cobaltstrike | 2f2192e71d0b8573e5f0385e1920cf6ed4f8d3abf11986469cc4d85973c17a4d

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-12-2024 00:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7cff74ee3ed1b12f2530b5498465788c
SHA1

28651f6c220f03626a3a797f4ba62bb87ea974a8
SHA256

2f2192e71d0b8573e5f0385e1920cf6ed4f8d3abf11986469cc4d85973c17a4d
SHA512

396e477717749ef6afe27dfea3dc65116236cac53a8f7a77c657303d3778ab91a6b6bf257f1e1c6ffa3243a036ff1195c4bb1155cbb1aba08e77703bdccf2991
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUJ:T+q56utgpPF8u/7J

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0003000000012000-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016a66-7.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c3a-14.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c51-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cc8-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cec-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d06-36.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d29-41.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000171a8-45.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a9-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018728-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-139.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019023-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001873d-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186fd-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ea-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e4-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018683-80.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018676-75.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174cc-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017492-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-60.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a7-50.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/2160-0-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x0003000000012000-3.dat	xmrig
behavioral1/files/0x0008000000016a66-7.dat	xmrig
behavioral1/files/0x0008000000016c3a-14.dat	xmrig
behavioral1/files/0x0008000000016c51-18.dat	xmrig
behavioral1/files/0x0007000000016cc8-26.dat	xmrig
behavioral1/files/0x0007000000016cec-30.dat	xmrig
behavioral1/files/0x0007000000016d06-36.dat	xmrig
behavioral1/files/0x0008000000016d29-41.dat	xmrig
behavioral1/files/0x00070000000171a8-45.dat	xmrig
behavioral1/files/0x00060000000173a9-55.dat	xmrig
behavioral1/files/0x0005000000018728-105.dat	xmrig
behavioral1/files/0x000500000001878f-120.dat	xmrig
behavioral1/files/0x0005000000019334-147.dat	xmrig
behavioral1/memory/2160-1392-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2160-1178-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2696-479-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2104-477-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2180-468-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2380-456-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2960-448-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/1752-460-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2580-438-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2536-436-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2712-434-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2560-432-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2736-430-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2544-428-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2692-426-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2772-424-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193b4-160.dat	xmrig
behavioral1/files/0x0005000000019350-155.dat	xmrig
behavioral1/files/0x0005000000019282-145.dat	xmrig
behavioral1/files/0x0005000000019261-139.dat	xmrig
behavioral1/files/0x0006000000019023-128.dat	xmrig
behavioral1/files/0x000500000001925e-133.dat	xmrig
behavioral1/files/0x00050000000187a5-125.dat	xmrig
behavioral1/files/0x0005000000018784-115.dat	xmrig
behavioral1/files/0x000500000001873d-110.dat	xmrig
behavioral1/files/0x00050000000186fd-100.dat	xmrig
behavioral1/files/0x00050000000186ee-95.dat	xmrig
behavioral1/files/0x00050000000186ea-90.dat	xmrig
behavioral1/files/0x00050000000186e4-85.dat	xmrig
behavioral1/files/0x0005000000018683-80.dat	xmrig
behavioral1/files/0x000d000000018676-75.dat	xmrig
behavioral1/files/0x00060000000174cc-70.dat	xmrig
behavioral1/files/0x0006000000017492-65.dat	xmrig
behavioral1/files/0x0006000000017488-60.dat	xmrig
behavioral1/files/0x00060000000173a7-50.dat	xmrig
behavioral1/memory/2692-3762-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2736-3828-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2696-3830-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2712-3829-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2772-3831-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2560-3833-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2536-3839-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2960-3850-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2104-3845-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/1752-3844-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2180-3843-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2580-3842-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2380-3841-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2544-3832-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2696	btkSkwn.exe
2772	QhAnpVK.exe
2692	FwLEmco.exe
2544	ngwDAzq.exe
2736	OGQdHBI.exe
2560	UkTTpIG.exe
2712	vFNhMQq.exe
2536	hlBNoZy.exe
2580	oyFHbef.exe
2960	IaWGxRk.exe
2380	taJcBPD.exe
1752	AkSbnkL.exe
2180	JbQyVxL.exe
2104	nygcTcL.exe
2140	BnrJnhz.exe
1292	AjxBEER.exe
2956	WvJcYJL.exe
376	QsFAIxN.exe
856	OYEezeP.exe
2860	FaOKdez.exe
1744	MhGPEqF.exe
2852	omNhoeY.exe
2576	WondbKA.exe
2900	OCrLvdS.exe
476	RpPyJmx.exe
2200	JNRrHPh.exe
280	JqUbeEg.exe
2168	ilkSZyv.exe
2220	wODutOw.exe
2912	VGxEzeo.exe
1336	bvRmJya.exe
1080	jfBcnLX.exe
1996	bABwtDX.exe
880	fAKNbqL.exe
1484	rJrIuaG.exe
660	snNnkcw.exe
1556	gMYXuqm.exe
1364	oYbYBql.exe
1360	MCdfREQ.exe
1812	TeEHzKl.exe
2032	KOwKFye.exe
1944	UiHwVfl.exe
3000	KerRtBx.exe
2628	NktpKdT.exe
1824	ELrwlUO.exe
2096	XsEOtau.exe
2500	agfSjwi.exe
2340	WgXREuK.exe
3008	pbIAzjR.exe
1416	InOjeng.exe
2232	TuPsXJt.exe
2464	OwqKjXt.exe
616	yKuKprn.exe
872	szAdUKv.exe
316	PRToRsJ.exe
2472	WOptmkW.exe
2448	CmkniOj.exe
2684	ovlpflx.exe
2756	QYAYitd.exe
2792	riyMiUy.exe
2848	UMUZwaZ.exe
2984	GaBodPE.exe
2764	gCIJvsX.exe
2452	AfruARX.exe

