cobaltstrike | cbd9a1475e87b2dfbc7a2a1774dd2fcbba3810303a88cb16d1b1da2fd9c9ceef

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-09-2024 08:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

9aac8529d16642a11843ee1f2266ee60
SHA1

e1733a8fd0df02f9d34a45d4b15d6aaf444cbaae
SHA256

cbd9a1475e87b2dfbc7a2a1774dd2fcbba3810303a88cb16d1b1da2fd9c9ceef
SHA512

aa915d2ff3a45f15a356c5d30a92f5b645d9f72a3d7cbdb7f2ca8a413d957182f6b62db213db28621558b8857e7aee37e8f464846d2781466b4fbd2710cff9b9
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUP:T+q56utgpPF8u/7P

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000144c9-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014510-11.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000145c0-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014742-33.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000146f9-41.dat	cobalt_reflective_dll
behavioral1/files/0x003000000001435e-52.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015ccf-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015cfd-92.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015d31-107.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015da1-135.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016141-167.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000160da-163.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015fa6-159.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015f4e-155.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015f38-151.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015e4f-147.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015df1-143.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015dac-139.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015d99-131.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015d90-127.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015d88-123.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015d80-119.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015d60-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015d48-111.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015d15-103.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015d0a-99.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015ce4-87.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015cb9-74.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000156b8-69.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000014a1d-63.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001487c-49.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2960-0-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/memory/2528-8-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/files/0x00080000000144c9-9.dat	xmrig
behavioral1/memory/2636-13-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x0008000000014510-11.dat	xmrig
behavioral1/memory/2696-20-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2960-18-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x00080000000145c0-21.dat	xmrig
behavioral1/files/0x0007000000014742-33.dat	xmrig
behavioral1/files/0x00070000000146f9-41.dat	xmrig
behavioral1/memory/2528-42-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2452-43-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x003000000001435e-52.dat	xmrig
behavioral1/memory/2984-58-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/3000-65-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x0006000000015ccf-80.dat	xmrig
behavioral1/files/0x0006000000015cfd-92.dat	xmrig
behavioral1/files/0x0006000000015d31-107.dat	xmrig
behavioral1/files/0x0006000000015da1-135.dat	xmrig
behavioral1/files/0x0006000000016141-167.dat	xmrig
behavioral1/files/0x00060000000160da-163.dat	xmrig
behavioral1/files/0x0006000000015fa6-159.dat	xmrig
behavioral1/files/0x0006000000015f4e-155.dat	xmrig
behavioral1/files/0x0006000000015f38-151.dat	xmrig
behavioral1/files/0x0006000000015e4f-147.dat	xmrig
behavioral1/files/0x0006000000015df1-143.dat	xmrig
behavioral1/files/0x0006000000015dac-139.dat	xmrig
behavioral1/files/0x0006000000015d99-131.dat	xmrig
behavioral1/files/0x0006000000015d90-127.dat	xmrig
behavioral1/files/0x0006000000015d88-123.dat	xmrig
behavioral1/files/0x0006000000015d80-119.dat	xmrig
behavioral1/files/0x0006000000015d60-115.dat	xmrig
behavioral1/files/0x0006000000015d48-111.dat	xmrig
behavioral1/files/0x0006000000015d15-103.dat	xmrig
behavioral1/files/0x0006000000015d0a-99.dat	xmrig
behavioral1/memory/2596-93-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x0006000000015ce4-87.dat	xmrig
behavioral1/memory/936-81-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/1300-75-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x0006000000015cb9-74.dat	xmrig
behavioral1/files/0x00080000000156b8-69.dat	xmrig
behavioral1/memory/2960-67-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2424-64-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x0009000000014a1d-63.dat	xmrig
behavioral1/memory/2960-60-0x0000000002470000-0x00000000027C4000-memory.dmp	xmrig
behavioral1/memory/2696-53-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2448-51-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2636-50-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x000700000001487c-49.dat	xmrig
behavioral1/memory/2584-40-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2960-37-0x0000000002470000-0x00000000027C4000-memory.dmp	xmrig
behavioral1/memory/2960-34-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2424-26-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2636-3606-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2528-3615-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2584-4174-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2984-4175-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/476-4176-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/936-4177-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2596-4178-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2448-4179-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2452-4180-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/1300-4181-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2528	gZkjNcv.exe
2636	RSFwCiv.exe
2696	CJPeEdj.exe
2424	HnnNYep.exe
2584	kiHgQKq.exe
2452	dFkrjJR.exe
2448	LIctoaW.exe
2984	csUoxZm.exe
3000	stvYUkQ.exe
476	eECBtYd.exe
1300	xCupxuS.exe
936	MAGpzMt.exe
556	JcXYoqw.exe
2596	wTQMXoI.exe
2772	zNsRCeI.exe
2828	fDTwEVt.exe
1924	DaSShJn.exe
2864	PyilWcs.exe
1440	GAcBWMO.exe
1992	ocnsOwh.exe
2484	acyWizG.exe
1656	BKHuqFQ.exe
804	GDtRbcT.exe
2676	rEODnMX.exe
2652	WChTNIO.exe
1624	WydXJFY.exe
1884	KAeptSZ.exe
1860	ALtOrJU.exe
1684	mTKFsKE.exe
3024	JiXTnpb.exe
2968	UWtRUJL.exe
2188	EKcqYBn.exe
2284	dLxqIrp.exe
2916	dicPcWY.exe
2264	ATBVNVF.exe
2124	AQiVLZT.exe
2196	BKybGMm.exe
1108	wRnznPz.exe
2352	ZTkkzAJ.exe
1160	BiZVYMi.exe
408	eMcNEan.exe
1144	kzROtwV.exe
2280	auwWeVQ.exe
992	dilhlqb.exe
1016	hXFZMev.exe
1356	IPqcRUs.exe
1360	pPPEzFh.exe
1284	RBluUAF.exe
1788	TYRySSL.exe
1696	mjCcPDo.exe
1468	fcQcNUA.exe
2236	XrtGNev.exe
2500	COkJUJL.exe
892	tRtpwgM.exe
1908	rOywmMM.exe
1028	moFpvnD.exe
2332	xgJjbjI.exe
2200	qebmpTf.exe
2224	uYCJjvW.exe
2220	RbvYALK.exe
328	EbPmdSf.exe
2896	vPKwGkD.exe
3064	iEGggGn.exe
1960	dZeazvz.exe

