cobaltstrike | cef2678f02a8714e00a59d9787f516eaa7fa521a124ba4a40b5ed7c26418bb48

Analysis

max time kernel
125s
max time network
121s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
22-09-2024 07:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0abf7b074593a58172b3569ab6c0881e
SHA1

9d6a54c453ef29f55699e870db5951dc42649e94
SHA256

cef2678f02a8714e00a59d9787f516eaa7fa521a124ba4a40b5ed7c26418bb48
SHA512

e604bebf837a7b5bc2da3f47355903327534219f82c4745ecfed645f972466266c29943a55daef78ab0dad911503694d45c28de94e9396f478ed6d7886528c6b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU5:T+q56utgpPF8u/75

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001225e-6.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001930d-11.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019374-26.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001932d-16.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001933b-22.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001939b-38.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-57.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-79.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a9-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-98.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-89.dat	cobalt_reflective_dll
behavioral1/files/0x0036000000019240-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-71.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b5-65.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b3-45.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2264-0-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x000b00000001225e-6.dat	xmrig
behavioral1/memory/2880-19-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2796-21-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/files/0x000700000001930d-11.dat	xmrig
behavioral1/memory/1880-20-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x0006000000019374-26.dat	xmrig
behavioral1/files/0x000700000001932d-16.dat	xmrig
behavioral1/files/0x000600000001933b-22.dat	xmrig
behavioral1/files/0x000600000001939b-38.dat	xmrig
behavioral1/memory/2748-41-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019dbf-57.dat	xmrig
behavioral1/memory/2600-67-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2748-75-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a075-79.dat	xmrig
behavioral1/memory/3064-86-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x000500000001a48b-133.dat	xmrig
behavioral1/files/0x000500000001a4a9-147.dat	xmrig
behavioral1/memory/2208-949-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2264-1220-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/memory/3064-748-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2324-479-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b5-166.dat	xmrig
behavioral1/files/0x000500000001a4b3-161.dat	xmrig
behavioral1/files/0x000500000001a4b1-158.dat	xmrig
behavioral1/files/0x000500000001a4af-152.dat	xmrig
behavioral1/files/0x000500000001a49a-145.dat	xmrig
behavioral1/files/0x000500000001a499-142.dat	xmrig
behavioral1/files/0x000500000001a48d-137.dat	xmrig
behavioral1/files/0x000500000001a46f-129.dat	xmrig
behavioral1/files/0x000500000001a42d-125.dat	xmrig
behavioral1/files/0x000500000001a427-121.dat	xmrig
behavioral1/files/0x000500000001a41e-117.dat	xmrig
behavioral1/files/0x000500000001a41d-114.dat	xmrig
behavioral1/files/0x000500000001a41b-109.dat	xmrig
behavioral1/files/0x000500000001a307-98.dat	xmrig
behavioral1/files/0x000500000001a359-104.dat	xmrig
behavioral1/files/0x000500000001a09e-96.dat	xmrig
behavioral1/memory/2208-92-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a07e-89.dat	xmrig
behavioral1/files/0x0036000000019240-84.dat	xmrig
behavioral1/memory/2324-81-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2568-74-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2260-68-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f8a-66.dat	xmrig
behavioral1/files/0x0005000000019f94-71.dat	xmrig
behavioral1/files/0x00070000000193b5-65.dat	xmrig
behavioral1/memory/2700-64-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2656-62-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2264-61-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/memory/2264-55-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/1940-49-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x00070000000193b3-45.dat	xmrig
behavioral1/memory/2708-35-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2264-34-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2700-31-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/1940-3999-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2708-4000-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2700-4001-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2880-4003-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2568-4031-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2748-4036-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/3064-4030-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2656-4025-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1880	PLmwQlr.exe
2796	ovoHmea.exe
2880	QNdEsre.exe
2700	fFhBGVB.exe
2708	dUkUsmN.exe
2748	TWLfaOr.exe
1940	hzXFTDR.exe
2656	rjkdWeo.exe
2600	fpXmxRe.exe
2260	lkufQWI.exe
2568	IqIyGrY.exe
2324	NDWvlUF.exe
3064	XZFODww.exe
2208	PLVrvcV.exe
584	DlgVOaF.exe
292	TrdKVKn.exe
2460	hLYTHjs.exe
2824	zOKQhTI.exe
2060	XvunKpU.exe
2844	QrQQAKI.exe
328	MjKrBfK.exe
572	iRlSmHr.exe
2136	lVFizGl.exe
680	LoDWdqo.exe
1648	RjHqzdR.exe
2152	xueeDRp.exe
2448	QNgmuGN.exe
1544	vrisjto.exe
1984	gZkJbGn.exe
2372	WWXmwkC.exe
2016	zdZRgdN.exe
1144	HOOYhOk.exe
972	MQfbeqg.exe
1012	fgOsghB.exe
856	dYYJXBI.exe
940	TwYXYNd.exe
1016	cCsssWM.exe
1624	aPCHheQ.exe
824	LPXQvlJ.exe
796	GNedrTq.exe
1436	gGfOslM.exe
764	ldgTZbs.exe
1584	qqRScsH.exe
1856	TityQRn.exe
1684	JBqmMIi.exe
1328	nfZNOmR.exe
2312	AlAsNpf.exe
2524	GgFyVtG.exe
1604	pzIJwrI.exe
1592	DpRNECk.exe
1536	GhrxbTx.exe
380	DemSbZu.exe
2196	rsaNxXK.exe
2496	TMLxKVB.exe
2212	VOQYIrq.exe
1720	fNqxUPe.exe
1664	SFcXlGs.exe
1992	gUGDGKI.exe
316	RfHCzkX.exe
748	GQVgZRX.exe
664	PfCYwdz.exe
2068	EzrTtlz.exe
1596	hQcfzRL.exe
1456	xivovVD.exe

