cobaltstrike | 61e553221366b2b529d24b5fc91373e8dacdd6f189f7724cd35705372845cbd1

Analysis

max time kernel
130s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 01:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

04ff638fca47d53d4c39d247d506b9c0
SHA1

ad7de80fdeb665106352fa242277a5b14c3ab515
SHA256

61e553221366b2b529d24b5fc91373e8dacdd6f189f7724cd35705372845cbd1
SHA512

ab98504393554b8bbe6e426a5f6a1971fa94caf321c0936d774e08533e73a5eac3741e872074c22a847fa3e4a9496e0836367a5e97edd4b494bb405d0a434ce4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUq:T+q56utgpPF8u/7q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015db6-19.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015e64-27.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-104.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f96-42.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001746a-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-168.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-188.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-178.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018696-159.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-163.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000018676-153.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001757f-148.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017400-135.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a6-131.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de4-121.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016db5-117.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001613e-116.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707c-84.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eb8-75.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174c3-141.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd0-69.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-124.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016334-58.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016009-51.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f3-94.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edb-92.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-81.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ed2-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015dc0-18.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1712-0-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-6.dat	xmrig
behavioral1/memory/1712-8-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2984-9-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/files/0x0008000000015db6-19.dat	xmrig
behavioral1/memory/2452-23-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015e64-27.dat	xmrig
behavioral1/files/0x0006000000017403-104.dat	xmrig
behavioral1/files/0x0007000000015f96-42.dat	xmrig
behavioral1/files/0x000600000001746a-137.dat	xmrig
behavioral1/files/0x00050000000187a2-168.dat	xmrig
behavioral1/memory/2724-1031-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2836-891-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2256-469-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x000600000001904c-188.dat	xmrig
behavioral1/files/0x0006000000018c44-178.dat	xmrig
behavioral1/files/0x0006000000018f65-184.dat	xmrig
behavioral1/files/0x0005000000018696-159.dat	xmrig
behavioral1/files/0x0006000000018c34-173.dat	xmrig
behavioral1/files/0x0005000000018697-163.dat	xmrig
behavioral1/files/0x0015000000018676-153.dat	xmrig
behavioral1/files/0x000600000001757f-148.dat	xmrig
behavioral1/files/0x0006000000017400-135.dat	xmrig
behavioral1/files/0x00060000000174a6-131.dat	xmrig
behavioral1/files/0x0006000000016de4-121.dat	xmrig
behavioral1/files/0x0006000000016db5-117.dat	xmrig
behavioral1/files/0x000700000001613e-116.dat	xmrig
behavioral1/memory/2176-113-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/1712-110-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2012-109-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/1712-108-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2652-107-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/1712-88-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/2236-87-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x000600000001707c-84.dat	xmrig
behavioral1/memory/1712-78-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x0006000000016eb8-75.dat	xmrig
behavioral1/files/0x00060000000174c3-141.dat	xmrig
behavioral1/files/0x0006000000016dd0-69.dat	xmrig
behavioral1/files/0x0006000000017488-124.dat	xmrig
behavioral1/files/0x0008000000016334-58.dat	xmrig
behavioral1/files/0x0007000000016009-51.dat	xmrig
behavioral1/files/0x00060000000173f3-94.dat	xmrig
behavioral1/files/0x0006000000016edb-92.dat	xmrig
behavioral1/files/0x0006000000016de8-81.dat	xmrig
behavioral1/memory/2724-74-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2792-65-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2836-47-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/1712-38-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2756-37-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x0007000000015ed2-33.dat	xmrig
behavioral1/memory/2256-29-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/1892-22-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015dc0-18.dat	xmrig
behavioral1/memory/2984-3299-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/1892-3298-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2452-3314-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2256-3341-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2792-3390-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2652-3389-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2236-3388-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2756-3356-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2724-3438-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2012-3435-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2984	MyYpaaY.exe
1892	KbSUIzC.exe
2452	KFpswyH.exe
2256	uDYbAeU.exe
2756	rkHHRQm.exe
2836	tNIVSWc.exe
2236	rRHrqeB.exe
2792	axiXkJg.exe
2724	VOTVHCL.exe
2652	mxZIDSE.exe
2176	hATqLJX.exe
2012	qqNlvPp.exe
2936	EJXEHXJ.exe
2168	DBuPBsF.exe
2632	XmLAOqt.exe
2784	aErGhEA.exe
1432	zwZnAgv.exe
2732	AXvADRp.exe
660	qHeNWgM.exe
748	grHbHOP.exe
2016	WBMWKhf.exe
580	LfutwGx.exe
2920	SYJYCsc.exe
1960	wPOWAzn.exe
2136	DqCeuXf.exe
2032	Egcqjvx.exe
2192	DFzKerQ.exe
2076	KWoYjsO.exe
3024	WMIcLsk.exe
2804	DFtaWug.exe
1304	XOaMXJX.exe
1812	HrWBBpV.exe
936	LuSQzDi.exe
1596	YRUVaWP.exe
2000	zcKTCgQ.exe
2928	LKmHZVO.exe
652	ndFDThx.exe
1716	EupcfTT.exe
2132	bUPlVbl.exe
1700	UAJlotI.exe
676	LHqJHzi.exe
2080	UqWsKHE.exe
2896	SAuMWEH.exe
1652	AoDDGsz.exe
2496	VTwPEmN.exe
688	RvFwdBg.exe
1744	dOLetlf.exe
876	xAFevig.exe
2536	strrhvJ.exe
2560	RZOjbvB.exe
2420	DjAXkHR.exe
1516	rFhGLtS.exe
1512	rkWSdJc.exe
2704	LMhDUYQ.exe
2728	yeYAngD.exe
2120	PzTzRVE.exe
972	ZRBqMUt.exe
2680	haxERfe.exe
2832	ZhsRQIp.exe
2816	iwAGSkR.exe
1008	FAATrEw.exe
296	oushyPl.exe
1004	uxJJOIu.exe
2932	XKTEFJk.exe

