cobaltstrike | 68d014a3278b2b00efe253d6cc2d9761ff61c2483d75a2ba25e6349c48db1691

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24-09-2024 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

4a85b45cb3c113474e47a1ec98115ddc
SHA1

e9fe970c1283d441c5d88e3520ea230dd1e24173
SHA256

68d014a3278b2b00efe253d6cc2d9761ff61c2483d75a2ba25e6349c48db1691
SHA512

0ddb095e732611caee781374ebc4a290ad07b5049dc579b68c9a0083b01ca1ebe0d427bc6be7bb67221b0b1323c0064f1c408c7ce6c8028eee00e913d5deeca4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU+:T+q56utgpPF8u/7+

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000700000001211b-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019244-11.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001924a-12.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019266-30.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963a-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c50-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d3c-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c6b-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c53-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c51-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019994-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019702-158.dat	cobalt_reflective_dll
behavioral1/files/0x0035000000018bc8-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196bf-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019628-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019524-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e5-71.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967e-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962a-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019626-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019620-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a6-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001951c-60.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001934d-54.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001926b-39.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019315-47.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001925d-28.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/808-0-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x000700000001211b-3.dat	xmrig
behavioral1/files/0x0007000000019244-11.dat	xmrig
behavioral1/files/0x000700000001924a-12.dat	xmrig
behavioral1/files/0x0006000000019266-30.dat	xmrig
behavioral1/memory/2560-36-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/808-51-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001961c-117.dat	xmrig
behavioral1/files/0x000500000001963a-144.dat	xmrig
behavioral1/files/0x0005000000019c50-169.dat	xmrig
behavioral1/files/0x0005000000019d3c-189.dat	xmrig
behavioral1/memory/808-827-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/1880-642-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2652-544-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/808-453-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2696-186-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c6b-183.dat	xmrig
behavioral1/files/0x0005000000019c53-178.dat	xmrig
behavioral1/files/0x0005000000019c51-174.dat	xmrig
behavioral1/files/0x0005000000019994-163.dat	xmrig
behavioral1/files/0x0005000000019702-158.dat	xmrig
behavioral1/files/0x0035000000018bc8-153.dat	xmrig
behavioral1/files/0x00050000000196bf-149.dat	xmrig
behavioral1/files/0x0005000000019628-103.dat	xmrig
behavioral1/files/0x0005000000019624-96.dat	xmrig
behavioral1/files/0x0005000000019524-90.dat	xmrig
behavioral1/files/0x0005000000019621-88.dat	xmrig
behavioral1/files/0x000500000001961e-82.dat	xmrig
behavioral1/files/0x00050000000195e5-71.dat	xmrig
behavioral1/files/0x000500000001967e-133.dat	xmrig
behavioral1/memory/808-129-0x00000000024A0000-0x00000000027F4000-memory.dmp	xmrig
behavioral1/memory/1992-128-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x000500000001962a-126.dat	xmrig
behavioral1/files/0x0005000000019626-124.dat	xmrig
behavioral1/files/0x0005000000019622-122.dat	xmrig
behavioral1/files/0x0005000000019620-120.dat	xmrig
behavioral1/memory/2652-56-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x00050000000195a6-116.dat	xmrig
behavioral1/memory/2720-70-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/808-55-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x000500000001951c-60.dat	xmrig
behavioral1/memory/1880-66-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x000800000001934d-54.dat	xmrig
behavioral1/memory/2536-50-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2696-41-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x000600000001926b-39.dat	xmrig
behavioral1/files/0x0008000000019315-47.dat	xmrig
behavioral1/memory/2720-29-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x000600000001925d-28.dat	xmrig
behavioral1/memory/2732-22-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2748-20-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2672-19-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/808-18-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/1992-2998-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2696-2993-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2748-3000-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2536-2990-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2732-2989-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2672-2988-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/1880-3034-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2560-3033-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2720-3035-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2652-3039-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2672	zzekmvX.exe
2748	YJSOeHl.exe
2732	pPMfLWQ.exe
2720	QGSqQZT.exe
2560	leDdyoB.exe
2696	XGIDeoo.exe
2536	tkTPaun.exe
2652	PVHNdKH.exe
1880	uMMBqgS.exe
1992	FUMVXUy.exe
2032	RqUYGjs.exe
2632	JtOOpSK.exe
1872	rOKHYXS.exe
1712	nzaMwev.exe
1152	xCnRicT.exe
2780	FEFyXLX.exe
1652	LodmZZM.exe
2888	pyNQpTz.exe
868	nWXklBg.exe
1772	uuNuGrU.exe
1888	jaOohjU.exe
1768	ZDwXSti.exe
2788	ZqpsPRx.exe
2204	FiCMLoz.exe
1952	HLcBAVb.exe
2196	BSSTizc.exe
2972	RbcOaRA.exe
448	MsVRfFP.exe
2264	pgGbIVx.exe
1292	QBwrEcO.exe
2492	rrLKZqA.exe
756	rtZKhKZ.exe
2176	uzvnIXM.exe
2940	RfDDAgP.exe
2072	HsFeHJw.exe
1460	DcdWegt.exe
2236	EEnkNBU.exe
284	csVDGNu.exe
1728	vKAEjml.exe
1428	DvMIvys.exe
2140	fweAtXm.exe
1956	TUZKlFE.exe
2984	hXsrLXP.exe
2068	MdLushy.exe
2248	wNIxNSL.exe
2052	vdixMiF.exe
2016	yyvBzfu.exe
2496	IBSyGdW.exe
1432	HOwosoq.exe
1020	uEdCQzR.exe
1976	qkHyIaT.exe
2060	fxFBStr.exe
1492	gMKzKVJ.exe
1524	gqUIAON.exe
2728	cQLqkcF.exe
2832	uIKtFbA.exe
3028	JehhDeU.exe
3020	RtNPmFJ.exe
2868	loRjrPx.exe
2580	SIECvDw.exe
2872	EaIOCVY.exe
1564	DxobNcq.exe
536	cpohdOu.exe
2428	NmIlNVq.exe

