cobaltstrike | 21ff53ca43cf2c3619c6b7bd496ee62264dafc3d6ee9c29d164063c39b8baed2

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16-12-2024 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ae2754b73e35cbf241956460420fbb59
SHA1

3f9c2b6f7a571fe99defa192c57da9a1eb65714d
SHA256

21ff53ca43cf2c3619c6b7bd496ee62264dafc3d6ee9c29d164063c39b8baed2
SHA512

6e71d7792fe54765bae61ca8a708cbae674972dcd466be575105201a551fe14458b0d9985a840caa373ad27c285d96c2f2e1b8b73742c097af26c7dcd1161b18
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUe:T+q56utgpPF8u/7e

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d24-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d2e-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d36-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d47-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d50-31.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d9f-37.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dc8-42.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-49.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-69.dat	cobalt_reflective_dll
behavioral1/files/0x0036000000016d0b-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-139.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-112.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-91.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-81.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-66.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-61.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-56.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001752f-46.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2392-0-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0008000000016d24-9.dat	xmrig
behavioral1/files/0x0008000000016d2e-16.dat	xmrig
behavioral1/files/0x0008000000016d36-22.dat	xmrig
behavioral1/files/0x0007000000016d47-27.dat	xmrig
behavioral1/files/0x0007000000016d50-31.dat	xmrig
behavioral1/files/0x0007000000016d9f-37.dat	xmrig
behavioral1/files/0x0008000000016dc8-42.dat	xmrig
behavioral1/files/0x0005000000018690-49.dat	xmrig
behavioral1/files/0x00050000000191f3-69.dat	xmrig
behavioral1/files/0x0036000000016d0b-76.dat	xmrig
behavioral1/files/0x0005000000019218-86.dat	xmrig
behavioral1/files/0x00050000000193cc-139.dat	xmrig
behavioral1/files/0x00050000000193c4-161.dat	xmrig
behavioral1/files/0x0005000000019389-156.dat	xmrig
behavioral1/memory/2036-1454-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2656-1455-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2824-1457-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2392-1460-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2708-1459-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2748-1461-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2988-1463-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2572-1465-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2392-1468-0x0000000002410000-0x0000000002764000-memory.dmp	xmrig
behavioral1/memory/1408-1467-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2600-1469-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2564-1475-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2284-1556-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2392-1476-0x0000000002410000-0x0000000002764000-memory.dmp	xmrig
behavioral1/files/0x0005000000019401-151.dat	xmrig
behavioral1/files/0x00050000000193d9-142.dat	xmrig
behavioral1/files/0x0005000000019403-160.dat	xmrig
behavioral1/files/0x00050000000193df-150.dat	xmrig
behavioral1/files/0x0005000000019277-121.dat	xmrig
behavioral1/files/0x0005000000019271-112.dat	xmrig
behavioral1/files/0x00050000000193be-135.dat	xmrig
behavioral1/files/0x0005000000019382-126.dat	xmrig
behavioral1/files/0x0005000000019273-116.dat	xmrig
behavioral1/files/0x000500000001926b-106.dat	xmrig
behavioral1/files/0x000500000001924c-101.dat	xmrig
behavioral1/files/0x0005000000019234-96.dat	xmrig
behavioral1/files/0x0005000000019229-91.dat	xmrig
behavioral1/files/0x00050000000191f7-81.dat	xmrig
behavioral1/files/0x00060000000190d6-66.dat	xmrig
behavioral1/files/0x00060000000190cd-61.dat	xmrig
behavioral1/files/0x000500000001879b-56.dat	xmrig
behavioral1/files/0x000700000001752f-46.dat	xmrig
behavioral1/memory/2400-1600-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2392-1765-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/320-1764-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/1740-1941-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2392-2534-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2392-2706-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2392-2693-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2392-2662-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2392-2757-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2824-3352-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2708-3356-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2656-3354-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2988-3358-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/1408-3365-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2572-3383-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2400-3419-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2036	TjmVzfP.exe
2656	ZkYhHPX.exe
2824	YTNtTQx.exe
2708	dgWDGzL.exe
2748	SQuJxQN.exe
2988	eCbQJCv.exe
2572	HQJUShk.exe
1408	qYWTiOj.exe
2600	fUkpigi.exe
2564	xoHEjpq.exe
2284	TkWAlSl.exe
2400	zJtkvYt.exe
320	uLvRyoF.exe
1740	sTRrbIw.exe
1872	sGEFwvM.exe
2104	PbuQOLH.exe
2052	TjlTAlj.exe
2908	oZzQnIL.exe
996	MToeVbc.exe
2776	sjMgeez.exe
2652	tUvEbBK.exe
664	vsHwbiY.exe
1096	GpDzAsc.exe
3068	zsSJfjE.exe
2092	wxpgZku.exe
2352	dbDDpkA.exe
2212	rMjCzNS.exe
2372	SBIKrIL.exe
3012	HbXgPhQ.exe
1928	peVrupP.exe
2112	AOmLAmK.exe
3016	RKLUCga.exe
1860	dizdVGY.exe
2304	uMwqYUa.exe
1356	VUkQvLI.exe
860	vRMfumW.exe
864	ItuzVPo.exe
1792	kWhBacE.exe
2000	FNQUhpO.exe
1368	fkgImKz.exe
1404	SegQSFm.exe
2732	ZervitR.exe
1088	TcwEkMG.exe
1780	qdYWxWJ.exe
1664	SvhCDAV.exe
1316	SWDTLmx.exe
1572	siEZgoC.exe
2928	MiiQIpP.exe
1208	MZrgrVJ.exe
3036	goWJhMO.exe
2336	WGRBVFt.exe
2004	BXqfIQi.exe
2436	YzyoQSV.exe
2260	KstVrtp.exe
2452	AvgYBvr.exe
1720	viinJNx.exe
2640	uZbmveU.exe
2812	LDZdkAc.exe
2852	ahhkPfg.exe
2848	luEoOSH.exe
2912	uqassrs.exe
2588	wiiTQOn.exe
2612	sQiXCHm.exe
328	ycPgOVw.exe

