cobaltstrike | 5db8bfe5317d1aca84b098acc76fd9a8ae430bce0e3547b95679139b9c18f409

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-11-2024 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b9c885739f5c95ce98f31fb24b401991
SHA1

82286e584b82b8f9f946aa2aacaf4d53b963c8f1
SHA256

5db8bfe5317d1aca84b098acc76fd9a8ae430bce0e3547b95679139b9c18f409
SHA512

c33b6392d60872398036a9d50cf3e6bb1bc3c9eeda5811cf6e5e839cdc8a8b0b9efd274cbe9c20f89cc492e2fea5fa8ea9c2b8973721d3bcd99a6778244c3d56
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUL:T+q56utgpPF8u/7L

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012029-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019273-9.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001932a-25.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001933e-32.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019346-40.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a486-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a8-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-195.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ac-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4aa-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a2-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a0-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a497-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48a-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a478-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a455-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-92.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194f6-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019384-51.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41c-66.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41a-65.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000192f0-16.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2532-0-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x000b000000012029-3.dat	xmrig
behavioral1/files/0x0008000000019273-9.dat	xmrig
behavioral1/memory/836-21-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/1724-19-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x000600000001932a-25.dat	xmrig
behavioral1/memory/2804-27-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/files/0x000600000001933e-32.dat	xmrig
behavioral1/memory/2532-36-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2912-70-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019346-40.dat	xmrig
behavioral1/memory/2656-87-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2868-101-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a486-119.dat	xmrig
behavioral1/files/0x000500000001a4a8-145.dat	xmrig
behavioral1/files/0x000500000001a4b5-171.dat	xmrig
behavioral1/files/0x000500000001a4bd-191.dat	xmrig
behavioral1/memory/1592-1489-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2656-738-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2912-277-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b9-185.dat	xmrig
behavioral1/files/0x000500000001a4b7-179.dat	xmrig
behavioral1/files/0x000500000001a4b1-165.dat	xmrig
behavioral1/files/0x000500000001a4bf-195.dat	xmrig
behavioral1/files/0x000500000001a4ac-155.dat	xmrig
behavioral1/files/0x000500000001a4bb-188.dat	xmrig
behavioral1/files/0x000500000001a4b3-168.dat	xmrig
behavioral1/files/0x000500000001a4af-159.dat	xmrig
behavioral1/files/0x000500000001a4aa-149.dat	xmrig
behavioral1/files/0x000500000001a4a2-139.dat	xmrig
behavioral1/files/0x000500000001a4a0-135.dat	xmrig
behavioral1/files/0x000500000001a497-129.dat	xmrig
behavioral1/files/0x000500000001a48a-124.dat	xmrig
behavioral1/files/0x000500000001a478-114.dat	xmrig
behavioral1/files/0x000500000001a477-108.dat	xmrig
behavioral1/memory/1592-102-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x000500000001a455-100.dat	xmrig
behavioral1/memory/2076-97-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2804-89-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2372-88-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2756-86-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41d-84.dat	xmrig
behavioral1/files/0x000500000001a41b-82.dat	xmrig
behavioral1/files/0x000500000001a41e-92.dat	xmrig
behavioral1/files/0x00070000000194f6-81.dat	xmrig
behavioral1/memory/836-80-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/1724-79-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2812-77-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019384-51.dat	xmrig
behavioral1/memory/2868-50-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2532-68-0x0000000002330000-0x0000000002684000-memory.dmp	xmrig
behavioral1/memory/2776-67-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41c-66.dat	xmrig
behavioral1/files/0x000500000001a41a-65.dat	xmrig
behavioral1/memory/2468-42-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2488-35-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x00070000000192f0-16.dat	xmrig
behavioral1/memory/2468-8-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2468-4028-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/1724-4029-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/836-4030-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2488-4031-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2804-4032-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2776-4033-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2468	LBbVnEy.exe
1724	bYMtjKw.exe
836	PlyGClg.exe
2804	CZTdCUV.exe
2488	IWjijhg.exe
2868	FXWzQaI.exe
2776	ADqrkcf.exe
2812	xhdhvBR.exe
2912	UacARTn.exe
2756	HsPsdtk.exe
2656	txZLCVv.exe
2372	iIbfLEt.exe
2076	MGJHLvU.exe
1592	PGofXwC.exe
1444	tvGdZES.exe
2968	iIXzKVL.exe
1432	NxAkuVU.exe
2828	gQMCcTY.exe
2820	rauHuLr.exe
756	oMvdIji.exe
2944	xqQxRkt.exe
1892	sGOaydl.exe
1568	xxxtaXH.exe
2036	RaHXczm.exe
1704	aGbzoPo.exe
2588	XQGWQDT.exe
1640	mrLamiN.exe
3052	dJFoVMe.exe
708	uypIKbM.exe
1984	GpdVrCl.exe
936	DYeijGm.exe
1800	pOstFBE.exe
1628	akYDZMj.exe
1472	PuKAclo.exe
2084	oqhQVHr.exe
2296	wxyxCIs.exe
1308	myYtPGR.exe
3028	WEEknur.exe
1744	hqbBFug.exe
1520	VFWElvE.exe
1992	QjtcohO.exe
1652	nCduntB.exe
2584	ScLiCzb.exe
2764	pIjNEUg.exe
2788	ZaKADuN.exe
2636	YsybKFM.exe
616	elRrrlP.exe
620	ohLdZhW.exe
2388	OLFVbZF.exe
1268	AMyaoHc.exe
2228	chgVDJG.exe
2260	abIbdTe.exe
2484	XzCxPvg.exe
2052	AtTZond.exe
2508	pbUIoYC.exe
1876	NMmPmsI.exe
1924	ugnPeUt.exe
1524	mBFPkXg.exe
1600	WbVgWRV.exe
2348	aieBQXu.exe
3024	LFKWsZa.exe
2956	nNOUxpJ.exe
1584	GpFzwUJ.exe
780	QuCRUeY.exe

