cobaltstrike | 284586c759ed4801fcc4f736081b109e74a86312dd84d947df0d99078ba5cf50

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

3679d73d7a953b1928eb33c0f8e29172
SHA1

733c5af76eb45dbf4e38c7afe3809c70c6c30e4b
SHA256

284586c759ed4801fcc4f736081b109e74a86312dd84d947df0d99078ba5cf50
SHA512

32ed37fba62e368efd33eb7844e514c9bebb7b8032f371a518d7990fa419a080e401717965d707486de30bdd4fb6b113924d5cafe284050990bc8d861f31012c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUY:T+q56utgpPF8u/7Y

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fe-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d4e-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d4a-7.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d55-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d71-34.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d21-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dc6-50.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016dc9-54.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001956c-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019606-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-198.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-174.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019608-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019604-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958e-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d6-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019570-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019524-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001954e-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f3-104.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e7-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e9-87.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e3-72.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd1-65.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2592-0-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fe-3.dat	xmrig
behavioral1/files/0x0007000000016d4e-9.dat	xmrig
behavioral1/files/0x0008000000016d4a-7.dat	xmrig
behavioral1/memory/2576-20-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/1988-17-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d55-22.dat	xmrig
behavioral1/memory/2196-29-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/1960-13-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2988-35-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d71-34.dat	xmrig
behavioral1/files/0x0009000000016d21-36.dat	xmrig
behavioral1/memory/2592-40-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2352-44-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2592-47-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2788-53-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/1988-52-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016dc6-50.dat	xmrig
behavioral1/memory/1960-46-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x0009000000016dc9-54.dat	xmrig
behavioral1/memory/2576-59-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2836-60-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2776-74-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2592-85-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2704-88-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2384-97-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001956c-124.dat	xmrig
behavioral1/files/0x0005000000019606-154.dat	xmrig
behavioral1/files/0x0005000000019c34-198.dat	xmrig
behavioral1/memory/2384-813-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/1432-976-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2704-611-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2632-422-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2776-249-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/files/0x0005000000019926-193.dat	xmrig
behavioral1/files/0x0005000000019667-184.dat	xmrig
behavioral1/files/0x000500000001961c-174.dat	xmrig
behavioral1/files/0x00050000000196a1-187.dat	xmrig
behavioral1/files/0x000500000001961e-177.dat	xmrig
behavioral1/files/0x000500000001960a-163.dat	xmrig
behavioral1/files/0x000500000001960c-168.dat	xmrig
behavioral1/files/0x0005000000019608-158.dat	xmrig
behavioral1/files/0x0005000000019604-144.dat	xmrig
behavioral1/files/0x0005000000019605-148.dat	xmrig
behavioral1/files/0x000500000001958e-133.dat	xmrig
behavioral1/files/0x00050000000195d6-137.dat	xmrig
behavioral1/files/0x0005000000019570-128.dat	xmrig
behavioral1/files/0x0005000000019524-113.dat	xmrig
behavioral1/files/0x000500000001954e-118.dat	xmrig
behavioral1/memory/2836-96-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ef-95.dat	xmrig
behavioral1/memory/1432-106-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2976-105-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194f3-104.dat	xmrig
behavioral1/memory/2632-81-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x00050000000194e7-80.dat	xmrig
behavioral1/files/0x00050000000194e9-87.dat	xmrig
behavioral1/memory/2988-73-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x00050000000194e3-72.dat	xmrig
behavioral1/memory/2976-66-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016dd1-65.dat	xmrig
behavioral1/memory/1988-3673-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2196-3693-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/1960-3701-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1960	aTVfbFM.exe
1988	fNhjuIK.exe
2576	SQXTpYV.exe
2196	mfWEFdu.exe
2988	tAIENbG.exe
2352	XgcXJCW.exe
2788	FlAiGlq.exe
2836	ZBZKhlr.exe
2976	BiGzNPb.exe
2776	MXUtcxF.exe
2632	gbxXjah.exe
2704	rbYmTTc.exe
2384	cpofHNT.exe
1432	QIQSnTg.exe
2920	booRwow.exe
2372	QPZlRdV.exe
2128	glpwlcv.exe
2032	kgsYBHw.exe
1260	fgPNrdw.exe
2924	HYVbFaD.exe
1936	SBcWyha.exe
748	mhwgVRf.exe
1156	lqWdYdk.exe
1636	QGLXrDL.exe
1640	qfQiiaP.exe
2080	dcFxETu.exe
1892	cQGmLYP.exe
1896	EyaaRxW.exe
1048	QOaYKvj.exe
348	nJyLQmS.exe
1748	runuyHG.exe
1548	JlIKBFB.exe
1248	fUhgACG.exe
984	CCkNxDP.exe
340	MTnCWtN.exe
1704	EBLQBJU.exe
1668	fGkFONw.exe
1916	FvruFRd.exe
1800	nZtzZlQ.exe
1004	hRvXYCq.exe
1536	vzwDkPV.exe
304	WtsSNan.exe
2260	WLstIuh.exe
1968	PBNVWYF.exe
1440	wJeMpfH.exe
544	iVdipHG.exe
2296	gydzMuU.exe
1284	NGfqJOc.exe
1080	bSapMYa.exe
880	tlyWAgi.exe
1812	wzLNmYd.exe
2320	YdYngmV.exe
1560	MYyNjWf.exe
1588	epUaGTF.exe
2448	eZIwVmR.exe
1672	SRrcDZa.exe
3016	VOyKaSt.exe
2880	XZWrICv.exe
2972	SsGwvSa.exe
2660	dpQwlmR.exe
2332	RhuhhWz.exe
2648	YVYFgYc.exe
2360	nYkZZtc.exe
1412	SNkHAMJ.exe

