cobaltstrike | 2346d274238073fbc549eddc94ab47feb60052a04dde6773aa65ceecc6039b1d

Analysis

max time kernel
150s
max time network
24s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b5f05c201a14b5f4d8be1b05dd0a7505
SHA1

aecf49c68cb05b05f6b718d5101babd25b705048
SHA256

2346d274238073fbc549eddc94ab47feb60052a04dde6773aa65ceecc6039b1d
SHA512

252ef39b39bb542d9792ff5f7c9a94818c79a5d52d5b4a09d7c91fed97a570d5f9e32180f0eef79a6282a0b80751e1aa7c6cb84d7824d81237ffa18e0727e667
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU/:T+q56utgpPF8u/7/

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001226a-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001658c-7.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001662e-14.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016aa9-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c62-37.dat	cobalt_reflective_dll
behavioral1/files/0x00330000000161f6-30.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016c84-52.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173da-68.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f4-87.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f1-76.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a2-118.dat	cobalt_reflective_dll
behavioral1/files/0x000d00000001866e-133.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-198.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-193.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-188.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-178.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-163.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-168.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-153.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018792-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018687-138.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017525-123.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018663-128.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017487-113.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fc-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017472-104.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cd1-63.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c7b-49.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2656-0-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/files/0x000c00000001226a-3.dat	xmrig
behavioral1/files/0x000800000001658c-7.dat	xmrig
behavioral1/memory/2792-12-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2832-17-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x000800000001662e-14.dat	xmrig
behavioral1/memory/2776-22-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016aa9-23.dat	xmrig
behavioral1/memory/2708-28-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c62-37.dat	xmrig
behavioral1/memory/2596-41-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x00330000000161f6-30.dat	xmrig
behavioral1/files/0x000a000000016c84-52.dat	xmrig
behavioral1/memory/2224-57-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x00060000000173da-68.dat	xmrig
behavioral1/memory/2272-73-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x00060000000173f4-87.dat	xmrig
behavioral1/files/0x00060000000173f1-76.dat	xmrig
behavioral1/memory/2524-81-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/files/0x00060000000174a2-118.dat	xmrig
behavioral1/files/0x000d00000001866e-133.dat	xmrig
behavioral1/files/0x0006000000018f53-158.dat	xmrig
behavioral1/memory/2896-760-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2192-633-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/3024-482-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2656-404-0x00000000023F0000-0x0000000002744000-memory.dmp	xmrig
behavioral1/memory/2524-337-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2272-215-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x0005000000019256-198.dat	xmrig
behavioral1/files/0x0005000000019244-193.dat	xmrig
behavioral1/files/0x00050000000191ff-184.dat	xmrig
behavioral1/files/0x000500000001922c-188.dat	xmrig
behavioral1/files/0x00060000000190e0-173.dat	xmrig
behavioral1/files/0x00050000000191d4-178.dat	xmrig
behavioral1/files/0x000600000001903b-163.dat	xmrig
behavioral1/files/0x00060000000190ce-168.dat	xmrig
behavioral1/files/0x0006000000018c26-153.dat	xmrig
behavioral1/files/0x0006000000018c1a-147.dat	xmrig
behavioral1/files/0x0005000000018792-143.dat	xmrig
behavioral1/files/0x0005000000018687-138.dat	xmrig
behavioral1/files/0x0006000000017525-123.dat	xmrig
behavioral1/files/0x0014000000018663-128.dat	xmrig
behavioral1/files/0x0006000000017487-113.dat	xmrig
behavioral1/memory/2192-97-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2224-96-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x00060000000173fc-95.dat	xmrig
behavioral1/memory/2896-106-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2868-105-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2596-80-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000017472-104.dat	xmrig
behavioral1/memory/3024-89-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/3036-88-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2656-85-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2600-72-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2868-65-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2708-64-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x0009000000016cd1-63.dat	xmrig
behavioral1/memory/3036-51-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2792-50-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c7b-49.dat	xmrig
behavioral1/memory/2832-46-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2656-45-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2600-35-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2832-2998-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2792	QJpZIgB.exe
2832	SEAEUoy.exe
2776	Bkpgyqk.exe
2708	RCOFrzj.exe
2600	RHmZkHz.exe
2596	JVKUtqO.exe
3036	oDiyWZf.exe
2224	afrtKzo.exe
2868	XHabeWG.exe
2272	uLXeiYg.exe
2524	LNIzkDs.exe
3024	iSFKFIW.exe
2192	QwcOQpY.exe
2896	BUawoNF.exe
1972	lYODnfG.exe
2164	uJjsYwf.exe
1984	PoxXBqw.exe
1420	OmHlmGN.exe
760	kwfDqKB.exe
792	taSYMXa.exe
1668	ErmSOKV.exe
2148	saQjhxi.exe
1324	QVNlsnJ.exe
2212	OcqTdzA.exe
2144	IcyFsTe.exe
3056	mLciseY.exe
2100	YdvDZyZ.exe
664	dgONVMK.exe
2176	NIERgfM.exe
2076	GiNEJtN.exe
932	gPLawyq.exe
700	eewYTzS.exe
2972	GFlceoB.exe
1384	NUOheqM.exe
1528	VMcvTOS.exe
996	xPJUIKA.exe
1860	NGxXWQx.exe
1660	eEAIZHg.exe
556	tjSiTjV.exe
1784	CnxygOJ.exe
2928	HEgFAga.exe
2500	NwoQeiS.exe
2428	oiLaWaD.exe
2396	uzWMXfF.exe
2452	CmcEarC.exe
2480	znLmUSZ.exe
1208	qPVEicO.exe
2060	diWnUfB.exe
1740	lECQqvM.exe
872	rXmsRrU.exe
2276	rrQUNam.exe
2780	TArREJo.exe
1592	fnYZJNZ.exe
1588	BuHdDfh.exe
2788	YdnUCvG.exe
2108	BVqpkVS.exe
2876	FDxHEIz.exe
1416	XkKkaxY.exe
2852	hpnWcKI.exe
1228	tfLvabn.exe
2908	grAsTon.exe
1788	KOtsuIE.exe
2880	GBzNQMn.exe
1160	UEpQNIb.exe

