cobaltstrike | 6cc148e5718c052a7295d18b5484bdd5392b6987e0f26d40921546956e41335d

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-09-2024 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

3b1b24288d3fd479a5e92db86fb8001c
SHA1

220408fcae62e749be7ebdfa021a1eb2be564e2d
SHA256

6cc148e5718c052a7295d18b5484bdd5392b6987e0f26d40921546956e41335d
SHA512

b23ff096bd0ecfb935cae429204a62db6953061dc0e774cfdbe6dc2613f786c12d6cc1000b73a16c21a2d8bdf64701b102eb94f095a892c61713eb81ab4956c0
SSDEEP

98304:IapSdlWdfE0pZPD56utgpPFotBER/mQ32lUn:32Y56utgpPF8u/7n

Score

10^/10

cobaltstrike strela xmrig 0 backdoor miner stealer trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a0000000120d6-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015689-10.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000156b8-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ccf-30.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015697-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ce4-37.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d0a-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016141-59.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016399-69.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000164de-74.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016689-82.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016890-87.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d68-127.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de9-159.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df8-169.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd9-149.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df5-163.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015415-154.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd5-144.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d73-140.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d22-119.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-134.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4c-124.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cf0-114.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cab-109.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ca0-104.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c89-99.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016b86-94.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001660e-79.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000162e4-64.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d15-54.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cfd-44.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Detects Strela Stealer payload 1 IoCs

resource	yara_rule
behavioral1/memory/1708-595-0x000000013FF90000-0x00000001402E4000-memory.dmp	family_strela

Strela stealer
An info stealer targeting mail credentials first seen in late 2022.
stealer strela
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1708-0-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x000a0000000120d6-6.dat	xmrig
behavioral1/memory/2988-21-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/1268-12-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/files/0x0009000000015689-10.dat	xmrig
behavioral1/memory/2428-22-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/files/0x00080000000156b8-27.dat	xmrig
behavioral1/files/0x0007000000015ccf-30.dat	xmrig
behavioral1/memory/2728-29-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015697-18.dat	xmrig
behavioral1/files/0x0007000000015ce4-37.dat	xmrig
behavioral1/files/0x0008000000015d0a-50.dat	xmrig
behavioral1/files/0x0006000000016141-59.dat	xmrig
behavioral1/files/0x0006000000016399-69.dat	xmrig
behavioral1/files/0x00060000000164de-74.dat	xmrig
behavioral1/files/0x0006000000016689-82.dat	xmrig
behavioral1/files/0x0006000000016890-87.dat	xmrig
behavioral1/files/0x0006000000016d68-127.dat	xmrig
behavioral1/files/0x0006000000016de9-159.dat	xmrig
behavioral1/files/0x0006000000016df8-169.dat	xmrig
behavioral1/memory/2728-1396-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2428-1391-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2988-1191-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/1708-894-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2736-624-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2832-618-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2780-598-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2192-587-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/1708-667-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2212-661-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/1708-656-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2312-655-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2644-653-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2600-634-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2716-610-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2840-581-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x0006000000016dd9-149.dat	xmrig
behavioral1/files/0x0006000000016df5-163.dat	xmrig
behavioral1/files/0x0008000000015415-154.dat	xmrig
behavioral1/files/0x0006000000016dd5-144.dat	xmrig
behavioral1/files/0x0006000000016d73-140.dat	xmrig
behavioral1/files/0x0006000000016d22-119.dat	xmrig
behavioral1/files/0x0006000000016d6f-134.dat	xmrig
behavioral1/files/0x0006000000016d4c-124.dat	xmrig
behavioral1/files/0x0006000000016cf0-114.dat	xmrig
behavioral1/files/0x0006000000016cab-109.dat	xmrig
behavioral1/files/0x0006000000016ca0-104.dat	xmrig
behavioral1/files/0x0006000000016c89-99.dat	xmrig
behavioral1/files/0x0006000000016b86-94.dat	xmrig
behavioral1/files/0x000600000001660e-79.dat	xmrig
behavioral1/files/0x00060000000162e4-64.dat	xmrig
behavioral1/files/0x0008000000015d15-54.dat	xmrig
behavioral1/files/0x0007000000015cfd-44.dat	xmrig
behavioral1/memory/2312-4083-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2192-4082-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2736-4084-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2644-4085-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2600-4081-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2716-4080-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2212-4087-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2988-4088-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2728-4089-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2832-4079-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/1268-4078-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1268	ASyJAqh.exe
2428	XmhJEAO.exe
2988	sRGNDHX.exe
2728	IBiiPeq.exe
2840	HbkFxxL.exe
2192	RagddPi.exe
2780	GZVWsxb.exe
2716	NdilcWl.exe
2832	hiknfnD.exe
2736	DTFHCqw.exe
2600	VvVqmGI.exe
2644	NUqjBhy.exe
2312	OjFKPFo.exe
2212	hAlJmId.exe
2008	lBfdecn.exe
1084	fBWNivb.exe
112	cbsegoF.exe
1160	oWsMQSj.exe
2660	uVoMvTU.exe
2908	QcdGOMq.exe
1988	YLLvgwZ.exe
576	TnPhdPx.exe
2968	HBQKjLT.exe
316	LRQVHcY.exe
1932	WXyfXMH.exe
2208	bCKBzAw.exe
1872	GplAXdh.exe
2324	sQSRKpT.exe
2320	WwSmovi.exe
2108	OPuiBFs.exe
2868	AsoOQVW.exe
956	QLJFrKm.exe
1884	vxqhUsV.exe
3020	pRwQiZR.exe
1148	IwpLSJE.exe
2580	hhhiKHB.exe
2372	svKDpXk.exe
1656	SEsetPO.exe
1696	zqveRVh.exe
896	WxfURbM.exe
2336	ntFYdJY.exe
1776	siWpmqS.exe
2932	eHOenSj.exe
1648	RnyILIy.exe
2368	IHeGSCZ.exe
1164	BHrQrYM.exe
856	OwRqbAO.exe
2544	xfPFirQ.exe
1820	YNlJtTr.exe
2408	PWCEVqH.exe
800	isWBafx.exe
1244	UwZSMSQ.exe
892	tdVHzDT.exe
2540	dquBTBr.exe
276	dSJQrTY.exe
2352	toGDMno.exe
2904	icrdhed.exe
2800	vJYDLuv.exe
2708	YtFMDgY.exe
2836	ftfudXc.exe
2816	qBNXqek.exe
2656	tvVQJWz.exe
2676	VgCqzPO.exe
2380	SDicomf.exe