Loads dropped DLL 64 IoCs

pid	Process
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2264-0-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x000b00000001225e-6.dat	upx
behavioral1/memory/2880-19-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2796-21-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/files/0x000700000001930d-11.dat	upx
behavioral1/memory/1880-20-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x0006000000019374-26.dat	upx
behavioral1/files/0x000700000001932d-16.dat	upx
behavioral1/files/0x000600000001933b-22.dat	upx
behavioral1/files/0x000600000001939b-38.dat	upx
behavioral1/memory/2748-41-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/files/0x0005000000019dbf-57.dat	upx
behavioral1/memory/2600-67-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2748-75-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/files/0x000500000001a075-79.dat	upx
behavioral1/memory/3064-86-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x000500000001a48b-133.dat	upx
behavioral1/files/0x000500000001a4a9-147.dat	upx
behavioral1/memory/2208-949-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/3064-748-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2324-479-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x000500000001a4b5-166.dat	upx
behavioral1/files/0x000500000001a4b3-161.dat	upx
behavioral1/files/0x000500000001a4b1-158.dat	upx
behavioral1/files/0x000500000001a4af-152.dat	upx
behavioral1/files/0x000500000001a49a-145.dat	upx
behavioral1/files/0x000500000001a499-142.dat	upx
behavioral1/files/0x000500000001a48d-137.dat	upx
behavioral1/files/0x000500000001a46f-129.dat	upx
behavioral1/files/0x000500000001a42d-125.dat	upx
behavioral1/files/0x000500000001a427-121.dat	upx
behavioral1/files/0x000500000001a41e-117.dat	upx
behavioral1/files/0x000500000001a41d-114.dat	upx
behavioral1/files/0x000500000001a41b-109.dat	upx
behavioral1/files/0x000500000001a307-98.dat	upx
behavioral1/files/0x000500000001a359-104.dat	upx
behavioral1/files/0x000500000001a09e-96.dat	upx
behavioral1/memory/2208-92-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x000500000001a07e-89.dat	upx
behavioral1/files/0x0036000000019240-84.dat	upx
behavioral1/memory/2324-81-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2568-74-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2260-68-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/files/0x0005000000019f8a-66.dat	upx
behavioral1/files/0x0005000000019f94-71.dat	upx
behavioral1/files/0x00070000000193b5-65.dat	upx
behavioral1/memory/2700-64-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2656-62-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2264-55-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/1940-49-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x00070000000193b3-45.dat	upx
behavioral1/memory/2708-35-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2700-31-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/1940-3999-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2708-4000-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2700-4001-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2880-4003-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2568-4031-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2748-4036-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/3064-4030-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2656-4025-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2796-4039-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/1880-4002-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2600-4208-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XvUvRuT.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wbXqeCK.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fQfXCpV.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HdITqTC.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYXFaal.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\esmJvRV.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XZFODww.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zOKQhTI.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EoIwhpF.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FkmtxbE.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iJhRAfn.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tYeNNdv.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gYIonQU.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ojTCJKn.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KuIrTgH.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NTthVwZ.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LhCMXbD.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\imYKewb.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kZpjkEA.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TMLxKVB.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KAXSKdg.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dtGuQvI.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ioULwyV.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EwwWmap.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OLCEwVi.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LlCeBFn.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRvYTPD.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gbFsUqa.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XrXkxMf.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FpndsSs.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uKEppYl.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\auwYYmQ.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOyaOAa.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sminKOG.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eAWzIbI.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zTNbSlY.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTCLwCL.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GrbqkQI.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mCgaMtn.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYLaFHl.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nMwcYTu.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dZzORuC.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\afvkCsT.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wSwtYsq.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rHZSDVk.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUxRxqs.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lAbDLAv.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\APAXXUD.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ldEdXNW.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dbSrbJA.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUENQWb.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xelANiR.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kOVEUsO.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YBaPFQc.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSwljXV.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQyNGyz.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lxYoAiD.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FFrwGfA.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DpWlBlx.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LvIBrYr.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vHmtAzm.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\juGUZgH.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\shFvVFZ.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SnrDagE.exe	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 1880	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2264 wrote to memory of 1880	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2264 wrote to memory of 1880	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2264 wrote to memory of 2796	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2264 wrote to memory of 2796	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2264 wrote to memory of 2796	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2264 wrote to memory of 2880	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2264 wrote to memory of 2880	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2264 wrote to memory of 2880	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2264 wrote to memory of 2700	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2264 wrote to memory of 2700	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2264 wrote to memory of 2700	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2264 wrote to memory of 2708	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2264 wrote to memory of 2708	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2264 wrote to memory of 2708	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2264 wrote to memory of 2748	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2264 wrote to memory of 2748	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2264 wrote to memory of 2748	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2264 wrote to memory of 1940	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2264 wrote to memory of 1940	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2264 wrote to memory of 1940	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2264 wrote to memory of 2600	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2264 wrote to memory of 2600	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2264 wrote to memory of 2600	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2264 wrote to memory of 2656	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2264 wrote to memory of 2656	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2264 wrote to memory of 2656	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2264 wrote to memory of 2260	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2264 wrote to memory of 2260	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2264 wrote to memory of 2260	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2264 wrote to memory of 2568	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2264 wrote to memory of 2568	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2264 wrote to memory of 2568	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2264 wrote to memory of 2324	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2264 wrote to memory of 2324	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2264 wrote to memory of 2324	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2264 wrote to memory of 3064	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2264 wrote to memory of 3064	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2264 wrote to memory of 3064	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2264 wrote to memory of 2208	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2264 wrote to memory of 2208	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2264 wrote to memory of 2208	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2264 wrote to memory of 584	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2264 wrote to memory of 584	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2264 wrote to memory of 584	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2264 wrote to memory of 2460	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2264 wrote to memory of 2460	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2264 wrote to memory of 2460	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2264 wrote to memory of 292	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2264 wrote to memory of 292	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2264 wrote to memory of 292	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2264 wrote to memory of 2824	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2264 wrote to memory of 2824	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2264 wrote to memory of 2824	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2264 wrote to memory of 2060	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2264 wrote to memory of 2060	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2264 wrote to memory of 2060	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2264 wrote to memory of 2844	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2264 wrote to memory of 2844	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2264 wrote to memory of 2844	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2264 wrote to memory of 328	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2264 wrote to memory of 328	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2264 wrote to memory of 328	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2264 wrote to memory of 572	2264	2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-22_0abf7b074593a58172b3569ab6c0881e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\System\PLmwQlr.exe
  C:\Windows\System\PLmwQlr.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\ovoHmea.exe
  C:\Windows\System\ovoHmea.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\QNdEsre.exe
  C:\Windows\System\QNdEsre.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\fFhBGVB.exe
  C:\Windows\System\fFhBGVB.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\dUkUsmN.exe
  C:\Windows\System\dUkUsmN.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\TWLfaOr.exe
  C:\Windows\System\TWLfaOr.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\hzXFTDR.exe
  C:\Windows\System\hzXFTDR.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\fpXmxRe.exe
  C:\Windows\System\fpXmxRe.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\rjkdWeo.exe
  C:\Windows\System\rjkdWeo.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\lkufQWI.exe
  C:\Windows\System\lkufQWI.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\IqIyGrY.exe
  C:\Windows\System\IqIyGrY.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\NDWvlUF.exe
  C:\Windows\System\NDWvlUF.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\XZFODww.exe
  C:\Windows\System\XZFODww.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\PLVrvcV.exe
  C:\Windows\System\PLVrvcV.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\DlgVOaF.exe
  C:\Windows\System\DlgVOaF.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\hLYTHjs.exe
  C:\Windows\System\hLYTHjs.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\TrdKVKn.exe
  C:\Windows\System\TrdKVKn.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\zOKQhTI.exe
  C:\Windows\System\zOKQhTI.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\XvunKpU.exe
  C:\Windows\System\XvunKpU.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\QrQQAKI.exe
  C:\Windows\System\QrQQAKI.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\MjKrBfK.exe
  C:\Windows\System\MjKrBfK.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\iRlSmHr.exe
  C:\Windows\System\iRlSmHr.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\lVFizGl.exe
  C:\Windows\System\lVFizGl.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\LoDWdqo.exe
  C:\Windows\System\LoDWdqo.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\RjHqzdR.exe
  C:\Windows\System\RjHqzdR.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\xueeDRp.exe
  C:\Windows\System\xueeDRp.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\QNgmuGN.exe
  C:\Windows\System\QNgmuGN.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\gZkJbGn.exe
  C:\Windows\System\gZkJbGn.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\vrisjto.exe
  C:\Windows\System\vrisjto.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\WWXmwkC.exe
  C:\Windows\System\WWXmwkC.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\zdZRgdN.exe
  C:\Windows\System\zdZRgdN.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\HOOYhOk.exe
  C:\Windows\System\HOOYhOk.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\MQfbeqg.exe
