cobaltstrike | 670b6326c4db24d4d68a04ca27d7670b129eee2758ac6480d75da2f3b0e7bae6

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-11-2024 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b9e363d152311049ac858f80b575d81c
SHA1

9bc246c07f3b59df59a66d7ee8c6344b8208f7af
SHA256

670b6326c4db24d4d68a04ca27d7670b129eee2758ac6480d75da2f3b0e7bae6
SHA512

4adec7725523441938afdc412289577430cb11e078153f57687b444a9d235a3ef8101b05e014fbbd6d28f88bec72415c34e4d53e864fa18d439d5a7ba106097a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUK:T+q56utgpPF8u/7K

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 40 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ac1-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d36-22.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c95-59.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018696-58.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0d-43.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c73-42.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001757f-38.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174a6-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d47-26.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-162.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-89.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-83.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-159.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000018676-135.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174c3-125.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017488-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-112.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-111.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-109.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/2644-0-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0008000000016ac1-8.dat	xmrig
behavioral1/files/0x0007000000016d36-22.dat	xmrig
behavioral1/files/0x0008000000016c95-59.dat	xmrig
behavioral1/files/0x0005000000018696-58.dat	xmrig
behavioral1/files/0x0007000000016d0d-43.dat	xmrig
behavioral1/files/0x0008000000016c73-42.dat	xmrig
behavioral1/files/0x000600000001757f-38.dat	xmrig
behavioral1/files/0x00070000000174a6-32.dat	xmrig
behavioral1/files/0x0007000000016d47-26.dat	xmrig
behavioral1/files/0x0005000000019268-101.dat	xmrig
behavioral1/memory/2644-909-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2800-195-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a4-175.dat	xmrig
behavioral1/files/0x0005000000019377-174.dat	xmrig
behavioral1/files/0x0005000000019450-171.dat	xmrig
behavioral1/files/0x0005000000019319-167.dat	xmrig
behavioral1/files/0x0005000000019278-166.dat	xmrig
behavioral1/files/0x0005000000019433-162.dat	xmrig
behavioral1/files/0x00050000000193b3-156.dat	xmrig
behavioral1/files/0x0005000000019387-150.dat	xmrig
behavioral1/files/0x0005000000019365-142.dat	xmrig
behavioral1/files/0x000500000001929a-136.dat	xmrig
behavioral1/files/0x0005000000019275-128.dat	xmrig
behavioral1/files/0x0005000000019240-95.dat	xmrig
behavioral1/files/0x00050000000191f6-89.dat	xmrig
behavioral1/files/0x00060000000190e1-83.dat	xmrig
behavioral1/files/0x0006000000018f65-75.dat	xmrig
behavioral1/files/0x0006000000018c34-69.dat	xmrig
behavioral1/files/0x0005000000018697-60.dat	xmrig
behavioral1/memory/2380-18-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2644-11-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2652-267-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2120-239-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/1204-236-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/1608-230-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2544-222-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2724-220-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2832-201-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x0005000000019446-168.dat	xmrig
behavioral1/files/0x00050000000193c1-159.dat	xmrig
behavioral1/files/0x0015000000018676-135.dat	xmrig
behavioral1/memory/2812-127-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x00060000000174c3-125.dat	xmrig
behavioral1/files/0x0008000000017488-116.dat	xmrig
behavioral1/files/0x000500000001926c-115.dat	xmrig
behavioral1/files/0x0005000000019259-114.dat	xmrig
behavioral1/files/0x0005000000019217-113.dat	xmrig
behavioral1/files/0x00050000000191d2-112.dat	xmrig
behavioral1/files/0x000600000001904c-111.dat	xmrig
behavioral1/files/0x0006000000018c44-110.dat	xmrig
behavioral1/files/0x00050000000187a2-109.dat	xmrig
behavioral1/memory/2380-3610-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2800-3609-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/1608-3608-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2544-3607-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2724-3606-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2812-3647-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2120-3646-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2652-3645-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/1204-3605-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2832-3604-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2380	zbimQwy.exe
2812	RbbMCch.exe
2800	nlRNPIb.exe
2832	tKwvHFV.exe
2724	nGigLLx.exe
2544	PEZJWsY.exe
1608	ZBGSKLR.exe
1204	dWkdDax.exe
2120	vToZOnZ.exe
2652	XhPrsBx.exe
3016	Nmmridh.exe
2376	uMRGViw.exe
1196	xAgdhxR.exe
320	AiIokeO.exe
800	aMkCyVv.exe
2640	UMHGdkz.exe
2852	fvEPrkb.exe
2604	bUKynWX.exe
2592	ISdIzGC.exe
772	TCnSmMz.exe
1424	TOqITBU.exe
2264	zmHYBjj.exe
2108	dBUwhbT.exe
1988	hgjSKYZ.exe
2212	QUtNQup.exe
932	RdZfVDo.exe
884	vFuWeny.exe
664	zTcIsAQ.exe
1928	NECLxTH.exe
1652	SKFEVvj.exe
2428	LWmaDOV.exe
1724	VaTpQVd.exe
2340	VFWbOas.exe
1012	EkglovV.exe
2456	bsnkHit.exe
1868	LQjNVSS.exe
1540	MNkYwJt.exe
2776	XblzZeF.exe
1648	qRKMZxE.exe
1416	WjZvEzs.exe
2628	kIUSclp.exe
1976	AwpoiKr.exe
1672	eNLmaWl.exe
2892	zzeyQPT.exe
2896	OyLeTKQ.exe
2364	EHblwgM.exe
1596	htelbcP.exe
824	kfQhlHZ.exe
3048	QieUJfA.exe
896	FdBLOsj.exe
2764	VVHqPWu.exe
3080	yZwQBqr.exe
3112	CicGKav.exe
3144	fBDDJrW.exe
3196	aLXtPlP.exe
1208	hYkiaFd.exe
2348	GKotQZZ.exe
3232	pTDhmtB.exe
2620	gfFBRnu.exe
2868	NdwfbmX.exe
3280	BBDYURX.exe
2960	QqXaqWO.exe
2136	jduPNLK.exe
2128	aMqpaND.exe