Loads dropped DLL 64 IoCs

pid	Process
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2960-0-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/memory/2528-8-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/files/0x00080000000144c9-9.dat	upx
behavioral1/memory/2636-13-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x0008000000014510-11.dat	upx
behavioral1/memory/2696-20-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x00080000000145c0-21.dat	upx
behavioral1/files/0x0007000000014742-33.dat	upx
behavioral1/files/0x00070000000146f9-41.dat	upx
behavioral1/memory/2528-42-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2452-43-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x003000000001435e-52.dat	upx
behavioral1/memory/2984-58-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/3000-65-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x0006000000015ccf-80.dat	upx
behavioral1/files/0x0006000000015cfd-92.dat	upx
behavioral1/files/0x0006000000015d31-107.dat	upx
behavioral1/files/0x0006000000015da1-135.dat	upx
behavioral1/files/0x0006000000016141-167.dat	upx
behavioral1/files/0x00060000000160da-163.dat	upx
behavioral1/files/0x0006000000015fa6-159.dat	upx
behavioral1/files/0x0006000000015f4e-155.dat	upx
behavioral1/files/0x0006000000015f38-151.dat	upx
behavioral1/files/0x0006000000015e4f-147.dat	upx
behavioral1/files/0x0006000000015df1-143.dat	upx
behavioral1/files/0x0006000000015dac-139.dat	upx
behavioral1/files/0x0006000000015d99-131.dat	upx
behavioral1/files/0x0006000000015d90-127.dat	upx
behavioral1/files/0x0006000000015d88-123.dat	upx
behavioral1/files/0x0006000000015d80-119.dat	upx
behavioral1/files/0x0006000000015d60-115.dat	upx
behavioral1/files/0x0006000000015d48-111.dat	upx
behavioral1/files/0x0006000000015d15-103.dat	upx
behavioral1/files/0x0006000000015d0a-99.dat	upx
behavioral1/memory/2596-93-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x0006000000015ce4-87.dat	upx
behavioral1/memory/936-81-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/1300-75-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x0006000000015cb9-74.dat	upx
behavioral1/files/0x00080000000156b8-69.dat	upx
behavioral1/memory/2424-64-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x0009000000014a1d-63.dat	upx
behavioral1/memory/2696-53-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2448-51-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2636-50-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x000700000001487c-49.dat	upx
behavioral1/memory/2584-40-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2960-34-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2424-26-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2636-3606-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2528-3615-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2584-4174-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2984-4175-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/476-4176-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/936-4177-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2596-4178-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2448-4179-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2452-4180-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/1300-4181-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/3000-4182-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/556-4183-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gfnyovL.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fAWwPPg.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pDDcOQH.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ydtzJCl.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jEyNOKY.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\paLWfLE.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMlifNU.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\voNaiKB.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WHhTXlw.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ioeyIKt.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uprTnKY.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gbsjybY.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NgLRRnV.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yVOlDsU.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xEDvQqH.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gnljXsn.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xJGyBJa.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RuyZAyu.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSEzGNq.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zFBAULC.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sAONNCu.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AASacwv.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MBaVooo.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqJxHDd.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DDcpxHX.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eECBtYd.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCSLBxZ.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BfWabDM.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxMJxxr.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\msiKrMo.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aryCAIp.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xtMnJqJ.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hkUPECm.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zxGZXaK.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BiZVYMi.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\quyUOtj.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UzqRlzd.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dnkvfyr.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpYOWtl.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SBivHdC.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\byhizzX.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\igvcHtD.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fCIMEbE.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lDQzuUU.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SaxemSn.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dVgMarJ.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jkAzjAp.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iIFxjrB.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKmymMC.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nvqpuUq.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\miDcNRP.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gbbctpv.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ploqZyH.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJJGXVv.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kVrKktW.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WwaBhha.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NAIQyXM.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LeMpSHo.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DaLCEyu.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KSHlcFh.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NecDoZn.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fClOMGs.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DxIDsbI.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rGHuICQ.exe	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 2528	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2960 wrote to memory of 2528	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2960 wrote to memory of 2528	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2960 wrote to memory of 2636	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2960 wrote to memory of 2636	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2960 wrote to memory of 2636	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2960 wrote to memory of 2696	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2960 wrote to memory of 2696	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2960 wrote to memory of 2696	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2960 wrote to memory of 2424	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2960 wrote to memory of 2424	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2960 wrote to memory of 2424	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2960 wrote to memory of 2452	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2960 wrote to memory of 2452	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2960 wrote to memory of 2452	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2960 wrote to memory of 2584	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2960 wrote to memory of 2584	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2960 wrote to memory of 2584	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2960 wrote to memory of 2448	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2960 wrote to memory of 2448	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2960 wrote to memory of 2448	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2960 wrote to memory of 2984	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2960 wrote to memory of 2984	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2960 wrote to memory of 2984	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2960 wrote to memory of 3000	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2960 wrote to memory of 3000	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2960 wrote to memory of 3000	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2960 wrote to memory of 476	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2960 wrote to memory of 476	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2960 wrote to memory of 476	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2960 wrote to memory of 1300	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2960 wrote to memory of 1300	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2960 wrote to memory of 1300	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2960 wrote to memory of 936	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2960 wrote to memory of 936	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2960 wrote to memory of 936	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2960 wrote to memory of 556	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2960 wrote to memory of 556	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2960 wrote to memory of 556	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2960 wrote to memory of 2596	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2960 wrote to memory of 2596	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2960 wrote to memory of 2596	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2960 wrote to memory of 2772	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2960 wrote to memory of 2772	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2960 wrote to memory of 2772	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2960 wrote to memory of 2828	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2960 wrote to memory of 2828	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2960 wrote to memory of 2828	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2960 wrote to memory of 1924	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2960 wrote to memory of 1924	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2960 wrote to memory of 1924	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2960 wrote to memory of 2864	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2960 wrote to memory of 2864	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2960 wrote to memory of 2864	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2960 wrote to memory of 1440	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2960 wrote to memory of 1440	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2960 wrote to memory of 1440	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2960 wrote to memory of 1992	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2960 wrote to memory of 1992	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2960 wrote to memory of 1992	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2960 wrote to memory of 2484	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2960 wrote to memory of 2484	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2960 wrote to memory of 2484	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2960 wrote to memory of 1656	2960	2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-22_9aac8529d16642a11843ee1f2266ee60_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Windows\System\gZkjNcv.exe
  C:\Windows\System\gZkjNcv.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\RSFwCiv.exe
  C:\Windows\System\RSFwCiv.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\CJPeEdj.exe
  C:\Windows\System\CJPeEdj.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\HnnNYep.exe
  C:\Windows\System\HnnNYep.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\dFkrjJR.exe
  C:\Windows\System\dFkrjJR.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\kiHgQKq.exe
  C:\Windows\System\kiHgQKq.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\LIctoaW.exe
  C:\Windows\System\LIctoaW.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\csUoxZm.exe
  C:\Windows\System\csUoxZm.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\stvYUkQ.exe
  C:\Windows\System\stvYUkQ.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\eECBtYd.exe
  C:\Windows\System\eECBtYd.exe
  2⤵
  - Executes dropped EXE
  PID:476
- C:\Windows\System\xCupxuS.exe
  C:\Windows\System\xCupxuS.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\MAGpzMt.exe
  C:\Windows\System\MAGpzMt.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\JcXYoqw.exe
  C:\Windows\System\JcXYoqw.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\wTQMXoI.exe
  C:\Windows\System\wTQMXoI.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\zNsRCeI.exe
  C:\Windows\System\zNsRCeI.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\fDTwEVt.exe
  C:\Windows\System\fDTwEVt.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\DaSShJn.exe
  C:\Windows\System\DaSShJn.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\PyilWcs.exe
  C:\Windows\System\PyilWcs.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\GAcBWMO.exe
  C:\Windows\System\GAcBWMO.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\ocnsOwh.exe
  C:\Windows\System\ocnsOwh.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\acyWizG.exe
  C:\Windows\System\acyWizG.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\BKHuqFQ.exe
  C:\Windows\System\BKHuqFQ.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\GDtRbcT.exe
  C:\Windows\System\GDtRbcT.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\rEODnMX.exe
  C:\Windows\System\rEODnMX.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\WChTNIO.exe
  C:\Windows\System\WChTNIO.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\WydXJFY.exe
  C:\Windows\System\WydXJFY.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\KAeptSZ.exe
  C:\Windows\System\KAeptSZ.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\ALtOrJU.exe
  C:\Windows\System\ALtOrJU.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\mTKFsKE.exe
  C:\Windows\System\mTKFsKE.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\JiXTnpb.exe
  C:\Windows\System\JiXTnpb.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\UWtRUJL.exe
  C:\Windows\System\UWtRUJL.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\EKcqYBn.exe
  C:\Windows\System\EKcqYBn.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\dLxqIrp.exe
  C:\Windows\System\dLxqIrp.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\dicPcWY.exe
  C:\Windows\System\dicPcWY.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\ATBVNVF.exe