Loads dropped DLL 64 IoCs

pid	Process
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1712-0-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x0007000000012118-6.dat	upx
behavioral1/memory/2984-9-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x0008000000015db6-19.dat	upx
behavioral1/memory/2452-23-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/files/0x0008000000015e64-27.dat	upx
behavioral1/files/0x0006000000017403-104.dat	upx
behavioral1/files/0x0007000000015f96-42.dat	upx
behavioral1/files/0x000600000001746a-137.dat	upx
behavioral1/files/0x00050000000187a2-168.dat	upx
behavioral1/memory/2724-1031-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2836-891-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2256-469-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x000600000001904c-188.dat	upx
behavioral1/files/0x0006000000018c44-178.dat	upx
behavioral1/files/0x0006000000018f65-184.dat	upx
behavioral1/files/0x0005000000018696-159.dat	upx
behavioral1/files/0x0006000000018c34-173.dat	upx
behavioral1/files/0x0005000000018697-163.dat	upx
behavioral1/files/0x0015000000018676-153.dat	upx
behavioral1/files/0x000600000001757f-148.dat	upx
behavioral1/files/0x0006000000017400-135.dat	upx
behavioral1/files/0x00060000000174a6-131.dat	upx
behavioral1/files/0x0006000000016de4-121.dat	upx
behavioral1/files/0x0006000000016db5-117.dat	upx
behavioral1/files/0x000700000001613e-116.dat	upx
behavioral1/memory/2176-113-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2012-109-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2652-107-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2236-87-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x000600000001707c-84.dat	upx
behavioral1/files/0x0006000000016eb8-75.dat	upx
behavioral1/files/0x00060000000174c3-141.dat	upx
behavioral1/files/0x0006000000016dd0-69.dat	upx
behavioral1/files/0x0006000000017488-124.dat	upx
behavioral1/files/0x0008000000016334-58.dat	upx
behavioral1/files/0x0007000000016009-51.dat	upx
behavioral1/files/0x00060000000173f3-94.dat	upx
behavioral1/files/0x0006000000016edb-92.dat	upx
behavioral1/files/0x0006000000016de8-81.dat	upx
behavioral1/memory/2724-74-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2792-65-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2836-47-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/1712-38-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2756-37-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x0007000000015ed2-33.dat	upx
behavioral1/memory/2256-29-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/1892-22-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x0007000000015dc0-18.dat	upx
behavioral1/memory/2984-3299-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/1892-3298-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2452-3314-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2256-3341-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2792-3390-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2652-3389-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2236-3388-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2756-3356-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2724-3438-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2012-3435-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2176-3423-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2836-5729-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HnDCvne.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gDoaVxD.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xyuQPrh.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NzdhiNy.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ONRuYth.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DLViojy.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xzzzdIx.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPbykZQ.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MyYpaaY.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dFdJyvN.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DurQzYT.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oushyPl.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wlWKvJc.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jTilZVQ.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ekylUQI.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EznjVEL.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jiVqbre.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TWyXGDY.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UqWsKHE.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rkJPaNZ.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kROypDT.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hkFhrUf.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ADFLMCT.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DombAQW.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CCWUHvn.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OvYZAiP.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dWXaAIC.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SyXjFlm.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KBiUxUQ.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NnnZbrM.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VczNVaF.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YPFqdxn.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JYAmBbn.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ElrfATJ.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MskvWeJ.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vgnMYDQ.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\faqnbUz.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XVZnJaM.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ReGsqcU.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mUuauZG.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XZIIybC.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sjbrhKd.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cboUrWv.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kEHuRpc.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oksvDfN.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ORolplW.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nMLOCLe.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pAAaNKe.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QiEuxwA.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUVnnqW.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AOIgxWw.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LFKRlcm.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HeTghnB.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aKvBHfv.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZQrTVi.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hcYNCBs.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HOfTCwE.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tUPYSSU.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ufhViNH.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OUfoaso.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bhOuDob.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NZJXtNe.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfzpeIu.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ivDhVVK.exe	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2984	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1712 wrote to memory of 2984	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1712 wrote to memory of 2984	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1712 wrote to memory of 2452	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1712 wrote to memory of 2452	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1712 wrote to memory of 2452	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1712 wrote to memory of 1892	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1712 wrote to memory of 1892	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1712 wrote to memory of 1892	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1712 wrote to memory of 2256	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1712 wrote to memory of 2256	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1712 wrote to memory of 2256	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1712 wrote to memory of 2756	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1712 wrote to memory of 2756	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1712 wrote to memory of 2756	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1712 wrote to memory of 2836	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1712 wrote to memory of 2836	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1712 wrote to memory of 2836	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1712 wrote to memory of 2236	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1712 wrote to memory of 2236	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1712 wrote to memory of 2236	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1712 wrote to memory of 2168	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1712 wrote to memory of 2168	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1712 wrote to memory of 2168	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1712 wrote to memory of 2792	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1712 wrote to memory of 2792	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1712 wrote to memory of 2792	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1712 wrote to memory of 2632	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1712 wrote to memory of 2632	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1712 wrote to memory of 2632	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1712 wrote to memory of 2724	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1712 wrote to memory of 2724	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1712 wrote to memory of 2724	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1712 wrote to memory of 2784	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1712 wrote to memory of 2784	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1712 wrote to memory of 2784	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1712 wrote to memory of 2652	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1712 wrote to memory of 2652	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1712 wrote to memory of 2652	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1712 wrote to memory of 2732	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1712 wrote to memory of 2732	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1712 wrote to memory of 2732	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1712 wrote to memory of 2176	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1712 wrote to memory of 2176	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1712 wrote to memory of 2176	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1712 wrote to memory of 660	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1712 wrote to memory of 660	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1712 wrote to memory of 660	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1712 wrote to memory of 2012	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1712 wrote to memory of 2012	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1712 wrote to memory of 2012	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1712 wrote to memory of 748	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1712 wrote to memory of 748	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1712 wrote to memory of 748	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1712 wrote to memory of 2936	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1712 wrote to memory of 2936	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1712 wrote to memory of 2936	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1712 wrote to memory of 2016	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1712 wrote to memory of 2016	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1712 wrote to memory of 2016	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1712 wrote to memory of 1432	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1712 wrote to memory of 1432	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1712 wrote to memory of 1432	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1712 wrote to memory of 2920	1712	2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-25_04ff638fca47d53d4c39d247d506b9c0_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\System\MyYpaaY.exe
  C:\Windows\System\MyYpaaY.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\KFpswyH.exe
  C:\Windows\System\KFpswyH.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\KbSUIzC.exe
  C:\Windows\System\KbSUIzC.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\uDYbAeU.exe
  C:\Windows\System\uDYbAeU.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\rkHHRQm.exe
  C:\Windows\System\rkHHRQm.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\tNIVSWc.exe
  C:\Windows\System\tNIVSWc.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\rRHrqeB.exe
  C:\Windows\System\rRHrqeB.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\DBuPBsF.exe
  C:\Windows\System\DBuPBsF.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\axiXkJg.exe
  C:\Windows\System\axiXkJg.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\XmLAOqt.exe
  C:\Windows\System\XmLAOqt.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\VOTVHCL.exe
  C:\Windows\System\VOTVHCL.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\aErGhEA.exe
  C:\Windows\System\aErGhEA.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\mxZIDSE.exe
  C:\Windows\System\mxZIDSE.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\AXvADRp.exe
  C:\Windows\System\AXvADRp.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\hATqLJX.exe
  C:\Windows\System\hATqLJX.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\qHeNWgM.exe
  C:\Windows\System\qHeNWgM.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\qqNlvPp.exe
  C:\Windows\System\qqNlvPp.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\grHbHOP.exe
  C:\Windows\System\grHbHOP.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\EJXEHXJ.exe
  C:\Windows\System\EJXEHXJ.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\WBMWKhf.exe
  C:\Windows\System\WBMWKhf.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\zwZnAgv.exe
  C:\Windows\System\zwZnAgv.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\SYJYCsc.exe
  C:\Windows\System\SYJYCsc.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\LfutwGx.exe
  C:\Windows\System\LfutwGx.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\wPOWAzn.exe
  C:\Windows\System\wPOWAzn.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\DqCeuXf.exe
  C:\Windows\System\DqCeuXf.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\Egcqjvx.exe
  C:\Windows\System\Egcqjvx.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\DFzKerQ.exe
  C:\Windows\System\DFzKerQ.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\KWoYjsO.exe
  C:\Windows\System\KWoYjsO.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\WMIcLsk.exe
  C:\Windows\System\WMIcLsk.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\DFtaWug.exe
  C:\Windows\System\DFtaWug.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\XOaMXJX.exe
  C:\Windows\System\XOaMXJX.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\HrWBBpV.exe
  C:\Windows\System\HrWBBpV.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\LuSQzDi.exe
  C:\Windows\System\LuSQzDi.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\zcKTCgQ.exe
  C:\Windows\System\zcKTCgQ.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\YRUVaWP.exe