  C:\Windows\System\MQfbeqg.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\fgOsghB.exe
  C:\Windows\System\fgOsghB.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\dYYJXBI.exe
  C:\Windows\System\dYYJXBI.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\TwYXYNd.exe
  C:\Windows\System\TwYXYNd.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\cCsssWM.exe
  C:\Windows\System\cCsssWM.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\aPCHheQ.exe
  C:\Windows\System\aPCHheQ.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\LPXQvlJ.exe
  C:\Windows\System\LPXQvlJ.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\GNedrTq.exe
  C:\Windows\System\GNedrTq.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\gGfOslM.exe
  C:\Windows\System\gGfOslM.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\ldgTZbs.exe
  C:\Windows\System\ldgTZbs.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\qqRScsH.exe
  C:\Windows\System\qqRScsH.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\TityQRn.exe
  C:\Windows\System\TityQRn.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\JBqmMIi.exe
  C:\Windows\System\JBqmMIi.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\nfZNOmR.exe
  C:\Windows\System\nfZNOmR.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\AlAsNpf.exe
  C:\Windows\System\AlAsNpf.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\GgFyVtG.exe
  C:\Windows\System\GgFyVtG.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\pzIJwrI.exe
  C:\Windows\System\pzIJwrI.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\DpRNECk.exe
  C:\Windows\System\DpRNECk.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\GhrxbTx.exe
  C:\Windows\System\GhrxbTx.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\DemSbZu.exe
  C:\Windows\System\DemSbZu.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\rsaNxXK.exe
  C:\Windows\System\rsaNxXK.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\TMLxKVB.exe
  C:\Windows\System\TMLxKVB.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\VOQYIrq.exe
  C:\Windows\System\VOQYIrq.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\fNqxUPe.exe
  C:\Windows\System\fNqxUPe.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\SFcXlGs.exe
  C:\Windows\System\SFcXlGs.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\gUGDGKI.exe
  C:\Windows\System\gUGDGKI.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\RfHCzkX.exe
  C:\Windows\System\RfHCzkX.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\GQVgZRX.exe
  C:\Windows\System\GQVgZRX.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\PfCYwdz.exe
  C:\Windows\System\PfCYwdz.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\EzrTtlz.exe
  C:\Windows\System\EzrTtlz.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\hQcfzRL.exe
  C:\Windows\System\hQcfzRL.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\xivovVD.exe
  C:\Windows\System\xivovVD.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\ebaHzZf.exe
  C:\Windows\System\ebaHzZf.exe
  2⤵
  PID:2732
- C:\Windows\System\tGmqcAW.exe
  C:\Windows\System\tGmqcAW.exe
  2⤵
  PID:2532
- C:\Windows\System\RjNScfu.exe
  C:\Windows\System\RjNScfu.exe
  2⤵
  PID:2740
- C:\Windows\System\cLOGcxy.exe
  C:\Windows\System\cLOGcxy.exe
  2⤵
  PID:2996
- C:\Windows\System\wDhEwpG.exe
  C:\Windows\System\wDhEwpG.exe
  2⤵
  PID:2584
- C:\Windows\System\GqMeTvP.exe
  C:\Windows\System\GqMeTvP.exe
  2⤵
  PID:2268
- C:\Windows\System\EWkbMwi.exe
  C:\Windows\System\EWkbMwi.exe
  2⤵
  PID:2652
- C:\Windows\System\dbcHdCt.exe
  C:\Windows\System\dbcHdCt.exe
  2⤵
  PID:2360
- C:\Windows\System\DEqULVj.exe
  C:\Windows\System\DEqULVj.exe
  2⤵
  PID:1356
- C:\Windows\System\YCDqIKN.exe
  C:\Windows\System\YCDqIKN.exe
  2⤵
  PID:2220
- C:\Windows\System\KUCJruw.exe
  C:\Windows\System\KUCJruw.exe
  2⤵
  PID:1052
- C:\Windows\System\UQXMsdl.exe
  C:\Windows\System\UQXMsdl.exe
  2⤵
  PID:2812
- C:\Windows\System\fvPCScU.exe
  C:\Windows\System\fvPCScU.exe
  2⤵
  PID:1976
- C:\Windows\System\QnyYRow.exe
  C:\Windows\System\QnyYRow.exe
  2⤵
  PID:576
- C:\Windows\System\OXlNckj.exe
  C:\Windows\System\OXlNckj.exe
  2⤵
  PID:324
- C:\Windows\System\XeJvldE.exe
  C:\Windows\System\XeJvldE.exe
  2⤵
  PID:1192
- C:\Windows\System\qMIWgCZ.exe
  C:\Windows\System\qMIWgCZ.exe
  2⤵
  PID:2012
- C:\Windows\System\syuhZDV.exe
  C:\Windows\System\syuhZDV.exe
  2⤵
  PID:1164
- C:\Windows\System\NrWmPEv.exe
  C:\Windows\System\NrWmPEv.exe
  2⤵
  PID:2464
- C:\Windows\System\NHeUrZa.exe
  C:\Windows\System\NHeUrZa.exe
  2⤵
  PID:892
- C:\Windows\System\ixTULxn.exe
  C:\Windows\System\ixTULxn.exe
  2⤵
  PID:3016
- C:\Windows\System\OFiTTly.exe
  C:\Windows\System\OFiTTly.exe
  2⤵
  PID:828
- C:\Windows\System\igGXlhN.exe
  C:\Windows\System\igGXlhN.exe
  2⤵
  PID:1700
- C:\Windows\System\yOlxoAo.exe
  C:\Windows\System\yOlxoAo.exe
  2⤵
  PID:1600
- C:\Windows\System\fFBHBeD.exe
  C:\Windows\System\fFBHBeD.exe
  2⤵
  PID:1612
- C:\Windows\System\kGdzWny.exe
  C:\Windows\System\kGdzWny.exe
  2⤵
  PID:1676
- C:\Windows\System\iJttHju.exe
  C:\Windows\System\iJttHju.exe
  2⤵
  PID:2252
- C:\Windows\System\pvyBjJG.exe
  C:\Windows\System\pvyBjJG.exe
  2⤵
  PID:3104
- C:\Windows\System\bJOmRjQ.exe
  C:\Windows\System\bJOmRjQ.exe
  2⤵
  PID:3288
- C:\Windows\System\deVOLFD.exe
  C:\Windows\System\deVOLFD.exe
  2⤵
  PID:3308
- C:\Windows\System\buJSRch.exe
  C:\Windows\System\buJSRch.exe
  2⤵
  PID:3324
- C:\Windows\System\YxUJNYo.exe
  C:\Windows\System\YxUJNYo.exe
  2⤵
  PID:3344
- C:\Windows\System\feAPzhb.exe
  C:\Windows\System\feAPzhb.exe
  2⤵
  PID:3360
- C:\Windows\System\dXbxRgM.exe
  C:\Windows\System\dXbxRgM.exe
  2⤵
  PID:3380
- C:\Windows\System\zlHhHGz.exe
  C:\Windows\System\zlHhHGz.exe
  2⤵
  PID:3396
- C:\Windows\System\JZuJntF.exe
  C:\Windows\System\JZuJntF.exe
  2⤵
  PID:3420
- C:\Windows\System\PmlEoHe.exe
  C:\Windows\System\PmlEoHe.exe
  2⤵
  PID:3444
- C:\Windows\System\edkHAnv.exe
  C:\Windows\System\edkHAnv.exe
  2⤵
  PID:3468
- C:\Windows\System\cKLVgni.exe
  C:\Windows\System\cKLVgni.exe
  2⤵
  PID:3484
- C:\Windows\System\yOsIKYt.exe
  C:\Windows\System\yOsIKYt.exe
  2⤵
  PID:3504
- C:\Windows\System\XvUvRuT.exe
  C:\Windows\System\XvUvRuT.exe
  2⤵
  PID:3532
- C:\Windows\System\jhVmxxJ.exe
  C:\Windows\System\jhVmxxJ.exe
  2⤵
  PID:3552
- C:\Windows\System\TGHJqes.exe
  C:\Windows\System\TGHJqes.exe
  2⤵
  PID:3576
- C:\Windows\System\AfiyKkf.exe
  C:\Windows\System\AfiyKkf.exe
  2⤵
  PID:3596
- C:\Windows\System\TeuguxN.exe
  C:\Windows\System\TeuguxN.exe
  2⤵
  PID:3612
- C:\Windows\System\GLixfSs.exe
  C:\Windows\System\GLixfSs.exe
  2⤵
  PID:3628
- C:\Windows\System\LZeAAiy.exe
  C:\Windows\System\LZeAAiy.exe
  2⤵
  PID:3652
- C:\Windows\System\YFemkCU.exe
  C:\Windows\System\YFemkCU.exe
  2⤵
  PID:3672
- C:\Windows\System\hdBSVDN.exe
  C:\Windows\System\hdBSVDN.exe
  2⤵
  PID:3696
- C:\Windows\System\lULszCg.exe
  C:\Windows\System\lULszCg.exe
  2⤵
  PID:3712
- C:\Windows\System\uIZVzvb.exe
  C:\Windows\System\uIZVzvb.exe
  2⤵
  PID:3732
- C:\Windows\System\AVljAPO.exe
  C:\Windows\System\AVljAPO.exe
  2⤵
  PID:3748
- C:\Windows\System\FPDyLFw.exe
  C:\Windows\System\FPDyLFw.exe
  2⤵
  PID:3764
- C:\Windows\System\cyJfBWF.exe
  C:\Windows\System\cyJfBWF.exe
  2⤵
  PID:3784
- C:\Windows\System\wapvOXO.exe
  C:\Windows\System\wapvOXO.exe
  2⤵
  PID:3804
- C:\Windows\System\rKmeNuB.exe
  C:\Windows\System\rKmeNuB.exe
  2⤵
  PID:3820
- C:\Windows\System\wMZnHIG.exe
  C:\Windows\System\wMZnHIG.exe
  2⤵
  PID:3836
- C:\Windows\System\HSmUprj.exe
  C:\Windows\System\HSmUprj.exe
  2⤵
  PID:3852
- C:\Windows\System\TgRFIHx.exe
  C:\Windows\System\TgRFIHx.exe
  2⤵
  PID:3872
- C:\Windows\System\xKOjoJz.exe
  C:\Windows\System\xKOjoJz.exe
  2⤵
  PID:3896
- C:\Windows\System\YlhwBri.exe
  C:\Windows\System\YlhwBri.exe
  2⤵
  PID:3916
- C:\Windows\System\yUIKbbY.exe
  C:\Windows\System\yUIKbbY.exe
  2⤵
  PID:3936
- C:\Windows\System\qblVSbB.exe
  C:\Windows\System\qblVSbB.exe
  2⤵
  PID:3956
- C:\Windows\System\FbMxnCo.exe
  C:\Windows\System\FbMxnCo.exe
  2⤵
  PID:3980
- C:\Windows\System\dwIPiEs.exe
  C:\Windows\System\dwIPiEs.exe
  2⤵
  PID:4000
- C:\Windows\System\VwoNXnF.exe
  C:\Windows\System\VwoNXnF.exe
  2⤵
  PID:4016
- C:\Windows\System\ArFpKYw.exe
  C:\Windows\System\ArFpKYw.exe
  2⤵
  PID:4036
- C:\Windows\System\ueEkhks.exe
  C:\Windows\System\ueEkhks.exe
  2⤵
  PID:4060
- C:\Windows\System\MoNUpwB.exe
  C:\Windows\System\MoNUpwB.exe
  2⤵
  PID:2488
- C:\Windows\System\XyLjkKM.exe
  C:\Windows\System\XyLjkKM.exe
  2⤵
  PID:2860
- C:\Windows\System\YNEjxcX.exe
  C:\Windows\System\YNEjxcX.exe
  2⤵
  PID:2644
- C:\Windows\System\DGksmxW.exe
  C:\Windows\System\DGksmxW.exe
  2⤵
  PID:2924
- C:\Windows\System\ZGdQHPu.exe
  C:\Windows\System\ZGdQHPu.exe
  2⤵
  PID:628
- C:\Windows\System\pnskEGP.exe
  C:\Windows\System\pnskEGP.exe
  2⤵
  PID:1292
- C:\Windows\System\atBxJFG.exe
  C:\Windows\System\atBxJFG.exe
  2⤵
  PID:2500
- C:\Windows\System\UJWUmll.exe
  C:\Windows\System\UJWUmll.exe
  2⤵
  PID:2472
- C:\Windows\System\ykNWPhR.exe
  C:\Windows\System\ykNWPhR.exe
  2⤵
  PID:1336
- C:\Windows\System\ODNsytu.exe
  C:\Windows\System\ODNsytu.exe
  2⤵
  PID:2508
- C:\Windows\System\bMcigtZ.exe
  C:\Windows\System\bMcigtZ.exe
  2⤵
  PID:2504
- C:\Windows\System\MlFDtYz.exe
  C:\Windows\System\MlFDtYz.exe
  2⤵
  PID:1492
- C:\Windows\System\WVKAqGo.exe
  C:\Windows\System\WVKAqGo.exe
  2⤵
  PID:2228
- C:\Windows\System\sUXWbro.exe
  C:\Windows\System\sUXWbro.exe
  2⤵
  PID:3080
- C:\Windows\System\fWHAxEY.exe
  C:\Windows\System\fWHAxEY.exe
  2⤵
  PID:1236
- C:\Windows\System\iMeZSXA.exe
  C:\Windows\System\iMeZSXA.exe
  2⤵
  PID:2660
- C:\Windows\System\geBVJVp.exe
  C:\Windows\System\geBVJVp.exe
  2⤵
  PID:3304
- C:\Windows\System\QJANPhA.exe
  C:\Windows\System\QJANPhA.exe
  2⤵
  PID:3336
- C:\Windows\System\AELxnOy.exe
  C:\Windows\System\AELxnOy.exe
  2⤵
  PID:3412
- C:\Windows\System\oKXkrUa.exe
  C:\Windows\System\oKXkrUa.exe
  2⤵
  PID:3460
- C:\Windows\System\XYhtytl.exe
  C:\Windows\System\XYhtytl.exe
  2⤵
  PID:3540
- C:\Windows\System\DUqVxae.exe
  C:\Windows\System\DUqVxae.exe
  2⤵
  PID:3132
- C:\Windows\System\oHaXkZR.exe
  C:\Windows\System\oHaXkZR.exe
  2⤵
  PID:3144
- C:\Windows\System\nGaaaeR.exe
  C:\Windows\System\nGaaaeR.exe
  2⤵
  PID:3160
- C:\Windows\System\OLCEwVi.exe
  C:\Windows\System\OLCEwVi.exe
  2⤵
  PID:3176
- C:\Windows\System\hEQEBUo.exe
  C:\Windows\System\hEQEBUo.exe
  2⤵
  PID:3192
- C:\Windows\System\EoIwhpF.exe
  C:\Windows\System\EoIwhpF.exe
  2⤵
  PID:3212
- C:\Windows\System\MHpSSbX.exe
  C:\Windows\System\MHpSSbX.exe
  2⤵
  PID:3236
- C:\Windows\System\vtTgvTh.exe
  C:\Windows\System\vtTgvTh.exe
  2⤵
  PID:3260
- C:\Windows\System\XIbijrF.exe
  C:\Windows\System\XIbijrF.exe
  2⤵
  PID:3592
- C:\Windows\System\EgxdDXQ.exe
  C:\Windows\System\EgxdDXQ.exe
  2⤵
  PID:3320
- C:\Windows\System\syRMVop.exe
  C:\Windows\System\syRMVop.exe
  2⤵
  PID:3660
- C:\Windows\System\OReUiQK.exe
  C:\Windows\System\OReUiQK.exe
  2⤵
  PID:3740
- C:\Windows\System\PToUSaR.exe
  C:\Windows\System\PToUSaR.exe
  2⤵
  PID:3776
- C:\Windows\System\mxiYMws.exe
  C:\Windows\System\mxiYMws.exe
  2⤵
  PID:3480
- C:\Windows\System\VtCzePF.exe
  C:\Windows\System\VtCzePF.exe
  2⤵
  PID:3436
- C:\Windows\System\LlCeBFn.exe
  C:\Windows\System\LlCeBFn.exe
  2⤵
  PID:3520
- C:\Windows\System\YfuMqkN.exe
  C:\Windows\System\YfuMqkN.exe
  2⤵
  PID:3884
- C:\Windows\System\LkGYtMm.exe
  C:\Windows\System\LkGYtMm.exe
  2⤵
  PID:3564
- C:\Windows\System\TJgELRP.exe
  C:\Windows\System\TJgELRP.exe
  2⤵
  PID:3560
- C:\Windows\System\EaqyNmZ.exe
  C:\Windows\System\EaqyNmZ.exe
  2⤵
  PID:3644
- C:\Windows\System\nLUootu.exe
  C:\Windows\System\nLUootu.exe
  2⤵
  PID:3964
- C:\Windows\System\QlyniKS.exe
  C:\Windows\System\QlyniKS.exe
  2⤵
  PID:3684
- C:\Windows\System\UFKSMLQ.exe
  C:\Windows\System\UFKSMLQ.exe
  2⤵
  PID:4008
- C:\Windows\System\yFjZpqB.exe
  C:\Windows\System\yFjZpqB.exe
  2⤵
  PID:3728
- C:\Windows\System\XuhffqF.exe
  C:\Windows\System\XuhffqF.exe
  2⤵
  PID:3800
- C:\Windows\System\UeDhLbK.exe
  C:\Windows\System\UeDhLbK.exe
  2⤵
  PID:4028
- C:\Windows\System\CFeOwEy.exe
  C:\Windows\System\CFeOwEy.exe
  2⤵
  PID:904
- C:\Windows\System\LhJaKOv.exe
  C:\Windows\System\LhJaKOv.exe
  2⤵
  PID:772
- C:\Windows\System\yJQyblG.exe
  C:\Windows\System\yJQyblG.exe
  2⤵
  PID:1088
- C:\Windows\System\JjUQPej.exe
  C:\Windows\System\JjUQPej.exe
  2⤵
  PID:1784
- C:\Windows\System\PiezHFC.exe
  C:\Windows\System\PiezHFC.exe
  2⤵
  PID:2400
- C:\Windows\System\KnwMjJw.exe
  C:\Windows\System\KnwMjJw.exe
  2⤵
  PID:1484
- C:\Windows\System\ZBuBiAg.exe
  C:\Windows\System\ZBuBiAg.exe
  2⤵
  PID:2444
- C:\Windows\System\kvqbSbx.exe
  C:\Windows\System\kvqbSbx.exe
  2⤵
  PID:1620
- C:\Windows\System\qVJjvoy.exe
  C:\Windows\System\qVJjvoy.exe
  2⤵
  PID:3408
- C:\Windows\System\RmHXyhn.exe
  C:\Windows\System\RmHXyhn.exe
  2⤵
  PID:3128
- C:\Windows\System\YpPGlUV.exe
  C:\Windows\System\YpPGlUV.exe
  2⤵
  PID:1852
- C:\Windows\System\YotgTUP.exe
  C:\Windows\System\YotgTUP.exe
  2⤵
  PID:2132
- C:\Windows\System\oKeuVLw.exe
  C:\Windows\System\oKeuVLw.exe
  2⤵
  PID:2688
- C:\Windows\System\xSQhbpE.exe
  C:\Windows\System\xSQhbpE.exe
  2⤵
  PID:3584
- C:\Windows\System\cMnfgLR.exe
  C:\Windows\System\cMnfgLR.exe
  2⤵
  PID:3432
- C:\Windows\System\TBlOpWw.exe
  C:\Windows\System\TBlOpWw.exe
  2⤵
  PID:288
- C:\Windows\System\hiNAlef.exe
  C:\Windows\System\hiNAlef.exe
  2⤵
  PID:3376
- C:\Windows\System\SsuojUS.exe
  C:\Windows\System\SsuojUS.exe
  2⤵
  PID:3476
- C:\Windows\System\ALoajhE.exe
  C:\Windows\System\ALoajhE.exe
  2⤵
  PID:3604
- C:\Windows\System\FkmtxbE.exe
  C:\Windows\System\FkmtxbE.exe
  2⤵
  PID:3928
- C:\Windows\System\cNwAMjq.exe
  C:\Windows\System\cNwAMjq.exe
  2⤵
  PID:3760
- C:\Windows\System\DsvOKMh.exe
  C:\Windows\System\DsvOKMh.exe
  2⤵
  PID:3528
- C:\Windows\System\ijRamrf.exe
  C:\Windows\System\ijRamrf.exe
  2⤵
  PID:3976
- C:\Windows\System\aljwNdZ.exe
  C:\Windows\System\aljwNdZ.exe
  2⤵
  PID:3724
- C:\Windows\System\JLkMbbp.exe
  C:\Windows\System\JLkMbbp.exe
  2⤵
  PID:3816
- C:\Windows\System\MYLaFHl.exe
  C:\Windows\System\MYLaFHl.exe
  2⤵
  PID:3352
- C:\Windows\System\JXXhWaI.exe
  C:\Windows\System\JXXhWaI.exe
  2⤵
  PID:3860
- C:\Windows\System\onlBcRj.exe
  C:\Windows\System\onlBcRj.exe
  2⤵
  PID:1588
- C:\Windows\System\IOOmqDs.exe
  C:\Windows\System\IOOmqDs.exe
  2⤵
  PID:3912
- C:\Windows\System\kOVEUsO.exe
  C:\Windows\System\kOVEUsO.exe
  2⤵
  PID:3992
- C:\Windows\System\elfOWcV.exe
  C:\Windows\System\elfOWcV.exe
  2⤵
  PID:948
- C:\Windows\System\rsDuxYO.exe
  C:\Windows\System\rsDuxYO.exe
  2⤵
  PID:1924
- C:\Windows\System\xOAInDK.exe
  C:\Windows\System\xOAInDK.exe
  2⤵
  PID:924
- C:\Windows\System\pJvVpdu.exe
  C:\Windows\System\pJvVpdu.exe
  2⤵
  PID:3340
- C:\Windows\System\HWdNzAX.exe
  C:\Windows\System\HWdNzAX.exe
  2⤵
  PID:1712
- C:\Windows\System\flxBEOK.exe
  C:\Windows\System\flxBEOK.exe
  2⤵
  PID:1656
- C:\Windows\System\sJmGsry.exe
  C:\Windows\System\sJmGsry.exe
  2⤵
  PID:4112
- C:\Windows\System\UkXmKnf.exe
  C:\Windows\System\UkXmKnf.exe
  2⤵
  PID:4132
- C:\Windows\System\kFeyeVQ.exe
  C:\Windows\System\kFeyeVQ.exe
  2⤵
  PID:4152
- C:\Windows\System\YkIFHbW.exe
  C:\Windows\System\YkIFHbW.exe
  2⤵
  PID:4172
- C:\Windows\System\HZAZrWZ.exe
  C:\Windows\System\HZAZrWZ.exe
  2⤵
  PID:4196
- C:\Windows\System\EvSOAMm.exe
  C:\Windows\System\EvSOAMm.exe
  2⤵
  PID:4232
- C:\Windows\System\jlOcrWq.exe
  C:\Windows\System\jlOcrWq.exe
  2⤵
  PID:4252
- C:\Windows\System\LuZVZFp.exe
  C:\Windows\System\LuZVZFp.exe
  2⤵
  PID:4268
- C:\Windows\System\HczGwHX.exe
  C:\Windows\System\HczGwHX.exe
  2⤵
  PID:4292
- C:\Windows\System\ApUPSEA.exe
  C:\Windows\System\ApUPSEA.exe
  2⤵
  PID:4308
- C:\Windows\System\nobeWLZ.exe
  C:\Windows\System\nobeWLZ.exe
  2⤵
  PID:4328
- C:\Windows\System\kWLJlBU.exe
  C:\Windows\System\kWLJlBU.exe
