cobaltstrike | 0e73089af48a73c253604b5fc82d1bc43c2b27ba47e2297005b91370fa766979

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-11-2024 02:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8e43a42570a69cd9bfacd68c581f6220
SHA1

9bc7969811aa599eabb231c66d37a3c9b86504ef
SHA256

0e73089af48a73c253604b5fc82d1bc43c2b27ba47e2297005b91370fa766979
SHA512

1419b74156001432540e83429e158fca23a6fae7c8df9cc284f525c17fa927d2dcca7c2a990b26a514c623a41a501cfaead1f32de03578b490ea4a55590e27e6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU2:T+q56utgpPF8u/72

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000e000000013a51-3.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186f2-8.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186f8-20.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018731-23.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001878c-34.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019438-44.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019456-49.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019496-62.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-74.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952f-92.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e6-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963b-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962b-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-130.dat	cobalt_reflective_dll
behavioral1/files/0x001700000001866f-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019506-89.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194fc-84.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-79.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019467-59.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-54.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018bf3-40.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018742-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2416-0-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x000e000000013a51-3.dat	xmrig
behavioral1/memory/1592-11-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/files/0x00060000000186f2-8.dat	xmrig
behavioral1/memory/2940-15-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x00060000000186f8-20.dat	xmrig
behavioral1/memory/2820-22-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/files/0x0006000000018731-23.dat	xmrig
behavioral1/files/0x000700000001878c-34.dat	xmrig
behavioral1/files/0x0007000000019438-44.dat	xmrig
behavioral1/files/0x0005000000019456-49.dat	xmrig
behavioral1/files/0x0005000000019496-62.dat	xmrig
behavioral1/files/0x00050000000194d0-74.dat	xmrig
behavioral1/files/0x000500000001952f-92.dat	xmrig
behavioral1/files/0x00050000000195e6-109.dat	xmrig
behavioral1/files/0x000500000001961d-115.dat	xmrig
behavioral1/files/0x000500000001961f-124.dat	xmrig
behavioral1/files/0x0005000000019622-135.dat	xmrig
behavioral1/files/0x0005000000019625-143.dat	xmrig
behavioral1/files/0x000500000001963b-158.dat	xmrig
behavioral1/memory/2532-749-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2608-757-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/3008-803-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2588-734-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2644-723-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2416-711-0x0000000002490000-0x00000000027E4000-memory.dmp	xmrig
behavioral1/memory/2812-710-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2416-1364-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2416-2354-0x0000000002490000-0x00000000027E4000-memory.dmp	xmrig
behavioral1/memory/2416-2355-0x0000000002490000-0x00000000027E4000-memory.dmp	xmrig
behavioral1/memory/2416-2359-0x0000000002490000-0x00000000027E4000-memory.dmp	xmrig
behavioral1/memory/2416-2362-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2416-2356-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2940-1827-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/1592-1609-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2716-701-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2852-690-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2748-673-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2696-650-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2416-625-0x0000000002490000-0x00000000027E4000-memory.dmp	xmrig
behavioral1/memory/3012-621-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2416-614-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x000500000001962b-154.dat	xmrig
behavioral1/files/0x0005000000019629-151.dat	xmrig
behavioral1/files/0x0005000000019627-146.dat	xmrig
behavioral1/files/0x0005000000019623-139.dat	xmrig
behavioral1/files/0x0005000000019621-130.dat	xmrig
behavioral1/files/0x001700000001866f-120.dat	xmrig
behavioral1/files/0x00050000000195a7-104.dat	xmrig
behavioral1/files/0x000500000001957e-99.dat	xmrig
behavioral1/files/0x0005000000019506-89.dat	xmrig
behavioral1/files/0x00050000000194fc-84.dat	xmrig
behavioral1/files/0x00050000000194ef-79.dat	xmrig
behavioral1/files/0x00050000000194ad-69.dat	xmrig
behavioral1/files/0x0005000000019467-59.dat	xmrig
behavioral1/files/0x000500000001945c-54.dat	xmrig
behavioral1/files/0x0007000000018bf3-40.dat	xmrig
behavioral1/files/0x0006000000018742-30.dat	xmrig
behavioral1/memory/2940-4048-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/1592-4049-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2820-4050-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2812-4070-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2852-4069-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2716-4068-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1592	TVexPNF.exe
2940	FCugyCE.exe
2820	KbCDDgp.exe
3008	ZLZDXvh.exe
3012	TFNHgrp.exe
2696	uGXgrnZ.exe
2748	ZlCEGyd.exe
2852	VDbcgno.exe
2716	vNbDrfW.exe
2812	YVLheyk.exe
2644	GCwKdVM.exe
2588	rwqsplf.exe
2532	JCIyROs.exe
2608	NPAbNim.exe
2964	aPWguHs.exe
2932	uaeIhgd.exe
1660	ucTmVaL.exe
324	nTPqKOj.exe
2312	BUqWlZK.exe
2268	niRtqNM.exe
1604	DHgWLvX.exe
112	befiAvF.exe
1860	CjCueXv.exe
1568	TKEDLui.exe
2040	qfXPaZn.exe
2212	ydrjcuW.exe
2828	IAOWqox.exe
2376	mZWPvIw.exe
408	wReZIDL.exe
1188	cLMmntk.exe
1192	HfjwXow.exe
1616	QeZcsWz.exe
684	MSDQNaM.exe
1924	sJwmnWw.exe
1648	ZcPHuto.exe
1632	LqqhaCd.exe
1652	WzSsSgp.exe
932	vHyXDTD.exe
1264	xMtLktK.exe
620	ClugAgO.exe
2868	DQXnqyw.exe
2976	ruoTvZj.exe
1732	LqDGFiA.exe
788	JoNyeHZ.exe
844	zZpUvoQ.exe
2432	VBvVMqa.exe
1124	unzeHfW.exe
2292	ufmqrPi.exe
2816	VOhJpmt.exe
1408	PyMXwMr.exe
2840	SJDDBAu.exe
2832	QDcOUoF.exe
2972	XGsMhvD.exe
1736	QUAoxvp.exe
1016	wVnDqYA.exe
2116	yKBrwpQ.exe
1872	PcLTtUx.exe
1968	mtxWljv.exe
2132	FpiLOXw.exe
2144	xytRIrf.exe
1500	FDSjGuX.exe
1644	DMcehaL.exe
2088	WkhaJXs.exe
3016	JpUcSwM.exe

