cobaltstrike | 8edea52b46a57620a05a8167b2e64dc4be91c20bcede1b6688497dc9e3f9578c

Analysis

max time kernel
142s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/11/2024, 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

decf365ff53135550f98511d2a394c49
SHA1

8bc611ec598670f40ff70d0785044d3533af015d
SHA256

8edea52b46a57620a05a8167b2e64dc4be91c20bcede1b6688497dc9e3f9578c
SHA512

763afabfc7a59902bf4090f9615fa1d91e73814d9d2bedce3e05a743573ca76401b51243f9792107b71a451dd3fc272b15c268273231f33a8f2672c977b78a80
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUD:T+q56utgpPF8u/7D

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120f9-3.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017570-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-198.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-156.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-151.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-146.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-141.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-136.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-116.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-86.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-77.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cab-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-96.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-74.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cf0-63.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ca0-48.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c89-39.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016689-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016b86-30.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000164de-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016399-13.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1736-0-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x00080000000120f9-3.dat	xmrig
behavioral1/memory/1584-8-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2716-33-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2908-35-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2420-24-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/1736-40-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/1584-42-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000017570-65.dat	xmrig
behavioral1/files/0x0005000000019237-161.dat	xmrig
behavioral1/files/0x0005000000019354-198.dat	xmrig
behavioral1/memory/2436-819-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2164-638-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2832-348-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000192a1-193.dat	xmrig
behavioral1/files/0x0005000000019299-188.dat	xmrig
behavioral1/files/0x000500000001927a-183.dat	xmrig
behavioral1/files/0x0005000000019274-178.dat	xmrig
behavioral1/files/0x0005000000019261-173.dat	xmrig
behavioral1/memory/2916-169-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001924f-166.dat	xmrig
behavioral1/files/0x0005000000019203-156.dat	xmrig
behavioral1/files/0x0006000000019056-151.dat	xmrig
behavioral1/files/0x0006000000018fdf-146.dat	xmrig
behavioral1/files/0x0006000000018d83-141.dat	xmrig
behavioral1/files/0x0006000000018d7b-136.dat	xmrig
behavioral1/files/0x0006000000018be7-131.dat	xmrig
behavioral1/files/0x0005000000018745-126.dat	xmrig
behavioral1/files/0x000500000001871c-121.dat	xmrig
behavioral1/files/0x000500000001870c-116.dat	xmrig
behavioral1/memory/1736-91-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2880-90-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x000d000000018683-88.dat	xmrig
behavioral1/files/0x0005000000018697-86.dat	xmrig
behavioral1/memory/1736-82-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/memory/1736-113-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/memory/2908-81-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2832-80-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x00060000000175f7-77.dat	xmrig
behavioral1/memory/2640-112-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2332-111-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/1736-100-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2436-99-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/484-60-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2116-58-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/files/0x0009000000016cab-56.dat	xmrig
behavioral1/files/0x0005000000018706-96.dat	xmrig
behavioral1/memory/2164-95-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2716-76-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x00060000000175f1-74.dat	xmrig
behavioral1/memory/1736-73-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/memory/2916-72-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016cf0-63.dat	xmrig
behavioral1/memory/2712-51-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x0007000000016ca0-48.dat	xmrig
behavioral1/memory/2880-41-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c89-39.dat	xmrig
behavioral1/files/0x0008000000016689-21.dat	xmrig
behavioral1/files/0x0007000000016b86-30.dat	xmrig
behavioral1/memory/2116-14-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/files/0x00080000000164de-11.dat	xmrig
behavioral1/files/0x0008000000016399-13.dat	xmrig
behavioral1/memory/2420-2927-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2716-2931-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1584	hYBYeRC.exe
2116	eurphVm.exe
2420	zUSIFeJ.exe
2716	MJkpJLK.exe
2908	sCtGXzu.exe
2880	KHYmIHd.exe
2712	XTLKcMX.exe
484	eqyHktb.exe
2916	ANImzOx.exe
2832	YAyewFX.exe
2164	zgwfPoL.exe
2436	qVheZjc.exe
2332	NEzgRcS.exe
2640	nMtDXCk.exe
928	xCzzgij.exe
2024	BTFPdyw.exe
2820	KPrTEfP.exe
2936	ClrYGdH.exe
1624	SVxmZni.exe
2872	PVyOAsr.exe
2796	FWTIeWa.exe
2704	gCqTpPx.exe
2180	mHZNYYL.exe
600	JehvaIY.exe
684	wDelrDC.exe
340	nNJbHjN.exe
2592	LycPNrM.exe
836	SloQVVP.exe
1760	aWlQoQh.exe
2272	GzKqngx.exe
1548	miPDhkX.exe
3040	HIKREhN.exe
1264	XBmXoYG.exe
1748	FqcEKHG.exe
1080	fQhtDPh.exe
1140	tCAVPEV.exe
2496	VnskULV.exe
2552	McngrkK.exe
1432	VMQpHoz.exe
2560	oeRFrTg.exe
536	CmxdnEA.exe
2476	JHBSGrY.exe
2452	bSTKBPB.exe
1700	CWYHHBt.exe
856	TGLjZQw.exe
1844	xFyBWmk.exe
2492	LKEVvsN.exe
1592	jiDdzyE.exe
1596	EkgUtjJ.exe
2216	LWsdrBY.exe
2544	uceuxQY.exe
2844	NGnTMMY.exe
3036	tMWXzko.exe
2812	fjVMLFc.exe
2656	TwdLMtn.exe
2768	JLCeqka.exe
2596	DCDapJK.exe
2680	GkZoNsR.exe
1740	Szqjnxv.exe
788	thnNnYV.exe
1660	MVsarPk.exe
2648	FPtvmJx.exe
2188	zrnYBOx.exe
2428	xAeoALn.exe