Loads dropped DLL 64 IoCs

pid	Process
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1708-0-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x000a0000000120d6-6.dat	upx
behavioral1/memory/2988-21-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/1268-12-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x0009000000015689-10.dat	upx
behavioral1/memory/2428-22-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/files/0x00080000000156b8-27.dat	upx
behavioral1/files/0x0007000000015ccf-30.dat	upx
behavioral1/memory/2728-29-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x0008000000015697-18.dat	upx
behavioral1/files/0x0007000000015ce4-37.dat	upx
behavioral1/files/0x0008000000015d0a-50.dat	upx
behavioral1/files/0x0006000000016141-59.dat	upx
behavioral1/files/0x0006000000016399-69.dat	upx
behavioral1/files/0x00060000000164de-74.dat	upx
behavioral1/files/0x0006000000016689-82.dat	upx
behavioral1/files/0x0006000000016890-87.dat	upx
behavioral1/files/0x0006000000016d68-127.dat	upx
behavioral1/files/0x0006000000016de9-159.dat	upx
behavioral1/files/0x0006000000016df8-169.dat	upx
behavioral1/memory/2728-1396-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2428-1391-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2988-1191-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/1708-894-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2736-624-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2832-618-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2780-598-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2192-587-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2212-661-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2312-655-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2644-653-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2600-634-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2716-610-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2840-581-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x0006000000016dd9-149.dat	upx
behavioral1/files/0x0006000000016df5-163.dat	upx
behavioral1/files/0x0008000000015415-154.dat	upx
behavioral1/files/0x0006000000016dd5-144.dat	upx
behavioral1/files/0x0006000000016d73-140.dat	upx
behavioral1/files/0x0006000000016d22-119.dat	upx
behavioral1/files/0x0006000000016d6f-134.dat	upx
behavioral1/files/0x0006000000016d4c-124.dat	upx
behavioral1/files/0x0006000000016cf0-114.dat	upx
behavioral1/files/0x0006000000016cab-109.dat	upx
behavioral1/files/0x0006000000016ca0-104.dat	upx
behavioral1/files/0x0006000000016c89-99.dat	upx
behavioral1/files/0x0006000000016b86-94.dat	upx
behavioral1/files/0x000600000001660e-79.dat	upx
behavioral1/files/0x00060000000162e4-64.dat	upx
behavioral1/files/0x0008000000015d15-54.dat	upx
behavioral1/files/0x0007000000015cfd-44.dat	upx
behavioral1/memory/2312-4083-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2192-4082-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2736-4084-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2644-4085-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2600-4081-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2716-4080-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2212-4087-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2988-4088-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2728-4089-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2832-4079-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/1268-4078-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2780-4077-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2428-4076-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OdPnkvy.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LZIupCM.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vwxssVR.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\feDGWxZ.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LbaiRWm.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGprdKe.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKMyWrX.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hdiozLf.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjZkXwv.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lXpFdLf.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bGlQaVu.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IvVmqGx.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dfcFXxy.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WTNzKsm.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nzaVkDf.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VHxRFVW.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GmjpQlq.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRQVHcY.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XiQLWKK.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BOQBOnO.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXzjzOj.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wUeqAng.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PigywFh.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vxqhUsV.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YkEiclc.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EEktUPF.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLNNldC.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XYCEkpa.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\exaYexI.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pOkRulc.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQchGBd.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\svvCxwT.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SEsetPO.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PMKdMca.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tRRLOdQ.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iShKcFX.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntFYdJY.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QkGXmLe.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oBFygqY.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYhCaex.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzSYLOS.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UiGYZKI.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zXxonAU.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FzuRueU.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hCllQjM.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WyqRIqU.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lBfdecn.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QpxuwJH.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kgGjcYn.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIxBicA.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CHfshzr.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NqWKcIn.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GipMVUA.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lalasvM.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FOzCorH.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UlLmonh.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VgCqzPO.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IhAMQVN.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YASmStK.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZxlqBmO.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gzVNDBQ.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YcQKLSb.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MiTnDzN.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLNjWQf.exe	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 1268	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1708 wrote to memory of 1268	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1708 wrote to memory of 1268	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1708 wrote to memory of 2428	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1708 wrote to memory of 2428	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1708 wrote to memory of 2428	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1708 wrote to memory of 2988	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1708 wrote to memory of 2988	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1708 wrote to memory of 2988	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1708 wrote to memory of 2728	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1708 wrote to memory of 2728	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1708 wrote to memory of 2728	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1708 wrote to memory of 2840	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1708 wrote to memory of 2840	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1708 wrote to memory of 2840	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1708 wrote to memory of 2192	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1708 wrote to memory of 2192	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1708 wrote to memory of 2192	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1708 wrote to memory of 2780	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1708 wrote to memory of 2780	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1708 wrote to memory of 2780	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1708 wrote to memory of 2716	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1708 wrote to memory of 2716	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1708 wrote to memory of 2716	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1708 wrote to memory of 2832	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1708 wrote to memory of 2832	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1708 wrote to memory of 2832	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1708 wrote to memory of 2736	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1708 wrote to memory of 2736	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1708 wrote to memory of 2736	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1708 wrote to memory of 2600	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1708 wrote to memory of 2600	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1708 wrote to memory of 2600	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1708 wrote to memory of 2644	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1708 wrote to memory of 2644	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1708 wrote to memory of 2644	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1708 wrote to memory of 2312	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1708 wrote to memory of 2312	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1708 wrote to memory of 2312	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1708 wrote to memory of 2212	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1708 wrote to memory of 2212	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1708 wrote to memory of 2212	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1708 wrote to memory of 2008	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1708 wrote to memory of 2008	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1708 wrote to memory of 2008	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1708 wrote to memory of 1084	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1708 wrote to memory of 1084	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1708 wrote to memory of 1084	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1708 wrote to memory of 112	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1708 wrote to memory of 112	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1708 wrote to memory of 112	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1708 wrote to memory of 1160	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1708 wrote to memory of 1160	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1708 wrote to memory of 1160	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1708 wrote to memory of 2660	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1708 wrote to memory of 2660	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1708 wrote to memory of 2660	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1708 wrote to memory of 2908	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1708 wrote to memory of 2908	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1708 wrote to memory of 2908	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1708 wrote to memory of 1988	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1708 wrote to memory of 1988	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1708 wrote to memory of 1988	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1708 wrote to memory of 576	1708	2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-14_3b1b24288d3fd479a5e92db86fb8001c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\System\ASyJAqh.exe
  C:\Windows\System\ASyJAqh.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\XmhJEAO.exe
  C:\Windows\System\XmhJEAO.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\sRGNDHX.exe
  C:\Windows\System\sRGNDHX.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\IBiiPeq.exe
  C:\Windows\System\IBiiPeq.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\HbkFxxL.exe
  C:\Windows\System\HbkFxxL.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\RagddPi.exe
  C:\Windows\System\RagddPi.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\GZVWsxb.exe
  C:\Windows\System\GZVWsxb.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\NdilcWl.exe
  C:\Windows\System\NdilcWl.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\hiknfnD.exe
  C:\Windows\System\hiknfnD.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\DTFHCqw.exe
  C:\Windows\System\DTFHCqw.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\VvVqmGI.exe
  C:\Windows\System\VvVqmGI.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\NUqjBhy.exe
  C:\Windows\System\NUqjBhy.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\OjFKPFo.exe
  C:\Windows\System\OjFKPFo.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\hAlJmId.exe
  C:\Windows\System\hAlJmId.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\lBfdecn.exe
  C:\Windows\System\lBfdecn.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\fBWNivb.exe
  C:\Windows\System\fBWNivb.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\cbsegoF.exe
  C:\Windows\System\cbsegoF.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\oWsMQSj.exe
  C:\Windows\System\oWsMQSj.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\uVoMvTU.exe
  C:\Windows\System\uVoMvTU.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\QcdGOMq.exe
  C:\Windows\System\QcdGOMq.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\YLLvgwZ.exe
  C:\Windows\System\YLLvgwZ.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\TnPhdPx.exe
  C:\Windows\System\TnPhdPx.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\HBQKjLT.exe
  C:\Windows\System\HBQKjLT.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\LRQVHcY.exe
  C:\Windows\System\LRQVHcY.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\WXyfXMH.exe
  C:\Windows\System\WXyfXMH.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\bCKBzAw.exe
  C:\Windows\System\bCKBzAw.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\GplAXdh.exe
  C:\Windows\System\GplAXdh.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\sQSRKpT.exe
  C:\Windows\System\sQSRKpT.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\WwSmovi.exe
  C:\Windows\System\WwSmovi.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\OPuiBFs.exe
  C:\Windows\System\OPuiBFs.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\AsoOQVW.exe
  C:\Windows\System\AsoOQVW.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\QLJFrKm.exe
  C:\Windows\System\QLJFrKm.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\vxqhUsV.exe
  C:\Windows\System\vxqhUsV.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\IwpLSJE.exe