Loads dropped DLL 64 IoCs

pid	Process
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2392-0-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0008000000016d24-9.dat	upx
behavioral1/files/0x0008000000016d2e-16.dat	upx
behavioral1/files/0x0008000000016d36-22.dat	upx
behavioral1/files/0x0007000000016d47-27.dat	upx
behavioral1/files/0x0007000000016d50-31.dat	upx
behavioral1/files/0x0007000000016d9f-37.dat	upx
behavioral1/files/0x0008000000016dc8-42.dat	upx
behavioral1/files/0x0005000000018690-49.dat	upx
behavioral1/files/0x00050000000191f3-69.dat	upx
behavioral1/files/0x0036000000016d0b-76.dat	upx
behavioral1/files/0x0005000000019218-86.dat	upx
behavioral1/files/0x00050000000193cc-139.dat	upx
behavioral1/files/0x00050000000193c4-161.dat	upx
behavioral1/files/0x0005000000019389-156.dat	upx
behavioral1/memory/2036-1454-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2656-1455-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2824-1457-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2708-1459-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2748-1461-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2988-1463-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2572-1465-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/1408-1467-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2600-1469-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2564-1475-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2284-1556-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x0005000000019401-151.dat	upx
behavioral1/files/0x00050000000193d9-142.dat	upx
behavioral1/files/0x0005000000019403-160.dat	upx
behavioral1/files/0x00050000000193df-150.dat	upx
behavioral1/files/0x0005000000019277-121.dat	upx
behavioral1/files/0x0005000000019271-112.dat	upx
behavioral1/files/0x00050000000193be-135.dat	upx
behavioral1/files/0x0005000000019382-126.dat	upx
behavioral1/files/0x0005000000019273-116.dat	upx
behavioral1/files/0x000500000001926b-106.dat	upx
behavioral1/files/0x000500000001924c-101.dat	upx
behavioral1/files/0x0005000000019234-96.dat	upx
behavioral1/files/0x0005000000019229-91.dat	upx
behavioral1/files/0x00050000000191f7-81.dat	upx
behavioral1/files/0x00060000000190d6-66.dat	upx
behavioral1/files/0x00060000000190cd-61.dat	upx
behavioral1/files/0x000500000001879b-56.dat	upx
behavioral1/files/0x000700000001752f-46.dat	upx
behavioral1/memory/2400-1600-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/320-1764-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/1740-1941-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2392-2534-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2824-3352-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2708-3356-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2656-3354-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2988-3358-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/1408-3365-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2572-3383-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2400-3419-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2284-3406-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2600-3405-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2564-3399-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2748-3367-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2036-3369-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/320-3487-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/1740-3495-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CoIrupi.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLxGKin.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lBwxwfV.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MDEOyYZ.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvwkHDS.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dFXGnNa.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZrvckAx.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wVgNYaS.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HWDcphH.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MEVpJMg.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VOuNDom.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QzUNlHM.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NzakDDi.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IKJFScH.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cakWfqe.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rsbxrWY.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnceMoW.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjQNSTb.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KSnbdeH.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HbbPEle.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLAEYEM.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FDuQHMe.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSyVamV.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cbANBqA.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZwvENhw.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JFltFsW.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQmGJMC.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CGHmSNf.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OuePJkE.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iNQaDfw.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wlZuCOk.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TcwEkMG.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sfDphTO.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYBozEa.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\igvcqCT.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ueQEFvX.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aDHXrPY.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dgGsYAO.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OQDORzz.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWnRAFY.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xEcMqdM.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BwUHWNl.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnsBahY.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Safggem.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QCcdZcG.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQjiCbI.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HsUkvYp.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FijVpxV.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dKPwKBm.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UduEGye.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEgaQRI.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BOrliIy.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xooWPhd.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RKOlMSu.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dmvCQkS.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjqLxNo.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eDTQIdG.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xXqtJUj.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FdsPNoO.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HoNAYYd.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VUkQvLI.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nmwVOUg.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AsrRBLa.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QcwxiFK.exe	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 2036	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2392 wrote to memory of 2036	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2392 wrote to memory of 2036	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2392 wrote to memory of 2656	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2392 wrote to memory of 2656	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2392 wrote to memory of 2656	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2392 wrote to memory of 2824	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2392 wrote to memory of 2824	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2392 wrote to memory of 2824	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2392 wrote to memory of 2708	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2392 wrote to memory of 2708	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2392 wrote to memory of 2708	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2392 wrote to memory of 2748	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2392 wrote to memory of 2748	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2392 wrote to memory of 2748	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2392 wrote to memory of 2988	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2392 wrote to memory of 2988	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2392 wrote to memory of 2988	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2392 wrote to memory of 2572	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2392 wrote to memory of 2572	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2392 wrote to memory of 2572	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2392 wrote to memory of 1408	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2392 wrote to memory of 1408	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2392 wrote to memory of 1408	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2392 wrote to memory of 2600	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2392 wrote to memory of 2600	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2392 wrote to memory of 2600	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2392 wrote to memory of 2564	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2392 wrote to memory of 2564	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2392 wrote to memory of 2564	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2392 wrote to memory of 2284	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2392 wrote to memory of 2284	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2392 wrote to memory of 2284	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2392 wrote to memory of 2400	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2392 wrote to memory of 2400	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2392 wrote to memory of 2400	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2392 wrote to memory of 320	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2392 wrote to memory of 320	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2392 wrote to memory of 320	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2392 wrote to memory of 1740	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2392 wrote to memory of 1740	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2392 wrote to memory of 1740	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2392 wrote to memory of 1872	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2392 wrote to memory of 1872	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2392 wrote to memory of 1872	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2392 wrote to memory of 2104	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2392 wrote to memory of 2104	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2392 wrote to memory of 2104	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2392 wrote to memory of 2052	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2392 wrote to memory of 2052	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2392 wrote to memory of 2052	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2392 wrote to memory of 2908	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2392 wrote to memory of 2908	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2392 wrote to memory of 2908	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2392 wrote to memory of 996	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2392 wrote to memory of 996	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2392 wrote to memory of 996	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2392 wrote to memory of 2776	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2392 wrote to memory of 2776	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2392 wrote to memory of 2776	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2392 wrote to memory of 2652	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2392 wrote to memory of 2652	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2392 wrote to memory of 2652	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2392 wrote to memory of 664	2392	2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-16_ae2754b73e35cbf241956460420fbb59_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Windows\System\TjmVzfP.exe
  C:\Windows\System\TjmVzfP.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\ZkYhHPX.exe
  C:\Windows\System\ZkYhHPX.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\YTNtTQx.exe
  C:\Windows\System\YTNtTQx.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\dgWDGzL.exe
  C:\Windows\System\dgWDGzL.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\SQuJxQN.exe
  C:\Windows\System\SQuJxQN.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\eCbQJCv.exe
  C:\Windows\System\eCbQJCv.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\HQJUShk.exe
  C:\Windows\System\HQJUShk.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\qYWTiOj.exe
  C:\Windows\System\qYWTiOj.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\fUkpigi.exe
  C:\Windows\System\fUkpigi.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\xoHEjpq.exe
  C:\Windows\System\xoHEjpq.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\TkWAlSl.exe
  C:\Windows\System\TkWAlSl.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\zJtkvYt.exe
  C:\Windows\System\zJtkvYt.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\uLvRyoF.exe
  C:\Windows\System\uLvRyoF.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\sTRrbIw.exe
  C:\Windows\System\sTRrbIw.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\sGEFwvM.exe
  C:\Windows\System\sGEFwvM.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\PbuQOLH.exe
  C:\Windows\System\PbuQOLH.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\TjlTAlj.exe
  C:\Windows\System\TjlTAlj.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\oZzQnIL.exe
  C:\Windows\System\oZzQnIL.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\MToeVbc.exe
  C:\Windows\System\MToeVbc.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\sjMgeez.exe
  C:\Windows\System\sjMgeez.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\tUvEbBK.exe
  C:\Windows\System\tUvEbBK.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\vsHwbiY.exe
  C:\Windows\System\vsHwbiY.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\GpDzAsc.exe
  C:\Windows\System\GpDzAsc.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\zsSJfjE.exe
  C:\Windows\System\zsSJfjE.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\wxpgZku.exe
  C:\Windows\System\wxpgZku.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\HbXgPhQ.exe
  C:\Windows\System\HbXgPhQ.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\dbDDpkA.exe
  C:\Windows\System\dbDDpkA.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\AOmLAmK.exe
  C:\Windows\System\AOmLAmK.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\rMjCzNS.exe
  C:\Windows\System\rMjCzNS.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\RKLUCga.exe
  C:\Windows\System\RKLUCga.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\SBIKrIL.exe
  C:\Windows\System\SBIKrIL.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\dizdVGY.exe
  C:\Windows\System\dizdVGY.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\peVrupP.exe
  C:\Windows\System\peVrupP.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\VUkQvLI.exe
  C:\Windows\System\VUkQvLI.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\uMwqYUa.exe