Loads dropped DLL 64 IoCs

pid	Process
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2532-0-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x000b000000012029-3.dat	upx
behavioral1/files/0x0008000000019273-9.dat	upx
behavioral1/memory/836-21-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/1724-19-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x000600000001932a-25.dat	upx
behavioral1/memory/2804-27-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/files/0x000600000001933e-32.dat	upx
behavioral1/memory/2532-36-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2912-70-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x0006000000019346-40.dat	upx
behavioral1/memory/2656-87-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2868-101-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x000500000001a486-119.dat	upx
behavioral1/files/0x000500000001a4a8-145.dat	upx
behavioral1/files/0x000500000001a4b5-171.dat	upx
behavioral1/files/0x000500000001a4bd-191.dat	upx
behavioral1/memory/1592-1489-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2656-738-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2912-277-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x000500000001a4b9-185.dat	upx
behavioral1/files/0x000500000001a4b7-179.dat	upx
behavioral1/files/0x000500000001a4b1-165.dat	upx
behavioral1/files/0x000500000001a4bf-195.dat	upx
behavioral1/files/0x000500000001a4ac-155.dat	upx
behavioral1/files/0x000500000001a4bb-188.dat	upx
behavioral1/files/0x000500000001a4b3-168.dat	upx
behavioral1/files/0x000500000001a4af-159.dat	upx
behavioral1/files/0x000500000001a4aa-149.dat	upx
behavioral1/files/0x000500000001a4a2-139.dat	upx
behavioral1/files/0x000500000001a4a0-135.dat	upx
behavioral1/files/0x000500000001a497-129.dat	upx
behavioral1/files/0x000500000001a48a-124.dat	upx
behavioral1/files/0x000500000001a478-114.dat	upx
behavioral1/files/0x000500000001a477-108.dat	upx
behavioral1/memory/1592-102-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x000500000001a455-100.dat	upx
behavioral1/memory/2076-97-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2804-89-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2372-88-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2756-86-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x000500000001a41d-84.dat	upx
behavioral1/files/0x000500000001a41b-82.dat	upx
behavioral1/files/0x000500000001a41e-92.dat	upx
behavioral1/files/0x00070000000194f6-81.dat	upx
behavioral1/memory/836-80-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/1724-79-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2812-77-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x0006000000019384-51.dat	upx
behavioral1/memory/2868-50-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2776-67-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x000500000001a41c-66.dat	upx
behavioral1/files/0x000500000001a41a-65.dat	upx
behavioral1/memory/2468-42-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2488-35-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x00070000000192f0-16.dat	upx
behavioral1/memory/2468-8-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2468-4028-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/1724-4029-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/836-4030-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2488-4031-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2804-4032-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2776-4033-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2868-4034-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zEnlkzQ.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SEEChmR.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MXECdHj.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqQxRkt.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VFWElvE.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXIeRyr.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BZXqcHG.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pcQloUs.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btLYnHJ.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\apCSHbM.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SPxDTen.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xyIkHeV.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHpFYwf.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDFHVLt.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LgmfaXx.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xECCFey.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDYKgst.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TDCcFyM.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SXQRkQm.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\itufacC.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wUHhvba.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GLXagjK.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjysDag.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EhfngQY.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ncVauab.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EELjsjv.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cyKhwWH.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HNvkUxT.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qywSqCM.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SrCUKWn.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dPCmUbb.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UZqyUVc.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sgmqUHs.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KAkkTti.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\otQCnjT.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RvoMZjY.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpdVrCl.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oqhQVHr.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qCfEOeY.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MUDAFLa.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UwSLVWI.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PitkmAv.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\msYboqI.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wDtOMBT.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPxCysU.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gbzuqzz.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpSZNhj.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSIUsvv.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IwkIGdX.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WFMHnNX.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CrfCAFS.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQlWJKM.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RVFFVri.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lNQkqgr.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FcAJCpo.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WaTnjFd.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iNbfPZG.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TsorSig.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GPFJNjY.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SSqmMee.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KbRPTfl.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TonywBA.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SVDLfyy.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gKgueXY.exe	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2468	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2532 wrote to memory of 2468	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2532 wrote to memory of 2468	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2532 wrote to memory of 836	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2532 wrote to memory of 836	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2532 wrote to memory of 836	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2532 wrote to memory of 1724	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2532 wrote to memory of 1724	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2532 wrote to memory of 1724	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2532 wrote to memory of 2804	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2532 wrote to memory of 2804	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2532 wrote to memory of 2804	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2532 wrote to memory of 2488	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2532 wrote to memory of 2488	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2532 wrote to memory of 2488	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2532 wrote to memory of 2868	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2532 wrote to memory of 2868	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2532 wrote to memory of 2868	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2532 wrote to memory of 2776	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2532 wrote to memory of 2776	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2532 wrote to memory of 2776	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2532 wrote to memory of 2756	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2532 wrote to memory of 2756	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2532 wrote to memory of 2756	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2532 wrote to memory of 2812	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2532 wrote to memory of 2812	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2532 wrote to memory of 2812	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2532 wrote to memory of 2656	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2532 wrote to memory of 2656	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2532 wrote to memory of 2656	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2532 wrote to memory of 2912	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2532 wrote to memory of 2912	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2532 wrote to memory of 2912	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2532 wrote to memory of 2372	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2532 wrote to memory of 2372	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2532 wrote to memory of 2372	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2532 wrote to memory of 2076	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2532 wrote to memory of 2076	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2532 wrote to memory of 2076	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2532 wrote to memory of 1592	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2532 wrote to memory of 1592	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2532 wrote to memory of 1592	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2532 wrote to memory of 1444	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2532 wrote to memory of 1444	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2532 wrote to memory of 1444	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2532 wrote to memory of 2968	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2532 wrote to memory of 2968	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2532 wrote to memory of 2968	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2532 wrote to memory of 1432	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2532 wrote to memory of 1432	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2532 wrote to memory of 1432	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2532 wrote to memory of 2828	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2532 wrote to memory of 2828	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2532 wrote to memory of 2828	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2532 wrote to memory of 2820	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2532 wrote to memory of 2820	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2532 wrote to memory of 2820	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2532 wrote to memory of 756	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2532 wrote to memory of 756	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2532 wrote to memory of 756	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2532 wrote to memory of 2944	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2532 wrote to memory of 2944	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2532 wrote to memory of 2944	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2532 wrote to memory of 1892	2532	2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-11_b9c885739f5c95ce98f31fb24b401991_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\System\LBbVnEy.exe
  C:\Windows\System\LBbVnEy.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\PlyGClg.exe
  C:\Windows\System\PlyGClg.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\bYMtjKw.exe
  C:\Windows\System\bYMtjKw.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\CZTdCUV.exe
  C:\Windows\System\CZTdCUV.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\IWjijhg.exe
  C:\Windows\System\IWjijhg.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\FXWzQaI.exe
  C:\Windows\System\FXWzQaI.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\ADqrkcf.exe
  C:\Windows\System\ADqrkcf.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\HsPsdtk.exe
  C:\Windows\System\HsPsdtk.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\xhdhvBR.exe
  C:\Windows\System\xhdhvBR.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\txZLCVv.exe
  C:\Windows\System\txZLCVv.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\UacARTn.exe
  C:\Windows\System\UacARTn.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\iIbfLEt.exe
  C:\Windows\System\iIbfLEt.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\MGJHLvU.exe
  C:\Windows\System\MGJHLvU.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\PGofXwC.exe
  C:\Windows\System\PGofXwC.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\tvGdZES.exe
  C:\Windows\System\tvGdZES.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\iIXzKVL.exe
  C:\Windows\System\iIXzKVL.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\NxAkuVU.exe
  C:\Windows\System\NxAkuVU.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\gQMCcTY.exe
  C:\Windows\System\gQMCcTY.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\rauHuLr.exe
  C:\Windows\System\rauHuLr.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\oMvdIji.exe
  C:\Windows\System\oMvdIji.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\xqQxRkt.exe
  C:\Windows\System\xqQxRkt.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\sGOaydl.exe
  C:\Windows\System\sGOaydl.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\xxxtaXH.exe
  C:\Windows\System\xxxtaXH.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\RaHXczm.exe
  C:\Windows\System\RaHXczm.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\aGbzoPo.exe
  C:\Windows\System\aGbzoPo.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\XQGWQDT.exe
  C:\Windows\System\XQGWQDT.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\mrLamiN.exe
  C:\Windows\System\mrLamiN.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\uypIKbM.exe
  C:\Windows\System\uypIKbM.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\dJFoVMe.exe
  C:\Windows\System\dJFoVMe.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\GpdVrCl.exe
  C:\Windows\System\GpdVrCl.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\DYeijGm.exe
  C:\Windows\System\DYeijGm.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\elRrrlP.exe
  C:\Windows\System\elRrrlP.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\pOstFBE.exe
  C:\Windows\System\pOstFBE.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\ohLdZhW.exe