  2⤵
  PID:4348
- C:\Windows\System\TQTVzNJ.exe
  C:\Windows\System\TQTVzNJ.exe
  2⤵
  PID:4368
- C:\Windows\System\waTPlqB.exe
  C:\Windows\System\waTPlqB.exe
  2⤵
  PID:4388
- C:\Windows\System\xeeAjDY.exe
  C:\Windows\System\xeeAjDY.exe
  2⤵
  PID:4408
- C:\Windows\System\KVDgcEF.exe
  C:\Windows\System\KVDgcEF.exe
  2⤵
  PID:4428
- C:\Windows\System\UWZBeuQ.exe
  C:\Windows\System\UWZBeuQ.exe
  2⤵
  PID:4444
- C:\Windows\System\lUPbori.exe
  C:\Windows\System\lUPbori.exe
  2⤵
  PID:4464
- C:\Windows\System\oHzSMHm.exe
  C:\Windows\System\oHzSMHm.exe
  2⤵
  PID:4492
- C:\Windows\System\ScYPJqr.exe
  C:\Windows\System\ScYPJqr.exe
  2⤵
  PID:4508
- C:\Windows\System\yjtIspE.exe
  C:\Windows\System\yjtIspE.exe
  2⤵
  PID:4532
- C:\Windows\System\YBaPFQc.exe
  C:\Windows\System\YBaPFQc.exe
  2⤵
  PID:4548
- C:\Windows\System\kwhDQPA.exe
  C:\Windows\System\kwhDQPA.exe
  2⤵
  PID:4564
- C:\Windows\System\eWZSXdr.exe
  C:\Windows\System\eWZSXdr.exe
  2⤵
  PID:4580
- C:\Windows\System\gzXpdRK.exe
  C:\Windows\System\gzXpdRK.exe
  2⤵
  PID:4604
- C:\Windows\System\wVQlUnS.exe
  C:\Windows\System\wVQlUnS.exe
  2⤵
  PID:4624
- C:\Windows\System\bqwdAop.exe
  C:\Windows\System\bqwdAop.exe
  2⤵
  PID:4640
- C:\Windows\System\mPBlpoE.exe
  C:\Windows\System\mPBlpoE.exe
  2⤵
  PID:4656
- C:\Windows\System\dxyinwG.exe
  C:\Windows\System\dxyinwG.exe
  2⤵
  PID:4672
- C:\Windows\System\rmsimkd.exe
  C:\Windows\System\rmsimkd.exe
  2⤵
  PID:4688
- C:\Windows\System\CoeDMsP.exe
  C:\Windows\System\CoeDMsP.exe
  2⤵
  PID:4704
- C:\Windows\System\TghjUrb.exe
  C:\Windows\System\TghjUrb.exe
  2⤵
  PID:4720
- C:\Windows\System\ZkbnaeF.exe
  C:\Windows\System\ZkbnaeF.exe
  2⤵
  PID:4748
- C:\Windows\System\aPFDfIO.exe
  C:\Windows\System\aPFDfIO.exe
  2⤵
  PID:4768
- C:\Windows\System\ykuqHBf.exe
  C:\Windows\System\ykuqHBf.exe
  2⤵
  PID:4784
- C:\Windows\System\Mawpqwc.exe
  C:\Windows\System\Mawpqwc.exe
  2⤵
  PID:4808
- C:\Windows\System\MNWNEZl.exe
  C:\Windows\System\MNWNEZl.exe
  2⤵
  PID:4832
- C:\Windows\System\hmpDUIy.exe
  C:\Windows\System\hmpDUIy.exe
  2⤵
  PID:4848
- C:\Windows\System\AUwxiby.exe
  C:\Windows\System\AUwxiby.exe
  2⤵
  PID:4896
- C:\Windows\System\zxnhdrF.exe
  C:\Windows\System\zxnhdrF.exe
  2⤵
  PID:4912
- C:\Windows\System\fUQiPNF.exe
  C:\Windows\System\fUQiPNF.exe
  2⤵
  PID:4928
- C:\Windows\System\PcCRAFF.exe
  C:\Windows\System\PcCRAFF.exe
  2⤵
  PID:4944
- C:\Windows\System\GfVhmnI.exe
  C:\Windows\System\GfVhmnI.exe
  2⤵
  PID:4960
- C:\Windows\System\hfGMWov.exe
  C:\Windows\System\hfGMWov.exe
  2⤵
  PID:4980
- C:\Windows\System\iiHyozB.exe
  C:\Windows\System\iiHyozB.exe
  2⤵
  PID:5004
- C:\Windows\System\bjwrOYl.exe
  C:\Windows\System\bjwrOYl.exe
  2⤵
  PID:5020
- C:\Windows\System\HxnCuWB.exe
  C:\Windows\System\HxnCuWB.exe
  2⤵
  PID:5044
- C:\Windows\System\XElUIoq.exe
  C:\Windows\System\XElUIoq.exe
  2⤵
  PID:5060
- C:\Windows\System\NuNQMuj.exe
  C:\Windows\System\NuNQMuj.exe
  2⤵
  PID:5096
- C:\Windows\System\LbyNNHp.exe
  C:\Windows\System\LbyNNHp.exe
  2⤵
  PID:5112
- C:\Windows\System\KJnUoZG.exe
  C:\Windows\System\KJnUoZG.exe
  2⤵
  PID:3280
- C:\Windows\System\pvGWJCf.exe
  C:\Windows\System\pvGWJCf.exe
  2⤵
  PID:2928
- C:\Windows\System\bqInLcW.exe
  C:\Windows\System\bqInLcW.exe
  2⤵
  PID:3880
- C:\Windows\System\aeihXZX.exe
  C:\Windows\System\aeihXZX.exe
  2⤵
  PID:3720
- C:\Windows\System\RduMWJH.exe
  C:\Windows\System\RduMWJH.exe
  2⤵
  PID:3440
- C:\Windows\System\TCtmXrp.exe
  C:\Windows\System\TCtmXrp.exe
  2⤵
  PID:3456
- C:\Windows\System\ItCSrwc.exe
  C:\Windows\System\ItCSrwc.exe
  2⤵
  PID:3932
- C:\Windows\System\fUDRMkt.exe
  C:\Windows\System\fUDRMkt.exe
  2⤵
  PID:3624
- C:\Windows\System\MNMeCBE.exe
  C:\Windows\System\MNMeCBE.exe
  2⤵
  PID:3832
- C:\Windows\System\WMvfViX.exe
  C:\Windows\System\WMvfViX.exe
  2⤵
  PID:1364
- C:\Windows\System\IBIhIiB.exe
  C:\Windows\System\IBIhIiB.exe
  2⤵
  PID:2932
- C:\Windows\System\pgqNZtN.exe
  C:\Windows\System\pgqNZtN.exe
  2⤵
  PID:4052
- C:\Windows\System\fQfXCpV.exe
  C:\Windows\System\fQfXCpV.exe
  2⤵
  PID:1668
- C:\Windows\System\brpaQxa.exe
  C:\Windows\System\brpaQxa.exe
  2⤵
  PID:4104
- C:\Windows\System\Uvskpcc.exe
  C:\Windows\System\Uvskpcc.exe
  2⤵
  PID:4108
- C:\Windows\System\yQgnyUi.exe
  C:\Windows\System\yQgnyUi.exe
  2⤵
  PID:4188
- C:\Windows\System\lByKQdk.exe
  C:\Windows\System\lByKQdk.exe
  2⤵
  PID:2896
- C:\Windows\System\IkOyvii.exe
  C:\Windows\System\IkOyvii.exe
  2⤵
  PID:4124
- C:\Windows\System\jskaEFM.exe
  C:\Windows\System\jskaEFM.exe
  2⤵
  PID:4208
- C:\Windows\System\KqXPVzA.exe
  C:\Windows\System\KqXPVzA.exe
  2⤵
  PID:4248
- C:\Windows\System\VsfVrzb.exe
  C:\Windows\System\VsfVrzb.exe
  2⤵
  PID:4280
- C:\Windows\System\DeovTAV.exe
  C:\Windows\System\DeovTAV.exe
  2⤵
  PID:4324
- C:\Windows\System\JTtivTG.exe
  C:\Windows\System\JTtivTG.exe
  2⤵
  PID:4364
- C:\Windows\System\WljIhXj.exe
  C:\Windows\System\WljIhXj.exe
  2⤵
  PID:4436
- C:\Windows\System\DuEpCQi.exe
  C:\Windows\System\DuEpCQi.exe
  2⤵
  PID:4484
- C:\Windows\System\YTlQUjR.exe
  C:\Windows\System\YTlQUjR.exe
  2⤵
  PID:4556
- C:\Windows\System\QXnHcod.exe
  C:\Windows\System\QXnHcod.exe
  2⤵
  PID:4596
- C:\Windows\System\BSsiVdp.exe
  C:\Windows\System\BSsiVdp.exe
  2⤵
  PID:4304
- C:\Windows\System\BGaJoAf.exe
  C:\Windows\System\BGaJoAf.exe
  2⤵
  PID:4668
- C:\Windows\System\fKWavav.exe
  C:\Windows\System\fKWavav.exe
  2⤵
  PID:4336
- C:\Windows\System\mXzfQlx.exe
  C:\Windows\System\mXzfQlx.exe
  2⤵
  PID:4376
- C:\Windows\System\DrepOzZ.exe
  C:\Windows\System\DrepOzZ.exe
  2⤵
  PID:4452
- C:\Windows\System\LbUXvbq.exe
  C:\Windows\System\LbUXvbq.exe
  2⤵
  PID:4736
- C:\Windows\System\tzPiuJe.exe
  C:\Windows\System\tzPiuJe.exe
  2⤵
  PID:4460
- C:\Windows\System\rCwlwLw.exe
  C:\Windows\System\rCwlwLw.exe
  2⤵
  PID:4504
- C:\Windows\System\vensbip.exe
  C:\Windows\System\vensbip.exe
  2⤵
  PID:4868
- C:\Windows\System\jeTdfjP.exe
  C:\Windows\System\jeTdfjP.exe
  2⤵
  PID:4680
- C:\Windows\System\JLVIDGj.exe
  C:\Windows\System\JLVIDGj.exe
  2⤵
  PID:4760
- C:\Windows\System\nMwcYTu.exe
  C:\Windows\System\nMwcYTu.exe
  2⤵
  PID:4800
- C:\Windows\System\klrACfr.exe
  C:\Windows\System\klrACfr.exe
  2⤵
  PID:4844
- C:\Windows\System\iNbeLlf.exe
  C:\Windows\System\iNbeLlf.exe
  2⤵
  PID:4924
- C:\Windows\System\DCIIQJk.exe
  C:\Windows\System\DCIIQJk.exe
  2⤵
  PID:5000
- C:\Windows\System\aurPSSG.exe
  C:\Windows\System\aurPSSG.exe
  2⤵
  PID:5040
- C:\Windows\System\jOWSLXF.exe
  C:\Windows\System\jOWSLXF.exe
  2⤵
  PID:5076
- C:\Windows\System\ewhJAVT.exe
  C:\Windows\System\ewhJAVT.exe
  2⤵
  PID:5088
- C:\Windows\System\ahZrXvg.exe
  C:\Windows\System\ahZrXvg.exe
  2⤵
  PID:4968
- C:\Windows\System\mFHruGq.exe
  C:\Windows\System\mFHruGq.exe
  2⤵
  PID:5052
- C:\Windows\System\OHAvGmZ.exe
  C:\Windows\System\OHAvGmZ.exe
  2⤵
  PID:3268
- C:\Windows\System\OFOSNTk.exe
  C:\Windows\System\OFOSNTk.exe
  2⤵
  PID:3796
- C:\Windows\System\HnmyqFM.exe
  C:\Windows\System\HnmyqFM.exe
  2⤵
  PID:296
- C:\Windows\System\DpWlBlx.exe
  C:\Windows\System\DpWlBlx.exe
  2⤵
  PID:3120
- C:\Windows\System\TsAeswH.exe
  C:\Windows\System\TsAeswH.exe
  2⤵
  PID:3404
- C:\Windows\System\NKzkWNc.exe
  C:\Windows\System\NKzkWNc.exe
  2⤵
  PID:3904
- C:\Windows\System\jKrUZtX.exe
  C:\Windows\System\jKrUZtX.exe
  2⤵
  PID:3888
- C:\Windows\System\UcyqzIh.exe
  C:\Windows\System\UcyqzIh.exe
  2⤵
  PID:4048
- C:\Windows\System\VmiDswx.exe
  C:\Windows\System\VmiDswx.exe
  2⤵
  PID:4092
- C:\Windows\System\DFMvtYA.exe
  C:\Windows\System\DFMvtYA.exe
  2⤵
  PID:3388
- C:\Windows\System\NbiFzKj.exe
  C:\Windows\System\NbiFzKj.exe
  2⤵
  PID:3988
- C:\Windows\System\HjgFGmD.exe
  C:\Windows\System\HjgFGmD.exe
  2⤵
  PID:4276
- C:\Windows\System\MsJpbtv.exe
  C:\Windows\System\MsJpbtv.exe
  2⤵
  PID:4472
- C:\Windows\System\PXkYAle.exe
  C:\Windows\System\PXkYAle.exe
  2⤵
  PID:4120
- C:\Windows\System\eZbkHzX.exe
  C:\Windows\System\eZbkHzX.exe
  2⤵
  PID:4592
- C:\Windows\System\QdZcsCf.exe
  C:\Windows\System\QdZcsCf.exe
  2⤵
  PID:4728
- C:\Windows\System\QzUqyEE.exe
  C:\Windows\System\QzUqyEE.exe
  2⤵
  PID:4732
- C:\Windows\System\xxoNYju.exe
  C:\Windows\System\xxoNYju.exe
  2⤵
  PID:4528
- C:\Windows\System\LvIBrYr.exe
  C:\Windows\System\LvIBrYr.exe
  2⤵
  PID:4424
- C:\Windows\System\vxpnqwW.exe
  C:\Windows\System\vxpnqwW.exe
  2⤵
  PID:4572
- C:\Windows\System\yWgcPcr.exe
  C:\Windows\System\yWgcPcr.exe
  2⤵
  PID:4316
- C:\Windows\System\iLkAwad.exe
  C:\Windows\System\iLkAwad.exe
  2⤵
  PID:4400
- C:\Windows\System\eWasVoE.exe
  C:\Windows\System\eWasVoE.exe
  2⤵
  PID:4612
- C:\Windows\System\SrrNKgt.exe
  C:\Windows\System\SrrNKgt.exe
  2⤵
  PID:4860
- C:\Windows\System\XnXkYoo.exe
  C:\Windows\System\XnXkYoo.exe
  2⤵
  PID:4892
- C:\Windows\System\tzAxzkt.exe
  C:\Windows\System\tzAxzkt.exe
  2⤵
  PID:5080
- C:\Windows\System\dekgnPq.exe
  C:\Windows\System\dekgnPq.exe
  2⤵
  PID:4976
- C:\Windows\System\VMOwoQj.exe
  C:\Windows\System\VMOwoQj.exe
  2⤵
  PID:3124
- C:\Windows\System\hgQxrnF.exe
  C:\Windows\System\hgQxrnF.exe
  2⤵
  PID:4712
- C:\Windows\System\sKsuTGs.exe
  C:\Windows\System\sKsuTGs.exe
  2⤵
  PID:5068
- C:\Windows\System\ltkxbSb.exe
  C:\Windows\System\ltkxbSb.exe
  2⤵
  PID:3012
- C:\Windows\System\PfPqQtw.exe
  C:\Windows\System\PfPqQtw.exe
  2⤵
  PID:4488
- C:\Windows\System\eAWzIbI.exe
  C:\Windows\System\eAWzIbI.exe
  2⤵
  PID:4664
- C:\Windows\System\NLTOrRK.exe
  C:\Windows\System\NLTOrRK.exe
  2⤵
  PID:4416
- C:\Windows\System\nyLTQmX.exe
  C:\Windows\System\nyLTQmX.exe
  2⤵
  PID:4544
- C:\Windows\System\RNyZoOU.exe
  C:\Windows\System\RNyZoOU.exe
  2⤵
  PID:3284
- C:\Windows\System\uHjoTvE.exe
  C:\Windows\System\uHjoTvE.exe
  2⤵
  PID:4620
- C:\Windows\System\ZHxXemR.exe
  C:\Windows\System\ZHxXemR.exe
  2⤵
  PID:5028
- C:\Windows\System\QKJeRie.exe
  C:\Windows\System\QKJeRie.exe
  2⤵
  PID:5056
- C:\Windows\System\mxfmHAv.exe
  C:\Windows\System\mxfmHAv.exe
  2⤵
  PID:3092
- C:\Windows\System\lvwWehB.exe
  C:\Windows\System\lvwWehB.exe
  2⤵
  PID:3524
- C:\Windows\System\qDJZoJO.exe
  C:\Windows\System\qDJZoJO.exe
  2⤵
  PID:3620
- C:\Windows\System\qSUDzmZ.exe
  C:\Windows\System\qSUDzmZ.exe
  2⤵
  PID:4228
- C:\Windows\System\DCszrXS.exe
  C:\Windows\System\DCszrXS.exe
  2⤵
  PID:4652
- C:\Windows\System\VQapqIP.exe
  C:\Windows\System\VQapqIP.exe
  2⤵
  PID:5032
- C:\Windows\System\xagsruu.exe
  C:\Windows\System\xagsruu.exe
  2⤵
  PID:4888
- C:\Windows\System\wHzycfM.exe
  C:\Windows\System\wHzycfM.exe
  2⤵
  PID:4576
- C:\Windows\System\vKOQfaf.exe
  C:\Windows\System\vKOQfaf.exe
  2⤵
  PID:4820
- C:\Windows\System\DjyEDid.exe
  C:\Windows\System\DjyEDid.exe
  2⤵
  PID:1688
- C:\Windows\System\GFqAnEY.exe
  C:\Windows\System\GFqAnEY.exe
  2⤵
  PID:4956
- C:\Windows\System\aJeYcJX.exe
  C:\Windows\System\aJeYcJX.exe
  2⤵
  PID:4936
- C:\Windows\System\RaxUPgp.exe
  C:\Windows\System\RaxUPgp.exe
  2⤵
  PID:1844
- C:\Windows\System\VePppSo.exe
  C:\Windows\System\VePppSo.exe
  2⤵
  PID:4648
- C:\Windows\System\TgYQxuK.exe
  C:\Windows\System\TgYQxuK.exe
  2⤵
  PID:3088
- C:\Windows\System\JhszTmn.exe
  C:\Windows\System\JhszTmn.exe
  2⤵
  PID:3952
- C:\Windows\System\tcxTPeM.exe
  C:\Windows\System\tcxTPeM.exe
  2⤵
  PID:2304
- C:\Windows\System\MTwLvaA.exe
  C:\Windows\System\MTwLvaA.exe
  2⤵
  PID:4164
- C:\Windows\System\pzpnfUg.exe
  C:\Windows\System\pzpnfUg.exe
  2⤵
  PID:5128
- C:\Windows\System\EMSXEIC.exe
  C:\Windows\System\EMSXEIC.exe
  2⤵
  PID:5144
- C:\Windows\System\DzqTzjb.exe
  C:\Windows\System\DzqTzjb.exe
  2⤵
  PID:5164
- C:\Windows\System\GsoFRbn.exe
  C:\Windows\System\GsoFRbn.exe
  2⤵
  PID:5180
- C:\Windows\System\UVvRzgE.exe
  C:\Windows\System\UVvRzgE.exe
  2⤵
  PID:5200
- C:\Windows\System\mImReec.exe
  C:\Windows\System\mImReec.exe
  2⤵
  PID:5236
- C:\Windows\System\ndgWXkq.exe
  C:\Windows\System\ndgWXkq.exe
  2⤵
  PID:5252
- C:\Windows\System\IUmtIrU.exe
  C:\Windows\System\IUmtIrU.exe
  2⤵
  PID:5268
- C:\Windows\System\RAHSNKX.exe
  C:\Windows\System\RAHSNKX.exe
  2⤵
  PID:5292
- C:\Windows\System\qSPLMrn.exe
  C:\Windows\System\qSPLMrn.exe
  2⤵
  PID:5312
- C:\Windows\System\kNXewgR.exe
  C:\Windows\System\kNXewgR.exe
  2⤵
  PID:5328
- C:\Windows\System\Rgqopcb.exe
  C:\Windows\System\Rgqopcb.exe
  2⤵
  PID:5344
- C:\Windows\System\LGEKlau.exe
  C:\Windows\System\LGEKlau.exe
  2⤵
  PID:5364
- C:\Windows\System\lAhNUOt.exe
  C:\Windows\System\lAhNUOt.exe
  2⤵
  PID:5384
- C:\Windows\System\xQwSoPr.exe
  C:\Windows\System\xQwSoPr.exe
  2⤵
  PID:5404
- C:\Windows\System\dipezRq.exe
  C:\Windows\System\dipezRq.exe
  2⤵
  PID:5424
- C:\Windows\System\cRXsAWr.exe
  C:\Windows\System\cRXsAWr.exe
  2⤵
  PID:5440
- C:\Windows\System\dZzORuC.exe
  C:\Windows\System\dZzORuC.exe
  2⤵
  PID:5456
- C:\Windows\System\icfFfjG.exe
  C:\Windows\System\icfFfjG.exe
  2⤵
  PID:5472
- C:\Windows\System\jjCwxja.exe
  C:\Windows\System\jjCwxja.exe
  2⤵
  PID:5488
- C:\Windows\System\khDQhnb.exe
  C:\Windows\System\khDQhnb.exe
  2⤵
  PID:5504
- C:\Windows\System\mDPjcOB.exe
  C:\Windows\System\mDPjcOB.exe
  2⤵
  PID:5520
- C:\Windows\System\GEaPyLp.exe
  C:\Windows\System\GEaPyLp.exe
  2⤵
  PID:5536
- C:\Windows\System\mLIkfQU.exe
  C:\Windows\System\mLIkfQU.exe
  2⤵
  PID:5552
- C:\Windows\System\jFeqdOZ.exe
  C:\Windows\System\jFeqdOZ.exe
  2⤵
  PID:5572
- C:\Windows\System\AmTHOeB.exe
  C:\Windows\System\AmTHOeB.exe
  2⤵
  PID:5588
- C:\Windows\System\LNlpJWz.exe
  C:\Windows\System\LNlpJWz.exe
  2⤵
  PID:5608
- C:\Windows\System\WSfSILZ.exe
  C:\Windows\System\WSfSILZ.exe
  2⤵
  PID:5676
- C:\Windows\System\MtAayfY.exe
  C:\Windows\System\MtAayfY.exe
  2⤵
  PID:5696
- C:\Windows\System\rqeISnq.exe
  C:\Windows\System\rqeISnq.exe
  2⤵
  PID:5712
- C:\Windows\System\UkQneak.exe
  C:\Windows\System\UkQneak.exe
  2⤵
  PID:5728
- C:\Windows\System\wbFhHVq.exe
  C:\Windows\System\wbFhHVq.exe
  2⤵
  PID:5748
- C:\Windows\System\OoNYOSQ.exe
  C:\Windows\System\OoNYOSQ.exe
  2⤵
  PID:5772
- C:\Windows\System\focdJaT.exe
  C:\Windows\System\focdJaT.exe
  2⤵
  PID:5788
- C:\Windows\System\fHTkbEq.exe
  C:\Windows\System\fHTkbEq.exe
  2⤵
  PID:5804
- C:\Windows\System\XICMOMc.exe
  C:\Windows\System\XICMOMc.exe
  2⤵
  PID:5820
- C:\Windows\System\adTLUYb.exe
  C:\Windows\System\adTLUYb.exe
  2⤵
  PID:5836
- C:\Windows\System\UrsKFiw.exe
  C:\Windows\System\UrsKFiw.exe
  2⤵
  PID:5852
- C:\Windows\System\GuCjUnL.exe
  C:\Windows\System\GuCjUnL.exe
  2⤵
  PID:5868
- C:\Windows\System\WGPUBxD.exe
  C:\Windows\System\WGPUBxD.exe
  2⤵
  PID:5884
- C:\Windows\System\HYHyDyP.exe
  C:\Windows\System\HYHyDyP.exe
  2⤵
  PID:5900
- C:\Windows\System\UfNsmWv.exe
  C:\Windows\System\UfNsmWv.exe
  2⤵
  PID:5916
- C:\Windows\System\UyXdAGg.exe
  C:\Windows\System\UyXdAGg.exe
  2⤵
  PID:5932
- C:\Windows\System\mvIIWYX.exe
  C:\Windows\System\mvIIWYX.exe
  2⤵
  PID:5948
- C:\Windows\System\FfVohQT.exe
  C:\Windows\System\FfVohQT.exe
  2⤵
  PID:5964
- C:\Windows\System\CCwPiem.exe
  C:\Windows\System\CCwPiem.exe
  2⤵
  PID:5996
- C:\Windows\System\iNZeNtq.exe
  C:\Windows\System\iNZeNtq.exe
  2⤵
  PID:6016
- C:\Windows\System\NQYKDxA.exe
  C:\Windows\System\NQYKDxA.exe
  2⤵
  PID:6032
- C:\Windows\System\IWOcynU.exe
  C:\Windows\System\IWOcynU.exe
  2⤵
  PID:6048
- C:\Windows\System\fQfFoeW.exe
  C:\Windows\System\fQfFoeW.exe
  2⤵
  PID:6064
- C:\Windows\System\GysAGQS.exe
  C:\Windows\System\GysAGQS.exe
  2⤵
  PID:6080
- C:\Windows\System\sFnPEQA.exe
  C:\Windows\System\sFnPEQA.exe
  2⤵
  PID:6100
- C:\Windows\System\GTVoWQB.exe
  C:\Windows\System\GTVoWQB.exe
  2⤵
  PID:6116
- C:\Windows\System\zVaPpja.exe
  C:\Windows\System\zVaPpja.exe
  2⤵
  PID:6132
- C:\Windows\System\XDBNkmg.exe
  C:\Windows\System\XDBNkmg.exe
  2⤵
  PID:4792
- C:\Windows\System\bHpOrkx.exe
  C:\Windows\System\bHpOrkx.exe
  2⤵
  PID:4520
- C:\Windows\System\zVkVpBn.exe
  C:\Windows\System\zVkVpBn.exe
  2⤵
  PID:3704
