cobaltstrike | 7d9bd925bf87fbba9140a95dcf8e73dd63ff8479cf2fb6a108a01d3b333aa905

Analysis

max time kernel
151s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
16-11-2024 01:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

72e644c9b649b7c265004489ba13948b
SHA1

bf07d26a5fe9d5bcd30bde7d92276834c6ba8e56
SHA256

7d9bd925bf87fbba9140a95dcf8e73dd63ff8479cf2fb6a108a01d3b333aa905
SHA512

386520981e8b9954dd3f3ce363b436cd82c8eaa7792aab247bec2b48083da4f29ea90bb4f3447d188225ed38435b7253af6e99817fa56217f71f13590e709a91
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUS:T+q56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0027000000016d2c-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d69-8.dat	cobalt_reflective_dll
behavioral1/files/0x0012000000016d3f-20.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016fc9-24.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001756b-40.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-54.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001932a-68.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-98.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-87.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-73.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001756e-49.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000186b7-58.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000170f8-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/576-0-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x0027000000016d2c-6.dat	xmrig
behavioral1/files/0x0009000000016d69-8.dat	xmrig
behavioral1/memory/2848-16-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/576-21-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2980-23-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x0012000000016d3f-20.dat	xmrig
behavioral1/files/0x0008000000016fc9-24.dat	xmrig
behavioral1/memory/2832-15-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2768-37-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x000700000001756b-40.dat	xmrig
behavioral1/memory/2752-61-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-54.dat	xmrig
behavioral1/files/0x000600000001932a-68.dat	xmrig
behavioral1/memory/2552-69-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2864-78-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2904-91-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c1-82.dat	xmrig
behavioral1/files/0x00050000000195c6-102.dat	xmrig
behavioral1/files/0x0005000000019643-122.dat	xmrig
behavioral1/files/0x0005000000019820-141.dat	xmrig
behavioral1/files/0x0005000000019bf6-156.dat	xmrig
behavioral1/files/0x0005000000019bf9-162.dat	xmrig
behavioral1/files/0x0005000000019d6d-181.dat	xmrig
behavioral1/memory/1636-244-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x0005000000019fd4-192.dat	xmrig
behavioral1/memory/2552-189-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019e92-186.dat	xmrig
behavioral1/files/0x0005000000019d62-176.dat	xmrig
behavioral1/files/0x0005000000019d61-172.dat	xmrig
behavioral1/files/0x0005000000019c3c-166.dat	xmrig
behavioral1/files/0x0005000000019bf5-152.dat	xmrig
behavioral1/files/0x000500000001998d-146.dat	xmrig
behavioral1/files/0x00050000000197fd-136.dat	xmrig
behavioral1/files/0x0005000000019761-131.dat	xmrig
behavioral1/files/0x000500000001975a-126.dat	xmrig
behavioral1/files/0x00050000000195c7-112.dat	xmrig
behavioral1/files/0x000500000001960c-116.dat	xmrig
behavioral1/memory/1348-101-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2852-100-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c5-98.dat	xmrig
behavioral1/memory/1636-95-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2184-89-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c3-87.dat	xmrig
behavioral1/memory/876-77-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195bd-73.dat	xmrig
behavioral1/memory/2620-66-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2852-53-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/576-50-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x000700000001756e-49.dat	xmrig
behavioral1/memory/2904-42-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x00080000000186b7-58.dat	xmrig
behavioral1/memory/2864-29-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/files/0x00070000000170f8-33.dat	xmrig
behavioral1/memory/1348-1127-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2832-1126-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2184-1125-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/1636-1124-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2552-1123-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/876-1122-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2752-1121-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2620-1120-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2864-1119-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2852-1118-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2832	XzAJzLo.exe
2848	KaOIgKm.exe
2980	ZMvIQKJ.exe
2864	FUkmdrM.exe
2768	meWpOVW.exe
2904	gcTaJJc.exe
2852	wyPwMpe.exe
2752	fxPzGdB.exe
2620	Buwaenz.exe
2552	aJlWknH.exe
876	nyZhvJE.exe
2184	TsyATPC.exe
1636	jzVvDjJ.exe
1348	nGkMJCa.exe
3048	yChYyJs.exe
1808	pfggdYs.exe
2808	NHpqpTW.exe
2364	onUdhiL.exe
2568	YDdfJiy.exe
2296	vKUNrUh.exe
2432	fLSJoUW.exe
788	McGVaiP.exe
2308	SQIKBRv.exe
2836	DJamuoF.exe
2056	ZWBmVGQ.exe
2524	fHuKANk.exe
2488	ZvSRUWv.exe
2456	JWkhLCy.exe
2468	voxKdBk.exe
1324	VUTupWQ.exe
1456	lLCuuew.exe
1480	lsytFBa.exe
620	jcGSFZZ.exe
1196	waybXZJ.exe
1804	zQWBuTT.exe
2668	tLTUZnW.exe
1156	kHUzFlT.exe
1740	QvbuzQi.exe
908	rwUKzPU.exe
1896	bDEGoKu.exe
1620	ATwzSNd.exe
812	gjeJdxp.exe
2676	QvWUZGl.exe
2128	zJqAcDQ.exe
2824	AAPvCDR.exe
2208	xDyUfXJ.exe
2692	ZDJBYYU.exe
1724	oDqyoHB.exe
2392	yLjzsRJ.exe
688	uLHFeQv.exe
1592	UpmZgul.exe
2884	NLRIlWz.exe
2828	aLqqjQr.exe
2596	VjstSKt.exe
1168	bONtMJp.exe
1120	XPaYofw.exe
1888	ngfZpNk.exe
596	ujCxaBk.exe
1588	zFnOgcD.exe
2272	POhHEob.exe
2960	XLdfZJG.exe
2736	pYYrwPK.exe
2772	wVqLSFj.exe
2428	XvAcUpp.exe