  C:\Windows\System\ohLdZhW.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\akYDZMj.exe
  C:\Windows\System\akYDZMj.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\AMyaoHc.exe
  C:\Windows\System\AMyaoHc.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\PuKAclo.exe
  C:\Windows\System\PuKAclo.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\chgVDJG.exe
  C:\Windows\System\chgVDJG.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\oqhQVHr.exe
  C:\Windows\System\oqhQVHr.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\abIbdTe.exe
  C:\Windows\System\abIbdTe.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\wxyxCIs.exe
  C:\Windows\System\wxyxCIs.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\XzCxPvg.exe
  C:\Windows\System\XzCxPvg.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\myYtPGR.exe
  C:\Windows\System\myYtPGR.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\AtTZond.exe
  C:\Windows\System\AtTZond.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\WEEknur.exe
  C:\Windows\System\WEEknur.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\pbUIoYC.exe
  C:\Windows\System\pbUIoYC.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\hqbBFug.exe
  C:\Windows\System\hqbBFug.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\NMmPmsI.exe
  C:\Windows\System\NMmPmsI.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\VFWElvE.exe
  C:\Windows\System\VFWElvE.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\ugnPeUt.exe
  C:\Windows\System\ugnPeUt.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\QjtcohO.exe
  C:\Windows\System\QjtcohO.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\mBFPkXg.exe
  C:\Windows\System\mBFPkXg.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\nCduntB.exe
  C:\Windows\System\nCduntB.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\WbVgWRV.exe
  C:\Windows\System\WbVgWRV.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\ScLiCzb.exe
  C:\Windows\System\ScLiCzb.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\aieBQXu.exe
  C:\Windows\System\aieBQXu.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\pIjNEUg.exe
  C:\Windows\System\pIjNEUg.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\LFKWsZa.exe
  C:\Windows\System\LFKWsZa.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\ZaKADuN.exe
  C:\Windows\System\ZaKADuN.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\nNOUxpJ.exe
  C:\Windows\System\nNOUxpJ.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\YsybKFM.exe
  C:\Windows\System\YsybKFM.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\GpFzwUJ.exe
  C:\Windows\System\GpFzwUJ.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\OLFVbZF.exe
  C:\Windows\System\OLFVbZF.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\QuCRUeY.exe
  C:\Windows\System\QuCRUeY.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\djZmScT.exe
  C:\Windows\System\djZmScT.exe
  2⤵
  PID:2236
- C:\Windows\System\wXFSHVq.exe
  C:\Windows\System\wXFSHVq.exe
  2⤵
  PID:1944
- C:\Windows\System\UadDLss.exe
  C:\Windows\System\UadDLss.exe
  2⤵
  PID:2436
- C:\Windows\System\wwmPOMQ.exe
  C:\Windows\System\wwmPOMQ.exe
  2⤵
  PID:596
- C:\Windows\System\NTLUbmB.exe
  C:\Windows\System\NTLUbmB.exe
  2⤵
  PID:2476
- C:\Windows\System\WzCAZHt.exe
  C:\Windows\System\WzCAZHt.exe
  2⤵
  PID:996
- C:\Windows\System\yArdDru.exe
  C:\Windows\System\yArdDru.exe
  2⤵
  PID:2140
- C:\Windows\System\TrwKTsi.exe
  C:\Windows\System\TrwKTsi.exe
  2⤵
  PID:2752
- C:\Windows\System\bWoTVxw.exe
  C:\Windows\System\bWoTVxw.exe
  2⤵
  PID:3044
- C:\Windows\System\KvlysCm.exe
  C:\Windows\System\KvlysCm.exe
  2⤵
  PID:2888
- C:\Windows\System\RvEUHFm.exe
  C:\Windows\System\RvEUHFm.exe
  2⤵
  PID:1416
- C:\Windows\System\XdtxHTr.exe
  C:\Windows\System\XdtxHTr.exe
  2⤵
  PID:280
- C:\Windows\System\cpDosKD.exe
  C:\Windows\System\cpDosKD.exe
  2⤵
  PID:2608
- C:\Windows\System\bwtcqwn.exe
  C:\Windows\System\bwtcqwn.exe
  2⤵
  PID:3040
- C:\Windows\System\ireaNEQ.exe
  C:\Windows\System\ireaNEQ.exe
  2⤵
  PID:2952
- C:\Windows\System\JUSbQia.exe
  C:\Windows\System\JUSbQia.exe
  2⤵
  PID:2520
- C:\Windows\System\CwjjFlT.exe
  C:\Windows\System\CwjjFlT.exe
  2⤵
  PID:1456
- C:\Windows\System\iKgSOtI.exe
  C:\Windows\System\iKgSOtI.exe
  2⤵
  PID:848
- C:\Windows\System\Cpiegxz.exe
  C:\Windows\System\Cpiegxz.exe
  2⤵
  PID:1720
- C:\Windows\System\RPxCysU.exe
  C:\Windows\System\RPxCysU.exe
  2⤵
  PID:2940
- C:\Windows\System\pFYOVBL.exe
  C:\Windows\System\pFYOVBL.exe
  2⤵
  PID:1964
- C:\Windows\System\lXXlPGr.exe
  C:\Windows\System\lXXlPGr.exe
  2⤵
  PID:892
- C:\Windows\System\svzRrbI.exe
  C:\Windows\System\svzRrbI.exe
  2⤵
  PID:1676
- C:\Windows\System\icutnXW.exe
  C:\Windows\System\icutnXW.exe
  2⤵
  PID:2268
- C:\Windows\System\uxFTrTp.exe
  C:\Windows\System\uxFTrTp.exe
  2⤵
  PID:3068
- C:\Windows\System\ZHtTMzd.exe
  C:\Windows\System\ZHtTMzd.exe
  2⤵
  PID:588
- C:\Windows\System\IMCfVfb.exe
  C:\Windows\System\IMCfVfb.exe
  2⤵
  PID:2552
- C:\Windows\System\AddAYWo.exe
  C:\Windows\System\AddAYWo.exe
  2⤵
  PID:2932
- C:\Windows\System\tsEQIhk.exe
  C:\Windows\System\tsEQIhk.exe
  2⤵
  PID:3084
- C:\Windows\System\btLYnHJ.exe
  C:\Windows\System\btLYnHJ.exe
  2⤵
  PID:3100
- C:\Windows\System\IObkzel.exe
  C:\Windows\System\IObkzel.exe
  2⤵
  PID:3116
- C:\Windows\System\soctITI.exe
  C:\Windows\System\soctITI.exe
  2⤵
  PID:3132
- C:\Windows\System\AhCHimO.exe
  C:\Windows\System\AhCHimO.exe
  2⤵
  PID:3148
- C:\Windows\System\sUrChDq.exe
  C:\Windows\System\sUrChDq.exe
  2⤵
  PID:3164
- C:\Windows\System\RbaZoUR.exe
  C:\Windows\System\RbaZoUR.exe
  2⤵
  PID:3180
- C:\Windows\System\gUxEiLP.exe
  C:\Windows\System\gUxEiLP.exe
  2⤵
  PID:3200
- C:\Windows\System\BqEONOB.exe
  C:\Windows\System\BqEONOB.exe
  2⤵
  PID:3224
- C:\Windows\System\udcsSUA.exe
  C:\Windows\System\udcsSUA.exe
  2⤵
  PID:3260
- C:\Windows\System\OVAZUME.exe
  C:\Windows\System\OVAZUME.exe
  2⤵
  PID:3280
- C:\Windows\System\pXfjiXW.exe
  C:\Windows\System\pXfjiXW.exe
  2⤵
  PID:3296
- C:\Windows\System\OoHasPV.exe
  C:\Windows\System\OoHasPV.exe
  2⤵
  PID:3312
- C:\Windows\System\ocxMasH.exe
  C:\Windows\System\ocxMasH.exe
  2⤵
  PID:3328
- C:\Windows\System\TOLlaIY.exe
  C:\Windows\System\TOLlaIY.exe
  2⤵
  PID:3344
- C:\Windows\System\kAupEZp.exe
  C:\Windows\System\kAupEZp.exe
  2⤵
  PID:3368
- C:\Windows\System\Vgyakwc.exe
  C:\Windows\System\Vgyakwc.exe
  2⤵
  PID:3384
- C:\Windows\System\ZyzInvO.exe
  C:\Windows\System\ZyzInvO.exe
  2⤵
  PID:3400
- C:\Windows\System\QLfinvn.exe
  C:\Windows\System\QLfinvn.exe
  2⤵
  PID:3416
- C:\Windows\System\YXzGGRb.exe
  C:\Windows\System\YXzGGRb.exe
  2⤵
  PID:3432
- C:\Windows\System\cFlnaQM.exe
  C:\Windows\System\cFlnaQM.exe
  2⤵
  PID:3448
- C:\Windows\System\KPcVkku.exe
  C:\Windows\System\KPcVkku.exe
  2⤵
  PID:3464
- C:\Windows\System\VPycdlb.exe
  C:\Windows\System\VPycdlb.exe
  2⤵
  PID:3480
- C:\Windows\System\UrfkNxb.exe
  C:\Windows\System\UrfkNxb.exe
  2⤵
  PID:3496
- C:\Windows\System\UgIGcDf.exe
  C:\Windows\System\UgIGcDf.exe
  2⤵
  PID:3516
- C:\Windows\System\IhfMhnE.exe
  C:\Windows\System\IhfMhnE.exe
  2⤵
  PID:3552
- C:\Windows\System\hcEGjRP.exe
  C:\Windows\System\hcEGjRP.exe
  2⤵
  PID:3584
- C:\Windows\System\pRSpllM.exe
  C:\Windows\System\pRSpllM.exe
  2⤵
  PID:3660
- C:\Windows\System\QVigbok.exe
  C:\Windows\System\QVigbok.exe
  2⤵
  PID:3676
- C:\Windows\System\VSrOaxY.exe
  C:\Windows\System\VSrOaxY.exe
  2⤵
  PID:3696
- C:\Windows\System\guTdETb.exe
  C:\Windows\System\guTdETb.exe
  2⤵
  PID:3716
- C:\Windows\System\gKgueXY.exe
  C:\Windows\System\gKgueXY.exe
  2⤵
  PID:3740
- C:\Windows\System\PYltvdr.exe
  C:\Windows\System\PYltvdr.exe
  2⤵
  PID:3756
- C:\Windows\System\GXRRYzo.exe
  C:\Windows\System\GXRRYzo.exe
  2⤵
  PID:3780
- C:\Windows\System\xpaIeua.exe
  C:\Windows\System\xpaIeua.exe
  2⤵
  PID:3796
- C:\Windows\System\SrkTLrs.exe
  C:\Windows\System\SrkTLrs.exe
  2⤵
  PID:3820
- C:\Windows\System\KSPklLi.exe
  C:\Windows\System\KSPklLi.exe
  2⤵
  PID:3836
- C:\Windows\System\bcRZLdT.exe
  C:\Windows\System\bcRZLdT.exe
  2⤵
  PID:3864
- C:\Windows\System\hSMntWv.exe
  C:\Windows\System\hSMntWv.exe
  2⤵
  PID:3884
- C:\Windows\System\KsFSips.exe
  C:\Windows\System\KsFSips.exe
  2⤵
  PID:3904
- C:\Windows\System\jmoqiKh.exe
  C:\Windows\System\jmoqiKh.exe
  2⤵
  PID:3920
- C:\Windows\System\aUevevI.exe
  C:\Windows\System\aUevevI.exe
  2⤵
  PID:3940
- C:\Windows\System\wUHhvba.exe
  C:\Windows\System\wUHhvba.exe
  2⤵
  PID:3960
- C:\Windows\System\AQfMbmg.exe
  C:\Windows\System\AQfMbmg.exe
  2⤵
  PID:3984
- C:\Windows\System\gbPGbQM.exe
  C:\Windows\System\gbPGbQM.exe
  2⤵
  PID:4004
- C:\Windows\System\HfKVRfd.exe
  C:\Windows\System\HfKVRfd.exe
  2⤵
  PID:4024
- C:\Windows\System\viCjwQl.exe
  C:\Windows\System\viCjwQl.exe
  2⤵
  PID:4044
- C:\Windows\System\yzDgscO.exe
  C:\Windows\System\yzDgscO.exe
  2⤵
  PID:4064
- C:\Windows\System\BuObgCy.exe
  C:\Windows\System\BuObgCy.exe
  2⤵
  PID:4084
- C:\Windows\System\bCqGZeu.exe
  C:\Windows\System\bCqGZeu.exe
  2⤵
  PID:816
- C:\Windows\System\asmouLI.exe
  C:\Windows\System\asmouLI.exe
  2⤵
  PID:2540
- C:\Windows\System\YGaZtLm.exe
  C:\Windows\System\YGaZtLm.exe
  2⤵
  PID:2972
- C:\Windows\System\TouOhXv.exe
  C:\Windows\System\TouOhXv.exe
  2⤵
  PID:1016
- C:\Windows\System\UqFdjTX.exe
  C:\Windows\System\UqFdjTX.exe
  2⤵
  PID:1804
- C:\Windows\System\eeBIMvr.exe
  C:\Windows\System\eeBIMvr.exe
  2⤵
  PID:1884
- C:\Windows\System\wlzRcjw.exe
  C:\Windows\System\wlzRcjw.exe
  2⤵
  PID:3096
- C:\Windows\System\ejpKjXl.exe
  C:\Windows\System\ejpKjXl.exe
  2⤵
  PID:3192
- C:\Windows\System\clsxcJD.exe
  C:\Windows\System\clsxcJD.exe
  2⤵
  PID:3252
- C:\Windows\System\yCNDkEX.exe
  C:\Windows\System\yCNDkEX.exe
  2⤵
  PID:3356
- C:\Windows\System\LlPXwIy.exe
  C:\Windows\System\LlPXwIy.exe
  2⤵
  PID:3396
- C:\Windows\System\vYSkWOv.exe
  C:\Windows\System\vYSkWOv.exe
  2⤵
  PID:2464
- C:\Windows\System\rntfKbv.exe
  C:\Windows\System\rntfKbv.exe
  2⤵
  PID:492
- C:\Windows\System\rMazcFl.exe
  C:\Windows\System\rMazcFl.exe
  2⤵
  PID:1104
- C:\Windows\System\MRkyKTW.exe
  C:\Windows\System\MRkyKTW.exe
  2⤵
  PID:3492
- C:\Windows\System\PBprMbo.exe
  C:\Windows\System\PBprMbo.exe
  2⤵
  PID:3536
- C:\Windows\System\zwaVzqG.exe
  C:\Windows\System\zwaVzqG.exe
  2⤵
  PID:1624
- C:\Windows\System\EQYYAoS.exe
  C:\Windows\System\EQYYAoS.exe
  2⤵
  PID:2032
- C:\Windows\System\GIobFIA.exe
  C:\Windows\System\GIobFIA.exe
  2⤵
  PID:2072
- C:\Windows\System\uQwOzuG.exe
  C:\Windows\System\uQwOzuG.exe
  2⤵
  PID:3216
- C:\Windows\System\pSoXYdV.exe
  C:\Windows\System\pSoXYdV.exe
  2⤵
  PID:3544
- C:\Windows\System\ZgOvBJX.exe
  C:\Windows\System\ZgOvBJX.exe
  2⤵
  PID:3512
- C:\Windows\System\qgkYZOV.exe
  C:\Windows\System\qgkYZOV.exe
  2⤵
  PID:3444
- C:\Windows\System\LgAjZXW.exe
  C:\Windows\System\LgAjZXW.exe
  2⤵
  PID:3376
- C:\Windows\System\vKwTBND.exe
  C:\Windows\System\vKwTBND.exe
  2⤵
  PID:3304
- C:\Windows\System\LjubkkL.exe
  C:\Windows\System\LjubkkL.exe
  2⤵
  PID:1700
- C:\Windows\System\oxvSCIZ.exe
  C:\Windows\System\oxvSCIZ.exe
  2⤵
  PID:3604
- C:\Windows\System\XbsPqoU.exe
  C:\Windows\System\XbsPqoU.exe
  2⤵
  PID:3612
- C:\Windows\System\SDBCwYu.exe
  C:\Windows\System\SDBCwYu.exe
  2⤵
  PID:3632
- C:\Windows\System\agMrobW.exe
  C:\Windows\System\agMrobW.exe
  2⤵
  PID:3648
- C:\Windows\System\aQuSdFn.exe
  C:\Windows\System\aQuSdFn.exe
  2⤵
  PID:3692
- C:\Windows\System\MWKrcml.exe
  C:\Windows\System\MWKrcml.exe
  2⤵
  PID:3728
- C:\Windows\System\MapRHQk.exe
  C:\Windows\System\MapRHQk.exe
  2⤵
  PID:3708
- C:\Windows\System\FsrIiLs.exe
  C:\Windows\System\FsrIiLs.exe
  2⤵
  PID:3752
- C:\Windows\System\MYiBAiO.exe
  C:\Windows\System\MYiBAiO.exe
  2⤵
  PID:3808
- C:\Windows\System\mFAwQzc.exe
  C:\Windows\System\mFAwQzc.exe
  2⤵
  PID:3788
- C:\Windows\System\LkOtHQL.exe
  C:\Windows\System\LkOtHQL.exe
  2⤵
  PID:3892
- C:\Windows\System\XatcNRN.exe
  C:\Windows\System\XatcNRN.exe
  2⤵
  PID:3936
- C:\Windows\System\QCVHmSP.exe
  C:\Windows\System\QCVHmSP.exe
  2⤵
  PID:3980
- C:\Windows\System\FxYeQgI.exe
  C:\Windows\System\FxYeQgI.exe
  2⤵
  PID:3880
- C:\Windows\System\NWYsRkJ.exe
  C:\Windows\System\NWYsRkJ.exe
  2⤵
  PID:3916
- C:\Windows\System\aNwKpGA.exe
  C:\Windows\System\aNwKpGA.exe
  2⤵
  PID:4056
- C:\Windows\System\gHbgmEN.exe
  C:\Windows\System\gHbgmEN.exe
  2⤵
  PID:2644
- C:\Windows\System\hOtbPWd.exe
  C:\Windows\System\hOtbPWd.exe
  2⤵
  PID:3092
- C:\Windows\System\oCSVltF.exe
  C:\Windows\System\oCSVltF.exe
  2⤵
  PID:3248
- C:\Windows\System\vFOwwZc.exe
  C:\Windows\System\vFOwwZc.exe
  2⤵
  PID:3956
- C:\Windows\System\zENGhTE.exe
  C:\Windows\System\zENGhTE.exe
  2⤵
  PID:4036
- C:\Windows\System\fKGijdB.exe
  C:\Windows\System\fKGijdB.exe
  2⤵
  PID:4076
- C:\Windows\System\xtxggRo.exe
  C:\Windows\System\xtxggRo.exe
  2⤵
  PID:3428
- C:\Windows\System\pbWoNpE.exe
  C:\Windows\System\pbWoNpE.exe
  2⤵
  PID:476
- C:\Windows\System\hmwoddg.exe
  C:\Windows\System\hmwoddg.exe
  2⤵
  PID:2452
- C:\Windows\System\llNUxgm.exe
  C:\Windows\System\llNUxgm.exe
  2⤵
  PID:3160
- C:\Windows\System\qCfEOeY.exe
  C:\Windows\System\qCfEOeY.exe
  2⤵
  PID:2116
- C:\Windows\System\vsomiwv.exe
  C:\Windows\System\vsomiwv.exe
  2⤵
  PID:3548
- C:\Windows\System\GzHCrJO.exe
  C:\Windows\System\GzHCrJO.exe
  2⤵
  PID:3324
- C:\Windows\System\FIjifDS.exe
  C:\Windows\System\FIjifDS.exe
  2⤵
  PID:3412
- C:\Windows\System\MoebYdk.exe
  C:\Windows\System\MoebYdk.exe
  2⤵
  PID:3144
- C:\Windows\System\cdbtEKs.exe
  C:\Windows\System\cdbtEKs.exe
  2⤵
  PID:2024
- C:\Windows\System\GDQNOFR.exe
  C:\Windows\System\GDQNOFR.exe
  2⤵
  PID:3528
- C:\Windows\System\woOqaUC.exe
  C:\Windows\System\woOqaUC.exe
  2⤵
  PID:1532
- C:\Windows\System\ZBJjYUo.exe
  C:\Windows\System\ZBJjYUo.exe
  2⤵
  PID:3564
- C:\Windows\System\yndBzSM.exe
  C:\Windows\System\yndBzSM.exe
  2⤵
  PID:3620
- C:\Windows\System\YMwAFjH.exe
  C:\Windows\System\YMwAFjH.exe
  2⤵
  PID:3684
- C:\Windows\System\zhTGTqF.exe
  C:\Windows\System\zhTGTqF.exe
  2⤵
  PID:3776
- C:\Windows\System\lXmpdiL.exe
  C:\Windows\System\lXmpdiL.exe
  2⤵
  PID:3832
- C:\Windows\System\VaZvHbm.exe
  C:\Windows\System\VaZvHbm.exe
  2⤵
  PID:3912
- C:\Windows\System\kBQvkgc.exe
  C:\Windows\System\kBQvkgc.exe
  2⤵
  PID:3244
- C:\Windows\System\uooDtYY.exe
  C:\Windows\System\uooDtYY.exe
  2⤵
  PID:4000
- C:\Windows\System\HYdbKRy.exe
  C:\Windows\System\HYdbKRy.exe
  2⤵
  PID:2720
- C:\Windows\System\iSwBoOa.exe
  C:\Windows\System\iSwBoOa.exe
  2⤵
  PID:3320
- C:\Windows\System\RsYcERh.exe
  C:\Windows\System\RsYcERh.exe
  2⤵
  PID:4112
- C:\Windows\System\wbQtUsq.exe
  C:\Windows\System\wbQtUsq.exe
  2⤵
  PID:4128
- C:\Windows\System\eilKjHl.exe
  C:\Windows\System\eilKjHl.exe
  2⤵
  PID:4144
- C:\Windows\System\eRrahnf.exe
  C:\Windows\System\eRrahnf.exe
  2⤵
  PID:4168
- C:\Windows\System\VrdLPNx.exe
  C:\Windows\System\VrdLPNx.exe
  2⤵
  PID:4208
- C:\Windows\System\gbzuqzz.exe
  C:\Windows\System\gbzuqzz.exe
  2⤵
  PID:4224
- C:\Windows\System\yKSJXjI.exe
  C:\Windows\System\yKSJXjI.exe
  2⤵
  PID:4248
- C:\Windows\System\fpHmhTe.exe
  C:\Windows\System\fpHmhTe.exe
  2⤵
  PID:4268
- C:\Windows\System\XcvsIrB.exe
  C:\Windows\System\XcvsIrB.exe
  2⤵
  PID:4296
- C:\Windows\System\VLTVgdp.exe
  C:\Windows\System\VLTVgdp.exe
  2⤵
  PID:4380
- C:\Windows\System\iMcioWd.exe
  C:\Windows\System\iMcioWd.exe
  2⤵
  PID:4404
- C:\Windows\System\iCsQBot.exe
  C:\Windows\System\iCsQBot.exe
  2⤵
  PID:4424
- C:\Windows\System\pGysEef.exe
  C:\Windows\System\pGysEef.exe
  2⤵
  PID:4444
- C:\Windows\System\eXWKKsD.exe
  C:\Windows\System\eXWKKsD.exe
  2⤵
  PID:4464
- C:\Windows\System\aBCbmPA.exe
  C:\Windows\System\aBCbmPA.exe
  2⤵
  PID:4484
- C:\Windows\System\VzHoJZg.exe
  C:\Windows\System\VzHoJZg.exe
  2⤵
  PID:4504
