cobaltstrike | 11a5726cccca65c9ac19393899a723aef2eb9e2b082cdc675e81714ea8f3475a

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 19:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

6458819ceb9107e93f7f08c1bad48f13
SHA1

b03d6a443e7ad88daf92a7a6e7f874c821f63c41
SHA256

11a5726cccca65c9ac19393899a723aef2eb9e2b082cdc675e81714ea8f3475a
SHA512

fa3f8384a3f69f04ea19dc0a001ab60f6d7402a1345b742b00a48394b79302b8516b4879ef9de1dc1a57e2346dfce177ae94cf9e17f637bf434182730ecaa7de
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUo:T+q56utgpPF8u/7o

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012119-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d2a-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d41-15.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d59-20.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d81-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f71-30.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3f-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4f-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d69-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d72-85.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017491-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018669-135.dat	cobalt_reflective_dll
behavioral1/files/0x001400000001866f-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001868b-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f8-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f2-155.dat	cobalt_reflective_dll
behavioral1/files/0x0011000000018682-145.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175e7-130.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001747d-120.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001743a-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017047-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eb4-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de0-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd9-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6d-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d63-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d47-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d36-50.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016101-41.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016241-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ff5-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 47 IoCs

miner

resource	yara_rule
behavioral1/memory/1600-0-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0007000000012119-6.dat	xmrig
behavioral1/files/0x0009000000015d2a-8.dat	xmrig
behavioral1/files/0x0008000000015d41-15.dat	xmrig
behavioral1/files/0x0008000000015d59-20.dat	xmrig
behavioral1/files/0x0008000000015d81-26.dat	xmrig
behavioral1/files/0x0007000000015f71-30.dat	xmrig
behavioral1/files/0x0006000000016d3f-55.dat	xmrig
behavioral1/files/0x0006000000016d4f-65.dat	xmrig
behavioral1/files/0x0006000000016d69-75.dat	xmrig
behavioral1/files/0x0006000000016d72-85.dat	xmrig
behavioral1/files/0x0006000000016dea-100.dat	xmrig
behavioral1/files/0x0006000000017491-125.dat	xmrig
behavioral1/files/0x0006000000018669-135.dat	xmrig
behavioral1/files/0x001400000001866f-140.dat	xmrig
behavioral1/files/0x000500000001868b-150.dat	xmrig
behavioral1/files/0x00050000000186f8-160.dat	xmrig
behavioral1/files/0x00050000000186f2-155.dat	xmrig
behavioral1/files/0x0011000000018682-145.dat	xmrig
behavioral1/files/0x00060000000175e7-130.dat	xmrig
behavioral1/files/0x000600000001747d-120.dat	xmrig
behavioral1/files/0x000600000001743a-115.dat	xmrig
behavioral1/files/0x0006000000017047-110.dat	xmrig
behavioral1/files/0x0006000000016eb4-105.dat	xmrig
behavioral1/files/0x0006000000016de0-95.dat	xmrig
behavioral1/files/0x0006000000016dd9-90.dat	xmrig
behavioral1/files/0x0006000000016d6d-80.dat	xmrig
behavioral1/files/0x0006000000016d63-70.dat	xmrig
behavioral1/files/0x0006000000016d47-60.dat	xmrig
behavioral1/files/0x0006000000016d36-50.dat	xmrig
behavioral1/files/0x0009000000016101-41.dat	xmrig
behavioral1/files/0x0009000000016241-45.dat	xmrig
behavioral1/files/0x0007000000015ff5-36.dat	xmrig
behavioral1/memory/2536-2218-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/1940-2359-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/1600-2406-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2340-2405-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2760-2407-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/1600-2408-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2816-2409-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/1600-2900-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/1600-3133-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2536-4032-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/1940-4033-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2340-4034-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2760-4035-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2816-4036-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1776	iVTkAyJ.exe
1620	LDWwfap.exe
2536	pkDidKO.exe
1940	AcNbIcf.exe
2340	bRtDNid.exe
2760	NkNbhqD.exe
2816	KHyYwoo.exe
2892	qKuZhKi.exe
2744	lOSGFMN.exe
1220	ZbwErxu.exe
2812	InxgutX.exe
2804	FjfDdRE.exe
2220	HXcjHmp.exe
2612	LwYnkms.exe
2680	blfVWWR.exe
1172	DGMyWDz.exe
992	GdCzulM.exe
2688	ufyUmsW.exe
1140	YLITZww.exe
2932	OtryLRA.exe
1224	faittIl.exe
1064	xuJCdkR.exe
1668	eYXtTKb.exe
2928	jDUBiIA.exe
636	JbwepwS.exe
1544	CkGwQhN.exe
1412	PxvcIKg.exe
2176	swRABAu.exe
628	WbhcAXy.exe
1012	XCkTHRS.exe
2028	ciqIdYa.exe
2276	lBvAlOv.exe
776	qksjoiC.exe
1744	YtIsFos.exe
1328	uYbMIou.exe
704	IpSUZWz.exe
852	YsWjcbq.exe
1888	MWZosPs.exe
1912	PrlmaJA.exe
908	CysXLBZ.exe
1780	zksdTSy.exe
1764	NgKGbJQ.exe
2568	xMsxNAW.exe
1720	lQRuPxP.exe
2352	yCBNbWJ.exe
2444	iVDkkWe.exe
2072	AxRuBYj.exe
1652	aNqIZry.exe
784	lSznLNm.exe
888	PhkAXLl.exe
2672	DMhzYNl.exe
2064	HCcpPMm.exe
2164	PERAdms.exe
1640	XIgUiJR.exe
2252	JAzBxQr.exe
1728	MvuoUQz.exe
1592	OFeIuFw.exe
2104	MkvFAQQ.exe
1924	OByvrwQ.exe
1676	fznJxzd.exe
576	aCihDIj.exe
2888	rKVuPVl.exe
2768	dZjtmSI.exe
2780	qQaCFDH.exe

