cobaltstrike | 64b61027aa30add193e8e853816e7e212ce4fb32945ee496cb8bed31f32dcc0d

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-09-2024 08:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a95771efefc08f77d7e789dd6f0932e6
SHA1

b584b462a51dcad8db4770d5c857395a1974647c
SHA256

64b61027aa30add193e8e853816e7e212ce4fb32945ee496cb8bed31f32dcc0d
SHA512

f14c32763cc8f8d190c508dc9b4beeabdff8dea1cd8c8cf7177ce11f14928f6fc3fc9ab6294817a19edc6e3f707eb1901ee8c077edb6efaf20eb1c5cc5c8c7f0
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUa:T+q56utgpPF8u/7a

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001227e-6.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195c5-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019609-16.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001960d-21.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001960f-32.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019611-34.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019615-45.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019461-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019838-70.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000197f8-61.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000198f0-78.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000199bf-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c59-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c5b-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cb9-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a3-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a45e-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a466-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a45c-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a458-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a407-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a34c-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0da-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a9-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a037-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03d-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019efb-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019deb-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dc2-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dc0-119.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1320-0-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/files/0x000c00000001227e-6.dat	xmrig
behavioral1/memory/536-9-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x00070000000195c5-10.dat	xmrig
behavioral1/memory/1936-15-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019609-16.dat	xmrig
behavioral1/files/0x000600000001960d-21.dat	xmrig
behavioral1/memory/1320-24-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/1320-33-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/files/0x000600000001960f-32.dat	xmrig
behavioral1/files/0x0006000000019611-34.dat	xmrig
behavioral1/memory/1688-20-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2192-40-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2804-41-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x0008000000019615-45.dat	xmrig
behavioral1/memory/2808-49-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x0008000000019461-50.dat	xmrig
behavioral1/memory/1936-53-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2880-57-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/1688-56-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2600-64-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2736-67-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2192-73-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2556-74-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/1320-71-0x0000000002390000-0x00000000026E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019838-70.dat	xmrig
behavioral1/files/0x00060000000197f8-61.dat	xmrig
behavioral1/files/0x00050000000198f0-78.dat	xmrig
behavioral1/files/0x00050000000199bf-81.dat	xmrig
behavioral1/memory/3064-79-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c59-90.dat	xmrig
behavioral1/memory/1320-92-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/1320-91-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c5b-109.dat	xmrig
behavioral1/files/0x0005000000019cb9-110.dat	xmrig
behavioral1/memory/2512-108-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c57-106.dat	xmrig
behavioral1/memory/1368-105-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2600-103-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2880-100-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2104-89-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0a3-148.dat	xmrig
behavioral1/files/0x000500000001a45e-183.dat	xmrig
behavioral1/memory/2512-1044-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/1368-796-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/1320-710-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/1320-565-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2104-402-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/3064-322-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x000500000001a463-188.dat	xmrig
behavioral1/files/0x000500000001a466-193.dat	xmrig
behavioral1/files/0x000500000001a45c-179.dat	xmrig
behavioral1/files/0x000500000001a458-173.dat	xmrig
behavioral1/files/0x000500000001a407-168.dat	xmrig
behavioral1/files/0x000500000001a34c-163.dat	xmrig
behavioral1/files/0x000500000001a0da-158.dat	xmrig
behavioral1/files/0x000500000001a0a9-153.dat	xmrig
behavioral1/files/0x000500000001a037-138.dat	xmrig
behavioral1/files/0x000500000001a03d-143.dat	xmrig
behavioral1/files/0x0005000000019efb-133.dat	xmrig
behavioral1/files/0x0005000000019deb-128.dat	xmrig
behavioral1/files/0x0005000000019dc2-123.dat	xmrig
behavioral1/files/0x0005000000019dc0-119.dat	xmrig
behavioral1/memory/536-3409-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
536	FbusziV.exe
1936	WMSorjD.exe
1688	zOPXQrx.exe
2736	AGhCaXU.exe
2192	waAtebI.exe
2804	TIbxKZM.exe
2808	WkOXbGJ.exe
2880	znVWMXZ.exe
2600	ioxTtgT.exe
2556	hQlAwDJ.exe
3064	BGGcavu.exe
2104	ZlJnAbh.exe
1368	fbxvJsD.exe
2512	UPuICvm.exe
2888	GzMlCHq.exe
1820	Twcuelp.exe
2744	svgEfGX.exe
2796	AaXhAfC.exe
2360	jxnbOUz.exe
2040	NEMRTvc.exe
1300	ndgxraV.exe
2136	kAGLape.exe
760	byaFvGi.exe
1156	nMNDELf.exe
1280	KUeuWPx.exe
2288	fJHvuIU.exe
892	pIYdLsa.exe
2924	yndOhmn.exe
2932	fkzKzSt.exe
696	wFwJJYH.exe
1344	qJrcKJt.exe
1088	zpNoURw.exe
1760	JMgDHON.exe
1480	QPFRDJq.exe
1528	hQjylzQ.exe
1640	ZGAfJFY.exe
1784	LqNmuEm.exe
3020	rAPJUOD.exe
316	rbMcAkM.exe
1920	wgejTSy.exe
2148	JuBkLxz.exe
2328	NFFwHFx.exe
1644	IZAdtKA.exe
2240	wChEENe.exe
2324	zgeyesF.exe
2172	qsxuxTC.exe
2308	RdwVYYc.exe
2396	BSLFsrN.exe
396	dbAyeqw.exe
1752	AmgoZNJ.exe
1768	cLyZIJE.exe
2276	BlthZde.exe
1696	cuJBPoy.exe
2016	WzcCaVa.exe
3024	abucACU.exe
2640	jJXavGH.exe
576	BCizCkp.exe
2832	AyuRYKv.exe
560	FXNcIIz.exe
1848	VUtSmxb.exe
2596	dhtWLuU.exe
1764	WdiWjWw.exe
2440	nbwULyM.exe
2604	IVlRdhM.exe