Loads dropped DLL 64 IoCs

pid	Process
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2592-0-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x00080000000120fe-3.dat	upx
behavioral1/files/0x0007000000016d4e-9.dat	upx
behavioral1/files/0x0008000000016d4a-7.dat	upx
behavioral1/memory/2576-20-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/1988-17-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x0007000000016d55-22.dat	upx
behavioral1/memory/2196-29-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/1960-13-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2988-35-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x0007000000016d71-34.dat	upx
behavioral1/files/0x0009000000016d21-36.dat	upx
behavioral1/memory/2592-40-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2352-44-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2788-53-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/1988-52-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x0007000000016dc6-50.dat	upx
behavioral1/memory/1960-46-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/files/0x0009000000016dc9-54.dat	upx
behavioral1/memory/2576-59-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2836-60-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2776-74-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2704-88-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2384-97-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/files/0x000500000001956c-124.dat	upx
behavioral1/files/0x0005000000019606-154.dat	upx
behavioral1/files/0x0005000000019c34-198.dat	upx
behavioral1/memory/2384-813-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/1432-976-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2704-611-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2632-422-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2776-249-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/files/0x0005000000019926-193.dat	upx
behavioral1/files/0x0005000000019667-184.dat	upx
behavioral1/files/0x000500000001961c-174.dat	upx
behavioral1/files/0x00050000000196a1-187.dat	upx
behavioral1/files/0x000500000001961e-177.dat	upx
behavioral1/files/0x000500000001960a-163.dat	upx
behavioral1/files/0x000500000001960c-168.dat	upx
behavioral1/files/0x0005000000019608-158.dat	upx
behavioral1/files/0x0005000000019604-144.dat	upx
behavioral1/files/0x0005000000019605-148.dat	upx
behavioral1/files/0x000500000001958e-133.dat	upx
behavioral1/files/0x00050000000195d6-137.dat	upx
behavioral1/files/0x0005000000019570-128.dat	upx
behavioral1/files/0x0005000000019524-113.dat	upx
behavioral1/files/0x000500000001954e-118.dat	upx
behavioral1/memory/2836-96-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x00050000000194ef-95.dat	upx
behavioral1/memory/1432-106-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2976-105-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x00050000000194f3-104.dat	upx
behavioral1/memory/2632-81-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x00050000000194e7-80.dat	upx
behavioral1/files/0x00050000000194e9-87.dat	upx
behavioral1/memory/2988-73-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x00050000000194e3-72.dat	upx
behavioral1/memory/2976-66-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x0008000000016dd1-65.dat	upx
behavioral1/memory/1988-3673-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2196-3693-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/1960-3701-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2576-3706-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2352-3754-0x000000013F530000-0x000000013F884000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\mhenkBu.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zywfkjP.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VFggZYY.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XeuBJOy.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uyyqrXZ.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRFwUCL.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSlNrwg.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aivsLSu.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ozJlUPk.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFNxqft.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FVutYcC.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YiMaReG.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FlXIELG.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wUirPdY.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZqpFHWW.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mPNRDqN.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qCLiYYh.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HsiaSag.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RZSDZty.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dODxcZk.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oJSvGRP.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sQZYcYv.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zvstgWW.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sZnuvqV.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oGwGreI.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BBHSLGp.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JHOtagn.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aJQNhPJ.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\siwootQ.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pSAUgyn.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yiXUVMp.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JuVTMrL.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yiVhlqG.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FTVxWWW.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CEMITrN.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbViWDY.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QDofNcs.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqBmUGz.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfnVKhf.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DyUaAki.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jZyLPeB.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GswqqhS.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hIuHdFo.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EtTeFUl.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZBSAwYL.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bNuyfeK.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NZlFgyp.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YfsqLwT.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zBLIKQD.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NpWlNSK.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eVkleLB.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ihwZvFk.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\imewcjw.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNApBqm.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hwjGYIY.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUNLYCY.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UNGWdOJ.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ceFwRFv.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFRzULM.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BAXUGTZ.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cafYdqR.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mUlPzbx.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VcmgQTp.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WUieUrW.exe	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2592 wrote to memory of 1960	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2592 wrote to memory of 1960	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2592 wrote to memory of 1960	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2592 wrote to memory of 1988	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2592 wrote to memory of 1988	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2592 wrote to memory of 1988	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2592 wrote to memory of 2576	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2592 wrote to memory of 2576	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2592 wrote to memory of 2576	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2592 wrote to memory of 2196	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2592 wrote to memory of 2196	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2592 wrote to memory of 2196	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2592 wrote to memory of 2988	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2592 wrote to memory of 2988	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2592 wrote to memory of 2988	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2592 wrote to memory of 2352	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2592 wrote to memory of 2352	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2592 wrote to memory of 2352	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2592 wrote to memory of 2788	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2592 wrote to memory of 2788	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2592 wrote to memory of 2788	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2592 wrote to memory of 2836	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2592 wrote to memory of 2836	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2592 wrote to memory of 2836	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2592 wrote to memory of 2976	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2592 wrote to memory of 2976	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2592 wrote to memory of 2976	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2592 wrote to memory of 2776	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2592 wrote to memory of 2776	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2592 wrote to memory of 2776	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2592 wrote to memory of 2632	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2592 wrote to memory of 2632	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2592 wrote to memory of 2632	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2592 wrote to memory of 2704	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2592 wrote to memory of 2704	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2592 wrote to memory of 2704	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2592 wrote to memory of 2384	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2592 wrote to memory of 2384	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2592 wrote to memory of 2384	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2592 wrote to memory of 1432	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2592 wrote to memory of 1432	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2592 wrote to memory of 1432	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2592 wrote to memory of 2920	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2592 wrote to memory of 2920	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2592 wrote to memory of 2920	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2592 wrote to memory of 2372	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2592 wrote to memory of 2372	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2592 wrote to memory of 2372	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2592 wrote to memory of 2128	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2592 wrote to memory of 2128	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2592 wrote to memory of 2128	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2592 wrote to memory of 2032	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2592 wrote to memory of 2032	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2592 wrote to memory of 2032	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2592 wrote to memory of 1260	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2592 wrote to memory of 1260	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2592 wrote to memory of 1260	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2592 wrote to memory of 2924	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2592 wrote to memory of 2924	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2592 wrote to memory of 2924	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2592 wrote to memory of 1936	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2592 wrote to memory of 1936	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2592 wrote to memory of 1936	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2592 wrote to memory of 748	2592	2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_3679d73d7a953b1928eb33c0f8e29172_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Windows\System\aTVfbFM.exe
  C:\Windows\System\aTVfbFM.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\fNhjuIK.exe
  C:\Windows\System\fNhjuIK.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\SQXTpYV.exe
  C:\Windows\System\SQXTpYV.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\mfWEFdu.exe
  C:\Windows\System\mfWEFdu.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\tAIENbG.exe
  C:\Windows\System\tAIENbG.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\XgcXJCW.exe
  C:\Windows\System\XgcXJCW.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\FlAiGlq.exe
  C:\Windows\System\FlAiGlq.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\ZBZKhlr.exe
  C:\Windows\System\ZBZKhlr.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\BiGzNPb.exe
  C:\Windows\System\BiGzNPb.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\MXUtcxF.exe
  C:\Windows\System\MXUtcxF.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\gbxXjah.exe
  C:\Windows\System\gbxXjah.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\rbYmTTc.exe
  C:\Windows\System\rbYmTTc.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\cpofHNT.exe
  C:\Windows\System\cpofHNT.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\QIQSnTg.exe
  C:\Windows\System\QIQSnTg.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\booRwow.exe
  C:\Windows\System\booRwow.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\QPZlRdV.exe
  C:\Windows\System\QPZlRdV.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\glpwlcv.exe
  C:\Windows\System\glpwlcv.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\kgsYBHw.exe
  C:\Windows\System\kgsYBHw.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\fgPNrdw.exe
  C:\Windows\System\fgPNrdw.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\HYVbFaD.exe
  C:\Windows\System\HYVbFaD.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\SBcWyha.exe
  C:\Windows\System\SBcWyha.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\mhwgVRf.exe
  C:\Windows\System\mhwgVRf.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\lqWdYdk.exe
  C:\Windows\System\lqWdYdk.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\QGLXrDL.exe
  C:\Windows\System\QGLXrDL.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\qfQiiaP.exe
  C:\Windows\System\qfQiiaP.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\dcFxETu.exe
  C:\Windows\System\dcFxETu.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\cQGmLYP.exe
  C:\Windows\System\cQGmLYP.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\EyaaRxW.exe
  C:\Windows\System\EyaaRxW.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\QOaYKvj.exe
  C:\Windows\System\QOaYKvj.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\nJyLQmS.exe
  C:\Windows\System\nJyLQmS.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\runuyHG.exe
  C:\Windows\System\runuyHG.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\JlIKBFB.exe
  C:\Windows\System\JlIKBFB.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\fUhgACG.exe