  C:\Windows\System\YRUVaWP.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\LKmHZVO.exe
  C:\Windows\System\LKmHZVO.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\ndFDThx.exe
  C:\Windows\System\ndFDThx.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\EupcfTT.exe
  C:\Windows\System\EupcfTT.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\bUPlVbl.exe
  C:\Windows\System\bUPlVbl.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\UAJlotI.exe
  C:\Windows\System\UAJlotI.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\LHqJHzi.exe
  C:\Windows\System\LHqJHzi.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\UqWsKHE.exe
  C:\Windows\System\UqWsKHE.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\SAuMWEH.exe
  C:\Windows\System\SAuMWEH.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\AoDDGsz.exe
  C:\Windows\System\AoDDGsz.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\VTwPEmN.exe
  C:\Windows\System\VTwPEmN.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\RvFwdBg.exe
  C:\Windows\System\RvFwdBg.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\dOLetlf.exe
  C:\Windows\System\dOLetlf.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\xAFevig.exe
  C:\Windows\System\xAFevig.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\strrhvJ.exe
  C:\Windows\System\strrhvJ.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\RZOjbvB.exe
  C:\Windows\System\RZOjbvB.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\DjAXkHR.exe
  C:\Windows\System\DjAXkHR.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\rkWSdJc.exe
  C:\Windows\System\rkWSdJc.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\rFhGLtS.exe
  C:\Windows\System\rFhGLtS.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\ZRBqMUt.exe
  C:\Windows\System\ZRBqMUt.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\LMhDUYQ.exe
  C:\Windows\System\LMhDUYQ.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\ZhsRQIp.exe
  C:\Windows\System\ZhsRQIp.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\yeYAngD.exe
  C:\Windows\System\yeYAngD.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\FAATrEw.exe
  C:\Windows\System\FAATrEw.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\PzTzRVE.exe
  C:\Windows\System\PzTzRVE.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\uxJJOIu.exe
  C:\Windows\System\uxJJOIu.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\haxERfe.exe
  C:\Windows\System\haxERfe.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\IyuQZfm.exe
  C:\Windows\System\IyuQZfm.exe
  2⤵
  PID:2188
- C:\Windows\System\iwAGSkR.exe
  C:\Windows\System\iwAGSkR.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\JYTVCvT.exe
  C:\Windows\System\JYTVCvT.exe
  2⤵
  PID:2620
- C:\Windows\System\oushyPl.exe
  C:\Windows\System\oushyPl.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\ZWtpIOY.exe
  C:\Windows\System\ZWtpIOY.exe
  2⤵
  PID:2860
- C:\Windows\System\XKTEFJk.exe
  C:\Windows\System\XKTEFJk.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\rRLhkMB.exe
  C:\Windows\System\rRLhkMB.exe
  2⤵
  PID:1396
- C:\Windows\System\YAYhXlO.exe
  C:\Windows\System\YAYhXlO.exe
  2⤵
  PID:1068
- C:\Windows\System\bTNmasj.exe
  C:\Windows\System\bTNmasj.exe
  2⤵
  PID:2444
- C:\Windows\System\NShcxin.exe
  C:\Windows\System\NShcxin.exe
  2⤵
  PID:444
- C:\Windows\System\dEFINEW.exe
  C:\Windows\System\dEFINEW.exe
  2⤵
  PID:1528
- C:\Windows\System\kcWngZg.exe
  C:\Windows\System\kcWngZg.exe
  2⤵
  PID:1656
- C:\Windows\System\VeDrjhk.exe
  C:\Windows\System\VeDrjhk.exe
  2⤵
  PID:1448
- C:\Windows\System\NlSBgMj.exe
  C:\Windows\System\NlSBgMj.exe
  2⤵
  PID:2252
- C:\Windows\System\wigmzTm.exe
  C:\Windows\System\wigmzTm.exe
  2⤵
  PID:736
- C:\Windows\System\tIpZkOh.exe
  C:\Windows\System\tIpZkOh.exe
  2⤵
  PID:2292
- C:\Windows\System\TbPAhlu.exe
  C:\Windows\System\TbPAhlu.exe
  2⤵
  PID:1368
- C:\Windows\System\iObFghO.exe
  C:\Windows\System\iObFghO.exe
  2⤵
  PID:2088
- C:\Windows\System\NwKsccy.exe
  C:\Windows\System\NwKsccy.exe
  2⤵
  PID:2232
- C:\Windows\System\faiEyNE.exe
  C:\Windows\System\faiEyNE.exe
  2⤵
  PID:1484
- C:\Windows\System\RJmckme.exe
  C:\Windows\System\RJmckme.exe
  2⤵
  PID:2788
- C:\Windows\System\iWNSghi.exe
  C:\Windows\System\iWNSghi.exe
  2⤵
  PID:2692
- C:\Windows\System\iJNqzSA.exe
  C:\Windows\System\iJNqzSA.exe
  2⤵
  PID:1412
- C:\Windows\System\dTEUSsL.exe
  C:\Windows\System\dTEUSsL.exe
  2⤵
  PID:1956
- C:\Windows\System\lajUNmh.exe
  C:\Windows\System\lajUNmh.exe
  2⤵
  PID:1868
- C:\Windows\System\qFRdjvG.exe
  C:\Windows\System\qFRdjvG.exe
  2⤵
  PID:1616
- C:\Windows\System\cPQuhxq.exe
  C:\Windows\System\cPQuhxq.exe
  2⤵
  PID:2864
- C:\Windows\System\TJIfJsn.exe
  C:\Windows\System\TJIfJsn.exe
  2⤵
  PID:2968
- C:\Windows\System\JqjyOoW.exe
  C:\Windows\System\JqjyOoW.exe
  2⤵
  PID:1928
- C:\Windows\System\WSqDecq.exe
  C:\Windows\System\WSqDecq.exe
  2⤵
  PID:2596
- C:\Windows\System\GobZkJk.exe
  C:\Windows\System\GobZkJk.exe
  2⤵
  PID:1072
- C:\Windows\System\zsudBVu.exe
  C:\Windows\System\zsudBVu.exe
  2⤵
  PID:2828
- C:\Windows\System\fWKOwHV.exe
  C:\Windows\System\fWKOwHV.exe
  2⤵
  PID:1900
- C:\Windows\System\AkWmLml.exe
  C:\Windows\System\AkWmLml.exe
  2⤵
  PID:1580
- C:\Windows\System\TsgnDMb.exe
  C:\Windows\System\TsgnDMb.exe
  2⤵
  PID:1932
- C:\Windows\System\Noasnjy.exe
  C:\Windows\System\Noasnjy.exe
  2⤵
  PID:1880
- C:\Windows\System\VACejDp.exe
  C:\Windows\System\VACejDp.exe
  2⤵
  PID:3088
- C:\Windows\System\kmEOYYe.exe
  C:\Windows\System\kmEOYYe.exe
  2⤵
  PID:3108
- C:\Windows\System\eunOoTB.exe
  C:\Windows\System\eunOoTB.exe
  2⤵
  PID:3128
- C:\Windows\System\RVcEDzH.exe
  C:\Windows\System\RVcEDzH.exe
  2⤵
  PID:3148
- C:\Windows\System\diJGuAZ.exe
  C:\Windows\System\diJGuAZ.exe
  2⤵
  PID:3168
- C:\Windows\System\tBezGrt.exe
  C:\Windows\System\tBezGrt.exe
  2⤵
  PID:3188
- C:\Windows\System\lpwLAqa.exe
  C:\Windows\System\lpwLAqa.exe
  2⤵
  PID:3208
- C:\Windows\System\mBzEjQA.exe
  C:\Windows\System\mBzEjQA.exe
  2⤵
  PID:3228
- C:\Windows\System\LimLJHS.exe
  C:\Windows\System\LimLJHS.exe
  2⤵
  PID:3248
- C:\Windows\System\DcTjRIi.exe
  C:\Windows\System\DcTjRIi.exe
  2⤵
  PID:3268
- C:\Windows\System\raNaton.exe
  C:\Windows\System\raNaton.exe
  2⤵
  PID:3288
- C:\Windows\System\yRrKdpK.exe
  C:\Windows\System\yRrKdpK.exe
  2⤵
  PID:3308
- C:\Windows\System\xTKPYhj.exe
  C:\Windows\System\xTKPYhj.exe
  2⤵
  PID:3328
- C:\Windows\System\pepYtsq.exe
  C:\Windows\System\pepYtsq.exe
  2⤵
  PID:3348
- C:\Windows\System\UaahPXI.exe
  C:\Windows\System\UaahPXI.exe
  2⤵
  PID:3368
- C:\Windows\System\vzryXkI.exe
  C:\Windows\System\vzryXkI.exe
  2⤵
  PID:3388
- C:\Windows\System\VJRZIzw.exe
  C:\Windows\System\VJRZIzw.exe
  2⤵
  PID:3408
- C:\Windows\System\wrxtxUL.exe
  C:\Windows\System\wrxtxUL.exe
  2⤵
  PID:3428
- C:\Windows\System\NSxeUAM.exe
  C:\Windows\System\NSxeUAM.exe
  2⤵
  PID:3448
- C:\Windows\System\qVCKXrp.exe
  C:\Windows\System\qVCKXrp.exe
  2⤵
  PID:3468
- C:\Windows\System\WcivdJy.exe
  C:\Windows\System\WcivdJy.exe
  2⤵
  PID:3488
- C:\Windows\System\qOhuYCL.exe
  C:\Windows\System\qOhuYCL.exe
  2⤵
  PID:3508
- C:\Windows\System\twljSqM.exe
  C:\Windows\System\twljSqM.exe
  2⤵
  PID:3528
- C:\Windows\System\aWfTbXw.exe
  C:\Windows\System\aWfTbXw.exe
  2⤵
  PID:3548
- C:\Windows\System\rOEHEaU.exe
  C:\Windows\System\rOEHEaU.exe
  2⤵
  PID:3568
- C:\Windows\System\oksvDfN.exe
  C:\Windows\System\oksvDfN.exe
  2⤵
  PID:3588
- C:\Windows\System\aEJERSO.exe
  C:\Windows\System\aEJERSO.exe
  2⤵
  PID:3608
- C:\Windows\System\dwSHjwB.exe
  C:\Windows\System\dwSHjwB.exe
  2⤵
  PID:3628
- C:\Windows\System\xbBazdB.exe
  C:\Windows\System\xbBazdB.exe
  2⤵
  PID:3652
- C:\Windows\System\OzLIlDu.exe
  C:\Windows\System\OzLIlDu.exe
  2⤵
  PID:3672
- C:\Windows\System\GOZGmMb.exe
  C:\Windows\System\GOZGmMb.exe
  2⤵
  PID:3692
- C:\Windows\System\plqRtmF.exe
  C:\Windows\System\plqRtmF.exe
  2⤵
  PID:3712
- C:\Windows\System\ORolplW.exe
  C:\Windows\System\ORolplW.exe
  2⤵
  PID:3732
- C:\Windows\System\GOjeTTY.exe
  C:\Windows\System\GOjeTTY.exe
  2⤵
  PID:3752
- C:\Windows\System\ReGsqcU.exe
  C:\Windows\System\ReGsqcU.exe
  2⤵
  PID:3772
- C:\Windows\System\vlZaKIM.exe
  C:\Windows\System\vlZaKIM.exe
  2⤵
  PID:3792
- C:\Windows\System\GNggMrd.exe
  C:\Windows\System\GNggMrd.exe
  2⤵
  PID:3812
- C:\Windows\System\ryRdTLM.exe
  C:\Windows\System\ryRdTLM.exe
  2⤵
  PID:3832
- C:\Windows\System\pUvIeNY.exe
  C:\Windows\System\pUvIeNY.exe
  2⤵
  PID:3852
- C:\Windows\System\vywQNzT.exe
  C:\Windows\System\vywQNzT.exe
  2⤵
  PID:3872
- C:\Windows\System\trFOEPt.exe
  C:\Windows\System\trFOEPt.exe
  2⤵
  PID:3892
- C:\Windows\System\LhxDKjg.exe
  C:\Windows\System\LhxDKjg.exe
  2⤵
  PID:3912
- C:\Windows\System\rwDzzrI.exe
  C:\Windows\System\rwDzzrI.exe
  2⤵
  PID:3932
- C:\Windows\System\dpnxJts.exe
  C:\Windows\System\dpnxJts.exe
  2⤵
  PID:3952
- C:\Windows\System\GudJZqO.exe
  C:\Windows\System\GudJZqO.exe
  2⤵
  PID:3972
- C:\Windows\System\MfswCcV.exe
  C:\Windows\System\MfswCcV.exe
  2⤵
  PID:3992
- C:\Windows\System\yDkuSvc.exe
  C:\Windows\System\yDkuSvc.exe
  2⤵
  PID:4012
- C:\Windows\System\oJFAEQn.exe
  C:\Windows\System\oJFAEQn.exe
  2⤵
  PID:4032
- C:\Windows\System\xAIbiCh.exe
  C:\Windows\System\xAIbiCh.exe
  2⤵
  PID:4052
- C:\Windows\System\ONRuYth.exe
  C:\Windows\System\ONRuYth.exe
  2⤵
  PID:4072
- C:\Windows\System\dQuqJYA.exe
  C:\Windows\System\dQuqJYA.exe
  2⤵
  PID:4092
- C:\Windows\System\eDTTtfh.exe
  C:\Windows\System\eDTTtfh.exe
  2⤵
  PID:2392
- C:\Windows\System\wMuJZSe.exe
  C:\Windows\System\wMuJZSe.exe
  2⤵
  PID:2304
- C:\Windows\System\Juuqoyf.exe
  C:\Windows\System\Juuqoyf.exe
  2⤵
  PID:3032
- C:\Windows\System\XQxiuKC.exe
  C:\Windows\System\XQxiuKC.exe
  2⤵
  PID:2216
- C:\Windows\System\WkYcqsC.exe
  C:\Windows\System\WkYcqsC.exe
  2⤵
  PID:2368
- C:\Windows\System\pNCphMB.exe
  C:\Windows\System\pNCphMB.exe
  2⤵
  PID:2528
- C:\Windows\System\cwtmVwe.exe
  C:\Windows\System\cwtmVwe.exe
  2⤵
  PID:1076
- C:\Windows\System\KTnKQve.exe
  C:\Windows\System\KTnKQve.exe
  2⤵
  PID:2992
- C:\Windows\System\uNjlbZa.exe
  C:\Windows\System\uNjlbZa.exe
  2⤵
  PID:2684
- C:\Windows\System\YiNADJx.exe
  C:\Windows\System\YiNADJx.exe
  2⤵
  PID:1540
- C:\Windows\System\uZbokIm.exe
  C:\Windows\System\uZbokIm.exe
  2⤵
  PID:2460
- C:\Windows\System\eCMXxbJ.exe
  C:\Windows\System\eCMXxbJ.exe
  2⤵
  PID:1996
- C:\Windows\System\VxipMta.exe
  C:\Windows\System\VxipMta.exe
  2⤵
  PID:684
- C:\Windows\System\JJgrISE.exe
  C:\Windows\System\JJgrISE.exe
  2⤵
  PID:3096
- C:\Windows\System\uVchKBW.exe
  C:\Windows\System\uVchKBW.exe
  2⤵
  PID:3120
- C:\Windows\System\KldRJWg.exe
  C:\Windows\System\KldRJWg.exe
  2⤵
  PID:3140
- C:\Windows\System\lYWcvcL.exe
  C:\Windows\System\lYWcvcL.exe
  2⤵
  PID:3184
- C:\Windows\System\mqegTqf.exe
  C:\Windows\System\mqegTqf.exe
  2⤵
  PID:3244
- C:\Windows\System\HtiDxNj.exe
  C:\Windows\System\HtiDxNj.exe
  2⤵
  PID:3284
- C:\Windows\System\VxREFyt.exe
  C:\Windows\System\VxREFyt.exe
  2⤵
  PID:3296
- C:\Windows\System\YfZjqvF.exe
  C:\Windows\System\YfZjqvF.exe
  2⤵
  PID:3356
- C:\Windows\System\sNzcQDp.exe
  C:\Windows\System\sNzcQDp.exe
  2⤵
  PID:3340
- C:\Windows\System\ClLhJJy.exe
  C:\Windows\System\ClLhJJy.exe
  2⤵
  PID:3404
- C:\Windows\System\JHsdWVi.exe
  C:\Windows\System\JHsdWVi.exe
  2⤵
  PID:3424
- C:\Windows\System\GVFLett.exe
  C:\Windows\System\GVFLett.exe
  2⤵
  PID:3476
- C:\Windows\System\kKAGFLE.exe
  C:\Windows\System\kKAGFLE.exe
  2⤵
  PID:3496
- C:\Windows\System\ZNtUvBL.exe
  C:\Windows\System\ZNtUvBL.exe
  2⤵
  PID:3520
- C:\Windows\System\GmiKzQB.exe
  C:\Windows\System\GmiKzQB.exe
  2⤵
  PID:3564
- C:\Windows\System\GcciTiO.exe
  C:\Windows\System\GcciTiO.exe
  2⤵
  PID:3584
- C:\Windows\System\ALTayvA.exe
  C:\Windows\System\ALTayvA.exe
  2⤵
  PID:3624
- C:\Windows\System\DMRLyIW.exe
  C:\Windows\System\DMRLyIW.exe
  2⤵
  PID:3680
- C:\Windows\System\ufRPxug.exe
  C:\Windows\System\ufRPxug.exe
  2⤵
  PID:3700
- C:\Windows\System\AeKtvAK.exe
  C:\Windows\System\AeKtvAK.exe
  2⤵
  PID:3724
- C:\Windows\System\SEDoxoO.exe
  C:\Windows\System\SEDoxoO.exe
  2⤵
  PID:3768
- C:\Windows\System\lDiVTee.exe
  C:\Windows\System\lDiVTee.exe
  2⤵
  PID:3784
- C:\Windows\System\TrqbLPA.exe
  C:\Windows\System\TrqbLPA.exe
  2⤵
  PID:3824
- C:\Windows\System\pBqGRTd.exe
  C:\Windows\System\pBqGRTd.exe
  2⤵
  PID:3868
- C:\Windows\System\LqkNFUh.exe
  C:\Windows\System\LqkNFUh.exe
  2⤵
  PID:3900
- C:\Windows\System\OvYZAiP.exe
  C:\Windows\System\OvYZAiP.exe
  2⤵
  PID:3924
- C:\Windows\System\NWmrOwJ.exe
  C:\Windows\System\NWmrOwJ.exe
  2⤵
  PID:3968
- C:\Windows\System\Lcnztsp.exe
  C:\Windows\System\Lcnztsp.exe
  2⤵
  PID:3984
- C:\Windows\System\VLUiMQa.exe
  C:\Windows\System\VLUiMQa.exe
  2⤵
  PID:4028
- C:\Windows\System\iObDBNv.exe
  C:\Windows\System\iObDBNv.exe
  2⤵
  PID:4060
- C:\Windows\System\qJreXlw.exe
  C:\Windows\System\qJreXlw.exe
  2⤵
  PID:892
- C:\Windows\System\joFPROA.exe
  C:\Windows\System\joFPROA.exe
  2⤵
  PID:324
- C:\Windows\System\xhPrOgG.exe
  C:\Windows\System\xhPrOgG.exe
  2⤵
  PID:2396
- C:\Windows\System\obqTEkM.exe
  C:\Windows\System\obqTEkM.exe
  2⤵
  PID:1756
- C:\Windows\System\mbPAOaa.exe
  C:\Windows\System\mbPAOaa.exe
  2⤵
  PID:316
- C:\Windows\System\MYJtEgq.exe
  C:\Windows\System\MYJtEgq.exe
  2⤵
  PID:1216
- C:\Windows\System\dWXaAIC.exe
  C:\Windows\System\dWXaAIC.exe
  2⤵
  PID:2204
- C:\Windows\System\tqNmTWc.exe
  C:\Windows\System\tqNmTWc.exe
  2⤵
  PID:3076
- C:\Windows\System\kzAKeBY.exe
  C:\Windows\System\kzAKeBY.exe
  2⤵
  PID:3116
- C:\Windows\System\GIvelOZ.exe
  C:\Windows\System\GIvelOZ.exe
  2⤵
  PID:3156
- C:\Windows\System\vXXWhhi.exe
  C:\Windows\System\vXXWhhi.exe
  2⤵
  PID:3236
- C:\Windows\System\XPrwfJi.exe
  C:\Windows\System\XPrwfJi.exe
  2⤵
  PID:3240
- C:\Windows\System\GRXxehl.exe
  C:\Windows\System\GRXxehl.exe
  2⤵
  PID:3324
- C:\Windows\System\ArwXuQb.exe
  C:\Windows\System\ArwXuQb.exe
  2⤵
  PID:3396
- C:\Windows\System\KRjPvVx.exe
  C:\Windows\System\KRjPvVx.exe
  2⤵
  PID:3444
- C:\Windows\System\ajfkTTW.exe
  C:\Windows\System\ajfkTTW.exe
  2⤵
  PID:3484
- C:\Windows\System\pAiyhqH.exe
  C:\Windows\System\pAiyhqH.exe
  2⤵
  PID:3504
- C:\Windows\System\OoAVPpx.exe
  C:\Windows\System\OoAVPpx.exe
  2⤵
  PID:3600
- C:\Windows\System\mwFdoSh.exe
  C:\Windows\System\mwFdoSh.exe
  2⤵
  PID:3684
- C:\Windows\System\YpdENFJ.exe
  C:\Windows\System\YpdENFJ.exe
  2⤵
  PID:3748
- C:\Windows\System\JzVvlUL.exe
  C:\Windows\System\JzVvlUL.exe
  2⤵
  PID:3804
- C:\Windows\System\UWIOLzE.exe
  C:\Windows\System\UWIOLzE.exe
  2⤵
  PID:3820
- C:\Windows\System\ehSfYne.exe
  C:\Windows\System\ehSfYne.exe
  2⤵
  PID:4104
- C:\Windows\System\VrzMUaP.exe
  C:\Windows\System\VrzMUaP.exe
  2⤵
  PID:4124
- C:\Windows\System\walkMrn.exe
  C:\Windows\System\walkMrn.exe
  2⤵
  PID:4144
- C:\Windows\System\uXEFpkU.exe
  C:\Windows\System\uXEFpkU.exe
  2⤵
  PID:4164
- C:\Windows\System\DSrfkox.exe
  C:\Windows\System\DSrfkox.exe
  2⤵
  PID:4184
- C:\Windows\System\DHKoQQW.exe
  C:\Windows\System\DHKoQQW.exe
  2⤵
  PID:4204
- C:\Windows\System\dxsoaSz.exe
  C:\Windows\System\dxsoaSz.exe
  2⤵
  PID:4224
- C:\Windows\System\HgfbhZO.exe
  C:\Windows\System\HgfbhZO.exe
  2⤵
  PID:4244
- C:\Windows\System\AapuJNc.exe
  C:\Windows\System\AapuJNc.exe
  2⤵
  PID:4264
- C:\Windows\System\MZGLfIW.exe
  C:\Windows\System\MZGLfIW.exe
  2⤵
  PID:4284
- C:\Windows\System\CuQynKN.exe
  C:\Windows\System\CuQynKN.exe
  2⤵
  PID:4304
- C:\Windows\System\IiYrkYV.exe
  C:\Windows\System\IiYrkYV.exe
  2⤵
  PID:4324
- C:\Windows\System\jIyyRpY.exe
  C:\Windows\System\jIyyRpY.exe
  2⤵
  PID:4344
- C:\Windows\System\TBGoLuD.exe
  C:\Windows\System\TBGoLuD.exe
  2⤵
  PID:4364
- C:\Windows\System\lQwZsOe.exe
  C:\Windows\System\lQwZsOe.exe
  2⤵
  PID:4384
- C:\Windows\System\AXsXcSA.exe
