cobaltstrike | 402ff842d34e025cb58dda0c132c682d11c2bdec2532d298c5655bf054b79f6d

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 10:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

53de74554a738670189c4a47ba5bd50b
SHA1

00988529b6e3212471b980557a1dd87fcc51a858
SHA256

402ff842d34e025cb58dda0c132c682d11c2bdec2532d298c5655bf054b79f6d
SHA512

cefbc1cffdce044753387d41db5e5bee7e3ddf4093da7c05fbca35e0863b331c9c67f34bae93d25b678b5c45870ce9933aadb5e1cf8e1cb07bf8dc9b89b62688
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU+:T+q56utgpPF8u/7+

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012263-3.dat	cobalt_reflective_dll
behavioral1/files/0x00260000000170f8-12.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000186bb-11.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001756e-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b50-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b59-55.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-202.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-80.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001948c-65.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b54-51.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b05-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1644-0-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x000d000000012263-3.dat	xmrig
behavioral1/files/0x00260000000170f8-12.dat	xmrig
behavioral1/memory/1644-4-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2820-16-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/1452-9-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x00080000000186bb-11.dat	xmrig
behavioral1/memory/2928-22-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x001500000001756e-24.dat	xmrig
behavioral1/memory/1644-29-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2712-30-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b50-40.dat	xmrig
behavioral1/memory/2724-45-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b59-55.dat	xmrig
behavioral1/memory/2688-53-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x000500000001975a-70.dat	xmrig
behavioral1/memory/2916-73-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/948-74-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2148-82-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2628-91-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2188-99-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/948-141-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x0005000000019e92-149.dat	xmrig
behavioral1/files/0x0005000000019fdd-159.dat	xmrig
behavioral1/files/0x000500000001a3ab-185.dat	xmrig
behavioral1/files/0x000500000001a3f6-190.dat	xmrig
behavioral1/memory/2148-193-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3f8-194.dat	xmrig
behavioral1/memory/2664-394-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2820-600-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/1452-859-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2664-858-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2628-857-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2188-856-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/948-855-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2148-854-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2844-853-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2204-852-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2724-851-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2688-850-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2916-849-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2712-848-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2928-601-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2188-296-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2628-221-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3fd-202.dat	xmrig
behavioral1/files/0x000500000001a309-180.dat	xmrig
behavioral1/files/0x000500000001a0b6-175.dat	xmrig
behavioral1/files/0x000500000001a049-169.dat	xmrig
behavioral1/files/0x000500000001a03c-164.dat	xmrig
behavioral1/files/0x0005000000019fd4-154.dat	xmrig
behavioral1/files/0x0005000000019d6d-144.dat	xmrig
behavioral1/files/0x0005000000019d62-138.dat	xmrig
behavioral1/files/0x0005000000019d61-134.dat	xmrig
behavioral1/files/0x0005000000019c3c-128.dat	xmrig
behavioral1/files/0x0005000000019bf9-123.dat	xmrig
behavioral1/files/0x0005000000019bf6-118.dat	xmrig
behavioral1/files/0x0005000000019bf5-114.dat	xmrig
behavioral1/memory/2844-98-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019820-97.dat	xmrig
behavioral1/memory/2664-108-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2204-107-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001998d-106.dat	xmrig
behavioral1/memory/2688-90-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1452	UcOVOix.exe
2820	nnBpKsF.exe
2928	szezioz.exe
2712	hNVaQfJ.exe
2916	SyEOyAx.exe
2724	FnwaTUc.exe
2688	JWJieaY.exe
2844	PZoADRD.exe
2204	WzlwGBp.exe
948	XxrgBYs.exe
2148	OQmnPti.exe
2628	cnQmOUv.exe
2188	hyqgbxX.exe
2664	dzwvMgv.exe
3036	heAAQWB.exe
2212	VFaZwVp.exe
2436	MMAOKbl.exe
1756	CrcxnRz.exe
2172	JodkmWi.exe
580	xtIogqZ.exe
1400	oCxshmV.exe
1844	SGAcMIy.exe
2324	eLwfutR.exe
2600	YMbQgKs.exe
1220	WMQNZXp.exe
2512	gNDJQfK.exe
2392	YOCSyOi.exe
1920	caVwGYP.exe
632	gAdjBtJ.exe
908	PQaUwVk.exe
584	dPdcIUq.exe
1376	vpGeAVw.exe
2084	CwPbITU.exe
1712	alcnoVV.exe
1872	fnjXJoj.exe
1948	KOSiojD.exe
1952	hhJWATz.exe
1480	EdumKSy.exe
1068	QfQucTD.exe
1708	hqwZyra.exe
620	XYnHAaP.exe
2772	OyysuXk.exe
1664	oelTnOz.exe
2156	SGWsOsg.exe
852	XXNywTz.exe
2252	ykuJWkM.exe
1540	LfBDFeW.exe
896	owJAdjM.exe
2572	jBNUkkB.exe
1988	FURPlJK.exe
1532	BgRZWdJ.exe
1632	wAOBZzF.exe
2860	XhHXvQe.exe
3048	hqeczON.exe
2832	exztKly.exe
2932	qAFhDqy.exe
944	WTodlcI.exe
2796	WzSSPcH.exe
2660	PkNoLQR.exe
2388	gLkpOPn.exe
3016	TxQyGlL.exe
3004	tQBVPvX.exe
1280	RCWPoLc.exe
2736	yxmfcHk.exe