- C:\Windows\System\YPiUBfX.exe
  C:\Windows\System\YPiUBfX.exe
  2⤵
  PID:4524
- C:\Windows\System\ahtjYPC.exe
  C:\Windows\System\ahtjYPC.exe
  2⤵
  PID:4544
- C:\Windows\System\PXkXSMg.exe
  C:\Windows\System\PXkXSMg.exe
  2⤵
  PID:4564
- C:\Windows\System\qyjypyo.exe
  C:\Windows\System\qyjypyo.exe
  2⤵
  PID:4584
- C:\Windows\System\ktsZkZl.exe
  C:\Windows\System\ktsZkZl.exe
  2⤵
  PID:4604
- C:\Windows\System\GPFJNjY.exe
  C:\Windows\System\GPFJNjY.exe
  2⤵
  PID:4624
- C:\Windows\System\koHIVqw.exe
  C:\Windows\System\koHIVqw.exe
  2⤵
  PID:4644
- C:\Windows\System\sEGtNeR.exe
  C:\Windows\System\sEGtNeR.exe
  2⤵
  PID:4664
- C:\Windows\System\QztprGP.exe
  C:\Windows\System\QztprGP.exe
  2⤵
  PID:4684
- C:\Windows\System\wTTzecG.exe
  C:\Windows\System\wTTzecG.exe
  2⤵
  PID:4704
- C:\Windows\System\difDPgT.exe
  C:\Windows\System\difDPgT.exe
  2⤵
  PID:4724
- C:\Windows\System\JJykeEG.exe
  C:\Windows\System\JJykeEG.exe
  2⤵
  PID:4740
- C:\Windows\System\QrHSFHY.exe
  C:\Windows\System\QrHSFHY.exe
  2⤵
  PID:4764
- C:\Windows\System\mBLFqZb.exe
  C:\Windows\System\mBLFqZb.exe
  2⤵
  PID:4784
- C:\Windows\System\coqVCFM.exe
  C:\Windows\System\coqVCFM.exe
  2⤵
  PID:4800
- C:\Windows\System\SSqmMee.exe
  C:\Windows\System\SSqmMee.exe
  2⤵
  PID:4824
- C:\Windows\System\LcSPHQC.exe
  C:\Windows\System\LcSPHQC.exe
  2⤵
  PID:4844
- C:\Windows\System\HAixOWm.exe
  C:\Windows\System\HAixOWm.exe
  2⤵
  PID:4864
- C:\Windows\System\MgwSFSL.exe
  C:\Windows\System\MgwSFSL.exe
  2⤵
  PID:4884
- C:\Windows\System\aCQIzsP.exe
  C:\Windows\System\aCQIzsP.exe
  2⤵
  PID:4904
- C:\Windows\System\MyPCBTC.exe
  C:\Windows\System\MyPCBTC.exe
  2⤵
  PID:4924
- C:\Windows\System\gfcsrqk.exe
  C:\Windows\System\gfcsrqk.exe
  2⤵
  PID:4944
- C:\Windows\System\rrGLEVf.exe
  C:\Windows\System\rrGLEVf.exe
  2⤵
  PID:4964
- C:\Windows\System\fRKLGfi.exe
  C:\Windows\System\fRKLGfi.exe
  2⤵
  PID:4984
- C:\Windows\System\tdWbkar.exe
  C:\Windows\System\tdWbkar.exe
  2⤵
  PID:5004
- C:\Windows\System\rqVOqZf.exe
  C:\Windows\System\rqVOqZf.exe
  2⤵
  PID:5024
- C:\Windows\System\zHtMGNi.exe
  C:\Windows\System\zHtMGNi.exe
  2⤵
  PID:5044
- C:\Windows\System\BpSZNhj.exe
  C:\Windows\System\BpSZNhj.exe
  2⤵
  PID:5060
- C:\Windows\System\ckhtOPD.exe
  C:\Windows\System\ckhtOPD.exe
  2⤵
  PID:5080
- C:\Windows\System\TkusFKc.exe
  C:\Windows\System\TkusFKc.exe
  2⤵
  PID:5100
- C:\Windows\System\lTeljGQ.exe
  C:\Windows\System\lTeljGQ.exe
  2⤵
  PID:3212
- C:\Windows\System\qgGAdLm.exe
  C:\Windows\System\qgGAdLm.exe
  2⤵
  PID:2816
- C:\Windows\System\oDFHVLt.exe
  C:\Windows\System\oDFHVLt.exe
  2⤵
  PID:2108
- C:\Windows\System\wDjqrYq.exe
  C:\Windows\System\wDjqrYq.exe
  2⤵
  PID:3828
- C:\Windows\System\FlOYWdl.exe
  C:\Windows\System\FlOYWdl.exe
  2⤵
  PID:4108
- C:\Windows\System\WSXnpfs.exe
  C:\Windows\System\WSXnpfs.exe
  2⤵
  PID:4180
- C:\Windows\System\AcTJkwX.exe
  C:\Windows\System\AcTJkwX.exe
  2⤵
  PID:3636
- C:\Windows\System\zylDJep.exe
  C:\Windows\System\zylDJep.exe
  2⤵
  PID:4192
- C:\Windows\System\bqisztq.exe
  C:\Windows\System\bqisztq.exe
  2⤵
  PID:3704
- C:\Windows\System\hSWjJNe.exe
  C:\Windows\System\hSWjJNe.exe
  2⤵
  PID:3856
- C:\Windows\System\hOJxfou.exe
  C:\Windows\System\hOJxfou.exe
  2⤵
  PID:4236
- C:\Windows\System\FbtvlmD.exe
  C:\Windows\System\FbtvlmD.exe
  2⤵
  PID:2856
- C:\Windows\System\dtSRJdZ.exe
  C:\Windows\System\dtSRJdZ.exe
  2⤵
  PID:640
- C:\Windows\System\WHYDRmB.exe
  C:\Windows\System\WHYDRmB.exe
  2⤵
  PID:4160
- C:\Windows\System\MTPdaFH.exe
  C:\Windows\System\MTPdaFH.exe
  2⤵
  PID:4060
- C:\Windows\System\novlhKw.exe
  C:\Windows\System\novlhKw.exe
  2⤵
  PID:3292
- C:\Windows\System\TctYHbk.exe
  C:\Windows\System\TctYHbk.exe
  2⤵
  PID:3996
- C:\Windows\System\DISNuAF.exe
  C:\Windows\System\DISNuAF.exe
  2⤵
  PID:3080
- C:\Windows\System\RDVckAs.exe
  C:\Windows\System\RDVckAs.exe
  2⤵
  PID:3476
- C:\Windows\System\iZRMwSX.exe
  C:\Windows\System\iZRMwSX.exe
  2⤵
  PID:3488
- C:\Windows\System\TERQZOM.exe
  C:\Windows\System\TERQZOM.exe
  2⤵
  PID:3948
- C:\Windows\System\iktqgVx.exe
  C:\Windows\System\iktqgVx.exe
  2⤵
  PID:2568
- C:\Windows\System\PIpDhCE.exe
  C:\Windows\System\PIpDhCE.exe
  2⤵
  PID:4292
- C:\Windows\System\XTLlaep.exe
  C:\Windows\System\XTLlaep.exe
  2⤵
  PID:4320
- C:\Windows\System\KbRPTfl.exe
  C:\Windows\System\KbRPTfl.exe
  2⤵
  PID:4340
- C:\Windows\System\HNvkUxT.exe
  C:\Windows\System\HNvkUxT.exe
  2⤵
  PID:4360
- C:\Windows\System\wIqvwYy.exe
  C:\Windows\System\wIqvwYy.exe
  2⤵
  PID:4372
- C:\Windows\System\LgmfaXx.exe
  C:\Windows\System\LgmfaXx.exe
  2⤵
  PID:4420
- C:\Windows\System\fkttphG.exe
  C:\Windows\System\fkttphG.exe
  2⤵
  PID:4472
- C:\Windows\System\bQjpPuS.exe
  C:\Windows\System\bQjpPuS.exe
  2⤵
  PID:4512
- C:\Windows\System\BXSzqoL.exe
  C:\Windows\System\BXSzqoL.exe
  2⤵
  PID:4516
- C:\Windows\System\GOHjYQl.exe
  C:\Windows\System\GOHjYQl.exe
  2⤵
  PID:4532
- C:\Windows\System\ojCKnSO.exe
  C:\Windows\System\ojCKnSO.exe
  2⤵
  PID:4596
- C:\Windows\System\mUGgAuA.exe
  C:\Windows\System\mUGgAuA.exe
  2⤵
  PID:4612
- C:\Windows\System\cPcKlug.exe
  C:\Windows\System\cPcKlug.exe
  2⤵
  PID:4652
- C:\Windows\System\dHISRwi.exe
  C:\Windows\System\dHISRwi.exe
  2⤵
  PID:4676
- C:\Windows\System\hfDlGQH.exe
  C:\Windows\System\hfDlGQH.exe
  2⤵
  PID:4748
- C:\Windows\System\MZxvLeS.exe
  C:\Windows\System\MZxvLeS.exe
  2⤵
  PID:4696
- C:\Windows\System\VXIeRyr.exe
  C:\Windows\System\VXIeRyr.exe
  2⤵
  PID:4796
- C:\Windows\System\raNBpVf.exe
  C:\Windows\System\raNBpVf.exe
  2⤵
  PID:4808
- C:\Windows\System\Ljndhvq.exe
  C:\Windows\System\Ljndhvq.exe
  2⤵
  PID:4872
- C:\Windows\System\USOyEhj.exe
  C:\Windows\System\USOyEhj.exe
  2⤵
  PID:4856
- C:\Windows\System\gbLlSmQ.exe
  C:\Windows\System\gbLlSmQ.exe
  2⤵
  PID:4892
- C:\Windows\System\BNzaLWS.exe
  C:\Windows\System\BNzaLWS.exe
  2⤵
  PID:4960
- C:\Windows\System\hiJRrVp.exe
  C:\Windows\System\hiJRrVp.exe
  2⤵
  PID:5000
- C:\Windows\System\LugNuMK.exe
  C:\Windows\System\LugNuMK.exe
  2⤵
  PID:5012
- C:\Windows\System\JwVPgED.exe
  C:\Windows\System\JwVPgED.exe
  2⤵
  PID:5016
- C:\Windows\System\NtRblwj.exe
  C:\Windows\System\NtRblwj.exe
  2⤵
  PID:5056
- C:\Windows\System\TlXoDdE.exe
  C:\Windows\System\TlXoDdE.exe
  2⤵
  PID:2880
- C:\Windows\System\RxMcxqK.exe
  C:\Windows\System\RxMcxqK.exe
  2⤵
  PID:5092
- C:\Windows\System\ELnQyZJ.exe
  C:\Windows\System\ELnQyZJ.exe
  2⤵
  PID:2352
- C:\Windows\System\NZBTLYW.exe
  C:\Windows\System\NZBTLYW.exe
  2⤵
  PID:3812
- C:\Windows\System\WOgtunX.exe
  C:\Windows\System\WOgtunX.exe
  2⤵
  PID:3724
- C:\Windows\System\prniRlo.exe
  C:\Windows\System\prniRlo.exe
  2⤵
  PID:4204
- C:\Windows\System\xALLGuH.exe
  C:\Windows\System\xALLGuH.exe
  2⤵
  PID:3928
- C:\Windows\System\DlmWMQp.exe
  C:\Windows\System\DlmWMQp.exe
  2⤵
  PID:4020
- C:\Windows\System\HXghhtk.exe
  C:\Windows\System\HXghhtk.exe
  2⤵
  PID:1908
- C:\Windows\System\QANZDVe.exe
  C:\Windows\System\QANZDVe.exe
  2⤵
  PID:4256
- C:\Windows\System\uHWtEGa.exe
  C:\Windows\System\uHWtEGa.exe
  2⤵
  PID:3976
- C:\Windows\System\cEudktx.exe
  C:\Windows\System\cEudktx.exe
  2⤵
  PID:3764
- C:\Windows\System\sVsJvrd.exe
  C:\Windows\System\sVsJvrd.exe
  2⤵
  PID:4072
- C:\Windows\System\jLNPJhQ.exe
  C:\Windows\System\jLNPJhQ.exe
  2⤵
  PID:2716
- C:\Windows\System\IPbYJOK.exe
  C:\Windows\System\IPbYJOK.exe
  2⤵
  PID:4308
- C:\Windows\System\TrXuncf.exe
  C:\Windows\System\TrXuncf.exe
  2⤵
  PID:4312
- C:\Windows\System\KSvuaKg.exe
  C:\Windows\System\KSvuaKg.exe
  2⤵
  PID:4352
- C:\Windows\System\qOiyPSA.exe
  C:\Windows\System\qOiyPSA.exe
  2⤵
  PID:4460
- C:\Windows\System\GLXagjK.exe
  C:\Windows\System\GLXagjK.exe
  2⤵
  PID:4500
- C:\Windows\System\QhBsaNZ.exe
  C:\Windows\System\QhBsaNZ.exe
  2⤵
  PID:4600
- C:\Windows\System\sOVaKXh.exe
  C:\Windows\System\sOVaKXh.exe
  2⤵
  PID:4572
- C:\Windows\System\PHKCnal.exe
  C:\Windows\System\PHKCnal.exe
  2⤵
  PID:4580
- C:\Windows\System\bTLAgvH.exe
  C:\Windows\System\bTLAgvH.exe
  2⤵
  PID:4656
- C:\Windows\System\wnjxVnK.exe
  C:\Windows\System\wnjxVnK.exe
  2⤵
  PID:2668
- C:\Windows\System\mAIBjyg.exe
  C:\Windows\System\mAIBjyg.exe
  2⤵
  PID:4840
- C:\Windows\System\ZbhMiQr.exe
  C:\Windows\System\ZbhMiQr.exe
  2⤵
  PID:4912
- C:\Windows\System\gnVbCXK.exe
  C:\Windows\System\gnVbCXK.exe
  2⤵
  PID:4812
- C:\Windows\System\gWpgNnF.exe
  C:\Windows\System\gWpgNnF.exe
  2⤵
  PID:4952
- C:\Windows\System\EnRbWpR.exe
  C:\Windows\System\EnRbWpR.exe
  2⤵
  PID:5036
- C:\Windows\System\VEGUESt.exe
  C:\Windows\System\VEGUESt.exe
  2⤵
  PID:5112
- C:\Windows\System\BkoxTmY.exe
  C:\Windows\System\BkoxTmY.exe
  2⤵
  PID:5076
- C:\Windows\System\XFQIHjg.exe
  C:\Windows\System\XFQIHjg.exe
  2⤵
  PID:5096
- C:\Windows\System\DGEsAmO.exe
  C:\Windows\System\DGEsAmO.exe
  2⤵
  PID:3576
- C:\Windows\System\tbpweDf.exe
  C:\Windows\System\tbpweDf.exe
  2⤵
  PID:4104
- C:\Windows\System\QaaCImB.exe
  C:\Windows\System\QaaCImB.exe
  2⤵
  PID:4240
- C:\Windows\System\RVfxWkX.exe
  C:\Windows\System\RVfxWkX.exe
  2⤵
  PID:4152
- C:\Windows\System\yaJopgp.exe
  C:\Windows\System\yaJopgp.exe
  2⤵
  PID:1912
- C:\Windows\System\rnqnzwM.exe
  C:\Windows\System\rnqnzwM.exe
  2⤵
  PID:1748
- C:\Windows\System\mKyeqjL.exe
  C:\Windows\System\mKyeqjL.exe
  2⤵
  PID:4040
- C:\Windows\System\sibirvM.exe
  C:\Windows\System\sibirvM.exe
  2⤵
  PID:4332
- C:\Windows\System\qaWYCfC.exe
  C:\Windows\System\qaWYCfC.exe
  2⤵
  PID:4400
- C:\Windows\System\QjAeKjk.exe
  C:\Windows\System\QjAeKjk.exe
  2⤵
  PID:5136
- C:\Windows\System\YHskYws.exe
  C:\Windows\System\YHskYws.exe
  2⤵
  PID:5156
- C:\Windows\System\WfAHvex.exe
  C:\Windows\System\WfAHvex.exe
  2⤵
  PID:5176
- C:\Windows\System\jQLNcOY.exe
  C:\Windows\System\jQLNcOY.exe
  2⤵
  PID:5196
- C:\Windows\System\KbzoyqM.exe
  C:\Windows\System\KbzoyqM.exe
  2⤵
  PID:5212
- C:\Windows\System\huwmqvt.exe
  C:\Windows\System\huwmqvt.exe
  2⤵
  PID:5236
- C:\Windows\System\LxnacCR.exe
  C:\Windows\System\LxnacCR.exe
  2⤵
  PID:5256
- C:\Windows\System\KfoAigM.exe
  C:\Windows\System\KfoAigM.exe
  2⤵
  PID:5276
- C:\Windows\System\gvGjVCF.exe
  C:\Windows\System\gvGjVCF.exe
  2⤵
  PID:5296
- C:\Windows\System\SrmJOrO.exe
  C:\Windows\System\SrmJOrO.exe
  2⤵
  PID:5316
- C:\Windows\System\pgVspFN.exe
  C:\Windows\System\pgVspFN.exe
  2⤵
  PID:5336
- C:\Windows\System\KUGEgov.exe
  C:\Windows\System\KUGEgov.exe
  2⤵
  PID:5356
- C:\Windows\System\cQKYNgK.exe
  C:\Windows\System\cQKYNgK.exe
  2⤵
  PID:5372
- C:\Windows\System\WLpjlPO.exe
  C:\Windows\System\WLpjlPO.exe
  2⤵
  PID:5396
- C:\Windows\System\UGNKpkK.exe
  C:\Windows\System\UGNKpkK.exe
  2⤵
  PID:5412
- C:\Windows\System\OwcgPkQ.exe
  C:\Windows\System\OwcgPkQ.exe
  2⤵
  PID:5436
- C:\Windows\System\sOrTqIM.exe
  C:\Windows\System\sOrTqIM.exe
  2⤵
  PID:5456
- C:\Windows\System\CzONtJX.exe
  C:\Windows\System\CzONtJX.exe
  2⤵
  PID:5476
- C:\Windows\System\OajliYp.exe
  C:\Windows\System\OajliYp.exe
  2⤵
  PID:5496
- C:\Windows\System\rqGKRNb.exe
  C:\Windows\System\rqGKRNb.exe
  2⤵
  PID:5516
- C:\Windows\System\UUOPvlH.exe
  C:\Windows\System\UUOPvlH.exe
  2⤵
  PID:5536
- C:\Windows\System\SzpLaZs.exe
  C:\Windows\System\SzpLaZs.exe
  2⤵
  PID:5556
- C:\Windows\System\yWKfZGp.exe
  C:\Windows\System\yWKfZGp.exe
  2⤵
  PID:5576
- C:\Windows\System\xMHGGSA.exe
  C:\Windows\System\xMHGGSA.exe
  2⤵
  PID:5596
- C:\Windows\System\tqUVRLP.exe
  C:\Windows\System\tqUVRLP.exe
  2⤵
  PID:5616
- C:\Windows\System\VineELX.exe
  C:\Windows\System\VineELX.exe
  2⤵
  PID:5636
- C:\Windows\System\ZUbUGen.exe
  C:\Windows\System\ZUbUGen.exe
  2⤵
  PID:5656
- C:\Windows\System\uIkRIlF.exe
  C:\Windows\System\uIkRIlF.exe
  2⤵
  PID:5676
- C:\Windows\System\mwimkre.exe
  C:\Windows\System\mwimkre.exe
  2⤵
  PID:5696
- C:\Windows\System\urWMahs.exe
  C:\Windows\System\urWMahs.exe
  2⤵
  PID:5720
- C:\Windows\System\kqQpVMT.exe
  C:\Windows\System\kqQpVMT.exe
  2⤵
  PID:5740
- C:\Windows\System\gRwFZBM.exe
  C:\Windows\System\gRwFZBM.exe
  2⤵
  PID:5760
- C:\Windows\System\hdFuGnT.exe
  C:\Windows\System\hdFuGnT.exe
  2⤵
  PID:5780
- C:\Windows\System\pBXQstM.exe
  C:\Windows\System\pBXQstM.exe
  2⤵
  PID:5800
- C:\Windows\System\FQcvEVL.exe
  C:\Windows\System\FQcvEVL.exe
  2⤵
  PID:5820
- C:\Windows\System\DrUgWHS.exe
  C:\Windows\System\DrUgWHS.exe
  2⤵
  PID:5840
- C:\Windows\System\oqIKeGb.exe
  C:\Windows\System\oqIKeGb.exe
  2⤵
  PID:5860
- C:\Windows\System\MZQfLUp.exe
  C:\Windows\System\MZQfLUp.exe
  2⤵
  PID:5880
- C:\Windows\System\efMxkfY.exe
  C:\Windows\System\efMxkfY.exe
  2⤵
  PID:5900
- C:\Windows\System\qHyFRzQ.exe
  C:\Windows\System\qHyFRzQ.exe
  2⤵
  PID:5920
- C:\Windows\System\uDzSjwa.exe
  C:\Windows\System\uDzSjwa.exe
  2⤵
  PID:5940
- C:\Windows\System\pHYlbWh.exe
  C:\Windows\System\pHYlbWh.exe
  2⤵
  PID:5960
- C:\Windows\System\kIxSzGB.exe
  C:\Windows\System\kIxSzGB.exe
  2⤵
  PID:5980
- C:\Windows\System\jfMtBra.exe
  C:\Windows\System\jfMtBra.exe
  2⤵
  PID:6000
- C:\Windows\System\fNVqlIw.exe
  C:\Windows\System\fNVqlIw.exe
  2⤵
  PID:6020
- C:\Windows\System\KkNifGI.exe
  C:\Windows\System\KkNifGI.exe
  2⤵
  PID:6040
- C:\Windows\System\TZZgSFQ.exe
  C:\Windows\System\TZZgSFQ.exe
  2⤵
  PID:6060
- C:\Windows\System\GANAzER.exe
  C:\Windows\System\GANAzER.exe
  2⤵
  PID:6080
- C:\Windows\System\RDhzxHJ.exe
  C:\Windows\System\RDhzxHJ.exe
  2⤵
  PID:6100
- C:\Windows\System\uRFPOUQ.exe
  C:\Windows\System\uRFPOUQ.exe
  2⤵
  PID:6120
- C:\Windows\System\skmsbfW.exe
  C:\Windows\System\skmsbfW.exe
  2⤵
  PID:6140
- C:\Windows\System\mWECsUT.exe
  C:\Windows\System\mWECsUT.exe
  2⤵
  PID:4552
- C:\Windows\System\sKwrTBH.exe
  C:\Windows\System\sKwrTBH.exe
  2⤵
  PID:4716
- C:\Windows\System\TCDAWni.exe
  C:\Windows\System\TCDAWni.exe
  2⤵
  PID:4576
- C:\Windows\System\KpKohBD.exe
  C:\Windows\System\KpKohBD.exe
  2⤵
  PID:4776
- C:\Windows\System\cLosvxE.exe
  C:\Windows\System\cLosvxE.exe
  2⤵
  PID:2884
- C:\Windows\System\jRKDeah.exe
  C:\Windows\System\jRKDeah.exe
  2⤵
  PID:4936
- C:\Windows\System\yVSteGT.exe
  C:\Windows\System\yVSteGT.exe
  2⤵
  PID:5072
- C:\Windows\System\krDGviU.exe
  C:\Windows\System\krDGviU.exe
  2⤵
  PID:3392
- C:\Windows\System\gYBYwbb.exe
  C:\Windows\System\gYBYwbb.exe
  2⤵
  PID:3672
- C:\Windows\System\waHmaGa.exe
  C:\Windows\System\waHmaGa.exe
  2⤵
  PID:3732
- C:\Windows\System\VbFIKsJ.exe
  C:\Windows\System\VbFIKsJ.exe
  2⤵
  PID:3600
- C:\Windows\System\NSffFWJ.exe
  C:\Windows\System\NSffFWJ.exe
  2⤵
  PID:4220
- C:\Windows\System\HjRobgS.exe
  C:\Windows\System\HjRobgS.exe
  2⤵
  PID:4348
- C:\Windows\System\iznOPlo.exe
  C:\Windows\System\iznOPlo.exe
  2⤵
  PID:5124
- C:\Windows\System\yHWdoOk.exe
  C:\Windows\System\yHWdoOk.exe
  2⤵
  PID:5128
- C:\Windows\System\qdbXKYg.exe
  C:\Windows\System\qdbXKYg.exe
  2⤵
  PID:5228
- C:\Windows\System\pZLKymw.exe
  C:\Windows\System\pZLKymw.exe
  2⤵
  PID:5168
- C:\Windows\System\QVecyoX.exe
  C:\Windows\System\QVecyoX.exe
  2⤵
  PID:5264
- C:\Windows\System\eKTxlFw.exe
  C:\Windows\System\eKTxlFw.exe
  2⤵
  PID:5304
- C:\Windows\System\AUUVcuH.exe
  C:\Windows\System\AUUVcuH.exe
  2⤵
  PID:5324
- C:\Windows\System\eFzZnHV.exe
  C:\Windows\System\eFzZnHV.exe
  2⤵
  PID:5328
- C:\Windows\System\SpINtHN.exe
  C:\Windows\System\SpINtHN.exe
  2⤵
  PID:5364
- C:\Windows\System\bXrRDzJ.exe
  C:\Windows\System\bXrRDzJ.exe
  2⤵
  PID:5432
- C:\Windows\System\iuXODWU.exe
  C:\Windows\System\iuXODWU.exe
  2⤵
  PID:5464
- C:\Windows\System\WlhDSJx.exe
  C:\Windows\System\WlhDSJx.exe
  2⤵
  PID:5484
- C:\Windows\System\fgbrsdw.exe
  C:\Windows\System\fgbrsdw.exe
  2⤵
  PID:5488
- C:\Windows\System\rdnXrkA.exe
  C:\Windows\System\rdnXrkA.exe
  2⤵
  PID:5552
- C:\Windows\System\LNFUqqI.exe
  C:\Windows\System\LNFUqqI.exe
  2⤵
  PID:5572
- C:\Windows\System\ysrPvlp.exe
  C:\Windows\System\ysrPvlp.exe
  2⤵
  PID:5612
- C:\Windows\System\cJuyWvN.exe