Loads dropped DLL 64 IoCs

pid	Process
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2416-0-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x000e000000013a51-3.dat	upx
behavioral1/memory/1592-11-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/files/0x00060000000186f2-8.dat	upx
behavioral1/memory/2940-15-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x00060000000186f8-20.dat	upx
behavioral1/memory/2820-22-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/files/0x0006000000018731-23.dat	upx
behavioral1/files/0x000700000001878c-34.dat	upx
behavioral1/files/0x0007000000019438-44.dat	upx
behavioral1/files/0x0005000000019456-49.dat	upx
behavioral1/files/0x0005000000019496-62.dat	upx
behavioral1/files/0x00050000000194d0-74.dat	upx
behavioral1/files/0x000500000001952f-92.dat	upx
behavioral1/files/0x00050000000195e6-109.dat	upx
behavioral1/files/0x000500000001961d-115.dat	upx
behavioral1/files/0x000500000001961f-124.dat	upx
behavioral1/files/0x0005000000019622-135.dat	upx
behavioral1/files/0x0005000000019625-143.dat	upx
behavioral1/files/0x000500000001963b-158.dat	upx
behavioral1/memory/2532-749-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2608-757-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/3008-803-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2588-734-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2644-723-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2812-710-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2416-1364-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2940-1827-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/1592-1609-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2716-701-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2852-690-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2748-673-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2696-650-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/3012-621-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x000500000001962b-154.dat	upx
behavioral1/files/0x0005000000019629-151.dat	upx
behavioral1/files/0x0005000000019627-146.dat	upx
behavioral1/files/0x0005000000019623-139.dat	upx
behavioral1/files/0x0005000000019621-130.dat	upx
behavioral1/files/0x001700000001866f-120.dat	upx
behavioral1/files/0x00050000000195a7-104.dat	upx
behavioral1/files/0x000500000001957e-99.dat	upx
behavioral1/files/0x0005000000019506-89.dat	upx
behavioral1/files/0x00050000000194fc-84.dat	upx
behavioral1/files/0x00050000000194ef-79.dat	upx
behavioral1/files/0x00050000000194ad-69.dat	upx
behavioral1/files/0x0005000000019467-59.dat	upx
behavioral1/files/0x000500000001945c-54.dat	upx
behavioral1/files/0x0007000000018bf3-40.dat	upx
behavioral1/files/0x0006000000018742-30.dat	upx
behavioral1/memory/2940-4048-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/1592-4049-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2820-4050-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2812-4070-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2852-4069-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2716-4068-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2644-4071-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2608-4073-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2748-4072-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2532-4074-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/3012-4075-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\Aqvvhue.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGLBtSA.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBHSebE.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGGVLMu.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GozNNYR.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGqCBfj.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vofVjrP.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NtkhWAD.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTEcgIG.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\slWgtTT.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGBZmEK.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZyzBMVc.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vRZGJQY.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fCnrRoI.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMzYviQ.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EZPDVTp.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ixszXHP.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iJZKqOx.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bPEtxSL.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFLiisc.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FoKOiAu.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nfEVLbC.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jxjVLKP.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gYvUIMV.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UylKVlZ.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WyBlAJY.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XjNdJOL.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EAMlUde.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VbJwuIr.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WSoxUzl.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gRGLfZI.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtGaSIg.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fBCQnPW.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Egchzfk.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nAmsICd.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FCugyCE.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OvBAXOI.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\luPsvPu.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PWsvewc.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLCLxum.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qoTFbWt.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FPzBLZd.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CQduQFw.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iNItBwQ.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dObYPyN.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVrUgGm.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NgjXjzI.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FlhBPON.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SJOEdKI.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtOFUMf.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UZdVFXW.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\niRtqNM.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qruyXQN.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjjYGqv.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zVRGweh.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHHJsaA.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPHoWmo.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ggaiDNt.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\leEKlGE.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GXeUNVw.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ymGJXob.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IDOKsre.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfJsEtb.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mUkFeKy.exe	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 1592	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2416 wrote to memory of 1592	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2416 wrote to memory of 1592	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2416 wrote to memory of 2940	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2416 wrote to memory of 2940	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2416 wrote to memory of 2940	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2416 wrote to memory of 2820	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2416 wrote to memory of 2820	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2416 wrote to memory of 2820	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2416 wrote to memory of 3008	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2416 wrote to memory of 3008	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2416 wrote to memory of 3008	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2416 wrote to memory of 3012	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2416 wrote to memory of 3012	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2416 wrote to memory of 3012	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2416 wrote to memory of 2696	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2416 wrote to memory of 2696	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2416 wrote to memory of 2696	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2416 wrote to memory of 2748	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2416 wrote to memory of 2748	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2416 wrote to memory of 2748	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2416 wrote to memory of 2852	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2416 wrote to memory of 2852	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2416 wrote to memory of 2852	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2416 wrote to memory of 2716	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2416 wrote to memory of 2716	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2416 wrote to memory of 2716	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2416 wrote to memory of 2812	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2416 wrote to memory of 2812	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2416 wrote to memory of 2812	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2416 wrote to memory of 2644	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2416 wrote to memory of 2644	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2416 wrote to memory of 2644	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2416 wrote to memory of 2588	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2416 wrote to memory of 2588	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2416 wrote to memory of 2588	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2416 wrote to memory of 2532	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2416 wrote to memory of 2532	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2416 wrote to memory of 2532	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2416 wrote to memory of 2608	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2416 wrote to memory of 2608	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2416 wrote to memory of 2608	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2416 wrote to memory of 2964	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2416 wrote to memory of 2964	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2416 wrote to memory of 2964	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2416 wrote to memory of 2932	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2416 wrote to memory of 2932	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2416 wrote to memory of 2932	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2416 wrote to memory of 1660	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2416 wrote to memory of 1660	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2416 wrote to memory of 1660	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2416 wrote to memory of 324	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2416 wrote to memory of 324	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2416 wrote to memory of 324	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2416 wrote to memory of 2312	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2416 wrote to memory of 2312	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2416 wrote to memory of 2312	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2416 wrote to memory of 2268	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2416 wrote to memory of 2268	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2416 wrote to memory of 2268	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2416 wrote to memory of 1604	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2416 wrote to memory of 1604	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2416 wrote to memory of 1604	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2416 wrote to memory of 112	2416	2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-17_8e43a42570a69cd9bfacd68c581f6220_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\System\TVexPNF.exe
  C:\Windows\System\TVexPNF.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\FCugyCE.exe
  C:\Windows\System\FCugyCE.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\KbCDDgp.exe
  C:\Windows\System\KbCDDgp.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\ZLZDXvh.exe
  C:\Windows\System\ZLZDXvh.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\TFNHgrp.exe
  C:\Windows\System\TFNHgrp.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\uGXgrnZ.exe
  C:\Windows\System\uGXgrnZ.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\ZlCEGyd.exe
  C:\Windows\System\ZlCEGyd.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\VDbcgno.exe
  C:\Windows\System\VDbcgno.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\vNbDrfW.exe
  C:\Windows\System\vNbDrfW.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\YVLheyk.exe
  C:\Windows\System\YVLheyk.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\GCwKdVM.exe
  C:\Windows\System\GCwKdVM.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\rwqsplf.exe
  C:\Windows\System\rwqsplf.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\JCIyROs.exe
  C:\Windows\System\JCIyROs.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\NPAbNim.exe
  C:\Windows\System\NPAbNim.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\aPWguHs.exe
  C:\Windows\System\aPWguHs.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\uaeIhgd.exe
  C:\Windows\System\uaeIhgd.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\ucTmVaL.exe
  C:\Windows\System\ucTmVaL.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\nTPqKOj.exe
  C:\Windows\System\nTPqKOj.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\BUqWlZK.exe
  C:\Windows\System\BUqWlZK.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\niRtqNM.exe
  C:\Windows\System\niRtqNM.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\DHgWLvX.exe
  C:\Windows\System\DHgWLvX.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\befiAvF.exe
  C:\Windows\System\befiAvF.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\CjCueXv.exe
  C:\Windows\System\CjCueXv.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\TKEDLui.exe
  C:\Windows\System\TKEDLui.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\qfXPaZn.exe
  C:\Windows\System\qfXPaZn.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\ydrjcuW.exe
  C:\Windows\System\ydrjcuW.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\IAOWqox.exe
  C:\Windows\System\IAOWqox.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\mZWPvIw.exe
  C:\Windows\System\mZWPvIw.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\wReZIDL.exe
  C:\Windows\System\wReZIDL.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\cLMmntk.exe
  C:\Windows\System\cLMmntk.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\HfjwXow.exe
  C:\Windows\System\HfjwXow.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\QeZcsWz.exe
  C:\Windows\System\QeZcsWz.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\MSDQNaM.exe
  C:\Windows\System\MSDQNaM.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\sJwmnWw.exe
  C:\Windows\System\sJwmnWw.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\ZcPHuto.exe
