cobaltstrike | d8aa66da816fe030a04704b521bd1bbcff12c9dc51a7f66a5f4954fe111f40b8

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
11-11-2024 20:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

1627d3d748e1c05fc295578e79853dd6
SHA1

8b0193bfdc1c1a2de9f21703a5a616ceea4d8e17
SHA256

d8aa66da816fe030a04704b521bd1bbcff12c9dc51a7f66a5f4954fe111f40b8
SHA512

3666a3f3afe031e5169adbdfb34f2c8e71df34d489423592c4019375618f4e6ba9e0f4962520e6331c7266cacc2750d9156eb90ea102bccdda1d706dd691ff42
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUm:T+q56utgpPF8u/7m

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001202b-3.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000015cae-9.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015cc8-11.dat	cobalt_reflective_dll
behavioral1/files/0x0034000000015c8b-26.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cd1-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cfc-46.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d41-56.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cd7-102.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cf5-112.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d2a-117.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d43-127.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4b-132.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-198.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-193.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-188.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ecf-183.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-173.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df3-178.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-168.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-163.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d77-158.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-153.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6b-147.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d67-142.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d54-137.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3a-122.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c88-94.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c66-61.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d2a-50.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d0e-41.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c80-72.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d18-59.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2816-0-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x000c00000001202b-3.dat	xmrig
behavioral1/memory/3024-8-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/files/0x000d000000015cae-9.dat	xmrig
behavioral1/memory/2352-14-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2816-12-0x0000000002270000-0x00000000025C4000-memory.dmp	xmrig
behavioral1/files/0x0009000000015cc8-11.dat	xmrig
behavioral1/memory/2956-19-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x0034000000015c8b-26.dat	xmrig
behavioral1/files/0x0008000000015cd1-23.dat	xmrig
behavioral1/memory/2724-35-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2816-34-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2664-32-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015cfc-46.dat	xmrig
behavioral1/files/0x0009000000015d41-56.dat	xmrig
behavioral1/memory/2956-81-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/1036-84-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2404-55-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x0006000000016cd7-102.dat	xmrig
behavioral1/files/0x0006000000016cf5-112.dat	xmrig
behavioral1/files/0x0006000000016d2a-117.dat	xmrig
behavioral1/files/0x0006000000016d43-127.dat	xmrig
behavioral1/files/0x0006000000016d4b-132.dat	xmrig
behavioral1/files/0x000600000001749c-198.dat	xmrig
behavioral1/memory/2816-866-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2120-780-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2140-618-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2816-528-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2056-466-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/1036-383-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2172-303-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x0006000000017497-193.dat	xmrig
behavioral1/files/0x0006000000017049-188.dat	xmrig
behavioral1/files/0x0006000000016ecf-183.dat	xmrig
behavioral1/files/0x0006000000016dea-173.dat	xmrig
behavioral1/files/0x0006000000016df3-178.dat	xmrig
behavioral1/files/0x0006000000016de8-168.dat	xmrig
behavioral1/files/0x0006000000016d9f-163.dat	xmrig
behavioral1/files/0x0006000000016d77-158.dat	xmrig
behavioral1/files/0x0006000000016d6f-153.dat	xmrig
behavioral1/memory/2816-150-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d6b-147.dat	xmrig
behavioral1/files/0x0006000000016d67-142.dat	xmrig
behavioral1/files/0x0006000000016d54-137.dat	xmrig
behavioral1/files/0x0006000000016d3a-122.dat	xmrig
behavioral1/memory/2404-108-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2120-104-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2816-100-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2140-96-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2724-95-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c88-94.dat	xmrig
behavioral1/memory/2816-92-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2664-91-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c66-61.dat	xmrig
behavioral1/memory/2056-88-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d2a-50.dat	xmrig
behavioral1/memory/2816-44-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d0e-41.dat	xmrig
behavioral1/memory/2172-82-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2884-79-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/1480-74-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/768-73-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c80-72.dat	xmrig
behavioral1/memory/2352-68-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3024	jreOSwO.exe
2352	WwhddbN.exe
2956	IcJjbtm.exe
2664	RhqTnhD.exe
2724	XzoBraU.exe
2404	efxPJBU.exe
768	cRahTqh.exe
1480	xVrbPIK.exe
2884	sJfvVwC.exe
2172	cdZUmmw.exe
1036	brLfzgu.exe
2056	kcabscr.exe
2140	CTSuzUA.exe
2120	QKtTimW.exe
1096	GuHNZmp.exe
2032	UtZPpop.exe
1740	amJqUpv.exe
1888	IglOxvv.exe
2728	HSWzbjs.exe
304	VAprLvw.exe
1260	BkydeVI.exe
1440	YJkOeNl.exe
2180	lpvrsZL.exe
3040	KEjjTRY.exe
2416	UVIFIYh.exe
2256	KJNrFdn.exe
1052	mXNbAaS.exe
2440	VVoaHqY.exe
2540	ZxMntXr.exe
448	GibAVAm.exe
2304	gpcHFDz.exe
1068	ppwOEHe.exe
1336	dehfiWn.exe
1768	yxQjvMA.exe
2468	CwFFFFY.exe
1592	NAxoSoO.exe
1892	vohoKmE.exe
2640	EtPQZQM.exe
2564	jOiOUzR.exe
688	hwQgrRE.exe
2436	ahJJZxS.exe
2008	QhtkGiK.exe
1156	sLNhBhC.exe
2188	BAgkthr.exe
556	JtOonXp.exe
1632	iJuYNqU.exe
1880	QQmHszP.exe
3056	UsYYIVm.exe
1512	TMDyUmL.exe
1712	FBDJpjQ.exe
2560	DeJTwEJ.exe
2852	jFeZvBx.exe
2928	DvShiPC.exe
1616	tnhmijw.exe
1612	QTUevTn.exe
2676	fnDPgkN.exe
2800	MywfRtq.exe
2820	EBEILmz.exe
2704	ttKvtbm.exe
2668	fovDCiz.exe
2628	QCTezVZ.exe
268	oHouxJw.exe
2268	pRGoAgf.exe
320	YRhxwZU.exe