Loads dropped DLL 64 IoCs

pid	Process
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 58 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/808-0-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x000700000001211b-3.dat	upx
behavioral1/files/0x0007000000019244-11.dat	upx
behavioral1/files/0x000700000001924a-12.dat	upx
behavioral1/files/0x0006000000019266-30.dat	upx
behavioral1/memory/2560-36-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/808-51-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x000500000001961c-117.dat	upx
behavioral1/files/0x000500000001963a-144.dat	upx
behavioral1/files/0x0005000000019c50-169.dat	upx
behavioral1/files/0x0005000000019d3c-189.dat	upx
behavioral1/memory/1880-642-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2652-544-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2696-186-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x0005000000019c6b-183.dat	upx
behavioral1/files/0x0005000000019c53-178.dat	upx
behavioral1/files/0x0005000000019c51-174.dat	upx
behavioral1/files/0x0005000000019994-163.dat	upx
behavioral1/files/0x0005000000019702-158.dat	upx
behavioral1/files/0x0035000000018bc8-153.dat	upx
behavioral1/files/0x00050000000196bf-149.dat	upx
behavioral1/files/0x0005000000019628-103.dat	upx
behavioral1/files/0x0005000000019624-96.dat	upx
behavioral1/files/0x0005000000019524-90.dat	upx
behavioral1/files/0x0005000000019621-88.dat	upx
behavioral1/files/0x000500000001961e-82.dat	upx
behavioral1/files/0x00050000000195e5-71.dat	upx
behavioral1/files/0x000500000001967e-133.dat	upx
behavioral1/memory/1992-128-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x000500000001962a-126.dat	upx
behavioral1/files/0x0005000000019626-124.dat	upx
behavioral1/files/0x0005000000019622-122.dat	upx
behavioral1/files/0x0005000000019620-120.dat	upx
behavioral1/memory/2652-56-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x00050000000195a6-116.dat	upx
behavioral1/memory/2720-70-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x000500000001951c-60.dat	upx
behavioral1/memory/1880-66-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x000800000001934d-54.dat	upx
behavioral1/memory/2536-50-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2696-41-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x000600000001926b-39.dat	upx
behavioral1/files/0x0008000000019315-47.dat	upx
behavioral1/memory/2720-29-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x000600000001925d-28.dat	upx
behavioral1/memory/2732-22-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2748-20-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2672-19-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/1992-2998-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2696-2993-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2748-3000-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2536-2990-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2732-2989-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2672-2988-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/1880-3034-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2560-3033-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2720-3035-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2652-3039-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qsClqmI.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SPDiLll.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EhXcGLk.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vdixMiF.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uzUasFC.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mJfToWE.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfesWdp.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HYMlIws.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPdvsaq.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wRlxPrA.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vcCWbmh.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VSEpHUm.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zXWGjzm.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Gczuznd.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QAREGma.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pjvjsYW.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SSJjVZD.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDwXSti.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxpXrgW.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rsoIrsM.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rxuVMoC.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZXKhOGH.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fyXLdkA.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OEbQrYi.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KeXplea.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IvBOMdq.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwGaEDa.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yJccCjD.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZlTDzjF.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mHyfNpr.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVmioLR.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnnlNxI.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgNbYOS.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NvGddkQ.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HDgoJGC.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ltSdJsA.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CKJaGEi.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\utwLFyb.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmmuVtk.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sAzIKhv.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fbtIznQ.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EjQbHUJ.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBwrEcO.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WOmvgDA.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPrmRjB.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xDpmcbP.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LglRLBk.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RNKTpJM.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CvenYRG.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKSSvWW.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lEexUPi.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FOHcbpL.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\klGmUTI.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UDAlWGJ.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NPhTjpM.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOHHxQB.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oVKQdJy.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUIgSNs.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qBGFzLt.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jyOUZzz.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MkDKXtP.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ByvROay.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tIDJNot.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WOBYkLe.exe	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 808 wrote to memory of 2672	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 808 wrote to memory of 2672	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 808 wrote to memory of 2672	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 808 wrote to memory of 2748	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 808 wrote to memory of 2748	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 808 wrote to memory of 2748	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 808 wrote to memory of 2732	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 808 wrote to memory of 2732	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 808 wrote to memory of 2732	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 808 wrote to memory of 2720	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 808 wrote to memory of 2720	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 808 wrote to memory of 2720	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 808 wrote to memory of 2560	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 808 wrote to memory of 2560	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 808 wrote to memory of 2560	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 808 wrote to memory of 2696	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 808 wrote to memory of 2696	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 808 wrote to memory of 2696	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 808 wrote to memory of 2536	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 808 wrote to memory of 2536	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 808 wrote to memory of 2536	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 808 wrote to memory of 2652	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 808 wrote to memory of 2652	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 808 wrote to memory of 2652	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 808 wrote to memory of 1880	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 808 wrote to memory of 1880	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 808 wrote to memory of 1880	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 808 wrote to memory of 1992	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 808 wrote to memory of 1992	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 808 wrote to memory of 1992	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 808 wrote to memory of 2032	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 808 wrote to memory of 2032	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 808 wrote to memory of 2032	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 808 wrote to memory of 2888	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 808 wrote to memory of 2888	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 808 wrote to memory of 2888	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 808 wrote to memory of 2632	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 808 wrote to memory of 2632	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 808 wrote to memory of 2632	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 808 wrote to memory of 868	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 808 wrote to memory of 868	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 808 wrote to memory of 868	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 808 wrote to memory of 1872	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 808 wrote to memory of 1872	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 808 wrote to memory of 1872	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 808 wrote to memory of 1772	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 808 wrote to memory of 1772	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 808 wrote to memory of 1772	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 808 wrote to memory of 1712	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 808 wrote to memory of 1712	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 808 wrote to memory of 1712	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 808 wrote to memory of 1888	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 808 wrote to memory of 1888	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 808 wrote to memory of 1888	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 808 wrote to memory of 1152	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 808 wrote to memory of 1152	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 808 wrote to memory of 1152	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 808 wrote to memory of 1768	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 808 wrote to memory of 1768	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 808 wrote to memory of 1768	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 808 wrote to memory of 2780	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 808 wrote to memory of 2780	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 808 wrote to memory of 2780	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 808 wrote to memory of 2788	808	2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-24_4a85b45cb3c113474e47a1ec98115ddc_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:808
- C:\Windows\System\zzekmvX.exe
  C:\Windows\System\zzekmvX.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\YJSOeHl.exe
  C:\Windows\System\YJSOeHl.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\pPMfLWQ.exe
  C:\Windows\System\pPMfLWQ.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\QGSqQZT.exe
  C:\Windows\System\QGSqQZT.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\leDdyoB.exe
  C:\Windows\System\leDdyoB.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\XGIDeoo.exe
  C:\Windows\System\XGIDeoo.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\tkTPaun.exe
  C:\Windows\System\tkTPaun.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\PVHNdKH.exe
  C:\Windows\System\PVHNdKH.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\uMMBqgS.exe
  C:\Windows\System\uMMBqgS.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\FUMVXUy.exe
  C:\Windows\System\FUMVXUy.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\RqUYGjs.exe
  C:\Windows\System\RqUYGjs.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\pyNQpTz.exe
  C:\Windows\System\pyNQpTz.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\JtOOpSK.exe
  C:\Windows\System\JtOOpSK.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\nWXklBg.exe
  C:\Windows\System\nWXklBg.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\rOKHYXS.exe
  C:\Windows\System\rOKHYXS.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\uuNuGrU.exe
  C:\Windows\System\uuNuGrU.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\nzaMwev.exe
  C:\Windows\System\nzaMwev.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\jaOohjU.exe
  C:\Windows\System\jaOohjU.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\xCnRicT.exe
  C:\Windows\System\xCnRicT.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\ZDwXSti.exe
  C:\Windows\System\ZDwXSti.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\FEFyXLX.exe
  C:\Windows\System\FEFyXLX.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\ZqpsPRx.exe
  C:\Windows\System\ZqpsPRx.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\LodmZZM.exe
  C:\Windows\System\LodmZZM.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\FiCMLoz.exe
  C:\Windows\System\FiCMLoz.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\HLcBAVb.exe
  C:\Windows\System\HLcBAVb.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\BSSTizc.exe
  C:\Windows\System\BSSTizc.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\RbcOaRA.exe
  C:\Windows\System\RbcOaRA.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\MsVRfFP.exe
  C:\Windows\System\MsVRfFP.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\pgGbIVx.exe
  C:\Windows\System\pgGbIVx.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\QBwrEcO.exe
  C:\Windows\System\QBwrEcO.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\rrLKZqA.exe
  C:\Windows\System\rrLKZqA.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\rtZKhKZ.exe
  C:\Windows\System\rtZKhKZ.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\uzvnIXM.exe
  C:\Windows\System\uzvnIXM.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\RfDDAgP.exe
  C:\Windows\System\RfDDAgP.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\HsFeHJw.exe
  C:\Windows\System\HsFeHJw.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\DcdWegt.exe