Loads dropped DLL 64 IoCs

pid	Process
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/576-0-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/files/0x0027000000016d2c-6.dat	upx
behavioral1/files/0x0009000000016d69-8.dat	upx
behavioral1/memory/2848-16-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2980-23-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x0012000000016d3f-20.dat	upx
behavioral1/files/0x0008000000016fc9-24.dat	upx
behavioral1/memory/2832-15-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2768-37-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x000700000001756b-40.dat	upx
behavioral1/memory/2752-61-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x0002000000018334-54.dat	upx
behavioral1/files/0x000600000001932a-68.dat	upx
behavioral1/memory/2552-69-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2864-78-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2904-91-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x00050000000195c1-82.dat	upx
behavioral1/files/0x00050000000195c6-102.dat	upx
behavioral1/files/0x0005000000019643-122.dat	upx
behavioral1/files/0x0005000000019820-141.dat	upx
behavioral1/files/0x0005000000019bf6-156.dat	upx
behavioral1/files/0x0005000000019bf9-162.dat	upx
behavioral1/files/0x0005000000019d6d-181.dat	upx
behavioral1/memory/1636-244-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x0005000000019fd4-192.dat	upx
behavioral1/memory/2552-189-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/files/0x0005000000019e92-186.dat	upx
behavioral1/files/0x0005000000019d62-176.dat	upx
behavioral1/files/0x0005000000019d61-172.dat	upx
behavioral1/files/0x0005000000019c3c-166.dat	upx
behavioral1/files/0x0005000000019bf5-152.dat	upx
behavioral1/files/0x000500000001998d-146.dat	upx
behavioral1/files/0x00050000000197fd-136.dat	upx
behavioral1/files/0x0005000000019761-131.dat	upx
behavioral1/files/0x000500000001975a-126.dat	upx
behavioral1/files/0x00050000000195c7-112.dat	upx
behavioral1/files/0x000500000001960c-116.dat	upx
behavioral1/memory/1348-101-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2852-100-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/files/0x00050000000195c5-98.dat	upx
behavioral1/memory/1636-95-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2184-89-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x00050000000195c3-87.dat	upx
behavioral1/memory/876-77-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x00050000000195bd-73.dat	upx
behavioral1/memory/2620-66-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2852-53-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/576-50-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/files/0x000700000001756e-49.dat	upx
behavioral1/memory/2904-42-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x00080000000186b7-58.dat	upx
behavioral1/memory/2864-29-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x00070000000170f8-33.dat	upx
behavioral1/memory/1348-1127-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2832-1126-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2184-1125-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/1636-1124-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2552-1123-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/876-1122-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2752-1121-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2620-1120-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2864-1119-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2852-1118-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2848-1117-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QjXTUru.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LmeNpuW.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyoSTdG.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WsbJCDf.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pMyVhSj.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qifqRHE.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdAkIVP.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zAKPQbi.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUJlUvh.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XpBLHHx.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dPHGrqZ.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GozSBpG.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wiYbNnB.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nhcFkId.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KTGodIq.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QLvSFtg.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yEZzCVF.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qsnrifh.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EwwfGFi.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OocdEqy.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXbiwtL.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RpsROUx.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AMQXMmk.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrKsODk.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pAkukVv.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ekqjVDb.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYLsqrH.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RlVwYVs.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vrHaedm.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yLlXeve.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UrgRucw.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AQEsqCH.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NkvKibv.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfgYFcN.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vlsCmfR.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AqxBFEf.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wuxHaEX.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\trLxjUV.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KJzPOqk.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYedQnl.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mIzLRTQ.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MuRFyau.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VQOEARm.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XkZZLqK.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cNnSWDT.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vyqLySC.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AxVFavi.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kCuyVqS.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgUSvgO.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PuFEYSk.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KEleJbl.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bkzeUqG.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRdVIfy.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VkWmOoo.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sFdUlXX.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vwIeuky.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXJhkhw.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sEHkXqP.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCFatqh.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\elUvvsc.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZeeMdSH.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aIGFJRx.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kLVtuid.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zRuIzaC.exe	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 576 wrote to memory of 2832	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 576 wrote to memory of 2832	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 576 wrote to memory of 2832	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 576 wrote to memory of 2848	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 576 wrote to memory of 2848	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 576 wrote to memory of 2848	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 576 wrote to memory of 2980	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 576 wrote to memory of 2980	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 576 wrote to memory of 2980	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 576 wrote to memory of 2864	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 576 wrote to memory of 2864	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 576 wrote to memory of 2864	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 576 wrote to memory of 2768	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 576 wrote to memory of 2768	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 576 wrote to memory of 2768	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 576 wrote to memory of 2904	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 576 wrote to memory of 2904	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 576 wrote to memory of 2904	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 576 wrote to memory of 2852	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 576 wrote to memory of 2852	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 576 wrote to memory of 2852	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 576 wrote to memory of 2752	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 576 wrote to memory of 2752	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 576 wrote to memory of 2752	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 576 wrote to memory of 2620	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 576 wrote to memory of 2620	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 576 wrote to memory of 2620	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 576 wrote to memory of 2552	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 576 wrote to memory of 2552	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 576 wrote to memory of 2552	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 576 wrote to memory of 876	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 576 wrote to memory of 876	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 576 wrote to memory of 876	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 576 wrote to memory of 2184	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 576 wrote to memory of 2184	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 576 wrote to memory of 2184	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 576 wrote to memory of 1636	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 576 wrote to memory of 1636	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 576 wrote to memory of 1636	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 576 wrote to memory of 1348	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 576 wrote to memory of 1348	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 576 wrote to memory of 1348	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 576 wrote to memory of 3048	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 576 wrote to memory of 3048	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 576 wrote to memory of 3048	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 576 wrote to memory of 1808	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 576 wrote to memory of 1808	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 576 wrote to memory of 1808	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 576 wrote to memory of 2808	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 576 wrote to memory of 2808	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 576 wrote to memory of 2808	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 576 wrote to memory of 2364	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 576 wrote to memory of 2364	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 576 wrote to memory of 2364	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 576 wrote to memory of 2568	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 576 wrote to memory of 2568	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 576 wrote to memory of 2568	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 576 wrote to memory of 2296	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 576 wrote to memory of 2296	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 576 wrote to memory of 2296	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 576 wrote to memory of 2432	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 576 wrote to memory of 2432	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 576 wrote to memory of 2432	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 576 wrote to memory of 788	576	2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-16_72e644c9b649b7c265004489ba13948b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:576
- C:\Windows\System\XzAJzLo.exe
  C:\Windows\System\XzAJzLo.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\KaOIgKm.exe
  C:\Windows\System\KaOIgKm.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\ZMvIQKJ.exe
  C:\Windows\System\ZMvIQKJ.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\FUkmdrM.exe
  C:\Windows\System\FUkmdrM.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\meWpOVW.exe
  C:\Windows\System\meWpOVW.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\gcTaJJc.exe
  C:\Windows\System\gcTaJJc.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\wyPwMpe.exe
  C:\Windows\System\wyPwMpe.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\fxPzGdB.exe
  C:\Windows\System\fxPzGdB.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\Buwaenz.exe
  C:\Windows\System\Buwaenz.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\aJlWknH.exe
  C:\Windows\System\aJlWknH.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\nyZhvJE.exe
  C:\Windows\System\nyZhvJE.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\TsyATPC.exe
  C:\Windows\System\TsyATPC.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\jzVvDjJ.exe
  C:\Windows\System\jzVvDjJ.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\nGkMJCa.exe
  C:\Windows\System\nGkMJCa.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\yChYyJs.exe
  C:\Windows\System\yChYyJs.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\pfggdYs.exe
  C:\Windows\System\pfggdYs.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\NHpqpTW.exe
  C:\Windows\System\NHpqpTW.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\onUdhiL.exe
  C:\Windows\System\onUdhiL.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\YDdfJiy.exe
  C:\Windows\System\YDdfJiy.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\vKUNrUh.exe
  C:\Windows\System\vKUNrUh.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\fLSJoUW.exe
  C:\Windows\System\fLSJoUW.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\McGVaiP.exe
  C:\Windows\System\McGVaiP.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\SQIKBRv.exe
  C:\Windows\System\SQIKBRv.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\DJamuoF.exe
  C:\Windows\System\DJamuoF.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\ZWBmVGQ.exe
  C:\Windows\System\ZWBmVGQ.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\fHuKANk.exe
  C:\Windows\System\fHuKANk.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\ZvSRUWv.exe
  C:\Windows\System\ZvSRUWv.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\JWkhLCy.exe
  C:\Windows\System\JWkhLCy.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\voxKdBk.exe
  C:\Windows\System\voxKdBk.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\VUTupWQ.exe
  C:\Windows\System\VUTupWQ.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\lLCuuew.exe
  C:\Windows\System\lLCuuew.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\lsytFBa.exe
  C:\Windows\System\lsytFBa.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\jcGSFZZ.exe