  C:\Windows\System\cJuyWvN.exe
  2⤵
  PID:5644
- C:\Windows\System\ETPnpVU.exe
  C:\Windows\System\ETPnpVU.exe
  2⤵
  PID:5668
- C:\Windows\System\sgmqUHs.exe
  C:\Windows\System\sgmqUHs.exe
  2⤵
  PID:5692
- C:\Windows\System\IyvLvbL.exe
  C:\Windows\System\IyvLvbL.exe
  2⤵
  PID:5736
- C:\Windows\System\wpECtBO.exe
  C:\Windows\System\wpECtBO.exe
  2⤵
  PID:5788
- C:\Windows\System\gEDxXje.exe
  C:\Windows\System\gEDxXje.exe
  2⤵
  PID:5808
- C:\Windows\System\manUtJQ.exe
  C:\Windows\System\manUtJQ.exe
  2⤵
  PID:5816
- C:\Windows\System\BKPHhCr.exe
  C:\Windows\System\BKPHhCr.exe
  2⤵
  PID:5856
- C:\Windows\System\uFFtsoS.exe
  C:\Windows\System\uFFtsoS.exe
  2⤵
  PID:5908
- C:\Windows\System\vODyoku.exe
  C:\Windows\System\vODyoku.exe
  2⤵
  PID:5948
- C:\Windows\System\QFhQUQv.exe
  C:\Windows\System\QFhQUQv.exe
  2⤵
  PID:5968
- C:\Windows\System\qywSqCM.exe
  C:\Windows\System\qywSqCM.exe
  2⤵
  PID:5992
- C:\Windows\System\hmMrQYK.exe
  C:\Windows\System\hmMrQYK.exe
  2⤵
  PID:6012
- C:\Windows\System\AZyDRgI.exe
  C:\Windows\System\AZyDRgI.exe
  2⤵
  PID:6052
- C:\Windows\System\vExZDin.exe
  C:\Windows\System\vExZDin.exe
  2⤵
  PID:6116
- C:\Windows\System\ZFRJjiI.exe
  C:\Windows\System\ZFRJjiI.exe
  2⤵
  PID:4456
- C:\Windows\System\LAyGcVf.exe
  C:\Windows\System\LAyGcVf.exe
  2⤵
  PID:4440
- C:\Windows\System\zbiAdmD.exe
  C:\Windows\System\zbiAdmD.exe
  2⤵
  PID:4692
- C:\Windows\System\AOIAWCM.exe
  C:\Windows\System\AOIAWCM.exe
  2⤵
  PID:4780
- C:\Windows\System\pZuXZuB.exe
  C:\Windows\System\pZuXZuB.exe
  2⤵
  PID:4956
- C:\Windows\System\TonywBA.exe
  C:\Windows\System\TonywBA.exe
  2⤵
  PID:4244
- C:\Windows\System\KlWojuD.exe
  C:\Windows\System\KlWojuD.exe
  2⤵
  PID:3172
- C:\Windows\System\YawxPgf.exe
  C:\Windows\System\YawxPgf.exe
  2⤵
  PID:3848
- C:\Windows\System\oSCItkM.exe
  C:\Windows\System\oSCItkM.exe
  2⤵
  PID:4264
- C:\Windows\System\apCSHbM.exe
  C:\Windows\System\apCSHbM.exe
  2⤵
  PID:4392
- C:\Windows\System\crFiWeS.exe
  C:\Windows\System\crFiWeS.exe
  2⤵
  PID:5188
- C:\Windows\System\Biefuvf.exe
  C:\Windows\System\Biefuvf.exe
  2⤵
  PID:5244
- C:\Windows\System\zkSGCZV.exe
  C:\Windows\System\zkSGCZV.exe
  2⤵
  PID:5308
- C:\Windows\System\tqvPUDc.exe
  C:\Windows\System\tqvPUDc.exe
  2⤵
  PID:5368
- C:\Windows\System\SrkkcNQ.exe
  C:\Windows\System\SrkkcNQ.exe
  2⤵
  PID:5392
- C:\Windows\System\GjysDag.exe
  C:\Windows\System\GjysDag.exe
  2⤵
  PID:5448
- C:\Windows\System\ybqadtn.exe
  C:\Windows\System\ybqadtn.exe
  2⤵
  PID:5528
- C:\Windows\System\WozKvqa.exe
  C:\Windows\System\WozKvqa.exe
  2⤵
  PID:5604
- C:\Windows\System\DbpPCDb.exe
  C:\Windows\System\DbpPCDb.exe
  2⤵
  PID:5664
- C:\Windows\System\wwJfpDv.exe
  C:\Windows\System\wwJfpDv.exe
  2⤵
  PID:5672
- C:\Windows\System\CUGNahu.exe
  C:\Windows\System\CUGNahu.exe
  2⤵
  PID:5732
- C:\Windows\System\drSOjCD.exe
  C:\Windows\System\drSOjCD.exe
  2⤵
  PID:5848
- C:\Windows\System\yaDrVFn.exe
  C:\Windows\System\yaDrVFn.exe
  2⤵
  PID:5832
- C:\Windows\System\DBDiLiT.exe
  C:\Windows\System\DBDiLiT.exe
  2⤵
  PID:5912
- C:\Windows\System\ipZbAbl.exe
  C:\Windows\System\ipZbAbl.exe
  2⤵
  PID:5952
- C:\Windows\System\GVwADdv.exe
  C:\Windows\System\GVwADdv.exe
  2⤵
  PID:6036
- C:\Windows\System\ygyVIHr.exe
  C:\Windows\System\ygyVIHr.exe
  2⤵
  PID:6096
- C:\Windows\System\wXNFGBT.exe
  C:\Windows\System\wXNFGBT.exe
  2⤵
  PID:6108
- C:\Windows\System\EOkadhX.exe
  C:\Windows\System\EOkadhX.exe
  2⤵
  PID:6132
- C:\Windows\System\fCrNPyJ.exe
  C:\Windows\System\fCrNPyJ.exe
  2⤵
  PID:4836
- C:\Windows\System\euydcdv.exe
  C:\Windows\System\euydcdv.exe
  2⤵
  PID:4976
- C:\Windows\System\ApieEzk.exe
  C:\Windows\System\ApieEzk.exe
  2⤵
  PID:3268
- C:\Windows\System\IuhcmIq.exe
  C:\Windows\System\IuhcmIq.exe
  2⤵
  PID:5152
- C:\Windows\System\kJjyfrg.exe
  C:\Windows\System\kJjyfrg.exe
  2⤵
  PID:5132
- C:\Windows\System\sHYQhxe.exe
  C:\Windows\System\sHYQhxe.exe
  2⤵
  PID:5272
- C:\Windows\System\SIPqgCX.exe
  C:\Windows\System\SIPqgCX.exe
  2⤵
  PID:2860
- C:\Windows\System\iNIkGvK.exe
  C:\Windows\System\iNIkGvK.exe
  2⤵
  PID:5544
- C:\Windows\System\xIQJGNR.exe
  C:\Windows\System\xIQJGNR.exe
  2⤵
  PID:6152
- C:\Windows\System\glYKTTS.exe
  C:\Windows\System\glYKTTS.exe
  2⤵
  PID:6172
- C:\Windows\System\jgYuFQX.exe
  C:\Windows\System\jgYuFQX.exe
  2⤵
  PID:6192
- C:\Windows\System\JxkOvWj.exe
  C:\Windows\System\JxkOvWj.exe
  2⤵
  PID:6212
- C:\Windows\System\xskKswE.exe
  C:\Windows\System\xskKswE.exe
  2⤵
  PID:6232
- C:\Windows\System\XoAqFAT.exe
  C:\Windows\System\XoAqFAT.exe
  2⤵
  PID:6252
- C:\Windows\System\XPzGgcT.exe
  C:\Windows\System\XPzGgcT.exe
  2⤵
  PID:6272
- C:\Windows\System\cCTMFcM.exe
  C:\Windows\System\cCTMFcM.exe
  2⤵
  PID:6292
- C:\Windows\System\JDHnXLH.exe
  C:\Windows\System\JDHnXLH.exe
  2⤵
  PID:6312
- C:\Windows\System\yOrlbVu.exe
  C:\Windows\System\yOrlbVu.exe
  2⤵
  PID:6332
- C:\Windows\System\MVYrkKb.exe
  C:\Windows\System\MVYrkKb.exe
  2⤵
  PID:6352
- C:\Windows\System\Kizlvze.exe
  C:\Windows\System\Kizlvze.exe
  2⤵
  PID:6368
- C:\Windows\System\OpXoSyS.exe
  C:\Windows\System\OpXoSyS.exe
  2⤵
  PID:6388
- C:\Windows\System\ffNKxbS.exe
  C:\Windows\System\ffNKxbS.exe
  2⤵
  PID:6404
- C:\Windows\System\XBOzxRT.exe
  C:\Windows\System\XBOzxRT.exe
  2⤵
  PID:6428
- C:\Windows\System\UjrZhjt.exe
  C:\Windows\System\UjrZhjt.exe
  2⤵
  PID:6452
- C:\Windows\System\iXienzL.exe
  C:\Windows\System\iXienzL.exe
  2⤵
  PID:6468
- C:\Windows\System\XQyQzQj.exe
  C:\Windows\System\XQyQzQj.exe
  2⤵
  PID:6488
- C:\Windows\System\RXIiqnx.exe
  C:\Windows\System\RXIiqnx.exe
  2⤵
  PID:6508
- C:\Windows\System\kuuvSfS.exe
  C:\Windows\System\kuuvSfS.exe
  2⤵
  PID:6524
- C:\Windows\System\jyhQFNO.exe
  C:\Windows\System\jyhQFNO.exe
  2⤵
  PID:6552
- C:\Windows\System\BZXqcHG.exe
  C:\Windows\System\BZXqcHG.exe
  2⤵
  PID:6572
- C:\Windows\System\dBqnFTG.exe
  C:\Windows\System\dBqnFTG.exe
  2⤵
  PID:6592
- C:\Windows\System\vEHYdJh.exe
  C:\Windows\System\vEHYdJh.exe
  2⤵
  PID:6612
- C:\Windows\System\QXWVlDg.exe
  C:\Windows\System\QXWVlDg.exe
  2⤵
  PID:6628
- C:\Windows\System\KFzayTH.exe
  C:\Windows\System\KFzayTH.exe
  2⤵
  PID:6656
- C:\Windows\System\OeWeSew.exe
  C:\Windows\System\OeWeSew.exe
  2⤵
  PID:6676
- C:\Windows\System\ykgosmk.exe
  C:\Windows\System\ykgosmk.exe
  2⤵
  PID:6696
- C:\Windows\System\RVFFVri.exe
  C:\Windows\System\RVFFVri.exe
  2⤵
  PID:6716
- C:\Windows\System\AleFCJj.exe
  C:\Windows\System\AleFCJj.exe
  2⤵
  PID:6732
- C:\Windows\System\CyxoQGh.exe
  C:\Windows\System\CyxoQGh.exe
  2⤵
  PID:6752
- C:\Windows\System\NskYtWW.exe
  C:\Windows\System\NskYtWW.exe
  2⤵
  PID:6776
- C:\Windows\System\tLtLOTO.exe
  C:\Windows\System\tLtLOTO.exe
  2⤵
  PID:6796
- C:\Windows\System\UfRtOdF.exe
  C:\Windows\System\UfRtOdF.exe
  2⤵
  PID:6816
- C:\Windows\System\QmDKGXH.exe
  C:\Windows\System\QmDKGXH.exe
  2⤵
  PID:6836
- C:\Windows\System\inkqNFj.exe
  C:\Windows\System\inkqNFj.exe
  2⤵
  PID:6856
- C:\Windows\System\UCPZIiF.exe
  C:\Windows\System\UCPZIiF.exe
  2⤵
  PID:6876
- C:\Windows\System\FcGPLsQ.exe
  C:\Windows\System\FcGPLsQ.exe
  2⤵
  PID:6896
- C:\Windows\System\DyxHlsa.exe
  C:\Windows\System\DyxHlsa.exe
  2⤵
  PID:6916
- C:\Windows\System\bhcLbqN.exe
  C:\Windows\System\bhcLbqN.exe
  2⤵
  PID:6936
- C:\Windows\System\yDBZUUu.exe
  C:\Windows\System\yDBZUUu.exe
  2⤵
  PID:6956
- C:\Windows\System\zpVswMv.exe
  C:\Windows\System\zpVswMv.exe
  2⤵
  PID:6976
- C:\Windows\System\KgjiRVq.exe
  C:\Windows\System\KgjiRVq.exe
  2⤵
  PID:6996
- C:\Windows\System\HclYZTz.exe
  C:\Windows\System\HclYZTz.exe
  2⤵
  PID:7016
- C:\Windows\System\YUGovea.exe
  C:\Windows\System\YUGovea.exe
  2⤵
  PID:7036
- C:\Windows\System\iZchOlI.exe
  C:\Windows\System\iZchOlI.exe
  2⤵
  PID:7056
- C:\Windows\System\xFiJRoc.exe
  C:\Windows\System\xFiJRoc.exe
  2⤵
  PID:7076
- C:\Windows\System\RWtapgK.exe
  C:\Windows\System\RWtapgK.exe
  2⤵
  PID:7096
- C:\Windows\System\sZLXcpZ.exe
  C:\Windows\System\sZLXcpZ.exe
  2⤵
  PID:7116
- C:\Windows\System\ltBARiQ.exe
  C:\Windows\System\ltBARiQ.exe
  2⤵
  PID:7136
- C:\Windows\System\nuIcGlp.exe
  C:\Windows\System\nuIcGlp.exe
  2⤵
  PID:7156
- C:\Windows\System\MalgsGW.exe
  C:\Windows\System\MalgsGW.exe
  2⤵
  PID:5508
- C:\Windows\System\pcQloUs.exe
  C:\Windows\System\pcQloUs.exe
  2⤵
  PID:5632
- C:\Windows\System\FwKCuXU.exe
  C:\Windows\System\FwKCuXU.exe
  2⤵
  PID:5768
- C:\Windows\System\dSIUsvv.exe
  C:\Windows\System\dSIUsvv.exe
  2⤵
  PID:1512
- C:\Windows\System\fwjVCxV.exe
  C:\Windows\System\fwjVCxV.exe
  2⤵
  PID:5932
- C:\Windows\System\AFDCncF.exe
  C:\Windows\System\AFDCncF.exe
  2⤵
  PID:5972
- C:\Windows\System\CbJttaJ.exe
  C:\Windows\System\CbJttaJ.exe
  2⤵
  PID:6136
- C:\Windows\System\pZRCHnk.exe
  C:\Windows\System\pZRCHnk.exe
  2⤵
  PID:6088
- C:\Windows\System\vPmWZpa.exe
  C:\Windows\System\vPmWZpa.exe
  2⤵
  PID:4288
- C:\Windows\System\rpZhRpX.exe
  C:\Windows\System\rpZhRpX.exe
  2⤵
  PID:5288
- C:\Windows\System\LfVQrwe.exe
  C:\Windows\System\LfVQrwe.exe
  2⤵
  PID:5348
- C:\Windows\System\vZhoRdC.exe
  C:\Windows\System\vZhoRdC.exe
  2⤵
  PID:5352
- C:\Windows\System\uxMvaax.exe
  C:\Windows\System\uxMvaax.exe
  2⤵
  PID:6168
- C:\Windows\System\UyuOCDY.exe
  C:\Windows\System\UyuOCDY.exe
  2⤵
  PID:6200
- C:\Windows\System\WCqKPOo.exe
  C:\Windows\System\WCqKPOo.exe
  2⤵
  PID:6248
- C:\Windows\System\MwzLytw.exe
  C:\Windows\System\MwzLytw.exe
  2⤵
  PID:6228
- C:\Windows\System\KDTJyxT.exe
  C:\Windows\System\KDTJyxT.exe
  2⤵
  PID:6260
- C:\Windows\System\VOevxtb.exe
  C:\Windows\System\VOevxtb.exe
  2⤵
  PID:6328
- C:\Windows\System\RYQRAjh.exe
  C:\Windows\System\RYQRAjh.exe
  2⤵
  PID:6360
- C:\Windows\System\NShaQBF.exe
  C:\Windows\System\NShaQBF.exe
  2⤵
  PID:6376
- C:\Windows\System\dLxCMWa.exe
  C:\Windows\System\dLxCMWa.exe
  2⤵
  PID:6440
- C:\Windows\System\xXzzrbY.exe
  C:\Windows\System\xXzzrbY.exe
  2⤵
  PID:6420
- C:\Windows\System\RcFofqj.exe
  C:\Windows\System\RcFofqj.exe
  2⤵
  PID:6460
- C:\Windows\System\IdHvewn.exe
  C:\Windows\System\IdHvewn.exe
  2⤵
  PID:6496
- C:\Windows\System\EVBXRhC.exe
  C:\Windows\System\EVBXRhC.exe
  2⤵
  PID:6540
- C:\Windows\System\AMNaDJn.exe
  C:\Windows\System\AMNaDJn.exe
  2⤵
  PID:6588
- C:\Windows\System\STunKMG.exe
  C:\Windows\System\STunKMG.exe
  2⤵
  PID:6604
- C:\Windows\System\iwfGccy.exe
  C:\Windows\System\iwfGccy.exe
  2⤵
  PID:6624
- C:\Windows\System\aDLNktx.exe
  C:\Windows\System\aDLNktx.exe
  2⤵
  PID:6688
- C:\Windows\System\jdjfSjV.exe
  C:\Windows\System\jdjfSjV.exe
  2⤵
  PID:6724
- C:\Windows\System\aVKFkGn.exe
  C:\Windows\System\aVKFkGn.exe
  2⤵
  PID:6772
- C:\Windows\System\SvNZsbf.exe
  C:\Windows\System\SvNZsbf.exe
  2⤵
  PID:6744
- C:\Windows\System\lDmmJcV.exe
  C:\Windows\System\lDmmJcV.exe
  2⤵
  PID:6788
- C:\Windows\System\tRZKNex.exe
  C:\Windows\System\tRZKNex.exe
  2⤵
  PID:6832
- C:\Windows\System\FcuUVkt.exe
  C:\Windows\System\FcuUVkt.exe
  2⤵
  PID:6888
- C:\Windows\System\aiAJEFN.exe
  C:\Windows\System\aiAJEFN.exe
  2⤵
  PID:6924
- C:\Windows\System\EyabRqL.exe
  C:\Windows\System\EyabRqL.exe
  2⤵
  PID:6932
- C:\Windows\System\lNQkqgr.exe
  C:\Windows\System\lNQkqgr.exe
  2⤵
  PID:7004
- C:\Windows\System\SrCUKWn.exe
  C:\Windows\System\SrCUKWn.exe
  2⤵
  PID:6988
- C:\Windows\System\uQDhlxX.exe
  C:\Windows\System\uQDhlxX.exe
  2⤵
  PID:7024
- C:\Windows\System\dYoiwjX.exe
  C:\Windows\System\dYoiwjX.exe
  2⤵
  PID:2044
- C:\Windows\System\YlOQZVS.exe
  C:\Windows\System\YlOQZVS.exe
  2⤵
  PID:7128
- C:\Windows\System\rvRYQup.exe
  C:\Windows\System\rvRYQup.exe
  2⤵
  PID:7112
- C:\Windows\System\atIwYfR.exe
  C:\Windows\System\atIwYfR.exe
  2⤵
  PID:5748
- C:\Windows\System\QmyJdkL.exe
  C:\Windows\System\QmyJdkL.exe
  2⤵
  PID:7144
- C:\Windows\System\JyDaFie.exe
  C:\Windows\System\JyDaFie.exe
  2⤵
  PID:5624
- C:\Windows\System\OHGxEzu.exe
  C:\Windows\System\OHGxEzu.exe
  2⤵
  PID:2984
- C:\Windows\System\DRzBVRZ.exe
  C:\Windows\System\DRzBVRZ.exe
  2⤵
  PID:3156
- C:\Windows\System\hmfXTmJ.exe
  C:\Windows\System\hmfXTmJ.exe
  2⤵
  PID:5248
- C:\Windows\System\iVhbBhi.exe
  C:\Windows\System\iVhbBhi.exe
  2⤵
  PID:5532
- C:\Windows\System\hEiSYNn.exe
  C:\Windows\System\hEiSYNn.exe
  2⤵
  PID:4992
- C:\Windows\System\FEpyqis.exe
  C:\Windows\System\FEpyqis.exe
  2⤵
  PID:5224
- C:\Windows\System\tmWaUAj.exe
  C:\Windows\System\tmWaUAj.exe
  2⤵
  PID:6288
- C:\Windows\System\WhfdwIe.exe
  C:\Windows\System\WhfdwIe.exe
  2⤵
  PID:6436
- C:\Windows\System\gVkUHYu.exe
  C:\Windows\System\gVkUHYu.exe
  2⤵
  PID:6384
- C:\Windows\System\iWwZriO.exe
  C:\Windows\System\iWwZriO.exe
  2⤵
  PID:6344
- C:\Windows\System\hjOJBAU.exe
  C:\Windows\System\hjOJBAU.exe
  2⤵
  PID:2220
- C:\Windows\System\SCQuaVr.exe
  C:\Windows\System\SCQuaVr.exe
  2⤵
  PID:6516
- C:\Windows\System\MfbMEpH.exe
  C:\Windows\System\MfbMEpH.exe
  2⤵
  PID:1620
- C:\Windows\System\SlVyzZw.exe
  C:\Windows\System\SlVyzZw.exe
  2⤵
  PID:6532
- C:\Windows\System\zBKUAxR.exe
  C:\Windows\System\zBKUAxR.exe
  2⤵
  PID:6708
- C:\Windows\System\OPkRNSQ.exe
  C:\Windows\System\OPkRNSQ.exe
  2⤵
  PID:6668
- C:\Windows\System\EBhZcEA.exe
  C:\Windows\System\EBhZcEA.exe
  2⤵
  PID:2104
- C:\Windows\System\ODoMCeE.exe
  C:\Windows\System\ODoMCeE.exe
  2⤵
  PID:6844
- C:\Windows\System\rNhRfJT.exe
  C:\Windows\System\rNhRfJT.exe
  2⤵
  PID:6908
- C:\Windows\System\tgdZnzJ.exe
  C:\Windows\System\tgdZnzJ.exe
  2⤵
  PID:6868
- C:\Windows\System\yzhIxOv.exe
  C:\Windows\System\yzhIxOv.exe
  2⤵
  PID:6964
- C:\Windows\System\aChixxK.exe
  C:\Windows\System\aChixxK.exe
  2⤵
  PID:6972
- C:\Windows\System\RqyQMrE.exe
  C:\Windows\System\RqyQMrE.exe
  2⤵
  PID:7124
- C:\Windows\System\ltibtoP.exe
  C:\Windows\System\ltibtoP.exe
  2⤵
  PID:5896
- C:\Windows\System\ASNVsEK.exe
  C:\Windows\System\ASNVsEK.exe
  2⤵
  PID:5592
- C:\Windows\System\FxgzaMK.exe
  C:\Windows\System\FxgzaMK.exe
  2⤵
  PID:5588
- C:\Windows\System\BaqsaZF.exe
  C:\Windows\System\BaqsaZF.exe
  2⤵
  PID:6076
- C:\Windows\System\GXcvNIG.exe
  C:\Windows\System\GXcvNIG.exe
  2⤵
  PID:4720
- C:\Windows\System\yoGRCIj.exe
  C:\Windows\System\yoGRCIj.exe
  2⤵
  PID:5332
- C:\Windows\System\NhBBAEY.exe
  C:\Windows\System\NhBBAEY.exe
  2⤵
  PID:5452
- C:\Windows\System\sycPGMu.exe
  C:\Windows\System\sycPGMu.exe
  2⤵
  PID:6304
- C:\Windows\System\epkmYYI.exe
  C:\Windows\System\epkmYYI.exe
  2⤵
  PID:6484
- C:\Windows\System\MRiGWhN.exe
  C:\Windows\System\MRiGWhN.exe
  2⤵
  PID:6600
- C:\Windows\System\dPCmUbb.exe
  C:\Windows\System\dPCmUbb.exe
  2⤵
  PID:6320
- C:\Windows\System\vIbwwgE.exe
  C:\Windows\System\vIbwwgE.exe
  2⤵
  PID:2652
- C:\Windows\System\laFqJrC.exe
  C:\Windows\System\laFqJrC.exe
  2⤵
  PID:2696
- C:\Windows\System\KAkkTti.exe
  C:\Windows\System\KAkkTti.exe
  2⤵
  PID:6648
- C:\Windows\System\rDIgSDL.exe
  C:\Windows\System\rDIgSDL.exe
  2⤵
  PID:6792
- C:\Windows\System\UZqyUVc.exe
  C:\Windows\System\UZqyUVc.exe
  2⤵
  PID:6848
- C:\Windows\System\caqNsGT.exe
  C:\Windows\System\caqNsGT.exe
  2⤵
  PID:7044
- C:\Windows\System\ARhVZsQ.exe
  C:\Windows\System\ARhVZsQ.exe
  2⤵
  PID:7092
- C:\Windows\System\rJdcNAl.exe
  C:\Windows\System\rJdcNAl.exe
  2⤵
  PID:7164
- C:\Windows\System\SrtjdOL.exe
  C:\Windows\System\SrtjdOL.exe
  2⤵
  PID:7104
- C:\Windows\System\KlBnAVX.exe
  C:\Windows\System\KlBnAVX.exe
  2⤵
  PID:6160
- C:\Windows\System\rXbMIHL.exe
  C:\Windows\System\rXbMIHL.exe
  2⤵
  PID:6308
- C:\Windows\System\GVaxqTE.exe
  C:\Windows\System\GVaxqTE.exe
  2⤵
  PID:2672
- C:\Windows\System\zQDJAJW.exe
  C:\Windows\System\zQDJAJW.exe
  2⤵
  PID:6348
- C:\Windows\System\jfXVplJ.exe
  C:\Windows\System\jfXVplJ.exe
  2⤵
  PID:6548
- C:\Windows\System\uBZFpwv.exe
  C:\Windows\System\uBZFpwv.exe
  2⤵
  PID:844
- C:\Windows\System\KwFhqxn.exe
  C:\Windows\System\KwFhqxn.exe
  2⤵
  PID:6764
- C:\Windows\System\mrfRvdf.exe