Loads dropped DLL 64 IoCs

pid	Process
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2656-0-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/files/0x000c00000001226a-3.dat	upx
behavioral1/files/0x000800000001658c-7.dat	upx
behavioral1/memory/2792-12-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2832-17-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x000800000001662e-14.dat	upx
behavioral1/memory/2776-22-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x0007000000016aa9-23.dat	upx
behavioral1/memory/2708-28-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x0007000000016c62-37.dat	upx
behavioral1/memory/2596-41-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x00330000000161f6-30.dat	upx
behavioral1/files/0x000a000000016c84-52.dat	upx
behavioral1/memory/2224-57-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x00060000000173da-68.dat	upx
behavioral1/memory/2272-73-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x00060000000173f4-87.dat	upx
behavioral1/files/0x00060000000173f1-76.dat	upx
behavioral1/memory/2524-81-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/files/0x00060000000174a2-118.dat	upx
behavioral1/files/0x000d00000001866e-133.dat	upx
behavioral1/files/0x0006000000018f53-158.dat	upx
behavioral1/memory/2896-760-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2192-633-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/3024-482-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2524-337-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2272-215-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x0005000000019256-198.dat	upx
behavioral1/files/0x0005000000019244-193.dat	upx
behavioral1/files/0x00050000000191ff-184.dat	upx
behavioral1/files/0x000500000001922c-188.dat	upx
behavioral1/files/0x00060000000190e0-173.dat	upx
behavioral1/files/0x00050000000191d4-178.dat	upx
behavioral1/files/0x000600000001903b-163.dat	upx
behavioral1/files/0x00060000000190ce-168.dat	upx
behavioral1/files/0x0006000000018c26-153.dat	upx
behavioral1/files/0x0006000000018c1a-147.dat	upx
behavioral1/files/0x0005000000018792-143.dat	upx
behavioral1/files/0x0005000000018687-138.dat	upx
behavioral1/files/0x0006000000017525-123.dat	upx
behavioral1/files/0x0014000000018663-128.dat	upx
behavioral1/files/0x0006000000017487-113.dat	upx
behavioral1/memory/2192-97-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2224-96-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x00060000000173fc-95.dat	upx
behavioral1/memory/2896-106-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2868-105-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2596-80-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x0006000000017472-104.dat	upx
behavioral1/memory/3024-89-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/3036-88-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2600-72-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2868-65-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2708-64-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x0009000000016cd1-63.dat	upx
behavioral1/memory/3036-51-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2792-50-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x0007000000016c7b-49.dat	upx
behavioral1/memory/2832-46-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2656-45-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2600-35-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2832-2998-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2708-3009-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2600-3011-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MSLdjJK.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LqZClJk.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnnmFYA.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sTbFjuU.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WcfhNqj.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tEvzaFs.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gbpwofm.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lqNCjPx.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FCWpoWJ.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKzyYBZ.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZThuiZm.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zTjqGNP.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ioCTICn.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dfkXCyG.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EnwWWcd.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LdxJTwM.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JiQeZLp.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JuQjpEu.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LwMcBpi.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bREuBCS.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xwXgtdA.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\paWRjSx.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BeqlwJp.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VMGFPyA.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nolhosg.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrpWiuG.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMuwRqH.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LNIzkDs.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBjOnrr.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hqrQbiy.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pcDowGl.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GIbkGJk.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwsOTFh.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\POqHenL.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NKCHAfI.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yiPlQCm.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUtvMbL.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecQMmjB.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KOxKELM.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CaVFanh.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\unOYKJA.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zgRqOpo.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjfLURz.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oWlOSWj.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rRNPDDi.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UcAcZcq.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tXFafHA.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGgpkIN.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fOditOP.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Smznjxk.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KnipxPk.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jeTAEYK.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSAHDeh.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KiGUIzy.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQspECe.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cLxxHqC.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xTRXTNa.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ghzEaTn.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oPyAcRX.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhznEVP.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxQlPik.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrefDcS.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bBtLDYy.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QfVHRkv.exe	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2792	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2656 wrote to memory of 2792	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2656 wrote to memory of 2792	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2656 wrote to memory of 2832	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2656 wrote to memory of 2832	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2656 wrote to memory of 2832	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2656 wrote to memory of 2776	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2656 wrote to memory of 2776	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2656 wrote to memory of 2776	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2656 wrote to memory of 2708	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2656 wrote to memory of 2708	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2656 wrote to memory of 2708	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2656 wrote to memory of 2600	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2656 wrote to memory of 2600	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2656 wrote to memory of 2600	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2656 wrote to memory of 2596	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2656 wrote to memory of 2596	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2656 wrote to memory of 2596	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2656 wrote to memory of 3036	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2656 wrote to memory of 3036	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2656 wrote to memory of 3036	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2656 wrote to memory of 2224	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2656 wrote to memory of 2224	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2656 wrote to memory of 2224	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2656 wrote to memory of 2868	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2656 wrote to memory of 2868	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2656 wrote to memory of 2868	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2656 wrote to memory of 2272	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2656 wrote to memory of 2272	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2656 wrote to memory of 2272	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2656 wrote to memory of 2524	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2656 wrote to memory of 2524	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2656 wrote to memory of 2524	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2656 wrote to memory of 3024	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2656 wrote to memory of 3024	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2656 wrote to memory of 3024	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2656 wrote to memory of 2192	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2656 wrote to memory of 2192	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2656 wrote to memory of 2192	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2656 wrote to memory of 2896	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2656 wrote to memory of 2896	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2656 wrote to memory of 2896	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2656 wrote to memory of 1972	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2656 wrote to memory of 1972	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2656 wrote to memory of 1972	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2656 wrote to memory of 2164	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2656 wrote to memory of 2164	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2656 wrote to memory of 2164	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2656 wrote to memory of 1984	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2656 wrote to memory of 1984	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2656 wrote to memory of 1984	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2656 wrote to memory of 1420	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2656 wrote to memory of 1420	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2656 wrote to memory of 1420	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2656 wrote to memory of 760	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2656 wrote to memory of 760	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2656 wrote to memory of 760	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2656 wrote to memory of 792	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2656 wrote to memory of 792	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2656 wrote to memory of 792	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2656 wrote to memory of 1668	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2656 wrote to memory of 1668	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2656 wrote to memory of 1668	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2656 wrote to memory of 2148	2656	2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_b5f05c201a14b5f4d8be1b05dd0a7505_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Windows\System\QJpZIgB.exe
  C:\Windows\System\QJpZIgB.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\SEAEUoy.exe
  C:\Windows\System\SEAEUoy.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\Bkpgyqk.exe
  C:\Windows\System\Bkpgyqk.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\RCOFrzj.exe
  C:\Windows\System\RCOFrzj.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\RHmZkHz.exe
  C:\Windows\System\RHmZkHz.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\JVKUtqO.exe
  C:\Windows\System\JVKUtqO.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\oDiyWZf.exe
  C:\Windows\System\oDiyWZf.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\afrtKzo.exe
  C:\Windows\System\afrtKzo.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\XHabeWG.exe
  C:\Windows\System\XHabeWG.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\uLXeiYg.exe
  C:\Windows\System\uLXeiYg.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\LNIzkDs.exe
  C:\Windows\System\LNIzkDs.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\iSFKFIW.exe
  C:\Windows\System\iSFKFIW.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\QwcOQpY.exe
  C:\Windows\System\QwcOQpY.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\BUawoNF.exe
  C:\Windows\System\BUawoNF.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\lYODnfG.exe
  C:\Windows\System\lYODnfG.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\uJjsYwf.exe
  C:\Windows\System\uJjsYwf.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\PoxXBqw.exe
  C:\Windows\System\PoxXBqw.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\OmHlmGN.exe
  C:\Windows\System\OmHlmGN.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\kwfDqKB.exe
  C:\Windows\System\kwfDqKB.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\taSYMXa.exe
  C:\Windows\System\taSYMXa.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\ErmSOKV.exe
  C:\Windows\System\ErmSOKV.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\saQjhxi.exe
  C:\Windows\System\saQjhxi.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\QVNlsnJ.exe
  C:\Windows\System\QVNlsnJ.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\OcqTdzA.exe
  C:\Windows\System\OcqTdzA.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\IcyFsTe.exe
  C:\Windows\System\IcyFsTe.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\mLciseY.exe
  C:\Windows\System\mLciseY.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\YdvDZyZ.exe
  C:\Windows\System\YdvDZyZ.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\dgONVMK.exe
  C:\Windows\System\dgONVMK.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\NIERgfM.exe
  C:\Windows\System\NIERgfM.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\GiNEJtN.exe
  C:\Windows\System\GiNEJtN.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\gPLawyq.exe
  C:\Windows\System\gPLawyq.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\eewYTzS.exe
  C:\Windows\System\eewYTzS.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\GFlceoB.exe
  C:\Windows\System\GFlceoB.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\NUOheqM.exe