  C:\Windows\System\ATBVNVF.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\AQiVLZT.exe
  C:\Windows\System\AQiVLZT.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\BKybGMm.exe
  C:\Windows\System\BKybGMm.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\wRnznPz.exe
  C:\Windows\System\wRnznPz.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\ZTkkzAJ.exe
  C:\Windows\System\ZTkkzAJ.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\BiZVYMi.exe
  C:\Windows\System\BiZVYMi.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\eMcNEan.exe
  C:\Windows\System\eMcNEan.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\kzROtwV.exe
  C:\Windows\System\kzROtwV.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\auwWeVQ.exe
  C:\Windows\System\auwWeVQ.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\dilhlqb.exe
  C:\Windows\System\dilhlqb.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\hXFZMev.exe
  C:\Windows\System\hXFZMev.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\IPqcRUs.exe
  C:\Windows\System\IPqcRUs.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\pPPEzFh.exe
  C:\Windows\System\pPPEzFh.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\RBluUAF.exe
  C:\Windows\System\RBluUAF.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\TYRySSL.exe
  C:\Windows\System\TYRySSL.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\mjCcPDo.exe
  C:\Windows\System\mjCcPDo.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\fcQcNUA.exe
  C:\Windows\System\fcQcNUA.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\XrtGNev.exe
  C:\Windows\System\XrtGNev.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\COkJUJL.exe
  C:\Windows\System\COkJUJL.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\tRtpwgM.exe
  C:\Windows\System\tRtpwgM.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\rOywmMM.exe
  C:\Windows\System\rOywmMM.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\moFpvnD.exe
  C:\Windows\System\moFpvnD.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\xgJjbjI.exe
  C:\Windows\System\xgJjbjI.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\qebmpTf.exe
  C:\Windows\System\qebmpTf.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\uYCJjvW.exe
  C:\Windows\System\uYCJjvW.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\RbvYALK.exe
  C:\Windows\System\RbvYALK.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\EbPmdSf.exe
  C:\Windows\System\EbPmdSf.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\vPKwGkD.exe
  C:\Windows\System\vPKwGkD.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\iEGggGn.exe
  C:\Windows\System\iEGggGn.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\dZeazvz.exe
  C:\Windows\System\dZeazvz.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\dHDXUaB.exe
  C:\Windows\System\dHDXUaB.exe
  2⤵
  PID:1584
- C:\Windows\System\jyknfFw.exe
  C:\Windows\System\jyknfFw.exe
  2⤵
  PID:2084
- C:\Windows\System\zdIUkoD.exe
  C:\Windows\System\zdIUkoD.exe
  2⤵
  PID:1420
- C:\Windows\System\OwiYYpr.exe
  C:\Windows\System\OwiYYpr.exe
  2⤵
  PID:2256
- C:\Windows\System\WHhTXlw.exe
  C:\Windows\System\WHhTXlw.exe
  2⤵
  PID:2068
- C:\Windows\System\NecDoZn.exe
  C:\Windows\System\NecDoZn.exe
  2⤵
  PID:1520
- C:\Windows\System\nqdbVJO.exe
  C:\Windows\System\nqdbVJO.exe
  2⤵
  PID:1628
- C:\Windows\System\dXiKLNI.exe
  C:\Windows\System\dXiKLNI.exe
  2⤵
  PID:1652
- C:\Windows\System\uiQNSid.exe
  C:\Windows\System\uiQNSid.exe
  2⤵
  PID:2576
- C:\Windows\System\TUcBIsZ.exe
  C:\Windows\System\TUcBIsZ.exe
  2⤵
  PID:2572
- C:\Windows\System\wKLzhWf.exe
  C:\Windows\System\wKLzhWf.exe
  2⤵
  PID:2740
- C:\Windows\System\qIwxMTW.exe
  C:\Windows\System\qIwxMTW.exe
  2⤵
  PID:2544
- C:\Windows\System\iZOXWCK.exe
  C:\Windows\System\iZOXWCK.exe
  2⤵
  PID:2456
- C:\Windows\System\FVXsqan.exe
  C:\Windows\System\FVXsqan.exe
  2⤵
  PID:2540
- C:\Windows\System\mZhDILA.exe
  C:\Windows\System\mZhDILA.exe
  2⤵
  PID:380
- C:\Windows\System\QMidUoZ.exe
  C:\Windows\System\QMidUoZ.exe
  2⤵
  PID:1740
- C:\Windows\System\ySIuFRM.exe
  C:\Windows\System\ySIuFRM.exe
  2⤵
  PID:2796
- C:\Windows\System\vfIWcLW.exe
  C:\Windows\System\vfIWcLW.exe
  2⤵
  PID:2820
- C:\Windows\System\LwmnbVE.exe
  C:\Windows\System\LwmnbVE.exe
  2⤵
  PID:2240
- C:\Windows\System\sWjMKGl.exe
  C:\Windows\System\sWjMKGl.exe
  2⤵
  PID:1724
- C:\Windows\System\MHNyoXQ.exe
  C:\Windows\System\MHNyoXQ.exe
  2⤵
  PID:1988
- C:\Windows\System\wdIkApJ.exe
  C:\Windows\System\wdIkApJ.exe
  2⤵
  PID:2552
- C:\Windows\System\VNefDZH.exe
  C:\Windows\System\VNefDZH.exe
  2⤵
  PID:2660
- C:\Windows\System\msHLFQB.exe
  C:\Windows\System\msHLFQB.exe
  2⤵
  PID:1996
- C:\Windows\System\YLWBGFb.exe
  C:\Windows\System\YLWBGFb.exe
  2⤵
  PID:1896
- C:\Windows\System\qJOxzLR.exe
  C:\Windows\System\qJOxzLR.exe
  2⤵
  PID:3008
- C:\Windows\System\MvfKswn.exe
  C:\Windows\System\MvfKswn.exe
  2⤵
  PID:904
- C:\Windows\System\JTLmoCi.exe
  C:\Windows\System\JTLmoCi.exe
  2⤵
  PID:2648
- C:\Windows\System\WdphFmC.exe
  C:\Windows\System\WdphFmC.exe
  2⤵
  PID:1772
- C:\Windows\System\hxWuZGi.exe
  C:\Windows\System\hxWuZGi.exe
  2⤵
  PID:844
- C:\Windows\System\gZtdlcy.exe
  C:\Windows\System\gZtdlcy.exe
  2⤵
  PID:1248
- C:\Windows\System\mTWPCEy.exe
  C:\Windows\System\mTWPCEy.exe
  2⤵
  PID:1948
- C:\Windows\System\fgrmtGP.exe
  C:\Windows\System\fgrmtGP.exe
  2⤵
  PID:2288
- C:\Windows\System\ZXzgvTj.exe
  C:\Windows\System\ZXzgvTj.exe
  2⤵
  PID:688
- C:\Windows\System\IgeUtST.exe
  C:\Windows\System\IgeUtST.exe
  2⤵
  PID:1568
- C:\Windows\System\dtEhaBd.exe
  C:\Windows\System\dtEhaBd.exe
  2⤵
  PID:2228
- C:\Windows\System\KLdeggc.exe
  C:\Windows\System\KLdeggc.exe
  2⤵
  PID:2128
- C:\Windows\System\CpkKWvh.exe
  C:\Windows\System\CpkKWvh.exe
  2⤵
  PID:1728
- C:\Windows\System\MTXMUZc.exe
  C:\Windows\System\MTXMUZc.exe
  2⤵
  PID:1792
- C:\Windows\System\larBWGa.exe
  C:\Windows\System\larBWGa.exe
  2⤵
  PID:2336
- C:\Windows\System\MPftKrC.exe
  C:\Windows\System\MPftKrC.exe
  2⤵
  PID:2020
- C:\Windows\System\JWdtRUN.exe
  C:\Windows\System\JWdtRUN.exe
  2⤵
  PID:3068
- C:\Windows\System\VaTEUGY.exe
  C:\Windows\System\VaTEUGY.exe
  2⤵
  PID:1208
- C:\Windows\System\nvljXQf.exe
  C:\Windows\System\nvljXQf.exe
  2⤵
  PID:1428
- C:\Windows\System\otplSJL.exe
  C:\Windows\System\otplSJL.exe
  2⤵
  PID:2948
- C:\Windows\System\ZPrGdil.exe
  C:\Windows\System\ZPrGdil.exe
  2⤵
  PID:2940
- C:\Windows\System\tigiwni.exe
  C:\Windows\System\tigiwni.exe
  2⤵
  PID:1532
- C:\Windows\System\KdLeKMp.exe
  C:\Windows\System\KdLeKMp.exe
  2⤵
  PID:2612
- C:\Windows\System\TpTeUiJ.exe
  C:\Windows\System\TpTeUiJ.exe
  2⤵
  PID:2640
- C:\Windows\System\zNlCZoE.exe
  C:\Windows\System\zNlCZoE.exe
  2⤵
  PID:1932
- C:\Windows\System\iKbAZjw.exe
  C:\Windows\System\iKbAZjw.exe
  2⤵
  PID:2764
- C:\Windows\System\TJJGXVv.exe
  C:\Windows\System\TJJGXVv.exe
  2⤵
  PID:1892
- C:\Windows\System\BkSZXMk.exe
  C:\Windows\System\BkSZXMk.exe
  2⤵
  PID:1936
- C:\Windows\System\xZesoRm.exe
  C:\Windows\System\xZesoRm.exe
  2⤵
  PID:1192
- C:\Windows\System\MOBpmIS.exe
  C:\Windows\System\MOBpmIS.exe
  2⤵
  PID:1864
- C:\Windows\System\kVrKktW.exe
  C:\Windows\System\kVrKktW.exe
  2⤵
  PID:3016
- C:\Windows\System\aPsrdiA.exe
  C:\Windows\System\aPsrdiA.exe
  2⤵
  PID:2912
- C:\Windows\System\jgbENdY.exe
  C:\Windows\System\jgbENdY.exe
  2⤵
  PID:1556
- C:\Windows\System\onKKUxf.exe
  C:\Windows\System\onKKUxf.exe
  2⤵
  PID:376
- C:\Windows\System\mlvrJHr.exe
  C:\Windows\System\mlvrJHr.exe
  2⤵
  PID:944
- C:\Windows\System\qSzwFgW.exe
  C:\Windows\System\qSzwFgW.exe
  2⤵
  PID:1216
- C:\Windows\System\fDyilEl.exe
  C:\Windows\System\fDyilEl.exe
  2⤵
  PID:2924
- C:\Windows\System\AfmdTCr.exe
  C:\Windows\System\AfmdTCr.exe
  2⤵
  PID:1500
- C:\Windows\System\zFPXCSa.exe
  C:\Windows\System\zFPXCSa.exe
  2⤵
  PID:2052
- C:\Windows\System\JIBMzmI.exe
  C:\Windows\System\JIBMzmI.exe
  2⤵
  PID:2720
- C:\Windows\System\YMBRlnt.exe
  C:\Windows\System\YMBRlnt.exe
  2⤵
  PID:2360
- C:\Windows\System\VELlzsj.exe
  C:\Windows\System\VELlzsj.exe
  2⤵
  PID:2520
- C:\Windows\System\UdVcdGK.exe
  C:\Windows\System\UdVcdGK.exe
  2⤵
  PID:1012
- C:\Windows\System\DnHhqNe.exe
  C:\Windows\System\DnHhqNe.exe
  2⤵
  PID:1704
- C:\Windows\System\pCJQZSu.exe
  C:\Windows\System\pCJQZSu.exe
  2⤵
  PID:1872
- C:\Windows\System\NQWGuRD.exe
  C:\Windows\System\NQWGuRD.exe
  2⤵
  PID:3080
- C:\Windows\System\AoZvltt.exe
  C:\Windows\System\AoZvltt.exe
  2⤵
  PID:3096
- C:\Windows\System\vbhERSX.exe
  C:\Windows\System\vbhERSX.exe
  2⤵
  PID:3112
- C:\Windows\System\RCSLBxZ.exe
  C:\Windows\System\RCSLBxZ.exe
  2⤵
  PID:3128
- C:\Windows\System\LhdMjHf.exe
  C:\Windows\System\LhdMjHf.exe
  2⤵
  PID:3144
- C:\Windows\System\XAfiPwW.exe
  C:\Windows\System\XAfiPwW.exe
  2⤵
  PID:3160
- C:\Windows\System\UZvcAqr.exe
  C:\Windows\System\UZvcAqr.exe
  2⤵
  PID:3176
- C:\Windows\System\aIxoWrX.exe
  C:\Windows\System\aIxoWrX.exe
  2⤵
  PID:3192
- C:\Windows\System\TIaxjeB.exe
  C:\Windows\System\TIaxjeB.exe
  2⤵
  PID:3208
- C:\Windows\System\KfcZbLN.exe
  C:\Windows\System\KfcZbLN.exe
  2⤵
  PID:3224
- C:\Windows\System\LvZOWaT.exe
  C:\Windows\System\LvZOWaT.exe
  2⤵
  PID:3240
- C:\Windows\System\vqAFCmX.exe
  C:\Windows\System\vqAFCmX.exe
  2⤵
  PID:3256
- C:\Windows\System\xaGYuDV.exe
  C:\Windows\System\xaGYuDV.exe
  2⤵
  PID:3272
- C:\Windows\System\hwWhLCl.exe
  C:\Windows\System\hwWhLCl.exe
  2⤵
  PID:3288
- C:\Windows\System\PDtukuZ.exe
  C:\Windows\System\PDtukuZ.exe
  2⤵
  PID:3304
- C:\Windows\System\NggYoDD.exe
  C:\Windows\System\NggYoDD.exe
  2⤵
  PID:3320
- C:\Windows\System\NHmWLwh.exe
  C:\Windows\System\NHmWLwh.exe
  2⤵
  PID:3336
- C:\Windows\System\DLpWQUS.exe
  C:\Windows\System\DLpWQUS.exe
  2⤵
  PID:3352
- C:\Windows\System\oDfcYgF.exe
  C:\Windows\System\oDfcYgF.exe
  2⤵
  PID:3368
- C:\Windows\System\rKSjvpZ.exe
  C:\Windows\System\rKSjvpZ.exe
  2⤵
  PID:3384
- C:\Windows\System\CcGnXlc.exe
  C:\Windows\System\CcGnXlc.exe
  2⤵
  PID:3400
- C:\Windows\System\ljxsxhW.exe
  C:\Windows\System\ljxsxhW.exe
  2⤵
  PID:3416
- C:\Windows\System\uOlFRzP.exe
  C:\Windows\System\uOlFRzP.exe
  2⤵
  PID:3432
- C:\Windows\System\tTwTAxm.exe
  C:\Windows\System\tTwTAxm.exe
  2⤵
  PID:3448
- C:\Windows\System\crUfCcf.exe
  C:\Windows\System\crUfCcf.exe
  2⤵
  PID:3464
- C:\Windows\System\FfFPLaQ.exe
  C:\Windows\System\FfFPLaQ.exe
  2⤵
  PID:3480
- C:\Windows\System\QehIeqs.exe
  C:\Windows\System\QehIeqs.exe
  2⤵
  PID:3496
- C:\Windows\System\hpRjJrq.exe
  C:\Windows\System\hpRjJrq.exe
  2⤵
  PID:3512
- C:\Windows\System\skivLst.exe
  C:\Windows\System\skivLst.exe
  2⤵
  PID:3528
- C:\Windows\System\sSrGxHe.exe
  C:\Windows\System\sSrGxHe.exe
  2⤵
  PID:3544
- C:\Windows\System\kjiwUsa.exe
  C:\Windows\System\kjiwUsa.exe
  2⤵
  PID:3560
- C:\Windows\System\fZJjVFF.exe
  C:\Windows\System\fZJjVFF.exe
  2⤵
  PID:3576
- C:\Windows\System\dHlulRv.exe
  C:\Windows\System\dHlulRv.exe
  2⤵
  PID:3592
- C:\Windows\System\VQLEvgV.exe
  C:\Windows\System\VQLEvgV.exe
  2⤵
  PID:3608
- C:\Windows\System\JlJqZPP.exe
  C:\Windows\System\JlJqZPP.exe
  2⤵
  PID:3624
- C:\Windows\System\jvzTvlM.exe
  C:\Windows\System\jvzTvlM.exe
  2⤵
  PID:3640
- C:\Windows\System\BrBEULg.exe
  C:\Windows\System\BrBEULg.exe
  2⤵
  PID:3656
- C:\Windows\System\XVVDari.exe
  C:\Windows\System\XVVDari.exe
  2⤵
  PID:3672
- C:\Windows\System\wNfUrbq.exe
  C:\Windows\System\wNfUrbq.exe
  2⤵
  PID:3688
- C:\Windows\System\wkvBxps.exe
  C:\Windows\System\wkvBxps.exe
  2⤵
  PID:3704
- C:\Windows\System\QBQxWPQ.exe
  C:\Windows\System\QBQxWPQ.exe
  2⤵
  PID:3720
- C:\Windows\System\UqnBiLZ.exe
  C:\Windows\System\UqnBiLZ.exe
  2⤵
  PID:3736
- C:\Windows\System\ylYTgAl.exe
  C:\Windows\System\ylYTgAl.exe
  2⤵
  PID:3752
- C:\Windows\System\eeKkWtu.exe
  C:\Windows\System\eeKkWtu.exe
  2⤵
  PID:3768
- C:\Windows\System\Llkmobw.exe
  C:\Windows\System\Llkmobw.exe
  2⤵
  PID:3784
- C:\Windows\System\ODAYHSw.exe
  C:\Windows\System\ODAYHSw.exe
  2⤵
  PID:3800
- C:\Windows\System\nklMhXx.exe
  C:\Windows\System\nklMhXx.exe
  2⤵
  PID:3816
- C:\Windows\System\IsBsWYZ.exe
  C:\Windows\System\IsBsWYZ.exe
  2⤵
  PID:3832
- C:\Windows\System\kGjbnKq.exe
  C:\Windows\System\kGjbnKq.exe
  2⤵
  PID:3848
- C:\Windows\System\ndqzzbK.exe
  C:\Windows\System\ndqzzbK.exe
  2⤵
  PID:3864
- C:\Windows\System\VRvZrEd.exe
  C:\Windows\System\VRvZrEd.exe
  2⤵
  PID:3880
- C:\Windows\System\Qntdvap.exe
  C:\Windows\System\Qntdvap.exe
  2⤵
  PID:3896
- C:\Windows\System\XzQtoug.exe
  C:\Windows\System\XzQtoug.exe
  2⤵
  PID:3912
- C:\Windows\System\dHjTvtd.exe
  C:\Windows\System\dHjTvtd.exe
  2⤵
  PID:3928
- C:\Windows\System\soYBdWZ.exe
  C:\Windows\System\soYBdWZ.exe
  2⤵
  PID:3944
- C:\Windows\System\ioeyIKt.exe
  C:\Windows\System\ioeyIKt.exe
  2⤵
  PID:3960
- C:\Windows\System\IxhDOIJ.exe
  C:\Windows\System\IxhDOIJ.exe
  2⤵
  PID:3976
- C:\Windows\System\ScVfAAd.exe
  C:\Windows\System\ScVfAAd.exe
  2⤵
  PID:3992
- C:\Windows\System\QVDKKYB.exe
  C:\Windows\System\QVDKKYB.exe
  2⤵
  PID:4008
- C:\Windows\System\TMPrTma.exe
  C:\Windows\System\TMPrTma.exe
  2⤵
  PID:4024
- C:\Windows\System\cBjWdfS.exe
  C:\Windows\System\cBjWdfS.exe
  2⤵
  PID:4040
- C:\Windows\System\dObJqhj.exe
  C:\Windows\System\dObJqhj.exe
  2⤵
  PID:4056
- C:\Windows\System\FqKnLRc.exe
  C:\Windows\System\FqKnLRc.exe
  2⤵
  PID:4072
- C:\Windows\System\HmWhCpC.exe
  C:\Windows\System\HmWhCpC.exe
  2⤵
  PID:4088
- C:\Windows\System\WayOUEF.exe
  C:\Windows\System\WayOUEF.exe
  2⤵
  PID:2112
- C:\Windows\System\CPOcMte.exe
  C:\Windows\System\CPOcMte.exe
  2⤵
  PID:2292
- C:\Windows\System\PbNscty.exe
  C:\Windows\System\PbNscty.exe
  2⤵
  PID:1856
- C:\Windows\System\bOPRoxI.exe
  C:\Windows\System\bOPRoxI.exe
  2⤵
  PID:2932
- C:\Windows\System\DedlogS.exe
  C:\Windows\System\DedlogS.exe
  2⤵
  PID:3048
- C:\Windows\System\LokQdLT.exe
  C:\Windows\System\LokQdLT.exe
  2⤵
  PID:576
- C:\Windows\System\aehZkbE.exe
  C:\Windows\System\aehZkbE.exe
  2⤵
  PID:1596
- C:\Windows\System\hCfmKJx.exe
  C:\Windows\System\hCfmKJx.exe
  2⤵
  PID:3088
- C:\Windows\System\QnKNvnE.exe
  C:\Windows\System\QnKNvnE.exe
  2⤵
  PID:3120
- C:\Windows\System\IYrbsvA.exe
  C:\Windows\System\IYrbsvA.exe
  2⤵
  PID:3152
- C:\Windows\System\vPyQclL.exe
  C:\Windows\System\vPyQclL.exe
  2⤵
  PID:2632
- C:\Windows\System\QMptuVH.exe
  C:\Windows\System\QMptuVH.exe
  2⤵
  PID:3204
- C:\Windows\System\IaLkJQP.exe
  C:\Windows\System\IaLkJQP.exe
  2⤵
  PID:3216
- C:\Windows\System\WShIpJg.exe
  C:\Windows\System\WShIpJg.exe
  2⤵
  PID:3248
- C:\Windows\System\KmrgoxO.exe
  C:\Windows\System\KmrgoxO.exe
  2⤵
  PID:3300
- C:\Windows\System\drrYTMP.exe
  C:\Windows\System\drrYTMP.exe
  2⤵
  PID:3332
- C:\Windows\System\JFSXBdc.exe
  C:\Windows\System\JFSXBdc.exe
  2⤵
  PID:3364
- C:\Windows\System\gTmVrIn.exe
  C:\Windows\System\gTmVrIn.exe
  2⤵
  PID:3396
- C:\Windows\System\icDbzYN.exe
  C:\Windows\System\icDbzYN.exe
  2⤵
  PID:3424
- C:\Windows\System\NVDMzeG.exe
  C:\Windows\System\NVDMzeG.exe
  2⤵
  PID:3444
- C:\Windows\System\BfWabDM.exe
  C:\Windows\System\BfWabDM.exe
  2⤵
  PID:3492
- C:\Windows\System\zTTWXPQ.exe
  C:\Windows\System\zTTWXPQ.exe
  2⤵
  PID:3504
- C:\Windows\System\mxbwons.exe
  C:\Windows\System\mxbwons.exe
  2⤵
  PID:3536
- C:\Windows\System\qimhEGJ.exe
  C:\Windows\System\qimhEGJ.exe
  2⤵
  PID:3588
- C:\Windows\System\atwKofR.exe
  C:\Windows\System\atwKofR.exe
  2⤵
  PID:3600
- C:\Windows\System\AUjviEX.exe
  C:\Windows\System\AUjviEX.exe
  2⤵
  PID:3648
- C:\Windows\System\MbPDgBh.exe
  C:\Windows\System\MbPDgBh.exe
  2⤵
  PID:3680
- C:\Windows\System\aqXqCAN.exe
  C:\Windows\System\aqXqCAN.exe
  2⤵
  PID:3712
- C:\Windows\System\RuyZAyu.exe
  C:\Windows\System\RuyZAyu.exe
  2⤵
  PID:3744
- C:\Windows\System\uYJUZzj.exe
  C:\Windows\System\uYJUZzj.exe
  2⤵
  PID:3776