  C:\Windows\System\mrfRvdf.exe
  2⤵
  PID:6968
- C:\Windows\System\nPgUXPc.exe
  C:\Windows\System\nPgUXPc.exe
  2⤵
  PID:5716
- C:\Windows\System\IgNuyHZ.exe
  C:\Windows\System\IgNuyHZ.exe
  2⤵
  PID:6912
- C:\Windows\System\rGsvKoQ.exe
  C:\Windows\System\rGsvKoQ.exe
  2⤵
  PID:2728
- C:\Windows\System\DoIchBn.exe
  C:\Windows\System\DoIchBn.exe
  2⤵
  PID:7180
- C:\Windows\System\gyqUskk.exe
  C:\Windows\System\gyqUskk.exe
  2⤵
  PID:7200
- C:\Windows\System\xLDZJia.exe
  C:\Windows\System\xLDZJia.exe
  2⤵
  PID:7220
- C:\Windows\System\GuTUZVw.exe
  C:\Windows\System\GuTUZVw.exe
  2⤵
  PID:7240
- C:\Windows\System\YGfTawq.exe
  C:\Windows\System\YGfTawq.exe
  2⤵
  PID:7260
- C:\Windows\System\YeANjkt.exe
  C:\Windows\System\YeANjkt.exe
  2⤵
  PID:7280
- C:\Windows\System\wdPwrJB.exe
  C:\Windows\System\wdPwrJB.exe
  2⤵
  PID:7300
- C:\Windows\System\Gppvacl.exe
  C:\Windows\System\Gppvacl.exe
  2⤵
  PID:7320
- C:\Windows\System\CtAQuBz.exe
  C:\Windows\System\CtAQuBz.exe
  2⤵
  PID:7340
- C:\Windows\System\lldRBAP.exe
  C:\Windows\System\lldRBAP.exe
  2⤵
  PID:7360
- C:\Windows\System\BxRscyX.exe
  C:\Windows\System\BxRscyX.exe
  2⤵
  PID:7380
- C:\Windows\System\VhacegV.exe
  C:\Windows\System\VhacegV.exe
  2⤵
  PID:7400
- C:\Windows\System\sAAIsnD.exe
  C:\Windows\System\sAAIsnD.exe
  2⤵
  PID:7416
- C:\Windows\System\Aaxwwxb.exe
  C:\Windows\System\Aaxwwxb.exe
  2⤵
  PID:7440
- C:\Windows\System\bdOiVIJ.exe
  C:\Windows\System\bdOiVIJ.exe
  2⤵
  PID:7460
- C:\Windows\System\MUDAFLa.exe
  C:\Windows\System\MUDAFLa.exe
  2⤵
  PID:7480
- C:\Windows\System\WAHuTdW.exe
  C:\Windows\System\WAHuTdW.exe
  2⤵
  PID:7500
- C:\Windows\System\orYFJWv.exe
  C:\Windows\System\orYFJWv.exe
  2⤵
  PID:7520
- C:\Windows\System\misuMrB.exe
  C:\Windows\System\misuMrB.exe
  2⤵
  PID:7540
- C:\Windows\System\IwkIGdX.exe
  C:\Windows\System\IwkIGdX.exe
  2⤵
  PID:7556
- C:\Windows\System\zkRJKmn.exe
  C:\Windows\System\zkRJKmn.exe
  2⤵
  PID:7580
- C:\Windows\System\RaiKwRO.exe
  C:\Windows\System\RaiKwRO.exe
  2⤵
  PID:7600
- C:\Windows\System\gmdjGSL.exe
  C:\Windows\System\gmdjGSL.exe
  2⤵
  PID:7620
- C:\Windows\System\ZYVPBKs.exe
  C:\Windows\System\ZYVPBKs.exe
  2⤵
  PID:7636
- C:\Windows\System\HkMjsgV.exe
  C:\Windows\System\HkMjsgV.exe
  2⤵
  PID:7660
- C:\Windows\System\rZpoLtF.exe
  C:\Windows\System\rZpoLtF.exe
  2⤵
  PID:7680
- C:\Windows\System\womVKqQ.exe
  C:\Windows\System\womVKqQ.exe
  2⤵
  PID:7700
- C:\Windows\System\DYoYrpV.exe
  C:\Windows\System\DYoYrpV.exe
  2⤵
  PID:7720
- C:\Windows\System\POYBpgX.exe
  C:\Windows\System\POYBpgX.exe
  2⤵
  PID:7736
- C:\Windows\System\iuBsFqt.exe
  C:\Windows\System\iuBsFqt.exe
  2⤵
  PID:7760
- C:\Windows\System\qXwrpCI.exe
  C:\Windows\System\qXwrpCI.exe
  2⤵
  PID:7780
- C:\Windows\System\EhfngQY.exe
  C:\Windows\System\EhfngQY.exe
  2⤵
  PID:7800
- C:\Windows\System\ZlMNiLJ.exe
  C:\Windows\System\ZlMNiLJ.exe
  2⤵
  PID:7820
- C:\Windows\System\AdSSnif.exe
  C:\Windows\System\AdSSnif.exe
  2⤵
  PID:7836
- C:\Windows\System\CHeDGxz.exe
  C:\Windows\System\CHeDGxz.exe
  2⤵
  PID:7860
- C:\Windows\System\MRmlSgd.exe
  C:\Windows\System\MRmlSgd.exe
  2⤵
  PID:7880
- C:\Windows\System\VYTwxmc.exe
  C:\Windows\System\VYTwxmc.exe
  2⤵
  PID:7900
- C:\Windows\System\qodcJeN.exe
  C:\Windows\System\qodcJeN.exe
  2⤵
  PID:7920
- C:\Windows\System\rESHheV.exe
  C:\Windows\System\rESHheV.exe
  2⤵
  PID:7940
- C:\Windows\System\rbjpmLO.exe
  C:\Windows\System\rbjpmLO.exe
  2⤵
  PID:7964
- C:\Windows\System\BTPFUAc.exe
  C:\Windows\System\BTPFUAc.exe
  2⤵
  PID:7984
- C:\Windows\System\iwGKyvW.exe
  C:\Windows\System\iwGKyvW.exe
  2⤵
  PID:8000
- C:\Windows\System\snkQgIC.exe
  C:\Windows\System\snkQgIC.exe
  2⤵
  PID:8020
- C:\Windows\System\LvNWvsz.exe
  C:\Windows\System\LvNWvsz.exe
  2⤵
  PID:8040
- C:\Windows\System\QupOQLk.exe
  C:\Windows\System\QupOQLk.exe
  2⤵
  PID:8056
- C:\Windows\System\OYppjAd.exe
  C:\Windows\System\OYppjAd.exe
  2⤵
  PID:8080
- C:\Windows\System\KhQZPJs.exe
  C:\Windows\System\KhQZPJs.exe
  2⤵
  PID:8100
- C:\Windows\System\iqpOLwV.exe
  C:\Windows\System\iqpOLwV.exe
  2⤵
  PID:8120
- C:\Windows\System\uOPmpjx.exe
  C:\Windows\System\uOPmpjx.exe
  2⤵
  PID:8136
- C:\Windows\System\SqlEFHz.exe
  C:\Windows\System\SqlEFHz.exe
  2⤵
  PID:8160
- C:\Windows\System\ZMWNlVt.exe
  C:\Windows\System\ZMWNlVt.exe
  2⤵
  PID:8184
- C:\Windows\System\FhXygSp.exe
  C:\Windows\System\FhXygSp.exe
  2⤵
  PID:5492
- C:\Windows\System\YviWUAy.exe
  C:\Windows\System\YviWUAy.exe
  2⤵
  PID:2684
- C:\Windows\System\lMTrTwS.exe
  C:\Windows\System\lMTrTwS.exe
  2⤵
  PID:6148
- C:\Windows\System\TTLSWvS.exe
  C:\Windows\System\TTLSWvS.exe
  2⤵
  PID:6992
- C:\Windows\System\SVDLfyy.exe
  C:\Windows\System\SVDLfyy.exe
  2⤵
  PID:1764
- C:\Windows\System\bwSXFLR.exe
  C:\Windows\System\bwSXFLR.exe
  2⤵
  PID:6396
- C:\Windows\System\VtcJVOT.exe
  C:\Windows\System\VtcJVOT.exe
  2⤵
  PID:2732
- C:\Windows\System\DDpkoGj.exe
  C:\Windows\System\DDpkoGj.exe
  2⤵
  PID:7208
- C:\Windows\System\dtJWkeV.exe
  C:\Windows\System\dtJWkeV.exe
  2⤵
  PID:7212
- C:\Windows\System\IdDCIyR.exe
  C:\Windows\System\IdDCIyR.exe
  2⤵
  PID:7252
- C:\Windows\System\SCUUAxa.exe
  C:\Windows\System\SCUUAxa.exe
  2⤵
  PID:7276
- C:\Windows\System\hfQmdRe.exe
  C:\Windows\System\hfQmdRe.exe
  2⤵
  PID:7336
- C:\Windows\System\SPxDTen.exe
  C:\Windows\System\SPxDTen.exe
  2⤵
  PID:7368
- C:\Windows\System\EvqxFOl.exe
  C:\Windows\System\EvqxFOl.exe
  2⤵
  PID:7352
- C:\Windows\System\fcTBWtD.exe
  C:\Windows\System\fcTBWtD.exe
  2⤵
  PID:7392
- C:\Windows\System\aGitWOU.exe
  C:\Windows\System\aGitWOU.exe
  2⤵
  PID:7424
- C:\Windows\System\sAnFKga.exe
  C:\Windows\System\sAnFKga.exe
  2⤵
  PID:7488
- C:\Windows\System\szWHvxx.exe
  C:\Windows\System\szWHvxx.exe
  2⤵
  PID:7492
- C:\Windows\System\otQCnjT.exe
  C:\Windows\System\otQCnjT.exe
  2⤵
  PID:7508
- C:\Windows\System\FcGQqWj.exe
  C:\Windows\System\FcGQqWj.exe
  2⤵
  PID:7572
- C:\Windows\System\mozEHdR.exe
  C:\Windows\System\mozEHdR.exe
  2⤵
  PID:7612
- C:\Windows\System\OcZIcYw.exe
  C:\Windows\System\OcZIcYw.exe
  2⤵
  PID:7644
- C:\Windows\System\mMCmRca.exe
  C:\Windows\System\mMCmRca.exe
  2⤵
  PID:7632
- C:\Windows\System\lmSKbxc.exe
  C:\Windows\System\lmSKbxc.exe
  2⤵
  PID:7676
- C:\Windows\System\dVRpPGC.exe
  C:\Windows\System\dVRpPGC.exe
  2⤵
  PID:7768
- C:\Windows\System\QjfjHQd.exe
  C:\Windows\System\QjfjHQd.exe
  2⤵
  PID:7712
- C:\Windows\System\zVGVqQL.exe
  C:\Windows\System\zVGVqQL.exe
  2⤵
  PID:7812
- C:\Windows\System\AZVnIVs.exe
  C:\Windows\System\AZVnIVs.exe
  2⤵
  PID:7788
- C:\Windows\System\bmPOoxT.exe
  C:\Windows\System\bmPOoxT.exe
  2⤵
  PID:7888
- C:\Windows\System\RZQGSIz.exe
  C:\Windows\System\RZQGSIz.exe
  2⤵
  PID:7928
- C:\Windows\System\NlJDjGC.exe
  C:\Windows\System\NlJDjGC.exe
  2⤵
  PID:7876
- C:\Windows\System\gGyQczI.exe
  C:\Windows\System\gGyQczI.exe
  2⤵
  PID:7980
- C:\Windows\System\RLclqjR.exe
  C:\Windows\System\RLclqjR.exe
  2⤵
  PID:8012
- C:\Windows\System\urlUHgP.exe
  C:\Windows\System\urlUHgP.exe
  2⤵
  PID:7960
- C:\Windows\System\gsHRMwC.exe
  C:\Windows\System\gsHRMwC.exe
  2⤵
  PID:8032
- C:\Windows\System\HMwwMWN.exe
  C:\Windows\System\HMwwMWN.exe
  2⤵
  PID:8128
- C:\Windows\System\TgGKATk.exe
  C:\Windows\System\TgGKATk.exe
  2⤵
  PID:8172
- C:\Windows\System\eSJoRBG.exe
  C:\Windows\System\eSJoRBG.exe
  2⤵
  PID:8116
- C:\Windows\System\frRkVvn.exe
  C:\Windows\System\frRkVvn.exe
  2⤵
  PID:5584
- C:\Windows\System\JVpsDgs.exe
  C:\Windows\System\JVpsDgs.exe
  2⤵
  PID:6804
- C:\Windows\System\DhDmEfQ.exe
  C:\Windows\System\DhDmEfQ.exe
  2⤵
  PID:7148
- C:\Windows\System\rFUgFAj.exe
  C:\Windows\System\rFUgFAj.exe
  2⤵
  PID:2688
- C:\Windows\System\XDduBGK.exe
  C:\Windows\System\XDduBGK.exe
  2⤵
  PID:2564
- C:\Windows\System\sqOzRIW.exe
  C:\Windows\System\sqOzRIW.exe
  2⤵
  PID:7236
- C:\Windows\System\rKALazH.exe
  C:\Windows\System\rKALazH.exe
  2⤵
  PID:7192
- C:\Windows\System\EXSIuOM.exe
  C:\Windows\System\EXSIuOM.exe
  2⤵
  PID:7316
- C:\Windows\System\hxpmKfk.exe
  C:\Windows\System\hxpmKfk.exe
  2⤵
  PID:7408
- C:\Windows\System\FTalzLD.exe
  C:\Windows\System\FTalzLD.exe
  2⤵
  PID:7452
- C:\Windows\System\WmXozye.exe
  C:\Windows\System\WmXozye.exe
  2⤵
  PID:7468
- C:\Windows\System\VbFkfHS.exe
  C:\Windows\System\VbFkfHS.exe
  2⤵
  PID:7428
- C:\Windows\System\rrQEiNj.exe
  C:\Windows\System\rrQEiNj.exe
  2⤵
  PID:7536
- C:\Windows\System\nomLome.exe
  C:\Windows\System\nomLome.exe
  2⤵
  PID:7592
- C:\Windows\System\SSqoquX.exe
  C:\Windows\System\SSqoquX.exe
  2⤵
  PID:7692
- C:\Windows\System\YgGbqyA.exe
  C:\Windows\System\YgGbqyA.exe
  2⤵
  PID:7776
- C:\Windows\System\NobrYjW.exe
  C:\Windows\System\NobrYjW.exe
  2⤵
  PID:7732
- C:\Windows\System\EOfGcvq.exe
  C:\Windows\System\EOfGcvq.exe
  2⤵
  PID:7756
- C:\Windows\System\RPofajt.exe
  C:\Windows\System\RPofajt.exe
  2⤵
  PID:7792
- C:\Windows\System\XnNDbWo.exe
  C:\Windows\System\XnNDbWo.exe
  2⤵
  PID:7872
- C:\Windows\System\wUjbYdn.exe
  C:\Windows\System\wUjbYdn.exe
  2⤵
  PID:7868
- C:\Windows\System\wSbSXrw.exe
  C:\Windows\System\wSbSXrw.exe
  2⤵
  PID:8088
- C:\Windows\System\qIEjvaS.exe
  C:\Windows\System\qIEjvaS.exe
  2⤵
  PID:1900
- C:\Windows\System\jYsfenD.exe
  C:\Windows\System\jYsfenD.exe
  2⤵
  PID:7996
- C:\Windows\System\iOApPaZ.exe
  C:\Windows\System\iOApPaZ.exe
  2⤵
  PID:1088
- C:\Windows\System\dtYIVPB.exe
  C:\Windows\System\dtYIVPB.exe
  2⤵
  PID:6284
- C:\Windows\System\tVdqUrf.exe
  C:\Windows\System\tVdqUrf.exe
  2⤵
  PID:6564
- C:\Windows\System\LGBdmKS.exe
  C:\Windows\System\LGBdmKS.exe
  2⤵
  PID:8148
- C:\Windows\System\dpqeMUh.exe
  C:\Windows\System\dpqeMUh.exe
  2⤵
  PID:6684
- C:\Windows\System\dYviVCH.exe
  C:\Windows\System\dYviVCH.exe
  2⤵
  PID:7268
- C:\Windows\System\XiigOZr.exe
  C:\Windows\System\XiigOZr.exe
  2⤵
  PID:7308
- C:\Windows\System\dNFauPR.exe
  C:\Windows\System\dNFauPR.exe
  2⤵
  PID:7476
- C:\Windows\System\FfEpCcO.exe
  C:\Windows\System\FfEpCcO.exe
  2⤵
  PID:7512
- C:\Windows\System\ArvLWEv.exe
  C:\Windows\System\ArvLWEv.exe
  2⤵
  PID:2624
- C:\Windows\System\GmQYYch.exe
  C:\Windows\System\GmQYYch.exe
  2⤵
  PID:960
- C:\Windows\System\aOkLTUD.exe
  C:\Windows\System\aOkLTUD.exe
  2⤵
  PID:7608
- C:\Windows\System\yoNswqU.exe
  C:\Windows\System\yoNswqU.exe
  2⤵
  PID:4260
- C:\Windows\System\JjiTbAJ.exe
  C:\Windows\System\JjiTbAJ.exe
  2⤵
  PID:7844
- C:\Windows\System\YXUrmZh.exe
  C:\Windows\System\YXUrmZh.exe
  2⤵
  PID:7708
- C:\Windows\System\xyIkHeV.exe
  C:\Windows\System\xyIkHeV.exe
  2⤵
  PID:7956
- C:\Windows\System\LenEpYf.exe
  C:\Windows\System\LenEpYf.exe
  2⤵
  PID:7828
- C:\Windows\System\XKCQCRW.exe
  C:\Windows\System\XKCQCRW.exe
  2⤵
  PID:7916
- C:\Windows\System\BODbLNm.exe
  C:\Windows\System\BODbLNm.exe
  2⤵
  PID:7948
- C:\Windows\System\gSEfeyv.exe
  C:\Windows\System\gSEfeyv.exe
  2⤵
  PID:264
- C:\Windows\System\xveWKZx.exe
  C:\Windows\System\xveWKZx.exe
  2⤵
  PID:2680
- C:\Windows\System\MeMCKaG.exe
  C:\Windows\System\MeMCKaG.exe
  2⤵
  PID:7328
- C:\Windows\System\DhLxXOI.exe
  C:\Windows\System\DhLxXOI.exe
  2⤵
  PID:7256
- C:\Windows\System\RCORqVf.exe
  C:\Windows\System\RCORqVf.exe
  2⤵
  PID:2336
- C:\Windows\System\bzPIiyy.exe
  C:\Windows\System\bzPIiyy.exe
  2⤵
  PID:2980
- C:\Windows\System\FogsUMF.exe
  C:\Windows\System\FogsUMF.exe
  2⤵
  PID:7628
- C:\Windows\System\ARnukKp.exe
  C:\Windows\System\ARnukKp.exe
  2⤵
  PID:2368
- C:\Windows\System\txHdttb.exe
  C:\Windows\System\txHdttb.exe
  2⤵
  PID:7992
- C:\Windows\System\PitkmAv.exe
  C:\Windows\System\PitkmAv.exe
  2⤵
  PID:8156
- C:\Windows\System\DiktSwk.exe
  C:\Windows\System\DiktSwk.exe
  2⤵
  PID:8168
- C:\Windows\System\HLsapnM.exe
  C:\Windows\System\HLsapnM.exe
  2⤵
  PID:4540
- C:\Windows\System\jzwwtIq.exe
  C:\Windows\System\jzwwtIq.exe
  2⤵
  PID:7436
- C:\Windows\System\VTWqxoH.exe
  C:\Windows\System\VTWqxoH.exe
  2⤵
  PID:6300
- C:\Windows\System\sYVxDrq.exe
  C:\Windows\System\sYVxDrq.exe
  2⤵
  PID:1728
- C:\Windows\System\gxvrKyR.exe
  C:\Windows\System\gxvrKyR.exe
  2⤵
  PID:7752
- C:\Windows\System\lgHWWSS.exe
  C:\Windows\System\lgHWWSS.exe
  2⤵
  PID:7912
- C:\Windows\System\sIlEbAh.exe
  C:\Windows\System\sIlEbAh.exe
  2⤵
  PID:8208
- C:\Windows\System\lbtPLgw.exe
  C:\Windows\System\lbtPLgw.exe
  2⤵
  PID:8228
- C:\Windows\System\zettzAz.exe
  C:\Windows\System\zettzAz.exe
  2⤵
  PID:8248
- C:\Windows\System\QpSJaxa.exe
  C:\Windows\System\QpSJaxa.exe
  2⤵
  PID:8268
- C:\Windows\System\lZtJoiL.exe
  C:\Windows\System\lZtJoiL.exe
  2⤵
  PID:8292
- C:\Windows\System\ncVauab.exe
  C:\Windows\System\ncVauab.exe
  2⤵
  PID:8312
- C:\Windows\System\RKfhNSk.exe
  C:\Windows\System\RKfhNSk.exe
  2⤵
  PID:8328
- C:\Windows\System\zmOzgrq.exe
  C:\Windows\System\zmOzgrq.exe
  2⤵
  PID:8348
- C:\Windows\System\xGwvYFF.exe
  C:\Windows\System\xGwvYFF.exe
  2⤵
  PID:8368
- C:\Windows\System\OWElqZW.exe
  C:\Windows\System\OWElqZW.exe
  2⤵
  PID:8384
- C:\Windows\System\yZtffOh.exe
  C:\Windows\System\yZtffOh.exe
  2⤵
  PID:8412
- C:\Windows\System\mmzvpSY.exe
  C:\Windows\System\mmzvpSY.exe
  2⤵
  PID:8428
- C:\Windows\System\pRbnlRz.exe
  C:\Windows\System\pRbnlRz.exe
  2⤵
  PID:8448
- C:\Windows\System\cwHWyNT.exe
  C:\Windows\System\cwHWyNT.exe
  2⤵
  PID:8464
- C:\Windows\System\mGpIJGV.exe
  C:\Windows\System\mGpIJGV.exe
  2⤵
  PID:8484
- C:\Windows\System\dNFbgEI.exe
  C:\Windows\System\dNFbgEI.exe
  2⤵
  PID:8504
- C:\Windows\System\wHZvTgl.exe
  C:\Windows\System\wHZvTgl.exe
  2⤵
  PID:8520
- C:\Windows\System\ptyHFVQ.exe
  C:\Windows\System\ptyHFVQ.exe
  2⤵
  PID:8536
- C:\Windows\System\mYGvOds.exe
  C:\Windows\System\mYGvOds.exe
  2⤵
  PID:8552
- C:\Windows\System\TUxPYaq.exe
  C:\Windows\System\TUxPYaq.exe
  2⤵
  PID:8568
- C:\Windows\System\DbrVfuz.exe
  C:\Windows\System\DbrVfuz.exe
  2⤵
  PID:8588
- C:\Windows\System\RwAXzWv.exe
  C:\Windows\System\RwAXzWv.exe
  2⤵
  PID:8612
- C:\Windows\System\xfypiwl.exe
  C:\Windows\System\xfypiwl.exe
  2⤵
  PID:8632
- C:\Windows\System\GCCHEFv.exe
  C:\Windows\System\GCCHEFv.exe
  2⤵
  PID:8656
- C:\Windows\System\uyrQczc.exe
  C:\Windows\System\uyrQczc.exe
  2⤵
  PID:8672
- C:\Windows\System\ZTOVlPh.exe
  C:\Windows\System\ZTOVlPh.exe
  2⤵
  PID:8696
- C:\Windows\System\aXsHxEK.exe
  C:\Windows\System\aXsHxEK.exe
  2⤵
  PID:8712
- C:\Windows\System\WeQWkVW.exe
  C:\Windows\System\WeQWkVW.exe
  2⤵
  PID:8728
- C:\Windows\System\dqOqtHs.exe
  C:\Windows\System\dqOqtHs.exe
  2⤵
  PID:8744
- C:\Windows\System\LAVXHFx.exe
  C:\Windows\System\LAVXHFx.exe
  2⤵
  PID:8772
- C:\Windows\System\veiyxBG.exe
  C:\Windows\System\veiyxBG.exe
  2⤵
  PID:8792
- C:\Windows\System\nSiHTdx.exe
  C:\Windows\System\nSiHTdx.exe
  2⤵
  PID:8812
- C:\Windows\System\eAbwcIg.exe
  C:\Windows\System\eAbwcIg.exe
  2⤵
  PID:8840
- C:\Windows\System\Cxnbgnd.exe
  C:\Windows\System\Cxnbgnd.exe
  2⤵
  PID:8872
- C:\Windows\System\tFOZIEk.exe
  C:\Windows\System\tFOZIEk.exe
  2⤵
  PID:8896
- C:\Windows\System\amrynqH.exe
  C:\Windows\System\amrynqH.exe
  2⤵
  PID:8916
- C:\Windows\System\dlPTHJn.exe
  C:\Windows\System\dlPTHJn.exe
  2⤵
  PID:8952
- C:\Windows\System\ihetLKe.exe
  C:\Windows\System\ihetLKe.exe
  2⤵
  PID:8968
- C:\Windows\System\ZXnMsEu.exe
  C:\Windows\System\ZXnMsEu.exe
  2⤵
  PID:8984
- C:\Windows\System\uwmjBds.exe
  C:\Windows\System\uwmjBds.exe
  2⤵
  PID:9000
- C:\Windows\System\OghnmUy.exe
  C:\Windows\System\OghnmUy.exe
  2⤵
  PID:9016
- C:\Windows\System\rPsBXei.exe
  C:\Windows\System\rPsBXei.exe
  2⤵
  PID:9032
- C:\Windows\System\wRAuIcu.exe
  C:\Windows\System\wRAuIcu.exe
  2⤵
  PID:9048
- C:\Windows\System\sMtItHO.exe
  C:\Windows\System\sMtItHO.exe
  2⤵
  PID:9064
- C:\Windows\System\vwYAFmV.exe
  C:\Windows\System\vwYAFmV.exe
  2⤵
  PID:9080
- C:\Windows\System\IBwuJNM.exe
  C:\Windows\System\IBwuJNM.exe
  2⤵
  PID:9096
- C:\Windows\System\QFeGVYL.exe
  C:\Windows\System\QFeGVYL.exe