  C:\Windows\System\NUOheqM.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\VMcvTOS.exe
  C:\Windows\System\VMcvTOS.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\xPJUIKA.exe
  C:\Windows\System\xPJUIKA.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\NGxXWQx.exe
  C:\Windows\System\NGxXWQx.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\eEAIZHg.exe
  C:\Windows\System\eEAIZHg.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\tjSiTjV.exe
  C:\Windows\System\tjSiTjV.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\CnxygOJ.exe
  C:\Windows\System\CnxygOJ.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\HEgFAga.exe
  C:\Windows\System\HEgFAga.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\NwoQeiS.exe
  C:\Windows\System\NwoQeiS.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\oiLaWaD.exe
  C:\Windows\System\oiLaWaD.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\uzWMXfF.exe
  C:\Windows\System\uzWMXfF.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\CmcEarC.exe
  C:\Windows\System\CmcEarC.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\znLmUSZ.exe
  C:\Windows\System\znLmUSZ.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\qPVEicO.exe
  C:\Windows\System\qPVEicO.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\diWnUfB.exe
  C:\Windows\System\diWnUfB.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\lECQqvM.exe
  C:\Windows\System\lECQqvM.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\rXmsRrU.exe
  C:\Windows\System\rXmsRrU.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\rrQUNam.exe
  C:\Windows\System\rrQUNam.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\TArREJo.exe
  C:\Windows\System\TArREJo.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\fnYZJNZ.exe
  C:\Windows\System\fnYZJNZ.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\BuHdDfh.exe
  C:\Windows\System\BuHdDfh.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\YdnUCvG.exe
  C:\Windows\System\YdnUCvG.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\BVqpkVS.exe
  C:\Windows\System\BVqpkVS.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\FDxHEIz.exe
  C:\Windows\System\FDxHEIz.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\XkKkaxY.exe
  C:\Windows\System\XkKkaxY.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\hpnWcKI.exe
  C:\Windows\System\hpnWcKI.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\tfLvabn.exe
  C:\Windows\System\tfLvabn.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\grAsTon.exe
  C:\Windows\System\grAsTon.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\KOtsuIE.exe
  C:\Windows\System\KOtsuIE.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\GBzNQMn.exe
  C:\Windows\System\GBzNQMn.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\UEpQNIb.exe
  C:\Windows\System\UEpQNIb.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\dWwcaEQ.exe
  C:\Windows\System\dWwcaEQ.exe
  2⤵
  PID:2184
- C:\Windows\System\xXCayGu.exe
  C:\Windows\System\xXCayGu.exe
  2⤵
  PID:1976
- C:\Windows\System\fTxpnww.exe
  C:\Windows\System\fTxpnww.exe
  2⤵
  PID:1672
- C:\Windows\System\LBSDvNT.exe
  C:\Windows\System\LBSDvNT.exe
  2⤵
  PID:2384
- C:\Windows\System\dvzPtCU.exe
  C:\Windows\System\dvzPtCU.exe
  2⤵
  PID:2968
- C:\Windows\System\VshcenF.exe
  C:\Windows\System\VshcenF.exe
  2⤵
  PID:2960
- C:\Windows\System\HeKesjN.exe
  C:\Windows\System\HeKesjN.exe
  2⤵
  PID:1348
- C:\Windows\System\uwQQztT.exe
  C:\Windows\System\uwQQztT.exe
  2⤵
  PID:916
- C:\Windows\System\KDCgsul.exe
  C:\Windows\System\KDCgsul.exe
  2⤵
  PID:1748
- C:\Windows\System\NlByyjs.exe
  C:\Windows\System\NlByyjs.exe
  2⤵
  PID:2400
- C:\Windows\System\WcfhNqj.exe
  C:\Windows\System\WcfhNqj.exe
  2⤵
  PID:1232
- C:\Windows\System\fXcSCpn.exe
  C:\Windows\System\fXcSCpn.exe
  2⤵
  PID:1632
- C:\Windows\System\tPmtHkL.exe
  C:\Windows\System\tPmtHkL.exe
  2⤵
  PID:1640
- C:\Windows\System\iNoRMcI.exe
  C:\Windows\System\iNoRMcI.exe
  2⤵
  PID:2488
- C:\Windows\System\nUtvMbL.exe
  C:\Windows\System\nUtvMbL.exe
  2⤵
  PID:2764
- C:\Windows\System\XMFvfIb.exe
  C:\Windows\System\XMFvfIb.exe
  2⤵
  PID:2244
- C:\Windows\System\uHsciyW.exe
  C:\Windows\System\uHsciyW.exe
  2⤵
  PID:2476
- C:\Windows\System\HVRMfHk.exe
  C:\Windows\System\HVRMfHk.exe
  2⤵
  PID:2352
- C:\Windows\System\qiJWsxs.exe
  C:\Windows\System\qiJWsxs.exe
  2⤵
  PID:2472
- C:\Windows\System\DxEiITY.exe
  C:\Windows\System\DxEiITY.exe
  2⤵
  PID:1188
- C:\Windows\System\xvOkova.exe
  C:\Windows\System\xvOkova.exe
  2⤵
  PID:1800
- C:\Windows\System\ODKhlWx.exe
  C:\Windows\System\ODKhlWx.exe
  2⤵
  PID:2784
- C:\Windows\System\KjRQGKH.exe
  C:\Windows\System\KjRQGKH.exe
  2⤵
  PID:2712
- C:\Windows\System\iKQXRMU.exe
  C:\Windows\System\iKQXRMU.exe
  2⤵
  PID:2560
- C:\Windows\System\uaOBdrC.exe
  C:\Windows\System\uaOBdrC.exe
  2⤵
  PID:3004
- C:\Windows\System\BmbEBhG.exe
  C:\Windows\System\BmbEBhG.exe
  2⤵
  PID:2636
- C:\Windows\System\TxbqisZ.exe
  C:\Windows\System\TxbqisZ.exe
  2⤵
  PID:2952
- C:\Windows\System\ZkMsNqI.exe
  C:\Windows\System\ZkMsNqI.exe
  2⤵
  PID:1996
- C:\Windows\System\MDyoeQv.exe
  C:\Windows\System\MDyoeQv.exe
  2⤵
  PID:652
- C:\Windows\System\CmncxhJ.exe
  C:\Windows\System\CmncxhJ.exe
  2⤵
  PID:2416
- C:\Windows\System\hctNztu.exe
  C:\Windows\System\hctNztu.exe
  2⤵
  PID:3052
- C:\Windows\System\QYcawhK.exe
  C:\Windows\System\QYcawhK.exe
  2⤵
  PID:2040
- C:\Windows\System\SnlJXSR.exe
  C:\Windows\System\SnlJXSR.exe
  2⤵
  PID:2436
- C:\Windows\System\LBBOgfW.exe
  C:\Windows\System\LBBOgfW.exe
  2⤵
  PID:2056
- C:\Windows\System\uqKaErF.exe
  C:\Windows\System\uqKaErF.exe
  2⤵
  PID:1724
- C:\Windows\System\FneYrDd.exe
  C:\Windows\System\FneYrDd.exe
  2⤵
  PID:1196
- C:\Windows\System\CrmZdBL.exe
  C:\Windows\System\CrmZdBL.exe
  2⤵
  PID:672
- C:\Windows\System\plPxdWN.exe
  C:\Windows\System\plPxdWN.exe
  2⤵
  PID:1328
- C:\Windows\System\sJcOfdy.exe
  C:\Windows\System\sJcOfdy.exe
  2⤵
  PID:2456
- C:\Windows\System\CisDVjD.exe
  C:\Windows\System\CisDVjD.exe
  2⤵
  PID:1088
- C:\Windows\System\jHnqiAR.exe
  C:\Windows\System\jHnqiAR.exe
  2⤵
  PID:2740
- C:\Windows\System\lrChRCn.exe
  C:\Windows\System\lrChRCn.exe
  2⤵
  PID:2676
- C:\Windows\System\ZIVlhuW.exe
  C:\Windows\System\ZIVlhuW.exe
  2⤵
  PID:2680
- C:\Windows\System\ETbYZJH.exe
  C:\Windows\System\ETbYZJH.exe
  2⤵
  PID:3088
- C:\Windows\System\qjotyNT.exe
  C:\Windows\System\qjotyNT.exe
  2⤵
  PID:3108
- C:\Windows\System\EQsXCGg.exe
  C:\Windows\System\EQsXCGg.exe
  2⤵
  PID:3128
- C:\Windows\System\gkRCtiA.exe
  C:\Windows\System\gkRCtiA.exe
  2⤵
  PID:3148
- C:\Windows\System\TNLiJYe.exe
  C:\Windows\System\TNLiJYe.exe
  2⤵
  PID:3164
- C:\Windows\System\CEOXZpE.exe
  C:\Windows\System\CEOXZpE.exe
  2⤵
  PID:3188
- C:\Windows\System\wANNizi.exe
  C:\Windows\System\wANNizi.exe
  2⤵
  PID:3204
- C:\Windows\System\RaAJIDf.exe
  C:\Windows\System\RaAJIDf.exe
  2⤵
  PID:3232
- C:\Windows\System\bsuBzjs.exe
  C:\Windows\System\bsuBzjs.exe
  2⤵
  PID:3252
- C:\Windows\System\muITyHX.exe
  C:\Windows\System\muITyHX.exe
  2⤵
  PID:3272
- C:\Windows\System\ucJEeqO.exe
  C:\Windows\System\ucJEeqO.exe
  2⤵
  PID:3292
- C:\Windows\System\eunqhFp.exe
  C:\Windows\System\eunqhFp.exe
  2⤵
  PID:3312
- C:\Windows\System\EdVjYAh.exe
  C:\Windows\System\EdVjYAh.exe
  2⤵
  PID:3332
- C:\Windows\System\btofThv.exe
  C:\Windows\System\btofThv.exe
  2⤵
  PID:3352
- C:\Windows\System\rLyGJZq.exe
  C:\Windows\System\rLyGJZq.exe
  2⤵
  PID:3368
- C:\Windows\System\dFGenxi.exe
  C:\Windows\System\dFGenxi.exe
  2⤵
  PID:3392
- C:\Windows\System\aihmntV.exe
  C:\Windows\System\aihmntV.exe
  2⤵
  PID:3412
- C:\Windows\System\bkgJGsA.exe
  C:\Windows\System\bkgJGsA.exe
  2⤵
  PID:3432
- C:\Windows\System\DhnUbNo.exe
  C:\Windows\System\DhnUbNo.exe
  2⤵
  PID:3452
- C:\Windows\System\KoGRbWd.exe
  C:\Windows\System\KoGRbWd.exe
  2⤵
  PID:3476
- C:\Windows\System\wxBSYTL.exe
  C:\Windows\System\wxBSYTL.exe
  2⤵
  PID:3496
- C:\Windows\System\PdgeCsS.exe
  C:\Windows\System\PdgeCsS.exe
  2⤵
  PID:3516
- C:\Windows\System\TyneoyW.exe
  C:\Windows\System\TyneoyW.exe
  2⤵
  PID:3532
- C:\Windows\System\jHVfgkK.exe
  C:\Windows\System\jHVfgkK.exe
  2⤵
  PID:3556
- C:\Windows\System\pSgtoXW.exe
  C:\Windows\System\pSgtoXW.exe
  2⤵
  PID:3576
- C:\Windows\System\bIzmenj.exe
  C:\Windows\System\bIzmenj.exe
  2⤵
  PID:3596
- C:\Windows\System\xmxXlcI.exe
  C:\Windows\System\xmxXlcI.exe
  2⤵
  PID:3616
- C:\Windows\System\GYQKxBm.exe
  C:\Windows\System\GYQKxBm.exe
  2⤵
  PID:3636
- C:\Windows\System\SONsAZE.exe
  C:\Windows\System\SONsAZE.exe
  2⤵
  PID:3656
- C:\Windows\System\OwfxYiY.exe
  C:\Windows\System\OwfxYiY.exe
  2⤵
  PID:3676
- C:\Windows\System\DYPsjIC.exe
  C:\Windows\System\DYPsjIC.exe
  2⤵
  PID:3692
- C:\Windows\System\QPQkSyY.exe
  C:\Windows\System\QPQkSyY.exe
  2⤵
  PID:3716
- C:\Windows\System\ADoBJjE.exe
  C:\Windows\System\ADoBJjE.exe
  2⤵
  PID:3736
- C:\Windows\System\MCUEDgT.exe
  C:\Windows\System\MCUEDgT.exe
  2⤵
  PID:3756
- C:\Windows\System\sUbCykT.exe
  C:\Windows\System\sUbCykT.exe
  2⤵
  PID:3772
- C:\Windows\System\PuJLfuH.exe
  C:\Windows\System\PuJLfuH.exe
  2⤵
  PID:3796
- C:\Windows\System\GayqCjd.exe
  C:\Windows\System\GayqCjd.exe
  2⤵
  PID:3816
- C:\Windows\System\GIwsQOo.exe
  C:\Windows\System\GIwsQOo.exe
  2⤵
  PID:3836
- C:\Windows\System\onqEJaF.exe
  C:\Windows\System\onqEJaF.exe
  2⤵
  PID:3860
- C:\Windows\System\PUTyPBs.exe
  C:\Windows\System\PUTyPBs.exe
  2⤵
  PID:3880
- C:\Windows\System\VNkHWnA.exe
  C:\Windows\System\VNkHWnA.exe
  2⤵
  PID:3900
- C:\Windows\System\KGFqLhg.exe
  C:\Windows\System\KGFqLhg.exe
  2⤵
  PID:3920
- C:\Windows\System\tXFafHA.exe
  C:\Windows\System\tXFafHA.exe
  2⤵
  PID:3940
- C:\Windows\System\tDAenhu.exe
  C:\Windows\System\tDAenhu.exe
  2⤵
  PID:3960
- C:\Windows\System\knVnBTd.exe
  C:\Windows\System\knVnBTd.exe
  2⤵
  PID:3984
- C:\Windows\System\BaPpRoe.exe
  C:\Windows\System\BaPpRoe.exe
  2⤵
  PID:4004
- C:\Windows\System\imSbaVx.exe
  C:\Windows\System\imSbaVx.exe
  2⤵
  PID:4024
- C:\Windows\System\hdVGnIf.exe
  C:\Windows\System\hdVGnIf.exe
  2⤵
  PID:4044
- C:\Windows\System\hRdqYgu.exe
  C:\Windows\System\hRdqYgu.exe
  2⤵
  PID:4064
- C:\Windows\System\CergioH.exe
  C:\Windows\System\CergioH.exe
  2⤵
  PID:4084
- C:\Windows\System\rUDYXOQ.exe
  C:\Windows\System\rUDYXOQ.exe
  2⤵
  PID:1772
- C:\Windows\System\LQRWQVq.exe
  C:\Windows\System\LQRWQVq.exe
  2⤵
  PID:320
- C:\Windows\System\URcUlpT.exe
  C:\Windows\System\URcUlpT.exe
  2⤵
  PID:1780
- C:\Windows\System\KMbIXNB.exe
  C:\Windows\System\KMbIXNB.exe
  2⤵
  PID:908
- C:\Windows\System\wukBnGi.exe
  C:\Windows\System\wukBnGi.exe
  2⤵
  PID:2380
- C:\Windows\System\qbXGySS.exe
  C:\Windows\System\qbXGySS.exe
  2⤵
  PID:1940
- C:\Windows\System\eZVbMjl.exe
  C:\Windows\System\eZVbMjl.exe
  2⤵
  PID:1920
- C:\Windows\System\WYqlUzq.exe
  C:\Windows\System\WYqlUzq.exe
  2⤵
  PID:2632
- C:\Windows\System\DEcOwJe.exe
  C:\Windows\System\DEcOwJe.exe
  2⤵
  PID:764
- C:\Windows\System\YylFJzb.exe
  C:\Windows\System\YylFJzb.exe
  2⤵
  PID:2992
- C:\Windows\System\ZyHueKT.exe
  C:\Windows\System\ZyHueKT.exe
  2⤵
  PID:2460
- C:\Windows\System\jMrKcUX.exe
  C:\Windows\System\jMrKcUX.exe
  2⤵
  PID:3080
- C:\Windows\System\spcLERd.exe
  C:\Windows\System\spcLERd.exe
  2⤵
  PID:3116
- C:\Windows\System\QjqxILg.exe
  C:\Windows\System\QjqxILg.exe
  2⤵
  PID:3176
- C:\Windows\System\JJqPWmU.exe
  C:\Windows\System\JJqPWmU.exe
  2⤵
  PID:3196
- C:\Windows\System\oYTPihW.exe
  C:\Windows\System\oYTPihW.exe
  2⤵
  PID:3216
- C:\Windows\System\VqOoWOe.exe
  C:\Windows\System\VqOoWOe.exe
  2⤵
  PID:3244
- C:\Windows\System\RbaLcrS.exe
  C:\Windows\System\RbaLcrS.exe
  2⤵
  PID:3228
- C:\Windows\System\HYMSeYg.exe
  C:\Windows\System\HYMSeYg.exe
  2⤵
  PID:3320
- C:\Windows\System\xiHgngQ.exe
  C:\Windows\System\xiHgngQ.exe
  2⤵
  PID:3388
- C:\Windows\System\HUMkUhi.exe
  C:\Windows\System\HUMkUhi.exe
  2⤵
  PID:3404
- C:\Windows\System\hazUjLG.exe
  C:\Windows\System\hazUjLG.exe
  2⤵
  PID:3472
- C:\Windows\System\ftKrJZm.exe
  C:\Windows\System\ftKrJZm.exe
  2⤵
  PID:3440
- C:\Windows\System\ciHWYzm.exe
  C:\Windows\System\ciHWYzm.exe
  2⤵
  PID:3492
- C:\Windows\System\zQuLkVi.exe
  C:\Windows\System\zQuLkVi.exe
  2⤵
  PID:2704
- C:\Windows\System\xBEILYT.exe
  C:\Windows\System\xBEILYT.exe
  2⤵
  PID:3592
- C:\Windows\System\RgUCIet.exe
  C:\Windows\System\RgUCIet.exe
  2⤵
  PID:3624
- C:\Windows\System\acQWsab.exe
  C:\Windows\System\acQWsab.exe
  2⤵
  PID:3604
- C:\Windows\System\eTsOoji.exe
  C:\Windows\System\eTsOoji.exe
  2⤵
  PID:3652
- C:\Windows\System\cZwjHqU.exe
  C:\Windows\System\cZwjHqU.exe
  2⤵
  PID:3684
- C:\Windows\System\zLccMAr.exe
  C:\Windows\System\zLccMAr.exe
  2⤵
  PID:3724
- C:\Windows\System\MdAsNzs.exe
  C:\Windows\System\MdAsNzs.exe
  2⤵
  PID:3788
- C:\Windows\System\LCxAXib.exe
  C:\Windows\System\LCxAXib.exe
  2⤵
  PID:3824
- C:\Windows\System\WkbUYbb.exe
  C:\Windows\System\WkbUYbb.exe
  2⤵
  PID:3812
- C:\Windows\System\ODNtrch.exe
  C:\Windows\System\ODNtrch.exe
  2⤵
  PID:3844
- C:\Windows\System\diTrNMv.exe
  C:\Windows\System\diTrNMv.exe
  2⤵
  PID:3888
- C:\Windows\System\XNMPbMx.exe
  C:\Windows\System\XNMPbMx.exe
  2⤵
  PID:3928
- C:\Windows\System\OHMReuG.exe
  C:\Windows\System\OHMReuG.exe
  2⤵
  PID:4000
- C:\Windows\System\UFEFxWM.exe
  C:\Windows\System\UFEFxWM.exe
  2⤵
  PID:4032
- C:\Windows\System\NBjOnrr.exe
  C:\Windows\System\NBjOnrr.exe
  2⤵
  PID:4072
- C:\Windows\System\PqCeQFK.exe
  C:\Windows\System\PqCeQFK.exe
  2⤵
  PID:4060
- C:\Windows\System\bXPExbn.exe
  C:\Windows\System\bXPExbn.exe
  2⤵
  PID:2884
- C:\Windows\System\UbixtHb.exe
  C:\Windows\System\UbixtHb.exe
  2⤵
  PID:264
- C:\Windows\System\OUWVPqe.exe
  C:\Windows\System\OUWVPqe.exe
  2⤵
  PID:1536
- C:\Windows\System\TLxnYwN.exe
  C:\Windows\System\TLxnYwN.exe
  2⤵
  PID:1760
- C:\Windows\System\hWmIURW.exe
  C:\Windows\System\hWmIURW.exe
  2⤵
  PID:3856
- C:\Windows\System\Lwlgbod.exe
  C:\Windows\System\Lwlgbod.exe
  2⤵
  PID:2808
- C:\Windows\System\iRdtDvJ.exe
  C:\Windows\System\iRdtDvJ.exe
  2⤵
  PID:2608
- C:\Windows\System\iSJWcEV.exe
  C:\Windows\System\iSJWcEV.exe
  2⤵
  PID:3140
- C:\Windows\System\vGzCAeL.exe
  C:\Windows\System\vGzCAeL.exe
  2⤵
  PID:3224
- C:\Windows\System\XVznpYg.exe
  C:\Windows\System\XVznpYg.exe
  2⤵
  PID:3280
- C:\Windows\System\jKKfSSh.exe
  C:\Windows\System\jKKfSSh.exe
  2⤵
  PID:3268
- C:\Windows\System\WiPFvXo.exe
  C:\Windows\System\WiPFvXo.exe
  2⤵
  PID:3344
- C:\Windows\System\PNwXaQu.exe
  C:\Windows\System\PNwXaQu.exe
  2⤵
  PID:3400
- C:\Windows\System\YwBPgcF.exe
  C:\Windows\System\YwBPgcF.exe
  2⤵
  PID:3504
- C:\Windows\System\NushLOc.exe
  C:\Windows\System\NushLOc.exe
  2⤵
  PID:3584
- C:\Windows\System\QIaiMsu.exe
  C:\Windows\System\QIaiMsu.exe
  2⤵
  PID:3564
- C:\Windows\System\QFbTKMs.exe
  C:\Windows\System\QFbTKMs.exe
  2⤵
  PID:3672
- C:\Windows\System\wZeVKjo.exe
  C:\Windows\System\wZeVKjo.exe
  2⤵
  PID:3644
- C:\Windows\System\kJDjjad.exe
  C:\Windows\System\kJDjjad.exe
  2⤵
  PID:3732
- C:\Windows\System\yaorvYG.exe
  C:\Windows\System\yaorvYG.exe
  2⤵
  PID:3828
- C:\Windows\System\tBMoVfO.exe
  C:\Windows\System\tBMoVfO.exe
  2⤵
  PID:3916
- C:\Windows\System\ulDLufQ.exe
  C:\Windows\System\ulDLufQ.exe
  2⤵
  PID:3936
- C:\Windows\System\upNllNS.exe
  C:\Windows\System\upNllNS.exe
  2⤵
  PID:3892
- C:\Windows\System\MMNLYXn.exe
  C:\Windows\System\MMNLYXn.exe
  2⤵
  PID:3976
- C:\Windows\System\BiGnlUK.exe
  C:\Windows\System\BiGnlUK.exe
  2⤵
  PID:3996
- C:\Windows\System\jTsgvYd.exe
  C:\Windows\System\jTsgvYd.exe
  2⤵
  PID:2080
- C:\Windows\System\eeGjNTo.exe
  C:\Windows\System\eeGjNTo.exe
  2⤵
  PID:2052
- C:\Windows\System\kyHgqQP.exe
  C:\Windows\System\kyHgqQP.exe
  2⤵
  PID:3104
- C:\Windows\System\oZQckYF.exe
  C:\Windows\System\oZQckYF.exe
  2⤵
  PID:888
