2⤵
  PID:4980
- C:\Windows\System\zjBAKKI.exe
  C:\Windows\System\zjBAKKI.exe
  2⤵
  PID:5000
- C:\Windows\System\ZFDxnPC.exe
  C:\Windows\System\ZFDxnPC.exe
  2⤵
  PID:5020
- C:\Windows\System\mGQiaDG.exe
  C:\Windows\System\mGQiaDG.exe
  2⤵
  PID:5040
- C:\Windows\System\ZoKTkVs.exe
  C:\Windows\System\ZoKTkVs.exe
  2⤵
  PID:5056
- C:\Windows\System\IzCkYkw.exe
  C:\Windows\System\IzCkYkw.exe
  2⤵
  PID:5076
- C:\Windows\System\JzRyJxk.exe
  C:\Windows\System\JzRyJxk.exe
  2⤵
  PID:5092
- C:\Windows\System\CfTHqQV.exe
  C:\Windows\System\CfTHqQV.exe
  2⤵
  PID:5108
- C:\Windows\System\GJVBjbu.exe
  C:\Windows\System\GJVBjbu.exe
  2⤵
  PID:4064
- C:\Windows\System\OuSOkkh.exe
  C:\Windows\System\OuSOkkh.exe
  2⤵
  PID:2296
- C:\Windows\System\CzmvoXn.exe
  C:\Windows\System\CzmvoXn.exe
  2⤵
  PID:3260
- C:\Windows\System\FyvIGEG.exe
  C:\Windows\System\FyvIGEG.exe
  2⤵
  PID:3420
- C:\Windows\System\YxjbPSH.exe
  C:\Windows\System\YxjbPSH.exe
  2⤵
  PID:3808
- C:\Windows\System\gZgEniO.exe
  C:\Windows\System\gZgEniO.exe
  2⤵
  PID:3664
- C:\Windows\System\lAtUPdP.exe
  C:\Windows\System\lAtUPdP.exe
  2⤵
  PID:3892
- C:\Windows\System\nnXysjd.exe
  C:\Windows\System\nnXysjd.exe
  2⤵
  PID:3848
- C:\Windows\System\zVMpHIe.exe
  C:\Windows\System\zVMpHIe.exe
  2⤵
  PID:3532
- C:\Windows\System\KuCsqob.exe
  C:\Windows\System\KuCsqob.exe
  2⤵
  PID:3508
- C:\Windows\System\blUxWdw.exe
  C:\Windows\System\blUxWdw.exe
  2⤵
  PID:4148
- C:\Windows\System\eiPqNvg.exe
  C:\Windows\System\eiPqNvg.exe
  2⤵
  PID:4236
- C:\Windows\System\UDhRHLo.exe
  C:\Windows\System\UDhRHLo.exe
  2⤵
  PID:4280
- C:\Windows\System\JchnbZJ.exe
  C:\Windows\System\JchnbZJ.exe
  2⤵
  PID:4320
- C:\Windows\System\xApczld.exe
  C:\Windows\System\xApczld.exe
  2⤵
  PID:4296
- C:\Windows\System\SQWYAQO.exe
  C:\Windows\System\SQWYAQO.exe
  2⤵
  PID:4220
- C:\Windows\System\HlqWomM.exe
  C:\Windows\System\HlqWomM.exe
  2⤵
  PID:4340
- C:\Windows\System\QxWMkPe.exe
  C:\Windows\System\QxWMkPe.exe
  2⤵
  PID:4404
- C:\Windows\System\TJhZFVM.exe
  C:\Windows\System\TJhZFVM.exe
  2⤵
  PID:4420
- C:\Windows\System\iLrLjtj.exe
  C:\Windows\System\iLrLjtj.exe
  2⤵
  PID:4384
- C:\Windows\System\Vecnvhh.exe
  C:\Windows\System\Vecnvhh.exe
  2⤵
  PID:4488
- C:\Windows\System\LOsHoid.exe
  C:\Windows\System\LOsHoid.exe
  2⤵
  PID:4528
- C:\Windows\System\FcLdyYu.exe
  C:\Windows\System\FcLdyYu.exe
  2⤵
  PID:4568
- C:\Windows\System\jcPhPPE.exe
  C:\Windows\System\jcPhPPE.exe
  2⤵
  PID:4604
- C:\Windows\System\TpUFvMH.exe
  C:\Windows\System\TpUFvMH.exe
  2⤵
  PID:4624
- C:\Windows\System\LbzmMox.exe
  C:\Windows\System\LbzmMox.exe
  2⤵
  PID:4664
- C:\Windows\System\zsQJKgz.exe
  C:\Windows\System\zsQJKgz.exe
  2⤵
  PID:4724
- C:\Windows\System\EBuBJYH.exe
  C:\Windows\System\EBuBJYH.exe
  2⤵
  PID:4708
- C:\Windows\System\oKsCnoe.exe
  C:\Windows\System\oKsCnoe.exe
  2⤵
  PID:4772
- C:\Windows\System\SyGCYpR.exe
  C:\Windows\System\SyGCYpR.exe
  2⤵
  PID:4816
- C:\Windows\System\MdmKUYX.exe
  C:\Windows\System\MdmKUYX.exe
  2⤵
  PID:4852
- C:\Windows\System\pJvwWXp.exe
  C:\Windows\System\pJvwWXp.exe
  2⤵
  PID:4932
- C:\Windows\System\ZRMVxAF.exe
  C:\Windows\System\ZRMVxAF.exe
  2⤵
  PID:4792
- C:\Windows\System\GznbohU.exe
  C:\Windows\System\GznbohU.exe
  2⤵
  PID:4876
- C:\Windows\System\NWGcoDn.exe
  C:\Windows\System\NWGcoDn.exe
  2⤵
  PID:4912
- C:\Windows\System\JjahTMd.exe
  C:\Windows\System\JjahTMd.exe
  2⤵
  PID:5088
- C:\Windows\System\PMLpAMm.exe
  C:\Windows\System\PMLpAMm.exe
  2⤵
  PID:4948
- C:\Windows\System\iSQzUUf.exe
  C:\Windows\System\iSQzUUf.exe
  2⤵
  PID:4992
- C:\Windows\System\ICqCXdt.exe
  C:\Windows\System\ICqCXdt.exe
  2⤵
  PID:5064
- C:\Windows\System\nuzwiBB.exe
  C:\Windows\System\nuzwiBB.exe
  2⤵
  PID:2564
- C:\Windows\System\YHEvPwf.exe
  C:\Windows\System\YHEvPwf.exe
  2⤵
  PID:3248
- C:\Windows\System\RHzDarC.exe
  C:\Windows\System\RHzDarC.exe
  2⤵
  PID:1528
- C:\Windows\System\klsEYKl.exe
  C:\Windows\System\klsEYKl.exe
  2⤵
  PID:2840
- C:\Windows\System\xvJYhCY.exe
  C:\Windows\System\xvJYhCY.exe
  2⤵
  PID:3680
- C:\Windows\System\AYJmeZu.exe
  C:\Windows\System\AYJmeZu.exe
  2⤵
  PID:4012
- C:\Windows\System\UaiYFfa.exe
  C:\Windows\System\UaiYFfa.exe
  2⤵
  PID:4276
- C:\Windows\System\NxTfNeg.exe
  C:\Windows\System\NxTfNeg.exe
  2⤵
  PID:4168
- C:\Windows\System\UPTKMXZ.exe
  C:\Windows\System\UPTKMXZ.exe
  2⤵
  PID:4292
- C:\Windows\System\sbqjAHm.exe
  C:\Windows\System\sbqjAHm.exe
  2⤵
  PID:4336
- C:\Windows\System\XWHMLbb.exe
  C:\Windows\System\XWHMLbb.exe
  2⤵
  PID:4224
- C:\Windows\System\WOHWRmm.exe
  C:\Windows\System\WOHWRmm.exe
  2⤵
  PID:4484
- C:\Windows\System\PIVtQUQ.exe
  C:\Windows\System\PIVtQUQ.exe
  2⤵
  PID:4464
- C:\Windows\System\DSBNMzH.exe
  C:\Windows\System\DSBNMzH.exe
  2⤵
  PID:4580
- C:\Windows\System\yKUWmOE.exe
  C:\Windows\System\yKUWmOE.exe
  2⤵
  PID:4520
- C:\Windows\System\geEBdbi.exe
  C:\Windows\System\geEBdbi.exe
  2⤵
  PID:4688
- C:\Windows\System\sjvrvxF.exe
  C:\Windows\System\sjvrvxF.exe
  2⤵
  PID:4712
- C:\Windows\System\qNHwyul.exe
  C:\Windows\System\qNHwyul.exe
  2⤵
  PID:4848
- C:\Windows\System\tOxCbtK.exe
  C:\Windows\System\tOxCbtK.exe
  2⤵
  PID:4652
- C:\Windows\System\LdaGnVx.exe
  C:\Windows\System\LdaGnVx.exe
  2⤵
  PID:4972
- C:\Windows\System\XbTGUYU.exe
  C:\Windows\System\XbTGUYU.exe
  2⤵
  PID:4928
- C:\Windows\System\DyJVZgz.exe
  C:\Windows\System\DyJVZgz.exe
  2⤵
  PID:3928
- C:\Windows\System\YXqTNeG.exe
  C:\Windows\System\YXqTNeG.exe
  2⤵
  PID:5016
- C:\Windows\System\KKEZINf.exe
  C:\Windows\System\KKEZINf.exe
  2⤵
  PID:5036
- C:\Windows\System\OYgwspL.exe
  C:\Windows\System\OYgwspL.exe
  2⤵
  PID:1168
- C:\Windows\System\qeMalfC.exe
  C:\Windows\System\qeMalfC.exe
  2⤵
  PID:5104
- C:\Windows\System\kpxqLqO.exe
  C:\Windows\System\kpxqLqO.exe
  2⤵
  PID:3384
- C:\Windows\System\MHPfhEK.exe
  C:\Windows\System\MHPfhEK.exe
  2⤵
  PID:4124
- C:\Windows\System\djqLbJn.exe
  C:\Windows\System\djqLbJn.exe
  2⤵
  PID:4184
- C:\Windows\System\MohiHSb.exe
  C:\Windows\System\MohiHSb.exe
  2⤵
  PID:4188
- C:\Windows\System\jeNqDby.exe
  C:\Windows\System\jeNqDby.exe
  2⤵
  PID:4208
- C:\Windows\System\zZQSPxZ.exe
  C:\Windows\System\zZQSPxZ.exe
  2⤵
  PID:4436
- C:\Windows\System\AdoVPte.exe
  C:\Windows\System\AdoVPte.exe
  2⤵
  PID:2680
- C:\Windows\System\dCsJoAU.exe
  C:\Windows\System\dCsJoAU.exe
  2⤵
  PID:5136
- C:\Windows\System\mBXqayI.exe
  C:\Windows\System\mBXqayI.exe
  2⤵
  PID:5160
- C:\Windows\System\EJKJOBq.exe
  C:\Windows\System\EJKJOBq.exe
  2⤵
  PID:5184
- C:\Windows\System\uiQbLuF.exe
  C:\Windows\System\uiQbLuF.exe
  2⤵
  PID:5204
- C:\Windows\System\QyKhnpS.exe
  C:\Windows\System\QyKhnpS.exe
  2⤵
  PID:5224
- C:\Windows\System\WLaWuAZ.exe
  C:\Windows\System\WLaWuAZ.exe
  2⤵
  PID:5244
- C:\Windows\System\kkRPITH.exe
  C:\Windows\System\kkRPITH.exe
  2⤵
  PID:5264
- C:\Windows\System\XAIQAwx.exe
  C:\Windows\System\XAIQAwx.exe
  2⤵
  PID:5284
- C:\Windows\System\gPyTcyI.exe
  C:\Windows\System\gPyTcyI.exe
  2⤵
  PID:5304
- C:\Windows\System\BRskuZh.exe
  C:\Windows\System\BRskuZh.exe
  2⤵
  PID:5324
- C:\Windows\System\yphveMc.exe
  C:\Windows\System\yphveMc.exe
  2⤵
  PID:5344
- C:\Windows\System\savzzWd.exe
  C:\Windows\System\savzzWd.exe
  2⤵
  PID:5364
- C:\Windows\System\ShWANbC.exe
  C:\Windows\System\ShWANbC.exe
  2⤵
  PID:5384
- C:\Windows\System\tCLbMBw.exe
  C:\Windows\System\tCLbMBw.exe
  2⤵
  PID:5400
- C:\Windows\System\vWBfFQj.exe
  C:\Windows\System\vWBfFQj.exe
  2⤵
  PID:5424
- C:\Windows\System\wQFlfSe.exe
  C:\Windows\System\wQFlfSe.exe
  2⤵
  PID:5444
- C:\Windows\System\VJrIkPx.exe
  C:\Windows\System\VJrIkPx.exe
  2⤵
  PID:5464
- C:\Windows\System\ktXNxgh.exe
  C:\Windows\System\ktXNxgh.exe
  2⤵
  PID:5484
- C:\Windows\System\RBZgvPe.exe
  C:\Windows\System\RBZgvPe.exe
  2⤵
  PID:5504
- C:\Windows\System\FaXGszc.exe
  C:\Windows\System\FaXGszc.exe
  2⤵
  PID:5524
- C:\Windows\System\xsdoQYk.exe
  C:\Windows\System\xsdoQYk.exe
  2⤵
  PID:5544
- C:\Windows\System\fiXMwmk.exe
  C:\Windows\System\fiXMwmk.exe
  2⤵
  PID:5564
- C:\Windows\System\FMSeCQY.exe
  C:\Windows\System\FMSeCQY.exe
  2⤵
  PID:5584
- C:\Windows\System\OLLzCrf.exe
  C:\Windows\System\OLLzCrf.exe
  2⤵
  PID:5600
- C:\Windows\System\pWSvYDc.exe
  C:\Windows\System\pWSvYDc.exe
  2⤵
  PID:5624
- C:\Windows\System\lfVFIep.exe
  C:\Windows\System\lfVFIep.exe
  2⤵
  PID:5644
- C:\Windows\System\GgrzMLg.exe
  C:\Windows\System\GgrzMLg.exe
  2⤵
  PID:5664
- C:\Windows\System\rDhzrML.exe
  C:\Windows\System\rDhzrML.exe
  2⤵
  PID:5684
- C:\Windows\System\IMQueim.exe
  C:\Windows\System\IMQueim.exe
  2⤵
  PID:5704
- C:\Windows\System\JYjqJmz.exe
  C:\Windows\System\JYjqJmz.exe
  2⤵
  PID:5724
- C:\Windows\System\ExcxpIb.exe
  C:\Windows\System\ExcxpIb.exe
  2⤵
  PID:5740
- C:\Windows\System\bDuMevA.exe
  C:\Windows\System\bDuMevA.exe
  2⤵
  PID:5764
- C:\Windows\System\wqoiXwX.exe
  C:\Windows\System\wqoiXwX.exe
  2⤵
  PID:5784
- C:\Windows\System\EVddzeZ.exe
  C:\Windows\System\EVddzeZ.exe
  2⤵
  PID:5804
- C:\Windows\System\BOrUhXn.exe
  C:\Windows\System\BOrUhXn.exe
  2⤵
  PID:5824
- C:\Windows\System\RIMjEPU.exe
  C:\Windows\System\RIMjEPU.exe
  2⤵
  PID:5844
- C:\Windows\System\fnDjmwv.exe
  C:\Windows\System\fnDjmwv.exe
  2⤵
  PID:5864
- C:\Windows\System\wbYOnFL.exe
  C:\Windows\System\wbYOnFL.exe
  2⤵
  PID:5884
- C:\Windows\System\PNdSbdQ.exe
  C:\Windows\System\PNdSbdQ.exe
  2⤵
  PID:5904
- C:\Windows\System\XJAjOlB.exe
  C:\Windows\System\XJAjOlB.exe
  2⤵
  PID:5924
- C:\Windows\System\QKUhlta.exe
  C:\Windows\System\QKUhlta.exe
  2⤵
  PID:5944
- C:\Windows\System\tbEuDgP.exe
  C:\Windows\System\tbEuDgP.exe
  2⤵
  PID:5964
- C:\Windows\System\SBHExBP.exe
  C:\Windows\System\SBHExBP.exe
  2⤵
  PID:5984
- C:\Windows\System\OqtEfNb.exe
  C:\Windows\System\OqtEfNb.exe
  2⤵
  PID:6004
- C:\Windows\System\WOTgjXl.exe
  C:\Windows\System\WOTgjXl.exe
  2⤵