  C:\Windows\System\fUhgACG.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\CCkNxDP.exe
  C:\Windows\System\CCkNxDP.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\MTnCWtN.exe
  C:\Windows\System\MTnCWtN.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\EBLQBJU.exe
  C:\Windows\System\EBLQBJU.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\fGkFONw.exe
  C:\Windows\System\fGkFONw.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\FvruFRd.exe
  C:\Windows\System\FvruFRd.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\nZtzZlQ.exe
  C:\Windows\System\nZtzZlQ.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\hRvXYCq.exe
  C:\Windows\System\hRvXYCq.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\vzwDkPV.exe
  C:\Windows\System\vzwDkPV.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\WtsSNan.exe
  C:\Windows\System\WtsSNan.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\WLstIuh.exe
  C:\Windows\System\WLstIuh.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\PBNVWYF.exe
  C:\Windows\System\PBNVWYF.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\wJeMpfH.exe
  C:\Windows\System\wJeMpfH.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\iVdipHG.exe
  C:\Windows\System\iVdipHG.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\gydzMuU.exe
  C:\Windows\System\gydzMuU.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\NGfqJOc.exe
  C:\Windows\System\NGfqJOc.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\bSapMYa.exe
  C:\Windows\System\bSapMYa.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\tlyWAgi.exe
  C:\Windows\System\tlyWAgi.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\wzLNmYd.exe
  C:\Windows\System\wzLNmYd.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\YdYngmV.exe
  C:\Windows\System\YdYngmV.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\MYyNjWf.exe
  C:\Windows\System\MYyNjWf.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\epUaGTF.exe
  C:\Windows\System\epUaGTF.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\eZIwVmR.exe
  C:\Windows\System\eZIwVmR.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\SRrcDZa.exe
  C:\Windows\System\SRrcDZa.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\VOyKaSt.exe
  C:\Windows\System\VOyKaSt.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\XZWrICv.exe
  C:\Windows\System\XZWrICv.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\SsGwvSa.exe
  C:\Windows\System\SsGwvSa.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\dpQwlmR.exe
  C:\Windows\System\dpQwlmR.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\RhuhhWz.exe
  C:\Windows\System\RhuhhWz.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\YVYFgYc.exe
  C:\Windows\System\YVYFgYc.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\SNkHAMJ.exe
  C:\Windows\System\SNkHAMJ.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\nYkZZtc.exe
  C:\Windows\System\nYkZZtc.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\tPFtZZF.exe
  C:\Windows\System\tPFtZZF.exe
  2⤵
  PID:1924
- C:\Windows\System\NHSUaKS.exe
  C:\Windows\System\NHSUaKS.exe
  2⤵
  PID:2824
- C:\Windows\System\KouSrWL.exe
  C:\Windows\System\KouSrWL.exe
  2⤵
  PID:856
- C:\Windows\System\wDgbFQB.exe
  C:\Windows\System\wDgbFQB.exe
  2⤵
  PID:2416
- C:\Windows\System\srCiAnm.exe
  C:\Windows\System\srCiAnm.exe
  2⤵
  PID:1060
- C:\Windows\System\IQuBZbK.exe
  C:\Windows\System\IQuBZbK.exe
  2⤵
  PID:1644
- C:\Windows\System\JnhuUCM.exe
  C:\Windows\System\JnhuUCM.exe
  2⤵
  PID:2556
- C:\Windows\System\cGJHpwA.exe
  C:\Windows\System\cGJHpwA.exe
  2⤵
  PID:1736
- C:\Windows\System\EMndpzG.exe
  C:\Windows\System\EMndpzG.exe
  2⤵
  PID:2204
- C:\Windows\System\dePdprk.exe
  C:\Windows\System\dePdprk.exe
  2⤵
  PID:1904
- C:\Windows\System\bRpXyxa.exe
  C:\Windows\System\bRpXyxa.exe
  2⤵
  PID:956
- C:\Windows\System\ooFOVAk.exe
  C:\Windows\System\ooFOVAk.exe
  2⤵
  PID:952
- C:\Windows\System\oNSlxRE.exe
  C:\Windows\System\oNSlxRE.exe
  2⤵
  PID:2940
- C:\Windows\System\HSGnUzN.exe
  C:\Windows\System\HSGnUzN.exe
  2⤵
  PID:1740
- C:\Windows\System\sqjnOQJ.exe
  C:\Windows\System\sqjnOQJ.exe
  2⤵
  PID:1400
- C:\Windows\System\DktVYIK.exe
  C:\Windows\System\DktVYIK.exe
  2⤵
  PID:2476
- C:\Windows\System\SwuLhwr.exe
  C:\Windows\System\SwuLhwr.exe
  2⤵
  PID:2612
- C:\Windows\System\ICxusiK.exe
  C:\Windows\System\ICxusiK.exe
  2⤵
  PID:980
- C:\Windows\System\HTXviFm.exe
  C:\Windows\System\HTXviFm.exe
  2⤵
  PID:1084
- C:\Windows\System\VKOmJfQ.exe
  C:\Windows\System\VKOmJfQ.exe
  2⤵
  PID:336
- C:\Windows\System\VfstHsv.exe
  C:\Windows\System\VfstHsv.exe
  2⤵
  PID:2508
- C:\Windows\System\VRnHquv.exe
  C:\Windows\System\VRnHquv.exe
  2⤵
  PID:1788
- C:\Windows\System\KgQoovm.exe
  C:\Windows\System\KgQoovm.exe
  2⤵
  PID:2240
- C:\Windows\System\McutbHP.exe
  C:\Windows\System\McutbHP.exe
  2⤵
  PID:2212
- C:\Windows\System\oafBtUW.exe
  C:\Windows\System\oafBtUW.exe
  2⤵
  PID:2844
- C:\Windows\System\soMYqHH.exe
  C:\Windows\System\soMYqHH.exe
  2⤵
  PID:2428
- C:\Windows\System\ZsyPbdr.exe
  C:\Windows\System\ZsyPbdr.exe
  2⤵
  PID:888
- C:\Windows\System\QTKUuPf.exe
  C:\Windows\System\QTKUuPf.exe
  2⤵
  PID:2872
- C:\Windows\System\cpLkIva.exe
  C:\Windows\System\cpLkIva.exe
  2⤵
  PID:2684
- C:\Windows\System\OXVRcAv.exe
  C:\Windows\System\OXVRcAv.exe
  2⤵
  PID:1656
- C:\Windows\System\LnqhNbK.exe
  C:\Windows\System\LnqhNbK.exe
  2⤵
  PID:2148
- C:\Windows\System\UyunQDj.exe
  C:\Windows\System\UyunQDj.exe
  2⤵
  PID:1908
- C:\Windows\System\GNxaLcE.exe
  C:\Windows\System\GNxaLcE.exe
  2⤵
  PID:1752
- C:\Windows\System\tOyrepN.exe
  C:\Windows\System\tOyrepN.exe
  2⤵
  PID:2200
- C:\Windows\System\NVDxJjh.exe
  C:\Windows\System\NVDxJjh.exe
  2⤵
  PID:2076
- C:\Windows\System\tvRHaWI.exe
  C:\Windows\System\tvRHaWI.exe
  2⤵
  PID:2584
- C:\Windows\System\cBJyLXc.exe
  C:\Windows\System\cBJyLXc.exe
  2⤵
  PID:1236
- C:\Windows\System\YspsZAH.exe
  C:\Windows\System\YspsZAH.exe
  2⤵
  PID:2252
- C:\Windows\System\BKQZCWx.exe
  C:\Windows\System\BKQZCWx.exe
  2⤵
  PID:2100
- C:\Windows\System\NRsNbgJ.exe
  C:\Windows\System\NRsNbgJ.exe
  2⤵
  PID:532
- C:\Windows\System\blmfHIW.exe
  C:\Windows\System\blmfHIW.exe
  2⤵
  PID:2520
- C:\Windows\System\BEOWWwG.exe
  C:\Windows\System\BEOWWwG.exe
  2⤵
  PID:1696
- C:\Windows\System\zCHDCOK.exe
  C:\Windows\System\zCHDCOK.exe
  2⤵
  PID:2436
- C:\Windows\System\FFBvYJx.exe
  C:\Windows\System\FFBvYJx.exe
  2⤵
  PID:2852
- C:\Windows\System\EvYuQSC.exe
  C:\Windows\System\EvYuQSC.exe
  2⤵
  PID:1092
- C:\Windows\System\aKwtBkT.exe
  C:\Windows\System\aKwtBkT.exe
  2⤵
  PID:1068
- C:\Windows\System\lBEJzgW.exe
  C:\Windows\System\lBEJzgW.exe
  2⤵
  PID:2912
- C:\Windows\System\qnRJgWS.exe
  C:\Windows\System\qnRJgWS.exe
  2⤵
  PID:1596
- C:\Windows\System\pnsEQqs.exe
  C:\Windows\System\pnsEQqs.exe
  2⤵
  PID:1476
- C:\Windows\System\tNApBqm.exe
  C:\Windows\System\tNApBqm.exe
  2⤵
  PID:1864
- C:\Windows\System\occjbsV.exe
  C:\Windows\System\occjbsV.exe
  2⤵
  PID:1808
- C:\Windows\System\CQtWpBP.exe
  C:\Windows\System\CQtWpBP.exe
  2⤵
  PID:2392
- C:\Windows\System\OqJezHs.exe
  C:\Windows\System\OqJezHs.exe
  2⤵
  PID:580
- C:\Windows\System\YiMaReG.exe
  C:\Windows\System\YiMaReG.exe
  2⤵
  PID:3084
- C:\Windows\System\cThFsFW.exe
  C:\Windows\System\cThFsFW.exe
  2⤵
  PID:3104
- C:\Windows\System\TRETdIg.exe
  C:\Windows\System\TRETdIg.exe
  2⤵
  PID:3128
- C:\Windows\System\FoCzAkj.exe
  C:\Windows\System\FoCzAkj.exe
  2⤵
  PID:3144
- C:\Windows\System\QNchVWU.exe
  C:\Windows\System\QNchVWU.exe
  2⤵
  PID:3168
- C:\Windows\System\xpmICkm.exe
  C:\Windows\System\xpmICkm.exe
  2⤵
  PID:3188
- C:\Windows\System\qyZAloZ.exe
  C:\Windows\System\qyZAloZ.exe
  2⤵
  PID:3208
- C:\Windows\System\CzUBsiQ.exe
  C:\Windows\System\CzUBsiQ.exe
  2⤵
  PID:3228
- C:\Windows\System\MneBTXd.exe
  C:\Windows\System\MneBTXd.exe
  2⤵
  PID:3248
- C:\Windows\System\mgUqYWT.exe
  C:\Windows\System\mgUqYWT.exe
  2⤵
  PID:3268
- C:\Windows\System\JFdMLEi.exe
  C:\Windows\System\JFdMLEi.exe
  2⤵
  PID:3288
- C:\Windows\System\EaNLZud.exe
  C:\Windows\System\EaNLZud.exe
  2⤵
  PID:3308
- C:\Windows\System\FdRLVXW.exe
  C:\Windows\System\FdRLVXW.exe
  2⤵
  PID:3328
- C:\Windows\System\kyfuPrh.exe
  C:\Windows\System\kyfuPrh.exe
  2⤵
  PID:3344
- C:\Windows\System\ceOnDHy.exe
  C:\Windows\System\ceOnDHy.exe
  2⤵
  PID:3364
- C:\Windows\System\EGRhReS.exe
  C:\Windows\System\EGRhReS.exe
  2⤵
  PID:3388
- C:\Windows\System\bzJvWMV.exe
  C:\Windows\System\bzJvWMV.exe
  2⤵
  PID:3408
- C:\Windows\System\BWOTvIv.exe
  C:\Windows\System\BWOTvIv.exe
  2⤵
  PID:3428
- C:\Windows\System\kAAKJGt.exe
  C:\Windows\System\kAAKJGt.exe
  2⤵
  PID:3448
- C:\Windows\System\eeLBvxC.exe
  C:\Windows\System\eeLBvxC.exe
  2⤵
  PID:3468
- C:\Windows\System\XCooGrv.exe
  C:\Windows\System\XCooGrv.exe
  2⤵
  PID:3488
- C:\Windows\System\nFqMDSW.exe
  C:\Windows\System\nFqMDSW.exe
  2⤵
  PID:3508
- C:\Windows\System\TbTSZhr.exe
  C:\Windows\System\TbTSZhr.exe
  2⤵
  PID:3528
- C:\Windows\System\Npadrvd.exe
  C:\Windows\System\Npadrvd.exe
  2⤵
  PID:3544
- C:\Windows\System\pGAvftA.exe
  C:\Windows\System\pGAvftA.exe
  2⤵
  PID:3564
- C:\Windows\System\luGladA.exe
  C:\Windows\System\luGladA.exe
  2⤵
  PID:3584
- C:\Windows\System\PGyLfsD.exe
  C:\Windows\System\PGyLfsD.exe
  2⤵
  PID:3604
- C:\Windows\System\jHbuxFe.exe
  C:\Windows\System\jHbuxFe.exe
  2⤵
  PID:3628
- C:\Windows\System\Ytkzfwt.exe
  C:\Windows\System\Ytkzfwt.exe
  2⤵
  PID:3648
- C:\Windows\System\gXSmBhg.exe
  C:\Windows\System\gXSmBhg.exe
  2⤵
  PID:3668
- C:\Windows\System\vfTkSFL.exe
  C:\Windows\System\vfTkSFL.exe
  2⤵
  PID:3688
- C:\Windows\System\xxatjnI.exe
  C:\Windows\System\xxatjnI.exe
  2⤵
  PID:3704
- C:\Windows\System\DEqWBIS.exe
  C:\Windows\System\DEqWBIS.exe
  2⤵
  PID:3724
- C:\Windows\System\NhLbFui.exe
  C:\Windows\System\NhLbFui.exe
  2⤵
  PID:3748
- C:\Windows\System\ClQlfKe.exe
  C:\Windows\System\ClQlfKe.exe
  2⤵
  PID:3768
- C:\Windows\System\GEhwdPD.exe
  C:\Windows\System\GEhwdPD.exe
  2⤵
  PID:3784
- C:\Windows\System\slapfBV.exe
  C:\Windows\System\slapfBV.exe
  2⤵
  PID:3808
- C:\Windows\System\zxpfNYG.exe
  C:\Windows\System\zxpfNYG.exe
  2⤵
  PID:3828
- C:\Windows\System\fnyFlaG.exe
  C:\Windows\System\fnyFlaG.exe
  2⤵
  PID:3848
- C:\Windows\System\KaGRpOp.exe
  C:\Windows\System\KaGRpOp.exe
  2⤵
  PID:3864
- C:\Windows\System\fJRglvP.exe
  C:\Windows\System\fJRglvP.exe
  2⤵
  PID:3888
- C:\Windows\System\LLKDGYR.exe
  C:\Windows\System\LLKDGYR.exe
  2⤵
  PID:3908
- C:\Windows\System\xDqBtzq.exe
  C:\Windows\System\xDqBtzq.exe
  2⤵
  PID:3928
- C:\Windows\System\ghGwTfU.exe
  C:\Windows\System\ghGwTfU.exe
  2⤵
  PID:3944
- C:\Windows\System\VjnDTyT.exe
  C:\Windows\System\VjnDTyT.exe
  2⤵
  PID:3964
- C:\Windows\System\PNtakDW.exe
  C:\Windows\System\PNtakDW.exe
  2⤵
  PID:3988
- C:\Windows\System\ekfetjn.exe
  C:\Windows\System\ekfetjn.exe
  2⤵
  PID:4008
- C:\Windows\System\PAvYAXo.exe
  C:\Windows\System\PAvYAXo.exe
  2⤵
  PID:4028
- C:\Windows\System\clMebUS.exe
  C:\Windows\System\clMebUS.exe
  2⤵
  PID:4048
- C:\Windows\System\CFDArsX.exe
  C:\Windows\System\CFDArsX.exe
  2⤵
  PID:4064
- C:\Windows\System\thctEKY.exe
  C:\Windows\System\thctEKY.exe
  2⤵
  PID:4084
- C:\Windows\System\LOJhQNK.exe
  C:\Windows\System\LOJhQNK.exe
  2⤵
  PID:2560
- C:\Windows\System\GAiXmid.exe
  C:\Windows\System\GAiXmid.exe
  2⤵
  PID:792
- C:\Windows\System\NKIbDVa.exe
  C:\Windows\System\NKIbDVa.exe
  2⤵
  PID:2820
- C:\Windows\System\yfNsizO.exe
  C:\Windows\System\yfNsizO.exe
  2⤵
  PID:1912
- C:\Windows\System\iqxXHYe.exe
  C:\Windows\System\iqxXHYe.exe
  2⤵
  PID:1144
- C:\Windows\System\KiYLmaJ.exe
  C:\Windows\System\KiYLmaJ.exe
  2⤵
  PID:2092
- C:\Windows\System\RDnOzDL.exe
  C:\Windows\System\RDnOzDL.exe
  2⤵
  PID:1708
- C:\Windows\System\MKWVDED.exe
  C:\Windows\System\MKWVDED.exe
  2⤵
  PID:3116
- C:\Windows\System\aLpypJU.exe
  C:\Windows\System\aLpypJU.exe
  2⤵
  PID:3152
- C:\Windows\System\CKEmlzW.exe
  C:\Windows\System\CKEmlzW.exe
  2⤵
  PID:3160
- C:\Windows\System\KSwnLzW.exe
  C:\Windows\System\KSwnLzW.exe
  2⤵
  PID:3184
- C:\Windows\System\bqfrGlz.exe
  C:\Windows\System\bqfrGlz.exe
  2⤵
  PID:3244
- C:\Windows\System\dMvxvfx.exe
  C:\Windows\System\dMvxvfx.exe
  2⤵
  PID:3280
- C:\Windows\System\yGnooaq.exe
  C:\Windows\System\yGnooaq.exe
  2⤵
  PID:3256
- C:\Windows\System\pfeVzMd.exe
  C:\Windows\System\pfeVzMd.exe
  2⤵
  PID:3304
- C:\Windows\System\RJnErvB.exe
  C:\Windows\System\RJnErvB.exe
  2⤵
  PID:3372
- C:\Windows\System\UeHcqXQ.exe
  C:\Windows\System\UeHcqXQ.exe
  2⤵
  PID:3404
- C:\Windows\System\jatMiVe.exe
  C:\Windows\System\jatMiVe.exe
  2⤵
  PID:3440
- C:\Windows\System\qCLiYYh.exe
  C:\Windows\System\qCLiYYh.exe
  2⤵
  PID:3484
- C:\Windows\System\zBLIKQD.exe
  C:\Windows\System\zBLIKQD.exe
  2⤵
  PID:3524
- C:\Windows\System\RyJvnYZ.exe
  C:\Windows\System\RyJvnYZ.exe
  2⤵
  PID:3504
- C:\Windows\System\TUjtaer.exe
  C:\Windows\System\TUjtaer.exe
  2⤵
  PID:3596
- C:\Windows\System\JhopthS.exe
  C:\Windows\System\JhopthS.exe
  2⤵
  PID:3636
- C:\Windows\System\kTkBdBR.exe
  C:\Windows\System\kTkBdBR.exe
  2⤵
  PID:3572
- C:\Windows\System\izuIdXe.exe
  C:\Windows\System\izuIdXe.exe
  2⤵
  PID:3676
- C:\Windows\System\ZlzHPjq.exe
  C:\Windows\System\ZlzHPjq.exe
  2⤵
  PID:3660
- C:\Windows\System\DDWfjeT.exe
  C:\Windows\System\DDWfjeT.exe
  2⤵
  PID:3732
- C:\Windows\System\oMAJPzi.exe
  C:\Windows\System\oMAJPzi.exe
  2⤵
  PID:3740
- C:\Windows\System\xJfbNTS.exe
  C:\Windows\System\xJfbNTS.exe
  2⤵
  PID:3796
- C:\Windows\System\OBDxNDK.exe
  C:\Windows\System\OBDxNDK.exe
  2⤵
  PID:3844
- C:\Windows\System\jZyLPeB.exe
  C:\Windows\System\jZyLPeB.exe
  2⤵
  PID:3884
- C:\Windows\System\lWQKUjC.exe
  C:\Windows\System\lWQKUjC.exe
  2⤵
  PID:3856
- C:\Windows\System\qWkiaux.exe
  C:\Windows\System\qWkiaux.exe
  2⤵
  PID:3900
- C:\Windows\System\SiPoxSK.exe
  C:\Windows\System\SiPoxSK.exe
  2⤵
  PID:3956
- C:\Windows\System\vdmmsyj.exe
  C:\Windows\System\vdmmsyj.exe
  2⤵
  PID:3972
- C:\Windows\System\WpZdyIj.exe
  C:\Windows\System\WpZdyIj.exe
  2⤵
  PID:4036
- C:\Windows\System\zKDiPkX.exe
  C:\Windows\System\zKDiPkX.exe
  2⤵
  PID:4020
- C:\Windows\System\FSSznTV.exe
  C:\Windows\System\FSSznTV.exe
  2⤵
  PID:2772
- C:\Windows\System\tJVqumy.exe
  C:\Windows\System\tJVqumy.exe
  2⤵
  PID:1972
- C:\Windows\System\jVpCZsR.exe
  C:\Windows\System\jVpCZsR.exe
  2⤵
  PID:2052
- C:\Windows\System\wMZorie.exe
  C:\Windows\System\wMZorie.exe
  2⤵
  PID:1724
- C:\Windows\System\HFJFMob.exe
  C:\Windows\System\HFJFMob.exe
  2⤵
  PID:376
- C:\Windows\System\abeTevG.exe
  C:\Windows\System\abeTevG.exe
  2⤵
  PID:3112
- C:\Windows\System\gmIpRfn.exe
  C:\Windows\System\gmIpRfn.exe
  2⤵
  PID:3216
- C:\Windows\System\eACnyQd.exe
  C:\Windows\System\eACnyQd.exe
  2⤵
  PID:3100
- C:\Windows\System\NpWlNSK.exe
  C:\Windows\System\NpWlNSK.exe
  2⤵
  PID:3220
- C:\Windows\System\HcONTCU.exe
  C:\Windows\System\HcONTCU.exe
  2⤵
  PID:3356
- C:\Windows\System\soMndrB.exe
  C:\Windows\System\soMndrB.exe
  2⤵
  PID:3480
- C:\Windows\System\fdgOiiS.exe
  C:\Windows\System\fdgOiiS.exe
  2⤵
  PID:3340
- C:\Windows\System\OChLTpb.exe
  C:\Windows\System\OChLTpb.exe
  2⤵
  PID:3420
- C:\Windows\System\CaFwfZy.exe
  C:\Windows\System\CaFwfZy.exe
  2⤵
  PID:3640
- C:\Windows\System\muqzkNH.exe
  C:\Windows\System\muqzkNH.exe
  2⤵
  PID:3540
- C:\Windows\System\aPHIOsZ.exe
  C:\Windows\System\aPHIOsZ.exe
  2⤵
  PID:3696
- C:\Windows\System\vwRBTSh.exe
  C:\Windows\System\vwRBTSh.exe
  2⤵
  PID:3620
- C:\Windows\System\diySUpu.exe
  C:\Windows\System\diySUpu.exe
  2⤵
  PID:3764
- C:\Windows\System\qxoouSo.exe
  C:\Windows\System\qxoouSo.exe
  2⤵
  PID:3824
- C:\Windows\System\NouJIaG.exe
  C:\Windows\System\NouJIaG.exe
  2⤵
  PID:3876
- C:\Windows\System\SNWgiFe.exe
  C:\Windows\System\SNWgiFe.exe
  2⤵
  PID:2716
- C:\Windows\System\DFRlFCu.exe