Loads dropped DLL 64 IoCs

pid	Process
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2160-0-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x0003000000012000-3.dat	upx
behavioral1/files/0x0008000000016a66-7.dat	upx
behavioral1/files/0x0008000000016c3a-14.dat	upx
behavioral1/files/0x0008000000016c51-18.dat	upx
behavioral1/files/0x0007000000016cc8-26.dat	upx
behavioral1/files/0x0007000000016cec-30.dat	upx
behavioral1/files/0x0007000000016d06-36.dat	upx
behavioral1/files/0x0008000000016d29-41.dat	upx
behavioral1/files/0x00070000000171a8-45.dat	upx
behavioral1/files/0x00060000000173a9-55.dat	upx
behavioral1/files/0x0005000000018728-105.dat	upx
behavioral1/files/0x000500000001878f-120.dat	upx
behavioral1/files/0x0005000000019334-147.dat	upx
behavioral1/memory/2160-1178-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2696-479-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2104-477-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2180-468-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2380-456-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2960-448-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/1752-460-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2580-438-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2536-436-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2712-434-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2560-432-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2736-430-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2544-428-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2692-426-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2772-424-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x00050000000193b4-160.dat	upx
behavioral1/files/0x0005000000019350-155.dat	upx
behavioral1/files/0x0005000000019282-145.dat	upx
behavioral1/files/0x0005000000019261-139.dat	upx
behavioral1/files/0x0006000000019023-128.dat	upx
behavioral1/files/0x000500000001925e-133.dat	upx
behavioral1/files/0x00050000000187a5-125.dat	upx
behavioral1/files/0x0005000000018784-115.dat	upx
behavioral1/files/0x000500000001873d-110.dat	upx
behavioral1/files/0x00050000000186fd-100.dat	upx
behavioral1/files/0x00050000000186ee-95.dat	upx
behavioral1/files/0x00050000000186ea-90.dat	upx
behavioral1/files/0x00050000000186e4-85.dat	upx
behavioral1/files/0x0005000000018683-80.dat	upx
behavioral1/files/0x000d000000018676-75.dat	upx
behavioral1/files/0x00060000000174cc-70.dat	upx
behavioral1/files/0x0006000000017492-65.dat	upx
behavioral1/files/0x0006000000017488-60.dat	upx
behavioral1/files/0x00060000000173a7-50.dat	upx
behavioral1/memory/2692-3762-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2736-3828-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2696-3830-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2712-3829-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2772-3831-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2560-3833-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2536-3839-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2960-3850-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2104-3845-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/1752-3844-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2180-3843-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2580-3842-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2380-3841-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2544-3832-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GcvjtrH.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eixlhgT.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xVKDrQY.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNwxTCh.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSZdGBn.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AcGIWHF.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\szAdUKv.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tlSNWrx.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUeMdWX.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mhqcAnn.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQLvPpZ.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hoBcLzM.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfRASJR.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBXxzHe.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PWznTLf.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IBcCfPO.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OJwXloE.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Wrbjahq.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cLgyjbd.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LQMyofh.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pDAAEvn.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xMQQUUN.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fxZeJRS.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fCuYzcT.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xdnBljx.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jeCBipd.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GePPGKv.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hzIfXEK.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GLGHPKQ.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZAHeymR.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zUCyYIb.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\riFzabZ.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iDltEzQ.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDnyVUs.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gsGfuSq.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JusowpW.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZdaEwd.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NOXuoNw.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sJIiAyM.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkBfLvw.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GlUCIww.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ERffyXJ.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\adqLuJA.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNbmxoj.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JqUbeEg.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vyBxqXd.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zUTOxnS.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HMapmNP.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oodBbSF.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SZMgjOy.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EjTDoQd.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TTlTJzB.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\txZynlo.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NtmFwUD.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZstTCOp.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SkvfAoM.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qAqbNHb.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TPnqsqT.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KOBnTBV.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\abtyEWd.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITcgHSr.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hNOItKt.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHyJAYH.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RuyaQsT.exe	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2696	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2160 wrote to memory of 2696	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2160 wrote to memory of 2696	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2160 wrote to memory of 2772	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2160 wrote to memory of 2772	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2160 wrote to memory of 2772	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2160 wrote to memory of 2692	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2160 wrote to memory of 2692	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2160 wrote to memory of 2692	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2160 wrote to memory of 2544	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2160 wrote to memory of 2544	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2160 wrote to memory of 2544	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2160 wrote to memory of 2736	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2160 wrote to memory of 2736	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2160 wrote to memory of 2736	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2160 wrote to memory of 2560	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2160 wrote to memory of 2560	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2160 wrote to memory of 2560	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2160 wrote to memory of 2712	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2160 wrote to memory of 2712	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2160 wrote to memory of 2712	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2160 wrote to memory of 2536	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2160 wrote to memory of 2536	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2160 wrote to memory of 2536	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2160 wrote to memory of 2580	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2160 wrote to memory of 2580	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2160 wrote to memory of 2580	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2160 wrote to memory of 2960	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2160 wrote to memory of 2960	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2160 wrote to memory of 2960	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2160 wrote to memory of 2380	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2160 wrote to memory of 2380	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2160 wrote to memory of 2380	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2160 wrote to memory of 1752	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2160 wrote to memory of 1752	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2160 wrote to memory of 1752	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2160 wrote to memory of 2180	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2160 wrote to memory of 2180	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2160 wrote to memory of 2180	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2160 wrote to memory of 2104	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2160 wrote to memory of 2104	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2160 wrote to memory of 2104	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2160 wrote to memory of 2140	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2160 wrote to memory of 2140	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2160 wrote to memory of 2140	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2160 wrote to memory of 1292	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2160 wrote to memory of 1292	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2160 wrote to memory of 1292	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2160 wrote to memory of 2956	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2160 wrote to memory of 2956	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2160 wrote to memory of 2956	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2160 wrote to memory of 376	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2160 wrote to memory of 376	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2160 wrote to memory of 376	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2160 wrote to memory of 856	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2160 wrote to memory of 856	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2160 wrote to memory of 856	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2160 wrote to memory of 2860	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2160 wrote to memory of 2860	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2160 wrote to memory of 2860	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2160 wrote to memory of 1744	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2160 wrote to memory of 1744	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2160 wrote to memory of 1744	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2160 wrote to memory of 2852	2160	2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-20_7cff74ee3ed1b12f2530b5498465788c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\System\btkSkwn.exe
  C:\Windows\System\btkSkwn.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\QhAnpVK.exe
  C:\Windows\System\QhAnpVK.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\FwLEmco.exe
  C:\Windows\System\FwLEmco.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\ngwDAzq.exe
  C:\Windows\System\ngwDAzq.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\OGQdHBI.exe
  C:\Windows\System\OGQdHBI.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\UkTTpIG.exe
  C:\Windows\System\UkTTpIG.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\vFNhMQq.exe
  C:\Windows\System\vFNhMQq.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\hlBNoZy.exe
  C:\Windows\System\hlBNoZy.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\oyFHbef.exe
  C:\Windows\System\oyFHbef.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\IaWGxRk.exe
  C:\Windows\System\IaWGxRk.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\taJcBPD.exe
  C:\Windows\System\taJcBPD.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\AkSbnkL.exe
  C:\Windows\System\AkSbnkL.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\JbQyVxL.exe
  C:\Windows\System\JbQyVxL.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\nygcTcL.exe
  C:\Windows\System\nygcTcL.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\BnrJnhz.exe
  C:\Windows\System\BnrJnhz.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\AjxBEER.exe
  C:\Windows\System\AjxBEER.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\WvJcYJL.exe
  C:\Windows\System\WvJcYJL.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\QsFAIxN.exe
  C:\Windows\System\QsFAIxN.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\OYEezeP.exe
  C:\Windows\System\OYEezeP.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\FaOKdez.exe
  C:\Windows\System\FaOKdez.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\MhGPEqF.exe
  C:\Windows\System\MhGPEqF.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\omNhoeY.exe
  C:\Windows\System\omNhoeY.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\WondbKA.exe
  C:\Windows\System\WondbKA.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\OCrLvdS.exe
  C:\Windows\System\OCrLvdS.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\RpPyJmx.exe
  C:\Windows\System\RpPyJmx.exe
  2⤵
  - Executes dropped EXE
  PID:476
- C:\Windows\System\JNRrHPh.exe
  C:\Windows\System\JNRrHPh.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\JqUbeEg.exe
  C:\Windows\System\JqUbeEg.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\ilkSZyv.exe
  C:\Windows\System\ilkSZyv.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\wODutOw.exe
  C:\Windows\System\wODutOw.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\VGxEzeo.exe
  C:\Windows\System\VGxEzeo.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\bvRmJya.exe
  C:\Windows\System\bvRmJya.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\jfBcnLX.exe
  C:\Windows\System\jfBcnLX.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\bABwtDX.exe
  C:\Windows\System\bABwtDX.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\fAKNbqL.exe
  C:\Windows\System\fAKNbqL.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\rJrIuaG.exe