  PID:6024
- C:\Windows\System\TKhHGCD.exe
  C:\Windows\System\TKhHGCD.exe
  2⤵
  PID:6044
- C:\Windows\System\GeytLus.exe
  C:\Windows\System\GeytLus.exe
  2⤵
  PID:6064
- C:\Windows\System\UnhAfgN.exe
  C:\Windows\System\UnhAfgN.exe
  2⤵
  PID:6084
- C:\Windows\System\CJmJekk.exe
  C:\Windows\System\CJmJekk.exe
  2⤵
  PID:6104
- C:\Windows\System\IfithxN.exe
  C:\Windows\System\IfithxN.exe
  2⤵
  PID:6124
- C:\Windows\System\JHuKpaQ.exe
  C:\Windows\System\JHuKpaQ.exe
  2⤵
  PID:1620
- C:\Windows\System\jGjFIBQ.exe
  C:\Windows\System\jGjFIBQ.exe
  2⤵
  PID:4352
- C:\Windows\System\SbPqqIM.exe
  C:\Windows\System\SbPqqIM.exe
  2⤵
  PID:4388
- C:\Windows\System\AhfkUjO.exe
  C:\Windows\System\AhfkUjO.exe
  2⤵
  PID:4608
- C:\Windows\System\FdFxqtL.exe
  C:\Windows\System\FdFxqtL.exe
  2⤵
  PID:4796
- C:\Windows\System\UHINGMa.exe
  C:\Windows\System\UHINGMa.exe
  2⤵
  PID:2832
- C:\Windows\System\tkQptzs.exe
  C:\Windows\System\tkQptzs.exe
  2⤵
  PID:3984
- C:\Windows\System\syTvMhe.exe
  C:\Windows\System\syTvMhe.exe
  2⤵
  PID:4952
- C:\Windows\System\OpJBDMJ.exe
  C:\Windows\System\OpJBDMJ.exe
  2⤵
  PID:3144
- C:\Windows\System\kyOEaNO.exe
  C:\Windows\System\kyOEaNO.exe
  2⤵
  PID:3752
- C:\Windows\System\iVRezSv.exe
  C:\Windows\System\iVRezSv.exe
  2⤵
  PID:2140
- C:\Windows\System\VYCXVbN.exe
  C:\Windows\System\VYCXVbN.exe
  2⤵
  PID:4204
- C:\Windows\System\nBCkGSo.exe
  C:\Windows\System\nBCkGSo.exe
  2⤵
  PID:5168
- C:\Windows\System\HSBVKYY.exe
  C:\Windows\System\HSBVKYY.exe
  2⤵
  PID:5172
- C:\Windows\System\vDYLLzB.exe
  C:\Windows\System\vDYLLzB.exe
  2⤵
  PID:5220
- C:\Windows\System\gTOQLlR.exe
  C:\Windows\System\gTOQLlR.exe
  2⤵
  PID:5200
- C:\Windows\System\pqESYQj.exe
  C:\Windows\System\pqESYQj.exe
  2⤵
  PID:5236
- C:\Windows\System\yMZXnpU.exe
  C:\Windows\System\yMZXnpU.exe
  2⤵
  PID:5280
- C:\Windows\System\WcxmzpE.exe
  C:\Windows\System\WcxmzpE.exe
  2⤵
  PID:5320
- C:\Windows\System\cLUYbRD.exe
  C:\Windows\System\cLUYbRD.exe
  2⤵
  PID:5372
- C:\Windows\System\KHcZpnp.exe
  C:\Windows\System\KHcZpnp.exe
  2⤵
  PID:5420
- C:\Windows\System\GQYDkQl.exe
  C:\Windows\System\GQYDkQl.exe
  2⤵
  PID:5460
- C:\Windows\System\AGKVVyb.exe
  C:\Windows\System\AGKVVyb.exe
  2⤵
  PID:5440
- C:\Windows\System\YJIcYFp.exe
  C:\Windows\System\YJIcYFp.exe
  2⤵
  PID:5480
- C:\Windows\System\YzmotWi.exe
  C:\Windows\System\YzmotWi.exe
  2⤵
  PID:5540
- C:\Windows\System\lTcJgfS.exe
  C:\Windows\System\lTcJgfS.exe
  2⤵
  PID:5552
- C:\Windows\System\CSfSvFQ.exe
  C:\Windows\System\CSfSvFQ.exe
  2⤵
  PID:5576
- C:\Windows\System\irexZWZ.exe
  C:\Windows\System\irexZWZ.exe
  2⤵
  PID:5596
- C:\Windows\System\KcahZNd.exe
  C:\Windows\System\KcahZNd.exe
  2⤵
  PID:5636
- C:\Windows\System\rwAmzTD.exe
  C:\Windows\System\rwAmzTD.exe
  2⤵
  PID:5680
- C:\Windows\System\vTnxsgG.exe
  C:\Windows\System\vTnxsgG.exe
  2⤵
  PID:5712
- C:\Windows\System\GeWEvEX.exe
  C:\Windows\System\GeWEvEX.exe
  2⤵
  PID:5752
- C:\Windows\System\XkAdmiz.exe
  C:\Windows\System\XkAdmiz.exe
  2⤵
  PID:5776
- C:\Windows\System\OVFGlmI.exe
  C:\Windows\System\OVFGlmI.exe
  2⤵
  PID:5852
- C:\Windows\System\zMwZxhi.exe
  C:\Windows\System\zMwZxhi.exe
  2⤵
  PID:5840
- C:\Windows\System\dCggNvN.exe
  C:\Windows\System\dCggNvN.exe
  2⤵
  PID:5876
- C:\Windows\System\iKdKABq.exe
  C:\Windows\System\iKdKABq.exe
  2⤵
  PID:5920
- C:\Windows\System\tImXWAm.exe
  C:\Windows\System\tImXWAm.exe
  2⤵
  PID:5952
- C:\Windows\System\wwIntkG.exe
  C:\Windows\System\wwIntkG.exe
  2⤵
  PID:5976
- C:\Windows\System\FyGXooe.exe
  C:\Windows\System\FyGXooe.exe
  2⤵
  PID:5996
- C:\Windows\System\WAhVymE.exe
  C:\Windows\System\WAhVymE.exe
  2⤵
  PID:6036
- C:\Windows\System\cYtzhTP.exe
  C:\Windows\System\cYtzhTP.exe
  2⤵
  PID:6092
- C:\Windows\System\HIbsXlf.exe
  C:\Windows\System\HIbsXlf.exe
  2⤵
  PID:6112
- C:\Windows\System\PCqkLQR.exe
  C:\Windows\System\PCqkLQR.exe
  2⤵
  PID:6136
- C:\Windows\System\EGRNuXm.exe
  C:\Windows\System\EGRNuXm.exe
  2⤵
  PID:4788
- C:\Windows\System\IIsMVbg.exe
  C:\Windows\System\IIsMVbg.exe
  2⤵
  PID:4808
- C:\Windows\System\wixnUqx.exe
  C:\Windows\System\wixnUqx.exe
  2⤵
  PID:4736
- C:\Windows\System\RzenDhV.exe
  C:\Windows\System\RzenDhV.exe
  2⤵
  PID:4868
- C:\Windows\System\dfwurYj.exe
  C:\Windows\System\dfwurYj.exe
  2⤵
  PID:4244
- C:\Windows\System\kCkkMjq.exe
  C:\Windows\System\kCkkMjq.exe
  2⤵
  PID:3304
- C:\Windows\System\DgQTOcP.exe
  C:\Windows\System\DgQTOcP.exe
  2⤵
  PID:4444
- C:\Windows\System\jurfPKa.exe
  C:\Windows\System\jurfPKa.exe
  2⤵
  PID:5212
- C:\Windows\System\TcVFQNc.exe
  C:\Windows\System\TcVFQNc.exe
  2⤵
  PID:5232
- C:\Windows\System\mSgtHpl.exe
  C:\Windows\System\mSgtHpl.exe
  2⤵
  PID:5292
- C:\Windows\System\gyvRfCI.exe
  C:\Windows\System\gyvRfCI.exe
  2⤵
  PID:5376
- C:\Windows\System\pErUGWw.exe
  C:\Windows\System\pErUGWw.exe
  2⤵
  PID:5392
- C:\Windows\System\aRZwjjO.exe
  C:\Windows\System\aRZwjjO.exe
  2⤵
  PID:5360
- C:\Windows\System\xljtvxZ.exe
  C:\Windows\System\xljtvxZ.exe
  2⤵
  PID:5532
- C:\Windows\System\atHoHoP.exe
  C:\Windows\System\atHoHoP.exe
  2⤵
  PID:5512
- C:\Windows\System\MkfeYZA.exe
  C:\Windows\System\MkfeYZA.exe
  2⤵
  PID:5592
- C:\Windows\System\mtdBomS.exe
  C:\Windows\System\mtdBomS.exe
  2⤵
  PID:5700
- C:\Windows\System\mqiwnZx.exe
  C:\Windows\System\mqiwnZx.exe
  2⤵
  PID:5716
- C:\Windows\System\OBSZkCG.exe
  C:\Windows\System\OBSZkCG.exe
  2⤵
  PID:5756
- C:\Windows\System\WkrAWiN.exe
  C:\Windows\System\WkrAWiN.exe
  2⤵
  PID:5816
- C:\Windows\System\zSbMFeF.exe
  C:\Windows\System\zSbMFeF.exe
  2⤵
  PID:5912
- C:\Windows\System\gtLFCVr.exe
  C:\Windows\System\gtLFCVr.exe
  2⤵
  PID:5940
- C:\Windows\System\onYczmo.exe
  C:\Windows\System\onYczmo.exe
  2⤵
  PID:6020
- C:\Windows\System\rwBswLB.exe
  C:\Windows\System\rwBswLB.exe
  2⤵
  PID:6076
- C:\Windows\System\BjllgPb.exe
  C:\Windows\System\BjllgPb.exe
  2⤵
  PID:6056
- C:\Windows\System\zuyDEIh.exe
  C:\Windows\System\zuyDEIh.exe
  2⤵
  PID:4676
- C:\Windows\System\orJmLmh.exe
  C:\Windows\System\orJmLmh.exe
  2⤵
  PID:4768
- C:\Windows\System\VzjzeVs.exe
  C:\Windows\System\VzjzeVs.exe
  2⤵
  PID:5012
- C:\Windows\System\ULviXaq.exe
  C:\Windows\System\ULviXaq.exe
  2⤵
  PID:4548
- C:\Windows\System\fxaofkI.exe
  C:\Windows\System\fxaofkI.exe
  2⤵
  PID:5180
- C:\Windows\System\hyrVbXl.exe
  C:\Windows\System\hyrVbXl.exe
  2⤵
  PID:5192
- C:\Windows\System\jewlQWW.exe
  C:\Windows\System\jewlQWW.exe
  2⤵
  PID:5256
- C:\Windows\System\ssCapAn.exe
  C:\Windows\System\ssCapAn.exe
  2⤵
  PID:5408
- C:\Windows\System\zxQBBgi.exe
  C:\Windows\System\zxQBBgi.exe
  2⤵
  PID:5580
- C:\Windows\System\lmhzzJR.exe
  C:\Windows\System\lmhzzJR.exe
  2⤵
  PID:5520
- C:\Windows\System\UFUKDqP.exe
  C:\Windows\System\UFUKDqP.exe
  2⤵
  PID:5612
- C:\Windows\System\NdTVLaD.exe
  C:\Windows\System\NdTVLaD.exe
  2⤵
  PID:5772
- C:\Windows\System\perpLCq.exe
  C:\Windows\System\perpLCq.exe
  2⤵
  PID:5672
- C:\Windows\System\OlYTSuD.exe
  C:\Windows\System\OlYTSuD.exe
  2⤵
  PID:5956
- C:\Windows\System\hALgeCM.exe
  C:\Windows\System\hALgeCM.exe
  2⤵
  PID:6164
- C:\Windows\System\hmlESoD.exe
  C:\Windows\System\hmlESoD.exe
  2⤵
  PID:6184
- C:\Windows\System\PODnfeS.exe
  C:\Windows\System\PODnfeS.exe
  2⤵
  PID:6208
- C:\Windows\System\ECHiARZ.exe
  C:\Windows\System\ECHiARZ.exe
  2⤵
  PID:6228
- C:\Windows\System\drmNFZG.exe
  C:\Windows\System\drmNFZG.exe
  2⤵
  PID:6248
- C:\Windows\System\dtnjasf.exe
  C:\Windows\System\dtnjasf.exe
  2⤵
  PID:6268
- C:\Windows\System\KQSQvTl.exe
  C:\Windows\System\KQSQvTl.exe
  2⤵
  PID:6288
- C:\Windows\System\bXKLUpy.exe
  C:\Windows\System\bXKLUpy.exe
  2⤵
  PID:6308
- C:\Windows\System\rdvxjrW.exe
  C:\Windows\System\rdvxjrW.exe
  2⤵
  PID:6328
- C:\Windows\System\ftlnsIX.exe
  C:\Windows\System\ftlnsIX.exe
  2⤵
  PID:6348
- C:\Windows\System\oeHDTUi.exe
  C:\Windows\System\oeHDTUi.exe
  2⤵
  PID:6368
- C:\Windows\System\IeDTlRl.exe
  C:\Windows\System\IeDTlRl.exe
  2⤵
  PID:6388
- C:\Windows\System\aKAzsSp.exe
  C:\Windows\System\aKAzsSp.exe
  2⤵
  PID:6404
- C:\Windows\System\snDATfU.exe
  C:\Windows\System\snDATfU.exe
  2⤵
  PID:6428
- C:\Windows\System\ONvnvHf.exe
  C:\Windows\System\ONvnvHf.exe
  2⤵
  PID:6448
- C:\Windows\System\fMKLhXy.exe
  C:\Windows\System\fMKLhXy.exe
  2⤵
  PID:6468
- C:\Windows\System\WYGbwyy.exe
  C:\Windows\System\WYGbwyy.exe
  2⤵
  PID:6488
- C:\Windows\System\mMCyiPh.exe
  C:\Windows\System\mMCyiPh.exe
  2⤵
  PID:6508
- C:\Windows\System\FgEONSW.exe
  C:\Windows\System\FgEONSW.exe
  2⤵
  PID:6528
- C:\Windows\System\eIjSjcS.exe
  C:\Windows\System\eIjSjcS.exe
  2⤵
  PID:6548
- C:\Windows\System\TlJaHmI.exe
  C:\Windows\System\TlJaHmI.exe
  2⤵
  PID:6568
- C:\Windows\System\lRgMdET.exe
  C:\Windows\System\lRgMdET.exe
  2⤵
  PID:6588
- C:\Windows\System\tqeGkKS.exe
  C:\Windows\System\tqeGkKS.exe
  2⤵
  PID:6608
- C:\Windows\System\HGJNpJU.exe
  C:\Windows\System\HGJNpJU.exe
  2⤵
  PID:6628
- C:\Windows\System\VdHvLcq.exe
  C:\Windows\System\VdHvLcq.exe
  2⤵
  PID:6648
- C:\Windows\System\rLNiDci.exe
  C:\Windows\System\rLNiDci.exe
  2⤵
  PID:6668
- C:\Windows\System\THcsLnh.exe
  C:\Windows\System\THcsLnh.exe
  2⤵
  PID:6688
- C:\Windows\System\HgqDgXe.exe
  C:\Windows\System\HgqDgXe.exe
  2⤵
  PID:6708
- C:\Windows\System\vAVlnmF.exe
  C:\Windows\System\vAVlnmF.exe
  2⤵
  PID:6728
- C:\Windows\System\BuJfXfm.exe
  C:\Windows\System\BuJfXfm.exe
  2⤵
  PID:6748
- C:\Windows\System\ghoniOv.exe
  C:\Windows\System\ghoniOv.exe
  2⤵
  PID:6768
- C:\Windows\System\yJoIVqd.exe
  C:\Windows\System\yJoIVqd.exe
  2⤵
  PID:6788
- C:\Windows\System\eFaqMLY.exe
  C:\Windows\System\eFaqMLY.exe
  2⤵
  PID:6808
- C:\Windows\System\FCoAsrh.exe
  C:\Windows\System\FCoAsrh.exe
  2⤵
  PID:6828
- C:\Windows\System\QWSilBC.exe
  C:\Windows\System\QWSilBC.exe
  2⤵
  PID:6848
- C:\Windows\System\vGyjmaB.exe
  C:\Windows\System\vGyjmaB.exe
  2⤵