  C:\Windows\System\DFRlFCu.exe
  2⤵
  PID:3940
- C:\Windows\System\NbyJxSX.exe
  C:\Windows\System\NbyJxSX.exe
  2⤵
  PID:2172
- C:\Windows\System\SkgVIiU.exe
  C:\Windows\System\SkgVIiU.exe
  2⤵
  PID:4024
- C:\Windows\System\CgPYuIg.exe
  C:\Windows\System\CgPYuIg.exe
  2⤵
  PID:2040
- C:\Windows\System\uHRumyg.exe
  C:\Windows\System\uHRumyg.exe
  2⤵
  PID:2216
- C:\Windows\System\zdNCVeH.exe
  C:\Windows\System\zdNCVeH.exe
  2⤵
  PID:492
- C:\Windows\System\VFggZYY.exe
  C:\Windows\System\VFggZYY.exe
  2⤵
  PID:3120
- C:\Windows\System\TMkiNmI.exe
  C:\Windows\System\TMkiNmI.exe
  2⤵
  PID:3204
- C:\Windows\System\VCrJjCr.exe
  C:\Windows\System\VCrJjCr.exe
  2⤵
  PID:3276
- C:\Windows\System\SAtmKyi.exe
  C:\Windows\System\SAtmKyi.exe
  2⤵
  PID:3424
- C:\Windows\System\sBcRFMB.exe
  C:\Windows\System\sBcRFMB.exe
  2⤵
  PID:3552
- C:\Windows\System\kRUgdcJ.exe
  C:\Windows\System\kRUgdcJ.exe
  2⤵
  PID:3496
- C:\Windows\System\QMSfUKN.exe
  C:\Windows\System\QMSfUKN.exe
  2⤵
  PID:3820
- C:\Windows\System\ktADggx.exe
  C:\Windows\System\ktADggx.exe
  2⤵
  PID:3920
- C:\Windows\System\CJmobZi.exe
  C:\Windows\System\CJmobZi.exe
  2⤵
  PID:3840
- C:\Windows\System\ZMOtYvv.exe
  C:\Windows\System\ZMOtYvv.exe
  2⤵
  PID:4000
- C:\Windows\System\UwxhSMK.exe
  C:\Windows\System\UwxhSMK.exe
  2⤵
  PID:1532
- C:\Windows\System\IrMJBul.exe
  C:\Windows\System\IrMJBul.exe
  2⤵
  PID:4056
- C:\Windows\System\ZHaGRSz.exe
  C:\Windows\System\ZHaGRSz.exe
  2⤵
  PID:1524
- C:\Windows\System\bdTXcXf.exe
  C:\Windows\System\bdTXcXf.exe
  2⤵
  PID:2444
- C:\Windows\System\lNfxsQn.exe
  C:\Windows\System\lNfxsQn.exe
  2⤵
  PID:3516
- C:\Windows\System\EqMqjLa.exe
  C:\Windows\System\EqMqjLa.exe
  2⤵
  PID:4104
- C:\Windows\System\SBEQyXi.exe
  C:\Windows\System\SBEQyXi.exe
  2⤵
  PID:4124
- C:\Windows\System\vkLmWXF.exe
  C:\Windows\System\vkLmWXF.exe
  2⤵
  PID:4144
- C:\Windows\System\HHrSdzB.exe
  C:\Windows\System\HHrSdzB.exe
  2⤵
  PID:4160
- C:\Windows\System\PnuTQLr.exe
  C:\Windows\System\PnuTQLr.exe
  2⤵
  PID:4180
- C:\Windows\System\pRbzpRf.exe
  C:\Windows\System\pRbzpRf.exe
  2⤵
  PID:4204
- C:\Windows\System\hHxtzNg.exe
  C:\Windows\System\hHxtzNg.exe
  2⤵
  PID:4224
- C:\Windows\System\zSsDbcc.exe
  C:\Windows\System\zSsDbcc.exe
  2⤵
  PID:4244
- C:\Windows\System\fhhnlmc.exe
  C:\Windows\System\fhhnlmc.exe
  2⤵
  PID:4268
- C:\Windows\System\iLKZPgx.exe
  C:\Windows\System\iLKZPgx.exe
  2⤵
  PID:4284
- C:\Windows\System\vczOEaS.exe
  C:\Windows\System\vczOEaS.exe
  2⤵
  PID:4308
- C:\Windows\System\PSTCiQW.exe
  C:\Windows\System\PSTCiQW.exe
  2⤵
  PID:4328
- C:\Windows\System\nkLkDUX.exe
  C:\Windows\System\nkLkDUX.exe
  2⤵
  PID:4348
- C:\Windows\System\XOraBTq.exe
  C:\Windows\System\XOraBTq.exe
  2⤵
  PID:4364
- C:\Windows\System\DlKSoth.exe
  C:\Windows\System\DlKSoth.exe
  2⤵
  PID:4384
- C:\Windows\System\NKLngVd.exe
  C:\Windows\System\NKLngVd.exe
  2⤵
  PID:4408
- C:\Windows\System\flbImur.exe
  C:\Windows\System\flbImur.exe
  2⤵
  PID:4428
- C:\Windows\System\GswqqhS.exe
  C:\Windows\System\GswqqhS.exe
  2⤵
  PID:4448
- C:\Windows\System\aPgFkzR.exe
  C:\Windows\System\aPgFkzR.exe
  2⤵
  PID:4468
- C:\Windows\System\dStSUdn.exe
  C:\Windows\System\dStSUdn.exe
  2⤵
  PID:4488
- C:\Windows\System\DCbVNbi.exe
  C:\Windows\System\DCbVNbi.exe
  2⤵
  PID:4508
- C:\Windows\System\OQbtbMs.exe
  C:\Windows\System\OQbtbMs.exe
  2⤵
  PID:4528
- C:\Windows\System\dTozsyV.exe
  C:\Windows\System\dTozsyV.exe
  2⤵
  PID:4548
- C:\Windows\System\MHUTUUh.exe
  C:\Windows\System\MHUTUUh.exe
  2⤵
  PID:4564
- C:\Windows\System\Kwzeraq.exe
  C:\Windows\System\Kwzeraq.exe
  2⤵
  PID:4588
- C:\Windows\System\UoOaakZ.exe
  C:\Windows\System\UoOaakZ.exe
  2⤵
  PID:4604
- C:\Windows\System\KFQUJDF.exe
  C:\Windows\System\KFQUJDF.exe
  2⤵
  PID:4624
- C:\Windows\System\xXpafTN.exe
  C:\Windows\System\xXpafTN.exe
  2⤵
  PID:4644
- C:\Windows\System\kQWzwCn.exe
  C:\Windows\System\kQWzwCn.exe
  2⤵
  PID:4660
- C:\Windows\System\gvNyIoW.exe
  C:\Windows\System\gvNyIoW.exe
  2⤵
  PID:4684
- C:\Windows\System\xpefVhZ.exe
  C:\Windows\System\xpefVhZ.exe
  2⤵
  PID:4704
- C:\Windows\System\BOpObyd.exe
  C:\Windows\System\BOpObyd.exe
  2⤵
  PID:4724
- C:\Windows\System\vHquTbk.exe
  C:\Windows\System\vHquTbk.exe
  2⤵
  PID:4744
- C:\Windows\System\ygnldWT.exe
  C:\Windows\System\ygnldWT.exe
  2⤵
  PID:4764
- C:\Windows\System\cYXHvEG.exe
  C:\Windows\System\cYXHvEG.exe
  2⤵
  PID:4784
- C:\Windows\System\msMisye.exe
  C:\Windows\System\msMisye.exe
  2⤵
  PID:4808
- C:\Windows\System\DrScUCS.exe
  C:\Windows\System\DrScUCS.exe
  2⤵
  PID:4828
- C:\Windows\System\GRboZkY.exe
  C:\Windows\System\GRboZkY.exe
  2⤵
  PID:4848
- C:\Windows\System\XrdnaaN.exe
  C:\Windows\System\XrdnaaN.exe
  2⤵
  PID:4868
- C:\Windows\System\TUvQjXF.exe
  C:\Windows\System\TUvQjXF.exe
  2⤵
  PID:4884
- C:\Windows\System\YnQxyUT.exe
  C:\Windows\System\YnQxyUT.exe
  2⤵
  PID:4908
- C:\Windows\System\SBbySun.exe
  C:\Windows\System\SBbySun.exe
  2⤵
  PID:4932
- C:\Windows\System\VPHrdCw.exe
  C:\Windows\System\VPHrdCw.exe
  2⤵
  PID:4952
- C:\Windows\System\XSnBhzn.exe
  C:\Windows\System\XSnBhzn.exe
  2⤵
  PID:4972
- C:\Windows\System\AIELJpS.exe
  C:\Windows\System\AIELJpS.exe
  2⤵
  PID:4992
- C:\Windows\System\jNzyHbV.exe
  C:\Windows\System\jNzyHbV.exe
  2⤵
  PID:5012
- C:\Windows\System\DRhBOSQ.exe
  C:\Windows\System\DRhBOSQ.exe
  2⤵
  PID:5032
- C:\Windows\System\pHQTKJv.exe
  C:\Windows\System\pHQTKJv.exe
  2⤵
  PID:5052
- C:\Windows\System\GPJIwtr.exe
  C:\Windows\System\GPJIwtr.exe
  2⤵
  PID:5072
- C:\Windows\System\PfaOcnL.exe
  C:\Windows\System\PfaOcnL.exe
  2⤵
  PID:5092
- C:\Windows\System\uVUezNb.exe
  C:\Windows\System\uVUezNb.exe
  2⤵
  PID:5112
- C:\Windows\System\pQcQfqA.exe
  C:\Windows\System\pQcQfqA.exe
  2⤵
  PID:3716
- C:\Windows\System\lgJaLRn.exe
  C:\Windows\System\lgJaLRn.exe
  2⤵
  PID:3700
- C:\Windows\System\cFBpjjl.exe
  C:\Windows\System\cFBpjjl.exe
  2⤵
  PID:3960
- C:\Windows\System\ZyASkfo.exe
  C:\Windows\System\ZyASkfo.exe
  2⤵
  PID:3916
- C:\Windows\System\HDpgOOe.exe
  C:\Windows\System\HDpgOOe.exe
  2⤵
  PID:3224
- C:\Windows\System\dENbdIm.exe
  C:\Windows\System\dENbdIm.exe
  2⤵
  PID:4060
- C:\Windows\System\ZyseDxx.exe
  C:\Windows\System\ZyseDxx.exe
  2⤵
  PID:3260
- C:\Windows\System\JCHmbBH.exe
  C:\Windows\System\JCHmbBH.exe
  2⤵
  PID:2812
- C:\Windows\System\IPdVcYH.exe
  C:\Windows\System\IPdVcYH.exe
  2⤵
  PID:4168
- C:\Windows\System\zyZySfF.exe
  C:\Windows\System\zyZySfF.exe
  2⤵
  PID:4116
- C:\Windows\System\ZnDUrXY.exe
  C:\Windows\System\ZnDUrXY.exe
  2⤵
  PID:4212
- C:\Windows\System\beDNREn.exe
  C:\Windows\System\beDNREn.exe
  2⤵
  PID:4192
- C:\Windows\System\gaEFeMK.exe
  C:\Windows\System\gaEFeMK.exe
  2⤵
  PID:4252
- C:\Windows\System\ELfeSTI.exe
  C:\Windows\System\ELfeSTI.exe
  2⤵
  PID:4240
- C:\Windows\System\fsRQXjO.exe
  C:\Windows\System\fsRQXjO.exe
  2⤵
  PID:4300
- C:\Windows\System\QegRNIL.exe
  C:\Windows\System\QegRNIL.exe
  2⤵
  PID:4336
- C:\Windows\System\upgEyld.exe
  C:\Windows\System\upgEyld.exe
  2⤵
  PID:4372
- C:\Windows\System\abwubEp.exe
  C:\Windows\System\abwubEp.exe
  2⤵
  PID:292
- C:\Windows\System\ZxHUKxV.exe
  C:\Windows\System\ZxHUKxV.exe
  2⤵
  PID:4396
- C:\Windows\System\yxDglxT.exe
  C:\Windows\System\yxDglxT.exe
  2⤵
  PID:4500
- C:\Windows\System\JYBYnRk.exe
  C:\Windows\System\JYBYnRk.exe
  2⤵
  PID:4476
- C:\Windows\System\AAwjtUO.exe
  C:\Windows\System\AAwjtUO.exe
  2⤵
  PID:4480
- C:\Windows\System\SqDidDL.exe
  C:\Windows\System\SqDidDL.exe
  2⤵
  PID:4584
- C:\Windows\System\KVZFcjT.exe
  C:\Windows\System\KVZFcjT.exe
  2⤵
  PID:4612
- C:\Windows\System\wBCLQhw.exe
  C:\Windows\System\wBCLQhw.exe
  2⤵
  PID:4656
- C:\Windows\System\ijtqUJH.exe
  C:\Windows\System\ijtqUJH.exe
  2⤵
  PID:4632
- C:\Windows\System\iWVqPWH.exe
  C:\Windows\System\iWVqPWH.exe
  2⤵
  PID:4696
- C:\Windows\System\MYlbBdy.exe
  C:\Windows\System\MYlbBdy.exe
  2⤵
  PID:4676
- C:\Windows\System\OyAOWIX.exe
  C:\Windows\System\OyAOWIX.exe
  2⤵
  PID:4772
- C:\Windows\System\OVzjbgd.exe
  C:\Windows\System\OVzjbgd.exe
  2⤵
  PID:4796
- C:\Windows\System\xFxinMd.exe
  C:\Windows\System\xFxinMd.exe
  2⤵
  PID:4824
- C:\Windows\System\jYINmHc.exe
  C:\Windows\System\jYINmHc.exe
  2⤵
  PID:4856
- C:\Windows\System\ELZAHes.exe
  C:\Windows\System\ELZAHes.exe
  2⤵
  PID:4896
- C:\Windows\System\wJeLcaS.exe
  C:\Windows\System\wJeLcaS.exe
  2⤵
  PID:4916
- C:\Windows\System\yiVhlqG.exe
  C:\Windows\System\yiVhlqG.exe
  2⤵
  PID:4920
- C:\Windows\System\oMGmKle.exe
  C:\Windows\System\oMGmKle.exe
  2⤵
  PID:5020
- C:\Windows\System\SXYjuOb.exe
  C:\Windows\System\SXYjuOb.exe
  2⤵
  PID:5028
- C:\Windows\System\pQLVDWc.exe
  C:\Windows\System\pQLVDWc.exe
  2⤵
  PID:5060
- C:\Windows\System\uWsEyfO.exe
  C:\Windows\System\uWsEyfO.exe
  2⤵
  PID:5108
- C:\Windows\System\edGpRJA.exe
  C:\Windows\System\edGpRJA.exe
  2⤵
  PID:5044
- C:\Windows\System\aoReTrn.exe
  C:\Windows\System\aoReTrn.exe
  2⤵
  PID:3936
- C:\Windows\System\GZPUdps.exe
  C:\Windows\System\GZPUdps.exe
  2⤵
  PID:5084
- C:\Windows\System\sbZXSmo.exe
  C:\Windows\System\sbZXSmo.exe
  2⤵
  PID:4100
- C:\Windows\System\RACJbxF.exe
  C:\Windows\System\RACJbxF.exe
  2⤵
  PID:2596
- C:\Windows\System\eCkgLCz.exe
  C:\Windows\System\eCkgLCz.exe
  2⤵
  PID:2876
- C:\Windows\System\MzLrEyM.exe
  C:\Windows\System\MzLrEyM.exe
  2⤵
  PID:4216
- C:\Windows\System\tOResGX.exe
  C:\Windows\System\tOResGX.exe
  2⤵
  PID:2896
- C:\Windows\System\IqHVlCw.exe
  C:\Windows\System\IqHVlCw.exe
  2⤵
  PID:4136
- C:\Windows\System\bnxGDAi.exe
  C:\Windows\System\bnxGDAi.exe
  2⤵
  PID:4292
- C:\Windows\System\MHOtuGv.exe
  C:\Windows\System\MHOtuGv.exe
  2⤵
  PID:4376
- C:\Windows\System\rfsCIHU.exe
  C:\Windows\System\rfsCIHU.exe
  2⤵
  PID:4340
- C:\Windows\System\OIFgeOv.exe
  C:\Windows\System\OIFgeOv.exe
  2⤵
  PID:4496
- C:\Windows\System\YEHpXde.exe
  C:\Windows\System\YEHpXde.exe
  2⤵
  PID:4344
- C:\Windows\System\QmGMpYq.exe
  C:\Windows\System\QmGMpYq.exe
  2⤵
  PID:4544
- C:\Windows\System\dVXSJbB.exe
  C:\Windows\System\dVXSJbB.exe
  2⤵
  PID:4524
- C:\Windows\System\simEmTj.exe
  C:\Windows\System\simEmTj.exe
  2⤵
  PID:4576
- C:\Windows\System\hDneVfD.exe
  C:\Windows\System\hDneVfD.exe
  2⤵
  PID:4740
- C:\Windows\System\ltvJPQP.exe
  C:\Windows\System\ltvJPQP.exe
  2⤵
  PID:4736
- C:\Windows\System\hKUeJDx.exe
  C:\Windows\System\hKUeJDx.exe
  2⤵
  PID:4760
- C:\Windows\System\rVMSIHu.exe
  C:\Windows\System\rVMSIHu.exe
  2⤵
  PID:4716
- C:\Windows\System\YubkbRI.exe
  C:\Windows\System\YubkbRI.exe
  2⤵
  PID:4816
- C:\Windows\System\WAWwnii.exe
  C:\Windows\System\WAWwnii.exe
  2⤵
  PID:4880
- C:\Windows\System\HIFXPWV.exe
  C:\Windows\System\HIFXPWV.exe
  2⤵
  PID:4984
- C:\Windows\System\GHLIEyL.exe
  C:\Windows\System\GHLIEyL.exe
  2⤵
  PID:4924
- C:\Windows\System\LRzsuZR.exe
  C:\Windows\System\LRzsuZR.exe
  2⤵
  PID:4968
- C:\Windows\System\UrxXApj.exe
  C:\Windows\System\UrxXApj.exe
  2⤵
  PID:3720
- C:\Windows\System\EWISbBw.exe
  C:\Windows\System\EWISbBw.exe
  2⤵
  PID:5080
- C:\Windows\System\ayszdTJ.exe
  C:\Windows\System\ayszdTJ.exe
  2⤵
  PID:5088
- C:\Windows\System\UNwhJXQ.exe
  C:\Windows\System\UNwhJXQ.exe
  2⤵
  PID:3664
- C:\Windows\System\OpQEVFk.exe
  C:\Windows\System\OpQEVFk.exe
  2⤵
  PID:4112
- C:\Windows\System\viSfnGj.exe
  C:\Windows\System\viSfnGj.exe
  2⤵
  PID:4076
- C:\Windows\System\pdZDgGw.exe
  C:\Windows\System\pdZDgGw.exe
  2⤵
  PID:4276
- C:\Windows\System\pjHCGvD.exe
  C:\Windows\System\pjHCGvD.exe
  2⤵
  PID:4404
- C:\Windows\System\yYbzXkD.exe
  C:\Windows\System\yYbzXkD.exe
  2⤵
  PID:4296
- C:\Windows\System\sLTQACJ.exe
  C:\Windows\System\sLTQACJ.exe
  2⤵
  PID:4520
- C:\Windows\System\SmjyAmI.exe
  C:\Windows\System\SmjyAmI.exe
  2⤵
  PID:4616
- C:\Windows\System\aWxEGlU.exe
  C:\Windows\System\aWxEGlU.exe
  2⤵
  PID:4280
- C:\Windows\System\BVEYdpd.exe
  C:\Windows\System\BVEYdpd.exe
  2⤵
  PID:4800
- C:\Windows\System\oZeDFnh.exe
  C:\Windows\System\oZeDFnh.exe
  2⤵
  PID:4692
- C:\Windows\System\fpbhPrB.exe
  C:\Windows\System\fpbhPrB.exe
  2⤵
  PID:4776
- C:\Windows\System\SMYPZRp.exe
  C:\Windows\System\SMYPZRp.exe
  2⤵
  PID:1992
- C:\Windows\System\cCWQrdN.exe
  C:\Windows\System\cCWQrdN.exe
  2⤵
  PID:4892
- C:\Windows\System\vSKveTS.exe
  C:\Windows\System\vSKveTS.exe
  2⤵
  PID:2328
- C:\Windows\System\nRGLbCF.exe
  C:\Windows\System\nRGLbCF.exe
  2⤵
  PID:2540
- C:\Windows\System\pmBmfZG.exe
  C:\Windows\System\pmBmfZG.exe
  2⤵
  PID:2964
- C:\Windows\System\mPNRDqN.exe
  C:\Windows\System\mPNRDqN.exe
  2⤵
  PID:3800
- C:\Windows\System\arESRyq.exe
  C:\Windows\System\arESRyq.exe
  2⤵
  PID:4256
- C:\Windows\System\KypnTag.exe
  C:\Windows\System\KypnTag.exe
  2⤵
  PID:556
- C:\Windows\System\SJbaVsz.exe
  C:\Windows\System\SJbaVsz.exe
  2⤵
  PID:4620
- C:\Windows\System\PhUzPjp.exe
  C:\Windows\System\PhUzPjp.exe
  2⤵
  PID:4456
- C:\Windows\System\fktBBbD.exe
  C:\Windows\System\fktBBbD.exe
  2⤵
  PID:4700
- C:\Windows\System\UNYkXVJ.exe
  C:\Windows\System\UNYkXVJ.exe
  2⤵
  PID:4836
- C:\Windows\System\eFeheQH.exe
  C:\Windows\System\eFeheQH.exe
  2⤵
  PID:5100
- C:\Windows\System\PdaMXVi.exe
  C:\Windows\System\PdaMXVi.exe
  2⤵
  PID:1732
- C:\Windows\System\ItiBFci.exe
  C:\Windows\System\ItiBFci.exe
  2⤵
  PID:3592
- C:\Windows\System\KeNFLWU.exe
  C:\Windows\System\KeNFLWU.exe
  2⤵
  PID:1104
- C:\Windows\System\wJboyiN.exe
  C:\Windows\System\wJboyiN.exe
  2⤵
  PID:5140
- C:\Windows\System\QWEOovR.exe
  C:\Windows\System\QWEOovR.exe
  2⤵
  PID:5160
- C:\Windows\System\TllgnXc.exe
  C:\Windows\System\TllgnXc.exe
  2⤵
  PID:5180
- C:\Windows\System\ijENNha.exe
  C:\Windows\System\ijENNha.exe
  2⤵
  PID:5204
- C:\Windows\System\DWDwGpi.exe
  C:\Windows\System\DWDwGpi.exe
  2⤵
  PID:5220
- C:\Windows\System\FVYxOZa.exe
  C:\Windows\System\FVYxOZa.exe
  2⤵
  PID:5244
- C:\Windows\System\gTWRPKd.exe
  C:\Windows\System\gTWRPKd.exe
  2⤵
  PID:5264
- C:\Windows\System\nfNYsZv.exe
  C:\Windows\System\nfNYsZv.exe
  2⤵
  PID:5284
- C:\Windows\System\nugItdG.exe
  C:\Windows\System\nugItdG.exe
  2⤵
  PID:5304
- C:\Windows\System\xcdMftr.exe
  C:\Windows\System\xcdMftr.exe
  2⤵
  PID:5324
- C:\Windows\System\hgUmaLl.exe
  C:\Windows\System\hgUmaLl.exe
  2⤵
  PID:5344
- C:\Windows\System\QNWufFk.exe
  C:\Windows\System\QNWufFk.exe
  2⤵
  PID:5364
- C:\Windows\System\lhvVZYM.exe
  C:\Windows\System\lhvVZYM.exe
  2⤵
  PID:5384
- C:\Windows\System\ebVdILb.exe
  C:\Windows\System\ebVdILb.exe
  2⤵
  PID:5404
- C:\Windows\System\DiJIZHJ.exe
  C:\Windows\System\DiJIZHJ.exe
  2⤵
  PID:5424
- C:\Windows\System\ZJlwTGu.exe
  C:\Windows\System\ZJlwTGu.exe
  2⤵
  PID:5444
- C:\Windows\System\OSrUCaC.exe
  C:\Windows\System\OSrUCaC.exe
  2⤵
  PID:5464
- C:\Windows\System\zZTFFoe.exe
  C:\Windows\System\zZTFFoe.exe
  2⤵
  PID:5484
- C:\Windows\System\SCESJts.exe
  C:\Windows\System\SCESJts.exe
  2⤵
  PID:5504
- C:\Windows\System\EABRMcc.exe
  C:\Windows\System\EABRMcc.exe
  2⤵
  PID:5524
- C:\Windows\System\ceLSwYB.exe
  C:\Windows\System\ceLSwYB.exe
  2⤵
  PID:5540
- C:\Windows\System\wGWJrvl.exe
  C:\Windows\System\wGWJrvl.exe
  2⤵
  PID:5564
- C:\Windows\System\MEoSWwy.exe
  C:\Windows\System\MEoSWwy.exe
  2⤵
  PID:5580
- C:\Windows\System\BBHSLGp.exe
  C:\Windows\System\BBHSLGp.exe
  2⤵
  PID:5604
- C:\Windows\System\QBmmbxI.exe
  C:\Windows\System\QBmmbxI.exe
  2⤵
  PID:5624
- C:\Windows\System\SIpyXEB.exe
  C:\Windows\System\SIpyXEB.exe
  2⤵
  PID:5644
- C:\Windows\System\cQTTmiu.exe
  C:\Windows\System\cQTTmiu.exe
  2⤵
  PID:5664
- C:\Windows\System\TgLiOuT.exe
  C:\Windows\System\TgLiOuT.exe
  2⤵
  PID:5684
- C:\Windows\System\RMDhFig.exe
  C:\Windows\System\RMDhFig.exe
  2⤵
  PID:5704
- C:\Windows\System\zbKCtyi.exe
  C:\Windows\System\zbKCtyi.exe
  2⤵
  PID:5724
- C:\Windows\System\zvstgWW.exe
  C:\Windows\System\zvstgWW.exe
  2⤵
  PID:5740
- C:\Windows\System\vlDMJiu.exe
  C:\Windows\System\vlDMJiu.exe