Loads dropped DLL 64 IoCs

pid	Process
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2644-0-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0008000000016ac1-8.dat	upx
behavioral1/files/0x0007000000016d36-22.dat	upx
behavioral1/files/0x0008000000016c95-59.dat	upx
behavioral1/files/0x0005000000018696-58.dat	upx
behavioral1/files/0x0007000000016d0d-43.dat	upx
behavioral1/files/0x0008000000016c73-42.dat	upx
behavioral1/files/0x000600000001757f-38.dat	upx
behavioral1/files/0x00070000000174a6-32.dat	upx
behavioral1/files/0x0007000000016d47-26.dat	upx
behavioral1/files/0x0005000000019268-101.dat	upx
behavioral1/memory/2644-909-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2800-195-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x00050000000193a4-175.dat	upx
behavioral1/files/0x0005000000019377-174.dat	upx
behavioral1/files/0x0005000000019450-171.dat	upx
behavioral1/files/0x0005000000019319-167.dat	upx
behavioral1/files/0x0005000000019278-166.dat	upx
behavioral1/files/0x0005000000019433-162.dat	upx
behavioral1/files/0x00050000000193b3-156.dat	upx
behavioral1/files/0x0005000000019387-150.dat	upx
behavioral1/files/0x0005000000019365-142.dat	upx
behavioral1/files/0x000500000001929a-136.dat	upx
behavioral1/files/0x0005000000019275-128.dat	upx
behavioral1/files/0x0005000000019240-95.dat	upx
behavioral1/files/0x00050000000191f6-89.dat	upx
behavioral1/files/0x00060000000190e1-83.dat	upx
behavioral1/files/0x0006000000018f65-75.dat	upx
behavioral1/files/0x0006000000018c34-69.dat	upx
behavioral1/files/0x0005000000018697-60.dat	upx
behavioral1/memory/2380-18-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2652-267-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2120-239-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/1204-236-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/1608-230-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2544-222-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2724-220-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2832-201-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x0005000000019446-168.dat	upx
behavioral1/files/0x00050000000193c1-159.dat	upx
behavioral1/files/0x0015000000018676-135.dat	upx
behavioral1/memory/2812-127-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x00060000000174c3-125.dat	upx
behavioral1/files/0x0008000000017488-116.dat	upx
behavioral1/files/0x000500000001926c-115.dat	upx
behavioral1/files/0x0005000000019259-114.dat	upx
behavioral1/files/0x0005000000019217-113.dat	upx
behavioral1/files/0x00050000000191d2-112.dat	upx
behavioral1/files/0x000600000001904c-111.dat	upx
behavioral1/files/0x0006000000018c44-110.dat	upx
behavioral1/files/0x00050000000187a2-109.dat	upx
behavioral1/memory/2380-3610-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2800-3609-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/1608-3608-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2544-3607-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2724-3606-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2812-3647-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2120-3646-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2652-3645-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/1204-3605-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2832-3604-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\fgLXQOx.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTmFNdB.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MOoDNrW.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMkCyVv.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rgRwZqk.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QEyhGvW.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhgSyEm.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rIpVztn.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCtiRjr.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FjPDPrP.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LupcBzH.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jgegiBs.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VxwgOKh.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JIZdcrL.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gOCdIEN.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QvkUDkb.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PSqkBYc.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CabpKpw.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zeFaSnV.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VvoKHxz.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iNyPBiu.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yqwLQMR.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GJMgyCb.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QFHHFBd.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PekuGME.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DIXpcnv.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbNBvoV.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LirpLJl.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dIWRiEo.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABRFaPH.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BdUszvG.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dLoRSYZ.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PzYbbln.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fEMIygR.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQyLFoo.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\khoKEMi.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nvrenAt.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ylnowfq.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LTpsOKs.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jaFnVPE.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\itEqdtz.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JAumbmp.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRbaQYm.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZgMGhCq.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdHOdUL.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXCgkqP.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmHYfhI.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVMagcV.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hRvDuSb.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOPOAfY.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SbrkWgy.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MmAtetw.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jAeRWUI.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RqfdpVv.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WhZbSbw.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NoPTLMU.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NiGbjaN.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eeYfOpH.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HghVjJs.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rjMwbaw.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVSuaic.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GdjjBcl.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PwwxxWK.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hVgDhhD.exe	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2380	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2644 wrote to memory of 2380	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2644 wrote to memory of 2380	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2644 wrote to memory of 2812	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2644 wrote to memory of 2812	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2644 wrote to memory of 2812	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2644 wrote to memory of 2800	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2644 wrote to memory of 2800	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2644 wrote to memory of 2800	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2644 wrote to memory of 2120	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2644 wrote to memory of 2120	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2644 wrote to memory of 2120	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2644 wrote to memory of 2832	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2644 wrote to memory of 2832	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2644 wrote to memory of 2832	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2644 wrote to memory of 2652	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2644 wrote to memory of 2652	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2644 wrote to memory of 2652	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2644 wrote to memory of 2724	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2644 wrote to memory of 2724	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2644 wrote to memory of 2724	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2644 wrote to memory of 2604	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2644 wrote to memory of 2604	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2644 wrote to memory of 2604	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2644 wrote to memory of 2544	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2644 wrote to memory of 2544	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2644 wrote to memory of 2544	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2644 wrote to memory of 2592	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2644 wrote to memory of 2592	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2644 wrote to memory of 2592	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2644 wrote to memory of 1608	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2644 wrote to memory of 1608	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2644 wrote to memory of 1608	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2644 wrote to memory of 772	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2644 wrote to memory of 772	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2644 wrote to memory of 772	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2644 wrote to memory of 1204	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2644 wrote to memory of 1204	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2644 wrote to memory of 1204	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2644 wrote to memory of 2896	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2644 wrote to memory of 2896	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2644 wrote to memory of 2896	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2644 wrote to memory of 3016	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2644 wrote to memory of 3016	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2644 wrote to memory of 3016	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2644 wrote to memory of 2364	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2644 wrote to memory of 2364	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2644 wrote to memory of 2364	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2644 wrote to memory of 2376	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2644 wrote to memory of 2376	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2644 wrote to memory of 2376	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2644 wrote to memory of 1596	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2644 wrote to memory of 1596	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2644 wrote to memory of 1596	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2644 wrote to memory of 1196	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2644 wrote to memory of 1196	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2644 wrote to memory of 1196	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2644 wrote to memory of 1208	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2644 wrote to memory of 1208	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2644 wrote to memory of 1208	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2644 wrote to memory of 320	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2644 wrote to memory of 320	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2644 wrote to memory of 320	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2644 wrote to memory of 2348	2644	2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-11_b9e363d152311049ac858f80b575d81c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\System\zbimQwy.exe
  C:\Windows\System\zbimQwy.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\RbbMCch.exe
  C:\Windows\System\RbbMCch.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\nlRNPIb.exe
  C:\Windows\System\nlRNPIb.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\vToZOnZ.exe
  C:\Windows\System\vToZOnZ.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\tKwvHFV.exe
  C:\Windows\System\tKwvHFV.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\XhPrsBx.exe
  C:\Windows\System\XhPrsBx.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\nGigLLx.exe
  C:\Windows\System\nGigLLx.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\bUKynWX.exe
  C:\Windows\System\bUKynWX.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\PEZJWsY.exe
  C:\Windows\System\PEZJWsY.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\ISdIzGC.exe
  C:\Windows\System\ISdIzGC.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\ZBGSKLR.exe
  C:\Windows\System\ZBGSKLR.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\TCnSmMz.exe
  C:\Windows\System\TCnSmMz.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\dWkdDax.exe
  C:\Windows\System\dWkdDax.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\OyLeTKQ.exe
  C:\Windows\System\OyLeTKQ.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\Nmmridh.exe
  C:\Windows\System\Nmmridh.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\EHblwgM.exe
  C:\Windows\System\EHblwgM.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\uMRGViw.exe
  C:\Windows\System\uMRGViw.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\htelbcP.exe
  C:\Windows\System\htelbcP.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\xAgdhxR.exe
  C:\Windows\System\xAgdhxR.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\hYkiaFd.exe
  C:\Windows\System\hYkiaFd.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\AiIokeO.exe
  C:\Windows\System\AiIokeO.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\GKotQZZ.exe
  C:\Windows\System\GKotQZZ.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\aMkCyVv.exe
  C:\Windows\System\aMkCyVv.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\gfFBRnu.exe
  C:\Windows\System\gfFBRnu.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\UMHGdkz.exe
  C:\Windows\System\UMHGdkz.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\NdwfbmX.exe
  C:\Windows\System\NdwfbmX.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\fvEPrkb.exe
  C:\Windows\System\fvEPrkb.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\QqXaqWO.exe
  C:\Windows\System\QqXaqWO.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\TOqITBU.exe
  C:\Windows\System\TOqITBU.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\jduPNLK.exe
  C:\Windows\System\jduPNLK.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\zmHYBjj.exe
  C:\Windows\System\zmHYBjj.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\aMqpaND.exe
  C:\Windows\System\aMqpaND.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\dBUwhbT.exe
  C:\Windows\System\dBUwhbT.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\HFmRfvA.exe
  C:\Windows\System\HFmRfvA.exe
  2⤵
  PID:1964
- C:\Windows\System\hgjSKYZ.exe
  C:\Windows\System\hgjSKYZ.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\fzPpApZ.exe
  C:\Windows\System\fzPpApZ.exe
  2⤵
  PID:452
- C:\Windows\System\QUtNQup.exe
  C:\Windows\System\QUtNQup.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\MFgkezg.exe
  C:\Windows\System\MFgkezg.exe
  2⤵
  PID:1860
- C:\Windows\System\RdZfVDo.exe
  C:\Windows\System\RdZfVDo.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\QNVEKAT.exe
  C:\Windows\System\QNVEKAT.exe
  2⤵
  PID:3044
- C:\Windows\System\vFuWeny.exe
  C:\Windows\System\vFuWeny.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\gbBxiXL.exe
  C:\Windows\System\gbBxiXL.exe
  2⤵
  PID:292
- C:\Windows\System\zTcIsAQ.exe
  C:\Windows\System\zTcIsAQ.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\nckTRRL.exe
  C:\Windows\System\nckTRRL.exe
  2⤵
  PID:236
- C:\Windows\System\NECLxTH.exe
  C:\Windows\System\NECLxTH.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\XUNyJzR.exe
  C:\Windows\System\XUNyJzR.exe
  2⤵
  PID:1628
- C:\Windows\System\SKFEVvj.exe
  C:\Windows\System\SKFEVvj.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\fDABcET.exe
  C:\Windows\System\fDABcET.exe
  2⤵
  PID:2036
- C:\Windows\System\LWmaDOV.exe
  C:\Windows\System\LWmaDOV.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\osFjXuN.exe
  C:\Windows\System\osFjXuN.exe
  2⤵
  PID:1260
- C:\Windows\System\VaTpQVd.exe
  C:\Windows\System\VaTpQVd.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\hRKCuml.exe
  C:\Windows\System\hRKCuml.exe
  2⤵
  PID:2980
- C:\Windows\System\VFWbOas.exe
  C:\Windows\System\VFWbOas.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\iScVnxH.exe
  C:\Windows\System\iScVnxH.exe
  2⤵
  PID:1380
- C:\Windows\System\EkglovV.exe
  C:\Windows\System\EkglovV.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\DFkoOkC.exe
  C:\Windows\System\DFkoOkC.exe
  2⤵
  PID:900
- C:\Windows\System\bsnkHit.exe
  C:\Windows\System\bsnkHit.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\LiZBaFE.exe
  C:\Windows\System\LiZBaFE.exe
  2⤵
  PID:1960
- C:\Windows\System\LQjNVSS.exe
  C:\Windows\System\LQjNVSS.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\veTgKmz.exe
  C:\Windows\System\veTgKmz.exe
  2⤵
  PID:2948
- C:\Windows\System\MNkYwJt.exe
  C:\Windows\System\MNkYwJt.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\JAumbmp.exe
  C:\Windows\System\JAumbmp.exe
  2⤵
  PID:1532
- C:\Windows\System\XblzZeF.exe
  C:\Windows\System\XblzZeF.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\fygjxPy.exe
  C:\Windows\System\fygjxPy.exe
  2⤵
  PID:2676
- C:\Windows\System\qRKMZxE.exe
  C:\Windows\System\qRKMZxE.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\kfhOABb.exe
  C:\Windows\System\kfhOABb.exe
  2⤵
  PID:3028
- C:\Windows\System\WjZvEzs.exe
  C:\Windows\System\WjZvEzs.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\ehQkmPc.exe
  C:\Windows\System\ehQkmPc.exe
  2⤵
  PID:584
- C:\Windows\System\kIUSclp.exe
  C:\Windows\System\kIUSclp.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\sDxsLlj.exe
  C:\Windows\System\sDxsLlj.exe
  2⤵
  PID:2780
- C:\Windows\System\AwpoiKr.exe
  C:\Windows\System\AwpoiKr.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\DsmMZHu.exe
  C:\Windows\System\DsmMZHu.exe
  2⤵
  PID:764
- C:\Windows\System\eNLmaWl.exe