Loads dropped DLL 64 IoCs

pid	Process
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2816-0-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x000c00000001202b-3.dat	upx
behavioral1/memory/3024-8-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/files/0x000d000000015cae-9.dat	upx
behavioral1/memory/2352-14-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x0009000000015cc8-11.dat	upx
behavioral1/memory/2956-19-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x0034000000015c8b-26.dat	upx
behavioral1/files/0x0008000000015cd1-23.dat	upx
behavioral1/memory/2724-35-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2816-34-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2664-32-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x0007000000015cfc-46.dat	upx
behavioral1/files/0x0009000000015d41-56.dat	upx
behavioral1/memory/2956-81-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/1036-84-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2404-55-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x0006000000016cd7-102.dat	upx
behavioral1/files/0x0006000000016cf5-112.dat	upx
behavioral1/files/0x0006000000016d2a-117.dat	upx
behavioral1/files/0x0006000000016d43-127.dat	upx
behavioral1/files/0x0006000000016d4b-132.dat	upx
behavioral1/files/0x000600000001749c-198.dat	upx
behavioral1/memory/2120-780-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2140-618-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2056-466-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/1036-383-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2172-303-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x0006000000017497-193.dat	upx
behavioral1/files/0x0006000000017049-188.dat	upx
behavioral1/files/0x0006000000016ecf-183.dat	upx
behavioral1/files/0x0006000000016dea-173.dat	upx
behavioral1/files/0x0006000000016df3-178.dat	upx
behavioral1/files/0x0006000000016de8-168.dat	upx
behavioral1/files/0x0006000000016d9f-163.dat	upx
behavioral1/files/0x0006000000016d77-158.dat	upx
behavioral1/files/0x0006000000016d6f-153.dat	upx
behavioral1/files/0x0006000000016d6b-147.dat	upx
behavioral1/files/0x0006000000016d67-142.dat	upx
behavioral1/files/0x0006000000016d54-137.dat	upx
behavioral1/files/0x0006000000016d3a-122.dat	upx
behavioral1/memory/2404-108-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2120-104-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2140-96-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2724-95-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x0006000000016c88-94.dat	upx
behavioral1/memory/2664-91-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x0006000000016c66-61.dat	upx
behavioral1/memory/2056-88-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x0007000000015d2a-50.dat	upx
behavioral1/files/0x0007000000015d0e-41.dat	upx
behavioral1/memory/2172-82-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2884-79-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/1480-74-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/768-73-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x0006000000016c80-72.dat	upx
behavioral1/memory/2352-68-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x0007000000015d18-59.dat	upx
behavioral1/memory/3024-38-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/3024-2771-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2352-2879-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2664-2880-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2956-2883-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2404-2910-0x000000013F040000-0x000000013F394000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PKtlHTS.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DXXICZT.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tGyZjWX.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vohoKmE.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gQRPQkW.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OQDENGJ.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqslCmf.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jZkVrJG.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uBWQUiR.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HjwUpEC.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVPXQYp.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcUcqPF.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FVAIZVd.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmctCGW.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mukxsDp.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cNFlAcN.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CYiNBbl.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jreOSwO.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ppwOEHe.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VUdcdCJ.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zCVgMJb.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\padzmfp.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SuBDoeS.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTBkqGU.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JIITVDh.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KwAaIVZ.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eDHISxH.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wwOfvSZ.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QsTFZaK.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MZdVAao.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zKyArBq.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NeDaWbN.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PNHZURo.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZndriLO.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BAigwMn.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogzlOod.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SGUPtJK.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ovwVvPe.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\toyPFrc.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wHhcpFn.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHRUnsc.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RXliIif.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rAvewhs.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OZSTikM.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzifiei.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLXKnyA.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JyBJeNw.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AhSOgSn.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qjKrzHb.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LWoKfen.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QWQIjlD.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWayaif.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QAxckSV.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LAJzmEQ.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GUrngaZ.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eNBwWDF.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fovDCiz.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMFjfUm.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAcvjpJ.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sTTfmps.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDKVnnK.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yHXEOHb.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRrvetL.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EIkPOCv.exe	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 3024	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 3024	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 3024	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 2352	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 2352	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 2352	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 2956	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 2956	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 2956	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 2724	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2724	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2724	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2664	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 2664	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 2664	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 2404	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 2404	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 2404	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 2172	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 2172	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 2172	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 768	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 768	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 768	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 1036	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 1036	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 1036	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 1480	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 1480	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 1480	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 2056	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 2056	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 2056	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 2884	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 2884	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 2884	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 2140	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 2140	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 2140	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 2120	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 2120	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 2120	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 1096	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 1096	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 1096	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 2032	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 2032	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 2032	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 1740	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 1740	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 1740	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 1888	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 1888	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 1888	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 2728	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 2728	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 2728	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 304	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 304	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 304	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 1260	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 1260	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 1260	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 1440	2816	2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-11_1627d3d748e1c05fc295578e79853dd6_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Windows\System\jreOSwO.exe
  C:\Windows\System\jreOSwO.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\WwhddbN.exe
  C:\Windows\System\WwhddbN.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\IcJjbtm.exe
  C:\Windows\System\IcJjbtm.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\XzoBraU.exe
  C:\Windows\System\XzoBraU.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\RhqTnhD.exe
  C:\Windows\System\RhqTnhD.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\efxPJBU.exe
  C:\Windows\System\efxPJBU.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\cdZUmmw.exe
  C:\Windows\System\cdZUmmw.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\cRahTqh.exe
  C:\Windows\System\cRahTqh.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\brLfzgu.exe
  C:\Windows\System\brLfzgu.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\xVrbPIK.exe
  C:\Windows\System\xVrbPIK.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\kcabscr.exe
  C:\Windows\System\kcabscr.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\sJfvVwC.exe
  C:\Windows\System\sJfvVwC.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\CTSuzUA.exe
  C:\Windows\System\CTSuzUA.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\QKtTimW.exe
  C:\Windows\System\QKtTimW.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\GuHNZmp.exe
  C:\Windows\System\GuHNZmp.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\UtZPpop.exe
  C:\Windows\System\UtZPpop.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\amJqUpv.exe
  C:\Windows\System\amJqUpv.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\IglOxvv.exe
  C:\Windows\System\IglOxvv.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\HSWzbjs.exe
  C:\Windows\System\HSWzbjs.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\VAprLvw.exe
  C:\Windows\System\VAprLvw.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\BkydeVI.exe
  C:\Windows\System\BkydeVI.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\YJkOeNl.exe
  C:\Windows\System\YJkOeNl.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\lpvrsZL.exe
  C:\Windows\System\lpvrsZL.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\KEjjTRY.exe
  C:\Windows\System\KEjjTRY.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\UVIFIYh.exe
  C:\Windows\System\UVIFIYh.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\KJNrFdn.exe
  C:\Windows\System\KJNrFdn.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\mXNbAaS.exe
  C:\Windows\System\mXNbAaS.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\VVoaHqY.exe
  C:\Windows\System\VVoaHqY.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\ZxMntXr.exe
  C:\Windows\System\ZxMntXr.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\GibAVAm.exe
  C:\Windows\System\GibAVAm.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\gpcHFDz.exe
  C:\Windows\System\gpcHFDz.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\ppwOEHe.exe
  C:\Windows\System\ppwOEHe.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\dehfiWn.exe
  C:\Windows\System\dehfiWn.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\yxQjvMA.exe
  C:\Windows\System\yxQjvMA.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\CwFFFFY.exe
  C:\Windows\System\CwFFFFY.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\NAxoSoO.exe
  C:\Windows\System\NAxoSoO.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\vohoKmE.exe
  C:\Windows\System\vohoKmE.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\EtPQZQM.exe
  C:\Windows\System\EtPQZQM.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\jOiOUzR.exe
  C:\Windows\System\jOiOUzR.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\hwQgrRE.exe
  C:\Windows\System\hwQgrRE.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\ahJJZxS.exe
  C:\Windows\System\ahJJZxS.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\QhtkGiK.exe
  C:\Windows\System\QhtkGiK.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\sLNhBhC.exe
  C:\Windows\System\sLNhBhC.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\BAgkthr.exe
  C:\Windows\System\BAgkthr.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\JtOonXp.exe
  C:\Windows\System\JtOonXp.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\iJuYNqU.exe