  C:\Windows\System\ZcPHuto.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\LqqhaCd.exe
  C:\Windows\System\LqqhaCd.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\WzSsSgp.exe
  C:\Windows\System\WzSsSgp.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\vHyXDTD.exe
  C:\Windows\System\vHyXDTD.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\xMtLktK.exe
  C:\Windows\System\xMtLktK.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\ClugAgO.exe
  C:\Windows\System\ClugAgO.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\DQXnqyw.exe
  C:\Windows\System\DQXnqyw.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\ruoTvZj.exe
  C:\Windows\System\ruoTvZj.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\LqDGFiA.exe
  C:\Windows\System\LqDGFiA.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\JoNyeHZ.exe
  C:\Windows\System\JoNyeHZ.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\zZpUvoQ.exe
  C:\Windows\System\zZpUvoQ.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\VBvVMqa.exe
  C:\Windows\System\VBvVMqa.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\unzeHfW.exe
  C:\Windows\System\unzeHfW.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\ufmqrPi.exe
  C:\Windows\System\ufmqrPi.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\VOhJpmt.exe
  C:\Windows\System\VOhJpmt.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\PyMXwMr.exe
  C:\Windows\System\PyMXwMr.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\SJDDBAu.exe
  C:\Windows\System\SJDDBAu.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\QDcOUoF.exe
  C:\Windows\System\QDcOUoF.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\XGsMhvD.exe
  C:\Windows\System\XGsMhvD.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\QUAoxvp.exe
  C:\Windows\System\QUAoxvp.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\wVnDqYA.exe
  C:\Windows\System\wVnDqYA.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\yKBrwpQ.exe
  C:\Windows\System\yKBrwpQ.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\PcLTtUx.exe
  C:\Windows\System\PcLTtUx.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\mtxWljv.exe
  C:\Windows\System\mtxWljv.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\FpiLOXw.exe
  C:\Windows\System\FpiLOXw.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\xytRIrf.exe
  C:\Windows\System\xytRIrf.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\FDSjGuX.exe
  C:\Windows\System\FDSjGuX.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\DMcehaL.exe
  C:\Windows\System\DMcehaL.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\WkhaJXs.exe
  C:\Windows\System\WkhaJXs.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\JpUcSwM.exe
  C:\Windows\System\JpUcSwM.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\exLPEfV.exe
  C:\Windows\System\exLPEfV.exe
  2⤵
  PID:2836
- C:\Windows\System\OvBAXOI.exe
  C:\Windows\System\OvBAXOI.exe
  2⤵
  PID:2652
- C:\Windows\System\MwfDHBM.exe
  C:\Windows\System\MwfDHBM.exe
  2⤵
  PID:2740
- C:\Windows\System\mYWuWcx.exe
  C:\Windows\System\mYWuWcx.exe
  2⤵
  PID:2792
- C:\Windows\System\kxBoOPe.exe
  C:\Windows\System\kxBoOPe.exe
  2⤵
  PID:2548
- C:\Windows\System\DEpOvjL.exe
  C:\Windows\System\DEpOvjL.exe
  2⤵
  PID:2784
- C:\Windows\System\tdjlhLh.exe
  C:\Windows\System\tdjlhLh.exe
  2⤵
  PID:2544
- C:\Windows\System\GHpmVjM.exe
  C:\Windows\System\GHpmVjM.exe
  2⤵
  PID:2560
- C:\Windows\System\qfcRyZc.exe
  C:\Windows\System\qfcRyZc.exe
  2⤵
  PID:2924
- C:\Windows\System\PYMwUwb.exe
  C:\Windows\System\PYMwUwb.exe
  2⤵
  PID:1052
- C:\Windows\System\OlmbnGw.exe
  C:\Windows\System\OlmbnGw.exe
  2⤵
  PID:2400
- C:\Windows\System\ABfweYc.exe
  C:\Windows\System\ABfweYc.exe
  2⤵
  PID:2368
- C:\Windows\System\qXEXUSm.exe
  C:\Windows\System\qXEXUSm.exe
  2⤵
  PID:1628
- C:\Windows\System\ouyoNKl.exe
  C:\Windows\System\ouyoNKl.exe
  2⤵
  PID:2504
- C:\Windows\System\bAVmNAM.exe
  C:\Windows\System\bAVmNAM.exe
  2⤵
  PID:1504
- C:\Windows\System\zJaxpPZ.exe
  C:\Windows\System\zJaxpPZ.exe
  2⤵
  PID:1856
- C:\Windows\System\AoeqrzL.exe
  C:\Windows\System\AoeqrzL.exe
  2⤵
  PID:1748
- C:\Windows\System\GdWXrTV.exe
  C:\Windows\System\GdWXrTV.exe
  2⤵
  PID:2008
- C:\Windows\System\GDYBbVd.exe
  C:\Windows\System\GDYBbVd.exe
  2⤵
  PID:2612
- C:\Windows\System\hwRGQcO.exe
  C:\Windows\System\hwRGQcO.exe
  2⤵
  PID:2004
- C:\Windows\System\sOcbQLl.exe
  C:\Windows\System\sOcbQLl.exe
  2⤵
  PID:1928
- C:\Windows\System\bbbxRsj.exe
  C:\Windows\System\bbbxRsj.exe
  2⤵
  PID:776
- C:\Windows\System\tvoRLuU.exe
  C:\Windows\System\tvoRLuU.exe
  2⤵
  PID:1668
- C:\Windows\System\hmlzbDM.exe
  C:\Windows\System\hmlzbDM.exe
  2⤵
  PID:1576
- C:\Windows\System\hquWPxF.exe
  C:\Windows\System\hquWPxF.exe
  2⤵
  PID:1712
- C:\Windows\System\McEAbjk.exe
  C:\Windows\System\McEAbjk.exe
  2⤵
  PID:1220
- C:\Windows\System\Cltmtfp.exe
  C:\Windows\System\Cltmtfp.exe
  2⤵
  PID:268
- C:\Windows\System\SjlceRK.exe
  C:\Windows\System\SjlceRK.exe
  2⤵
  PID:280
- C:\Windows\System\TWmUaXT.exe
  C:\Windows\System\TWmUaXT.exe
  2⤵
  PID:1440
- C:\Windows\System\vPLFWKc.exe
  C:\Windows\System\vPLFWKc.exe
  2⤵
  PID:2224
- C:\Windows\System\WzzXUZO.exe
  C:\Windows\System\WzzXUZO.exe
  2⤵
  PID:2624
- C:\Windows\System\hBMuWMY.exe
  C:\Windows\System\hBMuWMY.exe
  2⤵
  PID:1864
- C:\Windows\System\HvITieJ.exe
  C:\Windows\System\HvITieJ.exe
  2⤵
  PID:1428
- C:\Windows\System\CJgvNlC.exe
  C:\Windows\System\CJgvNlC.exe
  2⤵
  PID:1936
- C:\Windows\System\PUxIINc.exe
  C:\Windows\System\PUxIINc.exe
  2⤵
  PID:2272
- C:\Windows\System\oQDoxdP.exe
  C:\Windows\System\oQDoxdP.exe
  2⤵
  PID:1540
- C:\Windows\System\tkGjsNa.exe
  C:\Windows\System\tkGjsNa.exe
  2⤵
  PID:2900
- C:\Windows\System\oWQiSyq.exe
  C:\Windows\System\oWQiSyq.exe
  2⤵
  PID:2780
- C:\Windows\System\yncSejt.exe
  C:\Windows\System\yncSejt.exe
  2⤵
  PID:2692
- C:\Windows\System\PWsvewc.exe
  C:\Windows\System\PWsvewc.exe
  2⤵
  PID:2960
- C:\Windows\System\gRGLfZI.exe
  C:\Windows\System\gRGLfZI.exe
  2⤵
  PID:2584
- C:\Windows\System\xdnNANh.exe
  C:\Windows\System\xdnNANh.exe
  2⤵
  PID:2468
- C:\Windows\System\NmkGnRw.exe
  C:\Windows\System\NmkGnRw.exe
  2⤵
  PID:1068
- C:\Windows\System\nAfchPV.exe
  C:\Windows\System\nAfchPV.exe
  2⤵
  PID:2068
- C:\Windows\System\WcymbLl.exe
  C:\Windows\System\WcymbLl.exe
  2⤵
  PID:1204
- C:\Windows\System\Ojyojic.exe
  C:\Windows\System\Ojyojic.exe
  2⤵
  PID:2012
- C:\Windows\System\PdOQnSm.exe
  C:\Windows\System\PdOQnSm.exe
  2⤵
  PID:2516
- C:\Windows\System\lsdOXzu.exe
  C:\Windows\System\lsdOXzu.exe
  2⤵
  PID:1680
- C:\Windows\System\nKggHat.exe
  C:\Windows\System\nKggHat.exe
  2⤵
  PID:972
- C:\Windows\System\fBMRCsX.exe
  C:\Windows\System\fBMRCsX.exe
  2⤵
  PID:2864
- C:\Windows\System\ovWDdLy.exe
  C:\Windows\System\ovWDdLy.exe
  2⤵
  PID:1484
- C:\Windows\System\iSUkalr.exe
  C:\Windows\System\iSUkalr.exe
  2⤵
  PID:2300
- C:\Windows\System\iumweTJ.exe
  C:\Windows\System\iumweTJ.exe
  2⤵
  PID:2076
- C:\Windows\System\rPHoWmo.exe
  C:\Windows\System\rPHoWmo.exe
  2⤵
  PID:2172
- C:\Windows\System\tpvTCDX.exe
  C:\Windows\System\tpvTCDX.exe
  2⤵
  PID:584
- C:\Windows\System\hAfDadk.exe
  C:\Windows\System\hAfDadk.exe
  2⤵
  PID:2952
- C:\Windows\System\vCZBosq.exe
  C:\Windows\System\vCZBosq.exe
  2⤵
  PID:2636
- C:\Windows\System\aBFKYZJ.exe
  C:\Windows\System\aBFKYZJ.exe
  2⤵
  PID:2772
- C:\Windows\System\xuDtAMP.exe
  C:\Windows\System\xuDtAMP.exe
  2⤵
  PID:2668
- C:\Windows\System\GDeoaoA.exe
  C:\Windows\System\GDeoaoA.exe
  2⤵
  PID:1932
- C:\Windows\System\cXPiKuW.exe
  C:\Windows\System\cXPiKuW.exe
  2⤵
  PID:2640
- C:\Windows\System\UgxjWwW.exe
  C:\Windows\System\UgxjWwW.exe
  2⤵
  PID:1556
- C:\Windows\System\BNdsvCA.exe
  C:\Windows\System\BNdsvCA.exe
  2⤵
  PID:2260
- C:\Windows\System\QcVQYrt.exe
  C:\Windows\System\QcVQYrt.exe
  2⤵
  PID:2412
- C:\Windows\System\VMFWZRI.exe
  C:\Windows\System\VMFWZRI.exe
  2⤵
  PID:2352
- C:\Windows\System\RZKlCgc.exe
  C:\Windows\System\RZKlCgc.exe
  2⤵
  PID:1532
- C:\Windows\System\HWONXsu.exe
  C:\Windows\System\HWONXsu.exe
  2⤵
  PID:2768
- C:\Windows\System\rIrFSer.exe
  C:\Windows\System\rIrFSer.exe
  2⤵
  PID:540
- C:\Windows\System\yZQWIqH.exe
  C:\Windows\System\yZQWIqH.exe
  2⤵
  PID:2512
- C:\Windows\System\PAXpPoA.exe
  C:\Windows\System\PAXpPoA.exe
  2⤵
  PID:920
- C:\Windows\System\fzUBFCL.exe
  C:\Windows\System\fzUBFCL.exe
  2⤵
  PID:1868
- C:\Windows\System\Xnkqwqc.exe
  C:\Windows\System\Xnkqwqc.exe
  2⤵
  PID:1688
- C:\Windows\System\MISeOwM.exe
  C:\Windows\System\MISeOwM.exe
  2⤵
  PID:3080
- C:\Windows\System\YHngpum.exe
  C:\Windows\System\YHngpum.exe
  2⤵
  PID:3096
- C:\Windows\System\XVqFceZ.exe
  C:\Windows\System\XVqFceZ.exe
  2⤵
  PID:3112
- C:\Windows\System\HdvzDQj.exe
  C:\Windows\System\HdvzDQj.exe
  2⤵
  PID:3128
- C:\Windows\System\tZjFZEM.exe
  C:\Windows\System\tZjFZEM.exe
  2⤵
  PID:3144
- C:\Windows\System\vofVjrP.exe
  C:\Windows\System\vofVjrP.exe
  2⤵
  PID:3160
- C:\Windows\System\CDsHqFZ.exe
  C:\Windows\System\CDsHqFZ.exe
  2⤵
  PID:3176
- C:\Windows\System\sqoUIsq.exe
  C:\Windows\System\sqoUIsq.exe
  2⤵
  PID:3192
- C:\Windows\System\GaglZKA.exe
  C:\Windows\System\GaglZKA.exe
  2⤵
  PID:3208
- C:\Windows\System\OzzWiav.exe
  C:\Windows\System\OzzWiav.exe
  2⤵
  PID:3224
- C:\Windows\System\ADAqknf.exe
  C:\Windows\System\ADAqknf.exe
  2⤵
  PID:3240
- C:\Windows\System\TldYrIB.exe
  C:\Windows\System\TldYrIB.exe
  2⤵
  PID:3256
- C:\Windows\System\ymVacdz.exe
  C:\Windows\System\ymVacdz.exe
  2⤵
  PID:3272
- C:\Windows\System\LfedehL.exe
  C:\Windows\System\LfedehL.exe
  2⤵
  PID:3288
- C:\Windows\System\LOzXKJS.exe
  C:\Windows\System\LOzXKJS.exe
  2⤵
  PID:3304
- C:\Windows\System\MqgIbOC.exe
  C:\Windows\System\MqgIbOC.exe
  2⤵
  PID:3320
- C:\Windows\System\eYqmBBp.exe
  C:\Windows\System\eYqmBBp.exe
  2⤵
  PID:3336
- C:\Windows\System\zsQXhmS.exe
  C:\Windows\System\zsQXhmS.exe
  2⤵
  PID:3352
- C:\Windows\System\ZndjzVM.exe
  C:\Windows\System\ZndjzVM.exe
  2⤵
  PID:3368
- C:\Windows\System\RXUJCGx.exe
  C:\Windows\System\RXUJCGx.exe
  2⤵
  PID:3384
- C:\Windows\System\vUgTnCr.exe
  C:\Windows\System\vUgTnCr.exe
  2⤵
  PID:3400
- C:\Windows\System\GafHWkN.exe
  C:\Windows\System\GafHWkN.exe
  2⤵
  PID:3416
- C:\Windows\System\tKPVmuX.exe
  C:\Windows\System\tKPVmuX.exe
  2⤵
  PID:3432
- C:\Windows\System\XZkhMla.exe
  C:\Windows\System\XZkhMla.exe
  2⤵
  PID:3448
- C:\Windows\System\JLudoTs.exe
  C:\Windows\System\JLudoTs.exe
  2⤵
  PID:3464
- C:\Windows\System\ZdXtOzk.exe
  C:\Windows\System\ZdXtOzk.exe
  2⤵
  PID:3480
- C:\Windows\System\TgNSxgJ.exe
  C:\Windows\System\TgNSxgJ.exe
  2⤵
  PID:3496
- C:\Windows\System\oRYaGhC.exe
  C:\Windows\System\oRYaGhC.exe
  2⤵
  PID:3512
- C:\Windows\System\WFIQdBs.exe
  C:\Windows\System\WFIQdBs.exe
  2⤵
  PID:3528
- C:\Windows\System\YgWAnRQ.exe
  C:\Windows\System\YgWAnRQ.exe
  2⤵
  PID:3544
- C:\Windows\System\OVrUgGm.exe
  C:\Windows\System\OVrUgGm.exe
  2⤵
  PID:3560
- C:\Windows\System\aVgMfdW.exe
  C:\Windows\System\aVgMfdW.exe
  2⤵
  PID:3576
- C:\Windows\System\HGKSeQv.exe
  C:\Windows\System\HGKSeQv.exe
  2⤵
  PID:3592
- C:\Windows\System\lsZpRoI.exe
  C:\Windows\System\lsZpRoI.exe
  2⤵
  PID:3608
- C:\Windows\System\AHXDXOV.exe
  C:\Windows\System\AHXDXOV.exe
  2⤵
  PID:3624
- C:\Windows\System\ArqVlkj.exe
  C:\Windows\System\ArqVlkj.exe
  2⤵
  PID:3640
- C:\Windows\System\BBmVCsB.exe
  C:\Windows\System\BBmVCsB.exe
  2⤵
  PID:3656
- C:\Windows\System\SdWnLQc.exe
  C:\Windows\System\SdWnLQc.exe
  2⤵
  PID:3672
- C:\Windows\System\WyBlAJY.exe
  C:\Windows\System\WyBlAJY.exe
  2⤵
  PID:3688
- C:\Windows\System\pMnohhn.exe
  C:\Windows\System\pMnohhn.exe
  2⤵
  PID:3704
- C:\Windows\System\oqineig.exe
  C:\Windows\System\oqineig.exe
  2⤵
  PID:3720
- C:\Windows\System\jymFzav.exe
  C:\Windows\System\jymFzav.exe
  2⤵
  PID:3736
- C:\Windows\System\mxAFQkH.exe
  C:\Windows\System\mxAFQkH.exe
  2⤵
  PID:3752
- C:\Windows\System\zpsluUY.exe
  C:\Windows\System\zpsluUY.exe
  2⤵
  PID:3768
- C:\Windows\System\nObyijv.exe
  C:\Windows\System\nObyijv.exe
  2⤵
  PID:3784
- C:\Windows\System\GMrPwpK.exe
  C:\Windows\System\GMrPwpK.exe
  2⤵
  PID:3800
- C:\Windows\System\VfkzTrE.exe
  C:\Windows\System\VfkzTrE.exe
  2⤵
  PID:3816
- C:\Windows\System\wvLRDvY.exe
  C:\Windows\System\wvLRDvY.exe
  2⤵
  PID:3832
- C:\Windows\System\uTPiJMS.exe
  C:\Windows\System\uTPiJMS.exe
  2⤵
  PID:3848
- C:\Windows\System\EBQkxib.exe
  C:\Windows\System\EBQkxib.exe
  2⤵
  PID:3864
- C:\Windows\System\LHrFxrT.exe
  C:\Windows\System\LHrFxrT.exe
  2⤵
  PID:3880
- C:\Windows\System\HnPvQBH.exe
  C:\Windows\System\HnPvQBH.exe
  2⤵
  PID:3896
- C:\Windows\System\tjqTFQA.exe
  C:\Windows\System\tjqTFQA.exe
  2⤵
  PID:3912
- C:\Windows\System\Aqvvhue.exe
  C:\Windows\System\Aqvvhue.exe
  2⤵
  PID:3928
- C:\Windows\System\nBNWpNx.exe
  C:\Windows\System\nBNWpNx.exe
  2⤵
  PID:3944
- C:\Windows\System\xUJGRRS.exe
  C:\Windows\System\xUJGRRS.exe
  2⤵
  PID:3960
- C:\Windows\System\PpuMoIs.exe
  C:\Windows\System\PpuMoIs.exe
  2⤵
  PID:3976
- C:\Windows\System\RoaglNI.exe
  C:\Windows\System\RoaglNI.exe
  2⤵
  PID:3992
- C:\Windows\System\zlLUuSg.exe
  C:\Windows\System\zlLUuSg.exe
  2⤵
  PID:4008
- C:\Windows\System\bqYvrcj.exe
  C:\Windows\System\bqYvrcj.exe
  2⤵
  PID:4024
- C:\Windows\System\xyZygPM.exe
  C:\Windows\System\xyZygPM.exe
  2⤵
  PID:4040
- C:\Windows\System\jziLotK.exe
  C:\Windows\System\jziLotK.exe
  2⤵
  PID:4056
- C:\Windows\System\pJdxeAD.exe
  C:\Windows\System\pJdxeAD.exe
  2⤵
  PID:4072
- C:\Windows\System\yIdMfrw.exe
  C:\Windows\System\yIdMfrw.exe
  2⤵
  PID:4088
- C:\Windows\System\JDgvDMK.exe
  C:\Windows\System\JDgvDMK.exe
  2⤵
  PID:1888
- C:\Windows\System\aqoXZWB.exe
  C:\Windows\System\aqoXZWB.exe
  2⤵
  PID:3076
- C:\Windows\System\lKYZwse.exe
  C:\Windows\System\lKYZwse.exe
  2⤵
  PID:3088
- C:\Windows\System\ZHweOVw.exe
  C:\Windows\System\ZHweOVw.exe
  2⤵
  PID:3140
- C:\Windows\System\dfgRekL.exe
  C:\Windows\System\dfgRekL.exe
  2⤵
  PID:3168
- C:\Windows\System\BhVFtQa.exe
  C:\Windows\System\BhVFtQa.exe
  2⤵
  PID:3200
- C:\Windows\System\BFrgQjY.exe
  C:\Windows\System\BFrgQjY.exe
  2⤵
  PID:3216
- C:\Windows\System\jzRBygO.exe
  C:\Windows\System\jzRBygO.exe
  2⤵
  PID:3264
- C:\Windows\System\uiHMpxI.exe
  C:\Windows\System\uiHMpxI.exe
  2⤵
  PID:3296
- C:\Windows\System\eCWqlwB.exe
  C:\Windows\System\eCWqlwB.exe
  2⤵
  PID:3332
- C:\Windows\System\vkLBdvR.exe
  C:\Windows\System\vkLBdvR.exe
  2⤵
  PID:3344
- C:\Windows\System\TBhtrIz.exe
  C:\Windows\System\TBhtrIz.exe
  2⤵
  PID:3392
- C:\Windows\System\KWASzRN.exe
  C:\Windows\System\KWASzRN.exe
  2⤵
  PID:3412
- C:\Windows\System\hGhoFvl.exe
  C:\Windows\System\hGhoFvl.exe
  2⤵
  PID:3456
- C:\Windows\System\FUmktRa.exe
  C:\Windows\System\FUmktRa.exe
  2⤵
  PID:3476
- C:\Windows\System\hzkrRMY.exe
  C:\Windows\System\hzkrRMY.exe
  2⤵
  PID:3520
- C:\Windows\System\XQCZQmc.exe
  C:\Windows\System\XQCZQmc.exe
  2⤵
  PID:3552
- C:\Windows\System\stpsjUw.exe
  C:\Windows\System\stpsjUw.exe
  2⤵
  PID:3568
- C:\Windows\System\hAcRDpc.exe
  C:\Windows\System\hAcRDpc.exe
  2⤵
  PID:3616
- C:\Windows\System\TKfqPcP.exe
  C:\Windows\System\TKfqPcP.exe
  2⤵
  PID:3648
- C:\Windows\System\tTdRoTU.exe
  C:\Windows\System\tTdRoTU.exe
  2⤵
  PID:3680
- C:\Windows\System\zrKerzV.exe
  C:\Windows\System\zrKerzV.exe
  2⤵
  PID:3712
- C:\Windows\System\jTIXxoe.exe
  C:\Windows\System\jTIXxoe.exe
  2⤵
  PID:3744
- C:\Windows\System\uZDCkgf.exe
  C:\Windows\System\uZDCkgf.exe
  2⤵
  PID:3776
- C:\Windows\System\ClDfbcK.exe
  C:\Windows\System\ClDfbcK.exe
  2⤵
  PID:3808
- C:\Windows\System\luPsvPu.exe
  C:\Windows\System\luPsvPu.exe
  2⤵
  PID:3844
- C:\Windows\System\bFrKJpB.exe
  C:\Windows\System\bFrKJpB.exe
  2⤵
  PID:3856
- C:\Windows\System\LZdsvOX.exe
  C:\Windows\System\LZdsvOX.exe
  2⤵
  PID:3888
- C:\Windows\System\XSbLNbJ.exe