  C:\Windows\System\rJrIuaG.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\snNnkcw.exe
  C:\Windows\System\snNnkcw.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\gMYXuqm.exe
  C:\Windows\System\gMYXuqm.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\oYbYBql.exe
  C:\Windows\System\oYbYBql.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\MCdfREQ.exe
  C:\Windows\System\MCdfREQ.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\TeEHzKl.exe
  C:\Windows\System\TeEHzKl.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\KOwKFye.exe
  C:\Windows\System\KOwKFye.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\UiHwVfl.exe
  C:\Windows\System\UiHwVfl.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\KerRtBx.exe
  C:\Windows\System\KerRtBx.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\NktpKdT.exe
  C:\Windows\System\NktpKdT.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\ELrwlUO.exe
  C:\Windows\System\ELrwlUO.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\XsEOtau.exe
  C:\Windows\System\XsEOtau.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\agfSjwi.exe
  C:\Windows\System\agfSjwi.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\WgXREuK.exe
  C:\Windows\System\WgXREuK.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\pbIAzjR.exe
  C:\Windows\System\pbIAzjR.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\InOjeng.exe
  C:\Windows\System\InOjeng.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\TuPsXJt.exe
  C:\Windows\System\TuPsXJt.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\OwqKjXt.exe
  C:\Windows\System\OwqKjXt.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\yKuKprn.exe
  C:\Windows\System\yKuKprn.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\PRToRsJ.exe
  C:\Windows\System\PRToRsJ.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\szAdUKv.exe
  C:\Windows\System\szAdUKv.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\CmkniOj.exe
  C:\Windows\System\CmkniOj.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\WOptmkW.exe
  C:\Windows\System\WOptmkW.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\ovlpflx.exe
  C:\Windows\System\ovlpflx.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\QYAYitd.exe
  C:\Windows\System\QYAYitd.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\riyMiUy.exe
  C:\Windows\System\riyMiUy.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\UMUZwaZ.exe
  C:\Windows\System\UMUZwaZ.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\GaBodPE.exe
  C:\Windows\System\GaBodPE.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\gCIJvsX.exe
  C:\Windows\System\gCIJvsX.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\AfruARX.exe
  C:\Windows\System\AfruARX.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\ywGnaqY.exe
  C:\Windows\System\ywGnaqY.exe
  2⤵
  PID:2972
- C:\Windows\System\yDvWxVy.exe
  C:\Windows\System\yDvWxVy.exe
  2⤵
  PID:2388
- C:\Windows\System\piYbGWK.exe
  C:\Windows\System\piYbGWK.exe
  2⤵
  PID:2184
- C:\Windows\System\JonBgBw.exe
  C:\Windows\System\JonBgBw.exe
  2⤵
  PID:2148
- C:\Windows\System\SUQrFIR.exe
  C:\Windows\System\SUQrFIR.exe
  2⤵
  PID:1992
- C:\Windows\System\MeMDkXd.exe
  C:\Windows\System\MeMDkXd.exe
  2⤵
  PID:1740
- C:\Windows\System\DTtUajH.exe
  C:\Windows\System\DTtUajH.exe
  2⤵
  PID:1380
- C:\Windows\System\qUbrVDY.exe
  C:\Windows\System\qUbrVDY.exe
  2⤵
  PID:984
- C:\Windows\System\EBJIlSX.exe
  C:\Windows\System\EBJIlSX.exe
  2⤵
  PID:1948
- C:\Windows\System\NPXrnYm.exe
  C:\Windows\System\NPXrnYm.exe
  2⤵
  PID:2356
- C:\Windows\System\jJpEEsl.exe
  C:\Windows\System\jJpEEsl.exe
  2⤵
  PID:2164
- C:\Windows\System\gsgnkkV.exe
  C:\Windows\System\gsgnkkV.exe
  2⤵
  PID:1760
- C:\Windows\System\qSvVRlf.exe
  C:\Windows\System\qSvVRlf.exe
  2⤵
  PID:1296
- C:\Windows\System\jMyacwT.exe
  C:\Windows\System\jMyacwT.exe
  2⤵
  PID:1876
- C:\Windows\System\toTVikk.exe
  C:\Windows\System\toTVikk.exe
  2⤵
  PID:2492
- C:\Windows\System\QywCmLJ.exe
  C:\Windows\System\QywCmLJ.exe
  2⤵
  PID:1912
- C:\Windows\System\uLCjITz.exe
  C:\Windows\System\uLCjITz.exe
  2⤵
  PID:2884
- C:\Windows\System\PPCYrFH.exe
  C:\Windows\System\PPCYrFH.exe
  2⤵
  PID:2508
- C:\Windows\System\uRFzCQO.exe
  C:\Windows\System\uRFzCQO.exe
  2⤵
  PID:2932
- C:\Windows\System\RJpAkGi.exe
  C:\Windows\System\RJpAkGi.exe
  2⤵
  PID:1840
- C:\Windows\System\JrQlTzA.exe
  C:\Windows\System\JrQlTzA.exe
  2⤵
  PID:628
- C:\Windows\System\QqILYeC.exe
  C:\Windows\System\QqILYeC.exe
  2⤵
  PID:1412
- C:\Windows\System\sVunyPc.exe
  C:\Windows\System\sVunyPc.exe
  2⤵
  PID:1268
- C:\Windows\System\JybaJaP.exe
  C:\Windows\System\JybaJaP.exe
  2⤵
  PID:2344
- C:\Windows\System\TLmdxwT.exe
  C:\Windows\System\TLmdxwT.exe
  2⤵
  PID:552
- C:\Windows\System\hrxmgPm.exe
  C:\Windows\System\hrxmgPm.exe
  2⤵
  PID:876
- C:\Windows\System\laLFgRF.exe
  C:\Windows\System\laLFgRF.exe
  2⤵
  PID:2244
- C:\Windows\System\AgVNRLY.exe
  C:\Windows\System\AgVNRLY.exe
  2⤵
  PID:1732
- C:\Windows\System\ytwNyyL.exe
  C:\Windows\System\ytwNyyL.exe
  2⤵
  PID:3032
- C:\Windows\System\uSNhqYU.exe
  C:\Windows\System\uSNhqYU.exe
  2⤵
  PID:2700
- C:\Windows\System\kGjFxSV.exe
  C:\Windows\System\kGjFxSV.exe
  2⤵
  PID:2612
- C:\Windows\System\XipuJdQ.exe
  C:\Windows\System\XipuJdQ.exe
  2⤵
  PID:1608
- C:\Windows\System\NtlQDIv.exe
  C:\Windows\System\NtlQDIv.exe
  2⤵
  PID:2368
- C:\Windows\System\tGovJrz.exe
  C:\Windows\System\tGovJrz.exe
  2⤵
  PID:2144
- C:\Windows\System\cyjpDQU.exe
  C:\Windows\System\cyjpDQU.exe
  2⤵
  PID:1212
- C:\Windows\System\hNOItKt.exe
  C:\Windows\System\hNOItKt.exe
  2⤵
  PID:2128
- C:\Windows\System\bXNevLt.exe
  C:\Windows\System\bXNevLt.exe
  2⤵
  PID:1236
- C:\Windows\System\zUCyYIb.exe
  C:\Windows\System\zUCyYIb.exe
  2⤵
  PID:2600
- C:\Windows\System\CIFaxQm.exe
  C:\Windows\System\CIFaxQm.exe
  2⤵
  PID:2256
- C:\Windows\System\kRBthFT.exe
  C:\Windows\System\kRBthFT.exe
  2⤵
  PID:3016
- C:\Windows\System\kSoXdCm.exe
  C:\Windows\System\kSoXdCm.exe
  2⤵
  PID:1492
- C:\Windows\System\QrFLvhF.exe
  C:\Windows\System\QrFLvhF.exe
  2⤵
  PID:2424
- C:\Windows\System\erQWLvV.exe
  C:\Windows\System\erQWLvV.exe
  2⤵
  PID:2100
- C:\Windows\System\OHfSFKe.exe
  C:\Windows\System\OHfSFKe.exe
  2⤵
  PID:604
- C:\Windows\System\twQhSRe.exe
  C:\Windows\System\twQhSRe.exe
  2⤵
  PID:1700
- C:\Windows\System\LJpEQDj.exe
  C:\Windows\System\LJpEQDj.exe
  2⤵
  PID:896
- C:\Windows\System\pjZUXSa.exe
  C:\Windows\System\pjZUXSa.exe
  2⤵
  PID:296
- C:\Windows\System\gUjgZrE.exe
  C:\Windows\System\gUjgZrE.exe
  2⤵
  PID:3028
- C:\Windows\System\kWCSjlw.exe
  C:\Windows\System\kWCSjlw.exe
  2⤵
  PID:2936
- C:\Windows\System\PEiymfW.exe
  C:\Windows\System\PEiymfW.exe
  2⤵
  PID:2372
- C:\Windows\System\stvAMvz.exe
  C:\Windows\System\stvAMvz.exe
  2⤵
  PID:2836
- C:\Windows\System\uWLifXv.exe
  C:\Windows\System\uWLifXv.exe
  2⤵
  PID:2484
- C:\Windows\System\xVAxPeU.exe
  C:\Windows\System\xVAxPeU.exe
  2⤵
  PID:3088
- C:\Windows\System\uqIptDi.exe
  C:\Windows\System\uqIptDi.exe
  2⤵
  PID:3104
- C:\Windows\System\cMvPCUY.exe
  C:\Windows\System\cMvPCUY.exe
  2⤵
  PID:3120
- C:\Windows\System\AiLdNkQ.exe
  C:\Windows\System\AiLdNkQ.exe
  2⤵
  PID:3152
- C:\Windows\System\GhQGUKh.exe
  C:\Windows\System\GhQGUKh.exe
  2⤵
  PID:3172
- C:\Windows\System\dFCFMul.exe
  C:\Windows\System\dFCFMul.exe
  2⤵
  PID:3188
- C:\Windows\System\aCVDbbc.exe
  C:\Windows\System\aCVDbbc.exe
  2⤵
  PID:3204
- C:\Windows\System\dtLsknU.exe
  C:\Windows\System\dtLsknU.exe
  2⤵
  PID:3284
- C:\Windows\System\qbjXzGg.exe
  C:\Windows\System\qbjXzGg.exe
  2⤵
  PID:3300
- C:\Windows\System\oPipHms.exe
  C:\Windows\System\oPipHms.exe
  2⤵
  PID:3320
- C:\Windows\System\cLoVLnh.exe
  C:\Windows\System\cLoVLnh.exe
  2⤵
  PID:3340
- C:\Windows\System\CTEkJtb.exe
  C:\Windows\System\CTEkJtb.exe
  2⤵
  PID:3360
- C:\Windows\System\ITgOdeb.exe
  C:\Windows\System\ITgOdeb.exe
  2⤵
  PID:3392
- C:\Windows\System\oQjgpCh.exe
  C:\Windows\System\oQjgpCh.exe
  2⤵
  PID:3412
- C:\Windows\System\HePUsPD.exe
  C:\Windows\System\HePUsPD.exe
  2⤵
  PID:3428
- C:\Windows\System\xzewdmw.exe
  C:\Windows\System\xzewdmw.exe
  2⤵
  PID:3448
- C:\Windows\System\ARpAZXq.exe
  C:\Windows\System\ARpAZXq.exe
  2⤵
  PID:3468
- C:\Windows\System\eXlHrdu.exe
  C:\Windows\System\eXlHrdu.exe
  2⤵
  PID:3484
- C:\Windows\System\LNKUswp.exe
  C:\Windows\System\LNKUswp.exe
  2⤵
  PID:3552
- C:\Windows\System\AmeUACG.exe
  C:\Windows\System\AmeUACG.exe
  2⤵
  PID:3616
- C:\Windows\System\bpVNfsP.exe
  C:\Windows\System\bpVNfsP.exe
  2⤵
  PID:3672
- C:\Windows\System\zVFDtoo.exe
  C:\Windows\System\zVFDtoo.exe
  2⤵
  PID:3688
- C:\Windows\System\xvDblUu.exe
  C:\Windows\System\xvDblUu.exe
  2⤵
  PID:3712
- C:\Windows\System\TPCUOiY.exe
  C:\Windows\System\TPCUOiY.exe
  2⤵
  PID:3732
- C:\Windows\System\TrCSfOb.exe
  C:\Windows\System\TrCSfOb.exe
  2⤵
  PID:3752
- C:\Windows\System\BNfEivZ.exe
  C:\Windows\System\BNfEivZ.exe
  2⤵
  PID:3768
- C:\Windows\System\zdjyGeu.exe
  C:\Windows\System\zdjyGeu.exe
  2⤵
  PID:3784
- C:\Windows\System\pTtLuWR.exe
  C:\Windows\System\pTtLuWR.exe
  2⤵
  PID:3800
- C:\Windows\System\sAyEAsY.exe
  C:\Windows\System\sAyEAsY.exe
  2⤵
  PID:3816
- C:\Windows\System\isRmkFS.exe
  C:\Windows\System\isRmkFS.exe
  2⤵
  PID:3832
- C:\Windows\System\TjwHkTV.exe
  C:\Windows\System\TjwHkTV.exe
  2⤵
  PID:3876
- C:\Windows\System\wFArElb.exe
  C:\Windows\System\wFArElb.exe
  2⤵
  PID:3892
- C:\Windows\System\zHyJAYH.exe
  C:\Windows\System\zHyJAYH.exe
  2⤵
  PID:3912
- C:\Windows\System\ShfqogN.exe
  C:\Windows\System\ShfqogN.exe
  2⤵
  PID:3928
- C:\Windows\System\NOJqzmy.exe
  C:\Windows\System\NOJqzmy.exe
  2⤵
  PID:3944
- C:\Windows\System\AdVTRkI.exe
  C:\Windows\System\AdVTRkI.exe
  2⤵
  PID:3960
- C:\Windows\System\LOhmFrj.exe
  C:\Windows\System\LOhmFrj.exe
  2⤵
  PID:3976
- C:\Windows\System\xnncsHo.exe
  C:\Windows\System\xnncsHo.exe
  2⤵
  PID:3996
- C:\Windows\System\tiFWcZq.exe
  C:\Windows\System\tiFWcZq.exe
  2⤵
  PID:4020
- C:\Windows\System\sruahLP.exe
  C:\Windows\System\sruahLP.exe
  2⤵
  PID:4036
- C:\Windows\System\QCqrnKG.exe
  C:\Windows\System\QCqrnKG.exe
  2⤵
  PID:4060
- C:\Windows\System\BrqueIp.exe
  C:\Windows\System\BrqueIp.exe
  2⤵
  PID:4076
- C:\Windows\System\TpBkGIC.exe
  C:\Windows\System\TpBkGIC.exe
  2⤵
  PID:4092
- C:\Windows\System\gfQaami.exe
  C:\Windows\System\gfQaami.exe
  2⤵
  PID:2988
- C:\Windows\System\vyBxqXd.exe
  C:\Windows\System\vyBxqXd.exe
  2⤵
  PID:2456
- C:\Windows\System\olYxGHC.exe
  C:\Windows\System\olYxGHC.exe
  2⤵
  PID:1004
- C:\Windows\System\KRcmeZZ.exe
  C:\Windows\System\KRcmeZZ.exe
  2⤵
  PID:3100
- C:\Windows\System\YzfxWlM.exe
  C:\Windows\System\YzfxWlM.exe
  2⤵
  PID:3144
- C:\Windows\System\TpfILAs.exe
  C:\Windows\System\TpfILAs.exe
  2⤵
  PID:3280
- C:\Windows\System\wLVmfxD.exe
  C:\Windows\System\wLVmfxD.exe
  2⤵
  PID:3400
- C:\Windows\System\riFzabZ.exe
  C:\Windows\System\riFzabZ.exe
  2⤵
  PID:1512
- C:\Windows\System\SKDRRLl.exe
  C:\Windows\System\SKDRRLl.exe
  2⤵
  PID:2548
- C:\Windows\System\MmbByhb.exe
  C:\Windows\System\MmbByhb.exe
  2⤵
  PID:1748
- C:\Windows\System\gPsEgrB.exe
  C:\Windows\System\gPsEgrB.exe
  2⤵
  PID:2376
- C:\Windows\System\XVjnAWM.exe
  C:\Windows\System\XVjnAWM.exe
  2⤵
  PID:3012
- C:\Windows\System\yLRrxdf.exe
  C:\Windows\System\yLRrxdf.exe
  2⤵
  PID:564
- C:\Windows\System\CEqGeeG.exe
  C:\Windows\System\CEqGeeG.exe
  2⤵
  PID:1056
- C:\Windows\System\bHjfMjh.exe
  C:\Windows\System\bHjfMjh.exe
  2⤵
  PID:2400
- C:\Windows\System\PeDEDXH.exe
  C:\Windows\System\PeDEDXH.exe
  2⤵
  PID:3296
- C:\Windows\System\zvdmYtt.exe
  C:\Windows\System\zvdmYtt.exe
  2⤵
  PID:3376
- C:\Windows\System\GtclvQo.exe
  C:\Windows\System\GtclvQo.exe
  2⤵
  PID:3460
- C:\Windows\System\vEEYFrh.exe
  C:\Windows\System\vEEYFrh.exe
  2⤵
  PID:3504
- C:\Windows\System\tDIMnSi.exe
  C:\Windows\System\tDIMnSi.exe
  2⤵
  PID:3544
- C:\Windows\System\gTAYEdW.exe
  C:\Windows\System\gTAYEdW.exe
  2⤵
  PID:3080
- C:\Windows\System\VKPzLZN.exe
  C:\Windows\System\VKPzLZN.exe
  2⤵
  PID:3160
- C:\Windows\System\MopSxoI.exe
  C:\Windows\System\MopSxoI.exe
  2⤵
  PID:3624
- C:\Windows\System\bCqPJUW.exe
  C:\Windows\System\bCqPJUW.exe
  2⤵
  PID:3652
- C:\Windows\System\IPwmfWd.exe
  C:\Windows\System\IPwmfWd.exe
  2⤵
  PID:3684
- C:\Windows\System\YTWDmHm.exe
  C:\Windows\System\YTWDmHm.exe
  2⤵
  PID:3828
- C:\Windows\System\vqINbdg.exe
  C:\Windows\System\vqINbdg.exe
  2⤵
  PID:3952
- C:\Windows\System\deHFOqH.exe
  C:\Windows\System\deHFOqH.exe
  2⤵
  PID:3668
- C:\Windows\System\nHgNeTc.exe
  C:\Windows\System\nHgNeTc.exe
  2⤵
  PID:3992
- C:\Windows\System\VfMBtSb.exe
  C:\Windows\System\VfMBtSb.exe
  2⤵
  PID:3776
- C:\Windows\System\BbGkxAS.exe
  C:\Windows\System\BbGkxAS.exe
  2⤵
  PID:3808
- C:\Windows\System\SkvfAoM.exe
  C:\Windows\System\SkvfAoM.exe
  2⤵
  PID:3744
- C:\Windows\System\BBcaNsO.exe
  C:\Windows\System\BBcaNsO.exe
  2⤵
  PID:1612
- C:\Windows\System\RuyaQsT.exe
  C:\Windows\System\RuyaQsT.exe
  2⤵
  PID:3868
- C:\Windows\System\jSJRnjk.exe
  C:\Windows\System\jSJRnjk.exe
  2⤵
  PID:3132
- C:\Windows\System\lgPtRRc.exe
  C:\Windows\System\lgPtRRc.exe
  2⤵
  PID:1708
- C:\Windows\System\vvwkXMq.exe
  C:\Windows\System\vvwkXMq.exe
  2⤵
  PID:3480
- C:\Windows\System\OvILsyH.exe
  C:\Windows\System\OvILsyH.exe
  2⤵
  PID:1600
- C:\Windows\System\KtOBTYh.exe
  C:\Windows\System\KtOBTYh.exe
  2⤵
  PID:4056
- C:\Windows\System\RDNFTcd.exe
  C:\Windows\System\RDNFTcd.exe
  2⤵
  PID:3436
- C:\Windows\System\fTbkJID.exe
  C:\Windows\System\fTbkJID.exe
  2⤵
  PID:3096
- C:\Windows\System\hQoIKIu.exe
  C:\Windows\System\hQoIKIu.exe
  2⤵
  PID:2328
- C:\Windows\System\KZdaEwd.exe
  C:\Windows\System\KZdaEwd.exe
  2⤵
  PID:1804
- C:\Windows\System\UHHpllT.exe
  C:\Windows\System\UHHpllT.exe
  2⤵
  PID:3972
- C:\Windows\System\UfAHcyZ.exe
  C:\Windows\System\UfAHcyZ.exe
  2⤵
  PID:1720
- C:\Windows\System\pigexza.exe
  C:\Windows\System\pigexza.exe
  2⤵
  PID:3496
- C:\Windows\System\dWswEoQ.exe
  C:\Windows\System\dWswEoQ.exe
  2⤵
  PID:3604
- C:\Windows\System\guSUahi.exe
  C:\Windows\System\guSUahi.exe
  2⤵
  PID:2112
- C:\Windows\System\yrQvQWc.exe
  C:\Windows\System\yrQvQWc.exe
  2⤵
  PID:2296
- C:\Windows\System\dxJusWX.exe
  C:\Windows\System\dxJusWX.exe
  2⤵
  PID:3656
- C:\Windows\System\izGoEZI.exe
  C:\Windows\System\izGoEZI.exe
  2⤵
  PID:3292
- C:\Windows\System\QIcjdqf.exe
  C:\Windows\System\QIcjdqf.exe
  2⤵
  PID:3724
- C:\Windows\System\xpeMFrR.exe
  C:\Windows\System\xpeMFrR.exe
  2⤵
  PID:3708
- C:\Windows\System\dJjBMRK.exe
  C:\Windows\System\dJjBMRK.exe
  2⤵
  PID:3424
- C:\Windows\System\fxZeJRS.exe
  C:\Windows\System\fxZeJRS.exe
  2⤵
  PID:3900
- C:\Windows\System\lrwPkjh.exe
  C:\Windows\System\lrwPkjh.exe
  2⤵
  PID:3792
- C:\Windows\System\bNNAhVg.exe
  C:\Windows\System\bNNAhVg.exe
  2⤵
  PID:3664
- C:\Windows\System\rVPMKBd.exe
  C:\Windows\System\rVPMKBd.exe
  2⤵
  PID:3852
- C:\Windows\System\tlSNWrx.exe
  C:\Windows\System\tlSNWrx.exe
  2⤵
  PID:4084
- C:\Windows\System\WLvWCGT.exe
  C:\Windows\System\WLvWCGT.exe
  2⤵
  PID:1652
- C:\Windows\System\DGrjdMg.exe
  C:\Windows\System\DGrjdMg.exe
  2⤵
  PID:3860
- C:\Windows\System\fauFZmI.exe
  C:\Windows\System\fauFZmI.exe
  2⤵
  PID:3316
- C:\Windows\System\kviuXyw.exe
  C:\Windows\System\kviuXyw.exe
  2⤵
  PID:3612
- C:\Windows\System\BkXUjcY.exe
  C:\Windows\System\BkXUjcY.exe
  2⤵
  PID:2036
- C:\Windows\System\miUdlXb.exe
  C:\Windows\System\miUdlXb.exe
  2⤵
  PID:4100
- C:\Windows\System\KXYfmMM.exe
  C:\Windows\System\KXYfmMM.exe
  2⤵
  PID:4116
- C:\Windows\System\DPYeNcR.exe
  C:\Windows\System\DPYeNcR.exe
  2⤵
  PID:4136
- C:\Windows\System\sqPaYHS.exe
  C:\Windows\System\sqPaYHS.exe
  2⤵
  PID:4160
- C:\Windows\System\OQLEgbd.exe
  C:\Windows\System\OQLEgbd.exe
  2⤵