Loads dropped DLL 64 IoCs

pid	Process
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 44 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1600-0-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0007000000012119-6.dat	upx
behavioral1/files/0x0009000000015d2a-8.dat	upx
behavioral1/files/0x0008000000015d41-15.dat	upx
behavioral1/files/0x0008000000015d59-20.dat	upx
behavioral1/files/0x0008000000015d81-26.dat	upx
behavioral1/files/0x0007000000015f71-30.dat	upx
behavioral1/files/0x0006000000016d3f-55.dat	upx
behavioral1/files/0x0006000000016d4f-65.dat	upx
behavioral1/files/0x0006000000016d69-75.dat	upx
behavioral1/files/0x0006000000016d72-85.dat	upx
behavioral1/files/0x0006000000016dea-100.dat	upx
behavioral1/files/0x0006000000017491-125.dat	upx
behavioral1/files/0x0006000000018669-135.dat	upx
behavioral1/files/0x001400000001866f-140.dat	upx
behavioral1/files/0x000500000001868b-150.dat	upx
behavioral1/files/0x00050000000186f8-160.dat	upx
behavioral1/files/0x00050000000186f2-155.dat	upx
behavioral1/files/0x0011000000018682-145.dat	upx
behavioral1/files/0x00060000000175e7-130.dat	upx
behavioral1/files/0x000600000001747d-120.dat	upx
behavioral1/files/0x000600000001743a-115.dat	upx
behavioral1/files/0x0006000000017047-110.dat	upx
behavioral1/files/0x0006000000016eb4-105.dat	upx
behavioral1/files/0x0006000000016de0-95.dat	upx
behavioral1/files/0x0006000000016dd9-90.dat	upx
behavioral1/files/0x0006000000016d6d-80.dat	upx
behavioral1/files/0x0006000000016d63-70.dat	upx
behavioral1/files/0x0006000000016d47-60.dat	upx
behavioral1/files/0x0006000000016d36-50.dat	upx
behavioral1/files/0x0009000000016101-41.dat	upx
behavioral1/files/0x0009000000016241-45.dat	upx
behavioral1/files/0x0007000000015ff5-36.dat	upx
behavioral1/memory/2536-2218-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/1940-2359-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2340-2405-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2760-2407-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2816-2409-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/1600-2900-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2536-4032-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/1940-4033-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2340-4034-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2760-4035-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2816-4036-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JwDsIfO.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PxvcIKg.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OByvrwQ.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYMGgUT.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxiOILv.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\usmdyOd.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpCksou.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qiZKUsA.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sUAEatm.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIPupEm.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJVKXRY.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQOwvmV.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdsPDcC.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtGtbne.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QTLuwFG.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uLezaGS.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PpWxMcy.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\osrCGPi.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\obGPrmq.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tzddZGc.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qKuZhKi.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QCTTizv.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IMqiUsm.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tGdCHqQ.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gYCwCSr.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rTlVjGu.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iDJlSQO.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ouckDnp.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GRUrOVd.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OGWWFlq.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bOJyRCZ.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUyctMv.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wWtqyDT.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DjcSvNk.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pHNLTtD.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QpHZSvz.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ENKyMSl.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mHLbAFH.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CsQRqwb.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJzTLfx.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PmxIria.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VkLexfI.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPMMdne.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HwtCpGC.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nmFTeOP.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTmWQdO.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ycdADKr.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNYyPrv.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FItVGAv.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ljxpdDv.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OkAYkfF.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UMrlZkC.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KAKXKsw.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YOFPfEe.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eothyjS.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXYwFve.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cKilQcT.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DKzpNNw.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KzmUyOi.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FaAIeHr.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHzggZF.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TGCZWra.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TWrPWHB.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sjpZdUV.exe	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 1776	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1600 wrote to memory of 1776	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1600 wrote to memory of 1776	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1600 wrote to memory of 1620	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1600 wrote to memory of 1620	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1600 wrote to memory of 1620	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1600 wrote to memory of 2536	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1600 wrote to memory of 2536	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1600 wrote to memory of 2536	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1600 wrote to memory of 1940	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1600 wrote to memory of 1940	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1600 wrote to memory of 1940	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1600 wrote to memory of 2340	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1600 wrote to memory of 2340	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1600 wrote to memory of 2340	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1600 wrote to memory of 2760	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1600 wrote to memory of 2760	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1600 wrote to memory of 2760	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1600 wrote to memory of 2816	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1600 wrote to memory of 2816	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1600 wrote to memory of 2816	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1600 wrote to memory of 2892	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1600 wrote to memory of 2892	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1600 wrote to memory of 2892	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1600 wrote to memory of 2744	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1600 wrote to memory of 2744	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1600 wrote to memory of 2744	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1600 wrote to memory of 1220	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1600 wrote to memory of 1220	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1600 wrote to memory of 1220	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1600 wrote to memory of 2812	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1600 wrote to memory of 2812	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1600 wrote to memory of 2812	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1600 wrote to memory of 2804	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1600 wrote to memory of 2804	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1600 wrote to memory of 2804	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1600 wrote to memory of 2220	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1600 wrote to memory of 2220	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1600 wrote to memory of 2220	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1600 wrote to memory of 2612	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1600 wrote to memory of 2612	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1600 wrote to memory of 2612	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1600 wrote to memory of 2680	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1600 wrote to memory of 2680	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1600 wrote to memory of 2680	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1600 wrote to memory of 1172	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1600 wrote to memory of 1172	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1600 wrote to memory of 1172	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1600 wrote to memory of 992	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1600 wrote to memory of 992	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1600 wrote to memory of 992	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1600 wrote to memory of 2688	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1600 wrote to memory of 2688	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1600 wrote to memory of 2688	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1600 wrote to memory of 1140	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1600 wrote to memory of 1140	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1600 wrote to memory of 1140	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1600 wrote to memory of 2932	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1600 wrote to memory of 2932	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1600 wrote to memory of 2932	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1600 wrote to memory of 1224	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1600 wrote to memory of 1224	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1600 wrote to memory of 1224	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1600 wrote to memory of 1064	1600	2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_6458819ceb9107e93f7f08c1bad48f13_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\System\iVTkAyJ.exe
  C:\Windows\System\iVTkAyJ.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\LDWwfap.exe
  C:\Windows\System\LDWwfap.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\pkDidKO.exe
  C:\Windows\System\pkDidKO.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\AcNbIcf.exe
  C:\Windows\System\AcNbIcf.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\bRtDNid.exe
  C:\Windows\System\bRtDNid.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\NkNbhqD.exe
  C:\Windows\System\NkNbhqD.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\KHyYwoo.exe
  C:\Windows\System\KHyYwoo.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\qKuZhKi.exe
  C:\Windows\System\qKuZhKi.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\lOSGFMN.exe
  C:\Windows\System\lOSGFMN.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\ZbwErxu.exe
  C:\Windows\System\ZbwErxu.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\InxgutX.exe
  C:\Windows\System\InxgutX.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\FjfDdRE.exe
  C:\Windows\System\FjfDdRE.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\HXcjHmp.exe
  C:\Windows\System\HXcjHmp.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\LwYnkms.exe
  C:\Windows\System\LwYnkms.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\blfVWWR.exe
  C:\Windows\System\blfVWWR.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\DGMyWDz.exe
  C:\Windows\System\DGMyWDz.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\GdCzulM.exe
  C:\Windows\System\GdCzulM.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\ufyUmsW.exe
  C:\Windows\System\ufyUmsW.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\YLITZww.exe
  C:\Windows\System\YLITZww.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\OtryLRA.exe
  C:\Windows\System\OtryLRA.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\faittIl.exe
  C:\Windows\System\faittIl.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\xuJCdkR.exe
  C:\Windows\System\xuJCdkR.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\eYXtTKb.exe
  C:\Windows\System\eYXtTKb.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\jDUBiIA.exe
  C:\Windows\System\jDUBiIA.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\JbwepwS.exe
  C:\Windows\System\JbwepwS.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\CkGwQhN.exe
  C:\Windows\System\CkGwQhN.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\PxvcIKg.exe
  C:\Windows\System\PxvcIKg.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\swRABAu.exe
  C:\Windows\System\swRABAu.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\WbhcAXy.exe
  C:\Windows\System\WbhcAXy.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\XCkTHRS.exe
  C:\Windows\System\XCkTHRS.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\ciqIdYa.exe
  C:\Windows\System\ciqIdYa.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\lBvAlOv.exe
  C:\Windows\System\lBvAlOv.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\qksjoiC.exe
  C:\Windows\System\qksjoiC.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\YtIsFos.exe
  C:\Windows\System\YtIsFos.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\uYbMIou.exe
  C:\Windows\System\uYbMIou.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\IpSUZWz.exe
  C:\Windows\System\IpSUZWz.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\YsWjcbq.exe
  C:\Windows\System\YsWjcbq.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\MWZosPs.exe
  C:\Windows\System\MWZosPs.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\PrlmaJA.exe
  C:\Windows\System\PrlmaJA.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\CysXLBZ.exe
  C:\Windows\System\CysXLBZ.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\zksdTSy.exe
  C:\Windows\System\zksdTSy.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\NgKGbJQ.exe
  C:\Windows\System\NgKGbJQ.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\xMsxNAW.exe
  C:\Windows\System\xMsxNAW.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\lQRuPxP.exe