Loads dropped DLL 64 IoCs

pid	Process
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1644-0-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x000d000000012263-3.dat	upx
behavioral1/files/0x00260000000170f8-12.dat	upx
behavioral1/memory/2820-16-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/1452-9-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x00080000000186bb-11.dat	upx
behavioral1/memory/2928-22-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x001500000001756e-24.dat	upx
behavioral1/memory/1644-29-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2712-30-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x0007000000018b50-40.dat	upx
behavioral1/memory/2724-45-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x0007000000018b59-55.dat	upx
behavioral1/memory/2688-53-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x000500000001975a-70.dat	upx
behavioral1/memory/2916-73-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/948-74-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2148-82-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2628-91-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2188-99-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/948-141-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x0005000000019e92-149.dat	upx
behavioral1/files/0x0005000000019fdd-159.dat	upx
behavioral1/files/0x000500000001a3ab-185.dat	upx
behavioral1/files/0x000500000001a3f6-190.dat	upx
behavioral1/memory/2148-193-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/files/0x000500000001a3f8-194.dat	upx
behavioral1/memory/2664-394-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2820-600-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/1452-859-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2664-858-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2628-857-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2188-856-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/948-855-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2148-854-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2844-853-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2204-852-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2724-851-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2688-850-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2916-849-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2712-848-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2928-601-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2188-296-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2628-221-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x000500000001a3fd-202.dat	upx
behavioral1/files/0x000500000001a309-180.dat	upx
behavioral1/files/0x000500000001a0b6-175.dat	upx
behavioral1/files/0x000500000001a049-169.dat	upx
behavioral1/files/0x000500000001a03c-164.dat	upx
behavioral1/files/0x0005000000019fd4-154.dat	upx
behavioral1/files/0x0005000000019d6d-144.dat	upx
behavioral1/files/0x0005000000019d62-138.dat	upx
behavioral1/files/0x0005000000019d61-134.dat	upx
behavioral1/files/0x0005000000019c3c-128.dat	upx
behavioral1/files/0x0005000000019bf9-123.dat	upx
behavioral1/files/0x0005000000019bf6-118.dat	upx
behavioral1/files/0x0005000000019bf5-114.dat	upx
behavioral1/memory/2844-98-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x0005000000019820-97.dat	upx
behavioral1/memory/2664-108-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2204-107-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x000500000001998d-106.dat	upx
behavioral1/memory/2688-90-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x00050000000197fd-89.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jaTlDPu.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pDdoaNj.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zVrppku.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yAfadpk.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQiwyBE.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iORizmy.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jYZewwE.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eYDxuJC.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MLPFShA.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yrniRpo.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PbzPJCm.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vuKtAeW.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rKiKSBM.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cpfhaOK.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uaJULeS.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUbjtAM.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ynNpbof.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LTgsRzR.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ELUwnNO.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODJYhrs.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OowyaeC.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PdRqqEx.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uAsVRcS.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CrcxnRz.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\heRIQLh.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQJxfhE.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KFYFdhQ.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vKyRBdh.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UNUvYBl.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JZgvLwK.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SGWsOsg.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uixTNob.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MpOXKQh.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OmRBhFO.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TTopJzk.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NjVtrfg.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JLccwsv.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\opOkJTD.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPwFgEM.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bMdvult.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFTNGum.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBymoJO.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hbbOYjt.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NURJibb.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KyLelhQ.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rNsPZmH.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xyPzEfa.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zqhztAo.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GfMqdgn.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dxZJfSJ.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxVQdCX.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WTodlcI.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mDiDjAu.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QvwSTOn.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uyrCjQI.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYChDtk.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TwhXjrY.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PkNoLQR.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OaFhzck.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOqRnEi.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rGCTvlb.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BMDWqIX.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hhLDSZc.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SxYcAHF.exe	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 1452	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1644 wrote to memory of 1452	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1644 wrote to memory of 1452	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1644 wrote to memory of 2820	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1644 wrote to memory of 2820	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1644 wrote to memory of 2820	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1644 wrote to memory of 2928	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1644 wrote to memory of 2928	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1644 wrote to memory of 2928	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1644 wrote to memory of 2712	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1644 wrote to memory of 2712	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1644 wrote to memory of 2712	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1644 wrote to memory of 2916	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1644 wrote to memory of 2916	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1644 wrote to memory of 2916	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1644 wrote to memory of 2724	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1644 wrote to memory of 2724	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1644 wrote to memory of 2724	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1644 wrote to memory of 2688	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1644 wrote to memory of 2688	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1644 wrote to memory of 2688	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1644 wrote to memory of 2844	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1644 wrote to memory of 2844	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1644 wrote to memory of 2844	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1644 wrote to memory of 2204	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1644 wrote to memory of 2204	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1644 wrote to memory of 2204	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1644 wrote to memory of 948	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1644 wrote to memory of 948	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1644 wrote to memory of 948	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1644 wrote to memory of 2148	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1644 wrote to memory of 2148	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1644 wrote to memory of 2148	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1644 wrote to memory of 2628	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1644 wrote to memory of 2628	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1644 wrote to memory of 2628	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1644 wrote to memory of 2188	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1644 wrote to memory of 2188	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1644 wrote to memory of 2188	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1644 wrote to memory of 2664	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1644 wrote to memory of 2664	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1644 wrote to memory of 2664	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1644 wrote to memory of 3036	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1644 wrote to memory of 3036	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1644 wrote to memory of 3036	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1644 wrote to memory of 2212	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1644 wrote to memory of 2212	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1644 wrote to memory of 2212	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1644 wrote to memory of 2436	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1644 wrote to memory of 2436	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1644 wrote to memory of 2436	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1644 wrote to memory of 1756	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1644 wrote to memory of 1756	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1644 wrote to memory of 1756	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1644 wrote to memory of 2172	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1644 wrote to memory of 2172	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1644 wrote to memory of 2172	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1644 wrote to memory of 580	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1644 wrote to memory of 580	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1644 wrote to memory of 580	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1644 wrote to memory of 1400	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1644 wrote to memory of 1400	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1644 wrote to memory of 1400	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1644 wrote to memory of 1844	1644	2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_53de74554a738670189c4a47ba5bd50b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Windows\System\UcOVOix.exe
  C:\Windows\System\UcOVOix.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\nnBpKsF.exe
  C:\Windows\System\nnBpKsF.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\szezioz.exe
  C:\Windows\System\szezioz.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\hNVaQfJ.exe
  C:\Windows\System\hNVaQfJ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\SyEOyAx.exe
  C:\Windows\System\SyEOyAx.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\FnwaTUc.exe
  C:\Windows\System\FnwaTUc.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\JWJieaY.exe
  C:\Windows\System\JWJieaY.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\PZoADRD.exe
  C:\Windows\System\PZoADRD.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\WzlwGBp.exe
  C:\Windows\System\WzlwGBp.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\XxrgBYs.exe
  C:\Windows\System\XxrgBYs.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\OQmnPti.exe
  C:\Windows\System\OQmnPti.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\cnQmOUv.exe
  C:\Windows\System\cnQmOUv.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\hyqgbxX.exe
  C:\Windows\System\hyqgbxX.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\dzwvMgv.exe
  C:\Windows\System\dzwvMgv.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\heAAQWB.exe
  C:\Windows\System\heAAQWB.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\VFaZwVp.exe
  C:\Windows\System\VFaZwVp.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\MMAOKbl.exe
  C:\Windows\System\MMAOKbl.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\CrcxnRz.exe
  C:\Windows\System\CrcxnRz.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\JodkmWi.exe
  C:\Windows\System\JodkmWi.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\xtIogqZ.exe
  C:\Windows\System\xtIogqZ.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\oCxshmV.exe
  C:\Windows\System\oCxshmV.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\SGAcMIy.exe
  C:\Windows\System\SGAcMIy.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\eLwfutR.exe
  C:\Windows\System\eLwfutR.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\YMbQgKs.exe
  C:\Windows\System\YMbQgKs.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\WMQNZXp.exe
  C:\Windows\System\WMQNZXp.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\gNDJQfK.exe
  C:\Windows\System\gNDJQfK.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\YOCSyOi.exe
  C:\Windows\System\YOCSyOi.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\caVwGYP.exe
  C:\Windows\System\caVwGYP.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\gAdjBtJ.exe
  C:\Windows\System\gAdjBtJ.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\PQaUwVk.exe
  C:\Windows\System\PQaUwVk.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\dPdcIUq.exe
  C:\Windows\System\dPdcIUq.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\vpGeAVw.exe
  C:\Windows\System\vpGeAVw.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\CwPbITU.exe