  C:\Windows\System\uMwqYUa.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\vRMfumW.exe
  C:\Windows\System\vRMfumW.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\ItuzVPo.exe
  C:\Windows\System\ItuzVPo.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\kWhBacE.exe
  C:\Windows\System\kWhBacE.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\FNQUhpO.exe
  C:\Windows\System\FNQUhpO.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\SegQSFm.exe
  C:\Windows\System\SegQSFm.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\fkgImKz.exe
  C:\Windows\System\fkgImKz.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\TcwEkMG.exe
  C:\Windows\System\TcwEkMG.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\ZervitR.exe
  C:\Windows\System\ZervitR.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\SvhCDAV.exe
  C:\Windows\System\SvhCDAV.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\qdYWxWJ.exe
  C:\Windows\System\qdYWxWJ.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\siEZgoC.exe
  C:\Windows\System\siEZgoC.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\SWDTLmx.exe
  C:\Windows\System\SWDTLmx.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\MiiQIpP.exe
  C:\Windows\System\MiiQIpP.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\MZrgrVJ.exe
  C:\Windows\System\MZrgrVJ.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\BXqfIQi.exe
  C:\Windows\System\BXqfIQi.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\goWJhMO.exe
  C:\Windows\System\goWJhMO.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\KstVrtp.exe
  C:\Windows\System\KstVrtp.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\WGRBVFt.exe
  C:\Windows\System\WGRBVFt.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\AvgYBvr.exe
  C:\Windows\System\AvgYBvr.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\YzyoQSV.exe
  C:\Windows\System\YzyoQSV.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\viinJNx.exe
  C:\Windows\System\viinJNx.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\uZbmveU.exe
  C:\Windows\System\uZbmveU.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\LDZdkAc.exe
  C:\Windows\System\LDZdkAc.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\ahhkPfg.exe
  C:\Windows\System\ahhkPfg.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\luEoOSH.exe
  C:\Windows\System\luEoOSH.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\uqassrs.exe
  C:\Windows\System\uqassrs.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\wiiTQOn.exe
  C:\Windows\System\wiiTQOn.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\sQiXCHm.exe
  C:\Windows\System\sQiXCHm.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\mvFMbNp.exe
  C:\Windows\System\mvFMbNp.exe
  2⤵
  PID:1824
- C:\Windows\System\ycPgOVw.exe
  C:\Windows\System\ycPgOVw.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\bWWdbwF.exe
  C:\Windows\System\bWWdbwF.exe
  2⤵
  PID:2176
- C:\Windows\System\poESUhe.exe
  C:\Windows\System\poESUhe.exe
  2⤵
  PID:1684
- C:\Windows\System\IdAqjgH.exe
  C:\Windows\System\IdAqjgH.exe
  2⤵
  PID:2796
- C:\Windows\System\Shvqlih.exe
  C:\Windows\System\Shvqlih.exe
  2⤵
  PID:808
- C:\Windows\System\RFqkRgP.exe
  C:\Windows\System\RFqkRgP.exe
  2⤵
  PID:576
- C:\Windows\System\FcJiKzY.exe
  C:\Windows\System\FcJiKzY.exe
  2⤵
  PID:2768
- C:\Windows\System\CqBNkmM.exe
  C:\Windows\System\CqBNkmM.exe
  2⤵
  PID:548
- C:\Windows\System\EoxFEtq.exe
  C:\Windows\System\EoxFEtq.exe
  2⤵
  PID:2076
- C:\Windows\System\HhcrbEn.exe
  C:\Windows\System\HhcrbEn.exe
  2⤵
  PID:2216
- C:\Windows\System\nmwVOUg.exe
  C:\Windows\System\nmwVOUg.exe
  2⤵
  PID:2184
- C:\Windows\System\sibpfSf.exe
  C:\Windows\System\sibpfSf.exe
  2⤵
  PID:2060
- C:\Windows\System\njCRZBW.exe
  C:\Windows\System\njCRZBW.exe
  2⤵
  PID:1600
- C:\Windows\System\vozSpwO.exe
  C:\Windows\System\vozSpwO.exe
  2⤵
  PID:1696
- C:\Windows\System\qKrNxWm.exe
  C:\Windows\System\qKrNxWm.exe
  2⤵
  PID:1544
- C:\Windows\System\YHdMaFY.exe
  C:\Windows\System\YHdMaFY.exe
  2⤵
  PID:1732
- C:\Windows\System\OQDORzz.exe
  C:\Windows\System\OQDORzz.exe
  2⤵
  PID:2408
- C:\Windows\System\NngDMVT.exe
  C:\Windows\System\NngDMVT.exe
  2⤵
  PID:2500
- C:\Windows\System\SfoceEr.exe
  C:\Windows\System\SfoceEr.exe
  2⤵
  PID:2332
- C:\Windows\System\hFYtYxc.exe
  C:\Windows\System\hFYtYxc.exe
  2⤵
  PID:1656
- C:\Windows\System\JwCcYaK.exe
  C:\Windows\System\JwCcYaK.exe
  2⤵
  PID:3024
- C:\Windows\System\JbbnqlT.exe
  C:\Windows\System\JbbnqlT.exe
  2⤵
  PID:1000
- C:\Windows\System\RWtQfMQ.exe
  C:\Windows\System\RWtQfMQ.exe
  2⤵
  PID:1884
- C:\Windows\System\lmbXaTa.exe
  C:\Windows\System\lmbXaTa.exe
  2⤵
  PID:1588
- C:\Windows\System\uCLkWrW.exe
  C:\Windows\System\uCLkWrW.exe
  2⤵
  PID:2108
- C:\Windows\System\kNIPBzH.exe
  C:\Windows\System\kNIPBzH.exe
  2⤵
  PID:892
- C:\Windows\System\xnBxxEQ.exe
  C:\Windows\System\xnBxxEQ.exe
  2⤵
  PID:1580
- C:\Windows\System\GPpUnOI.exe
  C:\Windows\System\GPpUnOI.exe
  2⤵
  PID:2844
- C:\Windows\System\eRBKTfp.exe
  C:\Windows\System\eRBKTfp.exe
  2⤵
  PID:2724
- C:\Windows\System\JczPPix.exe
  C:\Windows\System\JczPPix.exe
  2⤵
  PID:2088
- C:\Windows\System\UdHpyEX.exe
  C:\Windows\System\UdHpyEX.exe
  2⤵
  PID:296
- C:\Windows\System\fKscJQx.exe
  C:\Windows\System\fKscJQx.exe
  2⤵
  PID:1876
- C:\Windows\System\OFYPkaM.exe
  C:\Windows\System\OFYPkaM.exe
  2⤵
  PID:1676
- C:\Windows\System\nEdJffz.exe
  C:\Windows\System\nEdJffz.exe
  2⤵
  PID:3000
- C:\Windows\System\qMSBZCa.exe
  C:\Windows\System\qMSBZCa.exe
  2⤵
  PID:1868
- C:\Windows\System\MLonCOK.exe
  C:\Windows\System\MLonCOK.exe
  2⤵
  PID:2424
- C:\Windows\System\oLZDgvD.exe
  C:\Windows\System\oLZDgvD.exe
  2⤵
  PID:2964
- C:\Windows\System\AyTZxdw.exe
  C:\Windows\System\AyTZxdw.exe
  2⤵
  PID:552
- C:\Windows\System\nBloegn.exe
  C:\Windows\System\nBloegn.exe
  2⤵
  PID:2056
- C:\Windows\System\hzCDkYg.exe
  C:\Windows\System\hzCDkYg.exe
  2⤵
  PID:628
- C:\Windows\System\EXmixBY.exe
  C:\Windows\System\EXmixBY.exe
  2⤵
  PID:1728
- C:\Windows\System\mqSFfqN.exe
  C:\Windows\System\mqSFfqN.exe
  2⤵
  PID:1736
- C:\Windows\System\mdmAiZq.exe
  C:\Windows\System\mdmAiZq.exe
  2⤵
  PID:2208
- C:\Windows\System\HDnqISq.exe
  C:\Windows\System\HDnqISq.exe
  2⤵
  PID:1900
- C:\Windows\System\GUvgVTn.exe
  C:\Windows\System\GUvgVTn.exe
  2⤵
  PID:988
- C:\Windows\System\zivHLBK.exe
  C:\Windows\System\zivHLBK.exe
  2⤵
  PID:1552
- C:\Windows\System\eYgzPEi.exe
  C:\Windows\System\eYgzPEi.exe
  2⤵
  PID:884
- C:\Windows\System\WjrPphD.exe
  C:\Windows\System\WjrPphD.exe
  2⤵
  PID:2548
- C:\Windows\System\hsfTjvA.exe
  C:\Windows\System\hsfTjvA.exe
  2⤵
  PID:2788
- C:\Windows\System\tUyEaNK.exe
  C:\Windows\System\tUyEaNK.exe
  2⤵
  PID:3080
- C:\Windows\System\xPeZetr.exe
  C:\Windows\System\xPeZetr.exe
  2⤵
  PID:3096
- C:\Windows\System\ZsMhore.exe
  C:\Windows\System\ZsMhore.exe
  2⤵
  PID:3112
- C:\Windows\System\MrKQXYd.exe
  C:\Windows\System\MrKQXYd.exe
  2⤵
  PID:3128
- C:\Windows\System\sfeLyoS.exe
  C:\Windows\System\sfeLyoS.exe
  2⤵
  PID:3148
- C:\Windows\System\XQsoZzS.exe
  C:\Windows\System\XQsoZzS.exe
  2⤵
  PID:3172
- C:\Windows\System\RafVYFc.exe
  C:\Windows\System\RafVYFc.exe
  2⤵
  PID:3188
- C:\Windows\System\khWwVuR.exe
  C:\Windows\System\khWwVuR.exe
  2⤵
  PID:3212
- C:\Windows\System\RirnRcq.exe
  C:\Windows\System\RirnRcq.exe
  2⤵
  PID:3236
- C:\Windows\System\LxAJMZX.exe
  C:\Windows\System\LxAJMZX.exe
  2⤵
  PID:3280
- C:\Windows\System\qsvcHCr.exe
  C:\Windows\System\qsvcHCr.exe
  2⤵
  PID:3320
- C:\Windows\System\RWnRAFY.exe
  C:\Windows\System\RWnRAFY.exe
  2⤵
  PID:3340
- C:\Windows\System\ALuJDIn.exe
  C:\Windows\System\ALuJDIn.exe
  2⤵
  PID:3364
- C:\Windows\System\oWriICh.exe
  C:\Windows\System\oWriICh.exe
  2⤵
  PID:3380
- C:\Windows\System\VnYmtVZ.exe
  C:\Windows\System\VnYmtVZ.exe
  2⤵
  PID:3404
- C:\Windows\System\phhkHht.exe
  C:\Windows\System\phhkHht.exe
  2⤵
  PID:3420
- C:\Windows\System\ESTXIjF.exe
  C:\Windows\System\ESTXIjF.exe
  2⤵
  PID:3444
- C:\Windows\System\NMCqeGz.exe
  C:\Windows\System\NMCqeGz.exe
  2⤵
  PID:3460
- C:\Windows\System\vhIqjji.exe
  C:\Windows\System\vhIqjji.exe
  2⤵
  PID:3484
- C:\Windows\System\XQQKdSb.exe
  C:\Windows\System\XQQKdSb.exe
  2⤵
  PID:3504
- C:\Windows\System\HfPBXEH.exe
  C:\Windows\System\HfPBXEH.exe
  2⤵
  PID:3520
- C:\Windows\System\PbzYgQr.exe
  C:\Windows\System\PbzYgQr.exe
  2⤵
  PID:3540
- C:\Windows\System\khvtaBK.exe
  C:\Windows\System\khvtaBK.exe
  2⤵
  PID:3564
- C:\Windows\System\hDThUAO.exe
  C:\Windows\System\hDThUAO.exe
  2⤵
  PID:3584
- C:\Windows\System\zXUPsQN.exe
  C:\Windows\System\zXUPsQN.exe
  2⤵
  PID:3600
- C:\Windows\System\eCtYUxb.exe
  C:\Windows\System\eCtYUxb.exe
  2⤵
  PID:3620
- C:\Windows\System\UGlfNJV.exe
  C:\Windows\System\UGlfNJV.exe
  2⤵
  PID:3644
- C:\Windows\System\ihJEYlt.exe
  C:\Windows\System\ihJEYlt.exe
  2⤵
  PID:3660
- C:\Windows\System\SgKGMCM.exe
  C:\Windows\System\SgKGMCM.exe
  2⤵
  PID:3684
- C:\Windows\System\kbeqYsW.exe
  C:\Windows\System\kbeqYsW.exe
  2⤵
  PID:3700
- C:\Windows\System\WYvGOvO.exe
  C:\Windows\System\WYvGOvO.exe
  2⤵
  PID:3720
- C:\Windows\System\tshhMoa.exe
  C:\Windows\System\tshhMoa.exe
  2⤵
  PID:3740
- C:\Windows\System\IDwVyWs.exe
  C:\Windows\System\IDwVyWs.exe
  2⤵
  PID:3756
- C:\Windows\System\jVDKXDg.exe
  C:\Windows\System\jVDKXDg.exe
  2⤵
  PID:3772
- C:\Windows\System\mvmGofz.exe
  C:\Windows\System\mvmGofz.exe
  2⤵
  PID:3792
- C:\Windows\System\AKJHojI.exe
  C:\Windows\System\AKJHojI.exe
  2⤵
  PID:3812
- C:\Windows\System\wNHrOZG.exe
  C:\Windows\System\wNHrOZG.exe
  2⤵
  PID:3836
- C:\Windows\System\FyvfFGr.exe
  C:\Windows\System\FyvfFGr.exe
  2⤵
  PID:3856
- C:\Windows\System\aKMDFfu.exe
  C:\Windows\System\aKMDFfu.exe
  2⤵
  PID:3880
- C:\Windows\System\UHXQljJ.exe
  C:\Windows\System\UHXQljJ.exe
  2⤵
  PID:3900
- C:\Windows\System\ndQNkok.exe
  C:\Windows\System\ndQNkok.exe
  2⤵
  PID:3920
- C:\Windows\System\rYCFdrm.exe
  C:\Windows\System\rYCFdrm.exe
  2⤵
  PID:3940
- C:\Windows\System\fMVulCV.exe
  C:\Windows\System\fMVulCV.exe
  2⤵
  PID:3964
- C:\Windows\System\vPapjhd.exe
  C:\Windows\System\vPapjhd.exe
  2⤵
  PID:3984
- C:\Windows\System\xhnvDpD.exe
  C:\Windows\System\xhnvDpD.exe
  2⤵
  PID:4008
- C:\Windows\System\aiiNsaW.exe
  C:\Windows\System\aiiNsaW.exe
  2⤵
  PID:4028
- C:\Windows\System\bzYBBGk.exe
  C:\Windows\System\bzYBBGk.exe
  2⤵
  PID:4048
- C:\Windows\System\zwRrYxo.exe
  C:\Windows\System\zwRrYxo.exe
  2⤵
  PID:4068
- C:\Windows\System\qjugsTs.exe
  C:\Windows\System\qjugsTs.exe
  2⤵
  PID:4092
- C:\Windows\System\JXsKXyN.exe
  C:\Windows\System\JXsKXyN.exe
  2⤵
  PID:2344
- C:\Windows\System\lBqXZQU.exe
  C:\Windows\System\lBqXZQU.exe
  2⤵
  PID:848
- C:\Windows\System\KLgLGNH.exe
  C:\Windows\System\KLgLGNH.exe
  2⤵
  PID:1744
- C:\Windows\System\dOOyiXk.exe
  C:\Windows\System\dOOyiXk.exe
  2⤵
  PID:2560
- C:\Windows\System\JwXhdiE.exe
  C:\Windows\System\JwXhdiE.exe
  2⤵
  PID:2992
- C:\Windows\System\XlXVCXL.exe
  C:\Windows\System\XlXVCXL.exe
  2⤵
  PID:2660
- C:\Windows\System\FbRUeAS.exe
  C:\Windows\System\FbRUeAS.exe
  2⤵
  PID:3108
- C:\Windows\System\WtoRSuC.exe
  C:\Windows\System\WtoRSuC.exe
  2⤵
  PID:3136
- C:\Windows\System\SVBWhZw.exe
  C:\Windows\System\SVBWhZw.exe
  2⤵
  PID:2132
- C:\Windows\System\HvyCHiR.exe
  C:\Windows\System\HvyCHiR.exe
  2⤵
  PID:2340
- C:\Windows\System\cxloMQm.exe
  C:\Windows\System\cxloMQm.exe
  2⤵
  PID:3220
- C:\Windows\System\aeblIbV.exe
  C:\Windows\System\aeblIbV.exe
  2⤵
  PID:1592
- C:\Windows\System\OayohNq.exe
  C:\Windows\System\OayohNq.exe
  2⤵
  PID:3296
- C:\Windows\System\JqPhLZL.exe
  C:\Windows\System\JqPhLZL.exe
  2⤵
  PID:3092
- C:\Windows\System\Lycytab.exe
  C:\Windows\System\Lycytab.exe
  2⤵
  PID:3164
- C:\Windows\System\HnRLbJA.exe
  C:\Windows\System\HnRLbJA.exe
  2⤵
  PID:3244
- C:\Windows\System\AUhLCkI.exe
  C:\Windows\System\AUhLCkI.exe
  2⤵
  PID:620
- C:\Windows\System\MYYDnHp.exe
  C:\Windows\System\MYYDnHp.exe
  2⤵
  PID:3276
- C:\Windows\System\reiiafl.exe
  C:\Windows\System\reiiafl.exe
  2⤵
  PID:3360
- C:\Windows\System\sUVjizo.exe
  C:\Windows\System\sUVjizo.exe
  2⤵
  PID:3388
- C:\Windows\System\igTZXOX.exe
  C:\Windows\System\igTZXOX.exe
  2⤵
  PID:3428
- C:\Windows\System\EJHzrRk.exe
  C:\Windows\System\EJHzrRk.exe
  2⤵
  PID:3372
- C:\Windows\System\WyOySzi.exe
  C:\Windows\System\WyOySzi.exe
  2⤵
  PID:3472
- C:\Windows\System\hahYOeJ.exe
  C:\Windows\System\hahYOeJ.exe
  2⤵
  PID:3516
- C:\Windows\System\KLyNyaH.exe
  C:\Windows\System\KLyNyaH.exe
  2⤵
  PID:3560
- C:\Windows\System\URjMOfS.exe
  C:\Windows\System\URjMOfS.exe
  2⤵
  PID:3592
- C:\Windows\System\xboZpqA.exe
  C:\Windows\System\xboZpqA.exe
  2⤵
  PID:3572
- C:\Windows\System\oITTvdf.exe
  C:\Windows\System\oITTvdf.exe
  2⤵
  PID:3672
- C:\Windows\System\ccFKVyY.exe
  C:\Windows\System\ccFKVyY.exe
  2⤵
  PID:3716
- C:\Windows\System\CNhOvFm.exe
  C:\Windows\System\CNhOvFm.exe
  2⤵
  PID:3616
- C:\Windows\System\sRgFCjE.exe
  C:\Windows\System\sRgFCjE.exe
  2⤵
  PID:3784
- C:\Windows\System\XTrgsHW.exe
  C:\Windows\System\XTrgsHW.exe
  2⤵
  PID:3832
- C:\Windows\System\XlwgYHK.exe
  C:\Windows\System\XlwgYHK.exe
  2⤵
  PID:3864
- C:\Windows\System\GpsrhnA.exe
  C:\Windows\System\GpsrhnA.exe
  2⤵
  PID:3876
- C:\Windows\System\yksNWHa.exe
  C:\Windows\System\yksNWHa.exe
  2⤵
  PID:3852
- C:\Windows\System\lBwGnyu.exe
  C:\Windows\System\lBwGnyu.exe
  2⤵
  PID:3912
- C:\Windows\System\OHRnIGa.exe
  C:\Windows\System\OHRnIGa.exe
  2⤵
  PID:3928
- C:\Windows\System\YKsdhfO.exe
  C:\Windows\System\YKsdhfO.exe
  2⤵
  PID:3972
- C:\Windows\System\KGOqeVM.exe
  C:\Windows\System\KGOqeVM.exe
  2⤵
  PID:3980
- C:\Windows\System\hDrPlCV.exe
  C:\Windows\System\hDrPlCV.exe
  2⤵
  PID:4044
- C:\Windows\System\KvdSCzc.exe
  C:\Windows\System\KvdSCzc.exe
  2⤵
  PID:4060
- C:\Windows\System\hGlOtKO.exe
  C:\Windows\System\hGlOtKO.exe
  2⤵
  PID:904
- C:\Windows\System\TJLeEqk.exe
  C:\Windows\System\TJLeEqk.exe
  2⤵
  PID:1916
- C:\Windows\System\KovjWBt.exe
  C:\Windows\System\KovjWBt.exe
  2⤵
  PID:2608
- C:\Windows\System\mbGDVfe.exe
  C:\Windows\System\mbGDVfe.exe
  2⤵
  PID:1796
- C:\Windows\System\HYlUOgZ.exe
  C:\Windows\System\HYlUOgZ.exe
  2⤵
  PID:3104
- C:\Windows\System\JhlImOI.exe
  C:\Windows\System\JhlImOI.exe
  2⤵
  PID:3180
- C:\Windows\System\lpTiPGe.exe
  C:\Windows\System\lpTiPGe.exe
  2⤵
  PID:1648
- C:\Windows\System\ZkChQLu.exe
  C:\Windows\System\ZkChQLu.exe
  2⤵
  PID:3288
- C:\Windows\System\jtgwaxm.exe
  C:\Windows\System\jtgwaxm.exe
  2⤵
  PID:3196
- C:\Windows\System\piLgNTL.exe
  C:\Windows\System\piLgNTL.exe
  2⤵
  PID:1184
- C:\Windows\System\GPprVjX.exe
  C:\Windows\System\GPprVjX.exe
  2⤵
  PID:3268
- C:\Windows\System\EKvasSm.exe
  C:\Windows\System\EKvasSm.exe
  2⤵
  PID:3336
- C:\Windows\System\sfDphTO.exe
  C:\Windows\System\sfDphTO.exe
  2⤵
  PID:3392
- C:\Windows\System\yTTFHpQ.exe
  C:\Windows\System\yTTFHpQ.exe
  2⤵
  PID:3452
- C:\Windows\System\MCDtHMe.exe
  C:\Windows\System\MCDtHMe.exe
  2⤵
  PID:3456
- C:\Windows\System\bvVAMvl.exe
  C:\Windows\System\bvVAMvl.exe
  2⤵
  PID:3556
- C:\Windows\System\JpuhFZy.exe
  C:\Windows\System\JpuhFZy.exe
  2⤵
  PID:3576
- C:\Windows\System\XDWWoya.exe
  C:\Windows\System\XDWWoya.exe
  2⤵
  PID:3708
- C:\Windows\System\FNVUkCT.exe
  C:\Windows\System\FNVUkCT.exe
  2⤵
  PID:3820
- C:\Windows\System\hSrBgSA.exe
  C:\Windows\System\hSrBgSA.exe
  2⤵
  PID:3872
- C:\Windows\System\mufxpzf.exe
  C:\Windows\System\mufxpzf.exe
  2⤵
  PID:3804
- C:\Windows\System\cmjEStP.exe
  C:\Windows\System\cmjEStP.exe
  2⤵
  PID:3892
- C:\Windows\System\wPOXFLx.exe
  C:\Windows\System\wPOXFLx.exe
  2⤵
  PID:3952
- C:\Windows\System\uuBhVnA.exe
  C:\Windows\System\uuBhVnA.exe
  2⤵
  PID:4036
- C:\Windows\System\OHJoWHS.exe
  C:\Windows\System\OHJoWHS.exe
  2⤵