  C:\Windows\System\XSbLNbJ.exe
  2⤵
  PID:3924
- C:\Windows\System\zMBGJNo.exe
  C:\Windows\System\zMBGJNo.exe
  2⤵
  PID:3952
- C:\Windows\System\dCeJQxR.exe
  C:\Windows\System\dCeJQxR.exe
  2⤵
  PID:3988
- C:\Windows\System\lkqiwCB.exe
  C:\Windows\System\lkqiwCB.exe
  2⤵
  PID:4032
- C:\Windows\System\hxWhNsQ.exe
  C:\Windows\System\hxWhNsQ.exe
  2⤵
  PID:4048
- C:\Windows\System\ZESeZhb.exe
  C:\Windows\System\ZESeZhb.exe
  2⤵
  PID:2392
- C:\Windows\System\FsAarCW.exe
  C:\Windows\System\FsAarCW.exe
  2⤵
  PID:3104
- C:\Windows\System\sJNqntb.exe
  C:\Windows\System\sJNqntb.exe
  2⤵
  PID:3124
- C:\Windows\System\emsOAcO.exe
  C:\Windows\System\emsOAcO.exe
  2⤵
  PID:3204
- C:\Windows\System\KlChZVT.exe
  C:\Windows\System\KlChZVT.exe
  2⤵
  PID:3220
- C:\Windows\System\YdouqtR.exe
  C:\Windows\System\YdouqtR.exe
  2⤵
  PID:3316
- C:\Windows\System\DuCrumn.exe
  C:\Windows\System\DuCrumn.exe
  2⤵
  PID:3396
- C:\Windows\System\MwdyLAB.exe
  C:\Windows\System\MwdyLAB.exe
  2⤵
  PID:3444
- C:\Windows\System\sHaKzTn.exe
  C:\Windows\System\sHaKzTn.exe
  2⤵
  PID:3508
- C:\Windows\System\WozoqwP.exe
  C:\Windows\System\WozoqwP.exe
  2⤵
  PID:3556
- C:\Windows\System\resajXH.exe
  C:\Windows\System\resajXH.exe
  2⤵
  PID:3584
- C:\Windows\System\FLxJZtC.exe
  C:\Windows\System\FLxJZtC.exe
  2⤵
  PID:3664
- C:\Windows\System\ggaiDNt.exe
  C:\Windows\System\ggaiDNt.exe
  2⤵
  PID:3728
- C:\Windows\System\UttfVTM.exe
  C:\Windows\System\UttfVTM.exe
  2⤵
  PID:3748
- C:\Windows\System\JylFbIA.exe
  C:\Windows\System\JylFbIA.exe
  2⤵
  PID:3828
- C:\Windows\System\tPAXfpj.exe
  C:\Windows\System\tPAXfpj.exe
  2⤵
  PID:3908
- C:\Windows\System\DKZTmZh.exe
  C:\Windows\System\DKZTmZh.exe
  2⤵
  PID:3984
- C:\Windows\System\deYXxAj.exe
  C:\Windows\System\deYXxAj.exe
  2⤵
  PID:2892
- C:\Windows\System\SlISczk.exe
  C:\Windows\System\SlISczk.exe
  2⤵
  PID:4080
- C:\Windows\System\DwgJbsr.exe
  C:\Windows\System\DwgJbsr.exe
  2⤵
  PID:328
- C:\Windows\System\DKFvARR.exe
  C:\Windows\System\DKFvARR.exe
  2⤵
  PID:3248
- C:\Windows\System\wYCkQOu.exe
  C:\Windows\System\wYCkQOu.exe
  2⤵
  PID:3364
- C:\Windows\System\iQzaRuA.exe
  C:\Windows\System\iQzaRuA.exe
  2⤵
  PID:3504
- C:\Windows\System\QYwRTvi.exe
  C:\Windows\System\QYwRTvi.exe
  2⤵
  PID:3588
- C:\Windows\System\FPzBLZd.exe
  C:\Windows\System\FPzBLZd.exe
  2⤵
  PID:3696
- C:\Windows\System\kgShgfL.exe
  C:\Windows\System\kgShgfL.exe
  2⤵
  PID:2988
- C:\Windows\System\mmJRpXi.exe
  C:\Windows\System\mmJRpXi.exe
  2⤵
  PID:3920
- C:\Windows\System\RggAQDi.exe
  C:\Windows\System\RggAQDi.exe
  2⤵
  PID:4016
- C:\Windows\System\NtkhWAD.exe
  C:\Windows\System\NtkhWAD.exe
  2⤵
  PID:3280
- C:\Windows\System\GAecpER.exe
  C:\Windows\System\GAecpER.exe
  2⤵
  PID:3764
- C:\Windows\System\ONEXtqY.exe
  C:\Windows\System\ONEXtqY.exe
  2⤵
  PID:2956
- C:\Windows\System\ZiagNcq.exe
  C:\Windows\System\ZiagNcq.exe
  2⤵
  PID:4112
- C:\Windows\System\ZunXlJs.exe
  C:\Windows\System\ZunXlJs.exe
  2⤵
  PID:4128
- C:\Windows\System\MQZbnaS.exe
  C:\Windows\System\MQZbnaS.exe
  2⤵
  PID:4144
- C:\Windows\System\rklguSo.exe
  C:\Windows\System\rklguSo.exe
  2⤵
  PID:4160
- C:\Windows\System\KvPbaAa.exe
  C:\Windows\System\KvPbaAa.exe
  2⤵
  PID:4176
- C:\Windows\System\pErNxiz.exe
  C:\Windows\System\pErNxiz.exe
  2⤵
  PID:4192
- C:\Windows\System\PBrNyBe.exe
  C:\Windows\System\PBrNyBe.exe
  2⤵
  PID:4208
- C:\Windows\System\HVvzTea.exe
  C:\Windows\System\HVvzTea.exe
  2⤵
  PID:4224
- C:\Windows\System\SuJiqAG.exe
  C:\Windows\System\SuJiqAG.exe
  2⤵
  PID:4272
- C:\Windows\System\QpTIfAc.exe
  C:\Windows\System\QpTIfAc.exe
  2⤵
  PID:4288
- C:\Windows\System\YxgpZrU.exe
  C:\Windows\System\YxgpZrU.exe
  2⤵
  PID:4312
- C:\Windows\System\XjNdJOL.exe
  C:\Windows\System\XjNdJOL.exe
  2⤵
  PID:4392
- C:\Windows\System\mnGpKJw.exe
  C:\Windows\System\mnGpKJw.exe
  2⤵
  PID:4408
- C:\Windows\System\CDxCwJV.exe
  C:\Windows\System\CDxCwJV.exe
  2⤵
  PID:4424
- C:\Windows\System\iJZKqOx.exe
  C:\Windows\System\iJZKqOx.exe
  2⤵
  PID:4440
- C:\Windows\System\iYnkvUu.exe
  C:\Windows\System\iYnkvUu.exe
  2⤵
  PID:4456
- C:\Windows\System\TXSshjw.exe
  C:\Windows\System\TXSshjw.exe
  2⤵
  PID:4472
- C:\Windows\System\FitqfgW.exe
  C:\Windows\System\FitqfgW.exe
  2⤵
  PID:4516
- C:\Windows\System\LvkdXck.exe
  C:\Windows\System\LvkdXck.exe
  2⤵
  PID:4540
- C:\Windows\System\BXuWuTv.exe
  C:\Windows\System\BXuWuTv.exe
  2⤵
  PID:4568
- C:\Windows\System\nKPArvR.exe
  C:\Windows\System\nKPArvR.exe
  2⤵
  PID:4584
- C:\Windows\System\ADufRmb.exe
  C:\Windows\System\ADufRmb.exe
  2⤵
  PID:4600
- C:\Windows\System\bPEtxSL.exe
  C:\Windows\System\bPEtxSL.exe
  2⤵
  PID:4624
- C:\Windows\System\uaYpwyh.exe
  C:\Windows\System\uaYpwyh.exe
  2⤵
  PID:4640
- C:\Windows\System\fihUUFB.exe
  C:\Windows\System\fihUUFB.exe
  2⤵
  PID:4656
- C:\Windows\System\SkmmWDU.exe
  C:\Windows\System\SkmmWDU.exe
  2⤵
  PID:4676
- C:\Windows\System\ZiYMdNi.exe
  C:\Windows\System\ZiYMdNi.exe
  2⤵
  PID:4692
- C:\Windows\System\aPauqXD.exe
  C:\Windows\System\aPauqXD.exe
  2⤵
  PID:4712
- C:\Windows\System\GIZsEoa.exe
  C:\Windows\System\GIZsEoa.exe
  2⤵
  PID:4736
- C:\Windows\System\FXIDQmG.exe
  C:\Windows\System\FXIDQmG.exe
  2⤵
  PID:4752
- C:\Windows\System\UxFmNBW.exe
  C:\Windows\System\UxFmNBW.exe
  2⤵
  PID:4768
- C:\Windows\System\ynTCHtv.exe
  C:\Windows\System\ynTCHtv.exe
  2⤵
  PID:4792
- C:\Windows\System\zeqcKYL.exe
  C:\Windows\System\zeqcKYL.exe
  2⤵
  PID:4808
- C:\Windows\System\vUclIZK.exe
  C:\Windows\System\vUclIZK.exe
  2⤵
  PID:4824
- C:\Windows\System\SSvLRcP.exe
  C:\Windows\System\SSvLRcP.exe
  2⤵
  PID:4840
- C:\Windows\System\TFcCJim.exe
  C:\Windows\System\TFcCJim.exe
  2⤵
  PID:4868
- C:\Windows\System\nngMOjW.exe
  C:\Windows\System\nngMOjW.exe
  2⤵
  PID:5056
- C:\Windows\System\oXaKfAL.exe
  C:\Windows\System\oXaKfAL.exe
  2⤵
  PID:5072
- C:\Windows\System\iKfWdyD.exe
  C:\Windows\System\iKfWdyD.exe
  2⤵
  PID:5088
- C:\Windows\System\ZEEoniY.exe
  C:\Windows\System\ZEEoniY.exe
  2⤵
  PID:3632
- C:\Windows\System\nUIQMqw.exe
  C:\Windows\System\nUIQMqw.exe
  2⤵
  PID:3056
- C:\Windows\System\rRRdjXT.exe
  C:\Windows\System\rRRdjXT.exe
  2⤵
  PID:4320
- C:\Windows\System\vcphofg.exe
  C:\Windows\System\vcphofg.exe
  2⤵
  PID:4416
- C:\Windows\System\eiUbBOY.exe
  C:\Windows\System\eiUbBOY.exe
  2⤵
  PID:4860
- C:\Windows\System\EYamyOY.exe
  C:\Windows\System\EYamyOY.exe
  2⤵
  PID:4912
- C:\Windows\System\pXCIwKe.exe
  C:\Windows\System\pXCIwKe.exe
  2⤵
  PID:4932
- C:\Windows\System\OAWuEEe.exe
  C:\Windows\System\OAWuEEe.exe
  2⤵
  PID:4956
- C:\Windows\System\POpPykB.exe
  C:\Windows\System\POpPykB.exe
  2⤵
  PID:4976
- C:\Windows\System\yJineDv.exe
  C:\Windows\System\yJineDv.exe
  2⤵
  PID:4996
- C:\Windows\System\XUPRWrr.exe
  C:\Windows\System\XUPRWrr.exe
  2⤵
  PID:4124
- C:\Windows\System\VRICxUL.exe
  C:\Windows\System\VRICxUL.exe
  2⤵
  PID:4336
- C:\Windows\System\RShYpir.exe
  C:\Windows\System\RShYpir.exe
  2⤵
  PID:4352
- C:\Windows\System\uuDhkwC.exe
  C:\Windows\System\uuDhkwC.exe
  2⤵
  PID:4820
- C:\Windows\System\BFnHlNq.exe
  C:\Windows\System\BFnHlNq.exe
  2⤵
  PID:4952
- C:\Windows\System\QNCxlqs.exe
  C:\Windows\System\QNCxlqs.exe
  2⤵
  PID:4688
- C:\Windows\System\terzdRV.exe
  C:\Windows\System\terzdRV.exe
  2⤵
  PID:4992
- C:\Windows\System\wOmXovj.exe
  C:\Windows\System\wOmXovj.exe
  2⤵
  PID:4652
- C:\Windows\System\TXTHUQN.exe
  C:\Windows\System\TXTHUQN.exe
  2⤵
  PID:4720
- C:\Windows\System\OrYfRyO.exe
  C:\Windows\System\OrYfRyO.exe
  2⤵
  PID:4512
- C:\Windows\System\oGvicnq.exe
  C:\Windows\System\oGvicnq.exe
  2⤵
  PID:4452
- C:\Windows\System\nfpPnFH.exe
  C:\Windows\System\nfpPnFH.exe
  2⤵
  PID:4704
- C:\Windows\System\LdPiGbe.exe
  C:\Windows\System\LdPiGbe.exe
  2⤵
  PID:4760
- C:\Windows\System\ubfPccl.exe
  C:\Windows\System\ubfPccl.exe
  2⤵
  PID:4800
- C:\Windows\System\XvyMiFp.exe
  C:\Windows\System\XvyMiFp.exe
  2⤵
  PID:4892
- C:\Windows\System\sGslAho.exe
  C:\Windows\System\sGslAho.exe
  2⤵
  PID:4968
- C:\Windows\System\ePYgoXr.exe
  C:\Windows\System\ePYgoXr.exe
  2⤵
  PID:1900
- C:\Windows\System\sqfOhdX.exe
  C:\Windows\System\sqfOhdX.exe
  2⤵
  PID:5024
- C:\Windows\System\UfOqoUx.exe
  C:\Windows\System\UfOqoUx.exe
  2⤵
  PID:2576
- C:\Windows\System\leEKlGE.exe
  C:\Windows\System\leEKlGE.exe
  2⤵
  PID:5068
- C:\Windows\System\diNdmZf.exe
  C:\Windows\System\diNdmZf.exe
  2⤵
  PID:2456
- C:\Windows\System\kIapaUO.exe
  C:\Windows\System\kIapaUO.exe
  2⤵
  PID:5108
- C:\Windows\System\UHsOHrz.exe
  C:\Windows\System\UHsOHrz.exe
  2⤵
  PID:4104
- C:\Windows\System\tTEcgIG.exe
  C:\Windows\System\tTEcgIG.exe
  2⤵
  PID:2796
- C:\Windows\System\gBDwnbK.exe
  C:\Windows\System\gBDwnbK.exe
  2⤵
  PID:4200
- C:\Windows\System\ZPfDkdj.exe
  C:\Windows\System\ZPfDkdj.exe
  2⤵
  PID:4232
- C:\Windows\System\KZtKPHJ.exe
  C:\Windows\System\KZtKPHJ.exe
  2⤵
  PID:4252
- C:\Windows\System\oxBUnbq.exe
  C:\Windows\System\oxBUnbq.exe
  2⤵
  PID:1952
- C:\Windows\System\XnFsBwE.exe
  C:\Windows\System\XnFsBwE.exe
  2⤵
  PID:4300
- C:\Windows\System\ZoEbHzy.exe
  C:\Windows\System\ZoEbHzy.exe
  2⤵
  PID:4236
- C:\Windows\System\ovcmMLs.exe
  C:\Windows\System\ovcmMLs.exe
  2⤵
  PID:1048
- C:\Windows\System\aNWeWZr.exe
  C:\Windows\System\aNWeWZr.exe
  2⤵
  PID:1236
- C:\Windows\System\gYXuiQI.exe
  C:\Windows\System\gYXuiQI.exe
  2⤵
  PID:4356
- C:\Windows\System\NKHzGdc.exe
  C:\Windows\System\NKHzGdc.exe
  2⤵
  PID:4388
- C:\Windows\System\RENmhqd.exe
  C:\Windows\System\RENmhqd.exe
  2⤵
  PID:4536
- C:\Windows\System\mGAISah.exe
  C:\Windows\System\mGAISah.exe
  2⤵
  PID:4488
- C:\Windows\System\vBWpYOT.exe
  C:\Windows\System\vBWpYOT.exe
  2⤵
  PID:4848
- C:\Windows\System\fGkyqGX.exe
  C:\Windows\System\fGkyqGX.exe
  2⤵
  PID:4908
- C:\Windows\System\obDtLfy.exe
  C:\Windows\System\obDtLfy.exe
  2⤵
  PID:4672
- C:\Windows\System\LWXlpsb.exe
  C:\Windows\System\LWXlpsb.exe
  2⤵
  PID:4612
- C:\Windows\System\laHNdIP.exe
  C:\Windows\System\laHNdIP.exe
  2⤵
  PID:4576
- C:\Windows\System\skSPgrL.exe
  C:\Windows\System\skSPgrL.exe
  2⤵
  PID:1876
- C:\Windows\System\zPcvOhQ.exe
  C:\Windows\System\zPcvOhQ.exe
  2⤵
  PID:4508
- C:\Windows\System\SfyWrYU.exe
  C:\Windows\System\SfyWrYU.exe
  2⤵
  PID:1784
- C:\Windows\System\XZGgkLK.exe
  C:\Windows\System\XZGgkLK.exe
  2⤵
  PID:2676
- C:\Windows\System\RbsfjxR.exe
  C:\Windows\System\RbsfjxR.exe
  2⤵
  PID:4744
- C:\Windows\System\rQmcyPB.exe
  C:\Windows\System\rQmcyPB.exe
  2⤵
  PID:4928
- C:\Windows\System\cqGWgBg.exe
  C:\Windows\System\cqGWgBg.exe
  2⤵
  PID:2092
- C:\Windows\System\qpEhfgy.exe
  C:\Windows\System\qpEhfgy.exe
  2⤵
  PID:5016
- C:\Windows\System\JQQVjJw.exe
  C:\Windows\System\JQQVjJw.exe
  2⤵
  PID:5020
- C:\Windows\System\JILypNi.exe
  C:\Windows\System\JILypNi.exe
  2⤵
  PID:5100
- C:\Windows\System\ulaECIv.exe
  C:\Windows\System\ulaECIv.exe
  2⤵
  PID:4204
- C:\Windows\System\dkuoqPm.exe
  C:\Windows\System\dkuoqPm.exe
  2⤵
  PID:1788
- C:\Windows\System\nTzOFLI.exe
  C:\Windows\System\nTzOFLI.exe
  2⤵
  PID:4140
- C:\Windows\System\dqPCjIU.exe
  C:\Windows\System\dqPCjIU.exe
  2⤵
  PID:5080
- C:\Windows\System\qruyXQN.exe
  C:\Windows\System\qruyXQN.exe
  2⤵
  PID:3136
- C:\Windows\System\rfdZBtE.exe
  C:\Windows\System\rfdZBtE.exe
  2⤵
  PID:4120
- C:\Windows\System\FEVIYsF.exe
  C:\Windows\System\FEVIYsF.exe
  2⤵
  PID:4248
- C:\Windows\System\xAdjwCH.exe
  C:\Windows\System\xAdjwCH.exe
  2⤵
  PID:4216
- C:\Windows\System\oegcYtb.exe
  C:\Windows\System\oegcYtb.exe
  2⤵
  PID:4308
- C:\Windows\System\lgiOtXy.exe
  C:\Windows\System\lgiOtXy.exe
  2⤵
  PID:1916
- C:\Windows\System\HfEcYGZ.exe
  C:\Windows\System\HfEcYGZ.exe
  2⤵
  PID:4900
- C:\Windows\System\WqHGBWd.exe
  C:\Windows\System\WqHGBWd.exe
  2⤵
  PID:4264
- C:\Windows\System\TeRbaBI.exe
  C:\Windows\System\TeRbaBI.exe
  2⤵
  PID:4432
- C:\Windows\System\YeETtbd.exe
  C:\Windows\System\YeETtbd.exe
  2⤵
  PID:2216
- C:\Windows\System\aEuGjnP.exe
  C:\Windows\System\aEuGjnP.exe
  2⤵
  PID:5048
- C:\Windows\System\HFeqjSg.exe
  C:\Windows\System\HFeqjSg.exe
  2⤵
  PID:5116
- C:\Windows\System\CQduQFw.exe
  C:\Windows\System\CQduQFw.exe
  2⤵
  PID:2708
- C:\Windows\System\yXRuHVN.exe
  C:\Windows\System\yXRuHVN.exe
  2⤵
  PID:4052
- C:\Windows\System\QVTiToY.exe
  C:\Windows\System\QVTiToY.exe
  2⤵
  PID:4376
- C:\Windows\System\RvlmTvD.exe
  C:\Windows\System\RvlmTvD.exe
  2⤵
  PID:3428
- C:\Windows\System\nzgfmou.exe
  C:\Windows\System\nzgfmou.exe
  2⤵
  PID:2080
- C:\Windows\System\CoRfolm.exe
  C:\Windows\System\CoRfolm.exe
  2⤵
  PID:5040
- C:\Windows\System\OoLzFEB.exe
  C:\Windows\System\OoLzFEB.exe
  2⤵
  PID:2776
- C:\Windows\System\xsAjkvt.exe
  C:\Windows\System\xsAjkvt.exe
  2⤵
  PID:4100
- C:\Windows\System\dmwMESB.exe
  C:\Windows\System\dmwMESB.exe
  2⤵
  PID:4904
- C:\Windows\System\MYaDbWn.exe
  C:\Windows\System\MYaDbWn.exe
  2⤵
  PID:4348
- C:\Windows\System\NQgqRZz.exe
  C:\Windows\System\NQgqRZz.exe
  2⤵
  PID:2848
- C:\Windows\System\iqmGWah.exe
  C:\Windows\System\iqmGWah.exe
  2⤵
  PID:4984
- C:\Windows\System\rWaVhek.exe
  C:\Windows\System\rWaVhek.exe
  2⤵
  PID:5036
- C:\Windows\System\XwsYxjC.exe
  C:\Windows\System\XwsYxjC.exe
  2⤵
  PID:4636
- C:\Windows\System\RYTwLAZ.exe
  C:\Windows\System\RYTwLAZ.exe
  2⤵
  PID:3440
- C:\Windows\System\XlUAGfZ.exe
  C:\Windows\System\XlUAGfZ.exe
  2⤵
  PID:4804
- C:\Windows\System\EjTrvOL.exe
  C:\Windows\System\EjTrvOL.exe
  2⤵
  PID:4732
- C:\Windows\System\wifEcYc.exe
  C:\Windows\System\wifEcYc.exe
  2⤵
  PID:4620
- C:\Windows\System\lWqtvfr.exe
  C:\Windows\System\lWqtvfr.exe
  2⤵
  PID:2344
- C:\Windows\System\ayeAGyA.exe
  C:\Windows\System\ayeAGyA.exe
  2⤵
  PID:2556
- C:\Windows\System\rInGIhR.exe
  C:\Windows\System\rInGIhR.exe
  2⤵
  PID:4896
- C:\Windows\System\QiApDdN.exe
  C:\Windows\System\QiApDdN.exe
  2⤵
  PID:1724
- C:\Windows\System\UWYrSBe.exe
  C:\Windows\System\UWYrSBe.exe
  2⤵
  PID:1912
- C:\Windows\System\oIeufOx.exe
  C:\Windows\System\oIeufOx.exe
  2⤵
  PID:1400
- C:\Windows\System\ifLNUXR.exe
  C:\Windows\System\ifLNUXR.exe
  2⤵
  PID:1552
- C:\Windows\System\ydFCDck.exe
  C:\Windows\System\ydFCDck.exe
  2⤵
  PID:1992
- C:\Windows\System\kNgHSxV.exe
  C:\Windows\System\kNgHSxV.exe
  2⤵
  PID:4184
- C:\Windows\System\UhcWENX.exe
  C:\Windows\System\UhcWENX.exe
  2⤵
  PID:5132
- C:\Windows\System\slWgtTT.exe
  C:\Windows\System\slWgtTT.exe
  2⤵
  PID:5148
- C:\Windows\System\PCfkpFm.exe
  C:\Windows\System\PCfkpFm.exe
  2⤵
  PID:5164
- C:\Windows\System\FqMXIBc.exe
  C:\Windows\System\FqMXIBc.exe
  2⤵
  PID:5188
- C:\Windows\System\lKwSyGq.exe
  C:\Windows\System\lKwSyGq.exe
  2⤵
  PID:5204
- C:\Windows\System\vnHvYTi.exe
  C:\Windows\System\vnHvYTi.exe
  2⤵
  PID:5224
- C:\Windows\System\yKzSlyx.exe
  C:\Windows\System\yKzSlyx.exe
  2⤵
  PID:5248
- C:\Windows\System\KHluMFc.exe
  C:\Windows\System\KHluMFc.exe
  2⤵
  PID:5264
- C:\Windows\System\OxdPZGk.exe
  C:\Windows\System\OxdPZGk.exe
  2⤵
  PID:5284
- C:\Windows\System\VcVWUbb.exe
  C:\Windows\System\VcVWUbb.exe
  2⤵
  PID:5308
- C:\Windows\System\QVyxDdh.exe
  C:\Windows\System\QVyxDdh.exe
  2⤵
  PID:5324
- C:\Windows\System\wfLwxVA.exe
  C:\Windows\System\wfLwxVA.exe
  2⤵
  PID:5364
- C:\Windows\System\MThEvog.exe
  C:\Windows\System\MThEvog.exe
  2⤵
  PID:5384
- C:\Windows\System\zrkRQaK.exe
  C:\Windows\System\zrkRQaK.exe
  2⤵
  PID:5404
- C:\Windows\System\jZpVhMM.exe
  C:\Windows\System\jZpVhMM.exe
  2⤵
  PID:5420
- C:\Windows\System\mfMIOGv.exe
  C:\Windows\System\mfMIOGv.exe
  2⤵
  PID:5444
- C:\Windows\System\CdSfrfA.exe
  C:\Windows\System\CdSfrfA.exe
  2⤵
  PID:5460
- C:\Windows\System\IRKUvzv.exe
  C:\Windows\System\IRKUvzv.exe
  2⤵
  PID:5480
- C:\Windows\System\mPPXUSR.exe
  C:\Windows\System\mPPXUSR.exe
  2⤵
  PID:5500
- C:\Windows\System\RfAlglF.exe
  C:\Windows\System\RfAlglF.exe
  2⤵
  PID:5516
- C:\Windows\System\CRXpKLh.exe