  PID:4200
- C:\Windows\System\zcCtJBH.exe
  C:\Windows\System\zcCtJBH.exe
  2⤵
  PID:4220
- C:\Windows\System\snvybLE.exe
  C:\Windows\System\snvybLE.exe
  2⤵
  PID:4244
- C:\Windows\System\GUlkjfS.exe
  C:\Windows\System\GUlkjfS.exe
  2⤵
  PID:4260
- C:\Windows\System\NlfQQCu.exe
  C:\Windows\System\NlfQQCu.exe
  2⤵
  PID:4276
- C:\Windows\System\LJmUzOO.exe
  C:\Windows\System\LJmUzOO.exe
  2⤵
  PID:4292
- C:\Windows\System\wAlRjtE.exe
  C:\Windows\System\wAlRjtE.exe
  2⤵
  PID:4308
- C:\Windows\System\cKzqPNu.exe
  C:\Windows\System\cKzqPNu.exe
  2⤵
  PID:4328
- C:\Windows\System\hHHCWSF.exe
  C:\Windows\System\hHHCWSF.exe
  2⤵
  PID:4348
- C:\Windows\System\keWmUzt.exe
  C:\Windows\System\keWmUzt.exe
  2⤵
  PID:4368
- C:\Windows\System\hQMzRlW.exe
  C:\Windows\System\hQMzRlW.exe
  2⤵
  PID:4384
- C:\Windows\System\HJwonhd.exe
  C:\Windows\System\HJwonhd.exe
  2⤵
  PID:4408
- C:\Windows\System\HwgDSue.exe
  C:\Windows\System\HwgDSue.exe
  2⤵
  PID:4424
- C:\Windows\System\aIRqsCJ.exe
  C:\Windows\System\aIRqsCJ.exe
  2⤵
  PID:4440
- C:\Windows\System\MqTWmva.exe
  C:\Windows\System\MqTWmva.exe
  2⤵
  PID:4460
- C:\Windows\System\ubIrFZL.exe
  C:\Windows\System\ubIrFZL.exe
  2⤵
  PID:4504
- C:\Windows\System\YpQzRRb.exe
  C:\Windows\System\YpQzRRb.exe
  2⤵
  PID:4524
- C:\Windows\System\aBoAaMO.exe
  C:\Windows\System\aBoAaMO.exe
  2⤵
  PID:4540
- C:\Windows\System\JRVZXXA.exe
  C:\Windows\System\JRVZXXA.exe
  2⤵
  PID:4564
- C:\Windows\System\MjEIUyC.exe
  C:\Windows\System\MjEIUyC.exe
  2⤵
  PID:4580
- C:\Windows\System\DnbSznN.exe
  C:\Windows\System\DnbSznN.exe
  2⤵
  PID:4604
- C:\Windows\System\saYdmRI.exe
  C:\Windows\System\saYdmRI.exe
  2⤵
  PID:4620
- C:\Windows\System\SxZbxrP.exe
  C:\Windows\System\SxZbxrP.exe
  2⤵
  PID:4636
- C:\Windows\System\IIuPAdy.exe
  C:\Windows\System\IIuPAdy.exe
  2⤵
  PID:4656
- C:\Windows\System\TTkHNue.exe
  C:\Windows\System\TTkHNue.exe
  2⤵
  PID:4680
- C:\Windows\System\gWzeRyl.exe
  C:\Windows\System\gWzeRyl.exe
  2⤵
  PID:4700
- C:\Windows\System\dXCbgHa.exe
  C:\Windows\System\dXCbgHa.exe
  2⤵
  PID:4720
- C:\Windows\System\btrCive.exe
  C:\Windows\System\btrCive.exe
  2⤵
  PID:4736
- C:\Windows\System\FFJjEwd.exe
  C:\Windows\System\FFJjEwd.exe
  2⤵
  PID:4752
- C:\Windows\System\QNruksd.exe
  C:\Windows\System\QNruksd.exe
  2⤵
  PID:4768
- C:\Windows\System\HTZyskD.exe
  C:\Windows\System\HTZyskD.exe
  2⤵
  PID:4792
- C:\Windows\System\oYAggjl.exe
  C:\Windows\System\oYAggjl.exe
  2⤵
  PID:4812
- C:\Windows\System\FTuVRRZ.exe
  C:\Windows\System\FTuVRRZ.exe
  2⤵
  PID:4832
- C:\Windows\System\oYxOOJA.exe
  C:\Windows\System\oYxOOJA.exe
  2⤵
  PID:4848
- C:\Windows\System\iLuUUiB.exe
  C:\Windows\System\iLuUUiB.exe
  2⤵
  PID:4880
- C:\Windows\System\CRJADJT.exe
  C:\Windows\System\CRJADJT.exe
  2⤵
  PID:4896
- C:\Windows\System\CNWrqnZ.exe
  C:\Windows\System\CNWrqnZ.exe
  2⤵
  PID:4920
- C:\Windows\System\VwrbdqO.exe
  C:\Windows\System\VwrbdqO.exe
  2⤵
  PID:4940
- C:\Windows\System\cgvtnxO.exe
  C:\Windows\System\cgvtnxO.exe
  2⤵
  PID:4956
- C:\Windows\System\koUSIZj.exe
  C:\Windows\System\koUSIZj.exe
  2⤵
  PID:4980
- C:\Windows\System\ATViPEM.exe
  C:\Windows\System\ATViPEM.exe
  2⤵
  PID:4996
- C:\Windows\System\AHXiEUm.exe
  C:\Windows\System\AHXiEUm.exe
  2⤵
  PID:5012
- C:\Windows\System\REJlbim.exe
  C:\Windows\System\REJlbim.exe
  2⤵
  PID:5036
- C:\Windows\System\cTRLnnE.exe
  C:\Windows\System\cTRLnnE.exe
  2⤵
  PID:5068
- C:\Windows\System\ENoBStD.exe
  C:\Windows\System\ENoBStD.exe
  2⤵
  PID:5088
- C:\Windows\System\JaYFKXv.exe
  C:\Windows\System\JaYFKXv.exe
  2⤵
  PID:5108
- C:\Windows\System\DgoRzhR.exe
  C:\Windows\System\DgoRzhR.exe
  2⤵
  PID:3936
- C:\Windows\System\mHedgJk.exe
  C:\Windows\System\mHedgJk.exe
  2⤵
  PID:3372
- C:\Windows\System\ZlIlPit.exe
  C:\Windows\System\ZlIlPit.exe
  2⤵
  PID:3628
- C:\Windows\System\UlsIaDJ.exe
  C:\Windows\System\UlsIaDJ.exe
  2⤵
  PID:3988
- C:\Windows\System\ThPjDHt.exe
  C:\Windows\System\ThPjDHt.exe
  2⤵
  PID:3644
- C:\Windows\System\LNykuqS.exe
  C:\Windows\System\LNykuqS.exe
  2⤵
  PID:2016
- C:\Windows\System\QUigzbU.exe
  C:\Windows\System\QUigzbU.exe
  2⤵
  PID:3440
- C:\Windows\System\kQlrEog.exe
  C:\Windows\System\kQlrEog.exe
  2⤵
  PID:3700
- C:\Windows\System\CBXxzHe.exe
  C:\Windows\System\CBXxzHe.exe
  2⤵
  PID:3200
- C:\Windows\System\IusNMSn.exe
  C:\Windows\System\IusNMSn.exe
  2⤵
  PID:3540
- C:\Windows\System\gJXeGcC.exe
  C:\Windows\System\gJXeGcC.exe
  2⤵
  PID:4180
- C:\Windows\System\rczdDim.exe
  C:\Windows\System\rczdDim.exe
  2⤵
  PID:3764
- C:\Windows\System\FcKCsmV.exe
  C:\Windows\System\FcKCsmV.exe
  2⤵
  PID:2384
- C:\Windows\System\BPQiNSo.exe
  C:\Windows\System\BPQiNSo.exe
  2⤵
  PID:4148
- C:\Windows\System\cDikLVs.exe
  C:\Windows\System\cDikLVs.exe
  2⤵
  PID:2800
- C:\Windows\System\NUTXnzh.exe
  C:\Windows\System\NUTXnzh.exe
  2⤵
  PID:4236
- C:\Windows\System\DOPtAZj.exe
  C:\Windows\System\DOPtAZj.exe
  2⤵
  PID:4300
- C:\Windows\System\HqHiRhS.exe
  C:\Windows\System\HqHiRhS.exe
  2⤵
  PID:4340
- C:\Windows\System\PWznTLf.exe
  C:\Windows\System\PWznTLf.exe
  2⤵
  PID:4380
- C:\Windows\System\omgCfrx.exe
  C:\Windows\System\omgCfrx.exe
  2⤵
  PID:4456
- C:\Windows\System\fzVkIgf.exe
  C:\Windows\System\fzVkIgf.exe
  2⤵
  PID:4516
- C:\Windows\System\EmETFSo.exe
  C:\Windows\System\EmETFSo.exe
  2⤵
  PID:4392
- C:\Windows\System\dGxzuRb.exe
  C:\Windows\System\dGxzuRb.exe
  2⤵
  PID:4316
- C:\Windows\System\EdhhRqr.exe
  C:\Windows\System\EdhhRqr.exe
  2⤵
  PID:4480
- C:\Windows\System\CAExFna.exe
  C:\Windows\System\CAExFna.exe
  2⤵
  PID:4548
- C:\Windows\System\iJptlnJ.exe
  C:\Windows\System\iJptlnJ.exe
  2⤵
  PID:4560
- C:\Windows\System\unYeQRo.exe
  C:\Windows\System\unYeQRo.exe
  2⤵
  PID:4592
- C:\Windows\System\PLURZQs.exe
  C:\Windows\System\PLURZQs.exe
  2⤵
  PID:4628
- C:\Windows\System\xSVtmhs.exe
  C:\Windows\System\xSVtmhs.exe
  2⤵
  PID:4668
- C:\Windows\System\PktiVyy.exe
  C:\Windows\System\PktiVyy.exe
  2⤵
  PID:4576
- C:\Windows\System\fCuYzcT.exe
  C:\Windows\System\fCuYzcT.exe
  2⤵
  PID:4780
- C:\Windows\System\FvGgGls.exe
  C:\Windows\System\FvGgGls.exe
  2⤵
  PID:4616
- C:\Windows\System\tLAyeno.exe
  C:\Windows\System\tLAyeno.exe
  2⤵
  PID:4692
- C:\Windows\System\EYsZiEB.exe
  C:\Windows\System\EYsZiEB.exe
  2⤵
  PID:4860
- C:\Windows\System\nPcvLMC.exe
  C:\Windows\System\nPcvLMC.exe
  2⤵
  PID:4760
- C:\Windows\System\ziDgQUa.exe
  C:\Windows\System\ziDgQUa.exe
  2⤵
  PID:4840
- C:\Windows\System\gbppxEh.exe
  C:\Windows\System\gbppxEh.exe
  2⤵
  PID:4876
- C:\Windows\System\Dsaqhec.exe
  C:\Windows\System\Dsaqhec.exe
  2⤵
  PID:4952
- C:\Windows\System\AlPqTVd.exe
  C:\Windows\System\AlPqTVd.exe
  2⤵
  PID:4892
- C:\Windows\System\zNiJOmR.exe
  C:\Windows\System\zNiJOmR.exe
  2⤵
  PID:5028
- C:\Windows\System\enrxxhm.exe
  C:\Windows\System\enrxxhm.exe
  2⤵
  PID:5008
- C:\Windows\System\ktsbFDw.exe
  C:\Windows\System\ktsbFDw.exe
  2⤵
  PID:4964
- C:\Windows\System\WeMTNHV.exe
  C:\Windows\System\WeMTNHV.exe
  2⤵
  PID:5076
- C:\Windows\System\snXiAeD.exe
  C:\Windows\System\snXiAeD.exe
  2⤵
  PID:1560
- C:\Windows\System\zcOQDgo.exe
  C:\Windows\System\zcOQDgo.exe
  2⤵
  PID:5104
- C:\Windows\System\DqmaZUQ.exe
  C:\Windows\System\DqmaZUQ.exe
  2⤵
  PID:3536
- C:\Windows\System\GcvjtrH.exe
  C:\Windows\System\GcvjtrH.exe
  2⤵
  PID:3640
- C:\Windows\System\NAYYFKR.exe
  C:\Windows\System\NAYYFKR.exe
  2⤵
  PID:3984
- C:\Windows\System\fFWxMFJ.exe
  C:\Windows\System\fFWxMFJ.exe
  2⤵
  PID:3348
- C:\Windows\System\nzffzxt.exe
  C:\Windows\System\nzffzxt.exe
  2⤵
  PID:4124
- C:\Windows\System\EzwrYAm.exe
  C:\Windows\System\EzwrYAm.exe
  2⤵
  PID:4172
- C:\Windows\System\kzPIbts.exe
  C:\Windows\System\kzPIbts.exe
  2⤵
  PID:4192
- C:\Windows\System\LUeMdWX.exe
  C:\Windows\System\LUeMdWX.exe
  2⤵
  PID:3840
- C:\Windows\System\JAAPzNS.exe
  C:\Windows\System\JAAPzNS.exe
  2⤵
  PID:4268
- C:\Windows\System\SBbFpWN.exe
  C:\Windows\System\SBbFpWN.exe
  2⤵
  PID:4512
- C:\Windows\System\IsRMxOf.exe
  C:\Windows\System\IsRMxOf.exe
  2⤵
  PID:4588
- C:\Windows\System\gJjWcNq.exe
  C:\Windows\System\gJjWcNq.exe
  2⤵
  PID:4672
- C:\Windows\System\UwinZeP.exe
  C:\Windows\System\UwinZeP.exe
  2⤵
  PID:4648
- C:\Windows\System\WbWbbUt.exe
  C:\Windows\System\WbWbbUt.exe
  2⤵
  PID:5060
- C:\Windows\System\zyHRLWg.exe
  C:\Windows\System\zyHRLWg.exe
  2⤵
  PID:3420
- C:\Windows\System\vaOzDzs.exe
  C:\Windows\System\vaOzDzs.exe
  2⤵
  PID:4208
- C:\Windows\System\HkMoxDL.exe
  C:\Windows\System\HkMoxDL.exe
  2⤵
  PID:4400
- C:\Windows\System\XxmzKRF.exe
  C:\Windows\System\XxmzKRF.exe
  2⤵
  PID:3924
- C:\Windows\System\jnjFwmV.exe
  C:\Windows\System\jnjFwmV.exe
  2⤵
  PID:4128
- C:\Windows\System\FPAVUBu.exe
  C:\Windows\System\FPAVUBu.exe
  2⤵
  PID:4552
- C:\Windows\System\xseDCAh.exe
  C:\Windows\System\xseDCAh.exe
  2⤵
  PID:4168
- C:\Windows\System\LECchDi.exe
  C:\Windows\System\LECchDi.exe
  2⤵
  PID:4420
- C:\Windows\System\XLItTMS.exe
  C:\Windows\System\XLItTMS.exe
  2⤵
  PID:4572
- C:\Windows\System\eZhdVft.exe
  C:\Windows\System\eZhdVft.exe
  2⤵
  PID:4828
- C:\Windows\System\kmgLEDZ.exe
  C:\Windows\System\kmgLEDZ.exe
  2⤵
  PID:4908
- C:\Windows\System\tFBLDBM.exe
  C:\Windows\System\tFBLDBM.exe
  2⤵
  PID:5020
- C:\Windows\System\trrHCSR.exe
  C:\Windows\System\trrHCSR.exe
  2⤵
  PID:5116
- C:\Windows\System\wzaErAe.exe
  C:\Windows\System\wzaErAe.exe
  2⤵
  PID:3476
- C:\Windows\System\SIafQbf.exe
  C:\Windows\System\SIafQbf.exe
  2⤵
  PID:4732
- C:\Windows\System\QgLaEGe.exe
  C:\Windows\System\QgLaEGe.exe
  2⤵
  PID:3780
- C:\Windows\System\LruUbWA.exe
  C:\Windows\System\LruUbWA.exe
  2⤵
  PID:3760
- C:\Windows\System\EAZHZlj.exe
  C:\Windows\System\EAZHZlj.exe
  2⤵
  PID:4320
- C:\Windows\System\NykMkiu.exe
  C:\Windows\System\NykMkiu.exe
  2⤵
  PID:4748
- C:\Windows\System\iDltEzQ.exe
  C:\Windows\System\iDltEzQ.exe
  2⤵
  PID:5004
- C:\Windows\System\GpefUkL.exe
  C:\Windows\System\GpefUkL.exe
  2⤵
  PID:4776
- C:\Windows\System\EYHQMKV.exe
  C:\Windows\System\EYHQMKV.exe
  2⤵
  PID:4468
- C:\Windows\System\rfholry.exe
  C:\Windows\System\rfholry.exe
  2⤵
  PID:4612
- C:\Windows\System\KEqYSlj.exe
  C:\Windows\System\KEqYSlj.exe
  2⤵
  PID:5136
- C:\Windows\System\SKHumEr.exe
  C:\Windows\System\SKHumEr.exe
  2⤵
  PID:5160
- C:\Windows\System\EPDCeHo.exe
  C:\Windows\System\EPDCeHo.exe
  2⤵
  PID:5176
- C:\Windows\System\pJDPsfU.exe
  C:\Windows\System\pJDPsfU.exe
  2⤵
  PID:5200
- C:\Windows\System\xaUhKEc.exe
  C:\Windows\System\xaUhKEc.exe
  2⤵
  PID:5220
- C:\Windows\System\IBcCfPO.exe
  C:\Windows\System\IBcCfPO.exe
  2⤵
  PID:5240
- C:\Windows\System\MCEQdWp.exe
  C:\Windows\System\MCEQdWp.exe
  2⤵
  PID:5256
- C:\Windows\System\FqcLtGK.exe
  C:\Windows\System\FqcLtGK.exe
  2⤵
  PID:5272
- C:\Windows\System\xcRnuiN.exe
  C:\Windows\System\xcRnuiN.exe
  2⤵
  PID:5288
- C:\Windows\System\StUAxFz.exe
  C:\Windows\System\StUAxFz.exe
  2⤵
  PID:5340
- C:\Windows\System\ZnVrAfD.exe
  C:\Windows\System\ZnVrAfD.exe
  2⤵
  PID:5364
- C:\Windows\System\cXatvxI.exe
  C:\Windows\System\cXatvxI.exe
  2⤵
  PID:5384
- C:\Windows\System\gvoHexz.exe
  C:\Windows\System\gvoHexz.exe
  2⤵
  PID:5400
- C:\Windows\System\zHbioXB.exe
  C:\Windows\System\zHbioXB.exe
  2⤵
  PID:5416
- C:\Windows\System\vpTqkXV.exe
  C:\Windows\System\vpTqkXV.exe
  2⤵
  PID:5432
- C:\Windows\System\fobGJvG.exe
  C:\Windows\System\fobGJvG.exe
  2⤵
  PID:5448
- C:\Windows\System\VlnItEy.exe
  C:\Windows\System\VlnItEy.exe
  2⤵
  PID:5476
- C:\Windows\System\gNvbAXa.exe
  C:\Windows\System\gNvbAXa.exe
  2⤵
  PID:5496
- C:\Windows\System\GlUCIww.exe
  C:\Windows\System\GlUCIww.exe
  2⤵
  PID:5532
- C:\Windows\System\aiAiJxk.exe
  C:\Windows\System\aiAiJxk.exe
  2⤵
  PID:5552
- C:\Windows\System\BxkUoTE.exe
  C:\Windows\System\BxkUoTE.exe
  2⤵
  PID:5572
- C:\Windows\System\BsDeuBG.exe
  C:\Windows\System\BsDeuBG.exe
  2⤵
  PID:5588
- C:\Windows\System\yuGmsLE.exe
  C:\Windows\System\yuGmsLE.exe
  2⤵
  PID:5604
- C:\Windows\System\BLbzoyS.exe
  C:\Windows\System\BLbzoyS.exe
  2⤵
  PID:5620
- C:\Windows\System\zFUrNWh.exe
  C:\Windows\System\zFUrNWh.exe
  2⤵
  PID:5640
- C:\Windows\System\ZaJRdyl.exe
  C:\Windows\System\ZaJRdyl.exe
  2⤵
  PID:5664
- C:\Windows\System\UFxeXQf.exe
  C:\Windows\System\UFxeXQf.exe
  2⤵
  PID:5684
- C:\Windows\System\GscnUIZ.exe
  C:\Windows\System\GscnUIZ.exe
  2⤵
  PID:5704
- C:\Windows\System\zUTOxnS.exe
  C:\Windows\System\zUTOxnS.exe
  2⤵
  PID:5720
- C:\Windows\System\ioZbmiG.exe
  C:\Windows\System\ioZbmiG.exe
  2⤵
  PID:5744
- C:\Windows\System\MqZXeKr.exe
  C:\Windows\System\MqZXeKr.exe
  2⤵
  PID:5760
- C:\Windows\System\PXQFXTZ.exe
  C:\Windows\System\PXQFXTZ.exe
  2⤵
  PID:5788
- C:\Windows\System\jzmuAlV.exe
  C:\Windows\System\jzmuAlV.exe
  2⤵
  PID:5804
- C:\Windows\System\TIjSFQP.exe
  C:\Windows\System\TIjSFQP.exe
  2⤵
  PID:5828
- C:\Windows\System\QGRCzgq.exe
  C:\Windows\System\QGRCzgq.exe
  2⤵
  PID:5844
- C:\Windows\System\LiiEAvP.exe
  C:\Windows\System\LiiEAvP.exe
  2⤵
  PID:5868
- C:\Windows\System\msRuuRa.exe
  C:\Windows\System\msRuuRa.exe
  2⤵
  PID:5884
- C:\Windows\System\hgQieFu.exe
  C:\Windows\System\hgQieFu.exe
  2⤵
  PID:5900
- C:\Windows\System\osgbIhu.exe
  C:\Windows\System\osgbIhu.exe
  2⤵
  PID:5924
- C:\Windows\System\teDSZHf.exe
  C:\Windows\System\teDSZHf.exe
  2⤵
  PID:5944
- C:\Windows\System\ncfwnDf.exe
  C:\Windows\System\ncfwnDf.exe
  2⤵
  PID:5960
- C:\Windows\System\OsZyIPr.exe
  C:\Windows\System\OsZyIPr.exe
  2⤵
  PID:5980
- C:\Windows\System\rvemLKt.exe
  C:\Windows\System\rvemLKt.exe
  2⤵
  PID:5996
- C:\Windows\System\kFSpTIc.exe
  C:\Windows\System\kFSpTIc.exe
  2⤵
  PID:6012
- C:\Windows\System\CrhEwJk.exe
  C:\Windows\System\CrhEwJk.exe
  2⤵
  PID:6032
- C:\Windows\System\tJZvGfd.exe
  C:\Windows\System\tJZvGfd.exe
  2⤵
  PID:6056
- C:\Windows\System\DcldzpX.exe
  C:\Windows\System\DcldzpX.exe
  2⤵
  PID:6072
- C:\Windows\System\EPHnifq.exe
  C:\Windows\System\EPHnifq.exe
  2⤵
  PID:6096
- C:\Windows\System\txvvXzV.exe
  C:\Windows\System\txvvXzV.exe
  2⤵
  PID:6120
- C:\Windows\System\zshGTSc.exe
  C:\Windows\System\zshGTSc.exe
  2⤵
  PID:6136
- C:\Windows\System\bJqZQqP.exe
  C:\Windows\System\bJqZQqP.exe
  2⤵
  PID:4228
- C:\Windows\System\AEeXvvh.exe
  C:\Windows\System\AEeXvvh.exe
  2⤵
  PID:4968
- C:\Windows\System\icRVeXX.exe
  C:\Windows\System\icRVeXX.exe
  2⤵
  PID:4972
- C:\Windows\System\YaMYdCM.exe
  C:\Windows\System\YaMYdCM.exe
  2⤵
  PID:2760
- C:\Windows\System\yjurFoy.exe
  C:\Windows\System\yjurFoy.exe
  2⤵
  PID:996
- C:\Windows\System\hvmcakf.exe
  C:\Windows\System\hvmcakf.exe
  2⤵
  PID:5168
- C:\Windows\System\ncznbmX.exe
  C:\Windows\System\ncznbmX.exe
  2⤵
  PID:5208
- C:\Windows\System\sxTrSiV.exe
  C:\Windows\System\sxTrSiV.exe
  2⤵
  PID:4596
- C:\Windows\System\PJQFAJT.exe
  C:\Windows\System\PJQFAJT.exe
  2⤵
  PID:5284
- C:\Windows\System\CqdMPpN.exe
  C:\Windows\System\CqdMPpN.exe
  2⤵
  PID:4808
- C:\Windows\System\iUiWPco.exe
  C:\Windows\System\iUiWPco.exe
  2⤵
  PID:4688
- C:\Windows\System\anoNZsP.exe
  C:\Windows\System\anoNZsP.exe
  2⤵
  PID:3212
- C:\Windows\System\dMBegML.exe
  C:\Windows\System\dMBegML.exe
  2⤵
  PID:3228
- C:\Windows\System\LjVuvBW.exe
  C:\Windows\System\LjVuvBW.exe
  2⤵
  PID:4496
- C:\Windows\System\AGaGWZQ.exe
  C:\Windows\System\AGaGWZQ.exe
  2⤵
  PID:5148
- C:\Windows\System\AwjkAKR.exe
  C:\Windows\System\AwjkAKR.exe
  2⤵
  PID:5192
- C:\Windows\System\IPciEAm.exe
  C:\Windows\System\IPciEAm.exe
  2⤵
  PID:5236
- C:\Windows\System\MASobOS.exe
  C:\Windows\System\MASobOS.exe
  2⤵
  PID:5300
- C:\Windows\System\RLtGZvQ.exe
  C:\Windows\System\RLtGZvQ.exe
  2⤵
  PID:4008
- C:\Windows\System\TNWFOfu.exe
  C:\Windows\System\TNWFOfu.exe
  2⤵
  PID:5312
- C:\Windows\System\qKySggz.exe
  C:\Windows\System\qKySggz.exe
  2⤵
  PID:5356
- C:\Windows\System\QJpscpo.exe
  C:\Windows\System\QJpscpo.exe
  2⤵