  2⤵
  PID:5760
- C:\Windows\System\FcJiHSW.exe
  C:\Windows\System\FcJiHSW.exe
  2⤵
  PID:5780
- C:\Windows\System\hsuPfaN.exe
  C:\Windows\System\hsuPfaN.exe
  2⤵
  PID:5800
- C:\Windows\System\uHllOBk.exe
  C:\Windows\System\uHllOBk.exe
  2⤵
  PID:5820
- C:\Windows\System\yYJXyHj.exe
  C:\Windows\System\yYJXyHj.exe
  2⤵
  PID:5840
- C:\Windows\System\BtsZSgd.exe
  C:\Windows\System\BtsZSgd.exe
  2⤵
  PID:5860
- C:\Windows\System\hBlDMCO.exe
  C:\Windows\System\hBlDMCO.exe
  2⤵
  PID:5880
- C:\Windows\System\FgwsJrs.exe
  C:\Windows\System\FgwsJrs.exe
  2⤵
  PID:5900
- C:\Windows\System\zZazRKs.exe
  C:\Windows\System\zZazRKs.exe
  2⤵
  PID:5920
- C:\Windows\System\jfTQeEc.exe
  C:\Windows\System\jfTQeEc.exe
  2⤵
  PID:5940
- C:\Windows\System\jtlTdvg.exe
  C:\Windows\System\jtlTdvg.exe
  2⤵
  PID:5964
- C:\Windows\System\bcQFMtD.exe
  C:\Windows\System\bcQFMtD.exe
  2⤵
  PID:5980
- C:\Windows\System\BIXEjhI.exe
  C:\Windows\System\BIXEjhI.exe
  2⤵
  PID:6000
- C:\Windows\System\HsiaSag.exe
  C:\Windows\System\HsiaSag.exe
  2⤵
  PID:6016
- C:\Windows\System\DIoLCBb.exe
  C:\Windows\System\DIoLCBb.exe
  2⤵
  PID:6044
- C:\Windows\System\PFPTgZG.exe
  C:\Windows\System\PFPTgZG.exe
  2⤵
  PID:6060
- C:\Windows\System\OYsDlgw.exe
  C:\Windows\System\OYsDlgw.exe
  2⤵
  PID:6084
- C:\Windows\System\DsircAJ.exe
  C:\Windows\System\DsircAJ.exe
  2⤵
  PID:6104
- C:\Windows\System\BINawzD.exe
  C:\Windows\System\BINawzD.exe
  2⤵
  PID:6124
- C:\Windows\System\yHDXBEE.exe
  C:\Windows\System\yHDXBEE.exe
  2⤵
  PID:6140
- C:\Windows\System\GwkNHrs.exe
  C:\Windows\System\GwkNHrs.exe
  2⤵
  PID:4820
- C:\Windows\System\oCuLRvL.exe
  C:\Windows\System\oCuLRvL.exe
  2⤵
  PID:4196
- C:\Windows\System\lTlsZyY.exe
  C:\Windows\System\lTlsZyY.exe
  2⤵
  PID:4668
- C:\Windows\System\IjFiaBI.exe
  C:\Windows\System\IjFiaBI.exe
  2⤵
  PID:1268
- C:\Windows\System\MwrmqYA.exe
  C:\Windows\System\MwrmqYA.exe
  2⤵
  PID:4156
- C:\Windows\System\WdDmheS.exe
  C:\Windows\System\WdDmheS.exe
  2⤵
  PID:5152
- C:\Windows\System\bRfVPRt.exe
  C:\Windows\System\bRfVPRt.exe
  2⤵
  PID:5196
- C:\Windows\System\IePdmfk.exe
  C:\Windows\System\IePdmfk.exe
  2⤵
  PID:5176
- C:\Windows\System\fSToGOr.exe
  C:\Windows\System\fSToGOr.exe
  2⤵
  PID:5216
- C:\Windows\System\ZarIDVi.exe
  C:\Windows\System\ZarIDVi.exe
  2⤵
  PID:5252
- C:\Windows\System\MaHTHUA.exe
  C:\Windows\System\MaHTHUA.exe
  2⤵
  PID:5292
- C:\Windows\System\lQYsgMF.exe
  C:\Windows\System\lQYsgMF.exe
  2⤵
  PID:5332
- C:\Windows\System\WBFAzXr.exe
  C:\Windows\System\WBFAzXr.exe
  2⤵
  PID:5356
- C:\Windows\System\GkMxDEu.exe
  C:\Windows\System\GkMxDEu.exe
  2⤵
  PID:2236
- C:\Windows\System\DTXcunW.exe
  C:\Windows\System\DTXcunW.exe
  2⤵
  PID:5432
- C:\Windows\System\lozjcby.exe
  C:\Windows\System\lozjcby.exe
  2⤵
  PID:5420
- C:\Windows\System\oVGvNxU.exe
  C:\Windows\System\oVGvNxU.exe
  2⤵
  PID:5480
- C:\Windows\System\joTLnMQ.exe
  C:\Windows\System\joTLnMQ.exe
  2⤵
  PID:5520
- C:\Windows\System\buorpTM.exe
  C:\Windows\System\buorpTM.exe
  2⤵
  PID:5548
- C:\Windows\System\FCYutZL.exe
  C:\Windows\System\FCYutZL.exe
  2⤵
  PID:5536
- C:\Windows\System\GVbBWMx.exe
  C:\Windows\System\GVbBWMx.exe
  2⤵
  PID:5632
- C:\Windows\System\SRhTTll.exe
  C:\Windows\System\SRhTTll.exe
  2⤵
  PID:5620
- C:\Windows\System\iOvwOOF.exe
  C:\Windows\System\iOvwOOF.exe
  2⤵
  PID:5712
- C:\Windows\System\mxtSmfH.exe
  C:\Windows\System\mxtSmfH.exe
  2⤵
  PID:5716
- C:\Windows\System\qReTveF.exe
  C:\Windows\System\qReTveF.exe
  2⤵
  PID:5752
- C:\Windows\System\EPWhgNv.exe
  C:\Windows\System\EPWhgNv.exe
  2⤵
  PID:5700
- C:\Windows\System\pUNFrvv.exe
  C:\Windows\System\pUNFrvv.exe
  2⤵
  PID:5772
- C:\Windows\System\AdMtCgk.exe
  C:\Windows\System\AdMtCgk.exe
  2⤵
  PID:5872
- C:\Windows\System\PxBdIZt.exe
  C:\Windows\System\PxBdIZt.exe
  2⤵
  PID:5808
- C:\Windows\System\RygYheK.exe
  C:\Windows\System\RygYheK.exe
  2⤵
  PID:5848
- C:\Windows\System\yKzFxKk.exe
  C:\Windows\System\yKzFxKk.exe
  2⤵
  PID:5960
- C:\Windows\System\FGqzONQ.exe
  C:\Windows\System\FGqzONQ.exe
  2⤵
  PID:5896
- C:\Windows\System\lKSdiBy.exe
  C:\Windows\System\lKSdiBy.exe
  2⤵
  PID:5996
- C:\Windows\System\DAobiAj.exe
  C:\Windows\System\DAobiAj.exe
  2⤵
  PID:6028
- C:\Windows\System\WuZLZcs.exe
  C:\Windows\System\WuZLZcs.exe
  2⤵
  PID:5972
- C:\Windows\System\mppGrqY.exe
  C:\Windows\System\mppGrqY.exe
  2⤵
  PID:6068
- C:\Windows\System\PGOmfzY.exe
  C:\Windows\System\PGOmfzY.exe
  2⤵
  PID:6056
- C:\Windows\System\kQuGdfB.exe
  C:\Windows\System\kQuGdfB.exe
  2⤵
  PID:6092
- C:\Windows\System\idMjHBe.exe
  C:\Windows\System\idMjHBe.exe
  2⤵
  PID:1128
- C:\Windows\System\oCsanDC.exe
  C:\Windows\System\oCsanDC.exe
  2⤵
  PID:4752
- C:\Windows\System\qKOCVBp.exe
  C:\Windows\System\qKOCVBp.exe
  2⤵
  PID:2668
- C:\Windows\System\WpSGIjd.exe
  C:\Windows\System\WpSGIjd.exe
  2⤵
  PID:4316
- C:\Windows\System\xiIGCIO.exe
  C:\Windows\System\xiIGCIO.exe
  2⤵
  PID:5008
- C:\Windows\System\aAkxCjA.exe
  C:\Windows\System\aAkxCjA.exe
  2⤵
  PID:5148
- C:\Windows\System\hgmxIFm.exe
  C:\Windows\System\hgmxIFm.exe
  2⤵
  PID:1720
- C:\Windows\System\BHcSUuD.exe
  C:\Windows\System\BHcSUuD.exe
  2⤵
  PID:5212
- C:\Windows\System\abmDknF.exe
  C:\Windows\System\abmDknF.exe
  2⤵
  PID:2620
- C:\Windows\System\JMQKBkA.exe
  C:\Windows\System\JMQKBkA.exe
  2⤵
  PID:2996
- C:\Windows\System\UtVDFgQ.exe
  C:\Windows\System\UtVDFgQ.exe
  2⤵
  PID:5272
- C:\Windows\System\dgfQTaw.exe
  C:\Windows\System\dgfQTaw.exe
  2⤵
  PID:5476
- C:\Windows\System\xjYLeRU.exe
  C:\Windows\System\xjYLeRU.exe
  2⤵
  PID:5380
- C:\Windows\System\pliBcdi.exe
  C:\Windows\System\pliBcdi.exe
  2⤵
  PID:5500
- C:\Windows\System\TtowBsZ.exe
  C:\Windows\System\TtowBsZ.exe
  2⤵
  PID:796
- C:\Windows\System\vYVxCMR.exe
  C:\Windows\System\vYVxCMR.exe
  2⤵
  PID:5460
- C:\Windows\System\wQDrxqy.exe
  C:\Windows\System\wQDrxqy.exe
  2⤵
  PID:5636
- C:\Windows\System\fakwzFB.exe
  C:\Windows\System\fakwzFB.exe
  2⤵
  PID:5676
- C:\Windows\System\ixzJIEO.exe
  C:\Windows\System\ixzJIEO.exe
  2⤵
  PID:5756
- C:\Windows\System\oWEZzJx.exe
  C:\Windows\System\oWEZzJx.exe
  2⤵
  PID:5736
- C:\Windows\System\WDNcbQZ.exe
  C:\Windows\System\WDNcbQZ.exe
  2⤵
  PID:1880
- C:\Windows\System\qncJcKA.exe
  C:\Windows\System\qncJcKA.exe
  2⤵
  PID:5812
- C:\Windows\System\iwAntle.exe
  C:\Windows\System\iwAntle.exe
  2⤵
  PID:5856
- C:\Windows\System\xkautdB.exe
  C:\Windows\System\xkautdB.exe
  2⤵
  PID:2652
- C:\Windows\System\WIPIyhc.exe
  C:\Windows\System\WIPIyhc.exe
  2⤵
  PID:2736
- C:\Windows\System\jhVFcEC.exe
  C:\Windows\System\jhVFcEC.exe
  2⤵
  PID:6072
- C:\Windows\System\FyLTtVV.exe
  C:\Windows\System\FyLTtVV.exe
  2⤵
  PID:6080
- C:\Windows\System\jYWfgpB.exe
  C:\Windows\System\jYWfgpB.exe
  2⤵
  PID:2752
- C:\Windows\System\isaludP.exe
  C:\Windows\System\isaludP.exe
  2⤵
  PID:6024
- C:\Windows\System\xJetcGc.exe
  C:\Windows\System\xJetcGc.exe
  2⤵
  PID:4304
- C:\Windows\System\eqbKXdx.exe
  C:\Windows\System\eqbKXdx.exe
  2⤵
  PID:1796
- C:\Windows\System\WyQzUbd.exe
  C:\Windows\System\WyQzUbd.exe
  2⤵
  PID:1860
- C:\Windows\System\ncOeTEf.exe
  C:\Windows\System\ncOeTEf.exe
  2⤵
  PID:4560
- C:\Windows\System\vBDmCGh.exe
  C:\Windows\System\vBDmCGh.exe
  2⤵
  PID:6100
- C:\Windows\System\GUmkyHy.exe
  C:\Windows\System\GUmkyHy.exe
  2⤵
  PID:4420
- C:\Windows\System\vZgKoXC.exe
  C:\Windows\System\vZgKoXC.exe
  2⤵
  PID:5312
- C:\Windows\System\bEiXpCm.exe
  C:\Windows\System\bEiXpCm.exe
  2⤵
  PID:2952
- C:\Windows\System\aBxnhpa.exe
  C:\Windows\System\aBxnhpa.exe
  2⤵
  PID:4840
- C:\Windows\System\eAzkGzD.exe
  C:\Windows\System\eAzkGzD.exe
  2⤵
  PID:2868
- C:\Windows\System\knGnvak.exe
  C:\Windows\System\knGnvak.exe
  2⤵
  PID:5320
- C:\Windows\System\hGZJhxJ.exe
  C:\Windows\System\hGZJhxJ.exe
  2⤵
  PID:5496
- C:\Windows\System\RMwVEhU.exe
  C:\Windows\System\RMwVEhU.exe
  2⤵
  PID:2104
- C:\Windows\System\wJldXSk.exe
  C:\Windows\System\wJldXSk.exe
  2⤵
  PID:4264
- C:\Windows\System\rQmXNtg.exe
  C:\Windows\System\rQmXNtg.exe
  2⤵
  PID:1528
- C:\Windows\System\ZUiyjsW.exe
  C:\Windows\System\ZUiyjsW.exe
  2⤵
  PID:5792
- C:\Windows\System\RkSCpGS.exe
  C:\Windows\System\RkSCpGS.exe
  2⤵
  PID:2840
- C:\Windows\System\dLLPsqo.exe
  C:\Windows\System\dLLPsqo.exe
  2⤵
  PID:5832
- C:\Windows\System\aIkQZgM.exe
  C:\Windows\System\aIkQZgM.exe
  2⤵
  PID:5936
- C:\Windows\System\ynxQyfE.exe
  C:\Windows\System\ynxQyfE.exe
  2⤵
  PID:6032
- C:\Windows\System\VvbgdZd.exe
  C:\Windows\System\VvbgdZd.exe
  2⤵
  PID:2164
- C:\Windows\System\bveEUTs.exe
  C:\Windows\System\bveEUTs.exe
  2⤵
  PID:1556
- C:\Windows\System\uIalEYA.exe
  C:\Windows\System\uIalEYA.exe
  2⤵
  PID:2916
- C:\Windows\System\gmoTytH.exe
  C:\Windows\System\gmoTytH.exe
  2⤵
  PID:2572
- C:\Windows\System\lDzVBDa.exe
  C:\Windows\System\lDzVBDa.exe
  2⤵
  PID:288
- C:\Windows\System\CZcwUHc.exe
  C:\Windows\System\CZcwUHc.exe
  2⤵
  PID:2732
- C:\Windows\System\KmkFapu.exe
  C:\Windows\System\KmkFapu.exe
  2⤵
  PID:5172
- C:\Windows\System\geQoKEA.exe
  C:\Windows\System\geQoKEA.exe
  2⤵
  PID:576
- C:\Windows\System\iiaWmwE.exe
  C:\Windows\System\iiaWmwE.exe
  2⤵
  PID:1716
- C:\Windows\System\prWtOAW.exe
  C:\Windows\System\prWtOAW.exe
  2⤵
  PID:820
- C:\Windows\System\hYFjSZO.exe
  C:\Windows\System\hYFjSZO.exe
  2⤵
  PID:5396
- C:\Windows\System\FfhiJYj.exe
  C:\Windows\System\FfhiJYj.exe
  2⤵
  PID:2828
- C:\Windows\System\KZOdCQN.exe
  C:\Windows\System\KZOdCQN.exe
  2⤵
  PID:6052
- C:\Windows\System\eeTDKnP.exe
  C:\Windows\System\eeTDKnP.exe
  2⤵
  PID:2188
- C:\Windows\System\FTVxWWW.exe
  C:\Windows\System\FTVxWWW.exe
  2⤵
  PID:5156
- C:\Windows\System\FlXIELG.exe
  C:\Windows\System\FlXIELG.exe
  2⤵
  PID:2140
- C:\Windows\System\ZpUmCPH.exe
  C:\Windows\System\ZpUmCPH.exe
  2⤵
  PID:2300
- C:\Windows\System\neiGGlq.exe
  C:\Windows\System\neiGGlq.exe
  2⤵
  PID:5276
- C:\Windows\System\ygxCUQI.exe
  C:\Windows\System\ygxCUQI.exe
  2⤵
  PID:2676
- C:\Windows\System\wyIvWuu.exe
  C:\Windows\System\wyIvWuu.exe
  2⤵
  PID:2968
- C:\Windows\System\kNXKFsc.exe
  C:\Windows\System\kNXKFsc.exe
  2⤵
  PID:5560
- C:\Windows\System\psLsXWS.exe
  C:\Windows\System\psLsXWS.exe
  2⤵
  PID:5796
- C:\Windows\System\uCuYcMo.exe
  C:\Windows\System\uCuYcMo.exe
  2⤵
  PID:5988
- C:\Windows\System\quDyFZv.exe
  C:\Windows\System\quDyFZv.exe
  2⤵
  PID:6164
- C:\Windows\System\JjWMLNk.exe
  C:\Windows\System\JjWMLNk.exe
  2⤵
  PID:6204
- C:\Windows\System\yBendpz.exe
  C:\Windows\System\yBendpz.exe
  2⤵
  PID:6228
- C:\Windows\System\cFvIOsV.exe
  C:\Windows\System\cFvIOsV.exe
  2⤵
  PID:6248
- C:\Windows\System\iNxqnPS.exe
  C:\Windows\System\iNxqnPS.exe
  2⤵
  PID:6264
- C:\Windows\System\hooBowq.exe
  C:\Windows\System\hooBowq.exe
  2⤵
  PID:6280
- C:\Windows\System\XaFzYxS.exe
  C:\Windows\System\XaFzYxS.exe
  2⤵
  PID:6296
- C:\Windows\System\fZlTYOK.exe
  C:\Windows\System\fZlTYOK.exe
  2⤵
  PID:6312
- C:\Windows\System\YGpXpJb.exe
  C:\Windows\System\YGpXpJb.exe
  2⤵
  PID:6328
- C:\Windows\System\okypSFj.exe
  C:\Windows\System\okypSFj.exe
  2⤵
  PID:6352
- C:\Windows\System\DVrdSsW.exe
  C:\Windows\System\DVrdSsW.exe
  2⤵
  PID:6372
- C:\Windows\System\fxxfuzS.exe
  C:\Windows\System\fxxfuzS.exe
  2⤵
  PID:6388
- C:\Windows\System\HbZHPOn.exe
  C:\Windows\System\HbZHPOn.exe
  2⤵
  PID:6408
- C:\Windows\System\IshEVRd.exe
  C:\Windows\System\IshEVRd.exe
  2⤵
  PID:6424
- C:\Windows\System\wZZENEJ.exe
  C:\Windows\System\wZZENEJ.exe
  2⤵
  PID:6460
- C:\Windows\System\IBMxidd.exe
  C:\Windows\System\IBMxidd.exe
  2⤵
  PID:6492
- C:\Windows\System\JHOtagn.exe
  C:\Windows\System\JHOtagn.exe
  2⤵
  PID:6508
- C:\Windows\System\oUqtBWc.exe
  C:\Windows\System\oUqtBWc.exe
  2⤵
  PID:6528
- C:\Windows\System\OuRtfop.exe
  C:\Windows\System\OuRtfop.exe
  2⤵
  PID:6544
- C:\Windows\System\ZpPHYHm.exe
  C:\Windows\System\ZpPHYHm.exe
  2⤵
  PID:6560
- C:\Windows\System\zZuTyCW.exe
  C:\Windows\System\zZuTyCW.exe
  2⤵
  PID:6580
- C:\Windows\System\aivsLSu.exe
  C:\Windows\System\aivsLSu.exe
  2⤵
  PID:6596
- C:\Windows\System\xRmtQFG.exe
  C:\Windows\System\xRmtQFG.exe
  2⤵
  PID:6620
- C:\Windows\System\AIQzPGg.exe
  C:\Windows\System\AIQzPGg.exe
  2⤵
  PID:6640
- C:\Windows\System\qyNGxQj.exe
  C:\Windows\System\qyNGxQj.exe
  2⤵
  PID:6660
- C:\Windows\System\OgGZZni.exe
  C:\Windows\System\OgGZZni.exe
  2⤵
  PID:6676
- C:\Windows\System\vKNbjVo.exe
  C:\Windows\System\vKNbjVo.exe
  2⤵
  PID:6696
- C:\Windows\System\hcioTow.exe
  C:\Windows\System\hcioTow.exe
  2⤵
  PID:6716
- C:\Windows\System\PCrRffk.exe
  C:\Windows\System\PCrRffk.exe
  2⤵
  PID:6732
- C:\Windows\System\RoaVnru.exe
  C:\Windows\System\RoaVnru.exe
  2⤵
  PID:6772
- C:\Windows\System\cojKMSz.exe
  C:\Windows\System\cojKMSz.exe
  2⤵
  PID:6788
- C:\Windows\System\gbTEblZ.exe
  C:\Windows\System\gbTEblZ.exe
  2⤵
  PID:6804
- C:\Windows\System\fjYGgPW.exe
  C:\Windows\System\fjYGgPW.exe
  2⤵
  PID:6820
- C:\Windows\System\NJeYsFS.exe
  C:\Windows\System\NJeYsFS.exe
  2⤵
  PID:6836
- C:\Windows\System\IUTXhYW.exe
  C:\Windows\System\IUTXhYW.exe
  2⤵
  PID:6856
- C:\Windows\System\NXiOFFO.exe
  C:\Windows\System\NXiOFFO.exe
  2⤵
  PID:6876
- C:\Windows\System\NCbfvDY.exe
  C:\Windows\System\NCbfvDY.exe
  2⤵
  PID:6892
- C:\Windows\System\lNwiNrT.exe
  C:\Windows\System\lNwiNrT.exe
  2⤵
  PID:6908
- C:\Windows\System\mqBmUGz.exe
  C:\Windows\System\mqBmUGz.exe
  2⤵
  PID:6928
- C:\Windows\System\PgOzBOT.exe
  C:\Windows\System\PgOzBOT.exe
  2⤵
  PID:6944
- C:\Windows\System\WaDUXpu.exe
  C:\Windows\System\WaDUXpu.exe
  2⤵
  PID:6964
- C:\Windows\System\xBkjmSr.exe
  C:\Windows\System\xBkjmSr.exe
  2⤵
  PID:6980
- C:\Windows\System\HIDAPZV.exe
  C:\Windows\System\HIDAPZV.exe
  2⤵
  PID:7024
- C:\Windows\System\zOBpxzv.exe
  C:\Windows\System\zOBpxzv.exe
  2⤵
  PID:7040
- C:\Windows\System\SEZGfLT.exe
  C:\Windows\System\SEZGfLT.exe
  2⤵
  PID:7056
- C:\Windows\System\YjWJtRW.exe
  C:\Windows\System\YjWJtRW.exe
  2⤵
  PID:7072
- C:\Windows\System\OnIkPnL.exe
  C:\Windows\System\OnIkPnL.exe
  2⤵
  PID:7088
- C:\Windows\System\IbRQOqL.exe
  C:\Windows\System\IbRQOqL.exe
  2⤵
  PID:7104
- C:\Windows\System\NsdfggJ.exe
  C:\Windows\System\NsdfggJ.exe
  2⤵
  PID:7120
- C:\Windows\System\AvYepdY.exe
  C:\Windows\System\AvYepdY.exe
  2⤵
  PID:7136
- C:\Windows\System\EfLYvLt.exe
  C:\Windows\System\EfLYvLt.exe
  2⤵
  PID:7152
- C:\Windows\System\SmuLGVs.exe
  C:\Windows\System\SmuLGVs.exe
  2⤵
  PID:5948
- C:\Windows\System\tZkoBza.exe
  C:\Windows\System\tZkoBza.exe
  2⤵
  PID:5552
- C:\Windows\System\mjLQawg.exe
  C:\Windows\System\mjLQawg.exe
  2⤵
  PID:6156
- C:\Windows\System\mkXOtiS.exe
  C:\Windows\System\mkXOtiS.exe
  2⤵
  PID:2608
- C:\Windows\System\TzWdWVX.exe
  C:\Windows\System\TzWdWVX.exe
  2⤵
  PID:2088
- C:\Windows\System\IEeErBX.exe
  C:\Windows\System\IEeErBX.exe
  2⤵
  PID:6220
- C:\Windows\System\XhdAluA.exe
  C:\Windows\System\XhdAluA.exe
  2⤵
  PID:6260
- C:\Windows\System\AAZpEVk.exe
  C:\Windows\System\AAZpEVk.exe
  2⤵
  PID:6360
- C:\Windows\System\BJFtFHi.exe
  C:\Windows\System\BJFtFHi.exe
  2⤵
  PID:6400
- C:\Windows\System\oKvSJFi.exe
  C:\Windows\System\oKvSJFi.exe
  2⤵
  PID:6436
- C:\Windows\System\FkCGJyL.exe
  C:\Windows\System\FkCGJyL.exe
  2⤵
  PID:6272
- C:\Windows\System\ZUCNdWa.exe
  C:\Windows\System\ZUCNdWa.exe
  2⤵
  PID:6336
- C:\Windows\System\ATWfbdG.exe
  C:\Windows\System\ATWfbdG.exe
  2⤵
  PID:6384
- C:\Windows\System\ViQFTvz.exe
  C:\Windows\System\ViQFTvz.exe
  2⤵
  PID:6500
- C:\Windows\System\aKZEfhJ.exe
  C:\Windows\System\aKZEfhJ.exe
  2⤵
  PID:6476
- C:\Windows\System\rHeTPDg.exe
  C:\Windows\System\rHeTPDg.exe
  2⤵
  PID:6536
- C:\Windows\System\WCPSyLM.exe
  C:\Windows\System\WCPSyLM.exe
  2⤵
  PID:6576
- C:\Windows\System\xksRXnh.exe
  C:\Windows\System\xksRXnh.exe
  2⤵
  PID:6608
- C:\Windows\System\EfSRxzF.exe
  C:\Windows\System\EfSRxzF.exe
  2⤵
  PID:6636
- C:\Windows\System\QgIAaYf.exe