Loads dropped DLL 64 IoCs

pid	Process
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1320-0-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/files/0x000c00000001227e-6.dat	upx
behavioral1/memory/536-9-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x00070000000195c5-10.dat	upx
behavioral1/memory/1936-15-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x0007000000019609-16.dat	upx
behavioral1/files/0x000600000001960d-21.dat	upx
behavioral1/memory/1320-24-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/1320-33-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/files/0x000600000001960f-32.dat	upx
behavioral1/files/0x0006000000019611-34.dat	upx
behavioral1/memory/1688-20-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2192-40-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2804-41-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x0008000000019615-45.dat	upx
behavioral1/memory/2808-49-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x0008000000019461-50.dat	upx
behavioral1/memory/1936-53-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2880-57-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/1688-56-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2600-64-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2736-67-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2192-73-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2556-74-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x0005000000019838-70.dat	upx
behavioral1/files/0x00060000000197f8-61.dat	upx
behavioral1/files/0x00050000000198f0-78.dat	upx
behavioral1/files/0x00050000000199bf-81.dat	upx
behavioral1/memory/3064-79-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x0005000000019c59-90.dat	upx
behavioral1/files/0x0005000000019c5b-109.dat	upx
behavioral1/files/0x0005000000019cb9-110.dat	upx
behavioral1/memory/2512-108-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x0005000000019c57-106.dat	upx
behavioral1/memory/1368-105-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2600-103-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2880-100-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/1320-96-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2104-89-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x000500000001a0a3-148.dat	upx
behavioral1/files/0x000500000001a45e-183.dat	upx
behavioral1/memory/2512-1044-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/1368-796-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2104-402-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/3064-322-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x000500000001a463-188.dat	upx
behavioral1/files/0x000500000001a466-193.dat	upx
behavioral1/files/0x000500000001a45c-179.dat	upx
behavioral1/files/0x000500000001a458-173.dat	upx
behavioral1/files/0x000500000001a407-168.dat	upx
behavioral1/files/0x000500000001a34c-163.dat	upx
behavioral1/files/0x000500000001a0da-158.dat	upx
behavioral1/files/0x000500000001a0a9-153.dat	upx
behavioral1/files/0x000500000001a037-138.dat	upx
behavioral1/files/0x000500000001a03d-143.dat	upx
behavioral1/files/0x0005000000019efb-133.dat	upx
behavioral1/files/0x0005000000019deb-128.dat	upx
behavioral1/files/0x0005000000019dc2-123.dat	upx
behavioral1/files/0x0005000000019dc0-119.dat	upx
behavioral1/memory/536-3409-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/1936-3439-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2736-3453-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/1688-3464-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2804-3496-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jeVqIsM.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJSiZti.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JumzwPI.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TyBQvpH.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BhYMChj.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FSYNjCC.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmcnrRS.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zeBMMaw.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VbhvDmd.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sVleTYG.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QFzsVpp.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hAppqTg.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XjoIucc.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FWldWEH.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wJWWVkg.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\POKnMzW.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\drgVLxc.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ArNGBso.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yULOxir.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjIphhp.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFrADOV.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dDoZhic.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sAujlFU.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MHaxwhd.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wVMvXpd.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGifPAx.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pNujdSp.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ylfdkhs.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZmIRlZo.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hxYDKSK.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XXmbYpE.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lHzKKWz.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nithBzM.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFOUCFp.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QrsrHoL.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqDlqqm.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbnkaGj.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bODjXob.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fPHZttf.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UPsMKxX.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HXvFHSj.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tvQGGMA.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jqTuCsz.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LQSNwlY.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oiZixWy.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NbeZFRs.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFrHLwC.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NtWIYpU.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\msrgTeG.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\opzuUhV.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kaivkjj.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NMVqFAb.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bZjRtfY.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rpGjXQw.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cQgJlWB.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PFjyWJd.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RpwlMgk.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FRCOfdo.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\THkuqjc.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwVfNrO.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Twcuelp.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bqbnrTT.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BumJfXf.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UniWwxM.exe	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 536	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1320 wrote to memory of 536	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1320 wrote to memory of 536	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1320 wrote to memory of 1936	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1320 wrote to memory of 1936	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1320 wrote to memory of 1936	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1320 wrote to memory of 1688	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1320 wrote to memory of 1688	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1320 wrote to memory of 1688	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1320 wrote to memory of 2736	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1320 wrote to memory of 2736	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1320 wrote to memory of 2736	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1320 wrote to memory of 2192	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1320 wrote to memory of 2192	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1320 wrote to memory of 2192	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1320 wrote to memory of 2804	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1320 wrote to memory of 2804	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1320 wrote to memory of 2804	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1320 wrote to memory of 2808	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1320 wrote to memory of 2808	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1320 wrote to memory of 2808	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1320 wrote to memory of 2880	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1320 wrote to memory of 2880	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1320 wrote to memory of 2880	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1320 wrote to memory of 2600	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1320 wrote to memory of 2600	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1320 wrote to memory of 2600	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1320 wrote to memory of 2556	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1320 wrote to memory of 2556	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1320 wrote to memory of 2556	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1320 wrote to memory of 3064	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1320 wrote to memory of 3064	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1320 wrote to memory of 3064	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1320 wrote to memory of 2104	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1320 wrote to memory of 2104	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1320 wrote to memory of 2104	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1320 wrote to memory of 2512	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1320 wrote to memory of 2512	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1320 wrote to memory of 2512	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1320 wrote to memory of 1368	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1320 wrote to memory of 1368	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1320 wrote to memory of 1368	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1320 wrote to memory of 2888	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1320 wrote to memory of 2888	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1320 wrote to memory of 2888	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1320 wrote to memory of 1820	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1320 wrote to memory of 1820	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1320 wrote to memory of 1820	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1320 wrote to memory of 2744	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1320 wrote to memory of 2744	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1320 wrote to memory of 2744	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1320 wrote to memory of 2796	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1320 wrote to memory of 2796	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1320 wrote to memory of 2796	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1320 wrote to memory of 2360	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1320 wrote to memory of 2360	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1320 wrote to memory of 2360	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1320 wrote to memory of 2040	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1320 wrote to memory of 2040	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1320 wrote to memory of 2040	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1320 wrote to memory of 1300	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1320 wrote to memory of 1300	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1320 wrote to memory of 1300	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1320 wrote to memory of 2136	1320	2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-22_a95771efefc08f77d7e789dd6f0932e6_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Windows\System\FbusziV.exe
  C:\Windows\System\FbusziV.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\WMSorjD.exe
  C:\Windows\System\WMSorjD.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\zOPXQrx.exe
  C:\Windows\System\zOPXQrx.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\AGhCaXU.exe
  C:\Windows\System\AGhCaXU.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\waAtebI.exe
  C:\Windows\System\waAtebI.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\TIbxKZM.exe
  C:\Windows\System\TIbxKZM.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\WkOXbGJ.exe
  C:\Windows\System\WkOXbGJ.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\znVWMXZ.exe
  C:\Windows\System\znVWMXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\ioxTtgT.exe
  C:\Windows\System\ioxTtgT.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\hQlAwDJ.exe
  C:\Windows\System\hQlAwDJ.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\BGGcavu.exe
  C:\Windows\System\BGGcavu.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\ZlJnAbh.exe
  C:\Windows\System\ZlJnAbh.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\UPuICvm.exe
  C:\Windows\System\UPuICvm.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\fbxvJsD.exe
  C:\Windows\System\fbxvJsD.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\GzMlCHq.exe
  C:\Windows\System\GzMlCHq.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\Twcuelp.exe
  C:\Windows\System\Twcuelp.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\svgEfGX.exe
  C:\Windows\System\svgEfGX.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\AaXhAfC.exe
  C:\Windows\System\AaXhAfC.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\jxnbOUz.exe
  C:\Windows\System\jxnbOUz.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\NEMRTvc.exe
  C:\Windows\System\NEMRTvc.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\ndgxraV.exe
  C:\Windows\System\ndgxraV.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\kAGLape.exe
  C:\Windows\System\kAGLape.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\byaFvGi.exe
  C:\Windows\System\byaFvGi.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\nMNDELf.exe
  C:\Windows\System\nMNDELf.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\KUeuWPx.exe
  C:\Windows\System\KUeuWPx.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\fJHvuIU.exe
  C:\Windows\System\fJHvuIU.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\pIYdLsa.exe
  C:\Windows\System\pIYdLsa.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\yndOhmn.exe
  C:\Windows\System\yndOhmn.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\fkzKzSt.exe
  C:\Windows\System\fkzKzSt.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\wFwJJYH.exe
  C:\Windows\System\wFwJJYH.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\qJrcKJt.exe
  C:\Windows\System\qJrcKJt.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\zpNoURw.exe
  C:\Windows\System\zpNoURw.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\JMgDHON.exe
  C:\Windows\System\JMgDHON.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\QPFRDJq.exe