  C:\Windows\System\iJuYNqU.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\QQmHszP.exe
  C:\Windows\System\QQmHszP.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\UsYYIVm.exe
  C:\Windows\System\UsYYIVm.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\TMDyUmL.exe
  C:\Windows\System\TMDyUmL.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\FBDJpjQ.exe
  C:\Windows\System\FBDJpjQ.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\DeJTwEJ.exe
  C:\Windows\System\DeJTwEJ.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\jFeZvBx.exe
  C:\Windows\System\jFeZvBx.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\DvShiPC.exe
  C:\Windows\System\DvShiPC.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\tnhmijw.exe
  C:\Windows\System\tnhmijw.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\QTUevTn.exe
  C:\Windows\System\QTUevTn.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\fnDPgkN.exe
  C:\Windows\System\fnDPgkN.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\MywfRtq.exe
  C:\Windows\System\MywfRtq.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\EBEILmz.exe
  C:\Windows\System\EBEILmz.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\ttKvtbm.exe
  C:\Windows\System\ttKvtbm.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\fovDCiz.exe
  C:\Windows\System\fovDCiz.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\QCTezVZ.exe
  C:\Windows\System\QCTezVZ.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\oHouxJw.exe
  C:\Windows\System\oHouxJw.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\pRGoAgf.exe
  C:\Windows\System\pRGoAgf.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\YRhxwZU.exe
  C:\Windows\System\YRhxwZU.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\agoGXYq.exe
  C:\Windows\System\agoGXYq.exe
  2⤵
  PID:836
- C:\Windows\System\UlJDWAY.exe
  C:\Windows\System\UlJDWAY.exe
  2⤵
  PID:2128
- C:\Windows\System\ynWWjRG.exe
  C:\Windows\System\ynWWjRG.exe
  2⤵
  PID:1908
- C:\Windows\System\OXJoCZZ.exe
  C:\Windows\System\OXJoCZZ.exe
  2⤵
  PID:620
- C:\Windows\System\GUrngaZ.exe
  C:\Windows\System\GUrngaZ.exe
  2⤵
  PID:1276
- C:\Windows\System\aboMDum.exe
  C:\Windows\System\aboMDum.exe
  2⤵
  PID:1272
- C:\Windows\System\ZsiObWj.exe
  C:\Windows\System\ZsiObWj.exe
  2⤵
  PID:1672
- C:\Windows\System\uBWQUiR.exe
  C:\Windows\System\uBWQUiR.exe
  2⤵
  PID:2520
- C:\Windows\System\QnJbbbO.exe
  C:\Windows\System\QnJbbbO.exe
  2⤵
  PID:2288
- C:\Windows\System\eyWkJJT.exe
  C:\Windows\System\eyWkJJT.exe
  2⤵
  PID:1944
- C:\Windows\System\VjChhth.exe
  C:\Windows\System\VjChhth.exe
  2⤵
  PID:1040
- C:\Windows\System\sOgvWgK.exe
  C:\Windows\System\sOgvWgK.exe
  2⤵
  PID:2504
- C:\Windows\System\htYBDRi.exe
  C:\Windows\System\htYBDRi.exe
  2⤵
  PID:1792
- C:\Windows\System\EsLrXuO.exe
  C:\Windows\System\EsLrXuO.exe
  2⤵
  PID:1956
- C:\Windows\System\jaCRfqo.exe
  C:\Windows\System\jaCRfqo.exe
  2⤵
  PID:1552
- C:\Windows\System\XbxBYKB.exe
  C:\Windows\System\XbxBYKB.exe
  2⤵
  PID:1760
- C:\Windows\System\FvPlfpi.exe
  C:\Windows\System\FvPlfpi.exe
  2⤵
  PID:1752
- C:\Windows\System\QWQIjlD.exe
  C:\Windows\System\QWQIjlD.exe
  2⤵
  PID:900
- C:\Windows\System\TLIHfWE.exe
  C:\Windows\System\TLIHfWE.exe
  2⤵
  PID:2424
- C:\Windows\System\urMPXhB.exe
  C:\Windows\System\urMPXhB.exe
  2⤵
  PID:3060
- C:\Windows\System\AaQATaK.exe
  C:\Windows\System\AaQATaK.exe
  2⤵
  PID:3064
- C:\Windows\System\byzuHLa.exe
  C:\Windows\System\byzuHLa.exe
  2⤵
  PID:2240
- C:\Windows\System\rdpcwWy.exe
  C:\Windows\System\rdpcwWy.exe
  2⤵
  PID:2760
- C:\Windows\System\WJJqFOi.exe
  C:\Windows\System\WJJqFOi.exe
  2⤵
  PID:1704
- C:\Windows\System\qlXZbFY.exe
  C:\Windows\System\qlXZbFY.exe
  2⤵
  PID:2584
- C:\Windows\System\GLsMIne.exe
  C:\Windows\System\GLsMIne.exe
  2⤵
  PID:2216
- C:\Windows\System\frleylL.exe
  C:\Windows\System\frleylL.exe
  2⤵
  PID:2972
- C:\Windows\System\iXuTEfk.exe
  C:\Windows\System\iXuTEfk.exe
  2⤵
  PID:2912
- C:\Windows\System\PAVaisS.exe
  C:\Windows\System\PAVaisS.exe
  2⤵
  PID:2836
- C:\Windows\System\TxXstJO.exe
  C:\Windows\System\TxXstJO.exe
  2⤵
  PID:2700
- C:\Windows\System\dwHGSwR.exe
  C:\Windows\System\dwHGSwR.exe
  2⤵
  PID:2356
- C:\Windows\System\Fvuqbdi.exe
  C:\Windows\System\Fvuqbdi.exe
  2⤵
  PID:712
- C:\Windows\System\alirOBb.exe
  C:\Windows\System\alirOBb.exe
  2⤵
  PID:1920
- C:\Windows\System\zJAKxRn.exe
  C:\Windows\System\zJAKxRn.exe
  2⤵
  PID:780
- C:\Windows\System\cNdhOZJ.exe
  C:\Windows\System\cNdhOZJ.exe
  2⤵
  PID:3020
- C:\Windows\System\SuBDoeS.exe
  C:\Windows\System\SuBDoeS.exe
  2⤵
  PID:2276
- C:\Windows\System\OjzLpVx.exe
  C:\Windows\System\OjzLpVx.exe
  2⤵
  PID:2284
- C:\Windows\System\Ozdlnga.exe
  C:\Windows\System\Ozdlnga.exe
  2⤵
  PID:1060
- C:\Windows\System\hsvmGjN.exe
  C:\Windows\System\hsvmGjN.exe
  2⤵
  PID:3004
- C:\Windows\System\qHnUwsI.exe
  C:\Windows\System\qHnUwsI.exe
  2⤵
  PID:1868
- C:\Windows\System\TwwwSNs.exe
  C:\Windows\System\TwwwSNs.exe
  2⤵
  PID:1708
- C:\Windows\System\miaUxhF.exe
  C:\Windows\System\miaUxhF.exe
  2⤵
  PID:872
- C:\Windows\System\mCrvwAH.exe
  C:\Windows\System\mCrvwAH.exe
  2⤵
  PID:2004
- C:\Windows\System\RdBHUag.exe
  C:\Windows\System\RdBHUag.exe
  2⤵
  PID:2528
- C:\Windows\System\rqsNOTA.exe
  C:\Windows\System\rqsNOTA.exe
  2⤵
  PID:2596
- C:\Windows\System\SbNWHaD.exe
  C:\Windows\System\SbNWHaD.exe
  2⤵
  PID:2752
- C:\Windows\System\fVfXpyu.exe
  C:\Windows\System\fVfXpyu.exe
  2⤵
  PID:2016
- C:\Windows\System\QvZdWVJ.exe
  C:\Windows\System\QvZdWVJ.exe
  2⤵
  PID:2796
- C:\Windows\System\BOYJqaR.exe
  C:\Windows\System\BOYJqaR.exe
  2⤵
  PID:2828
- C:\Windows\System\oxZMjid.exe
  C:\Windows\System\oxZMjid.exe
  2⤵
  PID:2740
- C:\Windows\System\OaiYcrh.exe
  C:\Windows\System\OaiYcrh.exe
  2⤵
  PID:1504
- C:\Windows\System\iWntaae.exe
  C:\Windows\System\iWntaae.exe
  2⤵
  PID:2744
- C:\Windows\System\femvEWv.exe
  C:\Windows\System\femvEWv.exe
  2⤵
  PID:2944
- C:\Windows\System\bhvmLMV.exe
  C:\Windows\System\bhvmLMV.exe
  2⤵
  PID:1836
- C:\Windows\System\jKqGZFP.exe
  C:\Windows\System\jKqGZFP.exe
  2⤵
  PID:3080
- C:\Windows\System\WSxnnUT.exe
  C:\Windows\System\WSxnnUT.exe
  2⤵
  PID:3096
- C:\Windows\System\OisVlDf.exe
  C:\Windows\System\OisVlDf.exe
  2⤵
  PID:3124
- C:\Windows\System\NLpFMzR.exe
  C:\Windows\System\NLpFMzR.exe
  2⤵
  PID:3148
- C:\Windows\System\HuTVZjF.exe
  C:\Windows\System\HuTVZjF.exe
  2⤵
  PID:3168
- C:\Windows\System\dKJWNNP.exe
  C:\Windows\System\dKJWNNP.exe
  2⤵
  PID:3188
- C:\Windows\System\FXjWzuy.exe
  C:\Windows\System\FXjWzuy.exe
  2⤵
  PID:3208
- C:\Windows\System\FhUgOPK.exe
  C:\Windows\System\FhUgOPK.exe
  2⤵
  PID:3224
- C:\Windows\System\gKLTgMd.exe
  C:\Windows\System\gKLTgMd.exe
  2⤵
  PID:3248
- C:\Windows\System\pTQUuRr.exe
  C:\Windows\System\pTQUuRr.exe
  2⤵
  PID:3268
- C:\Windows\System\lRPaOty.exe
  C:\Windows\System\lRPaOty.exe
  2⤵
  PID:3288
- C:\Windows\System\LEMEDir.exe
  C:\Windows\System\LEMEDir.exe
  2⤵
  PID:3308
- C:\Windows\System\TnWnYtU.exe
  C:\Windows\System\TnWnYtU.exe
  2⤵
  PID:3328
- C:\Windows\System\RcfcMOl.exe
  C:\Windows\System\RcfcMOl.exe
  2⤵
  PID:3348
- C:\Windows\System\WQvSkzw.exe
  C:\Windows\System\WQvSkzw.exe
  2⤵
  PID:3368
- C:\Windows\System\VzwpIio.exe
  C:\Windows\System\VzwpIio.exe
  2⤵
  PID:3388
- C:\Windows\System\qCfvOTc.exe
  C:\Windows\System\qCfvOTc.exe
  2⤵
  PID:3408
- C:\Windows\System\CSwaOpS.exe
  C:\Windows\System\CSwaOpS.exe
  2⤵
  PID:3428
- C:\Windows\System\NyIExcY.exe
  C:\Windows\System\NyIExcY.exe
  2⤵
  PID:3448
- C:\Windows\System\IrITXlJ.exe
  C:\Windows\System\IrITXlJ.exe
  2⤵
  PID:3468
- C:\Windows\System\EMdDONc.exe
  C:\Windows\System\EMdDONc.exe
  2⤵
  PID:3488
- C:\Windows\System\UTBkqGU.exe
  C:\Windows\System\UTBkqGU.exe
  2⤵
  PID:3504
- C:\Windows\System\ypWbOpO.exe
  C:\Windows\System\ypWbOpO.exe
  2⤵
  PID:3528
- C:\Windows\System\UCKPOHq.exe
  C:\Windows\System\UCKPOHq.exe
  2⤵
  PID:3552
- C:\Windows\System\llhdDEX.exe
  C:\Windows\System\llhdDEX.exe
  2⤵
  PID:3572
- C:\Windows\System\PDYVYFi.exe
  C:\Windows\System\PDYVYFi.exe
  2⤵
  PID:3588
- C:\Windows\System\RvnNhzo.exe
  C:\Windows\System\RvnNhzo.exe
  2⤵
  PID:3612
- C:\Windows\System\aZqghcc.exe
  C:\Windows\System\aZqghcc.exe
  2⤵
  PID:3628
- C:\Windows\System\QupynBB.exe
  C:\Windows\System\QupynBB.exe
  2⤵
  PID:3652
- C:\Windows\System\zWQLtpm.exe
  C:\Windows\System\zWQLtpm.exe
  2⤵
  PID:3672
- C:\Windows\System\BOuRzfF.exe
  C:\Windows\System\BOuRzfF.exe
  2⤵
  PID:3692
- C:\Windows\System\fFEOWGv.exe
  C:\Windows\System\fFEOWGv.exe
  2⤵
  PID:3716
- C:\Windows\System\GUgSnAz.exe
  C:\Windows\System\GUgSnAz.exe
  2⤵
  PID:3736
- C:\Windows\System\czLPUDE.exe
  C:\Windows\System\czLPUDE.exe
  2⤵
  PID:3752
- C:\Windows\System\EBsKUPP.exe
  C:\Windows\System\EBsKUPP.exe
  2⤵
  PID:3776
- C:\Windows\System\kiaEEiX.exe
  C:\Windows\System\kiaEEiX.exe
  2⤵
  PID:3796
- C:\Windows\System\aVsAtbR.exe
  C:\Windows\System\aVsAtbR.exe
  2⤵
  PID:3816
- C:\Windows\System\XxZwgaG.exe
  C:\Windows\System\XxZwgaG.exe
  2⤵
  PID:3836
- C:\Windows\System\mMmLeBz.exe
  C:\Windows\System\mMmLeBz.exe
  2⤵
  PID:3856
- C:\Windows\System\UovxwLK.exe
  C:\Windows\System\UovxwLK.exe
  2⤵
  PID:3876
- C:\Windows\System\aDXtkyy.exe
  C:\Windows\System\aDXtkyy.exe
  2⤵
  PID:3896
- C:\Windows\System\jqflbbr.exe
  C:\Windows\System\jqflbbr.exe
  2⤵
  PID:3916
- C:\Windows\System\kPcoQVu.exe
  C:\Windows\System\kPcoQVu.exe
  2⤵
  PID:3936
- C:\Windows\System\xfSYeec.exe
  C:\Windows\System\xfSYeec.exe
  2⤵
  PID:3956
- C:\Windows\System\UgBjHIr.exe
  C:\Windows\System\UgBjHIr.exe
  2⤵
  PID:3976
- C:\Windows\System\rVJuRal.exe
  C:\Windows\System\rVJuRal.exe
  2⤵
  PID:3996
- C:\Windows\System\eoIRfTm.exe
  C:\Windows\System\eoIRfTm.exe
  2⤵
  PID:4016
- C:\Windows\System\TpfaHzj.exe
  C:\Windows\System\TpfaHzj.exe
  2⤵
  PID:4036
- C:\Windows\System\WmVuatE.exe
  C:\Windows\System\WmVuatE.exe
  2⤵
  PID:4056
- C:\Windows\System\NztIbYW.exe
  C:\Windows\System\NztIbYW.exe
  2⤵
  PID:4076
- C:\Windows\System\UrknZDE.exe
  C:\Windows\System\UrknZDE.exe
  2⤵
  PID:1428
- C:\Windows\System\hhaydjm.exe
  C:\Windows\System\hhaydjm.exe
  2⤵
  PID:2364
- C:\Windows\System\LzvUHaN.exe
  C:\Windows\System\LzvUHaN.exe
  2⤵
  PID:2732
- C:\Windows\System\BKTDRcV.exe
  C:\Windows\System\BKTDRcV.exe
  2⤵
  PID:3048
- C:\Windows\System\LEVYivc.exe
  C:\Windows\System\LEVYivc.exe
  2⤵
  PID:988
- C:\Windows\System\acMorwg.exe
  C:\Windows\System\acMorwg.exe
  2⤵
  PID:2496
- C:\Windows\System\HKJzxbE.exe
  C:\Windows\System\HKJzxbE.exe
  2⤵
  PID:2948
- C:\Windows\System\lUOsYdI.exe
  C:\Windows\System\lUOsYdI.exe
  2⤵
  PID:2784
- C:\Windows\System\eoXJjGz.exe
  C:\Windows\System\eoXJjGz.exe
  2⤵
  PID:1164
- C:\Windows\System\JzuVyoe.exe
  C:\Windows\System\JzuVyoe.exe
  2⤵
  PID:2332
- C:\Windows\System\CXHcUlP.exe
  C:\Windows\System\CXHcUlP.exe
  2⤵
  PID:2492
- C:\Windows\System\lqmGDta.exe
  C:\Windows\System\lqmGDta.exe
  2⤵
  PID:3104
- C:\Windows\System\VulbvYo.exe
  C:\Windows\System\VulbvYo.exe
  2⤵
  PID:3140
- C:\Windows\System\YuaahKR.exe
  C:\Windows\System\YuaahKR.exe
  2⤵
  PID:3176
- C:\Windows\System\NZaaMwV.exe
  C:\Windows\System\NZaaMwV.exe
  2⤵
  PID:3216
- C:\Windows\System\ILiWKFB.exe
  C:\Windows\System\ILiWKFB.exe
  2⤵
  PID:3220
- C:\Windows\System\dGBRkZv.exe
  C:\Windows\System\dGBRkZv.exe
  2⤵
  PID:3284
- C:\Windows\System\YHEgKvo.exe
  C:\Windows\System\YHEgKvo.exe
  2⤵
  PID:3324
- C:\Windows\System\bpDrKHF.exe
  C:\Windows\System\bpDrKHF.exe
  2⤵
  PID:3364
- C:\Windows\System\GDYSNgr.exe
  C:\Windows\System\GDYSNgr.exe
  2⤵
  PID:3396
- C:\Windows\System\DijRHfn.exe
  C:\Windows\System\DijRHfn.exe
  2⤵
  PID:3416
- C:\Windows\System\eQNrean.exe
  C:\Windows\System\eQNrean.exe
  2⤵
  PID:3444
- C:\Windows\System\nrxKOtJ.exe
  C:\Windows\System\nrxKOtJ.exe
  2⤵
  PID:3456
- C:\Windows\System\AoDuMpn.exe
  C:\Windows\System\AoDuMpn.exe
  2⤵
  PID:3496
- C:\Windows\System\BVMnXFk.exe
  C:\Windows\System\BVMnXFk.exe
  2⤵
  PID:3560
- C:\Windows\System\xhmXVTU.exe
  C:\Windows\System\xhmXVTU.exe
  2⤵
  PID:3596
- C:\Windows\System\ekOLdIz.exe
  C:\Windows\System\ekOLdIz.exe
  2⤵
  PID:3584
- C:\Windows\System\coLkTVo.exe
  C:\Windows\System\coLkTVo.exe
  2⤵
  PID:3624
- C:\Windows\System\niafRnL.exe
  C:\Windows\System\niafRnL.exe
  2⤵
  PID:3664
- C:\Windows\System\UOqCLrh.exe
  C:\Windows\System\UOqCLrh.exe
  2⤵
  PID:3732
- C:\Windows\System\MgyOrNJ.exe
  C:\Windows\System\MgyOrNJ.exe
  2⤵
  PID:3760
- C:\Windows\System\IlGGRAA.exe
  C:\Windows\System\IlGGRAA.exe
  2⤵
  PID:3804
- C:\Windows\System\LBcCxmW.exe
  C:\Windows\System\LBcCxmW.exe
  2⤵
  PID:3792
- C:\Windows\System\FfmJkdM.exe
  C:\Windows\System\FfmJkdM.exe
  2⤵
  PID:3848
- C:\Windows\System\GqPSDxl.exe
  C:\Windows\System\GqPSDxl.exe
  2⤵
  PID:3888
- C:\Windows\System\FnUeAli.exe
  C:\Windows\System\FnUeAli.exe
  2⤵
  PID:3912
- C:\Windows\System\ZeSDCdX.exe
  C:\Windows\System\ZeSDCdX.exe
  2⤵
  PID:3964
- C:\Windows\System\wrHsDup.exe
  C:\Windows\System\wrHsDup.exe
  2⤵
  PID:3948
- C:\Windows\System\uXKmWfN.exe
  C:\Windows\System\uXKmWfN.exe
  2⤵
  PID:4012
- C:\Windows\System\SlXPECM.exe
  C:\Windows\System\SlXPECM.exe
  2⤵
  PID:4052
- C:\Windows\System\sPYxQXK.exe
  C:\Windows\System\sPYxQXK.exe
  2⤵
  PID:4064
- C:\Windows\System\DGbTExq.exe
  C:\Windows\System\DGbTExq.exe
  2⤵
  PID:1664
- C:\Windows\System\vmJbDDr.exe
  C:\Windows\System\vmJbDDr.exe
  2⤵
  PID:2232
- C:\Windows\System\ksyhxOu.exe
  C:\Windows\System\ksyhxOu.exe
  2⤵
  PID:1684
- C:\Windows\System\UTHVwLN.exe
  C:\Windows\System\UTHVwLN.exe
  2⤵
  PID:2076
- C:\Windows\System\eMFjfUm.exe
  C:\Windows\System\eMFjfUm.exe
  2⤵
  PID:2968
- C:\Windows\System\kbwNQkT.exe
  C:\Windows\System\kbwNQkT.exe
  2⤵
  PID:2860
- C:\Windows\System\lSrjwPv.exe
  C:\Windows\System\lSrjwPv.exe
  2⤵
  PID:3112
- C:\Windows\System\vlxMoHI.exe
  C:\Windows\System\vlxMoHI.exe
  2⤵
  PID:3156
- C:\Windows\System\MbvmEAs.exe
  C:\Windows\System\MbvmEAs.exe
  2⤵
  PID:3204
- C:\Windows\System\DtuBYRM.exe
  C:\Windows\System\DtuBYRM.exe
  2⤵
  PID:3236
- C:\Windows\System\pSJmOLb.exe
  C:\Windows\System\pSJmOLb.exe
  2⤵
  PID:3296
- C:\Windows\System\IeBLnOx.exe
  C:\Windows\System\IeBLnOx.exe
  2⤵
  PID:3340
- C:\Windows\System\BeJGQkV.exe
  C:\Windows\System\BeJGQkV.exe
  2⤵
  PID:3476
- C:\Windows\System\ImPRFXL.exe
  C:\Windows\System\ImPRFXL.exe
  2⤵
  PID:3180
- C:\Windows\System\jjXKLpK.exe
  C:\Windows\System\jjXKLpK.exe
  2⤵
  PID:3516
- C:\Windows\System\xlbdIEE.exe
  C:\Windows\System\xlbdIEE.exe
  2⤵
  PID:3564
- C:\Windows\System\mukxsDp.exe
  C:\Windows\System\mukxsDp.exe
  2⤵
  PID:3680
- C:\Windows\System\qcNYwfb.exe
  C:\Windows\System\qcNYwfb.exe
  2⤵
  PID:3744
- C:\Windows\System\cifzbgA.exe
  C:\Windows\System\cifzbgA.exe
  2⤵
  PID:3788
- C:\Windows\System\NXJGmxY.exe
  C:\Windows\System\NXJGmxY.exe
  2⤵
  PID:3828
- C:\Windows\System\UWfANaA.exe
  C:\Windows\System\UWfANaA.exe
  2⤵
  PID:3864
- C:\Windows\System\gQRPQkW.exe
  C:\Windows\System\gQRPQkW.exe
  2⤵
  PID:3924
- C:\Windows\System\uNCptbd.exe
  C:\Windows\System\uNCptbd.exe
  2⤵
  PID:3972
- C:\Windows\System\VWxrCCP.exe
  C:\Windows\System\VWxrCCP.exe
  2⤵
  PID:4084
- C:\Windows\System\bVQvVpE.exe
  C:\Windows\System\bVQvVpE.exe
  2⤵
  PID:4088
- C:\Windows\System\heDbOLU.exe
  C:\Windows\System\heDbOLU.exe
  2⤵
  PID:2148
- C:\Windows\System\WmeXwkY.exe
  C:\Windows\System\WmeXwkY.exe
  2⤵
  PID:2988
- C:\Windows\System\lUWNdHV.exe
  C:\Windows\System\lUWNdHV.exe
  2⤵
  PID:3092
- C:\Windows\System\alNDBQs.exe
  C:\Windows\System\alNDBQs.exe
  2⤵
  PID:1384
- C:\Windows\System\CeswahN.exe
  C:\Windows\System\CeswahN.exe