  PID:2932
- C:\Windows\System\XUVZZgY.exe
  C:\Windows\System\XUVZZgY.exe
  2⤵
  PID:2032
- C:\Windows\System\piaUlAC.exe
  C:\Windows\System\piaUlAC.exe
  2⤵
  PID:2900
- C:\Windows\System\IfKKDVU.exe
  C:\Windows\System\IfKKDVU.exe
  2⤵
  PID:2672
- C:\Windows\System\KNwNNqL.exe
  C:\Windows\System\KNwNNqL.exe
  2⤵
  PID:1996
- C:\Windows\System\GmojxiG.exe
  C:\Windows\System\GmojxiG.exe
  2⤵
  PID:3124
- C:\Windows\System\tCFkJjM.exe
  C:\Windows\System\tCFkJjM.exe
  2⤵
  PID:3160
- C:\Windows\System\fEuEhYv.exe
  C:\Windows\System\fEuEhYv.exe
  2⤵
  PID:3308
- C:\Windows\System\Ezezgwb.exe
  C:\Windows\System\Ezezgwb.exe
  2⤵
  PID:3512
- C:\Windows\System\EcGbnQO.exe
  C:\Windows\System\EcGbnQO.exe
  2⤵
  PID:4084
- C:\Windows\System\FRnEfkw.exe
  C:\Windows\System\FRnEfkw.exe
  2⤵
  PID:3548
- C:\Windows\System\GsBddCR.exe
  C:\Windows\System\GsBddCR.exe
  2⤵
  PID:3712
- C:\Windows\System\HGKOBIJ.exe
  C:\Windows\System\HGKOBIJ.exe
  2⤵
  PID:3780
- C:\Windows\System\MoLWqXl.exe
  C:\Windows\System\MoLWqXl.exe
  2⤵
  PID:3888
- C:\Windows\System\DzwpBqn.exe
  C:\Windows\System\DzwpBqn.exe
  2⤵
  PID:4016
- C:\Windows\System\WaqovUe.exe
  C:\Windows\System\WaqovUe.exe
  2⤵
  PID:4004
- C:\Windows\System\zvlJIFg.exe
  C:\Windows\System\zvlJIFg.exe
  2⤵
  PID:1180
- C:\Windows\System\liKKNdj.exe
  C:\Windows\System\liKKNdj.exe
  2⤵
  PID:3232
- C:\Windows\System\hfKEDYy.exe
  C:\Windows\System\hfKEDYy.exe
  2⤵
  PID:1516
- C:\Windows\System\qoYuUmH.exe
  C:\Windows\System\qoYuUmH.exe
  2⤵
  PID:1776
- C:\Windows\System\yVCPqcJ.exe
  C:\Windows\System\yVCPqcJ.exe
  2⤵
  PID:3272
- C:\Windows\System\QVLyUuK.exe
  C:\Windows\System\QVLyUuK.exe
  2⤵
  PID:3436
- C:\Windows\System\YdaDTFh.exe
  C:\Windows\System\YdaDTFh.exe
  2⤵
  PID:3692
- C:\Windows\System\GzYbwrI.exe
  C:\Windows\System\GzYbwrI.exe
  2⤵
  PID:3848
- C:\Windows\System\KdpBuCk.exe
  C:\Windows\System\KdpBuCk.exe
  2⤵
  PID:4108
- C:\Windows\System\geQcdvt.exe
  C:\Windows\System\geQcdvt.exe
  2⤵
  PID:4128
- C:\Windows\System\cQBGmuN.exe
  C:\Windows\System\cQBGmuN.exe
  2⤵
  PID:4148
- C:\Windows\System\sekvUwO.exe
  C:\Windows\System\sekvUwO.exe
  2⤵
  PID:4168
- C:\Windows\System\JVGJdAo.exe
  C:\Windows\System\JVGJdAo.exe
  2⤵
  PID:4192
- C:\Windows\System\UGxeHyL.exe
  C:\Windows\System\UGxeHyL.exe
  2⤵
  PID:4212
- C:\Windows\System\TSGERGw.exe
  C:\Windows\System\TSGERGw.exe
  2⤵
  PID:4228
- C:\Windows\System\ncAtmjO.exe
  C:\Windows\System\ncAtmjO.exe
  2⤵
  PID:4248
- C:\Windows\System\KsZwRhW.exe
  C:\Windows\System\KsZwRhW.exe
  2⤵
  PID:4272
- C:\Windows\System\gGbWXHa.exe
  C:\Windows\System\gGbWXHa.exe
  2⤵
  PID:4288
- C:\Windows\System\YzTIJFg.exe
  C:\Windows\System\YzTIJFg.exe
  2⤵
  PID:4312
- C:\Windows\System\gSlSeqf.exe
  C:\Windows\System\gSlSeqf.exe
  2⤵
  PID:4328
- C:\Windows\System\nsDSDma.exe
  C:\Windows\System\nsDSDma.exe
  2⤵
  PID:4352
- C:\Windows\System\zZrQurO.exe
  C:\Windows\System\zZrQurO.exe
  2⤵
  PID:4372
- C:\Windows\System\cVutKhR.exe
  C:\Windows\System\cVutKhR.exe
  2⤵
  PID:4392
- C:\Windows\System\BuIvMsd.exe
  C:\Windows\System\BuIvMsd.exe
  2⤵
  PID:4408
- C:\Windows\System\heCFrZW.exe
  C:\Windows\System\heCFrZW.exe
  2⤵
  PID:4432
- C:\Windows\System\yqbuXqx.exe
  C:\Windows\System\yqbuXqx.exe
  2⤵
  PID:4452
- C:\Windows\System\pfIQHWV.exe
  C:\Windows\System\pfIQHWV.exe
  2⤵
  PID:4472
- C:\Windows\System\cbEMNXg.exe
  C:\Windows\System\cbEMNXg.exe
  2⤵
  PID:4492
- C:\Windows\System\qRxfSJy.exe
  C:\Windows\System\qRxfSJy.exe
  2⤵
  PID:4512
- C:\Windows\System\wBSZBmh.exe
  C:\Windows\System\wBSZBmh.exe
  2⤵
  PID:4532
- C:\Windows\System\RgNhVSK.exe
  C:\Windows\System\RgNhVSK.exe
  2⤵
  PID:4552
- C:\Windows\System\WRzUVuN.exe
  C:\Windows\System\WRzUVuN.exe
  2⤵
  PID:4568
- C:\Windows\System\JqAiees.exe
  C:\Windows\System\JqAiees.exe
  2⤵
  PID:4592
- C:\Windows\System\AvYUavH.exe
  C:\Windows\System\AvYUavH.exe
  2⤵
  PID:4608
- C:\Windows\System\ddUUZPI.exe
  C:\Windows\System\ddUUZPI.exe
  2⤵
  PID:4628
- C:\Windows\System\MucRqfn.exe
  C:\Windows\System\MucRqfn.exe
  2⤵
  PID:4648
- C:\Windows\System\JSyHAWA.exe
  C:\Windows\System\JSyHAWA.exe
  2⤵
  PID:4668
- C:\Windows\System\UWFrSpR.exe
  C:\Windows\System\UWFrSpR.exe
  2⤵
  PID:4688
- C:\Windows\System\kxxcKUQ.exe
  C:\Windows\System\kxxcKUQ.exe
  2⤵
  PID:4708
- C:\Windows\System\pDsOYNV.exe
  C:\Windows\System\pDsOYNV.exe
  2⤵
  PID:4728
- C:\Windows\System\iScAPQy.exe
  C:\Windows\System\iScAPQy.exe
  2⤵
  PID:4752
- C:\Windows\System\UJSOQrc.exe
  C:\Windows\System\UJSOQrc.exe
  2⤵
  PID:4768
- C:\Windows\System\atUpsVv.exe
  C:\Windows\System\atUpsVv.exe
  2⤵
  PID:4796
- C:\Windows\System\LNBiODS.exe
  C:\Windows\System\LNBiODS.exe
  2⤵
  PID:4816
- C:\Windows\System\OuePJkE.exe
  C:\Windows\System\OuePJkE.exe
  2⤵
  PID:4836
- C:\Windows\System\SUKqunl.exe
  C:\Windows\System\SUKqunl.exe
  2⤵
  PID:4852
- C:\Windows\System\AQIcmVY.exe
  C:\Windows\System\AQIcmVY.exe
  2⤵
  PID:4872
- C:\Windows\System\RodbHHw.exe
  C:\Windows\System\RodbHHw.exe
  2⤵
  PID:4892
- C:\Windows\System\gQNytwL.exe
  C:\Windows\System\gQNytwL.exe
  2⤵
  PID:4912
- C:\Windows\System\RKOlMSu.exe
  C:\Windows\System\RKOlMSu.exe
  2⤵
  PID:4932
- C:\Windows\System\muzeOyI.exe
  C:\Windows\System\muzeOyI.exe
  2⤵
  PID:4952
- C:\Windows\System\OyqXWFr.exe
  C:\Windows\System\OyqXWFr.exe
  2⤵
  PID:4972
- C:\Windows\System\bCPgzow.exe
  C:\Windows\System\bCPgzow.exe
  2⤵
  PID:4992
- C:\Windows\System\oABfmRt.exe
  C:\Windows\System\oABfmRt.exe
  2⤵
  PID:5016
- C:\Windows\System\ekpqojj.exe
  C:\Windows\System\ekpqojj.exe
  2⤵
  PID:5036
- C:\Windows\System\PEPwpSv.exe
  C:\Windows\System\PEPwpSv.exe
  2⤵
  PID:5056
- C:\Windows\System\VeYAHzp.exe
  C:\Windows\System\VeYAHzp.exe
  2⤵
  PID:5076
- C:\Windows\System\ewylHDY.exe
  C:\Windows\System\ewylHDY.exe
  2⤵
  PID:5096
- C:\Windows\System\JUNHECG.exe
  C:\Windows\System\JUNHECG.exe
  2⤵
  PID:5116
- C:\Windows\System\bqlrcun.exe
  C:\Windows\System\bqlrcun.exe
  2⤵
  PID:1940
- C:\Windows\System\LYwZILU.exe
  C:\Windows\System\LYwZILU.exe
  2⤵
  PID:3976
- C:\Windows\System\ymabEim.exe
  C:\Windows\System\ymabEim.exe
  2⤵
  PID:3208
- C:\Windows\System\KZeuDFb.exe
  C:\Windows\System\KZeuDFb.exe
  2⤵
  PID:3536
- C:\Windows\System\xCzcRHy.exe
  C:\Windows\System\xCzcRHy.exe
  2⤵
  PID:3696
- C:\Windows\System\LGAAYwB.exe
  C:\Windows\System\LGAAYwB.exe
  2⤵
  PID:3908
- C:\Windows\System\SAgaULp.exe
  C:\Windows\System\SAgaULp.exe
  2⤵
  PID:4124
- C:\Windows\System\evPVTju.exe
  C:\Windows\System\evPVTju.exe
  2⤵
  PID:4176
- C:\Windows\System\aYBozEa.exe
  C:\Windows\System\aYBozEa.exe
  2⤵
  PID:4220
- C:\Windows\System\OjQNSTb.exe
  C:\Windows\System\OjQNSTb.exe
  2⤵
  PID:4260
- C:\Windows\System\iNVKVOh.exe
  C:\Windows\System\iNVKVOh.exe
  2⤵
  PID:4244
- C:\Windows\System\Uplygfn.exe
  C:\Windows\System\Uplygfn.exe
  2⤵
  PID:4308
- C:\Windows\System\lsEACIL.exe
  C:\Windows\System\lsEACIL.exe
  2⤵
  PID:3956
- C:\Windows\System\fqQiJfu.exe
  C:\Windows\System\fqQiJfu.exe
  2⤵
  PID:4380
- C:\Windows\System\AKLNCgU.exe
  C:\Windows\System\AKLNCgU.exe
  2⤵
  PID:4400
- C:\Windows\System\lwUWvmX.exe
  C:\Windows\System\lwUWvmX.exe
  2⤵
  PID:4404
- C:\Windows\System\pXZkRQH.exe
  C:\Windows\System\pXZkRQH.exe
  2⤵
  PID:4444
- C:\Windows\System\vKWXIzn.exe
  C:\Windows\System\vKWXIzn.exe
  2⤵
  PID:4504
- C:\Windows\System\TVWMubF.exe
  C:\Windows\System\TVWMubF.exe
  2⤵
  PID:4548
- C:\Windows\System\rmVaClb.exe
  C:\Windows\System\rmVaClb.exe
  2⤵
  PID:4576
- C:\Windows\System\VUsMAzz.exe
  C:\Windows\System\VUsMAzz.exe
  2⤵
  PID:4616
- C:\Windows\System\Nbgyydy.exe
  C:\Windows\System\Nbgyydy.exe
  2⤵
  PID:4636
- C:\Windows\System\clxeUPj.exe
  C:\Windows\System\clxeUPj.exe
  2⤵
  PID:4660
- C:\Windows\System\joSatKV.exe
  C:\Windows\System\joSatKV.exe
  2⤵
  PID:4740
- C:\Windows\System\jcSWSXw.exe
  C:\Windows\System\jcSWSXw.exe
  2⤵
  PID:4716
- C:\Windows\System\DpLTJoo.exe
  C:\Windows\System\DpLTJoo.exe
  2⤵
  PID:4764
- C:\Windows\System\gXsGAnX.exe
  C:\Windows\System\gXsGAnX.exe
  2⤵
  PID:4788
- C:\Windows\System\TAXiXTD.exe
  C:\Windows\System\TAXiXTD.exe
  2⤵
  PID:4808
- C:\Windows\System\BzDHOYw.exe
  C:\Windows\System\BzDHOYw.exe
  2⤵
  PID:4848
- C:\Windows\System\OpYcsJN.exe
  C:\Windows\System\OpYcsJN.exe
  2⤵
  PID:4908
- C:\Windows\System\DNvpfdv.exe
  C:\Windows\System\DNvpfdv.exe
  2⤵
  PID:4924
- C:\Windows\System\FijVpxV.exe
  C:\Windows\System\FijVpxV.exe
  2⤵
  PID:4964
- C:\Windows\System\qyHTyCu.exe
  C:\Windows\System\qyHTyCu.exe
  2⤵
  PID:4984
- C:\Windows\System\nLxGKin.exe
  C:\Windows\System\nLxGKin.exe
  2⤵
  PID:5012
- C:\Windows\System\swvKrPe.exe
  C:\Windows\System\swvKrPe.exe
  2⤵
  PID:5052
- C:\Windows\System\ToqLfua.exe
  C:\Windows\System\ToqLfua.exe
  2⤵
  PID:5092
- C:\Windows\System\kwDlyph.exe
  C:\Windows\System\kwDlyph.exe
  2⤵
  PID:3768
- C:\Windows\System\OPtpVUO.exe
  C:\Windows\System\OPtpVUO.exe
  2⤵
  PID:4076
- C:\Windows\System\GusHrLx.exe
  C:\Windows\System\GusHrLx.exe
  2⤵
  PID:3752
- C:\Windows\System\cygCwcg.exe
  C:\Windows\System\cygCwcg.exe
  2⤵
  PID:4100
- C:\Windows\System\PiGRqdz.exe
  C:\Windows\System\PiGRqdz.exe
  2⤵
  PID:4144
- C:\Windows\System\snMfglr.exe
  C:\Windows\System\snMfglr.exe
  2⤵
  PID:4200
- C:\Windows\System\jdrVQqO.exe
  C:\Windows\System\jdrVQqO.exe
  2⤵
  PID:4300
- C:\Windows\System\NunZBQQ.exe
  C:\Windows\System\NunZBQQ.exe
  2⤵
  PID:4336
- C:\Windows\System\dmvCQkS.exe
  C:\Windows\System\dmvCQkS.exe
  2⤵
  PID:4348
- C:\Windows\System\gSbsDeF.exe
  C:\Windows\System\gSbsDeF.exe
  2⤵
  PID:4388
- C:\Windows\System\woEtBfb.exe
  C:\Windows\System\woEtBfb.exe
  2⤵
  PID:4448
- C:\Windows\System\SFzHaBy.exe
  C:\Windows\System\SFzHaBy.exe
  2⤵
  PID:4520
- C:\Windows\System\xQUQtFK.exe
  C:\Windows\System\xQUQtFK.exe
  2⤵
  PID:4624
- C:\Windows\System\kYzQdQu.exe
  C:\Windows\System\kYzQdQu.exe
  2⤵
  PID:4580
- C:\Windows\System\AZeUEHO.exe
  C:\Windows\System\AZeUEHO.exe
  2⤵
  PID:4696
- C:\Windows\System\enWHzcw.exe
  C:\Windows\System\enWHzcw.exe
  2⤵
  PID:4680
- C:\Windows\System\CrBIKjG.exe
  C:\Windows\System\CrBIKjG.exe
  2⤵
  PID:4828
- C:\Windows\System\ZBesmCr.exe
  C:\Windows\System\ZBesmCr.exe
  2⤵
  PID:4780
- C:\Windows\System\mOaonXu.exe
  C:\Windows\System\mOaonXu.exe
  2⤵
  PID:4888
- C:\Windows\System\fFhQahQ.exe
  C:\Windows\System\fFhQahQ.exe
  2⤵
  PID:5000
- C:\Windows\System\NIgifjJ.exe
  C:\Windows\System\NIgifjJ.exe
  2⤵
  PID:4968
- C:\Windows\System\nRiuaue.exe
  C:\Windows\System\nRiuaue.exe
  2⤵
  PID:4704
- C:\Windows\System\BqzLNGz.exe
  C:\Windows\System\BqzLNGz.exe
  2⤵
  PID:5104
- C:\Windows\System\ddkervL.exe
  C:\Windows\System\ddkervL.exe
  2⤵
  PID:352
- C:\Windows\System\QRDjlRE.exe
  C:\Windows\System\QRDjlRE.exe
  2⤵
  PID:3332
- C:\Windows\System\ZBCyBQZ.exe
  C:\Windows\System\ZBCyBQZ.exe
  2⤵
  PID:3412
- C:\Windows\System\eBKBbfW.exe
  C:\Windows\System\eBKBbfW.exe
  2⤵
  PID:4180
- C:\Windows\System\ILZXUFy.exe
  C:\Windows\System\ILZXUFy.exe
  2⤵
  PID:4364
- C:\Windows\System\vjmOEXZ.exe
  C:\Windows\System\vjmOEXZ.exe
  2⤵
  PID:4460
- C:\Windows\System\BbZOuGo.exe
  C:\Windows\System\BbZOuGo.exe
  2⤵
  PID:3088
- C:\Windows\System\TLisxqe.exe
  C:\Windows\System\TLisxqe.exe
  2⤵
  PID:4560
- C:\Windows\System\blaNZZw.exe
  C:\Windows\System\blaNZZw.exe
  2⤵
  PID:4664
- C:\Windows\System\zzzmmVT.exe
  C:\Windows\System\zzzmmVT.exe
  2⤵
  PID:4904
- C:\Windows\System\OpHrVNC.exe
  C:\Windows\System\OpHrVNC.exe
  2⤵
  PID:4920
- C:\Windows\System\skGXrMd.exe
  C:\Windows\System\skGXrMd.exe
  2⤵
  PID:4160
- C:\Windows\System\vKOnZLB.exe
  C:\Windows\System\vKOnZLB.exe
  2⤵
  PID:5112
- C:\Windows\System\BDYqcro.exe
  C:\Windows\System\BDYqcro.exe
  2⤵
  PID:5068
- C:\Windows\System\QKFTRKK.exe
  C:\Windows\System\QKFTRKK.exe
  2⤵
  PID:3736
- C:\Windows\System\dMcqoob.exe
  C:\Windows\System\dMcqoob.exe
  2⤵
  PID:4280
- C:\Windows\System\jyAKiNN.exe
  C:\Windows\System\jyAKiNN.exe
  2⤵
  PID:4236
- C:\Windows\System\HLsQMgi.exe
  C:\Windows\System\HLsQMgi.exe
  2⤵
  PID:4508
- C:\Windows\System\dKPwKBm.exe
  C:\Windows\System\dKPwKBm.exe
  2⤵
  PID:5144
- C:\Windows\System\rYxxmgo.exe
  C:\Windows\System\rYxxmgo.exe
  2⤵
  PID:5164
- C:\Windows\System\KkZWJTD.exe
  C:\Windows\System\KkZWJTD.exe
  2⤵
  PID:5184
- C:\Windows\System\pgOOIaL.exe
  C:\Windows\System\pgOOIaL.exe
  2⤵
  PID:5200
- C:\Windows\System\eNlzeZX.exe
  C:\Windows\System\eNlzeZX.exe
  2⤵
  PID:5220
- C:\Windows\System\fgZWrml.exe
  C:\Windows\System\fgZWrml.exe
  2⤵
  PID:5240
- C:\Windows\System\YMKvnnk.exe
  C:\Windows\System\YMKvnnk.exe
  2⤵
  PID:5264
- C:\Windows\System\dWTanKR.exe
  C:\Windows\System\dWTanKR.exe
  2⤵
  PID:5280
- C:\Windows\System\VmgQLnO.exe
  C:\Windows\System\VmgQLnO.exe
  2⤵
  PID:5304
- C:\Windows\System\FerodbF.exe
  C:\Windows\System\FerodbF.exe
  2⤵
  PID:5324
- C:\Windows\System\SdXRMYx.exe
  C:\Windows\System\SdXRMYx.exe
  2⤵
  PID:5340
- C:\Windows\System\pOorByw.exe
  C:\Windows\System\pOorByw.exe
  2⤵
  PID:5356
- C:\Windows\System\ayZdMNi.exe
  C:\Windows\System\ayZdMNi.exe
  2⤵
  PID:5384
- C:\Windows\System\aZLkBlz.exe
  C:\Windows\System\aZLkBlz.exe
  2⤵
  PID:5404
- C:\Windows\System\PRANREi.exe
  C:\Windows\System\PRANREi.exe
  2⤵
  PID:5424
- C:\Windows\System\UVslMUA.exe
  C:\Windows\System\UVslMUA.exe
  2⤵
  PID:5444
- C:\Windows\System\fYLtqiP.exe
  C:\Windows\System\fYLtqiP.exe
  2⤵
  PID:5464
- C:\Windows\System\OxOHjMO.exe
  C:\Windows\System\OxOHjMO.exe
  2⤵
  PID:5480
- C:\Windows\System\UQPAhaH.exe
  C:\Windows\System\UQPAhaH.exe
  2⤵
  PID:5500
- C:\Windows\System\FdrSiZP.exe
  C:\Windows\System\FdrSiZP.exe
  2⤵
  PID:5520
- C:\Windows\System\usUPTWG.exe
  C:\Windows\System\usUPTWG.exe
  2⤵
  PID:5544
- C:\Windows\System\UzKLDiJ.exe
  C:\Windows\System\UzKLDiJ.exe
  2⤵
  PID:5560
- C:\Windows\System\GjqLxNo.exe
  C:\Windows\System\GjqLxNo.exe
  2⤵
  PID:5580
- C:\Windows\System\lIbhAbf.exe
  C:\Windows\System\lIbhAbf.exe
  2⤵
  PID:5600
- C:\Windows\System\koDhtAu.exe
  C:\Windows\System\koDhtAu.exe
  2⤵
  PID:5616
- C:\Windows\System\NyDAkTD.exe
  C:\Windows\System\NyDAkTD.exe
  2⤵
  PID:5636
- C:\Windows\System\DHJMhHj.exe
  C:\Windows\System\DHJMhHj.exe
  2⤵
  PID:5652
- C:\Windows\System\rxOqUqz.exe
  C:\Windows\System\rxOqUqz.exe
  2⤵
  PID:5676
- C:\Windows\System\xppVDfv.exe
  C:\Windows\System\xppVDfv.exe
  2⤵
  PID:5696
- C:\Windows\System\FoLUMVS.exe
  C:\Windows\System\FoLUMVS.exe
  2⤵
  PID:5716
- C:\Windows\System\pwvxlsl.exe
  C:\Windows\System\pwvxlsl.exe
  2⤵
  PID:5744
- C:\Windows\System\LBAZQKY.exe
  C:\Windows\System\LBAZQKY.exe
  2⤵
  PID:5760
- C:\Windows\System\mFcIFhL.exe
  C:\Windows\System\mFcIFhL.exe
  2⤵
  PID:5788
- C:\Windows\System\GBuyyzL.exe
  C:\Windows\System\GBuyyzL.exe
  2⤵
  PID:5808
- C:\Windows\System\PNgaCft.exe
  C:\Windows\System\PNgaCft.exe
  2⤵
  PID:5824
- C:\Windows\System\wzEKEGK.exe
  C:\Windows\System\wzEKEGK.exe
  2⤵
  PID:5848
- C:\Windows\System\xEcMqdM.exe
  C:\Windows\System\xEcMqdM.exe
  2⤵
  PID:5868
- C:\Windows\System\WKTasEm.exe
  C:\Windows\System\WKTasEm.exe
  2⤵
  PID:5888
- C:\Windows\System\DkIdICk.exe
  C:\Windows\System\DkIdICk.exe
  2⤵
  PID:5908
- C:\Windows\System\SEzjcyg.exe
  C:\Windows\System\SEzjcyg.exe
  2⤵
  PID:5924
- C:\Windows\System\HZUPlGC.exe
  C:\Windows\System\HZUPlGC.exe
  2⤵
  PID:5948
- C:\Windows\System\RcsOWpr.exe
  C:\Windows\System\RcsOWpr.exe
  2⤵
  PID:5968
- C:\Windows\System\sgJQfjY.exe
  C:\Windows\System\sgJQfjY.exe
  2⤵
  PID:5984
- C:\Windows\System\YGShLLj.exe
  C:\Windows\System\YGShLLj.exe
  2⤵
  PID:6008
- C:\Windows\System\ARbOQHR.exe
  C:\Windows\System\ARbOQHR.exe
  2⤵
  PID:6024
- C:\Windows\System\jceMnIV.exe
  C:\Windows\System\jceMnIV.exe
  2⤵
  PID:6048
- C:\Windows\System\HymYreR.exe
  C:\Windows\System\HymYreR.exe
  2⤵
  PID:6068
- C:\Windows\System\cMmJhPb.exe
  C:\Windows\System\cMmJhPb.exe
  2⤵