  PID:5424
- C:\Windows\System\MQpCkis.exe
  C:\Windows\System\MQpCkis.exe
  2⤵
  PID:5464
- C:\Windows\System\GKNtvzB.exe
  C:\Windows\System\GKNtvzB.exe
  2⤵
  PID:5408
- C:\Windows\System\HZBPPrx.exe
  C:\Windows\System\HZBPPrx.exe
  2⤵
  PID:5672
- C:\Windows\System\lXyZFSc.exe
  C:\Windows\System\lXyZFSc.exe
  2⤵
  PID:5716
- C:\Windows\System\pyFqgnL.exe
  C:\Windows\System\pyFqgnL.exe
  2⤵
  PID:4404
- C:\Windows\System\QGriLDI.exe
  C:\Windows\System\QGriLDI.exe
  2⤵
  PID:5796
- C:\Windows\System\xdnBljx.exe
  C:\Windows\System\xdnBljx.exe
  2⤵
  PID:5880
- C:\Windows\System\fHzLebj.exe
  C:\Windows\System\fHzLebj.exe
  2⤵
  PID:5916
- C:\Windows\System\ijGGovw.exe
  C:\Windows\System\ijGGovw.exe
  2⤵
  PID:5648
- C:\Windows\System\XHdujjV.exe
  C:\Windows\System\XHdujjV.exe
  2⤵
  PID:5988
- C:\Windows\System\yDTITdJ.exe
  C:\Windows\System\yDTITdJ.exe
  2⤵
  PID:1488
- C:\Windows\System\XURKzxN.exe
  C:\Windows\System\XURKzxN.exe
  2⤵
  PID:6104
- C:\Windows\System\XrjaVJn.exe
  C:\Windows\System\XrjaVJn.exe
  2⤵
  PID:2604
- C:\Windows\System\OMkrPiC.exe
  C:\Windows\System\OMkrPiC.exe
  2⤵
  PID:5736
- C:\Windows\System\ujLSqyu.exe
  C:\Windows\System\ujLSqyu.exe
  2⤵
  PID:5692
- C:\Windows\System\CUfaqRP.exe
  C:\Windows\System\CUfaqRP.exe
  2⤵
  PID:5776
- C:\Windows\System\rMrFeHX.exe
  C:\Windows\System\rMrFeHX.exe
  2⤵
  PID:1764
- C:\Windows\System\qPgrVPO.exe
  C:\Windows\System\qPgrVPO.exe
  2⤵
  PID:4032
- C:\Windows\System\MKwFcVX.exe
  C:\Windows\System\MKwFcVX.exe
  2⤵
  PID:4632
- C:\Windows\System\bZKSTRf.exe
  C:\Windows\System\bZKSTRf.exe
  2⤵
  PID:2108
- C:\Windows\System\AnxxYzT.exe
  C:\Windows\System\AnxxYzT.exe
  2⤵
  PID:5332
- C:\Windows\System\VfBEwdp.exe
  C:\Windows\System\VfBEwdp.exe
  2⤵
  PID:2300
- C:\Windows\System\KBKBunB.exe
  C:\Windows\System\KBKBunB.exe
  2⤵
  PID:2040
- C:\Windows\System\AaXqjSl.exe
  C:\Windows\System\AaXqjSl.exe
  2⤵
  PID:5816
- C:\Windows\System\EjTDoQd.exe
  C:\Windows\System\EjTDoQd.exe
  2⤵
  PID:5852
- C:\Windows\System\grsqXsP.exe
  C:\Windows\System\grsqXsP.exe
  2⤵
  PID:968
- C:\Windows\System\LFkUJID.exe
  C:\Windows\System\LFkUJID.exe
  2⤵
  PID:5968
- C:\Windows\System\ctxZtXJ.exe
  C:\Windows\System\ctxZtXJ.exe
  2⤵
  PID:1384
- C:\Windows\System\zUsvGgu.exe
  C:\Windows\System\zUsvGgu.exe
  2⤵
  PID:6048
- C:\Windows\System\iZdJXVD.exe
  C:\Windows\System\iZdJXVD.exe
  2⤵
  PID:6092
- C:\Windows\System\NoGiWKy.exe
  C:\Windows\System\NoGiWKy.exe
  2⤵
  PID:5440
- C:\Windows\System\afNZggu.exe
  C:\Windows\System\afNZggu.exe
  2⤵
  PID:4856
- C:\Windows\System\jQjPgAa.exe
  C:\Windows\System\jQjPgAa.exe
  2⤵
  PID:3848
- C:\Windows\System\bXtnzpt.exe
  C:\Windows\System\bXtnzpt.exe
  2⤵
  PID:5348
- C:\Windows\System\epaeDYP.exe
  C:\Windows\System\epaeDYP.exe
  2⤵
  PID:5472
- C:\Windows\System\HTIweAq.exe
  C:\Windows\System\HTIweAq.exe
  2⤵
  PID:4844
- C:\Windows\System\ynGclhp.exe
  C:\Windows\System\ynGclhp.exe
  2⤵
  PID:5248
- C:\Windows\System\gajdZWq.exe
  C:\Windows\System\gajdZWq.exe
  2⤵
  PID:1704
- C:\Windows\System\BkwLylc.exe
  C:\Windows\System\BkwLylc.exe
  2⤵
  PID:5516
- C:\Windows\System\AgSrZOj.exe
  C:\Windows\System\AgSrZOj.exe
  2⤵
  PID:5520
- C:\Windows\System\AZcwbUW.exe
  C:\Windows\System\AZcwbUW.exe
  2⤵
  PID:5540
- C:\Windows\System\gmcmxbp.exe
  C:\Windows\System\gmcmxbp.exe
  2⤵
  PID:5544
- C:\Windows\System\zFriguS.exe
  C:\Windows\System\zFriguS.exe
  2⤵
  PID:5584
- C:\Windows\System\eWTIvAf.exe
  C:\Windows\System\eWTIvAf.exe
  2⤵
  PID:5920
- C:\Windows\System\sdXKQpe.exe
  C:\Windows\System\sdXKQpe.exe
  2⤵
  PID:3356
- C:\Windows\System\OJwXloE.exe
  C:\Windows\System\OJwXloE.exe
  2⤵
  PID:6020
- C:\Windows\System\RKoMyJa.exe
  C:\Windows\System\RKoMyJa.exe
  2⤵
  PID:6024
- C:\Windows\System\JNzFXhK.exe
  C:\Windows\System\JNzFXhK.exe
  2⤵
  PID:6116
- C:\Windows\System\ILGhqMW.exe
  C:\Windows\System\ILGhqMW.exe
  2⤵
  PID:5732
- C:\Windows\System\edxtbje.exe
  C:\Windows\System\edxtbje.exe
  2⤵
  PID:3384
- C:\Windows\System\bqfxfQg.exe
  C:\Windows\System\bqfxfQg.exe
  2⤵
  PID:5324
- C:\Windows\System\rVYRfdi.exe
  C:\Windows\System\rVYRfdi.exe
  2⤵
  PID:5232
- C:\Windows\System\WAIuVSk.exe
  C:\Windows\System\WAIuVSk.exe
  2⤵
  PID:568
- C:\Windows\System\kwOUEyV.exe
  C:\Windows\System\kwOUEyV.exe
  2⤵
  PID:2348
- C:\Windows\System\bWBnCVM.exe
  C:\Windows\System\bWBnCVM.exe
  2⤵
  PID:5860
- C:\Windows\System\woOSfsK.exe
  C:\Windows\System\woOSfsK.exe
  2⤵
  PID:5936
- C:\Windows\System\QYUJKPX.exe
  C:\Windows\System\QYUJKPX.exe
  2⤵
  PID:6044
- C:\Windows\System\zQtWRMu.exe
  C:\Windows\System\zQtWRMu.exe
  2⤵
  PID:800
- C:\Windows\System\OHVXvzS.exe
  C:\Windows\System\OHVXvzS.exe
  2⤵
  PID:5392
- C:\Windows\System\SfoDDHx.exe
  C:\Windows\System\SfoDDHx.exe
  2⤵
  PID:5252
- C:\Windows\System\DvPmKaU.exe
  C:\Windows\System\DvPmKaU.exe
  2⤵
  PID:5188
- C:\Windows\System\FOTEmYj.exe
  C:\Windows\System\FOTEmYj.exe
  2⤵
  PID:5508
- C:\Windows\System\NcVvGfM.exe
  C:\Windows\System\NcVvGfM.exe
  2⤵
  PID:5096
- C:\Windows\System\YScluMV.exe
  C:\Windows\System\YScluMV.exe
  2⤵
  PID:4988
- C:\Windows\System\VMZVAsx.exe
  C:\Windows\System\VMZVAsx.exe
  2⤵
  PID:4436
- C:\Windows\System\DgnVMIb.exe
  C:\Windows\System\DgnVMIb.exe
  2⤵
  PID:5956
- C:\Windows\System\vzIwiNH.exe
  C:\Windows\System\vzIwiNH.exe
  2⤵
  PID:5048
- C:\Windows\System\YuuOYJF.exe
  C:\Windows\System\YuuOYJF.exe
  2⤵
  PID:4928
- C:\Windows\System\rUeDNxe.exe
  C:\Windows\System\rUeDNxe.exe
  2⤵
  PID:5700
- C:\Windows\System\CePjOJE.exe
  C:\Windows\System\CePjOJE.exe
  2⤵
  PID:5228
- C:\Windows\System\gkVDdXG.exe
  C:\Windows\System\gkVDdXG.exe
  2⤵
  PID:5128
- C:\Windows\System\fPtWrWX.exe
  C:\Windows\System\fPtWrWX.exe
  2⤵
  PID:5144
- C:\Windows\System\lVRlILL.exe
  C:\Windows\System\lVRlILL.exe
  2⤵
  PID:3856
- C:\Windows\System\aWdwRfM.exe
  C:\Windows\System\aWdwRfM.exe
  2⤵
  PID:5280
- C:\Windows\System\dumzHJD.exe
  C:\Windows\System\dumzHJD.exe
  2⤵
  PID:2008
- C:\Windows\System\SCWgtMI.exe
  C:\Windows\System\SCWgtMI.exe
  2⤵
  PID:5184
- C:\Windows\System\xzYPQUq.exe
  C:\Windows\System\xzYPQUq.exe
  2⤵
  PID:1620
- C:\Windows\System\hnVapJX.exe
  C:\Windows\System\hnVapJX.exe
  2⤵
  PID:4712
- C:\Windows\System\YHuFqlX.exe
  C:\Windows\System\YHuFqlX.exe
  2⤵
  PID:3248
- C:\Windows\System\QbZAOMg.exe
  C:\Windows\System\QbZAOMg.exe
  2⤵
  PID:3256
- C:\Windows\System\aAaLzWL.exe
  C:\Windows\System\aAaLzWL.exe
  2⤵
  PID:5580
- C:\Windows\System\jWxosPr.exe
  C:\Windows\System\jWxosPr.exe
  2⤵
  PID:3528
- C:\Windows\System\OvCRRdR.exe
  C:\Windows\System\OvCRRdR.exe
  2⤵
  PID:1164
- C:\Windows\System\WHYpMRL.exe
  C:\Windows\System\WHYpMRL.exe
  2⤵
  PID:5380
- C:\Windows\System\CEYOZzp.exe
  C:\Windows\System\CEYOZzp.exe
  2⤵
  PID:6156
- C:\Windows\System\vzQpzqW.exe
  C:\Windows\System\vzQpzqW.exe
  2⤵
  PID:6176
- C:\Windows\System\oWIGmBS.exe
  C:\Windows\System\oWIGmBS.exe
  2⤵
  PID:6196
- C:\Windows\System\BDnyVUs.exe
  C:\Windows\System\BDnyVUs.exe
  2⤵
  PID:6212
- C:\Windows\System\APPoNNz.exe
  C:\Windows\System\APPoNNz.exe
  2⤵
  PID:6236
- C:\Windows\System\NkndHwS.exe
  C:\Windows\System\NkndHwS.exe
  2⤵
  PID:6256
- C:\Windows\System\tvTjoaO.exe
  C:\Windows\System\tvTjoaO.exe
  2⤵
  PID:6280
- C:\Windows\System\fkHMsxR.exe
  C:\Windows\System\fkHMsxR.exe
  2⤵
  PID:6300
- C:\Windows\System\wreKlYF.exe
  C:\Windows\System\wreKlYF.exe
  2⤵
  PID:6320
- C:\Windows\System\ApnBtYu.exe
  C:\Windows\System\ApnBtYu.exe
  2⤵
  PID:6336
- C:\Windows\System\PoiZnXl.exe
  C:\Windows\System\PoiZnXl.exe
  2⤵
  PID:6360
- C:\Windows\System\cdQzBNN.exe
  C:\Windows\System\cdQzBNN.exe
  2⤵
  PID:6376
- C:\Windows\System\JlPbmSg.exe
  C:\Windows\System\JlPbmSg.exe
  2⤵
  PID:6396
- C:\Windows\System\sJrLuyG.exe
  C:\Windows\System\sJrLuyG.exe
  2⤵
  PID:6416
- C:\Windows\System\UfJHlPy.exe
  C:\Windows\System\UfJHlPy.exe
  2⤵
  PID:6436
- C:\Windows\System\qAqbNHb.exe
  C:\Windows\System\qAqbNHb.exe
  2⤵
  PID:6452
- C:\Windows\System\qZtjFxL.exe
  C:\Windows\System\qZtjFxL.exe
  2⤵
  PID:6476
- C:\Windows\System\KwdpBDV.exe
  C:\Windows\System\KwdpBDV.exe
  2⤵
  PID:6492
- C:\Windows\System\JtxtbKo.exe
  C:\Windows\System\JtxtbKo.exe
  2⤵
  PID:6516
- C:\Windows\System\UXbiDGf.exe
  C:\Windows\System\UXbiDGf.exe
  2⤵
  PID:6532
- C:\Windows\System\PVVaDos.exe
  C:\Windows\System\PVVaDos.exe
  2⤵
  PID:6552
- C:\Windows\System\BLsKyFi.exe
  C:\Windows\System\BLsKyFi.exe
  2⤵
  PID:6568
- C:\Windows\System\ptAnElj.exe
  C:\Windows\System\ptAnElj.exe
  2⤵
  PID:6592
- C:\Windows\System\zHseDgG.exe
  C:\Windows\System\zHseDgG.exe
  2⤵
  PID:6608
- C:\Windows\System\jQzLEIs.exe
  C:\Windows\System\jQzLEIs.exe
  2⤵
  PID:6632
- C:\Windows\System\SptutVi.exe
  C:\Windows\System\SptutVi.exe
  2⤵
  PID:6660
- C:\Windows\System\BKMNOSB.exe
  C:\Windows\System\BKMNOSB.exe
  2⤵
  PID:6680
- C:\Windows\System\FdaULTp.exe
  C:\Windows\System\FdaULTp.exe
  2⤵
  PID:6696
- C:\Windows\System\UvFAiMT.exe
  C:\Windows\System\UvFAiMT.exe
  2⤵
  PID:6716
- C:\Windows\System\MMJWzov.exe
  C:\Windows\System\MMJWzov.exe
  2⤵
  PID:6736
- C:\Windows\System\PbFJeJn.exe
  C:\Windows\System\PbFJeJn.exe
  2⤵
  PID:6752
- C:\Windows\System\pRUTwEc.exe
  C:\Windows\System\pRUTwEc.exe
  2⤵
  PID:6772
- C:\Windows\System\eixlhgT.exe
  C:\Windows\System\eixlhgT.exe
  2⤵
  PID:6796
- C:\Windows\System\ByUjvZY.exe
  C:\Windows\System\ByUjvZY.exe
  2⤵
  PID:6820
- C:\Windows\System\puyQyDl.exe
  C:\Windows\System\puyQyDl.exe
  2⤵
  PID:6836
- C:\Windows\System\yAVGbKB.exe
  C:\Windows\System\yAVGbKB.exe
  2⤵
  PID:6852
- C:\Windows\System\fjDFzHc.exe
  C:\Windows\System\fjDFzHc.exe
  2⤵
  PID:6872
- C:\Windows\System\KCVDBVy.exe
  C:\Windows\System\KCVDBVy.exe
  2⤵
  PID:6892
- C:\Windows\System\HMapmNP.exe
  C:\Windows\System\HMapmNP.exe
  2⤵
  PID:6916
- C:\Windows\System\iltSXKS.exe
  C:\Windows\System\iltSXKS.exe
  2⤵
  PID:6936
- C:\Windows\System\ohbBSJL.exe
  C:\Windows\System\ohbBSJL.exe
  2⤵
  PID:6956
- C:\Windows\System\lWQRKYn.exe
  C:\Windows\System\lWQRKYn.exe
  2⤵
  PID:6984
- C:\Windows\System\VEasWKR.exe
  C:\Windows\System\VEasWKR.exe
  2⤵
  PID:7000
- C:\Windows\System\suJkTAe.exe
  C:\Windows\System\suJkTAe.exe
  2⤵
  PID:7020
- C:\Windows\System\EBduwjP.exe
  C:\Windows\System\EBduwjP.exe
  2⤵
  PID:7044
- C:\Windows\System\AhURAGI.exe
  C:\Windows\System\AhURAGI.exe
  2⤵
  PID:7060
- C:\Windows\System\eFQeFtc.exe
  C:\Windows\System\eFQeFtc.exe
  2⤵
  PID:7084
- C:\Windows\System\xWFwcGw.exe
  C:\Windows\System\xWFwcGw.exe
  2⤵
  PID:7100
- C:\Windows\System\OXGgcry.exe
  C:\Windows\System\OXGgcry.exe
  2⤵
  PID:7124
- C:\Windows\System\sxGVqaC.exe
  C:\Windows\System\sxGVqaC.exe
  2⤵
  PID:7144
- C:\Windows\System\MwYobEp.exe
  C:\Windows\System\MwYobEp.exe
  2⤵
  PID:7160
- C:\Windows\System\glssahX.exe
  C:\Windows\System\glssahX.exe
  2⤵
  PID:5156
- C:\Windows\System\ecXuwus.exe
  C:\Windows\System\ecXuwus.exe
  2⤵
  PID:5316
- C:\Windows\System\dQuwpHn.exe
  C:\Windows\System\dQuwpHn.exe
  2⤵
  PID:2260
- C:\Windows\System\TUpTXPP.exe
  C:\Windows\System\TUpTXPP.exe
  2⤵
  PID:5784
- C:\Windows\System\sTXKfRk.exe
  C:\Windows\System\sTXKfRk.exe
  2⤵
  PID:5512
- C:\Windows\System\hRfzmaF.exe
  C:\Windows\System\hRfzmaF.exe
  2⤵
  PID:5768
- C:\Windows\System\Smpirue.exe
  C:\Windows\System\Smpirue.exe
  2⤵
  PID:3464
- C:\Windows\System\mZbDlDs.exe
  C:\Windows\System\mZbDlDs.exe
  2⤵
  PID:4820
- C:\Windows\System\nTlxpsF.exe
  C:\Windows\System\nTlxpsF.exe
  2⤵
  PID:5460
- C:\Windows\System\rzlPNTV.exe
  C:\Windows\System\rzlPNTV.exe
  2⤵
  PID:6192
- C:\Windows\System\SbMltsf.exe
  C:\Windows\System\SbMltsf.exe
  2⤵
  PID:6204
- C:\Windows\System\jwkaffl.exe
  C:\Windows\System\jwkaffl.exe
  2⤵
  PID:6232
- C:\Windows\System\wwxOxuk.exe
  C:\Windows\System\wwxOxuk.exe
  2⤵
  PID:6248
- C:\Windows\System\BGxHhXW.exe
  C:\Windows\System\BGxHhXW.exe
  2⤵
  PID:6272
- C:\Windows\System\bqQrSEo.exe
  C:\Windows\System\bqQrSEo.exe
  2⤵
  PID:6344
- C:\Windows\System\jRgKgCj.exe
  C:\Windows\System\jRgKgCj.exe
  2⤵
  PID:6384
- C:\Windows\System\biNBVzf.exe
  C:\Windows\System\biNBVzf.exe
  2⤵
  PID:6432
- C:\Windows\System\Wrbjahq.exe
  C:\Windows\System\Wrbjahq.exe
  2⤵
  PID:6472
- C:\Windows\System\HzUYCUI.exe
  C:\Windows\System\HzUYCUI.exe
  2⤵
  PID:6512
- C:\Windows\System\NttQALm.exe
  C:\Windows\System\NttQALm.exe
  2⤵
  PID:6368
- C:\Windows\System\RvIMiJf.exe
  C:\Windows\System\RvIMiJf.exe
  2⤵
  PID:6408
- C:\Windows\System\zkFhObh.exe
  C:\Windows\System\zkFhObh.exe
  2⤵
  PID:6448
- C:\Windows\System\ORYPgNC.exe
  C:\Windows\System\ORYPgNC.exe
  2⤵
  PID:6488
- C:\Windows\System\pdYPaEY.exe
  C:\Windows\System\pdYPaEY.exe
  2⤵
  PID:6628
- C:\Windows\System\DFRUIHb.exe
  C:\Windows\System\DFRUIHb.exe
  2⤵
  PID:6564
- C:\Windows\System\mhqcAnn.exe
  C:\Windows\System\mhqcAnn.exe
  2⤵
  PID:6524
- C:\Windows\System\xVKDrQY.exe
  C:\Windows\System\xVKDrQY.exe
  2⤵
  PID:6656
- C:\Windows\System\ddsyvYg.exe
  C:\Windows\System\ddsyvYg.exe
  2⤵
  PID:6672
- C:\Windows\System\XeXYZnE.exe
  C:\Windows\System\XeXYZnE.exe
  2⤵
  PID:6688
- C:\Windows\System\nlVWIBk.exe
  C:\Windows\System\nlVWIBk.exe
  2⤵
  PID:6780
- C:\Windows\System\fKiZlme.exe
  C:\Windows\System\fKiZlme.exe
  2⤵
  PID:2744
- C:\Windows\System\FBXlKeT.exe
  C:\Windows\System\FBXlKeT.exe
  2⤵
  PID:6728
- C:\Windows\System\xltIDJv.exe
  C:\Windows\System\xltIDJv.exe
  2⤵
  PID:6760
- C:\Windows\System\ohJlXiE.exe
  C:\Windows\System\ohJlXiE.exe
  2⤵
  PID:6724
- C:\Windows\System\vGeIhvz.exe
  C:\Windows\System\vGeIhvz.exe
  2⤵
  PID:6912
- C:\Windows\System\WaIGNSC.exe
  C:\Windows\System\WaIGNSC.exe
  2⤵
  PID:6948
- C:\Windows\System\qJUNoCk.exe
  C:\Windows\System\qJUNoCk.exe
  2⤵
  PID:6928
- C:\Windows\System\CKkivKH.exe
  C:\Windows\System\CKkivKH.exe
  2⤵
  PID:7028
- C:\Windows\System\xQFPlrK.exe
  C:\Windows\System\xQFPlrK.exe
  2⤵
  PID:6924
- C:\Windows\System\RtNlAmA.exe
  C:\Windows\System\RtNlAmA.exe
  2⤵
  PID:7108
- C:\Windows\System\ezvLVcT.exe
  C:\Windows\System\ezvLVcT.exe
  2⤵
  PID:7112
- C:\Windows\System\HeLJSXp.exe
  C:\Windows\System\HeLJSXp.exe
  2⤵
  PID:5812
- C:\Windows\System\WAKaiMv.exe
  C:\Windows\System\WAKaiMv.exe
  2⤵
  PID:3512
- C:\Windows\System\xIPPCcY.exe
  C:\Windows\System\xIPPCcY.exe
  2⤵
  PID:7016
- C:\Windows\System\LpviJFV.exe
  C:\Windows\System\LpviJFV.exe
  2⤵
  PID:6148
- C:\Windows\System\riWHIHK.exe
  C:\Windows\System\riWHIHK.exe
  2⤵
  PID:5268
- C:\Windows\System\UURsebp.exe
  C:\Windows\System\UURsebp.exe
  2⤵
  PID:6268
- C:\Windows\System\cMYvuoi.exe
  C:\Windows\System\cMYvuoi.exe
  2⤵
  PID:6460
- C:\Windows\System\oCCBBRD.exe
  C:\Windows\System\oCCBBRD.exe
  2⤵
  PID:6404
- C:\Windows\System\NJxKJqO.exe
  C:\Windows\System\NJxKJqO.exe
  2⤵
  PID:6604
- C:\Windows\System\ibrTnsj.exe
  C:\Windows\System\ibrTnsj.exe
  2⤵
  PID:4256
- C:\Windows\System\DgCMiAX.exe
  C:\Windows\System\DgCMiAX.exe
  2⤵
  PID:6676
- C:\Windows\System\xdDaojV.exe
  C:\Windows\System\xdDaojV.exe
  2⤵
  PID:5528
- C:\Windows\System\ntVrhhq.exe
  C:\Windows\System\ntVrhhq.exe
  2⤵
  PID:6832
- C:\Windows\System\TXpjjKk.exe
  C:\Windows\System\TXpjjKk.exe
  2⤵
  PID:6816
- C:\Windows\System\NixnhVO.exe
  C:\Windows\System\NixnhVO.exe
  2⤵
  PID:5372
- C:\Windows\System\RDjSyPy.exe
  C:\Windows\System\RDjSyPy.exe
  2⤵
  PID:5564
- C:\Windows\System\fiEfQNb.exe
  C:\Windows\System\fiEfQNb.exe
  2⤵
  PID:5616
- C:\Windows\System\ScSMagF.exe
  C:\Windows\System\ScSMagF.exe
  2⤵
  PID:5896
- C:\Windows\System\kwKBWMS.exe
  C:\Windows\System\kwKBWMS.exe
  2⤵
  PID:3520
- C:\Windows\System\luwYopU.exe
  C:\Windows\System\luwYopU.exe
  2⤵
  PID:1868
- C:\Windows\System\eIToNGQ.exe
  C:\Windows\System\eIToNGQ.exe
  2⤵
  PID:6288
- C:\Windows\System\YJZpnQh.exe
  C:\Windows\System\YJZpnQh.exe
  2⤵
  PID:5488
- C:\Windows\System\MDmUEZB.exe
  C:\Windows\System\MDmUEZB.exe
  2⤵
  PID:6580