  2⤵
  PID:9112
- C:\Windows\System\pGfdkDl.exe
  C:\Windows\System\pGfdkDl.exe
  2⤵
  PID:9128
- C:\Windows\System\zHpFYwf.exe
  C:\Windows\System\zHpFYwf.exe
  2⤵
  PID:9144
- C:\Windows\System\BFthrnX.exe
  C:\Windows\System\BFthrnX.exe
  2⤵
  PID:9160
- C:\Windows\System\dEcdCPr.exe
  C:\Windows\System\dEcdCPr.exe
  2⤵
  PID:9176
- C:\Windows\System\CiCYxsw.exe
  C:\Windows\System\CiCYxsw.exe
  2⤵
  PID:9192
- C:\Windows\System\SasTcap.exe
  C:\Windows\System\SasTcap.exe
  2⤵
  PID:9208
- C:\Windows\System\KhfwYzB.exe
  C:\Windows\System\KhfwYzB.exe
  2⤵
  PID:7856
- C:\Windows\System\tCxdWQt.exe
  C:\Windows\System\tCxdWQt.exe
  2⤵
  PID:7596
- C:\Windows\System\CtJTSjI.exe
  C:\Windows\System\CtJTSjI.exe
  2⤵
  PID:2964
- C:\Windows\System\HpaWZjr.exe
  C:\Windows\System\HpaWZjr.exe
  2⤵
  PID:348
- C:\Windows\System\mPTVSVq.exe
  C:\Windows\System\mPTVSVq.exe
  2⤵
  PID:6652
- C:\Windows\System\gZLWolR.exe
  C:\Windows\System\gZLWolR.exe
  2⤵
  PID:7656
- C:\Windows\System\oZBIVEL.exe
  C:\Windows\System\oZBIVEL.exe
  2⤵
  PID:8256
- C:\Windows\System\rpeCMEJ.exe
  C:\Windows\System\rpeCMEJ.exe
  2⤵
  PID:8204
- C:\Windows\System\zEnlkzQ.exe
  C:\Windows\System\zEnlkzQ.exe
  2⤵
  PID:8336
- C:\Windows\System\WnOTTkv.exe
  C:\Windows\System\WnOTTkv.exe
  2⤵
  PID:2892
- C:\Windows\System\tLOzshN.exe
  C:\Windows\System\tLOzshN.exe
  2⤵
  PID:8288
- C:\Windows\System\pWIpsww.exe
  C:\Windows\System\pWIpsww.exe
  2⤵
  PID:8380
- C:\Windows\System\NZXaTEt.exe
  C:\Windows\System\NZXaTEt.exe
  2⤵
  PID:8456
- C:\Windows\System\XTCDQNm.exe
  C:\Windows\System\XTCDQNm.exe
  2⤵
  PID:880
- C:\Windows\System\wUqvUSD.exe
  C:\Windows\System\wUqvUSD.exe
  2⤵
  PID:8360
- C:\Windows\System\yswPYYN.exe
  C:\Windows\System\yswPYYN.exe
  2⤵
  PID:8408
- C:\Windows\System\BZsHkom.exe
  C:\Windows\System\BZsHkom.exe
  2⤵
  PID:8444
- C:\Windows\System\OTtJorm.exe
  C:\Windows\System\OTtJorm.exe
  2⤵
  PID:1968
- C:\Windows\System\lqBEtOd.exe
  C:\Windows\System\lqBEtOd.exe
  2⤵
  PID:632
- C:\Windows\System\IiInuRl.exe
  C:\Windows\System\IiInuRl.exe
  2⤵
  PID:2924
- C:\Windows\System\RSioEDM.exe
  C:\Windows\System\RSioEDM.exe
  2⤵
  PID:8476
- C:\Windows\System\qGFFOdG.exe
  C:\Windows\System\qGFFOdG.exe
  2⤵
  PID:1484
- C:\Windows\System\WJkDOdO.exe
  C:\Windows\System\WJkDOdO.exe
  2⤵
  PID:1120
- C:\Windows\System\MFxdNKI.exe
  C:\Windows\System\MFxdNKI.exe
  2⤵
  PID:8528
- C:\Windows\System\wsVeQzb.exe
  C:\Windows\System\wsVeQzb.exe
  2⤵
  PID:8596
- C:\Windows\System\IOOejAd.exe
  C:\Windows\System\IOOejAd.exe
  2⤵
  PID:8856
- C:\Windows\System\OpDlHGS.exe
  C:\Windows\System\OpDlHGS.exe
  2⤵
  PID:8948
- C:\Windows\System\uWLSefv.exe
  C:\Windows\System\uWLSefv.exe
  2⤵
  PID:9040
- C:\Windows\System\yGVcSyX.exe
  C:\Windows\System\yGVcSyX.exe
  2⤵
  PID:9124
- C:\Windows\System\eoxkzsd.exe
  C:\Windows\System\eoxkzsd.exe
  2⤵
  PID:9060
- C:\Windows\System\fyTcvsl.exe
  C:\Windows\System\fyTcvsl.exe
  2⤵
  PID:9152
- C:\Windows\System\rKQtHYy.exe
  C:\Windows\System\rKQtHYy.exe
  2⤵
  PID:8028
- C:\Windows\System\aLaHUxe.exe
  C:\Windows\System\aLaHUxe.exe
  2⤵
  PID:7172
- C:\Windows\System\gwQByXq.exe
  C:\Windows\System\gwQByXq.exe
  2⤵
  PID:8300
- C:\Windows\System\lHNWMNS.exe
  C:\Windows\System\lHNWMNS.exe
  2⤵
  PID:8420
- C:\Windows\System\kLdgWJa.exe
  C:\Windows\System\kLdgWJa.exe
  2⤵
  PID:9204
- C:\Windows\System\FcAJCpo.exe
  C:\Windows\System\FcAJCpo.exe
  2⤵
  PID:7356
- C:\Windows\System\nFWWyKX.exe
  C:\Windows\System\nFWWyKX.exe
  2⤵
  PID:8200
- C:\Windows\System\gvsKGFz.exe
  C:\Windows\System\gvsKGFz.exe
  2⤵
  PID:2616
- C:\Windows\System\KyAEECF.exe
  C:\Windows\System\KyAEECF.exe
  2⤵
  PID:8472
- C:\Windows\System\JhzpfPF.exe
  C:\Windows\System\JhzpfPF.exe
  2⤵
  PID:2832
- C:\Windows\System\ZGPEmim.exe
  C:\Windows\System\ZGPEmim.exe
  2⤵
  PID:8440
- C:\Windows\System\jcsnuLf.exe
  C:\Windows\System\jcsnuLf.exe
  2⤵
  PID:2712
- C:\Windows\System\XytBLYP.exe
  C:\Windows\System\XytBLYP.exe
  2⤵
  PID:2404
- C:\Windows\System\SFWgwLR.exe
  C:\Windows\System\SFWgwLR.exe
  2⤵
  PID:8584
- C:\Windows\System\PLDIcfl.exe
  C:\Windows\System\PLDIcfl.exe
  2⤵
  PID:8628
- C:\Windows\System\JfOLCaX.exe
  C:\Windows\System\JfOLCaX.exe
  2⤵
  PID:8680
- C:\Windows\System\rUnmhHZ.exe
  C:\Windows\System\rUnmhHZ.exe
  2⤵
  PID:8684
- C:\Windows\System\wpLyacZ.exe
  C:\Windows\System\wpLyacZ.exe
  2⤵
  PID:8752
- C:\Windows\System\YkGtFLI.exe
  C:\Windows\System\YkGtFLI.exe
  2⤵
  PID:8808
- C:\Windows\System\hQiiGvt.exe
  C:\Windows\System\hQiiGvt.exe
  2⤵
  PID:8836
- C:\Windows\System\HCqYPeP.exe
  C:\Windows\System\HCqYPeP.exe
  2⤵
  PID:8864
- C:\Windows\System\IHxQyZg.exe
  C:\Windows\System\IHxQyZg.exe
  2⤵
  PID:8924
- C:\Windows\System\wVSccbc.exe
  C:\Windows\System\wVSccbc.exe
  2⤵
  PID:1504
- C:\Windows\System\hPKlTPY.exe
  C:\Windows\System\hPKlTPY.exe
  2⤵
  PID:8964
- C:\Windows\System\pqosVuQ.exe
  C:\Windows\System\pqosVuQ.exe
  2⤵
  PID:9108
- C:\Windows\System\fiHgSpC.exe
  C:\Windows\System\fiHgSpC.exe
  2⤵
  PID:9184
- C:\Windows\System\evxqDhe.exe
  C:\Windows\System\evxqDhe.exe
  2⤵
  PID:9092
- C:\Windows\System\ytXPVEH.exe
  C:\Windows\System\ytXPVEH.exe
  2⤵
  PID:7616
- C:\Windows\System\VpuHtvN.exe
  C:\Windows\System\VpuHtvN.exe
  2⤵
  PID:8276
- C:\Windows\System\KcyZkvp.exe
  C:\Windows\System\KcyZkvp.exe
  2⤵
  PID:7176
- C:\Windows\System\chDofwq.exe
  C:\Windows\System\chDofwq.exe
  2⤵
  PID:8436
- C:\Windows\System\eVaLEZG.exe
  C:\Windows\System\eVaLEZG.exe
  2⤵
  PID:8492
- C:\Windows\System\AmQXeQl.exe
  C:\Windows\System\AmQXeQl.exe
  2⤵
  PID:8724
- C:\Windows\System\cIFInbY.exe
  C:\Windows\System\cIFInbY.exe
  2⤵
  PID:8576
- C:\Windows\System\NCWZVkP.exe
  C:\Windows\System\NCWZVkP.exe
  2⤵
  PID:8740
- C:\Windows\System\sbRUlER.exe
  C:\Windows\System\sbRUlER.exe
  2⤵
  PID:8736
- C:\Windows\System\wPcIjLO.exe
  C:\Windows\System\wPcIjLO.exe
  2⤵
  PID:8852
- C:\Windows\System\eAhlOgC.exe
  C:\Windows\System\eAhlOgC.exe
  2⤵
  PID:8604
- C:\Windows\System\BSchaPh.exe
  C:\Windows\System\BSchaPh.exe
  2⤵
  PID:2096
- C:\Windows\System\DKkoKlJ.exe
  C:\Windows\System\DKkoKlJ.exe
  2⤵
  PID:9140
- C:\Windows\System\ErCvDat.exe
  C:\Windows\System\ErCvDat.exe
  2⤵
  PID:9168
- C:\Windows\System\cLxRwvN.exe
  C:\Windows\System\cLxRwvN.exe
  2⤵
  PID:8220
- C:\Windows\System\zKlrdrT.exe
  C:\Windows\System\zKlrdrT.exe
  2⤵
  PID:2700
- C:\Windows\System\mpTHsDv.exe
  C:\Windows\System\mpTHsDv.exe
  2⤵
  PID:8564
- C:\Windows\System\KjBmtUG.exe
  C:\Windows\System\KjBmtUG.exe
  2⤵
  PID:8708
- C:\Windows\System\QskWMHE.exe
  C:\Windows\System\QskWMHE.exe
  2⤵
  PID:8704
- C:\Windows\System\zKtYYyU.exe
  C:\Windows\System\zKtYYyU.exe
  2⤵
  PID:8620
- C:\Windows\System\PcuXnyJ.exe
  C:\Windows\System\PcuXnyJ.exe
  2⤵
  PID:8800
- C:\Windows\System\BqvDwzo.exe
  C:\Windows\System\BqvDwzo.exe
  2⤵
  PID:8364
- C:\Windows\System\kMXIceR.exe
  C:\Windows\System\kMXIceR.exe
  2⤵
  PID:8496
- C:\Windows\System\CQYaHXx.exe
  C:\Windows\System\CQYaHXx.exe
  2⤵
  PID:8828
- C:\Windows\System\TDCcFyM.exe
  C:\Windows\System\TDCcFyM.exe
  2⤵
  PID:8944
- C:\Windows\System\vJiTKxk.exe
  C:\Windows\System\vJiTKxk.exe
  2⤵
  PID:9056
- C:\Windows\System\cejnGwP.exe
  C:\Windows\System\cejnGwP.exe
  2⤵
  PID:2904
- C:\Windows\System\KJyXQAT.exe
  C:\Windows\System\KJyXQAT.exe
  2⤵
  PID:8480
- C:\Windows\System\hMtZmJd.exe
  C:\Windows\System\hMtZmJd.exe
  2⤵
  PID:8532
- C:\Windows\System\iRXJJlW.exe
  C:\Windows\System\iRXJJlW.exe
  2⤵
  PID:8912
- C:\Windows\System\kmVxAZe.exe
  C:\Windows\System\kmVxAZe.exe
  2⤵
  PID:8720
- C:\Windows\System\eDiVKQz.exe
  C:\Windows\System\eDiVKQz.exe
  2⤵
  PID:1956
- C:\Windows\System\YnneJvE.exe
  C:\Windows\System\YnneJvE.exe
  2⤵
  PID:8324
- C:\Windows\System\YzKTYWU.exe
  C:\Windows\System\YzKTYWU.exe
  2⤵
  PID:9220
- C:\Windows\System\FjkPnko.exe
  C:\Windows\System\FjkPnko.exe
  2⤵
  PID:9236
- C:\Windows\System\nndhooJ.exe
  C:\Windows\System\nndhooJ.exe
  2⤵
  PID:9256
- C:\Windows\System\LfBmnQy.exe
  C:\Windows\System\LfBmnQy.exe
  2⤵
  PID:9276
- C:\Windows\System\qqsWTTD.exe
  C:\Windows\System\qqsWTTD.exe
  2⤵
  PID:9292
- C:\Windows\System\YBCyQMq.exe
  C:\Windows\System\YBCyQMq.exe
  2⤵
  PID:9312
- C:\Windows\System\hMNpjAJ.exe
  C:\Windows\System\hMNpjAJ.exe
  2⤵
  PID:9328
- C:\Windows\System\xGtwDZU.exe
  C:\Windows\System\xGtwDZU.exe
  2⤵
  PID:9344
- C:\Windows\System\YVQbjDD.exe
  C:\Windows\System\YVQbjDD.exe
  2⤵
  PID:9360
- C:\Windows\System\npzWdZt.exe
  C:\Windows\System\npzWdZt.exe
  2⤵
  PID:9376
- C:\Windows\System\VsltFcz.exe
  C:\Windows\System\VsltFcz.exe
  2⤵
  PID:9392
- C:\Windows\System\YxQShbG.exe
  C:\Windows\System\YxQShbG.exe
  2⤵
  PID:9412
- C:\Windows\System\SOKkEXE.exe
  C:\Windows\System\SOKkEXE.exe
  2⤵
  PID:9428
- C:\Windows\System\QMWBChw.exe
  C:\Windows\System\QMWBChw.exe
  2⤵
  PID:9456
- C:\Windows\System\VPkXEsF.exe
  C:\Windows\System\VPkXEsF.exe
  2⤵
  PID:9516
- C:\Windows\System\sVQzvpa.exe
  C:\Windows\System\sVQzvpa.exe
  2⤵
  PID:9532
- C:\Windows\System\ktlBtQx.exe
  C:\Windows\System\ktlBtQx.exe
  2⤵
  PID:9556
- C:\Windows\System\Aulvpgv.exe
  C:\Windows\System\Aulvpgv.exe
  2⤵
  PID:9572
- C:\Windows\System\GXbrrDZ.exe
  C:\Windows\System\GXbrrDZ.exe
  2⤵
  PID:9596
- C:\Windows\System\AxvxEVY.exe
  C:\Windows\System\AxvxEVY.exe
  2⤵
  PID:9616
- C:\Windows\System\EyxeIIB.exe
  C:\Windows\System\EyxeIIB.exe
  2⤵
  PID:9632
- C:\Windows\System\bXZVbKb.exe
  C:\Windows\System\bXZVbKb.exe
  2⤵
  PID:9652
- C:\Windows\System\pWMaKkt.exe
  C:\Windows\System\pWMaKkt.exe
  2⤵
  PID:9672
- C:\Windows\System\eTUExwB.exe
  C:\Windows\System\eTUExwB.exe
  2⤵
  PID:9696
- C:\Windows\System\MOcxHfk.exe
  C:\Windows\System\MOcxHfk.exe
  2⤵
  PID:9712
- C:\Windows\System\srWtPHU.exe
  C:\Windows\System\srWtPHU.exe
  2⤵
  PID:9736
- C:\Windows\System\hgmtUCN.exe
  C:\Windows\System\hgmtUCN.exe
  2⤵
  PID:9756
- C:\Windows\System\luibrYA.exe
  C:\Windows\System\luibrYA.exe
  2⤵
  PID:9772
- C:\Windows\System\GlruenV.exe
  C:\Windows\System\GlruenV.exe
  2⤵
  PID:9796
- C:\Windows\System\tYAcqBL.exe
  C:\Windows\System\tYAcqBL.exe
  2⤵
  PID:9816
- C:\Windows\System\HaDviwD.exe
  C:\Windows\System\HaDviwD.exe
  2⤵
  PID:9832
- C:\Windows\System\sqmjkKs.exe
  C:\Windows\System\sqmjkKs.exe
  2⤵
  PID:9852
- C:\Windows\System\oNcQcGO.exe
  C:\Windows\System\oNcQcGO.exe
  2⤵
  PID:9872
- C:\Windows\System\RzziOtB.exe
  C:\Windows\System\RzziOtB.exe
  2⤵
  PID:9888
- C:\Windows\System\TsorSig.exe
  C:\Windows\System\TsorSig.exe
  2⤵
  PID:9904
- C:\Windows\System\RIuzIUx.exe
  C:\Windows\System\RIuzIUx.exe
  2⤵
  PID:9924
- C:\Windows\System\gGgFQUC.exe
  C:\Windows\System\gGgFQUC.exe
  2⤵
  PID:9940
- C:\Windows\System\msYboqI.exe
  C:\Windows\System\msYboqI.exe
  2⤵
  PID:9956
- C:\Windows\System\EyzKtbn.exe
  C:\Windows\System\EyzKtbn.exe
  2⤵
  PID:9972
- C:\Windows\System\SfigHqR.exe
  C:\Windows\System\SfigHqR.exe
  2⤵
  PID:9992
- C:\Windows\System\meIVnDt.exe
  C:\Windows\System\meIVnDt.exe
  2⤵
  PID:10016
- C:\Windows\System\etbnLFw.exe
  C:\Windows\System\etbnLFw.exe
  2⤵
  PID:10032
- C:\Windows\System\TJCTjNB.exe
  C:\Windows\System\TJCTjNB.exe
  2⤵
  PID:10048
- C:\Windows\System\lwkdjgs.exe
  C:\Windows\System\lwkdjgs.exe
  2⤵
  PID:10064
- C:\Windows\System\XNtdTSC.exe
  C:\Windows\System\XNtdTSC.exe
  2⤵
  PID:10080
- C:\Windows\System\tDibunm.exe
  C:\Windows\System\tDibunm.exe
  2⤵
  PID:10096
- C:\Windows\System\WlXYfJM.exe
  C:\Windows\System\WlXYfJM.exe
  2⤵
  PID:10112
- C:\Windows\System\DEybDFK.exe
  C:\Windows\System\DEybDFK.exe
  2⤵
  PID:10172
- C:\Windows\System\cRwKHMM.exe
  C:\Windows\System\cRwKHMM.exe
  2⤵
  PID:10196
- C:\Windows\System\tvNctPV.exe
  C:\Windows\System\tvNctPV.exe
  2⤵
  PID:10220
- C:\Windows\System\keJAmke.exe
  C:\Windows\System\keJAmke.exe
  2⤵
  PID:10236
- C:\Windows\System\kjCUWcV.exe
  C:\Windows\System\kjCUWcV.exe
  2⤵
  PID:9248
- C:\Windows\System\blKPtZF.exe
  C:\Windows\System\blKPtZF.exe
  2⤵
  PID:9200
- C:\Windows\System\TyFHTxP.exe
  C:\Windows\System\TyFHTxP.exe
  2⤵
  PID:9284
- C:\Windows\System\oOqxChW.exe
  C:\Windows\System\oOqxChW.exe
  2⤵
  PID:9352
- C:\Windows\System\dXNALqa.exe
  C:\Windows\System\dXNALqa.exe
  2⤵
  PID:9400
- C:\Windows\System\fuBZlVj.exe
  C:\Windows\System\fuBZlVj.exe
  2⤵
  PID:9444
- C:\Windows\System\xSUIVjY.exe
  C:\Windows\System\xSUIVjY.exe
  2⤵
  PID:9420
- C:\Windows\System\LqgEszo.exe
  C:\Windows\System\LqgEszo.exe
  2⤵
  PID:9480
- C:\Windows\System\uHtHooe.exe
  C:\Windows\System\uHtHooe.exe
  2⤵
  PID:9496
- C:\Windows\System\iJwBjqm.exe
  C:\Windows\System\iJwBjqm.exe
  2⤵
  PID:9528
- C:\Windows\System\mejnDTN.exe
  C:\Windows\System\mejnDTN.exe
  2⤵
  PID:9544
- C:\Windows\System\mwHAVaG.exe
  C:\Windows\System\mwHAVaG.exe
  2⤵
  PID:9588
- C:\Windows\System\bfkSmFc.exe
  C:\Windows\System\bfkSmFc.exe
  2⤵
  PID:9612
- C:\Windows\System\rWfcIhd.exe
  C:\Windows\System\rWfcIhd.exe
  2⤵
  PID:9644
- C:\Windows\System\rsbrtBn.exe
  C:\Windows\System\rsbrtBn.exe
  2⤵
  PID:9692
- C:\Windows\System\YjCxfvF.exe
  C:\Windows\System\YjCxfvF.exe
  2⤵
  PID:9728
- C:\Windows\System\ZIupLeY.exe
  C:\Windows\System\ZIupLeY.exe
  2⤵
  PID:9752
- C:\Windows\System\QNvooIp.exe
  C:\Windows\System\QNvooIp.exe
  2⤵
  PID:9780
- C:\Windows\System\utQprcp.exe
  C:\Windows\System\utQprcp.exe
  2⤵
  PID:9840
- C:\Windows\System\JRKjBHR.exe
  C:\Windows\System\JRKjBHR.exe
  2⤵
  PID:9884
- C:\Windows\System\SjbiosG.exe
  C:\Windows\System\SjbiosG.exe
  2⤵
  PID:9980
- C:\Windows\System\MSwNGJv.exe
  C:\Windows\System\MSwNGJv.exe
  2⤵
  PID:9824
- C:\Windows\System\HaccAAz.exe
  C:\Windows\System\HaccAAz.exe
  2⤵
  PID:9936
- C:\Windows\System\LGSKnyD.exe
  C:\Windows\System\LGSKnyD.exe
  2⤵
  PID:9900
- C:\Windows\System\HoTUFXf.exe
  C:\Windows\System\HoTUFXf.exe
  2⤵
  PID:9964
- C:\Windows\System\BDHZEPI.exe
  C:\Windows\System\BDHZEPI.exe
  2⤵
  PID:10060
- C:\Windows\System\zyPlwzr.exe
  C:\Windows\System\zyPlwzr.exe
  2⤵
  PID:10092
- C:\Windows\System\jgYjLBh.exe
  C:\Windows\System\jgYjLBh.exe
  2⤵
  PID:10148
- C:\Windows\System\WoJKgwz.exe
  C:\Windows\System\WoJKgwz.exe
  2⤵
  PID:10124
- C:\Windows\System\vXPtNkz.exe
  C:\Windows\System\vXPtNkz.exe
  2⤵
  PID:10188
- C:\Windows\System\BPDXibm.exe
  C:\Windows\System\BPDXibm.exe
  2⤵
  PID:10208
- C:\Windows\System\iNschqp.exe
  C:\Windows\System\iNschqp.exe
  2⤵
  PID:10232
- C:\Windows\System\getsMSv.exe
  C:\Windows\System\getsMSv.exe
  2⤵
  PID:9272
- C:\Windows\System\LlsTXzD.exe
  C:\Windows\System\LlsTXzD.exe
  2⤵
  PID:9320
- C:\Windows\System\rgVEYpx.exe
  C:\Windows\System\rgVEYpx.exe
  2⤵
  PID:9372
- C:\Windows\System\RzaBsbf.exe
  C:\Windows\System\RzaBsbf.exe
  2⤵
  PID:9452
- C:\Windows\System\mQwhTqJ.exe
  C:\Windows\System\mQwhTqJ.exe
  2⤵
  PID:9476
- C:\Windows\System\GUAKpBM.exe
  C:\Windows\System\GUAKpBM.exe
  2⤵
  PID:9508
- C:\Windows\System\DoPyQja.exe
  C:\Windows\System\DoPyQja.exe
  2⤵
  PID:9564
- C:\Windows\System\SEEChmR.exe
  C:\Windows\System\SEEChmR.exe
  2⤵
  PID:9624
- C:\Windows\System\wRauHgu.exe
  C:\Windows\System\wRauHgu.exe
  2⤵
  PID:9744
- C:\Windows\System\lfqFbLg.exe
  C:\Windows\System\lfqFbLg.exe
  2⤵
  PID:9720
- C:\Windows\System\lVXkAmH.exe
  C:\Windows\System\lVXkAmH.exe
  2⤵
  PID:9640
- C:\Windows\System\eJhlOOt.exe
  C:\Windows\System\eJhlOOt.exe
  2⤵
  PID:9920
- C:\Windows\System\vGNnGjR.exe
  C:\Windows\System\vGNnGjR.exe
  2⤵
  PID:9792
- C:\Windows\System\XLkgiGe.exe
  C:\Windows\System\XLkgiGe.exe
  2⤵
  PID:10044
- C:\Windows\System\emPNJJv.exe
  C:\Windows\System\emPNJJv.exe
  2⤵
  PID:9896
- C:\Windows\System\GqiUFXa.exe
  C:\Windows\System\GqiUFXa.exe
  2⤵
  PID:10136
- C:\Windows\System\enlpBuT.exe
  C:\Windows\System\enlpBuT.exe
  2⤵
  PID:9264
- C:\Windows\System\jRTHord.exe
  C:\Windows\System\jRTHord.exe
  2⤵
  PID:9688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ADqrkcf.exe