  C:\Windows\System\DcdWegt.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\EEnkNBU.exe
  C:\Windows\System\EEnkNBU.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\csVDGNu.exe
  C:\Windows\System\csVDGNu.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\vKAEjml.exe
  C:\Windows\System\vKAEjml.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\DvMIvys.exe
  C:\Windows\System\DvMIvys.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\fweAtXm.exe
  C:\Windows\System\fweAtXm.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\TUZKlFE.exe
  C:\Windows\System\TUZKlFE.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\hXsrLXP.exe
  C:\Windows\System\hXsrLXP.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\wNIxNSL.exe
  C:\Windows\System\wNIxNSL.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\MdLushy.exe
  C:\Windows\System\MdLushy.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\vdixMiF.exe
  C:\Windows\System\vdixMiF.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\yyvBzfu.exe
  C:\Windows\System\yyvBzfu.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\IBSyGdW.exe
  C:\Windows\System\IBSyGdW.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\HOwosoq.exe
  C:\Windows\System\HOwosoq.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\uEdCQzR.exe
  C:\Windows\System\uEdCQzR.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\qkHyIaT.exe
  C:\Windows\System\qkHyIaT.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\fxFBStr.exe
  C:\Windows\System\fxFBStr.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\gMKzKVJ.exe
  C:\Windows\System\gMKzKVJ.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\gqUIAON.exe
  C:\Windows\System\gqUIAON.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\cQLqkcF.exe
  C:\Windows\System\cQLqkcF.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\uIKtFbA.exe
  C:\Windows\System\uIKtFbA.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\JehhDeU.exe
  C:\Windows\System\JehhDeU.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\SIECvDw.exe
  C:\Windows\System\SIECvDw.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\RtNPmFJ.exe
  C:\Windows\System\RtNPmFJ.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\EaIOCVY.exe
  C:\Windows\System\EaIOCVY.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\loRjrPx.exe
  C:\Windows\System\loRjrPx.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\DxobNcq.exe
  C:\Windows\System\DxobNcq.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\cpohdOu.exe
  C:\Windows\System\cpohdOu.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\NmIlNVq.exe
  C:\Windows\System\NmIlNVq.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\ByvROay.exe
  C:\Windows\System\ByvROay.exe
  2⤵
  PID:2792
- C:\Windows\System\CsesAfM.exe
  C:\Windows\System\CsesAfM.exe
  2⤵
  PID:1760
- C:\Windows\System\ZvstemY.exe
  C:\Windows\System\ZvstemY.exe
  2⤵
  PID:1560
- C:\Windows\System\kwfmjZw.exe
  C:\Windows\System\kwfmjZw.exe
  2⤵
  PID:1852
- C:\Windows\System\tIDJNot.exe
  C:\Windows\System\tIDJNot.exe
  2⤵
  PID:2724
- C:\Windows\System\XkexQsR.exe
  C:\Windows\System\XkexQsR.exe
  2⤵
  PID:328
- C:\Windows\System\RljmGuz.exe
  C:\Windows\System\RljmGuz.exe
  2⤵
  PID:2968
- C:\Windows\System\QtVhcXI.exe
  C:\Windows\System\QtVhcXI.exe
  2⤵
  PID:2020
- C:\Windows\System\xfAzTdB.exe
  C:\Windows\System\xfAzTdB.exe
  2⤵
  PID:852
- C:\Windows\System\hddAWFz.exe
  C:\Windows\System\hddAWFz.exe
  2⤵
  PID:944
- C:\Windows\System\MGdIOJx.exe
  C:\Windows\System\MGdIOJx.exe
  2⤵
  PID:1276
- C:\Windows\System\jNyDaTl.exe
  C:\Windows\System\jNyDaTl.exe
  2⤵
  PID:2992
- C:\Windows\System\WOBYkLe.exe
  C:\Windows\System\WOBYkLe.exe
  2⤵
  PID:2924
- C:\Windows\System\FnYygyN.exe
  C:\Windows\System\FnYygyN.exe
  2⤵
  PID:1780
- C:\Windows\System\kdgNgzy.exe
  C:\Windows\System\kdgNgzy.exe
  2⤵
  PID:1240
- C:\Windows\System\OnZmgQY.exe
  C:\Windows\System\OnZmgQY.exe
  2⤵
  PID:3056
- C:\Windows\System\udjxQRd.exe
  C:\Windows\System\udjxQRd.exe
  2⤵
  PID:796
- C:\Windows\System\yLgOerE.exe
  C:\Windows\System\yLgOerE.exe
  2⤵
  PID:3036
- C:\Windows\System\UDAlWGJ.exe
  C:\Windows\System\UDAlWGJ.exe
  2⤵
  PID:1968
- C:\Windows\System\sSXtcho.exe
  C:\Windows\System\sSXtcho.exe
  2⤵
  PID:1572
- C:\Windows\System\wAKNQeL.exe
  C:\Windows\System\wAKNQeL.exe
  2⤵
  PID:2640
- C:\Windows\System\ymAuKzY.exe
  C:\Windows\System\ymAuKzY.exe
  2⤵
  PID:1620
- C:\Windows\System\CuiySBs.exe
  C:\Windows\System\CuiySBs.exe
  2⤵
  PID:2164
- C:\Windows\System\CEvpNFN.exe
  C:\Windows\System\CEvpNFN.exe
  2⤵
  PID:2548
- C:\Windows\System\ONlYfHm.exe
  C:\Windows\System\ONlYfHm.exe
  2⤵
  PID:2584
- C:\Windows\System\mHyfNpr.exe
  C:\Windows\System\mHyfNpr.exe
  2⤵
  PID:2876
- C:\Windows\System\lDoAuEr.exe
  C:\Windows\System\lDoAuEr.exe
  2⤵
  PID:1220
- C:\Windows\System\BHvMhMY.exe
  C:\Windows\System\BHvMhMY.exe
  2⤵
  PID:1592
- C:\Windows\System\Ogvluev.exe
  C:\Windows\System\Ogvluev.exe
  2⤵
  PID:3084
- C:\Windows\System\BZyyQtK.exe
  C:\Windows\System\BZyyQtK.exe
  2⤵
  PID:3108
- C:\Windows\System\OJYbtJu.exe
  C:\Windows\System\OJYbtJu.exe
  2⤵
  PID:3128
- C:\Windows\System\agLStpC.exe
  C:\Windows\System\agLStpC.exe
  2⤵
  PID:3144
- C:\Windows\System\BilSPrW.exe
  C:\Windows\System\BilSPrW.exe
  2⤵
  PID:3164
- C:\Windows\System\yCiAqNh.exe
  C:\Windows\System\yCiAqNh.exe
  2⤵
  PID:3188
- C:\Windows\System\vUBHaCr.exe
  C:\Windows\System\vUBHaCr.exe
  2⤵
  PID:3208
- C:\Windows\System\dhlIAMh.exe
  C:\Windows\System\dhlIAMh.exe
  2⤵
  PID:3228
- C:\Windows\System\BMvJCRN.exe
  C:\Windows\System\BMvJCRN.exe
  2⤵
  PID:3248
- C:\Windows\System\ixyyiVK.exe
  C:\Windows\System\ixyyiVK.exe
  2⤵
  PID:3268
- C:\Windows\System\PVkKzky.exe
  C:\Windows\System\PVkKzky.exe
  2⤵
  PID:3284
- C:\Windows\System\qWNXVIV.exe
  C:\Windows\System\qWNXVIV.exe
  2⤵
  PID:3308
- C:\Windows\System\iMaKvLH.exe
  C:\Windows\System\iMaKvLH.exe
  2⤵
  PID:3324
- C:\Windows\System\zsfyuVH.exe
  C:\Windows\System\zsfyuVH.exe
  2⤵
  PID:3348
- C:\Windows\System\oVKQdJy.exe
  C:\Windows\System\oVKQdJy.exe
  2⤵
  PID:3368
- C:\Windows\System\GqxvmQu.exe
  C:\Windows\System\GqxvmQu.exe
  2⤵
  PID:3388
- C:\Windows\System\ThFSDgK.exe
  C:\Windows\System\ThFSDgK.exe
  2⤵
  PID:3408
- C:\Windows\System\EnTHkpn.exe
  C:\Windows\System\EnTHkpn.exe
  2⤵
  PID:3424
- C:\Windows\System\sdiJJUB.exe
  C:\Windows\System\sdiJJUB.exe
  2⤵
  PID:3444
- C:\Windows\System\cUrXluU.exe
  C:\Windows\System\cUrXluU.exe
  2⤵
  PID:3468
- C:\Windows\System\cjeHuSz.exe
  C:\Windows\System\cjeHuSz.exe
  2⤵
  PID:3492
- C:\Windows\System\vCDkIQV.exe
  C:\Windows\System\vCDkIQV.exe
  2⤵
  PID:3512
- C:\Windows\System\gezpLWF.exe
  C:\Windows\System\gezpLWF.exe
  2⤵
  PID:3528
- C:\Windows\System\gnnpziw.exe
  C:\Windows\System\gnnpziw.exe
  2⤵
  PID:3552
- C:\Windows\System\NSIEdfq.exe
  C:\Windows\System\NSIEdfq.exe
  2⤵
  PID:3572
- C:\Windows\System\cSUkltE.exe
  C:\Windows\System\cSUkltE.exe
  2⤵
  PID:3592
- C:\Windows\System\aCUqVei.exe
  C:\Windows\System\aCUqVei.exe
  2⤵
  PID:3608
- C:\Windows\System\WnNEXxW.exe
  C:\Windows\System\WnNEXxW.exe
  2⤵
  PID:3636
- C:\Windows\System\HFKsSKF.exe
  C:\Windows\System\HFKsSKF.exe
  2⤵
  PID:3656
- C:\Windows\System\IchHYMq.exe
  C:\Windows\System\IchHYMq.exe
  2⤵
  PID:3676
- C:\Windows\System\BTCdYPm.exe
  C:\Windows\System\BTCdYPm.exe
  2⤵
  PID:3696
- C:\Windows\System\cruxMHn.exe
  C:\Windows\System\cruxMHn.exe
  2⤵
  PID:3716
- C:\Windows\System\EkZIZxS.exe
  C:\Windows\System\EkZIZxS.exe
  2⤵
  PID:3736
- C:\Windows\System\jemOWzX.exe
  C:\Windows\System\jemOWzX.exe
  2⤵
  PID:3752
- C:\Windows\System\kjQBTKX.exe
  C:\Windows\System\kjQBTKX.exe
  2⤵
  PID:3776
- C:\Windows\System\VHnydIN.exe
  C:\Windows\System\VHnydIN.exe
  2⤵
  PID:3796
- C:\Windows\System\hLXazuD.exe
  C:\Windows\System\hLXazuD.exe
  2⤵
  PID:3812
- C:\Windows\System\izAkpWb.exe
  C:\Windows\System\izAkpWb.exe
  2⤵
  PID:3836
- C:\Windows\System\jAHEkZj.exe
  C:\Windows\System\jAHEkZj.exe
  2⤵
  PID:3856
- C:\Windows\System\LQlxkBg.exe
  C:\Windows\System\LQlxkBg.exe
  2⤵
  PID:3876
- C:\Windows\System\iiMjEjF.exe
  C:\Windows\System\iiMjEjF.exe
  2⤵
  PID:3892
- C:\Windows\System\usZTfYU.exe
  C:\Windows\System\usZTfYU.exe
  2⤵
  PID:3916
- C:\Windows\System\tZntyPC.exe
  C:\Windows\System\tZntyPC.exe
  2⤵
  PID:3936
- C:\Windows\System\isxbauF.exe
  C:\Windows\System\isxbauF.exe
  2⤵
  PID:3960
- C:\Windows\System\sQctSXv.exe
  C:\Windows\System\sQctSXv.exe
  2⤵
  PID:3980
- C:\Windows\System\qWEQoVs.exe
  C:\Windows\System\qWEQoVs.exe
  2⤵
  PID:4000
- C:\Windows\System\baUitqm.exe
  C:\Windows\System\baUitqm.exe
  2⤵
  PID:4016
- C:\Windows\System\ArjpIHU.exe
  C:\Windows\System\ArjpIHU.exe
  2⤵
  PID:4040
- C:\Windows\System\PfGQbny.exe
  C:\Windows\System\PfGQbny.exe
  2⤵
  PID:4060
- C:\Windows\System\WOmvgDA.exe
  C:\Windows\System\WOmvgDA.exe
  2⤵
  PID:4080
- C:\Windows\System\EjCykwb.exe
  C:\Windows\System\EjCykwb.exe
  2⤵
  PID:2036
- C:\Windows\System\vpXBgnB.exe
  C:\Windows\System\vpXBgnB.exe
  2⤵
  PID:2800
- C:\Windows\System\UtDKtoc.exe
  C:\Windows\System\UtDKtoc.exe
  2⤵
  PID:2944
- C:\Windows\System\qqtGJag.exe
  C:\Windows\System\qqtGJag.exe
  2⤵
  PID:2104
- C:\Windows\System\tVXXlSA.exe
  C:\Windows\System\tVXXlSA.exe
  2⤵
  PID:2184
- C:\Windows\System\zPrmLLE.exe
  C:\Windows\System\zPrmLLE.exe
  2⤵
  PID:1748
- C:\Windows\System\ZMZXVYD.exe
  C:\Windows\System\ZMZXVYD.exe
  2⤵
  PID:3052
- C:\Windows\System\jZajpHO.exe
  C:\Windows\System\jZajpHO.exe
  2⤵
  PID:740
- C:\Windows\System\kdPGEOf.exe
  C:\Windows\System\kdPGEOf.exe
  2⤵
  PID:2080
- C:\Windows\System\svVHykT.exe
  C:\Windows\System\svVHykT.exe
  2⤵
  PID:2120
- C:\Windows\System\cyibLSk.exe
  C:\Windows\System\cyibLSk.exe
  2⤵
  PID:1640
- C:\Windows\System\JJNVnBX.exe
  C:\Windows\System\JJNVnBX.exe
  2⤵
  PID:324
- C:\Windows\System\FXqLFOm.exe
  C:\Windows\System\FXqLFOm.exe
  2⤵
  PID:2260
- C:\Windows\System\dNdOIcU.exe
  C:\Windows\System\dNdOIcU.exe
  2⤵
  PID:2456
- C:\Windows\System\EMbdvRo.exe
  C:\Windows\System\EMbdvRo.exe
  2⤵
  PID:2772
- C:\Windows\System\oIAsZCd.exe
  C:\Windows\System\oIAsZCd.exe
  2⤵
  PID:780
- C:\Windows\System\QmWZZhO.exe
  C:\Windows\System\QmWZZhO.exe
  2⤵
  PID:2816
- C:\Windows\System\bwHYPID.exe
  C:\Windows\System\bwHYPID.exe
  2⤵
  PID:3096
- C:\Windows\System\SCgxCLW.exe
  C:\Windows\System\SCgxCLW.exe
  2⤵
  PID:3140
- C:\Windows\System\oaLyudQ.exe
  C:\Windows\System\oaLyudQ.exe
  2⤵
  PID:3156
- C:\Windows\System\jFKdETD.exe
  C:\Windows\System\jFKdETD.exe
  2⤵
  PID:3184
- C:\Windows\System\pBRmLkI.exe
  C:\Windows\System\pBRmLkI.exe
  2⤵
  PID:3216
- C:\Windows\System\zRGUWfn.exe
  C:\Windows\System\zRGUWfn.exe
  2⤵
  PID:3260
- C:\Windows\System\jRPeApI.exe
  C:\Windows\System\jRPeApI.exe
  2⤵
  PID:3300
- C:\Windows\System\WiIhwXO.exe
  C:\Windows\System\WiIhwXO.exe
  2⤵
  PID:3332
- C:\Windows\System\zzUIXdS.exe
  C:\Windows\System\zzUIXdS.exe
  2⤵
  PID:3356
- C:\Windows\System\dHWsSjC.exe
  C:\Windows\System\dHWsSjC.exe
  2⤵
  PID:3380
- C:\Windows\System\VrLPhkK.exe
  C:\Windows\System\VrLPhkK.exe
  2⤵
  PID:3404
- C:\Windows\System\ssKKuJR.exe
  C:\Windows\System\ssKKuJR.exe
  2⤵
  PID:3460
- C:\Windows\System\OhzUseH.exe
  C:\Windows\System\OhzUseH.exe
  2⤵
  PID:3508
- C:\Windows\System\jLpQMRn.exe
  C:\Windows\System\jLpQMRn.exe
  2⤵
  PID:3540
- C:\Windows\System\xslMQBo.exe
  C:\Windows\System\xslMQBo.exe
  2⤵
  PID:3560
- C:\Windows\System\iiyAAle.exe
  C:\Windows\System\iiyAAle.exe
  2⤵
  PID:3584
- C:\Windows\System\ecaCLgD.exe
  C:\Windows\System\ecaCLgD.exe
  2⤵
  PID:3600
- C:\Windows\System\ceRGGap.exe
  C:\Windows\System\ceRGGap.exe
  2⤵
  PID:3672
- C:\Windows\System\mFqyrER.exe
  C:\Windows\System\mFqyrER.exe
  2⤵
  PID:3692
- C:\Windows\System\zIBmqwI.exe
  C:\Windows\System\zIBmqwI.exe
  2⤵
  PID:3748
- C:\Windows\System\tflAADz.exe
  C:\Windows\System\tflAADz.exe
  2⤵
  PID:3768
- C:\Windows\System\SpomzkY.exe
  C:\Windows\System\SpomzkY.exe
  2⤵
  PID:3772
- C:\Windows\System\KItbPBk.exe
  C:\Windows\System\KItbPBk.exe
  2⤵
  PID:3832
- C:\Windows\System\QvBRbNC.exe
  C:\Windows\System\QvBRbNC.exe
  2⤵
  PID:3868
- C:\Windows\System\SCLlLqI.exe
  C:\Windows\System\SCLlLqI.exe
  2⤵
  PID:3944
- C:\Windows\System\YsczrCT.exe
  C:\Windows\System\YsczrCT.exe
  2⤵
  PID:3928
- C:\Windows\System\oYZiPsj.exe
  C:\Windows\System\oYZiPsj.exe
  2⤵
  PID:3988
- C:\Windows\System\mOxpsQn.exe
  C:\Windows\System\mOxpsQn.exe
  2⤵
  PID:4032
- C:\Windows\System\kGoEoln.exe
  C:\Windows\System\kGoEoln.exe
  2⤵
  PID:4056
- C:\Windows\System\NwYjJGY.exe
  C:\Windows\System\NwYjJGY.exe
  2⤵
  PID:4076
- C:\Windows\System\ajtInTD.exe
  C:\Windows\System\ajtInTD.exe
  2⤵
  PID:4088
- C:\Windows\System\gjHovvT.exe
  C:\Windows\System\gjHovvT.exe
  2⤵
  PID:2928
- C:\Windows\System\XRokFlg.exe
  C:\Windows\System\XRokFlg.exe
  2⤵
  PID:2628
- C:\Windows\System\lHwLxiK.exe
  C:\Windows\System\lHwLxiK.exe
  2⤵
  PID:1012
- C:\Windows\System\ijYJVoS.exe
  C:\Windows\System\ijYJVoS.exe
  2⤵
  PID:3060
- C:\Windows\System\yZXhOvH.exe
  C:\Windows\System\yZXhOvH.exe
  2⤵
  PID:1072
- C:\Windows\System\dHnxhmB.exe
  C:\Windows\System\dHnxhmB.exe
  2⤵
  PID:1516
- C:\Windows\System\pFEjhpZ.exe
  C:\Windows\System\pFEjhpZ.exe
  2⤵
  PID:1840
- C:\Windows\System\YPkIoVZ.exe
  C:\Windows\System\YPkIoVZ.exe
  2⤵
  PID:2400
- C:\Windows\System\cQjPUEz.exe
  C:\Windows\System\cQjPUEz.exe
  2⤵
  PID:1664
- C:\Windows\System\BpznfBa.exe
  C:\Windows\System\BpznfBa.exe
  2⤵
  PID:3124
- C:\Windows\System\XssjGiU.exe
  C:\Windows\System\XssjGiU.exe
  2⤵
  PID:3172
- C:\Windows\System\pgJKJTt.exe
  C:\Windows\System\pgJKJTt.exe
  2⤵
  PID:3276
- C:\Windows\System\XXlNHGz.exe
  C:\Windows\System\XXlNHGz.exe
  2⤵
  PID:3236
- C:\Windows\System\wwQevbG.exe
  C:\Windows\System\wwQevbG.exe
  2⤵
  PID:3316
- C:\Windows\System\qxpFASH.exe
  C:\Windows\System\qxpFASH.exe
  2⤵
  PID:3360
- C:\Windows\System\KQjYhhW.exe
  C:\Windows\System\KQjYhhW.exe
  2⤵
  PID:3456
- C:\Windows\System\zckbKiz.exe
  C:\Windows\System\zckbKiz.exe
  2⤵
  PID:3548
- C:\Windows\System\BvMVYJm.exe
  C:\Windows\System\BvMVYJm.exe
  2⤵
  PID:3652
- C:\Windows\System\eXwXULG.exe
  C:\Windows\System\eXwXULG.exe
  2⤵
  PID:3668
- C:\Windows\System\PpIsYro.exe
  C:\Windows\System\PpIsYro.exe
  2⤵
  PID:3784
- C:\Windows\System\CDQyDeS.exe
  C:\Windows\System\CDQyDeS.exe
  2⤵
  PID:3744
- C:\Windows\System\RTwTHoS.exe
  C:\Windows\System\RTwTHoS.exe
  2⤵
  PID:3828
- C:\Windows\System\fRmmEUD.exe
  C:\Windows\System\fRmmEUD.exe
  2⤵
  PID:3864
- C:\Windows\System\bLhcKrG.exe
  C:\Windows\System\bLhcKrG.exe
  2⤵
  PID:3904
- C:\Windows\System\GUYtTbL.exe
  C:\Windows\System\GUYtTbL.exe
  2⤵
  PID:3972
- C:\Windows\System\cfqHaGN.exe
  C:\Windows\System\cfqHaGN.exe
  2⤵
  PID:4028
- C:\Windows\System\YqXRZQD.exe
  C:\Windows\System\YqXRZQD.exe
  2⤵
  PID:4072
- C:\Windows\System\NPhsMwO.exe
  C:\Windows\System\NPhsMwO.exe
  2⤵
  PID:1252
- C:\Windows\System\DFvsTSh.exe
  C:\Windows\System\DFvsTSh.exe
  2⤵
  PID:1692
- C:\Windows\System\kxLBUhV.exe
  C:\Windows\System\kxLBUhV.exe
  2⤵
  PID:1860
- C:\Windows\System\rxASrse.exe
  C:\Windows\System\rxASrse.exe
  2⤵
  PID:2300
- C:\Windows\System\nKrhoRm.exe
  C:\Windows\System\nKrhoRm.exe
  2⤵
  PID:2424
- C:\Windows\System\taslXmR.exe
  C:\Windows\System\taslXmR.exe
  2⤵
  PID:1896
- C:\Windows\System\dchrloL.exe
  C:\Windows\System\dchrloL.exe
  2⤵
  PID:3292
- C:\Windows\System\ApOcjUE.exe
  C:\Windows\System\ApOcjUE.exe
  2⤵
  PID:3080
- C:\Windows\System\PmmmOwX.exe
  C:\Windows\System\PmmmOwX.exe
  2⤵
  PID:3336
- C:\Windows\System\ZXKhOGH.exe
  C:\Windows\System\ZXKhOGH.exe
  2⤵
  PID:3616
- C:\Windows\System\NPhTjpM.exe
  C:\Windows\System\NPhTjpM.exe
  2⤵
  PID:3604
- C:\Windows\System\aqaURId.exe
  C:\Windows\System\aqaURId.exe
  2⤵
  PID:4116
- C:\Windows\System\azAUneQ.exe
