cobaltstrike | 91a9e066bb8294f56768c2b86a77a8a74261f6e8b889cfbbf6c574191a0c3ce7

Analysis

max time kernel
150s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

78d379ca11d6096a0d87ad2f2928af68
SHA1

cf333c23af11d8cd5b8ff14850210e74065c172e
SHA256

91a9e066bb8294f56768c2b86a77a8a74261f6e8b889cfbbf6c574191a0c3ce7
SHA512

4449905da7bc5fcc5c77679d809cf8a8fab91b2d9e47c0ecf6fb634a8881fca4144287705a19c05d4bd8d443bed8542048141c5d9add3077c81e81aca621c058
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU/:T+q56utgpPF8u/7/

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012251-3.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000174d5-10.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001754e-12.dat	cobalt_reflective_dll
behavioral1/files/0x0010000000017236-24.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000177df-26.dat	cobalt_reflective_dll
behavioral1/files/0x00020000000178b0-33.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000018600-41.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018e9f-63.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018eb2-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018ed5-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018eba-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018ef7-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f08-93.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f2c-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f40-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f80-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f94-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f9e-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fb0-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fba-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018faa-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fa2-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f9a-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f8e-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f84-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f88-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018f6e-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018ea1-68.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018e96-58.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018e65-53.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018ab4-48.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000185e6-39.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2320-0-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/files/0x000d000000012251-3.dat	xmrig
behavioral1/memory/1864-8-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2320-5-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x00090000000174d5-10.dat	xmrig
behavioral1/files/0x000700000001754e-12.dat	xmrig
behavioral1/files/0x0010000000017236-24.dat	xmrig
behavioral1/files/0x00060000000177df-26.dat	xmrig
behavioral1/files/0x00020000000178b0-33.dat	xmrig
behavioral1/files/0x000b000000018600-41.dat	xmrig
behavioral1/files/0x0005000000018e9f-63.dat	xmrig
behavioral1/files/0x0005000000018eb2-73.dat	xmrig
behavioral1/files/0x0005000000018ed5-81.dat	xmrig
behavioral1/files/0x0005000000018eba-78.dat	xmrig
behavioral1/files/0x0005000000018ef7-88.dat	xmrig
behavioral1/files/0x0005000000018f08-93.dat	xmrig
behavioral1/files/0x0005000000018f2c-98.dat	xmrig
behavioral1/files/0x0005000000018f40-103.dat	xmrig
behavioral1/files/0x0005000000018f80-110.dat	xmrig
behavioral1/files/0x0005000000018f94-133.dat	xmrig
behavioral1/files/0x0005000000018f9e-143.dat	xmrig
behavioral1/memory/2768-700-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2196-801-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2708-788-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2816-806-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2320-809-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2860-808-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2788-810-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2748-812-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2320-815-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2588-814-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2320-817-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2320-823-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/1132-838-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2844-851-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2208-822-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2676-816-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2320-862-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2320-861-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2380-860-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2320-1364-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/files/0x0005000000018fb0-158.dat	xmrig
behavioral1/files/0x0005000000018fba-163.dat	xmrig
behavioral1/files/0x0005000000018faa-153.dat	xmrig
behavioral1/files/0x0005000000018fa2-148.dat	xmrig
behavioral1/files/0x0005000000018f9a-138.dat	xmrig
behavioral1/files/0x0005000000018f8e-128.dat	xmrig
behavioral1/files/0x0005000000018f84-118.dat	xmrig
behavioral1/files/0x0005000000018f88-123.dat	xmrig
behavioral1/files/0x0005000000018f6e-108.dat	xmrig
behavioral1/files/0x0005000000018ea1-68.dat	xmrig
behavioral1/files/0x0005000000018e96-58.dat	xmrig
behavioral1/files/0x0005000000018e65-53.dat	xmrig
behavioral1/files/0x0006000000018ab4-48.dat	xmrig
behavioral1/files/0x00060000000185e6-39.dat	xmrig
behavioral1/memory/2380-1473-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2676-1492-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/1864-1497-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/1864-1501-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2844-1502-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/1132-1495-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2768-1482-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2748-1489-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2708-1488-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1864	quDeGiD.exe
2768	XYUqXCu.exe
2708	coEvcRG.exe
2196	xCCKiRz.exe
2816	iWxinfU.exe
2860	vqZviNY.exe
2788	FJZoDaz.exe
2748	cQHSWNm.exe
2588	YfDalmD.exe
2676	yVUpdtH.exe
2208	ycbqHiy.exe
1132	EHWYfDr.exe
2844	ctQNFdH.exe
2380	IPatETk.exe
2424	FSqXEyo.exe
2904	NWwLtDo.exe
360	Anapljn.exe
2200	gsmEkae.exe
2864	vHaZwxc.exe
944	YhbcoEG.exe
2236	XcoJDia.exe
2352	EHDOQUR.exe
1236	keEoemc.exe
860	ZqZXgUC.exe
1032	zVWhMaC.exe
2000	DRRmOOb.exe
2180	HdjCbUA.exe
2176	hBYnKDQ.exe
3024	eqDWPag.exe
2136	bvGxhOe.exe
2344	DCMIlBj.exe
3036	IigWisg.exe
2924	iCjLSjB.exe
2184	YEdJseq.exe
832	fWdqzRI.exe
892	edcxPaa.exe
872	kqskFpr.exe
1060	oKerekD.exe
1008	TDrrAYs.exe
2408	DaohlyV.exe
1340	YVTSThI.exe
1780	FPfFEqy.exe
996	dPWDaGK.exe
2996	UOYvbsU.exe
1732	zAJnKJh.exe
1276	THcXjvz.exe
3000	GzRwdoJ.exe
1708	IOvRolf.exe
600	FMMRxqE.exe
2384	ZmRxTJR.exe
1940	nkeQftd.exe
2988	HqXbwsp.exe
692	GxdFkTF.exe
324	fcWsrhz.exe
1288	mpNbACx.exe
2928	XerJAMk.exe
1616	VaEGGhx.exe
864	CzWziRs.exe
2288	uIBosJX.exe
1568	moIvCCY.exe
2072	cnuziNM.exe
2116	uVpivhG.exe
2760	pcxvFpe.exe
2696	UTPSUgb.exe