  C:\Windows\System\AXsXcSA.exe
  2⤵
  PID:4404
- C:\Windows\System\GBwCbhI.exe
  C:\Windows\System\GBwCbhI.exe
  2⤵
  PID:4424
- C:\Windows\System\RpGDOFN.exe
  C:\Windows\System\RpGDOFN.exe
  2⤵
  PID:4444
- C:\Windows\System\OymIxCd.exe
  C:\Windows\System\OymIxCd.exe
  2⤵
  PID:4464
- C:\Windows\System\bhhbKzF.exe
  C:\Windows\System\bhhbKzF.exe
  2⤵
  PID:4484
- C:\Windows\System\YxOUfPx.exe
  C:\Windows\System\YxOUfPx.exe
  2⤵
  PID:4504
- C:\Windows\System\rUnJkIK.exe
  C:\Windows\System\rUnJkIK.exe
  2⤵
  PID:4524
- C:\Windows\System\sIVlqsB.exe
  C:\Windows\System\sIVlqsB.exe
  2⤵
  PID:4544
- C:\Windows\System\filnbnR.exe
  C:\Windows\System\filnbnR.exe
  2⤵
  PID:4564
- C:\Windows\System\ENHTcbl.exe
  C:\Windows\System\ENHTcbl.exe
  2⤵
  PID:4584
- C:\Windows\System\drqojjs.exe
  C:\Windows\System\drqojjs.exe
  2⤵
  PID:4604
- C:\Windows\System\qbxyjAj.exe
  C:\Windows\System\qbxyjAj.exe
  2⤵
  PID:4624
- C:\Windows\System\CNWzKNw.exe
  C:\Windows\System\CNWzKNw.exe
  2⤵
  PID:4644
- C:\Windows\System\EPPtErB.exe
  C:\Windows\System\EPPtErB.exe
  2⤵
  PID:4664
- C:\Windows\System\tPlfjkS.exe
  C:\Windows\System\tPlfjkS.exe
  2⤵
  PID:4688
- C:\Windows\System\MoioVBm.exe
  C:\Windows\System\MoioVBm.exe
  2⤵
  PID:4708
- C:\Windows\System\gCpSUen.exe
  C:\Windows\System\gCpSUen.exe
  2⤵
  PID:4728
- C:\Windows\System\TnWmfQW.exe
  C:\Windows\System\TnWmfQW.exe
  2⤵
  PID:4748
- C:\Windows\System\csUlzrT.exe
  C:\Windows\System\csUlzrT.exe
  2⤵
  PID:4768
- C:\Windows\System\rFpjFzx.exe
  C:\Windows\System\rFpjFzx.exe
  2⤵
  PID:4788
- C:\Windows\System\JXDupQs.exe
  C:\Windows\System\JXDupQs.exe
  2⤵
  PID:4808
- C:\Windows\System\iwzSaeg.exe
  C:\Windows\System\iwzSaeg.exe
  2⤵
  PID:4828
- C:\Windows\System\nMLOCLe.exe
  C:\Windows\System\nMLOCLe.exe
  2⤵
  PID:4848
- C:\Windows\System\Rgrzdlb.exe
  C:\Windows\System\Rgrzdlb.exe
  2⤵
  PID:4868
- C:\Windows\System\TdHzTUa.exe
  C:\Windows\System\TdHzTUa.exe
  2⤵
  PID:4888
- C:\Windows\System\abAezFH.exe
  C:\Windows\System\abAezFH.exe
  2⤵
  PID:4908
- C:\Windows\System\eocWjQL.exe
  C:\Windows\System\eocWjQL.exe
  2⤵
  PID:4928
- C:\Windows\System\TioYzNu.exe
  C:\Windows\System\TioYzNu.exe
  2⤵
  PID:4948
- C:\Windows\System\UDaJAYj.exe
  C:\Windows\System\UDaJAYj.exe
  2⤵
  PID:4972
- C:\Windows\System\aPgMrCG.exe
  C:\Windows\System\aPgMrCG.exe
  2⤵
  PID:4992
- C:\Windows\System\sjInalS.exe
  C:\Windows\System\sjInalS.exe
  2⤵
  PID:5012
- C:\Windows\System\UMAVgRk.exe
  C:\Windows\System\UMAVgRk.exe
  2⤵
  PID:5032
- C:\Windows\System\TRPHqzC.exe
  C:\Windows\System\TRPHqzC.exe
  2⤵
  PID:5052
- C:\Windows\System\rPIpbez.exe
  C:\Windows\System\rPIpbez.exe
  2⤵
  PID:5072
- C:\Windows\System\LiWAxef.exe
  C:\Windows\System\LiWAxef.exe
  2⤵
  PID:5092
- C:\Windows\System\kWknvUF.exe
  C:\Windows\System\kWknvUF.exe
  2⤵
  PID:5112
- C:\Windows\System\pVDQzDP.exe
  C:\Windows\System\pVDQzDP.exe
  2⤵
  PID:3908
- C:\Windows\System\DErSqfJ.exe
  C:\Windows\System\DErSqfJ.exe
  2⤵
  PID:3948
- C:\Windows\System\dPwUxbS.exe
  C:\Windows\System\dPwUxbS.exe
  2⤵
  PID:3980
- C:\Windows\System\FuEjCxK.exe
  C:\Windows\System\FuEjCxK.exe
  2⤵
  PID:4044
- C:\Windows\System\BnNYwLQ.exe
  C:\Windows\System\BnNYwLQ.exe
  2⤵
  PID:1508
- C:\Windows\System\JgrVopE.exe
  C:\Windows\System\JgrVopE.exe
  2⤵
  PID:1552
- C:\Windows\System\QwCdOtW.exe
  C:\Windows\System\QwCdOtW.exe
  2⤵
  PID:1176
- C:\Windows\System\mmHhHEU.exe
  C:\Windows\System\mmHhHEU.exe
  2⤵
  PID:556
- C:\Windows\System\DLViojy.exe
  C:\Windows\System\DLViojy.exe
  2⤵
  PID:3080
- C:\Windows\System\ufhViNH.exe
  C:\Windows\System\ufhViNH.exe
  2⤵
  PID:3200
- C:\Windows\System\ojoayRx.exe
  C:\Windows\System\ojoayRx.exe
  2⤵
  PID:3276
- C:\Windows\System\kNBtgeS.exe
  C:\Windows\System\kNBtgeS.exe
  2⤵
  PID:3376
- C:\Windows\System\dylqqRL.exe
  C:\Windows\System\dylqqRL.exe
  2⤵
  PID:3500
- C:\Windows\System\dubJVWx.exe
  C:\Windows\System\dubJVWx.exe
  2⤵
  PID:3596
- C:\Windows\System\YgmKZsS.exe
  C:\Windows\System\YgmKZsS.exe
  2⤵
  PID:3644
- C:\Windows\System\nagEZst.exe
  C:\Windows\System\nagEZst.exe
  2⤵
  PID:3744
- C:\Windows\System\eRJkmHt.exe
  C:\Windows\System\eRJkmHt.exe
  2⤵
  PID:3860
- C:\Windows\System\eskzLPy.exe
  C:\Windows\System\eskzLPy.exe
  2⤵
  PID:948
- C:\Windows\System\NxDkAYY.exe
  C:\Windows\System\NxDkAYY.exe
  2⤵
  PID:4152
- C:\Windows\System\hznauvz.exe
  C:\Windows\System\hznauvz.exe
  2⤵
  PID:4176
- C:\Windows\System\fUGUzlc.exe
  C:\Windows\System\fUGUzlc.exe
  2⤵
  PID:4220
- C:\Windows\System\BhuwxHG.exe
  C:\Windows\System\BhuwxHG.exe
  2⤵
  PID:4260
- C:\Windows\System\WmRTVet.exe
  C:\Windows\System\WmRTVet.exe
  2⤵
  PID:4292
- C:\Windows\System\FgCMywK.exe
  C:\Windows\System\FgCMywK.exe
  2⤵
  PID:4320
- C:\Windows\System\PTrpOlj.exe
  C:\Windows\System\PTrpOlj.exe
  2⤵
  PID:4352
- C:\Windows\System\vVQASTB.exe
  C:\Windows\System\vVQASTB.exe
  2⤵
  PID:4412
- C:\Windows\System\OAgtdnl.exe
  C:\Windows\System\OAgtdnl.exe
  2⤵
  PID:4416
- C:\Windows\System\FKImlsr.exe
  C:\Windows\System\FKImlsr.exe
  2⤵
  PID:4436
- C:\Windows\System\EpMkUiy.exe
  C:\Windows\System\EpMkUiy.exe
  2⤵
  PID:4476
- C:\Windows\System\bkMKcDb.exe
  C:\Windows\System\bkMKcDb.exe
  2⤵
  PID:4532
- C:\Windows\System\rRMDlSy.exe
  C:\Windows\System\rRMDlSy.exe
  2⤵
  PID:4572
- C:\Windows\System\mUuauZG.exe
  C:\Windows\System\mUuauZG.exe
  2⤵
  PID:4592
- C:\Windows\System\mOeYZJQ.exe
  C:\Windows\System\mOeYZJQ.exe
  2⤵
  PID:4596
- C:\Windows\System\pvAnqPv.exe
  C:\Windows\System\pvAnqPv.exe
  2⤵
  PID:4660
- C:\Windows\System\PJRUYYw.exe
  C:\Windows\System\PJRUYYw.exe
  2⤵
  PID:4684
- C:\Windows\System\DpqOQdP.exe
  C:\Windows\System\DpqOQdP.exe
  2⤵
  PID:4724
- C:\Windows\System\LFGBIWu.exe
  C:\Windows\System\LFGBIWu.exe
  2⤵
  PID:4756
- C:\Windows\System\TvXrWsR.exe
  C:\Windows\System\TvXrWsR.exe
  2⤵
  PID:4796
- C:\Windows\System\RlEZVos.exe
  C:\Windows\System\RlEZVos.exe
  2⤵
  PID:4820
- C:\Windows\System\gikgUAS.exe
  C:\Windows\System\gikgUAS.exe
  2⤵
  PID:4840
- C:\Windows\System\xiRQGDI.exe
  C:\Windows\System\xiRQGDI.exe
  2⤵
  PID:4904
- C:\Windows\System\fsLXiWP.exe
  C:\Windows\System\fsLXiWP.exe
  2⤵
  PID:4920
- C:\Windows\System\YQgRPgn.exe
  C:\Windows\System\YQgRPgn.exe
  2⤵
  PID:4968
- C:\Windows\System\icBGzdk.exe
  C:\Windows\System\icBGzdk.exe
  2⤵
  PID:5000
- C:\Windows\System\amHGBOF.exe
  C:\Windows\System\amHGBOF.exe
  2⤵
  PID:5004
- C:\Windows\System\clBAfBg.exe
  C:\Windows\System\clBAfBg.exe
  2⤵
  PID:5068
- C:\Windows\System\AoIaydY.exe
  C:\Windows\System\AoIaydY.exe
  2⤵
  PID:5108
- C:\Windows\System\RUgxyoc.exe
  C:\Windows\System\RUgxyoc.exe
  2⤵
  PID:3944
- C:\Windows\System\lBlfAoP.exe
  C:\Windows\System\lBlfAoP.exe
  2⤵
  PID:4064
- C:\Windows\System\zTJNkLv.exe
  C:\Windows\System\zTJNkLv.exe
  2⤵
  PID:1772
- C:\Windows\System\iuqZjpv.exe
  C:\Windows\System\iuqZjpv.exe
  2⤵
  PID:1220
- C:\Windows\System\JZawWHV.exe
  C:\Windows\System\JZawWHV.exe
  2⤵
  PID:3204
- C:\Windows\System\ilxFxbc.exe
  C:\Windows\System\ilxFxbc.exe
  2⤵
  PID:3220
- C:\Windows\System\qCSXckr.exe
  C:\Windows\System\qCSXckr.exe
  2⤵
  PID:3344
- C:\Windows\System\CSmOIkV.exe
  C:\Windows\System\CSmOIkV.exe
  2⤵
  PID:3436
- C:\Windows\System\PExVLhZ.exe
  C:\Windows\System\PExVLhZ.exe
  2⤵
  PID:3704
- C:\Windows\System\tSfHlMI.exe
  C:\Windows\System\tSfHlMI.exe
  2⤵
  PID:3828
- C:\Windows\System\yjtjksg.exe
  C:\Windows\System\yjtjksg.exe
  2⤵
  PID:4116
- C:\Windows\System\aASBsWQ.exe
  C:\Windows\System\aASBsWQ.exe
  2⤵
  PID:4160
- C:\Windows\System\RQDSIiw.exe
  C:\Windows\System\RQDSIiw.exe
  2⤵
  PID:4252
- C:\Windows\System\VrdUpNO.exe
  C:\Windows\System\VrdUpNO.exe
  2⤵
  PID:4356
- C:\Windows\System\iTmxzmS.exe
  C:\Windows\System\iTmxzmS.exe
  2⤵
  PID:4340
- C:\Windows\System\yVBnRsF.exe
  C:\Windows\System\yVBnRsF.exe
  2⤵
  PID:4452
- C:\Windows\System\zcTjQjO.exe
  C:\Windows\System\zcTjQjO.exe
  2⤵
  PID:4520
- C:\Windows\System\IWsPHmn.exe
  C:\Windows\System\IWsPHmn.exe
  2⤵
  PID:4536
- C:\Windows\System\BaXUEAZ.exe
  C:\Windows\System\BaXUEAZ.exe
  2⤵
  PID:4580
- C:\Windows\System\ZdkKmMu.exe
  C:\Windows\System\ZdkKmMu.exe
  2⤵
  PID:4652
- C:\Windows\System\cqyuJrl.exe
  C:\Windows\System\cqyuJrl.exe
  2⤵
  PID:4672
- C:\Windows\System\IRokRJl.exe
  C:\Windows\System\IRokRJl.exe
  2⤵
  PID:4844
- C:\Windows\System\xuQAOfV.exe
  C:\Windows\System\xuQAOfV.exe
  2⤵
  PID:4864
- C:\Windows\System\OUSeLky.exe
  C:\Windows\System\OUSeLky.exe
  2⤵
  PID:4876
- C:\Windows\System\ZSjPieO.exe
  C:\Windows\System\ZSjPieO.exe
  2⤵
  PID:4944
- C:\Windows\System\YRmPQLz.exe
  C:\Windows\System\YRmPQLz.exe
  2⤵
  PID:4988
- C:\Windows\System\AzNQIYm.exe
  C:\Windows\System\AzNQIYm.exe
  2⤵
  PID:5060
- C:\Windows\System\TmnBDZr.exe
  C:\Windows\System\TmnBDZr.exe
  2⤵
  PID:3888
- C:\Windows\System\AfifRCj.exe
  C:\Windows\System\AfifRCj.exe
  2⤵
  PID:2512
- C:\Windows\System\YbBBQUI.exe
  C:\Windows\System\YbBBQUI.exe
  2⤵
  PID:2748
- C:\Windows\System\cidkoyj.exe
  C:\Windows\System\cidkoyj.exe
  2⤵
  PID:5140
- C:\Windows\System\voKtBDo.exe
  C:\Windows\System\voKtBDo.exe
  2⤵
  PID:5160
- C:\Windows\System\EMmorok.exe
  C:\Windows\System\EMmorok.exe
  2⤵
  PID:5180
- C:\Windows\System\PLoXaTq.exe
  C:\Windows\System\PLoXaTq.exe
  2⤵
  PID:5196
- C:\Windows\System\AAXxfqM.exe
  C:\Windows\System\AAXxfqM.exe
  2⤵
  PID:5220
- C:\Windows\System\VXXnYTP.exe
  C:\Windows\System\VXXnYTP.exe
  2⤵
  PID:5240
- C:\Windows\System\VAiRQqK.exe
  C:\Windows\System\VAiRQqK.exe
  2⤵
  PID:5260
- C:\Windows\System\oiQfKQf.exe
  C:\Windows\System\oiQfKQf.exe
  2⤵
  PID:5280
- C:\Windows\System\ygcTHCE.exe
  C:\Windows\System\ygcTHCE.exe
  2⤵
  PID:5300
- C:\Windows\System\EmeXdin.exe
  C:\Windows\System\EmeXdin.exe
  2⤵
  PID:5320
- C:\Windows\System\BXIkICU.exe
  C:\Windows\System\BXIkICU.exe
  2⤵
  PID:5340
- C:\Windows\System\unDISTo.exe
  C:\Windows\System\unDISTo.exe
  2⤵
  PID:5360
- C:\Windows\System\SrcpjFb.exe
  C:\Windows\System\SrcpjFb.exe
  2⤵
  PID:5380
- C:\Windows\System\LzZIzUc.exe
  C:\Windows\System\LzZIzUc.exe
  2⤵
  PID:5400
- C:\Windows\System\lgtQogP.exe
  C:\Windows\System\lgtQogP.exe
  2⤵
  PID:5420
- C:\Windows\System\mIsEFfi.exe
  C:\Windows\System\mIsEFfi.exe
  2⤵
  PID:5440
- C:\Windows\System\EKQuUly.exe
  C:\Windows\System\EKQuUly.exe
  2⤵
  PID:5464
- C:\Windows\System\eAEUGZa.exe
  C:\Windows\System\eAEUGZa.exe
  2⤵
  PID:5484
- C:\Windows\System\rNhfbgl.exe
  C:\Windows\System\rNhfbgl.exe
  2⤵
  PID:5504
- C:\Windows\System\SfzpeIu.exe
  C:\Windows\System\SfzpeIu.exe
  2⤵
  PID:5524
- C:\Windows\System\gSFQmyN.exe
  C:\Windows\System\gSFQmyN.exe
  2⤵
  PID:5544
- C:\Windows\System\MnbCsHn.exe
  C:\Windows\System\MnbCsHn.exe
  2⤵
  PID:5564
- C:\Windows\System\WNZHPTw.exe
  C:\Windows\System\WNZHPTw.exe
  2⤵
  PID:5584
- C:\Windows\System\ddpCmgY.exe
  C:\Windows\System\ddpCmgY.exe
  2⤵
  PID:5604
- C:\Windows\System\HlRJVzc.exe
  C:\Windows\System\HlRJVzc.exe
  2⤵
  PID:5624
- C:\Windows\System\RrrydVH.exe
  C:\Windows\System\RrrydVH.exe
  2⤵
  PID:5640
- C:\Windows\System\FLxxYAS.exe
  C:\Windows\System\FLxxYAS.exe
  2⤵
  PID:5668
- C:\Windows\System\gClipyE.exe
  C:\Windows\System\gClipyE.exe
  2⤵
  PID:5688
- C:\Windows\System\AHyvJVL.exe
  C:\Windows\System\AHyvJVL.exe
  2⤵
  PID:5708
- C:\Windows\System\BKheNHq.exe
  C:\Windows\System\BKheNHq.exe
  2⤵
  PID:5728
- C:\Windows\System\fAJdyLd.exe
  C:\Windows\System\fAJdyLd.exe
  2⤵
  PID:5748
- C:\Windows\System\WtpJVvR.exe
  C:\Windows\System\WtpJVvR.exe
  2⤵
  PID:5764
- C:\Windows\System\lcaPxgW.exe
  C:\Windows\System\lcaPxgW.exe
  2⤵
  PID:5788
- C:\Windows\System\HowjHFA.exe
  C:\Windows\System\HowjHFA.exe
  2⤵
  PID:5808
- C:\Windows\System\NkZlAwY.exe
  C:\Windows\System\NkZlAwY.exe
  2⤵
  PID:5824
- C:\Windows\System\ePUYwkh.exe
  C:\Windows\System\ePUYwkh.exe
  2⤵
  PID:5848
- C:\Windows\System\KzeXBAU.exe
  C:\Windows\System\KzeXBAU.exe
  2⤵
  PID:5868
- C:\Windows\System\ThzUNWc.exe
  C:\Windows\System\ThzUNWc.exe
  2⤵
  PID:5888
- C:\Windows\System\ZfKhlCe.exe
  C:\Windows\System\ZfKhlCe.exe
  2⤵
  PID:5908
- C:\Windows\System\yGnOECw.exe
  C:\Windows\System\yGnOECw.exe
  2⤵
  PID:5928
- C:\Windows\System\LNZxvIF.exe
  C:\Windows\System\LNZxvIF.exe
  2⤵
  PID:5948
- C:\Windows\System\OcRbHmH.exe
  C:\Windows\System\OcRbHmH.exe
  2⤵
  PID:5968
- C:\Windows\System\dAcdcNW.exe
  C:\Windows\System\dAcdcNW.exe
  2⤵
  PID:5988
- C:\Windows\System\zUtiwBV.exe
  C:\Windows\System\zUtiwBV.exe
  2⤵
  PID:6008
- C:\Windows\System\nUpxWGy.exe
  C:\Windows\System\nUpxWGy.exe
  2⤵
  PID:6028
- C:\Windows\System\iDKSiuM.exe
  C:\Windows\System\iDKSiuM.exe
  2⤵
  PID:6048
- C:\Windows\System\vonoWZE.exe
  C:\Windows\System\vonoWZE.exe
  2⤵
  PID:6068
- C:\Windows\System\gjnfUPU.exe
  C:\Windows\System\gjnfUPU.exe
  2⤵
  PID:6088
- C:\Windows\System\qnRBCwF.exe
  C:\Windows\System\qnRBCwF.exe
  2⤵
  PID:6108
- C:\Windows\System\cUReQUv.exe
  C:\Windows\System\cUReQUv.exe
  2⤵
  PID:6128
- C:\Windows\System\IjaJwql.exe
  C:\Windows\System\IjaJwql.exe
  2⤵
  PID:3084
- C:\Windows\System\rzbKlmL.exe
  C:\Windows\System\rzbKlmL.exe
  2⤵
  PID:3380
- C:\Windows\System\yGichRe.exe
  C:\Windows\System\yGichRe.exe
  2⤵
  PID:3544
- C:\Windows\System\QUzXkFw.exe
  C:\Windows\System\QUzXkFw.exe
  2⤵
  PID:3720
- C:\Windows\System\HmOuqun.exe
  C:\Windows\System\HmOuqun.exe
  2⤵
  PID:4212
- C:\Windows\System\FwzmCPM.exe
  C:\Windows\System\FwzmCPM.exe
  2⤵
  PID:4140
- C:\Windows\System\doSIvHC.exe
  C:\Windows\System\doSIvHC.exe
  2⤵
  PID:4296
- C:\Windows\System\tQQfjEs.exe
  C:\Windows\System\tQQfjEs.exe
  2⤵
  PID:4472
- C:\Windows\System\nomDYDU.exe
  C:\Windows\System\nomDYDU.exe
  2⤵
  PID:4516
- C:\Windows\System\KTlqdRq.exe
  C:\Windows\System\KTlqdRq.exe
  2⤵
  PID:4716
- C:\Windows\System\QsPmzvu.exe
  C:\Windows\System\QsPmzvu.exe
  2⤵
  PID:4636
- C:\Windows\System\jPwwIMO.exe
  C:\Windows\System\jPwwIMO.exe
  2⤵
  PID:4856
- C:\Windows\System\kVwyUPE.exe
  C:\Windows\System\kVwyUPE.exe
  2⤵
  PID:4804
- C:\Windows\System\JvsnzOX.exe
  C:\Windows\System\JvsnzOX.exe
  2⤵
  PID:4984
- C:\Windows\System\zqULNkt.exe
  C:\Windows\System\zqULNkt.exe
  2⤵
  PID:5100
- C:\Windows\System\TsDZfQC.exe
  C:\Windows\System\TsDZfQC.exe
  2⤵
  PID:1400
- C:\Windows\System\MELdFUs.exe
  C:\Windows\System\MELdFUs.exe
  2⤵
  PID:5168
- C:\Windows\System\TZbGMsx.exe
  C:\Windows\System\TZbGMsx.exe
  2⤵
  PID:5208
- C:\Windows\System\kxSjaNX.exe
  C:\Windows\System\kxSjaNX.exe
  2⤵
  PID:5188
- C:\Windows\System\rQuQIan.exe
  C:\Windows\System\rQuQIan.exe
  2⤵
  PID:5232
- C:\Windows\System\GxbRNbc.exe
  C:\Windows\System\GxbRNbc.exe
  2⤵
  PID:5268
- C:\Windows\System\UqSJcTP.exe
  C:\Windows\System\UqSJcTP.exe
  2⤵
  PID:5308
- C:\Windows\System\vTfvbYw.exe
  C:\Windows\System\vTfvbYw.exe
  2⤵
  PID:5312
- C:\Windows\System\bJgoXvp.exe
  C:\Windows\System\bJgoXvp.exe
  2⤵
  PID:5376
- C:\Windows\System\AMVLHrf.exe
  C:\Windows\System\AMVLHrf.exe
  2⤵
  PID:5392
- C:\Windows\System\WLoToPM.exe
  C:\Windows\System\WLoToPM.exe
  2⤵
  PID:5448
- C:\Windows\System\WgbAEaG.exe
  C:\Windows\System\WgbAEaG.exe
  2⤵
  PID:5492
- C:\Windows\System\OpVmFsM.exe
  C:\Windows\System\OpVmFsM.exe
  2⤵
  PID:5512
- C:\Windows\System\BSMqiFv.exe
  C:\Windows\System\BSMqiFv.exe
  2⤵
  PID:5516
- C:\Windows\System\fUaXiDa.exe
  C:\Windows\System\fUaXiDa.exe
  2⤵
  PID:5560
- C:\Windows\System\igyeJuQ.exe
  C:\Windows\System\igyeJuQ.exe
  2⤵
  PID:5600
- C:\Windows\System\lSYiuJB.exe
  C:\Windows\System\lSYiuJB.exe
  2⤵
  PID:5664
- C:\Windows\System\zGfXIjU.exe
  C:\Windows\System\zGfXIjU.exe
  2⤵
  PID:5736
- C:\Windows\System\lTmrFhz.exe
  C:\Windows\System\lTmrFhz.exe
  2⤵
  PID:5632
- C:\Windows\System\aHeotYt.exe
  C:\Windows\System\aHeotYt.exe
  2⤵
  PID:5724
- C:\Windows\System\QnQeICI.exe
  C:\Windows\System\QnQeICI.exe
  2⤵
  PID:5756
- C:\Windows\System\tBBdxrE.exe