  C:\Windows\System\eNLmaWl.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\dumzSQs.exe
  C:\Windows\System\dumzSQs.exe
  2⤵
  PID:1792
- C:\Windows\System\zzeyQPT.exe
  C:\Windows\System\zzeyQPT.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\IrHMVJT.exe
  C:\Windows\System\IrHMVJT.exe
  2⤵
  PID:2200
- C:\Windows\System\kfQhlHZ.exe
  C:\Windows\System\kfQhlHZ.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\uljNrpb.exe
  C:\Windows\System\uljNrpb.exe
  2⤵
  PID:2192
- C:\Windows\System\QieUJfA.exe
  C:\Windows\System\QieUJfA.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\ipWrPwS.exe
  C:\Windows\System\ipWrPwS.exe
  2⤵
  PID:980
- C:\Windows\System\FdBLOsj.exe
  C:\Windows\System\FdBLOsj.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\XmdohMH.exe
  C:\Windows\System\XmdohMH.exe
  2⤵
  PID:2268
- C:\Windows\System\VVHqPWu.exe
  C:\Windows\System\VVHqPWu.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\iCuGjls.exe
  C:\Windows\System\iCuGjls.exe
  2⤵
  PID:3064
- C:\Windows\System\yZwQBqr.exe
  C:\Windows\System\yZwQBqr.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\OGiIaGY.exe
  C:\Windows\System\OGiIaGY.exe
  2⤵
  PID:3096
- C:\Windows\System\CicGKav.exe
  C:\Windows\System\CicGKav.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\gUDEfbu.exe
  C:\Windows\System\gUDEfbu.exe
  2⤵
  PID:3128
- C:\Windows\System\fBDDJrW.exe
  C:\Windows\System\fBDDJrW.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\XHwdPtH.exe
  C:\Windows\System\XHwdPtH.exe
  2⤵
  PID:3172
- C:\Windows\System\aLXtPlP.exe
  C:\Windows\System\aLXtPlP.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\pNhsGYF.exe
  C:\Windows\System\pNhsGYF.exe
  2⤵
  PID:3212
- C:\Windows\System\pTDhmtB.exe
  C:\Windows\System\pTDhmtB.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\ALbaKIU.exe
  C:\Windows\System\ALbaKIU.exe
  2⤵
  PID:3256
- C:\Windows\System\BBDYURX.exe
  C:\Windows\System\BBDYURX.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\GyFoznp.exe
  C:\Windows\System\GyFoznp.exe
  2⤵
  PID:3304
- C:\Windows\System\RKLqocJ.exe
  C:\Windows\System\RKLqocJ.exe
  2⤵
  PID:3328
- C:\Windows\System\nhAXcJH.exe
  C:\Windows\System\nhAXcJH.exe
  2⤵
  PID:3348
- C:\Windows\System\pDuJpUA.exe
  C:\Windows\System\pDuJpUA.exe
  2⤵
  PID:3372
- C:\Windows\System\rgRwZqk.exe
  C:\Windows\System\rgRwZqk.exe
  2⤵
  PID:3396
- C:\Windows\System\uILLaGA.exe
  C:\Windows\System\uILLaGA.exe
  2⤵
  PID:3416
- C:\Windows\System\KhZRSPS.exe
  C:\Windows\System\KhZRSPS.exe
  2⤵
  PID:3440
- C:\Windows\System\YEkdgMw.exe
  C:\Windows\System\YEkdgMw.exe
  2⤵
  PID:3464
- C:\Windows\System\JmtfmyL.exe
  C:\Windows\System\JmtfmyL.exe
  2⤵
  PID:3480
- C:\Windows\System\xUBctyd.exe
  C:\Windows\System\xUBctyd.exe
  2⤵
  PID:3504
- C:\Windows\System\hVgDhhD.exe
  C:\Windows\System\hVgDhhD.exe
  2⤵
  PID:3528
- C:\Windows\System\tvSijjt.exe
  C:\Windows\System\tvSijjt.exe
  2⤵
  PID:3632
- C:\Windows\System\LiVWAgZ.exe
  C:\Windows\System\LiVWAgZ.exe
  2⤵
  PID:3720
- C:\Windows\System\lRajlBD.exe
  C:\Windows\System\lRajlBD.exe
  2⤵
  PID:3740
- C:\Windows\System\hsGvplj.exe
  C:\Windows\System\hsGvplj.exe
  2⤵
  PID:3760
- C:\Windows\System\qJsMuMq.exe
  C:\Windows\System\qJsMuMq.exe
  2⤵
  PID:3780
- C:\Windows\System\YjpumHf.exe
  C:\Windows\System\YjpumHf.exe
  2⤵
  PID:3800
- C:\Windows\System\WClTBdD.exe
  C:\Windows\System\WClTBdD.exe
  2⤵
  PID:3820
- C:\Windows\System\HFEOgPK.exe
  C:\Windows\System\HFEOgPK.exe
  2⤵
  PID:3840
- C:\Windows\System\ajluobe.exe
  C:\Windows\System\ajluobe.exe
  2⤵
  PID:3860
- C:\Windows\System\ODceVWw.exe
  C:\Windows\System\ODceVWw.exe
  2⤵
  PID:3876
- C:\Windows\System\ypcNPhb.exe
  C:\Windows\System\ypcNPhb.exe
  2⤵
  PID:3900
- C:\Windows\System\CZuUquC.exe
  C:\Windows\System\CZuUquC.exe
  2⤵
  PID:3916
- C:\Windows\System\UTNmXiK.exe
  C:\Windows\System\UTNmXiK.exe
  2⤵
  PID:3940
- C:\Windows\System\DvVpLVb.exe
  C:\Windows\System\DvVpLVb.exe
  2⤵
  PID:3960
- C:\Windows\System\liUPqYG.exe
  C:\Windows\System\liUPqYG.exe
  2⤵
  PID:3976
- C:\Windows\System\AiyFqzr.exe
  C:\Windows\System\AiyFqzr.exe
  2⤵
  PID:4000
- C:\Windows\System\ZTrmZyu.exe
  C:\Windows\System\ZTrmZyu.exe
  2⤵
  PID:4016
- C:\Windows\System\rvKTmHv.exe
  C:\Windows\System\rvKTmHv.exe
  2⤵
  PID:4032
- C:\Windows\System\rbVlZqk.exe
  C:\Windows\System\rbVlZqk.exe
  2⤵
  PID:4048
- C:\Windows\System\cXcOLhV.exe
  C:\Windows\System\cXcOLhV.exe
  2⤵
  PID:4068
- C:\Windows\System\tEIOKdx.exe
  C:\Windows\System\tEIOKdx.exe
  2⤵
  PID:4084
- C:\Windows\System\jyNEwZs.exe
  C:\Windows\System\jyNEwZs.exe
  2⤵
  PID:1944
- C:\Windows\System\uljVBje.exe
  C:\Windows\System\uljVBje.exe
  2⤵
  PID:316
- C:\Windows\System\hTfkjkf.exe
  C:\Windows\System\hTfkjkf.exe
  2⤵
  PID:2740
- C:\Windows\System\emMjpED.exe
  C:\Windows\System\emMjpED.exe
  2⤵
  PID:1704
- C:\Windows\System\qVmyMgo.exe
  C:\Windows\System\qVmyMgo.exe
  2⤵
  PID:1972
- C:\Windows\System\WrwWSkH.exe
  C:\Windows\System\WrwWSkH.exe
  2⤵
  PID:3088
- C:\Windows\System\ZGYcctc.exe
  C:\Windows\System\ZGYcctc.exe
  2⤵
  PID:3152
- C:\Windows\System\BpCrYFU.exe
  C:\Windows\System\BpCrYFU.exe
  2⤵
  PID:3208
- C:\Windows\System\xdeEUar.exe
  C:\Windows\System\xdeEUar.exe
  2⤵
  PID:3248
- C:\Windows\System\PRbaQYm.exe
  C:\Windows\System\PRbaQYm.exe
  2⤵
  PID:3292
- C:\Windows\System\xubAFVY.exe
  C:\Windows\System\xubAFVY.exe
  2⤵
  PID:2916
- C:\Windows\System\gOWvYRf.exe
  C:\Windows\System\gOWvYRf.exe
  2⤵
  PID:2020
- C:\Windows\System\CJJxQZv.exe
  C:\Windows\System\CJJxQZv.exe
  2⤵
  PID:3388
- C:\Windows\System\ZgMGhCq.exe
  C:\Windows\System\ZgMGhCq.exe
  2⤵
  PID:3432
- C:\Windows\System\PKdHulz.exe
  C:\Windows\System\PKdHulz.exe
  2⤵
  PID:1992
- C:\Windows\System\TDHIUQO.exe
  C:\Windows\System\TDHIUQO.exe
  2⤵
  PID:572
- C:\Windows\System\OngqKaK.exe
  C:\Windows\System\OngqKaK.exe
  2⤵
  PID:2528
- C:\Windows\System\oIPCJLq.exe
  C:\Windows\System\oIPCJLq.exe
  2⤵
  PID:3512
- C:\Windows\System\ULsbELw.exe
  C:\Windows\System\ULsbELw.exe
  2⤵
  PID:2096
- C:\Windows\System\HDlNTEk.exe
  C:\Windows\System\HDlNTEk.exe
  2⤵
  PID:3524
- C:\Windows\System\DDGhLBi.exe
  C:\Windows\System\DDGhLBi.exe
  2⤵
  PID:1612
- C:\Windows\System\zLgwiXJ.exe
  C:\Windows\System\zLgwiXJ.exe
  2⤵
  PID:828
- C:\Windows\System\rzybbku.exe
  C:\Windows\System\rzybbku.exe
  2⤵
  PID:3228
- C:\Windows\System\MuOhofe.exe
  C:\Windows\System\MuOhofe.exe
  2⤵
  PID:3312
- C:\Windows\System\CabpKpw.exe
  C:\Windows\System\CabpKpw.exe
  2⤵
  PID:3364
- C:\Windows\System\cYYjczM.exe
  C:\Windows\System\cYYjczM.exe
  2⤵
  PID:3412
- C:\Windows\System\zNyMwSN.exe
  C:\Windows\System\zNyMwSN.exe
  2⤵
  PID:3488
- C:\Windows\System\PPwAQru.exe
  C:\Windows\System\PPwAQru.exe
  2⤵
  PID:1948
- C:\Windows\System\bDAVBvS.exe
  C:\Windows\System\bDAVBvS.exe
  2⤵
  PID:3140
- C:\Windows\System\qpYcpTg.exe
  C:\Windows\System\qpYcpTg.exe
  2⤵
  PID:1364
- C:\Windows\System\horodCp.exe
  C:\Windows\System\horodCp.exe
  2⤵
  PID:680
- C:\Windows\System\wFNjLYe.exe
  C:\Windows\System\wFNjLYe.exe
  2⤵
  PID:2888
- C:\Windows\System\BgPbGAh.exe
  C:\Windows\System\BgPbGAh.exe
  2⤵
  PID:2552
- C:\Windows\System\NGzWhmO.exe
  C:\Windows\System\NGzWhmO.exe
  2⤵
  PID:2660
- C:\Windows\System\OZCVFFg.exe
  C:\Windows\System\OZCVFFg.exe
  2⤵
  PID:1836
- C:\Windows\System\fBBFMfH.exe
  C:\Windows\System\fBBFMfH.exe
  2⤵
  PID:3008
- C:\Windows\System\DriKVnv.exe
  C:\Windows\System\DriKVnv.exe
  2⤵
  PID:3648
- C:\Windows\System\ocxpEkZ.exe
  C:\Windows\System\ocxpEkZ.exe
  2⤵
  PID:3664
- C:\Windows\System\DIXpcnv.exe
  C:\Windows\System\DIXpcnv.exe
  2⤵
  PID:3684
- C:\Windows\System\TeaFRpn.exe
  C:\Windows\System\TeaFRpn.exe
  2⤵
  PID:3700
- C:\Windows\System\Zyhvnms.exe
  C:\Windows\System\Zyhvnms.exe
  2⤵
  PID:3704
- C:\Windows\System\EAumiis.exe
  C:\Windows\System\EAumiis.exe
  2⤵
  PID:3624
- C:\Windows\System\wwHKlRi.exe
  C:\Windows\System\wwHKlRi.exe
  2⤵
  PID:3716
- C:\Windows\System\lPAafoo.exe
  C:\Windows\System\lPAafoo.exe
  2⤵
  PID:3792
- C:\Windows\System\jpEZRKj.exe
  C:\Windows\System\jpEZRKj.exe
  2⤵
  PID:3872
- C:\Windows\System\sKelvdC.exe
  C:\Windows\System\sKelvdC.exe
  2⤵
  PID:3988
- C:\Windows\System\EDFCnGA.exe
  C:\Windows\System\EDFCnGA.exe
  2⤵
  PID:4028
- C:\Windows\System\WegYues.exe
  C:\Windows\System\WegYues.exe
  2⤵
  PID:1600
- C:\Windows\System\AsRkuEe.exe
  C:\Windows\System\AsRkuEe.exe
  2⤵
  PID:3776
- C:\Windows\System\SAuSWfK.exe
  C:\Windows\System\SAuSWfK.exe
  2⤵
  PID:3768
- C:\Windows\System\VKeOxnI.exe
  C:\Windows\System\VKeOxnI.exe
  2⤵
  PID:2668
- C:\Windows\System\xRTlWnB.exe
  C:\Windows\System\xRTlWnB.exe
  2⤵
  PID:3852
- C:\Windows\System\nKWwaqC.exe
  C:\Windows\System\nKWwaqC.exe
  2⤵
  PID:3896
- C:\Windows\System\OteQIhs.exe
  C:\Windows\System\OteQIhs.exe
  2⤵
  PID:3968
- C:\Windows\System\bqJKQbI.exe
  C:\Windows\System\bqJKQbI.exe
  2⤵
  PID:3428
- C:\Windows\System\PMAmNlv.exe
  C:\Windows\System\PMAmNlv.exe
  2⤵
  PID:1224
- C:\Windows\System\XACSgkW.exe
  C:\Windows\System\XACSgkW.exe
  2⤵
  PID:3296
- C:\Windows\System\sGzAkuW.exe
  C:\Windows\System\sGzAkuW.exe
  2⤵
  PID:2400
- C:\Windows\System\UTeLMTX.exe
  C:\Windows\System\UTeLMTX.exe
  2⤵
  PID:3204
- C:\Windows\System\OdTMOcn.exe
  C:\Windows\System\OdTMOcn.exe
  2⤵
  PID:1676
- C:\Windows\System\DCyNQPT.exe
  C:\Windows\System\DCyNQPT.exe
  2⤵
  PID:4076
- C:\Windows\System\CJhAnGn.exe
  C:\Windows\System\CJhAnGn.exe
  2⤵
  PID:2116
- C:\Windows\System\jFImOtU.exe
  C:\Windows\System\jFImOtU.exe
  2⤵
  PID:1312
- C:\Windows\System\IXZNKDc.exe
  C:\Windows\System\IXZNKDc.exe
  2⤵
  PID:2408
- C:\Windows\System\xyxmKAn.exe
  C:\Windows\System\xyxmKAn.exe
  2⤵
  PID:2172
- C:\Windows\System\vsCxLdv.exe
  C:\Windows\System\vsCxLdv.exe
  2⤵
  PID:2088
- C:\Windows\System\tfITGVh.exe
  C:\Windows\System\tfITGVh.exe
  2⤵
  PID:3188
- C:\Windows\System\GAfjScI.exe
  C:\Windows\System\GAfjScI.exe
  2⤵
  PID:3356
- C:\Windows\System\qzVIVlX.exe
  C:\Windows\System\qzVIVlX.exe
  2⤵
  PID:3268
- C:\Windows\System\rZwYgRS.exe
  C:\Windows\System\rZwYgRS.exe
  2⤵
  PID:3224
- C:\Windows\System\PvWvAKt.exe
  C:\Windows\System\PvWvAKt.exe
  2⤵
  PID:3192
- C:\Windows\System\DzwNckp.exe
  C:\Windows\System\DzwNckp.exe
  2⤵
  PID:2476
- C:\Windows\System\iqqUwXh.exe
  C:\Windows\System\iqqUwXh.exe
  2⤵
  PID:1080
- C:\Windows\System\AGJNxea.exe
  C:\Windows\System\AGJNxea.exe
  2⤵
  PID:1788
- C:\Windows\System\nyUaBgF.exe
  C:\Windows\System\nyUaBgF.exe
  2⤵
  PID:3640
- C:\Windows\System\zIBlwtY.exe
  C:\Windows\System\zIBlwtY.exe
  2⤵
  PID:548
- C:\Windows\System\IutaxeC.exe
  C:\Windows\System\IutaxeC.exe
  2⤵
  PID:3680
- C:\Windows\System\RBvAAjq.exe
  C:\Windows\System\RBvAAjq.exe
  2⤵
  PID:3656
- C:\Windows\System\MiFVPoG.exe
  C:\Windows\System\MiFVPoG.exe
  2⤵
  PID:3868
- C:\Windows\System\UbbXhlQ.exe
  C:\Windows\System\UbbXhlQ.exe
  2⤵
  PID:3788
- C:\Windows\System\hRvDuSb.exe
  C:\Windows\System\hRvDuSb.exe
  2⤵
  PID:3608
- C:\Windows\System\YNSlbGA.exe
  C:\Windows\System\YNSlbGA.exe
  2⤵
  PID:3956
- C:\Windows\System\PMuojkj.exe
  C:\Windows\System\PMuojkj.exe
  2⤵
  PID:3732
- C:\Windows\System\EIrYDhE.exe
  C:\Windows\System\EIrYDhE.exe
  2⤵
  PID:1728
- C:\Windows\System\spAECBY.exe
  C:\Windows\System\spAECBY.exe
  2⤵
  PID:3884
- C:\Windows\System\KJoKHTo.exe
  C:\Windows\System\KJoKHTo.exe
  2⤵
  PID:3848
- C:\Windows\System\YrwpvxP.exe
  C:\Windows\System\YrwpvxP.exe
  2⤵
  PID:2792
- C:\Windows\System\KhSiqUx.exe
  C:\Windows\System\KhSiqUx.exe
  2⤵
  PID:2992
- C:\Windows\System\WfQrKGY.exe
  C:\Windows\System\WfQrKGY.exe
  2⤵
  PID:3012
- C:\Windows\System\lBHSCDP.exe
  C:\Windows\System\lBHSCDP.exe
  2⤵
  PID:4080
- C:\Windows\System\zrtgtGt.exe
  C:\Windows\System\zrtgtGt.exe
  2⤵
  PID:2144
- C:\Windows\System\wMWFBIV.exe
  C:\Windows\System\wMWFBIV.exe
  2⤵
  PID:2092
- C:\Windows\System\RDdFjVw.exe
  C:\Windows\System\RDdFjVw.exe
  2⤵
  PID:3476
- C:\Windows\System\mnsjNcV.exe
  C:\Windows\System\mnsjNcV.exe
  2⤵
  PID:1680
- C:\Windows\System\eHXBPvu.exe
  C:\Windows\System\eHXBPvu.exe
  2⤵
  PID:3452
- C:\Windows\System\Lvgdbah.exe
  C:\Windows\System\Lvgdbah.exe
  2⤵
  PID:3180
- C:\Windows\System\XbKQZSX.exe
  C:\Windows\System\XbKQZSX.exe
  2⤵
  PID:2656
- C:\Windows\System\SfAmoYn.exe
  C:\Windows\System\SfAmoYn.exe
  2⤵
  PID:1512
- C:\Windows\System\zpnBDjO.exe
  C:\Windows\System\zpnBDjO.exe
  2⤵
  PID:1528
- C:\Windows\System\HgcBQfI.exe
  C:\Windows\System\HgcBQfI.exe
  2⤵
  PID:3676
- C:\Windows\System\AgITnMC.exe
  C:\Windows\System\AgITnMC.exe
  2⤵
  PID:3712
- C:\Windows\System\UwyRHwX.exe
  C:\Windows\System\UwyRHwX.exe
  2⤵
  PID:3948
- C:\Windows\System\CMUXiIP.exe
  C:\Windows\System\CMUXiIP.exe
  2⤵
  PID:4060
- C:\Windows\System\wGVtBCu.exe
  C:\Windows\System\wGVtBCu.exe
  2⤵
  PID:4064
- C:\Windows\System\XPwsVYw.exe
  C:\Windows\System\XPwsVYw.exe
  2⤵
  PID:3344
- C:\Windows\System\zjIDari.exe
  C:\Windows\System\zjIDari.exe
  2⤵
  PID:3928
- C:\Windows\System\iyVbGGa.exe
  C:\Windows\System\iyVbGGa.exe
  2⤵
  PID:1076
- C:\Windows\System\AIxvbog.exe
  C:\Windows\System\AIxvbog.exe
  2⤵
  PID:4108
- C:\Windows\System\bvZTRdx.exe
  C:\Windows\System\bvZTRdx.exe
  2⤵
  PID:4132
- C:\Windows\System\pTtANLG.exe
  C:\Windows\System\pTtANLG.exe
  2⤵
  PID:4152
- C:\Windows\System\AbNBvoV.exe
  C:\Windows\System\AbNBvoV.exe
  2⤵
  PID:4172
- C:\Windows\System\agmOwbi.exe
  C:\Windows\System\agmOwbi.exe
  2⤵
  PID:4196
- C:\Windows\System\eExPGXm.exe
  C:\Windows\System\eExPGXm.exe
  2⤵
  PID:4216
- C:\Windows\System\alQABGk.exe
  C:\Windows\System\alQABGk.exe
  2⤵
  PID:4232
- C:\Windows\System\uXMwfhU.exe
  C:\Windows\System\uXMwfhU.exe
  2⤵
  PID:4256
- C:\Windows\System\oCMRYNm.exe
  C:\Windows\System\oCMRYNm.exe
  2⤵
  PID:4276
- C:\Windows\System\FILWCuv.exe
  C:\Windows\System\FILWCuv.exe
  2⤵
  PID:4296
- C:\Windows\System\tWzlKEW.exe
  C:\Windows\System\tWzlKEW.exe
  2⤵
  PID:4312
- C:\Windows\System\VAVwdNl.exe
  C:\Windows\System\VAVwdNl.exe
  2⤵
  PID:4336
- C:\Windows\System\QgIpqwY.exe
  C:\Windows\System\QgIpqwY.exe
  2⤵
  PID:4352
- C:\Windows\System\ZqacqaP.exe
  C:\Windows\System\ZqacqaP.exe
  2⤵
  PID:4372
- C:\Windows\System\XYbdFMm.exe
  C:\Windows\System\XYbdFMm.exe
  2⤵
  PID:4392
- C:\Windows\System\zjbdhmK.exe
  C:\Windows\System\zjbdhmK.exe
  2⤵
  PID:4416
- C:\Windows\System\RHKbQUW.exe
  C:\Windows\System\RHKbQUW.exe
  2⤵
  PID:4432
- C:\Windows\System\bjQDdQe.exe
  C:\Windows\System\bjQDdQe.exe
  2⤵
  PID:4452
- C:\Windows\System\mfdMpLV.exe
  C:\Windows\System\mfdMpLV.exe
  2⤵
  PID:4480
- C:\Windows\System\nhVRHYH.exe
  C:\Windows\System\nhVRHYH.exe
  2⤵
  PID:4500
- C:\Windows\System\gVHWAhP.exe
  C:\Windows\System\gVHWAhP.exe
  2⤵
  PID:4516
- C:\Windows\System\uLdZdGz.exe
  C:\Windows\System\uLdZdGz.exe
  2⤵
  PID:4540
- C:\Windows\System\QNGlIHQ.exe
  C:\Windows\System\QNGlIHQ.exe
  2⤵
  PID:4560
- C:\Windows\System\DrtMigA.exe
  C:\Windows\System\DrtMigA.exe
  2⤵
  PID:4580
- C:\Windows\System\zzJwdBC.exe
  C:\Windows\System\zzJwdBC.exe
  2⤵
  PID:4596
- C:\Windows\System\PPyoIKx.exe
  C:\Windows\System\PPyoIKx.exe
  2⤵
  PID:4616
- C:\Windows\System\uXLevZr.exe
  C:\Windows\System\uXLevZr.exe
  2⤵
  PID:4636
- C:\Windows\System\OntVSSZ.exe
  C:\Windows\System\OntVSSZ.exe
  2⤵
  PID:4660
- C:\Windows\System\NwgqDre.exe
  C:\Windows\System\NwgqDre.exe
  2⤵
  PID:4680
- C:\Windows\System\JexWout.exe
  C:\Windows\System\JexWout.exe
  2⤵
  PID:4700
- C:\Windows\System\xqovgQe.exe
  C:\Windows\System\xqovgQe.exe
  2⤵
  PID:4716
- C:\Windows\System\YvkhqRg.exe
  C:\Windows\System\YvkhqRg.exe
  2⤵
  PID:4740
- C:\Windows\System\dOkotID.exe
  C:\Windows\System\dOkotID.exe
  2⤵
  PID:4756
- C:\Windows\System\XgeBQXa.exe
  C:\Windows\System\XgeBQXa.exe
  2⤵
  PID:4780
- C:\Windows\System\raWcJiK.exe
  C:\Windows\System\raWcJiK.exe
  2⤵
  PID:4800
- C:\Windows\System\uLSFnEc.exe
  C:\Windows\System\uLSFnEc.exe
  2⤵
  PID:4816
- C:\Windows\System\BxvuUDG.exe
  C:\Windows\System\BxvuUDG.exe
  2⤵
  PID:4836
- C:\Windows\System\PsZJOsO.exe
  C:\Windows\System\PsZJOsO.exe
  2⤵
  PID:4860
- C:\Windows\System\AorjYly.exe
  C:\Windows\System\AorjYly.exe
  2⤵
  PID:4884
- C:\Windows\System\NhwSgbs.exe
  C:\Windows\System\NhwSgbs.exe
  2⤵
  PID:4904
- C:\Windows\System\AOIlDkG.exe
  C:\Windows\System\AOIlDkG.exe
  2⤵
  PID:4924
- C:\Windows\System\LirpLJl.exe
  C:\Windows\System\LirpLJl.exe
  2⤵
  PID:4944
- C:\Windows\System\cTDdOxC.exe
  C:\Windows\System\cTDdOxC.exe
  2⤵
  PID:4964
- C:\Windows\System\uZwmVCp.exe
  C:\Windows\System\uZwmVCp.exe
  2⤵
  PID:4980
- C:\Windows\System\tVvXVVk.exe
  C:\Windows\System\tVvXVVk.exe
  2⤵
  PID:5000
- C:\Windows\System\NVQiOpq.exe
  C:\Windows\System\NVQiOpq.exe
  2⤵
  PID:5016
- C:\Windows\System\fEMIygR.exe
  C:\Windows\System\fEMIygR.exe
  2⤵
  PID:5040
- C:\Windows\System\IePxPja.exe
  C:\Windows\System\IePxPja.exe
  2⤵
  PID:5064
- C:\Windows\System\WELunbj.exe
  C:\Windows\System\WELunbj.exe
  2⤵
  PID:5080
- C:\Windows\System\xWUUrIt.exe
  C:\Windows\System\xWUUrIt.exe
  2⤵
  PID:5104
- C:\Windows\System\EaAMunv.exe
  C:\Windows\System\EaAMunv.exe
  2⤵
  PID:2880
- C:\Windows\System\QgqhEFO.exe
  C:\Windows\System\QgqhEFO.exe
  2⤵
  PID:3300
- C:\Windows\System\XgeeLxA.exe
  C:\Windows\System\XgeeLxA.exe
  2⤵
  PID:1412
- C:\Windows\System\rxzWQvG.exe
  C:\Windows\System\rxzWQvG.exe
  2⤵
  PID:3220
- C:\Windows\System\EnQJSWY.exe
  C:\Windows\System\EnQJSWY.exe
  2⤵
  PID:2760
- C:\Windows\System\jJYGJMC.exe
  C:\Windows\System\jJYGJMC.exe
  2⤵
  PID:2732
- C:\Windows\System\CbafxGj.exe
  C:\Windows\System\CbafxGj.exe
  2⤵
  PID:2424
- C:\Windows\System\ZQQDkZM.exe
  C:\Windows\System\ZQQDkZM.exe
  2⤵
  PID:3672
- C:\Windows\System\OxvCOru.exe
  C:\Windows\System\OxvCOru.exe
  2⤵
  PID:3708
- C:\Windows\System\pXulBYU.exe
  C:\Windows\System\pXulBYU.exe
  2⤵
  PID:2164
- C:\Windows\System\ccNgLsF.exe
  C:\Windows\System\ccNgLsF.exe
  2⤵
  PID:3936
- C:\Windows\System\ksfKEcA.exe
  C:\Windows\System\ksfKEcA.exe
  2⤵
  PID:4092
- C:\Windows\System\PoFzxTU.exe
  C:\Windows\System\PoFzxTU.exe
  2⤵
  PID:3288
- C:\Windows\System\WYTcvKL.exe
  C:\Windows\System\WYTcvKL.exe
  2⤵
  PID:4204
- C:\Windows\System\BEKFcNO.exe
  C:\Windows\System\BEKFcNO.exe
  2⤵
  PID:4192
- C:\Windows\System\pzXMIMa.exe
  C:\Windows\System\pzXMIMa.exe
  2⤵
  PID:4244
- C:\Windows\System\odgQwsH.exe
  C:\Windows\System\odgQwsH.exe
  2⤵
  PID:4248
- C:\Windows\System\kSjnadt.exe
  C:\Windows\System\kSjnadt.exe
  2⤵
  PID:4268
- C:\Windows\System\zpuMpNE.exe
  C:\Windows\System\zpuMpNE.exe
  2⤵
  PID:4328
- C:\Windows\System\Hhpnrwg.exe
  C:\Windows\System\Hhpnrwg.exe
  2⤵
  PID:4368
- C:\Windows\System\DzrSvtV.exe
  C:\Windows\System\DzrSvtV.exe
  2⤵
  PID:4384
- C:\Windows\System\ChuGdpK.exe
  C:\Windows\System\ChuGdpK.exe
  2⤵
  PID:4448
- C:\Windows\System\xIRnHRQ.exe
  C:\Windows\System\xIRnHRQ.exe
  2⤵
  PID:4488
- C:\Windows\System\oAtHReZ.exe
  C:\Windows\System\oAtHReZ.exe
  2⤵
  PID:4468
- C:\Windows\System\iiACphi.exe
  C:\Windows\System\iiACphi.exe