Loads dropped DLL 64 IoCs

pid	Process
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2320-0-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/files/0x000d000000012251-3.dat	upx
behavioral1/memory/1864-8-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x00090000000174d5-10.dat	upx
behavioral1/files/0x000700000001754e-12.dat	upx
behavioral1/files/0x0010000000017236-24.dat	upx
behavioral1/files/0x00060000000177df-26.dat	upx
behavioral1/files/0x00020000000178b0-33.dat	upx
behavioral1/files/0x000b000000018600-41.dat	upx
behavioral1/files/0x0005000000018e9f-63.dat	upx
behavioral1/files/0x0005000000018eb2-73.dat	upx
behavioral1/files/0x0005000000018ed5-81.dat	upx
behavioral1/files/0x0005000000018eba-78.dat	upx
behavioral1/files/0x0005000000018ef7-88.dat	upx
behavioral1/files/0x0005000000018f08-93.dat	upx
behavioral1/files/0x0005000000018f2c-98.dat	upx
behavioral1/files/0x0005000000018f40-103.dat	upx
behavioral1/files/0x0005000000018f80-110.dat	upx
behavioral1/files/0x0005000000018f94-133.dat	upx
behavioral1/files/0x0005000000018f9e-143.dat	upx
behavioral1/memory/2768-700-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2196-801-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2708-788-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2816-806-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2860-808-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2788-810-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2748-812-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2588-814-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/1132-838-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2844-851-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2208-822-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2676-816-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2380-860-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2320-1364-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/files/0x0005000000018fb0-158.dat	upx
behavioral1/files/0x0005000000018fba-163.dat	upx
behavioral1/files/0x0005000000018faa-153.dat	upx
behavioral1/files/0x0005000000018fa2-148.dat	upx
behavioral1/files/0x0005000000018f9a-138.dat	upx
behavioral1/files/0x0005000000018f8e-128.dat	upx
behavioral1/files/0x0005000000018f84-118.dat	upx
behavioral1/files/0x0005000000018f88-123.dat	upx
behavioral1/files/0x0005000000018f6e-108.dat	upx
behavioral1/files/0x0005000000018ea1-68.dat	upx
behavioral1/files/0x0005000000018e96-58.dat	upx
behavioral1/files/0x0005000000018e65-53.dat	upx
behavioral1/files/0x0006000000018ab4-48.dat	upx
behavioral1/files/0x00060000000185e6-39.dat	upx
behavioral1/memory/2380-1473-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2676-1492-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/1864-1497-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/1864-1501-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2844-1502-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/1132-1495-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2768-1482-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2748-1489-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2708-1488-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2860-1487-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2788-1486-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2196-1484-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2816-1481-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2588-1477-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2208-1476-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jEpWBLe.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mUIgqtm.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lrZgEQX.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tvGiYHe.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MAxqfGt.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QNehBdb.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PKhiPtL.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDJxAPI.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wijUCpV.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yOxHkFC.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qSVrxZz.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DAZuKyg.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hMHCiEx.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RTEbfWV.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\blYykFn.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\moIvCCY.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TivaDFg.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYISynv.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SoLqCPK.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kiJrhIN.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGGhyVr.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bemOrYk.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oWNTVQj.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DNRWBud.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GviZfji.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\esqSnxv.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SpTrcSp.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wDRYTqz.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\APistnq.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IXzUmFV.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cnuziNM.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SdQPGrJ.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gUhbdqR.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVgtuBM.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JYdPMJq.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JLIxsLP.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BTZZajJ.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YjyRNYq.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ioMjdXF.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kucnGiN.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMRdLkm.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nzjGoqX.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uQBXawA.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\szVtzWG.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HliQVlT.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDpODiv.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DpkzfFd.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IjrBYqz.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bJDXpuj.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AwXICYc.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ImaKsgR.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yoxzvKm.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHfHGgU.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rTdShCu.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\heaKABx.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DIhPEHd.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lVzrkyo.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vHaZwxc.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UIWbtrZ.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NwHKDzb.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NefpKvW.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WJQdokf.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYXmCWU.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJVQyhL.exe	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 1864	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2320 wrote to memory of 1864	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2320 wrote to memory of 1864	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2320 wrote to memory of 2768	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2320 wrote to memory of 2768	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2320 wrote to memory of 2768	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2320 wrote to memory of 2708	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2320 wrote to memory of 2708	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2320 wrote to memory of 2708	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2320 wrote to memory of 2196	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2320 wrote to memory of 2196	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2320 wrote to memory of 2196	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2320 wrote to memory of 2816	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2320 wrote to memory of 2816	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2320 wrote to memory of 2816	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2320 wrote to memory of 2860	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2320 wrote to memory of 2860	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2320 wrote to memory of 2860	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2320 wrote to memory of 2788	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2320 wrote to memory of 2788	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2320 wrote to memory of 2788	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2320 wrote to memory of 2748	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2320 wrote to memory of 2748	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2320 wrote to memory of 2748	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2320 wrote to memory of 2588	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2320 wrote to memory of 2588	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2320 wrote to memory of 2588	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2320 wrote to memory of 2676	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2320 wrote to memory of 2676	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2320 wrote to memory of 2676	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2320 wrote to memory of 2208	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2320 wrote to memory of 2208	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2320 wrote to memory of 2208	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2320 wrote to memory of 1132	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2320 wrote to memory of 1132	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2320 wrote to memory of 1132	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2320 wrote to memory of 2844	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2320 wrote to memory of 2844	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2320 wrote to memory of 2844	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2320 wrote to memory of 2380	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2320 wrote to memory of 2380	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2320 wrote to memory of 2380	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2320 wrote to memory of 2424	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2320 wrote to memory of 2424	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2320 wrote to memory of 2424	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2320 wrote to memory of 2904	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2320 wrote to memory of 2904	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2320 wrote to memory of 2904	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2320 wrote to memory of 360	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2320 wrote to memory of 360	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2320 wrote to memory of 360	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2320 wrote to memory of 2200	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2320 wrote to memory of 2200	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2320 wrote to memory of 2200	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2320 wrote to memory of 2864	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2320 wrote to memory of 2864	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2320 wrote to memory of 2864	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2320 wrote to memory of 944	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2320 wrote to memory of 944	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2320 wrote to memory of 944	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2320 wrote to memory of 2236	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2320 wrote to memory of 2236	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2320 wrote to memory of 2236	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2320 wrote to memory of 2352	2320	2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-02_78d379ca11d6096a0d87ad2f2928af68_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\System\quDeGiD.exe
  C:\Windows\System\quDeGiD.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\XYUqXCu.exe
  C:\Windows\System\XYUqXCu.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\coEvcRG.exe
  C:\Windows\System\coEvcRG.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\xCCKiRz.exe
  C:\Windows\System\xCCKiRz.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\iWxinfU.exe
  C:\Windows\System\iWxinfU.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\vqZviNY.exe
  C:\Windows\System\vqZviNY.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\FJZoDaz.exe
  C:\Windows\System\FJZoDaz.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\cQHSWNm.exe
  C:\Windows\System\cQHSWNm.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\YfDalmD.exe
  C:\Windows\System\YfDalmD.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\yVUpdtH.exe
  C:\Windows\System\yVUpdtH.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\ycbqHiy.exe
  C:\Windows\System\ycbqHiy.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\EHWYfDr.exe
  C:\Windows\System\EHWYfDr.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\ctQNFdH.exe
  C:\Windows\System\ctQNFdH.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\IPatETk.exe
  C:\Windows\System\IPatETk.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\FSqXEyo.exe
  C:\Windows\System\FSqXEyo.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\NWwLtDo.exe
  C:\Windows\System\NWwLtDo.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\Anapljn.exe
  C:\Windows\System\Anapljn.exe
  2⤵
  - Executes dropped EXE
  PID:360
- C:\Windows\System\gsmEkae.exe
  C:\Windows\System\gsmEkae.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\vHaZwxc.exe
  C:\Windows\System\vHaZwxc.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\YhbcoEG.exe
  C:\Windows\System\YhbcoEG.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\XcoJDia.exe
  C:\Windows\System\XcoJDia.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\EHDOQUR.exe
  C:\Windows\System\EHDOQUR.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\keEoemc.exe
  C:\Windows\System\keEoemc.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\ZqZXgUC.exe
  C:\Windows\System\ZqZXgUC.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\zVWhMaC.exe
  C:\Windows\System\zVWhMaC.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\DRRmOOb.exe
  C:\Windows\System\DRRmOOb.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\HdjCbUA.exe
  C:\Windows\System\HdjCbUA.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\hBYnKDQ.exe
  C:\Windows\System\hBYnKDQ.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\eqDWPag.exe
  C:\Windows\System\eqDWPag.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\bvGxhOe.exe
  C:\Windows\System\bvGxhOe.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\DCMIlBj.exe
  C:\Windows\System\DCMIlBj.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\IigWisg.exe
  C:\Windows\System\IigWisg.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\iCjLSjB.exe
  C:\Windows\System\iCjLSjB.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\YEdJseq.exe