- C:\Windows\System\XOJNnSy.exe
  C:\Windows\System\XOJNnSy.exe
  2⤵
  PID:5124
- C:\Windows\System\IWQRpDi.exe
  C:\Windows\System\IWQRpDi.exe
  2⤵
  PID:5188
- C:\Windows\System\CdgVBFt.exe
  C:\Windows\System\CdgVBFt.exe
  2⤵
  PID:5244
- C:\Windows\System\UjblbkU.exe
  C:\Windows\System\UjblbkU.exe
  2⤵
  PID:5288
- C:\Windows\System\jIUjhpA.exe
  C:\Windows\System\jIUjhpA.exe
  2⤵
  PID:5324
- C:\Windows\System\eOihsCp.exe
  C:\Windows\System\eOihsCp.exe
  2⤵
  PID:4380
- C:\Windows\System\OoLdkDB.exe
  C:\Windows\System\OoLdkDB.exe
  2⤵
  PID:5360
- C:\Windows\System\LDAgEHi.exe
  C:\Windows\System\LDAgEHi.exe
  2⤵
  PID:5432
- C:\Windows\System\zRJVimW.exe
  C:\Windows\System\zRJVimW.exe
  2⤵
  PID:5140
- C:\Windows\System\lhgEMDT.exe
  C:\Windows\System\lhgEMDT.exe
  2⤵
  PID:5212
- C:\Windows\System\AwHYtnX.exe
  C:\Windows\System\AwHYtnX.exe
  2⤵
  PID:5232
- C:\Windows\System\vKPDqix.exe
  C:\Windows\System\vKPDqix.exe
  2⤵
  PID:2636
- C:\Windows\System\jHylIDl.exe
  C:\Windows\System\jHylIDl.exe
  2⤵
  PID:5448
- C:\Windows\System\bfFFOKD.exe
  C:\Windows\System\bfFFOKD.exe
  2⤵
  PID:5512
- C:\Windows\System\HeNFpSy.exe
  C:\Windows\System\HeNFpSy.exe
  2⤵
  PID:5580
- C:\Windows\System\fTfymZk.exe
  C:\Windows\System\fTfymZk.exe
  2⤵
  PID:5372
- C:\Windows\System\zshYyeL.exe
  C:\Windows\System\zshYyeL.exe
  2⤵
  PID:5628
- C:\Windows\System\xTGhLRN.exe
  C:\Windows\System\xTGhLRN.exe
  2⤵
  PID:5644
- C:\Windows\System\KzZWXJp.exe
  C:\Windows\System\KzZWXJp.exe
  2⤵
  PID:5660
- C:\Windows\System\SuoBbVs.exe
  C:\Windows\System\SuoBbVs.exe
  2⤵
  PID:5688
- C:\Windows\System\zTNbSlY.exe
  C:\Windows\System\zTNbSlY.exe
  2⤵
  PID:5764
- C:\Windows\System\RBedezr.exe
  C:\Windows\System\RBedezr.exe
  2⤵
  PID:1876
- C:\Windows\System\OWlbaJD.exe
  C:\Windows\System\OWlbaJD.exe
  2⤵
  PID:5668
- C:\Windows\System\TcmRCcA.exe
  C:\Windows\System\TcmRCcA.exe
  2⤵
  PID:5812
- C:\Windows\System\ojTCJKn.exe
  C:\Windows\System\ojTCJKn.exe
  2⤵
  PID:2716
- C:\Windows\System\mPoYEgw.exe
  C:\Windows\System\mPoYEgw.exe
  2⤵
  PID:5956
- C:\Windows\System\SmESzhA.exe
  C:\Windows\System\SmESzhA.exe
  2⤵
  PID:6012
- C:\Windows\System\OdBlWUs.exe
  C:\Windows\System\OdBlWUs.exe
  2⤵
  PID:6076
- C:\Windows\System\olOXVGP.exe
  C:\Windows\System\olOXVGP.exe
  2⤵
  PID:3004
- C:\Windows\System\UMjGloh.exe
  C:\Windows\System\UMjGloh.exe
  2⤵
  PID:5944
- C:\Windows\System\mseFrjI.exe
  C:\Windows\System\mseFrjI.exe
  2⤵
  PID:5984
- C:\Windows\System\szXiDdu.exe
  C:\Windows\System\szXiDdu.exe
  2⤵
  PID:2280
- C:\Windows\System\wEKkytq.exe
  C:\Windows\System\wEKkytq.exe
  2⤵
  PID:6060
- C:\Windows\System\hJfgqjY.exe
  C:\Windows\System\hJfgqjY.exe
  2⤵
  PID:6124
- C:\Windows\System\NHKdSYl.exe
  C:\Windows\System\NHKdSYl.exe
  2⤵
  PID:5876
- C:\Windows\System\YESZHlb.exe
  C:\Windows\System\YESZHlb.exe
  2⤵
  PID:4700
- C:\Windows\System\JvjVGRt.exe
  C:\Windows\System\JvjVGRt.exe
  2⤵
  PID:2404
- C:\Windows\System\MMNtEge.exe
  C:\Windows\System\MMNtEge.exe
  2⤵
  PID:4988
- C:\Windows\System\mXtrlSy.exe
  C:\Windows\System\mXtrlSy.exe
  2⤵
  PID:3636
- C:\Windows\System\VfeXdOO.exe
  C:\Windows\System\VfeXdOO.exe
  2⤵
  PID:2560
- C:\Windows\System\IoNddhn.exe
  C:\Windows\System\IoNddhn.exe
  2⤵
  PID:5320
- C:\Windows\System\agZKBjg.exe
  C:\Windows\System\agZKBjg.exe
  2⤵
  PID:5496
- C:\Windows\System\omJvmra.exe
  C:\Windows\System\omJvmra.exe
  2⤵
  PID:1520
- C:\Windows\System\SYYZwqW.exe
  C:\Windows\System\SYYZwqW.exe
  2⤵
  PID:4880
- C:\Windows\System\bSPRepN.exe
  C:\Windows\System\bSPRepN.exe
  2⤵
  PID:2772
- C:\Windows\System\nvVARZn.exe
  C:\Windows\System\nvVARZn.exe
  2⤵
  PID:5624
- C:\Windows\System\oEpmKKC.exe
  C:\Windows\System\oEpmKKC.exe
  2⤵
  PID:5604
- C:\Windows\System\hUYNYMR.exe
  C:\Windows\System\hUYNYMR.exe
  2⤵
  PID:5640
- C:\Windows\System\ZXbBpPU.exe
  C:\Windows\System\ZXbBpPU.exe
  2⤵
  PID:1004
- C:\Windows\System\IDiXGEc.exe
  C:\Windows\System\IDiXGEc.exe
  2⤵
  PID:2580
- C:\Windows\System\cppkShU.exe
  C:\Windows\System\cppkShU.exe
  2⤵
  PID:2888
- C:\Windows\System\HnYiWFh.exe
  C:\Windows\System\HnYiWFh.exe
  2⤵
  PID:5740
- C:\Windows\System\tDpuigf.exe
  C:\Windows\System\tDpuigf.exe
  2⤵
  PID:5832
- C:\Windows\System\CsjdvMH.exe
  C:\Windows\System\CsjdvMH.exe
  2⤵
  PID:6056
- C:\Windows\System\XGaIvYH.exe
  C:\Windows\System\XGaIvYH.exe
  2⤵
  PID:6140
- C:\Windows\System\Zlryyyc.exe
  C:\Windows\System\Zlryyyc.exe
  2⤵
  PID:5924
- C:\Windows\System\olJveKO.exe
  C:\Windows\System\olJveKO.exe
  2⤵
  PID:5880
- C:\Windows\System\eSGcILj.exe
  C:\Windows\System\eSGcILj.exe
  2⤵
  PID:5280
- C:\Windows\System\CNxEzNS.exe
  C:\Windows\System\CNxEzNS.exe
  2⤵
  PID:6024
- C:\Windows\System\xxjmUco.exe
  C:\Windows\System\xxjmUco.exe
  2⤵
  PID:2436
- C:\Windows\System\jTzKqpI.exe
  C:\Windows\System\jTzKqpI.exe
  2⤵
  PID:3908
- C:\Windows\System\qroqNoA.exe
  C:\Windows\System\qroqNoA.exe
  2⤵
  PID:5468
- C:\Windows\System\xMHFboh.exe
  C:\Windows\System\xMHFboh.exe
  2⤵
  PID:2864
- C:\Windows\System\wNhZHPZ.exe
  C:\Windows\System\wNhZHPZ.exe
  2⤵
  PID:4044
- C:\Windows\System\vpkrkDL.exe
  C:\Windows\System\vpkrkDL.exe
  2⤵
  PID:872
- C:\Windows\System\dzZnySH.exe
  C:\Windows\System\dzZnySH.exe
  2⤵
  PID:2180
- C:\Windows\System\TqRRBOY.exe
  C:\Windows\System\TqRRBOY.exe
  2⤵
  PID:5308
- C:\Windows\System\KuIrTgH.exe
  C:\Windows\System\KuIrTgH.exe
  2⤵
  PID:5564
- C:\Windows\System\JzTGriA.exe
  C:\Windows\System\JzTGriA.exe
  2⤵
  PID:900
- C:\Windows\System\qCbnCeD.exe
  C:\Windows\System\qCbnCeD.exe
  2⤵
  PID:5636
- C:\Windows\System\ofUMDDO.exe
  C:\Windows\System\ofUMDDO.exe
  2⤵
  PID:5484
- C:\Windows\System\oOrpqLn.exe
  C:\Windows\System\oOrpqLn.exe
  2⤵
  PID:2776
- C:\Windows\System\xMoDEKR.exe
  C:\Windows\System\xMoDEKR.exe
  2⤵
  PID:1936
- C:\Windows\System\dkTKEVM.exe
  C:\Windows\System\dkTKEVM.exe
  2⤵
  PID:5708
- C:\Windows\System\FolfhMF.exe
  C:\Windows\System\FolfhMF.exe
  2⤵
  PID:6028
- C:\Windows\System\TgpCbne.exe
  C:\Windows\System\TgpCbne.exe
  2⤵
  PID:5864
- C:\Windows\System\NiLKQrK.exe
  C:\Windows\System\NiLKQrK.exe
  2⤵
  PID:4148
- C:\Windows\System\OceAaQv.exe
  C:\Windows\System\OceAaQv.exe
  2⤵
  PID:6112
- C:\Windows\System\TUDXhAZ.exe
  C:\Windows\System\TUDXhAZ.exe
  2⤵
  PID:4360
- C:\Windows\System\FostjNY.exe
  C:\Windows\System\FostjNY.exe
  2⤵
  PID:4420
- C:\Windows\System\AZfcqxW.exe
  C:\Windows\System\AZfcqxW.exe
  2⤵
  PID:5416
- C:\Windows\System\oFoSphd.exe
  C:\Windows\System\oFoSphd.exe
  2⤵
  PID:4032
- C:\Windows\System\Xdgwyjs.exe
  C:\Windows\System\Xdgwyjs.exe
  2⤵
  PID:1216
- C:\Windows\System\PCVqQnO.exe
  C:\Windows\System\PCVqQnO.exe
  2⤵
  PID:5176
- C:\Windows\System\fWHWcrb.exe
  C:\Windows\System\fWHWcrb.exe
  2⤵
  PID:1296
- C:\Windows\System\QisEVbh.exe
  C:\Windows\System\QisEVbh.exe
  2⤵
  PID:5156
- C:\Windows\System\YSwljXV.exe
  C:\Windows\System\YSwljXV.exe
  2⤵
  PID:5756
- C:\Windows\System\iJhRAfn.exe
  C:\Windows\System\iJhRAfn.exe
  2⤵
  PID:5704
- C:\Windows\System\rXEKFyt.exe
  C:\Windows\System\rXEKFyt.exe
  2⤵
  PID:6044
- C:\Windows\System\PRvYTPD.exe
  C:\Windows\System\PRvYTPD.exe
  2⤵
  PID:5664
- C:\Windows\System\snRvDYs.exe
  C:\Windows\System\snRvDYs.exe
  2⤵
  PID:5800
- C:\Windows\System\JNwLNcN.exe
  C:\Windows\System\JNwLNcN.exe
  2⤵
  PID:3112
- C:\Windows\System\aASkIKl.exe
  C:\Windows\System\aASkIKl.exe
  2⤵
  PID:4212
- C:\Windows\System\AwcFZeT.exe
  C:\Windows\System\AwcFZeT.exe
  2⤵
  PID:5992
- C:\Windows\System\KZSimZo.exe
  C:\Windows\System\KZSimZo.exe
  2⤵
  PID:5304
- C:\Windows\System\sTRbCGN.exe
  C:\Windows\System\sTRbCGN.exe
  2⤵
  PID:5160
- C:\Windows\System\HxNtvgY.exe
  C:\Windows\System\HxNtvgY.exe
  2⤵
  PID:5264
- C:\Windows\System\gywNfLB.exe
  C:\Windows\System\gywNfLB.exe
  2⤵
  PID:3056
- C:\Windows\System\nElCWwr.exe
  C:\Windows\System\nElCWwr.exe
  2⤵
  PID:5980
- C:\Windows\System\RIqCbrS.exe
  C:\Windows\System\RIqCbrS.exe
  2⤵
  PID:6096
- C:\Windows\System\goLcNiX.exe
  C:\Windows\System\goLcNiX.exe
  2⤵
  PID:4904
- C:\Windows\System\EuDjSKC.exe
  C:\Windows\System\EuDjSKC.exe
  2⤵
  PID:1868
- C:\Windows\System\tYjbydl.exe
  C:\Windows\System\tYjbydl.exe
  2⤵
  PID:2128
- C:\Windows\System\ruvxxit.exe
  C:\Windows\System\ruvxxit.exe
  2⤵
  PID:1900
- C:\Windows\System\UyuVmZk.exe
  C:\Windows\System\UyuVmZk.exe
  2⤵
  PID:2332
- C:\Windows\System\ehatLpz.exe
  C:\Windows\System\ehatLpz.exe
  2⤵
  PID:1532
- C:\Windows\System\puAZbCl.exe
  C:\Windows\System\puAZbCl.exe
  2⤵
  PID:2344
- C:\Windows\System\CEzBPaG.exe
  C:\Windows\System\CEzBPaG.exe
  2⤵
  PID:1548
- C:\Windows\System\QiktHON.exe
  C:\Windows\System\QiktHON.exe
  2⤵
  PID:6008
- C:\Windows\System\noMMrgi.exe
  C:\Windows\System\noMMrgi.exe
  2⤵
  PID:6156
- C:\Windows\System\iqujmFd.exe
  C:\Windows\System\iqujmFd.exe
  2⤵
  PID:6172
- C:\Windows\System\CWxEnCO.exe
  C:\Windows\System\CWxEnCO.exe
  2⤵
  PID:6188
- C:\Windows\System\GVBFxdo.exe
  C:\Windows\System\GVBFxdo.exe
  2⤵
  PID:6204
- C:\Windows\System\FiCCDOM.exe
  C:\Windows\System\FiCCDOM.exe
  2⤵
  PID:6220
- C:\Windows\System\WDaosbK.exe
  C:\Windows\System\WDaosbK.exe
  2⤵
  PID:6236
- C:\Windows\System\OYwdfMD.exe
  C:\Windows\System\OYwdfMD.exe
  2⤵
  PID:6252
- C:\Windows\System\ZVwvltE.exe
  C:\Windows\System\ZVwvltE.exe
  2⤵
  PID:6268
- C:\Windows\System\UuZbfqe.exe
  C:\Windows\System\UuZbfqe.exe
  2⤵
  PID:6284
- C:\Windows\System\JFZHaOn.exe
  C:\Windows\System\JFZHaOn.exe
  2⤵
  PID:6300
- C:\Windows\System\ldEdXNW.exe
  C:\Windows\System\ldEdXNW.exe
  2⤵
  PID:6316
- C:\Windows\System\wYYRqjc.exe
  C:\Windows\System\wYYRqjc.exe
  2⤵
  PID:6332
- C:\Windows\System\kHjUNCI.exe
  C:\Windows\System\kHjUNCI.exe
  2⤵
  PID:6348
- C:\Windows\System\PDaubWb.exe
  C:\Windows\System\PDaubWb.exe
  2⤵
  PID:6364
- C:\Windows\System\drURtzP.exe
  C:\Windows\System\drURtzP.exe
  2⤵
  PID:6380
- C:\Windows\System\wSqaBqa.exe
  C:\Windows\System\wSqaBqa.exe
  2⤵
  PID:6396
- C:\Windows\System\Minqvmt.exe
  C:\Windows\System\Minqvmt.exe
  2⤵
  PID:6412
- C:\Windows\System\Aiqtpbd.exe
  C:\Windows\System\Aiqtpbd.exe
  2⤵
  PID:6428
- C:\Windows\System\MrXZXhR.exe
  C:\Windows\System\MrXZXhR.exe
  2⤵
  PID:6444
- C:\Windows\System\afvkCsT.exe
  C:\Windows\System\afvkCsT.exe
  2⤵
  PID:6460
- C:\Windows\System\mQMmSGo.exe
  C:\Windows\System\mQMmSGo.exe
  2⤵
  PID:6476
- C:\Windows\System\WSWhXbh.exe
  C:\Windows\System\WSWhXbh.exe
  2⤵
  PID:6492
- C:\Windows\System\BuvXXPu.exe
  C:\Windows\System\BuvXXPu.exe
  2⤵
  PID:6512
- C:\Windows\System\lPIpsWZ.exe
  C:\Windows\System\lPIpsWZ.exe
  2⤵
  PID:6528
- C:\Windows\System\WuMtIno.exe
  C:\Windows\System\WuMtIno.exe
  2⤵
  PID:6544
- C:\Windows\System\ISfImBv.exe
  C:\Windows\System\ISfImBv.exe
  2⤵
  PID:6560
- C:\Windows\System\kvmhZzJ.exe
  C:\Windows\System\kvmhZzJ.exe
  2⤵
  PID:6576
- C:\Windows\System\HOHhkep.exe
  C:\Windows\System\HOHhkep.exe
  2⤵
  PID:6592
- C:\Windows\System\CXZDuqt.exe
  C:\Windows\System\CXZDuqt.exe
  2⤵
  PID:6608
- C:\Windows\System\FWwxzNZ.exe
  C:\Windows\System\FWwxzNZ.exe
  2⤵
  PID:6624
- C:\Windows\System\QSxzMvI.exe
  C:\Windows\System\QSxzMvI.exe
  2⤵
  PID:6640
- C:\Windows\System\BmbRMxX.exe
  C:\Windows\System\BmbRMxX.exe
  2⤵
  PID:6656
- C:\Windows\System\srnWuYR.exe
  C:\Windows\System\srnWuYR.exe
  2⤵
  PID:6672
- C:\Windows\System\srHygpU.exe
  C:\Windows\System\srHygpU.exe
  2⤵
  PID:6688
- C:\Windows\System\mTRMiKS.exe
  C:\Windows\System\mTRMiKS.exe
  2⤵
  PID:6704
- C:\Windows\System\bZiMXNP.exe
  C:\Windows\System\bZiMXNP.exe
  2⤵
  PID:6720
- C:\Windows\System\bnsMeXB.exe
  C:\Windows\System\bnsMeXB.exe
  2⤵
  PID:6736
- C:\Windows\System\euHyOxy.exe
  C:\Windows\System\euHyOxy.exe
  2⤵
  PID:6752
- C:\Windows\System\cMRskMw.exe
  C:\Windows\System\cMRskMw.exe
  2⤵
  PID:6768
- C:\Windows\System\MuIQEAl.exe
  C:\Windows\System\MuIQEAl.exe
  2⤵
  PID:6784
- C:\Windows\System\qZqyRAF.exe
  C:\Windows\System\qZqyRAF.exe
  2⤵
  PID:6800
- C:\Windows\System\LMFNPYm.exe
  C:\Windows\System\LMFNPYm.exe
  2⤵
  PID:6816
- C:\Windows\System\AtoFTSc.exe
  C:\Windows\System\AtoFTSc.exe
  2⤵
  PID:6832
- C:\Windows\System\kZJtPXW.exe
  C:\Windows\System\kZJtPXW.exe
  2⤵
  PID:6848
- C:\Windows\System\VhVRuwa.exe
  C:\Windows\System\VhVRuwa.exe
  2⤵
  PID:6864
- C:\Windows\System\ZKLUYTR.exe
  C:\Windows\System\ZKLUYTR.exe
  2⤵
  PID:6880
- C:\Windows\System\NNuMrei.exe
  C:\Windows\System\NNuMrei.exe
  2⤵
  PID:6896
- C:\Windows\System\ebUQvkz.exe
  C:\Windows\System\ebUQvkz.exe
  2⤵
  PID:6912
- C:\Windows\System\kmZjOoo.exe
  C:\Windows\System\kmZjOoo.exe
  2⤵
  PID:6928
- C:\Windows\System\MjpKkJk.exe
  C:\Windows\System\MjpKkJk.exe
  2⤵
  PID:6944
- C:\Windows\System\wbXqeCK.exe
  C:\Windows\System\wbXqeCK.exe
  2⤵
  PID:6960
- C:\Windows\System\CshmBYM.exe
  C:\Windows\System\CshmBYM.exe
  2⤵
  PID:6976
- C:\Windows\System\IISLnVm.exe
  C:\Windows\System\IISLnVm.exe
  2⤵
  PID:6992
- C:\Windows\System\snQMiuj.exe
  C:\Windows\System\snQMiuj.exe
  2⤵
  PID:7008
- C:\Windows\System\ORsNaDN.exe
  C:\Windows\System\ORsNaDN.exe
  2⤵
  PID:7024
- C:\Windows\System\ArdBMpC.exe
  C:\Windows\System\ArdBMpC.exe
  2⤵
  PID:7044
- C:\Windows\System\fTgMtFX.exe
  C:\Windows\System\fTgMtFX.exe
  2⤵
  PID:7064
- C:\Windows\System\dxUAbjk.exe
  C:\Windows\System\dxUAbjk.exe
  2⤵
  PID:7080
- C:\Windows\System\ZWgjPmf.exe
  C:\Windows\System\ZWgjPmf.exe
  2⤵
  PID:7096
- C:\Windows\System\rvrowNY.exe
  C:\Windows\System\rvrowNY.exe
  2⤵
  PID:7112
- C:\Windows\System\oaBWbBO.exe
  C:\Windows\System\oaBWbBO.exe
  2⤵
  PID:7128
- C:\Windows\System\txaLdyG.exe
  C:\Windows\System\txaLdyG.exe
  2⤵
  PID:7144
- C:\Windows\System\sRAXitB.exe
  C:\Windows\System\sRAXitB.exe
  2⤵
  PID:7160
- C:\Windows\System\STruSuz.exe
  C:\Windows\System\STruSuz.exe
  2⤵
  PID:2800
- C:\Windows\System\XSLkvLr.exe
  C:\Windows\System\XSLkvLr.exe
  2⤵
  PID:6148
- C:\Windows\System\mudkxjY.exe
  C:\Windows\System\mudkxjY.exe
  2⤵
  PID:6180
- C:\Windows\System\TLCrqRE.exe
  C:\Windows\System\TLCrqRE.exe
  2⤵
  PID:6212
- C:\Windows\System\dtcwnnK.exe
  C:\Windows\System\dtcwnnK.exe
  2⤵
  PID:6244
- C:\Windows\System\LdlrwdI.exe
  C:\Windows\System\LdlrwdI.exe
  2⤵
  PID:6276
- C:\Windows\System\LynTLtn.exe
  C:\Windows\System\LynTLtn.exe
  2⤵
  PID:6308
- C:\Windows\System\yhDznqd.exe
  C:\Windows\System\yhDznqd.exe
  2⤵
  PID:6340
- C:\Windows\System\PrutDJY.exe
  C:\Windows\System\PrutDJY.exe
  2⤵
  PID:6360
- C:\Windows\System\qqfqTqP.exe
  C:\Windows\System\qqfqTqP.exe
  2⤵
  PID:6392
- C:\Windows\System\lBLgUvC.exe
  C:\Windows\System\lBLgUvC.exe
  2⤵
  PID:6440
- C:\Windows\System\tdVqZkK.exe
  C:\Windows\System\tdVqZkK.exe
  2⤵
  PID:6484
- C:\Windows\System\fCnTasE.exe
  C:\Windows\System\fCnTasE.exe
  2⤵
  PID:6536
- C:\Windows\System\SxVzRad.exe
  C:\Windows\System\SxVzRad.exe
  2⤵
  PID:6552
- C:\Windows\System\AkILRAq.exe
  C:\Windows\System\AkILRAq.exe
  2⤵
  PID:6556
- C:\Windows\System\yqHuZoW.exe
  C:\Windows\System\yqHuZoW.exe
  2⤵
  PID:6652
- C:\Windows\System\nOoorho.exe
  C:\Windows\System\nOoorho.exe
  2⤵
  PID:6540
- C:\Windows\System\BUiOLBM.exe
  C:\Windows\System\BUiOLBM.exe
  2⤵
  PID:6764
- C:\Windows\System\sAXIPkd.exe
  C:\Windows\System\sAXIPkd.exe
  2⤵
  PID:6604
- C:\Windows\System\fDpFYsI.exe
  C:\Windows\System\fDpFYsI.exe
  2⤵
  PID:6668
- C:\Windows\System\kLuIczU.exe
  C:\Windows\System\kLuIczU.exe
  2⤵
  PID:6968
- C:\Windows\System\xKdQRGJ.exe
  C:\Windows\System\xKdQRGJ.exe
  2⤵
  PID:7004
- C:\Windows\System\ZUTkOph.exe
  C:\Windows\System\ZUTkOph.exe
  2⤵
  PID:2720
- C:\Windows\System\NTthVwZ.exe
  C:\Windows\System\NTthVwZ.exe
  2⤵
  PID:7104
- C:\Windows\System\dPbPUZy.exe
  C:\Windows\System\dPbPUZy.exe
  2⤵
  PID:7140
- C:\Windows\System\gAyyQhr.exe
  C:\Windows\System\gAyyQhr.exe
  2⤵
  PID:7152
- C:\Windows\System\pWNSwSs.exe
  C:\Windows\System\pWNSwSs.exe
  2⤵
  PID:7156
- C:\Windows\System\PnCptMm.exe