  C:\Windows\System\tBBdxrE.exe
  2⤵
  PID:5804
- C:\Windows\System\WbjiHCw.exe
  C:\Windows\System\WbjiHCw.exe
  2⤵
  PID:5844
- C:\Windows\System\HnDCvne.exe
  C:\Windows\System\HnDCvne.exe
  2⤵
  PID:5876
- C:\Windows\System\hVPgAxZ.exe
  C:\Windows\System\hVPgAxZ.exe
  2⤵
  PID:5900
- C:\Windows\System\fVWFRTo.exe
  C:\Windows\System\fVWFRTo.exe
  2⤵
  PID:5976
- C:\Windows\System\UlGZNWX.exe
  C:\Windows\System\UlGZNWX.exe
  2⤵
  PID:5964
- C:\Windows\System\rPEGzHj.exe
  C:\Windows\System\rPEGzHj.exe
  2⤵
  PID:6016
- C:\Windows\System\JOaaiWB.exe
  C:\Windows\System\JOaaiWB.exe
  2⤵
  PID:6056
- C:\Windows\System\RPBwIvF.exe
  C:\Windows\System\RPBwIvF.exe
  2⤵
  PID:6076
- C:\Windows\System\wttemqW.exe
  C:\Windows\System\wttemqW.exe
  2⤵
  PID:6100
- C:\Windows\System\PBwbJZr.exe
  C:\Windows\System\PBwbJZr.exe
  2⤵
  PID:6140
- C:\Windows\System\nAyhVvu.exe
  C:\Windows\System\nAyhVvu.exe
  2⤵
  PID:3460
- C:\Windows\System\siCgunk.exe
  C:\Windows\System\siCgunk.exe
  2⤵
  PID:3576
- C:\Windows\System\qZAKjDS.exe
  C:\Windows\System\qZAKjDS.exe
  2⤵
  PID:4156
- C:\Windows\System\fWSwbFG.exe
  C:\Windows\System\fWSwbFG.exe
  2⤵
  PID:4240
- C:\Windows\System\WXURTPv.exe
  C:\Windows\System\WXURTPv.exe
  2⤵
  PID:4480
- C:\Windows\System\eTQXrTZ.exe
  C:\Windows\System\eTQXrTZ.exe
  2⤵
  PID:4556
- C:\Windows\System\hcYNCBs.exe
  C:\Windows\System\hcYNCBs.exe
  2⤵
  PID:4780
- C:\Windows\System\EXYbAyr.exe
  C:\Windows\System\EXYbAyr.exe
  2⤵
  PID:5028
- C:\Windows\System\atmUsmY.exe
  C:\Windows\System\atmUsmY.exe
  2⤵
  PID:2004
- C:\Windows\System\RWefRoo.exe
  C:\Windows\System\RWefRoo.exe
  2⤵
  PID:5156
- C:\Windows\System\YBxiBUR.exe
  C:\Windows\System\YBxiBUR.exe
  2⤵
  PID:5172
- C:\Windows\System\jHoiPjq.exe
  C:\Windows\System\jHoiPjq.exe
  2⤵
  PID:5252
- C:\Windows\System\szGlFqV.exe
  C:\Windows\System\szGlFqV.exe
  2⤵
  PID:5316
- C:\Windows\System\tbMufRH.exe
  C:\Windows\System\tbMufRH.exe
  2⤵
  PID:5368
- C:\Windows\System\GIDhjdz.exe
  C:\Windows\System\GIDhjdz.exe
  2⤵
  PID:5436
- C:\Windows\System\ljtCKny.exe
  C:\Windows\System\ljtCKny.exe
  2⤵
  PID:5520
- C:\Windows\System\rnVesBY.exe
  C:\Windows\System\rnVesBY.exe
  2⤵
  PID:5536
- C:\Windows\System\vLHuNtt.exe
  C:\Windows\System\vLHuNtt.exe
  2⤵
  PID:5552
- C:\Windows\System\vsiehUa.exe
  C:\Windows\System\vsiehUa.exe
  2⤵
  PID:5700
- C:\Windows\System\QUUMLxI.exe
  C:\Windows\System\QUUMLxI.exe
  2⤵
  PID:5744
- C:\Windows\System\AllOGCX.exe
  C:\Windows\System\AllOGCX.exe
  2⤵
  PID:5796
- C:\Windows\System\qqiydyR.exe
  C:\Windows\System\qqiydyR.exe
  2⤵
  PID:5816
- C:\Windows\System\cNFTAUE.exe
  C:\Windows\System\cNFTAUE.exe
  2⤵
  PID:5836
- C:\Windows\System\pNJAicK.exe
  C:\Windows\System\pNJAicK.exe
  2⤵
  PID:5880
- C:\Windows\System\fXreQPO.exe
  C:\Windows\System\fXreQPO.exe
  2⤵
  PID:5924
- C:\Windows\System\mrkyDJQ.exe
  C:\Windows\System\mrkyDJQ.exe
  2⤵
  PID:6040
- C:\Windows\System\rFJJZtI.exe
  C:\Windows\System\rFJJZtI.exe
  2⤵
  PID:6020
- C:\Windows\System\SoRPNhH.exe
  C:\Windows\System\SoRPNhH.exe
  2⤵
  PID:6080
- C:\Windows\System\qKkFZLn.exe
  C:\Windows\System\qKkFZLn.exe
  2⤵
  PID:4132
- C:\Windows\System\gDoaVxD.exe
  C:\Windows\System\gDoaVxD.exe
  2⤵
  PID:3664
- C:\Windows\System\pjmwuQa.exe
  C:\Windows\System\pjmwuQa.exe
  2⤵
  PID:4312
- C:\Windows\System\TmVLMMN.exe
  C:\Windows\System\TmVLMMN.exe
  2⤵
  PID:4440
- C:\Windows\System\PLJJDLC.exe
  C:\Windows\System\PLJJDLC.exe
  2⤵
  PID:6160
- C:\Windows\System\JlzCHHR.exe
  C:\Windows\System\JlzCHHR.exe
  2⤵
  PID:6180
- C:\Windows\System\XuQLfYo.exe
  C:\Windows\System\XuQLfYo.exe
  2⤵
  PID:6200
- C:\Windows\System\SxIHOzM.exe
  C:\Windows\System\SxIHOzM.exe
  2⤵
  PID:6220
- C:\Windows\System\PSgIskE.exe
  C:\Windows\System\PSgIskE.exe
  2⤵
  PID:6236
- C:\Windows\System\OONtvth.exe
  C:\Windows\System\OONtvth.exe
  2⤵
  PID:6260
- C:\Windows\System\xLHSTpM.exe
  C:\Windows\System\xLHSTpM.exe
  2⤵
  PID:6280
- C:\Windows\System\MekPiOk.exe
  C:\Windows\System\MekPiOk.exe
  2⤵
  PID:6300
- C:\Windows\System\NYXGzdd.exe
  C:\Windows\System\NYXGzdd.exe
  2⤵
  PID:6320
- C:\Windows\System\lzRBuUn.exe
  C:\Windows\System\lzRBuUn.exe
  2⤵
  PID:6340
- C:\Windows\System\yCObYBv.exe
  C:\Windows\System\yCObYBv.exe
  2⤵
  PID:6356
- C:\Windows\System\VZGKGvC.exe
  C:\Windows\System\VZGKGvC.exe
  2⤵
  PID:6380
- C:\Windows\System\HMJbInC.exe
  C:\Windows\System\HMJbInC.exe
  2⤵
  PID:6396
- C:\Windows\System\dLcoBkV.exe
  C:\Windows\System\dLcoBkV.exe
  2⤵
  PID:6420
- C:\Windows\System\WrQATDg.exe
  C:\Windows\System\WrQATDg.exe
  2⤵
  PID:6440
- C:\Windows\System\HBosZwu.exe
  C:\Windows\System\HBosZwu.exe
  2⤵
  PID:6460
- C:\Windows\System\npVknPz.exe
  C:\Windows\System\npVknPz.exe
  2⤵
  PID:6480
- C:\Windows\System\NigFxlJ.exe
  C:\Windows\System\NigFxlJ.exe
  2⤵
  PID:6500
- C:\Windows\System\gwipHEQ.exe
  C:\Windows\System\gwipHEQ.exe
  2⤵
  PID:6516
- C:\Windows\System\FCpLhnp.exe
  C:\Windows\System\FCpLhnp.exe
  2⤵
  PID:6540
- C:\Windows\System\NdkhcEh.exe
  C:\Windows\System\NdkhcEh.exe
  2⤵
  PID:6560
- C:\Windows\System\lgaEhMn.exe
  C:\Windows\System\lgaEhMn.exe
  2⤵
  PID:6580
- C:\Windows\System\onQwBDA.exe
  C:\Windows\System\onQwBDA.exe
  2⤵
  PID:6600
- C:\Windows\System\rcPpbZI.exe
  C:\Windows\System\rcPpbZI.exe
  2⤵
  PID:6620
- C:\Windows\System\WScfEqX.exe
  C:\Windows\System\WScfEqX.exe
  2⤵
  PID:6640
- C:\Windows\System\sxBXaOe.exe
  C:\Windows\System\sxBXaOe.exe
  2⤵
  PID:6660
- C:\Windows\System\AxVEcIJ.exe
  C:\Windows\System\AxVEcIJ.exe
  2⤵
  PID:6680
- C:\Windows\System\gVSgBRJ.exe
  C:\Windows\System\gVSgBRJ.exe
  2⤵
  PID:6700
- C:\Windows\System\yHuwbdS.exe
  C:\Windows\System\yHuwbdS.exe
  2⤵
  PID:6720
- C:\Windows\System\kfLEUVp.exe
  C:\Windows\System\kfLEUVp.exe
  2⤵
  PID:6740
- C:\Windows\System\oqhGHmX.exe
  C:\Windows\System\oqhGHmX.exe
  2⤵
  PID:6760
- C:\Windows\System\QfjMLkz.exe
  C:\Windows\System\QfjMLkz.exe
  2⤵
  PID:6780
- C:\Windows\System\ivIAefE.exe
  C:\Windows\System\ivIAefE.exe
  2⤵
  PID:6800
- C:\Windows\System\ASiyIai.exe
  C:\Windows\System\ASiyIai.exe
  2⤵
  PID:6820
- C:\Windows\System\PCCxwXu.exe
  C:\Windows\System\PCCxwXu.exe
  2⤵
  PID:6844
- C:\Windows\System\OKCbQlt.exe
  C:\Windows\System\OKCbQlt.exe
  2⤵
  PID:6864
- C:\Windows\System\rWLENfu.exe
  C:\Windows\System\rWLENfu.exe
  2⤵
  PID:6884
- C:\Windows\System\qAyyGew.exe
  C:\Windows\System\qAyyGew.exe
  2⤵
  PID:6904
- C:\Windows\System\yYBvBbS.exe
  C:\Windows\System\yYBvBbS.exe
  2⤵
  PID:6928
- C:\Windows\System\latxIBB.exe
  C:\Windows\System\latxIBB.exe
  2⤵
  PID:6948
- C:\Windows\System\nmnaDsw.exe
  C:\Windows\System\nmnaDsw.exe
  2⤵
  PID:6968
- C:\Windows\System\XZIIybC.exe
  C:\Windows\System\XZIIybC.exe
  2⤵
  PID:6988
- C:\Windows\System\uSqKZVb.exe
  C:\Windows\System\uSqKZVb.exe
  2⤵
  PID:7008
- C:\Windows\System\EnKdhsP.exe
  C:\Windows\System\EnKdhsP.exe
  2⤵
  PID:7028
- C:\Windows\System\YllrfFb.exe
  C:\Windows\System\YllrfFb.exe
  2⤵
  PID:7048
- C:\Windows\System\vSiddrR.exe
  C:\Windows\System\vSiddrR.exe
  2⤵
  PID:7068
- C:\Windows\System\CfyNCrv.exe
  C:\Windows\System\CfyNCrv.exe
  2⤵
  PID:7088
- C:\Windows\System\wDHnBEb.exe
  C:\Windows\System\wDHnBEb.exe
  2⤵
  PID:7108
- C:\Windows\System\KFbDLYL.exe
  C:\Windows\System\KFbDLYL.exe
  2⤵
  PID:7128
- C:\Windows\System\cSQhXLP.exe
  C:\Windows\System\cSQhXLP.exe
  2⤵
  PID:7148
- C:\Windows\System\SjvfPwg.exe
  C:\Windows\System\SjvfPwg.exe
  2⤵
  PID:4824
- C:\Windows\System\RcpihhA.exe
  C:\Windows\System\RcpihhA.exe
  2⤵
  PID:4740
- C:\Windows\System\fLTYYiT.exe
  C:\Windows\System\fLTYYiT.exe
  2⤵
  PID:5128
- C:\Windows\System\pVsuOZO.exe
  C:\Windows\System\pVsuOZO.exe
  2⤵
  PID:5152
- C:\Windows\System\VAOPiSV.exe
  C:\Windows\System\VAOPiSV.exe
  2⤵
  PID:5296
- C:\Windows\System\ZjhRuzt.exe
  C:\Windows\System\ZjhRuzt.exe
  2⤵
  PID:5472
- C:\Windows\System\muPBoaz.exe
  C:\Windows\System\muPBoaz.exe
  2⤵
  PID:5620
- C:\Windows\System\ILlTmFZ.exe
  C:\Windows\System\ILlTmFZ.exe
  2⤵
  PID:5480
- C:\Windows\System\ZiGYPRC.exe
  C:\Windows\System\ZiGYPRC.exe
  2⤵
  PID:5616
- C:\Windows\System\iZieYPd.exe
  C:\Windows\System\iZieYPd.exe
  2⤵
  PID:5772
- C:\Windows\System\bWYRfhg.exe
  C:\Windows\System\bWYRfhg.exe
  2⤵
  PID:5860
- C:\Windows\System\EAgaYJS.exe
  C:\Windows\System\EAgaYJS.exe
  2⤵
  PID:6000
- C:\Windows\System\SyXjFlm.exe
  C:\Windows\System\SyXjFlm.exe
  2⤵
  PID:6060
- C:\Windows\System\mxOoKNc.exe
  C:\Windows\System\mxOoKNc.exe
  2⤵
  PID:6096
- C:\Windows\System\KyAmpvC.exe
  C:\Windows\System\KyAmpvC.exe
  2⤵
  PID:1924
- C:\Windows\System\FPfxZWg.exe
  C:\Windows\System\FPfxZWg.exe
  2⤵
  PID:4256
- C:\Windows\System\gniUhVW.exe
  C:\Windows\System\gniUhVW.exe
  2⤵
  PID:6176
- C:\Windows\System\yyBBCxB.exe
  C:\Windows\System\yyBBCxB.exe
  2⤵
  PID:6208
- C:\Windows\System\tupToOu.exe
  C:\Windows\System\tupToOu.exe
  2⤵
  PID:6244
- C:\Windows\System\yqXGwwq.exe
  C:\Windows\System\yqXGwwq.exe
  2⤵
  PID:6288
- C:\Windows\System\dSSdqHi.exe
  C:\Windows\System\dSSdqHi.exe
  2⤵
  PID:6276
- C:\Windows\System\FsNFmqq.exe
  C:\Windows\System\FsNFmqq.exe
  2⤵
  PID:6308
- C:\Windows\System\EzDghed.exe
  C:\Windows\System\EzDghed.exe
  2⤵
  PID:6364
- C:\Windows\System\IPUlBFB.exe
  C:\Windows\System\IPUlBFB.exe
  2⤵
  PID:6404
- C:\Windows\System\hNtIHYh.exe
  C:\Windows\System\hNtIHYh.exe
  2⤵
  PID:6448
- C:\Windows\System\ZAnvPEM.exe
  C:\Windows\System\ZAnvPEM.exe
  2⤵
  PID:6432
- C:\Windows\System\SpbGqLE.exe
  C:\Windows\System\SpbGqLE.exe
  2⤵
  PID:6476
- C:\Windows\System\hYoMTdH.exe
  C:\Windows\System\hYoMTdH.exe
  2⤵
  PID:6536
- C:\Windows\System\TKxcMGO.exe
  C:\Windows\System\TKxcMGO.exe
  2⤵
  PID:6548
- C:\Windows\System\kTAxTwG.exe
  C:\Windows\System\kTAxTwG.exe
  2⤵
  PID:6572
- C:\Windows\System\iTUPnjI.exe
  C:\Windows\System\iTUPnjI.exe
  2⤵
  PID:6616
- C:\Windows\System\eDAaKnz.exe
  C:\Windows\System\eDAaKnz.exe
  2⤵
  PID:6636
- C:\Windows\System\gfIwSgj.exe
  C:\Windows\System\gfIwSgj.exe
  2⤵
  PID:6696
- C:\Windows\System\XmAIRgr.exe
  C:\Windows\System\XmAIRgr.exe
  2⤵
  PID:6728
- C:\Windows\System\hQDiwiH.exe
  C:\Windows\System\hQDiwiH.exe
  2⤵
  PID:6768
- C:\Windows\System\kIMzDnx.exe
  C:\Windows\System\kIMzDnx.exe
  2⤵
  PID:6788
- C:\Windows\System\UQRRzIO.exe
  C:\Windows\System\UQRRzIO.exe
  2⤵
  PID:6812
- C:\Windows\System\ftgoFRM.exe
  C:\Windows\System\ftgoFRM.exe
  2⤵
  PID:6856
- C:\Windows\System\iOGyXsj.exe
  C:\Windows\System\iOGyXsj.exe
  2⤵
  PID:6900
- C:\Windows\System\uygMDtW.exe
  C:\Windows\System\uygMDtW.exe
  2⤵
  PID:6916
- C:\Windows\System\AYUktUm.exe
  C:\Windows\System\AYUktUm.exe
  2⤵
  PID:6976
- C:\Windows\System\bZCgYvL.exe
  C:\Windows\System\bZCgYvL.exe
  2⤵
  PID:6996
- C:\Windows\System\yiWdwTE.exe
  C:\Windows\System\yiWdwTE.exe
  2⤵
  PID:7036
- C:\Windows\System\uqKYfMT.exe
  C:\Windows\System\uqKYfMT.exe
  2⤵
  PID:7060
- C:\Windows\System\uyvogZO.exe
  C:\Windows\System\uyvogZO.exe
  2⤵
  PID:7080
- C:\Windows\System\pgnRcga.exe
  C:\Windows\System\pgnRcga.exe
  2⤵
  PID:7144
- C:\Windows\System\yaEziAO.exe
  C:\Windows\System\yaEziAO.exe
  2⤵
  PID:5080
- C:\Windows\System\rkJPaNZ.exe
  C:\Windows\System\rkJPaNZ.exe
  2⤵
  PID:4916
- C:\Windows\System\XiMIXle.exe
  C:\Windows\System\XiMIXle.exe
  2⤵
  PID:5136
- C:\Windows\System\HoEFClZ.exe
  C:\Windows\System\HoEFClZ.exe
  2⤵
  PID:5408
- C:\Windows\System\uiumADH.exe
  C:\Windows\System\uiumADH.exe
  2⤵
  PID:5292
- C:\Windows\System\bAddkjK.exe
  C:\Windows\System\bAddkjK.exe
  2⤵
  PID:5716
- C:\Windows\System\UesXIdB.exe
  C:\Windows\System\UesXIdB.exe
  2⤵
  PID:5904
- C:\Windows\System\PbrdZad.exe
  C:\Windows\System\PbrdZad.exe
  2⤵
  PID:5944
- C:\Windows\System\bTmMoLc.exe
  C:\Windows\System\bTmMoLc.exe
  2⤵
  PID:5820
- C:\Windows\System\XGVjjiu.exe
  C:\Windows\System\XGVjjiu.exe
  2⤵
  PID:4316
- C:\Windows\System\kHgzKrp.exe
  C:\Windows\System\kHgzKrp.exe
  2⤵
  PID:4512
- C:\Windows\System\khbjSQx.exe
  C:\Windows\System\khbjSQx.exe
  2⤵
  PID:6168
- C:\Windows\System\icPcpYq.exe
  C:\Windows\System\icPcpYq.exe
  2⤵
  PID:6196
- C:\Windows\System\qVuhaOi.exe
  C:\Windows\System\qVuhaOi.exe
  2⤵
  PID:6232
- C:\Windows\System\sEloFIp.exe
  C:\Windows\System\sEloFIp.exe
  2⤵
  PID:6352
- C:\Windows\System\kqhSGLX.exe
  C:\Windows\System\kqhSGLX.exe
  2⤵
  PID:6332
- C:\Windows\System\FXSMXVO.exe
  C:\Windows\System\FXSMXVO.exe
  2⤵
  PID:6416
- C:\Windows\System\vSwjYBN.exe
  C:\Windows\System\vSwjYBN.exe
  2⤵
  PID:6468
- C:\Windows\System\OflBIFx.exe
  C:\Windows\System\OflBIFx.exe
  2⤵
  PID:6628
- C:\Windows\System\wlWKvJc.exe
  C:\Windows\System\wlWKvJc.exe
  2⤵
  PID:6656
- C:\Windows\System\MjDJquo.exe
  C:\Windows\System\MjDJquo.exe
  2⤵
  PID:6692
- C:\Windows\System\lYioxIt.exe
  C:\Windows\System\lYioxIt.exe
  2⤵
  PID:6752
- C:\Windows\System\NgOVwWX.exe
  C:\Windows\System\NgOVwWX.exe
  2⤵
  PID:6708
- C:\Windows\System\BrezFPL.exe
  C:\Windows\System\BrezFPL.exe
  2⤵
  PID:6808
- C:\Windows\System\UUskhkf.exe
  C:\Windows\System\UUskhkf.exe
  2⤵
  PID:6924
- C:\Windows\System\vOCvpWA.exe
  C:\Windows\System\vOCvpWA.exe
  2⤵
  PID:6876
- C:\Windows\System\Xfowfcr.exe
  C:\Windows\System\Xfowfcr.exe
  2⤵
  PID:6956
- C:\Windows\System\kvGviwI.exe
  C:\Windows\System\kvGviwI.exe
  2⤵
  PID:7096
- C:\Windows\System\pMbTQPG.exe
  C:\Windows\System\pMbTQPG.exe
  2⤵
  PID:7124
- C:\Windows\System\gwyntjg.exe
  C:\Windows\System\gwyntjg.exe
  2⤵
  PID:5228
- C:\Windows\System\hOTlUWg.exe
  C:\Windows\System\hOTlUWg.exe
  2⤵
  PID:4004
- C:\Windows\System\aAltNMX.exe
  C:\Windows\System\aAltNMX.exe
  2⤵
  PID:5540
- C:\Windows\System\CJIHFVk.exe
  C:\Windows\System\CJIHFVk.exe
  2⤵
  PID:5396
- C:\Windows\System\jQhPcZL.exe
  C:\Windows\System\jQhPcZL.exe
  2⤵
  PID:5704
- C:\Windows\System\IQxBlHC.exe
  C:\Windows\System\IQxBlHC.exe
  2⤵
  PID:264
- C:\Windows\System\loJSubc.exe
  C:\Windows\System\loJSubc.exe
  2⤵
  PID:2344
- C:\Windows\System\OXOlggJ.exe
  C:\Windows\System\OXOlggJ.exe
  2⤵
  PID:6252
- C:\Windows\System\fqfELKa.exe
  C:\Windows\System\fqfELKa.exe
  2⤵
  PID:5636
- C:\Windows\System\XThrBVu.exe
  C:\Windows\System\XThrBVu.exe
  2⤵
  PID:6488
- C:\Windows\System\CVsCVkE.exe
  C:\Windows\System\CVsCVkE.exe
  2⤵
  PID:6392
- C:\Windows\System\Wqovxzs.exe
  C:\Windows\System\Wqovxzs.exe
  2⤵
  PID:6552
- C:\Windows\System\KEGIMRX.exe
  C:\Windows\System\KEGIMRX.exe
  2⤵
  PID:6816
- C:\Windows\System\NMNFLZr.exe
  C:\Windows\System\NMNFLZr.exe
  2⤵
  PID:6860
- C:\Windows\System\kFwahIq.exe
  C:\Windows\System\kFwahIq.exe
  2⤵
  PID:7184
- C:\Windows\System\MjtgFKU.exe
  C:\Windows\System\MjtgFKU.exe
  2⤵
  PID:7204
- C:\Windows\System\BlyQLjA.exe
  C:\Windows\System\BlyQLjA.exe
  2⤵
  PID:7220
- C:\Windows\System\uwBuxtW.exe
  C:\Windows\System\uwBuxtW.exe
  2⤵
  PID:7244
- C:\Windows\System\STZIzxx.exe
  C:\Windows\System\STZIzxx.exe
  2⤵
  PID:7264
- C:\Windows\System\tAPjUtp.exe
  C:\Windows\System\tAPjUtp.exe
  2⤵
  PID:7284
- C:\Windows\System\kCzRfgZ.exe
  C:\Windows\System\kCzRfgZ.exe
  2⤵
  PID:7304
- C:\Windows\System\ILeEsiq.exe
  C:\Windows\System\ILeEsiq.exe
  2⤵
  PID:7320
- C:\Windows\System\zsKsNmy.exe
  C:\Windows\System\zsKsNmy.exe
  2⤵
  PID:7336
- C:\Windows\System\jNlyUkH.exe
  C:\Windows\System\jNlyUkH.exe
  2⤵
  PID:7364
- C:\Windows\System\ASzOQwa.exe
  C:\Windows\System\ASzOQwa.exe
  2⤵
  PID:7380
- C:\Windows\System\zvFkhhI.exe
  C:\Windows\System\zvFkhhI.exe
  2⤵
  PID:7400
- C:\Windows\System\siWQRqQ.exe
  C:\Windows\System\siWQRqQ.exe
  2⤵
  PID:7416
- C:\Windows\System\PzKuwNb.exe
  C:\Windows\System\PzKuwNb.exe
  2⤵
  PID:7444
- C:\Windows\System\HGifMLX.exe
  C:\Windows\System\HGifMLX.exe
  2⤵
  PID:7460
- C:\Windows\System\QeZdgVn.exe
  C:\Windows\System\QeZdgVn.exe
  2⤵
  PID:7484
- C:\Windows\System\lOWbzUn.exe
  C:\Windows\System\lOWbzUn.exe
  2⤵
  PID:7508
- C:\Windows\System\kfExqpf.exe