  C:\Windows\System\azAUneQ.exe
  2⤵
  PID:4136
- C:\Windows\System\UiQDmyo.exe
  C:\Windows\System\UiQDmyo.exe
  2⤵
  PID:4156
- C:\Windows\System\IXxaotv.exe
  C:\Windows\System\IXxaotv.exe
  2⤵
  PID:4176
- C:\Windows\System\GcexjwH.exe
  C:\Windows\System\GcexjwH.exe
  2⤵
  PID:4196
- C:\Windows\System\okqyIRd.exe
  C:\Windows\System\okqyIRd.exe
  2⤵
  PID:4216
- C:\Windows\System\JgEySgt.exe
  C:\Windows\System\JgEySgt.exe
  2⤵
  PID:4236
- C:\Windows\System\uzUasFC.exe
  C:\Windows\System\uzUasFC.exe
  2⤵
  PID:4256
- C:\Windows\System\BBPQNhL.exe
  C:\Windows\System\BBPQNhL.exe
  2⤵
  PID:4276
- C:\Windows\System\MHSMWtO.exe
  C:\Windows\System\MHSMWtO.exe
  2⤵
  PID:4296
- C:\Windows\System\rqKfxTB.exe
  C:\Windows\System\rqKfxTB.exe
  2⤵
  PID:4316
- C:\Windows\System\pRIvgqu.exe
  C:\Windows\System\pRIvgqu.exe
  2⤵
  PID:4336
- C:\Windows\System\TEsxrJC.exe
  C:\Windows\System\TEsxrJC.exe
  2⤵
  PID:4356
- C:\Windows\System\BQQrlSN.exe
  C:\Windows\System\BQQrlSN.exe
  2⤵
  PID:4376
- C:\Windows\System\anhEQwX.exe
  C:\Windows\System\anhEQwX.exe
  2⤵
  PID:4392
- C:\Windows\System\kSzvKqQ.exe
  C:\Windows\System\kSzvKqQ.exe
  2⤵
  PID:4412
- C:\Windows\System\cJjaUEy.exe
  C:\Windows\System\cJjaUEy.exe
  2⤵
  PID:4436
- C:\Windows\System\ftyGiZn.exe
  C:\Windows\System\ftyGiZn.exe
  2⤵
  PID:4452
- C:\Windows\System\tjSsbZD.exe
  C:\Windows\System\tjSsbZD.exe
  2⤵
  PID:4476
- C:\Windows\System\waisSVG.exe
  C:\Windows\System\waisSVG.exe
  2⤵
  PID:4496
- C:\Windows\System\VddBlIk.exe
  C:\Windows\System\VddBlIk.exe
  2⤵
  PID:4524
- C:\Windows\System\YcrGduw.exe
  C:\Windows\System\YcrGduw.exe
  2⤵
  PID:4548
- C:\Windows\System\UuPDwIh.exe
  C:\Windows\System\UuPDwIh.exe
  2⤵
  PID:4564
- C:\Windows\System\SXTCpAi.exe
  C:\Windows\System\SXTCpAi.exe
  2⤵
  PID:4584
- C:\Windows\System\SaMvJeq.exe
  C:\Windows\System\SaMvJeq.exe
  2⤵
  PID:4600
- C:\Windows\System\cWHFqTp.exe
  C:\Windows\System\cWHFqTp.exe
  2⤵
  PID:4632
- C:\Windows\System\GGreTYQ.exe
  C:\Windows\System\GGreTYQ.exe
  2⤵
  PID:4648
- C:\Windows\System\BkHkIti.exe
  C:\Windows\System\BkHkIti.exe
  2⤵
  PID:4668
- C:\Windows\System\bmQEEvQ.exe
  C:\Windows\System\bmQEEvQ.exe
  2⤵
  PID:4688
- C:\Windows\System\UbqPkEF.exe
  C:\Windows\System\UbqPkEF.exe
  2⤵
  PID:4712
- C:\Windows\System\HHaATTf.exe
  C:\Windows\System\HHaATTf.exe
  2⤵
  PID:4728
- C:\Windows\System\qFucAbd.exe
  C:\Windows\System\qFucAbd.exe
  2⤵
  PID:4748
- C:\Windows\System\Vlusypw.exe
  C:\Windows\System\Vlusypw.exe
  2⤵
  PID:4772
- C:\Windows\System\BBnAtSl.exe
  C:\Windows\System\BBnAtSl.exe
  2⤵
  PID:4792
- C:\Windows\System\BWvZrWe.exe
  C:\Windows\System\BWvZrWe.exe
  2⤵
  PID:4812
- C:\Windows\System\dmvYMVn.exe
  C:\Windows\System\dmvYMVn.exe
  2⤵
  PID:4832
- C:\Windows\System\cXlELJC.exe
  C:\Windows\System\cXlELJC.exe
  2⤵
  PID:4856
- C:\Windows\System\UDNCdLj.exe
  C:\Windows\System\UDNCdLj.exe
  2⤵
  PID:4876
- C:\Windows\System\hdsmJER.exe
  C:\Windows\System\hdsmJER.exe
  2⤵
  PID:4892
- C:\Windows\System\wneTfMn.exe
  C:\Windows\System\wneTfMn.exe
  2⤵
  PID:4912
- C:\Windows\System\aPzXAPU.exe
  C:\Windows\System\aPzXAPU.exe
  2⤵
  PID:4936
- C:\Windows\System\RdlUTsd.exe
  C:\Windows\System\RdlUTsd.exe
  2⤵
  PID:4960
- C:\Windows\System\NAmrlAJ.exe
  C:\Windows\System\NAmrlAJ.exe
  2⤵
  PID:4980
- C:\Windows\System\JWPCjGH.exe
  C:\Windows\System\JWPCjGH.exe
  2⤵
  PID:5000
- C:\Windows\System\GRFbXQm.exe
  C:\Windows\System\GRFbXQm.exe
  2⤵
  PID:5016
- C:\Windows\System\VEwfaHw.exe
  C:\Windows\System\VEwfaHw.exe
  2⤵
  PID:5040
- C:\Windows\System\QarHJgx.exe
  C:\Windows\System\QarHJgx.exe
  2⤵
  PID:5056
- C:\Windows\System\ShggEnq.exe
  C:\Windows\System\ShggEnq.exe
  2⤵
  PID:5080
- C:\Windows\System\SjmOqXH.exe
  C:\Windows\System\SjmOqXH.exe
  2⤵
  PID:5100
- C:\Windows\System\OzIZfvg.exe
  C:\Windows\System\OzIZfvg.exe
  2⤵
  PID:3620
- C:\Windows\System\ShZgfli.exe
  C:\Windows\System\ShZgfli.exe
  2⤵
  PID:3624
- C:\Windows\System\UnQxher.exe
  C:\Windows\System\UnQxher.exe
  2⤵
  PID:3808
- C:\Windows\System\JMVLbIN.exe
  C:\Windows\System\JMVLbIN.exe
  2⤵
  PID:3844
- C:\Windows\System\pSoioZV.exe
  C:\Windows\System\pSoioZV.exe
  2⤵
  PID:3976
- C:\Windows\System\SjOmQJp.exe
  C:\Windows\System\SjOmQJp.exe
  2⤵
  PID:2384
- C:\Windows\System\ysOjWmJ.exe
  C:\Windows\System\ysOjWmJ.exe
  2⤵
  PID:2504
- C:\Windows\System\DygJaZI.exe
  C:\Windows\System\DygJaZI.exe
  2⤵
  PID:792
- C:\Windows\System\NmWDnHh.exe
  C:\Windows\System\NmWDnHh.exe
  2⤵
  PID:2056
- C:\Windows\System\tEmqyXl.exe
  C:\Windows\System\tEmqyXl.exe
  2⤵
  PID:2908
- C:\Windows\System\LphMxQE.exe
  C:\Windows\System\LphMxQE.exe
  2⤵
  PID:3224
- C:\Windows\System\ArhGwlt.exe
  C:\Windows\System\ArhGwlt.exe
  2⤵
  PID:2520
- C:\Windows\System\wTTkgWb.exe
  C:\Windows\System\wTTkgWb.exe
  2⤵
  PID:3400
- C:\Windows\System\EJQKaXC.exe
  C:\Windows\System\EJQKaXC.exe
  2⤵
  PID:4124
- C:\Windows\System\EtVbkXb.exe
  C:\Windows\System\EtVbkXb.exe
  2⤵
  PID:4108
- C:\Windows\System\acVmQLb.exe
  C:\Windows\System\acVmQLb.exe
  2⤵
  PID:4208
- C:\Windows\System\NUNHjkX.exe
  C:\Windows\System\NUNHjkX.exe
  2⤵
  PID:4184
- C:\Windows\System\KBRdGLk.exe
  C:\Windows\System\KBRdGLk.exe
  2⤵
  PID:4232
- C:\Windows\System\bhECDrZ.exe
  C:\Windows\System\bhECDrZ.exe
  2⤵
  PID:4292
- C:\Windows\System\vUXmAmL.exe
  C:\Windows\System\vUXmAmL.exe
  2⤵
  PID:4308
- C:\Windows\System\IpODOVR.exe
  C:\Windows\System\IpODOVR.exe
  2⤵
  PID:4372
- C:\Windows\System\LEcIRmg.exe
  C:\Windows\System\LEcIRmg.exe
  2⤵
  PID:4448
- C:\Windows\System\xcWjZEL.exe
  C:\Windows\System\xcWjZEL.exe
  2⤵
  PID:4484
- C:\Windows\System\HonKpfE.exe
  C:\Windows\System\HonKpfE.exe
  2⤵
  PID:4468
- C:\Windows\System\vFAkpCz.exe
  C:\Windows\System\vFAkpCz.exe
  2⤵
  PID:4432
- C:\Windows\System\DZeRClK.exe
  C:\Windows\System\DZeRClK.exe
  2⤵
  PID:4520
- C:\Windows\System\ZycJliZ.exe
  C:\Windows\System\ZycJliZ.exe
  2⤵
  PID:4612
- C:\Windows\System\xFenpad.exe
  C:\Windows\System\xFenpad.exe
  2⤵
  PID:4620
- C:\Windows\System\mEYFDcp.exe
  C:\Windows\System\mEYFDcp.exe
  2⤵
  PID:4664
- C:\Windows\System\Macwpkm.exe
  C:\Windows\System\Macwpkm.exe
  2⤵
  PID:4644
- C:\Windows\System\bQFaaUr.exe
  C:\Windows\System\bQFaaUr.exe
  2⤵
  PID:4700
- C:\Windows\System\EJfbQKs.exe
  C:\Windows\System\EJfbQKs.exe
  2⤵
  PID:4780
- C:\Windows\System\wkzQSKM.exe
  C:\Windows\System\wkzQSKM.exe
  2⤵
  PID:4764
- C:\Windows\System\dCArIZz.exe
  C:\Windows\System\dCArIZz.exe
  2⤵
  PID:4820
- C:\Windows\System\PXYsxeM.exe
  C:\Windows\System\PXYsxeM.exe
  2⤵
  PID:4512
- C:\Windows\System\IkrjLaX.exe
  C:\Windows\System\IkrjLaX.exe
  2⤵
  PID:4868
- C:\Windows\System\xlqcjWi.exe
  C:\Windows\System\xlqcjWi.exe
  2⤵
  PID:4944
- C:\Windows\System\oyTyvye.exe
  C:\Windows\System\oyTyvye.exe
  2⤵
  PID:4924
- C:\Windows\System\wwVgHQa.exe
  C:\Windows\System\wwVgHQa.exe
  2⤵
  PID:4992
- C:\Windows\System\BnjlIQT.exe
  C:\Windows\System\BnjlIQT.exe
  2⤵
  PID:5028
- C:\Windows\System\djeeHFJ.exe
  C:\Windows\System\djeeHFJ.exe
  2⤵
  PID:5072
- C:\Windows\System\kvHJJNc.exe
  C:\Windows\System\kvHJJNc.exe
  2⤵
  PID:3648
- C:\Windows\System\UQMezMu.exe
  C:\Windows\System\UQMezMu.exe
  2⤵
  PID:3968
- C:\Windows\System\hzBkYtT.exe
  C:\Windows\System\hzBkYtT.exe
  2⤵
  PID:5012
- C:\Windows\System\jsaACaI.exe
  C:\Windows\System\jsaACaI.exe
  2⤵
  PID:5092
- C:\Windows\System\kWvMPaG.exe
  C:\Windows\System\kWvMPaG.exe
  2⤵
  PID:3724
- C:\Windows\System\aqsywhT.exe
  C:\Windows\System\aqsywhT.exe
  2⤵
  PID:1844
- C:\Windows\System\VNpfGoF.exe
  C:\Windows\System\VNpfGoF.exe
  2⤵
  PID:4024
- C:\Windows\System\CFOpsoS.exe
  C:\Windows\System\CFOpsoS.exe
  2⤵
  PID:3296
- C:\Windows\System\SqQCDcj.exe
  C:\Windows\System\SqQCDcj.exe
  2⤵
  PID:4252
- C:\Windows\System\ishOjRM.exe
  C:\Windows\System\ishOjRM.exe
  2⤵
  PID:3500
- C:\Windows\System\cYxBlRi.exe
  C:\Windows\System\cYxBlRi.exe
  2⤵
  PID:3480
- C:\Windows\System\laeUVvQ.exe
  C:\Windows\System\laeUVvQ.exe
  2⤵
  PID:4168
- C:\Windows\System\gQdVFNz.exe
  C:\Windows\System\gQdVFNz.exe
  2⤵
  PID:4268
- C:\Windows\System\yJLsECl.exe
  C:\Windows\System\yJLsECl.exe
  2⤵
  PID:4504
- C:\Windows\System\MiegQnA.exe
  C:\Windows\System\MiegQnA.exe
  2⤵
  PID:4536
- C:\Windows\System\DITgTrD.exe
  C:\Windows\System\DITgTrD.exe
  2⤵
  PID:4228
- C:\Windows\System\TqsIRfx.exe
  C:\Windows\System\TqsIRfx.exe
  2⤵
  PID:4304
- C:\Windows\System\OaLdtag.exe
  C:\Windows\System\OaLdtag.exe
  2⤵
  PID:4464
- C:\Windows\System\KohbEpQ.exe
  C:\Windows\System\KohbEpQ.exe
  2⤵
  PID:4696
- C:\Windows\System\IgPgLlo.exe
  C:\Windows\System\IgPgLlo.exe
  2⤵
  PID:4760
- C:\Windows\System\IWIOaYw.exe
  C:\Windows\System\IWIOaYw.exe
  2⤵
  PID:4556
- C:\Windows\System\CiQdyGE.exe
  C:\Windows\System\CiQdyGE.exe
  2⤵
  PID:4884
- C:\Windows\System\eVvNcFn.exe
  C:\Windows\System\eVvNcFn.exe
  2⤵
  PID:4988
- C:\Windows\System\ZKHpCAQ.exe
  C:\Windows\System\ZKHpCAQ.exe
  2⤵
  PID:4740
- C:\Windows\System\GlympIW.exe
  C:\Windows\System\GlympIW.exe
  2⤵
  PID:4848
- C:\Windows\System\GoJgbVu.exe
  C:\Windows\System\GoJgbVu.exe
  2⤵
  PID:5128
- C:\Windows\System\URHFiUx.exe
  C:\Windows\System\URHFiUx.exe
  2⤵
  PID:5144
- C:\Windows\System\TutMbpd.exe
  C:\Windows\System\TutMbpd.exe
  2⤵
  PID:5160
- C:\Windows\System\OVmioLR.exe
  C:\Windows\System\OVmioLR.exe
  2⤵
  PID:5176
- C:\Windows\System\EqMVscL.exe
  C:\Windows\System\EqMVscL.exe
  2⤵
  PID:5192
- C:\Windows\System\FlGyxsZ.exe
  C:\Windows\System\FlGyxsZ.exe
  2⤵
  PID:5220
- C:\Windows\System\RpJoMne.exe
  C:\Windows\System\RpJoMne.exe
  2⤵
  PID:5236
- C:\Windows\System\sloWflM.exe
  C:\Windows\System\sloWflM.exe
  2⤵
  PID:5252
- C:\Windows\System\DLLnhSu.exe
  C:\Windows\System\DLLnhSu.exe
  2⤵
  PID:5268
- C:\Windows\System\HsEYvfz.exe
  C:\Windows\System\HsEYvfz.exe
  2⤵
  PID:5284
- C:\Windows\System\xsfHuWy.exe
  C:\Windows\System\xsfHuWy.exe
  2⤵
  PID:5308
- C:\Windows\System\LwrtFbq.exe
  C:\Windows\System\LwrtFbq.exe
  2⤵
  PID:5332
- C:\Windows\System\WEmEfBs.exe
  C:\Windows\System\WEmEfBs.exe
  2⤵
  PID:5352
- C:\Windows\System\bvyOZdR.exe
  C:\Windows\System\bvyOZdR.exe
  2⤵
  PID:5400
- C:\Windows\System\PDeZIGb.exe
  C:\Windows\System\PDeZIGb.exe
  2⤵
  PID:5424
- C:\Windows\System\qXlqKjq.exe
  C:\Windows\System\qXlqKjq.exe
  2⤵
  PID:5444
- C:\Windows\System\jbyQynO.exe
  C:\Windows\System\jbyQynO.exe
  2⤵
  PID:5464
- C:\Windows\System\Hjvjjgo.exe
  C:\Windows\System\Hjvjjgo.exe
  2⤵
  PID:5480
- C:\Windows\System\irsJDkU.exe
  C:\Windows\System\irsJDkU.exe
  2⤵
  PID:5500
- C:\Windows\System\SZGMfSs.exe
  C:\Windows\System\SZGMfSs.exe
  2⤵
  PID:5516
- C:\Windows\System\fHLPiEX.exe
  C:\Windows\System\fHLPiEX.exe
  2⤵
  PID:5536
- C:\Windows\System\fHmVUBR.exe
  C:\Windows\System\fHmVUBR.exe
  2⤵
  PID:5560
- C:\Windows\System\QmOgJwN.exe
  C:\Windows\System\QmOgJwN.exe
  2⤵
  PID:5580
- C:\Windows\System\enWjUwZ.exe
  C:\Windows\System\enWjUwZ.exe
  2⤵
  PID:5600
- C:\Windows\System\mwqpYZA.exe
  C:\Windows\System\mwqpYZA.exe
  2⤵
  PID:5616
- C:\Windows\System\KYFlIbi.exe
  C:\Windows\System\KYFlIbi.exe
  2⤵
  PID:5632
- C:\Windows\System\PBSErbl.exe
  C:\Windows\System\PBSErbl.exe
  2⤵
  PID:5656
- C:\Windows\System\iWcxexV.exe
  C:\Windows\System\iWcxexV.exe
  2⤵
  PID:5672
- C:\Windows\System\VEwwTkV.exe
  C:\Windows\System\VEwwTkV.exe
  2⤵
  PID:5688
- C:\Windows\System\UBCObTy.exe
  C:\Windows\System\UBCObTy.exe
  2⤵
  PID:5716
- C:\Windows\System\orAWjXj.exe
  C:\Windows\System\orAWjXj.exe
  2⤵
  PID:5736
- C:\Windows\System\EvxdiKM.exe
  C:\Windows\System\EvxdiKM.exe
  2⤵
  PID:5756
- C:\Windows\System\LoouPPH.exe
  C:\Windows\System\LoouPPH.exe
  2⤵
  PID:5776
- C:\Windows\System\TzQtnkE.exe
  C:\Windows\System\TzQtnkE.exe
  2⤵
  PID:5796
- C:\Windows\System\YPoHcKr.exe
  C:\Windows\System\YPoHcKr.exe
  2⤵
  PID:5820
- C:\Windows\System\UjVXcnw.exe
  C:\Windows\System\UjVXcnw.exe
  2⤵
  PID:5840
- C:\Windows\System\FvAhaMB.exe
  C:\Windows\System\FvAhaMB.exe
  2⤵
  PID:5856
- C:\Windows\System\NKodJlt.exe
  C:\Windows\System\NKodJlt.exe
  2⤵
  PID:5872
- C:\Windows\System\ijxbAuP.exe
  C:\Windows\System\ijxbAuP.exe
  2⤵
  PID:5888
- C:\Windows\System\xvUmAwi.exe
  C:\Windows\System\xvUmAwi.exe
  2⤵
  PID:5912
- C:\Windows\System\VojtcqV.exe
  C:\Windows\System\VojtcqV.exe
  2⤵
  PID:5928
- C:\Windows\System\KrKnuTB.exe
  C:\Windows\System\KrKnuTB.exe
  2⤵
  PID:5944
- C:\Windows\System\fORyMwk.exe
  C:\Windows\System\fORyMwk.exe
  2⤵
  PID:5960
- C:\Windows\System\CpGaeUG.exe
  C:\Windows\System\CpGaeUG.exe
  2⤵
  PID:5984
- C:\Windows\System\Wlaslnb.exe
  C:\Windows\System\Wlaslnb.exe
  2⤵
  PID:6000
- C:\Windows\System\HWbLxRd.exe
  C:\Windows\System\HWbLxRd.exe
  2⤵
  PID:6020
- C:\Windows\System\xkltDTW.exe
  C:\Windows\System\xkltDTW.exe
  2⤵
  PID:6040
- C:\Windows\System\qUEzYvy.exe
  C:\Windows\System\qUEzYvy.exe
  2⤵
  PID:6056
- C:\Windows\System\RyWPdrC.exe
  C:\Windows\System\RyWPdrC.exe
  2⤵
  PID:6104
- C:\Windows\System\souptmd.exe
  C:\Windows\System\souptmd.exe
  2⤵
  PID:6120
- C:\Windows\System\LOhPTRK.exe
  C:\Windows\System\LOhPTRK.exe
  2⤵
  PID:6140
- C:\Windows\System\vzwBBtg.exe
  C:\Windows\System\vzwBBtg.exe
  2⤵
  PID:5088
- C:\Windows\System\wShsLct.exe
  C:\Windows\System\wShsLct.exe
  2⤵
  PID:3076
- C:\Windows\System\CyjGepR.exe
  C:\Windows\System\CyjGepR.exe
  2⤵
  PID:4152
- C:\Windows\System\EShgvHW.exe
  C:\Windows\System\EShgvHW.exe
  2⤵
  PID:4920
- C:\Windows\System\DjyMeOM.exe
  C:\Windows\System\DjyMeOM.exe
  2⤵
  PID:5116
- C:\Windows\System\rCKmGgV.exe
  C:\Windows\System\rCKmGgV.exe
  2⤵
  PID:5008
- C:\Windows\System\QnODlSI.exe
  C:\Windows\System\QnODlSI.exe
  2⤵
  PID:4368
- C:\Windows\System\QZouXOR.exe
  C:\Windows\System\QZouXOR.exe
  2⤵
  PID:4192
- C:\Windows\System\tyPeBHv.exe
  C:\Windows\System\tyPeBHv.exe
  2⤵
  PID:4684
- C:\Windows\System\WOpZFuV.exe
  C:\Windows\System\WOpZFuV.exe
  2⤵
  PID:4904
- C:\Windows\System\DkvFVBb.exe
  C:\Windows\System\DkvFVBb.exe
  2⤵
  PID:4112
- C:\Windows\System\yvORSGO.exe
  C:\Windows\System\yvORSGO.exe
  2⤵
  PID:1448
- C:\Windows\System\NfYQLfF.exe
  C:\Windows\System\NfYQLfF.exe
  2⤵
  PID:4516
- C:\Windows\System\suQwgPA.exe
  C:\Windows\System\suQwgPA.exe
  2⤵
  PID:4824
- C:\Windows\System\KhguDdD.exe
  C:\Windows\System\KhguDdD.exe
  2⤵
  PID:5156
- C:\Windows\System\nWYRtck.exe
  C:\Windows\System\nWYRtck.exe
  2⤵
  PID:4996
- C:\Windows\System\TsRsPHN.exe
  C:\Windows\System\TsRsPHN.exe
  2⤵
  PID:5292
- C:\Windows\System\MSLCYni.exe
  C:\Windows\System\MSLCYni.exe
  2⤵
  PID:4788
- C:\Windows\System\zXWViOz.exe
  C:\Windows\System\zXWViOz.exe
  2⤵
  PID:5208
- C:\Windows\System\xSsQePN.exe
  C:\Windows\System\xSsQePN.exe
  2⤵
  PID:5412
- C:\Windows\System\yImagkJ.exe
  C:\Windows\System\yImagkJ.exe
  2⤵
  PID:5460
- C:\Windows\System\EJAvIHr.exe
  C:\Windows\System\EJAvIHr.exe
  2⤵
  PID:5528
- C:\Windows\System\SbTKDuw.exe
  C:\Windows\System\SbTKDuw.exe
  2⤵
  PID:5328
- C:\Windows\System\MaQYbcR.exe
  C:\Windows\System\MaQYbcR.exe
  2⤵
  PID:5244
- C:\Windows\System\osdSImD.exe
  C:\Windows\System\osdSImD.exe
  2⤵
  PID:5568
- C:\Windows\System\XzCcCkb.exe
  C:\Windows\System\XzCcCkb.exe
  2⤵
  PID:5368
- C:\Windows\System\uilPOST.exe
  C:\Windows\System\uilPOST.exe
  2⤵
  PID:5440
- C:\Windows\System\gSnrCxy.exe
  C:\Windows\System\gSnrCxy.exe
  2⤵
  PID:5512
- C:\Windows\System\CvenYRG.exe
  C:\Windows\System\CvenYRG.exe
  2⤵
  PID:5612
- C:\Windows\System\ASdfALc.exe
  C:\Windows\System\ASdfALc.exe
  2⤵
  PID:5680
- C:\Windows\System\aMAvrXY.exe
  C:\Windows\System\aMAvrXY.exe
  2⤵
  PID:5764
- C:\Windows\System\URFdbxg.exe
  C:\Windows\System\URFdbxg.exe
  2⤵
  PID:5548
- C:\Windows\System\bKPVQlk.exe
  C:\Windows\System\bKPVQlk.exe
  2⤵
  PID:5596
- C:\Windows\System\kNlntNk.exe
  C:\Windows\System\kNlntNk.exe
  2⤵
  PID:5664