Loads dropped DLL 64 IoCs

pid	Process
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1736-0-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x00080000000120f9-3.dat	upx
behavioral1/memory/1584-8-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2716-33-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2908-35-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2420-24-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/1736-40-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/1584-42-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x0006000000017570-65.dat	upx
behavioral1/files/0x0005000000019237-161.dat	upx
behavioral1/files/0x0005000000019354-198.dat	upx
behavioral1/memory/2436-819-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2164-638-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2832-348-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x00050000000192a1-193.dat	upx
behavioral1/files/0x0005000000019299-188.dat	upx
behavioral1/files/0x000500000001927a-183.dat	upx
behavioral1/files/0x0005000000019274-178.dat	upx
behavioral1/files/0x0005000000019261-173.dat	upx
behavioral1/memory/2916-169-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x000500000001924f-166.dat	upx
behavioral1/files/0x0005000000019203-156.dat	upx
behavioral1/files/0x0006000000019056-151.dat	upx
behavioral1/files/0x0006000000018fdf-146.dat	upx
behavioral1/files/0x0006000000018d83-141.dat	upx
behavioral1/files/0x0006000000018d7b-136.dat	upx
behavioral1/files/0x0006000000018be7-131.dat	upx
behavioral1/files/0x0005000000018745-126.dat	upx
behavioral1/files/0x000500000001871c-121.dat	upx
behavioral1/files/0x000500000001870c-116.dat	upx
behavioral1/memory/2880-90-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x000d000000018683-88.dat	upx
behavioral1/files/0x0005000000018697-86.dat	upx
behavioral1/memory/2908-81-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2832-80-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x00060000000175f7-77.dat	upx
behavioral1/memory/2640-112-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2332-111-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2436-99-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/484-60-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2116-58-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/files/0x0009000000016cab-56.dat	upx
behavioral1/files/0x0005000000018706-96.dat	upx
behavioral1/memory/2164-95-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2716-76-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x00060000000175f1-74.dat	upx
behavioral1/memory/2916-72-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x0008000000016cf0-63.dat	upx
behavioral1/memory/2712-51-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x0007000000016ca0-48.dat	upx
behavioral1/memory/2880-41-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x0007000000016c89-39.dat	upx
behavioral1/files/0x0008000000016689-21.dat	upx
behavioral1/files/0x0007000000016b86-30.dat	upx
behavioral1/memory/2116-14-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/files/0x00080000000164de-11.dat	upx
behavioral1/files/0x0008000000016399-13.dat	upx
behavioral1/memory/2420-2927-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2716-2931-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/1584-2929-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2908-2928-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2880-2939-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2116-2937-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/484-2941-0x000000013F940000-0x000000013FC94000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\uiCWkGQ.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RRnDylq.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbPerBv.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NWiDeKa.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nAZpdpS.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ksWxvmO.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aInPNQL.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qjVIVwn.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITuPZGH.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfbDTad.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tzbUBle.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OlyqmiK.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\psrWOQM.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XFMwTgD.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cMssFym.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\clFixyw.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HRZebiz.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxQOwuU.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CPTeAHY.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WwLLciU.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hTsePKG.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HNFbtuM.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kgjmxKk.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fhpoQeM.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mZhLxfo.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ipitOSq.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mVaQVSk.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VnskULV.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwXfvki.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPdIFfo.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wLRpuGM.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\stHuZxM.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JpPUczn.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqJbCjK.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHzrAqO.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\saSkMku.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vuOEuxh.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrYqfhY.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JNuFDID.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCRaBph.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjVMLFc.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIzKLqx.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kibUYXM.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPpnNPT.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TaMBFWk.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IcCJbaP.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fFMrdjB.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NSTTszR.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDxPYDk.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sxaELbw.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NPDmPjO.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\giRBABu.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFCHlMy.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fUvbHvQ.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KhRyItw.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JiQAOwK.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mShOvEM.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qKOMyzI.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITUYFUR.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VImvnnB.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YrFWRNt.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gdfZbpA.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RfoydAk.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PlCYuRM.exe	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1584	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1736 wrote to memory of 1584	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1736 wrote to memory of 1584	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1736 wrote to memory of 2116	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1736 wrote to memory of 2116	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1736 wrote to memory of 2116	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1736 wrote to memory of 2420	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1736 wrote to memory of 2420	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1736 wrote to memory of 2420	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1736 wrote to memory of 2908	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1736 wrote to memory of 2908	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1736 wrote to memory of 2908	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1736 wrote to memory of 2716	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1736 wrote to memory of 2716	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1736 wrote to memory of 2716	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1736 wrote to memory of 2880	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1736 wrote to memory of 2880	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1736 wrote to memory of 2880	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1736 wrote to memory of 2712	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1736 wrote to memory of 2712	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1736 wrote to memory of 2712	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1736 wrote to memory of 484	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1736 wrote to memory of 484	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1736 wrote to memory of 484	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1736 wrote to memory of 2916	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1736 wrote to memory of 2916	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1736 wrote to memory of 2916	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1736 wrote to memory of 2332	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1736 wrote to memory of 2332	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1736 wrote to memory of 2332	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1736 wrote to memory of 2832	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1736 wrote to memory of 2832	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1736 wrote to memory of 2832	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1736 wrote to memory of 2640	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1736 wrote to memory of 2640	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1736 wrote to memory of 2640	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1736 wrote to memory of 2164	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1736 wrote to memory of 2164	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1736 wrote to memory of 2164	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1736 wrote to memory of 928	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1736 wrote to memory of 928	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1736 wrote to memory of 928	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1736 wrote to memory of 2436	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1736 wrote to memory of 2436	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1736 wrote to memory of 2436	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1736 wrote to memory of 2024	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1736 wrote to memory of 2024	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1736 wrote to memory of 2024	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1736 wrote to memory of 2820	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1736 wrote to memory of 2820	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1736 wrote to memory of 2820	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1736 wrote to memory of 2936	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1736 wrote to memory of 2936	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1736 wrote to memory of 2936	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1736 wrote to memory of 1624	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1736 wrote to memory of 1624	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1736 wrote to memory of 1624	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1736 wrote to memory of 2872	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1736 wrote to memory of 2872	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1736 wrote to memory of 2872	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1736 wrote to memory of 2796	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1736 wrote to memory of 2796	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1736 wrote to memory of 2796	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1736 wrote to memory of 2704	1736	2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-15_decf365ff53135550f98511d2a394c49_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\System\hYBYeRC.exe
  C:\Windows\System\hYBYeRC.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\eurphVm.exe
  C:\Windows\System\eurphVm.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\zUSIFeJ.exe
  C:\Windows\System\zUSIFeJ.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\sCtGXzu.exe
  C:\Windows\System\sCtGXzu.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\MJkpJLK.exe
  C:\Windows\System\MJkpJLK.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\KHYmIHd.exe
  C:\Windows\System\KHYmIHd.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\XTLKcMX.exe
  C:\Windows\System\XTLKcMX.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\eqyHktb.exe
  C:\Windows\System\eqyHktb.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\ANImzOx.exe
  C:\Windows\System\ANImzOx.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\NEzgRcS.exe
  C:\Windows\System\NEzgRcS.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\YAyewFX.exe
  C:\Windows\System\YAyewFX.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\nMtDXCk.exe
  C:\Windows\System\nMtDXCk.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\zgwfPoL.exe
  C:\Windows\System\zgwfPoL.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\xCzzgij.exe
  C:\Windows\System\xCzzgij.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\qVheZjc.exe
  C:\Windows\System\qVheZjc.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\BTFPdyw.exe
  C:\Windows\System\BTFPdyw.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\KPrTEfP.exe
  C:\Windows\System\KPrTEfP.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\ClrYGdH.exe
  C:\Windows\System\ClrYGdH.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\SVxmZni.exe
  C:\Windows\System\SVxmZni.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\PVyOAsr.exe
  C:\Windows\System\PVyOAsr.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\FWTIeWa.exe
  C:\Windows\System\FWTIeWa.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\gCqTpPx.exe
  C:\Windows\System\gCqTpPx.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\mHZNYYL.exe
  C:\Windows\System\mHZNYYL.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\JehvaIY.exe
  C:\Windows\System\JehvaIY.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\wDelrDC.exe
  C:\Windows\System\wDelrDC.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\nNJbHjN.exe
  C:\Windows\System\nNJbHjN.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\LycPNrM.exe
  C:\Windows\System\LycPNrM.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\SloQVVP.exe
  C:\Windows\System\SloQVVP.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\aWlQoQh.exe
  C:\Windows\System\aWlQoQh.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\GzKqngx.exe
  C:\Windows\System\GzKqngx.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\miPDhkX.exe
  C:\Windows\System\miPDhkX.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\HIKREhN.exe
  C:\Windows\System\HIKREhN.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\XBmXoYG.exe