  2⤵
  PID:4536
- C:\Windows\System\bavVZyO.exe
  C:\Windows\System\bavVZyO.exe
  2⤵
  PID:4576
- C:\Windows\System\pZuYpUg.exe
  C:\Windows\System\pZuYpUg.exe
  2⤵
  PID:4608
- C:\Windows\System\dIukhWp.exe
  C:\Windows\System\dIukhWp.exe
  2⤵
  PID:4652
- C:\Windows\System\fFgAAWi.exe
  C:\Windows\System\fFgAAWi.exe
  2⤵
  PID:4688
- C:\Windows\System\kXjNQSC.exe
  C:\Windows\System\kXjNQSC.exe
  2⤵
  PID:4676
- C:\Windows\System\XSIDSeG.exe
  C:\Windows\System\XSIDSeG.exe
  2⤵
  PID:4712
- C:\Windows\System\JnwExth.exe
  C:\Windows\System\JnwExth.exe
  2⤵
  PID:4768
- C:\Windows\System\GmNGMvc.exe
  C:\Windows\System\GmNGMvc.exe
  2⤵
  PID:4792
- C:\Windows\System\jbdmLgB.exe
  C:\Windows\System\jbdmLgB.exe
  2⤵
  PID:4848
- C:\Windows\System\ggzbwEV.exe
  C:\Windows\System\ggzbwEV.exe
  2⤵
  PID:4880
- C:\Windows\System\GftqZKZ.exe
  C:\Windows\System\GftqZKZ.exe
  2⤵
  PID:4472
- C:\Windows\System\mLYTwtc.exe
  C:\Windows\System\mLYTwtc.exe
  2⤵
  PID:4940
- C:\Windows\System\ZvStvaB.exe
  C:\Windows\System\ZvStvaB.exe
  2⤵
  PID:4972
- C:\Windows\System\wWjbstd.exe
  C:\Windows\System\wWjbstd.exe
  2⤵
  PID:5048
- C:\Windows\System\VatUKDv.exe
  C:\Windows\System\VatUKDv.exe
  2⤵
  PID:5060
- C:\Windows\System\kOyqnWl.exe
  C:\Windows\System\kOyqnWl.exe
  2⤵
  PID:5088
- C:\Windows\System\BICjXqO.exe
  C:\Windows\System\BICjXqO.exe
  2⤵
  PID:5072
- C:\Windows\System\BTZOhDm.exe
  C:\Windows\System\BTZOhDm.exe
  2⤵
  PID:936
- C:\Windows\System\wDsZBfS.exe
  C:\Windows\System\wDsZBfS.exe
  2⤵
  PID:4040
- C:\Windows\System\rMtFaym.exe
  C:\Windows\System\rMtFaym.exe
  2⤵
  PID:3500
- C:\Windows\System\EDYhEww.exe
  C:\Windows\System\EDYhEww.exe
  2⤵
  PID:2100
- C:\Windows\System\idTsOZU.exe
  C:\Windows\System\idTsOZU.exe
  2⤵
  PID:3596
- C:\Windows\System\HdxTeAJ.exe
  C:\Windows\System\HdxTeAJ.exe
  2⤵
  PID:3616
- C:\Windows\System\QvtsyQR.exe
  C:\Windows\System\QvtsyQR.exe
  2⤵
  PID:3728
- C:\Windows\System\lnMJmMv.exe
  C:\Windows\System\lnMJmMv.exe
  2⤵
  PID:4120
- C:\Windows\System\ehOTXNU.exe
  C:\Windows\System\ehOTXNU.exe
  2⤵
  PID:4144
- C:\Windows\System\jPCDTAr.exe
  C:\Windows\System\jPCDTAr.exe
  2⤵
  PID:4208
- C:\Windows\System\dpNkzMz.exe
  C:\Windows\System\dpNkzMz.exe
  2⤵
  PID:4288
- C:\Windows\System\yGGpsAG.exe
  C:\Windows\System\yGGpsAG.exe
  2⤵
  PID:4344
- C:\Windows\System\qEtDAlh.exe
  C:\Windows\System\qEtDAlh.exe
  2⤵
  PID:4400
- C:\Windows\System\mhIiHtO.exe
  C:\Windows\System\mhIiHtO.exe
  2⤵
  PID:4440
- C:\Windows\System\FyqEQAA.exe
  C:\Windows\System\FyqEQAA.exe
  2⤵
  PID:4476
- C:\Windows\System\Yllrdku.exe
  C:\Windows\System\Yllrdku.exe
  2⤵
  PID:4568
- C:\Windows\System\EcGbAfS.exe
  C:\Windows\System\EcGbAfS.exe
  2⤵
  PID:4556
- C:\Windows\System\zPMyPCR.exe
  C:\Windows\System\zPMyPCR.exe
  2⤵
  PID:4668
- C:\Windows\System\xifhpMS.exe
  C:\Windows\System\xifhpMS.exe
  2⤵
  PID:4708
- C:\Windows\System\RIdASvh.exe
  C:\Windows\System\RIdASvh.exe
  2⤵
  PID:4808
- C:\Windows\System\XNrVJEa.exe
  C:\Windows\System\XNrVJEa.exe
  2⤵
  PID:4876
- C:\Windows\System\oKEWGLi.exe
  C:\Windows\System\oKEWGLi.exe
  2⤵
  PID:4832
- C:\Windows\System\owkWrMz.exe
  C:\Windows\System\owkWrMz.exe
  2⤵
  PID:4912
- C:\Windows\System\TXWZjfP.exe
  C:\Windows\System\TXWZjfP.exe
  2⤵
  PID:4996
- C:\Windows\System\cCAyAXC.exe
  C:\Windows\System\cCAyAXC.exe
  2⤵
  PID:3796
- C:\Windows\System\SEdhtuP.exe
  C:\Windows\System\SEdhtuP.exe
  2⤵
  PID:1720
- C:\Windows\System\CpobrcE.exe
  C:\Windows\System\CpobrcE.exe
  2⤵
  PID:5032
- C:\Windows\System\RuwhYbw.exe
  C:\Windows\System\RuwhYbw.exe
  2⤵
  PID:2928
- C:\Windows\System\wewSeWo.exe
  C:\Windows\System\wewSeWo.exe
  2⤵
  PID:1796
- C:\Windows\System\TNxnriu.exe
  C:\Windows\System\TNxnriu.exe
  2⤵
  PID:4180
- C:\Windows\System\kpQgibc.exe
  C:\Windows\System\kpQgibc.exe
  2⤵
  PID:4308
- C:\Windows\System\IfZesxr.exe
  C:\Windows\System\IfZesxr.exe
  2⤵
  PID:5124
- C:\Windows\System\qMnVMFH.exe
  C:\Windows\System\qMnVMFH.exe
  2⤵
  PID:5140
- C:\Windows\System\MhiyTzL.exe
  C:\Windows\System\MhiyTzL.exe
  2⤵
  PID:5164
- C:\Windows\System\XryWzPR.exe
  C:\Windows\System\XryWzPR.exe
  2⤵
  PID:5184
- C:\Windows\System\VrlTBgm.exe
  C:\Windows\System\VrlTBgm.exe
  2⤵
  PID:5200
- C:\Windows\System\VRLUuZt.exe
  C:\Windows\System\VRLUuZt.exe
  2⤵
  PID:5224
- C:\Windows\System\uwbgWrO.exe
  C:\Windows\System\uwbgWrO.exe
  2⤵
  PID:5240
- C:\Windows\System\vGKtfar.exe
  C:\Windows\System\vGKtfar.exe
  2⤵
  PID:5256
- C:\Windows\System\VyypcjR.exe
  C:\Windows\System\VyypcjR.exe
  2⤵
  PID:5300
- C:\Windows\System\tMTptOp.exe
  C:\Windows\System\tMTptOp.exe
  2⤵
  PID:5332
- C:\Windows\System\zVohwEX.exe
  C:\Windows\System\zVohwEX.exe
  2⤵
  PID:5352
- C:\Windows\System\YnJXfUe.exe
  C:\Windows\System\YnJXfUe.exe
  2⤵
  PID:5368
- C:\Windows\System\QyPdkrZ.exe
  C:\Windows\System\QyPdkrZ.exe
  2⤵
  PID:5392
- C:\Windows\System\kuOxanA.exe
  C:\Windows\System\kuOxanA.exe
  2⤵
  PID:5412
- C:\Windows\System\jGJEGCt.exe
  C:\Windows\System\jGJEGCt.exe
  2⤵
  PID:5428
- C:\Windows\System\GLtQkkM.exe
  C:\Windows\System\GLtQkkM.exe
  2⤵
  PID:5448
- C:\Windows\System\KtbYDsv.exe
  C:\Windows\System\KtbYDsv.exe
  2⤵
  PID:5468
- C:\Windows\System\CNSWaTk.exe
  C:\Windows\System\CNSWaTk.exe
  2⤵
  PID:5488
- C:\Windows\System\gOCdIEN.exe
  C:\Windows\System\gOCdIEN.exe
  2⤵
  PID:5508
- C:\Windows\System\YffXTpB.exe
  C:\Windows\System\YffXTpB.exe
  2⤵
  PID:5528
- C:\Windows\System\PkKeOZL.exe
  C:\Windows\System\PkKeOZL.exe
  2⤵
  PID:5552
- C:\Windows\System\ktDcZaA.exe
  C:\Windows\System\ktDcZaA.exe
  2⤵
  PID:5568
- C:\Windows\System\bYRfrWU.exe
  C:\Windows\System\bYRfrWU.exe
  2⤵
  PID:5588
- C:\Windows\System\AYhcnRx.exe
  C:\Windows\System\AYhcnRx.exe
  2⤵
  PID:5608
- C:\Windows\System\gTNrZkX.exe
  C:\Windows\System\gTNrZkX.exe
  2⤵
  PID:5628
- C:\Windows\System\ZqtrTrI.exe
  C:\Windows\System\ZqtrTrI.exe
  2⤵
  PID:5648
- C:\Windows\System\IcYMasB.exe
  C:\Windows\System\IcYMasB.exe
  2⤵
  PID:5664
- C:\Windows\System\FUAIuHw.exe
  C:\Windows\System\FUAIuHw.exe
  2⤵
  PID:5684
- C:\Windows\System\QIGIQOD.exe
  C:\Windows\System\QIGIQOD.exe
  2⤵
  PID:5704
- C:\Windows\System\XdlmzKT.exe
  C:\Windows\System\XdlmzKT.exe
  2⤵
  PID:5728
- C:\Windows\System\HCZbvgh.exe
  C:\Windows\System\HCZbvgh.exe
  2⤵
  PID:5748
- C:\Windows\System\REpWftK.exe
  C:\Windows\System\REpWftK.exe
  2⤵
  PID:5768
- C:\Windows\System\NMcwvnl.exe
  C:\Windows\System\NMcwvnl.exe
  2⤵
  PID:5788
- C:\Windows\System\sZERVWa.exe
  C:\Windows\System\sZERVWa.exe
  2⤵
  PID:5808
- C:\Windows\System\QEyhGvW.exe
  C:\Windows\System\QEyhGvW.exe
  2⤵
  PID:5828
- C:\Windows\System\SUkenxN.exe
  C:\Windows\System\SUkenxN.exe
  2⤵
  PID:5848
- C:\Windows\System\CsDOSlm.exe
  C:\Windows\System\CsDOSlm.exe
  2⤵
  PID:5864
- C:\Windows\System\dUJqsza.exe
  C:\Windows\System\dUJqsza.exe
  2⤵
  PID:5884
- C:\Windows\System\fMGFjFr.exe
  C:\Windows\System\fMGFjFr.exe
  2⤵
  PID:5912
- C:\Windows\System\QZLCwDt.exe
  C:\Windows\System\QZLCwDt.exe
  2⤵
  PID:5932
- C:\Windows\System\kBcPfwJ.exe
  C:\Windows\System\kBcPfwJ.exe
  2⤵
  PID:5952
- C:\Windows\System\wXaPwWp.exe
  C:\Windows\System\wXaPwWp.exe
  2⤵
  PID:5972
- C:\Windows\System\ixfLlnl.exe
  C:\Windows\System\ixfLlnl.exe
  2⤵
  PID:5988
- C:\Windows\System\fptNtbU.exe
  C:\Windows\System\fptNtbU.exe
  2⤵
  PID:6004
- C:\Windows\System\aIrdOXG.exe
  C:\Windows\System\aIrdOXG.exe
  2⤵
  PID:6020
- C:\Windows\System\zuRyGxm.exe
  C:\Windows\System\zuRyGxm.exe
  2⤵
  PID:6036
- C:\Windows\System\RqfdpVv.exe
  C:\Windows\System\RqfdpVv.exe
  2⤵
  PID:6052
- C:\Windows\System\kZhNcqt.exe
  C:\Windows\System\kZhNcqt.exe
  2⤵
  PID:6072
- C:\Windows\System\vILmVha.exe
  C:\Windows\System\vILmVha.exe
  2⤵
  PID:6092
- C:\Windows\System\QQyLFoo.exe
  C:\Windows\System\QQyLFoo.exe
  2⤵
  PID:6108
- C:\Windows\System\ApvEkdN.exe
  C:\Windows\System\ApvEkdN.exe
  2⤵
  PID:6124
- C:\Windows\System\UpzmWgD.exe
  C:\Windows\System\UpzmWgD.exe
  2⤵
  PID:6140
- C:\Windows\System\DvCXlxx.exe
  C:\Windows\System\DvCXlxx.exe
  2⤵
  PID:4492
- C:\Windows\System\nuPtYQT.exe
  C:\Windows\System\nuPtYQT.exe
  2⤵
  PID:1664
- C:\Windows\System\RVbbMuG.exe
  C:\Windows\System\RVbbMuG.exe
  2⤵
  PID:4324
- C:\Windows\System\QGPchTw.exe
  C:\Windows\System\QGPchTw.exe
  2⤵
  PID:4160
- C:\Windows\System\CkkjhoS.exe
  C:\Windows\System\CkkjhoS.exe
  2⤵
  PID:752
- C:\Windows\System\JHlFpik.exe
  C:\Windows\System\JHlFpik.exe
  2⤵
  PID:4960
- C:\Windows\System\UnuFVva.exe
  C:\Windows\System\UnuFVva.exe
  2⤵
  PID:4988
- C:\Windows\System\hZDwraU.exe
  C:\Windows\System\hZDwraU.exe
  2⤵
  PID:1696
- C:\Windows\System\WGAIcnT.exe
  C:\Windows\System\WGAIcnT.exe
  2⤵
  PID:352
- C:\Windows\System\lVtrcRW.exe
  C:\Windows\System\lVtrcRW.exe
  2⤵
  PID:4164
- C:\Windows\System\epYlFzw.exe
  C:\Windows\System\epYlFzw.exe
  2⤵
  PID:5148
- C:\Windows\System\oGtIblz.exe
  C:\Windows\System\oGtIblz.exe
  2⤵
  PID:5192
- C:\Windows\System\cCaTBZT.exe
  C:\Windows\System\cCaTBZT.exe
  2⤵
  PID:4624
- C:\Windows\System\IOPOAfY.exe
  C:\Windows\System\IOPOAfY.exe
  2⤵
  PID:4796
- C:\Windows\System\WKkWezD.exe
  C:\Windows\System\WKkWezD.exe
  2⤵
  PID:4824
- C:\Windows\System\cgikLEi.exe
  C:\Windows\System\cgikLEi.exe
  2⤵
  PID:3460
- C:\Windows\System\WumWjpb.exe
  C:\Windows\System\WumWjpb.exe
  2⤵
  PID:4320
- C:\Windows\System\HOLQAPr.exe
  C:\Windows\System\HOLQAPr.exe
  2⤵
  PID:4732
- C:\Windows\System\hgYbuWX.exe
  C:\Windows\System\hgYbuWX.exe
  2⤵
  PID:5292
- C:\Windows\System\IfYHDfg.exe
  C:\Windows\System\IfYHDfg.exe
  2⤵
  PID:5248
- C:\Windows\System\XxLhhhR.exe
  C:\Windows\System\XxLhhhR.exe
  2⤵
  PID:5176
- C:\Windows\System\LSCNfEi.exe
  C:\Windows\System\LSCNfEi.exe
  2⤵
  PID:5340
- C:\Windows\System\pazbeNU.exe
  C:\Windows\System\pazbeNU.exe
  2⤵
  PID:5384
- C:\Windows\System\SeDyqAH.exe
  C:\Windows\System\SeDyqAH.exe
  2⤵
  PID:5316
- C:\Windows\System\kjsyALy.exe
  C:\Windows\System\kjsyALy.exe
  2⤵
  PID:5364
- C:\Windows\System\uoulTDG.exe
  C:\Windows\System\uoulTDG.exe
  2⤵
  PID:5496
- C:\Windows\System\nyKrZmy.exe
  C:\Windows\System\nyKrZmy.exe
  2⤵
  PID:5660
- C:\Windows\System\xrlsMhH.exe
  C:\Windows\System\xrlsMhH.exe
  2⤵
  PID:5736
- C:\Windows\System\pOFfvdj.exe
  C:\Windows\System\pOFfvdj.exe
  2⤵
  PID:5780
- C:\Windows\System\BbTybvQ.exe
  C:\Windows\System\BbTybvQ.exe
  2⤵
  PID:5860
- C:\Windows\System\icxzsEO.exe
  C:\Windows\System\icxzsEO.exe
  2⤵
  PID:5944
- C:\Windows\System\tUIFnDE.exe
  C:\Windows\System\tUIFnDE.exe
  2⤵
  PID:2296
- C:\Windows\System\FtVUSSO.exe
  C:\Windows\System\FtVUSSO.exe
  2⤵
  PID:6048
- C:\Windows\System\bzdCYVH.exe
  C:\Windows\System\bzdCYVH.exe
  2⤵
  PID:6116
- C:\Windows\System\Wgsigba.exe
  C:\Windows\System\Wgsigba.exe
  2⤵
  PID:2256
- C:\Windows\System\RvEvvpH.exe
  C:\Windows\System\RvEvvpH.exe
  2⤵
  PID:4956
- C:\Windows\System\KWYwDop.exe
  C:\Windows\System\KWYwDop.exe
  2⤵
  PID:4548
- C:\Windows\System\HVgyRWl.exe
  C:\Windows\System\HVgyRWl.exe
  2⤵
  PID:5604
- C:\Windows\System\xpnCrIe.exe
  C:\Windows\System\xpnCrIe.exe
  2⤵
  PID:5640
- C:\Windows\System\gDlZSps.exe
  C:\Windows\System\gDlZSps.exe
  2⤵
  PID:5720
- C:\Windows\System\rACQuzA.exe
  C:\Windows\System\rACQuzA.exe
  2⤵
  PID:5312
- C:\Windows\System\FwSfYGy.exe
  C:\Windows\System\FwSfYGy.exe
  2⤵
  PID:5800
- C:\Windows\System\mFnNuej.exe
  C:\Windows\System\mFnNuej.exe
  2⤵
  PID:1172
- C:\Windows\System\YPPkwzj.exe
  C:\Windows\System\YPPkwzj.exe
  2⤵
  PID:5840
- C:\Windows\System\WOgbNsd.exe
  C:\Windows\System\WOgbNsd.exe
  2⤵
  PID:5324
- C:\Windows\System\loxccqd.exe
  C:\Windows\System\loxccqd.exe
  2⤵
  PID:5968
- C:\Windows\System\khoKEMi.exe
  C:\Windows\System\khoKEMi.exe
  2⤵
  PID:1476
- C:\Windows\System\qishqLs.exe
  C:\Windows\System\qishqLs.exe
  2⤵
  PID:3124
- C:\Windows\System\DdaUhIS.exe
  C:\Windows\System\DdaUhIS.exe
  2⤵
  PID:5420
- C:\Windows\System\PXvReYq.exe
  C:\Windows\System\PXvReYq.exe
  2⤵
  PID:5220
- C:\Windows\System\IpgKbaJ.exe
  C:\Windows\System\IpgKbaJ.exe
  2⤵
  PID:5076
- C:\Windows\System\eeRYSxv.exe
  C:\Windows\System\eeRYSxv.exe
  2⤵
  PID:4104
- C:\Windows\System\IoCJjci.exe
  C:\Windows\System\IoCJjci.exe
  2⤵
  PID:4728
- C:\Windows\System\vQbTfst.exe
  C:\Windows\System\vQbTfst.exe
  2⤵
  PID:6132
- C:\Windows\System\wcIkLnM.exe
  C:\Windows\System\wcIkLnM.exe
  2⤵
  PID:6028
- C:\Windows\System\RqPQRiN.exe
  C:\Windows\System\RqPQRiN.exe
  2⤵
  PID:5440
- C:\Windows\System\wZoyUwo.exe
  C:\Windows\System\wZoyUwo.exe
  2⤵
  PID:1636
- C:\Windows\System\qYVyIWM.exe
  C:\Windows\System\qYVyIWM.exe
  2⤵
  PID:5540
- C:\Windows\System\dBfMSBD.exe
  C:\Windows\System\dBfMSBD.exe
  2⤵
  PID:5520
- C:\Windows\System\uffAAff.exe
  C:\Windows\System\uffAAff.exe
  2⤵
  PID:5576
- C:\Windows\System\rIclWLv.exe
  C:\Windows\System\rIclWLv.exe
  2⤵
  PID:5620
- C:\Windows\System\MrYZoiJ.exe
  C:\Windows\System\MrYZoiJ.exe
  2⤵
  PID:5776
- C:\Windows\System\TziSymP.exe
  C:\Windows\System\TziSymP.exe
  2⤵
  PID:6016
- C:\Windows\System\gLsJyxc.exe
  C:\Windows\System\gLsJyxc.exe
  2⤵
  PID:4648
- C:\Windows\System\tWvAVUP.exe
  C:\Windows\System\tWvAVUP.exe
  2⤵
  PID:1256
- C:\Windows\System\yOjKAxx.exe
  C:\Windows\System\yOjKAxx.exe
  2⤵
  PID:5984
- C:\Windows\System\qFuAUxS.exe
  C:\Windows\System\qFuAUxS.exe
  2⤵
  PID:4900
- C:\Windows\System\SlScTUM.exe
  C:\Windows\System\SlScTUM.exe
  2⤵
  PID:4240
- C:\Windows\System\ekbleyS.exe
  C:\Windows\System\ekbleyS.exe
  2⤵
  PID:5716
- C:\Windows\System\raXsIJC.exe
  C:\Windows\System\raXsIJC.exe
  2⤵
  PID:5796
- C:\Windows\System\UyPPjuW.exe
  C:\Windows\System\UyPPjuW.exe
  2⤵
  PID:5920
- C:\Windows\System\VDzsVEc.exe
  C:\Windows\System\VDzsVEc.exe
  2⤵
  PID:1840
- C:\Windows\System\qfYscKo.exe
  C:\Windows\System\qfYscKo.exe
  2⤵
  PID:4644
- C:\Windows\System\UYKIWmu.exe
  C:\Windows\System\UYKIWmu.exe
  2⤵
  PID:5380
- C:\Windows\System\tGRPuAZ.exe
  C:\Windows\System\tGRPuAZ.exe
  2⤵
  PID:5136
- C:\Windows\System\SjdYgOz.exe
  C:\Windows\System\SjdYgOz.exe
  2⤵
  PID:3276
- C:\Windows\System\xvZisWa.exe
  C:\Windows\System\xvZisWa.exe
  2⤵
  PID:6100
- C:\Windows\System\ziFuqAO.exe
  C:\Windows\System\ziFuqAO.exe
  2⤵
  PID:6060
- C:\Windows\System\DjSYPOU.exe
  C:\Windows\System\DjSYPOU.exe
  2⤵
  PID:5964
- C:\Windows\System\OrTVVUX.exe
  C:\Windows\System\OrTVVUX.exe
  2⤵
  PID:6160
- C:\Windows\System\jxPPSDR.exe
  C:\Windows\System\jxPPSDR.exe
  2⤵
  PID:6180
- C:\Windows\System\FDrFrLd.exe
  C:\Windows\System\FDrFrLd.exe
  2⤵
  PID:6200
- C:\Windows\System\MTPRpRb.exe
  C:\Windows\System\MTPRpRb.exe
  2⤵
  PID:6220
- C:\Windows\System\LNmSoBO.exe
  C:\Windows\System\LNmSoBO.exe
  2⤵
  PID:6240
- C:\Windows\System\diugYbg.exe
  C:\Windows\System\diugYbg.exe
  2⤵
  PID:6260
- C:\Windows\System\flOlUGn.exe
  C:\Windows\System\flOlUGn.exe
  2⤵
  PID:6280
- C:\Windows\System\qryzRdW.exe
  C:\Windows\System\qryzRdW.exe
  2⤵
  PID:6300
- C:\Windows\System\oCsBALw.exe
  C:\Windows\System\oCsBALw.exe
  2⤵
  PID:6320
- C:\Windows\System\MxBEtSk.exe
  C:\Windows\System\MxBEtSk.exe
  2⤵
  PID:6344
- C:\Windows\System\naihfiJ.exe
  C:\Windows\System\naihfiJ.exe
  2⤵
  PID:6364
- C:\Windows\System\jMZVsjq.exe
  C:\Windows\System\jMZVsjq.exe
  2⤵
  PID:6384
- C:\Windows\System\SIVRwsk.exe
  C:\Windows\System\SIVRwsk.exe
  2⤵
  PID:6404
- C:\Windows\System\RGYmuTk.exe
  C:\Windows\System\RGYmuTk.exe
  2⤵
  PID:6424
- C:\Windows\System\rWyeGKv.exe
  C:\Windows\System\rWyeGKv.exe
  2⤵
  PID:6444
- C:\Windows\System\aSMmsep.exe
  C:\Windows\System\aSMmsep.exe
  2⤵
  PID:6464
- C:\Windows\System\XubWCyf.exe
  C:\Windows\System\XubWCyf.exe
  2⤵
  PID:6484
- C:\Windows\System\eeYfOpH.exe
  C:\Windows\System\eeYfOpH.exe
  2⤵
  PID:6504
- C:\Windows\System\dCHuwlU.exe
  C:\Windows\System\dCHuwlU.exe
  2⤵
  PID:6520
- C:\Windows\System\JVhcHgo.exe
  C:\Windows\System\JVhcHgo.exe
  2⤵
  PID:6572
- C:\Windows\System\kZesIPz.exe
  C:\Windows\System\kZesIPz.exe
  2⤵
  PID:6592
- C:\Windows\System\EuUnuAq.exe
  C:\Windows\System\EuUnuAq.exe
  2⤵
  PID:6612
- C:\Windows\System\lfFAuxv.exe
  C:\Windows\System\lfFAuxv.exe
  2⤵
  PID:6628
- C:\Windows\System\xGNShmd.exe
  C:\Windows\System\xGNShmd.exe
  2⤵
  PID:6644
- C:\Windows\System\HtYtSDb.exe
  C:\Windows\System\HtYtSDb.exe
  2⤵
  PID:6660
- C:\Windows\System\vdZFxbt.exe
  C:\Windows\System\vdZFxbt.exe
  2⤵
  PID:6676
- C:\Windows\System\NTLREkq.exe
  C:\Windows\System\NTLREkq.exe
  2⤵
  PID:6692
- C:\Windows\System\ypyqQLE.exe
  C:\Windows\System\ypyqQLE.exe
  2⤵
  PID:6708
- C:\Windows\System\yuBnqHP.exe
  C:\Windows\System\yuBnqHP.exe
  2⤵
  PID:6724
- C:\Windows\System\LGlaqlH.exe
  C:\Windows\System\LGlaqlH.exe
  2⤵
  PID:6740
- C:\Windows\System\eBPSuuJ.exe
  C:\Windows\System\eBPSuuJ.exe
  2⤵
  PID:6756
- C:\Windows\System\WzSwzMZ.exe
  C:\Windows\System\WzSwzMZ.exe
  2⤵
  PID:6772
- C:\Windows\System\yuCgEuP.exe
  C:\Windows\System\yuCgEuP.exe
  2⤵
  PID:6840
- C:\Windows\System\GSVbgKf.exe
  C:\Windows\System\GSVbgKf.exe
  2⤵
  PID:6856
- C:\Windows\System\smVAtHM.exe
  C:\Windows\System\smVAtHM.exe
  2⤵
  PID:6876
- C:\Windows\System\pIEthnf.exe
  C:\Windows\System\pIEthnf.exe
  2⤵
  PID:6896
- C:\Windows\System\XQjMVEe.exe
  C:\Windows\System\XQjMVEe.exe
  2⤵
  PID:6912
- C:\Windows\System\hmSWtsb.exe
  C:\Windows\System\hmSWtsb.exe
  2⤵
  PID:6928
- C:\Windows\System\CirmReK.exe
  C:\Windows\System\CirmReK.exe
  2⤵
  PID:6944
- C:\Windows\System\wvhDKGu.exe
  C:\Windows\System\wvhDKGu.exe
  2⤵
  PID:6960
- C:\Windows\System\sCSagKh.exe
  C:\Windows\System\sCSagKh.exe
  2⤵
  PID:6976
- C:\Windows\System\QvkUDkb.exe
  C:\Windows\System\QvkUDkb.exe
  2⤵
  PID:6992
- C:\Windows\System\oeRPDSY.exe
  C:\Windows\System\oeRPDSY.exe
  2⤵
  PID:7008
- C:\Windows\System\yStemuX.exe
  C:\Windows\System\yStemuX.exe
  2⤵
  PID:7024
- C:\Windows\System\OuxztVz.exe
  C:\Windows\System\OuxztVz.exe
  2⤵
  PID:7040
- C:\Windows\System\LHGujVy.exe
  C:\Windows\System\LHGujVy.exe
  2⤵
  PID:7072
- C:\Windows\System\SIIWmQi.exe
  C:\Windows\System\SIIWmQi.exe
  2⤵
  PID:7088
- C:\Windows\System\NNpqhpn.exe
  C:\Windows\System\NNpqhpn.exe
  2⤵
  PID:7112
- C:\Windows\System\IywExep.exe
  C:\Windows\System\IywExep.exe
  2⤵
  PID:7136
- C:\Windows\System\BZMNyKT.exe
  C:\Windows\System\BZMNyKT.exe
  2⤵
  PID:7156
- C:\Windows\System\bDzUgNV.exe
  C:\Windows\System\bDzUgNV.exe
  2⤵
  PID:5484
- C:\Windows\System\fsIcCEy.exe
  C:\Windows\System\fsIcCEy.exe
  2⤵
  PID:5616
- C:\Windows\System\GPAWSDw.exe
  C:\Windows\System\GPAWSDw.exe
  2⤵
  PID:5948
- C:\Windows\System\PxAadZV.exe
  C:\Windows\System\PxAadZV.exe
  2⤵
  PID:5784
- C:\Windows\System\ljiRKcz.exe
  C:\Windows\System\ljiRKcz.exe
  2⤵
  PID:5856
- C:\Windows\System\jNjttXE.exe
  C:\Windows\System\jNjttXE.exe
  2⤵
  PID:6084
- C:\Windows\System\BrFXNTT.exe
  C:\Windows\System\BrFXNTT.exe
  2⤵
  PID:2464
- C:\Windows\System\gfryRzv.exe
  C:\Windows\System\gfryRzv.exe
  2⤵
  PID:1016
- C:\Windows\System\WzbiWJj.exe
  C:\Windows\System\WzbiWJj.exe
  2⤵
  PID:5872