  C:\Windows\System\QgIAaYf.exe
  2⤵
  PID:6684
- C:\Windows\System\QXLOmID.exe
  C:\Windows\System\QXLOmID.exe
  2⤵
  PID:6728
- C:\Windows\System\XmfSvqJ.exe
  C:\Windows\System\XmfSvqJ.exe
  2⤵
  PID:6752
- C:\Windows\System\zzeXPrZ.exe
  C:\Windows\System\zzeXPrZ.exe
  2⤵
  PID:6764
- C:\Windows\System\HHkVZEM.exe
  C:\Windows\System\HHkVZEM.exe
  2⤵
  PID:6784
- C:\Windows\System\ivvYCTo.exe
  C:\Windows\System\ivvYCTo.exe
  2⤵
  PID:6852
- C:\Windows\System\VwnPuvh.exe
  C:\Windows\System\VwnPuvh.exe
  2⤵
  PID:6924
- C:\Windows\System\hwjGYIY.exe
  C:\Windows\System\hwjGYIY.exe
  2⤵
  PID:6868
- C:\Windows\System\PyJfzVA.exe
  C:\Windows\System\PyJfzVA.exe
  2⤵
  PID:6796
- C:\Windows\System\lWpDOkm.exe
  C:\Windows\System\lWpDOkm.exe
  2⤵
  PID:6952
- C:\Windows\System\YsFqDzH.exe
  C:\Windows\System\YsFqDzH.exe
  2⤵
  PID:6996
- C:\Windows\System\yHReKuf.exe
  C:\Windows\System\yHReKuf.exe
  2⤵
  PID:7012
- C:\Windows\System\fhMKyrb.exe
  C:\Windows\System\fhMKyrb.exe
  2⤵
  PID:7144
- C:\Windows\System\KFwDRXA.exe
  C:\Windows\System\KFwDRXA.exe
  2⤵
  PID:4928
- C:\Windows\System\ObgTJCG.exe
  C:\Windows\System\ObgTJCG.exe
  2⤵
  PID:7064
- C:\Windows\System\NeMzAka.exe
  C:\Windows\System\NeMzAka.exe
  2⤵
  PID:6196
- C:\Windows\System\qlOtgvz.exe
  C:\Windows\System\qlOtgvz.exe
  2⤵
  PID:5932
- C:\Windows\System\ueiQIMj.exe
  C:\Windows\System\ueiQIMj.exe
  2⤵
  PID:6152
- C:\Windows\System\nOIaUlR.exe
  C:\Windows\System\nOIaUlR.exe
  2⤵
  PID:7036
- C:\Windows\System\zoSCDnL.exe
  C:\Windows\System\zoSCDnL.exe
  2⤵
  PID:6172
- C:\Windows\System\seJeNMD.exe
  C:\Windows\System\seJeNMD.exe
  2⤵
  PID:6216
- C:\Windows\System\BpTOTPJ.exe
  C:\Windows\System\BpTOTPJ.exe
  2⤵
  PID:6368
- C:\Windows\System\EIHZgiW.exe
  C:\Windows\System\EIHZgiW.exe
  2⤵
  PID:6240
- C:\Windows\System\gzQTNlz.exe
  C:\Windows\System\gzQTNlz.exe
  2⤵
  PID:6456
- C:\Windows\System\XwFFKja.exe
  C:\Windows\System\XwFFKja.exe
  2⤵
  PID:6488
- C:\Windows\System\ksOGGwq.exe
  C:\Windows\System\ksOGGwq.exe
  2⤵
  PID:6708
- C:\Windows\System\fHvrhOy.exe
  C:\Windows\System\fHvrhOy.exe
  2⤵
  PID:6748
- C:\Windows\System\LejJKJk.exe
  C:\Windows\System\LejJKJk.exe
  2⤵
  PID:6712
- C:\Windows\System\CSmoBza.exe
  C:\Windows\System\CSmoBza.exe
  2⤵
  PID:6768
- C:\Windows\System\TtWdJfK.exe
  C:\Windows\System\TtWdJfK.exe
  2⤵
  PID:6916
- C:\Windows\System\GVBdHcn.exe
  C:\Windows\System\GVBdHcn.exe
  2⤵
  PID:7020
- C:\Windows\System\nlWiDsf.exe
  C:\Windows\System\nlWiDsf.exe
  2⤵
  PID:6744
- C:\Windows\System\AGBwwMz.exe
  C:\Windows\System\AGBwwMz.exe
  2⤵
  PID:6632
- C:\Windows\System\BodQcbe.exe
  C:\Windows\System\BodQcbe.exe
  2⤵
  PID:6844
- C:\Windows\System\UcdvpLa.exe
  C:\Windows\System\UcdvpLa.exe
  2⤵
  PID:6828
- C:\Windows\System\mhIZjVJ.exe
  C:\Windows\System\mhIZjVJ.exe
  2⤵
  PID:3600
- C:\Windows\System\ygzYygw.exe
  C:\Windows\System\ygzYygw.exe
  2⤵
  PID:6192
- C:\Windows\System\UcRwvbc.exe
  C:\Windows\System\UcRwvbc.exe
  2⤵
  PID:6448
- C:\Windows\System\kDvDYaf.exe
  C:\Windows\System\kDvDYaf.exe
  2⤵
  PID:7032
- C:\Windows\System\fWmhmVY.exe
  C:\Windows\System\fWmhmVY.exe
  2⤵
  PID:6888
- C:\Windows\System\DgzKZah.exe
  C:\Windows\System\DgzKZah.exe
  2⤵
  PID:6304
- C:\Windows\System\PBAUGCb.exe
  C:\Windows\System\PBAUGCb.exe
  2⤵
  PID:6504
- C:\Windows\System\JNmmbLl.exe
  C:\Windows\System\JNmmbLl.exe
  2⤵
  PID:6568
- C:\Windows\System\bYAkDdY.exe
  C:\Windows\System\bYAkDdY.exe
  2⤵
  PID:6992
- C:\Windows\System\bpAntuO.exe
  C:\Windows\System\bpAntuO.exe
  2⤵
  PID:7080
- C:\Windows\System\fLuvwrX.exe
  C:\Windows\System\fLuvwrX.exe
  2⤵
  PID:6628
- C:\Windows\System\WrlezVx.exe
  C:\Windows\System\WrlezVx.exe
  2⤵
  PID:6800
- C:\Windows\System\CwNCiTN.exe
  C:\Windows\System\CwNCiTN.exe
  2⤵
  PID:6740
- C:\Windows\System\nqQvSXm.exe
  C:\Windows\System\nqQvSXm.exe
  2⤵
  PID:7008
- C:\Windows\System\eYdrdeY.exe
  C:\Windows\System\eYdrdeY.exe
  2⤵
  PID:5692
- C:\Windows\System\NetUmoe.exe
  C:\Windows\System\NetUmoe.exe
  2⤵
  PID:6256
- C:\Windows\System\jJRrPfl.exe
  C:\Windows\System\jJRrPfl.exe
  2⤵
  PID:6656
- C:\Windows\System\wapkfqd.exe
  C:\Windows\System\wapkfqd.exe
  2⤵
  PID:6348
- C:\Windows\System\HmNNgWi.exe
  C:\Windows\System\HmNNgWi.exe
  2⤵
  PID:6292
- C:\Windows\System\GTnGHUG.exe
  C:\Windows\System\GTnGHUG.exe
  2⤵
  PID:6572
- C:\Windows\System\VdKaTJU.exe
  C:\Windows\System\VdKaTJU.exe
  2⤵
  PID:6520
- C:\Windows\System\zNjTyMd.exe
  C:\Windows\System\zNjTyMd.exe
  2⤵
  PID:6556
- C:\Windows\System\MrkIStT.exe
  C:\Windows\System\MrkIStT.exe
  2⤵
  PID:6616
- C:\Windows\System\OqdgvWm.exe
  C:\Windows\System\OqdgvWm.exe
  2⤵
  PID:6672
- C:\Windows\System\chbyTAN.exe
  C:\Windows\System\chbyTAN.exe
  2⤵
  PID:7052
- C:\Windows\System\ogDahOo.exe
  C:\Windows\System\ogDahOo.exe
  2⤵
  PID:6724
- C:\Windows\System\jcbpjvB.exe
  C:\Windows\System\jcbpjvB.exe
  2⤵
  PID:7172
- C:\Windows\System\wzdjjGT.exe
  C:\Windows\System\wzdjjGT.exe
  2⤵
  PID:7192
- C:\Windows\System\mvYYrPS.exe
  C:\Windows\System\mvYYrPS.exe
  2⤵
  PID:7208
- C:\Windows\System\PiZCbOd.exe
  C:\Windows\System\PiZCbOd.exe
  2⤵
  PID:7248
- C:\Windows\System\PeArvnZ.exe
  C:\Windows\System\PeArvnZ.exe
  2⤵
  PID:7264
- C:\Windows\System\RVVVSaa.exe
  C:\Windows\System\RVVVSaa.exe
  2⤵
  PID:7288
- C:\Windows\System\XmAHEMv.exe
  C:\Windows\System\XmAHEMv.exe
  2⤵
  PID:7304
- C:\Windows\System\VIstVNF.exe
  C:\Windows\System\VIstVNF.exe
  2⤵
  PID:7320
- C:\Windows\System\EcwmSXw.exe
  C:\Windows\System\EcwmSXw.exe
  2⤵
  PID:7336
- C:\Windows\System\ntrggOH.exe
  C:\Windows\System\ntrggOH.exe
  2⤵
  PID:7356
- C:\Windows\System\VyYPDsy.exe
  C:\Windows\System\VyYPDsy.exe
  2⤵
  PID:7372
- C:\Windows\System\TEicZdH.exe
  C:\Windows\System\TEicZdH.exe
  2⤵
  PID:7388
- C:\Windows\System\SAzOZRa.exe
  C:\Windows\System\SAzOZRa.exe
  2⤵
  PID:7408
- C:\Windows\System\mBsTIoa.exe
  C:\Windows\System\mBsTIoa.exe
  2⤵
  PID:7424
- C:\Windows\System\CLLlxSZ.exe
  C:\Windows\System\CLLlxSZ.exe
  2⤵
  PID:7444
- C:\Windows\System\XbDbrPL.exe
  C:\Windows\System\XbDbrPL.exe
  2⤵
  PID:7468
- C:\Windows\System\mUlPzbx.exe
  C:\Windows\System\mUlPzbx.exe
  2⤵
  PID:7520
- C:\Windows\System\pJopLpd.exe
  C:\Windows\System\pJopLpd.exe
  2⤵
  PID:7540
- C:\Windows\System\kBxeBus.exe
  C:\Windows\System\kBxeBus.exe
  2⤵
  PID:7556
- C:\Windows\System\oJZGPsl.exe
  C:\Windows\System\oJZGPsl.exe
  2⤵
  PID:7572
- C:\Windows\System\ydGilUT.exe
  C:\Windows\System\ydGilUT.exe
  2⤵
  PID:7592
- C:\Windows\System\QYTyMOG.exe
  C:\Windows\System\QYTyMOG.exe
  2⤵
  PID:7620
- C:\Windows\System\JdlwIdg.exe
  C:\Windows\System\JdlwIdg.exe
  2⤵
  PID:7636
- C:\Windows\System\bkxZBbx.exe
  C:\Windows\System\bkxZBbx.exe
  2⤵
  PID:7652
- C:\Windows\System\NUNLYCY.exe
  C:\Windows\System\NUNLYCY.exe
  2⤵
  PID:7668
- C:\Windows\System\eQIasko.exe
  C:\Windows\System\eQIasko.exe
  2⤵
  PID:7684
- C:\Windows\System\mAlxRkT.exe
  C:\Windows\System\mAlxRkT.exe
  2⤵
  PID:7700
- C:\Windows\System\vlpGSXD.exe
  C:\Windows\System\vlpGSXD.exe
  2⤵
  PID:7716
- C:\Windows\System\aVfNYxI.exe
  C:\Windows\System\aVfNYxI.exe
  2⤵
  PID:7756
- C:\Windows\System\jOmIzhf.exe
  C:\Windows\System\jOmIzhf.exe
  2⤵
  PID:7772
- C:\Windows\System\GIxrvvj.exe
  C:\Windows\System\GIxrvvj.exe
  2⤵
  PID:7792
- C:\Windows\System\kWNpCSt.exe
  C:\Windows\System\kWNpCSt.exe
  2⤵
  PID:7808
- C:\Windows\System\AhejKJt.exe
  C:\Windows\System\AhejKJt.exe
  2⤵
  PID:7824
- C:\Windows\System\AdVBSFZ.exe
  C:\Windows\System\AdVBSFZ.exe
  2⤵
  PID:7840
- C:\Windows\System\kndZyDF.exe
  C:\Windows\System\kndZyDF.exe
  2⤵
  PID:7856
- C:\Windows\System\nvLHaiW.exe
  C:\Windows\System\nvLHaiW.exe
  2⤵
  PID:7872
- C:\Windows\System\cNzGrCa.exe
  C:\Windows\System\cNzGrCa.exe
  2⤵
  PID:7888
- C:\Windows\System\yIjZhPQ.exe
  C:\Windows\System\yIjZhPQ.exe
  2⤵
  PID:7908
- C:\Windows\System\YklTkfH.exe
  C:\Windows\System\YklTkfH.exe
  2⤵
  PID:7928
- C:\Windows\System\YeggXfq.exe
  C:\Windows\System\YeggXfq.exe
  2⤵
  PID:7952
- C:\Windows\System\TAhAbjD.exe
  C:\Windows\System\TAhAbjD.exe
  2⤵
  PID:8000
- C:\Windows\System\fzYmXxI.exe
  C:\Windows\System\fzYmXxI.exe
  2⤵
  PID:8016
- C:\Windows\System\gIWpwFR.exe
  C:\Windows\System\gIWpwFR.exe
  2⤵
  PID:8036
- C:\Windows\System\tujhPnx.exe
  C:\Windows\System\tujhPnx.exe
  2⤵
  PID:8052
- C:\Windows\System\TTaCkBA.exe
  C:\Windows\System\TTaCkBA.exe
  2⤵
  PID:8068
- C:\Windows\System\dYvwTkH.exe
  C:\Windows\System\dYvwTkH.exe
  2⤵
  PID:8088
- C:\Windows\System\LKOYQcN.exe
  C:\Windows\System\LKOYQcN.exe
  2⤵
  PID:8108
- C:\Windows\System\oGZqgCB.exe
  C:\Windows\System\oGZqgCB.exe
  2⤵
  PID:8140
- C:\Windows\System\SrYOSxJ.exe
  C:\Windows\System\SrYOSxJ.exe
  2⤵
  PID:8156
- C:\Windows\System\sSQztgB.exe
  C:\Windows\System\sSQztgB.exe
  2⤵
  PID:8176
- C:\Windows\System\IcuJswR.exe
  C:\Windows\System\IcuJswR.exe
  2⤵
  PID:6432
- C:\Windows\System\NIgeWEN.exe
  C:\Windows\System\NIgeWEN.exe
  2⤵
  PID:7004
- C:\Windows\System\bNuyfeK.exe
  C:\Windows\System\bNuyfeK.exe
  2⤵
  PID:7128
- C:\Windows\System\detMvPw.exe
  C:\Windows\System\detMvPw.exe
  2⤵
  PID:3980
- C:\Windows\System\vqfFcui.exe
  C:\Windows\System\vqfFcui.exe
  2⤵
  PID:7216
- C:\Windows\System\MygGHLI.exe
  C:\Windows\System\MygGHLI.exe
  2⤵
  PID:7228
- C:\Windows\System\YMVQAdA.exe
  C:\Windows\System\YMVQAdA.exe
  2⤵
  PID:7276
- C:\Windows\System\QRGwhhq.exe
  C:\Windows\System\QRGwhhq.exe
  2⤵
  PID:7316
- C:\Windows\System\lCahBEu.exe
  C:\Windows\System\lCahBEu.exe
  2⤵
  PID:7384
- C:\Windows\System\BOmDimy.exe
  C:\Windows\System\BOmDimy.exe
  2⤵
  PID:7260
- C:\Windows\System\gFcyLrt.exe
  C:\Windows\System\gFcyLrt.exe
  2⤵
  PID:7368
- C:\Windows\System\cMyuLKG.exe
  C:\Windows\System\cMyuLKG.exe
  2⤵
  PID:7432
- C:\Windows\System\gWrVOlR.exe
  C:\Windows\System\gWrVOlR.exe
  2⤵
  PID:7500
- C:\Windows\System\zbIBQRF.exe
  C:\Windows\System\zbIBQRF.exe
  2⤵
  PID:7480
- C:\Windows\System\wCvrFgF.exe
  C:\Windows\System\wCvrFgF.exe
  2⤵
  PID:7532
- C:\Windows\System\YzJGiAC.exe
  C:\Windows\System\YzJGiAC.exe
  2⤵
  PID:7564
- C:\Windows\System\frfbKks.exe
  C:\Windows\System\frfbKks.exe
  2⤵
  PID:7568
- C:\Windows\System\KVFqPTG.exe
  C:\Windows\System\KVFqPTG.exe
  2⤵
  PID:7612
- C:\Windows\System\rZmGXuW.exe
  C:\Windows\System\rZmGXuW.exe
  2⤵
  PID:7648
- C:\Windows\System\OjfjeAp.exe
  C:\Windows\System\OjfjeAp.exe
  2⤵
  PID:7736
- C:\Windows\System\EONpDDV.exe
  C:\Windows\System\EONpDDV.exe
  2⤵
  PID:7692
- C:\Windows\System\fEZpXLL.exe
  C:\Windows\System\fEZpXLL.exe
  2⤵
  PID:7724
- C:\Windows\System\ZQGSgIW.exe
  C:\Windows\System\ZQGSgIW.exe
  2⤵
  PID:7800
- C:\Windows\System\zDBwVQV.exe
  C:\Windows\System\zDBwVQV.exe
  2⤵
  PID:7864
- C:\Windows\System\APqZIId.exe
  C:\Windows\System\APqZIId.exe
  2⤵
  PID:7904
- C:\Windows\System\YzmWiEi.exe
  C:\Windows\System\YzmWiEi.exe
  2⤵
  PID:7948
- C:\Windows\System\tDsfnlv.exe
  C:\Windows\System\tDsfnlv.exe
  2⤵
  PID:7784
- C:\Windows\System\zXHnDgr.exe
  C:\Windows\System\zXHnDgr.exe
  2⤵
  PID:7972
- C:\Windows\System\LPiKcQn.exe
  C:\Windows\System\LPiKcQn.exe
  2⤵
  PID:7980
- C:\Windows\System\SHCsloB.exe
  C:\Windows\System\SHCsloB.exe
  2⤵
  PID:7960
- C:\Windows\System\ttuCSrI.exe
  C:\Windows\System\ttuCSrI.exe
  2⤵
  PID:7996
- C:\Windows\System\iwqoVaB.exe
  C:\Windows\System\iwqoVaB.exe
  2⤵
  PID:8048
- C:\Windows\System\qKvfgZE.exe
  C:\Windows\System\qKvfgZE.exe
  2⤵
  PID:8064
- C:\Windows\System\TqqpRXS.exe
  C:\Windows\System\TqqpRXS.exe
  2⤵
  PID:8024
- C:\Windows\System\PUoTlfm.exe
  C:\Windows\System\PUoTlfm.exe
  2⤵
  PID:8128
- C:\Windows\System\MaSmWfo.exe
  C:\Windows\System\MaSmWfo.exe
  2⤵
  PID:8152
- C:\Windows\System\EmiQhKR.exe
  C:\Windows\System\EmiQhKR.exe
  2⤵
  PID:8172
- C:\Windows\System\mGMrlHl.exe
  C:\Windows\System\mGMrlHl.exe
  2⤵
  PID:7200
- C:\Windows\System\IKjjieN.exe
  C:\Windows\System\IKjjieN.exe
  2⤵
  PID:7420
- C:\Windows\System\BcwZLoz.exe
  C:\Windows\System\BcwZLoz.exe
  2⤵
  PID:7352
- C:\Windows\System\TzXOygZ.exe
  C:\Windows\System\TzXOygZ.exe
  2⤵
  PID:6308
- C:\Windows\System\lfnVKhf.exe
  C:\Windows\System\lfnVKhf.exe
  2⤵
  PID:7188
- C:\Windows\System\pnWWlgO.exe
  C:\Windows\System\pnWWlgO.exe
  2⤵
  PID:7508
- C:\Windows\System\BoRQzZr.exe
  C:\Windows\System\BoRQzZr.exe
  2⤵
  PID:7600
- C:\Windows\System\iyqboIx.exe
  C:\Windows\System\iyqboIx.exe
  2⤵
  PID:7744
- C:\Windows\System\JhYlYpZ.exe
  C:\Windows\System\JhYlYpZ.exe
  2⤵
  PID:7820
- C:\Windows\System\HQuJlwx.exe
  C:\Windows\System\HQuJlwx.exe
  2⤵
  PID:8044
- C:\Windows\System\vRgXtQg.exe
  C:\Windows\System\vRgXtQg.exe
  2⤵
  PID:2492
- C:\Windows\System\pHDktWt.exe
  C:\Windows\System\pHDktWt.exe
  2⤵
  PID:7272
- C:\Windows\System\XYDPQOJ.exe
  C:\Windows\System\XYDPQOJ.exe
  2⤵
  PID:7300
- C:\Windows\System\ozStsbJ.exe
  C:\Windows\System\ozStsbJ.exe
  2⤵
  PID:7852
- C:\Windows\System\bjVklWk.exe
  C:\Windows\System\bjVklWk.exe
  2⤵
  PID:7964
- C:\Windows\System\UhsoHMx.exe
  C:\Windows\System\UhsoHMx.exe
  2⤵
  PID:8060
- C:\Windows\System\eHszJrp.exe
  C:\Windows\System\eHszJrp.exe
  2⤵
  PID:7224
- C:\Windows\System\mDtmDsB.exe
  C:\Windows\System\mDtmDsB.exe
  2⤵
  PID:7528
- C:\Windows\System\UTUOqmA.exe
  C:\Windows\System\UTUOqmA.exe
  2⤵
  PID:7484
- C:\Windows\System\doisXGH.exe
  C:\Windows\System\doisXGH.exe
  2⤵
  PID:7364
- C:\Windows\System\VRySDLQ.exe
  C:\Windows\System\VRySDLQ.exe
  2⤵
  PID:7584
- C:\Windows\System\sqBVqyg.exe
  C:\Windows\System\sqBVqyg.exe
  2⤵
  PID:7512
- C:\Windows\System\LawzZVv.exe
  C:\Windows\System\LawzZVv.exe
  2⤵
  PID:7748
- C:\Windows\System\khOmtpR.exe
  C:\Windows\System\khOmtpR.exe
  2⤵
  PID:8032
- C:\Windows\System\ltWlUnC.exe
  C:\Windows\System\ltWlUnC.exe
  2⤵
  PID:8124
- C:\Windows\System\hqdhygt.exe
  C:\Windows\System\hqdhygt.exe
  2⤵
  PID:5732
- C:\Windows\System\TFNxqft.exe
  C:\Windows\System\TFNxqft.exe
  2⤵
  PID:7884
- C:\Windows\System\ZqgOMVu.exe
  C:\Windows\System\ZqgOMVu.exe
  2⤵
  PID:8080
- C:\Windows\System\tjGhayE.exe
  C:\Windows\System\tjGhayE.exe
  2⤵
  PID:8184
- C:\Windows\System\sbhrBAD.exe
  C:\Windows\System\sbhrBAD.exe
  2⤵
  PID:7460
- C:\Windows\System\NwoHlTP.exe
  C:\Windows\System\NwoHlTP.exe
  2⤵
  PID:8012
- C:\Windows\System\lwiwsBM.exe
  C:\Windows\System\lwiwsBM.exe
  2⤵
  PID:7920
- C:\Windows\System\CMYkYtx.exe
  C:\Windows\System\CMYkYtx.exe
  2⤵
  PID:7708
- C:\Windows\System\QihSQtU.exe
  C:\Windows\System\QihSQtU.exe
  2⤵
  PID:7780
- C:\Windows\System\ArKEttO.exe
  C:\Windows\System\ArKEttO.exe
  2⤵
  PID:7712
- C:\Windows\System\bxKMwoj.exe
  C:\Windows\System\bxKMwoj.exe
  2⤵
  PID:7476
- C:\Windows\System\hAYMtJq.exe
  C:\Windows\System\hAYMtJq.exe
  2⤵
  PID:8164
- C:\Windows\System\hnWewQT.exe
  C:\Windows\System\hnWewQT.exe
  2⤵
  PID:7244
- C:\Windows\System\AxnAdKV.exe
  C:\Windows\System\AxnAdKV.exe
  2⤵
  PID:8208
- C:\Windows\System\gGFuJlq.exe
  C:\Windows\System\gGFuJlq.exe
  2⤵
  PID:8228
- C:\Windows\System\tGNDJFx.exe
  C:\Windows\System\tGNDJFx.exe
  2⤵
  PID:8248
- C:\Windows\System\rqztwBq.exe
  C:\Windows\System\rqztwBq.exe
  2⤵
  PID:8264
- C:\Windows\System\eYnWTMQ.exe
  C:\Windows\System\eYnWTMQ.exe
  2⤵
  PID:8280
- C:\Windows\System\zBpGjJJ.exe
  C:\Windows\System\zBpGjJJ.exe
  2⤵
  PID:8300
- C:\Windows\System\HQWnyyU.exe
  C:\Windows\System\HQWnyyU.exe
  2⤵
  PID:8344
- C:\Windows\System\gpXXKzE.exe
  C:\Windows\System\gpXXKzE.exe
  2⤵
  PID:8364
- C:\Windows\System\PMyaTWW.exe
  C:\Windows\System\PMyaTWW.exe
  2⤵
  PID:8384
- C:\Windows\System\pnXkKJz.exe
  C:\Windows\System\pnXkKJz.exe
  2⤵
  PID:8400
- C:\Windows\System\sWqAlVM.exe
  C:\Windows\System\sWqAlVM.exe
  2⤵
  PID:8416
- C:\Windows\System\pOwzLhn.exe
  C:\Windows\System\pOwzLhn.exe
  2⤵
  PID:8432
- C:\Windows\System\olRlOsQ.exe
  C:\Windows\System\olRlOsQ.exe
  2⤵
  PID:8448
- C:\Windows\System\WzUWiRu.exe
  C:\Windows\System\WzUWiRu.exe