  C:\Windows\System\lQRuPxP.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\yCBNbWJ.exe
  C:\Windows\System\yCBNbWJ.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\iVDkkWe.exe
  C:\Windows\System\iVDkkWe.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\AxRuBYj.exe
  C:\Windows\System\AxRuBYj.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\aNqIZry.exe
  C:\Windows\System\aNqIZry.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\lSznLNm.exe
  C:\Windows\System\lSznLNm.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\PhkAXLl.exe
  C:\Windows\System\PhkAXLl.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\DMhzYNl.exe
  C:\Windows\System\DMhzYNl.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\HCcpPMm.exe
  C:\Windows\System\HCcpPMm.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\PERAdms.exe
  C:\Windows\System\PERAdms.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\XIgUiJR.exe
  C:\Windows\System\XIgUiJR.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\JAzBxQr.exe
  C:\Windows\System\JAzBxQr.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\MvuoUQz.exe
  C:\Windows\System\MvuoUQz.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\OFeIuFw.exe
  C:\Windows\System\OFeIuFw.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\MkvFAQQ.exe
  C:\Windows\System\MkvFAQQ.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\OByvrwQ.exe
  C:\Windows\System\OByvrwQ.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\fznJxzd.exe
  C:\Windows\System\fznJxzd.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\aCihDIj.exe
  C:\Windows\System\aCihDIj.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\rKVuPVl.exe
  C:\Windows\System\rKVuPVl.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\dZjtmSI.exe
  C:\Windows\System\dZjtmSI.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\qQaCFDH.exe
  C:\Windows\System\qQaCFDH.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\BpJETPF.exe
  C:\Windows\System\BpJETPF.exe
  2⤵
  PID:2648
- C:\Windows\System\YYXyXSE.exe
  C:\Windows\System\YYXyXSE.exe
  2⤵
  PID:2732
- C:\Windows\System\VUIvHaD.exe
  C:\Windows\System\VUIvHaD.exe
  2⤵
  PID:1416
- C:\Windows\System\QcHwKVd.exe
  C:\Windows\System\QcHwKVd.exe
  2⤵
  PID:2656
- C:\Windows\System\QCTTizv.exe
  C:\Windows\System\QCTTizv.exe
  2⤵
  PID:1520
- C:\Windows\System\mQOwvmV.exe
  C:\Windows\System\mQOwvmV.exe
  2⤵
  PID:2716
- C:\Windows\System\TRjSDZB.exe
  C:\Windows\System\TRjSDZB.exe
  2⤵
  PID:1960
- C:\Windows\System\AqBkENH.exe
  C:\Windows\System\AqBkENH.exe
  2⤵
  PID:2432
- C:\Windows\System\tIHELPZ.exe
  C:\Windows\System\tIHELPZ.exe
  2⤵
  PID:2964
- C:\Windows\System\hYFbUld.exe
  C:\Windows\System\hYFbUld.exe
  2⤵
  PID:2272
- C:\Windows\System\hqfeUdy.exe
  C:\Windows\System\hqfeUdy.exe
  2⤵
  PID:2464
- C:\Windows\System\YTmWQdO.exe
  C:\Windows\System\YTmWQdO.exe
  2⤵
  PID:1972
- C:\Windows\System\QZPzumc.exe
  C:\Windows\System\QZPzumc.exe
  2⤵
  PID:1180
- C:\Windows\System\chPgBMx.exe
  C:\Windows\System\chPgBMx.exe
  2⤵
  PID:772
- C:\Windows\System\mKVrbxd.exe
  C:\Windows\System\mKVrbxd.exe
  2⤵
  PID:1088
- C:\Windows\System\kGGMmvT.exe
  C:\Windows\System\kGGMmvT.exe
  2⤵
  PID:1820
- C:\Windows\System\tAhLdIW.exe
  C:\Windows\System\tAhLdIW.exe
  2⤵
  PID:1356
- C:\Windows\System\nHEkfsH.exe
  C:\Windows\System\nHEkfsH.exe
  2⤵
  PID:920
- C:\Windows\System\LcZtSzi.exe
  C:\Windows\System\LcZtSzi.exe
  2⤵
  PID:1524
- C:\Windows\System\EHUdUWm.exe
  C:\Windows\System\EHUdUWm.exe
  2⤵
  PID:1788
- C:\Windows\System\csSyiNd.exe
  C:\Windows\System\csSyiNd.exe
  2⤵
  PID:2312
- C:\Windows\System\iCbvcGw.exe
  C:\Windows\System\iCbvcGw.exe
  2⤵
  PID:1492
- C:\Windows\System\ULKssLw.exe
  C:\Windows\System\ULKssLw.exe
  2⤵
  PID:2328
- C:\Windows\System\WsEPirb.exe
  C:\Windows\System\WsEPirb.exe
  2⤵
  PID:2508
- C:\Windows\System\JpvQRuB.exe
  C:\Windows\System\JpvQRuB.exe
  2⤵
  PID:1632
- C:\Windows\System\wUlKXyf.exe
  C:\Windows\System\wUlKXyf.exe
  2⤵
  PID:1644
- C:\Windows\System\iDUpEPO.exe
  C:\Windows\System\iDUpEPO.exe
  2⤵
  PID:3024
- C:\Windows\System\ndSbJjf.exe
  C:\Windows\System\ndSbJjf.exe
  2⤵
  PID:1688
- C:\Windows\System\UnSiMDH.exe
  C:\Windows\System\UnSiMDH.exe
  2⤵
  PID:2572
- C:\Windows\System\ZMKiWdd.exe
  C:\Windows\System\ZMKiWdd.exe
  2⤵
  PID:2860
- C:\Windows\System\ALdVzJc.exe
  C:\Windows\System\ALdVzJc.exe
  2⤵
  PID:2936
- C:\Windows\System\NatkReB.exe
  C:\Windows\System\NatkReB.exe
  2⤵
  PID:2660
- C:\Windows\System\DNqMOhc.exe
  C:\Windows\System\DNqMOhc.exe
  2⤵
  PID:2640
- C:\Windows\System\ExfERbR.exe
  C:\Windows\System\ExfERbR.exe
  2⤵
  PID:2232
- C:\Windows\System\huSAPoO.exe
  C:\Windows\System\huSAPoO.exe
  2⤵
  PID:848
- C:\Windows\System\SSBTChz.exe
  C:\Windows\System\SSBTChz.exe
  2⤵
  PID:1260
- C:\Windows\System\SVsgfhh.exe
  C:\Windows\System\SVsgfhh.exe
  2⤵
  PID:2284
- C:\Windows\System\zUnfuJQ.exe
  C:\Windows\System\zUnfuJQ.exe
  2⤵
  PID:2504
- C:\Windows\System\UAQoXaW.exe
  C:\Windows\System\UAQoXaW.exe
  2⤵
  PID:2172
- C:\Windows\System\sQUdOXB.exe
  C:\Windows\System\sQUdOXB.exe
  2⤵
  PID:440
- C:\Windows\System\XhICWaG.exe
  C:\Windows\System\XhICWaG.exe
  2⤵
  PID:936
- C:\Windows\System\CtWWXxQ.exe
  C:\Windows\System\CtWWXxQ.exe
  2⤵
  PID:2376
- C:\Windows\System\jfqbtdi.exe
  C:\Windows\System\jfqbtdi.exe
  2⤵
  PID:560
- C:\Windows\System\YsHTnpd.exe
  C:\Windows\System\YsHTnpd.exe
  2⤵
  PID:1376
- C:\Windows\System\muWXqlb.exe
  C:\Windows\System\muWXqlb.exe
  2⤵
  PID:324
- C:\Windows\System\zNRBCge.exe
  C:\Windows\System\zNRBCge.exe
  2⤵
  PID:2248
- C:\Windows\System\aUMJBMZ.exe
  C:\Windows\System\aUMJBMZ.exe
  2⤵
  PID:896
- C:\Windows\System\ItsanYL.exe
  C:\Windows\System\ItsanYL.exe
  2⤵
  PID:2348
- C:\Windows\System\KzmUyOi.exe
  C:\Windows\System\KzmUyOi.exe
  2⤵
  PID:1244
- C:\Windows\System\gfsDNCJ.exe
  C:\Windows\System\gfsDNCJ.exe
  2⤵
  PID:2772
- C:\Windows\System\pvMjLjl.exe
  C:\Windows\System\pvMjLjl.exe
  2⤵
  PID:3080
- C:\Windows\System\PEfJrXN.exe
  C:\Windows\System\PEfJrXN.exe
  2⤵
  PID:3104
- C:\Windows\System\RbwfIEw.exe
  C:\Windows\System\RbwfIEw.exe
  2⤵
  PID:3120
- C:\Windows\System\SgTzIJD.exe
  C:\Windows\System\SgTzIJD.exe
  2⤵
  PID:3136
- C:\Windows\System\flZTYwr.exe
  C:\Windows\System\flZTYwr.exe
  2⤵
  PID:3160
- C:\Windows\System\nvEMAWR.exe
  C:\Windows\System\nvEMAWR.exe
  2⤵
  PID:3184
- C:\Windows\System\TrkqOzm.exe
  C:\Windows\System\TrkqOzm.exe
  2⤵
  PID:3204
- C:\Windows\System\KTGnFfO.exe
  C:\Windows\System\KTGnFfO.exe
  2⤵
  PID:3224
- C:\Windows\System\anPZJrH.exe
  C:\Windows\System\anPZJrH.exe
  2⤵
  PID:3240
- C:\Windows\System\vnTsjZD.exe
  C:\Windows\System\vnTsjZD.exe
  2⤵
  PID:3260
- C:\Windows\System\TwRircX.exe
  C:\Windows\System\TwRircX.exe
  2⤵
  PID:3280
- C:\Windows\System\WCeAneJ.exe
  C:\Windows\System\WCeAneJ.exe
  2⤵
  PID:3300
- C:\Windows\System\PLQcnQw.exe
  C:\Windows\System\PLQcnQw.exe
  2⤵
  PID:3320
- C:\Windows\System\YFJeAHm.exe
  C:\Windows\System\YFJeAHm.exe
  2⤵
  PID:3344
- C:\Windows\System\AMknwUB.exe
  C:\Windows\System\AMknwUB.exe
  2⤵
  PID:3364
- C:\Windows\System\TOvxkbU.exe
  C:\Windows\System\TOvxkbU.exe
  2⤵
  PID:3384
- C:\Windows\System\INFqnJK.exe
  C:\Windows\System\INFqnJK.exe
  2⤵
  PID:3400
- C:\Windows\System\MWHIqTm.exe
  C:\Windows\System\MWHIqTm.exe
  2⤵
  PID:3424
- C:\Windows\System\sAaVjaT.exe
  C:\Windows\System\sAaVjaT.exe
  2⤵
  PID:3444
- C:\Windows\System\YaNsARD.exe
  C:\Windows\System\YaNsARD.exe
  2⤵
  PID:3464
- C:\Windows\System\YtBXiTv.exe
  C:\Windows\System\YtBXiTv.exe
  2⤵
  PID:3480
- C:\Windows\System\CJTdXWe.exe
  C:\Windows\System\CJTdXWe.exe
  2⤵
  PID:3504
- C:\Windows\System\tAiMzvd.exe
  C:\Windows\System\tAiMzvd.exe
  2⤵
  PID:3524
- C:\Windows\System\LwJTubF.exe
  C:\Windows\System\LwJTubF.exe
  2⤵
  PID:3544
- C:\Windows\System\URZpOjW.exe
  C:\Windows\System\URZpOjW.exe
  2⤵
  PID:3564
- C:\Windows\System\GGPvldx.exe
  C:\Windows\System\GGPvldx.exe
  2⤵
  PID:3584
- C:\Windows\System\PcOkOEk.exe
  C:\Windows\System\PcOkOEk.exe
  2⤵
  PID:3600
- C:\Windows\System\CkQZIGt.exe
  C:\Windows\System\CkQZIGt.exe
  2⤵
  PID:3624
- C:\Windows\System\HqpgaLA.exe
  C:\Windows\System\HqpgaLA.exe
  2⤵
  PID:3644
- C:\Windows\System\USwXCdN.exe
  C:\Windows\System\USwXCdN.exe
  2⤵
  PID:3664
- C:\Windows\System\IWWGTHI.exe
  C:\Windows\System\IWWGTHI.exe
  2⤵
  PID:3684
- C:\Windows\System\HDXNByy.exe
  C:\Windows\System\HDXNByy.exe
  2⤵
  PID:3704
- C:\Windows\System\IhGEZIV.exe
  C:\Windows\System\IhGEZIV.exe
  2⤵
  PID:3724
- C:\Windows\System\jmDXDQn.exe
  C:\Windows\System\jmDXDQn.exe
  2⤵
  PID:3744
- C:\Windows\System\DfdJYMa.exe
  C:\Windows\System\DfdJYMa.exe
  2⤵
  PID:3764
- C:\Windows\System\cwrrWME.exe
  C:\Windows\System\cwrrWME.exe
  2⤵
  PID:3788
- C:\Windows\System\XjuGgMc.exe
  C:\Windows\System\XjuGgMc.exe
  2⤵
  PID:3808
- C:\Windows\System\sukyDAo.exe
  C:\Windows\System\sukyDAo.exe
  2⤵
  PID:3828
- C:\Windows\System\fqIeDFE.exe
  C:\Windows\System\fqIeDFE.exe
  2⤵
  PID:3848
- C:\Windows\System\QfvRjaa.exe
  C:\Windows\System\QfvRjaa.exe
  2⤵
  PID:3868
- C:\Windows\System\nVhvwbW.exe
  C:\Windows\System\nVhvwbW.exe
  2⤵
  PID:3888
- C:\Windows\System\ntFlkCs.exe
  C:\Windows\System\ntFlkCs.exe
  2⤵
  PID:3908
- C:\Windows\System\soaJpWS.exe
  C:\Windows\System\soaJpWS.exe
  2⤵
  PID:3928
- C:\Windows\System\YbxvKyU.exe
  C:\Windows\System\YbxvKyU.exe
  2⤵
  PID:3948
- C:\Windows\System\VmbWDFl.exe
  C:\Windows\System\VmbWDFl.exe
  2⤵
  PID:3968
- C:\Windows\System\hfwsxMw.exe
  C:\Windows\System\hfwsxMw.exe
  2⤵
  PID:3988
- C:\Windows\System\hNudiwu.exe
  C:\Windows\System\hNudiwu.exe
  2⤵
  PID:4008
- C:\Windows\System\mJFWiQU.exe
  C:\Windows\System\mJFWiQU.exe
  2⤵
  PID:4028
- C:\Windows\System\blNprhr.exe
  C:\Windows\System\blNprhr.exe
  2⤵
  PID:4048
- C:\Windows\System\xdWFCNu.exe
  C:\Windows\System\xdWFCNu.exe
  2⤵
  PID:4068
- C:\Windows\System\nerSfyi.exe
  C:\Windows\System\nerSfyi.exe
  2⤵
  PID:4088
- C:\Windows\System\rXmVCTz.exe
  C:\Windows\System\rXmVCTz.exe
  2⤵
  PID:2188
- C:\Windows\System\GjdRHIX.exe
  C:\Windows\System\GjdRHIX.exe
  2⤵
  PID:2756
- C:\Windows\System\FaAIeHr.exe
  C:\Windows\System\FaAIeHr.exe
  2⤵
  PID:988
- C:\Windows\System\vAlmcmF.exe
  C:\Windows\System\vAlmcmF.exe
  2⤵
  PID:2872
- C:\Windows\System\lhxibwd.exe
  C:\Windows\System\lhxibwd.exe
  2⤵
  PID:1968
- C:\Windows\System\zesfmMH.exe
  C:\Windows\System\zesfmMH.exe
  2⤵
  PID:2192
- C:\Windows\System\PCDgGxQ.exe
  C:\Windows\System\PCDgGxQ.exe
  2⤵
  PID:2056
- C:\Windows\System\MfyLKOj.exe
  C:\Windows\System\MfyLKOj.exe
  2⤵
  PID:2116
- C:\Windows\System\tKFJXSK.exe
  C:\Windows\System\tKFJXSK.exe
  2⤵
  PID:2196
- C:\Windows\System\gwxQUpm.exe
  C:\Windows\System\gwxQUpm.exe
  2⤵
  PID:3092
- C:\Windows\System\VVpeGHy.exe
  C:\Windows\System\VVpeGHy.exe
  2⤵
  PID:1712
- C:\Windows\System\ouckDnp.exe
  C:\Windows\System\ouckDnp.exe
  2⤵
  PID:3132
- C:\Windows\System\rdsPDcC.exe
  C:\Windows\System\rdsPDcC.exe
  2⤵
  PID:3144
- C:\Windows\System\RBiMhLz.exe
  C:\Windows\System\RBiMhLz.exe
  2⤵
  PID:3192
- C:\Windows\System\MNLlpjI.exe
  C:\Windows\System\MNLlpjI.exe
  2⤵
  PID:3248
- C:\Windows\System\GZjOZsz.exe
  C:\Windows\System\GZjOZsz.exe
  2⤵
  PID:3236
- C:\Windows\System\bjsMmpI.exe
  C:\Windows\System\bjsMmpI.exe
  2⤵
  PID:3272
- C:\Windows\System\SRdNNVz.exe
  C:\Windows\System\SRdNNVz.exe
  2⤵
  PID:3308
- C:\Windows\System\wmiJdiR.exe
  C:\Windows\System\wmiJdiR.exe
  2⤵
  PID:3380
- C:\Windows\System\lGoHCyh.exe
  C:\Windows\System\lGoHCyh.exe
  2⤵
  PID:3416
- C:\Windows\System\gzRbAzj.exe
  C:\Windows\System\gzRbAzj.exe
  2⤵
  PID:3396
- C:\Windows\System\wlMkUfL.exe
  C:\Windows\System\wlMkUfL.exe
  2⤵
  PID:3436
- C:\Windows\System\fCFyDMM.exe
  C:\Windows\System\fCFyDMM.exe
  2⤵
  PID:3496
- C:\Windows\System\uHzggZF.exe
  C:\Windows\System\uHzggZF.exe
  2⤵
  PID:3540
- C:\Windows\System\BhYJhnw.exe
  C:\Windows\System\BhYJhnw.exe
  2⤵
  PID:3560
- C:\Windows\System\abCPmzb.exe
  C:\Windows\System\abCPmzb.exe
  2⤵
  PID:3576
- C:\Windows\System\RGzyqSn.exe
  C:\Windows\System\RGzyqSn.exe
  2⤵
  PID:3616
- C:\Windows\System\MstxspA.exe
  C:\Windows\System\MstxspA.exe
  2⤵
  PID:3660
- C:\Windows\System\JQbllni.exe
  C:\Windows\System\JQbllni.exe
  2⤵
  PID:3696
- C:\Windows\System\JSRJrWS.exe
  C:\Windows\System\JSRJrWS.exe
  2⤵
  PID:3740
- C:\Windows\System\ViYUqQC.exe
  C:\Windows\System\ViYUqQC.exe
  2⤵
  PID:3772
- C:\Windows\System\GRLMOAt.exe
  C:\Windows\System\GRLMOAt.exe
  2⤵
  PID:3816
- C:\Windows\System\eLZscOI.exe
  C:\Windows\System\eLZscOI.exe
  2⤵
  PID:3836
- C:\Windows\System\CfJMGZw.exe
  C:\Windows\System\CfJMGZw.exe
  2⤵
  PID:3860
- C:\Windows\System\aRFzHln.exe
  C:\Windows\System\aRFzHln.exe
  2⤵
  PID:3904
- C:\Windows\System\iKSgKjM.exe
  C:\Windows\System\iKSgKjM.exe
  2⤵
  PID:3924
- C:\Windows\System\EBcMFGf.exe
  C:\Windows\System\EBcMFGf.exe
  2⤵
  PID:3984
- C:\Windows\System\CwOhpIc.exe
  C:\Windows\System\CwOhpIc.exe
  2⤵
  PID:4016
- C:\Windows\System\aLhkJBS.exe
  C:\Windows\System\aLhkJBS.exe
  2⤵
  PID:4036
- C:\Windows\System\VjUmKMq.exe
  C:\Windows\System\VjUmKMq.exe
  2⤵
  PID:4076
- C:\Windows\System\cFvNuMp.exe
  C:\Windows\System\cFvNuMp.exe
  2⤵
  PID:2320
- C:\Windows\System\zIWEcWv.exe
  C:\Windows\System\zIWEcWv.exe
  2⤵
  PID:2868
- C:\Windows\System\TiVrvaZ.exe
  C:\Windows\System\TiVrvaZ.exe
  2⤵
  PID:1388
- C:\Windows\System\EHAEYuN.exe
  C:\Windows\System\EHAEYuN.exe
  2⤵
  PID:1152
- C:\Windows\System\JWowzTy.exe
  C:\Windows\System\JWowzTy.exe
  2⤵
  PID:1384
- C:\Windows\System\otSgscF.exe
  C:\Windows\System\otSgscF.exe
  2⤵
  PID:3016
- C:\Windows\System\SocIFpr.exe
  C:\Windows\System\SocIFpr.exe
  2⤵
  PID:3156
- C:\Windows\System\ZZIZuZV.exe
  C:\Windows\System\ZZIZuZV.exe
  2⤵
  PID:3112
- C:\Windows\System\WIIOnab.exe
  C:\Windows\System\WIIOnab.exe
  2⤵
  PID:3336
- C:\Windows\System\qSVrnpA.exe
  C:\Windows\System\qSVrnpA.exe
  2⤵
  PID:3332
- C:\Windows\System\UYMGgUT.exe
  C:\Windows\System\UYMGgUT.exe
  2⤵
  PID:3328
- C:\Windows\System\hQTWrAm.exe
  C:\Windows\System\hQTWrAm.exe
  2⤵
  PID:3316
- C:\Windows\System\ezKVEnL.exe
  C:\Windows\System\ezKVEnL.exe
  2⤵
  PID:3420
- C:\Windows\System\mfNGBtD.exe
  C:\Windows\System\mfNGBtD.exe
  2⤵
  PID:3492
- C:\Windows\System\EymWqRl.exe
  C:\Windows\System\EymWqRl.exe
  2⤵
  PID:3516
- C:\Windows\System\iFSBOez.exe
  C:\Windows\System\iFSBOez.exe
  2⤵
  PID:3636
- C:\Windows\System\LkCgSzn.exe
  C:\Windows\System\LkCgSzn.exe
  2⤵
  PID:3596
- C:\Windows\System\WXyOVWd.exe
  C:\Windows\System\WXyOVWd.exe
  2⤵
  PID:3672
- C:\Windows\System\rESJfAx.exe
  C:\Windows\System\rESJfAx.exe
  2⤵
  PID:3856
- C:\Windows\System\XqAhRjD.exe
  C:\Windows\System\XqAhRjD.exe
  2⤵
  PID:3820
- C:\Windows\System\nZOpgHR.exe
  C:\Windows\System\nZOpgHR.exe
  2⤵
  PID:3944
- C:\Windows\System\fMHvfxG.exe
  C:\Windows\System\fMHvfxG.exe
  2⤵
  PID:3960
- C:\Windows\System\lOgyFpM.exe
  C:\Windows\System\lOgyFpM.exe
  2⤵
  PID:3964
- C:\Windows\System\DIQGLNo.exe
  C:\Windows\System\DIQGLNo.exe
  2⤵
  PID:4056
- C:\Windows\System\YprZyFC.exe
  C:\Windows\System\YprZyFC.exe
  2⤵
  PID:2696
- C:\Windows\System\JYEBNSc.exe
  C:\Windows\System\JYEBNSc.exe
  2⤵
  PID:2440
- C:\Windows\System\sUANTtK.exe
  C:\Windows\System\sUANTtK.exe
  2⤵
  PID:876
- C:\Windows\System\chwaAaU.exe
  C:\Windows\System\chwaAaU.exe
  2⤵
  PID:3100
- C:\Windows\System\kCNAIZP.exe
  C:\Windows\System\kCNAIZP.exe
  2⤵
  PID:3148
- C:\Windows\System\LVJvrul.exe
  C:\Windows\System\LVJvrul.exe
  2⤵
  PID:3200
- C:\Windows\System\raoxvhF.exe
  C:\Windows\System\raoxvhF.exe
  2⤵
  PID:3220
- C:\Windows\System\eUerWGU.exe
  C:\Windows\System\eUerWGU.exe
  2⤵