  C:\Windows\System\CRXpKLh.exe
  2⤵
  PID:5532
- C:\Windows\System\SgiSSIU.exe
  C:\Windows\System\SgiSSIU.exe
  2⤵
  PID:5552
- C:\Windows\System\SAyRbOe.exe
  C:\Windows\System\SAyRbOe.exe
  2⤵
  PID:5568
- C:\Windows\System\XOmuntP.exe
  C:\Windows\System\XOmuntP.exe
  2⤵
  PID:5600
- C:\Windows\System\xSJnudh.exe
  C:\Windows\System\xSJnudh.exe
  2⤵
  PID:5620
- C:\Windows\System\rBJonvd.exe
  C:\Windows\System\rBJonvd.exe
  2⤵
  PID:5656
- C:\Windows\System\revfeaA.exe
  C:\Windows\System\revfeaA.exe
  2⤵
  PID:5672
- C:\Windows\System\lVrcUUC.exe
  C:\Windows\System\lVrcUUC.exe
  2⤵
  PID:5688
- C:\Windows\System\yhtDETo.exe
  C:\Windows\System\yhtDETo.exe
  2⤵
  PID:5704
- C:\Windows\System\mEpMcnh.exe
  C:\Windows\System\mEpMcnh.exe
  2⤵
  PID:5720
- C:\Windows\System\okyAgpc.exe
  C:\Windows\System\okyAgpc.exe
  2⤵
  PID:5736
- C:\Windows\System\wENrOkH.exe
  C:\Windows\System\wENrOkH.exe
  2⤵
  PID:5752
- C:\Windows\System\SHHGurm.exe
  C:\Windows\System\SHHGurm.exe
  2⤵
  PID:5780
- C:\Windows\System\ChzDPIM.exe
  C:\Windows\System\ChzDPIM.exe
  2⤵
  PID:5800
- C:\Windows\System\CxrgnOX.exe
  C:\Windows\System\CxrgnOX.exe
  2⤵
  PID:5820
- C:\Windows\System\sAeltMT.exe
  C:\Windows\System\sAeltMT.exe
  2⤵
  PID:5836
- C:\Windows\System\JPPjaiL.exe
  C:\Windows\System\JPPjaiL.exe
  2⤵
  PID:5852
- C:\Windows\System\HbJVAOT.exe
  C:\Windows\System\HbJVAOT.exe
  2⤵
  PID:5868
- C:\Windows\System\PbzZixe.exe
  C:\Windows\System\PbzZixe.exe
  2⤵
  PID:5884
- C:\Windows\System\fAfbymC.exe
  C:\Windows\System\fAfbymC.exe
  2⤵
  PID:5928
- C:\Windows\System\GaZLVMF.exe
  C:\Windows\System\GaZLVMF.exe
  2⤵
  PID:5944
- C:\Windows\System\xbqoNlK.exe
  C:\Windows\System\xbqoNlK.exe
  2⤵
  PID:5968
- C:\Windows\System\ORZAAUG.exe
  C:\Windows\System\ORZAAUG.exe
  2⤵
  PID:5992
- C:\Windows\System\exZVMtQ.exe
  C:\Windows\System\exZVMtQ.exe
  2⤵
  PID:6008
- C:\Windows\System\lIGQWIm.exe
  C:\Windows\System\lIGQWIm.exe
  2⤵
  PID:6024
- C:\Windows\System\xxxKVln.exe
  C:\Windows\System\xxxKVln.exe
  2⤵
  PID:6040
- C:\Windows\System\MBpXMyT.exe
  C:\Windows\System\MBpXMyT.exe
  2⤵
  PID:6056
- C:\Windows\System\IwuUneo.exe
  C:\Windows\System\IwuUneo.exe
  2⤵
  PID:6072
- C:\Windows\System\FloqpFi.exe
  C:\Windows\System\FloqpFi.exe
  2⤵
  PID:6088
- C:\Windows\System\wMsQewW.exe
  C:\Windows\System\wMsQewW.exe
  2⤵
  PID:6104
- C:\Windows\System\JmVgKBC.exe
  C:\Windows\System\JmVgKBC.exe
  2⤵
  PID:6124
- C:\Windows\System\YEauzBG.exe
  C:\Windows\System\YEauzBG.exe
  2⤵
  PID:4524
- C:\Windows\System\Gulxhqz.exe
  C:\Windows\System\Gulxhqz.exe
  2⤵
  PID:5140
- C:\Windows\System\EAMlUde.exe
  C:\Windows\System\EAMlUde.exe
  2⤵
  PID:4780
- C:\Windows\System\aRJvjwY.exe
  C:\Windows\System\aRJvjwY.exe
  2⤵
  PID:900
- C:\Windows\System\waZxhYb.exe
  C:\Windows\System\waZxhYb.exe
  2⤵
  PID:5296
- C:\Windows\System\idnDNtd.exe
  C:\Windows\System\idnDNtd.exe
  2⤵
  PID:2736
- C:\Windows\System\gDCkQGF.exe
  C:\Windows\System\gDCkQGF.exe
  2⤵
  PID:5336
- C:\Windows\System\hPEoOtL.exe
  C:\Windows\System\hPEoOtL.exe
  2⤵
  PID:5400
- C:\Windows\System\oRTkXAh.exe
  C:\Windows\System\oRTkXAh.exe
  2⤵
  PID:5160
- C:\Windows\System\ZyzBMVc.exe
  C:\Windows\System\ZyzBMVc.exe
  2⤵
  PID:5236
- C:\Windows\System\OmzITLA.exe
  C:\Windows\System\OmzITLA.exe
  2⤵
  PID:5276
- C:\Windows\System\VbJwuIr.exe
  C:\Windows\System\VbJwuIr.exe
  2⤵
  PID:4384
- C:\Windows\System\iKbTCAi.exe
  C:\Windows\System\iKbTCAi.exe
  2⤵
  PID:5452
- C:\Windows\System\hVBbPdm.exe
  C:\Windows\System\hVBbPdm.exe
  2⤵
  PID:5508
- C:\Windows\System\drCpFDy.exe
  C:\Windows\System\drCpFDy.exe
  2⤵
  PID:5544
- C:\Windows\System\QStHzuN.exe
  C:\Windows\System\QStHzuN.exe
  2⤵
  PID:5584
- C:\Windows\System\dbrUCco.exe
  C:\Windows\System\dbrUCco.exe
  2⤵
  PID:5560
- C:\Windows\System\TwodLWM.exe
  C:\Windows\System\TwodLWM.exe
  2⤵
  PID:5636
- C:\Windows\System\dMkKUXT.exe
  C:\Windows\System\dMkKUXT.exe
  2⤵
  PID:5644
- C:\Windows\System\cGLbizp.exe
  C:\Windows\System\cGLbizp.exe
  2⤵
  PID:5684
- C:\Windows\System\VDabLiL.exe
  C:\Windows\System\VDabLiL.exe
  2⤵
  PID:5716
- C:\Windows\System\GcwymAK.exe
  C:\Windows\System\GcwymAK.exe
  2⤵
  PID:4556
- C:\Windows\System\XZvePKB.exe
  C:\Windows\System\XZvePKB.exe
  2⤵
  PID:5732
- C:\Windows\System\NgjXjzI.exe
  C:\Windows\System\NgjXjzI.exe
  2⤵
  PID:5796
- C:\Windows\System\NCBqeox.exe
  C:\Windows\System\NCBqeox.exe
  2⤵
  PID:5776
- C:\Windows\System\YFvQlLG.exe
  C:\Windows\System\YFvQlLG.exe
  2⤵
  PID:5828
- C:\Windows\System\prgPtnQ.exe
  C:\Windows\System\prgPtnQ.exe
  2⤵
  PID:5892
- C:\Windows\System\TccuYPQ.exe
  C:\Windows\System\TccuYPQ.exe
  2⤵
  PID:5912
- C:\Windows\System\ieHomkC.exe
  C:\Windows\System\ieHomkC.exe
  2⤵
  PID:5896
- C:\Windows\System\uytAQqX.exe
  C:\Windows\System\uytAQqX.exe
  2⤵
  PID:5952
- C:\Windows\System\vqjdHqx.exe
  C:\Windows\System\vqjdHqx.exe
  2⤵
  PID:5940
- C:\Windows\System\HVvPdik.exe
  C:\Windows\System\HVvPdik.exe
  2⤵
  PID:6004
- C:\Windows\System\qumDowi.exe
  C:\Windows\System\qumDowi.exe
  2⤵
  PID:5980
- C:\Windows\System\nxWJUju.exe
  C:\Windows\System\nxWJUju.exe
  2⤵
  PID:4500
- C:\Windows\System\frVVECN.exe
  C:\Windows\System\frVVECN.exe
  2⤵
  PID:4728
- C:\Windows\System\COmJFuR.exe
  C:\Windows\System\COmJFuR.exe
  2⤵
  PID:5260
- C:\Windows\System\dbytyLU.exe
  C:\Windows\System\dbytyLU.exe
  2⤵
  PID:6016
- C:\Windows\System\PFlpUVe.exe
  C:\Windows\System\PFlpUVe.exe
  2⤵
  PID:6052
- C:\Windows\System\ASRhwfW.exe
  C:\Windows\System\ASRhwfW.exe
  2⤵
  PID:6120
- C:\Windows\System\BucfruN.exe
  C:\Windows\System\BucfruN.exe
  2⤵
  PID:5332
- C:\Windows\System\NarGeKj.exe
  C:\Windows\System\NarGeKj.exe
  2⤵
  PID:5432
- C:\Windows\System\LtGaSIg.exe
  C:\Windows\System\LtGaSIg.exe
  2⤵
  PID:5244
- C:\Windows\System\EQAiTbQ.exe
  C:\Windows\System\EQAiTbQ.exe
  2⤵
  PID:5440
- C:\Windows\System\ymGJXob.exe
  C:\Windows\System\ymGJXob.exe
  2⤵
  PID:5488
- C:\Windows\System\QkeVQzj.exe
  C:\Windows\System\QkeVQzj.exe
  2⤵
  PID:5412
- C:\Windows\System\fBCQnPW.exe
  C:\Windows\System\fBCQnPW.exe
  2⤵
  PID:5616
- C:\Windows\System\trVvREq.exe
  C:\Windows\System\trVvREq.exe
  2⤵
  PID:5712
- C:\Windows\System\BIYmsoC.exe
  C:\Windows\System\BIYmsoC.exe
  2⤵
  PID:4560
- C:\Windows\System\sZAsmZs.exe
  C:\Windows\System\sZAsmZs.exe
  2⤵
  PID:5792
- C:\Windows\System\RsJwmic.exe
  C:\Windows\System\RsJwmic.exe
  2⤵
  PID:5816
- C:\Windows\System\lCzGWpT.exe
  C:\Windows\System\lCzGWpT.exe
  2⤵
  PID:5596
- C:\Windows\System\SHqnGDy.exe
  C:\Windows\System\SHqnGDy.exe
  2⤵
  PID:4916
- C:\Windows\System\AJwrhMz.exe
  C:\Windows\System\AJwrhMz.exe
  2⤵
  PID:5860
- C:\Windows\System\cVshuPb.exe
  C:\Windows\System\cVshuPb.exe
  2⤵
  PID:5960
- C:\Windows\System\rNAYqrZ.exe
  C:\Windows\System\rNAYqrZ.exe
  2⤵
  PID:6068
- C:\Windows\System\gTHjCSj.exe
  C:\Windows\System\gTHjCSj.exe
  2⤵
  PID:6140
- C:\Windows\System\UWMMfwr.exe
  C:\Windows\System\UWMMfwr.exe
  2⤵
  PID:5216
- C:\Windows\System\NYgMBux.exe
  C:\Windows\System\NYgMBux.exe
  2⤵
  PID:4784
- C:\Windows\System\VmRbBop.exe
  C:\Windows\System\VmRbBop.exe
  2⤵
  PID:6112
- C:\Windows\System\rxIQnjI.exe
  C:\Windows\System\rxIQnjI.exe
  2⤵
  PID:6048
- C:\Windows\System\pyjiBoe.exe
  C:\Windows\System\pyjiBoe.exe
  2⤵
  PID:6020
- C:\Windows\System\ixXQoUW.exe
  C:\Windows\System\ixXQoUW.exe
  2⤵
  PID:4748
- C:\Windows\System\dluYlTP.exe
  C:\Windows\System\dluYlTP.exe
  2⤵
  PID:5540
- C:\Windows\System\NZBXOjZ.exe
  C:\Windows\System\NZBXOjZ.exe
  2⤵
  PID:5472
- C:\Windows\System\fMzvDFf.exe
  C:\Windows\System\fMzvDFf.exe
  2⤵
  PID:5608
- C:\Windows\System\kmDqWSH.exe
  C:\Windows\System\kmDqWSH.exe
  2⤵
  PID:5652
- C:\Windows\System\WSoxUzl.exe
  C:\Windows\System\WSoxUzl.exe
  2⤵
  PID:5788
- C:\Windows\System\ArkVEVS.exe
  C:\Windows\System\ArkVEVS.exe
  2⤵
  PID:5768
- C:\Windows\System\XRNYQwF.exe
  C:\Windows\System\XRNYQwF.exe
  2⤵
  PID:5172
- C:\Windows\System\eKCAmlG.exe
  C:\Windows\System\eKCAmlG.exe
  2⤵
  PID:5200
- C:\Windows\System\YdlxWoz.exe
  C:\Windows\System\YdlxWoz.exe
  2⤵
  PID:5376
- C:\Windows\System\oldUBEG.exe
  C:\Windows\System\oldUBEG.exe
  2⤵
  PID:5920
- C:\Windows\System\wkUbvGQ.exe
  C:\Windows\System\wkUbvGQ.exe
  2⤵
  PID:4380
- C:\Windows\System\ZnrUuRk.exe
  C:\Windows\System\ZnrUuRk.exe
  2⤵
  PID:4884
- C:\Windows\System\jeZFqpn.exe
  C:\Windows\System\jeZFqpn.exe
  2⤵
  PID:6148
- C:\Windows\System\bGxJrtE.exe
  C:\Windows\System\bGxJrtE.exe
  2⤵
  PID:6164
- C:\Windows\System\MhrjXfB.exe
  C:\Windows\System\MhrjXfB.exe
  2⤵
  PID:6184
- C:\Windows\System\vRZGJQY.exe
  C:\Windows\System\vRZGJQY.exe
  2⤵
  PID:6208
- C:\Windows\System\KNXTNTv.exe
  C:\Windows\System\KNXTNTv.exe
  2⤵
  PID:6228
- C:\Windows\System\qxVkoJv.exe
  C:\Windows\System\qxVkoJv.exe
  2⤵
  PID:6252
- C:\Windows\System\nwFCmOZ.exe
  C:\Windows\System\nwFCmOZ.exe
  2⤵
  PID:6268
- C:\Windows\System\FAbEqnE.exe
  C:\Windows\System\FAbEqnE.exe
  2⤵
  PID:6284
- C:\Windows\System\IaroAdR.exe
  C:\Windows\System\IaroAdR.exe
  2⤵
  PID:6300
- C:\Windows\System\hFLLNVk.exe
  C:\Windows\System\hFLLNVk.exe
  2⤵
  PID:6316
- C:\Windows\System\ySqzEbd.exe
  C:\Windows\System\ySqzEbd.exe
  2⤵
  PID:6332
- C:\Windows\System\CQdznoU.exe
  C:\Windows\System\CQdznoU.exe
  2⤵
  PID:6356
- C:\Windows\System\UcdyceN.exe
  C:\Windows\System\UcdyceN.exe
  2⤵
  PID:6372
- C:\Windows\System\jUCHzxH.exe
  C:\Windows\System\jUCHzxH.exe
  2⤵
  PID:6444
- C:\Windows\System\nqOvKbG.exe
  C:\Windows\System\nqOvKbG.exe
  2⤵
  PID:6460
- C:\Windows\System\XxtcsbC.exe
  C:\Windows\System\XxtcsbC.exe
  2⤵
  PID:6476
- C:\Windows\System\ZjTeQDy.exe
  C:\Windows\System\ZjTeQDy.exe
  2⤵
  PID:6492
- C:\Windows\System\RJbKLeW.exe
  C:\Windows\System\RJbKLeW.exe
  2⤵
  PID:6508
- C:\Windows\System\ZQnrMCE.exe
  C:\Windows\System\ZQnrMCE.exe
  2⤵
  PID:6524
- C:\Windows\System\vcWPkzp.exe
  C:\Windows\System\vcWPkzp.exe
  2⤵
  PID:6540
- C:\Windows\System\RenjUlg.exe
  C:\Windows\System\RenjUlg.exe
  2⤵
  PID:6556
- C:\Windows\System\ZACwQkE.exe
  C:\Windows\System\ZACwQkE.exe
  2⤵
  PID:6584
- C:\Windows\System\QnCmjlI.exe
  C:\Windows\System\QnCmjlI.exe
  2⤵
  PID:6604
- C:\Windows\System\fYCnrbV.exe
  C:\Windows\System\fYCnrbV.exe
  2⤵
  PID:6620
- C:\Windows\System\VjNminD.exe
  C:\Windows\System\VjNminD.exe
  2⤵
  PID:6640
- C:\Windows\System\IDOKsre.exe
  C:\Windows\System\IDOKsre.exe
  2⤵
  PID:6684
- C:\Windows\System\gDOUpjD.exe
  C:\Windows\System\gDOUpjD.exe
  2⤵
  PID:6700
- C:\Windows\System\iGLQNvz.exe
  C:\Windows\System\iGLQNvz.exe
  2⤵
  PID:6716
- C:\Windows\System\YZcSeTG.exe
  C:\Windows\System\YZcSeTG.exe
  2⤵
  PID:6740
- C:\Windows\System\YGnULsm.exe
  C:\Windows\System\YGnULsm.exe
  2⤵
  PID:6760
- C:\Windows\System\iwJyAcE.exe
  C:\Windows\System\iwJyAcE.exe
  2⤵
  PID:6776
- C:\Windows\System\PnrdMaN.exe
  C:\Windows\System\PnrdMaN.exe
  2⤵
  PID:6796
- C:\Windows\System\kbdRNKT.exe
  C:\Windows\System\kbdRNKT.exe
  2⤵
  PID:6816
- C:\Windows\System\IzSicrN.exe
  C:\Windows\System\IzSicrN.exe
  2⤵
  PID:6836
- C:\Windows\System\OWYSMmR.exe
  C:\Windows\System\OWYSMmR.exe
  2⤵
  PID:6852
- C:\Windows\System\GnSASJv.exe
  C:\Windows\System\GnSASJv.exe
  2⤵
  PID:6868
- C:\Windows\System\TgIGVAa.exe
  C:\Windows\System\TgIGVAa.exe
  2⤵
  PID:6884
- C:\Windows\System\ygMKRMd.exe
  C:\Windows\System\ygMKRMd.exe
  2⤵
  PID:6904
- C:\Windows\System\UCdOuXw.exe
  C:\Windows\System\UCdOuXw.exe
  2⤵
  PID:6944
- C:\Windows\System\kzaxcoQ.exe
  C:\Windows\System\kzaxcoQ.exe
  2⤵
  PID:6960
- C:\Windows\System\pGvwofe.exe
  C:\Windows\System\pGvwofe.exe
  2⤵
  PID:6976
- C:\Windows\System\hwklTVn.exe
  C:\Windows\System\hwklTVn.exe
  2⤵
  PID:6996
- C:\Windows\System\BdlHDou.exe
  C:\Windows\System\BdlHDou.exe
  2⤵
  PID:7016
- C:\Windows\System\ckYpGRZ.exe
  C:\Windows\System\ckYpGRZ.exe
  2⤵
  PID:7032
- C:\Windows\System\beWMLNK.exe
  C:\Windows\System\beWMLNK.exe
  2⤵
  PID:7048
- C:\Windows\System\OpkUgrY.exe
  C:\Windows\System\OpkUgrY.exe
  2⤵
  PID:7064
- C:\Windows\System\ShOpMmK.exe
  C:\Windows\System\ShOpMmK.exe
  2⤵
  PID:7084
- C:\Windows\System\TuiAgEG.exe
  C:\Windows\System\TuiAgEG.exe
  2⤵
  PID:7100
- C:\Windows\System\jviQdsz.exe
  C:\Windows\System\jviQdsz.exe
  2⤵
  PID:7132
- C:\Windows\System\NMjfPYj.exe
  C:\Windows\System\NMjfPYj.exe
  2⤵
  PID:7152
- C:\Windows\System\djJYVfb.exe
  C:\Windows\System\djJYVfb.exe
  2⤵
  PID:5396
- C:\Windows\System\DBCvxJH.exe
  C:\Windows\System\DBCvxJH.exe
  2⤵
  PID:6216
- C:\Windows\System\oIVCsKh.exe
  C:\Windows\System\oIVCsKh.exe
  2⤵
  PID:5576
- C:\Windows\System\SgzXSPl.exe
  C:\Windows\System\SgzXSPl.exe
  2⤵
  PID:5340
- C:\Windows\System\QUWkBzN.exe
  C:\Windows\System\QUWkBzN.exe
  2⤵
  PID:6260
- C:\Windows\System\azgHsSd.exe
  C:\Windows\System\azgHsSd.exe
  2⤵
  PID:6364
- C:\Windows\System\dItfDUd.exe
  C:\Windows\System\dItfDUd.exe
  2⤵
  PID:848
- C:\Windows\System\gLCLxum.exe
  C:\Windows\System\gLCLxum.exe
  2⤵
  PID:5156
- C:\Windows\System\gXRuJae.exe
  C:\Windows\System\gXRuJae.exe
  2⤵
  PID:6384
- C:\Windows\System\QeviLZT.exe
  C:\Windows\System\QeviLZT.exe
  2⤵
  PID:6136
- C:\Windows\System\XNQNUnM.exe
  C:\Windows\System\XNQNUnM.exe
  2⤵
  PID:6308
- C:\Windows\System\jMFayqV.exe
  C:\Windows\System\jMFayqV.exe
  2⤵
  PID:6340
- C:\Windows\System\PFXfKzf.exe
  C:\Windows\System\PFXfKzf.exe
  2⤵
  PID:6084
- C:\Windows\System\gLIHhlP.exe
  C:\Windows\System\gLIHhlP.exe
  2⤵
  PID:6064
- C:\Windows\System\delnAty.exe
  C:\Windows\System\delnAty.exe
  2⤵
  PID:6424
- C:\Windows\System\kxligif.exe
  C:\Windows\System\kxligif.exe
  2⤵
  PID:6440
- C:\Windows\System\UqmLOqi.exe
  C:\Windows\System\UqmLOqi.exe
  2⤵
  PID:6488
- C:\Windows\System\BdCnOav.exe
  C:\Windows\System\BdCnOav.exe
  2⤵
  PID:6552
- C:\Windows\System\VJbMLnG.exe
  C:\Windows\System\VJbMLnG.exe
  2⤵
  PID:6600
- C:\Windows\System\laUPwKm.exe
  C:\Windows\System\laUPwKm.exe
  2⤵
  PID:6636
- C:\Windows\System\GRofZSJ.exe
  C:\Windows\System\GRofZSJ.exe
  2⤵
  PID:6504
- C:\Windows\System\qyDbitj.exe
  C:\Windows\System\qyDbitj.exe
  2⤵
  PID:6576
- C:\Windows\System\sYEDMOi.exe
  C:\Windows\System\sYEDMOi.exe
  2⤵
  PID:6660
- C:\Windows\System\NKITsDo.exe
  C:\Windows\System\NKITsDo.exe
  2⤵
  PID:6724
- C:\Windows\System\uLryekJ.exe
  C:\Windows\System\uLryekJ.exe
  2⤵
  PID:6804
- C:\Windows\System\YvBmKbS.exe
  C:\Windows\System\YvBmKbS.exe
  2⤵
  PID:6788
- C:\Windows\System\YiXdOjb.exe
  C:\Windows\System\YiXdOjb.exe
  2⤵
  PID:6860
- C:\Windows\System\OZIRKJu.exe
  C:\Windows\System\OZIRKJu.exe
  2⤵
  PID:6752
- C:\Windows\System\mOVsVAv.exe
  C:\Windows\System\mOVsVAv.exe
  2⤵
  PID:6844
- C:\Windows\System\dIPgZsE.exe
  C:\Windows\System\dIPgZsE.exe
  2⤵
  PID:6988
- C:\Windows\System\ZlLqjZE.exe
  C:\Windows\System\ZlLqjZE.exe
  2⤵
  PID:7044
- C:\Windows\System\TKDxQWH.exe
  C:\Windows\System\TKDxQWH.exe
  2⤵
  PID:7004
- C:\Windows\System\DUePiJA.exe
  C:\Windows\System\DUePiJA.exe
  2⤵
  PID:6956
- C:\Windows\System\WbBjvgM.exe
  C:\Windows\System\WbBjvgM.exe
  2⤵
  PID:6932
- C:\Windows\System\aFwnOEq.exe
  C:\Windows\System\aFwnOEq.exe
  2⤵
  PID:7040
- C:\Windows\System\AgnDXKw.exe
  C:\Windows\System\AgnDXKw.exe
  2⤵
  PID:7160
- C:\Windows\System\XkPblkl.exe
  C:\Windows\System\XkPblkl.exe
  2⤵
  PID:5176
- C:\Windows\System\lFayjoG.exe
  C:\Windows\System\lFayjoG.exe
  2⤵
  PID:7140
- C:\Windows\System\Egchzfk.exe
  C:\Windows\System\Egchzfk.exe
  2⤵
  PID:5352
- C:\Windows\System\mjjJMBR.exe
  C:\Windows\System\mjjJMBR.exe
  2⤵
  PID:5848
- C:\Windows\System\BCavSCI.exe
  C:\Windows\System\BCavSCI.exe
  2⤵
  PID:4172
- C:\Windows\System\afbBZEo.exe
  C:\Windows\System\afbBZEo.exe
  2⤵
  PID:6240
- C:\Windows\System\TGzeJAv.exe
  C:\Windows\System\TGzeJAv.exe
  2⤵
  PID:6396
- C:\Windows\System\ZngLyhP.exe
  C:\Windows\System\ZngLyhP.exe
  2⤵
  PID:6248
- C:\Windows\System\pDevxDp.exe