  C:\Windows\System\kfExqpf.exe
  2⤵
  PID:7532
- C:\Windows\System\YcWtHgR.exe
  C:\Windows\System\YcWtHgR.exe
  2⤵
  PID:7548
- C:\Windows\System\LHhptki.exe
  C:\Windows\System\LHhptki.exe
  2⤵
  PID:7568
- C:\Windows\System\XZIuaug.exe
  C:\Windows\System\XZIuaug.exe
  2⤵
  PID:7592
- C:\Windows\System\ewlDjPy.exe
  C:\Windows\System\ewlDjPy.exe
  2⤵
  PID:7612
- C:\Windows\System\ojzCZsx.exe
  C:\Windows\System\ojzCZsx.exe
  2⤵
  PID:7632
- C:\Windows\System\QnoYwME.exe
  C:\Windows\System\QnoYwME.exe
  2⤵
  PID:7652
- C:\Windows\System\vbqJEAK.exe
  C:\Windows\System\vbqJEAK.exe
  2⤵
  PID:7672
- C:\Windows\System\MskvWeJ.exe
  C:\Windows\System\MskvWeJ.exe
  2⤵
  PID:7692
- C:\Windows\System\fHihwBn.exe
  C:\Windows\System\fHihwBn.exe
  2⤵
  PID:7712
- C:\Windows\System\qFujXzl.exe
  C:\Windows\System\qFujXzl.exe
  2⤵
  PID:7732
- C:\Windows\System\QdaNFBE.exe
  C:\Windows\System\QdaNFBE.exe
  2⤵
  PID:7752
- C:\Windows\System\wrGnLjO.exe
  C:\Windows\System\wrGnLjO.exe
  2⤵
  PID:7772
- C:\Windows\System\RNolUUj.exe
  C:\Windows\System\RNolUUj.exe
  2⤵
  PID:7792
- C:\Windows\System\OMbJaLe.exe
  C:\Windows\System\OMbJaLe.exe
  2⤵
  PID:7812
- C:\Windows\System\KpfgcUk.exe
  C:\Windows\System\KpfgcUk.exe
  2⤵
  PID:7832
- C:\Windows\System\nFEbwLm.exe
  C:\Windows\System\nFEbwLm.exe
  2⤵
  PID:7852
- C:\Windows\System\EvCdBML.exe
  C:\Windows\System\EvCdBML.exe
  2⤵
  PID:7872
- C:\Windows\System\syOCoNz.exe
  C:\Windows\System\syOCoNz.exe
  2⤵
  PID:7892
- C:\Windows\System\HkFEZHm.exe
  C:\Windows\System\HkFEZHm.exe
  2⤵
  PID:7912
- C:\Windows\System\kgnqWTQ.exe
  C:\Windows\System\kgnqWTQ.exe
  2⤵
  PID:7936
- C:\Windows\System\kzjwJOk.exe
  C:\Windows\System\kzjwJOk.exe
  2⤵
  PID:7956
- C:\Windows\System\aSbeeEZ.exe
  C:\Windows\System\aSbeeEZ.exe
  2⤵
  PID:7976
- C:\Windows\System\xzRFxsR.exe
  C:\Windows\System\xzRFxsR.exe
  2⤵
  PID:7992
- C:\Windows\System\HpDtdla.exe
  C:\Windows\System\HpDtdla.exe
  2⤵
  PID:8012
- C:\Windows\System\hzSWPCc.exe
  C:\Windows\System\hzSWPCc.exe
  2⤵
  PID:8036
- C:\Windows\System\yuFiqPu.exe
  C:\Windows\System\yuFiqPu.exe
  2⤵
  PID:8056
- C:\Windows\System\KgZVfRk.exe
  C:\Windows\System\KgZVfRk.exe
  2⤵
  PID:8080
- C:\Windows\System\nOStZnq.exe
  C:\Windows\System\nOStZnq.exe
  2⤵
  PID:8100
- C:\Windows\System\VmpOwOH.exe
  C:\Windows\System\VmpOwOH.exe
  2⤵
  PID:8120
- C:\Windows\System\pjzFZgv.exe
  C:\Windows\System\pjzFZgv.exe
  2⤵
  PID:8140
- C:\Windows\System\FjFXFdF.exe
  C:\Windows\System\FjFXFdF.exe
  2⤵
  PID:8156
- C:\Windows\System\andsqFW.exe
  C:\Windows\System\andsqFW.exe
  2⤵
  PID:8176
- C:\Windows\System\NFUAcvx.exe
  C:\Windows\System\NFUAcvx.exe
  2⤵
  PID:6964
- C:\Windows\System\PgiNsHC.exe
  C:\Windows\System\PgiNsHC.exe
  2⤵
  PID:7004
- C:\Windows\System\ZqRPrBF.exe
  C:\Windows\System\ZqRPrBF.exe
  2⤵
  PID:6936
- C:\Windows\System\GvCtPlK.exe
  C:\Windows\System\GvCtPlK.exe
  2⤵
  PID:7104
- C:\Windows\System\fSrvyPo.exe
  C:\Windows\System\fSrvyPo.exe
  2⤵
  PID:4040
- C:\Windows\System\BgdHjry.exe
  C:\Windows\System\BgdHjry.exe
  2⤵
  PID:2868
- C:\Windows\System\hEcSCsc.exe
  C:\Windows\System\hEcSCsc.exe
  2⤵
  PID:5212
- C:\Windows\System\QSFFxBS.exe
  C:\Windows\System\QSFFxBS.exe
  2⤵
  PID:5784
- C:\Windows\System\oVQinpA.exe
  C:\Windows\System\oVQinpA.exe
  2⤵
  PID:6652
- C:\Windows\System\rRrjcuy.exe
  C:\Windows\System\rRrjcuy.exe
  2⤵
  PID:5864
- C:\Windows\System\QCjMREd.exe
  C:\Windows\System\QCjMREd.exe
  2⤵
  PID:7172
- C:\Windows\System\lAbirfG.exe
  C:\Windows\System\lAbirfG.exe
  2⤵
  PID:6532
- C:\Windows\System\BoTtrVD.exe
  C:\Windows\System\BoTtrVD.exe
  2⤵
  PID:7252
- C:\Windows\System\ZnnLeos.exe
  C:\Windows\System\ZnnLeos.exe
  2⤵
  PID:6596
- C:\Windows\System\BsIwXwa.exe
  C:\Windows\System\BsIwXwa.exe
  2⤵
  PID:7300
- C:\Windows\System\TbdJXgJ.exe
  C:\Windows\System\TbdJXgJ.exe
  2⤵
  PID:7228
- C:\Windows\System\uNpgdPr.exe
  C:\Windows\System\uNpgdPr.exe
  2⤵
  PID:7280
- C:\Windows\System\zDEfavv.exe
  C:\Windows\System\zDEfavv.exe
  2⤵
  PID:7376
- C:\Windows\System\AsnfBwg.exe
  C:\Windows\System\AsnfBwg.exe
  2⤵
  PID:2996
- C:\Windows\System\EyEXYUk.exe
  C:\Windows\System\EyEXYUk.exe
  2⤵
  PID:7360
- C:\Windows\System\UWuPRqR.exe
  C:\Windows\System\UWuPRqR.exe
  2⤵
  PID:7396
- C:\Windows\System\PCZEPGM.exe
  C:\Windows\System\PCZEPGM.exe
  2⤵
  PID:7432
- C:\Windows\System\hvDKRfe.exe
  C:\Windows\System\hvDKRfe.exe
  2⤵
  PID:7520
- C:\Windows\System\jTilZVQ.exe
  C:\Windows\System\jTilZVQ.exe
  2⤵
  PID:7528
- C:\Windows\System\DpMvuKz.exe
  C:\Windows\System\DpMvuKz.exe
  2⤵
  PID:7580
- C:\Windows\System\rUvOPVE.exe
  C:\Windows\System\rUvOPVE.exe
  2⤵
  PID:7560
- C:\Windows\System\kidYbFq.exe
  C:\Windows\System\kidYbFq.exe
  2⤵
  PID:7628
- C:\Windows\System\oDDHKbO.exe
  C:\Windows\System\oDDHKbO.exe
  2⤵
  PID:7648
- C:\Windows\System\SyTNhNo.exe
  C:\Windows\System\SyTNhNo.exe
  2⤵
  PID:7708
- C:\Windows\System\QtLitMa.exe
  C:\Windows\System\QtLitMa.exe
  2⤵
  PID:7728
- C:\Windows\System\EhscSVU.exe
  C:\Windows\System\EhscSVU.exe
  2⤵
  PID:7784
- C:\Windows\System\gJdncLP.exe
  C:\Windows\System\gJdncLP.exe
  2⤵
  PID:7828
- C:\Windows\System\TiEjhLp.exe
  C:\Windows\System\TiEjhLp.exe
  2⤵
  PID:7804
- C:\Windows\System\KZiFvOI.exe
  C:\Windows\System\KZiFvOI.exe
  2⤵
  PID:7844
- C:\Windows\System\BVbUTlV.exe
  C:\Windows\System\BVbUTlV.exe
  2⤵
  PID:7888
- C:\Windows\System\SuLHeXZ.exe
  C:\Windows\System\SuLHeXZ.exe
  2⤵
  PID:7948
- C:\Windows\System\vAorPOv.exe
  C:\Windows\System\vAorPOv.exe
  2⤵
  PID:7964
- C:\Windows\System\BfEMbpu.exe
  C:\Windows\System\BfEMbpu.exe
  2⤵
  PID:8028
- C:\Windows\System\UYfRTXx.exe
  C:\Windows\System\UYfRTXx.exe
  2⤵
  PID:8000
- C:\Windows\System\DEZKkmw.exe
  C:\Windows\System\DEZKkmw.exe
  2⤵
  PID:8048
- C:\Windows\System\wfnmOpY.exe
  C:\Windows\System\wfnmOpY.exe
  2⤵
  PID:8096
- C:\Windows\System\ZKYceUC.exe
  C:\Windows\System\ZKYceUC.exe
  2⤵
  PID:8148
- C:\Windows\System\NGrtelH.exe
  C:\Windows\System\NGrtelH.exe
  2⤵
  PID:6732
- C:\Windows\System\FTHHJGD.exe
  C:\Windows\System\FTHHJGD.exe
  2⤵
  PID:7156
- C:\Windows\System\aNHaJit.exe
  C:\Windows\System\aNHaJit.exe
  2⤵
  PID:7044
- C:\Windows\System\oQLnHoD.exe
  C:\Windows\System\oQLnHoD.exe
  2⤵
  PID:7140
- C:\Windows\System\KOrTCYs.exe
  C:\Windows\System\KOrTCYs.exe
  2⤵
  PID:4980
- C:\Windows\System\ZEAJjlI.exe
  C:\Windows\System\ZEAJjlI.exe
  2⤵
  PID:5648
- C:\Windows\System\DhsGyWS.exe
  C:\Windows\System\DhsGyWS.exe
  2⤵
  PID:6192
- C:\Windows\System\CinOspi.exe
  C:\Windows\System\CinOspi.exe
  2⤵
  PID:7180
- C:\Windows\System\PKhkbVA.exe
  C:\Windows\System\PKhkbVA.exe
  2⤵
  PID:7292
- C:\Windows\System\ThQlznl.exe
  C:\Windows\System\ThQlznl.exe
  2⤵
  PID:6756
- C:\Windows\System\gSRTXvx.exe
  C:\Windows\System\gSRTXvx.exe
  2⤵
  PID:7240
- C:\Windows\System\ZZbVXMR.exe
  C:\Windows\System\ZZbVXMR.exe
  2⤵
  PID:7372
- C:\Windows\System\UMszbng.exe
  C:\Windows\System\UMszbng.exe
  2⤵
  PID:7392
- C:\Windows\System\EsiTLwx.exe
  C:\Windows\System\EsiTLwx.exe
  2⤵
  PID:7436
- C:\Windows\System\sZXlOhG.exe
  C:\Windows\System\sZXlOhG.exe
  2⤵
  PID:7424
- C:\Windows\System\itTdEHi.exe
  C:\Windows\System\itTdEHi.exe
  2⤵
  PID:7516
- C:\Windows\System\ysVXepU.exe
  C:\Windows\System\ysVXepU.exe
  2⤵
  PID:7608
- C:\Windows\System\mQdxbYJ.exe
  C:\Windows\System\mQdxbYJ.exe
  2⤵
  PID:7688
- C:\Windows\System\djgIPiz.exe
  C:\Windows\System\djgIPiz.exe
  2⤵
  PID:7668
- C:\Windows\System\TvjrNOi.exe
  C:\Windows\System\TvjrNOi.exe
  2⤵
  PID:7780
- C:\Windows\System\ftLaQWG.exe
  C:\Windows\System\ftLaQWG.exe
  2⤵
  PID:7820
- C:\Windows\System\ypyMsKS.exe
  C:\Windows\System\ypyMsKS.exe
  2⤵
  PID:7848
- C:\Windows\System\ZMoqaYt.exe
  C:\Windows\System\ZMoqaYt.exe
  2⤵
  PID:7920
- C:\Windows\System\DzloDrK.exe
  C:\Windows\System\DzloDrK.exe
  2⤵
  PID:2656
- C:\Windows\System\dhuCTPW.exe
  C:\Windows\System\dhuCTPW.exe
  2⤵
  PID:8020
- C:\Windows\System\GxsYgyj.exe
  C:\Windows\System\GxsYgyj.exe
  2⤵
  PID:8052
- C:\Windows\System\dxQelBK.exe
  C:\Windows\System\dxQelBK.exe
  2⤵
  PID:8128
- C:\Windows\System\KsmCftm.exe
  C:\Windows\System\KsmCftm.exe
  2⤵
  PID:2812
- C:\Windows\System\kiOluJh.exe
  C:\Windows\System\kiOluJh.exe
  2⤵
  PID:1340
- C:\Windows\System\JrojZOH.exe
  C:\Windows\System\JrojZOH.exe
  2⤵
  PID:8172
- C:\Windows\System\kwvxapK.exe
  C:\Windows\System\kwvxapK.exe
  2⤵
  PID:744
- C:\Windows\System\aJEubLE.exe
  C:\Windows\System\aJEubLE.exe
  2⤵
  PID:6852
- C:\Windows\System\RTwzwFp.exe
  C:\Windows\System\RTwzwFp.exe
  2⤵
  PID:6688
- C:\Windows\System\AhKaEQv.exe
  C:\Windows\System\AhKaEQv.exe
  2⤵
  PID:7332
- C:\Windows\System\TdkZihP.exe
  C:\Windows\System\TdkZihP.exe
  2⤵
  PID:6036
- C:\Windows\System\GgCOLML.exe
  C:\Windows\System\GgCOLML.exe
  2⤵
  PID:7492
- C:\Windows\System\EATdpEL.exe
  C:\Windows\System\EATdpEL.exe
  2⤵
  PID:7428
- C:\Windows\System\lFFUKan.exe
  C:\Windows\System\lFFUKan.exe
  2⤵
  PID:7388
- C:\Windows\System\GZFxpBO.exe
  C:\Windows\System\GZFxpBO.exe
  2⤵
  PID:7600
- C:\Windows\System\yomXYRZ.exe
  C:\Windows\System\yomXYRZ.exe
  2⤵
  PID:7564
- C:\Windows\System\FUXTuZy.exe
  C:\Windows\System\FUXTuZy.exe
  2⤵
  PID:7720
- C:\Windows\System\DrmkOQf.exe
  C:\Windows\System\DrmkOQf.exe
  2⤵
  PID:7908
- C:\Windows\System\zcnsmSD.exe
  C:\Windows\System\zcnsmSD.exe
  2⤵
  PID:7864
- C:\Windows\System\ToydRHJ.exe
  C:\Windows\System\ToydRHJ.exe
  2⤵
  PID:2628
- C:\Windows\System\hMrPhcP.exe
  C:\Windows\System\hMrPhcP.exe
  2⤵
  PID:8108
- C:\Windows\System\xXWmBye.exe
  C:\Windows\System\xXWmBye.exe
  2⤵
  PID:6912
- C:\Windows\System\XrFEnCL.exe
  C:\Windows\System\XrFEnCL.exe
  2⤵
  PID:6880
- C:\Windows\System\qCljNtR.exe
  C:\Windows\System\qCljNtR.exe
  2⤵
  PID:8200
- C:\Windows\System\BhlGPWA.exe
  C:\Windows\System\BhlGPWA.exe
  2⤵
  PID:8220
- C:\Windows\System\FqYcnaz.exe
  C:\Windows\System\FqYcnaz.exe
  2⤵
  PID:8240
- C:\Windows\System\nxcObbP.exe
  C:\Windows\System\nxcObbP.exe
  2⤵
  PID:8260
- C:\Windows\System\QvisIFR.exe
  C:\Windows\System\QvisIFR.exe
  2⤵
  PID:8280
- C:\Windows\System\uuSpZRq.exe
  C:\Windows\System\uuSpZRq.exe
  2⤵
  PID:8300
- C:\Windows\System\KBiUxUQ.exe
  C:\Windows\System\KBiUxUQ.exe
  2⤵
  PID:8320
- C:\Windows\System\FUeNaqF.exe
  C:\Windows\System\FUeNaqF.exe
  2⤵
  PID:8340
- C:\Windows\System\WJerEBC.exe
  C:\Windows\System\WJerEBC.exe
  2⤵
  PID:8360
- C:\Windows\System\GJeLemC.exe
  C:\Windows\System\GJeLemC.exe
  2⤵
  PID:8380
- C:\Windows\System\rUaEMRY.exe
  C:\Windows\System\rUaEMRY.exe
  2⤵
  PID:8440
- C:\Windows\System\UWhEKsN.exe
  C:\Windows\System\UWhEKsN.exe
  2⤵
  PID:8460
- C:\Windows\System\GaKtgMi.exe
  C:\Windows\System\GaKtgMi.exe
  2⤵
  PID:8476
- C:\Windows\System\EiTCJak.exe
  C:\Windows\System\EiTCJak.exe
  2⤵
  PID:8496
- C:\Windows\System\xeJEPEA.exe
  C:\Windows\System\xeJEPEA.exe
  2⤵
  PID:8516
- C:\Windows\System\VCGXOWf.exe
  C:\Windows\System\VCGXOWf.exe
  2⤵
  PID:8544
- C:\Windows\System\GZBhdcU.exe
  C:\Windows\System\GZBhdcU.exe
  2⤵
  PID:8560
- C:\Windows\System\XDkvqXM.exe
  C:\Windows\System\XDkvqXM.exe
  2⤵
  PID:8576
- C:\Windows\System\CftbgCk.exe
  C:\Windows\System\CftbgCk.exe
  2⤵
  PID:8596
- C:\Windows\System\IPxKiHd.exe
  C:\Windows\System\IPxKiHd.exe
  2⤵
  PID:8624
- C:\Windows\System\GkkqrPa.exe
  C:\Windows\System\GkkqrPa.exe
  2⤵
  PID:8644
- C:\Windows\System\YZxpccy.exe
  C:\Windows\System\YZxpccy.exe
  2⤵
  PID:8668
- C:\Windows\System\yMUulXO.exe
  C:\Windows\System\yMUulXO.exe
  2⤵
  PID:8684
- C:\Windows\System\FfiTpTJ.exe
  C:\Windows\System\FfiTpTJ.exe
  2⤵
  PID:8704
- C:\Windows\System\WgrhvFT.exe
  C:\Windows\System\WgrhvFT.exe
  2⤵
  PID:8724
- C:\Windows\System\LwvgyIJ.exe
  C:\Windows\System\LwvgyIJ.exe
  2⤵
  PID:8744
- C:\Windows\System\mKiouwG.exe
  C:\Windows\System\mKiouwG.exe
  2⤵
  PID:8760
- C:\Windows\System\BzOVwsv.exe
  C:\Windows\System\BzOVwsv.exe
  2⤵
  PID:8780
- C:\Windows\System\xksYGqz.exe
  C:\Windows\System\xksYGqz.exe
  2⤵
  PID:8796
- C:\Windows\System\dCZDJek.exe
  C:\Windows\System\dCZDJek.exe
  2⤵
  PID:8816
- C:\Windows\System\vVQjGbB.exe
  C:\Windows\System\vVQjGbB.exe
  2⤵
  PID:8832
- C:\Windows\System\YvBoAmA.exe
  C:\Windows\System\YvBoAmA.exe
  2⤵
  PID:8848
- C:\Windows\System\EGhbWLQ.exe
  C:\Windows\System\EGhbWLQ.exe
  2⤵
  PID:8864
- C:\Windows\System\vDNHzKT.exe
  C:\Windows\System\vDNHzKT.exe
  2⤵
  PID:8880
- C:\Windows\System\xpNvDWy.exe
  C:\Windows\System\xpNvDWy.exe
  2⤵
  PID:8896
- C:\Windows\System\HTSIXZV.exe
  C:\Windows\System\HTSIXZV.exe
  2⤵
  PID:8920
- C:\Windows\System\yPdVrOQ.exe
  C:\Windows\System\yPdVrOQ.exe
  2⤵
  PID:8936
- C:\Windows\System\oQRwfKt.exe
  C:\Windows\System\oQRwfKt.exe
  2⤵
  PID:8956
- C:\Windows\System\DPKiZbk.exe
  C:\Windows\System\DPKiZbk.exe
  2⤵
  PID:8976
- C:\Windows\System\CEVtRvR.exe
  C:\Windows\System\CEVtRvR.exe
  2⤵
  PID:8992
- C:\Windows\System\FYaqTzH.exe
  C:\Windows\System\FYaqTzH.exe
  2⤵
  PID:9008
- C:\Windows\System\hSYdRvC.exe
  C:\Windows\System\hSYdRvC.exe
  2⤵
  PID:9028
- C:\Windows\System\XDgTqdD.exe
  C:\Windows\System\XDgTqdD.exe
  2⤵
  PID:9048
- C:\Windows\System\FaYYHOx.exe
  C:\Windows\System\FaYYHOx.exe
  2⤵
  PID:9080
- C:\Windows\System\XrdhuBg.exe
  C:\Windows\System\XrdhuBg.exe
  2⤵
  PID:9100
- C:\Windows\System\dloqnqj.exe
  C:\Windows\System\dloqnqj.exe
  2⤵
  PID:9116
- C:\Windows\System\ftxNejm.exe
  C:\Windows\System\ftxNejm.exe
  2⤵
  PID:6428
- C:\Windows\System\tPSAYzT.exe
  C:\Windows\System\tPSAYzT.exe
  2⤵
  PID:6712
- C:\Windows\System\KepQaYz.exe
  C:\Windows\System\KepQaYz.exe
  2⤵
  PID:7476
- C:\Windows\System\rAmbxwg.exe
  C:\Windows\System\rAmbxwg.exe
  2⤵
  PID:7544
- C:\Windows\System\vbjjKfb.exe
  C:\Windows\System\vbjjKfb.exe
  2⤵
  PID:7768
- C:\Windows\System\enfAOoJ.exe
  C:\Windows\System\enfAOoJ.exe
  2⤵
  PID:8076
- C:\Windows\System\iehJhCm.exe
  C:\Windows\System\iehJhCm.exe
  2⤵
  PID:868
- C:\Windows\System\ySBIXDF.exe
  C:\Windows\System\ySBIXDF.exe
  2⤵
  PID:7136
- C:\Windows\System\hkYetYO.exe
  C:\Windows\System\hkYetYO.exe
  2⤵
  PID:7744
- C:\Windows\System\XAOjvkJ.exe
  C:\Windows\System\XAOjvkJ.exe
  2⤵
  PID:7944
- C:\Windows\System\bKwlRbs.exe
  C:\Windows\System\bKwlRbs.exe
  2⤵
  PID:6980
- C:\Windows\System\jIPzkTy.exe
  C:\Windows\System\jIPzkTy.exe
  2⤵
  PID:8288
- C:\Windows\System\XLplaCF.exe
  C:\Windows\System\XLplaCF.exe
  2⤵
  PID:8336
- C:\Windows\System\LAgPsLp.exe
  C:\Windows\System\LAgPsLp.exe
  2⤵
  PID:6512
- C:\Windows\System\QLvXROJ.exe
  C:\Windows\System\QLvXROJ.exe
  2⤵
  PID:8276
- C:\Windows\System\jvbvmEW.exe
  C:\Windows\System\jvbvmEW.exe
  2⤵
  PID:7924
- C:\Windows\System\GZSKavl.exe
  C:\Windows\System\GZSKavl.exe
  2⤵
  PID:8372
- C:\Windows\System\nEwBFsV.exe
  C:\Windows\System\nEwBFsV.exe
  2⤵
  PID:3648
- C:\Windows\System\faqnbUz.exe
  C:\Windows\System\faqnbUz.exe
  2⤵
  PID:3164
- C:\Windows\System\tNaHmgV.exe
  C:\Windows\System\tNaHmgV.exe
  2⤵
  PID:8448
- C:\Windows\System\Smjeuvw.exe
  C:\Windows\System\Smjeuvw.exe
  2⤵
  PID:8396
- C:\Windows\System\ydvxQAA.exe
  C:\Windows\System\ydvxQAA.exe
  2⤵
  PID:8504
- C:\Windows\System\kQKuyfS.exe
  C:\Windows\System\kQKuyfS.exe
  2⤵
  PID:8512
- C:\Windows\System\aUnzQRG.exe
  C:\Windows\System\aUnzQRG.exe
  2⤵
  PID:8552
- C:\Windows\System\LLhELkj.exe
  C:\Windows\System\LLhELkj.exe
  2⤵
  PID:8612
- C:\Windows\System\AhiYsAE.exe
  C:\Windows\System\AhiYsAE.exe
  2⤵
  PID:8656
- C:\Windows\System\NPhUyut.exe
  C:\Windows\System\NPhUyut.exe
  2⤵
  PID:8700
- C:\Windows\System\IlDDjVS.exe
  C:\Windows\System\IlDDjVS.exe
  2⤵
  PID:8632
- C:\Windows\System\fyaGPZp.exe
  C:\Windows\System\fyaGPZp.exe
  2⤵
  PID:8680
- C:\Windows\System\zWwrFZV.exe
  C:\Windows\System\zWwrFZV.exe
  2⤵
  PID:8772
- C:\Windows\System\nVNTkEG.exe
  C:\Windows\System\nVNTkEG.exe
  2⤵
  PID:8720