Filesize
6.0MB

MD5
ac63b4c53946264a0c41433cca56bea8

SHA1
c42cca31104310d6d99cc6a4d3aa36f8bd3356a6

SHA256
b66ce5a3d0757a1bb842c9271183affe67b1e3b58de97204d7f471226505729a

SHA512
3f89c053031cb4fb45baa4d24a92403bfef6ab605ed05482609605fa19e34d8ee72c58969af7f38ea7fd7e1aed0442f8f2001161c0f5348da3dada158c5b8c58

Download Submit
C:\Windows\system\CZTdCUV.exe

Filesize
6.0MB

MD5
55860c6a414877da9857894d72d82f22

SHA1
d408208962c9c99fcaa14cff53155a7d1b516fe7

SHA256
cc624258fb6a20ed77efbd76f09f1378d44cd43de08d50a986e333dd68e94b0a

SHA512
e76c4a5b192035a8214447afb83a52a9f63197ea537e16c91c2d7a6a796df8f456dba55016e3558ff59a53e84590d0120babc3112d64f3bb7f2759a8678851ef

Download Submit
C:\Windows\system\DYeijGm.exe

Filesize
6.0MB

MD5
890ed553428e0378a6ee530fa94ec030

SHA1
f7eb005b23af5aa67b9667cab6da543a2bddf6b6

SHA256
b7fb977ec2ea78046f69ae0f9d1dde9bd1e62ba1ef802e6d9f4975700b550add

SHA512
cf5ab1341ec922b7a4a667057a4de36629a911e5e7dbf54db1439171f533a86717e030f49d8a21ba4eeb58f5f2df20bfd6112e7ae88a8c4cfca0c465fee40537

Download Submit
C:\Windows\system\FXWzQaI.exe

Filesize
6.0MB

MD5
ce03824fb8445270c3dc3c35f97dab80

SHA1
ea5384c8f3575b958006948446030a5b72090f9f

SHA256
149d12f1a74d58a4ff1ebd73a5cfdbc78872014dd322e5fb3980ab6009288503

SHA512
e4139a4486d1ae0cac6fc19de434f64e3414c3b31206972acd8c719b4ce0fd8d4e6deb881c79cd1a693b63d8bf978eee2dd15653cbe6f0dd49680459a2d2d0f3

Download Submit
C:\Windows\system\GpdVrCl.exe

Filesize
6.0MB

MD5
6e5f685be38fa8ba15aa9d2111fabba8

SHA1
6fcd38a8b0f52be5b89a80fff87d30e1e4ed2a50

SHA256
b57ec8146018dd11bd6d13f98d1d431235d90036e774e48124b6bc441352150b

SHA512
1e41c219f9f31a735554e0fa54404058616b1bdc852837bae10650bcb67dd71c9e7b7960ca2e8dff309950869274a03ecb28c9b7bee56634e5e4e7d972641997

Download Submit
C:\Windows\system\HsPsdtk.exe

Filesize
6.0MB

MD5
ebeb005e099203f4070e3177ce023842

SHA1
bfee17e7d3744a5d1953ac718d2a62f6907b7d60

SHA256
23b28fe835e971f7c16cc140e6d0006dc6699b48686d4f3791ac6b35de98f7c7

SHA512
5292d353d525c54112556357606600e11d6bb9eff9f810a5ffc41ea8a4dc45db0ad48f273e0c68941a3cf1cdceb9c8c06553f425025651b86f3e54fed3e2340e

Download Submit
C:\Windows\system\IWjijhg.exe

Filesize
6.0MB

MD5
7d01fac99b59337b77a395186a9e96db

SHA1
2922770aed704ed021fb5373fa7ba0a7f97db628

SHA256
eb27211961920d2700ddc1400fcad8773d79c44594fb50a39dd9af016826c9fd

SHA512
69b48c0d53595dfbdcb60fa186f5744170b00c07511132e40dbaa36293bd0721958668131e6a561d815a9830a447096e555dd103ee2146ce9b708223f1a458f9

Download Submit
C:\Windows\system\MGJHLvU.exe

Filesize
6.0MB

MD5
98bc38d156a3f3b60f0170df41b6d73c

SHA1
a78ddb17602f615d45eb71254a8c3dbc337a9154

SHA256
1527ba169091f0ca298853c6f0d9b9c0ddff63ad30055614c46cfe87e926cd73

SHA512
21cc7d8b96683bec087bfcbc5af9ff231d2f9b0cc78c3358113e2ba7e50bf45168b3ec90e9669db1a9cf2c8b29ac24d23b50c79a394f47d15336df9941bcb2b1

Download Submit
C:\Windows\system\NxAkuVU.exe

Filesize
6.0MB

MD5
a8dbde94189c0641b067bf73c8190536

SHA1
277a459f419da54e462f30c81a08e6a2a675aba9

SHA256
c7133ed5be0da0aa748311760243acac3f54c27e22d7fcb7635853c29db3bc59

SHA512
54f77413e57d3aa54ddd2e317def3155732cd377480658297ce768b5a9bcba8e97c16ef24935dc981e0b7d371aaf4a15a963fbaa736c06306793f76511195f85

Download Submit
C:\Windows\system\PGofXwC.exe

Filesize
6.0MB

MD5
2ae245921a488dc433009d50492c02b7

SHA1
6ad7f8e2448adb79b983bf579ae11413d7cd88f5

SHA256
64addc5fb41bfc21336151c251bf2f929ffe45d649b4ef0a1fdb616b5e804cef

SHA512
2c78b2ab4e553082b592009c025f61aad030709e671253005e311fb5e1b783f65d5633d0b60acb43864c336687010df445c1a186f2fb490acc822130c54cdc72

Download Submit
C:\Windows\system\RaHXczm.exe

Filesize
6.0MB

MD5
f5b3b775ff98b2ab1da1d1140e39bbf9

SHA1
fa99015ebabdcd1e2a5b6026e21be6779f419349

SHA256
a7a530974b41390f9f73b9e7be50521cd766c3c8092196c208fe977cd3d97c20

SHA512
83266a8c1a3ad9e8b7a719b4e65cb587fc02b3551e31c7f5cb1d224240d98ca0f50a9fe0caf4ce059acb9c3bdd97feb46873b5a93dd867fd0fb2988996014c5b

Download Submit
C:\Windows\system\UacARTn.exe

Filesize
6.0MB

MD5
2b043c42957a786ee0bed24998e7ea73

SHA1
742290c06d255ad24067baf6c6716250909d7215

SHA256
9a14624fb606101e19ea45e4402d7316e292800f7d9b838a1755b1f5484298ca

SHA512
78e2a6f4feff39f6224cf767398e3f8e13d744e105e3e80c017a7a8a6ba4fabab18ed2917ff5e8b40d471ebdbc925645b42c9c7aa75687c0c595ddd4218b693b

Download Submit
C:\Windows\system\XQGWQDT.exe

Filesize
6.0MB

MD5
138569898a14bb1370d3a891146fcbd1

SHA1
adf00aada4df703c3de2a5f374396a1488c7ea9c

SHA256
0c7a33c6dfae1276f3a37732eaaecb346e507ead22e94f55aa410b2a5140b1f9

SHA512
383be7fe488fa989fe615c13ec85930f361e9886fc3ac164541781a0ade269113e90612fbc88ea0db99dfddca44c0103716cd9428c96d1543898950943e99deb

Download Submit
C:\Windows\system\aGbzoPo.exe

Filesize
6.0MB

MD5
cef3b505bee3b8ca208ebb6200edb5c6

SHA1
b22081da94655cbc0c92e92f14f3d94e5e1172d4

SHA256
7a946ca8615174e5e8921370f93581a79720b2b412af94f77e6109db368d9287

SHA512
9f2e2bc821fc643adb9c1f2d4d86c5ec0af21f0709353ea00412fcc2288462cd56c1c907def6c302aa114c13a867f34c9e4e405f1d06f09072f89ac523b26556

Download Submit
C:\Windows\system\bYMtjKw.exe

Filesize
6.0MB

MD5
4691321efdb950183ba69ad77a3655f8

SHA1
91c2c3257d5edc6e4de26a586ef5a647245fd6bd

SHA256
893e3cd83449dac19319bf206d6899ffb960a46a14e77bc7f0798cfc0e4e15a7

SHA512
f6e24be7afc19bb1668db54658324cc6e403ea681c210f913330886e0c5082387ecebcdcd1fd8d9b17dff3a7a36f295f830689d6e0670bee89ae38147005229b

Download Submit
C:\Windows\system\dJFoVMe.exe

Filesize
6.0MB

MD5
0696abc403e6fd30a157c141238efd0f

SHA1
c58b58840ff684258c0c227f084813c6f996901f

SHA256
e3a56b86f23467b3ec72fd321fbddddaf4118da043b03d4e10d8227cc001ff69

SHA512
896b9dea997f0eb2d7f8406df48b6a13e2fa25a67332fefd917243808487c68d68099509bad1721d8154a5ed35d564bda22456df075f397849ed089be918a7e6

Download Submit
C:\Windows\system\gQMCcTY.exe

Filesize
6.0MB

MD5
e8e664479aee317f79f4c2e83ff0debf

SHA1
40a3ad5bc7f13359d3e6ea7167dce6348265d2fc

SHA256
3222b1260e2a91b8d60cd710ff22a304deef81b06bfc127db41b92f46e4121fc

SHA512
f116afa37076c0f4f3ac3309f2f602b959e1149e1b0d17be40f8cea617cd84f51eefc27063b2ac7f5eb6f6246cdd7196af465fee5d0bee4da5518a8e86efee42

Download Submit
C:\Windows\system\iIXzKVL.exe

Filesize
6.0MB

MD5
b18bfdf3a62189cc1b73e741fdf51902

SHA1
253d46f7642f376fcbb1fee3af905f9930eec5ba

SHA256
a7c928a545d4b671b4a6f810240bfaadf16de63a6c0bfe3e2444935214bae521

SHA512
403defa846b07fb1da3413f43f476c17c7eb504357df8934a084a8dc90675e201033f6a5f34352a1ffffc0c14fe5067a257559448b3a6d769ef815ef570aece0

Download Submit
C:\Windows\system\iIbfLEt.exe

Filesize
6.0MB

MD5
f25dee8a02f272e4a71463fb3fc18981

SHA1
cedb9ec741cfdd0511cdf85ef655b1f0c6569600

SHA256
c8c7680592d9727799f617423116291252e19f6e712d05c452dc6797827025fd

SHA512
a9e0ce92375ea84dad5da14fc46bf1513302264e3ed8f77782d8078493a96b92f67c899c4dda6d70489b0f47f05cedd3e647a350f33457eb450e78d062961353

Download Submit
C:\Windows\system\mrLamiN.exe

Filesize
6.0MB

MD5
ec07701a894c2c0d338a35edbf03f759

SHA1
f88e3bd6edef7d614e23bbbd08431d005b81e1f9

SHA256
e33197fbcb3df1015900e6e50ae3505563056f9932db3a4155c04cd135c4352b

SHA512
2a413a19d09d737f33424e06e33a62be357e45ff45df302c62d27dd7d60823685abfe8b28cc8a76dca7d96a85f6a5a563bc4b4915feef24fdeeb069266152b9e

Download Submit
C:\Windows\system\oMvdIji.exe

Filesize
6.0MB

MD5
a55bc0a0726e54936d26c88fcca74431

SHA1
2ccd30c1990141993a5ec7b9c66110ac245f487d

SHA256
43ff3bc87da5b80ef40be6dd60d8db5b4c46d67054e629ff8d99fca0ab41e07d

SHA512
3cd7c34bf3fa147135d5a265b139483a271b3baa0cbffd10cfef18af96b68ccd289ce1ec96f581ddcb79891eb1446a567b46eaa34ba5832bde93365088c437e7

Download Submit
C:\Windows\system\rauHuLr.exe

Filesize
6.0MB

MD5
01b56a2ee15ca521b1c9545cf0d86dd0

SHA1
5eb741f5ecd680e6f46e4ebdd44e970c9d2331b6

SHA256
fafab0c3370b388965400f874f3eae1a1b40dca625eb593fd4e8bcd4fce30d58

SHA512
b3d010ec3cfba79a67698a1b1a786ca76e183a88c23dbbbde133478812e535f832e0fca856d1c37bc0a16dbb1db2dbaa680a9d935c1c6ff69e9c5457ae087249

Download Submit
C:\Windows\system\sGOaydl.exe

Filesize
6.0MB

MD5
86aea06b1eca30dcadee44fe4a21e9b7

SHA1
0c8c0feac96430401ae88744d89289c2cbedb1d8

SHA256
2c3d32ba74612b4b58d37ff74a8c2fdc7e25a3c286b37c86d3e1323e9fa4de28

SHA512
50e248530ed2e4a8ebdcab29a49f80bcd714184d3e4461a91593e82ec44baab7bd61a28b1741894a132f167eebf48b9bd03b3b996769c6562fb72216d50765de

Download Submit
C:\Windows\system\tvGdZES.exe

Filesize
6.0MB

MD5
bedacb8e9dfa22246fa097a8f469cb0b

SHA1
f287ed7d1164b1e68b275456b80ee47fe97c6e25

SHA256
588b2340b702a916c87e3d6db923d119064f2c8dba3e6c3732efcdac0fd7379d

SHA512
cf9bf9b441f7794dc35234ea332aa4b4e6aa3b02153540cc54f706e27d892d09ad5ae1f06cb3b1867a89b855168e33143b34099dc0379e9898f8ab3ec3fb42ab

Download Submit
C:\Windows\system\txZLCVv.exe

Filesize
6.0MB

MD5
6438ffa9b27309d5276c462c0dd7260a

SHA1
320f2138e9bbf0400cd7607b2fb9b7cae96d5299

SHA256
d3af1deb14646c7326a2a3ab9af0629ab33ebf9feaed7beb942668acbb76860d

SHA512
fc64639ff2b67ff3b4c3f86ebe4e564239ebfeaa5877ab155a2a4b32ee3506acb0599966463d4f37bdbbff110cfea439688440d307da91809a1294407de77bad

Download Submit
C:\Windows\system\xhdhvBR.exe

Filesize
6.0MB

MD5
746e699c48269f584ec7f0d8928690f3

SHA1
7209c42863434439c975f51f689e3190db5c47f4

SHA256
bc84ffedebe52029ad862a13e03677867798da7d7840ff0778d6fe1fd4ac3ac2

SHA512
b0e810ea95d073f48f83ea7866d8eea786b278b4fb5aff930b15739d2e85b6de58852eda86ef1c1f1bd3434c3246f8701f350e3ab413978be8393d8a927aff90

Download Submit
C:\Windows\system\xqQxRkt.exe

Filesize
6.0MB

MD5
f692454507990780d2a2cf8e3c94ab49

SHA1
21da428ecab92225f761c098e6afd7d96550e31f

SHA256
9a1706589238b781f9ea1c735593ac31e655198e9cd924a27cffd5fd2ab1bd76

SHA512
003ee7eb61e7d056e4fbf478f596cc3eb59f223a2961ac43d56aa276abd40acf64194dfeb89c717c1860a8cc82d4b479d62b916c3ef73074d8884390aa5f3f35

Download Submit
C:\Windows\system\xxxtaXH.exe

Filesize
6.0MB

MD5
9fa4130761a7f6afe7b4bd93669007b3

SHA1
bd6f6253ca7bc1dad5a0404351133a25bd088a5d

SHA256
d6927028b18db1a96f89c1ebdae4934166815ef015685c958ccd3307d68fd695

SHA512
dd4271cd2c0af9782a06342dae8381ee3531475a2d45e620f35e32fe9173b577da0cb4761b3bc58b9bc07eee4e332af5afc172bb2fedad9ea216d0228f0cbeb1

Download Submit
\Windows\system\LBbVnEy.exe

Filesize
6.0MB

MD5
d9b550af69befcdccb4164b1ae0f8612

SHA1
be4cc9de96818f24c9d554dfefef1732039a5643

SHA256
8642e8f7fc68bce164e9fe9dceedd41a1fa094e28bb85ff72df623b23e4d3ae4

SHA512
4e1ae241bde23c86142addbebe5169ecd33dc6076fd4533358c00e2159763f80a1ecb1eac2a473e988e8b5b8e692f6b5df22cacfc72d722af86601eda6e6a3dc

Download Submit
\Windows\system\PlyGClg.exe

Filesize
6.0MB

MD5
38a9ca1e87f1da495aaa14fccf01e588

SHA1
eda7df1dedfed203793c7060a7fd383565369722

SHA256
102be3b3b413c1725f975820753f1c4f8e33eca9116b1dcfdf32c4955c2c7d5a

SHA512
3cad630dc4223e8feb35e22b2c7f6b94f71ea4ce47748dcfb53aa0a6a46e2472086f4a6794e87d699c4a1c39d3037fb0eac6e713072296d83b2d807c6aebeb60

Download Submit
\Windows\system\elRrrlP.exe

Filesize
6.0MB

MD5
70e7ab78881de51e6e571bce64c77587

SHA1
a8c8a0c5ea78a6515f3a9b03fc1bcf8e491dcd82

SHA256
ab83436448780822009ad98ee3a660df8b902036f830368a53d24d27aeea65af

SHA512
659c71599ec1b878a474f23ad31903d83ff4ed8c05156bfe6e5c1ddf8e9fdfed3774642deb34907d319a9e0f76d0dcff76b46c0378fbedcef2e4b3fad9c7e5c5

Download Submit
\Windows\system\pOstFBE.exe

Filesize
6.0MB

MD5
eadde78713a8870fd2e8ebdfdc11fd5c

SHA1
9690cf549c6cbc8404b4ce7c5f7e03796c903d32

SHA256
9e77273ff7d3c78209fc1393d58fc61e73ba522e0f506b8f1d1d50c7efbb7fd1

SHA512
41ec032af92670ce91c249c2a6fb2831d0fb8440c9bf5a1a0ac86f3aede4abc55c88adcf5bd4838432de12743cfd1d6ca668ed076c7c576c6649fa915f379db2

Download Submit
\Windows\system\uypIKbM.exe

Filesize
6.0MB

MD5
cc7709d0e9c4b77863436d8327dc4600

SHA1
0f3b58514ed595b182791042a8870591c0c6d369

SHA256
5daf6277545216c58531e34c7a01c1c7653bb0adf47bcf79f7350acb6dfd8368

SHA512
78d535c1c3ee12b5adf6540d355932fb54c881db480469fd2b7ede4a0da547666a3ae27a6ed8cccaec91ef32c2fb315fee02b911b8b09bfdfdd3c98c622234a5

Download Submit
memory/836-80-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/836-4030-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/836-21-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/1592-102-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/1592-4041-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/1592-1489-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/1724-4029-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1724-19-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1724-79-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2076-4039-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-97-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-4038-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2372-88-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2468-4028-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-8-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-42-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-4031-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2488-35-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2532-111-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2532-103-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-278-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1488-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2532-78-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2532-0-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2532-76-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2532-75-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2532-36-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1838-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2532-39-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-68-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2532-96-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-26-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-12-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2532-592-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2532-63-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2532-55-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2532-46-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2532-34-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2656-87-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4040-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2656-738-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2756-4037-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2756-86-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2776-67-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2776-4033-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2804-27-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-89-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-4032-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-77-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-4035-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-50-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-4034-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-101-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-4036-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-70-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-277-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download