  C:\Windows\System\YEdJseq.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\fWdqzRI.exe
  C:\Windows\System\fWdqzRI.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\edcxPaa.exe
  C:\Windows\System\edcxPaa.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\kqskFpr.exe
  C:\Windows\System\kqskFpr.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\oKerekD.exe
  C:\Windows\System\oKerekD.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\TDrrAYs.exe
  C:\Windows\System\TDrrAYs.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\DaohlyV.exe
  C:\Windows\System\DaohlyV.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\YVTSThI.exe
  C:\Windows\System\YVTSThI.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\FPfFEqy.exe
  C:\Windows\System\FPfFEqy.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\dPWDaGK.exe
  C:\Windows\System\dPWDaGK.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\UOYvbsU.exe
  C:\Windows\System\UOYvbsU.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\zAJnKJh.exe
  C:\Windows\System\zAJnKJh.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\THcXjvz.exe
  C:\Windows\System\THcXjvz.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\GzRwdoJ.exe
  C:\Windows\System\GzRwdoJ.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\IOvRolf.exe
  C:\Windows\System\IOvRolf.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\FMMRxqE.exe
  C:\Windows\System\FMMRxqE.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\ZmRxTJR.exe
  C:\Windows\System\ZmRxTJR.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\nkeQftd.exe
  C:\Windows\System\nkeQftd.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\HqXbwsp.exe
  C:\Windows\System\HqXbwsp.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\GxdFkTF.exe
  C:\Windows\System\GxdFkTF.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\fcWsrhz.exe
  C:\Windows\System\fcWsrhz.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\mpNbACx.exe
  C:\Windows\System\mpNbACx.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\XerJAMk.exe
  C:\Windows\System\XerJAMk.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\VaEGGhx.exe
  C:\Windows\System\VaEGGhx.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\CzWziRs.exe
  C:\Windows\System\CzWziRs.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\uIBosJX.exe
  C:\Windows\System\uIBosJX.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\moIvCCY.exe
  C:\Windows\System\moIvCCY.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\cnuziNM.exe
  C:\Windows\System\cnuziNM.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\uVpivhG.exe
  C:\Windows\System\uVpivhG.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\pcxvFpe.exe
  C:\Windows\System\pcxvFpe.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\UTPSUgb.exe
  C:\Windows\System\UTPSUgb.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\shDHWJx.exe
  C:\Windows\System\shDHWJx.exe
  2⤵
  PID:2596
- C:\Windows\System\ptbhCys.exe
  C:\Windows\System\ptbhCys.exe
  2⤵
  PID:2552
- C:\Windows\System\ulnSoBE.exe
  C:\Windows\System\ulnSoBE.exe
  2⤵
  PID:3008
- C:\Windows\System\qTCmKkX.exe
  C:\Windows\System\qTCmKkX.exe
  2⤵
  PID:2628
- C:\Windows\System\xlyWhmv.exe
  C:\Windows\System\xlyWhmv.exe
  2⤵
  PID:1396
- C:\Windows\System\cILNmoY.exe
  C:\Windows\System\cILNmoY.exe
  2⤵
  PID:2436
- C:\Windows\System\POzkvKp.exe
  C:\Windows\System\POzkvKp.exe
  2⤵
  PID:1428
- C:\Windows\System\nUPYOhg.exe
  C:\Windows\System\nUPYOhg.exe
  2⤵
  PID:2732
- C:\Windows\System\cDcuGZO.exe
  C:\Windows\System\cDcuGZO.exe
  2⤵
  PID:2684
- C:\Windows\System\JfgwLTf.exe
  C:\Windows\System\JfgwLTf.exe
  2⤵
  PID:1156
- C:\Windows\System\vydEoUD.exe
  C:\Windows\System\vydEoUD.exe
  2⤵
  PID:2216
- C:\Windows\System\Cedclei.exe
  C:\Windows\System\Cedclei.exe
  2⤵
  PID:568
- C:\Windows\System\lAfrjwl.exe
  C:\Windows\System\lAfrjwl.exe
  2⤵
  PID:2016
- C:\Windows\System\DQcVoeY.exe
  C:\Windows\System\DQcVoeY.exe
  2⤵
  PID:1368
- C:\Windows\System\kJHAQZp.exe
  C:\Windows\System\kJHAQZp.exe
  2⤵
  PID:2068
- C:\Windows\System\owNqMfY.exe
  C:\Windows\System\owNqMfY.exe
  2⤵
  PID:1544
- C:\Windows\System\uSEdGAT.exe
  C:\Windows\System\uSEdGAT.exe
  2⤵
  PID:1964
- C:\Windows\System\fTeaIuG.exe
  C:\Windows\System\fTeaIuG.exe
  2⤵
  PID:2012
- C:\Windows\System\QMRdLkm.exe
  C:\Windows\System\QMRdLkm.exe
  2⤵
  PID:900
- C:\Windows\System\zDKevvW.exe
  C:\Windows\System\zDKevvW.exe
  2⤵
  PID:1776
- C:\Windows\System\NQJmRYq.exe
  C:\Windows\System\NQJmRYq.exe
  2⤵
  PID:1512
- C:\Windows\System\KRWgsVL.exe
  C:\Windows\System\KRWgsVL.exe
  2⤵
  PID:2304
- C:\Windows\System\MActLxQ.exe
  C:\Windows\System\MActLxQ.exe
  2⤵
  PID:3048
- C:\Windows\System\YMGnxMj.exe
  C:\Windows\System\YMGnxMj.exe
  2⤵
  PID:1316
- C:\Windows\System\RUmOLhw.exe
  C:\Windows\System\RUmOLhw.exe
  2⤵
  PID:1088
- C:\Windows\System\cqMoSea.exe
  C:\Windows\System\cqMoSea.exe
  2⤵
  PID:1332
- C:\Windows\System\WaobiXt.exe
  C:\Windows\System\WaobiXt.exe
  2⤵
  PID:1312
- C:\Windows\System\EOlPOyG.exe
  C:\Windows\System\EOlPOyG.exe
  2⤵
  PID:2204
- C:\Windows\System\vXgCaCs.exe
  C:\Windows\System\vXgCaCs.exe
  2⤵
  PID:2280
- C:\Windows\System\vNbiTwa.exe
  C:\Windows\System\vNbiTwa.exe
  2⤵
  PID:1760
- C:\Windows\System\ykzxJyu.exe
  C:\Windows\System\ykzxJyu.exe
  2⤵
  PID:1980
- C:\Windows\System\iNVORGy.exe
  C:\Windows\System\iNVORGy.exe
  2⤵
  PID:2164
- C:\Windows\System\ZLsVmEp.exe
  C:\Windows\System\ZLsVmEp.exe
  2⤵
  PID:2240
- C:\Windows\System\xHOLjBf.exe
  C:\Windows\System\xHOLjBf.exe
  2⤵
  PID:1572
- C:\Windows\System\tlWAksd.exe
  C:\Windows\System\tlWAksd.exe
  2⤵
  PID:2756
- C:\Windows\System\BTcjGMY.exe
  C:\Windows\System\BTcjGMY.exe
  2⤵
  PID:2648
- C:\Windows\System\gFnNFFH.exe
  C:\Windows\System\gFnNFFH.exe
  2⤵
  PID:2584
- C:\Windows\System\QRpaOVh.exe
  C:\Windows\System\QRpaOVh.exe
  2⤵
  PID:2604
- C:\Windows\System\yzHGdQG.exe
  C:\Windows\System\yzHGdQG.exe
  2⤵
  PID:2632
- C:\Windows\System\BIlVFVX.exe
  C:\Windows\System\BIlVFVX.exe
  2⤵
  PID:1564
- C:\Windows\System\JPLCiEv.exe
  C:\Windows\System\JPLCiEv.exe
  2⤵
  PID:2156
- C:\Windows\System\GFDcoRa.exe
  C:\Windows\System\GFDcoRa.exe
  2⤵
  PID:1488
- C:\Windows\System\ggoVFxV.exe
  C:\Windows\System\ggoVFxV.exe
  2⤵
  PID:1376
- C:\Windows\System\SJtCnYj.exe
  C:\Windows\System\SJtCnYj.exe
  2⤵
  PID:2468
- C:\Windows\System\flhnIPt.exe
  C:\Windows\System\flhnIPt.exe
  2⤵
  PID:2100
- C:\Windows\System\LQZbhCo.exe
  C:\Windows\System\LQZbhCo.exe
  2⤵
  PID:964
- C:\Windows\System\rjfKwtQ.exe
  C:\Windows\System\rjfKwtQ.exe
  2⤵
  PID:280
- C:\Windows\System\JIsEFZU.exe
  C:\Windows\System\JIsEFZU.exe
  2⤵
  PID:2052
- C:\Windows\System\JkabRdl.exe
  C:\Windows\System\JkabRdl.exe
  2⤵
  PID:2396
- C:\Windows\System\bXTODNk.exe
  C:\Windows\System\bXTODNk.exe
  2⤵
  PID:2940
- C:\Windows\System\XcbamXy.exe
  C:\Windows\System\XcbamXy.exe
  2⤵
  PID:1968
- C:\Windows\System\tRrzmlC.exe
  C:\Windows\System\tRrzmlC.exe
  2⤵
  PID:1816
- C:\Windows\System\ummLACG.exe
  C:\Windows\System\ummLACG.exe
  2⤵
  PID:1012
- C:\Windows\System\zPqvbtn.exe
  C:\Windows\System\zPqvbtn.exe
  2⤵
  PID:1096
- C:\Windows\System\eCsmThB.exe
  C:\Windows\System\eCsmThB.exe
  2⤵
  PID:1716
- C:\Windows\System\pqODmkA.exe
  C:\Windows\System\pqODmkA.exe
  2⤵
  PID:1724
- C:\Windows\System\nEPzaUr.exe
  C:\Windows\System\nEPzaUr.exe
  2⤵
  PID:584
- C:\Windows\System\wgFFcts.exe
  C:\Windows\System\wgFFcts.exe
  2⤵
  PID:2824
- C:\Windows\System\upipqpp.exe
  C:\Windows\System\upipqpp.exe
  2⤵
  PID:2540
- C:\Windows\System\dPkzIIK.exe
  C:\Windows\System\dPkzIIK.exe
  2⤵
  PID:1692
- C:\Windows\System\IuAFdUb.exe
  C:\Windows\System\IuAFdUb.exe
  2⤵
  PID:2764
- C:\Windows\System\beIXqvi.exe
  C:\Windows\System\beIXqvi.exe
  2⤵
  PID:2856
- C:\Windows\System\bjVuoEv.exe
  C:\Windows\System\bjVuoEv.exe
  2⤵
  PID:2296
- C:\Windows\System\QGkuVgV.exe
  C:\Windows\System\QGkuVgV.exe
  2⤵
  PID:1868
- C:\Windows\System\mzRGGpu.exe
  C:\Windows\System\mzRGGpu.exe
  2⤵
  PID:1800
- C:\Windows\System\aatuxMf.exe
  C:\Windows\System\aatuxMf.exe
  2⤵
  PID:1548
- C:\Windows\System\XTefgfk.exe
  C:\Windows\System\XTefgfk.exe
  2⤵
  PID:760
- C:\Windows\System\fyLiBQm.exe
  C:\Windows\System\fyLiBQm.exe
  2⤵
  PID:2452
- C:\Windows\System\GddjUuv.exe
  C:\Windows\System\GddjUuv.exe
  2⤵
  PID:2976
- C:\Windows\System\vBKeZjo.exe
  C:\Windows\System\vBKeZjo.exe
  2⤵
  PID:2328
- C:\Windows\System\GuuzaKa.exe
  C:\Windows\System\GuuzaKa.exe
  2⤵
  PID:1808
- C:\Windows\System\YDSPKCh.exe
  C:\Windows\System\YDSPKCh.exe
  2⤵
  PID:1672
- C:\Windows\System\qonmTJZ.exe
  C:\Windows\System\qonmTJZ.exe
  2⤵
  PID:1452
- C:\Windows\System\fFAzmHo.exe
  C:\Windows\System\fFAzmHo.exe
  2⤵
  PID:752
- C:\Windows\System\fzjbCUq.exe
  C:\Windows\System\fzjbCUq.exe
  2⤵
  PID:2188
- C:\Windows\System\MAxqfGt.exe
  C:\Windows\System\MAxqfGt.exe
  2⤵
  PID:1084
- C:\Windows\System\MfpxiGU.exe
  C:\Windows\System\MfpxiGU.exe
  2⤵
  PID:1728
- C:\Windows\System\jXABbBZ.exe
  C:\Windows\System\jXABbBZ.exe
  2⤵
  PID:2908
- C:\Windows\System\kmippUW.exe
  C:\Windows\System\kmippUW.exe
  2⤵
  PID:2172
- C:\Windows\System\OypZDAO.exe
  C:\Windows\System\OypZDAO.exe
  2⤵
  PID:3076
- C:\Windows\System\ErjJWZi.exe
  C:\Windows\System\ErjJWZi.exe
  2⤵
  PID:3096
- C:\Windows\System\Umbdwpk.exe
  C:\Windows\System\Umbdwpk.exe
  2⤵
  PID:3116
- C:\Windows\System\gOginoC.exe
  C:\Windows\System\gOginoC.exe
  2⤵
  PID:3136
- C:\Windows\System\PoysUWp.exe
  C:\Windows\System\PoysUWp.exe
  2⤵
  PID:3156
- C:\Windows\System\jVlFQcI.exe
  C:\Windows\System\jVlFQcI.exe
  2⤵
  PID:3176
- C:\Windows\System\xpLUwTJ.exe
  C:\Windows\System\xpLUwTJ.exe
  2⤵
  PID:3196
- C:\Windows\System\cMGswQh.exe
  C:\Windows\System\cMGswQh.exe
  2⤵
  PID:3216
- C:\Windows\System\ahzBPKa.exe
  C:\Windows\System\ahzBPKa.exe
  2⤵
  PID:3232
- C:\Windows\System\TWvqBgC.exe
  C:\Windows\System\TWvqBgC.exe
  2⤵
  PID:3256
- C:\Windows\System\cLTnGHK.exe
  C:\Windows\System\cLTnGHK.exe
  2⤵
  PID:3276
- C:\Windows\System\rSpOyor.exe
  C:\Windows\System\rSpOyor.exe
  2⤵
  PID:3300
- C:\Windows\System\DUwnJAs.exe
  C:\Windows\System\DUwnJAs.exe
  2⤵
  PID:3320
- C:\Windows\System\PMDXSnJ.exe
  C:\Windows\System\PMDXSnJ.exe
  2⤵
  PID:3340
- C:\Windows\System\FVRGomN.exe
  C:\Windows\System\FVRGomN.exe
  2⤵
  PID:3360
- C:\Windows\System\SpvNvTF.exe
  C:\Windows\System\SpvNvTF.exe
  2⤵
  PID:3384
- C:\Windows\System\UIWbtrZ.exe
  C:\Windows\System\UIWbtrZ.exe
  2⤵
  PID:3404
- C:\Windows\System\CauORGk.exe
  C:\Windows\System\CauORGk.exe
  2⤵
  PID:3424
- C:\Windows\System\ZCuuzLp.exe
  C:\Windows\System\ZCuuzLp.exe
  2⤵
  PID:3444
- C:\Windows\System\BVWfFOU.exe
  C:\Windows\System\BVWfFOU.exe
  2⤵
  PID:3464
- C:\Windows\System\RjWEEpB.exe
  C:\Windows\System\RjWEEpB.exe
  2⤵
  PID:3484
- C:\Windows\System\jZDOmWk.exe
  C:\Windows\System\jZDOmWk.exe
  2⤵
  PID:3504
- C:\Windows\System\JbdlMOH.exe
  C:\Windows\System\JbdlMOH.exe
  2⤵
  PID:3524
- C:\Windows\System\tSdxhdT.exe
  C:\Windows\System\tSdxhdT.exe
  2⤵
  PID:3544
- C:\Windows\System\WNhPKxm.exe
  C:\Windows\System\WNhPKxm.exe
  2⤵
  PID:3564
- C:\Windows\System\Oshdooh.exe
  C:\Windows\System\Oshdooh.exe
  2⤵
  PID:3584
- C:\Windows\System\tjDBRmQ.exe
  C:\Windows\System\tjDBRmQ.exe
  2⤵
  PID:3600
- C:\Windows\System\ZWBJxpM.exe
  C:\Windows\System\ZWBJxpM.exe
  2⤵
  PID:3624
- C:\Windows\System\EBwotsi.exe
  C:\Windows\System\EBwotsi.exe
  2⤵
  PID:3644
- C:\Windows\System\JOdZrTL.exe
  C:\Windows\System\JOdZrTL.exe
  2⤵
  PID:3664
- C:\Windows\System\ceoyNiI.exe
  C:\Windows\System\ceoyNiI.exe
  2⤵
  PID:3684
- C:\Windows\System\pGPodSP.exe
  C:\Windows\System\pGPodSP.exe
  2⤵
  PID:3704
- C:\Windows\System\MGgIaLm.exe
  C:\Windows\System\MGgIaLm.exe
  2⤵
  PID:3724
- C:\Windows\System\FvmAsMG.exe
  C:\Windows\System\FvmAsMG.exe
  2⤵
  PID:3752
- C:\Windows\System\nQRnbuY.exe
  C:\Windows\System\nQRnbuY.exe
  2⤵
  PID:3772
- C:\Windows\System\afbNPrh.exe
  C:\Windows\System\afbNPrh.exe
  2⤵
  PID:3792
- C:\Windows\System\TTkuHjU.exe
  C:\Windows\System\TTkuHjU.exe
  2⤵
  PID:3812
- C:\Windows\System\IGLKRjk.exe
  C:\Windows\System\IGLKRjk.exe
  2⤵
  PID:3832
- C:\Windows\System\rQLGSEy.exe
  C:\Windows\System\rQLGSEy.exe
  2⤵
  PID:3848
- C:\Windows\System\WuNNdJG.exe
  C:\Windows\System\WuNNdJG.exe
  2⤵
  PID:3872
- C:\Windows\System\ilFjQxx.exe
  C:\Windows\System\ilFjQxx.exe
  2⤵
  PID:3888
- C:\Windows\System\mlDXOHp.exe
  C:\Windows\System\mlDXOHp.exe
  2⤵
  PID:3912
- C:\Windows\System\BBkhTMl.exe
  C:\Windows\System\BBkhTMl.exe
  2⤵
  PID:3932
- C:\Windows\System\NWKsgcY.exe
  C:\Windows\System\NWKsgcY.exe
  2⤵
  PID:3952
- C:\Windows\System\QEduIbI.exe
  C:\Windows\System\QEduIbI.exe
  2⤵
  PID:3972
- C:\Windows\System\HNKAZoj.exe
  C:\Windows\System\HNKAZoj.exe
  2⤵
  PID:3992
- C:\Windows\System\NNJbQNR.exe
  C:\Windows\System\NNJbQNR.exe
  2⤵
  PID:4008
- C:\Windows\System\ZdWfOHM.exe
  C:\Windows\System\ZdWfOHM.exe
  2⤵
  PID:4032
- C:\Windows\System\DpkzfFd.exe
  C:\Windows\System\DpkzfFd.exe
  2⤵
  PID:4052
- C:\Windows\System\xnERXkf.exe
  C:\Windows\System\xnERXkf.exe
  2⤵
  PID:4072
- C:\Windows\System\FnXwBoM.exe
  C:\Windows\System\FnXwBoM.exe
  2⤵
  PID:4092
- C:\Windows\System\TksNGER.exe
  C:\Windows\System\TksNGER.exe
  2⤵
  PID:1380
- C:\Windows\System\GviZfji.exe
  C:\Windows\System\GviZfji.exe
  2⤵
  PID:1784
- C:\Windows\System\fNJizBl.exe
  C:\Windows\System\fNJizBl.exe
  2⤵
  PID:2772
- C:\Windows\System\qfkeeef.exe
  C:\Windows\System\qfkeeef.exe
  2⤵
  PID:1660
- C:\Windows\System\mUPMvnA.exe
  C:\Windows\System\mUPMvnA.exe
  2⤵
  PID:3128
- C:\Windows\System\oLgfMCX.exe
  C:\Windows\System\oLgfMCX.exe
  2⤵
  PID:2704
- C:\Windows\System\HTYwtFw.exe
  C:\Windows\System\HTYwtFw.exe
  2⤵
  PID:3168
- C:\Windows\System\TDEsdBf.exe
  C:\Windows\System\TDEsdBf.exe
  2⤵
  PID:3148
- C:\Windows\System\tJkrkKX.exe
  C:\Windows\System\tJkrkKX.exe
  2⤵
  PID:3240
- C:\Windows\System\OQrkfNv.exe
  C:\Windows\System\OQrkfNv.exe
  2⤵
  PID:3224
- C:\Windows\System\iumlJBg.exe
  C:\Windows\System\iumlJBg.exe
  2⤵
  PID:3272
- C:\Windows\System\wkaTAsF.exe
  C:\Windows\System\wkaTAsF.exe
  2⤵
  PID:3316
- C:\Windows\System\YpaoajL.exe
  C:\Windows\System\YpaoajL.exe
  2⤵
  PID:3356
- C:\Windows\System\nEEKPHp.exe
  C:\Windows\System\nEEKPHp.exe
  2⤵
  PID:3416
- C:\Windows\System\kDnLwux.exe
  C:\Windows\System\kDnLwux.exe
  2⤵
  PID:3396
- C:\Windows\System\QNehBdb.exe
  C:\Windows\System\QNehBdb.exe
  2⤵
  PID:3440
- C:\Windows\System\iTaYwDU.exe
  C:\Windows\System\iTaYwDU.exe
  2⤵
  PID:3516
- C:\Windows\System\DmVYMql.exe
  C:\Windows\System\DmVYMql.exe
  2⤵
  PID:3576
- C:\Windows\System\TuKVIfX.exe
  C:\Windows\System\TuKVIfX.exe
  2⤵
  PID:3560
- C:\Windows\System\cQucGAm.exe
  C:\Windows\System\cQucGAm.exe
  2⤵
  PID:3652
- C:\Windows\System\QXVnjMk.exe
  C:\Windows\System\QXVnjMk.exe
  2⤵
  PID:3672
- C:\Windows\System\zLPzJHC.exe
  C:\Windows\System\zLPzJHC.exe
  2⤵
  PID:3676
- C:\Windows\System\aSqlFro.exe
  C:\Windows\System\aSqlFro.exe
  2⤵
  PID:3716
- C:\Windows\System\WUZbIXR.exe
  C:\Windows\System\WUZbIXR.exe
  2⤵
  PID:3764
- C:\Windows\System\vLhFHsT.exe
  C:\Windows\System\vLhFHsT.exe
  2⤵
  PID:3800
- C:\Windows\System\qIMGTLe.exe
  C:\Windows\System\qIMGTLe.exe
  2⤵
  PID:3804
- C:\Windows\System\VJDJSDs.exe
  C:\Windows\System\VJDJSDs.exe
  2⤵
  PID:3896
- C:\Windows\System\zelOLQA.exe
  C:\Windows\System\zelOLQA.exe
  2⤵
  PID:3884
- C:\Windows\System\jENAYwY.exe
  C:\Windows\System\jENAYwY.exe
  2⤵
  PID:3928
- C:\Windows\System\gzXsJmW.exe
  C:\Windows\System\gzXsJmW.exe
  2⤵
  PID:3984
- C:\Windows\System\LreDqzD.exe
  C:\Windows\System\LreDqzD.exe
  2⤵
  PID:4024
- C:\Windows\System\MxRDzat.exe
  C:\Windows\System\MxRDzat.exe
  2⤵
  PID:4020
- C:\Windows\System\Qcazvlk.exe
  C:\Windows\System\Qcazvlk.exe
  2⤵
  PID:4064