  C:\Windows\System\CwPbITU.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\alcnoVV.exe
  C:\Windows\System\alcnoVV.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\fnjXJoj.exe
  C:\Windows\System\fnjXJoj.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\KOSiojD.exe
  C:\Windows\System\KOSiojD.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\hhJWATz.exe
  C:\Windows\System\hhJWATz.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\EdumKSy.exe
  C:\Windows\System\EdumKSy.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\QfQucTD.exe
  C:\Windows\System\QfQucTD.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\hqwZyra.exe
  C:\Windows\System\hqwZyra.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\XYnHAaP.exe
  C:\Windows\System\XYnHAaP.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\OyysuXk.exe
  C:\Windows\System\OyysuXk.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\SGWsOsg.exe
  C:\Windows\System\SGWsOsg.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\oelTnOz.exe
  C:\Windows\System\oelTnOz.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\XXNywTz.exe
  C:\Windows\System\XXNywTz.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\ykuJWkM.exe
  C:\Windows\System\ykuJWkM.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\LfBDFeW.exe
  C:\Windows\System\LfBDFeW.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\owJAdjM.exe
  C:\Windows\System\owJAdjM.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\jBNUkkB.exe
  C:\Windows\System\jBNUkkB.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\FURPlJK.exe
  C:\Windows\System\FURPlJK.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\BgRZWdJ.exe
  C:\Windows\System\BgRZWdJ.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\wAOBZzF.exe
  C:\Windows\System\wAOBZzF.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\XhHXvQe.exe
  C:\Windows\System\XhHXvQe.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\hqeczON.exe
  C:\Windows\System\hqeczON.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\exztKly.exe
  C:\Windows\System\exztKly.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\qAFhDqy.exe
  C:\Windows\System\qAFhDqy.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\WTodlcI.exe
  C:\Windows\System\WTodlcI.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\WzSSPcH.exe
  C:\Windows\System\WzSSPcH.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\PkNoLQR.exe
  C:\Windows\System\PkNoLQR.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\gLkpOPn.exe
  C:\Windows\System\gLkpOPn.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\TxQyGlL.exe
  C:\Windows\System\TxQyGlL.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\tQBVPvX.exe
  C:\Windows\System\tQBVPvX.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\RCWPoLc.exe
  C:\Windows\System\RCWPoLc.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\yxmfcHk.exe
  C:\Windows\System\yxmfcHk.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\ntNCrwT.exe
  C:\Windows\System\ntNCrwT.exe
  2⤵
  PID:2488
- C:\Windows\System\LHzbifT.exe
  C:\Windows\System\LHzbifT.exe
  2⤵
  PID:1680
- C:\Windows\System\XKssIpI.exe
  C:\Windows\System\XKssIpI.exe
  2⤵
  PID:2376
- C:\Windows\System\qKkOWfE.exe
  C:\Windows\System\qKkOWfE.exe
  2⤵
  PID:1144
- C:\Windows\System\AHBDChX.exe
  C:\Windows\System\AHBDChX.exe
  2⤵
  PID:2076
- C:\Windows\System\BPBqaco.exe
  C:\Windows\System\BPBqaco.exe
  2⤵
  PID:1576
- C:\Windows\System\IoSynYp.exe
  C:\Windows\System\IoSynYp.exe
  2⤵
  PID:2104
- C:\Windows\System\FoSOcEp.exe
  C:\Windows\System\FoSOcEp.exe
  2⤵
  PID:920
- C:\Windows\System\rmjlsEK.exe
  C:\Windows\System\rmjlsEK.exe
  2⤵
  PID:1620
- C:\Windows\System\HVBnIbr.exe
  C:\Windows\System\HVBnIbr.exe
  2⤵
  PID:772
- C:\Windows\System\Ojsmovr.exe
  C:\Windows\System\Ojsmovr.exe
  2⤵
  PID:2164
- C:\Windows\System\HLFUsfO.exe
  C:\Windows\System\HLFUsfO.exe
  2⤵
  PID:1864
- C:\Windows\System\usWeKWB.exe
  C:\Windows\System\usWeKWB.exe
  2⤵
  PID:2072
- C:\Windows\System\vRuGHAt.exe
  C:\Windows\System\vRuGHAt.exe
  2⤵
  PID:2028
- C:\Windows\System\rihpsko.exe
  C:\Windows\System\rihpsko.exe
  2⤵
  PID:2236
- C:\Windows\System\pQeKODG.exe
  C:\Windows\System\pQeKODG.exe
  2⤵
  PID:1340
- C:\Windows\System\bxRFCbW.exe
  C:\Windows\System\bxRFCbW.exe
  2⤵
  PID:2528
- C:\Windows\System\sPTuomA.exe
  C:\Windows\System\sPTuomA.exe
  2⤵
  PID:2548
- C:\Windows\System\pzqyHbA.exe
  C:\Windows\System\pzqyHbA.exe
  2⤵
  PID:1580
- C:\Windows\System\gQrQCOC.exe
  C:\Windows\System\gQrQCOC.exe
  2⤵
  PID:2540
- C:\Windows\System\rvSLxzp.exe
  C:\Windows\System\rvSLxzp.exe
  2⤵
  PID:1508
- C:\Windows\System\GHuaiOC.exe
  C:\Windows\System\GHuaiOC.exe
  2⤵
  PID:2352
- C:\Windows\System\VQApnZv.exe
  C:\Windows\System\VQApnZv.exe
  2⤵
  PID:2800
- C:\Windows\System\BpecGKJ.exe
  C:\Windows\System\BpecGKJ.exe
  2⤵
  PID:2912
- C:\Windows\System\AtdBeNU.exe
  C:\Windows\System\AtdBeNU.exe
  2⤵
  PID:1016
- C:\Windows\System\EIjLFZh.exe
  C:\Windows\System\EIjLFZh.exe
  2⤵
  PID:2740
- C:\Windows\System\APtAdMr.exe
  C:\Windows\System\APtAdMr.exe
  2⤵
  PID:1412
- C:\Windows\System\ohlAwqz.exe
  C:\Windows\System\ohlAwqz.exe
  2⤵
  PID:3020
- C:\Windows\System\AopkdoJ.exe
  C:\Windows\System\AopkdoJ.exe
  2⤵
  PID:2196
- C:\Windows\System\NzAtLgo.exe
  C:\Windows\System\NzAtLgo.exe
  2⤵
  PID:2420
- C:\Windows\System\fAFjezd.exe
  C:\Windows\System\fAFjezd.exe
  2⤵
  PID:2404
- C:\Windows\System\NBtNGYq.exe
  C:\Windows\System\NBtNGYq.exe
  2⤵
  PID:1544
- C:\Windows\System\fgIiYSk.exe
  C:\Windows\System\fgIiYSk.exe
  2⤵
  PID:1428
- C:\Windows\System\cwVRLdr.exe
  C:\Windows\System\cwVRLdr.exe
  2⤵
  PID:2056
- C:\Windows\System\VakHinP.exe
  C:\Windows\System\VakHinP.exe
  2⤵
  PID:304
- C:\Windows\System\xRPAxHd.exe
  C:\Windows\System\xRPAxHd.exe
  2⤵
  PID:1736
- C:\Windows\System\jwAUirP.exe
  C:\Windows\System\jwAUirP.exe
  2⤵
  PID:236
- C:\Windows\System\SgBUsSF.exe
  C:\Windows\System\SgBUsSF.exe
  2⤵
  PID:1648
- C:\Windows\System\STBaKcS.exe
  C:\Windows\System\STBaKcS.exe
  2⤵
  PID:2316
- C:\Windows\System\lFOfPUU.exe
  C:\Windows\System\lFOfPUU.exe
  2⤵
  PID:2400
- C:\Windows\System\IFFkvsK.exe
  C:\Windows\System\IFFkvsK.exe
  2⤵
  PID:1932
- C:\Windows\System\PxNsXpZ.exe
  C:\Windows\System\PxNsXpZ.exe
  2⤵
  PID:1440
- C:\Windows\System\TzsElqX.exe
  C:\Windows\System\TzsElqX.exe
  2⤵
  PID:2980
- C:\Windows\System\zQmsFDX.exe
  C:\Windows\System\zQmsFDX.exe
  2⤵
  PID:3024
- C:\Windows\System\fKsTnSQ.exe
  C:\Windows\System\fKsTnSQ.exe
  2⤵
  PID:2364
- C:\Windows\System\XDwMeyH.exe
  C:\Windows\System\XDwMeyH.exe
  2⤵
  PID:1172
- C:\Windows\System\jaNmgAU.exe
  C:\Windows\System\jaNmgAU.exe
  2⤵
  PID:332
- C:\Windows\System\hCSLZBn.exe
  C:\Windows\System\hCSLZBn.exe
  2⤵
  PID:1956
- C:\Windows\System\MalxOcB.exe
  C:\Windows\System\MalxOcB.exe
  2⤵
  PID:1020
- C:\Windows\System\GhbnoPn.exe
  C:\Windows\System\GhbnoPn.exe
  2⤵
  PID:3088
- C:\Windows\System\sDsRSLK.exe
  C:\Windows\System\sDsRSLK.exe
  2⤵
  PID:3108
- C:\Windows\System\huIvqGl.exe
  C:\Windows\System\huIvqGl.exe
  2⤵
  PID:3128
- C:\Windows\System\ylOGMBH.exe
  C:\Windows\System\ylOGMBH.exe
  2⤵
  PID:3148
- C:\Windows\System\zliTLrg.exe
  C:\Windows\System\zliTLrg.exe
  2⤵
  PID:3168
- C:\Windows\System\lXXrnzK.exe
  C:\Windows\System\lXXrnzK.exe
  2⤵
  PID:3192
- C:\Windows\System\FJrxsYP.exe
  C:\Windows\System\FJrxsYP.exe
  2⤵
  PID:3212
- C:\Windows\System\zdJsTEz.exe
  C:\Windows\System\zdJsTEz.exe
  2⤵
  PID:3232
- C:\Windows\System\ykjBKdc.exe
  C:\Windows\System\ykjBKdc.exe
  2⤵
  PID:3252
- C:\Windows\System\HrZachU.exe
  C:\Windows\System\HrZachU.exe
  2⤵
  PID:3272
- C:\Windows\System\zDkCMmc.exe
  C:\Windows\System\zDkCMmc.exe
  2⤵
  PID:3292
- C:\Windows\System\RyIFKpU.exe
  C:\Windows\System\RyIFKpU.exe
  2⤵
  PID:3312
- C:\Windows\System\nNqeOAU.exe
  C:\Windows\System\nNqeOAU.exe
  2⤵
  PID:3332
- C:\Windows\System\MZAEySX.exe
  C:\Windows\System\MZAEySX.exe
  2⤵
  PID:3352
- C:\Windows\System\ggnHglx.exe
  C:\Windows\System\ggnHglx.exe
  2⤵
  PID:3372
- C:\Windows\System\mAIfKni.exe
  C:\Windows\System\mAIfKni.exe
  2⤵
  PID:3392
- C:\Windows\System\HqzocZM.exe
  C:\Windows\System\HqzocZM.exe
  2⤵
  PID:3416
- C:\Windows\System\QPEXdtt.exe
  C:\Windows\System\QPEXdtt.exe
  2⤵
  PID:3436
- C:\Windows\System\TwHXdwJ.exe
  C:\Windows\System\TwHXdwJ.exe
  2⤵
  PID:3456
- C:\Windows\System\zpRuuZw.exe
  C:\Windows\System\zpRuuZw.exe
  2⤵
  PID:3476
- C:\Windows\System\VhNuXRV.exe
  C:\Windows\System\VhNuXRV.exe
  2⤵
  PID:3500
- C:\Windows\System\uVHmGft.exe
  C:\Windows\System\uVHmGft.exe
  2⤵
  PID:3520
- C:\Windows\System\BEfusKP.exe
  C:\Windows\System\BEfusKP.exe
  2⤵
  PID:3540
- C:\Windows\System\kMNBsJK.exe
  C:\Windows\System\kMNBsJK.exe
  2⤵
  PID:3560
- C:\Windows\System\lCRHLQq.exe
  C:\Windows\System\lCRHLQq.exe
  2⤵
  PID:3580
- C:\Windows\System\fWjmQgl.exe
  C:\Windows\System\fWjmQgl.exe
  2⤵
  PID:3600
- C:\Windows\System\VLPBTXK.exe
  C:\Windows\System\VLPBTXK.exe
  2⤵
  PID:3620
- C:\Windows\System\skBNsKG.exe
  C:\Windows\System\skBNsKG.exe
  2⤵
  PID:3640
- C:\Windows\System\ntEYvxS.exe
  C:\Windows\System\ntEYvxS.exe
  2⤵
  PID:3660
- C:\Windows\System\wsbmqqS.exe
  C:\Windows\System\wsbmqqS.exe
  2⤵
  PID:3680
- C:\Windows\System\bhoGQMX.exe
  C:\Windows\System\bhoGQMX.exe
  2⤵
  PID:3700
- C:\Windows\System\hYzbOHS.exe
  C:\Windows\System\hYzbOHS.exe
  2⤵
  PID:3720
- C:\Windows\System\HIokvKB.exe
  C:\Windows\System\HIokvKB.exe
  2⤵
  PID:3740
- C:\Windows\System\KKQZHvF.exe
  C:\Windows\System\KKQZHvF.exe
  2⤵
  PID:3760
- C:\Windows\System\fenAtmK.exe
  C:\Windows\System\fenAtmK.exe
  2⤵
  PID:3780
- C:\Windows\System\EIBcNUc.exe
  C:\Windows\System\EIBcNUc.exe
  2⤵
  PID:3800
- C:\Windows\System\tmBEELA.exe
  C:\Windows\System\tmBEELA.exe
  2⤵
  PID:3824
- C:\Windows\System\cecMBvs.exe
  C:\Windows\System\cecMBvs.exe
  2⤵
  PID:3848
- C:\Windows\System\KtTjySW.exe
  C:\Windows\System\KtTjySW.exe
  2⤵
  PID:3868
- C:\Windows\System\phOMZjN.exe
  C:\Windows\System\phOMZjN.exe
  2⤵
  PID:3888
- C:\Windows\System\ZvxHiVM.exe
  C:\Windows\System\ZvxHiVM.exe
  2⤵
  PID:3908
- C:\Windows\System\cUeHvXs.exe
  C:\Windows\System\cUeHvXs.exe
  2⤵
  PID:3928
- C:\Windows\System\XixVizZ.exe
  C:\Windows\System\XixVizZ.exe
  2⤵
  PID:3948
- C:\Windows\System\RFkdQNS.exe
  C:\Windows\System\RFkdQNS.exe
  2⤵
  PID:3968
- C:\Windows\System\iBhrqje.exe
  C:\Windows\System\iBhrqje.exe
  2⤵
  PID:3988
- C:\Windows\System\wvEGGmT.exe
  C:\Windows\System\wvEGGmT.exe
  2⤵
  PID:4008
- C:\Windows\System\YxvqYuF.exe
  C:\Windows\System\YxvqYuF.exe
  2⤵
  PID:4028
- C:\Windows\System\XHBBtlP.exe
  C:\Windows\System\XHBBtlP.exe
  2⤵
  PID:4048
- C:\Windows\System\wIVMxtg.exe
  C:\Windows\System\wIVMxtg.exe
  2⤵
  PID:4064
- C:\Windows\System\YDHUfMg.exe
  C:\Windows\System\YDHUfMg.exe
  2⤵
  PID:2052
- C:\Windows\System\oTpOORN.exe
  C:\Windows\System\oTpOORN.exe
  2⤵
  PID:2384
- C:\Windows\System\PcZsUyK.exe
  C:\Windows\System\PcZsUyK.exe
  2⤵
  PID:1396
- C:\Windows\System\bmTFPXp.exe
  C:\Windows\System\bmTFPXp.exe
  2⤵
  PID:3104
- C:\Windows\System\HaaRhZi.exe
  C:\Windows\System\HaaRhZi.exe
  2⤵
  PID:3136
- C:\Windows\System\PRyliPG.exe
  C:\Windows\System\PRyliPG.exe
  2⤵
  PID:3124
- C:\Windows\System\LszELLu.exe
  C:\Windows\System\LszELLu.exe
  2⤵
  PID:3180
- C:\Windows\System\pIupTWO.exe
  C:\Windows\System\pIupTWO.exe
  2⤵
  PID:3200
- C:\Windows\System\UwZYzqn.exe
  C:\Windows\System\UwZYzqn.exe
  2⤵
  PID:3260
- C:\Windows\System\NQgaBJw.exe
  C:\Windows\System\NQgaBJw.exe
  2⤵
  PID:3300
- C:\Windows\System\MupFpXi.exe
  C:\Windows\System\MupFpXi.exe
  2⤵
  PID:3320
- C:\Windows\System\nxjWSOx.exe
  C:\Windows\System\nxjWSOx.exe
  2⤵
  PID:3344
- C:\Windows\System\KgVNvXJ.exe
  C:\Windows\System\KgVNvXJ.exe
  2⤵
  PID:3364
- C:\Windows\System\XNeLQxm.exe
  C:\Windows\System\XNeLQxm.exe
  2⤵
  PID:3432
- C:\Windows\System\jZoFCEw.exe
  C:\Windows\System\jZoFCEw.exe
  2⤵
  PID:3444
- C:\Windows\System\nCLdjkn.exe
  C:\Windows\System\nCLdjkn.exe
  2⤵
  PID:3484
- C:\Windows\System\LjObJYs.exe
  C:\Windows\System\LjObJYs.exe
  2⤵
  PID:3548
- C:\Windows\System\NjVtrfg.exe
  C:\Windows\System\NjVtrfg.exe
  2⤵
  PID:3588
- C:\Windows\System\bNirVEZ.exe
  C:\Windows\System\bNirVEZ.exe
  2⤵
  PID:3568
- C:\Windows\System\wYTnZCB.exe
  C:\Windows\System\wYTnZCB.exe
  2⤵
  PID:3616
- C:\Windows\System\jDDKNfg.exe
  C:\Windows\System\jDDKNfg.exe
  2⤵
  PID:3648
- C:\Windows\System\FKnyMBA.exe
  C:\Windows\System\FKnyMBA.exe
  2⤵
  PID:3672
- C:\Windows\System\AayfCRh.exe
  C:\Windows\System\AayfCRh.exe
  2⤵
  PID:3712
- C:\Windows\System\ndGtUJd.exe
  C:\Windows\System\ndGtUJd.exe
  2⤵
  PID:3796
- C:\Windows\System\MSHbLII.exe
  C:\Windows\System\MSHbLII.exe
  2⤵
  PID:3728
- C:\Windows\System\iFxObij.exe
  C:\Windows\System\iFxObij.exe
  2⤵
  PID:3772
- C:\Windows\System\MWaRlcU.exe
  C:\Windows\System\MWaRlcU.exe
  2⤵
  PID:3840
- C:\Windows\System\nswXeJj.exe
  C:\Windows\System\nswXeJj.exe
  2⤵
  PID:3876
- C:\Windows\System\PLKhoeT.exe
  C:\Windows\System\PLKhoeT.exe
  2⤵
  PID:3956
- C:\Windows\System\vappyii.exe
  C:\Windows\System\vappyii.exe
  2⤵
  PID:3900
- C:\Windows\System\PVHDFzf.exe
  C:\Windows\System\PVHDFzf.exe
  2⤵
  PID:3984
- C:\Windows\System\RbSmKJy.exe
  C:\Windows\System\RbSmKJy.exe
  2⤵
  PID:4004
- C:\Windows\System\yvSHlQh.exe
  C:\Windows\System\yvSHlQh.exe
  2⤵
  PID:4020
- C:\Windows\System\zObGRhB.exe
  C:\Windows\System\zObGRhB.exe
  2⤵
  PID:4084
- C:\Windows\System\zXbeArW.exe
  C:\Windows\System\zXbeArW.exe
  2⤵
  PID:2732
- C:\Windows\System\ommBYSd.exe
  C:\Windows\System\ommBYSd.exe
  2⤵
  PID:2228
- C:\Windows\System\TBgkNjm.exe
  C:\Windows\System\TBgkNjm.exe
  2⤵
  PID:2812
- C:\Windows\System\RImYbiF.exe
  C:\Windows\System\RImYbiF.exe
  2⤵
  PID:1792
- C:\Windows\System\zNHdEyH.exe
  C:\Windows\System\zNHdEyH.exe
  2⤵
  PID:1548
- C:\Windows\System\EocBZxh.exe
  C:\Windows\System\EocBZxh.exe
  2⤵
  PID:2180
- C:\Windows\System\eBdHMcu.exe
  C:\Windows\System\eBdHMcu.exe
  2⤵
  PID:3000
- C:\Windows\System\mRMqUnF.exe
  C:\Windows\System\mRMqUnF.exe
  2⤵
  PID:2996
- C:\Windows\System\UIZiqob.exe
  C:\Windows\System\UIZiqob.exe
  2⤵
  PID:2884
- C:\Windows\System\aAzmAzQ.exe
  C:\Windows\System\aAzmAzQ.exe
  2⤵
  PID:2064
- C:\Windows\System\plRHsJV.exe
  C:\Windows\System\plRHsJV.exe
  2⤵
  PID:1308
- C:\Windows\System\iWwPRcU.exe
  C:\Windows\System\iWwPRcU.exe
  2⤵
  PID:2676
- C:\Windows\System\XfoCUoY.exe
  C:\Windows\System\XfoCUoY.exe
  2⤵
  PID:2856
- C:\Windows\System\jujplwW.exe
  C:\Windows\System\jujplwW.exe
  2⤵
  PID:1028
- C:\Windows\System\kalBtpf.exe
  C:\Windows\System\kalBtpf.exe
  2⤵
  PID:964
- C:\Windows\System\hKWIZCn.exe
  C:\Windows\System\hKWIZCn.exe
  2⤵
  PID:3080
- C:\Windows\System\ZDzynPs.exe
  C:\Windows\System\ZDzynPs.exe
  2⤵
  PID:3176
- C:\Windows\System\MXYZwis.exe
  C:\Windows\System\MXYZwis.exe
  2⤵
  PID:3220
- C:\Windows\System\xAoJcov.exe
  C:\Windows\System\xAoJcov.exe
  2⤵
  PID:3288
- C:\Windows\System\hzGaycc.exe
  C:\Windows\System\hzGaycc.exe
  2⤵
  PID:3368
- C:\Windows\System\RrvXMSE.exe
  C:\Windows\System\RrvXMSE.exe
  2⤵
  PID:3324
- C:\Windows\System\KrtwpUP.exe
  C:\Windows\System\KrtwpUP.exe
  2⤵
  PID:3428
- C:\Windows\System\mqVQYGW.exe
  C:\Windows\System\mqVQYGW.exe
  2⤵
  PID:3448
- C:\Windows\System\xJWVqqF.exe
  C:\Windows\System\xJWVqqF.exe
  2⤵
  PID:3528
- C:\Windows\System\GuRRypq.exe
  C:\Windows\System\GuRRypq.exe
  2⤵
  PID:3632
- C:\Windows\System\mubwPXj.exe
  C:\Windows\System\mubwPXj.exe
  2⤵
  PID:3628
- C:\Windows\System\BIcxbbr.exe
  C:\Windows\System\BIcxbbr.exe
  2⤵
  PID:1504
- C:\Windows\System\wHiogSM.exe
  C:\Windows\System\wHiogSM.exe
  2⤵
  PID:3696
- C:\Windows\System\SILDzZf.exe
  C:\Windows\System\SILDzZf.exe
  2⤵
  PID:1456
- C:\Windows\System\kdGNive.exe
  C:\Windows\System\kdGNive.exe
  2⤵
  PID:3768
- C:\Windows\System\FwNraQN.exe