  PID:6868
- C:\Windows\System\ydtbVlo.exe
  C:\Windows\System\ydtbVlo.exe
  2⤵
  PID:6888
- C:\Windows\System\CzGKWco.exe
  C:\Windows\System\CzGKWco.exe
  2⤵
  PID:6908
- C:\Windows\System\cVVEUAa.exe
  C:\Windows\System\cVVEUAa.exe
  2⤵
  PID:6928
- C:\Windows\System\ULCneLB.exe
  C:\Windows\System\ULCneLB.exe
  2⤵
  PID:6948
- C:\Windows\System\tCxzDUX.exe
  C:\Windows\System\tCxzDUX.exe
  2⤵
  PID:6968
- C:\Windows\System\kHIRJvY.exe
  C:\Windows\System\kHIRJvY.exe
  2⤵
  PID:6988
- C:\Windows\System\VUmtvjm.exe
  C:\Windows\System\VUmtvjm.exe
  2⤵
  PID:7008
- C:\Windows\System\pDuTceD.exe
  C:\Windows\System\pDuTceD.exe
  2⤵
  PID:7028
- C:\Windows\System\FMqELgl.exe
  C:\Windows\System\FMqELgl.exe
  2⤵
  PID:7052
- C:\Windows\System\cScIyBg.exe
  C:\Windows\System\cScIyBg.exe
  2⤵
  PID:7072
- C:\Windows\System\sKHzZcd.exe
  C:\Windows\System\sKHzZcd.exe
  2⤵
  PID:7092
- C:\Windows\System\mzLyTVS.exe
  C:\Windows\System\mzLyTVS.exe
  2⤵
  PID:7112
- C:\Windows\System\SQTtyBL.exe
  C:\Windows\System\SQTtyBL.exe
  2⤵
  PID:7132
- C:\Windows\System\XQANuuY.exe
  C:\Windows\System\XQANuuY.exe
  2⤵
  PID:7152
- C:\Windows\System\AEXVlMd.exe
  C:\Windows\System\AEXVlMd.exe
  2⤵
  PID:5916
- C:\Windows\System\XDOmyPh.exe
  C:\Windows\System\XDOmyPh.exe
  2⤵
  PID:6040
- C:\Windows\System\ITVgbru.exe
  C:\Windows\System\ITVgbru.exe
  2⤵
  PID:2836
- C:\Windows\System\lOOMZMa.exe
  C:\Windows\System\lOOMZMa.exe
  2⤵
  PID:6140
- C:\Windows\System\eaflxCs.exe
  C:\Windows\System\eaflxCs.exe
  2⤵
  PID:5008
- C:\Windows\System\rCJMyOO.exe
  C:\Windows\System\rCJMyOO.exe
  2⤵
  PID:5156
- C:\Windows\System\YujWpcj.exe
  C:\Windows\System\YujWpcj.exe
  2⤵
  PID:3452
- C:\Windows\System\balcoPH.exe
  C:\Windows\System\balcoPH.exe
  2⤵
  PID:5356
- C:\Windows\System\VktBQJl.exe
  C:\Windows\System\VktBQJl.exe
  2⤵
  PID:5572
- C:\Windows\System\ianypuj.exe
  C:\Windows\System\ianypuj.exe
  2⤵
  PID:5780
- C:\Windows\System\ZKJMnHl.exe
  C:\Windows\System\ZKJMnHl.exe
  2⤵
  PID:5656
- C:\Windows\System\lECncfh.exe
  C:\Windows\System\lECncfh.exe
  2⤵
  PID:6000
- C:\Windows\System\gSatSrS.exe
  C:\Windows\System\gSatSrS.exe
  2⤵
  PID:6176
- C:\Windows\System\zNtLqYz.exe
  C:\Windows\System\zNtLqYz.exe
  2⤵
  PID:6200
- C:\Windows\System\qifSSJb.exe
  C:\Windows\System\qifSSJb.exe
  2⤵
  PID:6240
- C:\Windows\System\pkVfzKW.exe
  C:\Windows\System\pkVfzKW.exe
  2⤵
  PID:6296
- C:\Windows\System\loJnPNj.exe
  C:\Windows\System\loJnPNj.exe
  2⤵
  PID:6316
- C:\Windows\System\nzQJFml.exe
  C:\Windows\System\nzQJFml.exe
  2⤵
  PID:6340
- C:\Windows\System\HtIVuHb.exe
  C:\Windows\System\HtIVuHb.exe
  2⤵
  PID:6380
- C:\Windows\System\LtyQgBu.exe
  C:\Windows\System\LtyQgBu.exe
  2⤵
  PID:6396
- C:\Windows\System\HTEejOL.exe
  C:\Windows\System\HTEejOL.exe
  2⤵
  PID:6440
- C:\Windows\System\tvIghqZ.exe
  C:\Windows\System\tvIghqZ.exe
  2⤵
  PID:6496
- C:\Windows\System\nUHPgrh.exe
  C:\Windows\System\nUHPgrh.exe
  2⤵
  PID:6524
- C:\Windows\System\VRbNizS.exe
  C:\Windows\System\VRbNizS.exe
  2⤵
  PID:6556
- C:\Windows\System\OYwwibh.exe
  C:\Windows\System\OYwwibh.exe
  2⤵
  PID:6580
- C:\Windows\System\ZnUwPFn.exe
  C:\Windows\System\ZnUwPFn.exe
  2⤵
  PID:6600
- C:\Windows\System\UeVOoEH.exe
  C:\Windows\System\UeVOoEH.exe
  2⤵
  PID:6640
- C:\Windows\System\RMmldsD.exe
  C:\Windows\System\RMmldsD.exe
  2⤵
  PID:6680
- C:\Windows\System\GGiGDDg.exe
  C:\Windows\System\GGiGDDg.exe
  2⤵
  PID:6724
- C:\Windows\System\BHnBZih.exe
  C:\Windows\System\BHnBZih.exe
  2⤵
  PID:6756
- C:\Windows\System\eWpbxFl.exe
  C:\Windows\System\eWpbxFl.exe
  2⤵
  PID:6780
- C:\Windows\System\XceCDfQ.exe
  C:\Windows\System\XceCDfQ.exe
  2⤵
  PID:6824
- C:\Windows\System\qcomsur.exe
  C:\Windows\System\qcomsur.exe
  2⤵
  PID:6896
- C:\Windows\System\pwnSzQC.exe
  C:\Windows\System\pwnSzQC.exe
  2⤵
  PID:6904
- C:\Windows\System\zGToSCS.exe
  C:\Windows\System\zGToSCS.exe
  2⤵
  PID:6944
- C:\Windows\System\gDredGo.exe
  C:\Windows\System\gDredGo.exe
  2⤵
  PID:6984
- C:\Windows\System\ldjytno.exe
  C:\Windows\System\ldjytno.exe
  2⤵
  PID:6956
- C:\Windows\System\JsKLdqH.exe
  C:\Windows\System\JsKLdqH.exe
  2⤵
  PID:6960
- C:\Windows\System\eusVZAx.exe
  C:\Windows\System\eusVZAx.exe
  2⤵
  PID:7104
- C:\Windows\System\eyTSgOK.exe
  C:\Windows\System\eyTSgOK.exe
  2⤵
  PID:7044
- C:\Windows\System\QifcyJC.exe
  C:\Windows\System\QifcyJC.exe
  2⤵
  PID:7084
- C:\Windows\System\mKYEZgi.exe
  C:\Windows\System\mKYEZgi.exe
  2⤵
  PID:6120
- C:\Windows\System\LYvvekR.exe
  C:\Windows\System\LYvvekR.exe
  2⤵
  PID:7124
- C:\Windows\System\RiiOpqo.exe
  C:\Windows\System\RiiOpqo.exe
  2⤵
  PID:4632
- C:\Windows\System\qOVohdr.exe
  C:\Windows\System\qOVohdr.exe
  2⤵
  PID:5128
- C:\Windows\System\hdCFwsf.exe
  C:\Windows\System\hdCFwsf.exe
  2⤵
  PID:2876
- C:\Windows\System\kyqnrKl.exe
  C:\Windows\System\kyqnrKl.exe
  2⤵
  PID:5880
- C:\Windows\System\dXOnNWb.exe
  C:\Windows\System\dXOnNWb.exe
  2⤵
  PID:5352
- C:\Windows\System\jJnEKrE.exe
  C:\Windows\System\jJnEKrE.exe
  2⤵
  PID:6152
- C:\Windows\System\LwKfoBJ.exe
  C:\Windows\System\LwKfoBJ.exe
  2⤵
  PID:6192
- C:\Windows\System\NMyhwWG.exe
  C:\Windows\System\NMyhwWG.exe
  2⤵
  PID:6236
- C:\Windows\System\RpRGvdF.exe
  C:\Windows\System\RpRGvdF.exe
  2⤵
  PID:6360
- C:\Windows\System\LOrZIrJ.exe
  C:\Windows\System\LOrZIrJ.exe
  2⤵
  PID:6384
- C:\Windows\System\rpDvBON.exe
  C:\Windows\System\rpDvBON.exe
  2⤵
  PID:6376
- C:\Windows\System\leYWkVC.exe
  C:\Windows\System\leYWkVC.exe
  2⤵
  PID:6540
- C:\Windows\System\bVButlg.exe
  C:\Windows\System\bVButlg.exe
  2⤵
  PID:6604
- C:\Windows\System\qqtXKiL.exe
  C:\Windows\System\qqtXKiL.exe
  2⤵
  PID:6684
- C:\Windows\System\UOTbuhu.exe
  C:\Windows\System\UOTbuhu.exe
  2⤵
  PID:6560
- C:\Windows\System\hXAfrna.exe
  C:\Windows\System\hXAfrna.exe
  2⤵
  PID:6816
- C:\Windows\System\AYFqZQf.exe
  C:\Windows\System\AYFqZQf.exe
  2⤵
  PID:6804
- C:\Windows\System\TrREWCO.exe
  C:\Windows\System\TrREWCO.exe
  2⤵
  PID:6840
- C:\Windows\System\HtdUnsE.exe
  C:\Windows\System\HtdUnsE.exe
  2⤵
  PID:6976
- C:\Windows\System\ENChJML.exe
  C:\Windows\System\ENChJML.exe
  2⤵
  PID:6864
- C:\Windows\System\bANVDmm.exe
  C:\Windows\System\bANVDmm.exe
  2⤵
  PID:7016
- C:\Windows\System\DBOrCaq.exe
  C:\Windows\System\DBOrCaq.exe
  2⤵
  PID:1152
- C:\Windows\System\NEEPjhg.exe
  C:\Windows\System\NEEPjhg.exe
  2⤵
  PID:7160
- C:\Windows\System\MSngfFl.exe
  C:\Windows\System\MSngfFl.exe
  2⤵
  PID:5340
- C:\Windows\System\SvStNhE.exe
  C:\Windows\System\SvStNhE.exe
  2⤵
  PID:7120
- C:\Windows\System\UbpBpXH.exe
  C:\Windows\System\UbpBpXH.exe
  2⤵
  PID:5792
- C:\Windows\System\BWBogep.exe
  C:\Windows\System\BWBogep.exe
  2⤵
  PID:6156
- C:\Windows\System\tbqAHpK.exe
  C:\Windows\System\tbqAHpK.exe
  2⤵
  PID:4144
- C:\Windows\System\IPvjDLE.exe
  C:\Windows\System\IPvjDLE.exe
  2⤵
  PID:6336
- C:\Windows\System\UTddKvo.exe
  C:\Windows\System\UTddKvo.exe
  2⤵
  PID:6284
- C:\Windows\System\LPFmNCA.exe
  C:\Windows\System\LPFmNCA.exe
  2⤵
  PID:6444
- C:\Windows\System\whwyaRR.exe
  C:\Windows\System\whwyaRR.exe
  2⤵
  PID:6536
- C:\Windows\System\ZheDCHq.exe
  C:\Windows\System\ZheDCHq.exe
  2⤵
  PID:6676
- C:\Windows\System\ebSzSLR.exe
  C:\Windows\System\ebSzSLR.exe
  2⤵
  PID:6760
- C:\Windows\System\WYoEYnH.exe
  C:\Windows\System\WYoEYnH.exe
  2⤵
  PID:7176
- C:\Windows\System\eSTyoIJ.exe
  C:\Windows\System\eSTyoIJ.exe
  2⤵
  PID:7196
- C:\Windows\System\PRwWrte.exe
  C:\Windows\System\PRwWrte.exe
  2⤵
  PID:7216
- C:\Windows\System\JFJHNCh.exe
  C:\Windows\System\JFJHNCh.exe
  2⤵
  PID:7236
- C:\Windows\System\maqmvLQ.exe
  C:\Windows\System\maqmvLQ.exe
  2⤵
  PID:7256
- C:\Windows\System\DaUSHOB.exe
  C:\Windows\System\DaUSHOB.exe
  2⤵
  PID:7276
- C:\Windows\System\DmIvQkM.exe
  C:\Windows\System\DmIvQkM.exe
  2⤵
  PID:7296
- C:\Windows\System\PjDmGMT.exe
  C:\Windows\System\PjDmGMT.exe
  2⤵
  PID:7316
- C:\Windows\System\xydCxMR.exe
  C:\Windows\System\xydCxMR.exe
  2⤵
  PID:7336
- C:\Windows\System\zwRLJSC.exe
  C:\Windows\System\zwRLJSC.exe
  2⤵
  PID:7352
- C:\Windows\System\pAjHlMu.exe
  C:\Windows\System\pAjHlMu.exe
  2⤵
  PID:7376
- C:\Windows\System\etophmh.exe
  C:\Windows\System\etophmh.exe
  2⤵
  PID:7392
- C:\Windows\System\qwdMLsE.exe
  C:\Windows\System\qwdMLsE.exe
  2⤵
  PID:7416
- C:\Windows\System\cwgmFsn.exe
  C:\Windows\System\cwgmFsn.exe
  2⤵
  PID:7436
- C:\Windows\System\OyWIlwk.exe
  C:\Windows\System\OyWIlwk.exe
  2⤵
  PID:7456
- C:\Windows\System\RRWotfb.exe
  C:\Windows\System\RRWotfb.exe
  2⤵
  PID:7476
- C:\Windows\System\IxCmNXi.exe
  C:\Windows\System\IxCmNXi.exe
  2⤵
  PID:7496
- C:\Windows\System\DOsyjyK.exe
  C:\Windows\System\DOsyjyK.exe
  2⤵
  PID:7516
- C:\Windows\System\pkUyYLI.exe
  C:\Windows\System\pkUyYLI.exe
  2⤵
  PID:7536
- C:\Windows\System\mqPWDCk.exe
  C:\Windows\System\mqPWDCk.exe
  2⤵
  PID:7556
- C:\Windows\System\XWzBxWv.exe
  C:\Windows\System\XWzBxWv.exe
  2⤵
  PID:7576
- C:\Windows\System\ojwDUoZ.exe
  C:\Windows\System\ojwDUoZ.exe
  2⤵
  PID:7596
- C:\Windows\System\jmTaIvD.exe
  C:\Windows\System\jmTaIvD.exe
  2⤵
  PID:7616
- C:\Windows\System\JFNpgEw.exe
  C:\Windows\System\JFNpgEw.exe
  2⤵
  PID:7632
- C:\Windows\System\okpQmMp.exe
  C:\Windows\System\okpQmMp.exe
  2⤵
  PID:7656
- C:\Windows\System\zXVZYHk.exe
  C:\Windows\System\zXVZYHk.exe
  2⤵
  PID:7676
- C:\Windows\System\kZhWMYT.exe
  C:\Windows\System\kZhWMYT.exe
  2⤵
  PID:7696
- C:\Windows\System\SXUAEQQ.exe
  C:\Windows\System\SXUAEQQ.exe
  2⤵
  PID:7716
- C:\Windows\System\BCvUTsc.exe
  C:\Windows\System\BCvUTsc.exe
  2⤵
  PID:7736
- C:\Windows\System\BMkGKLL.exe
  C:\Windows\System\BMkGKLL.exe
  2⤵
  PID:7756
- C:\Windows\System\BzpaMMA.exe
  C:\Windows\System\BzpaMMA.exe
  2⤵
  PID:7776
- C:\Windows\System\UfLPmqd.exe
  C:\Windows\System\UfLPmqd.exe
  2⤵
  PID:7796
- C:\Windows\System\XcXSTAp.exe
  C:\Windows\System\XcXSTAp.exe
  2⤵