- C:\Windows\System\xxqYJSn.exe
  C:\Windows\System\xxqYJSn.exe
  2⤵
  PID:4080
- C:\Windows\System\xliZDCr.exe
  C:\Windows\System\xliZDCr.exe
  2⤵
  PID:3088
- C:\Windows\System\WbbCpkg.exe
  C:\Windows\System\WbbCpkg.exe
  2⤵
  PID:1460
- C:\Windows\System\BXJucFs.exe
  C:\Windows\System\BXJucFs.exe
  2⤵
  PID:3028
- C:\Windows\System\NbSerwn.exe
  C:\Windows\System\NbSerwn.exe
  2⤵
  PID:1580
- C:\Windows\System\MiBzYUY.exe
  C:\Windows\System\MiBzYUY.exe
  2⤵
  PID:3292
- C:\Windows\System\LRSmWpY.exe
  C:\Windows\System\LRSmWpY.exe
  2⤵
  PID:3244
- C:\Windows\System\IUXJmgW.exe
  C:\Windows\System\IUXJmgW.exe
  2⤵
  PID:3328
- C:\Windows\System\nMZmPHQ.exe
  C:\Windows\System\nMZmPHQ.exe
  2⤵
  PID:3460
- C:\Windows\System\uXMjCWj.exe
  C:\Windows\System\uXMjCWj.exe
  2⤵
  PID:3496
- C:\Windows\System\BmBQoVY.exe
  C:\Windows\System\BmBQoVY.exe
  2⤵
  PID:1184
- C:\Windows\System\geYtdjG.exe
  C:\Windows\System\geYtdjG.exe
  2⤵
  PID:3520
- C:\Windows\System\KYjNlQz.exe
  C:\Windows\System\KYjNlQz.exe
  2⤵
  PID:3608
- C:\Windows\System\PTvQavC.exe
  C:\Windows\System\PTvQavC.exe
  2⤵
  PID:3656
- C:\Windows\System\ntfWFOG.exe
  C:\Windows\System\ntfWFOG.exe
  2⤵
  PID:3700
- C:\Windows\System\cHnuftu.exe
  C:\Windows\System\cHnuftu.exe
  2⤵
  PID:3784
- C:\Windows\System\ZWrYKoB.exe
  C:\Windows\System\ZWrYKoB.exe
  2⤵
  PID:3760
- C:\Windows\System\JzrKnGx.exe
  C:\Windows\System\JzrKnGx.exe
  2⤵
  PID:3948
- C:\Windows\System\RTDzTrJ.exe
  C:\Windows\System\RTDzTrJ.exe
  2⤵
  PID:3144
- C:\Windows\System\fjTMFJJ.exe
  C:\Windows\System\fjTMFJJ.exe
  2⤵
  PID:2828
- C:\Windows\System\CRbgGQQ.exe
  C:\Windows\System\CRbgGQQ.exe
  2⤵
  PID:3188
- C:\Windows\System\pQJGrGe.exe
  C:\Windows\System\pQJGrGe.exe
  2⤵
  PID:3332
- C:\Windows\System\tSKVXNw.exe
  C:\Windows\System\tSKVXNw.exe
  2⤵
  PID:956
- C:\Windows\System\aGyEmUp.exe
  C:\Windows\System\aGyEmUp.exe
  2⤵
  PID:3372
- C:\Windows\System\JMUFzSZ.exe
  C:\Windows\System\JMUFzSZ.exe
  2⤵
  PID:3252
- C:\Windows\System\RUbZiXl.exe
  C:\Windows\System\RUbZiXl.exe
  2⤵
  PID:1372
- C:\Windows\System\Xesyssc.exe
  C:\Windows\System\Xesyssc.exe
  2⤵
  PID:2780
- C:\Windows\System\cFsEWWB.exe
  C:\Windows\System\cFsEWWB.exe
  2⤵
  PID:3808
- C:\Windows\System\EYhySFL.exe
  C:\Windows\System\EYhySFL.exe
  2⤵
  PID:3296
- C:\Windows\System\BFhvUXr.exe
  C:\Windows\System\BFhvUXr.exe
  2⤵
  PID:924
- C:\Windows\System\HRQrhPf.exe
  C:\Windows\System\HRQrhPf.exe
  2⤵
  PID:428
- C:\Windows\System\ZeqPEug.exe
  C:\Windows\System\ZeqPEug.exe
  2⤵
  PID:3012
- C:\Windows\System\wCiqzXQ.exe
  C:\Windows\System\wCiqzXQ.exe
  2⤵
  PID:2664
- C:\Windows\System\FooZHaN.exe
  C:\Windows\System\FooZHaN.exe
  2⤵
  PID:3284
- C:\Windows\System\loSpiGu.exe
  C:\Windows\System\loSpiGu.exe
  2⤵
  PID:3092
- C:\Windows\System\KsWxjPc.exe
  C:\Windows\System\KsWxjPc.exe
  2⤵
  PID:1344
- C:\Windows\System\nbCgBAu.exe
  C:\Windows\System\nbCgBAu.exe
  2⤵
  PID:3172
- C:\Windows\System\eEGmXRm.exe
  C:\Windows\System\eEGmXRm.exe
  2⤵
  PID:916
- C:\Windows\System\DxzWhCE.exe
  C:\Windows\System\DxzWhCE.exe
  2⤵
  PID:3512
- C:\Windows\System\CbZMTiF.exe
  C:\Windows\System\CbZMTiF.exe
  2⤵
  PID:3720
- C:\Windows\System\tibpFNR.exe
  C:\Windows\System\tibpFNR.exe
  2⤵
  PID:3432
- C:\Windows\System\uxbOEWy.exe
  C:\Windows\System\uxbOEWy.exe
  2⤵
  PID:3744
- C:\Windows\System\FExBQnc.exe
  C:\Windows\System\FExBQnc.exe
  2⤵
  PID:3768
- C:\Windows\System\tTUzxvz.exe
  C:\Windows\System\tTUzxvz.exe
  2⤵
  PID:1996
- C:\Windows\System\maIvody.exe
  C:\Windows\System\maIvody.exe
  2⤵
  PID:2300
- C:\Windows\System\rgKBlXD.exe
  C:\Windows\System\rgKBlXD.exe
  2⤵
  PID:3288
- C:\Windows\System\rkaSeco.exe
  C:\Windows\System\rkaSeco.exe
  2⤵
  PID:556
- C:\Windows\System\ntvfFcP.exe
  C:\Windows\System\ntvfFcP.exe
  2⤵
  PID:816
- C:\Windows\System\wLpYXlz.exe
  C:\Windows\System\wLpYXlz.exe
  2⤵
  PID:3492
- C:\Windows\System\NbiWMzN.exe
  C:\Windows\System\NbiWMzN.exe
  2⤵
  PID:2232
- C:\Windows\System\jombaaf.exe
  C:\Windows\System\jombaaf.exe
  2⤵
  PID:1152
- C:\Windows\System\aXCkkvg.exe
  C:\Windows\System\aXCkkvg.exe
  2⤵
  PID:2192
- C:\Windows\System\SVPSkxQ.exe
  C:\Windows\System\SVPSkxQ.exe
  2⤵
  PID:1216
- C:\Windows\System\eEjQoml.exe
  C:\Windows\System\eEjQoml.exe
  2⤵
  PID:2104
- C:\Windows\System\fhPoFBQ.exe
  C:\Windows\System\fhPoFBQ.exe
  2⤵
  PID:3348
- C:\Windows\System\CgldkdF.exe
  C:\Windows\System\CgldkdF.exe
  2⤵
  PID:3472
- C:\Windows\System\fPuzvCP.exe
  C:\Windows\System\fPuzvCP.exe
  2⤵
  PID:2672
- C:\Windows\System\viycnlp.exe
  C:\Windows\System\viycnlp.exe
  2⤵
  PID:3192
- C:\Windows\System\VGzgUjD.exe
  C:\Windows\System\VGzgUjD.exe
  2⤵
  PID:4104
- C:\Windows\System\AJoWsKO.exe
  C:\Windows\System\AJoWsKO.exe
  2⤵
  PID:4120
- C:\Windows\System\TuTvGjs.exe
  C:\Windows\System\TuTvGjs.exe
  2⤵
  PID:4136
- C:\Windows\System\VSUHJsd.exe
  C:\Windows\System\VSUHJsd.exe
  2⤵
  PID:4152
- C:\Windows\System\ypBMTPS.exe
  C:\Windows\System\ypBMTPS.exe
  2⤵
  PID:4168
- C:\Windows\System\SUKpxzZ.exe
  C:\Windows\System\SUKpxzZ.exe
  2⤵
  PID:4184
- C:\Windows\System\rdjrkIv.exe
  C:\Windows\System\rdjrkIv.exe
  2⤵
  PID:4200
- C:\Windows\System\lApRGsg.exe
  C:\Windows\System\lApRGsg.exe
  2⤵
  PID:4216
- C:\Windows\System\MJqXstR.exe
  C:\Windows\System\MJqXstR.exe
  2⤵
  PID:4232
- C:\Windows\System\pyuCRWo.exe
  C:\Windows\System\pyuCRWo.exe
  2⤵
  PID:4248
- C:\Windows\System\LxdtOpl.exe
  C:\Windows\System\LxdtOpl.exe
  2⤵
  PID:4264
- C:\Windows\System\jWWUHkK.exe
  C:\Windows\System\jWWUHkK.exe
  2⤵
  PID:4280
- C:\Windows\System\zrxYovV.exe
  C:\Windows\System\zrxYovV.exe
  2⤵
  PID:4296
- C:\Windows\System\aaUnHal.exe
  C:\Windows\System\aaUnHal.exe
  2⤵
  PID:4312
- C:\Windows\System\qFXiiPK.exe
  C:\Windows\System\qFXiiPK.exe
  2⤵
  PID:4328
- C:\Windows\System\WYXmCWU.exe
  C:\Windows\System\WYXmCWU.exe
  2⤵
  PID:4344
- C:\Windows\System\ONHeRsz.exe
  C:\Windows\System\ONHeRsz.exe
  2⤵
  PID:4360
- C:\Windows\System\bpvdnJI.exe
  C:\Windows\System\bpvdnJI.exe
  2⤵
  PID:4376
- C:\Windows\System\PaejImY.exe
  C:\Windows\System\PaejImY.exe
  2⤵
  PID:4392
- C:\Windows\System\tOmryXP.exe
  C:\Windows\System\tOmryXP.exe
  2⤵
  PID:4408
- C:\Windows\System\lHYaOES.exe
  C:\Windows\System\lHYaOES.exe
  2⤵
  PID:4428
- C:\Windows\System\oaDwFtY.exe
  C:\Windows\System\oaDwFtY.exe
  2⤵
  PID:4444
- C:\Windows\System\BIAZImV.exe
  C:\Windows\System\BIAZImV.exe
  2⤵
  PID:4460
- C:\Windows\System\tYevFgL.exe
  C:\Windows\System\tYevFgL.exe
  2⤵
  PID:4476
- C:\Windows\System\rpcsHDo.exe
  C:\Windows\System\rpcsHDo.exe
  2⤵
  PID:4492
- C:\Windows\System\RfTFIwd.exe
  C:\Windows\System\RfTFIwd.exe
  2⤵
  PID:4508
- C:\Windows\System\JFxqiOJ.exe
  C:\Windows\System\JFxqiOJ.exe
  2⤵
  PID:4524
- C:\Windows\System\txIIABr.exe
  C:\Windows\System\txIIABr.exe
  2⤵
  PID:4540
- C:\Windows\System\TncTbUF.exe
  C:\Windows\System\TncTbUF.exe
  2⤵
  PID:4556
- C:\Windows\System\KvmVGTH.exe
  C:\Windows\System\KvmVGTH.exe
  2⤵
  PID:4572
- C:\Windows\System\ldBuAgK.exe
  C:\Windows\System\ldBuAgK.exe
  2⤵
  PID:4588
- C:\Windows\System\WrcTzwM.exe
  C:\Windows\System\WrcTzwM.exe
  2⤵
  PID:4604
- C:\Windows\System\epZQrSK.exe
  C:\Windows\System\epZQrSK.exe
  2⤵
  PID:4620
- C:\Windows\System\XPsgByF.exe
  C:\Windows\System\XPsgByF.exe
  2⤵
  PID:4636
- C:\Windows\System\grZtxvm.exe
  C:\Windows\System\grZtxvm.exe
  2⤵
  PID:4652
- C:\Windows\System\RdPIrbv.exe
  C:\Windows\System\RdPIrbv.exe
  2⤵
  PID:4668
- C:\Windows\System\kKafaHP.exe
  C:\Windows\System\kKafaHP.exe
  2⤵
  PID:4684
- C:\Windows\System\aDnHCPo.exe
  C:\Windows\System\aDnHCPo.exe
  2⤵
  PID:4700
- C:\Windows\System\sHxftOz.exe
  C:\Windows\System\sHxftOz.exe
  2⤵
  PID:4716
- C:\Windows\System\TsqGvFP.exe
  C:\Windows\System\TsqGvFP.exe
  2⤵
  PID:4732
- C:\Windows\System\JLHbxqs.exe
  C:\Windows\System\JLHbxqs.exe
  2⤵
  PID:4756
- C:\Windows\System\DWKResI.exe
  C:\Windows\System\DWKResI.exe
  2⤵
  PID:4772
- C:\Windows\System\casycIH.exe
  C:\Windows\System\casycIH.exe
  2⤵
  PID:4788
- C:\Windows\System\pwOnnKE.exe
  C:\Windows\System\pwOnnKE.exe
  2⤵
  PID:5064
- C:\Windows\System\YjyRNYq.exe
  C:\Windows\System\YjyRNYq.exe
  2⤵
  PID:5084
- C:\Windows\System\yJmDiEB.exe
  C:\Windows\System\yJmDiEB.exe
  2⤵
  PID:5104
- C:\Windows\System\disdyVb.exe
  C:\Windows\System\disdyVb.exe
  2⤵
  PID:2984
- C:\Windows\System\OsokZea.exe
  C:\Windows\System\OsokZea.exe
  2⤵
  PID:4112
- C:\Windows\System\HZGyrjo.exe
  C:\Windows\System\HZGyrjo.exe
  2⤵
  PID:3632
- C:\Windows\System\jrYAPqP.exe
  C:\Windows\System\jrYAPqP.exe
  2⤵
  PID:4100
- C:\Windows\System\QYXeBEl.exe
  C:\Windows\System\QYXeBEl.exe
  2⤵
  PID:4128
- C:\Windows\System\MMJmBpF.exe
  C:\Windows\System\MMJmBpF.exe
  2⤵
  PID:4180
- C:\Windows\System\UIttRtT.exe
  C:\Windows\System\UIttRtT.exe
  2⤵
  PID:4192
- C:\Windows\System\XTtTTsc.exe
  C:\Windows\System\XTtTTsc.exe
  2⤵
  PID:4276
- C:\Windows\System\aReboRm.exe
  C:\Windows\System\aReboRm.exe
  2⤵
  PID:1624
- C:\Windows\System\yURsgOn.exe
  C:\Windows\System\yURsgOn.exe
  2⤵
  PID:4320
- C:\Windows\System\AvMteLH.exe
  C:\Windows\System\AvMteLH.exe
  2⤵
  PID:4372
- C:\Windows\System\YiZhdbX.exe
  C:\Windows\System\YiZhdbX.exe
  2⤵
  PID:4388
- C:\Windows\System\gvrnAKg.exe
  C:\Windows\System\gvrnAKg.exe
  2⤵
  PID:4424
- C:\Windows\System\OYxJydu.exe
  C:\Windows\System\OYxJydu.exe
  2⤵
  PID:4456
- C:\Windows\System\yOxHkFC.exe
  C:\Windows\System\yOxHkFC.exe
  2⤵
  PID:4484
- C:\Windows\System\nVhfZhA.exe
  C:\Windows\System\nVhfZhA.exe
  2⤵
  PID:4564
- C:\Windows\System\UDJUatb.exe
  C:\Windows\System\UDJUatb.exe
  2⤵
  PID:4596
- C:\Windows\System\CDRxlZj.exe
  C:\Windows\System\CDRxlZj.exe
  2⤵
  PID:4584
- C:\Windows\System\IROelBV.exe
  C:\Windows\System\IROelBV.exe
  2⤵
  PID:2652
- C:\Windows\System\aYNMGfc.exe
  C:\Windows\System\aYNMGfc.exe
  2⤵
  PID:4728
- C:\Windows\System\sBDbvyg.exe
  C:\Windows\System\sBDbvyg.exe
  2⤵
  PID:4680
- C:\Windows\System\IjrBYqz.exe
  C:\Windows\System\IjrBYqz.exe
  2⤵
  PID:4712
- C:\Windows\System\ioMjdXF.exe
  C:\Windows\System\ioMjdXF.exe
  2⤵
  PID:4744
- C:\Windows\System\CoVPEPV.exe
  C:\Windows\System\CoVPEPV.exe
  2⤵
  PID:1244
- C:\Windows\System\ITWmOus.exe
  C:\Windows\System\ITWmOus.exe
  2⤵
  PID:4816
- C:\Windows\System\sIjTsoG.exe
  C:\Windows\System\sIjTsoG.exe
  2⤵
  PID:4836
- C:\Windows\System\KdoXWHB.exe
  C:\Windows\System\KdoXWHB.exe
  2⤵
  PID:4852
- C:\Windows\System\azhSBDo.exe
  C:\Windows\System\azhSBDo.exe
  2⤵
  PID:4868
- C:\Windows\System\nnBKEtJ.exe
  C:\Windows\System\nnBKEtJ.exe
  2⤵
  PID:4900
- C:\Windows\System\ypQlAFT.exe
  C:\Windows\System\ypQlAFT.exe
  2⤵
  PID:4916
- C:\Windows\System\mVIkfec.exe
  C:\Windows\System\mVIkfec.exe
  2⤵
  PID:4932
- C:\Windows\System\bMoasxi.exe
  C:\Windows\System\bMoasxi.exe
  2⤵
  PID:4944
- C:\Windows\System\alXSBjE.exe
  C:\Windows\System\alXSBjE.exe
  2⤵
  PID:4960
- C:\Windows\System\lNWHvFy.exe
  C:\Windows\System\lNWHvFy.exe
  2⤵
  PID:4980
- C:\Windows\System\txemRYe.exe
  C:\Windows\System\txemRYe.exe
  2⤵
  PID:3908
- C:\Windows\System\zxjswSy.exe
  C:\Windows\System\zxjswSy.exe
  2⤵
  PID:5020
- C:\Windows\System\GUlrPvI.exe
  C:\Windows\System\GUlrPvI.exe
  2⤵
  PID:4016
- C:\Windows\System\HizaBWT.exe
  C:\Windows\System\HizaBWT.exe
  2⤵
  PID:5044
- C:\Windows\System\CUBnNMf.exe
  C:\Windows\System\CUBnNMf.exe
  2⤵
  PID:3844
- C:\Windows\System\bemOrYk.exe
  C:\Windows\System\bemOrYk.exe
  2⤵
  PID:4048
- C:\Windows\System\cvfllYV.exe
  C:\Windows\System\cvfllYV.exe
  2⤵
  PID:3960
- C:\Windows\System\ENWCMsa.exe
  C:\Windows\System\ENWCMsa.exe
  2⤵
  PID:2964
- C:\Windows\System\hNmrOnO.exe
  C:\Windows\System\hNmrOnO.exe
  2⤵
  PID:5096
- C:\Windows\System\XoAxWgo.exe
  C:\Windows\System\XoAxWgo.exe
  2⤵
  PID:912
- C:\Windows\System\iladuqL.exe
  C:\Windows\System\iladuqL.exe
  2⤵
  PID:1836
- C:\Windows\System\JweJrhU.exe
  C:\Windows\System\JweJrhU.exe
  2⤵
  PID:2348
- C:\Windows\System\oBeWwFb.exe
  C:\Windows\System\oBeWwFb.exe
  2⤵
  PID:4228
- C:\Windows\System\cgiXuEA.exe
  C:\Windows\System\cgiXuEA.exe
  2⤵
  PID:2968
- C:\Windows\System\CRzGwXa.exe
  C:\Windows\System\CRzGwXa.exe
  2⤵
  PID:4288
- C:\Windows\System\JywORTt.exe
  C:\Windows\System\JywORTt.exe
  2⤵
  PID:4400
- C:\Windows\System\daDVttc.exe
  C:\Windows\System\daDVttc.exe
  2⤵
  PID:4472
- C:\Windows\System\nTyHfFo.exe
  C:\Windows\System\nTyHfFo.exe
  2⤵
  PID:4504
- C:\Windows\System\vbAulUH.exe
  C:\Windows\System\vbAulUH.exe
  2⤵
  PID:4660
- C:\Windows\System\uXzVYeb.exe
  C:\Windows\System\uXzVYeb.exe
  2⤵
  PID:4520
- C:\Windows\System\PcmokiQ.exe
  C:\Windows\System\PcmokiQ.exe
  2⤵
  PID:4612
- C:\Windows\System\GposmKG.exe
  C:\Windows\System\GposmKG.exe
  2⤵
  PID:4724
- C:\Windows\System\kucnGiN.exe
  C:\Windows\System\kucnGiN.exe
  2⤵
  PID:540
- C:\Windows\System\LRwUhuS.exe
  C:\Windows\System\LRwUhuS.exe
  2⤵
  PID:4824
- C:\Windows\System\aBVNKlP.exe
  C:\Windows\System\aBVNKlP.exe
  2⤵
  PID:4864
- C:\Windows\System\cGcwPFk.exe
  C:\Windows\System\cGcwPFk.exe
  2⤵
  PID:4848
- C:\Windows\System\Uvdmvmq.exe
  C:\Windows\System\Uvdmvmq.exe
  2⤵
  PID:4880
- C:\Windows\System\EqADCel.exe
  C:\Windows\System\EqADCel.exe
  2⤵
  PID:4940
- C:\Windows\System\JpINCFR.exe
  C:\Windows\System\JpINCFR.exe
  2⤵
  PID:4956
- C:\Windows\System\QDyGKML.exe
  C:\Windows\System\QDyGKML.exe
  2⤵
  PID:4988
- C:\Windows\System\ikmFiFw.exe
  C:\Windows\System\ikmFiFw.exe
  2⤵
  PID:5036
- C:\Windows\System\XcJravE.exe
  C:\Windows\System\XcJravE.exe
  2⤵
  PID:5032
- C:\Windows\System\udIyQmz.exe
  C:\Windows\System\udIyQmz.exe
  2⤵
  PID:5056
- C:\Windows\System\twNhDer.exe
  C:\Windows\System\twNhDer.exe
  2⤵
  PID:4752
- C:\Windows\System\gCluzyd.exe
  C:\Windows\System\gCluzyd.exe
  2⤵
  PID:2308
- C:\Windows\System\pZbaLqT.exe
  C:\Windows\System\pZbaLqT.exe
  2⤵
  PID:4144
- C:\Windows\System\AHTMDIP.exe
  C:\Windows\System\AHTMDIP.exe
  2⤵
  PID:2356
- C:\Windows\System\NwGhxtK.exe
  C:\Windows\System\NwGhxtK.exe
  2⤵
  PID:4336
- C:\Windows\System\keBQAlk.exe
  C:\Windows\System\keBQAlk.exe
  2⤵
  PID:4552
- C:\Windows\System\uFMPSyY.exe
  C:\Windows\System\uFMPSyY.exe
  2⤵
  PID:4384
- C:\Windows\System\BDTGEFn.exe
  C:\Windows\System\BDTGEFn.exe
  2⤵
  PID:1080
- C:\Windows\System\iStRPvq.exe
  C:\Windows\System\iStRPvq.exe
  2⤵
  PID:4440
- C:\Windows\System\IBKdoxd.exe
  C:\Windows\System\IBKdoxd.exe
  2⤵
  PID:4820
- C:\Windows\System\SGhiuhG.exe
  C:\Windows\System\SGhiuhG.exe
  2⤵
  PID:4768
- C:\Windows\System\wMquzbZ.exe
  C:\Windows\System\wMquzbZ.exe
  2⤵
  PID:4832
- C:\Windows\System\PuQSnfl.exe
  C:\Windows\System\PuQSnfl.exe
  2⤵
  PID:4884
- C:\Windows\System\ZueQAIL.exe
  C:\Windows\System\ZueQAIL.exe
  2⤵
  PID:5016
- C:\Windows\System\NwHKDzb.exe
  C:\Windows\System\NwHKDzb.exe
  2⤵
  PID:5000
- C:\Windows\System\gNXXUAD.exe
  C:\Windows\System\gNXXUAD.exe
  2⤵
  PID:5040
- C:\Windows\System\MRgMfJO.exe
  C:\Windows\System\MRgMfJO.exe
  2⤵
  PID:5092
- C:\Windows\System\kUCsJYC.exe
  C:\Windows\System\kUCsJYC.exe
  2⤵
  PID:5072
- C:\Windows\System\nikbdjg.exe
  C:\Windows\System\nikbdjg.exe
  2⤵
  PID:4212
- C:\Windows\System\YgKLncZ.exe
  C:\Windows\System\YgKLncZ.exe
  2⤵
  PID:4356
- C:\Windows\System\trUvbBF.exe
  C:\Windows\System\trUvbBF.exe
  2⤵
  PID:4164
- C:\Windows\System\jvrsqov.exe
  C:\Windows\System\jvrsqov.exe
  2⤵
  PID:4628
- C:\Windows\System\NhhtMeC.exe
  C:\Windows\System\NhhtMeC.exe
  2⤵
  PID:4764
- C:\Windows\System\ZfSeGBh.exe
  C:\Windows\System\ZfSeGBh.exe
  2⤵
  PID:4892
- C:\Windows\System\MrSozEw.exe
  C:\Windows\System\MrSozEw.exe
  2⤵
  PID:3988
- C:\Windows\System\SZMIQyj.exe
  C:\Windows\System\SZMIQyj.exe
  2⤵
  PID:4116
- C:\Windows\System\ayVUMBx.exe
  C:\Windows\System\ayVUMBx.exe
  2⤵
  PID:4224
- C:\Windows\System\AgihWsd.exe
  C:\Windows\System\AgihWsd.exe
  2⤵
  PID:4664
- C:\Windows\System\vaAarqU.exe