  C:\Windows\System\pDevxDp.exe
  2⤵
  PID:6408
- C:\Windows\System\WUQAQxh.exe
  C:\Windows\System\WUQAQxh.exe
  2⤵
  PID:6352
- C:\Windows\System\MkIOLsG.exe
  C:\Windows\System\MkIOLsG.exe
  2⤵
  PID:6416
- C:\Windows\System\EvePyjl.exe
  C:\Windows\System\EvePyjl.exe
  2⤵
  PID:6692
- C:\Windows\System\Abyghze.exe
  C:\Windows\System\Abyghze.exe
  2⤵
  PID:6664
- C:\Windows\System\xKtqliY.exe
  C:\Windows\System\xKtqliY.exe
  2⤵
  PID:6676
- C:\Windows\System\cbyIVYA.exe
  C:\Windows\System\cbyIVYA.exe
  2⤵
  PID:6708
- C:\Windows\System\nBRjcTP.exe
  C:\Windows\System\nBRjcTP.exe
  2⤵
  PID:6500
- C:\Windows\System\qMLlJZR.exe
  C:\Windows\System\qMLlJZR.exe
  2⤵
  PID:6896
- C:\Windows\System\ndURCqG.exe
  C:\Windows\System\ndURCqG.exe
  2⤵
  PID:6784
- C:\Windows\System\tvtkcjt.exe
  C:\Windows\System\tvtkcjt.exe
  2⤵
  PID:7096
- C:\Windows\System\OlbTRQv.exe
  C:\Windows\System\OlbTRQv.exe
  2⤵
  PID:6876
- C:\Windows\System\VQeOFUu.exe
  C:\Windows\System\VQeOFUu.exe
  2⤵
  PID:6940
- C:\Windows\System\EdfiJFr.exe
  C:\Windows\System\EdfiJFr.exe
  2⤵
  PID:7144
- C:\Windows\System\vxorZsm.exe
  C:\Windows\System\vxorZsm.exe
  2⤵
  PID:6100
- C:\Windows\System\VcKiQbJ.exe
  C:\Windows\System\VcKiQbJ.exe
  2⤵
  PID:7148
- C:\Windows\System\eXSIpCB.exe
  C:\Windows\System\eXSIpCB.exe
  2⤵
  PID:5304
- C:\Windows\System\NeQwxmZ.exe
  C:\Windows\System\NeQwxmZ.exe
  2⤵
  PID:5808
- C:\Windows\System\qkWUroZ.exe
  C:\Windows\System\qkWUroZ.exe
  2⤵
  PID:6592
- C:\Windows\System\LOyrVmR.exe
  C:\Windows\System\LOyrVmR.exe
  2⤵
  PID:6400
- C:\Windows\System\hSfFuiK.exe
  C:\Windows\System\hSfFuiK.exe
  2⤵
  PID:6572
- C:\Windows\System\uuWUuAE.exe
  C:\Windows\System\uuWUuAE.exe
  2⤵
  PID:6468
- C:\Windows\System\rKMBBKi.exe
  C:\Windows\System\rKMBBKi.exe
  2⤵
  PID:6680
- C:\Windows\System\sovpYtJ.exe
  C:\Windows\System\sovpYtJ.exe
  2⤵
  PID:6520
- C:\Windows\System\tJnUXQS.exe
  C:\Windows\System\tJnUXQS.exe
  2⤵
  PID:6832
- C:\Windows\System\yEuHqER.exe
  C:\Windows\System\yEuHqER.exe
  2⤵
  PID:7080
- C:\Windows\System\BHRiaTY.exe
  C:\Windows\System\BHRiaTY.exe
  2⤵
  PID:6920
- C:\Windows\System\sKlNIgE.exe
  C:\Windows\System\sKlNIgE.exe
  2⤵
  PID:6924
- C:\Windows\System\hHRNmso.exe
  C:\Windows\System\hHRNmso.exe
  2⤵
  PID:7112
- C:\Windows\System\OoCKDzI.exe
  C:\Windows\System\OoCKDzI.exe
  2⤵
  PID:6236
- C:\Windows\System\SkQxUqT.exe
  C:\Windows\System\SkQxUqT.exe
  2⤵
  PID:5904
- C:\Windows\System\gHnCaSs.exe
  C:\Windows\System\gHnCaSs.exe
  2⤵
  PID:7024
- C:\Windows\System\eKFRRmf.exe
  C:\Windows\System\eKFRRmf.exe
  2⤵
  PID:6432
- C:\Windows\System\DFtqRGf.exe
  C:\Windows\System\DFtqRGf.exe
  2⤵
  PID:6712
- C:\Windows\System\dCbfukd.exe
  C:\Windows\System\dCbfukd.exe
  2⤵
  PID:6952
- C:\Windows\System\gCmuSIE.exe
  C:\Windows\System\gCmuSIE.exe
  2⤵
  PID:7124
- C:\Windows\System\nbCqRPp.exe
  C:\Windows\System\nbCqRPp.exe
  2⤵
  PID:6648
- C:\Windows\System\ybmVvCS.exe
  C:\Windows\System\ybmVvCS.exe
  2⤵
  PID:6892
- C:\Windows\System\EjYMrco.exe
  C:\Windows\System\EjYMrco.exe
  2⤵
  PID:6328
- C:\Windows\System\hPcnnSl.exe
  C:\Windows\System\hPcnnSl.exe
  2⤵
  PID:7180
- C:\Windows\System\aMqVEou.exe
  C:\Windows\System\aMqVEou.exe
  2⤵
  PID:7216
- C:\Windows\System\Obihrbw.exe
  C:\Windows\System\Obihrbw.exe
  2⤵
  PID:7232
- C:\Windows\System\FPXsuSf.exe
  C:\Windows\System\FPXsuSf.exe
  2⤵
  PID:7248
- C:\Windows\System\YlAeBuv.exe
  C:\Windows\System\YlAeBuv.exe
  2⤵
  PID:7268
- C:\Windows\System\uzxuoiv.exe
  C:\Windows\System\uzxuoiv.exe
  2⤵
  PID:7288
- C:\Windows\System\jIzudlk.exe
  C:\Windows\System\jIzudlk.exe
  2⤵
  PID:7304
- C:\Windows\System\YDCpZoP.exe
  C:\Windows\System\YDCpZoP.exe
  2⤵
  PID:7328
- C:\Windows\System\OizMpAR.exe
  C:\Windows\System\OizMpAR.exe
  2⤵
  PID:7344
- C:\Windows\System\nUyQcoh.exe
  C:\Windows\System\nUyQcoh.exe
  2⤵
  PID:7364
- C:\Windows\System\OGtvORA.exe
  C:\Windows\System\OGtvORA.exe
  2⤵
  PID:7388
- C:\Windows\System\DCioRKm.exe
  C:\Windows\System\DCioRKm.exe
  2⤵
  PID:7404
- C:\Windows\System\EMCAGmK.exe
  C:\Windows\System\EMCAGmK.exe
  2⤵
  PID:7432
- C:\Windows\System\MjCSyJl.exe
  C:\Windows\System\MjCSyJl.exe
  2⤵
  PID:7448
- C:\Windows\System\RjjYGqv.exe
  C:\Windows\System\RjjYGqv.exe
  2⤵
  PID:7464
- C:\Windows\System\TGMQmYO.exe
  C:\Windows\System\TGMQmYO.exe
  2⤵
  PID:7480
- C:\Windows\System\pYKYFFA.exe
  C:\Windows\System\pYKYFFA.exe
  2⤵
  PID:7500
- C:\Windows\System\jxjVLKP.exe
  C:\Windows\System\jxjVLKP.exe
  2⤵
  PID:7516
- C:\Windows\System\fNJcpdt.exe
  C:\Windows\System\fNJcpdt.exe
  2⤵
  PID:7536
- C:\Windows\System\FlhBPON.exe
  C:\Windows\System\FlhBPON.exe
  2⤵
  PID:7552
- C:\Windows\System\vZoJBjG.exe
  C:\Windows\System\vZoJBjG.exe
  2⤵
  PID:7568
- C:\Windows\System\tMCVYXw.exe
  C:\Windows\System\tMCVYXw.exe
  2⤵
  PID:7588
- C:\Windows\System\ohpUkvm.exe
  C:\Windows\System\ohpUkvm.exe
  2⤵
  PID:7612
- C:\Windows\System\VnPeBOL.exe
  C:\Windows\System\VnPeBOL.exe
  2⤵
  PID:7644
- C:\Windows\System\KwLjIwg.exe
  C:\Windows\System\KwLjIwg.exe
  2⤵
  PID:7676
- C:\Windows\System\ZeUupKz.exe
  C:\Windows\System\ZeUupKz.exe
  2⤵
  PID:7696
- C:\Windows\System\MXpOgon.exe
  C:\Windows\System\MXpOgon.exe
  2⤵
  PID:7716
- C:\Windows\System\OtqNMVW.exe
  C:\Windows\System\OtqNMVW.exe
  2⤵
  PID:7736
- C:\Windows\System\UtrfFPI.exe
  C:\Windows\System\UtrfFPI.exe
  2⤵
  PID:7756
- C:\Windows\System\ViMMfHU.exe
  C:\Windows\System\ViMMfHU.exe
  2⤵
  PID:7776
- C:\Windows\System\eGpxfdJ.exe
  C:\Windows\System\eGpxfdJ.exe
  2⤵
  PID:7792
- C:\Windows\System\gpxnHSh.exe
  C:\Windows\System\gpxnHSh.exe
  2⤵
  PID:7820
- C:\Windows\System\WexSnFe.exe
  C:\Windows\System\WexSnFe.exe
  2⤵
  PID:7840
- C:\Windows\System\YPAePEZ.exe
  C:\Windows\System\YPAePEZ.exe
  2⤵
  PID:7856
- C:\Windows\System\cGyFyoZ.exe
  C:\Windows\System\cGyFyoZ.exe
  2⤵
  PID:7880
- C:\Windows\System\zVRGweh.exe
  C:\Windows\System\zVRGweh.exe
  2⤵
  PID:7904
- C:\Windows\System\TzpNpHl.exe
  C:\Windows\System\TzpNpHl.exe
  2⤵
  PID:7920
- C:\Windows\System\UlrpAct.exe
  C:\Windows\System\UlrpAct.exe
  2⤵
  PID:7936
- C:\Windows\System\GaoOvoG.exe
  C:\Windows\System\GaoOvoG.exe
  2⤵
  PID:7952
- C:\Windows\System\yjbyZUj.exe
  C:\Windows\System\yjbyZUj.exe
  2⤵
  PID:7972
- C:\Windows\System\uErOgpq.exe
  C:\Windows\System\uErOgpq.exe
  2⤵
  PID:7992
- C:\Windows\System\DjsQNtN.exe
  C:\Windows\System\DjsQNtN.exe
  2⤵
  PID:8008
- C:\Windows\System\WJWXzaa.exe
  C:\Windows\System\WJWXzaa.exe
  2⤵
  PID:8024
- C:\Windows\System\qnophaP.exe
  C:\Windows\System\qnophaP.exe
  2⤵
  PID:8044
- C:\Windows\System\rmKGnNl.exe
  C:\Windows\System\rmKGnNl.exe
  2⤵
  PID:8064
- C:\Windows\System\AFlVhKX.exe
  C:\Windows\System\AFlVhKX.exe
  2⤵
  PID:8080
- C:\Windows\System\CAkPSKN.exe
  C:\Windows\System\CAkPSKN.exe
  2⤵
  PID:8100
- C:\Windows\System\ZCyLnzd.exe
  C:\Windows\System\ZCyLnzd.exe
  2⤵
  PID:8120
- C:\Windows\System\DEdUlGx.exe
  C:\Windows\System\DEdUlGx.exe
  2⤵
  PID:8136
- C:\Windows\System\QfKVsUs.exe
  C:\Windows\System\QfKVsUs.exe
  2⤵
  PID:8152
- C:\Windows\System\xTEzOdv.exe
  C:\Windows\System\xTEzOdv.exe
  2⤵
  PID:8172
- C:\Windows\System\yanrbcM.exe
  C:\Windows\System\yanrbcM.exe
  2⤵
  PID:8188
- C:\Windows\System\qcUGbek.exe
  C:\Windows\System\qcUGbek.exe
  2⤵
  PID:6344
- C:\Windows\System\ZyVblzQ.exe
  C:\Windows\System\ZyVblzQ.exe
  2⤵
  PID:5496
- C:\Windows\System\KOQTOoS.exe
  C:\Windows\System\KOQTOoS.exe
  2⤵
  PID:7172
- C:\Windows\System\MGLBtSA.exe
  C:\Windows\System\MGLBtSA.exe
  2⤵
  PID:7196
- C:\Windows\System\KnvjGIb.exe
  C:\Windows\System\KnvjGIb.exe
  2⤵
  PID:7212
- C:\Windows\System\GLZJazS.exe
  C:\Windows\System\GLZJazS.exe
  2⤵
  PID:7284
- C:\Windows\System\QuaICza.exe
  C:\Windows\System\QuaICza.exe
  2⤵
  PID:7264
- C:\Windows\System\RMoMOWQ.exe
  C:\Windows\System\RMoMOWQ.exe
  2⤵
  PID:7296
- C:\Windows\System\gFumWLX.exe
  C:\Windows\System\gFumWLX.exe
  2⤵
  PID:7336
- C:\Windows\System\OieYqoD.exe
  C:\Windows\System\OieYqoD.exe
  2⤵
  PID:7424
- C:\Windows\System\boMNHVV.exe
  C:\Windows\System\boMNHVV.exe
  2⤵
  PID:7372
- C:\Windows\System\OZBoXGX.exe
  C:\Windows\System\OZBoXGX.exe
  2⤵
  PID:7472
- C:\Windows\System\XozJxlg.exe
  C:\Windows\System\XozJxlg.exe
  2⤵
  PID:7544
- C:\Windows\System\PvNIaVv.exe
  C:\Windows\System\PvNIaVv.exe
  2⤵
  PID:7584
- C:\Windows\System\FHCjWGr.exe
  C:\Windows\System\FHCjWGr.exe
  2⤵
  PID:7632
- C:\Windows\System\XTgSXwl.exe
  C:\Windows\System\XTgSXwl.exe
  2⤵
  PID:7608
- C:\Windows\System\vfliLWs.exe
  C:\Windows\System\vfliLWs.exe
  2⤵
  PID:7688
- C:\Windows\System\NlCdEVy.exe
  C:\Windows\System\NlCdEVy.exe
  2⤵
  PID:7560
- C:\Windows\System\DJTwLuL.exe
  C:\Windows\System\DJTwLuL.exe
  2⤵
  PID:7764
- C:\Windows\System\OWMLdit.exe
  C:\Windows\System\OWMLdit.exe
  2⤵
  PID:7800
- C:\Windows\System\rkNlmdc.exe
  C:\Windows\System\rkNlmdc.exe
  2⤵
  PID:7672
- C:\Windows\System\IlJpNuO.exe
  C:\Windows\System\IlJpNuO.exe
  2⤵
  PID:7788
- C:\Windows\System\jznKFuy.exe
  C:\Windows\System\jznKFuy.exe
  2⤵
  PID:7812
- C:\Windows\System\hxrkWtk.exe
  C:\Windows\System\hxrkWtk.exe
  2⤵
  PID:7848
- C:\Windows\System\sieboTu.exe
  C:\Windows\System\sieboTu.exe
  2⤵
  PID:7900
- C:\Windows\System\ogGgblt.exe
  C:\Windows\System\ogGgblt.exe
  2⤵
  PID:7876
- C:\Windows\System\hzaALAz.exe
  C:\Windows\System\hzaALAz.exe
  2⤵
  PID:8000
- C:\Windows\System\qStASJU.exe
  C:\Windows\System\qStASJU.exe
  2⤵
  PID:8040
- C:\Windows\System\qFLiisc.exe
  C:\Windows\System\qFLiisc.exe
  2⤵
  PID:8116
- C:\Windows\System\VniBHbZ.exe
  C:\Windows\System\VniBHbZ.exe
  2⤵
  PID:6276
- C:\Windows\System\MXBRzvP.exe
  C:\Windows\System\MXBRzvP.exe
  2⤵
  PID:6812
- C:\Windows\System\eDMzuir.exe
  C:\Windows\System\eDMzuir.exe
  2⤵
  PID:8096
- C:\Windows\System\IiNUPOe.exe
  C:\Windows\System\IiNUPOe.exe
  2⤵
  PID:7988
- C:\Windows\System\dQimIkh.exe
  C:\Windows\System\dQimIkh.exe
  2⤵
  PID:7944
- C:\Windows\System\evWQXhn.exe
  C:\Windows\System\evWQXhn.exe
  2⤵
  PID:8020
- C:\Windows\System\WGWqXcl.exe
  C:\Windows\System\WGWqXcl.exe
  2⤵
  PID:7260
- C:\Windows\System\ArElxiJ.exe
  C:\Windows\System\ArElxiJ.exe
  2⤵
  PID:7224
- C:\Windows\System\amxWgrE.exe
  C:\Windows\System\amxWgrE.exe
  2⤵
  PID:7440
- C:\Windows\System\ZheomAi.exe
  C:\Windows\System\ZheomAi.exe
  2⤵
  PID:7580
- C:\Windows\System\ZDRJAAF.exe
  C:\Windows\System\ZDRJAAF.exe
  2⤵
  PID:7724
- C:\Windows\System\fCnrRoI.exe
  C:\Windows\System\fCnrRoI.exe
  2⤵
  PID:7708
- C:\Windows\System\doOJipZ.exe
  C:\Windows\System\doOJipZ.exe
  2⤵
  PID:7832
- C:\Windows\System\UqoycHK.exe
  C:\Windows\System\UqoycHK.exe
  2⤵
  PID:7872
- C:\Windows\System\Iekwuof.exe
  C:\Windows\System\Iekwuof.exe
  2⤵
  PID:6756
- C:\Windows\System\qsKXxht.exe
  C:\Windows\System\qsKXxht.exe
  2⤵
  PID:7640
- C:\Windows\System\QOaYcXu.exe
  C:\Windows\System\QOaYcXu.exe
  2⤵
  PID:7732
- C:\Windows\System\VVshXQv.exe
  C:\Windows\System\VVshXQv.exe
  2⤵
  PID:7808
- C:\Windows\System\ubEpzEM.exe
  C:\Windows\System\ubEpzEM.exe
  2⤵
  PID:7932
- C:\Windows\System\rFQtxvA.exe
  C:\Windows\System\rFQtxvA.exe
  2⤵
  PID:8112
- C:\Windows\System\LRsEZBW.exe
  C:\Windows\System\LRsEZBW.exe
  2⤵
  PID:6204
- C:\Windows\System\IXDmMmI.exe
  C:\Windows\System\IXDmMmI.exe
  2⤵
  PID:7980
- C:\Windows\System\MUSZuoG.exe
  C:\Windows\System\MUSZuoG.exe
  2⤵
  PID:7984
- C:\Windows\System\wYdover.exe
  C:\Windows\System\wYdover.exe
  2⤵
  PID:8168
- C:\Windows\System\xLgScTk.exe
  C:\Windows\System\xLgScTk.exe
  2⤵
  PID:6768
- C:\Windows\System\mvMqOWF.exe
  C:\Windows\System\mvMqOWF.exe
  2⤵
  PID:7596
- C:\Windows\System\HlADZPx.exe
  C:\Windows\System\HlADZPx.exe
  2⤵
  PID:7784
- C:\Windows\System\HcdBiMb.exe
  C:\Windows\System\HcdBiMb.exe
  2⤵
  PID:7488
- C:\Windows\System\etbGEiS.exe
  C:\Windows\System\etbGEiS.exe
  2⤵
  PID:1496
- C:\Windows\System\fCgrNDr.exe
  C:\Windows\System\fCgrNDr.exe
  2⤵
  PID:7656
- C:\Windows\System\iGBZmEK.exe
  C:\Windows\System\iGBZmEK.exe
  2⤵
  PID:7508
- C:\Windows\System\HuZVGWN.exe
  C:\Windows\System\HuZVGWN.exe
  2⤵
  PID:7912
- C:\Windows\System\spHkUSa.exe
  C:\Windows\System\spHkUSa.exe
  2⤵
  PID:7804
- C:\Windows\System\oBKjzcU.exe
  C:\Windows\System\oBKjzcU.exe
  2⤵
  PID:7960
- C:\Windows\System\ofnmogD.exe
  C:\Windows\System\ofnmogD.exe
  2⤵
  PID:7256
- C:\Windows\System\QwOPcVz.exe
  C:\Windows\System\QwOPcVz.exe
  2⤵
  PID:8128
- C:\Windows\System\ovhsVWj.exe
  C:\Windows\System\ovhsVWj.exe
  2⤵
  PID:7420
- C:\Windows\System\TdTGEfP.exe
  C:\Windows\System\TdTGEfP.exe
  2⤵
  PID:8180
- C:\Windows\System\caDlzfb.exe
  C:\Windows\System\caDlzfb.exe
  2⤵
  PID:8148
- C:\Windows\System\VLNahWr.exe
  C:\Windows\System\VLNahWr.exe
  2⤵
  PID:7276
- C:\Windows\System\PWmuLge.exe
  C:\Windows\System\PWmuLge.exe
  2⤵
  PID:8076
- C:\Windows\System\FxkhBiH.exe
  C:\Windows\System\FxkhBiH.exe
  2⤵
  PID:7928
- C:\Windows\System\DuynFmA.exe
  C:\Windows\System\DuynFmA.exe
  2⤵
  PID:8164
- C:\Windows\System\qoTFbWt.exe
  C:\Windows\System\qoTFbWt.exe
  2⤵
  PID:7660
- C:\Windows\System\HruDfde.exe
  C:\Windows\System\HruDfde.exe
  2⤵
  PID:6736
- C:\Windows\System\RTkvFel.exe
  C:\Windows\System\RTkvFel.exe
  2⤵
  PID:7188
- C:\Windows\System\atuEwst.exe
  C:\Windows\System\atuEwst.exe
  2⤵
  PID:7496
- C:\Windows\System\RHvwWbD.exe
  C:\Windows\System\RHvwWbD.exe
  2⤵
  PID:7240
- C:\Windows\System\GSHGzxA.exe
  C:\Windows\System\GSHGzxA.exe
  2⤵
  PID:8204
- C:\Windows\System\oGSItZQ.exe
  C:\Windows\System\oGSItZQ.exe
  2⤵
  PID:8232
- C:\Windows\System\LfsygdT.exe
  C:\Windows\System\LfsygdT.exe
  2⤵
  PID:8256
- C:\Windows\System\EcuIeWv.exe
  C:\Windows\System\EcuIeWv.exe
  2⤵
  PID:8272
- C:\Windows\System\mGHDZxB.exe
  C:\Windows\System\mGHDZxB.exe
  2⤵
  PID:8288
- C:\Windows\System\ordQXdZ.exe
  C:\Windows\System\ordQXdZ.exe
  2⤵
  PID:8316
- C:\Windows\System\UoDCade.exe
  C:\Windows\System\UoDCade.exe
  2⤵
  PID:8344
- C:\Windows\System\FDUrXBM.exe
  C:\Windows\System\FDUrXBM.exe
  2⤵
  PID:8364
- C:\Windows\System\HUKXKfg.exe
  C:\Windows\System\HUKXKfg.exe
  2⤵
  PID:8380
- C:\Windows\System\CeZhYhz.exe
  C:\Windows\System\CeZhYhz.exe
  2⤵
  PID:8400
- C:\Windows\System\RsCemvn.exe
  C:\Windows\System\RsCemvn.exe
  2⤵
  PID:8424
- C:\Windows\System\vpRKoMF.exe
  C:\Windows\System\vpRKoMF.exe
  2⤵
  PID:8440
- C:\Windows\System\QgiuBWQ.exe
  C:\Windows\System\QgiuBWQ.exe
  2⤵
  PID:8456
- C:\Windows\System\PjDtvYO.exe
  C:\Windows\System\PjDtvYO.exe
  2⤵
  PID:8472
- C:\Windows\System\hJmDorg.exe
  C:\Windows\System\hJmDorg.exe
  2⤵
  PID:8496
- C:\Windows\System\pemyCxo.exe
  C:\Windows\System\pemyCxo.exe
  2⤵
  PID:8512
- C:\Windows\System\rKyCnHz.exe
  C:\Windows\System\rKyCnHz.exe
  2⤵
  PID:8532
- C:\Windows\System\YRVDHCC.exe
  C:\Windows\System\YRVDHCC.exe
  2⤵
  PID:8556
- C:\Windows\System\thtKJOJ.exe
  C:\Windows\System\thtKJOJ.exe
  2⤵
  PID:8584
- C:\Windows\System\bGdbuBH.exe
  C:\Windows\System\bGdbuBH.exe
  2⤵
  PID:8600
- C:\Windows\System\vLLEsNh.exe
  C:\Windows\System\vLLEsNh.exe
  2⤵
  PID:8628
- C:\Windows\System\mGEuYWB.exe
  C:\Windows\System\mGEuYWB.exe
  2⤵
  PID:8648
- C:\Windows\System\GXKVVbh.exe
  C:\Windows\System\GXKVVbh.exe
  2⤵
  PID:8664
- C:\Windows\System\MVLptDX.exe
  C:\Windows\System\MVLptDX.exe
  2⤵
  PID:8680
- C:\Windows\System\AfkInKe.exe
  C:\Windows\System\AfkInKe.exe
  2⤵
  PID:8700
- C:\Windows\System\pWXVdkE.exe
  C:\Windows\System\pWXVdkE.exe
  2⤵
  PID:8724
- C:\Windows\System\phzHbtl.exe
  C:\Windows\System\phzHbtl.exe
  2⤵
  PID:8744
- C:\Windows\System\VSIiiOm.exe
  C:\Windows\System\VSIiiOm.exe
  2⤵
  PID:8764
- C:\Windows\System\kVsBibH.exe
  C:\Windows\System\kVsBibH.exe
  2⤵
  PID:8780
- C:\Windows\System\LPlUJsA.exe
  C:\Windows\System\LPlUJsA.exe
  2⤵
  PID:8796
- C:\Windows\System\CBHSebE.exe
  C:\Windows\System\CBHSebE.exe
  2⤵
  PID:8812