  C:\Windows\System\IwpLSJE.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\pRwQiZR.exe
  C:\Windows\System\pRwQiZR.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\svKDpXk.exe
  C:\Windows\System\svKDpXk.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\hhhiKHB.exe
  C:\Windows\System\hhhiKHB.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\SEsetPO.exe
  C:\Windows\System\SEsetPO.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\zqveRVh.exe
  C:\Windows\System\zqveRVh.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\siWpmqS.exe
  C:\Windows\System\siWpmqS.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\WxfURbM.exe
  C:\Windows\System\WxfURbM.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\eHOenSj.exe
  C:\Windows\System\eHOenSj.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\ntFYdJY.exe
  C:\Windows\System\ntFYdJY.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\RnyILIy.exe
  C:\Windows\System\RnyILIy.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\IHeGSCZ.exe
  C:\Windows\System\IHeGSCZ.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\OwRqbAO.exe
  C:\Windows\System\OwRqbAO.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\BHrQrYM.exe
  C:\Windows\System\BHrQrYM.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\YNlJtTr.exe
  C:\Windows\System\YNlJtTr.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\xfPFirQ.exe
  C:\Windows\System\xfPFirQ.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\PWCEVqH.exe
  C:\Windows\System\PWCEVqH.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\isWBafx.exe
  C:\Windows\System\isWBafx.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\tdVHzDT.exe
  C:\Windows\System\tdVHzDT.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\UwZSMSQ.exe
  C:\Windows\System\UwZSMSQ.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\dquBTBr.exe
  C:\Windows\System\dquBTBr.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\dSJQrTY.exe
  C:\Windows\System\dSJQrTY.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\toGDMno.exe
  C:\Windows\System\toGDMno.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\icrdhed.exe
  C:\Windows\System\icrdhed.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\vJYDLuv.exe
  C:\Windows\System\vJYDLuv.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\YtFMDgY.exe
  C:\Windows\System\YtFMDgY.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\ftfudXc.exe
  C:\Windows\System\ftfudXc.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\qBNXqek.exe
  C:\Windows\System\qBNXqek.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\tvVQJWz.exe
  C:\Windows\System\tvVQJWz.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\VgCqzPO.exe
  C:\Windows\System\VgCqzPO.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\SDicomf.exe
  C:\Windows\System\SDicomf.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\tYZIhGO.exe
  C:\Windows\System\tYZIhGO.exe
  2⤵
  PID:1196
- C:\Windows\System\OCHKOvH.exe
  C:\Windows\System\OCHKOvH.exe
  2⤵
  PID:1584
- C:\Windows\System\vSokhPD.exe
  C:\Windows\System\vSokhPD.exe
  2⤵
  PID:2856
- C:\Windows\System\PqQsUsY.exe
  C:\Windows\System\PqQsUsY.exe
  2⤵
  PID:760
- C:\Windows\System\kiWFGFd.exe
  C:\Windows\System\kiWFGFd.exe
  2⤵
  PID:1444
- C:\Windows\System\aOEjGhP.exe
  C:\Windows\System\aOEjGhP.exe
  2⤵
  PID:1032
- C:\Windows\System\exaYexI.exe
  C:\Windows\System\exaYexI.exe
  2⤵
  PID:1028
- C:\Windows\System\qWWvZqS.exe
  C:\Windows\System\qWWvZqS.exe
  2⤵
  PID:2316
- C:\Windows\System\CeGLhoI.exe
  C:\Windows\System\CeGLhoI.exe
  2⤵
  PID:1132
- C:\Windows\System\zJdGKgf.exe
  C:\Windows\System\zJdGKgf.exe
  2⤵
  PID:2584
- C:\Windows\System\BDVtqJG.exe
  C:\Windows\System\BDVtqJG.exe
  2⤵
  PID:2460
- C:\Windows\System\HBwsKTe.exe
  C:\Windows\System\HBwsKTe.exe
  2⤵
  PID:1344
- C:\Windows\System\SjoqpEG.exe
  C:\Windows\System\SjoqpEG.exe
  2⤵
  PID:1540
- C:\Windows\System\MNwAvbk.exe
  C:\Windows\System\MNwAvbk.exe
  2⤵
  PID:1792
- C:\Windows\System\yIiebkl.exe
  C:\Windows\System\yIiebkl.exe
  2⤵
  PID:1668
- C:\Windows\System\LTmmnVg.exe
  C:\Windows\System\LTmmnVg.exe
  2⤵
  PID:940
- C:\Windows\System\JefpXSJ.exe
  C:\Windows\System\JefpXSJ.exe
  2⤵
  PID:2232
- C:\Windows\System\NkYizUY.exe
  C:\Windows\System\NkYizUY.exe
  2⤵
  PID:908
- C:\Windows\System\BaORDrI.exe
  C:\Windows\System\BaORDrI.exe
  2⤵
  PID:1652
- C:\Windows\System\AxNOfec.exe
  C:\Windows\System\AxNOfec.exe
  2⤵
  PID:1008
- C:\Windows\System\nuyPISH.exe
  C:\Windows\System\nuyPISH.exe
  2⤵
  PID:2052
- C:\Windows\System\PUmLILF.exe
  C:\Windows\System\PUmLILF.exe
  2⤵
  PID:1504
- C:\Windows\System\vHiSUlv.exe
  C:\Windows\System\vHiSUlv.exe
  2⤵
  PID:764
- C:\Windows\System\fIuUhXH.exe
  C:\Windows\System\fIuUhXH.exe
  2⤵
  PID:1716
- C:\Windows\System\rdtFgwX.exe
  C:\Windows\System\rdtFgwX.exe
  2⤵
  PID:1600
- C:\Windows\System\SDaHRJI.exe
  C:\Windows\System\SDaHRJI.exe
  2⤵
  PID:2440
- C:\Windows\System\EgwBQAR.exe
  C:\Windows\System\EgwBQAR.exe
  2⤵
  PID:2824
- C:\Windows\System\ujMAWGn.exe
  C:\Windows\System\ujMAWGn.exe
  2⤵
  PID:2888
- C:\Windows\System\VefLVxV.exe
  C:\Windows\System\VefLVxV.exe
  2⤵
  PID:2720
- C:\Windows\System\NadlRTD.exe
  C:\Windows\System\NadlRTD.exe
  2⤵
  PID:592
- C:\Windows\System\NtGoPCD.exe
  C:\Windows\System\NtGoPCD.exe
  2⤵
  PID:2688
- C:\Windows\System\QOLqQuv.exe
  C:\Windows\System\QOLqQuv.exe
  2⤵
  PID:776
- C:\Windows\System\aPWfXVl.exe
  C:\Windows\System\aPWfXVl.exe
  2⤵
  PID:2028
- C:\Windows\System\JCBsjXt.exe
  C:\Windows\System\JCBsjXt.exe
  2⤵
  PID:2788
- C:\Windows\System\uEAHsnd.exe
  C:\Windows\System\uEAHsnd.exe
  2⤵
  PID:1108
- C:\Windows\System\oyaIYuM.exe
  C:\Windows\System\oyaIYuM.exe
  2⤵
  PID:1340
- C:\Windows\System\PWMUsYE.exe
  C:\Windows\System\PWMUsYE.exe
  2⤵
  PID:1400
- C:\Windows\System\YVGvIvq.exe
  C:\Windows\System\YVGvIvq.exe
  2⤵
  PID:1592
- C:\Windows\System\qsMhHhL.exe
  C:\Windows\System\qsMhHhL.exe
  2⤵
  PID:2432
- C:\Windows\System\YpZreOn.exe
  C:\Windows\System\YpZreOn.exe
  2⤵
  PID:1768
- C:\Windows\System\SwFxDEK.exe
  C:\Windows\System\SwFxDEK.exe
  2⤵
  PID:2064
- C:\Windows\System\yBLQIcz.exe
  C:\Windows\System\yBLQIcz.exe
  2⤵
  PID:1836
- C:\Windows\System\TNNxuez.exe
  C:\Windows\System\TNNxuez.exe
  2⤵
  PID:1888
- C:\Windows\System\iWQuNNG.exe
  C:\Windows\System\iWQuNNG.exe
  2⤵
  PID:1660
- C:\Windows\System\atUKScX.exe
  C:\Windows\System\atUKScX.exe
  2⤵
  PID:1608
- C:\Windows\System\onzGgTl.exe
  C:\Windows\System\onzGgTl.exe
  2⤵
  PID:3000
- C:\Windows\System\bTzRyKZ.exe
  C:\Windows\System\bTzRyKZ.exe
  2⤵
  PID:1616
- C:\Windows\System\YLSIfWG.exe
  C:\Windows\System\YLSIfWG.exe
  2⤵
  PID:2632
- C:\Windows\System\jjjzbna.exe
  C:\Windows\System\jjjzbna.exe
  2⤵
  PID:2776
- C:\Windows\System\WSImeWA.exe
  C:\Windows\System\WSImeWA.exe
  2⤵
  PID:1048
- C:\Windows\System\IbaHSuo.exe
  C:\Windows\System\IbaHSuo.exe
  2⤵
  PID:1036
- C:\Windows\System\DrurijQ.exe
  C:\Windows\System\DrurijQ.exe
  2⤵
  PID:3080
- C:\Windows\System\jbxRtpX.exe
  C:\Windows\System\jbxRtpX.exe
  2⤵
  PID:3100
- C:\Windows\System\OoXfYHx.exe
  C:\Windows\System\OoXfYHx.exe
  2⤵
  PID:3120
- C:\Windows\System\wHfdMCx.exe
  C:\Windows\System\wHfdMCx.exe
  2⤵
  PID:3140
- C:\Windows\System\mxriOtJ.exe
  C:\Windows\System\mxriOtJ.exe
  2⤵
  PID:3160
- C:\Windows\System\CZqfSCh.exe
  C:\Windows\System\CZqfSCh.exe
  2⤵
  PID:3180
- C:\Windows\System\yCwXFQp.exe
  C:\Windows\System\yCwXFQp.exe
  2⤵
  PID:3200
- C:\Windows\System\zMlferS.exe
  C:\Windows\System\zMlferS.exe
  2⤵
  PID:3220
- C:\Windows\System\lLxqBik.exe
  C:\Windows\System\lLxqBik.exe
  2⤵
  PID:3240
- C:\Windows\System\udpoCXf.exe
  C:\Windows\System\udpoCXf.exe
  2⤵
  PID:3260
- C:\Windows\System\TkHtJLa.exe
  C:\Windows\System\TkHtJLa.exe
  2⤵
  PID:3280
- C:\Windows\System\PWuPseZ.exe
  C:\Windows\System\PWuPseZ.exe
  2⤵
  PID:3296
- C:\Windows\System\XiQLWKK.exe
  C:\Windows\System\XiQLWKK.exe
  2⤵
  PID:3316
- C:\Windows\System\FHTJWVV.exe
  C:\Windows\System\FHTJWVV.exe
  2⤵
  PID:3340
- C:\Windows\System\WTNzKsm.exe
  C:\Windows\System\WTNzKsm.exe
  2⤵
  PID:3360
- C:\Windows\System\mXWmiRD.exe
  C:\Windows\System\mXWmiRD.exe
  2⤵
  PID:3380
- C:\Windows\System\QOWlRKO.exe
  C:\Windows\System\QOWlRKO.exe
  2⤵
  PID:3400
- C:\Windows\System\qLpChUW.exe
  C:\Windows\System\qLpChUW.exe
  2⤵
  PID:3420
- C:\Windows\System\oYWAzTO.exe
  C:\Windows\System\oYWAzTO.exe
  2⤵
  PID:3440
- C:\Windows\System\vKrtYUy.exe
  C:\Windows\System\vKrtYUy.exe
  2⤵
  PID:3460
- C:\Windows\System\MHHRBtf.exe
  C:\Windows\System\MHHRBtf.exe
  2⤵
  PID:3480
- C:\Windows\System\dfcFXxy.exe
  C:\Windows\System\dfcFXxy.exe
  2⤵
  PID:3500
- C:\Windows\System\CzPLMfx.exe
  C:\Windows\System\CzPLMfx.exe
  2⤵
  PID:3520
- C:\Windows\System\MPCYgKX.exe
  C:\Windows\System\MPCYgKX.exe
  2⤵
  PID:3540
- C:\Windows\System\iXNbMHb.exe
  C:\Windows\System\iXNbMHb.exe
  2⤵
  PID:3560
- C:\Windows\System\zLVqYdM.exe
  C:\Windows\System\zLVqYdM.exe
  2⤵
  PID:3580
- C:\Windows\System\JyRRQFt.exe
  C:\Windows\System\JyRRQFt.exe
  2⤵
  PID:3600
- C:\Windows\System\lxBlEDs.exe
  C:\Windows\System\lxBlEDs.exe
  2⤵
  PID:3620
- C:\Windows\System\bpYvDhU.exe
  C:\Windows\System\bpYvDhU.exe
  2⤵
  PID:3640
- C:\Windows\System\Jrwfibv.exe
  C:\Windows\System\Jrwfibv.exe
  2⤵
  PID:3660
- C:\Windows\System\iHFUjkd.exe
  C:\Windows\System\iHFUjkd.exe
  2⤵
  PID:3680
- C:\Windows\System\RztrOhu.exe
  C:\Windows\System\RztrOhu.exe
  2⤵
  PID:3700
- C:\Windows\System\OvEicnr.exe
  C:\Windows\System\OvEicnr.exe
  2⤵
  PID:3720
- C:\Windows\System\JljYeOE.exe
  C:\Windows\System\JljYeOE.exe
  2⤵
  PID:3740
- C:\Windows\System\xndBoyx.exe
  C:\Windows\System\xndBoyx.exe
  2⤵
  PID:3760
- C:\Windows\System\tfwJWgZ.exe
  C:\Windows\System\tfwJWgZ.exe
  2⤵
  PID:3776
- C:\Windows\System\LPhcywM.exe
  C:\Windows\System\LPhcywM.exe
  2⤵
  PID:3800
- C:\Windows\System\bMMAhcg.exe
  C:\Windows\System\bMMAhcg.exe
  2⤵
  PID:3820
- C:\Windows\System\NQnuUbQ.exe
  C:\Windows\System\NQnuUbQ.exe
  2⤵
  PID:3840
- C:\Windows\System\rbUOgRk.exe
  C:\Windows\System\rbUOgRk.exe
  2⤵
  PID:3856
- C:\Windows\System\KcmFrRT.exe
  C:\Windows\System\KcmFrRT.exe
  2⤵
  PID:3872
- C:\Windows\System\vECYxoj.exe
  C:\Windows\System\vECYxoj.exe
  2⤵
  PID:3896
- C:\Windows\System\XSrMpQW.exe
  C:\Windows\System\XSrMpQW.exe
  2⤵
  PID:3916
- C:\Windows\System\MTpNqfA.exe
  C:\Windows\System\MTpNqfA.exe
  2⤵
  PID:3932
- C:\Windows\System\hdiozLf.exe
  C:\Windows\System\hdiozLf.exe
  2⤵
  PID:3952
- C:\Windows\System\rASXCKL.exe
  C:\Windows\System\rASXCKL.exe
  2⤵
  PID:3968
- C:\Windows\System\zIHpWjI.exe
  C:\Windows\System\zIHpWjI.exe
  2⤵
  PID:3988
- C:\Windows\System\HnlqPkZ.exe
  C:\Windows\System\HnlqPkZ.exe
  2⤵
  PID:4016
- C:\Windows\System\qSVNDmB.exe
  C:\Windows\System\qSVNDmB.exe
  2⤵
  PID:4032
- C:\Windows\System\koXrAUm.exe
  C:\Windows\System\koXrAUm.exe
  2⤵
  PID:4056
- C:\Windows\System\TfiTcLv.exe
  C:\Windows\System\TfiTcLv.exe
  2⤵
  PID:4072
- C:\Windows\System\nUwrSku.exe
  C:\Windows\System\nUwrSku.exe
  2⤵
  PID:4092
- C:\Windows\System\nssexLI.exe
  C:\Windows\System\nssexLI.exe
  2⤵
  PID:344
- C:\Windows\System\IrGxBgQ.exe
  C:\Windows\System\IrGxBgQ.exe
  2⤵
  PID:1632
- C:\Windows\System\FXRzEIv.exe
  C:\Windows\System\FXRzEIv.exe
  2⤵
  PID:3068
- C:\Windows\System\OdPnkvy.exe
  C:\Windows\System\OdPnkvy.exe
  2⤵
  PID:2292
- C:\Windows\System\YHgHSmo.exe
  C:\Windows\System\YHgHSmo.exe
  2⤵
  PID:108
- C:\Windows\System\ZjPHtUE.exe
  C:\Windows\System\ZjPHtUE.exe
  2⤵
  PID:3008
- C:\Windows\System\hAAkBRy.exe
  C:\Windows\System\hAAkBRy.exe
  2⤵
  PID:2164
- C:\Windows\System\UZTQdbb.exe
  C:\Windows\System\UZTQdbb.exe
  2⤵
  PID:2956
- C:\Windows\System\UlgYXLj.exe
  C:\Windows\System\UlgYXLj.exe
  2⤵
  PID:2960
- C:\Windows\System\ntOAUaC.exe
  C:\Windows\System\ntOAUaC.exe
  2⤵
  PID:3076
- C:\Windows\System\pOkRulc.exe
  C:\Windows\System\pOkRulc.exe
  2⤵
  PID:3108
- C:\Windows\System\pBbpUra.exe
  C:\Windows\System\pBbpUra.exe
  2⤵
  PID:3112
- C:\Windows\System\CCnyqOl.exe
  C:\Windows\System\CCnyqOl.exe
  2⤵
  PID:3136
- C:\Windows\System\WFWkMGh.exe
  C:\Windows\System\WFWkMGh.exe
  2⤵
  PID:3176
- C:\Windows\System\lEwAqgd.exe
  C:\Windows\System\lEwAqgd.exe
  2⤵
  PID:3208
- C:\Windows\System\VVINekX.exe
  C:\Windows\System\VVINekX.exe
  2⤵
  PID:3236
- C:\Windows\System\ENhOhJm.exe
  C:\Windows\System\ENhOhJm.exe
  2⤵
  PID:3268
- C:\Windows\System\RTDgLWf.exe
  C:\Windows\System\RTDgLWf.exe
  2⤵
  PID:3292
- C:\Windows\System\oiysWDu.exe
  C:\Windows\System\oiysWDu.exe
  2⤵
  PID:3332
- C:\Windows\System\hbyvqsK.exe
  C:\Windows\System\hbyvqsK.exe
  2⤵
  PID:3352
- C:\Windows\System\YWqUmqg.exe
  C:\Windows\System\YWqUmqg.exe
  2⤵
  PID:3396
- C:\Windows\System\PNTGxlF.exe
  C:\Windows\System\PNTGxlF.exe
  2⤵
  PID:3448
- C:\Windows\System\wTtpNJn.exe
  C:\Windows\System\wTtpNJn.exe
  2⤵
  PID:3476
- C:\Windows\System\bNOOdhh.exe
  C:\Windows\System\bNOOdhh.exe
  2⤵
  PID:3496
- C:\Windows\System\YAzPCUP.exe
  C:\Windows\System\YAzPCUP.exe
  2⤵
  PID:3548
- C:\Windows\System\vhvdPUV.exe
  C:\Windows\System\vhvdPUV.exe
  2⤵
  PID:3552
- C:\Windows\System\NrdoFLl.exe
  C:\Windows\System\NrdoFLl.exe
  2⤵
  PID:3596
- C:\Windows\System\Bnmmwoq.exe
  C:\Windows\System\Bnmmwoq.exe
  2⤵
  PID:3648
- C:\Windows\System\GXDAPvG.exe
  C:\Windows\System\GXDAPvG.exe
  2⤵
  PID:3676
- C:\Windows\System\nhKDtwm.exe
  C:\Windows\System\nhKDtwm.exe
  2⤵
  PID:3692
- C:\Windows\System\FnFTxUl.exe
  C:\Windows\System\FnFTxUl.exe
  2⤵
  PID:3752
- C:\Windows\System\jZjcvnS.exe
  C:\Windows\System\jZjcvnS.exe
  2⤵
  PID:3788
- C:\Windows\System\urlJjFG.exe
  C:\Windows\System\urlJjFG.exe
  2⤵
  PID:3832
- C:\Windows\System\LZIupCM.exe
  C:\Windows\System\LZIupCM.exe
  2⤵
  PID:340
- C:\Windows\System\mZykscC.exe
  C:\Windows\System\mZykscC.exe
  2⤵
  PID:3812
- C:\Windows\System\gGkkkVQ.exe
  C:\Windows\System\gGkkkVQ.exe
  2⤵
  PID:2796
- C:\Windows\System\onlpBgd.exe
  C:\Windows\System\onlpBgd.exe
  2⤵
  PID:4024
- C:\Windows\System\UnvjVIE.exe
  C:\Windows\System\UnvjVIE.exe
  2⤵
  PID:3852
- C:\Windows\System\EWuIFHK.exe
  C:\Windows\System\EWuIFHK.exe
  2⤵
  PID:3892
- C:\Windows\System\XTCgFao.exe
  C:\Windows\System\XTCgFao.exe
  2⤵
  PID:2996
- C:\Windows\System\nzaVkDf.exe
  C:\Windows\System\nzaVkDf.exe
  2⤵
  PID:2488
- C:\Windows\System\aJZXlgt.exe
  C:\Windows\System\aJZXlgt.exe
  2⤵
  PID:2016
- C:\Windows\System\HgznypF.exe
  C:\Windows\System\HgznypF.exe
  2⤵
  PID:3156
- C:\Windows\System\gzVNDBQ.exe
  C:\Windows\System\gzVNDBQ.exe
  2⤵
  PID:3256
- C:\Windows\System\ekDoeVH.exe
  C:\Windows\System\ekDoeVH.exe
  2⤵
  PID:3376
- C:\Windows\System\IPolWgb.exe
  C:\Windows\System\IPolWgb.exe
  2⤵
  PID:3516
- C:\Windows\System\OYLhrNX.exe
  C:\Windows\System\OYLhrNX.exe
  2⤵
  PID:3572
- C:\Windows\System\ZQgqHOc.exe
  C:\Windows\System\ZQgqHOc.exe
  2⤵
  PID:3712
- C:\Windows\System\uZalgaJ.exe
  C:\Windows\System\uZalgaJ.exe
  2⤵
  PID:2484
- C:\Windows\System\hthjufa.exe
  C:\Windows\System\hthjufa.exe
  2⤵
  PID:4064
- C:\Windows\System\wcVNygX.exe
  C:\Windows\System\wcVNygX.exe
  2⤵
  PID:4108
- C:\Windows\System\mxWhVTW.exe
  C:\Windows\System\mxWhVTW.exe
  2⤵
  PID:4124
- C:\Windows\System\tuzETNM.exe
  C:\Windows\System\tuzETNM.exe
  2⤵
  PID:4140
- C:\Windows\System\SBKKXJl.exe
  C:\Windows\System\SBKKXJl.exe
  2⤵
  PID:4188
- C:\Windows\System\LIhVKNv.exe
  C:\Windows\System\LIhVKNv.exe
  2⤵
  PID:4212
- C:\Windows\System\JfiEeEL.exe
  C:\Windows\System\JfiEeEL.exe
  2⤵
  PID:4228
- C:\Windows\System\uchePGe.exe
  C:\Windows\System\uchePGe.exe
  2⤵
  PID:4244
- C:\Windows\System\hqEmdTV.exe
  C:\Windows\System\hqEmdTV.exe
  2⤵
  PID:4268
- C:\Windows\System\sCFwjJe.exe
  C:\Windows\System\sCFwjJe.exe
  2⤵
  PID:4284
- C:\Windows\System\xNYKZir.exe
  C:\Windows\System\xNYKZir.exe
  2⤵