  C:\Windows\System\FwNraQN.exe
  2⤵
  PID:3920
- C:\Windows\System\VEeMtuT.exe
  C:\Windows\System\VEeMtuT.exe
  2⤵
  PID:3940
- C:\Windows\System\XRsZwIG.exe
  C:\Windows\System\XRsZwIG.exe
  2⤵
  PID:4016
- C:\Windows\System\bWaKXRc.exe
  C:\Windows\System\bWaKXRc.exe
  2⤵
  PID:3996
- C:\Windows\System\kvTEuvB.exe
  C:\Windows\System\kvTEuvB.exe
  2⤵
  PID:4092
- C:\Windows\System\CyXGpBU.exe
  C:\Windows\System\CyXGpBU.exe
  2⤵
  PID:2508
- C:\Windows\System\OrhcQah.exe
  C:\Windows\System\OrhcQah.exe
  2⤵
  PID:1776
- C:\Windows\System\MouEXlE.exe
  C:\Windows\System\MouEXlE.exe
  2⤵
  PID:1788
- C:\Windows\System\XSbfoVW.exe
  C:\Windows\System\XSbfoVW.exe
  2⤵
  PID:1468
- C:\Windows\System\FkxGyUY.exe
  C:\Windows\System\FkxGyUY.exe
  2⤵
  PID:2624
- C:\Windows\System\yeFNKfX.exe
  C:\Windows\System\yeFNKfX.exe
  2⤵
  PID:2976
- C:\Windows\System\WxxYYmF.exe
  C:\Windows\System\WxxYYmF.exe
  2⤵
  PID:2136
- C:\Windows\System\cExLRyz.exe
  C:\Windows\System\cExLRyz.exe
  2⤵
  PID:2200
- C:\Windows\System\HkLFKQl.exe
  C:\Windows\System\HkLFKQl.exe
  2⤵
  PID:1916
- C:\Windows\System\qinNGtN.exe
  C:\Windows\System\qinNGtN.exe
  2⤵
  PID:2428
- C:\Windows\System\ODJYhrs.exe
  C:\Windows\System\ODJYhrs.exe
  2⤵
  PID:3268
- C:\Windows\System\UThvvQO.exe
  C:\Windows\System\UThvvQO.exe
  2⤵
  PID:3228
- C:\Windows\System\ZyuyicA.exe
  C:\Windows\System\ZyuyicA.exe
  2⤵
  PID:3160
- C:\Windows\System\lGJCJfa.exe
  C:\Windows\System\lGJCJfa.exe
  2⤵
  PID:2696
- C:\Windows\System\ZAcuXIA.exe
  C:\Windows\System\ZAcuXIA.exe
  2⤵
  PID:2748
- C:\Windows\System\QWDTFro.exe
  C:\Windows\System\QWDTFro.exe
  2⤵
  PID:3656
- C:\Windows\System\iwtoYIB.exe
  C:\Windows\System\iwtoYIB.exe
  2⤵
  PID:3816
- C:\Windows\System\PqPuvHV.exe
  C:\Windows\System\PqPuvHV.exe
  2⤵
  PID:3812
- C:\Windows\System\ujfjxDH.exe
  C:\Windows\System\ujfjxDH.exe
  2⤵
  PID:3960
- C:\Windows\System\KnTwaRH.exe
  C:\Windows\System\KnTwaRH.exe
  2⤵
  PID:4044
- C:\Windows\System\TOVhjfg.exe
  C:\Windows\System\TOVhjfg.exe
  2⤵
  PID:4056
- C:\Windows\System\IQiwyBE.exe
  C:\Windows\System\IQiwyBE.exe
  2⤵
  PID:2368
- C:\Windows\System\PypYjDh.exe
  C:\Windows\System\PypYjDh.exe
  2⤵
  PID:2588
- C:\Windows\System\ZcgCzPz.exe
  C:\Windows\System\ZcgCzPz.exe
  2⤵
  PID:1500
- C:\Windows\System\QquUoRT.exe
  C:\Windows\System\QquUoRT.exe
  2⤵
  PID:2348
- C:\Windows\System\ASPTCfn.exe
  C:\Windows\System\ASPTCfn.exe
  2⤵
  PID:1560
- C:\Windows\System\oEqlzok.exe
  C:\Windows\System\oEqlzok.exe
  2⤵
  PID:2080
- C:\Windows\System\JpnNsxq.exe
  C:\Windows\System\JpnNsxq.exe
  2⤵
  PID:2764
- C:\Windows\System\SGCSaoi.exe
  C:\Windows\System\SGCSaoi.exe
  2⤵
  PID:2616
- C:\Windows\System\YCrtWwE.exe
  C:\Windows\System\YCrtWwE.exe
  2⤵
  PID:2960
- C:\Windows\System\WOLkjkD.exe
  C:\Windows\System\WOLkjkD.exe
  2⤵
  PID:1252
- C:\Windows\System\DDGzCjC.exe
  C:\Windows\System\DDGzCjC.exe
  2⤵
  PID:3464
- C:\Windows\System\WJyXVJY.exe
  C:\Windows\System\WJyXVJY.exe
  2⤵
  PID:972
- C:\Windows\System\RJipmHf.exe
  C:\Windows\System\RJipmHf.exe
  2⤵
  PID:3100
- C:\Windows\System\baJlSvh.exe
  C:\Windows\System\baJlSvh.exe
  2⤵
  PID:1924
- C:\Windows\System\BOEjrSo.exe
  C:\Windows\System\BOEjrSo.exe
  2⤵
  PID:1300
- C:\Windows\System\GFyPVMG.exe
  C:\Windows\System\GFyPVMG.exe
  2⤵
  PID:3752
- C:\Windows\System\hAcxydl.exe
  C:\Windows\System\hAcxydl.exe
  2⤵
  PID:1972
- C:\Windows\System\ZWNMnVl.exe
  C:\Windows\System\ZWNMnVl.exe
  2⤵
  PID:3732
- C:\Windows\System\FdPvwNn.exe
  C:\Windows\System\FdPvwNn.exe
  2⤵
  PID:2608
- C:\Windows\System\ugWFsqF.exe
  C:\Windows\System\ugWFsqF.exe
  2⤵
  PID:2068
- C:\Windows\System\PManLFk.exe
  C:\Windows\System\PManLFk.exe
  2⤵
  PID:1940
- C:\Windows\System\QwAfzZL.exe
  C:\Windows\System\QwAfzZL.exe
  2⤵
  PID:2612
- C:\Windows\System\zzorTqt.exe
  C:\Windows\System\zzorTqt.exe
  2⤵
  PID:2984
- C:\Windows\System\KABYPbz.exe
  C:\Windows\System\KABYPbz.exe
  2⤵
  PID:320
- C:\Windows\System\HanNxIk.exe
  C:\Windows\System\HanNxIk.exe
  2⤵
  PID:840
- C:\Windows\System\evjKdxO.exe
  C:\Windows\System\evjKdxO.exe
  2⤵
  PID:3284
- C:\Windows\System\iMoTwXc.exe
  C:\Windows\System\iMoTwXc.exe
  2⤵
  PID:432
- C:\Windows\System\thwIxNN.exe
  C:\Windows\System\thwIxNN.exe
  2⤵
  PID:1840
- C:\Windows\System\gMYtxiR.exe
  C:\Windows\System\gMYtxiR.exe
  2⤵
  PID:1328
- C:\Windows\System\BnDbwxv.exe
  C:\Windows\System\BnDbwxv.exe
  2⤵
  PID:612
- C:\Windows\System\kwKXVSE.exe
  C:\Windows\System\kwKXVSE.exe
  2⤵
  PID:3536
- C:\Windows\System\CPrAbBg.exe
  C:\Windows\System\CPrAbBg.exe
  2⤵
  PID:3592
- C:\Windows\System\RQEWYUf.exe
  C:\Windows\System\RQEWYUf.exe
  2⤵
  PID:3756
- C:\Windows\System\SxYcAHF.exe
  C:\Windows\System\SxYcAHF.exe
  2⤵
  PID:3880
- C:\Windows\System\EsEnJnl.exe
  C:\Windows\System\EsEnJnl.exe
  2⤵
  PID:2356
- C:\Windows\System\FBAYQNr.exe
  C:\Windows\System\FBAYQNr.exe
  2⤵
  PID:2840
- C:\Windows\System\wzUYeye.exe
  C:\Windows\System\wzUYeye.exe
  2⤵
  PID:700
- C:\Windows\System\xiKnfjo.exe
  C:\Windows\System\xiKnfjo.exe
  2⤵
  PID:3424
- C:\Windows\System\iiMYZve.exe
  C:\Windows\System\iiMYZve.exe
  2⤵
  PID:2972
- C:\Windows\System\SXjhItw.exe
  C:\Windows\System\SXjhItw.exe
  2⤵
  PID:3008
- C:\Windows\System\FyhQHgi.exe
  C:\Windows\System\FyhQHgi.exe
  2⤵
  PID:2460
- C:\Windows\System\XlxrMvB.exe
  C:\Windows\System\XlxrMvB.exe
  2⤵
  PID:2344
- C:\Windows\System\wnombqZ.exe
  C:\Windows\System\wnombqZ.exe
  2⤵
  PID:2132
- C:\Windows\System\mHnfHJP.exe
  C:\Windows\System\mHnfHJP.exe
  2⤵
  PID:2412
- C:\Windows\System\QLgTiit.exe
  C:\Windows\System\QLgTiit.exe
  2⤵
  PID:3708
- C:\Windows\System\xhsYNnR.exe
  C:\Windows\System\xhsYNnR.exe
  2⤵
  PID:3512
- C:\Windows\System\TgAfsHC.exe
  C:\Windows\System\TgAfsHC.exe
  2⤵
  PID:2116
- C:\Windows\System\xyPzEfa.exe
  C:\Windows\System\xyPzEfa.exe
  2⤵
  PID:3896
- C:\Windows\System\pvKjqRR.exe
  C:\Windows\System\pvKjqRR.exe
  2⤵
  PID:4036
- C:\Windows\System\wYYmXyP.exe
  C:\Windows\System\wYYmXyP.exe
  2⤵
  PID:3328
- C:\Windows\System\iLtxfWY.exe
  C:\Windows\System\iLtxfWY.exe
  2⤵
  PID:3716
- C:\Windows\System\HwysnxE.exe
  C:\Windows\System\HwysnxE.exe
  2⤵
  PID:4112
- C:\Windows\System\MbnBkvJ.exe
  C:\Windows\System\MbnBkvJ.exe
  2⤵
  PID:4144
- C:\Windows\System\VuxRWJN.exe
  C:\Windows\System\VuxRWJN.exe
  2⤵
  PID:4160
- C:\Windows\System\iEfcheo.exe
  C:\Windows\System\iEfcheo.exe
  2⤵
  PID:4176
- C:\Windows\System\zsDUidb.exe
  C:\Windows\System\zsDUidb.exe
  2⤵
  PID:4196
- C:\Windows\System\MzhLdrI.exe
  C:\Windows\System\MzhLdrI.exe
  2⤵
  PID:4216
- C:\Windows\System\oYxNSAG.exe
  C:\Windows\System\oYxNSAG.exe
  2⤵
  PID:4240
- C:\Windows\System\oXfZFom.exe
  C:\Windows\System\oXfZFom.exe
  2⤵
  PID:4264
- C:\Windows\System\sualGyr.exe
  C:\Windows\System\sualGyr.exe
  2⤵
  PID:4280
- C:\Windows\System\eVNhoxU.exe
  C:\Windows\System\eVNhoxU.exe
  2⤵
  PID:4296
- C:\Windows\System\hqqTuvQ.exe
  C:\Windows\System\hqqTuvQ.exe
  2⤵
  PID:4312
- C:\Windows\System\BPWsItb.exe
  C:\Windows\System\BPWsItb.exe
  2⤵
  PID:4336
- C:\Windows\System\USuBxIw.exe
  C:\Windows\System\USuBxIw.exe
  2⤵
  PID:4352
- C:\Windows\System\GGYULRh.exe
  C:\Windows\System\GGYULRh.exe
  2⤵
  PID:4380
- C:\Windows\System\CbHwSKw.exe
  C:\Windows\System\CbHwSKw.exe
  2⤵
  PID:4400
- C:\Windows\System\yIqCIIU.exe
  C:\Windows\System\yIqCIIU.exe
  2⤵
  PID:4416
- C:\Windows\System\WeBVqjA.exe
  C:\Windows\System\WeBVqjA.exe
  2⤵
  PID:4432
- C:\Windows\System\UBPzYMl.exe
  C:\Windows\System\UBPzYMl.exe
  2⤵
  PID:4456
- C:\Windows\System\ARJirqP.exe
  C:\Windows\System\ARJirqP.exe
  2⤵
  PID:4488
- C:\Windows\System\FHxkupb.exe
  C:\Windows\System\FHxkupb.exe
  2⤵
  PID:4508
- C:\Windows\System\RVCBsWR.exe
  C:\Windows\System\RVCBsWR.exe
  2⤵
  PID:4524
- C:\Windows\System\TlZILbV.exe
  C:\Windows\System\TlZILbV.exe
  2⤵
  PID:4544
- C:\Windows\System\jAULObf.exe
  C:\Windows\System\jAULObf.exe
  2⤵
  PID:4564
- C:\Windows\System\uEXJsEf.exe
  C:\Windows\System\uEXJsEf.exe
  2⤵
  PID:4584
- C:\Windows\System\RzFoubW.exe
  C:\Windows\System\RzFoubW.exe
  2⤵
  PID:4608
- C:\Windows\System\vTIkhSh.exe
  C:\Windows\System\vTIkhSh.exe
  2⤵
  PID:4624
- C:\Windows\System\oBnGCBc.exe
  C:\Windows\System\oBnGCBc.exe
  2⤵
  PID:4648
- C:\Windows\System\SGKMhXl.exe
  C:\Windows\System\SGKMhXl.exe
  2⤵
  PID:4664
- C:\Windows\System\qxkTkaR.exe
  C:\Windows\System\qxkTkaR.exe
  2⤵
  PID:4680
- C:\Windows\System\yeptKtz.exe
  C:\Windows\System\yeptKtz.exe
  2⤵
  PID:4704
- C:\Windows\System\raYNKIY.exe
  C:\Windows\System\raYNKIY.exe
  2⤵
  PID:4720
- C:\Windows\System\HPBvxxO.exe
  C:\Windows\System\HPBvxxO.exe
  2⤵
  PID:4736
- C:\Windows\System\jaTlDPu.exe
  C:\Windows\System\jaTlDPu.exe
  2⤵
  PID:4756
- C:\Windows\System\DLbpDHv.exe
  C:\Windows\System\DLbpDHv.exe
  2⤵
  PID:4776
- C:\Windows\System\GOXasws.exe
  C:\Windows\System\GOXasws.exe
  2⤵
  PID:4796
- C:\Windows\System\scsTcBH.exe
  C:\Windows\System\scsTcBH.exe
  2⤵
  PID:4828
- C:\Windows\System\KiZrBFV.exe
  C:\Windows\System\KiZrBFV.exe
  2⤵
  PID:4844
- C:\Windows\System\LhQCRQg.exe
  C:\Windows\System\LhQCRQg.exe
  2⤵
  PID:4864
- C:\Windows\System\XSSOjdn.exe
  C:\Windows\System\XSSOjdn.exe
  2⤵
  PID:4880
- C:\Windows\System\yvNQxeg.exe
  C:\Windows\System\yvNQxeg.exe
  2⤵
  PID:4900
- C:\Windows\System\KozjrIK.exe
  C:\Windows\System\KozjrIK.exe
  2⤵
  PID:4916
- C:\Windows\System\CEGcLrl.exe
  C:\Windows\System\CEGcLrl.exe
  2⤵
  PID:4940
- C:\Windows\System\yMIfGhG.exe
  C:\Windows\System\yMIfGhG.exe
  2⤵
  PID:4960
- C:\Windows\System\QPyvxCV.exe
  C:\Windows\System\QPyvxCV.exe
  2⤵
  PID:4984
- C:\Windows\System\qwHXFBs.exe
  C:\Windows\System\qwHXFBs.exe
  2⤵
  PID:5000
- C:\Windows\System\BKuZAVb.exe
  C:\Windows\System\BKuZAVb.exe
  2⤵
  PID:5016
- C:\Windows\System\IDSEHYS.exe
  C:\Windows\System\IDSEHYS.exe
  2⤵
  PID:5032
- C:\Windows\System\LjZpYtm.exe
  C:\Windows\System\LjZpYtm.exe
  2⤵
  PID:5048
- C:\Windows\System\TngKyCv.exe
  C:\Windows\System\TngKyCv.exe
  2⤵
  PID:5068
- C:\Windows\System\qOmaznD.exe
  C:\Windows\System\qOmaznD.exe
  2⤵
  PID:5104
- C:\Windows\System\cAATKqX.exe
  C:\Windows\System\cAATKqX.exe
  2⤵
  PID:2988
- C:\Windows\System\xoxergP.exe
  C:\Windows\System\xoxergP.exe
  2⤵
  PID:4128
- C:\Windows\System\SplKpcG.exe
  C:\Windows\System\SplKpcG.exe
  2⤵
  PID:2948
- C:\Windows\System\ocwxabm.exe
  C:\Windows\System\ocwxabm.exe
  2⤵
  PID:4204
- C:\Windows\System\OzAYKeY.exe
  C:\Windows\System\OzAYKeY.exe
  2⤵
  PID:4184
- C:\Windows\System\mpyspVk.exe
  C:\Windows\System\mpyspVk.exe
  2⤵
  PID:4232
- C:\Windows\System\vFlTLQt.exe
  C:\Windows\System\vFlTLQt.exe
  2⤵
  PID:4260
- C:\Windows\System\ZvyGZSk.exe
  C:\Windows\System\ZvyGZSk.exe
  2⤵
  PID:4308
- C:\Windows\System\yOUaDgq.exe
  C:\Windows\System\yOUaDgq.exe
  2⤵
  PID:4332
- C:\Windows\System\wsDBUTO.exe
  C:\Windows\System\wsDBUTO.exe
  2⤵
  PID:4376
- C:\Windows\System\QqFjrbe.exe
  C:\Windows\System\QqFjrbe.exe
  2⤵
  PID:4448
- C:\Windows\System\JAquZCe.exe
  C:\Windows\System\JAquZCe.exe
  2⤵
  PID:4428
- C:\Windows\System\dFHXXbD.exe
  C:\Windows\System\dFHXXbD.exe
  2⤵
  PID:4468
- C:\Windows\System\KsFnqGD.exe
  C:\Windows\System\KsFnqGD.exe
  2⤵
  PID:4536
- C:\Windows\System\VBwJkpn.exe
  C:\Windows\System\VBwJkpn.exe
  2⤵
  PID:4572
- C:\Windows\System\WifUWZC.exe
  C:\Windows\System\WifUWZC.exe
  2⤵
  PID:4576
- C:\Windows\System\uZbnnmb.exe
  C:\Windows\System\uZbnnmb.exe
  2⤵
  PID:4600
- C:\Windows\System\durydPG.exe
  C:\Windows\System\durydPG.exe
  2⤵
  PID:4656
- C:\Windows\System\JBRwnXU.exe
  C:\Windows\System\JBRwnXU.exe
  2⤵
  PID:4672
- C:\Windows\System\URYdHbK.exe
  C:\Windows\System\URYdHbK.exe
  2⤵
  PID:4732
- C:\Windows\System\maSnjUZ.exe
  C:\Windows\System\maSnjUZ.exe
  2⤵
  PID:4788
- C:\Windows\System\APkFzxq.exe
  C:\Windows\System\APkFzxq.exe
  2⤵
  PID:3676
- C:\Windows\System\MdInQDI.exe
  C:\Windows\System\MdInQDI.exe
  2⤵
  PID:4804
- C:\Windows\System\UiqjbMU.exe
  C:\Windows\System\UiqjbMU.exe
  2⤵
  PID:4820
- C:\Windows\System\uloMdHJ.exe
  C:\Windows\System\uloMdHJ.exe
  2⤵
  PID:4892
- C:\Windows\System\qZaNCoX.exe
  C:\Windows\System\qZaNCoX.exe
  2⤵
  PID:4932
- C:\Windows\System\YsDALid.exe
  C:\Windows\System\YsDALid.exe
  2⤵
  PID:4876
- C:\Windows\System\sVNtHIm.exe
  C:\Windows\System\sVNtHIm.exe
  2⤵
  PID:5008
- C:\Windows\System\QuZAxti.exe
  C:\Windows\System\QuZAxti.exe
  2⤵
  PID:5040
- C:\Windows\System\KKAVhOH.exe
  C:\Windows\System\KKAVhOH.exe
  2⤵
  PID:5092
- C:\Windows\System\FvuXKIG.exe
  C:\Windows\System\FvuXKIG.exe
  2⤵
  PID:904
- C:\Windows\System\zOuuzis.exe
  C:\Windows\System\zOuuzis.exe
  2⤵
  PID:4100
- C:\Windows\System\hjydKLh.exe
  C:\Windows\System\hjydKLh.exe
  2⤵
  PID:4124
- C:\Windows\System\OaFhzck.exe
  C:\Windows\System\OaFhzck.exe
  2⤵
  PID:4108
- C:\Windows\System\GqtojGj.exe
  C:\Windows\System\GqtojGj.exe
  2⤵
  PID:4236
- C:\Windows\System\GRuybiY.exe
  C:\Windows\System\GRuybiY.exe
  2⤵
  PID:4272
- C:\Windows\System\HRZlrCx.exe
  C:\Windows\System\HRZlrCx.exe
  2⤵
  PID:4368
- C:\Windows\System\wUlvrmr.exe
  C:\Windows\System\wUlvrmr.exe
  2⤵
  PID:4472
- C:\Windows\System\FZKqaPF.exe
  C:\Windows\System\FZKqaPF.exe
  2⤵
  PID:4452
- C:\Windows\System\brzzQRg.exe
  C:\Windows\System\brzzQRg.exe
  2⤵
  PID:4504
- C:\Windows\System\KFYFdhQ.exe
  C:\Windows\System\KFYFdhQ.exe
  2⤵
  PID:4560
- C:\Windows\System\rweiWTD.exe
  C:\Windows\System\rweiWTD.exe
  2⤵
  PID:4636
- C:\Windows\System\AHOTHse.exe
  C:\Windows\System\AHOTHse.exe
  2⤵
  PID:4520
- C:\Windows\System\NjfjEjw.exe
  C:\Windows\System\NjfjEjw.exe
  2⤵
  PID:4808
- C:\Windows\System\IhvGfMF.exe
  C:\Windows\System\IhvGfMF.exe
  2⤵
  PID:4692
- C:\Windows\System\lDUmzOc.exe
  C:\Windows\System\lDUmzOc.exe
  2⤵
  PID:4908
- C:\Windows\System\lZVXJeE.exe
  C:\Windows\System\lZVXJeE.exe
  2⤵
  PID:4980
- C:\Windows\System\xGRKZaj.exe
  C:\Windows\System\xGRKZaj.exe
  2⤵
  PID:4852
- C:\Windows\System\tyJUHSp.exe
  C:\Windows\System\tyJUHSp.exe
  2⤵
  PID:5044
- C:\Windows\System\tGTlsLV.exe
  C:\Windows\System\tGTlsLV.exe
  2⤵
  PID:5064
- C:\Windows\System\pegVpcp.exe
  C:\Windows\System\pegVpcp.exe
  2⤵
  PID:4476
- C:\Windows\System\YlMlxHg.exe
  C:\Windows\System\YlMlxHg.exe
  2⤵
  PID:4212
- C:\Windows\System\bMdvult.exe
  C:\Windows\System\bMdvult.exe
  2⤵
  PID:4140
- C:\Windows\System\xcttHSJ.exe
  C:\Windows\System\xcttHSJ.exe
  2⤵
  PID:4364
- C:\Windows\System\krpQAas.exe
  C:\Windows\System\krpQAas.exe
  2⤵
  PID:4604
- C:\Windows\System\Iujdzsa.exe
  C:\Windows\System\Iujdzsa.exe
  2⤵
  PID:4744
- C:\Windows\System\TySqTAa.exe
  C:\Windows\System\TySqTAa.exe
  2⤵
  PID:4444
- C:\Windows\System\JzfRrAf.exe
  C:\Windows\System\JzfRrAf.exe
  2⤵
  PID:4556
- C:\Windows\System\JEYakxX.exe
  C:\Windows\System\JEYakxX.exe
  2⤵
  PID:4888
- C:\Windows\System\qRpBUhY.exe
  C:\Windows\System\qRpBUhY.exe
  2⤵
  PID:5100
- C:\Windows\System\igEgHSE.exe
  C:\Windows\System\igEgHSE.exe
  2⤵
  PID:5080
- C:\Windows\System\UUNaMHE.exe
  C:\Windows\System\UUNaMHE.exe
  2⤵
  PID:5112
- C:\Windows\System\vuKtAeW.exe
  C:\Windows\System\vuKtAeW.exe
  2⤵
  PID:4276
- C:\Windows\System\GmQvYpO.exe
  C:\Windows\System\GmQvYpO.exe
  2⤵
  PID:4392
- C:\Windows\System\IPwZpIN.exe
  C:\Windows\System\IPwZpIN.exe
  2⤵
  PID:4188
- C:\Windows\System\VbtmcUE.exe
  C:\Windows\System\VbtmcUE.exe
  2⤵
  PID:4792
- C:\Windows\System\dKayTjj.exe
  C:\Windows\System\dKayTjj.exe
  2⤵
  PID:4728
- C:\Windows\System\EKiHUAq.exe
  C:\Windows\System\EKiHUAq.exe
  2⤵
  PID:5028
- C:\Windows\System\jvrwRFh.exe
  C:\Windows\System\jvrwRFh.exe
  2⤵
  PID:4396
- C:\Windows\System\kmHGhtp.exe
  C:\Windows\System\kmHGhtp.exe
  2⤵
  PID:4552
- C:\Windows\System\CXRATSM.exe
  C:\Windows\System\CXRATSM.exe
  2⤵
  PID:4872
- C:\Windows\System\hBNJOgV.exe
  C:\Windows\System\hBNJOgV.exe
  2⤵
  PID:4748
- C:\Windows\System\dcCaMTo.exe
  C:\Windows\System\dcCaMTo.exe