- C:\Windows\System\jfmNyDc.exe
  C:\Windows\System\jfmNyDc.exe
  2⤵
  PID:8852
- C:\Windows\System\pWbYVwX.exe
  C:\Windows\System\pWbYVwX.exe
  2⤵
  PID:8868
- C:\Windows\System\hLCsAPf.exe
  C:\Windows\System\hLCsAPf.exe
  2⤵
  PID:8888
- C:\Windows\System\etcCVQE.exe
  C:\Windows\System\etcCVQE.exe
  2⤵
  PID:8908
- C:\Windows\System\aNTqbbe.exe
  C:\Windows\System\aNTqbbe.exe
  2⤵
  PID:8928
- C:\Windows\System\sXmaarB.exe
  C:\Windows\System\sXmaarB.exe
  2⤵
  PID:8944
- C:\Windows\System\sdcBBmT.exe
  C:\Windows\System\sdcBBmT.exe
  2⤵
  PID:8968
- C:\Windows\System\dfkrUNM.exe
  C:\Windows\System\dfkrUNM.exe
  2⤵
  PID:8992
- C:\Windows\System\zlCHVxt.exe
  C:\Windows\System\zlCHVxt.exe
  2⤵
  PID:9008
- C:\Windows\System\Rkbpmjw.exe
  C:\Windows\System\Rkbpmjw.exe
  2⤵
  PID:9024
- C:\Windows\System\dzGwTfP.exe
  C:\Windows\System\dzGwTfP.exe
  2⤵
  PID:9040
- C:\Windows\System\SJOEdKI.exe
  C:\Windows\System\SJOEdKI.exe
  2⤵
  PID:9060
- C:\Windows\System\RltjfkX.exe
  C:\Windows\System\RltjfkX.exe
  2⤵
  PID:9076
- C:\Windows\System\PZVCQzb.exe
  C:\Windows\System\PZVCQzb.exe
  2⤵
  PID:9116
- C:\Windows\System\BFzBLiY.exe
  C:\Windows\System\BFzBLiY.exe
  2⤵
  PID:9132
- C:\Windows\System\GbsOLKZ.exe
  C:\Windows\System\GbsOLKZ.exe
  2⤵
  PID:9152
- C:\Windows\System\IPTgCZh.exe
  C:\Windows\System\IPTgCZh.exe
  2⤵
  PID:9172
- C:\Windows\System\OxucUjQ.exe
  C:\Windows\System\OxucUjQ.exe
  2⤵
  PID:9188
- C:\Windows\System\GKQydrm.exe
  C:\Windows\System\GKQydrm.exe
  2⤵
  PID:9212
- C:\Windows\System\PThGMbP.exe
  C:\Windows\System\PThGMbP.exe
  2⤵
  PID:7400
- C:\Windows\System\lrBTqxr.exe
  C:\Windows\System\lrBTqxr.exe
  2⤵
  PID:8252
- C:\Windows\System\eTypdSM.exe
  C:\Windows\System\eTypdSM.exe
  2⤵
  PID:7460
- C:\Windows\System\BwxjRhl.exe
  C:\Windows\System\BwxjRhl.exe
  2⤵
  PID:7888
- C:\Windows\System\EJLoekU.exe
  C:\Windows\System\EJLoekU.exe
  2⤵
  PID:8264
- C:\Windows\System\hMGneye.exe
  C:\Windows\System\hMGneye.exe
  2⤵
  PID:8300
- C:\Windows\System\SBapnmF.exe
  C:\Windows\System\SBapnmF.exe
  2⤵
  PID:8228
- C:\Windows\System\pbxzQIu.exe
  C:\Windows\System\pbxzQIu.exe
  2⤵
  PID:8340
- C:\Windows\System\FYjsoBL.exe
  C:\Windows\System\FYjsoBL.exe
  2⤵
  PID:8352
- C:\Windows\System\QdrlEKA.exe
  C:\Windows\System\QdrlEKA.exe
  2⤵
  PID:8416
- C:\Windows\System\wrnwiQw.exe
  C:\Windows\System\wrnwiQw.exe
  2⤵
  PID:8488
- C:\Windows\System\pqaeniU.exe
  C:\Windows\System\pqaeniU.exe
  2⤵
  PID:8468
- C:\Windows\System\mPrrTXo.exe
  C:\Windows\System\mPrrTXo.exe
  2⤵
  PID:8580
- C:\Windows\System\wSahbTe.exe
  C:\Windows\System\wSahbTe.exe
  2⤵
  PID:8432
- C:\Windows\System\xeXgfMV.exe
  C:\Windows\System\xeXgfMV.exe
  2⤵
  PID:8544
- C:\Windows\System\lbjNFhD.exe
  C:\Windows\System\lbjNFhD.exe
  2⤵
  PID:8592
- C:\Windows\System\nAhkTJx.exe
  C:\Windows\System\nAhkTJx.exe
  2⤵
  PID:8644
- C:\Windows\System\tQLHLzo.exe
  C:\Windows\System\tQLHLzo.exe
  2⤵
  PID:8696
- C:\Windows\System\PGxxzxt.exe
  C:\Windows\System\PGxxzxt.exe
  2⤵
  PID:8708
- C:\Windows\System\fuRFbuk.exe
  C:\Windows\System\fuRFbuk.exe
  2⤵
  PID:8736
- C:\Windows\System\UVOwdkF.exe
  C:\Windows\System\UVOwdkF.exe
  2⤵
  PID:8752
- C:\Windows\System\AKKPacT.exe
  C:\Windows\System\AKKPacT.exe
  2⤵
  PID:8792
- C:\Windows\System\bbukFqe.exe
  C:\Windows\System\bbukFqe.exe
  2⤵
  PID:8824
- C:\Windows\System\trDfxEC.exe
  C:\Windows\System\trDfxEC.exe
  2⤵
  PID:8552
- C:\Windows\System\GozNNYR.exe
  C:\Windows\System\GozNNYR.exe
  2⤵
  PID:8900
- C:\Windows\System\WstsmCe.exe
  C:\Windows\System\WstsmCe.exe
  2⤵
  PID:8884
- C:\Windows\System\SHuwgHc.exe
  C:\Windows\System\SHuwgHc.exe
  2⤵
  PID:8980
- C:\Windows\System\GtvPzjZ.exe
  C:\Windows\System\GtvPzjZ.exe
  2⤵
  PID:9052
- C:\Windows\System\fmryzJK.exe
  C:\Windows\System\fmryzJK.exe
  2⤵
  PID:9004
- C:\Windows\System\xkMfNpk.exe
  C:\Windows\System\xkMfNpk.exe
  2⤵
  PID:9100
- C:\Windows\System\zJsqiBJ.exe
  C:\Windows\System\zJsqiBJ.exe
  2⤵
  PID:9128
- C:\Windows\System\IsyQnBY.exe
  C:\Windows\System\IsyQnBY.exe
  2⤵
  PID:9164
- C:\Windows\System\hJojyov.exe
  C:\Windows\System\hJojyov.exe
  2⤵
  PID:9196
- C:\Windows\System\dATpbNL.exe
  C:\Windows\System\dATpbNL.exe
  2⤵
  PID:8200
- C:\Windows\System\FQDpRkz.exe
  C:\Windows\System\FQDpRkz.exe
  2⤵
  PID:7748
- C:\Windows\System\uuRaBVz.exe
  C:\Windows\System\uuRaBVz.exe
  2⤵
  PID:8088
- C:\Windows\System\uAygxST.exe
  C:\Windows\System\uAygxST.exe
  2⤵
  PID:8844
- C:\Windows\System\JdEiJCg.exe
  C:\Windows\System\JdEiJCg.exe
  2⤵
  PID:8324
- C:\Windows\System\rMdgcMA.exe
  C:\Windows\System\rMdgcMA.exe
  2⤵
  PID:8224
- C:\Windows\System\glVqJip.exe
  C:\Windows\System\glVqJip.exe
  2⤵
  PID:8312
- C:\Windows\System\CkOqtqw.exe
  C:\Windows\System\CkOqtqw.exe
  2⤵
  PID:8360
- C:\Windows\System\ioJBlkH.exe
  C:\Windows\System\ioJBlkH.exe
  2⤵
  PID:8524
- C:\Windows\System\zBmVvVs.exe
  C:\Windows\System\zBmVvVs.exe
  2⤵
  PID:8508
- C:\Windows\System\HgFkckt.exe
  C:\Windows\System\HgFkckt.exe
  2⤵
  PID:8620
- C:\Windows\System\snezDSy.exe
  C:\Windows\System\snezDSy.exe
  2⤵
  PID:8616
- C:\Windows\System\ZCgdutA.exe
  C:\Windows\System\ZCgdutA.exe
  2⤵
  PID:8804
- C:\Windows\System\fTWuEUU.exe
  C:\Windows\System\fTWuEUU.exe
  2⤵
  PID:8896
- C:\Windows\System\sPAfLAt.exe
  C:\Windows\System\sPAfLAt.exe
  2⤵
  PID:8788
- C:\Windows\System\rZvMGHM.exe
  C:\Windows\System\rZvMGHM.exe
  2⤵
  PID:8936
- C:\Windows\System\FoKOiAu.exe
  C:\Windows\System\FoKOiAu.exe
  2⤵
  PID:8920
- C:\Windows\System\ggXQdmL.exe
  C:\Windows\System\ggXQdmL.exe
  2⤵
  PID:9056
- C:\Windows\System\lsHJkFN.exe
  C:\Windows\System\lsHJkFN.exe
  2⤵
  PID:9032
- C:\Windows\System\JtjZLTE.exe
  C:\Windows\System\JtjZLTE.exe
  2⤵
  PID:9092
- C:\Windows\System\nWJEGHO.exe
  C:\Windows\System\nWJEGHO.exe
  2⤵
  PID:8284
- C:\Windows\System\RdHebqM.exe
  C:\Windows\System\RdHebqM.exe
  2⤵
  PID:8480
- C:\Windows\System\PWtyoAH.exe
  C:\Windows\System\PWtyoAH.exe
  2⤵
  PID:8540
- C:\Windows\System\BtOFUMf.exe
  C:\Windows\System\BtOFUMf.exe
  2⤵
  PID:8924
- C:\Windows\System\DlFZpIx.exe
  C:\Windows\System\DlFZpIx.exe
  2⤵
  PID:9016
- C:\Windows\System\bnPemJy.exe
  C:\Windows\System\bnPemJy.exe
  2⤵
  PID:9096
- C:\Windows\System\dhMQswC.exe
  C:\Windows\System\dhMQswC.exe
  2⤵
  PID:9208
- C:\Windows\System\aIrDcQO.exe
  C:\Windows\System\aIrDcQO.exe
  2⤵
  PID:7628
- C:\Windows\System\CSMckSd.exe
  C:\Windows\System\CSMckSd.exe
  2⤵
  PID:8336
- C:\Windows\System\ckgmCSq.exe
  C:\Windows\System\ckgmCSq.exe
  2⤵
  PID:8528
- C:\Windows\System\ypGYpCv.exe
  C:\Windows\System\ypGYpCv.exe
  2⤵
  PID:8672
- C:\Windows\System\fFdEDlr.exe
  C:\Windows\System\fFdEDlr.exe
  2⤵
  PID:8832
- C:\Windows\System\dgZblpe.exe
  C:\Windows\System\dgZblpe.exe
  2⤵
  PID:9184
- C:\Windows\System\HCaCHaS.exe
  C:\Windows\System\HCaCHaS.exe
  2⤵
  PID:8392
- C:\Windows\System\YEFupWq.exe
  C:\Windows\System\YEFupWq.exe
  2⤵
  PID:8820
- C:\Windows\System\HvbDihb.exe
  C:\Windows\System\HvbDihb.exe
  2⤵
  PID:9148
- C:\Windows\System\bioBfxO.exe
  C:\Windows\System\bioBfxO.exe
  2⤵
  PID:8880
- C:\Windows\System\WoshCMN.exe
  C:\Windows\System\WoshCMN.exe
  2⤵
  PID:8396
- C:\Windows\System\wofEdwf.exe
  C:\Windows\System\wofEdwf.exe
  2⤵
  PID:8612
- C:\Windows\System\pEVCtff.exe
  C:\Windows\System\pEVCtff.exe
  2⤵
  PID:8864
- C:\Windows\System\IgMYXry.exe
  C:\Windows\System\IgMYXry.exe
  2⤵
  PID:8608
- C:\Windows\System\oiPGSjc.exe
  C:\Windows\System\oiPGSjc.exe
  2⤵
  PID:8212
- C:\Windows\System\RuSbwNo.exe
  C:\Windows\System\RuSbwNo.exe
  2⤵
  PID:8220
- C:\Windows\System\SUECOLW.exe
  C:\Windows\System\SUECOLW.exe
  2⤵
  PID:8776
- C:\Windows\System\ddnsCKd.exe
  C:\Windows\System\ddnsCKd.exe
  2⤵
  PID:9048
- C:\Windows\System\KPhZaha.exe
  C:\Windows\System\KPhZaha.exe
  2⤵
  PID:8448
- C:\Windows\System\qfPqXKk.exe
  C:\Windows\System\qfPqXKk.exe
  2⤵
  PID:8848
- C:\Windows\System\NOVbOLK.exe
  C:\Windows\System\NOVbOLK.exe
  2⤵
  PID:8244
- C:\Windows\System\NWMJIkr.exe
  C:\Windows\System\NWMJIkr.exe
  2⤵
  PID:8624
- C:\Windows\System\fcSPTVD.exe
  C:\Windows\System\fcSPTVD.exe
  2⤵
  PID:8760
- C:\Windows\System\ipvMWuX.exe
  C:\Windows\System\ipvMWuX.exe
  2⤵
  PID:9232
- C:\Windows\System\oMtZMMt.exe
  C:\Windows\System\oMtZMMt.exe
  2⤵
  PID:9256
- C:\Windows\System\RWesppH.exe
  C:\Windows\System\RWesppH.exe
  2⤵
  PID:9272
- C:\Windows\System\cuPacZj.exe
  C:\Windows\System\cuPacZj.exe
  2⤵
  PID:9296
- C:\Windows\System\fkeJDLy.exe
  C:\Windows\System\fkeJDLy.exe
  2⤵
  PID:9320
- C:\Windows\System\oMiCobE.exe
  C:\Windows\System\oMiCobE.exe
  2⤵
  PID:9336
- C:\Windows\System\jtxCANp.exe
  C:\Windows\System\jtxCANp.exe
  2⤵
  PID:9352
- C:\Windows\System\IFHSwBC.exe
  C:\Windows\System\IFHSwBC.exe
  2⤵
  PID:9368
- C:\Windows\System\WbtkisR.exe
  C:\Windows\System\WbtkisR.exe
  2⤵
  PID:9388
- C:\Windows\System\IiZlfgW.exe
  C:\Windows\System\IiZlfgW.exe
  2⤵
  PID:9404
- C:\Windows\System\OjTmIno.exe
  C:\Windows\System\OjTmIno.exe
  2⤵
  PID:9424
- C:\Windows\System\sZBbsCT.exe
  C:\Windows\System\sZBbsCT.exe
  2⤵
  PID:9440
- C:\Windows\System\GXeUNVw.exe
  C:\Windows\System\GXeUNVw.exe
  2⤵
  PID:9468
- C:\Windows\System\KcJubVh.exe
  C:\Windows\System\KcJubVh.exe
  2⤵
  PID:9484
- C:\Windows\System\rFAXhus.exe
  C:\Windows\System\rFAXhus.exe
  2⤵
  PID:9500
- C:\Windows\System\eEQmAmX.exe
  C:\Windows\System\eEQmAmX.exe
  2⤵
  PID:9516
- C:\Windows\System\cikXNjE.exe
  C:\Windows\System\cikXNjE.exe
  2⤵
  PID:9536
- C:\Windows\System\EmKLuar.exe
  C:\Windows\System\EmKLuar.exe
  2⤵
  PID:9564
- C:\Windows\System\LFIJzcG.exe
  C:\Windows\System\LFIJzcG.exe
  2⤵
  PID:9588
- C:\Windows\System\vegFdtW.exe
  C:\Windows\System\vegFdtW.exe
  2⤵
  PID:9620
- C:\Windows\System\HPKTLbH.exe
  C:\Windows\System\HPKTLbH.exe
  2⤵
  PID:9648
- C:\Windows\System\dEoUuNI.exe
  C:\Windows\System\dEoUuNI.exe
  2⤵
  PID:9664
- C:\Windows\System\qFiIwfG.exe
  C:\Windows\System\qFiIwfG.exe
  2⤵
  PID:9684
- C:\Windows\System\MHhguor.exe
  C:\Windows\System\MHhguor.exe
  2⤵
  PID:9708
- C:\Windows\System\AOSaPlz.exe
  C:\Windows\System\AOSaPlz.exe
  2⤵
  PID:9724
- C:\Windows\System\IrhoxqH.exe
  C:\Windows\System\IrhoxqH.exe
  2⤵
  PID:9748
- C:\Windows\System\oyESBFD.exe
  C:\Windows\System\oyESBFD.exe
  2⤵
  PID:9764
- C:\Windows\System\iAvpbKV.exe
  C:\Windows\System\iAvpbKV.exe
  2⤵
  PID:9788
- C:\Windows\System\uaHdgFa.exe
  C:\Windows\System\uaHdgFa.exe
  2⤵
  PID:9808
- C:\Windows\System\BcQorYo.exe
  C:\Windows\System\BcQorYo.exe
  2⤵
  PID:9828
- C:\Windows\System\KdJiiGx.exe
  C:\Windows\System\KdJiiGx.exe
  2⤵
  PID:9848
- C:\Windows\System\AkteNVK.exe
  C:\Windows\System\AkteNVK.exe
  2⤵
  PID:9864
- C:\Windows\System\vDwejao.exe
  C:\Windows\System\vDwejao.exe
  2⤵
  PID:9888
- C:\Windows\System\hteqnVa.exe
  C:\Windows\System\hteqnVa.exe
  2⤵
  PID:9912
- C:\Windows\System\oxKOCwY.exe
  C:\Windows\System\oxKOCwY.exe
  2⤵
  PID:9928
- C:\Windows\System\PHGxYXU.exe
  C:\Windows\System\PHGxYXU.exe
  2⤵
  PID:9944
- C:\Windows\System\QMzYviQ.exe
  C:\Windows\System\QMzYviQ.exe
  2⤵
  PID:9960
- C:\Windows\System\WispGwR.exe
  C:\Windows\System\WispGwR.exe
  2⤵
  PID:9976
- C:\Windows\System\IExOPJB.exe
  C:\Windows\System\IExOPJB.exe
  2⤵
  PID:10000
- C:\Windows\System\OQSVtXM.exe
  C:\Windows\System\OQSVtXM.exe
  2⤵
  PID:10028
- C:\Windows\System\BZiJYBv.exe
  C:\Windows\System\BZiJYBv.exe
  2⤵
  PID:10048
- C:\Windows\System\EDzcyDu.exe
  C:\Windows\System\EDzcyDu.exe
  2⤵
  PID:10076
- C:\Windows\System\iliyGVC.exe
  C:\Windows\System\iliyGVC.exe
  2⤵
  PID:10092
- C:\Windows\System\DwLyzwY.exe
  C:\Windows\System\DwLyzwY.exe
  2⤵
  PID:10108
- C:\Windows\System\mmdLpqW.exe
  C:\Windows\System\mmdLpqW.exe
  2⤵
  PID:10124
- C:\Windows\System\NLAQpJH.exe
  C:\Windows\System\NLAQpJH.exe
  2⤵
  PID:10152
- C:\Windows\System\chkvZam.exe
  C:\Windows\System\chkvZam.exe
  2⤵
  PID:10172
- C:\Windows\System\IrjPTwD.exe
  C:\Windows\System\IrjPTwD.exe
  2⤵
  PID:10188
- C:\Windows\System\hgamRBk.exe
  C:\Windows\System\hgamRBk.exe
  2⤵
  PID:10212
- C:\Windows\System\JfvFEMU.exe
  C:\Windows\System\JfvFEMU.exe
  2⤵
  PID:10228
- C:\Windows\System\BYRVbCR.exe
  C:\Windows\System\BYRVbCR.exe
  2⤵
  PID:9228
- C:\Windows\System\KgIHQwp.exe
  C:\Windows\System\KgIHQwp.exe
  2⤵
  PID:9252
- C:\Windows\System\mrkMrQb.exe
  C:\Windows\System\mrkMrQb.exe
  2⤵
  PID:9304
- C:\Windows\System\uEGiqXH.exe
  C:\Windows\System\uEGiqXH.exe
  2⤵
  PID:9328
- C:\Windows\System\ESlejcS.exe
  C:\Windows\System\ESlejcS.exe
  2⤵
  PID:9400
- C:\Windows\System\zLDbbWC.exe
  C:\Windows\System\zLDbbWC.exe
  2⤵
  PID:9464
- C:\Windows\System\LmYdESj.exe
  C:\Windows\System\LmYdESj.exe
  2⤵
  PID:9416
- C:\Windows\System\EcNZnnO.exe
  C:\Windows\System\EcNZnnO.exe
  2⤵
  PID:9456
- C:\Windows\System\PJOkxnR.exe
  C:\Windows\System\PJOkxnR.exe
  2⤵
  PID:9492
- C:\Windows\System\fRZDwVP.exe
  C:\Windows\System\fRZDwVP.exe
  2⤵
  PID:9548
- C:\Windows\System\aBzKSof.exe
  C:\Windows\System\aBzKSof.exe
  2⤵
  PID:9496
- C:\Windows\System\gYvUIMV.exe
  C:\Windows\System\gYvUIMV.exe
  2⤵
  PID:9596
- C:\Windows\System\sbWOGiM.exe
  C:\Windows\System\sbWOGiM.exe
  2⤵
  PID:9628
- C:\Windows\System\TlksbfM.exe
  C:\Windows\System\TlksbfM.exe
  2⤵
  PID:9660
- C:\Windows\System\nMnsxxu.exe
  C:\Windows\System\nMnsxxu.exe
  2⤵
  PID:9680
- C:\Windows\System\rSIDpBI.exe
  C:\Windows\System\rSIDpBI.exe
  2⤵
  PID:9720
- C:\Windows\System\vmUorpW.exe
  C:\Windows\System\vmUorpW.exe
  2⤵
  PID:9736
- C:\Windows\System\qjDxWRh.exe
  C:\Windows\System\qjDxWRh.exe
  2⤵
  PID:9776
- C:\Windows\System\TTBamLJ.exe
  C:\Windows\System\TTBamLJ.exe
  2⤵
  PID:9820
- C:\Windows\System\HBwAhRH.exe
  C:\Windows\System\HBwAhRH.exe
  2⤵
  PID:9844
- C:\Windows\System\QttXzNX.exe
  C:\Windows\System\QttXzNX.exe
  2⤵
  PID:9884
- C:\Windows\System\BhbHlgr.exe
  C:\Windows\System\BhbHlgr.exe
  2⤵
  PID:9908
- C:\Windows\System\DRtCcEY.exe
  C:\Windows\System\DRtCcEY.exe
  2⤵
  PID:10008
- C:\Windows\System\gUakYjN.exe
  C:\Windows\System\gUakYjN.exe
  2⤵
  PID:9956
- C:\Windows\System\oGdXRoR.exe
  C:\Windows\System\oGdXRoR.exe
  2⤵
  PID:10012
- C:\Windows\System\auAhtBt.exe
  C:\Windows\System\auAhtBt.exe
  2⤵
  PID:10036
- C:\Windows\System\nAmsICd.exe
  C:\Windows\System\nAmsICd.exe
  2⤵
  PID:10132
- C:\Windows\System\gxROSpj.exe
  C:\Windows\System\gxROSpj.exe
  2⤵
  PID:10140
- C:\Windows\System\QwVkrnE.exe
  C:\Windows\System\QwVkrnE.exe
  2⤵
  PID:10220
- C:\Windows\System\WexWDaJ.exe
  C:\Windows\System\WexWDaJ.exe
  2⤵
  PID:10196
- C:\Windows\System\TzFmUrS.exe
  C:\Windows\System\TzFmUrS.exe
  2⤵
  PID:10204
- C:\Windows\System\GAOJwne.exe
  C:\Windows\System\GAOJwne.exe
  2⤵
  PID:9248
- C:\Windows\System\ydiORRo.exe
  C:\Windows\System\ydiORRo.exe
  2⤵
  PID:9264
- C:\Windows\System\cUVkotI.exe
  C:\Windows\System\cUVkotI.exe
  2⤵
  PID:9360
- C:\Windows\System\gkcXdKn.exe
  C:\Windows\System\gkcXdKn.exe
  2⤵
  PID:9316
- C:\Windows\System\AocGaWg.exe
  C:\Windows\System\AocGaWg.exe
  2⤵
  PID:9448
- C:\Windows\System\iATylnq.exe
  C:\Windows\System\iATylnq.exe
  2⤵
  PID:9480
- C:\Windows\System\NvnPZcQ.exe
  C:\Windows\System\NvnPZcQ.exe
  2⤵
  PID:9552
- C:\Windows\System\WNxdICJ.exe
  C:\Windows\System\WNxdICJ.exe
  2⤵
  PID:9616
- C:\Windows\System\EiRgwmi.exe
  C:\Windows\System\EiRgwmi.exe
  2⤵
  PID:9656
- C:\Windows\System\pGGVLMu.exe
  C:\Windows\System\pGGVLMu.exe
  2⤵
  PID:9740
- C:\Windows\System\eGqCBfj.exe
  C:\Windows\System\eGqCBfj.exe
  2⤵
  PID:9856
- C:\Windows\System\wcBjVnY.exe
  C:\Windows\System\wcBjVnY.exe
  2⤵
  PID:9872
- C:\Windows\System\odDaGhY.exe
  C:\Windows\System\odDaGhY.exe
  2⤵
  PID:9936
- C:\Windows\System\OZRmXNZ.exe
  C:\Windows\System\OZRmXNZ.exe
  2⤵
  PID:9940
- C:\Windows\System\TmDDyQY.exe
  C:\Windows\System\TmDDyQY.exe
  2⤵
  PID:10068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BUqWlZK.exe