  2⤵
  PID:3276
- C:\Windows\System\JGmCSld.exe
  C:\Windows\System\JGmCSld.exe
  2⤵
  PID:3320
- C:\Windows\System\oKWZBNA.exe
  C:\Windows\System\oKWZBNA.exe
  2⤵
  PID:3420
- C:\Windows\System\wrXSMFp.exe
  C:\Windows\System\wrXSMFp.exe
  2⤵
  PID:3484
- C:\Windows\System\ZarXgjB.exe
  C:\Windows\System\ZarXgjB.exe
  2⤵
  PID:3580
- C:\Windows\System\kyyTela.exe
  C:\Windows\System\kyyTela.exe
  2⤵
  PID:3712
- C:\Windows\System\ZsPCKKb.exe
  C:\Windows\System\ZsPCKKb.exe
  2⤵
  PID:4104
- C:\Windows\System\dkuzpfg.exe
  C:\Windows\System\dkuzpfg.exe
  2⤵
  PID:4124
- C:\Windows\System\wkqLqlT.exe
  C:\Windows\System\wkqLqlT.exe
  2⤵
  PID:4144
- C:\Windows\System\kFmnpAR.exe
  C:\Windows\System\kFmnpAR.exe
  2⤵
  PID:4164
- C:\Windows\System\HmzNtuO.exe
  C:\Windows\System\HmzNtuO.exe
  2⤵
  PID:4184
- C:\Windows\System\dNOiQrc.exe
  C:\Windows\System\dNOiQrc.exe
  2⤵
  PID:4204
- C:\Windows\System\BdHTLHj.exe
  C:\Windows\System\BdHTLHj.exe
  2⤵
  PID:4228
- C:\Windows\System\cMhmwGu.exe
  C:\Windows\System\cMhmwGu.exe
  2⤵
  PID:4248
- C:\Windows\System\QaaKsIq.exe
  C:\Windows\System\QaaKsIq.exe
  2⤵
  PID:4272
- C:\Windows\System\vBzqvbj.exe
  C:\Windows\System\vBzqvbj.exe
  2⤵
  PID:4292
- C:\Windows\System\TgJumct.exe
  C:\Windows\System\TgJumct.exe
  2⤵
  PID:4312
- C:\Windows\System\ypxbCss.exe
  C:\Windows\System\ypxbCss.exe
  2⤵
  PID:4328
- C:\Windows\System\sQxlKGe.exe
  C:\Windows\System\sQxlKGe.exe
  2⤵
  PID:4352
- C:\Windows\System\dfbVzru.exe
  C:\Windows\System\dfbVzru.exe
  2⤵
  PID:4372
- C:\Windows\System\PclFfHf.exe
  C:\Windows\System\PclFfHf.exe
  2⤵
  PID:4392
- C:\Windows\System\vgXwlaK.exe
  C:\Windows\System\vgXwlaK.exe
  2⤵
  PID:4412
- C:\Windows\System\jxBjaTA.exe
  C:\Windows\System\jxBjaTA.exe
  2⤵
  PID:4436
- C:\Windows\System\cVkAkZZ.exe
  C:\Windows\System\cVkAkZZ.exe
  2⤵
  PID:4456
- C:\Windows\System\GuOheGA.exe
  C:\Windows\System\GuOheGA.exe
  2⤵
  PID:4476
- C:\Windows\System\MGPtrHr.exe
  C:\Windows\System\MGPtrHr.exe
  2⤵
  PID:4496
- C:\Windows\System\UjCgPeD.exe
  C:\Windows\System\UjCgPeD.exe
  2⤵
  PID:4516
- C:\Windows\System\cUadmxd.exe
  C:\Windows\System\cUadmxd.exe
  2⤵
  PID:4536
- C:\Windows\System\pdkJQNL.exe
  C:\Windows\System\pdkJQNL.exe
  2⤵
  PID:4556
- C:\Windows\System\hbjZlaH.exe
  C:\Windows\System\hbjZlaH.exe
  2⤵
  PID:4576
- C:\Windows\System\aJaOJVN.exe
  C:\Windows\System\aJaOJVN.exe
  2⤵
  PID:4596
- C:\Windows\System\gXoKyur.exe
  C:\Windows\System\gXoKyur.exe
  2⤵
  PID:4616
- C:\Windows\System\HqLTehZ.exe
  C:\Windows\System\HqLTehZ.exe
  2⤵
  PID:4636
- C:\Windows\System\OoIEYgL.exe
  C:\Windows\System\OoIEYgL.exe
  2⤵
  PID:4656
- C:\Windows\System\sOBSyga.exe
  C:\Windows\System\sOBSyga.exe
  2⤵
  PID:4676
- C:\Windows\System\ttrpbTu.exe
  C:\Windows\System\ttrpbTu.exe
  2⤵
  PID:4696
- C:\Windows\System\VvFfvNS.exe
  C:\Windows\System\VvFfvNS.exe
  2⤵
  PID:4716
- C:\Windows\System\JVganFt.exe
  C:\Windows\System\JVganFt.exe
  2⤵
  PID:4736
- C:\Windows\System\pWfXBDG.exe
  C:\Windows\System\pWfXBDG.exe
  2⤵
  PID:4756
- C:\Windows\System\OjkwTnh.exe
  C:\Windows\System\OjkwTnh.exe
  2⤵
  PID:4776
- C:\Windows\System\HZJAziC.exe
  C:\Windows\System\HZJAziC.exe
  2⤵
  PID:4800
- C:\Windows\System\wAfWLSY.exe
  C:\Windows\System\wAfWLSY.exe
  2⤵
  PID:4820
- C:\Windows\System\VQUmSop.exe
  C:\Windows\System\VQUmSop.exe
  2⤵
  PID:4840
- C:\Windows\System\zlrkkRb.exe
  C:\Windows\System\zlrkkRb.exe
  2⤵
  PID:4860
- C:\Windows\System\iizUzeM.exe
  C:\Windows\System\iizUzeM.exe
  2⤵
  PID:4880
- C:\Windows\System\ObupRxE.exe
  C:\Windows\System\ObupRxE.exe
  2⤵
  PID:4900
- C:\Windows\System\zxUCLDs.exe
  C:\Windows\System\zxUCLDs.exe
  2⤵
  PID:4920
- C:\Windows\System\jTDrTVW.exe
  C:\Windows\System\jTDrTVW.exe
  2⤵
  PID:4940
- C:\Windows\System\NQlSAMi.exe
  C:\Windows\System\NQlSAMi.exe
  2⤵
  PID:4960
- C:\Windows\System\hqvKveB.exe
  C:\Windows\System\hqvKveB.exe
  2⤵
  PID:4980
- C:\Windows\System\TKzTCzW.exe
  C:\Windows\System\TKzTCzW.exe
  2⤵
  PID:5000
- C:\Windows\System\pjlMRfM.exe
  C:\Windows\System\pjlMRfM.exe
  2⤵
  PID:5020
- C:\Windows\System\iirYBuj.exe
  C:\Windows\System\iirYBuj.exe
  2⤵
  PID:5040
- C:\Windows\System\RoeAITy.exe
  C:\Windows\System\RoeAITy.exe
  2⤵
  PID:5060
- C:\Windows\System\ajxdNTU.exe
  C:\Windows\System\ajxdNTU.exe
  2⤵
  PID:5080
- C:\Windows\System\mnkfFMr.exe
  C:\Windows\System\mnkfFMr.exe
  2⤵
  PID:5100
- C:\Windows\System\GhFkllv.exe
  C:\Windows\System\GhFkllv.exe
  2⤵
  PID:3812
- C:\Windows\System\htvOHto.exe
  C:\Windows\System\htvOHto.exe
  2⤵
  PID:3748
- C:\Windows\System\fYPXqOx.exe
  C:\Windows\System\fYPXqOx.exe
  2⤵
  PID:3932
- C:\Windows\System\nvyTtmz.exe
  C:\Windows\System\nvyTtmz.exe
  2⤵
  PID:3952
- C:\Windows\System\yzqpxlR.exe
  C:\Windows\System\yzqpxlR.exe
  2⤵
  PID:2464
- C:\Windows\System\WOHAKai.exe
  C:\Windows\System\WOHAKai.exe
  2⤵
  PID:4068
- C:\Windows\System\dmdKlOw.exe
  C:\Windows\System\dmdKlOw.exe
  2⤵
  PID:2456
- C:\Windows\System\quHXZdk.exe
  C:\Windows\System\quHXZdk.exe
  2⤵
  PID:2500
- C:\Windows\System\KKQSFhN.exe
  C:\Windows\System\KKQSFhN.exe
  2⤵
  PID:3304
- C:\Windows\System\vHdmgQf.exe
  C:\Windows\System\vHdmgQf.exe
  2⤵
  PID:3460
- C:\Windows\System\ZLKPuJE.exe
  C:\Windows\System\ZLKPuJE.exe
  2⤵
  PID:3660
- C:\Windows\System\xsCRzSx.exe
  C:\Windows\System\xsCRzSx.exe
  2⤵
  PID:3684
- C:\Windows\System\xCiBQlJ.exe
  C:\Windows\System\xCiBQlJ.exe
  2⤵
  PID:4116
- C:\Windows\System\rNvxbms.exe
  C:\Windows\System\rNvxbms.exe
  2⤵
  PID:4180
- C:\Windows\System\bgdUtkD.exe
  C:\Windows\System\bgdUtkD.exe
  2⤵
  PID:4212
- C:\Windows\System\DgrlEcG.exe
  C:\Windows\System\DgrlEcG.exe
  2⤵
  PID:4236
- C:\Windows\System\KyIouDk.exe
  C:\Windows\System\KyIouDk.exe
  2⤵
  PID:4260
- C:\Windows\System\pVBAFUP.exe
  C:\Windows\System\pVBAFUP.exe
  2⤵
  PID:4284
- C:\Windows\System\ddPlvQo.exe
  C:\Windows\System\ddPlvQo.exe
  2⤵
  PID:4348
- C:\Windows\System\dMMzWit.exe
  C:\Windows\System\dMMzWit.exe
  2⤵
  PID:4364
- C:\Windows\System\pXZpoSG.exe
  C:\Windows\System\pXZpoSG.exe
  2⤵
  PID:4400
- C:\Windows\System\NNKjBtp.exe
  C:\Windows\System\NNKjBtp.exe
  2⤵
  PID:4464
- C:\Windows\System\TZdKtIF.exe
  C:\Windows\System\TZdKtIF.exe
  2⤵
  PID:4468
- C:\Windows\System\IDqSjmq.exe
  C:\Windows\System\IDqSjmq.exe
  2⤵
  PID:4488
- C:\Windows\System\GEJjAch.exe
  C:\Windows\System\GEJjAch.exe
  2⤵
  PID:4532
- C:\Windows\System\JFpWsHm.exe
  C:\Windows\System\JFpWsHm.exe
  2⤵
  PID:4572
- C:\Windows\System\gocPjQP.exe
  C:\Windows\System\gocPjQP.exe
  2⤵
  PID:4604
- C:\Windows\System\rzYigLN.exe
  C:\Windows\System\rzYigLN.exe
  2⤵
  PID:4628
- C:\Windows\System\aVDqQZY.exe
  C:\Windows\System\aVDqQZY.exe
  2⤵
  PID:4652
- C:\Windows\System\nDAFFkr.exe
  C:\Windows\System\nDAFFkr.exe
  2⤵
  PID:4704
- C:\Windows\System\dTexLyy.exe
  C:\Windows\System\dTexLyy.exe
  2⤵
  PID:4732
- C:\Windows\System\bMwPHdM.exe
  C:\Windows\System\bMwPHdM.exe
  2⤵
  PID:4784
- C:\Windows\System\DjvMgXP.exe
  C:\Windows\System\DjvMgXP.exe
  2⤵
  PID:2176
- C:\Windows\System\OJDPhBA.exe
  C:\Windows\System\OJDPhBA.exe
  2⤵
  PID:4836
- C:\Windows\System\qFIKLnH.exe
  C:\Windows\System\qFIKLnH.exe
  2⤵
  PID:4856
- C:\Windows\System\hXxdwAa.exe
  C:\Windows\System\hXxdwAa.exe
  2⤵
  PID:4796
- C:\Windows\System\PHhiVUq.exe
  C:\Windows\System\PHhiVUq.exe
  2⤵
  PID:4912
- C:\Windows\System\SmQgTEj.exe
  C:\Windows\System\SmQgTEj.exe
  2⤵
  PID:4948
- C:\Windows\System\SylQVkk.exe
  C:\Windows\System\SylQVkk.exe
  2⤵
  PID:4972
- C:\Windows\System\wsSEzUA.exe
  C:\Windows\System\wsSEzUA.exe
  2⤵
  PID:5008
- C:\Windows\System\NMWNBMd.exe
  C:\Windows\System\NMWNBMd.exe
  2⤵
  PID:5068
- C:\Windows\System\tNdMwJr.exe
  C:\Windows\System\tNdMwJr.exe
  2⤵
  PID:5052
- C:\Windows\System\cRUoOTS.exe
  C:\Windows\System\cRUoOTS.exe
  2⤵
  PID:5112
- C:\Windows\System\JJiNyoG.exe
  C:\Windows\System\JJiNyoG.exe
  2⤵
  PID:3708
- C:\Windows\System\JrPiQeK.exe
  C:\Windows\System\JrPiQeK.exe
  2⤵
  PID:4024
- C:\Windows\System\Hzohfpb.exe
  C:\Windows\System\Hzohfpb.exe
  2⤵
  PID:2652
- C:\Windows\System\MXuFWex.exe
  C:\Windows\System\MXuFWex.exe
  2⤵
  PID:1656
- C:\Windows\System\RmwWhfb.exe
  C:\Windows\System\RmwWhfb.exe
  2⤵
  PID:1572
- C:\Windows\System\aLPgEBB.exe
  C:\Windows\System\aLPgEBB.exe
  2⤵
  PID:3144
- C:\Windows\System\BjFAyhO.exe
  C:\Windows\System\BjFAyhO.exe
  2⤵
  PID:2864
- C:\Windows\System\kzgRqfN.exe
  C:\Windows\System\kzgRqfN.exe
  2⤵
  PID:4156
- C:\Windows\System\HFmrgOv.exe
  C:\Windows\System\HFmrgOv.exe
  2⤵
  PID:4192
- C:\Windows\System\jQrKqjh.exe
  C:\Windows\System\jQrKqjh.exe
  2⤵
  PID:4240
- C:\Windows\System\oTEMDRU.exe
  C:\Windows\System\oTEMDRU.exe
  2⤵
  PID:4336
- C:\Windows\System\FuRnMPp.exe
  C:\Windows\System\FuRnMPp.exe
  2⤵
  PID:4368
- C:\Windows\System\wAfiXZj.exe
  C:\Windows\System\wAfiXZj.exe
  2⤵
  PID:4472
- C:\Windows\System\PCBrpfV.exe
  C:\Windows\System\PCBrpfV.exe
  2⤵
  PID:4120
- C:\Windows\System\dGhMnnG.exe
  C:\Windows\System\dGhMnnG.exe
  2⤵
  PID:4524
- C:\Windows\System\xEsGCFa.exe
  C:\Windows\System\xEsGCFa.exe
  2⤵
  PID:2544
- C:\Windows\System\uqpaXXD.exe
  C:\Windows\System\uqpaXXD.exe
  2⤵
  PID:2448
- C:\Windows\System\EKQfvAB.exe
  C:\Windows\System\EKQfvAB.exe
  2⤵
  PID:4648
- C:\Windows\System\XZyNPov.exe
  C:\Windows\System\XZyNPov.exe
  2⤵
  PID:4692
- C:\Windows\System\AZAXokg.exe
  C:\Windows\System\AZAXokg.exe
  2⤵
  PID:4764
- C:\Windows\System\AfSmDXa.exe
  C:\Windows\System\AfSmDXa.exe
  2⤵
  PID:4808
- C:\Windows\System\LGbiwYw.exe
  C:\Windows\System\LGbiwYw.exe
  2⤵
  PID:4868
- C:\Windows\System\XaqVJbZ.exe
  C:\Windows\System\XaqVJbZ.exe
  2⤵
  PID:4892
- C:\Windows\System\gaSUfVr.exe
  C:\Windows\System\gaSUfVr.exe
  2⤵
  PID:4952
- C:\Windows\System\dTbiBvL.exe
  C:\Windows\System\dTbiBvL.exe
  2⤵
  PID:5036
- C:\Windows\System\lNgRUea.exe
  C:\Windows\System\lNgRUea.exe
  2⤵
  PID:5028
- C:\Windows\System\vVgJtps.exe
  C:\Windows\System\vVgJtps.exe
  2⤵
  PID:5056
- C:\Windows\System\IBzBZVn.exe
  C:\Windows\System\IBzBZVn.exe
  2⤵
  PID:3116
- C:\Windows\System\nuKIrgT.exe
  C:\Windows\System\nuKIrgT.exe
  2⤵
  PID:2896
- C:\Windows\System\pqeUvTN.exe
  C:\Windows\System\pqeUvTN.exe
  2⤵
  PID:3608
- C:\Windows\System\GAbdCHi.exe
  C:\Windows\System\GAbdCHi.exe
  2⤵
  PID:860
- C:\Windows\System\XEMttPf.exe
  C:\Windows\System\XEMttPf.exe
  2⤵
  PID:4140
- C:\Windows\System\hfZqmzm.exe
  C:\Windows\System\hfZqmzm.exe
  2⤵
  PID:4220
- C:\Windows\System\YBYpNeO.exe
  C:\Windows\System\YBYpNeO.exe
  2⤵
  PID:4308
- C:\Windows\System\rtKgvCC.exe
  C:\Windows\System\rtKgvCC.exe
  2⤵
  PID:4320
- C:\Windows\System\cFSJAJE.exe
  C:\Windows\System\cFSJAJE.exe
  2⤵
  PID:4360
- C:\Windows\System\VtWHNMr.exe
  C:\Windows\System\VtWHNMr.exe
  2⤵
  PID:4544
- C:\Windows\System\VAbSsjE.exe
  C:\Windows\System\VAbSsjE.exe
  2⤵
  PID:4564
- C:\Windows\System\VrvCYvx.exe
  C:\Windows\System\VrvCYvx.exe
  2⤵
  PID:4708
- C:\Windows\System\YXPWYoa.exe
  C:\Windows\System\YXPWYoa.exe
  2⤵
  PID:4788
- C:\Windows\System\CFBScNE.exe
  C:\Windows\System\CFBScNE.exe
  2⤵
  PID:4812
- C:\Windows\System\nOfmldF.exe
  C:\Windows\System\nOfmldF.exe
  2⤵
  PID:1676
- C:\Windows\System\LBtkEyG.exe
  C:\Windows\System\LBtkEyG.exe
  2⤵
  PID:5016
- C:\Windows\System\zAqBWkG.exe
  C:\Windows\System\zAqBWkG.exe
  2⤵
  PID:5116
- C:\Windows\System\iAqmcit.exe
  C:\Windows\System\iAqmcit.exe
  2⤵
  PID:5088
- C:\Windows\System\iHXtQef.exe
  C:\Windows\System\iHXtQef.exe
  2⤵
  PID:584
- C:\Windows\System\imdQWWp.exe
  C:\Windows\System\imdQWWp.exe
  2⤵
  PID:3336
- C:\Windows\System\waEOroL.exe
  C:\Windows\System\waEOroL.exe
  2⤵
  PID:4160
- C:\Windows\System\rAHViLK.exe
  C:\Windows\System\rAHViLK.exe
  2⤵
  PID:1568
- C:\Windows\System\kDUKpbu.exe
  C:\Windows\System\kDUKpbu.exe
  2⤵
  PID:4388
- C:\Windows\System\uSnjOkw.exe
  C:\Windows\System\uSnjOkw.exe
  2⤵
  PID:4300
- C:\Windows\System\htOuIJO.exe
  C:\Windows\System\htOuIJO.exe
  2⤵
  PID:4404
- C:\Windows\System\DOEeYXy.exe
  C:\Windows\System\DOEeYXy.exe
  2⤵
  PID:2708
- C:\Windows\System\FIJxorN.exe
  C:\Windows\System\FIJxorN.exe
  2⤵
  PID:4724
- C:\Windows\System\jROrojl.exe
  C:\Windows\System\jROrojl.exe
  2⤵
  PID:4768
- C:\Windows\System\LyYyCSG.exe
  C:\Windows\System\LyYyCSG.exe
  2⤵
  PID:5136
- C:\Windows\System\AnEWrrd.exe
  C:\Windows\System\AnEWrrd.exe
  2⤵
  PID:5156
- C:\Windows\System\ruQGODi.exe
  C:\Windows\System\ruQGODi.exe
  2⤵
  PID:5176
- C:\Windows\System\XeyTTxG.exe
  C:\Windows\System\XeyTTxG.exe
  2⤵
  PID:5196
- C:\Windows\System\zgvsxHs.exe
  C:\Windows\System\zgvsxHs.exe
  2⤵
  PID:5216
- C:\Windows\System\VoyTuAA.exe
  C:\Windows\System\VoyTuAA.exe
  2⤵
  PID:5236
- C:\Windows\System\mRGwFQU.exe
  C:\Windows\System\mRGwFQU.exe
  2⤵
  PID:5256
- C:\Windows\System\iwwmZmN.exe
  C:\Windows\System\iwwmZmN.exe
  2⤵
  PID:5276
- C:\Windows\System\wYdyMwJ.exe
  C:\Windows\System\wYdyMwJ.exe
  2⤵
  PID:5296
- C:\Windows\System\cPQAUVQ.exe
  C:\Windows\System\cPQAUVQ.exe
  2⤵
  PID:5316
- C:\Windows\System\bYZgcfI.exe
  C:\Windows\System\bYZgcfI.exe
  2⤵
  PID:5336
- C:\Windows\System\kvtwePo.exe
  C:\Windows\System\kvtwePo.exe
  2⤵
  PID:5356
- C:\Windows\System\WpEgjVs.exe
  C:\Windows\System\WpEgjVs.exe
  2⤵
  PID:5376
- C:\Windows\System\JsBksuY.exe
  C:\Windows\System\JsBksuY.exe
  2⤵
  PID:5396
- C:\Windows\System\FZKkviP.exe
  C:\Windows\System\FZKkviP.exe
  2⤵
  PID:5416
- C:\Windows\System\kHvwWIw.exe
  C:\Windows\System\kHvwWIw.exe
  2⤵
  PID:5436
- C:\Windows\System\uuFxczY.exe
  C:\Windows\System\uuFxczY.exe
  2⤵
  PID:5456
- C:\Windows\System\efhqADA.exe
  C:\Windows\System\efhqADA.exe
  2⤵
  PID:5476
- C:\Windows\System\GJquFor.exe
  C:\Windows\System\GJquFor.exe
  2⤵
  PID:5500
- C:\Windows\System\WjLsHDX.exe
  C:\Windows\System\WjLsHDX.exe
  2⤵
  PID:5520
- C:\Windows\System\xEarlTC.exe
  C:\Windows\System\xEarlTC.exe
  2⤵
  PID:5540
- C:\Windows\System\yZkAaOn.exe
  C:\Windows\System\yZkAaOn.exe
  2⤵
  PID:5560
- C:\Windows\System\wzNRcAz.exe
  C:\Windows\System\wzNRcAz.exe
  2⤵
  PID:5580
- C:\Windows\System\kIatgQX.exe
  C:\Windows\System\kIatgQX.exe
  2⤵
  PID:5600
- C:\Windows\System\XkLtFAx.exe
  C:\Windows\System\XkLtFAx.exe
  2⤵
  PID:5620
- C:\Windows\System\NWcCNPE.exe
  C:\Windows\System\NWcCNPE.exe
  2⤵
  PID:5640
- C:\Windows\System\tgFQUKn.exe
  C:\Windows\System\tgFQUKn.exe
  2⤵
  PID:5660
- C:\Windows\System\AyXLUuH.exe
  C:\Windows\System\AyXLUuH.exe
  2⤵
  PID:5680
- C:\Windows\System\lIqLTpq.exe
  C:\Windows\System\lIqLTpq.exe
  2⤵
  PID:5700
- C:\Windows\System\ZkiRnrr.exe
  C:\Windows\System\ZkiRnrr.exe
  2⤵
  PID:5720
- C:\Windows\System\pTpZIgz.exe
  C:\Windows\System\pTpZIgz.exe
  2⤵
  PID:5740
- C:\Windows\System\uJxmApg.exe
  C:\Windows\System\uJxmApg.exe
  2⤵
  PID:5760
- C:\Windows\System\ivOebxU.exe
  C:\Windows\System\ivOebxU.exe
  2⤵
  PID:5868
- C:\Windows\System\FUvvtMM.exe
  C:\Windows\System\FUvvtMM.exe
  2⤵
  PID:5884
- C:\Windows\System\JdJYzKZ.exe
  C:\Windows\System\JdJYzKZ.exe
  2⤵
  PID:5908
- C:\Windows\System\gsbvqCk.exe
  C:\Windows\System\gsbvqCk.exe
  2⤵
  PID:5924
- C:\Windows\System\MuxCVsM.exe
  C:\Windows\System\MuxCVsM.exe
  2⤵
  PID:5944
- C:\Windows\System\bdKZnVt.exe
  C:\Windows\System\bdKZnVt.exe
  2⤵
  PID:5960
- C:\Windows\System\JBwrzir.exe
  C:\Windows\System\JBwrzir.exe
  2⤵
  PID:5976
- C:\Windows\System\pckDsNa.exe
  C:\Windows\System\pckDsNa.exe
  2⤵
  PID:5992
- C:\Windows\System\pNzHqay.exe
  C:\Windows\System\pNzHqay.exe
  2⤵
  PID:6008
- C:\Windows\System\rsXqdss.exe
  C:\Windows\System\rsXqdss.exe
  2⤵
  PID:6032
- C:\Windows\System\toyPFrc.exe
  C:\Windows\System\toyPFrc.exe
  2⤵
  PID:6052