- C:\Windows\System\DckaXlv.exe
  C:\Windows\System\DckaXlv.exe
  2⤵
  PID:3808
- C:\Windows\System\veFRltq.exe
  C:\Windows\System\veFRltq.exe
  2⤵
  PID:3840
- C:\Windows\System\mTPIXLp.exe
  C:\Windows\System\mTPIXLp.exe
  2⤵
  PID:3872
- C:\Windows\System\LApzCPE.exe
  C:\Windows\System\LApzCPE.exe
  2⤵
  PID:3904
- C:\Windows\System\EcrxBkV.exe
  C:\Windows\System\EcrxBkV.exe
  2⤵
  PID:3920
- C:\Windows\System\KniVEyc.exe
  C:\Windows\System\KniVEyc.exe
  2⤵
  PID:3968
- C:\Windows\System\pDDcOQH.exe
  C:\Windows\System\pDDcOQH.exe
  2⤵
  PID:3984
- C:\Windows\System\vDVjdtF.exe
  C:\Windows\System\vDVjdtF.exe
  2⤵
  PID:4032
- C:\Windows\System\pnCTqKN.exe
  C:\Windows\System\pnCTqKN.exe
  2⤵
  PID:4052
- C:\Windows\System\noXKCvN.exe
  C:\Windows\System\noXKCvN.exe
  2⤵
  PID:4080
- C:\Windows\System\yZQZYpU.exe
  C:\Windows\System\yZQZYpU.exe
  2⤵
  PID:1544
- C:\Windows\System\CytPlKo.exe
  C:\Windows\System\CytPlKo.exe
  2⤵
  PID:2620
- C:\Windows\System\XSJpEpe.exe
  C:\Windows\System\XSJpEpe.exe
  2⤵
  PID:2628
- C:\Windows\System\RUQgCeh.exe
  C:\Windows\System\RUQgCeh.exe
  2⤵
  PID:2712
- C:\Windows\System\MaCkRXH.exe
  C:\Windows\System\MaCkRXH.exe
  2⤵
  PID:3076
- C:\Windows\System\QdHkfGY.exe
  C:\Windows\System\QdHkfGY.exe
  2⤵
  PID:3124
- C:\Windows\System\fiyOFTy.exe
  C:\Windows\System\fiyOFTy.exe
  2⤵
  PID:3236
- C:\Windows\System\hbdFMut.exe
  C:\Windows\System\hbdFMut.exe
  2⤵
  PID:3296
- C:\Windows\System\fClOMGs.exe
  C:\Windows\System\fClOMGs.exe
  2⤵
  PID:3328
- C:\Windows\System\ySQzoVg.exe
  C:\Windows\System\ySQzoVg.exe
  2⤵
  PID:3412
- C:\Windows\System\PwNPeQk.exe
  C:\Windows\System\PwNPeQk.exe
  2⤵
  PID:3440
- C:\Windows\System\eZhGXAF.exe
  C:\Windows\System\eZhGXAF.exe
  2⤵
  PID:3524
- C:\Windows\System\aRPguEE.exe
  C:\Windows\System\aRPguEE.exe
  2⤵
  PID:3584
- C:\Windows\System\jluABeh.exe
  C:\Windows\System\jluABeh.exe
  2⤵
  PID:3632
- C:\Windows\System\LsDpvxo.exe
  C:\Windows\System\LsDpvxo.exe
  2⤵
  PID:3696
- C:\Windows\System\eNeusSu.exe
  C:\Windows\System\eNeusSu.exe
  2⤵
  PID:3792
- C:\Windows\System\UIAbXPw.exe
  C:\Windows\System\UIAbXPw.exe
  2⤵
  PID:1732
- C:\Windows\System\eYCGUnX.exe
  C:\Windows\System\eYCGUnX.exe
  2⤵
  PID:3860
- C:\Windows\System\cjRmbXc.exe
  C:\Windows\System\cjRmbXc.exe
  2⤵
  PID:3940
- C:\Windows\System\SBivHdC.exe
  C:\Windows\System\SBivHdC.exe
  2⤵
  PID:4020
- C:\Windows\System\PzslBjJ.exe
  C:\Windows\System\PzslBjJ.exe
  2⤵
  PID:4068
- C:\Windows\System\AnooQZy.exe
  C:\Windows\System\AnooQZy.exe
  2⤵
  PID:2180
- C:\Windows\System\cyosvKx.exe
  C:\Windows\System\cyosvKx.exe
  2⤵
  PID:2416
- C:\Windows\System\cfCzASJ.exe
  C:\Windows\System\cfCzASJ.exe
  2⤵
  PID:3092
- C:\Windows\System\RFCEHtd.exe
  C:\Windows\System\RFCEHtd.exe
  2⤵
  PID:3156
- C:\Windows\System\SHFonhz.exe
  C:\Windows\System\SHFonhz.exe
  2⤵
  PID:3268
- C:\Windows\System\aMVRQZH.exe
  C:\Windows\System\aMVRQZH.exe
  2⤵
  PID:3472
- C:\Windows\System\uRBCfOb.exe
  C:\Windows\System\uRBCfOb.exe
  2⤵
  PID:3620
- C:\Windows\System\PVnoohG.exe
  C:\Windows\System\PVnoohG.exe
  2⤵
  PID:3716
- C:\Windows\System\aQeoJIZ.exe
  C:\Windows\System\aQeoJIZ.exe
  2⤵
  PID:3844
- C:\Windows\System\lByVekR.exe
  C:\Windows\System\lByVekR.exe
  2⤵
  PID:2428
- C:\Windows\System\WxtlXCp.exe
  C:\Windows\System\WxtlXCp.exe
  2⤵
  PID:4004
- C:\Windows\System\jrSpwih.exe
  C:\Windows\System\jrSpwih.exe
  2⤵
  PID:744
- C:\Windows\System\zrDtAav.exe
  C:\Windows\System\zrDtAav.exe
  2⤵
  PID:3200
- C:\Windows\System\mMfybPx.exe
  C:\Windows\System\mMfybPx.exe
  2⤵
  PID:3344
- C:\Windows\System\hfoTxkb.exe
  C:\Windows\System\hfoTxkb.exe
  2⤵
  PID:4100
- C:\Windows\System\bRSnqaQ.exe
  C:\Windows\System\bRSnqaQ.exe
  2⤵
  PID:4116
- C:\Windows\System\VNkAsdk.exe
  C:\Windows\System\VNkAsdk.exe
  2⤵
  PID:4132
- C:\Windows\System\mTHuNEO.exe
  C:\Windows\System\mTHuNEO.exe
  2⤵
  PID:4148
- C:\Windows\System\ovfCPPA.exe
  C:\Windows\System\ovfCPPA.exe
  2⤵
  PID:4164
- C:\Windows\System\DvysKwc.exe
  C:\Windows\System\DvysKwc.exe
  2⤵
  PID:4180
- C:\Windows\System\SmEecpk.exe
  C:\Windows\System\SmEecpk.exe
  2⤵
  PID:4196
- C:\Windows\System\vRXpajf.exe
  C:\Windows\System\vRXpajf.exe
  2⤵
  PID:4212
- C:\Windows\System\HJxwdcy.exe
  C:\Windows\System\HJxwdcy.exe
  2⤵
  PID:4228
- C:\Windows\System\tRoobek.exe
  C:\Windows\System\tRoobek.exe
  2⤵
  PID:4244
- C:\Windows\System\IXsCCOH.exe
  C:\Windows\System\IXsCCOH.exe
  2⤵
  PID:4260
- C:\Windows\System\rWftJEk.exe
  C:\Windows\System\rWftJEk.exe
  2⤵
  PID:4276
- C:\Windows\System\eAXkMdt.exe
  C:\Windows\System\eAXkMdt.exe
  2⤵
  PID:4292
- C:\Windows\System\uMeuKwN.exe
  C:\Windows\System\uMeuKwN.exe
  2⤵
  PID:4308
- C:\Windows\System\IYaZXDs.exe
  C:\Windows\System\IYaZXDs.exe
  2⤵
  PID:4324
- C:\Windows\System\mVtHmeJ.exe
  C:\Windows\System\mVtHmeJ.exe
  2⤵
  PID:4340
- C:\Windows\System\wBgEShr.exe
  C:\Windows\System\wBgEShr.exe
  2⤵
  PID:4356
- C:\Windows\System\iGNmgMr.exe
  C:\Windows\System\iGNmgMr.exe
  2⤵
  PID:4372
- C:\Windows\System\XBizpFX.exe
  C:\Windows\System\XBizpFX.exe
  2⤵
  PID:4388
- C:\Windows\System\uTgqsJB.exe
  C:\Windows\System\uTgqsJB.exe
  2⤵
  PID:4404
- C:\Windows\System\auWENXx.exe
  C:\Windows\System\auWENXx.exe
  2⤵
  PID:4420
- C:\Windows\System\IXpUWiI.exe
  C:\Windows\System\IXpUWiI.exe
  2⤵
  PID:4436
- C:\Windows\System\MqRkbJj.exe
  C:\Windows\System\MqRkbJj.exe
  2⤵
  PID:4452
- C:\Windows\System\WrZglUB.exe
  C:\Windows\System\WrZglUB.exe
  2⤵
  PID:4468
- C:\Windows\System\VkvyAzL.exe
  C:\Windows\System\VkvyAzL.exe
  2⤵
  PID:4484
- C:\Windows\System\apMQnpa.exe
  C:\Windows\System\apMQnpa.exe
  2⤵
  PID:4500
- C:\Windows\System\oxMJxxr.exe
  C:\Windows\System\oxMJxxr.exe
  2⤵
  PID:4516
- C:\Windows\System\mMjUscD.exe
  C:\Windows\System\mMjUscD.exe
  2⤵
  PID:4532
- C:\Windows\System\MFWrPuH.exe
  C:\Windows\System\MFWrPuH.exe
  2⤵
  PID:4548
- C:\Windows\System\WRMGLWy.exe
  C:\Windows\System\WRMGLWy.exe
  2⤵
  PID:4564
- C:\Windows\System\VIdViqC.exe
  C:\Windows\System\VIdViqC.exe
  2⤵
  PID:4580
- C:\Windows\System\nSpAIrh.exe
  C:\Windows\System\nSpAIrh.exe
  2⤵
  PID:4596
- C:\Windows\System\oxksofT.exe
  C:\Windows\System\oxksofT.exe
  2⤵
  PID:4612
- C:\Windows\System\yaOtCrh.exe
  C:\Windows\System\yaOtCrh.exe
  2⤵
  PID:4628
- C:\Windows\System\ckJUTPp.exe
  C:\Windows\System\ckJUTPp.exe
  2⤵
  PID:4644
- C:\Windows\System\LiMTUCm.exe
  C:\Windows\System\LiMTUCm.exe
  2⤵
  PID:4660
- C:\Windows\System\pzoUSeQ.exe
  C:\Windows\System\pzoUSeQ.exe
  2⤵
  PID:4676
- C:\Windows\System\kbuSWwY.exe
  C:\Windows\System\kbuSWwY.exe
  2⤵
  PID:4692
- C:\Windows\System\yGGGZTb.exe
  C:\Windows\System\yGGGZTb.exe
  2⤵
  PID:4708
- C:\Windows\System\vPmruaw.exe
  C:\Windows\System\vPmruaw.exe
  2⤵
  PID:4724
- C:\Windows\System\YdSpOWc.exe
  C:\Windows\System\YdSpOWc.exe
  2⤵
  PID:4740
- C:\Windows\System\OmsajXk.exe
  C:\Windows\System\OmsajXk.exe
  2⤵
  PID:4756
- C:\Windows\System\DrhKsYj.exe
  C:\Windows\System\DrhKsYj.exe
  2⤵
  PID:4772
- C:\Windows\System\narwbAW.exe
  C:\Windows\System\narwbAW.exe
  2⤵
  PID:4788
- C:\Windows\System\mxZkoMt.exe
  C:\Windows\System\mxZkoMt.exe
  2⤵
  PID:4804
- C:\Windows\System\yOHzjpx.exe
  C:\Windows\System\yOHzjpx.exe
  2⤵
  PID:4820
- C:\Windows\System\iPrMrNY.exe
  C:\Windows\System\iPrMrNY.exe
  2⤵
  PID:4836
- C:\Windows\System\cJSqrZs.exe
  C:\Windows\System\cJSqrZs.exe
  2⤵
  PID:4856
- C:\Windows\System\mSEzGNq.exe
  C:\Windows\System\mSEzGNq.exe
  2⤵
  PID:4872
- C:\Windows\System\DxIDsbI.exe
  C:\Windows\System\DxIDsbI.exe
  2⤵
  PID:4888
- C:\Windows\System\exSrDZm.exe
  C:\Windows\System\exSrDZm.exe
  2⤵
  PID:4904
- C:\Windows\System\DEfIyCy.exe
  C:\Windows\System\DEfIyCy.exe
  2⤵
  PID:4920
- C:\Windows\System\knyfrFY.exe
  C:\Windows\System\knyfrFY.exe
  2⤵
  PID:4936
- C:\Windows\System\rbBmysf.exe
  C:\Windows\System\rbBmysf.exe
  2⤵
  PID:4952
- C:\Windows\System\mbFTMWj.exe
  C:\Windows\System\mbFTMWj.exe
  2⤵
  PID:4968
- C:\Windows\System\zFcrhAm.exe
  C:\Windows\System\zFcrhAm.exe
  2⤵
  PID:4984
- C:\Windows\System\CBBbffu.exe
  C:\Windows\System\CBBbffu.exe
  2⤵
  PID:5000
- C:\Windows\System\IGWLDmM.exe
  C:\Windows\System\IGWLDmM.exe
  2⤵
  PID:5016
- C:\Windows\System\HcXkZfG.exe
  C:\Windows\System\HcXkZfG.exe
  2⤵
  PID:5032
- C:\Windows\System\pvnkkkd.exe
  C:\Windows\System\pvnkkkd.exe
  2⤵
  PID:5048
- C:\Windows\System\WwaBhha.exe
  C:\Windows\System\WwaBhha.exe
  2⤵
  PID:5064
- C:\Windows\System\MeCPdQT.exe
  C:\Windows\System\MeCPdQT.exe
  2⤵
  PID:5080
- C:\Windows\System\qcdCyCV.exe
  C:\Windows\System\qcdCyCV.exe
  2⤵
  PID:5096
- C:\Windows\System\TtfemmF.exe
  C:\Windows\System\TtfemmF.exe
  2⤵
  PID:5112
- C:\Windows\System\XRxIurz.exe
  C:\Windows\System\XRxIurz.exe
  2⤵
  PID:3652
- C:\Windows\System\XRLRVUA.exe
  C:\Windows\System\XRLRVUA.exe
  2⤵
  PID:3780
- C:\Windows\System\nvqpuUq.exe
  C:\Windows\System\nvqpuUq.exe
  2⤵
  PID:2708
- C:\Windows\System\SKcaGQC.exe
  C:\Windows\System\SKcaGQC.exe
  2⤵
  PID:3056
- C:\Windows\System\dKJxEXb.exe
  C:\Windows\System\dKJxEXb.exe
  2⤵
  PID:2704
- C:\Windows\System\wmxnpyK.exe
  C:\Windows\System\wmxnpyK.exe
  2⤵
  PID:4112
- C:\Windows\System\cCvDQpE.exe
  C:\Windows\System\cCvDQpE.exe
  2⤵
  PID:4144
- C:\Windows\System\XSWnaBG.exe
  C:\Windows\System\XSWnaBG.exe
  2⤵
  PID:4160
- C:\Windows\System\ydtzJCl.exe
  C:\Windows\System\ydtzJCl.exe
  2⤵
  PID:4192
- C:\Windows\System\xsQGRIQ.exe
  C:\Windows\System\xsQGRIQ.exe
  2⤵
  PID:4220
- C:\Windows\System\MzJCNQz.exe
  C:\Windows\System\MzJCNQz.exe
  2⤵
  PID:4272
- C:\Windows\System\ltwOVxJ.exe
  C:\Windows\System\ltwOVxJ.exe
  2⤵
  PID:4300
- C:\Windows\System\tvkJFXu.exe
  C:\Windows\System\tvkJFXu.exe
  2⤵
  PID:4316
- C:\Windows\System\ifdDerH.exe
  C:\Windows\System\ifdDerH.exe
  2⤵
  PID:4348
- C:\Windows\System\RJerouy.exe
  C:\Windows\System\RJerouy.exe
  2⤵
  PID:4380
- C:\Windows\System\zTKwBFW.exe
  C:\Windows\System\zTKwBFW.exe
  2⤵
  PID:4400
- C:\Windows\System\SOWeoHB.exe
  C:\Windows\System\SOWeoHB.exe
  2⤵
  PID:4416
- C:\Windows\System\oQFOWiA.exe
  C:\Windows\System\oQFOWiA.exe
  2⤵
  PID:4464
- C:\Windows\System\WGvHmxw.exe
  C:\Windows\System\WGvHmxw.exe
  2⤵
  PID:4480
- C:\Windows\System\RtaRUeJ.exe
  C:\Windows\System\RtaRUeJ.exe
  2⤵
  PID:4512
- C:\Windows\System\qLBQuPi.exe
  C:\Windows\System\qLBQuPi.exe
  2⤵
  PID:4560
- C:\Windows\System\qsqBqQA.exe
  C:\Windows\System\qsqBqQA.exe
  2⤵
  PID:4592
- C:\Windows\System\DieIQjp.exe
  C:\Windows\System\DieIQjp.exe
  2⤵
  PID:4624
- C:\Windows\System\quyUOtj.exe
  C:\Windows\System\quyUOtj.exe
  2⤵
  PID:4636
- C:\Windows\System\tkKNSgV.exe
  C:\Windows\System\tkKNSgV.exe
  2⤵
  PID:4684
- C:\Windows\System\zGWuTSF.exe
  C:\Windows\System\zGWuTSF.exe
  2⤵
  PID:4700
- C:\Windows\System\pjPAFEe.exe
  C:\Windows\System\pjPAFEe.exe
  2⤵
  PID:4720
- C:\Windows\System\UzqRlzd.exe
  C:\Windows\System\UzqRlzd.exe
  2⤵
  PID:4736
- C:\Windows\System\HGFSpET.exe
  C:\Windows\System\HGFSpET.exe
  2⤵
  PID:4784
- C:\Windows\System\pUrsSAF.exe
  C:\Windows\System\pUrsSAF.exe
  2⤵
  PID:4796
- C:\Windows\System\VFOxSyJ.exe
  C:\Windows\System\VFOxSyJ.exe
  2⤵
  PID:4848
- C:\Windows\System\qbZRWEW.exe
  C:\Windows\System\qbZRWEW.exe
  2⤵
  PID:4864
- C:\Windows\System\hXKPdUJ.exe
  C:\Windows\System\hXKPdUJ.exe
  2⤵
  PID:4868
- C:\Windows\System\EjYFozQ.exe
  C:\Windows\System\EjYFozQ.exe
  2⤵
  PID:4900
- C:\Windows\System\nCjhlnH.exe
  C:\Windows\System\nCjhlnH.exe
  2⤵
  PID:4932
- C:\Windows\System\cogTemm.exe
  C:\Windows\System\cogTemm.exe
  2⤵
  PID:4964
- C:\Windows\System\YSHXmQk.exe
  C:\Windows\System\YSHXmQk.exe
  2⤵
  PID:5012
- C:\Windows\System\ETbDZZt.exe
  C:\Windows\System\ETbDZZt.exe
  2⤵
  PID:5028
- C:\Windows\System\vbHMsyx.exe
  C:\Windows\System\vbHMsyx.exe
  2⤵
  PID:5072
- C:\Windows\System\buLgOue.exe
  C:\Windows\System\buLgOue.exe
  2⤵
  PID:5104
- C:\Windows\System\LDhowQc.exe
  C:\Windows\System\LDhowQc.exe
  2⤵
  PID:3936
- C:\Windows\System\DNXjStw.exe
  C:\Windows\System\DNXjStw.exe
  2⤵
  PID:2908
- C:\Windows\System\TNcOslb.exe
  C:\Windows\System\TNcOslb.exe
  2⤵
  PID:2088
- C:\Windows\System\TylfDPM.exe
  C:\Windows\System\TylfDPM.exe
  2⤵
  PID:4172
- C:\Windows\System\gKsvBoV.exe
  C:\Windows\System\gKsvBoV.exe
  2⤵
  PID:4236
- C:\Windows\System\yFJhhpL.exe
  C:\Windows\System\yFJhhpL.exe
  2⤵
  PID:4284
- C:\Windows\System\HTzyRUV.exe
  C:\Windows\System\HTzyRUV.exe
  2⤵
  PID:4320
- C:\Windows\System\qbnAdCi.exe
  C:\Windows\System\qbnAdCi.exe
  2⤵
  PID:4396
- C:\Windows\System\KQTJfwC.exe
  C:\Windows\System\KQTJfwC.exe
  2⤵
  PID:4444
- C:\Windows\System\XwVJKTe.exe
  C:\Windows\System\XwVJKTe.exe
  2⤵
  PID:4508
- C:\Windows\System\fungvOQ.exe
  C:\Windows\System\fungvOQ.exe
  2⤵
  PID:4572
- C:\Windows\System\PdDbjPD.exe
  C:\Windows\System\PdDbjPD.exe
  2⤵
  PID:4608
- C:\Windows\System\iMOIfaK.exe
  C:\Windows\System\iMOIfaK.exe
  2⤵
  PID:4668
- C:\Windows\System\MOQyyVD.exe
  C:\Windows\System\MOQyyVD.exe
  2⤵
  PID:4748
- C:\Windows\System\nEPlbGP.exe
  C:\Windows\System\nEPlbGP.exe
  2⤵
  PID:4780
- C:\Windows\System\TajGeMb.exe
  C:\Windows\System\TajGeMb.exe
  2⤵
  PID:1416
- C:\Windows\System\msiKrMo.exe
  C:\Windows\System\msiKrMo.exe
  2⤵
  PID:2816
- C:\Windows\System\mlzRAoj.exe
  C:\Windows\System\mlzRAoj.exe
  2⤵
  PID:4976
- C:\Windows\System\zATSSIv.exe
  C:\Windows\System\zATSSIv.exe
  2⤵
  PID:5008
- C:\Windows\System\RHPirxF.exe
  C:\Windows\System\RHPirxF.exe
  2⤵
  PID:5056
- C:\Windows\System\FfrWnCh.exe
  C:\Windows\System\FfrWnCh.exe
  2⤵
  PID:3684
- C:\Windows\System\taVKCvP.exe
  C:\Windows\System\taVKCvP.exe
  2⤵
  PID:3360
- C:\Windows\System\CXxKQKY.exe
  C:\Windows\System\CXxKQKY.exe
  2⤵
  PID:4240
- C:\Windows\System\XGfHRcn.exe
  C:\Windows\System\XGfHRcn.exe
  2⤵
  PID:4332
- C:\Windows\System\WwbROCD.exe
  C:\Windows\System\WwbROCD.exe
  2⤵
  PID:4428
- C:\Windows\System\Icpzzak.exe
  C:\Windows\System\Icpzzak.exe
  2⤵
  PID:4492
- C:\Windows\System\feIOSdl.exe
  C:\Windows\System\feIOSdl.exe
  2⤵
  PID:4604
- C:\Windows\System\gHrCxwF.exe
  C:\Windows\System\gHrCxwF.exe
  2⤵
  PID:4704
- C:\Windows\System\NKwVSak.exe
  C:\Windows\System\NKwVSak.exe
  2⤵
  PID:2728
- C:\Windows\System\bMAPwpC.exe
  C:\Windows\System\bMAPwpC.exe
  2⤵
  PID:4912
- C:\Windows\System\vNhGimI.exe
  C:\Windows\System\vNhGimI.exe
  2⤵
  PID:2472
- C:\Windows\System\qHNmCkn.exe
  C:\Windows\System\qHNmCkn.exe
  2⤵
  PID:5092
- C:\Windows\System\ZqLZcEI.exe
  C:\Windows\System\ZqLZcEI.exe
  2⤵
  PID:4128
- C:\Windows\System\SaxemSn.exe
  C:\Windows\System\SaxemSn.exe
  2⤵
  PID:1448
- C:\Windows\System\PHiAFAp.exe
  C:\Windows\System\PHiAFAp.exe
  2⤵
  PID:4540
- C:\Windows\System\rGHuICQ.exe
  C:\Windows\System\rGHuICQ.exe
  2⤵
  PID:4944
- C:\Windows\System\XKpqCeC.exe
  C:\Windows\System\XKpqCeC.exe
  2⤵
  PID:5088
- C:\Windows\System\QhrlBAu.exe
  C:\Windows\System\QhrlBAu.exe
  2⤵
  PID:5128
- C:\Windows\System\ipxIeYn.exe
  C:\Windows\System\ipxIeYn.exe
  2⤵
  PID:5144
- C:\Windows\System\OJzGtHx.exe
  C:\Windows\System\OJzGtHx.exe
  2⤵
  PID:5160
- C:\Windows\System\QuGOlca.exe
  C:\Windows\System\QuGOlca.exe
  2⤵
  PID:5176
- C:\Windows\System\XALRjcY.exe
  C:\Windows\System\XALRjcY.exe
  2⤵
  PID:5192
- C:\Windows\System\MwcMQnf.exe
  C:\Windows\System\MwcMQnf.exe
  2⤵
  PID:5208
- C:\Windows\System\FdtYvCG.exe
  C:\Windows\System\FdtYvCG.exe
  2⤵
  PID:5224
- C:\Windows\System\yPllEeo.exe
  C:\Windows\System\yPllEeo.exe
  2⤵
  PID:5240
- C:\Windows\System\yEbzyIT.exe
  C:\Windows\System\yEbzyIT.exe
  2⤵
  PID:5256
- C:\Windows\System\CgEcbmT.exe
  C:\Windows\System\CgEcbmT.exe
  2⤵
  PID:5272
- C:\Windows\System\ZJHqcZe.exe
  C:\Windows\System\ZJHqcZe.exe
  2⤵
  PID:5288
- C:\Windows\System\WGiMPJn.exe
  C:\Windows\System\WGiMPJn.exe
  2⤵
  PID:5304
- C:\Windows\System\tcaLRkf.exe
  C:\Windows\System\tcaLRkf.exe
  2⤵
  PID:5320