  C:\Windows\System\PnCptMm.exe
  2⤵
  PID:1996
- C:\Windows\System\XKueIac.exe
  C:\Windows\System\XKueIac.exe
  2⤵
  PID:2876
- C:\Windows\System\gbFsUqa.exe
  C:\Windows\System\gbFsUqa.exe
  2⤵
  PID:6312
- C:\Windows\System\oSrXWbM.exe
  C:\Windows\System\oSrXWbM.exe
  2⤵
  PID:6228
- C:\Windows\System\WlcWott.exe
  C:\Windows\System\WlcWott.exe
  2⤵
  PID:6164
- C:\Windows\System\hzltUmQ.exe
  C:\Windows\System\hzltUmQ.exe
  2⤵
  PID:6424
- C:\Windows\System\JdoAYTJ.exe
  C:\Windows\System\JdoAYTJ.exe
  2⤵
  PID:6388
- C:\Windows\System\PahODIP.exe
  C:\Windows\System\PahODIP.exe
  2⤵
  PID:6456
- C:\Windows\System\NpGqPHV.exe
  C:\Windows\System\NpGqPHV.exe
  2⤵
  PID:6616
- C:\Windows\System\ancDNqC.exe
  C:\Windows\System\ancDNqC.exe
  2⤵
  PID:6588
- C:\Windows\System\QOKbiYZ.exe
  C:\Windows\System\QOKbiYZ.exe
  2⤵
  PID:6712
- C:\Windows\System\wJiTTIK.exe
  C:\Windows\System\wJiTTIK.exe
  2⤵
  PID:6636
- C:\Windows\System\TibgwXq.exe
  C:\Windows\System\TibgwXq.exe
  2⤵
  PID:484
- C:\Windows\System\evSfQbA.exe
  C:\Windows\System\evSfQbA.exe
  2⤵
  PID:6728
- C:\Windows\System\zbNZuSE.exe
  C:\Windows\System\zbNZuSE.exe
  2⤵
  PID:6824
- C:\Windows\System\nNkfjAn.exe
  C:\Windows\System\nNkfjAn.exe
  2⤵
  PID:6808
- C:\Windows\System\EEfhAPT.exe
  C:\Windows\System\EEfhAPT.exe
  2⤵
  PID:6920
- C:\Windows\System\wKitOJF.exe
  C:\Windows\System\wKitOJF.exe
  2⤵
  PID:1516
- C:\Windows\System\INkJQEh.exe
  C:\Windows\System\INkJQEh.exe
  2⤵
  PID:6936
- C:\Windows\System\lgZlOAJ.exe
  C:\Windows\System\lgZlOAJ.exe
  2⤵
  PID:7016
- C:\Windows\System\yLmOlWM.exe
  C:\Windows\System\yLmOlWM.exe
  2⤵
  PID:6872
- C:\Windows\System\nHxhtFJ.exe
  C:\Windows\System\nHxhtFJ.exe
  2⤵
  PID:2940
- C:\Windows\System\vHmtAzm.exe
  C:\Windows\System\vHmtAzm.exe
  2⤵
  PID:1728
- C:\Windows\System\WiFPZsI.exe
  C:\Windows\System\WiFPZsI.exe
  2⤵
  PID:7092
- C:\Windows\System\aIJijwG.exe
  C:\Windows\System\aIJijwG.exe
  2⤵
  PID:5736
- C:\Windows\System\bZkqMVb.exe
  C:\Windows\System\bZkqMVb.exe
  2⤵
  PID:7056
- C:\Windows\System\NmCgieP.exe
  C:\Windows\System\NmCgieP.exe
  2⤵
  PID:7020
- C:\Windows\System\kJPZrMW.exe
  C:\Windows\System\kJPZrMW.exe
  2⤵
  PID:6260
- C:\Windows\System\hmBeoCo.exe
  C:\Windows\System\hmBeoCo.exe
  2⤵
  PID:2916
- C:\Windows\System\FZRPpDh.exe
  C:\Windows\System\FZRPpDh.exe
  2⤵
  PID:6472
- C:\Windows\System\xmmxSJv.exe
  C:\Windows\System\xmmxSJv.exe
  2⤵
  PID:7184
- C:\Windows\System\TnmHaXP.exe
  C:\Windows\System\TnmHaXP.exe
  2⤵
  PID:7200
- C:\Windows\System\SSedmPb.exe
  C:\Windows\System\SSedmPb.exe
  2⤵
  PID:7220
- C:\Windows\System\VHEHHWl.exe
  C:\Windows\System\VHEHHWl.exe
  2⤵
  PID:7236
- C:\Windows\System\CIuxPsR.exe
  C:\Windows\System\CIuxPsR.exe
  2⤵
  PID:7252
- C:\Windows\System\cLtdlKK.exe
  C:\Windows\System\cLtdlKK.exe
  2⤵
  PID:7268
- C:\Windows\System\CvQLLWg.exe
  C:\Windows\System\CvQLLWg.exe
  2⤵
  PID:7296
- C:\Windows\System\NcAalIw.exe
  C:\Windows\System\NcAalIw.exe
  2⤵
  PID:7324
- C:\Windows\System\KsKYDgK.exe
  C:\Windows\System\KsKYDgK.exe
  2⤵
  PID:7340
- C:\Windows\System\LhCMXbD.exe
  C:\Windows\System\LhCMXbD.exe
  2⤵
  PID:7356
- C:\Windows\System\qmHFPdx.exe
  C:\Windows\System\qmHFPdx.exe
  2⤵
  PID:7380
- C:\Windows\System\Thywxqz.exe
  C:\Windows\System\Thywxqz.exe
  2⤵
  PID:7400
- C:\Windows\System\iQiaQsU.exe
  C:\Windows\System\iQiaQsU.exe
  2⤵
  PID:7416
- C:\Windows\System\jdYiylK.exe
  C:\Windows\System\jdYiylK.exe
  2⤵
  PID:7444
- C:\Windows\System\HIYJeGr.exe
  C:\Windows\System\HIYJeGr.exe
  2⤵
  PID:7460
- C:\Windows\System\dCNZMYp.exe
  C:\Windows\System\dCNZMYp.exe
  2⤵
  PID:7476
- C:\Windows\System\TturlWj.exe
  C:\Windows\System\TturlWj.exe
  2⤵
  PID:7492
- C:\Windows\System\iNrCFSR.exe
  C:\Windows\System\iNrCFSR.exe
  2⤵
  PID:7508
- C:\Windows\System\XvqMcZY.exe
  C:\Windows\System\XvqMcZY.exe
  2⤵
  PID:7524
- C:\Windows\System\ReGUziu.exe
  C:\Windows\System\ReGUziu.exe
  2⤵
  PID:7540
- C:\Windows\System\afSXdGe.exe
  C:\Windows\System\afSXdGe.exe
  2⤵
  PID:7556
- C:\Windows\System\YTCLwCL.exe
  C:\Windows\System\YTCLwCL.exe
  2⤵
  PID:7572
- C:\Windows\System\wSwtYsq.exe
  C:\Windows\System\wSwtYsq.exe
  2⤵
  PID:7588
- C:\Windows\System\yOzsRHu.exe
  C:\Windows\System\yOzsRHu.exe
  2⤵
  PID:7604
- C:\Windows\System\ygNigEq.exe
  C:\Windows\System\ygNigEq.exe
  2⤵
  PID:7620
- C:\Windows\System\tvDAMUF.exe
  C:\Windows\System\tvDAMUF.exe
  2⤵
  PID:7636
- C:\Windows\System\xWLwmUE.exe
  C:\Windows\System\xWLwmUE.exe
  2⤵
  PID:7656
- C:\Windows\System\lSaRcaM.exe
  C:\Windows\System\lSaRcaM.exe
  2⤵
  PID:7672
- C:\Windows\System\wdNHQoW.exe
  C:\Windows\System\wdNHQoW.exe
  2⤵
  PID:7692
- C:\Windows\System\HdITqTC.exe
  C:\Windows\System\HdITqTC.exe
  2⤵
  PID:7708
- C:\Windows\System\mwQkPsZ.exe
  C:\Windows\System\mwQkPsZ.exe
  2⤵
  PID:7736
- C:\Windows\System\TtoGzOn.exe
  C:\Windows\System\TtoGzOn.exe
  2⤵
  PID:7752
- C:\Windows\System\yRTzJbo.exe
  C:\Windows\System\yRTzJbo.exe
  2⤵
  PID:7768
- C:\Windows\System\TigiBKy.exe
  C:\Windows\System\TigiBKy.exe
  2⤵
  PID:7784
- C:\Windows\System\VGpIeRh.exe
  C:\Windows\System\VGpIeRh.exe
  2⤵
  PID:7800
- C:\Windows\System\bRNbeEE.exe
  C:\Windows\System\bRNbeEE.exe
  2⤵
  PID:7816
- C:\Windows\System\XrXkxMf.exe
  C:\Windows\System\XrXkxMf.exe
  2⤵
  PID:7832
- C:\Windows\System\LFCZGWw.exe
  C:\Windows\System\LFCZGWw.exe
  2⤵
  PID:7848
- C:\Windows\System\BFkOXRr.exe
  C:\Windows\System\BFkOXRr.exe
  2⤵
  PID:7872
- C:\Windows\System\PVlDGql.exe
  C:\Windows\System\PVlDGql.exe
  2⤵
  PID:7904
- C:\Windows\System\FitxbEX.exe
  C:\Windows\System\FitxbEX.exe
  2⤵
  PID:7920
- C:\Windows\System\SKNFcdD.exe
  C:\Windows\System\SKNFcdD.exe
  2⤵
  PID:7936
- C:\Windows\System\USfwshv.exe
  C:\Windows\System\USfwshv.exe
  2⤵
  PID:7960
- C:\Windows\System\MTiSkfb.exe
  C:\Windows\System\MTiSkfb.exe
  2⤵
  PID:7980
- C:\Windows\System\CuWVpUN.exe
  C:\Windows\System\CuWVpUN.exe
  2⤵
  PID:8036
- C:\Windows\System\enpotHY.exe
  C:\Windows\System\enpotHY.exe
  2⤵
  PID:8076
- C:\Windows\System\mgTySgw.exe
  C:\Windows\System\mgTySgw.exe
  2⤵
  PID:8104
- C:\Windows\System\FkTvXhH.exe
  C:\Windows\System\FkTvXhH.exe
  2⤵
  PID:8124
- C:\Windows\System\wbvescE.exe
  C:\Windows\System\wbvescE.exe
  2⤵
  PID:8140
- C:\Windows\System\kAFmOHN.exe
  C:\Windows\System\kAFmOHN.exe
  2⤵
  PID:8156
- C:\Windows\System\IFSAxjB.exe
  C:\Windows\System\IFSAxjB.exe
  2⤵
  PID:8176
- C:\Windows\System\YycrOMb.exe
  C:\Windows\System\YycrOMb.exe
  2⤵
  PID:6508
- C:\Windows\System\ItuFlnQ.exe
  C:\Windows\System\ItuFlnQ.exe
  2⤵
  PID:6584
- C:\Windows\System\MFDOZYr.exe
  C:\Windows\System\MFDOZYr.exe
  2⤵
  PID:6572
- C:\Windows\System\NgQdKap.exe
  C:\Windows\System\NgQdKap.exe
  2⤵
  PID:6888
- C:\Windows\System\NzDLWYv.exe
  C:\Windows\System\NzDLWYv.exe
  2⤵
  PID:6876
- C:\Windows\System\RiMejrL.exe
  C:\Windows\System\RiMejrL.exe
  2⤵
  PID:7124
- C:\Windows\System\edQSCdA.exe
  C:\Windows\System\edQSCdA.exe
  2⤵
  PID:6152
- C:\Windows\System\IxbRmGv.exe
  C:\Windows\System\IxbRmGv.exe
  2⤵
  PID:7208
- C:\Windows\System\gGIvUeQ.exe
  C:\Windows\System\gGIvUeQ.exe
  2⤵
  PID:2200
- C:\Windows\System\DldVkBp.exe
  C:\Windows\System\DldVkBp.exe
  2⤵
  PID:7248
- C:\Windows\System\MdaxWqC.exe
  C:\Windows\System\MdaxWqC.exe
  2⤵
  PID:6600
- C:\Windows\System\ZzbwSfz.exe
  C:\Windows\System\ZzbwSfz.exe
  2⤵
  PID:6860
- C:\Windows\System\jJLjuDg.exe
  C:\Windows\System\jJLjuDg.exe
  2⤵
  PID:6840
- C:\Windows\System\iQzqvSh.exe
  C:\Windows\System\iQzqvSh.exe
  2⤵
  PID:7136
- C:\Windows\System\iuXYUOr.exe
  C:\Windows\System\iuXYUOr.exe
  2⤵
  PID:6248
- C:\Windows\System\FQnOCdB.exe
  C:\Windows\System\FQnOCdB.exe
  2⤵
  PID:7196
- C:\Windows\System\OthucER.exe
  C:\Windows\System\OthucER.exe
  2⤵
  PID:7264
- C:\Windows\System\urVRFhg.exe
  C:\Windows\System\urVRFhg.exe
  2⤵
  PID:7304
- C:\Windows\System\CwwqdfL.exe
  C:\Windows\System\CwwqdfL.exe
  2⤵
  PID:7320
- C:\Windows\System\GllYLKI.exe
  C:\Windows\System\GllYLKI.exe
  2⤵
  PID:7368
- C:\Windows\System\mSDmnVt.exe
  C:\Windows\System\mSDmnVt.exe
  2⤵
  PID:7408
- C:\Windows\System\HYenRoT.exe
  C:\Windows\System\HYenRoT.exe
  2⤵
  PID:7456
- C:\Windows\System\NOBtkmm.exe
  C:\Windows\System\NOBtkmm.exe
  2⤵
  PID:7520
- C:\Windows\System\sRgXtRQ.exe
  C:\Windows\System\sRgXtRQ.exe
  2⤵
  PID:7552
- C:\Windows\System\hflnBxR.exe
  C:\Windows\System\hflnBxR.exe
  2⤵
  PID:7616
- C:\Windows\System\HkxyqFo.exe
  C:\Windows\System\HkxyqFo.exe
  2⤵
  PID:7688
- C:\Windows\System\KeqEHUD.exe
  C:\Windows\System\KeqEHUD.exe
  2⤵
  PID:7724
- C:\Windows\System\lfHKgpN.exe
  C:\Windows\System\lfHKgpN.exe
  2⤵
  PID:7764
- C:\Windows\System\habilFy.exe
  C:\Windows\System\habilFy.exe
  2⤵
  PID:7432
- C:\Windows\System\jrBlUWc.exe
  C:\Windows\System\jrBlUWc.exe
  2⤵
  PID:7792
- C:\Windows\System\vqxylvV.exe
  C:\Windows\System\vqxylvV.exe
  2⤵
  PID:7500
- C:\Windows\System\VsQRouJ.exe
  C:\Windows\System\VsQRouJ.exe
  2⤵
  PID:7564
- C:\Windows\System\edqkiZn.exe
  C:\Windows\System\edqkiZn.exe
  2⤵
  PID:7628
- C:\Windows\System\vawwTMb.exe
  C:\Windows\System\vawwTMb.exe
  2⤵
  PID:7700
- C:\Windows\System\eCAUnae.exe
  C:\Windows\System\eCAUnae.exe
  2⤵
  PID:7824
- C:\Windows\System\bureuDC.exe
  C:\Windows\System\bureuDC.exe
  2⤵
  PID:7808
- C:\Windows\System\DzBphoA.exe
  C:\Windows\System\DzBphoA.exe
  2⤵
  PID:7860
- C:\Windows\System\BqpJaUV.exe
  C:\Windows\System\BqpJaUV.exe
  2⤵
  PID:7916
- C:\Windows\System\EfxtUzl.exe
  C:\Windows\System\EfxtUzl.exe
  2⤵
  PID:2356
- C:\Windows\System\usBzhtn.exe
  C:\Windows\System\usBzhtn.exe
  2⤵
  PID:7880
- C:\Windows\System\ZEdYtZi.exe
  C:\Windows\System\ZEdYtZi.exe
  2⤵
  PID:7896
- C:\Windows\System\hEGHJVz.exe
  C:\Windows\System\hEGHJVz.exe
  2⤵
  PID:7968
- C:\Windows\System\oBixnGq.exe
  C:\Windows\System\oBixnGq.exe
  2⤵
  PID:7988
- C:\Windows\System\pqOdEPQ.exe
  C:\Windows\System\pqOdEPQ.exe
  2⤵
  PID:8004
- C:\Windows\System\KmXTxKA.exe
  C:\Windows\System\KmXTxKA.exe
  2⤵
  PID:2092
- C:\Windows\System\DAtzsqT.exe
  C:\Windows\System\DAtzsqT.exe
  2⤵
  PID:8028
- C:\Windows\System\qbasVAz.exe
  C:\Windows\System\qbasVAz.exe
  2⤵
  PID:8060
- C:\Windows\System\fzUvRnW.exe
  C:\Windows\System\fzUvRnW.exe
  2⤵
  PID:8052
- C:\Windows\System\KjYQNef.exe
  C:\Windows\System\KjYQNef.exe
  2⤵
  PID:8132
- C:\Windows\System\zoLliNU.exe
  C:\Windows\System\zoLliNU.exe
  2⤵
  PID:8136
- C:\Windows\System\snZWPNn.exe
  C:\Windows\System\snZWPNn.exe
  2⤵
  PID:8152
- C:\Windows\System\tRPEVwI.exe
  C:\Windows\System\tRPEVwI.exe
  2⤵
  PID:8184
- C:\Windows\System\GHsjbRX.exe
  C:\Windows\System\GHsjbRX.exe
  2⤵
  PID:6776
- C:\Windows\System\MNnqvxb.exe
  C:\Windows\System\MNnqvxb.exe
  2⤵
  PID:7000
- C:\Windows\System\vPzhNWm.exe
  C:\Windows\System\vPzhNWm.exe
  2⤵
  PID:6904
- C:\Windows\System\imYKewb.exe
  C:\Windows\System\imYKewb.exe
  2⤵
  PID:7180
- C:\Windows\System\VHNhEYn.exe
  C:\Windows\System\VHNhEYn.exe
  2⤵
  PID:6856
- C:\Windows\System\ZrgAQKu.exe
  C:\Windows\System\ZrgAQKu.exe
  2⤵
  PID:6844
- C:\Windows\System\bntohzU.exe
  C:\Windows\System\bntohzU.exe
  2⤵
  PID:2872
- C:\Windows\System\zTZJIdD.exe
  C:\Windows\System\zTZJIdD.exe
  2⤵
  PID:7312
- C:\Windows\System\NGKFdRr.exe
  C:\Windows\System\NGKFdRr.exe
  2⤵
  PID:7372
- C:\Windows\System\PGeYgPr.exe
  C:\Windows\System\PGeYgPr.exe
  2⤵
  PID:7392
- C:\Windows\System\rXgvwbO.exe
  C:\Windows\System\rXgvwbO.exe
  2⤵
  PID:7336
- C:\Windows\System\sFGDsBs.exe
  C:\Windows\System\sFGDsBs.exe
  2⤵
  PID:7352
- C:\Windows\System\fsFWPjO.exe
  C:\Windows\System\fsFWPjO.exe
  2⤵
  PID:8048
- C:\Windows\System\KbVkZVf.exe
  C:\Windows\System\KbVkZVf.exe
  2⤵
  PID:7596
- C:\Windows\System\iFBmCCs.exe
  C:\Windows\System\iFBmCCs.exe
  2⤵
  PID:7748
- C:\Windows\System\JjcKmwP.exe
  C:\Windows\System\JjcKmwP.exe
  2⤵
  PID:7840
- C:\Windows\System\oJgfeyK.exe
  C:\Windows\System\oJgfeyK.exe
  2⤵
  PID:7892
- C:\Windows\System\GMJvvHh.exe
  C:\Windows\System\GMJvvHh.exe
  2⤵
  PID:8012
- C:\Windows\System\PlZeNJR.exe
  C:\Windows\System\PlZeNJR.exe
  2⤵
  PID:8092
- C:\Windows\System\FQyvqQv.exe
  C:\Windows\System\FQyvqQv.exe
  2⤵
  PID:6520
- C:\Windows\System\AFHiusf.exe
  C:\Windows\System\AFHiusf.exe
  2⤵
  PID:6796
- C:\Windows\System\OtlZhbe.exe
  C:\Windows\System\OtlZhbe.exe
  2⤵
  PID:7192
- C:\Windows\System\GcyGuKx.exe
  C:\Windows\System\GcyGuKx.exe
  2⤵
  PID:7436
- C:\Windows\System\SWAnyDL.exe
  C:\Windows\System\SWAnyDL.exe
  2⤵
  PID:7668
- C:\Windows\System\zRgRmiP.exe
  C:\Windows\System\zRgRmiP.exe
  2⤵
  PID:7912
- C:\Windows\System\XwBGqve.exe
  C:\Windows\System\XwBGqve.exe
  2⤵
  PID:7932
- C:\Windows\System\RxpWKkb.exe
  C:\Windows\System\RxpWKkb.exe
  2⤵
  PID:7232
- C:\Windows\System\cMpPbIp.exe
  C:\Windows\System\cMpPbIp.exe
  2⤵
  PID:8084
- C:\Windows\System\zDHQBSn.exe
  C:\Windows\System\zDHQBSn.exe
  2⤵
  PID:8172
- C:\Windows\System\WvqHrhz.exe
  C:\Windows\System\WvqHrhz.exe
  2⤵
  PID:2868
- C:\Windows\System\DzUnrMj.exe
  C:\Windows\System\DzUnrMj.exe
  2⤵
  PID:7516
- C:\Windows\System\rHZSDVk.exe
  C:\Windows\System\rHZSDVk.exe
  2⤵
  PID:7720
- C:\Windows\System\PswNstH.exe
  C:\Windows\System\PswNstH.exe
  2⤵
  PID:2724
- C:\Windows\System\UGBOfay.exe
  C:\Windows\System\UGBOfay.exe
  2⤵
  PID:7856
- C:\Windows\System\oTGQsMS.exe
  C:\Windows\System\oTGQsMS.exe
  2⤵
  PID:8056
- C:\Windows\System\ixZtwyx.exe
  C:\Windows\System\ixZtwyx.exe
  2⤵
  PID:7732
- C:\Windows\System\pbfRixR.exe
  C:\Windows\System\pbfRixR.exe
  2⤵
  PID:7868
- C:\Windows\System\YJWAMgV.exe
  C:\Windows\System\YJWAMgV.exe
  2⤵
  PID:7060
- C:\Windows\System\cyTnplT.exe
  C:\Windows\System\cyTnplT.exe
  2⤵
  PID:7928
- C:\Windows\System\EiQsurY.exe
  C:\Windows\System\EiQsurY.exe
  2⤵
  PID:8168
- C:\Windows\System\duTpolY.exe
  C:\Windows\System\duTpolY.exe
  2⤵
  PID:6452
- C:\Windows\System\GrbqkQI.exe
  C:\Windows\System\GrbqkQI.exe
  2⤵
  PID:7548
- C:\Windows\System\OTWQRTV.exe
  C:\Windows\System\OTWQRTV.exe
  2⤵
  PID:7472
- C:\Windows\System\BnhONTj.exe
  C:\Windows\System\BnhONTj.exe
  2⤵
  PID:6732
- C:\Windows\System\SrREmEd.exe
  C:\Windows\System\SrREmEd.exe
  2⤵
  PID:7956
- C:\Windows\System\JylchVo.exe
  C:\Windows\System\JylchVo.exe
  2⤵
  PID:7760
- C:\Windows\System\UaenMJw.exe
  C:\Windows\System\UaenMJw.exe
  2⤵
  PID:8200
- C:\Windows\System\HfgsgQh.exe
  C:\Windows\System\HfgsgQh.exe
  2⤵
  PID:8216
- C:\Windows\System\gNpspDj.exe
  C:\Windows\System\gNpspDj.exe
  2⤵
  PID:8232
- C:\Windows\System\IsIotJf.exe
  C:\Windows\System\IsIotJf.exe
  2⤵
  PID:8248
- C:\Windows\System\jfgYbYu.exe
  C:\Windows\System\jfgYbYu.exe
  2⤵
  PID:8264
- C:\Windows\System\PgcNZmD.exe
  C:\Windows\System\PgcNZmD.exe
  2⤵
  PID:8280
- C:\Windows\System\ZodcXlC.exe
  C:\Windows\System\ZodcXlC.exe
  2⤵
  PID:8296
- C:\Windows\System\rQiqKMx.exe
  C:\Windows\System\rQiqKMx.exe
  2⤵
  PID:8312
- C:\Windows\System\UzjvyFc.exe
  C:\Windows\System\UzjvyFc.exe
  2⤵
  PID:8328
- C:\Windows\System\kZpjkEA.exe
  C:\Windows\System\kZpjkEA.exe
  2⤵
  PID:8344
- C:\Windows\System\ehZNDUF.exe
  C:\Windows\System\ehZNDUF.exe
  2⤵
  PID:8360
- C:\Windows\System\WOXTrlk.exe
  C:\Windows\System\WOXTrlk.exe
  2⤵
  PID:8376
- C:\Windows\System\TouLslh.exe
  C:\Windows\System\TouLslh.exe
  2⤵
  PID:8392
- C:\Windows\System\PrMOAOx.exe
  C:\Windows\System\PrMOAOx.exe
  2⤵
  PID:8408
- C:\Windows\System\AUUsRgs.exe
  C:\Windows\System\AUUsRgs.exe
  2⤵
  PID:8424
- C:\Windows\System\MKJYlot.exe
  C:\Windows\System\MKJYlot.exe
  2⤵
  PID:8440
- C:\Windows\System\FnEPFJI.exe
  C:\Windows\System\FnEPFJI.exe
  2⤵
  PID:8456
- C:\Windows\System\vqDneKO.exe
  C:\Windows\System\vqDneKO.exe
  2⤵
  PID:8472
- C:\Windows\System\auwYYmQ.exe
  C:\Windows\System\auwYYmQ.exe
  2⤵
  PID:8488
- C:\Windows\System\rDoPpDF.exe
  C:\Windows\System\rDoPpDF.exe
  2⤵
  PID:8504
- C:\Windows\System\IJLiZxd.exe
  C:\Windows\System\IJLiZxd.exe