  C:\Windows\System\QPFRDJq.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\hQjylzQ.exe
  C:\Windows\System\hQjylzQ.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\ZGAfJFY.exe
  C:\Windows\System\ZGAfJFY.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\LqNmuEm.exe
  C:\Windows\System\LqNmuEm.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\rAPJUOD.exe
  C:\Windows\System\rAPJUOD.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\rbMcAkM.exe
  C:\Windows\System\rbMcAkM.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\wgejTSy.exe
  C:\Windows\System\wgejTSy.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\JuBkLxz.exe
  C:\Windows\System\JuBkLxz.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\NFFwHFx.exe
  C:\Windows\System\NFFwHFx.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\IZAdtKA.exe
  C:\Windows\System\IZAdtKA.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\wChEENe.exe
  C:\Windows\System\wChEENe.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\zgeyesF.exe
  C:\Windows\System\zgeyesF.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\qsxuxTC.exe
  C:\Windows\System\qsxuxTC.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\RdwVYYc.exe
  C:\Windows\System\RdwVYYc.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\BSLFsrN.exe
  C:\Windows\System\BSLFsrN.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\dbAyeqw.exe
  C:\Windows\System\dbAyeqw.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\AmgoZNJ.exe
  C:\Windows\System\AmgoZNJ.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\cLyZIJE.exe
  C:\Windows\System\cLyZIJE.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\BlthZde.exe
  C:\Windows\System\BlthZde.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\cuJBPoy.exe
  C:\Windows\System\cuJBPoy.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\WzcCaVa.exe
  C:\Windows\System\WzcCaVa.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\abucACU.exe
  C:\Windows\System\abucACU.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\jJXavGH.exe
  C:\Windows\System\jJXavGH.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\BCizCkp.exe
  C:\Windows\System\BCizCkp.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\AyuRYKv.exe
  C:\Windows\System\AyuRYKv.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\FXNcIIz.exe
  C:\Windows\System\FXNcIIz.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\VUtSmxb.exe
  C:\Windows\System\VUtSmxb.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\dhtWLuU.exe
  C:\Windows\System\dhtWLuU.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\WdiWjWw.exe
  C:\Windows\System\WdiWjWw.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\nbwULyM.exe
  C:\Windows\System\nbwULyM.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\IVlRdhM.exe
  C:\Windows\System\IVlRdhM.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\tIbyeSA.exe
  C:\Windows\System\tIbyeSA.exe
  2⤵
  PID:2768
- C:\Windows\System\ojHepgu.exe
  C:\Windows\System\ojHepgu.exe
  2⤵
  PID:1240
- C:\Windows\System\VjyyDfl.exe
  C:\Windows\System\VjyyDfl.exe
  2⤵
  PID:1772
- C:\Windows\System\FvvrfrW.exe
  C:\Windows\System\FvvrfrW.exe
  2⤵
  PID:2164
- C:\Windows\System\QxElKoU.exe
  C:\Windows\System\QxElKoU.exe
  2⤵
  PID:2056
- C:\Windows\System\gnfrgbu.exe
  C:\Windows\System\gnfrgbu.exe
  2⤵
  PID:1816
- C:\Windows\System\IFhfoVu.exe
  C:\Windows\System\IFhfoVu.exe
  2⤵
  PID:1664
- C:\Windows\System\dHAqVnC.exe
  C:\Windows\System\dHAqVnC.exe
  2⤵
  PID:1800
- C:\Windows\System\esZmOMD.exe
  C:\Windows\System\esZmOMD.exe
  2⤵
  PID:708
- C:\Windows\System\VfoshsJ.exe
  C:\Windows\System\VfoshsJ.exe
  2⤵
  PID:2160
- C:\Windows\System\wDXYkAL.exe
  C:\Windows\System\wDXYkAL.exe
  2⤵
  PID:1964
- C:\Windows\System\CqMbCnZ.exe
  C:\Windows\System\CqMbCnZ.exe
  2⤵
  PID:2876
- C:\Windows\System\AKVfvRB.exe
  C:\Windows\System\AKVfvRB.exe
  2⤵
  PID:900
- C:\Windows\System\LLSZzgp.exe
  C:\Windows\System\LLSZzgp.exe
  2⤵
  PID:3040
- C:\Windows\System\KhiHnof.exe
  C:\Windows\System\KhiHnof.exe
  2⤵
  PID:2200
- C:\Windows\System\onzAvHU.exe
  C:\Windows\System\onzAvHU.exe
  2⤵
  PID:2224
- C:\Windows\System\dZfSOIq.exe
  C:\Windows\System\dZfSOIq.exe
  2⤵
  PID:1672
- C:\Windows\System\VrRAJGf.exe
  C:\Windows\System\VrRAJGf.exe
  2⤵
  PID:2060
- C:\Windows\System\yMllegI.exe
  C:\Windows\System\yMllegI.exe
  2⤵
  PID:1008
- C:\Windows\System\eANIlWc.exe
  C:\Windows\System\eANIlWc.exe
  2⤵
  PID:1304
- C:\Windows\System\hMCxdFS.exe
  C:\Windows\System\hMCxdFS.exe
  2⤵
  PID:896
- C:\Windows\System\eUrujgs.exe
  C:\Windows\System\eUrujgs.exe
  2⤵
  PID:1584
- C:\Windows\System\LMOCxYk.exe
  C:\Windows\System\LMOCxYk.exe
  2⤵
  PID:2408
- C:\Windows\System\gicILNS.exe
  C:\Windows\System\gicILNS.exe
  2⤵
  PID:1588
- C:\Windows\System\cPoWXFj.exe
  C:\Windows\System\cPoWXFj.exe
  2⤵
  PID:2848
- C:\Windows\System\LurxqYr.exe
  C:\Windows\System\LurxqYr.exe
  2⤵
  PID:860
- C:\Windows\System\trGfMRS.exe
  C:\Windows\System\trGfMRS.exe
  2⤵
  PID:2608
- C:\Windows\System\xaabPpP.exe
  C:\Windows\System\xaabPpP.exe
  2⤵
  PID:2032
- C:\Windows\System\vknPKOa.exe
  C:\Windows\System\vknPKOa.exe
  2⤵
  PID:1572
- C:\Windows\System\HEnQLnu.exe
  C:\Windows\System\HEnQLnu.exe
  2⤵
  PID:1500
- C:\Windows\System\kojLaIy.exe
  C:\Windows\System\kojLaIy.exe
  2⤵
  PID:2356
- C:\Windows\System\ygaxWpZ.exe
  C:\Windows\System\ygaxWpZ.exe
  2⤵
  PID:2068
- C:\Windows\System\WJLgHjO.exe
  C:\Windows\System\WJLgHjO.exe
  2⤵
  PID:2080
- C:\Windows\System\LQgaUoH.exe
  C:\Windows\System\LQgaUoH.exe
  2⤵
  PID:444
- C:\Windows\System\kFwtrhr.exe
  C:\Windows\System\kFwtrhr.exe
  2⤵
  PID:956
- C:\Windows\System\OXWuPlU.exe
  C:\Windows\System\OXWuPlU.exe
  2⤵
  PID:1868
- C:\Windows\System\aAknmxu.exe
  C:\Windows\System\aAknmxu.exe
  2⤵
  PID:2372
- C:\Windows\System\EOvxmsf.exe
  C:\Windows\System\EOvxmsf.exe
  2⤵
  PID:2520
- C:\Windows\System\rZVsUyN.exe
  C:\Windows\System\rZVsUyN.exe
  2⤵
  PID:572
- C:\Windows\System\vFXKajd.exe
  C:\Windows\System\vFXKajd.exe
  2⤵
  PID:1288
- C:\Windows\System\cAjHLkn.exe
  C:\Windows\System\cAjHLkn.exe
  2⤵
  PID:2632
- C:\Windows\System\oqnqJem.exe
  C:\Windows\System\oqnqJem.exe
  2⤵
  PID:1980
- C:\Windows\System\KxMmjTB.exe
  C:\Windows\System\KxMmjTB.exe
  2⤵
  PID:2460
- C:\Windows\System\MRvYFkd.exe
  C:\Windows\System\MRvYFkd.exe
  2⤵
  PID:2964
- C:\Windows\System\IIPxmEa.exe
  C:\Windows\System\IIPxmEa.exe
  2⤵
  PID:2576
- C:\Windows\System\IjNUdao.exe
  C:\Windows\System\IjNUdao.exe
  2⤵
  PID:2908
- C:\Windows\System\lHzKKWz.exe
  C:\Windows\System\lHzKKWz.exe
  2⤵
  PID:2248
- C:\Windows\System\FsVYoul.exe
  C:\Windows\System\FsVYoul.exe
  2⤵
  PID:2724
- C:\Windows\System\PFjyWJd.exe
  C:\Windows\System\PFjyWJd.exe
  2⤵
  PID:1676
- C:\Windows\System\LnOJEad.exe
  C:\Windows\System\LnOJEad.exe
  2⤵
  PID:3036
- C:\Windows\System\lgteqTL.exe
  C:\Windows\System\lgteqTL.exe
  2⤵
  PID:2992
- C:\Windows\System\ZZCjZdE.exe
  C:\Windows\System\ZZCjZdE.exe
  2⤵
  PID:2444
- C:\Windows\System\GEjSwnI.exe
  C:\Windows\System\GEjSwnI.exe
  2⤵
  PID:1660
- C:\Windows\System\YGdzwlO.exe
  C:\Windows\System\YGdzwlO.exe
  2⤵
  PID:3088
- C:\Windows\System\YPhttLJ.exe
  C:\Windows\System\YPhttLJ.exe
  2⤵
  PID:3108
- C:\Windows\System\JPbdkph.exe
  C:\Windows\System\JPbdkph.exe
  2⤵
  PID:3132
- C:\Windows\System\OKyriJO.exe
  C:\Windows\System\OKyriJO.exe
  2⤵
  PID:3152
- C:\Windows\System\nuCgtKH.exe
  C:\Windows\System\nuCgtKH.exe
  2⤵
  PID:3172
- C:\Windows\System\sdaihwo.exe
  C:\Windows\System\sdaihwo.exe
  2⤵
  PID:3192
- C:\Windows\System\aFBnEKn.exe
  C:\Windows\System\aFBnEKn.exe
  2⤵
  PID:3208
- C:\Windows\System\xSuFIUo.exe
  C:\Windows\System\xSuFIUo.exe
  2⤵
  PID:3228
- C:\Windows\System\iWAZlfa.exe
  C:\Windows\System\iWAZlfa.exe
  2⤵
  PID:3252
- C:\Windows\System\QtxxIOD.exe
  C:\Windows\System\QtxxIOD.exe
  2⤵
  PID:3272
- C:\Windows\System\GPycHZp.exe
  C:\Windows\System\GPycHZp.exe
  2⤵
  PID:3292
- C:\Windows\System\ShCkvwW.exe
  C:\Windows\System\ShCkvwW.exe
  2⤵
  PID:3312
- C:\Windows\System\pkMOQVS.exe
  C:\Windows\System\pkMOQVS.exe
  2⤵
  PID:3332
- C:\Windows\System\FIJrzfj.exe
  C:\Windows\System\FIJrzfj.exe
  2⤵
  PID:3352
- C:\Windows\System\rHBUmXA.exe
  C:\Windows\System\rHBUmXA.exe
  2⤵
  PID:3372
- C:\Windows\System\mOqMmOl.exe
  C:\Windows\System\mOqMmOl.exe
  2⤵
  PID:3392
- C:\Windows\System\BxQynSn.exe
  C:\Windows\System\BxQynSn.exe
  2⤵
  PID:3412
- C:\Windows\System\KlAEnnC.exe
  C:\Windows\System\KlAEnnC.exe
  2⤵
  PID:3432
- C:\Windows\System\JZXAeuP.exe
  C:\Windows\System\JZXAeuP.exe
  2⤵
  PID:3452
- C:\Windows\System\fImdFBH.exe
  C:\Windows\System\fImdFBH.exe
  2⤵
  PID:3472
- C:\Windows\System\yjiArdB.exe
  C:\Windows\System\yjiArdB.exe
  2⤵
  PID:3492
- C:\Windows\System\hObmCFI.exe
  C:\Windows\System\hObmCFI.exe
  2⤵
  PID:3512
- C:\Windows\System\kfxHaMb.exe
  C:\Windows\System\kfxHaMb.exe
  2⤵
  PID:3532
- C:\Windows\System\uOEyxLV.exe
  C:\Windows\System\uOEyxLV.exe
  2⤵
  PID:3552
- C:\Windows\System\fgErfKT.exe
  C:\Windows\System\fgErfKT.exe
  2⤵
  PID:3572
- C:\Windows\System\uPCrZbL.exe
  C:\Windows\System\uPCrZbL.exe
  2⤵
  PID:3592
- C:\Windows\System\DHclUaM.exe
  C:\Windows\System\DHclUaM.exe
  2⤵
  PID:3608
- C:\Windows\System\LbrwjgY.exe
  C:\Windows\System\LbrwjgY.exe
  2⤵
  PID:3628
- C:\Windows\System\BepIyRS.exe
  C:\Windows\System\BepIyRS.exe
  2⤵
  PID:3652
- C:\Windows\System\kNmllYi.exe
  C:\Windows\System\kNmllYi.exe
  2⤵
  PID:3672
- C:\Windows\System\rTejJGX.exe
  C:\Windows\System\rTejJGX.exe
  2⤵
  PID:3692
- C:\Windows\System\mNwDOTA.exe
  C:\Windows\System\mNwDOTA.exe
  2⤵
  PID:3712
- C:\Windows\System\JHixSZh.exe
  C:\Windows\System\JHixSZh.exe
  2⤵
  PID:3732
- C:\Windows\System\DrgkIkK.exe
  C:\Windows\System\DrgkIkK.exe
  2⤵
  PID:3752
- C:\Windows\System\IhuXeOZ.exe
  C:\Windows\System\IhuXeOZ.exe
  2⤵
  PID:3772
- C:\Windows\System\PUcunBr.exe
  C:\Windows\System\PUcunBr.exe
  2⤵
  PID:3792
- C:\Windows\System\lNqezYr.exe
  C:\Windows\System\lNqezYr.exe
  2⤵
  PID:3812
- C:\Windows\System\qZLDNUT.exe
  C:\Windows\System\qZLDNUT.exe
  2⤵
  PID:3832
- C:\Windows\System\wRdQEJq.exe
  C:\Windows\System\wRdQEJq.exe
  2⤵
  PID:3852
- C:\Windows\System\MyJCOpR.exe
  C:\Windows\System\MyJCOpR.exe
  2⤵
  PID:3876
- C:\Windows\System\pqcwnrd.exe
  C:\Windows\System\pqcwnrd.exe
  2⤵
  PID:3896
- C:\Windows\System\lDszoQS.exe
  C:\Windows\System\lDszoQS.exe
  2⤵
  PID:3916
- C:\Windows\System\kRDuoMm.exe
  C:\Windows\System\kRDuoMm.exe
  2⤵
  PID:3932
- C:\Windows\System\qtqYmae.exe
  C:\Windows\System\qtqYmae.exe
  2⤵
  PID:3956
- C:\Windows\System\ptiOlre.exe
  C:\Windows\System\ptiOlre.exe
  2⤵
  PID:3976
- C:\Windows\System\JopGQmD.exe
  C:\Windows\System\JopGQmD.exe
  2⤵
  PID:3996
- C:\Windows\System\ILNeLam.exe
  C:\Windows\System\ILNeLam.exe
  2⤵
  PID:4012
- C:\Windows\System\rTuvneD.exe
  C:\Windows\System\rTuvneD.exe
  2⤵
  PID:4032
- C:\Windows\System\akZiCRZ.exe
  C:\Windows\System\akZiCRZ.exe
  2⤵
  PID:4052
- C:\Windows\System\ojGRrnl.exe
  C:\Windows\System\ojGRrnl.exe
  2⤵
  PID:4076
- C:\Windows\System\wzPQVkV.exe
  C:\Windows\System\wzPQVkV.exe
  2⤵
  PID:280
- C:\Windows\System\rVfLVYv.exe
  C:\Windows\System\rVfLVYv.exe
  2⤵
  PID:1708
- C:\Windows\System\tONWSCf.exe
  C:\Windows\System\tONWSCf.exe
  2⤵
  PID:764
- C:\Windows\System\KjYNpbE.exe
  C:\Windows\System\KjYNpbE.exe
  2⤵
  PID:2856
- C:\Windows\System\LEmgIob.exe
  C:\Windows\System\LEmgIob.exe
  2⤵
  PID:2668
- C:\Windows\System\TxUCJjR.exe
  C:\Windows\System\TxUCJjR.exe
  2⤵
  PID:2028
- C:\Windows\System\rhNvwfS.exe
  C:\Windows\System\rhNvwfS.exe
  2⤵
  PID:1976
- C:\Windows\System\CcnUpOk.exe
  C:\Windows\System\CcnUpOk.exe
  2⤵
  PID:1532
- C:\Windows\System\boPOOsB.exe
  C:\Windows\System\boPOOsB.exe
  2⤵
  PID:644
- C:\Windows\System\daUzYpY.exe
  C:\Windows\System\daUzYpY.exe
  2⤵
  PID:3100
- C:\Windows\System\cWMpDDm.exe
  C:\Windows\System\cWMpDDm.exe
  2⤵
  PID:3128
- C:\Windows\System\MCziIkH.exe
  C:\Windows\System\MCziIkH.exe
  2⤵
  PID:3160
- C:\Windows\System\WcFdaKY.exe
  C:\Windows\System\WcFdaKY.exe
  2⤵
  PID:3164
- C:\Windows\System\RgIVulm.exe
  C:\Windows\System\RgIVulm.exe
  2⤵
  PID:3240
- C:\Windows\System\HdQMArI.exe
  C:\Windows\System\HdQMArI.exe
  2⤵
  PID:3260
- C:\Windows\System\CvZzney.exe
  C:\Windows\System\CvZzney.exe
  2⤵
  PID:3304
- C:\Windows\System\VTfkYEX.exe
  C:\Windows\System\VTfkYEX.exe
  2⤵
  PID:3340
- C:\Windows\System\bxoYVIi.exe
  C:\Windows\System\bxoYVIi.exe
  2⤵
  PID:3380
- C:\Windows\System\dYYrlyj.exe
  C:\Windows\System\dYYrlyj.exe
  2⤵
  PID:3420
- C:\Windows\System\BlXsyHZ.exe
  C:\Windows\System\BlXsyHZ.exe
  2⤵
  PID:3400
- C:\Windows\System\AqesbZd.exe
  C:\Windows\System\AqesbZd.exe
  2⤵
  PID:3444
- C:\Windows\System\wpeoiJB.exe
  C:\Windows\System\wpeoiJB.exe
  2⤵
  PID:3508
- C:\Windows\System\vCvpsKN.exe
  C:\Windows\System\vCvpsKN.exe
  2⤵
  PID:3520
- C:\Windows\System\WAaHrrY.exe
  C:\Windows\System\WAaHrrY.exe
  2⤵
  PID:3560
- C:\Windows\System\XzRuhsP.exe
  C:\Windows\System\XzRuhsP.exe
  2⤵
  PID:3584
- C:\Windows\System\rpGjXQw.exe
  C:\Windows\System\rpGjXQw.exe
  2⤵
  PID:3636
- C:\Windows\System\rDvFLuf.exe
  C:\Windows\System\rDvFLuf.exe
  2⤵
  PID:3648
- C:\Windows\System\YEnUXOF.exe
  C:\Windows\System\YEnUXOF.exe
  2⤵
  PID:3708
- C:\Windows\System\JjdCDmE.exe
  C:\Windows\System\JjdCDmE.exe
  2⤵
  PID:3748
- C:\Windows\System\SMcNLXK.exe
  C:\Windows\System\SMcNLXK.exe
  2⤵
  PID:3760
- C:\Windows\System\ufaaMfL.exe
  C:\Windows\System\ufaaMfL.exe
  2⤵
  PID:3784
- C:\Windows\System\QtUdQmy.exe
  C:\Windows\System\QtUdQmy.exe
  2⤵
  PID:3868
- C:\Windows\System\XIIxndC.exe
  C:\Windows\System\XIIxndC.exe
  2⤵
  PID:3804
- C:\Windows\System\AzVheoW.exe
  C:\Windows\System\AzVheoW.exe
  2⤵
  PID:3912
- C:\Windows\System\OhAGEOL.exe
  C:\Windows\System\OhAGEOL.exe
  2⤵
  PID:2712
- C:\Windows\System\VuCbIuz.exe
  C:\Windows\System\VuCbIuz.exe
  2⤵
  PID:3928
- C:\Windows\System\SkSzcEF.exe
  C:\Windows\System\SkSzcEF.exe
  2⤵
  PID:3972
- C:\Windows\System\qderLoy.exe
  C:\Windows\System\qderLoy.exe
  2⤵
  PID:4004
- C:\Windows\System\YgIrJGI.exe
  C:\Windows\System\YgIrJGI.exe
  2⤵
  PID:4040
- C:\Windows\System\TwvvuXy.exe
  C:\Windows\System\TwvvuXy.exe
  2⤵
  PID:2844
- C:\Windows\System\UuFkdUd.exe
  C:\Windows\System\UuFkdUd.exe
  2⤵
  PID:4088
- C:\Windows\System\RAITexp.exe
  C:\Windows\System\RAITexp.exe
  2⤵
  PID:2568
- C:\Windows\System\jmQQXAF.exe
  C:\Windows\System\jmQQXAF.exe
  2⤵
  PID:1668
- C:\Windows\System\kItUNLc.exe
  C:\Windows\System\kItUNLc.exe
  2⤵
  PID:1832
- C:\Windows\System\cGSMIki.exe
  C:\Windows\System\cGSMIki.exe
  2⤵
  PID:2772
- C:\Windows\System\kkEEwdn.exe
  C:\Windows\System\kkEEwdn.exe
  2⤵
  PID:3148
- C:\Windows\System\Tqxwfnd.exe
  C:\Windows\System\Tqxwfnd.exe
  2⤵
  PID:3084
- C:\Windows\System\LlrWKRy.exe
  C:\Windows\System\LlrWKRy.exe
  2⤵
  PID:3184
- C:\Windows\System\KSLwwvz.exe
  C:\Windows\System\KSLwwvz.exe
  2⤵
  PID:3300
- C:\Windows\System\SOMbofr.exe
  C:\Windows\System\SOMbofr.exe
  2⤵
  PID:3320
- C:\Windows\System\algesQs.exe
  C:\Windows\System\algesQs.exe
  2⤵
  PID:3348
- C:\Windows\System\mnDNmkx.exe
  C:\Windows\System\mnDNmkx.exe
  2⤵
  PID:3384
- C:\Windows\System\QMhtyCk.exe
  C:\Windows\System\QMhtyCk.exe
  2⤵
  PID:2580
- C:\Windows\System\QunfugU.exe
  C:\Windows\System\QunfugU.exe
  2⤵
  PID:3440
- C:\Windows\System\kwWkmxu.exe
  C:\Windows\System\kwWkmxu.exe
  2⤵
  PID:3524
- C:\Windows\System\yVuTMOF.exe
  C:\Windows\System\yVuTMOF.exe
  2⤵
  PID:3660
- C:\Windows\System\DwyNKsc.exe
  C:\Windows\System\DwyNKsc.exe
  2⤵
  PID:3564
- C:\Windows\System\fpednLQ.exe
  C:\Windows\System\fpednLQ.exe
  2⤵
  PID:3664
- C:\Windows\System\QJLgeyt.exe
  C:\Windows\System\QJLgeyt.exe
  2⤵
  PID:3684
- C:\Windows\System\hAppqTg.exe
  C:\Windows\System\hAppqTg.exe
  2⤵