  C:\Windows\System\jcGSFZZ.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\waybXZJ.exe
  C:\Windows\System\waybXZJ.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\zQWBuTT.exe
  C:\Windows\System\zQWBuTT.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\tLTUZnW.exe
  C:\Windows\System\tLTUZnW.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\kHUzFlT.exe
  C:\Windows\System\kHUzFlT.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\QvbuzQi.exe
  C:\Windows\System\QvbuzQi.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\rwUKzPU.exe
  C:\Windows\System\rwUKzPU.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\bDEGoKu.exe
  C:\Windows\System\bDEGoKu.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\ATwzSNd.exe
  C:\Windows\System\ATwzSNd.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\gjeJdxp.exe
  C:\Windows\System\gjeJdxp.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\QvWUZGl.exe
  C:\Windows\System\QvWUZGl.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\AAPvCDR.exe
  C:\Windows\System\AAPvCDR.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\zJqAcDQ.exe
  C:\Windows\System\zJqAcDQ.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\ZDJBYYU.exe
  C:\Windows\System\ZDJBYYU.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\xDyUfXJ.exe
  C:\Windows\System\xDyUfXJ.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\yLjzsRJ.exe
  C:\Windows\System\yLjzsRJ.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\oDqyoHB.exe
  C:\Windows\System\oDqyoHB.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\ujCxaBk.exe
  C:\Windows\System\ujCxaBk.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\uLHFeQv.exe
  C:\Windows\System\uLHFeQv.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\zFnOgcD.exe
  C:\Windows\System\zFnOgcD.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\UpmZgul.exe
  C:\Windows\System\UpmZgul.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\POhHEob.exe
  C:\Windows\System\POhHEob.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\NLRIlWz.exe
  C:\Windows\System\NLRIlWz.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\XLdfZJG.exe
  C:\Windows\System\XLdfZJG.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\aLqqjQr.exe
  C:\Windows\System\aLqqjQr.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\pYYrwPK.exe
  C:\Windows\System\pYYrwPK.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\VjstSKt.exe
  C:\Windows\System\VjstSKt.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\wVqLSFj.exe
  C:\Windows\System\wVqLSFj.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\bONtMJp.exe
  C:\Windows\System\bONtMJp.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\XvAcUpp.exe
  C:\Windows\System\XvAcUpp.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\XPaYofw.exe
  C:\Windows\System\XPaYofw.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\uZrTFeg.exe
  C:\Windows\System\uZrTFeg.exe
  2⤵
  PID:2896
- C:\Windows\System\ngfZpNk.exe
  C:\Windows\System\ngfZpNk.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\qWYBOhk.exe
  C:\Windows\System\qWYBOhk.exe
  2⤵
  PID:2000
- C:\Windows\System\prDUQAF.exe
  C:\Windows\System\prDUQAF.exe
  2⤵
  PID:288
- C:\Windows\System\oFYUGpW.exe
  C:\Windows\System\oFYUGpW.exe
  2⤵
  PID:1160
- C:\Windows\System\iiyIHJI.exe
  C:\Windows\System\iiyIHJI.exe
  2⤵
  PID:1644
- C:\Windows\System\MFmzXSR.exe
  C:\Windows\System\MFmzXSR.exe
  2⤵
  PID:1956
- C:\Windows\System\QUMZeVG.exe
  C:\Windows\System\QUMZeVG.exe
  2⤵
  PID:2500
- C:\Windows\System\mLEDIJw.exe
  C:\Windows\System\mLEDIJw.exe
  2⤵
  PID:1932
- C:\Windows\System\PBQnMrm.exe
  C:\Windows\System\PBQnMrm.exe
  2⤵
  PID:956
- C:\Windows\System\dVWxrls.exe
  C:\Windows\System\dVWxrls.exe
  2⤵
  PID:1532
- C:\Windows\System\qyztfRO.exe
  C:\Windows\System\qyztfRO.exe
  2⤵
  PID:1916
- C:\Windows\System\rCVcOuO.exe
  C:\Windows\System\rCVcOuO.exe
  2⤵
  PID:1596
- C:\Windows\System\kuSoGbU.exe
  C:\Windows\System\kuSoGbU.exe
  2⤵
  PID:1084
- C:\Windows\System\Mlusllk.exe
  C:\Windows\System\Mlusllk.exe
  2⤵
  PID:2204
- C:\Windows\System\eEszFyy.exe
  C:\Windows\System\eEszFyy.exe
  2⤵
  PID:836
- C:\Windows\System\KfNyEfr.exe
  C:\Windows\System\KfNyEfr.exe
  2⤵
  PID:2376
- C:\Windows\System\kwFOSdA.exe
  C:\Windows\System\kwFOSdA.exe
  2⤵
  PID:2684
- C:\Windows\System\DQwNZuP.exe
  C:\Windows\System\DQwNZuP.exe
  2⤵
  PID:800
- C:\Windows\System\MpRAgzK.exe
  C:\Windows\System\MpRAgzK.exe
  2⤵
  PID:2068
- C:\Windows\System\spXYslc.exe
  C:\Windows\System\spXYslc.exe
  2⤵
  PID:1684
- C:\Windows\System\QvMmVEl.exe
  C:\Windows\System\QvMmVEl.exe
  2⤵
  PID:2480
- C:\Windows\System\IpFhaba.exe
  C:\Windows\System\IpFhaba.exe
  2⤵
  PID:2504
- C:\Windows\System\bmOKDXP.exe
  C:\Windows\System\bmOKDXP.exe
  2⤵
  PID:2256
- C:\Windows\System\lUFWRpR.exe
  C:\Windows\System\lUFWRpR.exe
  2⤵
  PID:2544
- C:\Windows\System\wuxHaEX.exe
  C:\Windows\System\wuxHaEX.exe
  2⤵
  PID:1600
- C:\Windows\System\CfGiEFj.exe
  C:\Windows\System\CfGiEFj.exe
  2⤵
  PID:2096
- C:\Windows\System\jMgtKbY.exe
  C:\Windows\System\jMgtKbY.exe
  2⤵
  PID:1472
- C:\Windows\System\mkQZfRq.exe
  C:\Windows\System\mkQZfRq.exe
  2⤵
  PID:2164
- C:\Windows\System\zUdMBjV.exe
  C:\Windows\System\zUdMBjV.exe
  2⤵
  PID:1452
- C:\Windows\System\vEymcSj.exe
  C:\Windows\System\vEymcSj.exe
  2⤵
  PID:2660
- C:\Windows\System\xJBYcTV.exe
  C:\Windows\System\xJBYcTV.exe
  2⤵
  PID:1400
- C:\Windows\System\bNtykXF.exe
  C:\Windows\System\bNtykXF.exe
  2⤵
  PID:2844
- C:\Windows\System\lmYbnBQ.exe
  C:\Windows\System\lmYbnBQ.exe
  2⤵
  PID:1004
- C:\Windows\System\TqnFVQE.exe
  C:\Windows\System\TqnFVQE.exe
  2⤵
  PID:2988
- C:\Windows\System\BmhWKiM.exe
  C:\Windows\System\BmhWKiM.exe
  2⤵
  PID:2908
- C:\Windows\System\mixntfz.exe
  C:\Windows\System\mixntfz.exe
  2⤵
  PID:2352
- C:\Windows\System\IoBtcIt.exe
  C:\Windows\System\IoBtcIt.exe
  2⤵
  PID:2344
- C:\Windows\System\WKhKUcu.exe
  C:\Windows\System\WKhKUcu.exe
  2⤵
  PID:2992
- C:\Windows\System\rlZtCcu.exe
  C:\Windows\System\rlZtCcu.exe
  2⤵
  PID:2448
- C:\Windows\System\WgXYGmF.exe
  C:\Windows\System\WgXYGmF.exe
  2⤵
  PID:676
- C:\Windows\System\lqceFyi.exe
  C:\Windows\System\lqceFyi.exe
  2⤵
  PID:2288
- C:\Windows\System\BjZINdk.exe
  C:\Windows\System\BjZINdk.exe
  2⤵
  PID:2440
- C:\Windows\System\QfugLXS.exe
  C:\Windows\System\QfugLXS.exe
  2⤵
  PID:1892
- C:\Windows\System\gJmNfmL.exe
  C:\Windows\System\gJmNfmL.exe
  2⤵
  PID:2556
- C:\Windows\System\jngfEjV.exe
  C:\Windows\System\jngfEjV.exe
  2⤵
  PID:952
- C:\Windows\System\KCvXozU.exe
  C:\Windows\System\KCvXozU.exe
  2⤵
  PID:1904
- C:\Windows\System\zGvvuaq.exe
  C:\Windows\System\zGvvuaq.exe
  2⤵
  PID:3000
- C:\Windows\System\jsqdKqm.exe
  C:\Windows\System\jsqdKqm.exe
  2⤵
  PID:2724
- C:\Windows\System\RtYKUMv.exe
  C:\Windows\System\RtYKUMv.exe
  2⤵
  PID:1660
- C:\Windows\System\jqiWxhw.exe
  C:\Windows\System\jqiWxhw.exe
  2⤵
  PID:1448
- C:\Windows\System\NnrkRRD.exe
  C:\Windows\System\NnrkRRD.exe
  2⤵
  PID:708
- C:\Windows\System\yiDKBDt.exe
  C:\Windows\System\yiDKBDt.exe
  2⤵
  PID:1824
- C:\Windows\System\yFFGzge.exe
  C:\Windows\System\yFFGzge.exe
  2⤵
  PID:1816
- C:\Windows\System\tlnvvIu.exe
  C:\Windows\System\tlnvvIu.exe
  2⤵
  PID:2348
- C:\Windows\System\eRrwUEh.exe
  C:\Windows\System\eRrwUEh.exe
  2⤵
  PID:2876
- C:\Windows\System\pYUtwaD.exe
  C:\Windows\System\pYUtwaD.exe
  2⤵
  PID:2744
- C:\Windows\System\oHTuKPH.exe
  C:\Windows\System\oHTuKPH.exe
  2⤵
  PID:2688
- C:\Windows\System\oayKPtk.exe
  C:\Windows\System\oayKPtk.exe
  2⤵
  PID:2716
- C:\Windows\System\IVPNeNA.exe
  C:\Windows\System\IVPNeNA.exe
  2⤵
  PID:2548
- C:\Windows\System\BfbWKCJ.exe
  C:\Windows\System\BfbWKCJ.exe
  2⤵
  PID:1568
- C:\Windows\System\uUpTlqn.exe
  C:\Windows\System\uUpTlqn.exe
  2⤵
  PID:3060
- C:\Windows\System\BfvKQqB.exe
  C:\Windows\System\BfvKQqB.exe
  2⤵
  PID:1020
- C:\Windows\System\OzLTBvH.exe
  C:\Windows\System\OzLTBvH.exe
  2⤵
  PID:3020
- C:\Windows\System\JqkPTfB.exe
  C:\Windows\System\JqkPTfB.exe
  2⤵
  PID:2356
- C:\Windows\System\SEIarcq.exe
  C:\Windows\System\SEIarcq.exe
  2⤵
  PID:1584
- C:\Windows\System\lMtAlDU.exe
  C:\Windows\System\lMtAlDU.exe
  2⤵
  PID:3024
- C:\Windows\System\zIdnsbT.exe
  C:\Windows\System\zIdnsbT.exe
  2⤵
  PID:2812
- C:\Windows\System\jmxHudf.exe
  C:\Windows\System\jmxHudf.exe
  2⤵
  PID:2280
- C:\Windows\System\PsdVIxk.exe
  C:\Windows\System\PsdVIxk.exe
  2⤵
  PID:1756
- C:\Windows\System\kOqwyRY.exe
  C:\Windows\System\kOqwyRY.exe
  2⤵
  PID:960
- C:\Windows\System\tVtmymG.exe
  C:\Windows\System\tVtmymG.exe
  2⤵
  PID:1940
- C:\Windows\System\ofDqKpY.exe
  C:\Windows\System\ofDqKpY.exe
  2⤵
  PID:2728
- C:\Windows\System\MjYIoCQ.exe
  C:\Windows\System\MjYIoCQ.exe
  2⤵
  PID:2176
- C:\Windows\System\fyOGJzq.exe
  C:\Windows\System\fyOGJzq.exe
  2⤵
  PID:2860
- C:\Windows\System\mzZwDYS.exe
  C:\Windows\System\mzZwDYS.exe
  2⤵
  PID:892
- C:\Windows\System\nDSgoud.exe
  C:\Windows\System\nDSgoud.exe
  2⤵
  PID:2680
- C:\Windows\System\zYHJajV.exe
  C:\Windows\System\zYHJajV.exe
  2⤵
  PID:944
- C:\Windows\System\QQBNqKG.exe
  C:\Windows\System\QQBNqKG.exe
  2⤵
  PID:2412
- C:\Windows\System\qiAXGsG.exe
  C:\Windows\System\qiAXGsG.exe
  2⤵
  PID:2956
- C:\Windows\System\EOZoIWb.exe
  C:\Windows\System\EOZoIWb.exe
  2⤵
  PID:1784
- C:\Windows\System\oARiGdm.exe
  C:\Windows\System\oARiGdm.exe
  2⤵
  PID:2740
- C:\Windows\System\USEYgRw.exe
  C:\Windows\System\USEYgRw.exe
  2⤵
  PID:776
- C:\Windows\System\OkwJPMf.exe
  C:\Windows\System\OkwJPMf.exe
  2⤵
  PID:2880
- C:\Windows\System\hwGgULt.exe
  C:\Windows\System\hwGgULt.exe
  2⤵
  PID:1872
- C:\Windows\System\volWOhl.exe
  C:\Windows\System\volWOhl.exe
  2⤵
  PID:3044
- C:\Windows\System\wGiCYuF.exe
  C:\Windows\System\wGiCYuF.exe
  2⤵
  PID:3088
- C:\Windows\System\VMhYjqq.exe
  C:\Windows\System\VMhYjqq.exe
  2⤵
  PID:3108
- C:\Windows\System\OocdEqy.exe
  C:\Windows\System\OocdEqy.exe
  2⤵
  PID:3124
- C:\Windows\System\umjpiEI.exe
  C:\Windows\System\umjpiEI.exe
  2⤵
  PID:3140
- C:\Windows\System\riCElUM.exe
  C:\Windows\System\riCElUM.exe
  2⤵
  PID:3176
- C:\Windows\System\HCpNssO.exe
  C:\Windows\System\HCpNssO.exe
  2⤵
  PID:3192
- C:\Windows\System\nyWmEvG.exe
  C:\Windows\System\nyWmEvG.exe
  2⤵
  PID:3212
- C:\Windows\System\gWwsKjv.exe
  C:\Windows\System\gWwsKjv.exe
  2⤵
  PID:3236
- C:\Windows\System\oovjpUE.exe
  C:\Windows\System\oovjpUE.exe
  2⤵
  PID:3256
- C:\Windows\System\JPdXbKA.exe
  C:\Windows\System\JPdXbKA.exe
  2⤵
  PID:3276
- C:\Windows\System\HXjawml.exe
  C:\Windows\System\HXjawml.exe
  2⤵
  PID:3292
- C:\Windows\System\WUHArLa.exe
  C:\Windows\System\WUHArLa.exe
  2⤵
  PID:3308
- C:\Windows\System\kLohsWE.exe
  C:\Windows\System\kLohsWE.exe
  2⤵
  PID:3332
- C:\Windows\System\CRnXmEq.exe
  C:\Windows\System\CRnXmEq.exe
  2⤵
  PID:3348
- C:\Windows\System\PFpqwyA.exe
  C:\Windows\System\PFpqwyA.exe
  2⤵
  PID:3364
- C:\Windows\System\PKWinib.exe
  C:\Windows\System\PKWinib.exe
  2⤵
  PID:3380
- C:\Windows\System\wpzYmFR.exe
  C:\Windows\System\wpzYmFR.exe
  2⤵
  PID:3396
- C:\Windows\System\syIJDTj.exe
  C:\Windows\System\syIJDTj.exe
  2⤵
  PID:3412
- C:\Windows\System\mXKpQiu.exe
  C:\Windows\System\mXKpQiu.exe
  2⤵
  PID:3444
- C:\Windows\System\HdpWixJ.exe
  C:\Windows\System\HdpWixJ.exe
  2⤵
  PID:3460
- C:\Windows\System\fVOxOZZ.exe
  C:\Windows\System\fVOxOZZ.exe
  2⤵
  PID:3476
- C:\Windows\System\VNIGZUV.exe
  C:\Windows\System\VNIGZUV.exe
  2⤵
  PID:3496
- C:\Windows\System\kSTcyfc.exe
  C:\Windows\System\kSTcyfc.exe
  2⤵
  PID:3544
- C:\Windows\System\VfARbjG.exe
  C:\Windows\System\VfARbjG.exe
  2⤵
  PID:3564
- C:\Windows\System\TJTCDhf.exe
  C:\Windows\System\TJTCDhf.exe
  2⤵
  PID:3580
- C:\Windows\System\qytnWUS.exe
  C:\Windows\System\qytnWUS.exe
  2⤵
  PID:3596
- C:\Windows\System\zIfWMjV.exe
  C:\Windows\System\zIfWMjV.exe
  2⤵
  PID:3616
- C:\Windows\System\TLkOLXo.exe
  C:\Windows\System\TLkOLXo.exe
  2⤵
  PID:3644
- C:\Windows\System\LExulUK.exe
  C:\Windows\System\LExulUK.exe
  2⤵
  PID:3664
- C:\Windows\System\vVWmEyR.exe
  C:\Windows\System\vVWmEyR.exe
  2⤵
  PID:3680
- C:\Windows\System\VPJyHYy.exe
  C:\Windows\System\VPJyHYy.exe
  2⤵
  PID:3700
- C:\Windows\System\yPLJmGN.exe
  C:\Windows\System\yPLJmGN.exe
  2⤵
  PID:3716
- C:\Windows\System\sousoKD.exe
  C:\Windows\System\sousoKD.exe
  2⤵
  PID:3732
- C:\Windows\System\ovXAJoG.exe
  C:\Windows\System\ovXAJoG.exe
  2⤵
  PID:3752
- C:\Windows\System\EvdBbOZ.exe
  C:\Windows\System\EvdBbOZ.exe
  2⤵
  PID:3776
- C:\Windows\System\qqdWqou.exe
  C:\Windows\System\qqdWqou.exe
  2⤵
  PID:3796
- C:\Windows\System\aRrgFrL.exe
  C:\Windows\System\aRrgFrL.exe
  2⤵
  PID:3816
- C:\Windows\System\VkyMWgp.exe
  C:\Windows\System\VkyMWgp.exe
  2⤵
  PID:3840
- C:\Windows\System\ydlNVQN.exe
  C:\Windows\System\ydlNVQN.exe
  2⤵
  PID:3856
- C:\Windows\System\yNwVpHh.exe
  C:\Windows\System\yNwVpHh.exe
  2⤵
  PID:3876
- C:\Windows\System\OfotnBI.exe
  C:\Windows\System\OfotnBI.exe
  2⤵
  PID:3892
- C:\Windows\System\gmamwly.exe
  C:\Windows\System\gmamwly.exe
  2⤵
  PID:3908
- C:\Windows\System\yZPaYrU.exe
  C:\Windows\System\yZPaYrU.exe
  2⤵
  PID:3928
- C:\Windows\System\ajNguxs.exe
  C:\Windows\System\ajNguxs.exe
  2⤵
  PID:3944
- C:\Windows\System\FgwZjRB.exe
  C:\Windows\System\FgwZjRB.exe
  2⤵
  PID:3972
- C:\Windows\System\vyPdUtu.exe
  C:\Windows\System\vyPdUtu.exe
  2⤵
  PID:3988
- C:\Windows\System\SzvafGv.exe
  C:\Windows\System\SzvafGv.exe
  2⤵
  PID:4028
- C:\Windows\System\fXblBRN.exe
  C:\Windows\System\fXblBRN.exe
  2⤵
  PID:4044
- C:\Windows\System\YXbiwtL.exe
  C:\Windows\System\YXbiwtL.exe
  2⤵
  PID:4060
- C:\Windows\System\BxYEtOR.exe
  C:\Windows\System\BxYEtOR.exe
  2⤵
  PID:4080
- C:\Windows\System\gxyYAEV.exe
  C:\Windows\System\gxyYAEV.exe
  2⤵
  PID:3096
- C:\Windows\System\dqZnexR.exe
  C:\Windows\System\dqZnexR.exe
  2⤵
  PID:3132
- C:\Windows\System\ixZzEMJ.exe
  C:\Windows\System\ixZzEMJ.exe
  2⤵
  PID:832
- C:\Windows\System\lNpKDmn.exe
  C:\Windows\System\lNpKDmn.exe
  2⤵
  PID:3004
- C:\Windows\System\DUnRoDk.exe
  C:\Windows\System\DUnRoDk.exe
  2⤵
  PID:3220
- C:\Windows\System\kjXsdPD.exe
  C:\Windows\System\kjXsdPD.exe
  2⤵
  PID:3232
- C:\Windows\System\VaFuqwv.exe
  C:\Windows\System\VaFuqwv.exe
  2⤵
  PID:3160
- C:\Windows\System\GXgDJVy.exe
  C:\Windows\System\GXgDJVy.exe
  2⤵
  PID:3200
- C:\Windows\System\gWgQIQw.exe
  C:\Windows\System\gWgQIQw.exe
  2⤵
  PID:3252
- C:\Windows\System\TfrvAiu.exe
  C:\Windows\System\TfrvAiu.exe
  2⤵
  PID:3268
- C:\Windows\System\nDaVrdG.exe
  C:\Windows\System\nDaVrdG.exe
  2⤵
  PID:3404
- C:\Windows\System\jEjonhF.exe
  C:\Windows\System\jEjonhF.exe
  2⤵
  PID:3324
- C:\Windows\System\eqiQSGy.exe
  C:\Windows\System\eqiQSGy.exe
  2⤵
  PID:3392
- C:\Windows\System\gLpwTMi.exe
  C:\Windows\System\gLpwTMi.exe
  2⤵
  PID:3408
- C:\Windows\System\QjXTUru.exe
  C:\Windows\System\QjXTUru.exe
  2⤵
  PID:3432
- C:\Windows\System\PZlOJbl.exe
  C:\Windows\System\PZlOJbl.exe
  2⤵
  PID:3472
- C:\Windows\System\AiJzzDA.exe
  C:\Windows\System\AiJzzDA.exe
  2⤵
  PID:3528
- C:\Windows\System\Qtanzdl.exe
  C:\Windows\System\Qtanzdl.exe
  2⤵
  PID:3560
- C:\Windows\System\yGtFhgV.exe
  C:\Windows\System\yGtFhgV.exe
  2⤵
  PID:3592
- C:\Windows\System\FalruUJ.exe
  C:\Windows\System\FalruUJ.exe
  2⤵
  PID:3608
- C:\Windows\System\dkVLUKw.exe
  C:\Windows\System\dkVLUKw.exe
  2⤵
  PID:928
- C:\Windows\System\cJPCHEe.exe
  C:\Windows\System\cJPCHEe.exe
  2⤵
  PID:3652
- C:\Windows\System\PPopkoR.exe
  C:\Windows\System\PPopkoR.exe
  2⤵
  PID:3676
- C:\Windows\System\ekqjVDb.exe
  C:\Windows\System\ekqjVDb.exe
  2⤵
  PID:3692
- C:\Windows\System\tmkBkMu.exe
  C:\Windows\System\tmkBkMu.exe
  2⤵
  PID:3788
- C:\Windows\System\cNnSWDT.exe
  C:\Windows\System\cNnSWDT.exe
  2⤵
  PID:3772
- C:\Windows\System\YhbYOYJ.exe
  C:\Windows\System\YhbYOYJ.exe
  2⤵
  PID:3836
- C:\Windows\System\eWJNCda.exe