  PID:7820
- C:\Windows\System\fAObcIg.exe
  C:\Windows\System\fAObcIg.exe
  2⤵
  PID:7840
- C:\Windows\System\CwmGtpJ.exe
  C:\Windows\System\CwmGtpJ.exe
  2⤵
  PID:7860
- C:\Windows\System\UHriGSG.exe
  C:\Windows\System\UHriGSG.exe
  2⤵
  PID:7880
- C:\Windows\System\OTORTYj.exe
  C:\Windows\System\OTORTYj.exe
  2⤵
  PID:7900
- C:\Windows\System\mWREePw.exe
  C:\Windows\System\mWREePw.exe
  2⤵
  PID:7920
- C:\Windows\System\jgYkWQA.exe
  C:\Windows\System\jgYkWQA.exe
  2⤵
  PID:7940
- C:\Windows\System\ZhOUtsj.exe
  C:\Windows\System\ZhOUtsj.exe
  2⤵
  PID:7960
- C:\Windows\System\UJTHDnl.exe
  C:\Windows\System\UJTHDnl.exe
  2⤵
  PID:7980
- C:\Windows\System\ljgrfKa.exe
  C:\Windows\System\ljgrfKa.exe
  2⤵
  PID:8000
- C:\Windows\System\YidGZog.exe
  C:\Windows\System\YidGZog.exe
  2⤵
  PID:8040
- C:\Windows\System\taaEQKp.exe
  C:\Windows\System\taaEQKp.exe
  2⤵
  PID:8056
- C:\Windows\System\HWRRdQg.exe
  C:\Windows\System\HWRRdQg.exe
  2⤵
  PID:8080
- C:\Windows\System\XtUfUTw.exe
  C:\Windows\System\XtUfUTw.exe
  2⤵
  PID:8100
- C:\Windows\System\JuUKidH.exe
  C:\Windows\System\JuUKidH.exe
  2⤵
  PID:8116
- C:\Windows\System\rqfzQvF.exe
  C:\Windows\System\rqfzQvF.exe
  2⤵
  PID:8136
- C:\Windows\System\hnhKfJH.exe
  C:\Windows\System\hnhKfJH.exe
  2⤵
  PID:8152
- C:\Windows\System\KwyLmZS.exe
  C:\Windows\System\KwyLmZS.exe
  2⤵
  PID:8168
- C:\Windows\System\dPFlsjw.exe
  C:\Windows\System\dPFlsjw.exe
  2⤵
  PID:8184
- C:\Windows\System\vBdJntb.exe
  C:\Windows\System\vBdJntb.exe
  2⤵
  PID:7020
- C:\Windows\System\CyHjZlV.exe
  C:\Windows\System\CyHjZlV.exe
  2⤵
  PID:6880
- C:\Windows\System\aIiFoRY.exe
  C:\Windows\System\aIiFoRY.exe
  2⤵
  PID:6856
- C:\Windows\System\zNCoOip.exe
  C:\Windows\System\zNCoOip.exe
  2⤵
  PID:7024
- C:\Windows\System\uKjDGLA.exe
  C:\Windows\System\uKjDGLA.exe
  2⤵
  PID:7148
- C:\Windows\System\CczoSqc.exe
  C:\Windows\System\CczoSqc.exe
  2⤵
  PID:5296
- C:\Windows\System\aWexPtf.exe
  C:\Windows\System\aWexPtf.exe
  2⤵
  PID:6116
- C:\Windows\System\yUcNZhN.exe
  C:\Windows\System\yUcNZhN.exe
  2⤵
  PID:6480
- C:\Windows\System\RsQtDnE.exe
  C:\Windows\System\RsQtDnE.exe
  2⤵
  PID:6436
- C:\Windows\System\zNkprxQ.exe
  C:\Windows\System\zNkprxQ.exe
  2⤵
  PID:6484
- C:\Windows\System\NYGBpBk.exe
  C:\Windows\System\NYGBpBk.exe
  2⤵
  PID:6924
- C:\Windows\System\gyaYeDh.exe
  C:\Windows\System\gyaYeDh.exe
  2⤵
  PID:7188
- C:\Windows\System\RZKnoyf.exe
  C:\Windows\System\RZKnoyf.exe
  2⤵
  PID:7248
- C:\Windows\System\qzqJvHA.exe
  C:\Windows\System\qzqJvHA.exe
  2⤵
  PID:7272
- C:\Windows\System\Sqwxvmi.exe
  C:\Windows\System\Sqwxvmi.exe
  2⤵
  PID:7308
- C:\Windows\System\nhSSCaj.exe
  C:\Windows\System\nhSSCaj.exe
  2⤵
  PID:7348
- C:\Windows\System\zVkDoDv.exe
  C:\Windows\System\zVkDoDv.exe
  2⤵
  PID:7404
- C:\Windows\System\dBxOzHm.exe
  C:\Windows\System\dBxOzHm.exe
  2⤵
  PID:7424
- C:\Windows\System\FGCTbSY.exe
  C:\Windows\System\FGCTbSY.exe
  2⤵
  PID:7452
- C:\Windows\System\owYpWLt.exe
  C:\Windows\System\owYpWLt.exe
  2⤵
  PID:7492
- C:\Windows\System\LYmdVdP.exe
  C:\Windows\System\LYmdVdP.exe
  2⤵
  PID:7504
- C:\Windows\System\XYosJPV.exe
  C:\Windows\System\XYosJPV.exe
  2⤵
  PID:7532
- C:\Windows\System\rmTihci.exe
  C:\Windows\System\rmTihci.exe
  2⤵
  PID:7552
- C:\Windows\System\LOmaHpW.exe
  C:\Windows\System\LOmaHpW.exe
  2⤵
  PID:7568
- C:\Windows\System\fNaKEvx.exe
  C:\Windows\System\fNaKEvx.exe
  2⤵
  PID:7592
- C:\Windows\System\afrlxOX.exe
  C:\Windows\System\afrlxOX.exe
  2⤵
  PID:7648
- C:\Windows\System\UaZBkRy.exe
  C:\Windows\System\UaZBkRy.exe
  2⤵
  PID:7628
- C:\Windows\System\qBvlOfI.exe
  C:\Windows\System\qBvlOfI.exe
  2⤵
  PID:7692
- C:\Windows\System\gcqUgKG.exe
  C:\Windows\System\gcqUgKG.exe
  2⤵
  PID:7704
- C:\Windows\System\tSMtooj.exe
  C:\Windows\System\tSMtooj.exe
  2⤵
  PID:7732
- C:\Windows\System\PDEHDfr.exe
  C:\Windows\System\PDEHDfr.exe
  2⤵
  PID:7764
- C:\Windows\System\GTxqxVx.exe
  C:\Windows\System\GTxqxVx.exe
  2⤵
  PID:7876
- C:\Windows\System\LQsidYt.exe
  C:\Windows\System\LQsidYt.exe
  2⤵
  PID:7892
- C:\Windows\System\ItkmUYU.exe
  C:\Windows\System\ItkmUYU.exe
  2⤵
  PID:7976
- C:\Windows\System\PTLeyGB.exe
  C:\Windows\System\PTLeyGB.exe
  2⤵
  PID:8008
- C:\Windows\System\BfjccCV.exe
  C:\Windows\System\BfjccCV.exe
  2⤵
  PID:2592
- C:\Windows\System\tiEGYkT.exe
  C:\Windows\System\tiEGYkT.exe
  2⤵
  PID:1128
- C:\Windows\System\uUbaCoB.exe
  C:\Windows\System\uUbaCoB.exe
  2⤵
  PID:2856
- C:\Windows\System\faseNBY.exe
  C:\Windows\System\faseNBY.exe
  2⤵
  PID:2724
- C:\Windows\System\PXwXEgx.exe
  C:\Windows\System\PXwXEgx.exe
  2⤵
  PID:3028
- C:\Windows\System\SgURZYO.exe
  C:\Windows\System\SgURZYO.exe
  2⤵
  PID:3608
- C:\Windows\System\DiaaHPt.exe
  C:\Windows\System\DiaaHPt.exe
  2⤵
  PID:676
- C:\Windows\System\QGLYsbV.exe
  C:\Windows\System\QGLYsbV.exe
  2⤵
  PID:2596
- C:\Windows\System\sJztxUr.exe
  C:\Windows\System\sJztxUr.exe
  2⤵
  PID:2632
- C:\Windows\System\yuyQxWy.exe
  C:\Windows\System\yuyQxWy.exe
  2⤵
  PID:856
- C:\Windows\System\aGKjVUl.exe
  C:\Windows\System\aGKjVUl.exe
  2⤵
  PID:112
- C:\Windows\System\EUjQKKm.exe
  C:\Windows\System\EUjQKKm.exe
  2⤵
  PID:8032
- C:\Windows\System\QwglYCU.exe
  C:\Windows\System\QwglYCU.exe
  2⤵
  PID:2916
- C:\Windows\System\GlhYmmN.exe
  C:\Windows\System\GlhYmmN.exe
  2⤵
  PID:8072
- C:\Windows\System\IjHJUdM.exe
  C:\Windows\System\IjHJUdM.exe
  2⤵
  PID:1312
- C:\Windows\System\IQjDsqL.exe
  C:\Windows\System\IQjDsqL.exe
  2⤵
  PID:8176
- C:\Windows\System\CNEFaji.exe
  C:\Windows\System\CNEFaji.exe
  2⤵
  PID:5980
- C:\Windows\System\CYuBHFX.exe
  C:\Windows\System\CYuBHFX.exe
  2⤵
  PID:6664
- C:\Windows\System\PttWJkR.exe
  C:\Windows\System\PttWJkR.exe
  2⤵
  PID:6916
- C:\Windows\System\ERNGPNO.exe
  C:\Windows\System\ERNGPNO.exe
  2⤵
  PID:4904
- C:\Windows\System\XhfDJIl.exe
  C:\Windows\System\XhfDJIl.exe
  2⤵
  PID:8160
- C:\Windows\System\xGRtrkg.exe
  C:\Windows\System\xGRtrkg.exe
  2⤵
  PID:1920
- C:\Windows\System\VLcKdtx.exe
  C:\Windows\System\VLcKdtx.exe
  2⤵
  PID:8128
- C:\Windows\System\XmHWXNm.exe
  C:\Windows\System\XmHWXNm.exe
  2⤵
  PID:7232
- C:\Windows\System\lVDpMSj.exe
  C:\Windows\System\lVDpMSj.exe
  2⤵
  PID:7372
- C:\Windows\System\laRfgDa.exe
  C:\Windows\System\laRfgDa.exe
  2⤵
  PID:7464
- C:\Windows\System\kAEUWPW.exe
  C:\Windows\System\kAEUWPW.exe
  2⤵
  PID:7564
- C:\Windows\System\QfWrFdw.exe
  C:\Windows\System\QfWrFdw.exe
  2⤵
  PID:2088
- C:\Windows\System\USThUJn.exe
  C:\Windows\System\USThUJn.exe
  2⤵
  PID:7252
- C:\Windows\System\dkpvjyN.exe
  C:\Windows\System\dkpvjyN.exe
  2⤵
  PID:7724
- C:\Windows\System\kWKNdYs.exe
  C:\Windows\System\kWKNdYs.exe
  2⤵
  PID:7804
- C:\Windows\System\euFuQmU.exe
  C:\Windows\System\euFuQmU.exe
  2⤵
  PID:2664
- C:\Windows\System\jYHxJdB.exe
  C:\Windows\System\jYHxJdB.exe
  2⤵
  PID:7856
- C:\Windows\System\HiSSlPh.exe
  C:\Windows\System\HiSSlPh.exe
  2⤵
  PID:7868
- C:\Windows\System\ottwMgI.exe
  C:\Windows\System\ottwMgI.exe
  2⤵
  PID:7324
- C:\Windows\System\DVmcJVD.exe
  C:\Windows\System\DVmcJVD.exe
  2⤵
  PID:7312
- C:\Windows\System\CTWwuXr.exe
  C:\Windows\System\CTWwuXr.exe
  2⤵
  PID:7472
- C:\Windows\System\EcxCpLZ.exe
  C:\Windows\System\EcxCpLZ.exe
  2⤵
  PID:7544
- C:\Windows\System\nZgWmEG.exe
  C:\Windows\System\nZgWmEG.exe
  2⤵
  PID:7968
- C:\Windows\System\DKboQaZ.exe
  C:\Windows\System\DKboQaZ.exe
  2⤵
  PID:7912
- C:\Windows\System\HNIQohk.exe
  C:\Windows\System\HNIQohk.exe
  2⤵
  PID:3068
- C:\Windows\System\iJXWMEj.exe
  C:\Windows\System\iJXWMEj.exe
  2⤵
  PID:2124
- C:\Windows\System\wgTyRUa.exe
  C:\Windows\System\wgTyRUa.exe
  2⤵
  PID:2192
- C:\Windows\System\OEdNQzh.exe
  C:\Windows\System\OEdNQzh.exe
  2⤵
  PID:2288
- C:\Windows\System\hUaRaTE.exe
  C:\Windows\System\hUaRaTE.exe
  2⤵
  PID:316
- C:\Windows\System\egVLuhi.exe
  C:\Windows\System\egVLuhi.exe
  2⤵
  PID:1988
- C:\Windows\System\bGVbRSq.exe
  C:\Windows\System\bGVbRSq.exe
  2⤵
  PID:5084
- C:\Windows\System\cZvQXrH.exe
  C:\Windows\System\cZvQXrH.exe
  2⤵
  PID:2236
- C:\Windows\System\srMMlGQ.exe
  C:\Windows\System\srMMlGQ.exe
  2⤵
  PID:1568
- C:\Windows\System\SCOVnpB.exe
  C:\Windows\System\SCOVnpB.exe
  2⤵
  PID:8076
- C:\Windows\System\Phyaxfy.exe
  C:\Windows\System\Phyaxfy.exe
  2⤵
  PID:7080
- C:\Windows\System\mkdKiJl.exe
  C:\Windows\System\mkdKiJl.exe
  2⤵
  PID:7036
- C:\Windows\System\bHPxUgf.exe
  C:\Windows\System\bHPxUgf.exe
  2⤵
  PID:6256
- C:\Windows\System\WkDUORC.exe
  C:\Windows\System\WkDUORC.exe
  2⤵
  PID:8148
- C:\Windows\System\GqacBzJ.exe
  C:\Windows\System\GqacBzJ.exe
  2⤵
  PID:8092
- C:\Windows\System\baZhwnj.exe
  C:\Windows\System\baZhwnj.exe
  2⤵
  PID:7524
- C:\Windows\System\SdwFhuH.exe
  C:\Windows\System\SdwFhuH.exe
  2⤵
  PID:7828
- C:\Windows\System\TJPOtsK.exe
  C:\Windows\System\TJPOtsK.exe
  2⤵
  PID:7288
- C:\Windows\System\jTULXrt.exe
  C:\Windows\System\jTULXrt.exe
  2⤵
  PID:7672
- C:\Windows\System\mpASxLJ.exe
  C:\Windows\System\mpASxLJ.exe
  2⤵
  PID:7852
- C:\Windows\System\DBRDNbq.exe
  C:\Windows\System\DBRDNbq.exe
  2⤵
  PID:5896
- C:\Windows\System\ZtoiDLP.exe
  C:\Windows\System\ZtoiDLP.exe
  2⤵
  PID:2912
- C:\Windows\System\RdelNlz.exe
  C:\Windows\System\RdelNlz.exe
  2⤵
  PID:2300
- C:\Windows\System\sSVpIBK.exe
  C:\Windows\System\sSVpIBK.exe
  2⤵
  PID:8048
- C:\Windows\System\vEtzlVG.exe
  C:\Windows\System\vEtzlVG.exe
  2⤵
  PID:7108
- C:\Windows\System\ltnpmjl.exe
  C:\Windows\System\ltnpmjl.exe
  2⤵
  PID:6420
- C:\Windows\System\YHcwKAd.exe
  C:\Windows\System\YHcwKAd.exe
  2⤵
  PID:1400
- C:\Windows\System\MSSCvqI.exe
  C:\Windows\System\MSSCvqI.exe
  2⤵
  PID:7836
- C:\Windows\System\UkmMjiX.exe
  C:\Windows\System\UkmMjiX.exe
  2⤵
  PID:7384
- C:\Windows\System\kAbxSNN.exe
  C:\Windows\System\kAbxSNN.exe
  2⤵
  PID:3036
- C:\Windows\System\xcaaFZE.exe
  C:\Windows\System\xcaaFZE.exe
  2⤵
  PID:7948