- C:\Windows\System\cnSWCkW.exe
  C:\Windows\System\cnSWCkW.exe
  2⤵
  PID:5744
- C:\Windows\System\ZhYMOCW.exe
  C:\Windows\System\ZhYMOCW.exe
  2⤵
  PID:5700
- C:\Windows\System\cfPlkEa.exe
  C:\Windows\System\cfPlkEa.exe
  2⤵
  PID:5816
- C:\Windows\System\dDOrbOf.exe
  C:\Windows\System\dDOrbOf.exe
  2⤵
  PID:5920
- C:\Windows\System\eCcKwhB.exe
  C:\Windows\System\eCcKwhB.exe
  2⤵
  PID:5996
- C:\Windows\System\WKSSvWW.exe
  C:\Windows\System\WKSSvWW.exe
  2⤵
  PID:5904
- C:\Windows\System\NTOwhiI.exe
  C:\Windows\System\NTOwhiI.exe
  2⤵
  PID:6048
- C:\Windows\System\FniONYg.exe
  C:\Windows\System\FniONYg.exe
  2⤵
  PID:5972
- C:\Windows\System\mLObmGl.exe
  C:\Windows\System\mLObmGl.exe
  2⤵
  PID:5896
- C:\Windows\System\DfyAaZl.exe
  C:\Windows\System\DfyAaZl.exe
  2⤵
  PID:6064
- C:\Windows\System\fyXLdkA.exe
  C:\Windows\System\fyXLdkA.exe
  2⤵
  PID:6084
- C:\Windows\System\UWeOnGV.exe
  C:\Windows\System\UWeOnGV.exe
  2⤵
  PID:6128
- C:\Windows\System\FgeuNjj.exe
  C:\Windows\System\FgeuNjj.exe
  2⤵
  PID:1612
- C:\Windows\System\YuIZYUp.exe
  C:\Windows\System\YuIZYUp.exe
  2⤵
  PID:4148
- C:\Windows\System\qJhRtbq.exe
  C:\Windows\System\qJhRtbq.exe
  2⤵
  PID:4048
- C:\Windows\System\FcPymBy.exe
  C:\Windows\System\FcPymBy.exe
  2⤵
  PID:3564
- C:\Windows\System\iNLKqcz.exe
  C:\Windows\System\iNLKqcz.exe
  2⤵
  PID:4544
- C:\Windows\System\BGITedf.exe
  C:\Windows\System\BGITedf.exe
  2⤵
  PID:4572
- C:\Windows\System\FKwcPah.exe
  C:\Windows\System\FKwcPah.exe
  2⤵
  PID:4928
- C:\Windows\System\iYVOpqU.exe
  C:\Windows\System\iYVOpqU.exe
  2⤵
  PID:4680
- C:\Windows\System\mJfToWE.exe
  C:\Windows\System\mJfToWE.exe
  2⤵
  PID:4312
- C:\Windows\System\wwJqwQz.exe
  C:\Windows\System\wwJqwQz.exe
  2⤵
  PID:5124
- C:\Windows\System\ilDtYoP.exe
  C:\Windows\System\ilDtYoP.exe
  2⤵
  PID:5264
- C:\Windows\System\hKZSTnt.exe
  C:\Windows\System\hKZSTnt.exe
  2⤵
  PID:5076
- C:\Windows\System\KvMtLJx.exe
  C:\Windows\System\KvMtLJx.exe
  2⤵
  PID:5348
- C:\Windows\System\ANYYsGs.exe
  C:\Windows\System\ANYYsGs.exe
  2⤵
  PID:5524
- C:\Windows\System\JuJYeXD.exe
  C:\Windows\System\JuJYeXD.exe
  2⤵
  PID:5136
- C:\Windows\System\gBAlLDL.exe
  C:\Windows\System\gBAlLDL.exe
  2⤵
  PID:5172
- C:\Windows\System\iSLxdXZ.exe
  C:\Windows\System\iSLxdXZ.exe
  2⤵
  PID:5384
- C:\Windows\System\mzvPNFr.exe
  C:\Windows\System\mzvPNFr.exe
  2⤵
  PID:2768
- C:\Windows\System\AmSzQfO.exe
  C:\Windows\System\AmSzQfO.exe
  2⤵
  PID:5508
- C:\Windows\System\hlPkaHc.exe
  C:\Windows\System\hlPkaHc.exe
  2⤵
  PID:5544
- C:\Windows\System\xaDpAKK.exe
  C:\Windows\System\xaDpAKK.exe
  2⤵
  PID:5588
- C:\Windows\System\MGjzhwE.exe
  C:\Windows\System\MGjzhwE.exe
  2⤵
  PID:5752
- C:\Windows\System\fKkjIiI.exe
  C:\Windows\System\fKkjIiI.exe
  2⤵
  PID:5792
- C:\Windows\System\SrbEetm.exe
  C:\Windows\System\SrbEetm.exe
  2⤵
  PID:5880
- C:\Windows\System\SIvOcMu.exe
  C:\Windows\System\SIvOcMu.exe
  2⤵
  PID:6032
- C:\Windows\System\ZXnCXqJ.exe
  C:\Windows\System\ZXnCXqJ.exe
  2⤵
  PID:5976
- C:\Windows\System\jzBUYJq.exe
  C:\Windows\System\jzBUYJq.exe
  2⤵
  PID:6012
- C:\Windows\System\ggVVNyv.exe
  C:\Windows\System\ggVVNyv.exe
  2⤵
  PID:5864
- C:\Windows\System\RgsKZfn.exe
  C:\Windows\System\RgsKZfn.exe
  2⤵
  PID:6080
- C:\Windows\System\mbGwPMH.exe
  C:\Windows\System\mbGwPMH.exe
  2⤵
  PID:6112
- C:\Windows\System\Ccmervy.exe
  C:\Windows\System\Ccmervy.exe
  2⤵
  PID:4172
- C:\Windows\System\AUZXhfr.exe
  C:\Windows\System\AUZXhfr.exe
  2⤵
  PID:3664
- C:\Windows\System\DrSXdyH.exe
  C:\Windows\System\DrSXdyH.exe
  2⤵
  PID:4212
- C:\Windows\System\LTNDvhI.exe
  C:\Windows\System\LTNDvhI.exe
  2⤵
  PID:3712
- C:\Windows\System\dwqDaqI.exe
  C:\Windows\System\dwqDaqI.exe
  2⤵
  PID:6156
- C:\Windows\System\AZWrtqo.exe
  C:\Windows\System\AZWrtqo.exe
  2⤵
  PID:6176
- C:\Windows\System\vvQRrzS.exe
  C:\Windows\System\vvQRrzS.exe
  2⤵
  PID:6196
- C:\Windows\System\xzfMhkm.exe
  C:\Windows\System\xzfMhkm.exe
  2⤵
  PID:6216
- C:\Windows\System\ESFdKrU.exe
  C:\Windows\System\ESFdKrU.exe
  2⤵
  PID:6236
- C:\Windows\System\qsClqmI.exe
  C:\Windows\System\qsClqmI.exe
  2⤵
  PID:6256
- C:\Windows\System\vBmzABe.exe
  C:\Windows\System\vBmzABe.exe
  2⤵
  PID:6276
- C:\Windows\System\PgEjDut.exe
  C:\Windows\System\PgEjDut.exe
  2⤵
  PID:6296
- C:\Windows\System\jUtomEz.exe
  C:\Windows\System\jUtomEz.exe
  2⤵
  PID:6316
- C:\Windows\System\rkXbTXE.exe
  C:\Windows\System\rkXbTXE.exe
  2⤵
  PID:6336
- C:\Windows\System\xqqGxOS.exe
  C:\Windows\System\xqqGxOS.exe
  2⤵
  PID:6356
- C:\Windows\System\dWwURlj.exe
  C:\Windows\System\dWwURlj.exe
  2⤵
  PID:6376
- C:\Windows\System\YxufrbR.exe
  C:\Windows\System\YxufrbR.exe
  2⤵
  PID:6400
- C:\Windows\System\ytfcKFB.exe
  C:\Windows\System\ytfcKFB.exe
  2⤵
  PID:6420
- C:\Windows\System\wUpjIba.exe
  C:\Windows\System\wUpjIba.exe
  2⤵
  PID:6440
- C:\Windows\System\ocACqFk.exe
  C:\Windows\System\ocACqFk.exe
  2⤵
  PID:6464
- C:\Windows\System\IQikQKs.exe
  C:\Windows\System\IQikQKs.exe
  2⤵
  PID:6484
- C:\Windows\System\pafbtmM.exe
  C:\Windows\System\pafbtmM.exe
  2⤵
  PID:6504
- C:\Windows\System\igJYUvD.exe
  C:\Windows\System\igJYUvD.exe
  2⤵
  PID:6524
- C:\Windows\System\VTyDgJR.exe
  C:\Windows\System\VTyDgJR.exe
  2⤵
  PID:6544
- C:\Windows\System\NNbCxRN.exe
  C:\Windows\System\NNbCxRN.exe
  2⤵
  PID:6564
- C:\Windows\System\seUiNef.exe
  C:\Windows\System\seUiNef.exe
  2⤵
  PID:6584
- C:\Windows\System\lysjNrq.exe
  C:\Windows\System\lysjNrq.exe
  2⤵
  PID:6604
- C:\Windows\System\SMYRazO.exe
  C:\Windows\System\SMYRazO.exe
  2⤵
  PID:6624
- C:\Windows\System\JITdnNz.exe
  C:\Windows\System\JITdnNz.exe
  2⤵
  PID:6644
- C:\Windows\System\tltswQS.exe
  C:\Windows\System\tltswQS.exe
  2⤵
  PID:6664
- C:\Windows\System\pdpZvUX.exe
  C:\Windows\System\pdpZvUX.exe
  2⤵
  PID:6684
- C:\Windows\System\BvjJtIg.exe
  C:\Windows\System\BvjJtIg.exe
  2⤵
  PID:6704
- C:\Windows\System\kNwhtOa.exe
  C:\Windows\System\kNwhtOa.exe
  2⤵
  PID:6724
- C:\Windows\System\fUePTnc.exe
  C:\Windows\System\fUePTnc.exe
  2⤵
  PID:6744
- C:\Windows\System\qfgXXrc.exe
  C:\Windows\System\qfgXXrc.exe
  2⤵
  PID:6764
- C:\Windows\System\whLnzEj.exe
  C:\Windows\System\whLnzEj.exe
  2⤵
  PID:6784
- C:\Windows\System\hnnlNxI.exe
  C:\Windows\System\hnnlNxI.exe
  2⤵
  PID:6804
- C:\Windows\System\IIRDMKB.exe
  C:\Windows\System\IIRDMKB.exe
  2⤵
  PID:6824
- C:\Windows\System\hJltzGO.exe
  C:\Windows\System\hJltzGO.exe
  2⤵
  PID:6844
- C:\Windows\System\kgvXGYa.exe
  C:\Windows\System\kgvXGYa.exe
  2⤵
  PID:6864
- C:\Windows\System\MIApcav.exe
  C:\Windows\System\MIApcav.exe
  2⤵
  PID:6884
- C:\Windows\System\JqBpcsz.exe
  C:\Windows\System\JqBpcsz.exe
  2⤵
  PID:6904
- C:\Windows\System\pOMyoaC.exe
  C:\Windows\System\pOMyoaC.exe
  2⤵
  PID:6924
- C:\Windows\System\aPoLASj.exe
  C:\Windows\System\aPoLASj.exe
  2⤵
  PID:6944
- C:\Windows\System\bJGCVGn.exe
  C:\Windows\System\bJGCVGn.exe
  2⤵
  PID:6964
- C:\Windows\System\CiYjeCZ.exe
  C:\Windows\System\CiYjeCZ.exe
  2⤵
  PID:6984
- C:\Windows\System\eRWhQcW.exe
  C:\Windows\System\eRWhQcW.exe
  2⤵
  PID:7004
- C:\Windows\System\epQzKOE.exe
  C:\Windows\System\epQzKOE.exe
  2⤵
  PID:7024
- C:\Windows\System\TJGheIH.exe
  C:\Windows\System\TJGheIH.exe
  2⤵
  PID:7044
- C:\Windows\System\VZJcMDd.exe
  C:\Windows\System\VZJcMDd.exe
  2⤵
  PID:7064
- C:\Windows\System\MAMlntQ.exe
  C:\Windows\System\MAMlntQ.exe
  2⤵
  PID:7084
- C:\Windows\System\awnlyBl.exe
  C:\Windows\System\awnlyBl.exe
  2⤵
  PID:7104
- C:\Windows\System\mniTpUE.exe
  C:\Windows\System\mniTpUE.exe
  2⤵
  PID:7124
- C:\Windows\System\xTdAbLw.exe
  C:\Windows\System\xTdAbLw.exe
  2⤵
  PID:7148
- C:\Windows\System\WPBixqo.exe
  C:\Windows\System\WPBixqo.exe
  2⤵
  PID:4744
- C:\Windows\System\sWluQdY.exe
  C:\Windows\System\sWluQdY.exe
  2⤵
  PID:4616
- C:\Windows\System\agnGTHm.exe
  C:\Windows\System\agnGTHm.exe
  2⤵
  PID:5340
- C:\Windows\System\KkaJKYc.exe
  C:\Windows\System\KkaJKYc.exe
  2⤵
  PID:5408
- C:\Windows\System\jcpNUvS.exe
  C:\Windows\System\jcpNUvS.exe
  2⤵
  PID:5316
- C:\Windows\System\MxVMNIq.exe
  C:\Windows\System\MxVMNIq.exe
  2⤵
  PID:5200
- C:\Windows\System\RBNnOFe.exe
  C:\Windows\System\RBNnOFe.exe
  2⤵
  PID:5392
- C:\Windows\System\RJKcfHk.exe
  C:\Windows\System\RJKcfHk.exe
  2⤵
  PID:5724
- C:\Windows\System\tgEpYRw.exe
  C:\Windows\System\tgEpYRw.exe
  2⤵
  PID:5556
- C:\Windows\System\OSVPZLl.exe
  C:\Windows\System\OSVPZLl.exe
  2⤵
  PID:5784
- C:\Windows\System\XELXbkR.exe
  C:\Windows\System\XELXbkR.exe
  2⤵
  PID:5992
- C:\Windows\System\VrYHIqZ.exe
  C:\Windows\System\VrYHIqZ.exe
  2⤵
  PID:2784
- C:\Windows\System\wEAIzFi.exe
  C:\Windows\System\wEAIzFi.exe
  2⤵
  PID:2396
- C:\Windows\System\IwlrvZc.exe
  C:\Windows\System\IwlrvZc.exe
  2⤵
  PID:6100
- C:\Windows\System\JtyUcEB.exe
  C:\Windows\System\JtyUcEB.exe
  2⤵
  PID:5032
- C:\Windows\System\WqhLTKd.exe
  C:\Windows\System\WqhLTKd.exe
  2⤵
  PID:1644
- C:\Windows\System\oHEKSDw.exe
  C:\Windows\System\oHEKSDw.exe
  2⤵
  PID:6152
- C:\Windows\System\zpOgFpK.exe
  C:\Windows\System\zpOgFpK.exe
  2⤵
  PID:2508
- C:\Windows\System\EfLcGHh.exe
  C:\Windows\System\EfLcGHh.exe
  2⤵
  PID:6212
- C:\Windows\System\OEbQrYi.exe
  C:\Windows\System\OEbQrYi.exe
  2⤵
  PID:6244
- C:\Windows\System\YFZLThz.exe
  C:\Windows\System\YFZLThz.exe
  2⤵
  PID:6268
- C:\Windows\System\YUOjuul.exe
  C:\Windows\System\YUOjuul.exe
  2⤵
  PID:6312
- C:\Windows\System\ylIkqwj.exe
  C:\Windows\System\ylIkqwj.exe
  2⤵
  PID:6344
- C:\Windows\System\eznDNvj.exe
  C:\Windows\System\eznDNvj.exe
  2⤵
  PID:6372
- C:\Windows\System\umqHYEI.exe
  C:\Windows\System\umqHYEI.exe
  2⤵
  PID:6412
- C:\Windows\System\UiyViBq.exe
  C:\Windows\System\UiyViBq.exe
  2⤵
  PID:6448
- C:\Windows\System\iWjILlt.exe
  C:\Windows\System\iWjILlt.exe
  2⤵
  PID:6480
- C:\Windows\System\xVmuCJr.exe
  C:\Windows\System\xVmuCJr.exe
  2⤵
  PID:6512
- C:\Windows\System\iCymaXB.exe
  C:\Windows\System\iCymaXB.exe
  2⤵
  PID:6536
- C:\Windows\System\srAlAgE.exe
  C:\Windows\System\srAlAgE.exe
  2⤵
  PID:6556
- C:\Windows\System\ruGYMuM.exe
  C:\Windows\System\ruGYMuM.exe
  2⤵
  PID:6596
- C:\Windows\System\kxpXrgW.exe
  C:\Windows\System\kxpXrgW.exe
  2⤵
  PID:6660
- C:\Windows\System\pNeoUcM.exe
  C:\Windows\System\pNeoUcM.exe
  2⤵
  PID:6460
- C:\Windows\System\kDkSbAa.exe
  C:\Windows\System\kDkSbAa.exe
  2⤵
  PID:6696
- C:\Windows\System\RXXHXOH.exe
  C:\Windows\System\RXXHXOH.exe
  2⤵
  PID:6720
- C:\Windows\System\ZVsHWtq.exe
  C:\Windows\System\ZVsHWtq.exe
  2⤵
  PID:6772
- C:\Windows\System\MBPIIOW.exe
  C:\Windows\System\MBPIIOW.exe
  2⤵
  PID:2840
- C:\Windows\System\LmJxgiX.exe
  C:\Windows\System\LmJxgiX.exe
  2⤵
  PID:6852
- C:\Windows\System\rKKPlTa.exe
  C:\Windows\System\rKKPlTa.exe
  2⤵
  PID:6856
- C:\Windows\System\IhQxMSB.exe
  C:\Windows\System\IhQxMSB.exe
  2⤵
  PID:6900
- C:\Windows\System\pfetYRW.exe
  C:\Windows\System\pfetYRW.exe
  2⤵
  PID:6940
- C:\Windows\System\iZkaeLy.exe
  C:\Windows\System\iZkaeLy.exe
  2⤵
  PID:6972
- C:\Windows\System\RdeyeBS.exe
  C:\Windows\System\RdeyeBS.exe
  2⤵
  PID:6976
- C:\Windows\System\SDQKvgr.exe
  C:\Windows\System\SDQKvgr.exe
  2⤵
  PID:7000
- C:\Windows\System\GVKnGrQ.exe
  C:\Windows\System\GVKnGrQ.exe
  2⤵
  PID:7036
- C:\Windows\System\GtXMBTl.exe
  C:\Windows\System\GtXMBTl.exe
  2⤵
  PID:7080
- C:\Windows\System\lWDXZeC.exe
  C:\Windows\System\lWDXZeC.exe
  2⤵
  PID:7132
- C:\Windows\System\STJTKYT.exe
  C:\Windows\System\STJTKYT.exe
  2⤵
  PID:4420
- C:\Windows\System\gloxmzg.exe
  C:\Windows\System\gloxmzg.exe
  2⤵
  PID:7160
- C:\Windows\System\aAXvavK.exe
  C:\Windows\System\aAXvavK.exe
  2⤵
  PID:4592
- C:\Windows\System\abperqL.exe
  C:\Windows\System\abperqL.exe
  2⤵
  PID:5452
- C:\Windows\System\xEytPyD.exe
  C:\Windows\System\xEytPyD.exe
  2⤵
  PID:5608
- C:\Windows\System\nGtcJiW.exe
  C:\Windows\System\nGtcJiW.exe
  2⤵
  PID:5728
- C:\Windows\System\lDxavwq.exe
  C:\Windows\System\lDxavwq.exe
  2⤵
  PID:5708
- C:\Windows\System\saPpFEP.exe
  C:\Windows\System\saPpFEP.exe
  2⤵
  PID:5788
- C:\Windows\System\HxmZDfn.exe
  C:\Windows\System\HxmZDfn.exe
  2⤵
  PID:5936
- C:\Windows\System\osqWtJG.exe
  C:\Windows\System\osqWtJG.exe
  2⤵
  PID:1552
- C:\Windows\System\TgralyO.exe
  C:\Windows\System\TgralyO.exe
  2⤵
  PID:6148
- C:\Windows\System\NcmJews.exe
  C:\Windows\System\NcmJews.exe
  2⤵
  PID:6184
- C:\Windows\System\OBbhIlz.exe
  C:\Windows\System\OBbhIlz.exe
  2⤵
  PID:6232
- C:\Windows\System\ZftUJkp.exe
  C:\Windows\System\ZftUJkp.exe
  2⤵
  PID:6272
- C:\Windows\System\PylNCSH.exe
  C:\Windows\System\PylNCSH.exe
  2⤵
  PID:6352
- C:\Windows\System\qrzEbXr.exe
  C:\Windows\System\qrzEbXr.exe
  2⤵
  PID:6392
- C:\Windows\System\MbPHZnT.exe
  C:\Windows\System\MbPHZnT.exe
  2⤵
  PID:6496
- C:\Windows\System\PVBhtJt.exe
  C:\Windows\System\PVBhtJt.exe
  2⤵
  PID:6472
- C:\Windows\System\iDDhgve.exe
  C:\Windows\System\iDDhgve.exe
  2⤵
  PID:6516
- C:\Windows\System\YVRJjAv.exe
  C:\Windows\System\YVRJjAv.exe
  2⤵
  PID:6600
- C:\Windows\System\bCsqwml.exe
  C:\Windows\System\bCsqwml.exe
  2⤵
  PID:6700
- C:\Windows\System\jmivxiR.exe
  C:\Windows\System\jmivxiR.exe
  2⤵
  PID:6680
- C:\Windows\System\vgQnnln.exe
  C:\Windows\System\vgQnnln.exe
  2⤵
  PID:6756
- C:\Windows\System\CnKcvhJ.exe
  C:\Windows\System\CnKcvhJ.exe
  2⤵
  PID:6872
- C:\Windows\System\OJTbOof.exe
  C:\Windows\System\OJTbOof.exe
  2⤵
  PID:6792
- C:\Windows\System\BteeyBI.exe
  C:\Windows\System\BteeyBI.exe
  2⤵
  PID:6916
- C:\Windows\System\hnJGQDO.exe
  C:\Windows\System\hnJGQDO.exe
  2⤵
  PID:6952
- C:\Windows\System\TGpsthW.exe
  C:\Windows\System\TGpsthW.exe
  2⤵
  PID:7056
- C:\Windows\System\HmmAXoY.exe
  C:\Windows\System\HmmAXoY.exe
  2⤵
  PID:7072
- C:\Windows\System\MzCoDjy.exe
  C:\Windows\System\MzCoDjy.exe
  2⤵
  PID:7116
- C:\Windows\System\zKWgXrE.exe
  C:\Windows\System\zKWgXrE.exe
  2⤵
  PID:5492
- C:\Windows\System\tOHHxQB.exe
  C:\Windows\System\tOHHxQB.exe
  2⤵
  PID:5168
- C:\Windows\System\YPEDeGn.exe
  C:\Windows\System\YPEDeGn.exe
  2⤵
  PID:5344
- C:\Windows\System\WwThNhq.exe
  C:\Windows\System\WwThNhq.exe
  2⤵
  PID:5940
- C:\Windows\System\cfZAebf.exe
  C:\Windows\System\cfZAebf.exe
  2⤵
  PID:5812
- C:\Windows\System\wiKbnvk.exe
  C:\Windows\System\wiKbnvk.exe
  2⤵
  PID:4328
- C:\Windows\System\KEKRbJb.exe
  C:\Windows\System\KEKRbJb.exe
  2⤵
  PID:6228
- C:\Windows\System\QctUGpK.exe
  C:\Windows\System\QctUGpK.exe
  2⤵
  PID:6248
- C:\Windows\System\CYCQJQs.exe
  C:\Windows\System\CYCQJQs.exe
  2⤵
  PID:6292
- C:\Windows\System\SiUyqiA.exe
  C:\Windows\System\SiUyqiA.exe
  2⤵
  PID:6348
- C:\Windows\System\NxwhMAc.exe
  C:\Windows\System\NxwhMAc.exe
  2⤵
  PID:6540
- C:\Windows\System\wTTdiED.exe
  C:\Windows\System\wTTdiED.exe
  2⤵
  PID:6456
- C:\Windows\System\awgyfWD.exe
  C:\Windows\System\awgyfWD.exe
  2⤵
  PID:6592
- C:\Windows\System\PeAPYBU.exe
  C:\Windows\System\PeAPYBU.exe
  2⤵
  PID:6676
- C:\Windows\System\FJkCdsV.exe
  C:\Windows\System\FJkCdsV.exe
  2⤵
  PID:6820
- C:\Windows\System\WHzGlAP.exe
  C:\Windows\System\WHzGlAP.exe
  2⤵
  PID:6776
- C:\Windows\System\yIfOexU.exe
  C:\Windows\System\yIfOexU.exe
  2⤵
  PID:2608
- C:\Windows\System\fmFOatg.exe
  C:\Windows\System\fmFOatg.exe
  2⤵
  PID:7180
- C:\Windows\System\zPrmRjB.exe
  C:\Windows\System\zPrmRjB.exe
  2⤵
  PID:7200
- C:\Windows\System\JnNKkgi.exe
  C:\Windows\System\JnNKkgi.exe
  2⤵
  PID:7220
- C:\Windows\System\OGHQQtN.exe
  C:\Windows\System\OGHQQtN.exe
  2⤵
  PID:7240
- C:\Windows\System\BnEXGvn.exe
  C:\Windows\System\BnEXGvn.exe
  2⤵
  PID:7260
- C:\Windows\System\COqeOGy.exe
  C:\Windows\System\COqeOGy.exe
  2⤵
  PID:7280
- C:\Windows\System\NHaQXmr.exe
  C:\Windows\System\NHaQXmr.exe
  2⤵
  PID:7300
- C:\Windows\System\BBnbdEE.exe
  C:\Windows\System\BBnbdEE.exe
  2⤵
  PID:7320
- C:\Windows\System\OAHjKPS.exe
  C:\Windows\System\OAHjKPS.exe