  C:\Windows\System\vaAarqU.exe
  2⤵
  PID:4912
- C:\Windows\System\nSRVqLN.exe
  C:\Windows\System\nSRVqLN.exe
  2⤵
  PID:4952
- C:\Windows\System\SfsNYGb.exe
  C:\Windows\System\SfsNYGb.exe
  2⤵
  PID:5012
- C:\Windows\System\oEkuYTN.exe
  C:\Windows\System\oEkuYTN.exe
  2⤵
  PID:4368
- C:\Windows\System\MUFevsD.exe
  C:\Windows\System\MUFevsD.exe
  2⤵
  PID:4696
- C:\Windows\System\jGLjUSB.exe
  C:\Windows\System\jGLjUSB.exe
  2⤵
  PID:4796
- C:\Windows\System\vNFkHma.exe
  C:\Windows\System\vNFkHma.exe
  2⤵
  PID:4068
- C:\Windows\System\pONRcSG.exe
  C:\Windows\System\pONRcSG.exe
  2⤵
  PID:4272
- C:\Windows\System\citOekR.exe
  C:\Windows\System\citOekR.exe
  2⤵
  PID:1796
- C:\Windows\System\ZBrxQRd.exe
  C:\Windows\System\ZBrxQRd.exe
  2⤵
  PID:4692
- C:\Windows\System\RuNyots.exe
  C:\Windows\System\RuNyots.exe
  2⤵
  PID:4968
- C:\Windows\System\VivKXfw.exe
  C:\Windows\System\VivKXfw.exe
  2⤵
  PID:5128
- C:\Windows\System\uYHsugq.exe
  C:\Windows\System\uYHsugq.exe
  2⤵
  PID:5148
- C:\Windows\System\qRbSKDH.exe
  C:\Windows\System\qRbSKDH.exe
  2⤵
  PID:5172
- C:\Windows\System\OZkJlgQ.exe
  C:\Windows\System\OZkJlgQ.exe
  2⤵
  PID:5192
- C:\Windows\System\HSDGFgj.exe
  C:\Windows\System\HSDGFgj.exe
  2⤵
  PID:5208
- C:\Windows\System\qdBvieN.exe
  C:\Windows\System\qdBvieN.exe
  2⤵
  PID:5224
- C:\Windows\System\kDfynTu.exe
  C:\Windows\System\kDfynTu.exe
  2⤵
  PID:5244
- C:\Windows\System\uCBuTJk.exe
  C:\Windows\System\uCBuTJk.exe
  2⤵
  PID:5272
- C:\Windows\System\VlXWtjK.exe
  C:\Windows\System\VlXWtjK.exe
  2⤵
  PID:5288
- C:\Windows\System\gWmBXRo.exe
  C:\Windows\System\gWmBXRo.exe
  2⤵
  PID:5304
- C:\Windows\System\MuQftat.exe
  C:\Windows\System\MuQftat.exe
  2⤵
  PID:5324
- C:\Windows\System\zrZgBqe.exe
  C:\Windows\System\zrZgBqe.exe
  2⤵
  PID:5340
- C:\Windows\System\ldnXOOs.exe
  C:\Windows\System\ldnXOOs.exe
  2⤵
  PID:5368
- C:\Windows\System\AHdPZPe.exe
  C:\Windows\System\AHdPZPe.exe
  2⤵
  PID:5388
- C:\Windows\System\JnGfmiX.exe
  C:\Windows\System\JnGfmiX.exe
  2⤵
  PID:5408
- C:\Windows\System\GtSDyRO.exe
  C:\Windows\System\GtSDyRO.exe
  2⤵
  PID:5432
- C:\Windows\System\wYEBKJw.exe
  C:\Windows\System\wYEBKJw.exe
  2⤵
  PID:5448
- C:\Windows\System\uBDeHSs.exe
  C:\Windows\System\uBDeHSs.exe
  2⤵
  PID:5468
- C:\Windows\System\KfKuzbz.exe
  C:\Windows\System\KfKuzbz.exe
  2⤵
  PID:5496
- C:\Windows\System\UdDGnKW.exe
  C:\Windows\System\UdDGnKW.exe
  2⤵
  PID:5512
- C:\Windows\System\ckKnHIX.exe
  C:\Windows\System\ckKnHIX.exe
  2⤵
  PID:5528
- C:\Windows\System\opWrzLO.exe
  C:\Windows\System\opWrzLO.exe
  2⤵
  PID:5544
- C:\Windows\System\XlzThBd.exe
  C:\Windows\System\XlzThBd.exe
  2⤵
  PID:5560
- C:\Windows\System\kfVQHLP.exe
  C:\Windows\System\kfVQHLP.exe
  2⤵
  PID:5576
- C:\Windows\System\xPkhIyp.exe
  C:\Windows\System\xPkhIyp.exe
  2⤵
  PID:5592
- C:\Windows\System\wAQNOei.exe
  C:\Windows\System\wAQNOei.exe
  2⤵
  PID:5648
- C:\Windows\System\bJDXpuj.exe
  C:\Windows\System\bJDXpuj.exe
  2⤵
  PID:5684
- C:\Windows\System\GZKaQck.exe
  C:\Windows\System\GZKaQck.exe
  2⤵
  PID:5704
- C:\Windows\System\jTSdjiJ.exe
  C:\Windows\System\jTSdjiJ.exe
  2⤵
  PID:5724
- C:\Windows\System\uyTHgcD.exe
  C:\Windows\System\uyTHgcD.exe
  2⤵
  PID:5744
- C:\Windows\System\DFCdiBm.exe
  C:\Windows\System\DFCdiBm.exe
  2⤵
  PID:5784
- C:\Windows\System\UWbXDBS.exe
  C:\Windows\System\UWbXDBS.exe
  2⤵
  PID:5800
- C:\Windows\System\SuIXAXb.exe
  C:\Windows\System\SuIXAXb.exe
  2⤵
  PID:5816
- C:\Windows\System\hlbgZHg.exe
  C:\Windows\System\hlbgZHg.exe
  2⤵
  PID:5840
- C:\Windows\System\nPBMxyU.exe
  C:\Windows\System\nPBMxyU.exe
  2⤵
  PID:5872
- C:\Windows\System\YuzWVkK.exe
  C:\Windows\System\YuzWVkK.exe
  2⤵
  PID:5892
- C:\Windows\System\FtDnTnK.exe
  C:\Windows\System\FtDnTnK.exe
  2⤵
  PID:5912
- C:\Windows\System\tbLSmno.exe
  C:\Windows\System\tbLSmno.exe
  2⤵
  PID:5952
- C:\Windows\System\LvBvkHj.exe
  C:\Windows\System\LvBvkHj.exe
  2⤵
  PID:5976
- C:\Windows\System\eadNJIY.exe
  C:\Windows\System\eadNJIY.exe
  2⤵
  PID:5996
- C:\Windows\System\MrRjZfk.exe
  C:\Windows\System\MrRjZfk.exe
  2⤵
  PID:6016
- C:\Windows\System\vNAwvXP.exe
  C:\Windows\System\vNAwvXP.exe
  2⤵
  PID:6036
- C:\Windows\System\DIhPEHd.exe
  C:\Windows\System\DIhPEHd.exe
  2⤵
  PID:6056
- C:\Windows\System\afXkcNR.exe
  C:\Windows\System\afXkcNR.exe
  2⤵
  PID:6076
- C:\Windows\System\dIEktMc.exe
  C:\Windows\System\dIEktMc.exe
  2⤵
  PID:6096
- C:\Windows\System\PTfcktM.exe
  C:\Windows\System\PTfcktM.exe
  2⤵
  PID:6120
- C:\Windows\System\SmJkCSv.exe
  C:\Windows\System\SmJkCSv.exe
  2⤵
  PID:6136
- C:\Windows\System\dRbxkDL.exe
  C:\Windows\System\dRbxkDL.exe
  2⤵
  PID:5140
- C:\Windows\System\VzfIinp.exe
  C:\Windows\System\VzfIinp.exe
  2⤵
  PID:4804
- C:\Windows\System\HYYSoFs.exe
  C:\Windows\System\HYYSoFs.exe
  2⤵
  PID:5180
- C:\Windows\System\UbbQIxa.exe
  C:\Windows\System\UbbQIxa.exe
  2⤵
  PID:5252
- C:\Windows\System\HVvLjmC.exe
  C:\Windows\System\HVvLjmC.exe
  2⤵
  PID:5240
- C:\Windows\System\AGgTasr.exe
  C:\Windows\System\AGgTasr.exe
  2⤵
  PID:5300
- C:\Windows\System\RUcHmWY.exe
  C:\Windows\System\RUcHmWY.exe
  2⤵
  PID:5280
- C:\Windows\System\khArGIW.exe
  C:\Windows\System\khArGIW.exe
  2⤵
  PID:5348
- C:\Windows\System\BMeMOsc.exe
  C:\Windows\System\BMeMOsc.exe
  2⤵
  PID:5364
- C:\Windows\System\LNCppzj.exe
  C:\Windows\System\LNCppzj.exe
  2⤵
  PID:5396
- C:\Windows\System\NxpMSys.exe
  C:\Windows\System\NxpMSys.exe
  2⤵
  PID:5444
- C:\Windows\System\MlFZYHM.exe
  C:\Windows\System\MlFZYHM.exe
  2⤵
  PID:5424
- C:\Windows\System\vypQjaR.exe
  C:\Windows\System\vypQjaR.exe
  2⤵
  PID:5492
- C:\Windows\System\nsxgsrD.exe
  C:\Windows\System\nsxgsrD.exe
  2⤵
  PID:5524
- C:\Windows\System\RafndGM.exe
  C:\Windows\System\RafndGM.exe
  2⤵
  PID:5584
- C:\Windows\System\SdQPGrJ.exe
  C:\Windows\System\SdQPGrJ.exe
  2⤵
  PID:5664
- C:\Windows\System\VEPaIxr.exe
  C:\Windows\System\VEPaIxr.exe
  2⤵
  PID:5716
- C:\Windows\System\VKxsjjx.exe
  C:\Windows\System\VKxsjjx.exe
  2⤵
  PID:5732
- C:\Windows\System\hGEjhsV.exe
  C:\Windows\System\hGEjhsV.exe
  2⤵
  PID:5824
- C:\Windows\System\kawPDvV.exe
  C:\Windows\System\kawPDvV.exe
  2⤵
  PID:5808
- C:\Windows\System\YhlRZQM.exe
  C:\Windows\System\YhlRZQM.exe
  2⤵
  PID:5864
- C:\Windows\System\FAczLZd.exe
  C:\Windows\System\FAczLZd.exe
  2⤵
  PID:5932
- C:\Windows\System\BzjPXHx.exe
  C:\Windows\System\BzjPXHx.exe
  2⤵
  PID:5988
- C:\Windows\System\LTRVFOS.exe
  C:\Windows\System\LTRVFOS.exe
  2⤵
  PID:5832
- C:\Windows\System\HVETmsM.exe
  C:\Windows\System\HVETmsM.exe
  2⤵
  PID:6064
- C:\Windows\System\urYNIaD.exe
  C:\Windows\System\urYNIaD.exe
  2⤵
  PID:6104
- C:\Windows\System\VWjayxn.exe
  C:\Windows\System\VWjayxn.exe
  2⤵
  PID:6108
- C:\Windows\System\QlfCKGe.exe
  C:\Windows\System\QlfCKGe.exe
  2⤵
  PID:2724
- C:\Windows\System\FeojwWN.exe
  C:\Windows\System\FeojwWN.exe
  2⤵
  PID:3620
- C:\Windows\System\BvHmZpd.exe
  C:\Windows\System\BvHmZpd.exe
  2⤵
  PID:5156
- C:\Windows\System\VFROumX.exe
  C:\Windows\System\VFROumX.exe
  2⤵
  PID:5264
- C:\Windows\System\WHRlheE.exe
  C:\Windows\System\WHRlheE.exe
  2⤵
  PID:5332
- C:\Windows\System\TBQrRLM.exe
  C:\Windows\System\TBQrRLM.exe
  2⤵
  PID:5360
- C:\Windows\System\eFONFBW.exe
  C:\Windows\System\eFONFBW.exe
  2⤵
  PID:5384
- C:\Windows\System\tNMQRDP.exe
  C:\Windows\System\tNMQRDP.exe
  2⤵
  PID:5568
- C:\Windows\System\fPvsjlt.exe
  C:\Windows\System\fPvsjlt.exe
  2⤵
  PID:5628
- C:\Windows\System\hHscDjD.exe
  C:\Windows\System\hHscDjD.exe
  2⤵
  PID:5484
- C:\Windows\System\xiMNeIS.exe
  C:\Windows\System\xiMNeIS.exe
  2⤵
  PID:5780
- C:\Windows\System\EDygQLL.exe
  C:\Windows\System\EDygQLL.exe
  2⤵
  PID:5792
- C:\Windows\System\AnNsGOq.exe
  C:\Windows\System\AnNsGOq.exe
  2⤵
  PID:5836
- C:\Windows\System\PjYhhpQ.exe
  C:\Windows\System\PjYhhpQ.exe
  2⤵
  PID:5928
- C:\Windows\System\BfCUjOH.exe
  C:\Windows\System\BfCUjOH.exe
  2⤵
  PID:5964
- C:\Windows\System\LOJczBR.exe
  C:\Windows\System\LOJczBR.exe
  2⤵
  PID:6052
- C:\Windows\System\pnBpBoL.exe
  C:\Windows\System\pnBpBoL.exe
  2⤵
  PID:5620
- C:\Windows\System\gTPcwKZ.exe
  C:\Windows\System\gTPcwKZ.exe
  2⤵
  PID:5136
- C:\Windows\System\cXzzLlk.exe
  C:\Windows\System\cXzzLlk.exe
  2⤵
  PID:6092
- C:\Windows\System\dYDbIms.exe
  C:\Windows\System\dYDbIms.exe
  2⤵
  PID:5736
- C:\Windows\System\PKhiPtL.exe
  C:\Windows\System\PKhiPtL.exe
  2⤵
  PID:5416
- C:\Windows\System\pjhQmaS.exe
  C:\Windows\System\pjhQmaS.exe
  2⤵
  PID:5124
- C:\Windows\System\MbXGPpi.exe
  C:\Windows\System\MbXGPpi.exe
  2⤵
  PID:5440
- C:\Windows\System\dyeCdjb.exe
  C:\Windows\System\dyeCdjb.exe
  2⤵
  PID:5508
- C:\Windows\System\dVvsyJY.exe
  C:\Windows\System\dVvsyJY.exe
  2⤵
  PID:5656
- C:\Windows\System\qxmxLEV.exe
  C:\Windows\System\qxmxLEV.exe
  2⤵
  PID:5540
- C:\Windows\System\MvgQvOA.exe
  C:\Windows\System\MvgQvOA.exe
  2⤵
  PID:5944
- C:\Windows\System\OUFTidg.exe
  C:\Windows\System\OUFTidg.exe
  2⤵
  PID:5660
- C:\Windows\System\ySWeuzX.exe
  C:\Windows\System\ySWeuzX.exe
  2⤵
  PID:5676
- C:\Windows\System\JbjENGP.exe
  C:\Windows\System\JbjENGP.exe
  2⤵
  PID:5672
- C:\Windows\System\VEiCWZJ.exe
  C:\Windows\System\VEiCWZJ.exe
  2⤵
  PID:5972
- C:\Windows\System\PCKvtBH.exe
  C:\Windows\System\PCKvtBH.exe
  2⤵
  PID:5608
- C:\Windows\System\QrYGHUq.exe
  C:\Windows\System\QrYGHUq.exe
  2⤵
  PID:5160
- C:\Windows\System\bLvQqLu.exe
  C:\Windows\System\bLvQqLu.exe
  2⤵
  PID:5220
- C:\Windows\System\hkGKIOr.exe
  C:\Windows\System\hkGKIOr.exe
  2⤵
  PID:5644
- C:\Windows\System\vzVSEHA.exe
  C:\Windows\System\vzVSEHA.exe
  2⤵
  PID:5904
- C:\Windows\System\ZutsfMy.exe
  C:\Windows\System\ZutsfMy.exe
  2⤵
  PID:5232
- C:\Windows\System\YdMlNpO.exe
  C:\Windows\System\YdMlNpO.exe
  2⤵
  PID:5924
- C:\Windows\System\pWZZfxw.exe
  C:\Windows\System\pWZZfxw.exe
  2⤵
  PID:5076
- C:\Windows\System\OkoTIiy.exe
  C:\Windows\System\OkoTIiy.exe
  2⤵
  PID:5712
- C:\Windows\System\EqRwczP.exe
  C:\Windows\System\EqRwczP.exe
  2⤵
  PID:5860
- C:\Windows\System\IKOZUSS.exe
  C:\Windows\System\IKOZUSS.exe
  2⤵
  PID:5680
- C:\Windows\System\PVeKuin.exe
  C:\Windows\System\PVeKuin.exe
  2⤵
  PID:6084
- C:\Windows\System\CmQWZLu.exe
  C:\Windows\System\CmQWZLu.exe
  2⤵
  PID:6012
- C:\Windows\System\ufVMswa.exe
  C:\Windows\System\ufVMswa.exe
  2⤵
  PID:5164
- C:\Windows\System\siwINBg.exe
  C:\Windows\System\siwINBg.exe
  2⤵
  PID:5948
- C:\Windows\System\LIbyBvl.exe
  C:\Windows\System\LIbyBvl.exe
  2⤵
  PID:5884
- C:\Windows\System\rsKsfUN.exe
  C:\Windows\System\rsKsfUN.exe
  2⤵
  PID:5756
- C:\Windows\System\rrPDuiE.exe
  C:\Windows\System\rrPDuiE.exe
  2⤵
  PID:5760
- C:\Windows\System\zRzAKWc.exe
  C:\Windows\System\zRzAKWc.exe
  2⤵
  PID:5856
- C:\Windows\System\zixlcJZ.exe
  C:\Windows\System\zixlcJZ.exe
  2⤵
  PID:5920
- C:\Windows\System\HutiFPs.exe
  C:\Windows\System\HutiFPs.exe
  2⤵
  PID:5476
- C:\Windows\System\QrodSSU.exe
  C:\Windows\System\QrodSSU.exe
  2⤵
  PID:5696
- C:\Windows\System\XJVQxHT.exe
  C:\Windows\System\XJVQxHT.exe
  2⤵
  PID:6116
- C:\Windows\System\FsgZZzO.exe
  C:\Windows\System\FsgZZzO.exe
  2⤵
  PID:6156
- C:\Windows\System\RuqFiQu.exe
  C:\Windows\System\RuqFiQu.exe
  2⤵
  PID:6172
- C:\Windows\System\VuYupBg.exe
  C:\Windows\System\VuYupBg.exe
  2⤵
  PID:6188
- C:\Windows\System\mGzPQEH.exe
  C:\Windows\System\mGzPQEH.exe
  2⤵
  PID:6204
- C:\Windows\System\WGYSONQ.exe
  C:\Windows\System\WGYSONQ.exe
  2⤵
  PID:6220
- C:\Windows\System\IgGFdfy.exe
  C:\Windows\System\IgGFdfy.exe
  2⤵
  PID:6236
- C:\Windows\System\CFMqVdN.exe
  C:\Windows\System\CFMqVdN.exe
  2⤵
  PID:6252
- C:\Windows\System\ytExuqS.exe
  C:\Windows\System\ytExuqS.exe
  2⤵
  PID:6268
- C:\Windows\System\zmzcaVo.exe
  C:\Windows\System\zmzcaVo.exe
  2⤵
  PID:6284
- C:\Windows\System\XxSmQRl.exe
  C:\Windows\System\XxSmQRl.exe
  2⤵
  PID:6304
- C:\Windows\System\DZtqspH.exe
  C:\Windows\System\DZtqspH.exe
  2⤵
  PID:6320
- C:\Windows\System\YmNUpek.exe
  C:\Windows\System\YmNUpek.exe
  2⤵
  PID:6336
- C:\Windows\System\JdWjMeg.exe
  C:\Windows\System\JdWjMeg.exe
  2⤵
  PID:6352
- C:\Windows\System\sbZerjK.exe
  C:\Windows\System\sbZerjK.exe
  2⤵
  PID:6368
- C:\Windows\System\wIeWeax.exe
  C:\Windows\System\wIeWeax.exe
  2⤵
  PID:6384
- C:\Windows\System\bCpIsys.exe
  C:\Windows\System\bCpIsys.exe
  2⤵
  PID:6400
- C:\Windows\System\cJVQyhL.exe
  C:\Windows\System\cJVQyhL.exe
  2⤵
  PID:6416
- C:\Windows\System\kArACge.exe
  C:\Windows\System\kArACge.exe
  2⤵
  PID:6432
- C:\Windows\System\rnnzQiY.exe
  C:\Windows\System\rnnzQiY.exe
  2⤵
  PID:6452
- C:\Windows\System\bvuZCsz.exe
  C:\Windows\System\bvuZCsz.exe
  2⤵
  PID:6468
- C:\Windows\System\iJlhoHa.exe
  C:\Windows\System\iJlhoHa.exe
  2⤵
  PID:6484
- C:\Windows\System\WdBbaOJ.exe
  C:\Windows\System\WdBbaOJ.exe
  2⤵
  PID:6500
- C:\Windows\System\XIwtZaG.exe
  C:\Windows\System\XIwtZaG.exe
  2⤵
  PID:6528
- C:\Windows\System\ESsgYxS.exe
  C:\Windows\System\ESsgYxS.exe
  2⤵
  PID:6544
- C:\Windows\System\eNJlwOZ.exe
  C:\Windows\System\eNJlwOZ.exe
  2⤵
  PID:6560
- C:\Windows\System\TivaDFg.exe
  C:\Windows\System\TivaDFg.exe
  2⤵
  PID:6580
- C:\Windows\System\JeWwkAw.exe
  C:\Windows\System\JeWwkAw.exe
  2⤵
  PID:6596
- C:\Windows\System\rbtRaIR.exe
  C:\Windows\System\rbtRaIR.exe
  2⤵
  PID:6620
- C:\Windows\System\IbZubKR.exe
  C:\Windows\System\IbZubKR.exe
  2⤵
  PID:6636
- C:\Windows\System\jfnYIWw.exe
  C:\Windows\System\jfnYIWw.exe
  2⤵
  PID:6652
- C:\Windows\System\bVhpDNw.exe
  C:\Windows\System\bVhpDNw.exe
  2⤵
  PID:6668
- C:\Windows\System\NJbHhhj.exe
  C:\Windows\System\NJbHhhj.exe
  2⤵
  PID:6684
- C:\Windows\System\zSvxRTF.exe
  C:\Windows\System\zSvxRTF.exe
  2⤵
  PID:6704
- C:\Windows\System\ilnDwLo.exe
  C:\Windows\System\ilnDwLo.exe
  2⤵
  PID:6720
- C:\Windows\System\xMWdcSi.exe
  C:\Windows\System\xMWdcSi.exe
  2⤵
  PID:6736
- C:\Windows\System\FhvnDLJ.exe
  C:\Windows\System\FhvnDLJ.exe
  2⤵
  PID:6752
- C:\Windows\System\OIYTkGA.exe
  C:\Windows\System\OIYTkGA.exe
  2⤵
  PID:6768
- C:\Windows\System\eCAJepa.exe
  C:\Windows\System\eCAJepa.exe
  2⤵
  PID:6784
- C:\Windows\System\iDoXAmW.exe
  C:\Windows\System\iDoXAmW.exe
  2⤵
  PID:6800
- C:\Windows\System\wVUZVLM.exe
  C:\Windows\System\wVUZVLM.exe
  2⤵
  PID:6816
- C:\Windows\System\PSLgQYC.exe
  C:\Windows\System\PSLgQYC.exe
  2⤵
  PID:6832
- C:\Windows\System\vqKdGLc.exe
  C:\Windows\System\vqKdGLc.exe
  2⤵
  PID:6848
- C:\Windows\System\EPWPzEZ.exe
  C:\Windows\System\EPWPzEZ.exe
  2⤵
  PID:6864
- C:\Windows\System\sgAPLBD.exe
  C:\Windows\System\sgAPLBD.exe
  2⤵
  PID:6880
- C:\Windows\System\kIrtUSF.exe
  C:\Windows\System\kIrtUSF.exe
  2⤵
  PID:6896
- C:\Windows\System\mErtqPC.exe
  C:\Windows\System\mErtqPC.exe
  2⤵
  PID:6912
- C:\Windows\System\CxzTcqp.exe
  C:\Windows\System\CxzTcqp.exe
  2⤵
  PID:6928
- C:\Windows\System\RalPiyr.exe
  C:\Windows\System\RalPiyr.exe
  2⤵
  PID:6948
- C:\Windows\System\yaVhEHj.exe
  C:\Windows\System\yaVhEHj.exe
  2⤵
  PID:6964
- C:\Windows\System\RVWnjHx.exe
  C:\Windows\System\RVWnjHx.exe
  2⤵
  PID:6980
- C:\Windows\System\XUfdSXp.exe
  C:\Windows\System\XUfdSXp.exe
  2⤵
  PID:6996
- C:\Windows\System\SRThAji.exe
  C:\Windows\System\SRThAji.exe
  2⤵
  PID:7016
- C:\Windows\System\pwLqUCU.exe
  C:\Windows\System\pwLqUCU.exe
  2⤵
  PID:7032
- C:\Windows\System\dNnBCPl.exe
  C:\Windows\System\dNnBCPl.exe
  2⤵
  PID:7048
- C:\Windows\System\NzTgtgq.exe
  C:\Windows\System\NzTgtgq.exe
  2⤵
  PID:7064
- C:\Windows\System\MQZlkdJ.exe
  C:\Windows\System\MQZlkdJ.exe
  2⤵
  PID:7080
- C:\Windows\System\sZdPgfn.exe
  C:\Windows\System\sZdPgfn.exe
  2⤵
  PID:7096
- C:\Windows\System\xlhcyKZ.exe
  C:\Windows\System\xlhcyKZ.exe
  2⤵
  PID:7116
- C:\Windows\System\ICsDIza.exe
  C:\Windows\System\ICsDIza.exe
  2⤵
  PID:7132
- C:\Windows\System\kqGbcia.exe
  C:\Windows\System\kqGbcia.exe
  2⤵
  PID:7148
- C:\Windows\System\OMkWtmV.exe