- C:\Windows\System\ZslvzIo.exe
  C:\Windows\System\ZslvzIo.exe
  2⤵
  PID:8144
- C:\Windows\System\DFTmjUA.exe
  C:\Windows\System\DFTmjUA.exe
  2⤵
  PID:2812
- C:\Windows\System\gWVHRue.exe
  C:\Windows\System\gWVHRue.exe
  2⤵
  PID:1296
- C:\Windows\System\vnkwTCg.exe
  C:\Windows\System\vnkwTCg.exe
  2⤵
  PID:8052
- C:\Windows\System\aQRUuGS.exe
  C:\Windows\System\aQRUuGS.exe
  2⤵
  PID:6860
- C:\Windows\System\kaaFzcj.exe
  C:\Windows\System\kaaFzcj.exe
  2⤵
  PID:1940
- C:\Windows\System\yJBryfY.exe
  C:\Windows\System\yJBryfY.exe
  2⤵
  PID:7304
- C:\Windows\System\GdNDiek.exe
  C:\Windows\System\GdNDiek.exe
  2⤵
  PID:7668
- C:\Windows\System\ctzWmdn.exe
  C:\Windows\System\ctzWmdn.exe
  2⤵
  PID:1672
- C:\Windows\System\DzwvQAK.exe
  C:\Windows\System\DzwvQAK.exe
  2⤵
  PID:8068
- C:\Windows\System\rBGFcpS.exe
  C:\Windows\System\rBGFcpS.exe
  2⤵
  PID:6876
- C:\Windows\System\HAbWKDy.exe
  C:\Windows\System\HAbWKDy.exe
  2⤵
  PID:2688
- C:\Windows\System\sYWwZgc.exe
  C:\Windows\System\sYWwZgc.exe
  2⤵
  PID:7932
- C:\Windows\System\rgMnUGe.exe
  C:\Windows\System\rgMnUGe.exe
  2⤵
  PID:1784
- C:\Windows\System\jBcvFqD.exe
  C:\Windows\System\jBcvFqD.exe
  2⤵
  PID:7768
- C:\Windows\System\DFfYLOw.exe
  C:\Windows\System\DFfYLOw.exe
  2⤵
  PID:6344
- C:\Windows\System\EGBGvTd.exe
  C:\Windows\System\EGBGvTd.exe
  2⤵
  PID:1240
- C:\Windows\System\curBEOB.exe
  C:\Windows\System\curBEOB.exe
  2⤵
  PID:7896
- C:\Windows\System\UzciaXi.exe
  C:\Windows\System\UzciaXi.exe
  2⤵
  PID:1936
- C:\Windows\System\hgqCRWK.exe
  C:\Windows\System\hgqCRWK.exe
  2⤵
  PID:7184
- C:\Windows\System\BsHlJAA.exe
  C:\Windows\System\BsHlJAA.exe
  2⤵
  PID:7936
- C:\Windows\System\kXkSUUL.exe
  C:\Windows\System\kXkSUUL.exe
  2⤵
  PID:1244
- C:\Windows\System\oOxJSHA.exe
  C:\Windows\System\oOxJSHA.exe
  2⤵
  PID:2972
- C:\Windows\System\xmmxzmW.exe
  C:\Windows\System\xmmxzmW.exe
  2⤵
  PID:7752
- C:\Windows\System\wmGDvEN.exe
  C:\Windows\System\wmGDvEN.exe
  2⤵
  PID:8212
- C:\Windows\System\jQMUZDH.exe
  C:\Windows\System\jQMUZDH.exe
  2⤵
  PID:8228
- C:\Windows\System\VjGMeVP.exe
  C:\Windows\System\VjGMeVP.exe
  2⤵
  PID:8244
- C:\Windows\System\vekkCHs.exe
  C:\Windows\System\vekkCHs.exe
  2⤵
  PID:8260
- C:\Windows\System\LNIxQvq.exe
  C:\Windows\System\LNIxQvq.exe
  2⤵
  PID:8276
- C:\Windows\System\YiEzsfl.exe
  C:\Windows\System\YiEzsfl.exe
  2⤵
  PID:8292
- C:\Windows\System\kQxuedD.exe
  C:\Windows\System\kQxuedD.exe
  2⤵
  PID:8308
- C:\Windows\System\ThYpKVL.exe
  C:\Windows\System\ThYpKVL.exe
  2⤵
  PID:8324
- C:\Windows\System\jTaSeMm.exe
  C:\Windows\System\jTaSeMm.exe
  2⤵
  PID:8340
- C:\Windows\System\ytlizXs.exe
  C:\Windows\System\ytlizXs.exe
  2⤵
  PID:8356
- C:\Windows\System\UtoSdNe.exe
  C:\Windows\System\UtoSdNe.exe
  2⤵
  PID:8372
- C:\Windows\System\XBzcvfk.exe
  C:\Windows\System\XBzcvfk.exe
  2⤵
  PID:8388
- C:\Windows\System\xffwrbb.exe
  C:\Windows\System\xffwrbb.exe
  2⤵
  PID:8412
- C:\Windows\System\MiQhBGi.exe
  C:\Windows\System\MiQhBGi.exe
  2⤵
  PID:8428
- C:\Windows\System\HyZTjte.exe
  C:\Windows\System\HyZTjte.exe
  2⤵
  PID:8444
- C:\Windows\System\NEdycEh.exe
  C:\Windows\System\NEdycEh.exe
  2⤵
  PID:8460
- C:\Windows\System\NrDhSJr.exe
  C:\Windows\System\NrDhSJr.exe
  2⤵
  PID:8476
- C:\Windows\System\YjUuBHa.exe
  C:\Windows\System\YjUuBHa.exe
  2⤵
  PID:8492
- C:\Windows\System\NdrkSsp.exe
  C:\Windows\System\NdrkSsp.exe
  2⤵
  PID:8508
- C:\Windows\System\YlPEJMj.exe
  C:\Windows\System\YlPEJMj.exe
  2⤵
  PID:8524
- C:\Windows\System\ZophVGy.exe
  C:\Windows\System\ZophVGy.exe
  2⤵
  PID:8540
- C:\Windows\System\kgYXhUp.exe
  C:\Windows\System\kgYXhUp.exe
  2⤵
  PID:8556
- C:\Windows\System\HfXxkEX.exe
  C:\Windows\System\HfXxkEX.exe
  2⤵
  PID:8572
- C:\Windows\System\aftKiTN.exe
  C:\Windows\System\aftKiTN.exe
  2⤵
  PID:8588
- C:\Windows\System\rKkNHaA.exe
  C:\Windows\System\rKkNHaA.exe
  2⤵
  PID:8604
- C:\Windows\System\tmOqqPB.exe
  C:\Windows\System\tmOqqPB.exe
  2⤵
  PID:8620
- C:\Windows\System\FihCnxG.exe
  C:\Windows\System\FihCnxG.exe
  2⤵
  PID:8636
- C:\Windows\System\TKXxuWT.exe
  C:\Windows\System\TKXxuWT.exe
  2⤵
  PID:8652
- C:\Windows\System\RMRPAqX.exe
  C:\Windows\System\RMRPAqX.exe
  2⤵
  PID:8668
- C:\Windows\System\jOrTJzc.exe
  C:\Windows\System\jOrTJzc.exe
  2⤵
  PID:8684
- C:\Windows\System\FhHbxqa.exe
  C:\Windows\System\FhHbxqa.exe
  2⤵
  PID:8700
- C:\Windows\System\aOUmHNA.exe
  C:\Windows\System\aOUmHNA.exe
  2⤵
  PID:8720
- C:\Windows\System\mYRwFWC.exe
  C:\Windows\System\mYRwFWC.exe
  2⤵
  PID:8736
- C:\Windows\System\ZnKuYTa.exe
  C:\Windows\System\ZnKuYTa.exe
  2⤵
  PID:8752
- C:\Windows\System\AEDGhRR.exe
  C:\Windows\System\AEDGhRR.exe
  2⤵
  PID:8768
- C:\Windows\System\NJHiVGp.exe
  C:\Windows\System\NJHiVGp.exe
  2⤵
  PID:8784
- C:\Windows\System\fLelPWa.exe
  C:\Windows\System\fLelPWa.exe
  2⤵
  PID:8800
- C:\Windows\System\qczMnYZ.exe
  C:\Windows\System\qczMnYZ.exe
  2⤵
  PID:8816
- C:\Windows\System\nfwuXPh.exe
  C:\Windows\System\nfwuXPh.exe
  2⤵
  PID:8832
- C:\Windows\System\SvCYtOe.exe
  C:\Windows\System\SvCYtOe.exe
  2⤵
  PID:8848
- C:\Windows\System\YoWqpLf.exe
  C:\Windows\System\YoWqpLf.exe
  2⤵
  PID:8864
- C:\Windows\System\FpbVfcw.exe
  C:\Windows\System\FpbVfcw.exe
  2⤵
  PID:8880
- C:\Windows\System\RDkdLhM.exe
  C:\Windows\System\RDkdLhM.exe
  2⤵
  PID:8896
- C:\Windows\System\NXhlcpt.exe
  C:\Windows\System\NXhlcpt.exe
  2⤵
  PID:8912
- C:\Windows\System\PFLZkeR.exe
  C:\Windows\System\PFLZkeR.exe
  2⤵
  PID:8928
- C:\Windows\System\KgiYKHb.exe
  C:\Windows\System\KgiYKHb.exe
  2⤵
  PID:8944
- C:\Windows\System\IlpNCJU.exe
  C:\Windows\System\IlpNCJU.exe
  2⤵
  PID:8960
- C:\Windows\System\IfnQyGq.exe
  C:\Windows\System\IfnQyGq.exe
  2⤵
  PID:8976
- C:\Windows\System\GwfNPuX.exe
  C:\Windows\System\GwfNPuX.exe
  2⤵
  PID:8992
- C:\Windows\System\tiVMEhy.exe
  C:\Windows\System\tiVMEhy.exe
  2⤵
  PID:9008
- C:\Windows\System\sLrGqcc.exe
  C:\Windows\System\sLrGqcc.exe
  2⤵
  PID:9028
- C:\Windows\System\pCqqEXA.exe
  C:\Windows\System\pCqqEXA.exe
  2⤵
  PID:9044
- C:\Windows\System\ixPshqh.exe
  C:\Windows\System\ixPshqh.exe
  2⤵
  PID:9060
- C:\Windows\System\FizIzYI.exe
  C:\Windows\System\FizIzYI.exe
  2⤵
  PID:9076
- C:\Windows\System\HmZQbOz.exe
  C:\Windows\System\HmZQbOz.exe
  2⤵
  PID:9092
- C:\Windows\System\EomFHSK.exe
  C:\Windows\System\EomFHSK.exe
  2⤵
  PID:9108
- C:\Windows\System\vyxexLE.exe
  C:\Windows\System\vyxexLE.exe
  2⤵
  PID:9124
- C:\Windows\System\wAbQihe.exe
  C:\Windows\System\wAbQihe.exe
  2⤵
  PID:9140
- C:\Windows\System\KGQjdld.exe
  C:\Windows\System\KGQjdld.exe
  2⤵
  PID:9156
- C:\Windows\System\sHTAfLz.exe
  C:\Windows\System\sHTAfLz.exe
  2⤵
  PID:9172
- C:\Windows\System\mpAZvHb.exe
  C:\Windows\System\mpAZvHb.exe
  2⤵
  PID:9188
- C:\Windows\System\bkgKkdr.exe
  C:\Windows\System\bkgKkdr.exe
  2⤵
  PID:9208
- C:\Windows\System\NQLjCxr.exe
  C:\Windows\System\NQLjCxr.exe
  2⤵
  PID:2992
- C:\Windows\System\dgXrisf.exe
  C:\Windows\System\dgXrisf.exe
  2⤵
  PID:2092
- C:\Windows\System\TSGAiXu.exe
  C:\Windows\System\TSGAiXu.exe
  2⤵
  PID:7388
- C:\Windows\System\mVjlbpE.exe
  C:\Windows\System\mVjlbpE.exe
  2⤵
  PID:8204
- C:\Windows\System\dlmsQnt.exe
  C:\Windows\System\dlmsQnt.exe
  2⤵
  PID:8304
- C:\Windows\System\lyTYnbt.exe
  C:\Windows\System\lyTYnbt.exe
  2⤵
  PID:7368
- C:\Windows\System\yTtQdlf.exe
  C:\Windows\System\yTtQdlf.exe
  2⤵
  PID:1324
- C:\Windows\System\rgIxIQE.exe
  C:\Windows\System\rgIxIQE.exe
  2⤵
  PID:8252
- C:\Windows\System\eWkXiUZ.exe
  C:\Windows\System\eWkXiUZ.exe
  2⤵
  PID:8520
- C:\Windows\System\KTNCNWL.exe
  C:\Windows\System\KTNCNWL.exe
  2⤵
  PID:8616
- C:\Windows\System\QjoBETr.exe
  C:\Windows\System\QjoBETr.exe
  2⤵
  PID:8648
- C:\Windows\System\gWMfcTE.exe
  C:\Windows\System\gWMfcTE.exe
  2⤵
  PID:8532
- C:\Windows\System\ljWlnFb.exe
  C:\Windows\System\ljWlnFb.exe
  2⤵
  PID:8596
- C:\Windows\System\xthJQaX.exe
  C:\Windows\System\xthJQaX.exe
  2⤵
  PID:8716
- C:\Windows\System\kkiIHpg.exe
  C:\Windows\System\kkiIHpg.exe
  2⤵
  PID:8748
- C:\Windows\System\FHIANyq.exe
  C:\Windows\System\FHIANyq.exe
  2⤵
  PID:8812
- C:\Windows\System\azlwwuj.exe
  C:\Windows\System\azlwwuj.exe
  2⤵
  PID:9136
- C:\Windows\System\PwCmxsv.exe
  C:\Windows\System\PwCmxsv.exe
  2⤵
  PID:9200
- C:\Windows\System\HZuFsva.exe
  C:\Windows\System\HZuFsva.exe
  2⤵
  PID:9084
- C:\Windows\System\oWUsnLc.exe
  C:\Windows\System\oWUsnLc.exe
  2⤵
  PID:9184
- C:\Windows\System\ixKmErd.exe
  C:\Windows\System\ixKmErd.exe
  2⤵
  PID:9120
- C:\Windows\System\QdNVRpe.exe
  C:\Windows\System\QdNVRpe.exe
  2⤵
  PID:8200
- C:\Windows\System\eXjWuFz.exe
  C:\Windows\System\eXjWuFz.exe
  2⤵
  PID:8240
- C:\Windows\System\KoNvpMq.exe
  C:\Windows\System\KoNvpMq.exe
  2⤵
  PID:5048
- C:\Windows\System\NtBRkfh.exe
  C:\Windows\System\NtBRkfh.exe
  2⤵
  PID:8320
- C:\Windows\System\hRCJWqW.exe
  C:\Windows\System\hRCJWqW.exe
  2⤵
  PID:8384
- C:\Windows\System\YQViAfR.exe
  C:\Windows\System\YQViAfR.exe
  2⤵
  PID:8364
- C:\Windows\System\fdroTFs.exe
  C:\Windows\System\fdroTFs.exe
  2⤵
  PID:8436
- C:\Windows\System\xlFfMPy.exe
  C:\Windows\System\xlFfMPy.exe
  2⤵
  PID:8396
- C:\Windows\System\oUjyAIz.exe
  C:\Windows\System\oUjyAIz.exe
  2⤵
  PID:8552
- C:\Windows\System\QCMsZMr.exe
  C:\Windows\System\QCMsZMr.exe
  2⤵
  PID:8680
- C:\Windows\System\zcoDeHq.exe
  C:\Windows\System\zcoDeHq.exe
  2⤵
  PID:8632
- C:\Windows\System\zIntgEY.exe
  C:\Windows\System\zIntgEY.exe
  2⤵
  PID:8568
- C:\Windows\System\KVEzqDY.exe
  C:\Windows\System\KVEzqDY.exe
  2⤵
  PID:9196
- C:\Windows\System\iyBOpUU.exe
  C:\Windows\System\iyBOpUU.exe
  2⤵
  PID:8728
- C:\Windows\System\atPdKSs.exe
  C:\Windows\System\atPdKSs.exe
  2⤵
  PID:8796
- C:\Windows\System\HfxMYMX.exe
  C:\Windows\System\HfxMYMX.exe
  2⤵
  PID:8732
- C:\Windows\System\HxatNlH.exe
  C:\Windows\System\HxatNlH.exe
  2⤵
  PID:8856