- C:\Windows\System\BydGDpG.exe
  C:\Windows\System\BydGDpG.exe
  2⤵
  PID:1936
- C:\Windows\System\nyxTFzf.exe
  C:\Windows\System\nyxTFzf.exe
  2⤵
  PID:6712
- C:\Windows\System\iYtssLJ.exe
  C:\Windows\System\iYtssLJ.exe
  2⤵
  PID:6864
- C:\Windows\System\PTThVTc.exe
  C:\Windows\System\PTThVTc.exe
  2⤵
  PID:2780
- C:\Windows\System\xSHuenS.exe
  C:\Windows\System\xSHuenS.exe
  2⤵
  PID:2888
- C:\Windows\System\waLOqwX.exe
  C:\Windows\System\waLOqwX.exe
  2⤵
  PID:5632
- C:\Windows\System\HWQTSum.exe
  C:\Windows\System\HWQTSum.exe
  2⤵
  PID:7012
- C:\Windows\System\oodBbSF.exe
  C:\Windows\System\oodBbSF.exe
  2⤵
  PID:3388
- C:\Windows\System\WCLKHrV.exe
  C:\Windows\System\WCLKHrV.exe
  2⤵
  PID:6356
- C:\Windows\System\HXPEozY.exe
  C:\Windows\System\HXPEozY.exe
  2⤵
  PID:6668
- C:\Windows\System\VesgtNP.exe
  C:\Windows\System\VesgtNP.exe
  2⤵
  PID:5824
- C:\Windows\System\SNmBdDP.exe
  C:\Windows\System\SNmBdDP.exe
  2⤵
  PID:6208
- C:\Windows\System\JuOLqSX.exe
  C:\Windows\System\JuOLqSX.exe
  2⤵
  PID:6332
- C:\Windows\System\dbsODbf.exe
  C:\Windows\System\dbsODbf.exe
  2⤵
  PID:6748
- C:\Windows\System\eGrXeJk.exe
  C:\Windows\System\eGrXeJk.exe
  2⤵
  PID:6768
- C:\Windows\System\mTWhwAP.exe
  C:\Windows\System\mTWhwAP.exe
  2⤵
  PID:2556
- C:\Windows\System\pzUcJdV.exe
  C:\Windows\System\pzUcJdV.exe
  2⤵
  PID:6992
- C:\Windows\System\bUHnomX.exe
  C:\Windows\System\bUHnomX.exe
  2⤵
  PID:6252
- C:\Windows\System\BVOKkMm.exe
  C:\Windows\System\BVOKkMm.exe
  2⤵
  PID:5628
- C:\Windows\System\IcXGIZc.exe
  C:\Windows\System\IcXGIZc.exe
  2⤵
  PID:6388
- C:\Windows\System\tKJNeIH.exe
  C:\Windows\System\tKJNeIH.exe
  2⤵
  PID:1880
- C:\Windows\System\Jjhjyzv.exe
  C:\Windows\System\Jjhjyzv.exe
  2⤵
  PID:624
- C:\Windows\System\maFBfrw.exe
  C:\Windows\System\maFBfrw.exe
  2⤵
  PID:7032
- C:\Windows\System\rUkoxlP.exe
  C:\Windows\System\rUkoxlP.exe
  2⤵
  PID:5612
- C:\Windows\System\qgMIDMq.exe
  C:\Windows\System\qgMIDMq.exe
  2⤵
  PID:1576
- C:\Windows\System\GiZfzub.exe
  C:\Windows\System\GiZfzub.exe
  2⤵
  PID:6544
- C:\Windows\System\nLXhmWR.exe
  C:\Windows\System\nLXhmWR.exe
  2⤵
  PID:6652
- C:\Windows\System\AoLOmAP.exe
  C:\Windows\System\AoLOmAP.exe
  2⤵
  PID:6968
- C:\Windows\System\mcMmOZk.exe
  C:\Windows\System\mcMmOZk.exe
  2⤵
  PID:5308
- C:\Windows\System\tgffRxo.exe
  C:\Windows\System\tgffRxo.exe
  2⤵
  PID:6484
- C:\Windows\System\jsvDiQY.exe
  C:\Windows\System\jsvDiQY.exe
  2⤵
  PID:6528
- C:\Windows\System\FTntdvb.exe
  C:\Windows\System\FTntdvb.exe
  2⤵
  PID:2608
- C:\Windows\System\bwwRuRi.exe
  C:\Windows\System\bwwRuRi.exe
  2⤵
  PID:6944
- C:\Windows\System\rexBkil.exe
  C:\Windows\System\rexBkil.exe
  2⤵
  PID:5560
- C:\Windows\System\lPKNDGv.exe
  C:\Windows\System\lPKNDGv.exe
  2⤵
  PID:1872
- C:\Windows\System\mSIKmNu.exe
  C:\Windows\System\mSIKmNu.exe
  2⤵
  PID:5484
- C:\Windows\System\BkURKOW.exe
  C:\Windows\System\BkURKOW.exe
  2⤵
  PID:1816
- C:\Windows\System\GBjJNBs.exe
  C:\Windows\System\GBjJNBs.exe
  2⤵
  PID:7176
- C:\Windows\System\vEQQXPL.exe
  C:\Windows\System\vEQQXPL.exe
  2⤵
  PID:7192
- C:\Windows\System\ySwztzz.exe
  C:\Windows\System\ySwztzz.exe
  2⤵
  PID:7208
- C:\Windows\System\XjFJiRK.exe
  C:\Windows\System\XjFJiRK.exe
  2⤵
  PID:7224
- C:\Windows\System\IKdaTHZ.exe
  C:\Windows\System\IKdaTHZ.exe
  2⤵
  PID:7240
- C:\Windows\System\aORVbpP.exe
  C:\Windows\System\aORVbpP.exe
  2⤵
  PID:7256
- C:\Windows\System\iyhuzVC.exe
  C:\Windows\System\iyhuzVC.exe
  2⤵
  PID:7272
- C:\Windows\System\rNSqrQK.exe
  C:\Windows\System\rNSqrQK.exe
  2⤵
  PID:7288
- C:\Windows\System\VoGIqxU.exe
  C:\Windows\System\VoGIqxU.exe
  2⤵
  PID:7304
- C:\Windows\System\vaCeiLw.exe
  C:\Windows\System\vaCeiLw.exe
  2⤵
  PID:7320
- C:\Windows\System\QFVGEiy.exe
  C:\Windows\System\QFVGEiy.exe
  2⤵
  PID:7336
- C:\Windows\System\LmYnhMy.exe
  C:\Windows\System\LmYnhMy.exe
  2⤵
  PID:7352
- C:\Windows\System\xMvhHym.exe
  C:\Windows\System\xMvhHym.exe
  2⤵
  PID:7368
- C:\Windows\System\LNGngOT.exe
  C:\Windows\System\LNGngOT.exe
  2⤵
  PID:7384
- C:\Windows\System\NZNMTSH.exe
  C:\Windows\System\NZNMTSH.exe
  2⤵
  PID:7400
- C:\Windows\System\nocUebx.exe
  C:\Windows\System\nocUebx.exe
  2⤵
  PID:7416
- C:\Windows\System\WTNlacN.exe
  C:\Windows\System\WTNlacN.exe
  2⤵
  PID:7432
- C:\Windows\System\VbaGQmS.exe
  C:\Windows\System\VbaGQmS.exe
  2⤵
  PID:7448
- C:\Windows\System\rvJGOkT.exe
  C:\Windows\System\rvJGOkT.exe
  2⤵
  PID:7464
- C:\Windows\System\vvyUrOm.exe
  C:\Windows\System\vvyUrOm.exe
  2⤵
  PID:7480
- C:\Windows\System\sTHGFBs.exe
  C:\Windows\System\sTHGFBs.exe
  2⤵
  PID:7496
- C:\Windows\System\VZRanOq.exe
  C:\Windows\System\VZRanOq.exe
  2⤵
  PID:7512
- C:\Windows\System\kCJdXMy.exe
  C:\Windows\System\kCJdXMy.exe
  2⤵
  PID:7528
- C:\Windows\System\EqLsNru.exe
  C:\Windows\System\EqLsNru.exe
  2⤵
  PID:7544
- C:\Windows\System\tUavWwH.exe
  C:\Windows\System\tUavWwH.exe
  2⤵
  PID:7560
- C:\Windows\System\XdwtkJu.exe
  C:\Windows\System\XdwtkJu.exe
  2⤵
  PID:7576
- C:\Windows\System\xoILkdM.exe
  C:\Windows\System\xoILkdM.exe
  2⤵
  PID:7592
- C:\Windows\System\bMLvshC.exe
  C:\Windows\System\bMLvshC.exe
  2⤵
  PID:7608
- C:\Windows\System\atbyaKv.exe
  C:\Windows\System\atbyaKv.exe
  2⤵
  PID:7624
- C:\Windows\System\GmGbFnf.exe
  C:\Windows\System\GmGbFnf.exe
  2⤵
  PID:7640
- C:\Windows\System\KhATytM.exe
  C:\Windows\System\KhATytM.exe
  2⤵
  PID:7656
- C:\Windows\System\NYTnesd.exe
  C:\Windows\System\NYTnesd.exe
  2⤵
  PID:7716
- C:\Windows\System\dwpwxnQ.exe
  C:\Windows\System\dwpwxnQ.exe
  2⤵
  PID:7732
- C:\Windows\System\iysWmXw.exe
  C:\Windows\System\iysWmXw.exe
  2⤵
  PID:7752
- C:\Windows\System\LWMNfpF.exe
  C:\Windows\System\LWMNfpF.exe
  2⤵
  PID:7768
- C:\Windows\System\OEahfzB.exe
  C:\Windows\System\OEahfzB.exe
  2⤵
  PID:7784
- C:\Windows\System\mjBSLIh.exe
  C:\Windows\System\mjBSLIh.exe
  2⤵
  PID:7800
- C:\Windows\System\lwKnXSK.exe
  C:\Windows\System\lwKnXSK.exe
  2⤵
  PID:7816
- C:\Windows\System\sTLssdC.exe
  C:\Windows\System\sTLssdC.exe
  2⤵
  PID:7832
- C:\Windows\System\NEfeUUj.exe
  C:\Windows\System\NEfeUUj.exe
  2⤵
  PID:7852
- C:\Windows\System\ZmoFQwf.exe
  C:\Windows\System\ZmoFQwf.exe
  2⤵
  PID:7868
- C:\Windows\System\LqdPngd.exe
  C:\Windows\System\LqdPngd.exe
  2⤵
  PID:7884
- C:\Windows\System\iexbwCf.exe
  C:\Windows\System\iexbwCf.exe
  2⤵
  PID:7900
- C:\Windows\System\cCJBzwM.exe
  C:\Windows\System\cCJBzwM.exe
  2⤵
  PID:7916
- C:\Windows\System\LZvQfia.exe
  C:\Windows\System\LZvQfia.exe
  2⤵
  PID:7932
- C:\Windows\System\MsCOkQs.exe
  C:\Windows\System\MsCOkQs.exe
  2⤵
  PID:7948
- C:\Windows\System\WiZVhGk.exe
  C:\Windows\System\WiZVhGk.exe
  2⤵
  PID:7964
- C:\Windows\System\IpSTmEY.exe
  C:\Windows\System\IpSTmEY.exe
  2⤵
  PID:7984
- C:\Windows\System\dYfsRCK.exe
  C:\Windows\System\dYfsRCK.exe
  2⤵
  PID:8000
- C:\Windows\System\sflBLpH.exe
  C:\Windows\System\sflBLpH.exe
  2⤵
  PID:8016
- C:\Windows\System\DyVlFiZ.exe
  C:\Windows\System\DyVlFiZ.exe
  2⤵
  PID:8032
- C:\Windows\System\uZxPkOn.exe
  C:\Windows\System\uZxPkOn.exe
  2⤵
  PID:8048
- C:\Windows\System\cLgyjbd.exe
  C:\Windows\System\cLgyjbd.exe
  2⤵
  PID:8064
- C:\Windows\System\WzRSMgR.exe
  C:\Windows\System\WzRSMgR.exe
  2⤵
  PID:8080
- C:\Windows\System\lCZKJlb.exe
  C:\Windows\System\lCZKJlb.exe
  2⤵
  PID:8096
- C:\Windows\System\gKlhvSZ.exe
  C:\Windows\System\gKlhvSZ.exe
  2⤵
  PID:8112
- C:\Windows\System\vtLAJKs.exe
  C:\Windows\System\vtLAJKs.exe
  2⤵
  PID:8128
- C:\Windows\System\BagGobo.exe
  C:\Windows\System\BagGobo.exe
  2⤵
  PID:8144
- C:\Windows\System\KfFQaQW.exe
  C:\Windows\System\KfFQaQW.exe
  2⤵
  PID:8160
- C:\Windows\System\BiyuEVl.exe
  C:\Windows\System\BiyuEVl.exe
  2⤵
  PID:8176
- C:\Windows\System\azQCisw.exe
  C:\Windows\System\azQCisw.exe
  2⤵
  PID:6172
- C:\Windows\System\pOnWwcK.exe
  C:\Windows\System\pOnWwcK.exe
  2⤵
  PID:6812
- C:\Windows\System\ATjnwWc.exe
  C:\Windows\System\ATjnwWc.exe
  2⤵
  PID:6644
- C:\Windows\System\BKwHwcr.exe
  C:\Windows\System\BKwHwcr.exe
  2⤵
  PID:1088
- C:\Windows\System\HDgrtra.exe
  C:\Windows\System\HDgrtra.exe
  2⤵
  PID:2208
- C:\Windows\System\TvvrhmC.exe
  C:\Windows\System\TvvrhmC.exe
  2⤵
  PID:7248
- C:\Windows\System\gdpJUhN.exe
  C:\Windows\System\gdpJUhN.exe
  2⤵
  PID:7120
- C:\Windows\System\VNVOWrD.exe
  C:\Windows\System\VNVOWrD.exe
  2⤵
  PID:6500
- C:\Windows\System\wGDBZWf.exe
  C:\Windows\System\wGDBZWf.exe
  2⤵
  PID:2292
- C:\Windows\System\Gzizjea.exe
  C:\Windows\System\Gzizjea.exe
  2⤵
  PID:6328
- C:\Windows\System\pLWKJIC.exe
  C:\Windows\System\pLWKJIC.exe
  2⤵
  PID:7172
- C:\Windows\System\mlAvSFG.exe
  C:\Windows\System\mlAvSFG.exe
  2⤵
  PID:7236
- C:\Windows\System\wIDlSjz.exe
  C:\Windows\System\wIDlSjz.exe
  2⤵
  PID:7300
- C:\Windows\System\DsiGrpw.exe
  C:\Windows\System\DsiGrpw.exe
  2⤵
  PID:3336
- C:\Windows\System\gjnTkMi.exe
  C:\Windows\System\gjnTkMi.exe
  2⤵
  PID:7344
- C:\Windows\System\GdoUwnb.exe
  C:\Windows\System\GdoUwnb.exe
  2⤵
  PID:7364
- C:\Windows\System\MPQUmxM.exe
  C:\Windows\System\MPQUmxM.exe
  2⤵
  PID:7424
- C:\Windows\System\gCDFDgW.exe
  C:\Windows\System\gCDFDgW.exe
  2⤵
  PID:7376
- C:\Windows\System\uRdyQNi.exe
  C:\Windows\System\uRdyQNi.exe
  2⤵
  PID:7488
- C:\Windows\System\MPkfgkr.exe
  C:\Windows\System\MPkfgkr.exe
  2⤵
  PID:7444
- C:\Windows\System\aXiJGYv.exe
  C:\Windows\System\aXiJGYv.exe
  2⤵
  PID:7348
- C:\Windows\System\cECaecO.exe
  C:\Windows\System\cECaecO.exe
  2⤵
  PID:7540
- C:\Windows\System\gdfgyrf.exe
  C:\Windows\System\gdfgyrf.exe
  2⤵
  PID:7552
- C:\Windows\System\NZfNAyG.exe
  C:\Windows\System\NZfNAyG.exe
  2⤵
  PID:7616
- C:\Windows\System\bAdOLgj.exe
  C:\Windows\System\bAdOLgj.exe
  2⤵
  PID:7604
- C:\Windows\System\YYKPyMK.exe
  C:\Windows\System\YYKPyMK.exe
  2⤵
  PID:7672
- C:\Windows\System\zQTeYDv.exe
  C:\Windows\System\zQTeYDv.exe
  2⤵
  PID:7684
- C:\Windows\System\yyhuHea.exe
  C:\Windows\System\yyhuHea.exe
  2⤵
  PID:7704
- C:\Windows\System\eyPJdiZ.exe
  C:\Windows\System\eyPJdiZ.exe
  2⤵
  PID:7744
- C:\Windows\System\JJafCDJ.exe
  C:\Windows\System\JJafCDJ.exe
  2⤵
  PID:7808
- C:\Windows\System\KnNeSuH.exe
  C:\Windows\System\KnNeSuH.exe
  2⤵
  PID:7760
- C:\Windows\System\RdAfOVo.exe
  C:\Windows\System\RdAfOVo.exe
  2⤵
  PID:7724
- C:\Windows\System\LQMyofh.exe
  C:\Windows\System\LQMyofh.exe
  2⤵
  PID:7796
- C:\Windows\System\oiAlNbJ.exe
  C:\Windows\System\oiAlNbJ.exe
  2⤵
  PID:7912
- C:\Windows\System\IwerFJs.exe
  C:\Windows\System\IwerFJs.exe
  2⤵
  PID:7892
- C:\Windows\System\PWfRrfb.exe
  C:\Windows\System\PWfRrfb.exe
  2⤵
  PID:7956
- C:\Windows\System\BNwxTCh.exe
  C:\Windows\System\BNwxTCh.exe
  2⤵
  PID:8008
- C:\Windows\System\bVHliTE.exe
  C:\Windows\System\bVHliTE.exe
  2⤵
  PID:7960
- C:\Windows\System\jeCBipd.exe
  C:\Windows\System\jeCBipd.exe
  2⤵
  PID:8024
- C:\Windows\System\mPCLqKQ.exe
  C:\Windows\System\mPCLqKQ.exe
  2⤵
  PID:8136
- C:\Windows\System\jvalngr.exe
  C:\Windows\System\jvalngr.exe
  2⤵
  PID:8172
- C:\Windows\System\pcOFoHi.exe
  C:\Windows\System\pcOFoHi.exe
  2⤵
  PID:2588
- C:\Windows\System\pckBsFb.exe
  C:\Windows\System\pckBsFb.exe
  2⤵
  PID:7156
- C:\Windows\System\bOTWzwR.exe
  C:\Windows\System\bOTWzwR.exe
  2⤵
  PID:808
- C:\Windows\System\KgOLsYr.exe
  C:\Windows\System\KgOLsYr.exe
  2⤵
  PID:8152
- C:\Windows\System\LWQhAuA.exe
  C:\Windows\System\LWQhAuA.exe
  2⤵
  PID:5600
- C:\Windows\System\HMCshgD.exe
  C:\Windows\System\HMCshgD.exe
  2⤵
  PID:6312
- C:\Windows\System\wXoyzfR.exe
  C:\Windows\System\wXoyzfR.exe
  2⤵
  PID:5840
- C:\Windows\System\ltyKGLP.exe
  C:\Windows\System\ltyKGLP.exe
  2⤵
  PID:7268
- C:\Windows\System\IWHWCJW.exe
  C:\Windows\System\IWHWCJW.exe
  2⤵
  PID:7216
- C:\Windows\System\SlCxPhp.exe
  C:\Windows\System\SlCxPhp.exe
  2⤵
  PID:7312
- C:\Windows\System\uRqXSvW.exe
  C:\Windows\System\uRqXSvW.exe
  2⤵
  PID:7440
- C:\Windows\System\hPzgyek.exe
  C:\Windows\System\hPzgyek.exe
  2⤵
  PID:7408
- C:\Windows\System\dkxBPsk.exe
  C:\Windows\System\dkxBPsk.exe
  2⤵
  PID:7520
- C:\Windows\System\DNXcFzz.exe
  C:\Windows\System\DNXcFzz.exe
  2⤵
  PID:7588
- C:\Windows\System\njvRvHt.exe
  C:\Windows\System\njvRvHt.exe
  2⤵
  PID:7700
- C:\Windows\System\VkDWvmV.exe
  C:\Windows\System\VkDWvmV.exe
  2⤵
  PID:7876
- C:\Windows\System\qRxPRad.exe
  C:\Windows\System\qRxPRad.exe
  2⤵
  PID:7648
- C:\Windows\System\SNDEhNd.exe
  C:\Windows\System\SNDEhNd.exe
  2⤵
  PID:7740
- C:\Windows\System\JwlNFcf.exe
  C:\Windows\System\JwlNFcf.exe
  2⤵
  PID:7908
- C:\Windows\System\CfkIDaU.exe
  C:\Windows\System\CfkIDaU.exe
  2⤵
  PID:8044
- C:\Windows\System\WkguWNd.exe
  C:\Windows\System\WkguWNd.exe
  2⤵
  PID:7864
- C:\Windows\System\UdgudlE.exe
  C:\Windows\System\UdgudlE.exe
  2⤵
  PID:8108
- C:\Windows\System\IuRdctA.exe
  C:\Windows\System\IuRdctA.exe
  2⤵
  PID:7992
- C:\Windows\System\nErUUUV.exe
  C:\Windows\System\nErUUUV.exe
  2⤵
  PID:7284
- C:\Windows\System\gvSOoeq.exe
  C:\Windows\System\gvSOoeq.exe
  2⤵
  PID:6904
- C:\Windows\System\RUXKHyg.exe
  C:\Windows\System\RUXKHyg.exe
  2⤵
  PID:7332
- C:\Windows\System\hwDNzYt.exe
  C:\Windows\System\hwDNzYt.exe
  2⤵
  PID:7188
- C:\Windows\System\IzivAeH.exe
  C:\Windows\System\IzivAeH.exe
  2⤵
  PID:7696
- C:\Windows\System\yzyjDTa.exe
  C:\Windows\System\yzyjDTa.exe
  2⤵
  PID:7712
- C:\Windows\System\GePPGKv.exe
  C:\Windows\System\GePPGKv.exe
  2⤵
  PID:7944
- C:\Windows\System\QhWWspF.exe
  C:\Windows\System\QhWWspF.exe
  2⤵
  PID:8120
- C:\Windows\System\iWsMLni.exe
  C:\Windows\System\iWsMLni.exe
  2⤵
  PID:7676
- C:\Windows\System\SCFUBXJ.exe
  C:\Windows\System\SCFUBXJ.exe
  2⤵
  PID:7392
- C:\Windows\System\LFzPflQ.exe
  C:\Windows\System\LFzPflQ.exe
  2⤵
  PID:8088
- C:\Windows\System\cNKSdMP.exe
  C:\Windows\System\cNKSdMP.exe
  2⤵
  PID:5656
- C:\Windows\System\DGholyo.exe
  C:\Windows\System\DGholyo.exe
  2⤵
  PID:7764
- C:\Windows\System\DOuyxpO.exe
  C:\Windows\System\DOuyxpO.exe
  2⤵
  PID:8076
- C:\Windows\System\BcSkDuJ.exe
  C:\Windows\System\BcSkDuJ.exe
  2⤵
  PID:8188
- C:\Windows\System\SNhwiiN.exe
  C:\Windows\System\SNhwiiN.exe
  2⤵
  PID:7204
- C:\Windows\System\mNphyOv.exe
  C:\Windows\System\mNphyOv.exe
  2⤵
  PID:7928
- C:\Windows\System\KEVahSK.exe
  C:\Windows\System\KEVahSK.exe
  2⤵
  PID:7568
- C:\Windows\System\uGsQCXi.exe
  C:\Windows\System\uGsQCXi.exe
  2⤵
  PID:8168
- C:\Windows\System\nOYnXge.exe
  C:\Windows\System\nOYnXge.exe
  2⤵
  PID:7792
- C:\Windows\System\aVkRJEB.exe
  C:\Windows\System\aVkRJEB.exe
  2⤵
  PID:8200
- C:\Windows\System\DBeblcw.exe
  C:\Windows\System\DBeblcw.exe
  2⤵
  PID:8216
- C:\Windows\System\SuiBFCG.exe
  C:\Windows\System\SuiBFCG.exe
  2⤵
  PID:8232
- C:\Windows\System\ElSNzOF.exe
  C:\Windows\System\ElSNzOF.exe
  2⤵
  PID:8248
- C:\Windows\System\tREfBAI.exe
  C:\Windows\System\tREfBAI.exe
  2⤵
  PID:8264
- C:\Windows\System\fRFrZqa.exe
  C:\Windows\System\fRFrZqa.exe
  2⤵
  PID:8280
- C:\Windows\System\tzNhSUG.exe
  C:\Windows\System\tzNhSUG.exe
  2⤵
  PID:8296
- C:\Windows\System\SKvYhIs.exe
  C:\Windows\System\SKvYhIs.exe
  2⤵
  PID:8312
- C:\Windows\System\PlhjWBX.exe
  C:\Windows\System\PlhjWBX.exe
  2⤵
  PID:8332
- C:\Windows\System\xlstREV.exe
  C:\Windows\System\xlstREV.exe
  2⤵
  PID:8352
- C:\Windows\System\AIjbDPt.exe
  C:\Windows\System\AIjbDPt.exe
  2⤵
  PID:8368
- C:\Windows\System\tUVqMZP.exe
  C:\Windows\System\tUVqMZP.exe
  2⤵
  PID:8384
- C:\Windows\System\zzlrTfJ.exe
  C:\Windows\System\zzlrTfJ.exe
  2⤵
  PID:8400
- C:\Windows\System\uwnzUAC.exe
  C:\Windows\System\uwnzUAC.exe
  2⤵
  PID:8416
- C:\Windows\System\sreMQUb.exe
  C:\Windows\System\sreMQUb.exe
  2⤵
  PID:8432
- C:\Windows\System\jdqggdC.exe
  C:\Windows\System\jdqggdC.exe
  2⤵
  PID:8448
- C:\Windows\System\bgBaTti.exe
  C:\Windows\System\bgBaTti.exe
  2⤵
  PID:8464
- C:\Windows\System\TRymHRx.exe
  C:\Windows\System\TRymHRx.exe
  2⤵
  PID:8480