- C:\Windows\System\mGWfLAt.exe
  C:\Windows\System\mGWfLAt.exe
  2⤵
  PID:8808
- C:\Windows\System\dFdJyvN.exe
  C:\Windows\System\dFdJyvN.exe
  2⤵
  PID:8952
- C:\Windows\System\mUiNwBu.exe
  C:\Windows\System\mUiNwBu.exe
  2⤵
  PID:8928
- C:\Windows\System\VVckhtD.exe
  C:\Windows\System\VVckhtD.exe
  2⤵
  PID:8984
- C:\Windows\System\NnrIIbl.exe
  C:\Windows\System\NnrIIbl.exe
  2⤵
  PID:9024
- C:\Windows\System\bWAUWzk.exe
  C:\Windows\System\bWAUWzk.exe
  2⤵
  PID:2892
- C:\Windows\System\tCeggsl.exe
  C:\Windows\System\tCeggsl.exe
  2⤵
  PID:9072
- C:\Windows\System\hrSOhoM.exe
  C:\Windows\System\hrSOhoM.exe
  2⤵
  PID:9124
- C:\Windows\System\xajBabw.exe
  C:\Windows\System\xajBabw.exe
  2⤵
  PID:9140
- C:\Windows\System\lrelcJm.exe
  C:\Windows\System\lrelcJm.exe
  2⤵
  PID:9156
- C:\Windows\System\cYStCUu.exe
  C:\Windows\System\cYStCUu.exe
  2⤵
  PID:8916
- C:\Windows\System\tzWHPwp.exe
  C:\Windows\System\tzWHPwp.exe
  2⤵
  PID:1252
- C:\Windows\System\bKqFrhS.exe
  C:\Windows\System\bKqFrhS.exe
  2⤵
  PID:2768
- C:\Windows\System\xyuQPrh.exe
  C:\Windows\System\xyuQPrh.exe
  2⤵
  PID:2644
- C:\Windows\System\RtqyCYN.exe
  C:\Windows\System\RtqyCYN.exe
  2⤵
  PID:1424
- C:\Windows\System\aOTgXil.exe
  C:\Windows\System\aOTgXil.exe
  2⤵
  PID:1592
- C:\Windows\System\cNiynEN.exe
  C:\Windows\System\cNiynEN.exe
  2⤵
  PID:2224
- C:\Windows\System\YPFqdxn.exe
  C:\Windows\System\YPFqdxn.exe
  2⤵
  PID:2848
- C:\Windows\System\IkJcPgc.exe
  C:\Windows\System\IkJcPgc.exe
  2⤵
  PID:1628
- C:\Windows\System\ARSQRae.exe
  C:\Windows\System\ARSQRae.exe
  2⤵
  PID:1848
- C:\Windows\System\oinHzFS.exe
  C:\Windows\System\oinHzFS.exe
  2⤵
  PID:2888
- C:\Windows\System\MmzJxOT.exe
  C:\Windows\System\MmzJxOT.exe
  2⤵
  PID:6792
- C:\Windows\System\wfnWKsA.exe
  C:\Windows\System\wfnWKsA.exe
  2⤵
  PID:7988
- C:\Windows\System\MWUnMDp.exe
  C:\Windows\System\MWUnMDp.exe
  2⤵
  PID:7740
- C:\Windows\System\zxxUOiJ.exe
  C:\Windows\System\zxxUOiJ.exe
  2⤵
  PID:8248
- C:\Windows\System\eEFfzET.exe
  C:\Windows\System\eEFfzET.exe
  2⤵
  PID:8308
- C:\Windows\System\rPHIDPT.exe
  C:\Windows\System\rPHIDPT.exe
  2⤵
  PID:8400
- C:\Windows\System\BizmSKN.exe
  C:\Windows\System\BizmSKN.exe
  2⤵
  PID:4020
- C:\Windows\System\RoXVxEZ.exe
  C:\Windows\System\RoXVxEZ.exe
  2⤵
  PID:7344
- C:\Windows\System\LkZzDRe.exe
  C:\Windows\System\LkZzDRe.exe
  2⤵
  PID:3960
- C:\Windows\System\XBPUCPx.exe
  C:\Windows\System\XBPUCPx.exe
  2⤵
  PID:8536
- C:\Windows\System\YSEBWGt.exe
  C:\Windows\System\YSEBWGt.exe
  2⤵
  PID:8652
- C:\Windows\System\nuNlfae.exe
  C:\Windows\System\nuNlfae.exe
  2⤵
  PID:7540
- C:\Windows\System\kVKFeri.exe
  C:\Windows\System\kVKFeri.exe
  2⤵
  PID:1316
- C:\Windows\System\KVysvTL.exe
  C:\Windows\System\KVysvTL.exe
  2⤵
  PID:8292
- C:\Windows\System\sVEgtAb.exe
  C:\Windows\System\sVEgtAb.exe
  2⤵
  PID:8348
- C:\Windows\System\BMljMcS.exe
  C:\Windows\System\BMljMcS.exe
  2⤵
  PID:8660
- C:\Windows\System\yMZgXDe.exe
  C:\Windows\System\yMZgXDe.exe
  2⤵
  PID:8604
- C:\Windows\System\okSxZvs.exe
  C:\Windows\System\okSxZvs.exe
  2⤵
  PID:8792
- C:\Windows\System\eDWRuCg.exe
  C:\Windows\System\eDWRuCg.exe
  2⤵
  PID:8840
- C:\Windows\System\lRihFOI.exe
  C:\Windows\System\lRihFOI.exe
  2⤵
  PID:8876
- C:\Windows\System\aNmusCy.exe
  C:\Windows\System\aNmusCy.exe
  2⤵
  PID:8856
- C:\Windows\System\YPlhjta.exe
  C:\Windows\System\YPlhjta.exe
  2⤵
  PID:8888
- C:\Windows\System\jywibZY.exe
  C:\Windows\System\jywibZY.exe
  2⤵
  PID:8964
- C:\Windows\System\xfNcRDG.exe
  C:\Windows\System\xfNcRDG.exe
  2⤵
  PID:9016
- C:\Windows\System\KvtXwiq.exe
  C:\Windows\System\KvtXwiq.exe
  2⤵
  PID:8948
- C:\Windows\System\WBMBmLE.exe
  C:\Windows\System\WBMBmLE.exe
  2⤵
  PID:9088
- C:\Windows\System\wxOhneI.exe
  C:\Windows\System\wxOhneI.exe
  2⤵
  PID:1588
- C:\Windows\System\gENhmUJ.exe
  C:\Windows\System\gENhmUJ.exe
  2⤵
  PID:2800
- C:\Windows\System\UwtpTvN.exe
  C:\Windows\System\UwtpTvN.exe
  2⤵
  PID:2676
- C:\Windows\System\LecwWTz.exe
  C:\Windows\System\LecwWTz.exe
  2⤵
  PID:2064
- C:\Windows\System\urqtOPu.exe
  C:\Windows\System\urqtOPu.exe
  2⤵
  PID:9180
- C:\Windows\System\ugcOuot.exe
  C:\Windows\System\ugcOuot.exe
  2⤵
  PID:2912
- C:\Windows\System\PgDwIyp.exe
  C:\Windows\System\PgDwIyp.exe
  2⤵
  PID:8216
- C:\Windows\System\fqqPilV.exe
  C:\Windows\System\fqqPilV.exe
  2⤵
  PID:980
- C:\Windows\System\RhvdRnX.exe
  C:\Windows\System\RhvdRnX.exe
  2⤵
  PID:8528
- C:\Windows\System\oozFjpu.exe
  C:\Windows\System\oozFjpu.exe
  2⤵
  PID:1556
- C:\Windows\System\BCECxRO.exe
  C:\Windows\System\BCECxRO.exe
  2⤵
  PID:2940
- C:\Windows\System\XGOopLC.exe
  C:\Windows\System\XGOopLC.exe
  2⤵
  PID:8732
- C:\Windows\System\yugkwgy.exe
  C:\Windows\System\yugkwgy.exe
  2⤵
  PID:8908
- C:\Windows\System\TERHKRE.exe
  C:\Windows\System\TERHKRE.exe
  2⤵
  PID:2140
- C:\Windows\System\zHggVem.exe
  C:\Windows\System\zHggVem.exe
  2⤵
  PID:664
- C:\Windows\System\kMPUDOp.exe
  C:\Windows\System\kMPUDOp.exe
  2⤵
  PID:2264
- C:\Windows\System\AUxJZGp.exe
  C:\Windows\System\AUxJZGp.exe
  2⤵
  PID:2316
- C:\Windows\System\GgICWGS.exe
  C:\Windows\System\GgICWGS.exe
  2⤵
  PID:7236
- C:\Windows\System\DtXYMZv.exe
  C:\Windows\System\DtXYMZv.exe
  2⤵
  PID:1300
- C:\Windows\System\TyfDQSP.exe
  C:\Windows\System\TyfDQSP.exe
  2⤵
  PID:616
- C:\Windows\System\LDjlYtQ.exe
  C:\Windows\System\LDjlYtQ.exe
  2⤵
  PID:820
- C:\Windows\System\nfurcgl.exe
  C:\Windows\System\nfurcgl.exe
  2⤵
  PID:8268
- C:\Windows\System\JYAmBbn.exe
  C:\Windows\System\JYAmBbn.exe
  2⤵
  PID:8532
- C:\Windows\System\cfTAZNX.exe
  C:\Windows\System\cfTAZNX.exe
  2⤵
  PID:8136
- C:\Windows\System\vGmipOy.exe
  C:\Windows\System\vGmipOy.exe
  2⤵
  PID:8768
- C:\Windows\System\HUsgkVM.exe
  C:\Windows\System\HUsgkVM.exe
  2⤵
  PID:8824
- C:\Windows\System\mWsLnSb.exe
  C:\Windows\System\mWsLnSb.exe
  2⤵
  PID:9172
- C:\Windows\System\HJrgBwH.exe
  C:\Windows\System\HJrgBwH.exe
  2⤵
  PID:9148
- C:\Windows\System\JkEHOMA.exe
  C:\Windows\System\JkEHOMA.exe
  2⤵
  PID:2944
- C:\Windows\System\DHWOrUR.exe
  C:\Windows\System\DHWOrUR.exe
  2⤵
  PID:8912
- C:\Windows\System\dSrsCkc.exe
  C:\Windows\System\dSrsCkc.exe
  2⤵
  PID:2564
- C:\Windows\System\vBaBQgh.exe
  C:\Windows\System\vBaBQgh.exe
  2⤵
  PID:9164
- C:\Windows\System\KbKRCfe.exe
  C:\Windows\System\KbKRCfe.exe
  2⤵
  PID:2948
- C:\Windows\System\OSaYGyj.exe
  C:\Windows\System\OSaYGyj.exe
  2⤵
  PID:8184
- C:\Windows\System\wvpYPfq.exe
  C:\Windows\System\wvpYPfq.exe
  2⤵
  PID:340
- C:\Windows\System\kdxwFkH.exe
  C:\Windows\System\kdxwFkH.exe
  2⤵
  PID:8740
- C:\Windows\System\uptoXJm.exe
  C:\Windows\System\uptoXJm.exe
  2⤵
  PID:8752
- C:\Windows\System\lJuPEmX.exe
  C:\Windows\System\lJuPEmX.exe
  2⤵
  PID:7356
- C:\Windows\System\HXFUWIW.exe
  C:\Windows\System\HXFUWIW.exe
  2⤵
  PID:1492
- C:\Windows\System\aeDUyyn.exe
  C:\Windows\System\aeDUyyn.exe
  2⤵
  PID:8608
- C:\Windows\System\qxLrCJR.exe
  C:\Windows\System\qxLrCJR.exe
  2⤵
  PID:880
- C:\Windows\System\kgtvOSN.exe
  C:\Windows\System\kgtvOSN.exe
  2⤵
  PID:8368
- C:\Windows\System\USDuCYv.exe
  C:\Windows\System\USDuCYv.exe
  2⤵
  PID:6188
- C:\Windows\System\sSqQzpp.exe
  C:\Windows\System\sSqQzpp.exe
  2⤵
  PID:8812
- C:\Windows\System\rPzJSeg.exe
  C:\Windows\System\rPzJSeg.exe
  2⤵
  PID:8872
- C:\Windows\System\BpktzjX.exe
  C:\Windows\System\BpktzjX.exe
  2⤵
  PID:2736
- C:\Windows\System\QZDYurY.exe
  C:\Windows\System\QZDYurY.exe
  2⤵
  PID:2472
- C:\Windows\System\rqtPZIu.exe
  C:\Windows\System\rqtPZIu.exe
  2⤵
  PID:1984
- C:\Windows\System\mtxepsK.exe
  C:\Windows\System\mtxepsK.exe
  2⤵
  PID:9232
- C:\Windows\System\wVskUFq.exe
  C:\Windows\System\wVskUFq.exe
  2⤵
  PID:9276
- C:\Windows\System\jOyLfXr.exe
  C:\Windows\System\jOyLfXr.exe
  2⤵
  PID:9292
- C:\Windows\System\rzgpcZO.exe
  C:\Windows\System\rzgpcZO.exe
  2⤵
  PID:9316
- C:\Windows\System\pODfRcQ.exe
  C:\Windows\System\pODfRcQ.exe
  2⤵
  PID:9340
- C:\Windows\System\bkGcRSo.exe
  C:\Windows\System\bkGcRSo.exe
  2⤵
  PID:9400
- C:\Windows\System\WcLOOtt.exe
  C:\Windows\System\WcLOOtt.exe
  2⤵
  PID:9416
- C:\Windows\System\AOQNdts.exe
  C:\Windows\System\AOQNdts.exe
  2⤵
  PID:9432
- C:\Windows\System\zcoFuzy.exe
  C:\Windows\System\zcoFuzy.exe
  2⤵
  PID:9452
- C:\Windows\System\KubigQA.exe
  C:\Windows\System\KubigQA.exe
  2⤵
  PID:9468
- C:\Windows\System\qXjSrjX.exe
  C:\Windows\System\qXjSrjX.exe
  2⤵
  PID:9500
- C:\Windows\System\dmwtxzO.exe
  C:\Windows\System\dmwtxzO.exe
  2⤵
  PID:9516
- C:\Windows\System\pAAaNKe.exe
  C:\Windows\System\pAAaNKe.exe
  2⤵
  PID:9536
- C:\Windows\System\UCrWHAJ.exe
  C:\Windows\System\UCrWHAJ.exe
  2⤵
  PID:9552
- C:\Windows\System\OLmutMq.exe
  C:\Windows\System\OLmutMq.exe
  2⤵
  PID:9572
- C:\Windows\System\XkHFwLp.exe
  C:\Windows\System\XkHFwLp.exe
  2⤵
  PID:9592
- C:\Windows\System\ASGIrMK.exe
  C:\Windows\System\ASGIrMK.exe
  2⤵
  PID:9608
- C:\Windows\System\miGyzMi.exe
  C:\Windows\System\miGyzMi.exe
  2⤵
  PID:9624
- C:\Windows\System\IZKCrCm.exe
  C:\Windows\System\IZKCrCm.exe
  2⤵
  PID:9640
- C:\Windows\System\QiEuxwA.exe
  C:\Windows\System\QiEuxwA.exe
  2⤵
  PID:9656
- C:\Windows\System\TWepIeH.exe
  C:\Windows\System\TWepIeH.exe
  2⤵
  PID:9672
- C:\Windows\System\DDEwFVc.exe
  C:\Windows\System\DDEwFVc.exe
  2⤵
  PID:9688
- C:\Windows\System\xrQnXDk.exe
  C:\Windows\System\xrQnXDk.exe
  2⤵
  PID:9704
- C:\Windows\System\XCzUzdT.exe
  C:\Windows\System\XCzUzdT.exe
  2⤵
  PID:9724
- C:\Windows\System\VyVEnxf.exe
  C:\Windows\System\VyVEnxf.exe
  2⤵
  PID:9744
- C:\Windows\System\IFqlfcH.exe
  C:\Windows\System\IFqlfcH.exe
  2⤵
  PID:9760
- C:\Windows\System\SPCDMhn.exe
  C:\Windows\System\SPCDMhn.exe
  2⤵
  PID:9784
- C:\Windows\System\mbQoQoT.exe
  C:\Windows\System\mbQoQoT.exe
  2⤵
  PID:9804
- C:\Windows\System\mbdCJYE.exe
  C:\Windows\System\mbdCJYE.exe
  2⤵
  PID:9828
- C:\Windows\System\RXcIXzC.exe
  C:\Windows\System\RXcIXzC.exe
  2⤵
  PID:9848
- C:\Windows\System\cXqTttO.exe
  C:\Windows\System\cXqTttO.exe
  2⤵
  PID:9868
- C:\Windows\System\kbNguur.exe
  C:\Windows\System\kbNguur.exe
  2⤵
  PID:9884
- C:\Windows\System\tPWoBZb.exe
  C:\Windows\System\tPWoBZb.exe
  2⤵
  PID:9900
- C:\Windows\System\wspPUER.exe
  C:\Windows\System\wspPUER.exe
  2⤵
  PID:9916
- C:\Windows\System\LENGTCP.exe
  C:\Windows\System\LENGTCP.exe
  2⤵
  PID:9940
- C:\Windows\System\sQlOfkU.exe
  C:\Windows\System\sQlOfkU.exe
  2⤵
  PID:9964
- C:\Windows\System\nOheYUO.exe
  C:\Windows\System\nOheYUO.exe
  2⤵
  PID:9984
- C:\Windows\System\xyLOqfQ.exe
  C:\Windows\System\xyLOqfQ.exe
  2⤵
  PID:10044
- C:\Windows\System\qLuIvzt.exe
  C:\Windows\System\qLuIvzt.exe
  2⤵
  PID:10060
- C:\Windows\System\Meazvxd.exe
  C:\Windows\System\Meazvxd.exe
  2⤵
  PID:10076
- C:\Windows\System\iZSjnej.exe
  C:\Windows\System\iZSjnej.exe
  2⤵
  PID:10096
- C:\Windows\System\EEwWDzk.exe
  C:\Windows\System\EEwWDzk.exe
  2⤵
  PID:10112
- C:\Windows\System\JzQrXXA.exe
  C:\Windows\System\JzQrXXA.exe
  2⤵
  PID:10132
- C:\Windows\System\CupnrFz.exe
  C:\Windows\System\CupnrFz.exe
  2⤵
  PID:10148
- C:\Windows\System\wqFyKbs.exe
  C:\Windows\System\wqFyKbs.exe
  2⤵
  PID:10164
- C:\Windows\System\LMgMlwA.exe
  C:\Windows\System\LMgMlwA.exe
  2⤵
  PID:10180
- C:\Windows\System\ZmAtEWt.exe
  C:\Windows\System\ZmAtEWt.exe
  2⤵
  PID:10196
- C:\Windows\System\rLQXyHm.exe
  C:\Windows\System\rLQXyHm.exe
  2⤵
  PID:10216
- C:\Windows\System\StuKfmR.exe
  C:\Windows\System\StuKfmR.exe
  2⤵
  PID:10232
- C:\Windows\System\NlBktbW.exe
  C:\Windows\System\NlBktbW.exe
  2⤵
  PID:9224
- C:\Windows\System\SFcJuFF.exe
  C:\Windows\System\SFcJuFF.exe
  2⤵
  PID:9256
- C:\Windows\System\FOOSFCu.exe
  C:\Windows\System\FOOSFCu.exe
  2⤵
  PID:9244
- C:\Windows\System\SHUVqjL.exe
  C:\Windows\System\SHUVqjL.exe
  2⤵
  PID:9288
- C:\Windows\System\ekylUQI.exe
  C:\Windows\System\ekylUQI.exe
  2⤵
  PID:9332
- C:\Windows\System\zvxTEbN.exe
  C:\Windows\System\zvxTEbN.exe
  2⤵
  PID:9356
- C:\Windows\System\SCuwOBA.exe
  C:\Windows\System\SCuwOBA.exe
  2⤵
  PID:9380
- C:\Windows\System\FMszHmV.exe
  C:\Windows\System\FMszHmV.exe
  2⤵
  PID:9464
- C:\Windows\System\DoDAZln.exe
  C:\Windows\System\DoDAZln.exe
  2⤵
  PID:9584
- C:\Windows\System\zutkEMc.exe
  C:\Windows\System\zutkEMc.exe
  2⤵
  PID:9488
- C:\Windows\System\VUPMhMR.exe
  C:\Windows\System\VUPMhMR.exe
  2⤵
  PID:9716
- C:\Windows\System\rByzSoY.exe
  C:\Windows\System\rByzSoY.exe
  2⤵
  PID:9652
- C:\Windows\System\NmhSDgx.exe
  C:\Windows\System\NmhSDgx.exe
  2⤵
  PID:9836
- C:\Windows\System\EmWlDHm.exe
  C:\Windows\System\EmWlDHm.exe
  2⤵
  PID:9880
- C:\Windows\System\SgCgEts.exe
  C:\Windows\System\SgCgEts.exe
  2⤵
  PID:9952
- C:\Windows\System\nLuPGBF.exe
  C:\Windows\System\nLuPGBF.exe
  2⤵
  PID:10000
- C:\Windows\System\bFPhINk.exe
  C:\Windows\System\bFPhINk.exe
  2⤵
  PID:9532
- C:\Windows\System\UyFgoHV.exe
  C:\Windows\System\UyFgoHV.exe
  2⤵
  PID:9496
- C:\Windows\System\dtHysEd.exe
  C:\Windows\System\dtHysEd.exe
  2⤵
  PID:9528
- C:\Windows\System\gYcdxTu.exe
  C:\Windows\System\gYcdxTu.exe
  2⤵
  PID:9740
- C:\Windows\System\JTPZsag.exe
  C:\Windows\System\JTPZsag.exe
  2⤵
  PID:9564
- C:\Windows\System\lgTwrRm.exe
  C:\Windows\System\lgTwrRm.exe
  2⤵
  PID:9668
- C:\Windows\System\KNVwBLS.exe
  C:\Windows\System\KNVwBLS.exe
  2⤵
  PID:9772
- C:\Windows\System\AdnqXhS.exe
  C:\Windows\System\AdnqXhS.exe
  2⤵
  PID:9976
- C:\Windows\System\OdCpWGd.exe
  C:\Windows\System\OdCpWGd.exe
  2⤵
  PID:10068
- C:\Windows\System\tvPnGfC.exe
  C:\Windows\System\tvPnGfC.exe
  2⤵
  PID:10140
- C:\Windows\System\CMBoKTC.exe
  C:\Windows\System\CMBoKTC.exe
  2⤵
  PID:10204
- C:\Windows\System\krjMneY.exe
  C:\Windows\System\krjMneY.exe
  2⤵
  PID:10052
- C:\Windows\System\GRvEYbM.exe
  C:\Windows\System\GRvEYbM.exe
  2⤵
  PID:10160
- C:\Windows\System\NOJZPTh.exe
  C:\Windows\System\NOJZPTh.exe
  2⤵
  PID:9248
- C:\Windows\System\eQNliaG.exe
  C:\Windows\System\eQNliaG.exe
  2⤵
  PID:9136
- C:\Windows\System\EznjVEL.exe
  C:\Windows\System\EznjVEL.exe
  2⤵
  PID:9328
- C:\Windows\System\rZXiwnr.exe
  C:\Windows\System\rZXiwnr.exe
  2⤵
  PID:9352
- C:\Windows\System\XPHiASg.exe
  C:\Windows\System\XPHiASg.exe
  2⤵
  PID:9368
- C:\Windows\System\ozGeqSs.exe
  C:\Windows\System\ozGeqSs.exe
  2⤵
  PID:9396
- C:\Windows\System\OHscDQU.exe
  C:\Windows\System\OHscDQU.exe
  2⤵
  PID:9412
- C:\Windows\System\YBZsmYD.exe
  C:\Windows\System\YBZsmYD.exe
  2⤵
  PID:9428
- C:\Windows\System\aJDPpdq.exe
  C:\Windows\System\aJDPpdq.exe
  2⤵
  PID:9616
- C:\Windows\System\ozYrpZz.exe
  C:\Windows\System\ozYrpZz.exe
  2⤵
  PID:9648
- C:\Windows\System\qWgBPoi.exe
  C:\Windows\System\qWgBPoi.exe
  2⤵
  PID:9992
- C:\Windows\System\GVgQSbG.exe
  C:\Windows\System\GVgQSbG.exe
  2⤵
  PID:10016
- C:\Windows\System\IGrKOYw.exe
  C:\Windows\System\IGrKOYw.exe
  2⤵
  PID:9636
- C:\Windows\System\pXPVRmD.exe
  C:\Windows\System\pXPVRmD.exe
  2⤵
  PID:9912
- C:\Windows\System\baazrFS.exe
  C:\Windows\System\baazrFS.exe
  2⤵
  PID:9752
- C:\Windows\System\ftItOaX.exe
  C:\Windows\System\ftItOaX.exe
  2⤵
  PID:10004
- C:\Windows\System\BsyuDtN.exe
  C:\Windows\System\BsyuDtN.exe
  2⤵
  PID:9896
- C:\Windows\System\FAyXKTq.exe
  C:\Windows\System\FAyXKTq.exe
  2⤵
  PID:9856
- C:\Windows\System\PhxULmM.exe
  C:\Windows\System\PhxULmM.exe
  2⤵
  PID:9972
- C:\Windows\System\sFafbJZ.exe
  C:\Windows\System\sFafbJZ.exe
  2⤵
  PID:9860
- C:\Windows\System\pwVOigk.exe
  C:\Windows\System\pwVOigk.exe
  2⤵
  PID:9936
- C:\Windows\System\ZqpeTQs.exe
  C:\Windows\System\ZqpeTQs.exe
  2⤵
  PID:10176
- C:\Windows\System\cfDtkwk.exe
  C:\Windows\System\cfDtkwk.exe
  2⤵
  PID:10212
- C:\Windows\System\jiVqbre.exe
  C:\Windows\System\jiVqbre.exe
  2⤵
  PID:7176
- C:\Windows\System\bFsvfSq.exe
  C:\Windows\System\bFsvfSq.exe
  2⤵
  PID:10192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DBuPBsF.exe