  PID:3824
- C:\Windows\System\WnCORFg.exe
  C:\Windows\System\WnCORFg.exe
  2⤵
  PID:3844
- C:\Windows\System\SIYurLi.exe
  C:\Windows\System\SIYurLi.exe
  2⤵
  PID:3800
- C:\Windows\System\jqHIpDb.exe
  C:\Windows\System\jqHIpDb.exe
  2⤵
  PID:3948
- C:\Windows\System\wtOinQk.exe
  C:\Windows\System\wtOinQk.exe
  2⤵
  PID:3964
- C:\Windows\System\HXuMcNi.exe
  C:\Windows\System\HXuMcNi.exe
  2⤵
  PID:4072
- C:\Windows\System\COkvCaF.exe
  C:\Windows\System\COkvCaF.exe
  2⤵
  PID:1856
- C:\Windows\System\TyWKwPm.exe
  C:\Windows\System\TyWKwPm.exe
  2⤵
  PID:2544
- C:\Windows\System\pObfXwf.exe
  C:\Windows\System\pObfXwf.exe
  2⤵
  PID:1352
- C:\Windows\System\beqttTQ.exe
  C:\Windows\System\beqttTQ.exe
  2⤵
  PID:1808
- C:\Windows\System\AUHKlCB.exe
  C:\Windows\System\AUHKlCB.exe
  2⤵
  PID:3288
- C:\Windows\System\JnvmhaW.exe
  C:\Windows\System\JnvmhaW.exe
  2⤵
  PID:3120
- C:\Windows\System\CxFyvPx.exe
  C:\Windows\System\CxFyvPx.exe
  2⤵
  PID:3460
- C:\Windows\System\QtjnLuv.exe
  C:\Windows\System\QtjnLuv.exe
  2⤵
  PID:2620
- C:\Windows\System\TDeUdbj.exe
  C:\Windows\System\TDeUdbj.exe
  2⤵
  PID:3484
- C:\Windows\System\brxkmPg.exe
  C:\Windows\System\brxkmPg.exe
  2⤵
  PID:3544
- C:\Windows\System\FBFwpFN.exe
  C:\Windows\System\FBFwpFN.exe
  2⤵
  PID:3668
- C:\Windows\System\HONfasE.exe
  C:\Windows\System\HONfasE.exe
  2⤵
  PID:3728
- C:\Windows\System\nWswkWm.exe
  C:\Windows\System\nWswkWm.exe
  2⤵
  PID:3740
- C:\Windows\System\psYuKCW.exe
  C:\Windows\System\psYuKCW.exe
  2⤵
  PID:2504
- C:\Windows\System\Uridcqu.exe
  C:\Windows\System\Uridcqu.exe
  2⤵
  PID:3984
- C:\Windows\System\QhKEBnL.exe
  C:\Windows\System\QhKEBnL.exe
  2⤵
  PID:2612
- C:\Windows\System\MVcJKFl.exe
  C:\Windows\System\MVcJKFl.exe
  2⤵
  PID:1564
- C:\Windows\System\ADiQqZJ.exe
  C:\Windows\System\ADiQqZJ.exe
  2⤵
  PID:2132
- C:\Windows\System\TjaDfGM.exe
  C:\Windows\System\TjaDfGM.exe
  2⤵
  PID:3236
- C:\Windows\System\hKFWVNj.exe
  C:\Windows\System\hKFWVNj.exe
  2⤵
  PID:3428
- C:\Windows\System\MVJRUOn.exe
  C:\Windows\System\MVJRUOn.exe
  2⤵
  PID:3060
- C:\Windows\System\vFwaGPS.exe
  C:\Windows\System\vFwaGPS.exe
  2⤵
  PID:3680
- C:\Windows\System\feJdAtp.exe
  C:\Windows\System\feJdAtp.exe
  2⤵
  PID:3720
- C:\Windows\System\CwQvwba.exe
  C:\Windows\System\CwQvwba.exe
  2⤵
  PID:3768
- C:\Windows\System\IRfrVhc.exe
  C:\Windows\System\IRfrVhc.exe
  2⤵
  PID:4048
- C:\Windows\System\bPmfyjJ.exe
  C:\Windows\System\bPmfyjJ.exe
  2⤵
  PID:1312
- C:\Windows\System\IRFnqZx.exe
  C:\Windows\System\IRFnqZx.exe
  2⤵
  PID:3580
- C:\Windows\System\vKaBiyQ.exe
  C:\Windows\System\vKaBiyQ.exe
  2⤵
  PID:3324
- C:\Windows\System\QcFJPvl.exe
  C:\Windows\System\QcFJPvl.exe
  2⤵
  PID:1052
- C:\Windows\System\QkZFoOa.exe
  C:\Windows\System\QkZFoOa.exe
  2⤵
  PID:2292
- C:\Windows\System\aFeKrik.exe
  C:\Windows\System\aFeKrik.exe
  2⤵
  PID:3360
- C:\Windows\System\fdVZwwq.exe
  C:\Windows\System\fdVZwwq.exe
  2⤵
  PID:3808
- C:\Windows\System\ZmIRlZo.exe
  C:\Windows\System\ZmIRlZo.exe
  2⤵
  PID:4100
- C:\Windows\System\cZMmGOe.exe
  C:\Windows\System\cZMmGOe.exe
  2⤵
  PID:4116
- C:\Windows\System\mAJGOyz.exe
  C:\Windows\System\mAJGOyz.exe
  2⤵
  PID:4140
- C:\Windows\System\PgVgcBB.exe
  C:\Windows\System\PgVgcBB.exe
  2⤵
  PID:4156
- C:\Windows\System\UQbehFk.exe
  C:\Windows\System\UQbehFk.exe
  2⤵
  PID:4176
- C:\Windows\System\ITICxvc.exe
  C:\Windows\System\ITICxvc.exe
  2⤵
  PID:4200
- C:\Windows\System\jVtnVpR.exe
  C:\Windows\System\jVtnVpR.exe
  2⤵
  PID:4220
- C:\Windows\System\HBBXyKr.exe
  C:\Windows\System\HBBXyKr.exe
  2⤵
  PID:4236
- C:\Windows\System\KIuDDkl.exe
  C:\Windows\System\KIuDDkl.exe
  2⤵
  PID:4256
- C:\Windows\System\nfneIaO.exe
  C:\Windows\System\nfneIaO.exe
  2⤵
  PID:4276
- C:\Windows\System\OBoKVWs.exe
  C:\Windows\System\OBoKVWs.exe
  2⤵
  PID:4300
- C:\Windows\System\JcuENLT.exe
  C:\Windows\System\JcuENLT.exe
  2⤵
  PID:4320
- C:\Windows\System\NYQcNqb.exe
  C:\Windows\System\NYQcNqb.exe
  2⤵
  PID:4340
- C:\Windows\System\ZwlYWLE.exe
  C:\Windows\System\ZwlYWLE.exe
  2⤵
  PID:4360
- C:\Windows\System\DerFuMx.exe
  C:\Windows\System\DerFuMx.exe
  2⤵
  PID:4380
- C:\Windows\System\VcswXfp.exe
  C:\Windows\System\VcswXfp.exe
  2⤵
  PID:4396
- C:\Windows\System\Wjedcem.exe
  C:\Windows\System\Wjedcem.exe
  2⤵
  PID:4416
- C:\Windows\System\gIJQhTS.exe
  C:\Windows\System\gIJQhTS.exe
  2⤵
  PID:4436
- C:\Windows\System\YoKeXDd.exe
  C:\Windows\System\YoKeXDd.exe
  2⤵
  PID:4460
- C:\Windows\System\UySwnGi.exe
  C:\Windows\System\UySwnGi.exe
  2⤵
  PID:4476
- C:\Windows\System\irATOnt.exe
  C:\Windows\System\irATOnt.exe
  2⤵
  PID:4496
- C:\Windows\System\WClVnBH.exe
  C:\Windows\System\WClVnBH.exe
  2⤵
  PID:4516
- C:\Windows\System\gCZrbBv.exe
  C:\Windows\System\gCZrbBv.exe
  2⤵
  PID:4536
- C:\Windows\System\ZQtPJuA.exe
  C:\Windows\System\ZQtPJuA.exe
  2⤵
  PID:4560
- C:\Windows\System\oNozxxa.exe
  C:\Windows\System\oNozxxa.exe
  2⤵
  PID:4580
- C:\Windows\System\xyTlTMS.exe
  C:\Windows\System\xyTlTMS.exe
  2⤵
  PID:4600
- C:\Windows\System\uqrzoUT.exe
  C:\Windows\System\uqrzoUT.exe
  2⤵
  PID:4620
- C:\Windows\System\YiPTlqO.exe
  C:\Windows\System\YiPTlqO.exe
  2⤵
  PID:4640
- C:\Windows\System\cLAngzx.exe
  C:\Windows\System\cLAngzx.exe
  2⤵
  PID:4660
- C:\Windows\System\ovTSaGA.exe
  C:\Windows\System\ovTSaGA.exe
  2⤵
  PID:4680
- C:\Windows\System\szCZJsy.exe
  C:\Windows\System\szCZJsy.exe
  2⤵
  PID:4700
- C:\Windows\System\wVMvXpd.exe
  C:\Windows\System\wVMvXpd.exe
  2⤵
  PID:4716
- C:\Windows\System\OTOzceD.exe
  C:\Windows\System\OTOzceD.exe
  2⤵
  PID:4736
- C:\Windows\System\ENmgWjp.exe
  C:\Windows\System\ENmgWjp.exe
  2⤵
  PID:4760
- C:\Windows\System\dPholUo.exe
  C:\Windows\System\dPholUo.exe
  2⤵
  PID:4780
- C:\Windows\System\jFzGpqM.exe
  C:\Windows\System\jFzGpqM.exe
  2⤵
  PID:4796
- C:\Windows\System\fBitNcq.exe
  C:\Windows\System\fBitNcq.exe
  2⤵
  PID:4816
- C:\Windows\System\AVDPJNO.exe
  C:\Windows\System\AVDPJNO.exe
  2⤵
  PID:4840
- C:\Windows\System\nKndbaN.exe
  C:\Windows\System\nKndbaN.exe
  2⤵
  PID:4860
- C:\Windows\System\qcmLoHy.exe
  C:\Windows\System\qcmLoHy.exe
  2⤵
  PID:4880
- C:\Windows\System\QMNvvnY.exe
  C:\Windows\System\QMNvvnY.exe
  2⤵
  PID:4900
- C:\Windows\System\AyFGlED.exe
  C:\Windows\System\AyFGlED.exe
  2⤵
  PID:4920
- C:\Windows\System\oDhRTOP.exe
  C:\Windows\System\oDhRTOP.exe
  2⤵
  PID:4940
- C:\Windows\System\cpdXIAn.exe
  C:\Windows\System\cpdXIAn.exe
  2⤵
  PID:4956
- C:\Windows\System\DlLkRsK.exe
  C:\Windows\System\DlLkRsK.exe
  2⤵
  PID:4976
- C:\Windows\System\TCtwaTK.exe
  C:\Windows\System\TCtwaTK.exe
  2⤵
  PID:4996
- C:\Windows\System\PqJpbol.exe
  C:\Windows\System\PqJpbol.exe
  2⤵
  PID:5016
- C:\Windows\System\hEwMbdY.exe
  C:\Windows\System\hEwMbdY.exe
  2⤵
  PID:5032
- C:\Windows\System\KHAXQbI.exe
  C:\Windows\System\KHAXQbI.exe
  2⤵
  PID:5052
- C:\Windows\System\ekGrLUQ.exe
  C:\Windows\System\ekGrLUQ.exe
  2⤵
  PID:5068
- C:\Windows\System\latuYVI.exe
  C:\Windows\System\latuYVI.exe
  2⤵
  PID:5096
- C:\Windows\System\HuVVxsg.exe
  C:\Windows\System\HuVVxsg.exe
  2⤵
  PID:4024
- C:\Windows\System\Lbbweqa.exe
  C:\Windows\System\Lbbweqa.exe
  2⤵
  PID:4092
- C:\Windows\System\sBVjVim.exe
  C:\Windows\System\sBVjVim.exe
  2⤵
  PID:2688
- C:\Windows\System\hbFUIao.exe
  C:\Windows\System\hbFUIao.exe
  2⤵
  PID:3528
- C:\Windows\System\GDDSKRa.exe
  C:\Windows\System\GDDSKRa.exe
  2⤵
  PID:1600
- C:\Windows\System\Zslbpgb.exe
  C:\Windows\System\Zslbpgb.exe
  2⤵
  PID:4124
- C:\Windows\System\SVojZnI.exe
  C:\Windows\System\SVojZnI.exe
  2⤵
  PID:4128
- C:\Windows\System\TYpwyUO.exe
  C:\Windows\System\TYpwyUO.exe
  2⤵
  PID:4168
- C:\Windows\System\BaMUjXS.exe
  C:\Windows\System\BaMUjXS.exe
  2⤵
  PID:4212
- C:\Windows\System\hCpwsvB.exe
  C:\Windows\System\hCpwsvB.exe
  2⤵
  PID:4244
- C:\Windows\System\BxliCbp.exe
  C:\Windows\System\BxliCbp.exe
  2⤵
  PID:4284
- C:\Windows\System\RMZxpdq.exe
  C:\Windows\System\RMZxpdq.exe
  2⤵
  PID:4232
- C:\Windows\System\xcZHpWb.exe
  C:\Windows\System\xcZHpWb.exe
  2⤵
  PID:4336
- C:\Windows\System\TRVaOsl.exe
  C:\Windows\System\TRVaOsl.exe
  2⤵
  PID:4376
- C:\Windows\System\gqfOQBT.exe
  C:\Windows\System\gqfOQBT.exe
  2⤵
  PID:2176
- C:\Windows\System\iwClwtB.exe
  C:\Windows\System\iwClwtB.exe
  2⤵
  PID:4352
- C:\Windows\System\ZgdKLvh.exe
  C:\Windows\System\ZgdKLvh.exe
  2⤵
  PID:4392
- C:\Windows\System\pavgjBU.exe
  C:\Windows\System\pavgjBU.exe
  2⤵
  PID:4428
- C:\Windows\System\BjejHqL.exe
  C:\Windows\System\BjejHqL.exe
  2⤵
  PID:4532
- C:\Windows\System\oVMcmhm.exe
  C:\Windows\System\oVMcmhm.exe
  2⤵
  PID:4544
- C:\Windows\System\IrATIfz.exe
  C:\Windows\System\IrATIfz.exe
  2⤵
  PID:4576
- C:\Windows\System\xhJjnoY.exe
  C:\Windows\System\xhJjnoY.exe
  2⤵
  PID:4552
- C:\Windows\System\dDoHxQn.exe
  C:\Windows\System\dDoHxQn.exe
  2⤵
  PID:4656
- C:\Windows\System\CzfyRwx.exe
  C:\Windows\System\CzfyRwx.exe
  2⤵
  PID:4632
- C:\Windows\System\WDHabsT.exe
  C:\Windows\System\WDHabsT.exe
  2⤵
  PID:4668
- C:\Windows\System\oyHavzU.exe
  C:\Windows\System\oyHavzU.exe
  2⤵
  PID:4732
- C:\Windows\System\wmrxrNG.exe
  C:\Windows\System\wmrxrNG.exe
  2⤵
  PID:4772
- C:\Windows\System\UHUgENw.exe
  C:\Windows\System\UHUgENw.exe
  2⤵
  PID:4804
- C:\Windows\System\jAjbnXk.exe
  C:\Windows\System\jAjbnXk.exe
  2⤵
  PID:4824
- C:\Windows\System\NvxziXv.exe
  C:\Windows\System\NvxziXv.exe
  2⤵
  PID:4848
- C:\Windows\System\FzFdOpu.exe
  C:\Windows\System\FzFdOpu.exe
  2⤵
  PID:4896
- C:\Windows\System\AKEugOZ.exe
  C:\Windows\System\AKEugOZ.exe
  2⤵
  PID:4964
- C:\Windows\System\MPYmWzC.exe
  C:\Windows\System\MPYmWzC.exe
  2⤵
  PID:4876
- C:\Windows\System\hqUeiZi.exe
  C:\Windows\System\hqUeiZi.exe
  2⤵
  PID:5040
- C:\Windows\System\BXRPJqb.exe
  C:\Windows\System\BXRPJqb.exe
  2⤵
  PID:4988
- C:\Windows\System\CcFhfeY.exe
  C:\Windows\System\CcFhfeY.exe
  2⤵
  PID:2692
- C:\Windows\System\lGifPAx.exe
  C:\Windows\System\lGifPAx.exe
  2⤵
  PID:5088
- C:\Windows\System\xgCGepP.exe
  C:\Windows\System\xgCGepP.exe
  2⤵
  PID:3028
- C:\Windows\System\hFvcwqc.exe
  C:\Windows\System\hFvcwqc.exe
  2⤵
  PID:2820
- C:\Windows\System\GmVwOtq.exe
  C:\Windows\System\GmVwOtq.exe
  2⤵
  PID:5024
- C:\Windows\System\OBeVQZm.exe
  C:\Windows\System\OBeVQZm.exe
  2⤵
  PID:2900
- C:\Windows\System\vbUHtLK.exe
  C:\Windows\System\vbUHtLK.exe
  2⤵
  PID:4172
- C:\Windows\System\CkoxEHQ.exe
  C:\Windows\System\CkoxEHQ.exe
  2⤵
  PID:3500
- C:\Windows\System\xQDXShU.exe
  C:\Windows\System\xQDXShU.exe
  2⤵
  PID:4148
- C:\Windows\System\HxiQypE.exe
  C:\Windows\System\HxiQypE.exe
  2⤵
  PID:4216
- C:\Windows\System\BYhFYzX.exe
  C:\Windows\System\BYhFYzX.exe
  2⤵
  PID:4252
- C:\Windows\System\vZhMkie.exe
  C:\Windows\System\vZhMkie.exe
  2⤵
  PID:2624
- C:\Windows\System\wROEfry.exe
  C:\Windows\System\wROEfry.exe
  2⤵
  PID:4272
- C:\Windows\System\zaygSoI.exe
  C:\Windows\System\zaygSoI.exe
  2⤵
  PID:4348
- C:\Windows\System\lrDfVLr.exe
  C:\Windows\System\lrDfVLr.exe
  2⤵
  PID:4404
- C:\Windows\System\fiTjmXI.exe
  C:\Windows\System\fiTjmXI.exe
  2⤵
  PID:4456
- C:\Windows\System\bqbdBCY.exe
  C:\Windows\System\bqbdBCY.exe
  2⤵
  PID:1492
- C:\Windows\System\mAJhllu.exe
  C:\Windows\System\mAJhllu.exe
  2⤵
  PID:4636
- C:\Windows\System\HwUhvEd.exe
  C:\Windows\System\HwUhvEd.exe
  2⤵
  PID:4488
- C:\Windows\System\fCQGMHn.exe
  C:\Windows\System\fCQGMHn.exe
  2⤵
  PID:4672
- C:\Windows\System\JqJNxif.exe
  C:\Windows\System\JqJNxif.exe
  2⤵
  PID:4712
- C:\Windows\System\aaHXMih.exe
  C:\Windows\System\aaHXMih.exe
  2⤵
  PID:4776
- C:\Windows\System\ZJCUTQA.exe
  C:\Windows\System\ZJCUTQA.exe
  2⤵
  PID:4768
- C:\Windows\System\KUHPQyS.exe
  C:\Windows\System\KUHPQyS.exe
  2⤵
  PID:4832
- C:\Windows\System\RhQAQzr.exe
  C:\Windows\System\RhQAQzr.exe
  2⤵
  PID:5012
- C:\Windows\System\sttyMnS.exe
  C:\Windows\System\sttyMnS.exe
  2⤵
  PID:5080
- C:\Windows\System\juRRlad.exe
  C:\Windows\System\juRRlad.exe
  2⤵
  PID:5028
- C:\Windows\System\RWyJQKg.exe
  C:\Windows\System\RWyJQKg.exe
  2⤵
  PID:1692
- C:\Windows\System\UTLjykF.exe
  C:\Windows\System\UTLjykF.exe
  2⤵
  PID:4108
- C:\Windows\System\NCJAXnY.exe
  C:\Windows\System\NCJAXnY.exe
  2⤵
  PID:1912
- C:\Windows\System\IbVOIPe.exe
  C:\Windows\System\IbVOIPe.exe
  2⤵
  PID:596
- C:\Windows\System\FIjBDSO.exe
  C:\Windows\System\FIjBDSO.exe
  2⤵
  PID:1732
- C:\Windows\System\zUmUhoT.exe
  C:\Windows\System\zUmUhoT.exe
  2⤵
  PID:2704
- C:\Windows\System\hIsbszn.exe
  C:\Windows\System\hIsbszn.exe
  2⤵
  PID:3168
- C:\Windows\System\KjQQrZq.exe
  C:\Windows\System\KjQQrZq.exe
  2⤵
  PID:4296
- C:\Windows\System\vxJGkWl.exe
  C:\Windows\System\vxJGkWl.exe
  2⤵
  PID:2532
- C:\Windows\System\LMkwDao.exe
  C:\Windows\System\LMkwDao.exe
  2⤵
  PID:1788
- C:\Windows\System\rcPAvOc.exe
  C:\Windows\System\rcPAvOc.exe
  2⤵
  PID:4424
- C:\Windows\System\XBAhFja.exe
  C:\Windows\System\XBAhFja.exe
  2⤵
  PID:4508
- C:\Windows\System\LKPbiIS.exe
  C:\Windows\System\LKPbiIS.exe
  2⤵
  PID:4528
- C:\Windows\System\bjZEIsr.exe
  C:\Windows\System\bjZEIsr.exe
  2⤵
  PID:4388
- C:\Windows\System\OkYUKzV.exe
  C:\Windows\System\OkYUKzV.exe
  2⤵
  PID:4568
- C:\Windows\System\InSIGQh.exe
  C:\Windows\System\InSIGQh.exe
  2⤵
  PID:4932
- C:\Windows\System\aZKvylA.exe
  C:\Windows\System\aZKvylA.exe
  2⤵
  PID:2920
- C:\Windows\System\gNvNHhr.exe
  C:\Windows\System\gNvNHhr.exe
  2⤵
  PID:4788
- C:\Windows\System\fHOknPQ.exe
  C:\Windows\System\fHOknPQ.exe
  2⤵
  PID:4908
- C:\Windows\System\XJuNNtU.exe
  C:\Windows\System\XJuNNtU.exe
  2⤵
  PID:4836
- C:\Windows\System\CipsoSh.exe
  C:\Windows\System\CipsoSh.exe
  2⤵
  PID:3344
- C:\Windows\System\ppESpCn.exe
  C:\Windows\System\ppESpCn.exe
  2⤵
  PID:5060
- C:\Windows\System\cqyvZYz.exe
  C:\Windows\System\cqyvZYz.exe
  2⤵
  PID:532
- C:\Windows\System\bduskir.exe
  C:\Windows\System\bduskir.exe
  2⤵
  PID:1872
- C:\Windows\System\lUtqGqe.exe
  C:\Windows\System\lUtqGqe.exe
  2⤵
  PID:4208
- C:\Windows\System\ErUlRzw.exe
  C:\Windows\System\ErUlRzw.exe
  2⤵
  PID:4328
- C:\Windows\System\fACcAPv.exe
  C:\Windows\System\fACcAPv.exe
  2⤵
  PID:4312
- C:\Windows\System\pKRnJsG.exe
  C:\Windows\System\pKRnJsG.exe
  2⤵
  PID:4504
- C:\Windows\System\mXKqmYT.exe
  C:\Windows\System\mXKqmYT.exe
  2⤵
  PID:1336
- C:\Windows\System\QwudUvG.exe
  C:\Windows\System\QwudUvG.exe
  2⤵
  PID:4792
- C:\Windows\System\TWOJizU.exe
  C:\Windows\System\TWOJizU.exe
  2⤵
  PID:1864
- C:\Windows\System\wTdyKtJ.exe
  C:\Windows\System\wTdyKtJ.exe
  2⤵
  PID:2884
- C:\Windows\System\DpxEfcT.exe
  C:\Windows\System\DpxEfcT.exe
  2⤵
  PID:4692
- C:\Windows\System\ziJcZkz.exe
  C:\Windows\System\ziJcZkz.exe
  2⤵
  PID:3016
- C:\Windows\System\IpYiPxG.exe
  C:\Windows\System\IpYiPxG.exe
  2⤵
  PID:1264
- C:\Windows\System\TyzMGnh.exe
  C:\Windows\System\TyzMGnh.exe
  2⤵
  PID:4136
- C:\Windows\System\kQahONu.exe
  C:\Windows\System\kQahONu.exe
  2⤵
  PID:5108
- C:\Windows\System\PpDvuxF.exe
  C:\Windows\System\PpDvuxF.exe
  2⤵
  PID:2564
- C:\Windows\System\zmbuuey.exe
  C:\Windows\System\zmbuuey.exe
  2⤵
  PID:3764
- C:\Windows\System\yzqpVqU.exe
  C:\Windows\System\yzqpVqU.exe
  2⤵
  PID:4592
- C:\Windows\System\XRpGuob.exe
  C:\Windows\System\XRpGuob.exe
  2⤵
  PID:4852
- C:\Windows\System\MfCMsRe.exe
  C:\Windows\System\MfCMsRe.exe
  2⤵
  PID:2860
- C:\Windows\System\EEVDsBp.exe
  C:\Windows\System\EEVDsBp.exe
  2⤵
  PID:1056
- C:\Windows\System\hVSmmTb.exe
  C:\Windows\System\hVSmmTb.exe
  2⤵
  PID:4616
- C:\Windows\System\UcWVJSz.exe
  C:\Windows\System\UcWVJSz.exe
  2⤵
  PID:3988
- C:\Windows\System\hhZCscw.exe
  C:\Windows\System\hhZCscw.exe
  2⤵
  PID:912
- C:\Windows\System\RWysxZJ.exe
  C:\Windows\System\RWysxZJ.exe
  2⤵
  PID:5124
- C:\Windows\System\McNfjGr.exe
  C:\Windows\System\McNfjGr.exe
  2⤵
  PID:5148
- C:\Windows\System\xbjHuZc.exe
  C:\Windows\System\xbjHuZc.exe
  2⤵
  PID:5164
- C:\Windows\System\VpuKqGw.exe