  C:\Windows\System\eWJNCda.exe
  2⤵
  PID:3872
- C:\Windows\System\kzZtwST.exe
  C:\Windows\System\kzZtwST.exe
  2⤵
  PID:3848
- C:\Windows\System\IDORiEL.exe
  C:\Windows\System\IDORiEL.exe
  2⤵
  PID:3956
- C:\Windows\System\TUrKDAn.exe
  C:\Windows\System\TUrKDAn.exe
  2⤵
  PID:4040
- C:\Windows\System\dKzlXDr.exe
  C:\Windows\System\dKzlXDr.exe
  2⤵
  PID:3996
- C:\Windows\System\Kopwyhj.exe
  C:\Windows\System\Kopwyhj.exe
  2⤵
  PID:4012
- C:\Windows\System\IbjCtWn.exe
  C:\Windows\System\IbjCtWn.exe
  2⤵
  PID:3188
- C:\Windows\System\kFPEnEz.exe
  C:\Windows\System\kFPEnEz.exe
  2⤵
  PID:3148
- C:\Windows\System\RAejLQc.exe
  C:\Windows\System\RAejLQc.exe
  2⤵
  PID:3224
- C:\Windows\System\BzVormw.exe
  C:\Windows\System\BzVormw.exe
  2⤵
  PID:3300
- C:\Windows\System\FFPtHSA.exe
  C:\Windows\System\FFPtHSA.exe
  2⤵
  PID:3340
- C:\Windows\System\gzXVcsJ.exe
  C:\Windows\System\gzXVcsJ.exe
  2⤵
  PID:3452
- C:\Windows\System\QNtcpby.exe
  C:\Windows\System\QNtcpby.exe
  2⤵
  PID:3468
- C:\Windows\System\sNodZbg.exe
  C:\Windows\System\sNodZbg.exe
  2⤵
  PID:3576
- C:\Windows\System\VUwQAns.exe
  C:\Windows\System\VUwQAns.exe
  2⤵
  PID:3696
- C:\Windows\System\aHzRoPw.exe
  C:\Windows\System\aHzRoPw.exe
  2⤵
  PID:3360
- C:\Windows\System\TdwaPXo.exe
  C:\Windows\System\TdwaPXo.exe
  2⤵
  PID:3524
- C:\Windows\System\oHAvRiu.exe
  C:\Windows\System\oHAvRiu.exe
  2⤵
  PID:3640
- C:\Windows\System\wnpDhcN.exe
  C:\Windows\System\wnpDhcN.exe
  2⤵
  PID:3760
- C:\Windows\System\GXmNLds.exe
  C:\Windows\System\GXmNLds.exe
  2⤵
  PID:3784
- C:\Windows\System\NszIIGq.exe
  C:\Windows\System\NszIIGq.exe
  2⤵
  PID:3832
- C:\Windows\System\mgybmDM.exe
  C:\Windows\System\mgybmDM.exe
  2⤵
  PID:3808
- C:\Windows\System\pahClyc.exe
  C:\Windows\System\pahClyc.exe
  2⤵
  PID:3916
- C:\Windows\System\LOgEIsz.exe
  C:\Windows\System\LOgEIsz.exe
  2⤵
  PID:4008
- C:\Windows\System\otzKOqf.exe
  C:\Windows\System\otzKOqf.exe
  2⤵
  PID:4052
- C:\Windows\System\XCcpNkt.exe
  C:\Windows\System\XCcpNkt.exe
  2⤵
  PID:3964
- C:\Windows\System\dTqVOHF.exe
  C:\Windows\System\dTqVOHF.exe
  2⤵
  PID:4092
- C:\Windows\System\BaWNXhq.exe
  C:\Windows\System\BaWNXhq.exe
  2⤵
  PID:1992
- C:\Windows\System\PthalQd.exe
  C:\Windows\System\PthalQd.exe
  2⤵
  PID:2708
- C:\Windows\System\ddKUGnc.exe
  C:\Windows\System\ddKUGnc.exe
  2⤵
  PID:3116
- C:\Windows\System\BGAanQt.exe
  C:\Windows\System\BGAanQt.exe
  2⤵
  PID:1148
- C:\Windows\System\saMOFrL.exe
  C:\Windows\System\saMOFrL.exe
  2⤵
  PID:3284
- C:\Windows\System\dqgFJeq.exe
  C:\Windows\System\dqgFJeq.exe
  2⤵
  PID:1476
- C:\Windows\System\pnGqjta.exe
  C:\Windows\System\pnGqjta.exe
  2⤵
  PID:3456
- C:\Windows\System\ZkRPelH.exe
  C:\Windows\System\ZkRPelH.exe
  2⤵
  PID:3632
- C:\Windows\System\AYedQnl.exe
  C:\Windows\System\AYedQnl.exe
  2⤵
  PID:3504
- C:\Windows\System\KhAfFOy.exe
  C:\Windows\System\KhAfFOy.exe
  2⤵
  PID:3740
- C:\Windows\System\WsbJCDf.exe
  C:\Windows\System\WsbJCDf.exe
  2⤵
  PID:3984
- C:\Windows\System\nUgFbPp.exe
  C:\Windows\System\nUgFbPp.exe
  2⤵
  PID:3940
- C:\Windows\System\AtjSbVR.exe
  C:\Windows\System\AtjSbVR.exe
  2⤵
  PID:3968
- C:\Windows\System\ZGsWrgY.exe
  C:\Windows\System\ZGsWrgY.exe
  2⤵
  PID:3888
- C:\Windows\System\wsGvOHG.exe
  C:\Windows\System\wsGvOHG.exe
  2⤵
  PID:1972
- C:\Windows\System\THCNVyq.exe
  C:\Windows\System\THCNVyq.exe
  2⤵
  PID:2368
- C:\Windows\System\jEWQkcK.exe
  C:\Windows\System\jEWQkcK.exe
  2⤵
  PID:2760
- C:\Windows\System\DcmIrWd.exe
  C:\Windows\System\DcmIrWd.exe
  2⤵
  PID:3288
- C:\Windows\System\bkzeUqG.exe
  C:\Windows\System\bkzeUqG.exe
  2⤵
  PID:3104
- C:\Windows\System\TKCNIta.exe
  C:\Windows\System\TKCNIta.exe
  2⤵
  PID:3508
- C:\Windows\System\oJIJvfV.exe
  C:\Windows\System\oJIJvfV.exe
  2⤵
  PID:3628
- C:\Windows\System\efEKOKc.exe
  C:\Windows\System\efEKOKc.exe
  2⤵
  PID:3556
- C:\Windows\System\XtsCmDy.exe
  C:\Windows\System\XtsCmDy.exe
  2⤵
  PID:3516
- C:\Windows\System\zvkCwQV.exe
  C:\Windows\System\zvkCwQV.exe
  2⤵
  PID:2476
- C:\Windows\System\ZPiIKhW.exe
  C:\Windows\System\ZPiIKhW.exe
  2⤵
  PID:3884
- C:\Windows\System\gCWRdRq.exe
  C:\Windows\System\gCWRdRq.exe
  2⤵
  PID:3244
- C:\Windows\System\diRLivs.exe
  C:\Windows\System\diRLivs.exe
  2⤵
  PID:1124
- C:\Windows\System\vMOCHMd.exe
  C:\Windows\System\vMOCHMd.exe
  2⤵
  PID:3764
- C:\Windows\System\MYLsqrH.exe
  C:\Windows\System\MYLsqrH.exe
  2⤵
  PID:3768
- C:\Windows\System\VksQsFF.exe
  C:\Windows\System\VksQsFF.exe
  2⤵
  PID:3536
- C:\Windows\System\iZYVNnR.exe
  C:\Windows\System\iZYVNnR.exe
  2⤵
  PID:4072
- C:\Windows\System\uOxvHcG.exe
  C:\Windows\System\uOxvHcG.exe
  2⤵
  PID:2508
- C:\Windows\System\RKGLGlA.exe
  C:\Windows\System\RKGLGlA.exe
  2⤵
  PID:3728
- C:\Windows\System\axUXxZA.exe
  C:\Windows\System\axUXxZA.exe
  2⤵
  PID:3924
- C:\Windows\System\JTkugiU.exe
  C:\Windows\System\JTkugiU.exe
  2⤵
  PID:3424
- C:\Windows\System\iyUdqoE.exe
  C:\Windows\System\iyUdqoE.exe
  2⤵
  PID:2792
- C:\Windows\System\aemOBGg.exe
  C:\Windows\System\aemOBGg.exe
  2⤵
  PID:976
- C:\Windows\System\LxxXPjS.exe
  C:\Windows\System\LxxXPjS.exe
  2⤵
  PID:3172
- C:\Windows\System\dJbybrS.exe
  C:\Windows\System\dJbybrS.exe
  2⤵
  PID:4100
- C:\Windows\System\jtVzVJj.exe
  C:\Windows\System\jtVzVJj.exe
  2⤵
  PID:4120
- C:\Windows\System\hKshCpE.exe
  C:\Windows\System\hKshCpE.exe
  2⤵
  PID:4156
- C:\Windows\System\qODOope.exe
  C:\Windows\System\qODOope.exe
  2⤵
  PID:4180
- C:\Windows\System\POqGsAu.exe
  C:\Windows\System\POqGsAu.exe
  2⤵
  PID:4196
- C:\Windows\System\GdaPDAd.exe
  C:\Windows\System\GdaPDAd.exe
  2⤵
  PID:4212
- C:\Windows\System\eSnvIjN.exe
  C:\Windows\System\eSnvIjN.exe
  2⤵
  PID:4228
- C:\Windows\System\XSjKpUg.exe
  C:\Windows\System\XSjKpUg.exe
  2⤵
  PID:4256
- C:\Windows\System\xXMcimk.exe
  C:\Windows\System\xXMcimk.exe
  2⤵
  PID:4272
- C:\Windows\System\ToWAHRw.exe
  C:\Windows\System\ToWAHRw.exe
  2⤵
  PID:4288
- C:\Windows\System\NJlmjVf.exe
  C:\Windows\System\NJlmjVf.exe
  2⤵
  PID:4308
- C:\Windows\System\bwBpBco.exe
  C:\Windows\System\bwBpBco.exe
  2⤵
  PID:4328
- C:\Windows\System\AXQTrOx.exe
  C:\Windows\System\AXQTrOx.exe
  2⤵
  PID:4344
- C:\Windows\System\ORKiHAb.exe
  C:\Windows\System\ORKiHAb.exe
  2⤵
  PID:4364
- C:\Windows\System\yQlmImg.exe
  C:\Windows\System\yQlmImg.exe
  2⤵
  PID:4384
- C:\Windows\System\gKlZLbY.exe
  C:\Windows\System\gKlZLbY.exe
  2⤵
  PID:4404
- C:\Windows\System\XDowgGN.exe
  C:\Windows\System\XDowgGN.exe
  2⤵
  PID:4424
- C:\Windows\System\VQOEARm.exe
  C:\Windows\System\VQOEARm.exe
  2⤵
  PID:4440
- C:\Windows\System\glnEtOg.exe
  C:\Windows\System\glnEtOg.exe
  2⤵
  PID:4456
- C:\Windows\System\vpZdpll.exe
  C:\Windows\System\vpZdpll.exe
  2⤵
  PID:4488
- C:\Windows\System\FnSNVSw.exe
  C:\Windows\System\FnSNVSw.exe
  2⤵
  PID:4508
- C:\Windows\System\vQhjOBC.exe
  C:\Windows\System\vQhjOBC.exe
  2⤵
  PID:4524
- C:\Windows\System\VxrDbVY.exe
  C:\Windows\System\VxrDbVY.exe
  2⤵
  PID:4540
- C:\Windows\System\BggiyQZ.exe
  C:\Windows\System\BggiyQZ.exe
  2⤵
  PID:4556
- C:\Windows\System\NvZlsqw.exe
  C:\Windows\System\NvZlsqw.exe
  2⤵
  PID:4576
- C:\Windows\System\ePvvnza.exe
  C:\Windows\System\ePvvnza.exe
  2⤵
  PID:4596
- C:\Windows\System\HhhpBnD.exe
  C:\Windows\System\HhhpBnD.exe
  2⤵
  PID:4616
- C:\Windows\System\xgeikZK.exe
  C:\Windows\System\xgeikZK.exe
  2⤵
  PID:4636
- C:\Windows\System\OrjtIXc.exe
  C:\Windows\System\OrjtIXc.exe
  2⤵
  PID:4680
- C:\Windows\System\RpsROUx.exe
  C:\Windows\System\RpsROUx.exe
  2⤵
  PID:4704
- C:\Windows\System\FdqVEVy.exe
  C:\Windows\System\FdqVEVy.exe
  2⤵
  PID:4720
- C:\Windows\System\eHsrNbj.exe
  C:\Windows\System\eHsrNbj.exe
  2⤵
  PID:4736
- C:\Windows\System\drvjkNU.exe
  C:\Windows\System\drvjkNU.exe
  2⤵
  PID:4756
- C:\Windows\System\BHxMDwH.exe
  C:\Windows\System\BHxMDwH.exe
  2⤵
  PID:4780
- C:\Windows\System\lUxESeG.exe
  C:\Windows\System\lUxESeG.exe
  2⤵
  PID:4796
- C:\Windows\System\nNZiEFX.exe
  C:\Windows\System\nNZiEFX.exe
  2⤵
  PID:4812
- C:\Windows\System\rFsEEKH.exe
  C:\Windows\System\rFsEEKH.exe
  2⤵
  PID:4836
- C:\Windows\System\QVghheI.exe
  C:\Windows\System\QVghheI.exe
  2⤵
  PID:4864
- C:\Windows\System\YjRDWaD.exe
  C:\Windows\System\YjRDWaD.exe
  2⤵
  PID:4880
- C:\Windows\System\sEHkXqP.exe
  C:\Windows\System\sEHkXqP.exe
  2⤵
  PID:4896
- C:\Windows\System\MsVKaHO.exe
  C:\Windows\System\MsVKaHO.exe
  2⤵
  PID:4912
- C:\Windows\System\tZQhFJa.exe
  C:\Windows\System\tZQhFJa.exe
  2⤵
  PID:4928
- C:\Windows\System\MaRiUih.exe
  C:\Windows\System\MaRiUih.exe
  2⤵
  PID:4948
- C:\Windows\System\UYhajaX.exe
  C:\Windows\System\UYhajaX.exe
  2⤵
  PID:4968
- C:\Windows\System\gjcbwDp.exe
  C:\Windows\System\gjcbwDp.exe
  2⤵
  PID:4988
- C:\Windows\System\Txqbalt.exe
  C:\Windows\System\Txqbalt.exe
  2⤵
  PID:5024
- C:\Windows\System\nAhMbSd.exe
  C:\Windows\System\nAhMbSd.exe
  2⤵
  PID:2936
- C:\Windows\System\jCFatqh.exe
  C:\Windows\System\jCFatqh.exe
  2⤵
  PID:4132
- C:\Windows\System\MCCzBCt.exe
  C:\Windows\System\MCCzBCt.exe
  2⤵
  PID:2912
- C:\Windows\System\NmOtZLk.exe
  C:\Windows\System\NmOtZLk.exe
  2⤵
  PID:4112
- C:\Windows\System\hztLbFS.exe
  C:\Windows\System\hztLbFS.exe
  2⤵
  PID:4168
- C:\Windows\System\inBYftX.exe
  C:\Windows\System\inBYftX.exe
  2⤵
  PID:4144
- C:\Windows\System\MjFmhaQ.exe
  C:\Windows\System\MjFmhaQ.exe
  2⤵
  PID:4236
- C:\Windows\System\WqPaxBf.exe
  C:\Windows\System\WqPaxBf.exe
  2⤵
  PID:4248
- C:\Windows\System\LoErflf.exe
  C:\Windows\System\LoErflf.exe
  2⤵
  PID:4280
- C:\Windows\System\oXjvmwb.exe
  C:\Windows\System\oXjvmwb.exe
  2⤵
  PID:4316
- C:\Windows\System\wulMdhG.exe
  C:\Windows\System\wulMdhG.exe
  2⤵
  PID:4320
- C:\Windows\System\ChGnskH.exe
  C:\Windows\System\ChGnskH.exe
  2⤵
  PID:4432
- C:\Windows\System\DBitxAb.exe
  C:\Windows\System\DBitxAb.exe
  2⤵
  PID:4468
- C:\Windows\System\nBLsItJ.exe
  C:\Windows\System\nBLsItJ.exe
  2⤵
  PID:4268
- C:\Windows\System\DejOQPo.exe
  C:\Windows\System\DejOQPo.exe
  2⤵
  PID:4448
- C:\Windows\System\ILSoFHf.exe
  C:\Windows\System\ILSoFHf.exe
  2⤵
  PID:4516
- C:\Windows\System\OwHCkjP.exe
  C:\Windows\System\OwHCkjP.exe
  2⤵
  PID:4588
- C:\Windows\System\elUvvsc.exe
  C:\Windows\System\elUvvsc.exe
  2⤵
  PID:4584
- C:\Windows\System\PvSrAfA.exe
  C:\Windows\System\PvSrAfA.exe
  2⤵
  PID:4564
- C:\Windows\System\gALDgWJ.exe
  C:\Windows\System\gALDgWJ.exe
  2⤵
  PID:4500
- C:\Windows\System\ooSRXzt.exe
  C:\Windows\System\ooSRXzt.exe
  2⤵
  PID:4536
- C:\Windows\System\LmZIokh.exe
  C:\Windows\System\LmZIokh.exe
  2⤵
  PID:4664
- C:\Windows\System\OxGiOSq.exe
  C:\Windows\System\OxGiOSq.exe
  2⤵
  PID:4688
- C:\Windows\System\fCqZmct.exe
  C:\Windows\System\fCqZmct.exe
  2⤵
  PID:4696
- C:\Windows\System\TpWfdah.exe
  C:\Windows\System\TpWfdah.exe
  2⤵
  PID:1952
- C:\Windows\System\CwrYwkO.exe
  C:\Windows\System\CwrYwkO.exe
  2⤵
  PID:4744
- C:\Windows\System\yrphrPW.exe
  C:\Windows\System\yrphrPW.exe
  2⤵
  PID:4776
- C:\Windows\System\IxLRfcM.exe
  C:\Windows\System\IxLRfcM.exe
  2⤵
  PID:4808
- C:\Windows\System\rzkOYXf.exe
  C:\Windows\System\rzkOYXf.exe
  2⤵
  PID:4792
- C:\Windows\System\NSiHwKW.exe
  C:\Windows\System\NSiHwKW.exe
  2⤵
  PID:4832
- C:\Windows\System\GHHvpRT.exe
  C:\Windows\System\GHHvpRT.exe
  2⤵
  PID:4888
- C:\Windows\System\UqoYwIW.exe
  C:\Windows\System\UqoYwIW.exe
  2⤵
  PID:4960
- C:\Windows\System\kyFifsh.exe
  C:\Windows\System\kyFifsh.exe
  2⤵
  PID:5000
- C:\Windows\System\AlNbiPV.exe
  C:\Windows\System\AlNbiPV.exe
  2⤵
  PID:4904
- C:\Windows\System\vqNWZUQ.exe
  C:\Windows\System\vqNWZUQ.exe
  2⤵
  PID:4964
- C:\Windows\System\PPtTXOE.exe
  C:\Windows\System\PPtTXOE.exe
  2⤵
  PID:5032
- C:\Windows\System\TOVOAVo.exe
  C:\Windows\System\TOVOAVo.exe
  2⤵
  PID:5036
- C:\Windows\System\pJUroRP.exe
  C:\Windows\System\pJUroRP.exe
  2⤵
  PID:5052
- C:\Windows\System\XHNtdip.exe
  C:\Windows\System\XHNtdip.exe
  2⤵
  PID:4000
- C:\Windows\System\aHTdZzy.exe
  C:\Windows\System\aHTdZzy.exe
  2⤵
  PID:1096
- C:\Windows\System\NRycula.exe
  C:\Windows\System\NRycula.exe
  2⤵
  PID:3520
- C:\Windows\System\VMEtzSR.exe
  C:\Windows\System\VMEtzSR.exe
  2⤵
  PID:2192
- C:\Windows\System\CUCuZRS.exe
  C:\Windows\System\CUCuZRS.exe
  2⤵
  PID:2092
- C:\Windows\System\hYwYkOA.exe
  C:\Windows\System\hYwYkOA.exe
  2⤵
  PID:1088
- C:\Windows\System\BXBuCHY.exe
  C:\Windows\System\BXBuCHY.exe
  2⤵
  PID:4400
- C:\Windows\System\YyErBki.exe
  C:\Windows\System\YyErBki.exe
  2⤵
  PID:4264
- C:\Windows\System\FPAEyOf.exe
  C:\Windows\System\FPAEyOf.exe
  2⤵
  PID:4436
- C:\Windows\System\psVVoqI.exe
  C:\Windows\System\psVVoqI.exe
  2⤵
  PID:4296
- C:\Windows\System\QGHafGi.exe
  C:\Windows\System\QGHafGi.exe
  2⤵
  PID:4164
- C:\Windows\System\kazhSgl.exe
  C:\Windows\System\kazhSgl.exe
  2⤵
  PID:4376
- C:\Windows\System\QCkkwfd.exe
  C:\Windows\System\QCkkwfd.exe
  2⤵
  PID:4628
- C:\Windows\System\rPlksjb.exe
  C:\Windows\System\rPlksjb.exe
  2⤵
  PID:872
- C:\Windows\System\aXqQSku.exe
  C:\Windows\System\aXqQSku.exe
  2⤵
  PID:4572
- C:\Windows\System\IFbmVVn.exe
  C:\Windows\System\IFbmVVn.exe
  2⤵
  PID:4656
- C:\Windows\System\xDMNWEb.exe
  C:\Windows\System\xDMNWEb.exe
  2⤵
  PID:4716
- C:\Windows\System\WjlNiXe.exe
  C:\Windows\System\WjlNiXe.exe
  2⤵
  PID:5044
- C:\Windows\System\SfZjtqZ.exe
  C:\Windows\System\SfZjtqZ.exe
  2⤵
  PID:3712
- C:\Windows\System\BrRaLwA.exe
  C:\Windows\System\BrRaLwA.exe
  2⤵
  PID:4108
- C:\Windows\System\tHiJBuS.exe
  C:\Windows\System\tHiJBuS.exe
  2⤵
  PID:4472
- C:\Windows\System\sFdUlXX.exe
  C:\Windows\System\sFdUlXX.exe
  2⤵
  PID:4220
- C:\Windows\System\RvsKiVY.exe
  C:\Windows\System\RvsKiVY.exe
  2⤵
  PID:2800
- C:\Windows\System\cAxUJrY.exe
  C:\Windows\System\cAxUJrY.exe
  2⤵
  PID:4380
- C:\Windows\System\WYhnEUd.exe
  C:\Windows\System\WYhnEUd.exe
  2⤵
  PID:4668
- C:\Windows\System\vwIeuky.exe
  C:\Windows\System\vwIeuky.exe
  2⤵
  PID:4860
- C:\Windows\System\FthpSEv.exe
  C:\Windows\System\FthpSEv.exe
  2⤵
  PID:4956
- C:\Windows\System\eoBphBG.exe
  C:\Windows\System\eoBphBG.exe
  2⤵
  PID:4752
- C:\Windows\System\uTuelfb.exe
  C:\Windows\System\uTuelfb.exe
  2⤵
  PID:4824
- C:\Windows\System\xNXAWVN.exe
  C:\Windows\System\xNXAWVN.exe
  2⤵
  PID:4856
- C:\Windows\System\eHmeKbV.exe
  C:\Windows\System\eHmeKbV.exe
  2⤵
  PID:4944
- C:\Windows\System\QrQVDWv.exe
  C:\Windows\System\QrQVDWv.exe
  2⤵
  PID:4204
- C:\Windows\System\QyYjFRS.exe
  C:\Windows\System\QyYjFRS.exe
  2⤵
  PID:5084
- C:\Windows\System\UtFudjR.exe
  C:\Windows\System\UtFudjR.exe
  2⤵
  PID:4416
- C:\Windows\System\QZkrkUI.exe
  C:\Windows\System\QZkrkUI.exe
  2⤵
  PID:4712
- C:\Windows\System\occlIcd.exe
  C:\Windows\System\occlIcd.exe
  2⤵
  PID:4848
- C:\Windows\System\VyLnXJu.exe
  C:\Windows\System\VyLnXJu.exe
  2⤵
  PID:4632
- C:\Windows\System\kRqmlHa.exe
  C:\Windows\System\kRqmlHa.exe
  2⤵
  PID:4984
- C:\Windows\System\trLxjUV.exe
  C:\Windows\System\trLxjUV.exe
  2⤵
  PID:5012
- C:\Windows\System\QRURAft.exe
  C:\Windows\System\QRURAft.exe
  2⤵
  PID:4464
- C:\Windows\System\kSOIUYQ.exe
  C:\Windows\System\kSOIUYQ.exe
  2⤵
  PID:4920
- C:\Windows\System\KTGodIq.exe
  C:\Windows\System\KTGodIq.exe
  2⤵
  PID:4936
- C:\Windows\System\UrgRucw.exe
  C:\Windows\System\UrgRucw.exe
  2⤵
  PID:4484
- C:\Windows\System\orDtkof.exe
  C:\Windows\System\orDtkof.exe
  2⤵
  PID:5124
- C:\Windows\System\ggWkqYw.exe
  C:\Windows\System\ggWkqYw.exe
  2⤵
  PID:5140
- C:\Windows\System\fZkWXaI.exe
  C:\Windows\System\fZkWXaI.exe
  2⤵
  PID:5164
- C:\Windows\System\eBhtOzo.exe
  C:\Windows\System\eBhtOzo.exe
  2⤵
  PID:5196
- C:\Windows\System\oxwyGpG.exe
  C:\Windows\System\oxwyGpG.exe
  2⤵
  PID:5212
- C:\Windows\System\TPiltYb.exe
  C:\Windows\System\TPiltYb.exe
  2⤵
  PID:5228
- C:\Windows\System\ZfvDEOV.exe
  C:\Windows\System\ZfvDEOV.exe
  2⤵
  PID:5244
- C:\Windows\System\edgLScO.exe
  C:\Windows\System\edgLScO.exe
  2⤵