Filesize
6.0MB

MD5
f008e64833ac978d9fa6b94ce003452b

SHA1
874be0f161c410015c2383474eb35db81879db73

SHA256
20c7b1fd198c342347568bf7e9a4b7e735c10eea9649165b6f4597e06bbf66db

SHA512
0e50ce4bcae463d83e72fec139ef65a39c352fbfaeb1a4fe18bdf9766bc278d22112a87b7b32689ff658e91a1f6d0671cb3467847ed10985d62361c585ef9e2d

Download Submit
C:\Windows\system\DFtaWug.exe

Filesize
6.0MB

MD5
6c9114b9163b63f32687f0e2e420796e

SHA1
6a27764e36a21d6bf36a19dcfd7c5b98f448b2ae

SHA256
fd2c9a9475f80eacf38b7ba649a0cad3f77534fdcecd78ad379864d0583ca160

SHA512
2c75ec52487f9789bf2536738f29b380d943592250dfa29f991bc7358b955bf1bf299d0a7aa8eceaa725e6b0c4f2d7587993c638fbc9eca30d7c3e6fdb6d5166

Download Submit
C:\Windows\system\DFzKerQ.exe

Filesize
6.0MB

MD5
c77ed1c494bfc9be254664b4e102bb96

SHA1
2008807a4f740a09a73f192414691731a7fddff7

SHA256
7209cab3ac65c94641efdd8abae9ef7d944273c8b2dec1011b3c7b4e37a4a912

SHA512
34a40c763a538b96003a0ec1c1a57766d9fa83a88a8ad49df032411ac4b00810c175ec6b4743dc26cc38bb853a12074479633579940a362ece99fb48c4635acc

Download Submit
C:\Windows\system\DqCeuXf.exe

Filesize
6.0MB

MD5
94ce73fa6ffaadbc9df4b261e1ef5851

SHA1
3b369b44d8529c0f5a1381a77027f8d38f30e12d

SHA256
5771bc94569bff7147038cd88f380c2fd814311d9cc54fb880bcc8e85cb02dea

SHA512
b80e9c8de8f63241f7f7e3c63ef4c8ebd6ab0d4e7210ffea27777ec079a784af59a93a1a35e3fc00eeeb7ae1dba97f9d9d1e2472267020fe5cd1ffbe85347256

Download Submit
C:\Windows\system\EJXEHXJ.exe

Filesize
6.0MB

MD5
16b00581f4dfcba1318638a3b7921742

SHA1
e2f2d6c9aa16f3655443133b2f9ba75bf4aad73f

SHA256
dc33896d88aa4d0dfd6c513691f9ee00c2f2e7063b6970adb190fa1177051e30

SHA512
1797fc467aa588d6da330dfaef072758b3a06b0e9cd02ff2998c6908bc4760351e985dfe9b00477e33e918a560c22d3d76a9cdb10a75495c3e09ad21bed11818

Download Submit
C:\Windows\system\Egcqjvx.exe

Filesize
6.0MB

MD5
c46cc08a86c1861b5a55fc2f142728cc

SHA1
a7a029865af29ee729c578c609956b7189fe1914

SHA256
3da2355fa1647f8d3860982389fdff33eadc0a47002c7bf3ee018b9d23f0f81f

SHA512
580bacc5793c7a85f72bebeb5d5d30d4d27738a0b38f7b324a65b5484433545ef0882c9753fa3916f5c05a5a6509449644396372c483d0381b53d6a73e5d2c0e

Download Submit
C:\Windows\system\HrWBBpV.exe

Filesize
6.0MB

MD5
e9dc9bb99890603fffcfe395bd4a1e8a

SHA1
076d70a33805deec5803be5425db6b3525cb524f

SHA256
21f8d40d1edcf829d7f3e5c54c9f99f9a09a2b08d7ec57046dcd05ad0632c082

SHA512
fdc49a2b83404313914392b262a26e3d29f31fd4e070bcebe4c6cd1be3de4ab5b71cf204c3c03bd31f2b5e1a9b2006fca75be07e3c6f0942914707d0ab6b7593

Download Submit
C:\Windows\system\KFpswyH.exe

Filesize
6.0MB

MD5
dc3958bf4002248072e67425c125e522

SHA1
f761f46d78bffb92d07925ef022f2c0168116207

SHA256
d00b6b587e9c751a31694b359828dffdd7ff3cb8667c26c4b2ec4b32c9304282

SHA512
7ce4fa07a8853ac12672f8b005bbd2674c762f4c21269c5fe2446525964da1c14d8c9f8a0d6dc8bd61128b4ac32a00c21cedbd8c5751a79f3ce7a369646d994b

Download Submit
C:\Windows\system\KWoYjsO.exe

Filesize
6.0MB

MD5
be2d667523817fa7a9730c63c8a972f6

SHA1
4591f0e4d5990294f4a0e179f69d3e574224cec4

SHA256
bb1756dabc1702edd255a1b30660f601ac8e495f4f7ceaa4748c36ad8c869a29

SHA512
ae29bc62d50502cd59327d0335c7ad2ce429d0861ee4b3703b83997bdb28d0d33549a2b12cbcce22dd4a6d95599c612997503a6d9033ff9cfc620bc78c606d71

Download Submit
C:\Windows\system\KbSUIzC.exe

Filesize
6.0MB

MD5
63a5287859790b4d00913139e5d74044

SHA1
97aec12361f9bdf6c6942e389812101e5463b445

SHA256
b54085cf30f7780f486d3ccc37ced762ad0c2e965e57939e3374c252d2a231fb

SHA512
b21bb5527e5bce599d5c5180e1a6c2c83d3d8f4a8486d08bcfcb2e1b482e391af25146205cf4bf653c89d27c64327bf0546dc4057512606de53f3e1ae9cbaa85

Download Submit
C:\Windows\system\LfutwGx.exe

Filesize
6.0MB

MD5
b0a55810d24f65fb6bf88ac2b6ad1ec0

SHA1
5bf0b44a970c8be3bfd8fdd257383e4139aaf879

SHA256
7e62f743e9585c5037f18d7e236aabcb00dccd300464c3b6755b65bc48122c18

SHA512
d6a2d2e8e55948976a93660b9d8ca94f8702aa18be9940526e222e33f00b2f815247fb77de1e72636b6d645305e63cf29723043e1a37fd30583e1abdca3d3cbd

Download Submit
C:\Windows\system\MyYpaaY.exe

Filesize
6.0MB

MD5
0b5f5d98a9bd050e51202695a970e269

SHA1
b787b016a9e21e7adfc365fbf20705a9157a76f6

SHA256
96744665759156b39291f96aa29298def9fe4427aa6497af66d1c1972a926b73

SHA512
7a3ec1f98d3e8c698349b6bffd0781583e5670c699c366d89dc14e7bc39bc47ae55bff892945801ef5df4b7afde600edc029288dc7023fe69d850717cdbac7f6

Download Submit
C:\Windows\system\VOTVHCL.exe

Filesize
6.0MB

MD5
784f2d5a8bfe43ce392e3efe36e1ff02

SHA1
0ba5eaef0f58d0dff0a245cc1b46f32c63f13a19

SHA256
69d2274f8d41a7f2c90053cc22c237790331d3f3452590ade17a89e9fa78df48

SHA512
78aed08cda17c1e17075e7b0bdb4a64925b20d0a76127f423dfae598abb1da31b7b0f9787102ad3063a741641acfbc8cf458a42a8173b1c693a23f7312759b3c

Download Submit
C:\Windows\system\WBMWKhf.exe

Filesize
6.0MB

MD5
48301d4cffb58557233401da464c0dac

SHA1
a96abb5cf775eddb5feff0cda7b15f5544a46359

SHA256
61ae9c05893ed3d908bdfba7667ba43f082ec02a1804c5c4dc1381d9bae926fc

SHA512
334a9b52af23024af4bfd57075d7a6a2f0a754a2a627cc6cd30b928c87b1d4e0e70c77aa8b434a1c5ea1fd11492618dd4e13f3c6a221c933a2538e126758cadc

Download Submit
C:\Windows\system\WMIcLsk.exe

Filesize
6.0MB

MD5
d02f4e813ece7e6cb43904923c574d93

SHA1
c6e1871e3d8faee6cd3963125cdfa1f3d9f6f8da

SHA256
e1bbe099723993b214cf690aeccceffe0d2a4a2b3ec6bd8014d55c5aa0393c2a

SHA512
f77f921966436161fed031554e7d506da946707ffe7b0d484de25b6d678fffef46f390725cd80823658926e02ea0c6a27565a83f6472a2d2adafc32c97956796

Download Submit
C:\Windows\system\XOaMXJX.exe

Filesize
6.0MB

MD5
cd760ba9d7ce5fb4ec88d9fe0cd26b20

SHA1
583cf3c24f19c008c077e8d5ae947a14ce001453

SHA256
1d1961db55d1b36b118326f8f85554051fdc5330fabba484f95d3fe283ad81af

SHA512
d014cb9e4df57ca683b1caccfabbdb057b1fb9b7d8700e4d530a6de83460abc5566dafc4f4cc94ae4238f57be39d5482049bd0c1612cbeafc07e64bdf02f0452

Download Submit
C:\Windows\system\XmLAOqt.exe

Filesize
6.0MB

MD5
2d88acde025253962c120e48a3f3e9ac

SHA1
eded59bd2a5580319958a2c1cafc6dce52933166

SHA256
fa995952fa24749e62da7e307f9db357305c29c97bef51bd9de9ff70f77ad4bf

SHA512
a7d6c3359b16a5b8b5bf07a20f61e0b4e3dec14a7c171116a450ffef9265321ddc1036060571901ee3252b7db2d0d09f87d49bbe527d56d85150ff9988d33c11

Download Submit
C:\Windows\system\aErGhEA.exe

Filesize
6.0MB

MD5
4e7bc222d8250e22cbe21223fd31c4ad

SHA1
6e78d1c755454664a680a8931fa5f2516f62ea64

SHA256
7b18b6225a68dc95e78e324ac370b1d4a83f200cb03f93bc836a6ee30266f835

SHA512
c9a8ccf9d6e3eb2c2c69bb8cb3c8c70f3e226c5a6f81db06a6631d19ba29c4765e72ae9e419b028b5ef9a2c9e309ce8c7b955836b5b5a7741396aafa3af3cd7e

Download Submit
C:\Windows\system\axiXkJg.exe

Filesize
6.0MB

MD5
2269763f049347bab85e3c9a6ab9907c

SHA1
b152053adf474e4a48686a09e722b6e81348dcdb

SHA256
d59336dbba5121eef25548119d6203eabdd3838d053ad79141e5898eaa758c2d

SHA512
8303acca9c5c5bb4e87f67128c23453a0624d2e27cc4f145950552f60d36f1070f4fec563755746ddb028c66bc6b1fb7909abfaa273901904c394e081fa9ff5a

Download Submit
C:\Windows\system\grHbHOP.exe

Filesize
6.0MB

MD5
a4656cffb302e337cef4c2d55d4b6ec5

SHA1
463a034391cba37b6013ce4e3ed24a95d835820c

SHA256
85d0bd60c02f8dfb36aa3aaf34ed6716b3aeb499aa49b6dfbd4f781f9d02b1f1

SHA512
1203b365793c31e46fb5597d6536f74508a5b6372162dd453ac00118c6f22342daa36d249669c0b6ea82ba1f57c2191d76af39a10e003bdd2d55d285e0e3cc7e

Download Submit
C:\Windows\system\hATqLJX.exe

Filesize
6.0MB

MD5
1010dad6238a079794d6b3ea5f83a380

SHA1
1e5f5d49fdcab28d7cbfebaf4f4d9d7e06b2f7ad

SHA256
668e57107a206c81e892a3685c2c9156f9ecd5769101cb9db50e876781b85e18

SHA512
d529841448296562a5f9c83fdb5882f705c86ccfe1ce9115d03d131b86f85e9eb9a5daef1a1b1934fe8f28a5120fb044ed5ba25b735f51e5b664735b37bdc041

Download Submit
C:\Windows\system\mxZIDSE.exe

Filesize
6.0MB

MD5
2b862d30ed6aed0d3b0f95ab3cc00c0c

SHA1
d03fa9773d25e530f6cb1d514f278ef54c748cb4

SHA256
e9905a4e2c6e95a276268ad442ff262a9c94c8200271f2ae8d3ca7210f7fab41

SHA512
d648f5b3a74c8f577aeb8efb1dfa1707d0b04128da9df03526e41179548560be14f250f3b70c7e5d562360e2e2b9adcde5cc99c04fe2de52e2a39b7a321e1673

Download Submit
C:\Windows\system\qqNlvPp.exe

Filesize
6.0MB

MD5
f40020f78d547ab400d7e2a8d1d55751

SHA1
5f57ceeff55a4dbba8437e4123077804f95af001

SHA256
5a400665962190e6c857214df09d7b7596638ebaf901eca84c7f672d3d7d1c8c

SHA512
daa6fd8a435387aeabe1483be948e141e707dfd21949a3104a59e5e7e9d2f745ee84c537c55fad315df804acd4e783403ff2764cff0e5fd6619af782ee64ef51

Download Submit
C:\Windows\system\rRHrqeB.exe

Filesize
6.0MB

MD5
c1839cd2c5394884ca4310e47914a196

SHA1
849782a2309e929b581046672b734821b474d418

SHA256
f585176eb4ceba1bd50df1e9c07e8176c89fc677b779330d7270299ab87d22c8

SHA512
9df0f51fdedffac86cbf27565b434219c313bfc8233bbf29370fe0b9c4d2c89fef68b2609299a718300077b79c9492f4fb33c01a64a53ddea0adbc020705c806

Download Submit
C:\Windows\system\rkHHRQm.exe

Filesize
6.0MB

MD5
84208c6abb84794befab9f2eaa0a6a96

SHA1
d0ba8779cea5d8db323301002193f13f0473ef4b

SHA256
4563e55bfffab22d407d0220389e73e11c8a8c8c034d3207697807475065a440

SHA512
59d7576502bfc310eaf262d662887baae37cca9f2a0752fff396f6431e8c76c83da54faf213f43c0f7cb40dd59fa80b64e0a4176a73219793ff8339db148ae5d

Download Submit
C:\Windows\system\tNIVSWc.exe

Filesize
6.0MB

MD5
d9aa9f8dc68f8adc7f5871d8af272cd4

SHA1
818b8d98480364b94edce27e33b5f1a2e2debd32

SHA256
adc2db6538295c0afe3cfce7bb2dbcec58f06d690585ccd1f1ed6a6e6ffcd151

SHA512
353e3b9fc7029f1cd4796d970957bfb62fca133bd97a1bbc1eea00fcd2ef5e18daa6bc3755c75c8b364cbff59ef7df4ad139a593391eb8a33c85e6685e4d92de

Download Submit
C:\Windows\system\uDYbAeU.exe

Filesize
6.0MB

MD5
a6433e8044b7eb85c71b5bc15cb77206

SHA1
c83cb116637564512c7dc33796de6f6383b3cfd4

SHA256
75fa6463c18c414072c569dd8a25f84d90735fffa742d531a31d64b556e64323

SHA512
6d284470e79417c32e1a75730a48ef8a37eab490f2d047236052d45e4bc65306802940d6ada84735c72b664aca1bf310c9b00a8786578b21d8ef38ab227f5dd0

Download Submit
C:\Windows\system\wPOWAzn.exe

Filesize
6.0MB

MD5
a8d03df6931a1fe3991f749583ccb0f2

SHA1
0dc336175784ed24a3e3435f5106047f21c9253f

SHA256
fbc6ecc066c12066257e74fa115deb70342fbea2b27f89c4884b9342517afc33

SHA512
8376c063776b2663fe8c0f5506682b689b71c470a7bdc5a22e6eb0168cf34643737d316327fe2489168ccf0c35bd6a70ab3d84d2dc957c49e9e07472b8c13393

Download Submit
C:\Windows\system\zwZnAgv.exe

Filesize
6.0MB

MD5
9d4f4c7470ba16758511152813be4355

SHA1
cc10f1297a0a44fd62bd5ea5ec0380a524b35d89

SHA256
ad249106f0367f694a2b0f14955593bb6a13d752efac170f0c051b22a025bbe8

SHA512
179f0d36e3c901373eaec71eaef6894149e527349e1fc40ca61bfcac337fef1d0f989a2dacdba4b622478450d9a969f2b499c01a0cfe56af2ea87c2c7cd71028

Download Submit
\Windows\system\AXvADRp.exe

Filesize
6.0MB

MD5
52a2912fc166ed734686b1b388873ffa

SHA1
5ab8de92a301fa81a07039a8c4e8cbef0e042e52

SHA256
6097646d74c3e03510eead2bb0a9e29d3aef888677cc3e58d07c075dde514ddc

SHA512
e558044ec4c066bfbd2943a6beaec29915735f9ce402f61805be8b8505430fd1ae1d47dc4799d00cbe19c9a222d7b7df799ac0cac3ecdf8fcc851671d333b693

Download Submit
\Windows\system\SYJYCsc.exe

Filesize
6.0MB

MD5
bc0a204903014c7d29ef1d164506c18a

SHA1
1e2392cf8dd0a7b083965499acae655dbb6873de

SHA256
af6019a1fbb3dcf672bf4cfde382e1c12eeec47931154bcc0a0f2ad122cf0c39

SHA512
1fc16dd8fd31f413d03d292b89a72dc09238b960b395af5e4d14062d0ffa10edb466dac5c77ecb252af63cab8daa5485c55e53a25c03c776b7ba3a90812eb73e

Download Submit
\Windows\system\qHeNWgM.exe

Filesize
6.0MB

MD5
ce7eef77a93e6ebc3c878c6d460d8da7

SHA1
263121130a12afb3119cbbc1c42cd01ac5bea0f0

SHA256
f9a39da9a222cc778cd3f9db338d41b4fe2993b53bccff02e4fca603e4462124

SHA512
e8b6d94400b02182216972cd875a818d63a69dd6d81eb67386a5ee363a0f6bc7a126a7c1f9e1684ce73624334e73e85d1906fdef454a7bce0f48c9c6ea6787e2

Download Submit
memory/1712-88-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-39-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1712-112-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/1712-111-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/1712-110-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1712-16-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-108-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1712-17-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-99-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-0-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1712-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/1712-28-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-78-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1712-8-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1712-1029-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1712-70-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-1030-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-38-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1712-61-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1712-1275-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-2372-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/1712-102-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-36-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1892-3298-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/1892-22-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-109-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2012-3435-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2176-3423-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2176-113-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2236-3388-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2236-87-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2256-29-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-469-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-3341-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-23-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-3314-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-107-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3389-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2724-74-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3438-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1031-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2756-37-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3356-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3390-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2792-65-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2836-47-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2836-891-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2836-5729-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2984-3299-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2984-9-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download