  2⤵
  PID:4344
- C:\Windows\System\PbQsuSW.exe
  C:\Windows\System\PbQsuSW.exe
  2⤵
  PID:4924
- C:\Windows\System\ednLEAA.exe
  C:\Windows\System\ednLEAA.exe
  2⤵
  PID:1900
- C:\Windows\System\zzESfBc.exe
  C:\Windows\System\zzESfBc.exe
  2⤵
  PID:4360
- C:\Windows\System\OqGjFtt.exe
  C:\Windows\System\OqGjFtt.exe
  2⤵
  PID:5124
- C:\Windows\System\lQepSoz.exe
  C:\Windows\System\lQepSoz.exe
  2⤵
  PID:5144
- C:\Windows\System\vyXAgsH.exe
  C:\Windows\System\vyXAgsH.exe
  2⤵
  PID:5164
- C:\Windows\System\azTvKwt.exe
  C:\Windows\System\azTvKwt.exe
  2⤵
  PID:5184
- C:\Windows\System\MBgfGhQ.exe
  C:\Windows\System\MBgfGhQ.exe
  2⤵
  PID:5204
- C:\Windows\System\ZUBzViM.exe
  C:\Windows\System\ZUBzViM.exe
  2⤵
  PID:5228
- C:\Windows\System\eIHVumX.exe
  C:\Windows\System\eIHVumX.exe
  2⤵
  PID:5244
- C:\Windows\System\WfZgotF.exe
  C:\Windows\System\WfZgotF.exe
  2⤵
  PID:5264
- C:\Windows\System\QvPlcEX.exe
  C:\Windows\System\QvPlcEX.exe
  2⤵
  PID:5280
- C:\Windows\System\mCVmSHI.exe
  C:\Windows\System\mCVmSHI.exe
  2⤵
  PID:5304
- C:\Windows\System\lNBiBGa.exe
  C:\Windows\System\lNBiBGa.exe
  2⤵
  PID:5320
- C:\Windows\System\FNEcjTS.exe
  C:\Windows\System\FNEcjTS.exe
  2⤵
  PID:5352
- C:\Windows\System\cBnTwNv.exe
  C:\Windows\System\cBnTwNv.exe
  2⤵
  PID:5368
- C:\Windows\System\HHREqur.exe
  C:\Windows\System\HHREqur.exe
  2⤵
  PID:5384
- C:\Windows\System\ThUKnBh.exe
  C:\Windows\System\ThUKnBh.exe
  2⤵
  PID:5400
- C:\Windows\System\corcqBD.exe
  C:\Windows\System\corcqBD.exe
  2⤵
  PID:5420
- C:\Windows\System\WkPAtJV.exe
  C:\Windows\System\WkPAtJV.exe
  2⤵
  PID:5436
- C:\Windows\System\GubowQs.exe
  C:\Windows\System\GubowQs.exe
  2⤵
  PID:5468
- C:\Windows\System\xhBXlIf.exe
  C:\Windows\System\xhBXlIf.exe
  2⤵
  PID:5484
- C:\Windows\System\tOqRnEi.exe
  C:\Windows\System\tOqRnEi.exe
  2⤵
  PID:5512
- C:\Windows\System\HatKYKb.exe
  C:\Windows\System\HatKYKb.exe
  2⤵
  PID:5528
- C:\Windows\System\hxckMlW.exe
  C:\Windows\System\hxckMlW.exe
  2⤵
  PID:5544
- C:\Windows\System\HiNeglC.exe
  C:\Windows\System\HiNeglC.exe
  2⤵
  PID:5568
- C:\Windows\System\jighPqm.exe
  C:\Windows\System\jighPqm.exe
  2⤵
  PID:5592
- C:\Windows\System\LAevhFd.exe
  C:\Windows\System\LAevhFd.exe
  2⤵
  PID:5612
- C:\Windows\System\uuSpnwJ.exe
  C:\Windows\System\uuSpnwJ.exe
  2⤵
  PID:5628
- C:\Windows\System\mQuWKuT.exe
  C:\Windows\System\mQuWKuT.exe
  2⤵
  PID:5648
- C:\Windows\System\DvBFZQS.exe
  C:\Windows\System\DvBFZQS.exe
  2⤵
  PID:5664
- C:\Windows\System\FJfdDTH.exe
  C:\Windows\System\FJfdDTH.exe
  2⤵
  PID:5688
- C:\Windows\System\qiwWiJp.exe
  C:\Windows\System\qiwWiJp.exe
  2⤵
  PID:5708
- C:\Windows\System\GzQykap.exe
  C:\Windows\System\GzQykap.exe
  2⤵
  PID:5728
- C:\Windows\System\tOYnKMm.exe
  C:\Windows\System\tOYnKMm.exe
  2⤵
  PID:5744
- C:\Windows\System\snmrxsR.exe
  C:\Windows\System\snmrxsR.exe
  2⤵
  PID:5768
- C:\Windows\System\mzmWufo.exe
  C:\Windows\System\mzmWufo.exe
  2⤵
  PID:5788
- C:\Windows\System\IhSnLkh.exe
  C:\Windows\System\IhSnLkh.exe
  2⤵
  PID:5808
- C:\Windows\System\LKPrPpV.exe
  C:\Windows\System\LKPrPpV.exe
  2⤵
  PID:5828
- C:\Windows\System\myQOqzP.exe
  C:\Windows\System\myQOqzP.exe
  2⤵
  PID:5848
- C:\Windows\System\wAhsAkz.exe
  C:\Windows\System\wAhsAkz.exe
  2⤵
  PID:5872
- C:\Windows\System\PAMTijj.exe
  C:\Windows\System\PAMTijj.exe
  2⤵
  PID:5892
- C:\Windows\System\eimqsNw.exe
  C:\Windows\System\eimqsNw.exe
  2⤵
  PID:5916
- C:\Windows\System\OowyaeC.exe
  C:\Windows\System\OowyaeC.exe
  2⤵
  PID:5932
- C:\Windows\System\jgWVmqk.exe
  C:\Windows\System\jgWVmqk.exe
  2⤵
  PID:5956
- C:\Windows\System\jjNCFua.exe
  C:\Windows\System\jjNCFua.exe
  2⤵
  PID:5972
- C:\Windows\System\YbJnjBx.exe
  C:\Windows\System\YbJnjBx.exe
  2⤵
  PID:5996
- C:\Windows\System\RgDhDdJ.exe
  C:\Windows\System\RgDhDdJ.exe
  2⤵
  PID:6012
- C:\Windows\System\vvfpNxl.exe
  C:\Windows\System\vvfpNxl.exe
  2⤵
  PID:6036
- C:\Windows\System\YWFBIav.exe
  C:\Windows\System\YWFBIav.exe
  2⤵
  PID:6052
- C:\Windows\System\hRfXaLF.exe
  C:\Windows\System\hRfXaLF.exe
  2⤵
  PID:6068
- C:\Windows\System\XHqMwQd.exe
  C:\Windows\System\XHqMwQd.exe
  2⤵
  PID:6084
- C:\Windows\System\pshbphM.exe
  C:\Windows\System\pshbphM.exe
  2⤵
  PID:6100
- C:\Windows\System\fCfuldm.exe
  C:\Windows\System\fCfuldm.exe
  2⤵
  PID:6116
- C:\Windows\System\KyOTLnn.exe
  C:\Windows\System\KyOTLnn.exe
  2⤵
  PID:6132
- C:\Windows\System\kmyMXkj.exe
  C:\Windows\System\kmyMXkj.exe
  2⤵
  PID:5136
- C:\Windows\System\erHDciV.exe
  C:\Windows\System\erHDciV.exe
  2⤵
  PID:5180
- C:\Windows\System\XdMfuMa.exe
  C:\Windows\System\XdMfuMa.exe
  2⤵
  PID:5220
- C:\Windows\System\dhtPwAi.exe
  C:\Windows\System\dhtPwAi.exe
  2⤵
  PID:4328
- C:\Windows\System\ImiLaeN.exe
  C:\Windows\System\ImiLaeN.exe
  2⤵
  PID:5160
- C:\Windows\System\ZRJvBqs.exe
  C:\Windows\System\ZRJvBqs.exe
  2⤵
  PID:5252
- C:\Windows\System\RiHPqeH.exe
  C:\Windows\System\RiHPqeH.exe
  2⤵
  PID:5292
- C:\Windows\System\xBwjfmo.exe
  C:\Windows\System\xBwjfmo.exe
  2⤵
  PID:5272
- C:\Windows\System\cjCbnhm.exe
  C:\Windows\System\cjCbnhm.exe
  2⤵
  PID:5236
- C:\Windows\System\WQzBYYq.exe
  C:\Windows\System\WQzBYYq.exe
  2⤵
  PID:5344
- C:\Windows\System\bzdyhJA.exe
  C:\Windows\System\bzdyhJA.exe
  2⤵
  PID:5380
- C:\Windows\System\ZtklJfK.exe
  C:\Windows\System\ZtklJfK.exe
  2⤵
  PID:5444
- C:\Windows\System\dANkHTl.exe
  C:\Windows\System\dANkHTl.exe
  2⤵
  PID:5432
- C:\Windows\System\kHGKUpT.exe
  C:\Windows\System\kHGKUpT.exe
  2⤵
  PID:5480
- C:\Windows\System\PYZwCFy.exe
  C:\Windows\System\PYZwCFy.exe
  2⤵
  PID:5540
- C:\Windows\System\xLnJrgf.exe
  C:\Windows\System\xLnJrgf.exe
  2⤵
  PID:5624
- C:\Windows\System\LBGBBny.exe
  C:\Windows\System\LBGBBny.exe
  2⤵
  PID:5672
- C:\Windows\System\eKRwscb.exe
  C:\Windows\System\eKRwscb.exe
  2⤵
  PID:5716
- C:\Windows\System\Guldpyx.exe
  C:\Windows\System\Guldpyx.exe
  2⤵
  PID:5780
- C:\Windows\System\YCoOhSf.exe
  C:\Windows\System\YCoOhSf.exe
  2⤵
  PID:5756
- C:\Windows\System\BKQfDhv.exe
  C:\Windows\System\BKQfDhv.exe
  2⤵
  PID:5856
- C:\Windows\System\cbJiyKl.exe
  C:\Windows\System\cbJiyKl.exe
  2⤵
  PID:5880
- C:\Windows\System\iJgcJcA.exe
  C:\Windows\System\iJgcJcA.exe
  2⤵
  PID:5912
- C:\Windows\System\xTWBnXz.exe
  C:\Windows\System\xTWBnXz.exe
  2⤵
  PID:5940
- C:\Windows\System\TCVgFhZ.exe
  C:\Windows\System\TCVgFhZ.exe
  2⤵
  PID:5948
- C:\Windows\System\SNJAxmn.exe
  C:\Windows\System\SNJAxmn.exe
  2⤵
  PID:5992
- C:\Windows\System\dsdJQoH.exe
  C:\Windows\System\dsdJQoH.exe
  2⤵
  PID:6024
- C:\Windows\System\ZcoRwtY.exe
  C:\Windows\System\ZcoRwtY.exe
  2⤵
  PID:6060
- C:\Windows\System\WIdnPGv.exe
  C:\Windows\System\WIdnPGv.exe
  2⤵
  PID:6044
- C:\Windows\System\EOJnQfA.exe
  C:\Windows\System\EOJnQfA.exe
  2⤵
  PID:6140
- C:\Windows\System\aXHFwuN.exe
  C:\Windows\System\aXHFwuN.exe
  2⤵
  PID:4596
- C:\Windows\System\WZKvwLL.exe
  C:\Windows\System\WZKvwLL.exe
  2⤵
  PID:5152
- C:\Windows\System\DKuMtbS.exe
  C:\Windows\System\DKuMtbS.exe
  2⤵
  PID:5328
- C:\Windows\System\YltsrsT.exe
  C:\Windows\System\YltsrsT.exe
  2⤵
  PID:5332
- C:\Windows\System\ewVUiaY.exe
  C:\Windows\System\ewVUiaY.exe
  2⤵
  PID:5752
- C:\Windows\System\sPpWtyY.exe
  C:\Windows\System\sPpWtyY.exe
  2⤵
  PID:5496
- C:\Windows\System\dGMxsSr.exe
  C:\Windows\System\dGMxsSr.exe
  2⤵
  PID:5524
- C:\Windows\System\mvUGUvp.exe
  C:\Windows\System\mvUGUvp.exe
  2⤵
  PID:5564
- C:\Windows\System\cznohkK.exe
  C:\Windows\System\cznohkK.exe
  2⤵
  PID:5560
- C:\Windows\System\aIQTskK.exe
  C:\Windows\System\aIQTskK.exe
  2⤵
  PID:5660
- C:\Windows\System\SdwvJJv.exe
  C:\Windows\System\SdwvJJv.exe
  2⤵
  PID:5636
- C:\Windows\System\aZVwlyr.exe
  C:\Windows\System\aZVwlyr.exe
  2⤵
  PID:5704
- C:\Windows\System\DOiOWCa.exe
  C:\Windows\System\DOiOWCa.exe
  2⤵
  PID:5724
- C:\Windows\System\KhYEHQE.exe
  C:\Windows\System\KhYEHQE.exe
  2⤵
  PID:5868
- C:\Windows\System\PTJbvce.exe
  C:\Windows\System\PTJbvce.exe
  2⤵
  PID:5904
- C:\Windows\System\mVdoiSe.exe
  C:\Windows\System\mVdoiSe.exe
  2⤵
  PID:5988
- C:\Windows\System\NNVkvJP.exe
  C:\Windows\System\NNVkvJP.exe
  2⤵
  PID:6076
- C:\Windows\System\EGVDKNm.exe
  C:\Windows\System\EGVDKNm.exe
  2⤵
  PID:6032
- C:\Windows\System\EyaLQOc.exe
  C:\Windows\System\EyaLQOc.exe
  2⤵
  PID:6004
- C:\Windows\System\wHYASDa.exe
  C:\Windows\System\wHYASDa.exe
  2⤵
  PID:4500
- C:\Windows\System\BKsRETU.exe
  C:\Windows\System\BKsRETU.exe
  2⤵
  PID:5340
- C:\Windows\System\JoSgDNM.exe
  C:\Windows\System\JoSgDNM.exe
  2⤵
  PID:5240
- C:\Windows\System\IqPanDR.exe
  C:\Windows\System\IqPanDR.exe
  2⤵
  PID:5428
- C:\Windows\System\lSLJvHK.exe
  C:\Windows\System\lSLJvHK.exe
  2⤵
  PID:5536
- C:\Windows\System\vLyCYKg.exe
  C:\Windows\System\vLyCYKg.exe
  2⤵
  PID:5588
- C:\Windows\System\EPrsosD.exe
  C:\Windows\System\EPrsosD.exe
  2⤵
  PID:5644
- C:\Windows\System\tPFXWNZ.exe
  C:\Windows\System\tPFXWNZ.exe
  2⤵
  PID:5684
- C:\Windows\System\CAReeVz.exe
  C:\Windows\System\CAReeVz.exe
  2⤵
  PID:5776
- C:\Windows\System\dXaTRfe.exe
  C:\Windows\System\dXaTRfe.exe
  2⤵
  PID:5968
- C:\Windows\System\otuesdq.exe
  C:\Windows\System\otuesdq.exe
  2⤵
  PID:1064
- C:\Windows\System\nlMzWrM.exe
  C:\Windows\System\nlMzWrM.exe
  2⤵
  PID:5196
- C:\Windows\System\lLGIwdD.exe
  C:\Windows\System\lLGIwdD.exe
  2⤵
  PID:2504
- C:\Windows\System\pSBwtWZ.exe
  C:\Windows\System\pSBwtWZ.exe
  2⤵
  PID:5452
- C:\Windows\System\BgUIbSy.exe
  C:\Windows\System\BgUIbSy.exe
  2⤵
  PID:5584
- C:\Windows\System\SmWtDPC.exe
  C:\Windows\System\SmWtDPC.exe
  2⤵
  PID:5800
- C:\Windows\System\UvGrfnL.exe
  C:\Windows\System\UvGrfnL.exe
  2⤵
  PID:6096
- C:\Windows\System\AfOCitG.exe
  C:\Windows\System\AfOCitG.exe
  2⤵
  PID:5604
- C:\Windows\System\MxTpUzX.exe
  C:\Windows\System\MxTpUzX.exe
  2⤵
  PID:6048
- C:\Windows\System\QzODgWq.exe
  C:\Windows\System\QzODgWq.exe
  2⤵
  PID:5224
- C:\Windows\System\NsfYzLh.exe
  C:\Windows\System\NsfYzLh.exe
  2⤵
  PID:5392
- C:\Windows\System\GykvlJK.exe
  C:\Windows\System\GykvlJK.exe
  2⤵
  PID:5412
- C:\Windows\System\nkKxygp.exe
  C:\Windows\System\nkKxygp.exe
  2⤵
  PID:6108
- C:\Windows\System\hKkmqKk.exe
  C:\Windows\System\hKkmqKk.exe
  2⤵
  PID:5760
- C:\Windows\System\GFJjNYa.exe
  C:\Windows\System\GFJjNYa.exe
  2⤵
  PID:1728
- C:\Windows\System\ckPdUin.exe
  C:\Windows\System\ckPdUin.exe
  2⤵
  PID:5804
- C:\Windows\System\pdKBFsk.exe
  C:\Windows\System\pdKBFsk.exe
  2⤵
  PID:5316
- C:\Windows\System\sSYMyCH.exe
  C:\Windows\System\sSYMyCH.exe
  2⤵
  PID:2476
- C:\Windows\System\mQHqvIQ.exe
  C:\Windows\System\mQHqvIQ.exe
  2⤵
  PID:5700
- C:\Windows\System\UnxCQZK.exe
  C:\Windows\System\UnxCQZK.exe
  2⤵
  PID:6148
- C:\Windows\System\guTcdoD.exe
  C:\Windows\System\guTcdoD.exe
  2⤵
  PID:6172
- C:\Windows\System\jajUewD.exe
  C:\Windows\System\jajUewD.exe
  2⤵
  PID:6188
- C:\Windows\System\syUQqRF.exe
  C:\Windows\System\syUQqRF.exe
  2⤵
  PID:6204
- C:\Windows\System\RbDxxOc.exe
  C:\Windows\System\RbDxxOc.exe
  2⤵
  PID:6220
- C:\Windows\System\gulZdpl.exe
  C:\Windows\System\gulZdpl.exe
  2⤵
  PID:6240
- C:\Windows\System\sAmkHTp.exe
  C:\Windows\System\sAmkHTp.exe
  2⤵
  PID:6272
- C:\Windows\System\FLCSDVE.exe
  C:\Windows\System\FLCSDVE.exe
  2⤵
  PID:6292
- C:\Windows\System\VORmgoq.exe
  C:\Windows\System\VORmgoq.exe
  2⤵
  PID:6308
- C:\Windows\System\QQgWJYu.exe
  C:\Windows\System\QQgWJYu.exe
  2⤵
  PID:6324
- C:\Windows\System\LLpuyNT.exe
  C:\Windows\System\LLpuyNT.exe
  2⤵
  PID:6348
- C:\Windows\System\ZkMiwtn.exe
  C:\Windows\System\ZkMiwtn.exe
  2⤵
  PID:6376
- C:\Windows\System\qOeHpgG.exe
  C:\Windows\System\qOeHpgG.exe
  2⤵
  PID:6392
- C:\Windows\System\LxmPyjJ.exe
  C:\Windows\System\LxmPyjJ.exe
  2⤵
  PID:6416
- C:\Windows\System\VXjOanT.exe
  C:\Windows\System\VXjOanT.exe
  2⤵
  PID:6432
- C:\Windows\System\xMMilzG.exe
  C:\Windows\System\xMMilzG.exe
  2⤵
  PID:6448
- C:\Windows\System\EFeEViH.exe
  C:\Windows\System\EFeEViH.exe
  2⤵
  PID:6468
- C:\Windows\System\WrmhaCZ.exe
  C:\Windows\System\WrmhaCZ.exe
  2⤵
  PID:6488
- C:\Windows\System\zqhztAo.exe
  C:\Windows\System\zqhztAo.exe
  2⤵
  PID:6516
- C:\Windows\System\hdQWyLU.exe
  C:\Windows\System\hdQWyLU.exe
  2⤵
  PID:6532
- C:\Windows\System\lWtGEzI.exe
  C:\Windows\System\lWtGEzI.exe
  2⤵
  PID:6552
- C:\Windows\System\PpAACMC.exe
  C:\Windows\System\PpAACMC.exe
  2⤵
  PID:6572
- C:\Windows\System\vzNaUnA.exe
  C:\Windows\System\vzNaUnA.exe
  2⤵
  PID:6588
- C:\Windows\System\yTuuHyL.exe
  C:\Windows\System\yTuuHyL.exe
  2⤵
  PID:6604
- C:\Windows\System\bneHOAB.exe
  C:\Windows\System\bneHOAB.exe
  2⤵
  PID:6624
- C:\Windows\System\UtfRXRR.exe
  C:\Windows\System\UtfRXRR.exe
  2⤵
  PID:6640
- C:\Windows\System\PfcnhQv.exe
  C:\Windows\System\PfcnhQv.exe
  2⤵
  PID:6660
- C:\Windows\System\bwffrpO.exe
  C:\Windows\System\bwffrpO.exe
  2⤵
  PID:6676
- C:\Windows\System\vMocyOS.exe
  C:\Windows\System\vMocyOS.exe
  2⤵
  PID:6696
- C:\Windows\System\RptbHmX.exe
  C:\Windows\System\RptbHmX.exe
  2⤵
  PID:6716
- C:\Windows\System\RyADIyt.exe
  C:\Windows\System\RyADIyt.exe
  2⤵
  PID:6752
- C:\Windows\System\OVIjvMr.exe
  C:\Windows\System\OVIjvMr.exe
  2⤵
  PID:6776
- C:\Windows\System\GCSqyYA.exe
  C:\Windows\System\GCSqyYA.exe
  2⤵
  PID:6792
- C:\Windows\System\Qwvzfmt.exe
  C:\Windows\System\Qwvzfmt.exe
  2⤵
  PID:6816
- C:\Windows\System\acGpSQW.exe
  C:\Windows\System\acGpSQW.exe
  2⤵
  PID:6832
- C:\Windows\System\ZrFnLps.exe
  C:\Windows\System\ZrFnLps.exe
  2⤵
  PID:6852
- C:\Windows\System\xNMDbfO.exe
  C:\Windows\System\xNMDbfO.exe
  2⤵
  PID:6868
- C:\Windows\System\heRIQLh.exe
  C:\Windows\System\heRIQLh.exe
  2⤵
  PID:6896
- C:\Windows\System\eYDxuJC.exe
  C:\Windows\System\eYDxuJC.exe
  2⤵
  PID:6912
- C:\Windows\System\BoodFVm.exe
  C:\Windows\System\BoodFVm.exe
  2⤵
  PID:6936
- C:\Windows\System\VFOwPfC.exe
  C:\Windows\System\VFOwPfC.exe
  2⤵
  PID:6952
- C:\Windows\System\KxhknTL.exe
  C:\Windows\System\KxhknTL.exe
  2⤵
  PID:6968
- C:\Windows\System\ZbqOoQB.exe
  C:\Windows\System\ZbqOoQB.exe
  2⤵
  PID:6992
- C:\Windows\System\jChhunO.exe
  C:\Windows\System\jChhunO.exe
  2⤵
  PID:7016
- C:\Windows\System\iukgwCr.exe
  C:\Windows\System\iukgwCr.exe
  2⤵
  PID:7032
- C:\Windows\System\BCIwZcI.exe
  C:\Windows\System\BCIwZcI.exe
  2⤵
  PID:7056
- C:\Windows\System\qtWiKOx.exe
  C:\Windows\System\qtWiKOx.exe
  2⤵
  PID:7076
- C:\Windows\System\EAjAbhw.exe
  C:\Windows\System\EAjAbhw.exe
  2⤵
  PID:7092
- C:\Windows\System\wjtkoKV.exe
  C:\Windows\System\wjtkoKV.exe
  2⤵
  PID:7116
- C:\Windows\System\nlaQEen.exe
  C:\Windows\System\nlaQEen.exe
  2⤵
  PID:7140
- C:\Windows\System\hCwDbhV.exe
  C:\Windows\System\hCwDbhV.exe
  2⤵
  PID:7156
- C:\Windows\System\PcozNHM.exe
  C:\Windows\System\PcozNHM.exe
  2⤵
  PID:6112
- C:\Windows\System\VQEmsOJ.exe
  C:\Windows\System\VQEmsOJ.exe
  2⤵
  PID:5824
- C:\Windows\System\fdnovEf.exe
  C:\Windows\System\fdnovEf.exe
  2⤵
  PID:6228
- C:\Windows\System\cXxWegp.exe
  C:\Windows\System\cXxWegp.exe
  2⤵
  PID:6216
- C:\Windows\System\okhBylY.exe
  C:\Windows\System\okhBylY.exe
  2⤵
  PID:6264
- C:\Windows\System\IOaFquJ.exe
  C:\Windows\System\IOaFquJ.exe
  2⤵
  PID:6288
- C:\Windows\System\hWlnaDF.exe
  C:\Windows\System\hWlnaDF.exe
  2⤵
  PID:6356
- C:\Windows\System\nJIuZZx.exe
  C:\Windows\System\nJIuZZx.exe
  2⤵
  PID:5928
- C:\Windows\System\srkYxee.exe
  C:\Windows\System\srkYxee.exe
  2⤵
  PID:6364
- C:\Windows\System\LTNIIlP.exe
  C:\Windows\System\LTNIIlP.exe
  2⤵
  PID:6408
- C:\Windows\System\SlXiFkn.exe
  C:\Windows\System\SlXiFkn.exe
  2⤵
  PID:6444
- C:\Windows\System\OyLLHOg.exe
  C:\Windows\System\OyLLHOg.exe
  2⤵
  PID:6484
- C:\Windows\System\nELSiPj.exe
  C:\Windows\System\nELSiPj.exe
  2⤵
  PID:6500
- C:\Windows\System\iGfRRYe.exe
  C:\Windows\System\iGfRRYe.exe
  2⤵
  PID:6568
- C:\Windows\System\aQfREFA.exe
  C:\Windows\System\aQfREFA.exe
  2⤵
  PID:6548