  C:\Windows\System\VpuKqGw.exe
  2⤵
  PID:5180
- C:\Windows\System\rrGnxTe.exe
  C:\Windows\System\rrGnxTe.exe
  2⤵
  PID:5200
- C:\Windows\System\MHYvqYL.exe
  C:\Windows\System\MHYvqYL.exe
  2⤵
  PID:5228
- C:\Windows\System\aCYtVGe.exe
  C:\Windows\System\aCYtVGe.exe
  2⤵
  PID:5244
- C:\Windows\System\QiQlBoK.exe
  C:\Windows\System\QiQlBoK.exe
  2⤵
  PID:5260
- C:\Windows\System\RWyNDpz.exe
  C:\Windows\System\RWyNDpz.exe
  2⤵
  PID:5292
- C:\Windows\System\xEuxibF.exe
  C:\Windows\System\xEuxibF.exe
  2⤵
  PID:5308
- C:\Windows\System\ooSQbLY.exe
  C:\Windows\System\ooSQbLY.exe
  2⤵
  PID:5328
- C:\Windows\System\cWozMyk.exe
  C:\Windows\System\cWozMyk.exe
  2⤵
  PID:5348
- C:\Windows\System\vAmrOSe.exe
  C:\Windows\System\vAmrOSe.exe
  2⤵
  PID:5364
- C:\Windows\System\dsXOtdD.exe
  C:\Windows\System\dsXOtdD.exe
  2⤵
  PID:5380
- C:\Windows\System\pNujdSp.exe
  C:\Windows\System\pNujdSp.exe
  2⤵
  PID:5396
- C:\Windows\System\MgldzJY.exe
  C:\Windows\System\MgldzJY.exe
  2⤵
  PID:5412
- C:\Windows\System\dXirRsx.exe
  C:\Windows\System\dXirRsx.exe
  2⤵
  PID:5428
- C:\Windows\System\hAjNUMK.exe
  C:\Windows\System\hAjNUMK.exe
  2⤵
  PID:5444
- C:\Windows\System\bHhOFdl.exe
  C:\Windows\System\bHhOFdl.exe
  2⤵
  PID:5476
- C:\Windows\System\xaIOfKH.exe
  C:\Windows\System\xaIOfKH.exe
  2⤵
  PID:5508
- C:\Windows\System\TBrorFo.exe
  C:\Windows\System\TBrorFo.exe
  2⤵
  PID:5524
- C:\Windows\System\TgZXSeL.exe
  C:\Windows\System\TgZXSeL.exe
  2⤵
  PID:5540
- C:\Windows\System\ueDXvro.exe
  C:\Windows\System\ueDXvro.exe
  2⤵
  PID:5556
- C:\Windows\System\AFkMtXx.exe
  C:\Windows\System\AFkMtXx.exe
  2⤵
  PID:5588
- C:\Windows\System\aCMAXxS.exe
  C:\Windows\System\aCMAXxS.exe
  2⤵
  PID:5608
- C:\Windows\System\XKYRDTA.exe
  C:\Windows\System\XKYRDTA.exe
  2⤵
  PID:5624
- C:\Windows\System\tuhzQOa.exe
  C:\Windows\System\tuhzQOa.exe
  2⤵
  PID:5644
- C:\Windows\System\qSbXjAH.exe
  C:\Windows\System\qSbXjAH.exe
  2⤵
  PID:5668
- C:\Windows\System\uLwBITd.exe
  C:\Windows\System\uLwBITd.exe
  2⤵
  PID:5684
- C:\Windows\System\QxeleLE.exe
  C:\Windows\System\QxeleLE.exe
  2⤵
  PID:5712
- C:\Windows\System\cqVdYoj.exe
  C:\Windows\System\cqVdYoj.exe
  2⤵
  PID:5728
- C:\Windows\System\WFxLKOv.exe
  C:\Windows\System\WFxLKOv.exe
  2⤵
  PID:5744
- C:\Windows\System\sSSbrlw.exe
  C:\Windows\System\sSSbrlw.exe
  2⤵
  PID:5764
- C:\Windows\System\etNurZV.exe
  C:\Windows\System\etNurZV.exe
  2⤵
  PID:5780
- C:\Windows\System\rGAEMwr.exe
  C:\Windows\System\rGAEMwr.exe
  2⤵
  PID:5800
- C:\Windows\System\LAjxtgK.exe
  C:\Windows\System\LAjxtgK.exe
  2⤵
  PID:5816
- C:\Windows\System\dCQLepK.exe
  C:\Windows\System\dCQLepK.exe
  2⤵
  PID:5848
- C:\Windows\System\cCJYrpK.exe
  C:\Windows\System\cCJYrpK.exe
  2⤵
  PID:5868
- C:\Windows\System\XgBOSQX.exe
  C:\Windows\System\XgBOSQX.exe
  2⤵
  PID:5884
- C:\Windows\System\GFxlupe.exe
  C:\Windows\System\GFxlupe.exe
  2⤵
  PID:5904
- C:\Windows\System\pXnFLNh.exe
  C:\Windows\System\pXnFLNh.exe
  2⤵
  PID:5920
- C:\Windows\System\lIkuECc.exe
  C:\Windows\System\lIkuECc.exe
  2⤵
  PID:5936
- C:\Windows\System\zGBYIHW.exe
  C:\Windows\System\zGBYIHW.exe
  2⤵
  PID:5952
- C:\Windows\System\pMMGBUD.exe
  C:\Windows\System\pMMGBUD.exe
  2⤵
  PID:5976
- C:\Windows\System\peJDnfe.exe
  C:\Windows\System\peJDnfe.exe
  2⤵
  PID:5992
- C:\Windows\System\cHyqjIi.exe
  C:\Windows\System\cHyqjIi.exe
  2⤵
  PID:6008
- C:\Windows\System\NtWIYpU.exe
  C:\Windows\System\NtWIYpU.exe
  2⤵
  PID:6024
- C:\Windows\System\VYZhyfa.exe
  C:\Windows\System\VYZhyfa.exe
  2⤵
  PID:6040
- C:\Windows\System\tRcBhCi.exe
  C:\Windows\System\tRcBhCi.exe
  2⤵
  PID:6060
- C:\Windows\System\MHaxwhd.exe
  C:\Windows\System\MHaxwhd.exe
  2⤵
  PID:6080
- C:\Windows\System\IsnjgVM.exe
  C:\Windows\System\IsnjgVM.exe
  2⤵
  PID:6096
- C:\Windows\System\zbmxLqy.exe
  C:\Windows\System\zbmxLqy.exe
  2⤵
  PID:6112
- C:\Windows\System\wyoeumF.exe
  C:\Windows\System\wyoeumF.exe
  2⤵
  PID:6128
- C:\Windows\System\EwxIeQV.exe
  C:\Windows\System\EwxIeQV.exe
  2⤵
  PID:1804
- C:\Windows\System\vwwkZhc.exe
  C:\Windows\System\vwwkZhc.exe
  2⤵
  PID:2392
- C:\Windows\System\ltdByqc.exe
  C:\Windows\System\ltdByqc.exe
  2⤵
  PID:4992
- C:\Windows\System\nzTcosp.exe
  C:\Windows\System\nzTcosp.exe
  2⤵
  PID:5132
- C:\Windows\System\YRXZitn.exe
  C:\Windows\System\YRXZitn.exe
  2⤵
  PID:5156
- C:\Windows\System\mvfHrxn.exe
  C:\Windows\System\mvfHrxn.exe
  2⤵
  PID:5188
- C:\Windows\System\ziyiKkA.exe
  C:\Windows\System\ziyiKkA.exe
  2⤵
  PID:5192
- C:\Windows\System\vquiPuU.exe
  C:\Windows\System\vquiPuU.exe
  2⤵
  PID:5256
- C:\Windows\System\Uponram.exe
  C:\Windows\System\Uponram.exe
  2⤵
  PID:5300
- C:\Windows\System\xIJxYSm.exe
  C:\Windows\System\xIJxYSm.exe
  2⤵
  PID:5288
- C:\Windows\System\iFdatcg.exe
  C:\Windows\System\iFdatcg.exe
  2⤵
  PID:5320
- C:\Windows\System\ksSPpwr.exe
  C:\Windows\System\ksSPpwr.exe
  2⤵
  PID:5372
- C:\Windows\System\YkyJTuO.exe
  C:\Windows\System\YkyJTuO.exe
  2⤵
  PID:2024
- C:\Windows\System\AmodoQL.exe
  C:\Windows\System\AmodoQL.exe
  2⤵
  PID:5420
- C:\Windows\System\sjVWMds.exe
  C:\Windows\System\sjVWMds.exe
  2⤵
  PID:5440
- C:\Windows\System\ToiiXHU.exe
  C:\Windows\System\ToiiXHU.exe
  2⤵
  PID:5492
- C:\Windows\System\WdUymqn.exe
  C:\Windows\System\WdUymqn.exe
  2⤵
  PID:2216
- C:\Windows\System\pjrrjbH.exe
  C:\Windows\System\pjrrjbH.exe
  2⤵
  PID:5464
- C:\Windows\System\FyqybUD.exe
  C:\Windows\System\FyqybUD.exe
  2⤵
  PID:5564
- C:\Windows\System\pFblFqZ.exe
  C:\Windows\System\pFblFqZ.exe
  2⤵
  PID:2124
- C:\Windows\System\PjMtLnY.exe
  C:\Windows\System\PjMtLnY.exe
  2⤵
  PID:5616
- C:\Windows\System\nDwaPCT.exe
  C:\Windows\System\nDwaPCT.exe
  2⤵
  PID:1036
- C:\Windows\System\OIBfuZZ.exe
  C:\Windows\System\OIBfuZZ.exe
  2⤵
  PID:1944
- C:\Windows\System\IRygejW.exe
  C:\Windows\System\IRygejW.exe
  2⤵
  PID:5660
- C:\Windows\System\TIMnbdv.exe
  C:\Windows\System\TIMnbdv.exe
  2⤵
  PID:5680
- C:\Windows\System\MOLrDUH.exe
  C:\Windows\System\MOLrDUH.exe
  2⤵
  PID:1972
- C:\Windows\System\bCHSYTp.exe
  C:\Windows\System\bCHSYTp.exe
  2⤵
  PID:5704
- C:\Windows\System\EvBOrBV.exe
  C:\Windows\System\EvBOrBV.exe
  2⤵
  PID:5772
- C:\Windows\System\mNLsGjh.exe
  C:\Windows\System\mNLsGjh.exe
  2⤵
  PID:5760
- C:\Windows\System\zUHemiY.exe
  C:\Windows\System\zUHemiY.exe
  2⤵
  PID:5808
- C:\Windows\System\desplYu.exe
  C:\Windows\System\desplYu.exe
  2⤵
  PID:5828
- C:\Windows\System\yEesxse.exe
  C:\Windows\System\yEesxse.exe
  2⤵
  PID:5844
- C:\Windows\System\krNmFGu.exe
  C:\Windows\System\krNmFGu.exe
  2⤵
  PID:5892
- C:\Windows\System\TdQSJnu.exe
  C:\Windows\System\TdQSJnu.exe
  2⤵
  PID:5900
- C:\Windows\System\ymLNHIa.exe
  C:\Windows\System\ymLNHIa.exe
  2⤵
  PID:5964
- C:\Windows\System\RWkrmqF.exe
  C:\Windows\System\RWkrmqF.exe
  2⤵
  PID:6004
- C:\Windows\System\QYWvVHB.exe
  C:\Windows\System\QYWvVHB.exe
  2⤵
  PID:1092
- C:\Windows\System\qJcnzdp.exe
  C:\Windows\System\qJcnzdp.exe
  2⤵
  PID:5984
- C:\Windows\System\TyBQvpH.exe
  C:\Windows\System\TyBQvpH.exe
  2⤵
  PID:6048
- C:\Windows\System\gNRmEmF.exe
  C:\Windows\System\gNRmEmF.exe
  2⤵
  PID:6072
- C:\Windows\System\CowDbas.exe
  C:\Windows\System\CowDbas.exe
  2⤵
  PID:6092
- C:\Windows\System\aSxcIRH.exe
  C:\Windows\System\aSxcIRH.exe
  2⤵
  PID:6140
- C:\Windows\System\VfUUqhi.exe
  C:\Windows\System\VfUUqhi.exe
  2⤵
  PID:4408
- C:\Windows\System\BtnFFOZ.exe
  C:\Windows\System\BtnFFOZ.exe
  2⤵
  PID:5268
- C:\Windows\System\rfBRjhn.exe
  C:\Windows\System\rfBRjhn.exe
  2⤵
  PID:5404
- C:\Windows\System\ZEAjLKC.exe
  C:\Windows\System\ZEAjLKC.exe
  2⤵
  PID:5344
- C:\Windows\System\lhBPErz.exe
  C:\Windows\System\lhBPErz.exe
  2⤵
  PID:2784
- C:\Windows\System\odkrWlb.exe
  C:\Windows\System\odkrWlb.exe
  2⤵
  PID:5392
- C:\Windows\System\uomKeAZ.exe
  C:\Windows\System\uomKeAZ.exe
  2⤵
  PID:2648
- C:\Windows\System\sOWMPET.exe
  C:\Windows\System\sOWMPET.exe
  2⤵
  PID:5572
- C:\Windows\System\bkckBaV.exe
  C:\Windows\System\bkckBaV.exe
  2⤵
  PID:5580
- C:\Windows\System\JBjFNlw.exe
  C:\Windows\System\JBjFNlw.exe
  2⤵
  PID:5700
- C:\Windows\System\TUOAqzN.exe
  C:\Windows\System\TUOAqzN.exe
  2⤵
  PID:5636
- C:\Windows\System\oGopNED.exe
  C:\Windows\System\oGopNED.exe
  2⤵
  PID:5740
- C:\Windows\System\HHAuiyv.exe
  C:\Windows\System\HHAuiyv.exe
  2⤵
  PID:5840
- C:\Windows\System\ymSCpFH.exe
  C:\Windows\System\ymSCpFH.exe
  2⤵
  PID:5932
- C:\Windows\System\FeSMVQH.exe
  C:\Windows\System\FeSMVQH.exe
  2⤵
  PID:6032
- C:\Windows\System\ACuHzkX.exe
  C:\Windows\System\ACuHzkX.exe
  2⤵
  PID:6036
- C:\Windows\System\ekBPSdy.exe
  C:\Windows\System\ekBPSdy.exe
  2⤵
  PID:2296
- C:\Windows\System\dCtPVhl.exe
  C:\Windows\System\dCtPVhl.exe
  2⤵
  PID:4948
- C:\Windows\System\EbsBgbc.exe
  C:\Windows\System\EbsBgbc.exe
  2⤵
  PID:5324
- C:\Windows\System\PEJfpbv.exe
  C:\Windows\System\PEJfpbv.exe
  2⤵
  PID:5284
- C:\Windows\System\WOxZxrl.exe
  C:\Windows\System\WOxZxrl.exe
  2⤵
  PID:5176
- C:\Windows\System\UyefbDD.exe
  C:\Windows\System\UyefbDD.exe
  2⤵
  PID:5472
- C:\Windows\System\qgKWzui.exe
  C:\Windows\System\qgKWzui.exe
  2⤵
  PID:5604
- C:\Windows\System\iIfXinx.exe
  C:\Windows\System\iIfXinx.exe
  2⤵
  PID:1916
- C:\Windows\System\AmtkBsf.exe
  C:\Windows\System\AmtkBsf.exe
  2⤵
  PID:5596
- C:\Windows\System\xuuIXhm.exe
  C:\Windows\System\xuuIXhm.exe
  2⤵
  PID:1652
- C:\Windows\System\pTlZSah.exe
  C:\Windows\System\pTlZSah.exe
  2⤵
  PID:5960
- C:\Windows\System\cfwOtxw.exe
  C:\Windows\System\cfwOtxw.exe
  2⤵
  PID:5864
- C:\Windows\System\pWarZMP.exe
  C:\Windows\System\pWarZMP.exe
  2⤵
  PID:6104
- C:\Windows\System\JwEyoqx.exe
  C:\Windows\System\JwEyoqx.exe
  2⤵
  PID:6136
- C:\Windows\System\muhrIBq.exe
  C:\Windows\System\muhrIBq.exe
  2⤵
  PID:1104
- C:\Windows\System\HolKBZr.exe
  C:\Windows\System\HolKBZr.exe
  2⤵
  PID:5220
- C:\Windows\System\bJKHoaL.exe
  C:\Windows\System\bJKHoaL.exe
  2⤵
  PID:2940
- C:\Windows\System\icAwAPS.exe
  C:\Windows\System\icAwAPS.exe
  2⤵
  PID:5504
- C:\Windows\System\IjxBWZQ.exe
  C:\Windows\System\IjxBWZQ.exe
  2⤵
  PID:5520
- C:\Windows\System\yrMVPvr.exe
  C:\Windows\System\yrMVPvr.exe
  2⤵
  PID:5656
- C:\Windows\System\VCvBTAV.exe
  C:\Windows\System\VCvBTAV.exe
  2⤵
  PID:5136
- C:\Windows\System\jNAaLuw.exe
  C:\Windows\System\jNAaLuw.exe
  2⤵
  PID:5092
- C:\Windows\System\SYfniXU.exe
  C:\Windows\System\SYfniXU.exe
  2⤵
  PID:6124
- C:\Windows\System\oPaRueL.exe
  C:\Windows\System\oPaRueL.exe
  2⤵
  PID:5452
- C:\Windows\System\WNJnEeA.exe
  C:\Windows\System\WNJnEeA.exe
  2⤵
  PID:5720
- C:\Windows\System\Ubbyjmc.exe
  C:\Windows\System\Ubbyjmc.exe
  2⤵
  PID:5944
- C:\Windows\System\KGPRRVS.exe
  C:\Windows\System\KGPRRVS.exe
  2⤵
  PID:5696
- C:\Windows\System\xYwWGAG.exe
  C:\Windows\System\xYwWGAG.exe
  2⤵
  PID:6156
- C:\Windows\System\hIbfURQ.exe
  C:\Windows\System\hIbfURQ.exe
  2⤵
  PID:6172
- C:\Windows\System\uOgycql.exe
  C:\Windows\System\uOgycql.exe
  2⤵
  PID:6188
- C:\Windows\System\HlwuOFI.exe
  C:\Windows\System\HlwuOFI.exe
  2⤵
  PID:6204
- C:\Windows\System\yboAcfE.exe
  C:\Windows\System\yboAcfE.exe
  2⤵
  PID:6220
- C:\Windows\System\SMNMUIo.exe
  C:\Windows\System\SMNMUIo.exe
  2⤵
  PID:6236
- C:\Windows\System\dhHQcWa.exe
  C:\Windows\System\dhHQcWa.exe
  2⤵
  PID:6252
- C:\Windows\System\obwRNfk.exe
  C:\Windows\System\obwRNfk.exe
  2⤵
  PID:6268
- C:\Windows\System\tEMcskL.exe
  C:\Windows\System\tEMcskL.exe
  2⤵
  PID:6284
- C:\Windows\System\ScPOWdL.exe
  C:\Windows\System\ScPOWdL.exe
  2⤵
  PID:6300
- C:\Windows\System\ECidlsj.exe
  C:\Windows\System\ECidlsj.exe
  2⤵
  PID:6316
- C:\Windows\System\IQMszVJ.exe
  C:\Windows\System\IQMszVJ.exe
  2⤵
  PID:6332
- C:\Windows\System\MqiaRTL.exe
  C:\Windows\System\MqiaRTL.exe
  2⤵
  PID:6348
- C:\Windows\System\JuAzOjK.exe
  C:\Windows\System\JuAzOjK.exe
  2⤵
  PID:6364
- C:\Windows\System\fgOApbG.exe
  C:\Windows\System\fgOApbG.exe
  2⤵
  PID:6380
- C:\Windows\System\aqNydBB.exe
  C:\Windows\System\aqNydBB.exe
  2⤵
  PID:6396
- C:\Windows\System\lhKKLbt.exe
  C:\Windows\System\lhKKLbt.exe
  2⤵
  PID:6412
- C:\Windows\System\OXCoIuo.exe
  C:\Windows\System\OXCoIuo.exe
  2⤵
  PID:6428
- C:\Windows\System\PyYEKmk.exe
  C:\Windows\System\PyYEKmk.exe
  2⤵
  PID:6444
- C:\Windows\System\DIkIBYw.exe
  C:\Windows\System\DIkIBYw.exe
  2⤵
  PID:6460
- C:\Windows\System\cKmXaEy.exe
  C:\Windows\System\cKmXaEy.exe
  2⤵
  PID:6476
- C:\Windows\System\UVDAAql.exe
  C:\Windows\System\UVDAAql.exe
  2⤵
  PID:6492
- C:\Windows\System\MajCKbu.exe
  C:\Windows\System\MajCKbu.exe
  2⤵
  PID:6508
- C:\Windows\System\xEukNyN.exe
  C:\Windows\System\xEukNyN.exe
  2⤵
  PID:6524
- C:\Windows\System\WsIpxtP.exe
  C:\Windows\System\WsIpxtP.exe
  2⤵
  PID:6540
- C:\Windows\System\ZjrrqJM.exe
  C:\Windows\System\ZjrrqJM.exe
  2⤵
  PID:6556
- C:\Windows\System\iQcDter.exe
  C:\Windows\System\iQcDter.exe
  2⤵
  PID:6572
- C:\Windows\System\jsrLEfF.exe
  C:\Windows\System\jsrLEfF.exe
  2⤵
  PID:6588
- C:\Windows\System\doQzeNz.exe
  C:\Windows\System\doQzeNz.exe
  2⤵
  PID:6604
- C:\Windows\System\QrsrHoL.exe
  C:\Windows\System\QrsrHoL.exe
  2⤵
  PID:6620
- C:\Windows\System\XRXobFA.exe
  C:\Windows\System\XRXobFA.exe
  2⤵
  PID:6636
- C:\Windows\System\GLSfmyV.exe
  C:\Windows\System\GLSfmyV.exe
  2⤵
  PID:6652
- C:\Windows\System\egCIbox.exe
  C:\Windows\System\egCIbox.exe
  2⤵
  PID:6668
- C:\Windows\System\AgSVWTd.exe
  C:\Windows\System\AgSVWTd.exe
  2⤵
  PID:6684
- C:\Windows\System\UXIrcwM.exe
  C:\Windows\System\UXIrcwM.exe
  2⤵
  PID:6700
- C:\Windows\System\VelRkIg.exe
  C:\Windows\System\VelRkIg.exe
  2⤵
  PID:6716
- C:\Windows\System\LmZiNou.exe
  C:\Windows\System\LmZiNou.exe
  2⤵
  PID:6732
- C:\Windows\System\HIPxhIx.exe
  C:\Windows\System\HIPxhIx.exe
  2⤵
  PID:6748
- C:\Windows\System\kstxoUJ.exe
  C:\Windows\System\kstxoUJ.exe
  2⤵
  PID:6764
- C:\Windows\System\nKjOnLu.exe
  C:\Windows\System\nKjOnLu.exe
  2⤵
  PID:6784
- C:\Windows\System\krBbvEn.exe
  C:\Windows\System\krBbvEn.exe
  2⤵
  PID:6800
- C:\Windows\System\iHADGxi.exe
  C:\Windows\System\iHADGxi.exe
  2⤵
  PID:6816
- C:\Windows\System\BHAcWnw.exe
  C:\Windows\System\BHAcWnw.exe
  2⤵
  PID:6832
- C:\Windows\System\SluUvGs.exe
  C:\Windows\System\SluUvGs.exe
  2⤵
  PID:6848
- C:\Windows\System\hAkrCvK.exe
  C:\Windows\System\hAkrCvK.exe
  2⤵
  PID:6864
- C:\Windows\System\KGiseno.exe
  C:\Windows\System\KGiseno.exe
  2⤵
  PID:6880
- C:\Windows\System\musnWWz.exe
  C:\Windows\System\musnWWz.exe
  2⤵
  PID:6896
- C:\Windows\System\PJACjYn.exe
  C:\Windows\System\PJACjYn.exe
  2⤵
  PID:6912
- C:\Windows\System\BQDwKaH.exe
  C:\Windows\System\BQDwKaH.exe
  2⤵
  PID:6928
- C:\Windows\System\asgSHSb.exe
  C:\Windows\System\asgSHSb.exe
  2⤵
  PID:6944
- C:\Windows\System\wZLuSzO.exe
  C:\Windows\System\wZLuSzO.exe
  2⤵
  PID:6960
- C:\Windows\System\KFhFBnL.exe
  C:\Windows\System\KFhFBnL.exe
  2⤵
  PID:6976
- C:\Windows\System\JgTDRgE.exe
  C:\Windows\System\JgTDRgE.exe
  2⤵
  PID:6992
- C:\Windows\System\csLARFw.exe
  C:\Windows\System\csLARFw.exe
  2⤵
  PID:7008
- C:\Windows\System\OqWQkVm.exe
  C:\Windows\System\OqWQkVm.exe
  2⤵
  PID:7024
- C:\Windows\System\biIMfkl.exe
  C:\Windows\System\biIMfkl.exe
  2⤵
  PID:7040
- C:\Windows\System\deogxNd.exe
  C:\Windows\System\deogxNd.exe
  2⤵
  PID:7056
- C:\Windows\System\IDNreeU.exe
  C:\Windows\System\IDNreeU.exe
  2⤵
  PID:7072
- C:\Windows\System\YVLKFlg.exe
  C:\Windows\System\YVLKFlg.exe
  2⤵
  PID:7088
- C:\Windows\System\nFxjngi.exe
  C:\Windows\System\nFxjngi.exe
  2⤵
  PID:7104
- C:\Windows\System\zqLwYuC.exe
  C:\Windows\System\zqLwYuC.exe
  2⤵
  PID:7120
- C:\Windows\System\coVBetj.exe
  C:\Windows\System\coVBetj.exe
  2⤵
  PID:7136
- C:\Windows\System\BlKXhCV.exe
  C:\Windows\System\BlKXhCV.exe
  2⤵
  PID:7152
- C:\Windows\System\kZXCyhI.exe
  C:\Windows\System\kZXCyhI.exe
  2⤵
  PID:5460
- C:\Windows\System\IPAcKXr.exe