  C:\Windows\System\OMkWtmV.exe
  2⤵
  PID:7164
- C:\Windows\System\JabdFiv.exe
  C:\Windows\System\JabdFiv.exe
  2⤵
  PID:6164
- C:\Windows\System\aXceGAn.exe
  C:\Windows\System\aXceGAn.exe
  2⤵
  PID:6196
- C:\Windows\System\QfnDKDB.exe
  C:\Windows\System\QfnDKDB.exe
  2⤵
  PID:5616
- C:\Windows\System\KkdFubj.exe
  C:\Windows\System\KkdFubj.exe
  2⤵
  PID:6264
- C:\Windows\System\SACumdk.exe
  C:\Windows\System\SACumdk.exe
  2⤵
  PID:6212
- C:\Windows\System\xCAhoGd.exe
  C:\Windows\System\xCAhoGd.exe
  2⤵
  PID:6296
- C:\Windows\System\JyGNFLW.exe
  C:\Windows\System\JyGNFLW.exe
  2⤵
  PID:6364
- C:\Windows\System\tbEZNKp.exe
  C:\Windows\System\tbEZNKp.exe
  2⤵
  PID:6348
- C:\Windows\System\xKcPkwA.exe
  C:\Windows\System\xKcPkwA.exe
  2⤵
  PID:6396
- C:\Windows\System\SNNDLtU.exe
  C:\Windows\System\SNNDLtU.exe
  2⤵
  PID:6424
- C:\Windows\System\bZbFCVa.exe
  C:\Windows\System\bZbFCVa.exe
  2⤵
  PID:6460
- C:\Windows\System\JYLGmAw.exe
  C:\Windows\System\JYLGmAw.exe
  2⤵
  PID:6480
- C:\Windows\System\iCiucVn.exe
  C:\Windows\System\iCiucVn.exe
  2⤵
  PID:6536
- C:\Windows\System\ENPHSKP.exe
  C:\Windows\System\ENPHSKP.exe
  2⤵
  PID:6568
- C:\Windows\System\XBsZlKq.exe
  C:\Windows\System\XBsZlKq.exe
  2⤵
  PID:6588
- C:\Windows\System\mLitQJM.exe
  C:\Windows\System\mLitQJM.exe
  2⤵
  PID:6644
- C:\Windows\System\WthcdCj.exe
  C:\Windows\System\WthcdCj.exe
  2⤵
  PID:6632
- C:\Windows\System\vMIvGPK.exe
  C:\Windows\System\vMIvGPK.exe
  2⤵
  PID:304
- C:\Windows\System\aOyWrwu.exe
  C:\Windows\System\aOyWrwu.exe
  2⤵
  PID:6760
- C:\Windows\System\TyVaZKf.exe
  C:\Windows\System\TyVaZKf.exe
  2⤵
  PID:6748
- C:\Windows\System\sQzgSyw.exe
  C:\Windows\System\sQzgSyw.exe
  2⤵
  PID:6792
- C:\Windows\System\xEbTCNi.exe
  C:\Windows\System\xEbTCNi.exe
  2⤵
  PID:6988
- C:\Windows\System\dZaeftj.exe
  C:\Windows\System\dZaeftj.exe
  2⤵
  PID:7024
- C:\Windows\System\dsKVIFs.exe
  C:\Windows\System\dsKVIFs.exe
  2⤵
  PID:7076
- C:\Windows\System\LgIvFbB.exe
  C:\Windows\System\LgIvFbB.exe
  2⤵
  PID:7060
- C:\Windows\System\dzqVYji.exe
  C:\Windows\System\dzqVYji.exe
  2⤵
  PID:7144
- C:\Windows\System\YqnXgzi.exe
  C:\Windows\System\YqnXgzi.exe
  2⤵
  PID:6184
- C:\Windows\System\rVGiEiO.exe
  C:\Windows\System\rVGiEiO.exe
  2⤵
  PID:6232
- C:\Windows\System\YhCfOSe.exe
  C:\Windows\System\YhCfOSe.exe
  2⤵
  PID:6248
- C:\Windows\System\UxgcJSe.exe
  C:\Windows\System\UxgcJSe.exe
  2⤵
  PID:5900
- C:\Windows\System\vpxeXay.exe
  C:\Windows\System\vpxeXay.exe
  2⤵
  PID:6444
- C:\Windows\System\SzCKdWY.exe
  C:\Windows\System\SzCKdWY.exe
  2⤵
  PID:6516
- C:\Windows\System\YpWCVoJ.exe
  C:\Windows\System\YpWCVoJ.exe
  2⤵
  PID:6648
- C:\Windows\System\bCjDWps.exe
  C:\Windows\System\bCjDWps.exe
  2⤵
  PID:6628
- C:\Windows\System\rTdShCu.exe
  C:\Windows\System\rTdShCu.exe
  2⤵
  PID:6744
- C:\Windows\System\bzNGtSg.exe
  C:\Windows\System\bzNGtSg.exe
  2⤵
  PID:6828
- C:\Windows\System\fPuAtIu.exe
  C:\Windows\System\fPuAtIu.exe
  2⤵
  PID:6904
- C:\Windows\System\kqLHnFG.exe
  C:\Windows\System\kqLHnFG.exe
  2⤵
  PID:6860
- C:\Windows\System\IItserj.exe
  C:\Windows\System\IItserj.exe
  2⤵
  PID:6972
- C:\Windows\System\aOMPalC.exe
  C:\Windows\System\aOMPalC.exe
  2⤵
  PID:6976
- C:\Windows\System\UrhAWzd.exe
  C:\Windows\System\UrhAWzd.exe
  2⤵
  PID:7156
- C:\Windows\System\OrngMGN.exe
  C:\Windows\System\OrngMGN.exe
  2⤵
  PID:7044
- C:\Windows\System\knFjtdS.exe
  C:\Windows\System\knFjtdS.exe
  2⤵
  PID:6216
- C:\Windows\System\xfPFubi.exe
  C:\Windows\System\xfPFubi.exe
  2⤵
  PID:6316
- C:\Windows\System\UYXOJVs.exe
  C:\Windows\System\UYXOJVs.exe
  2⤵
  PID:6448
- C:\Windows\System\jDEowep.exe
  C:\Windows\System\jDEowep.exe
  2⤵
  PID:6476
- C:\Windows\System\JwUGDLT.exe
  C:\Windows\System\JwUGDLT.exe
  2⤵
  PID:6680
- C:\Windows\System\FQBeJIM.exe
  C:\Windows\System\FQBeJIM.exe
  2⤵
  PID:6808
- C:\Windows\System\vQwZgdF.exe
  C:\Windows\System\vQwZgdF.exe
  2⤵
  PID:6300
- C:\Windows\System\viahfkQ.exe
  C:\Windows\System\viahfkQ.exe
  2⤵
  PID:6944
- C:\Windows\System\heaKABx.exe
  C:\Windows\System\heaKABx.exe
  2⤵
  PID:7056
- C:\Windows\System\ANKljtJ.exe
  C:\Windows\System\ANKljtJ.exe
  2⤵
  PID:6824
- C:\Windows\System\xRteEIn.exe
  C:\Windows\System\xRteEIn.exe
  2⤵
  PID:6260
- C:\Windows\System\RTdUMAV.exe
  C:\Windows\System\RTdUMAV.exe
  2⤵
  PID:6332
- C:\Windows\System\gmWtCAm.exe
  C:\Windows\System\gmWtCAm.exe
  2⤵
  PID:6780
- C:\Windows\System\dnwPBcP.exe
  C:\Windows\System\dnwPBcP.exe
  2⤵
  PID:6716
- C:\Windows\System\zThKXBy.exe
  C:\Windows\System\zThKXBy.exe
  2⤵
  PID:6888
- C:\Windows\System\UIHzBdK.exe
  C:\Windows\System\UIHzBdK.exe
  2⤵
  PID:7140
- C:\Windows\System\UaZzAyc.exe
  C:\Windows\System\UaZzAyc.exe
  2⤵
  PID:6556
- C:\Windows\System\hcloNPI.exe
  C:\Windows\System\hcloNPI.exe
  2⤵
  PID:6440
- C:\Windows\System\UdGrscR.exe
  C:\Windows\System\UdGrscR.exe
  2⤵
  PID:6692
- C:\Windows\System\EBBQTud.exe
  C:\Windows\System\EBBQTud.exe
  2⤵
  PID:6872
- C:\Windows\System\SFLZAOA.exe
  C:\Windows\System\SFLZAOA.exe
  2⤵
  PID:7108
- C:\Windows\System\ECfpLYe.exe
  C:\Windows\System\ECfpLYe.exe
  2⤵
  PID:7176
- C:\Windows\System\dnYRDbi.exe
  C:\Windows\System\dnYRDbi.exe
  2⤵
  PID:7204
- C:\Windows\System\mWPqvuB.exe
  C:\Windows\System\mWPqvuB.exe
  2⤵
  PID:7220
- C:\Windows\System\gUhbdqR.exe
  C:\Windows\System\gUhbdqR.exe
  2⤵
  PID:7236
- C:\Windows\System\QLUsiLM.exe
  C:\Windows\System\QLUsiLM.exe
  2⤵
  PID:7256
- C:\Windows\System\QVvZdhJ.exe
  C:\Windows\System\QVvZdhJ.exe
  2⤵
  PID:7284
- C:\Windows\System\rTMunsE.exe
  C:\Windows\System\rTMunsE.exe
  2⤵
  PID:7300
- C:\Windows\System\dYQeSrd.exe
  C:\Windows\System\dYQeSrd.exe
  2⤵
  PID:7320
- C:\Windows\System\nJkptGz.exe
  C:\Windows\System\nJkptGz.exe
  2⤵
  PID:7340
- C:\Windows\System\IjFXzfd.exe
  C:\Windows\System\IjFXzfd.exe
  2⤵
  PID:7364
- C:\Windows\System\SUjTFMn.exe
  C:\Windows\System\SUjTFMn.exe
  2⤵
  PID:7380
- C:\Windows\System\rBpVfXz.exe
  C:\Windows\System\rBpVfXz.exe
  2⤵
  PID:7400
- C:\Windows\System\AbmTpHk.exe
  C:\Windows\System\AbmTpHk.exe
  2⤵
  PID:7420
- C:\Windows\System\tkskaJd.exe
  C:\Windows\System\tkskaJd.exe
  2⤵
  PID:7444
- C:\Windows\System\UBJhRVk.exe
  C:\Windows\System\UBJhRVk.exe
  2⤵
  PID:7464
- C:\Windows\System\vukRoGw.exe
  C:\Windows\System\vukRoGw.exe
  2⤵
  PID:7488
- C:\Windows\System\TBIEJfW.exe
  C:\Windows\System\TBIEJfW.exe
  2⤵
  PID:7508
- C:\Windows\System\DMIrHEh.exe
  C:\Windows\System\DMIrHEh.exe
  2⤵
  PID:7528
- C:\Windows\System\eKUPojq.exe
  C:\Windows\System\eKUPojq.exe
  2⤵
  PID:7544
- C:\Windows\System\XzWyEUl.exe
  C:\Windows\System\XzWyEUl.exe
  2⤵
  PID:7564
- C:\Windows\System\zafHgyE.exe
  C:\Windows\System\zafHgyE.exe
  2⤵
  PID:7584
- C:\Windows\System\NztTMLm.exe
  C:\Windows\System\NztTMLm.exe
  2⤵
  PID:7608
- C:\Windows\System\eJucgxB.exe
  C:\Windows\System\eJucgxB.exe
  2⤵
  PID:7624
- C:\Windows\System\EGApPGX.exe
  C:\Windows\System\EGApPGX.exe
  2⤵
  PID:7648
- C:\Windows\System\evHTAEU.exe
  C:\Windows\System\evHTAEU.exe
  2⤵
  PID:7664
- C:\Windows\System\aTycEWv.exe
  C:\Windows\System\aTycEWv.exe
  2⤵
  PID:7688
- C:\Windows\System\FUdQBrq.exe
  C:\Windows\System\FUdQBrq.exe
  2⤵
  PID:7704
- C:\Windows\System\niFQIED.exe
  C:\Windows\System\niFQIED.exe
  2⤵
  PID:7728
- C:\Windows\System\EHthCiz.exe
  C:\Windows\System\EHthCiz.exe
  2⤵
  PID:7744
- C:\Windows\System\ilcXYyP.exe
  C:\Windows\System\ilcXYyP.exe
  2⤵
  PID:7768
- C:\Windows\System\aYISynv.exe
  C:\Windows\System\aYISynv.exe
  2⤵
  PID:7784
- C:\Windows\System\HqDiygB.exe
  C:\Windows\System\HqDiygB.exe
  2⤵
  PID:7808
- C:\Windows\System\kvTTjsU.exe
  C:\Windows\System\kvTTjsU.exe
  2⤵
  PID:7828
- C:\Windows\System\jziBTkX.exe
  C:\Windows\System\jziBTkX.exe
  2⤵
  PID:7844
- C:\Windows\System\FiStHud.exe
  C:\Windows\System\FiStHud.exe
  2⤵
  PID:7864
- C:\Windows\System\IMOfpSi.exe
  C:\Windows\System\IMOfpSi.exe
  2⤵
  PID:7884
- C:\Windows\System\rvtLQkG.exe
  C:\Windows\System\rvtLQkG.exe
  2⤵
  PID:7900
- C:\Windows\System\YuqvhEq.exe
  C:\Windows\System\YuqvhEq.exe
  2⤵
  PID:7928
- C:\Windows\System\GlJmSmf.exe
  C:\Windows\System\GlJmSmf.exe
  2⤵
  PID:7944
- C:\Windows\System\IlVhsbW.exe
  C:\Windows\System\IlVhsbW.exe
  2⤵
  PID:7960
- C:\Windows\System\WAnQEmt.exe
  C:\Windows\System\WAnQEmt.exe
  2⤵
  PID:7980
- C:\Windows\System\RNnNscu.exe
  C:\Windows\System\RNnNscu.exe
  2⤵
  PID:8012
- C:\Windows\System\rgJvOtf.exe
  C:\Windows\System\rgJvOtf.exe
  2⤵
  PID:8028
- C:\Windows\System\IRpWHar.exe
  C:\Windows\System\IRpWHar.exe
  2⤵
  PID:8048
- C:\Windows\System\MGUayTW.exe
  C:\Windows\System\MGUayTW.exe
  2⤵
  PID:8068
- C:\Windows\System\pchuLbf.exe
  C:\Windows\System\pchuLbf.exe
  2⤵
  PID:8084
- C:\Windows\System\YTqTZGD.exe
  C:\Windows\System\YTqTZGD.exe
  2⤵
  PID:8108
- C:\Windows\System\cWlLpqK.exe
  C:\Windows\System\cWlLpqK.exe
  2⤵
  PID:8128
- C:\Windows\System\lkhbGAR.exe
  C:\Windows\System\lkhbGAR.exe
  2⤵
  PID:8148
- C:\Windows\System\XlVCfua.exe
  C:\Windows\System\XlVCfua.exe
  2⤵
  PID:8164
- C:\Windows\System\wVOXlrq.exe
  C:\Windows\System\wVOXlrq.exe
  2⤵
  PID:8188
- C:\Windows\System\UrGKqFJ.exe
  C:\Windows\System\UrGKqFJ.exe
  2⤵
  PID:6732
- C:\Windows\System\SaNURgf.exe
  C:\Windows\System\SaNURgf.exe
  2⤵
  PID:7192
- C:\Windows\System\qrxVXWB.exe
  C:\Windows\System\qrxVXWB.exe
  2⤵
  PID:7264
- C:\Windows\System\pSCHGMz.exe
  C:\Windows\System\pSCHGMz.exe
  2⤵
  PID:7252
- C:\Windows\System\TVLRUpp.exe
  C:\Windows\System\TVLRUpp.exe
  2⤵
  PID:7272
- C:\Windows\System\cWMxYIg.exe
  C:\Windows\System\cWMxYIg.exe
  2⤵
  PID:7328
- C:\Windows\System\juzDQFE.exe
  C:\Windows\System\juzDQFE.exe
  2⤵
  PID:7356
- C:\Windows\System\UghKfad.exe
  C:\Windows\System\UghKfad.exe
  2⤵
  PID:7388
- C:\Windows\System\KcSSUBo.exe
  C:\Windows\System\KcSSUBo.exe
  2⤵
  PID:7416
- C:\Windows\System\UaGzMDZ.exe
  C:\Windows\System\UaGzMDZ.exe
  2⤵
  PID:7452
- C:\Windows\System\UWYtFOl.exe
  C:\Windows\System\UWYtFOl.exe
  2⤵
  PID:7456
- C:\Windows\System\LAxWyIH.exe
  C:\Windows\System\LAxWyIH.exe
  2⤵
  PID:7516
- C:\Windows\System\cKJLKGu.exe
  C:\Windows\System\cKJLKGu.exe
  2⤵
  PID:7560
- C:\Windows\System\tUOVhZm.exe
  C:\Windows\System\tUOVhZm.exe
  2⤵
  PID:7576
- C:\Windows\System\HDxDFyM.exe
  C:\Windows\System\HDxDFyM.exe
  2⤵
  PID:7604
- C:\Windows\System\BKzFEBL.exe
  C:\Windows\System\BKzFEBL.exe
  2⤵
  PID:7640
- C:\Windows\System\iaGpTqW.exe
  C:\Windows\System\iaGpTqW.exe
  2⤵
  PID:7680
- C:\Windows\System\qDcrwcU.exe
  C:\Windows\System\qDcrwcU.exe
  2⤵
  PID:7716
- C:\Windows\System\ODiRmme.exe
  C:\Windows\System\ODiRmme.exe
  2⤵
  PID:7740
- C:\Windows\System\AwXICYc.exe
  C:\Windows\System\AwXICYc.exe
  2⤵
  PID:7764
- C:\Windows\System\lPCxsnz.exe
  C:\Windows\System\lPCxsnz.exe
  2⤵
  PID:7824
- C:\Windows\System\bzTvygH.exe
  C:\Windows\System\bzTvygH.exe
  2⤵
  PID:7876
- C:\Windows\System\PNCAyVX.exe
  C:\Windows\System\PNCAyVX.exe
  2⤵
  PID:7916
- C:\Windows\System\PgvXlIl.exe
  C:\Windows\System\PgvXlIl.exe
  2⤵
  PID:7896
- C:\Windows\System\yxMDcPK.exe
  C:\Windows\System\yxMDcPK.exe
  2⤵
  PID:7988
- C:\Windows\System\fBlfuKc.exe
  C:\Windows\System\fBlfuKc.exe
  2⤵
  PID:7968
- C:\Windows\System\txzWQSL.exe
  C:\Windows\System\txzWQSL.exe
  2⤵
  PID:7996
- C:\Windows\System\vdmlUqa.exe
  C:\Windows\System\vdmlUqa.exe
  2⤵
  PID:8044
- C:\Windows\System\rsCgFyS.exe
  C:\Windows\System\rsCgFyS.exe
  2⤵
  PID:8116
- C:\Windows\System\SozInGx.exe
  C:\Windows\System\SozInGx.exe
  2⤵
  PID:8104
- C:\Windows\System\iijjCzZ.exe
  C:\Windows\System\iijjCzZ.exe
  2⤵
  PID:8160
- C:\Windows\System\ayRelTW.exe
  C:\Windows\System\ayRelTW.exe
  2⤵
  PID:8172
- C:\Windows\System\LwGigSC.exe
  C:\Windows\System\LwGigSC.exe
  2⤵
  PID:7008
- C:\Windows\System\EkfHdvY.exe
  C:\Windows\System\EkfHdvY.exe
  2⤵
  PID:7200
- C:\Windows\System\ukhwZFw.exe
  C:\Windows\System\ukhwZFw.exe
  2⤵
  PID:7216
- C:\Windows\System\OZdqrMR.exe
  C:\Windows\System\OZdqrMR.exe
  2⤵
  PID:7292
- C:\Windows\System\rEPINDi.exe
  C:\Windows\System\rEPINDi.exe
  2⤵
  PID:7372
- C:\Windows\System\iCvadlK.exe
  C:\Windows\System\iCvadlK.exe
  2⤵
  PID:7376
- C:\Windows\System\MCkXQvK.exe
  C:\Windows\System\MCkXQvK.exe
  2⤵
  PID:7520
- C:\Windows\System\hzteEoR.exe
  C:\Windows\System\hzteEoR.exe
  2⤵
  PID:7540
- C:\Windows\System\FmfOACn.exe
  C:\Windows\System\FmfOACn.exe
  2⤵
  PID:7672
- C:\Windows\System\XcxIjCo.exe
  C:\Windows\System\XcxIjCo.exe
  2⤵
  PID:7700
- C:\Windows\System\AzPXwWN.exe
  C:\Windows\System\AzPXwWN.exe
  2⤵
  PID:7796
- C:\Windows\System\GfIdYpV.exe
  C:\Windows\System\GfIdYpV.exe
  2⤵
  PID:7852
- C:\Windows\System\PcqwwrB.exe
  C:\Windows\System\PcqwwrB.exe
  2⤵
  PID:7924
- C:\Windows\System\TQTxpcK.exe
  C:\Windows\System\TQTxpcK.exe
  2⤵
  PID:8004
- C:\Windows\System\VmExBGM.exe
  C:\Windows\System\VmExBGM.exe
  2⤵
  PID:7976
- C:\Windows\System\XvDpWzw.exe
  C:\Windows\System\XvDpWzw.exe
  2⤵
  PID:8156
- C:\Windows\System\MqzlePR.exe
  C:\Windows\System\MqzlePR.exe
  2⤵
  PID:8056
- C:\Windows\System\jQOvqTw.exe
  C:\Windows\System\jQOvqTw.exe
  2⤵
  PID:8144
- C:\Windows\System\rQEKwtv.exe
  C:\Windows\System\rQEKwtv.exe
  2⤵
  PID:7268
- C:\Windows\System\uICruuu.exe
  C:\Windows\System\uICruuu.exe
  2⤵
  PID:7336
- C:\Windows\System\AIrocrw.exe
  C:\Windows\System\AIrocrw.exe
  2⤵
  PID:3016
- C:\Windows\System\HWSuLZC.exe
  C:\Windows\System\HWSuLZC.exe
  2⤵
  PID:7072
- C:\Windows\System\BfoCemZ.exe
  C:\Windows\System\BfoCemZ.exe
  2⤵
  PID:7316
- C:\Windows\System\ooIOXll.exe
  C:\Windows\System\ooIOXll.exe
  2⤵
  PID:7592
- C:\Windows\System\qfhzYlg.exe
  C:\Windows\System\qfhzYlg.exe
  2⤵
  PID:7500
- C:\Windows\System\wPWFpue.exe
  C:\Windows\System\wPWFpue.exe
  2⤵
  PID:7872
- C:\Windows\System\fuGloln.exe
  C:\Windows\System\fuGloln.exe
  2⤵
  PID:7696
- C:\Windows\System\cnDvfwW.exe
  C:\Windows\System\cnDvfwW.exe
  2⤵
  PID:7860
- C:\Windows\System\CuLwSIC.exe
  C:\Windows\System\CuLwSIC.exe
  2⤵
  PID:7956
- C:\Windows\System\fRlCzLH.exe
  C:\Windows\System\fRlCzLH.exe
  2⤵
  PID:8024
- C:\Windows\System\SlKkiMB.exe
  C:\Windows\System\SlKkiMB.exe
  2⤵
  PID:8040
- C:\Windows\System\qSVrxZz.exe
  C:\Windows\System\qSVrxZz.exe
  2⤵
  PID:8184
- C:\Windows\System\FEuriUT.exe
  C:\Windows\System\FEuriUT.exe
  2⤵
  PID:8064
- C:\Windows\System\xtypBaN.exe
  C:\Windows\System\xtypBaN.exe
  2⤵
  PID:1596
- C:\Windows\System\UbIKGYP.exe
  C:\Windows\System\UbIKGYP.exe
  2⤵
  PID:7188
- C:\Windows\System\QMnItKT.exe
  C:\Windows\System\QMnItKT.exe
  2⤵
  PID:7412
- C:\Windows\System\XrdrrmU.exe
  C:\Windows\System\XrdrrmU.exe
  2⤵
  PID:7596
- C:\Windows\System\JREhPLu.exe
  C:\Windows\System\JREhPLu.exe
  2⤵
  PID:6604
- C:\Windows\System\PlViWjF.exe
  C:\Windows\System\PlViWjF.exe
  2⤵
  PID:7724
- C:\Windows\System\xmkDcXc.exe
  C:\Windows\System\xmkDcXc.exe
  2⤵
  PID:7760
- C:\Windows\System\fWunBjG.exe
  C:\Windows\System\fWunBjG.exe
  2⤵
  PID:8120
- C:\Windows\System\etJtrDZ.exe
  C:\Windows\System\etJtrDZ.exe
  2⤵
  PID:6920
- C:\Windows\System\kOAqoZE.exe
  C:\Windows\System\kOAqoZE.exe
  2⤵
  PID:2660
- C:\Windows\System\BTZZajJ.exe
  C:\Windows\System\BTZZajJ.exe
  2⤵
  PID:1700
- C:\Windows\System\LapPUOj.exe
  C:\Windows\System\LapPUOj.exe
  2⤵
  PID:2368
- C:\Windows\System\ETgtwsW.exe
  C:\Windows\System\ETgtwsW.exe
  2⤵
  PID:2948
- C:\Windows\System\xwuajDD.exe
  C:\Windows\System\xwuajDD.exe
  2⤵
  PID:2528
- C:\Windows\System\GZBPnHB.exe
  C:\Windows\System\GZBPnHB.exe
  2⤵
  PID:7632
- C:\Windows\System\XIOPLcp.exe
  C:\Windows\System\XIOPLcp.exe
  2⤵
  PID:7952
- C:\Windows\System\lhKoRZn.exe
  C:\Windows\System\lhKoRZn.exe
  2⤵
  PID:8196
- C:\Windows\System\ccrnqSi.exe
  C:\Windows\System\ccrnqSi.exe
  2⤵
  PID:8224
- C:\Windows\System\oFOPDTO.exe
  C:\Windows\System\oFOPDTO.exe
  2⤵
  PID:8244
- C:\Windows\System\SpHoCEp.exe
  C:\Windows\System\SpHoCEp.exe