  PID:5264
- C:\Windows\System\gVLFWDp.exe
  C:\Windows\System\gVLFWDp.exe
  2⤵
  PID:5288
- C:\Windows\System\yeyOjrI.exe
  C:\Windows\System\yeyOjrI.exe
  2⤵
  PID:5304
- C:\Windows\System\vgQWHSS.exe
  C:\Windows\System\vgQWHSS.exe
  2⤵
  PID:5320
- C:\Windows\System\EwsErHf.exe
  C:\Windows\System\EwsErHf.exe
  2⤵
  PID:5340
- C:\Windows\System\YYlxJSy.exe
  C:\Windows\System\YYlxJSy.exe
  2⤵
  PID:5356
- C:\Windows\System\uVdCoMF.exe
  C:\Windows\System\uVdCoMF.exe
  2⤵
  PID:5376
- C:\Windows\System\mqMnfhf.exe
  C:\Windows\System\mqMnfhf.exe
  2⤵
  PID:5400
- C:\Windows\System\pOlxDmn.exe
  C:\Windows\System\pOlxDmn.exe
  2⤵
  PID:5432
- C:\Windows\System\GxdvSCH.exe
  C:\Windows\System\GxdvSCH.exe
  2⤵
  PID:5448
- C:\Windows\System\KBUxcbq.exe
  C:\Windows\System\KBUxcbq.exe
  2⤵
  PID:5480
- C:\Windows\System\AQEsqCH.exe
  C:\Windows\System\AQEsqCH.exe
  2⤵
  PID:5496
- C:\Windows\System\usFpKaG.exe
  C:\Windows\System\usFpKaG.exe
  2⤵
  PID:5512
- C:\Windows\System\bhYZZQJ.exe
  C:\Windows\System\bhYZZQJ.exe
  2⤵
  PID:5528
- C:\Windows\System\zdAkIVP.exe
  C:\Windows\System\zdAkIVP.exe
  2⤵
  PID:5544
- C:\Windows\System\JsdUOuy.exe
  C:\Windows\System\JsdUOuy.exe
  2⤵
  PID:5564
- C:\Windows\System\UvAsxNJ.exe
  C:\Windows\System\UvAsxNJ.exe
  2⤵
  PID:5580
- C:\Windows\System\WyjmnDG.exe
  C:\Windows\System\WyjmnDG.exe
  2⤵
  PID:5596
- C:\Windows\System\AMdvDJg.exe
  C:\Windows\System\AMdvDJg.exe
  2⤵
  PID:5612
- C:\Windows\System\CDPUVxj.exe
  C:\Windows\System\CDPUVxj.exe
  2⤵
  PID:5628
- C:\Windows\System\UVzIdUj.exe
  C:\Windows\System\UVzIdUj.exe
  2⤵
  PID:5648
- C:\Windows\System\XQzdgEC.exe
  C:\Windows\System\XQzdgEC.exe
  2⤵
  PID:5664
- C:\Windows\System\SgYWFxO.exe
  C:\Windows\System\SgYWFxO.exe
  2⤵
  PID:5680
- C:\Windows\System\ROrhwFO.exe
  C:\Windows\System\ROrhwFO.exe
  2⤵
  PID:5696
- C:\Windows\System\NkvKibv.exe
  C:\Windows\System\NkvKibv.exe
  2⤵
  PID:5716
- C:\Windows\System\ZndhWIF.exe
  C:\Windows\System\ZndhWIF.exe
  2⤵
  PID:5732
- C:\Windows\System\PhjWazm.exe
  C:\Windows\System\PhjWazm.exe
  2⤵
  PID:5748
- C:\Windows\System\bZYKCVo.exe
  C:\Windows\System\bZYKCVo.exe
  2⤵
  PID:5764
- C:\Windows\System\iDvUIaN.exe
  C:\Windows\System\iDvUIaN.exe
  2⤵
  PID:5780
- C:\Windows\System\NovDDTS.exe
  C:\Windows\System\NovDDTS.exe
  2⤵
  PID:5800
- C:\Windows\System\FXvCNGV.exe
  C:\Windows\System\FXvCNGV.exe
  2⤵
  PID:5816
- C:\Windows\System\YvTFRln.exe
  C:\Windows\System\YvTFRln.exe
  2⤵
  PID:5832
- C:\Windows\System\yMNecuJ.exe
  C:\Windows\System\yMNecuJ.exe
  2⤵
  PID:5848
- C:\Windows\System\shheAJd.exe
  C:\Windows\System\shheAJd.exe
  2⤵
  PID:5864
- C:\Windows\System\OXkQdKZ.exe
  C:\Windows\System\OXkQdKZ.exe
  2⤵
  PID:5880
- C:\Windows\System\eatqlBu.exe
  C:\Windows\System\eatqlBu.exe
  2⤵
  PID:5900
- C:\Windows\System\PoNtSFt.exe
  C:\Windows\System\PoNtSFt.exe
  2⤵
  PID:5916
- C:\Windows\System\FMuXsqo.exe
  C:\Windows\System\FMuXsqo.exe
  2⤵
  PID:5932
- C:\Windows\System\bvgFItH.exe
  C:\Windows\System\bvgFItH.exe
  2⤵
  PID:5948
- C:\Windows\System\fCCBgnT.exe
  C:\Windows\System\fCCBgnT.exe
  2⤵
  PID:6020
- C:\Windows\System\IgEBeSp.exe
  C:\Windows\System\IgEBeSp.exe
  2⤵
  PID:6036
- C:\Windows\System\TXUyhhJ.exe
  C:\Windows\System\TXUyhhJ.exe
  2⤵
  PID:6052
- C:\Windows\System\fgHxXRg.exe
  C:\Windows\System\fgHxXRg.exe
  2⤵
  PID:6068
- C:\Windows\System\iHoZjUb.exe
  C:\Windows\System\iHoZjUb.exe
  2⤵
  PID:6084
- C:\Windows\System\feglOSb.exe
  C:\Windows\System\feglOSb.exe
  2⤵
  PID:6140
- C:\Windows\System\nrtpqaN.exe
  C:\Windows\System\nrtpqaN.exe
  2⤵
  PID:5152
- C:\Windows\System\rTJPsAx.exe
  C:\Windows\System\rTJPsAx.exe
  2⤵
  PID:4788
- C:\Windows\System\HGkrcnL.exe
  C:\Windows\System\HGkrcnL.exe
  2⤵
  PID:5208
- C:\Windows\System\MrkDFRu.exe
  C:\Windows\System\MrkDFRu.exe
  2⤵
  PID:5284
- C:\Windows\System\DjlqnXZ.exe
  C:\Windows\System\DjlqnXZ.exe
  2⤵
  PID:4652
- C:\Windows\System\HCXbnSc.exe
  C:\Windows\System\HCXbnSc.exe
  2⤵
  PID:5172
- C:\Windows\System\MTFvCOq.exe
  C:\Windows\System\MTFvCOq.exe
  2⤵
  PID:5312
- C:\Windows\System\ABNkzbq.exe
  C:\Windows\System\ABNkzbq.exe
  2⤵
  PID:5192
- C:\Windows\System\BVdjyuc.exe
  C:\Windows\System\BVdjyuc.exe
  2⤵
  PID:5256
- C:\Windows\System\KcHxAVO.exe
  C:\Windows\System\KcHxAVO.exe
  2⤵
  PID:5364
- C:\Windows\System\AnHZkKk.exe
  C:\Windows\System\AnHZkKk.exe
  2⤵
  PID:5220
- C:\Windows\System\oEkyBBS.exe
  C:\Windows\System\oEkyBBS.exe
  2⤵
  PID:5420
- C:\Windows\System\zbtPtgv.exe
  C:\Windows\System\zbtPtgv.exe
  2⤵
  PID:5428
- C:\Windows\System\qRfqraw.exe
  C:\Windows\System\qRfqraw.exe
  2⤵
  PID:5492
- C:\Windows\System\UwogLiA.exe
  C:\Windows\System\UwogLiA.exe
  2⤵
  PID:5524
- C:\Windows\System\tLZqLBH.exe
  C:\Windows\System\tLZqLBH.exe
  2⤵
  PID:5508
- C:\Windows\System\ZIslOnb.exe
  C:\Windows\System\ZIslOnb.exe
  2⤵
  PID:5572
- C:\Windows\System\jKwTXuB.exe
  C:\Windows\System\jKwTXuB.exe
  2⤵
  PID:5092
- C:\Windows\System\TcCyIFY.exe
  C:\Windows\System\TcCyIFY.exe
  2⤵
  PID:5644
- C:\Windows\System\nXdpDlN.exe
  C:\Windows\System\nXdpDlN.exe
  2⤵
  PID:5692
- C:\Windows\System\xPhswWs.exe
  C:\Windows\System\xPhswWs.exe
  2⤵
  PID:5756
- C:\Windows\System\PVcQEws.exe
  C:\Windows\System\PVcQEws.exe
  2⤵
  PID:5772
- C:\Windows\System\vAkQjgR.exe
  C:\Windows\System\vAkQjgR.exe
  2⤵
  PID:5796
- C:\Windows\System\axROswO.exe
  C:\Windows\System\axROswO.exe
  2⤵
  PID:5860
- C:\Windows\System\XRdVIfy.exe
  C:\Windows\System\XRdVIfy.exe
  2⤵
  PID:5924
- C:\Windows\System\UFCgOrJ.exe
  C:\Windows\System\UFCgOrJ.exe
  2⤵
  PID:5808
- C:\Windows\System\FmdPQIs.exe
  C:\Windows\System\FmdPQIs.exe
  2⤵
  PID:5912
- C:\Windows\System\vXAOvTe.exe
  C:\Windows\System\vXAOvTe.exe
  2⤵
  PID:5908
- C:\Windows\System\vrHaedm.exe
  C:\Windows\System\vrHaedm.exe
  2⤵
  PID:6004
- C:\Windows\System\aUnoyIK.exe
  C:\Windows\System\aUnoyIK.exe
  2⤵
  PID:5972
- C:\Windows\System\XGyZeCH.exe
  C:\Windows\System\XGyZeCH.exe
  2⤵
  PID:6080
- C:\Windows\System\pxtBSoH.exe
  C:\Windows\System\pxtBSoH.exe
  2⤵
  PID:6064
- C:\Windows\System\yRxAVwV.exe
  C:\Windows\System\yRxAVwV.exe
  2⤵
  PID:6124
- C:\Windows\System\pgxJgcj.exe
  C:\Windows\System\pgxJgcj.exe
  2⤵
  PID:6136
- C:\Windows\System\EytHZSA.exe
  C:\Windows\System\EytHZSA.exe
  2⤵
  PID:4188
- C:\Windows\System\VaJjJNO.exe
  C:\Windows\System\VaJjJNO.exe
  2⤵
  PID:4360
- C:\Windows\System\OxpiUcY.exe
  C:\Windows\System\OxpiUcY.exe
  2⤵
  PID:4876
- C:\Windows\System\iglFRIQ.exe
  C:\Windows\System\iglFRIQ.exe
  2⤵
  PID:5348
- C:\Windows\System\OIWaCcb.exe
  C:\Windows\System\OIWaCcb.exe
  2⤵
  PID:5260
- C:\Windows\System\iTJSJPK.exe
  C:\Windows\System\iTJSJPK.exe
  2⤵
  PID:5296
- C:\Windows\System\KJzPOqk.exe
  C:\Windows\System\KJzPOqk.exe
  2⤵
  PID:5088
- C:\Windows\System\eHzqffO.exe
  C:\Windows\System\eHzqffO.exe
  2⤵
  PID:5440
- C:\Windows\System\iYeWmKD.exe
  C:\Windows\System\iYeWmKD.exe
  2⤵
  PID:5460
- C:\Windows\System\QoTNlLJ.exe
  C:\Windows\System\QoTNlLJ.exe
  2⤵
  PID:5504
- C:\Windows\System\IWKjzYh.exe
  C:\Windows\System\IWKjzYh.exe
  2⤵
  PID:5468
- C:\Windows\System\DEyNiYd.exe
  C:\Windows\System\DEyNiYd.exe
  2⤵
  PID:5540
- C:\Windows\System\dRJjrDn.exe
  C:\Windows\System\dRJjrDn.exe
  2⤵
  PID:5560
- C:\Windows\System\vxKxITX.exe
  C:\Windows\System\vxKxITX.exe
  2⤵
  PID:5660
- C:\Windows\System\OOzEgil.exe
  C:\Windows\System\OOzEgil.exe
  2⤵
  PID:5892
- C:\Windows\System\AxBtAkz.exe
  C:\Windows\System\AxBtAkz.exe
  2⤵
  PID:5896
- C:\Windows\System\WcKSBpk.exe
  C:\Windows\System\WcKSBpk.exe
  2⤵
  PID:5856
- C:\Windows\System\cjfPHKK.exe
  C:\Windows\System\cjfPHKK.exe
  2⤵
  PID:5980
- C:\Windows\System\SPVMcmD.exe
  C:\Windows\System\SPVMcmD.exe
  2⤵
  PID:5960
- C:\Windows\System\zdTNkQc.exe
  C:\Windows\System\zdTNkQc.exe
  2⤵
  PID:6076
- C:\Windows\System\mldmJLx.exe
  C:\Windows\System\mldmJLx.exe
  2⤵
  PID:6028
- C:\Windows\System\EFailot.exe
  C:\Windows\System\EFailot.exe
  2⤵
  PID:6032
- C:\Windows\System\GMlSaaA.exe
  C:\Windows\System\GMlSaaA.exe
  2⤵
  PID:5080
- C:\Windows\System\HjrqZdh.exe
  C:\Windows\System\HjrqZdh.exe
  2⤵
  PID:5276
- C:\Windows\System\TXJhkhw.exe
  C:\Windows\System\TXJhkhw.exe
  2⤵
  PID:4372
- C:\Windows\System\qsnrifh.exe
  C:\Windows\System\qsnrifh.exe
  2⤵
  PID:5132
- C:\Windows\System\yMWzNAZ.exe
  C:\Windows\System\yMWzNAZ.exe
  2⤵
  PID:5588
- C:\Windows\System\RlVwYVs.exe
  C:\Windows\System\RlVwYVs.exe
  2⤵
  PID:5604
- C:\Windows\System\qesYhlt.exe
  C:\Windows\System\qesYhlt.exe
  2⤵
  PID:5412
- C:\Windows\System\wtLllfM.exe
  C:\Windows\System\wtLllfM.exe
  2⤵
  PID:5688
- C:\Windows\System\prOfCaY.exe
  C:\Windows\System\prOfCaY.exe
  2⤵
  PID:5744
- C:\Windows\System\otGiInV.exe
  C:\Windows\System\otGiInV.exe
  2⤵
  PID:5556
- C:\Windows\System\KwQsQob.exe
  C:\Windows\System\KwQsQob.exe
  2⤵
  PID:6112
- C:\Windows\System\ycKRXTx.exe
  C:\Windows\System\ycKRXTx.exe
  2⤵
  PID:5104
- C:\Windows\System\zXZNuFd.exe
  C:\Windows\System\zXZNuFd.exe
  2⤵
  PID:5944
- C:\Windows\System\dyXTZOO.exe
  C:\Windows\System\dyXTZOO.exe
  2⤵
  PID:5872
- C:\Windows\System\DebnAYG.exe
  C:\Windows\System\DebnAYG.exe
  2⤵
  PID:5148
- C:\Windows\System\fbkJFyK.exe
  C:\Windows\System\fbkJFyK.exe
  2⤵
  PID:5100
- C:\Windows\System\aYwubqi.exe
  C:\Windows\System\aYwubqi.exe
  2⤵
  PID:5408
- C:\Windows\System\HogphJx.exe
  C:\Windows\System\HogphJx.exe
  2⤵
  PID:5552
- C:\Windows\System\WbcWRCp.exe
  C:\Windows\System\WbcWRCp.exe
  2⤵
  PID:2180
- C:\Windows\System\GTPLotB.exe
  C:\Windows\System\GTPLotB.exe
  2⤵
  PID:6000
- C:\Windows\System\VkWmOoo.exe
  C:\Windows\System\VkWmOoo.exe
  2⤵
  PID:5640
- C:\Windows\System\HNRJTCo.exe
  C:\Windows\System\HNRJTCo.exe
  2⤵
  PID:5060
- C:\Windows\System\HgHweud.exe
  C:\Windows\System\HgHweud.exe
  2⤵
  PID:5392
- C:\Windows\System\ELHXLQV.exe
  C:\Windows\System\ELHXLQV.exe
  2⤵
  PID:1576
- C:\Windows\System\qnNAcYv.exe
  C:\Windows\System\qnNAcYv.exe
  2⤵
  PID:5240
- C:\Windows\System\EmOLaQE.exe
  C:\Windows\System\EmOLaQE.exe
  2⤵
  PID:4700
- C:\Windows\System\xECmqCe.exe
  C:\Windows\System\xECmqCe.exe
  2⤵
  PID:5672
- C:\Windows\System\LPZmknI.exe
  C:\Windows\System\LPZmknI.exe
  2⤵
  PID:6016
- C:\Windows\System\TWbuDQN.exe
  C:\Windows\System\TWbuDQN.exe
  2⤵
  PID:5724
- C:\Windows\System\AMQXMmk.exe
  C:\Windows\System\AMQXMmk.exe
  2⤵
  PID:6120
- C:\Windows\System\aubisad.exe
  C:\Windows\System\aubisad.exe
  2⤵
  PID:6156
- C:\Windows\System\fFUNMkQ.exe
  C:\Windows\System\fFUNMkQ.exe
  2⤵
  PID:6184
- C:\Windows\System\CnecRix.exe
  C:\Windows\System\CnecRix.exe
  2⤵
  PID:6200
- C:\Windows\System\IKXMUlL.exe
  C:\Windows\System\IKXMUlL.exe
  2⤵
  PID:6220
- C:\Windows\System\PZXHsov.exe
  C:\Windows\System\PZXHsov.exe
  2⤵
  PID:6236
- C:\Windows\System\MLemrUi.exe
  C:\Windows\System\MLemrUi.exe
  2⤵
  PID:6264
- C:\Windows\System\BDZAOAK.exe
  C:\Windows\System\BDZAOAK.exe
  2⤵
  PID:6280
- C:\Windows\System\lGjEKrO.exe
  C:\Windows\System\lGjEKrO.exe
  2⤵
  PID:6296
- C:\Windows\System\cOUMlWp.exe
  C:\Windows\System\cOUMlWp.exe
  2⤵
  PID:6312
- C:\Windows\System\cpvugXQ.exe
  C:\Windows\System\cpvugXQ.exe
  2⤵
  PID:6344
- C:\Windows\System\QNUwSSV.exe
  C:\Windows\System\QNUwSSV.exe
  2⤵
  PID:6360
- C:\Windows\System\htOdgWv.exe
  C:\Windows\System\htOdgWv.exe
  2⤵
  PID:6376
- C:\Windows\System\rXCWfNm.exe
  C:\Windows\System\rXCWfNm.exe
  2⤵
  PID:6400
- C:\Windows\System\bQdAIUf.exe
  C:\Windows\System\bQdAIUf.exe
  2⤵
  PID:6416
- C:\Windows\System\wGjNEgj.exe
  C:\Windows\System\wGjNEgj.exe
  2⤵
  PID:6460
- C:\Windows\System\IEuAAww.exe
  C:\Windows\System\IEuAAww.exe
  2⤵
  PID:6476
- C:\Windows\System\fyoUwfI.exe
  C:\Windows\System\fyoUwfI.exe
  2⤵
  PID:6492
- C:\Windows\System\lYRpgQQ.exe
  C:\Windows\System\lYRpgQQ.exe
  2⤵
  PID:6508
- C:\Windows\System\NaEWyCq.exe
  C:\Windows\System\NaEWyCq.exe
  2⤵
  PID:6524
- C:\Windows\System\wfddBdT.exe
  C:\Windows\System\wfddBdT.exe
  2⤵
  PID:6540
- C:\Windows\System\utqQmBA.exe
  C:\Windows\System\utqQmBA.exe
  2⤵
  PID:6556
- C:\Windows\System\BOyrcvl.exe
  C:\Windows\System\BOyrcvl.exe
  2⤵
  PID:6572
- C:\Windows\System\ACvgoUf.exe
  C:\Windows\System\ACvgoUf.exe
  2⤵
  PID:6588
- C:\Windows\System\TafYMDg.exe
  C:\Windows\System\TafYMDg.exe
  2⤵
  PID:6604
- C:\Windows\System\WmGnRsD.exe
  C:\Windows\System\WmGnRsD.exe
  2⤵
  PID:6620
- C:\Windows\System\QwCHHFQ.exe
  C:\Windows\System\QwCHHFQ.exe
  2⤵
  PID:6636
- C:\Windows\System\AxRekzu.exe
  C:\Windows\System\AxRekzu.exe
  2⤵
  PID:6652
- C:\Windows\System\hJLaapn.exe
  C:\Windows\System\hJLaapn.exe
  2⤵
  PID:6672
- C:\Windows\System\MEqIMfL.exe
  C:\Windows\System\MEqIMfL.exe
  2⤵
  PID:6688
- C:\Windows\System\AMNMqxs.exe
  C:\Windows\System\AMNMqxs.exe
  2⤵
  PID:6704
- C:\Windows\System\xQgypqX.exe
  C:\Windows\System\xQgypqX.exe
  2⤵
  PID:6720
- C:\Windows\System\gIDasPp.exe
  C:\Windows\System\gIDasPp.exe
  2⤵
  PID:6736
- C:\Windows\System\ECTEWIm.exe
  C:\Windows\System\ECTEWIm.exe
  2⤵
  PID:6752
- C:\Windows\System\WlRThMR.exe
  C:\Windows\System\WlRThMR.exe
  2⤵
  PID:6768
- C:\Windows\System\LXUffsK.exe
  C:\Windows\System\LXUffsK.exe
  2⤵
  PID:6788
- C:\Windows\System\gFRSRBZ.exe
  C:\Windows\System\gFRSRBZ.exe
  2⤵
  PID:6820
- C:\Windows\System\kVyqHwH.exe
  C:\Windows\System\kVyqHwH.exe
  2⤵
  PID:6836
- C:\Windows\System\CiQMrEO.exe
  C:\Windows\System\CiQMrEO.exe
  2⤵
  PID:6852
- C:\Windows\System\DSfeZWq.exe
  C:\Windows\System\DSfeZWq.exe
  2⤵
  PID:6868
- C:\Windows\System\PBAZnKo.exe
  C:\Windows\System\PBAZnKo.exe
  2⤵
  PID:6884
- C:\Windows\System\syCrvrh.exe
  C:\Windows\System\syCrvrh.exe
  2⤵
  PID:6900
- C:\Windows\System\hDTeKdU.exe
  C:\Windows\System\hDTeKdU.exe
  2⤵
  PID:6916
- C:\Windows\System\DCZoVJh.exe
  C:\Windows\System\DCZoVJh.exe
  2⤵
  PID:6932
- C:\Windows\System\AxvnzpW.exe
  C:\Windows\System\AxvnzpW.exe
  2⤵
  PID:6948
- C:\Windows\System\VhiSiLO.exe
  C:\Windows\System\VhiSiLO.exe
  2⤵
  PID:6964
- C:\Windows\System\hagKYkJ.exe
  C:\Windows\System\hagKYkJ.exe
  2⤵
  PID:6980
- C:\Windows\System\yNTrwvP.exe
  C:\Windows\System\yNTrwvP.exe
  2⤵
  PID:6996
- C:\Windows\System\bhdotSb.exe
  C:\Windows\System\bhdotSb.exe
  2⤵
  PID:7016
- C:\Windows\System\LfAddfw.exe
  C:\Windows\System\LfAddfw.exe
  2⤵
  PID:7036
- C:\Windows\System\RcYiZMC.exe
  C:\Windows\System\RcYiZMC.exe
  2⤵
  PID:7052
- C:\Windows\System\DnwtSZY.exe
  C:\Windows\System\DnwtSZY.exe
  2⤵
  PID:7068
- C:\Windows\System\RFMHFZF.exe
  C:\Windows\System\RFMHFZF.exe
  2⤵
  PID:7084
- C:\Windows\System\luLQMrh.exe
  C:\Windows\System\luLQMrh.exe
  2⤵
  PID:7100
- C:\Windows\System\yQmVQFV.exe
  C:\Windows\System\yQmVQFV.exe
  2⤵
  PID:7116
- C:\Windows\System\BXWBfwC.exe
  C:\Windows\System\BXWBfwC.exe
  2⤵
  PID:7132
- C:\Windows\System\dRIxwMe.exe
  C:\Windows\System\dRIxwMe.exe
  2⤵
  PID:7152
- C:\Windows\System\RGmjuaD.exe
  C:\Windows\System\RGmjuaD.exe
  2⤵
  PID:6148
- C:\Windows\System\DsVBkpa.exe
  C:\Windows\System\DsVBkpa.exe
  2⤵
  PID:5788
- C:\Windows\System\chLEIeK.exe
  C:\Windows\System\chLEIeK.exe
  2⤵
  PID:5352
- C:\Windows\System\MYDOllc.exe
  C:\Windows\System\MYDOllc.exe
  2⤵
  PID:5712
- C:\Windows\System\LQGuGYX.exe
  C:\Windows\System\LQGuGYX.exe
  2⤵
  PID:6176
- C:\Windows\System\EUcVCUA.exe
  C:\Windows\System\EUcVCUA.exe
  2⤵
  PID:6244
- C:\Windows\System\XUPjCSg.exe
  C:\Windows\System\XUPjCSg.exe
  2⤵
  PID:6256
- C:\Windows\System\hidOBbT.exe
  C:\Windows\System\hidOBbT.exe
  2⤵
  PID:6356
- C:\Windows\System\zFZyEPi.exe
  C:\Windows\System\zFZyEPi.exe
  2⤵
  PID:6384
- C:\Windows\System\RZDQRMJ.exe
  C:\Windows\System\RZDQRMJ.exe
  2⤵
  PID:6320
- C:\Windows\System\KQEdArT.exe
  C:\Windows\System\KQEdArT.exe
  2⤵
  PID:6288
- C:\Windows\System\WQSbLbJ.exe
  C:\Windows\System\WQSbLbJ.exe
  2⤵
  PID:6412
- C:\Windows\System\pNWcJGy.exe
  C:\Windows\System\pNWcJGy.exe
  2⤵
  PID:2004
- C:\Windows\System\DYrsIZn.exe