- C:\Windows\System\XDpnkaa.exe
  C:\Windows\System\XDpnkaa.exe
  2⤵
  PID:6068
- C:\Windows\System\CMWELaC.exe
  C:\Windows\System\CMWELaC.exe
  2⤵
  PID:6084
- C:\Windows\System\edJSHZM.exe
  C:\Windows\System\edJSHZM.exe
  2⤵
  PID:6104
- C:\Windows\System\sGLBYls.exe
  C:\Windows\System\sGLBYls.exe
  2⤵
  PID:6128
- C:\Windows\System\HTFDIeA.exe
  C:\Windows\System\HTFDIeA.exe
  2⤵
  PID:4896
- C:\Windows\System\bOVcDNi.exe
  C:\Windows\System\bOVcDNi.exe
  2⤵
  PID:3772
- C:\Windows\System\GLFDrcj.exe
  C:\Windows\System\GLFDrcj.exe
  2⤵
  PID:3984
- C:\Windows\System\AkQGDgm.exe
  C:\Windows\System\AkQGDgm.exe
  2⤵
  PID:2204
- C:\Windows\System\VdtaVIm.exe
  C:\Windows\System\VdtaVIm.exe
  2⤵
  PID:4672
- C:\Windows\System\fKKmHPk.exe
  C:\Windows\System\fKKmHPk.exe
  2⤵
  PID:2340
- C:\Windows\System\MxsgccH.exe
  C:\Windows\System\MxsgccH.exe
  2⤵
  PID:1812
- C:\Windows\System\emubeac.exe
  C:\Windows\System\emubeac.exe
  2⤵
  PID:4752
- C:\Windows\System\qFgEsFR.exe
  C:\Windows\System\qFgEsFR.exe
  2⤵
  PID:4828
- C:\Windows\System\kJZCoau.exe
  C:\Windows\System\kJZCoau.exe
  2⤵
  PID:5152
- C:\Windows\System\pbCfUqv.exe
  C:\Windows\System\pbCfUqv.exe
  2⤵
  PID:5192
- C:\Windows\System\XLwYnpt.exe
  C:\Windows\System\XLwYnpt.exe
  2⤵
  PID:5228
- C:\Windows\System\idjWPVb.exe
  C:\Windows\System\idjWPVb.exe
  2⤵
  PID:5264
- C:\Windows\System\rOOqJwe.exe
  C:\Windows\System\rOOqJwe.exe
  2⤵
  PID:5268
- C:\Windows\System\fcWbIfD.exe
  C:\Windows\System\fcWbIfD.exe
  2⤵
  PID:5308
- C:\Windows\System\fIMSdgm.exe
  C:\Windows\System\fIMSdgm.exe
  2⤵
  PID:5352
- C:\Windows\System\VrkquBQ.exe
  C:\Windows\System\VrkquBQ.exe
  2⤵
  PID:5368
- C:\Windows\System\Rwtuyrg.exe
  C:\Windows\System\Rwtuyrg.exe
  2⤵
  PID:5388
- C:\Windows\System\tNOLdel.exe
  C:\Windows\System\tNOLdel.exe
  2⤵
  PID:5444
- C:\Windows\System\JebcvZz.exe
  C:\Windows\System\JebcvZz.exe
  2⤵
  PID:5432
- C:\Windows\System\LMtwmyA.exe
  C:\Windows\System\LMtwmyA.exe
  2⤵
  PID:5472
- C:\Windows\System\fIpbRlN.exe
  C:\Windows\System\fIpbRlN.exe
  2⤵
  PID:5508
- C:\Windows\System\VznaPas.exe
  C:\Windows\System\VznaPas.exe
  2⤵
  PID:5536
- C:\Windows\System\kufTMay.exe
  C:\Windows\System\kufTMay.exe
  2⤵
  PID:5568
- C:\Windows\System\NsvIpmb.exe
  C:\Windows\System\NsvIpmb.exe
  2⤵
  PID:5596
- C:\Windows\System\wfOlEeP.exe
  C:\Windows\System\wfOlEeP.exe
  2⤵
  PID:2184
- C:\Windows\System\xSRFwNO.exe
  C:\Windows\System\xSRFwNO.exe
  2⤵
  PID:5656
- C:\Windows\System\fmuoFIe.exe
  C:\Windows\System\fmuoFIe.exe
  2⤵
  PID:5672
- C:\Windows\System\qsvvanI.exe
  C:\Windows\System\qsvvanI.exe
  2⤵
  PID:5708
- C:\Windows\System\tUiXgIF.exe
  C:\Windows\System\tUiXgIF.exe
  2⤵
  PID:5736
- C:\Windows\System\VCrkeJI.exe
  C:\Windows\System\VCrkeJI.exe
  2⤵
  PID:5768
- C:\Windows\System\YSfpclr.exe
  C:\Windows\System\YSfpclr.exe
  2⤵
  PID:2012
- C:\Windows\System\RZQyync.exe
  C:\Windows\System\RZQyync.exe
  2⤵
  PID:5788
- C:\Windows\System\xErFMxa.exe
  C:\Windows\System\xErFMxa.exe
  2⤵
  PID:696
- C:\Windows\System\XmenosS.exe
  C:\Windows\System\XmenosS.exe
  2⤵
  PID:2064
- C:\Windows\System\IPNNBwP.exe
  C:\Windows\System\IPNNBwP.exe
  2⤵
  PID:5836
- C:\Windows\System\wHnkpid.exe
  C:\Windows\System\wHnkpid.exe
  2⤵
  PID:1248
- C:\Windows\System\LkGhOid.exe
  C:\Windows\System\LkGhOid.exe
  2⤵
  PID:848
- C:\Windows\System\zKyArBq.exe
  C:\Windows\System\zKyArBq.exe
  2⤵
  PID:1648
- C:\Windows\System\qwKPujM.exe
  C:\Windows\System\qwKPujM.exe
  2⤵
  PID:1244
- C:\Windows\System\sQntYcq.exe
  C:\Windows\System\sQntYcq.exe
  2⤵
  PID:664
- C:\Windows\System\VZiRVko.exe
  C:\Windows\System\VZiRVko.exe
  2⤵
  PID:5844
- C:\Windows\System\WMyBfmq.exe
  C:\Windows\System\WMyBfmq.exe
  2⤵
  PID:1828
- C:\Windows\System\nyYvWsb.exe
  C:\Windows\System\nyYvWsb.exe
  2⤵
  PID:2264
- C:\Windows\System\aetybTq.exe
  C:\Windows\System\aetybTq.exe
  2⤵
  PID:1528
- C:\Windows\System\dpnubip.exe
  C:\Windows\System\dpnubip.exe
  2⤵
  PID:2612
- C:\Windows\System\fbqOKFw.exe
  C:\Windows\System\fbqOKFw.exe
  2⤵
  PID:2460
- C:\Windows\System\fPhUPOG.exe
  C:\Windows\System\fPhUPOG.exe
  2⤵
  PID:468
- C:\Windows\System\YKLvHnb.exe
  C:\Windows\System\YKLvHnb.exe
  2⤵
  PID:5900
- C:\Windows\System\oYMkoOv.exe
  C:\Windows\System\oYMkoOv.exe
  2⤵
  PID:5916
- C:\Windows\System\LSrymwv.exe
  C:\Windows\System\LSrymwv.exe
  2⤵
  PID:5984
- C:\Windows\System\kiJCuvg.exe
  C:\Windows\System\kiJCuvg.exe
  2⤵
  PID:6024
- C:\Windows\System\xzyyadg.exe
  C:\Windows\System\xzyyadg.exe
  2⤵
  PID:6092
- C:\Windows\System\vluqdeW.exe
  C:\Windows\System\vluqdeW.exe
  2⤵
  PID:6140
- C:\Windows\System\ohDCSLK.exe
  C:\Windows\System\ohDCSLK.exe
  2⤵
  PID:5968
- C:\Windows\System\JIITVDh.exe
  C:\Windows\System\JIITVDh.exe
  2⤵
  PID:5932
- C:\Windows\System\xxlQjLT.exe
  C:\Windows\System\xxlQjLT.exe
  2⤵
  PID:2568
- C:\Windows\System\LluCJHb.exe
  C:\Windows\System\LluCJHb.exe
  2⤵
  PID:4132
- C:\Windows\System\qGgZgMv.exe
  C:\Windows\System\qGgZgMv.exe
  2⤵
  PID:5128
- C:\Windows\System\wqCwWLH.exe
  C:\Windows\System\wqCwWLH.exe
  2⤵
  PID:5168
- C:\Windows\System\KqKnglW.exe
  C:\Windows\System\KqKnglW.exe
  2⤵
  PID:6120
- C:\Windows\System\fVYJzGZ.exe
  C:\Windows\System\fVYJzGZ.exe
  2⤵
  PID:6076
- C:\Windows\System\AkOpIrv.exe
  C:\Windows\System\AkOpIrv.exe
  2⤵
  PID:2788
- C:\Windows\System\vrspntW.exe
  C:\Windows\System\vrspntW.exe
  2⤵
  PID:2220
- C:\Windows\System\YQRvTkV.exe
  C:\Windows\System\YQRvTkV.exe
  2⤵
  PID:2060
- C:\Windows\System\uwjrtUC.exe
  C:\Windows\System\uwjrtUC.exe
  2⤵
  PID:5188
- C:\Windows\System\AgQoRuE.exe
  C:\Windows\System\AgQoRuE.exe
  2⤵
  PID:5428
- C:\Windows\System\uKcMUqQ.exe
  C:\Windows\System\uKcMUqQ.exe
  2⤵
  PID:5372
- C:\Windows\System\XdeNcIy.exe
  C:\Windows\System\XdeNcIy.exe
  2⤵
  PID:5696
- C:\Windows\System\oVuyoqz.exe
  C:\Windows\System\oVuyoqz.exe
  2⤵
  PID:5676
- C:\Windows\System\xRuiWQb.exe
  C:\Windows\System\xRuiWQb.exe
  2⤵
  PID:3120
- C:\Windows\System\eFChjzN.exe
  C:\Windows\System\eFChjzN.exe
  2⤵
  PID:1496
- C:\Windows\System\AKmbnTe.exe
  C:\Windows\System\AKmbnTe.exe
  2⤵
  PID:2516
- C:\Windows\System\MPbWICU.exe
  C:\Windows\System\MPbWICU.exe
  2⤵
  PID:2856
- C:\Windows\System\dQrXCNB.exe
  C:\Windows\System\dQrXCNB.exe
  2⤵
  PID:2992
- C:\Windows\System\BZbRBXa.exe
  C:\Windows\System\BZbRBXa.exe
  2⤵
  PID:1348
- C:\Windows\System\ObHdVsK.exe
  C:\Windows\System\ObHdVsK.exe
  2⤵
  PID:2532
- C:\Windows\System\TfJErOn.exe
  C:\Windows\System\TfJErOn.exe
  2⤵
  PID:5896
- C:\Windows\System\fFhfBob.exe
  C:\Windows\System\fFhfBob.exe
  2⤵
  PID:6060
- C:\Windows\System\KUAXFLu.exe
  C:\Windows\System\KUAXFLu.exe
  2⤵
  PID:6136
- C:\Windows\System\uKlgtGM.exe
  C:\Windows\System\uKlgtGM.exe
  2⤵
  PID:5244
- C:\Windows\System\ncfmBSp.exe
  C:\Windows\System\ncfmBSp.exe
  2⤵
  PID:5248
- C:\Windows\System\QYOmXAi.exe
  C:\Windows\System\QYOmXAi.exe
  2⤵
  PID:5528
- C:\Windows\System\BRNxRDl.exe
  C:\Windows\System\BRNxRDl.exe
  2⤵
  PID:5556
- C:\Windows\System\gHVVbel.exe
  C:\Windows\System\gHVVbel.exe
  2⤵
  PID:5572
- C:\Windows\System\kRpoZvj.exe
  C:\Windows\System\kRpoZvj.exe
  2⤵
  PID:5608
- C:\Windows\System\yGtuvha.exe
  C:\Windows\System\yGtuvha.exe
  2⤵
  PID:5756
- C:\Windows\System\uDGrlWQ.exe
  C:\Windows\System\uDGrlWQ.exe
  2⤵
  PID:2160
- C:\Windows\System\vOZDCab.exe
  C:\Windows\System\vOZDCab.exe
  2⤵
  PID:756
- C:\Windows\System\URcUqik.exe
  C:\Windows\System\URcUqik.exe
  2⤵
  PID:1912
- C:\Windows\System\jHqiPFm.exe
  C:\Windows\System\jHqiPFm.exe
  2⤵
  PID:2000
- C:\Windows\System\BaqeBQe.exe
  C:\Windows\System\BaqeBQe.exe
  2⤵
  PID:5880
- C:\Windows\System\wYKIRsw.exe
  C:\Windows\System\wYKIRsw.exe
  2⤵
  PID:3992
- C:\Windows\System\zyaIiiL.exe
  C:\Windows\System\zyaIiiL.exe
  2⤵
  PID:5940
- C:\Windows\System\tzaDCXX.exe
  C:\Windows\System\tzaDCXX.exe
  2⤵
  PID:6044
- C:\Windows\System\zfJLElv.exe
  C:\Windows\System\zfJLElv.exe
  2⤵
  PID:6040
- C:\Windows\System\oVkXZZN.exe
  C:\Windows\System\oVkXZZN.exe
  2⤵
  PID:4932
- C:\Windows\System\kRyaiRz.exe
  C:\Windows\System\kRyaiRz.exe
  2⤵
  PID:5164
- C:\Windows\System\BrLXdkd.exe
  C:\Windows\System\BrLXdkd.exe
  2⤵
  PID:5232
- C:\Windows\System\bqyfQIP.exe
  C:\Windows\System\bqyfQIP.exe
  2⤵
  PID:5404
- C:\Windows\System\OGlBlne.exe
  C:\Windows\System\OGlBlne.exe
  2⤵
  PID:5312
- C:\Windows\System\oihmbZQ.exe
  C:\Windows\System\oihmbZQ.exe
  2⤵
  PID:1540
- C:\Windows\System\Fypwypx.exe
  C:\Windows\System\Fypwypx.exe
  2⤵
  PID:2116
- C:\Windows\System\kxlOZnI.exe
  C:\Windows\System\kxlOZnI.exe
  2⤵
  PID:1816
- C:\Windows\System\HdTLBMm.exe
  C:\Windows\System\HdTLBMm.exe
  2⤵
  PID:4968
- C:\Windows\System\XdzSIPW.exe
  C:\Windows\System\XdzSIPW.exe
  2⤵
  PID:5852
- C:\Windows\System\WLHHiZx.exe
  C:\Windows\System\WLHHiZx.exe
  2⤵
  PID:6100
- C:\Windows\System\APftMtA.exe
  C:\Windows\System\APftMtA.exe
  2⤵
  PID:5616
- C:\Windows\System\EGhmkIM.exe
  C:\Windows\System\EGhmkIM.exe
  2⤵
  PID:4448
- C:\Windows\System\mYPUquR.exe
  C:\Windows\System\mYPUquR.exe
  2⤵
  PID:5892
- C:\Windows\System\FbkfuNc.exe
  C:\Windows\System\FbkfuNc.exe
  2⤵
  PID:5956
- C:\Windows\System\OjucAin.exe
  C:\Windows\System\OjucAin.exe
  2⤵
  PID:2428
- C:\Windows\System\oIgKWYT.exe
  C:\Windows\System\oIgKWYT.exe
  2⤵
  PID:5328
- C:\Windows\System\GtSXAtu.exe
  C:\Windows\System\GtSXAtu.exe
  2⤵
  PID:5752
- C:\Windows\System\sPxdCRG.exe
  C:\Windows\System\sPxdCRG.exe
  2⤵
  PID:372
- C:\Windows\System\mVFCOnF.exe
  C:\Windows\System\mVFCOnF.exe
  2⤵
  PID:6112
- C:\Windows\System\aNPJgtX.exe
  C:\Windows\System\aNPJgtX.exe
  2⤵
  PID:6152
- C:\Windows\System\oBeVRMp.exe
  C:\Windows\System\oBeVRMp.exe
  2⤵
  PID:6168
- C:\Windows\System\FoKBCjq.exe
  C:\Windows\System\FoKBCjq.exe
  2⤵
  PID:6184
- C:\Windows\System\RbZfROS.exe
  C:\Windows\System\RbZfROS.exe
  2⤵
  PID:6228
- C:\Windows\System\TngmNBt.exe
  C:\Windows\System\TngmNBt.exe
  2⤵
  PID:6244
- C:\Windows\System\llzGreM.exe
  C:\Windows\System\llzGreM.exe
  2⤵
  PID:6260
- C:\Windows\System\omQrvML.exe
  C:\Windows\System\omQrvML.exe
  2⤵
  PID:6284
- C:\Windows\System\dRmwbzD.exe
  C:\Windows\System\dRmwbzD.exe
  2⤵
  PID:6308
- C:\Windows\System\WALYqJp.exe
  C:\Windows\System\WALYqJp.exe
  2⤵
  PID:6324
- C:\Windows\System\enqyuKt.exe
  C:\Windows\System\enqyuKt.exe
  2⤵
  PID:6340
- C:\Windows\System\PXsWTIG.exe
  C:\Windows\System\PXsWTIG.exe
  2⤵
  PID:6364
- C:\Windows\System\LsadLyw.exe
  C:\Windows\System\LsadLyw.exe
  2⤵
  PID:6380
- C:\Windows\System\yehSTSa.exe
  C:\Windows\System\yehSTSa.exe
  2⤵
  PID:6396
- C:\Windows\System\pdDKEFM.exe
  C:\Windows\System\pdDKEFM.exe
  2⤵
  PID:6412
- C:\Windows\System\UJCnIwV.exe
  C:\Windows\System\UJCnIwV.exe
  2⤵
  PID:6436
- C:\Windows\System\HfLdicz.exe
  C:\Windows\System\HfLdicz.exe
  2⤵
  PID:6456
- C:\Windows\System\JwElhag.exe
  C:\Windows\System\JwElhag.exe
  2⤵
  PID:6472
- C:\Windows\System\PRRMFNb.exe
  C:\Windows\System\PRRMFNb.exe
  2⤵
  PID:6496
- C:\Windows\System\HhmYatz.exe
  C:\Windows\System\HhmYatz.exe
  2⤵
  PID:6512
- C:\Windows\System\ecftVmU.exe
  C:\Windows\System\ecftVmU.exe
  2⤵
  PID:6540
- C:\Windows\System\XIQBBkd.exe
  C:\Windows\System\XIQBBkd.exe
  2⤵
  PID:6560
- C:\Windows\System\YFiXqfp.exe
  C:\Windows\System\YFiXqfp.exe
  2⤵
  PID:6576
- C:\Windows\System\AugmBkd.exe
  C:\Windows\System\AugmBkd.exe
  2⤵
  PID:6592
- C:\Windows\System\wUBlvcj.exe
  C:\Windows\System\wUBlvcj.exe
  2⤵
  PID:6608
- C:\Windows\System\BxthBAk.exe
  C:\Windows\System\BxthBAk.exe
  2⤵
  PID:6656
- C:\Windows\System\BXqhYEC.exe
  C:\Windows\System\BXqhYEC.exe
  2⤵
  PID:6672
- C:\Windows\System\XjVtBmb.exe
  C:\Windows\System\XjVtBmb.exe
  2⤵
  PID:6688
- C:\Windows\System\AcWljbZ.exe
  C:\Windows\System\AcWljbZ.exe
  2⤵
  PID:6704
- C:\Windows\System\RHiswDp.exe
  C:\Windows\System\RHiswDp.exe
  2⤵
  PID:6724
- C:\Windows\System\tNmfGyq.exe
  C:\Windows\System\tNmfGyq.exe
  2⤵
  PID:6744
- C:\Windows\System\aKyjGyA.exe
  C:\Windows\System\aKyjGyA.exe
  2⤵
  PID:6764
- C:\Windows\System\TcmRydt.exe
  C:\Windows\System\TcmRydt.exe
  2⤵
  PID:6784
- C:\Windows\System\aFTWdXy.exe
  C:\Windows\System\aFTWdXy.exe
  2⤵
  PID:6804
- C:\Windows\System\QoYQhhj.exe
  C:\Windows\System\QoYQhhj.exe
  2⤵
  PID:6820
- C:\Windows\System\ThnrFVw.exe
  C:\Windows\System\ThnrFVw.exe
  2⤵
  PID:6836
- C:\Windows\System\QzlfcbA.exe
  C:\Windows\System\QzlfcbA.exe
  2⤵
  PID:6856
- C:\Windows\System\CRyhWVI.exe
  C:\Windows\System\CRyhWVI.exe
  2⤵
  PID:6872
- C:\Windows\System\EqckTDs.exe
  C:\Windows\System\EqckTDs.exe
  2⤵
  PID:6888
- C:\Windows\System\cqBUCof.exe
  C:\Windows\System\cqBUCof.exe
  2⤵
  PID:6916
- C:\Windows\System\JcVvmEv.exe
  C:\Windows\System\JcVvmEv.exe
  2⤵
  PID:6948
- C:\Windows\System\aYepWji.exe
  C:\Windows\System\aYepWji.exe
  2⤵
  PID:6964
- C:\Windows\System\PhaLPYO.exe
  C:\Windows\System\PhaLPYO.exe
  2⤵
  PID:6984
- C:\Windows\System\NATQkyp.exe
  C:\Windows\System\NATQkyp.exe
  2⤵
  PID:7000
- C:\Windows\System\ykDRZTW.exe
  C:\Windows\System\ykDRZTW.exe
  2⤵
  PID:7016
- C:\Windows\System\FDDDNHI.exe
  C:\Windows\System\FDDDNHI.exe
  2⤵
  PID:7032
- C:\Windows\System\fjbPaTr.exe
  C:\Windows\System\fjbPaTr.exe
  2⤵
  PID:7052
- C:\Windows\System\WWKttgp.exe
  C:\Windows\System\WWKttgp.exe
  2⤵
  PID:7072
- C:\Windows\System\JcLDwUd.exe
  C:\Windows\System\JcLDwUd.exe
  2⤵
  PID:7088
- C:\Windows\System\kNLjcRS.exe
  C:\Windows\System\kNLjcRS.exe
  2⤵
  PID:7104
- C:\Windows\System\OWIONHx.exe
  C:\Windows\System\OWIONHx.exe
  2⤵
  PID:7120
- C:\Windows\System\PKtlHTS.exe
  C:\Windows\System\PKtlHTS.exe
  2⤵
  PID:7136
- C:\Windows\System\OZYefBb.exe
  C:\Windows\System\OZYefBb.exe
  2⤵
  PID:7152
- C:\Windows\System\oUGYpor.exe
  C:\Windows\System\oUGYpor.exe
  2⤵
  PID:1476
- C:\Windows\System\xExLdaf.exe
  C:\Windows\System\xExLdaf.exe
  2⤵
  PID:6180
- C:\Windows\System\TYHcszF.exe
  C:\Windows\System\TYHcszF.exe
  2⤵
  PID:1936
- C:\Windows\System\fhdSJyu.exe
  C:\Windows\System\fhdSJyu.exe
  2⤵
  PID:6164
- C:\Windows\System\CmNKskV.exe
  C:\Windows\System\CmNKskV.exe
  2⤵
  PID:5132
- C:\Windows\System\tAbIeGi.exe
  C:\Windows\System\tAbIeGi.exe
  2⤵
  PID:6216
- C:\Windows\System\YJOspTT.exe
  C:\Windows\System\YJOspTT.exe
  2⤵
  PID:6200
- C:\Windows\System\YrsAbzk.exe
  C:\Windows\System\YrsAbzk.exe
  2⤵
  PID:6348
- C:\Windows\System\FIMrEYl.exe
  C:\Windows\System\FIMrEYl.exe
  2⤵
  PID:6336
- C:\Windows\System\QZazeuY.exe
  C:\Windows\System\QZazeuY.exe
  2⤵
  PID:6508
- C:\Windows\System\mduangT.exe
  C:\Windows\System\mduangT.exe
  2⤵
  PID:6556
- C:\Windows\System\hWLReCD.exe
  C:\Windows\System\hWLReCD.exe
  2⤵
  PID:6524
- C:\Windows\System\brhNYnF.exe
  C:\Windows\System\brhNYnF.exe
  2⤵
  PID:6448
- C:\Windows\System\fHBqRBx.exe
  C:\Windows\System\fHBqRBx.exe
  2⤵
  PID:6488
- C:\Windows\System\eDVstMZ.exe
  C:\Windows\System\eDVstMZ.exe
  2⤵
  PID:6644
- C:\Windows\System\xNHMzqS.exe
  C:\Windows\System\xNHMzqS.exe
  2⤵
  PID:6620
- C:\Windows\System\jIXEMiM.exe
  C:\Windows\System\jIXEMiM.exe
  2⤵
  PID:6756
- C:\Windows\System\ctFSeCP.exe
  C:\Windows\System\ctFSeCP.exe
  2⤵
  PID:6792
- C:\Windows\System\wTrTLPR.exe
  C:\Windows\System\wTrTLPR.exe
  2⤵
  PID:6832
- C:\Windows\System\sRsbIXN.exe
  C:\Windows\System\sRsbIXN.exe
  2⤵
  PID:6740
- C:\Windows\System\aZmRSbX.exe
  C:\Windows\System\aZmRSbX.exe
  2⤵
  PID:6700
- C:\Windows\System\DPsVWqP.exe
  C:\Windows\System\DPsVWqP.exe
  2⤵
  PID:6956
- C:\Windows\System\dKjKpqc.exe
  C:\Windows\System\dKjKpqc.exe
  2⤵
  PID:7024
- C:\Windows\System\CkltaMc.exe
  C:\Windows\System\CkltaMc.exe
  2⤵
  PID:7100
- C:\Windows\System\qOIjvfp.exe