- C:\Windows\System\jeBoDbS.exe
  C:\Windows\System\jeBoDbS.exe
  2⤵
  PID:3300
- C:\Windows\System\owqCgPn.exe
  C:\Windows\System\owqCgPn.exe
  2⤵
  PID:3160
- C:\Windows\System\XFDGZMa.exe
  C:\Windows\System\XFDGZMa.exe
  2⤵
  PID:3364
- C:\Windows\System\FxrXCFU.exe
  C:\Windows\System\FxrXCFU.exe
  2⤵
  PID:3544
- C:\Windows\System\amyyBMU.exe
  C:\Windows\System\amyyBMU.exe
  2⤵
  PID:3408
- C:\Windows\System\bulCYEx.exe
  C:\Windows\System\bulCYEx.exe
  2⤵
  PID:3572
- C:\Windows\System\WoJOfBa.exe
  C:\Windows\System\WoJOfBa.exe
  2⤵
  PID:2724
- C:\Windows\System\KyDtxjX.exe
  C:\Windows\System\KyDtxjX.exe
  2⤵
  PID:3712
- C:\Windows\System\ICyxNUs.exe
  C:\Windows\System\ICyxNUs.exe
  2⤵
  PID:3764
- C:\Windows\System\xlmWzDj.exe
  C:\Windows\System\xlmWzDj.exe
  2⤵
  PID:2844
- C:\Windows\System\kPuDYCA.exe
  C:\Windows\System\kPuDYCA.exe
  2⤵
  PID:3872
- C:\Windows\System\sggYFtg.exe
  C:\Windows\System\sggYFtg.exe
  2⤵
  PID:4016
- C:\Windows\System\GfVQMWM.exe
  C:\Windows\System\GfVQMWM.exe
  2⤵
  PID:1712
- C:\Windows\System\wWBBQqD.exe
  C:\Windows\System\wWBBQqD.exe
  2⤵
  PID:3172
- C:\Windows\System\JlPwisE.exe
  C:\Windows\System\JlPwisE.exe
  2⤵
  PID:3144
- C:\Windows\System\cCGTCdb.exe
  C:\Windows\System\cCGTCdb.exe
  2⤵
  PID:3548
- C:\Windows\System\YVoNeHg.exe
  C:\Windows\System\YVoNeHg.exe
  2⤵
  PID:3512
- C:\Windows\System\saqKuZG.exe
  C:\Windows\System\saqKuZG.exe
  2⤵
  PID:3552
- C:\Windows\System\MXAJEEK.exe
  C:\Windows\System\MXAJEEK.exe
  2⤵
  PID:2892
- C:\Windows\System\BrWcwHM.exe
  C:\Windows\System\BrWcwHM.exe
  2⤵
  PID:3952
- C:\Windows\System\FAKCBCT.exe
  C:\Windows\System\FAKCBCT.exe
  2⤵
  PID:4052
- C:\Windows\System\uBuEDPS.exe
  C:\Windows\System\uBuEDPS.exe
  2⤵
  PID:2768
- C:\Windows\System\PeTKAHY.exe
  C:\Windows\System\PeTKAHY.exe
  2⤵
  PID:4108
- C:\Windows\System\JVDtDul.exe
  C:\Windows\System\JVDtDul.exe
  2⤵
  PID:4132
- C:\Windows\System\UBVxvaY.exe
  C:\Windows\System\UBVxvaY.exe
  2⤵
  PID:4148
- C:\Windows\System\YKjLVbt.exe
  C:\Windows\System\YKjLVbt.exe
  2⤵
  PID:4172
- C:\Windows\System\ZtWupfK.exe
  C:\Windows\System\ZtWupfK.exe
  2⤵
  PID:4192
- C:\Windows\System\uPhKLtE.exe
  C:\Windows\System\uPhKLtE.exe
  2⤵
  PID:4212
- C:\Windows\System\OphyrAI.exe
  C:\Windows\System\OphyrAI.exe
  2⤵
  PID:4232
- C:\Windows\System\ombUCpA.exe
  C:\Windows\System\ombUCpA.exe
  2⤵
  PID:4252
- C:\Windows\System\mshZvdJ.exe
  C:\Windows\System\mshZvdJ.exe
  2⤵
  PID:4272
- C:\Windows\System\EPvNJHD.exe
  C:\Windows\System\EPvNJHD.exe
  2⤵
  PID:4292
- C:\Windows\System\ffpFQMC.exe
  C:\Windows\System\ffpFQMC.exe
  2⤵
  PID:4316
- C:\Windows\System\FinAWYB.exe
  C:\Windows\System\FinAWYB.exe
  2⤵
  PID:4336
- C:\Windows\System\YcCrsuI.exe
  C:\Windows\System\YcCrsuI.exe
  2⤵
  PID:4356
- C:\Windows\System\bNglHdc.exe
  C:\Windows\System\bNglHdc.exe
  2⤵
  PID:4376
- C:\Windows\System\cZiIgAv.exe
  C:\Windows\System\cZiIgAv.exe
  2⤵
  PID:4392
- C:\Windows\System\jezQIKc.exe
  C:\Windows\System\jezQIKc.exe
  2⤵
  PID:4416
- C:\Windows\System\GBWOKli.exe
  C:\Windows\System\GBWOKli.exe
  2⤵
  PID:4436
- C:\Windows\System\YJzlCOe.exe
  C:\Windows\System\YJzlCOe.exe
  2⤵
  PID:4456
- C:\Windows\System\BztCkut.exe
  C:\Windows\System\BztCkut.exe
  2⤵
  PID:4472
- C:\Windows\System\eoajNcQ.exe
  C:\Windows\System\eoajNcQ.exe
  2⤵
  PID:4496
- C:\Windows\System\YJLiLIO.exe
  C:\Windows\System\YJLiLIO.exe
  2⤵
  PID:4512
- C:\Windows\System\sVWANpm.exe
  C:\Windows\System\sVWANpm.exe
  2⤵
  PID:4536
- C:\Windows\System\TIvRNmp.exe
  C:\Windows\System\TIvRNmp.exe
  2⤵
  PID:4552
- C:\Windows\System\UfNtGza.exe
  C:\Windows\System\UfNtGza.exe
  2⤵
  PID:4576
- C:\Windows\System\wlzjiaF.exe
  C:\Windows\System\wlzjiaF.exe
  2⤵
  PID:4592
- C:\Windows\System\ZvJJeVW.exe
  C:\Windows\System\ZvJJeVW.exe
  2⤵
  PID:4612
- C:\Windows\System\cZvSjkp.exe
  C:\Windows\System\cZvSjkp.exe
  2⤵
  PID:4632
- C:\Windows\System\aOrCMZt.exe
  C:\Windows\System\aOrCMZt.exe
  2⤵
  PID:4656
- C:\Windows\System\MsFOXtA.exe
  C:\Windows\System\MsFOXtA.exe
  2⤵
  PID:4676
- C:\Windows\System\oOhjkHp.exe
  C:\Windows\System\oOhjkHp.exe
  2⤵
  PID:4696
- C:\Windows\System\PeWvTaF.exe
  C:\Windows\System\PeWvTaF.exe
  2⤵
  PID:4716
- C:\Windows\System\sRwlALE.exe
  C:\Windows\System\sRwlALE.exe
  2⤵
  PID:4736
- C:\Windows\System\dhTEJRE.exe
  C:\Windows\System\dhTEJRE.exe
  2⤵
  PID:4752
- C:\Windows\System\MNaOMvs.exe
  C:\Windows\System\MNaOMvs.exe
  2⤵
  PID:4776
- C:\Windows\System\kvjkauN.exe
  C:\Windows\System\kvjkauN.exe
  2⤵
  PID:4796
- C:\Windows\System\xAJbupZ.exe
  C:\Windows\System\xAJbupZ.exe
  2⤵
  PID:4816
- C:\Windows\System\aqwBjEW.exe
  C:\Windows\System\aqwBjEW.exe
  2⤵
  PID:4832
- C:\Windows\System\slRLAoh.exe
  C:\Windows\System\slRLAoh.exe
  2⤵
  PID:4856
- C:\Windows\System\llAldoR.exe
  C:\Windows\System\llAldoR.exe
  2⤵
  PID:4872
- C:\Windows\System\EvnlBdn.exe
  C:\Windows\System\EvnlBdn.exe
  2⤵
  PID:4896
- C:\Windows\System\GgFFKTq.exe
  C:\Windows\System\GgFFKTq.exe
  2⤵
  PID:4912
- C:\Windows\System\dbFmrbx.exe
  C:\Windows\System\dbFmrbx.exe
  2⤵
  PID:4936
- C:\Windows\System\QcUhiIW.exe
  C:\Windows\System\QcUhiIW.exe
  2⤵
  PID:4956
- C:\Windows\System\BZSIBKi.exe
  C:\Windows\System\BZSIBKi.exe
  2⤵
  PID:4980
- C:\Windows\System\TgbZpzZ.exe
  C:\Windows\System\TgbZpzZ.exe
  2⤵
  PID:4996
- C:\Windows\System\OlrwljJ.exe
  C:\Windows\System\OlrwljJ.exe
  2⤵
  PID:5020
- C:\Windows\System\GFYbbzX.exe
  C:\Windows\System\GFYbbzX.exe
  2⤵
  PID:5036
- C:\Windows\System\EYggnZj.exe
  C:\Windows\System\EYggnZj.exe
  2⤵
  PID:5060
- C:\Windows\System\SHzHkAz.exe
  C:\Windows\System\SHzHkAz.exe
  2⤵
  PID:5076
- C:\Windows\System\CusvNdT.exe
  C:\Windows\System\CusvNdT.exe
  2⤵
  PID:5100
- C:\Windows\System\Tggqfeg.exe
  C:\Windows\System\Tggqfeg.exe
  2⤵
  PID:3380
- C:\Windows\System\dWxasXJ.exe
  C:\Windows\System\dWxasXJ.exe
  2⤵
  PID:3220
- C:\Windows\System\fdwqBux.exe
  C:\Windows\System\fdwqBux.exe
  2⤵
  PID:2812
- C:\Windows\System\vspvwnh.exe
  C:\Windows\System\vspvwnh.exe
  2⤵
  PID:3956
- C:\Windows\System\nGWmWmq.exe
  C:\Windows\System\nGWmWmq.exe
  2⤵
  PID:1956
- C:\Windows\System\HcmgPFC.exe
  C:\Windows\System\HcmgPFC.exe
  2⤵
  PID:4116
- C:\Windows\System\Wqhoprz.exe
  C:\Windows\System\Wqhoprz.exe
  2⤵
  PID:4164
- C:\Windows\System\ZOUUadi.exe
  C:\Windows\System\ZOUUadi.exe
  2⤵
  PID:4104
- C:\Windows\System\mvredim.exe
  C:\Windows\System\mvredim.exe
  2⤵
  PID:4204
- C:\Windows\System\DGQzRZd.exe
  C:\Windows\System\DGQzRZd.exe
  2⤵
  PID:4248
- C:\Windows\System\jvnlmfq.exe
  C:\Windows\System\jvnlmfq.exe
  2⤵
  PID:4224
- C:\Windows\System\hqrQbiy.exe
  C:\Windows\System\hqrQbiy.exe
  2⤵
  PID:4332
- C:\Windows\System\EgooPom.exe
  C:\Windows\System\EgooPom.exe
  2⤵
  PID:4304
- C:\Windows\System\SZqOuYs.exe
  C:\Windows\System\SZqOuYs.exe
  2⤵
  PID:4400
- C:\Windows\System\XqcAkpP.exe
  C:\Windows\System\XqcAkpP.exe
  2⤵
  PID:4348
- C:\Windows\System\pNMswrz.exe
  C:\Windows\System\pNMswrz.exe
  2⤵
  PID:4424
- C:\Windows\System\WKEkgxt.exe
  C:\Windows\System\WKEkgxt.exe
  2⤵
  PID:4480
- C:\Windows\System\OcxAKOr.exe
  C:\Windows\System\OcxAKOr.exe
  2⤵
  PID:4504
- C:\Windows\System\jOwwiso.exe
  C:\Windows\System\jOwwiso.exe
  2⤵
  PID:4528
- C:\Windows\System\fUgIqPJ.exe
  C:\Windows\System\fUgIqPJ.exe
  2⤵
  PID:4572
- C:\Windows\System\dDMfgdx.exe
  C:\Windows\System\dDMfgdx.exe
  2⤵
  PID:4608
- C:\Windows\System\QsJziZB.exe
  C:\Windows\System\QsJziZB.exe
  2⤵
  PID:4652
- C:\Windows\System\nPJYfYH.exe
  C:\Windows\System\nPJYfYH.exe
  2⤵
  PID:4648
- C:\Windows\System\oLJGwpC.exe
  C:\Windows\System\oLJGwpC.exe
  2⤵
  PID:4672
- C:\Windows\System\LCkzVDk.exe
  C:\Windows\System\LCkzVDk.exe
  2⤵
  PID:4704
- C:\Windows\System\rLSSVgJ.exe
  C:\Windows\System\rLSSVgJ.exe
  2⤵
  PID:4772
- C:\Windows\System\jYqgUfi.exe
  C:\Windows\System\jYqgUfi.exe
  2⤵
  PID:4748
- C:\Windows\System\RNnKgLg.exe
  C:\Windows\System\RNnKgLg.exe
  2⤵
  PID:4848
- C:\Windows\System\IPmfXax.exe
  C:\Windows\System\IPmfXax.exe
  2⤵
  PID:4828
- C:\Windows\System\sGxekPS.exe
  C:\Windows\System\sGxekPS.exe
  2⤵
  PID:4888
- C:\Windows\System\EgzfdhJ.exe
  C:\Windows\System\EgzfdhJ.exe
  2⤵
  PID:4928
- C:\Windows\System\eMIAuJr.exe
  C:\Windows\System\eMIAuJr.exe
  2⤵
  PID:4972
- C:\Windows\System\NdeiPkF.exe
  C:\Windows\System\NdeiPkF.exe
  2⤵
  PID:5016
- C:\Windows\System\JLvlSTF.exe
  C:\Windows\System\JLvlSTF.exe
  2⤵
  PID:2744
- C:\Windows\System\DnoceMc.exe
  C:\Windows\System\DnoceMc.exe
  2⤵
  PID:5056
- C:\Windows\System\VhrpPJd.exe
  C:\Windows\System\VhrpPJd.exe
  2⤵
  PID:408
- C:\Windows\System\KzUTSLn.exe
  C:\Windows\System\KzUTSLn.exe
  2⤵
  PID:3348
- C:\Windows\System\enmWkHz.exe
  C:\Windows\System\enmWkHz.exe
  2⤵
  PID:5116
- C:\Windows\System\cVXXljD.exe
  C:\Windows\System\cVXXljD.exe
  2⤵
  PID:3852
- C:\Windows\System\OddsnMr.exe
  C:\Windows\System\OddsnMr.exe
  2⤵
  PID:4040
- C:\Windows\System\MUQdWdx.exe
  C:\Windows\System\MUQdWdx.exe
  2⤵
  PID:4128
- C:\Windows\System\CSVMRqA.exe
  C:\Windows\System\CSVMRqA.exe
  2⤵
  PID:4140
- C:\Windows\System\katgJmN.exe
  C:\Windows\System\katgJmN.exe
  2⤵
  PID:4200
- C:\Windows\System\FAIPcWm.exe
  C:\Windows\System\FAIPcWm.exe
  2⤵
  PID:4976
- C:\Windows\System\NkaXJjL.exe
  C:\Windows\System\NkaXJjL.exe
  2⤵
  PID:4364
- C:\Windows\System\lIKuYYO.exe
  C:\Windows\System\lIKuYYO.exe
  2⤵
  PID:1376
- C:\Windows\System\WdkewRk.exe
  C:\Windows\System\WdkewRk.exe
  2⤵
  PID:4404
- C:\Windows\System\RKTCTeO.exe
  C:\Windows\System\RKTCTeO.exe
  2⤵
  PID:4428
- C:\Windows\System\bfAjZNO.exe
  C:\Windows\System\bfAjZNO.exe
  2⤵
  PID:4532
- C:\Windows\System\TQaGqKf.exe
  C:\Windows\System\TQaGqKf.exe
  2⤵
  PID:4544
- C:\Windows\System\MKJudpE.exe
  C:\Windows\System\MKJudpE.exe
  2⤵
  PID:2828
- C:\Windows\System\EDSWhQg.exe
  C:\Windows\System\EDSWhQg.exe
  2⤵
  PID:4624
- C:\Windows\System\qbrYYnr.exe
  C:\Windows\System\qbrYYnr.exe
  2⤵
  PID:4732
- C:\Windows\System\axRGNQe.exe
  C:\Windows\System\axRGNQe.exe
  2⤵
  PID:4812
- C:\Windows\System\jBzyetm.exe
  C:\Windows\System\jBzyetm.exe
  2⤵
  PID:2540
- C:\Windows\System\wFhevhn.exe
  C:\Windows\System\wFhevhn.exe
  2⤵
  PID:4884
- C:\Windows\System\fJvSXAd.exe
  C:\Windows\System\fJvSXAd.exe
  2⤵
  PID:1524
- C:\Windows\System\pLhbCnX.exe
  C:\Windows\System\pLhbCnX.exe
  2⤵
  PID:4924
- C:\Windows\System\UJFsYXJ.exe
  C:\Windows\System\UJFsYXJ.exe
  2⤵
  PID:2920
- C:\Windows\System\oIdwbhJ.exe
  C:\Windows\System\oIdwbhJ.exe
  2⤵
  PID:1060
- C:\Windows\System\NdmpCNQ.exe
  C:\Windows\System\NdmpCNQ.exe
  2⤵
  PID:4992
- C:\Windows\System\qzlmsdY.exe
  C:\Windows\System\qzlmsdY.exe
  2⤵
  PID:5052
- C:\Windows\System\VmbYFUH.exe
  C:\Windows\System\VmbYFUH.exe
  2⤵
  PID:5032
- C:\Windows\System\RxhSfxi.exe
  C:\Windows\System\RxhSfxi.exe
  2⤵
  PID:4012
- C:\Windows\System\idUaUMo.exe
  C:\Windows\System\idUaUMo.exe
  2⤵
  PID:3744
- C:\Windows\System\LozYDBB.exe
  C:\Windows\System\LozYDBB.exe
  2⤵
  PID:3076
- C:\Windows\System\aOfAtSu.exe
  C:\Windows\System\aOfAtSu.exe
  2⤵
  PID:4188
- C:\Windows\System\SFDKClW.exe
  C:\Windows\System\SFDKClW.exe
  2⤵
  PID:4268
- C:\Windows\System\MdOpdEt.exe
  C:\Windows\System\MdOpdEt.exe
  2⤵
  PID:4432
- C:\Windows\System\LYLHJfB.exe
  C:\Windows\System\LYLHJfB.exe
  2⤵
  PID:4640
- C:\Windows\System\WMfiZbg.exe
  C:\Windows\System\WMfiZbg.exe
  2⤵
  PID:4668
- C:\Windows\System\VaDmzPm.exe
  C:\Windows\System\VaDmzPm.exe
  2⤵
  PID:4804
- C:\Windows\System\tjJqaFA.exe
  C:\Windows\System\tjJqaFA.exe
  2⤵
  PID:4760
- C:\Windows\System\waaJoTU.exe
  C:\Windows\System\waaJoTU.exe
  2⤵
  PID:1844
- C:\Windows\System\CuwuEXl.exe
  C:\Windows\System\CuwuEXl.exe
  2⤵
  PID:2576
- C:\Windows\System\qoNLlxf.exe
  C:\Windows\System\qoNLlxf.exe
  2⤵
  PID:4868
- C:\Windows\System\JUiuOsg.exe
  C:\Windows\System\JUiuOsg.exe
  2⤵
  PID:5004
- C:\Windows\System\brzGPOu.exe
  C:\Windows\System\brzGPOu.exe
  2⤵
  PID:5096
- C:\Windows\System\CeGbVBQ.exe
  C:\Windows\System\CeGbVBQ.exe
  2⤵
  PID:2860
- C:\Windows\System\cGKMOTC.exe
  C:\Windows\System\cGKMOTC.exe
  2⤵
  PID:4300
- C:\Windows\System\pZoQIYO.exe
  C:\Windows\System\pZoQIYO.exe
  2⤵
  PID:4100
- C:\Windows\System\HBzyzHY.exe
  C:\Windows\System\HBzyzHY.exe
  2⤵
  PID:4260
- C:\Windows\System\mxLwJdi.exe
  C:\Windows\System\mxLwJdi.exe
  2⤵
  PID:4560
- C:\Windows\System\hbiwOty.exe
  C:\Windows\System\hbiwOty.exe
  2⤵
  PID:4508
- C:\Windows\System\vyjmdNI.exe
  C:\Windows\System\vyjmdNI.exe
  2⤵
  PID:4464
- C:\Windows\System\Qrompee.exe
  C:\Windows\System\Qrompee.exe
  2⤵
  PID:2728
- C:\Windows\System\oekksgm.exe
  C:\Windows\System\oekksgm.exe
  2⤵
  PID:4904
- C:\Windows\System\DfMNceX.exe
  C:\Windows\System\DfMNceX.exe
  2⤵
  PID:4908
- C:\Windows\System\oYZxqRK.exe
  C:\Windows\System\oYZxqRK.exe
  2⤵
  PID:5108
- C:\Windows\System\IUZyoaC.exe
  C:\Windows\System\IUZyoaC.exe
  2⤵
  PID:2092
- C:\Windows\System\yrJgqhz.exe
  C:\Windows\System\yrJgqhz.exe
  2⤵
  PID:3264
- C:\Windows\System\HnrmDhE.exe
  C:\Windows\System\HnrmDhE.exe
  2⤵
  PID:4448
- C:\Windows\System\BVyMyLh.exe
  C:\Windows\System\BVyMyLh.exe
  2⤵
  PID:4708
- C:\Windows\System\CdcTbvL.exe
  C:\Windows\System\CdcTbvL.exe
  2⤵
  PID:4644
- C:\Windows\System\IzfNEvR.exe
  C:\Windows\System\IzfNEvR.exe
  2⤵
  PID:1764
- C:\Windows\System\egMPFaC.exe
  C:\Windows\System\egMPFaC.exe
  2⤵
  PID:2888
- C:\Windows\System\wUEGVat.exe
  C:\Windows\System\wUEGVat.exe
  2⤵
  PID:5128
- C:\Windows\System\jjfmdds.exe
  C:\Windows\System\jjfmdds.exe
  2⤵
  PID:5148
- C:\Windows\System\zDCCfkB.exe
  C:\Windows\System\zDCCfkB.exe
  2⤵
  PID:5168
- C:\Windows\System\joCGZBU.exe
  C:\Windows\System\joCGZBU.exe
  2⤵
  PID:5188
- C:\Windows\System\YjXbEPT.exe
  C:\Windows\System\YjXbEPT.exe
  2⤵
  PID:5208
- C:\Windows\System\sYRDyoX.exe
  C:\Windows\System\sYRDyoX.exe
  2⤵
  PID:5228
- C:\Windows\System\fwXTxGn.exe
  C:\Windows\System\fwXTxGn.exe
  2⤵
  PID:5248
- C:\Windows\System\ZYxVwBW.exe
  C:\Windows\System\ZYxVwBW.exe
  2⤵
  PID:5268
- C:\Windows\System\RlKyWqE.exe
  C:\Windows\System\RlKyWqE.exe
  2⤵
  PID:5292
- C:\Windows\System\RmrnfqZ.exe
  C:\Windows\System\RmrnfqZ.exe
  2⤵
  PID:5312
- C:\Windows\System\uhjayse.exe
  C:\Windows\System\uhjayse.exe
  2⤵
  PID:5332
- C:\Windows\System\SVpNzdH.exe
  C:\Windows\System\SVpNzdH.exe
  2⤵
  PID:5352
- C:\Windows\System\aCtkYaX.exe
  C:\Windows\System\aCtkYaX.exe
  2⤵
  PID:5372
- C:\Windows\System\iBSKSKk.exe
  C:\Windows\System\iBSKSKk.exe
  2⤵
  PID:5392
- C:\Windows\System\CpKRfuO.exe
  C:\Windows\System\CpKRfuO.exe
  2⤵
  PID:5412
- C:\Windows\System\BqwbXyD.exe
  C:\Windows\System\BqwbXyD.exe
  2⤵
  PID:5432
- C:\Windows\System\mlnifUy.exe
  C:\Windows\System\mlnifUy.exe
  2⤵
  PID:5452
- C:\Windows\System\vjGyEaW.exe
  C:\Windows\System\vjGyEaW.exe
  2⤵
  PID:5472
- C:\Windows\System\LsPyaOC.exe
  C:\Windows\System\LsPyaOC.exe
  2⤵
  PID:5492
- C:\Windows\System\AoEIlcW.exe
  C:\Windows\System\AoEIlcW.exe
  2⤵
  PID:5512
- C:\Windows\System\NianoTj.exe
  C:\Windows\System\NianoTj.exe
  2⤵
  PID:5532
- C:\Windows\System\AytWbXQ.exe
  C:\Windows\System\AytWbXQ.exe
  2⤵
  PID:5552
- C:\Windows\System\aGFRUhN.exe
  C:\Windows\System\aGFRUhN.exe
  2⤵
  PID:5580
- C:\Windows\System\KTFjXpy.exe
  C:\Windows\System\KTFjXpy.exe
  2⤵
  PID:5604
- C:\Windows\System\CrBhSJN.exe
  C:\Windows\System\CrBhSJN.exe
  2⤵
  PID:5620
- C:\Windows\System\YkEjUtJ.exe
  C:\Windows\System\YkEjUtJ.exe
  2⤵
  PID:5636
- C:\Windows\System\FNINluA.exe
  C:\Windows\System\FNINluA.exe
  2⤵
  PID:5660
- C:\Windows\System\GaQrAjU.exe
  C:\Windows\System\GaQrAjU.exe
  2⤵
  PID:5676
- C:\Windows\System\qdbkuUD.exe
  C:\Windows\System\qdbkuUD.exe
  2⤵
  PID:5692
- C:\Windows\System\IgHbAVV.exe
  C:\Windows\System\IgHbAVV.exe
  2⤵
  PID:5712
- C:\Windows\System\KlTryrU.exe
  C:\Windows\System\KlTryrU.exe
  2⤵
  PID:5728
- C:\Windows\System\rYhKNDl.exe