- C:\Windows\System\UCthyoy.exe
  C:\Windows\System\UCthyoy.exe
  2⤵
  PID:5336
- C:\Windows\System\vjehsWv.exe
  C:\Windows\System\vjehsWv.exe
  2⤵
  PID:5352
- C:\Windows\System\hXstrAB.exe
  C:\Windows\System\hXstrAB.exe
  2⤵
  PID:5368
- C:\Windows\System\joWYChV.exe
  C:\Windows\System\joWYChV.exe
  2⤵
  PID:5384
- C:\Windows\System\mfwhsOH.exe
  C:\Windows\System\mfwhsOH.exe
  2⤵
  PID:5400
- C:\Windows\System\HMhOASM.exe
  C:\Windows\System\HMhOASM.exe
  2⤵
  PID:5416
- C:\Windows\System\GwNlcOa.exe
  C:\Windows\System\GwNlcOa.exe
  2⤵
  PID:5432
- C:\Windows\System\jDzAyDK.exe
  C:\Windows\System\jDzAyDK.exe
  2⤵
  PID:5448
- C:\Windows\System\hRlEfZH.exe
  C:\Windows\System\hRlEfZH.exe
  2⤵
  PID:5464
- C:\Windows\System\lECfyZl.exe
  C:\Windows\System\lECfyZl.exe
  2⤵
  PID:5480
- C:\Windows\System\dmhrRUp.exe
  C:\Windows\System\dmhrRUp.exe
  2⤵
  PID:5496
- C:\Windows\System\TswagLf.exe
  C:\Windows\System\TswagLf.exe
  2⤵
  PID:5512
- C:\Windows\System\IfFqJlW.exe
  C:\Windows\System\IfFqJlW.exe
  2⤵
  PID:5528
- C:\Windows\System\whYuuRq.exe
  C:\Windows\System\whYuuRq.exe
  2⤵
  PID:5544
- C:\Windows\System\jcCdxiL.exe
  C:\Windows\System\jcCdxiL.exe
  2⤵
  PID:5560
- C:\Windows\System\AdXPkLz.exe
  C:\Windows\System\AdXPkLz.exe
  2⤵
  PID:5576
- C:\Windows\System\YEPiMwU.exe
  C:\Windows\System\YEPiMwU.exe
  2⤵
  PID:5592
- C:\Windows\System\TtdIoiO.exe
  C:\Windows\System\TtdIoiO.exe
  2⤵
  PID:5608
- C:\Windows\System\NjDbffX.exe
  C:\Windows\System\NjDbffX.exe
  2⤵
  PID:5624
- C:\Windows\System\egzIbjY.exe
  C:\Windows\System\egzIbjY.exe
  2⤵
  PID:5640
- C:\Windows\System\FyYuVrS.exe
  C:\Windows\System\FyYuVrS.exe
  2⤵
  PID:5656
- C:\Windows\System\fpsjTAK.exe
  C:\Windows\System\fpsjTAK.exe
  2⤵
  PID:5672
- C:\Windows\System\wMPbDLt.exe
  C:\Windows\System\wMPbDLt.exe
  2⤵
  PID:5688
- C:\Windows\System\UxbeanI.exe
  C:\Windows\System\UxbeanI.exe
  2⤵
  PID:5704
- C:\Windows\System\aUDSXhI.exe
  C:\Windows\System\aUDSXhI.exe
  2⤵
  PID:5720
- C:\Windows\System\UwBdfkH.exe
  C:\Windows\System\UwBdfkH.exe
  2⤵
  PID:5736
- C:\Windows\System\jxVaXyx.exe
  C:\Windows\System\jxVaXyx.exe
  2⤵
  PID:5752
- C:\Windows\System\DsPmiAw.exe
  C:\Windows\System\DsPmiAw.exe
  2⤵
  PID:5768
- C:\Windows\System\srOyezv.exe
  C:\Windows\System\srOyezv.exe
  2⤵
  PID:5784
- C:\Windows\System\JwuKEHB.exe
  C:\Windows\System\JwuKEHB.exe
  2⤵
  PID:5800
- C:\Windows\System\HFpIppS.exe
  C:\Windows\System\HFpIppS.exe
  2⤵
  PID:5816
- C:\Windows\System\cGWqzlx.exe
  C:\Windows\System\cGWqzlx.exe
  2⤵
  PID:5832
- C:\Windows\System\hhcFvjH.exe
  C:\Windows\System\hhcFvjH.exe
  2⤵
  PID:5848
- C:\Windows\System\CYUwiSU.exe
  C:\Windows\System\CYUwiSU.exe
  2⤵
  PID:5864
- C:\Windows\System\zqHIOVN.exe
  C:\Windows\System\zqHIOVN.exe
  2⤵
  PID:5880
- C:\Windows\System\XeEWpVw.exe
  C:\Windows\System\XeEWpVw.exe
  2⤵
  PID:5896
- C:\Windows\System\PMPNoiF.exe
  C:\Windows\System\PMPNoiF.exe
  2⤵
  PID:5912
- C:\Windows\System\VPmZRoK.exe
  C:\Windows\System\VPmZRoK.exe
  2⤵
  PID:5928
- C:\Windows\System\ZebkZKq.exe
  C:\Windows\System\ZebkZKq.exe
  2⤵
  PID:5944
- C:\Windows\System\JFRHswo.exe
  C:\Windows\System\JFRHswo.exe
  2⤵
  PID:5960
- C:\Windows\System\eMlWSDK.exe
  C:\Windows\System\eMlWSDK.exe
  2⤵
  PID:5976
- C:\Windows\System\dPUJCvp.exe
  C:\Windows\System\dPUJCvp.exe
  2⤵
  PID:5992
- C:\Windows\System\EuGyIXT.exe
  C:\Windows\System\EuGyIXT.exe
  2⤵
  PID:6008
- C:\Windows\System\VDCYXzI.exe
  C:\Windows\System\VDCYXzI.exe
  2⤵
  PID:6024
- C:\Windows\System\SWgtbyo.exe
  C:\Windows\System\SWgtbyo.exe
  2⤵
  PID:6040
- C:\Windows\System\zAcLDRe.exe
  C:\Windows\System\zAcLDRe.exe
  2⤵
  PID:6056
- C:\Windows\System\Blieear.exe
  C:\Windows\System\Blieear.exe
  2⤵
  PID:6072
- C:\Windows\System\ICkipli.exe
  C:\Windows\System\ICkipli.exe
  2⤵
  PID:6088
- C:\Windows\System\EkyHleN.exe
  C:\Windows\System\EkyHleN.exe
  2⤵
  PID:6104
- C:\Windows\System\bCrNtnM.exe
  C:\Windows\System\bCrNtnM.exe
  2⤵
  PID:6120
- C:\Windows\System\zFBAULC.exe
  C:\Windows\System\zFBAULC.exe
  2⤵
  PID:6136
- C:\Windows\System\IkVJSjH.exe
  C:\Windows\System\IkVJSjH.exe
  2⤵
  PID:4252
- C:\Windows\System\ATQwAXk.exe
  C:\Windows\System\ATQwAXk.exe
  2⤵
  PID:4916
- C:\Windows\System\VbHyOOJ.exe
  C:\Windows\System\VbHyOOJ.exe
  2⤵
  PID:5040
- C:\Windows\System\sPrtcmD.exe
  C:\Windows\System\sPrtcmD.exe
  2⤵
  PID:5140
- C:\Windows\System\eDeAeaL.exe
  C:\Windows\System\eDeAeaL.exe
  2⤵
  PID:5172
- C:\Windows\System\lCwKfUH.exe
  C:\Windows\System\lCwKfUH.exe
  2⤵
  PID:5216
- C:\Windows\System\qjmKoXG.exe
  C:\Windows\System\qjmKoXG.exe
  2⤵
  PID:5248
- C:\Windows\System\wkMoaqI.exe
  C:\Windows\System\wkMoaqI.exe
  2⤵
  PID:5280
- C:\Windows\System\ctTjLXC.exe
  C:\Windows\System\ctTjLXC.exe
  2⤵
  PID:5312
- C:\Windows\System\SRdWIVg.exe
  C:\Windows\System\SRdWIVg.exe
  2⤵
  PID:5344
- C:\Windows\System\bVoxqPT.exe
  C:\Windows\System\bVoxqPT.exe
  2⤵
  PID:5376
- C:\Windows\System\HpouaeF.exe
  C:\Windows\System\HpouaeF.exe
  2⤵
  PID:5408
- C:\Windows\System\AovYuNV.exe
  C:\Windows\System\AovYuNV.exe
  2⤵
  PID:5428
- C:\Windows\System\CIHCwCt.exe
  C:\Windows\System\CIHCwCt.exe
  2⤵
  PID:2988
- C:\Windows\System\iuEkqNI.exe
  C:\Windows\System\iuEkqNI.exe
  2⤵
  PID:5476
- C:\Windows\System\igCeaWQ.exe
  C:\Windows\System\igCeaWQ.exe
  2⤵
  PID:5520
- C:\Windows\System\HUZtjoc.exe
  C:\Windows\System\HUZtjoc.exe
  2⤵
  PID:5552
- C:\Windows\System\LTYwaSU.exe
  C:\Windows\System\LTYwaSU.exe
  2⤵
  PID:5584
- C:\Windows\System\fFkJKPc.exe
  C:\Windows\System\fFkJKPc.exe
  2⤵
  PID:5616
- C:\Windows\System\fbGqSPn.exe
  C:\Windows\System\fbGqSPn.exe
  2⤵
  PID:5648
- C:\Windows\System\GNoKqrr.exe
  C:\Windows\System\GNoKqrr.exe
  2⤵
  PID:5680
- C:\Windows\System\lAuQBJN.exe
  C:\Windows\System\lAuQBJN.exe
  2⤵
  PID:5712
- C:\Windows\System\nTBdNNM.exe
  C:\Windows\System\nTBdNNM.exe
  2⤵
  PID:5732
- C:\Windows\System\FuXVqqk.exe
  C:\Windows\System\FuXVqqk.exe
  2⤵
  PID:5764
- C:\Windows\System\YVUJUoo.exe
  C:\Windows\System\YVUJUoo.exe
  2⤵
  PID:5796
- C:\Windows\System\SJZauHs.exe
  C:\Windows\System\SJZauHs.exe
  2⤵
  PID:2000
- C:\Windows\System\JVhtEtz.exe
  C:\Windows\System\JVhtEtz.exe
  2⤵
  PID:5856
- C:\Windows\System\DqAGMpJ.exe
  C:\Windows\System\DqAGMpJ.exe
  2⤵
  PID:5876
- C:\Windows\System\OMQyJSK.exe
  C:\Windows\System\OMQyJSK.exe
  2⤵
  PID:5920
- C:\Windows\System\huUcVNC.exe
  C:\Windows\System\huUcVNC.exe
  2⤵
  PID:5940
- C:\Windows\System\hxCxFZn.exe
  C:\Windows\System\hxCxFZn.exe
  2⤵
  PID:5972
- C:\Windows\System\dABQxUn.exe
  C:\Windows\System\dABQxUn.exe
  2⤵
  PID:6016
- C:\Windows\System\TDUYGUB.exe
  C:\Windows\System\TDUYGUB.exe
  2⤵
  PID:6048
- C:\Windows\System\jzauAyH.exe
  C:\Windows\System\jzauAyH.exe
  2⤵
  PID:6068
- C:\Windows\System\DXQLGMf.exe
  C:\Windows\System\DXQLGMf.exe
  2⤵
  PID:6112
- C:\Windows\System\dDNMyTE.exe
  C:\Windows\System\dDNMyTE.exe
  2⤵
  PID:6128
- C:\Windows\System\aALuYUa.exe
  C:\Windows\System\aALuYUa.exe
  2⤵
  PID:4108
- C:\Windows\System\MSfNPzh.exe
  C:\Windows\System\MSfNPzh.exe
  2⤵
  PID:4764
- C:\Windows\System\BdhGqIf.exe
  C:\Windows\System\BdhGqIf.exe
  2⤵
  PID:5184
- C:\Windows\System\aiAxPkh.exe
  C:\Windows\System\aiAxPkh.exe
  2⤵
  PID:5232
- C:\Windows\System\pDRkzFv.exe
  C:\Windows\System\pDRkzFv.exe
  2⤵
  PID:5296
- C:\Windows\System\aRzarou.exe
  C:\Windows\System\aRzarou.exe
  2⤵
  PID:5360
- C:\Windows\System\yFpTaEg.exe
  C:\Windows\System\yFpTaEg.exe
  2⤵
  PID:5424
- C:\Windows\System\lAyaSDs.exe
  C:\Windows\System\lAyaSDs.exe
  2⤵
  PID:5488
- C:\Windows\System\MGyOGLT.exe
  C:\Windows\System\MGyOGLT.exe
  2⤵
  PID:5524
- C:\Windows\System\uZgAZZM.exe
  C:\Windows\System\uZgAZZM.exe
  2⤵
  PID:5572
- C:\Windows\System\rUvgnzb.exe
  C:\Windows\System\rUvgnzb.exe
  2⤵
  PID:5664
- C:\Windows\System\DpfnlOn.exe
  C:\Windows\System\DpfnlOn.exe
  2⤵
  PID:2780
- C:\Windows\System\VmSDUps.exe
  C:\Windows\System\VmSDUps.exe
  2⤵
  PID:5792
- C:\Windows\System\sYiMaiT.exe
  C:\Windows\System\sYiMaiT.exe
  2⤵
  PID:5824
- C:\Windows\System\LAOZSWO.exe
  C:\Windows\System\LAOZSWO.exe
  2⤵
  PID:5844
- C:\Windows\System\RWlzmNh.exe
  C:\Windows\System\RWlzmNh.exe
  2⤵
  PID:1000
- C:\Windows\System\XorrzHc.exe
  C:\Windows\System\XorrzHc.exe
  2⤵
  PID:6084
- C:\Windows\System\nzmiTco.exe
  C:\Windows\System\nzmiTco.exe
  2⤵
  PID:6116
- C:\Windows\System\kECrazL.exe
  C:\Windows\System\kECrazL.exe
  2⤵
  PID:5268
- C:\Windows\System\haYgrjT.exe
  C:\Windows\System\haYgrjT.exe
  2⤵
  PID:1668
- C:\Windows\System\ZihucXD.exe
  C:\Windows\System\ZihucXD.exe
  2⤵
  PID:5508
- C:\Windows\System\itAHCvn.exe
  C:\Windows\System\itAHCvn.exe
  2⤵
  PID:5620
- C:\Windows\System\GaOQNRW.exe
  C:\Windows\System\GaOQNRW.exe
  2⤵
  PID:5684
- C:\Windows\System\uLzqiFC.exe
  C:\Windows\System\uLzqiFC.exe
  2⤵
  PID:5780
- C:\Windows\System\WUIBjTB.exe
  C:\Windows\System\WUIBjTB.exe
  2⤵
  PID:300
- C:\Windows\System\zAmjnSv.exe
  C:\Windows\System\zAmjnSv.exe
  2⤵
  PID:4000
- C:\Windows\System\yHxQJof.exe
  C:\Windows\System\yHxQJof.exe
  2⤵
  PID:2656
- C:\Windows\System\yUVIbjV.exe
  C:\Windows\System\yUVIbjV.exe
  2⤵
  PID:1316
- C:\Windows\System\fLqJjIa.exe
  C:\Windows\System\fLqJjIa.exe
  2⤵
  PID:4852
- C:\Windows\System\GzaLgyU.exe
  C:\Windows\System\GzaLgyU.exe
  2⤵
  PID:2476
- C:\Windows\System\dtjiLXX.exe
  C:\Windows\System\dtjiLXX.exe
  2⤵
  PID:1888
- C:\Windows\System\gfaIqHo.exe
  C:\Windows\System\gfaIqHo.exe
  2⤵
  PID:1916
- C:\Windows\System\avfdEgL.exe
  C:\Windows\System\avfdEgL.exe
  2⤵
  PID:2784
- C:\Windows\System\sHIOSup.exe
  C:\Windows\System\sHIOSup.exe
  2⤵
  PID:2232
- C:\Windows\System\wfVvgga.exe
  C:\Windows\System\wfVvgga.exe
  2⤵
  PID:5328
- C:\Windows\System\hhmfhZZ.exe
  C:\Windows\System\hhmfhZZ.exe
  2⤵
  PID:2812
- C:\Windows\System\FaTXYLY.exe
  C:\Windows\System\FaTXYLY.exe
  2⤵
  PID:5264
- C:\Windows\System\qbycJIF.exe
  C:\Windows\System\qbycJIF.exe
  2⤵
  PID:2600
- C:\Windows\System\LQIBlPl.exe
  C:\Windows\System\LQIBlPl.exe
  2⤵
  PID:5668
- C:\Windows\System\dwDXkvC.exe
  C:\Windows\System\dwDXkvC.exe
  2⤵
  PID:536
- C:\Windows\System\LHKXOjD.exe
  C:\Windows\System\LHKXOjD.exe
  2⤵
  PID:1928
- C:\Windows\System\yHZUajR.exe
  C:\Windows\System\yHZUajR.exe
  2⤵
  PID:872
- C:\Windows\System\efcyqNV.exe
  C:\Windows\System\efcyqNV.exe
  2⤵
  PID:1676
- C:\Windows\System\dVgMarJ.exe
  C:\Windows\System\dVgMarJ.exe
  2⤵
  PID:1640
- C:\Windows\System\CgHOMEw.exe
  C:\Windows\System\CgHOMEw.exe
  2⤵
  PID:4828
- C:\Windows\System\YieKVSl.exe
  C:\Windows\System\YieKVSl.exe
  2⤵
  PID:1848
- C:\Windows\System\ZSHdNWV.exe
  C:\Windows\System\ZSHdNWV.exe
  2⤵
  PID:3004
- C:\Windows\System\BkMzHtn.exe
  C:\Windows\System\BkMzHtn.exe
  2⤵
  PID:5204
- C:\Windows\System\KtuDxcB.exe
  C:\Windows\System\KtuDxcB.exe
  2⤵
  PID:5700
- C:\Windows\System\gWvowjc.exe
  C:\Windows\System\gWvowjc.exe
  2⤵
  PID:1748
- C:\Windows\System\eLefSpj.exe
  C:\Windows\System\eLefSpj.exe
  2⤵
  PID:2956
- C:\Windows\System\calArSB.exe
  C:\Windows\System\calArSB.exe
  2⤵
  PID:6096
- C:\Windows\System\cJwqtbm.exe
  C:\Windows\System\cJwqtbm.exe
  2⤵
  PID:3028
- C:\Windows\System\ohqZBKR.exe
  C:\Windows\System\ohqZBKR.exe
  2⤵
  PID:2168
- C:\Windows\System\cwVheEm.exe
  C:\Windows\System\cwVheEm.exe
  2⤵
  PID:5956
- C:\Windows\System\gLYeBPg.exe
  C:\Windows\System\gLYeBPg.exe
  2⤵
  PID:1072
- C:\Windows\System\ctIhcdY.exe
  C:\Windows\System\ctIhcdY.exe
  2⤵
  PID:1632
- C:\Windows\System\MRKCKAb.exe
  C:\Windows\System\MRKCKAb.exe
  2⤵
  PID:348
- C:\Windows\System\TkhloIk.exe
  C:\Windows\System\TkhloIk.exe
  2⤵
  PID:6160
- C:\Windows\System\bpHmwCo.exe
  C:\Windows\System\bpHmwCo.exe
  2⤵
  PID:6176
- C:\Windows\System\MaGRhup.exe
  C:\Windows\System\MaGRhup.exe
  2⤵
  PID:6192
- C:\Windows\System\miDcNRP.exe
  C:\Windows\System\miDcNRP.exe
  2⤵
  PID:6208
- C:\Windows\System\ZNokVTm.exe
  C:\Windows\System\ZNokVTm.exe
  2⤵
  PID:6224
- C:\Windows\System\czBwXXi.exe
  C:\Windows\System\czBwXXi.exe
  2⤵
  PID:6240
- C:\Windows\System\MeVFOcr.exe
  C:\Windows\System\MeVFOcr.exe
  2⤵
  PID:6256
- C:\Windows\System\JvvxBuU.exe
  C:\Windows\System\JvvxBuU.exe
  2⤵
  PID:6272
- C:\Windows\System\HMKjnhO.exe
  C:\Windows\System\HMKjnhO.exe
  2⤵
  PID:6296
- C:\Windows\System\dnbNIHw.exe
  C:\Windows\System\dnbNIHw.exe
  2⤵
  PID:6312
- C:\Windows\System\iaDXJob.exe
  C:\Windows\System\iaDXJob.exe
  2⤵
  PID:6328
- C:\Windows\System\xUiZqFN.exe
  C:\Windows\System\xUiZqFN.exe
  2⤵
  PID:6344
- C:\Windows\System\mKTimjq.exe
  C:\Windows\System\mKTimjq.exe
  2⤵
  PID:6360
- C:\Windows\System\npkDJcV.exe
  C:\Windows\System\npkDJcV.exe
  2⤵
  PID:6376
- C:\Windows\System\rDQJfRY.exe
  C:\Windows\System\rDQJfRY.exe
  2⤵
  PID:6392
- C:\Windows\System\yKbJAEL.exe
  C:\Windows\System\yKbJAEL.exe
  2⤵
  PID:6408
- C:\Windows\System\aqPcrpu.exe
  C:\Windows\System\aqPcrpu.exe
  2⤵
  PID:6424
- C:\Windows\System\mILENln.exe
  C:\Windows\System\mILENln.exe
  2⤵
  PID:6440
- C:\Windows\System\RuMSjfc.exe
  C:\Windows\System\RuMSjfc.exe
  2⤵
  PID:6456
- C:\Windows\System\GZKJDew.exe
  C:\Windows\System\GZKJDew.exe
  2⤵
  PID:6472
- C:\Windows\System\aFEpgmx.exe
  C:\Windows\System\aFEpgmx.exe
  2⤵
  PID:6488
- C:\Windows\System\dcgNOlP.exe
  C:\Windows\System\dcgNOlP.exe
  2⤵
  PID:6504
- C:\Windows\System\BZCWNFf.exe
  C:\Windows\System\BZCWNFf.exe
  2⤵
  PID:6520
- C:\Windows\System\cabHBkt.exe
  C:\Windows\System\cabHBkt.exe
  2⤵
  PID:6536
- C:\Windows\System\jYqlFrS.exe
  C:\Windows\System\jYqlFrS.exe
  2⤵
  PID:6552
- C:\Windows\System\lyxceEM.exe
  C:\Windows\System\lyxceEM.exe
  2⤵
  PID:6568
- C:\Windows\System\BkaRcZc.exe
  C:\Windows\System\BkaRcZc.exe
  2⤵
  PID:6584
- C:\Windows\System\TSWsxot.exe
  C:\Windows\System\TSWsxot.exe
  2⤵
  PID:6600
- C:\Windows\System\dnkvfyr.exe
  C:\Windows\System\dnkvfyr.exe
  2⤵
  PID:6616
- C:\Windows\System\LyCOtnA.exe
  C:\Windows\System\LyCOtnA.exe
  2⤵
  PID:6632
- C:\Windows\System\xEDvQqH.exe
  C:\Windows\System\xEDvQqH.exe
  2⤵
  PID:6652
- C:\Windows\System\JBdVwMS.exe
  C:\Windows\System\JBdVwMS.exe
  2⤵
  PID:6668
- C:\Windows\System\PzRNPRN.exe
  C:\Windows\System\PzRNPRN.exe
  2⤵
  PID:6684
- C:\Windows\System\XwFVGht.exe
  C:\Windows\System\XwFVGht.exe
  2⤵
  PID:6700
- C:\Windows\System\pXvzZYG.exe
  C:\Windows\System\pXvzZYG.exe
  2⤵
  PID:6716
- C:\Windows\System\ZVtBHaw.exe
  C:\Windows\System\ZVtBHaw.exe
  2⤵
  PID:6732
- C:\Windows\System\JnXYgHH.exe
  C:\Windows\System\JnXYgHH.exe
  2⤵
  PID:6748
- C:\Windows\System\AIPVONE.exe
  C:\Windows\System\AIPVONE.exe
  2⤵
  PID:6764
- C:\Windows\System\rKWupPG.exe
  C:\Windows\System\rKWupPG.exe
  2⤵
  PID:6780
- C:\Windows\System\GlcKxHJ.exe
  C:\Windows\System\GlcKxHJ.exe
  2⤵
  PID:6796
- C:\Windows\System\yNRXuNJ.exe
  C:\Windows\System\yNRXuNJ.exe
  2⤵
  PID:6816
- C:\Windows\System\NmtYdug.exe
  C:\Windows\System\NmtYdug.exe
  2⤵
  PID:6840
- C:\Windows\System\VHjRuZP.exe
  C:\Windows\System\VHjRuZP.exe
  2⤵
  PID:6876
- C:\Windows\System\jUyJrvG.exe
  C:\Windows\System\jUyJrvG.exe
  2⤵
  PID:6896
- C:\Windows\System\OQIqIdB.exe
  C:\Windows\System\OQIqIdB.exe
  2⤵
  PID:6916
- C:\Windows\System\fEsAFdH.exe
  C:\Windows\System\fEsAFdH.exe
  2⤵
  PID:7000
- C:\Windows\System\bDjGMQg.exe
  C:\Windows\System\bDjGMQg.exe
  2⤵
  PID:7072
- C:\Windows\System\ViKsBZG.exe
  C:\Windows\System\ViKsBZG.exe
  2⤵
  PID:7104
- C:\Windows\System\iuRjtQK.exe
  C:\Windows\System\iuRjtQK.exe
  2⤵
  PID:7120
- C:\Windows\System\AGZvels.exe
  C:\Windows\System\AGZvels.exe
  2⤵
  PID:7136
- C:\Windows\System\XQlVarB.exe
  C:\Windows\System\XQlVarB.exe
  2⤵
  PID:7152
- C:\Windows\System\ryGnkmS.exe
  C:\Windows\System\ryGnkmS.exe
  2⤵
  PID:6184
- C:\Windows\System\WQBxxvw.exe
  C:\Windows\System\WQBxxvw.exe
  2⤵
  PID:6216
- C:\Windows\System\gjUiCTg.exe
  C:\Windows\System\gjUiCTg.exe
  2⤵
  PID:5392