  C:\Windows\System\DYrsIZn.exe
  2⤵
  PID:2624
- C:\Windows\System\BUCwSyM.exe
  C:\Windows\System\BUCwSyM.exe
  2⤵
  PID:6488
- C:\Windows\System\lsxpDvZ.exe
  C:\Windows\System\lsxpDvZ.exe
  2⤵
  PID:6548
- C:\Windows\System\LPUJpZr.exe
  C:\Windows\System\LPUJpZr.exe
  2⤵
  PID:6584
- C:\Windows\System\jqKnsRk.exe
  C:\Windows\System\jqKnsRk.exe
  2⤵
  PID:6760
- C:\Windows\System\TcfMmlH.exe
  C:\Windows\System\TcfMmlH.exe
  2⤵
  PID:6816
- C:\Windows\System\YsJvbgF.exe
  C:\Windows\System\YsJvbgF.exe
  2⤵
  PID:6860
- C:\Windows\System\GUEveoz.exe
  C:\Windows\System\GUEveoz.exe
  2⤵
  PID:6944
- C:\Windows\System\QqAEsne.exe
  C:\Windows\System\QqAEsne.exe
  2⤵
  PID:7092
- C:\Windows\System\PRnGlwo.exe
  C:\Windows\System\PRnGlwo.exe
  2⤵
  PID:2160
- C:\Windows\System\WLokple.exe
  C:\Windows\System\WLokple.exe
  2⤵
  PID:2408
- C:\Windows\System\LKxftNf.exe
  C:\Windows\System\LKxftNf.exe
  2⤵
  PID:7108
- C:\Windows\System\EdBUOmE.exe
  C:\Windows\System\EdBUOmE.exe
  2⤵
  PID:7096
- C:\Windows\System\cjKODfb.exe
  C:\Windows\System\cjKODfb.exe
  2⤵
  PID:6100
- C:\Windows\System\oFzTAvq.exe
  C:\Windows\System\oFzTAvq.exe
  2⤵
  PID:6192
- C:\Windows\System\fiUOgxr.exe
  C:\Windows\System\fiUOgxr.exe
  2⤵
  PID:6180
- C:\Windows\System\VJkLTvV.exe
  C:\Windows\System\VJkLTvV.exe
  2⤵
  PID:6212
- C:\Windows\System\LrKkBbG.exe
  C:\Windows\System\LrKkBbG.exe
  2⤵
  PID:6424
- C:\Windows\System\nQdLJQG.exe
  C:\Windows\System\nQdLJQG.exe
  2⤵
  PID:6352
- C:\Windows\System\EpexyCD.exe
  C:\Windows\System\EpexyCD.exe
  2⤵
  PID:6440
- C:\Windows\System\RCPVwst.exe
  C:\Windows\System\RCPVwst.exe
  2⤵
  PID:6368
- C:\Windows\System\NfDsVmX.exe
  C:\Windows\System\NfDsVmX.exe
  2⤵
  PID:2252
- C:\Windows\System\zmXChWo.exe
  C:\Windows\System\zmXChWo.exe
  2⤵
  PID:6500
- C:\Windows\System\msbvROe.exe
  C:\Windows\System\msbvROe.exe
  2⤵
  PID:6568
- C:\Windows\System\TiOGaIj.exe
  C:\Windows\System\TiOGaIj.exe
  2⤵
  PID:6628
- C:\Windows\System\WSjCyWU.exe
  C:\Windows\System\WSjCyWU.exe
  2⤵
  PID:2612
- C:\Windows\System\NSRPPsh.exe
  C:\Windows\System\NSRPPsh.exe
  2⤵
  PID:6716
- C:\Windows\System\IMJaCZL.exe
  C:\Windows\System\IMJaCZL.exe
  2⤵
  PID:6744
- C:\Windows\System\ghRYAZH.exe
  C:\Windows\System\ghRYAZH.exe
  2⤵
  PID:6796
- C:\Windows\System\xZxrpwg.exe
  C:\Windows\System\xZxrpwg.exe
  2⤵
  PID:6864
- C:\Windows\System\DwGsmNy.exe
  C:\Windows\System\DwGsmNy.exe
  2⤵
  PID:6924
- C:\Windows\System\gqEnPxV.exe
  C:\Windows\System\gqEnPxV.exe
  2⤵
  PID:7024
- C:\Windows\System\oSBcHgr.exe
  C:\Windows\System\oSBcHgr.exe
  2⤵
  PID:7028
- C:\Windows\System\rzgDZIg.exe
  C:\Windows\System\rzgDZIg.exe
  2⤵
  PID:6976
- C:\Windows\System\hFcZTpe.exe
  C:\Windows\System\hFcZTpe.exe
  2⤵
  PID:2948
- C:\Windows\System\kYsYcUD.exe
  C:\Windows\System\kYsYcUD.exe
  2⤵
  PID:7144
- C:\Windows\System\CVdEFxH.exe
  C:\Windows\System\CVdEFxH.exe
  2⤵
  PID:6168
- C:\Windows\System\CNFrmxR.exe
  C:\Windows\System\CNFrmxR.exe
  2⤵
  PID:6260
- C:\Windows\System\RaCHPPY.exe
  C:\Windows\System\RaCHPPY.exe
  2⤵
  PID:6784
- C:\Windows\System\tJxRvwp.exe
  C:\Windows\System\tJxRvwp.exe
  2⤵
  PID:2120
- C:\Windows\System\TdkRexS.exe
  C:\Windows\System\TdkRexS.exe
  2⤵
  PID:6436
- C:\Windows\System\rVpQvBe.exe
  C:\Windows\System\rVpQvBe.exe
  2⤵
  PID:1536
- C:\Windows\System\RsTKvpg.exe
  C:\Windows\System\RsTKvpg.exe
  2⤵
  PID:6668
- C:\Windows\System\qKxWfMP.exe
  C:\Windows\System\qKxWfMP.exe
  2⤵
  PID:6564
- C:\Windows\System\QdVcPfk.exe
  C:\Windows\System\QdVcPfk.exe
  2⤵
  PID:6696
- C:\Windows\System\USIBahY.exe
  C:\Windows\System\USIBahY.exe
  2⤵
  PID:6764
- C:\Windows\System\SYywmQe.exe
  C:\Windows\System\SYywmQe.exe
  2⤵
  PID:6848
- C:\Windows\System\LhXehHg.exe
  C:\Windows\System\LhXehHg.exe
  2⤵
  PID:7060
- C:\Windows\System\hOTrnou.exe
  C:\Windows\System\hOTrnou.exe
  2⤵
  PID:6960
- C:\Windows\System\XLFmYXq.exe
  C:\Windows\System\XLFmYXq.exe
  2⤵
  PID:7048
- C:\Windows\System\TNNljHz.exe
  C:\Windows\System\TNNljHz.exe
  2⤵
  PID:6196
- C:\Windows\System\wigNaVT.exe
  C:\Windows\System\wigNaVT.exe
  2⤵
  PID:6388
- C:\Windows\System\mktbUTq.exe
  C:\Windows\System\mktbUTq.exe
  2⤵
  PID:4392
- C:\Windows\System\BmylKJM.exe
  C:\Windows\System\BmylKJM.exe
  2⤵
  PID:6396
- C:\Windows\System\KUXEElC.exe
  C:\Windows\System\KUXEElC.exe
  2⤵
  PID:6324
- C:\Windows\System\mTkfoQg.exe
  C:\Windows\System\mTkfoQg.exe
  2⤵
  PID:6748
- C:\Windows\System\YfPfbJK.exe
  C:\Windows\System\YfPfbJK.exe
  2⤵
  PID:6812
- C:\Windows\System\SzrKNwX.exe
  C:\Windows\System\SzrKNwX.exe
  2⤵
  PID:6992
- C:\Windows\System\GkDWBAd.exe
  C:\Windows\System\GkDWBAd.exe
  2⤵
  PID:5984
- C:\Windows\System\CTnotLB.exe
  C:\Windows\System\CTnotLB.exe
  2⤵
  PID:6908
- C:\Windows\System\PlvcxXp.exe
  C:\Windows\System\PlvcxXp.exe
  2⤵
  PID:7124
- C:\Windows\System\ZYLSNqd.exe
  C:\Windows\System\ZYLSNqd.exe
  2⤵
  PID:6876
- C:\Windows\System\HVBBiYc.exe
  C:\Windows\System\HVBBiYc.exe
  2⤵
  PID:7080
- C:\Windows\System\QLvSFtg.exe
  C:\Windows\System\QLvSFtg.exe
  2⤵
  PID:6580
- C:\Windows\System\AmjlIFi.exe
  C:\Windows\System\AmjlIFi.exe
  2⤵
  PID:6700
- C:\Windows\System\MLBzSQC.exe
  C:\Windows\System\MLBzSQC.exe
  2⤵
  PID:6432
- C:\Windows\System\FOUGvtH.exe
  C:\Windows\System\FOUGvtH.exe
  2⤵
  PID:6988
- C:\Windows\System\oSjWhIr.exe
  C:\Windows\System\oSjWhIr.exe
  2⤵
  PID:6532
- C:\Windows\System\yKRpyPj.exe
  C:\Windows\System\yKRpyPj.exe
  2⤵
  PID:6684
- C:\Windows\System\FKEJIup.exe
  C:\Windows\System\FKEJIup.exe
  2⤵
  PID:7176
- C:\Windows\System\scMVvGE.exe
  C:\Windows\System\scMVvGE.exe
  2⤵
  PID:7196
- C:\Windows\System\NUfoguD.exe
  C:\Windows\System\NUfoguD.exe
  2⤵
  PID:7216
- C:\Windows\System\vvCvnJq.exe
  C:\Windows\System\vvCvnJq.exe
  2⤵
  PID:7232
- C:\Windows\System\iZnSWQZ.exe
  C:\Windows\System\iZnSWQZ.exe
  2⤵
  PID:7248
- C:\Windows\System\YKnQIJo.exe
  C:\Windows\System\YKnQIJo.exe
  2⤵
  PID:7264
- C:\Windows\System\wjVJnGO.exe
  C:\Windows\System\wjVJnGO.exe
  2⤵
  PID:7300
- C:\Windows\System\bavtdmo.exe
  C:\Windows\System\bavtdmo.exe
  2⤵
  PID:7320
- C:\Windows\System\UfOmLSP.exe
  C:\Windows\System\UfOmLSP.exe
  2⤵
  PID:7336
- C:\Windows\System\hJnHvsC.exe
  C:\Windows\System\hJnHvsC.exe
  2⤵
  PID:7356
- C:\Windows\System\DDOZgbe.exe
  C:\Windows\System\DDOZgbe.exe
  2⤵
  PID:7376
- C:\Windows\System\meodnOn.exe
  C:\Windows\System\meodnOn.exe
  2⤵
  PID:7392
- C:\Windows\System\sKtvOyS.exe
  C:\Windows\System\sKtvOyS.exe
  2⤵
  PID:7408
- C:\Windows\System\jFUYzGe.exe
  C:\Windows\System\jFUYzGe.exe
  2⤵
  PID:7428
- C:\Windows\System\tZaSsfF.exe
  C:\Windows\System\tZaSsfF.exe
  2⤵
  PID:7444
- C:\Windows\System\jgFImSk.exe
  C:\Windows\System\jgFImSk.exe
  2⤵
  PID:7464
- C:\Windows\System\XETTYWK.exe
  C:\Windows\System\XETTYWK.exe
  2⤵
  PID:7484
- C:\Windows\System\QkLZUjK.exe
  C:\Windows\System\QkLZUjK.exe
  2⤵
  PID:7500
- C:\Windows\System\lriaRDY.exe
  C:\Windows\System\lriaRDY.exe
  2⤵
  PID:7524
- C:\Windows\System\PGqLGuf.exe
  C:\Windows\System\PGqLGuf.exe
  2⤵
  PID:7540
- C:\Windows\System\uuAQDRd.exe
  C:\Windows\System\uuAQDRd.exe
  2⤵
  PID:7564
- C:\Windows\System\KkbpQbp.exe
  C:\Windows\System\KkbpQbp.exe
  2⤵
  PID:7580
- C:\Windows\System\mUmyLOK.exe
  C:\Windows\System\mUmyLOK.exe
  2⤵
  PID:7596
- C:\Windows\System\ycWbRNx.exe
  C:\Windows\System\ycWbRNx.exe
  2⤵
  PID:7612
- C:\Windows\System\aIGFJRx.exe
  C:\Windows\System\aIGFJRx.exe
  2⤵
  PID:7628
- C:\Windows\System\dFOlTcs.exe
  C:\Windows\System\dFOlTcs.exe
  2⤵
  PID:7648
- C:\Windows\System\tyvpaDP.exe
  C:\Windows\System\tyvpaDP.exe
  2⤵
  PID:7668
- C:\Windows\System\gPpDPYO.exe
  C:\Windows\System\gPpDPYO.exe
  2⤵
  PID:7688
- C:\Windows\System\MAbLBan.exe
  C:\Windows\System\MAbLBan.exe
  2⤵
  PID:7720
- C:\Windows\System\nUBLSSc.exe
  C:\Windows\System\nUBLSSc.exe
  2⤵
  PID:7768
- C:\Windows\System\yEZzCVF.exe
  C:\Windows\System\yEZzCVF.exe
  2⤵
  PID:7784
- C:\Windows\System\bPbKLfG.exe
  C:\Windows\System\bPbKLfG.exe
  2⤵
  PID:7800
- C:\Windows\System\cbGWlTI.exe
  C:\Windows\System\cbGWlTI.exe
  2⤵
  PID:7828
- C:\Windows\System\JhklfUf.exe
  C:\Windows\System\JhklfUf.exe
  2⤵
  PID:7848
- C:\Windows\System\kmcUqeu.exe
  C:\Windows\System\kmcUqeu.exe
  2⤵
  PID:7864
- C:\Windows\System\ESgPItx.exe
  C:\Windows\System\ESgPItx.exe
  2⤵
  PID:7880
- C:\Windows\System\CyvzGba.exe
  C:\Windows\System\CyvzGba.exe
  2⤵
  PID:7896
- C:\Windows\System\jXDkchb.exe
  C:\Windows\System\jXDkchb.exe
  2⤵
  PID:7912
- C:\Windows\System\vWpOweL.exe
  C:\Windows\System\vWpOweL.exe
  2⤵
  PID:7936
- C:\Windows\System\zZTyXEm.exe
  C:\Windows\System\zZTyXEm.exe
  2⤵
  PID:7952
- C:\Windows\System\eIuxZCM.exe
  C:\Windows\System\eIuxZCM.exe
  2⤵
  PID:8036
- C:\Windows\System\llMELPY.exe
  C:\Windows\System\llMELPY.exe
  2⤵
  PID:8060
- C:\Windows\System\CgoVQjy.exe
  C:\Windows\System\CgoVQjy.exe
  2⤵
  PID:8080
- C:\Windows\System\dlQTuPU.exe
  C:\Windows\System\dlQTuPU.exe
  2⤵
  PID:8100
- C:\Windows\System\fNnKRla.exe
  C:\Windows\System\fNnKRla.exe
  2⤵
  PID:8120
- C:\Windows\System\BszVtMA.exe
  C:\Windows\System\BszVtMA.exe
  2⤵
  PID:8144
- C:\Windows\System\GLcVObL.exe
  C:\Windows\System\GLcVObL.exe
  2⤵
  PID:8160
- C:\Windows\System\mTNDCAJ.exe
  C:\Windows\System\mTNDCAJ.exe
  2⤵
  PID:8184
- C:\Windows\System\TAvqryt.exe
  C:\Windows\System\TAvqryt.exe
  2⤵
  PID:7204
- C:\Windows\System\OqiMPyx.exe
  C:\Windows\System\OqiMPyx.exe
  2⤵
  PID:6292
- C:\Windows\System\grHQMmP.exe
  C:\Windows\System\grHQMmP.exe
  2⤵
  PID:7272
- C:\Windows\System\VopclVZ.exe
  C:\Windows\System\VopclVZ.exe
  2⤵
  PID:7328
- C:\Windows\System\KHigsSz.exe
  C:\Windows\System\KHigsSz.exe
  2⤵
  PID:7400
- C:\Windows\System\sViGzUy.exe
  C:\Windows\System\sViGzUy.exe
  2⤵
  PID:7476
- C:\Windows\System\AxLWRMg.exe
  C:\Windows\System\AxLWRMg.exe
  2⤵
  PID:7520
- C:\Windows\System\JcFwTjE.exe
  C:\Windows\System\JcFwTjE.exe
  2⤵
  PID:7184
- C:\Windows\System\oknQJGV.exe
  C:\Windows\System\oknQJGV.exe
  2⤵
  PID:7260
- C:\Windows\System\JSDhhxt.exe
  C:\Windows\System\JSDhhxt.exe
  2⤵
  PID:7656
- C:\Windows\System\ziwszWJ.exe
  C:\Windows\System\ziwszWJ.exe
  2⤵
  PID:7700
- C:\Windows\System\XyWVpxB.exe
  C:\Windows\System\XyWVpxB.exe
  2⤵
  PID:7312
- C:\Windows\System\wzVcqaq.exe
  C:\Windows\System\wzVcqaq.exe
  2⤵
  PID:7372
- C:\Windows\System\VfgYFcN.exe
  C:\Windows\System\VfgYFcN.exe
  2⤵
  PID:7420
- C:\Windows\System\rDmwFjM.exe
  C:\Windows\System\rDmwFjM.exe
  2⤵
  PID:7492
- C:\Windows\System\ttGLXQF.exe
  C:\Windows\System\ttGLXQF.exe
  2⤵
  PID:7604
- C:\Windows\System\wxNnwkq.exe
  C:\Windows\System\wxNnwkq.exe
  2⤵
  PID:7680
- C:\Windows\System\PWiUkjP.exe
  C:\Windows\System\PWiUkjP.exe
  2⤵
  PID:7712
- C:\Windows\System\hRolwVa.exe
  C:\Windows\System\hRolwVa.exe
  2⤵
  PID:7760
- C:\Windows\System\QpXcnIX.exe
  C:\Windows\System\QpXcnIX.exe
  2⤵
  PID:7752
- C:\Windows\System\CrtwbDY.exe
  C:\Windows\System\CrtwbDY.exe
  2⤵
  PID:7816
- C:\Windows\System\LsDsSVJ.exe
  C:\Windows\System\LsDsSVJ.exe
  2⤵
  PID:7856
- C:\Windows\System\ouoiEsX.exe
  C:\Windows\System\ouoiEsX.exe
  2⤵
  PID:7944
- C:\Windows\System\KqKxiXM.exe
  C:\Windows\System\KqKxiXM.exe
  2⤵
  PID:7960
- C:\Windows\System\fTSrdqS.exe
  C:\Windows\System\fTSrdqS.exe
  2⤵
  PID:7892
- C:\Windows\System\ySbSKpy.exe
  C:\Windows\System\ySbSKpy.exe
  2⤵
  PID:7980
- C:\Windows\System\MrKsODk.exe
  C:\Windows\System\MrKsODk.exe
  2⤵
  PID:2592
- C:\Windows\System\qIAvqRG.exe
  C:\Windows\System\qIAvqRG.exe
  2⤵
  PID:8028
- C:\Windows\System\kDTIUJb.exe
  C:\Windows\System\kDTIUJb.exe
  2⤵
  PID:8056
- C:\Windows\System\TKoFQyG.exe
  C:\Windows\System\TKoFQyG.exe
  2⤵
  PID:8052
- C:\Windows\System\ojcWOrV.exe
  C:\Windows\System\ojcWOrV.exe
  2⤵
  PID:8108
- C:\Windows\System\UNxIjVf.exe
  C:\Windows\System\UNxIjVf.exe
  2⤵
  PID:8140
- C:\Windows\System\ZVQziQJ.exe
  C:\Windows\System\ZVQziQJ.exe
  2⤵
  PID:8180
- C:\Windows\System\XpBLHHx.exe
  C:\Windows\System\XpBLHHx.exe
  2⤵
  PID:7208
- C:\Windows\System\TOJqOJN.exe
  C:\Windows\System\TOJqOJN.exe
  2⤵
  PID:7296
- C:\Windows\System\eTePusU.exe
  C:\Windows\System\eTePusU.exe
  2⤵
  PID:7364
- C:\Windows\System\APgFwVo.exe
  C:\Windows\System\APgFwVo.exe
  2⤵
  PID:7560
- C:\Windows\System\UFDQrTw.exe
  C:\Windows\System\UFDQrTw.exe
  2⤵
  PID:7224
- C:\Windows\System\fCekMCK.exe
  C:\Windows\System\fCekMCK.exe
  2⤵
  PID:7512
- C:\Windows\System\AIkxMuO.exe
  C:\Windows\System\AIkxMuO.exe
  2⤵
  PID:7348
- C:\Windows\System\cVlvMsR.exe
  C:\Windows\System\cVlvMsR.exe
  2⤵
  PID:7640
- C:\Windows\System\kAKlDbP.exe
  C:\Windows\System\kAKlDbP.exe
  2⤵
  PID:7732
- C:\Windows\System\aWTvbbr.exe
  C:\Windows\System\aWTvbbr.exe
  2⤵
  PID:7532
- C:\Windows\System\OKPXQYD.exe
  C:\Windows\System\OKPXQYD.exe
  2⤵
  PID:7776
- C:\Windows\System\UzGKBDz.exe
  C:\Windows\System\UzGKBDz.exe
  2⤵
  PID:7796
- C:\Windows\System\RvYZgcB.exe
  C:\Windows\System\RvYZgcB.exe
  2⤵
  PID:7860
- C:\Windows\System\zehFsBc.exe
  C:\Windows\System\zehFsBc.exe
  2⤵
  PID:6596
- C:\Windows\System\YQTVqKT.exe
  C:\Windows\System\YQTVqKT.exe
  2⤵
  PID:7928
- C:\Windows\System\jSFuqOv.exe
  C:\Windows\System\jSFuqOv.exe
  2⤵
  PID:7992
- C:\Windows\System\CCOislI.exe
  C:\Windows\System\CCOislI.exe
  2⤵
  PID:8088
- C:\Windows\System\cFNADaX.exe
  C:\Windows\System\cFNADaX.exe
  2⤵
  PID:1768
- C:\Windows\System\ONDPJxo.exe
  C:\Windows\System\ONDPJxo.exe
  2⤵
  PID:8172
- C:\Windows\System\ENrZRML.exe
  C:\Windows\System\ENrZRML.exe
  2⤵
  PID:7276
- C:\Windows\System\WhwjfjO.exe
  C:\Windows\System\WhwjfjO.exe
  2⤵
  PID:7368
- C:\Windows\System\NAnMGHp.exe
  C:\Windows\System\NAnMGHp.exe
  2⤵
  PID:7188
- C:\Windows\System\DpbRmqq.exe
  C:\Windows\System\DpbRmqq.exe
  2⤵
  PID:7388
- C:\Windows\System\vyqLySC.exe
  C:\Windows\System\vyqLySC.exe
  2⤵
  PID:7460
- C:\Windows\System\irleMCA.exe
  C:\Windows\System\irleMCA.exe
  2⤵
  PID:7676
- C:\Windows\System\NSvtCyD.exe
  C:\Windows\System\NSvtCyD.exe
  2⤵
  PID:7872
- C:\Windows\System\svzNGWc.exe
  C:\Windows\System\svzNGWc.exe
  2⤵
  PID:7696
- C:\Windows\System\tVUsWkY.exe
  C:\Windows\System\tVUsWkY.exe
  2⤵
  PID:7988
- C:\Windows\System\bfJPYjv.exe
  C:\Windows\System\bfJPYjv.exe
  2⤵
  PID:7964
- C:\Windows\System\uyoQmWJ.exe
  C:\Windows\System\uyoQmWJ.exe
  2⤵
  PID:8168
- C:\Windows\System\lSDXWFP.exe
  C:\Windows\System\lSDXWFP.exe
  2⤵
  PID:8112
- C:\Windows\System\JBIsVJW.exe
  C:\Windows\System\JBIsVJW.exe
  2⤵
  PID:8116
- C:\Windows\System\wRcuuqk.exe
  C:\Windows\System\wRcuuqk.exe
  2⤵
  PID:6712
- C:\Windows\System\rlEqCNC.exe
  C:\Windows\System\rlEqCNC.exe
  2⤵
  PID:7636
- C:\Windows\System\peRrrhs.exe
  C:\Windows\System\peRrrhs.exe
  2⤵
  PID:8044
- C:\Windows\System\plUorzd.exe
  C:\Windows\System\plUorzd.exe
  2⤵
  PID:7708
- C:\Windows\System\dWynYRq.exe
  C:\Windows\System\dWynYRq.exe
  2⤵
  PID:7972
- C:\Windows\System\LqLCiAB.exe
  C:\Windows\System\LqLCiAB.exe
  2⤵
  PID:7920
- C:\Windows\System\LXEGrpf.exe
  C:\Windows\System\LXEGrpf.exe
  2⤵
  PID:7440
- C:\Windows\System\QQFSeXQ.exe
  C:\Windows\System\QQFSeXQ.exe
  2⤵
  PID:8156
- C:\Windows\System\aCTIvyW.exe
  C:\Windows\System\aCTIvyW.exe
  2⤵
  PID:7836
- C:\Windows\System\KkDLXVh.exe
  C:\Windows\System\KkDLXVh.exe
  2⤵
  PID:7704
- C:\Windows\System\wMorFty.exe
  C:\Windows\System\wMorFty.exe
  2⤵
  PID:7624
- C:\Windows\System\TpXkTnb.exe
  C:\Windows\System\TpXkTnb.exe
  2⤵
  PID:7740
- C:\Windows\System\OoRqxhx.exe
  C:\Windows\System\OoRqxhx.exe
  2⤵
  PID:8200
- C:\Windows\System\BtDGVVW.exe
  C:\Windows\System\BtDGVVW.exe
  2⤵
  PID:8216
- C:\Windows\System\xoFKFiO.exe
  C:\Windows\System\xoFKFiO.exe
  2⤵
  PID:8260
- C:\Windows\System\nWUlOsW.exe
  C:\Windows\System\nWUlOsW.exe
  2⤵
  PID:8280
- C:\Windows\System\LNjHwoY.exe
  C:\Windows\System\LNjHwoY.exe
  2⤵
  PID:8300
- C:\Windows\System\lcNfymJ.exe
  C:\Windows\System\lcNfymJ.exe