  PID:4300
- C:\Windows\System\OcDrfZw.exe
  C:\Windows\System\OcDrfZw.exe
  2⤵
  PID:4324
- C:\Windows\System\ONIumRY.exe
  C:\Windows\System\ONIumRY.exe
  2⤵
  PID:4340
- C:\Windows\System\dXyGbWl.exe
  C:\Windows\System\dXyGbWl.exe
  2⤵
  PID:4540
- C:\Windows\System\xSXQszy.exe
  C:\Windows\System\xSXQszy.exe
  2⤵
  PID:4560
- C:\Windows\System\HWtBWWL.exe
  C:\Windows\System\HWtBWWL.exe
  2⤵
  PID:4584
- C:\Windows\System\wNuXDFf.exe
  C:\Windows\System\wNuXDFf.exe
  2⤵
  PID:4604
- C:\Windows\System\aIJWNmp.exe
  C:\Windows\System\aIJWNmp.exe
  2⤵
  PID:4624
- C:\Windows\System\akmlFDk.exe
  C:\Windows\System\akmlFDk.exe
  2⤵
  PID:4640
- C:\Windows\System\BmHOUue.exe
  C:\Windows\System\BmHOUue.exe
  2⤵
  PID:4660
- C:\Windows\System\IQootlk.exe
  C:\Windows\System\IQootlk.exe
  2⤵
  PID:4680
- C:\Windows\System\DuYpuDE.exe
  C:\Windows\System\DuYpuDE.exe
  2⤵
  PID:4704
- C:\Windows\System\mcCSEXN.exe
  C:\Windows\System\mcCSEXN.exe
  2⤵
  PID:4720
- C:\Windows\System\ArDgWZs.exe
  C:\Windows\System\ArDgWZs.exe
  2⤵
  PID:4740
- C:\Windows\System\lYZcJkz.exe
  C:\Windows\System\lYZcJkz.exe
  2⤵
  PID:4764
- C:\Windows\System\wWhAQVX.exe
  C:\Windows\System\wWhAQVX.exe
  2⤵
  PID:4784
- C:\Windows\System\yzaUomT.exe
  C:\Windows\System\yzaUomT.exe
  2⤵
  PID:4804
- C:\Windows\System\jAvHtFo.exe
  C:\Windows\System\jAvHtFo.exe
  2⤵
  PID:4820
- C:\Windows\System\wjVvlcq.exe
  C:\Windows\System\wjVvlcq.exe
  2⤵
  PID:4840
- C:\Windows\System\zFrPfBt.exe
  C:\Windows\System\zFrPfBt.exe
  2⤵
  PID:4860
- C:\Windows\System\NZAvDRa.exe
  C:\Windows\System\NZAvDRa.exe
  2⤵
  PID:4880
- C:\Windows\System\aFAHaOq.exe
  C:\Windows\System\aFAHaOq.exe
  2⤵
  PID:4900
- C:\Windows\System\qzEUQhl.exe
  C:\Windows\System\qzEUQhl.exe
  2⤵
  PID:4924
- C:\Windows\System\cKdmtQm.exe
  C:\Windows\System\cKdmtQm.exe
  2⤵
  PID:4940
- C:\Windows\System\UtUoZza.exe
  C:\Windows\System\UtUoZza.exe
  2⤵
  PID:4956
- C:\Windows\System\xzqVvZi.exe
  C:\Windows\System\xzqVvZi.exe
  2⤵
  PID:4976
- C:\Windows\System\VAtBaVC.exe
  C:\Windows\System\VAtBaVC.exe
  2⤵
  PID:4992
- C:\Windows\System\jMqUeRA.exe
  C:\Windows\System\jMqUeRA.exe
  2⤵
  PID:5012
- C:\Windows\System\txIhXDi.exe
  C:\Windows\System\txIhXDi.exe
  2⤵
  PID:5032
- C:\Windows\System\hrkAoMU.exe
  C:\Windows\System\hrkAoMU.exe
  2⤵
  PID:5048
- C:\Windows\System\LjvDNri.exe
  C:\Windows\System\LjvDNri.exe
  2⤵
  PID:5064
- C:\Windows\System\QaqfRcT.exe
  C:\Windows\System\QaqfRcT.exe
  2⤵
  PID:5084
- C:\Windows\System\NrrKVVg.exe
  C:\Windows\System\NrrKVVg.exe
  2⤵
  PID:5104
- C:\Windows\System\nZHykIP.exe
  C:\Windows\System\nZHykIP.exe
  2⤵
  PID:2260
- C:\Windows\System\VKfloSZ.exe
  C:\Windows\System\VKfloSZ.exe
  2⤵
  PID:3928
- C:\Windows\System\oUmNexO.exe
  C:\Windows\System\oUmNexO.exe
  2⤵
  PID:4004
- C:\Windows\System\xmxSSCq.exe
  C:\Windows\System\xmxSSCq.exe
  2⤵
  PID:3912
- C:\Windows\System\vnMwrSN.exe
  C:\Windows\System\vnMwrSN.exe
  2⤵
  PID:4200
- C:\Windows\System\imMZXao.exe
  C:\Windows\System\imMZXao.exe
  2⤵
  PID:4048
- C:\Windows\System\LiqiCWC.exe
  C:\Windows\System\LiqiCWC.exe
  2⤵
  PID:1804
- C:\Windows\System\QufJuVn.exe
  C:\Windows\System\QufJuVn.exe
  2⤵
  PID:2608
- C:\Windows\System\QMESjgQ.exe
  C:\Windows\System\QMESjgQ.exe
  2⤵
  PID:3436
- C:\Windows\System\ZmeFkwQ.exe
  C:\Windows\System\ZmeFkwQ.exe
  2⤵
  PID:3612
- C:\Windows\System\ZLmOytt.exe
  C:\Windows\System\ZLmOytt.exe
  2⤵
  PID:3784
- C:\Windows\System\OXLpyAO.exe
  C:\Windows\System\OXLpyAO.exe
  2⤵
  PID:3880
- C:\Windows\System\XoucMOy.exe
  C:\Windows\System\XoucMOy.exe
  2⤵
  PID:2768
- C:\Windows\System\pSVyAQI.exe
  C:\Windows\System\pSVyAQI.exe
  2⤵
  PID:3456
- C:\Windows\System\gmefjkv.exe
  C:\Windows\System\gmefjkv.exe
  2⤵
  PID:3980
- C:\Windows\System\MXismSA.exe
  C:\Windows\System\MXismSA.exe
  2⤵
  PID:4148
- C:\Windows\System\tKINERw.exe
  C:\Windows\System\tKINERw.exe
  2⤵
  PID:3536
- C:\Windows\System\XlnXVnq.exe
  C:\Windows\System\XlnXVnq.exe
  2⤵
  PID:3328
- C:\Windows\System\AygProi.exe
  C:\Windows\System\AygProi.exe
  2⤵
  PID:3152
- C:\Windows\System\gnURZnj.exe
  C:\Windows\System\gnURZnj.exe
  2⤵
  PID:4236
- C:\Windows\System\GXzSsKE.exe
  C:\Windows\System\GXzSsKE.exe
  2⤵
  PID:4280
- C:\Windows\System\NAtkzup.exe
  C:\Windows\System\NAtkzup.exe
  2⤵
  PID:4260
- C:\Windows\System\bQchGBd.exe
  C:\Windows\System\bQchGBd.exe
  2⤵
  PID:4348
- C:\Windows\System\JnUgRKv.exe
  C:\Windows\System\JnUgRKv.exe
  2⤵
  PID:4296
- C:\Windows\System\NqWKcIn.exe
  C:\Windows\System\NqWKcIn.exe
  2⤵
  PID:4380
- C:\Windows\System\WiMJrUF.exe
  C:\Windows\System\WiMJrUF.exe
  2⤵
  PID:4400
- C:\Windows\System\BMJFKRt.exe
  C:\Windows\System\BMJFKRt.exe
  2⤵
  PID:4420
- C:\Windows\System\MgyVxES.exe
  C:\Windows\System\MgyVxES.exe
  2⤵
  PID:4436
- C:\Windows\System\LeiFHGs.exe
  C:\Windows\System\LeiFHGs.exe
  2⤵
  PID:4456
- C:\Windows\System\OBuYJXV.exe
  C:\Windows\System\OBuYJXV.exe
  2⤵
  PID:4476
- C:\Windows\System\tvZWyQQ.exe
  C:\Windows\System\tvZWyQQ.exe
  2⤵
  PID:4492
- C:\Windows\System\afryASo.exe
  C:\Windows\System\afryASo.exe
  2⤵
  PID:4520
- C:\Windows\System\UjZkXwv.exe
  C:\Windows\System\UjZkXwv.exe
  2⤵
  PID:4568
- C:\Windows\System\wyzKWTp.exe
  C:\Windows\System\wyzKWTp.exe
  2⤵
  PID:4620
- C:\Windows\System\tFUvLpI.exe
  C:\Windows\System\tFUvLpI.exe
  2⤵
  PID:4616
- C:\Windows\System\GFBXHdb.exe
  C:\Windows\System\GFBXHdb.exe
  2⤵
  PID:4688
- C:\Windows\System\ngXWRyt.exe
  C:\Windows\System\ngXWRyt.exe
  2⤵
  PID:4696
- C:\Windows\System\DwZMhRo.exe
  C:\Windows\System\DwZMhRo.exe
  2⤵
  PID:4780
- C:\Windows\System\utRCodD.exe
  C:\Windows\System\utRCodD.exe
  2⤵
  PID:4636
- C:\Windows\System\ujJcJgR.exe
  C:\Windows\System\ujJcJgR.exe
  2⤵
  PID:4712
- C:\Windows\System\oOaAyGy.exe
  C:\Windows\System\oOaAyGy.exe
  2⤵
  PID:4856
- C:\Windows\System\wNhSLkM.exe
  C:\Windows\System\wNhSLkM.exe
  2⤵
  PID:4760
- C:\Windows\System\UCjkQkn.exe
  C:\Windows\System\UCjkQkn.exe
  2⤵
  PID:4932
- C:\Windows\System\XREGkbZ.exe
  C:\Windows\System\XREGkbZ.exe
  2⤵
  PID:4796
- C:\Windows\System\QQPNKRU.exe
  C:\Windows\System\QQPNKRU.exe
  2⤵
  PID:4836
- C:\Windows\System\eBimvzF.exe
  C:\Windows\System\eBimvzF.exe
  2⤵
  PID:5072
- C:\Windows\System\kxTosDN.exe
  C:\Windows\System\kxTosDN.exe
  2⤵
  PID:2532
- C:\Windows\System\EpOPiSz.exe
  C:\Windows\System\EpOPiSz.exe
  2⤵
  PID:2740
- C:\Windows\System\XGWDBgD.exe
  C:\Windows\System\XGWDBgD.exe
  2⤵
  PID:5028
- C:\Windows\System\vdEYBQT.exe
  C:\Windows\System\vdEYBQT.exe
  2⤵
  PID:5060
- C:\Windows\System\uMaBxmP.exe
  C:\Windows\System\uMaBxmP.exe
  2⤵
  PID:4984
- C:\Windows\System\CHfshzr.exe
  C:\Windows\System\CHfshzr.exe
  2⤵
  PID:4104
- C:\Windows\System\sBsAaVK.exe
  C:\Windows\System\sBsAaVK.exe
  2⤵
  PID:2980
- C:\Windows\System\BAgLRIx.exe
  C:\Windows\System\BAgLRIx.exe
  2⤵
  PID:3632
- C:\Windows\System\TWosmPO.exe
  C:\Windows\System\TWosmPO.exe
  2⤵
  PID:4012
- C:\Windows\System\LLTxtgF.exe
  C:\Windows\System\LLTxtgF.exe
  2⤵
  PID:1508
- C:\Windows\System\ZmGNkMN.exe
  C:\Windows\System\ZmGNkMN.exe
  2⤵
  PID:3592
- C:\Windows\System\uTBMlqa.exe
  C:\Windows\System\uTBMlqa.exe
  2⤵
  PID:3272
- C:\Windows\System\sXSJqGu.exe
  C:\Windows\System\sXSJqGu.exe
  2⤵
  PID:4252
- C:\Windows\System\RcCGguc.exe
  C:\Windows\System\RcCGguc.exe
  2⤵
  PID:4336
- C:\Windows\System\Slhxodk.exe
  C:\Windows\System\Slhxodk.exe
  2⤵
  PID:4408
- C:\Windows\System\xsLoeBc.exe
  C:\Windows\System\xsLoeBc.exe
  2⤵
  PID:3392
- C:\Windows\System\gVRaXmc.exe
  C:\Windows\System\gVRaXmc.exe
  2⤵
  PID:4116
- C:\Windows\System\tjFqjHZ.exe
  C:\Windows\System\tjFqjHZ.exe
  2⤵
  PID:3616
- C:\Windows\System\qNWrGQZ.exe
  C:\Windows\System\qNWrGQZ.exe
  2⤵
  PID:4180
- C:\Windows\System\vuGLdlf.exe
  C:\Windows\System\vuGLdlf.exe
  2⤵
  PID:4448
- C:\Windows\System\RmqSQxI.exe
  C:\Windows\System\RmqSQxI.exe
  2⤵
  PID:4536
- C:\Windows\System\tInDEMU.exe
  C:\Windows\System\tInDEMU.exe
  2⤵
  PID:4596
- C:\Windows\System\dzRVlpL.exe
  C:\Windows\System\dzRVlpL.exe
  2⤵
  PID:4392
- C:\Windows\System\fATHlKJ.exe
  C:\Windows\System\fATHlKJ.exe
  2⤵
  PID:4468
- C:\Windows\System\rnHUPCh.exe
  C:\Windows\System\rnHUPCh.exe
  2⤵
  PID:4504
- C:\Windows\System\QgUbqru.exe
  C:\Windows\System\QgUbqru.exe
  2⤵
  PID:4512
- C:\Windows\System\uoOBZME.exe
  C:\Windows\System\uoOBZME.exe
  2⤵
  PID:4892
- C:\Windows\System\bVSzyef.exe
  C:\Windows\System\bVSzyef.exe
  2⤵
  PID:4832
- C:\Windows\System\Zqlbrag.exe
  C:\Windows\System\Zqlbrag.exe
  2⤵
  PID:4792
- C:\Windows\System\YBylYyU.exe
  C:\Windows\System\YBylYyU.exe
  2⤵
  PID:4732
- C:\Windows\System\jpSjRiE.exe
  C:\Windows\System\jpSjRiE.exe
  2⤵
  PID:5080
- C:\Windows\System\nUIkssV.exe
  C:\Windows\System\nUIkssV.exe
  2⤵
  PID:5112
- C:\Windows\System\CTTnWZF.exe
  C:\Windows\System\CTTnWZF.exe
  2⤵
  PID:4912
- C:\Windows\System\vSocfNg.exe
  C:\Windows\System\vSocfNg.exe
  2⤵
  PID:4948
- C:\Windows\System\ONFMRia.exe
  C:\Windows\System\ONFMRia.exe
  2⤵
  PID:4136
- C:\Windows\System\qbfWlEA.exe
  C:\Windows\System\qbfWlEA.exe
  2⤵
  PID:3960
- C:\Windows\System\BOQBOnO.exe
  C:\Windows\System\BOQBOnO.exe
  2⤵
  PID:2812
- C:\Windows\System\JUjPvsA.exe
  C:\Windows\System\JUjPvsA.exe
  2⤵
  PID:4052
- C:\Windows\System\uBeDvQf.exe
  C:\Windows\System\uBeDvQf.exe
  2⤵
  PID:4224
- C:\Windows\System\vwxssVR.exe
  C:\Windows\System\vwxssVR.exe
  2⤵
  PID:4372
- C:\Windows\System\ioNmUZK.exe
  C:\Windows\System\ioNmUZK.exe
  2⤵
  PID:3408
- C:\Windows\System\AxMnKUo.exe
  C:\Windows\System\AxMnKUo.exe
  2⤵
  PID:3248
- C:\Windows\System\sENzlee.exe
  C:\Windows\System\sENzlee.exe
  2⤵
  PID:4172
- C:\Windows\System\ZrSJBwx.exe
  C:\Windows\System\ZrSJBwx.exe
  2⤵
  PID:5140
- C:\Windows\System\tlRLSmI.exe
  C:\Windows\System\tlRLSmI.exe
  2⤵
  PID:5160
- C:\Windows\System\NvVadYz.exe
  C:\Windows\System\NvVadYz.exe
  2⤵
  PID:5180
- C:\Windows\System\pEUkwwC.exe
  C:\Windows\System\pEUkwwC.exe
  2⤵
  PID:5200
- C:\Windows\System\JTGwoTd.exe
  C:\Windows\System\JTGwoTd.exe
  2⤵
  PID:5220
- C:\Windows\System\zMKuQVU.exe
  C:\Windows\System\zMKuQVU.exe
  2⤵
  PID:5240
- C:\Windows\System\kEQjGjR.exe
  C:\Windows\System\kEQjGjR.exe
  2⤵
  PID:5260
- C:\Windows\System\gIJIWur.exe
  C:\Windows\System\gIJIWur.exe
  2⤵
  PID:5280
- C:\Windows\System\OmGHkYt.exe
  C:\Windows\System\OmGHkYt.exe
  2⤵
  PID:5300
- C:\Windows\System\bsuvCDh.exe
  C:\Windows\System\bsuvCDh.exe
  2⤵
  PID:5320
- C:\Windows\System\KGfVmLZ.exe
  C:\Windows\System\KGfVmLZ.exe
  2⤵
  PID:5340
- C:\Windows\System\jxGSqMz.exe
  C:\Windows\System\jxGSqMz.exe
  2⤵
  PID:5360
- C:\Windows\System\QhcHXAJ.exe
  C:\Windows\System\QhcHXAJ.exe
  2⤵
  PID:5380
- C:\Windows\System\KKzjams.exe
  C:\Windows\System\KKzjams.exe
  2⤵
  PID:5400
- C:\Windows\System\uhqgOPd.exe
  C:\Windows\System\uhqgOPd.exe
  2⤵
  PID:5420
- C:\Windows\System\yMPZERX.exe
  C:\Windows\System\yMPZERX.exe
  2⤵
  PID:5440
- C:\Windows\System\LCExwFy.exe
  C:\Windows\System\LCExwFy.exe
  2⤵
  PID:5460
- C:\Windows\System\eoqaBdk.exe
  C:\Windows\System\eoqaBdk.exe
  2⤵
  PID:5484
- C:\Windows\System\dnRlDXn.exe
  C:\Windows\System\dnRlDXn.exe
  2⤵
  PID:5504
- C:\Windows\System\YIUjJqY.exe
  C:\Windows\System\YIUjJqY.exe
  2⤵
  PID:5524
- C:\Windows\System\UgvDAAA.exe
  C:\Windows\System\UgvDAAA.exe
  2⤵
  PID:5544
- C:\Windows\System\bMiQGyX.exe
  C:\Windows\System\bMiQGyX.exe
  2⤵
  PID:5564
- C:\Windows\System\ymefiHL.exe
  C:\Windows\System\ymefiHL.exe
  2⤵
  PID:5584
- C:\Windows\System\tPFOtiw.exe
  C:\Windows\System\tPFOtiw.exe
  2⤵
  PID:5604
- C:\Windows\System\KKotTen.exe
  C:\Windows\System\KKotTen.exe
  2⤵
  PID:5624
- C:\Windows\System\YlDqjOZ.exe
  C:\Windows\System\YlDqjOZ.exe
  2⤵
  PID:5644
- C:\Windows\System\aamXHgA.exe
  C:\Windows\System\aamXHgA.exe
  2⤵
  PID:5664
- C:\Windows\System\OtZeoxU.exe
  C:\Windows\System\OtZeoxU.exe
  2⤵
  PID:5684
- C:\Windows\System\GbjQDqm.exe
  C:\Windows\System\GbjQDqm.exe
  2⤵
  PID:5704
- C:\Windows\System\KSNbxbg.exe
  C:\Windows\System\KSNbxbg.exe
  2⤵
  PID:5724
- C:\Windows\System\yULvoCT.exe
  C:\Windows\System\yULvoCT.exe
  2⤵
  PID:5744
- C:\Windows\System\rLkfteK.exe
  C:\Windows\System\rLkfteK.exe
  2⤵
  PID:5764
- C:\Windows\System\PCegGlt.exe
  C:\Windows\System\PCegGlt.exe
  2⤵
  PID:5784
- C:\Windows\System\vzSYLOS.exe
  C:\Windows\System\vzSYLOS.exe
  2⤵
  PID:5804
- C:\Windows\System\PjjFavs.exe
  C:\Windows\System\PjjFavs.exe
  2⤵
  PID:5820
- C:\Windows\System\jyAHCET.exe
  C:\Windows\System\jyAHCET.exe
  2⤵
  PID:5840
- C:\Windows\System\liVUkiI.exe
  C:\Windows\System\liVUkiI.exe
  2⤵
  PID:5860
- C:\Windows\System\fQYBoiI.exe
  C:\Windows\System\fQYBoiI.exe
  2⤵
  PID:5876
- C:\Windows\System\waQXAgx.exe
  C:\Windows\System\waQXAgx.exe
  2⤵
  PID:5900
- C:\Windows\System\IrkuAIU.exe
  C:\Windows\System\IrkuAIU.exe
  2⤵
  PID:5920
- C:\Windows\System\himmtmp.exe
  C:\Windows\System\himmtmp.exe
  2⤵
  PID:5940
- C:\Windows\System\cChhSRn.exe
  C:\Windows\System\cChhSRn.exe
  2⤵
  PID:5956
- C:\Windows\System\YcQKLSb.exe
  C:\Windows\System\YcQKLSb.exe
  2⤵
  PID:5980
- C:\Windows\System\buCCdKQ.exe
  C:\Windows\System\buCCdKQ.exe
  2⤵
  PID:6004
- C:\Windows\System\HLRsTRo.exe
  C:\Windows\System\HLRsTRo.exe
  2⤵
  PID:6024
- C:\Windows\System\jvpLREL.exe
  C:\Windows\System\jvpLREL.exe
  2⤵
  PID:6044
- C:\Windows\System\UjlBozc.exe
  C:\Windows\System\UjlBozc.exe
  2⤵
  PID:6064
- C:\Windows\System\TUfHrvS.exe
  C:\Windows\System\TUfHrvS.exe
  2⤵
  PID:6084
- C:\Windows\System\UzDyGhF.exe
  C:\Windows\System\UzDyGhF.exe
  2⤵
  PID:6104
- C:\Windows\System\jHPKBrl.exe
  C:\Windows\System\jHPKBrl.exe
  2⤵
  PID:6128
- C:\Windows\System\ngFfuvs.exe
  C:\Windows\System\ngFfuvs.exe
  2⤵
  PID:4360
- C:\Windows\System\biwfVgA.exe
  C:\Windows\System\biwfVgA.exe
  2⤵
  PID:4396
- C:\Windows\System\bLuAfkK.exe
  C:\Windows\System\bLuAfkK.exe
  2⤵
  PID:4552
- C:\Windows\System\DvUMjri.exe
  C:\Windows\System\DvUMjri.exe
  2⤵
  PID:4464
- C:\Windows\System\nZgtnNj.exe
  C:\Windows\System\nZgtnNj.exe
  2⤵
  PID:4848
- C:\Windows\System\cXdyPyR.exe
  C:\Windows\System\cXdyPyR.exe
  2⤵
  PID:4656
- C:\Windows\System\JMgFomy.exe
  C:\Windows\System\JMgFomy.exe
  2⤵
  PID:4868
- C:\Windows\System\bjbtqtQ.exe
  C:\Windows\System\bjbtqtQ.exe
  2⤵
  PID:4676
- C:\Windows\System\vatwFZK.exe
  C:\Windows\System\vatwFZK.exe
  2⤵
  PID:5008
- C:\Windows\System\CCGNsXB.exe
  C:\Windows\System\CCGNsXB.exe
  2⤵
  PID:4916
- C:\Windows\System\biQaFjL.exe
  C:\Windows\System\biQaFjL.exe
  2⤵
  PID:3888
- C:\Windows\System\GYangOe.exe
  C:\Windows\System\GYangOe.exe
  2⤵
  PID:3948
- C:\Windows\System\bCwfWzj.exe
  C:\Windows\System\bCwfWzj.exe
  2⤵
  PID:4240
- C:\Windows\System\BbXPaJj.exe
  C:\Windows\System\BbXPaJj.exe
  2⤵
  PID:4416
- C:\Windows\System\wLtlZqk.exe
  C:\Windows\System\wLtlZqk.exe
  2⤵
  PID:4176
- C:\Windows\System\HgMoHNo.exe
  C:\Windows\System\HgMoHNo.exe
  2⤵
  PID:5148
- C:\Windows\System\IUsJUDd.exe
  C:\Windows\System\IUsJUDd.exe
  2⤵
  PID:5176
- C:\Windows\System\utPATki.exe
  C:\Windows\System\utPATki.exe
  2⤵
  PID:5192
- C:\Windows\System\LeuvUfz.exe
  C:\Windows\System\LeuvUfz.exe
  2⤵
  PID:5268
- C:\Windows\System\sNTSAUo.exe
  C:\Windows\System\sNTSAUo.exe
  2⤵
  PID:5252
- C:\Windows\System\aVFICKF.exe
  C:\Windows\System\aVFICKF.exe
  2⤵
  PID:5316
- C:\Windows\System\mftPSoV.exe
  C:\Windows\System\mftPSoV.exe
  2⤵
  PID:5356
- C:\Windows\System\MGCxQVw.exe
  C:\Windows\System\MGCxQVw.exe
  2⤵
  PID:5368
- C:\Windows\System\IdXmeBa.exe
  C:\Windows\System\IdXmeBa.exe
  2⤵
  PID:5408
- C:\Windows\System\nhAyttl.exe
  C:\Windows\System\nhAyttl.exe
  2⤵
  PID:5476
- C:\Windows\System\nqqsuEz.exe
  C:\Windows\System\nqqsuEz.exe
  2⤵
  PID:5456
- C:\Windows\System\Cvxlpwc.exe
  C:\Windows\System\Cvxlpwc.exe
  2⤵
  PID:5552
- C:\Windows\System\GipMVUA.exe
  C:\Windows\System\GipMVUA.exe
  2⤵
  PID:5532