- C:\Windows\System\fwbxpnh.exe
  C:\Windows\System\fwbxpnh.exe
  2⤵
  PID:8888
- C:\Windows\System\flcSnzV.exe
  C:\Windows\System\flcSnzV.exe
  2⤵
  PID:8904
- C:\Windows\System\zfjgauX.exe
  C:\Windows\System\zfjgauX.exe
  2⤵
  PID:8952
- C:\Windows\System\UYRxGCT.exe
  C:\Windows\System\UYRxGCT.exe
  2⤵
  PID:9004
- C:\Windows\System\vnwLRST.exe
  C:\Windows\System\vnwLRST.exe
  2⤵
  PID:9040
- C:\Windows\System\CJRZuDJ.exe
  C:\Windows\System\CJRZuDJ.exe
  2⤵
  PID:9020
- C:\Windows\System\lKRfRRS.exe
  C:\Windows\System\lKRfRRS.exe
  2⤵
  PID:9052
- C:\Windows\System\jcylrNL.exe
  C:\Windows\System\jcylrNL.exe
  2⤵
  PID:988
- C:\Windows\System\WxIIdAg.exe
  C:\Windows\System\WxIIdAg.exe
  2⤵
  PID:9116
- C:\Windows\System\vMfrdst.exe
  C:\Windows\System\vMfrdst.exe
  2⤵
  PID:8236
- C:\Windows\System\FjWTDMn.exe
  C:\Windows\System\FjWTDMn.exe
  2⤵
  PID:8284
- C:\Windows\System\pLMUIEU.exe
  C:\Windows\System\pLMUIEU.exe
  2⤵
  PID:8424
- C:\Windows\System\GuzHhBv.exe
  C:\Windows\System\GuzHhBv.exe
  2⤵
  PID:8404
- C:\Windows\System\letetid.exe
  C:\Windows\System\letetid.exe
  2⤵
  PID:8488
- C:\Windows\System\orZDVYL.exe
  C:\Windows\System\orZDVYL.exe
  2⤵
  PID:8500
- C:\Windows\System\JiJRSjU.exe
  C:\Windows\System\JiJRSjU.exe
  2⤵
  PID:8792
- C:\Windows\System\QniFyUG.exe
  C:\Windows\System\QniFyUG.exe
  2⤵
  PID:8808
- C:\Windows\System\oHQiYiX.exe
  C:\Windows\System\oHQiYiX.exe
  2⤵
  PID:8940
- C:\Windows\System\VVLzVtG.exe
  C:\Windows\System\VVLzVtG.exe
  2⤵
  PID:9068
- C:\Windows\System\AIYaMwA.exe
  C:\Windows\System\AIYaMwA.exe
  2⤵
  PID:8968
- C:\Windows\System\PbcBhzl.exe
  C:\Windows\System\PbcBhzl.exe
  2⤵
  PID:9104
- C:\Windows\System\IdtzKXL.exe
  C:\Windows\System\IdtzKXL.exe
  2⤵
  PID:8224
- C:\Windows\System\FpWDFUY.exe
  C:\Windows\System\FpWDFUY.exe
  2⤵
  PID:8628
- C:\Windows\System\HsSLzRY.exe
  C:\Windows\System\HsSLzRY.exe
  2⤵
  PID:8440
- C:\Windows\System\TImHjug.exe
  C:\Windows\System\TImHjug.exe
  2⤵
  PID:8824
- C:\Windows\System\YhDKVdf.exe
  C:\Windows\System\YhDKVdf.exe
  2⤵
  PID:8692
- C:\Windows\System\iTEjzRn.exe
  C:\Windows\System\iTEjzRn.exe
  2⤵
  PID:9036
- C:\Windows\System\zQwJtPA.exe
  C:\Windows\System\zQwJtPA.exe
  2⤵
  PID:9072
- C:\Windows\System\Fntsban.exe
  C:\Windows\System\Fntsban.exe
  2⤵
  PID:8268
- C:\Windows\System\ewTPYct.exe
  C:\Windows\System\ewTPYct.exe
  2⤵
  PID:9224
- C:\Windows\System\EsUMQFL.exe
  C:\Windows\System\EsUMQFL.exe
  2⤵
  PID:9240
- C:\Windows\System\xKASMSv.exe
  C:\Windows\System\xKASMSv.exe
  2⤵
  PID:9256
- C:\Windows\System\wMrYxWs.exe
  C:\Windows\System\wMrYxWs.exe
  2⤵
  PID:9272
- C:\Windows\System\yUpQWkL.exe
  C:\Windows\System\yUpQWkL.exe
  2⤵
  PID:9288
- C:\Windows\System\lJStsaR.exe
  C:\Windows\System\lJStsaR.exe
  2⤵
  PID:9304
- C:\Windows\System\LLJgpvp.exe
  C:\Windows\System\LLJgpvp.exe
  2⤵
  PID:9320
- C:\Windows\System\CUvhjLG.exe
  C:\Windows\System\CUvhjLG.exe
  2⤵
  PID:9336
- C:\Windows\System\FxoRUxE.exe
  C:\Windows\System\FxoRUxE.exe
  2⤵
  PID:9352
- C:\Windows\System\AIhrpne.exe
  C:\Windows\System\AIhrpne.exe
  2⤵
  PID:9368
- C:\Windows\System\ioBHtFa.exe
  C:\Windows\System\ioBHtFa.exe
  2⤵
  PID:9384
- C:\Windows\System\DgGEeqb.exe
  C:\Windows\System\DgGEeqb.exe
  2⤵
  PID:9400
- C:\Windows\System\JHVoKYP.exe
  C:\Windows\System\JHVoKYP.exe
  2⤵
  PID:9416
- C:\Windows\System\AzvsviD.exe
  C:\Windows\System\AzvsviD.exe
  2⤵
  PID:9432
- C:\Windows\System\rNrvolg.exe
  C:\Windows\System\rNrvolg.exe
  2⤵
  PID:9448
- C:\Windows\System\eLoXcrV.exe
  C:\Windows\System\eLoXcrV.exe
  2⤵
  PID:9464
- C:\Windows\System\WLqvtcm.exe
  C:\Windows\System\WLqvtcm.exe
  2⤵
  PID:9480
- C:\Windows\System\HDDMSiM.exe
  C:\Windows\System\HDDMSiM.exe
  2⤵
  PID:9496
- C:\Windows\System\uHVsToF.exe
  C:\Windows\System\uHVsToF.exe
  2⤵
  PID:9512
- C:\Windows\System\veAZrwW.exe
  C:\Windows\System\veAZrwW.exe
  2⤵
  PID:9528
- C:\Windows\System\RVCRWJY.exe
  C:\Windows\System\RVCRWJY.exe
  2⤵
  PID:9544
- C:\Windows\System\AYmzpBu.exe
  C:\Windows\System\AYmzpBu.exe
  2⤵
  PID:9560
- C:\Windows\System\pjShwYA.exe
  C:\Windows\System\pjShwYA.exe
  2⤵
  PID:9576
- C:\Windows\System\rEoEEPH.exe
  C:\Windows\System\rEoEEPH.exe
  2⤵
  PID:9592
- C:\Windows\System\UdaUtQN.exe
  C:\Windows\System\UdaUtQN.exe
  2⤵
  PID:9612
- C:\Windows\System\MHRKuFu.exe
  C:\Windows\System\MHRKuFu.exe
  2⤵
  PID:9632
- C:\Windows\System\mmCEfFm.exe
  C:\Windows\System\mmCEfFm.exe
  2⤵
  PID:9648
- C:\Windows\System\rlUFYmG.exe
  C:\Windows\System\rlUFYmG.exe
  2⤵
  PID:9668
- C:\Windows\System\DaYQbae.exe
  C:\Windows\System\DaYQbae.exe
  2⤵
  PID:9684
- C:\Windows\System\DkSuJOX.exe
  C:\Windows\System\DkSuJOX.exe
  2⤵
  PID:9700
- C:\Windows\System\HBOuTem.exe
  C:\Windows\System\HBOuTem.exe
  2⤵
  PID:9720
- C:\Windows\System\HTwwPpp.exe
  C:\Windows\System\HTwwPpp.exe
  2⤵
  PID:9736
- C:\Windows\System\wjwShrJ.exe
  C:\Windows\System\wjwShrJ.exe
  2⤵
  PID:9752
- C:\Windows\System\fPJXKUR.exe
  C:\Windows\System\fPJXKUR.exe
  2⤵
  PID:9768
- C:\Windows\System\iYbDcYC.exe
  C:\Windows\System\iYbDcYC.exe
  2⤵
  PID:9784
- C:\Windows\System\EWVeMUB.exe
  C:\Windows\System\EWVeMUB.exe
  2⤵
  PID:9800
- C:\Windows\System\azDzXzq.exe
  C:\Windows\System\azDzXzq.exe
  2⤵
  PID:9816
- C:\Windows\System\YBheFJz.exe
  C:\Windows\System\YBheFJz.exe
  2⤵
  PID:9832
- C:\Windows\System\yzfkIXP.exe
  C:\Windows\System\yzfkIXP.exe
  2⤵
  PID:9848
- C:\Windows\System\piBucLw.exe
  C:\Windows\System\piBucLw.exe
  2⤵
  PID:9864
- C:\Windows\System\mUVWcww.exe
  C:\Windows\System\mUVWcww.exe
  2⤵
  PID:9880
- C:\Windows\System\blDAaLA.exe
  C:\Windows\System\blDAaLA.exe
  2⤵
  PID:9896
- C:\Windows\System\wfSbQXQ.exe
  C:\Windows\System\wfSbQXQ.exe
  2⤵
  PID:9912
- C:\Windows\System\vZCAjtx.exe
  C:\Windows\System\vZCAjtx.exe
  2⤵
  PID:9932
- C:\Windows\System\IywCPYS.exe
  C:\Windows\System\IywCPYS.exe
  2⤵
  PID:9948
- C:\Windows\System\evKbaGD.exe
  C:\Windows\System\evKbaGD.exe
  2⤵
  PID:9964
- C:\Windows\System\edtXQzd.exe
  C:\Windows\System\edtXQzd.exe
  2⤵
  PID:9980
- C:\Windows\System\zftPwEo.exe
  C:\Windows\System\zftPwEo.exe
  2⤵
  PID:9996
- C:\Windows\System\pyTwKLU.exe
  C:\Windows\System\pyTwKLU.exe
  2⤵
  PID:10012
- C:\Windows\System\dTyjlWm.exe
  C:\Windows\System\dTyjlWm.exe
  2⤵
  PID:10028
- C:\Windows\System\HsAdlHK.exe
  C:\Windows\System\HsAdlHK.exe
  2⤵
  PID:10044
- C:\Windows\System\pvmyIJp.exe
  C:\Windows\System\pvmyIJp.exe
  2⤵
  PID:10060
- C:\Windows\System\TkzAlYJ.exe
  C:\Windows\System\TkzAlYJ.exe
  2⤵
  PID:10076
- C:\Windows\System\aKXMcTN.exe
  C:\Windows\System\aKXMcTN.exe
  2⤵
  PID:10092
- C:\Windows\System\iiFimKZ.exe
  C:\Windows\System\iiFimKZ.exe
  2⤵
  PID:10108
- C:\Windows\System\BnFASEb.exe
  C:\Windows\System\BnFASEb.exe
  2⤵
  PID:10124
- C:\Windows\System\JVestMf.exe
  C:\Windows\System\JVestMf.exe
  2⤵
  PID:10140
- C:\Windows\System\ryzlvfG.exe
  C:\Windows\System\ryzlvfG.exe
  2⤵
  PID:10156
- C:\Windows\System\vIRUUmc.exe
  C:\Windows\System\vIRUUmc.exe
  2⤵
  PID:10172
- C:\Windows\System\YTzQCpZ.exe
  C:\Windows\System\YTzQCpZ.exe
  2⤵
  PID:10188
- C:\Windows\System\EUnBTWL.exe
  C:\Windows\System\EUnBTWL.exe
  2⤵
  PID:10204
- C:\Windows\System\BDdNGoF.exe
  C:\Windows\System\BDdNGoF.exe
  2⤵
  PID:10220
- C:\Windows\System\FelHbUD.exe
  C:\Windows\System\FelHbUD.exe
  2⤵
  PID:10236
- C:\Windows\System\MWBSgdx.exe
  C:\Windows\System\MWBSgdx.exe
  2⤵
  PID:9016
- C:\Windows\System\CcgXSkQ.exe
  C:\Windows\System\CcgXSkQ.exe
  2⤵
  PID:9252
- C:\Windows\System\sOUVobt.exe
  C:\Windows\System\sOUVobt.exe
  2⤵
  PID:8112
- C:\Windows\System\MOTtEyy.exe
  C:\Windows\System\MOTtEyy.exe
  2⤵
  PID:7432
- C:\Windows\System\bchstpU.exe
  C:\Windows\System\bchstpU.exe
  2⤵
  PID:9236
- C:\Windows\System\nxJxqlH.exe
  C:\Windows\System\nxJxqlH.exe
  2⤵
  PID:9332
- C:\Windows\System\ElUXqxp.exe
  C:\Windows\System\ElUXqxp.exe
  2⤵
  PID:9376
- C:\Windows\System\URATyko.exe
  C:\Windows\System\URATyko.exe
  2⤵
  PID:9360
- C:\Windows\System\PzPxTSe.exe
  C:\Windows\System\PzPxTSe.exe
  2⤵
  PID:9456
- C:\Windows\System\plwIOPe.exe
  C:\Windows\System\plwIOPe.exe
  2⤵
  PID:9412
- C:\Windows\System\gegIppe.exe
  C:\Windows\System\gegIppe.exe
  2⤵
  PID:9476
- C:\Windows\System\gGZEFLs.exe
  C:\Windows\System\gGZEFLs.exe
  2⤵
  PID:9540
- C:\Windows\System\XQEwjAX.exe
  C:\Windows\System\XQEwjAX.exe
  2⤵
  PID:9588
- C:\Windows\System\THZFOTR.exe
  C:\Windows\System\THZFOTR.exe
  2⤵
  PID:9520
- C:\Windows\System\EsYuzqC.exe
  C:\Windows\System\EsYuzqC.exe
  2⤵
  PID:9604
- C:\Windows\System\tceFWDy.exe
  C:\Windows\System\tceFWDy.exe
  2⤵
  PID:9624
- C:\Windows\System\JrSXeFz.exe
  C:\Windows\System\JrSXeFz.exe
  2⤵
  PID:9656
- C:\Windows\System\oyowNFO.exe
  C:\Windows\System\oyowNFO.exe
  2⤵
  PID:9680
- C:\Windows\System\BJAnJLQ.exe
  C:\Windows\System\BJAnJLQ.exe
  2⤵
  PID:9744
- C:\Windows\System\MaOVXaW.exe
  C:\Windows\System\MaOVXaW.exe
  2⤵
  PID:9716
- C:\Windows\System\JUQgXnx.exe
  C:\Windows\System\JUQgXnx.exe
  2⤵
  PID:9776
- C:\Windows\System\DoOzvDo.exe
  C:\Windows\System\DoOzvDo.exe
  2⤵
  PID:9824
- C:\Windows\System\qszzLbn.exe
  C:\Windows\System\qszzLbn.exe
  2⤵
  PID:9856
- C:\Windows\System\StRhaaH.exe
  C:\Windows\System\StRhaaH.exe
  2⤵
  PID:9660
- C:\Windows\System\lksIqmB.exe
  C:\Windows\System\lksIqmB.exe
  2⤵
  PID:9972
- C:\Windows\System\FGRCByA.exe
  C:\Windows\System\FGRCByA.exe
  2⤵
  PID:10036
- C:\Windows\System\BbQpnUK.exe
  C:\Windows\System\BbQpnUK.exe
  2⤵
  PID:10072
- C:\Windows\System\UoxPjGb.exe
  C:\Windows\System\UoxPjGb.exe
  2⤵
  PID:10136
- C:\Windows\System\PICqfGy.exe
  C:\Windows\System\PICqfGy.exe
  2⤵
  PID:9928
- C:\Windows\System\UDDAbRH.exe
  C:\Windows\System\UDDAbRH.exe
  2⤵
  PID:9892
- C:\Windows\System\SkONJTt.exe
  C:\Windows\System\SkONJTt.exe
  2⤵
  PID:9312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BLmIMNX.exe