  2⤵
  PID:8316
- C:\Windows\System\YYsUrRB.exe
  C:\Windows\System\YYsUrRB.exe
  2⤵
  PID:8336
- C:\Windows\System\gPfhMuU.exe
  C:\Windows\System\gPfhMuU.exe
  2⤵
  PID:8352
- C:\Windows\System\JyxGacx.exe
  C:\Windows\System\JyxGacx.exe
  2⤵
  PID:8372
- C:\Windows\System\eXmiugt.exe
  C:\Windows\System\eXmiugt.exe
  2⤵
  PID:8400
- C:\Windows\System\RuGLavO.exe
  C:\Windows\System\RuGLavO.exe
  2⤵
  PID:8416
- C:\Windows\System\PXYYhkw.exe
  C:\Windows\System\PXYYhkw.exe
  2⤵
  PID:8436
- C:\Windows\System\EFprhuE.exe
  C:\Windows\System\EFprhuE.exe
  2⤵
  PID:8452
- C:\Windows\System\xHrYbkJ.exe
  C:\Windows\System\xHrYbkJ.exe
  2⤵
  PID:8472
- C:\Windows\System\scMLmzW.exe
  C:\Windows\System\scMLmzW.exe
  2⤵
  PID:8488
- C:\Windows\System\diwrhDF.exe
  C:\Windows\System\diwrhDF.exe
  2⤵
  PID:8508
- C:\Windows\System\zHOyaDi.exe
  C:\Windows\System\zHOyaDi.exe
  2⤵
  PID:8524
- C:\Windows\System\hrhIkTp.exe
  C:\Windows\System\hrhIkTp.exe
  2⤵
  PID:8564
- C:\Windows\System\NOlYmdx.exe
  C:\Windows\System\NOlYmdx.exe
  2⤵
  PID:8580
- C:\Windows\System\LyiHWgr.exe
  C:\Windows\System\LyiHWgr.exe
  2⤵
  PID:8596
- C:\Windows\System\ZqTHnam.exe
  C:\Windows\System\ZqTHnam.exe
  2⤵
  PID:8612
- C:\Windows\System\ixGiJiB.exe
  C:\Windows\System\ixGiJiB.exe
  2⤵
  PID:8640
- C:\Windows\System\jqoGhym.exe
  C:\Windows\System\jqoGhym.exe
  2⤵
  PID:8656
- C:\Windows\System\nmExBLA.exe
  C:\Windows\System\nmExBLA.exe
  2⤵
  PID:8676
- C:\Windows\System\hurYANN.exe
  C:\Windows\System\hurYANN.exe
  2⤵
  PID:8692
- C:\Windows\System\ZtJRFiz.exe
  C:\Windows\System\ZtJRFiz.exe
  2⤵
  PID:8708
- C:\Windows\System\SqkJJwi.exe
  C:\Windows\System\SqkJJwi.exe
  2⤵
  PID:8728
- C:\Windows\System\BnFxpoU.exe
  C:\Windows\System\BnFxpoU.exe
  2⤵
  PID:8748
- C:\Windows\System\WgorcVD.exe
  C:\Windows\System\WgorcVD.exe
  2⤵
  PID:8784
- C:\Windows\System\DOADaRz.exe
  C:\Windows\System\DOADaRz.exe
  2⤵
  PID:8800
- C:\Windows\System\GHFnpEA.exe
  C:\Windows\System\GHFnpEA.exe
  2⤵
  PID:8816
- C:\Windows\System\KALPuAF.exe
  C:\Windows\System\KALPuAF.exe
  2⤵
  PID:8832
- C:\Windows\System\XCHQbQp.exe
  C:\Windows\System\XCHQbQp.exe
  2⤵
  PID:8848
- C:\Windows\System\BBkCnJV.exe
  C:\Windows\System\BBkCnJV.exe
  2⤵
  PID:8908
- C:\Windows\System\CVgMIPA.exe
  C:\Windows\System\CVgMIPA.exe
  2⤵
  PID:8928
- C:\Windows\System\uXQWRLp.exe
  C:\Windows\System\uXQWRLp.exe
  2⤵
  PID:8944
- C:\Windows\System\akuyMSB.exe
  C:\Windows\System\akuyMSB.exe
  2⤵
  PID:8960
- C:\Windows\System\LNPcWQz.exe
  C:\Windows\System\LNPcWQz.exe
  2⤵
  PID:8976
- C:\Windows\System\qepfHFx.exe
  C:\Windows\System\qepfHFx.exe
  2⤵
  PID:8992
- C:\Windows\System\ztiFZNy.exe
  C:\Windows\System\ztiFZNy.exe
  2⤵
  PID:9008
- C:\Windows\System\wDGHbuj.exe
  C:\Windows\System\wDGHbuj.exe
  2⤵
  PID:9024
- C:\Windows\System\anJlsAT.exe
  C:\Windows\System\anJlsAT.exe
  2⤵
  PID:9040
- C:\Windows\System\uxfROiW.exe
  C:\Windows\System\uxfROiW.exe
  2⤵
  PID:9056
- C:\Windows\System\FjWwKzk.exe
  C:\Windows\System\FjWwKzk.exe
  2⤵
  PID:9072
- C:\Windows\System\WHazZgw.exe
  C:\Windows\System\WHazZgw.exe
  2⤵
  PID:9088
- C:\Windows\System\gnaRNik.exe
  C:\Windows\System\gnaRNik.exe
  2⤵
  PID:9104
- C:\Windows\System\lhyHiUk.exe
  C:\Windows\System\lhyHiUk.exe
  2⤵
  PID:9120
- C:\Windows\System\ymVtICe.exe
  C:\Windows\System\ymVtICe.exe
  2⤵
  PID:9136
- C:\Windows\System\SyFIWre.exe
  C:\Windows\System\SyFIWre.exe
  2⤵
  PID:9152
- C:\Windows\System\waPZOnk.exe
  C:\Windows\System\waPZOnk.exe
  2⤵
  PID:9168
- C:\Windows\System\FpaXURx.exe
  C:\Windows\System\FpaXURx.exe
  2⤵
  PID:9184
- C:\Windows\System\HNDfSdp.exe
  C:\Windows\System\HNDfSdp.exe
  2⤵
  PID:9204
- C:\Windows\System\ZBCgNpd.exe
  C:\Windows\System\ZBCgNpd.exe
  2⤵
  PID:8020
- C:\Windows\System\BUlZbqv.exe
  C:\Windows\System\BUlZbqv.exe
  2⤵
  PID:7556
- C:\Windows\System\PmxFBsB.exe
  C:\Windows\System\PmxFBsB.exe
  2⤵
  PID:8268
- C:\Windows\System\SJBbybH.exe
  C:\Windows\System\SJBbybH.exe
  2⤵
  PID:8276
- C:\Windows\System\TnjReYh.exe
  C:\Windows\System\TnjReYh.exe
  2⤵
  PID:7456
- C:\Windows\System\ljhAjjm.exe
  C:\Windows\System\ljhAjjm.exe
  2⤵
  PID:8236
- C:\Windows\System\mlYvVAA.exe
  C:\Windows\System\mlYvVAA.exe
  2⤵
  PID:8296
- C:\Windows\System\kXPBKTr.exe
  C:\Windows\System\kXPBKTr.exe
  2⤵
  PID:8308
- C:\Windows\System\dPHGrqZ.exe
  C:\Windows\System\dPHGrqZ.exe
  2⤵
  PID:8348
- C:\Windows\System\xBCilqB.exe
  C:\Windows\System\xBCilqB.exe
  2⤵
  PID:8424
- C:\Windows\System\IzywGUE.exe
  C:\Windows\System\IzywGUE.exe
  2⤵
  PID:8432
- C:\Windows\System\oFkrPkN.exe
  C:\Windows\System\oFkrPkN.exe
  2⤵
  PID:8428
- C:\Windows\System\uobiUYE.exe
  C:\Windows\System\uobiUYE.exe
  2⤵
  PID:8532
- C:\Windows\System\YZQCxbl.exe
  C:\Windows\System\YZQCxbl.exe
  2⤵
  PID:8448
- C:\Windows\System\cjwiCGS.exe
  C:\Windows\System\cjwiCGS.exe
  2⤵
  PID:8520
- C:\Windows\System\WEknGue.exe
  C:\Windows\System\WEknGue.exe
  2⤵
  PID:8588
- C:\Windows\System\GGLwsoL.exe
  C:\Windows\System\GGLwsoL.exe
  2⤵
  PID:8556
- C:\Windows\System\MsMuiwe.exe
  C:\Windows\System\MsMuiwe.exe
  2⤵
  PID:8636
- C:\Windows\System\VmYjfvI.exe
  C:\Windows\System\VmYjfvI.exe
  2⤵
  PID:8672
- C:\Windows\System\cwwZSoZ.exe
  C:\Windows\System\cwwZSoZ.exe
  2⤵
  PID:8576
- C:\Windows\System\AAHzrYo.exe
  C:\Windows\System\AAHzrYo.exe
  2⤵
  PID:8720
- C:\Windows\System\etEYMRQ.exe
  C:\Windows\System\etEYMRQ.exe
  2⤵
  PID:8652
- C:\Windows\System\AVrxPvj.exe
  C:\Windows\System\AVrxPvj.exe
  2⤵
  PID:8716
- C:\Windows\System\fefSUMu.exe
  C:\Windows\System\fefSUMu.exe
  2⤵
  PID:8768
- C:\Windows\System\ECfjkOz.exe
  C:\Windows\System\ECfjkOz.exe
  2⤵
  PID:8808
- C:\Windows\System\WSdtdrB.exe
  C:\Windows\System\WSdtdrB.exe
  2⤵
  PID:8792
- C:\Windows\System\EOyBONX.exe
  C:\Windows\System\EOyBONX.exe
  2⤵
  PID:8856
- C:\Windows\System\IOgKjwM.exe
  C:\Windows\System\IOgKjwM.exe
  2⤵
  PID:8872
- C:\Windows\System\fbMpLyE.exe
  C:\Windows\System\fbMpLyE.exe
  2⤵
  PID:8884
- C:\Windows\System\AsKgnPa.exe
  C:\Windows\System\AsKgnPa.exe
  2⤵
  PID:8896
- C:\Windows\System\HzrNXLG.exe
  C:\Windows\System\HzrNXLG.exe
  2⤵
  PID:8916
- C:\Windows\System\ZPVcHNU.exe
  C:\Windows\System\ZPVcHNU.exe
  2⤵
  PID:8956
- C:\Windows\System\oqgOOSP.exe
  C:\Windows\System\oqgOOSP.exe
  2⤵
  PID:8984
- C:\Windows\System\ZrYjzHs.exe
  C:\Windows\System\ZrYjzHs.exe
  2⤵
  PID:9016
- C:\Windows\System\yLlXeve.exe
  C:\Windows\System\yLlXeve.exe
  2⤵
  PID:9048
- C:\Windows\System\RXzjPCx.exe
  C:\Windows\System\RXzjPCx.exe
  2⤵
  PID:9068
- C:\Windows\System\nmpQQBC.exe
  C:\Windows\System\nmpQQBC.exe
  2⤵
  PID:9144
- C:\Windows\System\CSvtiNi.exe
  C:\Windows\System\CSvtiNi.exe
  2⤵
  PID:9132
- C:\Windows\System\RpcBkoF.exe
  C:\Windows\System\RpcBkoF.exe
  2⤵
  PID:9148
- C:\Windows\System\DAyRvnm.exe
  C:\Windows\System\DAyRvnm.exe
  2⤵
  PID:9196
- C:\Windows\System\SyOgSfc.exe
  C:\Windows\System\SyOgSfc.exe
  2⤵
  PID:7436
- C:\Windows\System\IZWOvQq.exe
  C:\Windows\System\IZWOvQq.exe
  2⤵
  PID:8228
- C:\Windows\System\ZpqpZHa.exe
  C:\Windows\System\ZpqpZHa.exe
  2⤵
  PID:8256
- C:\Windows\System\KXMTOpn.exe
  C:\Windows\System\KXMTOpn.exe
  2⤵
  PID:8232
- C:\Windows\System\qUgPsxg.exe
  C:\Windows\System\qUgPsxg.exe
  2⤵
  PID:8344
- C:\Windows\System\WhDNdxG.exe
  C:\Windows\System\WhDNdxG.exe
  2⤵
  PID:8392
- C:\Windows\System\waFAzWI.exe
  C:\Windows\System\waFAzWI.exe
  2⤵
  PID:8548
- C:\Windows\System\tRcciuB.exe
  C:\Windows\System\tRcciuB.exe
  2⤵
  PID:8544
- C:\Windows\System\YwaUcSM.exe
  C:\Windows\System\YwaUcSM.exe
  2⤵
  PID:8620
- C:\Windows\System\vgWNHDC.exe
  C:\Windows\System\vgWNHDC.exe
  2⤵
  PID:8668
- C:\Windows\System\JkPMpsD.exe
  C:\Windows\System\JkPMpsD.exe
  2⤵
  PID:8756
- C:\Windows\System\RrBAwNx.exe
  C:\Windows\System\RrBAwNx.exe
  2⤵
  PID:8700
- C:\Windows\System\LsZvCrg.exe
  C:\Windows\System\LsZvCrg.exe
  2⤵
  PID:8780
- C:\Windows\System\FJyYaID.exe
  C:\Windows\System\FJyYaID.exe
  2⤵
  PID:1048
- C:\Windows\System\xMdtRXB.exe
  C:\Windows\System\xMdtRXB.exe
  2⤵
  PID:8368
- C:\Windows\System\ToTLfFp.exe
  C:\Windows\System\ToTLfFp.exe
  2⤵
  PID:8924
- C:\Windows\System\DcFKSua.exe
  C:\Windows\System\DcFKSua.exe
  2⤵
  PID:8972
- C:\Windows\System\LBHSnjw.exe
  C:\Windows\System\LBHSnjw.exe
  2⤵
  PID:9032
- C:\Windows\System\kKYniiG.exe
  C:\Windows\System\kKYniiG.exe
  2⤵
  PID:9096
- C:\Windows\System\AxVFavi.exe
  C:\Windows\System\AxVFavi.exe
  2⤵
  PID:9212
- C:\Windows\System\AQGLOJs.exe
  C:\Windows\System\AQGLOJs.exe
  2⤵
  PID:7572
- C:\Windows\System\wpJlytQ.exe
  C:\Windows\System\wpJlytQ.exe
  2⤵
  PID:8292
- C:\Windows\System\YIygsyd.exe
  C:\Windows\System\YIygsyd.exe
  2⤵
  PID:8364
- C:\Windows\System\ZKKuhTE.exe
  C:\Windows\System\ZKKuhTE.exe
  2⤵
  PID:8540
- C:\Windows\System\DQiYFwb.exe
  C:\Windows\System\DQiYFwb.exe
  2⤵
  PID:8608
- C:\Windows\System\Qirsutk.exe
  C:\Windows\System\Qirsutk.exe
  2⤵
  PID:8920
- C:\Windows\System\bQkFXHn.exe
  C:\Windows\System\bQkFXHn.exe
  2⤵
  PID:8684
- C:\Windows\System\VDxdSDz.exe
  C:\Windows\System\VDxdSDz.exe
  2⤵
  PID:8860
- C:\Windows\System\lnxzuUc.exe
  C:\Windows\System\lnxzuUc.exe
  2⤵
  PID:9004
- C:\Windows\System\kzvpcXt.exe
  C:\Windows\System\kzvpcXt.exe
  2⤵
  PID:7416
- C:\Windows\System\sAZyNdp.exe
  C:\Windows\System\sAZyNdp.exe
  2⤵
  PID:8224
- C:\Windows\System\wObYwEx.exe
  C:\Windows\System\wObYwEx.exe
  2⤵
  PID:8504
- C:\Windows\System\FeXmyyB.exe
  C:\Windows\System\FeXmyyB.exe
  2⤵
  PID:8736
- C:\Windows\System\QfrPFsP.exe
  C:\Windows\System\QfrPFsP.exe
  2⤵
  PID:9080
- C:\Windows\System\VQHzTTL.exe
  C:\Windows\System\VQHzTTL.exe
  2⤵
  PID:8560
- C:\Windows\System\jaMscEY.exe
  C:\Windows\System\jaMscEY.exe
  2⤵
  PID:8688
- C:\Windows\System\WtuVcIj.exe
  C:\Windows\System\WtuVcIj.exe
  2⤵
  PID:9200
- C:\Windows\System\CycByIJ.exe
  C:\Windows\System\CycByIJ.exe
  2⤵
  PID:7660
- C:\Windows\System\sJYWszd.exe
  C:\Windows\System\sJYWszd.exe
  2⤵
  PID:8468
- C:\Windows\System\pNJjZJM.exe
  C:\Windows\System\pNJjZJM.exe
  2⤵
  PID:9228
- C:\Windows\System\rdaYxMm.exe
  C:\Windows\System\rdaYxMm.exe
  2⤵
  PID:9244
- C:\Windows\System\MSbuAkf.exe
  C:\Windows\System\MSbuAkf.exe
  2⤵
  PID:9260
- C:\Windows\System\VFSQzUR.exe
  C:\Windows\System\VFSQzUR.exe
  2⤵
  PID:9276
- C:\Windows\System\XDEnrHb.exe
  C:\Windows\System\XDEnrHb.exe
  2⤵
  PID:9292
- C:\Windows\System\CZnmTSa.exe
  C:\Windows\System\CZnmTSa.exe
  2⤵
  PID:9308
- C:\Windows\System\oNIhihE.exe
  C:\Windows\System\oNIhihE.exe
  2⤵
  PID:9324
- C:\Windows\System\cYSbnKE.exe
  C:\Windows\System\cYSbnKE.exe
  2⤵
  PID:9340
- C:\Windows\System\iVLxoyS.exe
  C:\Windows\System\iVLxoyS.exe
  2⤵
  PID:9356
- C:\Windows\System\uwQSzCj.exe
  C:\Windows\System\uwQSzCj.exe
  2⤵
  PID:9372
- C:\Windows\System\vewuSDE.exe
  C:\Windows\System\vewuSDE.exe
  2⤵
  PID:9388
- C:\Windows\System\ipzSand.exe
  C:\Windows\System\ipzSand.exe
  2⤵
  PID:9404
- C:\Windows\System\qYDHkeI.exe
  C:\Windows\System\qYDHkeI.exe
  2⤵
  PID:9420
- C:\Windows\System\MrojSjJ.exe
  C:\Windows\System\MrojSjJ.exe
  2⤵
  PID:9436
- C:\Windows\System\ljigNyN.exe
  C:\Windows\System\ljigNyN.exe
  2⤵
  PID:9452
- C:\Windows\System\NbpemnW.exe
  C:\Windows\System\NbpemnW.exe
  2⤵
  PID:9468
- C:\Windows\System\nnyRDIw.exe
  C:\Windows\System\nnyRDIw.exe
  2⤵
  PID:9484
- C:\Windows\System\djgPNxK.exe
  C:\Windows\System\djgPNxK.exe
  2⤵
  PID:9500
- C:\Windows\System\QRngvvr.exe
  C:\Windows\System\QRngvvr.exe
  2⤵
  PID:9516
- C:\Windows\System\zhWfGsq.exe
  C:\Windows\System\zhWfGsq.exe
  2⤵
  PID:9532
- C:\Windows\System\aFhAwgc.exe
  C:\Windows\System\aFhAwgc.exe
  2⤵
  PID:9548
- C:\Windows\System\cnAMlea.exe
  C:\Windows\System\cnAMlea.exe
  2⤵
  PID:9564
- C:\Windows\System\koxkvQx.exe
  C:\Windows\System\koxkvQx.exe
  2⤵
  PID:9580
- C:\Windows\System\fXWudaL.exe
  C:\Windows\System\fXWudaL.exe
  2⤵
  PID:9600
- C:\Windows\System\dZZsUmf.exe
  C:\Windows\System\dZZsUmf.exe
  2⤵
  PID:9616
- C:\Windows\System\wiWzjpj.exe
  C:\Windows\System\wiWzjpj.exe
  2⤵
  PID:9632
- C:\Windows\System\BMdzmVE.exe
  C:\Windows\System\BMdzmVE.exe
  2⤵
  PID:9648
- C:\Windows\System\hpvySxu.exe
  C:\Windows\System\hpvySxu.exe
  2⤵
  PID:10112
- C:\Windows\System\MnombNL.exe
  C:\Windows\System\MnombNL.exe
  2⤵
  PID:10132
- C:\Windows\System\IGeLsYe.exe
  C:\Windows\System\IGeLsYe.exe
  2⤵
  PID:10152
- C:\Windows\System\IYovvkV.exe
  C:\Windows\System\IYovvkV.exe
  2⤵
  PID:10168
- C:\Windows\System\ZuIwxqb.exe
  C:\Windows\System\ZuIwxqb.exe
  2⤵
  PID:10184
- C:\Windows\System\AGepmap.exe
  C:\Windows\System\AGepmap.exe
  2⤵
  PID:10208
- C:\Windows\System\IapdVuU.exe
  C:\Windows\System\IapdVuU.exe
  2⤵
  PID:10236
- C:\Windows\System\PnXHykQ.exe
  C:\Windows\System\PnXHykQ.exe
  2⤵
  PID:9164
- C:\Windows\System\hgDREHq.exe
  C:\Windows\System\hgDREHq.exe
  2⤵
  PID:9284
- C:\Windows\System\gnuSkdK.exe
  C:\Windows\System\gnuSkdK.exe
  2⤵
  PID:9320
- C:\Windows\System\uGtoXNg.exe
  C:\Windows\System\uGtoXNg.exe
  2⤵
  PID:9380
- C:\Windows\System\jrGqQgD.exe
  C:\Windows\System\jrGqQgD.exe
  2⤵
  PID:9364
- C:\Windows\System\FzEyyuj.exe
  C:\Windows\System\FzEyyuj.exe
  2⤵
  PID:9476
- C:\Windows\System\RdGKKRl.exe
  C:\Windows\System\RdGKKRl.exe
  2⤵
  PID:9400
- C:\Windows\System\izIMTcI.exe
  C:\Windows\System\izIMTcI.exe
  2⤵
  PID:9544
- C:\Windows\System\KaswaTa.exe
  C:\Windows\System\KaswaTa.exe
  2⤵
  PID:9492
- C:\Windows\System\FUpdOYF.exe
  C:\Windows\System\FUpdOYF.exe
  2⤵
  PID:9528
- C:\Windows\System\JiLbnsz.exe
  C:\Windows\System\JiLbnsz.exe
  2⤵
  PID:9644
- C:\Windows\System\rmQeoBN.exe
  C:\Windows\System\rmQeoBN.exe
  2⤵
  PID:9596
- C:\Windows\System\XQXYDSB.exe
  C:\Windows\System\XQXYDSB.exe
  2⤵
  PID:9668
- C:\Windows\System\sGQWeYl.exe
  C:\Windows\System\sGQWeYl.exe
  2⤵
  PID:9684
- C:\Windows\System\jNjiyTh.exe
  C:\Windows\System\jNjiyTh.exe
  2⤵
  PID:9704
- C:\Windows\System\zAKPQbi.exe
  C:\Windows\System\zAKPQbi.exe
  2⤵
  PID:9728
- C:\Windows\System\LXLoWFg.exe
  C:\Windows\System\LXLoWFg.exe
  2⤵
  PID:9752
- C:\Windows\System\xHuQBSD.exe
  C:\Windows\System\xHuQBSD.exe
  2⤵
  PID:9768
- C:\Windows\System\iyNNRfc.exe
  C:\Windows\System\iyNNRfc.exe
  2⤵
  PID:9784
- C:\Windows\System\SDZaNSe.exe
  C:\Windows\System\SDZaNSe.exe
  2⤵
  PID:9804
- C:\Windows\System\ukEdqRF.exe
  C:\Windows\System\ukEdqRF.exe
  2⤵
  PID:9844
- C:\Windows\System\rFjpvbd.exe
  C:\Windows\System\rFjpvbd.exe
  2⤵
  PID:9868
- C:\Windows\System\UhEFwqN.exe
  C:\Windows\System\UhEFwqN.exe
  2⤵
  PID:9880
- C:\Windows\System\YixghhG.exe
  C:\Windows\System\YixghhG.exe
  2⤵
  PID:9896
- C:\Windows\System\HrRfjfA.exe
  C:\Windows\System\HrRfjfA.exe
  2⤵
  PID:9916
- C:\Windows\System\ZbWyglf.exe
  C:\Windows\System\ZbWyglf.exe
  2⤵
  PID:9932
- C:\Windows\System\MJUkhUA.exe
  C:\Windows\System\MJUkhUA.exe
  2⤵
  PID:9960
- C:\Windows\System\HwPKLON.exe
  C:\Windows\System\HwPKLON.exe
  2⤵
  PID:9980
- C:\Windows\System\KinWqxa.exe
  C:\Windows\System\KinWqxa.exe
  2⤵
  PID:10000
- C:\Windows\System\AvSzVWA.exe
  C:\Windows\System\AvSzVWA.exe
  2⤵
  PID:10016
- C:\Windows\System\garrJGW.exe
  C:\Windows\System\garrJGW.exe
  2⤵
  PID:10032
- C:\Windows\System\adBqFAK.exe
  C:\Windows\System\adBqFAK.exe
  2⤵
  PID:10052
- C:\Windows\System\wRcyoCG.exe
  C:\Windows\System\wRcyoCG.exe
  2⤵
  PID:10072
- C:\Windows\System\WBATLhu.exe
  C:\Windows\System\WBATLhu.exe
  2⤵
  PID:10088
- C:\Windows\System\EvjQdoK.exe
  C:\Windows\System\EvjQdoK.exe
  2⤵
  PID:9660
- C:\Windows\System\hibBlVU.exe
  C:\Windows\System\hibBlVU.exe
  2⤵
  PID:10140
- C:\Windows\System\FfQwNBF.exe
  C:\Windows\System\FfQwNBF.exe
  2⤵
  PID:10204
- C:\Windows\System\YHVOdOj.exe
  C:\Windows\System\YHVOdOj.exe
  2⤵
  PID:10216
- C:\Windows\System\mEMojoi.exe
  C:\Windows\System\mEMojoi.exe
  2⤵
  PID:10232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\Buwaenz.exe