  2⤵
  PID:7340
- C:\Windows\System\nkbahLn.exe
  C:\Windows\System\nkbahLn.exe
  2⤵
  PID:7360
- C:\Windows\System\WqhTjgc.exe
  C:\Windows\System\WqhTjgc.exe
  2⤵
  PID:7384
- C:\Windows\System\yByTITZ.exe
  C:\Windows\System\yByTITZ.exe
  2⤵
  PID:7404
- C:\Windows\System\khwmowc.exe
  C:\Windows\System\khwmowc.exe
  2⤵
  PID:7424
- C:\Windows\System\zThaJGO.exe
  C:\Windows\System\zThaJGO.exe
  2⤵
  PID:7444
- C:\Windows\System\hqgzLcx.exe
  C:\Windows\System\hqgzLcx.exe
  2⤵
  PID:7464
- C:\Windows\System\hldqKJz.exe
  C:\Windows\System\hldqKJz.exe
  2⤵
  PID:7484
- C:\Windows\System\elljrxs.exe
  C:\Windows\System\elljrxs.exe
  2⤵
  PID:7504
- C:\Windows\System\oNcXKHi.exe
  C:\Windows\System\oNcXKHi.exe
  2⤵
  PID:7524
- C:\Windows\System\tShPsvm.exe
  C:\Windows\System\tShPsvm.exe
  2⤵
  PID:7548
- C:\Windows\System\LeKKYAR.exe
  C:\Windows\System\LeKKYAR.exe
  2⤵
  PID:7568
- C:\Windows\System\DeqaSfm.exe
  C:\Windows\System\DeqaSfm.exe
  2⤵
  PID:7588
- C:\Windows\System\iOmPliX.exe
  C:\Windows\System\iOmPliX.exe
  2⤵
  PID:7608
- C:\Windows\System\tknSOzc.exe
  C:\Windows\System\tknSOzc.exe
  2⤵
  PID:7628
- C:\Windows\System\CTkuoMy.exe
  C:\Windows\System\CTkuoMy.exe
  2⤵
  PID:7648
- C:\Windows\System\XUWqxwk.exe
  C:\Windows\System\XUWqxwk.exe
  2⤵
  PID:7668
- C:\Windows\System\rTdJoQX.exe
  C:\Windows\System\rTdJoQX.exe
  2⤵
  PID:7688
- C:\Windows\System\GrpxExL.exe
  C:\Windows\System\GrpxExL.exe
  2⤵
  PID:7708
- C:\Windows\System\rVXFhza.exe
  C:\Windows\System\rVXFhza.exe
  2⤵
  PID:7728
- C:\Windows\System\RdTokKs.exe
  C:\Windows\System\RdTokKs.exe
  2⤵
  PID:7748
- C:\Windows\System\FCcgnZF.exe
  C:\Windows\System\FCcgnZF.exe
  2⤵
  PID:7768
- C:\Windows\System\ZWWrRLI.exe
  C:\Windows\System\ZWWrRLI.exe
  2⤵
  PID:7788
- C:\Windows\System\xVhDlvt.exe
  C:\Windows\System\xVhDlvt.exe
  2⤵
  PID:7808
- C:\Windows\System\aBruLtl.exe
  C:\Windows\System\aBruLtl.exe
  2⤵
  PID:7828
- C:\Windows\System\CetufEo.exe
  C:\Windows\System\CetufEo.exe
  2⤵
  PID:7848
- C:\Windows\System\CXjSkCv.exe
  C:\Windows\System\CXjSkCv.exe
  2⤵
  PID:7868
- C:\Windows\System\EsCTxti.exe
  C:\Windows\System\EsCTxti.exe
  2⤵
  PID:7888
- C:\Windows\System\xgEHBSy.exe
  C:\Windows\System\xgEHBSy.exe
  2⤵
  PID:7908
- C:\Windows\System\WhbpWKD.exe
  C:\Windows\System\WhbpWKD.exe
  2⤵
  PID:7928
- C:\Windows\System\evXWTOJ.exe
  C:\Windows\System\evXWTOJ.exe
  2⤵
  PID:7948
- C:\Windows\System\AvGIXAT.exe
  C:\Windows\System\AvGIXAT.exe
  2⤵
  PID:7968
- C:\Windows\System\XWmjwyR.exe
  C:\Windows\System\XWmjwyR.exe
  2⤵
  PID:7988
- C:\Windows\System\qjEBdfc.exe
  C:\Windows\System\qjEBdfc.exe
  2⤵
  PID:8008
- C:\Windows\System\znakjLZ.exe
  C:\Windows\System\znakjLZ.exe
  2⤵
  PID:8028
- C:\Windows\System\DvEgZzM.exe
  C:\Windows\System\DvEgZzM.exe
  2⤵
  PID:8048
- C:\Windows\System\LTTNkCB.exe
  C:\Windows\System\LTTNkCB.exe
  2⤵
  PID:8068
- C:\Windows\System\KOBkpkn.exe
  C:\Windows\System\KOBkpkn.exe
  2⤵
  PID:8088
- C:\Windows\System\GRcYQzV.exe
  C:\Windows\System\GRcYQzV.exe
  2⤵
  PID:8108
- C:\Windows\System\aNRbmZQ.exe
  C:\Windows\System\aNRbmZQ.exe
  2⤵
  PID:8128
- C:\Windows\System\vLmLQut.exe
  C:\Windows\System\vLmLQut.exe
  2⤵
  PID:8152
- C:\Windows\System\JFvnSzT.exe
  C:\Windows\System\JFvnSzT.exe
  2⤵
  PID:8172
- C:\Windows\System\ZxXmXNd.exe
  C:\Windows\System\ZxXmXNd.exe
  2⤵
  PID:7052
- C:\Windows\System\VbtPsWD.exe
  C:\Windows\System\VbtPsWD.exe
  2⤵
  PID:6304
- C:\Windows\System\rkZFYdF.exe
  C:\Windows\System\rkZFYdF.exe
  2⤵
  PID:5232
- C:\Windows\System\gZTsboF.exe
  C:\Windows\System\gZTsboF.exe
  2⤵
  PID:760
- C:\Windows\System\nesImvf.exe
  C:\Windows\System\nesImvf.exe
  2⤵
  PID:5668
- C:\Windows\System\FIsUuiE.exe
  C:\Windows\System\FIsUuiE.exe
  2⤵
  PID:6132
- C:\Windows\System\MMuxxsw.exe
  C:\Windows\System\MMuxxsw.exe
  2⤵
  PID:4708
- C:\Windows\System\SGpEAGk.exe
  C:\Windows\System\SGpEAGk.exe
  2⤵
  PID:6328
- C:\Windows\System\ftfwPHG.exe
  C:\Windows\System\ftfwPHG.exe
  2⤵
  PID:6500
- C:\Windows\System\IERqeTK.exe
  C:\Windows\System\IERqeTK.exe
  2⤵
  PID:588
- C:\Windows\System\TFBjWtV.exe
  C:\Windows\System\TFBjWtV.exe
  2⤵
  PID:6632
- C:\Windows\System\THkscST.exe
  C:\Windows\System\THkscST.exe
  2⤵
  PID:6816
- C:\Windows\System\aTdYJlP.exe
  C:\Windows\System\aTdYJlP.exe
  2⤵
  PID:2604
- C:\Windows\System\pUIgSNs.exe
  C:\Windows\System\pUIgSNs.exe
  2⤵
  PID:7172
- C:\Windows\System\olWBADF.exe
  C:\Windows\System\olWBADF.exe
  2⤵
  PID:7236
- C:\Windows\System\ADJAUmX.exe
  C:\Windows\System\ADJAUmX.exe
  2⤵
  PID:7268
- C:\Windows\System\jxOtjaH.exe
  C:\Windows\System\jxOtjaH.exe
  2⤵
  PID:7272
- C:\Windows\System\TkhCCFe.exe
  C:\Windows\System\TkhCCFe.exe
  2⤵
  PID:7296
- C:\Windows\System\sBhQulc.exe
  C:\Windows\System\sBhQulc.exe
  2⤵
  PID:7336
- C:\Windows\System\xrzepCC.exe
  C:\Windows\System\xrzepCC.exe
  2⤵
  PID:7400
- C:\Windows\System\GrSgcGz.exe
  C:\Windows\System\GrSgcGz.exe
  2⤵
  PID:7412
- C:\Windows\System\AdYrNtN.exe
  C:\Windows\System\AdYrNtN.exe
  2⤵
  PID:7436
- C:\Windows\System\ZICkeSu.exe
  C:\Windows\System\ZICkeSu.exe
  2⤵
  PID:7456
- C:\Windows\System\EaGOzyz.exe
  C:\Windows\System\EaGOzyz.exe
  2⤵
  PID:7496
- C:\Windows\System\QKqeKKL.exe
  C:\Windows\System\QKqeKKL.exe
  2⤵
  PID:7564
- C:\Windows\System\ORgPfMj.exe
  C:\Windows\System\ORgPfMj.exe
  2⤵
  PID:7604
- C:\Windows\System\TzerMop.exe
  C:\Windows\System\TzerMop.exe
  2⤵
  PID:7616
- C:\Windows\System\lXfoyYJ.exe
  C:\Windows\System\lXfoyYJ.exe
  2⤵
  PID:7640
- C:\Windows\System\UlLPAmF.exe
  C:\Windows\System\UlLPAmF.exe
  2⤵
  PID:7664
- C:\Windows\System\aumuuOJ.exe
  C:\Windows\System\aumuuOJ.exe
  2⤵
  PID:7716
- C:\Windows\System\AhiUlXf.exe
  C:\Windows\System\AhiUlXf.exe
  2⤵
  PID:7744
- C:\Windows\System\IJHDGiv.exe
  C:\Windows\System\IJHDGiv.exe
  2⤵
  PID:7760
- C:\Windows\System\aQlLORd.exe
  C:\Windows\System\aQlLORd.exe
  2⤵
  PID:7804
- C:\Windows\System\noatHBW.exe
  C:\Windows\System\noatHBW.exe
  2⤵
  PID:7820
- C:\Windows\System\MvfiyYi.exe
  C:\Windows\System\MvfiyYi.exe
  2⤵
  PID:7876
- C:\Windows\System\gZYXGkq.exe
  C:\Windows\System\gZYXGkq.exe
  2⤵
  PID:7916
- C:\Windows\System\ZhoAFAQ.exe
  C:\Windows\System\ZhoAFAQ.exe
  2⤵
  PID:7936
- C:\Windows\System\vwxlZqq.exe
  C:\Windows\System\vwxlZqq.exe
  2⤵
  PID:7960
- C:\Windows\System\HyQTcqQ.exe
  C:\Windows\System\HyQTcqQ.exe
  2⤵
  PID:8004
- C:\Windows\System\WTMBrty.exe
  C:\Windows\System\WTMBrty.exe
  2⤵
  PID:8044
- C:\Windows\System\OTBKPEk.exe
  C:\Windows\System\OTBKPEk.exe
  2⤵
  PID:8076
- C:\Windows\System\OZTTKBU.exe
  C:\Windows\System\OZTTKBU.exe
  2⤵
  PID:8104
- C:\Windows\System\FZYPrke.exe
  C:\Windows\System\FZYPrke.exe
  2⤵
  PID:8168
- C:\Windows\System\JjjVFMb.exe
  C:\Windows\System\JjjVFMb.exe
  2⤵
  PID:8180
- C:\Windows\System\sHrFinJ.exe
  C:\Windows\System\sHrFinJ.exe
  2⤵
  PID:7040
- C:\Windows\System\tErKfaY.exe
  C:\Windows\System\tErKfaY.exe
  2⤵
  PID:7136
- C:\Windows\System\PjNvSOH.exe
  C:\Windows\System\PjNvSOH.exe
  2⤵
  PID:3048
- C:\Windows\System\fAItPxH.exe
  C:\Windows\System\fAItPxH.exe
  2⤵
  PID:6224
- C:\Windows\System\mOHYPdk.exe
  C:\Windows\System\mOHYPdk.exe
  2⤵
  PID:6560
- C:\Windows\System\JHkFfIZ.exe
  C:\Windows\System\JHkFfIZ.exe
  2⤵
  PID:6612
- C:\Windows\System\dGjJoJD.exe
  C:\Windows\System\dGjJoJD.exe
  2⤵
  PID:6736
- C:\Windows\System\BYVmbOR.exe
  C:\Windows\System\BYVmbOR.exe
  2⤵
  PID:6912
- C:\Windows\System\hrprvzU.exe
  C:\Windows\System\hrprvzU.exe
  2⤵
  PID:7232
- C:\Windows\System\SzJDXfc.exe
  C:\Windows\System\SzJDXfc.exe
  2⤵
  PID:7308
- C:\Windows\System\JdAjDKg.exe
  C:\Windows\System\JdAjDKg.exe
  2⤵
  PID:7348
- C:\Windows\System\pkFoStD.exe
  C:\Windows\System\pkFoStD.exe
  2⤵
  PID:7352
- C:\Windows\System\qtUwEcm.exe
  C:\Windows\System\qtUwEcm.exe
  2⤵
  PID:7440
- C:\Windows\System\MuEaqsp.exe
  C:\Windows\System\MuEaqsp.exe
  2⤵
  PID:7492
- C:\Windows\System\xWVdQJP.exe
  C:\Windows\System\xWVdQJP.exe
  2⤵
  PID:7556
- C:\Windows\System\CfTMFTa.exe
  C:\Windows\System\CfTMFTa.exe
  2⤵
  PID:7600
- C:\Windows\System\ESrnPiB.exe
  C:\Windows\System\ESrnPiB.exe
  2⤵
  PID:7676
- C:\Windows\System\nsjTEQx.exe
  C:\Windows\System\nsjTEQx.exe
  2⤵
  PID:7696
- C:\Windows\System\VSEpHUm.exe
  C:\Windows\System\VSEpHUm.exe
  2⤵
  PID:7380
- C:\Windows\System\JzjnrZu.exe
  C:\Windows\System\JzjnrZu.exe
  2⤵
  PID:7784
- C:\Windows\System\pXatQBn.exe
  C:\Windows\System\pXatQBn.exe
  2⤵
  PID:7864
- C:\Windows\System\YJoVIpB.exe
  C:\Windows\System\YJoVIpB.exe
  2⤵
  PID:7920
- C:\Windows\System\pIvDHSE.exe
  C:\Windows\System\pIvDHSE.exe
  2⤵
  PID:7984
- C:\Windows\System\yHCMxmP.exe
  C:\Windows\System\yHCMxmP.exe
  2⤵
  PID:8020
- C:\Windows\System\xKUMMgG.exe
  C:\Windows\System\xKUMMgG.exe
  2⤵
  PID:8116
- C:\Windows\System\dlYVXBY.exe
  C:\Windows\System\dlYVXBY.exe
  2⤵
  PID:8148
- C:\Windows\System\aPXSMUF.exe
  C:\Windows\System\aPXSMUF.exe
  2⤵
  PID:7096
- C:\Windows\System\HCqaxot.exe
  C:\Windows\System\HCqaxot.exe
  2⤵
  PID:5360
- C:\Windows\System\HnAmDBN.exe
  C:\Windows\System\HnAmDBN.exe
  2⤵
  PID:6136
- C:\Windows\System\tvrCypc.exe
  C:\Windows\System\tvrCypc.exe
  2⤵
  PID:6384
- C:\Windows\System\KmmuVtk.exe
  C:\Windows\System\KmmuVtk.exe
  2⤵
  PID:7176
- C:\Windows\System\lUGHGPZ.exe
  C:\Windows\System\lUGHGPZ.exe
  2⤵
  PID:7228
- C:\Windows\System\IVyfXHq.exe
  C:\Windows\System\IVyfXHq.exe
  2⤵
  PID:7312
- C:\Windows\System\NawQmzk.exe
  C:\Windows\System\NawQmzk.exe
  2⤵
  PID:7452
- C:\Windows\System\KSFXZLh.exe
  C:\Windows\System\KSFXZLh.exe
  2⤵
  PID:7560
- C:\Windows\System\tmEHtaP.exe
  C:\Windows\System\tmEHtaP.exe
  2⤵
  PID:7636
- C:\Windows\System\JslWoHx.exe
  C:\Windows\System\JslWoHx.exe
  2⤵
  PID:7684
- C:\Windows\System\kcYXoDC.exe
  C:\Windows\System\kcYXoDC.exe
  2⤵
  PID:8208
- C:\Windows\System\RWWrPMw.exe
  C:\Windows\System\RWWrPMw.exe
  2⤵
  PID:8228
- C:\Windows\System\xcBvDNO.exe
  C:\Windows\System\xcBvDNO.exe
  2⤵
  PID:8248
- C:\Windows\System\yyVTGrs.exe
  C:\Windows\System\yyVTGrs.exe
  2⤵
  PID:8264
- C:\Windows\System\xZakRJu.exe
  C:\Windows\System\xZakRJu.exe
  2⤵
  PID:8288
- C:\Windows\System\KjTgRsZ.exe
  C:\Windows\System\KjTgRsZ.exe
  2⤵
  PID:8308
- C:\Windows\System\gqROPdh.exe
  C:\Windows\System\gqROPdh.exe
  2⤵
  PID:8328
- C:\Windows\System\rOFHQbu.exe
  C:\Windows\System\rOFHQbu.exe
  2⤵
  PID:8348
- C:\Windows\System\YeCbnJL.exe
  C:\Windows\System\YeCbnJL.exe
  2⤵
  PID:8368
- C:\Windows\System\RIsfYVj.exe
  C:\Windows\System\RIsfYVj.exe
  2⤵
  PID:8388
- C:\Windows\System\rsoIrsM.exe
  C:\Windows\System\rsoIrsM.exe
  2⤵
  PID:8408
- C:\Windows\System\hjhersW.exe
  C:\Windows\System\hjhersW.exe
  2⤵
  PID:8432
- C:\Windows\System\LUlXaNf.exe
  C:\Windows\System\LUlXaNf.exe
  2⤵
  PID:8452
- C:\Windows\System\zmFeJYV.exe
  C:\Windows\System\zmFeJYV.exe
  2⤵
  PID:8472
- C:\Windows\System\QzeiEOT.exe
  C:\Windows\System\QzeiEOT.exe
  2⤵
  PID:8492
- C:\Windows\System\hyvQGxs.exe
  C:\Windows\System\hyvQGxs.exe
  2⤵
  PID:8512
- C:\Windows\System\CkdMjeB.exe
  C:\Windows\System\CkdMjeB.exe
  2⤵
  PID:8532
- C:\Windows\System\LXHSkOE.exe
  C:\Windows\System\LXHSkOE.exe
  2⤵
  PID:8552
- C:\Windows\System\nhQkuxe.exe
  C:\Windows\System\nhQkuxe.exe
  2⤵
  PID:8572
- C:\Windows\System\VluSymK.exe
  C:\Windows\System\VluSymK.exe
  2⤵
  PID:8592
- C:\Windows\System\WVgsinq.exe
  C:\Windows\System\WVgsinq.exe
  2⤵
  PID:8612
- C:\Windows\System\ghcvlEd.exe
  C:\Windows\System\ghcvlEd.exe
  2⤵
  PID:8632
- C:\Windows\System\NCkFmIe.exe
  C:\Windows\System\NCkFmIe.exe
  2⤵
  PID:8652
- C:\Windows\System\OgQQlZV.exe
  C:\Windows\System\OgQQlZV.exe
  2⤵
  PID:8672
- C:\Windows\System\gnDUVIx.exe
  C:\Windows\System\gnDUVIx.exe
  2⤵
  PID:8692
- C:\Windows\System\zXWGjzm.exe
  C:\Windows\System\zXWGjzm.exe
  2⤵
  PID:8712
- C:\Windows\System\uNELiCd.exe
  C:\Windows\System\uNELiCd.exe
  2⤵
  PID:8728
- C:\Windows\System\LvxsoTw.exe
  C:\Windows\System\LvxsoTw.exe
  2⤵
  PID:8744
- C:\Windows\System\pjvjsYW.exe
  C:\Windows\System\pjvjsYW.exe
  2⤵
  PID:8760
- C:\Windows\System\eiZFgdy.exe
  C:\Windows\System\eiZFgdy.exe
  2⤵
  PID:8780
- C:\Windows\System\PweXJQU.exe
  C:\Windows\System\PweXJQU.exe
  2⤵
  PID:8800
- C:\Windows\System\zFNTcHi.exe
  C:\Windows\System\zFNTcHi.exe
  2⤵
  PID:8816
- C:\Windows\System\xUzamkJ.exe
  C:\Windows\System\xUzamkJ.exe
  2⤵
  PID:8832
- C:\Windows\System\UGiXnkG.exe
  C:\Windows\System\UGiXnkG.exe
  2⤵
  PID:8848
- C:\Windows\System\yEstbTr.exe
  C:\Windows\System\yEstbTr.exe
  2⤵
  PID:8864
- C:\Windows\System\mVPVDYJ.exe
  C:\Windows\System\mVPVDYJ.exe
  2⤵
  PID:8880
- C:\Windows\System\ZzDTuTm.exe
  C:\Windows\System\ZzDTuTm.exe
  2⤵
  PID:8896
- C:\Windows\System\lGRRids.exe
  C:\Windows\System\lGRRids.exe
  2⤵
  PID:8912
- C:\Windows\System\HvORQxo.exe
  C:\Windows\System\HvORQxo.exe
  2⤵
  PID:8928
- C:\Windows\System\aTEuLAn.exe
  C:\Windows\System\aTEuLAn.exe
  2⤵
  PID:8944
- C:\Windows\System\IbIcpmQ.exe
  C:\Windows\System\IbIcpmQ.exe
  2⤵
  PID:8960
- C:\Windows\System\mUvxRQe.exe
  C:\Windows\System\mUvxRQe.exe
  2⤵
  PID:8980
- C:\Windows\System\UoKDlwW.exe
  C:\Windows\System\UoKDlwW.exe
  2⤵
  PID:8996
- C:\Windows\System\xtxeavs.exe
  C:\Windows\System\xtxeavs.exe
  2⤵
  PID:9012
- C:\Windows\System\hofxRrN.exe
  C:\Windows\System\hofxRrN.exe
  2⤵
  PID:9072
- C:\Windows\System\VxYQysC.exe
  C:\Windows\System\VxYQysC.exe
  2⤵
  PID:9092
- C:\Windows\System\UnuKKfz.exe
  C:\Windows\System\UnuKKfz.exe
  2⤵
  PID:9124
- C:\Windows\System\aRbBoSi.exe
  C:\Windows\System\aRbBoSi.exe
  2⤵
  PID:9164
- C:\Windows\System\PPQIARZ.exe
  C:\Windows\System\PPQIARZ.exe
  2⤵
  PID:6332
- C:\Windows\System\qEWALdO.exe
  C:\Windows\System\qEWALdO.exe
  2⤵
  PID:7880
- C:\Windows\System\GVTKXCd.exe
  C:\Windows\System\GVTKXCd.exe
  2⤵
  PID:7856
- C:\Windows\System\eNADfPI.exe
  C:\Windows\System\eNADfPI.exe
  2⤵
  PID:7944
- C:\Windows\System\eHGrGoU.exe
  C:\Windows\System\eHGrGoU.exe
  2⤵
  PID:8080
- C:\Windows\System\KSGwRaW.exe
  C:\Windows\System\KSGwRaW.exe
  2⤵
  PID:8136
- C:\Windows\System\PAUYXOx.exe
  C:\Windows\System\PAUYXOx.exe
  2⤵
  PID:8184
- C:\Windows\System\EysFfKE.exe
  C:\Windows\System\EysFfKE.exe
  2⤵
  PID:6008
- C:\Windows\System\FFJGvsD.exe
  C:\Windows\System\FFJGvsD.exe
  2⤵
  PID:4900
- C:\Windows\System\kCTVKKl.exe
  C:\Windows\System\kCTVKKl.exe
  2⤵
  PID:7212
- C:\Windows\System\FrSUman.exe
  C:\Windows\System\FrSUman.exe
  2⤵
  PID:2820
- C:\Windows\System\KeXplea.exe
  C:\Windows\System\KeXplea.exe
  2⤵
  PID:7372
- C:\Windows\System\qUtiJAx.exe
  C:\Windows\System\qUtiJAx.exe
  2⤵
  PID:7516
- C:\Windows\System\FLeqdxy.exe
  C:\Windows\System\FLeqdxy.exe
  2⤵
  PID:8196
- C:\Windows\System\pwyhDGa.exe
  C:\Windows\System\pwyhDGa.exe
  2⤵
  PID:7704
- C:\Windows\System\FMrgVrX.exe
  C:\Windows\System\FMrgVrX.exe
  2⤵
  PID:8220
- C:\Windows\System\TrvJUhT.exe
  C:\Windows\System\TrvJUhT.exe
  2⤵
  PID:8276
- C:\Windows\System\GavDRwi.exe
  C:\Windows\System\GavDRwi.exe
  2⤵
  PID:8280
- C:\Windows\System\GvaPVuS.exe
  C:\Windows\System\GvaPVuS.exe
  2⤵
  PID:8300
- C:\Windows\System\RcNzdlw.exe
  C:\Windows\System\RcNzdlw.exe
  2⤵
  PID:8364
- C:\Windows\System\ayvnfHb.exe
  C:\Windows\System\ayvnfHb.exe
  2⤵
  PID:8384
- C:\Windows\System\QsmUfgR.exe
  C:\Windows\System\QsmUfgR.exe
  2⤵
  PID:8440
- C:\Windows\System\UsQCLFC.exe
  C:\Windows\System\UsQCLFC.exe
  2⤵
  PID:8460
- C:\Windows\System\osuFZOZ.exe
  C:\Windows\System\osuFZOZ.exe
  2⤵
  PID:8488
- C:\Windows\System\qXYGUjB.exe
  C:\Windows\System\qXYGUjB.exe
  2⤵
  PID:8508
- C:\Windows\System\KLHeKWU.exe
  C:\Windows\System\KLHeKWU.exe
  2⤵
  PID:8540
- C:\Windows\System\HiCVCDf.exe
  C:\Windows\System\HiCVCDf.exe
  2⤵
  PID:8580
- C:\Windows\System\ecchHPW.exe
  C:\Windows\System\ecchHPW.exe
  2⤵
  PID:8620
- C:\Windows\System\NmOCYmO.exe