  2⤵
  PID:8520
- C:\Windows\System\cMmYmbV.exe
  C:\Windows\System\cMmYmbV.exe
  2⤵
  PID:8540
- C:\Windows\System\NpgvafQ.exe
  C:\Windows\System\NpgvafQ.exe
  2⤵
  PID:8556
- C:\Windows\System\VUMFpri.exe
  C:\Windows\System\VUMFpri.exe
  2⤵
  PID:8572
- C:\Windows\System\rOIoFIf.exe
  C:\Windows\System\rOIoFIf.exe
  2⤵
  PID:8588
- C:\Windows\System\tflGZAh.exe
  C:\Windows\System\tflGZAh.exe
  2⤵
  PID:8604
- C:\Windows\System\ONvhaUG.exe
  C:\Windows\System\ONvhaUG.exe
  2⤵
  PID:8620
- C:\Windows\System\uHddpTc.exe
  C:\Windows\System\uHddpTc.exe
  2⤵
  PID:8636
- C:\Windows\System\enStxDY.exe
  C:\Windows\System\enStxDY.exe
  2⤵
  PID:8652
- C:\Windows\System\GUuOkXG.exe
  C:\Windows\System\GUuOkXG.exe
  2⤵
  PID:8668
- C:\Windows\System\AxWsCeg.exe
  C:\Windows\System\AxWsCeg.exe
  2⤵
  PID:8684
- C:\Windows\System\sRDAkhK.exe
  C:\Windows\System\sRDAkhK.exe
  2⤵
  PID:8700
- C:\Windows\System\cPcNfgC.exe
  C:\Windows\System\cPcNfgC.exe
  2⤵
  PID:8716
- C:\Windows\System\eumNdwR.exe
  C:\Windows\System\eumNdwR.exe
  2⤵
  PID:8732
- C:\Windows\System\IPXlxTw.exe
  C:\Windows\System\IPXlxTw.exe
  2⤵
  PID:8748
- C:\Windows\System\bZTEVsi.exe
  C:\Windows\System\bZTEVsi.exe
  2⤵
  PID:8764
- C:\Windows\System\BmXYgsx.exe
  C:\Windows\System\BmXYgsx.exe
  2⤵
  PID:8780
- C:\Windows\System\xuEGuYo.exe
  C:\Windows\System\xuEGuYo.exe
  2⤵
  PID:8796
- C:\Windows\System\faPNRCs.exe
  C:\Windows\System\faPNRCs.exe
  2⤵
  PID:8812
- C:\Windows\System\XFgudIQ.exe
  C:\Windows\System\XFgudIQ.exe
  2⤵
  PID:8828
- C:\Windows\System\IWRVDFq.exe
  C:\Windows\System\IWRVDFq.exe
  2⤵
  PID:8844
- C:\Windows\System\wQyNGyz.exe
  C:\Windows\System\wQyNGyz.exe
  2⤵
  PID:8860
- C:\Windows\System\juGUZgH.exe
  C:\Windows\System\juGUZgH.exe
  2⤵
  PID:8876
- C:\Windows\System\KAXSKdg.exe
  C:\Windows\System\KAXSKdg.exe
  2⤵
  PID:8892
- C:\Windows\System\itCuvcT.exe
  C:\Windows\System\itCuvcT.exe
  2⤵
  PID:8908
- C:\Windows\System\HEOAJjr.exe
  C:\Windows\System\HEOAJjr.exe
  2⤵
  PID:8924
- C:\Windows\System\mCgaMtn.exe
  C:\Windows\System\mCgaMtn.exe
  2⤵
  PID:8940
- C:\Windows\System\cLlDgcD.exe
  C:\Windows\System\cLlDgcD.exe
  2⤵
  PID:8956
- C:\Windows\System\DNvYGvl.exe
  C:\Windows\System\DNvYGvl.exe
  2⤵
  PID:8972
- C:\Windows\System\NiLmKec.exe
  C:\Windows\System\NiLmKec.exe
  2⤵
  PID:8988
- C:\Windows\System\pnMhArM.exe
  C:\Windows\System\pnMhArM.exe
  2⤵
  PID:9004
- C:\Windows\System\wQhJfcf.exe
  C:\Windows\System\wQhJfcf.exe
  2⤵
  PID:9020
- C:\Windows\System\wdCEwAN.exe
  C:\Windows\System\wdCEwAN.exe
  2⤵
  PID:9036
- C:\Windows\System\XZDmwfU.exe
  C:\Windows\System\XZDmwfU.exe
  2⤵
  PID:9052
- C:\Windows\System\dLiDwms.exe
  C:\Windows\System\dLiDwms.exe
  2⤵
  PID:9068
- C:\Windows\System\TyuPmDy.exe
  C:\Windows\System\TyuPmDy.exe
  2⤵
  PID:9084
- C:\Windows\System\GcJAEqQ.exe
  C:\Windows\System\GcJAEqQ.exe
  2⤵
  PID:9100
- C:\Windows\System\NioQybe.exe
  C:\Windows\System\NioQybe.exe
  2⤵
  PID:9116
- C:\Windows\System\PbVybjV.exe
  C:\Windows\System\PbVybjV.exe
  2⤵
  PID:9132
- C:\Windows\System\kOqzFOC.exe
  C:\Windows\System\kOqzFOC.exe
  2⤵
  PID:9148
- C:\Windows\System\vlcTzip.exe
  C:\Windows\System\vlcTzip.exe
  2⤵
  PID:9164
- C:\Windows\System\Bdfygyc.exe
  C:\Windows\System\Bdfygyc.exe
  2⤵
  PID:9180
- C:\Windows\System\ujBUTce.exe
  C:\Windows\System\ujBUTce.exe
  2⤵
  PID:9196
- C:\Windows\System\gWYJhQi.exe
  C:\Windows\System\gWYJhQi.exe
  2⤵
  PID:9212
- C:\Windows\System\xaZfSqn.exe
  C:\Windows\System\xaZfSqn.exe
  2⤵
  PID:8228
- C:\Windows\System\YEPjwAB.exe
  C:\Windows\System\YEPjwAB.exe
  2⤵
  PID:8320
- C:\Windows\System\DTfdMRy.exe
  C:\Windows\System\DTfdMRy.exe
  2⤵
  PID:8352
- C:\Windows\System\mYAOxSn.exe
  C:\Windows\System\mYAOxSn.exe
  2⤵
  PID:8388
- C:\Windows\System\MwOtNAq.exe
  C:\Windows\System\MwOtNAq.exe
  2⤵
  PID:8452
- C:\Windows\System\SLiYWrW.exe
  C:\Windows\System\SLiYWrW.exe
  2⤵
  PID:7280
- C:\Windows\System\DTxbeGM.exe
  C:\Windows\System\DTxbeGM.exe
  2⤵
  PID:8244
- C:\Windows\System\OlMiyaH.exe
  C:\Windows\System\OlMiyaH.exe
  2⤵
  PID:8432
- C:\Windows\System\LUxRxqs.exe
  C:\Windows\System\LUxRxqs.exe
  2⤵
  PID:8272
- C:\Windows\System\lAbDLAv.exe
  C:\Windows\System\lAbDLAv.exe
  2⤵
  PID:8340
- C:\Windows\System\TAItDFj.exe
  C:\Windows\System\TAItDFj.exe
  2⤵
  PID:8404
- C:\Windows\System\dKBzglU.exe
  C:\Windows\System\dKBzglU.exe
  2⤵
  PID:8496
- C:\Windows\System\wTTgeNL.exe
  C:\Windows\System\wTTgeNL.exe
  2⤵
  PID:8512
- C:\Windows\System\bagoNia.exe
  C:\Windows\System\bagoNia.exe
  2⤵
  PID:8532
- C:\Windows\System\VXzkubf.exe
  C:\Windows\System\VXzkubf.exe
  2⤵
  PID:8600
- C:\Windows\System\KxSIMmz.exe
  C:\Windows\System\KxSIMmz.exe
  2⤵
  PID:8580
- C:\Windows\System\hyAjQWH.exe
  C:\Windows\System\hyAjQWH.exe
  2⤵
  PID:8644
- C:\Windows\System\aEiMKXU.exe
  C:\Windows\System\aEiMKXU.exe
  2⤵
  PID:8708
- C:\Windows\System\LpDDLde.exe
  C:\Windows\System\LpDDLde.exe
  2⤵
  PID:8772
- C:\Windows\System\ZkKsTNd.exe
  C:\Windows\System\ZkKsTNd.exe
  2⤵
  PID:8788
- C:\Windows\System\bHitEGJ.exe
  C:\Windows\System\bHitEGJ.exe
  2⤵
  PID:8760
- C:\Windows\System\QkzIOau.exe
  C:\Windows\System\QkzIOau.exe
  2⤵
  PID:8840
- C:\Windows\System\FpndsSs.exe
  C:\Windows\System\FpndsSs.exe
  2⤵
  PID:8904
- C:\Windows\System\Odbfmvj.exe
  C:\Windows\System\Odbfmvj.exe
  2⤵
  PID:8852
- C:\Windows\System\SwsAbSb.exe
  C:\Windows\System\SwsAbSb.exe
  2⤵
  PID:8824
- C:\Windows\System\ITnhpNU.exe
  C:\Windows\System\ITnhpNU.exe
  2⤵
  PID:8964
- C:\Windows\System\doOSXyp.exe
  C:\Windows\System\doOSXyp.exe
  2⤵
  PID:9032
- C:\Windows\System\cjQpOvf.exe
  C:\Windows\System\cjQpOvf.exe
  2⤵
  PID:8980
- C:\Windows\System\XbFaJlC.exe
  C:\Windows\System\XbFaJlC.exe
  2⤵
  PID:9048
- C:\Windows\System\ThhYtxq.exe
  C:\Windows\System\ThhYtxq.exe
  2⤵
  PID:9124
- C:\Windows\System\hJomlfD.exe
  C:\Windows\System\hJomlfD.exe
  2⤵
  PID:9188
- C:\Windows\System\gDrKOju.exe
  C:\Windows\System\gDrKOju.exe
  2⤵
  PID:8288
- C:\Windows\System\tvaBqLG.exe
  C:\Windows\System\tvaBqLG.exe
  2⤵
  PID:8420
- C:\Windows\System\PGWqfjX.exe
  C:\Windows\System\PGWqfjX.exe
  2⤵
  PID:9108
- C:\Windows\System\lxYoAiD.exe
  C:\Windows\System\lxYoAiD.exe
  2⤵
  PID:9140
- C:\Windows\System\iwUMomV.exe
  C:\Windows\System\iwUMomV.exe
  2⤵
  PID:9208
- C:\Windows\System\wzssula.exe
  C:\Windows\System\wzssula.exe
  2⤵
  PID:8384
- C:\Windows\System\cqzHkwQ.exe
  C:\Windows\System\cqzHkwQ.exe
  2⤵
  PID:8400
- C:\Windows\System\tWbMstH.exe
  C:\Windows\System\tWbMstH.exe
  2⤵
  PID:8464
- C:\Windows\System\MyFhMfS.exe
  C:\Windows\System\MyFhMfS.exe
  2⤵
  PID:8336
- C:\Windows\System\lWJNdmR.exe
  C:\Windows\System\lWJNdmR.exe
  2⤵
  PID:8552
- C:\Windows\System\UkHsRna.exe
  C:\Windows\System\UkHsRna.exe
  2⤵
  PID:8612
- C:\Windows\System\hrntzQS.exe
  C:\Windows\System\hrntzQS.exe
  2⤵
  PID:8680
- C:\Windows\System\FhVdzbc.exe
  C:\Windows\System\FhVdzbc.exe
  2⤵
  PID:8696
- C:\Windows\System\clhcbPW.exe
  C:\Windows\System\clhcbPW.exe
  2⤵
  PID:8900
- C:\Windows\System\cCokMfn.exe
  C:\Windows\System\cCokMfn.exe
  2⤵
  PID:9000
- C:\Windows\System\lYSorEN.exe
  C:\Windows\System\lYSorEN.exe
  2⤵
  PID:8884
- C:\Windows\System\bTnUgxu.exe
  C:\Windows\System\bTnUgxu.exe
  2⤵
  PID:8936
- C:\Windows\System\nVmoZWZ.exe
  C:\Windows\System\nVmoZWZ.exe
  2⤵
  PID:9076
- C:\Windows\System\EiCggyM.exe
  C:\Windows\System\EiCggyM.exe
  2⤵
  PID:9092
- C:\Windows\System\trhrbMG.exe
  C:\Windows\System\trhrbMG.exe
  2⤵
  PID:9232
- C:\Windows\System\MUonMnX.exe
  C:\Windows\System\MUonMnX.exe
  2⤵
  PID:9248
- C:\Windows\System\CDLauvR.exe
  C:\Windows\System\CDLauvR.exe
  2⤵
  PID:9264
- C:\Windows\System\HvwvtVu.exe
  C:\Windows\System\HvwvtVu.exe
  2⤵
  PID:9280
- C:\Windows\System\QwRlHnc.exe
  C:\Windows\System\QwRlHnc.exe
  2⤵
  PID:9296
- C:\Windows\System\LYjEuwu.exe
  C:\Windows\System\LYjEuwu.exe
  2⤵
  PID:9312
- C:\Windows\System\uVaeZLg.exe
  C:\Windows\System\uVaeZLg.exe
  2⤵
  PID:9328
- C:\Windows\System\arhxhuB.exe
  C:\Windows\System\arhxhuB.exe
  2⤵
  PID:9344
- C:\Windows\System\iYVwtID.exe
  C:\Windows\System\iYVwtID.exe
  2⤵
  PID:9360
- C:\Windows\System\ZUFvgcO.exe
  C:\Windows\System\ZUFvgcO.exe
  2⤵
  PID:9376
- C:\Windows\System\UoBIZQd.exe
  C:\Windows\System\UoBIZQd.exe
  2⤵
  PID:9392
- C:\Windows\System\YJdmrhn.exe
  C:\Windows\System\YJdmrhn.exe
  2⤵
  PID:9408
- C:\Windows\System\wiIkVhY.exe
  C:\Windows\System\wiIkVhY.exe
  2⤵
  PID:9424
- C:\Windows\System\szNrNeL.exe
  C:\Windows\System\szNrNeL.exe
  2⤵
  PID:9440
- C:\Windows\System\ioLeKzh.exe
  C:\Windows\System\ioLeKzh.exe
  2⤵
  PID:9456
- C:\Windows\System\reEFImZ.exe
  C:\Windows\System\reEFImZ.exe
  2⤵
  PID:9472
- C:\Windows\System\fKHbuqI.exe
  C:\Windows\System\fKHbuqI.exe
  2⤵
  PID:9488
- C:\Windows\System\TOMseMF.exe
  C:\Windows\System\TOMseMF.exe
  2⤵
  PID:9504
- C:\Windows\System\peGkmLj.exe
  C:\Windows\System\peGkmLj.exe
  2⤵
  PID:9520
- C:\Windows\System\dppllhj.exe
  C:\Windows\System\dppllhj.exe
  2⤵
  PID:9536
- C:\Windows\System\ZFxuHIU.exe
  C:\Windows\System\ZFxuHIU.exe
  2⤵
  PID:9552
- C:\Windows\System\GmIndmZ.exe
  C:\Windows\System\GmIndmZ.exe
  2⤵
  PID:9568
- C:\Windows\System\NMGOmCu.exe
  C:\Windows\System\NMGOmCu.exe
  2⤵
  PID:9584
- C:\Windows\System\vUPJuDz.exe
  C:\Windows\System\vUPJuDz.exe
  2⤵
  PID:9600
- C:\Windows\System\dbSrbJA.exe
  C:\Windows\System\dbSrbJA.exe
  2⤵
  PID:9616
- C:\Windows\System\cxHylSR.exe
  C:\Windows\System\cxHylSR.exe
  2⤵
  PID:9632
- C:\Windows\System\XpAqMHN.exe
  C:\Windows\System\XpAqMHN.exe
  2⤵
  PID:9648
- C:\Windows\System\hjkKnCd.exe
  C:\Windows\System\hjkKnCd.exe
  2⤵
  PID:9664
- C:\Windows\System\ekvHUfE.exe
  C:\Windows\System\ekvHUfE.exe
  2⤵
  PID:9680
- C:\Windows\System\mosGpTc.exe
  C:\Windows\System\mosGpTc.exe
  2⤵
  PID:9696
- C:\Windows\System\kgrDhXs.exe
  C:\Windows\System\kgrDhXs.exe
  2⤵
  PID:9712
- C:\Windows\System\RCXPyua.exe
  C:\Windows\System\RCXPyua.exe
  2⤵
  PID:9728
- C:\Windows\System\FFrwGfA.exe
  C:\Windows\System\FFrwGfA.exe
  2⤵
  PID:9744
- C:\Windows\System\NfEwGUI.exe
  C:\Windows\System\NfEwGUI.exe
  2⤵
  PID:9760
- C:\Windows\System\LRaySHx.exe
  C:\Windows\System\LRaySHx.exe
  2⤵
  PID:9776
- C:\Windows\System\LkBlEHs.exe
  C:\Windows\System\LkBlEHs.exe
  2⤵
  PID:9792
- C:\Windows\System\vgVPQde.exe
  C:\Windows\System\vgVPQde.exe
  2⤵
  PID:9808
- C:\Windows\System\lAPLNxM.exe
  C:\Windows\System\lAPLNxM.exe
  2⤵
  PID:9824
- C:\Windows\System\UcwnKwi.exe
  C:\Windows\System\UcwnKwi.exe
  2⤵
  PID:9840
- C:\Windows\System\kUENQWb.exe
  C:\Windows\System\kUENQWb.exe
  2⤵
  PID:9856
- C:\Windows\System\oYXFaal.exe
  C:\Windows\System\oYXFaal.exe
  2⤵
  PID:9872
- C:\Windows\System\NazVdgw.exe
  C:\Windows\System\NazVdgw.exe
  2⤵
  PID:9888
- C:\Windows\System\tIzHQes.exe
  C:\Windows\System\tIzHQes.exe
  2⤵
  PID:9904
- C:\Windows\System\UtBqrUE.exe
  C:\Windows\System\UtBqrUE.exe
  2⤵
  PID:9920
- C:\Windows\System\yPizhgR.exe
  C:\Windows\System\yPizhgR.exe
  2⤵
  PID:9936
- C:\Windows\System\hqZFHxC.exe
  C:\Windows\System\hqZFHxC.exe
  2⤵
  PID:9952
- C:\Windows\System\AXFMKSZ.exe
  C:\Windows\System\AXFMKSZ.exe
  2⤵
  PID:9968
- C:\Windows\System\iWtQsFt.exe
  C:\Windows\System\iWtQsFt.exe
  2⤵
  PID:9984
- C:\Windows\System\EAzlFIW.exe
  C:\Windows\System\EAzlFIW.exe
  2⤵
  PID:10000
- C:\Windows\System\RyCUDga.exe
  C:\Windows\System\RyCUDga.exe
  2⤵
  PID:10016
- C:\Windows\System\IlUxKtb.exe
  C:\Windows\System\IlUxKtb.exe
  2⤵
  PID:10032
- C:\Windows\System\GVBNPoW.exe
  C:\Windows\System\GVBNPoW.exe
  2⤵
  PID:10048
- C:\Windows\System\KhvnBBs.exe
  C:\Windows\System\KhvnBBs.exe
  2⤵
  PID:10064
- C:\Windows\System\DIwtXdz.exe
  C:\Windows\System\DIwtXdz.exe
  2⤵
  PID:10080
- C:\Windows\System\EhJIEnW.exe
  C:\Windows\System\EhJIEnW.exe
  2⤵
  PID:10096
- C:\Windows\System\IcqkHTW.exe
  C:\Windows\System\IcqkHTW.exe
  2⤵
  PID:10112
- C:\Windows\System\YFtXsLm.exe
  C:\Windows\System\YFtXsLm.exe
  2⤵
  PID:10128
- C:\Windows\System\eKLRByz.exe
  C:\Windows\System\eKLRByz.exe
  2⤵
  PID:10144
- C:\Windows\System\fbarmkP.exe
  C:\Windows\System\fbarmkP.exe
  2⤵
  PID:10160
- C:\Windows\System\smiXAbJ.exe
  C:\Windows\System\smiXAbJ.exe
  2⤵
  PID:10176
- C:\Windows\System\nNslcsp.exe
  C:\Windows\System\nNslcsp.exe
  2⤵
  PID:10192
- C:\Windows\System\ntKfTJG.exe
  C:\Windows\System\ntKfTJG.exe
  2⤵
  PID:10208
- C:\Windows\System\VUWUORz.exe
  C:\Windows\System\VUWUORz.exe
  2⤵
  PID:10224
- C:\Windows\System\JPUkVok.exe
  C:\Windows\System\JPUkVok.exe
  2⤵
  PID:7216
- C:\Windows\System\WfNqRoE.exe
  C:\Windows\System\WfNqRoE.exe
  2⤵
  PID:8660
- C:\Windows\System\OOcpCSp.exe
  C:\Windows\System\OOcpCSp.exe
  2⤵
  PID:8804
- C:\Windows\System\UWnCwNJ.exe
  C:\Windows\System\UWnCwNJ.exe
  2⤵
  PID:9224
- C:\Windows\System\mfKPzcl.exe
  C:\Windows\System\mfKPzcl.exe
  2⤵
  PID:9288
- C:\Windows\System\SJcbPpD.exe
  C:\Windows\System\SJcbPpD.exe
  2⤵
  PID:9044
- C:\Windows\System\UbXHdPv.exe
  C:\Windows\System\UbXHdPv.exe
  2⤵
  PID:8484
- C:\Windows\System\ygMfGuZ.exe
  C:\Windows\System\ygMfGuZ.exe
  2⤵
  PID:9204
- C:\Windows\System\RgQgIwc.exe
  C:\Windows\System\RgQgIwc.exe
  2⤵
  PID:8240
- C:\Windows\System\amnYiUs.exe
  C:\Windows\System\amnYiUs.exe
  2⤵
  PID:8308
- C:\Windows\System\aIpbbPw.exe
  C:\Windows\System\aIpbbPw.exe
  2⤵
  PID:8916
- C:\Windows\System\uXzPWIJ.exe
  C:\Windows\System\uXzPWIJ.exe
  2⤵
  PID:6956
- C:\Windows\System\iFTSQMw.exe
  C:\Windows\System\iFTSQMw.exe
  2⤵
  PID:9336
- C:\Windows\System\ioULwyV.exe
  C:\Windows\System\ioULwyV.exe
  2⤵
  PID:9324
- C:\Windows\System\BlMfIbZ.exe
  C:\Windows\System\BlMfIbZ.exe
  2⤵
  PID:9404
- C:\Windows\System\VYCduAE.exe
  C:\Windows\System\VYCduAE.exe
  2⤵
  PID:9420
- C:\Windows\System\itEnDDt.exe
  C:\Windows\System\itEnDDt.exe
  2⤵
  PID:9468
- C:\Windows\System\UlRzPpr.exe
  C:\Windows\System\UlRzPpr.exe
  2⤵
  PID:9484
- C:\Windows\System\XHAaUKB.exe
  C:\Windows\System\XHAaUKB.exe
  2⤵
  PID:9548
- C:\Windows\System\gYIonQU.exe
  C:\Windows\System\gYIonQU.exe
  2⤵
  PID:9608
- C:\Windows\System\vhYPEsq.exe
  C:\Windows\System\vhYPEsq.exe
  2⤵
  PID:9532
- C:\Windows\System\udFQYOq.exe
  C:\Windows\System\udFQYOq.exe
  2⤵
  PID:9560
- C:\Windows\System\rIiePWa.exe
  C:\Windows\System\rIiePWa.exe
  2⤵
  PID:9720
- C:\Windows\System\GCYnDMO.exe
  C:\Windows\System\GCYnDMO.exe
  2⤵
  PID:9704
- C:\Windows\System\OVhsbcT.exe
  C:\Windows\System\OVhsbcT.exe
  2⤵
  PID:9628
- C:\Windows\System\pMxCybS.exe
  C:\Windows\System\pMxCybS.exe
  2⤵
  PID:9724
- C:\Windows\System\hLtFQzB.exe
  C:\Windows\System\hLtFQzB.exe
  2⤵
  PID:9804
- C:\Windows\System\axCWccv.exe
  C:\Windows\System\axCWccv.exe
  2⤵
  PID:9868
- C:\Windows\System\XLkEuCT.exe
  C:\Windows\System\XLkEuCT.exe
  2⤵
  PID:9900
- C:\Windows\System\BsvmzrA.exe
  C:\Windows\System\BsvmzrA.exe
  2⤵
  PID:9964
- C:\Windows\System\TXNCSaK.exe
  C:\Windows\System\TXNCSaK.exe
  2⤵
  PID:9816
- C:\Windows\System\yIDjyUH.exe
  C:\Windows\System\yIDjyUH.exe
  2⤵
  PID:10060
- C:\Windows\System\eVqbskg.exe
  C:\Windows\System\eVqbskg.exe
  2⤵
  PID:10124
- C:\Windows\System\IxyaEoW.exe
  C:\Windows\System\IxyaEoW.exe
  2⤵
  PID:10216
- C:\Windows\System\ZZafrMF.exe
  C:\Windows\System\ZZafrMF.exe
  2⤵
  PID:9848
- C:\Windows\System\YlJVjVB.exe
  C:\Windows\System\YlJVjVB.exe
  2⤵
  PID:9912
- C:\Windows\System\ClLdDAU.exe
  C:\Windows\System\ClLdDAU.exe
  2⤵
  PID:9976
- C:\Windows\System\xelANiR.exe
  C:\Windows\System\xelANiR.exe
  2⤵
  PID:10040
- C:\Windows\System\sDiQUaF.exe
  C:\Windows\System\sDiQUaF.exe
  2⤵
  PID:10108
- C:\Windows\System\xrUuaSO.exe
  C:\Windows\System\xrUuaSO.exe
  2⤵
  PID:10204
- C:\Windows\System\tOyaOAa.exe
  C:\Windows\System\tOyaOAa.exe
  2⤵
  PID:9160
- C:\Windows\System\FciWodE.exe
  C:\Windows\System\FciWodE.exe
  2⤵
  PID:9080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DlgVOaF.exe