  C:\Windows\System\IPAcKXr.exe
  2⤵
  PID:6148
- C:\Windows\System\zKfVLnB.exe
  C:\Windows\System\zKfVLnB.exe
  2⤵
  PID:5796
- C:\Windows\System\gKygQOs.exe
  C:\Windows\System\gKygQOs.exe
  2⤵
  PID:6196
- C:\Windows\System\ixGAIoD.exe
  C:\Windows\System\ixGAIoD.exe
  2⤵
  PID:6212
- C:\Windows\System\efHyfMR.exe
  C:\Windows\System\efHyfMR.exe
  2⤵
  PID:6340
- C:\Windows\System\JRaGxWT.exe
  C:\Windows\System\JRaGxWT.exe
  2⤵
  PID:6280
- C:\Windows\System\JQxhKyE.exe
  C:\Windows\System\JQxhKyE.exe
  2⤵
  PID:6516
- C:\Windows\System\GIiGepq.exe
  C:\Windows\System\GIiGepq.exe
  2⤵
  PID:6520
- C:\Windows\System\hRsgRlw.exe
  C:\Windows\System\hRsgRlw.exe
  2⤵
  PID:6564
- C:\Windows\System\WDFxkmY.exe
  C:\Windows\System\WDFxkmY.exe
  2⤵
  PID:6612
- C:\Windows\System\CwQrjDI.exe
  C:\Windows\System\CwQrjDI.exe
  2⤵
  PID:6644
- C:\Windows\System\diuByfG.exe
  C:\Windows\System\diuByfG.exe
  2⤵
  PID:6676
- C:\Windows\System\eYZzMCz.exe
  C:\Windows\System\eYZzMCz.exe
  2⤵
  PID:6696
- C:\Windows\System\PRdlNYh.exe
  C:\Windows\System\PRdlNYh.exe
  2⤵
  PID:6724
- C:\Windows\System\uTAkcgE.exe
  C:\Windows\System\uTAkcgE.exe
  2⤵
  PID:6772
- C:\Windows\System\vwsesYo.exe
  C:\Windows\System\vwsesYo.exe
  2⤵
  PID:6760
- C:\Windows\System\CvYnfJe.exe
  C:\Windows\System\CvYnfJe.exe
  2⤵
  PID:6844
- C:\Windows\System\byNjwDu.exe
  C:\Windows\System\byNjwDu.exe
  2⤵
  PID:6908
- C:\Windows\System\uMTPqYC.exe
  C:\Windows\System\uMTPqYC.exe
  2⤵
  PID:6828
- C:\Windows\System\uZkcOnu.exe
  C:\Windows\System\uZkcOnu.exe
  2⤵
  PID:6940
- C:\Windows\System\SNcealA.exe
  C:\Windows\System\SNcealA.exe
  2⤵
  PID:6984
- C:\Windows\System\rfniIQe.exe
  C:\Windows\System\rfniIQe.exe
  2⤵
  PID:7004
- C:\Windows\System\RFWZUvN.exe
  C:\Windows\System\RFWZUvN.exe
  2⤵
  PID:7032
- C:\Windows\System\TZYlpgi.exe
  C:\Windows\System\TZYlpgi.exe
  2⤵
  PID:7100
- C:\Windows\System\QSnJzPt.exe
  C:\Windows\System\QSnJzPt.exe
  2⤵
  PID:7080
- C:\Windows\System\cfceJbf.exe
  C:\Windows\System\cfceJbf.exe
  2⤵
  PID:7116
- C:\Windows\System\wOCgKIj.exe
  C:\Windows\System\wOCgKIj.exe
  2⤵
  PID:6000
- C:\Windows\System\emeaDNW.exe
  C:\Windows\System\emeaDNW.exe
  2⤵
  PID:6184
- C:\Windows\System\bxzSCgy.exe
  C:\Windows\System\bxzSCgy.exe
  2⤵
  PID:6324
- C:\Windows\System\ReYgiEw.exe
  C:\Windows\System\ReYgiEw.exe
  2⤵
  PID:6248
- C:\Windows\System\rfBuFgl.exe
  C:\Windows\System\rfBuFgl.exe
  2⤵
  PID:6388
- C:\Windows\System\RRHTgHX.exe
  C:\Windows\System\RRHTgHX.exe
  2⤵
  PID:6424
- C:\Windows\System\XgrOxAg.exe
  C:\Windows\System\XgrOxAg.exe
  2⤵
  PID:6472
- C:\Windows\System\zWEKLLY.exe
  C:\Windows\System\zWEKLLY.exe
  2⤵
  PID:6580
- C:\Windows\System\dPvHtCI.exe
  C:\Windows\System\dPvHtCI.exe
  2⤵
  PID:6632
- C:\Windows\System\aEDcSTr.exe
  C:\Windows\System\aEDcSTr.exe
  2⤵
  PID:6616
- C:\Windows\System\aWIWBKw.exe
  C:\Windows\System\aWIWBKw.exe
  2⤵
  PID:6780
- C:\Windows\System\gftjFJc.exe
  C:\Windows\System\gftjFJc.exe
  2⤵
  PID:6744
- C:\Windows\System\AAgoYKp.exe
  C:\Windows\System\AAgoYKp.exe
  2⤵
  PID:5388
- C:\Windows\System\LMXcvgM.exe
  C:\Windows\System\LMXcvgM.exe
  2⤵
  PID:6936
- C:\Windows\System\LrddAtM.exe
  C:\Windows\System\LrddAtM.exe
  2⤵
  PID:6856
- C:\Windows\System\BNWwAJA.exe
  C:\Windows\System\BNWwAJA.exe
  2⤵
  PID:6972
- C:\Windows\System\pjMOoAQ.exe
  C:\Windows\System\pjMOoAQ.exe
  2⤵
  PID:7164
- C:\Windows\System\ZgSAAbL.exe
  C:\Windows\System\ZgSAAbL.exe
  2⤵
  PID:6244
- C:\Windows\System\JPFsDEZ.exe
  C:\Windows\System\JPFsDEZ.exe
  2⤵
  PID:7048
- C:\Windows\System\ohEJdop.exe
  C:\Windows\System\ohEJdop.exe
  2⤵
  PID:6264
- C:\Windows\System\soislit.exe
  C:\Windows\System\soislit.exe
  2⤵
  PID:6420
- C:\Windows\System\QvxMbEP.exe
  C:\Windows\System\QvxMbEP.exe
  2⤵
  PID:6372
- C:\Windows\System\fTWhAKy.exe
  C:\Windows\System\fTWhAKy.exe
  2⤵
  PID:6488
- C:\Windows\System\MgecWZr.exe
  C:\Windows\System\MgecWZr.exe
  2⤵
  PID:6532
- C:\Windows\System\XqvrfBi.exe
  C:\Windows\System\XqvrfBi.exe
  2⤵
  PID:6876
- C:\Windows\System\AdwiHuh.exe
  C:\Windows\System\AdwiHuh.exe
  2⤵
  PID:6708
- C:\Windows\System\LvllahL.exe
  C:\Windows\System\LvllahL.exe
  2⤵
  PID:6840
- C:\Windows\System\BIiqket.exe
  C:\Windows\System\BIiqket.exe
  2⤵
  PID:6168
- C:\Windows\System\YCLTEvz.exe
  C:\Windows\System\YCLTEvz.exe
  2⤵
  PID:7020
- C:\Windows\System\ntBpeae.exe
  C:\Windows\System\ntBpeae.exe
  2⤵
  PID:6180
- C:\Windows\System\HiXyQyb.exe
  C:\Windows\System\HiXyQyb.exe
  2⤵
  PID:6584
- C:\Windows\System\taOUVcD.exe
  C:\Windows\System\taOUVcD.exe
  2⤵
  PID:6692
- C:\Windows\System\oNTcBTr.exe
  C:\Windows\System\oNTcBTr.exe
  2⤵
  PID:6860
- C:\Windows\System\HXfRIYK.exe
  C:\Windows\System\HXfRIYK.exe
  2⤵
  PID:6504
- C:\Windows\System\rJhMcLp.exe
  C:\Windows\System\rJhMcLp.exe
  2⤵
  PID:6376
- C:\Windows\System\NWWoLZy.exe
  C:\Windows\System\NWWoLZy.exe
  2⤵
  PID:7160
- C:\Windows\System\YWwuHRv.exe
  C:\Windows\System\YWwuHRv.exe
  2⤵
  PID:6468
- C:\Windows\System\zvxAdHM.exe
  C:\Windows\System\zvxAdHM.exe
  2⤵
  PID:6812
- C:\Windows\System\eLHKelZ.exe
  C:\Windows\System\eLHKelZ.exe
  2⤵
  PID:7052
- C:\Windows\System\nFmRWWi.exe
  C:\Windows\System\nFmRWWi.exe
  2⤵
  PID:6484
- C:\Windows\System\RqRTzsS.exe
  C:\Windows\System\RqRTzsS.exe
  2⤵
  PID:7184
- C:\Windows\System\qJUhOzC.exe
  C:\Windows\System\qJUhOzC.exe
  2⤵
  PID:7200
- C:\Windows\System\dzvgkrk.exe
  C:\Windows\System\dzvgkrk.exe
  2⤵
  PID:7216
- C:\Windows\System\wCHlNNQ.exe
  C:\Windows\System\wCHlNNQ.exe
  2⤵
  PID:7232
- C:\Windows\System\mxGkgmo.exe
  C:\Windows\System\mxGkgmo.exe
  2⤵
  PID:7256
- C:\Windows\System\MwFHSFX.exe
  C:\Windows\System\MwFHSFX.exe
  2⤵
  PID:7276
- C:\Windows\System\Lsksntl.exe
  C:\Windows\System\Lsksntl.exe
  2⤵
  PID:7300
- C:\Windows\System\sonnefz.exe
  C:\Windows\System\sonnefz.exe
  2⤵
  PID:7384
- C:\Windows\System\paOlQDY.exe
  C:\Windows\System\paOlQDY.exe
  2⤵
  PID:7400
- C:\Windows\System\pizcJBg.exe
  C:\Windows\System\pizcJBg.exe
  2⤵
  PID:7416
- C:\Windows\System\jpxMMCe.exe
  C:\Windows\System\jpxMMCe.exe
  2⤵
  PID:7436
- C:\Windows\System\dlckxqg.exe
  C:\Windows\System\dlckxqg.exe
  2⤵
  PID:7452
- C:\Windows\System\cYFjfwf.exe
  C:\Windows\System\cYFjfwf.exe
  2⤵
  PID:7468
- C:\Windows\System\FlBOoZO.exe
  C:\Windows\System\FlBOoZO.exe
  2⤵
  PID:7488
- C:\Windows\System\ercnLXI.exe
  C:\Windows\System\ercnLXI.exe
  2⤵
  PID:7504
- C:\Windows\System\fepwdIG.exe
  C:\Windows\System\fepwdIG.exe
  2⤵
  PID:7536
- C:\Windows\System\YpsmIvM.exe
  C:\Windows\System\YpsmIvM.exe
  2⤵
  PID:7552
- C:\Windows\System\vNeWwAN.exe
  C:\Windows\System\vNeWwAN.exe
  2⤵
  PID:7572
- C:\Windows\System\loHjJPV.exe
  C:\Windows\System\loHjJPV.exe
  2⤵
  PID:7588
- C:\Windows\System\OMloScj.exe
  C:\Windows\System\OMloScj.exe
  2⤵
  PID:7604
- C:\Windows\System\IplzCDd.exe
  C:\Windows\System\IplzCDd.exe
  2⤵
  PID:7620
- C:\Windows\System\xdTRHRB.exe
  C:\Windows\System\xdTRHRB.exe
  2⤵
  PID:7636
- C:\Windows\System\RtaQSoA.exe
  C:\Windows\System\RtaQSoA.exe
  2⤵
  PID:7652
- C:\Windows\System\AghYIQL.exe
  C:\Windows\System\AghYIQL.exe
  2⤵
  PID:7668
- C:\Windows\System\PjIphhp.exe
  C:\Windows\System\PjIphhp.exe
  2⤵
  PID:7684
- C:\Windows\System\HhpIqzQ.exe
  C:\Windows\System\HhpIqzQ.exe
  2⤵
  PID:7700
- C:\Windows\System\wKkmxwX.exe
  C:\Windows\System\wKkmxwX.exe
  2⤵
  PID:7716
- C:\Windows\System\LQSNwlY.exe
  C:\Windows\System\LQSNwlY.exe
  2⤵
  PID:7732
- C:\Windows\System\xizLXXL.exe
  C:\Windows\System\xizLXXL.exe
  2⤵
  PID:7748
- C:\Windows\System\XjBPAVl.exe
  C:\Windows\System\XjBPAVl.exe
  2⤵
  PID:7764
- C:\Windows\System\qlrDTQJ.exe
  C:\Windows\System\qlrDTQJ.exe
  2⤵
  PID:7780
- C:\Windows\System\IaRiPfH.exe
  C:\Windows\System\IaRiPfH.exe
  2⤵
  PID:7796
- C:\Windows\System\XPvVxAM.exe
  C:\Windows\System\XPvVxAM.exe
  2⤵
  PID:7812
- C:\Windows\System\KMJqNmb.exe
  C:\Windows\System\KMJqNmb.exe
  2⤵
  PID:7828
- C:\Windows\System\VCMLzWh.exe
  C:\Windows\System\VCMLzWh.exe
  2⤵
  PID:7844
- C:\Windows\System\FyZrQjZ.exe
  C:\Windows\System\FyZrQjZ.exe
  2⤵
  PID:7860
- C:\Windows\System\feWTAYE.exe
  C:\Windows\System\feWTAYE.exe
  2⤵
  PID:7876
- C:\Windows\System\HHxxGik.exe
  C:\Windows\System\HHxxGik.exe
  2⤵
  PID:7892
- C:\Windows\System\BEMtiFv.exe
  C:\Windows\System\BEMtiFv.exe
  2⤵
  PID:7908
- C:\Windows\System\adXsiWo.exe
  C:\Windows\System\adXsiWo.exe
  2⤵
  PID:7924
- C:\Windows\System\mSxxXTH.exe
  C:\Windows\System\mSxxXTH.exe
  2⤵
  PID:7940
- C:\Windows\System\ppVKtTw.exe
  C:\Windows\System\ppVKtTw.exe
  2⤵
  PID:7956
- C:\Windows\System\kWwpvfk.exe
  C:\Windows\System\kWwpvfk.exe
  2⤵
  PID:7972
- C:\Windows\System\fofWzPp.exe
  C:\Windows\System\fofWzPp.exe
  2⤵
  PID:7988
- C:\Windows\System\ZgmEIOh.exe
  C:\Windows\System\ZgmEIOh.exe
  2⤵
  PID:8008
- C:\Windows\System\mkWKouj.exe
  C:\Windows\System\mkWKouj.exe
  2⤵
  PID:8128
- C:\Windows\System\jzFYWNH.exe
  C:\Windows\System\jzFYWNH.exe
  2⤵
  PID:8180
- C:\Windows\System\YtqcNXy.exe
  C:\Windows\System\YtqcNXy.exe
  2⤵
  PID:7192
- C:\Windows\System\GfFgXhN.exe
  C:\Windows\System\GfFgXhN.exe
  2⤵
  PID:7264
- C:\Windows\System\cPWWQrc.exe
  C:\Windows\System\cPWWQrc.exe
  2⤵
  PID:7288
- C:\Windows\System\qltwaIq.exe
  C:\Windows\System\qltwaIq.exe
  2⤵
  PID:7252
- C:\Windows\System\KuyoVhJ.exe
  C:\Windows\System\KuyoVhJ.exe
  2⤵
  PID:7208
- C:\Windows\System\QPjcLli.exe
  C:\Windows\System\QPjcLli.exe
  2⤵
  PID:7316
- C:\Windows\System\EDTmrJp.exe
  C:\Windows\System\EDTmrJp.exe
  2⤵
  PID:7332
- C:\Windows\System\Tcsubwb.exe
  C:\Windows\System\Tcsubwb.exe
  2⤵
  PID:7348
- C:\Windows\System\xCdvsBA.exe
  C:\Windows\System\xCdvsBA.exe
  2⤵
  PID:7368
- C:\Windows\System\BUEBTeh.exe
  C:\Windows\System\BUEBTeh.exe
  2⤵
  PID:7380
- C:\Windows\System\ejvndsT.exe
  C:\Windows\System\ejvndsT.exe
  2⤵
  PID:7476
- C:\Windows\System\ekohGTm.exe
  C:\Windows\System\ekohGTm.exe
  2⤵
  PID:7512
- C:\Windows\System\mYIvarA.exe
  C:\Windows\System\mYIvarA.exe
  2⤵
  PID:7520
- C:\Windows\System\hAhQVch.exe
  C:\Windows\System\hAhQVch.exe
  2⤵
  PID:7560
- C:\Windows\System\axIbCis.exe
  C:\Windows\System\axIbCis.exe
  2⤵
  PID:7548
- C:\Windows\System\qVdZaaE.exe
  C:\Windows\System\qVdZaaE.exe
  2⤵
  PID:7500
- C:\Windows\System\RpwlMgk.exe
  C:\Windows\System\RpwlMgk.exe
  2⤵
  PID:7584
- C:\Windows\System\POKnMzW.exe
  C:\Windows\System\POKnMzW.exe
  2⤵
  PID:7632
- C:\Windows\System\VQBINWL.exe
  C:\Windows\System\VQBINWL.exe
  2⤵
  PID:7692
- C:\Windows\System\wPUPTXr.exe
  C:\Windows\System\wPUPTXr.exe
  2⤵
  PID:7680
- C:\Windows\System\bbpRvWB.exe
  C:\Windows\System\bbpRvWB.exe
  2⤵
  PID:7756
- C:\Windows\System\OHGyCOF.exe
  C:\Windows\System\OHGyCOF.exe
  2⤵
  PID:7792
- C:\Windows\System\aIhiAfD.exe
  C:\Windows\System\aIhiAfD.exe
  2⤵
  PID:7804
- C:\Windows\System\sgGahhA.exe
  C:\Windows\System\sgGahhA.exe
  2⤵
  PID:7776
- C:\Windows\System\AvDgwjD.exe
  C:\Windows\System\AvDgwjD.exe
  2⤵
  PID:7856
- C:\Windows\System\ITSoHcb.exe
  C:\Windows\System\ITSoHcb.exe
  2⤵
  PID:7884
- C:\Windows\System\CjrWUXL.exe
  C:\Windows\System\CjrWUXL.exe
  2⤵
  PID:7948
- C:\Windows\System\lmKRzUA.exe
  C:\Windows\System\lmKRzUA.exe
  2⤵
  PID:7984
- C:\Windows\System\gQbnvBZ.exe
  C:\Windows\System\gQbnvBZ.exe
  2⤵
  PID:7936
- C:\Windows\System\rXVcmYD.exe
  C:\Windows\System\rXVcmYD.exe
  2⤵
  PID:8004
- C:\Windows\System\rqjCTHz.exe
  C:\Windows\System\rqjCTHz.exe
  2⤵
  PID:8028
- C:\Windows\System\bkEJPJD.exe
  C:\Windows\System\bkEJPJD.exe
  2⤵
  PID:8044
- C:\Windows\System\EQfwSnD.exe
  C:\Windows\System\EQfwSnD.exe
  2⤵
  PID:8060
- C:\Windows\System\nVaecwg.exe
  C:\Windows\System\nVaecwg.exe
  2⤵
  PID:8080
- C:\Windows\System\CeArtiN.exe
  C:\Windows\System\CeArtiN.exe
  2⤵
  PID:8096
- C:\Windows\System\DiXsxuy.exe
  C:\Windows\System\DiXsxuy.exe
  2⤵
  PID:8072
- C:\Windows\System\xwffWuy.exe
  C:\Windows\System\xwffWuy.exe
  2⤵
  PID:8124
- C:\Windows\System\lLjnoCW.exe
  C:\Windows\System\lLjnoCW.exe
  2⤵
  PID:8148
- C:\Windows\System\HpLvbGA.exe
  C:\Windows\System\HpLvbGA.exe
  2⤵
  PID:8188
- C:\Windows\System\gJfxZFw.exe
  C:\Windows\System\gJfxZFw.exe
  2⤵
  PID:7224
- C:\Windows\System\bvgBvVQ.exe
  C:\Windows\System\bvgBvVQ.exe
  2⤵
  PID:7284
- C:\Windows\System\OYgTSzn.exe
  C:\Windows\System\OYgTSzn.exe
  2⤵
  PID:7248
- C:\Windows\System\CyHNJFj.exe
  C:\Windows\System\CyHNJFj.exe
  2⤵
  PID:7312
- C:\Windows\System\iTxbnjo.exe
  C:\Windows\System\iTxbnjo.exe
  2⤵
  PID:7352
- C:\Windows\System\cadKksU.exe
  C:\Windows\System\cadKksU.exe
  2⤵
  PID:7444
- C:\Windows\System\VTIWRuu.exe
  C:\Windows\System\VTIWRuu.exe
  2⤵
  PID:7376
- C:\Windows\System\mVMHKlL.exe
  C:\Windows\System\mVMHKlL.exe
  2⤵
  PID:7464
- C:\Windows\System\XvrCdPu.exe
  C:\Windows\System\XvrCdPu.exe
  2⤵
  PID:7664
- C:\Windows\System\nHxdQPA.exe
  C:\Windows\System\nHxdQPA.exe
  2⤵
  PID:7628
- C:\Windows\System\ViQGXtm.exe
  C:\Windows\System\ViQGXtm.exe
  2⤵
  PID:7648
- C:\Windows\System\DlmLLkU.exe
  C:\Windows\System\DlmLLkU.exe
  2⤵
  PID:7728
- C:\Windows\System\JdqkjXl.exe
  C:\Windows\System\JdqkjXl.exe
  2⤵
  PID:7836
- C:\Windows\System\KJaHZfp.exe
  C:\Windows\System\KJaHZfp.exe
  2⤵
  PID:7708
- C:\Windows\System\LNUowtn.exe
  C:\Windows\System\LNUowtn.exe
  2⤵
  PID:7868
- C:\Windows\System\YloszCg.exe
  C:\Windows\System\YloszCg.exe
  2⤵
  PID:8000
- C:\Windows\System\EvSYANO.exe
  C:\Windows\System\EvSYANO.exe
  2⤵
  PID:8056
- C:\Windows\System\BubWMWg.exe
  C:\Windows\System\BubWMWg.exe
  2⤵
  PID:7904
- C:\Windows\System\TBrgRHm.exe
  C:\Windows\System\TBrgRHm.exe
  2⤵
  PID:8068
- C:\Windows\System\oTaniuJ.exe
  C:\Windows\System\oTaniuJ.exe
  2⤵
  PID:8120
- C:\Windows\System\gxcjoQi.exe
  C:\Windows\System\gxcjoQi.exe
  2⤵
  PID:8160
- C:\Windows\System\BrAkiUM.exe
  C:\Windows\System\BrAkiUM.exe
  2⤵
  PID:7480
- C:\Windows\System\fNanAix.exe
  C:\Windows\System\fNanAix.exe
  2⤵
  PID:7308
- C:\Windows\System\gQEhAxy.exe
  C:\Windows\System\gQEhAxy.exe
  2⤵
  PID:7484
- C:\Windows\System\KlSqwJB.exe
  C:\Windows\System\KlSqwJB.exe
  2⤵
  PID:7096
- C:\Windows\System\HQScYZp.exe
  C:\Windows\System\HQScYZp.exe
  2⤵
  PID:7344
- C:\Windows\System\dLLOMLT.exe
  C:\Windows\System\dLLOMLT.exe
  2⤵
  PID:7676
- C:\Windows\System\uLYUWVJ.exe
  C:\Windows\System\uLYUWVJ.exe
  2⤵
  PID:7820
- C:\Windows\System\AjKjDBc.exe
  C:\Windows\System\AjKjDBc.exe
  2⤵
  PID:8052
- C:\Windows\System\jxfPMSB.exe
  C:\Windows\System\jxfPMSB.exe
  2⤵
  PID:8100
- C:\Windows\System\OWPUECl.exe
  C:\Windows\System\OWPUECl.exe
  2⤵
  PID:6440
- C:\Windows\System\QleovdA.exe
  C:\Windows\System\QleovdA.exe
  2⤵
  PID:7340
- C:\Windows\System\RolJJVX.exe
  C:\Windows\System\RolJJVX.exe
  2⤵
  PID:7600
- C:\Windows\System\SIYZLyd.exe
  C:\Windows\System\SIYZLyd.exe
  2⤵
  PID:7564
- C:\Windows\System\qfPcvrH.exe
  C:\Windows\System\qfPcvrH.exe
  2⤵
  PID:7916
- C:\Windows\System\CNLHqbh.exe
  C:\Windows\System\CNLHqbh.exe
  2⤵
  PID:8024
- C:\Windows\System\GzcWOgb.exe
  C:\Windows\System\GzcWOgb.exe
  2⤵
  PID:7412
- C:\Windows\System\gaArTHM.exe
  C:\Windows\System\gaArTHM.exe
  2⤵
  PID:7580
- C:\Windows\System\AwmMHSR.exe
  C:\Windows\System\AwmMHSR.exe
  2⤵
  PID:7360
- C:\Windows\System\NbIKOqC.exe
  C:\Windows\System\NbIKOqC.exe
  2⤵
  PID:7616
- C:\Windows\System\wwmgqLk.exe
  C:\Windows\System\wwmgqLk.exe
  2⤵
  PID:7532
- C:\Windows\System\FcWSris.exe
  C:\Windows\System\FcWSris.exe
  2⤵
  PID:8208
- C:\Windows\System\htUPGFC.exe
  C:\Windows\System\htUPGFC.exe
  2⤵
  PID:8224
- C:\Windows\System\ugGmkoc.exe
  C:\Windows\System\ugGmkoc.exe
  2⤵
  PID:8244
- C:\Windows\System\AyqucJZ.exe
  C:\Windows\System\AyqucJZ.exe
  2⤵
  PID:8260
- C:\Windows\System\GQEhXtZ.exe
  C:\Windows\System\GQEhXtZ.exe
  2⤵
  PID:8276
- C:\Windows\System\YchiANS.exe
  C:\Windows\System\YchiANS.exe
  2⤵
  PID:8292
- C:\Windows\System\wMyRPuj.exe
  C:\Windows\System\wMyRPuj.exe