  C:\Windows\System\XBmXoYG.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\FqcEKHG.exe
  C:\Windows\System\FqcEKHG.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\fQhtDPh.exe
  C:\Windows\System\fQhtDPh.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\tCAVPEV.exe
  C:\Windows\System\tCAVPEV.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\VnskULV.exe
  C:\Windows\System\VnskULV.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\McngrkK.exe
  C:\Windows\System\McngrkK.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\VMQpHoz.exe
  C:\Windows\System\VMQpHoz.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\oeRFrTg.exe
  C:\Windows\System\oeRFrTg.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\CmxdnEA.exe
  C:\Windows\System\CmxdnEA.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\JHBSGrY.exe
  C:\Windows\System\JHBSGrY.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\bSTKBPB.exe
  C:\Windows\System\bSTKBPB.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\CWYHHBt.exe
  C:\Windows\System\CWYHHBt.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\TGLjZQw.exe
  C:\Windows\System\TGLjZQw.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\xFyBWmk.exe
  C:\Windows\System\xFyBWmk.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\LKEVvsN.exe
  C:\Windows\System\LKEVvsN.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\jiDdzyE.exe
  C:\Windows\System\jiDdzyE.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\EkgUtjJ.exe
  C:\Windows\System\EkgUtjJ.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\LWsdrBY.exe
  C:\Windows\System\LWsdrBY.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\uceuxQY.exe
  C:\Windows\System\uceuxQY.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\NGnTMMY.exe
  C:\Windows\System\NGnTMMY.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\tMWXzko.exe
  C:\Windows\System\tMWXzko.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\fjVMLFc.exe
  C:\Windows\System\fjVMLFc.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\TwdLMtn.exe
  C:\Windows\System\TwdLMtn.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\JLCeqka.exe
  C:\Windows\System\JLCeqka.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\DCDapJK.exe
  C:\Windows\System\DCDapJK.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\GkZoNsR.exe
  C:\Windows\System\GkZoNsR.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\Szqjnxv.exe
  C:\Windows\System\Szqjnxv.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\thnNnYV.exe
  C:\Windows\System\thnNnYV.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\MVsarPk.exe
  C:\Windows\System\MVsarPk.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\FPtvmJx.exe
  C:\Windows\System\FPtvmJx.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\zrnYBOx.exe
  C:\Windows\System\zrnYBOx.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\xAeoALn.exe
  C:\Windows\System\xAeoALn.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\RXBOcqS.exe
  C:\Windows\System\RXBOcqS.exe
  2⤵
  PID:408
- C:\Windows\System\NljHNmW.exe
  C:\Windows\System\NljHNmW.exe
  2⤵
  PID:2864
- C:\Windows\System\NzjJUVl.exe
  C:\Windows\System\NzjJUVl.exe
  2⤵
  PID:1788
- C:\Windows\System\uXtklsz.exe
  C:\Windows\System\uXtklsz.exe
  2⤵
  PID:1528
- C:\Windows\System\NTrZgYf.exe
  C:\Windows\System\NTrZgYf.exe
  2⤵
  PID:2276
- C:\Windows\System\AxUokAX.exe
  C:\Windows\System\AxUokAX.exe
  2⤵
  PID:1540
- C:\Windows\System\ksWxvmO.exe
  C:\Windows\System\ksWxvmO.exe
  2⤵
  PID:1244
- C:\Windows\System\GTawmoC.exe
  C:\Windows\System\GTawmoC.exe
  2⤵
  PID:1480
- C:\Windows\System\mIQjVOe.exe
  C:\Windows\System\mIQjVOe.exe
  2⤵
  PID:1564
- C:\Windows\System\UaQwPtr.exe
  C:\Windows\System\UaQwPtr.exe
  2⤵
  PID:2268
- C:\Windows\System\vuOEuxh.exe
  C:\Windows\System\vuOEuxh.exe
  2⤵
  PID:1652
- C:\Windows\System\lvYHnDX.exe
  C:\Windows\System\lvYHnDX.exe
  2⤵
  PID:1504
- C:\Windows\System\JktnpWJ.exe
  C:\Windows\System\JktnpWJ.exe
  2⤵
  PID:2076
- C:\Windows\System\bWtSQmR.exe
  C:\Windows\System\bWtSQmR.exe
  2⤵
  PID:2124
- C:\Windows\System\PKDSmWK.exe
  C:\Windows\System\PKDSmWK.exe
  2⤵
  PID:2328
- C:\Windows\System\wNZwAAo.exe
  C:\Windows\System\wNZwAAo.exe
  2⤵
  PID:2392
- C:\Windows\System\BgyXJYs.exe
  C:\Windows\System\BgyXJYs.exe
  2⤵
  PID:2804
- C:\Windows\System\kYLrZEz.exe
  C:\Windows\System\kYLrZEz.exe
  2⤵
  PID:1268
- C:\Windows\System\RfoydAk.exe
  C:\Windows\System\RfoydAk.exe
  2⤵
  PID:1628
- C:\Windows\System\adQATwi.exe
  C:\Windows\System\adQATwi.exe
  2⤵
  PID:568
- C:\Windows\System\PGBXwFX.exe
  C:\Windows\System\PGBXwFX.exe
  2⤵
  PID:2928
- C:\Windows\System\oCkTEcf.exe
  C:\Windows\System\oCkTEcf.exe
  2⤵
  PID:2988
- C:\Windows\System\OyBfiSP.exe
  C:\Windows\System\OyBfiSP.exe
  2⤵
  PID:3088
- C:\Windows\System\LjBJDZg.exe
  C:\Windows\System\LjBJDZg.exe
  2⤵
  PID:3108
- C:\Windows\System\qkiBRJk.exe
  C:\Windows\System\qkiBRJk.exe
  2⤵
  PID:3128
- C:\Windows\System\KdjkpEr.exe
  C:\Windows\System\KdjkpEr.exe
  2⤵
  PID:3148
- C:\Windows\System\GdsvYCH.exe
  C:\Windows\System\GdsvYCH.exe
  2⤵
  PID:3168
- C:\Windows\System\vCCfEio.exe
  C:\Windows\System\vCCfEio.exe
  2⤵
  PID:3188
- C:\Windows\System\OdNxSEc.exe
  C:\Windows\System\OdNxSEc.exe
  2⤵
  PID:3208
- C:\Windows\System\MhJYydU.exe
  C:\Windows\System\MhJYydU.exe
  2⤵
  PID:3228
- C:\Windows\System\JBAlobt.exe
  C:\Windows\System\JBAlobt.exe
  2⤵
  PID:3248
- C:\Windows\System\QllBWpQ.exe
  C:\Windows\System\QllBWpQ.exe
  2⤵
  PID:3268
- C:\Windows\System\VmqvOHJ.exe
  C:\Windows\System\VmqvOHJ.exe
  2⤵
  PID:3288
- C:\Windows\System\fXqtGrx.exe
  C:\Windows\System\fXqtGrx.exe
  2⤵
  PID:3308
- C:\Windows\System\oZgIqaA.exe
  C:\Windows\System\oZgIqaA.exe
  2⤵
  PID:3328
- C:\Windows\System\lwJFcXU.exe
  C:\Windows\System\lwJFcXU.exe
  2⤵
  PID:3348
- C:\Windows\System\bojwuKH.exe
  C:\Windows\System\bojwuKH.exe
  2⤵
  PID:3368
- C:\Windows\System\ALLUPLK.exe
  C:\Windows\System\ALLUPLK.exe
  2⤵
  PID:3388
- C:\Windows\System\vAacbJi.exe
  C:\Windows\System\vAacbJi.exe
  2⤵
  PID:3408
- C:\Windows\System\vpXZhBK.exe
  C:\Windows\System\vpXZhBK.exe
  2⤵
  PID:3428
- C:\Windows\System\wrviDNp.exe
  C:\Windows\System\wrviDNp.exe
  2⤵
  PID:3448
- C:\Windows\System\GWCOzWa.exe
  C:\Windows\System\GWCOzWa.exe
  2⤵
  PID:3468
- C:\Windows\System\AwyRCEP.exe
  C:\Windows\System\AwyRCEP.exe
  2⤵
  PID:3488
- C:\Windows\System\UHdPIig.exe
  C:\Windows\System\UHdPIig.exe
  2⤵
  PID:3508
- C:\Windows\System\IcJOcpK.exe
  C:\Windows\System\IcJOcpK.exe
  2⤵
  PID:3528
- C:\Windows\System\IYUQreO.exe
  C:\Windows\System\IYUQreO.exe
  2⤵
  PID:3548
- C:\Windows\System\aZWivhc.exe
  C:\Windows\System\aZWivhc.exe
  2⤵
  PID:3568
- C:\Windows\System\PQmbhhA.exe
  C:\Windows\System\PQmbhhA.exe
  2⤵
  PID:3588
- C:\Windows\System\laoKJiz.exe
  C:\Windows\System\laoKJiz.exe
  2⤵
  PID:3612
- C:\Windows\System\UvzeezX.exe
  C:\Windows\System\UvzeezX.exe
  2⤵
  PID:3632
- C:\Windows\System\IzTgVHR.exe
  C:\Windows\System\IzTgVHR.exe
  2⤵
  PID:3652
- C:\Windows\System\yzdfutp.exe
  C:\Windows\System\yzdfutp.exe
  2⤵
  PID:3672
- C:\Windows\System\REkPjNW.exe
  C:\Windows\System\REkPjNW.exe
  2⤵
  PID:3692
- C:\Windows\System\pXoNKIo.exe
  C:\Windows\System\pXoNKIo.exe
  2⤵
  PID:3712
- C:\Windows\System\wmoIfQz.exe
  C:\Windows\System\wmoIfQz.exe
  2⤵
  PID:3732
- C:\Windows\System\eSzjmJl.exe
  C:\Windows\System\eSzjmJl.exe
  2⤵
  PID:3752
- C:\Windows\System\AZmBtaA.exe
  C:\Windows\System\AZmBtaA.exe
  2⤵
  PID:3772
- C:\Windows\System\WATuaek.exe
  C:\Windows\System\WATuaek.exe
  2⤵
  PID:3792
- C:\Windows\System\WPSrMmH.exe
  C:\Windows\System\WPSrMmH.exe
  2⤵
  PID:3812
- C:\Windows\System\qpJnwJy.exe
  C:\Windows\System\qpJnwJy.exe
  2⤵
  PID:3832
- C:\Windows\System\YqqRZJq.exe
  C:\Windows\System\YqqRZJq.exe
  2⤵
  PID:3852
- C:\Windows\System\nwLJfTo.exe
  C:\Windows\System\nwLJfTo.exe
  2⤵
  PID:3872
- C:\Windows\System\xzVyYIc.exe
  C:\Windows\System\xzVyYIc.exe
  2⤵
  PID:3892
- C:\Windows\System\vpJVsPv.exe
  C:\Windows\System\vpJVsPv.exe
  2⤵
  PID:3912
- C:\Windows\System\uhKUZHi.exe
  C:\Windows\System\uhKUZHi.exe
  2⤵
  PID:3932
- C:\Windows\System\eRnmlxY.exe
  C:\Windows\System\eRnmlxY.exe
  2⤵
  PID:3952
- C:\Windows\System\xSwLnTC.exe
  C:\Windows\System\xSwLnTC.exe
  2⤵
  PID:3972
- C:\Windows\System\xNniZGQ.exe
  C:\Windows\System\xNniZGQ.exe
  2⤵
  PID:3992
- C:\Windows\System\NoNdkIS.exe
  C:\Windows\System\NoNdkIS.exe
  2⤵
  PID:4012
- C:\Windows\System\ORNcMFM.exe
  C:\Windows\System\ORNcMFM.exe
  2⤵
  PID:4032
- C:\Windows\System\CPTeAHY.exe
  C:\Windows\System\CPTeAHY.exe
  2⤵
  PID:4052
- C:\Windows\System\QERfkCv.exe
  C:\Windows\System\QERfkCv.exe
  2⤵
  PID:4072
- C:\Windows\System\NotPHrz.exe
  C:\Windows\System\NotPHrz.exe
  2⤵
  PID:4092
- C:\Windows\System\CVFRVNp.exe
  C:\Windows\System\CVFRVNp.exe
  2⤵
  PID:2360
- C:\Windows\System\xslwSUM.exe
  C:\Windows\System\xslwSUM.exe
  2⤵
  PID:2992
- C:\Windows\System\frPbZMm.exe
  C:\Windows\System\frPbZMm.exe
  2⤵
  PID:940
- C:\Windows\System\RzUwYle.exe
  C:\Windows\System\RzUwYle.exe
  2⤵
  PID:1300
- C:\Windows\System\bcuAmOG.exe
  C:\Windows\System\bcuAmOG.exe
  2⤵
  PID:2576
- C:\Windows\System\piKANNH.exe
  C:\Windows\System\piKANNH.exe
  2⤵
  PID:3032
- C:\Windows\System\WLYicsF.exe
  C:\Windows\System\WLYicsF.exe
  2⤵
  PID:2384
- C:\Windows\System\cTqfxpw.exe
  C:\Windows\System\cTqfxpw.exe
  2⤵
  PID:572
- C:\Windows\System\YzbSYpV.exe
  C:\Windows\System\YzbSYpV.exe
  2⤵
  PID:888
- C:\Windows\System\eALKCeo.exe
  C:\Windows\System\eALKCeo.exe
  2⤵
  PID:1692
- C:\Windows\System\trHtwoB.exe
  C:\Windows\System\trHtwoB.exe
  2⤵
  PID:264
- C:\Windows\System\RmPTiPR.exe
  C:\Windows\System\RmPTiPR.exe
  2⤵
  PID:908
- C:\Windows\System\ZHZByNt.exe
  C:\Windows\System\ZHZByNt.exe
  2⤵
  PID:1580
- C:\Windows\System\fwScjxO.exe
  C:\Windows\System\fwScjxO.exe
  2⤵
  PID:3076
- C:\Windows\System\EwYwodt.exe
  C:\Windows\System\EwYwodt.exe
  2⤵
  PID:3100
- C:\Windows\System\zjcFuSl.exe
  C:\Windows\System\zjcFuSl.exe
  2⤵
  PID:3120
- C:\Windows\System\jZRqocr.exe
  C:\Windows\System\jZRqocr.exe
  2⤵
  PID:3164
- C:\Windows\System\spQAEgE.exe
  C:\Windows\System\spQAEgE.exe
  2⤵
  PID:3216
- C:\Windows\System\MRPCeUz.exe
  C:\Windows\System\MRPCeUz.exe
  2⤵
  PID:3244
- C:\Windows\System\JFQicOV.exe
  C:\Windows\System\JFQicOV.exe
  2⤵
  PID:3276
- C:\Windows\System\jWOdBum.exe
  C:\Windows\System\jWOdBum.exe
  2⤵
  PID:3300
- C:\Windows\System\ReDJCfq.exe
  C:\Windows\System\ReDJCfq.exe
  2⤵
  PID:3344
- C:\Windows\System\LyPfkyp.exe
  C:\Windows\System\LyPfkyp.exe
  2⤵
  PID:3360
- C:\Windows\System\wpIqbeT.exe
  C:\Windows\System\wpIqbeT.exe
  2⤵
  PID:3416
- C:\Windows\System\MtkqucK.exe
  C:\Windows\System\MtkqucK.exe
  2⤵
  PID:3444
- C:\Windows\System\IfexeKw.exe
  C:\Windows\System\IfexeKw.exe
  2⤵
  PID:3476
- C:\Windows\System\TzXMUfy.exe
  C:\Windows\System\TzXMUfy.exe
  2⤵
  PID:3500
- C:\Windows\System\wKFFMff.exe
  C:\Windows\System\wKFFMff.exe
  2⤵
  PID:3544
- C:\Windows\System\ZgpiaXK.exe
  C:\Windows\System\ZgpiaXK.exe
  2⤵
  PID:3576
- C:\Windows\System\JiJddTM.exe
  C:\Windows\System\JiJddTM.exe
  2⤵
  PID:3596
- C:\Windows\System\RkrSXuG.exe
  C:\Windows\System\RkrSXuG.exe
  2⤵
  PID:3648
- C:\Windows\System\PqvaRVJ.exe
  C:\Windows\System\PqvaRVJ.exe
  2⤵
  PID:3680
- C:\Windows\System\IhfcfeJ.exe
  C:\Windows\System\IhfcfeJ.exe
  2⤵
  PID:3704
- C:\Windows\System\rbZhvcY.exe
  C:\Windows\System\rbZhvcY.exe
  2⤵
  PID:3724
- C:\Windows\System\PrILPPX.exe
  C:\Windows\System\PrILPPX.exe
  2⤵
  PID:3764
- C:\Windows\System\wqXCbbx.exe
  C:\Windows\System\wqXCbbx.exe
  2⤵
  PID:3828
- C:\Windows\System\UxzeLOX.exe
  C:\Windows\System\UxzeLOX.exe
  2⤵
  PID:3848
- C:\Windows\System\SmXWqWH.exe
  C:\Windows\System\SmXWqWH.exe
  2⤵
  PID:3880
- C:\Windows\System\fDBhvem.exe
  C:\Windows\System\fDBhvem.exe
  2⤵
  PID:3920
- C:\Windows\System\iPpbMZd.exe
  C:\Windows\System\iPpbMZd.exe
  2⤵
  PID:3944
- C:\Windows\System\DFIMSvg.exe
  C:\Windows\System\DFIMSvg.exe
  2⤵
  PID:3984
- C:\Windows\System\QKwziwA.exe
  C:\Windows\System\QKwziwA.exe
  2⤵
  PID:4028
- C:\Windows\System\vSlSyTS.exe
  C:\Windows\System\vSlSyTS.exe
  2⤵
  PID:4068
- C:\Windows\System\bsJzQDx.exe
  C:\Windows\System\bsJzQDx.exe
  2⤵
  PID:2440
- C:\Windows\System\ESFpXsb.exe
  C:\Windows\System\ESFpXsb.exe
  2⤵
  PID:1612
- C:\Windows\System\xTYdxCa.exe
  C:\Windows\System\xTYdxCa.exe
  2⤵
  PID:1040
- C:\Windows\System\nxjYEod.exe
  C:\Windows\System\nxjYEod.exe
  2⤵
  PID:844
- C:\Windows\System\fnvgrQp.exe
  C:\Windows\System\fnvgrQp.exe
  2⤵
  PID:2128
- C:\Windows\System\pItFTCh.exe
  C:\Windows\System\pItFTCh.exe
  2⤵
  PID:872
- C:\Windows\System\JWSpSxd.exe
  C:\Windows\System\JWSpSxd.exe
  2⤵
  PID:576
- C:\Windows\System\YDAGnXV.exe
  C:\Windows\System\YDAGnXV.exe
  2⤵
  PID:2144
- C:\Windows\System\eskBbia.exe
  C:\Windows\System\eskBbia.exe
  2⤵
  PID:2968
- C:\Windows\System\iriBXEy.exe
  C:\Windows\System\iriBXEy.exe
  2⤵
  PID:3124
- C:\Windows\System\PuMAdtb.exe
  C:\Windows\System\PuMAdtb.exe
  2⤵
  PID:3176
- C:\Windows\System\IGzzgKp.exe
  C:\Windows\System\IGzzgKp.exe
  2⤵
  PID:3236
- C:\Windows\System\ghMlVYi.exe
  C:\Windows\System\ghMlVYi.exe
  2⤵
  PID:3304
- C:\Windows\System\qIHqmZb.exe
  C:\Windows\System\qIHqmZb.exe
  2⤵
  PID:3320
- C:\Windows\System\MWMvUbN.exe
  C:\Windows\System\MWMvUbN.exe
  2⤵
  PID:3436
- C:\Windows\System\hiivkbA.exe
  C:\Windows\System\hiivkbA.exe
  2⤵
  PID:3464
- C:\Windows\System\gxfLlKz.exe
  C:\Windows\System\gxfLlKz.exe
  2⤵
  PID:4112
- C:\Windows\System\dojUODO.exe
  C:\Windows\System\dojUODO.exe
  2⤵
  PID:4132
- C:\Windows\System\coFvjwK.exe
  C:\Windows\System\coFvjwK.exe
  2⤵
  PID:4152
- C:\Windows\System\RRnDylq.exe
  C:\Windows\System\RRnDylq.exe
  2⤵
  PID:4172
- C:\Windows\System\UeYnTUn.exe
  C:\Windows\System\UeYnTUn.exe
  2⤵
  PID:4192
- C:\Windows\System\aoNXNLl.exe
  C:\Windows\System\aoNXNLl.exe
  2⤵
  PID:4212
- C:\Windows\System\OfzdeMG.exe
  C:\Windows\System\OfzdeMG.exe
  2⤵
  PID:4232
- C:\Windows\System\KyhSysR.exe
  C:\Windows\System\KyhSysR.exe
  2⤵
  PID:4252
- C:\Windows\System\wTQCsTA.exe
  C:\Windows\System\wTQCsTA.exe
  2⤵
  PID:4272
- C:\Windows\System\TXwerCP.exe
  C:\Windows\System\TXwerCP.exe
  2⤵
  PID:4292
- C:\Windows\System\TAHqSYA.exe
  C:\Windows\System\TAHqSYA.exe
  2⤵
  PID:4316
- C:\Windows\System\yWbhgyA.exe
  C:\Windows\System\yWbhgyA.exe
  2⤵
  PID:4336
- C:\Windows\System\zhYVcOn.exe
  C:\Windows\System\zhYVcOn.exe
  2⤵
  PID:4356
- C:\Windows\System\jjPWgYN.exe
  C:\Windows\System\jjPWgYN.exe
  2⤵
  PID:4376
- C:\Windows\System\eVhsnGJ.exe
  C:\Windows\System\eVhsnGJ.exe
  2⤵
  PID:4396
- C:\Windows\System\tzwukDf.exe
  C:\Windows\System\tzwukDf.exe
  2⤵
  PID:4416
- C:\Windows\System\tDsMFKR.exe
  C:\Windows\System\tDsMFKR.exe
  2⤵
  PID:4436
- C:\Windows\System\qPrnvvi.exe
  C:\Windows\System\qPrnvvi.exe
  2⤵
  PID:4456
- C:\Windows\System\ZcpjmPd.exe
  C:\Windows\System\ZcpjmPd.exe
  2⤵
  PID:4476
- C:\Windows\System\vBmEGQo.exe
  C:\Windows\System\vBmEGQo.exe
  2⤵
  PID:4496
- C:\Windows\System\aInPNQL.exe
  C:\Windows\System\aInPNQL.exe
  2⤵
  PID:4516
- C:\Windows\System\LReyDpx.exe
  C:\Windows\System\LReyDpx.exe
  2⤵
  PID:4536
- C:\Windows\System\AkHKsAT.exe
  C:\Windows\System\AkHKsAT.exe
  2⤵
  PID:4556
- C:\Windows\System\qCZrnOD.exe
  C:\Windows\System\qCZrnOD.exe
  2⤵
  PID:4576
- C:\Windows\System\zZAdrWQ.exe
  C:\Windows\System\zZAdrWQ.exe
  2⤵
  PID:4596
- C:\Windows\System\WAgdlrQ.exe
  C:\Windows\System\WAgdlrQ.exe
  2⤵
  PID:4616
- C:\Windows\System\aeYYiSr.exe
  C:\Windows\System\aeYYiSr.exe
  2⤵
  PID:4636
- C:\Windows\System\RAgVCGT.exe
  C:\Windows\System\RAgVCGT.exe
  2⤵
  PID:4656
- C:\Windows\System\QCzsWFQ.exe
  C:\Windows\System\QCzsWFQ.exe
  2⤵
  PID:4676
- C:\Windows\System\zWlFXgw.exe
  C:\Windows\System\zWlFXgw.exe
  2⤵
  PID:4696
- C:\Windows\System\OYdvrpl.exe
  C:\Windows\System\OYdvrpl.exe