  PID:3488
- C:\Windows\System\fLulmHa.exe
  C:\Windows\System\fLulmHa.exe
  2⤵
  PID:4104
- C:\Windows\System\wDXSVBS.exe
  C:\Windows\System\wDXSVBS.exe
  2⤵
  PID:4124
- C:\Windows\System\ZhynJBn.exe
  C:\Windows\System\ZhynJBn.exe
  2⤵
  PID:4144
- C:\Windows\System\qDTsDUw.exe
  C:\Windows\System\qDTsDUw.exe
  2⤵
  PID:4164
- C:\Windows\System\BzLICPh.exe
  C:\Windows\System\BzLICPh.exe
  2⤵
  PID:4180
- C:\Windows\System\pMkCRyz.exe
  C:\Windows\System\pMkCRyz.exe
  2⤵
  PID:4196
- C:\Windows\System\OPYsmKG.exe
  C:\Windows\System\OPYsmKG.exe
  2⤵
  PID:4220
- C:\Windows\System\xsKDBez.exe
  C:\Windows\System\xsKDBez.exe
  2⤵
  PID:4240
- C:\Windows\System\zwKNtON.exe
  C:\Windows\System\zwKNtON.exe
  2⤵
  PID:4264
- C:\Windows\System\qDuWVWr.exe
  C:\Windows\System\qDuWVWr.exe
  2⤵
  PID:4284
- C:\Windows\System\IuMUThP.exe
  C:\Windows\System\IuMUThP.exe
  2⤵
  PID:4304
- C:\Windows\System\XENLXtS.exe
  C:\Windows\System\XENLXtS.exe
  2⤵
  PID:4324
- C:\Windows\System\LHTkHVh.exe
  C:\Windows\System\LHTkHVh.exe
  2⤵
  PID:4344
- C:\Windows\System\dLMXbKR.exe
  C:\Windows\System\dLMXbKR.exe
  2⤵
  PID:4364
- C:\Windows\System\IPkKizk.exe
  C:\Windows\System\IPkKizk.exe
  2⤵
  PID:4384
- C:\Windows\System\ISZPulU.exe
  C:\Windows\System\ISZPulU.exe
  2⤵
  PID:4404
- C:\Windows\System\QpHZSvz.exe
  C:\Windows\System\QpHZSvz.exe
  2⤵
  PID:4424
- C:\Windows\System\FiyUgGh.exe
  C:\Windows\System\FiyUgGh.exe
  2⤵
  PID:4444
- C:\Windows\System\MDhUuYh.exe
  C:\Windows\System\MDhUuYh.exe
  2⤵
  PID:4460
- C:\Windows\System\hnzneqz.exe
  C:\Windows\System\hnzneqz.exe
  2⤵
  PID:4480
- C:\Windows\System\NCKGvBN.exe
  C:\Windows\System\NCKGvBN.exe
  2⤵
  PID:4504
- C:\Windows\System\pLlWLwY.exe
  C:\Windows\System\pLlWLwY.exe
  2⤵
  PID:4524
- C:\Windows\System\nQvKcOj.exe
  C:\Windows\System\nQvKcOj.exe
  2⤵
  PID:4544
- C:\Windows\System\jfZsBco.exe
  C:\Windows\System\jfZsBco.exe
  2⤵
  PID:4564
- C:\Windows\System\ZFyGnaV.exe
  C:\Windows\System\ZFyGnaV.exe
  2⤵
  PID:4584
- C:\Windows\System\FfnwOvR.exe
  C:\Windows\System\FfnwOvR.exe
  2⤵
  PID:4604
- C:\Windows\System\ENKyMSl.exe
  C:\Windows\System\ENKyMSl.exe
  2⤵
  PID:4620
- C:\Windows\System\ffcvHvr.exe
  C:\Windows\System\ffcvHvr.exe
  2⤵
  PID:4636
- C:\Windows\System\gyDyQAW.exe
  C:\Windows\System\gyDyQAW.exe
  2⤵
  PID:4668
- C:\Windows\System\mrYOsuf.exe
  C:\Windows\System\mrYOsuf.exe
  2⤵
  PID:4684
- C:\Windows\System\GfVDUdk.exe
  C:\Windows\System\GfVDUdk.exe
  2⤵
  PID:4708
- C:\Windows\System\SauGyPe.exe
  C:\Windows\System\SauGyPe.exe
  2⤵
  PID:4724
- C:\Windows\System\zcnYmFV.exe
  C:\Windows\System\zcnYmFV.exe
  2⤵
  PID:4744
- C:\Windows\System\ljVMNUR.exe
  C:\Windows\System\ljVMNUR.exe
  2⤵
  PID:4764
- C:\Windows\System\UfxsAln.exe
  C:\Windows\System\UfxsAln.exe
  2⤵
  PID:4784
- C:\Windows\System\RhoJXVO.exe
  C:\Windows\System\RhoJXVO.exe
  2⤵
  PID:4808
- C:\Windows\System\LzqTaxI.exe
  C:\Windows\System\LzqTaxI.exe
  2⤵
  PID:4824
- C:\Windows\System\DaWgcRo.exe
  C:\Windows\System\DaWgcRo.exe
  2⤵
  PID:4852
- C:\Windows\System\OzfYGTA.exe
  C:\Windows\System\OzfYGTA.exe
  2⤵
  PID:4872
- C:\Windows\System\hQiKVMO.exe
  C:\Windows\System\hQiKVMO.exe
  2⤵
  PID:4892
- C:\Windows\System\yKvkKoe.exe
  C:\Windows\System\yKvkKoe.exe
  2⤵
  PID:4908
- C:\Windows\System\qjlYcWY.exe
  C:\Windows\System\qjlYcWY.exe
  2⤵
  PID:4928
- C:\Windows\System\EKgvaSr.exe
  C:\Windows\System\EKgvaSr.exe
  2⤵
  PID:4952
- C:\Windows\System\jJfOijP.exe
  C:\Windows\System\jJfOijP.exe
  2⤵
  PID:4972
- C:\Windows\System\jPweZfa.exe
  C:\Windows\System\jPweZfa.exe
  2⤵
  PID:4992
- C:\Windows\System\IVFLDQW.exe
  C:\Windows\System\IVFLDQW.exe
  2⤵
  PID:5012
- C:\Windows\System\VaoDeEi.exe
  C:\Windows\System\VaoDeEi.exe
  2⤵
  PID:5032
- C:\Windows\System\bqSjUBB.exe
  C:\Windows\System\bqSjUBB.exe
  2⤵
  PID:5052
- C:\Windows\System\LUUIgQm.exe
  C:\Windows\System\LUUIgQm.exe
  2⤵
  PID:5072
- C:\Windows\System\TGCZWra.exe
  C:\Windows\System\TGCZWra.exe
  2⤵
  PID:5092
- C:\Windows\System\oeHwYKc.exe
  C:\Windows\System\oeHwYKc.exe
  2⤵
  PID:5108
- C:\Windows\System\eejnHqY.exe
  C:\Windows\System\eejnHqY.exe
  2⤵
  PID:3652
- C:\Windows\System\XVLgOQL.exe
  C:\Windows\System\XVLgOQL.exe
  2⤵
  PID:3776
- C:\Windows\System\zvIawjP.exe
  C:\Windows\System\zvIawjP.exe
  2⤵
  PID:3796
- C:\Windows\System\lFvuScO.exe
  C:\Windows\System\lFvuScO.exe
  2⤵
  PID:3752
- C:\Windows\System\hmmSdNl.exe
  C:\Windows\System\hmmSdNl.exe
  2⤵
  PID:3864
- C:\Windows\System\hUypfPJ.exe
  C:\Windows\System\hUypfPJ.exe
  2⤵
  PID:4020
- C:\Windows\System\QMtMGct.exe
  C:\Windows\System\QMtMGct.exe
  2⤵
  PID:2912
- C:\Windows\System\CGTKwNX.exe
  C:\Windows\System\CGTKwNX.exe
  2⤵
  PID:2096
- C:\Windows\System\ycdADKr.exe
  C:\Windows\System\ycdADKr.exe
  2⤵
  PID:3340
- C:\Windows\System\pnsilob.exe
  C:\Windows\System\pnsilob.exe
  2⤵
  PID:3076
- C:\Windows\System\oIqhIxZ.exe
  C:\Windows\System\oIqhIxZ.exe
  2⤵
  PID:3412
- C:\Windows\System\jZiAzlj.exe
  C:\Windows\System\jZiAzlj.exe
  2⤵
  PID:3352
- C:\Windows\System\BtGtbne.exe
  C:\Windows\System\BtGtbne.exe
  2⤵
  PID:4136
- C:\Windows\System\WVxzAyO.exe
  C:\Windows\System\WVxzAyO.exe
  2⤵
  PID:4172
- C:\Windows\System\IgLqROP.exe
  C:\Windows\System\IgLqROP.exe
  2⤵
  PID:4216
- C:\Windows\System\ruboFFB.exe
  C:\Windows\System\ruboFFB.exe
  2⤵
  PID:4276
- C:\Windows\System\tPfzhpL.exe
  C:\Windows\System\tPfzhpL.exe
  2⤵
  PID:4256
- C:\Windows\System\ehjydNS.exe
  C:\Windows\System\ehjydNS.exe
  2⤵
  PID:4300
- C:\Windows\System\KPCCpew.exe
  C:\Windows\System\KPCCpew.exe
  2⤵
  PID:4400
- C:\Windows\System\QEPeKyg.exe
  C:\Windows\System\QEPeKyg.exe
  2⤵
  PID:4436
- C:\Windows\System\DGcAXaw.exe
  C:\Windows\System\DGcAXaw.exe
  2⤵
  PID:4468
- C:\Windows\System\xcmAESa.exe
  C:\Windows\System\xcmAESa.exe
  2⤵
  PID:4420
- C:\Windows\System\erRiXfn.exe
  C:\Windows\System\erRiXfn.exe
  2⤵
  PID:4492
- C:\Windows\System\vzVEVyS.exe
  C:\Windows\System\vzVEVyS.exe
  2⤵
  PID:4560
- C:\Windows\System\SAUPsAE.exe
  C:\Windows\System\SAUPsAE.exe
  2⤵
  PID:4500
- C:\Windows\System\OntWGiE.exe
  C:\Windows\System\OntWGiE.exe
  2⤵
  PID:4536
- C:\Windows\System\wJUELPR.exe
  C:\Windows\System\wJUELPR.exe
  2⤵
  PID:4612
- C:\Windows\System\alhGzqZ.exe
  C:\Windows\System\alhGzqZ.exe
  2⤵
  PID:4648
- C:\Windows\System\QpyLsvd.exe
  C:\Windows\System\QpyLsvd.exe
  2⤵
  PID:4752
- C:\Windows\System\dglQJRJ.exe
  C:\Windows\System\dglQJRJ.exe
  2⤵
  PID:4804
- C:\Windows\System\FeXZVIb.exe
  C:\Windows\System\FeXZVIb.exe
  2⤵
  PID:4732
- C:\Windows\System\qQKcKfI.exe
  C:\Windows\System\qQKcKfI.exe
  2⤵
  PID:4776
- C:\Windows\System\WUfTDHi.exe
  C:\Windows\System\WUfTDHi.exe
  2⤵
  PID:4844
- C:\Windows\System\cMhwhFz.exe
  C:\Windows\System\cMhwhFz.exe
  2⤵
  PID:4880
- C:\Windows\System\AcVAEJE.exe
  C:\Windows\System\AcVAEJE.exe
  2⤵
  PID:4916
- C:\Windows\System\hUQQssP.exe
  C:\Windows\System\hUQQssP.exe
  2⤵
  PID:4904
- C:\Windows\System\GRKtQex.exe
  C:\Windows\System\GRKtQex.exe
  2⤵
  PID:4964
- C:\Windows\System\heujoOZ.exe
  C:\Windows\System\heujoOZ.exe
  2⤵
  PID:5008
- C:\Windows\System\sqmmwxR.exe
  C:\Windows\System\sqmmwxR.exe
  2⤵
  PID:5044
- C:\Windows\System\hprieJs.exe
  C:\Windows\System\hprieJs.exe
  2⤵
  PID:5080
- C:\Windows\System\VxgpLTl.exe
  C:\Windows\System\VxgpLTl.exe
  2⤵
  PID:5116
- C:\Windows\System\KXihkdL.exe
  C:\Windows\System\KXihkdL.exe
  2⤵
  PID:3520
- C:\Windows\System\pmUcMWI.exe
  C:\Windows\System\pmUcMWI.exe
  2⤵
  PID:3620
- C:\Windows\System\zMXuhlR.exe
  C:\Windows\System\zMXuhlR.exe
  2⤵
  PID:3936
- C:\Windows\System\JFfegjY.exe
  C:\Windows\System\JFfegjY.exe
  2⤵
  PID:3976
- C:\Windows\System\ChNGKUs.exe
  C:\Windows\System\ChNGKUs.exe
  2⤵
  PID:1084
- C:\Windows\System\HxiOILv.exe
  C:\Windows\System\HxiOILv.exe
  2⤵
  PID:3440
- C:\Windows\System\obGPrmq.exe
  C:\Windows\System\obGPrmq.exe
  2⤵
  PID:3372
- C:\Windows\System\fNhZdwH.exe
  C:\Windows\System\fNhZdwH.exe
  2⤵
  PID:4188
- C:\Windows\System\KLiEqiP.exe
  C:\Windows\System\KLiEqiP.exe
  2⤵
  PID:4192
- C:\Windows\System\IrZzUVQ.exe
  C:\Windows\System\IrZzUVQ.exe
  2⤵
  PID:4260
- C:\Windows\System\jZjoldo.exe
  C:\Windows\System\jZjoldo.exe
  2⤵
  PID:4356
- C:\Windows\System\hjUBVtN.exe
  C:\Windows\System\hjUBVtN.exe
  2⤵
  PID:4380
- C:\Windows\System\RusJrPM.exe
  C:\Windows\System\RusJrPM.exe
  2⤵
  PID:4660
- C:\Windows\System\CmbDMfL.exe
  C:\Windows\System\CmbDMfL.exe
  2⤵
  PID:4376
- C:\Windows\System\FMnqFdV.exe
  C:\Windows\System\FMnqFdV.exe
  2⤵
  PID:4452
- C:\Windows\System\WctJgGo.exe
  C:\Windows\System\WctJgGo.exe
  2⤵
  PID:4580
- C:\Windows\System\bvydjYH.exe
  C:\Windows\System\bvydjYH.exe
  2⤵
  PID:4664
- C:\Windows\System\lnpIByq.exe
  C:\Windows\System\lnpIByq.exe
  2⤵
  PID:4760
- C:\Windows\System\vQAyBLK.exe
  C:\Windows\System\vQAyBLK.exe
  2⤵
  PID:4816
- C:\Windows\System\bXReLSx.exe
  C:\Windows\System\bXReLSx.exe
  2⤵
  PID:4840
- C:\Windows\System\sGxndBw.exe
  C:\Windows\System\sGxndBw.exe
  2⤵
  PID:4848
- C:\Windows\System\qYwDmDu.exe
  C:\Windows\System\qYwDmDu.exe
  2⤵
  PID:4920
- C:\Windows\System\LTVovOx.exe
  C:\Windows\System\LTVovOx.exe
  2⤵
  PID:5048
- C:\Windows\System\Vwgivtc.exe
  C:\Windows\System\Vwgivtc.exe
  2⤵
  PID:5084
- C:\Windows\System\aNERtfn.exe
  C:\Windows\System\aNERtfn.exe
  2⤵
  PID:3592
- C:\Windows\System\kGOqZzG.exe
  C:\Windows\System\kGOqZzG.exe
  2⤵
  PID:3612
- C:\Windows\System\hWBxCgA.exe
  C:\Windows\System\hWBxCgA.exe
  2⤵
  PID:3176
- C:\Windows\System\ywrPDoe.exe
  C:\Windows\System\ywrPDoe.exe
  2⤵
  PID:2968
- C:\Windows\System\LuKEgqD.exe
  C:\Windows\System\LuKEgqD.exe
  2⤵
  PID:4120
- C:\Windows\System\DRTSNel.exe
  C:\Windows\System\DRTSNel.exe
  2⤵
  PID:3532
- C:\Windows\System\iMCBOft.exe
  C:\Windows\System\iMCBOft.exe
  2⤵
  PID:4316
- C:\Windows\System\wVvqgyp.exe
  C:\Windows\System\wVvqgyp.exe
  2⤵
  PID:4340
- C:\Windows\System\MQKuPNZ.exe
  C:\Windows\System\MQKuPNZ.exe
  2⤵
  PID:4516
- C:\Windows\System\VkTsXDz.exe
  C:\Windows\System\VkTsXDz.exe
  2⤵
  PID:4680
- C:\Windows\System\UtbGhVw.exe
  C:\Windows\System\UtbGhVw.exe
  2⤵
  PID:4552
- C:\Windows\System\YqVIJmq.exe
  C:\Windows\System\YqVIJmq.exe
  2⤵
  PID:5124
- C:\Windows\System\iRqRMUV.exe
  C:\Windows\System\iRqRMUV.exe
  2⤵
  PID:5140
- C:\Windows\System\AHMmQTW.exe
  C:\Windows\System\AHMmQTW.exe
  2⤵
  PID:5160
- C:\Windows\System\YmbTOvN.exe
  C:\Windows\System\YmbTOvN.exe
  2⤵
  PID:5180
- C:\Windows\System\FUmxGjR.exe
  C:\Windows\System\FUmxGjR.exe
  2⤵
  PID:5204
- C:\Windows\System\NfxFZZQ.exe
  C:\Windows\System\NfxFZZQ.exe
  2⤵
  PID:5224
- C:\Windows\System\jGPaVxH.exe
  C:\Windows\System\jGPaVxH.exe
  2⤵
  PID:5244
- C:\Windows\System\PTUDJyy.exe
  C:\Windows\System\PTUDJyy.exe
  2⤵
  PID:5264
- C:\Windows\System\LByzRtf.exe
  C:\Windows\System\LByzRtf.exe
  2⤵
  PID:5284
- C:\Windows\System\HdIrtmu.exe
  C:\Windows\System\HdIrtmu.exe
  2⤵
  PID:5304
- C:\Windows\System\vhdlAMi.exe
  C:\Windows\System\vhdlAMi.exe
  2⤵
  PID:5324
- C:\Windows\System\IzedopP.exe
  C:\Windows\System\IzedopP.exe
  2⤵
  PID:5344
- C:\Windows\System\RiddHLZ.exe
  C:\Windows\System\RiddHLZ.exe
  2⤵
  PID:5364
- C:\Windows\System\TbSxrVW.exe
  C:\Windows\System\TbSxrVW.exe
  2⤵
  PID:5380
- C:\Windows\System\mHrWcOa.exe
  C:\Windows\System\mHrWcOa.exe
  2⤵
  PID:5404
- C:\Windows\System\AiIOnCN.exe
  C:\Windows\System\AiIOnCN.exe
  2⤵
  PID:5424
- C:\Windows\System\wcDcXPA.exe
  C:\Windows\System\wcDcXPA.exe
  2⤵
  PID:5444
- C:\Windows\System\dVgvDCT.exe
  C:\Windows\System\dVgvDCT.exe
  2⤵
  PID:5464
- C:\Windows\System\GAWhkbd.exe
  C:\Windows\System\GAWhkbd.exe
  2⤵
  PID:5484
- C:\Windows\System\TWzcHUe.exe
  C:\Windows\System\TWzcHUe.exe
  2⤵
  PID:5508
- C:\Windows\System\YTpfbhU.exe
  C:\Windows\System\YTpfbhU.exe
  2⤵
  PID:5528
- C:\Windows\System\OzYgcgB.exe
  C:\Windows\System\OzYgcgB.exe
  2⤵
  PID:5548
- C:\Windows\System\hhwKGJZ.exe
  C:\Windows\System\hhwKGJZ.exe
  2⤵
  PID:5568
- C:\Windows\System\ojutnmq.exe
  C:\Windows\System\ojutnmq.exe
  2⤵
  PID:5588
- C:\Windows\System\pTvrkuk.exe
  C:\Windows\System\pTvrkuk.exe
  2⤵
  PID:5608
- C:\Windows\System\xVvAjjN.exe
  C:\Windows\System\xVvAjjN.exe
  2⤵
  PID:5624
- C:\Windows\System\YmPUJHR.exe
  C:\Windows\System\YmPUJHR.exe
  2⤵
  PID:5648
- C:\Windows\System\ZqMDAPJ.exe
  C:\Windows\System\ZqMDAPJ.exe
  2⤵
  PID:5664
- C:\Windows\System\ExRjiXz.exe
  C:\Windows\System\ExRjiXz.exe
  2⤵
  PID:5684
- C:\Windows\System\TYIJcPS.exe
  C:\Windows\System\TYIJcPS.exe
  2⤵
  PID:5704
- C:\Windows\System\vJVTdFL.exe
  C:\Windows\System\vJVTdFL.exe
  2⤵
  PID:5728
- C:\Windows\System\cLWkUFK.exe
  C:\Windows\System\cLWkUFK.exe
  2⤵
  PID:5744
- C:\Windows\System\LosbKln.exe
  C:\Windows\System\LosbKln.exe
  2⤵
  PID:5760
- C:\Windows\System\SkYTXCj.exe
  C:\Windows\System\SkYTXCj.exe
  2⤵
  PID:5784
- C:\Windows\System\iBVACKV.exe
  C:\Windows\System\iBVACKV.exe
  2⤵
  PID:5804
- C:\Windows\System\KzuOikO.exe
  C:\Windows\System\KzuOikO.exe
  2⤵
  PID:5824
- C:\Windows\System\RUMptQr.exe
  C:\Windows\System\RUMptQr.exe
  2⤵
  PID:5848
- C:\Windows\System\BnnamJp.exe
  C:\Windows\System\BnnamJp.exe
  2⤵
  PID:5868
- C:\Windows\System\wsgGRmN.exe
  C:\Windows\System\wsgGRmN.exe
  2⤵
  PID:5888
- C:\Windows\System\oNYyPrv.exe
  C:\Windows\System\oNYyPrv.exe
  2⤵
  PID:5904
- C:\Windows\System\vKqMqRU.exe
  C:\Windows\System\vKqMqRU.exe
  2⤵
  PID:5928
- C:\Windows\System\CsCGUhq.exe
  C:\Windows\System\CsCGUhq.exe
  2⤵
  PID:5948
- C:\Windows\System\MXKuiIO.exe
  C:\Windows\System\MXKuiIO.exe
  2⤵
  PID:5964
- C:\Windows\System\yCJxgXV.exe
  C:\Windows\System\yCJxgXV.exe
  2⤵
  PID:5984
- C:\Windows\System\SNBLZVd.exe
  C:\Windows\System\SNBLZVd.exe
  2⤵
  PID:6008
- C:\Windows\System\ubTxKkd.exe
  C:\Windows\System\ubTxKkd.exe
  2⤵
  PID:6028
- C:\Windows\System\wRsbYXs.exe
  C:\Windows\System\wRsbYXs.exe
  2⤵
  PID:6052
- C:\Windows\System\usmdyOd.exe
  C:\Windows\System\usmdyOd.exe
  2⤵
  PID:6072
- C:\Windows\System\qoctSJK.exe
  C:\Windows\System\qoctSJK.exe
  2⤵
  PID:6092
- C:\Windows\System\dGOVgWG.exe
  C:\Windows\System\dGOVgWG.exe
  2⤵
  PID:6112
- C:\Windows\System\lIQBVYx.exe
  C:\Windows\System\lIQBVYx.exe
  2⤵
  PID:6132
- C:\Windows\System\txCQCVb.exe
  C:\Windows\System\txCQCVb.exe
  2⤵
  PID:4792
- C:\Windows\System\qYWfGpZ.exe
  C:\Windows\System\qYWfGpZ.exe
  2⤵
  PID:5000
- C:\Windows\System\DBxHIwJ.exe
  C:\Windows\System\DBxHIwJ.exe
  2⤵
  PID:4884
- C:\Windows\System\dFzoPxm.exe
  C:\Windows\System\dFzoPxm.exe
  2⤵
  PID:3552
- C:\Windows\System\LWsLMQN.exe
  C:\Windows\System\LWsLMQN.exe
  2⤵
  PID:3252
- C:\Windows\System\eKvqdNe.exe
  C:\Windows\System\eKvqdNe.exe
  2⤵
  PID:3996
- C:\Windows\System\auQLTQN.exe
  C:\Windows\System\auQLTQN.exe
  2⤵
  PID:2428
- C:\Windows\System\wVOUrsF.exe
  C:\Windows\System\wVOUrsF.exe
  2⤵
  PID:4392
- C:\Windows\System\FWhgYMB.exe
  C:\Windows\System\FWhgYMB.exe
  2⤵
  PID:4592
- C:\Windows\System\rNTXduf.exe
  C:\Windows\System\rNTXduf.exe
  2⤵
  PID:4676
- C:\Windows\System\GRUrOVd.exe
  C:\Windows\System\GRUrOVd.exe
  2⤵
  PID:4696
- C:\Windows\System\UzznSOH.exe
  C:\Windows\System\UzznSOH.exe
  2⤵
  PID:5132
- C:\Windows\System\SfZkqVg.exe
  C:\Windows\System\SfZkqVg.exe
  2⤵
  PID:5200
- C:\Windows\System\FrwEHQo.exe
  C:\Windows\System\FrwEHQo.exe
  2⤵
  PID:5236
- C:\Windows\System\Lvcuvyb.exe
  C:\Windows\System\Lvcuvyb.exe
  2⤵
  PID:5252
- C:\Windows\System\hEDVNUW.exe
  C:\Windows\System\hEDVNUW.exe
  2⤵
  PID:5256
- C:\Windows\System\YLDsPXa.exe
  C:\Windows\System\YLDsPXa.exe
  2⤵
  PID:5320
- C:\Windows\System\FItVGAv.exe
  C:\Windows\System\FItVGAv.exe
  2⤵
  PID:5388
- C:\Windows\System\yyERBqg.exe
  C:\Windows\System\yyERBqg.exe