  PID:6088
- C:\Windows\System\aUuRgbl.exe
  C:\Windows\System\aUuRgbl.exe
  2⤵
  PID:6104
- C:\Windows\System\oNgofKy.exe
  C:\Windows\System\oNgofKy.exe
  2⤵
  PID:6124
- C:\Windows\System\oypopyS.exe
  C:\Windows\System\oypopyS.exe
  2⤵
  PID:4340
- C:\Windows\System\QXoJrqZ.exe
  C:\Windows\System\QXoJrqZ.exe
  2⤵
  PID:4656
- C:\Windows\System\JoinAYh.exe
  C:\Windows\System\JoinAYh.exe
  2⤵
  PID:4784
- C:\Windows\System\lQgqkYN.exe
  C:\Windows\System\lQgqkYN.exe
  2⤵
  PID:3292
- C:\Windows\System\BuubHoq.exe
  C:\Windows\System\BuubHoq.exe
  2⤵
  PID:5072
- C:\Windows\System\TOnITXV.exe
  C:\Windows\System\TOnITXV.exe
  2⤵
  PID:4188
- C:\Windows\System\aXIPJES.exe
  C:\Windows\System\aXIPJES.exe
  2⤵
  PID:4420
- C:\Windows\System\UduEGye.exe
  C:\Windows\System\UduEGye.exe
  2⤵
  PID:5136
- C:\Windows\System\MEVpJMg.exe
  C:\Windows\System\MEVpJMg.exe
  2⤵
  PID:5156
- C:\Windows\System\pGopjch.exe
  C:\Windows\System\pGopjch.exe
  2⤵
  PID:5196
- C:\Windows\System\MjGHlUf.exe
  C:\Windows\System\MjGHlUf.exe
  2⤵
  PID:5232
- C:\Windows\System\HbZXJcV.exe
  C:\Windows\System\HbZXJcV.exe
  2⤵
  PID:5260
- C:\Windows\System\cpOmTWZ.exe
  C:\Windows\System\cpOmTWZ.exe
  2⤵
  PID:5300
- C:\Windows\System\OMrOaYr.exe
  C:\Windows\System\OMrOaYr.exe
  2⤵
  PID:2816
- C:\Windows\System\PVcTxZq.exe
  C:\Windows\System\PVcTxZq.exe
  2⤵
  PID:5364
- C:\Windows\System\YEDQDgJ.exe
  C:\Windows\System\YEDQDgJ.exe
  2⤵
  PID:5376
- C:\Windows\System\GbObeBf.exe
  C:\Windows\System\GbObeBf.exe
  2⤵
  PID:5420
- C:\Windows\System\mdlEBBS.exe
  C:\Windows\System\mdlEBBS.exe
  2⤵
  PID:5460
- C:\Windows\System\AZDWIPt.exe
  C:\Windows\System\AZDWIPt.exe
  2⤵
  PID:5432
- C:\Windows\System\nbRJfSF.exe
  C:\Windows\System\nbRJfSF.exe
  2⤵
  PID:5532
- C:\Windows\System\HIHqUJx.exe
  C:\Windows\System\HIHqUJx.exe
  2⤵
  PID:5472
- C:\Windows\System\TJtvBFc.exe
  C:\Windows\System\TJtvBFc.exe
  2⤵
  PID:5608
- C:\Windows\System\ggsnxZc.exe
  C:\Windows\System\ggsnxZc.exe
  2⤵
  PID:5556
- C:\Windows\System\RpfyGCQ.exe
  C:\Windows\System\RpfyGCQ.exe
  2⤵
  PID:5588
- C:\Windows\System\tpBlIQF.exe
  C:\Windows\System\tpBlIQF.exe
  2⤵
  PID:2568
- C:\Windows\System\oErkiWX.exe
  C:\Windows\System\oErkiWX.exe
  2⤵
  PID:5672
- C:\Windows\System\OKurnbm.exe
  C:\Windows\System\OKurnbm.exe
  2⤵
  PID:5660
- C:\Windows\System\gjusPgi.exe
  C:\Windows\System\gjusPgi.exe
  2⤵
  PID:5728
- C:\Windows\System\BwUHWNl.exe
  C:\Windows\System\BwUHWNl.exe
  2⤵
  PID:5780
- C:\Windows\System\BBtSCgd.exe
  C:\Windows\System\BBtSCgd.exe
  2⤵
  PID:5796
- C:\Windows\System\saDePKQ.exe
  C:\Windows\System\saDePKQ.exe
  2⤵
  PID:5856
- C:\Windows\System\wTEfTPC.exe
  C:\Windows\System\wTEfTPC.exe
  2⤵
  PID:5904
- C:\Windows\System\EzXHogx.exe
  C:\Windows\System\EzXHogx.exe
  2⤵
  PID:5880
- C:\Windows\System\AfIJvPv.exe
  C:\Windows\System\AfIJvPv.exe
  2⤵
  PID:6020
- C:\Windows\System\bNeCLSx.exe
  C:\Windows\System\bNeCLSx.exe
  2⤵
  PID:6140
- C:\Windows\System\MmHNVDE.exe
  C:\Windows\System\MmHNVDE.exe
  2⤵
  PID:6116
- C:\Windows\System\wLWLTwX.exe
  C:\Windows\System\wLWLTwX.exe
  2⤵
  PID:3224
- C:\Windows\System\YSyHRxZ.exe
  C:\Windows\System\YSyHRxZ.exe
  2⤵
  PID:4588
- C:\Windows\System\CcWNEpZ.exe
  C:\Windows\System\CcWNEpZ.exe
  2⤵
  PID:2084
- C:\Windows\System\eIlIxmD.exe
  C:\Windows\System\eIlIxmD.exe
  2⤵
  PID:5336
- C:\Windows\System\KbbDoHJ.exe
  C:\Windows\System\KbbDoHJ.exe
  2⤵
  PID:2828
- C:\Windows\System\Twusgke.exe
  C:\Windows\System\Twusgke.exe
  2⤵
  PID:5316
- C:\Windows\System\tNhnHps.exe
  C:\Windows\System\tNhnHps.exe
  2⤵
  PID:2760
- C:\Windows\System\ELAoeZN.exe
  C:\Windows\System\ELAoeZN.exe
  2⤵
  PID:5508
- C:\Windows\System\TMHkIfj.exe
  C:\Windows\System\TMHkIfj.exe
  2⤵
  PID:5644
- C:\Windows\System\fPAmBwD.exe
  C:\Windows\System\fPAmBwD.exe
  2⤵
  PID:5132
- C:\Windows\System\wtVldOs.exe
  C:\Windows\System\wtVldOs.exe
  2⤵
  PID:1808
- C:\Windows\System\GkfmjHs.exe
  C:\Windows\System\GkfmjHs.exe
  2⤵
  PID:5208
- C:\Windows\System\AYbNUqy.exe
  C:\Windows\System\AYbNUqy.exe
  2⤵
  PID:2780
- C:\Windows\System\nmtJsvt.exe
  C:\Windows\System\nmtJsvt.exe
  2⤵
  PID:5256
- C:\Windows\System\EFzCyMY.exe
  C:\Windows\System\EFzCyMY.exe
  2⤵
  PID:5804
- C:\Windows\System\DLiKDvC.exe
  C:\Windows\System\DLiKDvC.exe
  2⤵
  PID:5840
- C:\Windows\System\lqoWFAH.exe
  C:\Windows\System\lqoWFAH.exe
  2⤵
  PID:5932
- C:\Windows\System\byRpTFI.exe
  C:\Windows\System\byRpTFI.exe
  2⤵
  PID:5576
- C:\Windows\System\JpwueQc.exe
  C:\Windows\System\JpwueQc.exe
  2⤵
  PID:5712
- C:\Windows\System\iMbrJOs.exe
  C:\Windows\System\iMbrJOs.exe
  2⤵
  PID:5756
- C:\Windows\System\ZGFsnBj.exe
  C:\Windows\System\ZGFsnBj.exe
  2⤵
  PID:5944
- C:\Windows\System\LkGAhYj.exe
  C:\Windows\System\LkGAhYj.exe
  2⤵
  PID:2168
- C:\Windows\System\YEkpbAF.exe
  C:\Windows\System\YEkpbAF.exe
  2⤵
  PID:1708
- C:\Windows\System\UdXaSQu.exe
  C:\Windows\System\UdXaSQu.exe
  2⤵
  PID:2744
- C:\Windows\System\CacqaVf.exe
  C:\Windows\System\CacqaVf.exe
  2⤵
  PID:5664
- C:\Windows\System\iFMpqEq.exe
  C:\Windows\System\iFMpqEq.exe
  2⤵
  PID:5976
- C:\Windows\System\beyUyHk.exe
  C:\Windows\System\beyUyHk.exe
  2⤵
  PID:2764
- C:\Windows\System\VOuNDom.exe
  C:\Windows\System\VOuNDom.exe
  2⤵
  PID:1788
- C:\Windows\System\comZBlR.exe
  C:\Windows\System\comZBlR.exe
  2⤵
  PID:2944
- C:\Windows\System\NAIhMSV.exe
  C:\Windows\System\NAIhMSV.exe
  2⤵
  PID:1784
- C:\Windows\System\IHVabSD.exe
  C:\Windows\System\IHVabSD.exe
  2⤵
  PID:4140
- C:\Windows\System\jhyxVTX.exe
  C:\Windows\System\jhyxVTX.exe
  2⤵
  PID:5212
- C:\Windows\System\itdHaDd.exe
  C:\Windows\System\itdHaDd.exe
  2⤵
  PID:4644
- C:\Windows\System\oDlrRFE.exe
  C:\Windows\System\oDlrRFE.exe
  2⤵
  PID:5412
- C:\Windows\System\itVQjwh.exe
  C:\Windows\System\itVQjwh.exe
  2⤵
  PID:1268
- C:\Windows\System\zIGLZGQ.exe
  C:\Windows\System\zIGLZGQ.exe
  2⤵
  PID:3004
- C:\Windows\System\FDuQHMe.exe
  C:\Windows\System\FDuQHMe.exe
  2⤵
  PID:5496
- C:\Windows\System\lBwxwfV.exe
  C:\Windows\System\lBwxwfV.exe
  2⤵
  PID:5688
- C:\Windows\System\Dqipxyl.exe
  C:\Windows\System\Dqipxyl.exe
  2⤵
  PID:5312
- C:\Windows\System\uZuRcFp.exe
  C:\Windows\System\uZuRcFp.exe
  2⤵
  PID:5832
- C:\Windows\System\HmAgJPp.exe
  C:\Windows\System\HmAgJPp.exe
  2⤵
  PID:5380
- C:\Windows\System\nyFCkUt.exe
  C:\Windows\System\nyFCkUt.exe
  2⤵
  PID:5896
- C:\Windows\System\FcybLbo.exe
  C:\Windows\System\FcybLbo.exe
  2⤵
  PID:2604
- C:\Windows\System\XtzxEUa.exe
  C:\Windows\System\XtzxEUa.exe
  2⤵
  PID:840
- C:\Windows\System\LqVAZlO.exe
  C:\Windows\System\LqVAZlO.exe
  2⤵
  PID:1500
- C:\Windows\System\rtlrgiJ.exe
  C:\Windows\System\rtlrgiJ.exe
  2⤵
  PID:5668
- C:\Windows\System\EXggDRX.exe
  C:\Windows\System\EXggDRX.exe
  2⤵
  PID:5736
- C:\Windows\System\PeahUMo.exe
  C:\Windows\System\PeahUMo.exe
  2⤵
  PID:5964
- C:\Windows\System\AtboiTk.exe
  C:\Windows\System\AtboiTk.exe
  2⤵
  PID:3060
- C:\Windows\System\YSKCMUc.exe
  C:\Windows\System\YSKCMUc.exe
  2⤵
  PID:1460
- C:\Windows\System\UmOfRiy.exe
  C:\Windows\System\UmOfRiy.exe
  2⤵
  PID:1616
- C:\Windows\System\XtbxLsM.exe
  C:\Windows\System\XtbxLsM.exe
  2⤵
  PID:5028
- C:\Windows\System\sBEZzGX.exe
  C:\Windows\System\sBEZzGX.exe
  2⤵
  PID:6032
- C:\Windows\System\DCrOcgl.exe
  C:\Windows\System\DCrOcgl.exe
  2⤵
  PID:5044
- C:\Windows\System\ZTiniHX.exe
  C:\Windows\System\ZTiniHX.exe
  2⤵
  PID:2920
- C:\Windows\System\RwPgYwc.exe
  C:\Windows\System\RwPgYwc.exe
  2⤵
  PID:6056
- C:\Windows\System\NwzwkGO.exe
  C:\Windows\System\NwzwkGO.exe
  2⤵
  PID:5372
- C:\Windows\System\sngFcsT.exe
  C:\Windows\System\sngFcsT.exe
  2⤵
  PID:1548
- C:\Windows\System\xUgLCvc.exe
  C:\Windows\System\xUgLCvc.exe
  2⤵
  PID:5180
- C:\Windows\System\ffVqTxn.exe
  C:\Windows\System\ffVqTxn.exe
  2⤵
  PID:2404
- C:\Windows\System\MVpqYLV.exe
  C:\Windows\System\MVpqYLV.exe
  2⤵
  PID:5920
- C:\Windows\System\SpeSfee.exe
  C:\Windows\System\SpeSfee.exe
  2⤵
  PID:6152
- C:\Windows\System\Hxvdsma.exe
  C:\Windows\System\Hxvdsma.exe
  2⤵
  PID:6168
- C:\Windows\System\UFYsJhK.exe
  C:\Windows\System\UFYsJhK.exe
  2⤵
  PID:6184
- C:\Windows\System\sgAcePj.exe
  C:\Windows\System\sgAcePj.exe
  2⤵
  PID:6200
- C:\Windows\System\FCcwfLp.exe
  C:\Windows\System\FCcwfLp.exe
  2⤵
  PID:6216
- C:\Windows\System\rISWRIs.exe
  C:\Windows\System\rISWRIs.exe
  2⤵
  PID:6236
- C:\Windows\System\qQiqCIL.exe
  C:\Windows\System\qQiqCIL.exe
  2⤵
  PID:6328
- C:\Windows\System\VnGqJpu.exe
  C:\Windows\System\VnGqJpu.exe
  2⤵
  PID:6364
- C:\Windows\System\LCTOjPD.exe
  C:\Windows\System\LCTOjPD.exe
  2⤵
  PID:6380
- C:\Windows\System\SSMWXfS.exe
  C:\Windows\System\SSMWXfS.exe
  2⤵
  PID:6396
- C:\Windows\System\vhikmED.exe
  C:\Windows\System\vhikmED.exe
  2⤵
  PID:6412
- C:\Windows\System\fuZZoGf.exe
  C:\Windows\System\fuZZoGf.exe
  2⤵
  PID:6432
- C:\Windows\System\uSYqtlk.exe
  C:\Windows\System\uSYqtlk.exe
  2⤵
  PID:6448
- C:\Windows\System\uUIPrgc.exe
  C:\Windows\System\uUIPrgc.exe
  2⤵
  PID:6464
- C:\Windows\System\MkHJEiv.exe
  C:\Windows\System\MkHJEiv.exe
  2⤵
  PID:6480
- C:\Windows\System\BnaJcDa.exe
  C:\Windows\System\BnaJcDa.exe
  2⤵
  PID:6508
- C:\Windows\System\WskYOzn.exe
  C:\Windows\System\WskYOzn.exe
  2⤵
  PID:6528
- C:\Windows\System\lwuPXkp.exe
  C:\Windows\System\lwuPXkp.exe
  2⤵
  PID:6556
- C:\Windows\System\uPhmfgp.exe
  C:\Windows\System\uPhmfgp.exe
  2⤵
  PID:6572
- C:\Windows\System\lvzZmVC.exe
  C:\Windows\System\lvzZmVC.exe
  2⤵
  PID:6588
- C:\Windows\System\aKdaNTN.exe
  C:\Windows\System\aKdaNTN.exe
  2⤵
  PID:6604
- C:\Windows\System\bNMWdzC.exe
  C:\Windows\System\bNMWdzC.exe
  2⤵
  PID:6620
- C:\Windows\System\FREqEiT.exe
  C:\Windows\System\FREqEiT.exe
  2⤵
  PID:6672
- C:\Windows\System\CwnQUKZ.exe
  C:\Windows\System\CwnQUKZ.exe
  2⤵
  PID:6688
- C:\Windows\System\iZPYNTD.exe
  C:\Windows\System\iZPYNTD.exe
  2⤵
  PID:6708
- C:\Windows\System\qjUGKxv.exe
  C:\Windows\System\qjUGKxv.exe
  2⤵
  PID:6724
- C:\Windows\System\iaAQshZ.exe
  C:\Windows\System\iaAQshZ.exe
  2⤵
  PID:6740
- C:\Windows\System\bvEKqIX.exe
  C:\Windows\System\bvEKqIX.exe
  2⤵
  PID:6760
- C:\Windows\System\qPeDuSz.exe
  C:\Windows\System\qPeDuSz.exe
  2⤵
  PID:6776
- C:\Windows\System\dgAcGFK.exe
  C:\Windows\System\dgAcGFK.exe
  2⤵
  PID:6792
- C:\Windows\System\zcbBfXU.exe
  C:\Windows\System\zcbBfXU.exe
  2⤵
  PID:6808
- C:\Windows\System\EpBvymc.exe
  C:\Windows\System\EpBvymc.exe
  2⤵
  PID:6824
- C:\Windows\System\RIhGqAr.exe
  C:\Windows\System\RIhGqAr.exe
  2⤵
  PID:6844
- C:\Windows\System\ETcTurf.exe
  C:\Windows\System\ETcTurf.exe
  2⤵
  PID:6864
- C:\Windows\System\JlaUwct.exe
  C:\Windows\System\JlaUwct.exe
  2⤵
  PID:6912
- C:\Windows\System\RlDmQtq.exe
  C:\Windows\System\RlDmQtq.exe
  2⤵
  PID:6928
- C:\Windows\System\tpWVXPQ.exe
  C:\Windows\System\tpWVXPQ.exe
  2⤵
  PID:6948
- C:\Windows\System\CTYdWmf.exe
  C:\Windows\System\CTYdWmf.exe
  2⤵
  PID:6968
- C:\Windows\System\gMBxcrT.exe
  C:\Windows\System\gMBxcrT.exe
  2⤵
  PID:6984
- C:\Windows\System\mUgsnIv.exe
  C:\Windows\System\mUgsnIv.exe
  2⤵
  PID:7000
- C:\Windows\System\NbXuwwE.exe
  C:\Windows\System\NbXuwwE.exe
  2⤵
  PID:7016
- C:\Windows\System\nCgipMv.exe
  C:\Windows\System\nCgipMv.exe
  2⤵
  PID:7032
- C:\Windows\System\xvRsdUp.exe
  C:\Windows\System\xvRsdUp.exe
  2⤵
  PID:7048
- C:\Windows\System\QQkYWvX.exe
  C:\Windows\System\QQkYWvX.exe
  2⤵
  PID:7064
- C:\Windows\System\HeKaHnI.exe
  C:\Windows\System\HeKaHnI.exe
  2⤵
  PID:7120
- C:\Windows\System\TLBbquu.exe
  C:\Windows\System\TLBbquu.exe
  2⤵
  PID:7136
- C:\Windows\System\AsrRBLa.exe
  C:\Windows\System\AsrRBLa.exe
  2⤵
  PID:7160
- C:\Windows\System\cRFizro.exe
  C:\Windows\System\cRFizro.exe
  2⤵
  PID:2488
- C:\Windows\System\blSruoe.exe
  C:\Windows\System\blSruoe.exe
  2⤵
  PID:4524
- C:\Windows\System\ebZweGD.exe
  C:\Windows\System\ebZweGD.exe
  2⤵
  PID:4928
- C:\Windows\System\vIwVUDX.exe
  C:\Windows\System\vIwVUDX.exe
  2⤵
  PID:5292
- C:\Windows\System\kcmBLEM.exe
  C:\Windows\System\kcmBLEM.exe
  2⤵
  PID:2532
- C:\Windows\System\mRWsLiJ.exe
  C:\Windows\System\mRWsLiJ.exe
  2⤵
  PID:6160
- C:\Windows\System\kPxvXYX.exe
  C:\Windows\System\kPxvXYX.exe
  2⤵
  PID:6224
- C:\Windows\System\srtAdzW.exe
  C:\Windows\System\srtAdzW.exe
  2⤵
  PID:5248
- C:\Windows\System\XdMeTph.exe
  C:\Windows\System\XdMeTph.exe
  2⤵
  PID:4500
- C:\Windows\System\LLcclAC.exe
  C:\Windows\System\LLcclAC.exe
  2⤵
  PID:5572
- C:\Windows\System\mliyJwB.exe
  C:\Windows\System\mliyJwB.exe
  2⤵
  PID:5176
- C:\Windows\System\LdxcCbF.exe
  C:\Windows\System\LdxcCbF.exe
  2⤵
  PID:6212
- C:\Windows\System\QWxfJHV.exe
  C:\Windows\System\QWxfJHV.exe
  2⤵
  PID:2896
- C:\Windows\System\VOvrnni.exe
  C:\Windows\System\VOvrnni.exe
  2⤵
  PID:6280
- C:\Windows\System\yGjNPaw.exe
  C:\Windows\System\yGjNPaw.exe
  2⤵
  PID:6348
- C:\Windows\System\ZlOvLQx.exe
  C:\Windows\System\ZlOvLQx.exe
  2⤵
  PID:6296
- C:\Windows\System\QqUbXUx.exe
  C:\Windows\System\QqUbXUx.exe
  2⤵
  PID:6312
- C:\Windows\System\tzBSNLA.exe
  C:\Windows\System\tzBSNLA.exe
  2⤵
  PID:6356
- C:\Windows\System\sWTShtE.exe
  C:\Windows\System\sWTShtE.exe
  2⤵
  PID:6060
- C:\Windows\System\EziYvdz.exe
  C:\Windows\System\EziYvdz.exe
  2⤵
  PID:6404
- C:\Windows\System\ycahUhk.exe
  C:\Windows\System\ycahUhk.exe
  2⤵
  PID:6460
- C:\Windows\System\ELhslAZ.exe
  C:\Windows\System\ELhslAZ.exe
  2⤵
  PID:6492
- C:\Windows\System\eDTQIdG.exe
  C:\Windows\System\eDTQIdG.exe
  2⤵
  PID:6540
- C:\Windows\System\wBDnkGF.exe
  C:\Windows\System\wBDnkGF.exe
  2⤵
  PID:6580
- C:\Windows\System\cPDWYJX.exe
  C:\Windows\System\cPDWYJX.exe
  2⤵
  PID:6472
- C:\Windows\System\bIekLsM.exe
  C:\Windows\System\bIekLsM.exe
  2⤵
  PID:6516
- C:\Windows\System\RZWtfRB.exe
  C:\Windows\System\RZWtfRB.exe
  2⤵
  PID:6596
- C:\Windows\System\xrqpczI.exe
  C:\Windows\System\xrqpczI.exe
  2⤵
  PID:6640
- C:\Windows\System\BlPVcsn.exe
  C:\Windows\System\BlPVcsn.exe
  2⤵
  PID:6668
- C:\Windows\System\bSyVamV.exe
  C:\Windows\System\bSyVamV.exe
  2⤵
  PID:5800
- C:\Windows\System\VqzNEMj.exe
  C:\Windows\System\VqzNEMj.exe
  2⤵
  PID:6800
- C:\Windows\System\gmKmVZm.exe
  C:\Windows\System\gmKmVZm.exe
  2⤵
  PID:6876
- C:\Windows\System\yNmxCuS.exe
  C:\Windows\System\yNmxCuS.exe
  2⤵
  PID:6852
- C:\Windows\System\AZvgPII.exe
  C:\Windows\System\AZvgPII.exe
  2⤵
  PID:6756
- C:\Windows\System\gcMDQbw.exe
  C:\Windows\System\gcMDQbw.exe
  2⤵
  PID:6820
- C:\Windows\System\kvWKCye.exe
  C:\Windows\System\kvWKCye.exe
  2⤵
  PID:6920
- C:\Windows\System\IgKfATa.exe
  C:\Windows\System\IgKfATa.exe
  2⤵
  PID:6992
- C:\Windows\System\UwhJICj.exe
  C:\Windows\System\UwhJICj.exe
  2⤵
  PID:7056
- C:\Windows\System\hkOHXMm.exe
  C:\Windows\System\hkOHXMm.exe
  2⤵
  PID:6904
- C:\Windows\System\CAMPMav.exe
  C:\Windows\System\CAMPMav.exe
  2⤵
  PID:6976
- C:\Windows\System\zltKYAC.exe
  C:\Windows\System\zltKYAC.exe
  2⤵
  PID:7040
- C:\Windows\System\tKthTMF.exe
  C:\Windows\System\tKthTMF.exe
  2⤵
  PID:7080
- C:\Windows\System\ChvTdJJ.exe
  C:\Windows\System\ChvTdJJ.exe
  2⤵
  PID:7100
- C:\Windows\System\svvfLZc.exe
  C:\Windows\System\svvfLZc.exe
  2⤵
  PID:7152
- C:\Windows\System\jtYYOqw.exe
  C:\Windows\System\jtYYOqw.exe
  2⤵
  PID:7132
- C:\Windows\System\ozeFLfV.exe
  C:\Windows\System\ozeFLfV.exe
  2⤵
  PID:6304
- C:\Windows\System\SubswsP.exe
  C:\Windows\System\SubswsP.exe
  2⤵
  PID:6444
- C:\Windows\System\QUrcncX.exe
  C:\Windows\System\QUrcncX.exe
  2⤵
  PID:6552
- C:\Windows\System\MDEOyYZ.exe
  C:\Windows\System\MDEOyYZ.exe
  2⤵
  PID:6628
- C:\Windows\System\mXGLrjB.exe
  C:\Windows\System\mXGLrjB.exe
  2⤵
  PID:6704
- C:\Windows\System\XJNoFEP.exe
  C:\Windows\System\XJNoFEP.exe
  2⤵
  PID:5396
- C:\Windows\System\XprfKbt.exe
  C:\Windows\System\XprfKbt.exe
  2⤵
  PID:6752
- C:\Windows\System\eHdgaHj.exe
  C:\Windows\System\eHdgaHj.exe
  2⤵
  PID:7028