- C:\Windows\System\egQZNLt.exe
  C:\Windows\System\egQZNLt.exe
  2⤵
  PID:5572
- C:\Windows\System\dYIAStV.exe
  C:\Windows\System\dYIAStV.exe
  2⤵
  PID:5636
- C:\Windows\System\OCQUTrc.exe
  C:\Windows\System\OCQUTrc.exe
  2⤵
  PID:5676
- C:\Windows\System\fjYTvSR.exe
  C:\Windows\System\fjYTvSR.exe
  2⤵
  PID:5616
- C:\Windows\System\ePxjjXl.exe
  C:\Windows\System\ePxjjXl.exe
  2⤵
  PID:5656
- C:\Windows\System\YFjNCxq.exe
  C:\Windows\System\YFjNCxq.exe
  2⤵
  PID:5736
- C:\Windows\System\tUOHaKI.exe
  C:\Windows\System\tUOHaKI.exe
  2⤵
  PID:3228
- C:\Windows\System\DyaRCjP.exe
  C:\Windows\System\DyaRCjP.exe
  2⤵
  PID:5836
- C:\Windows\System\wDwEtnd.exe
  C:\Windows\System\wDwEtnd.exe
  2⤵
  PID:5812
- C:\Windows\System\FdKDogS.exe
  C:\Windows\System\FdKDogS.exe
  2⤵
  PID:5852
- C:\Windows\System\arWuOJh.exe
  C:\Windows\System\arWuOJh.exe
  2⤵
  PID:5892
- C:\Windows\System\XPoJpuh.exe
  C:\Windows\System\XPoJpuh.exe
  2⤵
  PID:5988
- C:\Windows\System\svvCxwT.exe
  C:\Windows\System\svvCxwT.exe
  2⤵
  PID:5992
- C:\Windows\System\YEjVIvV.exe
  C:\Windows\System\YEjVIvV.exe
  2⤵
  PID:6032
- C:\Windows\System\RYeDIsU.exe
  C:\Windows\System\RYeDIsU.exe
  2⤵
  PID:6016
- C:\Windows\System\FdjueNa.exe
  C:\Windows\System\FdjueNa.exe
  2⤵
  PID:6060
- C:\Windows\System\FJwppKo.exe
  C:\Windows\System\FJwppKo.exe
  2⤵
  PID:6092
- C:\Windows\System\itefOBP.exe
  C:\Windows\System\itefOBP.exe
  2⤵
  PID:4256
- C:\Windows\System\cAosdKw.exe
  C:\Windows\System\cAosdKw.exe
  2⤵
  PID:4312
- C:\Windows\System\IkMantf.exe
  C:\Windows\System\IkMantf.exe
  2⤵
  PID:4672
- C:\Windows\System\jpPEcRQ.exe
  C:\Windows\System\jpPEcRQ.exe
  2⤵
  PID:4736
- C:\Windows\System\dATpWUZ.exe
  C:\Windows\System\dATpWUZ.exe
  2⤵
  PID:2872
- C:\Windows\System\XeSeJcU.exe
  C:\Windows\System\XeSeJcU.exe
  2⤵
  PID:3996
- C:\Windows\System\LuYOnXc.exe
  C:\Windows\System\LuYOnXc.exe
  2⤵
  PID:4320
- C:\Windows\System\cJgJLlg.exe
  C:\Windows\System\cJgJLlg.exe
  2⤵
  PID:5136
- C:\Windows\System\DjVAmkk.exe
  C:\Windows\System\DjVAmkk.exe
  2⤵
  PID:4084
- C:\Windows\System\feDGWxZ.exe
  C:\Windows\System\feDGWxZ.exe
  2⤵
  PID:5256
- C:\Windows\System\tEQjAtf.exe
  C:\Windows\System\tEQjAtf.exe
  2⤵
  PID:5412
- C:\Windows\System\gRpwiwr.exe
  C:\Windows\System\gRpwiwr.exe
  2⤵
  PID:3944
- C:\Windows\System\ChlUHRY.exe
  C:\Windows\System\ChlUHRY.exe
  2⤵
  PID:5216
- C:\Windows\System\NACXWUH.exe
  C:\Windows\System\NACXWUH.exe
  2⤵
  PID:5716
- C:\Windows\System\YvQfOzF.exe
  C:\Windows\System\YvQfOzF.exe
  2⤵
  PID:5760
- C:\Windows\System\gpszBYV.exe
  C:\Windows\System\gpszBYV.exe
  2⤵
  PID:5292
- C:\Windows\System\BfjHdqM.exe
  C:\Windows\System\BfjHdqM.exe
  2⤵
  PID:5332
- C:\Windows\System\dJRefeS.exe
  C:\Windows\System\dJRefeS.exe
  2⤵
  PID:2496
- C:\Windows\System\vJcATnT.exe
  C:\Windows\System\vJcATnT.exe
  2⤵
  PID:5520
- C:\Windows\System\ZxzYnFh.exe
  C:\Windows\System\ZxzYnFh.exe
  2⤵
  PID:5600
- C:\Windows\System\wWvYrIU.exe
  C:\Windows\System\wWvYrIU.exe
  2⤵
  PID:5968
- C:\Windows\System\ocXDHTJ.exe
  C:\Windows\System\ocXDHTJ.exe
  2⤵
  PID:5652
- C:\Windows\System\dsfdibm.exe
  C:\Windows\System\dsfdibm.exe
  2⤵
  PID:5800
- C:\Windows\System\PUMOMbN.exe
  C:\Windows\System\PUMOMbN.exe
  2⤵
  PID:2416
- C:\Windows\System\VhMiNVO.exe
  C:\Windows\System\VhMiNVO.exe
  2⤵
  PID:5872
- C:\Windows\System\AIalpSW.exe
  C:\Windows\System\AIalpSW.exe
  2⤵
  PID:5932
- C:\Windows\System\IKezmDK.exe
  C:\Windows\System\IKezmDK.exe
  2⤵
  PID:6036
- C:\Windows\System\sGKYHeG.exe
  C:\Windows\System\sGKYHeG.exe
  2⤵
  PID:5116
- C:\Windows\System\eXfAnAq.exe
  C:\Windows\System\eXfAnAq.exe
  2⤵
  PID:6116
- C:\Windows\System\ZexLbpx.exe
  C:\Windows\System\ZexLbpx.exe
  2⤵
  PID:4432
- C:\Windows\System\VTJwyZd.exe
  C:\Windows\System\VTJwyZd.exe
  2⤵
  PID:5196
- C:\Windows\System\SLCUQLa.exe
  C:\Windows\System\SLCUQLa.exe
  2⤵
  PID:5348
- C:\Windows\System\EksNAal.exe
  C:\Windows\System\EksNAal.exe
  2⤵
  PID:4652
- C:\Windows\System\IPWCzJO.exe
  C:\Windows\System\IPWCzJO.exe
  2⤵
  PID:5168
- C:\Windows\System\XYCEkpa.exe
  C:\Windows\System\XYCEkpa.exe
  2⤵
  PID:5496
- C:\Windows\System\lalasvM.exe
  C:\Windows\System\lalasvM.exe
  2⤵
  PID:5640
- C:\Windows\System\DGYBYta.exe
  C:\Windows\System\DGYBYta.exe
  2⤵
  PID:5492
- C:\Windows\System\qGFRoae.exe
  C:\Windows\System\qGFRoae.exe
  2⤵
  PID:5396
- C:\Windows\System\aNuKhMX.exe
  C:\Windows\System\aNuKhMX.exe
  2⤵
  PID:5948
- C:\Windows\System\stIagas.exe
  C:\Windows\System\stIagas.exe
  2⤵
  PID:5540
- C:\Windows\System\vXMoKhI.exe
  C:\Windows\System\vXMoKhI.exe
  2⤵
  PID:5976
- C:\Windows\System\PesDKFy.exe
  C:\Windows\System\PesDKFy.exe
  2⤵
  PID:5868
- C:\Windows\System\uTLDCXp.exe
  C:\Windows\System\uTLDCXp.exe
  2⤵
  PID:5928
- C:\Windows\System\SxLFsGt.exe
  C:\Windows\System\SxLFsGt.exe
  2⤵
  PID:6124
- C:\Windows\System\vrvGbhX.exe
  C:\Windows\System\vrvGbhX.exe
  2⤵
  PID:4500
- C:\Windows\System\XrKewTo.exe
  C:\Windows\System\XrKewTo.exe
  2⤵
  PID:5100
- C:\Windows\System\belGbhf.exe
  C:\Windows\System\belGbhf.exe
  2⤵
  PID:5152
- C:\Windows\System\uVXCXxj.exe
  C:\Windows\System\uVXCXxj.exe
  2⤵
  PID:6160
- C:\Windows\System\aBMiADo.exe
  C:\Windows\System\aBMiADo.exe
  2⤵
  PID:6180
- C:\Windows\System\eOpMMPp.exe
  C:\Windows\System\eOpMMPp.exe
  2⤵
  PID:6196
- C:\Windows\System\CEsuhuQ.exe
  C:\Windows\System\CEsuhuQ.exe
  2⤵
  PID:6220
- C:\Windows\System\JdVfHCc.exe
  C:\Windows\System\JdVfHCc.exe
  2⤵
  PID:6240
- C:\Windows\System\RVuElmz.exe
  C:\Windows\System\RVuElmz.exe
  2⤵
  PID:6264
- C:\Windows\System\ECtRkjB.exe
  C:\Windows\System\ECtRkjB.exe
  2⤵
  PID:6280
- C:\Windows\System\LMPbkKD.exe
  C:\Windows\System\LMPbkKD.exe
  2⤵
  PID:6300
- C:\Windows\System\Wvzxhsj.exe
  C:\Windows\System\Wvzxhsj.exe
  2⤵
  PID:6320
- C:\Windows\System\SMbncGZ.exe
  C:\Windows\System\SMbncGZ.exe
  2⤵
  PID:6336
- C:\Windows\System\RcttcuD.exe
  C:\Windows\System\RcttcuD.exe
  2⤵
  PID:6356
- C:\Windows\System\JLcPvia.exe
  C:\Windows\System\JLcPvia.exe
  2⤵
  PID:6376
- C:\Windows\System\sicazhP.exe
  C:\Windows\System\sicazhP.exe
  2⤵
  PID:6396
- C:\Windows\System\WeHEaXa.exe
  C:\Windows\System\WeHEaXa.exe
  2⤵
  PID:6416
- C:\Windows\System\jjPaGuL.exe
  C:\Windows\System\jjPaGuL.exe
  2⤵
  PID:6436
- C:\Windows\System\RgWWltz.exe
  C:\Windows\System\RgWWltz.exe
  2⤵
  PID:6452
- C:\Windows\System\cGfwYTg.exe
  C:\Windows\System\cGfwYTg.exe
  2⤵
  PID:6476
- C:\Windows\System\osnfjSt.exe
  C:\Windows\System\osnfjSt.exe
  2⤵
  PID:6496
- C:\Windows\System\CKTdXwJ.exe
  C:\Windows\System\CKTdXwJ.exe
  2⤵
  PID:6516
- C:\Windows\System\sgaPYch.exe
  C:\Windows\System\sgaPYch.exe
  2⤵
  PID:6536
- C:\Windows\System\ikWNthO.exe
  C:\Windows\System\ikWNthO.exe
  2⤵
  PID:6556
- C:\Windows\System\uBosxyu.exe
  C:\Windows\System\uBosxyu.exe
  2⤵
  PID:6572
- C:\Windows\System\HnnrHFK.exe
  C:\Windows\System\HnnrHFK.exe
  2⤵
  PID:6600
- C:\Windows\System\LgSHQqi.exe
  C:\Windows\System\LgSHQqi.exe
  2⤵
  PID:6620
- C:\Windows\System\sXlkIRb.exe
  C:\Windows\System\sXlkIRb.exe
  2⤵
  PID:6636
- C:\Windows\System\xgRoYgx.exe
  C:\Windows\System\xgRoYgx.exe
  2⤵
  PID:6656
- C:\Windows\System\CChftZN.exe
  C:\Windows\System\CChftZN.exe
  2⤵
  PID:6676
- C:\Windows\System\JvCHGJI.exe
  C:\Windows\System\JvCHGJI.exe
  2⤵
  PID:6692
- C:\Windows\System\yYQoVpk.exe
  C:\Windows\System\yYQoVpk.exe
  2⤵
  PID:6716
- C:\Windows\System\YkEiclc.exe
  C:\Windows\System\YkEiclc.exe
  2⤵
  PID:6732
- C:\Windows\System\dDiNQLf.exe
  C:\Windows\System\dDiNQLf.exe
  2⤵
  PID:6760
- C:\Windows\System\InBjhAy.exe
  C:\Windows\System\InBjhAy.exe
  2⤵
  PID:6776
- C:\Windows\System\MiTnDzN.exe
  C:\Windows\System\MiTnDzN.exe
  2⤵
  PID:6800
- C:\Windows\System\VTrWgBE.exe
  C:\Windows\System\VTrWgBE.exe
  2⤵
  PID:6816
- C:\Windows\System\rPBKvtj.exe
  C:\Windows\System\rPBKvtj.exe
  2⤵
  PID:6836
- C:\Windows\System\UMcFwvW.exe
  C:\Windows\System\UMcFwvW.exe
  2⤵
  PID:6856
- C:\Windows\System\JTQjBuv.exe
  C:\Windows\System\JTQjBuv.exe
  2⤵
  PID:6876
- C:\Windows\System\wqrxzWz.exe
  C:\Windows\System\wqrxzWz.exe
  2⤵
  PID:6892
- C:\Windows\System\cDsBbeR.exe
  C:\Windows\System\cDsBbeR.exe
  2⤵
  PID:6916
- C:\Windows\System\jczHwUN.exe
  C:\Windows\System\jczHwUN.exe
  2⤵
  PID:6932
- C:\Windows\System\DqqjgXq.exe
  C:\Windows\System\DqqjgXq.exe
  2⤵
  PID:6952
- C:\Windows\System\QmaBrFQ.exe
  C:\Windows\System\QmaBrFQ.exe
  2⤵
  PID:6968
- C:\Windows\System\wxehAUN.exe
  C:\Windows\System\wxehAUN.exe
  2⤵
  PID:6988
- C:\Windows\System\LbnsuUe.exe
  C:\Windows\System\LbnsuUe.exe
  2⤵
  PID:7008
- C:\Windows\System\LbaiRWm.exe
  C:\Windows\System\LbaiRWm.exe
  2⤵
  PID:7028
- C:\Windows\System\DzVwcDi.exe
  C:\Windows\System\DzVwcDi.exe
  2⤵
  PID:7048
- C:\Windows\System\eHuHwvp.exe
  C:\Windows\System\eHuHwvp.exe
  2⤵
  PID:7068
- C:\Windows\System\xdsbTVP.exe
  C:\Windows\System\xdsbTVP.exe
  2⤵
  PID:7096
- C:\Windows\System\VTpSYec.exe
  C:\Windows\System\VTpSYec.exe
  2⤵
  PID:7124
- C:\Windows\System\xCZqZAQ.exe
  C:\Windows\System\xCZqZAQ.exe
  2⤵
  PID:7140
- C:\Windows\System\DrAXsyb.exe
  C:\Windows\System\DrAXsyb.exe
  2⤵
  PID:7164
- C:\Windows\System\qXrycAE.exe
  C:\Windows\System\qXrycAE.exe
  2⤵
  PID:5336
- C:\Windows\System\hmqDsZF.exe
  C:\Windows\System\hmqDsZF.exe
  2⤵
  PID:5128
- C:\Windows\System\RfROwUh.exe
  C:\Windows\System\RfROwUh.exe
  2⤵
  PID:5916
- C:\Windows\System\bcjlYZG.exe
  C:\Windows\System\bcjlYZG.exe
  2⤵
  PID:5672
- C:\Windows\System\MBaLZux.exe
  C:\Windows\System\MBaLZux.exe
  2⤵
  PID:6136
- C:\Windows\System\KmoFQBF.exe
  C:\Windows\System\KmoFQBF.exe
  2⤵
  PID:5680
- C:\Windows\System\tFZIObY.exe
  C:\Windows\System\tFZIObY.exe
  2⤵
  PID:5096
- C:\Windows\System\tlaJryv.exe
  C:\Windows\System\tlaJryv.exe
  2⤵
  PID:6172
- C:\Windows\System\GHjLuwp.exe
  C:\Windows\System\GHjLuwp.exe
  2⤵
  PID:5776
- C:\Windows\System\UjuXbfX.exe
  C:\Windows\System\UjuXbfX.exe
  2⤵
  PID:6248
- C:\Windows\System\cItEfci.exe
  C:\Windows\System\cItEfci.exe
  2⤵
  PID:5188
- C:\Windows\System\mJmBztV.exe
  C:\Windows\System\mJmBztV.exe
  2⤵
  PID:6292
- C:\Windows\System\cJCdvyN.exe
  C:\Windows\System\cJCdvyN.exe
  2⤵
  PID:6152
- C:\Windows\System\bnkrWRd.exe
  C:\Windows\System\bnkrWRd.exe
  2⤵
  PID:6228
- C:\Windows\System\acHabKg.exe
  C:\Windows\System\acHabKg.exe
  2⤵
  PID:6368
- C:\Windows\System\lBXUvZZ.exe
  C:\Windows\System\lBXUvZZ.exe
  2⤵
  PID:6448
- C:\Windows\System\vOEwqmT.exe
  C:\Windows\System\vOEwqmT.exe
  2⤵
  PID:6316
- C:\Windows\System\msXKzIl.exe
  C:\Windows\System\msXKzIl.exe
  2⤵
  PID:6352
- C:\Windows\System\msTPmYw.exe
  C:\Windows\System\msTPmYw.exe
  2⤵
  PID:6384
- C:\Windows\System\diPKqov.exe
  C:\Windows\System\diPKqov.exe
  2⤵
  PID:6616
- C:\Windows\System\jeGFxei.exe
  C:\Windows\System\jeGFxei.exe
  2⤵
  PID:6688
- C:\Windows\System\sTrbsKs.exe
  C:\Windows\System\sTrbsKs.exe
  2⤵
  PID:6728
- C:\Windows\System\jaKdNHJ.exe
  C:\Windows\System\jaKdNHJ.exe
  2⤵
  PID:6848
- C:\Windows\System\EQBXcoE.exe
  C:\Windows\System\EQBXcoE.exe
  2⤵
  PID:6472
- C:\Windows\System\ZNLjZhA.exe
  C:\Windows\System\ZNLjZhA.exe
  2⤵
  PID:6548
- C:\Windows\System\SWnuNFH.exe
  C:\Windows\System\SWnuNFH.exe
  2⤵
  PID:6580
- C:\Windows\System\cJXgyQy.exe
  C:\Windows\System\cJXgyQy.exe
  2⤵
  PID:6596
- C:\Windows\System\ubknHgb.exe
  C:\Windows\System\ubknHgb.exe
  2⤵
  PID:6664
- C:\Windows\System\BGHHjyT.exe
  C:\Windows\System\BGHHjyT.exe
  2⤵
  PID:6708
- C:\Windows\System\UiGYZKI.exe
  C:\Windows\System\UiGYZKI.exe
  2⤵
  PID:6748
- C:\Windows\System\lduZZIF.exe
  C:\Windows\System\lduZZIF.exe
  2⤵
  PID:6788
- C:\Windows\System\sDYDGgy.exe
  C:\Windows\System\sDYDGgy.exe
  2⤵
  PID:6828
- C:\Windows\System\lFSDNvY.exe
  C:\Windows\System\lFSDNvY.exe
  2⤵
  PID:6912
- C:\Windows\System\eZFEDmN.exe
  C:\Windows\System\eZFEDmN.exe
  2⤵
  PID:7084
- C:\Windows\System\QtaQxCa.exe
  C:\Windows\System\QtaQxCa.exe
  2⤵
  PID:5500
- C:\Windows\System\mmnndJQ.exe
  C:\Windows\System\mmnndJQ.exe
  2⤵
  PID:6904
- C:\Windows\System\fKEkTDg.exe
  C:\Windows\System\fKEkTDg.exe
  2⤵
  PID:7056
- C:\Windows\System\dJUDPSI.exe
  C:\Windows\System\dJUDPSI.exe
  2⤵
  PID:5632
- C:\Windows\System\EuhfyjU.exe
  C:\Windows\System\EuhfyjU.exe
  2⤵
  PID:2216
- C:\Windows\System\gtEYrzc.exe
  C:\Windows\System\gtEYrzc.exe
  2⤵
  PID:6208
- C:\Windows\System\KQaOocn.exe
  C:\Windows\System\KQaOocn.exe
  2⤵
  PID:6332
- C:\Windows\System\DNSvJRa.exe
  C:\Windows\System\DNSvJRa.exe
  2⤵
  PID:6308
- C:\Windows\System\mSRBTCO.exe
  C:\Windows\System\mSRBTCO.exe
  2⤵
  PID:7116
- C:\Windows\System\nnxSvJt.exe
  C:\Windows\System\nnxSvJt.exe
  2⤵
  PID:7160
- C:\Windows\System\dCCYWnB.exe
  C:\Windows\System\dCCYWnB.exe
  2⤵
  PID:6564
- C:\Windows\System\NDQXgPc.exe
  C:\Windows\System\NDQXgPc.exe
  2⤵
  PID:5888
- C:\Windows\System\cwJEiPd.exe
  C:\Windows\System\cwJEiPd.exe
  2⤵
  PID:6644
- C:\Windows\System\pgVPZdq.exe
  C:\Windows\System\pgVPZdq.exe
  2⤵
  PID:4772
- C:\Windows\System\oiscCLL.exe
  C:\Windows\System\oiscCLL.exe
  2⤵
  PID:6288
- C:\Windows\System\XPEqraW.exe
  C:\Windows\System\XPEqraW.exe
  2⤵
  PID:6276
- C:\Windows\System\BZBzxRF.exe
  C:\Windows\System\BZBzxRF.exe
  2⤵
  PID:6608
- C:\Windows\System\CLvpXYO.exe
  C:\Windows\System\CLvpXYO.exe
  2⤵
  PID:6672
- C:\Windows\System\BrUazns.exe
  C:\Windows\System\BrUazns.exe
  2⤵
  PID:6460
- C:\Windows\System\csJCtBD.exe
  C:\Windows\System\csJCtBD.exe
  2⤵
  PID:6908
- C:\Windows\System\FkfLtEO.exe
  C:\Windows\System\FkfLtEO.exe
  2⤵
  PID:7024
- C:\Windows\System\LZuCJDw.exe
  C:\Windows\System\LZuCJDw.exe
  2⤵
  PID:6864
- C:\Windows\System\wZAYKFi.exe
  C:\Windows\System\wZAYKFi.exe
  2⤵
  PID:5792
- C:\Windows\System\gfxnrpr.exe
  C:\Windows\System\gfxnrpr.exe
  2⤵
  PID:6744
- C:\Windows\System\HvcUjnB.exe
  C:\Windows\System\HvcUjnB.exe
  2⤵
  PID:5212
- C:\Windows\System\kaHdOki.exe
  C:\Windows\System\kaHdOki.exe
  2⤵
  PID:6824
- C:\Windows\System\BvRedrV.exe
  C:\Windows\System\BvRedrV.exe
  2⤵
  PID:5832
- C:\Windows\System\FTRMidx.exe
  C:\Windows\System\FTRMidx.exe
  2⤵
  PID:7060
- C:\Windows\System\gCkdetk.exe
  C:\Windows\System\gCkdetk.exe
  2⤵
  PID:6980
- C:\Windows\System\fuTNSxT.exe
  C:\Windows\System\fuTNSxT.exe
  2⤵
  PID:6632
- C:\Windows\System\CmjfRXv.exe
  C:\Windows\System\CmjfRXv.exe
  2⤵
  PID:3736
- C:\Windows\System\PMKdMca.exe
  C:\Windows\System\PMKdMca.exe
  2⤵
  PID:6372
- C:\Windows\System\bLscGgK.exe
  C:\Windows\System\bLscGgK.exe
  2⤵
  PID:5912
- C:\Windows\System\jMNwErM.exe
  C:\Windows\System\jMNwErM.exe
  2⤵
  PID:7156
- C:\Windows\System\qckJnJK.exe
  C:\Windows\System\qckJnJK.exe
  2⤵
  PID:6168
- C:\Windows\System\MFZJWsH.exe
  C:\Windows\System\MFZJWsH.exe
  2⤵
  PID:3728
- C:\Windows\System\SYDmGDl.exe
  C:\Windows\System\SYDmGDl.exe
  2⤵
  PID:6412
- C:\Windows\System\PYOdZhX.exe
  C:\Windows\System\PYOdZhX.exe
  2⤵
  PID:6888
- C:\Windows\System\ZddtypW.exe
  C:\Windows\System\ZddtypW.exe
  2⤵
  PID:6212
- C:\Windows\System\QOYjOoJ.exe
  C:\Windows\System\QOYjOoJ.exe
  2⤵
  PID:2476
- C:\Windows\System\UsEogkk.exe
  C:\Windows\System\UsEogkk.exe
  2⤵
  PID:6512
- C:\Windows\System\DgAPtTT.exe
  C:\Windows\System\DgAPtTT.exe
  2⤵
  PID:920
- C:\Windows\System\EhQQZSy.exe
  C:\Windows\System\EhQQZSy.exe
  2⤵
  PID:6808
- C:\Windows\System\fYVZQeO.exe
  C:\Windows\System\fYVZQeO.exe
  2⤵
  PID:3816
- C:\Windows\System\YAlFFcC.exe
  C:\Windows\System\YAlFFcC.exe
  2⤵
  PID:7136
- C:\Windows\System\JEOJgMA.exe
  C:\Windows\System\JEOJgMA.exe
  2⤵
  PID:7120
- C:\Windows\System\eHPMgeM.exe
  C:\Windows\System\eHPMgeM.exe
  2⤵
  PID:6236
- C:\Windows\System\lZRXzvy.exe
  C:\Windows\System\lZRXzvy.exe
  2⤵
  PID:7184
- C:\Windows\System\SkdXBUj.exe
  C:\Windows\System\SkdXBUj.exe
  2⤵
  PID:7212
- C:\Windows\System\ojQWYUH.exe
  C:\Windows\System\ojQWYUH.exe
  2⤵
  PID:7232
- C:\Windows\System\zXxonAU.exe