  C:\Windows\System\rYhKNDl.exe
  2⤵
  PID:5748
- C:\Windows\System\TMxOHaI.exe
  C:\Windows\System\TMxOHaI.exe
  2⤵
  PID:5764
- C:\Windows\System\wlJipOC.exe
  C:\Windows\System\wlJipOC.exe
  2⤵
  PID:5804
- C:\Windows\System\GBAljqX.exe
  C:\Windows\System\GBAljqX.exe
  2⤵
  PID:5820
- C:\Windows\System\jlaMbTi.exe
  C:\Windows\System\jlaMbTi.exe
  2⤵
  PID:5836
- C:\Windows\System\uMFelUm.exe
  C:\Windows\System\uMFelUm.exe
  2⤵
  PID:5852
- C:\Windows\System\gevNCuX.exe
  C:\Windows\System\gevNCuX.exe
  2⤵
  PID:5872
- C:\Windows\System\EdMRmVW.exe
  C:\Windows\System\EdMRmVW.exe
  2⤵
  PID:5888
- C:\Windows\System\gCVxEHI.exe
  C:\Windows\System\gCVxEHI.exe
  2⤵
  PID:5904
- C:\Windows\System\ECfxeXl.exe
  C:\Windows\System\ECfxeXl.exe
  2⤵
  PID:5920
- C:\Windows\System\QbQpgbq.exe
  C:\Windows\System\QbQpgbq.exe
  2⤵
  PID:5944
- C:\Windows\System\tHzRMWk.exe
  C:\Windows\System\tHzRMWk.exe
  2⤵
  PID:5960
- C:\Windows\System\MbwhFZT.exe
  C:\Windows\System\MbwhFZT.exe
  2⤵
  PID:6000
- C:\Windows\System\BEbZZCa.exe
  C:\Windows\System\BEbZZCa.exe
  2⤵
  PID:6020
- C:\Windows\System\JnaaLHs.exe
  C:\Windows\System\JnaaLHs.exe
  2⤵
  PID:6040
- C:\Windows\System\LWHXbTW.exe
  C:\Windows\System\LWHXbTW.exe
  2⤵
  PID:6056
- C:\Windows\System\dGjaQFA.exe
  C:\Windows\System\dGjaQFA.exe
  2⤵
  PID:6072
- C:\Windows\System\xbxCfPG.exe
  C:\Windows\System\xbxCfPG.exe
  2⤵
  PID:6092
- C:\Windows\System\vrdgJtW.exe
  C:\Windows\System\vrdgJtW.exe
  2⤵
  PID:6108
- C:\Windows\System\BXgUAWc.exe
  C:\Windows\System\BXgUAWc.exe
  2⤵
  PID:6124
- C:\Windows\System\cIlkabe.exe
  C:\Windows\System\cIlkabe.exe
  2⤵
  PID:3028
- C:\Windows\System\bUaKPmc.exe
  C:\Windows\System\bUaKPmc.exe
  2⤵
  PID:3992
- C:\Windows\System\VhREWvq.exe
  C:\Windows\System\VhREWvq.exe
  2⤵
  PID:4568
- C:\Windows\System\qJItCTb.exe
  C:\Windows\System\qJItCTb.exe
  2⤵
  PID:4892
- C:\Windows\System\QrhAFZF.exe
  C:\Windows\System\QrhAFZF.exe
  2⤵
  PID:5124
- C:\Windows\System\pfbioEH.exe
  C:\Windows\System\pfbioEH.exe
  2⤵
  PID:5156
- C:\Windows\System\oJEzkuJ.exe
  C:\Windows\System\oJEzkuJ.exe
  2⤵
  PID:5164
- C:\Windows\System\KDlrqWg.exe
  C:\Windows\System\KDlrqWg.exe
  2⤵
  PID:5200
- C:\Windows\System\yvBQVbP.exe
  C:\Windows\System\yvBQVbP.exe
  2⤵
  PID:5244
- C:\Windows\System\WzlSLWO.exe
  C:\Windows\System\WzlSLWO.exe
  2⤵
  PID:5276
- C:\Windows\System\FRWAAUw.exe
  C:\Windows\System\FRWAAUw.exe
  2⤵
  PID:5304
- C:\Windows\System\jOjBIaD.exe
  C:\Windows\System\jOjBIaD.exe
  2⤵
  PID:5360
- C:\Windows\System\xnsQyVz.exe
  C:\Windows\System\xnsQyVz.exe
  2⤵
  PID:5404
- C:\Windows\System\ZikZtAk.exe
  C:\Windows\System\ZikZtAk.exe
  2⤵
  PID:5440
- C:\Windows\System\rGDnEYY.exe
  C:\Windows\System\rGDnEYY.exe
  2⤵
  PID:5464
- C:\Windows\System\MtFuTYF.exe
  C:\Windows\System\MtFuTYF.exe
  2⤵
  PID:5484
- C:\Windows\System\iYLFhdK.exe
  C:\Windows\System\iYLFhdK.exe
  2⤵
  PID:292
- C:\Windows\System\cybRWIp.exe
  C:\Windows\System\cybRWIp.exe
  2⤵
  PID:5568
- C:\Windows\System\HzFSCNr.exe
  C:\Windows\System\HzFSCNr.exe
  2⤵
  PID:3972
- C:\Windows\System\UrSBuos.exe
  C:\Windows\System\UrSBuos.exe
  2⤵
  PID:2068
- C:\Windows\System\TmpWlRf.exe
  C:\Windows\System\TmpWlRf.exe
  2⤵
  PID:3012
- C:\Windows\System\KglbyuP.exe
  C:\Windows\System\KglbyuP.exe
  2⤵
  PID:3020
- C:\Windows\System\CbxDJjX.exe
  C:\Windows\System\CbxDJjX.exe
  2⤵
  PID:2368
- C:\Windows\System\IvvOdJD.exe
  C:\Windows\System\IvvOdJD.exe
  2⤵
  PID:568
- C:\Windows\System\ETLbtsz.exe
  C:\Windows\System\ETLbtsz.exe
  2⤵
  PID:2964
- C:\Windows\System\FwsigcN.exe
  C:\Windows\System\FwsigcN.exe
  2⤵
  PID:956
- C:\Windows\System\sMgJnLe.exe
  C:\Windows\System\sMgJnLe.exe
  2⤵
  PID:2220
- C:\Windows\System\MJzWjxJ.exe
  C:\Windows\System\MJzWjxJ.exe
  2⤵
  PID:1900
- C:\Windows\System\YrRlQZd.exe
  C:\Windows\System\YrRlQZd.exe
  2⤵
  PID:2916
- C:\Windows\System\miXoLDa.exe
  C:\Windows\System\miXoLDa.exe
  2⤵
  PID:5632
- C:\Windows\System\anyIWMn.exe
  C:\Windows\System\anyIWMn.exe
  2⤵
  PID:2152
- C:\Windows\System\npnuyov.exe
  C:\Windows\System\npnuyov.exe
  2⤵
  PID:5744
- C:\Windows\System\lGgpkIN.exe
  C:\Windows\System\lGgpkIN.exe
  2⤵
  PID:2824
- C:\Windows\System\PooDsCo.exe
  C:\Windows\System\PooDsCo.exe
  2⤵
  PID:2160
- C:\Windows\System\TFniTym.exe
  C:\Windows\System\TFniTym.exe
  2⤵
  PID:5720
- C:\Windows\System\wXqJaHM.exe
  C:\Windows\System\wXqJaHM.exe
  2⤵
  PID:5828
- C:\Windows\System\retIcGz.exe
  C:\Windows\System\retIcGz.exe
  2⤵
  PID:5864
- C:\Windows\System\Zkwngqz.exe
  C:\Windows\System\Zkwngqz.exe
  2⤵
  PID:5928
- C:\Windows\System\VlqwGSc.exe
  C:\Windows\System\VlqwGSc.exe
  2⤵
  PID:5968
- C:\Windows\System\fOditOP.exe
  C:\Windows\System\fOditOP.exe
  2⤵
  PID:5912
- C:\Windows\System\qhEpXRA.exe
  C:\Windows\System\qhEpXRA.exe
  2⤵
  PID:5956
- C:\Windows\System\iFsYnmb.exe
  C:\Windows\System\iFsYnmb.exe
  2⤵
  PID:6028
- C:\Windows\System\THQXXCi.exe
  C:\Windows\System\THQXXCi.exe
  2⤵
  PID:6032
- C:\Windows\System\KUHToMj.exe
  C:\Windows\System\KUHToMj.exe
  2⤵
  PID:6100
- C:\Windows\System\zMZsMQj.exe
  C:\Windows\System\zMZsMQj.exe
  2⤵
  PID:6136
- C:\Windows\System\owMkVAX.exe
  C:\Windows\System\owMkVAX.exe
  2⤵
  PID:1732
- C:\Windows\System\MrzGhEO.exe
  C:\Windows\System\MrzGhEO.exe
  2⤵
  PID:6120
- C:\Windows\System\LSCtpfD.exe
  C:\Windows\System\LSCtpfD.exe
  2⤵
  PID:6084
- C:\Windows\System\MSLdjJK.exe
  C:\Windows\System\MSLdjJK.exe
  2⤵
  PID:4548
- C:\Windows\System\cssEBKk.exe
  C:\Windows\System\cssEBKk.exe
  2⤵
  PID:5176
- C:\Windows\System\tbkiFpl.exe
  C:\Windows\System\tbkiFpl.exe
  2⤵
  PID:5236
- C:\Windows\System\gOdqLWz.exe
  C:\Windows\System\gOdqLWz.exe
  2⤵
  PID:5324
- C:\Windows\System\OGSVvyj.exe
  C:\Windows\System\OGSVvyj.exe
  2⤵
  PID:5368
- C:\Windows\System\oacrFiG.exe
  C:\Windows\System\oacrFiG.exe
  2⤵
  PID:5260
- C:\Windows\System\vrhtFCp.exe
  C:\Windows\System\vrhtFCp.exe
  2⤵
  PID:5364
- C:\Windows\System\hObTGSb.exe
  C:\Windows\System\hObTGSb.exe
  2⤵
  PID:2084
- C:\Windows\System\mxdiEYc.exe
  C:\Windows\System\mxdiEYc.exe
  2⤵
  PID:5500
- C:\Windows\System\PIcyIHz.exe
  C:\Windows\System\PIcyIHz.exe
  2⤵
  PID:3308
- C:\Windows\System\LlTxVJS.exe
  C:\Windows\System\LlTxVJS.exe
  2⤵
  PID:5544
- C:\Windows\System\HjQkNAa.exe
  C:\Windows\System\HjQkNAa.exe
  2⤵
  PID:2956
- C:\Windows\System\dHvIzgr.exe
  C:\Windows\System\dHvIzgr.exe
  2⤵
  PID:5548
- C:\Windows\System\ZmZDBWG.exe
  C:\Windows\System\ZmZDBWG.exe
  2⤵
  PID:5600
- C:\Windows\System\pcDowGl.exe
  C:\Windows\System\pcDowGl.exe
  2⤵
  PID:2532
- C:\Windows\System\RufDovp.exe
  C:\Windows\System\RufDovp.exe
  2⤵
  PID:1544
- C:\Windows\System\DQZvwxS.exe
  C:\Windows\System\DQZvwxS.exe
  2⤵
  PID:2548
- C:\Windows\System\yykXGmK.exe
  C:\Windows\System\yykXGmK.exe
  2⤵
  PID:5588
- C:\Windows\System\DZfZuUV.exe
  C:\Windows\System\DZfZuUV.exe
  2⤵
  PID:5652
- C:\Windows\System\IlvgMsF.exe
  C:\Windows\System\IlvgMsF.exe
  2⤵
  PID:5708
- C:\Windows\System\gTXYqqp.exe
  C:\Windows\System\gTXYqqp.exe
  2⤵
  PID:5688
- C:\Windows\System\XRfWqfP.exe
  C:\Windows\System\XRfWqfP.exe
  2⤵
  PID:5796
- C:\Windows\System\OzCsBUe.exe
  C:\Windows\System\OzCsBUe.exe
  2⤵
  PID:5860
- C:\Windows\System\quDlKAs.exe
  C:\Windows\System\quDlKAs.exe
  2⤵
  PID:5844
- C:\Windows\System\lGRySiC.exe
  C:\Windows\System\lGRySiC.exe
  2⤵
  PID:5916
- C:\Windows\System\FRkcjip.exe
  C:\Windows\System\FRkcjip.exe
  2⤵
  PID:6068
- C:\Windows\System\QrdncwQ.exe
  C:\Windows\System\QrdncwQ.exe
  2⤵
  PID:2848
- C:\Windows\System\EWvJIYm.exe
  C:\Windows\System\EWvJIYm.exe
  2⤵
  PID:6008
- C:\Windows\System\PXjyTrJ.exe
  C:\Windows\System\PXjyTrJ.exe
  2⤵
  PID:4284
- C:\Windows\System\eyGTNSr.exe
  C:\Windows\System\eyGTNSr.exe
  2⤵
  PID:4312
- C:\Windows\System\iOCRAqK.exe
  C:\Windows\System\iOCRAqK.exe
  2⤵
  PID:1604
- C:\Windows\System\RhnitlB.exe
  C:\Windows\System\RhnitlB.exe
  2⤵
  PID:5328
- C:\Windows\System\FfIMEec.exe
  C:\Windows\System\FfIMEec.exe
  2⤵
  PID:5340
- C:\Windows\System\WpmvAnw.exe
  C:\Windows\System\WpmvAnw.exe
  2⤵
  PID:5444
- C:\Windows\System\ztjxMaf.exe
  C:\Windows\System\ztjxMaf.exe
  2⤵
  PID:5528
- C:\Windows\System\wzpITjX.exe
  C:\Windows\System\wzpITjX.exe
  2⤵
  PID:2620
- C:\Windows\System\QUYZwyR.exe
  C:\Windows\System\QUYZwyR.exe
  2⤵
  PID:5564
- C:\Windows\System\cKjzcvV.exe
  C:\Windows\System\cKjzcvV.exe
  2⤵
  PID:2328
- C:\Windows\System\WHCkojT.exe
  C:\Windows\System\WHCkojT.exe
  2⤵
  PID:5740
- C:\Windows\System\KoMSDfH.exe
  C:\Windows\System\KoMSDfH.exe
  2⤵
  PID:5788
- C:\Windows\System\uEjLNMI.exe
  C:\Windows\System\uEjLNMI.exe
  2⤵
  PID:2988
- C:\Windows\System\bHndknM.exe
  C:\Windows\System\bHndknM.exe
  2⤵
  PID:2864
- C:\Windows\System\OtfcXtD.exe
  C:\Windows\System\OtfcXtD.exe
  2⤵
  PID:2004
- C:\Windows\System\tCPYQfe.exe
  C:\Windows\System\tCPYQfe.exe
  2⤵
  PID:2976
- C:\Windows\System\RrKANGF.exe
  C:\Windows\System\RrKANGF.exe
  2⤵
  PID:5136
- C:\Windows\System\SAWZdqe.exe
  C:\Windows\System\SAWZdqe.exe
  2⤵
  PID:1096
- C:\Windows\System\srNSBwx.exe
  C:\Windows\System\srNSBwx.exe
  2⤵
  PID:5144
- C:\Windows\System\nLJUkts.exe
  C:\Windows\System\nLJUkts.exe
  2⤵
  PID:5468
- C:\Windows\System\iqVtqYK.exe
  C:\Windows\System\iqVtqYK.exe
  2⤵
  PID:5408
- C:\Windows\System\rneRZXK.exe
  C:\Windows\System\rneRZXK.exe
  2⤵
  PID:1924
- C:\Windows\System\bOusCdQ.exe
  C:\Windows\System\bOusCdQ.exe
  2⤵
  PID:2564
- C:\Windows\System\pJPKQru.exe
  C:\Windows\System\pJPKQru.exe
  2⤵
  PID:5644
- C:\Windows\System\GowveOG.exe
  C:\Windows\System\GowveOG.exe
  2⤵
  PID:5780
- C:\Windows\System\NHEJFrC.exe
  C:\Windows\System\NHEJFrC.exe
  2⤵
  PID:840
- C:\Windows\System\wvsTdxe.exe
  C:\Windows\System\wvsTdxe.exe
  2⤵
  PID:5980
- C:\Windows\System\KiktIZJ.exe
  C:\Windows\System\KiktIZJ.exe
  2⤵
  PID:5972
- C:\Windows\System\JOvzpwz.exe
  C:\Windows\System\JOvzpwz.exe
  2⤵
  PID:5384
- C:\Windows\System\ASFOsac.exe
  C:\Windows\System\ASFOsac.exe
  2⤵
  PID:5400
- C:\Windows\System\bdZKsvu.exe
  C:\Windows\System\bdZKsvu.exe
  2⤵
  PID:5616
- C:\Windows\System\trLUrHz.exe
  C:\Windows\System\trLUrHz.exe
  2⤵
  PID:5812
- C:\Windows\System\Gswmjya.exe
  C:\Windows\System\Gswmjya.exe
  2⤵
  PID:5800
- C:\Windows\System\NvtWReV.exe
  C:\Windows\System\NvtWReV.exe
  2⤵
  PID:2172
- C:\Windows\System\mEQTtpG.exe
  C:\Windows\System\mEQTtpG.exe
  2⤵
  PID:4384
- C:\Windows\System\ZRiQcrv.exe
  C:\Windows\System\ZRiQcrv.exe
  2⤵
  PID:5344
- C:\Windows\System\ZGadxTO.exe
  C:\Windows\System\ZGadxTO.exe
  2⤵
  PID:6148
- C:\Windows\System\InXuKPs.exe
  C:\Windows\System\InXuKPs.exe
  2⤵
  PID:6176
- C:\Windows\System\bZfmDMC.exe
  C:\Windows\System\bZfmDMC.exe
  2⤵
  PID:6192
- C:\Windows\System\QgKnQoM.exe
  C:\Windows\System\QgKnQoM.exe
  2⤵
  PID:6216
- C:\Windows\System\qHnOBuA.exe
  C:\Windows\System\qHnOBuA.exe
  2⤵
  PID:6232
- C:\Windows\System\EkmRHNO.exe
  C:\Windows\System\EkmRHNO.exe
  2⤵
  PID:6248
- C:\Windows\System\QAmXKWy.exe
  C:\Windows\System\QAmXKWy.exe
  2⤵
  PID:6276
- C:\Windows\System\uPJEgqp.exe
  C:\Windows\System\uPJEgqp.exe
  2⤵
  PID:6296
- C:\Windows\System\dpceyQb.exe
  C:\Windows\System\dpceyQb.exe
  2⤵
  PID:6312
- C:\Windows\System\EMBwptJ.exe
  C:\Windows\System\EMBwptJ.exe
  2⤵
  PID:6332
- C:\Windows\System\KdFyODb.exe
  C:\Windows\System\KdFyODb.exe
  2⤵
  PID:6368
- C:\Windows\System\ZXEWAaA.exe
  C:\Windows\System\ZXEWAaA.exe
  2⤵
  PID:6384
- C:\Windows\System\cwUQKCP.exe
  C:\Windows\System\cwUQKCP.exe
  2⤵
  PID:6400
- C:\Windows\System\ZomcFya.exe
  C:\Windows\System\ZomcFya.exe
  2⤵
  PID:6416
- C:\Windows\System\eCsiTZy.exe
  C:\Windows\System\eCsiTZy.exe
  2⤵
  PID:6432
- C:\Windows\System\mYgBQhS.exe
  C:\Windows\System\mYgBQhS.exe
  2⤵
  PID:6448
- C:\Windows\System\ehrJNbO.exe
  C:\Windows\System\ehrJNbO.exe
  2⤵
  PID:6468
- C:\Windows\System\URGBNoh.exe
  C:\Windows\System\URGBNoh.exe
  2⤵
  PID:6488
- C:\Windows\System\hPUdElB.exe
  C:\Windows\System\hPUdElB.exe
  2⤵
  PID:6504
- C:\Windows\System\sUtbjHl.exe
  C:\Windows\System\sUtbjHl.exe
  2⤵
  PID:6520
- C:\Windows\System\bcoywRS.exe
  C:\Windows\System\bcoywRS.exe
  2⤵
  PID:6536
- C:\Windows\System\JNsZaWM.exe
  C:\Windows\System\JNsZaWM.exe
  2⤵
  PID:6556
- C:\Windows\System\zQEfroE.exe
  C:\Windows\System\zQEfroE.exe
  2⤵
  PID:6576
- C:\Windows\System\riaCYWk.exe
  C:\Windows\System\riaCYWk.exe
  2⤵
  PID:6596
- C:\Windows\System\FyWHRgV.exe
  C:\Windows\System\FyWHRgV.exe
  2⤵
  PID:6612
- C:\Windows\System\DHnkJax.exe
  C:\Windows\System\DHnkJax.exe
  2⤵
  PID:6632
- C:\Windows\System\QUJSHtE.exe
  C:\Windows\System\QUJSHtE.exe
  2⤵
  PID:6652
- C:\Windows\System\sRDXBVk.exe
  C:\Windows\System\sRDXBVk.exe
  2⤵
  PID:6672
- C:\Windows\System\fnTdVyF.exe
  C:\Windows\System\fnTdVyF.exe
  2⤵
  PID:6736
- C:\Windows\System\MsVVGgm.exe
  C:\Windows\System\MsVVGgm.exe
  2⤵
  PID:6752
- C:\Windows\System\cihUIFW.exe
  C:\Windows\System\cihUIFW.exe
  2⤵
  PID:6768
- C:\Windows\System\PLdBuxJ.exe
  C:\Windows\System\PLdBuxJ.exe
  2⤵
  PID:6784
- C:\Windows\System\BYYeBSp.exe
  C:\Windows\System\BYYeBSp.exe
  2⤵
  PID:6800
- C:\Windows\System\QhNaIRd.exe
  C:\Windows\System\QhNaIRd.exe
  2⤵
  PID:6816
- C:\Windows\System\DAnHhfW.exe
  C:\Windows\System\DAnHhfW.exe
  2⤵
  PID:6832
- C:\Windows\System\DiAnpNv.exe
  C:\Windows\System\DiAnpNv.exe
  2⤵
  PID:6852
- C:\Windows\System\TvXpzeV.exe
  C:\Windows\System\TvXpzeV.exe
  2⤵
  PID:6868
- C:\Windows\System\bFaFRAY.exe
  C:\Windows\System\bFaFRAY.exe
  2⤵
  PID:6892
- C:\Windows\System\pwWGIsl.exe
  C:\Windows\System\pwWGIsl.exe
  2⤵
  PID:6928
- C:\Windows\System\xWvdwRf.exe
  C:\Windows\System\xWvdwRf.exe
  2⤵
  PID:6944
- C:\Windows\System\aLcLknf.exe
  C:\Windows\System\aLcLknf.exe
  2⤵
  PID:6960
- C:\Windows\System\nxCNUdp.exe
  C:\Windows\System\nxCNUdp.exe
  2⤵
  PID:6976
- C:\Windows\System\BooxFjI.exe
  C:\Windows\System\BooxFjI.exe
  2⤵
  PID:6992
- C:\Windows\System\xqIeZis.exe
  C:\Windows\System\xqIeZis.exe
  2⤵
  PID:7008
- C:\Windows\System\hYisztu.exe
  C:\Windows\System\hYisztu.exe
  2⤵
  PID:7036
- C:\Windows\System\vBxhrpq.exe
  C:\Windows\System\vBxhrpq.exe
  2⤵
  PID:7052
- C:\Windows\System\QmsiMGl.exe
  C:\Windows\System\QmsiMGl.exe
  2⤵
  PID:7076
- C:\Windows\System\EYcuAPR.exe
  C:\Windows\System\EYcuAPR.exe
  2⤵
  PID:7092
- C:\Windows\System\QNcVuhI.exe
  C:\Windows\System\QNcVuhI.exe
  2⤵
  PID:7108
- C:\Windows\System\uxIcqGj.exe
  C:\Windows\System\uxIcqGj.exe
  2⤵
  PID:7124
- C:\Windows\System\khXekwV.exe
  C:\Windows\System\khXekwV.exe
  2⤵
  PID:7140
- C:\Windows\System\EfPYnpp.exe
  C:\Windows\System\EfPYnpp.exe
  2⤵
  PID:7156
- C:\Windows\System\wjSsQIW.exe
  C:\Windows\System\wjSsQIW.exe
  2⤵
  PID:1776
- C:\Windows\System\yIDipMs.exe
  C:\Windows\System\yIDipMs.exe
  2⤵
  PID:5884
- C:\Windows\System\vkyGlzc.exe
  C:\Windows\System\vkyGlzc.exe
  2⤵
  PID:1852
- C:\Windows\System\pIowVFr.exe
  C:\Windows\System\pIowVFr.exe
  2⤵
  PID:6184
- C:\Windows\System\eGXACvB.exe
  C:\Windows\System\eGXACvB.exe
  2⤵
  PID:6224
- C:\Windows\System\hGBgakQ.exe
  C:\Windows\System\hGBgakQ.exe
  2⤵
  PID:6164
- C:\Windows\System\nRtwUAa.exe
  C:\Windows\System\nRtwUAa.exe
  2⤵
  PID:6320
- C:\Windows\System\aHmqHMF.exe
  C:\Windows\System\aHmqHMF.exe
  2⤵
  PID:6396
- C:\Windows\System\cAzKPLH.exe
  C:\Windows\System\cAzKPLH.exe
  2⤵
  PID:6456
- C:\Windows\System\fJbDUsM.exe
  C:\Windows\System\fJbDUsM.exe
  2⤵
  PID:6500
- C:\Windows\System\fuVNRrN.exe
  C:\Windows\System\fuVNRrN.exe
  2⤵
  PID:6572
- C:\Windows\System\bOQnWgP.exe
  C:\Windows\System\bOQnWgP.exe
  2⤵
  PID:6608
- C:\Windows\System\bgWlRul.exe
  C:\Windows\System\bgWlRul.exe
  2⤵
  PID:6648
- C:\Windows\System\OrOmQlG.exe
  C:\Windows\System\OrOmQlG.exe
  2⤵
  PID:5140
- C:\Windows\System\OaXuvTv.exe
  C:\Windows\System\OaXuvTv.exe
  2⤵
  PID:6592
- C:\Windows\System\eyGpnJQ.exe