Filesize
6.0MB

MD5
e1d35868468d010c45375059faaae2a1

SHA1
99626029b3ff16294839d0a3fd01c7c1985729a4

SHA256
c0974ba9c744fbe484bfb0a5a01dca42297c220730e50c9f09d3f27c8bb2ce3a

SHA512
0fac98562ed37fdadcb858481db6227e6584ef14e092b4cae05663110203fc3c4325c0f5b07e49da3386a6b544b33cd6b4fbf2d17452dd964435773838223b6a

Download Submit
C:\Windows\system\HOOYhOk.exe

Filesize
6.0MB

MD5
4b8d21ef2421f0c896e786f678806689

SHA1
e3c3ef6d1e81b4e466fec5554c0fc0cf740ca62d

SHA256
4df21f7dd35462ac7c004b7e2134d34d9b4a8ff1f6be8bc791b08e635f8bcc04

SHA512
1d08540cd807d4ab18b277118839072070bfbc27c61acdd303a6d4ab429ab9b4fab90616b9bbdc678fbb6899541fe025a36b41a23e154664d2921ab9eea4955c

Download Submit
C:\Windows\system\IqIyGrY.exe

Filesize
6.0MB

MD5
66401d278ea6e6f5b746f14c73a1c72e

SHA1
b986f7f4fca2c4c3ff1482298750a09e064179df

SHA256
c3f47b8186a03c94f459282126b5e035408795236c685be335716739fbca434f

SHA512
d0b047b065071a45ac846e93e16a2d1c6634df3f5a67c5810ce39d9d6050e7d2eb54126bfdfa04d48e50a60cfc584c1fa7089087727681fe0dc188dde71bcaed

Download Submit
C:\Windows\system\LoDWdqo.exe

Filesize
6.0MB

MD5
5f7aaeb7178a6c9334dce82b6f919118

SHA1
f278c66d8c12a1aac7cc6268485ae017acb4ea31

SHA256
8610b2a95af9d8529e2c20df528bbf3b27c9dd8bc1186c59145888a22e0c8813

SHA512
072a1fdd1f21a1b79653dd6af7b118dc3192564e4de2da3c1b1a5ce46412b7f9ca6807ac32c2d0e06698a7e3a1510c2808d0ac6b0244f094cbff46895afbcf5c

Download Submit
C:\Windows\system\MjKrBfK.exe

Filesize
6.0MB

MD5
b380a8254f76c86956212ff971c1f9f0

SHA1
dfd5a787132d92ad0eaf0ac0ab74b68e15b7062f

SHA256
ce5fcbc8bd491192a4f0c6bcae875175ef7116cece696d2ebaaffa7074adba5e

SHA512
0feee1f547c3cb96325bbd36738f6d942cf3b5965c095d775d9895e688835244158bb8740455acedee12cd192d5a8fe35d950803bd613ec71923984fdaf0b883

Download Submit
C:\Windows\system\NDWvlUF.exe

Filesize
6.0MB

MD5
d495146a31c258adeb29a97fa18645b5

SHA1
89800fbcbec58abc7940ee629f839698b2ef7ca9

SHA256
32c0c69a8470bddc05245588578443c3d23eb58f4a43706ad9ac08a47fdc1f94

SHA512
f49dfde7165acc7039cc6307f3264306b2f31b40a59ac009336c0b056adb8c80145b0a21d421bc52d5aff5d17d9abead70af75efb7ddd1010acf924ae4579e8c

Download Submit
C:\Windows\system\PLVrvcV.exe

Filesize
6.0MB

MD5
2ac55bb42bc51c32144450a518b9424e

SHA1
70e517d35a1758774cf1e8b88be6f128975f10c5

SHA256
4c180cbb6feb2fc129244c670ced4a1a1c77df2a8e8398d1aa6d15a10bfdfdc1

SHA512
b52c2a8f2c318b16b00bf7ef58aa108ea33a1e45c9e90b261a55eaef11806ad096c52bd6e1a3a2bbcd251bd2f93ef9ff7fd104ee52d0463cbce2ae441533e3d5

Download Submit
C:\Windows\system\PLmwQlr.exe

Filesize
6.0MB

MD5
10c69e06c69aad74c3c928fbb11b20b3

SHA1
acbeb0c99a94ced7de7962be0c20a3df6e2e8701

SHA256
6a44152cf93933f1c891867feee819a50baaa2e2a468f639bad6d1956d13e0eb

SHA512
47f3f3468e9bcb753887880aac3db527d7f5147dfee484fabf89fcc3c7b65bbd25eb000ca28284ba79109c39e48325f7ea91d68b1e36d0a76631b9533def18d9

Download Submit
C:\Windows\system\QNdEsre.exe

Filesize
6.0MB

MD5
5ed81df1506efc75d1d26c596bc37353

SHA1
ac95306531499c06eaeda5934da48cfe9bbbb793

SHA256
f4219ab727c16fe689f9a1be3413111285eb1b1b1a6db2b16317a23795668e0c

SHA512
5c785ad66b839384838344c654a51cd19357db8a38d8697635c6812bf85e49d1aa04eb06fc8ce0bdc8d28f8ad67d0a69fd156a821c5cda18bafab275de1bd2cc

Download Submit
C:\Windows\system\QNgmuGN.exe

Filesize
6.0MB

MD5
b6519494ff8c36268385cce41350bd3b

SHA1
336ea8c96aa84060ae090d4acf041cf0e727df08

SHA256
57bf861a1d9583126978bebdc7b066fc29bc81dd7ff6c79b87d5b4b7c176ab91

SHA512
1cc8a03e3c39331c3509e81c7ac93c0ac6c3b0be981a12690f969174588963081fe0ec1cec639232651383c1ba3430e4d2f3e3a8e2b44de0b071c56d9b139aba

Download Submit
C:\Windows\system\QrQQAKI.exe

Filesize
6.0MB

MD5
58cb43f7a1dcea1f1fd65defd44635ad

SHA1
eb3d22efe8240822f6f8c94258fb19f9ee5e48d5

SHA256
75df68494fdd4fcd2c2a26fe5bbef73884b76763ba6a0c13fb1020dc5636e387

SHA512
9e27e6a7083db87472ddd8e882afac8c862cd152110ddd89759fe82da747fe7f8d2881324122d596c1b28eb7065d2d47f91bf1b045d3abd3f2186b7d6fe33ffd

Download Submit
C:\Windows\system\RjHqzdR.exe

Filesize
6.0MB

MD5
449f89bf8a2f50805b34e6762a64f1da

SHA1
575428a817d24918a6a2c02e710745adfab0180f

SHA256
3970847d8686bfb36b5b5c40acc13f325d07c7b03befd03fa3c16d04e9c8257c

SHA512
7a8d92ba71d703e2459cee8ed8e149df9e18fa8f1907e43b1b7e0ba07a8947c62a69933557686d595a24b3558d27aa19ea426dc3b627bcd082fb54ec5be136c1

Download Submit
C:\Windows\system\TWLfaOr.exe

Filesize
6.0MB

MD5
a028d6c55bee5d73ad22228f45cc05dc

SHA1
7770b27a59cc5ebea34b73347b92a748e614cb48

SHA256
d2d5616aa1d91efe47d51ed3fcec4d5d426ca5c2ba5544fa7f90cae47a4fec32

SHA512
42ab3eccfac353dcfd9cda88e2585a9f0ea74bea58be8f2c4b11073c5309362301f1caf17051a4a754c92d04fc6c11f1d4ae0f39569696d1f4d498aaf33001f5

Download Submit
C:\Windows\system\TrdKVKn.exe

Filesize
6.0MB

MD5
cf73810025eb2a133ff22172fe600889

SHA1
3b0cd358193153c53f49fa6d37eb3f06a3a918dc

SHA256
09c7ee74c498645bb70a52f97eb27f76db0b35455c57059858506ac2131c99cb

SHA512
d0718b3c88dd25614f313ba21790c802170dc3cd15ca0407937aafb7cde477fc30a2aa43a28ac1f6f0a6ec7a6f06cf17b2b9da148ff55872e28551b998cd0f93

Download Submit
C:\Windows\system\WWXmwkC.exe

Filesize
6.0MB

MD5
12d6306f253159d39e900441c9d2deb6

SHA1
a0fae4301b2bf276525af1046dbdfb9b0e1c95e8

SHA256
a6cd883116c0f00ffd607b32c37f36897e4cea58cb025bc9cc270106245786d3

SHA512
7388af7f9e30403cabe6cf648ebe751ba899e54464cb956b1e89eb4b42dcc5821a04723b28f380322e0b8eb7ee88b082466f67281b7b2a5a419019ffa5c68248

Download Submit
C:\Windows\system\XZFODww.exe

Filesize
6.0MB

MD5
12086cfc4fe025f77ca661b5acff72d3

SHA1
0b8f0cbe09266807c9f643a141419dffb6b6e6da

SHA256
b90e2a2c1a7aca43dac7fb19c5e906acf3ee217f6f218b9b2b2df035e50a1299

SHA512
e896ccdebc5560e816f06fd2e4865b96d3e09d07af73925fb353e28034067ecde86506ea91d779b4f9fbaee93197c220f99356d2c0897c55af1e98bee281bf2d

Download Submit
C:\Windows\system\XvunKpU.exe

Filesize
6.0MB

MD5
af8ffc73d7a1432a11d07d846505e465

SHA1
635e034955995f03748cb8d2c2c555858a9744a3

SHA256
3b3ab5bd5c0137f63e978d06757691ed2897300899813f6f5ed3c0c114126d8f

SHA512
a43d28147f313233bd6614a3f9351c26e83b5ff693aa85f530b988e222dce04802be89dbf090a07a70163870ce12c971ecb0238cb0a8cedb09f6686a3e75fc02

Download Submit
C:\Windows\system\fpXmxRe.exe

Filesize
6.0MB

MD5
c6cc6e121fc01a6ae193b5cdbfeb5d80

SHA1
19ee3a838ce4084359fd1f2c95c481effb8a6764

SHA256
c7c031167b4179fa1b9eadc2621b4191da5b4ac30f138c9e74e5429d83ee1ca1

SHA512
60f4970d363865fcc54291b8836f5fb4c8ce1663fb555915b57c80f3137fff41141d1dde01f7a00e80ea48ddf7a2068de06d573c05d7e68ed8910679919dd4c9

Download Submit
C:\Windows\system\hzXFTDR.exe

Filesize
6.0MB

MD5
56f17ba29ebfa15d5c1662b366d2d538

SHA1
caf2fb981a6c4237885838203b8521dc9784ba8b

SHA256
c6a29ccb9d656efa67f11ba0dbc76796259745d8c48543885acc23aa5aa21bdb

SHA512
b3dc1cdf86e46f2e769948a9028ebe149d849817f83a781803866dc738fb3e29573a2059b5d87179987a9cc6d257dc1a95b7387a56e3a0435a8c2cb4fa9f0189

Download Submit
C:\Windows\system\iRlSmHr.exe

Filesize
6.0MB

MD5
b5b0d2e5c59f083f89dbf42fd4c20417

SHA1
faf8e9058d94077fe643458891c6f72f73ef805d

SHA256
e77211774be0c40c63696aaf600b7e801228aea4e899d682a4060b4058680f7f

SHA512
c98e9641766bdeb27e1d4c4de5fb31db2b820f2412ff8f4b7a46144753465041b8e2102692f56a970c0fb72f3fa00cdb042c3e11d2096778ce6c69b5b510241b

Download Submit
C:\Windows\system\lVFizGl.exe

Filesize
6.0MB

MD5
06926823eca293d41f33583d75be60e0

SHA1
b1ddb5a735ed47f027678476dea246850cf697b9

SHA256
e4ff2e81828544b4e504bec31db43ab063bfe7fa02358d57ffde37b799945438

SHA512
b6c0467f7a8b38d495879fd1d8348f60b9cb8112a182e6bef0db0d3ecf9880dba07a3e7c6bd58e77fce54fa92f61ca3f1e1c68f3d797d63aaf12db5bf1ccb374

Download Submit
C:\Windows\system\lkufQWI.exe

Filesize
6.0MB

MD5
f477ce61df41dda14b353bc83b753c03

SHA1
bce889c43f4fd9c1db3815d723f07139bc486f5b

SHA256
336f1504be6b15d15c79c5c9b4d849b7a498d42acc985ae46c5dce9894ac598a

SHA512
747850984011c2b081f7685c01d7c2e72a6fa2d6a29e4e8ba9b2e0f576ee0c4712293c6e5248c6c795bfc16779adaed03fb6c51468ffae89ebe48c8a3f930317

Download Submit
C:\Windows\system\ovoHmea.exe

Filesize
6.0MB

MD5
dea737e81860fe1ce5fcd8f39719b50c

SHA1
15673c3f5b49f362338b7c2328c317698c35e84f

SHA256
5d308e3d7359533654f77f6bbc31eb19d39cb7c19434b018afff4e2984bd0bdb

SHA512
cb1388a2a14b4a9210d2aafff49722643d033770984faf46cc02a18ce9cec87ce31b4c22e0082913b24faccc045187ece2832e84804202630ea35b95ef76450d

Download Submit
C:\Windows\system\rjkdWeo.exe

Filesize
6.0MB

MD5
e4e28fcbf13dd027377800b51104d9a6

SHA1
995380c818e17a1ad886e60ee6e0687d79489f57

SHA256
70d054469f3cd76cd20bd97449b9d18adcc399471de05ba58e234b5e81fab8ac

SHA512
83a7892d6bafd6388d5cb73255942b9a261783e4477cd814bc624bd10f9653f690db36d759280f84fa408755d373d7bdcfc5ae40e11053eafaf530d5b694aa5e

Download Submit
C:\Windows\system\vrisjto.exe

Filesize
6.0MB

MD5
c10c3f406d910ab750de34415dc138c9

SHA1
36897dfe29ab21b9ec5a1fa1ae786ef84346901b

SHA256
b29bce4b9b5dd41f53fc28582c95957a48e1eed3a0a9b11b09de142eee50ed7b

SHA512
932061deb5ef7278c85ef911fecb1adaf765f8601a27238b45a5accedafb28a84bebab00c6ebf14c73c66b8c23132af1bd3b5ca1cf7356775a2794967cd539ec

Download Submit
C:\Windows\system\xueeDRp.exe

Filesize
6.0MB

MD5
75561323f43cf71b4fe00415f7bf9f40

SHA1
f6e10ee4e69d09084a190f27bc8190be94426d14

SHA256
7fe55a0b125e91d79200f187cec5dd810d4d6cbc8e3a7d840ec9f2aeec541776

SHA512
c26ae640c2351f957707af31bf70421abfaa0afb05ff93f51e792c9a359860b125da1406796060050c6c6ce4a2d75ba6aecc08664607568c9c98d63000bfbedd

Download Submit
C:\Windows\system\zOKQhTI.exe

Filesize
6.0MB

MD5
eda4a5e478e609b285cc84b5b17a14b6

SHA1
9a87284eca9dcb87e0c608cf359583120822ffeb

SHA256
1168d08ffed76769f1d73992831c373e3c1b9cc69335ee387d0b99b32af55ca5

SHA512
c26afa6010eff84516d80b1b9f72bb2bf943852521387894a0a6789399b10bab90971a0450db01649fbf85deb12b55968054ba6c68255d2fbcfe04fb0154b97f

Download Submit
C:\Windows\system\zdZRgdN.exe

Filesize
6.0MB

MD5
e516174bd67a1f0d8e5f7d7318349364

SHA1
384145630b8904eddefe7b6b40f72f0a55921676

SHA256
e9382c51d001d26664c692e64a1b3a080626baab0cd3e3c678b55293c408078f

SHA512
8a79f9b4f9d5c31cfe0a1385955ae180ee960f46840dd76a921757dfab4c8c72b7a39be1980cf15dd5317f3025e4c3434564572244f1cd685d41547b93c8f942

Download Submit
\Windows\system\dUkUsmN.exe

Filesize
6.0MB

MD5
3f07d83712b83ad892f817faeb0cfb7c

SHA1
4dbf11d9f2771efd5a1689c2a3eae7906bffed18

SHA256
b74191aadeed572c68093e04b625c38eff38fe31c27ecb9c56a3aa2e094c52db

SHA512
f3ffd3dad51e1220b47c0a3fed974bb33d71b71fe7ba29881961ef0f6b3b21c02afd1b4e8eca27cf8162207057af0940a83c6b2682d301f9c40055105b4f0c6b

Download Submit
\Windows\system\fFhBGVB.exe

Filesize
6.0MB

MD5
6d7574a89aece3a4f9715bdfb9328ccf

SHA1
5743e5e2a3ff34a88eb9dbb96c260048f4c12fa4

SHA256
63317f5379ded7d6d2155a1cc684f24fc8b41d788507af73aebccd6dc9b934f7

SHA512
86685bfc885820ada85da165058dab1e9065c000846aa1daf2f7bf13309546edba47ca35be67616054e7eaaf86536ecf07ddf007a44507e0339c7dbff1ba1470

Download Submit
\Windows\system\gZkJbGn.exe

Filesize
6.0MB

MD5
d55840f480f79ffad320e64097528749

SHA1
0993052fd6512838b776bbdb52120a3dfdfb333b

SHA256
3c22628321b10278be035654abb8eef55bd559706c4cc2f044da939d337e822a

SHA512
1ca7c7cf6e1b7a2626de2aee305271e5957e4a2936caa5d51b7e5c8bd16529aed8a14cb0df7b4436103f043e56a7d384eb095ded6812d8f6adfe45e4dd9e93a5

Download Submit
\Windows\system\hLYTHjs.exe

Filesize
6.0MB

MD5
d8635e071517255ca1d01232d25250b2

SHA1
d2f56244f329b1adb01fc3a2fe0ce7d64688c173

SHA256
a3383a7fa9c6b149e0a44d88d917ff8e54cff33672f6543dac1befc9a766a137

SHA512
2769943859cc6d887b9c3ad68407780bf3b0bc0d671865d4978229639901fa22b231bb1e854b00d0f9be947d341c1ec07b3c68335d77fb66d5316388f7077cf2

Download Submit
memory/1880-4002-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/1880-20-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/1940-49-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-3999-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-4212-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-949-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-92-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-68-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-4211-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-15-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-55-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-29-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2264-93-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-91-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-40-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-34-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2264-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2264-80-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-48-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-73-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-101-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-0-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-1220-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-61-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-745-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2264-63-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-201-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-4213-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-479-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-81-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-4031-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-74-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-4208-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2600-67-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2656-62-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4025-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2700-64-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2700-4001-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2700-31-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2708-35-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2708-4000-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2748-41-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-4036-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-75-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-4039-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2796-21-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2880-19-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2880-4003-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/3064-4030-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/3064-86-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/3064-748-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download