  2⤵
  PID:5400
- C:\Windows\System\yNIsXJj.exe
  C:\Windows\System\yNIsXJj.exe
  2⤵
  PID:5432
- C:\Windows\System\mkXryyr.exe
  C:\Windows\System\mkXryyr.exe
  2⤵
  PID:5480
- C:\Windows\System\uwQnTdo.exe
  C:\Windows\System\uwQnTdo.exe
  2⤵
  PID:5524
- C:\Windows\System\WEXJMzm.exe
  C:\Windows\System\WEXJMzm.exe
  2⤵
  PID:5564
- C:\Windows\System\wBsXYRg.exe
  C:\Windows\System\wBsXYRg.exe
  2⤵
  PID:5544
- C:\Windows\System\zLWDwmZ.exe
  C:\Windows\System\zLWDwmZ.exe
  2⤵
  PID:5600
- C:\Windows\System\xKnrdiS.exe
  C:\Windows\System\xKnrdiS.exe
  2⤵
  PID:5584
- C:\Windows\System\XPflcKM.exe
  C:\Windows\System\XPflcKM.exe
  2⤵
  PID:5676
- C:\Windows\System\biTlpvN.exe
  C:\Windows\System\biTlpvN.exe
  2⤵
  PID:5660
- C:\Windows\System\LJRcWdo.exe
  C:\Windows\System\LJRcWdo.exe
  2⤵
  PID:5720
- C:\Windows\System\Bjkqqdk.exe
  C:\Windows\System\Bjkqqdk.exe
  2⤵
  PID:5796
- C:\Windows\System\zsxkIvE.exe
  C:\Windows\System\zsxkIvE.exe
  2⤵
  PID:5836
- C:\Windows\System\zJaTaGi.exe
  C:\Windows\System\zJaTaGi.exe
  2⤵
  PID:5780
- C:\Windows\System\OfAZIkU.exe
  C:\Windows\System\OfAZIkU.exe
  2⤵
  PID:5856
- C:\Windows\System\eAAJZaO.exe
  C:\Windows\System\eAAJZaO.exe
  2⤵
  PID:5860
- C:\Windows\System\vpCksou.exe
  C:\Windows\System\vpCksou.exe
  2⤵
  PID:5896
- C:\Windows\System\lGPOJOM.exe
  C:\Windows\System\lGPOJOM.exe
  2⤵
  PID:5996
- C:\Windows\System\IHmltcl.exe
  C:\Windows\System\IHmltcl.exe
  2⤵
  PID:5976
- C:\Windows\System\JpXSZwY.exe
  C:\Windows\System\JpXSZwY.exe
  2⤵
  PID:6040
- C:\Windows\System\WmBkajF.exe
  C:\Windows\System\WmBkajF.exe
  2⤵
  PID:6024
- C:\Windows\System\dFVJkdx.exe
  C:\Windows\System\dFVJkdx.exe
  2⤵
  PID:6060
- C:\Windows\System\DaZBGKA.exe
  C:\Windows\System\DaZBGKA.exe
  2⤵
  PID:4936
- C:\Windows\System\TczDIDp.exe
  C:\Windows\System\TczDIDp.exe
  2⤵
  PID:6140
- C:\Windows\System\KpSPtDy.exe
  C:\Windows\System\KpSPtDy.exe
  2⤵
  PID:4948
- C:\Windows\System\TplUemz.exe
  C:\Windows\System\TplUemz.exe
  2⤵
  PID:4864
- C:\Windows\System\eFrhXhO.exe
  C:\Windows\System\eFrhXhO.exe
  2⤵
  PID:5100
- C:\Windows\System\fPpeQCj.exe
  C:\Windows\System\fPpeQCj.exe
  2⤵
  PID:1560
- C:\Windows\System\Xepssgd.exe
  C:\Windows\System\Xepssgd.exe
  2⤵
  PID:4208
- C:\Windows\System\pMMEOJe.exe
  C:\Windows\System\pMMEOJe.exe
  2⤵
  PID:5156
- C:\Windows\System\PwlnluV.exe
  C:\Windows\System\PwlnluV.exe
  2⤵
  PID:5232
- C:\Windows\System\rsNrMPL.exe
  C:\Windows\System\rsNrMPL.exe
  2⤵
  PID:5260
- C:\Windows\System\avLAbCL.exe
  C:\Windows\System\avLAbCL.exe
  2⤵
  PID:5356
- C:\Windows\System\CarivyM.exe
  C:\Windows\System\CarivyM.exe
  2⤵
  PID:5372
- C:\Windows\System\OLEsTVm.exe
  C:\Windows\System\OLEsTVm.exe
  2⤵
  PID:5336
- C:\Windows\System\XBrpKqq.exe
  C:\Windows\System\XBrpKqq.exe
  2⤵
  PID:5452
- C:\Windows\System\PByRfAI.exe
  C:\Windows\System\PByRfAI.exe
  2⤵
  PID:5556
- C:\Windows\System\xyPgvZh.exe
  C:\Windows\System\xyPgvZh.exe
  2⤵
  PID:5560
- C:\Windows\System\pZgawEy.exe
  C:\Windows\System\pZgawEy.exe
  2⤵
  PID:5656
- C:\Windows\System\nYGAgEG.exe
  C:\Windows\System\nYGAgEG.exe
  2⤵
  PID:5696
- C:\Windows\System\bHQZpac.exe
  C:\Windows\System\bHQZpac.exe
  2⤵
  PID:5724
- C:\Windows\System\CAnuvVc.exe
  C:\Windows\System\CAnuvVc.exe
  2⤵
  PID:5840
- C:\Windows\System\dqhvKCV.exe
  C:\Windows\System\dqhvKCV.exe
  2⤵
  PID:5912
- C:\Windows\System\DBfShaK.exe
  C:\Windows\System\DBfShaK.exe
  2⤵
  PID:5820
- C:\Windows\System\XkKGaUD.exe
  C:\Windows\System\XkKGaUD.exe
  2⤵
  PID:5916
- C:\Windows\System\QpJFedo.exe
  C:\Windows\System\QpJFedo.exe
  2⤵
  PID:5940
- C:\Windows\System\OGWWFlq.exe
  C:\Windows\System\OGWWFlq.exe
  2⤵
  PID:6020
- C:\Windows\System\CWOrswo.exe
  C:\Windows\System\CWOrswo.exe
  2⤵
  PID:6068
- C:\Windows\System\qiZKUsA.exe
  C:\Windows\System\qiZKUsA.exe
  2⤵
  PID:4360
- C:\Windows\System\QkDamKn.exe
  C:\Windows\System\QkDamKn.exe
  2⤵
  PID:4944
- C:\Windows\System\lflRhVy.exe
  C:\Windows\System\lflRhVy.exe
  2⤵
  PID:4572
- C:\Windows\System\AsLyQQX.exe
  C:\Windows\System\AsLyQQX.exe
  2⤵
  PID:5136
- C:\Windows\System\JwDsIfO.exe
  C:\Windows\System\JwDsIfO.exe
  2⤵
  PID:5292
- C:\Windows\System\FWohwHA.exe
  C:\Windows\System\FWohwHA.exe
  2⤵
  PID:5276
- C:\Windows\System\XVztPWz.exe
  C:\Windows\System\XVztPWz.exe
  2⤵
  PID:5416
- C:\Windows\System\TzlHjOc.exe
  C:\Windows\System\TzlHjOc.exe
  2⤵
  PID:5472
- C:\Windows\System\rGmRNeq.exe
  C:\Windows\System\rGmRNeq.exe
  2⤵
  PID:5636
- C:\Windows\System\VjrENQQ.exe
  C:\Windows\System\VjrENQQ.exe
  2⤵
  PID:5672
- C:\Windows\System\UAoUWZQ.exe
  C:\Windows\System\UAoUWZQ.exe
  2⤵
  PID:5772
- C:\Windows\System\NEyRmAg.exe
  C:\Windows\System\NEyRmAg.exe
  2⤵
  PID:6156
- C:\Windows\System\wYMmtEN.exe
  C:\Windows\System\wYMmtEN.exe
  2⤵
  PID:6176
- C:\Windows\System\nnkotxl.exe
  C:\Windows\System\nnkotxl.exe
  2⤵
  PID:6196
- C:\Windows\System\efiVRFJ.exe
  C:\Windows\System\efiVRFJ.exe
  2⤵
  PID:6216
- C:\Windows\System\axfWMSd.exe
  C:\Windows\System\axfWMSd.exe
  2⤵
  PID:6236
- C:\Windows\System\bASzfGO.exe
  C:\Windows\System\bASzfGO.exe
  2⤵
  PID:6256
- C:\Windows\System\kthHFMl.exe
  C:\Windows\System\kthHFMl.exe
  2⤵
  PID:6280
- C:\Windows\System\aTvCars.exe
  C:\Windows\System\aTvCars.exe
  2⤵
  PID:6300
- C:\Windows\System\YDlALcz.exe
  C:\Windows\System\YDlALcz.exe
  2⤵
  PID:6320
- C:\Windows\System\VyAyXcl.exe
  C:\Windows\System\VyAyXcl.exe
  2⤵
  PID:6340
- C:\Windows\System\evjdPbf.exe
  C:\Windows\System\evjdPbf.exe
  2⤵
  PID:6360
- C:\Windows\System\KkqeIhR.exe
  C:\Windows\System\KkqeIhR.exe
  2⤵
  PID:6380
- C:\Windows\System\eEzrheO.exe
  C:\Windows\System\eEzrheO.exe
  2⤵
  PID:6404
- C:\Windows\System\xLcCxhN.exe
  C:\Windows\System\xLcCxhN.exe
  2⤵
  PID:6424
- C:\Windows\System\SkFOWTl.exe
  C:\Windows\System\SkFOWTl.exe
  2⤵
  PID:6444
- C:\Windows\System\GqPBnML.exe
  C:\Windows\System\GqPBnML.exe
  2⤵
  PID:6460
- C:\Windows\System\yHEujpy.exe
  C:\Windows\System\yHEujpy.exe
  2⤵
  PID:6484
- C:\Windows\System\ZRrtLht.exe
  C:\Windows\System\ZRrtLht.exe
  2⤵
  PID:6504
- C:\Windows\System\JcoVGOD.exe
  C:\Windows\System\JcoVGOD.exe
  2⤵
  PID:6524
- C:\Windows\System\opIUGhZ.exe
  C:\Windows\System\opIUGhZ.exe
  2⤵
  PID:6540
- C:\Windows\System\VfxnOoz.exe
  C:\Windows\System\VfxnOoz.exe
  2⤵
  PID:6564
- C:\Windows\System\SjcWQXX.exe
  C:\Windows\System\SjcWQXX.exe
  2⤵
  PID:6584
- C:\Windows\System\fvlAgVQ.exe
  C:\Windows\System\fvlAgVQ.exe
  2⤵
  PID:6604
- C:\Windows\System\MGccyqs.exe
  C:\Windows\System\MGccyqs.exe
  2⤵
  PID:6624
- C:\Windows\System\FzzqSIK.exe
  C:\Windows\System\FzzqSIK.exe
  2⤵
  PID:6644
- C:\Windows\System\zphjzAV.exe
  C:\Windows\System\zphjzAV.exe
  2⤵
  PID:6664
- C:\Windows\System\GapWiUM.exe
  C:\Windows\System\GapWiUM.exe
  2⤵
  PID:6684
- C:\Windows\System\onxNOAx.exe
  C:\Windows\System\onxNOAx.exe
  2⤵
  PID:6704
- C:\Windows\System\vpAKQfy.exe
  C:\Windows\System\vpAKQfy.exe
  2⤵
  PID:6724
- C:\Windows\System\ouoZjCQ.exe
  C:\Windows\System\ouoZjCQ.exe
  2⤵
  PID:6744
- C:\Windows\System\mAYVYVZ.exe
  C:\Windows\System\mAYVYVZ.exe
  2⤵
  PID:6764
- C:\Windows\System\BZFxQqO.exe
  C:\Windows\System\BZFxQqO.exe
  2⤵
  PID:6784
- C:\Windows\System\WrhyAhS.exe
  C:\Windows\System\WrhyAhS.exe
  2⤵
  PID:6804
- C:\Windows\System\QCAfPDv.exe
  C:\Windows\System\QCAfPDv.exe
  2⤵
  PID:6824
- C:\Windows\System\aUyctMv.exe
  C:\Windows\System\aUyctMv.exe
  2⤵
  PID:6844
- C:\Windows\System\adVNxxl.exe
  C:\Windows\System\adVNxxl.exe
  2⤵
  PID:6864
- C:\Windows\System\anfNqnC.exe
  C:\Windows\System\anfNqnC.exe
  2⤵
  PID:6884
- C:\Windows\System\ZwzcclA.exe
  C:\Windows\System\ZwzcclA.exe
  2⤵
  PID:6904
- C:\Windows\System\TjmzBsp.exe
  C:\Windows\System\TjmzBsp.exe
  2⤵
  PID:6924
- C:\Windows\System\IcotqPp.exe
  C:\Windows\System\IcotqPp.exe
  2⤵
  PID:6944
- C:\Windows\System\agsGIqt.exe
  C:\Windows\System\agsGIqt.exe
  2⤵
  PID:6964
- C:\Windows\System\wocAAmF.exe
  C:\Windows\System\wocAAmF.exe
  2⤵
  PID:6984
- C:\Windows\System\wzBdjbP.exe
  C:\Windows\System\wzBdjbP.exe
  2⤵
  PID:7004
- C:\Windows\System\ibKPsil.exe
  C:\Windows\System\ibKPsil.exe
  2⤵
  PID:7024
- C:\Windows\System\cVYgtwW.exe
  C:\Windows\System\cVYgtwW.exe
  2⤵
  PID:7044
- C:\Windows\System\nLMfVOG.exe
  C:\Windows\System\nLMfVOG.exe
  2⤵
  PID:7064
- C:\Windows\System\fvlnnVZ.exe
  C:\Windows\System\fvlnnVZ.exe
  2⤵
  PID:7084
- C:\Windows\System\kSiMhVc.exe
  C:\Windows\System\kSiMhVc.exe
  2⤵
  PID:7104
- C:\Windows\System\SzRMShy.exe
  C:\Windows\System\SzRMShy.exe
  2⤵
  PID:7124
- C:\Windows\System\ZkHaTNw.exe
  C:\Windows\System\ZkHaTNw.exe
  2⤵
  PID:7144
- C:\Windows\System\hVEVKfH.exe
  C:\Windows\System\hVEVKfH.exe
  2⤵
  PID:7164
- C:\Windows\System\lUeFuwI.exe
  C:\Windows\System\lUeFuwI.exe
  2⤵
  PID:5864
- C:\Windows\System\oyUSAoM.exe
  C:\Windows\System\oyUSAoM.exe
  2⤵
  PID:6000
- C:\Windows\System\RChTBtl.exe
  C:\Windows\System\RChTBtl.exe
  2⤵
  PID:6016
- C:\Windows\System\mvwORUC.exe
  C:\Windows\System\mvwORUC.exe
  2⤵
  PID:4248
- C:\Windows\System\vrfBVtn.exe
  C:\Windows\System\vrfBVtn.exe
  2⤵
  PID:4532
- C:\Windows\System\lKzfgyV.exe
  C:\Windows\System\lKzfgyV.exe
  2⤵
  PID:5168
- C:\Windows\System\NcwYdyU.exe
  C:\Windows\System\NcwYdyU.exe
  2⤵
  PID:5220
- C:\Windows\System\CySsbVH.exe
  C:\Windows\System\CySsbVH.exe
  2⤵
  PID:1280
- C:\Windows\System\bbhLmLe.exe
  C:\Windows\System\bbhLmLe.exe
  2⤵
  PID:5604
- C:\Windows\System\bmUOZnt.exe
  C:\Windows\System\bmUOZnt.exe
  2⤵
  PID:6148
- C:\Windows\System\GEAQRCh.exe
  C:\Windows\System\GEAQRCh.exe
  2⤵
  PID:6184
- C:\Windows\System\SamrdAy.exe
  C:\Windows\System\SamrdAy.exe
  2⤵
  PID:6188
- C:\Windows\System\rHawAKc.exe
  C:\Windows\System\rHawAKc.exe
  2⤵
  PID:6264
- C:\Windows\System\vSEsStx.exe
  C:\Windows\System\vSEsStx.exe
  2⤵
  PID:6268
- C:\Windows\System\ljxpdDv.exe
  C:\Windows\System\ljxpdDv.exe
  2⤵
  PID:6296
- C:\Windows\System\JdqdDeo.exe
  C:\Windows\System\JdqdDeo.exe
  2⤵
  PID:6356
- C:\Windows\System\jERTDNq.exe
  C:\Windows\System\jERTDNq.exe
  2⤵
  PID:6368
- C:\Windows\System\UFiRBka.exe
  C:\Windows\System\UFiRBka.exe
  2⤵
  PID:6412
- C:\Windows\System\aXXlUBJ.exe
  C:\Windows\System\aXXlUBJ.exe
  2⤵
  PID:6468
- C:\Windows\System\YoNjzBB.exe
  C:\Windows\System\YoNjzBB.exe
  2⤵
  PID:6456
- C:\Windows\System\vgFwszZ.exe
  C:\Windows\System\vgFwszZ.exe
  2⤵
  PID:6516
- C:\Windows\System\tjZTnVn.exe
  C:\Windows\System\tjZTnVn.exe
  2⤵
  PID:6560
- C:\Windows\System\ZmimQks.exe
  C:\Windows\System\ZmimQks.exe
  2⤵
  PID:6592
- C:\Windows\System\BfZZccZ.exe
  C:\Windows\System\BfZZccZ.exe
  2⤵
  PID:6632
- C:\Windows\System\vECmUij.exe
  C:\Windows\System\vECmUij.exe
  2⤵
  PID:6616
- C:\Windows\System\kQRTUxi.exe
  C:\Windows\System\kQRTUxi.exe
  2⤵
  PID:6680
- C:\Windows\System\SogBDuP.exe
  C:\Windows\System\SogBDuP.exe
  2⤵
  PID:6700
- C:\Windows\System\YncDxkP.exe
  C:\Windows\System\YncDxkP.exe
  2⤵
  PID:6760
- C:\Windows\System\TqCyjQG.exe
  C:\Windows\System\TqCyjQG.exe
  2⤵
  PID:6792
- C:\Windows\System\VaoGnLG.exe
  C:\Windows\System\VaoGnLG.exe
  2⤵
  PID:6796
- C:\Windows\System\cIvJpqG.exe
  C:\Windows\System\cIvJpqG.exe
  2⤵
  PID:6840
- C:\Windows\System\vhcDxxc.exe
  C:\Windows\System\vhcDxxc.exe
  2⤵
  PID:6856
- C:\Windows\System\JDMHlxP.exe
  C:\Windows\System\JDMHlxP.exe
  2⤵
  PID:6916
- C:\Windows\System\dAkECKV.exe
  C:\Windows\System\dAkECKV.exe
  2⤵
  PID:6960
- C:\Windows\System\DqaFdXD.exe
  C:\Windows\System\DqaFdXD.exe
  2⤵
  PID:6972
- C:\Windows\System\IdDqHXG.exe
  C:\Windows\System\IdDqHXG.exe
  2⤵
  PID:7000
- C:\Windows\System\xXzuNdz.exe
  C:\Windows\System\xXzuNdz.exe
  2⤵
  PID:7040
- C:\Windows\System\rBHcBeF.exe
  C:\Windows\System\rBHcBeF.exe
  2⤵
  PID:7052
- C:\Windows\System\RifhyVM.exe
  C:\Windows\System\RifhyVM.exe
  2⤵
  PID:7120
- C:\Windows\System\oEXBnmz.exe
  C:\Windows\System\oEXBnmz.exe
  2⤵
  PID:7132
- C:\Windows\System\UfwdVYn.exe
  C:\Windows\System\UfwdVYn.exe
  2⤵
  PID:5960
- C:\Windows\System\wQWROMX.exe
  C:\Windows\System\wQWROMX.exe
  2⤵
  PID:5992
- C:\Windows\System\tzddZGc.exe
  C:\Windows\System\tzddZGc.exe
  2⤵
  PID:6108
- C:\Windows\System\kwQkquQ.exe
  C:\Windows\System\kwQkquQ.exe
  2⤵
  PID:4116
- C:\Windows\System\cCZQTaG.exe
  C:\Windows\System\cCZQTaG.exe
  2⤵
  PID:1336
- C:\Windows\System\IqZPQil.exe
  C:\Windows\System\IqZPQil.exe
  2⤵
  PID:5792
- C:\Windows\System\ijImoZF.exe
  C:\Windows\System\ijImoZF.exe
  2⤵
  PID:5576
- C:\Windows\System\GmBbTIc.exe
  C:\Windows\System\GmBbTIc.exe
  2⤵
  PID:6272
- C:\Windows\System\dqzUiOC.exe
  C:\Windows\System\dqzUiOC.exe
  2⤵
  PID:6232
- C:\Windows\System\ewDhuzp.exe
  C:\Windows\System\ewDhuzp.exe
  2⤵
  PID:6348
- C:\Windows\System\MtLWmiW.exe
  C:\Windows\System\MtLWmiW.exe
  2⤵
  PID:6316
- C:\Windows\System\HwISYgE.exe
  C:\Windows\System\HwISYgE.exe
  2⤵
  PID:6480
- C:\Windows\System\vifpMuH.exe
  C:\Windows\System\vifpMuH.exe
  2⤵
  PID:6436
- C:\Windows\System\crVBmEm.exe
  C:\Windows\System\crVBmEm.exe
  2⤵
  PID:6512
- C:\Windows\System\TYveFZS.exe
  C:\Windows\System\TYveFZS.exe
  2⤵
  PID:6520
- C:\Windows\System\HXhtlEo.exe
  C:\Windows\System\HXhtlEo.exe
  2⤵
  PID:4888
- C:\Windows\System\jCjSRyu.exe
  C:\Windows\System\jCjSRyu.exe
  2⤵
  PID:6732
- C:\Windows\System\OFxcWXC.exe
  C:\Windows\System\OFxcWXC.exe
  2⤵
  PID:6692
- C:\Windows\System\JUAShcB.exe
  C:\Windows\System\JUAShcB.exe
  2⤵
  PID:6860
- C:\Windows\System\aZohMoM.exe
  C:\Windows\System\aZohMoM.exe
  2⤵
  PID:6896
- C:\Windows\System\RlEQKBK.exe
  C:\Windows\System\RlEQKBK.exe
  2⤵
  PID:6812
- C:\Windows\System\JUXPLfd.exe
  C:\Windows\System\JUXPLfd.exe
  2⤵
  PID:6892
- C:\Windows\System\haOiOTI.exe
  C:\Windows\System\haOiOTI.exe
  2⤵
  PID:6936
- C:\Windows\System\NblHMkG.exe
  C:\Windows\System\NblHMkG.exe
  2⤵
  PID:7032
- C:\Windows\System\bOqCLJz.exe
  C:\Windows\System\bOqCLJz.exe
  2⤵
  PID:7076
- C:\Windows\System\uJrVPcz.exe
  C:\Windows\System\uJrVPcz.exe
  2⤵
  PID:7156
- C:\Windows\System\Fvwkihz.exe
  C:\Windows\System\Fvwkihz.exe
  2⤵
  PID:6120
- C:\Windows\System\ybIHhVD.exe
  C:\Windows\System\ybIHhVD.exe
  2⤵
  PID:6004
- C:\Windows\System\eBfpsZX.exe
  C:\Windows\System\eBfpsZX.exe
  2⤵
  PID:6164
- C:\Windows\System\sEvRoZC.exe
  C:\Windows\System\sEvRoZC.exe
  2⤵
  PID:5536
- C:\Windows\System\FvbUTpg.exe
  C:\Windows\System\FvbUTpg.exe
  2⤵
  PID:6248
- C:\Windows\System\UgvzdMS.exe
  C:\Windows\System\UgvzdMS.exe
  2⤵
  PID:6548
- C:\Windows\System\CueSvWH.exe
  C:\Windows\System\CueSvWH.exe
  2⤵
  PID:6652
- C:\Windows\System\gAxolHK.exe
  C:\Windows\System\gAxolHK.exe
  2⤵
  PID:6756
- C:\Windows\System\ENBFGgZ.exe
  C:\Windows\System\ENBFGgZ.exe
  2⤵
  PID:6992
- C:\Windows\System\deteiaT.exe
  C:\Windows\System\deteiaT.exe
  2⤵
  PID:6932
- C:\Windows\System\fAhbVzo.exe
  C:\Windows\System\fAhbVzo.exe
  2⤵
  PID:7184
- C:\Windows\System\YPSPKtj.exe
  C:\Windows\System\YPSPKtj.exe
  2⤵
  PID:7204
- C:\Windows\System\HnYnMup.exe
  C:\Windows\System\HnYnMup.exe
  2⤵
  PID:7220
- C:\Windows\System\IMqiUsm.exe
  C:\Windows\System\IMqiUsm.exe
  2⤵
  PID:7240
- C:\Windows\System\HJUbWHl.exe
  C:\Windows\System\HJUbWHl.exe
  2⤵
  PID:7260
- C:\Windows\System\mHLbAFH.exe
  C:\Windows\System\mHLbAFH.exe
  2⤵
  PID:7276
- C:\Windows\System\LKlZbxm.exe
  C:\Windows\System\LKlZbxm.exe
  2⤵
  PID:7300
- C:\Windows\System\vEtISwO.exe
  C:\Windows\System\vEtISwO.exe
  2⤵
  PID:7320
- C:\Windows\System\VoUSdzN.exe
  C:\Windows\System\VoUSdzN.exe
  2⤵
  PID:7340
- C:\Windows\System\UqmKTEM.exe
  C:\Windows\System\UqmKTEM.exe
  2⤵
  PID:7356
- C:\Windows\System\FHqKvtb.exe
  C:\Windows\System\FHqKvtb.exe
  2⤵
  PID:7376
- C:\Windows\System\saAlLym.exe