  2⤵
  PID:8308
- C:\Windows\System\CmwezBs.exe
  C:\Windows\System\CmwezBs.exe
  2⤵
  PID:8324
- C:\Windows\System\mnzAXjv.exe
  C:\Windows\System\mnzAXjv.exe
  2⤵
  PID:8340
- C:\Windows\System\vEWAXnh.exe
  C:\Windows\System\vEWAXnh.exe
  2⤵
  PID:8356
- C:\Windows\System\CWSnfFT.exe
  C:\Windows\System\CWSnfFT.exe
  2⤵
  PID:8372
- C:\Windows\System\WetIXnV.exe
  C:\Windows\System\WetIXnV.exe
  2⤵
  PID:8388
- C:\Windows\System\GmYrrHy.exe
  C:\Windows\System\GmYrrHy.exe
  2⤵
  PID:8404
- C:\Windows\System\hzUBVrE.exe
  C:\Windows\System\hzUBVrE.exe
  2⤵
  PID:8420
- C:\Windows\System\JvGDATo.exe
  C:\Windows\System\JvGDATo.exe
  2⤵
  PID:8436
- C:\Windows\System\fvDSjyY.exe
  C:\Windows\System\fvDSjyY.exe
  2⤵
  PID:8452
- C:\Windows\System\wgUnLzE.exe
  C:\Windows\System\wgUnLzE.exe
  2⤵
  PID:8468
- C:\Windows\System\jhxGmHI.exe
  C:\Windows\System\jhxGmHI.exe
  2⤵
  PID:8484
- C:\Windows\System\ccRvvrN.exe
  C:\Windows\System\ccRvvrN.exe
  2⤵
  PID:8500
- C:\Windows\System\FkYZgoN.exe
  C:\Windows\System\FkYZgoN.exe
  2⤵
  PID:8528
- C:\Windows\System\JYPGUdx.exe
  C:\Windows\System\JYPGUdx.exe
  2⤵
  PID:8544
- C:\Windows\System\kXbGidU.exe
  C:\Windows\System\kXbGidU.exe
  2⤵
  PID:8632
- C:\Windows\System\RRZBiiL.exe
  C:\Windows\System\RRZBiiL.exe
  2⤵
  PID:8648
- C:\Windows\System\FQjekOh.exe
  C:\Windows\System\FQjekOh.exe
  2⤵
  PID:8664
- C:\Windows\System\HUOQvGa.exe
  C:\Windows\System\HUOQvGa.exe
  2⤵
  PID:8680
- C:\Windows\System\dpxGOqI.exe
  C:\Windows\System\dpxGOqI.exe
  2⤵
  PID:8700
- C:\Windows\System\ccUgkTL.exe
  C:\Windows\System\ccUgkTL.exe
  2⤵
  PID:8716
- C:\Windows\System\bjIpOGB.exe
  C:\Windows\System\bjIpOGB.exe
  2⤵
  PID:8732
- C:\Windows\System\CUpcuhK.exe
  C:\Windows\System\CUpcuhK.exe
  2⤵
  PID:8748
- C:\Windows\System\zuXfDNn.exe
  C:\Windows\System\zuXfDNn.exe
  2⤵
  PID:8764
- C:\Windows\System\JKdlumD.exe
  C:\Windows\System\JKdlumD.exe
  2⤵
  PID:8780
- C:\Windows\System\eUVIHSp.exe
  C:\Windows\System\eUVIHSp.exe
  2⤵
  PID:8800
- C:\Windows\System\QWkOBDa.exe
  C:\Windows\System\QWkOBDa.exe
  2⤵
  PID:8816
- C:\Windows\System\wKGBbrb.exe
  C:\Windows\System\wKGBbrb.exe
  2⤵
  PID:8832
- C:\Windows\System\XQhmiqn.exe
  C:\Windows\System\XQhmiqn.exe
  2⤵
  PID:8852
- C:\Windows\System\cQgJlWB.exe
  C:\Windows\System\cQgJlWB.exe
  2⤵
  PID:8868
- C:\Windows\System\YjEnwVR.exe
  C:\Windows\System\YjEnwVR.exe
  2⤵
  PID:8884
- C:\Windows\System\iCIAYWr.exe
  C:\Windows\System\iCIAYWr.exe
  2⤵
  PID:8900
- C:\Windows\System\cKLzKAH.exe
  C:\Windows\System\cKLzKAH.exe
  2⤵
  PID:8916
- C:\Windows\System\qIAaCNr.exe
  C:\Windows\System\qIAaCNr.exe
  2⤵
  PID:8932
- C:\Windows\System\iBKWXmx.exe
  C:\Windows\System\iBKWXmx.exe
  2⤵
  PID:8948
- C:\Windows\System\sUuEJJb.exe
  C:\Windows\System\sUuEJJb.exe
  2⤵
  PID:8968
- C:\Windows\System\tfDbjas.exe
  C:\Windows\System\tfDbjas.exe
  2⤵
  PID:8984
- C:\Windows\System\kTpaYKz.exe
  C:\Windows\System\kTpaYKz.exe
  2⤵
  PID:9000
- C:\Windows\System\MNZmbGC.exe
  C:\Windows\System\MNZmbGC.exe
  2⤵
  PID:9016
- C:\Windows\System\UcxNnhf.exe
  C:\Windows\System\UcxNnhf.exe
  2⤵
  PID:9032
- C:\Windows\System\qVMJqWw.exe
  C:\Windows\System\qVMJqWw.exe
  2⤵
  PID:9048
- C:\Windows\System\OheeXkU.exe
  C:\Windows\System\OheeXkU.exe
  2⤵
  PID:9064
- C:\Windows\System\XwdZDWh.exe
  C:\Windows\System\XwdZDWh.exe
  2⤵
  PID:9080
- C:\Windows\System\crvdnbs.exe
  C:\Windows\System\crvdnbs.exe
  2⤵
  PID:9096
- C:\Windows\System\zMYFAGq.exe
  C:\Windows\System\zMYFAGq.exe
  2⤵
  PID:9112
- C:\Windows\System\XlbXTLd.exe
  C:\Windows\System\XlbXTLd.exe
  2⤵
  PID:9128
- C:\Windows\System\pjGzqwj.exe
  C:\Windows\System\pjGzqwj.exe
  2⤵
  PID:9144
- C:\Windows\System\PelyUne.exe
  C:\Windows\System\PelyUne.exe
  2⤵
  PID:9160
- C:\Windows\System\MCKeEop.exe
  C:\Windows\System\MCKeEop.exe
  2⤵
  PID:9176
- C:\Windows\System\JRNzMpB.exe
  C:\Windows\System\JRNzMpB.exe
  2⤵
  PID:9192
- C:\Windows\System\OUqZGSw.exe
  C:\Windows\System\OUqZGSw.exe
  2⤵
  PID:9208
- C:\Windows\System\bWeTBpv.exe
  C:\Windows\System\bWeTBpv.exe
  2⤵
  PID:8156
- C:\Windows\System\IUddvfv.exe
  C:\Windows\System\IUddvfv.exe
  2⤵
  PID:8204
- C:\Windows\System\aZlkhGK.exe
  C:\Windows\System\aZlkhGK.exe
  2⤵
  PID:8252
- C:\Windows\System\iXxHGJw.exe
  C:\Windows\System\iXxHGJw.exe
  2⤵
  PID:8316
- C:\Windows\System\ChZfmZe.exe
  C:\Windows\System\ChZfmZe.exe
  2⤵
  PID:8380
- C:\Windows\System\cwANzsg.exe
  C:\Windows\System\cwANzsg.exe
  2⤵
  PID:8300
- C:\Windows\System\AhidScp.exe
  C:\Windows\System\AhidScp.exe
  2⤵
  PID:8364
- C:\Windows\System\nwzXuTQ.exe
  C:\Windows\System\nwzXuTQ.exe
  2⤵
  PID:8400
- C:\Windows\System\AsvYTTV.exe
  C:\Windows\System\AsvYTTV.exe
  2⤵
  PID:8416
- C:\Windows\System\kupTTiz.exe
  C:\Windows\System\kupTTiz.exe
  2⤵
  PID:8412
- C:\Windows\System\rsVObxB.exe
  C:\Windows\System\rsVObxB.exe
  2⤵
  PID:8536
- C:\Windows\System\GENqxCk.exe
  C:\Windows\System\GENqxCk.exe
  2⤵
  PID:8520
- C:\Windows\System\sZrBmIx.exe
  C:\Windows\System\sZrBmIx.exe
  2⤵
  PID:8564
- C:\Windows\System\nvYIdyV.exe
  C:\Windows\System\nvYIdyV.exe
  2⤵
  PID:8592
- C:\Windows\System\zZxhdZN.exe
  C:\Windows\System\zZxhdZN.exe
  2⤵
  PID:8584
- C:\Windows\System\ilGaVGZ.exe
  C:\Windows\System\ilGaVGZ.exe
  2⤵
  PID:8608
- C:\Windows\System\mBscSIG.exe
  C:\Windows\System\mBscSIG.exe
  2⤵
  PID:8624
- C:\Windows\System\ADFWOag.exe
  C:\Windows\System\ADFWOag.exe
  2⤵
  PID:8644
- C:\Windows\System\oiImKIe.exe
  C:\Windows\System\oiImKIe.exe
  2⤵
  PID:8656
- C:\Windows\System\ZAmoCFC.exe
  C:\Windows\System\ZAmoCFC.exe
  2⤵
  PID:8712
- C:\Windows\System\FMvXxHm.exe
  C:\Windows\System\FMvXxHm.exe
  2⤵
  PID:8724
- C:\Windows\System\fLyFjtX.exe
  C:\Windows\System\fLyFjtX.exe
  2⤵
  PID:8772
- C:\Windows\System\QfkGbaV.exe
  C:\Windows\System\QfkGbaV.exe
  2⤵
  PID:8808
- C:\Windows\System\qZVIUWX.exe
  C:\Windows\System\qZVIUWX.exe
  2⤵
  PID:8824
- C:\Windows\System\mBhzvHv.exe
  C:\Windows\System\mBhzvHv.exe
  2⤵
  PID:8860
- C:\Windows\System\HMtlJIU.exe
  C:\Windows\System\HMtlJIU.exe
  2⤵
  PID:8892
- C:\Windows\System\EiDodbs.exe
  C:\Windows\System\EiDodbs.exe
  2⤵
  PID:8924
- C:\Windows\System\wQEeBiL.exe
  C:\Windows\System\wQEeBiL.exe
  2⤵
  PID:8956
- C:\Windows\System\aUXwQID.exe
  C:\Windows\System\aUXwQID.exe
  2⤵
  PID:9008
- C:\Windows\System\sEYwOfU.exe
  C:\Windows\System\sEYwOfU.exe
  2⤵
  PID:9108
- C:\Windows\System\cAfYbKj.exe
  C:\Windows\System\cAfYbKj.exe
  2⤵
  PID:9092
- C:\Windows\System\GKEVujG.exe
  C:\Windows\System\GKEVujG.exe
  2⤵
  PID:9156
- C:\Windows\System\EurmTww.exe
  C:\Windows\System\EurmTww.exe
  2⤵
  PID:8216
- C:\Windows\System\HUFqLAd.exe
  C:\Windows\System\HUFqLAd.exe
  2⤵
  PID:8284
- C:\Windows\System\BbonnoM.exe
  C:\Windows\System\BbonnoM.exe
  2⤵
  PID:8240
- C:\Windows\System\oNKHavE.exe
  C:\Windows\System\oNKHavE.exe
  2⤵
  PID:8332
- C:\Windows\System\AOnUGuc.exe
  C:\Windows\System\AOnUGuc.exe
  2⤵
  PID:8396
- C:\Windows\System\BzKTxBy.exe
  C:\Windows\System\BzKTxBy.exe
  2⤵
  PID:8480
- C:\Windows\System\fyzQhpo.exe
  C:\Windows\System\fyzQhpo.exe
  2⤵
  PID:8572
- C:\Windows\System\zDKezCZ.exe
  C:\Windows\System\zDKezCZ.exe
  2⤵
  PID:8596
- C:\Windows\System\acKcFiw.exe
  C:\Windows\System\acKcFiw.exe
  2⤵
  PID:8508
- C:\Windows\System\xhAwVYG.exe
  C:\Windows\System\xhAwVYG.exe
  2⤵
  PID:8688
- C:\Windows\System\MnkEyuP.exe
  C:\Windows\System\MnkEyuP.exe
  2⤵
  PID:8756
- C:\Windows\System\xFjAZsM.exe
  C:\Windows\System\xFjAZsM.exe
  2⤵
  PID:8880
- C:\Windows\System\LVAmtfo.exe
  C:\Windows\System\LVAmtfo.exe
  2⤵
  PID:8928
- C:\Windows\System\IDgnDYN.exe
  C:\Windows\System\IDgnDYN.exe
  2⤵
  PID:8876
- C:\Windows\System\xOETcMc.exe
  C:\Windows\System\xOETcMc.exe
  2⤵
  PID:9024
- C:\Windows\System\hatSBxw.exe
  C:\Windows\System\hatSBxw.exe
  2⤵
  PID:8980
- C:\Windows\System\NCLBTlA.exe
  C:\Windows\System\NCLBTlA.exe
  2⤵
  PID:9040
- C:\Windows\System\MdLmEds.exe
  C:\Windows\System\MdLmEds.exe
  2⤵
  PID:9028
- C:\Windows\System\UwHxGqX.exe
  C:\Windows\System\UwHxGqX.exe
  2⤵
  PID:9204
- C:\Windows\System\bDnZDdY.exe
  C:\Windows\System\bDnZDdY.exe
  2⤵
  PID:8116
- C:\Windows\System\boOZiEe.exe
  C:\Windows\System\boOZiEe.exe
  2⤵
  PID:8172
- C:\Windows\System\EpZleIh.exe
  C:\Windows\System\EpZleIh.exe
  2⤵
  PID:8432
- C:\Windows\System\pGCdZGw.exe
  C:\Windows\System\pGCdZGw.exe
  2⤵
  PID:8552
- C:\Windows\System\yrLWaDT.exe
  C:\Windows\System\yrLWaDT.exe
  2⤵
  PID:8616
- C:\Windows\System\TfYExUs.exe
  C:\Windows\System\TfYExUs.exe
  2⤵
  PID:8696
- C:\Windows\System\lvQQWaV.exe
  C:\Windows\System\lvQQWaV.exe
  2⤵
  PID:8792
- C:\Windows\System\pPCvhnR.exe
  C:\Windows\System\pPCvhnR.exe
  2⤵
  PID:9168
- C:\Windows\System\CxlTSfM.exe
  C:\Windows\System\CxlTSfM.exe
  2⤵
  PID:9200
- C:\Windows\System\hMenwcn.exe
  C:\Windows\System\hMenwcn.exe
  2⤵
  PID:8692
- C:\Windows\System\lHPhQUi.exe
  C:\Windows\System\lHPhQUi.exe
  2⤵
  PID:8844
- C:\Windows\System\DYEfnVg.exe
  C:\Windows\System\DYEfnVg.exe
  2⤵
  PID:8236
- C:\Windows\System\IBUkyzw.exe
  C:\Windows\System\IBUkyzw.exe
  2⤵
  PID:9264
- C:\Windows\System\YMPqCdC.exe
  C:\Windows\System\YMPqCdC.exe
  2⤵
  PID:9488
- C:\Windows\System\FRruExU.exe
  C:\Windows\System\FRruExU.exe
  2⤵
  PID:9508
- C:\Windows\System\iKcWJTJ.exe
  C:\Windows\System\iKcWJTJ.exe
  2⤵
  PID:9536
- C:\Windows\System\UoGcfAI.exe
  C:\Windows\System\UoGcfAI.exe
  2⤵
  PID:9576
- C:\Windows\System\JEQdcCw.exe
  C:\Windows\System\JEQdcCw.exe
  2⤵
  PID:9592
- C:\Windows\System\DBTyvQZ.exe
  C:\Windows\System\DBTyvQZ.exe
  2⤵
  PID:9608
- C:\Windows\System\CgBJnEL.exe
  C:\Windows\System\CgBJnEL.exe
  2⤵
  PID:9632
- C:\Windows\System\nJWqKEu.exe
  C:\Windows\System\nJWqKEu.exe
  2⤵
  PID:9672
- C:\Windows\System\SynOOAP.exe
  C:\Windows\System\SynOOAP.exe
  2⤵
  PID:9688
- C:\Windows\System\KBzyekT.exe
  C:\Windows\System\KBzyekT.exe
  2⤵
  PID:9708
- C:\Windows\System\LPBTRat.exe
  C:\Windows\System\LPBTRat.exe
  2⤵
  PID:9760
- C:\Windows\System\OLHvBcP.exe
  C:\Windows\System\OLHvBcP.exe
  2⤵
  PID:9812
- C:\Windows\System\ydMDQXt.exe
  C:\Windows\System\ydMDQXt.exe
  2⤵
  PID:9832
- C:\Windows\System\hiEQdVH.exe
  C:\Windows\System\hiEQdVH.exe
  2⤵
  PID:9848
- C:\Windows\System\yTljzcM.exe
  C:\Windows\System\yTljzcM.exe
  2⤵
  PID:9864
- C:\Windows\System\EoImXtp.exe
  C:\Windows\System\EoImXtp.exe
  2⤵
  PID:9904
- C:\Windows\System\xZTBrnO.exe
  C:\Windows\System\xZTBrnO.exe
  2⤵
  PID:9924
- C:\Windows\System\ItGHFiz.exe
  C:\Windows\System\ItGHFiz.exe
  2⤵
  PID:10028
- C:\Windows\System\WOZijPV.exe
  C:\Windows\System\WOZijPV.exe
  2⤵
  PID:10064
- C:\Windows\System\QGRBrqR.exe
  C:\Windows\System\QGRBrqR.exe
  2⤵
  PID:10080
- C:\Windows\System\vsMQYVJ.exe
  C:\Windows\System\vsMQYVJ.exe
  2⤵
  PID:10108
- C:\Windows\System\RScMAQC.exe
  C:\Windows\System\RScMAQC.exe
  2⤵
  PID:10124
- C:\Windows\System\YuyQYPs.exe
  C:\Windows\System\YuyQYPs.exe
  2⤵
  PID:10144
- C:\Windows\System\VMowdRf.exe
  C:\Windows\System\VMowdRf.exe
  2⤵
  PID:10160
- C:\Windows\System\NkuNhhp.exe
  C:\Windows\System\NkuNhhp.exe
  2⤵
  PID:10176
- C:\Windows\System\xadmPUj.exe
  C:\Windows\System\xadmPUj.exe
  2⤵
  PID:10192
- C:\Windows\System\PrSWALO.exe
  C:\Windows\System\PrSWALO.exe
  2⤵
  PID:10212
- C:\Windows\System\IwmrgEI.exe
  C:\Windows\System\IwmrgEI.exe
  2⤵
  PID:10228
- C:\Windows\System\hLSETHr.exe
  C:\Windows\System\hLSETHr.exe
  2⤵
  PID:9188
- C:\Windows\System\erPzxCk.exe
  C:\Windows\System\erPzxCk.exe
  2⤵
  PID:8848
- C:\Windows\System\qZeiCWP.exe
  C:\Windows\System\qZeiCWP.exe
  2⤵
  PID:8976
- C:\Windows\System\PqlOdTa.exe
  C:\Windows\System\PqlOdTa.exe
  2⤵
  PID:8272
- C:\Windows\System\bqimOqj.exe
  C:\Windows\System\bqimOqj.exe
  2⤵
  PID:9244
- C:\Windows\System\hGUeGUD.exe
  C:\Windows\System\hGUeGUD.exe
  2⤵
  PID:9256
- C:\Windows\System\vzNRrXy.exe
  C:\Windows\System\vzNRrXy.exe
  2⤵
  PID:9284
- C:\Windows\System\CtxDwjw.exe
  C:\Windows\System\CtxDwjw.exe
  2⤵
  PID:9308
- C:\Windows\System\eQpngwX.exe
  C:\Windows\System\eQpngwX.exe
  2⤵
  PID:9312
- C:\Windows\System\wUhZdSp.exe
  C:\Windows\System\wUhZdSp.exe
  2⤵
  PID:9472
- C:\Windows\System\ShwHQjh.exe
  C:\Windows\System\ShwHQjh.exe
  2⤵
  PID:9856
- C:\Windows\System\EqzEkJS.exe
  C:\Windows\System\EqzEkJS.exe
  2⤵
  PID:9892
- C:\Windows\System\AfSQRUQ.exe
  C:\Windows\System\AfSQRUQ.exe
  2⤵
  PID:9876
- C:\Windows\System\lDelUZb.exe
  C:\Windows\System\lDelUZb.exe
  2⤵
  PID:9920
- C:\Windows\System\oddbEAA.exe
  C:\Windows\System\oddbEAA.exe
  2⤵
  PID:9952
- C:\Windows\System\fCDmUNO.exe
  C:\Windows\System\fCDmUNO.exe
  2⤵
  PID:9968
- C:\Windows\System\axHvJHP.exe
  C:\Windows\System\axHvJHP.exe
  2⤵
  PID:9992
- C:\Windows\System\VQGUyNq.exe
  C:\Windows\System\VQGUyNq.exe
  2⤵
  PID:10008
- C:\Windows\System\LSfCWHb.exe
  C:\Windows\System\LSfCWHb.exe
  2⤵
  PID:10072
- C:\Windows\System\Hwygogc.exe
  C:\Windows\System\Hwygogc.exe
  2⤵
  PID:10044
- C:\Windows\System\WYYObSI.exe
  C:\Windows\System\WYYObSI.exe
  2⤵
  PID:10088
- C:\Windows\System\BoCHlTl.exe
  C:\Windows\System\BoCHlTl.exe
  2⤵
  PID:10156
- C:\Windows\System\EmCtyrO.exe
  C:\Windows\System\EmCtyrO.exe
  2⤵
  PID:10236
- C:\Windows\System\GVrEhTA.exe
  C:\Windows\System\GVrEhTA.exe
  2⤵
  PID:10136
- C:\Windows\System\IfLnGmK.exe
  C:\Windows\System\IfLnGmK.exe
  2⤵
  PID:9104
- C:\Windows\System\rszagMm.exe
  C:\Windows\System\rszagMm.exe
  2⤵
  PID:9060
- C:\Windows\System\KxIjnER.exe
  C:\Windows\System\KxIjnER.exe
  2⤵
  PID:9236
- C:\Windows\System\rGIldoB.exe
  C:\Windows\System\rGIldoB.exe
  2⤵
  PID:9296
- C:\Windows\System\zeBMMaw.exe
  C:\Windows\System\zeBMMaw.exe
  2⤵
  PID:9320
- C:\Windows\System\mwnSEfx.exe
  C:\Windows\System\mwnSEfx.exe
  2⤵
  PID:9336
- C:\Windows\System\IALdhAp.exe
  C:\Windows\System\IALdhAp.exe
  2⤵
  PID:9352
- C:\Windows\System\MqWoLtx.exe
  C:\Windows\System\MqWoLtx.exe
  2⤵
  PID:9384
- C:\Windows\System\qIHfAIK.exe
  C:\Windows\System\qIHfAIK.exe
  2⤵
  PID:9416
- C:\Windows\System\JQFVtNm.exe
  C:\Windows\System\JQFVtNm.exe
  2⤵
  PID:9424
- C:\Windows\System\nQDKXJA.exe
  C:\Windows\System\nQDKXJA.exe
  2⤵
  PID:9456
- C:\Windows\System\vPgCxLh.exe
  C:\Windows\System\vPgCxLh.exe
  2⤵
  PID:9504
- C:\Windows\System\latzBfB.exe
  C:\Windows\System\latzBfB.exe
  2⤵
  PID:9524
- C:\Windows\System\znwqtgx.exe
  C:\Windows\System\znwqtgx.exe
  2⤵
  PID:9556
- C:\Windows\System\OQzlIRH.exe
  C:\Windows\System\OQzlIRH.exe
  2⤵
  PID:9600
- C:\Windows\System\CxtKmNm.exe
  C:\Windows\System\CxtKmNm.exe
  2⤵
  PID:9652
- C:\Windows\System\nZRpTkT.exe
  C:\Windows\System\nZRpTkT.exe
  2⤵
  PID:9664
- C:\Windows\System\rtyPYKV.exe
  C:\Windows\System\rtyPYKV.exe
  2⤵
  PID:9696
- C:\Windows\System\DkPPfcL.exe
  C:\Windows\System\DkPPfcL.exe
  2⤵
  PID:9704
- C:\Windows\System\egZAZQV.exe
  C:\Windows\System\egZAZQV.exe
  2⤵
  PID:9728
- C:\Windows\System\QNYELqZ.exe
  C:\Windows\System\QNYELqZ.exe
  2⤵
  PID:9776
- C:\Windows\System\hOVYhFQ.exe
  C:\Windows\System\hOVYhFQ.exe
  2⤵
  PID:9772
- C:\Windows\System\rNjckhA.exe
  C:\Windows\System\rNjckhA.exe
  2⤵
  PID:9804
- C:\Windows\System\tyeNjjA.exe
  C:\Windows\System\tyeNjjA.exe
  2⤵
  PID:9860
- C:\Windows\System\KmcnrRS.exe
  C:\Windows\System\KmcnrRS.exe
  2⤵
  PID:9916
- C:\Windows\System\cBIlIhk.exe
  C:\Windows\System\cBIlIhk.exe
  2⤵
  PID:9964
- C:\Windows\System\vRIDhTb.exe
  C:\Windows\System\vRIDhTb.exe
  2⤵
  PID:9896
- C:\Windows\System\VlhuykR.exe
  C:\Windows\System\VlhuykR.exe
  2⤵
  PID:10004
- C:\Windows\System\ERziqnG.exe
  C:\Windows\System\ERziqnG.exe
  2⤵
  PID:10116
- C:\Windows\System\WpjYEfq.exe
  C:\Windows\System\WpjYEfq.exe
  2⤵
  PID:10016
- C:\Windows\System\gNTiSbQ.exe
  C:\Windows\System\gNTiSbQ.exe
  2⤵
  PID:10220
- C:\Windows\System\fMFXVEf.exe
  C:\Windows\System\fMFXVEf.exe
  2⤵
  PID:9220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AaXhAfC.exe