  C:\Windows\System\zXxonAU.exe
  2⤵
  PID:7252
- C:\Windows\System\OHxmhSP.exe
  C:\Windows\System\OHxmhSP.exe
  2⤵
  PID:7268
- C:\Windows\System\FdlXJDH.exe
  C:\Windows\System\FdlXJDH.exe
  2⤵
  PID:7288
- C:\Windows\System\IIWfuwt.exe
  C:\Windows\System\IIWfuwt.exe
  2⤵
  PID:7304
- C:\Windows\System\fsZKLoL.exe
  C:\Windows\System\fsZKLoL.exe
  2⤵
  PID:7320
- C:\Windows\System\uUCEXsh.exe
  C:\Windows\System\uUCEXsh.exe
  2⤵
  PID:7344
- C:\Windows\System\bjRkofU.exe
  C:\Windows\System\bjRkofU.exe
  2⤵
  PID:7364
- C:\Windows\System\sgvOdlB.exe
  C:\Windows\System\sgvOdlB.exe
  2⤵
  PID:7384
- C:\Windows\System\JIosOxK.exe
  C:\Windows\System\JIosOxK.exe
  2⤵
  PID:7404
- C:\Windows\System\HCTVsTG.exe
  C:\Windows\System\HCTVsTG.exe
  2⤵
  PID:7424
- C:\Windows\System\fodaOsi.exe
  C:\Windows\System\fodaOsi.exe
  2⤵
  PID:7444
- C:\Windows\System\mQJBsma.exe
  C:\Windows\System\mQJBsma.exe
  2⤵
  PID:7460
- C:\Windows\System\FzuRueU.exe
  C:\Windows\System\FzuRueU.exe
  2⤵
  PID:7476
- C:\Windows\System\lbWStyQ.exe
  C:\Windows\System\lbWStyQ.exe
  2⤵
  PID:7500
- C:\Windows\System\elVkAru.exe
  C:\Windows\System\elVkAru.exe
  2⤵
  PID:7516
- C:\Windows\System\vztFbuU.exe
  C:\Windows\System\vztFbuU.exe
  2⤵
  PID:7540
- C:\Windows\System\vfYewFt.exe
  C:\Windows\System\vfYewFt.exe
  2⤵
  PID:7568
- C:\Windows\System\VrDTVgR.exe
  C:\Windows\System\VrDTVgR.exe
  2⤵
  PID:7584
- C:\Windows\System\mzXVcBT.exe
  C:\Windows\System\mzXVcBT.exe
  2⤵
  PID:7608
- C:\Windows\System\PMglebW.exe
  C:\Windows\System\PMglebW.exe
  2⤵
  PID:7624
- C:\Windows\System\euugmeO.exe
  C:\Windows\System\euugmeO.exe
  2⤵
  PID:7644
- C:\Windows\System\WzINcqN.exe
  C:\Windows\System\WzINcqN.exe
  2⤵
  PID:7660
- C:\Windows\System\xInZTiU.exe
  C:\Windows\System\xInZTiU.exe
  2⤵
  PID:7684
- C:\Windows\System\HdvpaDU.exe
  C:\Windows\System\HdvpaDU.exe
  2⤵
  PID:7744
- C:\Windows\System\GJhpxzM.exe
  C:\Windows\System\GJhpxzM.exe
  2⤵
  PID:7780
- C:\Windows\System\ZcCnrhi.exe
  C:\Windows\System\ZcCnrhi.exe
  2⤵
  PID:7804
- C:\Windows\System\pwnwYhr.exe
  C:\Windows\System\pwnwYhr.exe
  2⤵
  PID:7832
- C:\Windows\System\fNvkSDF.exe
  C:\Windows\System\fNvkSDF.exe
  2⤵
  PID:7848
- C:\Windows\System\LNmicrQ.exe
  C:\Windows\System\LNmicrQ.exe
  2⤵
  PID:7868
- C:\Windows\System\oxnuBeO.exe
  C:\Windows\System\oxnuBeO.exe
  2⤵
  PID:7884
- C:\Windows\System\qwrtZiS.exe
  C:\Windows\System\qwrtZiS.exe
  2⤵
  PID:7904
- C:\Windows\System\HRCQbKs.exe
  C:\Windows\System\HRCQbKs.exe
  2⤵
  PID:7920
- C:\Windows\System\jGWtJAR.exe
  C:\Windows\System\jGWtJAR.exe
  2⤵
  PID:7936
- C:\Windows\System\AFkYZAS.exe
  C:\Windows\System\AFkYZAS.exe
  2⤵
  PID:7956
- C:\Windows\System\xIocICu.exe
  C:\Windows\System\xIocICu.exe
  2⤵
  PID:7976
- C:\Windows\System\DtoYEwq.exe
  C:\Windows\System\DtoYEwq.exe
  2⤵
  PID:7992
- C:\Windows\System\LpLzzhs.exe
  C:\Windows\System\LpLzzhs.exe
  2⤵
  PID:8008
- C:\Windows\System\MzPCllS.exe
  C:\Windows\System\MzPCllS.exe
  2⤵
  PID:8028
- C:\Windows\System\EDwpwEQ.exe
  C:\Windows\System\EDwpwEQ.exe
  2⤵
  PID:8048
- C:\Windows\System\RKSWMxg.exe
  C:\Windows\System\RKSWMxg.exe
  2⤵
  PID:8068
- C:\Windows\System\pBzlyni.exe
  C:\Windows\System\pBzlyni.exe
  2⤵
  PID:8084
- C:\Windows\System\MzTPHDV.exe
  C:\Windows\System\MzTPHDV.exe
  2⤵
  PID:8100
- C:\Windows\System\toSLgOZ.exe
  C:\Windows\System\toSLgOZ.exe
  2⤵
  PID:8120
- C:\Windows\System\jtvTrpa.exe
  C:\Windows\System\jtvTrpa.exe
  2⤵
  PID:8136
- C:\Windows\System\hMPaSZk.exe
  C:\Windows\System\hMPaSZk.exe
  2⤵
  PID:8156
- C:\Windows\System\yPVXkeA.exe
  C:\Windows\System\yPVXkeA.exe
  2⤵
  PID:8172
- C:\Windows\System\tLrHlzf.exe
  C:\Windows\System\tLrHlzf.exe
  2⤵
  PID:8188
- C:\Windows\System\RZVFINi.exe
  C:\Windows\System\RZVFINi.exe
  2⤵
  PID:7000
- C:\Windows\System\IfGAPWL.exe
  C:\Windows\System\IfGAPWL.exe
  2⤵
  PID:6996
- C:\Windows\System\TFThuWT.exe
  C:\Windows\System\TFThuWT.exe
  2⤵
  PID:6868
- C:\Windows\System\xlzzLEz.exe
  C:\Windows\System\xlzzLEz.exe
  2⤵
  PID:2704
- C:\Windows\System\uTjxaZb.exe
  C:\Windows\System\uTjxaZb.exe
  2⤵
  PID:6944
- C:\Windows\System\OIGCTRg.exe
  C:\Windows\System\OIGCTRg.exe
  2⤵
  PID:4964
- C:\Windows\System\FwaWOoJ.exe
  C:\Windows\System\FwaWOoJ.exe
  2⤵
  PID:7200
- C:\Windows\System\lHdcYSl.exe
  C:\Windows\System\lHdcYSl.exe
  2⤵
  PID:6524
- C:\Windows\System\KVCgoRW.exe
  C:\Windows\System\KVCgoRW.exe
  2⤵
  PID:7208
- C:\Windows\System\pzoYxPj.exe
  C:\Windows\System\pzoYxPj.exe
  2⤵
  PID:7260
- C:\Windows\System\IhAMQVN.exe
  C:\Windows\System\IhAMQVN.exe
  2⤵
  PID:7328
- C:\Windows\System\nqHfwho.exe
  C:\Windows\System\nqHfwho.exe
  2⤵
  PID:7548
- C:\Windows\System\NTmzfYq.exe
  C:\Windows\System\NTmzfYq.exe
  2⤵
  PID:668
- C:\Windows\System\joZDfpW.exe
  C:\Windows\System\joZDfpW.exe
  2⤵
  PID:7600
- C:\Windows\System\zgmvnRt.exe
  C:\Windows\System\zgmvnRt.exe
  2⤵
  PID:7668
- C:\Windows\System\nGQoSWm.exe
  C:\Windows\System\nGQoSWm.exe
  2⤵
  PID:6076
- C:\Windows\System\FykYOYU.exe
  C:\Windows\System\FykYOYU.exe
  2⤵
  PID:7420
- C:\Windows\System\XkaYQDh.exe
  C:\Windows\System\XkaYQDh.exe
  2⤵
  PID:7412
- C:\Windows\System\VrzBfgG.exe
  C:\Windows\System\VrzBfgG.exe
  2⤵
  PID:7452
- C:\Windows\System\RtDKVsJ.exe
  C:\Windows\System\RtDKVsJ.exe
  2⤵
  PID:7528
- C:\Windows\System\gbkDTSQ.exe
  C:\Windows\System\gbkDTSQ.exe
  2⤵
  PID:7616
- C:\Windows\System\kpqwJqI.exe
  C:\Windows\System\kpqwJqI.exe
  2⤵
  PID:876
- C:\Windows\System\NEAhSPp.exe
  C:\Windows\System\NEAhSPp.exe
  2⤵
  PID:1948
- C:\Windows\System\moEpobq.exe
  C:\Windows\System\moEpobq.exe
  2⤵
  PID:2808
- C:\Windows\System\AHKQXhz.exe
  C:\Windows\System\AHKQXhz.exe
  2⤵
  PID:3868
- C:\Windows\System\dKvWIFs.exe
  C:\Windows\System\dKvWIFs.exe
  2⤵
  PID:3092
- C:\Windows\System\relWKpA.exe
  C:\Windows\System\relWKpA.exe
  2⤵
  PID:7656
- C:\Windows\System\zhHBYhL.exe
  C:\Windows\System\zhHBYhL.exe
  2⤵
  PID:1324
- C:\Windows\System\YRYMkdx.exe
  C:\Windows\System\YRYMkdx.exe
  2⤵
  PID:7752
- C:\Windows\System\TcFuDkh.exe
  C:\Windows\System\TcFuDkh.exe
  2⤵
  PID:7776
- C:\Windows\System\unLLgmZ.exe
  C:\Windows\System\unLLgmZ.exe
  2⤵
  PID:7840
- C:\Windows\System\HBqxhaY.exe
  C:\Windows\System\HBqxhaY.exe
  2⤵
  PID:7912
- C:\Windows\System\NpbdlhB.exe
  C:\Windows\System\NpbdlhB.exe
  2⤵
  PID:7696
- C:\Windows\System\XMFlrFU.exe
  C:\Windows\System\XMFlrFU.exe
  2⤵
  PID:7988
- C:\Windows\System\JoYTcpZ.exe
  C:\Windows\System\JoYTcpZ.exe
  2⤵
  PID:8024
- C:\Windows\System\uIxBicA.exe
  C:\Windows\System\uIxBicA.exe
  2⤵
  PID:8092
- C:\Windows\System\WumnQID.exe
  C:\Windows\System\WumnQID.exe
  2⤵
  PID:8096
- C:\Windows\System\QHZMkZP.exe
  C:\Windows\System\QHZMkZP.exe
  2⤵
  PID:7860
- C:\Windows\System\bzxhzey.exe
  C:\Windows\System\bzxhzey.exe
  2⤵
  PID:7928
- C:\Windows\System\kJSFCjQ.exe
  C:\Windows\System\kJSFCjQ.exe
  2⤵
  PID:7972
- C:\Windows\System\FZtHZtj.exe
  C:\Windows\System\FZtHZtj.exe
  2⤵
  PID:8004
- C:\Windows\System\LolTqBG.exe
  C:\Windows\System\LolTqBG.exe
  2⤵
  PID:8044
- C:\Windows\System\udJkQZk.exe
  C:\Windows\System\udJkQZk.exe
  2⤵
  PID:8112
- C:\Windows\System\IQkPfeW.exe
  C:\Windows\System\IQkPfeW.exe
  2⤵
  PID:2616
- C:\Windows\System\lOqyovy.exe
  C:\Windows\System\lOqyovy.exe
  2⤵
  PID:6872
- C:\Windows\System\nBMKrKb.exe
  C:\Windows\System\nBMKrKb.exe
  2⤵
  PID:1880
- C:\Windows\System\qVFacKj.exe
  C:\Windows\System\qVFacKj.exe
  2⤵
  PID:7192
- C:\Windows\System\nfOYkwn.exe
  C:\Windows\System\nfOYkwn.exe
  2⤵
  PID:7152
- C:\Windows\System\dpnNXQL.exe
  C:\Windows\System\dpnNXQL.exe
  2⤵
  PID:7296
- C:\Windows\System\tFdRNWy.exe
  C:\Windows\System\tFdRNWy.exe
  2⤵
  PID:7560
- C:\Windows\System\kbdoLUB.exe
  C:\Windows\System\kbdoLUB.exe
  2⤵
  PID:7356
- C:\Windows\System\udDvCkr.exe
  C:\Windows\System\udDvCkr.exe
  2⤵
  PID:7396
- C:\Windows\System\mEyPhzT.exe
  C:\Windows\System\mEyPhzT.exe
  2⤵
  PID:7220
- C:\Windows\System\FrGEvGH.exe
  C:\Windows\System\FrGEvGH.exe
  2⤵
  PID:7692
- C:\Windows\System\VeZogYq.exe
  C:\Windows\System\VeZogYq.exe
  2⤵
  PID:7576
- C:\Windows\System\UWdegsp.exe
  C:\Windows\System\UWdegsp.exe
  2⤵
  PID:7948
- C:\Windows\System\UsEhWOf.exe
  C:\Windows\System\UsEhWOf.exe
  2⤵
  PID:8020
- C:\Windows\System\JvuuVod.exe
  C:\Windows\System\JvuuVod.exe
  2⤵
  PID:8060
- C:\Windows\System\svxGlOk.exe
  C:\Windows\System\svxGlOk.exe
  2⤵
  PID:7824
- C:\Windows\System\lXcPCKg.exe
  C:\Windows\System\lXcPCKg.exe
  2⤵
  PID:7964
- C:\Windows\System\DnMXGTN.exe
  C:\Windows\System\DnMXGTN.exe
  2⤵
  PID:8108
- C:\Windows\System\CrRcIjO.exe
  C:\Windows\System\CrRcIjO.exe
  2⤵
  PID:8180
- C:\Windows\System\AoXHQjg.exe
  C:\Windows\System\AoXHQjg.exe
  2⤵
  PID:8184
- C:\Windows\System\vPUWzWk.exe
  C:\Windows\System\vPUWzWk.exe
  2⤵
  PID:6964
- C:\Windows\System\YAoBczl.exe
  C:\Windows\System\YAoBczl.exe
  2⤵
  PID:2284
- C:\Windows\System\zmKPOJq.exe
  C:\Windows\System\zmKPOJq.exe
  2⤵
  PID:2648
- C:\Windows\System\lcmVNdq.exe
  C:\Windows\System\lcmVNdq.exe
  2⤵
  PID:7224
- C:\Windows\System\BkSrfAa.exe
  C:\Windows\System\BkSrfAa.exe
  2⤵
  PID:1832
- C:\Windows\System\hFZtJnS.exe
  C:\Windows\System\hFZtJnS.exe
  2⤵
  PID:2940
- C:\Windows\System\lRLGzln.exe
  C:\Windows\System\lRLGzln.exe
  2⤵
  PID:7340
- C:\Windows\System\tuKopwi.exe
  C:\Windows\System\tuKopwi.exe
  2⤵
  PID:7596
- C:\Windows\System\FvbQKKq.exe
  C:\Windows\System\FvbQKKq.exe
  2⤵
  PID:2672
- C:\Windows\System\AXzjzOj.exe
  C:\Windows\System\AXzjzOj.exe
  2⤵
  PID:7376
- C:\Windows\System\SqkQsVO.exe
  C:\Windows\System\SqkQsVO.exe
  2⤵
  PID:2152
- C:\Windows\System\EFfcOuU.exe
  C:\Windows\System\EFfcOuU.exe
  2⤵
  PID:7416
- C:\Windows\System\tWDPnvQ.exe
  C:\Windows\System\tWDPnvQ.exe
  2⤵
  PID:2844
- C:\Windows\System\FOzCorH.exe
  C:\Windows\System\FOzCorH.exe
  2⤵
  PID:6428
- C:\Windows\System\KwPtZgN.exe
  C:\Windows\System\KwPtZgN.exe
  2⤵
  PID:3432
- C:\Windows\System\KMaWrKp.exe
  C:\Windows\System\KMaWrKp.exe
  2⤵
  PID:7880
- C:\Windows\System\IBwlqNI.exe
  C:\Windows\System\IBwlqNI.exe
  2⤵
  PID:2828
- C:\Windows\System\tefwkrx.exe
  C:\Windows\System\tefwkrx.exe
  2⤵
  PID:7300
- C:\Windows\System\jRrMrQZ.exe
  C:\Windows\System\jRrMrQZ.exe
  2⤵
  PID:7392
- C:\Windows\System\jObddMZ.exe
  C:\Windows\System\jObddMZ.exe
  2⤵
  PID:7640
- C:\Windows\System\AXMtqYl.exe
  C:\Windows\System\AXMtqYl.exe
  2⤵
  PID:2928
- C:\Windows\System\jKDMlty.exe
  C:\Windows\System\jKDMlty.exe
  2⤵
  PID:264
- C:\Windows\System\ubzlAcZ.exe
  C:\Windows\System\ubzlAcZ.exe
  2⤵
  PID:1572
- C:\Windows\System\NJtQUSZ.exe
  C:\Windows\System\NJtQUSZ.exe
  2⤵
  PID:8016
- C:\Windows\System\MhwbLxr.exe
  C:\Windows\System\MhwbLxr.exe
  2⤵
  PID:8264
- C:\Windows\System\KgUxpmr.exe
  C:\Windows\System\KgUxpmr.exe
  2⤵
  PID:8316
- C:\Windows\System\xzGdUrp.exe
  C:\Windows\System\xzGdUrp.exe
  2⤵
  PID:8332
- C:\Windows\System\nZwTNdB.exe
  C:\Windows\System\nZwTNdB.exe
  2⤵
  PID:8348
- C:\Windows\System\CrJDuJi.exe
  C:\Windows\System\CrJDuJi.exe
  2⤵
  PID:8364
- C:\Windows\System\qNXIuaL.exe
  C:\Windows\System\qNXIuaL.exe
  2⤵
  PID:8388
- C:\Windows\System\XxHVAuH.exe
  C:\Windows\System\XxHVAuH.exe
  2⤵
  PID:8404
- C:\Windows\System\NVjWqOw.exe
  C:\Windows\System\NVjWqOw.exe
  2⤵
  PID:8420
- C:\Windows\System\SsfKEvy.exe
  C:\Windows\System\SsfKEvy.exe
  2⤵
  PID:8436
- C:\Windows\System\SlMlEZT.exe
  C:\Windows\System\SlMlEZT.exe
  2⤵
  PID:8456
- C:\Windows\System\zMrcUGX.exe
  C:\Windows\System\zMrcUGX.exe
  2⤵
  PID:8472
- C:\Windows\System\yZaQNCs.exe
  C:\Windows\System\yZaQNCs.exe
  2⤵
  PID:8488
- C:\Windows\System\QUGoRFK.exe
  C:\Windows\System\QUGoRFK.exe
  2⤵
  PID:8504
- C:\Windows\System\wYYCInb.exe
  C:\Windows\System\wYYCInb.exe
  2⤵
  PID:8520
- C:\Windows\System\IYMTDTA.exe
  C:\Windows\System\IYMTDTA.exe
  2⤵
  PID:8536
- C:\Windows\System\SNVILub.exe
  C:\Windows\System\SNVILub.exe
  2⤵
  PID:8552
- C:\Windows\System\CfWajBg.exe
  C:\Windows\System\CfWajBg.exe
  2⤵
  PID:8568
- C:\Windows\System\yeiLsqg.exe
  C:\Windows\System\yeiLsqg.exe
  2⤵
  PID:8584
- C:\Windows\System\MCOCGgL.exe
  C:\Windows\System\MCOCGgL.exe
  2⤵
  PID:8600
- C:\Windows\System\DRCqzCM.exe
  C:\Windows\System\DRCqzCM.exe
  2⤵
  PID:8616
- C:\Windows\System\NjchSvu.exe
  C:\Windows\System\NjchSvu.exe
  2⤵
  PID:8632
- C:\Windows\System\zSCdoMX.exe
  C:\Windows\System\zSCdoMX.exe
  2⤵
  PID:8648
- C:\Windows\System\RkFtZYS.exe
  C:\Windows\System\RkFtZYS.exe
  2⤵
  PID:8668
- C:\Windows\System\bWLwqFq.exe
  C:\Windows\System\bWLwqFq.exe
  2⤵
  PID:8684
- C:\Windows\System\QVXkIAm.exe
  C:\Windows\System\QVXkIAm.exe
  2⤵
  PID:8700
- C:\Windows\System\JaoZkGD.exe
  C:\Windows\System\JaoZkGD.exe
  2⤵
  PID:8716
- C:\Windows\System\gbZyyGK.exe
  C:\Windows\System\gbZyyGK.exe
  2⤵
  PID:8732
- C:\Windows\System\tTvEzzK.exe
  C:\Windows\System\tTvEzzK.exe
  2⤵
  PID:8788
- C:\Windows\System\OYWcByZ.exe
  C:\Windows\System\OYWcByZ.exe
  2⤵
  PID:8812
- C:\Windows\System\yzayRTb.exe
  C:\Windows\System\yzayRTb.exe
  2⤵
  PID:8840
- C:\Windows\System\EqcDcpj.exe
  C:\Windows\System\EqcDcpj.exe
  2⤵
  PID:8860
- C:\Windows\System\FulxTSe.exe
  C:\Windows\System\FulxTSe.exe
  2⤵
  PID:8880
- C:\Windows\System\JRwgRpW.exe
  C:\Windows\System\JRwgRpW.exe
  2⤵
  PID:8904
- C:\Windows\System\tgmwwaL.exe
  C:\Windows\System\tgmwwaL.exe
  2⤵
  PID:8920
- C:\Windows\System\NkijBnc.exe
  C:\Windows\System\NkijBnc.exe
  2⤵
  PID:8936
- C:\Windows\System\UldSODq.exe
  C:\Windows\System\UldSODq.exe
  2⤵
  PID:8952
- C:\Windows\System\WExHbeb.exe
  C:\Windows\System\WExHbeb.exe
  2⤵
  PID:8968
- C:\Windows\System\TlenTjH.exe
  C:\Windows\System\TlenTjH.exe
  2⤵
  PID:8984
- C:\Windows\System\hDfxpEN.exe
  C:\Windows\System\hDfxpEN.exe
  2⤵
  PID:9000
- C:\Windows\System\gqRuxNx.exe
  C:\Windows\System\gqRuxNx.exe
  2⤵
  PID:9016
- C:\Windows\System\BuCSHoL.exe
  C:\Windows\System\BuCSHoL.exe
  2⤵
  PID:9032
- C:\Windows\System\SRbQxom.exe
  C:\Windows\System\SRbQxom.exe
  2⤵
  PID:9048
- C:\Windows\System\pUCaOtp.exe
  C:\Windows\System\pUCaOtp.exe
  2⤵
  PID:9064
- C:\Windows\System\oDPPCRl.exe
  C:\Windows\System\oDPPCRl.exe
  2⤵
  PID:9080
- C:\Windows\System\wQwhgUv.exe
  C:\Windows\System\wQwhgUv.exe
  2⤵
  PID:9096
- C:\Windows\System\UrMCaXT.exe
  C:\Windows\System\UrMCaXT.exe
  2⤵
  PID:9116
- C:\Windows\System\CgjocFz.exe
  C:\Windows\System\CgjocFz.exe
  2⤵
  PID:9132
- C:\Windows\System\TLdAxLo.exe
  C:\Windows\System\TLdAxLo.exe
  2⤵
  PID:9148
- C:\Windows\System\SppVaUh.exe
  C:\Windows\System\SppVaUh.exe
  2⤵
  PID:9164
- C:\Windows\System\vXApbfk.exe
  C:\Windows\System\vXApbfk.exe
  2⤵
  PID:9180
- C:\Windows\System\PIxxYip.exe
  C:\Windows\System\PIxxYip.exe
  2⤵
  PID:9196
- C:\Windows\System\ZZMIKUX.exe
  C:\Windows\System\ZZMIKUX.exe
  2⤵
  PID:9212
- C:\Windows\System\JPbqdgd.exe
  C:\Windows\System\JPbqdgd.exe
  2⤵
  PID:6784
- C:\Windows\System\twKZEjH.exe
  C:\Windows\System\twKZEjH.exe
  2⤵
  PID:7496
- C:\Windows\System\kNXCvOJ.exe
  C:\Windows\System\kNXCvOJ.exe
  2⤵
  PID:2448
- C:\Windows\System\kKxDgzu.exe
  C:\Windows\System\kKxDgzu.exe
  2⤵
  PID:7764
- C:\Windows\System\FbFjrmN.exe
  C:\Windows\System\FbFjrmN.exe
  2⤵
  PID:2664
- C:\Windows\System\OQaELvU.exe
  C:\Windows\System\OQaELvU.exe
  2⤵
  PID:3416
- C:\Windows\System\XlOJEjE.exe
  C:\Windows\System\XlOJEjE.exe
  2⤵
  PID:7468
- C:\Windows\System\WorpsJC.exe
  C:\Windows\System\WorpsJC.exe
  2⤵
  PID:8200
- C:\Windows\System\grMmOfF.exe
  C:\Windows\System\grMmOfF.exe
  2⤵
  PID:8036
- C:\Windows\System\zlARdyg.exe
  C:\Windows\System\zlARdyg.exe
  2⤵
  PID:7556
- C:\Windows\System\PDCPCGA.exe
  C:\Windows\System\PDCPCGA.exe
  2⤵
  PID:2628
- C:\Windows\System\oMJSHEa.exe
  C:\Windows\System\oMJSHEa.exe
  2⤵
  PID:7828
- C:\Windows\System\PKBxXBs.exe
  C:\Windows\System\PKBxXBs.exe
  2⤵
  PID:8208
- C:\Windows\System\eztBTCc.exe
  C:\Windows\System\eztBTCc.exe