  2⤵
  PID:4716
- C:\Windows\System\dhsyPXp.exe
  C:\Windows\System\dhsyPXp.exe
  2⤵
  PID:4736
- C:\Windows\System\kXXkTKI.exe
  C:\Windows\System\kXXkTKI.exe
  2⤵
  PID:4756
- C:\Windows\System\CMIrXmZ.exe
  C:\Windows\System\CMIrXmZ.exe
  2⤵
  PID:4776
- C:\Windows\System\PmzqiYa.exe
  C:\Windows\System\PmzqiYa.exe
  2⤵
  PID:4796
- C:\Windows\System\pjIISoz.exe
  C:\Windows\System\pjIISoz.exe
  2⤵
  PID:4816
- C:\Windows\System\DYJNqWi.exe
  C:\Windows\System\DYJNqWi.exe
  2⤵
  PID:4836
- C:\Windows\System\yMHmRNe.exe
  C:\Windows\System\yMHmRNe.exe
  2⤵
  PID:4856
- C:\Windows\System\VhXXmVS.exe
  C:\Windows\System\VhXXmVS.exe
  2⤵
  PID:4880
- C:\Windows\System\WsstCgh.exe
  C:\Windows\System\WsstCgh.exe
  2⤵
  PID:4900
- C:\Windows\System\KfgGjQK.exe
  C:\Windows\System\KfgGjQK.exe
  2⤵
  PID:4920
- C:\Windows\System\UEkLueU.exe
  C:\Windows\System\UEkLueU.exe
  2⤵
  PID:4944
- C:\Windows\System\LcoRTPS.exe
  C:\Windows\System\LcoRTPS.exe
  2⤵
  PID:4964
- C:\Windows\System\kRYtJhy.exe
  C:\Windows\System\kRYtJhy.exe
  2⤵
  PID:4984
- C:\Windows\System\IhgLWAm.exe
  C:\Windows\System\IhgLWAm.exe
  2⤵
  PID:5004
- C:\Windows\System\aeOjilD.exe
  C:\Windows\System\aeOjilD.exe
  2⤵
  PID:5024
- C:\Windows\System\fSEzUgI.exe
  C:\Windows\System\fSEzUgI.exe
  2⤵
  PID:5044
- C:\Windows\System\tzbUBle.exe
  C:\Windows\System\tzbUBle.exe
  2⤵
  PID:5064
- C:\Windows\System\BdaRpEa.exe
  C:\Windows\System\BdaRpEa.exe
  2⤵
  PID:5084
- C:\Windows\System\LrAQnLe.exe
  C:\Windows\System\LrAQnLe.exe
  2⤵
  PID:5104
- C:\Windows\System\jGGsmtR.exe
  C:\Windows\System\jGGsmtR.exe
  2⤵
  PID:3480
- C:\Windows\System\VscWqJb.exe
  C:\Windows\System\VscWqJb.exe
  2⤵
  PID:3520
- C:\Windows\System\BgdiYyS.exe
  C:\Windows\System\BgdiYyS.exe
  2⤵
  PID:3580
- C:\Windows\System\SAaBFMH.exe
  C:\Windows\System\SAaBFMH.exe
  2⤵
  PID:3660
- C:\Windows\System\SKFHxOx.exe
  C:\Windows\System\SKFHxOx.exe
  2⤵
  PID:3668
- C:\Windows\System\TTtblRd.exe
  C:\Windows\System\TTtblRd.exe
  2⤵
  PID:3768
- C:\Windows\System\jyluWJD.exe
  C:\Windows\System\jyluWJD.exe
  2⤵
  PID:3840
- C:\Windows\System\FhsNhxv.exe
  C:\Windows\System\FhsNhxv.exe
  2⤵
  PID:3888
- C:\Windows\System\mmtFBSx.exe
  C:\Windows\System\mmtFBSx.exe
  2⤵
  PID:3948
- C:\Windows\System\HjoJVqU.exe
  C:\Windows\System\HjoJVqU.exe
  2⤵
  PID:4020
- C:\Windows\System\GPMtgdB.exe
  C:\Windows\System\GPMtgdB.exe
  2⤵
  PID:4060
- C:\Windows\System\trTfDcE.exe
  C:\Windows\System\trTfDcE.exe
  2⤵
  PID:2280
- C:\Windows\System\mFwTcNJ.exe
  C:\Windows\System\mFwTcNJ.exe
  2⤵
  PID:1772
- C:\Windows\System\BNgLChQ.exe
  C:\Windows\System\BNgLChQ.exe
  2⤵
  PID:2484
- C:\Windows\System\FvFCjKJ.exe
  C:\Windows\System\FvFCjKJ.exe
  2⤵
  PID:1716
- C:\Windows\System\pwXfvki.exe
  C:\Windows\System\pwXfvki.exe
  2⤵
  PID:2724
- C:\Windows\System\LodHeGY.exe
  C:\Windows\System\LodHeGY.exe
  2⤵
  PID:2952
- C:\Windows\System\AKdPmXG.exe
  C:\Windows\System\AKdPmXG.exe
  2⤵
  PID:3200
- C:\Windows\System\YrpJhIE.exe
  C:\Windows\System\YrpJhIE.exe
  2⤵
  PID:3280
- C:\Windows\System\dbpeJDP.exe
  C:\Windows\System\dbpeJDP.exe
  2⤵
  PID:3376
- C:\Windows\System\xqtHnvd.exe
  C:\Windows\System\xqtHnvd.exe
  2⤵
  PID:4108
- C:\Windows\System\yqcAGSb.exe
  C:\Windows\System\yqcAGSb.exe
  2⤵
  PID:4148
- C:\Windows\System\OrvqcCr.exe
  C:\Windows\System\OrvqcCr.exe
  2⤵
  PID:4180
- C:\Windows\System\PZLmnSU.exe
  C:\Windows\System\PZLmnSU.exe
  2⤵
  PID:4204
- C:\Windows\System\mciPfwd.exe
  C:\Windows\System\mciPfwd.exe
  2⤵
  PID:4248
- C:\Windows\System\hUldOTR.exe
  C:\Windows\System\hUldOTR.exe
  2⤵
  PID:4264
- C:\Windows\System\gEkTFbb.exe
  C:\Windows\System\gEkTFbb.exe
  2⤵
  PID:4312
- C:\Windows\System\IaqspuO.exe
  C:\Windows\System\IaqspuO.exe
  2⤵
  PID:4352
- C:\Windows\System\oDbzVVA.exe
  C:\Windows\System\oDbzVVA.exe
  2⤵
  PID:4384
- C:\Windows\System\NKztfrh.exe
  C:\Windows\System\NKztfrh.exe
  2⤵
  PID:4388
- C:\Windows\System\Pbtuxwf.exe
  C:\Windows\System\Pbtuxwf.exe
  2⤵
  PID:4452
- C:\Windows\System\wRyweIX.exe
  C:\Windows\System\wRyweIX.exe
  2⤵
  PID:4484
- C:\Windows\System\XCqacmw.exe
  C:\Windows\System\XCqacmw.exe
  2⤵
  PID:4508
- C:\Windows\System\NiEFgYt.exe
  C:\Windows\System\NiEFgYt.exe
  2⤵
  PID:4552
- C:\Windows\System\pTwYUig.exe
  C:\Windows\System\pTwYUig.exe
  2⤵
  PID:4584
- C:\Windows\System\pNbeHMI.exe
  C:\Windows\System\pNbeHMI.exe
  2⤵
  PID:4608
- C:\Windows\System\rcCFBOb.exe
  C:\Windows\System\rcCFBOb.exe
  2⤵
  PID:4652
- C:\Windows\System\VmQUKoe.exe
  C:\Windows\System\VmQUKoe.exe
  2⤵
  PID:4692
- C:\Windows\System\TAbgaEH.exe
  C:\Windows\System\TAbgaEH.exe
  2⤵
  PID:4724
- C:\Windows\System\NhkdZld.exe
  C:\Windows\System\NhkdZld.exe
  2⤵
  PID:4752
- C:\Windows\System\nnCbxRj.exe
  C:\Windows\System\nnCbxRj.exe
  2⤵
  PID:4784
- C:\Windows\System\SVuIScU.exe
  C:\Windows\System\SVuIScU.exe
  2⤵
  PID:4808
- C:\Windows\System\htMmAMh.exe
  C:\Windows\System\htMmAMh.exe
  2⤵
  PID:4828
- C:\Windows\System\BHfdJqI.exe
  C:\Windows\System\BHfdJqI.exe
  2⤵
  PID:4888
- C:\Windows\System\TemKkyh.exe
  C:\Windows\System\TemKkyh.exe
  2⤵
  PID:4912
- C:\Windows\System\jBussyy.exe
  C:\Windows\System\jBussyy.exe
  2⤵
  PID:4960
- C:\Windows\System\OZtfffr.exe
  C:\Windows\System\OZtfffr.exe
  2⤵
  PID:4992
- C:\Windows\System\ANdYjmT.exe
  C:\Windows\System\ANdYjmT.exe
  2⤵
  PID:5016
- C:\Windows\System\vhGZySc.exe
  C:\Windows\System\vhGZySc.exe
  2⤵
  PID:5060
- C:\Windows\System\oqQQKNm.exe
  C:\Windows\System\oqQQKNm.exe
  2⤵
  PID:5092
- C:\Windows\System\ngRLKvl.exe
  C:\Windows\System\ngRLKvl.exe
  2⤵
  PID:3496
- C:\Windows\System\qHvuXqd.exe
  C:\Windows\System\qHvuXqd.exe
  2⤵
  PID:3620
- C:\Windows\System\OIlVlZC.exe
  C:\Windows\System\OIlVlZC.exe
  2⤵
  PID:3708
- C:\Windows\System\acermVb.exe
  C:\Windows\System\acermVb.exe
  2⤵
  PID:3784
- C:\Windows\System\fhpoQeM.exe
  C:\Windows\System\fhpoQeM.exe
  2⤵
  PID:3868
- C:\Windows\System\tFOfTDc.exe
  C:\Windows\System\tFOfTDc.exe
  2⤵
  PID:3884
- C:\Windows\System\gxYzXlw.exe
  C:\Windows\System\gxYzXlw.exe
  2⤵
  PID:4084
- C:\Windows\System\dvatpzc.exe
  C:\Windows\System\dvatpzc.exe
  2⤵
  PID:2512
- C:\Windows\System\fiUafXg.exe
  C:\Windows\System\fiUafXg.exe
  2⤵
  PID:2412
- C:\Windows\System\WfLPLaL.exe
  C:\Windows\System\WfLPLaL.exe
  2⤵
  PID:2772
- C:\Windows\System\NdnQeNF.exe
  C:\Windows\System\NdnQeNF.exe
  2⤵
  PID:3204
- C:\Windows\System\gOjhfbS.exe
  C:\Windows\System\gOjhfbS.exe
  2⤵
  PID:2404
- C:\Windows\System\lWbQXjA.exe
  C:\Windows\System\lWbQXjA.exe
  2⤵
  PID:4100
- C:\Windows\System\fmpOWXc.exe
  C:\Windows\System\fmpOWXc.exe
  2⤵
  PID:4184
- C:\Windows\System\NrtqZff.exe
  C:\Windows\System\NrtqZff.exe
  2⤵
  PID:4228
- C:\Windows\System\nPoOhwq.exe
  C:\Windows\System\nPoOhwq.exe
  2⤵
  PID:4280
- C:\Windows\System\dONzQIr.exe
  C:\Windows\System\dONzQIr.exe
  2⤵
  PID:4344
- C:\Windows\System\hRnGvhj.exe
  C:\Windows\System\hRnGvhj.exe
  2⤵
  PID:4404
- C:\Windows\System\DWADIdG.exe
  C:\Windows\System\DWADIdG.exe
  2⤵
  PID:4428
- C:\Windows\System\imLLNjc.exe
  C:\Windows\System\imLLNjc.exe
  2⤵
  PID:4512
- C:\Windows\System\jIVYCLi.exe
  C:\Windows\System\jIVYCLi.exe
  2⤵
  PID:4548
- C:\Windows\System\hImEFel.exe
  C:\Windows\System\hImEFel.exe
  2⤵
  PID:4588
- C:\Windows\System\BBUFXnw.exe
  C:\Windows\System\BBUFXnw.exe
  2⤵
  PID:4684
- C:\Windows\System\FJhRThR.exe
  C:\Windows\System\FJhRThR.exe
  2⤵
  PID:4704
- C:\Windows\System\xvyAByk.exe
  C:\Windows\System\xvyAByk.exe
  2⤵
  PID:4748
- C:\Windows\System\yXCOGJr.exe
  C:\Windows\System\yXCOGJr.exe
  2⤵
  PID:5128
- C:\Windows\System\OxsdOVX.exe
  C:\Windows\System\OxsdOVX.exe
  2⤵
  PID:5148
- C:\Windows\System\auaSTnI.exe
  C:\Windows\System\auaSTnI.exe
  2⤵
  PID:5168
- C:\Windows\System\stHuZxM.exe
  C:\Windows\System\stHuZxM.exe
  2⤵
  PID:5188
- C:\Windows\System\ZLlpKOn.exe
  C:\Windows\System\ZLlpKOn.exe
  2⤵
  PID:5208
- C:\Windows\System\jpjjLEO.exe
  C:\Windows\System\jpjjLEO.exe
  2⤵
  PID:5228
- C:\Windows\System\PfjFizQ.exe
  C:\Windows\System\PfjFizQ.exe
  2⤵
  PID:5248
- C:\Windows\System\xqTnGZH.exe
  C:\Windows\System\xqTnGZH.exe
  2⤵
  PID:5268
- C:\Windows\System\KnRONVj.exe
  C:\Windows\System\KnRONVj.exe
  2⤵
  PID:5288
- C:\Windows\System\bZnCcrN.exe
  C:\Windows\System\bZnCcrN.exe
  2⤵
  PID:5312
- C:\Windows\System\GJtJYjt.exe
  C:\Windows\System\GJtJYjt.exe
  2⤵
  PID:5332
- C:\Windows\System\efditQo.exe
  C:\Windows\System\efditQo.exe
  2⤵
  PID:5352
- C:\Windows\System\IRFKFng.exe
  C:\Windows\System\IRFKFng.exe
  2⤵
  PID:5372
- C:\Windows\System\xyaOGjx.exe
  C:\Windows\System\xyaOGjx.exe
  2⤵
  PID:5392
- C:\Windows\System\TbPerBv.exe
  C:\Windows\System\TbPerBv.exe
  2⤵
  PID:5412
- C:\Windows\System\NaBEsot.exe
  C:\Windows\System\NaBEsot.exe
  2⤵
  PID:5432
- C:\Windows\System\EqZfStB.exe
  C:\Windows\System\EqZfStB.exe
  2⤵
  PID:5452
- C:\Windows\System\BZFXcxw.exe
  C:\Windows\System\BZFXcxw.exe
  2⤵
  PID:5472
- C:\Windows\System\ySTkMPn.exe
  C:\Windows\System\ySTkMPn.exe
  2⤵
  PID:5492
- C:\Windows\System\xwpKFsK.exe
  C:\Windows\System\xwpKFsK.exe
  2⤵
  PID:5512
- C:\Windows\System\WFfTsOz.exe
  C:\Windows\System\WFfTsOz.exe
  2⤵
  PID:5532
- C:\Windows\System\yKsMtxG.exe
  C:\Windows\System\yKsMtxG.exe
  2⤵
  PID:5552
- C:\Windows\System\mLafban.exe
  C:\Windows\System\mLafban.exe
  2⤵
  PID:5572
- C:\Windows\System\RITBwog.exe
  C:\Windows\System\RITBwog.exe
  2⤵
  PID:5592
- C:\Windows\System\OuAsIel.exe
  C:\Windows\System\OuAsIel.exe
  2⤵
  PID:5612
- C:\Windows\System\pYpFaid.exe
  C:\Windows\System\pYpFaid.exe
  2⤵
  PID:5632
- C:\Windows\System\MjtgrPN.exe
  C:\Windows\System\MjtgrPN.exe
  2⤵
  PID:5652
- C:\Windows\System\CklhGpF.exe
  C:\Windows\System\CklhGpF.exe
  2⤵
  PID:5672
- C:\Windows\System\KvqnPqa.exe
  C:\Windows\System\KvqnPqa.exe
  2⤵
  PID:5692
- C:\Windows\System\EHJEjZX.exe
  C:\Windows\System\EHJEjZX.exe
  2⤵
  PID:5712
- C:\Windows\System\RiLNxAV.exe
  C:\Windows\System\RiLNxAV.exe
  2⤵
  PID:5732
- C:\Windows\System\WyDbozW.exe
  C:\Windows\System\WyDbozW.exe
  2⤵
  PID:5752
- C:\Windows\System\KZjGAuh.exe
  C:\Windows\System\KZjGAuh.exe
  2⤵
  PID:5772
- C:\Windows\System\TTIPCOq.exe
  C:\Windows\System\TTIPCOq.exe
  2⤵
  PID:5792
- C:\Windows\System\WDKcIGE.exe
  C:\Windows\System\WDKcIGE.exe
  2⤵
  PID:5812
- C:\Windows\System\beqAwWM.exe
  C:\Windows\System\beqAwWM.exe
  2⤵
  PID:5832
- C:\Windows\System\PhUTmVt.exe
  C:\Windows\System\PhUTmVt.exe
  2⤵
  PID:5852
- C:\Windows\System\vSKYUoN.exe
  C:\Windows\System\vSKYUoN.exe
  2⤵
  PID:5872
- C:\Windows\System\pBkwaIf.exe
  C:\Windows\System\pBkwaIf.exe
  2⤵
  PID:5892
- C:\Windows\System\EBKFpcp.exe
  C:\Windows\System\EBKFpcp.exe
  2⤵
  PID:5912
- C:\Windows\System\JmbLypB.exe
  C:\Windows\System\JmbLypB.exe
  2⤵
  PID:5932
- C:\Windows\System\hbbhgGb.exe
  C:\Windows\System\hbbhgGb.exe
  2⤵
  PID:5956
- C:\Windows\System\qqdXqKt.exe
  C:\Windows\System\qqdXqKt.exe
  2⤵
  PID:5976
- C:\Windows\System\PfBHNrI.exe
  C:\Windows\System\PfBHNrI.exe
  2⤵
  PID:5996
- C:\Windows\System\OYamqLM.exe
  C:\Windows\System\OYamqLM.exe
  2⤵
  PID:6016
- C:\Windows\System\ehtYxiK.exe
  C:\Windows\System\ehtYxiK.exe
  2⤵
  PID:6036
- C:\Windows\System\gWQPBmn.exe
  C:\Windows\System\gWQPBmn.exe
  2⤵
  PID:6056
- C:\Windows\System\GhaxWag.exe
  C:\Windows\System\GhaxWag.exe
  2⤵
  PID:6076
- C:\Windows\System\yVssVMB.exe
  C:\Windows\System\yVssVMB.exe
  2⤵
  PID:6096
- C:\Windows\System\RprfRVd.exe
  C:\Windows\System\RprfRVd.exe
  2⤵
  PID:6116
- C:\Windows\System\UUUWsRB.exe
  C:\Windows\System\UUUWsRB.exe
  2⤵
  PID:6136
- C:\Windows\System\fGfsqnE.exe
  C:\Windows\System\fGfsqnE.exe
  2⤵
  PID:4864
- C:\Windows\System\UPnEniD.exe
  C:\Windows\System\UPnEniD.exe
  2⤵
  PID:4936
- C:\Windows\System\QCSsLqt.exe
  C:\Windows\System\QCSsLqt.exe
  2⤵
  PID:4956
- C:\Windows\System\XyTPIej.exe
  C:\Windows\System\XyTPIej.exe
  2⤵
  PID:5040
- C:\Windows\System\JamzCqX.exe
  C:\Windows\System\JamzCqX.exe
  2⤵
  PID:5080
- C:\Windows\System\ktXEmzx.exe
  C:\Windows\System\ktXEmzx.exe
  2⤵
  PID:5112
- C:\Windows\System\lGSosed.exe
  C:\Windows\System\lGSosed.exe
  2⤵
  PID:3760
- C:\Windows\System\pmnrgOK.exe
  C:\Windows\System\pmnrgOK.exe
  2⤵
  PID:3980
- C:\Windows\System\NWiDeKa.exe
  C:\Windows\System\NWiDeKa.exe
  2⤵
  PID:4008
- C:\Windows\System\WarmNce.exe
  C:\Windows\System\WarmNce.exe
  2⤵
  PID:2468
- C:\Windows\System\VVxAMxB.exe
  C:\Windows\System\VVxAMxB.exe
  2⤵
  PID:2776
- C:\Windows\System\yGOqpyE.exe
  C:\Windows\System\yGOqpyE.exe
  2⤵
  PID:3364
- C:\Windows\System\YCFWlXr.exe
  C:\Windows\System\YCFWlXr.exe
  2⤵
  PID:4124
- C:\Windows\System\uqcZgYf.exe
  C:\Windows\System\uqcZgYf.exe
  2⤵
  PID:4208
- C:\Windows\System\JpPUczn.exe
  C:\Windows\System\JpPUczn.exe
  2⤵
  PID:4324
- C:\Windows\System\EtzoqFT.exe
  C:\Windows\System\EtzoqFT.exe
  2⤵
  PID:4412
- C:\Windows\System\WKcwolq.exe
  C:\Windows\System\WKcwolq.exe
  2⤵
  PID:4472
- C:\Windows\System\GLpaEcT.exe
  C:\Windows\System\GLpaEcT.exe
  2⤵
  PID:4568
- C:\Windows\System\fxLRCeP.exe
  C:\Windows\System\fxLRCeP.exe
  2⤵
  PID:4708
- C:\Windows\System\fQpAGhj.exe
  C:\Windows\System\fQpAGhj.exe
  2⤵
  PID:4772
- C:\Windows\System\unrIqOu.exe
  C:\Windows\System\unrIqOu.exe
  2⤵
  PID:5156
- C:\Windows\System\mqsgeBU.exe
  C:\Windows\System\mqsgeBU.exe
  2⤵
  PID:5176
- C:\Windows\System\EUFuyaT.exe
  C:\Windows\System\EUFuyaT.exe
  2⤵
  PID:5200
- C:\Windows\System\LePVUwP.exe
  C:\Windows\System\LePVUwP.exe
  2⤵
  PID:5240
- C:\Windows\System\pbkQLUb.exe
  C:\Windows\System\pbkQLUb.exe
  2⤵
  PID:5276
- C:\Windows\System\KMgpeHw.exe
  C:\Windows\System\KMgpeHw.exe
  2⤵
  PID:5300
- C:\Windows\System\NiIxzLw.exe
  C:\Windows\System\NiIxzLw.exe
  2⤵
  PID:5348
- C:\Windows\System\XhpgyqT.exe
  C:\Windows\System\XhpgyqT.exe
  2⤵
  PID:5380
- C:\Windows\System\ueAkviw.exe
  C:\Windows\System\ueAkviw.exe
  2⤵
  PID:5404
- C:\Windows\System\HtPTkzG.exe
  C:\Windows\System\HtPTkzG.exe
  2⤵
  PID:5424
- C:\Windows\System\YaqwbgL.exe
  C:\Windows\System\YaqwbgL.exe
  2⤵
  PID:5480
- C:\Windows\System\UAReIXw.exe
  C:\Windows\System\UAReIXw.exe
  2⤵
  PID:5508
- C:\Windows\System\pVlqueC.exe
  C:\Windows\System\pVlqueC.exe
  2⤵
  PID:5560
- C:\Windows\System\tUiWVcf.exe
  C:\Windows\System\tUiWVcf.exe
  2⤵
  PID:5580
- C:\Windows\System\NkwNcIE.exe
  C:\Windows\System\NkwNcIE.exe
  2⤵
  PID:5604
- C:\Windows\System\xwkePvv.exe
  C:\Windows\System\xwkePvv.exe
  2⤵
  PID:5648
- C:\Windows\System\ZQfRwqY.exe
  C:\Windows\System\ZQfRwqY.exe
  2⤵
  PID:5664
- C:\Windows\System\CWwzFig.exe
  C:\Windows\System\CWwzFig.exe
  2⤵
  PID:5704
- C:\Windows\System\hILXEtl.exe
  C:\Windows\System\hILXEtl.exe
  2⤵
  PID:5748
- C:\Windows\System\IzYPwFf.exe
  C:\Windows\System\IzYPwFf.exe
  2⤵
  PID:5780
- C:\Windows\System\PUXPXvs.exe
  C:\Windows\System\PUXPXvs.exe
  2⤵
  PID:5784
- C:\Windows\System\rsxlvEX.exe
  C:\Windows\System\rsxlvEX.exe
  2⤵
  PID:5824
- C:\Windows\System\PcmlrMv.exe
  C:\Windows\System\PcmlrMv.exe
  2⤵
  PID:5864
- C:\Windows\System\vMLCKid.exe
  C:\Windows\System\vMLCKid.exe
  2⤵
  PID:5920
- C:\Windows\System\TOHXTWC.exe
  C:\Windows\System\TOHXTWC.exe
  2⤵
  PID:5948
- C:\Windows\System\JDcEjcw.exe
  C:\Windows\System\JDcEjcw.exe
  2⤵
  PID:5984
- C:\Windows\System\RFlEAXY.exe
  C:\Windows\System\RFlEAXY.exe
  2⤵
  PID:6008
- C:\Windows\System\iDvoenl.exe
  C:\Windows\System\iDvoenl.exe
  2⤵
  PID:6052
- C:\Windows\System\awbyVAq.exe
  C:\Windows\System\awbyVAq.exe
  2⤵
  PID:6084
- C:\Windows\System\uqASrBr.exe
  C:\Windows\System\uqASrBr.exe
  2⤵
  PID:6124
- C:\Windows\System\nAsmhiG.exe
  C:\Windows\System\nAsmhiG.exe
  2⤵
  PID:4872
- C:\Windows\System\xwjyDlV.exe
  C:\Windows\System\xwjyDlV.exe
  2⤵
  PID:4952
- C:\Windows\System\SFYlCpA.exe
  C:\Windows\System\SFYlCpA.exe
  2⤵
  PID:5020
- C:\Windows\System\mWmRBij.exe
  C:\Windows\System\mWmRBij.exe
  2⤵
  PID:5036