  C:\Windows\System\qOIjvfp.exe
  2⤵
  PID:6884
- C:\Windows\System\UCYltnu.exe
  C:\Windows\System\UCYltnu.exe
  2⤵
  PID:7160
- C:\Windows\System\WhfsiKk.exe
  C:\Windows\System\WhfsiKk.exe
  2⤵
  PID:6240
- C:\Windows\System\KxuNnNk.exe
  C:\Windows\System\KxuNnNk.exe
  2⤵
  PID:7084
- C:\Windows\System\DHXxpxO.exe
  C:\Windows\System\DHXxpxO.exe
  2⤵
  PID:6944
- C:\Windows\System\wHLpecR.exe
  C:\Windows\System\wHLpecR.exe
  2⤵
  PID:7044
- C:\Windows\System\xIrPhQu.exe
  C:\Windows\System\xIrPhQu.exe
  2⤵
  PID:6048
- C:\Windows\System\KGdJOzT.exe
  C:\Windows\System\KGdJOzT.exe
  2⤵
  PID:7112
- C:\Windows\System\NPgpAGR.exe
  C:\Windows\System\NPgpAGR.exe
  2⤵
  PID:6208
- C:\Windows\System\FKalKRC.exe
  C:\Windows\System\FKalKRC.exe
  2⤵
  PID:7040
- C:\Windows\System\ACkMjmu.exe
  C:\Windows\System\ACkMjmu.exe
  2⤵
  PID:6936
- C:\Windows\System\uNTzAMG.exe
  C:\Windows\System\uNTzAMG.exe
  2⤵
  PID:6420
- C:\Windows\System\tWwRnrx.exe
  C:\Windows\System\tWwRnrx.exe
  2⤵
  PID:6468
- C:\Windows\System\eQrhiSW.exe
  C:\Windows\System\eQrhiSW.exe
  2⤵
  PID:6332
- C:\Windows\System\LPKiurp.exe
  C:\Windows\System\LPKiurp.exe
  2⤵
  PID:6520
- C:\Windows\System\mHQkrpI.exe
  C:\Windows\System\mHQkrpI.exe
  2⤵
  PID:6600
- C:\Windows\System\OGtzvAH.exe
  C:\Windows\System\OGtzvAH.exe
  2⤵
  PID:6716
- C:\Windows\System\zVKlxPy.exe
  C:\Windows\System\zVKlxPy.exe
  2⤵
  PID:6604
- C:\Windows\System\VEtgwnD.exe
  C:\Windows\System\VEtgwnD.exe
  2⤵
  PID:6668
- C:\Windows\System\bCuLgaF.exe
  C:\Windows\System\bCuLgaF.exe
  2⤵
  PID:6828
- C:\Windows\System\fHFUydp.exe
  C:\Windows\System\fHFUydp.exe
  2⤵
  PID:6912
- C:\Windows\System\qlzDeGr.exe
  C:\Windows\System\qlzDeGr.exe
  2⤵
  PID:7064
- C:\Windows\System\csUMIfB.exe
  C:\Windows\System\csUMIfB.exe
  2⤵
  PID:6812
- C:\Windows\System\urNQhWc.exe
  C:\Windows\System\urNQhWc.exe
  2⤵
  PID:6736
- C:\Windows\System\XuKWrty.exe
  C:\Windows\System\XuKWrty.exe
  2⤵
  PID:6776
- C:\Windows\System\VQMhduP.exe
  C:\Windows\System\VQMhduP.exe
  2⤵
  PID:5144
- C:\Windows\System\YyAGuft.exe
  C:\Windows\System\YyAGuft.exe
  2⤵
  PID:7012
- C:\Windows\System\XEDLDwx.exe
  C:\Windows\System\XEDLDwx.exe
  2⤵
  PID:6300
- C:\Windows\System\UPDOdUY.exe
  C:\Windows\System\UPDOdUY.exe
  2⤵
  PID:6404
- C:\Windows\System\ltcCxdq.exe
  C:\Windows\System\ltcCxdq.exe
  2⤵
  PID:7080
- C:\Windows\System\BRghVLq.exe
  C:\Windows\System\BRghVLq.exe
  2⤵
  PID:6252
- C:\Windows\System\OwDQJKx.exe
  C:\Windows\System\OwDQJKx.exe
  2⤵
  PID:6624
- C:\Windows\System\lWauBED.exe
  C:\Windows\System\lWauBED.exe
  2⤵
  PID:6712
- C:\Windows\System\SQQpNSS.exe
  C:\Windows\System\SQQpNSS.exe
  2⤵
  PID:6800
- C:\Windows\System\uiNKWbf.exe
  C:\Windows\System\uiNKWbf.exe
  2⤵
  PID:6864
- C:\Windows\System\ZPfOUHk.exe
  C:\Windows\System\ZPfOUHk.exe
  2⤵
  PID:6992
- C:\Windows\System\KcPpoxl.exe
  C:\Windows\System\KcPpoxl.exe
  2⤵
  PID:6932
- C:\Windows\System\OjpVeeH.exe
  C:\Windows\System\OjpVeeH.exe
  2⤵
  PID:6844
- C:\Windows\System\NFTCrbf.exe
  C:\Windows\System\NFTCrbf.exe
  2⤵
  PID:6276
- C:\Windows\System\gJxGioF.exe
  C:\Windows\System\gJxGioF.exe
  2⤵
  PID:6720
- C:\Windows\System\rdsMSbR.exe
  C:\Windows\System\rdsMSbR.exe
  2⤵
  PID:7048
- C:\Windows\System\Mrjlgcf.exe
  C:\Windows\System\Mrjlgcf.exe
  2⤵
  PID:6176
- C:\Windows\System\LzzfORP.exe
  C:\Windows\System\LzzfORP.exe
  2⤵
  PID:6532
- C:\Windows\System\TdGSAOh.exe
  C:\Windows\System\TdGSAOh.exe
  2⤵
  PID:6868
- C:\Windows\System\wFzahdu.exe
  C:\Windows\System\wFzahdu.exe
  2⤵
  PID:6536
- C:\Windows\System\fGVbxlV.exe
  C:\Windows\System\fGVbxlV.exe
  2⤵
  PID:6444
- C:\Windows\System\uQKruGF.exe
  C:\Windows\System\uQKruGF.exe
  2⤵
  PID:6196
- C:\Windows\System\mSHhsKs.exe
  C:\Windows\System\mSHhsKs.exe
  2⤵
  PID:7204
- C:\Windows\System\ZdfDkxb.exe
  C:\Windows\System\ZdfDkxb.exe
  2⤵
  PID:7228
- C:\Windows\System\SNbDiVZ.exe
  C:\Windows\System\SNbDiVZ.exe
  2⤵
  PID:7244
- C:\Windows\System\XsrJDjo.exe
  C:\Windows\System\XsrJDjo.exe
  2⤵
  PID:7260
- C:\Windows\System\yMhfJVe.exe
  C:\Windows\System\yMhfJVe.exe
  2⤵
  PID:7276
- C:\Windows\System\ZwkZGay.exe
  C:\Windows\System\ZwkZGay.exe
  2⤵
  PID:7300
- C:\Windows\System\sKzCqLu.exe
  C:\Windows\System\sKzCqLu.exe
  2⤵
  PID:7320
- C:\Windows\System\PBmLCLf.exe
  C:\Windows\System\PBmLCLf.exe
  2⤵
  PID:7336
- C:\Windows\System\BbOVXwh.exe
  C:\Windows\System\BbOVXwh.exe
  2⤵
  PID:7352
- C:\Windows\System\aONcvDR.exe
  C:\Windows\System\aONcvDR.exe
  2⤵
  PID:7376
- C:\Windows\System\iIcvAsS.exe
  C:\Windows\System\iIcvAsS.exe
  2⤵
  PID:7408
- C:\Windows\System\SmdFeKz.exe
  C:\Windows\System\SmdFeKz.exe
  2⤵
  PID:7424
- C:\Windows\System\ivKoxqX.exe
  C:\Windows\System\ivKoxqX.exe
  2⤵
  PID:7440
- C:\Windows\System\myezMuV.exe
  C:\Windows\System\myezMuV.exe
  2⤵
  PID:7460
- C:\Windows\System\WYAedRt.exe
  C:\Windows\System\WYAedRt.exe
  2⤵
  PID:7476
- C:\Windows\System\LpjEwJl.exe
  C:\Windows\System\LpjEwJl.exe
  2⤵
  PID:7492
- C:\Windows\System\yoCaDcI.exe
  C:\Windows\System\yoCaDcI.exe
  2⤵
  PID:7508
- C:\Windows\System\Joenntp.exe
  C:\Windows\System\Joenntp.exe
  2⤵
  PID:7524
- C:\Windows\System\fXqOJnn.exe
  C:\Windows\System\fXqOJnn.exe
  2⤵
  PID:7540
- C:\Windows\System\WmQdBrI.exe
  C:\Windows\System\WmQdBrI.exe
  2⤵
  PID:7556
- C:\Windows\System\bdLXluB.exe
  C:\Windows\System\bdLXluB.exe
  2⤵
  PID:7608
- C:\Windows\System\ZlXByiv.exe
  C:\Windows\System\ZlXByiv.exe
  2⤵
  PID:7624
- C:\Windows\System\AXzVMen.exe
  C:\Windows\System\AXzVMen.exe
  2⤵
  PID:7644
- C:\Windows\System\XclnlUM.exe
  C:\Windows\System\XclnlUM.exe
  2⤵
  PID:7668
- C:\Windows\System\GAUtlxh.exe
  C:\Windows\System\GAUtlxh.exe
  2⤵
  PID:7684
- C:\Windows\System\hBgYPTd.exe
  C:\Windows\System\hBgYPTd.exe
  2⤵
  PID:7700
- C:\Windows\System\tPcrkGK.exe
  C:\Windows\System\tPcrkGK.exe
  2⤵
  PID:7716
- C:\Windows\System\DzncSMw.exe
  C:\Windows\System\DzncSMw.exe
  2⤵
  PID:7732
- C:\Windows\System\SIrvfYR.exe
  C:\Windows\System\SIrvfYR.exe
  2⤵
  PID:7748
- C:\Windows\System\ifsGcet.exe
  C:\Windows\System\ifsGcet.exe
  2⤵
  PID:7764
- C:\Windows\System\gjgnQbb.exe
  C:\Windows\System\gjgnQbb.exe
  2⤵
  PID:7808
- C:\Windows\System\EEhtaRH.exe
  C:\Windows\System\EEhtaRH.exe
  2⤵
  PID:7832
- C:\Windows\System\JeUUaxV.exe
  C:\Windows\System\JeUUaxV.exe
  2⤵
  PID:7848
- C:\Windows\System\ZmkUeoO.exe
  C:\Windows\System\ZmkUeoO.exe
  2⤵
  PID:7868
- C:\Windows\System\RJXMObM.exe
  C:\Windows\System\RJXMObM.exe
  2⤵
  PID:7884
- C:\Windows\System\bRwTHMT.exe
  C:\Windows\System\bRwTHMT.exe
  2⤵
  PID:7908
- C:\Windows\System\yxlQiLT.exe
  C:\Windows\System\yxlQiLT.exe
  2⤵
  PID:7928
- C:\Windows\System\gQFTOmQ.exe
  C:\Windows\System\gQFTOmQ.exe
  2⤵
  PID:7944
- C:\Windows\System\mrtYSnF.exe
  C:\Windows\System\mrtYSnF.exe
  2⤵
  PID:7964
- C:\Windows\System\NCNWGDI.exe
  C:\Windows\System\NCNWGDI.exe
  2⤵
  PID:7980
- C:\Windows\System\lfnyoPe.exe
  C:\Windows\System\lfnyoPe.exe
  2⤵
  PID:8008
- C:\Windows\System\XdSKQjV.exe
  C:\Windows\System\XdSKQjV.exe
  2⤵
  PID:8092
- C:\Windows\System\pdaqurB.exe
  C:\Windows\System\pdaqurB.exe
  2⤵
  PID:8108
- C:\Windows\System\FQaONOM.exe
  C:\Windows\System\FQaONOM.exe
  2⤵
  PID:8128
- C:\Windows\System\cBNSIbU.exe
  C:\Windows\System\cBNSIbU.exe
  2⤵
  PID:8144
- C:\Windows\System\aGCcGyN.exe
  C:\Windows\System\aGCcGyN.exe
  2⤵
  PID:8160
- C:\Windows\System\hHKjbnX.exe
  C:\Windows\System\hHKjbnX.exe
  2⤵
  PID:1140
- C:\Windows\System\axLbThn.exe
  C:\Windows\System\axLbThn.exe
  2⤵
  PID:6848
- C:\Windows\System\NwEMDXO.exe
  C:\Windows\System\NwEMDXO.exe
  2⤵
  PID:5464
- C:\Windows\System\aWjTdBn.exe
  C:\Windows\System\aWjTdBn.exe
  2⤵
  PID:6572
- C:\Windows\System\OQDENGJ.exe
  C:\Windows\System\OQDENGJ.exe
  2⤵
  PID:7176
- C:\Windows\System\DojNTqB.exe
  C:\Windows\System\DojNTqB.exe
  2⤵
  PID:7188
- C:\Windows\System\XrywcCA.exe
  C:\Windows\System\XrywcCA.exe
  2⤵
  PID:7220
- C:\Windows\System\dagAvLM.exe
  C:\Windows\System\dagAvLM.exe
  2⤵
  PID:7236
- C:\Windows\System\RpSCAja.exe
  C:\Windows\System\RpSCAja.exe
  2⤵
  PID:7312
- C:\Windows\System\nwVsUIq.exe
  C:\Windows\System\nwVsUIq.exe
  2⤵
  PID:7360
- C:\Windows\System\LhfLkJP.exe
  C:\Windows\System\LhfLkJP.exe
  2⤵
  PID:7316
- C:\Windows\System\UPByDZl.exe
  C:\Windows\System\UPByDZl.exe
  2⤵
  PID:7344
- C:\Windows\System\KmjnxXq.exe
  C:\Windows\System\KmjnxXq.exe
  2⤵
  PID:7432
- C:\Windows\System\kbtABzt.exe
  C:\Windows\System\kbtABzt.exe
  2⤵
  PID:7416
- C:\Windows\System\yrGkGSO.exe
  C:\Windows\System\yrGkGSO.exe
  2⤵
  PID:7420
- C:\Windows\System\KIJAlvZ.exe
  C:\Windows\System\KIJAlvZ.exe
  2⤵
  PID:7548
- C:\Windows\System\iWnVVEg.exe
  C:\Windows\System\iWnVVEg.exe
  2⤵
  PID:7532
- C:\Windows\System\oODttnv.exe
  C:\Windows\System\oODttnv.exe
  2⤵
  PID:7564
- C:\Windows\System\NcHLsCn.exe
  C:\Windows\System\NcHLsCn.exe
  2⤵
  PID:7596
- C:\Windows\System\MMJmPBn.exe
  C:\Windows\System\MMJmPBn.exe
  2⤵
  PID:7652
- C:\Windows\System\kIFYYJy.exe
  C:\Windows\System\kIFYYJy.exe
  2⤵
  PID:7708
- C:\Windows\System\aGPPAmP.exe
  C:\Windows\System\aGPPAmP.exe
  2⤵
  PID:6304
- C:\Windows\System\OQWLJsX.exe
  C:\Windows\System\OQWLJsX.exe
  2⤵
  PID:7756
- C:\Windows\System\GJIiujG.exe
  C:\Windows\System\GJIiujG.exe
  2⤵
  PID:7820
- C:\Windows\System\HHsJLXc.exe
  C:\Windows\System\HHsJLXc.exe
  2⤵
  PID:7824
- C:\Windows\System\kngnBgd.exe
  C:\Windows\System\kngnBgd.exe
  2⤵
  PID:7860
- C:\Windows\System\FICTBrr.exe
  C:\Windows\System\FICTBrr.exe
  2⤵
  PID:7876
- C:\Windows\System\HBmvuAK.exe
  C:\Windows\System\HBmvuAK.exe
  2⤵
  PID:7936
- C:\Windows\System\BGtdvkY.exe
  C:\Windows\System\BGtdvkY.exe
  2⤵
  PID:7972
- C:\Windows\System\nTOPGwb.exe
  C:\Windows\System\nTOPGwb.exe
  2⤵
  PID:8016
- C:\Windows\System\xDbYWFT.exe
  C:\Windows\System\xDbYWFT.exe
  2⤵
  PID:7992
- C:\Windows\System\KvXZMjR.exe
  C:\Windows\System\KvXZMjR.exe
  2⤵
  PID:8104
- C:\Windows\System\nbTPhYd.exe
  C:\Windows\System\nbTPhYd.exe
  2⤵
  PID:8156
- C:\Windows\System\KvUelaV.exe
  C:\Windows\System\KvUelaV.exe
  2⤵
  PID:8168
- C:\Windows\System\lYvsOyf.exe
  C:\Windows\System\lYvsOyf.exe
  2⤵
  PID:8176
- C:\Windows\System\CMDpsWa.exe
  C:\Windows\System\CMDpsWa.exe
  2⤵
  PID:6484
- C:\Windows\System\OElricr.exe
  C:\Windows\System\OElricr.exe
  2⤵
  PID:7256
- C:\Windows\System\QATUUwN.exe
  C:\Windows\System\QATUUwN.exe
  2⤵
  PID:7272
- C:\Windows\System\KicITnz.exe
  C:\Windows\System\KicITnz.exe
  2⤵
  PID:5364
- C:\Windows\System\Entrysv.exe
  C:\Windows\System\Entrysv.exe
  2⤵
  PID:7296
- C:\Windows\System\GtEfhXb.exe
  C:\Windows\System\GtEfhXb.exe
  2⤵
  PID:7472
- C:\Windows\System\NWwfbWJ.exe
  C:\Windows\System\NWwfbWJ.exe
  2⤵
  PID:7396
- C:\Windows\System\eptiVBa.exe
  C:\Windows\System\eptiVBa.exe
  2⤵
  PID:7332
- C:\Windows\System\UMetCjv.exe
  C:\Windows\System\UMetCjv.exe
  2⤵
  PID:7388
- C:\Windows\System\SguSoss.exe
  C:\Windows\System\SguSoss.exe
  2⤵
  PID:7616
- C:\Windows\System\cCBPQyj.exe
  C:\Windows\System\cCBPQyj.exe
  2⤵
  PID:7656
- C:\Windows\System\wUHXloG.exe
  C:\Windows\System\wUHXloG.exe
  2⤵
  PID:7856
- C:\Windows\System\WsmXbIw.exe
  C:\Windows\System\WsmXbIw.exe
  2⤵
  PID:7952
- C:\Windows\System\ZrXwiEJ.exe
  C:\Windows\System\ZrXwiEJ.exe
  2⤵
  PID:8100
- C:\Windows\System\kMYcwkM.exe
  C:\Windows\System\kMYcwkM.exe
  2⤵
  PID:6696
- C:\Windows\System\fxpQWeq.exe
  C:\Windows\System\fxpQWeq.exe
  2⤵
  PID:7488
- C:\Windows\System\SomIhHS.exe
  C:\Windows\System\SomIhHS.exe
  2⤵
  PID:7536
- C:\Windows\System\wMOrhrK.exe
  C:\Windows\System\wMOrhrK.exe
  2⤵
  PID:7620
- C:\Windows\System\nPVsmdk.exe
  C:\Windows\System\nPVsmdk.exe
  2⤵
  PID:7988
- C:\Windows\System\CKnIYoq.exe
  C:\Windows\System\CKnIYoq.exe
  2⤵
  PID:7724
- C:\Windows\System\KpVbDEe.exe
  C:\Windows\System\KpVbDEe.exe
  2⤵
  PID:8180
- C:\Windows\System\ZHyEXcE.exe
  C:\Windows\System\ZHyEXcE.exe
  2⤵
  PID:7636
- C:\Windows\System\TUvISFT.exe
  C:\Windows\System\TUvISFT.exe
  2⤵
  PID:7772
- C:\Windows\System\XOiIyNU.exe
  C:\Windows\System\XOiIyNU.exe
  2⤵
  PID:7172
- C:\Windows\System\hOgEVuB.exe
  C:\Windows\System\hOgEVuB.exe
  2⤵
  PID:7520
- C:\Windows\System\ilBAAen.exe
  C:\Windows\System\ilBAAen.exe
  2⤵
  PID:7904
- C:\Windows\System\APPgRNo.exe
  C:\Windows\System\APPgRNo.exe
  2⤵
  PID:7600
- C:\Windows\System\uPFHSRc.exe
  C:\Windows\System\uPFHSRc.exe
  2⤵
  PID:7292
- C:\Windows\System\wZRzNaR.exe
  C:\Windows\System\wZRzNaR.exe
  2⤵
  PID:8020
- C:\Windows\System\jrTONXV.exe
  C:\Windows\System\jrTONXV.exe
  2⤵
  PID:7696
- C:\Windows\System\KxqBUVz.exe
  C:\Windows\System\KxqBUVz.exe
  2⤵
  PID:7448
- C:\Windows\System\NrawXam.exe
  C:\Windows\System\NrawXam.exe
  2⤵
  PID:7372
- C:\Windows\System\eBcLaOx.exe
  C:\Windows\System\eBcLaOx.exe
  2⤵
  PID:8140
- C:\Windows\System\ldWTsFf.exe
  C:\Windows\System\ldWTsFf.exe
  2⤵
  PID:8000
- C:\Windows\System\qfovIVF.exe
  C:\Windows\System\qfovIVF.exe
  2⤵
  PID:7788
- C:\Windows\System\vlAAcgJ.exe
  C:\Windows\System\vlAAcgJ.exe
  2⤵
  PID:7804
- C:\Windows\System\fgCEAWV.exe
  C:\Windows\System\fgCEAWV.exe
  2⤵
  PID:7196
- C:\Windows\System\iOhFhJG.exe
  C:\Windows\System\iOhFhJG.exe
  2⤵
  PID:7216
- C:\Windows\System\OnxrTfR.exe
  C:\Windows\System\OnxrTfR.exe
  2⤵
  PID:7960
- C:\Windows\System\BAigwMn.exe
  C:\Windows\System\BAigwMn.exe
  2⤵
  PID:7484
- C:\Windows\System\LrRLIst.exe
  C:\Windows\System\LrRLIst.exe
  2⤵
  PID:6432
- C:\Windows\System\JhFmlQM.exe
  C:\Windows\System\JhFmlQM.exe
  2⤵
  PID:7640
- C:\Windows\System\UFDZwkp.exe
  C:\Windows\System\UFDZwkp.exe
  2⤵
  PID:7796
- C:\Windows\System\AyFVASP.exe
  C:\Windows\System\AyFVASP.exe
  2⤵
  PID:7828
- C:\Windows\System\xDhleIw.exe
  C:\Windows\System\xDhleIw.exe
  2⤵
  PID:8124
- C:\Windows\System\Mjkdpbh.exe
  C:\Windows\System\Mjkdpbh.exe
  2⤵
  PID:7776
- C:\Windows\System\PsFZiZL.exe
  C:\Windows\System\PsFZiZL.exe
  2⤵
  PID:8208
- C:\Windows\System\AfFNdRV.exe
  C:\Windows\System\AfFNdRV.exe
  2⤵
  PID:8224
- C:\Windows\System\ARarGYM.exe
  C:\Windows\System\ARarGYM.exe
  2⤵
  PID:8248
- C:\Windows\System\Doglkal.exe
  C:\Windows\System\Doglkal.exe
  2⤵
  PID:8264
- C:\Windows\System\DASwNRr.exe
  C:\Windows\System\DASwNRr.exe
  2⤵
  PID:8292
- C:\Windows\System\HmuedGQ.exe
  C:\Windows\System\HmuedGQ.exe
  2⤵
  PID:8316
- C:\Windows\System\gCBckia.exe
  C:\Windows\System\gCBckia.exe
  2⤵
  PID:8332
- C:\Windows\System\YCdiXEI.exe
  C:\Windows\System\YCdiXEI.exe
  2⤵
  PID:8348
- C:\Windows\System\BQPUyeh.exe
  C:\Windows\System\BQPUyeh.exe
  2⤵
  PID:8372
- C:\Windows\System\qtDeOYd.exe
  C:\Windows\System\qtDeOYd.exe
  2⤵
  PID:8400
- C:\Windows\System\BSilJAt.exe
  C:\Windows\System\BSilJAt.exe
  2⤵
  PID:8416
- C:\Windows\System\QVmLdpF.exe
  C:\Windows\System\QVmLdpF.exe
  2⤵
  PID:8436
- C:\Windows\System\FpPeqXo.exe
  C:\Windows\System\FpPeqXo.exe
  2⤵
  PID:8452
- C:\Windows\System\LVDSPEb.exe
  C:\Windows\System\LVDSPEb.exe
  2⤵
  PID:8468
- C:\Windows\System\nglNKqZ.exe
  C:\Windows\System\nglNKqZ.exe
  2⤵
  PID:8492
- C:\Windows\System\icihhDK.exe
  C:\Windows\System\icihhDK.exe
  2⤵
  PID:8516
- C:\Windows\System\YhiIZto.exe
  C:\Windows\System\YhiIZto.exe
  2⤵
  PID:8540
- C:\Windows\System\priTDeh.exe
  C:\Windows\System\priTDeh.exe
  2⤵
  PID:8560
- C:\Windows\System\MpryYGA.exe
  C:\Windows\System\MpryYGA.exe
  2⤵
  PID:8584
- C:\Windows\System\SwasOHn.exe
  C:\Windows\System\SwasOHn.exe
  2⤵
  PID:8604
- C:\Windows\System\RpeJTgA.exe
  C:\Windows\System\RpeJTgA.exe
  2⤵
  PID:8628
- C:\Windows\System\XNzTBXz.exe
  C:\Windows\System\XNzTBXz.exe
  2⤵
  PID:8644
- C:\Windows\System\ftPQghq.exe
  C:\Windows\System\ftPQghq.exe