  2⤵
  PID:8216
- C:\Windows\System\tsnoKrm.exe
  C:\Windows\System\tsnoKrm.exe
  2⤵
  PID:8228
- C:\Windows\System\bQIyHPF.exe
  C:\Windows\System\bQIyHPF.exe
  2⤵
  PID:8240
- C:\Windows\System\aHlvnxS.exe
  C:\Windows\System\aHlvnxS.exe
  2⤵
  PID:8252
- C:\Windows\System\MdgYCgI.exe
  C:\Windows\System\MdgYCgI.exe
  2⤵
  PID:8276
- C:\Windows\System\hZQTSHf.exe
  C:\Windows\System\hZQTSHf.exe
  2⤵
  PID:8304
- C:\Windows\System\eEBUNpT.exe
  C:\Windows\System\eEBUNpT.exe
  2⤵
  PID:8340
- C:\Windows\System\QXVIVpL.exe
  C:\Windows\System\QXVIVpL.exe
  2⤵
  PID:2852
- C:\Windows\System\ZqUjGQu.exe
  C:\Windows\System\ZqUjGQu.exe
  2⤵
  PID:8376
- C:\Windows\System\YNmUUeh.exe
  C:\Windows\System\YNmUUeh.exe
  2⤵
  PID:8444
- C:\Windows\System\eBhaVui.exe
  C:\Windows\System\eBhaVui.exe
  2⤵
  PID:8544
- C:\Windows\System\klqqkDB.exe
  C:\Windows\System\klqqkDB.exe
  2⤵
  PID:8608
- C:\Windows\System\nisWGPS.exe
  C:\Windows\System\nisWGPS.exe
  2⤵
  PID:8480
- C:\Windows\System\KEJheEn.exe
  C:\Windows\System\KEJheEn.exe
  2⤵
  PID:8644
- C:\Windows\System\PokSzZu.exe
  C:\Windows\System\PokSzZu.exe
  2⤵
  PID:8400
- C:\Windows\System\ZTUbWNX.exe
  C:\Windows\System\ZTUbWNX.exe
  2⤵
  PID:8468
- C:\Windows\System\wxOirru.exe
  C:\Windows\System\wxOirru.exe
  2⤵
  PID:8532
- C:\Windows\System\ZAsRDZH.exe
  C:\Windows\System\ZAsRDZH.exe
  2⤵
  PID:8596
- C:\Windows\System\MIrpERk.exe
  C:\Windows\System\MIrpERk.exe
  2⤵
  PID:8680
- C:\Windows\System\wfPtFow.exe
  C:\Windows\System\wfPtFow.exe
  2⤵
  PID:8748
- C:\Windows\System\livgDjz.exe
  C:\Windows\System\livgDjz.exe
  2⤵
  PID:8764
- C:\Windows\System\GwlfLyL.exe
  C:\Windows\System\GwlfLyL.exe
  2⤵
  PID:7728
- C:\Windows\System\Jwgsloh.exe
  C:\Windows\System\Jwgsloh.exe
  2⤵
  PID:7724
- C:\Windows\System\ZDtIbut.exe
  C:\Windows\System\ZDtIbut.exe
  2⤵
  PID:8660
- C:\Windows\System\gpsAQDN.exe
  C:\Windows\System\gpsAQDN.exe
  2⤵
  PID:8728
- C:\Windows\System\eFzjuER.exe
  C:\Windows\System\eFzjuER.exe
  2⤵
  PID:8820
- C:\Windows\System\KQzdaGH.exe
  C:\Windows\System\KQzdaGH.exe
  2⤵
  PID:8832
- C:\Windows\System\zNgIPAN.exe
  C:\Windows\System\zNgIPAN.exe
  2⤵
  PID:8916
- C:\Windows\System\uJrJWlm.exe
  C:\Windows\System\uJrJWlm.exe
  2⤵
  PID:8852
- C:\Windows\System\OPptsJE.exe
  C:\Windows\System\OPptsJE.exe
  2⤵
  PID:8896
- C:\Windows\System\OHlQZEI.exe
  C:\Windows\System\OHlQZEI.exe
  2⤵
  PID:8964
- C:\Windows\System\asrHFXR.exe
  C:\Windows\System\asrHFXR.exe
  2⤵
  PID:8996
- C:\Windows\System\cJyETdx.exe
  C:\Windows\System\cJyETdx.exe
  2⤵
  PID:9040
- C:\Windows\System\lwIUIrC.exe
  C:\Windows\System\lwIUIrC.exe
  2⤵
  PID:9028
- C:\Windows\System\wkBfNRo.exe
  C:\Windows\System\wkBfNRo.exe
  2⤵
  PID:9104
- C:\Windows\System\eaRJlKc.exe
  C:\Windows\System\eaRJlKc.exe
  2⤵
  PID:9172
- C:\Windows\System\nLNjWQf.exe
  C:\Windows\System\nLNjWQf.exe
  2⤵
  PID:992
- C:\Windows\System\iCTUOpV.exe
  C:\Windows\System\iCTUOpV.exe
  2⤵
  PID:7440
- C:\Windows\System\eGprdKe.exe
  C:\Windows\System\eGprdKe.exe
  2⤵
  PID:7704
- C:\Windows\System\PBVKFPB.exe
  C:\Windows\System\PBVKFPB.exe
  2⤵
  PID:2712
- C:\Windows\System\TvxZtRA.exe
  C:\Windows\System\TvxZtRA.exe
  2⤵
  PID:8212
- C:\Windows\System\EysrVfe.exe
  C:\Windows\System\EysrVfe.exe
  2⤵
  PID:8288
- C:\Windows\System\GRElUYi.exe
  C:\Windows\System\GRElUYi.exe
  2⤵
  PID:8224
- C:\Windows\System\uCiGJfU.exe
  C:\Windows\System\uCiGJfU.exe
  2⤵
  PID:8312
- C:\Windows\System\HIcEJkA.exe
  C:\Windows\System\HIcEJkA.exe
  2⤵
  PID:8512
- C:\Windows\System\VEqNdYJ.exe
  C:\Windows\System\VEqNdYJ.exe
  2⤵
  PID:2264
- C:\Windows\System\glEThic.exe
  C:\Windows\System\glEThic.exe
  2⤵
  PID:8324
- C:\Windows\System\nQRTQKr.exe
  C:\Windows\System\nQRTQKr.exe
  2⤵
  PID:8432
- C:\Windows\System\ppfNqor.exe
  C:\Windows\System\ppfNqor.exe
  2⤵
  PID:8712
- C:\Windows\System\xVobfYf.exe
  C:\Windows\System\xVobfYf.exe
  2⤵
  PID:8776
- C:\Windows\System\ugqdcbA.exe
  C:\Windows\System\ugqdcbA.exe
  2⤵
  PID:8500
- C:\Windows\System\siJLAgb.exe
  C:\Windows\System\siJLAgb.exe
  2⤵
  PID:8448
- C:\Windows\System\OJtQVdn.exe
  C:\Windows\System\OJtQVdn.exe
  2⤵
  PID:8756
- C:\Windows\System\wQSVOsz.exe
  C:\Windows\System\wQSVOsz.exe
  2⤵
  PID:8780
- C:\Windows\System\nRzbMYY.exe
  C:\Windows\System\nRzbMYY.exe
  2⤵
  PID:8628
- C:\Windows\System\TVrKDYp.exe
  C:\Windows\System\TVrKDYp.exe
  2⤵
  PID:8808
- C:\Windows\System\KsbypeU.exe
  C:\Windows\System\KsbypeU.exe
  2⤵
  PID:8892
- C:\Windows\System\IBaDfLP.exe
  C:\Windows\System\IBaDfLP.exe
  2⤵
  PID:8796
- C:\Windows\System\UmxmBjm.exe
  C:\Windows\System\UmxmBjm.exe
  2⤵
  PID:9024
- C:\Windows\System\jgglbDn.exe
  C:\Windows\System\jgglbDn.exe
  2⤵
  PID:9128
- C:\Windows\System\XXdHEdg.exe
  C:\Windows\System\XXdHEdg.exe
  2⤵
  PID:9112
- C:\Windows\System\htVNBPX.exe
  C:\Windows\System\htVNBPX.exe
  2⤵
  PID:9092
- C:\Windows\System\UYhCaex.exe
  C:\Windows\System\UYhCaex.exe
  2⤵
  PID:9208
- C:\Windows\System\qDXYeTf.exe
  C:\Windows\System\qDXYeTf.exe
  2⤵
  PID:2820
- C:\Windows\System\UTljChS.exe
  C:\Windows\System\UTljChS.exe
  2⤵
  PID:7564
- C:\Windows\System\BVBgOIB.exe
  C:\Windows\System\BVBgOIB.exe
  2⤵
  PID:2256
- C:\Windows\System\LOpVjKk.exe
  C:\Windows\System\LOpVjKk.exe
  2⤵
  PID:8260
- C:\Windows\System\lAAaFUk.exe
  C:\Windows\System\lAAaFUk.exe
  2⤵
  PID:1548
- C:\Windows\System\KAiMwwc.exe
  C:\Windows\System\KAiMwwc.exe
  2⤵
  PID:1512
- C:\Windows\System\hKkALQz.exe
  C:\Windows\System\hKkALQz.exe
  2⤵
  PID:9188
- C:\Windows\System\RlHBTLf.exe
  C:\Windows\System\RlHBTLf.exe
  2⤵
  PID:8564
- C:\Windows\System\SStnkFn.exe
  C:\Windows\System\SStnkFn.exe
  2⤵
  PID:8772
- C:\Windows\System\uFwLBLf.exe
  C:\Windows\System\uFwLBLf.exe
  2⤵
  PID:8396
- C:\Windows\System\UMXdBSH.exe
  C:\Windows\System\UMXdBSH.exe
  2⤵
  PID:3356
- C:\Windows\System\vdlkPjD.exe
  C:\Windows\System\vdlkPjD.exe
  2⤵
  PID:9108
- C:\Windows\System\yIdSWEx.exe
  C:\Windows\System\yIdSWEx.exe
  2⤵
  PID:700
- C:\Windows\System\iHZmuNZ.exe
  C:\Windows\System\iHZmuNZ.exe
  2⤵
  PID:8300
- C:\Windows\System\yNtNEhr.exe
  C:\Windows\System\yNtNEhr.exe
  2⤵
  PID:8416
- C:\Windows\System\yVOinYW.exe
  C:\Windows\System\yVOinYW.exe
  2⤵
  PID:8868
- C:\Windows\System\QQaVnnt.exe
  C:\Windows\System\QQaVnnt.exe
  2⤵
  PID:8360
- C:\Windows\System\decoXLu.exe
  C:\Windows\System\decoXLu.exe
  2⤵
  PID:7720
- C:\Windows\System\qBLZrMD.exe
  C:\Windows\System\qBLZrMD.exe
  2⤵
  PID:8948
- C:\Windows\System\VshAPWX.exe
  C:\Windows\System\VshAPWX.exe
  2⤵
  PID:9012
- C:\Windows\System\xNJMscm.exe
  C:\Windows\System\xNJMscm.exe
  2⤵
  PID:9192
- C:\Windows\System\fRtcQAy.exe
  C:\Windows\System\fRtcQAy.exe
  2⤵
  PID:9160
- C:\Windows\System\hFInecd.exe
  C:\Windows\System\hFInecd.exe
  2⤵
  PID:8828
- C:\Windows\System\qsPYPrq.exe
  C:\Windows\System\qsPYPrq.exe
  2⤵
  PID:9232
- C:\Windows\System\WMgdTRX.exe
  C:\Windows\System\WMgdTRX.exe
  2⤵
  PID:9248
- C:\Windows\System\MJbdpTH.exe
  C:\Windows\System\MJbdpTH.exe
  2⤵
  PID:9264
- C:\Windows\System\lXpFdLf.exe
  C:\Windows\System\lXpFdLf.exe
  2⤵
  PID:9280
- C:\Windows\System\iITKWQX.exe
  C:\Windows\System\iITKWQX.exe
  2⤵
  PID:9296
- C:\Windows\System\vvNXuJR.exe
  C:\Windows\System\vvNXuJR.exe
  2⤵
  PID:9312
- C:\Windows\System\uPpKeEg.exe
  C:\Windows\System\uPpKeEg.exe
  2⤵
  PID:9328
- C:\Windows\System\pJZiJsO.exe
  C:\Windows\System\pJZiJsO.exe
  2⤵
  PID:9344
- C:\Windows\System\qugegaz.exe
  C:\Windows\System\qugegaz.exe
  2⤵
  PID:9360
- C:\Windows\System\XuYuKTQ.exe
  C:\Windows\System\XuYuKTQ.exe
  2⤵
  PID:9376
- C:\Windows\System\NYmYhFT.exe
  C:\Windows\System\NYmYhFT.exe
  2⤵
  PID:9392
- C:\Windows\System\VxWqumD.exe
  C:\Windows\System\VxWqumD.exe
  2⤵
  PID:9408
- C:\Windows\System\cOXQdhQ.exe
  C:\Windows\System\cOXQdhQ.exe
  2⤵
  PID:9424
- C:\Windows\System\YTEJjlO.exe
  C:\Windows\System\YTEJjlO.exe
  2⤵
  PID:9440
- C:\Windows\System\AZKkjTf.exe
  C:\Windows\System\AZKkjTf.exe
  2⤵
  PID:9460
- C:\Windows\System\FhnqYmy.exe
  C:\Windows\System\FhnqYmy.exe
  2⤵
  PID:9476
- C:\Windows\System\vUwnGeh.exe
  C:\Windows\System\vUwnGeh.exe
  2⤵
  PID:9492
- C:\Windows\System\hvlrGUf.exe
  C:\Windows\System\hvlrGUf.exe
  2⤵
  PID:9524
- C:\Windows\System\VfKFeCb.exe
  C:\Windows\System\VfKFeCb.exe
  2⤵
  PID:9548
- C:\Windows\System\Owrkdjv.exe
  C:\Windows\System\Owrkdjv.exe
  2⤵
  PID:9776
- C:\Windows\System\JzvXhcr.exe
  C:\Windows\System\JzvXhcr.exe
  2⤵
  PID:9852
- C:\Windows\System\BmPOxiP.exe
  C:\Windows\System\BmPOxiP.exe
  2⤵
  PID:9876
- C:\Windows\System\etZrSHU.exe
  C:\Windows\System\etZrSHU.exe
  2⤵
  PID:9900
- C:\Windows\System\SqcxpTD.exe
  C:\Windows\System\SqcxpTD.exe
  2⤵
  PID:9940
- C:\Windows\System\yERklxU.exe
  C:\Windows\System\yERklxU.exe
  2⤵
  PID:9972
- C:\Windows\System\waaOkfN.exe
  C:\Windows\System\waaOkfN.exe
  2⤵
  PID:10012
- C:\Windows\System\xciAFYr.exe
  C:\Windows\System\xciAFYr.exe
  2⤵
  PID:10028
- C:\Windows\System\eLgRzvQ.exe
  C:\Windows\System\eLgRzvQ.exe
  2⤵
  PID:10060
- C:\Windows\System\rrFKVdo.exe
  C:\Windows\System\rrFKVdo.exe
  2⤵
  PID:10088
- C:\Windows\System\oPPDgQi.exe
  C:\Windows\System\oPPDgQi.exe
  2⤵
  PID:10132
- C:\Windows\System\OqaQNox.exe
  C:\Windows\System\OqaQNox.exe
  2⤵
  PID:10152
- C:\Windows\System\BotKgGJ.exe
  C:\Windows\System\BotKgGJ.exe
  2⤵
  PID:10172
- C:\Windows\System\xKkmlwH.exe
  C:\Windows\System\xKkmlwH.exe
  2⤵
  PID:10192
- C:\Windows\System\QebdpEh.exe
  C:\Windows\System\QebdpEh.exe
  2⤵
  PID:10208
- C:\Windows\System\kdsmEAZ.exe
  C:\Windows\System\kdsmEAZ.exe
  2⤵
  PID:10228
- C:\Windows\System\ZAXZcdI.exe
  C:\Windows\System\ZAXZcdI.exe
  2⤵
  PID:9228
- C:\Windows\System\HYUcUgC.exe
  C:\Windows\System\HYUcUgC.exe
  2⤵
  PID:8888
- C:\Windows\System\UHCnIGe.exe
  C:\Windows\System\UHCnIGe.exe
  2⤵
  PID:704
- C:\Windows\System\sVwZdtY.exe
  C:\Windows\System\sVwZdtY.exe
  2⤵
  PID:8696
- C:\Windows\System\iwvBEEo.exe
  C:\Windows\System\iwvBEEo.exe
  2⤵
  PID:8516
- C:\Windows\System\fOryFQo.exe
  C:\Windows\System\fOryFQo.exe
  2⤵
  PID:9356
- C:\Windows\System\tvCMjuJ.exe
  C:\Windows\System\tvCMjuJ.exe
  2⤵
  PID:9416
- C:\Windows\System\oRYLUsh.exe
  C:\Windows\System\oRYLUsh.exe
  2⤵
  PID:9276
- C:\Windows\System\eRIQojI.exe
  C:\Windows\System\eRIQojI.exe
  2⤵
  PID:9368
- C:\Windows\System\TwvElXa.exe
  C:\Windows\System\TwvElXa.exe
  2⤵
  PID:9340
- C:\Windows\System\yzHgkEC.exe
  C:\Windows\System\yzHgkEC.exe
  2⤵
  PID:9484
- C:\Windows\System\tkRqQOw.exe
  C:\Windows\System\tkRqQOw.exe
  2⤵
  PID:9468
- C:\Windows\System\TBcXtUh.exe
  C:\Windows\System\TBcXtUh.exe
  2⤵
  PID:9508
- C:\Windows\System\TnIkCiJ.exe
  C:\Windows\System\TnIkCiJ.exe
  2⤵
  PID:9532
- C:\Windows\System\QkGXmLe.exe
  C:\Windows\System\QkGXmLe.exe
  2⤵
  PID:9556
- C:\Windows\System\mOCzYlg.exe
  C:\Windows\System\mOCzYlg.exe
  2⤵
  PID:9580
- C:\Windows\System\ZAwSdBP.exe
  C:\Windows\System\ZAwSdBP.exe
  2⤵
  PID:9560
- C:\Windows\System\UtqTTOv.exe
  C:\Windows\System\UtqTTOv.exe
  2⤵
  PID:9688
- C:\Windows\System\SwLZldu.exe
  C:\Windows\System\SwLZldu.exe
  2⤵
  PID:9632
- C:\Windows\System\OoTPZNe.exe
  C:\Windows\System\OoTPZNe.exe
  2⤵
  PID:9596
- C:\Windows\System\AzZcHmI.exe
  C:\Windows\System\AzZcHmI.exe
  2⤵
  PID:9720
- C:\Windows\System\brDZLWq.exe
  C:\Windows\System\brDZLWq.exe
  2⤵
  PID:9728
- C:\Windows\System\IImwTbD.exe
  C:\Windows\System\IImwTbD.exe
  2⤵
  PID:9660
- C:\Windows\System\MkDwOLG.exe
  C:\Windows\System\MkDwOLG.exe
  2⤵
  PID:9748
- C:\Windows\System\QijuEcZ.exe
  C:\Windows\System\QijuEcZ.exe
  2⤵
  PID:9760
- C:\Windows\System\GjZrpAx.exe
  C:\Windows\System\GjZrpAx.exe
  2⤵
  PID:9692
- C:\Windows\System\cQDVrYe.exe
  C:\Windows\System\cQDVrYe.exe
  2⤵
  PID:9588
- C:\Windows\System\aQwNKWs.exe
  C:\Windows\System\aQwNKWs.exe
  2⤵
  PID:9796
- C:\Windows\System\ZgmyRuc.exe
  C:\Windows\System\ZgmyRuc.exe
  2⤵
  PID:9808
- C:\Windows\System\RSWyKVM.exe
  C:\Windows\System\RSWyKVM.exe
  2⤵
  PID:9824
- C:\Windows\System\QqEPCGr.exe
  C:\Windows\System\QqEPCGr.exe
  2⤵
  PID:9860
- C:\Windows\System\LnlFCAf.exe
  C:\Windows\System\LnlFCAf.exe
  2⤵
  PID:9872
- C:\Windows\System\YwZHxLo.exe
  C:\Windows\System\YwZHxLo.exe
  2⤵
  PID:9912
- C:\Windows\System\njNIwnO.exe
  C:\Windows\System\njNIwnO.exe
  2⤵
  PID:9932
- C:\Windows\System\pnFttli.exe
  C:\Windows\System\pnFttli.exe
  2⤵
  PID:9952
- C:\Windows\System\zdsmoBB.exe
  C:\Windows\System\zdsmoBB.exe
  2⤵
  PID:9968
- C:\Windows\System\bdlaWjy.exe
  C:\Windows\System\bdlaWjy.exe
  2⤵
  PID:10120
- C:\Windows\System\QLmavgk.exe
  C:\Windows\System\QLmavgk.exe
  2⤵
  PID:10108
- C:\Windows\System\YASmStK.exe
  C:\Windows\System\YASmStK.exe
  2⤵
  PID:10168
- C:\Windows\System\YhNiDwr.exe
  C:\Windows\System\YhNiDwr.exe
  2⤵
  PID:10200
- C:\Windows\System\apGpVVk.exe
  C:\Windows\System\apGpVVk.exe
  2⤵
  PID:10224
- C:\Windows\System\wUeqAng.exe
  C:\Windows\System\wUeqAng.exe
  2⤵
  PID:9204
- C:\Windows\System\PUqUCUk.exe
  C:\Windows\System\PUqUCUk.exe
  2⤵
  PID:9292
- C:\Windows\System\EmbGzEO.exe
  C:\Windows\System\EmbGzEO.exe
  2⤵
  PID:8804
- C:\Windows\System\zbevejI.exe
  C:\Windows\System\zbevejI.exe
  2⤵
  PID:9456
- C:\Windows\System\FHzpvKq.exe
  C:\Windows\System\FHzpvKq.exe
  2⤵
  PID:9520
- C:\Windows\System\YheJoeP.exe
  C:\Windows\System\YheJoeP.exe
  2⤵
  PID:9628
- C:\Windows\System\JpGYfiP.exe
  C:\Windows\System\JpGYfiP.exe
  2⤵
  PID:9656
- C:\Windows\System\ZBXFosr.exe
  C:\Windows\System\ZBXFosr.exe
  2⤵
  PID:9400
- C:\Windows\System\YUXysFX.exe
  C:\Windows\System\YUXysFX.exe
  2⤵
  PID:9744
- C:\Windows\System\GPyUulT.exe
  C:\Windows\System\GPyUulT.exe
  2⤵
  PID:9832
- C:\Windows\System\FKMyWrX.exe
  C:\Windows\System\FKMyWrX.exe
  2⤵
  PID:9848
- C:\Windows\System\xlpnGin.exe
  C:\Windows\System\xlpnGin.exe
  2⤵
  PID:9916
- C:\Windows\System\SKOwlvl.exe
  C:\Windows\System\SKOwlvl.exe
  2⤵
  PID:10004
- C:\Windows\System\CIFNnhK.exe
  C:\Windows\System\CIFNnhK.exe
  2⤵
  PID:9992
- C:\Windows\System\edjWlwj.exe
  C:\Windows\System\edjWlwj.exe
  2⤵
  PID:10048
- C:\Windows\System\YvZsKAM.exe
  C:\Windows\System\YvZsKAM.exe
  2⤵
  PID:10056
- C:\Windows\System\xapMzEI.exe
  C:\Windows\System\xapMzEI.exe
  2⤵
  PID:10080
- C:\Windows\System\yhMSzIO.exe
  C:\Windows\System\yhMSzIO.exe
  2⤵
  PID:10104
- C:\Windows\System\nfAVLhb.exe
  C:\Windows\System\nfAVLhb.exe
  2⤵
  PID:9576
- C:\Windows\System\dejOXrB.exe
  C:\Windows\System\dejOXrB.exe
  2⤵
  PID:9648
- C:\Windows\System\tRRLOdQ.exe
  C:\Windows\System\tRRLOdQ.exe
  2⤵
  PID:9820
- C:\Windows\System\mHHxhiT.exe
  C:\Windows\System\mHHxhiT.exe
  2⤵
  PID:9244
- C:\Windows\System\XMQOXmE.exe
  C:\Windows\System\XMQOXmE.exe
  2⤵
  PID:9672
- C:\Windows\System\WjuLvpB.exe
  C:\Windows\System\WjuLvpB.exe
  2⤵
  PID:9784
- C:\Windows\System\KCgnGmY.exe
  C:\Windows\System\KCgnGmY.exe
  2⤵
  PID:9924
- C:\Windows\System\DgEUVYy.exe
  C:\Windows\System\DgEUVYy.exe
  2⤵
  PID:9308
- C:\Windows\System\gDkZIXT.exe
  C:\Windows\System\gDkZIXT.exe
  2⤵
  PID:10160
- C:\Windows\System\BFAsbwq.exe
  C:\Windows\System\BFAsbwq.exe
  2⤵
  PID:10164
- C:\Windows\System\wmFngJB.exe
  C:\Windows\System\wmFngJB.exe
  2⤵
  PID:10204
- C:\Windows\System\FOXwian.exe
  C:\Windows\System\FOXwian.exe
  2⤵
  PID:9500
- C:\Windows\System\qwvfrvx.exe
  C:\Windows\System\qwvfrvx.exe
  2⤵
  PID:9420
- C:\Windows\System\qVQxAIW.exe
  C:\Windows\System\qVQxAIW.exe
  2⤵
  PID:9452
- C:\Windows\System\jmjUVpP.exe
  C:\Windows\System\jmjUVpP.exe
  2⤵
  PID:9840
- C:\Windows\System\NHdhKuR.exe
  C:\Windows\System\NHdhKuR.exe
  2⤵
  PID:9704
- C:\Windows\System\bGlQaVu.exe
  C:\Windows\System\bGlQaVu.exe
  2⤵
  PID:9884
- C:\Windows\System\QlSxDFQ.exe
  C:\Windows\System\QlSxDFQ.exe
  2⤵
  PID:10248
- C:\Windows\System\mjteJcn.exe
  C:\Windows\System\mjteJcn.exe
  2⤵
  PID:10268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ASyJAqh.exe