  C:\Windows\System\saAlLym.exe
  2⤵
  PID:7400
- C:\Windows\System\SNJjeqq.exe
  C:\Windows\System\SNJjeqq.exe
  2⤵
  PID:7420
- C:\Windows\System\eDECOBu.exe
  C:\Windows\System\eDECOBu.exe
  2⤵
  PID:7444
- C:\Windows\System\GIoceBv.exe
  C:\Windows\System\GIoceBv.exe
  2⤵
  PID:7464
- C:\Windows\System\FeSRgYb.exe
  C:\Windows\System\FeSRgYb.exe
  2⤵
  PID:7484
- C:\Windows\System\bTUFmAU.exe
  C:\Windows\System\bTUFmAU.exe
  2⤵
  PID:7500
- C:\Windows\System\mmEEdgT.exe
  C:\Windows\System\mmEEdgT.exe
  2⤵
  PID:7520
- C:\Windows\System\jSYkiEL.exe
  C:\Windows\System\jSYkiEL.exe
  2⤵
  PID:7540
- C:\Windows\System\jseffws.exe
  C:\Windows\System\jseffws.exe
  2⤵
  PID:7560
- C:\Windows\System\ARoYcnf.exe
  C:\Windows\System\ARoYcnf.exe
  2⤵
  PID:7584
- C:\Windows\System\OkAYkfF.exe
  C:\Windows\System\OkAYkfF.exe
  2⤵
  PID:7604
- C:\Windows\System\jpfdDGQ.exe
  C:\Windows\System\jpfdDGQ.exe
  2⤵
  PID:7620
- C:\Windows\System\geFFsKS.exe
  C:\Windows\System\geFFsKS.exe
  2⤵
  PID:7644
- C:\Windows\System\TWrPWHB.exe
  C:\Windows\System\TWrPWHB.exe
  2⤵
  PID:7664
- C:\Windows\System\MHqWfbu.exe
  C:\Windows\System\MHqWfbu.exe
  2⤵
  PID:7684
- C:\Windows\System\wRHGoSy.exe
  C:\Windows\System\wRHGoSy.exe
  2⤵
  PID:7700
- C:\Windows\System\vGeLOVh.exe
  C:\Windows\System\vGeLOVh.exe
  2⤵
  PID:7720
- C:\Windows\System\SgYDKiz.exe
  C:\Windows\System\SgYDKiz.exe
  2⤵
  PID:7744
- C:\Windows\System\FJdLIRb.exe
  C:\Windows\System\FJdLIRb.exe
  2⤵
  PID:7764
- C:\Windows\System\cpWaINN.exe
  C:\Windows\System\cpWaINN.exe
  2⤵
  PID:7780
- C:\Windows\System\wwTkhlS.exe
  C:\Windows\System\wwTkhlS.exe
  2⤵
  PID:7804
- C:\Windows\System\AGDryXF.exe
  C:\Windows\System\AGDryXF.exe
  2⤵
  PID:7820
- C:\Windows\System\oOAJANr.exe
  C:\Windows\System\oOAJANr.exe
  2⤵
  PID:7844
- C:\Windows\System\JvmMxYS.exe
  C:\Windows\System\JvmMxYS.exe
  2⤵
  PID:7864
- C:\Windows\System\gfCpXno.exe
  C:\Windows\System\gfCpXno.exe
  2⤵
  PID:7884
- C:\Windows\System\ZfusTxl.exe
  C:\Windows\System\ZfusTxl.exe
  2⤵
  PID:7904
- C:\Windows\System\nzRRdjI.exe
  C:\Windows\System\nzRRdjI.exe
  2⤵
  PID:7920
- C:\Windows\System\VlSQRpd.exe
  C:\Windows\System\VlSQRpd.exe
  2⤵
  PID:7944
- C:\Windows\System\tGdCHqQ.exe
  C:\Windows\System\tGdCHqQ.exe
  2⤵
  PID:7964
- C:\Windows\System\XWXEwkF.exe
  C:\Windows\System\XWXEwkF.exe
  2⤵
  PID:7980
- C:\Windows\System\sjpZdUV.exe
  C:\Windows\System\sjpZdUV.exe
  2⤵
  PID:8004
- C:\Windows\System\xfkyvcX.exe
  C:\Windows\System\xfkyvcX.exe
  2⤵
  PID:8024
- C:\Windows\System\GYLgGui.exe
  C:\Windows\System\GYLgGui.exe
  2⤵
  PID:8044
- C:\Windows\System\ilsCzEA.exe
  C:\Windows\System\ilsCzEA.exe
  2⤵
  PID:8068
- C:\Windows\System\QenKtHd.exe
  C:\Windows\System\QenKtHd.exe
  2⤵
  PID:8092
- C:\Windows\System\yAwaWph.exe
  C:\Windows\System\yAwaWph.exe
  2⤵
  PID:8108
- C:\Windows\System\kIFQlwE.exe
  C:\Windows\System\kIFQlwE.exe
  2⤵
  PID:8124
- C:\Windows\System\GBgvupI.exe
  C:\Windows\System\GBgvupI.exe
  2⤵
  PID:8148
- C:\Windows\System\KmEoNaM.exe
  C:\Windows\System\KmEoNaM.exe
  2⤵
  PID:8168
- C:\Windows\System\snCwMlx.exe
  C:\Windows\System\snCwMlx.exe
  2⤵
  PID:8188
- C:\Windows\System\LDPJZuQ.exe
  C:\Windows\System\LDPJZuQ.exe
  2⤵
  PID:7072
- C:\Windows\System\DoVLgAD.exe
  C:\Windows\System\DoVLgAD.exe
  2⤵
  PID:7160
- C:\Windows\System\otoTlUd.exe
  C:\Windows\System\otoTlUd.exe
  2⤵
  PID:6036
- C:\Windows\System\lozroPH.exe
  C:\Windows\System\lozroPH.exe
  2⤵
  PID:5500
- C:\Windows\System\hPrNuTC.exe
  C:\Windows\System\hPrNuTC.exe
  2⤵
  PID:6328
- C:\Windows\System\WJIwBqz.exe
  C:\Windows\System\WJIwBqz.exe
  2⤵
  PID:6660
- C:\Windows\System\ajWktvA.exe
  C:\Windows\System\ajWktvA.exe
  2⤵
  PID:6396
- C:\Windows\System\ezzqtQF.exe
  C:\Windows\System\ezzqtQF.exe
  2⤵
  PID:6376
- C:\Windows\System\fcxVeKA.exe
  C:\Windows\System\fcxVeKA.exe
  2⤵
  PID:6820
- C:\Windows\System\EtovrDO.exe
  C:\Windows\System\EtovrDO.exe
  2⤵
  PID:7228
- C:\Windows\System\WoXlPEq.exe
  C:\Windows\System\WoXlPEq.exe
  2⤵
  PID:7272
- C:\Windows\System\RbliLnn.exe
  C:\Windows\System\RbliLnn.exe
  2⤵
  PID:7256
- C:\Windows\System\mmgigWZ.exe
  C:\Windows\System\mmgigWZ.exe
  2⤵
  PID:7352
- C:\Windows\System\fLtdxMH.exe
  C:\Windows\System\fLtdxMH.exe
  2⤵
  PID:7384
- C:\Windows\System\UVnAfDw.exe
  C:\Windows\System\UVnAfDw.exe
  2⤵
  PID:7332
- C:\Windows\System\quNYKwC.exe
  C:\Windows\System\quNYKwC.exe
  2⤵
  PID:7440
- C:\Windows\System\cGMdQJE.exe
  C:\Windows\System\cGMdQJE.exe
  2⤵
  PID:7408
- C:\Windows\System\tuezWIJ.exe
  C:\Windows\System\tuezWIJ.exe
  2⤵
  PID:7452
- C:\Windows\System\FDpcTPo.exe
  C:\Windows\System\FDpcTPo.exe
  2⤵
  PID:7512
- C:\Windows\System\PAKWCPc.exe
  C:\Windows\System\PAKWCPc.exe
  2⤵
  PID:7536
- C:\Windows\System\JTcqqhN.exe
  C:\Windows\System\JTcqqhN.exe
  2⤵
  PID:7592
- C:\Windows\System\LtlSZIV.exe
  C:\Windows\System\LtlSZIV.exe
  2⤵
  PID:7628
- C:\Windows\System\tOaaYtw.exe
  C:\Windows\System\tOaaYtw.exe
  2⤵
  PID:7616
- C:\Windows\System\bjcIpyN.exe
  C:\Windows\System\bjcIpyN.exe
  2⤵
  PID:2856
- C:\Windows\System\orYXVAz.exe
  C:\Windows\System\orYXVAz.exe
  2⤵
  PID:7716
- C:\Windows\System\ZCAuknb.exe
  C:\Windows\System\ZCAuknb.exe
  2⤵
  PID:7736
- C:\Windows\System\IrNAmZF.exe
  C:\Windows\System\IrNAmZF.exe
  2⤵
  PID:7732
- C:\Windows\System\MZIxtfE.exe
  C:\Windows\System\MZIxtfE.exe
  2⤵
  PID:2620
- C:\Windows\System\AdrlPCo.exe
  C:\Windows\System\AdrlPCo.exe
  2⤵
  PID:7832
- C:\Windows\System\lPnMfDi.exe
  C:\Windows\System\lPnMfDi.exe
  2⤵
  PID:2360
- C:\Windows\System\HGHjnKO.exe
  C:\Windows\System\HGHjnKO.exe
  2⤵
  PID:7856
- C:\Windows\System\vFjGJiD.exe
  C:\Windows\System\vFjGJiD.exe
  2⤵
  PID:7892
- C:\Windows\System\iZtOzko.exe
  C:\Windows\System\iZtOzko.exe
  2⤵
  PID:7896
- C:\Windows\System\aTnygPI.exe
  C:\Windows\System\aTnygPI.exe
  2⤵
  PID:7996
- C:\Windows\System\CBlEJSe.exe
  C:\Windows\System\CBlEJSe.exe
  2⤵
  PID:2844
- C:\Windows\System\SsECNTL.exe
  C:\Windows\System\SsECNTL.exe
  2⤵
  PID:8040
- C:\Windows\System\SIiqFID.exe
  C:\Windows\System\SIiqFID.exe
  2⤵
  PID:8016
- C:\Windows\System\JHWHbej.exe
  C:\Windows\System\JHWHbej.exe
  2⤵
  PID:8080
- C:\Windows\System\DyVifpl.exe
  C:\Windows\System\DyVifpl.exe
  2⤵
  PID:2692
- C:\Windows\System\PbYWFLU.exe
  C:\Windows\System\PbYWFLU.exe
  2⤵
  PID:7016
- C:\Windows\System\yhDdQAz.exe
  C:\Windows\System\yhDdQAz.exe
  2⤵
  PID:5924
- C:\Windows\System\TdeWTSQ.exe
  C:\Windows\System\TdeWTSQ.exe
  2⤵
  PID:1672
- C:\Windows\System\HcOEHlL.exe
  C:\Windows\System\HcOEHlL.exe
  2⤵
  PID:4512
- C:\Windows\System\WPLsLqX.exe
  C:\Windows\System\WPLsLqX.exe
  2⤵
  PID:2944
- C:\Windows\System\jkxlFmI.exe
  C:\Windows\System\jkxlFmI.exe
  2⤵
  PID:1452
- C:\Windows\System\coysLko.exe
  C:\Windows\System\coysLko.exe
  2⤵
  PID:6752
- C:\Windows\System\jKDwFyG.exe
  C:\Windows\System\jKDwFyG.exe
  2⤵
  PID:2748
- C:\Windows\System\wFpEnvv.exe
  C:\Windows\System\wFpEnvv.exe
  2⤵
  PID:7096
- C:\Windows\System\tGQOKHv.exe
  C:\Windows\System\tGQOKHv.exe
  2⤵
  PID:7196
- C:\Windows\System\pcMpBTa.exe
  C:\Windows\System\pcMpBTa.exe
  2⤵
  PID:7348
- C:\Windows\System\QgogCzK.exe
  C:\Windows\System\QgogCzK.exe
  2⤵
  PID:7312
- C:\Windows\System\MaUHFbW.exe
  C:\Windows\System\MaUHFbW.exe
  2⤵
  PID:7516
- C:\Windows\System\yMKujei.exe
  C:\Windows\System\yMKujei.exe
  2⤵
  PID:7508
- C:\Windows\System\bBFCPbL.exe
  C:\Windows\System\bBFCPbL.exe
  2⤵
  PID:7552
- C:\Windows\System\bOJyRCZ.exe
  C:\Windows\System\bOJyRCZ.exe
  2⤵
  PID:7632
- C:\Windows\System\ZIDXhPD.exe
  C:\Windows\System\ZIDXhPD.exe
  2⤵
  PID:2820
- C:\Windows\System\vwbmqcf.exe
  C:\Windows\System\vwbmqcf.exe
  2⤵
  PID:7712
- C:\Windows\System\HEFTJho.exe
  C:\Windows\System\HEFTJho.exe
  2⤵
  PID:2980
- C:\Windows\System\zeSEyLQ.exe
  C:\Windows\System\zeSEyLQ.exe
  2⤵
  PID:7828
- C:\Windows\System\VZcgEHf.exe
  C:\Windows\System\VZcgEHf.exe
  2⤵
  PID:7728
- C:\Windows\System\NzXEzrf.exe
  C:\Windows\System\NzXEzrf.exe
  2⤵
  PID:2492
- C:\Windows\System\bMapVsG.exe
  C:\Windows\System\bMapVsG.exe
  2⤵
  PID:7860
- C:\Windows\System\hYBpjES.exe
  C:\Windows\System\hYBpjES.exe
  2⤵
  PID:1900
- C:\Windows\System\pFQmJbV.exe
  C:\Windows\System\pFQmJbV.exe
  2⤵
  PID:2516
- C:\Windows\System\pJLaRLJ.exe
  C:\Windows\System\pJLaRLJ.exe
  2⤵
  PID:1324
- C:\Windows\System\yeotCFy.exe
  C:\Windows\System\yeotCFy.exe
  2⤵
  PID:1032
- C:\Windows\System\IAnXdMD.exe
  C:\Windows\System\IAnXdMD.exe
  2⤵
  PID:2628
- C:\Windows\System\TxCezvN.exe
  C:\Windows\System\TxCezvN.exe
  2⤵
  PID:8088
- C:\Windows\System\uWGQHoe.exe
  C:\Windows\System\uWGQHoe.exe
  2⤵
  PID:2784
- C:\Windows\System\znYmkOH.exe
  C:\Windows\System\znYmkOH.exe
  2⤵
  PID:3880
- C:\Windows\System\XptIjSX.exe
  C:\Windows\System\XptIjSX.exe
  2⤵
  PID:8064
- C:\Windows\System\oJpAtjt.exe
  C:\Windows\System\oJpAtjt.exe
  2⤵
  PID:8084
- C:\Windows\System\HXlyRhi.exe
  C:\Windows\System\HXlyRhi.exe
  2⤵
  PID:8140
- C:\Windows\System\wMooVim.exe
  C:\Windows\System\wMooVim.exe
  2⤵
  PID:6920
- C:\Windows\System\QTLuwFG.exe
  C:\Windows\System\QTLuwFG.exe
  2⤵
  PID:3700
- C:\Windows\System\gsiMNxm.exe
  C:\Windows\System\gsiMNxm.exe
  2⤵
  PID:6552
- C:\Windows\System\GiywStc.exe
  C:\Windows\System\GiywStc.exe
  2⤵
  PID:7216
- C:\Windows\System\MgHGDEm.exe
  C:\Windows\System\MgHGDEm.exe
  2⤵
  PID:6172
- C:\Windows\System\qTYhMEi.exe
  C:\Windows\System\qTYhMEi.exe
  2⤵
  PID:7568
- C:\Windows\System\yDLNirj.exe
  C:\Windows\System\yDLNirj.exe
  2⤵
  PID:7900
- C:\Windows\System\EmHoCni.exe
  C:\Windows\System\EmHoCni.exe
  2⤵
  PID:7192
- C:\Windows\System\mvsVCTG.exe
  C:\Windows\System\mvsVCTG.exe
  2⤵
  PID:7792
- C:\Windows\System\EpRRbKM.exe
  C:\Windows\System\EpRRbKM.exe
  2⤵
  PID:3056
- C:\Windows\System\mHCcdgQ.exe
  C:\Windows\System\mHCcdgQ.exe
  2⤵
  PID:7296
- C:\Windows\System\dTHyyhZ.exe
  C:\Windows\System\dTHyyhZ.exe
  2⤵
  PID:7368
- C:\Windows\System\VhTSvdM.exe
  C:\Windows\System\VhTSvdM.exe
  2⤵
  PID:7960
- C:\Windows\System\OxasaMl.exe
  C:\Windows\System\OxasaMl.exe
  2⤵
  PID:7840
- C:\Windows\System\AtLWesf.exe
  C:\Windows\System\AtLWesf.exe
  2⤵
  PID:7912
- C:\Windows\System\VtqpyGc.exe
  C:\Windows\System\VtqpyGc.exe
  2⤵
  PID:844
- C:\Windows\System\VbLCGLm.exe
  C:\Windows\System\VbLCGLm.exe
  2⤵
  PID:8136
- C:\Windows\System\syvtBxQ.exe
  C:\Windows\System\syvtBxQ.exe
  2⤵
  PID:1132
- C:\Windows\System\BlTXhyf.exe
  C:\Windows\System\BlTXhyf.exe
  2⤵
  PID:7932
- C:\Windows\System\ywdKPlP.exe
  C:\Windows\System\ywdKPlP.exe
  2⤵
  PID:2720
- C:\Windows\System\fwzqfvI.exe
  C:\Windows\System\fwzqfvI.exe
  2⤵
  PID:8184
- C:\Windows\System\dFufdPK.exe
  C:\Windows\System\dFufdPK.exe
  2⤵
  PID:2044
- C:\Windows\System\YLUProm.exe
  C:\Windows\System\YLUProm.exe
  2⤵
  PID:2332
- C:\Windows\System\fktROLg.exe
  C:\Windows\System\fktROLg.exe
  2⤵
  PID:7556
- C:\Windows\System\yhuRgVr.exe
  C:\Windows\System\yhuRgVr.exe
  2⤵
  PID:7816
- C:\Windows\System\oJxSIMS.exe
  C:\Windows\System\oJxSIMS.exe
  2⤵
  PID:7480
- C:\Windows\System\ULYIgGU.exe
  C:\Windows\System\ULYIgGU.exe
  2⤵
  PID:7992
- C:\Windows\System\XmLLyMq.exe
  C:\Windows\System\XmLLyMq.exe
  2⤵
  PID:2512
- C:\Windows\System\UuOThoA.exe
  C:\Windows\System\UuOThoA.exe
  2⤵
  PID:7952
- C:\Windows\System\FVozuWB.exe
  C:\Windows\System\FVozuWB.exe
  2⤵
  PID:7092
- C:\Windows\System\vzrJFUW.exe
  C:\Windows\System\vzrJFUW.exe
  2⤵
  PID:7136
- C:\Windows\System\JqqBBbB.exe
  C:\Windows\System\JqqBBbB.exe
  2⤵
  PID:8056
- C:\Windows\System\LaFmZAv.exe
  C:\Windows\System\LaFmZAv.exe
  2⤵
  PID:2796
- C:\Windows\System\pZRUGaf.exe
  C:\Windows\System\pZRUGaf.exe
  2⤵
  PID:7396
- C:\Windows\System\rgzTwZY.exe
  C:\Windows\System\rgzTwZY.exe
  2⤵
  PID:5812
- C:\Windows\System\IkvjCFJ.exe
  C:\Windows\System\IkvjCFJ.exe
  2⤵
  PID:7672
- C:\Windows\System\xRvRCpL.exe
  C:\Windows\System\xRvRCpL.exe
  2⤵
  PID:7640
- C:\Windows\System\gWOQPhT.exe
  C:\Windows\System\gWOQPhT.exe
  2⤵
  PID:7692
- C:\Windows\System\olbodWc.exe
  C:\Windows\System\olbodWc.exe
  2⤵
  PID:7292
- C:\Windows\System\cKtaQKj.exe
  C:\Windows\System\cKtaQKj.exe
  2⤵
  PID:7788
- C:\Windows\System\HNKXwHR.exe
  C:\Windows\System\HNKXwHR.exe
  2⤵
  PID:7740
- C:\Windows\System\ePtjmzU.exe
  C:\Windows\System\ePtjmzU.exe
  2⤵
  PID:7772
- C:\Windows\System\qrjcpap.exe
  C:\Windows\System\qrjcpap.exe
  2⤵
  PID:8200
- C:\Windows\System\aCjAkFt.exe
  C:\Windows\System\aCjAkFt.exe
  2⤵
  PID:8220
- C:\Windows\System\IycjlJs.exe
  C:\Windows\System\IycjlJs.exe
  2⤵
  PID:8240
- C:\Windows\System\ZCYQVaT.exe
  C:\Windows\System\ZCYQVaT.exe
  2⤵
  PID:8256
- C:\Windows\System\pTHqhjP.exe
  C:\Windows\System\pTHqhjP.exe
  2⤵
  PID:8276
- C:\Windows\System\cmgEkaj.exe
  C:\Windows\System\cmgEkaj.exe
  2⤵
  PID:8292
- C:\Windows\System\DbyVYEZ.exe
  C:\Windows\System\DbyVYEZ.exe
  2⤵
  PID:8312
- C:\Windows\System\ekoJyrj.exe
  C:\Windows\System\ekoJyrj.exe
  2⤵
  PID:8332
- C:\Windows\System\MizCusP.exe
  C:\Windows\System\MizCusP.exe
  2⤵
  PID:8392
- C:\Windows\System\oqkyFku.exe
  C:\Windows\System\oqkyFku.exe
  2⤵
  PID:8408
- C:\Windows\System\KAKXKsw.exe
  C:\Windows\System\KAKXKsw.exe
  2⤵
  PID:8424
- C:\Windows\System\HKKYWsx.exe
  C:\Windows\System\HKKYWsx.exe
  2⤵
  PID:8440
- C:\Windows\System\hGMbwlU.exe
  C:\Windows\System\hGMbwlU.exe
  2⤵
  PID:8456
- C:\Windows\System\kecuTBT.exe
  C:\Windows\System\kecuTBT.exe
  2⤵
  PID:8472
- C:\Windows\System\UMrlZkC.exe
  C:\Windows\System\UMrlZkC.exe
  2⤵
  PID:8488
- C:\Windows\System\INjvYMZ.exe
  C:\Windows\System\INjvYMZ.exe
  2⤵
  PID:8504
- C:\Windows\System\AKMLOtY.exe
  C:\Windows\System\AKMLOtY.exe
  2⤵
  PID:8524
- C:\Windows\System\vyxUhrg.exe
  C:\Windows\System\vyxUhrg.exe
  2⤵
  PID:8540
- C:\Windows\System\cfUbmPm.exe
  C:\Windows\System\cfUbmPm.exe
  2⤵
  PID:8592
- C:\Windows\System\yAPGJMQ.exe
  C:\Windows\System\yAPGJMQ.exe
  2⤵
  PID:8608
- C:\Windows\System\ayhpAul.exe
  C:\Windows\System\ayhpAul.exe
  2⤵
  PID:8624
- C:\Windows\System\jLmqTEc.exe
  C:\Windows\System\jLmqTEc.exe
  2⤵
  PID:8644
- C:\Windows\System\HLtWHnw.exe
  C:\Windows\System\HLtWHnw.exe
  2⤵
  PID:8664
- C:\Windows\System\aPFtYau.exe
  C:\Windows\System\aPFtYau.exe
  2⤵
  PID:8680
- C:\Windows\System\OCOILGM.exe
  C:\Windows\System\OCOILGM.exe
  2⤵
  PID:8696
- C:\Windows\System\xqsOoBO.exe
  C:\Windows\System\xqsOoBO.exe
  2⤵
  PID:8716
- C:\Windows\System\RjnGkqY.exe
  C:\Windows\System\RjnGkqY.exe
  2⤵
  PID:8732
- C:\Windows\System\zBFUKil.exe
  C:\Windows\System\zBFUKil.exe
  2⤵
  PID:8752
- C:\Windows\System\uTbsZej.exe
  C:\Windows\System\uTbsZej.exe
  2⤵
  PID:8772
- C:\Windows\System\hsoevhX.exe
  C:\Windows\System\hsoevhX.exe
  2⤵
  PID:8792
- C:\Windows\System\dhlgDTx.exe
  C:\Windows\System\dhlgDTx.exe
  2⤵
  PID:8816
- C:\Windows\System\ISPNHIY.exe
  C:\Windows\System\ISPNHIY.exe
  2⤵
  PID:8836
- C:\Windows\System\sXKvumK.exe
  C:\Windows\System\sXKvumK.exe
  2⤵
  PID:8864
- C:\Windows\System\EfOWPKI.exe
  C:\Windows\System\EfOWPKI.exe
  2⤵
  PID:8892
- C:\Windows\System\AHEVYRX.exe
  C:\Windows\System\AHEVYRX.exe
  2⤵
  PID:8908
- C:\Windows\System\JhlDYZj.exe
  C:\Windows\System\JhlDYZj.exe
  2⤵
  PID:8924
- C:\Windows\System\TawepZp.exe
  C:\Windows\System\TawepZp.exe
  2⤵
  PID:8940
- C:\Windows\System\ySauSYt.exe
  C:\Windows\System\ySauSYt.exe
  2⤵
  PID:8956
- C:\Windows\System\dUZGqkq.exe
  C:\Windows\System\dUZGqkq.exe
  2⤵
  PID:8972
- C:\Windows\System\zTziaNm.exe
  C:\Windows\System\zTziaNm.exe
  2⤵
  PID:8988
- C:\Windows\System\RuOGyQQ.exe
  C:\Windows\System\RuOGyQQ.exe
  2⤵
  PID:9008
- C:\Windows\System\uzZQAzI.exe
  C:\Windows\System\uzZQAzI.exe
  2⤵
  PID:9056
- C:\Windows\System\JgRPRsV.exe