  C:\Windows\System\eyGpnJQ.exe
  2⤵
  PID:6376
- C:\Windows\System\MwMVgVH.exe
  C:\Windows\System\MwMVgVH.exe
  2⤵
  PID:6728
- C:\Windows\System\ttapXtS.exe
  C:\Windows\System\ttapXtS.exe
  2⤵
  PID:6480
- C:\Windows\System\sUXOoZM.exe
  C:\Windows\System\sUXOoZM.exe
  2⤵
  PID:6584
- C:\Windows\System\nHFFYhP.exe
  C:\Windows\System\nHFFYhP.exe
  2⤵
  PID:6732
- C:\Windows\System\cLwWyPf.exe
  C:\Windows\System\cLwWyPf.exe
  2⤵
  PID:6796
- C:\Windows\System\IpBnuuN.exe
  C:\Windows\System\IpBnuuN.exe
  2⤵
  PID:6864
- C:\Windows\System\FXRHhBw.exe
  C:\Windows\System\FXRHhBw.exe
  2⤵
  PID:6808
- C:\Windows\System\yztRcTf.exe
  C:\Windows\System\yztRcTf.exe
  2⤵
  PID:6956
- C:\Windows\System\JVIVDvp.exe
  C:\Windows\System\JVIVDvp.exe
  2⤵
  PID:7028
- C:\Windows\System\LfYXHdt.exe
  C:\Windows\System\LfYXHdt.exe
  2⤵
  PID:7064
- C:\Windows\System\OgxcWHF.exe
  C:\Windows\System\OgxcWHF.exe
  2⤵
  PID:6936
- C:\Windows\System\jMiqxHm.exe
  C:\Windows\System\jMiqxHm.exe
  2⤵
  PID:7048
- C:\Windows\System\npXmwuJ.exe
  C:\Windows\System\npXmwuJ.exe
  2⤵
  PID:6876
- C:\Windows\System\oEbMxEW.exe
  C:\Windows\System\oEbMxEW.exe
  2⤵
  PID:7104
- C:\Windows\System\kIZYFSE.exe
  C:\Windows\System\kIZYFSE.exe
  2⤵
  PID:7136
- C:\Windows\System\aoQAGgj.exe
  C:\Windows\System\aoQAGgj.exe
  2⤵
  PID:7148
- C:\Windows\System\oFYJSGN.exe
  C:\Windows\System\oFYJSGN.exe
  2⤵
  PID:5672
- C:\Windows\System\ovjrVtz.exe
  C:\Windows\System\ovjrVtz.exe
  2⤵
  PID:4584
- C:\Windows\System\XutUtaY.exe
  C:\Windows\System\XutUtaY.exe
  2⤵
  PID:6340
- C:\Windows\System\UtUDMgQ.exe
  C:\Windows\System\UtUDMgQ.exe
  2⤵
  PID:6240
- C:\Windows\System\mhBgvPr.exe
  C:\Windows\System\mhBgvPr.exe
  2⤵
  PID:6212
- C:\Windows\System\jepWznf.exe
  C:\Windows\System\jepWznf.exe
  2⤵
  PID:6496
- C:\Windows\System\BDwEEOs.exe
  C:\Windows\System\BDwEEOs.exe
  2⤵
  PID:6428
- C:\Windows\System\zVydzLO.exe
  C:\Windows\System\zVydzLO.exe
  2⤵
  PID:6568
- C:\Windows\System\SSVprUH.exe
  C:\Windows\System\SSVprUH.exe
  2⤵
  PID:6392
- C:\Windows\System\LwbBzrc.exe
  C:\Windows\System\LwbBzrc.exe
  2⤵
  PID:6716
- C:\Windows\System\cqcBVnX.exe
  C:\Windows\System\cqcBVnX.exe
  2⤵
  PID:6692
- C:\Windows\System\BbizGOY.exe
  C:\Windows\System\BbizGOY.exe
  2⤵
  PID:6512
- C:\Windows\System\tbpKhWS.exe
  C:\Windows\System\tbpKhWS.exe
  2⤵
  PID:6552
- C:\Windows\System\ExrXshL.exe
  C:\Windows\System\ExrXshL.exe
  2⤵
  PID:6912
- C:\Windows\System\cykMRIN.exe
  C:\Windows\System\cykMRIN.exe
  2⤵
  PID:6924
- C:\Windows\System\gSGckQu.exe
  C:\Windows\System\gSGckQu.exe
  2⤵
  PID:6780
- C:\Windows\System\ZZZyafr.exe
  C:\Windows\System\ZZZyafr.exe
  2⤵
  PID:6748
- C:\Windows\System\OPCTQOB.exe
  C:\Windows\System\OPCTQOB.exe
  2⤵
  PID:7132
- C:\Windows\System\GZLWwIA.exe
  C:\Windows\System\GZLWwIA.exe
  2⤵
  PID:5880
- C:\Windows\System\xyQLTrv.exe
  C:\Windows\System\xyQLTrv.exe
  2⤵
  PID:7060
- C:\Windows\System\tcEqGXC.exe
  C:\Windows\System\tcEqGXC.exe
  2⤵
  PID:7072
- C:\Windows\System\mrobdQP.exe
  C:\Windows\System\mrobdQP.exe
  2⤵
  PID:6172
- C:\Windows\System\tljampp.exe
  C:\Windows\System\tljampp.exe
  2⤵
  PID:6464
- C:\Windows\System\AvPubIl.exe
  C:\Windows\System\AvPubIl.exe
  2⤵
  PID:6640
- C:\Windows\System\opJdRqx.exe
  C:\Windows\System\opJdRqx.exe
  2⤵
  PID:2948
- C:\Windows\System\kzHEzdh.exe
  C:\Windows\System\kzHEzdh.exe
  2⤵
  PID:6544
- C:\Windows\System\baefJDL.exe
  C:\Windows\System\baefJDL.exe
  2⤵
  PID:6708
- C:\Windows\System\KjJKrlJ.exe
  C:\Windows\System\KjJKrlJ.exe
  2⤵
  PID:6548
- C:\Windows\System\zdJskJF.exe
  C:\Windows\System\zdJskJF.exe
  2⤵
  PID:6812
- C:\Windows\System\HwRXUPJ.exe
  C:\Windows\System\HwRXUPJ.exe
  2⤵
  PID:6284
- C:\Windows\System\tqGugXy.exe
  C:\Windows\System\tqGugXy.exe
  2⤵
  PID:5264
- C:\Windows\System\aRzPndx.exe
  C:\Windows\System\aRzPndx.exe
  2⤵
  PID:6776
- C:\Windows\System\dVBNrJE.exe
  C:\Windows\System\dVBNrJE.exe
  2⤵
  PID:6720
- C:\Windows\System\cjDpHhG.exe
  C:\Windows\System\cjDpHhG.exe
  2⤵
  PID:6264
- C:\Windows\System\kWLziCN.exe
  C:\Windows\System\kWLziCN.exe
  2⤵
  PID:6532
- C:\Windows\System\dLCGlxE.exe
  C:\Windows\System\dLCGlxE.exe
  2⤵
  PID:6704
- C:\Windows\System\nnUDFhr.exe
  C:\Windows\System\nnUDFhr.exe
  2⤵
  PID:6688
- C:\Windows\System\dPxUsNc.exe
  C:\Windows\System\dPxUsNc.exe
  2⤵
  PID:7024
- C:\Windows\System\wzyhiZh.exe
  C:\Windows\System\wzyhiZh.exe
  2⤵
  PID:6208
- C:\Windows\System\yGxdrUs.exe
  C:\Windows\System\yGxdrUs.exe
  2⤵
  PID:6352
- C:\Windows\System\ULeWwqN.exe
  C:\Windows\System\ULeWwqN.exe
  2⤵
  PID:5684
- C:\Windows\System\ygXvaLe.exe
  C:\Windows\System\ygXvaLe.exe
  2⤵
  PID:7004
- C:\Windows\System\bgFkOUB.exe
  C:\Windows\System\bgFkOUB.exe
  2⤵
  PID:7020
- C:\Windows\System\eSvgTsK.exe
  C:\Windows\System\eSvgTsK.exe
  2⤵
  PID:6564
- C:\Windows\System\SVRPRsY.exe
  C:\Windows\System\SVRPRsY.exe
  2⤵
  PID:7152
- C:\Windows\System\jPQLiOZ.exe
  C:\Windows\System\jPQLiOZ.exe
  2⤵
  PID:6668
- C:\Windows\System\lptIGqs.exe
  C:\Windows\System\lptIGqs.exe
  2⤵
  PID:7204
- C:\Windows\System\aAqNdoJ.exe
  C:\Windows\System\aAqNdoJ.exe
  2⤵
  PID:7224
- C:\Windows\System\eQQQQdf.exe
  C:\Windows\System\eQQQQdf.exe
  2⤵
  PID:7240
- C:\Windows\System\CIvFmAK.exe
  C:\Windows\System\CIvFmAK.exe
  2⤵
  PID:7256
- C:\Windows\System\LNvuvGA.exe
  C:\Windows\System\LNvuvGA.exe
  2⤵
  PID:7272
- C:\Windows\System\RkWNKxI.exe
  C:\Windows\System\RkWNKxI.exe
  2⤵
  PID:7292
- C:\Windows\System\ZvGwNPC.exe
  C:\Windows\System\ZvGwNPC.exe
  2⤵
  PID:7312
- C:\Windows\System\KxpnzRG.exe
  C:\Windows\System\KxpnzRG.exe
  2⤵
  PID:7328
- C:\Windows\System\FnikTfQ.exe
  C:\Windows\System\FnikTfQ.exe
  2⤵
  PID:7344
- C:\Windows\System\GMEaEGo.exe
  C:\Windows\System\GMEaEGo.exe
  2⤵
  PID:7384
- C:\Windows\System\BqTzHtp.exe
  C:\Windows\System\BqTzHtp.exe
  2⤵
  PID:7400
- C:\Windows\System\hldiRBM.exe
  C:\Windows\System\hldiRBM.exe
  2⤵
  PID:7420
- C:\Windows\System\wyZbDaK.exe
  C:\Windows\System\wyZbDaK.exe
  2⤵
  PID:7440
- C:\Windows\System\NyuXCIu.exe
  C:\Windows\System\NyuXCIu.exe
  2⤵
  PID:7456
- C:\Windows\System\oCdWKQo.exe
  C:\Windows\System\oCdWKQo.exe
  2⤵
  PID:7472
- C:\Windows\System\LasZBLJ.exe
  C:\Windows\System\LasZBLJ.exe
  2⤵
  PID:7488
- C:\Windows\System\DSJaRzy.exe
  C:\Windows\System\DSJaRzy.exe
  2⤵
  PID:7504
- C:\Windows\System\nsiWScT.exe
  C:\Windows\System\nsiWScT.exe
  2⤵
  PID:7524
- C:\Windows\System\YNcAttK.exe
  C:\Windows\System\YNcAttK.exe
  2⤵
  PID:7544
- C:\Windows\System\ggsdCtT.exe
  C:\Windows\System\ggsdCtT.exe
  2⤵
  PID:7564
- C:\Windows\System\Vgnlkmh.exe
  C:\Windows\System\Vgnlkmh.exe
  2⤵
  PID:7604
- C:\Windows\System\DSiWfOT.exe
  C:\Windows\System\DSiWfOT.exe
  2⤵
  PID:7624
- C:\Windows\System\PixnEWN.exe
  C:\Windows\System\PixnEWN.exe
  2⤵
  PID:7640
- C:\Windows\System\eAPMSSf.exe
  C:\Windows\System\eAPMSSf.exe
  2⤵
  PID:7660
- C:\Windows\System\ikDRIHn.exe
  C:\Windows\System\ikDRIHn.exe
  2⤵
  PID:7680
- C:\Windows\System\gYEJxPj.exe
  C:\Windows\System\gYEJxPj.exe
  2⤵
  PID:7700
- C:\Windows\System\TzsCWoO.exe
  C:\Windows\System\TzsCWoO.exe
  2⤵
  PID:7720
- C:\Windows\System\GXpVmBZ.exe
  C:\Windows\System\GXpVmBZ.exe
  2⤵
  PID:7736
- C:\Windows\System\rOWzare.exe
  C:\Windows\System\rOWzare.exe
  2⤵
  PID:7764
- C:\Windows\System\MKAAAzH.exe
  C:\Windows\System\MKAAAzH.exe
  2⤵
  PID:7780
- C:\Windows\System\KAcyAfX.exe
  C:\Windows\System\KAcyAfX.exe
  2⤵
  PID:7804
- C:\Windows\System\aBFgAOo.exe
  C:\Windows\System\aBFgAOo.exe
  2⤵
  PID:7820
- C:\Windows\System\tKHMrGr.exe
  C:\Windows\System\tKHMrGr.exe
  2⤵
  PID:7844
- C:\Windows\System\IywWHKd.exe
  C:\Windows\System\IywWHKd.exe
  2⤵
  PID:7868
- C:\Windows\System\eMEsrXC.exe
  C:\Windows\System\eMEsrXC.exe
  2⤵
  PID:7884
- C:\Windows\System\mHcNebf.exe
  C:\Windows\System\mHcNebf.exe
  2⤵
  PID:7904
- C:\Windows\System\qpnmhaZ.exe
  C:\Windows\System\qpnmhaZ.exe
  2⤵
  PID:7924
- C:\Windows\System\xlSxNxK.exe
  C:\Windows\System\xlSxNxK.exe
  2⤵
  PID:7940
- C:\Windows\System\ecQMmjB.exe
  C:\Windows\System\ecQMmjB.exe
  2⤵
  PID:7968
- C:\Windows\System\UyZJzmE.exe
  C:\Windows\System\UyZJzmE.exe
  2⤵
  PID:7984
- C:\Windows\System\RdDdZfl.exe
  C:\Windows\System\RdDdZfl.exe
  2⤵
  PID:8004
- C:\Windows\System\cbnPGMC.exe
  C:\Windows\System\cbnPGMC.exe
  2⤵
  PID:8024
- C:\Windows\System\VaJcImJ.exe
  C:\Windows\System\VaJcImJ.exe
  2⤵
  PID:8044
- C:\Windows\System\zsmqhof.exe
  C:\Windows\System\zsmqhof.exe
  2⤵
  PID:8060
- C:\Windows\System\gHVxxFe.exe
  C:\Windows\System\gHVxxFe.exe
  2⤵
  PID:8076
- C:\Windows\System\oMoStWV.exe
  C:\Windows\System\oMoStWV.exe
  2⤵
  PID:8092
- C:\Windows\System\GgDpGed.exe
  C:\Windows\System\GgDpGed.exe
  2⤵
  PID:8128
- C:\Windows\System\MDOwPLQ.exe
  C:\Windows\System\MDOwPLQ.exe
  2⤵
  PID:8148
- C:\Windows\System\uiqKfyO.exe
  C:\Windows\System\uiqKfyO.exe
  2⤵
  PID:8164
- C:\Windows\System\mWzknAr.exe
  C:\Windows\System\mWzknAr.exe
  2⤵
  PID:8180
- C:\Windows\System\kQjzurA.exe
  C:\Windows\System\kQjzurA.exe
  2⤵
  PID:7044
- C:\Windows\System\alswofD.exe
  C:\Windows\System\alswofD.exe
  2⤵
  PID:7088
- C:\Windows\System\nMAFzXv.exe
  C:\Windows\System\nMAFzXv.exe
  2⤵
  PID:6324
- C:\Windows\System\pNlLfRh.exe
  C:\Windows\System\pNlLfRh.exe
  2⤵
  PID:7220
- C:\Windows\System\sTPWjoF.exe
  C:\Windows\System\sTPWjoF.exe
  2⤵
  PID:7300
- C:\Windows\System\PTFZrPT.exe
  C:\Windows\System\PTFZrPT.exe
  2⤵
  PID:7216
- C:\Windows\System\qGNmfuZ.exe
  C:\Windows\System\qGNmfuZ.exe
  2⤵
  PID:7288
- C:\Windows\System\dibhXRu.exe
  C:\Windows\System\dibhXRu.exe
  2⤵
  PID:7380
- C:\Windows\System\TccMNyh.exe
  C:\Windows\System\TccMNyh.exe
  2⤵
  PID:7376
- C:\Windows\System\JFNGmyT.exe
  C:\Windows\System\JFNGmyT.exe
  2⤵
  PID:7452
- C:\Windows\System\FqVcQvi.exe
  C:\Windows\System\FqVcQvi.exe
  2⤵
  PID:7516
- C:\Windows\System\FPgVTNZ.exe
  C:\Windows\System\FPgVTNZ.exe
  2⤵
  PID:7416
- C:\Windows\System\ujYEPzu.exe
  C:\Windows\System\ujYEPzu.exe
  2⤵
  PID:7532
- C:\Windows\System\rTeexda.exe
  C:\Windows\System\rTeexda.exe
  2⤵
  PID:7572
- C:\Windows\System\ZCZiQGE.exe
  C:\Windows\System\ZCZiQGE.exe
  2⤵
  PID:7596
- C:\Windows\System\VuqpRlX.exe
  C:\Windows\System\VuqpRlX.exe
  2⤵
  PID:7612
- C:\Windows\System\ZFgJVgV.exe
  C:\Windows\System\ZFgJVgV.exe
  2⤵
  PID:7668
- C:\Windows\System\VhSXrzt.exe
  C:\Windows\System\VhSXrzt.exe
  2⤵
  PID:7688
- C:\Windows\System\Ayfvmxy.exe
  C:\Windows\System\Ayfvmxy.exe
  2⤵
  PID:7716
- C:\Windows\System\okJLPal.exe
  C:\Windows\System\okJLPal.exe
  2⤵
  PID:7756
- C:\Windows\System\BquKeTh.exe
  C:\Windows\System\BquKeTh.exe
  2⤵
  PID:7792
- C:\Windows\System\fmsAeht.exe
  C:\Windows\System\fmsAeht.exe
  2⤵
  PID:7832
- C:\Windows\System\qSSrwNs.exe
  C:\Windows\System\qSSrwNs.exe
  2⤵
  PID:7816
- C:\Windows\System\gtALVHf.exe
  C:\Windows\System\gtALVHf.exe
  2⤵
  PID:7864
- C:\Windows\System\frGOFNy.exe
  C:\Windows\System\frGOFNy.exe
  2⤵
  PID:7920
- C:\Windows\System\vhbAlsz.exe
  C:\Windows\System\vhbAlsz.exe
  2⤵
  PID:7960
- C:\Windows\System\ZwVoogE.exe
  C:\Windows\System\ZwVoogE.exe
  2⤵
  PID:8000
- C:\Windows\System\PiHCpaW.exe
  C:\Windows\System\PiHCpaW.exe
  2⤵
  PID:7980
- C:\Windows\System\hqspLDm.exe
  C:\Windows\System\hqspLDm.exe
  2⤵
  PID:8068
- C:\Windows\System\ZpJuSDC.exe
  C:\Windows\System\ZpJuSDC.exe
  2⤵
  PID:8052
- C:\Windows\System\DGCbvpw.exe
  C:\Windows\System\DGCbvpw.exe
  2⤵
  PID:8112
- C:\Windows\System\borFHJg.exe
  C:\Windows\System\borFHJg.exe
  2⤵
  PID:8188
- C:\Windows\System\KmUFNOI.exe
  C:\Windows\System\KmUFNOI.exe
  2⤵
  PID:6444
- C:\Windows\System\wmjROku.exe
  C:\Windows\System\wmjROku.exe
  2⤵
  PID:8172
- C:\Windows\System\Smznjxk.exe
  C:\Windows\System\Smznjxk.exe
  2⤵
  PID:7356
- C:\Windows\System\phjtBMm.exe
  C:\Windows\System\phjtBMm.exe
  2⤵
  PID:8176
- C:\Windows\System\xgPFTpz.exe
  C:\Windows\System\xgPFTpz.exe
  2⤵
  PID:7180
- C:\Windows\System\EPYPRzw.exe
  C:\Windows\System\EPYPRzw.exe
  2⤵
  PID:7308
- C:\Windows\System\ELBFWFS.exe
  C:\Windows\System\ELBFWFS.exe
  2⤵
  PID:7432
- C:\Windows\System\osiqcCh.exe
  C:\Windows\System\osiqcCh.exe
  2⤵
  PID:7500
- C:\Windows\System\bvKQhmv.exe
  C:\Windows\System\bvKQhmv.exe
  2⤵
  PID:7552
- C:\Windows\System\RrprDwL.exe
  C:\Windows\System\RrprDwL.exe
  2⤵
  PID:7584
- C:\Windows\System\oGYJwdO.exe
  C:\Windows\System\oGYJwdO.exe
  2⤵
  PID:7676
- C:\Windows\System\AuUIxgq.exe
  C:\Windows\System\AuUIxgq.exe
  2⤵
  PID:7560
- C:\Windows\System\QIxtxQH.exe
  C:\Windows\System\QIxtxQH.exe
  2⤵
  PID:7788
- C:\Windows\System\XJvfFKR.exe
  C:\Windows\System\XJvfFKR.exe
  2⤵
  PID:7812
- C:\Windows\System\AEvPYnm.exe
  C:\Windows\System\AEvPYnm.exe
  2⤵
  PID:7860
- C:\Windows\System\SKlebSP.exe
  C:\Windows\System\SKlebSP.exe
  2⤵
  PID:7952
- C:\Windows\System\VzpjnRu.exe
  C:\Windows\System\VzpjnRu.exe
  2⤵
  PID:7936
- C:\Windows\System\HVYBvds.exe
  C:\Windows\System\HVYBvds.exe
  2⤵
  PID:8036
- C:\Windows\System\JKeASSH.exe
  C:\Windows\System\JKeASSH.exe
  2⤵
  PID:8084
- C:\Windows\System\SJNxhvp.exe
  C:\Windows\System\SJNxhvp.exe
  2⤵
  PID:8108
- C:\Windows\System\XtLWBbw.exe
  C:\Windows\System\XtLWBbw.exe
  2⤵
  PID:8160
- C:\Windows\System\cZDlquF.exe
  C:\Windows\System\cZDlquF.exe
  2⤵
  PID:6308
- C:\Windows\System\OeFMAxZ.exe
  C:\Windows\System\OeFMAxZ.exe
  2⤵
  PID:7396
- C:\Windows\System\AUqhxqm.exe
  C:\Windows\System\AUqhxqm.exe
  2⤵
  PID:7636
- C:\Windows\System\wHMckzY.exe
  C:\Windows\System\wHMckzY.exe
  2⤵
  PID:7340
- C:\Windows\System\ynvLDsq.exe
  C:\Windows\System\ynvLDsq.exe
  2⤵
  PID:7580
- C:\Windows\System\AHmwXCD.exe
  C:\Windows\System\AHmwXCD.exe
  2⤵
  PID:7540
- C:\Windows\System\PnQpeot.exe
  C:\Windows\System\PnQpeot.exe
  2⤵
  PID:7656
- C:\Windows\System\OxLatHO.exe
  C:\Windows\System\OxLatHO.exe
  2⤵
  PID:7772
- C:\Windows\System\mOOOiwd.exe
  C:\Windows\System\mOOOiwd.exe
  2⤵
  PID:7192
- C:\Windows\System\NXsNVGK.exe
  C:\Windows\System\NXsNVGK.exe
  2⤵
  PID:7200
- C:\Windows\System\KYqVkEr.exe
  C:\Windows\System\KYqVkEr.exe
  2⤵
  PID:7840
- C:\Windows\System\CPBzyXl.exe
  C:\Windows\System\CPBzyXl.exe
  2⤵
  PID:8016
- C:\Windows\System\kkzSvkQ.exe
  C:\Windows\System\kkzSvkQ.exe
  2⤵
  PID:7268
- C:\Windows\System\FOsokLn.exe
  C:\Windows\System\FOsokLn.exe
  2⤵
  PID:7196
- C:\Windows\System\jimPseS.exe
  C:\Windows\System\jimPseS.exe
  2⤵
  PID:8144
- C:\Windows\System\ihUEUfL.exe
  C:\Windows\System\ihUEUfL.exe
  2⤵
  PID:7632
- C:\Windows\System\gwknDrH.exe
  C:\Windows\System\gwknDrH.exe
  2⤵
  PID:8120
- C:\Windows\System\QtJBHjD.exe
  C:\Windows\System\QtJBHjD.exe
  2⤵
  PID:7252
- C:\Windows\System\yKdWtlM.exe
  C:\Windows\System\yKdWtlM.exe
  2⤵
  PID:7900
- C:\Windows\System\YcavjFj.exe
  C:\Windows\System\YcavjFj.exe
  2⤵
  PID:7752
- C:\Windows\System\dVwIpQM.exe
  C:\Windows\System\dVwIpQM.exe
  2⤵
  PID:8100
- C:\Windows\System\yVpWfMS.exe
  C:\Windows\System\yVpWfMS.exe
  2⤵
  PID:7556
- C:\Windows\System\BDvRJSz.exe
  C:\Windows\System\BDvRJSz.exe
  2⤵
  PID:8208
- C:\Windows\System\GLRRbSF.exe
  C:\Windows\System\GLRRbSF.exe
  2⤵
  PID:8224
- C:\Windows\System\GPrVdKx.exe
  C:\Windows\System\GPrVdKx.exe
  2⤵
  PID:8256
- C:\Windows\System\ZJiXAtM.exe
  C:\Windows\System\ZJiXAtM.exe
  2⤵
  PID:8280
- C:\Windows\System\DUNLpwI.exe
  C:\Windows\System\DUNLpwI.exe
  2⤵
  PID:8296
- C:\Windows\System\sCcPmNh.exe
  C:\Windows\System\sCcPmNh.exe
  2⤵
  PID:8352
- C:\Windows\System\YAixvnU.exe
  C:\Windows\System\YAixvnU.exe
  2⤵
  PID:8368
- C:\Windows\System\kXOlOuN.exe
  C:\Windows\System\kXOlOuN.exe
  2⤵
  PID:8384
- C:\Windows\System\zpaJHGG.exe
  C:\Windows\System\zpaJHGG.exe
  2⤵
  PID:8400
- C:\Windows\System\raHXyzj.exe
  C:\Windows\System\raHXyzj.exe
  2⤵
  PID:8416
- C:\Windows\System\zXEaYsJ.exe
  C:\Windows\System\zXEaYsJ.exe
  2⤵
  PID:8440
- C:\Windows\System\PemhcjE.exe
  C:\Windows\System\PemhcjE.exe