Filesize
6.1MB

MD5
b2b071b3c78e3fa0bb4199b8b9a9f044

SHA1
b30f472d1b1426a0ae3ee8d86bcbbfe229fd97b7

SHA256
968505370bd3ad85f5aef6b5d50ed6d1facaa7b5f0101013423e2db1bd54d82d

SHA512
46c93ed223aa875c5287325f625353368bdad01c6e263f88ed14e9154b6bcb0dcc97f3e7ca9380c455136c95dbe64e3685f9f28d0197a1e5d33ab65e8ff8dcdb

Download Submit
C:\Windows\system\AsoOQVW.exe

Filesize
6.1MB

MD5
5602102a94560a8bfdb7fe13f87d4c52

SHA1
2700bd57c01f52d915f1d2283b0c47ad3a16d2f2

SHA256
b44ae8e1a429e6f9a5b2603e2f9e2f494b4e210c96e383dfe98ad6a7eb1b6a10

SHA512
7ac2a637f7f342a2a184ff68f7420b3434cdde843131fd9f7960a8e4df2db46f774a6478a2d01831766693035027515fc7b54c6ff7168715f7698831ce18f588

Download Submit
C:\Windows\system\DTFHCqw.exe

Filesize
6.1MB

MD5
1241ab1e2dd5665865ca19304f60ef47

SHA1
d3d1f1b2c9fe5c51872f365ad333fbb34cfc77f1

SHA256
f45da29b3df3545439ef2f1d888a0a0ab4fc5dfd5895865ed097a23e16b1ad5c

SHA512
3061ae510047d8483bc07ed5f6300be28d3d065c221a71e03dbc41dd01f4ad6fe5f2ef89ce1348abbc6ad9fa741c6cfeb0a7f3d5e9994d44a580327439d19e13

Download Submit
C:\Windows\system\GZVWsxb.exe

Filesize
6.1MB

MD5
a1460e688e6864e2c5d3f8b059a92be6

SHA1
99aa08889ba97c47a81934c35402b841b0dd4fdc

SHA256
5a8f6e2011b50442dc274b63bb66a150a8d69c4c25634e2dab1c91904d524eb0

SHA512
aae22cfa2aa47c03eb66d2a8bdd76182b5e19485f065055dc4dd4b7eff7baf6cf47f4cf62178e2f3515b27e7890f6d23ed42afb0a347b364ae99d2f90ce2d39c

Download Submit
C:\Windows\system\GplAXdh.exe

Filesize
6.1MB

MD5
029892ac43bb78c24d41a2d501265993

SHA1
3d779cb6f1aadb9911d9d679d358979f61d98a54

SHA256
fcab499bd9c1dbc95314cb70970e40679ab6a0174438188145014426f8f8f533

SHA512
0016ff3667b9b00087d9b06e27e515c0ff054b2f5801f0ab31c062710c5d96ddb1b9e2270a0872d358456b810a2191b9aa32eda049f038d8bf28cc66b0dd9c15

Download Submit
C:\Windows\system\HBQKjLT.exe

Filesize
6.1MB

MD5
b5a5f89cf766b747b9f4f044c5c8dc30

SHA1
00da5f3b53f196e9569ec0b3652cc629005adc30

SHA256
344b2ce17ce29fd2191adc9752d7dd91939b0cffcbf1dfb51bc917cd5fbbcd05

SHA512
da51c29d817acec96b42fe709a8934376ebf97663e95b15e2552761938282f185008bc1b6ced2215a5d82d69157297cf420821e12cc0cb85c2b2ffec7f0be30c

Download Submit
C:\Windows\system\IBiiPeq.exe

Filesize
6.1MB

MD5
4c0702d8534c07cc8cc0060046c1df62

SHA1
14431131a7e7959db68e158290e445787c396279

SHA256
56ec52fb9e8d6a97b6aa07e8c0e8d9d7ee9e1b2a951ce883266b168038ce76e0

SHA512
1c70dded14f3851dd04c53de9a2c0eb0e3a1a8caf22be17d3ac397d66902e3922523a5205f82c34460bcece52580c8b41eb5c96e74567b79a9ee15dc303d616f

Download Submit
C:\Windows\system\NUqjBhy.exe

Filesize
6.1MB

MD5
77c0ad15b7b59ec606d1dd842d5b2683

SHA1
ea71a3401c7fd47789799871f9f672c10fcf9f59

SHA256
54daf65d6be143c161f3e2a3674994d89eb9c71bb048668bcffab16be1bda614

SHA512
3997bf220eecd110649aca341809d30780f6d659c38b193b333868651bf6fa949cf53bf7ad6f4a97708137b2f26e570f501a3079cacdab5453d03b8ec8530e07

Download Submit
C:\Windows\system\NdilcWl.exe

Filesize
6.1MB

MD5
27506aeb90ea651567ba10eda04bf44c

SHA1
165476d223c38ca32b96a77da67123e4704a7e60

SHA256
dd12201c985a2041ab6684972a7d75b4f5fb7e10dc8470bc5caf221ca808a428

SHA512
211805d838c5d746e64cd5fc70ce4ffa4db03dcbd057c51810c67cf59f1c3e4ff48972f6c798223bfd2d4a95368a0af9b661f7b0d684557d8f1841da2537b0d0

Download Submit
C:\Windows\system\OPuiBFs.exe

Filesize
6.1MB

MD5
135354c85acbe171b223545ff1c92ad3

SHA1
29f402b4c3fe8551ae2d476091f7abac8593ceba

SHA256
9b3d06772ddb6d32a453c801b82da1dedca53ed1cc5360d3ceba694e48690c41

SHA512
6e6591552208c08cb465b772612fc30c652ff2fb4988334bd42b3eb85c35648618ff2b0e79cc3c95ba7b2d84dfe3b2dd3bfa4e99c30a1e36aec21519f7f377e6

Download Submit
C:\Windows\system\OjFKPFo.exe

Filesize
6.1MB

MD5
966cc80fb46e988f665a841e60b115ae

SHA1
e4a33c262cc704c373ade3dc50bf3b60dc51994e

SHA256
2001dd1b48157dbc7e3b66fd03708756d6ab6d122d93467abec35ab08b1707bf

SHA512
c5d6893a17ec3bb517ea9d802996294676145a3c9e7a22dd515ced865b71f9781f9ce97da159e0de4b5fc62dac3320bff230b1ee26c3d6adddee9d1776f80bff

Download Submit
C:\Windows\system\QLJFrKm.exe

Filesize
6.1MB

MD5
758e62397aa45372979a867f905c14ae

SHA1
99405211be56ae441bf20abb7546067f4f4c8bc9

SHA256
a085eb8569c84ad10638dff4ef839b4cb9a6aa6d3cc299eef87a36004110635e

SHA512
a0cd520bdf0aa280e5a814d9cc8327778c63482b5348a7fd571ed876b2a3bfd03e70f838c9fa1a6d94e2011b37476e709e686a1aed1aadf352ce47de451676c6

Download Submit
C:\Windows\system\QcdGOMq.exe

Filesize
6.1MB

MD5
859b28ff90a3f5150df32cd1ac577ef8

SHA1
a8736976dfde3693a30f941f620ba26ad283e25f

SHA256
2f79f0d4e7357446e4c2409ad2e5fe5895c5f13b9e0968cda4beee10d500e178

SHA512
63dd2c98f5f9059d08544a06c2fe2425faec6d56eda00efbe83574b7b4b34a9465dc3b5bea6a32e803de44d688d2bdf0aecd4e5f9dee53ac91c77b9178d03f50

Download Submit
C:\Windows\system\TnPhdPx.exe

Filesize
6.1MB

MD5
6f7163ba161c007c728307e17dad7fe6

SHA1
0bbf34e3e38771f2276b2d3fcec8754bf21b9d4b

SHA256
624d609cd5934525c81df91121b670756d909127a05eab0928646f0237b3baa8

SHA512
81fbd2353ededd8a30b6b33ccbda4edc0ed999cce988d7afe924085f57e6f3cbecccdb1a54cd97a3b1d804df60519b662773475a9028be6950dd8ab462f6dbe4

Download Submit
C:\Windows\system\VvVqmGI.exe

Filesize
6.1MB

MD5
ad4c099835a8d4fdae3262520896544e

SHA1
75c1acfbb539875662fbc4b9737e574c2608648b

SHA256
9a17436752746486f16fe6174a8867cae53aabbf56b53c3bd4d9da1bc945ad37

SHA512
4830e5d7dac12b79baea62b0b84c23b27a81c7f27f0c506646f770cdcf6c46a78f16edc06fc8756331ffc72bd23f27e1880ab5a56e80800ba7261ad54937b04c

Download Submit
C:\Windows\system\WXyfXMH.exe

Filesize
6.1MB

MD5
8792c1ffc248add9fcd943d935ae5b79

SHA1
28ded1fcfb8cabe9763565c4339318a5bc0c2cc0

SHA256
1b95609098cd267fe13240f5a22c2014ad355a75004e59f44aa217b00ecb9cb0

SHA512
406fefe1235feea615f358ac4b18590b853a2fbcb1f1ddd1cbf57112778917efbbfdd13ec8b695f8ae78886db3b068acda31b96af738cf956a712ebd0cdccbc1

Download Submit
C:\Windows\system\WwSmovi.exe

Filesize
6.1MB

MD5
7f503fcdedf59f03e5c1871b63d91a4b

SHA1
7ac369a690615de750c8a0a9a861e9ff0475ed3e

SHA256
3790d207a4fd0703f3601e1c2a4fbaf8ac2f5400d6f519f0270ecd6a48c9e55d

SHA512
af13dd1de4011252ad37a420c2fff19f232155375953f9dbb015fe14b31b18ae66dacb17bbcf2d0c7dc9313913e220b5d5c71cb496d9ce08be1732c949b5ebe4

Download Submit
C:\Windows\system\XmhJEAO.exe

Filesize
6.1MB

MD5
63d3065d4bfec80db9458028ab47349e

SHA1
9939f9506347e8d81432c7a0504e2bd0e18b1afc

SHA256
ef44e1bb0b4f23a2a80ebfacb938e2b9a7e0d048fa4e517ef1fd1ff58b4e41ad

SHA512
61cb21cf95493629bc86e63bf315464e030d74ba73c16232e6cdb46157b70c4bd3c9b2898d09ee5b68d9e485a7d916a3c917fe9aad887cd9ea3154153d588e35

Download Submit
C:\Windows\system\YLLvgwZ.exe

Filesize
6.1MB

MD5
52c52653f289a38888748a06d7cfd99a

SHA1
0dfceee4c094088195eb3e0b3da86580e4d297c0

SHA256
7745ef904fd32affa492158dc09dd78e4fd6ac72785f11a054aefa90bff9cd1b

SHA512
2666a8b36f47ea4838112416bfc6808301942dfc4686738a49ba53db9a279cd8787d7ac39777297c5840b3c117aec29448741969ff8114d20f3d1cae9308cacd

Download Submit
C:\Windows\system\bCKBzAw.exe

Filesize
6.1MB

MD5
c2e9ef51b189235b7a3f4c24cec9557f

SHA1
90f95bb212bff42c3609da2ad36cc5f1ecdd2f0c

SHA256
ccf65c9b0b446c8d12507781e82135cb98f3e03d15d539c994049cc4a019cad2

SHA512
1fd69b06970e2b002913dcc4bd9050a5dad9675b399e96479737f00c57e11849edb18dbf45e2644dabed61eac84371f558566f034ff061821ba7d89f7dbca915

Download Submit
C:\Windows\system\cbsegoF.exe

Filesize
6.1MB

MD5
6dc57928cc20433f8c7835274bc3028a

SHA1
44720ccb84c51097ebba33eac078f74c53e97bff

SHA256
2f270febef562c45910bc61df748f806f47839a1379be9892d599aaa879d932c

SHA512
accb59cbffee77d5c722689333d31486a0e30eae47f2b989cbafe328a01170ce1977cce70010bbb9fa2dea4b4b3564cd7d3fa3a33ef4acb25fd440c972370626

Download Submit
C:\Windows\system\hAlJmId.exe

Filesize
6.1MB

MD5
cdea75ce293cba14605f5bb7ea47c0de

SHA1
3094c2f2c5103d65c9cb9b46667582e575ebebe3

SHA256
98cfb3af8960a1d1386ff0d86fc4614917a566194f9ab1e1f04395ba0fa861ec

SHA512
9cc8d7f3d95b92c7153d83ef3e7ff42187dae635272b9642c3df443d20d249da1d732ed5f863355edc3463c46dbb09d6f92e3fa326b8959a4e57de5d590ea9b6

Download Submit
C:\Windows\system\hiknfnD.exe

Filesize
6.1MB

MD5
328536e3ac01471acb48369eda57c801

SHA1
a81720ed96092fb3ce03551cd31a90e93bb2e96e

SHA256
19e60ae88425380fe2b4d25ea9d7168a5589590cdcf4c8d7cd22e836ca007b0b

SHA512
fff241951559aee65cf8973fc2fd42987019ba045506fe894326e57d3a91fd5cca1924fea77c7df7eb768e2b83a296dd99de0d6f2194409871d40cad9a72cd9d

Download Submit
C:\Windows\system\oWsMQSj.exe

Filesize
6.1MB

MD5
fd8992a8ee4263f8cccad7042278b879

SHA1
74dbc3e0a27dfaf1aaa59a19465e7c382cd49d4d

SHA256
44699238b7fa77207c744755a8ca732974c8c73832f1e9f185990861d1124ab6

SHA512
c71fedf8cb6d2754770dc6a86e533f296c57909e14a60aba729d76c80dd5a48858a1ecba2aec47bd2b0f1b3b44f8cbeccf8b539352c6b34e32f0641db210255e

Download Submit
C:\Windows\system\sQSRKpT.exe

Filesize
6.1MB

MD5
5816692f9875af7227a7583fee7460d1

SHA1
8988f6585bc1d799fc682e02f574eb30e90e1f74

SHA256
7186ff83a0ba6999ffe5f4f3af8eade6f29784625b5eb97d957e2c7761d884c1

SHA512
5a707430733577b8c7a7cb96d15dd2db0d772a8ee2ef5f55c7727fdf41443069b39d4e0f887576daa6270902cfcc26d624e29cd980a7e150cca6f42f0e67a621

Download Submit
C:\Windows\system\sRGNDHX.exe

Filesize
6.1MB

MD5
4bc0a72b451a749162a183d17166363a

SHA1
dcfd4b6f9bfe878711d6f0d0e97c9582be9a5eb0

SHA256
3bce50a425cd2847aab5a8d99f842f406aa06b1534bc4d3e4f95143ee7ee7279

SHA512
0b01c49f30e65ca28f1e97ccafbb44abb987f1d15a8c679208aaf5960350395ac11fbee43f3e327b5a238ff57c3bcaf028c21434507af1202c64365202b99a34

Download Submit
C:\Windows\system\uVoMvTU.exe

Filesize
6.1MB

MD5
8392f59230b9446b239b058c98206f79

SHA1
3866faee24a284fdc42d67c381242bbbd58bca2b

SHA256
25397fe0a6a63b8f8c43c3dd77bc3ed3730860a634a8111a074b7a675d3f30ac

SHA512
143bfb4d7ef22f290505eb096823319e9a996efa86618eef1c6dc42e4efeb7495a7146692118861d84e7e6ddc7a41c4b8b2b8c6c361dc01a3b8889c66f025018

Download Submit
\Windows\system\HbkFxxL.exe

Filesize
6.1MB

MD5
f7800decf8ee36114f324b2f8142090f

SHA1
da01703ebba857dea660e925908a45b9aeda9ccd

SHA256
37393237a03911c6fd36bd05d31d7ce5be81c3799d759c09e3a533b86991cfef

SHA512
0a88e7db2fd796da627adf1838bfd221484fb9e2bef64191405b646e824b4365e21ead71bff9609822238c380f1888a516ec5425ec521c1d0ad96138e9599643

Download Submit
\Windows\system\LRQVHcY.exe

Filesize
6.1MB

MD5
7f3e6c1b7db15f1b41580327ccf6c32e

SHA1
ad0c7e26b2097035f40d5fb5dfc3756bae15de22

SHA256
9ebd592494c0b8d69625dddab6e750201555fba9592fabcc707656f8452e85da

SHA512
b0845a7f1058fa89501010d2854d603d85b6fcb783e8aefa907c7116b237a158267a0f71c5d1ef95e65f51a74977e1297b805628438e865686bb04447da9ad68

Download Submit
\Windows\system\RagddPi.exe

Filesize
6.1MB

MD5
a6855d1a939801d6a5bedfb979f0f81b

SHA1
f25720c14327040a682feb7195415a68e426a63e

SHA256
54258acb334d7768c49e0bad61f1b930161cec39c60c585567e18f5bb6d9f0bc

SHA512
97f10f77b0aeed03c0a6a2607364f075bf4d3dca04be47743f41c0dae18476a3d3417b8e9c314842aed4fc34c7aa42a3983374c1458b7d2ca8ea41a2794fb78a

Download Submit
\Windows\system\fBWNivb.exe

Filesize
6.1MB

MD5
f450c163ce9fca89fec41cc7e68ed7b3

SHA1
dd23664d387d765b97e32318695971f26a21eddd

SHA256
0e78318d6ac6aeb1014b934562b97ab7fc36cc7a9fb15b9a9c155a41fd92992c

SHA512
f0ef0c1600ae6f720e9a27e2a6bc4f63714b187485f2c396f0dc5a2badd58d50e21efbd381efeb95d11c080cbc939e092c745900f1a7d0bb9ffa1c4c5cb06755

Download Submit
\Windows\system\lBfdecn.exe

Filesize
6.1MB

MD5
699ac5a1400366268a73a79fa03440c9

SHA1
94db447d85f347f8801915030ad3c598a7fe2d5f

SHA256
4c1cd17fe67d8176a046321c0d6cb1db99a3e20aa0ddb88f472e4aea781ef6dd

SHA512
92cdfad8da2f4a38b6f0aad55d9361369577a61f8bb8aa64d1535898a4474ffa32390c233d4f0e8dc4db576893473b15bcbf9d02450b7c59fe3f92c5fdd98508

Download Submit
memory/1268-4078-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1268-12-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1708-595-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-656-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2158-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2047-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2045-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1708-8-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1708-1027-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1708-1022-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1708-894-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-663-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1708-627-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2049-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1708-623-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2051-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1708-613-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1708-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1708-2050-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1708-667-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1708-0-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-16-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2043-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-654-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2048-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1708-652-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1708-32-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1708-28-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-604-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2046-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1708-19-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1708-1931-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1708-2044-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2192-587-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2192-4082-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2212-661-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2212-4087-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2312-655-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-4083-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-1391-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-22-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-4076-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-634-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-4081-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-4085-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-653-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-610-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4080-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2728-29-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-1396-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-4089-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-4084-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-624-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4077-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-598-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-618-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-4079-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-581-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2840-4075-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2988-1191-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2988-4088-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2988-21-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download