- C:\Windows\System\TRPikkJ.exe
  C:\Windows\System\TRPikkJ.exe
  2⤵
  PID:7076
- C:\Windows\System\GQAfNZg.exe
  C:\Windows\System\GQAfNZg.exe
  2⤵
  PID:7116
- C:\Windows\System\yPHVUXQ.exe
  C:\Windows\System\yPHVUXQ.exe
  2⤵
  PID:2688
- C:\Windows\System\vmrlhLP.exe
  C:\Windows\System\vmrlhLP.exe
  2⤵
  PID:6004
- C:\Windows\System\xBSjNmD.exe
  C:\Windows\System\xBSjNmD.exe
  2⤵
  PID:2240
- C:\Windows\System\CsSudpD.exe
  C:\Windows\System\CsSudpD.exe
  2⤵
  PID:5996
- C:\Windows\System\gEJjslX.exe
  C:\Windows\System\gEJjslX.exe
  2⤵
  PID:6880
- C:\Windows\System\jknEYAe.exe
  C:\Windows\System\jknEYAe.exe
  2⤵
  PID:6248
- C:\Windows\System\xjyYlyI.exe
  C:\Windows\System\xjyYlyI.exe
  2⤵
  PID:6320
- C:\Windows\System\qFSzMvb.exe
  C:\Windows\System\qFSzMvb.exe
  2⤵
  PID:6360
- C:\Windows\System\MFlHrau.exe
  C:\Windows\System\MFlHrau.exe
  2⤵
  PID:6500
- C:\Windows\System\VPWhCfF.exe
  C:\Windows\System\VPWhCfF.exe
  2⤵
  PID:6616
- C:\Windows\System\sFQzNIj.exe
  C:\Windows\System\sFQzNIj.exe
  2⤵
  PID:6660
- C:\Windows\System\WsAztbs.exe
  C:\Windows\System\WsAztbs.exe
  2⤵
  PID:6900
- C:\Windows\System\vSjWagg.exe
  C:\Windows\System\vSjWagg.exe
  2⤵
  PID:7096
- C:\Windows\System\OEsENVd.exe
  C:\Windows\System\OEsENVd.exe
  2⤵
  PID:6040
- C:\Windows\System\naupNgQ.exe
  C:\Windows\System\naupNgQ.exe
  2⤵
  PID:6276
- C:\Windows\System\AYpEAUP.exe
  C:\Windows\System\AYpEAUP.exe
  2⤵
  PID:6176
- C:\Windows\System\mrntOBI.exe
  C:\Windows\System\mrntOBI.exe
  2⤵
  PID:6376
- C:\Windows\System\mpObOWu.exe
  C:\Windows\System\mpObOWu.exe
  2⤵
  PID:6636
- C:\Windows\System\GjnfEKm.exe
  C:\Windows\System\GjnfEKm.exe
  2⤵
  PID:6748
- C:\Windows\System\FOZIMMo.exe
  C:\Windows\System\FOZIMMo.exe
  2⤵
  PID:7156
- C:\Windows\System\ZpMZTXG.exe
  C:\Windows\System\ZpMZTXG.exe
  2⤵
  PID:6736
- C:\Windows\System\xdmRnLA.exe
  C:\Windows\System\xdmRnLA.exe
  2⤵
  PID:6476
- C:\Windows\System\MDtYhdb.exe
  C:\Windows\System\MDtYhdb.exe
  2⤵
  PID:6836
- C:\Windows\System\MfaIaKD.exe
  C:\Windows\System\MfaIaKD.exe
  2⤵
  PID:3008
- C:\Windows\System\VkNYPBB.exe
  C:\Windows\System\VkNYPBB.exe
  2⤵
  PID:5816
- C:\Windows\System\szhMgnE.exe
  C:\Windows\System\szhMgnE.exe
  2⤵
  PID:6788
- C:\Windows\System\QkdsRBi.exe
  C:\Windows\System\QkdsRBi.exe
  2⤵
  PID:6180
- C:\Windows\System\sNvpasv.exe
  C:\Windows\System\sNvpasv.exe
  2⤵
  PID:2312
- C:\Windows\System\YoScomn.exe
  C:\Windows\System\YoScomn.exe
  2⤵
  PID:5476
- C:\Windows\System\qBLsHvW.exe
  C:\Windows\System\qBLsHvW.exe
  2⤵
  PID:5708
- C:\Windows\System\hpBOuRH.exe
  C:\Windows\System\hpBOuRH.exe
  2⤵
  PID:6536
- C:\Windows\System\QumWFru.exe
  C:\Windows\System\QumWFru.exe
  2⤵
  PID:6232
- C:\Windows\System\gMOHdwk.exe
  C:\Windows\System\gMOHdwk.exe
  2⤵
  PID:6036
- C:\Windows\System\zyknOSC.exe
  C:\Windows\System\zyknOSC.exe
  2⤵
  PID:6132
- C:\Windows\System\cdSACPs.exe
  C:\Windows\System\cdSACPs.exe
  2⤵
  PID:6292
- C:\Windows\System\fakSvuG.exe
  C:\Windows\System\fakSvuG.exe
  2⤵
  PID:7092
- C:\Windows\System\xguGNBY.exe
  C:\Windows\System\xguGNBY.exe
  2⤵
  PID:5440
- C:\Windows\System\ZSUgfSZ.exe
  C:\Windows\System\ZSUgfSZ.exe
  2⤵
  PID:6392
- C:\Windows\System\NlsKaDc.exe
  C:\Windows\System\NlsKaDc.exe
  2⤵
  PID:6548
- C:\Windows\System\zlYISSS.exe
  C:\Windows\System\zlYISSS.exe
  2⤵
  PID:2396
- C:\Windows\System\fZEJesb.exe
  C:\Windows\System\fZEJesb.exe
  2⤵
  PID:6524
- C:\Windows\System\rbsmriZ.exe
  C:\Windows\System\rbsmriZ.exe
  2⤵
  PID:2432
- C:\Windows\System\QzUNlHM.exe
  C:\Windows\System\QzUNlHM.exe
  2⤵
  PID:6488
- C:\Windows\System\dGdhhqD.exe
  C:\Windows\System\dGdhhqD.exe
  2⤵
  PID:6892
- C:\Windows\System\OfEbruf.exe
  C:\Windows\System\OfEbruf.exe
  2⤵
  PID:7176
- C:\Windows\System\xPzUNbH.exe
  C:\Windows\System\xPzUNbH.exe
  2⤵
  PID:7192
- C:\Windows\System\kjUrXfm.exe
  C:\Windows\System\kjUrXfm.exe
  2⤵
  PID:7208
- C:\Windows\System\HvwkHDS.exe
  C:\Windows\System\HvwkHDS.exe
  2⤵
  PID:7224
- C:\Windows\System\WUfoDKt.exe
  C:\Windows\System\WUfoDKt.exe
  2⤵
  PID:7240
- C:\Windows\System\pDNEuQT.exe
  C:\Windows\System\pDNEuQT.exe
  2⤵
  PID:7256
- C:\Windows\System\wzsnziX.exe
  C:\Windows\System\wzsnziX.exe
  2⤵
  PID:7272
- C:\Windows\System\sAipMFp.exe
  C:\Windows\System\sAipMFp.exe
  2⤵
  PID:7292
- C:\Windows\System\GzOPNpq.exe
  C:\Windows\System\GzOPNpq.exe
  2⤵
  PID:7308
- C:\Windows\System\plfymcR.exe
  C:\Windows\System\plfymcR.exe
  2⤵
  PID:7324
- C:\Windows\System\YFtNTHk.exe
  C:\Windows\System\YFtNTHk.exe
  2⤵
  PID:7340
- C:\Windows\System\nXnJIOX.exe
  C:\Windows\System\nXnJIOX.exe
  2⤵
  PID:7356
- C:\Windows\System\nmKWvOD.exe
  C:\Windows\System\nmKWvOD.exe
  2⤵
  PID:7372
- C:\Windows\System\kDVlkrB.exe
  C:\Windows\System\kDVlkrB.exe
  2⤵
  PID:7388
- C:\Windows\System\rntFWYi.exe
  C:\Windows\System\rntFWYi.exe
  2⤵
  PID:7408
- C:\Windows\System\vVSWAwV.exe
  C:\Windows\System\vVSWAwV.exe
  2⤵
  PID:7428
- C:\Windows\System\WYNElLt.exe
  C:\Windows\System\WYNElLt.exe
  2⤵
  PID:7444
- C:\Windows\System\qvJopFW.exe
  C:\Windows\System\qvJopFW.exe
  2⤵
  PID:7648
- C:\Windows\System\bzeKWMT.exe
  C:\Windows\System\bzeKWMT.exe
  2⤵
  PID:7664
- C:\Windows\System\uhFthmx.exe
  C:\Windows\System\uhFthmx.exe
  2⤵
  PID:7684
- C:\Windows\System\fSMgfjB.exe
  C:\Windows\System\fSMgfjB.exe
  2⤵
  PID:7700
- C:\Windows\System\ZnvWyvS.exe
  C:\Windows\System\ZnvWyvS.exe
  2⤵
  PID:7716
- C:\Windows\System\uWCYZpE.exe
  C:\Windows\System\uWCYZpE.exe
  2⤵
  PID:7732
- C:\Windows\System\ePfVluw.exe
  C:\Windows\System\ePfVluw.exe
  2⤵
  PID:7748
- C:\Windows\System\XWiGqnt.exe
  C:\Windows\System\XWiGqnt.exe
  2⤵
  PID:7764
- C:\Windows\System\QGateXu.exe
  C:\Windows\System\QGateXu.exe
  2⤵
  PID:7780
- C:\Windows\System\YOtQUoJ.exe
  C:\Windows\System\YOtQUoJ.exe
  2⤵
  PID:7800
- C:\Windows\System\gYLdzOn.exe
  C:\Windows\System\gYLdzOn.exe
  2⤵
  PID:7816
- C:\Windows\System\BLfYMYT.exe
  C:\Windows\System\BLfYMYT.exe
  2⤵
  PID:7832
- C:\Windows\System\aJMkUMV.exe
  C:\Windows\System\aJMkUMV.exe
  2⤵
  PID:7848
- C:\Windows\System\KIfoPdH.exe
  C:\Windows\System\KIfoPdH.exe
  2⤵
  PID:7864
- C:\Windows\System\oDPpgrS.exe
  C:\Windows\System\oDPpgrS.exe
  2⤵
  PID:7880
- C:\Windows\System\UfbLuDc.exe
  C:\Windows\System\UfbLuDc.exe
  2⤵
  PID:7952
- C:\Windows\System\FaBuSpn.exe
  C:\Windows\System\FaBuSpn.exe
  2⤵
  PID:7968
- C:\Windows\System\KEcYcec.exe
  C:\Windows\System\KEcYcec.exe
  2⤵
  PID:7984
- C:\Windows\System\dFXGnNa.exe
  C:\Windows\System\dFXGnNa.exe
  2⤵
  PID:8000
- C:\Windows\System\KgIkouk.exe
  C:\Windows\System\KgIkouk.exe
  2⤵
  PID:8016
- C:\Windows\System\yUMqzpW.exe
  C:\Windows\System\yUMqzpW.exe
  2⤵
  PID:8032
- C:\Windows\System\NUyPOhd.exe
  C:\Windows\System\NUyPOhd.exe
  2⤵
  PID:8052
- C:\Windows\System\DAqEXgg.exe
  C:\Windows\System\DAqEXgg.exe
  2⤵
  PID:8068
- C:\Windows\System\btdDSIt.exe
  C:\Windows\System\btdDSIt.exe
  2⤵
  PID:8084
- C:\Windows\System\MOWOVSE.exe
  C:\Windows\System\MOWOVSE.exe
  2⤵
  PID:8100
- C:\Windows\System\pqaDQIc.exe
  C:\Windows\System\pqaDQIc.exe
  2⤵
  PID:8116
- C:\Windows\System\FgnknQl.exe
  C:\Windows\System\FgnknQl.exe
  2⤵
  PID:8132
- C:\Windows\System\jkEKzPa.exe
  C:\Windows\System\jkEKzPa.exe
  2⤵
  PID:8148
- C:\Windows\System\wcaVfEi.exe
  C:\Windows\System\wcaVfEi.exe
  2⤵
  PID:8164
- C:\Windows\System\kZnuHBO.exe
  C:\Windows\System\kZnuHBO.exe
  2⤵
  PID:8180
- C:\Windows\System\FdZvLCr.exe
  C:\Windows\System\FdZvLCr.exe
  2⤵
  PID:7072
- C:\Windows\System\YCqIGpy.exe
  C:\Windows\System\YCqIGpy.exe
  2⤵
  PID:7204
- C:\Windows\System\VTrNdEl.exe
  C:\Windows\System\VTrNdEl.exe
  2⤵
  PID:7268
- C:\Windows\System\AGADkOC.exe
  C:\Windows\System\AGADkOC.exe
  2⤵
  PID:7012
- C:\Windows\System\SBxcULS.exe
  C:\Windows\System\SBxcULS.exe
  2⤵
  PID:7368
- C:\Windows\System\VRhBjqE.exe
  C:\Windows\System\VRhBjqE.exe
  2⤵
  PID:6888
- C:\Windows\System\TNncNxV.exe
  C:\Windows\System\TNncNxV.exe
  2⤵
  PID:7404
- C:\Windows\System\IjXomkX.exe
  C:\Windows\System\IjXomkX.exe
  2⤵
  PID:7436
- C:\Windows\System\fcNujav.exe
  C:\Windows\System\fcNujav.exe
  2⤵
  PID:7220
- C:\Windows\System\wFoErgv.exe
  C:\Windows\System\wFoErgv.exe
  2⤵
  PID:7476
- C:\Windows\System\AQAtnYz.exe
  C:\Windows\System\AQAtnYz.exe
  2⤵
  PID:7492
- C:\Windows\System\qsRuXzw.exe
  C:\Windows\System\qsRuXzw.exe
  2⤵
  PID:7508
- C:\Windows\System\qyGAbpn.exe
  C:\Windows\System\qyGAbpn.exe
  2⤵
  PID:7524
- C:\Windows\System\rGSMMOJ.exe
  C:\Windows\System\rGSMMOJ.exe
  2⤵
  PID:7540
- C:\Windows\System\INmgJQS.exe
  C:\Windows\System\INmgJQS.exe
  2⤵
  PID:7556
- C:\Windows\System\HAOCGvv.exe
  C:\Windows\System\HAOCGvv.exe
  2⤵
  PID:7576
- C:\Windows\System\kWmmCEf.exe
  C:\Windows\System\kWmmCEf.exe
  2⤵
  PID:7592
- C:\Windows\System\QeKVKEX.exe
  C:\Windows\System\QeKVKEX.exe
  2⤵
  PID:7608
- C:\Windows\System\wQMrLky.exe
  C:\Windows\System\wQMrLky.exe
  2⤵
  PID:7624
- C:\Windows\System\eYSTyRy.exe
  C:\Windows\System\eYSTyRy.exe
  2⤵
  PID:7640
- C:\Windows\System\Jakqwzp.exe
  C:\Windows\System\Jakqwzp.exe
  2⤵
  PID:7680
- C:\Windows\System\feWLbJf.exe
  C:\Windows\System\feWLbJf.exe
  2⤵
  PID:7728
- C:\Windows\System\ifWWqxa.exe
  C:\Windows\System\ifWWqxa.exe
  2⤵
  PID:7708
- C:\Windows\System\cbANBqA.exe
  C:\Windows\System\cbANBqA.exe
  2⤵
  PID:7744
- C:\Windows\System\oBfPslK.exe
  C:\Windows\System\oBfPslK.exe
  2⤵
  PID:7792
- C:\Windows\System\sjPvZkX.exe
  C:\Windows\System\sjPvZkX.exe
  2⤵
  PID:7828
- C:\Windows\System\trJZSCc.exe
  C:\Windows\System\trJZSCc.exe
  2⤵
  PID:7840
- C:\Windows\System\PgEXAbI.exe
  C:\Windows\System\PgEXAbI.exe
  2⤵
  PID:7876
- C:\Windows\System\NgFjLUX.exe
  C:\Windows\System\NgFjLUX.exe
  2⤵
  PID:7908
- C:\Windows\System\EGgCQXo.exe
  C:\Windows\System\EGgCQXo.exe
  2⤵
  PID:7924
- C:\Windows\System\wkDBkZB.exe
  C:\Windows\System\wkDBkZB.exe
  2⤵
  PID:7940
- C:\Windows\System\dFtLYrO.exe
  C:\Windows\System\dFtLYrO.exe
  2⤵
  PID:7960
- C:\Windows\System\iKCMfJj.exe
  C:\Windows\System\iKCMfJj.exe
  2⤵
  PID:7980
- C:\Windows\System\QgwJXpM.exe
  C:\Windows\System\QgwJXpM.exe
  2⤵
  PID:8048
- C:\Windows\System\XkJLsSq.exe
  C:\Windows\System\XkJLsSq.exe
  2⤵
  PID:7264
- C:\Windows\System\lORIkZX.exe
  C:\Windows\System\lORIkZX.exe
  2⤵
  PID:7336
- C:\Windows\System\jhrcflo.exe
  C:\Windows\System\jhrcflo.exe
  2⤵
  PID:7188
- C:\Windows\System\KAJazqo.exe
  C:\Windows\System\KAJazqo.exe
  2⤵
  PID:7380
- C:\Windows\System\qoIHENs.exe
  C:\Windows\System\qoIHENs.exe
  2⤵
  PID:7280
- C:\Windows\System\KLDKrLt.exe
  C:\Windows\System\KLDKrLt.exe
  2⤵
  PID:7352
- C:\Windows\System\pxMyWmK.exe
  C:\Windows\System\pxMyWmK.exe
  2⤵
  PID:7452
- C:\Windows\System\uGsjlfq.exe
  C:\Windows\System\uGsjlfq.exe
  2⤵
  PID:7500
- C:\Windows\System\gloSczg.exe
  C:\Windows\System\gloSczg.exe
  2⤵
  PID:7584
- C:\Windows\System\CjTwjmY.exe
  C:\Windows\System\CjTwjmY.exe
  2⤵
  PID:7552
- C:\Windows\System\btyeVmq.exe
  C:\Windows\System\btyeVmq.exe
  2⤵
  PID:7564
- C:\Windows\System\ZnggCOW.exe
  C:\Windows\System\ZnggCOW.exe
  2⤵
  PID:7604
- C:\Windows\System\Eejcvqg.exe
  C:\Windows\System\Eejcvqg.exe
  2⤵
  PID:7796
- C:\Windows\System\PubyShF.exe
  C:\Windows\System\PubyShF.exe
  2⤵
  PID:7824
- C:\Windows\System\Mwdljkd.exe
  C:\Windows\System\Mwdljkd.exe
  2⤵
  PID:7760
- C:\Windows\System\YgdRQDY.exe
  C:\Windows\System\YgdRQDY.exe
  2⤵
  PID:7788
- C:\Windows\System\nWxbgKm.exe
  C:\Windows\System\nWxbgKm.exe
  2⤵
  PID:5516
- C:\Windows\System\LPaKXfI.exe
  C:\Windows\System\LPaKXfI.exe
  2⤵
  PID:8080
- C:\Windows\System\pVhsDZl.exe
  C:\Windows\System\pVhsDZl.exe
  2⤵
  PID:7992
- C:\Windows\System\RPsDtkZ.exe
  C:\Windows\System\RPsDtkZ.exe
  2⤵
  PID:8044
- C:\Windows\System\yCkEaZV.exe
  C:\Windows\System\yCkEaZV.exe
  2⤵
  PID:8172
- C:\Windows\System\ZwvENhw.exe
  C:\Windows\System\ZwvENhw.exe
  2⤵
  PID:2280
- C:\Windows\System\CTXaeLe.exe
  C:\Windows\System\CTXaeLe.exe
  2⤵
  PID:7316
- C:\Windows\System\ypiWHks.exe
  C:\Windows\System\ypiWHks.exe
  2⤵
  PID:8060
- C:\Windows\System\UFiNPau.exe
  C:\Windows\System\UFiNPau.exe
  2⤵
  PID:8024
- C:\Windows\System\daXtjGX.exe
  C:\Windows\System\daXtjGX.exe
  2⤵
  PID:8096
- C:\Windows\System\XtVcKjR.exe
  C:\Windows\System\XtVcKjR.exe
  2⤵
  PID:6960
- C:\Windows\System\zuagcTP.exe
  C:\Windows\System\zuagcTP.exe
  2⤵
  PID:7484
- C:\Windows\System\JMIPMyz.exe
  C:\Windows\System\JMIPMyz.exe
  2⤵
  PID:7616
- C:\Windows\System\belxwnq.exe
  C:\Windows\System\belxwnq.exe
  2⤵
  PID:7252
- C:\Windows\System\ZrvckAx.exe
  C:\Windows\System\ZrvckAx.exe
  2⤵
  PID:7384
- C:\Windows\System\xCMWrex.exe
  C:\Windows\System\xCMWrex.exe
  2⤵
  PID:7456
- C:\Windows\System\BTOhgxF.exe
  C:\Windows\System\BTOhgxF.exe
  2⤵
  PID:2324
- C:\Windows\System\uoyGWqi.exe
  C:\Windows\System\uoyGWqi.exe
  2⤵
  PID:7872
- C:\Windows\System\gbqAtYi.exe
  C:\Windows\System\gbqAtYi.exe
  2⤵
  PID:7860
- C:\Windows\System\urDiNHF.exe
  C:\Windows\System\urDiNHF.exe
  2⤵
  PID:7920
- C:\Windows\System\brLibeb.exe
  C:\Windows\System\brLibeb.exe
  2⤵
  PID:7964
- C:\Windows\System\NghMtam.exe
  C:\Windows\System\NghMtam.exe
  2⤵
  PID:7304
- C:\Windows\System\pUUkwma.exe
  C:\Windows\System\pUUkwma.exe
  2⤵
  PID:8012
- C:\Windows\System\nKmTgZW.exe
  C:\Windows\System\nKmTgZW.exe
  2⤵
  PID:7536
- C:\Windows\System\AVgZfdD.exe
  C:\Windows\System\AVgZfdD.exe
  2⤵
  PID:7396
- C:\Windows\System\VWRtsPh.exe
  C:\Windows\System\VWRtsPh.exe
  2⤵
  PID:8188
- C:\Windows\System\MotUKeA.exe
  C:\Windows\System\MotUKeA.exe
  2⤵
  PID:7712
- C:\Windows\System\KNOpFEc.exe
  C:\Windows\System\KNOpFEc.exe
  2⤵
  PID:7856
- C:\Windows\System\mOiCqDL.exe
  C:\Windows\System\mOiCqDL.exe
  2⤵
  PID:7464
- C:\Windows\System\CUAQNtW.exe
  C:\Windows\System\CUAQNtW.exe
  2⤵
  PID:8144
- C:\Windows\System\hMxVXuZ.exe
  C:\Windows\System\hMxVXuZ.exe
  2⤵
  PID:7900
- C:\Windows\System\XJmknvy.exe
  C:\Windows\System\XJmknvy.exe
  2⤵
  PID:8212
- C:\Windows\System\hrYhRLS.exe
  C:\Windows\System\hrYhRLS.exe
  2⤵
  PID:8228
- C:\Windows\System\KSnbdeH.exe
  C:\Windows\System\KSnbdeH.exe
  2⤵
  PID:8244
- C:\Windows\System\MQJFoNO.exe
  C:\Windows\System\MQJFoNO.exe
  2⤵
  PID:8260
- C:\Windows\System\LqHUvhu.exe
  C:\Windows\System\LqHUvhu.exe
  2⤵
  PID:8276
- C:\Windows\System\UowtYgF.exe
  C:\Windows\System\UowtYgF.exe
  2⤵
  PID:8292
- C:\Windows\System\MaNEVPI.exe
  C:\Windows\System\MaNEVPI.exe
  2⤵
  PID:8324
- C:\Windows\System\LLsvPAo.exe
  C:\Windows\System\LLsvPAo.exe
  2⤵
  PID:8348
- C:\Windows\System\njFIUoE.exe
  C:\Windows\System\njFIUoE.exe
  2⤵
  PID:8404
- C:\Windows\System\TTuwefg.exe
  C:\Windows\System\TTuwefg.exe
  2⤵
  PID:8428
- C:\Windows\System\vJmghvB.exe
  C:\Windows\System\vJmghvB.exe
  2⤵
  PID:8448
- C:\Windows\System\TgnprlV.exe
  C:\Windows\System\TgnprlV.exe
  2⤵
  PID:8468
- C:\Windows\System\vnJYAAf.exe
  C:\Windows\System\vnJYAAf.exe
  2⤵
  PID:8484
- C:\Windows\System\VQWRysw.exe
  C:\Windows\System\VQWRysw.exe
  2⤵
  PID:8504
- C:\Windows\System\KwyeHca.exe
  C:\Windows\System\KwyeHca.exe
  2⤵
  PID:8528
- C:\Windows\System\TJSkeVT.exe
  C:\Windows\System\TJSkeVT.exe
  2⤵
  PID:8544
- C:\Windows\System\HWRWeEu.exe
  C:\Windows\System\HWRWeEu.exe
  2⤵
  PID:8560
- C:\Windows\System\HrXEzPH.exe
  C:\Windows\System\HrXEzPH.exe
  2⤵
  PID:8576
- C:\Windows\System\yTftfVH.exe
  C:\Windows\System\yTftfVH.exe
  2⤵
  PID:8592
- C:\Windows\System\HtOAjVL.exe
  C:\Windows\System\HtOAjVL.exe
  2⤵
  PID:8616
- C:\Windows\System\HDUarRz.exe
  C:\Windows\System\HDUarRz.exe
  2⤵
  PID:8636
- C:\Windows\System\coXppot.exe
  C:\Windows\System\coXppot.exe
  2⤵
  PID:8660
- C:\Windows\System\DIWtWVd.exe
  C:\Windows\System\DIWtWVd.exe
  2⤵
  PID:8688
- C:\Windows\System\SPzdaSa.exe
  C:\Windows\System\SPzdaSa.exe
  2⤵
  PID:8708
- C:\Windows\System\CTrUrcK.exe
  C:\Windows\System\CTrUrcK.exe
  2⤵
  PID:8724