  C:\Windows\System\NmOCYmO.exe
  2⤵
  PID:8648
- C:\Windows\System\ETljVvE.exe
  C:\Windows\System\ETljVvE.exe
  2⤵
  PID:8660
- C:\Windows\System\qBGFzLt.exe
  C:\Windows\System\qBGFzLt.exe
  2⤵
  PID:8684
- C:\Windows\System\FJXjaki.exe
  C:\Windows\System\FJXjaki.exe
  2⤵
  PID:8724
- C:\Windows\System\EWJqAke.exe
  C:\Windows\System\EWJqAke.exe
  2⤵
  PID:8756
- C:\Windows\System\GShZyhJ.exe
  C:\Windows\System\GShZyhJ.exe
  2⤵
  PID:8428
- C:\Windows\System\EWWLJVW.exe
  C:\Windows\System\EWWLJVW.exe
  2⤵
  PID:8808
- C:\Windows\System\kHcvThr.exe
  C:\Windows\System\kHcvThr.exe
  2⤵
  PID:8844
- C:\Windows\System\aTySdfP.exe
  C:\Windows\System\aTySdfP.exe
  2⤵
  PID:8876
- C:\Windows\System\bNhsubm.exe
  C:\Windows\System\bNhsubm.exe
  2⤵
  PID:8920
- C:\Windows\System\envdnPd.exe
  C:\Windows\System\envdnPd.exe
  2⤵
  PID:8940
- C:\Windows\System\YNBwCIu.exe
  C:\Windows\System\YNBwCIu.exe
  2⤵
  PID:8976
- C:\Windows\System\WdDaEWj.exe
  C:\Windows\System\WdDaEWj.exe
  2⤵
  PID:9008
- C:\Windows\System\FdHhwLM.exe
  C:\Windows\System\FdHhwLM.exe
  2⤵
  PID:9032
- C:\Windows\System\dAwXaib.exe
  C:\Windows\System\dAwXaib.exe
  2⤵
  PID:9052
- C:\Windows\System\QBKtrQe.exe
  C:\Windows\System\QBKtrQe.exe
  2⤵
  PID:9048
- C:\Windows\System\nwFVUgg.exe
  C:\Windows\System\nwFVUgg.exe
  2⤵
  PID:9100
- C:\Windows\System\GJMVOLQ.exe
  C:\Windows\System\GJMVOLQ.exe
  2⤵
  PID:9104
- C:\Windows\System\DHJsHqv.exe
  C:\Windows\System\DHJsHqv.exe
  2⤵
  PID:3848
- C:\Windows\System\ltSdJsA.exe
  C:\Windows\System\ltSdJsA.exe
  2⤵
  PID:9108
- C:\Windows\System\sAuXWks.exe
  C:\Windows\System\sAuXWks.exe
  2⤵
  PID:9156
- C:\Windows\System\zKZwkgv.exe
  C:\Windows\System\zKZwkgv.exe
  2⤵
  PID:4844
- C:\Windows\System\vNWdqUJ.exe
  C:\Windows\System\vNWdqUJ.exe
  2⤵
  PID:4188
- C:\Windows\System\rCFOUer.exe
  C:\Windows\System\rCFOUer.exe
  2⤵
  PID:1452
- C:\Windows\System\lFnVQnb.exe
  C:\Windows\System\lFnVQnb.exe
  2⤵
  PID:1236
- C:\Windows\System\lGntbrE.exe
  C:\Windows\System\lGntbrE.exe
  2⤵
  PID:2160
- C:\Windows\System\EFDnXlD.exe
  C:\Windows\System\EFDnXlD.exe
  2⤵
  PID:1424
- C:\Windows\System\zjHxeHU.exe
  C:\Windows\System\zjHxeHU.exe
  2⤵
  PID:2644
- C:\Windows\System\HfINBQV.exe
  C:\Windows\System\HfINBQV.exe
  2⤵
  PID:2460
- C:\Windows\System\DlyAjLA.exe
  C:\Windows\System\DlyAjLA.exe
  2⤵
  PID:2892
- C:\Windows\System\aWkjNgJ.exe
  C:\Windows\System\aWkjNgJ.exe
  2⤵
  PID:7480
- C:\Windows\System\CvoNmsx.exe
  C:\Windows\System\CvoNmsx.exe
  2⤵
  PID:8216
- C:\Windows\System\opphdgu.exe
  C:\Windows\System\opphdgu.exe
  2⤵
  PID:8344
- C:\Windows\System\GohhrSX.exe
  C:\Windows\System\GohhrSX.exe
  2⤵
  PID:8416
- C:\Windows\System\GtiYFOp.exe
  C:\Windows\System\GtiYFOp.exe
  2⤵
  PID:8524
- C:\Windows\System\BRaLwzB.exe
  C:\Windows\System\BRaLwzB.exe
  2⤵
  PID:8608
- C:\Windows\System\lWEOOBr.exe
  C:\Windows\System\lWEOOBr.exe
  2⤵
  PID:1648
- C:\Windows\System\SViVJHa.exe
  C:\Windows\System\SViVJHa.exe
  2⤵
  PID:8016
- C:\Windows\System\LvSuUyD.exe
  C:\Windows\System\LvSuUyD.exe
  2⤵
  PID:6880
- C:\Windows\System\qTfqaSH.exe
  C:\Windows\System\qTfqaSH.exe
  2⤵
  PID:8200
- C:\Windows\System\lpTMxBd.exe
  C:\Windows\System\lpTMxBd.exe
  2⤵
  PID:8316
- C:\Windows\System\jyOUZzz.exe
  C:\Windows\System\jyOUZzz.exe
  2⤵
  PID:8376
- C:\Windows\System\egFtfFj.exe
  C:\Windows\System\egFtfFj.exe
  2⤵
  PID:8444
- C:\Windows\System\uxCGNZT.exe
  C:\Windows\System\uxCGNZT.exe
  2⤵
  PID:8528
- C:\Windows\System\Iyzhtnd.exe
  C:\Windows\System\Iyzhtnd.exe
  2⤵
  PID:8640
- C:\Windows\System\ygVTrYI.exe
  C:\Windows\System\ygVTrYI.exe
  2⤵
  PID:8768
- C:\Windows\System\CKJaGEi.exe
  C:\Windows\System\CKJaGEi.exe
  2⤵
  PID:8736
- C:\Windows\System\vaRWNSI.exe
  C:\Windows\System\vaRWNSI.exe
  2⤵
  PID:8904
- C:\Windows\System\YLQJzId.exe
  C:\Windows\System\YLQJzId.exe
  2⤵
  PID:9024
- C:\Windows\System\FZqqMvi.exe
  C:\Windows\System\FZqqMvi.exe
  2⤵
  PID:8824
- C:\Windows\System\sUhOZTS.exe
  C:\Windows\System\sUhOZTS.exe
  2⤵
  PID:9116
- C:\Windows\System\JcaBWpB.exe
  C:\Windows\System\JcaBWpB.exe
  2⤵
  PID:4428
- C:\Windows\System\mJhylrf.exe
  C:\Windows\System\mJhylrf.exe
  2⤵
  PID:8936
- C:\Windows\System\adAyJsD.exe
  C:\Windows\System\adAyJsD.exe
  2⤵
  PID:9004
- C:\Windows\System\ZOxMFii.exe
  C:\Windows\System\ZOxMFii.exe
  2⤵
  PID:9088
- C:\Windows\System\bQJZFnC.exe
  C:\Windows\System\bQJZFnC.exe
  2⤵
  PID:2828
- C:\Windows\System\Nrikhwt.exe
  C:\Windows\System\Nrikhwt.exe
  2⤵
  PID:9208
- C:\Windows\System\HVLHgbV.exe
  C:\Windows\System\HVLHgbV.exe
  2⤵
  PID:2960
- C:\Windows\System\jaIRZJg.exe
  C:\Windows\System\jaIRZJg.exe
  2⤵
  PID:2212
- C:\Windows\System\CtuuWjg.exe
  C:\Windows\System\CtuuWjg.exe
  2⤵
  PID:528
- C:\Windows\System\zyCJXhd.exe
  C:\Windows\System\zyCJXhd.exe
  2⤵
  PID:9132
- C:\Windows\System\etZtlMe.exe
  C:\Windows\System\etZtlMe.exe
  2⤵
  PID:2952
- C:\Windows\System\oIrQJMj.exe
  C:\Windows\System\oIrQJMj.exe
  2⤵
  PID:8792
- C:\Windows\System\tXOXEfI.exe
  C:\Windows\System\tXOXEfI.exe
  2⤵
  PID:2192
- C:\Windows\System\FhhTaDM.exe
  C:\Windows\System\FhhTaDM.exe
  2⤵
  PID:332
- C:\Windows\System\JFcoEtT.exe
  C:\Windows\System\JFcoEtT.exe
  2⤵
  PID:668
- C:\Windows\System\IlKHXAR.exe
  C:\Windows\System\IlKHXAR.exe
  2⤵
  PID:8124
- C:\Windows\System\aEFjNCp.exe
  C:\Windows\System\aEFjNCp.exe
  2⤵
  PID:7680
- C:\Windows\System\erZPCrF.exe
  C:\Windows\System\erZPCrF.exe
  2⤵
  PID:7328
- C:\Windows\System\obyEmwg.exe
  C:\Windows\System\obyEmwg.exe
  2⤵
  PID:7780
- C:\Windows\System\hTjzvcf.exe
  C:\Windows\System\hTjzvcf.exe
  2⤵
  PID:8464
- C:\Windows\System\xoqXRYB.exe
  C:\Windows\System\xoqXRYB.exe
  2⤵
  PID:8584
- C:\Windows\System\XKppDxX.exe
  C:\Windows\System\XKppDxX.exe
  2⤵
  PID:7964
- C:\Windows\System\GBBriCP.exe
  C:\Windows\System\GBBriCP.exe
  2⤵
  PID:8520
- C:\Windows\System\WLawFCu.exe
  C:\Windows\System\WLawFCu.exe
  2⤵
  PID:8500
- C:\Windows\System\fLEWKjr.exe
  C:\Windows\System\fLEWKjr.exe
  2⤵
  PID:7460
- C:\Windows\System\KonPtaU.exe
  C:\Windows\System\KonPtaU.exe
  2⤵
  PID:8992
- C:\Windows\System\qoovCnk.exe
  C:\Windows\System\qoovCnk.exe
  2⤵
  PID:3012
- C:\Windows\System\MURUipe.exe
  C:\Windows\System\MURUipe.exe
  2⤵
  PID:1536
- C:\Windows\System\QOYnrOJ.exe
  C:\Windows\System\QOYnrOJ.exe
  2⤵
  PID:8668
- C:\Windows\System\WZiNQHb.exe
  C:\Windows\System\WZiNQHb.exe
  2⤵
  PID:544
- C:\Windows\System\Dhgimkr.exe
  C:\Windows\System\Dhgimkr.exe
  2⤵
  PID:8600
- C:\Windows\System\ytLWGCh.exe
  C:\Windows\System\ytLWGCh.exe
  2⤵
  PID:8968
- C:\Windows\System\pWwIgsq.exe
  C:\Windows\System\pWwIgsq.exe
  2⤵
  PID:9084
- C:\Windows\System\KHpgwhk.exe
  C:\Windows\System\KHpgwhk.exe
  2⤵
  PID:1740
- C:\Windows\System\kvYZKUG.exe
  C:\Windows\System\kvYZKUG.exe
  2⤵
  PID:2564
- C:\Windows\System\qOirsTT.exe
  C:\Windows\System\qOirsTT.exe
  2⤵
  PID:8340
- C:\Windows\System\iWHqrgI.exe
  C:\Windows\System\iWHqrgI.exe
  2⤵
  PID:8396
- C:\Windows\System\SydEpZs.exe
  C:\Windows\System\SydEpZs.exe
  2⤵
  PID:4408
- C:\Windows\System\HsTmoDk.exe
  C:\Windows\System\HsTmoDk.exe
  2⤵
  PID:1980
- C:\Windows\System\suJkIWM.exe
  C:\Windows\System\suJkIWM.exe
  2⤵
  PID:768
- C:\Windows\System\xjDiEkt.exe
  C:\Windows\System\xjDiEkt.exe
  2⤵
  PID:9060
- C:\Windows\System\FxBOuLE.exe
  C:\Windows\System\FxBOuLE.exe
  2⤵
  PID:2376
- C:\Windows\System\zYQnnMb.exe
  C:\Windows\System\zYQnnMb.exe
  2⤵
  PID:8708
- C:\Windows\System\ykcNbTg.exe
  C:\Windows\System\ykcNbTg.exe
  2⤵
  PID:2352
- C:\Windows\System\BoDHUOk.exe
  C:\Windows\System\BoDHUOk.exe
  2⤵
  PID:2936
- C:\Windows\System\AKJLcrm.exe
  C:\Windows\System\AKJLcrm.exe
  2⤵
  PID:7860
- C:\Windows\System\AklUvsI.exe
  C:\Windows\System\AklUvsI.exe
  2⤵
  PID:1616
- C:\Windows\System\sHiLOGu.exe
  C:\Windows\System\sHiLOGu.exe
  2⤵
  PID:8224
- C:\Windows\System\gEHCKqI.exe
  C:\Windows\System\gEHCKqI.exe
  2⤵
  PID:2040
- C:\Windows\System\utwLFyb.exe
  C:\Windows\System\utwLFyb.exe
  2⤵
  PID:7584
- C:\Windows\System\aCdeLvH.exe
  C:\Windows\System\aCdeLvH.exe
  2⤵
  PID:8188
- C:\Windows\System\pjAvknN.exe
  C:\Windows\System\pjAvknN.exe
  2⤵
  PID:8036
- C:\Windows\System\KPnsjtB.exe
  C:\Windows\System\KPnsjtB.exe
  2⤵
  PID:8272
- C:\Windows\System\cEBVfhF.exe
  C:\Windows\System\cEBVfhF.exe
  2⤵
  PID:9220
- C:\Windows\System\BahStnQ.exe
  C:\Windows\System\BahStnQ.exe
  2⤵
  PID:9236
- C:\Windows\System\MkDKXtP.exe
  C:\Windows\System\MkDKXtP.exe
  2⤵
  PID:9252
- C:\Windows\System\GOaALHe.exe
  C:\Windows\System\GOaALHe.exe
  2⤵
  PID:9268
- C:\Windows\System\qJyEILZ.exe
  C:\Windows\System\qJyEILZ.exe
  2⤵
  PID:9284
- C:\Windows\System\ilqFmSF.exe
  C:\Windows\System\ilqFmSF.exe
  2⤵
  PID:9304
- C:\Windows\System\IqhfdwI.exe
  C:\Windows\System\IqhfdwI.exe
  2⤵
  PID:9324
- C:\Windows\System\vMTfyRB.exe
  C:\Windows\System\vMTfyRB.exe
  2⤵
  PID:9340
- C:\Windows\System\IuemMeK.exe
  C:\Windows\System\IuemMeK.exe
  2⤵
  PID:9356
- C:\Windows\System\unHYOSb.exe
  C:\Windows\System\unHYOSb.exe
  2⤵
  PID:9372
- C:\Windows\System\zbMDtRw.exe
  C:\Windows\System\zbMDtRw.exe
  2⤵
  PID:9388
- C:\Windows\System\zZUyJWn.exe
  C:\Windows\System\zZUyJWn.exe
  2⤵
  PID:9404
- C:\Windows\System\cFEWTnM.exe
  C:\Windows\System\cFEWTnM.exe
  2⤵
  PID:9420
- C:\Windows\System\dSpMVRx.exe
  C:\Windows\System\dSpMVRx.exe
  2⤵
  PID:9440
- C:\Windows\System\UdemRYG.exe
  C:\Windows\System\UdemRYG.exe
  2⤵
  PID:9456
- C:\Windows\System\wDNMGmS.exe
  C:\Windows\System\wDNMGmS.exe
  2⤵
  PID:9472
- C:\Windows\System\pyTyBLa.exe
  C:\Windows\System\pyTyBLa.exe
  2⤵
  PID:9488
- C:\Windows\System\UXDLIUp.exe
  C:\Windows\System\UXDLIUp.exe
  2⤵
  PID:9564
- C:\Windows\System\RejIoiU.exe
  C:\Windows\System\RejIoiU.exe
  2⤵
  PID:9580
- C:\Windows\System\wMPXlEf.exe
  C:\Windows\System\wMPXlEf.exe
  2⤵
  PID:9596
- C:\Windows\System\jQggGcj.exe
  C:\Windows\System\jQggGcj.exe
  2⤵
  PID:9612
- C:\Windows\System\lewsZPL.exe
  C:\Windows\System\lewsZPL.exe
  2⤵
  PID:9632
- C:\Windows\System\TvexDoG.exe
  C:\Windows\System\TvexDoG.exe
  2⤵
  PID:9652
- C:\Windows\System\kJtFanE.exe
  C:\Windows\System\kJtFanE.exe
  2⤵
  PID:9668
- C:\Windows\System\NYqhHaf.exe
  C:\Windows\System\NYqhHaf.exe
  2⤵
  PID:9720
- C:\Windows\System\grdsOOq.exe
  C:\Windows\System\grdsOOq.exe
  2⤵
  PID:9736
- C:\Windows\System\hzBWVyP.exe
  C:\Windows\System\hzBWVyP.exe
  2⤵
  PID:9756
- C:\Windows\System\shhCzrc.exe
  C:\Windows\System\shhCzrc.exe
  2⤵
  PID:9776
- C:\Windows\System\OHlNSrq.exe
  C:\Windows\System\OHlNSrq.exe
  2⤵
  PID:9792
- C:\Windows\System\JivXDYQ.exe
  C:\Windows\System\JivXDYQ.exe
  2⤵
  PID:9808
- C:\Windows\System\AElFFpH.exe
  C:\Windows\System\AElFFpH.exe
  2⤵
  PID:9824
- C:\Windows\System\GYcsVIe.exe
  C:\Windows\System\GYcsVIe.exe
  2⤵
  PID:9840
- C:\Windows\System\hNHBFuT.exe
  C:\Windows\System\hNHBFuT.exe
  2⤵
  PID:9856
- C:\Windows\System\zSzQRXs.exe
  C:\Windows\System\zSzQRXs.exe
  2⤵
  PID:9872
- C:\Windows\System\qWaPcah.exe
  C:\Windows\System\qWaPcah.exe
  2⤵
  PID:9888
- C:\Windows\System\jxVtBwg.exe
  C:\Windows\System\jxVtBwg.exe
  2⤵
  PID:9904
- C:\Windows\System\yHfLzmv.exe
  C:\Windows\System\yHfLzmv.exe
  2⤵
  PID:9920
- C:\Windows\System\imCRZXj.exe
  C:\Windows\System\imCRZXj.exe
  2⤵
  PID:9948
- C:\Windows\System\xctLBzk.exe
  C:\Windows\System\xctLBzk.exe
  2⤵
  PID:9992
- C:\Windows\System\cBCopUn.exe
  C:\Windows\System\cBCopUn.exe
  2⤵
  PID:10012
- C:\Windows\System\eeNredC.exe
  C:\Windows\System\eeNredC.exe
  2⤵
  PID:10028
- C:\Windows\System\MOzpCXW.exe
  C:\Windows\System\MOzpCXW.exe
  2⤵
  PID:10052
- C:\Windows\System\fhOzfGg.exe
  C:\Windows\System\fhOzfGg.exe
  2⤵
  PID:10068
- C:\Windows\System\NPtMfqY.exe
  C:\Windows\System\NPtMfqY.exe
  2⤵
  PID:10084
- C:\Windows\System\DtgMfvf.exe
  C:\Windows\System\DtgMfvf.exe
  2⤵
  PID:10100
- C:\Windows\System\BIrpJtX.exe
  C:\Windows\System\BIrpJtX.exe
  2⤵
  PID:10120
- C:\Windows\System\ucgGVNm.exe
  C:\Windows\System\ucgGVNm.exe
  2⤵
  PID:10136
- C:\Windows\System\lcpOnUI.exe
  C:\Windows\System\lcpOnUI.exe
  2⤵
  PID:10152
- C:\Windows\System\hZFWhiW.exe
  C:\Windows\System\hZFWhiW.exe
  2⤵
  PID:10168
- C:\Windows\System\OmmBcus.exe
  C:\Windows\System\OmmBcus.exe
  2⤵
  PID:10184
- C:\Windows\System\MhuhpnU.exe
  C:\Windows\System\MhuhpnU.exe
  2⤵
  PID:10200
- C:\Windows\System\sjGJdsv.exe
  C:\Windows\System\sjGJdsv.exe
  2⤵
  PID:10216
- C:\Windows\System\zmRbgyK.exe
  C:\Windows\System\zmRbgyK.exe
  2⤵
  PID:10232
- C:\Windows\System\mijSLpB.exe
  C:\Windows\System\mijSLpB.exe
  2⤵
  PID:9260
- C:\Windows\System\vzmMIIQ.exe
  C:\Windows\System\vzmMIIQ.exe
  2⤵
  PID:8952
- C:\Windows\System\fLZZTUJ.exe
  C:\Windows\System\fLZZTUJ.exe
  2⤵
  PID:9264
- C:\Windows\System\VYTmHpL.exe
  C:\Windows\System\VYTmHpL.exe
  2⤵
  PID:9316
- C:\Windows\System\ERLwvDB.exe
  C:\Windows\System\ERLwvDB.exe
  2⤵
  PID:9332
- C:\Windows\System\sWZsMaN.exe
  C:\Windows\System\sWZsMaN.exe
  2⤵
  PID:9396
- C:\Windows\System\VFWfkgz.exe
  C:\Windows\System\VFWfkgz.exe
  2⤵
  PID:9436
- C:\Windows\System\OuwgdQm.exe
  C:\Windows\System\OuwgdQm.exe
  2⤵
  PID:9452
- C:\Windows\System\IpUaerj.exe
  C:\Windows\System\IpUaerj.exe
  2⤵
  PID:9484
- C:\Windows\System\ALjCPoI.exe
  C:\Windows\System\ALjCPoI.exe
  2⤵
  PID:9520
- C:\Windows\System\cGgyhyM.exe
  C:\Windows\System\cGgyhyM.exe
  2⤵
  PID:9536
- C:\Windows\System\lEexUPi.exe
  C:\Windows\System\lEexUPi.exe
  2⤵
  PID:9560
- C:\Windows\System\ULiJQWd.exe
  C:\Windows\System\ULiJQWd.exe
  2⤵
  PID:9604
- C:\Windows\System\BmUHFyN.exe
  C:\Windows\System\BmUHFyN.exe
  2⤵
  PID:9664
- C:\Windows\System\CGAQsfJ.exe
  C:\Windows\System\CGAQsfJ.exe
  2⤵
  PID:9684
- C:\Windows\System\fmQmQsq.exe
  C:\Windows\System\fmQmQsq.exe
  2⤵
  PID:9708
- C:\Windows\System\ihsmuSB.exe
  C:\Windows\System\ihsmuSB.exe
  2⤵
  PID:9772
- C:\Windows\System\rakQfvP.exe
  C:\Windows\System\rakQfvP.exe
  2⤵
  PID:9988
- C:\Windows\System\LJdowik.exe
  C:\Windows\System\LJdowik.exe
  2⤵
  PID:9648
- C:\Windows\System\YWCsAjv.exe
  C:\Windows\System\YWCsAjv.exe
  2⤵
  PID:9432
- C:\Windows\System\tuzAfpg.exe
  C:\Windows\System\tuzAfpg.exe
  2⤵
  PID:9276
- C:\Windows\System\oIbUmLx.exe
  C:\Windows\System\oIbUmLx.exe
  2⤵
  PID:9504
- C:\Windows\System\SPDiLll.exe
  C:\Windows\System\SPDiLll.exe
  2⤵
  PID:9588
- C:\Windows\System\JMkuqmE.exe
  C:\Windows\System\JMkuqmE.exe
  2⤵
  PID:9932
- C:\Windows\System\cBPnHGF.exe
  C:\Windows\System\cBPnHGF.exe
  2⤵
  PID:9960
- C:\Windows\System\UxZXMZG.exe
  C:\Windows\System\UxZXMZG.exe
  2⤵
  PID:9984
- C:\Windows\System\FAxmVNc.exe
  C:\Windows\System\FAxmVNc.exe
  2⤵
  PID:10024
- C:\Windows\System\OAqqpBg.exe
  C:\Windows\System\OAqqpBg.exe
  2⤵
  PID:10096
- C:\Windows\System\NdMVcwV.exe
  C:\Windows\System\NdMVcwV.exe
  2⤵
  PID:10192
- C:\Windows\System\akzKIEr.exe
  C:\Windows\System\akzKIEr.exe
  2⤵
  PID:9244
- C:\Windows\System\cabrffD.exe
  C:\Windows\System\cabrffD.exe
  2⤵
  PID:10208
- C:\Windows\System\aUHKHAg.exe
  C:\Windows\System\aUHKHAg.exe
  2⤵
  PID:9228
- C:\Windows\System\stOPWie.exe
  C:\Windows\System\stOPWie.exe
  2⤵
  PID:9400
- C:\Windows\System\eyTPwXS.exe
  C:\Windows\System\eyTPwXS.exe
  2⤵
  PID:9416
- C:\Windows\System\WaUTVvz.exe
  C:\Windows\System\WaUTVvz.exe
  2⤵
  PID:10080
- C:\Windows\System\TYZVjLu.exe
  C:\Windows\System\TYZVjLu.exe
  2⤵
  PID:9348
- C:\Windows\System\EqsdPtx.exe
  C:\Windows\System\EqsdPtx.exe
  2⤵
  PID:9468
- C:\Windows\System\dMhvHUb.exe
  C:\Windows\System\dMhvHUb.exe
  2⤵
  PID:9528
- C:\Windows\System\PFjlcOk.exe
  C:\Windows\System\PFjlcOk.exe
  2⤵
  PID:9592
- C:\Windows\System\ieFumza.exe
  C:\Windows\System\ieFumza.exe
  2⤵
  PID:9692
- C:\Windows\System\plYBphf.exe
  C:\Windows\System\plYBphf.exe
  2⤵
  PID:9744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BSSTizc.exe