- C:\Windows\System\pGbQBqW.exe
  C:\Windows\System\pGbQBqW.exe
  2⤵
  PID:5360
- C:\Windows\System\josuOdp.exe
  C:\Windows\System\josuOdp.exe
  2⤵
  PID:5212
- C:\Windows\System\zmFciHh.exe
  C:\Windows\System\zmFciHh.exe
  2⤵
  PID:4124
- C:\Windows\System\GFUePmH.exe
  C:\Windows\System\GFUePmH.exe
  2⤵
  PID:3320
- C:\Windows\System\OQsDUfc.exe
  C:\Windows\System\OQsDUfc.exe
  2⤵
  PID:6136
- C:\Windows\System\REmejlP.exe
  C:\Windows\System\REmejlP.exe
  2⤵
  PID:5960
- C:\Windows\System\qYMJqoK.exe
  C:\Windows\System\qYMJqoK.exe
  2⤵
  PID:6156
- C:\Windows\System\UsGTylu.exe
  C:\Windows\System\UsGTylu.exe
  2⤵
  PID:6188
- C:\Windows\System\wzkeyYe.exe
  C:\Windows\System\wzkeyYe.exe
  2⤵
  PID:6216
- C:\Windows\System\KHnbNCm.exe
  C:\Windows\System\KHnbNCm.exe
  2⤵
  PID:6256
- C:\Windows\System\gVWDqZf.exe
  C:\Windows\System\gVWDqZf.exe
  2⤵
  PID:6268
- C:\Windows\System\mroLTon.exe
  C:\Windows\System\mroLTon.exe
  2⤵
  PID:6296
- C:\Windows\System\JsUYMTb.exe
  C:\Windows\System\JsUYMTb.exe
  2⤵
  PID:6316
- C:\Windows\System\glCzZKg.exe
  C:\Windows\System\glCzZKg.exe
  2⤵
  PID:6352
- C:\Windows\System\BnJvqOE.exe
  C:\Windows\System\BnJvqOE.exe
  2⤵
  PID:6380
- C:\Windows\System\iNyPBiu.exe
  C:\Windows\System\iNyPBiu.exe
  2⤵
  PID:6396
- C:\Windows\System\RoerBzC.exe
  C:\Windows\System\RoerBzC.exe
  2⤵
  PID:6432
- C:\Windows\System\ihlutxr.exe
  C:\Windows\System\ihlutxr.exe
  2⤵
  PID:6460
- C:\Windows\System\KHJnQNj.exe
  C:\Windows\System\KHJnQNj.exe
  2⤵
  PID:6476
- C:\Windows\System\PUaJLui.exe
  C:\Windows\System\PUaJLui.exe
  2⤵
  PID:6512
- C:\Windows\System\GZaSFuC.exe
  C:\Windows\System\GZaSFuC.exe
  2⤵
  PID:2748
- C:\Windows\System\OTragUV.exe
  C:\Windows\System\OTragUV.exe
  2⤵
  PID:2856
- C:\Windows\System\KLarjya.exe
  C:\Windows\System\KLarjya.exe
  2⤵
  PID:2584
- C:\Windows\System\xxQDRoj.exe
  C:\Windows\System\xxQDRoj.exe
  2⤵
  PID:2720
- C:\Windows\System\FJDylyh.exe
  C:\Windows\System\FJDylyh.exe
  2⤵
  PID:2648
- C:\Windows\System\iAQWakg.exe
  C:\Windows\System\iAQWakg.exe
  2⤵
  PID:608
- C:\Windows\System\DxydhMf.exe
  C:\Windows\System\DxydhMf.exe
  2⤵
  PID:2884
- C:\Windows\System\AvjJtsY.exe
  C:\Windows\System\AvjJtsY.exe
  2⤵
  PID:2392
- C:\Windows\System\zPsPvKe.exe
  C:\Windows\System\zPsPvKe.exe
  2⤵
  PID:992
- C:\Windows\System\kgJvoyy.exe
  C:\Windows\System\kgJvoyy.exe
  2⤵
  PID:6548
- C:\Windows\System\buZTQtl.exe
  C:\Windows\System\buZTQtl.exe
  2⤵
  PID:5280
- C:\Windows\System\ADDcaYJ.exe
  C:\Windows\System\ADDcaYJ.exe
  2⤵
  PID:1800
- C:\Windows\System\asjPVpA.exe
  C:\Windows\System\asjPVpA.exe
  2⤵
  PID:2988
- C:\Windows\System\fxbjQtU.exe
  C:\Windows\System\fxbjQtU.exe
  2⤵
  PID:6564
- C:\Windows\System\pAZApim.exe
  C:\Windows\System\pAZApim.exe
  2⤵
  PID:556
- C:\Windows\System\glLCWeT.exe
  C:\Windows\System\glLCWeT.exe
  2⤵
  PID:2512
- C:\Windows\System\XEDcemx.exe
  C:\Windows\System\XEDcemx.exe
  2⤵
  PID:2524
- C:\Windows\System\nAiqZxB.exe
  C:\Windows\System\nAiqZxB.exe
  2⤵
  PID:904
- C:\Windows\System\EHfYsti.exe
  C:\Windows\System\EHfYsti.exe
  2⤵
  PID:792
- C:\Windows\System\DlGBVcP.exe
  C:\Windows\System\DlGBVcP.exe
  2⤵
  PID:5404
- C:\Windows\System\PSqkBYc.exe
  C:\Windows\System\PSqkBYc.exe
  2⤵
  PID:1984
- C:\Windows\System\nmIdQSL.exe
  C:\Windows\System\nmIdQSL.exe
  2⤵
  PID:2784
- C:\Windows\System\GzfiSsY.exe
  C:\Windows\System\GzfiSsY.exe
  2⤵
  PID:6568
- C:\Windows\System\SbrkWgy.exe
  C:\Windows\System\SbrkWgy.exe
  2⤵
  PID:6604
- C:\Windows\System\zeFaSnV.exe
  C:\Windows\System\zeFaSnV.exe
  2⤵
  PID:6672
- C:\Windows\System\sEfcWtd.exe
  C:\Windows\System\sEfcWtd.exe
  2⤵
  PID:6732
- C:\Windows\System\fFgnaFQ.exe
  C:\Windows\System\fFgnaFQ.exe
  2⤵
  PID:6588
- C:\Windows\System\JxxVHjG.exe
  C:\Windows\System\JxxVHjG.exe
  2⤵
  PID:6656
- C:\Windows\System\jJJbcvf.exe
  C:\Windows\System\jJJbcvf.exe
  2⤵
  PID:6720
- C:\Windows\System\RBaPGZo.exe
  C:\Windows\System\RBaPGZo.exe
  2⤵
  PID:6788
- C:\Windows\System\MbdXKrS.exe
  C:\Windows\System\MbdXKrS.exe
  2⤵
  PID:6804
- C:\Windows\System\rHlzXmn.exe
  C:\Windows\System\rHlzXmn.exe
  2⤵
  PID:6820
- C:\Windows\System\RMjSZGF.exe
  C:\Windows\System\RMjSZGF.exe
  2⤵
  PID:6848
- C:\Windows\System\RQMmaSp.exe
  C:\Windows\System\RQMmaSp.exe
  2⤵
  PID:6836
- C:\Windows\System\koIcDek.exe
  C:\Windows\System\koIcDek.exe
  2⤵
  PID:6920
- C:\Windows\System\fJGzluH.exe
  C:\Windows\System\fJGzluH.exe
  2⤵
  PID:6984
- C:\Windows\System\VVGGcMF.exe
  C:\Windows\System\VVGGcMF.exe
  2⤵
  PID:7056
- C:\Windows\System\yamgOQX.exe
  C:\Windows\System\yamgOQX.exe
  2⤵
  PID:6904
- C:\Windows\System\wdKFDbT.exe
  C:\Windows\System\wdKFDbT.exe
  2⤵
  PID:6968
- C:\Windows\System\ZCACaAQ.exe
  C:\Windows\System\ZCACaAQ.exe
  2⤵
  PID:7032
- C:\Windows\System\YgzZYDv.exe
  C:\Windows\System\YgzZYDv.exe
  2⤵
  PID:7120
- C:\Windows\System\xukmNFq.exe
  C:\Windows\System\xukmNFq.exe
  2⤵
  PID:7164
- C:\Windows\System\lgWEuOj.exe
  C:\Windows\System\lgWEuOj.exe
  2⤵
  PID:7100
- C:\Windows\System\GSLWRCm.exe
  C:\Windows\System\GSLWRCm.exe
  2⤵
  PID:7148
- C:\Windows\System\mcXDjwa.exe
  C:\Windows\System\mcXDjwa.exe
  2⤵
  PID:5580
- C:\Windows\System\LtkMsWx.exe
  C:\Windows\System\LtkMsWx.exe
  2⤵
  PID:5516
- C:\Windows\System\ZXDefcr.exe
  C:\Windows\System\ZXDefcr.exe
  2⤵
  PID:1484
- C:\Windows\System\qhVMfUv.exe
  C:\Windows\System\qhVMfUv.exe
  2⤵
  PID:5596
- C:\Windows\System\gqBfBZF.exe
  C:\Windows\System\gqBfBZF.exe
  2⤵
  PID:5676
- C:\Windows\System\AXeZiOb.exe
  C:\Windows\System\AXeZiOb.exe
  2⤵
  PID:5928
- C:\Windows\System\bbEUiCr.exe
  C:\Windows\System\bbEUiCr.exe
  2⤵
  PID:4952
- C:\Windows\System\nNxredw.exe
  C:\Windows\System\nNxredw.exe
  2⤵
  PID:6192
- C:\Windows\System\kpObOkh.exe
  C:\Windows\System\kpObOkh.exe
  2⤵
  PID:5760
- C:\Windows\System\LJQsfNs.exe
  C:\Windows\System\LJQsfNs.exe
  2⤵
  PID:5152
- C:\Windows\System\LCYtucm.exe
  C:\Windows\System\LCYtucm.exe
  2⤵
  PID:6172
- C:\Windows\System\CuMgZHn.exe
  C:\Windows\System\CuMgZHn.exe
  2⤵
  PID:6276
- C:\Windows\System\wRutgPd.exe
  C:\Windows\System\wRutgPd.exe
  2⤵
  PID:6232
- C:\Windows\System\MCeYfmr.exe
  C:\Windows\System\MCeYfmr.exe
  2⤵
  PID:6308
- C:\Windows\System\itRzLJe.exe
  C:\Windows\System\itRzLJe.exe
  2⤵
  PID:6416
- C:\Windows\System\knFuuNQ.exe
  C:\Windows\System\knFuuNQ.exe
  2⤵
  PID:6500
- C:\Windows\System\yqwLQMR.exe
  C:\Windows\System\yqwLQMR.exe
  2⤵
  PID:6528
- C:\Windows\System\BmMxTRX.exe
  C:\Windows\System\BmMxTRX.exe
  2⤵
  PID:2564
- C:\Windows\System\DbnTtTO.exe
  C:\Windows\System\DbnTtTO.exe
  2⤵
  PID:2964
- C:\Windows\System\DJkPHqU.exe
  C:\Windows\System\DJkPHqU.exe
  2⤵
  PID:6532
- C:\Windows\System\fzsPTBs.exe
  C:\Windows\System\fzsPTBs.exe
  2⤵
  PID:1956
- C:\Windows\System\lqFqxnD.exe
  C:\Windows\System\lqFqxnD.exe
  2⤵
  PID:2572
- C:\Windows\System\wIFoJRa.exe
  C:\Windows\System\wIFoJRa.exe
  2⤵
  PID:2064
- C:\Windows\System\AxFgGIc.exe
  C:\Windows\System\AxFgGIc.exe
  2⤵
  PID:2772
- C:\Windows\System\Vrfuyba.exe
  C:\Windows\System\Vrfuyba.exe
  2⤵
  PID:2352
- C:\Windows\System\evuEYqr.exe
  C:\Windows\System\evuEYqr.exe
  2⤵
  PID:6600
- C:\Windows\System\LeFXyVv.exe
  C:\Windows\System\LeFXyVv.exe
  2⤵
  PID:6624
- C:\Windows\System\jGnZDjQ.exe
  C:\Windows\System\jGnZDjQ.exe
  2⤵
  PID:6780
- C:\Windows\System\IgNhutM.exe
  C:\Windows\System\IgNhutM.exe
  2⤵
  PID:688
- C:\Windows\System\BhzBkxB.exe
  C:\Windows\System\BhzBkxB.exe
  2⤵
  PID:6688
- C:\Windows\System\dzvisZy.exe
  C:\Windows\System\dzvisZy.exe
  2⤵
  PID:2288
- C:\Windows\System\mCLMMXI.exe
  C:\Windows\System\mCLMMXI.exe
  2⤵
  PID:6584
- C:\Windows\System\TdGWMXR.exe
  C:\Windows\System\TdGWMXR.exe
  2⤵
  PID:6828
- C:\Windows\System\aAohPki.exe
  C:\Windows\System\aAohPki.exe
  2⤵
  PID:6952
- C:\Windows\System\LMZpTTc.exe
  C:\Windows\System\LMZpTTc.exe
  2⤵
  PID:7000
- C:\Windows\System\aSpmlKW.exe
  C:\Windows\System\aSpmlKW.exe
  2⤵
  PID:7048
- C:\Windows\System\eBoomuv.exe
  C:\Windows\System\eBoomuv.exe
  2⤵
  PID:6936
- C:\Windows\System\ctPTIsn.exe
  C:\Windows\System\ctPTIsn.exe
  2⤵
  PID:7128
- C:\Windows\System\RAlRBve.exe
  C:\Windows\System\RAlRBve.exe
  2⤵
  PID:5696
- C:\Windows\System\hYfveTQ.exe
  C:\Windows\System\hYfveTQ.exe
  2⤵
  PID:5544
- C:\Windows\System\mFRutmB.exe
  C:\Windows\System\mFRutmB.exe
  2⤵
  PID:6196
- C:\Windows\System\FvBDBWO.exe
  C:\Windows\System\FvBDBWO.exe
  2⤵
  PID:5820
- C:\Windows\System\IFWiuwQ.exe
  C:\Windows\System\IFWiuwQ.exe
  2⤵
  PID:6148
- C:\Windows\System\fxCJdzN.exe
  C:\Windows\System\fxCJdzN.exe
  2⤵
  PID:5024
- C:\Windows\System\YGwOeeK.exe
  C:\Windows\System\YGwOeeK.exe
  2⤵
  PID:2032
- C:\Windows\System\gwadKNc.exe
  C:\Windows\System\gwadKNc.exe
  2⤵
  PID:1436
- C:\Windows\System\VfIMGhO.exe
  C:\Windows\System\VfIMGhO.exe
  2⤵
  PID:2504
- C:\Windows\System\sDkBHvZ.exe
  C:\Windows\System\sDkBHvZ.exe
  2⤵
  PID:1160
- C:\Windows\System\RPGzhni.exe
  C:\Windows\System\RPGzhni.exe
  2⤵
  PID:6668
- C:\Windows\System\fxXZUgb.exe
  C:\Windows\System\fxXZUgb.exe
  2⤵
  PID:6892
- C:\Windows\System\WCSPcVh.exe
  C:\Windows\System\WCSPcVh.exe
  2⤵
  PID:7096
- C:\Windows\System\uYkrXoD.exe
  C:\Windows\System\uYkrXoD.exe
  2⤵
  PID:988
- C:\Windows\System\cGVQxaE.exe
  C:\Windows\System\cGVQxaE.exe
  2⤵
  PID:5844
- C:\Windows\System\eIXCybh.exe
  C:\Windows\System\eIXCybh.exe
  2⤵
  PID:6176
- C:\Windows\System\JjIMNVj.exe
  C:\Windows\System\JjIMNVj.exe
  2⤵
  PID:2728
- C:\Windows\System\ZOpvjeO.exe
  C:\Windows\System\ZOpvjeO.exe
  2⤵
  PID:4852
- C:\Windows\System\MQLYgvs.exe
  C:\Windows\System\MQLYgvs.exe
  2⤵
  PID:4872
- C:\Windows\System\spIHKwf.exe
  C:\Windows\System\spIHKwf.exe
  2⤵
  PID:2160
- C:\Windows\System\azmdHly.exe
  C:\Windows\System\azmdHly.exe
  2⤵
  PID:1036
- C:\Windows\System\ADvKJrZ.exe
  C:\Windows\System\ADvKJrZ.exe
  2⤵
  PID:6800
- C:\Windows\System\tHDZHIk.exe
  C:\Windows\System\tHDZHIk.exe
  2⤵
  PID:7144
- C:\Windows\System\zCxjjMI.exe
  C:\Windows\System\zCxjjMI.exe
  2⤵
  PID:6436
- C:\Windows\System\YdhUMbd.exe
  C:\Windows\System\YdhUMbd.exe
  2⤵
  PID:1324
- C:\Windows\System\RmDLSyn.exe
  C:\Windows\System\RmDLSyn.exe
  2⤵
  PID:5236
- C:\Windows\System\HcdOAyT.exe
  C:\Windows\System\HcdOAyT.exe
  2⤵
  PID:6340
- C:\Windows\System\yWPcIxP.exe
  C:\Windows\System\yWPcIxP.exe
  2⤵
  PID:6356
- C:\Windows\System\EvXXzxJ.exe
  C:\Windows\System\EvXXzxJ.exe
  2⤵
  PID:2272
- C:\Windows\System\ngDxJqf.exe
  C:\Windows\System\ngDxJqf.exe
  2⤵
  PID:6796
- C:\Windows\System\BTeMDuz.exe
  C:\Windows\System\BTeMDuz.exe
  2⤵
  PID:6888
- C:\Windows\System\nNIQFTT.exe
  C:\Windows\System\nNIQFTT.exe
  2⤵
  PID:7176
- C:\Windows\System\bSjELzy.exe
  C:\Windows\System\bSjELzy.exe
  2⤵
  PID:7192
- C:\Windows\System\sKUjHjP.exe
  C:\Windows\System\sKUjHjP.exe
  2⤵
  PID:7208
- C:\Windows\System\tuiTRnc.exe
  C:\Windows\System\tuiTRnc.exe
  2⤵
  PID:7224
- C:\Windows\System\yWxLNWz.exe
  C:\Windows\System\yWxLNWz.exe
  2⤵
  PID:7240
- C:\Windows\System\LyAOBWw.exe
  C:\Windows\System\LyAOBWw.exe
  2⤵
  PID:7256
- C:\Windows\System\zAdxeRq.exe
  C:\Windows\System\zAdxeRq.exe
  2⤵
  PID:7272
- C:\Windows\System\MfocIdE.exe
  C:\Windows\System\MfocIdE.exe
  2⤵
  PID:7292
- C:\Windows\System\UxDlRyD.exe
  C:\Windows\System\UxDlRyD.exe
  2⤵
  PID:7308
- C:\Windows\System\pLcUhCl.exe
  C:\Windows\System\pLcUhCl.exe
  2⤵
  PID:7324
- C:\Windows\System\xyIClKQ.exe
  C:\Windows\System\xyIClKQ.exe
  2⤵
  PID:7340
- C:\Windows\System\dTAPLdw.exe
  C:\Windows\System\dTAPLdw.exe
  2⤵
  PID:7356
- C:\Windows\System\agjhxeV.exe
  C:\Windows\System\agjhxeV.exe
  2⤵
  PID:7372
- C:\Windows\System\BpfXkZN.exe
  C:\Windows\System\BpfXkZN.exe
  2⤵
  PID:7388
- C:\Windows\System\ovwhiSW.exe
  C:\Windows\System\ovwhiSW.exe
  2⤵
  PID:7404
- C:\Windows\System\AiGyhFU.exe
  C:\Windows\System\AiGyhFU.exe
  2⤵
  PID:7420
- C:\Windows\System\JHUwQSR.exe
  C:\Windows\System\JHUwQSR.exe
  2⤵
  PID:7436
- C:\Windows\System\pVSjvqr.exe
  C:\Windows\System\pVSjvqr.exe
  2⤵
  PID:7452
- C:\Windows\System\CktLgHm.exe
  C:\Windows\System\CktLgHm.exe
  2⤵
  PID:7468
- C:\Windows\System\STstxVf.exe
  C:\Windows\System\STstxVf.exe
  2⤵
  PID:7484
- C:\Windows\System\FaMoqTM.exe
  C:\Windows\System\FaMoqTM.exe
  2⤵
  PID:7500
- C:\Windows\System\HcebSFb.exe
  C:\Windows\System\HcebSFb.exe
  2⤵
  PID:7516
- C:\Windows\System\Tilwzjx.exe
  C:\Windows\System\Tilwzjx.exe
  2⤵
  PID:7532
- C:\Windows\System\DurdCJQ.exe
  C:\Windows\System\DurdCJQ.exe
  2⤵
  PID:7548
- C:\Windows\System\nhvyUzn.exe
  C:\Windows\System\nhvyUzn.exe
  2⤵
  PID:7564
- C:\Windows\System\asSXUAQ.exe
  C:\Windows\System\asSXUAQ.exe
  2⤵
  PID:7580
- C:\Windows\System\KyPpfvu.exe
  C:\Windows\System\KyPpfvu.exe
  2⤵
  PID:7596
- C:\Windows\System\dIWRiEo.exe
  C:\Windows\System\dIWRiEo.exe
  2⤵
  PID:7612
- C:\Windows\System\LHMLmvX.exe
  C:\Windows\System\LHMLmvX.exe
  2⤵
  PID:7628
- C:\Windows\System\arwiooi.exe
  C:\Windows\System\arwiooi.exe
  2⤵
  PID:7644
- C:\Windows\System\dCwhmWE.exe
  C:\Windows\System\dCwhmWE.exe
  2⤵
  PID:7660
- C:\Windows\System\sLhSisq.exe
  C:\Windows\System\sLhSisq.exe
  2⤵
  PID:7676
- C:\Windows\System\KDxzyXk.exe
  C:\Windows\System\KDxzyXk.exe
  2⤵
  PID:7692
- C:\Windows\System\dRHsSHc.exe
  C:\Windows\System\dRHsSHc.exe
  2⤵
  PID:7708
- C:\Windows\System\NvPeXxS.exe
  C:\Windows\System\NvPeXxS.exe
  2⤵
  PID:7724
- C:\Windows\System\ZPecXsW.exe
  C:\Windows\System\ZPecXsW.exe
  2⤵
  PID:7740
- C:\Windows\System\OahzRAy.exe
  C:\Windows\System\OahzRAy.exe
  2⤵
  PID:7756
- C:\Windows\System\WFyEIlo.exe
  C:\Windows\System\WFyEIlo.exe
  2⤵
  PID:7772
- C:\Windows\System\gWmdDNJ.exe
  C:\Windows\System\gWmdDNJ.exe
  2⤵
  PID:7788
- C:\Windows\System\QBAQTbg.exe
  C:\Windows\System\QBAQTbg.exe
  2⤵
  PID:7804
- C:\Windows\System\ZKSVNRb.exe
  C:\Windows\System\ZKSVNRb.exe
  2⤵
  PID:7820
- C:\Windows\System\KtTaGPu.exe
  C:\Windows\System\KtTaGPu.exe
  2⤵
  PID:7836
- C:\Windows\System\yOWZMFy.exe
  C:\Windows\System\yOWZMFy.exe
  2⤵
  PID:7852
- C:\Windows\System\cnMnVMh.exe
  C:\Windows\System\cnMnVMh.exe
  2⤵
  PID:7868
- C:\Windows\System\sAEzXcg.exe
  C:\Windows\System\sAEzXcg.exe
  2⤵
  PID:7884
- C:\Windows\System\EDpSojg.exe
  C:\Windows\System\EDpSojg.exe
  2⤵
  PID:7900
- C:\Windows\System\VwZhBSr.exe
  C:\Windows\System\VwZhBSr.exe
  2⤵
  PID:7916
- C:\Windows\System\idrzdrM.exe
  C:\Windows\System\idrzdrM.exe
  2⤵
  PID:7932
- C:\Windows\System\leLKwog.exe
  C:\Windows\System\leLKwog.exe
  2⤵
  PID:7948
- C:\Windows\System\JiLNXhj.exe
  C:\Windows\System\JiLNXhj.exe
  2⤵
  PID:7964
- C:\Windows\System\SvXZdwf.exe
  C:\Windows\System\SvXZdwf.exe
  2⤵
  PID:7980
- C:\Windows\System\ABRFaPH.exe
  C:\Windows\System\ABRFaPH.exe
  2⤵
  PID:7996
- C:\Windows\System\AYhQfic.exe
  C:\Windows\System\AYhQfic.exe
  2⤵
  PID:8012
- C:\Windows\System\pDUbicA.exe
  C:\Windows\System\pDUbicA.exe
  2⤵
  PID:8028
- C:\Windows\System\RmblLuN.exe
  C:\Windows\System\RmblLuN.exe
  2⤵
  PID:8044
- C:\Windows\System\zTmDXEj.exe
  C:\Windows\System\zTmDXEj.exe
  2⤵
  PID:8060
- C:\Windows\System\BdUszvG.exe
  C:\Windows\System\BdUszvG.exe
  2⤵
  PID:8076
- C:\Windows\System\uinNnzQ.exe
  C:\Windows\System\uinNnzQ.exe
  2⤵
  PID:8092
- C:\Windows\System\DyPAPDt.exe
  C:\Windows\System\DyPAPDt.exe
  2⤵
  PID:8108
- C:\Windows\System\IWQhLPa.exe
  C:\Windows\System\IWQhLPa.exe
  2⤵
  PID:8124
- C:\Windows\System\PQJZfSG.exe
  C:\Windows\System\PQJZfSG.exe
  2⤵
  PID:8140
- C:\Windows\System\HEgWRDv.exe
  C:\Windows\System\HEgWRDv.exe
  2⤵
  PID:8156
- C:\Windows\System\sdHOdUL.exe
  C:\Windows\System\sdHOdUL.exe
  2⤵
  PID:8172
- C:\Windows\System\YNyCedf.exe
  C:\Windows\System\YNyCedf.exe
  2⤵
  PID:8188
- C:\Windows\System\kdbmewm.exe
  C:\Windows\System\kdbmewm.exe
  2⤵
  PID:7084
- C:\Windows\System\CZzahav.exe
  C:\Windows\System\CZzahav.exe
  2⤵
  PID:7172
- C:\Windows\System\MTOdwgA.exe
  C:\Windows\System\MTOdwgA.exe
  2⤵
  PID:7236
- C:\Windows\System\DUURmbb.exe
  C:\Windows\System\DUURmbb.exe
  2⤵
  PID:1236
- C:\Windows\System\kVRDEJo.exe
  C:\Windows\System\kVRDEJo.exe
  2⤵
  PID:7184
- C:\Windows\System\ofJxXxq.exe
  C:\Windows\System\ofJxXxq.exe
  2⤵
  PID:6452
- C:\Windows\System\hQQZVDB.exe
  C:\Windows\System\hQQZVDB.exe
  2⤵
  PID:7280
- C:\Windows\System\YENVyhh.exe
  C:\Windows\System\YENVyhh.exe
  2⤵
  PID:7300
- C:\Windows\System\VeKQpii.exe
  C:\Windows\System\VeKQpii.exe
  2⤵
  PID:7364
- C:\Windows\System\PJsWsYi.exe
  C:\Windows\System\PJsWsYi.exe
  2⤵
  PID:7412
- C:\Windows\System\IwWfwla.exe
  C:\Windows\System\IwWfwla.exe
  2⤵
  PID:7348
- C:\Windows\System\kSmmfSX.exe
  C:\Windows\System\kSmmfSX.exe
  2⤵
  PID:7444
- C:\Windows\System\tNdfAiM.exe
  C:\Windows\System\tNdfAiM.exe
  2⤵
  PID:6784
- C:\Windows\System\XtpNCUw.exe
  C:\Windows\System\XtpNCUw.exe
  2⤵
  PID:7496
- C:\Windows\System\xXmBPPQ.exe
  C:\Windows\System\xXmBPPQ.exe
  2⤵
  PID:7572
- C:\Windows\System\SMzZQsp.exe
  C:\Windows\System\SMzZQsp.exe
  2⤵
  PID:7508
- C:\Windows\System\xCJKqlK.exe
  C:\Windows\System\xCJKqlK.exe
  2⤵
  PID:7604
- C:\Windows\System\gPbGRhj.exe
  C:\Windows\System\gPbGRhj.exe
  2⤵
  PID:7592
- C:\Windows\System\uLarGMZ.exe
  C:\Windows\System\uLarGMZ.exe
  2⤵
  PID:7656
- C:\Windows\System\olnYveL.exe
  C:\Windows\System\olnYveL.exe
  2⤵
  PID:7700
- C:\Windows\System\nptZdBT.exe
  C:\Windows\System\nptZdBT.exe
  2⤵
  PID:7640
- C:\Windows\System\oZtrQCD.exe
  C:\Windows\System\oZtrQCD.exe
  2⤵
  PID:7704
- C:\Windows\System\YwgzOWp.exe
  C:\Windows\System\YwgzOWp.exe
  2⤵
  PID:7768
- C:\Windows\System\dLoRSYZ.exe
  C:\Windows\System\dLoRSYZ.exe
  2⤵
  PID:7816
- C:\Windows\System\FnkLpOh.exe
  C:\Windows\System\FnkLpOh.exe
  2⤵
  PID:7876
- C:\Windows\System\qxUIhoN.exe
  C:\Windows\System\qxUIhoN.exe
  2⤵
  PID:7828
- C:\Windows\System\ZRPAOhJ.exe
  C:\Windows\System\ZRPAOhJ.exe
  2⤵
  PID:7800
- C:\Windows\System\rZgOjWI.exe
  C:\Windows\System\rZgOjWI.exe
  2⤵
  PID:8036
- C:\Windows\System\sXlGOjs.exe
  C:\Windows\System\sXlGOjs.exe
  2⤵
  PID:7832
- C:\Windows\System\mzEFcJz.exe
  C:\Windows\System\mzEFcJz.exe
  2⤵
  PID:8020
- C:\Windows\System\sUUPWaN.exe
  C:\Windows\System\sUUPWaN.exe
  2⤵
  PID:7988
- C:\Windows\System\ttxVXIz.exe
  C:\Windows\System\ttxVXIz.exe
  2⤵
  PID:8056
- C:\Windows\System\AQKraSJ.exe
  C:\Windows\System\AQKraSJ.exe
  2⤵
  PID:8072
- C:\Windows\System\zHYowIg.exe
  C:\Windows\System\zHYowIg.exe
  2⤵
  PID:8120
- C:\Windows\System\YvPbUsu.exe
  C:\Windows\System\YvPbUsu.exe
  2⤵
  PID:6400
- C:\Windows\System\dLIcHBa.exe
  C:\Windows\System\dLIcHBa.exe
  2⤵
  PID:8152
- C:\Windows\System\xUJXHok.exe
  C:\Windows\System\xUJXHok.exe
  2⤵
  PID:2344
- C:\Windows\System\tUMixZU.exe
  C:\Windows\System\tUMixZU.exe
  2⤵
  PID:4588
- C:\Windows\System\KFEMIEf.exe
  C:\Windows\System\KFEMIEf.exe
  2⤵
  PID:7332
- C:\Windows\System\rdXrcSk.exe
  C:\Windows\System\rdXrcSk.exe
  2⤵
  PID:7428
- C:\Windows\System\KOMgipq.exe
  C:\Windows\System\KOMgipq.exe
  2⤵
  PID:7400
- C:\Windows\System\lLCQgHI.exe
  C:\Windows\System\lLCQgHI.exe