- C:\Windows\System\xOwpWuC.exe
  C:\Windows\System\xOwpWuC.exe
  2⤵
  PID:8744
- C:\Windows\System\WllReIv.exe
  C:\Windows\System\WllReIv.exe
  2⤵
  PID:8760
- C:\Windows\System\OKlhlnY.exe
  C:\Windows\System\OKlhlnY.exe
  2⤵
  PID:8776
- C:\Windows\System\CUEWrwF.exe
  C:\Windows\System\CUEWrwF.exe
  2⤵
  PID:8792
- C:\Windows\System\VHLhFfb.exe
  C:\Windows\System\VHLhFfb.exe
  2⤵
  PID:8812
- C:\Windows\System\AtlMwFv.exe
  C:\Windows\System\AtlMwFv.exe
  2⤵
  PID:8832
- C:\Windows\System\raOcurl.exe
  C:\Windows\System\raOcurl.exe
  2⤵
  PID:8848
- C:\Windows\System\FhDEQdX.exe
  C:\Windows\System\FhDEQdX.exe
  2⤵
  PID:8864
- C:\Windows\System\jjluOtS.exe
  C:\Windows\System\jjluOtS.exe
  2⤵
  PID:8904
- C:\Windows\System\WgaOvAm.exe
  C:\Windows\System\WgaOvAm.exe
  2⤵
  PID:8936
- C:\Windows\System\yltvmZW.exe
  C:\Windows\System\yltvmZW.exe
  2⤵
  PID:8956
- C:\Windows\System\CLbbzMX.exe
  C:\Windows\System\CLbbzMX.exe
  2⤵
  PID:8972
- C:\Windows\System\VsYUoHz.exe
  C:\Windows\System\VsYUoHz.exe
  2⤵
  PID:8996
- C:\Windows\System\kDthGMK.exe
  C:\Windows\System\kDthGMK.exe
  2⤵
  PID:9012
- C:\Windows\System\bIPIGKU.exe
  C:\Windows\System\bIPIGKU.exe
  2⤵
  PID:9032
- C:\Windows\System\QcwxiFK.exe
  C:\Windows\System\QcwxiFK.exe
  2⤵
  PID:9052
- C:\Windows\System\YpkrRRY.exe
  C:\Windows\System\YpkrRRY.exe
  2⤵
  PID:9076
- C:\Windows\System\WjORGPX.exe
  C:\Windows\System\WjORGPX.exe
  2⤵
  PID:9096
- C:\Windows\System\JtgwgcO.exe
  C:\Windows\System\JtgwgcO.exe
  2⤵
  PID:9120
- C:\Windows\System\BSCMBUi.exe
  C:\Windows\System\BSCMBUi.exe
  2⤵
  PID:9136
- C:\Windows\System\VcEKfmj.exe
  C:\Windows\System\VcEKfmj.exe
  2⤵
  PID:9152
- C:\Windows\System\CKZomex.exe
  C:\Windows\System\CKZomex.exe
  2⤵
  PID:9168
- C:\Windows\System\jbrolCD.exe
  C:\Windows\System\jbrolCD.exe
  2⤵
  PID:9192
- C:\Windows\System\aznHhga.exe
  C:\Windows\System\aznHhga.exe
  2⤵
  PID:7892
- C:\Windows\System\YBAErab.exe
  C:\Windows\System\YBAErab.exe
  2⤵
  PID:7172
- C:\Windows\System\WYAsNuL.exe
  C:\Windows\System\WYAsNuL.exe
  2⤵
  PID:8288
- C:\Windows\System\HlUQtXg.exe
  C:\Windows\System\HlUQtXg.exe
  2⤵
  PID:8200
- C:\Windows\System\MncBqYj.exe
  C:\Windows\System\MncBqYj.exe
  2⤵
  PID:8240
- C:\Windows\System\ymsNbAk.exe
  C:\Windows\System\ymsNbAk.exe
  2⤵
  PID:8312
- C:\Windows\System\RgItqZz.exe
  C:\Windows\System\RgItqZz.exe
  2⤵
  PID:8316
- C:\Windows\System\hiLdouC.exe
  C:\Windows\System\hiLdouC.exe
  2⤵
  PID:8380
- C:\Windows\System\Cmqynrg.exe
  C:\Windows\System\Cmqynrg.exe
  2⤵
  PID:8392
- C:\Windows\System\fiKfsaA.exe
  C:\Windows\System\fiKfsaA.exe
  2⤵
  PID:8424
- C:\Windows\System\SdIStyP.exe
  C:\Windows\System\SdIStyP.exe
  2⤵
  PID:8456
- C:\Windows\System\PpqpThk.exe
  C:\Windows\System\PpqpThk.exe
  2⤵
  PID:8476
- C:\Windows\System\SpGYjdU.exe
  C:\Windows\System\SpGYjdU.exe
  2⤵
  PID:8540
- C:\Windows\System\jzPxglz.exe
  C:\Windows\System\jzPxglz.exe
  2⤵
  PID:8520
- C:\Windows\System\pAcOOdX.exe
  C:\Windows\System\pAcOOdX.exe
  2⤵
  PID:8608
- C:\Windows\System\VLnHgkM.exe
  C:\Windows\System\VLnHgkM.exe
  2⤵
  PID:8644
- C:\Windows\System\uTIbGzZ.exe
  C:\Windows\System\uTIbGzZ.exe
  2⤵
  PID:8676
- C:\Windows\System\sLHynnm.exe
  C:\Windows\System\sLHynnm.exe
  2⤵
  PID:8628
- C:\Windows\System\ISfQAym.exe
  C:\Windows\System\ISfQAym.exe
  2⤵
  PID:8720
- C:\Windows\System\GWrAiBf.exe
  C:\Windows\System\GWrAiBf.exe
  2⤵
  PID:8824
- C:\Windows\System\RfsEjXH.exe
  C:\Windows\System\RfsEjXH.exe
  2⤵
  PID:8716
- C:\Windows\System\WwoFpty.exe
  C:\Windows\System\WwoFpty.exe
  2⤵
  PID:8768
- C:\Windows\System\vijLsqg.exe
  C:\Windows\System\vijLsqg.exe
  2⤵
  PID:8752
- C:\Windows\System\bnvFvnb.exe
  C:\Windows\System\bnvFvnb.exe
  2⤵
  PID:8912
- C:\Windows\System\takZQCb.exe
  C:\Windows\System\takZQCb.exe
  2⤵
  PID:8892
- C:\Windows\System\jcSxaHC.exe
  C:\Windows\System\jcSxaHC.exe
  2⤵
  PID:8920
- C:\Windows\System\igvcqCT.exe
  C:\Windows\System\igvcqCT.exe
  2⤵
  PID:8944
- C:\Windows\System\VsrYVDz.exe
  C:\Windows\System\VsrYVDz.exe
  2⤵
  PID:8984
- C:\Windows\System\JFltFsW.exe
  C:\Windows\System\JFltFsW.exe
  2⤵
  PID:9004
- C:\Windows\System\RYSyjUy.exe
  C:\Windows\System\RYSyjUy.exe
  2⤵
  PID:9044
- C:\Windows\System\PWxSpmo.exe
  C:\Windows\System\PWxSpmo.exe
  2⤵
  PID:9112
- C:\Windows\System\mVgfRAg.exe
  C:\Windows\System\mVgfRAg.exe
  2⤵
  PID:9128
- C:\Windows\System\VdOdYtD.exe
  C:\Windows\System\VdOdYtD.exe
  2⤵
  PID:9208
- C:\Windows\System\YclFynx.exe
  C:\Windows\System\YclFynx.exe
  2⤵
  PID:9180
- C:\Windows\System\daIghkZ.exe
  C:\Windows\System\daIghkZ.exe
  2⤵
  PID:8236
- C:\Windows\System\YdTICjI.exe
  C:\Windows\System\YdTICjI.exe
  2⤵
  PID:8388
- C:\Windows\System\bjHpnHw.exe
  C:\Windows\System\bjHpnHw.exe
  2⤵
  PID:8444
- C:\Windows\System\iIqcUty.exe
  C:\Windows\System\iIqcUty.exe
  2⤵
  PID:8556
- C:\Windows\System\cAexYCI.exe
  C:\Windows\System\cAexYCI.exe
  2⤵
  PID:8668
- C:\Windows\System\RkNYPmK.exe
  C:\Windows\System\RkNYPmK.exe
  2⤵
  PID:8856
- C:\Windows\System\BrjRHga.exe
  C:\Windows\System\BrjRHga.exe
  2⤵
  PID:8932
- C:\Windows\System\phYTEkB.exe
  C:\Windows\System\phYTEkB.exe
  2⤵
  PID:8336
- C:\Windows\System\BVGqFVs.exe
  C:\Windows\System\BVGqFVs.exe
  2⤵
  PID:8356
- C:\Windows\System\NzakDDi.exe
  C:\Windows\System\NzakDDi.exe
  2⤵
  PID:8684
- C:\Windows\System\aPzHFBu.exe
  C:\Windows\System\aPzHFBu.exe
  2⤵
  PID:8820
- C:\Windows\System\jQhSZJo.exe
  C:\Windows\System\jQhSZJo.exe
  2⤵
  PID:8736
- C:\Windows\System\CnTjcQJ.exe
  C:\Windows\System\CnTjcQJ.exe
  2⤵
  PID:8256
- C:\Windows\System\zaqdhzi.exe
  C:\Windows\System\zaqdhzi.exe
  2⤵
  PID:9040
- C:\Windows\System\Gxboatl.exe
  C:\Windows\System\Gxboatl.exe
  2⤵
  PID:9200
- C:\Windows\System\CmngAZz.exe
  C:\Windows\System\CmngAZz.exe
  2⤵
  PID:8208
- C:\Windows\System\XfWlelZ.exe
  C:\Windows\System\XfWlelZ.exe
  2⤵
  PID:8512
- C:\Windows\System\uBVLjgz.exe
  C:\Windows\System\uBVLjgz.exe
  2⤵
  PID:8552
- C:\Windows\System\wNqnRVW.exe
  C:\Windows\System\wNqnRVW.exe
  2⤵
  PID:8700
- C:\Windows\System\NKuwTSg.exe
  C:\Windows\System\NKuwTSg.exe
  2⤵
  PID:8400
- C:\Windows\System\cOIWqUK.exe
  C:\Windows\System\cOIWqUK.exe
  2⤵
  PID:8572
- C:\Windows\System\rvHEaho.exe
  C:\Windows\System\rvHEaho.exe
  2⤵
  PID:8196
- C:\Windows\System\vvABoPD.exe
  C:\Windows\System\vvABoPD.exe
  2⤵
  PID:8880
- C:\Windows\System\VvqjgXs.exe
  C:\Windows\System\VvqjgXs.exe
  2⤵
  PID:8360
- C:\Windows\System\qLcdhsA.exe
  C:\Windows\System\qLcdhsA.exe
  2⤵
  PID:8788
- C:\Windows\System\zFUSAbp.exe
  C:\Windows\System\zFUSAbp.exe
  2⤵
  PID:9024
- C:\Windows\System\SQmGJMC.exe
  C:\Windows\System\SQmGJMC.exe
  2⤵
  PID:9148
- C:\Windows\System\moJRJrr.exe
  C:\Windows\System\moJRJrr.exe
  2⤵
  PID:8496
- C:\Windows\System\OeycfDb.exe
  C:\Windows\System\OeycfDb.exe
  2⤵
  PID:9084
- C:\Windows\System\TIXKWXb.exe
  C:\Windows\System\TIXKWXb.exe
  2⤵
  PID:8436
- C:\Windows\System\aLTamcj.exe
  C:\Windows\System\aLTamcj.exe
  2⤵
  PID:8652
- C:\Windows\System\oEeSuCG.exe
  C:\Windows\System\oEeSuCG.exe
  2⤵
  PID:8656
- C:\Windows\System\vhURnJh.exe
  C:\Windows\System\vhURnJh.exe
  2⤵
  PID:8584
- C:\Windows\System\SOXdScV.exe
  C:\Windows\System\SOXdScV.exe
  2⤵
  PID:8888
- C:\Windows\System\kcskgEL.exe
  C:\Windows\System\kcskgEL.exe
  2⤵
  PID:8732
- C:\Windows\System\aXWsFcU.exe
  C:\Windows\System\aXWsFcU.exe
  2⤵
  PID:7672
- C:\Windows\System\SUcntHk.exe
  C:\Windows\System\SUcntHk.exe
  2⤵
  PID:8536
- C:\Windows\System\PBtZFyX.exe
  C:\Windows\System\PBtZFyX.exe
  2⤵
  PID:9108
- C:\Windows\System\SGjiTzw.exe
  C:\Windows\System\SGjiTzw.exe
  2⤵
  PID:8992
- C:\Windows\System\rezMACK.exe
  C:\Windows\System\rezMACK.exe
  2⤵
  PID:9028
- C:\Windows\System\qCSeyhe.exe
  C:\Windows\System\qCSeyhe.exe
  2⤵
  PID:8980
- C:\Windows\System\CGHmSNf.exe
  C:\Windows\System\CGHmSNf.exe
  2⤵
  PID:9164
- C:\Windows\System\BztHVSW.exe
  C:\Windows\System\BztHVSW.exe
  2⤵
  PID:9224
- C:\Windows\System\lXhANHS.exe
  C:\Windows\System\lXhANHS.exe
  2⤵
  PID:9240
- C:\Windows\System\dUWFlac.exe
  C:\Windows\System\dUWFlac.exe
  2⤵
  PID:9256
- C:\Windows\System\PvNompA.exe
  C:\Windows\System\PvNompA.exe
  2⤵
  PID:9272
- C:\Windows\System\wGmzoSq.exe
  C:\Windows\System\wGmzoSq.exe
  2⤵
  PID:9288
- C:\Windows\System\tJlRdiY.exe
  C:\Windows\System\tJlRdiY.exe
  2⤵
  PID:9308
- C:\Windows\System\sMflwLV.exe
  C:\Windows\System\sMflwLV.exe
  2⤵
  PID:9324
- C:\Windows\System\JfzoKGz.exe
  C:\Windows\System\JfzoKGz.exe
  2⤵
  PID:9340
- C:\Windows\System\VGUHHtw.exe
  C:\Windows\System\VGUHHtw.exe
  2⤵
  PID:9356
- C:\Windows\System\QIklvvj.exe
  C:\Windows\System\QIklvvj.exe
  2⤵
  PID:9372
- C:\Windows\System\fJPnAbi.exe
  C:\Windows\System\fJPnAbi.exe
  2⤵
  PID:9388
- C:\Windows\System\yNmnylr.exe
  C:\Windows\System\yNmnylr.exe
  2⤵
  PID:9404
- C:\Windows\System\wxgTelq.exe
  C:\Windows\System\wxgTelq.exe
  2⤵
  PID:9420
- C:\Windows\System\lDlxSsY.exe
  C:\Windows\System\lDlxSsY.exe
  2⤵
  PID:9436
- C:\Windows\System\jUDzbNT.exe
  C:\Windows\System\jUDzbNT.exe
  2⤵
  PID:9452
- C:\Windows\System\fYDwyyP.exe
  C:\Windows\System\fYDwyyP.exe
  2⤵
  PID:9468
- C:\Windows\System\IKJFScH.exe
  C:\Windows\System\IKJFScH.exe
  2⤵
  PID:9484
- C:\Windows\System\qbAotWC.exe
  C:\Windows\System\qbAotWC.exe
  2⤵
  PID:9500
- C:\Windows\System\xkUCcBJ.exe
  C:\Windows\System\xkUCcBJ.exe
  2⤵
  PID:9516
- C:\Windows\System\PzVMdji.exe
  C:\Windows\System\PzVMdji.exe
  2⤵
  PID:9532
- C:\Windows\System\kPpsYYb.exe
  C:\Windows\System\kPpsYYb.exe
  2⤵
  PID:9548
- C:\Windows\System\kyindzA.exe
  C:\Windows\System\kyindzA.exe
  2⤵
  PID:9564
- C:\Windows\System\NasOrUQ.exe
  C:\Windows\System\NasOrUQ.exe
  2⤵
  PID:9580
- C:\Windows\System\sBAtPfd.exe
  C:\Windows\System\sBAtPfd.exe
  2⤵
  PID:9596
- C:\Windows\System\cakWfqe.exe
  C:\Windows\System\cakWfqe.exe
  2⤵
  PID:9612
- C:\Windows\System\swDAFEx.exe
  C:\Windows\System\swDAFEx.exe
  2⤵
  PID:9628
- C:\Windows\System\xoWNtcm.exe
  C:\Windows\System\xoWNtcm.exe
  2⤵
  PID:9644
- C:\Windows\System\ymjdPZw.exe
  C:\Windows\System\ymjdPZw.exe
  2⤵
  PID:9660
- C:\Windows\System\xftblkI.exe
  C:\Windows\System\xftblkI.exe
  2⤵
  PID:9676
- C:\Windows\System\OdbvDnq.exe
  C:\Windows\System\OdbvDnq.exe
  2⤵
  PID:9692
- C:\Windows\System\ZPllIii.exe
  C:\Windows\System\ZPllIii.exe
  2⤵
  PID:9708
- C:\Windows\System\EkIELsq.exe
  C:\Windows\System\EkIELsq.exe
  2⤵
  PID:9724
- C:\Windows\System\YEaTHic.exe
  C:\Windows\System\YEaTHic.exe
  2⤵
  PID:9740
- C:\Windows\System\pMPIPQN.exe
  C:\Windows\System\pMPIPQN.exe
  2⤵
  PID:9756
- C:\Windows\System\HwvinUF.exe
  C:\Windows\System\HwvinUF.exe
  2⤵
  PID:9772
- C:\Windows\System\mnRBZaQ.exe
  C:\Windows\System\mnRBZaQ.exe
  2⤵
  PID:9788
- C:\Windows\System\OVkIXql.exe
  C:\Windows\System\OVkIXql.exe
  2⤵
  PID:9804
- C:\Windows\System\mzpgysW.exe
  C:\Windows\System\mzpgysW.exe
  2⤵
  PID:9820
- C:\Windows\System\jUZbpdd.exe
  C:\Windows\System\jUZbpdd.exe
  2⤵
  PID:9836
- C:\Windows\System\jcXHbMu.exe
  C:\Windows\System\jcXHbMu.exe
  2⤵
  PID:9852
- C:\Windows\System\hdTpHpS.exe
  C:\Windows\System\hdTpHpS.exe
  2⤵
  PID:9868
- C:\Windows\System\hQltIXc.exe
  C:\Windows\System\hQltIXc.exe
  2⤵
  PID:9884
- C:\Windows\System\AlstHNW.exe
  C:\Windows\System\AlstHNW.exe
  2⤵
  PID:9900
- C:\Windows\System\pzlCBXR.exe
  C:\Windows\System\pzlCBXR.exe
  2⤵
  PID:9916
- C:\Windows\System\xahJDzH.exe
  C:\Windows\System\xahJDzH.exe
  2⤵
  PID:9932
- C:\Windows\System\svDaqNd.exe
  C:\Windows\System\svDaqNd.exe
  2⤵
  PID:9948
- C:\Windows\System\MIqyUZy.exe
  C:\Windows\System\MIqyUZy.exe
  2⤵
  PID:9964
- C:\Windows\System\pkdExgD.exe
  C:\Windows\System\pkdExgD.exe
  2⤵
  PID:9980
- C:\Windows\System\YPxnyoz.exe
  C:\Windows\System\YPxnyoz.exe
  2⤵
  PID:9996
- C:\Windows\System\nDzlwex.exe
  C:\Windows\System\nDzlwex.exe
  2⤵
  PID:10012
- C:\Windows\System\BiEBRVc.exe
  C:\Windows\System\BiEBRVc.exe
  2⤵
  PID:10028
- C:\Windows\System\xHeagIP.exe
  C:\Windows\System\xHeagIP.exe
  2⤵
  PID:10044
- C:\Windows\System\fTwpVKP.exe
  C:\Windows\System\fTwpVKP.exe
  2⤵
  PID:10060
- C:\Windows\System\TFSmFGd.exe
  C:\Windows\System\TFSmFGd.exe
  2⤵
  PID:10076
- C:\Windows\System\fAkYaQN.exe
  C:\Windows\System\fAkYaQN.exe
  2⤵
  PID:10092
- C:\Windows\System\MQvuSad.exe
  C:\Windows\System\MQvuSad.exe
  2⤵
  PID:10112
- C:\Windows\System\brjkDQX.exe
  C:\Windows\System\brjkDQX.exe
  2⤵
  PID:10128
- C:\Windows\System\OtBwhhH.exe
  C:\Windows\System\OtBwhhH.exe
  2⤵
  PID:10144
- C:\Windows\System\XIpuCuX.exe
  C:\Windows\System\XIpuCuX.exe
  2⤵
  PID:10160
- C:\Windows\System\vKyzWtN.exe
  C:\Windows\System\vKyzWtN.exe
  2⤵
  PID:10176
- C:\Windows\System\yNJCCws.exe
  C:\Windows\System\yNJCCws.exe
  2⤵
  PID:10192
- C:\Windows\System\eDocMud.exe
  C:\Windows\System\eDocMud.exe
  2⤵
  PID:10208
- C:\Windows\System\jcsgvsu.exe
  C:\Windows\System\jcsgvsu.exe
  2⤵
  PID:10224
- C:\Windows\System\ZCZZbXZ.exe
  C:\Windows\System\ZCZZbXZ.exe
  2⤵
  PID:8284
- C:\Windows\System\ejPAfrM.exe
  C:\Windows\System\ejPAfrM.exe
  2⤵
  PID:8464
- C:\Windows\System\fDIBMsh.exe
  C:\Windows\System\fDIBMsh.exe
  2⤵
  PID:9284
- C:\Windows\System\lnsBahY.exe
  C:\Windows\System\lnsBahY.exe
  2⤵
  PID:9624
- C:\Windows\System\yhqjLGB.exe
  C:\Windows\System\yhqjLGB.exe
  2⤵
  PID:9764
- C:\Windows\System\rzFjHSj.exe
  C:\Windows\System\rzFjHSj.exe
  2⤵
  PID:9800
- C:\Windows\System\wYOPzpn.exe
  C:\Windows\System\wYOPzpn.exe
  2⤵
  PID:9780
- C:\Windows\System\bbpgjPG.exe
  C:\Windows\System\bbpgjPG.exe
  2⤵
  PID:9832
- C:\Windows\System\wUnoFhn.exe
  C:\Windows\System\wUnoFhn.exe
  2⤵
  PID:9892
- C:\Windows\System\DizxXfL.exe
  C:\Windows\System\DizxXfL.exe
  2⤵
  PID:9896
- C:\Windows\System\ybSObHT.exe
  C:\Windows\System\ybSObHT.exe
  2⤵
  PID:9960
- C:\Windows\System\HXDULFX.exe
  C:\Windows\System\HXDULFX.exe
  2⤵
  PID:10020
- C:\Windows\System\XQATifd.exe
  C:\Windows\System\XQATifd.exe
  2⤵
  PID:9976
- C:\Windows\System\jrtuzeD.exe
  C:\Windows\System\jrtuzeD.exe
  2⤵
  PID:10036
- C:\Windows\System\ZrbfroX.exe
  C:\Windows\System\ZrbfroX.exe
  2⤵
  PID:10068
- C:\Windows\System\KmCMEAc.exe
  C:\Windows\System\KmCMEAc.exe
  2⤵
  PID:10104
- C:\Windows\System\FHVktnT.exe
  C:\Windows\System\FHVktnT.exe
  2⤵
  PID:10188
- C:\Windows\System\ZMwEjgY.exe
  C:\Windows\System\ZMwEjgY.exe
  2⤵
  PID:10136
- C:\Windows\System\HWiKSyn.exe
  C:\Windows\System\HWiKSyn.exe
  2⤵
  PID:8416
- C:\Windows\System\PhtraXO.exe
  C:\Windows\System\PhtraXO.exe
  2⤵
  PID:8916
- C:\Windows\System\eDyAQOS.exe
  C:\Windows\System\eDyAQOS.exe
  2⤵
  PID:7320
- C:\Windows\System\LkcDetC.exe
  C:\Windows\System\LkcDetC.exe
  2⤵
  PID:9268
- C:\Windows\System\qaCxIrp.exe
  C:\Windows\System\qaCxIrp.exe
  2⤵
  PID:9336
- C:\Windows\System\sXMriaM.exe
  C:\Windows\System\sXMriaM.exe
  2⤵
  PID:9220
- C:\Windows\System\ZDbHlYl.exe
  C:\Windows\System\ZDbHlYl.exe
  2⤵
  PID:9280
- C:\Windows\System\QWJKrjB.exe
  C:\Windows\System\QWJKrjB.exe
  2⤵
  PID:9352
- C:\Windows\System\mXtAIgQ.exe
  C:\Windows\System\mXtAIgQ.exe
  2⤵
  PID:8604
- C:\Windows\System\OEEOTMD.exe
  C:\Windows\System\OEEOTMD.exe
  2⤵
  PID:9412
- C:\Windows\System\JBPkMcW.exe
  C:\Windows\System\JBPkMcW.exe
  2⤵
  PID:9444
- C:\Windows\System\QGHqNXh.exe
  C:\Windows\System\QGHqNXh.exe
  2⤵
  PID:9448
- C:\Windows\System\SXRexxI.exe
  C:\Windows\System\SXRexxI.exe
  2⤵
  PID:9556
- C:\Windows\System\TSEzbrU.exe
  C:\Windows\System\TSEzbrU.exe
  2⤵
  PID:9544
- C:\Windows\System\zYbcKem.exe
  C:\Windows\System\zYbcKem.exe
  2⤵
  PID:9572
- C:\Windows\System\EbHpFKT.exe
  C:\Windows\System\EbHpFKT.exe
  2⤵
  PID:9608
- C:\Windows\System\iEnGzix.exe
  C:\Windows\System\iEnGzix.exe
  2⤵
  PID:9672
- C:\Windows\System\RGIiHiM.exe
  C:\Windows\System\RGIiHiM.exe
  2⤵
  PID:9684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AOmLAmK.exe