Filesize
6.0MB

MD5
7815d9180b5acfaf82c0c1d6b0b50aad

SHA1
1b06ac3a962963201477a4e21ea5d0e67825cf1a

SHA256
d5ea258cd9cbaa568c8fad1744fbc06fd77a07da00ca9b3b0f7b359308fe4830

SHA512
f143d010a10f594c90c84be90609a56799aab0290dee8ee1b9a04b765ab114fcce3e4e4b5aafb286010ef4dd4be2630106a507b76640d18fa5f03709a6af2ca6

Download Submit
C:\Windows\system\FEFyXLX.exe

Filesize
6.0MB

MD5
5d12b1bed6495d36e4a9b046ea5dd406

SHA1
8770ca4619254f4d1fca2b25d1a3a1b2ebba3bdd

SHA256
3eec2a21fd45060224bd06dcc27f14f704721f9662d8f577aea9276fa16fa0fb

SHA512
ec0ed1d7f21bcce86077223fe6e2a080217684a93485b1b8d69a3fa02b0aec2068152ebd24e6a2e2cee3675f92a36305a9a2730e931dd1610c8f693d654e611f

Download Submit
C:\Windows\system\FUMVXUy.exe

Filesize
6.0MB

MD5
9c91dc2a793be854a6a1fc7ec9a45c4f

SHA1
9ee517cc4ea45f18bcf651b48be7079226a34367

SHA256
04e9a86623f0d2659f0d621de3f6ddbbf42f7484df6d25bc353cb68a7f37a139

SHA512
0150805edc0870ffcace5da3d030eff4811091d1e456fab2f135ef06af2d8efc69986985a2c973433177ccabb4d58d6aac39fb5bc06ec1cd5ee49833cfe4dbcb

Download Submit
C:\Windows\system\FiCMLoz.exe

Filesize
6.0MB

MD5
6092ef8585b8eda347c012e84aa4af20

SHA1
b1853376316718ae724f00b22acd1e96e8e442d9

SHA256
ea7aeba48fed5d24bad1b038e129f683edc3b3d3f05dffe1e68c5b252c2c3d6a

SHA512
1d93f46666803ec5624f4f26c75b8dfab2291b101dafd282d9e7b6480464e63601d260f82716a0ac47795f537224207db869e10b41cdc963fd48d723759ec5b6

Download Submit
C:\Windows\system\HLcBAVb.exe

Filesize
6.0MB

MD5
2d493b3165eda55e8462d0c2c37852e9

SHA1
87ea66530b5543f1273cd93f3b89912428469047

SHA256
688078ef8d85378c3bf2b5732ed25017d5a74752fd58224855155da39e53a6ec

SHA512
891514bece0299a8d4f4cafac1b6d7354a6194d9ccd4ce641207f3799d5bd056b397dd9bae0a9ad9560fa86308f2c249cf0ed58ccc06cfd8fbfa858808b44073

Download Submit
C:\Windows\system\JtOOpSK.exe

Filesize
6.0MB

MD5
0443da73c56e83fb6980bb32303908e6

SHA1
d0514a4b21d7016cb1bb0bef48b16d5b98d29e59

SHA256
83bfd1df0a9b75889d451b580f216932413e720bfe803c44052dad3fabe3f59a

SHA512
68404b6d0f1ae4ed06961e31eb235a5a4fe0f0c730605c3669b6733a3a30efad16ba23bb73c058e5b46f5a791929b9c4f1793fba08e5b9a310fee631315ffa29

Download Submit
C:\Windows\system\LodmZZM.exe

Filesize
6.0MB

MD5
ba2a49414130725990237c8ef2509ee8

SHA1
6f386ec216930fc107f8f925850d89226d8166b5

SHA256
0bd3c5cbb09b860dd64f98f91701cf8c79c524ba74666f9c593ea7f6ba5748c7

SHA512
13d9f8b545e7548964835f23f56b10a43a9c8bb5b891b7cabed6554f2544744f08f20216a53ffb55fcf09f3631155622253d3c951f0d4531567a1596e7cebef2

Download Submit
C:\Windows\system\MsVRfFP.exe

Filesize
6.0MB

MD5
0ae7b624a081ac54ad67d93aa44d00e8

SHA1
f01bd64a630da3d3a2c32d6b5aa5b712b7b1ec41

SHA256
778bf693d8926345a3171885761e807387a82cfd04f89088ac74fd779c9010a3

SHA512
f1efe34e331d812cd505d0787c80a75bd10214920ebb407785c466670d52f982c2f1841d3de780b7dd1431fee4ad06f8259fa6d7ee927dc9e12230985e59ce8d

Download Submit
C:\Windows\system\PVHNdKH.exe

Filesize
6.0MB

MD5
e68d7d3a131edbb2f8e1c34cd640a6f4

SHA1
af0ee5909bebe6d8d28fa63e8d0e01ba23f2d58b

SHA256
88c924e3743260e8a7f3b04228b219e00c591725822f72cf0e6351c54e11dcd9

SHA512
19d705b6b6be583b71f86a4696b39e586d940c6679efbaee16c0d93e4003789ea8a83914beaa59c0060835d4efb15f90d2eb6f3f464dde9b130cd200eecf22a3

Download Submit
C:\Windows\system\QBwrEcO.exe

Filesize
6.0MB

MD5
e8e947da2906169dc009adcc3167d6c2

SHA1
eb95d3a37f9fe8c94b235afeb9b1affb328ecf8e

SHA256
6873cf3ca39b55b10e8fdbfb1b0a14b927978ed61b0601f759900688c8c9bd41

SHA512
fb92a37fb2c3551e18ade6fba4aa8f2149096bdd57c60114dad3e7245c5c87d82dced22097b230c9a72cba6ee80ca9a011f61a3bf78195da01963b6898e32ab4

Download Submit
C:\Windows\system\QGSqQZT.exe

Filesize
6.0MB

MD5
2b0ec8ac7b892af604f9e814c0c2f4ba

SHA1
a238a959adaa68f9ce9744ecf8aa60caeb7ddf9d

SHA256
3441b1c621ce20aa1653b98c2a6b733e2538e9280449b50f855e20c150fe71e3

SHA512
12bd4d8cb41eb015e1dba6c0d96cbe77bbcb24ad96c4b72ab4911498f50a5fc8671dcde0303183a901e1ff8e0976d29d7e6d2c4f92edec875fb9e19ed4f4ed47

Download Submit
C:\Windows\system\RbcOaRA.exe

Filesize
6.0MB

MD5
203adc65bde591e3f50ed85d084dc5d6

SHA1
bab18fc2877ee09321c0272ca5d7034a53979bec

SHA256
d0c3e508afad8161c23eea720d1c5893364f7c2dd4ab548e1038beecd78d99ce

SHA512
e9b2ce2a8444c2bd3b70571cd91432762e0ee4896917da7eaeb20ff99becf38297d5d91f942db163a571bee10478d76013e48b5785d8037be5fffe0e472e3511

Download Submit
C:\Windows\system\RqUYGjs.exe

Filesize
6.0MB

MD5
6b926e62eb41abf30afc4d6c556da423

SHA1
d3c6825a8ebd1188af97ffdf4075ae39cd1680c0

SHA256
5edf8593256af10f6ff39ef854514f180f8a58c64a782d85c33b69ff8a68bc2f

SHA512
cd3f2e9202a8b2f012e8091f92886d653ab1bcb2e0a90eaa1b09b1d8a3226116782c8dd7b5ea95cf14e95bf587fda5f1479ee10d571e634b903ad0b899c6fc81

Download Submit
C:\Windows\system\XGIDeoo.exe

Filesize
6.0MB

MD5
f0dcb57971b6107505b734027c40e1a9

SHA1
994762062fda99a4ac90a32b57dd64abb68c189e

SHA256
b891a8d27781aca7130fe8e48fed8345f8ab8aa51c05de02f3f40fa832f01c44

SHA512
682d15cface63a859b90c7cd43e8213911a7030c5c84563b883324485b44be8d3baa2ca95027453779847633f887486881f0920f3becf02570f773f71cd02867

Download Submit
C:\Windows\system\YJSOeHl.exe

Filesize
6.0MB

MD5
a4970f36c70e7df30b52699f4e32d205

SHA1
030d2aa772e100de5721d66dd8d0b2e8858278d1

SHA256
f1c12a2c57b803ce6b6483727553a983ab9d438ec937ce9b0621009b3eb38c3c

SHA512
dde4599a4c33d7ba49877fb02766b1e63bdd7461335f7b0b20aa75508608cf64340cfb6c0c20bde67d25200434fab647c1aae961f2290b3bcf4b89cc6098f717

Download Submit
C:\Windows\system\ZqpsPRx.exe

Filesize
6.0MB

MD5
ad8437cb78a13b00be40d8f09f773aab

SHA1
1ab3cc628642b5e322f1925eda53bd7f271a4899

SHA256
0bfe0823660329101939be2b72ade191b078e8e6cd4bf7091ee1c323a40e64cd

SHA512
d4cff94a7ff2ca97044d0ac8e46a9c35d848a8c454f9f0b8db05a920cf081919b91739c00aebd843249cb016fea738105279b89fd5c19c40f7037eef5b8ad633

Download Submit
C:\Windows\system\nzaMwev.exe

Filesize
6.0MB

MD5
9857d561b7a269e35129117ae7b3e0a7

SHA1
6f308e9905c9dcf19bea7b60150dd40132ebe398

SHA256
8430da3ab2fff0a7a326117b959962c4457c63530547bcb33f22fcd512578269

SHA512
2c8daa6ca047b453d478bfaa61d3625f53bb4ab07f55d4463f4f9ecca6eac2372267b2ea6a5f571ca53ac8f418d2c6a6ed4ad9740f454918e9ee4dba3f75953a

Download Submit
C:\Windows\system\pgGbIVx.exe

Filesize
6.0MB

MD5
ef00ccf48179ed8abd1c6359bb302950

SHA1
bc8b4df2c5c54fc95ef2e96172d4b13f60179a22

SHA256
f61f2ae7b4172ea7a9e7bba2f8f5979a7e73e86bc3826e19ce8916b3874bff5c

SHA512
2760d851be8972ddb71c44d3fdf27acdc766fc745c4c90494be9e899d14ca901974a6c5e2e58912220f1d0dd62addbefb3f60a1dd537bd3a57124d3eca61d462

Download Submit
C:\Windows\system\rOKHYXS.exe

Filesize
6.0MB

MD5
aae273444df4f9a6203349733c1e09a7

SHA1
927e233838afe1563a1cba6e1b0e05855dbe18fa

SHA256
8e96cf73e766c29deb68e5de1b41e30a217f27004e59c0f85363aefd3f01fa3b

SHA512
ee27245808e817e34ab6f0c6cb4281f0061cf76276cf3ea0c6c250a778a59e6340cfd1f321e15d2e80c1492965c2a0d762356bbd897edb8599fe44bbdad55baf

Download Submit
C:\Windows\system\rrLKZqA.exe

Filesize
6.0MB

MD5
92a9976bf702cf48f6cb57071ba5b4c3

SHA1
d1e6177eb7ad0bded91072d55264c42ef2e2162c

SHA256
a93fb61fa23fcec0cf47a639e19a707f1381fcbc93d42cd81b9bda211349c6ac

SHA512
bb5e1f5a7177159bf723443625f916c16dce26d70d1321fd333b5dca8bff9c60d00a18c4257bc703a8042c3cac2f3a82ce51ba276ff0fd80e41ac80048f329a3

Download Submit
C:\Windows\system\rtZKhKZ.exe

Filesize
6.0MB

MD5
450393eeb9b19f54a2f8e17530ca1f85

SHA1
6b4bda07bcae57d9ec7a0b7cc6f5f6ba227b4e7a

SHA256
4eae52820b0f7c03a8e3960fdf47ded257ec22a5c207e4bd1db6bcb4d15875bf

SHA512
2fc86f5956e021fe44cd92b802d15666b0de64a40a5f1fa7b1ae9888110ba870844c8861a5a5617d7ae7c18cb12a4a6d0c678ff53a529aeaa17ff9c20bec7c9a

Download Submit
C:\Windows\system\tkTPaun.exe

Filesize
6.0MB

MD5
b60f0f361baeae4a09e3d6c0ae94ea7f

SHA1
534c021be8bb51b21739c57964aa9d883a4c848a

SHA256
557443a46c7dd821035bcf99adaef7ad50571b950e796da7afc3a58def1e9135

SHA512
5c3628255c6eca3bd7a8e96ccbe3b43d453d4e14c0b41baa2bd70e87812e943c9399c460f1b1669400585294243d48445de6fa66ff034b23f92a9206894d61b3

Download Submit
C:\Windows\system\uMMBqgS.exe

Filesize
6.0MB

MD5
17da330a12b13777f5205aebd44d63c1

SHA1
03fa18226c453d239f57383b8ec0d1a1e1583264

SHA256
42a3397456acd79c4d9abfa8700ec6c94584c8815528e8ea6a4d2f12d64ea732

SHA512
e6908f43d16a79e7fd011c577f08e3f9d4b4ed88e24dd0f0ded38809f010fee0cd998e0687434b1744ec51320ff5a302da87ce10ebaf6391dd80972d211f22bf

Download Submit
C:\Windows\system\xCnRicT.exe

Filesize
6.0MB

MD5
1864e336d2089092b6f3ff8176a5eefb

SHA1
935af303696a827d5b7f53819e73cd07ea41cfc4

SHA256
76a654944ba148b896c929c934199f700edacdd82b6c290061d645f2a6ad9b72

SHA512
5abe5e49657f80849ed488abf244dcffe763dceaef0ca55084ad7a83f159c8ddd2d88b38ded3799444598cde5b3a3733f65a76cd89198fe9be6790de829f450d

Download Submit
\Windows\system\ZDwXSti.exe

Filesize
6.0MB

MD5
bcd185988d8b3f8eb82f21d539ea728a

SHA1
d15291e52ad12e34da08dc30552077fa512db079

SHA256
7f6ed7b8174f662352228e6c0c3fabc57e7c60b8fbb659d6055eea56ee80bb30

SHA512
254a91963b2af3763f21b1b3b3b0dfd73e9947b301e67355c833936b5eb70d45c3d9251b2b0cca4a1fe03bcd8cb3cba0a7bf265485b363ba4a9a8ec02c555b9e

Download Submit
\Windows\system\jaOohjU.exe

Filesize
6.0MB

MD5
ffc1f73b9303a882e8650d0e6a7388ae

SHA1
f7c1ab6e428bf2c064398bce7f59e782e7db2f5a

SHA256
9123df296888fb540207ebf4555334cca7036d7d706260e0d6b6835abaa40020

SHA512
5f0dea97117cb56ecc545531e027d80c8b513b179aebf677f4e6357ec9f993c817af6311e86dfea04d13dc8eb48e7d538285c1f7d4289a336291b01a3ddabf4a

Download Submit
\Windows\system\leDdyoB.exe

Filesize
6.0MB

MD5
c2ae031b5424ac3dc4da8c80eba060f1

SHA1
cbe6d9d941a413a63ec7937a667cec8155d42a46

SHA256
47d4a9fb0631c69e24a6981ce66b6f4b9bffd49d88bd649af06603b7d70ebc21

SHA512
b6b8437bf140bd5d34a4f5dbc096a23b3154cee381af2dd6ff0908a2c1287753e8fb8ab15a486f6ce6bd953c9ff81de8d28bcd33a703b883f70ef9b4c9cb6331

Download Submit
\Windows\system\nWXklBg.exe

Filesize
6.0MB

MD5
4b8d67891198e191e33b705cda858aa6

SHA1
d63dc1bdd510ae3470a47ee9212fd11c53e2a6e1

SHA256
b50d54f331a175da95a228c2d0ec04b77f703631199b06a1c26f7d4e4573f579

SHA512
ad0dbbb8dcc8ea54c0793335b08b83a6532d9dcb247be49cd922f19e674f101874e5a2075d76a7ac3f9d05cc4daa92db153ebc7179373872552e977cb72171ad

Download Submit
\Windows\system\pPMfLWQ.exe

Filesize
6.0MB

MD5
2412de29f0bf49578e8169704fff6815

SHA1
3b1b417d2be24951e0065c3ac9e9bd9de8e00db9

SHA256
43f29c72d04b698b9d6312fcd17838846058a53d60285697fd7638064e3e3c2c

SHA512
be7dff859be84be2d379b81f560b329698c818584789ce15e82bab9e0a50f4121602bf1cbdafb3ab6845521704d7d3ac8d1fa08d41e0d047153da492dfb2d1e0

Download Submit
\Windows\system\pyNQpTz.exe

Filesize
6.0MB

MD5
e543e4a4a2eff4760bcc6df1a71798b9

SHA1
b36d322272a091d0fc17dc1019f059de2c2fdd76

SHA256
c7d5df8344aec65f93660fc4086be1cc11faf0c3bb9b195e0aa5d42f9d352734

SHA512
e57d835ed6426ee80c17ba713ad6f4c85eb26a43cfcc66a1039756602ca2ddab98cdac55e440f3a83e34efbc0836226ba8457c260c44389a3f57af60199e9d37

Download Submit
\Windows\system\uuNuGrU.exe

Filesize
6.0MB

MD5
a14ceb48721b151f6d3a797473268a1d

SHA1
c1922dd7998158d8b25e547a15bb6846ce2d590b

SHA256
d4e68192edf3aa686261d9fce9b13c5a07221d8a25d66e5aca7472196ee06d7d

SHA512
c1f468bdb1a66fbebced89f210168d877357fb1c8676d89fc37a6bcf1dec016a2e0eb097df58c63a3491619193c5b2f0ba2822c85de39ea48281d924805a79b5

Download Submit
\Windows\system\zzekmvX.exe

Filesize
6.0MB

MD5
1956c64c8537b87a5f50fb6cbe2e2faf

SHA1
ab391d7a72e1b5aa7bf2d5935b2536efa69b64e1

SHA256
feb7af6cd9a1fb0e67a0866f5bb023d5660d08a46f5b44ed77bed63a96b835d2

SHA512
25ea97a9eac005f3adbe453377973cab848e0df8b0518aa63da752ea89b847520c5748941b4dbde0edebdd3773b34b5ef66e390621cfad888abffd8d40e3e626

Download Submit
memory/808-131-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/808-51-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-18-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/808-453-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/808-21-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-641-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-74-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/808-27-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/808-827-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/808-132-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-0-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-129-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/808-64-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-829-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-830-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/808-893-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-984-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-35-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-728-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-102-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/808-94-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-80-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-23-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-55-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/808-112-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-49-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/808-40-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/1880-66-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1880-3034-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1880-642-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1992-2998-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1992-128-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2990-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2536-50-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3033-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2560-36-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3039-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2652-544-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2652-56-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2672-19-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2988-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2696-186-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-41-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-2993-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-29-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3035-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2720-70-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2732-2989-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2732-22-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3000-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-20-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download