  2⤵
  PID:7396
- C:\Windows\System\LtZPuZc.exe
  C:\Windows\System\LtZPuZc.exe
  2⤵
  PID:7528
- C:\Windows\System\rIpVztn.exe
  C:\Windows\System\rIpVztn.exe
  2⤵
  PID:7544
- C:\Windows\System\THQLqva.exe
  C:\Windows\System\THQLqva.exe
  2⤵
  PID:7476
- C:\Windows\System\PKuQXuO.exe
  C:\Windows\System\PKuQXuO.exe
  2⤵
  PID:7668
- C:\Windows\System\dpHvWwi.exe
  C:\Windows\System\dpHvWwi.exe
  2⤵
  PID:7636
- C:\Windows\System\CIELnLH.exe
  C:\Windows\System\CIELnLH.exe
  2⤵
  PID:7736
- C:\Windows\System\vDxqZtf.exe
  C:\Windows\System\vDxqZtf.exe
  2⤵
  PID:7796
- C:\Windows\System\kmqvSfq.exe
  C:\Windows\System\kmqvSfq.exe
  2⤵
  PID:7908
- C:\Windows\System\CdhLgcx.exe
  C:\Windows\System\CdhLgcx.exe
  2⤵
  PID:8004
- C:\Windows\System\QoplgDp.exe
  C:\Windows\System\QoplgDp.exe
  2⤵
  PID:8100
- C:\Windows\System\vbWZRpg.exe
  C:\Windows\System\vbWZRpg.exe
  2⤵
  PID:8168
- C:\Windows\System\IlggTKt.exe
  C:\Windows\System\IlggTKt.exe
  2⤵
  PID:8132
- C:\Windows\System\aQlfjWx.exe
  C:\Windows\System\aQlfjWx.exe
  2⤵
  PID:8148
- C:\Windows\System\VaJWkpb.exe
  C:\Windows\System\VaJWkpb.exe
  2⤵
  PID:7316
- C:\Windows\System\PqgLOCw.exe
  C:\Windows\System\PqgLOCw.exe
  2⤵
  PID:7492
- C:\Windows\System\DgdXGsF.exe
  C:\Windows\System\DgdXGsF.exe
  2⤵
  PID:7672
- C:\Windows\System\HpuLkOp.exe
  C:\Windows\System\HpuLkOp.exe
  2⤵
  PID:7384
- C:\Windows\System\nmEiVOK.exe
  C:\Windows\System\nmEiVOK.exe
  2⤵
  PID:8024
- C:\Windows\System\ahLngBL.exe
  C:\Windows\System\ahLngBL.exe
  2⤵
  PID:7688
- C:\Windows\System\HgzBxwo.exe
  C:\Windows\System\HgzBxwo.exe
  2⤵
  PID:8180
- C:\Windows\System\ikUuNDP.exe
  C:\Windows\System\ikUuNDP.exe
  2⤵
  PID:8088
- C:\Windows\System\ybqemPp.exe
  C:\Windows\System\ybqemPp.exe
  2⤵
  PID:7220
- C:\Windows\System\BSVfmxh.exe
  C:\Windows\System\BSVfmxh.exe
  2⤵
  PID:7540
- C:\Windows\System\fNqwTPS.exe
  C:\Windows\System\fNqwTPS.exe
  2⤵
  PID:7812
- C:\Windows\System\GJMgyCb.exe
  C:\Windows\System\GJMgyCb.exe
  2⤵
  PID:7268
- C:\Windows\System\JVTDmXd.exe
  C:\Windows\System\JVTDmXd.exe
  2⤵
  PID:7864
- C:\Windows\System\lzpEIyj.exe
  C:\Windows\System\lzpEIyj.exe
  2⤵
  PID:7464
- C:\Windows\System\VHIpPnr.exe
  C:\Windows\System\VHIpPnr.exe
  2⤵
  PID:6168
- C:\Windows\System\PaVArWQ.exe
  C:\Windows\System\PaVArWQ.exe
  2⤵
  PID:8208
- C:\Windows\System\mGlWPXk.exe
  C:\Windows\System\mGlWPXk.exe
  2⤵
  PID:8224
- C:\Windows\System\TCvvkas.exe
  C:\Windows\System\TCvvkas.exe
  2⤵
  PID:8240
- C:\Windows\System\LXqZEdg.exe
  C:\Windows\System\LXqZEdg.exe
  2⤵
  PID:8256
- C:\Windows\System\GjdpcCd.exe
  C:\Windows\System\GjdpcCd.exe
  2⤵
  PID:8272
- C:\Windows\System\LOZwvXl.exe
  C:\Windows\System\LOZwvXl.exe
  2⤵
  PID:8288
- C:\Windows\System\AyvxskW.exe
  C:\Windows\System\AyvxskW.exe
  2⤵
  PID:8304
- C:\Windows\System\HLkXmum.exe
  C:\Windows\System\HLkXmum.exe
  2⤵
  PID:8320
- C:\Windows\System\vWBEznC.exe
  C:\Windows\System\vWBEznC.exe
  2⤵
  PID:8336
- C:\Windows\System\ALwyIFR.exe
  C:\Windows\System\ALwyIFR.exe
  2⤵
  PID:8352
- C:\Windows\System\SYfmitT.exe
  C:\Windows\System\SYfmitT.exe
  2⤵
  PID:8368
- C:\Windows\System\WMgHZTE.exe
  C:\Windows\System\WMgHZTE.exe
  2⤵
  PID:8384
- C:\Windows\System\drBkSPG.exe
  C:\Windows\System\drBkSPG.exe
  2⤵
  PID:8400
- C:\Windows\System\jVbBkkL.exe
  C:\Windows\System\jVbBkkL.exe
  2⤵
  PID:8416
- C:\Windows\System\MMKANCv.exe
  C:\Windows\System\MMKANCv.exe
  2⤵
  PID:8432
- C:\Windows\System\NMVGJWq.exe
  C:\Windows\System\NMVGJWq.exe
  2⤵
  PID:8448
- C:\Windows\System\OJdUIqA.exe
  C:\Windows\System\OJdUIqA.exe
  2⤵
  PID:8464
- C:\Windows\System\upgrvdJ.exe
  C:\Windows\System\upgrvdJ.exe
  2⤵
  PID:8480
- C:\Windows\System\oCHiOZS.exe
  C:\Windows\System\oCHiOZS.exe
  2⤵
  PID:8496
- C:\Windows\System\ECtLrTH.exe
  C:\Windows\System\ECtLrTH.exe
  2⤵
  PID:8512
- C:\Windows\System\DJirqeq.exe
  C:\Windows\System\DJirqeq.exe
  2⤵
  PID:8528
- C:\Windows\System\NpwvmdH.exe
  C:\Windows\System\NpwvmdH.exe
  2⤵
  PID:8544
- C:\Windows\System\jyNrbFA.exe
  C:\Windows\System\jyNrbFA.exe
  2⤵
  PID:8560
- C:\Windows\System\mSxrePR.exe
  C:\Windows\System\mSxrePR.exe
  2⤵
  PID:8576
- C:\Windows\System\corJhff.exe
  C:\Windows\System\corJhff.exe
  2⤵
  PID:8592
- C:\Windows\System\MvxZpiR.exe
  C:\Windows\System\MvxZpiR.exe
  2⤵
  PID:8608
- C:\Windows\System\InYNdhK.exe
  C:\Windows\System\InYNdhK.exe
  2⤵
  PID:8624
- C:\Windows\System\zkpdyZh.exe
  C:\Windows\System\zkpdyZh.exe
  2⤵
  PID:8640
- C:\Windows\System\SGnEDCs.exe
  C:\Windows\System\SGnEDCs.exe
  2⤵
  PID:8656
- C:\Windows\System\ycYzCHW.exe
  C:\Windows\System\ycYzCHW.exe
  2⤵
  PID:8680
- C:\Windows\System\LupcBzH.exe
  C:\Windows\System\LupcBzH.exe
  2⤵
  PID:8696
- C:\Windows\System\ZUEapqj.exe
  C:\Windows\System\ZUEapqj.exe
  2⤵
  PID:8712
- C:\Windows\System\AKvLrya.exe
  C:\Windows\System\AKvLrya.exe
  2⤵
  PID:8776
- C:\Windows\System\UgtyCLB.exe
  C:\Windows\System\UgtyCLB.exe
  2⤵
  PID:8792
- C:\Windows\System\ApLujZw.exe
  C:\Windows\System\ApLujZw.exe
  2⤵
  PID:8808
- C:\Windows\System\PlEIZFb.exe
  C:\Windows\System\PlEIZFb.exe
  2⤵
  PID:8824
- C:\Windows\System\WvSWwnQ.exe
  C:\Windows\System\WvSWwnQ.exe
  2⤵
  PID:8840
- C:\Windows\System\fgLXQOx.exe
  C:\Windows\System\fgLXQOx.exe
  2⤵
  PID:8856
- C:\Windows\System\IXcguIa.exe
  C:\Windows\System\IXcguIa.exe
  2⤵
  PID:8872
- C:\Windows\System\CPwltoU.exe
  C:\Windows\System\CPwltoU.exe
  2⤵
  PID:8888
- C:\Windows\System\xpDMhLS.exe
  C:\Windows\System\xpDMhLS.exe
  2⤵
  PID:8904
- C:\Windows\System\Fbgggxn.exe
  C:\Windows\System\Fbgggxn.exe
  2⤵
  PID:8920
- C:\Windows\System\DhEkJbp.exe
  C:\Windows\System\DhEkJbp.exe
  2⤵
  PID:8936
- C:\Windows\System\VNZmeUF.exe
  C:\Windows\System\VNZmeUF.exe
  2⤵
  PID:8952
- C:\Windows\System\MajLvaV.exe
  C:\Windows\System\MajLvaV.exe
  2⤵
  PID:8968
- C:\Windows\System\ddqUMDa.exe
  C:\Windows\System\ddqUMDa.exe
  2⤵
  PID:8984
- C:\Windows\System\tzjAfrk.exe
  C:\Windows\System\tzjAfrk.exe
  2⤵
  PID:9004
- C:\Windows\System\UdtYIhq.exe
  C:\Windows\System\UdtYIhq.exe
  2⤵
  PID:9020
- C:\Windows\System\LTpsOKs.exe
  C:\Windows\System\LTpsOKs.exe
  2⤵
  PID:9036
- C:\Windows\System\IiHWJZF.exe
  C:\Windows\System\IiHWJZF.exe
  2⤵
  PID:9052
- C:\Windows\System\ydqCEZB.exe
  C:\Windows\System\ydqCEZB.exe
  2⤵
  PID:9068
- C:\Windows\System\bVKOmsc.exe
  C:\Windows\System\bVKOmsc.exe
  2⤵
  PID:9084
- C:\Windows\System\GJFvPAT.exe
  C:\Windows\System\GJFvPAT.exe
  2⤵
  PID:9100
- C:\Windows\System\GEjmFEB.exe
  C:\Windows\System\GEjmFEB.exe
  2⤵
  PID:9120
- C:\Windows\System\FPtmdfh.exe
  C:\Windows\System\FPtmdfh.exe
  2⤵
  PID:9136
- C:\Windows\System\QFHHFBd.exe
  C:\Windows\System\QFHHFBd.exe
  2⤵
  PID:9152
- C:\Windows\System\oZYFfpi.exe
  C:\Windows\System\oZYFfpi.exe
  2⤵
  PID:9168
- C:\Windows\System\OVSuaic.exe
  C:\Windows\System\OVSuaic.exe
  2⤵
  PID:9184
- C:\Windows\System\eeXXYSo.exe
  C:\Windows\System\eeXXYSo.exe
  2⤵
  PID:9200
- C:\Windows\System\HxocOKG.exe
  C:\Windows\System\HxocOKG.exe
  2⤵
  PID:8200
- C:\Windows\System\DLpwxPE.exe
  C:\Windows\System\DLpwxPE.exe
  2⤵
  PID:8264
- C:\Windows\System\ooEgtnq.exe
  C:\Windows\System\ooEgtnq.exe
  2⤵
  PID:8328
- C:\Windows\System\AZZCFGf.exe
  C:\Windows\System\AZZCFGf.exe
  2⤵
  PID:8392
- C:\Windows\System\PwoDSyQ.exe
  C:\Windows\System\PwoDSyQ.exe
  2⤵
  PID:8456
- C:\Windows\System\uanuQtG.exe
  C:\Windows\System\uanuQtG.exe
  2⤵
  PID:8520
- C:\Windows\System\GUmwSHk.exe
  C:\Windows\System\GUmwSHk.exe
  2⤵
  PID:8556
- C:\Windows\System\pHxwqGi.exe
  C:\Windows\System\pHxwqGi.exe
  2⤵
  PID:8620
- C:\Windows\System\GKJqElY.exe
  C:\Windows\System\GKJqElY.exe
  2⤵
  PID:8408
- C:\Windows\System\fCSUsRq.exe
  C:\Windows\System\fCSUsRq.exe
  2⤵
  PID:8216
- C:\Windows\System\bxydxgX.exe
  C:\Windows\System\bxydxgX.exe
  2⤵
  PID:8280
- C:\Windows\System\NQBYQgc.exe
  C:\Windows\System\NQBYQgc.exe
  2⤵
  PID:8344
- C:\Windows\System\OLFwBNk.exe
  C:\Windows\System\OLFwBNk.exe
  2⤵
  PID:8440
- C:\Windows\System\uGtfOAz.exe
  C:\Windows\System\uGtfOAz.exe
  2⤵
  PID:8504
- C:\Windows\System\oKlTQUt.exe
  C:\Windows\System\oKlTQUt.exe
  2⤵
  PID:8572
- C:\Windows\System\QnomVkf.exe
  C:\Windows\System\QnomVkf.exe
  2⤵
  PID:8636
- C:\Windows\System\nidxRHu.exe
  C:\Windows\System\nidxRHu.exe
  2⤵
  PID:8104
- C:\Windows\System\fHJfVot.exe
  C:\Windows\System\fHJfVot.exe
  2⤵
  PID:8704
- C:\Windows\System\aUayPOb.exe
  C:\Windows\System\aUayPOb.exe
  2⤵
  PID:8732
- C:\Windows\System\HjiHqxs.exe
  C:\Windows\System\HjiHqxs.exe
  2⤵
  PID:8744
- C:\Windows\System\jCjIsnF.exe
  C:\Windows\System\jCjIsnF.exe
  2⤵
  PID:8784
- C:\Windows\System\HTYlwCD.exe
  C:\Windows\System\HTYlwCD.exe
  2⤵
  PID:8788
- C:\Windows\System\heFZpXp.exe
  C:\Windows\System\heFZpXp.exe
  2⤵
  PID:8816
- C:\Windows\System\fswgFoz.exe
  C:\Windows\System\fswgFoz.exe
  2⤵
  PID:8868
- C:\Windows\System\QUraZfO.exe
  C:\Windows\System\QUraZfO.exe
  2⤵
  PID:8896
- C:\Windows\System\jRwAfVY.exe
  C:\Windows\System\jRwAfVY.exe
  2⤵
  PID:8932
- C:\Windows\System\NeZjYjq.exe
  C:\Windows\System\NeZjYjq.exe
  2⤵
  PID:8916
- C:\Windows\System\UaUBtyF.exe
  C:\Windows\System\UaUBtyF.exe
  2⤵
  PID:8976
- C:\Windows\System\rudtWQN.exe
  C:\Windows\System\rudtWQN.exe
  2⤵
  PID:9000
- C:\Windows\System\lerNOjk.exe
  C:\Windows\System\lerNOjk.exe
  2⤵
  PID:9064
- C:\Windows\System\SVlebvO.exe
  C:\Windows\System\SVlebvO.exe
  2⤵
  PID:9132
- C:\Windows\System\swDPjoy.exe
  C:\Windows\System\swDPjoy.exe
  2⤵
  PID:9044
- C:\Windows\System\jaFnVPE.exe
  C:\Windows\System\jaFnVPE.exe
  2⤵
  PID:9144
- C:\Windows\System\OCmbqKD.exe
  C:\Windows\System\OCmbqKD.exe
  2⤵
  PID:9076
- C:\Windows\System\PQmiAxV.exe
  C:\Windows\System\PQmiAxV.exe
  2⤵
  PID:9208
- C:\Windows\System\cgEPPzg.exe
  C:\Windows\System\cgEPPzg.exe
  2⤵
  PID:8360
- C:\Windows\System\lPZWrfe.exe
  C:\Windows\System\lPZWrfe.exe
  2⤵
  PID:8588
- C:\Windows\System\EhMwJBQ.exe
  C:\Windows\System\EhMwJBQ.exe
  2⤵
  PID:8312
- C:\Windows\System\MYLHhDE.exe
  C:\Windows\System\MYLHhDE.exe
  2⤵
  PID:8376
- C:\Windows\System\fpQfxZG.exe
  C:\Windows\System\fpQfxZG.exe
  2⤵
  PID:8632
- C:\Windows\System\vojtctU.exe
  C:\Windows\System\vojtctU.exe
  2⤵
  PID:8424
- C:\Windows\System\AaEGavG.exe
  C:\Windows\System\AaEGavG.exe
  2⤵
  PID:8668
- C:\Windows\System\AGaPrcv.exe
  C:\Windows\System\AGaPrcv.exe
  2⤵
  PID:8248
- C:\Windows\System\BaHGyvU.exe
  C:\Windows\System\BaHGyvU.exe
  2⤵
  PID:8540
- C:\Windows\System\GmnCVDi.exe
  C:\Windows\System\GmnCVDi.exe
  2⤵
  PID:8740
- C:\Windows\System\OiskfdI.exe
  C:\Windows\System\OiskfdI.exe
  2⤵
  PID:8820
- C:\Windows\System\OqVXLpU.exe
  C:\Windows\System\OqVXLpU.exe
  2⤵
  PID:8884
- C:\Windows\System\rKhBrAk.exe
  C:\Windows\System\rKhBrAk.exe
  2⤵
  PID:8964
- C:\Windows\System\BBUzKvb.exe
  C:\Windows\System\BBUzKvb.exe
  2⤵
  PID:8880
- C:\Windows\System\psooDKT.exe
  C:\Windows\System\psooDKT.exe
  2⤵
  PID:9192
- C:\Windows\System\WhZbSbw.exe
  C:\Windows\System\WhZbSbw.exe
  2⤵
  PID:8236
- C:\Windows\System\xqjEuDT.exe
  C:\Windows\System\xqjEuDT.exe
  2⤵
  PID:8604
- C:\Windows\System\cfXQXIT.exe
  C:\Windows\System\cfXQXIT.exe
  2⤵
  PID:9096
- C:\Windows\System\GFeootr.exe
  C:\Windows\System\GFeootr.exe
  2⤵
  PID:9128
- C:\Windows\System\PudIzzl.exe
  C:\Windows\System\PudIzzl.exe
  2⤵
  PID:9148
- C:\Windows\System\CShsFIO.exe
  C:\Windows\System\CShsFIO.exe
  2⤵
  PID:8296
- C:\Windows\System\ZSfPzGI.exe
  C:\Windows\System\ZSfPzGI.exe
  2⤵
  PID:8728
- C:\Windows\System\rhvxewy.exe
  C:\Windows\System\rhvxewy.exe
  2⤵
  PID:8752
- C:\Windows\System\qVLeYeb.exe
  C:\Windows\System\qVLeYeb.exe
  2⤵
  PID:9060
- C:\Windows\System\GEmyWOh.exe
  C:\Windows\System\GEmyWOh.exe
  2⤵
  PID:9032
- C:\Windows\System\pxSJnvl.exe
  C:\Windows\System\pxSJnvl.exe
  2⤵
  PID:8996
- C:\Windows\System\fohaXQs.exe
  C:\Windows\System\fohaXQs.exe
  2⤵
  PID:8488
- C:\Windows\System\uTxUGQR.exe
  C:\Windows\System\uTxUGQR.exe
  2⤵
  PID:8428
- C:\Windows\System\UwQyRkC.exe
  C:\Windows\System\UwQyRkC.exe
  2⤵
  PID:8832
- C:\Windows\System\uYXsJbo.exe
  C:\Windows\System\uYXsJbo.exe
  2⤵
  PID:8380
- C:\Windows\System\GgWNAqO.exe
  C:\Windows\System\GgWNAqO.exe
  2⤵
  PID:8476
- C:\Windows\System\TFKoynM.exe
  C:\Windows\System\TFKoynM.exe
  2⤵
  PID:8664
- C:\Windows\System\iMgtuvp.exe
  C:\Windows\System\iMgtuvp.exe
  2⤵
  PID:9220
- C:\Windows\System\igmkQZV.exe
  C:\Windows\System\igmkQZV.exe
  2⤵
  PID:9236
- C:\Windows\System\NoPTLMU.exe
  C:\Windows\System\NoPTLMU.exe
  2⤵
  PID:9252
- C:\Windows\System\lJewJKW.exe
  C:\Windows\System\lJewJKW.exe
  2⤵
  PID:9268
- C:\Windows\System\MTBtumw.exe
  C:\Windows\System\MTBtumw.exe
  2⤵
  PID:9284
- C:\Windows\System\wAjrhOG.exe
  C:\Windows\System\wAjrhOG.exe
  2⤵
  PID:9300
- C:\Windows\System\CZYVemZ.exe
  C:\Windows\System\CZYVemZ.exe
  2⤵
  PID:9316
- C:\Windows\System\MmAtetw.exe
  C:\Windows\System\MmAtetw.exe
  2⤵
  PID:9332
- C:\Windows\System\cyyVpOl.exe
  C:\Windows\System\cyyVpOl.exe
  2⤵
  PID:9348
- C:\Windows\System\bFvUODF.exe
  C:\Windows\System\bFvUODF.exe
  2⤵
  PID:9364
- C:\Windows\System\BdUxHEj.exe
  C:\Windows\System\BdUxHEj.exe
  2⤵
  PID:9380
- C:\Windows\System\LJFaRFI.exe
  C:\Windows\System\LJFaRFI.exe
  2⤵
  PID:9396
- C:\Windows\System\udWJTTD.exe
  C:\Windows\System\udWJTTD.exe
  2⤵
  PID:9412
- C:\Windows\System\GgBQtMK.exe
  C:\Windows\System\GgBQtMK.exe
  2⤵
  PID:9428
- C:\Windows\System\rbcaCAm.exe
  C:\Windows\System\rbcaCAm.exe
  2⤵
  PID:9444
- C:\Windows\System\BsuSRou.exe
  C:\Windows\System\BsuSRou.exe
  2⤵
  PID:9460
- C:\Windows\System\YreTjqc.exe
  C:\Windows\System\YreTjqc.exe
  2⤵
  PID:9480
- C:\Windows\System\mRqRbAM.exe
  C:\Windows\System\mRqRbAM.exe
  2⤵
  PID:9496
- C:\Windows\System\OkERjly.exe
  C:\Windows\System\OkERjly.exe
  2⤵
  PID:9512
- C:\Windows\System\HghVjJs.exe
  C:\Windows\System\HghVjJs.exe
  2⤵
  PID:9528
- C:\Windows\System\LoOWTMY.exe
  C:\Windows\System\LoOWTMY.exe
  2⤵
  PID:9544
- C:\Windows\System\sZgLkyX.exe
  C:\Windows\System\sZgLkyX.exe
  2⤵
  PID:9560
- C:\Windows\System\qdeGQao.exe
  C:\Windows\System\qdeGQao.exe
  2⤵
  PID:9576
- C:\Windows\System\ZqguMdw.exe
  C:\Windows\System\ZqguMdw.exe
  2⤵
  PID:9592
- C:\Windows\System\NizsbIs.exe
  C:\Windows\System\NizsbIs.exe
  2⤵
  PID:9608
- C:\Windows\System\tJmymme.exe
  C:\Windows\System\tJmymme.exe
  2⤵
  PID:9624
- C:\Windows\System\vXdZess.exe
  C:\Windows\System\vXdZess.exe
  2⤵
  PID:9640
- C:\Windows\System\ezwwONX.exe
  C:\Windows\System\ezwwONX.exe
  2⤵
  PID:9656
- C:\Windows\System\QrlADky.exe
  C:\Windows\System\QrlADky.exe
  2⤵
  PID:9672
- C:\Windows\System\EoZfBzh.exe
  C:\Windows\System\EoZfBzh.exe
  2⤵
  PID:9688
- C:\Windows\System\RWFOxjQ.exe
  C:\Windows\System\RWFOxjQ.exe
  2⤵
  PID:9704
- C:\Windows\System\ZCNzJPl.exe
  C:\Windows\System\ZCNzJPl.exe
  2⤵
  PID:9720
- C:\Windows\System\vvXPbuf.exe
  C:\Windows\System\vvXPbuf.exe
  2⤵
  PID:9736
- C:\Windows\System\OYItQAh.exe
  C:\Windows\System\OYItQAh.exe
  2⤵
  PID:9752
- C:\Windows\System\DGnBuAi.exe
  C:\Windows\System\DGnBuAi.exe
  2⤵
  PID:9768
- C:\Windows\System\bAtRAkx.exe
  C:\Windows\System\bAtRAkx.exe
  2⤵
  PID:9784
- C:\Windows\System\qgTHTZk.exe
  C:\Windows\System\qgTHTZk.exe
  2⤵
  PID:9804
- C:\Windows\System\CmsTbHD.exe
  C:\Windows\System\CmsTbHD.exe
  2⤵
  PID:9820
- C:\Windows\System\hStPaOm.exe
  C:\Windows\System\hStPaOm.exe
  2⤵
  PID:9836
- C:\Windows\System\RenHxFQ.exe
  C:\Windows\System\RenHxFQ.exe
  2⤵
  PID:9852
- C:\Windows\System\cGWBEIT.exe
  C:\Windows\System\cGWBEIT.exe
  2⤵
  PID:9868
- C:\Windows\System\bYFtcGT.exe
  C:\Windows\System\bYFtcGT.exe
  2⤵
  PID:9884
- C:\Windows\System\HCvUIQn.exe
  C:\Windows\System\HCvUIQn.exe
  2⤵
  PID:9900
- C:\Windows\System\mZZGeDI.exe
  C:\Windows\System\mZZGeDI.exe
  2⤵
  PID:9916
- C:\Windows\System\roAqomV.exe
  C:\Windows\System\roAqomV.exe
  2⤵
  PID:9932
- C:\Windows\System\otmoPAy.exe
  C:\Windows\System\otmoPAy.exe
  2⤵
  PID:9948
- C:\Windows\System\NqxeshO.exe
  C:\Windows\System\NqxeshO.exe
  2⤵
  PID:9964
- C:\Windows\System\wiOQvXZ.exe
  C:\Windows\System\wiOQvXZ.exe
  2⤵
  PID:9980
- C:\Windows\System\wCvdRZr.exe
  C:\Windows\System\wCvdRZr.exe
  2⤵
  PID:9996
- C:\Windows\System\NEbbwPQ.exe
  C:\Windows\System\NEbbwPQ.exe
  2⤵
  PID:10012
- C:\Windows\System\lthQktK.exe
  C:\Windows\System\lthQktK.exe
  2⤵
  PID:10028
- C:\Windows\System\wyzGJzy.exe
  C:\Windows\System\wyzGJzy.exe
  2⤵
  PID:10044
- C:\Windows\System\zRuCQPC.exe
  C:\Windows\System\zRuCQPC.exe
  2⤵
  PID:10060
- C:\Windows\System\tUIUoNm.exe
  C:\Windows\System\tUIUoNm.exe
  2⤵
  PID:10076
- C:\Windows\System\Tlxzpuf.exe
  C:\Windows\System\Tlxzpuf.exe
  2⤵
  PID:10092
- C:\Windows\System\qIUwisV.exe
  C:\Windows\System\qIUwisV.exe
  2⤵
  PID:10108
- C:\Windows\System\ZeDUFUK.exe
  C:\Windows\System\ZeDUFUK.exe
  2⤵
  PID:10124
- C:\Windows\System\TbRhrFu.exe
  C:\Windows\System\TbRhrFu.exe
  2⤵
  PID:10140
- C:\Windows\System\PqTELLz.exe
  C:\Windows\System\PqTELLz.exe
  2⤵
  PID:10156
- C:\Windows\System\XRYjwbE.exe
  C:\Windows\System\XRYjwbE.exe
  2⤵
  PID:10172
- C:\Windows\System\DAWUBlf.exe
  C:\Windows\System\DAWUBlf.exe
  2⤵
  PID:10188
- C:\Windows\System\nwVSxuH.exe
  C:\Windows\System\nwVSxuH.exe
  2⤵
  PID:10204
- C:\Windows\System\NaTvsbS.exe
  C:\Windows\System\NaTvsbS.exe
  2⤵
  PID:10220
- C:\Windows\System\IMysRrc.exe
  C:\Windows\System\IMysRrc.exe
  2⤵
  PID:10236
- C:\Windows\System\XiGJfTN.exe
  C:\Windows\System\XiGJfTN.exe
  2⤵
  PID:9228
- C:\Windows\System\BSepMAV.exe
  C:\Windows\System\BSepMAV.exe
  2⤵
  PID:9280
- C:\Windows\System\JIgflXN.exe
  C:\Windows\System\JIgflXN.exe
  2⤵
  PID:9260
- C:\Windows\System\LTlkUvO.exe
  C:\Windows\System\LTlkUvO.exe
  2⤵
  PID:9312
- C:\Windows\System\IcTBQqu.exe
  C:\Windows\System\IcTBQqu.exe
  2⤵
  PID:9372
- C:\Windows\System\sjUOalV.exe
  C:\Windows\System\sjUOalV.exe
  2⤵
  PID:9388
- C:\Windows\System\wElCbmB.exe
  C:\Windows\System\wElCbmB.exe
  2⤵
  PID:9408
- C:\Windows\System\aFUFVja.exe
  C:\Windows\System\aFUFVja.exe
  2⤵
  PID:9488
- C:\Windows\System\uwrbeOP.exe
  C:\Windows\System\uwrbeOP.exe
  2⤵
  PID:9504
- C:\Windows\System\wSwTfSq.exe
  C:\Windows\System\wSwTfSq.exe
  2⤵
  PID:9540
- C:\Windows\System\NaHSPRb.exe
  C:\Windows\System\NaHSPRb.exe
  2⤵
  PID:9604
- C:\Windows\System\gohCygI.exe
  C:\Windows\System\gohCygI.exe
  2⤵
  PID:9492
- C:\Windows\System\hEdvbbf.exe
  C:\Windows\System\hEdvbbf.exe
  2⤵
  PID:9588
- C:\Windows\System\EGhMiQc.exe
  C:\Windows\System\EGhMiQc.exe
  2⤵
  PID:9648
- C:\Windows\System\iSayvRo.exe
  C:\Windows\System\iSayvRo.exe
  2⤵
  PID:9696
- C:\Windows\System\izvVlvJ.exe
  C:\Windows\System\izvVlvJ.exe
  2⤵
  PID:9760
- C:\Windows\System\ZTmFNdB.exe
  C:\Windows\System\ZTmFNdB.exe
  2⤵
  PID:9684
- C:\Windows\System\tPzRvdK.exe
  C:\Windows\System\tPzRvdK.exe
  2⤵
  PID:9780
- C:\Windows\System\NvKUcBd.exe
  C:\Windows\System\NvKUcBd.exe
  2⤵
  PID:9776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AiIokeO.exe