Filesize
6.0MB

MD5
93e7f222ebc8c35db468d6de372e59bb

SHA1
91cdc7fe33004f887c3a7326d239a8ab5d4387f1

SHA256
785e2bc67b713ab0af1407cf7acb2600ac2d13301e1dbfc1f54b130c1bd7d7fb

SHA512
d8bc64f4145979d8ce369ffbc903b908d4415979490e44be39692fac5a7cdc72132da0d8165a7409eb2b5ba4b901a59356847a49821ffbd6dae2e1c4739de4aa

Download Submit
C:\Windows\system\HcBOtZq.exe

Filesize
6.0MB

MD5
18607c4978b5e0d130435e2bf778063b

SHA1
612d656d54fee9bae0b6651fcafdd34390aab052

SHA256
b9835270943886ee41db7784b398571096442ee9938746796aeab48e3e6e28a3

SHA512
d5bad9d706ff5557cce8b2fe332a8edf89504406730ab3870173ac516f88f48e8c27c5f68036e8a068a0331643983574fcff8f90f1b00f63dd15945bfc8f2b0d

Download Submit
C:\Windows\system\IqWazpw.exe

Filesize
6.0MB

MD5
d77541541c837fc773c4ff47f572b985

SHA1
58db8ab5a5069b1f6959d596f7819c3aec5cfc6c

SHA256
10514adae34377962b0f7df4ab825677926813c2d9964a1afd3875d9ecd7357a

SHA512
52e6d5f192f4a65deada31dedabe1de5e7de03685ea54394bc38b978e7b5842dbf6daa5d6145bad2669af04b05148a30183daae77466895fc49fac2bebf6285e

Download Submit
C:\Windows\system\JofDlvx.exe

Filesize
6.0MB

MD5
eb42ddcff130e2a242c80dd970b1c513

SHA1
93ccca3eb757cb10fae9de662e13a1cea0c8f73b

SHA256
3162d422cea6997ded0aa51e428adfe063eea69dcf5177c81bf3f2e377f3c70e

SHA512
baed895cfdbf0218a6df1e5bb5f9ff823b6cefa0f096a1f8ddb65c1316385c29eabb5a52e5f7c74918153f615fa8bcba282177945b575db5fd3fa25c40c0ff45

Download Submit
C:\Windows\system\KtCYcVw.exe

Filesize
6.0MB

MD5
cf6b5619541abb705c092c275fd0faa0

SHA1
d1205b3b3d61f1fa282668861a9e8c1d3e3f3957

SHA256
602cf0800ee3d93fc14b59c32450475e987f51b36a567484ef4b84f036b91a8d

SHA512
9a989ef1095d61739c5f19cfdf5d6cec72fc35b1824d6e89efc8a522999d4a27df064b4049cd60aad21f57a9d05e8b5b6e7dadead71bbed0487e14d701d2f218

Download Submit
C:\Windows\system\OtwkNmj.exe

Filesize
6.0MB

MD5
c803eb46b8336b061141a745ed80cf02

SHA1
acf13b326cd53e3388217abe2327f5ee92f0e464

SHA256
ed438e126a40fa51b52e6107866f2c6b91e6c117ee5745f3b2f4c06673a87c22

SHA512
242d71ef87e89a7c974fb3fd032d0293cec1a2a298b420ac8467683151f239e1f197cbdb27dfc64c47f28946b535755f1952b9d3d0b7df78c6d1b1c838a7051f

Download Submit
C:\Windows\system\UWiXJAY.exe

Filesize
6.0MB

MD5
9ca75f9e8133cf39bf6323f2ec60dc27

SHA1
d19071f68318fdec90bfe465df51359e71add14f

SHA256
edfaea87b8310adc9b24e8d01780bd2be4103e5aeecfcc71f0f7f3161824425d

SHA512
70d6a961d33e41c18f5301e60f22bec9897377c0bfb752628d38675148f6f6b948c5ca7ff091fac8a84276b0bd476f93d30397982b0d04467e366c1cd76ec64a

Download Submit
C:\Windows\system\UjDWmcy.exe

Filesize
6.0MB

MD5
c68465f6ec17fe2df453b3218ff32902

SHA1
92837979d084c8112a350754a4a3b5cd6e25ef1e

SHA256
40ed36d9ac28b0d6014da5c64e10e8b640f391626f23dc0b8f86db6705d36c24

SHA512
a35c5abd6603d89561fe2ba0c513c71dfff3f3900274a98ee7dc186fc4983dc0b974c2ab2353383c3d4b010da1ea1798c7c9e5ade6d0dad29d66e8ceae941f48

Download Submit
C:\Windows\system\VHtiUKD.exe

Filesize
6.0MB

MD5
6ac9e1b58b072b519f84e3d6c7d6dd68

SHA1
8d681bbd234bcbc551626d65d8156ca464fac85b

SHA256
f50cbb6f6e11d5c1e66fc11453e0028bd85b0004eb75e8ae514d61c54b289dca

SHA512
5d8b3996c13d6d2f0be2b2507b03e4191fcd2ac50d7d90cd0c8f3c7cba3231dadde89d97dbd202ed0852a7959d4c42d8b6950cdc9329b767b9558ce78efb3658

Download Submit
C:\Windows\system\djIkYyF.exe

Filesize
6.0MB

MD5
6387391fabfd6de7b7e7aba1b8fdbe39

SHA1
368f84d33e2ddc1f4a5b0880eb362427a65987e5

SHA256
c95e96bdb2ae192d815e1a638a6c967b851fa4e716baee0eac5fecb921d2fc1a

SHA512
041bc7071a19a91a336f057ba9411cf285e8bf5273147c005f54e32fd4fc97ad71dee179d0cdb31304eae87f5996c6f57becbac8c89a3774887271e8868fef93

Download Submit
C:\Windows\system\dzCSQzs.exe

Filesize
6.0MB

MD5
44174b8ba6a0f6a6549bcc1a5419777e

SHA1
9083a705cfebbdb0b4766c3dfb55ed986252806b

SHA256
1136b2c1deba84049eea9b168f3da00e7384273fae95dfe9d54d9b30e8b1f4ee

SHA512
0313041a096473bd6fb32666aea8c3d4b5d8da1a6f0f91c8b93a4d3f01885f3d830aac9245d32d419283c06709459c1776500dbf9c9b18cdcca1083236f3c7ba

Download Submit
C:\Windows\system\eMdvOPD.exe

Filesize
6.0MB

MD5
2d7cdf362e243650ab4086629a0e9211

SHA1
510abdf265336d7320793607f39df38b97b2e673

SHA256
0e57204cf2e97c8de7a7d3b85041fccec15c10763d23a3f9bc9eb9a93026ff9c

SHA512
6507777753040c6fa01ab7e21b2baa223f5892ec21eab61fcce67732831f7605eb187a49be4889d2502cd9a7b0dbf403faa3827078104f75910287eb5782d8bb

Download Submit
C:\Windows\system\fztzoLe.exe

Filesize
6.0MB

MD5
f1c693710fc6e21bfe2f459b4713224f

SHA1
7941f1b82d7ea9a372beb0e348d3b184fb5fc6c1

SHA256
2c84c31592538a59403aa6f5a64ad7181afbdcb0ceb7203735e968cc31db6ee5

SHA512
bda76c7b8b54284123bc694f4b118edeabe509100615e17e5cf16954816cb14d1947d40c2c032abd934f2d0c5e5adb7d0450de18be2d1fd8b90445b4031e8c74