- C:\Windows\System\Zrqtbjd.exe
  C:\Windows\System\Zrqtbjd.exe
  2⤵
  PID:6632
- C:\Windows\System\cqERXMA.exe
  C:\Windows\System\cqERXMA.exe
  2⤵
  PID:6708
- C:\Windows\System\rGFoPqK.exe
  C:\Windows\System\rGFoPqK.exe
  2⤵
  PID:6656
- C:\Windows\System\sPdBUXw.exe
  C:\Windows\System\sPdBUXw.exe
  2⤵
  PID:6728
- C:\Windows\System\jdbBYqF.exe
  C:\Windows\System\jdbBYqF.exe
  2⤵
  PID:6748
- C:\Windows\System\dpLxJJM.exe
  C:\Windows\System\dpLxJJM.exe
  2⤵
  PID:6788
- C:\Windows\System\ZjkrqzM.exe
  C:\Windows\System\ZjkrqzM.exe
  2⤵
  PID:6824
- C:\Windows\System\HACPQdX.exe
  C:\Windows\System\HACPQdX.exe
  2⤵
  PID:6876
- C:\Windows\System\QVOmOGh.exe
  C:\Windows\System\QVOmOGh.exe
  2⤵
  PID:6924
- C:\Windows\System\aQVeGib.exe
  C:\Windows\System\aQVeGib.exe
  2⤵
  PID:6864
- C:\Windows\System\GbrUcct.exe
  C:\Windows\System\GbrUcct.exe
  2⤵
  PID:6960
- C:\Windows\System\SmPzmIm.exe
  C:\Windows\System\SmPzmIm.exe
  2⤵
  PID:7004
- C:\Windows\System\MpdVOpd.exe
  C:\Windows\System\MpdVOpd.exe
  2⤵
  PID:7048
- C:\Windows\System\eoHgLXN.exe
  C:\Windows\System\eoHgLXN.exe
  2⤵
  PID:7084
- C:\Windows\System\wxXdeJs.exe
  C:\Windows\System\wxXdeJs.exe
  2⤵
  PID:7100
- C:\Windows\System\GTXnKmV.exe
  C:\Windows\System\GTXnKmV.exe
  2⤵
  PID:7136
- C:\Windows\System\lWvBJTr.exe
  C:\Windows\System\lWvBJTr.exe
  2⤵
  PID:5964
- C:\Windows\System\vedGAQq.exe
  C:\Windows\System\vedGAQq.exe
  2⤵
  PID:6200
- C:\Windows\System\HRdfoZy.exe
  C:\Windows\System\HRdfoZy.exe
  2⤵
  PID:6212
- C:\Windows\System\jUskTIt.exe
  C:\Windows\System\jUskTIt.exe
  2⤵
  PID:6320
- C:\Windows\System\baHGKYL.exe
  C:\Windows\System\baHGKYL.exe
  2⤵
  PID:6440
- C:\Windows\System\JpgfSSE.exe
  C:\Windows\System\JpgfSSE.exe
  2⤵
  PID:6284
- C:\Windows\System\HMcYbbY.exe
  C:\Windows\System\HMcYbbY.exe
  2⤵
  PID:6600
- C:\Windows\System\FMmCjqx.exe
  C:\Windows\System\FMmCjqx.exe
  2⤵
  PID:6404
- C:\Windows\System\VdNgJnP.exe
  C:\Windows\System\VdNgJnP.exe
  2⤵
  PID:6620
- C:\Windows\System\JsQkRXQ.exe
  C:\Windows\System\JsQkRXQ.exe
  2⤵
  PID:6704
- C:\Windows\System\WMCjCLr.exe
  C:\Windows\System\WMCjCLr.exe
  2⤵
  PID:6724
- C:\Windows\System\opQzbCJ.exe
  C:\Windows\System\opQzbCJ.exe
  2⤵
  PID:6652
- C:\Windows\System\GfMqdgn.exe
  C:\Windows\System\GfMqdgn.exe
  2⤵
  PID:6800
- C:\Windows\System\gFmFNAJ.exe
  C:\Windows\System\gFmFNAJ.exe
  2⤵
  PID:6840
- C:\Windows\System\lDpzRmK.exe
  C:\Windows\System\lDpzRmK.exe
  2⤵
  PID:6884
- C:\Windows\System\Atqnlnq.exe
  C:\Windows\System\Atqnlnq.exe
  2⤵
  PID:6932
- C:\Windows\System\SJUtqlU.exe
  C:\Windows\System\SJUtqlU.exe
  2⤵
  PID:6984
- C:\Windows\System\fLRrgmX.exe
  C:\Windows\System\fLRrgmX.exe
  2⤵
  PID:7028
- C:\Windows\System\FMgUnAj.exe
  C:\Windows\System\FMgUnAj.exe
  2⤵
  PID:7108
- C:\Windows\System\WIdhIdR.exe
  C:\Windows\System\WIdhIdR.exe
  2⤵
  PID:7152
- C:\Windows\System\WUaHdcB.exe
  C:\Windows\System\WUaHdcB.exe
  2⤵
  PID:5024
- C:\Windows\System\FvBYvHE.exe
  C:\Windows\System\FvBYvHE.exe
  2⤵
  PID:6184
- C:\Windows\System\fOofoEE.exe
  C:\Windows\System\fOofoEE.exe
  2⤵
  PID:6260
- C:\Windows\System\gObleyx.exe
  C:\Windows\System\gObleyx.exe
  2⤵
  PID:6384
- C:\Windows\System\XLxXahB.exe
  C:\Windows\System\XLxXahB.exe
  2⤵
  PID:6368
- C:\Windows\System\MoTFCTU.exe
  C:\Windows\System\MoTFCTU.exe
  2⤵
  PID:6544
- C:\Windows\System\CANaXsi.exe
  C:\Windows\System\CANaXsi.exe
  2⤵
  PID:6744
- C:\Windows\System\SYIKFTR.exe
  C:\Windows\System\SYIKFTR.exe
  2⤵
  PID:6772
- C:\Windows\System\YEBkSzE.exe
  C:\Windows\System\YEBkSzE.exe
  2⤵
  PID:6812
- C:\Windows\System\PcUEAdf.exe
  C:\Windows\System\PcUEAdf.exe
  2⤵
  PID:6928
- C:\Windows\System\khUqDkJ.exe
  C:\Windows\System\khUqDkJ.exe
  2⤵
  PID:6948
- C:\Windows\System\McMbmKP.exe
  C:\Windows\System\McMbmKP.exe
  2⤵
  PID:7128
- C:\Windows\System\pDdoaNj.exe
  C:\Windows\System\pDdoaNj.exe
  2⤵
  PID:6196
- C:\Windows\System\rhEaLpK.exe
  C:\Windows\System\rhEaLpK.exe
  2⤵
  PID:6164
- C:\Windows\System\gjmNOYm.exe
  C:\Windows\System\gjmNOYm.exe
  2⤵
  PID:6560
- C:\Windows\System\cahlOUA.exe
  C:\Windows\System\cahlOUA.exe
  2⤵
  PID:2792
- C:\Windows\System\KaxciGb.exe
  C:\Windows\System\KaxciGb.exe
  2⤵
  PID:6480
- C:\Windows\System\jIPhmbm.exe
  C:\Windows\System\jIPhmbm.exe
  2⤵
  PID:6880
- C:\Windows\System\mnrJyKU.exe
  C:\Windows\System\mnrJyKU.exe
  2⤵
  PID:6980
- C:\Windows\System\VnNAbnS.exe
  C:\Windows\System\VnNAbnS.exe
  2⤵
  PID:7044
- C:\Windows\System\CuLICHI.exe
  C:\Windows\System\CuLICHI.exe
  2⤵
  PID:6236
- C:\Windows\System\XFmBoQv.exe
  C:\Windows\System\XFmBoQv.exe
  2⤵
  PID:6332
- C:\Windows\System\acLWIUa.exe
  C:\Windows\System\acLWIUa.exe
  2⤵
  PID:6512
- C:\Windows\System\EGZagyR.exe
  C:\Windows\System\EGZagyR.exe
  2⤵
  PID:6804
- C:\Windows\System\XhCPpuX.exe
  C:\Windows\System\XhCPpuX.exe
  2⤵
  PID:4948
- C:\Windows\System\zPkinzM.exe
  C:\Windows\System\zPkinzM.exe
  2⤵
  PID:7068
- C:\Windows\System\SOLbVtW.exe
  C:\Windows\System\SOLbVtW.exe
  2⤵
  PID:7040
- C:\Windows\System\eEvjZnA.exe
  C:\Windows\System\eEvjZnA.exe
  2⤵
  PID:6456
- C:\Windows\System\DevkHtz.exe
  C:\Windows\System\DevkHtz.exe
  2⤵
  PID:6616
- C:\Windows\System\FLbIPKi.exe
  C:\Windows\System\FLbIPKi.exe
  2⤵
  PID:7184
- C:\Windows\System\kMjbqkN.exe
  C:\Windows\System\kMjbqkN.exe
  2⤵
  PID:7216
- C:\Windows\System\qwKjSEK.exe
  C:\Windows\System\qwKjSEK.exe
  2⤵
  PID:7236
- C:\Windows\System\VIxtuxL.exe
  C:\Windows\System\VIxtuxL.exe
  2⤵
  PID:7256
- C:\Windows\System\cuYQIqX.exe
  C:\Windows\System\cuYQIqX.exe
  2⤵
  PID:7272
- C:\Windows\System\eyxNfNG.exe
  C:\Windows\System\eyxNfNG.exe
  2⤵
  PID:7288
- C:\Windows\System\QiIjNTp.exe
  C:\Windows\System\QiIjNTp.exe
  2⤵
  PID:7304
- C:\Windows\System\PEugZTT.exe
  C:\Windows\System\PEugZTT.exe
  2⤵
  PID:7336
- C:\Windows\System\UhEvXSc.exe
  C:\Windows\System\UhEvXSc.exe
  2⤵
  PID:7352
- C:\Windows\System\xyRhZKV.exe
  C:\Windows\System\xyRhZKV.exe
  2⤵
  PID:7368
- C:\Windows\System\qUyNGEE.exe
  C:\Windows\System\qUyNGEE.exe
  2⤵
  PID:7388
- C:\Windows\System\mBEbjzJ.exe
  C:\Windows\System\mBEbjzJ.exe
  2⤵
  PID:7408
- C:\Windows\System\WUKyaUn.exe
  C:\Windows\System\WUKyaUn.exe
  2⤵
  PID:7428
- C:\Windows\System\IZHQurm.exe
  C:\Windows\System\IZHQurm.exe
  2⤵
  PID:7464
- C:\Windows\System\wFTIHLA.exe
  C:\Windows\System\wFTIHLA.exe
  2⤵
  PID:7484
- C:\Windows\System\fICoswG.exe
  C:\Windows\System\fICoswG.exe
  2⤵
  PID:7500
- C:\Windows\System\uMILBDE.exe
  C:\Windows\System\uMILBDE.exe
  2⤵
  PID:7520
- C:\Windows\System\EMlUdIq.exe
  C:\Windows\System\EMlUdIq.exe
  2⤵
  PID:7540
- C:\Windows\System\gbzGzss.exe
  C:\Windows\System\gbzGzss.exe
  2⤵
  PID:7556
- C:\Windows\System\LsITELX.exe
  C:\Windows\System\LsITELX.exe
  2⤵
  PID:7576
- C:\Windows\System\XGeLLna.exe
  C:\Windows\System\XGeLLna.exe
  2⤵
  PID:7596
- C:\Windows\System\ZVnGjYr.exe
  C:\Windows\System\ZVnGjYr.exe
  2⤵
  PID:7620
- C:\Windows\System\ROBbpYM.exe
  C:\Windows\System\ROBbpYM.exe
  2⤵
  PID:7644
- C:\Windows\System\lQpjIYP.exe
  C:\Windows\System\lQpjIYP.exe
  2⤵
  PID:7664
- C:\Windows\System\spCDtkH.exe
  C:\Windows\System\spCDtkH.exe
  2⤵
  PID:7680
- C:\Windows\System\UPptrYH.exe
  C:\Windows\System\UPptrYH.exe
  2⤵
  PID:7700
- C:\Windows\System\AWGVBCH.exe
  C:\Windows\System\AWGVBCH.exe
  2⤵
  PID:7724
- C:\Windows\System\XfTpDyH.exe
  C:\Windows\System\XfTpDyH.exe
  2⤵
  PID:7744
- C:\Windows\System\WSFXxwx.exe
  C:\Windows\System\WSFXxwx.exe
  2⤵
  PID:7760
- C:\Windows\System\BpSBKik.exe
  C:\Windows\System\BpSBKik.exe
  2⤵
  PID:7780
- C:\Windows\System\ugkuExh.exe
  C:\Windows\System\ugkuExh.exe
  2⤵
  PID:7800
- C:\Windows\System\zYIehge.exe
  C:\Windows\System\zYIehge.exe
  2⤵
  PID:7824
- C:\Windows\System\SgqoERO.exe
  C:\Windows\System\SgqoERO.exe
  2⤵
  PID:7844
- C:\Windows\System\QdQNEpR.exe
  C:\Windows\System\QdQNEpR.exe
  2⤵
  PID:7864
- C:\Windows\System\pkzscNW.exe
  C:\Windows\System\pkzscNW.exe
  2⤵
  PID:7880
- C:\Windows\System\uKyGGAK.exe
  C:\Windows\System\uKyGGAK.exe
  2⤵
  PID:7896
- C:\Windows\System\TqOzXyD.exe
  C:\Windows\System\TqOzXyD.exe
  2⤵
  PID:7920
- C:\Windows\System\TtZgpPW.exe
  C:\Windows\System\TtZgpPW.exe
  2⤵
  PID:7936
- C:\Windows\System\dxZJfSJ.exe
  C:\Windows\System\dxZJfSJ.exe
  2⤵
  PID:7968
- C:\Windows\System\mYOtqBl.exe
  C:\Windows\System\mYOtqBl.exe
  2⤵
  PID:7988
- C:\Windows\System\frHfsbH.exe
  C:\Windows\System\frHfsbH.exe
  2⤵
  PID:8004
- C:\Windows\System\BJfzYEQ.exe
  C:\Windows\System\BJfzYEQ.exe
  2⤵
  PID:8020
- C:\Windows\System\VyuLYsW.exe
  C:\Windows\System\VyuLYsW.exe
  2⤵
  PID:8040
- C:\Windows\System\JujCErN.exe
  C:\Windows\System\JujCErN.exe
  2⤵
  PID:8056
- C:\Windows\System\kvBcROE.exe
  C:\Windows\System\kvBcROE.exe
  2⤵
  PID:8084
- C:\Windows\System\trhBkOJ.exe
  C:\Windows\System\trhBkOJ.exe
  2⤵
  PID:8104
- C:\Windows\System\AKHSRHo.exe
  C:\Windows\System\AKHSRHo.exe
  2⤵
  PID:8124
- C:\Windows\System\zVrppku.exe
  C:\Windows\System\zVrppku.exe
  2⤵
  PID:8144
- C:\Windows\System\druKnCE.exe
  C:\Windows\System\druKnCE.exe
  2⤵
  PID:8160
- C:\Windows\System\DgxfqTW.exe
  C:\Windows\System\DgxfqTW.exe
  2⤵
  PID:8180
- C:\Windows\System\FjRDPrE.exe
  C:\Windows\System\FjRDPrE.exe
  2⤵
  PID:6892
- C:\Windows\System\HfRqbsT.exe
  C:\Windows\System\HfRqbsT.exe
  2⤵
  PID:7196
- C:\Windows\System\YSdNbWB.exe
  C:\Windows\System\YSdNbWB.exe
  2⤵
  PID:7228
- C:\Windows\System\SxueGVP.exe
  C:\Windows\System\SxueGVP.exe
  2⤵
  PID:7264
- C:\Windows\System\BqEdBTC.exe
  C:\Windows\System\BqEdBTC.exe
  2⤵
  PID:7300
- C:\Windows\System\aDvAiXa.exe
  C:\Windows\System\aDvAiXa.exe
  2⤵
  PID:7380
- C:\Windows\System\zUltKUX.exe
  C:\Windows\System\zUltKUX.exe
  2⤵
  PID:7312
- C:\Windows\System\sNmAGjG.exe
  C:\Windows\System\sNmAGjG.exe
  2⤵
  PID:7404
- C:\Windows\System\rvmiaKs.exe
  C:\Windows\System\rvmiaKs.exe
  2⤵
  PID:7360
- C:\Windows\System\rmauEbz.exe
  C:\Windows\System\rmauEbz.exe
  2⤵
  PID:7440
- C:\Windows\System\OsFGNLY.exe
  C:\Windows\System\OsFGNLY.exe
  2⤵
  PID:7496
- C:\Windows\System\CWNBYpa.exe
  C:\Windows\System\CWNBYpa.exe
  2⤵
  PID:7548
- C:\Windows\System\OqckGZS.exe
  C:\Windows\System\OqckGZS.exe
  2⤵
  PID:7584
- C:\Windows\System\vEGcKeB.exe
  C:\Windows\System\vEGcKeB.exe
  2⤵
  PID:7628
- C:\Windows\System\aAjkeXJ.exe
  C:\Windows\System\aAjkeXJ.exe
  2⤵
  PID:7604
- C:\Windows\System\kcVBGyL.exe
  C:\Windows\System\kcVBGyL.exe
  2⤵
  PID:7660
- C:\Windows\System\JlezXbd.exe
  C:\Windows\System\JlezXbd.exe
  2⤵
  PID:7692
- C:\Windows\System\zCDxtBv.exe
  C:\Windows\System\zCDxtBv.exe
  2⤵
  PID:7732
- C:\Windows\System\qWiXZLY.exe
  C:\Windows\System\qWiXZLY.exe
  2⤵
  PID:7772
- C:\Windows\System\NQQRPaI.exe
  C:\Windows\System\NQQRPaI.exe
  2⤵
  PID:7808
- C:\Windows\System\pzKeCpT.exe
  C:\Windows\System\pzKeCpT.exe
  2⤵
  PID:7836
- C:\Windows\System\OvpLPeV.exe
  C:\Windows\System\OvpLPeV.exe
  2⤵
  PID:7908
- C:\Windows\System\rKiKSBM.exe
  C:\Windows\System\rKiKSBM.exe
  2⤵
  PID:7944
- C:\Windows\System\QYyWmPr.exe
  C:\Windows\System\QYyWmPr.exe
  2⤵
  PID:7932
- C:\Windows\System\DWjMpud.exe
  C:\Windows\System\DWjMpud.exe
  2⤵
  PID:7960
- C:\Windows\System\SEmRFuo.exe
  C:\Windows\System\SEmRFuo.exe
  2⤵
  PID:8016
- C:\Windows\System\NdRjWxH.exe
  C:\Windows\System\NdRjWxH.exe
  2⤵
  PID:8032
- C:\Windows\System\upVEFwc.exe
  C:\Windows\System\upVEFwc.exe
  2⤵
  PID:8068
- C:\Windows\System\qnctcUk.exe
  C:\Windows\System\qnctcUk.exe
  2⤵
  PID:8096
- C:\Windows\System\vegAZIV.exe
  C:\Windows\System\vegAZIV.exe
  2⤵
  PID:8140
- C:\Windows\System\WHdyZVe.exe
  C:\Windows\System\WHdyZVe.exe
  2⤵
  PID:8136
- C:\Windows\System\spFwXnV.exe
  C:\Windows\System\spFwXnV.exe
  2⤵
  PID:7172
- C:\Windows\System\TLlJOeC.exe
  C:\Windows\System\TLlJOeC.exe
  2⤵
  PID:7208
- C:\Windows\System\KpCXvGq.exe
  C:\Windows\System\KpCXvGq.exe
  2⤵
  PID:7296
- C:\Windows\System\QlBOIwL.exe
  C:\Windows\System\QlBOIwL.exe
  2⤵
  PID:7348
- C:\Windows\System\zTdirgf.exe
  C:\Windows\System\zTdirgf.exe
  2⤵
  PID:7364
- C:\Windows\System\BGIobTw.exe
  C:\Windows\System\BGIobTw.exe
  2⤵
  PID:7472
- C:\Windows\System\ezWztEz.exe
  C:\Windows\System\ezWztEz.exe
  2⤵
  PID:7448
- C:\Windows\System\RGTvlHl.exe
  C:\Windows\System\RGTvlHl.exe
  2⤵
  PID:7588
- C:\Windows\System\FlDnyyZ.exe
  C:\Windows\System\FlDnyyZ.exe
  2⤵
  PID:7572
- C:\Windows\System\OMVJzku.exe
  C:\Windows\System\OMVJzku.exe
  2⤵
  PID:7676
- C:\Windows\System\DKTUiNB.exe
  C:\Windows\System\DKTUiNB.exe
  2⤵
  PID:7636
- C:\Windows\System\WzkMhMQ.exe
  C:\Windows\System\WzkMhMQ.exe
  2⤵
  PID:7788
- C:\Windows\System\aMpsDBe.exe
  C:\Windows\System\aMpsDBe.exe
  2⤵
  PID:7872
- C:\Windows\System\giPRYDS.exe
  C:\Windows\System\giPRYDS.exe
  2⤵
  PID:7860
- C:\Windows\System\hfmhUiE.exe
  C:\Windows\System\hfmhUiE.exe
  2⤵
  PID:7952
- C:\Windows\System\iKWEvPJ.exe
  C:\Windows\System\iKWEvPJ.exe
  2⤵
  PID:7820
- C:\Windows\System\yZVdbMO.exe
  C:\Windows\System\yZVdbMO.exe
  2⤵
  PID:7984
- C:\Windows\System\cIkRaHr.exe
  C:\Windows\System\cIkRaHr.exe
  2⤵
  PID:8080
- C:\Windows\System\EgqsssK.exe
  C:\Windows\System\EgqsssK.exe
  2⤵
  PID:8168
- C:\Windows\System\FDbBMlW.exe
  C:\Windows\System\FDbBMlW.exe
  2⤵
  PID:7192
- C:\Windows\System\sYbTNpw.exe
  C:\Windows\System\sYbTNpw.exe
  2⤵
  PID:7280
- C:\Windows\System\SbrUZrX.exe
  C:\Windows\System\SbrUZrX.exe
  2⤵
  PID:7456
- C:\Windows\System\SJZVKTW.exe
  C:\Windows\System\SJZVKTW.exe
  2⤵
  PID:7460
- C:\Windows\System\ySVrWNx.exe
  C:\Windows\System\ySVrWNx.exe
  2⤵
  PID:7568
- C:\Windows\System\fMIbKcf.exe
  C:\Windows\System\fMIbKcf.exe
  2⤵
  PID:7688
- C:\Windows\System\txqpfnk.exe
  C:\Windows\System\txqpfnk.exe
  2⤵
  PID:7752
- C:\Windows\System\OWasGJh.exe
  C:\Windows\System\OWasGJh.exe
  2⤵
  PID:7812
- C:\Windows\System\gwmLUIf.exe
  C:\Windows\System\gwmLUIf.exe
  2⤵
  PID:7996
- C:\Windows\System\ricWBhx.exe
  C:\Windows\System\ricWBhx.exe
  2⤵
  PID:8176
- C:\Windows\System\nvhdNZM.exe
  C:\Windows\System\nvhdNZM.exe
  2⤵
  PID:7204
- C:\Windows\System\JrQpaBt.exe
  C:\Windows\System\JrQpaBt.exe
  2⤵
  PID:7200
- C:\Windows\System\YWzbDdm.exe
  C:\Windows\System\YWzbDdm.exe
  2⤵
  PID:7536
- C:\Windows\System\kNvSGuP.exe
  C:\Windows\System\kNvSGuP.exe
  2⤵
  PID:7492
- C:\Windows\System\AlPLfEN.exe
  C:\Windows\System\AlPLfEN.exe
  2⤵
  PID:7316
- C:\Windows\System\crFwZTF.exe
  C:\Windows\System\crFwZTF.exe
  2⤵
  PID:7696
- C:\Windows\System\lLMgCSz.exe
  C:\Windows\System\lLMgCSz.exe
  2⤵
  PID:7888
- C:\Windows\System\rDmxhOL.exe
  C:\Windows\System\rDmxhOL.exe
  2⤵
  PID:8120
- C:\Windows\System\AnrpAUT.exe
  C:\Windows\System\AnrpAUT.exe
  2⤵
  PID:8116
- C:\Windows\System\wgqFWWM.exe
  C:\Windows\System\wgqFWWM.exe
  2⤵
  PID:7284
- C:\Windows\System\MrfSnWc.exe
  C:\Windows\System\MrfSnWc.exe
  2⤵
  PID:7832
- C:\Windows\System\AMVJNfd.exe
  C:\Windows\System\AMVJNfd.exe
  2⤵
  PID:7716
- C:\Windows\System\bxUZvSy.exe
  C:\Windows\System\bxUZvSy.exe
  2⤵
  PID:7956
- C:\Windows\System\qmmQwRS.exe
  C:\Windows\System\qmmQwRS.exe
  2⤵
  PID:8188
- C:\Windows\System\gYuNJgJ.exe
  C:\Windows\System\gYuNJgJ.exe
  2⤵
  PID:8216
- C:\Windows\System\jDKaTrq.exe
  C:\Windows\System\jDKaTrq.exe
  2⤵
  PID:8236
- C:\Windows\System\NMYwxon.exe
  C:\Windows\System\NMYwxon.exe
  2⤵
  PID:8256
- C:\Windows\System\bQvSoRj.exe
  C:\Windows\System\bQvSoRj.exe
  2⤵
  PID:8272
- C:\Windows\System\RSWqZuw.exe
  C:\Windows\System\RSWqZuw.exe
  2⤵
  PID:8288
- C:\Windows\System\QDIrDIf.exe
  C:\Windows\System\QDIrDIf.exe
  2⤵
  PID:8320
- C:\Windows\System\VHXhnRA.exe
  C:\Windows\System\VHXhnRA.exe
  2⤵
  PID:8336
- C:\Windows\System\fncxulS.exe
  C:\Windows\System\fncxulS.exe
  2⤵
  PID:8352
- C:\Windows\System\gAPJedP.exe
  C:\Windows\System\gAPJedP.exe
  2⤵
  PID:8380
- C:\Windows\System\sgtGPtD.exe
  C:\Windows\System\sgtGPtD.exe
  2⤵
  PID:8400
- C:\Windows\System\AiICYEO.exe