- C:\Windows\System\HXysWcy.exe
  C:\Windows\System\HXysWcy.exe
  2⤵
  PID:6220
- C:\Windows\System\axHiEDN.exe
  C:\Windows\System\axHiEDN.exe
  2⤵
  PID:6252
- C:\Windows\System\pOtwvlB.exe
  C:\Windows\System\pOtwvlB.exe
  2⤵
  PID:6292
- C:\Windows\System\dWyMtoE.exe
  C:\Windows\System\dWyMtoE.exe
  2⤵
  PID:6388
- C:\Windows\System\TWcTmcN.exe
  C:\Windows\System\TWcTmcN.exe
  2⤵
  PID:6480
- C:\Windows\System\rThAeVp.exe
  C:\Windows\System\rThAeVp.exe
  2⤵
  PID:6404
- C:\Windows\System\pwtOQsC.exe
  C:\Windows\System\pwtOQsC.exe
  2⤵
  PID:6548
- C:\Windows\System\eRuxWey.exe
  C:\Windows\System\eRuxWey.exe
  2⤵
  PID:6596
- C:\Windows\System\kwpqGXy.exe
  C:\Windows\System\kwpqGXy.exe
  2⤵
  PID:6756
- C:\Windows\System\lsHChlJ.exe
  C:\Windows\System\lsHChlJ.exe
  2⤵
  PID:6792
- C:\Windows\System\BcGoODE.exe
  C:\Windows\System\BcGoODE.exe
  2⤵
  PID:6864
- C:\Windows\System\vnIBsbr.exe
  C:\Windows\System\vnIBsbr.exe
  2⤵
  PID:6828
- C:\Windows\System\vxizxuq.exe
  C:\Windows\System\vxizxuq.exe
  2⤵
  PID:6944
- C:\Windows\System\RXZWlsX.exe
  C:\Windows\System\RXZWlsX.exe
  2⤵
  PID:6960
- C:\Windows\System\hDjSBEr.exe
  C:\Windows\System\hDjSBEr.exe
  2⤵
  PID:6976
- C:\Windows\System\aWjXbeE.exe
  C:\Windows\System\aWjXbeE.exe
  2⤵
  PID:6992
- C:\Windows\System\DWRXetQ.exe
  C:\Windows\System\DWRXetQ.exe
  2⤵
  PID:7008
- C:\Windows\System\sJDarQs.exe
  C:\Windows\System\sJDarQs.exe
  2⤵
  PID:7032
- C:\Windows\System\JZheOnK.exe
  C:\Windows\System\JZheOnK.exe
  2⤵
  PID:7048
- C:\Windows\System\xwFaaBT.exe
  C:\Windows\System\xwFaaBT.exe
  2⤵
  PID:7064
- C:\Windows\System\hdsbjGJ.exe
  C:\Windows\System\hdsbjGJ.exe
  2⤵
  PID:7080
- C:\Windows\System\EGykweH.exe
  C:\Windows\System\EGykweH.exe
  2⤵
  PID:7096
- C:\Windows\System\oQIBJIl.exe
  C:\Windows\System\oQIBJIl.exe
  2⤵
  PID:7144
- C:\Windows\System\WQETTqq.exe
  C:\Windows\System\WQETTqq.exe
  2⤵
  PID:6156
- C:\Windows\System\zzTTCyF.exe
  C:\Windows\System\zzTTCyF.exe
  2⤵
  PID:6200
- C:\Windows\System\crWbriH.exe
  C:\Windows\System\crWbriH.exe
  2⤵
  PID:6236
- C:\Windows\System\knRSpaQ.exe
  C:\Windows\System\knRSpaQ.exe
  2⤵
  PID:6356
- C:\Windows\System\jEyNOKY.exe
  C:\Windows\System\jEyNOKY.exe
  2⤵
  PID:6452
- C:\Windows\System\QmCdjvX.exe
  C:\Windows\System\QmCdjvX.exe
  2⤵
  PID:6264
- C:\Windows\System\JdhSbiM.exe
  C:\Windows\System\JdhSbiM.exe
  2⤵
  PID:6468
- C:\Windows\System\BKLyaMw.exe
  C:\Windows\System\BKLyaMw.exe
  2⤵
  PID:6516
- C:\Windows\System\WtBiJhB.exe
  C:\Windows\System\WtBiJhB.exe
  2⤵
  PID:6644
- C:\Windows\System\kwrkaYN.exe
  C:\Windows\System\kwrkaYN.exe
  2⤵
  PID:6660
- C:\Windows\System\elDSrpC.exe
  C:\Windows\System\elDSrpC.exe
  2⤵
  PID:6708
- C:\Windows\System\mlHlPPM.exe
  C:\Windows\System\mlHlPPM.exe
  2⤵
  PID:6500
- C:\Windows\System\PGegGjc.exe
  C:\Windows\System\PGegGjc.exe
  2⤵
  PID:6400
- C:\Windows\System\PHoRapa.exe
  C:\Windows\System\PHoRapa.exe
  2⤵
  PID:6580
- C:\Windows\System\lJSdFhg.exe
  C:\Windows\System\lJSdFhg.exe
  2⤵
  PID:6624
- C:\Windows\System\itezOuX.exe
  C:\Windows\System\itezOuX.exe
  2⤵
  PID:6848
- C:\Windows\System\JcOUret.exe
  C:\Windows\System\JcOUret.exe
  2⤵
  PID:6836
- C:\Windows\System\YyiwrFV.exe
  C:\Windows\System\YyiwrFV.exe
  2⤵
  PID:6788
- C:\Windows\System\iyATzUn.exe
  C:\Windows\System\iyATzUn.exe
  2⤵
  PID:6824
- C:\Windows\System\XordIjs.exe
  C:\Windows\System\XordIjs.exe
  2⤵
  PID:6924
- C:\Windows\System\nLwDWhf.exe
  C:\Windows\System\nLwDWhf.exe
  2⤵
  PID:6936
- C:\Windows\System\xGMpfhg.exe
  C:\Windows\System\xGMpfhg.exe
  2⤵
  PID:7012
- C:\Windows\System\xlGHEJz.exe
  C:\Windows\System\xlGHEJz.exe
  2⤵
  PID:7020
- C:\Windows\System\LhSPWVA.exe
  C:\Windows\System\LhSPWVA.exe
  2⤵
  PID:7040
- C:\Windows\System\ekhSKHw.exe
  C:\Windows\System\ekhSKHw.exe
  2⤵
  PID:7112
- C:\Windows\System\siqtwJc.exe
  C:\Windows\System\siqtwJc.exe
  2⤵
  PID:7092
- C:\Windows\System\XQvoNly.exe
  C:\Windows\System\XQvoNly.exe
  2⤵
  PID:7160
- C:\Windows\System\ttvejCc.exe
  C:\Windows\System\ttvejCc.exe
  2⤵
  PID:6232
- C:\Windows\System\DjvOlVh.exe
  C:\Windows\System\DjvOlVh.exe
  2⤵
  PID:6308
- C:\Windows\System\IIqDNiw.exe
  C:\Windows\System\IIqDNiw.exe
  2⤵
  PID:6648
- C:\Windows\System\VjXBJyi.exe
  C:\Windows\System\VjXBJyi.exe
  2⤵
  PID:6464
- C:\Windows\System\gbbctpv.exe
  C:\Windows\System\gbbctpv.exe
  2⤵
  PID:6420
- C:\Windows\System\SCbrUbc.exe
  C:\Windows\System\SCbrUbc.exe
  2⤵
  PID:6368
- C:\Windows\System\gaVwlOY.exe
  C:\Windows\System\gaVwlOY.exe
  2⤵
  PID:6744
- C:\Windows\System\KQfEpON.exe
  C:\Windows\System\KQfEpON.exe
  2⤵
  PID:6888
- C:\Windows\System\XQnrzDa.exe
  C:\Windows\System\XQnrzDa.exe
  2⤵
  PID:6972
- C:\Windows\System\gomzoRw.exe
  C:\Windows\System\gomzoRw.exe
  2⤵
  PID:6908
- C:\Windows\System\DpvNQoJ.exe
  C:\Windows\System\DpvNQoJ.exe
  2⤵
  PID:6928
- C:\Windows\System\pVTjFir.exe
  C:\Windows\System\pVTjFir.exe
  2⤵
  PID:6932
- C:\Windows\System\SlYvyXF.exe
  C:\Windows\System\SlYvyXF.exe
  2⤵
  PID:6352
- C:\Windows\System\PcCtwwz.exe
  C:\Windows\System\PcCtwwz.exe
  2⤵
  PID:6436
- C:\Windows\System\dUEzCBO.exe
  C:\Windows\System\dUEzCBO.exe
  2⤵
  PID:6808
- C:\Windows\System\epLVAZU.exe
  C:\Windows\System\epLVAZU.exe
  2⤵
  PID:6592
- C:\Windows\System\FHhcdqn.exe
  C:\Windows\System\FHhcdqn.exe
  2⤵
  PID:6904
- C:\Windows\System\YyvBPpg.exe
  C:\Windows\System\YyvBPpg.exe
  2⤵
  PID:6284
- C:\Windows\System\gwLSQPO.exe
  C:\Windows\System\gwLSQPO.exe
  2⤵
  PID:6712
- C:\Windows\System\XEpKeUt.exe
  C:\Windows\System\XEpKeUt.exe
  2⤵
  PID:6560
- C:\Windows\System\KzYdIXg.exe
  C:\Windows\System\KzYdIXg.exe
  2⤵
  PID:7024
- C:\Windows\System\sOBzJsD.exe
  C:\Windows\System\sOBzJsD.exe
  2⤵
  PID:6680
- C:\Windows\System\TafnSGQ.exe
  C:\Windows\System\TafnSGQ.exe
  2⤵
  PID:7056
- C:\Windows\System\xDQbPAw.exe
  C:\Windows\System\xDQbPAw.exe
  2⤵
  PID:7176
- C:\Windows\System\ZzMWGPc.exe
  C:\Windows\System\ZzMWGPc.exe
  2⤵
  PID:7192
- C:\Windows\System\PotuMaU.exe
  C:\Windows\System\PotuMaU.exe
  2⤵
  PID:7208
- C:\Windows\System\hpnOWJY.exe
  C:\Windows\System\hpnOWJY.exe
  2⤵
  PID:7224
- C:\Windows\System\hXorYwC.exe
  C:\Windows\System\hXorYwC.exe
  2⤵
  PID:7248
- C:\Windows\System\RyuxByR.exe
  C:\Windows\System\RyuxByR.exe
  2⤵
  PID:7264
- C:\Windows\System\mTaSKiK.exe
  C:\Windows\System\mTaSKiK.exe
  2⤵
  PID:7284
- C:\Windows\System\HoeAENs.exe
  C:\Windows\System\HoeAENs.exe
  2⤵
  PID:7308
- C:\Windows\System\WAictke.exe
  C:\Windows\System\WAictke.exe
  2⤵
  PID:7324
- C:\Windows\System\cwSJRoo.exe
  C:\Windows\System\cwSJRoo.exe
  2⤵
  PID:7340
- C:\Windows\System\pZCMJlJ.exe
  C:\Windows\System\pZCMJlJ.exe
  2⤵
  PID:7356
- C:\Windows\System\qQJIuOU.exe
  C:\Windows\System\qQJIuOU.exe
  2⤵
  PID:7372
- C:\Windows\System\EKExhjB.exe
  C:\Windows\System\EKExhjB.exe
  2⤵
  PID:7388
- C:\Windows\System\tyaSKAV.exe
  C:\Windows\System\tyaSKAV.exe
  2⤵
  PID:7404
- C:\Windows\System\VVqagru.exe
  C:\Windows\System\VVqagru.exe
  2⤵
  PID:7420
- C:\Windows\System\YdcpUAa.exe
  C:\Windows\System\YdcpUAa.exe
  2⤵
  PID:7436
- C:\Windows\System\ZbZrbOp.exe
  C:\Windows\System\ZbZrbOp.exe
  2⤵
  PID:7452
- C:\Windows\System\khUUGgq.exe
  C:\Windows\System\khUUGgq.exe
  2⤵
  PID:7468
- C:\Windows\System\zvdEnOT.exe
  C:\Windows\System\zvdEnOT.exe
  2⤵
  PID:7488
- C:\Windows\System\xzPewlf.exe
  C:\Windows\System\xzPewlf.exe
  2⤵
  PID:7504
- C:\Windows\System\IDlhBGN.exe
  C:\Windows\System\IDlhBGN.exe
  2⤵
  PID:7520
- C:\Windows\System\ukJNcsG.exe
  C:\Windows\System\ukJNcsG.exe
  2⤵
  PID:7540
- C:\Windows\System\kDHuSxP.exe
  C:\Windows\System\kDHuSxP.exe
  2⤵
  PID:7556
- C:\Windows\System\MixpNfI.exe
  C:\Windows\System\MixpNfI.exe
  2⤵
  PID:7572
- C:\Windows\System\MsnVBUC.exe
  C:\Windows\System\MsnVBUC.exe
  2⤵
  PID:7588
- C:\Windows\System\SRqEHol.exe
  C:\Windows\System\SRqEHol.exe
  2⤵
  PID:7608
- C:\Windows\System\YanqTJh.exe
  C:\Windows\System\YanqTJh.exe
  2⤵
  PID:7624
- C:\Windows\System\bXtXYfC.exe
  C:\Windows\System\bXtXYfC.exe
  2⤵
  PID:7640
- C:\Windows\System\PjzstOK.exe
  C:\Windows\System\PjzstOK.exe
  2⤵
  PID:7656
- C:\Windows\System\ZzvMtcc.exe
  C:\Windows\System\ZzvMtcc.exe
  2⤵
  PID:7672
- C:\Windows\System\gMEmfVv.exe
  C:\Windows\System\gMEmfVv.exe
  2⤵
  PID:7688
- C:\Windows\System\YTcwVQH.exe
  C:\Windows\System\YTcwVQH.exe
  2⤵
  PID:7708
- C:\Windows\System\uHPSOWh.exe
  C:\Windows\System\uHPSOWh.exe
  2⤵
  PID:7724
- C:\Windows\System\RwWZUsh.exe
  C:\Windows\System\RwWZUsh.exe
  2⤵
  PID:7740
- C:\Windows\System\OnXmGHm.exe
  C:\Windows\System\OnXmGHm.exe
  2⤵
  PID:7756
- C:\Windows\System\olshKZz.exe
  C:\Windows\System\olshKZz.exe
  2⤵
  PID:7772
- C:\Windows\System\eMUjoAG.exe
  C:\Windows\System\eMUjoAG.exe
  2⤵
  PID:7788
- C:\Windows\System\rglKtxT.exe
  C:\Windows\System\rglKtxT.exe
  2⤵
  PID:7804
- C:\Windows\System\kSVCPtX.exe
  C:\Windows\System\kSVCPtX.exe
  2⤵
  PID:7820
- C:\Windows\System\utwIioD.exe
  C:\Windows\System\utwIioD.exe
  2⤵
  PID:7836
- C:\Windows\System\CKafWKd.exe
  C:\Windows\System\CKafWKd.exe
  2⤵
  PID:7852
- C:\Windows\System\MDSIvLH.exe
  C:\Windows\System\MDSIvLH.exe
  2⤵
  PID:7872
- C:\Windows\System\nJkBmGD.exe
  C:\Windows\System\nJkBmGD.exe
  2⤵
  PID:7888
- C:\Windows\System\ZRpHExm.exe
  C:\Windows\System\ZRpHExm.exe
  2⤵
  PID:7916
- C:\Windows\System\zTiMVxy.exe
  C:\Windows\System\zTiMVxy.exe
  2⤵
  PID:7932
- C:\Windows\System\ATvbRgT.exe
  C:\Windows\System\ATvbRgT.exe
  2⤵
  PID:7948
- C:\Windows\System\uKDKiEo.exe
  C:\Windows\System\uKDKiEo.exe
  2⤵
  PID:7964
- C:\Windows\System\trdVQkF.exe
  C:\Windows\System\trdVQkF.exe
  2⤵
  PID:7980
- C:\Windows\System\jbMqlVq.exe
  C:\Windows\System\jbMqlVq.exe
  2⤵
  PID:7996
- C:\Windows\System\BDASTza.exe
  C:\Windows\System\BDASTza.exe
  2⤵
  PID:8012
- C:\Windows\System\YNzZBIS.exe
  C:\Windows\System\YNzZBIS.exe
  2⤵
  PID:8028
- C:\Windows\System\aBcWfoZ.exe
  C:\Windows\System\aBcWfoZ.exe
  2⤵
  PID:8044
- C:\Windows\System\RSGyYHP.exe
  C:\Windows\System\RSGyYHP.exe
  2⤵
  PID:8072
- C:\Windows\System\gnljXsn.exe
  C:\Windows\System\gnljXsn.exe
  2⤵
  PID:8088
- C:\Windows\System\bIhGoKz.exe
  C:\Windows\System\bIhGoKz.exe
  2⤵
  PID:8104
- C:\Windows\System\DaLCEyu.exe
  C:\Windows\System\DaLCEyu.exe
  2⤵
  PID:8124
- C:\Windows\System\FgrJNeo.exe
  C:\Windows\System\FgrJNeo.exe
  2⤵
  PID:8140
- C:\Windows\System\uprTnKY.exe
  C:\Windows\System\uprTnKY.exe
  2⤵
  PID:8156
- C:\Windows\System\beTfenq.exe
  C:\Windows\System\beTfenq.exe
  2⤵
  PID:8172
- C:\Windows\System\EpaiOQd.exe
  C:\Windows\System\EpaiOQd.exe
  2⤵
  PID:8188
- C:\Windows\System\nigHxMN.exe
  C:\Windows\System\nigHxMN.exe
  2⤵
  PID:7188
- C:\Windows\System\FbnEnYU.exe
  C:\Windows\System\FbnEnYU.exe
  2⤵
  PID:7220
- C:\Windows\System\LFtJuzE.exe
  C:\Windows\System\LFtJuzE.exe
  2⤵
  PID:7172
- C:\Windows\System\QxALNFR.exe
  C:\Windows\System\QxALNFR.exe
  2⤵
  PID:7256
- C:\Windows\System\IqZtHGx.exe
  C:\Windows\System\IqZtHGx.exe
  2⤵
  PID:7304
- C:\Windows\System\FssrFCA.exe
  C:\Windows\System\FssrFCA.exe
  2⤵
  PID:7280
- C:\Windows\System\VKCzNLe.exe
  C:\Windows\System\VKCzNLe.exe
  2⤵
  PID:7364
- C:\Windows\System\BEPvnSt.exe
  C:\Windows\System\BEPvnSt.exe
  2⤵
  PID:7348
- C:\Windows\System\iwNrhPJ.exe
  C:\Windows\System\iwNrhPJ.exe
  2⤵
  PID:7412
- C:\Windows\System\TQJWzPM.exe
  C:\Windows\System\TQJWzPM.exe
  2⤵
  PID:7444
- C:\Windows\System\eGeDPOH.exe
  C:\Windows\System\eGeDPOH.exe
  2⤵
  PID:7496
- C:\Windows\System\nzVhaGo.exe
  C:\Windows\System\nzVhaGo.exe
  2⤵
  PID:7512
- C:\Windows\System\KyUcYqi.exe
  C:\Windows\System\KyUcYqi.exe
  2⤵
  PID:7532
- C:\Windows\System\YSkbiRr.exe
  C:\Windows\System\YSkbiRr.exe
  2⤵
  PID:7568
- C:\Windows\System\LeUQgro.exe
  C:\Windows\System\LeUQgro.exe
  2⤵
  PID:7580
- C:\Windows\System\DbyjqvO.exe
  C:\Windows\System\DbyjqvO.exe
  2⤵
  PID:7652
- C:\Windows\System\hcYKosz.exe
  C:\Windows\System\hcYKosz.exe
  2⤵
  PID:7636
- C:\Windows\System\FoyIrxj.exe
  C:\Windows\System\FoyIrxj.exe
  2⤵
  PID:7700
- C:\Windows\System\tlRozNW.exe
  C:\Windows\System\tlRozNW.exe
  2⤵
  PID:7720
- C:\Windows\System\mlnBVWa.exe
  C:\Windows\System\mlnBVWa.exe
  2⤵
  PID:7768
- C:\Windows\System\MMXjEwJ.exe
  C:\Windows\System\MMXjEwJ.exe
  2⤵
  PID:7784
- C:\Windows\System\EpmJqtA.exe
  C:\Windows\System\EpmJqtA.exe
  2⤵
  PID:7860
- C:\Windows\System\aXsYhPU.exe
  C:\Windows\System\aXsYhPU.exe
  2⤵
  PID:7848
- C:\Windows\System\BDIPNtM.exe
  C:\Windows\System\BDIPNtM.exe
  2⤵
  PID:7896
- C:\Windows\System\gvKYOnl.exe
  C:\Windows\System\gvKYOnl.exe
  2⤵
  PID:7904
- C:\Windows\System\lKCJEHd.exe
  C:\Windows\System\lKCJEHd.exe
  2⤵
  PID:7924
- C:\Windows\System\yrXJWZA.exe
  C:\Windows\System\yrXJWZA.exe
  2⤵
  PID:7956
- C:\Windows\System\MphFDly.exe
  C:\Windows\System\MphFDly.exe
  2⤵
  PID:8004
- C:\Windows\System\obDShaL.exe
  C:\Windows\System\obDShaL.exe
  2⤵
  PID:8024
- C:\Windows\System\jfLHlYT.exe
  C:\Windows\System\jfLHlYT.exe
  2⤵
  PID:8020
- C:\Windows\System\ovHZAQf.exe
  C:\Windows\System\ovHZAQf.exe
  2⤵
  PID:8084
- C:\Windows\System\uWlhHDY.exe
  C:\Windows\System\uWlhHDY.exe
  2⤵
  PID:8116
- C:\Windows\System\NyuGDgX.exe
  C:\Windows\System\NyuGDgX.exe
  2⤵
  PID:8152
- C:\Windows\System\vlMaiUa.exe
  C:\Windows\System\vlMaiUa.exe
  2⤵
  PID:8184
- C:\Windows\System\TaobiTg.exe
  C:\Windows\System\TaobiTg.exe
  2⤵
  PID:7232
- C:\Windows\System\llzHZHU.exe
  C:\Windows\System\llzHZHU.exe
  2⤵
  PID:7200
- C:\Windows\System\wolrGLp.exe
  C:\Windows\System\wolrGLp.exe
  2⤵
  PID:7396
- C:\Windows\System\baCIKqL.exe
  C:\Windows\System\baCIKqL.exe
  2⤵
  PID:7428
- C:\Windows\System\byhizzX.exe
  C:\Windows\System\byhizzX.exe
  2⤵
  PID:7464
- C:\Windows\System\CZYihzM.exe
  C:\Windows\System\CZYihzM.exe
  2⤵
  PID:7600
- C:\Windows\System\jkAzjAp.exe
  C:\Windows\System\jkAzjAp.exe
  2⤵
  PID:7732
- C:\Windows\System\rjTjhro.exe
  C:\Windows\System\rjTjhro.exe
  2⤵
  PID:7548
- C:\Windows\System\OeKpcPW.exe
  C:\Windows\System\OeKpcPW.exe
  2⤵
  PID:7696
- C:\Windows\System\paLWfLE.exe
  C:\Windows\System\paLWfLE.exe
  2⤵
  PID:7796
- C:\Windows\System\fYZHwJl.exe
  C:\Windows\System\fYZHwJl.exe
  2⤵
  PID:7828
- C:\Windows\System\gobiBRF.exe
  C:\Windows\System\gobiBRF.exe
  2⤵
  PID:7908
- C:\Windows\System\raVlvRH.exe
  C:\Windows\System\raVlvRH.exe
  2⤵
  PID:7944
- C:\Windows\System\xiIgAai.exe
  C:\Windows\System\xiIgAai.exe
  2⤵
  PID:7992
- C:\Windows\System\aryCAIp.exe
  C:\Windows\System\aryCAIp.exe
  2⤵
  PID:8120
- C:\Windows\System\rzpsncn.exe
  C:\Windows\System\rzpsncn.exe
  2⤵
  PID:8096
- C:\Windows\System\qFlPyuk.exe
  C:\Windows\System\qFlPyuk.exe
  2⤵
  PID:8164
- C:\Windows\System\zeKpzfB.exe
  C:\Windows\System\zeKpzfB.exe
  2⤵
  PID:7204
- C:\Windows\System\Fvctmid.exe
  C:\Windows\System\Fvctmid.exe
  2⤵
  PID:7400
- C:\Windows\System\bMiFajN.exe
  C:\Windows\System\bMiFajN.exe
  2⤵
  PID:7320
- C:\Windows\System\lDjbLlN.exe
  C:\Windows\System\lDjbLlN.exe
  2⤵
  PID:7620
- C:\Windows\System\XmhlfBs.exe
  C:\Windows\System\XmhlfBs.exe
  2⤵
  PID:7844
- C:\Windows\System\tdWcDzm.exe
  C:\Windows\System\tdWcDzm.exe
  2⤵
  PID:7884
- C:\Windows\System\pADnUMT.exe
  C:\Windows\System\pADnUMT.exe
  2⤵
  PID:7988
- C:\Windows\System\UZKLPpq.exe
  C:\Windows\System\UZKLPpq.exe
  2⤵
  PID:8136
- C:\Windows\System\VfQbSyG.exe
  C:\Windows\System\VfQbSyG.exe
  2⤵
  PID:8168
- C:\Windows\System\mjbbHAS.exe
  C:\Windows\System\mjbbHAS.exe
  2⤵
  PID:7276
- C:\Windows\System\fuyVnSV.exe
  C:\Windows\System\fuyVnSV.exe
  2⤵
  PID:7500
- C:\Windows\System\sjniiAp.exe
  C:\Windows\System\sjniiAp.exe
  2⤵
  PID:7716
- C:\Windows\System\OOwkhAl.exe
  C:\Windows\System\OOwkhAl.exe
  2⤵
  PID:7976
- C:\Windows\System\gbsjybY.exe
  C:\Windows\System\gbsjybY.exe
  2⤵
  PID:7236
- C:\Windows\System\ijyZYzS.exe
  C:\Windows\System\ijyZYzS.exe
  2⤵
  PID:7484