- C:\Windows\System\XSkWMKW.exe
  C:\Windows\System\XSkWMKW.exe
  2⤵
  PID:3820
- C:\Windows\System\PirPEge.exe
  C:\Windows\System\PirPEge.exe
  2⤵
  PID:1524
- C:\Windows\System\xdRADSm.exe
  C:\Windows\System\xdRADSm.exe
  2⤵
  PID:3048
- C:\Windows\System\ItApRsP.exe
  C:\Windows\System\ItApRsP.exe
  2⤵
  PID:3420
- C:\Windows\System\QKkZGMY.exe
  C:\Windows\System\QKkZGMY.exe
  2⤵
  PID:4260
- C:\Windows\System\lAhqNQw.exe
  C:\Windows\System\lAhqNQw.exe
  2⤵
  PID:4348
- C:\Windows\System\uiCWkGQ.exe
  C:\Windows\System\uiCWkGQ.exe
  2⤵
  PID:4468
- C:\Windows\System\jrYqfhY.exe
  C:\Windows\System\jrYqfhY.exe
  2⤵
  PID:4628
- C:\Windows\System\wFeHJDi.exe
  C:\Windows\System\wFeHJDi.exe
  2⤵
  PID:5144
- C:\Windows\System\skOhbnM.exe
  C:\Windows\System\skOhbnM.exe
  2⤵
  PID:5236
- C:\Windows\System\VnDRFGV.exe
  C:\Windows\System\VnDRFGV.exe
  2⤵
  PID:2104
- C:\Windows\System\iGCwXyM.exe
  C:\Windows\System\iGCwXyM.exe
  2⤵
  PID:5296
- C:\Windows\System\kDVgINr.exe
  C:\Windows\System\kDVgINr.exe
  2⤵
  PID:5364
- C:\Windows\System\Oqjlchy.exe
  C:\Windows\System\Oqjlchy.exe
  2⤵
  PID:5428
- C:\Windows\System\SNJmbwH.exe
  C:\Windows\System\SNJmbwH.exe
  2⤵
  PID:5484
- C:\Windows\System\BlfrqkV.exe
  C:\Windows\System\BlfrqkV.exe
  2⤵
  PID:5540
- C:\Windows\System\HOMCkGx.exe
  C:\Windows\System\HOMCkGx.exe
  2⤵
  PID:5584
- C:\Windows\System\eNddCoI.exe
  C:\Windows\System\eNddCoI.exe
  2⤵
  PID:5628
- C:\Windows\System\xwuobYk.exe
  C:\Windows\System\xwuobYk.exe
  2⤵
  PID:5708
- C:\Windows\System\bepTLee.exe
  C:\Windows\System\bepTLee.exe
  2⤵
  PID:5768
- C:\Windows\System\BIXXkzL.exe
  C:\Windows\System\BIXXkzL.exe
  2⤵
  PID:5808
- C:\Windows\System\BobxoFI.exe
  C:\Windows\System\BobxoFI.exe
  2⤵
  PID:5868
- C:\Windows\System\UiCYDdF.exe
  C:\Windows\System\UiCYDdF.exe
  2⤵
  PID:5928
- C:\Windows\System\FaTSUOx.exe
  C:\Windows\System\FaTSUOx.exe
  2⤵
  PID:5972
- C:\Windows\System\OpikTgV.exe
  C:\Windows\System\OpikTgV.exe
  2⤵
  PID:6164
- C:\Windows\System\uelNAHi.exe
  C:\Windows\System\uelNAHi.exe
  2⤵
  PID:6184
- C:\Windows\System\vYgqTrh.exe
  C:\Windows\System\vYgqTrh.exe
  2⤵
  PID:6204
- C:\Windows\System\EiqzgiT.exe
  C:\Windows\System\EiqzgiT.exe
  2⤵
  PID:6224
- C:\Windows\System\gzYOQoD.exe
  C:\Windows\System\gzYOQoD.exe
  2⤵
  PID:6244
- C:\Windows\System\bOeYnBJ.exe
  C:\Windows\System\bOeYnBJ.exe
  2⤵
  PID:6264
- C:\Windows\System\kaJMZkZ.exe
  C:\Windows\System\kaJMZkZ.exe
  2⤵
  PID:6284
- C:\Windows\System\JVbuwPP.exe
  C:\Windows\System\JVbuwPP.exe
  2⤵
  PID:6304
- C:\Windows\System\bPOrkzP.exe
  C:\Windows\System\bPOrkzP.exe
  2⤵
  PID:6324
- C:\Windows\System\ESfxMyE.exe
  C:\Windows\System\ESfxMyE.exe
  2⤵
  PID:6348
- C:\Windows\System\KrOLhak.exe
  C:\Windows\System\KrOLhak.exe
  2⤵
  PID:6368
- C:\Windows\System\EowPqAT.exe
  C:\Windows\System\EowPqAT.exe
  2⤵
  PID:6388
- C:\Windows\System\WwLLciU.exe
  C:\Windows\System\WwLLciU.exe
  2⤵
  PID:6408
- C:\Windows\System\OkKspcZ.exe
  C:\Windows\System\OkKspcZ.exe
  2⤵
  PID:6428
- C:\Windows\System\QgwLoDW.exe
  C:\Windows\System\QgwLoDW.exe
  2⤵
  PID:6448
- C:\Windows\System\sxaELbw.exe
  C:\Windows\System\sxaELbw.exe
  2⤵
  PID:6468
- C:\Windows\System\zgPKnFC.exe
  C:\Windows\System\zgPKnFC.exe
  2⤵
  PID:6488
- C:\Windows\System\axkLuLd.exe
  C:\Windows\System\axkLuLd.exe
  2⤵
  PID:6508
- C:\Windows\System\vOBgzKl.exe
  C:\Windows\System\vOBgzKl.exe
  2⤵
  PID:6528
- C:\Windows\System\JYbtoGv.exe
  C:\Windows\System\JYbtoGv.exe
  2⤵
  PID:6548
- C:\Windows\System\pEJVubO.exe
  C:\Windows\System\pEJVubO.exe
  2⤵
  PID:6568
- C:\Windows\System\HCViDGE.exe
  C:\Windows\System\HCViDGE.exe
  2⤵
  PID:6588
- C:\Windows\System\SZdnaIY.exe
  C:\Windows\System\SZdnaIY.exe
  2⤵
  PID:6608
- C:\Windows\System\ozQejvg.exe
  C:\Windows\System\ozQejvg.exe
  2⤵
  PID:6628
- C:\Windows\System\sMhdTli.exe
  C:\Windows\System\sMhdTli.exe
  2⤵
  PID:6648
- C:\Windows\System\twpZHPF.exe
  C:\Windows\System\twpZHPF.exe
  2⤵
  PID:6668
- C:\Windows\System\PNZKwcB.exe
  C:\Windows\System\PNZKwcB.exe
  2⤵
  PID:6688
- C:\Windows\System\crGmLND.exe
  C:\Windows\System\crGmLND.exe
  2⤵
  PID:6708
- C:\Windows\System\BYxFCYq.exe
  C:\Windows\System\BYxFCYq.exe
  2⤵
  PID:6728
- C:\Windows\System\weYhLiB.exe
  C:\Windows\System\weYhLiB.exe
  2⤵
  PID:6748
- C:\Windows\System\SXVuVWa.exe
  C:\Windows\System\SXVuVWa.exe
  2⤵
  PID:6768
- C:\Windows\System\boMPzYx.exe
  C:\Windows\System\boMPzYx.exe
  2⤵
  PID:6788
- C:\Windows\System\KzGiPyY.exe
  C:\Windows\System\KzGiPyY.exe
  2⤵
  PID:6808
- C:\Windows\System\zZmnzHK.exe
  C:\Windows\System\zZmnzHK.exe
  2⤵
  PID:6828
- C:\Windows\System\JyMBify.exe
  C:\Windows\System\JyMBify.exe
  2⤵
  PID:6848
- C:\Windows\System\WSSkbZF.exe
  C:\Windows\System\WSSkbZF.exe
  2⤵
  PID:6868
- C:\Windows\System\EVkXgUu.exe
  C:\Windows\System\EVkXgUu.exe
  2⤵
  PID:6888
- C:\Windows\System\kIWUIIB.exe
  C:\Windows\System\kIWUIIB.exe
  2⤵
  PID:6908
- C:\Windows\System\sXhxmKb.exe
  C:\Windows\System\sXhxmKb.exe
  2⤵
  PID:6928
- C:\Windows\System\qZdUKez.exe
  C:\Windows\System\qZdUKez.exe
  2⤵
  PID:6948
- C:\Windows\System\nmlfJsf.exe
  C:\Windows\System\nmlfJsf.exe
  2⤵
  PID:6968
- C:\Windows\System\tsCWktb.exe
  C:\Windows\System\tsCWktb.exe
  2⤵
  PID:6988
- C:\Windows\System\RMVRBHp.exe
  C:\Windows\System\RMVRBHp.exe
  2⤵
  PID:7012
- C:\Windows\System\bcDiugf.exe
  C:\Windows\System\bcDiugf.exe
  2⤵
  PID:7032
- C:\Windows\System\bpIdlCB.exe
  C:\Windows\System\bpIdlCB.exe
  2⤵
  PID:7052
- C:\Windows\System\NPDmPjO.exe
  C:\Windows\System\NPDmPjO.exe
  2⤵
  PID:7072
- C:\Windows\System\qVPTAhE.exe
  C:\Windows\System\qVPTAhE.exe
  2⤵
  PID:7092
- C:\Windows\System\MBweuIR.exe
  C:\Windows\System\MBweuIR.exe
  2⤵
  PID:7112
- C:\Windows\System\hBkXZbQ.exe
  C:\Windows\System\hBkXZbQ.exe
  2⤵
  PID:7132
- C:\Windows\System\ktDQNBz.exe
  C:\Windows\System\ktDQNBz.exe
  2⤵
  PID:7152
- C:\Windows\System\AcKTpjN.exe
  C:\Windows\System\AcKTpjN.exe
  2⤵
  PID:5988
- C:\Windows\System\cMssFym.exe
  C:\Windows\System\cMssFym.exe
  2⤵
  PID:6064
- C:\Windows\System\RDBAHwI.exe
  C:\Windows\System\RDBAHwI.exe
  2⤵
  PID:6104
- C:\Windows\System\TJFkZTq.exe
  C:\Windows\System\TJFkZTq.exe
  2⤵
  PID:4892
- C:\Windows\System\LpWhaiL.exe
  C:\Windows\System\LpWhaiL.exe
  2⤵
  PID:4932
- C:\Windows\System\tmXkmzF.exe
  C:\Windows\System\tmXkmzF.exe
  2⤵
  PID:3800
- C:\Windows\System\fqSJVLX.exe
  C:\Windows\System\fqSJVLX.exe
  2⤵
  PID:3184
- C:\Windows\System\DlwDiru.exe
  C:\Windows\System\DlwDiru.exe
  2⤵
  PID:4200
- C:\Windows\System\VKdeBzo.exe
  C:\Windows\System\VKdeBzo.exe
  2⤵
  PID:4300
- C:\Windows\System\xTxITPi.exe
  C:\Windows\System\xTxITPi.exe
  2⤵
  PID:4664
- C:\Windows\System\PlCYuRM.exe
  C:\Windows\System\PlCYuRM.exe
  2⤵
  PID:5160
- C:\Windows\System\jSjEnTy.exe
  C:\Windows\System\jSjEnTy.exe
  2⤵
  PID:5244
- C:\Windows\System\RJdEMWX.exe
  C:\Windows\System\RJdEMWX.exe
  2⤵
  PID:5360
- C:\Windows\System\SyUQANk.exe
  C:\Windows\System\SyUQANk.exe
  2⤵
  PID:5448
- C:\Windows\System\PlwJGCD.exe
  C:\Windows\System\PlwJGCD.exe
  2⤵
  PID:5500
- C:\Windows\System\cRFxAix.exe
  C:\Windows\System\cRFxAix.exe
  2⤵
  PID:5624
- C:\Windows\System\XetmboF.exe
  C:\Windows\System\XetmboF.exe
  2⤵
  PID:5728
- C:\Windows\System\SDwSzke.exe
  C:\Windows\System\SDwSzke.exe
  2⤵
  PID:5828
- C:\Windows\System\xXKXJCH.exe
  C:\Windows\System\xXKXJCH.exe
  2⤵
  PID:5884
- C:\Windows\System\VvLuFPr.exe
  C:\Windows\System\VvLuFPr.exe
  2⤵
  PID:6152
- C:\Windows\System\urErKRQ.exe
  C:\Windows\System\urErKRQ.exe
  2⤵
  PID:6176
- C:\Windows\System\iBCqKvf.exe
  C:\Windows\System\iBCqKvf.exe
  2⤵
  PID:6196
- C:\Windows\System\EWeOHKB.exe
  C:\Windows\System\EWeOHKB.exe
  2⤵
  PID:6236
- C:\Windows\System\CjFrGjo.exe
  C:\Windows\System\CjFrGjo.exe
  2⤵
  PID:6276
- C:\Windows\System\SnXHYmu.exe
  C:\Windows\System\SnXHYmu.exe
  2⤵
  PID:6316
- C:\Windows\System\faaYIBu.exe
  C:\Windows\System\faaYIBu.exe
  2⤵
  PID:6364
- C:\Windows\System\jhttTOn.exe
  C:\Windows\System\jhttTOn.exe
  2⤵
  PID:6396
- C:\Windows\System\oLzBkpI.exe
  C:\Windows\System\oLzBkpI.exe
  2⤵
  PID:6420
- C:\Windows\System\HAGqfJo.exe
  C:\Windows\System\HAGqfJo.exe
  2⤵
  PID:6440
- C:\Windows\System\ENnuqEY.exe
  C:\Windows\System\ENnuqEY.exe
  2⤵
  PID:6480
- C:\Windows\System\TereXQU.exe
  C:\Windows\System\TereXQU.exe
  2⤵
  PID:6520
- C:\Windows\System\JcRrfQF.exe
  C:\Windows\System\JcRrfQF.exe
  2⤵
  PID:6564
- C:\Windows\System\MbMbhIJ.exe
  C:\Windows\System\MbMbhIJ.exe
  2⤵
  PID:6596
- C:\Windows\System\lCFeKMm.exe
  C:\Windows\System\lCFeKMm.exe
  2⤵
  PID:6620
- C:\Windows\System\irYBWKP.exe
  C:\Windows\System\irYBWKP.exe
  2⤵
  PID:6664
- C:\Windows\System\coFkoOs.exe
  C:\Windows\System\coFkoOs.exe
  2⤵
  PID:6696
- C:\Windows\System\wRcNXio.exe
  C:\Windows\System\wRcNXio.exe
  2⤵
  PID:6720
- C:\Windows\System\tbgzmHW.exe
  C:\Windows\System\tbgzmHW.exe
  2⤵
  PID:6764
- C:\Windows\System\thfRysR.exe
  C:\Windows\System\thfRysR.exe
  2⤵
  PID:6796
- C:\Windows\System\iYDbQmv.exe
  C:\Windows\System\iYDbQmv.exe
  2⤵
  PID:6820
- C:\Windows\System\ehXuymc.exe
  C:\Windows\System\ehXuymc.exe
  2⤵
  PID:6864
- C:\Windows\System\GYRNwjL.exe
  C:\Windows\System\GYRNwjL.exe
  2⤵
  PID:6896
- C:\Windows\System\xSKUzEp.exe
  C:\Windows\System\xSKUzEp.exe
  2⤵
  PID:6920
- C:\Windows\System\nczVFIs.exe
  C:\Windows\System\nczVFIs.exe
  2⤵
  PID:6964
- C:\Windows\System\FzIYxda.exe
  C:\Windows\System\FzIYxda.exe
  2⤵
  PID:6996
- C:\Windows\System\DSIkTzv.exe
  C:\Windows\System\DSIkTzv.exe
  2⤵
  PID:7024
- C:\Windows\System\dtyCPwW.exe
  C:\Windows\System\dtyCPwW.exe
  2⤵
  PID:7068
- C:\Windows\System\sJWtbzC.exe
  C:\Windows\System\sJWtbzC.exe
  2⤵
  PID:7108
- C:\Windows\System\JcoFddv.exe
  C:\Windows\System\JcoFddv.exe
  2⤵
  PID:7148
- C:\Windows\System\nAZpdpS.exe
  C:\Windows\System\nAZpdpS.exe
  2⤵
  PID:6012
- C:\Windows\System\mYCrvSu.exe
  C:\Windows\System\mYCrvSu.exe
  2⤵
  PID:6112
- C:\Windows\System\tYcAauD.exe
  C:\Windows\System\tYcAauD.exe
  2⤵
  PID:4980
- C:\Windows\System\bIyXMoV.exe
  C:\Windows\System\bIyXMoV.exe
  2⤵
  PID:3864
- C:\Windows\System\NxDwWfY.exe
  C:\Windows\System\NxDwWfY.exe
  2⤵
  PID:3096
- C:\Windows\System\SReOncR.exe
  C:\Windows\System\SReOncR.exe
  2⤵
  PID:4688
- C:\Windows\System\ExGMQHE.exe
  C:\Windows\System\ExGMQHE.exe
  2⤵
  PID:5124
- C:\Windows\System\paAXIKK.exe
  C:\Windows\System\paAXIKK.exe
  2⤵
  PID:5324
- C:\Windows\System\mGIPVNF.exe
  C:\Windows\System\mGIPVNF.exe
  2⤵
  PID:5408
- C:\Windows\System\HPizAMl.exe
  C:\Windows\System\HPizAMl.exe
  2⤵
  PID:5468
- C:\Windows\System\kynPNVC.exe
  C:\Windows\System\kynPNVC.exe
  2⤵
  PID:5804
- C:\Windows\System\rqqTflM.exe
  C:\Windows\System\rqqTflM.exe
  2⤵
  PID:5924
- C:\Windows\System\DmMLSlQ.exe
  C:\Windows\System\DmMLSlQ.exe
  2⤵
  PID:6220
- C:\Windows\System\NVShCVk.exe
  C:\Windows\System\NVShCVk.exe
  2⤵
  PID:6252
- C:\Windows\System\lJxtVQp.exe
  C:\Windows\System\lJxtVQp.exe
  2⤵
  PID:6296
- C:\Windows\System\fdFSVDB.exe
  C:\Windows\System\fdFSVDB.exe
  2⤵
  PID:6312
- C:\Windows\System\qrGzybT.exe
  C:\Windows\System\qrGzybT.exe
  2⤵
  PID:6400
- C:\Windows\System\eULfxjF.exe
  C:\Windows\System\eULfxjF.exe
  2⤵
  PID:6464
- C:\Windows\System\nJoQurk.exe
  C:\Windows\System\nJoQurk.exe
  2⤵
  PID:6524
- C:\Windows\System\JMMmotK.exe
  C:\Windows\System\JMMmotK.exe
  2⤵
  PID:6624
- C:\Windows\System\nnOhHIU.exe
  C:\Windows\System\nnOhHIU.exe
  2⤵
  PID:6644
- C:\Windows\System\WjodLnX.exe
  C:\Windows\System\WjodLnX.exe
  2⤵
  PID:6700
- C:\Windows\System\ocloRpE.exe
  C:\Windows\System\ocloRpE.exe
  2⤵
  PID:6740
- C:\Windows\System\vxxUPpB.exe
  C:\Windows\System\vxxUPpB.exe
  2⤵
  PID:6780
- C:\Windows\System\gIirmVO.exe
  C:\Windows\System\gIirmVO.exe
  2⤵
  PID:6856
- C:\Windows\System\AEwRHqU.exe
  C:\Windows\System\AEwRHqU.exe
  2⤵
  PID:6900
- C:\Windows\System\zESpDWZ.exe
  C:\Windows\System\zESpDWZ.exe
  2⤵
  PID:6956
- C:\Windows\System\uWRQMIQ.exe
  C:\Windows\System\uWRQMIQ.exe
  2⤵
  PID:7004
- C:\Windows\System\GqyTMup.exe
  C:\Windows\System\GqyTMup.exe
  2⤵
  PID:7060
- C:\Windows\System\BZafijg.exe
  C:\Windows\System\BZafijg.exe
  2⤵
  PID:7140
- C:\Windows\System\sSeBDgT.exe
  C:\Windows\System\sSeBDgT.exe
  2⤵
  PID:6132
- C:\Windows\System\dZJezbo.exe
  C:\Windows\System\dZJezbo.exe
  2⤵
  PID:1120
- C:\Windows\System\ZCtpNud.exe
  C:\Windows\System\ZCtpNud.exe
  2⤵
  PID:4080
- C:\Windows\System\DdfXtYv.exe
  C:\Windows\System\DdfXtYv.exe
  2⤵
  PID:4120
- C:\Windows\System\dlXUrgk.exe
  C:\Windows\System\dlXUrgk.exe
  2⤵
  PID:5264
- C:\Windows\System\pmJJZCe.exe
  C:\Windows\System\pmJJZCe.exe
  2⤵
  PID:5600
- C:\Windows\System\mFcnBmJ.exe
  C:\Windows\System\mFcnBmJ.exe
  2⤵
  PID:5968
- C:\Windows\System\NajNrHY.exe
  C:\Windows\System\NajNrHY.exe
  2⤵
  PID:6156
- C:\Windows\System\deYZqhh.exe
  C:\Windows\System\deYZqhh.exe
  2⤵
  PID:6292
- C:\Windows\System\JcskLIJ.exe
  C:\Windows\System\JcskLIJ.exe
  2⤵
  PID:6404
- C:\Windows\System\PzqcFGF.exe
  C:\Windows\System\PzqcFGF.exe
  2⤵
  PID:6544
- C:\Windows\System\RPLdYil.exe
  C:\Windows\System\RPLdYil.exe
  2⤵
  PID:6540
- C:\Windows\System\UGwygwF.exe
  C:\Windows\System\UGwygwF.exe
  2⤵
  PID:2800
- C:\Windows\System\nCiPmmZ.exe
  C:\Windows\System\nCiPmmZ.exe
  2⤵
  PID:7172
- C:\Windows\System\uhJhmgN.exe
  C:\Windows\System\uhJhmgN.exe
  2⤵
  PID:7192
- C:\Windows\System\TQvmctX.exe
  C:\Windows\System\TQvmctX.exe
  2⤵
  PID:7220
- C:\Windows\System\RNAbvQB.exe
  C:\Windows\System\RNAbvQB.exe
  2⤵
  PID:7240
- C:\Windows\System\YQTbQMf.exe
  C:\Windows\System\YQTbQMf.exe
  2⤵
  PID:7260
- C:\Windows\System\aTIySSd.exe
  C:\Windows\System\aTIySSd.exe
  2⤵
  PID:7276
- C:\Windows\System\bEhTSVQ.exe
  C:\Windows\System\bEhTSVQ.exe
  2⤵
  PID:7300
- C:\Windows\System\XlSjKds.exe
  C:\Windows\System\XlSjKds.exe
  2⤵
  PID:7320
- C:\Windows\System\STOmiNX.exe
  C:\Windows\System\STOmiNX.exe
  2⤵
  PID:7340
- C:\Windows\System\lMTdxVp.exe
  C:\Windows\System\lMTdxVp.exe
  2⤵
  PID:7356
- C:\Windows\System\tdMqKsN.exe
  C:\Windows\System\tdMqKsN.exe
  2⤵
  PID:7372
- C:\Windows\System\gWePxhE.exe
  C:\Windows\System\gWePxhE.exe
  2⤵
  PID:7396
- C:\Windows\System\vWkcxXQ.exe
  C:\Windows\System\vWkcxXQ.exe
  2⤵
  PID:7412
- C:\Windows\System\hvxwZdv.exe
  C:\Windows\System\hvxwZdv.exe
  2⤵
  PID:7436
- C:\Windows\System\dmcCQsH.exe
  C:\Windows\System\dmcCQsH.exe
  2⤵
  PID:7460
- C:\Windows\System\tWrifJA.exe
  C:\Windows\System\tWrifJA.exe
  2⤵
  PID:7476
- C:\Windows\System\UVNNMtN.exe
  C:\Windows\System\UVNNMtN.exe
  2⤵
  PID:7496
- C:\Windows\System\uYnJgTP.exe
  C:\Windows\System\uYnJgTP.exe
  2⤵
  PID:7520
- C:\Windows\System\LvqfrsJ.exe
  C:\Windows\System\LvqfrsJ.exe
  2⤵
  PID:7540
- C:\Windows\System\hgYKpgK.exe
  C:\Windows\System\hgYKpgK.exe
  2⤵
  PID:7568
- C:\Windows\System\FrYmfti.exe
  C:\Windows\System\FrYmfti.exe
  2⤵
  PID:7588
- C:\Windows\System\IcCJbaP.exe
  C:\Windows\System\IcCJbaP.exe
  2⤵
  PID:7608
- C:\Windows\System\hlRiDAe.exe
  C:\Windows\System\hlRiDAe.exe
  2⤵
  PID:7624
- C:\Windows\System\tHTZBxO.exe
  C:\Windows\System\tHTZBxO.exe
  2⤵
  PID:7644
- C:\Windows\System\uaCRFtP.exe
  C:\Windows\System\uaCRFtP.exe
  2⤵
  PID:7668
- C:\Windows\System\utpWQjf.exe
  C:\Windows\System\utpWQjf.exe
  2⤵
  PID:7688
- C:\Windows\System\AkWLlCJ.exe
  C:\Windows\System\AkWLlCJ.exe
  2⤵
  PID:7712
- C:\Windows\System\frMhqhA.exe
  C:\Windows\System\frMhqhA.exe
  2⤵
  PID:7728
- C:\Windows\System\rhvLAkE.exe
  C:\Windows\System\rhvLAkE.exe
  2⤵
  PID:7752
- C:\Windows\System\qOPvfSU.exe
  C:\Windows\System\qOPvfSU.exe
  2⤵
  PID:7768
- C:\Windows\System\rWNVMCm.exe
  C:\Windows\System\rWNVMCm.exe
  2⤵
  PID:7788
- C:\Windows\System\KZoqblw.exe
  C:\Windows\System\KZoqblw.exe
  2⤵
  PID:7808
- C:\Windows\System\RVySAlv.exe
  C:\Windows\System\RVySAlv.exe
  2⤵
  PID:7832
- C:\Windows\System\ZhfAKUs.exe