Filesize
6.0MB

MD5
7178e93d7ac14afc453a84f6bce11f8a

SHA1
d84bb6563288dd2c41928137aded1ffa4cd6f500

SHA256
791503fc82bdcb797c22e542d7dedc2f19fe6d007673ef48c0824aa4feb8b210

SHA512
9e5bff8e40683b29769b89f29551a6bac3f4a7a7f1f627ef087196ccf412d8d7bf2ccc93c0c4af9cb7ed9a6ca5054be2c2855af6c2be1c5d99684bc9cbe01081

Download Submit
C:\Windows\system\CjCueXv.exe

Filesize
6.0MB

MD5
a2e998d2690e9dc31f8eb9218a7f3cba

SHA1
2737768c34fdfc9643620c5a29e2dab5a30c4af9

SHA256
e7fe31f0d2ccfd36d990c7fad9570a6565a95bc4cbb34fb91a27420d42a1908d

SHA512
c80e94c32544eed94573301ce5df661bc0d474b8163edfd2437ed4ee2cb1f37f7751fc98e4cceaae8b8f1882a879eaf78c48d3be20180ac2b31ff243a205d022

Download Submit
C:\Windows\system\DHgWLvX.exe

Filesize
6.0MB

MD5
fea0f487612f36e8b8673fb552f290a6

SHA1
5d1c5fe3849c71c3d6670f690dafaa1525cec333

SHA256
2e9e8c173e87f22220e37a83642d36be0674a80a7e224d6fb28a1f48ca09326d

SHA512
507151ea43f905cfedb8bd5e2e35de936aecc21db671c15f16ca23394d68f73996c0c19c8a400ed181a4889a42d1caa3f557a19c447151cb7052c4f0018c096b

Download Submit
C:\Windows\system\GCwKdVM.exe

Filesize
6.0MB

MD5
9b53901ae19efad381b59160015eb724

SHA1
967da87b6a632476a7a9d3b0b1eb0798a434695b

SHA256
893bf0a63a22e515f34dd2f7f85431d935904a3dc673e08c58f3fe2d81d81480

SHA512
368b17d1d39d040d5c82f6e2ac6a5bf35feabfff8a8e7ed76d8ef598302e33cdddf841c745ebf22930c3d8ac8a099af09b854cd8b1b638fcef3021788049f1f4

Download Submit
C:\Windows\system\HfjwXow.exe

Filesize
6.0MB

MD5
99f939611d3391c2d72e57f8dcb14e31

SHA1
0c6f1c235ba894c6a127ef96e1585b4603ab04ad

SHA256
2e1c1ad46e78ad256c028dfb87bdf1719c05f0056e948e43cd251484b28d550b

SHA512
4740095904400e4389d307c00fcba343e8105e13fda5d75c2b5b862ee523790b82e7820f6eaec93f91c7af56aaf96fae809c407852f5232b89f0cc0421c49338

Download Submit
C:\Windows\system\IAOWqox.exe

Filesize
6.0MB

MD5
ce78bc06117de1372b19e58e2bfa65f6

SHA1
9b2577cd6bd269ce1af061c4bac2acf49fa15d5f

SHA256
8af2a1170ed870843f8b271e85f4f194b88f89037dac73a1a1f6f3c4e6ee414b

SHA512
adde38b94c5fbb5990c1677f56361dee57b35fc533e53d8c24566ad0c2f7aeadd60727f0f9f5cc62857599f914611296a5ae3b5f586b19fb1c5525bffca1897d

Download Submit
C:\Windows\system\JCIyROs.exe

Filesize
6.0MB

MD5
ac10b4b7b870d5f1bdabf1d6e973c286

SHA1
d076ea4856cdd081cbf7317dc41e649d0071d479

SHA256
fc3b8d7b7d5b8fab0c379d6ef4082a28afa238f4af7d51058291095ea93bde48

SHA512
2f8aa18a63835bd47ecc20239ca93f4a8221428fc2fc96145e56b61c143d3d11d3c7c02f01f23e274d1d55d645f160c4d272568d3e49f4302466a95ed2d73672

Download Submit
C:\Windows\system\KbCDDgp.exe

Filesize
6.0MB

MD5
a5675401615097d27f731146a7b21389

SHA1
5a8d48a544fada61534eae24c76c2ab0a0d88e15

SHA256
88630a2f04750cfa6ef1823f755924f219e99c9c6065fb08c3c8869596a6ca03

SHA512
c7895c222adba5711cf4207ab44838f383dd178c74649d6e955fc43e15c4ccd94e1c6787276fa1429b96a56452a52ed7d79c14e11a38b42893f63228be011005

Download Submit
C:\Windows\system\NPAbNim.exe

Filesize
6.0MB

MD5
dbbe920b05a8f3cdd99637eb941a0bdd

SHA1
ec65eeb6ff9a9bc002e7d0af81bbccda054d1440

SHA256
65ca43e97d328651afd75a1220ac8194c1f4264364bb40ff5a5d371e816008d0

SHA512
5e82dec13576cc50f15b76fe32716121ec77da25f26e8a0cb058c522884cbe97c5e42f4b431af804e5c2f7d6d6032869b5d637bef32f6730af07365943c1a988

Download Submit
C:\Windows\system\QeZcsWz.exe

Filesize
6.0MB

MD5
8c9941bfb0352a9126d2c3d900b55e9d

SHA1
acc4d309865ed0a498290fa83521621f45d12463

SHA256
2a8c8ccc89906ede254531f641033d5482afd5978f41827c253a9e07644ec423

SHA512
8ee9e1b865d34852b3f1b60a460508be6b1e933be07a720e28cc177776ead9a7b86574e0f103d54b6276d80f125cb79dd314c10b2d7cd42d32857039561b2f99

Download Submit
C:\Windows\system\TFNHgrp.exe

Filesize
6.0MB

MD5
413f71307815540ed8f4dc3d83317902

SHA1
046600d3da51b6ba538a0d6fbb03024b077bd4c5

SHA256
c641d7cd1035099b6a1a6b828079c91f5ba3730a8e5b7ad062f76b2b8d534137

SHA512
d1aef3a01f087d206d9f351e2a01110b4305ee9cf21e82578a5c839e4e8e063e4b2a2da7507854ca1d83ac01d483b9559209bc8c855ed5c3e7f7e33b89ab33cc

Download Submit
C:\Windows\system\TKEDLui.exe

Filesize
6.0MB

MD5
e53f416fd555ae93bee18824fe3356ea

SHA1
791d6ef6338f355dab61650f2a065e0ae0f22b89

SHA256
af3e505cac105f7dd012b26d0c7df9c9f6cd049dca36a43cd940a96e0bc124b9

SHA512
c7de0b5c16f1121338c32b87f8ef22b07ccf39fb9a0e8a9aa2f59ea06c228d72815845305b21bbc7c96ab2a1256ea571cf16466c091ae3f10be90fe2232757db

Download Submit
C:\Windows\system\VDbcgno.exe

Filesize
6.0MB

MD5
eda4cf02351244f15dcff883bc3668fc

SHA1
ec5745c0db157ee35e6070a0c41f24f10d6e9ecd

SHA256
92f828baa73c49b57d3404d0afc4c49ceb7d3ee8596e66558deb4062e4a6dc0d

SHA512
b0746cf89cc7fdd2168b8cb426cc468108fa67baa65f6389295d6763c8e0c981d90ee68b99810ed559423e61b74106f202385902293bff72de7d1a9c0a8613f7

Download Submit
C:\Windows\system\YVLheyk.exe

Filesize
6.0MB

MD5
b16dc99757c64757658e819e628adff6

SHA1
09bebef1da2b87e9edeac8ea4252d1a5e5923a59

SHA256
59635bd2c072c689ac6835342dd31c805c2e979bae315ac0dda0dd9f3b0e7153

SHA512
7b3de3cf0176a4464b8c55bf9311e2f6672674954a4f27da61e354e9cf5993aa2bdb6b1d10b84756586735f7b716d698c76a060a726e97420e1f4d77d009b0fa

Download Submit
C:\Windows\system\ZlCEGyd.exe

Filesize
6.0MB

MD5
522c93296ece7b161e96e154aba12f5b

SHA1
bd09a4ce1abad071e5334ff4ae1446528d0d2698

SHA256
52659d43cefde679b640ed45df1f0c520c6ba416a4f3005ad5d3634a332936a5

SHA512
185dc51357534ad207b4c0ae9cd2aaa0361f0a29c9daf2de30ab02c6503cd1e6a6c825def129330f39d68a8a7ef1d74ea8f48d32f61089f1158e4c94280fa2aa

Download Submit
C:\Windows\system\aPWguHs.exe

Filesize
6.0MB

MD5
170b9424aac2d4ac7097d1ce0407bd4a

SHA1
bb2a82df2560cea64c67ff44d36f8aba3dc562a4

SHA256
7043da5a4210e856cfeb2e875a7a8b3d0fbd35e169c1f5078f524d33475bc48b

SHA512
8da19c0a029a422d4f65ac8902b42595025ea2039dfb03e59b5cb157290bb4452bbaf4e265dd76aa2c1275ca0fecc1ad73af02b35f231482eaa1625d40f952b4

Download Submit
C:\Windows\system\befiAvF.exe

Filesize
6.0MB

MD5
69a7bfe15dcb04f7c30fbba3b9d718ee

SHA1
66e4a05cbf606152dbd5e78d3097a066852adf09

SHA256
ee058012e2f1658865f85a29a18092417307291f90a75902f80d1b9fc1d0e2e2

SHA512
32c2a8ba29d37bcb18adb0266ac9ab92aac7a67562ce2dc5362e3ca7393ba22e8374c8ffb7e106bc1c16b3a634fe1e75d32722e765f241e161fb1d3fc9dfd368

Download Submit
C:\Windows\system\cLMmntk.exe

Filesize
6.0MB

MD5
6c292774ee34e6ba9554d12d5d1e52e9

SHA1
35347e363602e3f514eef39dd77b3038de6c59db

SHA256
260dfa351bc05374f5dd2deb901e943e6914975bb010c0ba9faf4dca3dfdd46c

SHA512
066a2c2e786af1211aeeb9da6ba1be59a88b78b9cada8d852b10b95084d4a78b9eab369592ec2b542c513762eec12504ac7879facdc6775025966e7e2620395c

Download Submit
C:\Windows\system\mZWPvIw.exe

Filesize
6.0MB

MD5
778a1650e140998cf1fc23ede520ec49

SHA1
acc30bcf18c1a660316745f135440710fc5adb3f

SHA256
6fb9eeb98d7c5d32ff43a9fbbe9fe60543f740d3c5a6bf81477d065efc50db6f

SHA512
e4fdca03020ff8a379fd1c40ae170a50e2ba2f1467c1809413d96607c06df42292726ac3ae5b5bfed06373de1282cc2c169f1f5339e054e1bd9d3cfd18afccef

Download Submit
C:\Windows\system\niRtqNM.exe

Filesize
6.0MB

MD5
5d2e703d37c1d2daacf523f200c778ec

SHA1
c2263d2a5734ca37085894198819a83efa689b18

SHA256
6fe1e4fc9b5fa912ff601598b78c5d9aedf42500db83d64e951f53760e77f746

SHA512
6cd411f0dae089a1c7d554340f6411aeebc4f1c316e91bd2bb55ea20e34d198ba265064496d632d8dd542a8a8551d7701bd9fa1d1881b5ca2847828d291174da

Download Submit
C:\Windows\system\qfXPaZn.exe

Filesize
6.0MB

MD5
c425b2fbce15e446c2f07af2ba3643fb

SHA1
77bad0db996e5bae3061887ba6066f0110880718

SHA256
7f29af483db858aef09c4d47112db5e7c122949e8538f9cc8b647550cc31aaaf

SHA512
d29ba5ebaadc1f68588ecbdfcaf985737e6ed66ab6203d8b94dfbb648e03afcc1d6564e53f54fa3b78564ca6f47f86a217ddcdd9c43e10ddff43c6a15f577847

Download Submit
C:\Windows\system\uGXgrnZ.exe

Filesize
6.0MB

MD5
e533fa43d271729cd6b79fc06fa53426

SHA1
18251850886fc7bf1966f031a7d5569c2bf35288

SHA256
5b866ffb940aa870e37021c8c7d8e3e14b81c4692fe09d7367f438f296ac75fe

SHA512
74b1069164b2348a3415eee374df586e3fe31acf7b898f75c89c958f310fdee564e5559710543c7e07753f15d4e9d7856469f8dcd3500773294eed2e8621380f

Download Submit
C:\Windows\system\uaeIhgd.exe

Filesize
6.0MB

MD5
58c8ab20f457d4c26ad1d8c2d1be15a5

SHA1
a8cabbe0f9507272b615a1154b9ae878e295ac99

SHA256
1e57c776359652c0afe201f15c1cea5268efb46c62e735820c792a4cc2a42dca

SHA512
e9015fc952ef856ba8d4ffaae007f2cb87387c3808c7fb1d4995fd98ab597a0d3d443e28f4849e7171d371ef012dac87da1f2c97cfbf02906247bd9f19fff09e

Download Submit
C:\Windows\system\ucTmVaL.exe

Filesize
6.0MB

MD5
6d5fcd5ab9a9fa37fa3a026f9e7e5b7b

SHA1
3d7dd1fd1610e7a009e0cf15e4ab4a2585f883e9

SHA256
bebf30d2e9fda4344bb1a1da797abc27d0ae009ec87c592292b57ce1745db7ba

SHA512
1a5957dafc54541996871d091cd2ffe37c82285c891dcd5d197adb6558c94d55133834fb3cc05640fd7c86d9f9cf7add633cee0e9cb472e7f0ba368018d7c932

Download Submit
C:\Windows\system\vNbDrfW.exe

Filesize
6.0MB

MD5
d347931151163a3dbf307489ef694e86

SHA1
f7d2daa32860b723ad67d7ebc595031adf4d1a68

SHA256
3d2a9d145a5c7fb490412ce821024a685006b380bc66c72923cd44a5c90e9982

SHA512
1cfbf430c2885ba9233a83899b3bdb446ede754e3bc67c39c80ec9d05a38607c6ba68a892f2b46337255f8ebedabe525498064894b52809db002fb770bd6f8bb

Download Submit
C:\Windows\system\wReZIDL.exe

Filesize
6.0MB

MD5
bb92ea032d9a324cc8f5d984a2af2901

SHA1
8aa09638cc88d7d0418e4c55a96f4134f681ebe3

SHA256
8d3547fb6eea6fe3fb28258b497c8e3d1e39c0918f142863a9e12be608a0040e

SHA512
3ae5337d721163e63f0b2b00c8b00ceabd434b5cbd995487129b2a83a18251e4d023e0577e11d52b11bd960c3c917af5896ac116c35461011f69274babd96d13

Download Submit
C:\Windows\system\ydrjcuW.exe

Filesize
6.0MB

MD5
152b46f634868c871143fb519b8c5281

SHA1
6bd9224a67c809391f5c8276c1eb6c32b05d22d9

SHA256
c5d13cb87f6da206793786673a7ee69e5b162e4c44b0b5d8f71c985ec61586ce

SHA512
b69c2fada7dc1ea37a1507a8b0107d7be6211eee3727af490c039b810939a32cda789c0a003468b0edfb74ff22c060b6272148c43ba920b4a08b356becdaff3f

Download Submit
\Windows\system\FCugyCE.exe

Filesize
6.0MB

MD5
378a3b3733c7a55d36d6dc12ce774dc8

SHA1
b4e019b028e33d817a5478fef195a901b0a5aeb4

SHA256
96436f5ee3383da6a9f85846a153afad483547fb0bd6e2bd67a73415877e680c

SHA512
830027b8222da83667c485741e22d43e8f7a12e09d2b6cf1fadd6b013afe8b3a2d5912fa3097eab224becbdd3c5462a08d16885f324bfe8ed0235aeeba93824d

Download Submit
\Windows\system\TVexPNF.exe

Filesize
6.0MB

MD5
d6b0d615c719bcc9a42a3ba1ebc048a1

SHA1
08b2817b7081174905d1adc670e6ebb4ebc749d8

SHA256
43bc0586ecb486bec9d3da8c893429a4bf48e49089e6aca906ba0e87c8a48456

SHA512
c3e1232ae95f2212b2fd9f8e455c4c6bdac0607f58ab663f03a89762ac94b98798aeec7efc1d457f61f767ec93e41198d951d5387770f8964038522f60f888f7

Download Submit
\Windows\system\ZLZDXvh.exe

Filesize
6.0MB

MD5
17dc4e091b94dcadac584777eb720aec

SHA1
62180ecb5c0ff70111cf8728df35a3e08d21c3d8

SHA256
a09d7c77646b08d294098b6879e45f1c91c6e3b257270dd67a4d721fa6164d87

SHA512
d061eb9271cec3be22d09d69a04c002217b3e96d72de23ba31edd78cf54a3325d9c4156fb129d006b445f8c1b2e2f4ad87148713192c468b8bd3386997887a3a

Download Submit
\Windows\system\nTPqKOj.exe

Filesize
6.0MB

MD5
d9b0f04e57818810a3ea155b4febe325

SHA1
98d050669f5358dcb544c5cb34001dfe9e48059e

SHA256
14dc2d88507d6b4d8aad8488ba06a6b914ddf6abf030659a6250bcd2a62fd297

SHA512
b108a8509fff14253aa1d69a0e7faea2b931f10712600adae83d29ba073663d08e66eed2e15070e6e49f1eb27e4786682b9f7355651a22f2a613afbddc684fdb

Download Submit
\Windows\system\rwqsplf.exe

Filesize
6.0MB

MD5
35425395a6c92d63357721580c722d35

SHA1
155f4f31f5fe9214666471c80cb6b6bbe8fe066f

SHA256
c62d888c9ae70a2f71a8e8e7f07bdf111770c272cfe6800c5d294c90810de057

SHA512
d36a864332ee03461128da9a18d253e528c40781f78e492a0e3e62b4cd68ba4e69ada54936aeefd5dd69ef132e15e6cac30a120ab5000d8681974f67ab0b2c14

Download Submit
memory/1592-4049-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/1592-11-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/1592-1609-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2416-2011-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-726-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-674-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-2344-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2416-2352-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-2354-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-2355-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-2357-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-2359-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-2362-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2416-2361-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2416-2360-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-2358-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-2356-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2416-0-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2416-711-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-702-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-691-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2416-735-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-750-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2416-651-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-16-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-625-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-6-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2416-614-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2416-1364-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2416-791-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2416-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2532-4074-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-749-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-734-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2608-4073-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2608-757-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2644-723-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-4071-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-650-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4068-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2716-701-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2748-4072-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2748-673-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2812-710-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2812-4070-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2820-22-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2820-4050-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2852-690-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2852-4069-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2940-1827-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-15-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-4048-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-803-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/3012-621-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/3012-4075-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download