Filesize
6.0MB

MD5
ca917121a0b361ec2aa3722cd16a5ca8

SHA1
5281c48747a90ab8bcd6b95d23f079f87a14bc4d

SHA256
3b20be5859fe4435efe46fe57bdccccffb4f1bf8e5e5733664f6e8d3e77554f5

SHA512
20a27ef7a7dbcc64cfe91035565de119253ae1c81d83c3f9ff5b3ea4e59cdad4319dfeb1fd749dc389ac016e2f596e4699b99d480b6eb7cb56c41566e7787571

Download Submit
C:\Windows\system\BGGcavu.exe

Filesize
6.0MB

MD5
d0d2823368f5f2863af5318111df4130

SHA1
076d86276d84c60fa51a5820e41c5f6d5dec1545

SHA256
2da0c57fc687522de11d622f07ce8403c56b4cb35f36c7b5e646484d62e5c8bf

SHA512
7be54d0e341df752e916aeb90bd22df955491012bbac3fc7ee5c66642b3ba49df49fed1eb5d47964676b68975bc5776f6c64e788664fbd9498e215c4f388fb2f

Download Submit
C:\Windows\system\FbusziV.exe

Filesize
6.0MB

MD5
775e276f8d6f3d5a1c99643f47945966

SHA1
6c84858775675eb299fa4946d9ad8a9776d716f5

SHA256
4b6b2892d52bb5acaaa750403c9a0bc3bd14cde9b76d610c567d071a3cb2b88d

SHA512
df1dbae4cbf8c8886cbecaf44523f562140e75e453f1f7200d2f8db9b4af38a82894edc9d7cfb98a2d428407787d8a5eb1b18a5de697821132b7e7c6fd9907e4

Download Submit
C:\Windows\system\GzMlCHq.exe

Filesize
6.0MB

MD5
2c504176ed59d52ab83d92abf33f76ff

SHA1
674e9c900659fb048330221e2ea330b1a93a2944

SHA256
d24a9afd0f1cbda8a47bdd63c18eef20d86b810a40ff75e296acc24c94594d4b

SHA512
a72022081e28845910c3567889d30e102aacc1bd1539b1aa7c79be27f4749f4b5fba1438b2b6c0957d26065b3c202c05361c4a91f07954d77a8592758889c002

Download Submit
C:\Windows\system\KUeuWPx.exe

Filesize
6.0MB

MD5
6029c7f297d5268d999094727b965658

SHA1
10c1170cc1ab38d15dc335b9d86a8ddcae8a0742

SHA256
14cb569ab35614598b917c7aff757c1e929f0bf323282d4421188c176bddd31a

SHA512
4862e4e3a11a578fef32f5864a1265b087c9e309c50f4296876a5b22e3640750fbfe0bf7381a9c5a17d4d79ee47931ca921ad2173bc83c448adc3c641460e94b

Download Submit
C:\Windows\system\NEMRTvc.exe

Filesize
6.0MB

MD5
66159ceffb0c4608f68e9be9b78455a1

SHA1
2d2c82fd3a41450cfa8a8c1d83f8f0c4feaac55e

SHA256
6b65d881c4546d0e8e73d7909319011e22bfd94d563ad99cf3a8d34a668e2536

SHA512
d4e2a57ae4a3a202efb8fca07a3c6f0c53132d4037a4103d0bbb34e80b2a18a9fcb4bd979e8b47537970c469f277e7fdf41f59b2b506ad7c9c327dcd53873d83

Download Submit
C:\Windows\system\UPuICvm.exe

Filesize
6.0MB

MD5
c941cec39e481b86889f1df8062eb3a2

SHA1
2549e057d6a05c69d672991bc6220a22945ea583

SHA256
da76fe3ef1612837b2905e7eee4d6e4b9727a5247fc1b8e394a696540e7f9d21

SHA512
d30d8dbded7405fc68d92edb07719236b8cf4e371344da0309e976df8001d60bd7ea1f6864b9ed604b8b41bb353c16b8f5d410b6163aff47c3372d179aed72cc

Download Submit
C:\Windows\system\WkOXbGJ.exe

Filesize
6.0MB

MD5
e4b52e70039ff6d664de7dcbf167acdc

SHA1
bbf659757ffe41d030634510fc2be14c2e8593a0

SHA256
3be080bfc73c9e4141e5d8892cc234ec6cb3886323fb4278fe2daba83a63c003

SHA512
fb227f44834a3a701a84ca1cad10b76be1ae5273bfd446b8f3863fe758e1fab024da05e0699091da3a95bba2d38866108334853849814454cacae91358059d06

Download Submit
C:\Windows\system\byaFvGi.exe

Filesize
6.0MB

MD5
c9f11e6351d3171522b55cfc0f6d3aa7

SHA1
876e58668d2e9bd4dd44a139273318fd1208fc11

SHA256
5fd92ee832681eb767f0d6c36b0cfc7ae14d046245c80216a268de62ed920534

SHA512
84afe7f8961e4aaa8937265b22e4dcfd1f295f35845e758c88f9e1d76b2809d991ca2dc42d76ffdeb1c7a940e85de7f6fe3b1466a42e8b52d78c2f09cdd6de23

Download Submit
C:\Windows\system\fJHvuIU.exe

Filesize
6.0MB

MD5
81e40eed0766d5c2646d2e0f943beea8

SHA1
f8d0071ff3f8848926c76e960d436cd4bc12219c

SHA256
b3b8d985deb0e821d1bbdfef48d5c3c9ee9066d7719f1be79d8f489918d550d3

SHA512
1071db02076c822bb14126cdc828a42cbe6a618ad13222eb81ffbc6cd7d1c5841f68ce54a09e38dfbd9c4580ee9d21bf64d6291638ee86fe19b95eb64ae362a7

Download Submit
C:\Windows\system\fkzKzSt.exe

Filesize
6.0MB

MD5
dcdd43dee74e5619eb10e14f72555015

SHA1
e6e5a7023777ed6cd32f8a201016e9ca73cd87c4

SHA256
351b6e968cac0f2380f085af7baf1d58ea0f1aeb1518a029c1af59dba63999ff

SHA512
9cb9cd3c3774e1bae9e5cacddf0f64b2ee8a0927a43dfad80030efdb55251786f22486e0f029015a442af3ff128108f444debe75b954ac08ab341bfdaa5d6832

Download Submit
C:\Windows\system\hQlAwDJ.exe

Filesize
6.0MB

MD5
c745222b6acc354987475aac0f4562fa

SHA1
7dbf2c84cde2b1cffec9b41a06115dd57b7659aa

SHA256
d77f666185ae9ced0a3b2b6aed9aef6952d4e58c80311d9794c9f68b96fccfcd

SHA512
42ff6c0f359862ee8007a356e9068378144ac50215e32a97a137d8cddefa347cd6bba0d843ea5ed21a4d1a136e7e173de4834163487b7a7631382b781561a990

Download Submit
C:\Windows\system\ioxTtgT.exe

Filesize
6.0MB

MD5
415bbbf64c35b1f745e5b4ea5e34c098

SHA1
d02aa474ba2d77b7614018d10f016376b497e50e

SHA256
3418f98e708b9c07506c52f8f331f4580bdcf64122902db9b7d075e6d72c3598

SHA512
f8764caa1020bbb5bde7b5f0646095a1e89b2fbed3fed48961456bf2c2f199734309d05ba622b7c88e09511d79171ba2649fb340501c7b6db5cd6bc99b5b88f2

Download Submit
C:\Windows\system\jxnbOUz.exe

Filesize
6.0MB

MD5
733092ced5225ca89ed00c2d75e7c42b

SHA1
2e63534fd30dafa9baffa9c0aeb9acbbab50f3b9

SHA256
3764473c76ad86395d1bb1dfd751a876f45e735fcba6fe9f9d80e86cfde8f25d

SHA512
b823589cb735dfb6e61a519f9812d2d6cfa4f8a5e0777b5e38d07bffed4d923659e4619a4063c1be45ceae1dd0ed22a7b53c366210718eae179147c9f4d98702

Download Submit
C:\Windows\system\kAGLape.exe

Filesize
6.0MB

MD5
366dc02b1110f1543b4c2aab42340599

SHA1
121a12a281dcc2d2f8953bdff2a94e97bc526e27

SHA256
6c874961814336972bdf47537d9dc8f95c46589b4447cc2dff8a009a8709a247

SHA512
baed222beb2bfe47b212cbd01909d0020009c43cce820d7a5fc24b9dd90208c7d8ae852460be01cbfcae3ce1dd8af3090581b0f5c50679769a484b93db969ce1

Download Submit
C:\Windows\system\nMNDELf.exe

Filesize
6.0MB

MD5
dc7be580b09b75fb5c7dc0334600b17f

SHA1
150296cc74fbae08d139f08a1d9df99a0cfd7e36

SHA256
b1f49e40ab02972ebbf4bde1eb34755247905ac7c457eb6f23b2f38f9e6b000c

SHA512
dcd23c1bb85f366286d979eb84f3cf5c0583f878d3a2e2c3946533998a66c20de50c560cc632ee30e2d2bd914c1ecff742d5b2ec4e79cf47c07e7d687c958636

Download Submit
C:\Windows\system\ndgxraV.exe

Filesize
6.0MB

MD5
8b897465807faa6ad984c624826504bc

SHA1
ec7a77190a3458b4a8c5ede35d61a13d4de6ae42

SHA256
82703560da07581a086623f621bf683f3ad2050a9c738aba335a72ee4f6dcbce

SHA512
ff28feb95bc1c71342b54e3498c3923c168c26a5e1eecc4d838f34894c4725d92968a6be5b85c452c7f457e38375382084b2c366613791cb20027e7dac3958a0

Download Submit
C:\Windows\system\oHneCYW.exe

Filesize
8B

MD5
c0d7cd5dc0c07d89b7fda9f78b051207

SHA1
c4463af182d51dcf5e13e1498b105662bad1eeb4

SHA256
13eddda46660940d61b9c6a1b9975f781eee8440ec17ca8fc0febb3cb4c1fe4c

SHA512
a2ceaff1baf1ab2e2bdc01920ae43cdf808f85738c0dedbc597ffaf6259f08416c45f2353a9325676582fde311049931308408b813655416d4767e44f8b72cf1

Download Submit
C:\Windows\system\pIYdLsa.exe

Filesize
6.0MB

MD5
fee13934c46d5ee42012ca936e0aa4b2

SHA1
670657018c96aae1ae63999d7be2d2cc1b861970

SHA256
b5d96ac40db0be6cf77f566db0a663c0f556db96120785d446b7f4c76384ffee

SHA512
c560fd5c1d59eb959575dd54de98749a7d248f64d00e171a8c4708ae53d13c3c4be1186a53a30b47e2bb1ac8bc12adb8b0bffa9c7f2f378d67b7c7e2bb06265b

Download Submit
C:\Windows\system\qJrcKJt.exe

Filesize
6.0MB

MD5
3c8ceb65a6012b9d885fd8ecbb8a54d2

SHA1
5a895b2d476156fc7b50ee14568f7c7bff5aed5a

SHA256
4c0ff2944413025aea6796ebb70de03e121f3a76f35285332bb914fc34810670

SHA512
40c3857bbaf2c5a1d15a50763767aa67f78b41bf362700115413bff9e4a622f5ea43df8d7cc6b0d4c43a4f9ae56ad5f61c8ea264952c21e06de437dbb3a1837c

Download Submit
C:\Windows\system\svgEfGX.exe

Filesize
6.0MB

MD5
d47e7405dc8a579c9417226ea01aa643

SHA1
53b3465f521f11cd8d099cf3f3e6cecf28c225b4

SHA256
ebefba322b5ff7cb78d0b49cef586a7169815e39ad95018a372597136af23148

SHA512
a33562a0b4a8aa298190052f355949270bcffae7e3f4fda8d78b160fad60ba0c043580cc28e9ffb12c612ae2bfc1c6d9489da7ee884dfda8ea4e29d6291100d4

Download Submit
C:\Windows\system\wFwJJYH.exe

Filesize
6.0MB

MD5
2596cef5afd9f1771d8f42cd18e9f88b

SHA1
4e382d265ff0f9c7c08b19c3dfa0b3596b12cb11

SHA256
2080d66a411e27543c2978b40617f61b83d7ff8df5fcd12f8885f6e311b82890

SHA512
8c27efb63cb32c4f10cd51c71f74b9ff4a9442c35589a53c14fd2016ef171c53594159ff9b78dcec2939ddc810147ebeee2e8df8d74377e39b997938921689b6

Download Submit
C:\Windows\system\waAtebI.exe

Filesize
6.0MB

MD5
0e106a70b68acea89f9cef9a4f4c9c5e

SHA1
160ea6ce90b3b35463941ad3783f2f2591219245

SHA256
40f230dd80066bc67f306c49df86113e9d85622f767699809d3e066a4af56708

SHA512
4d52ad7eb8d24e6692163055c718aa737517a2a2c0178ae2a1d7ec71a8f07e5d1afa0d9a3033295d64bee796741e45c288f05a731d1344dcc9ae437baa0acd93

Download Submit
C:\Windows\system\yndOhmn.exe

Filesize
6.0MB

MD5
1d22409736b925398e9b1b89d67eb7f2

SHA1
08f58a1d2fdcdbcf8e1d95460fbdcb14b169917d

SHA256
77eb53b37b091fcfb36a99065bca2b697f8330018471eee7d7e3b920e2877aeb

SHA512
96dc40db6a494bc609c7d6a843ea3ac9bf0bb6a69e00cc735c900167dbe5eb2c7c5179ae84531923fd8ad7ce8d48a54282fef3d096be0cf4fa9b81f94bac52ca

Download Submit
C:\Windows\system\zpNoURw.exe

Filesize
6.0MB

MD5
3ab2b1bc016b2c55e69e1a41f1c17f9c

SHA1
c8b9a52152dc142df69ed1cb1a5ff85506ca62fa

SHA256
004ca2722abb516e8fc1bc74b41bb48250b8fd3773db9e0e1006c9d5ee629975

SHA512
a3ed5d42a651680eda03554f1047c5d9e979733e97f61fb3f83b8fa8e44c8796d8d867ee1bd73697775fb128f1fac998bb7f8b440a813e4091dc78722b066f77

Download Submit
\Windows\system\AGhCaXU.exe

Filesize
6.0MB

MD5
77f7ff42fd22b60b19272c456e83d4b5

SHA1
3a65a3c6b791a7bc97b40cc1131cf641a33566f1

SHA256
c567c01cf81ab5500bb7800f9f210ca41ae43fbf1a475ec5958f7ab4ad47efd6

SHA512
9c6f94d4e7591b9e665e0a4bc3b583b1af1371fc81e77411d51b2e88a9e2f9240dba75a84f868daf3c0fdd35eebe53f0f0ee251df9c17707c97c9cc258a79247

Download Submit
\Windows\system\TIbxKZM.exe

Filesize
6.0MB

MD5
8040259083fe7759a8f38ab3cd3c81a9

SHA1
a1d360efbcb7fd75ce066aa28208f5852e3dea57

SHA256
ee11d5f7e0c8923b99d024ffe6d543e669bd4a5266dce629585586e247273c0b

SHA512
33359f66e7a7f297c70502422017ad923158b54c6a17dc54ef46cb11b8d3850bcc01b06a9d4c91231f2907bd104bbc4209e01ef9693dacdd7f9b8464a79bfe51

Download Submit
\Windows\system\Twcuelp.exe

Filesize
6.0MB

MD5
4427bda8817666881621d49b16706bc2

SHA1
44d437fa4354bf35ab70b642c3c47d38f65209e5

SHA256
de56ede3f833c39e760753f4a3d683371c51fc2da0154cc81329e47319ec2cfb

SHA512
1e2d63726aac3d9c67e2bb598e2cafa08cc6e9ed92185f9a62f486315d7b6e5171432d5dd553da521f323785e1b470c290df6b2c621b882549f326fd4ded666a

Download Submit
\Windows\system\WMSorjD.exe

Filesize
6.0MB

MD5
60ab30bca5cf8fc0c29766273fdcdd5a

SHA1
568e9322b3233607da490e724e2a37967ea48285

SHA256
26ae8ca7157d8a05aaa61c1ad61665d6f5ba386e1b0ba81390a750f166557799

SHA512
186ec31d7efb14aaa81c32bda85a90a15c45535f5371b510551551b159a43384f1edae2275a8be5a3ad725f028f40fd1e2b6cfaed9327f35a356464b24fad46e

Download Submit
\Windows\system\ZlJnAbh.exe

Filesize
6.0MB

MD5
c8a46989a718f73b3225b7552bb2cc95

SHA1
e73b8b135008a8b297b9cc39346c362062193a4c

SHA256
e5f0f84e6d4fe0149d643807e2af99ff58959cf436cc15fbf6e9ea327cfe8e61

SHA512
269f730149f7e8863bbc5ff9a992fe55660534071d3d3b81adf558939355e27d11e26f6269b383632bc58b6759db0a529d23e282296c5e8b700e01515ada5275

Download Submit
\Windows\system\fbxvJsD.exe

Filesize
6.0MB

MD5
21d0e980b029f4bafeb1949f02d011be

SHA1
1e23152eab79d3879f99b99814d2b25225ca107b

SHA256
074323d17938c9ed7923f11aeb553076c4ad71483593f07a9a55a39f6d0281cb

SHA512
6a7c806ef89cddd664d6e8b62015510ecf42873b759d0b5fc3b0d7d106f47ab749932cdeb3d986fdf18bd777d12d9a6e50df6463f8f33502c93434502cbda7e1

Download Submit
\Windows\system\zOPXQrx.exe

Filesize
6.0MB

MD5
8e8f18268abc314c08c946dd940777ac

SHA1
6c88b55346124a9a074aa854f03ae7dfe905ce74

SHA256
5e7c92b58d71628f72cbb81767527c5288012be6d042b675c54907366069b931

SHA512
587b4ee7825a362711c8d8551708f4fd45305615dab1288916ce8e5ec40326b9405b55c3d888da3fdfb7f025398115db40d57aca5873ffb450e2b60c62d426ef

Download Submit
\Windows\system\znVWMXZ.exe

Filesize
6.0MB

MD5
2fbca069b3a29d93722f04f390feae35

SHA1
d928ee3fde96e95875c9d62d6335fedfc1aeae3d

SHA256
2a6a1d454f3eb684f973077001b9edfed16d3ab0ba9a666a21cfd215618f104f

SHA512
207981f918e5cc6ace22bb69ac347c29bd6a0ff9031e71e025b4b37431b23e6afaebf993949bc67a48ffe1f7c3ddd6414484a298cffe925468af6ee585cc1ba7

Download Submit
memory/536-3409-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/536-9-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/1320-104-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1320-46-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1320-59-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1320-92-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/1320-91-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1320-71-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1320-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1320-48-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/1320-54-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1320-710-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/1320-0-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/1320-8-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1320-101-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/1320-76-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1320-96-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/1320-24-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/1320-33-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/1320-31-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1320-565-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/1368-3579-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/1368-796-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/1368-105-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/1688-20-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-3464-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-56-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1936-3439-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1936-15-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1936-53-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-402-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2104-3568-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2104-89-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2192-40-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2192-3500-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2192-73-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2512-4449-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2512-108-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2512-1044-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2556-3540-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2556-74-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3544-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-103-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-64-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3453-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2736-67-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3496-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2804-41-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3530-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2808-49-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2880-57-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2880-100-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2880-3527-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/3064-3585-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/3064-322-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/3064-79-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download