- C:\Windows\System\DdlbvIN.exe
  C:\Windows\System\DdlbvIN.exe
  2⤵
  PID:8496
- C:\Windows\System\fkVZoeY.exe
  C:\Windows\System\fkVZoeY.exe
  2⤵
  PID:8512
- C:\Windows\System\TPnqsqT.exe
  C:\Windows\System\TPnqsqT.exe
  2⤵
  PID:8528
- C:\Windows\System\GFjWEId.exe
  C:\Windows\System\GFjWEId.exe
  2⤵
  PID:8544
- C:\Windows\System\kiFWcMd.exe
  C:\Windows\System\kiFWcMd.exe
  2⤵
  PID:8564
- C:\Windows\System\ERffyXJ.exe
  C:\Windows\System\ERffyXJ.exe
  2⤵
  PID:8580
- C:\Windows\System\HnlcyVK.exe
  C:\Windows\System\HnlcyVK.exe
  2⤵
  PID:8596
- C:\Windows\System\qfRASJR.exe
  C:\Windows\System\qfRASJR.exe
  2⤵
  PID:8612
- C:\Windows\System\MHQgKqW.exe
  C:\Windows\System\MHQgKqW.exe
  2⤵
  PID:8628
- C:\Windows\System\QPcSayr.exe
  C:\Windows\System\QPcSayr.exe
  2⤵
  PID:8644
- C:\Windows\System\GGVNibQ.exe
  C:\Windows\System\GGVNibQ.exe
  2⤵
  PID:8660
- C:\Windows\System\IajdYhT.exe
  C:\Windows\System\IajdYhT.exe
  2⤵
  PID:8676
- C:\Windows\System\hMDiBVA.exe
  C:\Windows\System\hMDiBVA.exe
  2⤵
  PID:8700
- C:\Windows\System\qwmXIoW.exe
  C:\Windows\System\qwmXIoW.exe
  2⤵
  PID:8716
- C:\Windows\System\KMxTSqO.exe
  C:\Windows\System\KMxTSqO.exe
  2⤵
  PID:8732
- C:\Windows\System\NFYjsdr.exe
  C:\Windows\System\NFYjsdr.exe
  2⤵
  PID:8748
- C:\Windows\System\fvgyjMh.exe
  C:\Windows\System\fvgyjMh.exe
  2⤵
  PID:8764
- C:\Windows\System\AUKnWRi.exe
  C:\Windows\System\AUKnWRi.exe
  2⤵
  PID:8780
- C:\Windows\System\kdAYXQO.exe
  C:\Windows\System\kdAYXQO.exe
  2⤵
  PID:8796
- C:\Windows\System\yRjjNEd.exe
  C:\Windows\System\yRjjNEd.exe
  2⤵
  PID:8812
- C:\Windows\System\tXsbhLZ.exe
  C:\Windows\System\tXsbhLZ.exe
  2⤵
  PID:8828
- C:\Windows\System\QSwbYtv.exe
  C:\Windows\System\QSwbYtv.exe
  2⤵
  PID:8844
- C:\Windows\System\iwXqIbc.exe
  C:\Windows\System\iwXqIbc.exe
  2⤵
  PID:8860
- C:\Windows\System\NWszhhQ.exe
  C:\Windows\System\NWszhhQ.exe
  2⤵
  PID:8876
- C:\Windows\System\blNjTCG.exe
  C:\Windows\System\blNjTCG.exe
  2⤵
  PID:8892
- C:\Windows\System\zciATZS.exe
  C:\Windows\System\zciATZS.exe
  2⤵
  PID:8908
- C:\Windows\System\SRCMkjo.exe
  C:\Windows\System\SRCMkjo.exe
  2⤵
  PID:8924
- C:\Windows\System\lWrVaxF.exe
  C:\Windows\System\lWrVaxF.exe
  2⤵
  PID:8940
- C:\Windows\System\JxptPfF.exe
  C:\Windows\System\JxptPfF.exe
  2⤵
  PID:8956
- C:\Windows\System\rvCxqCl.exe
  C:\Windows\System\rvCxqCl.exe
  2⤵
  PID:8972
- C:\Windows\System\adqLuJA.exe
  C:\Windows\System\adqLuJA.exe
  2⤵
  PID:8988
- C:\Windows\System\frJUzRs.exe
  C:\Windows\System\frJUzRs.exe
  2⤵
  PID:9004
- C:\Windows\System\kpPjHbM.exe
  C:\Windows\System\kpPjHbM.exe
  2⤵
  PID:9020
- C:\Windows\System\bcRVFfh.exe
  C:\Windows\System\bcRVFfh.exe
  2⤵
  PID:9036
- C:\Windows\System\oSZdGBn.exe
  C:\Windows\System\oSZdGBn.exe
  2⤵
  PID:9052
- C:\Windows\System\jTJRmpM.exe
  C:\Windows\System\jTJRmpM.exe
  2⤵
  PID:9072
- C:\Windows\System\srHSlxD.exe
  C:\Windows\System\srHSlxD.exe
  2⤵
  PID:9088
- C:\Windows\System\ApopUld.exe
  C:\Windows\System\ApopUld.exe
  2⤵
  PID:9104
- C:\Windows\System\baezPVe.exe
  C:\Windows\System\baezPVe.exe
  2⤵
  PID:9124
- C:\Windows\System\BsaMXIh.exe
  C:\Windows\System\BsaMXIh.exe
  2⤵
  PID:9140
- C:\Windows\System\DjDQtEN.exe
  C:\Windows\System\DjDQtEN.exe
  2⤵
  PID:9156
- C:\Windows\System\fgIDDVi.exe
  C:\Windows\System\fgIDDVi.exe
  2⤵
  PID:9172
- C:\Windows\System\CIivmEk.exe
  C:\Windows\System\CIivmEk.exe
  2⤵
  PID:9188
- C:\Windows\System\pRNfmNN.exe
  C:\Windows\System\pRNfmNN.exe
  2⤵
  PID:9204
- C:\Windows\System\MPKcBrv.exe
  C:\Windows\System\MPKcBrv.exe
  2⤵
  PID:7476
- C:\Windows\System\QeoULCX.exe
  C:\Windows\System\QeoULCX.exe
  2⤵
  PID:7844
- C:\Windows\System\ndwsWgn.exe
  C:\Windows\System\ndwsWgn.exe
  2⤵
  PID:8228
- C:\Windows\System\Iuhlpuf.exe
  C:\Windows\System\Iuhlpuf.exe
  2⤵
  PID:8276
- C:\Windows\System\VlYxOtK.exe
  C:\Windows\System\VlYxOtK.exe
  2⤵
  PID:8344
- C:\Windows\System\nzvYYyo.exe
  C:\Windows\System\nzvYYyo.exe
  2⤵
  PID:8260
- C:\Windows\System\SKNRUyO.exe
  C:\Windows\System\SKNRUyO.exe
  2⤵
  PID:8444
- C:\Windows\System\wwpGdAO.exe
  C:\Windows\System\wwpGdAO.exe
  2⤵
  PID:8508
- C:\Windows\System\VqacFHj.exe
  C:\Windows\System\VqacFHj.exe
  2⤵
  PID:8576
- C:\Windows\System\BKlAQIH.exe
  C:\Windows\System\BKlAQIH.exe
  2⤵
  PID:8636
- C:\Windows\System\RDoTLUk.exe
  C:\Windows\System\RDoTLUk.exe
  2⤵
  PID:8288
- C:\Windows\System\wyaJcbX.exe
  C:\Windows\System\wyaJcbX.exe
  2⤵
  PID:8328
- C:\Windows\System\LQusyFz.exe
  C:\Windows\System\LQusyFz.exe
  2⤵
  PID:8424
- C:\Windows\System\AJBUIJJ.exe
  C:\Windows\System\AJBUIJJ.exe
  2⤵
  PID:8492
- C:\Windows\System\qixBqgq.exe
  C:\Windows\System\qixBqgq.exe
  2⤵
  PID:8560
- C:\Windows\System\BxFvxob.exe
  C:\Windows\System\BxFvxob.exe
  2⤵
  PID:8624
- C:\Windows\System\viXeLgX.exe
  C:\Windows\System\viXeLgX.exe
  2⤵
  PID:8684
- C:\Windows\System\bHswtAO.exe
  C:\Windows\System\bHswtAO.exe
  2⤵
  PID:8696
- C:\Windows\System\RJQNisf.exe
  C:\Windows\System\RJQNisf.exe
  2⤵
  PID:8744
- C:\Windows\System\GhALhVM.exe
  C:\Windows\System\GhALhVM.exe
  2⤵
  PID:8836
- C:\Windows\System\dxFhvvc.exe
  C:\Windows\System\dxFhvvc.exe
  2⤵
  PID:8872
- C:\Windows\System\JEcyoiq.exe
  C:\Windows\System\JEcyoiq.exe
  2⤵
  PID:8936
- C:\Windows\System\RgkDNOp.exe
  C:\Windows\System\RgkDNOp.exe
  2⤵
  PID:8996
- C:\Windows\System\zhuePxz.exe
  C:\Windows\System\zhuePxz.exe
  2⤵
  PID:9060
- C:\Windows\System\uXRlBsV.exe
  C:\Windows\System\uXRlBsV.exe
  2⤵
  PID:8820
- C:\Windows\System\XXWpKXP.exe
  C:\Windows\System\XXWpKXP.exe
  2⤵
  PID:9164
- C:\Windows\System\RAykLWu.exe
  C:\Windows\System\RAykLWu.exe
  2⤵
  PID:8756
- C:\Windows\System\brTQciv.exe
  C:\Windows\System\brTQciv.exe
  2⤵
  PID:8852
- C:\Windows\System\aRggZsB.exe
  C:\Windows\System\aRggZsB.exe
  2⤵
  PID:8920
- C:\Windows\System\VYqVURc.exe
  C:\Windows\System\VYqVURc.exe
  2⤵
  PID:8984
- C:\Windows\System\ljzRyFU.exe
  C:\Windows\System\ljzRyFU.exe
  2⤵
  PID:9048
- C:\Windows\System\NbHTcGj.exe
  C:\Windows\System\NbHTcGj.exe
  2⤵
  PID:9116
- C:\Windows\System\WPfEkMQ.exe
  C:\Windows\System\WPfEkMQ.exe
  2⤵
  PID:9200
- C:\Windows\System\ZAylBSA.exe
  C:\Windows\System\ZAylBSA.exe
  2⤵
  PID:8256
- C:\Windows\System\rkEysGD.exe
  C:\Windows\System\rkEysGD.exe
  2⤵
  PID:8208
- C:\Windows\System\geUWicf.exe
  C:\Windows\System\geUWicf.exe
  2⤵
  PID:8340
- C:\Windows\System\tbeEoyC.exe
  C:\Windows\System\tbeEoyC.exe
  2⤵
  PID:8412
- C:\Windows\System\GjkrmLf.exe
  C:\Windows\System\GjkrmLf.exe
  2⤵
  PID:8396
- C:\Windows\System\mvqbNza.exe
  C:\Windows\System\mvqbNza.exe
  2⤵
  PID:8608
- C:\Windows\System\CnaNXbA.exe
  C:\Windows\System\CnaNXbA.exe
  2⤵
  PID:8324
- C:\Windows\System\eixfOHL.exe
  C:\Windows\System\eixfOHL.exe
  2⤵
  PID:8620
- C:\Windows\System\yxoFDYx.exe
  C:\Windows\System\yxoFDYx.exe
  2⤵
  PID:7140
- C:\Windows\System\irswfcL.exe
  C:\Windows\System\irswfcL.exe
  2⤵
  PID:8804
- C:\Windows\System\DUvuVLt.exe
  C:\Windows\System\DUvuVLt.exe
  2⤵
  PID:8740
- C:\Windows\System\eczrArc.exe
  C:\Windows\System\eczrArc.exe
  2⤵
  PID:8932
- C:\Windows\System\gwgeoRE.exe
  C:\Windows\System\gwgeoRE.exe
  2⤵
  PID:9032
- C:\Windows\System\EaUBnLY.exe
  C:\Windows\System\EaUBnLY.exe
  2⤵
  PID:9100
- C:\Windows\System\iUJHOzn.exe
  C:\Windows\System\iUJHOzn.exe
  2⤵
  PID:8952
- C:\Windows\System\XOIFbDA.exe
  C:\Windows\System\XOIFbDA.exe
  2⤵
  PID:8272
- C:\Windows\System\LxRmOiC.exe
  C:\Windows\System\LxRmOiC.exe
  2⤵
  PID:8572
- C:\Windows\System\lRznyUw.exe
  C:\Windows\System\lRznyUw.exe
  2⤵
  PID:8556
- C:\Windows\System\TQbTCus.exe
  C:\Windows\System\TQbTCus.exe
  2⤵
  PID:9028
- C:\Windows\System\wToeyFB.exe
  C:\Windows\System\wToeyFB.exe
  2⤵
  PID:9196
- C:\Windows\System\XYWLZVa.exe
  C:\Windows\System\XYWLZVa.exe
  2⤵
  PID:8504
- C:\Windows\System\TTlTJzB.exe
  C:\Windows\System\TTlTJzB.exe
  2⤵
  PID:8592
- C:\Windows\System\hmKYSWS.exe
  C:\Windows\System\hmKYSWS.exe
  2⤵
  PID:9096
- C:\Windows\System\bIDJxiI.exe
  C:\Windows\System\bIDJxiI.exe
  2⤵
  PID:8792
- C:\Windows\System\WCBeNoa.exe
  C:\Windows\System\WCBeNoa.exe
  2⤵
  PID:8224
- C:\Windows\System\fhItfIP.exe
  C:\Windows\System\fhItfIP.exe
  2⤵
  PID:7508
- C:\Windows\System\efpGVUO.exe
  C:\Windows\System\efpGVUO.exe
  2⤵
  PID:8364
- C:\Windows\System\hTGzGOP.exe
  C:\Windows\System\hTGzGOP.exe
  2⤵
  PID:8320
- C:\Windows\System\UQlCCcD.exe
  C:\Windows\System\UQlCCcD.exe
  2⤵
  PID:9232
- C:\Windows\System\FvyCjqa.exe
  C:\Windows\System\FvyCjqa.exe
  2⤵
  PID:9248
- C:\Windows\System\QkWHpQD.exe
  C:\Windows\System\QkWHpQD.exe
  2⤵
  PID:9264
- C:\Windows\System\dkNJQlb.exe
  C:\Windows\System\dkNJQlb.exe
  2⤵
  PID:9280
- C:\Windows\System\BGUmXWG.exe
  C:\Windows\System\BGUmXWG.exe
  2⤵
  PID:9296
- C:\Windows\System\VwCJKQc.exe
  C:\Windows\System\VwCJKQc.exe
  2⤵
  PID:9312
- C:\Windows\System\AjsZhTc.exe
  C:\Windows\System\AjsZhTc.exe
  2⤵
  PID:9328
- C:\Windows\System\RdOEGRF.exe
  C:\Windows\System\RdOEGRF.exe
  2⤵
  PID:9344
- C:\Windows\System\jXVGQei.exe
  C:\Windows\System\jXVGQei.exe
  2⤵
  PID:9360
- C:\Windows\System\VLfsIDq.exe
  C:\Windows\System\VLfsIDq.exe
  2⤵
  PID:9376
- C:\Windows\System\NyUxRHp.exe
  C:\Windows\System\NyUxRHp.exe
  2⤵
  PID:9392
- C:\Windows\System\YpPZFgR.exe
  C:\Windows\System\YpPZFgR.exe
  2⤵
  PID:9408
- C:\Windows\System\qnOZEyj.exe
  C:\Windows\System\qnOZEyj.exe
  2⤵
  PID:9424
- C:\Windows\System\ETmvWPV.exe
  C:\Windows\System\ETmvWPV.exe
  2⤵
  PID:9440
- C:\Windows\System\JejyQsy.exe
  C:\Windows\System\JejyQsy.exe
  2⤵
  PID:9456
- C:\Windows\System\iVHcguZ.exe
  C:\Windows\System\iVHcguZ.exe
  2⤵
  PID:9472
- C:\Windows\System\tAutXZD.exe
  C:\Windows\System\tAutXZD.exe
  2⤵
  PID:9488
- C:\Windows\System\ctKcSMd.exe
  C:\Windows\System\ctKcSMd.exe
  2⤵
  PID:9504
- C:\Windows\System\wngvxRj.exe
  C:\Windows\System\wngvxRj.exe
  2⤵
  PID:9520
- C:\Windows\System\cFTtMfl.exe
  C:\Windows\System\cFTtMfl.exe
  2⤵
  PID:9536
- C:\Windows\System\NOXuoNw.exe
  C:\Windows\System\NOXuoNw.exe
  2⤵
  PID:9552
- C:\Windows\System\cEwUPfn.exe
  C:\Windows\System\cEwUPfn.exe
  2⤵
  PID:9568
- C:\Windows\System\gCSSvrY.exe
  C:\Windows\System\gCSSvrY.exe
  2⤵
  PID:9584
- C:\Windows\System\erPCmjD.exe
  C:\Windows\System\erPCmjD.exe
  2⤵
  PID:9600
- C:\Windows\System\DauOrmN.exe
  C:\Windows\System\DauOrmN.exe
  2⤵
  PID:9616
- C:\Windows\System\msEaTQI.exe
  C:\Windows\System\msEaTQI.exe
  2⤵
  PID:9632
- C:\Windows\System\hbOtkTp.exe
  C:\Windows\System\hbOtkTp.exe
  2⤵
  PID:9648
- C:\Windows\System\WVhdPzf.exe
  C:\Windows\System\WVhdPzf.exe
  2⤵
  PID:9664
- C:\Windows\System\pdlYvKO.exe
  C:\Windows\System\pdlYvKO.exe
  2⤵
  PID:9680
- C:\Windows\System\IEhQbnc.exe
  C:\Windows\System\IEhQbnc.exe
  2⤵
  PID:9696
- C:\Windows\System\LfQhbWb.exe
  C:\Windows\System\LfQhbWb.exe
  2⤵
  PID:9712
- C:\Windows\System\AVOOPeX.exe
  C:\Windows\System\AVOOPeX.exe
  2⤵
  PID:9728
- C:\Windows\System\nkZvYBE.exe
  C:\Windows\System\nkZvYBE.exe
  2⤵
  PID:9744
- C:\Windows\System\bpBHPVx.exe
  C:\Windows\System\bpBHPVx.exe
  2⤵
  PID:9760
- C:\Windows\System\eYOhmrM.exe
  C:\Windows\System\eYOhmrM.exe
  2⤵
  PID:9776
- C:\Windows\System\GSHvDyu.exe
  C:\Windows\System\GSHvDyu.exe
  2⤵
  PID:9792
- C:\Windows\System\TABHsPM.exe
  C:\Windows\System\TABHsPM.exe
  2⤵
  PID:9808
- C:\Windows\System\FmYfWec.exe
  C:\Windows\System\FmYfWec.exe
  2⤵
  PID:9824
- C:\Windows\System\hzOmYmt.exe
  C:\Windows\System\hzOmYmt.exe
  2⤵
  PID:9840
- C:\Windows\System\OJhRrXC.exe
  C:\Windows\System\OJhRrXC.exe
  2⤵
  PID:9856
- C:\Windows\System\cJPHWRv.exe
  C:\Windows\System\cJPHWRv.exe
  2⤵
  PID:9872
- C:\Windows\System\HknnbxC.exe
  C:\Windows\System\HknnbxC.exe
  2⤵
  PID:9888
- C:\Windows\System\MwXHLZL.exe
  C:\Windows\System\MwXHLZL.exe
  2⤵
  PID:9904
- C:\Windows\System\LtGtwFS.exe
  C:\Windows\System\LtGtwFS.exe
  2⤵
  PID:9920
- C:\Windows\System\PvnBDdd.exe
  C:\Windows\System\PvnBDdd.exe
  2⤵
  PID:9936
- C:\Windows\System\TMuNiti.exe
  C:\Windows\System\TMuNiti.exe
  2⤵
  PID:9952
- C:\Windows\System\sHiBRXP.exe
  C:\Windows\System\sHiBRXP.exe
  2⤵
  PID:9968
- C:\Windows\System\FMfLvhi.exe
  C:\Windows\System\FMfLvhi.exe
  2⤵
  PID:9984
- C:\Windows\System\omMSUFt.exe
  C:\Windows\System\omMSUFt.exe
  2⤵
  PID:10000
- C:\Windows\System\RDuWfyt.exe
  C:\Windows\System\RDuWfyt.exe
  2⤵
  PID:10016
- C:\Windows\System\rjdEhGy.exe
  C:\Windows\System\rjdEhGy.exe
  2⤵
  PID:10032
- C:\Windows\System\ALevfAQ.exe
  C:\Windows\System\ALevfAQ.exe
  2⤵
  PID:10048
- C:\Windows\System\jQrYbFl.exe
  C:\Windows\System\jQrYbFl.exe
  2⤵
  PID:10064
- C:\Windows\System\svOFxrE.exe
  C:\Windows\System\svOFxrE.exe
  2⤵
  PID:10084
- C:\Windows\System\GoZyHBJ.exe
  C:\Windows\System\GoZyHBJ.exe
  2⤵
  PID:10100
- C:\Windows\System\sOPRkiG.exe
  C:\Windows\System\sOPRkiG.exe
  2⤵
  PID:10116
- C:\Windows\System\YncNrDC.exe
  C:\Windows\System\YncNrDC.exe
  2⤵
  PID:10132
- C:\Windows\System\ajBmBiR.exe
  C:\Windows\System\ajBmBiR.exe
  2⤵
  PID:10148
- C:\Windows\System\gXJLYYE.exe
  C:\Windows\System\gXJLYYE.exe
  2⤵
  PID:10164
- C:\Windows\System\tGXelaa.exe
  C:\Windows\System\tGXelaa.exe
  2⤵
  PID:10180
- C:\Windows\System\YiaIOan.exe
  C:\Windows\System\YiaIOan.exe
  2⤵
  PID:10196
- C:\Windows\System\gKjCGbz.exe
  C:\Windows\System\gKjCGbz.exe
  2⤵
  PID:10212
- C:\Windows\System\FNgOhzh.exe
  C:\Windows\System\FNgOhzh.exe
  2⤵
  PID:10228
- C:\Windows\System\IObtRNe.exe
  C:\Windows\System\IObtRNe.exe
  2⤵
  PID:9212
- C:\Windows\System\qDDzUfb.exe
  C:\Windows\System\qDDzUfb.exe
  2⤵
  PID:9288
- C:\Windows\System\eLqWYFu.exe
  C:\Windows\System\eLqWYFu.exe
  2⤵
  PID:9352
- C:\Windows\System\MhyWjGJ.exe
  C:\Windows\System\MhyWjGJ.exe
  2⤵
  PID:9388
- C:\Windows\System\kNnTLqb.exe
  C:\Windows\System\kNnTLqb.exe
  2⤵
  PID:9448
- C:\Windows\System\cZLFIQa.exe
  C:\Windows\System\cZLFIQa.exe
  2⤵
  PID:9452
- C:\Windows\System\jRKuAEt.exe
  C:\Windows\System\jRKuAEt.exe
  2⤵
  PID:9464
- C:\Windows\System\mFjCVir.exe
  C:\Windows\System\mFjCVir.exe
  2⤵
  PID:9372
- C:\Windows\System\BNvaNtv.exe
  C:\Windows\System\BNvaNtv.exe
  2⤵
  PID:9240
- C:\Windows\System\MNFLXyc.exe
  C:\Windows\System\MNFLXyc.exe
  2⤵
  PID:10096
- C:\Windows\System\jpgVECj.exe
  C:\Windows\System\jpgVECj.exe
  2⤵
  PID:9436
- C:\Windows\System\HqLObtE.exe
  C:\Windows\System\HqLObtE.exe
  2⤵
  PID:9528
- C:\Windows\System\GIPLRrB.exe
  C:\Windows\System\GIPLRrB.exe
  2⤵
  PID:9592
- C:\Windows\System\SHzfgyV.exe
  C:\Windows\System\SHzfgyV.exe
  2⤵
  PID:9660
- C:\Windows\System\nCJNzql.exe
  C:\Windows\System\nCJNzql.exe
  2⤵
  PID:9784
- C:\Windows\System\pDAAEvn.exe
  C:\Windows\System\pDAAEvn.exe
  2⤵
  PID:9848
- C:\Windows\System\mdeHtfe.exe
  C:\Windows\System\mdeHtfe.exe
  2⤵
  PID:9912
- C:\Windows\System\SNtBMKE.exe
  C:\Windows\System\SNtBMKE.exe
  2⤵
  PID:9976
- C:\Windows\System\EEBUHNp.exe
  C:\Windows\System\EEBUHNp.exe
  2⤵
  PID:10044
- C:\Windows\System\woYFgin.exe
  C:\Windows\System\woYFgin.exe
  2⤵
  PID:10108
- C:\Windows\System\UwXthUw.exe
  C:\Windows\System\UwXthUw.exe
  2⤵
  PID:10176
- C:\Windows\System\pJVUDlk.exe
  C:\Windows\System\pJVUDlk.exe
  2⤵
  PID:10192
- C:\Windows\System\vBuGnCP.exe
  C:\Windows\System\vBuGnCP.exe
  2⤵
  PID:10208
- C:\Windows\System\UqnWSLG.exe
  C:\Windows\System\UqnWSLG.exe
  2⤵
  PID:9420
- C:\Windows\System\JgryHTl.exe
  C:\Windows\System\JgryHTl.exe
  2⤵
  PID:9544
- C:\Windows\System\OBFNgyj.exe
  C:\Windows\System\OBFNgyj.exe
  2⤵
  PID:9612
- C:\Windows\System\uZoVdIp.exe
  C:\Windows\System\uZoVdIp.exe
  2⤵
  PID:9644
- C:\Windows\System\IXMPbQj.exe
  C:\Windows\System\IXMPbQj.exe
  2⤵
  PID:9708
- C:\Windows\System\aTRaNYK.exe
  C:\Windows\System\aTRaNYK.exe
  2⤵
  PID:9772
- C:\Windows\System\icIVgGW.exe
  C:\Windows\System\icIVgGW.exe
  2⤵
  PID:9836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AjxBEER.exe