  2⤵
  PID:8464
- C:\Windows\System\quQuaZF.exe
  C:\Windows\System\quQuaZF.exe
  2⤵
  PID:8480
- C:\Windows\System\oajphMM.exe
  C:\Windows\System\oajphMM.exe
  2⤵
  PID:8496
- C:\Windows\System\vRKrHKD.exe
  C:\Windows\System\vRKrHKD.exe
  2⤵
  PID:8528
- C:\Windows\System\wQXMmUW.exe
  C:\Windows\System\wQXMmUW.exe
  2⤵
  PID:8552
- C:\Windows\System\ZaxInhh.exe
  C:\Windows\System\ZaxInhh.exe
  2⤵
  PID:8572
- C:\Windows\System\HFnoPwB.exe
  C:\Windows\System\HFnoPwB.exe
  2⤵
  PID:8608
- C:\Windows\System\AgahxaV.exe
  C:\Windows\System\AgahxaV.exe
  2⤵
  PID:8624
- C:\Windows\System\npJZoYb.exe
  C:\Windows\System\npJZoYb.exe
  2⤵
  PID:8644
- C:\Windows\System\bkhaGdI.exe
  C:\Windows\System\bkhaGdI.exe
  2⤵
  PID:8664
- C:\Windows\System\qMYgANu.exe
  C:\Windows\System\qMYgANu.exe
  2⤵
  PID:8680
- C:\Windows\System\nyKxIal.exe
  C:\Windows\System\nyKxIal.exe
  2⤵
  PID:8704
- C:\Windows\System\tkxSUuT.exe
  C:\Windows\System\tkxSUuT.exe
  2⤵
  PID:8720
- C:\Windows\System\AFYxPjT.exe
  C:\Windows\System\AFYxPjT.exe
  2⤵
  PID:8744
- C:\Windows\System\STlMWbk.exe
  C:\Windows\System\STlMWbk.exe
  2⤵
  PID:8760
- C:\Windows\System\xgtpNHd.exe
  C:\Windows\System\xgtpNHd.exe
  2⤵
  PID:8784
- C:\Windows\System\XOdnIgl.exe
  C:\Windows\System\XOdnIgl.exe
  2⤵
  PID:8808
- C:\Windows\System\bRIhlGH.exe
  C:\Windows\System\bRIhlGH.exe
  2⤵
  PID:8824
- C:\Windows\System\ldPBNaw.exe
  C:\Windows\System\ldPBNaw.exe
  2⤵
  PID:8844
- C:\Windows\System\DYQEfSQ.exe
  C:\Windows\System\DYQEfSQ.exe
  2⤵
  PID:8868
- C:\Windows\System\PStZUnY.exe
  C:\Windows\System\PStZUnY.exe
  2⤵
  PID:8884
- C:\Windows\System\JCfJrqY.exe
  C:\Windows\System\JCfJrqY.exe
  2⤵
  PID:8904
- C:\Windows\System\WZbPtLk.exe
  C:\Windows\System\WZbPtLk.exe
  2⤵
  PID:8928
- C:\Windows\System\fmBfKlT.exe
  C:\Windows\System\fmBfKlT.exe
  2⤵
  PID:8944
- C:\Windows\System\NbiqyFj.exe
  C:\Windows\System\NbiqyFj.exe
  2⤵
  PID:8960
- C:\Windows\System\pdClZll.exe
  C:\Windows\System\pdClZll.exe
  2⤵
  PID:8976
- C:\Windows\System\JVkGJcR.exe
  C:\Windows\System\JVkGJcR.exe
  2⤵
  PID:9000
- C:\Windows\System\rZAubrm.exe
  C:\Windows\System\rZAubrm.exe
  2⤵
  PID:9020
- C:\Windows\System\AueqJrc.exe
  C:\Windows\System\AueqJrc.exe
  2⤵
  PID:9044
- C:\Windows\System\rGVmoAv.exe
  C:\Windows\System\rGVmoAv.exe
  2⤵
  PID:9064
- C:\Windows\System\bhhkBSY.exe
  C:\Windows\System\bhhkBSY.exe
  2⤵
  PID:9088
- C:\Windows\System\xPBQIil.exe
  C:\Windows\System\xPBQIil.exe
  2⤵
  PID:9104
- C:\Windows\System\FvZeIvr.exe
  C:\Windows\System\FvZeIvr.exe
  2⤵
  PID:9128
- C:\Windows\System\mVXNfGn.exe
  C:\Windows\System\mVXNfGn.exe
  2⤵
  PID:9144
- C:\Windows\System\qCHvnGB.exe
  C:\Windows\System\qCHvnGB.exe
  2⤵
  PID:9160
- C:\Windows\System\BjNAznF.exe
  C:\Windows\System\BjNAznF.exe
  2⤵
  PID:9188
- C:\Windows\System\HMtFIVm.exe
  C:\Windows\System\HMtFIVm.exe
  2⤵
  PID:9204
- C:\Windows\System\hQXTOJh.exe
  C:\Windows\System\hQXTOJh.exe
  2⤵
  PID:8204
- C:\Windows\System\DXyLXoL.exe
  C:\Windows\System\DXyLXoL.exe
  2⤵
  PID:8272
- C:\Windows\System\wdAxGII.exe
  C:\Windows\System\wdAxGII.exe
  2⤵
  PID:7944
- C:\Windows\System\yzpUgaW.exe
  C:\Windows\System\yzpUgaW.exe
  2⤵
  PID:7900
- C:\Windows\System\xPKXFoc.exe
  C:\Windows\System\xPKXFoc.exe
  2⤵
  PID:8220
- C:\Windows\System\zNquxZN.exe
  C:\Windows\System\zNquxZN.exe
  2⤵
  PID:8352
- C:\Windows\System\AaASwDF.exe
  C:\Windows\System\AaASwDF.exe
  2⤵
  PID:8380
- C:\Windows\System\kyRgTKZ.exe
  C:\Windows\System\kyRgTKZ.exe
  2⤵
  PID:8444
- C:\Windows\System\rFYeyEI.exe
  C:\Windows\System\rFYeyEI.exe
  2⤵
  PID:8472
- C:\Windows\System\YilkWOe.exe
  C:\Windows\System\YilkWOe.exe
  2⤵
  PID:8504
- C:\Windows\System\FKNRJfX.exe
  C:\Windows\System\FKNRJfX.exe
  2⤵
  PID:8520
- C:\Windows\System\xCuTBge.exe
  C:\Windows\System\xCuTBge.exe
  2⤵
  PID:8492
- C:\Windows\System\azvfUQe.exe
  C:\Windows\System\azvfUQe.exe
  2⤵
  PID:8580
- C:\Windows\System\AOqcnrN.exe
  C:\Windows\System\AOqcnrN.exe
  2⤵
  PID:7728
- C:\Windows\System\vwgGsbd.exe
  C:\Windows\System\vwgGsbd.exe
  2⤵
  PID:8632
- C:\Windows\System\eoZcSYf.exe
  C:\Windows\System\eoZcSYf.exe
  2⤵
  PID:8656
- C:\Windows\System\PyqZyKe.exe
  C:\Windows\System\PyqZyKe.exe
  2⤵
  PID:8732
- C:\Windows\System\yhcGoay.exe
  C:\Windows\System\yhcGoay.exe
  2⤵
  PID:8768
- C:\Windows\System\ptSUgLL.exe
  C:\Windows\System\ptSUgLL.exe
  2⤵
  PID:8752
- C:\Windows\System\mhEwsjY.exe
  C:\Windows\System\mhEwsjY.exe
  2⤵
  PID:8800
- C:\Windows\System\tAWmFoB.exe
  C:\Windows\System\tAWmFoB.exe
  2⤵
  PID:8836
- C:\Windows\System\COWdFaJ.exe
  C:\Windows\System\COWdFaJ.exe
  2⤵
  PID:8860
- C:\Windows\System\SLkzBlW.exe
  C:\Windows\System\SLkzBlW.exe
  2⤵
  PID:8880
- C:\Windows\System\FUgdIyq.exe
  C:\Windows\System\FUgdIyq.exe
  2⤵
  PID:8972
- C:\Windows\System\pbvSZEy.exe
  C:\Windows\System\pbvSZEy.exe
  2⤵
  PID:8924
- C:\Windows\System\UXiPATd.exe
  C:\Windows\System\UXiPATd.exe
  2⤵
  PID:9036
- C:\Windows\System\WhDcFPi.exe
  C:\Windows\System\WhDcFPi.exe
  2⤵
  PID:9040
- C:\Windows\System\Mximhni.exe
  C:\Windows\System\Mximhni.exe
  2⤵
  PID:8988
- C:\Windows\System\ZiEflBh.exe
  C:\Windows\System\ZiEflBh.exe
  2⤵
  PID:9168
- C:\Windows\System\ZaTVtpV.exe
  C:\Windows\System\ZaTVtpV.exe
  2⤵
  PID:8200
- C:\Windows\System\SVBeQMc.exe
  C:\Windows\System\SVBeQMc.exe
  2⤵
  PID:9156
- C:\Windows\System\PubMfoJ.exe
  C:\Windows\System\PubMfoJ.exe
  2⤵
  PID:8308
- C:\Windows\System\WLoQnTj.exe
  C:\Windows\System\WLoQnTj.exe
  2⤵
  PID:7492
- C:\Windows\System\MHJXgyE.exe
  C:\Windows\System\MHJXgyE.exe
  2⤵
  PID:8292
- C:\Windows\System\nRIklRY.exe
  C:\Windows\System\nRIklRY.exe
  2⤵
  PID:8332
- C:\Windows\System\jrOqgkr.exe
  C:\Windows\System\jrOqgkr.exe
  2⤵
  PID:8428
- C:\Windows\System\ceKMmWp.exe
  C:\Windows\System\ceKMmWp.exe
  2⤵
  PID:8424
- C:\Windows\System\JNmoWlh.exe
  C:\Windows\System\JNmoWlh.exe
  2⤵
  PID:8488
- C:\Windows\System\iMJXMJM.exe
  C:\Windows\System\iMJXMJM.exe
  2⤵
  PID:8540
- C:\Windows\System\OqupXUk.exe
  C:\Windows\System\OqupXUk.exe
  2⤵
  PID:8592
- C:\Windows\System\dwMrWsI.exe
  C:\Windows\System\dwMrWsI.exe
  2⤵
  PID:8636
- C:\Windows\System\nPjgikJ.exe
  C:\Windows\System\nPjgikJ.exe
  2⤵
  PID:8716
- C:\Windows\System\HWBPexg.exe
  C:\Windows\System\HWBPexg.exe
  2⤵
  PID:8832
- C:\Windows\System\KmnzfZL.exe
  C:\Windows\System\KmnzfZL.exe
  2⤵
  PID:8912
- C:\Windows\System\XEWjfmX.exe
  C:\Windows\System\XEWjfmX.exe
  2⤵
  PID:8968
- C:\Windows\System\iMvZsPi.exe
  C:\Windows\System\iMvZsPi.exe
  2⤵
  PID:9056
- C:\Windows\System\QaEPADc.exe
  C:\Windows\System\QaEPADc.exe
  2⤵
  PID:9028
- C:\Windows\System\dxCUThf.exe
  C:\Windows\System\dxCUThf.exe
  2⤵
  PID:9136
- C:\Windows\System\sayxbHt.exe
  C:\Windows\System\sayxbHt.exe
  2⤵
  PID:9184
- C:\Windows\System\ZtHMGjc.exe
  C:\Windows\System\ZtHMGjc.exe
  2⤵
  PID:9124
- C:\Windows\System\gsckiVK.exe
  C:\Windows\System\gsckiVK.exe
  2⤵
  PID:8920
- C:\Windows\System\kEpAtJD.exe
  C:\Windows\System\kEpAtJD.exe
  2⤵
  PID:8316
- C:\Windows\System\zcCRFGp.exe
  C:\Windows\System\zcCRFGp.exe
  2⤵
  PID:8324
- C:\Windows\System\oIoRlXZ.exe
  C:\Windows\System\oIoRlXZ.exe
  2⤵
  PID:8408
- C:\Windows\System\qprbaMq.exe
  C:\Windows\System\qprbaMq.exe
  2⤵
  PID:8512
- C:\Windows\System\yXdZnhG.exe
  C:\Windows\System\yXdZnhG.exe
  2⤵
  PID:8616
- C:\Windows\System\uZGUIJG.exe
  C:\Windows\System\uZGUIJG.exe
  2⤵
  PID:8652
- C:\Windows\System\YpRqQkW.exe
  C:\Windows\System\YpRqQkW.exe
  2⤵
  PID:8776
- C:\Windows\System\QxIolkF.exe
  C:\Windows\System\QxIolkF.exe
  2⤵
  PID:8792
- C:\Windows\System\gNqJlNW.exe
  C:\Windows\System\gNqJlNW.exe
  2⤵
  PID:8796
- C:\Windows\System\PlmZRrP.exe
  C:\Windows\System\PlmZRrP.exe
  2⤵
  PID:9060
- C:\Windows\System\aGzhLEW.exe
  C:\Windows\System\aGzhLEW.exe
  2⤵
  PID:9112
- C:\Windows\System\qKfxntm.exe
  C:\Windows\System\qKfxntm.exe
  2⤵
  PID:8672
- C:\Windows\System\qQuBLYz.exe
  C:\Windows\System\qQuBLYz.exe
  2⤵
  PID:8328
- C:\Windows\System\AUEMMvK.exe
  C:\Windows\System\AUEMMvK.exe
  2⤵
  PID:8728
- C:\Windows\System\cyQayMr.exe
  C:\Windows\System\cyQayMr.exe
  2⤵
  PID:8564
- C:\Windows\System\duumasw.exe
  C:\Windows\System\duumasw.exe
  2⤵
  PID:8256
- C:\Windows\System\ZznltlT.exe
  C:\Windows\System\ZznltlT.exe
  2⤵
  PID:9176
- C:\Windows\System\nwUuTvc.exe
  C:\Windows\System\nwUuTvc.exe
  2⤵
  PID:8820
- C:\Windows\System\rgNyRJz.exe
  C:\Windows\System\rgNyRJz.exe
  2⤵
  PID:8700
- C:\Windows\System\yKHAYhl.exe
  C:\Windows\System\yKHAYhl.exe
  2⤵
  PID:8856
- C:\Windows\System\LhlWhmL.exe
  C:\Windows\System\LhlWhmL.exe
  2⤵
  PID:8372
- C:\Windows\System\ExknRol.exe
  C:\Windows\System\ExknRol.exe
  2⤵
  PID:9032
- C:\Windows\System\qBhKRoW.exe
  C:\Windows\System\qBhKRoW.exe
  2⤵
  PID:9152
- C:\Windows\System\vyKYQEs.exe
  C:\Windows\System\vyKYQEs.exe
  2⤵
  PID:9228
- C:\Windows\System\COiRDaT.exe
  C:\Windows\System\COiRDaT.exe
  2⤵
  PID:9244
- C:\Windows\System\ceFwRFv.exe
  C:\Windows\System\ceFwRFv.exe
  2⤵
  PID:9260
- C:\Windows\System\MFEDyyD.exe
  C:\Windows\System\MFEDyyD.exe
  2⤵
  PID:9280
- C:\Windows\System\SaavIxM.exe
  C:\Windows\System\SaavIxM.exe
  2⤵
  PID:9312
- C:\Windows\System\VuTYaRE.exe
  C:\Windows\System\VuTYaRE.exe
  2⤵
  PID:9332
- C:\Windows\System\cSAqZHW.exe
  C:\Windows\System\cSAqZHW.exe
  2⤵
  PID:9360
- C:\Windows\System\Hisjxwr.exe
  C:\Windows\System\Hisjxwr.exe
  2⤵
  PID:9376
- C:\Windows\System\FvwsMte.exe
  C:\Windows\System\FvwsMte.exe
  2⤵
  PID:9400
- C:\Windows\System\tsbSvpG.exe
  C:\Windows\System\tsbSvpG.exe
  2⤵
  PID:9416
- C:\Windows\System\ERPnfJv.exe
  C:\Windows\System\ERPnfJv.exe
  2⤵
  PID:9444
- C:\Windows\System\VLXQuwj.exe
  C:\Windows\System\VLXQuwj.exe
  2⤵
  PID:9460
- C:\Windows\System\RcPFBYz.exe
  C:\Windows\System\RcPFBYz.exe
  2⤵
  PID:9484
- C:\Windows\System\BGeHFBd.exe
  C:\Windows\System\BGeHFBd.exe
  2⤵
  PID:9500
- C:\Windows\System\IngVhkb.exe
  C:\Windows\System\IngVhkb.exe
  2⤵
  PID:9520
- C:\Windows\System\reVfxSi.exe
  C:\Windows\System\reVfxSi.exe
  2⤵
  PID:9544
- C:\Windows\System\aoEkgct.exe
  C:\Windows\System\aoEkgct.exe
  2⤵
  PID:9560
- C:\Windows\System\ouIGdNA.exe
  C:\Windows\System\ouIGdNA.exe
  2⤵
  PID:9576
- C:\Windows\System\ZSmeLwc.exe
  C:\Windows\System\ZSmeLwc.exe
  2⤵
  PID:9596
- C:\Windows\System\PauLFRa.exe
  C:\Windows\System\PauLFRa.exe
  2⤵
  PID:9624
- C:\Windows\System\IolpTrv.exe
  C:\Windows\System\IolpTrv.exe
  2⤵
  PID:9640
- C:\Windows\System\YcRJHpU.exe
  C:\Windows\System\YcRJHpU.exe
  2⤵
  PID:9660
- C:\Windows\System\qjvAYRn.exe
  C:\Windows\System\qjvAYRn.exe
  2⤵
  PID:9676
- C:\Windows\System\JcKhbAp.exe
  C:\Windows\System\JcKhbAp.exe
  2⤵
  PID:9704
- C:\Windows\System\fiFQEKA.exe
  C:\Windows\System\fiFQEKA.exe
  2⤵
  PID:9720
- C:\Windows\System\OwsfmpS.exe
  C:\Windows\System\OwsfmpS.exe
  2⤵
  PID:9744
- C:\Windows\System\WNRYKVP.exe
  C:\Windows\System\WNRYKVP.exe
  2⤵
  PID:9764
- C:\Windows\System\xGTlnUR.exe
  C:\Windows\System\xGTlnUR.exe
  2⤵
  PID:9784
- C:\Windows\System\jCNCkAt.exe
  C:\Windows\System\jCNCkAt.exe
  2⤵
  PID:9800
- C:\Windows\System\IthCNdK.exe
  C:\Windows\System\IthCNdK.exe
  2⤵
  PID:9820
- C:\Windows\System\lNUgpOS.exe
  C:\Windows\System\lNUgpOS.exe
  2⤵
  PID:9844
- C:\Windows\System\vpGvYGo.exe
  C:\Windows\System\vpGvYGo.exe
  2⤵
  PID:9860
- C:\Windows\System\FPTPntT.exe
  C:\Windows\System\FPTPntT.exe
  2⤵
  PID:9884
- C:\Windows\System\USpzIGL.exe
  C:\Windows\System\USpzIGL.exe
  2⤵
  PID:9900
- C:\Windows\System\LgruQAY.exe
  C:\Windows\System\LgruQAY.exe
  2⤵
  PID:9924
- C:\Windows\System\sskEqTI.exe
  C:\Windows\System\sskEqTI.exe
  2⤵
  PID:9940
- C:\Windows\System\ccnKLxW.exe
  C:\Windows\System\ccnKLxW.exe
  2⤵
  PID:9964
- C:\Windows\System\pCGNtNO.exe
  C:\Windows\System\pCGNtNO.exe
  2⤵
  PID:9984
- C:\Windows\System\ahOxkwj.exe
  C:\Windows\System\ahOxkwj.exe
  2⤵
  PID:10008
- C:\Windows\System\qYzxUbb.exe
  C:\Windows\System\qYzxUbb.exe
  2⤵
  PID:10024
- C:\Windows\System\XqgWakB.exe
  C:\Windows\System\XqgWakB.exe
  2⤵
  PID:10044
- C:\Windows\System\KVrWsWx.exe
  C:\Windows\System\KVrWsWx.exe
  2⤵
  PID:10064
- C:\Windows\System\jLpzhyQ.exe
  C:\Windows\System\jLpzhyQ.exe
  2⤵
  PID:10084
- C:\Windows\System\gbKeggp.exe
  C:\Windows\System\gbKeggp.exe
  2⤵
  PID:10100
- C:\Windows\System\UQxgqud.exe
  C:\Windows\System\UQxgqud.exe
  2⤵
  PID:10116
- C:\Windows\System\FCjvjqR.exe
  C:\Windows\System\FCjvjqR.exe
  2⤵
  PID:10132
- C:\Windows\System\htfTtnw.exe
  C:\Windows\System\htfTtnw.exe
  2⤵
  PID:10152
- C:\Windows\System\MHBAPfC.exe
  C:\Windows\System\MHBAPfC.exe
  2⤵
  PID:10172
- C:\Windows\System\MHuthVm.exe
  C:\Windows\System\MHuthVm.exe
  2⤵
  PID:10188
- C:\Windows\System\qZizswj.exe
  C:\Windows\System\qZizswj.exe
  2⤵
  PID:10204
- C:\Windows\System\OeobrfS.exe
  C:\Windows\System\OeobrfS.exe
  2⤵
  PID:10224
- C:\Windows\System\CfdeOFw.exe
  C:\Windows\System\CfdeOFw.exe
  2⤵
  PID:9072
- C:\Windows\System\NsUuoEA.exe
  C:\Windows\System\NsUuoEA.exe
  2⤵
  PID:8568
- C:\Windows\System\XFkvhFQ.exe
  C:\Windows\System\XFkvhFQ.exe
  2⤵
  PID:8936
- C:\Windows\System\CElOIhq.exe
  C:\Windows\System\CElOIhq.exe
  2⤵
  PID:9288
- C:\Windows\System\YdVvpQS.exe
  C:\Windows\System\YdVvpQS.exe
  2⤵
  PID:9292
- C:\Windows\System\ozJlUPk.exe
  C:\Windows\System\ozJlUPk.exe
  2⤵
  PID:9348
- C:\Windows\System\AhVJAon.exe
  C:\Windows\System\AhVJAon.exe
  2⤵
  PID:9392
- C:\Windows\System\mJkXgWP.exe
  C:\Windows\System\mJkXgWP.exe
  2⤵
  PID:9428
- C:\Windows\System\EIncoTR.exe
  C:\Windows\System\EIncoTR.exe
  2⤵
  PID:9456
- C:\Windows\System\iYnHFLD.exe
  C:\Windows\System\iYnHFLD.exe
  2⤵
  PID:9492
- C:\Windows\System\YYPejQJ.exe
  C:\Windows\System\YYPejQJ.exe
  2⤵
  PID:9516
- C:\Windows\System\QMwUmwx.exe
  C:\Windows\System\QMwUmwx.exe
  2⤵
  PID:9568
- C:\Windows\System\MOpsJOw.exe
  C:\Windows\System\MOpsJOw.exe
  2⤵
  PID:9572
- C:\Windows\System\aSxAOPV.exe
  C:\Windows\System\aSxAOPV.exe
  2⤵
  PID:9620
- C:\Windows\System\WtSHqbP.exe
  C:\Windows\System\WtSHqbP.exe
  2⤵
  PID:9648
- C:\Windows\System\fKBmGoz.exe
  C:\Windows\System\fKBmGoz.exe
  2⤵
  PID:9696
- C:\Windows\System\gFRcoCh.exe
  C:\Windows\System\gFRcoCh.exe
  2⤵
  PID:9728
- C:\Windows\System\TXvgVHF.exe
  C:\Windows\System\TXvgVHF.exe
  2⤵
  PID:9752
- C:\Windows\System\xNnmqdt.exe
  C:\Windows\System\xNnmqdt.exe
  2⤵
  PID:9776
- C:\Windows\System\McZopNU.exe
  C:\Windows\System\McZopNU.exe
  2⤵
  PID:9812
- C:\Windows\System\AapYsDz.exe
  C:\Windows\System\AapYsDz.exe
  2⤵
  PID:9840
- C:\Windows\System\OZMKzJp.exe
  C:\Windows\System\OZMKzJp.exe
  2⤵
  PID:9892
- C:\Windows\System\KWyszwp.exe
  C:\Windows\System\KWyszwp.exe
  2⤵
  PID:9920
- C:\Windows\System\AufJfMR.exe
  C:\Windows\System\AufJfMR.exe
  2⤵
  PID:9952
- C:\Windows\System\lxWaeNx.exe
  C:\Windows\System\lxWaeNx.exe
  2⤵
  PID:9976
- C:\Windows\System\nkiehMH.exe
  C:\Windows\System\nkiehMH.exe
  2⤵
  PID:10020
- C:\Windows\System\exDUVbL.exe
  C:\Windows\System\exDUVbL.exe
  2⤵
  PID:10076
- C:\Windows\System\SNhaLQa.exe
  C:\Windows\System\SNhaLQa.exe
  2⤵
  PID:10056
- C:\Windows\System\UkvejBZ.exe
  C:\Windows\System\UkvejBZ.exe
  2⤵
  PID:10148
- C:\Windows\System\yVSaepg.exe
  C:\Windows\System\yVSaepg.exe
  2⤵
  PID:9236
- C:\Windows\System\gZCqKQX.exe
  C:\Windows\System\gZCqKQX.exe
  2⤵
  PID:9268
- C:\Windows\System\bTmTJVY.exe
  C:\Windows\System\bTmTJVY.exe
  2⤵
  PID:10092
- C:\Windows\System\aUDernD.exe
  C:\Windows\System\aUDernD.exe
  2⤵
  PID:10232
- C:\Windows\System\dZFEaal.exe
  C:\Windows\System\dZFEaal.exe
  2⤵
  PID:10160
- C:\Windows\System\RbocvWf.exe
  C:\Windows\System\RbocvWf.exe
  2⤵
  PID:9328
- C:\Windows\System\CSHnGUO.exe
  C:\Windows\System\CSHnGUO.exe
  2⤵
  PID:8288
- C:\Windows\System\lgQinMB.exe
  C:\Windows\System\lgQinMB.exe
  2⤵
  PID:9368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BiGzNPb.exe