  2⤵
  PID:8456
- C:\Windows\System\dunSGOb.exe
  C:\Windows\System\dunSGOb.exe
  2⤵
  PID:8476
- C:\Windows\System\AgFmTcJ.exe
  C:\Windows\System\AgFmTcJ.exe
  2⤵
  PID:8496
- C:\Windows\System\SrGtLUl.exe
  C:\Windows\System\SrGtLUl.exe
  2⤵
  PID:8512
- C:\Windows\System\EKRtNPf.exe
  C:\Windows\System\EKRtNPf.exe
  2⤵
  PID:8532
- C:\Windows\System\msONTcW.exe
  C:\Windows\System\msONTcW.exe
  2⤵
  PID:8552
- C:\Windows\System\XAMYKCg.exe
  C:\Windows\System\XAMYKCg.exe
  2⤵
  PID:8568
- C:\Windows\System\NEZVAmM.exe
  C:\Windows\System\NEZVAmM.exe
  2⤵
  PID:8596
- C:\Windows\System\YRUcsyO.exe
  C:\Windows\System\YRUcsyO.exe
  2⤵
  PID:8616
- C:\Windows\System\yIItElS.exe
  C:\Windows\System\yIItElS.exe
  2⤵
  PID:8632
- C:\Windows\System\wjAHxqk.exe
  C:\Windows\System\wjAHxqk.exe
  2⤵
  PID:8684
- C:\Windows\System\BPqNdQx.exe
  C:\Windows\System\BPqNdQx.exe
  2⤵
  PID:8708
- C:\Windows\System\hYsvXGh.exe
  C:\Windows\System\hYsvXGh.exe
  2⤵
  PID:8724
- C:\Windows\System\BSEiNyx.exe
  C:\Windows\System\BSEiNyx.exe
  2⤵
  PID:8748
- C:\Windows\System\EBnjhMY.exe
  C:\Windows\System\EBnjhMY.exe
  2⤵
  PID:8764
- C:\Windows\System\cqJAFXT.exe
  C:\Windows\System\cqJAFXT.exe
  2⤵
  PID:8780
- C:\Windows\System\WYcgHyk.exe
  C:\Windows\System\WYcgHyk.exe
  2⤵
  PID:8804
- C:\Windows\System\zAQkUmY.exe
  C:\Windows\System\zAQkUmY.exe
  2⤵
  PID:8824
- C:\Windows\System\qvIwxml.exe
  C:\Windows\System\qvIwxml.exe
  2⤵
  PID:8840
- C:\Windows\System\eCPZjHk.exe
  C:\Windows\System\eCPZjHk.exe
  2⤵
  PID:8856
- C:\Windows\System\YedpDlo.exe
  C:\Windows\System\YedpDlo.exe
  2⤵
  PID:8872
- C:\Windows\System\cJpTcdM.exe
  C:\Windows\System\cJpTcdM.exe
  2⤵
  PID:8888
- C:\Windows\System\WxTMNFb.exe
  C:\Windows\System\WxTMNFb.exe
  2⤵
  PID:8904
- C:\Windows\System\PVgfHcV.exe
  C:\Windows\System\PVgfHcV.exe
  2⤵
  PID:8920
- C:\Windows\System\GgdFMlX.exe
  C:\Windows\System\GgdFMlX.exe
  2⤵
  PID:8952
- C:\Windows\System\gWGiflO.exe
  C:\Windows\System\gWGiflO.exe
  2⤵
  PID:8968
- C:\Windows\System\nmjEpNl.exe
  C:\Windows\System\nmjEpNl.exe
  2⤵
  PID:8984
- C:\Windows\System\ABpsqCB.exe
  C:\Windows\System\ABpsqCB.exe
  2⤵
  PID:9000
- C:\Windows\System\ajmLkgP.exe
  C:\Windows\System\ajmLkgP.exe
  2⤵
  PID:9016
- C:\Windows\System\QYjQMis.exe
  C:\Windows\System\QYjQMis.exe
  2⤵
  PID:9036
- C:\Windows\System\lYTuTrO.exe
  C:\Windows\System\lYTuTrO.exe
  2⤵
  PID:9052
- C:\Windows\System\XEfitkR.exe
  C:\Windows\System\XEfitkR.exe
  2⤵
  PID:9068
- C:\Windows\System\sixeYng.exe
  C:\Windows\System\sixeYng.exe
  2⤵
  PID:9084
- C:\Windows\System\exRYlyT.exe
  C:\Windows\System\exRYlyT.exe
  2⤵
  PID:9112
- C:\Windows\System\PResYXT.exe
  C:\Windows\System\PResYXT.exe
  2⤵
  PID:9136
- C:\Windows\System\RQRIXYk.exe
  C:\Windows\System\RQRIXYk.exe
  2⤵
  PID:9196
- C:\Windows\System\XLAAUwd.exe
  C:\Windows\System\XLAAUwd.exe
  2⤵
  PID:9212
- C:\Windows\System\yMiPpGM.exe
  C:\Windows\System\yMiPpGM.exe
  2⤵
  PID:7880
- C:\Windows\System\CAwaMUd.exe
  C:\Windows\System\CAwaMUd.exe
  2⤵
  PID:7948
- C:\Windows\System\EpWBScI.exe
  C:\Windows\System\EpWBScI.exe
  2⤵
  PID:8200
- C:\Windows\System\Ivvrtdi.exe
  C:\Windows\System\Ivvrtdi.exe
  2⤵
  PID:8244
- C:\Windows\System\THxEufV.exe
  C:\Windows\System\THxEufV.exe
  2⤵
  PID:8240
- C:\Windows\System\XOSzjKP.exe
  C:\Windows\System\XOSzjKP.exe
  2⤵
  PID:8316
- C:\Windows\System\ISAENSl.exe
  C:\Windows\System\ISAENSl.exe
  2⤵
  PID:8336
- C:\Windows\System\yUNsvZw.exe
  C:\Windows\System\yUNsvZw.exe
  2⤵
  PID:8408
- C:\Windows\System\YclCsKf.exe
  C:\Windows\System\YclCsKf.exe
  2⤵
  PID:8484
- C:\Windows\System\tRLBniM.exe
  C:\Windows\System\tRLBniM.exe
  2⤵
  PID:8524
- C:\Windows\System\jZfijKl.exe
  C:\Windows\System\jZfijKl.exe
  2⤵
  PID:8604
- C:\Windows\System\TRHwOhC.exe
  C:\Windows\System\TRHwOhC.exe
  2⤵
  PID:8608
- C:\Windows\System\uavlfCl.exe
  C:\Windows\System\uavlfCl.exe
  2⤵
  PID:8436
- C:\Windows\System\cAjzdCq.exe
  C:\Windows\System\cAjzdCq.exe
  2⤵
  PID:8504
- C:\Windows\System\Smsdifd.exe
  C:\Windows\System\Smsdifd.exe
  2⤵
  PID:8576
- C:\Windows\System\ZfBsKTS.exe
  C:\Windows\System\ZfBsKTS.exe
  2⤵
  PID:8624
- C:\Windows\System\ZRngqvN.exe
  C:\Windows\System\ZRngqvN.exe
  2⤵
  PID:8664
- C:\Windows\System\aCwleMi.exe
  C:\Windows\System\aCwleMi.exe
  2⤵
  PID:8696
- C:\Windows\System\nzAZxhN.exe
  C:\Windows\System\nzAZxhN.exe
  2⤵
  PID:924
- C:\Windows\System\WmpGXZQ.exe
  C:\Windows\System\WmpGXZQ.exe
  2⤵
  PID:8740
- C:\Windows\System\YWcyCZe.exe
  C:\Windows\System\YWcyCZe.exe
  2⤵
  PID:8744
- C:\Windows\System\BTLuYQG.exe
  C:\Windows\System\BTLuYQG.exe
  2⤵
  PID:8832
- C:\Windows\System\vRlqumC.exe
  C:\Windows\System\vRlqumC.exe
  2⤵
  PID:8816
- C:\Windows\System\GYRheNK.exe
  C:\Windows\System\GYRheNK.exe
  2⤵
  PID:8776
- C:\Windows\System\bREuBCS.exe
  C:\Windows\System\bREuBCS.exe
  2⤵
  PID:8928
- C:\Windows\System\NVibBHR.exe
  C:\Windows\System\NVibBHR.exe
  2⤵
  PID:9008
- C:\Windows\System\ZgKJENo.exe
  C:\Windows\System\ZgKJENo.exe
  2⤵
  PID:8960
- C:\Windows\System\pJtvyKD.exe
  C:\Windows\System\pJtvyKD.exe
  2⤵
  PID:8992
- C:\Windows\System\QfxGkHR.exe
  C:\Windows\System\QfxGkHR.exe
  2⤵
  PID:9064
- C:\Windows\System\gZETNwy.exe
  C:\Windows\System\gZETNwy.exe
  2⤵
  PID:9128
- C:\Windows\System\CjbxdAW.exe
  C:\Windows\System\CjbxdAW.exe
  2⤵
  PID:9144
- C:\Windows\System\OJEAItF.exe
  C:\Windows\System\OJEAItF.exe
  2⤵
  PID:9156
- C:\Windows\System\WArGbbR.exe
  C:\Windows\System\WArGbbR.exe
  2⤵
  PID:9168
- C:\Windows\System\KEztsdq.exe
  C:\Windows\System\KEztsdq.exe
  2⤵
  PID:9204
- C:\Windows\System\MUZsGGr.exe
  C:\Windows\System\MUZsGGr.exe
  2⤵
  PID:8156
- C:\Windows\System\JmRLwck.exe
  C:\Windows\System\JmRLwck.exe
  2⤵
  PID:7696
- C:\Windows\System\bEVqSDP.exe
  C:\Windows\System\bEVqSDP.exe
  2⤵
  PID:8292
- C:\Windows\System\vEXKewq.exe
  C:\Windows\System\vEXKewq.exe
  2⤵
  PID:8312
- C:\Windows\System\LRMLiLP.exe
  C:\Windows\System\LRMLiLP.exe
  2⤵
  PID:8492
- C:\Windows\System\jOkrHMP.exe
  C:\Windows\System\jOkrHMP.exe
  2⤵
  PID:8468
- C:\Windows\System\daonYxb.exe
  C:\Windows\System\daonYxb.exe
  2⤵
  PID:8424
- C:\Windows\System\rMUoxrl.exe
  C:\Windows\System\rMUoxrl.exe
  2⤵
  PID:8560
- C:\Windows\System\vxGZiws.exe
  C:\Windows\System\vxGZiws.exe
  2⤵
  PID:8628
- C:\Windows\System\JvpOHTz.exe
  C:\Windows\System\JvpOHTz.exe
  2⤵
  PID:928
- C:\Windows\System\UsGPMla.exe
  C:\Windows\System\UsGPMla.exe
  2⤵
  PID:8656
- C:\Windows\System\nDxoiAp.exe
  C:\Windows\System\nDxoiAp.exe
  2⤵
  PID:1428
- C:\Windows\System\jCzKeSY.exe
  C:\Windows\System\jCzKeSY.exe
  2⤵
  PID:8900
- C:\Windows\System\LXbuPTg.exe
  C:\Windows\System\LXbuPTg.exe
  2⤵
  PID:8936
- C:\Windows\System\ZicaeGK.exe
  C:\Windows\System\ZicaeGK.exe
  2⤵
  PID:8980
- C:\Windows\System\lFuxgJT.exe
  C:\Windows\System\lFuxgJT.exe
  2⤵
  PID:8964
- C:\Windows\System\adlkCoC.exe
  C:\Windows\System\adlkCoC.exe
  2⤵
  PID:9152
- C:\Windows\System\yCtjCyR.exe
  C:\Windows\System\yCtjCyR.exe
  2⤵
  PID:9192
- C:\Windows\System\PHjoYhT.exe
  C:\Windows\System\PHjoYhT.exe
  2⤵
  PID:9032
- C:\Windows\System\DxIJXTt.exe
  C:\Windows\System\DxIJXTt.exe
  2⤵
  PID:9176
- C:\Windows\System\JfwnQYd.exe
  C:\Windows\System\JfwnQYd.exe
  2⤵
  PID:8448
- C:\Windows\System\Cporbhd.exe
  C:\Windows\System\Cporbhd.exe
  2⤵
  PID:8592
- C:\Windows\System\SJSLqsC.exe
  C:\Windows\System\SJSLqsC.exe
  2⤵
  PID:9024
- C:\Windows\System\DqkpnXI.exe
  C:\Windows\System\DqkpnXI.exe
  2⤵
  PID:8376
- C:\Windows\System\AfgQFMi.exe
  C:\Windows\System\AfgQFMi.exe
  2⤵
  PID:8612
- C:\Windows\System\ioCTICn.exe
  C:\Windows\System\ioCTICn.exe
  2⤵
  PID:8896
- C:\Windows\System\bSflFVJ.exe
  C:\Windows\System\bSflFVJ.exe
  2⤵
  PID:8652
- C:\Windows\System\ASNulMZ.exe
  C:\Windows\System\ASNulMZ.exe
  2⤵
  PID:8736
- C:\Windows\System\VbZsZUx.exe
  C:\Windows\System\VbZsZUx.exe
  2⤵
  PID:8672
- C:\Windows\System\FwlVPdh.exe
  C:\Windows\System\FwlVPdh.exe
  2⤵
  PID:8948
- C:\Windows\System\ycJFjND.exe
  C:\Windows\System\ycJFjND.exe
  2⤵
  PID:9108
- C:\Windows\System\jpLZpNl.exe
  C:\Windows\System\jpLZpNl.exe
  2⤵
  PID:8328
- C:\Windows\System\YciiHhh.exe
  C:\Windows\System\YciiHhh.exe
  2⤵
  PID:7512
- C:\Windows\System\TJMscxF.exe
  C:\Windows\System\TJMscxF.exe
  2⤵
  PID:8304
- C:\Windows\System\ctEjoQo.exe
  C:\Windows\System\ctEjoQo.exe
  2⤵
  PID:8360
- C:\Windows\System\GFLlYHs.exe
  C:\Windows\System\GFLlYHs.exe
  2⤵
  PID:9028
- C:\Windows\System\QFaUhkh.exe
  C:\Windows\System\QFaUhkh.exe
  2⤵
  PID:7932
- C:\Windows\System\WeYhZMY.exe
  C:\Windows\System\WeYhZMY.exe
  2⤵
  PID:9060
- C:\Windows\System\fgdBKzD.exe
  C:\Windows\System\fgdBKzD.exe
  2⤵
  PID:8916
- C:\Windows\System\Fnjmxuk.exe
  C:\Windows\System\Fnjmxuk.exe
  2⤵
  PID:8472
- C:\Windows\System\KOxKELM.exe
  C:\Windows\System\KOxKELM.exe
  2⤵
  PID:8432
- C:\Windows\System\ynuqjuU.exe
  C:\Windows\System\ynuqjuU.exe
  2⤵
  PID:8848
- C:\Windows\System\IispReL.exe
  C:\Windows\System\IispReL.exe
  2⤵
  PID:8232
- C:\Windows\System\zRkMQGP.exe
  C:\Windows\System\zRkMQGP.exe
  2⤵
  PID:9184
- C:\Windows\System\PCbijWe.exe
  C:\Windows\System\PCbijWe.exe
  2⤵
  PID:8272
- C:\Windows\System\nKQQKtR.exe
  C:\Windows\System\nKQQKtR.exe
  2⤵
  PID:9048
- C:\Windows\System\XYZOlNH.exe
  C:\Windows\System\XYZOlNH.exe
  2⤵
  PID:8396
- C:\Windows\System\oKNMIUk.exe
  C:\Windows\System\oKNMIUk.exe
  2⤵
  PID:8944
- C:\Windows\System\DTRHqCb.exe
  C:\Windows\System\DTRHqCb.exe
  2⤵
  PID:8796
- C:\Windows\System\AJChhxL.exe
  C:\Windows\System\AJChhxL.exe
  2⤵
  PID:9044
- C:\Windows\System\LErurEV.exe
  C:\Windows\System\LErurEV.exe
  2⤵
  PID:9236
- C:\Windows\System\lwmmWWh.exe
  C:\Windows\System\lwmmWWh.exe
  2⤵
  PID:9256
- C:\Windows\System\nIUGjmh.exe
  C:\Windows\System\nIUGjmh.exe
  2⤵
  PID:9276
- C:\Windows\System\MxQlPik.exe
  C:\Windows\System\MxQlPik.exe
  2⤵
  PID:9292
- C:\Windows\System\AnYHuDW.exe
  C:\Windows\System\AnYHuDW.exe
  2⤵
  PID:9308
- C:\Windows\System\XBKePMv.exe
  C:\Windows\System\XBKePMv.exe
  2⤵
  PID:9328
- C:\Windows\System\SVluIdD.exe
  C:\Windows\System\SVluIdD.exe
  2⤵
  PID:9352
- C:\Windows\System\IudbCAG.exe
  C:\Windows\System\IudbCAG.exe
  2⤵
  PID:9368
- C:\Windows\System\yonifLI.exe
  C:\Windows\System\yonifLI.exe
  2⤵
  PID:9396
- C:\Windows\System\STWVFbs.exe
  C:\Windows\System\STWVFbs.exe
  2⤵
  PID:9412
- C:\Windows\System\KJWYksk.exe
  C:\Windows\System\KJWYksk.exe
  2⤵
  PID:9436
- C:\Windows\System\jbDYPlf.exe
  C:\Windows\System\jbDYPlf.exe
  2⤵
  PID:9464
- C:\Windows\System\zfZvPBn.exe
  C:\Windows\System\zfZvPBn.exe
  2⤵
  PID:9484
- C:\Windows\System\ieHWMAb.exe
  C:\Windows\System\ieHWMAb.exe
  2⤵
  PID:9500
- C:\Windows\System\tbpBdts.exe
  C:\Windows\System\tbpBdts.exe
  2⤵
  PID:9520
- C:\Windows\System\nRnWKmN.exe
  C:\Windows\System\nRnWKmN.exe
  2⤵
  PID:9536
- C:\Windows\System\SpdccGJ.exe
  C:\Windows\System\SpdccGJ.exe
  2⤵
  PID:9552
- C:\Windows\System\quODQjV.exe
  C:\Windows\System\quODQjV.exe
  2⤵
  PID:9568
- C:\Windows\System\xmDZiTp.exe
  C:\Windows\System\xmDZiTp.exe
  2⤵
  PID:9604
- C:\Windows\System\gUvZBRH.exe
  C:\Windows\System\gUvZBRH.exe
  2⤵
  PID:9620
- C:\Windows\System\KfNDWTl.exe
  C:\Windows\System\KfNDWTl.exe
  2⤵
  PID:9676
- C:\Windows\System\HaPPsaK.exe
  C:\Windows\System\HaPPsaK.exe
  2⤵
  PID:9696
- C:\Windows\System\QomknEm.exe
  C:\Windows\System\QomknEm.exe
  2⤵
  PID:9724
- C:\Windows\System\xwXgtdA.exe
  C:\Windows\System\xwXgtdA.exe
  2⤵
  PID:9764
- C:\Windows\System\EovXVek.exe
  C:\Windows\System\EovXVek.exe
  2⤵
  PID:9780
- C:\Windows\System\nYOiwwb.exe
  C:\Windows\System\nYOiwwb.exe
  2⤵
  PID:9804
- C:\Windows\System\MxUiclJ.exe
  C:\Windows\System\MxUiclJ.exe
  2⤵
  PID:9820
- C:\Windows\System\svrQnAh.exe
  C:\Windows\System\svrQnAh.exe
  2⤵
  PID:9840
- C:\Windows\System\CBZbbPA.exe
  C:\Windows\System\CBZbbPA.exe
  2⤵
  PID:9856
- C:\Windows\System\NrQFhnW.exe
  C:\Windows\System\NrQFhnW.exe
  2⤵
  PID:9884
- C:\Windows\System\ThRidLR.exe
  C:\Windows\System\ThRidLR.exe
  2⤵
  PID:9900
- C:\Windows\System\aTqbzQS.exe
  C:\Windows\System\aTqbzQS.exe
  2⤵
  PID:9916
- C:\Windows\System\SXzSmrZ.exe
  C:\Windows\System\SXzSmrZ.exe
  2⤵
  PID:9932
- C:\Windows\System\qVwUuXS.exe
  C:\Windows\System\qVwUuXS.exe
  2⤵
  PID:9948
- C:\Windows\System\IDZsVKJ.exe
  C:\Windows\System\IDZsVKJ.exe
  2⤵
  PID:9964
- C:\Windows\System\ciTkubs.exe
  C:\Windows\System\ciTkubs.exe
  2⤵
  PID:9980
- C:\Windows\System\JAKZuDj.exe
  C:\Windows\System\JAKZuDj.exe
  2⤵
  PID:9996
- C:\Windows\System\OukYNQh.exe
  C:\Windows\System\OukYNQh.exe
  2⤵
  PID:10012
- C:\Windows\System\VCAvpXo.exe
  C:\Windows\System\VCAvpXo.exe
  2⤵
  PID:10048
- C:\Windows\System\ZIRLuFm.exe
  C:\Windows\System\ZIRLuFm.exe
  2⤵
  PID:10064
- C:\Windows\System\mrtiChq.exe
  C:\Windows\System\mrtiChq.exe
  2⤵
  PID:10080
- C:\Windows\System\sYOtrsU.exe
  C:\Windows\System\sYOtrsU.exe
  2⤵
  PID:10096
- C:\Windows\System\atziaQi.exe
  C:\Windows\System\atziaQi.exe
  2⤵
  PID:10120
- C:\Windows\System\gYCIykX.exe
  C:\Windows\System\gYCIykX.exe
  2⤵
  PID:10136
- C:\Windows\System\bFWlfPl.exe
  C:\Windows\System\bFWlfPl.exe
  2⤵
  PID:10152
- C:\Windows\System\ZcEwZmw.exe
  C:\Windows\System\ZcEwZmw.exe
  2⤵
  PID:10172
- C:\Windows\System\LQxDoJr.exe
  C:\Windows\System\LQxDoJr.exe
  2⤵
  PID:10192
- C:\Windows\System\nZHxuZM.exe
  C:\Windows\System\nZHxuZM.exe
  2⤵
  PID:10224
- C:\Windows\System\vHKYbfx.exe
  C:\Windows\System\vHKYbfx.exe
  2⤵
  PID:8544
- C:\Windows\System\XZvUaRG.exe
  C:\Windows\System\XZvUaRG.exe
  2⤵
  PID:9248
- C:\Windows\System\ELbHNit.exe
  C:\Windows\System\ELbHNit.exe
  2⤵
  PID:9272
- C:\Windows\System\IVgbhKE.exe
  C:\Windows\System\IVgbhKE.exe
  2⤵
  PID:9316
- C:\Windows\System\aHvizLq.exe
  C:\Windows\System\aHvizLq.exe
  2⤵
  PID:9300
- C:\Windows\System\lXAVZdV.exe
  C:\Windows\System\lXAVZdV.exe
  2⤵
  PID:9304
- C:\Windows\System\uTTTmlR.exe
  C:\Windows\System\uTTTmlR.exe
  2⤵
  PID:9384
- C:\Windows\System\GzwfqUR.exe
  C:\Windows\System\GzwfqUR.exe
  2⤵
  PID:9340
- C:\Windows\System\CCFJIYu.exe
  C:\Windows\System\CCFJIYu.exe
  2⤵
  PID:9444
- C:\Windows\System\QlhyADV.exe
  C:\Windows\System\QlhyADV.exe
  2⤵
  PID:9472
- C:\Windows\System\FELxVpu.exe
  C:\Windows\System\FELxVpu.exe
  2⤵
  PID:9508
- C:\Windows\System\MMSIWkJ.exe
  C:\Windows\System\MMSIWkJ.exe
  2⤵
  PID:9512
- C:\Windows\System\kOwXXek.exe
  C:\Windows\System\kOwXXek.exe
  2⤵
  PID:9576
- C:\Windows\System\JhHCZrh.exe
  C:\Windows\System\JhHCZrh.exe
  2⤵
  PID:9596
- C:\Windows\System\dTZGjmW.exe
  C:\Windows\System\dTZGjmW.exe
  2⤵
  PID:9636
- C:\Windows\System\SLUQthC.exe
  C:\Windows\System\SLUQthC.exe
  2⤵
  PID:9664
- C:\Windows\System\QDtvxWi.exe
  C:\Windows\System\QDtvxWi.exe
  2⤵
  PID:9652
- C:\Windows\System\HWEjRRl.exe
  C:\Windows\System\HWEjRRl.exe
  2⤵
  PID:9760
- C:\Windows\System\gFCpbem.exe
  C:\Windows\System\gFCpbem.exe
  2⤵
  PID:9832
- C:\Windows\System\XjCHNGA.exe
  C:\Windows\System\XjCHNGA.exe
  2⤵
  PID:9864
- C:\Windows\System\NXROuXC.exe
  C:\Windows\System\NXROuXC.exe
  2⤵
  PID:9880
- C:\Windows\System\jcxETkU.exe
  C:\Windows\System\jcxETkU.exe
  2⤵
  PID:9908
- C:\Windows\System\hCjDlel.exe
  C:\Windows\System\hCjDlel.exe
  2⤵
  PID:9672
- C:\Windows\System\bVuHiHo.exe
  C:\Windows\System\bVuHiHo.exe
  2⤵
  PID:9668
- C:\Windows\System\XhhROkh.exe
  C:\Windows\System\XhhROkh.exe
  2⤵
  PID:9976
- C:\Windows\System\PIvZsIE.exe
  C:\Windows\System\PIvZsIE.exe
  2⤵
  PID:9992
- C:\Windows\System\bOeazIN.exe
  C:\Windows\System\bOeazIN.exe
  2⤵
  PID:10060
- C:\Windows\System\mSlpabw.exe
  C:\Windows\System\mSlpabw.exe
  2⤵
  PID:10036
- C:\Windows\System\gzZfMnu.exe
  C:\Windows\System\gzZfMnu.exe
  2⤵
  PID:10040
- C:\Windows\System\SfQKnXA.exe
  C:\Windows\System\SfQKnXA.exe
  2⤵
  PID:10028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BUawoNF.exe