  C:\Windows\System\JgRPRsV.exe
  2⤵
  PID:9072
- C:\Windows\System\PBUQIyg.exe
  C:\Windows\System\PBUQIyg.exe
  2⤵
  PID:9088
- C:\Windows\System\RamUcmS.exe
  C:\Windows\System\RamUcmS.exe
  2⤵
  PID:9104
- C:\Windows\System\kugWMnr.exe
  C:\Windows\System\kugWMnr.exe
  2⤵
  PID:9120
- C:\Windows\System\dgElJKI.exe
  C:\Windows\System\dgElJKI.exe
  2⤵
  PID:9136
- C:\Windows\System\uLezaGS.exe
  C:\Windows\System\uLezaGS.exe
  2⤵
  PID:9152
- C:\Windows\System\omknzvS.exe
  C:\Windows\System\omknzvS.exe
  2⤵
  PID:9168
- C:\Windows\System\GMICMKT.exe
  C:\Windows\System\GMICMKT.exe
  2⤵
  PID:9196
- C:\Windows\System\HXXSnXx.exe
  C:\Windows\System\HXXSnXx.exe
  2⤵
  PID:9212
- C:\Windows\System\lDmNnxX.exe
  C:\Windows\System\lDmNnxX.exe
  2⤵
  PID:1716
- C:\Windows\System\AQHQzBs.exe
  C:\Windows\System\AQHQzBs.exe
  2⤵
  PID:7372
- C:\Windows\System\eRSNACS.exe
  C:\Windows\System\eRSNACS.exe
  2⤵
  PID:8304
- C:\Windows\System\RTbLvUU.exe
  C:\Windows\System\RTbLvUU.exe
  2⤵
  PID:7200
- C:\Windows\System\UkaDDjG.exe
  C:\Windows\System\UkaDDjG.exe
  2⤵
  PID:8212
- C:\Windows\System\aeubgeO.exe
  C:\Windows\System\aeubgeO.exe
  2⤵
  PID:8272
- C:\Windows\System\oEliXPj.exe
  C:\Windows\System\oEliXPj.exe
  2⤵
  PID:2924
- C:\Windows\System\HbyRkSt.exe
  C:\Windows\System\HbyRkSt.exe
  2⤵
  PID:8364
- C:\Windows\System\hqNtByx.exe
  C:\Windows\System\hqNtByx.exe
  2⤵
  PID:8384
- C:\Windows\System\QnRMtVI.exe
  C:\Windows\System\QnRMtVI.exe
  2⤵
  PID:8404
- C:\Windows\System\TpyCUyK.exe
  C:\Windows\System\TpyCUyK.exe
  2⤵
  PID:8464
- C:\Windows\System\gKTzvZl.exe
  C:\Windows\System\gKTzvZl.exe
  2⤵
  PID:8484
- C:\Windows\System\gNfQpre.exe
  C:\Windows\System\gNfQpre.exe
  2⤵
  PID:1556
- C:\Windows\System\DRdBBwi.exe
  C:\Windows\System\DRdBBwi.exe
  2⤵
  PID:2808
- C:\Windows\System\MYozhFy.exe
  C:\Windows\System\MYozhFy.exe
  2⤵
  PID:8672
- C:\Windows\System\CctIBAJ.exe
  C:\Windows\System\CctIBAJ.exe
  2⤵
  PID:8704
- C:\Windows\System\tqvrNpG.exe
  C:\Windows\System\tqvrNpG.exe
  2⤵
  PID:8724
- C:\Windows\System\utwwYyS.exe
  C:\Windows\System\utwwYyS.exe
  2⤵
  PID:8768
- C:\Windows\System\daGYxIQ.exe
  C:\Windows\System\daGYxIQ.exe
  2⤵
  PID:8788
- C:\Windows\System\mOetAJg.exe
  C:\Windows\System\mOetAJg.exe
  2⤵
  PID:8844
- C:\Windows\System\DoCxlDV.exe
  C:\Windows\System\DoCxlDV.exe
  2⤵
  PID:8824
- C:\Windows\System\lHhORqB.exe
  C:\Windows\System\lHhORqB.exe
  2⤵
  PID:8856
- C:\Windows\System\BqVksLo.exe
  C:\Windows\System\BqVksLo.exe
  2⤵
  PID:8884
- C:\Windows\System\RXaPKpt.exe
  C:\Windows\System\RXaPKpt.exe
  2⤵
  PID:8916
- C:\Windows\System\coqnhiW.exe
  C:\Windows\System\coqnhiW.exe
  2⤵
  PID:8968
- C:\Windows\System\TUhWyPn.exe
  C:\Windows\System\TUhWyPn.exe
  2⤵
  PID:9004
- C:\Windows\System\LQbxIXA.exe
  C:\Windows\System\LQbxIXA.exe
  2⤵
  PID:9028
- C:\Windows\System\tzlqgSP.exe
  C:\Windows\System\tzlqgSP.exe
  2⤵
  PID:9016
- C:\Windows\System\UDBaZtr.exe
  C:\Windows\System\UDBaZtr.exe
  2⤵
  PID:9052
- C:\Windows\System\rPyZhtt.exe
  C:\Windows\System\rPyZhtt.exe
  2⤵
  PID:9084
- C:\Windows\System\iWPasYH.exe
  C:\Windows\System\iWPasYH.exe
  2⤵
  PID:9064
- C:\Windows\System\euvPzIJ.exe
  C:\Windows\System\euvPzIJ.exe
  2⤵
  PID:9100
- C:\Windows\System\Yzhcwcb.exe
  C:\Windows\System\Yzhcwcb.exe
  2⤵
  PID:9164
- C:\Windows\System\FRqJxmM.exe
  C:\Windows\System\FRqJxmM.exe
  2⤵
  PID:8232
- C:\Windows\System\HtperfB.exe
  C:\Windows\System\HtperfB.exe
  2⤵
  PID:8236
- C:\Windows\System\wWtqyDT.exe
  C:\Windows\System\wWtqyDT.exe
  2⤵
  PID:9176
- C:\Windows\System\KlIYLbd.exe
  C:\Windows\System\KlIYLbd.exe
  2⤵
  PID:8496
- C:\Windows\System\nspdmgT.exe
  C:\Windows\System\nspdmgT.exe
  2⤵
  PID:8268
- C:\Windows\System\OzOKcoc.exe
  C:\Windows\System\OzOKcoc.exe
  2⤵
  PID:8376
- C:\Windows\System\DwcZTLS.exe
  C:\Windows\System\DwcZTLS.exe
  2⤵
  PID:4988
- C:\Windows\System\yLdYFOX.exe
  C:\Windows\System\yLdYFOX.exe
  2⤵
  PID:8340
- C:\Windows\System\rUhLeWv.exe
  C:\Windows\System\rUhLeWv.exe
  2⤵
  PID:8380
- C:\Windows\System\jEDLznI.exe
  C:\Windows\System\jEDLznI.exe
  2⤵
  PID:8516
- C:\Windows\System\reDwwOC.exe
  C:\Windows\System\reDwwOC.exe
  2⤵
  PID:8832
- C:\Windows\System\dYCwVyD.exe
  C:\Windows\System\dYCwVyD.exe
  2⤵
  PID:8800
- C:\Windows\System\guijfrN.exe
  C:\Windows\System\guijfrN.exe
  2⤵
  PID:8900
- C:\Windows\System\lLoYFOf.exe
  C:\Windows\System\lLoYFOf.exe
  2⤵
  PID:8936
- C:\Windows\System\AvdfMOO.exe
  C:\Windows\System\AvdfMOO.exe
  2⤵
  PID:9204
- C:\Windows\System\GhYCfhT.exe
  C:\Windows\System\GhYCfhT.exe
  2⤵
  PID:8352
- C:\Windows\System\eIXCwiu.exe
  C:\Windows\System\eIXCwiu.exe
  2⤵
  PID:2156
- C:\Windows\System\EZYecGx.exe
  C:\Windows\System\EZYecGx.exe
  2⤵
  PID:8420
- C:\Windows\System\HtPsCgY.exe
  C:\Windows\System\HtPsCgY.exe
  2⤵
  PID:8400
- C:\Windows\System\oSJZKls.exe
  C:\Windows\System\oSJZKls.exe
  2⤵
  PID:8320
- C:\Windows\System\HXRGDLq.exe
  C:\Windows\System\HXRGDLq.exe
  2⤵
  PID:8208
- C:\Windows\System\NmubefW.exe
  C:\Windows\System\NmubefW.exe
  2⤵
  PID:8536
- C:\Windows\System\YOFPfEe.exe
  C:\Windows\System\YOFPfEe.exe
  2⤵
  PID:8576
- C:\Windows\System\vCTKcTs.exe
  C:\Windows\System\vCTKcTs.exe
  2⤵
  PID:8636
- C:\Windows\System\PkWHnUJ.exe
  C:\Windows\System\PkWHnUJ.exe
  2⤵
  PID:8708
- C:\Windows\System\hRMXAfe.exe
  C:\Windows\System\hRMXAfe.exe
  2⤵
  PID:8748
- C:\Windows\System\LuObnIW.exe
  C:\Windows\System\LuObnIW.exe
  2⤵
  PID:8784
- C:\Windows\System\BXQAbkt.exe
  C:\Windows\System\BXQAbkt.exe
  2⤵
  PID:8804
- C:\Windows\System\bVIMkeN.exe
  C:\Windows\System\bVIMkeN.exe
  2⤵
  PID:8980
- C:\Windows\System\AmwSzmx.exe
  C:\Windows\System\AmwSzmx.exe
  2⤵
  PID:8564
- C:\Windows\System\LHzzvSR.exe
  C:\Windows\System\LHzzvSR.exe
  2⤵
  PID:8308
- C:\Windows\System\RWoEsKT.exe
  C:\Windows\System\RWoEsKT.exe
  2⤵
  PID:8284
- C:\Windows\System\dwRBvHN.exe
  C:\Windows\System\dwRBvHN.exe
  2⤵
  PID:8660
- C:\Windows\System\TzgkWJr.exe
  C:\Windows\System\TzgkWJr.exe
  2⤵
  PID:8996
- C:\Windows\System\eothyjS.exe
  C:\Windows\System\eothyjS.exe
  2⤵
  PID:9184
- C:\Windows\System\QyQVPdp.exe
  C:\Windows\System\QyQVPdp.exe
  2⤵
  PID:8532
- C:\Windows\System\gUelWmu.exe
  C:\Windows\System\gUelWmu.exe
  2⤵
  PID:8656
- C:\Windows\System\PxOikTu.exe
  C:\Windows\System\PxOikTu.exe
  2⤵
  PID:8952
- C:\Windows\System\ZbWgdXn.exe
  C:\Windows\System\ZbWgdXn.exe
  2⤵
  PID:8780
- C:\Windows\System\LuLcoSV.exe
  C:\Windows\System\LuLcoSV.exe
  2⤵
  PID:8620
- C:\Windows\System\VIeaAEU.exe
  C:\Windows\System\VIeaAEU.exe
  2⤵
  PID:8964
- C:\Windows\System\juaQHqt.exe
  C:\Windows\System\juaQHqt.exe
  2⤵
  PID:9144
- C:\Windows\System\HckPvsS.exe
  C:\Windows\System\HckPvsS.exe
  2⤵
  PID:8580
- C:\Windows\System\bobcagz.exe
  C:\Windows\System\bobcagz.exe
  2⤵
  PID:8604
- C:\Windows\System\KaSAWMQ.exe
  C:\Windows\System\KaSAWMQ.exe
  2⤵
  PID:9220
- C:\Windows\System\Uuwcjsc.exe
  C:\Windows\System\Uuwcjsc.exe
  2⤵
  PID:9236
- C:\Windows\System\YtsXMbR.exe
  C:\Windows\System\YtsXMbR.exe
  2⤵
  PID:9252
- C:\Windows\System\EyCwDBf.exe
  C:\Windows\System\EyCwDBf.exe
  2⤵
  PID:9268
- C:\Windows\System\foINJmZ.exe
  C:\Windows\System\foINJmZ.exe
  2⤵
  PID:9296
- C:\Windows\System\DwSUgec.exe
  C:\Windows\System\DwSUgec.exe
  2⤵
  PID:9324
- C:\Windows\System\ctVZowN.exe
  C:\Windows\System\ctVZowN.exe
  2⤵
  PID:9340
- C:\Windows\System\fGHELvH.exe
  C:\Windows\System\fGHELvH.exe
  2⤵
  PID:9356
- C:\Windows\System\UMMONvk.exe
  C:\Windows\System\UMMONvk.exe
  2⤵
  PID:9376
- C:\Windows\System\SVRoscT.exe
  C:\Windows\System\SVRoscT.exe
  2⤵
  PID:9396
- C:\Windows\System\QodjQFV.exe
  C:\Windows\System\QodjQFV.exe
  2⤵
  PID:9412
- C:\Windows\System\MamYtmR.exe
  C:\Windows\System\MamYtmR.exe
  2⤵
  PID:9428
- C:\Windows\System\tNMVGZK.exe
  C:\Windows\System\tNMVGZK.exe
  2⤵
  PID:9444
- C:\Windows\System\XdwwjdM.exe
  C:\Windows\System\XdwwjdM.exe
  2⤵
  PID:9468
- C:\Windows\System\YZHcUNS.exe
  C:\Windows\System\YZHcUNS.exe
  2⤵
  PID:9484
- C:\Windows\System\ZtYIJxA.exe
  C:\Windows\System\ZtYIJxA.exe
  2⤵
  PID:9508
- C:\Windows\System\pYDEWnH.exe
  C:\Windows\System\pYDEWnH.exe
  2⤵
  PID:9536
- C:\Windows\System\znxozjM.exe
  C:\Windows\System\znxozjM.exe
  2⤵
  PID:9552
- C:\Windows\System\sGzmfpL.exe
  C:\Windows\System\sGzmfpL.exe
  2⤵
  PID:9568
- C:\Windows\System\kGvskqP.exe
  C:\Windows\System\kGvskqP.exe
  2⤵
  PID:9592
- C:\Windows\System\cqIoJxv.exe
  C:\Windows\System\cqIoJxv.exe
  2⤵
  PID:9636
- C:\Windows\System\hWOIyLu.exe
  C:\Windows\System\hWOIyLu.exe
  2⤵
  PID:9652
- C:\Windows\System\gZonJgU.exe
  C:\Windows\System\gZonJgU.exe
  2⤵
  PID:9668
- C:\Windows\System\SCtygYc.exe
  C:\Windows\System\SCtygYc.exe
  2⤵
  PID:9700
- C:\Windows\System\SakbaID.exe
  C:\Windows\System\SakbaID.exe
  2⤵
  PID:9716
- C:\Windows\System\DLzTcMx.exe
  C:\Windows\System\DLzTcMx.exe
  2⤵
  PID:9740
- C:\Windows\System\KcXIhEv.exe
  C:\Windows\System\KcXIhEv.exe
  2⤵
  PID:9760
- C:\Windows\System\YRFtoVm.exe
  C:\Windows\System\YRFtoVm.exe
  2⤵
  PID:9776
- C:\Windows\System\wHstiVn.exe
  C:\Windows\System\wHstiVn.exe
  2⤵
  PID:9796
- C:\Windows\System\lyvvNNg.exe
  C:\Windows\System\lyvvNNg.exe
  2⤵
  PID:9816
- C:\Windows\System\IsHtbbV.exe
  C:\Windows\System\IsHtbbV.exe
  2⤵
  PID:9836
- C:\Windows\System\qtzOutK.exe
  C:\Windows\System\qtzOutK.exe
  2⤵
  PID:9868
- C:\Windows\System\fpBAAii.exe
  C:\Windows\System\fpBAAii.exe
  2⤵
  PID:9888
- C:\Windows\System\RzqjjLB.exe
  C:\Windows\System\RzqjjLB.exe
  2⤵
  PID:9904
- C:\Windows\System\tVZkWbQ.exe
  C:\Windows\System\tVZkWbQ.exe
  2⤵
  PID:9924
- C:\Windows\System\aVabbqx.exe
  C:\Windows\System\aVabbqx.exe
  2⤵
  PID:9940
- C:\Windows\System\OcjJscH.exe
  C:\Windows\System\OcjJscH.exe
  2⤵
  PID:9964
- C:\Windows\System\amzadko.exe
  C:\Windows\System\amzadko.exe
  2⤵
  PID:9980
- C:\Windows\System\IuNDKKH.exe
  C:\Windows\System\IuNDKKH.exe
  2⤵
  PID:10000
- C:\Windows\System\ZbsMNli.exe
  C:\Windows\System\ZbsMNli.exe
  2⤵
  PID:10016
- C:\Windows\System\AIDHJRq.exe
  C:\Windows\System\AIDHJRq.exe
  2⤵
  PID:10036
- C:\Windows\System\bGmPUqm.exe
  C:\Windows\System\bGmPUqm.exe
  2⤵
  PID:10060
- C:\Windows\System\UKfqmgj.exe
  C:\Windows\System\UKfqmgj.exe
  2⤵
  PID:10084
- C:\Windows\System\eOgVxGp.exe
  C:\Windows\System\eOgVxGp.exe
  2⤵
  PID:10108
- C:\Windows\System\KMAaEqP.exe
  C:\Windows\System\KMAaEqP.exe
  2⤵
  PID:10128
- C:\Windows\System\wbVHvvQ.exe
  C:\Windows\System\wbVHvvQ.exe
  2⤵
  PID:10144
- C:\Windows\System\bZclBVG.exe
  C:\Windows\System\bZclBVG.exe
  2⤵
  PID:10160
- C:\Windows\System\NRBUijw.exe
  C:\Windows\System\NRBUijw.exe
  2⤵
  PID:10180
- C:\Windows\System\YBXKkgr.exe
  C:\Windows\System\YBXKkgr.exe
  2⤵
  PID:10196
- C:\Windows\System\REYfqsJ.exe
  C:\Windows\System\REYfqsJ.exe
  2⤵
  PID:10216
- C:\Windows\System\sUAEatm.exe
  C:\Windows\System\sUAEatm.exe
  2⤵
  PID:10232
- C:\Windows\System\axpsCVI.exe
  C:\Windows\System\axpsCVI.exe
  2⤵
  PID:9248
- C:\Windows\System\bKQCjgG.exe
  C:\Windows\System\bKQCjgG.exe
  2⤵
  PID:8480
- C:\Windows\System\UTkWuEg.exe
  C:\Windows\System\UTkWuEg.exe
  2⤵
  PID:9264
- C:\Windows\System\tZGMqzK.exe
  C:\Windows\System\tZGMqzK.exe
  2⤵
  PID:8652
- C:\Windows\System\wxIutyA.exe
  C:\Windows\System\wxIutyA.exe
  2⤵
  PID:9352
- C:\Windows\System\YHdzcjj.exe
  C:\Windows\System\YHdzcjj.exe
  2⤵
  PID:9284
- C:\Windows\System\phLEikA.exe
  C:\Windows\System\phLEikA.exe
  2⤵
  PID:9336
- C:\Windows\System\kyAqglg.exe
  C:\Windows\System\kyAqglg.exe
  2⤵
  PID:9408
- C:\Windows\System\BCckwzn.exe
  C:\Windows\System\BCckwzn.exe
  2⤵
  PID:9524
- C:\Windows\System\TiMXBDH.exe
  C:\Windows\System\TiMXBDH.exe
  2⤵
  PID:9464
- C:\Windows\System\DmOisab.exe
  C:\Windows\System\DmOisab.exe
  2⤵
  PID:9516
- C:\Windows\System\VmlNbvW.exe
  C:\Windows\System\VmlNbvW.exe
  2⤵
  PID:9584
- C:\Windows\System\HqVEaAM.exe
  C:\Windows\System\HqVEaAM.exe
  2⤵
  PID:9628
- C:\Windows\System\AnXoYKY.exe
  C:\Windows\System\AnXoYKY.exe
  2⤵
  PID:9620
- C:\Windows\System\gsgJGlR.exe
  C:\Windows\System\gsgJGlR.exe
  2⤵
  PID:9680
- C:\Windows\System\DgoWNCV.exe
  C:\Windows\System\DgoWNCV.exe
  2⤵
  PID:9708
- C:\Windows\System\JucttUy.exe
  C:\Windows\System\JucttUy.exe
  2⤵
  PID:9748
- C:\Windows\System\hZpmJBg.exe
  C:\Windows\System\hZpmJBg.exe
  2⤵
  PID:9788
- C:\Windows\System\WEEPmMP.exe
  C:\Windows\System\WEEPmMP.exe
  2⤵
  PID:9808
- C:\Windows\System\UENrIpf.exe
  C:\Windows\System\UENrIpf.exe
  2⤵
  PID:9852
- C:\Windows\System\ZyBenzN.exe
  C:\Windows\System\ZyBenzN.exe
  2⤵
  PID:9884
- C:\Windows\System\yJqYxGQ.exe
  C:\Windows\System\yJqYxGQ.exe
  2⤵
  PID:9916
- C:\Windows\System\RVVQdsX.exe
  C:\Windows\System\RVVQdsX.exe
  2⤵
  PID:9952
- C:\Windows\System\AfNeNRG.exe
  C:\Windows\System\AfNeNRG.exe
  2⤵
  PID:9996
- C:\Windows\System\qNxOuQx.exe
  C:\Windows\System\qNxOuQx.exe
  2⤵
  PID:10068
- C:\Windows\System\YwkkdTU.exe
  C:\Windows\System\YwkkdTU.exe
  2⤵
  PID:9972
- C:\Windows\System\czahKHd.exe
  C:\Windows\System\czahKHd.exe
  2⤵
  PID:10044
- C:\Windows\System\RctrxTr.exe
  C:\Windows\System\RctrxTr.exe
  2⤵
  PID:10096
- C:\Windows\System\rENqUyZ.exe
  C:\Windows\System\rENqUyZ.exe
  2⤵
  PID:10152
- C:\Windows\System\SmYkHID.exe
  C:\Windows\System\SmYkHID.exe
  2⤵
  PID:10100
- C:\Windows\System\XTXISZf.exe
  C:\Windows\System\XTXISZf.exe
  2⤵
  PID:9312
- C:\Windows\System\nZtlZKl.exe
  C:\Windows\System\nZtlZKl.exe
  2⤵
  PID:10140
- C:\Windows\System\rpwdgOR.exe
  C:\Windows\System\rpwdgOR.exe
  2⤵
  PID:9452
- C:\Windows\System\tJFbMVR.exe
  C:\Windows\System\tJFbMVR.exe
  2⤵
  PID:9364
- C:\Windows\System\ehwqEuK.exe
  C:\Windows\System\ehwqEuK.exe
  2⤵
  PID:9348
- C:\Windows\System\DJvRJkP.exe
  C:\Windows\System\DJvRJkP.exe
  2⤵
  PID:9192
- C:\Windows\System\CELjoGu.exe
  C:\Windows\System\CELjoGu.exe
  2⤵
  PID:9292
- C:\Windows\System\ElvyrDt.exe
  C:\Windows\System\ElvyrDt.exe
  2⤵
  PID:9460
- C:\Windows\System\JwctEvL.exe
  C:\Windows\System\JwctEvL.exe
  2⤵
  PID:9476
- C:\Windows\System\ZuwWqNN.exe
  C:\Windows\System\ZuwWqNN.exe
  2⤵
  PID:9564
- C:\Windows\System\ZwUbQJq.exe
  C:\Windows\System\ZwUbQJq.exe
  2⤵
  PID:9480
- C:\Windows\System\qltSZcC.exe
  C:\Windows\System\qltSZcC.exe
  2⤵
  PID:9676
- C:\Windows\System\nmNSabE.exe
  C:\Windows\System\nmNSabE.exe
  2⤵
  PID:9664
- C:\Windows\System\vhQntuZ.exe
  C:\Windows\System\vhQntuZ.exe
  2⤵
  PID:8568
- C:\Windows\System\YzVLlzp.exe
  C:\Windows\System\YzVLlzp.exe
  2⤵
  PID:9752
- C:\Windows\System\oFsHmPZ.exe
  C:\Windows\System\oFsHmPZ.exe
  2⤵
  PID:9860
- C:\Windows\System\YUEDKnQ.exe
  C:\Windows\System\YUEDKnQ.exe
  2⤵
  PID:9876
- C:\Windows\System\SBSgClO.exe
  C:\Windows\System\SBSgClO.exe
  2⤵
  PID:9960
- C:\Windows\System\xVwVLuc.exe
  C:\Windows\System\xVwVLuc.exe
  2⤵
  PID:10076
- C:\Windows\System\OfNPvFH.exe
  C:\Windows\System\OfNPvFH.exe
  2⤵
  PID:10188
- C:\Windows\System\myjUwTU.exe
  C:\Windows\System\myjUwTU.exe
  2⤵
  PID:9404
- C:\Windows\System\XkGrLiA.exe
  C:\Windows\System\XkGrLiA.exe
  2⤵
  PID:9532
- C:\Windows\System\vuxuHVb.exe
  C:\Windows\System\vuxuHVb.exe
  2⤵
  PID:9604
- C:\Windows\System\XWgVEtf.exe
  C:\Windows\System\XWgVEtf.exe
  2⤵
  PID:10268
- C:\Windows\System\rtiAzOP.exe
  C:\Windows\System\rtiAzOP.exe
  2⤵
  PID:10284
- C:\Windows\System\lImtZdn.exe
  C:\Windows\System\lImtZdn.exe
  2⤵
  PID:10300
- C:\Windows\System\TWSKqTk.exe
  C:\Windows\System\TWSKqTk.exe
  2⤵
  PID:10320
- C:\Windows\System\hWPrdRB.exe
  C:\Windows\System\hWPrdRB.exe
  2⤵
  PID:10336
- C:\Windows\System\TbsOoDm.exe
  C:\Windows\System\TbsOoDm.exe
  2⤵
  PID:10360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AcNbIcf.exe