  C:\Windows\System\ZhfAKUs.exe
  2⤵
  PID:7848
- C:\Windows\System\cdwsDhm.exe
  C:\Windows\System\cdwsDhm.exe
  2⤵
  PID:7884
- C:\Windows\System\TPkSkiP.exe
  C:\Windows\System\TPkSkiP.exe
  2⤵
  PID:7904
- C:\Windows\System\AnsfKsM.exe
  C:\Windows\System\AnsfKsM.exe
  2⤵
  PID:7920
- C:\Windows\System\StXwKzY.exe
  C:\Windows\System\StXwKzY.exe
  2⤵
  PID:7940
- C:\Windows\System\nkitVHC.exe
  C:\Windows\System\nkitVHC.exe
  2⤵
  PID:7964
- C:\Windows\System\RNCdEFc.exe
  C:\Windows\System\RNCdEFc.exe
  2⤵
  PID:7988
- C:\Windows\System\fFMrdjB.exe
  C:\Windows\System\fFMrdjB.exe
  2⤵
  PID:8008
- C:\Windows\System\wwtooLQ.exe
  C:\Windows\System\wwtooLQ.exe
  2⤵
  PID:8024
- C:\Windows\System\vTJHhVw.exe
  C:\Windows\System\vTJHhVw.exe
  2⤵
  PID:8044
- C:\Windows\System\mtPQrIx.exe
  C:\Windows\System\mtPQrIx.exe
  2⤵
  PID:8064
- C:\Windows\System\srMwGtg.exe
  C:\Windows\System\srMwGtg.exe
  2⤵
  PID:8084
- C:\Windows\System\DixKMzZ.exe
  C:\Windows\System\DixKMzZ.exe
  2⤵
  PID:8104
- C:\Windows\System\PZTsCdJ.exe
  C:\Windows\System\PZTsCdJ.exe
  2⤵
  PID:8124
- C:\Windows\System\PuiOoYC.exe
  C:\Windows\System\PuiOoYC.exe
  2⤵
  PID:8148
- C:\Windows\System\ARDjqKN.exe
  C:\Windows\System\ARDjqKN.exe
  2⤵
  PID:8168
- C:\Windows\System\kGzPOGE.exe
  C:\Windows\System\kGzPOGE.exe
  2⤵
  PID:8184
- C:\Windows\System\vREySCW.exe
  C:\Windows\System\vREySCW.exe
  2⤵
  PID:6716
- C:\Windows\System\QaJgtzZ.exe
  C:\Windows\System\QaJgtzZ.exe
  2⤵
  PID:6816
- C:\Windows\System\iTwkZEo.exe
  C:\Windows\System\iTwkZEo.exe
  2⤵
  PID:6916
- C:\Windows\System\AnfKeEs.exe
  C:\Windows\System\AnfKeEs.exe
  2⤵
  PID:7100
- C:\Windows\System\uFwpvKf.exe
  C:\Windows\System\uFwpvKf.exe
  2⤵
  PID:6984
- C:\Windows\System\AzLMWqO.exe
  C:\Windows\System\AzLMWqO.exe
  2⤵
  PID:5012
- C:\Windows\System\lbfrMQY.exe
  C:\Windows\System\lbfrMQY.exe
  2⤵
  PID:5260
- C:\Windows\System\VVWttSp.exe
  C:\Windows\System\VVWttSp.exe
  2⤵
  PID:5684
- C:\Windows\System\ohrqIqg.exe
  C:\Windows\System\ohrqIqg.exe
  2⤵
  PID:6212
- C:\Windows\System\sQhamXx.exe
  C:\Windows\System\sQhamXx.exe
  2⤵
  PID:6200
- C:\Windows\System\ywdazVH.exe
  C:\Windows\System\ywdazVH.exe
  2⤵
  PID:6456
- C:\Windows\System\fijDcDf.exe
  C:\Windows\System\fijDcDf.exe
  2⤵
  PID:6656
- C:\Windows\System\YMYsQqP.exe
  C:\Windows\System\YMYsQqP.exe
  2⤵
  PID:6380
- C:\Windows\System\rREBlZP.exe
  C:\Windows\System\rREBlZP.exe
  2⤵
  PID:2836
- C:\Windows\System\rjfTfoK.exe
  C:\Windows\System\rjfTfoK.exe
  2⤵
  PID:7256
- C:\Windows\System\rFGFmbs.exe
  C:\Windows\System\rFGFmbs.exe
  2⤵
  PID:7292
- C:\Windows\System\JLLoyBb.exe
  C:\Windows\System\JLLoyBb.exe
  2⤵
  PID:7236
- C:\Windows\System\dIBZVpV.exe
  C:\Windows\System\dIBZVpV.exe
  2⤵
  PID:7312
- C:\Windows\System\GRtMjuu.exe
  C:\Windows\System\GRtMjuu.exe
  2⤵
  PID:7352
- C:\Windows\System\EWautZD.exe
  C:\Windows\System\EWautZD.exe
  2⤵
  PID:7392
- C:\Windows\System\hSbljYY.exe
  C:\Windows\System\hSbljYY.exe
  2⤵
  PID:7420
- C:\Windows\System\VzROQqP.exe
  C:\Windows\System\VzROQqP.exe
  2⤵
  PID:7484
- C:\Windows\System\NmgPcwF.exe
  C:\Windows\System\NmgPcwF.exe
  2⤵
  PID:7532
- C:\Windows\System\LduFtNy.exe
  C:\Windows\System\LduFtNy.exe
  2⤵
  PID:7472
- C:\Windows\System\AlpgLzL.exe
  C:\Windows\System\AlpgLzL.exe
  2⤵
  PID:7504
- C:\Windows\System\bOMyoUt.exe
  C:\Windows\System\bOMyoUt.exe
  2⤵
  PID:7596
- C:\Windows\System\PyoSsWJ.exe
  C:\Windows\System\PyoSsWJ.exe
  2⤵
  PID:7604
- C:\Windows\System\EczPQjS.exe
  C:\Windows\System\EczPQjS.exe
  2⤵
  PID:7696
- C:\Windows\System\CdEzKgJ.exe
  C:\Windows\System\CdEzKgJ.exe
  2⤵
  PID:7684
- C:\Windows\System\dEGwCby.exe
  C:\Windows\System\dEGwCby.exe
  2⤵
  PID:7744
- C:\Windows\System\QtgtdhM.exe
  C:\Windows\System\QtgtdhM.exe
  2⤵
  PID:7780
- C:\Windows\System\cXmQuuQ.exe
  C:\Windows\System\cXmQuuQ.exe
  2⤵
  PID:7824
- C:\Windows\System\YuFVIdK.exe
  C:\Windows\System\YuFVIdK.exe
  2⤵
  PID:7804
- C:\Windows\System\wZMqeMy.exe
  C:\Windows\System\wZMqeMy.exe
  2⤵
  PID:7844
- C:\Windows\System\bhfEXTT.exe
  C:\Windows\System\bhfEXTT.exe
  2⤵
  PID:7896
- C:\Windows\System\SbxcaSH.exe
  C:\Windows\System\SbxcaSH.exe
  2⤵
  PID:7956
- C:\Windows\System\ItdpLSp.exe
  C:\Windows\System\ItdpLSp.exe
  2⤵
  PID:2172
- C:\Windows\System\rbcXAHv.exe
  C:\Windows\System\rbcXAHv.exe
  2⤵
  PID:7928
- C:\Windows\System\SWnORbR.exe
  C:\Windows\System\SWnORbR.exe
  2⤵
  PID:8016
- C:\Windows\System\yJTYBpX.exe
  C:\Windows\System\yJTYBpX.exe
  2⤵
  PID:8080
- C:\Windows\System\QQpMwnW.exe
  C:\Windows\System\QQpMwnW.exe
  2⤵
  PID:8060
- C:\Windows\System\egUWmTQ.exe
  C:\Windows\System\egUWmTQ.exe
  2⤵
  PID:8092
- C:\Windows\System\bbKwQPN.exe
  C:\Windows\System\bbKwQPN.exe
  2⤵
  PID:8144
- C:\Windows\System\bjniELy.exe
  C:\Windows\System\bjniELy.exe
  2⤵
  PID:8176
- C:\Windows\System\McCuUMe.exe
  C:\Windows\System\McCuUMe.exe
  2⤵
  PID:6032
- C:\Windows\System\yccJCzL.exe
  C:\Windows\System\yccJCzL.exe
  2⤵
  PID:864
- C:\Windows\System\HroMNpK.exe
  C:\Windows\System\HroMNpK.exe
  2⤵
  PID:6128
- C:\Windows\System\xLSjvdi.exe
  C:\Windows\System\xLSjvdi.exe
  2⤵
  PID:5220
- C:\Windows\System\pxeERoG.exe
  C:\Windows\System\pxeERoG.exe
  2⤵
  PID:5740
- C:\Windows\System\uzJmyFo.exe
  C:\Windows\System\uzJmyFo.exe
  2⤵
  PID:5568
- C:\Windows\System\YsOZoLQ.exe
  C:\Windows\System\YsOZoLQ.exe
  2⤵
  PID:6556
- C:\Windows\System\lRphIzc.exe
  C:\Windows\System\lRphIzc.exe
  2⤵
  PID:7208
- C:\Windows\System\VOvKseu.exe
  C:\Windows\System\VOvKseu.exe
  2⤵
  PID:7200
- C:\Windows\System\XhgvmFl.exe
  C:\Windows\System\XhgvmFl.exe
  2⤵
  PID:7332
- C:\Windows\System\vYqqMSs.exe
  C:\Windows\System\vYqqMSs.exe
  2⤵
  PID:7288
- C:\Windows\System\PRwUyEu.exe
  C:\Windows\System\PRwUyEu.exe
  2⤵
  PID:7448
- C:\Windows\System\vgJBogz.exe
  C:\Windows\System\vgJBogz.exe
  2⤵
  PID:2528
- C:\Windows\System\NErzDrq.exe
  C:\Windows\System\NErzDrq.exe
  2⤵
  PID:7552
- C:\Windows\System\zyWpanY.exe
  C:\Windows\System\zyWpanY.exe
  2⤵
  PID:7616
- C:\Windows\System\KSKvthQ.exe
  C:\Windows\System\KSKvthQ.exe
  2⤵
  PID:7560
- C:\Windows\System\ilDngPt.exe
  C:\Windows\System\ilDngPt.exe
  2⤵
  PID:7676
- C:\Windows\System\UcwFpPV.exe
  C:\Windows\System\UcwFpPV.exe
  2⤵
  PID:2460
- C:\Windows\System\CVTAvQi.exe
  C:\Windows\System\CVTAvQi.exe
  2⤵
  PID:7764
- C:\Windows\System\OGIIksA.exe
  C:\Windows\System\OGIIksA.exe
  2⤵
  PID:7892
- C:\Windows\System\XNdyYHK.exe
  C:\Windows\System\XNdyYHK.exe
  2⤵
  PID:8000
- C:\Windows\System\YsGllFa.exe
  C:\Windows\System\YsGllFa.exe
  2⤵
  PID:7872
- C:\Windows\System\ldsjiPl.exe
  C:\Windows\System\ldsjiPl.exe
  2⤵
  PID:2628
- C:\Windows\System\AfiTdrq.exe
  C:\Windows\System\AfiTdrq.exe
  2⤵
  PID:7960
- C:\Windows\System\WEMTTxO.exe
  C:\Windows\System\WEMTTxO.exe
  2⤵
  PID:8056
- C:\Windows\System\yJnUuvR.exe
  C:\Windows\System\yJnUuvR.exe
  2⤵
  PID:8164
- C:\Windows\System\dvLzNah.exe
  C:\Windows\System\dvLzNah.exe
  2⤵
  PID:6840
- C:\Windows\System\uZbIRdG.exe
  C:\Windows\System\uZbIRdG.exe
  2⤵
  PID:6028
- C:\Windows\System\NBqgJkr.exe
  C:\Windows\System\NBqgJkr.exe
  2⤵
  PID:6640
- C:\Windows\System\AbMyTRU.exe
  C:\Windows\System\AbMyTRU.exe
  2⤵
  PID:6876
- C:\Windows\System\eJxlUTW.exe
  C:\Windows\System\eJxlUTW.exe
  2⤵
  PID:2464
- C:\Windows\System\wjWKiUt.exe
  C:\Windows\System\wjWKiUt.exe
  2⤵
  PID:2760
- C:\Windows\System\LnmDXOB.exe
  C:\Windows\System\LnmDXOB.exe
  2⤵
  PID:7348
- C:\Windows\System\AoABjcD.exe
  C:\Windows\System\AoABjcD.exe
  2⤵
  PID:7316
- C:\Windows\System\TBqnmCf.exe
  C:\Windows\System\TBqnmCf.exe
  2⤵
  PID:7228
- C:\Windows\System\zVLDnPZ.exe
  C:\Windows\System\zVLDnPZ.exe
  2⤵
  PID:7408
- C:\Windows\System\aNayZOB.exe
  C:\Windows\System\aNayZOB.exe
  2⤵
  PID:7536
- C:\Windows\System\WdLiSCY.exe
  C:\Windows\System\WdLiSCY.exe
  2⤵
  PID:7632
- C:\Windows\System\zXjKHPj.exe
  C:\Windows\System\zXjKHPj.exe
  2⤵
  PID:2540
- C:\Windows\System\WStYPPF.exe
  C:\Windows\System\WStYPPF.exe
  2⤵
  PID:7736
- C:\Windows\System\cXbOYcE.exe
  C:\Windows\System\cXbOYcE.exe
  2⤵
  PID:7740
- C:\Windows\System\qJNjbBP.exe
  C:\Windows\System\qJNjbBP.exe
  2⤵
  PID:8204
- C:\Windows\System\clFixyw.exe
  C:\Windows\System\clFixyw.exe
  2⤵
  PID:8220
- C:\Windows\System\gWcllkl.exe
  C:\Windows\System\gWcllkl.exe
  2⤵
  PID:8244
- C:\Windows\System\NyNnYgf.exe
  C:\Windows\System\NyNnYgf.exe
  2⤵
  PID:8264
- C:\Windows\System\uAbttny.exe
  C:\Windows\System\uAbttny.exe
  2⤵
  PID:8284
- C:\Windows\System\eblakXt.exe
  C:\Windows\System\eblakXt.exe
  2⤵
  PID:8304
- C:\Windows\System\AHaciaF.exe
  C:\Windows\System\AHaciaF.exe
  2⤵
  PID:8324
- C:\Windows\System\nVtYAYL.exe
  C:\Windows\System\nVtYAYL.exe
  2⤵
  PID:8340
- C:\Windows\System\wShUaop.exe
  C:\Windows\System\wShUaop.exe
  2⤵
  PID:8364
- C:\Windows\System\lfkFiNz.exe
  C:\Windows\System\lfkFiNz.exe
  2⤵
  PID:8384
- C:\Windows\System\xtxQgXz.exe
  C:\Windows\System\xtxQgXz.exe
  2⤵
  PID:8400
- C:\Windows\System\vUwgiFt.exe
  C:\Windows\System\vUwgiFt.exe
  2⤵
  PID:8424
- C:\Windows\System\TvyZWtB.exe
  C:\Windows\System\TvyZWtB.exe
  2⤵
  PID:8444
- C:\Windows\System\YcGsvvp.exe
  C:\Windows\System\YcGsvvp.exe
  2⤵
  PID:8464
- C:\Windows\System\YHiLFjH.exe
  C:\Windows\System\YHiLFjH.exe
  2⤵
  PID:8484
- C:\Windows\System\nKoupps.exe
  C:\Windows\System\nKoupps.exe
  2⤵
  PID:8504
- C:\Windows\System\FfKOISR.exe
  C:\Windows\System\FfKOISR.exe
  2⤵
  PID:8524
- C:\Windows\System\DxOSLQe.exe
  C:\Windows\System\DxOSLQe.exe
  2⤵
  PID:8544
- C:\Windows\System\YdQIQYB.exe
  C:\Windows\System\YdQIQYB.exe
  2⤵
  PID:8564
- C:\Windows\System\nYtWrBB.exe
  C:\Windows\System\nYtWrBB.exe
  2⤵
  PID:8584
- C:\Windows\System\rnZRhpj.exe
  C:\Windows\System\rnZRhpj.exe
  2⤵
  PID:8600
- C:\Windows\System\TqUyxde.exe
  C:\Windows\System\TqUyxde.exe
  2⤵
  PID:8616
- C:\Windows\System\krVUTFM.exe
  C:\Windows\System\krVUTFM.exe
  2⤵
  PID:8640
- C:\Windows\System\dYpiWyx.exe
  C:\Windows\System\dYpiWyx.exe
  2⤵
  PID:8656
- C:\Windows\System\psrWOQM.exe
  C:\Windows\System\psrWOQM.exe
  2⤵
  PID:8676
- C:\Windows\System\mWcRPJA.exe
  C:\Windows\System\mWcRPJA.exe
  2⤵
  PID:8692
- C:\Windows\System\QtUXUUl.exe
  C:\Windows\System\QtUXUUl.exe
  2⤵
  PID:8716
- C:\Windows\System\RyDyggX.exe
  C:\Windows\System\RyDyggX.exe
  2⤵
  PID:8732
- C:\Windows\System\hZwtqTh.exe
  C:\Windows\System\hZwtqTh.exe
  2⤵
  PID:8756
- C:\Windows\System\GiEjyZy.exe
  C:\Windows\System\GiEjyZy.exe
  2⤵
  PID:8772
- C:\Windows\System\SnVadso.exe
  C:\Windows\System\SnVadso.exe
  2⤵
  PID:8792
- C:\Windows\System\UiiHGuu.exe
  C:\Windows\System\UiiHGuu.exe
  2⤵
  PID:8808
- C:\Windows\System\mZhLxfo.exe
  C:\Windows\System\mZhLxfo.exe
  2⤵
  PID:8828
- C:\Windows\System\itRRGBi.exe
  C:\Windows\System\itRRGBi.exe
  2⤵
  PID:8844
- C:\Windows\System\FuahBse.exe
  C:\Windows\System\FuahBse.exe
  2⤵
  PID:8864
- C:\Windows\System\elCxrCX.exe
  C:\Windows\System\elCxrCX.exe
  2⤵
  PID:8880
- C:\Windows\System\oCZFOya.exe
  C:\Windows\System\oCZFOya.exe
  2⤵
  PID:8900
- C:\Windows\System\hBUjqPb.exe
  C:\Windows\System\hBUjqPb.exe
  2⤵
  PID:8916
- C:\Windows\System\XYoUEEj.exe
  C:\Windows\System\XYoUEEj.exe
  2⤵
  PID:8932
- C:\Windows\System\ueJphtg.exe
  C:\Windows\System\ueJphtg.exe
  2⤵
  PID:8952
- C:\Windows\System\FyDBHJh.exe
  C:\Windows\System\FyDBHJh.exe
  2⤵
  PID:8972
- C:\Windows\System\BhclCKy.exe
  C:\Windows\System\BhclCKy.exe
  2⤵
  PID:8992
- C:\Windows\System\xrEaSgW.exe
  C:\Windows\System\xrEaSgW.exe
  2⤵
  PID:9008
- C:\Windows\System\CyaUKeA.exe
  C:\Windows\System\CyaUKeA.exe
  2⤵
  PID:9028
- C:\Windows\System\avYCEon.exe
  C:\Windows\System\avYCEon.exe
  2⤵
  PID:9052
- C:\Windows\System\nICTRsE.exe
  C:\Windows\System\nICTRsE.exe
  2⤵
  PID:9072
- C:\Windows\System\RQXzuRk.exe
  C:\Windows\System\RQXzuRk.exe
  2⤵
  PID:9088
- C:\Windows\System\mchAzfB.exe
  C:\Windows\System\mchAzfB.exe
  2⤵
  PID:9104
- C:\Windows\System\DHmimmS.exe
  C:\Windows\System\DHmimmS.exe
  2⤵
  PID:9120
- C:\Windows\System\WBpvYLC.exe
  C:\Windows\System\WBpvYLC.exe
  2⤵
  PID:9136
- C:\Windows\System\lthAWWZ.exe
  C:\Windows\System\lthAWWZ.exe
  2⤵
  PID:9152
- C:\Windows\System\udBnGTC.exe
  C:\Windows\System\udBnGTC.exe
  2⤵
  PID:9172
- C:\Windows\System\JJoZQnc.exe
  C:\Windows\System\JJoZQnc.exe
  2⤵
  PID:9196
- C:\Windows\System\xeupFca.exe
  C:\Windows\System\xeupFca.exe
  2⤵
  PID:7820
- C:\Windows\System\WNfDTZL.exe
  C:\Windows\System\WNfDTZL.exe
  2⤵
  PID:8036
- C:\Windows\System\LEVhQrn.exe
  C:\Windows\System\LEVhQrn.exe
  2⤵
  PID:7980
- C:\Windows\System\MLbyVRt.exe
  C:\Windows\System\MLbyVRt.exe
  2⤵
  PID:6940
- C:\Windows\System\lmryUoT.exe
  C:\Windows\System\lmryUoT.exe
  2⤵
  PID:8156
- C:\Windows\System\VCrBFVj.exe
  C:\Windows\System\VCrBFVj.exe
  2⤵
  PID:3536
- C:\Windows\System\dYBKAqp.exe
  C:\Windows\System\dYBKAqp.exe
  2⤵
  PID:1756
- C:\Windows\System\XMajVeL.exe
  C:\Windows\System\XMajVeL.exe
  2⤵
  PID:7336
- C:\Windows\System\LItBQuh.exe
  C:\Windows\System\LItBQuh.exe
  2⤵
  PID:6320
- C:\Windows\System\RNVKDOT.exe
  C:\Windows\System\RNVKDOT.exe
  2⤵
  PID:7384
- C:\Windows\System\jSAlvzI.exe
  C:\Windows\System\jSAlvzI.exe
  2⤵
  PID:2572
- C:\Windows\System\pvMpevE.exe
  C:\Windows\System\pvMpevE.exe
  2⤵
  PID:7704
- C:\Windows\System\QVTIsNO.exe
  C:\Windows\System\QVTIsNO.exe
  2⤵
  PID:7800
- C:\Windows\System\jLaHmkp.exe
  C:\Windows\System\jLaHmkp.exe
  2⤵
  PID:1272
- C:\Windows\System\ZnWfyvc.exe
  C:\Windows\System\ZnWfyvc.exe
  2⤵
  PID:8212
- C:\Windows\System\dpnPxOK.exe
  C:\Windows\System\dpnPxOK.exe
  2⤵
  PID:8196
- C:\Windows\System\TQpucGq.exe
  C:\Windows\System\TQpucGq.exe
  2⤵
  PID:8292
- C:\Windows\System\xJLkaMb.exe
  C:\Windows\System\xJLkaMb.exe
  2⤵
  PID:8236
- C:\Windows\System\tkUzoRU.exe
  C:\Windows\System\tkUzoRU.exe
  2⤵
  PID:8320
- C:\Windows\System\CoPwufX.exe
  C:\Windows\System\CoPwufX.exe
  2⤵
  PID:8532
- C:\Windows\System\fnaLUBB.exe
  C:\Windows\System\fnaLUBB.exe
  2⤵
  PID:8348
- C:\Windows\System\AbnFbCU.exe
  C:\Windows\System\AbnFbCU.exe
  2⤵
  PID:8580
- C:\Windows\System\drXoMDZ.exe
  C:\Windows\System\drXoMDZ.exe
  2⤵
  PID:8352
- C:\Windows\System\OIxQkeY.exe
  C:\Windows\System\OIxQkeY.exe
  2⤵
  PID:8688
- C:\Windows\System\nCVAsJl.exe
  C:\Windows\System\nCVAsJl.exe
  2⤵
  PID:8764
- C:\Windows\System\fuowOzj.exe
  C:\Windows\System\fuowOzj.exe
  2⤵
  PID:8396
- C:\Windows\System\suwflwn.exe
  C:\Windows\System\suwflwn.exe
  2⤵
  PID:8876
- C:\Windows\System\sjXPcUd.exe
  C:\Windows\System\sjXPcUd.exe
  2⤵
  PID:8472
- C:\Windows\System\QqGikOz.exe
  C:\Windows\System\QqGikOz.exe
  2⤵
  PID:8520
- C:\Windows\System\RtFtDaN.exe
  C:\Windows\System\RtFtDaN.exe
  2⤵
  PID:8556
- C:\Windows\System\hTsePKG.exe
  C:\Windows\System\hTsePKG.exe
  2⤵
  PID:8712
- C:\Windows\System\vXAQjDm.exe
  C:\Windows\System\vXAQjDm.exe
  2⤵
  PID:8744
- C:\Windows\System\IViRnIq.exe
  C:\Windows\System\IViRnIq.exe
  2⤵
  PID:8788
- C:\Windows\System\GlwtqKd.exe
  C:\Windows\System\GlwtqKd.exe
  2⤵
  PID:8984
- C:\Windows\System\QOOWPhl.exe
  C:\Windows\System\QOOWPhl.exe
  2⤵
  PID:8780
- C:\Windows\System\qDXPmCu.exe
  C:\Windows\System\qDXPmCu.exe
  2⤵
  PID:8892
- C:\Windows\System\OcCFFlC.exe
  C:\Windows\System\OcCFFlC.exe
  2⤵
  PID:8888
- C:\Windows\System\mEWhGCW.exe
  C:\Windows\System\mEWhGCW.exe
  2⤵
  PID:8928
- C:\Windows\System\QaTUbLN.exe
  C:\Windows\System\QaTUbLN.exe
  2⤵
  PID:9000
- C:\Windows\System\gWdotKq.exe
  C:\Windows\System\gWdotKq.exe
  2⤵
  PID:9068
- C:\Windows\System\rXmHJxV.exe
  C:\Windows\System\rXmHJxV.exe
  2⤵
  PID:9040
- C:\Windows\System\rDyJRoT.exe
  C:\Windows\System\rDyJRoT.exe
  2⤵
  PID:9128
- C:\Windows\System\wYGSKxx.exe
  C:\Windows\System\wYGSKxx.exe
  2⤵
  PID:9116
- C:\Windows\System\plevJUk.exe
  C:\Windows\System\plevJUk.exe
  2⤵
  PID:9212
- C:\Windows\System\vwGrKoU.exe
  C:\Windows\System\vwGrKoU.exe