Filesize
6.0MB

MD5
1d4018dbf150a429d673031849d383e1

SHA1
52d9209780c400a6ce1d58c1b2f3d2fd61c36457

SHA256
0490f41039b12d8bf4b87ac845dd1452645d7ee3ce8b6710db7e5e3a70eba718

SHA512
6e0204f1abd2ecb02add3bcf4be271197a851b99f6d924d8a4c87dbe0422675b193f70904cef8db71f57fdf916c76405a2124053430206611fdeb9e5369fa0f3

Download Submit
C:\Windows\system\ErmSOKV.exe

Filesize
6.0MB

MD5
629a7ab0fc919804436eef0f4bb597ca

SHA1
d78355b5fa47c63af6a0dd0857006f062dc840c5

SHA256
8ed382835e10039043073a4026bdd8ff2f1fcb42a20523741b75f71779d212f3

SHA512
a3d371d450f07b96d4fe51e48709e452a934929053559f5f810712048e9d31502ccb43a5c3a0eef2c5859da3e4798419b28227aec61a00a5401be37bf2160fb1

Download Submit
C:\Windows\system\GiNEJtN.exe

Filesize
6.0MB

MD5
d14df26234e81fbae621c2c90e726ae2

SHA1
2d1ede859d3afcf8566fe599abb928738d21e04a

SHA256
a7b963cd0d22765aa30a9c306330d97360552eb385b60356ebc125c1ae8a6630

SHA512
d05e5ce878d9370bd1d6540eb723e0df6a045bc700b070fddccbeaebdc73ba89982bf4e4a871cfccd05c78fcdbb670cece1283125ad439ae9fb27ce83cb25703

Download Submit
C:\Windows\system\IcyFsTe.exe

Filesize
6.0MB

MD5
814a0eda1d3699a525566f7430776266

SHA1
37dab1ec1b4d7f1e87053edc5e61720d00933495

SHA256
30cac35e845662ca1c22beef73f5d2e4b6bfd62403035a06faece2e59920c0cb

SHA512
7bee0a44caadd74062a142ec4ad381b569a70ccfd248de4730d7ba674605438d4b9b6f21d42287fa1a0006b840aa1ee507975c029b9e83aba1aefada27d36027

Download Submit
C:\Windows\system\NIERgfM.exe

Filesize
6.0MB

MD5
834a04fbbad5f7ecfeff9b0621c543c4

SHA1
0a4aa42d8674941289c7ebd7b674df78259ffbf5

SHA256
73c7927612f468719395e83b7c9552ab41153e14ce1eedbb659e944e7a967574

SHA512
a9a33fd19d29cc496fc654390cb8784d6e6edecbf8dbdfa0673c9f7a3a21011a06450782383e7dc1b3e4ffca533e490829845ff89e0f705ff2755326ad1e5517

Download Submit
C:\Windows\system\OcqTdzA.exe

Filesize
6.0MB

MD5
b1aaf2df36a81b1e8de182582d8a42a7

SHA1
d89fc69ff9e20294a5d7f781d0dcc64aa6034567

SHA256
019906807b8f268d45619cc4c583a2291b7520b51dc58dc0feeb07703f13a96f

SHA512
53b5ebf3c97995c43190b69b36736e70d7fa470b1792f0a843d86e0aa7b510181fc3e3e76d945138c11ccf0995c4ef9c8851ee9c7b82091f0f8a83876e6e66ec

Download Submit
C:\Windows\system\OmHlmGN.exe

Filesize
6.0MB

MD5
84ebfaa8e2d87790efaa16e7addaa5ed

SHA1
85c12d01a67f2f1ae290e2d969ad4e74f9afd6ec

SHA256
523ced5b7188d17f8ee792026dafe0c59ccc7c3d8bcfdd56b4f3ac4111ab46e0

SHA512
75a06c8d521a5ae245d1f2c366375cdcb16cf7c0da66506ef4f53ede747a9bd2b42ef0b5a7b0db827663be9e2c9b4481496e253128f9e37feee8de58ad591484

Download Submit
C:\Windows\system\PoxXBqw.exe

Filesize
6.0MB

MD5
19d3dad23c41b843941445ac54d37ac8

SHA1
0d31a6c400157d7fb7954e11502009b8b83bc107

SHA256
4ac1bc9be1e7d0fcbfbe628871e7cf1383efe2c030b30fecc0bef0a9a67260fc

SHA512
9544fc8d20961ff57cfe56b34df454dd332cffd229627578935ff0a34bd371652f2592bfcbfb5432852249afe2c2bd761db4e8283b57ad127138761ebe468453

Download Submit
C:\Windows\system\QVNlsnJ.exe

Filesize
6.0MB

MD5
16d9509ad2c3731dd206247cda422d81

SHA1
b29196f6a7258d9c96d195c39bfe24549841dd9e

SHA256
3495a3ab15f0ddae2bbd3946d3878209cdc110e44d399d0cc0a63610d866178c

SHA512
46bada82332968718e2ca222fbc4e3bdbd14af51308b5ed90f0795cf8be1d81ab83c5b1a7ba5b841cd01886bfc0be95d2993ed2089f5cd750cdde23ce33e88a6

Download Submit
C:\Windows\system\QcEErOY.exe

Filesize
8B

MD5
31f85bccfb212d6e7a86ac624a0ba287

SHA1
3b693f779eda266a8cd692a006847d8aa98feeaf

SHA256
62d3e6d6d0aa2d548b160c8aca70327fe9def790e681d56faec8289920bf3f87

SHA512
55dc0616c5bd9def231c51ae85870fc099ee602549a22d99ab7cd11ae69d9f474b0e5fd9c5aba7ee458ca1c9ba16e1618254c1d6c166d8e8783fc9f63ce71a75

Download Submit
C:\Windows\system\QwcOQpY.exe

Filesize
6.0MB

MD5
4b7098699b495eb09cc39869f6f11718

SHA1
6189f825daf862f9d86a100c7b55f5f705fb3b6c

SHA256
109265f43cf97ff719534b6dcb190405b1ebe667d5a9b285465702801a55eb47

SHA512
4d34f19eb0b3245393e0c4a84db4c8ef000e1d19a54a4b0d9b43d96c9417735427c61a8e3b79cc7dbf1b2cf382745e931782fb9658b8c0d1a930735b82ecf5ee

Download Submit
C:\Windows\system\XHabeWG.exe

Filesize
6.0MB

MD5
cd11114eca01b36380843196c996a2f7

SHA1
99803aea7fb7d8b0768da5e9f0f8c015e9d48b99

SHA256
258671713de6e08ff5efb85efcff5d868e71b073152cc7e180f98a072b62ac4f

SHA512
63d06853e7be4553b1ab968f42434266560abd46f1466754d435b01876dd151c575c274f53942ff65364588024165adf22f8cde6b79450a421ced487d4bc9b1b

Download Submit
C:\Windows\system\YdvDZyZ.exe

Filesize
6.0MB

MD5
361ccc01490cbea8e2de3bc9d7366921

SHA1
c71a5cea7f45b7a7677f55c2f47eb1966e9f450d

SHA256
3860b018d0372d61a6539979c010cacc62348e7c88e79b4e536cb658b2cbd1fc

SHA512
9301bc4eb482b1010a2ba15773f1304d2fd872443caf3e09766798611a8ee062cf4b5e322468c8da70f8bb8723f3e91d55786481a90833edf5ed81376c034a2e

Download Submit
C:\Windows\system\dgONVMK.exe

Filesize
6.0MB

MD5
622d244d00cdd7d1348b9acb1371adc8

SHA1
183dda542dc1ceb0dadeb904e948beb8ff341557

SHA256
b93208954db638d545555e04068acdc788a8169597dd709a2966f6ae76429fdc

SHA512
4b348da8a80c006ecb849bc6f2f941bba46bfe69e856f9b7f8acf2d92a5cb5d95a3c6ee295ed3587267499457f229e65e9fc6f51650202eed03e850030fc7f23

Download Submit
C:\Windows\system\eewYTzS.exe

Filesize
6.0MB

MD5
93279c8726bb2428a5b80932c430aa11

SHA1
36d10d11800ead2c601000a2665b290ecdc20aa1

SHA256
e42b7872ef9049ad4336e17b9deff647e4d1c787917abfbb6768646c609a416f

SHA512
656ef5637c45ed663bdc51936b1d8920b37f11de120c4cd510a49674b2314bbd2d1cdcc2cf7114a9abadd48ad381918d64feac4f67989d0fc74245f02677d8f7

Download Submit
C:\Windows\system\gPLawyq.exe

Filesize
6.0MB

MD5
2e289ab318f8d65aa31e65fd3729edc6

SHA1
fbe1f88376d5fc207c84ac407408ec0673cbada8

SHA256
c52d2404a736742277bac738700aca72307edfbbaaa9fce7d3239e70b578d291

SHA512
902973cb5069d0417b9a51af459dc7d85cda2b89d1d412ba0fff64afe77fd880515be37f78781734593f5a288587668094bf57810b320b029e8b38ce1740ec79

Download Submit
C:\Windows\system\iSFKFIW.exe

Filesize
6.0MB

MD5
a2787da13ebfa2d6c67ae2f9c4e8f02a

SHA1
6d74fd3ea33e788b081ea6fbc60c26cde8c11f6e

SHA256
16bb9ae663ae72a5dc43be4c9791c3656a51c3c45b0d23ceffd1b25dc708a22c

SHA512
68e2920377a3a89b3e40c95346af8bf7edd6bb0a9dfd9a63d1e57e1b4a58bf6e677f19e8820c1bc40be640e00e88f0b0cb727c09ec58965b4abe8bd09f4e91e0

Download Submit
C:\Windows\system\kwfDqKB.exe

Filesize
6.0MB

MD5
8103a874f2c9a07c29f06d4de308eac7

SHA1
237813b197d8200fb4e4d592294aa439c2683ca3

SHA256
eda6a4242451139da3282b502fac9652e7c7961e7d0dc32f526f5226b333acdb

SHA512
5cb824da9b7904ab310370ac6cf8144da5a21ccd9f9ae8d1f2eeb3199308277ca28d6452c42eca560b94cdbab65c1cbbc6d3e7ed39fe36365ff203711a916681

Download Submit
C:\Windows\system\lYODnfG.exe

Filesize
6.0MB

MD5
84e3b156fdefff9663c3ab3bc7a452db

SHA1
0d752f266f2f16907918c36249d228d080909f20

SHA256
8d48155f6ed47ec85df7e4d366e73e0b39cccd49fcdb2bdc8ca10590e5ad8151

SHA512
b4e68087fd473a25d5109c8a364528c4ea1c6bd1464e3aee5c150b6722398e5ac87cc753a35ea3ecc1c413f32e06954460fd2df1c45425c9798fff4500c7a0de

Download Submit
C:\Windows\system\mLciseY.exe

Filesize
6.0MB

MD5
abef249f9fffc6f7787ef1c988362b0c

SHA1
1d3f5dbdc904ee0f3cb9f7bbe660670368df7b67

SHA256
667eae33aaec006d48c78149bcfa21c7ada49e33333ef865614adb4fcdc79a04

SHA512
bdc82552a27f70517dc7822ec3709a04dd3a1c4ebce0cbfc62deb15dff875f1a2e50561acdf316f807d9c6289651c7af6fce55815cc0a5a2637cf80ac2091a9d

Download Submit
C:\Windows\system\oDiyWZf.exe

Filesize
6.0MB

MD5
f42fb1e947a9aa4ecf8db2f9ae4ce486

SHA1
4703671069f9d7065546ede1f369391b7afaae57

SHA256
ec36017e10a6c8f1e7bdac6014a6aa012ea29c702b8bbb31281811c3b0cf4fc3

SHA512
7ea1179b754434a05d94d71318e286739dc9523f23d6bcd5b1b199acce9dcfcb32c8381c8dd1cfa7d739d035d3e9b937561fb9f9a8010285afdf8439eebe97cf

Download Submit
C:\Windows\system\saQjhxi.exe

Filesize
6.0MB

MD5
14494f6da98a5238061389bd3bcb4acb

SHA1
7e16f3424604e7771f4f8ee1d629405dcfd5c159

SHA256
128fc1b5f605ac34b0d2470db99191e977f5e066c010a8039d7488d75cc25310

SHA512
e8805111e767d3c2c431fb324b7c981603ed6e0eb51903bc692a29e0677981a1edd0062f49ef4fd36448b2ca4a41c8e2abf03622819f600ef8bbef666dcf3b0e

Download Submit
C:\Windows\system\taSYMXa.exe

Filesize
6.0MB

MD5
83dad8a02d67e110d11376047239d971

SHA1
fe95b33dbd9d9c5c021e630133fad56bf282f2bf

SHA256
e6cdfcd695d201a367396253b1623cb0b34149f3204dd5680167a43957f0eb4d

SHA512
db534a32e7ad74bd65b05547450fa7e03b90b317cee1e15dbe14f6cdbe8e3482823707faacce2452431c0cc15334653a3e0c86c1bddffe9f7dc65d502fc1a25b

Download Submit
C:\Windows\system\uJjsYwf.exe

Filesize
6.0MB

MD5
4b11e62561feca6ae35bcaa80b5fb7b1

SHA1
9db3dbb67fc88ffb8c5ab14d421b71c15a3a8f82

SHA256
587f5aaee75baf598a3066790096559b01ecdd05c3d075c790c19a2807f7643d

SHA512
777af295fdad1b1fa6ccca423cdab31564230756c41fdc2acb85e7016a215929efeb690481cd34bec38037e9c85642bd911a814a253bc02e8f72166f3723c59e

Download Submit
\Windows\system\Bkpgyqk.exe

Filesize
6.0MB

MD5
b01e7897d1e4cce4eef9073245bb8f84

SHA1
5f469752b0eecef4d4cc333703272824dc253e30

SHA256
0050999faa44c5a9625996acba3c40da3390a4c84c05659b3fe3142ccba75ae8

SHA512
24e8f3b9871a0c2fde12854bc7d947950b90716dbd896fb4e8df83a030d0e4da174150ae9999e096897aa60f6d013851fc8b3d3111d1e43f378e96b7db2da5e4

Download Submit
\Windows\system\JVKUtqO.exe

Filesize
6.0MB

MD5
9273078f03d5a9bcdd8b8d5e2e15a7f9

SHA1
c2f3bc6b28ebac25218a35d6f370d31a6ae9cf20

SHA256
fd80cf94239aee098b98e7eaa979f60eb79ddd04bf95fd4a03398fd996798d44

SHA512
fc72110be4f9b35da11aaef78a574898a8006555ee94c80f0586493facd04a2b70c27be44c1d3b9a127bf1bcc4ebe6381713185229156d2e0fab1de275434b7b

Download Submit
\Windows\system\LNIzkDs.exe

Filesize
6.0MB

MD5
906f36501876b034b3124793b879ae33

SHA1
3c7ff9034b2d703f5c3062b26cffaff1feb9e2c8

SHA256
97eff7afaf8baf68568cebc0e52f1b3eb4f07396bf15ad2e84e370fb4d612ce7

SHA512
24fb4825a3eaf2fabfd026bed27ea0bfe1931fb1952141f73a7d31eef5de7e413af802317c5ea7aa3e89382fd916e2e59c65ff310ff9058b7faca1551f82939e

Download Submit
\Windows\system\QJpZIgB.exe

Filesize
6.0MB

MD5
fb007de873d8a4b75ef5c69b3ed17e57

SHA1
1d7d959890c3d378e53831983a8cde7bf0daea46

SHA256
ea87b8e8e6bf64491baf958c5dfe221503e357c060ca92de26d842561e6ee4b6

SHA512
db20b80e4f1b1d7a81c264f705af61d836c88774c3d45adf54da111b79d131d8e8e8338a02de9003fa28f2c5e28cb4272bd08ccf686448d18da385db5c59104f

Download Submit
\Windows\system\RCOFrzj.exe

Filesize
6.0MB

MD5
8d44bcfc921d3a7dfd661bd99e9be86d

SHA1
6a8421376582719ef4ceb9541bd9f277816ae0fb

SHA256
7ed028b2afd65f3e9f9095db48e8cb6cbf7be6043e6b5c1626b491561e3595a3

SHA512
bdf98c59b8860ecde569417226b509ab0845943c6d81d7f2f64457b1b59ac863ba235563b044792bb2023c29e6a4a648f53bf31b687346d77e543bae11f87fab

Download Submit
\Windows\system\RHmZkHz.exe

Filesize
6.0MB

MD5
c713af600e863c9653a501e6563a351a

SHA1
d575ea24430faaa1dbb1f19e7bc87e3d78d24247

SHA256
a99b1623306e568e47f0c0916daec7fba1f540dde526865dec118702d4f4621b

SHA512
4768c188e5f69be2c3be3653e44619970d91104c32a1956102a178ded535ddf933cbe503effe239a6d526d0bb54f44cb0e25b009b50d41f4bba37ef3b6231a2f

Download Submit
\Windows\system\SEAEUoy.exe

Filesize
6.0MB

MD5
b96be9d966ae8fe990717a23f27a298e

SHA1
1de7a0914c82f05a80620abbb510fea58bdefd1e

SHA256
be2e6ec57154c64b1542d1979a932ef1af5825fde0c98bdeaf0675f3d4645a43

SHA512
f2df2e5303e7716b71a22726a4080a2c61bf01f0944acb271774cf4cfcf6acc8195d00bb8095a8aa9e48e962e43c0e8de46112bb5671ffb1e9807103f6a32e6c

Download Submit
\Windows\system\afrtKzo.exe

Filesize
6.0MB

MD5
828d4db87d50bca88608858f1a35b75a

SHA1
ea42371671a05f1597b9c311cc0523ceeb9ac47b

SHA256
320331b10421aa182bbaae12793501dacc7117ffc3545ef07cc12739bdf7ea6b

SHA512
34a4a4289cd2dad1277becc8d3ba75c9bdb24863b0a4f3c8516d3759c3d3a1d6eb060fb14108ed123118fe88517b0123250f9e461e3b1ba13fda7707bfffff1b

Download Submit
\Windows\system\uLXeiYg.exe

Filesize
6.0MB

MD5
23ddfb7e73f365668518d53ab9dedb5d

SHA1
7279cfd3b630bfcf0b1e79f2625f99ccaf780ade

SHA256
c0091c217e8a532882bf1681c9e5cf511eddecc29563e3d7193c6e5cb6d9ab74

SHA512
492d171ef3dac7836d81c6759c287b3ef10cde0afe8bdf24f504f926c209de8076d1821a8e768552e55396e3dc87a2406af66aebced05b90c3efecbb612f005e

Download Submit
memory/2192-633-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2192-3027-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2192-97-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2224-3016-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2224-57-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2224-96-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2272-215-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2272-73-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2272-3023-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2524-337-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3026-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-81-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-41-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3012-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-80-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-35-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3011-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2600-72-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2656-45-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-101-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2656-110-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2656-21-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-836-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2656-93-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2656-688-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-561-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2656-20-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2656-111-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2656-77-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-102-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-0-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-404-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2656-38-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-85-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2656-282-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-53-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2656-31-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2656-24-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2656-61-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2656-69-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2708-64-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2708-28-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3009-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3013-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-22-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-50-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2792-12-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2832-2998-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2832-17-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2832-46-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2868-105-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2868-65-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2868-3019-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2896-106-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-760-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-3025-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-482-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-89-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-3022-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-3015-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/3036-88-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/3036-51-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download