Filesize
6.0MB

MD5
3a22c40463042017efe5bdb08722a756

SHA1
1b1db372ff931740830009044c7d391d949d3395

SHA256
ec76dbe3eda4de772074c4da0221cb802da8f6bc1f25372c032f88e53082bdb7

SHA512
be1995aa3077e0294402e4be8b2a59158211d3e288dcac907490a614393c3bfe5a9dd8e5ae92404a301f6b9f348807ad8d7055a4c8dc11b9129509e16b67c825

Download Submit
C:\Windows\system\CkGwQhN.exe

Filesize
6.0MB

MD5
58a34fa136caec2ad150da9df871cc76

SHA1
6c0707654d1d1fbcf62c33e5e8416138c28ddb5b

SHA256
57dc9a949bc4609f7f163b7646342b1df215c51c33292f5f3d8b35bc614d41ed

SHA512
080259b38bd1cf54685ddf3778c16480bbf44ceb012f99ccdc8361ebae472fe90d8cccc382c9764822d2cc35a1419f5401a8e95eba57e3e0f050ce8fa9ce8d82

Download Submit
C:\Windows\system\DGMyWDz.exe

Filesize
6.0MB

MD5
bf7e9f6fe2910cf8d9744c87060c7019

SHA1
a958ce939c7aacd368655d511eca250c83ec7a4c

SHA256
8b332b9e92026c7d40145908d1fab3a33eb4eab5fc836d1cb7b57fb4f09e299d

SHA512
f214d4e565af4cf0abd2558aea605184183662d4c76b5d7f13f1679f3315e31a99f0a3115a1e60c12d3ee21e0ba507b1c4b73942d533ccfcf6bfd8afbaaf900f

Download Submit
C:\Windows\system\FjfDdRE.exe

Filesize
6.0MB

MD5
c64fda33538ee3f9722b88de4271648f

SHA1
6e4f67ac93f66cbc6d31d6b8059361d1f7b44fd8

SHA256
ebd7950521a73c759fd6f4c1df3f51138a3cf5cfd727907d99b743da13b2d635

SHA512
2da80a262dc3629d53aba8c8dfdfe998e97200f1e82234beeeac38c9b9697519dc41ddcbbb3a390bf09e88e716a98a87eb0044e37c9672ef3a9805771a3bf421

Download Submit
C:\Windows\system\GdCzulM.exe

Filesize
6.0MB

MD5
3cf89d84dce75cda743ae9642fe2a232

SHA1
3b3303a1c8e672921a22df82576b534c7fabb266

SHA256
76eae79b44f836a1ef914ee4433fd010528a6a2ee66f2ec3f38762e322f424d1

SHA512
5878d7bcac694a5c3241ce5401634403407fe37c2440d7ac091e509eadbc9731725f0f3d89ff8c0cefc4ae7e443b6f88c135b9f0803b3f929eecfc6eedddfc5f

Download Submit
C:\Windows\system\HXcjHmp.exe

Filesize
6.0MB

MD5
f4c6e51e2ca5509dee8eb857140f8545

SHA1
a7ed3e0fb25847e1f844e9bd2ae80fc80c3c4069

SHA256
f82876c28c7855e9fe6768b56692fbf7b3f28b77305e0d3487441e9a147cd8e5

SHA512
1a2e88fb919990595737e3e4c5aad3c8ff7ea212f7d38450401bba17eb1807581bb6c003a379abd1271b580400e1851b688239f5732c87bcc3bde3082561a68f

Download Submit
C:\Windows\system\InxgutX.exe

Filesize
6.0MB

MD5
31e78a59ad52a463244f093b563bab6f

SHA1
93ddffd059a535ed2931ffc8f478308be552e331

SHA256
8512815ebb2d4862535167468e6eb24a2da88984973e92014bed95732034bc38

SHA512
42a850e203d3affe79842dea7df965a6471db3325608ba64ff5d92038819b9e13a2f3e1eb84fc0845e47f5c85176e89a51f5e32a9cf3a4ceab6962c037c13aa3

Download Submit
C:\Windows\system\JbwepwS.exe

Filesize
6.0MB

MD5
5b64f7d4cf3758c05ae43896290e9e4f

SHA1
d12ff55c204532c13ab5c0bba048a1420b124951

SHA256
7f70d6424de90fcd94f0ce84e174d8d170198d2a942e1c78144602c87e3feaf9

SHA512
d8ceaa33c03410eee76b14b995152a0c7667ee7f33d78df56fdb246db01320876c40221d153fcfaa359f11765ee00481d0a7d326047ffcb22b059831ba72feb0

Download Submit
C:\Windows\system\KHyYwoo.exe

Filesize
6.0MB

MD5
475cb2da68e1d2585ace8c770ba8e208

SHA1
899d5a49585025b6edcb8af2bda4ddc8710acbb7

SHA256
c7caa6cf00650c694120556d1c5b7ae5b92eb6c0c7140aa1b4ffd5c6a6f50da4

SHA512
1fae1f3132851178e1eb836b407261a05db61124a87b231f0a20c4f5237cb80937ca4ac1613baba00f93be9a501495a919e77e21c5c2aa19c1fa6ef82a965792

Download Submit
C:\Windows\system\LwYnkms.exe

Filesize
6.0MB

MD5
a84e764ff2552f36740c21e4ea2edb01

SHA1
792f7f380c8baa2811ea3baa11b46bdd7b7b3b75

SHA256
03bd373780c1fb02437ea625c2e0b403d998ea587e3fc61220aca2e4e7c5c6f8

SHA512
d003652a7976602bdc39bc4121a8d71f74220e246a78cfc87646fd3267395a4f6ff8fcf13b81279289aea1aed59f5dac27420978829ec992166c9a262f77935b

Download Submit
C:\Windows\system\NkNbhqD.exe

Filesize
6.0MB

MD5
69a3e5b8134f221e11ed9834640b6b81

SHA1
1946651b48ac3db291fb700f2ee16d68ffdff638

SHA256
67c7a4e075f807e0a10581e28fb64f0d4841910b21fa5620846a027df8ca7500

SHA512
d10d1860b539eed2fd34ab9a4288ed7673dcfce55f863eb84eb37a4e8c69654cccd37a1c4eba7e6d6a8c0ef6d1df564276110a8e65c4b9af4e2135b9af73fc7e

Download Submit
C:\Windows\system\OtryLRA.exe

Filesize
6.0MB

MD5
b29f7956986795e65b8834d482e203d2

SHA1
45e5e8fb63ccc2b507bf202d642a89f4150d91c8

SHA256
e02db45b3ad8661c3ccc798c99212a1bdee2ff464f1731df0a96dd82c4cbff8c

SHA512
980a8f6f4321512008e30f7af907768b1ba28854e7b93eb2845ee07d10286bbda83fdb7d0ce1acd2b7f5d0e2e39ab9622003a90a749da9fa7520f11ef1cd662d

Download Submit
C:\Windows\system\PxvcIKg.exe

Filesize
6.0MB

MD5
1e20a9ed65f4cbb7c4efb19a7e9dfaf7

SHA1
d082496d78b26ea881829d2d49e3e35fcfbc2dea

SHA256
d31caf84fe275f7fc2b6d42906f0c42b26ba79a3daf6da3a27f4a3c84640db72

SHA512
47c87c60756c421cd666f6058987b44bc600e5310d025b4c22ee12971567caa7ae7b28125fe2eabe43fe9713e586d2764a4d1326c33d07d8a63154835e85da94

Download Submit
C:\Windows\system\WbhcAXy.exe

Filesize
6.0MB

MD5
41539672c0ffa30e8826fd9e03f4c771

SHA1
554443e4badd5cff14ac520234b41687ed478b21

SHA256
aa025395ea8cc00350519d2c72cc30ff4fcd1d87c20779d5a6844bf8ed74731b

SHA512
301234485ad7ac5e6fd178a86713c4ad7652880448d0f1f2e340cf1e919423c160c4af95ef47b8ab3bb48bbea87ce92b2179ce3866a345dee527b59586c16511

Download Submit
C:\Windows\system\XCkTHRS.exe

Filesize
6.0MB

MD5
d76844786a3626aba367186de7d4598e

SHA1
dd23fd6290adb55a2b604579fc1438347fb56325

SHA256
6e008d9c457320e237d5970e3589c0c13d4b7c5dfbd827a7aabb9948495d847d

SHA512
4002b4c6e959dab7650830c8eb191ff4868a238f8a71213f6d5b5256085b3fe8e1c54360f426cb8f42414ba270c970355cbc33b2002c212c292e4db693337de3

Download Submit
C:\Windows\system\YLITZww.exe

Filesize
6.0MB

MD5
eb0a6b25c7aee8694ac66a607f9edf03

SHA1
65c78f32a21e679deaad2516e04d3ba141f7c5e3

SHA256
a20dd45bd17604e5329e1a8b55efd9cf6c186f678595534ff4f987bd89d7cdeb

SHA512
6eb6abb71cef63473bc2fd43435f3c8a16a742fcccaf0b14e66239a51852ea91cb6dfc3d6ca96263255b33bc27fa9517696a56cb648328e5cc373c8158ad7f42

Download Submit
C:\Windows\system\ZbwErxu.exe

Filesize
6.0MB

MD5
5c207e46d0720af78f7e01b324407fcc

SHA1
8bfa0aeacf3da135cbbbbc58e18c6531be5d74c5

SHA256
69426741ced25f09095704068aa35ffcd13643324989f1d793c86cd8bcac9861

SHA512
8bb0a1a2414ed84e0b4e01105eb8d9fec0362735e3696af354bc453cef4d07d08b2dba4fe5f94ef91cb08c6d9871652fbb5697bd4809b775c0feb47eccb2139e

Download Submit
C:\Windows\system\bRtDNid.exe

Filesize
6.0MB

MD5
3f9bf69bf8217432c1c1c27612c3f019

SHA1
5da361f2babc76c7566e83a0264e87190b84c20e

SHA256
4c06cbbbfb7813397bdfd6b0bacf78f3b0f52c925343a3094e3e05374ac5aaed

SHA512
814343348cc5de64e125d31ead340848bd6838b67c6f6ccd336e55c59d7a50b41a52aa43dc200b60862b33617939da45bafb1961f5d178bcf29143fc85238ee4

Download Submit
C:\Windows\system\blfVWWR.exe

Filesize
6.0MB

MD5
2a57ee82534b26dc71ae4ec62ff1a5e5

SHA1
e29fe1f5cc05c0a9ab9064f8eecd05eb1e6a3489

SHA256
009ffe2baea135a5e96d54b0058ab68663549fa00a0a9c67ba7e2f5d25ffa539

SHA512
6bd1b2c6ce14fa4335027f836e75f48af4022ccaa726f8b125e1eaf492a12480f18125f9abe9b76b8154173561b05019e06251f49df6f334486b90eb344fb54a

Download Submit
C:\Windows\system\ciqIdYa.exe

Filesize
6.0MB

MD5
68be12c1e4b2910233c3015f050473c5

SHA1
917ec4fd6465d7c3af1006af062bd1a42573a7f7

SHA256
6a80dd2883e14ce8535b7f69d08c08c297e6bc5605a44d645d67fbb1fae0e265

SHA512
84a81b07a6dad7d483d2c23c1e911dd8c42fe14f2a848f5dc56309b9f2c719beaffde1abbd1a0ab2ddff3ac4e7510893533bea68801f84ea052d98eb1aff4101

Download Submit
C:\Windows\system\eYXtTKb.exe

Filesize
6.0MB

MD5
d3b8e74ea020676115049544ab24dcc3

SHA1
2a3cba5aff52c4c3ba9545f98aa96a4fb02dab60

SHA256
80e053337d236faed84bbf784f08d652d05cbaae2bf2976f1718da65c94ea9e4

SHA512
1658dcdf9743b249480849db9146801ef04db12ae0a8cdbe39974bb0c95afc892bb8bc428accc2c1b429ec635797b71011189ef81be9b33926cc86e28637abe9

Download Submit
C:\Windows\system\faittIl.exe

Filesize
6.0MB

MD5
468db54ef83cc95555d8b4f4bb31b445

SHA1
5f6bb2cafb19e1329a216edf0c52ae8d7d5d35bb

SHA256
4a4de365212454f7912cc524167cf1ca80330a2269431e60bfc332afadaa9b5d

SHA512
11f58f5d7e94d19bc2ef5a281e02c5579b4324adf6c5e6ad68a64fe8531b1d721b8d8c9c753d931b6c36beb2fbc2cc017990df74a2e9dfd7937af36da33f94cf

Download Submit
C:\Windows\system\iVTkAyJ.exe

Filesize
6.0MB

MD5
6ea01dd32853aaee8189cf493282e257

SHA1
ee4d61eea3f9a70d206abec87e13502afb979475

SHA256
e524e58e0faa975dd0b3ccd29b51f47f454eb1b9fbe5d6267186dd083bd817ac

SHA512
45ed20cbcf7b814073aa3605745ed5d52e1ed4be968c2e25e2139859cc141529fa624f7ceb8e7412e13610e3f6bfc45ad9a8301e9e68df820ee038d2b3f3d062

Download Submit
C:\Windows\system\jDUBiIA.exe

Filesize
6.0MB

MD5
04404a55819f35349f243d8e9e808ee5

SHA1
2c8901bae10a53855105ce1d701282202e172c58

SHA256
7e504e1d85f16deaddc8637d49f288d0f7dd0e77bfadd3919cfc8450a90c7a92

SHA512
5410c99101443301011249b29efb48555c3cb41f3392e9c56f75018b7fc75d57c656b48ead3359a3c8295d4f6c43fc18015a2bf53a492ff2ddc987eef9f0d94b

Download Submit
C:\Windows\system\lBvAlOv.exe

Filesize
6.0MB

MD5
6f75bf3fa20e99e8ac391bc5560a38c8

SHA1
e8d0ce8d986dd659739e83c9aecfce9052398d4f

SHA256
602493328624db276a36a65678406d32a7099d668b20206d76ac1b2e8790954e

SHA512
c609244c4825373b1922377bda905437f8b96abbb8ba9e89e51ce27194637b040594ec3733966b2ca3e29ea17b213f29a4ddab103f498960cc844861ec2bc004

Download Submit
C:\Windows\system\lOSGFMN.exe

Filesize
6.0MB

MD5
8c94bddd0c6ed9b9ad7a53181153fc6d

SHA1
cd6dbc63ad6dbb806683cd7cb626e5edb5500d3c

SHA256
eec0151707d7627ccd811346f9e91cdf502d5e902989ff60cbb9faab96b3cc15

SHA512
dcab704f5367988603395673c69bc4729ee2c7dd1c56521095b3259240dd3b96b587cf46eaa51b1c0717addc6e2120d95c366e7cd9cf00b01f601458750b33c2

Download Submit
C:\Windows\system\pkDidKO.exe

Filesize
6.0MB

MD5
8ee64825fa5bb533f2e31c342482e5ab

SHA1
b92da8bda8c7fb22b958faaf2eab7bf405047660

SHA256
72e6e277f2b585e16177a2b6fe6c47ee59ac7c49fbcef6d9ba6d747950b28268

SHA512
aec81c942c2f9f372e6ac17c21e82aaf593b15f3c2534e2f2219216ab66155fc447a17ffe1558586c69fb627c21fdfabffa9daaf77a7054858be9b38e956d93c

Download Submit
C:\Windows\system\qKuZhKi.exe

Filesize
6.0MB

MD5
30eee5f3e7960e9ae78d322ae6448bd2

SHA1
17b808a2ed8e4591d2a0268206089671fb3752bc

SHA256
f5233698ea385f0c47a46b55151d97129d9cd181a14920602fd08ad4a70ad3b8

SHA512
d8648abda9102f8f9cbb2f0f7c75cd189c5cc2227aaf634762eaee4ca5c1d0bb060500866995817ee81cc39fd382d2d1c746a711b7dee02031434cf73a4a7f44

Download Submit
C:\Windows\system\swRABAu.exe

Filesize
6.0MB

MD5
d20d0f2516c326bbea5e065bf73b9bae

SHA1
b02ac202eff2f2a06cac5a5044176eb4a2caaebd

SHA256
a5dd828d211b85087557b4c199948de0e198c5335d7fc690f54e8385f946de9c

SHA512
ee2f3cb77531c64f21ff97d08e26cc761ee8d928aaf82c6a2d31c2887cc9676ed2bec6971c38f7da500a90d76ae4fb9396167df0b5871b1d5bfc5a04db3ba8d0

Download Submit
C:\Windows\system\ufyUmsW.exe

Filesize
6.0MB

MD5
f7fd6e9587b737fd45ef4f8513b339a6

SHA1
0db52fc43046399fd848c64824f01509d17a87ce

SHA256
468c51c53d6f3b00a654fde90f30fdcf4d082102c54e58e254047ada161d5267

SHA512
d879e8d5703ccc7783b3e7473fcf86e78cd430395cc66902bcc35ff94f636e1a020eac03301411f2996d785cebcdae41faad70b27fde1f69ea978a8ba4641185

Download Submit
C:\Windows\system\xuJCdkR.exe

Filesize
6.0MB

MD5
c67b79d521f3349a4863bc967e83744c

SHA1
f73fbfbc165cfac95bf42a0644f1a3a5f057c440

SHA256
59b641b1d6ea6a46702b305dce5c86e6e387fbd97879a7aed00f2335bccc049d

SHA512
93d266b8a5e075bc6a955712b0934d448b97139e50f4c04811b5aa3283352c1fa3353f2b6b4900b760c9cc1d83ff2ace9cbe57dc444ea717fcfb829b3397443f

Download Submit
\Windows\system\LDWwfap.exe

Filesize
6.0MB

MD5
cfd1b2e94c75ec3fef029049a8594da7

SHA1
9afc000619eabfa0044a977778541864d46b9763

SHA256
c9fd77723f6fd9175a6ef13c3a183bfd40f64af97f10332a8eedebfda2f1452b

SHA512
ae58aae9a4eec6ade1752ca5892f0b2d29e38eb71ece93f843c62efc10fabf58b8d50687eecd7fbd46d0a84cbbf9353155dc0a956011c69448c4dfb75fc40931

Download Submit
memory/1600-2198-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/1600-2900-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1600-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1600-0-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1600-2221-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1600-3133-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1600-3139-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1600-2360-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1600-2406-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/1600-3132-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/1600-3114-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1600-2408-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1600-3115-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1600-2191-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1600-2903-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1600-3023-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/1940-2359-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1940-4033-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2340-2405-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2340-4034-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2218-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2536-4032-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2760-2407-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-4035-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2409-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2816-4036-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download