  2⤵
  PID:8660
- C:\Windows\System\NwfEjIc.exe
  C:\Windows\System\NwfEjIc.exe
  2⤵
  PID:8684
- C:\Windows\System\cJYQgCK.exe
  C:\Windows\System\cJYQgCK.exe
  2⤵
  PID:8708
- C:\Windows\System\TaasIym.exe
  C:\Windows\System\TaasIym.exe
  2⤵
  PID:8724
- C:\Windows\System\EwQWVfK.exe
  C:\Windows\System\EwQWVfK.exe
  2⤵
  PID:8740
- C:\Windows\System\HwmZaza.exe
  C:\Windows\System\HwmZaza.exe
  2⤵
  PID:8756
- C:\Windows\System\HPPpjHb.exe
  C:\Windows\System\HPPpjHb.exe
  2⤵
  PID:8772
- C:\Windows\System\UuSRToY.exe
  C:\Windows\System\UuSRToY.exe
  2⤵
  PID:8792
- C:\Windows\System\eNQeofm.exe
  C:\Windows\System\eNQeofm.exe
  2⤵
  PID:8820
- C:\Windows\System\gtlYoUs.exe
  C:\Windows\System\gtlYoUs.exe
  2⤵
  PID:8836
- C:\Windows\System\JLdUwhY.exe
  C:\Windows\System\JLdUwhY.exe
  2⤵
  PID:8868
- C:\Windows\System\eXXYBRS.exe
  C:\Windows\System\eXXYBRS.exe
  2⤵
  PID:8884
- C:\Windows\System\RoPflvo.exe
  C:\Windows\System\RoPflvo.exe
  2⤵
  PID:8900
- C:\Windows\System\qHNXSCj.exe
  C:\Windows\System\qHNXSCj.exe
  2⤵
  PID:8932
- C:\Windows\System\ZHlgJxb.exe
  C:\Windows\System\ZHlgJxb.exe
  2⤵
  PID:8952
- C:\Windows\System\BIFqKgO.exe
  C:\Windows\System\BIFqKgO.exe
  2⤵
  PID:8968
- C:\Windows\System\jVbjmna.exe
  C:\Windows\System\jVbjmna.exe
  2⤵
  PID:8984
- C:\Windows\System\NwKXgoU.exe
  C:\Windows\System\NwKXgoU.exe
  2⤵
  PID:9000
- C:\Windows\System\MlTPgci.exe
  C:\Windows\System\MlTPgci.exe
  2⤵
  PID:9032
- C:\Windows\System\qVmfVJF.exe
  C:\Windows\System\qVmfVJF.exe
  2⤵
  PID:9048
- C:\Windows\System\AUSFKUy.exe
  C:\Windows\System\AUSFKUy.exe
  2⤵
  PID:9064
- C:\Windows\System\GBZPNtH.exe
  C:\Windows\System\GBZPNtH.exe
  2⤵
  PID:9080
- C:\Windows\System\pQDRRXi.exe
  C:\Windows\System\pQDRRXi.exe
  2⤵
  PID:9096
- C:\Windows\System\zMBGboV.exe
  C:\Windows\System\zMBGboV.exe
  2⤵
  PID:9112
- C:\Windows\System\WHSqSQQ.exe
  C:\Windows\System\WHSqSQQ.exe
  2⤵
  PID:9128
- C:\Windows\System\vZzkDUI.exe
  C:\Windows\System\vZzkDUI.exe
  2⤵
  PID:9144
- C:\Windows\System\vtXAGaJ.exe
  C:\Windows\System\vtXAGaJ.exe
  2⤵
  PID:9160
- C:\Windows\System\ViJJBOG.exe
  C:\Windows\System\ViJJBOG.exe
  2⤵
  PID:9176
- C:\Windows\System\stYZOGE.exe
  C:\Windows\System\stYZOGE.exe
  2⤵
  PID:8232
- C:\Windows\System\tdjLFtf.exe
  C:\Windows\System\tdjLFtf.exe
  2⤵
  PID:8188
- C:\Windows\System\gwpIdji.exe
  C:\Windows\System\gwpIdji.exe
  2⤵
  PID:8272
- C:\Windows\System\ZNBTsDP.exe
  C:\Windows\System\ZNBTsDP.exe
  2⤵
  PID:8288
- C:\Windows\System\GSFcaHa.exe
  C:\Windows\System\GSFcaHa.exe
  2⤵
  PID:8356
- C:\Windows\System\REYXTuf.exe
  C:\Windows\System\REYXTuf.exe
  2⤵
  PID:8340
- C:\Windows\System\QhJOFIv.exe
  C:\Windows\System\QhJOFIv.exe
  2⤵
  PID:8388
- C:\Windows\System\YfSCyMb.exe
  C:\Windows\System\YfSCyMb.exe
  2⤵
  PID:8396
- C:\Windows\System\xQoulSr.exe
  C:\Windows\System\xQoulSr.exe
  2⤵
  PID:8432
- C:\Windows\System\wfDaCGG.exe
  C:\Windows\System\wfDaCGG.exe
  2⤵
  PID:8460
- C:\Windows\System\GAcvjpJ.exe
  C:\Windows\System\GAcvjpJ.exe
  2⤵
  PID:8488
- C:\Windows\System\jWAsmJi.exe
  C:\Windows\System\jWAsmJi.exe
  2⤵
  PID:8500
- C:\Windows\System\XhWouSW.exe
  C:\Windows\System\XhWouSW.exe
  2⤵
  PID:8532
- C:\Windows\System\oibIpBK.exe
  C:\Windows\System\oibIpBK.exe
  2⤵
  PID:8568
- C:\Windows\System\GyIdlFP.exe
  C:\Windows\System\GyIdlFP.exe
  2⤵
  PID:8592
- C:\Windows\System\bhrUhgr.exe
  C:\Windows\System\bhrUhgr.exe
  2⤵
  PID:8616
- C:\Windows\System\qXDPybm.exe
  C:\Windows\System\qXDPybm.exe
  2⤵
  PID:8640
- C:\Windows\System\liobfiQ.exe
  C:\Windows\System\liobfiQ.exe
  2⤵
  PID:8676
- C:\Windows\System\eJsYeLE.exe
  C:\Windows\System\eJsYeLE.exe
  2⤵
  PID:8696
- C:\Windows\System\DpNLSYm.exe
  C:\Windows\System\DpNLSYm.exe
  2⤵
  PID:8736
- C:\Windows\System\tnkaVWA.exe
  C:\Windows\System\tnkaVWA.exe
  2⤵
  PID:8804
- C:\Windows\System\HWIKscY.exe
  C:\Windows\System\HWIKscY.exe
  2⤵
  PID:8828
- C:\Windows\System\rhbmFiB.exe
  C:\Windows\System\rhbmFiB.exe
  2⤵
  PID:8716
- C:\Windows\System\OaNZMDB.exe
  C:\Windows\System\OaNZMDB.exe
  2⤵
  PID:8852
- C:\Windows\System\Kpdhwox.exe
  C:\Windows\System\Kpdhwox.exe
  2⤵
  PID:8928
- C:\Windows\System\yPlWhYl.exe
  C:\Windows\System\yPlWhYl.exe
  2⤵
  PID:8992
- C:\Windows\System\uFzFqNi.exe
  C:\Windows\System\uFzFqNi.exe
  2⤵
  PID:9044
- C:\Windows\System\DYSDdmN.exe
  C:\Windows\System\DYSDdmN.exe
  2⤵
  PID:9124
- C:\Windows\System\HgwEeGj.exe
  C:\Windows\System\HgwEeGj.exe
  2⤵
  PID:9104
- C:\Windows\System\DSEnFlc.exe
  C:\Windows\System\DSEnFlc.exe
  2⤵
  PID:9192
- C:\Windows\System\vSicnRK.exe
  C:\Windows\System\vSicnRK.exe
  2⤵
  PID:9204
- C:\Windows\System\lqSGufm.exe
  C:\Windows\System\lqSGufm.exe
  2⤵
  PID:8256
- C:\Windows\System\pEuWMCP.exe
  C:\Windows\System\pEuWMCP.exe
  2⤵
  PID:8284
- C:\Windows\System\BLnOUoJ.exe
  C:\Windows\System\BLnOUoJ.exe
  2⤵
  PID:8312
- C:\Windows\System\rfwpKkn.exe
  C:\Windows\System\rfwpKkn.exe
  2⤵
  PID:8412
- C:\Windows\System\yxGpXrg.exe
  C:\Windows\System\yxGpXrg.exe
  2⤵
  PID:8528
- C:\Windows\System\ZmTHUGk.exe
  C:\Windows\System\ZmTHUGk.exe
  2⤵
  PID:8624
- C:\Windows\System\fJpPRlZ.exe
  C:\Windows\System\fJpPRlZ.exe
  2⤵
  PID:8800
- C:\Windows\System\aXZiLcR.exe
  C:\Windows\System\aXZiLcR.exe
  2⤵
  PID:8856
- C:\Windows\System\HelbWBt.exe
  C:\Windows\System\HelbWBt.exe
  2⤵
  PID:8864
- C:\Windows\System\iyhckjf.exe
  C:\Windows\System\iyhckjf.exe
  2⤵
  PID:8896
- C:\Windows\System\gMDdvcv.exe
  C:\Windows\System\gMDdvcv.exe
  2⤵
  PID:8844
- C:\Windows\System\stDRSLc.exe
  C:\Windows\System\stDRSLc.exe
  2⤵
  PID:8816
- C:\Windows\System\fawKmHv.exe
  C:\Windows\System\fawKmHv.exe
  2⤵
  PID:8596
- C:\Windows\System\nEklyko.exe
  C:\Windows\System\nEklyko.exe
  2⤵
  PID:8612
- C:\Windows\System\RJPCGBE.exe
  C:\Windows\System\RJPCGBE.exe
  2⤵
  PID:8508
- C:\Windows\System\xPOIbQP.exe
  C:\Windows\System\xPOIbQP.exe
  2⤵
  PID:9012
- C:\Windows\System\BBGphyh.exe
  C:\Windows\System\BBGphyh.exe
  2⤵
  PID:9120
- C:\Windows\System\jdrUkOi.exe
  C:\Windows\System\jdrUkOi.exe
  2⤵
  PID:9188
- C:\Windows\System\lKmjyWT.exe
  C:\Windows\System\lKmjyWT.exe
  2⤵
  PID:9200
- C:\Windows\System\VgpvodT.exe
  C:\Windows\System\VgpvodT.exe
  2⤵
  PID:8200
- C:\Windows\System\uolqAcj.exe
  C:\Windows\System\uolqAcj.exe
  2⤵
  PID:8980
- C:\Windows\System\NemnXUv.exe
  C:\Windows\System\NemnXUv.exe
  2⤵
  PID:8448
- C:\Windows\System\zrVkBMJ.exe
  C:\Windows\System\zrVkBMJ.exe
  2⤵
  PID:8636
- C:\Windows\System\ZuLPpNX.exe
  C:\Windows\System\ZuLPpNX.exe
  2⤵
  PID:8908
- C:\Windows\System\ccTfnKB.exe
  C:\Windows\System\ccTfnKB.exe
  2⤵
  PID:8784
- C:\Windows\System\mXPsfph.exe
  C:\Windows\System\mXPsfph.exe
  2⤵
  PID:8976
- C:\Windows\System\PdGSAnP.exe
  C:\Windows\System\PdGSAnP.exe
  2⤵
  PID:8464
- C:\Windows\System\hbKlZAk.exe
  C:\Windows\System\hbKlZAk.exe
  2⤵
  PID:9020
- C:\Windows\System\muvBMyU.exe
  C:\Windows\System\muvBMyU.exe
  2⤵
  PID:8668
- C:\Windows\System\FVQSOTi.exe
  C:\Windows\System\FVQSOTi.exe
  2⤵
  PID:9184
- C:\Windows\System\qwrtlop.exe
  C:\Windows\System\qwrtlop.exe
  2⤵
  PID:8220
- C:\Windows\System\wwdcHqr.exe
  C:\Windows\System\wwdcHqr.exe
  2⤵
  PID:8280
- C:\Windows\System\FNyqlAR.exe
  C:\Windows\System\FNyqlAR.exe
  2⤵
  PID:8368
- C:\Windows\System\wiKyLac.exe
  C:\Windows\System\wiKyLac.exe
  2⤵
  PID:9016
- C:\Windows\System\gUJfAOT.exe
  C:\Windows\System\gUJfAOT.exe
  2⤵
  PID:9168
- C:\Windows\System\DnoMqpf.exe
  C:\Windows\System\DnoMqpf.exe
  2⤵
  PID:8960
- C:\Windows\System\OyasUsi.exe
  C:\Windows\System\OyasUsi.exe
  2⤵
  PID:8308
- C:\Windows\System\JvBpDOm.exe
  C:\Windows\System\JvBpDOm.exe
  2⤵
  PID:8556
- C:\Windows\System\mXSQJHC.exe
  C:\Windows\System\mXSQJHC.exe
  2⤵
  PID:9028
- C:\Windows\System\HLbedWo.exe
  C:\Windows\System\HLbedWo.exe
  2⤵
  PID:5824
- C:\Windows\System\qVjNGmK.exe
  C:\Windows\System\qVjNGmK.exe
  2⤵
  PID:8300
- C:\Windows\System\InnQqvi.exe
  C:\Windows\System\InnQqvi.exe
  2⤵
  PID:8964
- C:\Windows\System\HkWKxeG.exe
  C:\Windows\System\HkWKxeG.exe
  2⤵
  PID:9136
- C:\Windows\System\CqslCmf.exe
  C:\Windows\System\CqslCmf.exe
  2⤵
  PID:8364
- C:\Windows\System\khhulsJ.exe
  C:\Windows\System\khhulsJ.exe
  2⤵
  PID:8808
- C:\Windows\System\azQjcZb.exe
  C:\Windows\System\azQjcZb.exe
  2⤵
  PID:9040
- C:\Windows\System\WLqVdTR.exe
  C:\Windows\System\WLqVdTR.exe
  2⤵
  PID:9240
- C:\Windows\System\YLEeebJ.exe
  C:\Windows\System\YLEeebJ.exe
  2⤵
  PID:9260
- C:\Windows\System\WSbAmWn.exe
  C:\Windows\System\WSbAmWn.exe
  2⤵
  PID:9284
- C:\Windows\System\TbuWlWF.exe
  C:\Windows\System\TbuWlWF.exe
  2⤵
  PID:9344
- C:\Windows\System\oZpubTF.exe
  C:\Windows\System\oZpubTF.exe
  2⤵
  PID:9364
- C:\Windows\System\zzxqYFe.exe
  C:\Windows\System\zzxqYFe.exe
  2⤵
  PID:9384
- C:\Windows\System\xWnDGaS.exe
  C:\Windows\System\xWnDGaS.exe
  2⤵
  PID:9404
- C:\Windows\System\PLbVvsG.exe
  C:\Windows\System\PLbVvsG.exe
  2⤵
  PID:9420
- C:\Windows\System\BYzBlfm.exe
  C:\Windows\System\BYzBlfm.exe
  2⤵
  PID:9440
- C:\Windows\System\ESYkSAQ.exe
  C:\Windows\System\ESYkSAQ.exe
  2⤵
  PID:9464
- C:\Windows\System\vWJVVLp.exe
  C:\Windows\System\vWJVVLp.exe
  2⤵
  PID:9480
- C:\Windows\System\pSvHzgq.exe
  C:\Windows\System\pSvHzgq.exe
  2⤵
  PID:9496
- C:\Windows\System\lIIdnsh.exe
  C:\Windows\System\lIIdnsh.exe
  2⤵
  PID:9516
- C:\Windows\System\srVCOiZ.exe
  C:\Windows\System\srVCOiZ.exe
  2⤵
  PID:9536
- C:\Windows\System\tBkTqck.exe
  C:\Windows\System\tBkTqck.exe
  2⤵
  PID:9552
- C:\Windows\System\MjRJFgt.exe
  C:\Windows\System\MjRJFgt.exe
  2⤵
  PID:9572
- C:\Windows\System\fGQTKTH.exe
  C:\Windows\System\fGQTKTH.exe
  2⤵
  PID:9588
- C:\Windows\System\OPqAvjw.exe
  C:\Windows\System\OPqAvjw.exe
  2⤵
  PID:9612
- C:\Windows\System\dYKOPyW.exe
  C:\Windows\System\dYKOPyW.exe
  2⤵
  PID:9632
- C:\Windows\System\MIQMRyQ.exe
  C:\Windows\System\MIQMRyQ.exe
  2⤵
  PID:9648
- C:\Windows\System\FPiJYCW.exe
  C:\Windows\System\FPiJYCW.exe
  2⤵
  PID:9664
- C:\Windows\System\AOFYFsH.exe
  C:\Windows\System\AOFYFsH.exe
  2⤵
  PID:9684
- C:\Windows\System\wocyubu.exe
  C:\Windows\System\wocyubu.exe
  2⤵
  PID:9700
- C:\Windows\System\MfcCiCy.exe
  C:\Windows\System\MfcCiCy.exe
  2⤵
  PID:9716
- C:\Windows\System\PfaWfeA.exe
  C:\Windows\System\PfaWfeA.exe
  2⤵
  PID:9736
- C:\Windows\System\FNwQEKA.exe
  C:\Windows\System\FNwQEKA.exe
  2⤵
  PID:9752
- C:\Windows\System\YvRqtiY.exe
  C:\Windows\System\YvRqtiY.exe
  2⤵
  PID:9772
- C:\Windows\System\fyJWgaY.exe
  C:\Windows\System\fyJWgaY.exe
  2⤵
  PID:9792
- C:\Windows\System\holutnD.exe
  C:\Windows\System\holutnD.exe
  2⤵
  PID:9816
- C:\Windows\System\rlDEJgu.exe
  C:\Windows\System\rlDEJgu.exe
  2⤵
  PID:9832
- C:\Windows\System\nrtZUKM.exe
  C:\Windows\System\nrtZUKM.exe
  2⤵
  PID:9860
- C:\Windows\System\XEgkwGA.exe
  C:\Windows\System\XEgkwGA.exe
  2⤵
  PID:9888
- C:\Windows\System\gGTvooB.exe
  C:\Windows\System\gGTvooB.exe
  2⤵
  PID:9924
- C:\Windows\System\meFVLkB.exe
  C:\Windows\System\meFVLkB.exe
  2⤵
  PID:9940
- C:\Windows\System\ceSzooP.exe
  C:\Windows\System\ceSzooP.exe
  2⤵
  PID:9956
- C:\Windows\System\aAKYkwG.exe
  C:\Windows\System\aAKYkwG.exe
  2⤵
  PID:9980
- C:\Windows\System\UUkwPUi.exe
  C:\Windows\System\UUkwPUi.exe
  2⤵
  PID:10000
- C:\Windows\System\TDEQgRX.exe
  C:\Windows\System\TDEQgRX.exe
  2⤵
  PID:10016
- C:\Windows\System\ZORGjLR.exe
  C:\Windows\System\ZORGjLR.exe
  2⤵
  PID:10032
- C:\Windows\System\HliVfnK.exe
  C:\Windows\System\HliVfnK.exe
  2⤵
  PID:10056
- C:\Windows\System\wEbAGzL.exe
  C:\Windows\System\wEbAGzL.exe
  2⤵
  PID:10076
- C:\Windows\System\XfNrTvz.exe
  C:\Windows\System\XfNrTvz.exe
  2⤵
  PID:10100
- C:\Windows\System\jSpTPuo.exe
  C:\Windows\System\jSpTPuo.exe
  2⤵
  PID:10120
- C:\Windows\System\zgWqdjs.exe
  C:\Windows\System\zgWqdjs.exe
  2⤵
  PID:10144
- C:\Windows\System\sRgBNCu.exe
  C:\Windows\System\sRgBNCu.exe
  2⤵
  PID:10160
- C:\Windows\System\nIQoZCI.exe
  C:\Windows\System\nIQoZCI.exe
  2⤵
  PID:10188
- C:\Windows\System\jNxSmID.exe
  C:\Windows\System\jNxSmID.exe
  2⤵
  PID:10204
- C:\Windows\System\ErnnEDU.exe
  C:\Windows\System\ErnnEDU.exe
  2⤵
  PID:10224
- C:\Windows\System\PRpUjvO.exe
  C:\Windows\System\PRpUjvO.exe
  2⤵
  PID:8916
- C:\Windows\System\xLwQCGU.exe
  C:\Windows\System\xLwQCGU.exe
  2⤵
  PID:9220
- C:\Windows\System\xnfIrYe.exe
  C:\Windows\System\xnfIrYe.exe
  2⤵
  PID:8912
- C:\Windows\System\Wdsanhg.exe
  C:\Windows\System\Wdsanhg.exe
  2⤵
  PID:9292
- C:\Windows\System\IDQAZlu.exe
  C:\Windows\System\IDQAZlu.exe
  2⤵
  PID:9332
- C:\Windows\System\dbeqYyO.exe
  C:\Windows\System\dbeqYyO.exe
  2⤵
  PID:9308
- C:\Windows\System\Qlpskmz.exe
  C:\Windows\System\Qlpskmz.exe
  2⤵
  PID:9352
- C:\Windows\System\cTayzyR.exe
  C:\Windows\System\cTayzyR.exe
  2⤵
  PID:9376
- C:\Windows\System\ZQfovjN.exe
  C:\Windows\System\ZQfovjN.exe
  2⤵
  PID:9416
- C:\Windows\System\BMGDHWI.exe
  C:\Windows\System\BMGDHWI.exe
  2⤵
  PID:9456
- C:\Windows\System\VXiphdU.exe
  C:\Windows\System\VXiphdU.exe
  2⤵
  PID:9492
- C:\Windows\System\aEcJMMB.exe
  C:\Windows\System\aEcJMMB.exe
  2⤵
  PID:9568
- C:\Windows\System\eiDXPQS.exe
  C:\Windows\System\eiDXPQS.exe
  2⤵
  PID:9608
- C:\Windows\System\hwDFhSG.exe
  C:\Windows\System\hwDFhSG.exe
  2⤵
  PID:9680
- C:\Windows\System\EVmvXPm.exe
  C:\Windows\System\EVmvXPm.exe
  2⤵
  PID:9764
- C:\Windows\System\wUEXkGX.exe
  C:\Windows\System\wUEXkGX.exe
  2⤵
  PID:9712
- C:\Windows\System\KBJNSop.exe
  C:\Windows\System\KBJNSop.exe
  2⤵
  PID:9780
- C:\Windows\System\jDCPRqf.exe
  C:\Windows\System\jDCPRqf.exe
  2⤵
  PID:9800
- C:\Windows\System\lowUGtP.exe
  C:\Windows\System\lowUGtP.exe
  2⤵
  PID:9584
- C:\Windows\System\JpJvRJR.exe
  C:\Windows\System\JpJvRJR.exe
  2⤵
  PID:9628
- C:\Windows\System\jfnNOxq.exe
  C:\Windows\System\jfnNOxq.exe
  2⤵
  PID:9812
- C:\Windows\System\anNvVGy.exe
  C:\Windows\System\anNvVGy.exe
  2⤵
  PID:9852
- C:\Windows\System\JYcKqfX.exe
  C:\Windows\System\JYcKqfX.exe
  2⤵
  PID:9936
- C:\Windows\System\pmwVgIe.exe
  C:\Windows\System\pmwVgIe.exe
  2⤵
  PID:9908
- C:\Windows\System\MANmSbN.exe
  C:\Windows\System\MANmSbN.exe
  2⤵
  PID:10012
- C:\Windows\System\iTiGmHu.exe
  C:\Windows\System\iTiGmHu.exe
  2⤵
  PID:10052
- C:\Windows\System\oKayQdr.exe
  C:\Windows\System\oKayQdr.exe
  2⤵
  PID:10084
- C:\Windows\System\qAwVTjM.exe
  C:\Windows\System\qAwVTjM.exe
  2⤵
  PID:10096
- C:\Windows\System\sGhOfuX.exe
  C:\Windows\System\sGhOfuX.exe
  2⤵
  PID:9996
- C:\Windows\System\NeDaWbN.exe
  C:\Windows\System\NeDaWbN.exe
  2⤵
  PID:10068
- C:\Windows\System\JHyNcJU.exe
  C:\Windows\System\JHyNcJU.exe
  2⤵
  PID:10116
- C:\Windows\System\hXGyuwe.exe
  C:\Windows\System\hXGyuwe.exe
  2⤵
  PID:10152
- C:\Windows\System\lHsyOoX.exe
  C:\Windows\System\lHsyOoX.exe
  2⤵
  PID:9268
- C:\Windows\System\tUMYFjx.exe
  C:\Windows\System\tUMYFjx.exe
  2⤵
  PID:9300
- C:\Windows\System\hWwCSWF.exe
  C:\Windows\System\hWwCSWF.exe
  2⤵
  PID:9372
- C:\Windows\System\FWitCdd.exe
  C:\Windows\System\FWitCdd.exe
  2⤵
  PID:10236
- C:\Windows\System\xWRxuGT.exe
  C:\Windows\System\xWRxuGT.exe
  2⤵
  PID:9532
- C:\Windows\System\zDttxzZ.exe
  C:\Windows\System\zDttxzZ.exe
  2⤵
  PID:9560
- C:\Windows\System\nHVVkCR.exe
  C:\Windows\System\nHVVkCR.exe
  2⤵
  PID:9672
- C:\Windows\System\HEqOuXS.exe
  C:\Windows\System\HEqOuXS.exe
  2⤵
  PID:9396
- C:\Windows\System\CbrqBiY.exe
  C:\Windows\System\CbrqBiY.exe
  2⤵
  PID:9748
- C:\Windows\System\IyzDLLe.exe
  C:\Windows\System\IyzDLLe.exe
  2⤵
  PID:9476
- C:\Windows\System\pPyqmoZ.exe
  C:\Windows\System\pPyqmoZ.exe
  2⤵
  PID:9784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BkydeVI.exe