- C:\Windows\System\eyEZLOd.exe
  C:\Windows\System\eyEZLOd.exe
  2⤵
  PID:7900
- C:\Windows\System\dHmKHxi.exe
  C:\Windows\System\dHmKHxi.exe
  2⤵
  PID:8200
- C:\Windows\System\OlxwTBg.exe
  C:\Windows\System\OlxwTBg.exe
  2⤵
  PID:8216
- C:\Windows\System\RfRHzyj.exe
  C:\Windows\System\RfRHzyj.exe
  2⤵
  PID:8232
- C:\Windows\System\RIOyqOO.exe
  C:\Windows\System\RIOyqOO.exe
  2⤵
  PID:8248
- C:\Windows\System\IIigthu.exe
  C:\Windows\System\IIigthu.exe
  2⤵
  PID:8264
- C:\Windows\System\fcceFDU.exe
  C:\Windows\System\fcceFDU.exe
  2⤵
  PID:8280
- C:\Windows\System\PnHbsKi.exe
  C:\Windows\System\PnHbsKi.exe
  2⤵
  PID:8296
- C:\Windows\System\HXFEbLQ.exe
  C:\Windows\System\HXFEbLQ.exe
  2⤵
  PID:8312
- C:\Windows\System\oWpIBPc.exe
  C:\Windows\System\oWpIBPc.exe
  2⤵
  PID:8332
- C:\Windows\System\FobwUqL.exe
  C:\Windows\System\FobwUqL.exe
  2⤵
  PID:8348
- C:\Windows\System\MhsoGfd.exe
  C:\Windows\System\MhsoGfd.exe
  2⤵
  PID:8364
- C:\Windows\System\HYFkEER.exe
  C:\Windows\System\HYFkEER.exe
  2⤵
  PID:8380
- C:\Windows\System\yniCazk.exe
  C:\Windows\System\yniCazk.exe
  2⤵
  PID:8400
- C:\Windows\System\qMlifNU.exe
  C:\Windows\System\qMlifNU.exe
  2⤵
  PID:8416
- C:\Windows\System\HWjHYRj.exe
  C:\Windows\System\HWjHYRj.exe
  2⤵
  PID:8432
- C:\Windows\System\SGJdVrq.exe
  C:\Windows\System\SGJdVrq.exe
  2⤵
  PID:8448
- C:\Windows\System\EDDhVlC.exe
  C:\Windows\System\EDDhVlC.exe
  2⤵
  PID:8464
- C:\Windows\System\Wqxspci.exe
  C:\Windows\System\Wqxspci.exe
  2⤵
  PID:8480
- C:\Windows\System\AwQtwPh.exe
  C:\Windows\System\AwQtwPh.exe
  2⤵
  PID:8500
- C:\Windows\System\brCxofq.exe
  C:\Windows\System\brCxofq.exe
  2⤵
  PID:8516
- C:\Windows\System\cQJivPI.exe
  C:\Windows\System\cQJivPI.exe
  2⤵
  PID:8532
- C:\Windows\System\oBJySYg.exe
  C:\Windows\System\oBJySYg.exe
  2⤵
  PID:8548
- C:\Windows\System\QfHpcTu.exe
  C:\Windows\System\QfHpcTu.exe
  2⤵
  PID:8564
- C:\Windows\System\BiBsQFR.exe
  C:\Windows\System\BiBsQFR.exe
  2⤵
  PID:8580
- C:\Windows\System\JzbdQsH.exe
  C:\Windows\System\JzbdQsH.exe
  2⤵
  PID:8596
- C:\Windows\System\PHGIxhZ.exe
  C:\Windows\System\PHGIxhZ.exe
  2⤵
  PID:8616
- C:\Windows\System\hblVTxg.exe
  C:\Windows\System\hblVTxg.exe
  2⤵
  PID:8632
- C:\Windows\System\qnzYier.exe
  C:\Windows\System\qnzYier.exe
  2⤵
  PID:8648
- C:\Windows\System\IByVWKj.exe
  C:\Windows\System\IByVWKj.exe
  2⤵
  PID:8664
- C:\Windows\System\dMDkgVw.exe
  C:\Windows\System\dMDkgVw.exe
  2⤵
  PID:8680
- C:\Windows\System\wvQByOe.exe
  C:\Windows\System\wvQByOe.exe
  2⤵
  PID:8696
- C:\Windows\System\OedTgaE.exe
  C:\Windows\System\OedTgaE.exe
  2⤵
  PID:8712
- C:\Windows\System\KGoSoeR.exe
  C:\Windows\System\KGoSoeR.exe
  2⤵
  PID:8728
- C:\Windows\System\JBPVqRb.exe
  C:\Windows\System\JBPVqRb.exe
  2⤵
  PID:8744
- C:\Windows\System\ieYSzgo.exe
  C:\Windows\System\ieYSzgo.exe
  2⤵
  PID:8760
- C:\Windows\System\fGoTVlu.exe
  C:\Windows\System\fGoTVlu.exe
  2⤵
  PID:8776
- C:\Windows\System\morQWTb.exe
  C:\Windows\System\morQWTb.exe
  2⤵
  PID:8792
- C:\Windows\System\MPtmssg.exe
  C:\Windows\System\MPtmssg.exe
  2⤵
  PID:8808
- C:\Windows\System\FBVitfG.exe
  C:\Windows\System\FBVitfG.exe
  2⤵
  PID:8824
- C:\Windows\System\dQOXbdd.exe
  C:\Windows\System\dQOXbdd.exe
  2⤵
  PID:8840
- C:\Windows\System\ktVvSmm.exe
  C:\Windows\System\ktVvSmm.exe
  2⤵
  PID:8856
- C:\Windows\System\sPzkiuP.exe
  C:\Windows\System\sPzkiuP.exe
  2⤵
  PID:8872
- C:\Windows\System\NWWeWWn.exe
  C:\Windows\System\NWWeWWn.exe
  2⤵
  PID:8888
- C:\Windows\System\hsuatWx.exe
  C:\Windows\System\hsuatWx.exe
  2⤵
  PID:8904
- C:\Windows\System\jkeScso.exe
  C:\Windows\System\jkeScso.exe
  2⤵
  PID:8920
- C:\Windows\System\tskQxgs.exe
  C:\Windows\System\tskQxgs.exe
  2⤵
  PID:8936
- C:\Windows\System\pzoZsDC.exe
  C:\Windows\System\pzoZsDC.exe
  2⤵
  PID:8952
- C:\Windows\System\vBJYWsT.exe
  C:\Windows\System\vBJYWsT.exe
  2⤵
  PID:8972
- C:\Windows\System\BDBkrdV.exe
  C:\Windows\System\BDBkrdV.exe
  2⤵
  PID:8988
- C:\Windows\System\fisZjxh.exe
  C:\Windows\System\fisZjxh.exe
  2⤵
  PID:9004
- C:\Windows\System\qgFrEOU.exe
  C:\Windows\System\qgFrEOU.exe
  2⤵
  PID:9020
- C:\Windows\System\eJXWSbe.exe
  C:\Windows\System\eJXWSbe.exe
  2⤵
  PID:9036
- C:\Windows\System\DilIDYM.exe
  C:\Windows\System\DilIDYM.exe
  2⤵
  PID:9056
- C:\Windows\System\GyUywwG.exe
  C:\Windows\System\GyUywwG.exe
  2⤵
  PID:9076
- C:\Windows\System\RSswndl.exe
  C:\Windows\System\RSswndl.exe
  2⤵
  PID:9096
- C:\Windows\System\tJJHBvM.exe
  C:\Windows\System\tJJHBvM.exe
  2⤵
  PID:9112
- C:\Windows\System\pxTopQB.exe
  C:\Windows\System\pxTopQB.exe
  2⤵
  PID:9128
- C:\Windows\System\ajClxNV.exe
  C:\Windows\System\ajClxNV.exe
  2⤵
  PID:9144
- C:\Windows\System\VGfGdXy.exe
  C:\Windows\System\VGfGdXy.exe
  2⤵
  PID:9164
- C:\Windows\System\jQPvare.exe
  C:\Windows\System\jQPvare.exe
  2⤵
  PID:9180
- C:\Windows\System\bgCqphM.exe
  C:\Windows\System\bgCqphM.exe
  2⤵
  PID:9200
- C:\Windows\System\yNlWaKj.exe
  C:\Windows\System\yNlWaKj.exe
  2⤵
  PID:7536
- C:\Windows\System\CjkTlIJ.exe
  C:\Windows\System\CjkTlIJ.exe
  2⤵
  PID:8196
- C:\Windows\System\XlItdZh.exe
  C:\Windows\System\XlItdZh.exe
  2⤵
  PID:8256
- C:\Windows\System\iKZwkEj.exe
  C:\Windows\System\iKZwkEj.exe
  2⤵
  PID:8208
- C:\Windows\System\iIFxjrB.exe
  C:\Windows\System\iIFxjrB.exe
  2⤵
  PID:8320
- C:\Windows\System\awQDHqO.exe
  C:\Windows\System\awQDHqO.exe
  2⤵
  PID:8324
- C:\Windows\System\keuGUAX.exe
  C:\Windows\System\keuGUAX.exe
  2⤵
  PID:8360
- C:\Windows\System\JTGDQWS.exe
  C:\Windows\System\JTGDQWS.exe
  2⤵
  PID:8440
- C:\Windows\System\FdcJwrK.exe
  C:\Windows\System\FdcJwrK.exe
  2⤵
  PID:8472
- C:\Windows\System\WihezER.exe
  C:\Windows\System\WihezER.exe
  2⤵
  PID:8524
- C:\Windows\System\IGZfdzB.exe
  C:\Windows\System\IGZfdzB.exe
  2⤵
  PID:8560
- C:\Windows\System\JCHLEoz.exe
  C:\Windows\System\JCHLEoz.exe
  2⤵
  PID:8508
- C:\Windows\System\LvhCdIy.exe
  C:\Windows\System\LvhCdIy.exe
  2⤵
  PID:8576
- C:\Windows\System\BHNkwka.exe
  C:\Windows\System\BHNkwka.exe
  2⤵
  PID:8656
- C:\Windows\System\HBBSkyj.exe
  C:\Windows\System\HBBSkyj.exe
  2⤵
  PID:8612
- C:\Windows\System\UCeLjpF.exe
  C:\Windows\System\UCeLjpF.exe
  2⤵
  PID:8676
- C:\Windows\System\nKEFjDp.exe
  C:\Windows\System\nKEFjDp.exe
  2⤵
  PID:8724
- C:\Windows\System\kEjbrmx.exe
  C:\Windows\System\kEjbrmx.exe
  2⤵
  PID:8784
- C:\Windows\System\TmkFppZ.exe
  C:\Windows\System\TmkFppZ.exe
  2⤵
  PID:8768
- C:\Windows\System\zrpAzfh.exe
  C:\Windows\System\zrpAzfh.exe
  2⤵
  PID:8736
- C:\Windows\System\PzrjeyB.exe
  C:\Windows\System\PzrjeyB.exe
  2⤵
  PID:8880
- C:\Windows\System\eJhlNZG.exe
  C:\Windows\System\eJhlNZG.exe
  2⤵
  PID:8868
- C:\Windows\System\fekDDJG.exe
  C:\Windows\System\fekDDJG.exe
  2⤵
  PID:8900
- C:\Windows\System\VFlueYN.exe
  C:\Windows\System\VFlueYN.exe
  2⤵
  PID:8960
- C:\Windows\System\GJaTksb.exe
  C:\Windows\System\GJaTksb.exe
  2⤵
  PID:8968
- C:\Windows\System\ANsDsGM.exe
  C:\Windows\System\ANsDsGM.exe
  2⤵
  PID:9000
- C:\Windows\System\BzIlZWR.exe
  C:\Windows\System\BzIlZWR.exe
  2⤵
  PID:9048
- C:\Windows\System\TGjXTAM.exe
  C:\Windows\System\TGjXTAM.exe
  2⤵
  PID:9068
- C:\Windows\System\sqRTlTe.exe
  C:\Windows\System\sqRTlTe.exe
  2⤵
  PID:9120
- C:\Windows\System\HNRmfxM.exe
  C:\Windows\System\HNRmfxM.exe
  2⤵
  PID:9124
- C:\Windows\System\zQqFlaF.exe
  C:\Windows\System\zQqFlaF.exe
  2⤵
  PID:9136
- C:\Windows\System\QJeimCs.exe
  C:\Windows\System\QJeimCs.exe
  2⤵
  PID:9188
- C:\Windows\System\NzhpHHN.exe
  C:\Windows\System\NzhpHHN.exe
  2⤵
  PID:8224
- C:\Windows\System\ABYakqo.exe
  C:\Windows\System\ABYakqo.exe
  2⤵
  PID:9208
- C:\Windows\System\fcYqwCk.exe
  C:\Windows\System\fcYqwCk.exe
  2⤵
  PID:8292
- C:\Windows\System\UhSbWql.exe
  C:\Windows\System\UhSbWql.exe
  2⤵
  PID:8304
- C:\Windows\System\AixcXKS.exe
  C:\Windows\System\AixcXKS.exe
  2⤵
  PID:8372
- C:\Windows\System\NwELKlJ.exe
  C:\Windows\System\NwELKlJ.exe
  2⤵
  PID:8428
- C:\Windows\System\CGRlrym.exe
  C:\Windows\System\CGRlrym.exe
  2⤵
  PID:8460
- C:\Windows\System\JgKzWVT.exe
  C:\Windows\System\JgKzWVT.exe
  2⤵
  PID:8540
- C:\Windows\System\iYFTMTa.exe
  C:\Windows\System\iYFTMTa.exe
  2⤵
  PID:8512
- C:\Windows\System\BMPNKlu.exe
  C:\Windows\System\BMPNKlu.exe
  2⤵
  PID:8644
- C:\Windows\System\ZouMdAo.exe
  C:\Windows\System\ZouMdAo.exe
  2⤵
  PID:8752
- C:\Windows\System\QPvUoVP.exe
  C:\Windows\System\QPvUoVP.exe
  2⤵
  PID:8816
- C:\Windows\System\bNMetir.exe
  C:\Windows\System\bNMetir.exe
  2⤵
  PID:8848
- C:\Windows\System\ebyOCoA.exe
  C:\Windows\System\ebyOCoA.exe
  2⤵
  PID:8912
- C:\Windows\System\JlqQYaM.exe
  C:\Windows\System\JlqQYaM.exe
  2⤵
  PID:8932
- C:\Windows\System\YRAtCOH.exe
  C:\Windows\System\YRAtCOH.exe
  2⤵
  PID:9032
- C:\Windows\System\FXIwZPz.exe
  C:\Windows\System\FXIwZPz.exe
  2⤵
  PID:9172
- C:\Windows\System\lTGMPcC.exe
  C:\Windows\System\lTGMPcC.exe
  2⤵
  PID:7764
- C:\Windows\System\hISMvSi.exe
  C:\Windows\System\hISMvSi.exe
  2⤵
  PID:9152
- C:\Windows\System\MWqzTjQ.exe
  C:\Windows\System\MWqzTjQ.exe
  2⤵
  PID:7864
- C:\Windows\System\TprKOne.exe
  C:\Windows\System\TprKOne.exe
  2⤵
  PID:8392
- C:\Windows\System\qOfDgGn.exe
  C:\Windows\System\qOfDgGn.exe
  2⤵
  PID:8424
- C:\Windows\System\xbnfqoR.exe
  C:\Windows\System\xbnfqoR.exe
  2⤵
  PID:8492
- C:\Windows\System\ujBYwyS.exe
  C:\Windows\System\ujBYwyS.exe
  2⤵
  PID:8628
- C:\Windows\System\zSIPDpR.exe
  C:\Windows\System\zSIPDpR.exe
  2⤵
  PID:8804
- C:\Windows\System\TUFPdZI.exe
  C:\Windows\System\TUFPdZI.exe
  2⤵
  PID:8836
- C:\Windows\System\nrFWZNT.exe
  C:\Windows\System\nrFWZNT.exe
  2⤵
  PID:8996
- C:\Windows\System\oyzwwJI.exe
  C:\Windows\System\oyzwwJI.exe
  2⤵
  PID:9092
- C:\Windows\System\JCUJgAr.exe
  C:\Windows\System\JCUJgAr.exe
  2⤵
  PID:9044
- C:\Windows\System\TfCLnQG.exe
  C:\Windows\System\TfCLnQG.exe
  2⤵
  PID:8592
- C:\Windows\System\mQKEDYI.exe
  C:\Windows\System\mQKEDYI.exe
  2⤵
  PID:7684
- C:\Windows\System\DhMBlFb.exe
  C:\Windows\System\DhMBlFb.exe
  2⤵
  PID:9108
- C:\Windows\System\EyYEpWa.exe
  C:\Windows\System\EyYEpWa.exe
  2⤵
  PID:8688
- C:\Windows\System\lkqufvx.exe
  C:\Windows\System\lkqufvx.exe
  2⤵
  PID:8376
- C:\Windows\System\THlDXMN.exe
  C:\Windows\System\THlDXMN.exe
  2⤵
  PID:8884
- C:\Windows\System\kgeJvHj.exe
  C:\Windows\System\kgeJvHj.exe
  2⤵
  PID:8288
- C:\Windows\System\QfsWEbX.exe
  C:\Windows\System\QfsWEbX.exe
  2⤵
  PID:9220
- C:\Windows\System\kjxlqap.exe
  C:\Windows\System\kjxlqap.exe
  2⤵
  PID:9236
- C:\Windows\System\OERjXXG.exe
  C:\Windows\System\OERjXXG.exe
  2⤵
  PID:9252
- C:\Windows\System\CzVPbBH.exe
  C:\Windows\System\CzVPbBH.exe
  2⤵
  PID:9268
- C:\Windows\System\sJiWdKE.exe
  C:\Windows\System\sJiWdKE.exe
  2⤵
  PID:9284
- C:\Windows\System\UJnKynV.exe
  C:\Windows\System\UJnKynV.exe
  2⤵
  PID:9300
- C:\Windows\System\nzuWiHJ.exe
  C:\Windows\System\nzuWiHJ.exe
  2⤵
  PID:9316
- C:\Windows\System\joyFlte.exe
  C:\Windows\System\joyFlte.exe
  2⤵
  PID:9332
- C:\Windows\System\DdWBacG.exe
  C:\Windows\System\DdWBacG.exe
  2⤵
  PID:9348
- C:\Windows\System\nPUPtis.exe
  C:\Windows\System\nPUPtis.exe
  2⤵
  PID:9364
- C:\Windows\System\pHmBlOz.exe
  C:\Windows\System\pHmBlOz.exe
  2⤵
  PID:9380
- C:\Windows\System\YSSEUBv.exe
  C:\Windows\System\YSSEUBv.exe
  2⤵
  PID:9396
- C:\Windows\System\KaVfCFa.exe
  C:\Windows\System\KaVfCFa.exe
  2⤵
  PID:9412
- C:\Windows\System\vGHsCuw.exe
  C:\Windows\System\vGHsCuw.exe
  2⤵
  PID:9428
- C:\Windows\System\hMElMbs.exe
  C:\Windows\System\hMElMbs.exe
  2⤵
  PID:9444
- C:\Windows\System\OtIePJE.exe
  C:\Windows\System\OtIePJE.exe
  2⤵
  PID:9460
- C:\Windows\System\CIQPViV.exe
  C:\Windows\System\CIQPViV.exe
  2⤵
  PID:9476
- C:\Windows\System\sLHjYPq.exe
  C:\Windows\System\sLHjYPq.exe
  2⤵
  PID:9492
- C:\Windows\System\RaRGnFf.exe
  C:\Windows\System\RaRGnFf.exe
  2⤵
  PID:9508
- C:\Windows\System\ZSZzBvH.exe
  C:\Windows\System\ZSZzBvH.exe
  2⤵
  PID:9524
- C:\Windows\System\HItAJlm.exe
  C:\Windows\System\HItAJlm.exe
  2⤵
  PID:9540
- C:\Windows\System\cDVDObA.exe
  C:\Windows\System\cDVDObA.exe
  2⤵
  PID:9556
- C:\Windows\System\dBZuVuV.exe
  C:\Windows\System\dBZuVuV.exe
  2⤵
  PID:9572
- C:\Windows\System\NgLRRnV.exe
  C:\Windows\System\NgLRRnV.exe
  2⤵
  PID:9588
- C:\Windows\System\QaYrufI.exe
  C:\Windows\System\QaYrufI.exe
  2⤵
  PID:9604
- C:\Windows\System\CqaSZeQ.exe
  C:\Windows\System\CqaSZeQ.exe
  2⤵
  PID:9620
- C:\Windows\System\vhWkYIQ.exe
  C:\Windows\System\vhWkYIQ.exe
  2⤵
  PID:9640
- C:\Windows\System\zVRQjVW.exe
  C:\Windows\System\zVRQjVW.exe
  2⤵
  PID:9656
- C:\Windows\System\BVVdhUu.exe
  C:\Windows\System\BVVdhUu.exe
  2⤵
  PID:9672
- C:\Windows\System\CnEzGMo.exe
  C:\Windows\System\CnEzGMo.exe
  2⤵
  PID:9688
- C:\Windows\System\AFUUmlM.exe
  C:\Windows\System\AFUUmlM.exe
  2⤵
  PID:9704
- C:\Windows\System\PNKEytV.exe
  C:\Windows\System\PNKEytV.exe
  2⤵
  PID:9720
- C:\Windows\System\uceUEFb.exe
  C:\Windows\System\uceUEFb.exe
  2⤵
  PID:9736
- C:\Windows\System\dRuLVol.exe
  C:\Windows\System\dRuLVol.exe
  2⤵
  PID:9752
- C:\Windows\System\nOflikk.exe
  C:\Windows\System\nOflikk.exe
  2⤵
  PID:9768
- C:\Windows\System\vkRgcNZ.exe
  C:\Windows\System\vkRgcNZ.exe
  2⤵
  PID:9784
- C:\Windows\System\VKaIrzj.exe
  C:\Windows\System\VKaIrzj.exe
  2⤵
  PID:9800
- C:\Windows\System\YLtNTln.exe
  C:\Windows\System\YLtNTln.exe
  2⤵
  PID:9816
- C:\Windows\System\pbRhNaO.exe
  C:\Windows\System\pbRhNaO.exe
  2⤵
  PID:9832
- C:\Windows\System\QqIbIEk.exe
  C:\Windows\System\QqIbIEk.exe
  2⤵
  PID:9848
- C:\Windows\System\wcuGMLE.exe
  C:\Windows\System\wcuGMLE.exe
  2⤵
  PID:9864
- C:\Windows\System\YiowYGh.exe
  C:\Windows\System\YiowYGh.exe
  2⤵
  PID:9880
- C:\Windows\System\lnnUrzF.exe
  C:\Windows\System\lnnUrzF.exe
  2⤵
  PID:9896
- C:\Windows\System\YvFpjtc.exe
  C:\Windows\System\YvFpjtc.exe
  2⤵
  PID:9912
- C:\Windows\System\eQpoUTh.exe
  C:\Windows\System\eQpoUTh.exe
  2⤵
  PID:9928
- C:\Windows\System\TwrDWyY.exe
  C:\Windows\System\TwrDWyY.exe
  2⤵
  PID:9944
- C:\Windows\System\XNhrENR.exe
  C:\Windows\System\XNhrENR.exe
  2⤵
  PID:9960
- C:\Windows\System\sgEklSf.exe
  C:\Windows\System\sgEklSf.exe
  2⤵
  PID:9976
- C:\Windows\System\GdOwEqK.exe
  C:\Windows\System\GdOwEqK.exe
  2⤵
  PID:9992
- C:\Windows\System\GyFPnKt.exe
  C:\Windows\System\GyFPnKt.exe
  2⤵
  PID:10008
- C:\Windows\System\bteFOnh.exe
  C:\Windows\System\bteFOnh.exe
  2⤵
  PID:10024
- C:\Windows\System\voNaiKB.exe
  C:\Windows\System\voNaiKB.exe
  2⤵
  PID:10040
- C:\Windows\System\FPletqv.exe
  C:\Windows\System\FPletqv.exe
  2⤵
  PID:10056
- C:\Windows\System\AShnNrF.exe
  C:\Windows\System\AShnNrF.exe
  2⤵
  PID:10072
- C:\Windows\System\KreAwUZ.exe
  C:\Windows\System\KreAwUZ.exe
  2⤵
  PID:10088
- C:\Windows\System\NBdElOP.exe
  C:\Windows\System\NBdElOP.exe
  2⤵
  PID:10104
- C:\Windows\System\KSHlcFh.exe
  C:\Windows\System\KSHlcFh.exe
  2⤵
  PID:10120
- C:\Windows\System\WKmymMC.exe
  C:\Windows\System\WKmymMC.exe
  2⤵
  PID:10136
- C:\Windows\System\vtlrAbV.exe
  C:\Windows\System\vtlrAbV.exe
  2⤵
  PID:10152
- C:\Windows\System\BLdySvh.exe
  C:\Windows\System\BLdySvh.exe
  2⤵
  PID:10168
- C:\Windows\System\zNFGOqc.exe
  C:\Windows\System\zNFGOqc.exe
  2⤵
  PID:10184
- C:\Windows\System\CYbShVs.exe
  C:\Windows\System\CYbShVs.exe
  2⤵
  PID:10200
- C:\Windows\System\tqJxHDd.exe
  C:\Windows\System\tqJxHDd.exe
  2⤵
  PID:10216
- C:\Windows\System\nQVxQnv.exe
  C:\Windows\System\nQVxQnv.exe
  2⤵
  PID:10232
- C:\Windows\System\ePbZCtW.exe
  C:\Windows\System\ePbZCtW.exe
  2⤵
  PID:9232
- C:\Windows\System\qlXTfar.exe
  C:\Windows\System\qlXTfar.exe
  2⤵
  PID:9248
- C:\Windows\System\bipJqlj.exe
  C:\Windows\System\bipJqlj.exe
  2⤵
  PID:9276
- C:\Windows\System\tPPzCOu.exe
  C:\Windows\System\tPPzCOu.exe
  2⤵
  PID:9328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ALtOrJU.exe