Filesize
6.0MB

MD5
0bfa3ec71474132802b730b63c6054d9

SHA1
81591aeacac1872373b60d8c95bb01f044b04d32

SHA256
df449e6d03db523bc7ef13ce92e3c3d6c1852809740bc96650c4149eae7ac018

SHA512
c54919e687f76bf98c94755530187e3199ef7f29591198b62c03278c758547fbbca16fe9b4d1f0ecf6d4a09c69783779fe713d306e88c57d0705aee2395441f8

Download Submit
C:\Windows\system\ISdIzGC.exe

Filesize
6.0MB

MD5
2476f5340d89b8b96a0180b2d439f576

SHA1
66f4cfdf7a8640c3b6d04897b3b09192d4f3a02c

SHA256
678193469036baa09e6b1bd2c97c6947e7ac8772d0acc211f2b7a5c55031febd

SHA512
d565ba2a7a1b3215b96726f31e566a2e1ab5d55a154644c7233fbf45c0b3b971ca44696d67ce62c5e13163a934aa68e8aacf57ecacaddb02dfaa2d55221c5a2f

Download Submit
C:\Windows\system\Nmmridh.exe

Filesize
6.0MB

MD5
85e66bcf31b0facb3cecc425cc1a38d8

SHA1
85c6ebd1e03f8e4d601b9cd601f85a0a42638bbd

SHA256
21f721c8dbc288c1637a3408b05a9ffee9e1f2df0af42230a4cc9602ba4923bd

SHA512
23253dc6e52c5262f960c508735170a32a7537468977754fbb284c5e5b0e4ea9ef1b97153c79efcfc0abbb03e534826b42da5c124c74a8c8c227cc5df4d472ac

Download Submit
C:\Windows\system\TCnSmMz.exe

Filesize
6.0MB

MD5
cf911b2be5b0a3cf22434c1abc0e42b3

SHA1
88c4d25e7c59c4c7f138a4e9e7f6e486906c5c07

SHA256
c2eeea6d319646abd40a7e3182c3dcb8d38d36c46d22d0cccece66c4169f16f3

SHA512
db29cd50e0cc56ef670c8b5e41044e1c442310491b158946c8dfcb002dcf8bd8f2280bf6775326d0369acfe3b7615a3791011a52ad0fec4c92c30cfefb043818