Filesize
6.0MB

MD5
b669405f56ee7e81d3fe4876646749d9

SHA1
ed88a4770fcf194e5408e09c95bee0fd87214665

SHA256
7a1c3c0b59c2befb2744558b144e3fe326d66691b2db333fb2f2ad238d3194bc

SHA512
d02bedaeae9673cbeddb279ad63dfc80212f7bfc9acfbf1f4bfe2d7aa4449f140a4c0added7a7fa25332326dbb57fe048462c6beaa3c63c47d6ffa1a5e65b4d4

Download Submit
C:\Windows\system\AkSbnkL.exe

Filesize
6.0MB

MD5
61e15ced9ac708ae8bd8228afbf66914

SHA1
cbe75eb375816999b75215a66b45d329c152f18b

SHA256
e9ea7fa1877848ca4c19c5a365f5cf7665d0c4aff5c476cd2a23dde38098969e

SHA512
e20d06ead41d4385fca12929f7f95cd97ec5449eaa65f256128f7ee595f99803bebe90a0dc02247d47f553a3b30ee65d2176b6ad033730da34802eb2fa4a21c2

Download Submit
C:\Windows\system\BnrJnhz.exe

Filesize
6.0MB

MD5
8461a22cefd696c1fcb79c67b8e12668

SHA1
80e2b7c8d8123fd25a517d0289fa0c06f7decc76

SHA256
7a866c3e2f1fe1415ab80071ef656d99a77634c0862d087f9de2b62fa083e0e4

SHA512
f99fd18bb9c830d79c39894e8c8bb8bff81fccc89c45e16c71fd3ed779a95f41fd004effe9726137c2f562b6f7149bbec9e97ecd5ca158fe12e2f4dbf3f2c579

Download Submit
C:\Windows\system\FaOKdez.exe

Filesize
6.0MB

MD5
82477948f281db1baa017f8957549820

SHA1
003530e9f802982d0c4beb8a9555974dd3410b1b

SHA256
f084e463ce9812201196232434581d1652465bc6ac78cd5db07d6f7b5b1e5254

SHA512
5b1faf6e4cc23d942123c84c3df440078a0d64212a644190c7d0c24e9fa6a9caec76d7f7a4747002dc080b19fcccee1da8e8ba0e5ff871b01b4aee78271508f3

Download Submit
C:\Windows\system\FwLEmco.exe

Filesize
6.0MB

MD5
74c13c193397fcf6aba0e247debf9a34

SHA1
11df469d73f62d6ea0bd63be0b5d839c66b1f62c

SHA256
d0224dc6e9246d4aead51e634544a44440d475e181dc031e30fae82bbd073cc1

SHA512
673280b6285de6792e3e7d3ec92ef490bbc33dc289d99342d0cdcf39a6607f15f8882a02cddd8aa61f79e397efd5db9520cfb9caaa3a7a2170d85120371a0da4

Download Submit
C:\Windows\system\IaWGxRk.exe

Filesize
6.0MB

MD5
afbad5e8e7f14c18a38214ca272b02a8

SHA1
dd5e77b6d72bf2861011dae9d731155f8b404e7d

SHA256
60e7e8cfbca725dcf5d93d07b0862f8d21041aa39337730320be5444d95a5030

SHA512
062f5cc6b497cb76857ed67d2e51026b2b45f91641190a0f84516c2912b107cd8bebdc4d9d40cb726450434e88e96ea1402428f6ef20cca738e7374b3e2fe297

Download Submit
C:\Windows\system\JbQyVxL.exe

Filesize
6.0MB

MD5
a175a64b8a8d2ca6613f0570df87dae7

SHA1
70744a3451e37be3ae4637c851427524fa9bb886

SHA256
c97a3c707d3b82d266315d419a88f141e03707388094d98ddba46190c51ffe92

SHA512
b13911c8f7ed441af0bea00ef96d584f6050bedc678ef54b1aa66cbc3561343f8dfce43c03b1d6bed3ec62a74f81f3b5bd29340342b9ffb94da0a1b94541ec44

Download Submit
C:\Windows\system\JqUbeEg.exe

Filesize
6.0MB

MD5
82e6e8410f0e9e783ceddce6dc23fd62

SHA1
de5eda33a54fd61b80acbff7a7b1e4316d26facc

SHA256
564bce85fa03f2457cc80d3fed788744b08f3ceae4da302ae532ef13120b35aa

SHA512
de7d72e59e32ef9fe7703aa0ad13a91bacea84a29195ef07d798e6d88a53c29c42ad29908b61b80fb36c852865d2f9551450db6be36d7321013854f8634c9d88

Download Submit
C:\Windows\system\MhGPEqF.exe

Filesize
6.0MB

MD5
ea193168621c171b3a523e79afd8b2e7

SHA1
284ed5eb205c63c4671b622a8ec1df48ba369f26

SHA256
ff3fa311a6c2c076e98d04f76c20a4fbd7870d5896b43e04a7325b401cd419d9

SHA512
979b04b88a4bd9bf0f67a3696a7417085a81bb78870dfcfc98fb8beef4d5a6413bdd027ec4f468beb0fb1d9a4f41941c0aca95f79cca46f12b1fd205fed0cf81

Download Submit
C:\Windows\system\OCrLvdS.exe

Filesize
6.0MB

MD5
8a031882e77f5651b71a87f3c2da136f

SHA1
8d806cb2f00d430656a2271487ddaaee2564d783

SHA256
8d1d17bbb1b95771a7f7f89bf9173463f8dda3d956785dc9295ae07f40adcf83

SHA512
fc3f281ba524ceda6eac1b79afabc1d9512e82c788c5bc7108a145b1a3f984d06864f450cd6a6d1f8d9197914797cbd6a5ecf7936222dd3906e85e90b7c6d1dd

Download Submit
C:\Windows\system\OGQdHBI.exe

Filesize
6.0MB

MD5
2751655c54934df877c8f28f0c6afa65

SHA1
46446c8ace366f774585405fb6160d25af25b1f7

SHA256
88924ea5380f8700b790c1b34718eb0966fc176c6bd38403c5561f7d6903cf6d

SHA512
59f187b599f4111168170ac54603c72be7c76e0f340dee57fc8bef08f497d21d34df87ae09f7be9ca3b82c6121dca9ce809945b331381fe58a0c0c32483cb8e8

Download Submit
C:\Windows\system\OYEezeP.exe

Filesize
6.0MB

MD5
e83e21170cc5697600352b2479918297

SHA1
7bcf93de44f65329348d1edb2c1e1d1afda18619

SHA256
d1182f12b5f6c07a952c492a9d80ed07f357a495a6b390258ac7436847a99dc9

SHA512
f4fe9d75f93d13cffe6540193dbd0579237740dd490780cccae4e7c97f594f812a0d43f9dff65b79ef18c1edf7a0e4c9bb47109c0b386eed9498974b8bc4051e

Download Submit
C:\Windows\system\QsFAIxN.exe

Filesize
6.0MB

MD5
62577d72aeef8eca463838bd8a7ab0ce

SHA1
5c52d742e473e6eea617ab119cd55a55251488e7

SHA256
a00116fa4472d1dc093ddbfae7677e49759f4a20b381b3c9273d3db7f3352aa2

SHA512
4352339fb9f315c9737eb5188982141cedcd84793b852bf9795c3047c1f77dbef951170a569b8fc66b0e0c82e17eded867bd89477a55412aa2b6c1cae82e3136

Download Submit
C:\Windows\system\RpPyJmx.exe

Filesize
6.0MB

MD5
3c4a6f98489659b955d973149dd4c46e

SHA1
158d2610054de2403e4c8a5a8327eb3430adb4d8

SHA256
5680a849fe17b42b0a6f13ddcffae59ded0b7ae7c4e2bb85473178da0b276f8e

SHA512
7a5892183d0d658be168b719f40f11439ade97179eb9f66c39636cdcb0baef4807704da3975b4df3b71eea96a137cdb9fc8034efba007f8f5ef51263f55c9205

Download Submit
C:\Windows\system\UkTTpIG.exe

Filesize
6.0MB

MD5
903959b9ccfaa4d21c81b7446f9f4fbe

SHA1
8f75a21c74b03ab66ee8b5bf99285ccff7a9ccc4

SHA256
1be4328618438093c1446de7ce2182262dd67a3466f22fb857a2c3765a1eb87e

SHA512
53c92b309749161215354abe8ab0a4dd30331557abb2c904cc88fed5e0e1088dd15fa79f8a0a2b5bbfefc7367e33aec803c1ff3bc5a9b4b8125b90ffde755f39

Download Submit
C:\Windows\system\WondbKA.exe

Filesize
6.0MB

MD5
c4149749093d58806dd532814c41db91

SHA1
c6b914ccb2a1825fe0fca3a7e678a1f67e1a05e8

SHA256
693213b2b7d9f275227aaaf30a70b35e0b131e63b206bbe8b8d1b32212077069

SHA512
e2b161ad31af05e8f17b820e642365342d109c922c18938a2449214ffb93a074b40a60b0e58ac71fdfbc6004849903784c5d0b741415d732bb86030b0edaec20

Download Submit
C:\Windows\system\WvJcYJL.exe

Filesize
6.0MB

MD5
c690d46c0d265564b1c06db42ebbb339

SHA1
199bebd2c1c85efc0f5248fbd2843f9027b59f37

SHA256
31f314feb949c37673eb224a378763e735a80364d7dcbcc5fd1dbb173b6b8123

SHA512
c8dc08784617ce03a74426256bb5497dc3c5d9a5055a66ed538a226b33c9d4e5b699e22cdd66d8e19af963e4470d26440535402c33fff1b614b7c61331b3ebd0

Download Submit
C:\Windows\system\bvRmJya.exe

Filesize
6.0MB

MD5
3fe1667bf3aabbb7822e128cf42dad71

SHA1
5308e872a7c6ff65e156619d6a720f3cc1c1d66c

SHA256
cc3c73ff44382e17c9663c87442b6ab3153410852e2ca1ebe58580fea9d629fe

SHA512
527fe79c9fc07b1a44041bac8dcd79be4ae8760766d0b96445da288394bb60d1a376185b4f1d836dcff684907e72df43a8ec0d135b0d64d84975ac09d88ac116

Download Submit
C:\Windows\system\hlBNoZy.exe

Filesize
6.0MB

MD5
1380347eeb36f88ee026b13dcbe9b051

SHA1
1689b7b2eb7ec981b696ec34fc1bfa10b77ebced

SHA256
3d6f533c213ef557c3625b2bc0daee11a3c05574a9dd8769220be184d086ca0a

SHA512
7af042bbf5d1dbda407fd18551363be464e0e31f6573f8faef2f51eb765b11fbde077f0f28ca4d0afc484c4ebfb37cca8b460273f77b221e924b86930bdf85e4

Download Submit
C:\Windows\system\ilkSZyv.exe

Filesize
6.0MB

MD5
5760c5a71c06bbd071207556e75fc0d5

SHA1
a58f08d845cd87734f20fe669690fc7b5bbfb751

SHA256
f527f9f11c3205502ad7e17ebb54e92a26bdf36579a07658541bdedeb269fc8f

SHA512
0b876206d0b4790d80b971df19ff8ab342cab701dbc6e132afaf5788a23848f0d5614faefc291a70f38acda12bcdb098bcde8e127d46e2b7ade61331f5aa4afb

Download Submit
C:\Windows\system\jfBcnLX.exe

Filesize
6.0MB

MD5
d8b6dd31ac2e4e788a7fc88895eef5af

SHA1
65cba52f314faa1e9b35fe0c151d753f604b0a1c

SHA256
8d650b765508340446bb0841ddf2afc3a6a7318d69e851ff1c77cd012c1c958f

SHA512
faedb9d140883907ac14b45efd2329b3489727993fa476f737baa8ae54eccf4be55a1466a11bf14849b75a119ed7ad61f4e805d76834c9c78b7fffc7b6117405

Download Submit
C:\Windows\system\ngwDAzq.exe

Filesize
6.0MB

MD5
141809915e041e9eb83db9b7d0534e9f

SHA1
b9a093b907a6b441579a6330743959800d14fbb5

SHA256
71ca315a1f45ad7e239d62a68fdd96c6fbeba29a8f975894b91ff0ad975f056a

SHA512
b33fdd5115b33109685bd5d4fc2843a6425b973d4f374ea120df196a4783c6a09636dc3a5d7a42deec72cde1d8b770c50b2b1389469e34657eeeb5766ac302ef

Download Submit
C:\Windows\system\nygcTcL.exe

Filesize
6.0MB

MD5
368a731c8d287dd7160448e3fa684d40

SHA1
9764e42d230ad51fbfb7c4130201322525147edb

SHA256
d19b3cd642500f284b1bec02f2d7684c723bca45d6092296fcfa676d0591a35c

SHA512
0b6ccd90c9a3911bf19cabef4c6f984543c2a2d77cf5a13ef7536cfaebc997c1a510c1d819b7bfa7cbb86869fa3d250b59dafef4e81d66fe63019d1a2261cb15

Download Submit
C:\Windows\system\omNhoeY.exe

Filesize
6.0MB

MD5
3ebc131efe289bafd7f069fac27ffc00

SHA1
68ca1f10a1bdc49f279dc3bced0a291e9f1df588

SHA256
1d8b1418d66e4cfd904489f1bf98bfd9b87cb1612115672b84670ec029ab674e

SHA512
d9e7b344cbd19b99e19e8bf03ba7b52b69928e606557d1106c1b2f0c897c135985653c892faee8bb78136263f0d2d3a4cad25f589784dd8f6b7c8e905c6577a7

Download Submit
C:\Windows\system\oyFHbef.exe

Filesize
6.0MB

MD5
a3fbad200b40924a0a6b6ec66e539915

SHA1
56a9f69248e17268f84e04549346f980f821a1b0

SHA256
e78d5bc71b841672b953be848d26b170cdb6ff3d53142351b93f3bb0845ad9be

SHA512
4e76672cba2b025f0604d73468181dd82d1577b66bb4dc6092411f03c746f94554e4fe94ba957d3f725ec390da4d973e17ad1d0601b8809e980b1d7dd7d8cf4f

Download Submit
C:\Windows\system\taJcBPD.exe

Filesize
6.0MB

MD5
a6012d8553b7b277dd38361bb08a79d9

SHA1
990cbe0930b906f8e755d32986163ff71a08fe98

SHA256
b953f6e33e0529e647054dd48ce9629188151a8d04956fb9b5d25b7894930338

SHA512
414eb137d600f8dab9446536be9ea796b78e3790ac892936dce22aef307ff3b1db0998c2e60d71f958132b4bcdc610729574cc3964b2a592961b51c606e736ff

Download Submit
C:\Windows\system\vFNhMQq.exe

Filesize
6.0MB

MD5
df0342cb2aba5911ed02d4067b6176b5

SHA1
7c02cf00eed71c8db21af8b49de67e890f12ddd7

SHA256
b69ed4d2b781e598def8d3b992a6e92b744a9ecf847eb7fae8592488ad89359f

SHA512
be47c0f7585f464a66758d59b76021546c5bfc6ba2a378faddb51c67c141fce73f273df90228f613571cf2c28582787e9be40938e43d3c4f8d0b684fe8b57322

Download Submit
C:\Windows\system\wODutOw.exe

Filesize
6.0MB

MD5
b9b25cd097448406eaaeeb71e8e20a60

SHA1
3ddf29cb97ad266e0689e39783621cd15dc52a14

SHA256
8ad96083f491c9fa829ef3f5639ff83aac7c986aa94824af5e72e49fa73b09f6

SHA512
59d9eef95e27137b68fab06244a78e98aed9308d350d240db54699fadbedf3fcef31f6ae79e20632a1e98894cab4fe9fbff9aa705459af40f0650f465a45a908

Download Submit
\Windows\system\JNRrHPh.exe

Filesize
6.0MB

MD5
ea50de9aab93d3962a4fb8d0c8646f98

SHA1
7ed56ce764f17a0677d01c670e43648b40bc3350

SHA256
8bc62d5f64bcfc34e07222d9f6183004cb2d66657e49314c07e0190114c65543

SHA512
f0a2b2b8582f9c13348c9d36314ddb9231a27158cc026528f196d2281f3c19d1c428e52febf2c475cfca80dac022a19991c138d43042825e4c7e0f203fa321e6

Download Submit
\Windows\system\QhAnpVK.exe

Filesize
6.0MB

MD5
3f680c00631c6ef616832a5eac2b8dfe

SHA1
58c77ca6d76566f2fe96e17da5749f25ca1d7c90

SHA256
a9f7c1b750c9897fe357f799a7e94ab7425ab960dd263a6c937cb0073c2fbe33

SHA512
c94fcee5a49cd8bff305f10c017f20d99090af64c92f29a1e75425fee9805412440bceaffd2cf3be06f54f056768fe3f676d939c2f092966111b5c52669aff66

Download Submit
\Windows\system\VGxEzeo.exe

Filesize
6.0MB

MD5
c2db189bd60991d21d06c92a1993ff8b

SHA1
8bcd569da1a847f3c50139e4b35b5f63dc97050d

SHA256
0ab07e60b764aa619fb1c98ede0fe3961261deb39320dbcaafa674e5d4bb67c4

SHA512
2f3f7df33aa9355ec1bcc8c600990738526069f4e503c013093b555e2aa4f1bbf3ce0375f4d027c7f5779d9d0e2d9ef375f567f07cfdb20c6105b66e0920bc07

Download Submit
\Windows\system\btkSkwn.exe

Filesize
6.0MB

MD5
bceb9068458a7611a33f354565817459

SHA1
57a054b3a139053124f605501e84affc8a0b35ff

SHA256
e09e93990f16a85aa4762f24796126f796f57f7d6fc86f4a9abf49d0f107d803

SHA512
24110edee5acaffcfc7b9764e442e2132ceac4b77453440ad522b7cf030031da2f0d12d691e0b93004054a14febf0c2c0c87e205e0316a4d7675e42b4bc2cb74

Download Submit
memory/1752-3844-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/1752-460-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2104-3845-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2104-477-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1389-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1383-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2160-457-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/2160-465-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-418-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2160-476-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2160-451-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2160-444-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2160-480-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2160-437-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1294-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2160-435-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1392-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2160-433-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1461-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2160-431-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1393-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-429-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1391-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-427-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1390-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2160-425-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-0-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-478-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1388-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1178-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1381-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1382-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1387-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1384-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1385-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2160-1386-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2180-468-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-3843-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-456-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2380-3841-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2536-3839-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-436-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-3832-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-428-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-432-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3833-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2580-438-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3842-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3762-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-426-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3830-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-479-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3829-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2712-434-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3828-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-430-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3831-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-424-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-3850-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2960-448-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download