Filesize
6.0MB

MD5
5b6318dc13f64744c39dad8e26f34bc7

SHA1
4c14ade6be59c11266b5532139138a0ac594792d

SHA256
10ee06e66439fc853ae0c39934c5b3ef4cf3eaf5b2d09fdc970ea3bc2bc0d56e

SHA512
513a0012389270fd3eb11cb857ebacbaa9a0cb2816300cbc22df31784789873bcdb2cf86201ec7f68f7fa5f080924e5ba5dc39919b3ce390ec77814016f72e80

Download Submit
C:\Windows\system\BKHuqFQ.exe

Filesize
6.0MB

MD5
fe303b8cea537d165af134039396174a

SHA1
c849a0b4a279cff439269bb4c891290bd6097895

SHA256
6f3e8aa06a40e9dfe6969d62dd15058177b0aa59670c4694b66dfcf6fa4f25aa

SHA512
64a7ed7d254ef5acd71ae159758a020b158b65771c359e02d6c36c0b483614f49841c2236d5b5019514e4b1887a26f375d3dbc8ff09cada7a6e7e3c64709ba3c

Download Submit
C:\Windows\system\CJPeEdj.exe

Filesize
6.0MB

MD5
65485ce0d46ed22d17f9871414077d5c

SHA1
89b7f041034dd66505a57fa0a699847d81b187de

SHA256
acbda4103fa0b993bce1963b86a455a98bbab9c6626cb0a5249d2b588f9f85ec

SHA512
5bdc3baf8f75b554b7500e4ed5d3ad38b3efe7eff338aa8cc987f7d540a51664e36933a7239e144d72198aaaee9166dcaeb6564eee088ae5d7793618121855f9

Download Submit
C:\Windows\system\DaSShJn.exe

Filesize
6.0MB

MD5
e443ac0114d2dae42aa1fd537e920d3b

SHA1
e5776192b3658a1425eeb884a153931dbd584aee

SHA256
95454a433581533a140d33058bfb1bacdd46fd07874b2922a2eb2a0d1e6df9aa

SHA512
885296e8f9e1b49f926822d118551b5c1a35ea4d4e3f398882d8f160cb2fe34b33326343a6b411a77b0c9b58f0150f922baed9087d6fabc864843d51150c48db

Download Submit
C:\Windows\system\EKcqYBn.exe

Filesize
6.0MB

MD5
f8624b9bd305c8a6c4df299bbdfc3271

SHA1
a9beecd1fc59266a14d23b21064c4a72c5cc00d0

SHA256
f4e6e9395e5ea2daccfe101a108b698f0ee651f1321d1bc0d1346fe360cbb94f

SHA512
f53f413684c3d598887da2d669cb090d178450ee4545cfe075bfa75e04f380486a93a52292195ee47f6a56f3e3aac74cf3bbd83457b085e50cdd6ff8344ba83c

Download Submit
C:\Windows\system\GAcBWMO.exe

Filesize
6.0MB

MD5
1abfaea3171062acd3db72382a1bfd0a

SHA1
4abc76a2d99d3fcef1791143d0b6d3d19e2c3dd0

SHA256
6a3f4823571bc4b0002cf94f25b9553cfbe59ed91933dca413957e6bdb69f73d

SHA512
f7b2dff6561ba145b3f7370c199f63cd6ca789ffed797187b9b7f8647d0f12d4926087c9f8ae2225447a7827484f792341048c6c8ed108cbe1b7b36417bb79fa

Download Submit
C:\Windows\system\GDtRbcT.exe

Filesize
6.0MB

MD5
cb4b92385c1fa29257f40527a8838c24

SHA1
7fe3311265dacf2f86632550f42874caaca6be12

SHA256
b3bb58a409349474b6981aba1e54098a1c4d18a8a0c22700a96a2a14819eac7b

SHA512
e6a5fe0e06f4cae71631588a32b9b4a7b0495e6d095cfaa6a395aa16ec715919a4e52ffa07c4629056db5c321a8cdc47758a1c9558886cb6710f90b98a9563a2

Download Submit
C:\Windows\system\JcXYoqw.exe

Filesize
6.0MB

MD5
eace8d9587539a481d3d2eca66720709

SHA1
a39db371af07f47df4109e301b8bba031e422bfe

SHA256
d3188fa6bf2d8cee87ec72900f1977795c1e1a41f0ef994282b13605b47c57f5

SHA512
52264864d8df7cab02533eddb3ccd9b25541dc00dd2ae681ee836b493e91a4a59322388fe3bc9edc0d22fd13ee42d0a9b14b804a1904a6316270679bed743bdc

Download Submit
C:\Windows\system\JiXTnpb.exe

Filesize
6.0MB

MD5
6654d9e0b44522574419ca82dd46488d

SHA1
b328a7d2ef29b398e963ee2489532dd361914bec

SHA256
1b352e80514ce1f014069804b8b614f367437a60aedc830aa61cbb9bf8f6b3ab

SHA512
b88ffa812c2133299ec4ceee0907adbb461a1686592af9aaabb5512f388e76087e49de71320e174b6d20c6c07cf329fd8fc3727f72f530d24207931db16f58d8

Download Submit
C:\Windows\system\KAeptSZ.exe

Filesize
6.0MB

MD5
110203452356287ad7919109ad10d18a

SHA1
e58686557cf429a7333de93d8b01b5a0dd418b83

SHA256
ba6ef6331b672f2f00367b2f28478f6b404033542911c86574e52a700032ebbd

SHA512
c77b991fbadf3e42ab5c65aec47659f8b7f3dabc89f77fc0fc43e550a49ee08e705fe9b8ccd6eb40887978e849683b82e0f5dab07ba1537a8b5eece38b2eef83

Download Submit
C:\Windows\system\LIctoaW.exe

Filesize
6.0MB

MD5
77483beeeccd87f0c2275b110ad3cbab

SHA1
c41ca4d0c75f1d8fd693b7a311090545b8365aba

SHA256
02c9930a2da01004100ff6ea490ae1426e21a6c56bea3760b0ac91dc578127bd

SHA512
c3dd5585f98475dff07d63f42915e2cfb1a7a0e2f8cd289e7bb499b9d1ff61179b531c785fdd6c7739f5bfb514bc8da2440971902bc9483f29347c057d44f6b8

Download Submit
C:\Windows\system\MAGpzMt.exe

Filesize
6.0MB

MD5
d7cdce8d1803aa0f67f1a7dfab6accaf

SHA1
ee2f95a222c0aa50bc5bbf2702369c424ffd9664

SHA256
e1e656069a185044b72f4b0bf4fdd0af65ee6ddae7c4fcbb111ce07e77185e86

SHA512
7aab23f358c74ecfb420f8f74cbebf2c244bbd80e6749687fc8c71166a60bdf035f823a5129d7b416adcdaf3a9fe2f13d7d960c85e40ce7f7c68e7f58e1d5000

Download Submit
C:\Windows\system\PyilWcs.exe

Filesize
6.0MB

MD5
452ed143e41f8705eec3c0a44b311a5d

SHA1
ccb278ed32ea3c05a91e7ef125d56e195e138a75

SHA256
ddcba4e6c6c373e468434119f8e9a6718982a23ce662d46adb90034c965d8706

SHA512
71ef1199352e38b80217d1369363807ac1121f5075253a287536ec5b3e684a9251a3a18f8137781a1d9a1c0f1433454306a940167911b08c3a3d0cb1db17704b

Download Submit
C:\Windows\system\UWtRUJL.exe

Filesize
6.0MB

MD5
78545ee30d3252330d7d1f4bcf73a4b3

SHA1
43c8e0b69534985f0031118c8f8f3319b1819f5f

SHA256
2c9209b128cfed1bb1651690295018108638e127fa31be25306dacbc7088eb67

SHA512
1614f5c9332e8da54674b9f2b38707e67eb2e2c214672a028a374c57f256204f2d5a58d5a82b4283bce3db61bea7982e3242b07f50d72c691838e5527bf42927

Download Submit
C:\Windows\system\WChTNIO.exe

Filesize
6.0MB

MD5
0065e9d4173336fa0f4a11d3527a8db5

SHA1
eb55c94538be7583d0323a89a9c3ba1ad0fc32dc

SHA256
0de5662ed7c2bfa90c854e5b4215a12d4e18330e5e18f511c0c0b12491003177

SHA512
7c1175e8ab28acac5d94c729d8e4b4a2c34039492a4cb2cccb52ae5cadb663ac059984532b033f3bd6c6eb8d659f921a1c3d28ff6d131c3e0bd2dde96f6fc4d7

Download Submit
C:\Windows\system\WydXJFY.exe

Filesize
6.0MB

MD5
bd7384c6d0aedfeed4eafefe0b36acda

SHA1
f82043534c0a60c7230b59702f4ce9d5c7fd1e52

SHA256
8b1e3b2cd052b1d72a6ba8b5af790823a594ecce1fd148a3d2d1a3a5fec299ea

SHA512
7df666ec39306ac3216033312b7cdbd4755004e57c30d17aa58c9219b4bb1ff42798fc1668b03f9ef8bf0e05351835dec2bf31ea63952fa5a20eaa462ace890f

Download Submit
C:\Windows\system\acyWizG.exe

Filesize
6.0MB

MD5
e3b55b2e1a79c61e32d520fd983a19c5

SHA1
1b9fd40a3d31af4aa1f1ecc620d452a8d183b731

SHA256
f672adb2a66c7b1297e3008565c7e723069addcf25cf2f369ddf8ab6fcfcdc1f

SHA512
236f7b0595d898256e171ff8448c5e6835edf9f78fb3af6ded3b503f862ee93dbeba243b2dd0e813b496ba36203dd997fd9f0a7fe9a0147132071de70bb4a44d

Download Submit
C:\Windows\system\dFkrjJR.exe

Filesize
6.0MB

MD5
8d6b878afb9d6fab05fff4b88db2dd67

SHA1
844b4899cbcbd98b53a746bbc846b2537431181b

SHA256
9a5eb810387f1ed5ce95fd6c4defa4988514ad80f8d4da4f921aeeb66813663e

SHA512
2d55bc8411e011e0d0bda23c54d290a6484f99a1642946c152b2d3786fcb292da145bd1c4b9decfd758281740701698827ff1dd4e2dd2074231e1fcc15fef3df

Download Submit
C:\Windows\system\eECBtYd.exe

Filesize
6.0MB

MD5
e28bebbaa60d3c49e5201c319dde0193

SHA1
bc90907546c90a1f9ea81329658433cf5cd5033a

SHA256
2b310978699f6efcaa845d2ffac8de16e6fdd4b56bff275faa0bba5a234c9247

SHA512
29a610495f817fb2d3ca44dbd41aeafe85592a8ccd42f179f8689764b16735fa920baa424d1422035e021d6128b2574c0f64519f550c0a9fda7ffcde3d4ab2f5

Download Submit
C:\Windows\system\fDTwEVt.exe

Filesize
6.0MB

MD5
771bbacb0aec7ef816383a4f06944db5

SHA1
bb711ae96adf4a61e879ccea7b046bd010afb7cc

SHA256
2161df029b01362dede3452f42c89fb8afcebf99de822b26f485a8affe99c6ab

SHA512
015fff7cf0df0927b4997c341b839c14c7f5eef9cd4fc1befcdbcb27fbea2e7812710eaf85deac2868b74dc045cf288c8cbb20972fd6abacabd9c862c6eca9e6

Download Submit
C:\Windows\system\mTKFsKE.exe

Filesize
6.0MB

MD5
9376fb51c03b20e1992d9acda8fc21aa

SHA1
37bb891887e107fe169c613415b302cfc129bafb

SHA256
237e52209ea6bb5d34fd19077e2b2ea9c0954c46b929b5542509f3475ee630f8

SHA512
31929c40c2a07a2ba7a5ac1c038d7746a97b7fd4b7db5221dffd201e8a82794cdbdb4b41ccdfc1b1070356a9737e0ff19524955266b8807484ca5c3f460794ba

Download Submit
C:\Windows\system\ocnsOwh.exe

Filesize
6.0MB

MD5
576e78e00874603dc9f63e84fff5ed3b

SHA1
9a70fe987a13fec698f5c39392240349966ade36

SHA256
7fc26264e72d1d8f039720adda3d787ec81797445cfb6e79eb3b264187b200a4

SHA512
a2b4028bbd972335e228aa22822fafd7617a6dc503bffa4d5ebf00024d7ead68f8c48a24b90c8a362dbb6b59434edfa2876cecf11fb844ea3ef21ed61eee5f9f

Download Submit
C:\Windows\system\rEODnMX.exe

Filesize
6.0MB

MD5
b45ad80c17ce15d5902d7eb3c436ade5

SHA1
6fbed18b7f4113e2eeed9611dd7dcd3ba74fb184

SHA256
7a39ea14d349b52f4c4823f7ed17060501e9e789f236aac0f3ba0f2884f40dfa

SHA512
391ffcf691612ae4e11c2d84cd9c19ff9fe28cf882a343e376cabcdd9809dba1db5f7eb4159fd4a2263cedf6f76fa448422b0d87c0e2809dbf4956f8c5452e40

Download Submit
C:\Windows\system\stvYUkQ.exe

Filesize
6.0MB

MD5
d6370dee7ea46e7fe332b90caeb72649

SHA1
9cd9b9abcbddd6c1c4950d8eda9f56d9a0666e92

SHA256
b9b9ea3fc4e54828bdb355d20916da4aa9f9fb6c9cec6fb1bee25538205d29d0

SHA512
e31a0b836ea100eb10b2d8fab6a85a2c041372ecdc30b139be673a322f8aa92881267576cdd4c73950f333c755c52efe33ff1db0683a83d65913a125a9b9b72a

Download Submit
C:\Windows\system\wTQMXoI.exe

Filesize
6.0MB

MD5
d980353d7b4530ccae07420cc6a4cee8

SHA1
eb90a3b41d9ff62070768f35f8a009544cfc60a2

SHA256
b92048ae358a92d8dae17af2fb7321617fcc3775590dc4fc184decebb5286599

SHA512
6be3a4428cdb5b11b0898aa8267f6322e424747944879c572157cd46586c0b1ff5bb62ded89635a4f2372eef545adb7b1a691c8f5d622a46c998ae729fdf1767

Download Submit
C:\Windows\system\xCupxuS.exe

Filesize
6.0MB

MD5
ba95f52dca3393881a13114fde7f18fd

SHA1
1ae3131fb2ff4e626a166445ba6a63c28b40b3b5

SHA256
adf0de2c6405ab39202f09e15206da6fe2098bf862c82f70fa6cf4a33119b37c

SHA512
8acef4c51f5bf04c1c6fb12cdcfbf04fd62e7c9b476dfa63f7ef777445853034eef1db8ed72eef940ed96672814116156f117fa56195aa2b37e12ac68a0c2664

Download Submit
C:\Windows\system\zNsRCeI.exe

Filesize
6.0MB

MD5
8d5f603bd512cf66a4e38449b8916d1c

SHA1
ed5990e15554a352e7eb629c728bf48b2d7a25c2

SHA256
3b71280a028a61e7e69968e8eec721628d18fcb0fe28be687147666beda89c6e

SHA512
fc5c9f6f6ab247c4e2bcbcd2df1693b8f6abce5c43d43c5c1187720f05271ceaf3c0fa8583b3c43863fd1c415533c28a70e37904f310f28861788974fe5f04ab

Download Submit
\Windows\system\HnnNYep.exe

Filesize
6.0MB

MD5
597be5ec42b7f1385c6eb43a626e4b93

SHA1
15ec0e323c0db1b821aeb71d838a72a3ee1d03f9

SHA256
8437122e52c77dd0c8760afe12306f57b6e5695c57ee183a82b0da9b266e6e49

SHA512
33368d88f1bf56ded176eee42e88411dcc2e09de6ced999f77ef2e99a27502b91fb3ac3cf494d26110638ff7a9ff1eb7c0d34b641578cb755f4129cd92fdab3f

Download Submit
\Windows\system\RSFwCiv.exe

Filesize
6.0MB

MD5
8d12ba2daa92f13d49dcc8c2fd5d0fdb

SHA1
9ef91107401283e6d6b6abf8027b925be3cf042d

SHA256
af4b5d70ab6e13380259f50a560c771823183eeeb4f1f01626ce63a13bb20b9b

SHA512
7896446297a36d3b14808216a48318a12df8d1cd6d535b92df841873cf4dc81896f3ff232c7be706ae8048b36db3978f38c8bd671a0f2a7980e3ee92f2206393

Download Submit
\Windows\system\csUoxZm.exe

Filesize
6.0MB

MD5
c417e3506ad753547a1de0f2c2fc1024

SHA1
b008aa8bba421d4d7bbe52c5be44bb44971d3a35

SHA256
966b0a2fce82d9852d2391ac15d461c426307404a6985c9404889062eff43ac8

SHA512
cfc8ea5df443c8b96168a51106652af06e17a6610044733cfee1aaefff1bf716b55c04dca955d53746858bc29c2b4207d9210189d2c095a3fceaf2cca9160ae9

Download Submit
\Windows\system\gZkjNcv.exe

Filesize
6.0MB

MD5
e218cbdc95eefe35b4641a775f2cd014

SHA1
2f93f9320e9fd76fd1d05eb61d3f2090841ead6f

SHA256
fc85047cee194d8fc1438e38a4ab71e0422087b205668a4b48104df386f2ad65

SHA512
cb946fff8977760c11e16fb56e41085da9226fbe8a2152dd130a09a0ec837e178e2fb05d56aebab07495edca49ef9089f060452e87ee12a68656d8c393fba02c

Download Submit
\Windows\system\kiHgQKq.exe

Filesize
6.0MB

MD5
4888ea0590324cbfa41e7d91e5b6d6db

SHA1
00977e7cdfc1a772eaed24d5c688dd88e2b07d76

SHA256
9024358c08a7e30db9f1351b9785abca805002d6b6d935596ef2b4d006602d11

SHA512
304443761851ff353c4a81436d70b157bb3fc957eb23734fe74f72335c4fd94b735885f8021c483cd4907b624203c2e734a1a86946b69bc692e3b9d51da7f7aa

Download Submit
memory/476-4176-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/556-4183-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/936-4177-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/936-81-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/1300-75-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1300-4181-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2424-64-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2424-26-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-4179-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-51-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-43-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-4180-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-3615-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-8-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-42-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-40-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-4174-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-93-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2596-4178-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2636-50-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-13-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-3606-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-20-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2696-53-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2960-97-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-507-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-34-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2960-54-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-78-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-85-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-90-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2960-46-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-45-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-96-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2960-37-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-60-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-84-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-67-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2960-618-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2960-18-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2960-39-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-747-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-32-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-0-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2960-22-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-70-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-58-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2984-4175-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/3000-4182-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-65-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download