  2⤵
  PID:9192
- C:\Windows\System\yHsnElT.exe
  C:\Windows\System\yHsnElT.exe
  2⤵
  PID:8052
- C:\Windows\System\nFJGnvx.exe
  C:\Windows\System\nFJGnvx.exe
  2⤵
  PID:1996
- C:\Windows\System\UhhaHhG.exe
  C:\Windows\System\UhhaHhG.exe
  2⤵
  PID:6232
- C:\Windows\System\ZouvGtO.exe
  C:\Windows\System\ZouvGtO.exe
  2⤵
  PID:8136
- C:\Windows\System\EFEMliN.exe
  C:\Windows\System\EFEMliN.exe
  2⤵
  PID:1136
- C:\Windows\System\iyNeYcP.exe
  C:\Windows\System\iyNeYcP.exe
  2⤵
  PID:1088
- C:\Windows\System\QhJeSFH.exe
  C:\Windows\System\QhJeSFH.exe
  2⤵
  PID:7720
- C:\Windows\System\xKzawwC.exe
  C:\Windows\System\xKzawwC.exe
  2⤵
  PID:8300
- C:\Windows\System\gDYmVOR.exe
  C:\Windows\System\gDYmVOR.exe
  2⤵
  PID:8232
- C:\Windows\System\fTjrgrb.exe
  C:\Windows\System\fTjrgrb.exe
  2⤵
  PID:8412
- C:\Windows\System\sZwWmTo.exe
  C:\Windows\System\sZwWmTo.exe
  2⤵
  PID:8456
- C:\Windows\System\zWBcQPN.exe
  C:\Windows\System\zWBcQPN.exe
  2⤵
  PID:8312
- C:\Windows\System\OMamKYV.exe
  C:\Windows\System\OMamKYV.exe
  2⤵
  PID:8360
- C:\Windows\System\SfkZJaf.exe
  C:\Windows\System\SfkZJaf.exe
  2⤵
  PID:8724
- C:\Windows\System\WtZtnrl.exe
  C:\Windows\System\WtZtnrl.exe
  2⤵
  PID:8840
- C:\Windows\System\AEgaiVH.exe
  C:\Windows\System\AEgaiVH.exe
  2⤵
  PID:2148
- C:\Windows\System\QltlQZV.exe
  C:\Windows\System\QltlQZV.exe
  2⤵
  PID:8552
- C:\Windows\System\NYUTpNg.exe
  C:\Windows\System\NYUTpNg.exe
  2⤵
  PID:1600
- C:\Windows\System\ChabPpb.exe
  C:\Windows\System\ChabPpb.exe
  2⤵
  PID:8668
- C:\Windows\System\aLJfLbA.exe
  C:\Windows\System\aLJfLbA.exe
  2⤵
  PID:8708
- C:\Windows\System\QLJgbrE.exe
  C:\Windows\System\QLJgbrE.exe
  2⤵
  PID:2608
- C:\Windows\System\PHiZQfs.exe
  C:\Windows\System\PHiZQfs.exe
  2⤵
  PID:9016
- C:\Windows\System\jzqNDpw.exe
  C:\Windows\System\jzqNDpw.exe
  2⤵
  PID:8964
- C:\Windows\System\mhlMVfr.exe
  C:\Windows\System\mhlMVfr.exe
  2⤵
  PID:9064
- C:\Windows\System\CaPNbuL.exe
  C:\Windows\System\CaPNbuL.exe
  2⤵
  PID:9080
- C:\Windows\System\XmDbjvv.exe
  C:\Windows\System\XmDbjvv.exe
  2⤵
  PID:9160
- C:\Windows\System\hCTPYPS.exe
  C:\Windows\System\hCTPYPS.exe
  2⤵
  PID:9180
- C:\Windows\System\JCGFtaR.exe
  C:\Windows\System\JCGFtaR.exe
  2⤵
  PID:8040
- C:\Windows\System\gfwHekk.exe
  C:\Windows\System\gfwHekk.exe
  2⤵
  PID:6884
- C:\Windows\System\vvUMMfL.exe
  C:\Windows\System\vvUMMfL.exe
  2⤵
  PID:6844
- C:\Windows\System\bZDhiyg.exe
  C:\Windows\System\bZDhiyg.exe
  2⤵
  PID:7468
- C:\Windows\System\lnymCEn.exe
  C:\Windows\System\lnymCEn.exe
  2⤵
  PID:7508
- C:\Windows\System\RgkNILb.exe
  C:\Windows\System\RgkNILb.exe
  2⤵
  PID:7796
- C:\Windows\System\bkFpUAP.exe
  C:\Windows\System\bkFpUAP.exe
  2⤵
  PID:8256
- C:\Windows\System\uzxMcNS.exe
  C:\Windows\System\uzxMcNS.exe
  2⤵
  PID:8296
- C:\Windows\System\HloUBoo.exe
  C:\Windows\System\HloUBoo.exe
  2⤵
  PID:8280
- C:\Windows\System\iJCMNyt.exe
  C:\Windows\System\iJCMNyt.exe
  2⤵
  PID:8576
- C:\Windows\System\AolmStV.exe
  C:\Windows\System\AolmStV.exe
  2⤵
  PID:8316
- C:\Windows\System\uDRmTUt.exe
  C:\Windows\System\uDRmTUt.exe
  2⤵
  PID:8804
- C:\Windows\System\FNGdeBb.exe
  C:\Windows\System\FNGdeBb.exe
  2⤵
  PID:8908
- C:\Windows\System\xqJbCjK.exe
  C:\Windows\System\xqJbCjK.exe
  2⤵
  PID:8512
- C:\Windows\System\etmxGkH.exe
  C:\Windows\System\etmxGkH.exe
  2⤵
  PID:8700
- C:\Windows\System\eLBdlLm.exe
  C:\Windows\System\eLBdlLm.exe
  2⤵
  PID:8784
- C:\Windows\System\tlzildr.exe
  C:\Windows\System\tlzildr.exe
  2⤵
  PID:9020
- C:\Windows\System\veXZxMq.exe
  C:\Windows\System\veXZxMq.exe
  2⤵
  PID:9048
- C:\Windows\System\dPlKIuJ.exe
  C:\Windows\System\dPlKIuJ.exe
  2⤵
  PID:9148
- C:\Windows\System\nYYcqcv.exe
  C:\Windows\System\nYYcqcv.exe
  2⤵
  PID:8116
- C:\Windows\System\CcdEjAb.exe
  C:\Windows\System\CcdEjAb.exe
  2⤵
  PID:828
- C:\Windows\System\FNhfbSG.exe
  C:\Windows\System\FNhfbSG.exe
  2⤵
  PID:2852
- C:\Windows\System\FPeqHdg.exe
  C:\Windows\System\FPeqHdg.exe
  2⤵
  PID:7432
- C:\Windows\System\depZQhx.exe
  C:\Windows\System\depZQhx.exe
  2⤵
  PID:1940
- C:\Windows\System\tozNJSX.exe
  C:\Windows\System\tozNJSX.exe
  2⤵
  PID:8416
- C:\Windows\System\ABKtekK.exe
  C:\Windows\System\ABKtekK.exe
  2⤵
  PID:1808
- C:\Windows\System\iOMYizo.exe
  C:\Windows\System\iOMYizo.exe
  2⤵
  PID:8728
- C:\Windows\System\evCSbiW.exe
  C:\Windows\System\evCSbiW.exe
  2⤵
  PID:8596
- C:\Windows\System\GEBBlZs.exe
  C:\Windows\System\GEBBlZs.exe
  2⤵
  PID:8476
- C:\Windows\System\CyULlxp.exe
  C:\Windows\System\CyULlxp.exe
  2⤵
  PID:8940
- C:\Windows\System\tnIEbPu.exe
  C:\Windows\System\tnIEbPu.exe
  2⤵
  PID:8704
- C:\Windows\System\BIThKRn.exe
  C:\Windows\System\BIThKRn.exe
  2⤵
  PID:9132
- C:\Windows\System\ytHstXq.exe
  C:\Windows\System\ytHstXq.exe
  2⤵
  PID:9164
- C:\Windows\System\FNdjHlS.exe
  C:\Windows\System\FNdjHlS.exe
  2⤵
  PID:9208
- C:\Windows\System\AIcRZNt.exe
  C:\Windows\System\AIcRZNt.exe
  2⤵
  PID:6444
- C:\Windows\System\uZTVNuy.exe
  C:\Windows\System\uZTVNuy.exe
  2⤵
  PID:7308
- C:\Windows\System\slIwWPZ.exe
  C:\Windows\System\slIwWPZ.exe
  2⤵
  PID:8260
- C:\Windows\System\podSQdl.exe
  C:\Windows\System\podSQdl.exe
  2⤵
  PID:4940
- C:\Windows\System\rmBcQdJ.exe
  C:\Windows\System\rmBcQdJ.exe
  2⤵
  PID:2900
- C:\Windows\System\pnmbrdd.exe
  C:\Windows\System\pnmbrdd.exe
  2⤵
  PID:2984
- C:\Windows\System\YfrbYto.exe
  C:\Windows\System\YfrbYto.exe
  2⤵
  PID:2896
- C:\Windows\System\RUJfGBj.exe
  C:\Windows\System\RUJfGBj.exe
  2⤵
  PID:3000
- C:\Windows\System\HHzaWKu.exe
  C:\Windows\System\HHzaWKu.exe
  2⤵
  PID:2840
- C:\Windows\System\VHvwRze.exe
  C:\Windows\System\VHvwRze.exe
  2⤵
  PID:1248
- C:\Windows\System\VlnVdey.exe
  C:\Windows\System\VlnVdey.exe
  2⤵
  PID:1424
- C:\Windows\System\NoomtGX.exe
  C:\Windows\System\NoomtGX.exe
  2⤵
  PID:7952
- C:\Windows\System\TvXjzGL.exe
  C:\Windows\System\TvXjzGL.exe
  2⤵
  PID:6272
- C:\Windows\System\WFJduCw.exe
  C:\Windows\System\WFJduCw.exe
  2⤵
  PID:2960
- C:\Windows\System\vlbWQQn.exe
  C:\Windows\System\vlbWQQn.exe
  2⤵
  PID:2568
- C:\Windows\System\UtLoBTK.exe
  C:\Windows\System\UtLoBTK.exe
  2⤵
  PID:3024
- C:\Windows\System\DvUURZx.exe
  C:\Windows\System\DvUURZx.exe
  2⤵
  PID:2444
- C:\Windows\System\QTHZEei.exe
  C:\Windows\System\QTHZEei.exe
  2⤵
  PID:1304
- C:\Windows\System\OWVkLDn.exe
  C:\Windows\System\OWVkLDn.exe
  2⤵
  PID:8672
- C:\Windows\System\laugOeL.exe
  C:\Windows\System\laugOeL.exe
  2⤵
  PID:2948
- C:\Windows\System\SAzQEtn.exe
  C:\Windows\System\SAzQEtn.exe
  2⤵
  PID:9004
- C:\Windows\System\cbtkhPZ.exe
  C:\Windows\System\cbtkhPZ.exe
  2⤵
  PID:2080
- C:\Windows\System\OMgWagc.exe
  C:\Windows\System\OMgWagc.exe
  2⤵
  PID:7528
- C:\Windows\System\PitokcQ.exe
  C:\Windows\System\PitokcQ.exe
  2⤵
  PID:2308
- C:\Windows\System\FoltXIk.exe
  C:\Windows\System\FoltXIk.exe
  2⤵
  PID:2944
- C:\Windows\System\MqpAjiZ.exe
  C:\Windows\System\MqpAjiZ.exe
  2⤵
  PID:2588
- C:\Windows\System\VKZxEtW.exe
  C:\Windows\System\VKZxEtW.exe
  2⤵
  PID:1864
- C:\Windows\System\iTiKawR.exe
  C:\Windows\System\iTiKawR.exe
  2⤵
  PID:1856
- C:\Windows\System\DltVPTK.exe
  C:\Windows\System\DltVPTK.exe
  2⤵
  PID:8652
- C:\Windows\System\gtaGwMg.exe
  C:\Windows\System\gtaGwMg.exe
  2⤵
  PID:2232
- C:\Windows\System\qYHXbJL.exe
  C:\Windows\System\qYHXbJL.exe
  2⤵
  PID:2020
- C:\Windows\System\NSTTszR.exe
  C:\Windows\System\NSTTszR.exe
  2⤵
  PID:9168
- C:\Windows\System\LusGcLG.exe
  C:\Windows\System\LusGcLG.exe
  2⤵
  PID:800
- C:\Windows\System\LMpFPgc.exe
  C:\Windows\System\LMpFPgc.exe
  2⤵
  PID:8856
- C:\Windows\System\PXETWjc.exe
  C:\Windows\System\PXETWjc.exe
  2⤵
  PID:3008
- C:\Windows\System\KaFVuzy.exe
  C:\Windows\System\KaFVuzy.exe
  2⤵
  PID:2032
- C:\Windows\System\xJFPfcA.exe
  C:\Windows\System\xJFPfcA.exe
  2⤵
  PID:9232
- C:\Windows\System\PwhcFwl.exe
  C:\Windows\System\PwhcFwl.exe
  2⤵
  PID:9248
- C:\Windows\System\lSnfrjl.exe
  C:\Windows\System\lSnfrjl.exe
  2⤵
  PID:9264
- C:\Windows\System\ICSuXBD.exe
  C:\Windows\System\ICSuXBD.exe
  2⤵
  PID:9280
- C:\Windows\System\XHzrAqO.exe
  C:\Windows\System\XHzrAqO.exe
  2⤵
  PID:9296
- C:\Windows\System\tWXUgjq.exe
  C:\Windows\System\tWXUgjq.exe
  2⤵
  PID:9312
- C:\Windows\System\zqHWmWo.exe
  C:\Windows\System\zqHWmWo.exe
  2⤵
  PID:9328
- C:\Windows\System\OlyqmiK.exe
  C:\Windows\System\OlyqmiK.exe
  2⤵
  PID:9344
- C:\Windows\System\FkofOuz.exe
  C:\Windows\System\FkofOuz.exe
  2⤵
  PID:9360
- C:\Windows\System\vIXCgck.exe
  C:\Windows\System\vIXCgck.exe
  2⤵
  PID:9376
- C:\Windows\System\FEtproa.exe
  C:\Windows\System\FEtproa.exe
  2⤵
  PID:9396
- C:\Windows\System\PhAVHBR.exe
  C:\Windows\System\PhAVHBR.exe
  2⤵
  PID:9412
- C:\Windows\System\yLtxmxj.exe
  C:\Windows\System\yLtxmxj.exe
  2⤵
  PID:9428
- C:\Windows\System\wosLneG.exe
  C:\Windows\System\wosLneG.exe
  2⤵
  PID:9444
- C:\Windows\System\QxsVtnn.exe
  C:\Windows\System\QxsVtnn.exe
  2⤵
  PID:9464
- C:\Windows\System\rSWKfNN.exe
  C:\Windows\System\rSWKfNN.exe
  2⤵
  PID:9480
- C:\Windows\System\YvBcNdM.exe
  C:\Windows\System\YvBcNdM.exe
  2⤵
  PID:9496
- C:\Windows\System\PTDSPor.exe
  C:\Windows\System\PTDSPor.exe
  2⤵
  PID:9560
- C:\Windows\System\ETYesah.exe
  C:\Windows\System\ETYesah.exe
  2⤵
  PID:9576
- C:\Windows\System\zMkxtNv.exe
  C:\Windows\System\zMkxtNv.exe
  2⤵
  PID:9592
- C:\Windows\System\iRHyIiq.exe
  C:\Windows\System\iRHyIiq.exe
  2⤵
  PID:9612
- C:\Windows\System\teQKpVU.exe
  C:\Windows\System\teQKpVU.exe
  2⤵
  PID:9652
- C:\Windows\System\TSREcCR.exe
  C:\Windows\System\TSREcCR.exe
  2⤵
  PID:9688
- C:\Windows\System\xZiOQbu.exe
  C:\Windows\System\xZiOQbu.exe
  2⤵
  PID:9720
- C:\Windows\System\BcEEEak.exe
  C:\Windows\System\BcEEEak.exe
  2⤵
  PID:9748
- C:\Windows\System\WteJatz.exe
  C:\Windows\System\WteJatz.exe
  2⤵
  PID:9772
- C:\Windows\System\BLEWRzR.exe
  C:\Windows\System\BLEWRzR.exe
  2⤵
  PID:9788
- C:\Windows\System\fBepoqh.exe
  C:\Windows\System\fBepoqh.exe
  2⤵
  PID:9804
- C:\Windows\System\NOAiqZD.exe
  C:\Windows\System\NOAiqZD.exe
  2⤵
  PID:9828
- C:\Windows\System\uGLAOXS.exe
  C:\Windows\System\uGLAOXS.exe
  2⤵
  PID:9848
- C:\Windows\System\etkxrSq.exe
  C:\Windows\System\etkxrSq.exe
  2⤵
  PID:9876
- C:\Windows\System\DOuWdqC.exe
  C:\Windows\System\DOuWdqC.exe
  2⤵
  PID:9900
- C:\Windows\System\hAULVtn.exe
  C:\Windows\System\hAULVtn.exe
  2⤵
  PID:9956
- C:\Windows\System\SGwrqQd.exe
  C:\Windows\System\SGwrqQd.exe
  2⤵
  PID:9984
- C:\Windows\System\uGYAacP.exe
  C:\Windows\System\uGYAacP.exe
  2⤵
  PID:10000
- C:\Windows\System\UAIVhzh.exe
  C:\Windows\System\UAIVhzh.exe
  2⤵
  PID:10016
- C:\Windows\System\kfmxLtF.exe
  C:\Windows\System\kfmxLtF.exe
  2⤵
  PID:10032
- C:\Windows\System\yiAfNbX.exe
  C:\Windows\System\yiAfNbX.exe
  2⤵
  PID:10048
- C:\Windows\System\SPtbkFZ.exe
  C:\Windows\System\SPtbkFZ.exe
  2⤵
  PID:10064
- C:\Windows\System\MULUWod.exe
  C:\Windows\System\MULUWod.exe
  2⤵
  PID:10080
- C:\Windows\System\FIzHnHi.exe
  C:\Windows\System\FIzHnHi.exe
  2⤵
  PID:10096
- C:\Windows\System\RDAkMBk.exe
  C:\Windows\System\RDAkMBk.exe
  2⤵
  PID:10132
- C:\Windows\System\RYhiMIX.exe
  C:\Windows\System\RYhiMIX.exe
  2⤵
  PID:10148
- C:\Windows\System\HRZebiz.exe
  C:\Windows\System\HRZebiz.exe
  2⤵
  PID:10164
- C:\Windows\System\VSGGggb.exe
  C:\Windows\System\VSGGggb.exe
  2⤵
  PID:10180
- C:\Windows\System\QKxKPbA.exe
  C:\Windows\System\QKxKPbA.exe
  2⤵
  PID:10196
- C:\Windows\System\lyTVqWH.exe
  C:\Windows\System\lyTVqWH.exe
  2⤵
  PID:10212
- C:\Windows\System\JyuvAJr.exe
  C:\Windows\System\JyuvAJr.exe
  2⤵
  PID:10228
- C:\Windows\System\KZVifDo.exe
  C:\Windows\System\KZVifDo.exe
  2⤵
  PID:1180
- C:\Windows\System\GLmIVaj.exe
  C:\Windows\System\GLmIVaj.exe
  2⤵
  PID:1976
- C:\Windows\System\QFzhhrq.exe
  C:\Windows\System\QFzhhrq.exe
  2⤵
  PID:2932
- C:\Windows\System\OzvLhux.exe
  C:\Windows\System\OzvLhux.exe
  2⤵
  PID:9272
- C:\Windows\System\GsOZoVd.exe
  C:\Windows\System\GsOZoVd.exe
  2⤵
  PID:9288
- C:\Windows\System\kuLBHub.exe
  C:\Windows\System\kuLBHub.exe
  2⤵
  PID:9308
- C:\Windows\System\MFyJCfV.exe
  C:\Windows\System\MFyJCfV.exe
  2⤵
  PID:9372
- C:\Windows\System\sYGsCZo.exe
  C:\Windows\System\sYGsCZo.exe
  2⤵
  PID:9408
- C:\Windows\System\ToPBAFP.exe
  C:\Windows\System\ToPBAFP.exe
  2⤵
  PID:9472
- C:\Windows\System\zPXgQWi.exe
  C:\Windows\System\zPXgQWi.exe
  2⤵
  PID:9456
- C:\Windows\System\WaMGumX.exe
  C:\Windows\System\WaMGumX.exe
  2⤵
  PID:9488
- C:\Windows\System\dnpewCa.exe
  C:\Windows\System\dnpewCa.exe
  2⤵
  PID:9516
- C:\Windows\System\IgTQDbd.exe
  C:\Windows\System\IgTQDbd.exe
  2⤵
  PID:9548
- C:\Windows\System\KWruMTv.exe
  C:\Windows\System\KWruMTv.exe
  2⤵
  PID:9556
- C:\Windows\System\pWrSxSR.exe
  C:\Windows\System\pWrSxSR.exe
  2⤵
  PID:9604
- C:\Windows\System\dPSWtWA.exe
  C:\Windows\System\dPSWtWA.exe
  2⤵
  PID:9624
- C:\Windows\System\UWojPVW.exe
  C:\Windows\System\UWojPVW.exe
  2⤵
  PID:9680
- C:\Windows\System\siXDVYs.exe
  C:\Windows\System\siXDVYs.exe
  2⤵
  PID:9708
- C:\Windows\System\vHGLZJG.exe
  C:\Windows\System\vHGLZJG.exe
  2⤵
  PID:9744
- C:\Windows\System\nyEgzEI.exe
  C:\Windows\System\nyEgzEI.exe
  2⤵
  PID:9824
- C:\Windows\System\bYrUEna.exe
  C:\Windows\System\bYrUEna.exe
  2⤵
  PID:9856
- C:\Windows\System\LcwgWUA.exe
  C:\Windows\System\LcwgWUA.exe
  2⤵
  PID:9844
- C:\Windows\System\TAmyMyt.exe
  C:\Windows\System\TAmyMyt.exe
  2⤵
  PID:9920
- C:\Windows\System\svzuPvE.exe
  C:\Windows\System\svzuPvE.exe
  2⤵
  PID:9940
- C:\Windows\System\jXBPGiw.exe
  C:\Windows\System\jXBPGiw.exe
  2⤵
  PID:9636
- C:\Windows\System\wjbuaFW.exe
  C:\Windows\System\wjbuaFW.exe
  2⤵
  PID:9840
- C:\Windows\System\IvaBmsD.exe
  C:\Windows\System\IvaBmsD.exe
  2⤵
  PID:9944
- C:\Windows\System\YiXMYuI.exe
  C:\Windows\System\YiXMYuI.exe
  2⤵
  PID:9992
- C:\Windows\System\FxtLXIE.exe
  C:\Windows\System\FxtLXIE.exe
  2⤵
  PID:10088
- C:\Windows\System\wJsKibH.exe
  C:\Windows\System\wJsKibH.exe
  2⤵
  PID:10144
- C:\Windows\System\bMmeGNf.exe
  C:\Windows\System\bMmeGNf.exe
  2⤵
  PID:9224
- C:\Windows\System\YKJWNVS.exe
  C:\Windows\System\YKJWNVS.exe
  2⤵
  PID:9228
- C:\Windows\System\dUqbHom.exe
  C:\Windows\System\dUqbHom.exe
  2⤵
  PID:9980
- C:\Windows\System\yTPSICR.exe
  C:\Windows\System\yTPSICR.exe
  2⤵
  PID:10012
- C:\Windows\System\qStEIkC.exe
  C:\Windows\System\qStEIkC.exe
  2⤵
  PID:9736
- C:\Windows\System\PotPfrn.exe
  C:\Windows\System\PotPfrn.exe
  2⤵
  PID:9740
- C:\Windows\System\KhRyItw.exe
  C:\Windows\System\KhRyItw.exe
  2⤵
  PID:10120
- C:\Windows\System\GKeLjen.exe
  C:\Windows\System\GKeLjen.exe
  2⤵
  PID:10072
- C:\Windows\System\kGLdFyS.exe
  C:\Windows\System\kGLdFyS.exe
  2⤵
  PID:9820
- C:\Windows\System\zkqfMrM.exe
  C:\Windows\System\zkqfMrM.exe
  2⤵
  PID:10192
- C:\Windows\System\gZfKJTb.exe
  C:\Windows\System\gZfKJTb.exe
  2⤵
  PID:2868
- C:\Windows\System\vQYxhUW.exe
  C:\Windows\System\vQYxhUW.exe
  2⤵
  PID:9324
- C:\Windows\System\phUFqVt.exe
  C:\Windows\System\phUFqVt.exe
  2⤵
  PID:9356
- C:\Windows\System\Ggwygnw.exe
  C:\Windows\System\Ggwygnw.exe
  2⤵
  PID:9424
- C:\Windows\System\avdPXlS.exe
  C:\Windows\System\avdPXlS.exe
  2⤵
  PID:9568
- C:\Windows\System\ImjwASD.exe
  C:\Windows\System\ImjwASD.exe
  2⤵
  PID:9888
- C:\Windows\System\oGKssZX.exe
  C:\Windows\System\oGKssZX.exe
  2⤵
  PID:10024
- C:\Windows\System\EvHMqqg.exe
  C:\Windows\System\EvHMqqg.exe
  2⤵
  PID:9916
- C:\Windows\System\edLLTAm.exe
  C:\Windows\System\edLLTAm.exe
  2⤵
  PID:9368
- C:\Windows\System\cAgNrgX.exe
  C:\Windows\System\cAgNrgX.exe
  2⤵
  PID:9440
- C:\Windows\System\nFRHAxQ.exe
  C:\Windows\System\nFRHAxQ.exe
  2⤵
  PID:9340
- C:\Windows\System\GDxDWGO.exe
  C:\Windows\System\GDxDWGO.exe
  2⤵
  PID:9392
- C:\Windows\System\btuEiwn.exe
  C:\Windows\System\btuEiwn.exe
  2⤵
  PID:9532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ANImzOx.exe