Filesize
6.0MB

MD5
ae7c8d7c8c05a513f0092859e996cdba

SHA1
a6cd3de68a78b49dfac6605e24957cb82af4180b

SHA256
c3082ce1cd5942d7f1a04a0d0304ded22ede41b7da15109b7712b9b7c988faea

SHA512
db481b19bb8a052c0889c6deaf0bc70deaf1f7907ac66366fa51b7e11fe607c527ee80a5cdf573394106480785da54e9adb551a3b0d069cd2832690dfd6ebd79

Download Submit
C:\Windows\system\DJamuoF.exe

Filesize
6.0MB

MD5
dada5869d2d8e1dcf77bdeccf9b12e72

SHA1
661ba8cbe4caa32c99ade8e9cfe77fd638e4c569

SHA256
f19868327b7a505958205e37355fd0cebb29d5ca6551f2743202a8727eb79eec

SHA512
fe818edaa01fd7fe9bd5e818d6b38cfe8dc32a7a390ea1d95d03de7f5765019e961b18531ad69f8d1a2ab9d08f66182d8ee36ce0557abf3b55aca4e3ccfe19a6

Download Submit
C:\Windows\system\JWkhLCy.exe

Filesize
6.0MB

MD5
94ee324baede23f1fd441ce334b600d2

SHA1
4a401b2fa187ae9e8dd02346f947b66fff7e578e

SHA256
b3d1b0da854df5da021b291ef3283777a3a9be0c8e5b6f34181ff5f9a3293df2

SHA512
a4e3019235a2d3aed5389ce427ea312d48d982b7dfcd2ab687a6283be052b57d05550346f36a86438f86783fc0795df264fc9c656d38d037c29ab7d70896a776

Download Submit
C:\Windows\system\McGVaiP.exe

Filesize
6.0MB

MD5
515e2f2b90d6312c09929fd61f5bf888

SHA1
b922474a89af53b221c7fff275338ffae2657f3d

SHA256
87094cd84aa23c34f61c2acb53d48269aa6b243484ee44b51355877f3e898a1d

SHA512
4083a6684ef72d2732b183bdbe5ea08a0da31ebe65b41a71e4bca4bb54693f3b8e8e4fa838ca6e3efff6783f85aac580c18391bc19f3889a291123dbe95d67ed

Download Submit
C:\Windows\system\NHpqpTW.exe

Filesize
6.0MB

MD5
8c2d06f2b467a1c016b892fa00811e18

SHA1
99f3516d83adf6bc3d93fa35b5927ac6fe82a8ce

SHA256
cdeb3b3a82147bc5e0928dbcd777b091f1ebbfa663cc4e8ef318c440f584c45a

SHA512
c137d0f4a6f61db21f21359e75138ee7ebfe60f9f3a31be8572deb9b45ce24f0e304f55d2bdd249c93920814f247e64949be4c903bfb65e8f2deac1425deccca

Download Submit
C:\Windows\system\SQIKBRv.exe

Filesize
6.0MB

MD5
deeba6240f1fdec6cf607dad2e757caf

SHA1
6de26644103108d694473ceb7ebf77330a7f18a0

SHA256
59849db2ea0c800026ed3a378eaed402889e62ca8c23a88cd5ddd5e6fb3803f7

SHA512
f57c69c0d3bbfca45729f2017db85136f0ff09bd30620bcf9f24492b594cf98ca3b08ea41f1098f8dcac567553021809ef63c81915438f28a9fcae2361b01894

Download Submit
C:\Windows\system\TsyATPC.exe

Filesize
6.0MB

MD5
046a93669f238319f3b77c9996c5bd0d

SHA1
766ad12108717b09013abab11da4f242471879a1

SHA256
1784ce9d8bbb975b5f973350e2bf916d5ff5efdd2952e292ca21fc5691028813

SHA512
6008156a3de7c88916d24ff7601f164bd562018e73097abff967d996a2454911ec23a159414919522bfe6fb9d10d0bd4bb24cd045c465b864f008da1c2b0bcd8

Download Submit
C:\Windows\system\VUTupWQ.exe

Filesize
6.0MB

MD5
681de94048890755bd1712be4afc4b6d

SHA1
282a9c753639f9ab1f675d4d8a4ed7e939ee0853

SHA256
764c9a7b0ba61a1b359c39f7cd388d4fb81e1b2be8aad2668740bca1839c151c

SHA512
329e46a10f10193f3cd76a0458f7de5f4ed814c3dff05663d47f39a6ce9344eb7d3fb6d4e3cd7d8caa4c450992416876ec21958eb1d8bf2dc8916ea492d42204

Download Submit
C:\Windows\system\XzAJzLo.exe

Filesize
6.0MB

MD5
2b068904a142b85e7d9355aceca85000

SHA1
cd8d910ad5f85650466f07536f4b6766aaa1e611

SHA256
25aebe0e88a6c5a0b8120126e58caad0d200660b84cbc67c0b6a58b70a9015af

SHA512
66c88749e935ec7cf50fcd50ec596695554e2bb819636e53946ccf0d97d5a7c35c3bd88e99d8041b232f16bfebfb6f57618cab095d99d7ee3b294f4ef407b51b

Download Submit
C:\Windows\system\YDdfJiy.exe

Filesize
6.0MB

MD5
0a011e752daee4491ad4d822d12c1322

SHA1
b54caa1613c4fd5b7b664878edef16179cbe4116

SHA256
baa7229ee19da1680dd9f95aebd7a4f74f2a04c254870dfff580ac9cd45224a4

SHA512
5e004861b83016c7d7f0ae3ee4fcda019ad4294c07c03ba11c726e9b97b905c87ca4219bea35b251d436180c8e038197bb25b10e411cf2d346f79b5b811b602a

Download Submit
C:\Windows\system\ZMvIQKJ.exe

Filesize
6.0MB

MD5
6e451e835eeded2fcd8d28f71fadb5ca

SHA1
3de933753e599758f5a59bd2e6126cd5687f4683

SHA256
b6ea0ee06a6b9379528bf9a5bebf0fc4ec362c72ee3bba728e91f41d59a0c7c7

SHA512
03cf7983977df3fb932eff488a763ff861b390019d534db73f57be11b6c1ee8d5a3178c6bb8d673ba16ac6d8119fe2bc8f233316d59e6791b25d36890efc4f56

Download Submit
C:\Windows\system\ZWBmVGQ.exe

Filesize
6.0MB

MD5
3bd3a174c3b37b77e0c32300d76360f1

SHA1
e303e7e3adfec0f7c919b87e8cad16b3cc914163

SHA256
13d6598d86022f3caf38957583ab648dbd66adb5402c20205fd61aed959d4113

SHA512
50f58c556d08949c505c23f78a56d7570cecb5d2a78abe4049d26ca2ab72fa37b698d9de22e6e6ac9be5accf6314accbcb4b007bbf0299af9a62edb06f7c6bdd

Download Submit
C:\Windows\system\ZvSRUWv.exe

Filesize
6.0MB

MD5
e28deb7993034922de3e286dbf931f34

SHA1
18bc51aac974fc53b23e98fe8093b35bcd2f9b74

SHA256
a755b329b220fcf931a8d1d01912fd7be5f677ae62b1dad5233a89312418e017

SHA512
804797d84643399d40a2d110a2f711f8a9a661f282676f09d2f0ba0570405a5f53250258489455f4b8a0d5e11e54fb499bfcaa690f27612509814b9991539a28

Download Submit
C:\Windows\system\aJlWknH.exe

Filesize
6.0MB

MD5
28c8e94598340b26984c16989259c69d

SHA1
4f7f62172cb4226370c172f3625773cdf4141998

SHA256
bb34afc7fa19f9a4fc14c5c671d18afe5a740a7e4dc2000a3046ed389f81b836

SHA512
5fb56e7390aaf48cc5c4803b9681f9d2a26e08999dc1f7284ce25ca6f2c65868270b893a7c5c9c3b66977c131965ae2c6a53534cbe804bd9a7bae4892999143f

Download Submit
C:\Windows\system\fHuKANk.exe

Filesize
6.0MB

MD5
6ad566c8266566546e3548c3476d7433

SHA1
22f9a454ea13b59741aab89c1d9a449cc46bd170

SHA256
bd455a33c5efd52116d54126b1ffa9ce42da754cba1b3cdb8a5a9e7b5be98445

SHA512
717ae88829cd9840bb1b5782c37a2d0abf8a937dc77430bf1801743313dd02505cbb0d3022cf954bc2cffc399ae5461c2452df40728da4f49c9c47da3bc1bab8

Download Submit
C:\Windows\system\fLSJoUW.exe

Filesize
6.0MB

MD5
9871f237a68c9d7622839da8c7008196

SHA1
147d3ea8b04666aa1e4cbf91a3f92b02379e42cd

SHA256
7b44ae8e5cad4ed858ae9b9c082ea6c60ca68bd47f33e60c4e478c23a2578fee

SHA512
a8320e17ddf51349ee652353ceeb21824fb8c7e165f23c5e730515d6c49fbea8902efb448ec1ea66c1775b8df1f324bf2e9beac2ba189d2d9a1b5ebbac9b5c93

Download Submit
C:\Windows\system\fxPzGdB.exe

Filesize
6.0MB

MD5
2c159988bbe03a47d8b8bccea17d4abb

SHA1
13a91a4754c62a496cff3901e69da4a8373a8646

SHA256
c106110bc4224377180b3af95014b36947f5792926b814544d1277b7fdc52978

SHA512
0de508242b5aceb8c3342e951a04cfcaa365bdb60510c45f55eb75ce2e8242d9002d833ca6ad29cb6823f9fe1394b7cd4ed515c2633d3495049f456436c833d1

Download Submit
C:\Windows\system\gcTaJJc.exe

Filesize
6.0MB

MD5
2632226b3e92be11e53a4b6395a3017e

SHA1
817ce743346bb63ea08f3a366357589630760da8

SHA256
c87a637aaab8eb951db4c36fb5250d2d63070bfef7745c48591392cd1c5e9e02

SHA512
0659c0bb679311d2d176fa48b75c596ee5868c66bb0a0c0ae451d16b2708de30d5ca1bb39fecb379e2a7fcc069170cae03ce1e1928c0ca1c3953b9009770a779

Download Submit
C:\Windows\system\jzVvDjJ.exe

Filesize
6.0MB

MD5
393363b5bc26e02768fa65f9235df32b

SHA1
96301fbda67233935945d4eb80d445eb1f228317

SHA256
99621b0b537eb8e76180e4df391cb78b63c6931cf961dd661435b63d5f4b644f

SHA512
66b380b092fd29b634ca2edda05ef2e53ced7f364b61a7611f85406d1afd0c08cf6687b1bbd947d43bdcc7d91bf1be3d5a01491ac27aad3523104f80197b9e5a

Download Submit
C:\Windows\system\lLCuuew.exe

Filesize
6.0MB

MD5
19c626f8e01e4648f68ade52504c4102

SHA1
fc9c958b7060852bb31f365a151d6d30a6d50d9a

SHA256
436cd048ca883966e26334aaf42a6fa0025e1aa9f3ab6a86f797881406a54cbe

SHA512
b15f1c9b5a81de34ca4bb07ea1857accf0ed6e5182f44d10028f387d241d3d97d69337a238c54877e6d100ca99a4c549d966f538c8ef45478d26c5616a31694e

Download Submit
C:\Windows\system\lsytFBa.exe

Filesize
6.0MB

MD5
6dfae3d4877eb61a4bfcfb80f17a1899

SHA1
2bc1f5e621fefa6d3670668a594083d56d184f4a

SHA256
870eb8c192e390079326e9757a42a227c1f356cdc9dbc812814eb36e86b782de

SHA512
1877cd21eec45d23d29243e02c1010bb8e9e4d15fab653d716b725d8159a2344743076fcb169ea7f34612b58eae27b5e8bf135f2a4898fd02c0fd92e0b39ce9e

Download Submit
C:\Windows\system\meWpOVW.exe

Filesize
6.0MB

MD5
0f5b2cfcc3d08a5b06b582c4b39c3206

SHA1
ac6d1da47136224fc0f6c7a4a62acd25849a4968

SHA256
16a274f003e06dc2243492ca32efd40881363087bc3ff9384a1494200a8dc6ec

SHA512
f15fff3c27d6125437d53ec34e848fa4e4c9d069dbe9b14c9f44843f4e141630f4c5f582ff75bb0830ea87a40178bb2b3ea0e7d6a3551091619f891c2cf3e914

Download Submit
C:\Windows\system\nGkMJCa.exe

Filesize
6.0MB

MD5
c9e488beee09ed424365a500c1635adb

SHA1
54d15cf233a2e620c4ba346be90a176c0e73dd1f

SHA256
d24d5f9a9b0ecf36521d55c0d0548298cbb6bf0594e71c54f4e608f4a6f3fe18

SHA512
1a8c620f2d5498fa9a33a66b60d0dd30373e7f58fea2b433606c14b6498c6c327c8fcf84c067e73dd526d257e9e624adefe3e06cf0e0c59548d74424da607c70

Download Submit
C:\Windows\system\nyZhvJE.exe

Filesize
6.0MB

MD5
597293afd45592401e55cf23ce2febc3

SHA1
9501a8bb23b3105010fbe3395907c6e1d9590719

SHA256
06a7497230ecc030ae0598f5454e7bcc4a452ca94f8bfd5087a5d1fb6fa4b2b4

SHA512
98392d18bdd117e8d7e7b5f9c2f4a656150348bd87f55213624a43b929575bfcd3385de751752075b4e8d4f293a285650131bae4eac68a9a9a2f6ac0a86da25c

Download Submit
C:\Windows\system\onUdhiL.exe

Filesize
6.0MB

MD5
6d214fc24cda34c7db27b44e4b755f3b

SHA1
d9f78fbc6a7885bf3ad59fdbacc6cad3f8ed4aad

SHA256
a29790e0655d005c098aff4299d10f7bf9f96fcf13f5c1fc88d6f2ed4cb3f4ca

SHA512
2c55d2113f39de421361bf53bdd2580891f0af0d8b254da25701243b41e38eada29fc249589f8e54c648cf65b9d52f4899bd6d23f00d8fb99800e71065b82513

Download Submit
C:\Windows\system\pfggdYs.exe

Filesize
6.0MB

MD5
dad569852aa538112e9a2470bccf7932

SHA1
cbc6801ee5e2772aa35df5e70c4f93ffb6a888d7

SHA256
4a2203e358ff1bc5fcd07cc60d0ad1885e4ceb2fa7f250f7b3ffbfb93680e8b4

SHA512
931b2c8898183085c5468da7669195c2ab50164af7be4862f5a97bf4782f06fcf6866a4f67619f3dfb3ba6f89045dca2bd38f2807ca14b0955db5517219b38e8

Download Submit
C:\Windows\system\vKUNrUh.exe

Filesize
6.0MB

MD5
98ce269dc16618442bb78157c7a87383

SHA1
59d465b60a903cf4e1a19cda04ee1fd6f9df0f1c

SHA256
0960a59ee3ad6b7e443d52f227159dc428311e96007e4228b02cfe44905c283e

SHA512
b1f1bb8c02c575a0b67790329f366748e167157e748eb8ac91ee73134e35e3fbb76bd30fd71a1f432c132e4d645b378ffe15bef3a34fc2e8a34417c370125930

Download Submit
C:\Windows\system\voxKdBk.exe

Filesize
6.0MB

MD5
cefee9c6b4abd74c80c9c15f9ff774ee

SHA1
cc3644041b0fb509552066725e80cffcf12905fa

SHA256
d9cf742e707343dc3aeeb1010681d2c90932b9fea2add819a59457118e987555

SHA512
5d51b24bbeea08052b83042affe9518467d4acbd2e91e99f74e7249c2a69161784636dfcbd9ffef956a373958bd2c94a8766fde965eec9cd6990ef5b344c1b84

Download Submit
C:\Windows\system\wyPwMpe.exe

Filesize
6.0MB

MD5
66071c0b41e1655924ff277e065abf85

SHA1
f81897e83c93ea3d79cb7e589f3f85eaae40cc2a

SHA256
59a6ecf69a10c7c21a1da3812bad5cdd42507717e15139dd916bc3a03e5e49c5

SHA512
d46d90e1336b941a2a8486422d803fab945be6ac6ce2bb1af981b7e0d848c474bf29d31aa73c29f6c0aa52f9c2f9b55f56e8ea3dcd2c40a5be640ba0655c6e42

Download Submit
\Windows\system\FUkmdrM.exe

Filesize
6.0MB

MD5
deffe65e3b94fe20cecd08fe96b39ce5

SHA1
e21f7a3d1ab083d886e1b4a2d303cd82842dfee4

SHA256
8c2a0f1465adc59d3bba3bee5deb2a06a2b885595a7155e766aa3140f1fb8be7

SHA512
839278b5f37e07b152ad96f69978a235f1fc5a966ebd6e200b2080fbb926fe1a5e953222316374aa098b02daf9d75274afce582037d02ef0fefcd2fbdecd727b

Download Submit
\Windows\system\KaOIgKm.exe

Filesize
6.0MB

MD5
344ef5b9cc9717affa8652af32cfa65e

SHA1
282b7803b83f848abbaa01772ade7c6025ff85f9

SHA256
03bb2d1cd4a4aebd35f05d3878129cad3acd6ff9adbc7d7a4bbb2487b00c121a

SHA512
e97a7c21ced6c36431049d5474c0200824aa2bb94ed36f685a9c3db61417f4873d48adc1443235e77b19a63085909af0aa352027dfc4ca2b370f5dc6e20a66fe

Download Submit
\Windows\system\yChYyJs.exe

Filesize
6.0MB

MD5
88c492b67121309debb3570b69f3e198

SHA1
2e87cfe8d754b486387a3622bf4e8514acc7c5b0

SHA256
9b488ca278106aa4d198853eb97de60e51d359ccee7a68d711342be5c9503762

SHA512
62cffc612a5899025b252937048ffc86089f87efeb8eb3d27c74da52577c0ba3b9b901e6915a285cde3b8deb7fe080c8ae7a7762739d8787afd2a0af0a760626

Download Submit
memory/576-50-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/576-67-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/576-435-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/576-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/576-369-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/576-36-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/576-219-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/576-13-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/576-0-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/576-76-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/576-64-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/576-243-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/576-21-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/576-10-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/576-88-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/576-108-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/576-107-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/576-90-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/576-97-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/576-25-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/876-1122-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/876-77-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1348-101-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1348-1127-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1636-1124-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1636-95-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1636-244-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2184-89-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-1125-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-1123-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-69-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-189-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-66-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2620-1120-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2752-61-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1121-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2768-1116-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-37-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-1126-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2832-15-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1117-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2848-16-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2852-1118-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2852-53-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2852-100-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2864-78-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2864-1119-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2864-29-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2904-91-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-42-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1114-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-23-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1115-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download