Download Submit
C:\Windows\system\oDSGWZV.exe

Filesize
6.0MB

MD5
2466f8911617c0d16f2b7e27c58397be

SHA1
d7d7e57d6e44956add3965e17354d4facdb025fb

SHA256
f70fcb5bbea08bb5f9921bc7a46553ec1a1f8e4648364cf53f8ac04c9eb87bb4

SHA512
500e34f075f3ed35245e5e9147a78748e0ba3e3933df7e457613c152b7e762d067ccd363633ceafd3e136135adef329b16507135262b8ac7e5771bf27a80db7a

Download Submit
C:\Windows\system\pEbEZOf.exe

Filesize
6.0MB

MD5
aa933b5d986306192dab9565c48906a7

SHA1
af3f28b636dbbb0ac1e9e91b0d3fbb27140b097e

SHA256
f5f9ec08e45514bd1f7bc51821be87fc2e37038a905639b8f7bb64dff537db8f

SHA512
b263d9612c58a1fd082bd9dd35144f83141f315f9e4c3a4c8e34a923394f6ccc1219b88c62857ddc12051e7b7debd28ddccc224bbb5a813e0bc249fbdc8421a9

Download Submit
C:\Windows\system\pytPZFg.exe

Filesize
6.0MB

MD5
3101c7d7776b412f5985607426c50c2d

SHA1
0c26b671b7880c543fc0ff5ef9e67f4fd7e31ac4

SHA256
8bf4b309fed2a14ca463fef19702ac2297287f5713386ac4fd4a9ac6c947b357

SHA512
17d9a1d0c444bdeb47cc6c65913057ee12119aa37997f1bbec6c09782d2514e13c5dd6cf455e0e264e30d7f630c9d7ce7dc81c11fea98168b5d18992893d0c6a

Download Submit
C:\Windows\system\qCrJszy.exe

Filesize
6.0MB

MD5
77a99b3a0e3459f3eb44bc62629bfad3

SHA1
2e60577fe70299e29704e65263e03432d7433707

SHA256
fb413ac1b715652ab1b4f71c3df82fea5edf2c42d9ba7de15313010b564ea19b

SHA512
f4ece086fba33f8250adebc29c5a5da980a6452bc769b6739d5053350bb45a8613da29e5da4b12d1071f2da934f6bb692f21bd133c46f4975b5d815e027ea86b

Download Submit
C:\Windows\system\qVpppJv.exe

Filesize
6.0MB

MD5
d7e39ad725e7f346e519d6a598d44048

SHA1
ab2f8225fdf8583b4a9c1e6d932ccdfb8bd1c538

SHA256
3a04abd787f485ac99d1e757c7aa4ccd7aca4791e05001ef26593ebb3457fe45

SHA512
5173e9833798c1fef6a7df11097b599f46135e769fa5dc117aee45b7d30ab6c94c86379bb92ce39f5c8afa39ed66ff2dea907ada0eb5cf59c5fab8c838c35a9b

Download Submit
C:\Windows\system\rNbdefI.exe

Filesize
6.0MB

MD5
3e16f38000b3ae16bb900a56b6c4f1bb

SHA1
15822063f11a0564ff543e51bda6aa55e0cd9b35

SHA256
b207b9251fdd5bd139d56eea486043e122c31fd44a2690474cc187e9274cbf87

SHA512
f293e70130d9caac69c125a81b7bcf123e90c17e0db2d5992618d3c3a7f402ae95aa70525b3ed5dc92696ee4ee9ef8a967d742f14e6dd069a0d947c22d8c6390

Download Submit
C:\Windows\system\sVUefXH.exe

Filesize
6.0MB

MD5
857824959a3b637f6d8d5e382b0f299f

SHA1
4655c78f4cf60076a586dd378a601adeed8cbc7a

SHA256
a709b002e2c082585f9823a11016ce4b0176a2585d6cfcd2c274eccd278e13d0

SHA512
3c30b5bb5dc675f70cedf132d8e7478b835cb9989717ec6b37526b2cb44cb464df66f14a3160fbdf7aa602083cb135013d10f11bff2c0d1c2e891322c27bb6a3

Download Submit
C:\Windows\system\szXMYNC.exe

Filesize
6.0MB

MD5
3194f2cbbbf1d95077adbe14a43bffe0

SHA1
99bb18f77947cc89550b7fcb39c92f34ead693bc

SHA256
816564020e3895d633403a08a1ee5ac758a8487dba78a2c17e86e8a1808782e0

SHA512
fccd4172263e9697ee9e12a058f636e13cadf86ea235564801e966173094f979ef6c46b421faec63607212bf9a54eef7942106573c7e8611861d6c795aaede6e

Download Submit
C:\Windows\system\vCtVgvV.exe

Filesize
6.0MB

MD5
b6c02c5c7110b01aec6e68b8cfdd3d49

SHA1
76a5c8234b44985c406d1c56d6e1bda0f2215103

SHA256
4d226ce1b2efbc4c22444d8624d9c4ca9c01ea002b10d6e645e1f67135489cde

SHA512
e4665428d833f9b655d4e7708b12e161e33d9f5ee52df0ce9161f43928f00bfe63386f469f90f78caa2c90638d3c012a9355aa07830afb81004436f81cedbb9e

Download Submit
C:\Windows\system\xIvHhEt.exe

Filesize
6.0MB

MD5
0f8775bd95ec10ac83c5b8418bfaf3e6

SHA1
36b8378fbb13c5c08e9b0c71869c746a3b577be1

SHA256
57dfe5b1456c9eb9f2c8292dcc24c2efddae6b43bc1fcdb7ba90ddf06317b340

SHA512
36fcbfefc71e2b6b1fb737ab904e85059f1b536f83ab3c0e4a910bcf8a31f44ce3f6826beb16ec4c5eaec2d3f7fa7046eaa7f56a4d5af81c4ce1ffa510e77684

Download Submit
C:\Windows\system\yYHCSpw.exe

Filesize
6.0MB

MD5
343990fd1b4cebb8633cb80f507a41fa

SHA1
59926d7d7f46d42952a25084903979c675e5e5a3

SHA256
e074380a84d691277af51e1e80970fe793ba035b63fff00af69c6dec162417f6

SHA512
b058db8fe065cc9480ae3017c3d6e3d35d3300de9f317deb020f50a90c834c973fe2d54c0ec8bd53984777a3f77ff5c2f8b061381231463b5b5650108d0ced5e

Download Submit
\Windows\system\EGkzQcG.exe

Filesize
6.0MB

MD5
27b33b4382596bef6c2848fa6a605436

SHA1
2e9ceca0270980914fc2b79fb42d1d9a3b6438d6

SHA256
f29da2b9e07d47da56f28a4eaf69874dbfa1dd57955020d691b38392f3989715

SHA512
c032755172047677e443e0ace903bc9faa64d8edb7871c4cd03f4f6cd14cd364a27e6831a57b82670ebfd1954d3681a36874bc991ec8f2c992e96497a20aa302

Download Submit
\Windows\system\KNcEqtZ.exe

Filesize
6.0MB

MD5
63e01d1ca3ad2b51eab46932480bb00f

SHA1
bfbfa6136aa6782feb14f1f3166ae2a89165ab25

SHA256
e159ba10f8ef96724bd923c9c8c9ed77ae1fac267333ac90341dcbb30c9f3eb0

SHA512
4d4036606f5789f6fb0b1846a6658e1da1338fa183c73f73b9027c4b98848205549a08dde62f52909e09743aec4e3bc95ef8c52f55885922c9b9ee98f1037c7c

Download Submit
\Windows\system\MEZtczN.exe

Filesize
6.0MB

MD5
839fe1305a479076cde3ed75d3f41721

SHA1
00cecdb34a497a874f63491bc32b582df1531faa

SHA256
d6dfa907ecea1193debb85f302ed943cd19aedb8adb72298dbb928fd81e0b2f8

SHA512
567a2fafeb56a567a39b2eb83796e731277a7a2aca7bbbfc783f2595a17620138df59f45d78f07aeb8873c4a3a819211a139f3c47fffa816244a215e3d9c8527

Download Submit
\Windows\system\TWgMLlR.exe

Filesize
6.0MB

MD5
bdd422474aff5a40d493c67f6d40235c

SHA1
f71608e9fe2222e96fe9a8214cdccd4baa764a0e

SHA256
2f7eb306c0fe1f4ae1635f305d6ac71907f7b816905f2a02b7a3c040c04d3af9

SHA512
1584754d06016617e15c1106a76abecb0c903a301eda890ffafb14e6f86ff1b94d4f0c07adaa8cd02f29cee967ae31db1d601cca30cf27efa741982783f1c1ef

Download Submit
\Windows\system\UGFmSch.exe

Filesize
6.0MB

MD5
5f4b8e749b87a680148f96e425fdae53

SHA1
b602c2ff8970785a4e6d538b2f77d239a46adc03

SHA256
9294870e6fb6ad684c4ade8673141362b53e2e49e0b3c0aac9fe30901fc293e2

SHA512
468a11991cc3692a6a0c440d78c8a1642d4156357eecf62b29deec5a084015c2d5735a208bd65f831660222e0ea85f67f83d6c74a6881ca372386c34b4623f0a

Download Submit
\Windows\system\UcRorzp.exe

Filesize
6.0MB

MD5
3862f7a0e80ec2567c1feac601b755ef

SHA1
8dd4c671345cb53e8d66a57d889fc4f3ea52cf3c

SHA256
210fc073aea8bfaaf61d341f996c1e5c8ad5cb46cb266f14dc9e3bb60435b16c

SHA512
ba9baaffa5cf5595d9ea6b16c6e83e51c4fd67e39f3fe8b91cbb03b8ef8cf95ef18556344521af8cdfbf256c117adf93bd493f4d75ca85554aa1123df6ab5067

Download Submit
\Windows\system\YQCekdt.exe

Filesize
6.0MB

MD5
716b7eedb174b81e8b9cc9feb761883b

SHA1
5e4f052b60a202e2b17e4e070ac6c8a27d72aeba

SHA256
fe28dc86cce35aed32fae9f577af1f880708349c1fdaa2b00f4f5aec91837c8f

SHA512
0a33ee71c28d527e87541429e4b79d0a2f47588fcc7e0402617107a021253afb2b570c177524341042afdeeb4a6df2e5e12a57f9dbf7542beea400552b5cf1c6

Download Submit
\Windows\system\YdUnRjV.exe

Filesize
6.0MB

MD5
1518f57c5dd1fe6de11a20e2c90ac1e9

SHA1
bd4837aec657024c03abc5799b0c3941b4329b45

SHA256
a4c8635e8531f68d6db5e6a22e474fd0ae5850b91b0c2e4325ec5cfab6f513fb

SHA512
8d1f16e510506db80b9f3f8111abcb359c298cb154f0bd01f3ffe58dcda9e81c6134674ae59787e76c16223671f0aee1ccd9eea6714d612c7c1adc863c711585

Download Submit
\Windows\system\ZNMXwDv.exe

Filesize
6.0MB

MD5
554b3a2a5c7a23cf6c74b1eb57864f2f

SHA1
5a347794f99d4832350beca08949f44475537d53

SHA256
037d54730aceb6b16f146df78ed3b429de6f2610e2b78215a4c392e1c72efd76

SHA512
312b901800ca94aca1312f0cf596d267f23e4bd0da4352f815a6781dddad2d01f1b5272d52e6a5f4442a0fb59c6935f9af9fc880e896c8733f40582725c3a48e

Download Submit
\Windows\system\coqLGQW.exe

Filesize
6.0MB

MD5
742c2a41c1818ca4c3d8a18898aedfac

SHA1
37bd22567ee46027f2b1ab4776d3ea609cde0978

SHA256
c9489ab0a27d6e5f62edaeccf1ae509c64791249836ae07c71df8b755300f43e

SHA512
c1a98f2abb41790a783e2a73a1bd6214aeecf10df2b31f80129f1a394e8a28f814101706f2a21f6341085a83cca7f509210ea8848abb947d7ae43db850774b4d

Download Submit
\Windows\system\okKTfLs.exe

Filesize
6.0MB

MD5
dc0e1a3f46bf6738ad1996edbd2b2d95

SHA1
7362523dbf35137384873046e2acdca873dab52d

SHA256
727645c85ea3e4065b6ea3154f51361fcb7b60822f8240536f8adf411e15b8d8

SHA512
d99762a45b191a76965c90184bc6a9147c871c0874f74f05b4d8be9d93e1c7d582d470d0c6a811876d77afbfc5e3d76930eb36cf92a1154daa6ad53b920ab25f

Download Submit
\Windows\system\qrODDrj.exe

Filesize
6.0MB

MD5
f4ff954fbc227dc76e6aaf465a9f49d3

SHA1
6b2d21d4a2b7eaa8b88aeb45c9c49bcb92479789

SHA256
9a27f863698e4fb876d93ef9a4477dae676284f2ef7000a1229e2d1fede3485f

SHA512
4fee6080d4e4d3cb55df6d066561018286a3099e938799ba4c608a6d4945739d440f51c810d7a83ed30f242c3e3a3862acf2d7f7b6a037efd84503d4646b8f21

Download Submit
\Windows\system\ymnFxRu.exe

Filesize
6.0MB

MD5
2bb3346b4326269c3cda5e98830ee329

SHA1
85802e2c0dccd105e59e35b2580e4fae6321e5b3

SHA256
ea7aacd1d6633e10ab7462e0dce94a6032d78909da77ec329fe5508448ba5e41

SHA512
39be16291b63e231b9e707632152b1a63760fcf1c652a18a4aeaa2e5799611c1598ecbeefd059a8fed677262b4e355fc60070749b3b64b4c96fdac5ebb760d5a

Download Submit
\Windows\system\zhiPrYN.exe

Filesize
6.0MB

MD5
2aa2166d0fdbf631a63c84d4456dea93

SHA1
76ecdffe1af3317cfaeded51bfed8ffc1c3dcd05

SHA256
d3a8015b1725fb1e184268d8aa8b84dfcb16d1167e3ea657f7ad0652bb2af94f

SHA512
781937dac861f38e6628a27db3139c5c967fee8c36003f086e9c00af7f346dbaa18348e5804b1589135d6b15df2aa586e2e7e477c79cdfa8c016f4ac2af1405b

Download Submit
memory/1800-791-0x00000000025A0000-0x00000000028F4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-35-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/1800-0-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/1800-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1800-72-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1800-151-0x00000000025A0000-0x00000000028F4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-23-0x00000000025A0000-0x00000000028F4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-110-0x00000000025A0000-0x00000000028F4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-158-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-103-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-154-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-161-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1800-155-0x00000000025A0000-0x00000000028F4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-156-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1800-157-0x00000000025A0000-0x00000000028F4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-25-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-612-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/1800-159-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-45-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/1800-99-0x00000000025A0000-0x00000000028F4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-21-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/1800-160-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/1800-1067-0x00000000025A0000-0x00000000028F4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-961-0x00000000025A0000-0x00000000028F4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-885-0x00000000025A0000-0x00000000028F4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-17-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/1800-134-0x00000000025A0000-0x00000000028F4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-22-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2504-19-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3856-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-150-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-153-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3853-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3852-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2580-152-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2616-20-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3851-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3850-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-68-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-138-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3854-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2900-792-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2900-3855-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2900-37-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download