Filesize
6.0MB

MD5
44b16ea1889c39b77ec34bc243ddff1e

SHA1
89d444b25efcf224ccce91ff73de828fe778a3c6

SHA256
5f3d9ece78f408308ccc2028ff26363d8af61668001a74d3c7d2d6e1e4080c0c

SHA512
ee495c61f95b458f967f150af17bfba9161b0a4817936d4e5eb934b6500f944432e2964d612c41af2d2f88f8b4337fba01155ccb612796129bcc08c4e65b237e

Download Submit
C:\Windows\system\GpDzAsc.exe

Filesize
6.0MB

MD5
d34aba6ae00b89114aedb243c1750873

SHA1
e331396bad60a4eede0a5ecf4fa5ea4d5c0f2169

SHA256
67a64d4102ddb08d7bbb1ba39e7c381a79e53f7a51b2b1ab03536548bd35ee63

SHA512
169eff3e50d351489105bcd5cdedb3ff0a6cef32ad668aac72770a006c1c993242eb30811c3a247bc1691711908d9201f6b39bd3e301010d4733693b676d5f59

Download Submit
C:\Windows\system\HQJUShk.exe

Filesize
6.0MB

MD5
5fc6814539bdf45d361101609f75257d

SHA1
e19e071cf6e63c3f4924b7fd178554ef498f8266

SHA256
b2b70c35d68fb8204cb34b69b58e96d7841af92d2ef7c387721e2ada210bd3c6

SHA512
509d06342a29f8e1f9be5efdabd419231034fd53003026612e97d71736fc4200aba4f46c9640d8a4332bfafb36317a71c2ca17009b383b04d445c08d7047e8d0

Download Submit
C:\Windows\system\HbXgPhQ.exe

Filesize
6.0MB

MD5
68bf1202ce8a216a9fa049c168930505

SHA1
e8102a5906eec69582f51a8c33d92550b71e9513

SHA256
802175db6d404474a8f3409e86e808114498b37f6452e6c1c493572daf1d0afc

SHA512
5f27c9347647e50b063f312b724d2b5733a00c711ba71823b4412c25f86d637d5fae35454d6e9e19d646b402fffdd2a20276e85b23b064cfe3516d5be491405f

Download Submit
C:\Windows\system\MToeVbc.exe

Filesize
6.0MB

MD5
359f0e0ec1154aca3d6f778b3c548156

SHA1
8dfac6fa73880ef2d4737af9375cff0e0727ffe0

SHA256
964f845d5b72c80fd1078e11e7a836e85967d06d5f37e3b77d45e7d19b0e7ebb

SHA512
d38167ab9974210e0be86ae77a2a4ce817e35c8860896e5ac09d762f9659c6acff59f61f30f2c764eded32adc481e164606eab2c1b27831188238115aedfdcca

Download Submit
C:\Windows\system\PbuQOLH.exe

Filesize
6.0MB

MD5
d49ae6bc4fd5ef82fb29719b19661840

SHA1
5fafaec68009cd46d0a9ceb18505811e6e34caa7

SHA256
2546a5e0cb7c92bc45ebf0f1157438cd3b0b0aafb197e6883c3fb9967b838a12

SHA512
6a2f5e9e73abe97de2322a709f38319252a826fd1f17003ddd9cb4665df92b69b72bcbce3d218db08c06a646149f859c25b68a9d392c81a451b4321bf7c0c268

Download Submit
C:\Windows\system\SBIKrIL.exe

Filesize
6.0MB

MD5
ab863cc211bfca899526d13f97a8332f

SHA1
dc88ebf370a6733388f7be211df3a7f48c8bc7d3

SHA256
a3791cb2afe171b2fc0359515841c7cd118c24b8b8d9cd20a6cd375b0e111a89

SHA512
303b238f8af6d64bcb1fd87e6b1be08e3a90e3846d7ceba28cf7bce4dba0732f359fb6eb1bf0f8881089e592d76cf868d9449eb612f4187bd472d54327a10778

Download Submit
C:\Windows\system\SQuJxQN.exe

Filesize
6.0MB

MD5
231b319293f7221aa00731dfe0ef9f14

SHA1
9aa8eed1f0788a30a4adbe3b84732e7afe375b9f

SHA256
a380108c0fd809d18b9c8b814020c6fdc07103bc3a18f6674d5382fd82a41d6e

SHA512
4369ca71b6ac08ea61af8d1337cd51c804a6f84ad3f32fe2fb4b38e2a3f050e2aa726f241ccc08917e51175c96ed4cbd1bc77a3e3c9b1d9ee0edbd906dfc0a04

Download Submit
C:\Windows\system\TjlTAlj.exe

Filesize
6.0MB

MD5
9dee04191d82c1426632bb1bfe60447b

SHA1
036e66a277bc2fcfd37dd3e709f8cc068de16426

SHA256
b51d8753c05f81bd6ec5ba9d511af7a64b831b549395bd995ad6b3267c687d30

SHA512
23a7a5b3d6d84a5ddf6a435dbdbc79b6a04eae857a5326ca0e4b15fd4efdd1134fa2e15b9554bd7669b65b209e70b92d5c587ce02dcc03f075ab75906068c4b1

Download Submit
C:\Windows\system\TjmVzfP.exe

Filesize
6.0MB

MD5
788151f5acd270389e20cae730ef722a

SHA1
6eb631a3a408108e02d1ec17c4cb851cbb8bdc0d

SHA256
b4923e0e266e798f9b9a83c57f02c4cb91c83bf797a7b6411f00d33a3a26dd9f

SHA512
6cdb412874c0eaa963631b681a4c3e95ca2d95849ecf67f0ef1daaac079f8e586e42f2615cc5309d66626fa346c020909760627783d04e6489f29bdc2b8ad5e4

Download Submit
C:\Windows\system\TkWAlSl.exe

Filesize
6.0MB

MD5
f5c266d04e7ef9a28e3134e707e86da6

SHA1
90ceea19b563787b9e3c7b793ae77069e0a41ad8

SHA256
c44308ae25e9aa37481626b21f7f48eba97cebcc9bafa6f740e47c650d445867

SHA512
7fb2fcbb939e260f16b043103192e4d8ec97a45b47c803e3ea09fd8b26504d302eb1c78e20618711237c43f7c26f9f6c2e266cce92b05cc1d97f3836583ad05f

Download Submit
C:\Windows\system\YTNtTQx.exe

Filesize
6.0MB

MD5
972680e21d198459054281d96101661c

SHA1
a147834eec80852ff86f23e7d590c98f73df5acc

SHA256
2b9d5605d8cfac6b306f6a84d247ef1ce09d860c71941c7264146f75f3b29683

SHA512
9e64b9ce1887178fe4c34f8e513da3971d4ad83d31e327c3af504b74231a695464eb081f400930cb90bece5fbee71f63b09a3478653e73273cf150fcc1678804

Download Submit
C:\Windows\system\dbDDpkA.exe

Filesize
6.0MB

MD5
8a5abd2211fd78ad9203b424d4d5e911

SHA1
4a80477fcedcfea37acbbaacda2c7a0353101f44

SHA256
4c828f83e71a984dbfc410c47a3d182b3b92df07a5bade420832421f0d725774

SHA512
df6614ce6d8e3c3a016c78e64840bcd4ee200b164bfdfc27af725e76aab2f98dd7ffe182fb5b5f6e9c61ade5d65377df623abf3f549d112ff949a8136b03d8ff

Download Submit
C:\Windows\system\dgWDGzL.exe

Filesize
6.0MB

MD5
0005fdd5ec93efc6af2bd8c96b95144e

SHA1
8a49581c23f8b1ec70127ae020051db07567d56a

SHA256
b49a9c23bcea0b130c4bf6d0748130e3f6d03239ea788a76c2f4460ce2c31d2f

SHA512
eda992b9da88a1ff352fac19658fa2dacf320f7898dc48d7753466ff2531ba86c57f50e2e9d2c3913dd38d83b00737a52ba6744df88c05c8c67c83d589806d71

Download Submit
C:\Windows\system\eCbQJCv.exe

Filesize
6.0MB

MD5
07b5ffb8645063038c69dff618b6291a

SHA1
0992548f00e9bb2b091a53f7b0080114782372d3

SHA256
e668ea700d5367661f764455632ff9a038d2d0ef3767bf0256acacf7f9c3661f

SHA512
4c9a5e6a47359841d7f3bb91831c38c268157c07000858c2042eec5a1d4ac42ae34db8ec4a5ec8b5ee43101072ddc7def2f2ac98510d4aab029ba334ae17e649

Download Submit
C:\Windows\system\fUkpigi.exe

Filesize
6.0MB

MD5
a451af5234398dedc5232fa2dd5ce18d

SHA1
2c38e8dee15d8a931112dd592e42d7227d012b21

SHA256
1cd6e3f108721dae82ce7b68efb7cec50f88931631d629722fd0e11c88e6d64b

SHA512
0a682d46150a316c1057c321056e862d3445cbf7d1ef31d8397e4ca4ef11db310544e2010d436dd7448a48f350751396d0f0d3c9d306ab153fb49af5d556d754

Download Submit
C:\Windows\system\oZzQnIL.exe

Filesize
6.0MB

MD5
85b18126c8af54ff0687552658e5b683

SHA1
01ba178a3513fc9e344791a183dde58fad0615cb

SHA256
0ddf0f89add85ca99f08890e4bce0c5997bfac8a4dbd997dcd278b411c498c2c

SHA512
b8b7aba2188a3d345d6cd19999c4773fd1acdf06ae21b5a6d1452381cb94ce98bac4a2284f8e3ad8a225711df74646900c40925841d1707db86ab63863d47975

Download Submit
C:\Windows\system\peVrupP.exe

Filesize
6.0MB

MD5
e48524f5eb22e004c75dcc2200173bc5

SHA1
008afc6fdd482dc9de110ec6deff6a4dd024e7d1

SHA256
71209c70f96d2aa217589b81ca3b2c60cd2a11ab73461e2cdb1f46a6b104879c

SHA512
8bf7a66501c9baf1191b4b366be80b9bd37c13b9fc995c3c8fcda43f408eb916fcfabcb2fc8cea6c94a8b527ff7c2c1c13ff4ce913db2732b58c79c92944320c

Download Submit
C:\Windows\system\qYWTiOj.exe

Filesize
6.0MB

MD5
581011e2cc11c070787d539abe915166

SHA1
b7d0d42147c209ee0fa3f9d69a22bf619fcf2e4f

SHA256
5139fca1fc9242835454a2f4637d213bdab45de47b5e8979cb16656e655f37f7

SHA512
03cfa88cfef22a709a2d85facf0cc4d5a0cb882e807accc704d01f2d2b92fd2a4c1642b07c6d8b3e6c21f11bb89eb5eb1eed0eea2963737f04b2b85b51724481

Download Submit
C:\Windows\system\sGEFwvM.exe

Filesize
6.0MB

MD5
9a99555f3e4c72c41974b592d0ae9633

SHA1
a65d68f184f774a8362b79c47bb545e99d3e4b43

SHA256
fe9eda2f8f7607eeaa7b4366bad421e94f41254aa67a0e0b39700631cdaa752b

SHA512
81ca0f34c9e2735fbdd4e30be54cfdd4684807c39951af1a687b194e07b204fe90d61b0fad2dea161e8b5a025c8fb9378fbac0ab284fc72cb3a927f459e4a1ca

Download Submit
C:\Windows\system\sjMgeez.exe

Filesize
6.0MB

MD5
94935cc30a56541aa06b1f9ab263ae35

SHA1
5e1632f92d405e5d4f5303a96acc1c25cdf74ffa

SHA256
219adc182e85784123d2f18f4205eacbfe98057a54a11f26631d3b5ed776cc65

SHA512
67095968a222ad7d0db123448fa377a59c2a1706e04b78d889aaa82e5484eb01cd7819149c05b6ea8a9400b9af4e6f45a0135f5df5aaaaad5ed8efc5f9dbca48

Download Submit
C:\Windows\system\tUvEbBK.exe

Filesize
6.0MB

MD5
68eb67b1a9479515f711ac8bd4198e35

SHA1
24909aef6b9b4757aa29215bee6f5e68d050bdcc

SHA256
0efa708e0ced0acebe187c862963cbf5f4d25b8b17477e2bb22e25eb7d0741da

SHA512
4b9e3ff28e70507cb17fae00816776dd25945e0e60f03425111e6c6492d37a640cfd4e169ac74b4687a2666fc931155918ab2afed0bf4177c08f60d4935f2cb0

Download Submit
C:\Windows\system\uLvRyoF.exe

Filesize
6.0MB

MD5
69439d7b91eb7947a749cd3e65a69eea

SHA1
8e86fed5388a31b096a902989c0947418cf73a94

SHA256
1322668da7b82af370155a6997f882b96158063f07860b1aa4e9bffd6e4e1a4e

SHA512
be939445660a398d70e939de81618a49bbf0afd34040259d01b2d034d9fe1a9332fd6572f1178ef50ed68c88af6a6c6a82bc30b3a62d55a7b0c5820eab321239

Download Submit
C:\Windows\system\vsHwbiY.exe

Filesize
6.0MB

MD5
ff3ed3df70781af092e9c93a9d3bd63c

SHA1
b8321ee2a6f1ad126c984c69eb3fd3b79b1e054b

SHA256
10f9ed379c0726bb34f6cfa7fe72dfb296c95fb122df3f71d1ff6f9d508cada8

SHA512
74df80d8ca0ee70583c75da2d525a241e53ae8d5664be2dfb38a8f0c8c27b31cdaa15b2d3af68adca2b63a3ef38ffb698abae9de19b8f8073d7f4c3ae50ef522

Download Submit
C:\Windows\system\wxpgZku.exe

Filesize
6.0MB

MD5
623f61e0caa5e74ea15355f28d906dce

SHA1
37cf740c113be79c64639f494a1f3714645434c8

SHA256
696da27ef3323690098af75ea0964a157ff6bd76c953590e576e6b7a98de357b

SHA512
846089a71fe5939d4183194684a39beae1b971b61198ff8b27d7628f1d25e1f48815b1be2af90d0924a5d6a0b4e3e8105737717871b0d38f3556895d2f13544f

Download Submit
C:\Windows\system\zJtkvYt.exe

Filesize
6.0MB

MD5
3d7c382da92b2568edf9c8c52bc47544

SHA1
651398b42edb3cd167dbf2cb3c3b104f2427ad04

SHA256
33f11ec8813c93738c2f1e2d5af93452f6527a0fe11423366d700b68620cce63

SHA512
50b6bd91ef79698ee91b05b945e1e2f262b5969a5cde7a86c60f436e9710354a24de0a52297aa5f427cbc7b09409b8c75b440376cfcf7210f2dcc3f4f24baddc

Download Submit
C:\Windows\system\zsSJfjE.exe

Filesize
6.0MB

MD5
a4056b032092601178be2c80aff0ff32

SHA1
5c0167287f1445418538a7de6efb276edf490655

SHA256
04814bbbc58c0e7852680b3aa5382a0ac7444f2946132c78b978b6c95e8211fd

SHA512
ee0b2ce5566d4922481cead59db32096cd62f12a5ec58c4b5e3e730f4ec33490a014e88f23849890449925b2b5b904c47f16e7a1db079bab8c35d3f737aeda3f

Download Submit
\Windows\system\RKLUCga.exe

Filesize
6.0MB

MD5
f55fab734d4c3718042f25f4f8c3f615

SHA1
ae33968be34b3680e0ae693f831af7ea1473bc52

SHA256
9748fe01ec394269c37e5cf8d5cb5b7363b06b5af733248fb012f47c434f69bc

SHA512
153d1f8f8dd11dda7fff81e3f7d07078e357c601699061f963d361c4bf071519838f0be2b0b33c4a72e6325765b32d8dd4e5205f2a153352a0bf5f7cc2f5fa5f

Download Submit
\Windows\system\ZkYhHPX.exe

Filesize
6.0MB

MD5
382a3cc4d3221d162fad6dbe79b52947

SHA1
93ed59c0990a2f5dd14c1e1ba8df7ac0be43818c

SHA256
8c1764de741975f223d47ef2bb9d0871947cd9e5adab6a093412741aa49ab2fd

SHA512
efd1f385b81a499c50cdf08089a28abd2cf507f0aa9a4ad6365cb81f016bd14e1809d1e2895c71792148083e51e2b5459c19971e026249587fee24f890c8f6da

Download Submit
\Windows\system\dizdVGY.exe

Filesize
6.0MB

MD5
45f76270d8ddd013f811799cfd810b00

SHA1
70b529cb37a96daaaa4196395d071c6a8f7effcb

SHA256
a3fd9830a1b8bbf1fa2d41acd46fa98388f837b521eadca8593391188c63ca0a

SHA512
e48b7e793586890ed0163b362e193adc5681860453205072a4833b89b135730642d2691f283220b3409e51828a7368c6483b2c4c36a0aeba4779c42cc126ecf5

Download Submit
\Windows\system\rMjCzNS.exe

Filesize
6.0MB

MD5
0b523d8e4015515d50b820bce87670ba

SHA1
ab939a6e2014908858c20572e4f0d2e317c0ae12

SHA256
732e519782e39326d4a5808dba9161e892a44371caed3d2c43d7cb80a00c4929

SHA512
16dffb0a98d26ec7699211d043e25f0076858447479f3e6b27ae1fd91511b03a7847b5d5c24633111051d5e7bc24ebf72f45be464125fd0c2247e8249f7a7e79

Download Submit
\Windows\system\sTRrbIw.exe

Filesize
6.0MB

MD5
a3df2a5b35e48bd3e62a5492d7b1a50a

SHA1
29fbd565ee58f37474043cbb9301457d09afdbfe

SHA256
b30a032bd52628192e151e7f200a351be22d8ab8acfbe54c9e992df2c92b1c88

SHA512
36d5b104a5a911ac25fa364047793e4f55b64f36d43aeddbc40a56d526f147b36530074d84cb40a96684d52bd994eccfeda5bef8c135c6284763d4a02739f0d7

Download Submit
\Windows\system\xoHEjpq.exe

Filesize
6.0MB

MD5
2e1a355a96bc855dfbec58cd88c66bad

SHA1
c988094a8e1d526036f47847b1c8b187260fb877

SHA256
5c7552fa51000fb188e887ae8dda3a88cfa6e7bf3947c9a06d76273bca7d5ff4

SHA512
5f894098035de125075d6bd1900e6a88a2e432b4a8c58ab56a4a7eab849e73710b9ec144c53526fc9daa3744bc504712f25b9977ee20b80c6c081c1ea7b4cab8

Download Submit
memory/320-1764-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/320-3487-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1408-1467-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1408-3365-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1740-1941-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/1740-3495-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2036-3369-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2036-1454-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2284-1556-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-3406-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2706-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2534-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1557-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1458-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2802-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1470-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1468-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2755-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1466-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2392-1464-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-8-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1462-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1476-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1601-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2756-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1765-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1460-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1947-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1456-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1950-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2757-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2637-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2646-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2644-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2653-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2392-0-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2722-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2703-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2693-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2662-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2729-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2400-3419-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2400-1600-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3399-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-1475-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-1465-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-3383-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-1469-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3405-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2656-3354-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1455-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1459-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3356-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3367-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-1461-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3352-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2824-1457-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2988-3358-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2988-1463-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download