Filesize
6.0MB

MD5
37602a403a4858d45a550738446bc30d

SHA1
99a9123ed29e41a7fd38a80c6309bc6ae5244429

SHA256
8a5ab34dac5051b387a387f18009b4dc5ed249449011c43ec791ac95779f4b67

SHA512
672fa81281bbe5ce9e640766de533ba0ff698632c08bca9374c2c67aa55f093a01995e9f9cc2d215400bf0463cbcd0b26985e7a4b673574828ba58004a8a4b6c

Download Submit
C:\Windows\system\CTSuzUA.exe

Filesize
6.0MB

MD5
30814dd1e2e3d5b5d7dc73820c374555

SHA1
9743c36209728cdadf720f5bbfd9ce10d6927e4a

SHA256
3ef71c8eb7d8be1f1c840f65c031ce247edd44047745729b0f613282164bb426

SHA512
3d701a14c2d7fd5f8ba13cf99602c5d5a44d3374f12747fd58937ff81596317ceb72b2fa56f32141e08fdeb204649cd1e868b82df7452afc90a889f1ccb1ea64

Download Submit
C:\Windows\system\GibAVAm.exe

Filesize
6.0MB

MD5
05319416b4020c33fcb14ca3e72cc0ff

SHA1
5d7ea33718ee0e913972f908d7970eb95dafa69d

SHA256
b84b3ccc9b6a84e688707dbb65f02402b50dea33ab801a29ea1b411f554e398a

SHA512
35a0a0b4eb0bffcc82e60bed34a9ee3083af694ccddceca46fee10b7b69241fc893f05a793b1ce2b14383b1752985ff9543155ca0aced38efa67932e9aecdea9

Download Submit
C:\Windows\system\GuHNZmp.exe

Filesize
6.0MB

MD5
c22fa7afa272d3d28330f8d1c8927a36

SHA1
4ebbf17957d023e4ef3347c11b5ee41645d19e07

SHA256
f92675a4a112954791efd697e39f2e76c4ecfe9946883556dbc0f0ec5f3ca997

SHA512
d9e568585f03e2d6fbea8eb3a88547cc8566f27184a281a11d0cf254e35e1e47859134198330494f3107d7d203255e20a5cbf7eda63bb2ccf372f16cd68830bc

Download Submit
C:\Windows\system\HSWzbjs.exe

Filesize
6.0MB

MD5
1de84fefe00b91614a054f2171f14e72

SHA1
79cf2991f80b3dc7a22476333eee2243088af26d

SHA256
0716f7c65c97030aa2911d1d28ba66c4e62161d6cc22dcff8ca232bb28f67ae1

SHA512
3ec71c787af51cdc7ab347347d050946715506184dc8046484db65d6aa0d80189aeffb6ca41b98c52437d166fee227ada30eb55ebea40e1aef42a81709d3ba14

Download Submit
C:\Windows\system\IcJjbtm.exe

Filesize
6.0MB

MD5
5cc1175fa6fca08b772df0df7c3fa23e

SHA1
8886d3e5bc57edfe5add42deacd4546275a15d09

SHA256
6a08d909f8956b8dd97ea4235583c4433762620b683d82e7f61d230f6a06f9c2

SHA512
19ead7eb1661751a60c987ab282cb20a58a8c064c69a21b2c6b402a5d4b1d747f5eb2688995ff747ddf3ef4886eacd78b8d3152eb0baf815f527901110e44810

Download Submit
C:\Windows\system\IglOxvv.exe

Filesize
6.0MB

MD5
4eb725040c71eaf9fbe228892e4e11b9

SHA1
af7b4489459c6f24bbd543be5d8a6c3ef7047cbb

SHA256
0af5107cb09ff2bca9872cb0735585fba7978a491d06de9e2b847e2130220fa4

SHA512
8b731f7588bd559ad1f8ee937a48960a758c06c65203a628213a2ea6b66e8efed936ffb2fcb44796c58912752fbb71abdcac81ed2e91650f67077382cda19c0a

Download Submit
C:\Windows\system\KEjjTRY.exe

Filesize
6.0MB

MD5
1ec8e332c3d7157880cf6487daa45c45

SHA1
e166bbeca865b6a4b9860d5dbf9b8f06416f6e7c

SHA256
f11b3ca1003dfa2a25afa2113cd93930f23da4ccee2154dd8242968587a88343

SHA512
d257b79626f5509afeeaa0ce5bdd23b4244ec737e3268507cc50e4be182ea1946fd5a6198d5db58619b8107d6b17654b00b8da5b18357e8e3e862c605020e452

Download Submit
C:\Windows\system\KJNrFdn.exe

Filesize
6.0MB

MD5
a4278ccdc7fcd484bf346ec0004f0632

SHA1
407ec0f67834e790516b295ef3be72d1a8185d8b

SHA256
e72b71d9101957ddb2a0fb474a162ae97bd1ad8a5005bb28340d5484ef80852d

SHA512
5ad5e5474ef8a6e25a85c2b52242ddaf749601c6c8dec2b6f4d0d8bbaf18bb0d07e3ed3337f3db92d422116a126c86b58d6782081d257b259c29c60948d2f9e6

Download Submit
C:\Windows\system\QKtTimW.exe

Filesize
6.0MB

MD5
d20fa0c80220023bb9ae8c93f7951878

SHA1
e64c1d54d40e6e1255220f675ef6099e659c9488

SHA256
6528b5c478004dd662ed74fe517b3bed6d0fd92de9ca288844f6e1770a64670c

SHA512
d2e9040ec0c93949dd00e4e4f88083f1179d046d197a2eb0e96b84ec8e28f145f6f1be616a3037183cb0c4708ab919579ef79a8936e3cb7c9efab086c3a8403a

Download Submit
C:\Windows\system\UVIFIYh.exe

Filesize
6.0MB

MD5
8d901a5f507b93eb92aa097729a2dc90

SHA1
caa4c87a927597d401b9f6be6f1485bb369b78e3

SHA256
80ee0b18f32fe0bbe8b0a211978f79606ab828fd85d93a54209a45426d6258ee

SHA512
ea90276810117bd18767f883c1989f1300360a9f14676a3e0e611448927fb654dff03b2419d7a66cc3a868fcfc1fc855de761625fc360d5cc094a43fa8dc685a

Download Submit
C:\Windows\system\UtZPpop.exe

Filesize
6.0MB

MD5
c4567700045ae7f7f947221ad4a3cabf

SHA1
5ab58a32826468f91b35afa610633bc981a3b159

SHA256
ad3e6c27109e2e8e7921fe441bc9c737455d3db41afd288261fb26deb09a2962

SHA512
c35cb20f7fd88c7b263ef6dbad62a06157af97c1189a2bb3686402608d096aa1c3267aa28cbfd6dc9ba0c83d05ca3585c2edc280c1288413da30f8bb2137c3c0

Download Submit
C:\Windows\system\VAprLvw.exe

Filesize
6.0MB

MD5
503def407bc6dbd832d8b13113f50106

SHA1
0dc6f6a90133e847255da74aa842545f801034b7

SHA256
17a9ec0a1dd973cf12052db37f3f17f58b6d4c8438d65d5eea8c87593a8158d2

SHA512
399dde5d75d86856cb2b517eecba80e8759730130959d9a7c536cb9c0962892ef191cf4924ab68d41248fa36913ae725d805ec96167b38928e94bb6f6831ac16

Download Submit
C:\Windows\system\VVoaHqY.exe

Filesize
6.0MB

MD5
807798ee9e6c72767008cb71a287d7dd

SHA1
4ca0c5ab9f8c5a2c46df34e48394a8b03321db7d

SHA256
d4177c5fb3824c622eefee0dd5d6f69e1bc3455f508605c7759ccfd8e7bcee79

SHA512
b8c9612bac6914fb97e007da4dde5a7db39e5b87ccf5fe35779526f71385d0ec1f5f5562c1aab756d20f04dafd26b6762ac4dd3304772be9e651206c1b83fe8e

Download Submit
C:\Windows\system\YJkOeNl.exe

Filesize
6.0MB

MD5
8aec2973310394b0c21455ff1e237647

SHA1
68045bfecc59b2bfc7d2430fec392491686681de

SHA256
d01af8a06c747bf298e4103141cac4ea36754a4813029ee44c5fba122ca35821

SHA512
c2d127b693c0d4951407ed8301ad7aeecea0d31cb37e29022fb68ebcfc8ccee38b7798da6647d56fe3c3a59ba432fc2d9f1a616cedfd2919a220f6a5fad2c629

Download Submit
C:\Windows\system\ZxMntXr.exe

Filesize
6.0MB

MD5
1c462f20e719be806eb82fba4fbc1509

SHA1
229ef29ef6626f702f6ca3eeb5cca592876de7cb

SHA256
6eeb0e8f40442a98c554441543b918bb0608915e7c53617ff977863b57be919f

SHA512
2ef7c7c5187ee7e342b65129b45b91eb72c08ede63befa0e0ed455f211ef307e3985b5ab44959109e4e5ed76ef75249eb44cf83e3c5641d590a0b7317c53e99f

Download Submit
C:\Windows\system\amJqUpv.exe

Filesize
6.0MB

MD5
ce832e3ae1eb3bc98800053c74caa4e7

SHA1
dfa9ebc02e2db41444e3ecb54826039851f6a223

SHA256
581b9bd42eb197d48f1453838f10562a26e63c48e0eba0d9d12b65f31d27f457

SHA512
bc1971e81b2e74942cf92300e09a00ae0889e58e318d8f109e1178224b8e17124d3920c84e9ae45b6efc1c813688d92faf11637e11f1fc8a1c4e1ef3e92c4e07

Download Submit
C:\Windows\system\cRahTqh.exe

Filesize
6.0MB

MD5
165f70a7272672d0b053b0c0883a5e3c

SHA1
9b862c4708a9f8811d6fcc14fc11c78bfb19aa2a

SHA256
a683734c89a49a826d9712185f0753c429348f05bf4e33a1f3371963ec4801c8

SHA512
f4e64d769a6e353ac0d83b25ec4bca99f59001e62a5261f86d84a1f8d06d4c6e0fe78eb19cbd99a4bb6a54dd2ca9a60a8851dd6e450d23f6eb6c8860d46614f9

Download Submit
C:\Windows\system\ceYjtRo.exe

Filesize
8B

MD5
14772372203a5d018d2ffac193d18992

SHA1
06cebd2e70580489c6439203171851ca8047c074

SHA256
21c57bb1a82455329f12d89f5975108045f6b3f9a77fd23c506e383c90c7abf6

SHA512
57fd7b91832596687494a007e09b192c79a1de53a10aff12106ba7bbf24cc04056764f9348dd40e7fa6afafe0ad520f0dfc814ee24f4c53b6b2d4bdf8ab57b71

Download Submit
C:\Windows\system\efxPJBU.exe

Filesize
6.0MB

MD5
a50ebbb3a769ffff33634f421295ceea

SHA1
778ba7e413d1a1782016ad82e286ea002ba0ae39

SHA256
75934cc1a1875b2cd123be9b8a6ff847a73990154d6ac6245cca8c5964ef985b

SHA512
d793808f496d701010f0f8052e09246f3b32dc7867f55abd16070b3ed14781480cd24cd20db7d2bf832bbfea702a6ee589c9b1f080a32a2f91b6d65cc5dec5db

Download Submit
C:\Windows\system\gpcHFDz.exe

Filesize
6.0MB

MD5
8e709fe94537a7cc9a83e89824c9423d

SHA1
37b379c80fea3fea4dc4761671d9cba89e1220b6

SHA256
6e64c083b9f13edd966d04ff62dccc75cd646aba4f123cfae31d77d10407757a

SHA512
43bdee12049f0ba8697e609cd2f9b9f03a09b005b05a42c149b2d438976d06acb70d16eb680d049c7dd93511fc1b49a0cea84404feaea2552be64244aa76e338

Download Submit
C:\Windows\system\lpvrsZL.exe

Filesize
6.0MB

MD5
0dcd5898af161636348d765c1c2e541e

SHA1
50767c7d15d365548cd80d5c19e482c3e24e4d9b

SHA256
aeb8bf851d3423f39a8649f9f6f894833552bcfec63a666c866abea4101e238b

SHA512
3ebdb1e250a6e804b3f31627dd774b89c933ac4b3bf40fc088f0689ad99abd30170e60d49dd3ca72ddb36d514e583efff06e73e35e158dde2c523950d44a3348

Download Submit
C:\Windows\system\mXNbAaS.exe

Filesize
6.0MB

MD5
874e3ff3bf4eb7956722399e8c182ae4

SHA1
8b49f856d74838518ace5ce253ac402affb98985

SHA256
e889d5c6d5da2364c877bb818efc895558b51783d7f2898663a438c5a47d58b7

SHA512
dd9db00ece5dc1c944470943573b108e1cfe8b6a4fd79aaeadd0174bc027106bb8e92ddcff048bbe37a3008c37e84eb36e8b0c641807a354008f0dce88e4d18a

Download Submit
C:\Windows\system\ppwOEHe.exe

Filesize
6.0MB

MD5
b3bc533a7867db31621527619576fa21

SHA1
3400220c18f86a16bbe001aa06d2268c950c6b12

SHA256
6f3a0ef7505218bb9beb945dbea57fef6536e84014fa44a8aae2527ae81bfe77

SHA512
3313ef4bdfb577fbe732f9ffb4caf44f0fb6092ea2fb26eec18f0cb1b9e075f1ba131686f83e699a991c7eb8e27be4352bead1828a5232346c74a51980a946a4

Download Submit
C:\Windows\system\sJfvVwC.exe

Filesize
6.0MB

MD5
3db7767e00b016115def68f969aaeb75

SHA1
0346e890da10ce1e91aae7ae9c26a43fbdb80d0c

SHA256
93e3fcf57a4f5729e9b02aea94d353b7175fd4c1523a6eda64bfd1ed7778bd3f

SHA512
2313e4c07bea844543ea8387ad32fa87fabd43b38d7adb034d4fa03d3a922d6c2cf7ffc0a68398880f44d5db2039ffaa0d9b37a6276c0c0541cef56c82cedce1

Download Submit
\Windows\system\RhqTnhD.exe

Filesize
6.0MB

MD5
500f49281f4aaaeb1457b97d3db89c7f

SHA1
0886e431c242db32d840672b54b56079be7e68bc

SHA256
acf944d624d2776522c1dae0a1a234294bad3781201df821fea47aaf9cd3dd53

SHA512
68772df93d60e4c9b016ce88ec4de8e0965af2873f9226882171f3fdb4248615e794b6196fedb4f0c54a620eb31fafd3bf0f83098819cfae393598a31d440bd2

Download Submit
\Windows\system\WwhddbN.exe

Filesize
6.0MB

MD5
4e2d481c19a7b4ba81873415989cd5ad

SHA1
ade93c27e5cbef55e57ef8883187b1f1ee80cc00

SHA256
669d41a4e4e1ab515247cf6e9f98dd031a39359aa5aaa5e95f3c022f2012e7b3

SHA512
efe60eeb018dd162618b6ebf1ba097a1f7fb8d28b9ed004c650bb21d9ea211d2fe00eb6704baceb09132828dd47c67ba061838831cd66efc8ce3c24652154c1b

Download Submit
\Windows\system\XzoBraU.exe

Filesize
6.0MB

MD5
36d0122f4becbf16374800e144bc7cf8

SHA1
fc39d183995b13c05486bff5fcb670fedf1b825a

SHA256
d073057492f43a1a513d62e7587a47e7947748a85bee0bfd0a9c8d0d791bb0d8

SHA512
6bc68cb21a1e185ef4a630cb0c92283e98113b14d1495e4b0d282657df218defe2aa7d087bb71306c4b457a8bcc035cf399fd528dcb7787d5bd90dee0a6dc2a7

Download Submit
\Windows\system\brLfzgu.exe

Filesize
6.0MB

MD5
ee32b087e68f47701b4cadba077d8d39

SHA1
127b88252222b687a1ebdaf993fdf296dcaf59d8

SHA256
f2cd6676248c77571fbd92abea7bcd616bc4f2b7cf29eae940cbaf0c2b153a10

SHA512
315d088a7815b4e38b06357bdbfccda489df9c8bc01f795d5fef3cbc2e0e377544a3ff6a6510d79adf8656f453382dbae6cfb878dcc93fdb57ce191208d755a4

Download Submit
\Windows\system\cdZUmmw.exe

Filesize
6.0MB

MD5
495776fc4cc0cc33d281687c41221ed2

SHA1
a5e6f1a49847ab98006af622d906dabf8e928e81

SHA256
62cf5935e1ad60005a7d53755a8965381ec4aca8f5800652734e8c4493b8ceed

SHA512
9b04a9c18ae9e1bf1c41c9efc6bfe813b8e2586827071d5cc6a5dd96d5643b39e715fb321432abce2fde6b22815427e1a0b8420d1658bffe290c2b1172b50af8

Download Submit
\Windows\system\jreOSwO.exe

Filesize
6.0MB

MD5
ef2e0785bd53c03af9b400ef56aa72b5

SHA1
7f5625f8591d00eac626125d1c925786a4b148e5

SHA256
e8f63a241c89fd4e38181b4c86ccac9af1b262a8a74873d0dd0df43c208bf3eb

SHA512
a6379e92900810dea2a705232e765d1c1a5d568a67eed900342e71a236c06b91d15dee0cdd67ba3517e9d05ee65a62aed563b17e438fc790ab864a84bff3a3a1

Download Submit
\Windows\system\kcabscr.exe

Filesize
6.0MB

MD5
9bca0284602a79cd53f0be42e7a54a3a

SHA1
4d94ea7159107b6679806c712148f136f471efa0

SHA256
bad2e9ec64f5be541b5b85c8831a6639e73fbcd26ebe2c64bf1ad3fc6e62fef3

SHA512
39180e6318eae8f2a91ea7c7b5dee157eee9d58fa05f6d431bef7da7c1003362a559e4af589fb48a05e8f1626ace78c7f2323b9c4b9a88aa69286fd0fd277f58

Download Submit
\Windows\system\xVrbPIK.exe

Filesize
6.0MB

MD5
b027126c5b9f1703fe08d2b3ffaae5fa

SHA1
a6c411e4f458b07e9d5b4251ce4ce058d56d2839

SHA256
c0aef9a8f371038b178fb0f5e974df37b5afc6720b5a182c58d8909fce9d7b23

SHA512
3ca585f193ce55edeaaa538ec91609f64c1e84a7b5ca68236b219fac9edcbf4de0f020f7bdf73aeeef8cc576be508ab6291aca459c75a99a1e5d431241ecc989

Download Submit
memory/768-73-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/768-2915-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1036-84-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1036-2919-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1036-383-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1480-74-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1480-2914-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-466-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2056-88-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2056-2922-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2120-2924-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-780-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-104-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2140-2923-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2140-96-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2140-618-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2172-2921-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2172-82-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2172-303-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2352-68-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-14-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-2879-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-108-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2404-55-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2404-2910-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2664-2880-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-32-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-91-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-95-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-35-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-30-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-78-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2816-34-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2816-44-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2816-17-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-92-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2816-76-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-100-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2816-528-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2816-12-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-103-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2816-65-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2816-109-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2816-49-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-866-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2816-0-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2816-110-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2816-71-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2816-150-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2816-75-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2816-53-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2884-2918-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2884-79-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2956-2883-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-81-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-19-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-8-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-2771-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-38-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download