Filesize
6.0MB

MD5
26e51792de00adf55a61cd2fbbbba324

SHA1
70324736e395bf73c2c46a73bfb1f31ae072f8c8

SHA256
2526d4cb314dc30a48ae81632d829195aa9af0025846c8d19aab7ca98525bece

SHA512
3088e31e79fcb9b5bffe4ce99e4c1c9ba483bc39d14e575139a5245a66b081d55b63637855c0661f51c914c42768f7d11aed273bfd5ca44234b04b71701d6995

Download Submit
C:\Windows\system\BTFPdyw.exe

Filesize
6.0MB

MD5
7a716fd2a410cf0cf60acf9240f7fa97

SHA1
dcbf40604bf6f79ff9ba375f775e5599fb4ec315

SHA256
a9976969b8b278e87df1413ba2309d0fd26448447ae9413cb1da8f5bacec0781

SHA512
165fd5d3ae73ddd40d982a4bcd29462ba16113f9e8a7c819edb25aad30f60fea0a5fcb983d72c78969a602ad5a7d0566e0e0d549f72f323b31d8e751850c40c5

Download Submit
C:\Windows\system\ClrYGdH.exe

Filesize
6.0MB

MD5
32f4f54090968ba978bdd8d620ca9618

SHA1
95838a0890a8c860c922315720ec155dd220cf8b

SHA256
60b3fbed313f05a417776dc107afdebd77c762c24529887e10803a496404345a

SHA512
3251fb28338e549da047a12e350bd414fd500341214e12c0f16ceb201e29c1250eced40d24b62ef51a416cfe628f9178ddbd8794d8b7caed43e6f0f95a626ad8

Download Submit
C:\Windows\system\FWTIeWa.exe

Filesize
6.0MB

MD5
1004d4f084b997364beea753074eaa0d

SHA1
bc2906d2bd02713529a4084d20d290c7de083fb0

SHA256
4aec524d5f6cdfcb366f3820620872f36886b7efbd2e32879d339f87abfca121

SHA512
fe23ec20d73359a246580df8395b948e935572452da5c85c6d600238faaf4c13600f9a2e88d42778f3355f1294e1d61b92faa73cea805a27af950309cce234a2

Download Submit
C:\Windows\system\GzKqngx.exe

Filesize
6.0MB

MD5
b463e26c7c983adb5c82e5d80ac3d792

SHA1
1acfd4b8986341b5afac49bbd12dd30f6d5846db

SHA256
99433b21cae4d51b4f9528ec8df2a041c3a95b222142423ad6b6f04409e34364

SHA512
f2b0752be0e44ad759d2cb547249f1e41217bd6046be7f057ac78b67270589a92d63ea98e6b914033ba7d51096b0732b86fd829d064560d258a18815242c5fcf

Download Submit
C:\Windows\system\HIKREhN.exe

Filesize
6.0MB

MD5
f32d1255dd00f75e4e94db5c66c0cea1

SHA1
c47172959f49e3688c541d4d0e00ee909ee0df92

SHA256
277b2c0b680404b2f7dbd8ccfd84431425c4a6486d0391cb0f9ab30e300ff5af

SHA512
da7cd414dc649bb6332a07cefadf01b462630f6e49e43d592993f0359a36afddbd30ab5e435fef8fa1ff963401ec5b30069af3dc4263a92f8f725fa7fa4b5daf

Download Submit
C:\Windows\system\JehvaIY.exe

Filesize
6.0MB

MD5
3e88b6e534e8ac93f5c7f65acaad3c95

SHA1
a970dae540898a179119c76f4c3712e96c9dd586

SHA256
756b58890cae9a5915faa8f1339be12dd71ba2eb5ea612931c5646c895c6a153

SHA512
0e331a493ea3952b8b6adc5220641e67891f09814f3a27d4938e390d3a24a5f6b11666641ed76c3ef47a4dd45789f036d6eaa6951fd8a083ca8efe13ec02df21

Download Submit
C:\Windows\system\KHYmIHd.exe

Filesize
6.0MB

MD5
d556bb8d0d0a0556608ff425ae6db688

SHA1
5da03a0bb4d0e539d6e0174c48dbf69627d318a8

SHA256
1276dd87eba740477ce2620186bebeb0fe76e8570d77fbd26418ed54abe7843e

SHA512
208e23c9a5d1a56edae12673ee98cf6ae09a5f96de031398a732db08de66f69112de1979dfd9c49ff6a6ea3329fe448351b07b2a96333d01e215f7b4e667d489

Download Submit
C:\Windows\system\KPrTEfP.exe

Filesize
6.0MB

MD5
ba3ccf44514929139155ee2f1797b420

SHA1
bab4b8dec737bb6a3391639db1d64478ccb62e2e

SHA256
2cf2a77e8b61d332bbd41839c2776d820534782de6b4bcdeff26f42fda07eb43

SHA512
b9f25ac467ddfaaea36c17320fd621fc3a01bf226b8e1af6737c80a29fe190577bfdd40fffd6de2617977f1440b86b070f10ee7601bbb83e6ce8f60b5017a6c3

Download Submit
C:\Windows\system\LycPNrM.exe

Filesize
6.0MB

MD5
ca867f3db6197a868401594204a600fc

SHA1
f15697568c9e1991b9f7da4b491bca7ffa5bce50

SHA256
907ecff91b05069ba4921daac8f9dd0a282650365c9b1a6da5a9238c493c7ffd

SHA512
839db29fbe7bef081dc9da2dbb5b0829f93e81544962507578b3368e228217e59b12394e7c4f85472c86c58cea4485eef2b04b9cdcaac6db7d727540bb18349e

Download Submit
C:\Windows\system\MJkpJLK.exe

Filesize
6.0MB

MD5
4ee42c93f85d4903709d545515511f8a

SHA1
0bcea72cf3901451697836cd2a3a28819a3f3cab

SHA256
e02e85c7cd0e0263159e3f63c0198a2aac0385fa765cb80240dfccd16009f71c

SHA512
ec55e5c5bd7d2af40060bdc394582e26e7db719705ad7b9458101170e2ad5f7cb06fb301c6b13e4a94581c7ad48b463f44068ef07b8af1c1611343716219153c

Download Submit
C:\Windows\system\PVyOAsr.exe

Filesize
6.0MB

MD5
3d4625eb73f29ffa193ea4e4447d16a9

SHA1
261e25514fb6ba42fb4a1b5d55ff7037a299c7d6

SHA256
669a88ccc46770e728fa6a5ddc42fc83730b7a61f1977c17caed695d8b4271ae

SHA512
3e5385c11841320c79e0b035396cfbf072c8d3c7ef5ee52d959b8b9d1b61197f1353b386483c6123bbd8a93747c9864949c2fb157c9f7dff52573aa431e1a268

Download Submit
C:\Windows\system\SVxmZni.exe

Filesize
6.0MB

MD5
2d2ec5bd3dd6f484e8750c70dc2c4a15

SHA1
5d1d2e255b68810b65b2fd6d64fed415a24f6949

SHA256
953aeea259b90658f8a73dac21bad3c462c41dd26d57591187914acd1ef0b182

SHA512
9b3a38196fa214992e97d85253db104d5459aa6c11bf147e9a6f390e3687f8572f9ce4d5dde4a381c1c8053ed876f769a60f1062167137c9fffeddadc092ca44

Download Submit
C:\Windows\system\SloQVVP.exe

Filesize
6.0MB

MD5
a8737b541b69bcca1ea62cec2407396d

SHA1
3875beeafe4ff498b02ed2971934a04e34302f71

SHA256
d01f42a64ebea0bb32142a2d18a841e765964f7fdbda07fb91e84f7e88ba3453

SHA512
0a8ef35053399b60b464bc923657780140a5631f8ffda183d77395af23cd66c76dd25e723ed94131d5a146c204ba5c023ba2482de466dec880bedec090b06bd3

Download Submit
C:\Windows\system\XTLKcMX.exe

Filesize
6.0MB

MD5
a738510be4e4d0394af025bc22487697

SHA1
6d74fc813361ae83d5f66bbd9f865bd8212e5d0d

SHA256
5f3b7fccdf83e3ac2016df3866cf48d23f3ad50ea35d6f33a335ae04ca139f71

SHA512
c65c3e52dc03bc65d8dc90afc34ab0531da07cd11d6d4c9c237953b49b8a0e0a85c5f363d423a59057a581ad56b8dba6469d645017eebbc8cc2b85bd69408d9c

Download Submit
C:\Windows\system\YAyewFX.exe

Filesize
6.0MB

MD5
70b80718dd71aafaa1d5be5b53aff0d0

SHA1
b28ed6a7fdf6ac26743adf442137ac475f6e3585

SHA256
8ef517ad99186631ac53d9571a6a74f4921089f2af85f7ebf99dbe94bb1bbfe2

SHA512
fa5e7a1e2e6d80a34497b11e690500149f5a48ca3077e45ebada94d8ac2431c03f1d1a9c34760a80674e6df5533fc99b1e7f779534a746ebee88ed6907d3caf7

Download Submit
C:\Windows\system\aWlQoQh.exe

Filesize
6.0MB

MD5
e97546926c6e258bd6a68b1449600f9c

SHA1
47111057d0dfb8831afcaf0530711bb10916438b

SHA256
b8a1322b82bf2f0ca18f70bb66668a039a66e5d0f9eb8786a5c40a18746e778b

SHA512
944069ce60fce7df1c4d57dd78cb08310e02b3b9e9eba0db8d89d99f33bde1b76d0f7d38f5d56acdb2e7794eda9de1a3d93c92835e067978d857404cab661b46

Download Submit
C:\Windows\system\eqyHktb.exe

Filesize
6.0MB

MD5
9b228258add93ed3015ca2363812bddf

SHA1
0051cc56044a6d83bed2d68b2d247b895075eb26

SHA256
3b97ce0e952f5675a627821c9aeb09291ab25da110bd4cc2878c59914884ed6d

SHA512
b24c81aa7c9507c9fd18ecc6dbefae43da599d9fec98b7e0ab1a53ec664eb6ce00f3f22f0d5c7f934419c0867d0c1f03901dc4da257a00f7cdf62c14856522a3

Download Submit
C:\Windows\system\eurphVm.exe

Filesize
6.0MB

MD5
f00db3627ef48e8b4cc36c024a239b32

SHA1
f65ac97c237966bc04093e28e2abf6e56e28c576

SHA256
f959ea7b1f2655be8605e2176f3b58d203455a017c113f52af26da308c4e60d5

SHA512
4fc5d15fecafbe5440a0a42c8089d58e099709d354bb1f58c4bb28010a8ed2731300d00aaacfcd9557e36b7af281db5abef14431c31e74f9ac941629e815f918

Download Submit
C:\Windows\system\gCqTpPx.exe

Filesize
6.0MB

MD5
679e90ce54f280e7549173f5b75c20bd

SHA1
6dab06a7a91d0e2dbb0bb704f1288b8d3fd6304b

SHA256
cd374f28b5134fdcb89b76e10e7544d2ed65ae47ce362c92fe942d1da0a872bb

SHA512
ee894274a7427e9cb15ecc9bb0bee77157efa5193ce72fb09a3455dd71f399514362b33506036649897ea64a2f17b3fa08d06fe4c1ab08a2ecc67ed3cad94681

Download Submit
C:\Windows\system\mHZNYYL.exe

Filesize
6.0MB

MD5
74aaaf535dc9265f1bf40342d8356a4d

SHA1
3176bc3a62b5d3aac9f8b78cff2d467ff36d0463

SHA256
6620c8434f2345608f9c3ca138bf7ac162642dba1439da4db456f516d7ba970e

SHA512
427d6648fc10a920343f236a3fb1dfd68883ade784583ffc7992200ea93da74ec93753f439272edb84132d4677308014dd35000a9cadfb7e166cb4632172d7c5

Download Submit
C:\Windows\system\miPDhkX.exe

Filesize
6.0MB

MD5
56086bf53f7e08e1de765d9c40c4c549

SHA1
11e28bc9bc43f7f53ed491dfd812c12eb4e691ad

SHA256
61573ff234a78e1d0e81914a675251a3b1948a879b86fbe6d984c0b0d22ab2a1

SHA512
39378814aec6554b8056c4e2265caa3514feb49ca479893c4c39fd06689c02d7f608c0c254e80a63c95894f6e9b2c18296a008fa39fc19a103970d0f9747b1b1

Download Submit
C:\Windows\system\nNJbHjN.exe

Filesize
6.0MB

MD5
dfe60fc237d3f7a60d0db0fc1eea1d0c

SHA1
31addefbf537cba3c3f440a9920ceffc4765bd56

SHA256
09251ada219f94ef4fb0856a0b6c94ff101cceb11435ee79a8a5b12a66a2e33a

SHA512
35e93c41e5368464b95823f6e1a96e6cafa924217f2abd64abe241258c010d484795ebc5f53d7955394dc5eabb94f69cc0fdf08a81b60083647599d218fd8797

Download Submit
C:\Windows\system\qVheZjc.exe

Filesize
6.0MB

MD5
2cf64a8b5e1f743384fefdcf852c6361

SHA1
aa3201a2a23bd2052925a7efef55d846443a916c

SHA256
10de05a8e894e5267370e113402ccac44d293d2f6dc0c730ceec2d2be7946a22

SHA512
ecc6cc1bc65bf71504c530f0dc7998846493f809a27733a55bb95e92f28ec4929a8124b29703252d03741312dfe78ec3a12d3fdf402287a2c17464b23e61fa0b

Download Submit
C:\Windows\system\wDelrDC.exe

Filesize
6.0MB

MD5
f87b2dc64940d8d3d3075b6eba9c7f09

SHA1
50002de27d353ea8736af297f89f84a15e5fc31c

SHA256
428c377560199ea439ebc9d21bb5610a8f0ec4e1cf7d38902bc4ab1570157e20

SHA512
32304e41560e0c8f7f79aa6c3be65d2afb65b89ced4ae172697598cec2295d4e2b5638043c88165c175a122df7b54d23762f138741174a5222eba5b415e8ff89

Download Submit
C:\Windows\system\zUSIFeJ.exe

Filesize
6.0MB

MD5
79b9c0df56a965b017e67857cdfa97fc

SHA1
cdd225863e9f47399492e53bb685ef9971e4b196

SHA256
da1b9823c9b958924aefb868cb9cb368345295aaa97b0039c42b698f08d23114

SHA512
bf79a55505f84d7f3280581270ac9f18352061cee0d01486440352001ab342d6f811368dc055fd9f3e4194460de64fd3fa71de076732271953762d8e9d24edd8

Download Submit
C:\Windows\system\zgwfPoL.exe

Filesize
6.0MB

MD5
088f2354d3326d64d72d420eb054f387

SHA1
0a2b2b2bb9c54f509f183305425aab6471381797

SHA256
1e3cf0d6b76ff45ed6dc6704a262280b67e7fe029e2854c943d24fd8ee65578c

SHA512
25c10b574736aa103785c3dfd2a81340b11eaff3d2dfffea2e48876f9fa6298235d64b9df62d470ff4fbd19252fecb00195fc9660ad5aeb7f43eb1646dd6a07e

Download Submit
\Windows\system\NEzgRcS.exe

Filesize
6.0MB

MD5
8f3693d38d5a124b7814f1ff72105149

SHA1
9cfe6bb601436be6fe44081de3abbb7678422ea9

SHA256
26f883977a83b1d80993f44b2984528ba100cbd954c95d10bbba074d0b4bec17

SHA512
657b267b5833fb37268a5da21733dcb84c430794bb6261ec7a9c9fed9cbff4b668d754b954f9494f6676095d3bba46ab032ba2d67ce38ae772d2d7aeef9170b9

Download Submit
\Windows\system\hYBYeRC.exe

Filesize
6.0MB

MD5
5e692438fccb291473e53b2a13d8ae8b

SHA1
a18290d58f219da6bf19811743542cceff20d894

SHA256
1b1ac3d38d5b9516ce84d761982c43de21bb7e5f6047a51fa6fcce1008f4bd31

SHA512
1dffae0f3507f82cbb5a14dc8fa52ba60521efa26f6b969c92d345270ec45ee81e958a011dd82e367e3c506fb0bbd0e7e87d44efe2f883a77c54dbdba44005bd

Download Submit
\Windows\system\nMtDXCk.exe

Filesize
6.0MB

MD5
5fee7fad7602d9ebdbd05695829b5692

SHA1
d4906b4df8124e56bcf62a25984fb83dcffaab98

SHA256
b939ac9c27a42281860e445e75fbb19f0569bf95539eee1028764ad6fd310981

SHA512
6f32928c960963340562323f24fbb095a10024e485bf08dd20c4fa60de33f3649c586b329b2eeb58dc9b31d3fadfe7c1a09dd73640c013c966533727b6c917ab

Download Submit
\Windows\system\sCtGXzu.exe

Filesize
6.0MB

MD5
f9d0328900853a831e76377036026cca

SHA1
52fd4ce2e9a8d75579d8211bf93ef5e4e319d36e

SHA256
ba60f3e1ebe600c4bd6daff485f353c4843ed0d518066010b348fa551141a58f

SHA512
674cca8a01914662c3149f37437052d1e22a6744f56e629e652c24c97557e4005573a326cf182a29f6a1662f66aeb876b6d0d71e2d5786b5c25f94231629aa12

Download Submit
\Windows\system\xCzzgij.exe

Filesize
6.0MB

MD5
a75ca6eaa9028eff86e04b8536b54f62

SHA1
4bc53ba34f71b9d056f2e326a12b000e558c9fca

SHA256
fdc5202a37f1a87cad2d6be888d8bb585256e7eb8ecb8503bf19c8ed7608810a

SHA512
fd60fd4a16f1e0130c60a935d2f74575231c6750884e8565fd7444eeee7e79407462578f1420134a9a7ae20c5bc9fa0c33658f64f16f7eac18902456262abec4

Download Submit
memory/484-60-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/484-2941-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1584-42-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/1584-2929-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/1584-8-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-50-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/1736-75-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-91-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-52-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1736-82-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1736-113-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1736-31-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1736-170-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-68-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-59-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1736-0-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/1736-100-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/1736-29-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1736-98-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1736-20-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-73-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1736-542-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1736-97-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/1736-543-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-40-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/1736-12-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2116-58-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2116-14-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2937-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2164-95-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-638-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-2958-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-111-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2332-2968-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2927-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-24-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-99-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2436-2978-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2436-819-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2640-2965-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2640-112-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2712-51-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2712-2953-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2716-76-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-2931-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-33-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-348-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-80-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-2977-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-90-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-41-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-2939-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-2928-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2908-81-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2908-35-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2916-72-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-2962-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-169-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download