Download Submit
C:\Windows\system\TOqITBU.exe

Filesize
6.0MB

MD5
ce688f7899e7d3a94ab3c016fb2e5032

SHA1
77b77ac2e3b3ade826e0ad815dab142513241383

SHA256
8e4c235ca4dfad97700c6189d018bd1ed1f2b0eee04dcd54588248b5e1f0bd92

SHA512
3e9732db34001577f395dd37c17cc099e97b1ae3122cee4338fc7ab007c5794bc030b03cb7e208d5373feb43899c4c3f975732a543ed25adc505d97f93632e8f

Download Submit
C:\Windows\system\UMHGdkz.exe

Filesize
6.0MB

MD5
7747a966c279a246c09e76c90e334bce

SHA1
10a1b68d53ad4223c18e62c921dd7afe13e1499b

SHA256
673a2208a04803011baef091cc40c7445c4d92849b7faf67ab79a91fa3ad6229

SHA512
785f875758e000b46ab2449602bc8229bf373bf463e4940a3c05c09dca7aec5ebae5e58af1c6f3f87781f7385c75df9160a7a1bfdf592e01aee7a0083a1de09f

Download Submit
C:\Windows\system\aMkCyVv.exe

Filesize
6.0MB

MD5
737d607412128432559deba17d8632ee

SHA1
b1a594d118e07a5c7ae0a951d0d5d5fe05b734fe

SHA256
854960a7f74b5afbdfa8ce8ab5e65cf0942833134ee6de093f4a653d56ee379a

SHA512
cea750f6289a2e2c56e786d1034e91817e05c66c93c8c15c518f90eeeb83895cf81f42f5bf36ac52f6bbc6a9d5474eec2f4f943d5899588b33a352b818a856b5

Download Submit
C:\Windows\system\bUKynWX.exe

Filesize
6.0MB

MD5
dcd75822907aae854cc9c25966736351

SHA1
9f7b19c980de04ea99588c41e0632eaa9441be27

SHA256
aef0c9b2303f4e291ab1ff506a640fbac7aeb8e8db8a71a10bea5e8281bf004b

SHA512
b4143e0943c2c376f3ca2fab2d35165b01935125f44f9d916fc2c03a239d4c70466432cd85669dfe5f5d55ca16e78a6191f5af764b18cf3f2e6824b5f91e3c96

Download Submit
C:\Windows\system\dBUwhbT.exe

Filesize
6.0MB

MD5
107294a7cd020b9f42290d0f9202cec3

SHA1
c86ba9717537d7982efac2e883cb7f342bd75946

SHA256
b602d349a8e4fc5adc53405c821f3a91ac4a3f3525690fc89c25c013ce749d2d

SHA512
f88a4d2e14faf7ce752336e7a5ca63c1b6adbf0b317bec5486e5be0363b64afb546506b933bc4ecb84de2d5c32e37d3a76ed13b3667c68725128a7cbaebb3a3c

Download Submit
C:\Windows\system\dWkdDax.exe

Filesize
6.0MB

MD5
68bff9f13442712d5bbc9e6fd1974c0b

SHA1
af889597955bdac3dfd0b06e4faf67444ae599ab

SHA256
e4362011234902bb8cc36c87f109dfe6a7206691fc0575126683165a6349e648

SHA512
2d5f50ed185b33338fda4e6b271c85d89fd71512d6b7c595f8e1841fbeb15cfd7704d88edffd0b13c94d5d20a90003fdf519d7cebba074267ef9d95ec16ddcfd

Download Submit
C:\Windows\system\fvEPrkb.exe

Filesize
6.0MB

MD5
56ec55aff5c120abd20d32673c84a8a3

SHA1
063cb6a7882ff06e50cef101975cca68cf174b38

SHA256
e698f8192ee6c26b7a8df90a31733a3ef3726b29b1a9cdf0ff18dad21b7a58e6

SHA512
d38a70bcc997e5e035c819fc7287b4dc3345a41f4378ecf37c773c1d1603439d4062ac3b1788180e3b58498cd487afba7985a43f1539cf89cffdc83b7c7b54a6

Download Submit
C:\Windows\system\hgjSKYZ.exe

Filesize
6.0MB

MD5
052de3daee1a08919d99914c4d286cbc

SHA1
97c7c6348fa6f59e9809ace8f5ffeeb9785dc561

SHA256
4649d22183ae11b783d39464510eceb6a1c7a5917fe2266cae8c041078b403f0

SHA512
70b51c175c3fd84754e727f40576bb042dfc1eb818f57f7aa3371524ef29fd118ee9ce463f7c9b0d53dc1b06ec44993a3ee72a909ef10d13adf75459f60e4077

Download Submit
C:\Windows\system\nlRNPIb.exe

Filesize
6.0MB

MD5
f915ea389d124a4adabd30f1a2c443de

SHA1
d0bd8e0b4e79f38aa6f5a6c7b5d452e644496ad4

SHA256
9ee605e764222cbb8a5bb659359d8189a4ac516a04dd7f126944a461c69f9b0b

SHA512
a444e672bb405616784469176411533c6369a3575fbfd55cccb0f94c65772e380a353cadb936f7be3fa33c5a7c21a80c7304756667a1eccc3adee22999b660a6

Download Submit
C:\Windows\system\tKwvHFV.exe

Filesize
6.0MB

MD5
9a22bd2a174087ea3c8a8d38adaa74e6

SHA1
2683636284337fe8eedc778a00cbb5cf4c69a5f6

SHA256
993d3009f578a314a0302987cc0e59ec0ba48371a75f4841d13c090719255d40

SHA512
db98dfae2c7fd831dc6a460c531a443746d342a63c87ec6de089d419cd5ed1edf94d1512de934c9cc995d7f2b1d474697e47cb858b02fa0f1fd46b29fa4ebf25

Download Submit
C:\Windows\system\uMRGViw.exe

Filesize
6.0MB

MD5
d39387d4e7e7d9ffabf8ed9812af3439

SHA1
6bcaef61d5c2ae649922298d878c3b0290240dd6

SHA256
8da4c0a9cfec319ad0cc418e3d31f9c43a3fc174c4d2bce0a8bc381ef346a5c6

SHA512
8a88bf1119c81d3509afc0e8f760c59432b1112f2ddc98c3a83402db00de0fc0b1986f36946361aafeea440c08ad1644bd331fe7ab6f3ae4aa63b7dcadf40375

Download Submit
C:\Windows\system\vToZOnZ.exe

Filesize
6.0MB

MD5
c89cb15d0bdb1f8a37925acb5f6f2f91

SHA1
e51e4bcbd55d2b556760e3282d52644349f91be8

SHA256
c5934ccee77480bca31198d9ded1f231de834483d72ae76ce664048ce1dfa41e

SHA512
9da09e11bce19c9939597df8f7a50377625eed41608455591426552f698be18486df825a85974e010b52e699321aa0c986ba29a96ed4817634d5d6ffd1cbb33e

Download Submit
C:\Windows\system\xAgdhxR.exe

Filesize
6.0MB

MD5
b742f6c3bcc38badca5b64a013a7c5af

SHA1
e802a53aea3d882f9034b8ff6a04e1c674b974b8

SHA256
3ceaf995fa0e6b882940cb4b6128fb36d73264d47f60c7aff510ef8dd3170a56

SHA512
004b04629965ff4178ebc4211fc90d29f62866b23e838f0a76a9b1b7b49847f33e5ebacecd0ca358ad69fa37806759c6a06cbb819a0095d121a182f5f4910694

Download Submit
C:\Windows\system\zbimQwy.exe

Filesize
6.0MB

MD5
6fba37a5aa46e4df403562f9454e7da8

SHA1
afa07a83737c598c82aedd46eaed54f59e461e79

SHA256
72dce94a8bdc070944cfe60910aebc07a8c162d7c6a45a4e41eb90999767530a

SHA512
29632b182d35e49a45b7e32d05c548761b0b9489b871e9e20426255706f7c22c0401c03e8f2a71d3503633e288ded3a678ac54495b8adeb08fd5e1e1ca5d672d

Download Submit
C:\Windows\system\zmHYBjj.exe

Filesize
6.0MB

MD5
0c06708a5f7cf78b2e967641729fc7a5

SHA1
a9187ffece7a2e90c3c0e439e5568b43517e346e

SHA256
20c492cdde6ecb3d337812f88ffce00b4d60b8dacf0f17709ebde44ea7f695cd

SHA512
a5801e50d0bd0fcd178749a71e294abbeffb4714fb85756746b66fabb5f7673dc9c9e054460434c25a4e57501c7ba64d6952008c6c9566879f371da9987ddb1d

Download Submit
\Windows\system\EHblwgM.exe

Filesize
6.0MB

MD5
d9625e32fd1c41f9a345c951687562d8

SHA1
38a2942e533c133fbcb7006ba917a38fed93c0cc

SHA256
aea785181d06e13f7dc5c0c40aff273b768afe66e5a043dc2f5cee2d0c49c1f5

SHA512
dd62bd9b37f1fe46c6922e76196c0002d97d6046307afe121e09a464fd3606a9d10f6b6abac1fe11a819718a85b518d8ebdd29d854a0b75aeb67d99803b48517

Download Submit
\Windows\system\GKotQZZ.exe

Filesize
6.0MB

MD5
845e73b3e8fc765eb34e078793eb8ff8

SHA1
1efc762d6b48850f92ec17387b2534f1da03c79b

SHA256
4102cca1f6d06d1eacc5970cf6d25ba29b3cc3835e5034e45a1c9ce87715f3ae

SHA512
2a6923dd9a33d769249f75ef15299376d35fe188ffeb29d1b16507221ee63273f8cffcbb0f618e65e184f0de8780998408e6fc4c2a6d8b2f2310fbcbf5dd5a6a

Download Submit
\Windows\system\HFmRfvA.exe

Filesize
6.0MB

MD5
aa363cfc13e7bbccdb59be48c6e9ab2c

SHA1
e92e2e399f5e9d34825a2ac550cf7449b2d5469e

SHA256
14f1e29f948f38d34c53f46df4ecdfd59cd78e20579301a8490fb69f1e6d3e4d

SHA512
c19280e2996185e00d75064c4b8a52c16e724c35a2cc81725ba26c0d6fdfea3b2e217723497c8d5b641576683d05ce642eb4dae60d08d16c0a08348d6c670acb

Download Submit
\Windows\system\MFgkezg.exe

Filesize
6.0MB

MD5
e6e056f2a4bbe59e710108a3c882597a

SHA1
bcbc5f5430ecb39f762edf2f72bfd1b4d8ede43a

SHA256
37a8b7bb999af826b791cea9457d2e9f539a6ef2ef774b3c64f5d0aa8d2d4a6d

SHA512
ff70a6b2d9dd0778775e2a6d49d2ae5460a16c400334ea81ea3fbe7ee4fbe8a06f60b106a2fbf7239dcf63862eddeec38a6c75c0cd26b8ace00885315ec469d0

Download Submit
\Windows\system\NdwfbmX.exe

Filesize
6.0MB

MD5
add002cdaf12eaa391871e8025b02999

SHA1
94f40d623fa727b7cfec96e406f9a6d3e9f3e594

SHA256
36485ff06726198137ad94f8d4db32af986982a897fc5e6274f9ec98f9a38aba

SHA512
d2d863bb6e1154cbb690775c8478bc6c854b6f77fd53c487bb495bd6fbc2a456094e2bde9789c29aa9758d6e07dd4f3f9d47bfb02d37e131b59ea656649f1bc3

Download Submit
\Windows\system\OyLeTKQ.exe

Filesize
6.0MB

MD5
a51cf69e19f26107cb455c16dedf6195

SHA1
e6df0e5bf8092de1f610941029e87590cf690417

SHA256
a1f7d684b85cd6cf72b9245a5361c001f7a7fa5489fea4262ff708f2d2794f0b

SHA512
92bc00f7199c73b6ed4699d89f2214e2c665f30239d63c81115db1211497aa03e53c0c50ba7edbcd1b1fc13a75d96e6bce5a97fcf0e207fa39cc404176a4dad2

Download Submit
\Windows\system\PEZJWsY.exe

Filesize
6.0MB

MD5
46ac94107407c76061e6c1a5200cf439

SHA1
31e39eeada0b6bab2d6680397e5203be913d72d8

SHA256
c335900f3fe3cbaa24c87ef0bd7f56bf649ba27493af054e8c17170d3b4b5cc1

SHA512
3d5e3d33baba22fb9b5d26b448fe53cee3ee80e48abcc1f9c3c74c7f35f218efad5c72ecfff8977fd8d351b9a77fcf8d6d240d23f149b70dc1a7ecef87592d07

Download Submit
\Windows\system\QNVEKAT.exe

Filesize
6.0MB

MD5
f50ddac310b3e8e13f9ebc25def58f98

SHA1
fb3450f1de28d2b93de6d522db99a0060af3c748

SHA256
0c406dbb09bdf72f4ab86f711c1d914928e19c8a6ae4400d6187c004720f7219

SHA512
1aa42e33bc2ff3e1bcaa45700bc5499ba1880cc09c2f8eef95b2589556b7ef559f8eee96e2deb789e288ca3729857f5c017237e30f18143fa5431b2f87d774df

Download Submit
\Windows\system\QUtNQup.exe

Filesize
6.0MB

MD5
4085215b8b490700d0d9a16873574b77

SHA1
e363fd2d28e41aafc07ddef749187ec96c5ebe88

SHA256
2dc7a43c991c98c939e6b7365b19ba79d69f8fb0c05f498e803738e67efc0778

SHA512
24decd555539fcd3d07ed5e1a7913f87a689c3f370f3195c3faf7bd690d0cc8683cc0402e6de9ca025475823b01c1ab722b6a3fbe3cd317e26313a9024405060

Download Submit
\Windows\system\QqXaqWO.exe

Filesize
6.0MB

MD5
a102bf012b939781eea199bbb301c76f

SHA1
9e46088c19d34b712e3ddd04423c64d7f8751d3c

SHA256
e2991cf6021325e015aba6451151d1d0ba4a238b5c494794b10113ceffd72974

SHA512
b8c9659f1ee81ccaaa67416ee6578ee50cafe9b278bb6f54c4a51e0e86fa88216f0895a32f72353956d9115904321f175dd1fd24260ef94ba3434e631ad0c67b

Download Submit
\Windows\system\RbbMCch.exe

Filesize
6.0MB

MD5
ab36b80083e54e4d4ac0e9b5f11d57cf

SHA1
1810fa7e80f45ac067d3d257eefd6f93f6dab38e

SHA256
b3cd93786d3cf2ca0d77498419bffa69b6324bcfdb3218124e8aacdbc27c7f91

SHA512
a6d3a47ddcde02bf9ce145a611f7a66089f5ea522b42194b4bb0e679e32b01418ba793afb9b5805c2d0787eaa1d49c302a827f10ab4e1aae4b9f77c204302db1

Download Submit
\Windows\system\RdZfVDo.exe

Filesize
6.0MB

MD5
b8018d5a7eec3b4daf03a1a4755268a2

SHA1
38092c769c1289ef5b91cb63a1ce871fa6962e45

SHA256
d13ae2eff561dbc61d3d14018d419f3876e7256b52061f8403264f555d651f4f

SHA512
af3fcc9baf13528d1b4645be91330ab0d10d868ca9f971d47177752b706fddce230111da4122c4675bd753b5a365a980a30aee7803cd69e2dcdae61b4823bf21

Download Submit
\Windows\system\XhPrsBx.exe

Filesize
6.0MB

MD5
3e84cebb23c60100062b4a1126fab2ae

SHA1
d99107c4df9aed1de0b20e268cdf2eb0a8e43f26

SHA256
66a7edaa0a61474353d39915fa37e365202a3a16130f6100758019cf7fdd3717

SHA512
9aee2c16c39d72684ab6bc3f1e20caf54da7e612ccffe5d6ad15138486092e38a97d8233c26db49e92fc970adb7b69302863079925a210a8697b7acd6d3c96b2

Download Submit
\Windows\system\ZBGSKLR.exe

Filesize
6.0MB

MD5
6ac2a4ae051b19fdaeb2415e23386322

SHA1
f6ead7fce00a802d47d60f9f73c84c4423462667

SHA256
9b3a1803d1b3ed9d8ec016389d27a98af593531d1643bb45778299d60b0ca1f1

SHA512
fb31debbeabaa7eac38a3baf77a8788c2ae90159bed68e32eb7ce74ee2ce4884233b137b11c94c5e59d5cf93d11f2d5c9c3bd16fe80e9f571d3d298161ed23c0

Download Submit
\Windows\system\aMqpaND.exe

Filesize
6.0MB

MD5
fa83fc416309ba72f1a9eb5b6a06e33f

SHA1
d4b64ab479f8e609b3d2974ffb2783361728ec57

SHA256
8439fdf5ba315849f0582249fa1b6e3d89add4c42f5c750273f9f0b93b14cdda

SHA512
6156a27c66f6a43e49b313da9170a944cf6c8fe5d4dceec113497ac374227e797717af5bcaa4459a6a0b7f3a54f5fd9bea3047ab213e044b9ace5b07d27cde88

Download Submit
\Windows\system\fzPpApZ.exe

Filesize
6.0MB

MD5
1734d11ba7aa6dc419c483990af30656

SHA1
3066ea2601399e3647bd68094ad17fed0aadf51f

SHA256
22de0a20fc07d4024bd761b347bf5b9898a2adb122fc9a639e3b1e0a2555d228

SHA512
7c7dc4b634512b2adcc90899883cb85677816bd12a71ab4c0d2e10c53a721ce8eb48c667a9f3b56bf5ea6eff0d21255fea9dc4fd52ede12ad1d9175df63b5de1

Download Submit
\Windows\system\gfFBRnu.exe

Filesize
6.0MB

MD5
e2324bb91382aa0665e590ef26ff2265

SHA1
9945df4a1dd04539bbcd49eab80358fd492978c8

SHA256
2cc0bc3afea7cac53a1a93bca939fa25604dd5bd94995ece89fb328498e9b852

SHA512
94a7f9bc7cf1941353a5c74d27a6bf480aa5f769b00c9c4610c95732372a85b3d061121d2ed91b08f8c708d3df7e09ee74de08707c86ab4c19de23b313a70dfe

Download Submit
\Windows\system\hYkiaFd.exe

Filesize
6.0MB

MD5
f450e4b22d56620a5a19e2d809267a3d

SHA1
4e619d806784f864f0e00594719f806276271191

SHA256
649970a693fd3e3f87d4c131fbe5c51c592be988ab1e6e6c693b3a3c1e5bd826

SHA512
3f0f03913fb1b10441e1e91c6edde65e6aeb725b962e0a52855ae87bba8705115e0a4d677aa0725afbbe489cacb1de35406a5d534a8b46c45567e1e01fb5be7b

Download Submit
\Windows\system\htelbcP.exe

Filesize
6.0MB

MD5
9871f169eef70ea280afcd44fcc4ed59

SHA1
58a83b333c624dc023663804a61f45a6128ac916

SHA256
5968b6a90b7bd2d3173369a3e6311b2885249609beb16c88b7c6815010565c00

SHA512
e58158b19b539c234278956e95bf058bad391cc79255f6f382315ce84e8ec94f8f13a1e8f1d0a6426ab89c2a23a7d543bdc2ad09b5556e2b3732b164e0e9fd1e

Download Submit
\Windows\system\jduPNLK.exe

Filesize
6.0MB

MD5
b1fe78c3d7d0df0c1be1989f2cd29802

SHA1
77be4c09c82611916c4c21200c898a3417725b32

SHA256
50bd86a79474313d7f4af0f134c87e18e7ad11c3b5209b07d482b144f97a83dd

SHA512
2f2740d0fd88578d970d62145c841caee51173470a475241a790e24f104e2303a8c4d1ff2ff8fc948930706bf13139fe167a63204f10c4fe05df09f6215ade17

Download Submit
\Windows\system\nGigLLx.exe

Filesize
6.0MB

MD5
f48c973ab0a80e35eb1fca5d5d9f15fd

SHA1
f2c54c0e464e1602e7936cc59d5a17ec7c07b4ed

SHA256
e654e819cf8a072ef53b698053730972ed76335f9c70ee4c3cbd86a948a50d02

SHA512
eb3edecb35881b5e458e106f4006b437a037619b1ce9068e0f971e05f3122a0619a96e4009a63ac0ba903b9137f2f4c32519a6279912ed13a6019dfef5b796d4

Download Submit
memory/1204-236-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1204-3605-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1608-3608-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1608-230-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2120-3646-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2120-239-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2380-18-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2380-3610-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2544-3607-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2544-222-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1188-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1187-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2644-241-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2644-240-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2644-11-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2644-272-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2644-274-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-277-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2644-207-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2644-233-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2644-189-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2644-177-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2644-280-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2644-164-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2644-149-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1385-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1384-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2644-126-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2644-909-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1060-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2644-242-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2644-0-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1189-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1190-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1191-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1180-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1383-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-108-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2644-107-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2644-68-0x00000000024D0000-0x0000000002824000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3645-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2652-267-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3606-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2724-220-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3609-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-195-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-127-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3647-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2832-201-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3604-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download