  2⤵
  PID:8276
- C:\Windows\System\KKyGvMN.exe
  C:\Windows\System\KKyGvMN.exe
  2⤵
  PID:8296
- C:\Windows\System\vrLWSkq.exe
  C:\Windows\System\vrLWSkq.exe
  2⤵
  PID:8312
- C:\Windows\System\lvtRbUD.exe
  C:\Windows\System\lvtRbUD.exe
  2⤵
  PID:8328
- C:\Windows\System\MByqndK.exe
  C:\Windows\System\MByqndK.exe
  2⤵
  PID:8348
- C:\Windows\System\bxXWyaX.exe
  C:\Windows\System\bxXWyaX.exe
  2⤵
  PID:8364
- C:\Windows\System\RktHQyo.exe
  C:\Windows\System\RktHQyo.exe
  2⤵
  PID:8380
- C:\Windows\System\MtDBpha.exe
  C:\Windows\System\MtDBpha.exe
  2⤵
  PID:8396
- C:\Windows\System\BVFOdfz.exe
  C:\Windows\System\BVFOdfz.exe
  2⤵
  PID:8424
- C:\Windows\System\IaBBJbq.exe
  C:\Windows\System\IaBBJbq.exe
  2⤵
  PID:8440
- C:\Windows\System\QtyMSxT.exe
  C:\Windows\System\QtyMSxT.exe
  2⤵
  PID:8460
- C:\Windows\System\yMxYdAa.exe
  C:\Windows\System\yMxYdAa.exe
  2⤵
  PID:8476
- C:\Windows\System\eJOkKys.exe
  C:\Windows\System\eJOkKys.exe
  2⤵
  PID:8524
- C:\Windows\System\xYdewDn.exe
  C:\Windows\System\xYdewDn.exe
  2⤵
  PID:8540
- C:\Windows\System\szOphjl.exe
  C:\Windows\System\szOphjl.exe
  2⤵
  PID:8560
- C:\Windows\System\UyklaGH.exe
  C:\Windows\System\UyklaGH.exe
  2⤵
  PID:8576
- C:\Windows\System\fZQaqYx.exe
  C:\Windows\System\fZQaqYx.exe
  2⤵
  PID:8592
- C:\Windows\System\dNbSalp.exe
  C:\Windows\System\dNbSalp.exe
  2⤵
  PID:8624
- C:\Windows\System\gkaGISf.exe
  C:\Windows\System\gkaGISf.exe
  2⤵
  PID:8644
- C:\Windows\System\yoLnOdb.exe
  C:\Windows\System\yoLnOdb.exe
  2⤵
  PID:8660
- C:\Windows\System\tDNZKvs.exe
  C:\Windows\System\tDNZKvs.exe
  2⤵
  PID:8684
- C:\Windows\System\uWLeXbg.exe
  C:\Windows\System\uWLeXbg.exe
  2⤵
  PID:8704
- C:\Windows\System\SoLqCPK.exe
  C:\Windows\System\SoLqCPK.exe
  2⤵
  PID:8720
- C:\Windows\System\ESsAqWd.exe
  C:\Windows\System\ESsAqWd.exe
  2⤵
  PID:8740
- C:\Windows\System\ZZrqphE.exe
  C:\Windows\System\ZZrqphE.exe
  2⤵
  PID:8756
- C:\Windows\System\yAXBkmu.exe
  C:\Windows\System\yAXBkmu.exe
  2⤵
  PID:8776
- C:\Windows\System\WdrajmS.exe
  C:\Windows\System\WdrajmS.exe
  2⤵
  PID:8804
- C:\Windows\System\VDJxAPI.exe
  C:\Windows\System\VDJxAPI.exe
  2⤵
  PID:8820
- C:\Windows\System\eosgsTo.exe
  C:\Windows\System\eosgsTo.exe
  2⤵
  PID:8844
- C:\Windows\System\pYdimxZ.exe
  C:\Windows\System\pYdimxZ.exe
  2⤵
  PID:8860
- C:\Windows\System\WrwTxCH.exe
  C:\Windows\System\WrwTxCH.exe
  2⤵
  PID:8880
- C:\Windows\System\xDOFvcb.exe
  C:\Windows\System\xDOFvcb.exe
  2⤵
  PID:8896
- C:\Windows\System\hVabboe.exe
  C:\Windows\System\hVabboe.exe
  2⤵
  PID:8920
- C:\Windows\System\IFduSOI.exe
  C:\Windows\System\IFduSOI.exe
  2⤵
  PID:8940
- C:\Windows\System\npwdEnG.exe
  C:\Windows\System\npwdEnG.exe
  2⤵
  PID:8964
- C:\Windows\System\upUEvFv.exe
  C:\Windows\System\upUEvFv.exe
  2⤵
  PID:8980
- C:\Windows\System\DSNYzCb.exe
  C:\Windows\System\DSNYzCb.exe
  2⤵
  PID:9000
- C:\Windows\System\sKrcCVB.exe
  C:\Windows\System\sKrcCVB.exe
  2⤵
  PID:9016
- C:\Windows\System\myULjAa.exe
  C:\Windows\System\myULjAa.exe
  2⤵
  PID:9036
- C:\Windows\System\CPQsVUr.exe
  C:\Windows\System\CPQsVUr.exe
  2⤵
  PID:9056
- C:\Windows\System\qIkkFPt.exe
  C:\Windows\System\qIkkFPt.exe
  2⤵
  PID:9072
- C:\Windows\System\ARxNqrX.exe
  C:\Windows\System\ARxNqrX.exe
  2⤵
  PID:9088
- C:\Windows\System\zOyUGZZ.exe
  C:\Windows\System\zOyUGZZ.exe
  2⤵
  PID:9104
- C:\Windows\System\llRfQgp.exe
  C:\Windows\System\llRfQgp.exe
  2⤵
  PID:9120
- C:\Windows\System\NRNlFeq.exe
  C:\Windows\System\NRNlFeq.exe
  2⤵
  PID:9144
- C:\Windows\System\oiUykhi.exe
  C:\Windows\System\oiUykhi.exe
  2⤵
  PID:9168
- C:\Windows\System\uVAPGmA.exe
  C:\Windows\System\uVAPGmA.exe
  2⤵
  PID:9184
- C:\Windows\System\mLQuZOA.exe
  C:\Windows\System\mLQuZOA.exe
  2⤵
  PID:9204
- C:\Windows\System\HSBMKQj.exe
  C:\Windows\System\HSBMKQj.exe
  2⤵
  PID:2260
- C:\Windows\System\VwIdzrO.exe
  C:\Windows\System\VwIdzrO.exe
  2⤵
  PID:7752
- C:\Windows\System\lcfuFLG.exe
  C:\Windows\System\lcfuFLG.exe
  2⤵
  PID:8236
- C:\Windows\System\ubtQfsH.exe
  C:\Windows\System\ubtQfsH.exe
  2⤵
  PID:8284
- C:\Windows\System\eANNviG.exe
  C:\Windows\System\eANNviG.exe
  2⤵
  PID:8320
- C:\Windows\System\dfmrIId.exe
  C:\Windows\System\dfmrIId.exe
  2⤵
  PID:8392
- C:\Windows\System\VLFWmnT.exe
  C:\Windows\System\VLFWmnT.exe
  2⤵
  PID:8372
- C:\Windows\System\BKdGbpm.exe
  C:\Windows\System\BKdGbpm.exe
  2⤵
  PID:8452
- C:\Windows\System\fkveoXI.exe
  C:\Windows\System\fkveoXI.exe
  2⤵
  PID:8488
- C:\Windows\System\BRyvzxF.exe
  C:\Windows\System\BRyvzxF.exe
  2⤵
  PID:8508
- C:\Windows\System\hwKRqqo.exe
  C:\Windows\System\hwKRqqo.exe
  2⤵
  PID:8520
- C:\Windows\System\qlAEsyK.exe
  C:\Windows\System\qlAEsyK.exe
  2⤵
  PID:8556
- C:\Windows\System\uqrPbhK.exe
  C:\Windows\System\uqrPbhK.exe
  2⤵
  PID:8568
- C:\Windows\System\VeiNVxj.exe
  C:\Windows\System\VeiNVxj.exe
  2⤵
  PID:8616
- C:\Windows\System\Lmygpna.exe
  C:\Windows\System\Lmygpna.exe
  2⤵
  PID:8636
- C:\Windows\System\qqgTsgt.exe
  C:\Windows\System\qqgTsgt.exe
  2⤵
  PID:8696
- C:\Windows\System\fKtXCYC.exe
  C:\Windows\System\fKtXCYC.exe
  2⤵
  PID:8716
- C:\Windows\System\EgUqViU.exe
  C:\Windows\System\EgUqViU.exe
  2⤵
  PID:8764
- C:\Windows\System\LJTFbun.exe
  C:\Windows\System\LJTFbun.exe
  2⤵
  PID:8792
- C:\Windows\System\nDtGQEM.exe
  C:\Windows\System\nDtGQEM.exe
  2⤵
  PID:8828
- C:\Windows\System\odnCNJs.exe
  C:\Windows\System\odnCNJs.exe
  2⤵
  PID:8852
- C:\Windows\System\nIyYxRW.exe
  C:\Windows\System\nIyYxRW.exe
  2⤵
  PID:8856
- C:\Windows\System\uWMzOLg.exe
  C:\Windows\System\uWMzOLg.exe
  2⤵
  PID:8916
- C:\Windows\System\bFAztyQ.exe
  C:\Windows\System\bFAztyQ.exe
  2⤵
  PID:8948
- C:\Windows\System\CpCkoHX.exe
  C:\Windows\System\CpCkoHX.exe
  2⤵
  PID:8972
- C:\Windows\System\whPXnDZ.exe
  C:\Windows\System\whPXnDZ.exe
  2⤵
  PID:8992
- C:\Windows\System\ZkYSaFq.exe
  C:\Windows\System\ZkYSaFq.exe
  2⤵
  PID:9064
- C:\Windows\System\XgJxDpt.exe
  C:\Windows\System\XgJxDpt.exe
  2⤵
  PID:9160
- C:\Windows\System\PalrIwo.exe
  C:\Windows\System\PalrIwo.exe
  2⤵
  PID:5888
- C:\Windows\System\ziYJHIG.exe
  C:\Windows\System\ziYJHIG.exe
  2⤵
  PID:8216
- C:\Windows\System\ihhxPMu.exe
  C:\Windows\System\ihhxPMu.exe
  2⤵
  PID:9080
- C:\Windows\System\FvCeCtj.exe
  C:\Windows\System\FvCeCtj.exe
  2⤵
  PID:8344
- C:\Windows\System\wPKrWRf.exe
  C:\Windows\System\wPKrWRf.exe
  2⤵
  PID:8124
- C:\Windows\System\elKjMmG.exe
  C:\Windows\System\elKjMmG.exe
  2⤵
  PID:9196
- C:\Windows\System\PMYaBfa.exe
  C:\Windows\System\PMYaBfa.exe
  2⤵
  PID:8420
- C:\Windows\System\HLDbzSq.exe
  C:\Windows\System\HLDbzSq.exe
  2⤵
  PID:8360
- C:\Windows\System\bfjdMJW.exe
  C:\Windows\System\bfjdMJW.exe
  2⤵
  PID:8436
- C:\Windows\System\BbDHJfs.exe
  C:\Windows\System\BbDHJfs.exe
  2⤵
  PID:8496
- C:\Windows\System\JnqjQvW.exe
  C:\Windows\System\JnqjQvW.exe
  2⤵
  PID:8608
- C:\Windows\System\ytERBwq.exe
  C:\Windows\System\ytERBwq.exe
  2⤵
  PID:8640
- C:\Windows\System\THhbAEe.exe
  C:\Windows\System\THhbAEe.exe
  2⤵
  PID:8680
- C:\Windows\System\bpbtQGL.exe
  C:\Windows\System\bpbtQGL.exe
  2⤵
  PID:8712
- C:\Windows\System\RXdAbMF.exe
  C:\Windows\System\RXdAbMF.exe
  2⤵
  PID:8788
- C:\Windows\System\BpCodAn.exe
  C:\Windows\System\BpCodAn.exe
  2⤵
  PID:8904
- C:\Windows\System\rGwsqki.exe
  C:\Windows\System\rGwsqki.exe
  2⤵
  PID:9028
- C:\Windows\System\nZxMxIX.exe
  C:\Windows\System\nZxMxIX.exe
  2⤵
  PID:8876
- C:\Windows\System\pBtoNDD.exe
  C:\Windows\System\pBtoNDD.exe
  2⤵
  PID:8996
- C:\Windows\System\eaPrszt.exe
  C:\Windows\System\eaPrszt.exe
  2⤵
  PID:9132
- C:\Windows\System\fsTEEsj.exe
  C:\Windows\System\fsTEEsj.exe
  2⤵
  PID:9100
- C:\Windows\System\HzUSjBh.exe
  C:\Windows\System\HzUSjBh.exe
  2⤵
  PID:8220
- C:\Windows\System\sDtssSX.exe
  C:\Windows\System\sDtssSX.exe
  2⤵
  PID:9164
- C:\Windows\System\cByNudI.exe
  C:\Windows\System\cByNudI.exe
  2⤵
  PID:7352
- C:\Windows\System\KccymKQ.exe
  C:\Windows\System\KccymKQ.exe
  2⤵
  PID:8336
- C:\Windows\System\RPZuaZs.exe
  C:\Windows\System\RPZuaZs.exe
  2⤵
  PID:8448
- C:\Windows\System\KwIhJzg.exe
  C:\Windows\System\KwIhJzg.exe
  2⤵
  PID:8532
- C:\Windows\System\jEAWwyS.exe
  C:\Windows\System\jEAWwyS.exe
  2⤵
  PID:7308
- C:\Windows\System\esqSnxv.exe
  C:\Windows\System\esqSnxv.exe
  2⤵
  PID:8700
- C:\Windows\System\QKZOBOd.exe
  C:\Windows\System\QKZOBOd.exe
  2⤵
  PID:8784
- C:\Windows\System\TPCleUb.exe
  C:\Windows\System\TPCleUb.exe
  2⤵
  PID:8932
- C:\Windows\System\cqeJZDq.exe
  C:\Windows\System\cqeJZDq.exe
  2⤵
  PID:9140
- C:\Windows\System\zGIwKZz.exe
  C:\Windows\System\zGIwKZz.exe
  2⤵
  PID:9152
- C:\Windows\System\YdoyJoz.exe
  C:\Windows\System\YdoyJoz.exe
  2⤵
  PID:8292
- C:\Windows\System\ZtZOabc.exe
  C:\Windows\System\ZtZOabc.exe
  2⤵
  PID:8412
- C:\Windows\System\GvYJldq.exe
  C:\Windows\System\GvYJldq.exe
  2⤵
  PID:9200
- C:\Windows\System\goSVLtp.exe
  C:\Windows\System\goSVLtp.exe
  2⤵
  PID:8484
- C:\Windows\System\kjfTrWA.exe
  C:\Windows\System\kjfTrWA.exe
  2⤵
  PID:8600
- C:\Windows\System\tvsjoiu.exe
  C:\Windows\System\tvsjoiu.exe
  2⤵
  PID:8956
- C:\Windows\System\jJwQidN.exe
  C:\Windows\System\jJwQidN.exe
  2⤵
  PID:9128
- C:\Windows\System\UHxPxwv.exe
  C:\Windows\System\UHxPxwv.exe
  2⤵
  PID:9008
- C:\Windows\System\daATzNZ.exe
  C:\Windows\System\daATzNZ.exe
  2⤵
  PID:8272
- C:\Windows\System\jbgxnqd.exe
  C:\Windows\System\jbgxnqd.exe
  2⤵
  PID:8536
- C:\Windows\System\IepLIxA.exe
  C:\Windows\System\IepLIxA.exe
  2⤵
  PID:8752
- C:\Windows\System\bzmVSMQ.exe
  C:\Windows\System\bzmVSMQ.exe
  2⤵
  PID:8960
- C:\Windows\System\msLXXwB.exe
  C:\Windows\System\msLXXwB.exe
  2⤵
  PID:9116
- C:\Windows\System\fhSOawa.exe
  C:\Windows\System\fhSOawa.exe
  2⤵
  PID:1960
- C:\Windows\System\IANQYFD.exe
  C:\Windows\System\IANQYFD.exe
  2⤵
  PID:9044
- C:\Windows\System\QUnXzEs.exe
  C:\Windows\System\QUnXzEs.exe
  2⤵
  PID:8340
- C:\Windows\System\tlvNnmN.exe
  C:\Windows\System\tlvNnmN.exe
  2⤵
  PID:8812
- C:\Windows\System\zzOMSMu.exe
  C:\Windows\System\zzOMSMu.exe
  2⤵
  PID:9224
- C:\Windows\System\LrCVlPy.exe
  C:\Windows\System\LrCVlPy.exe
  2⤵
  PID:9248
- C:\Windows\System\VopARMo.exe
  C:\Windows\System\VopARMo.exe
  2⤵
  PID:9264
- C:\Windows\System\AObDbuN.exe
  C:\Windows\System\AObDbuN.exe
  2⤵
  PID:9288
- C:\Windows\System\RzcqtGm.exe
  C:\Windows\System\RzcqtGm.exe
  2⤵
  PID:9312
- C:\Windows\System\mClnAsh.exe
  C:\Windows\System\mClnAsh.exe
  2⤵
  PID:9328
- C:\Windows\System\auIbVnI.exe
  C:\Windows\System\auIbVnI.exe
  2⤵
  PID:9348
- C:\Windows\System\UkLOGxR.exe
  C:\Windows\System\UkLOGxR.exe
  2⤵
  PID:9364
- C:\Windows\System\opcGYnN.exe
  C:\Windows\System\opcGYnN.exe
  2⤵
  PID:9396
- C:\Windows\System\COUOjdg.exe
  C:\Windows\System\COUOjdg.exe
  2⤵
  PID:9412
- C:\Windows\System\hydwhAw.exe
  C:\Windows\System\hydwhAw.exe
  2⤵
  PID:9432
- C:\Windows\System\rkEXiFZ.exe
  C:\Windows\System\rkEXiFZ.exe
  2⤵
  PID:9452
- C:\Windows\System\gXqVrDi.exe
  C:\Windows\System\gXqVrDi.exe
  2⤵
  PID:9468
- C:\Windows\System\drYNYKf.exe
  C:\Windows\System\drYNYKf.exe
  2⤵
  PID:9492
- C:\Windows\System\ubgDfEO.exe
  C:\Windows\System\ubgDfEO.exe
  2⤵
  PID:9508
- C:\Windows\System\ZTgeQtF.exe
  C:\Windows\System\ZTgeQtF.exe
  2⤵
  PID:9532
- C:\Windows\System\NYVhASD.exe
  C:\Windows\System\NYVhASD.exe
  2⤵
  PID:9548
- C:\Windows\System\cpcQvaN.exe
  C:\Windows\System\cpcQvaN.exe
  2⤵
  PID:9568
- C:\Windows\System\JQLbYXB.exe
  C:\Windows\System\JQLbYXB.exe
  2⤵
  PID:9596
- C:\Windows\System\SIpxzyU.exe
  C:\Windows\System\SIpxzyU.exe
  2⤵
  PID:9612
- C:\Windows\System\tXVoPTW.exe
  C:\Windows\System\tXVoPTW.exe
  2⤵
  PID:9628
- C:\Windows\System\dsoOvTM.exe
  C:\Windows\System\dsoOvTM.exe
  2⤵
  PID:9652
- C:\Windows\System\VvQbeem.exe
  C:\Windows\System\VvQbeem.exe
  2⤵
  PID:9668
- C:\Windows\System\ueArCws.exe
  C:\Windows\System\ueArCws.exe
  2⤵
  PID:9688
- C:\Windows\System\ZQqUowX.exe
  C:\Windows\System\ZQqUowX.exe
  2⤵
  PID:9716
- C:\Windows\System\SBzDYhx.exe
  C:\Windows\System\SBzDYhx.exe
  2⤵
  PID:9732
- C:\Windows\System\hkBkaLh.exe
  C:\Windows\System\hkBkaLh.exe
  2⤵
  PID:9756
- C:\Windows\System\yOibNkK.exe
  C:\Windows\System\yOibNkK.exe
  2⤵
  PID:9772
- C:\Windows\System\fCKYLpu.exe
  C:\Windows\System\fCKYLpu.exe
  2⤵
  PID:9792
- C:\Windows\System\dBPulJh.exe
  C:\Windows\System\dBPulJh.exe
  2⤵
  PID:9808
- C:\Windows\System\ONIlFgp.exe
  C:\Windows\System\ONIlFgp.exe
  2⤵
  PID:9836
- C:\Windows\System\FxTWTjn.exe
  C:\Windows\System\FxTWTjn.exe
  2⤵
  PID:9852
- C:\Windows\System\GpAkXMi.exe
  C:\Windows\System\GpAkXMi.exe
  2⤵
  PID:9876
- C:\Windows\System\aFefmxV.exe
  C:\Windows\System\aFefmxV.exe
  2⤵
  PID:9896
- C:\Windows\System\eVudkhM.exe
  C:\Windows\System\eVudkhM.exe
  2⤵
  PID:9912
- C:\Windows\System\MWSwfGW.exe
  C:\Windows\System\MWSwfGW.exe
  2⤵
  PID:9932
- C:\Windows\System\XFYVPvz.exe
  C:\Windows\System\XFYVPvz.exe
  2⤵
  PID:9952
- C:\Windows\System\YrCtXFl.exe
  C:\Windows\System\YrCtXFl.exe
  2⤵
  PID:9980
- C:\Windows\System\civamrL.exe
  C:\Windows\System\civamrL.exe
  2⤵
  PID:10000
- C:\Windows\System\CGIjBZi.exe
  C:\Windows\System\CGIjBZi.exe
  2⤵
  PID:10016
- C:\Windows\System\uJxKyNK.exe
  C:\Windows\System\uJxKyNK.exe
  2⤵
  PID:10040
- C:\Windows\System\bssNwva.exe
  C:\Windows\System\bssNwva.exe
  2⤵
  PID:10060
- C:\Windows\System\viFEXAx.exe
  C:\Windows\System\viFEXAx.exe
  2⤵
  PID:10080
- C:\Windows\System\eqckgDc.exe
  C:\Windows\System\eqckgDc.exe
  2⤵
  PID:10096
- C:\Windows\System\tQqajVj.exe
  C:\Windows\System\tQqajVj.exe
  2⤵
  PID:10112
- C:\Windows\System\EWWTOWm.exe
  C:\Windows\System\EWWTOWm.exe
  2⤵
  PID:10140
- C:\Windows\System\AArxXyx.exe
  C:\Windows\System\AArxXyx.exe
  2⤵
  PID:10156
- C:\Windows\System\ljttxTo.exe
  C:\Windows\System\ljttxTo.exe
  2⤵
  PID:10176
- C:\Windows\System\csJNIOp.exe
  C:\Windows\System\csJNIOp.exe
  2⤵
  PID:10192
- C:\Windows\System\FeQhCpu.exe
  C:\Windows\System\FeQhCpu.exe
  2⤵
  PID:10212
- C:\Windows\System\GIdsOvj.exe
  C:\Windows\System\GIdsOvj.exe
  2⤵
  PID:10228
- C:\Windows\System\RTGmILn.exe
  C:\Windows\System\RTGmILn.exe
  2⤵
  PID:8408
- C:\Windows\System\MOtdoKb.exe
  C:\Windows\System\MOtdoKb.exe
  2⤵
  PID:9260
- C:\Windows\System\ylIXKCq.exe
  C:\Windows\System\ylIXKCq.exe
  2⤵
  PID:9240
- C:\Windows\System\xZAzggq.exe
  C:\Windows\System\xZAzggq.exe
  2⤵
  PID:9336
- C:\Windows\System\CYcbahA.exe
  C:\Windows\System\CYcbahA.exe
  2⤵
  PID:9380
- C:\Windows\System\tFFoStP.exe
  C:\Windows\System\tFFoStP.exe
  2⤵
  PID:9360
- C:\Windows\System\tVkyWXg.exe
  C:\Windows\System\tVkyWXg.exe
  2⤵
  PID:9428
- C:\Windows\System\IxDfAJA.exe
  C:\Windows\System\IxDfAJA.exe
  2⤵
  PID:9464
- C:\Windows\System\AvMDEpO.exe
  C:\Windows\System\AvMDEpO.exe
  2⤵
  PID:9480
- C:\Windows\System\UeWgezC.exe
  C:\Windows\System\UeWgezC.exe
  2⤵
  PID:9484
- C:\Windows\System\mpIMzEX.exe
  C:\Windows\System\mpIMzEX.exe
  2⤵
  PID:9540
- C:\Windows\System\dLaJIJY.exe
  C:\Windows\System\dLaJIJY.exe
  2⤵
  PID:9592
- C:\Windows\System\meyoYjA.exe
  C:\Windows\System\meyoYjA.exe
  2⤵
  PID:9660
- C:\Windows\System\wijUCpV.exe
  C:\Windows\System\wijUCpV.exe
  2⤵
  PID:9712
- C:\Windows\System\OwEHTPN.exe
  C:\Windows\System\OwEHTPN.exe
  2⤵
  PID:9680
- C:\Windows\System\UQycqNg.exe
  C:\Windows\System\UQycqNg.exe
  2⤵
  PID:9724
- C:\Windows\System\zhYtaUY.exe
  C:\Windows\System\zhYtaUY.exe
  2⤵
  PID:9764
- C:\Windows\System\exrrXcT.exe
  C:\Windows\System\exrrXcT.exe
  2⤵
  PID:9828
- C:\Windows\System\dTMHGdS.exe
  C:\Windows\System\dTMHGdS.exe
  2⤵
  PID:9848
- C:\Windows\System\MyNhRgt.exe
  C:\Windows\System\MyNhRgt.exe
  2⤵
  PID:9892
- C:\Windows\System\GupSmwH.exe
  C:\Windows\System\GupSmwH.exe
  2⤵
  PID:9944
- C:\Windows\System\WDWsQsd.exe
  C:\Windows\System\WDWsQsd.exe
  2⤵
  PID:9960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\Anapljn.exe