  C:\Windows\System\AiICYEO.exe
  2⤵
  PID:8420
- C:\Windows\System\bvNjwUn.exe
  C:\Windows\System\bvNjwUn.exe
  2⤵
  PID:8440
- C:\Windows\System\YDNOOel.exe
  C:\Windows\System\YDNOOel.exe
  2⤵
  PID:8456
- C:\Windows\System\KBYKYyn.exe
  C:\Windows\System\KBYKYyn.exe
  2⤵
  PID:8476
- C:\Windows\System\uhqtePz.exe
  C:\Windows\System\uhqtePz.exe
  2⤵
  PID:8504
- C:\Windows\System\uihKcyw.exe
  C:\Windows\System\uihKcyw.exe
  2⤵
  PID:8520
- C:\Windows\System\XyYggvq.exe
  C:\Windows\System\XyYggvq.exe
  2⤵
  PID:8544
- C:\Windows\System\wKRObXP.exe
  C:\Windows\System\wKRObXP.exe
  2⤵
  PID:8560
- C:\Windows\System\DvseHGD.exe
  C:\Windows\System\DvseHGD.exe
  2⤵
  PID:8576
- C:\Windows\System\wQYKyTw.exe
  C:\Windows\System\wQYKyTw.exe
  2⤵
  PID:8596
- C:\Windows\System\fmcKwOU.exe
  C:\Windows\System\fmcKwOU.exe
  2⤵
  PID:8624
- C:\Windows\System\TYikjaJ.exe
  C:\Windows\System\TYikjaJ.exe
  2⤵
  PID:8640
- C:\Windows\System\SbIGMCF.exe
  C:\Windows\System\SbIGMCF.exe
  2⤵
  PID:8656
- C:\Windows\System\csUukNn.exe
  C:\Windows\System\csUukNn.exe
  2⤵
  PID:8672
- C:\Windows\System\oDrqrux.exe
  C:\Windows\System\oDrqrux.exe
  2⤵
  PID:8692
- C:\Windows\System\ntxEFru.exe
  C:\Windows\System\ntxEFru.exe
  2⤵
  PID:8712
- C:\Windows\System\jNQcrCn.exe
  C:\Windows\System\jNQcrCn.exe
  2⤵
  PID:8736
- C:\Windows\System\wzqmbOE.exe
  C:\Windows\System\wzqmbOE.exe
  2⤵
  PID:8756
- C:\Windows\System\uMOxQFs.exe
  C:\Windows\System\uMOxQFs.exe
  2⤵
  PID:8780
- C:\Windows\System\SFuAVEA.exe
  C:\Windows\System\SFuAVEA.exe
  2⤵
  PID:8796
- C:\Windows\System\BmTqzcw.exe
  C:\Windows\System\BmTqzcw.exe
  2⤵
  PID:8812
- C:\Windows\System\ZDLqvpF.exe
  C:\Windows\System\ZDLqvpF.exe
  2⤵
  PID:8828
- C:\Windows\System\CWolDWx.exe
  C:\Windows\System\CWolDWx.exe
  2⤵
  PID:8844
- C:\Windows\System\AXHFPzV.exe
  C:\Windows\System\AXHFPzV.exe
  2⤵
  PID:8860
- C:\Windows\System\gzJbxud.exe
  C:\Windows\System\gzJbxud.exe
  2⤵
  PID:8876
- C:\Windows\System\RjeCWGO.exe
  C:\Windows\System\RjeCWGO.exe
  2⤵
  PID:8892
- C:\Windows\System\UgIEdgo.exe
  C:\Windows\System\UgIEdgo.exe
  2⤵
  PID:8908
- C:\Windows\System\vLBRSzV.exe
  C:\Windows\System\vLBRSzV.exe
  2⤵
  PID:8924
- C:\Windows\System\xQHLcIY.exe
  C:\Windows\System\xQHLcIY.exe
  2⤵
  PID:8940
- C:\Windows\System\KviBrgr.exe
  C:\Windows\System\KviBrgr.exe
  2⤵
  PID:8956
- C:\Windows\System\iTdEGdW.exe
  C:\Windows\System\iTdEGdW.exe
  2⤵
  PID:8972
- C:\Windows\System\mUvHsZz.exe
  C:\Windows\System\mUvHsZz.exe
  2⤵
  PID:8988
- C:\Windows\System\tQWfUcL.exe
  C:\Windows\System\tQWfUcL.exe
  2⤵
  PID:9004
- C:\Windows\System\LzzqRIq.exe
  C:\Windows\System\LzzqRIq.exe
  2⤵
  PID:9020
- C:\Windows\System\rqVMuRE.exe
  C:\Windows\System\rqVMuRE.exe
  2⤵
  PID:9036
- C:\Windows\System\giKftlI.exe
  C:\Windows\System\giKftlI.exe
  2⤵
  PID:9052
- C:\Windows\System\usgRgem.exe
  C:\Windows\System\usgRgem.exe
  2⤵
  PID:9068
- C:\Windows\System\ppMlOXW.exe
  C:\Windows\System\ppMlOXW.exe
  2⤵
  PID:9088
- C:\Windows\System\MjfGwbM.exe
  C:\Windows\System\MjfGwbM.exe
  2⤵
  PID:9104
- C:\Windows\System\uSBdcwd.exe
  C:\Windows\System\uSBdcwd.exe
  2⤵
  PID:9120
- C:\Windows\System\CusfDvC.exe
  C:\Windows\System\CusfDvC.exe
  2⤵
  PID:9144
- C:\Windows\System\RyXyapF.exe
  C:\Windows\System\RyXyapF.exe
  2⤵
  PID:9168
- C:\Windows\System\rCpSiME.exe
  C:\Windows\System\rCpSiME.exe
  2⤵
  PID:9188
- C:\Windows\System\xoCDgGK.exe
  C:\Windows\System\xoCDgGK.exe
  2⤵
  PID:9204
- C:\Windows\System\sobdnsi.exe
  C:\Windows\System\sobdnsi.exe
  2⤵
  PID:7756
- C:\Windows\System\Ihxikft.exe
  C:\Windows\System\Ihxikft.exe
  2⤵
  PID:7332
- C:\Windows\System\deuTFeq.exe
  C:\Windows\System\deuTFeq.exe
  2⤵
  PID:7512
- C:\Windows\System\iORizmy.exe
  C:\Windows\System\iORizmy.exe
  2⤵
  PID:8244
- C:\Windows\System\GcbZIyr.exe
  C:\Windows\System\GcbZIyr.exe
  2⤵
  PID:8228
- C:\Windows\System\mSnwEMT.exe
  C:\Windows\System\mSnwEMT.exe
  2⤵
  PID:8232
- C:\Windows\System\mEfpAoF.exe
  C:\Windows\System\mEfpAoF.exe
  2⤵
  PID:8312
- C:\Windows\System\IFwiage.exe
  C:\Windows\System\IFwiage.exe
  2⤵
  PID:8332
- C:\Windows\System\kzdJLcx.exe
  C:\Windows\System\kzdJLcx.exe
  2⤵
  PID:8368
- C:\Windows\System\oQtKdXb.exe
  C:\Windows\System\oQtKdXb.exe
  2⤵
  PID:8396
- C:\Windows\System\hmsQhuZ.exe
  C:\Windows\System\hmsQhuZ.exe
  2⤵
  PID:8412
- C:\Windows\System\OJYIcAy.exe
  C:\Windows\System\OJYIcAy.exe
  2⤵
  PID:8452
- C:\Windows\System\EjxhkPJ.exe
  C:\Windows\System\EjxhkPJ.exe
  2⤵
  PID:8492
- C:\Windows\System\tgvxFDd.exe
  C:\Windows\System\tgvxFDd.exe
  2⤵
  PID:8528
- C:\Windows\System\BMDWqIX.exe
  C:\Windows\System\BMDWqIX.exe
  2⤵
  PID:8540
- C:\Windows\System\GdCVpPl.exe
  C:\Windows\System\GdCVpPl.exe
  2⤵
  PID:8592
- C:\Windows\System\KCPgiFD.exe
  C:\Windows\System\KCPgiFD.exe
  2⤵
  PID:8620
- C:\Windows\System\yizkHOK.exe
  C:\Windows\System\yizkHOK.exe
  2⤵
  PID:8652
- C:\Windows\System\gdJDdfZ.exe
  C:\Windows\System\gdJDdfZ.exe
  2⤵
  PID:8720
- C:\Windows\System\gAVtdmZ.exe
  C:\Windows\System\gAVtdmZ.exe
  2⤵
  PID:8664
- C:\Windows\System\nQzxYwP.exe
  C:\Windows\System\nQzxYwP.exe
  2⤵
  PID:8632
- C:\Windows\System\oXbOlcu.exe
  C:\Windows\System\oXbOlcu.exe
  2⤵
  PID:8700
- C:\Windows\System\tqCUUOK.exe
  C:\Windows\System\tqCUUOK.exe
  2⤵
  PID:8776
- C:\Windows\System\eEmqAtO.exe
  C:\Windows\System\eEmqAtO.exe
  2⤵
  PID:8836
- C:\Windows\System\OhQwfLN.exe
  C:\Windows\System\OhQwfLN.exe
  2⤵
  PID:8820
- C:\Windows\System\eKwLROr.exe
  C:\Windows\System\eKwLROr.exe
  2⤵
  PID:8888
- C:\Windows\System\cpfhaOK.exe
  C:\Windows\System\cpfhaOK.exe
  2⤵
  PID:8968
- C:\Windows\System\wcjVEgN.exe
  C:\Windows\System\wcjVEgN.exe
  2⤵
  PID:8948
- C:\Windows\System\XJtuPpk.exe
  C:\Windows\System\XJtuPpk.exe
  2⤵
  PID:9000
- C:\Windows\System\aHKyqkL.exe
  C:\Windows\System\aHKyqkL.exe
  2⤵
  PID:9016
- C:\Windows\System\BhuQXWi.exe
  C:\Windows\System\BhuQXWi.exe
  2⤵
  PID:9064
- C:\Windows\System\GfqwDzj.exe
  C:\Windows\System\GfqwDzj.exe
  2⤵
  PID:9100
- C:\Windows\System\SMZYxZw.exe
  C:\Windows\System\SMZYxZw.exe
  2⤵
  PID:9128
- C:\Windows\System\WiqaSxG.exe
  C:\Windows\System\WiqaSxG.exe
  2⤵
  PID:9164
- C:\Windows\System\rUCQXFu.exe
  C:\Windows\System\rUCQXFu.exe
  2⤵
  PID:9184
- C:\Windows\System\oFnjGYe.exe
  C:\Windows\System\oFnjGYe.exe
  2⤵
  PID:8156
- C:\Windows\System\xfrQgSg.exe
  C:\Windows\System\xfrQgSg.exe
  2⤵
  PID:7904
- C:\Windows\System\fPAhXbc.exe
  C:\Windows\System\fPAhXbc.exe
  2⤵
  PID:7476
- C:\Windows\System\FSTxaCP.exe
  C:\Windows\System\FSTxaCP.exe
  2⤵
  PID:8284
- C:\Windows\System\NURJibb.exe
  C:\Windows\System\NURJibb.exe
  2⤵
  PID:8344
- C:\Windows\System\JlzhvkT.exe
  C:\Windows\System\JlzhvkT.exe
  2⤵
  PID:8328
- C:\Windows\System\PzmQVSH.exe
  C:\Windows\System\PzmQVSH.exe
  2⤵
  PID:8484
- C:\Windows\System\xgbNqMP.exe
  C:\Windows\System\xgbNqMP.exe
  2⤵
  PID:8488
- C:\Windows\System\rvyQmTD.exe
  C:\Windows\System\rvyQmTD.exe
  2⤵
  PID:8536
- C:\Windows\System\MioJfyG.exe
  C:\Windows\System\MioJfyG.exe
  2⤵
  PID:8500
- C:\Windows\System\lnpAStk.exe
  C:\Windows\System\lnpAStk.exe
  2⤵
  PID:8684
- C:\Windows\System\uvozGrz.exe
  C:\Windows\System\uvozGrz.exe
  2⤵
  PID:8728
- C:\Windows\System\bQqhPKW.exe
  C:\Windows\System\bQqhPKW.exe
  2⤵
  PID:8744
- C:\Windows\System\qywjtEh.exe
  C:\Windows\System\qywjtEh.exe
  2⤵
  PID:8772
- C:\Windows\System\fSiCHaL.exe
  C:\Windows\System\fSiCHaL.exe
  2⤵
  PID:8808
- C:\Windows\System\uJytWCc.exe
  C:\Windows\System\uJytWCc.exe
  2⤵
  PID:8872
- C:\Windows\System\BkaVScW.exe
  C:\Windows\System\BkaVScW.exe
  2⤵
  PID:8932
- C:\Windows\System\fnUesmC.exe
  C:\Windows\System\fnUesmC.exe
  2⤵
  PID:8916
- C:\Windows\System\qiCiXsr.exe
  C:\Windows\System\qiCiXsr.exe
  2⤵
  PID:9096
- C:\Windows\System\RLsbysL.exe
  C:\Windows\System\RLsbysL.exe
  2⤵
  PID:9060
- C:\Windows\System\onkvdSs.exe
  C:\Windows\System\onkvdSs.exe
  2⤵
  PID:8252
- C:\Windows\System\IshWNzg.exe
  C:\Windows\System\IshWNzg.exe
  2⤵
  PID:9180
- C:\Windows\System\AGfaLhe.exe
  C:\Windows\System\AGfaLhe.exe
  2⤵
  PID:8304
- C:\Windows\System\Xukommz.exe
  C:\Windows\System\Xukommz.exe
  2⤵
  PID:9136
- C:\Windows\System\HKcNfZG.exe
  C:\Windows\System\HKcNfZG.exe
  2⤵
  PID:8936
- C:\Windows\System\DYDlFmd.exe
  C:\Windows\System\DYDlFmd.exe
  2⤵
  PID:9196
- C:\Windows\System\BNkwWwI.exe
  C:\Windows\System\BNkwWwI.exe
  2⤵
  PID:7416
- C:\Windows\System\gperHsu.exe
  C:\Windows\System\gperHsu.exe
  2⤵
  PID:9032
- C:\Windows\System\RJENzvE.exe
  C:\Windows\System\RJENzvE.exe
  2⤵
  PID:8364
- C:\Windows\System\ZvKwJmr.exe
  C:\Windows\System\ZvKwJmr.exe
  2⤵
  PID:8608
- C:\Windows\System\uixTNob.exe
  C:\Windows\System\uixTNob.exe
  2⤵
  PID:9140
- C:\Windows\System\PMNOCLg.exe
  C:\Windows\System\PMNOCLg.exe
  2⤵
  PID:8512
- C:\Windows\System\JVXEcpm.exe
  C:\Windows\System\JVXEcpm.exe
  2⤵
  PID:8472
- C:\Windows\System\fLehSYR.exe
  C:\Windows\System\fLehSYR.exe
  2⤵
  PID:9116
- C:\Windows\System\ytCdasB.exe
  C:\Windows\System\ytCdasB.exe
  2⤵
  PID:8308
- C:\Windows\System\JENVTjC.exe
  C:\Windows\System\JENVTjC.exe
  2⤵
  PID:2272
- C:\Windows\System\gGWTLqV.exe
  C:\Windows\System\gGWTLqV.exe
  2⤵
  PID:8852
- C:\Windows\System\zbszfYI.exe
  C:\Windows\System\zbszfYI.exe
  2⤵
  PID:8904
- C:\Windows\System\uaJULeS.exe
  C:\Windows\System\uaJULeS.exe
  2⤵
  PID:9200
- C:\Windows\System\yLBSygz.exe
  C:\Windows\System\yLBSygz.exe
  2⤵
  PID:8856
- C:\Windows\System\uzxbtUj.exe
  C:\Windows\System\uzxbtUj.exe
  2⤵
  PID:9220
- C:\Windows\System\pKaNRXd.exe
  C:\Windows\System\pKaNRXd.exe
  2⤵
  PID:9236
- C:\Windows\System\UwQiaHX.exe
  C:\Windows\System\UwQiaHX.exe
  2⤵
  PID:9252
- C:\Windows\System\mDiDjAu.exe
  C:\Windows\System\mDiDjAu.exe
  2⤵
  PID:9268
- C:\Windows\System\YhZvQbR.exe
  C:\Windows\System\YhZvQbR.exe
  2⤵
  PID:9284
- C:\Windows\System\VatUFJW.exe
  C:\Windows\System\VatUFJW.exe
  2⤵
  PID:9308
- C:\Windows\System\NANfKwF.exe
  C:\Windows\System\NANfKwF.exe
  2⤵
  PID:9324
- C:\Windows\System\AxOhxCg.exe
  C:\Windows\System\AxOhxCg.exe
  2⤵
  PID:9344
- C:\Windows\System\qMjGLuA.exe
  C:\Windows\System\qMjGLuA.exe
  2⤵
  PID:9364
- C:\Windows\System\JdqvZQP.exe
  C:\Windows\System\JdqvZQP.exe
  2⤵
  PID:9392
- C:\Windows\System\TcAqgLU.exe
  C:\Windows\System\TcAqgLU.exe
  2⤵
  PID:9408
- C:\Windows\System\QJqEJUj.exe
  C:\Windows\System\QJqEJUj.exe
  2⤵
  PID:9424
- C:\Windows\System\COIqQIa.exe
  C:\Windows\System\COIqQIa.exe
  2⤵
  PID:9460
- C:\Windows\System\GpvojFG.exe
  C:\Windows\System\GpvojFG.exe
  2⤵
  PID:9484
- C:\Windows\System\gVHgmPr.exe
  C:\Windows\System\gVHgmPr.exe
  2⤵
  PID:9504
- C:\Windows\System\MLPFShA.exe
  C:\Windows\System\MLPFShA.exe
  2⤵
  PID:9520
- C:\Windows\System\lnvqZNf.exe
  C:\Windows\System\lnvqZNf.exe
  2⤵
  PID:9536
- C:\Windows\System\qiKOMAr.exe
  C:\Windows\System\qiKOMAr.exe
  2⤵
  PID:9568
- C:\Windows\System\CTWARBP.exe
  C:\Windows\System\CTWARBP.exe
  2⤵
  PID:9588
- C:\Windows\System\kexkgYM.exe
  C:\Windows\System\kexkgYM.exe
  2⤵
  PID:9604
- C:\Windows\System\LUbjtAM.exe
  C:\Windows\System\LUbjtAM.exe
  2⤵
  PID:9624
- C:\Windows\System\kKlcFLA.exe
  C:\Windows\System\kKlcFLA.exe
  2⤵
  PID:9640
- C:\Windows\System\qmkgxyP.exe
  C:\Windows\System\qmkgxyP.exe
  2⤵
  PID:9656
- C:\Windows\System\NzIbkoB.exe
  C:\Windows\System\NzIbkoB.exe
  2⤵
  PID:9672
- C:\Windows\System\qEjMDAi.exe
  C:\Windows\System\qEjMDAi.exe
  2⤵
  PID:9692
- C:\Windows\System\BjfEKHv.exe
  C:\Windows\System\BjfEKHv.exe
  2⤵
  PID:9708
- C:\Windows\System\HQcfGLl.exe
  C:\Windows\System\HQcfGLl.exe
  2⤵
  PID:9724
- C:\Windows\System\BOOOjNW.exe
  C:\Windows\System\BOOOjNW.exe
  2⤵
  PID:9740
- C:\Windows\System\IOwlUXz.exe
  C:\Windows\System\IOwlUXz.exe
  2⤵
  PID:9756
- C:\Windows\System\mBFyKNe.exe
  C:\Windows\System\mBFyKNe.exe
  2⤵
  PID:9780
- C:\Windows\System\wxmGfvf.exe
  C:\Windows\System\wxmGfvf.exe
  2⤵
  PID:9804
- C:\Windows\System\zcyxSqA.exe
  C:\Windows\System\zcyxSqA.exe
  2⤵
  PID:9828
- C:\Windows\System\TwABgyh.exe
  C:\Windows\System\TwABgyh.exe
  2⤵
  PID:9844
- C:\Windows\System\nETLnWS.exe
  C:\Windows\System\nETLnWS.exe
  2⤵
  PID:9864
- C:\Windows\System\CYdcKDj.exe
  C:\Windows\System\CYdcKDj.exe
  2⤵
  PID:9884
- C:\Windows\System\yeKragC.exe
  C:\Windows\System\yeKragC.exe
  2⤵
  PID:9900
- C:\Windows\System\CDnMZSh.exe
  C:\Windows\System\CDnMZSh.exe
  2⤵
  PID:9916
- C:\Windows\System\hnjIhPO.exe
  C:\Windows\System\hnjIhPO.exe
  2⤵
  PID:9932
- C:\Windows\System\LLaXYcN.exe
  C:\Windows\System\LLaXYcN.exe
  2⤵
  PID:9948
- C:\Windows\System\FCgvmzJ.exe
  C:\Windows\System\FCgvmzJ.exe
  2⤵
  PID:9964
- C:\Windows\System\hJrwAKY.exe
  C:\Windows\System\hJrwAKY.exe
  2⤵
  PID:9980
- C:\Windows\System\tpHZWZK.exe
  C:\Windows\System\tpHZWZK.exe
  2⤵
  PID:10000
- C:\Windows\System\FZQaIub.exe
  C:\Windows\System\FZQaIub.exe
  2⤵
  PID:10016
- C:\Windows\System\ckdsBOK.exe
  C:\Windows\System\ckdsBOK.exe
  2⤵
  PID:10036
- C:\Windows\System\EmuTKcG.exe
  C:\Windows\System\EmuTKcG.exe
  2⤵
  PID:10052
- C:\Windows\System\cRTVoCp.exe
  C:\Windows\System\cRTVoCp.exe
  2⤵
  PID:10068
- C:\Windows\System\mTGipVv.exe
  C:\Windows\System\mTGipVv.exe
  2⤵
  PID:10100
- C:\Windows\System\IHunIxd.exe
  C:\Windows\System\IHunIxd.exe
  2⤵
  PID:10120
- C:\Windows\System\sDBrlQq.exe
  C:\Windows\System\sDBrlQq.exe
  2⤵
  PID:10136
- C:\Windows\System\MhSrZOE.exe
  C:\Windows\System\MhSrZOE.exe
  2⤵
  PID:10160
- C:\Windows\System\zBzptSX.exe
  C:\Windows\System\zBzptSX.exe
  2⤵
  PID:10176
- C:\Windows\System\WuISkkc.exe
  C:\Windows\System\WuISkkc.exe
  2⤵
  PID:10200
- C:\Windows\System\wafWPUo.exe
  C:\Windows\System\wafWPUo.exe
  2⤵
  PID:10216
- C:\Windows\System\DvGZHvJ.exe
  C:\Windows\System\DvGZHvJ.exe
  2⤵
  PID:8464
- C:\Windows\System\QKVjSJj.exe
  C:\Windows\System\QKVjSJj.exe
  2⤵
  PID:8840
- C:\Windows\System\ttkgfwA.exe
  C:\Windows\System\ttkgfwA.exe
  2⤵
  PID:9244
- C:\Windows\System\BdqMYiS.exe
  C:\Windows\System\BdqMYiS.exe
  2⤵
  PID:9316
- C:\Windows\System\LIeowHt.exe
  C:\Windows\System\LIeowHt.exe
  2⤵
  PID:9360
- C:\Windows\System\ahzfTHk.exe
  C:\Windows\System\ahzfTHk.exe
  2⤵
  PID:9388
- C:\Windows\System\BmdDmSD.exe
  C:\Windows\System\BmdDmSD.exe
  2⤵
  PID:9432
- C:\Windows\System\iwKfKML.exe
  C:\Windows\System\iwKfKML.exe
  2⤵
  PID:9476
- C:\Windows\System\uKRWxvb.exe
  C:\Windows\System\uKRWxvb.exe
  2⤵
  PID:9456
- C:\Windows\System\OZNJCBg.exe
  C:\Windows\System\OZNJCBg.exe
  2⤵
  PID:9500
- C:\Windows\System\FvrgFDT.exe
  C:\Windows\System\FvrgFDT.exe
  2⤵
  PID:9528
- C:\Windows\System\LGvRZCL.exe
  C:\Windows\System\LGvRZCL.exe
  2⤵
  PID:9564
- C:\Windows\System\xbLQfMM.exe
  C:\Windows\System\xbLQfMM.exe
  2⤵
  PID:9620
- C:\Windows\System\oukBZKe.exe
  C:\Windows\System\oukBZKe.exe
  2⤵
  PID:9596
- C:\Windows\System\BjIKbDm.exe
  C:\Windows\System\BjIKbDm.exe
  2⤵
  PID:9704
- C:\Windows\System\psgcQfn.exe
  C:\Windows\System\psgcQfn.exe
  2⤵
  PID:9768
- C:\Windows\System\cGZnWmh.exe
  C:\Windows\System\cGZnWmh.exe
  2⤵
  PID:9772
- C:\Windows\System\vkbCeeq.exe
  C:\Windows\System\vkbCeeq.exe
  2⤵
  PID:9816
- C:\Windows\System\vvYOeiK.exe
  C:\Windows\System\vvYOeiK.exe
  2⤵
  PID:9800
- C:\Windows\System\RyWsUhb.exe
  C:\Windows\System\RyWsUhb.exe
  2⤵
  PID:9840
- C:\Windows\System\uYwiHBs.exe
  C:\Windows\System\uYwiHBs.exe
  2⤵
  PID:9872
- C:\Windows\System\rGCTvlb.exe
  C:\Windows\System\rGCTvlb.exe
  2⤵
  PID:9896
- C:\Windows\System\HcgVKuI.exe
  C:\Windows\System\HcgVKuI.exe
  2⤵
  PID:9972
- C:\Windows\System\FGKhOBV.exe
  C:\Windows\System\FGKhOBV.exe
  2⤵
  PID:9992
- C:\Windows\System\kSdNfqF.exe
  C:\Windows\System\kSdNfqF.exe
  2⤵
  PID:9940
- C:\Windows\System\JPSYBxu.exe
  C:\Windows\System\JPSYBxu.exe
  2⤵
  PID:10064
- C:\Windows\System\IPOlbdh.exe
  C:\Windows\System\IPOlbdh.exe
  2⤵
  PID:10008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CrcxnRz.exe

Filesize
6.0MB

MD5
5281447137b59df6a8d5f03bfb9de8bb

SHA1
85939783f323b1eb5ea70cd968112b3b2d59dd52

SHA256
ba9d7d4969e5b94ee2d084a198151d1419797a568de13a8fb0e401ac92a5eadf

SHA512
2659620f512cb14f2a7a10fc1f7494f44bac678f826fe293b3bcb0753a81f633fab4cbe0fa708bce63f65a5530bdce7f7f369ef3059401a94187f58ff7807da9

Download Submit
C:\Windows\system\JWJieaY.exe

Filesize
6.0MB

MD5
620c0d2ab301460701aa46dfb9a22273

SHA1
aeb4906e267dc22617c5769501931b05f7d0c033

SHA256
309107bb592b28236bafd7d0c14bb0840319a4b57ef2df288e9fcbed0b8a7d31

SHA512
49dbc79ad4fc5ef6002076fdba4f4113859651cc1698b82ad5185af883478fe4de3bcd102dff117b2ccbdef7d3dfa70b4fcf88630cb97f2fc96290ecc671f10e

Download Submit
C:\Windows\system\JodkmWi.exe

Filesize
6.0MB

MD5
61b984ee1da79a758a9e8fcbb99cc5e8

SHA1
abc2240bd9ec2461ad5092fb442c1e8a22cef1b4

SHA256
e3e3a061db945cccce351ec5bbddd05004749ce0f45280ac3033265de49d2de3

SHA512
c5e774a1c455173a7a0210c82f27a662cba90f8f2a4ce721143e2c4d73d94894bcad476c86e8b85bc6848f9a0f3930bc954a3b4af3270f52960b752c056eae09

Download Submit
C:\Windows\system\MMAOKbl.exe

Filesize
6.0MB

MD5
d457e2f3f24a7ba1ed1479ee55ef824c

SHA1
c6287cb3d81bfac1b58a4c8f9f6b84977431e5ea

SHA256
7051f09c9b0c18fc7c50fa30519586902e8d4a2506972a328fba7c3fdd488380

SHA512
0901efbbfdc952f6b6d5fa3f2010163b0169940e9e2f6ad5b40613c2795f5326d92624cb7d1d7e06414932bb29c947d3440d790e69fd766881eb212a8c75a218

Download Submit
C:\Windows\system\OQmnPti.exe

Filesize
6.0MB

MD5
496452b866efa0b6869162a74d57da13

SHA1
402b9b5a89baaea9d59d4193bb19cf8b9ef964ee

SHA256
f8e2433df35640a778d240ee9dd089a9e64375b7b625b6b494a79856f88b0b42

SHA512
4fd88fab558592831f672aaee1b6b2f4d7805c3c6e901df8f500b49181a812a37a501c791fa286ec4c8a4fb1580cc68fe1ad6e1c3eedce032b3688e68c45f6b9

Download Submit
C:\Windows\system\PQaUwVk.exe

Filesize
6.0MB

MD5
b39402d5ae037ce4cc6c79a34926dd9b

SHA1
b6a9c07b46efd13c43465ef89c935406bbccb052

SHA256
a6717b3f2419ac3266e325f7f124c5be61e5252a9c8fcd4629326b62b97e2961

SHA512
6532cb15db4906c2823bfe02c9a508852a943aed2528ae00616884c3a2e7e2ffb817d3598c761688e85656f0428ef961d15890a835f2f25fbf605af0e8eedc3c

Download Submit
C:\Windows\system\SGAcMIy.exe

Filesize
6.0MB

MD5
b703edc69165d418d98892ec1c019687

SHA1
5567c37e18967de549afa9bc439015160bd1a5bc

SHA256
f9a9e84f314bacb643d20ffbb16969f200938cd1fcb6752f5c4141e8811a2af9

SHA512
86c13322da15ce0378d516f3392348561cb47fcd7b709afc8dec2679318b07cfcd2ec349fdb447a19af087bba05b4243c7709a3f9c921ec2a28693adb8ec46cf

Download Submit
C:\Windows\system\SyEOyAx.exe

Filesize
6.0MB

MD5
4dcd6b43f0c1294d8da826549d680ee3

SHA1
3fbdbaad0790a86bddfaefcc5fb80afbf5e32336

SHA256
2175cc4920f475f9cef36e7b8f16d2cbec60b46fc6bdd140a2c5e7d8e8a71f0e

SHA512
85ec24d8a112f357d1561d6391bcc987a5a19e6206af2c59ccd2787673e47aaec932053142c1d5a37cc18a8299bbe2e6b5c1a622b5f27675a1b590a6e9254f80

Download Submit
C:\Windows\system\VFaZwVp.exe

Filesize
6.0MB

MD5
28588cea2048cc6742f292098f3aec21

SHA1
42a20e767205bac6228a099282206f6e6f62d272

SHA256
73b8a0318e45baf017c22807d9752d1357e53a24220a49cd394dd06b78b1dc3f

SHA512
63f977f75b672a3d7c2717a4c2f856ee5cfdcc9d4efa56d89b646c252bd2cd7da627de70bfbe06818962b5062b1d5f0bcf4f919b33ee473f05d3de3c6dfdfd3b

Download Submit
C:\Windows\system\WMQNZXp.exe

Filesize
6.0MB

MD5
3d642bbc5ad8fe5180c1641f6ba814d4

SHA1
5f34eeaa891f35baae599669b63f99b67a838a90

SHA256
fc8f5528dcd696d3948c72445fb89b6b9ed2251dc28832c24a297b954c3c6d76

SHA512
ab098e7bc6a6c4cfe633d242e50b9e820664044ec47be4739439fc2bf843754e25921a897914463267c9422e60fe716e0c40f562fd6ab22aa6e8ab8a4b100f70

Download Submit
C:\Windows\system\WzlwGBp.exe

Filesize
6.0MB

MD5
6fe428c2551ccb18dcb3d5d70a092319

SHA1
9c10ac18e9e6c0bf8b2ce9693652bfb47a7a113f

SHA256
da0bbecf3f1598b69ec4e4541aad225c075adf562442ab8a1ab154d8b7503e49

SHA512
6930f123fd3d9d311592949bfb0769736126f6de6fa55cd9acb871825dcdd2036f4b6f67c969cd9592a9987e8e3b0cc7e6f394a2fd463a04a2f814a99196e594

Download Submit
C:\Windows\system\YMbQgKs.exe

Filesize
6.0MB

MD5
7ed6a4da36492a138b64a842a0b1a1c6

SHA1
5308dacc78dd46012837281c7e21116715826e9c

SHA256
a956e13d6508046a379749a3cf6220bf240856b41e1400fca67133b1a25690ee

SHA512
34972092f60f616c5e8de60405567a8efc89eed10650fabdbd7c6a405dba04e482cef61a10f00c5a7bcefc7c9b6c0f1b5ee58751f47e3445ef272cc1faf13fec

Download Submit
C:\Windows\system\YOCSyOi.exe

Filesize
6.0MB

MD5
2060a92cf4382567116ec514a4885639

SHA1
dec7110b228f5022374d83a818c77a2070cab3cf

SHA256
2358cea5403891507b2a8a212faa7867af68c7f8289c7b2165678a0a3305204c

SHA512
22e0dc830a68c8912dfd0322b761ae672a46f59dea0a560e95df576ae9b0313378c89fffaf705a0c45d1eee1b7e5c5db4aabaf183c148aefdc02f6209484ffe4

Download Submit
C:\Windows\system\caVwGYP.exe

Filesize
6.0MB

MD5
7f2664b7ce9d970c98e90213816f39ed

SHA1
1bf41298eca62f5b6650340a013ecbda8a2df86d

SHA256
f54cb3396e0e2f83b9839e98c89a2f96380b44a9fae2970902e4e05c8f221836

SHA512
01199f84643aba96cd3eddbe43baaf5d690da3ec74d3615a8ff753d5babb9ac046070c27a2184d0d8bc4425237f93e17d0d4dc752da48442f19b60dd63a7c11d

Download Submit
C:\Windows\system\cnQmOUv.exe

Filesize
6.0MB

MD5
1875be40022f78efad01506906ebe6ee

SHA1
e4600fa39f5f2345112e84cbb576dd6381993a60

SHA256
c8e6624ff602dbaabc680c0d3f1eeaf39d58d94a21e5e3011c4605af0e06bd2c

SHA512
6e235586fea7bfed8824e6bd6c7b08fbb7ddb645d30c33e3b66f746581ef4869e7ed95b1cad5f5f4244dd45e74db38becc80f23211914f40efdcc74914014fb8

Download Submit
C:\Windows\system\dzwvMgv.exe

Filesize
6.0MB

MD5
37fd1756b5d00d8ac63eb3e55321ebda

SHA1
66b2d86ddb6b1246f7fd78093388eb6b1f9da0b6

SHA256
ecc5e8acaf3af9ff8597ba4e786415944735ca8297d7cca6605d6941ae64e0a1

SHA512
e237f06584e74c52a6e59ab5343add4684b52fda4cdc200cb48a07e44cb9e6845ae666ee129e32931d35c896f05ed8752e4d0cbcf8f06653407cc38e35eec17e

Download Submit
C:\Windows\system\eLwfutR.exe

Filesize
6.0MB

MD5
a1a77e9b71441cd2bf17f9c57f7d5d36

SHA1
3714a93e2d1c1e430fe171ae757bafa5aa3d462f

SHA256
e505e5d4ac2961da9fe79fbe6125cdbf5423e45b5b4bd6d3c6a4a6b4fe51bfca

SHA512
2ed4dd0b2e335940426d7fb36fa1fe942611931447a54e7cfa4ebe1f6716ab941bb31562c7189a2679285ee2a27f9e9d300ec5ab183f670ce80c3a06ba5a0eab

Download Submit
C:\Windows\system\gAdjBtJ.exe

Filesize
6.0MB

MD5
6814dd1a0a90fca94bf0f75b9442d8f4

SHA1
e18c855940ef58e9fa275410f0b19eefa470b62e

SHA256
ea986f4c84096025ebff8625cd85a3aea151dc91080d70902fb042b1f4ff9747

SHA512
5d0c54e80f5f792b35e018c7bced4caad06a675950e2ca115cb4207876e5bb02560f6a56523b2cf34a613165d159d1bcc15416d7051466797a5a80627d3f0519

Download Submit
C:\Windows\system\gNDJQfK.exe

Filesize
6.0MB

MD5
3865eac128274a86e038a6ef73b33aff

SHA1
850c4f6e7e5cf47a962111be758f25c26255a784

SHA256
67dc97543bb52cd537ecab1dbd87d739ebe74d660ec31abcc38ca4713955607e

SHA512
0e92df84916a0ebf46838ab84686842b7fa5956765205c366d1be5364f4b889fcf9f412c7ccb11151bd577853b454e989e5b1f55deee623c926654e6d4bc86a4

Download Submit
C:\Windows\system\heAAQWB.exe

Filesize
6.0MB

MD5
86ff8cbfa765233c2eae62f71542f76e

SHA1
f86ecfa0bf8847684687619027aebe1865cc8abb

SHA256
1ae774f25e416bb45106a521e463a756190332ee05ee945d02b3ccd07b180317

SHA512
e9de236ae1e26a13060c3ac40ad6aa294eb0a4f1575374cf20edfe076d1fae1f84b68cfcdc21c358cba81ffbb4d114dee00701ecc735b66473b516f24ebb5e1c

Download Submit
C:\Windows\system\hyqgbxX.exe

Filesize
6.0MB

MD5
2bb7f186a64487e5833c0c27d4df2b62

SHA1
51a68d8024b928e282bdefc7d2b5077745208522

SHA256
dee6df6f35f613031a96c52a70e2f6f26dc2989aa8621bae2be05f38f3a8f7d4

SHA512
acc840afbf8188c9422ac6bcd034dfd62ad911e9e4d6d659cd437bee32c61d2babeadbaec8c24e50f1f3ef341a11c879e87ec5a47640ded7a0d0ba9d3e2280ee

Download Submit
C:\Windows\system\nnBpKsF.exe

Filesize
6.0MB

MD5
af021d7c75c52a0f2d9fde810f1f092b

SHA1
8f8b99ae8832cf9751d554d8e92aceed273b11db

SHA256
708f434e93d7f857fdd17de534690ef8baf818323282bae1174e1c3b92861692

SHA512
f4f45251251f8ff29dc25eb01031db5453df3ee9fb0012162f180e05270c7565ca927407cb7d5b30f488ccb45a53fecd6610e5cb020a4f69b46a41e61218b19c

Download Submit
C:\Windows\system\oCxshmV.exe

Filesize
6.0MB

MD5
a57a1f93d770d41fd77c353db27f5592

SHA1
03161ca5a69c4cb91bddf8a2f1a28c7d8d16347c

SHA256
483e6fa152a2a4bdbcbf3b957b4eae033c259eeef583089783b114d26a59048d

SHA512
462447d34a94dd1f5817587db771e9bc1b0e6f8369f85029726fefdbc8aeec7568372f2410b81d89b5f31a32704b18191d8439b751bc936556775c2a5bad0626

Download Submit
C:\Windows\system\szezioz.exe

Filesize
6.0MB

MD5
128ee76ceb3f31ed9c4231633473facd

SHA1
60b1f442b201c9153d6a3a245beffafd36c9574f

SHA256
c3369466a53eb448b84a372a65d243101ed84a47d2dddea70746fe13ff9c81cf

SHA512
8f1bdee4e1ce4958099430c6ee5dd5fd406ab5cf23861ab666622276648d209b07dc7277a12b5c836d51b090bc25ffd51080228654e02865ccf247391e7b743b

Download Submit
C:\Windows\system\vpGeAVw.exe

Filesize
6.0MB

MD5
e12623489c0f7040a8bc44d4a433f294

SHA1
3d41409b7f19428f4459f142e60ced0d0218712a

SHA256
f1446f32ab47c3392a0dc5d4cfbd3fed536cbfd5b77d91a47c4458af8e9f3027

SHA512
308198c329ef84879d31bfb01c263154c97da937cebb421501e801214d639d7766a94e8fb0237f903ebdedbc8ff563c2443ee69223bc00cfb17c07fdbb673ee3

Download Submit
C:\Windows\system\xtIogqZ.exe

Filesize
6.0MB

MD5
06920de2e32cb329d588939f5cf8e7f1

SHA1
0b8f91c7906b6b5765d059ad5552e53f24c0d9f1

SHA256
a15ad0d0b10873a08ebae76b6848a27a0b5da89d89873e05e299740c3fe6bbda

SHA512
78ae746e7a85b7eca75b0513a03f5dcbc7e946a35eeeb6bce6418a1df369502a5aa9039a35c3278d011f04ccb3154996eb7285a52066f667aac8e6f5b97ebadf

Download Submit
\Windows\system\FnwaTUc.exe

Filesize
6.0MB

MD5
29d32eca081f499aca15c34a9e59d104

SHA1
d63fa504ac6427335962a5b99add20c9b04531af

SHA256
469b494e2a3af208d29fa4659ed23f56e00835a2bdeb356be8ac51fe17eabba5

SHA512
ffc63accbda599c6a4ca9234c6902a99da761312f43b2826a4bb5c6976a14d90910f7a474c075502ddda97990da689520d0a53b19eed4d7f15518dda67815bf9

Download Submit
\Windows\system\PZoADRD.exe

Filesize
6.0MB

MD5
e95dee95b5d39efb40a442dac80215d4

SHA1
b6677b2e46e890cbbb932556cea89a07ec308a78

SHA256
9332ce55184577240ec13556def7df36b74ab7c9a13cf379c80d352e706cb639

SHA512
997500da087745bf608ff64b8b707b65f181c6eec6969a4e481e0bea3e66511b803ddb572c5645921455c094092fe9d7546eb5a1925f4f0219d00f439e55d71d

Download Submit
\Windows\system\UcOVOix.exe

Filesize
6.0MB

MD5
ff35114767e315cc7c1dab83afe91140

SHA1
f9f9536fb7d5d5ec6d1fbeaee2dcb4e1d1bda5a2

SHA256
feb87fd21fd7a4ad0fe6ed911ea4b134c383dd6438bc43e8b1be68987fdc70db

SHA512
fc4a8be07be928b274682aec260bd9bd6c46e48409ce92dfd66e59a0fa2f4c11822b28b800705916ed4d3a8811c0a1396bbdb1bb193a660bfc51641dba09977c

Download Submit
\Windows\system\XxrgBYs.exe

Filesize
6.0MB

MD5
dface2ad71e36fe6523923f4299aa9a8

SHA1
cad011d59a866ecaeb68460c4c63ab8752975eb6

SHA256
169c0e10e5d84193c033f9723a59f3e66c7a2062664bc014f31b56905766dd27

SHA512
2e54d15d1a5b5b565472fe6fbba8f53b4cf5034a63d2d720a98102f05467c6931fca456e0da3307df071aa35cd45048db6e6d5366b196e8ee0ec2712a58beaae

Download Submit
\Windows\system\dPdcIUq.exe

Filesize
6.0MB

MD5
6fd5810e9023481cda62be7a8befbfce

SHA1
fc7a5cdf672640b86e5ca80d9ca3f0a13e12aed4

SHA256
6a7e3c83fa4031dd7d1a377cdfb0526bba1e34917e291a6aeadf8b2628d3a60b

SHA512
c4985ce8ff580324c34baad49cc57465bb03abf4a117448eda3ed7aa59e0300ebec18a94d9e01225af83cd325ba42e4830b48f859150c97d9e1413d7ceb64cd5

Download Submit
\Windows\system\hNVaQfJ.exe

Filesize
6.0MB

MD5
54d685714106aeb2facc25c1cc69b2da

SHA1
635a4322a9f37fdac8fac29603658a74bc82c460

SHA256
22b8b27a0a6fe223b62d0fe4bacf360b7d3b5607378704e8a1c8ff4f75f23e95

SHA512
58f7b8cb65164b90851525ddf7641dd8577434cf6cdc9a7036f8b95b29803cd6b1d3996bc6c2f8b4f7f0c01e7e086c8818af493121117cf38c65971b7c75d765

Download Submit
memory/948-141-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/948-74-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/948-855-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/1452-9-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/1452-34-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/1452-859-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/1644-87-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/1644-103-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-104-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-29-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-78-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-15-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-86-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-4-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/1644-95-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-35-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/1644-0-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-342-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-63-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-254-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-20-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-47-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-199-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/1644-41-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-56-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-172-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-26-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2148-82-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-193-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-854-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-296-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-99-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-856-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-107-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-67-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-852-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-91-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2628-221-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2628-857-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2664-858-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-394-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-108-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-53-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2688-90-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2688-850-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2712-848-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2712-66-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2712-30-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2724-851-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2724-81-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2724-45-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2820-600-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2820-16-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2844-60-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-98-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-853-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-38-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2916-73-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2916-849-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2928-52-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2928-601-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2928-22-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download