Filesize
6.0MB

MD5
fa663dbec824e48a9730f59745edf5b5

SHA1
b6a1f1402ee7daedffa7df8f887fbeca04bc3b54

SHA256
3eb400c6ddd20eab46e1c18c073fa226b6d4254806db2def06f56a07b7e21213

SHA512
44a23bb899b0727cccac356d09c736503aa51e4ca399653fe24e11afa34886f7d97adba752bf0b6a5cf4bebf1499e16c8f6321932ee64102e088da08aed882b5

Download Submit
C:\Windows\system\DCMIlBj.exe

Filesize
6.0MB

MD5
457efeece2f03c3626dc75399c52fad8

SHA1
74c2a4c7663cec3e789c26f728751050d3fe92e2

SHA256
9d78ba019dd43d1e2ccd74dde89eb0042fdde3ef685f883059221defff578211

SHA512
5fcfc923896d3028edf8eef68eb6d25452c03c7e591feb67ed8c1a9c88b701c50f33d20dfef9e7056226f5e55fbcc6d2144fcba304162d08340a1a99e882374d

Download Submit
C:\Windows\system\DRRmOOb.exe

Filesize
6.0MB

MD5
c081854137193fc6f4662615d9b26ed1

SHA1
1006033c861cb080c99c32d12ec969b54970a5e1

SHA256
39f6a9aa5cbb0e3e630833df83669c348253d1d91965ffaf83d56d453b1cc0a8

SHA512
bebcb1ff3047d40ec0ac9c2efc0faa022c801f66dfa3506bca6dab6010060a49c4b24e33d2b7a3bba43133664191147c0ab37ed72d33551bf5ea1dc634cefcde

Download Submit
C:\Windows\system\EHWYfDr.exe

Filesize
6.0MB

MD5
ebc75b49c39e4b0717edd01c3070608f

SHA1
f3279966bd261cc8c44a25a6389e183d230a9beb

SHA256
c44c046f615945db3a906baf13793a4b23f4a5c00452ed67d46c7d960d4b6111

SHA512
87376ae3e436c48141cfa45b9d977f4ba5478ee8582230ae932072be1e08aff46cbc6ef3d43ffe3528339d8217844c5bf06ee7e36427917fd6311d2ab97eb4cf

Download Submit
C:\Windows\system\FJZoDaz.exe

Filesize
6.0MB

MD5
b75283a8a53238096ab0c2ae2c26e857

SHA1
118426fc29921916826e9751990c685f5d2ae6d4

SHA256
2391a3ef8245a8d4d089b5cb4fccb725f6707ede33aa448769f1952a9bf4e17b

SHA512
330cfa08d0f317218ac1366a8f0bdda45d7fddc9bcd2647840ce7d8563ede68106cbf89be80bdc834ff52e833117797c2f570a6081af23fdf52d7de558c309f5

Download Submit
C:\Windows\system\FSqXEyo.exe

Filesize
6.0MB

MD5
7353e985c99b6d9fc70cc0df859d29bd

SHA1
30beb63f1fb44cbf1dd5d73c0a245b773240190e

SHA256
1ca74c649989ed267b7e0e16474fc69345c72d4e1588bbcf9b89c5ba4b508ec0

SHA512
1b663d3aaf291dcd0180e2f9aeefccb51273c38810dcbc32922302fd8cf46bcbb57572d3019bf259c26c5b975a1a05deb4e513809170c6605fc7f169994df3c6

Download Submit
C:\Windows\system\HdjCbUA.exe

Filesize
6.0MB

MD5
1a597d6285cf51a09dc1ecf9042a7f25

SHA1
f572716e3009e47e67f5b005f8cd28b1c279f911

SHA256
bc276e30c2432276d585e212e6dc84073a23092905d3c7d6b0a19801fda87ccc

SHA512
63c36216df326d0d09324a37f81d19b142f0e68787130cea447af4619066e231a185d9027577112f5d52cdbe02836fd270a326c29b667c7d4919d68a1ea999d4

Download Submit
C:\Windows\system\IPatETk.exe

Filesize
6.0MB

MD5
1662d9ecc8c1f728e89ddd3075fbaece

SHA1
57cc9454cc63ed127260fb252d73ebd8e266d734

SHA256
e0ed90a1c9670b682edfcc7e1c7eab23262441d7ab1c6d40ce423f3f73e4a8b6

SHA512
7056e2806b7ca0282a61885c5f5bafca4825c3227ef3d86ed0a531a947153bad95e91d1a0c4100fa479682e2923643d3c79af5499fb6ae33766471020873e8a0

Download Submit
C:\Windows\system\IigWisg.exe

Filesize
6.0MB

MD5
998c68971892d3e623e5a703c44a9a57

SHA1
e54fc3838e472f2631d1082fef491855ae47471c

SHA256
f0b2ce75c642ffca2a85a1cd402fb84b0e8ee7853de85366f6d49ed679b51984

SHA512
b0a9ae026475614322cd6e466aa055d61b9045652670fd1b8fd52f39599e3dbdcbcb1d755af5aa4b1c57ef1fd9d7298230c1085845ce07c2af83026de67eb8dc

Download Submit
C:\Windows\system\XcoJDia.exe

Filesize
6.0MB

MD5
b01068dd3b8a7edac9d5a8af5989bfef

SHA1
b5532551406b9cce40d846e3d79a916182288dea

SHA256
4165ebb48267920936fcabd7c108eb6144f0930c02ff910f35b65fe71f1a61ab

SHA512
bf51243007fb475f0e836f0b54db86a014fdc6ca87d32e457479681b389dd85f9df83c2c505dbfd2738f602f317f965ca3d0fe967b85e8c8de787ebbef945d1e

Download Submit
C:\Windows\system\YfDalmD.exe

Filesize
6.0MB

MD5
0d7a65fbbc1c3fcbbdca9eaf7fe2da3e

SHA1
334817fdb61f368cb1d00c4ad05d56d60c6bf89a

SHA256
326a7c76781b9c1c54fdff4dbf10b9f4b78b9e4546cc3f9c363e2f1fdc67e590

SHA512
5df0a5b1ebd128dd1c6e234cd0b6447c5944de4fd4c0c947265bcd93055c65e3cc806f5de582fc045f4c72e78acc6e6b8da06212b3f9a7960e9d3d93a604cb51

Download Submit
C:\Windows\system\YhbcoEG.exe

Filesize
6.0MB

MD5
7235c6a1f2c78ca0a6298b0ac2dadefc

SHA1
71eeadbd612f17b7658cc7aec005f8e4554bc068

SHA256
d58b24a85f5fca7ee8683e2342e927469503a32b8f1ccc5d18e8893ff001c2a2

SHA512
9f6df5ce156486f5985e58be443bec2815079ca87723db418a2f588448ce1b9f1bc71427cd09dab04f7651e7804214c25287921a23c69e33484e68afd0879bd5

Download Submit
C:\Windows\system\ZqZXgUC.exe

Filesize
6.0MB

MD5
99787c40c075589d46f7f2fde982d2f4

SHA1
5b46289137f2ce0024d3dbdc79ef7303ee0da482

SHA256
d4bfa620bb490738a6106514d6d0287c3577269af423b6b832e51b508e381d36

SHA512
90a2fcbfacc5b3905ca5c036c63a6f75ec44c6d973a75e123984a0cb954b49cce94fd7eac7aebd90439c330381df857ba918faddf0cd567672832e58ecb75f50

Download Submit
C:\Windows\system\bvGxhOe.exe

Filesize
6.0MB

MD5
1a0f8c58721c6c8a48f79398f1cec364

SHA1
a4d80f9521ef9f2602a722d28f0892e22e7f0bfb

SHA256
a138f6fd379c80d602f0aa0cbd629d73826d62a3462b9a3d57511a31e282f1bc

SHA512
59b503123a4fdc0edc1aef80855e49096c1231a38381c92e7a9afdf3d6992597c6883cd7dfe65deeb66aa400a18cba98959d23e0c465e0f690a9656fccaade34

Download Submit
C:\Windows\system\coEvcRG.exe

Filesize
6.0MB

MD5
8e92a5f126d6007fb0f532443ffb0e2c

SHA1
8dbc839609744d52f10a56a0570957fcd5e045d1

SHA256
3294f292e64188482943e3da93c135d4a78176360c0ebed8b0bfa43e4057a00d

SHA512
caec5a2c6a2bbe5b11f84d7953d06bdc5deac539c7b0863526eeb8a9ebd57f152971229617d6828802dbb662d041d53c5409aec3190bbaf313a5f7d13a0edd4f

Download Submit
C:\Windows\system\ctQNFdH.exe

Filesize
6.0MB

MD5
54635630d812a6340039c99a19886d54

SHA1
328de6c18aa33c49812d267a44f39b7f88c607e1

SHA256
63a92b5dc33327a2e304e8aaa5d9f89e8171b59aeba8658e76ab0b5b51386ea0

SHA512
288825d503bc43d1cf4a527e9392d18c3d4ecfab3486b028a4f8409bbe17390a2af7321699a54b3f249b778fbea2f64908def9cd2cce4c7ff4655a2b4db54369

Download Submit
C:\Windows\system\eqDWPag.exe

Filesize
6.0MB

MD5
265031f1c30acf50a5a4f16211420cdf

SHA1
877a409a82b5fc9e873b9e8cf9302a9e5b4ff0dc

SHA256
9e2547aa98a73cc4a5d6b4a8c9322a7eb14b11ad907e6dc59b94e1ee10f050ca

SHA512
6e30581a730634b9890e2bfa1f56886f9be4bb01f29e678c045b787603b94f1344f506697bf90819d7be5829f72b397a5ce6bad6b212c7c62a8b6343be0d802c

Download Submit
C:\Windows\system\gsmEkae.exe

Filesize
6.0MB

MD5
1415408e39f7ab67f4dfeb3e41948a43

SHA1
a0a4db20e068e9fb50921f3cf0dce93a08e7f38f

SHA256
85436658cf7ead1c38e0a7b51e60f58243d53786d9466ee62caeada1089c78fd

SHA512
441cd6af049a7317af2353ea4d3d45ec55bbda0ce0cbbd8ff6d9d64ad45cf50b988de1ba80ba53093c210785a8146291721715d8f89fe2b7b16446dad46e10ef

Download Submit
C:\Windows\system\hBYnKDQ.exe

Filesize
6.0MB

MD5
a2976739fa01128d4d97dfe98c1040d2

SHA1
76bc78de0c98b3e1e024015dbaff116339d09eaa

SHA256
ff5bea619d11d44e7e9ae54b2a02ce043598d77b6436f16062db67e70d79a757

SHA512
2a9f7d4d558f2f26648c4b46284a7aa593691a82a1a2adaf9da58ca17a3f684819526a04603d8c8c0cd7ea87025632f616a040ea4e8c35d7757cfc996c59a4cf

Download Submit
C:\Windows\system\keEoemc.exe

Filesize
6.0MB

MD5
0e847e89a04a870b29464e24f4093f60

SHA1
5dce0e986b4d09b304e50326ee05f748dd9970ab

SHA256
32dc6a2515ac7ea50d0d219dcd0f1287e8b9b5c82b2a88a716fc098a487d9909

SHA512
db7c7df6889326efcd3ee846e2fe6832625c5be8e45b0c54eb9fa905b8a839524acc83f7c61420de9cb1ac2c5e1184e5006c9447e2e9cc42d10bc257dbb0081c

Download Submit
C:\Windows\system\vHaZwxc.exe

Filesize
6.0MB

MD5
f2e3f3cf9f17b8a44e9f27605a457fc3

SHA1
50e2e835c774f0e27aa7fc5ad6e263932f27f338

SHA256
5f4f1b1df5207a8c6d3649cc3377836a792cec6fbb4fd7452980b89f2beedcb2

SHA512
264109f17c2066cdbf575ef785a1c540efdf3192993e4e360d7951461af6ad7f479f466e9bbf3884506c02b652afd230efdc7aeb5901d08e9ad0285888ce28c6

Download Submit
C:\Windows\system\vqZviNY.exe

Filesize
6.0MB

MD5
c1a283a45908cdbfca56bd35cb7b63e9

SHA1
65b44ee875288a6a30471def2b55809e92bf3b76

SHA256
b52b752fe7deef5ccd04ac89ba41b2da300e31efb4386d8db6eda74af4ebe95a

SHA512
d9725a7d0b79d13660dfb6d03630f10881c5f46ff40f7e045a692db82e6914e29b7d06110f3402ea5c489129e7d7e367f8b1b54a19e4d695a618aaa4af31855c

Download Submit
C:\Windows\system\xCCKiRz.exe

Filesize
6.0MB

MD5
e6da75ac240e63ad294d9b6fb0c1fd72

SHA1
9039c1af6d454490c9238fb4cc95a1e91dfa79dd

SHA256
6d337b52c3edc4451afde95febd881fb061ade0a850b05026aa15453c0d3736f

SHA512
5e45550ee942cdca70e2e0d4807b2d0121f37d89d4db089fe0ca360d29d524c8f2990e5d36792f32cd0bfb7606ab3617d76e8e9b59097ca75a316bb12b9b92c9

Download Submit
C:\Windows\system\yVUpdtH.exe

Filesize
6.0MB

MD5
3e24463bdd4f3902ddbc7b2f62f23973

SHA1
6c72095dea9f8bc015baad455f74dbf6778dab56

SHA256
cbac4c95e8fac265722eff8f94c23ebad69b62f1757e560941448d6b29ea327e

SHA512
8250e70fcdc0556738216ab94eb9555f1fb146233ac8aac636b0bab93d24fc5ae516c05f2f8881ec1e551b0e79b1c0340941c9a92f52638dd2fca0c829d2ee8d

Download Submit
C:\Windows\system\ycbqHiy.exe

Filesize
6.0MB

MD5
2911e04b6404d4e8678e943dd5dde17e

SHA1
96af3ddba4a3f4eeeb2cc16740468f63adefdf2e

SHA256
eed4d447316dd39476060f9845c991f036eafd3c09d662218400df942cc856c4

SHA512
7e652ae76906f757e230ede8e37a7ab5e03a829df9dff495ca0d4e0740e0743ac7342f8b53e806853c8559358327b2e200062ccf2c8359f4c6328b1c847e1cee

Download Submit
C:\Windows\system\zVWhMaC.exe

Filesize
6.0MB

MD5
5f90e99d2e5e1352be737fe3d1c5acca

SHA1
a2cb84bec80198046b81bf20191dcdb0c721fc19

SHA256
75e3a0023a01a1eb2e42cd2de41782112fe631afadbdc148422d489b60f90571

SHA512
de27778a9b4058d950f171fcab91fb146ee0c7ea13345b53eff5fe9a1cdf57c1471490f39c795689945063e9a93012dcf3a2d9b2c3075b16048b5e0112108dcc

Download Submit
\Windows\system\EHDOQUR.exe

Filesize
6.0MB

MD5
eebd50a6a8a9b4ceeacde411851be196

SHA1
a3c55aed50420b626830fcc73985d3759540b7c2

SHA256
d8f0d949a51d422dd793acec4aa4cc25ed46d40756f6212454f9d3868cbd03b5

SHA512
7a120588d50e099720268ce87273625994335c5d6bc9692bae383d573b25db362970e1888990181de727f0f5503bd51dae3a5555317266a0e21c26587dafec60

Download Submit
\Windows\system\NWwLtDo.exe

Filesize
6.0MB

MD5
f75264c88d4548942ad8eba7fb0fb520

SHA1
aef4e439d3c24fad90994e491d591ec8537aaebf

SHA256
817975c4009a22fc414bc5865fdda36533b5a1192e35cb284e0587c31cfb2730

SHA512
843c3b309f0ce7d25e018d94a16be54a482d960c1f358261c5843ae42c0c2fa13c4f3316cb8e362457073eadd083ca8eb9e52fcbe80bd4c8cf4f32cf0a88d87e

Download Submit
\Windows\system\XYUqXCu.exe

Filesize
6.0MB

MD5
dce990c4cf512340a5b4bd323bdf3d04

SHA1
118b1fe5b674441241638142d41ca5f9765b79ed

SHA256
049bdc1a1e84966ce4199d52de9754b35ad9e7620143641b346576d4d3610548

SHA512
2bf11b3bd051bce8731ff0f654dfd6a28e3d62716fb5f2b131682d0635b97b7062df00959ea8d542f6cc53f69f9801b6a02190f2fef8d4652048e810c66b1cbf

Download Submit
\Windows\system\cQHSWNm.exe

Filesize
6.0MB

MD5
9d9ee56637deb60184c7c1a3ed3d1d1a

SHA1
d72787521406077aa42f05d7231da70bedf2ca08

SHA256
a0f0dd1e0ee2602f4a28aa097560941e80e67892f23a852d530eb377b80980d7

SHA512
8fdf5adf4296db635dbefa928265aafa4deba9e009e115d96612f6118f590ed8de5cbee5e673218e0386a5e68fd407c1a46e719acb939d4541ce36221376d3fa

Download Submit
\Windows\system\iWxinfU.exe

Filesize
6.0MB

MD5
b7888acfe36c3628595a0c600a2fd09b

SHA1
4c6b00cfb4f557f22030f7509af555ef9caec087

SHA256
25caa7c11c48904e5df6af0bd5889a270ed4e809e930500eb64d34b37b49b35e

SHA512
0955dbc5e532c497a0e12c7122a23cdcbdd6bb2337285ed5efdfa55519bdd0dfca5c5052dfa4f7e0f03f98f519eeef09dd094e33447b8061d7231b4988f0c1c0

Download Submit
\Windows\system\quDeGiD.exe

Filesize
6.0MB

MD5
c724a0292c607f913c7ae38555052c9e

SHA1
df69f7eb326a7ff16aaec51e221fbfdc8ea04b58

SHA256
9630530b58f488206bc39dc34167f757b2866cb30dde13707ab4c8e9f8e2644a

SHA512
9d693ea2eaa8543cd04f96307e9cd660b98aff2b30ca3284cd6c3e053ed450725d264f76b99e227c2c5e78c86bfbc8b17e831a8d9ca3131c660a04ad2489bf59

Download Submit
memory/1132-838-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/1132-1495-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/1864-1501-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1864-8-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1864-1497-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2196-801-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2196-1484-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2208-822-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-1476-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-861-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1631-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1609-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2320-839-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1634-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-862-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2320-0-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2320-852-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1364-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2320-823-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2320-817-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1626-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-815-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1635-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2320-813-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1674-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2320-811-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2320-5-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2320-809-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1628-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2320-807-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2320-804-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1638-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2320-1637-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2320-789-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1636-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1521-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1632-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2320-14-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1620-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1617-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1473-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2380-860-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2588-1477-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2588-814-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1492-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2676-816-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1488-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2708-788-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2748-1489-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2748-812-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2768-700-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-1482-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1486-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-810-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-806-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1481-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1502-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2844-851-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2860-808-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2860-1487-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download