Filesize
6.0MB

MD5
a677855e44747d13200758ca5b3f630a

SHA1
7afe1b4915000a8cb9143ea30bd674dd9783b09b

SHA256
af76b935fa2bd48e31c7fd379545c13d113e8f39e7f999921387ad8ce342a39d

SHA512
632321ab7f66551e596ca4584adf5d05eef19820e1bb3af5c52c7243fc40b2636444453414b95d35681573d22d2bf68bfc0cbaf171e63e579713ce92a3112f04

Download Submit
C:\Windows\system\EyaaRxW.exe

Filesize
6.0MB

MD5
3dc8293b0fde901ad8216de7702c9c40

SHA1
64a92d657bf0a27dedc96dd1bd966020922cdfd2

SHA256
e4048da453adc945c0fe1536be959a649ded107d1123454da4c9a256e7b74925

SHA512
3f6c65ec5d8f1e91e2aa9db183e29ff26a5d1777728e7f9d50bff3b064ece5dbe4b0ab94aae7e7418f49ecb3aaa3136aec0e737d6a98b461c18dbdb8a903bf74

Download Submit
C:\Windows\system\FlAiGlq.exe

Filesize
6.0MB

MD5
d2f10abbaff8c99abaa888ae042daa7a

SHA1
b48960bcaab33e998ed7704a5d7cd4ffaeadc1be

SHA256
066419563f03dc4e2bd3f81aa0bf1814d4178ee9fa1d4925d76466925550e830

SHA512
eb8ba565a280f17bff74a0e58a4f76fd28964ef0884853fc08a5a338667089baa09cea72cc272506f3fcef65e1c0218bdcad26134c438e781e2534b056e0a841

Download Submit
C:\Windows\system\HYVbFaD.exe

Filesize
6.0MB

MD5
c7134264861fac05f5e4d076e079878b

SHA1
1eaee369596964c859402d1f8213379d8d32d37b

SHA256
1af958f9dab3f30adf21b170338e7939ce60a06a2959198823bf5377c5e98331

SHA512
f065570421d6582d17ddbed697200b9b04a79a431cd609545f6562ea8dbeafb6101f87f14ad7d67d2e6939ba326288fabeef8c0d9a3259c60e82663a4d942d86

Download Submit
C:\Windows\system\JlIKBFB.exe

Filesize
6.0MB

MD5
377f82d93b78bf3d88508463e0c459b8

SHA1
29488044ede9cce4c9be552000885ab6eaf31024

SHA256
b4911136faf6d912eba767c25b17e6f95fe32d26782ed6aeebe0b56e0e85d669

SHA512
4bd62d0173d204aaca00646b6983725b4c1d457bca370014cc42791d7971cb75fe365d12b083ec67d00ae6cc1dcdf6cf72272b794c1c9838dffb81c53c778b53

Download Submit
C:\Windows\system\LmNwRxS.exe

Filesize
8B

MD5
24493dda2e27adaad394c1fb1df4883a

SHA1
79ccbd5505144f07d80eae6b4a0e814bc367e365

SHA256
3e2b9ffad5419d931b83bcec47444defad07afdbbbe1f630af23dc865fe54dc2

SHA512
58d0a40d1c8befaeafe7cb52427f2ab8564df1e79393b8733b23ba1daa6a2ea4a74e82f916ec1f036d7ac6ba599d1199c6d08503919c821a155b88fb541445fe

Download Submit
C:\Windows\system\MXUtcxF.exe

Filesize
6.0MB

MD5
9a62d4f6dca797651d751877dc1bfeb3

SHA1
deafd9250141e05099b335ffa1a74947d471e233

SHA256
5b260cbfe17e9d4f447981bfc90a9c205008504c1baf26b04d19920fbbb9e6fe

SHA512
c789a1e51d6473440daf0734a62c3ffa91551c4deab7094f0b6d2808f5cdb634e36deff7a617b0eb6ad82c660b661578c2e41a33e7e7b6265d2ce6a29926afc9

Download Submit
C:\Windows\system\QGLXrDL.exe

Filesize
6.0MB

MD5
210b0a8421de3b8d02c3792c5a72cd7f

SHA1
97ae717057c2e24643dfc3f4d3aad39c069e0913

SHA256
544ce4446bd44edde662b3544241e7e7f0850fc08c6a729ca3cdc5f1ca281bfc

SHA512
ea739e5abde1ca7d5ceb960096ddf22fe79b85708dc48a619f24dc02aaa59397c571b5c5c303481b59262976618ce2103f5e7f7d6187bbaaf36ba503ed1fbd97

Download Submit
C:\Windows\system\QIQSnTg.exe

Filesize
6.0MB

MD5
4853fd5403e2343cdd8ad4900f0d4153

SHA1
7df3e1571275abf0242791afddd94fc82f11c6a7

SHA256
94df366353a46395c93a607b65401b8483d13d081debde03a48618b66ecbea59

SHA512
907da2caa4da1ed13d11075ac2909d42a7cfd7c94245f892327960925dde5ef50e78ad890e2b072dc3e35f9b2100978fda19a515cb8cf28f7701971961558a1b

Download Submit
C:\Windows\system\QOaYKvj.exe

Filesize
6.0MB

MD5
761b395d559d314c6e870673c716b3a8

SHA1
da7834cd7276d70d1cfafc2ecfa539ed287fa07e

SHA256
55cddb4fee4337b35c0255d43b06c7fecbf0b7b5269b76fd853db0fadcc332c4

SHA512
26c54423a1c03c0f01a61014a66afc1c432dce597dfae30dd3fee93486e59a6172cdb882b8c8c51712143a302704aef65997268f9cc803c1fd89e5971acfe57a

Download Submit
C:\Windows\system\QPZlRdV.exe

Filesize
6.0MB

MD5
c26851da213b98b871158bfb94ba39e2

SHA1
7a38d7b02d181acfdfd70f93087445ff304216b5

SHA256
f0f76dfc701f9efea265f9ed2e5b20fe089b0f4c7f30602ef815254a4ad55f9d

SHA512
e221d4693203ee904214c9167b0d94edf9784634b8eeb481de78787ef7f5779c24d3aaef0f80603a74acc77d9457614a5ab74317f701b47d32e4f55285c4e841

Download Submit
C:\Windows\system\SBcWyha.exe

Filesize
6.0MB

MD5
cc4d8ce35806f302156cdd519feea1ee

SHA1
9c4f0592964edac9d755786c54a4e85807f6f89e

SHA256
20eddcd26b34f862f75697c07dd5392e3b690f3e56a357afa39022b08c09c784

SHA512
df4600ff0797b4f6f168ea9acf73fad0089c80c918e544ee1bc0710742f900f4e0f8a9f46bc657b82e7ff63abfcf3e52f03e432d149de1d028f1e52854e37958

Download Submit
C:\Windows\system\SQXTpYV.exe

Filesize
6.0MB

MD5
762f5cf75fdc39dca74f3246a231a01c

SHA1
42ecb2827ded6d5f0c2e97fc92022fbe60ec0973

SHA256
6bfc462ced6c5610c634c791a638b774210f53c8acaee3995963fd80164cd9eb

SHA512
efaa018dc3d505e4e04c3a8333f934924934303b274f4736a3e57ceb16cb23a4501e9465805e29b007468b9c898e3555886d8d9dfb33d6e94481618a3e9ba0cb

Download Submit
C:\Windows\system\booRwow.exe

Filesize
6.0MB

MD5
329007a54b71a0377e6e82855b46fb80

SHA1
e1f4efdc0a40bc9e914a5b902829190679f5bb26

SHA256
af7f8e8cd8a4a69ec30c6a63579b11c6eee34ff90430784889e6f89b2a3b7bff

SHA512
4ffa142f3bb14a05f9c44424495b7a7958889c70060fbbfda962c78bc0a3e5fd87fa921ca288eebcf4f24540f66f3a36f604e581f5131502ce5bffc91c1df87f

Download Submit
C:\Windows\system\cQGmLYP.exe

Filesize
6.0MB

MD5
f50e1fa143c310864f3867bd7b4b46f9

SHA1
6819bfcedaad85bdadbbcf0675f14e7fe2d018a4

SHA256
ec7dcdb8e092d7b82e8f651054da1e73dae7bf21923bbc6f4b279a362d69ad46

SHA512
babad23fe6be9a67fc9f5d9351a0c2bb85fe99a90aa69ec6e3328f08b1b40678956f41b5d299a72402c510a09fe324addd5b911359a48a11e2fd8cc29c0550cb

Download Submit
C:\Windows\system\cpofHNT.exe

Filesize
6.0MB

MD5
5cd54fd9c5b08e30aa87342924490f63

SHA1
6d160e2caaf11f0d38af7a87a04bb95f1d93ef43

SHA256
5657065699523ea4325db46fdce06d18acecd210b73a79087e3ee62c3bec16ef

SHA512
3846bccaf20a154e1d492ce9d4b9118c2e70de397a140cbe5af1ac1ca26ba29303ae407dcb5aa7700dc8bf1e545c7446772122a459dc5aff4473f78edd94407f

Download Submit
C:\Windows\system\dcFxETu.exe

Filesize
6.0MB

MD5
ab0628447894df9199175289c0ca8598

SHA1
597d913be11ea25f6bca13bef9df4bfffe8c421a

SHA256
f0386b800de2d4e0af0105316d0a1e5a2a4e806784de1234d90a1fb866bf7092

SHA512
0c4ce637e73c7ff9c857af3ad01aa591b82379d0075038b1918c66c024bbbd0d248574f22520ad9d9b117c3eee7aa5b68278e8bbdbabf68db3c55a9911890070

Download Submit
C:\Windows\system\fgPNrdw.exe

Filesize
6.0MB

MD5
8b3da89699d96b9ae49b20dae0267d2e

SHA1
631de595484c40536dc213557e2e811e87de1bc1

SHA256
f58dc038cfaaafb5f2089dd90b4bfe3557f78fd809c5fbee4338967e73d0b901

SHA512
ba0396904784193636e3cdc7a7a0e2a3df3aa5b8a44cf80ab7e31c995581afd52f686185ffeffe8c624c2870a882d6e46a9f8914fc23975faeca97afd27fa7c8

Download Submit
C:\Windows\system\gbxXjah.exe

Filesize
6.0MB

MD5
14622fe76f527537d894a3d1ab4a0214

SHA1
7b05acb92322534dfb070e2f6db62817951bec62

SHA256
c972544a3a18e7a083e210b5ef502f8bace314ae3c183d0868191f0aa9cce0f8

SHA512
af23d4a754a921bc888b22708a6d736606704824ed918b6d2bd6f9ed7f52a86b9cc7e0944ef1f16085ac4b1ffdd7e04d406af67214764dd1b488c861e9b42121

Download Submit
C:\Windows\system\glpwlcv.exe

Filesize
6.0MB

MD5
4cbe1d354ad9ca10627415ba84177d68

SHA1
180b5f60c007fd2ed258fffc6d3c986fb5b558bd

SHA256
0b986477246221e3689aa23fac9ceb50f75fd10ab89281880bffb7105bd462eb

SHA512
3e3a2b46065977c03bf6af0d20dd0b78764e77885756ec8d1bbcfa79234c3a8389a0a289093b013fa9a534c7e0af4f0146f06f51e48155fa1efba79848ebb7ab

Download Submit
C:\Windows\system\kgsYBHw.exe

Filesize
6.0MB

MD5
96aa5291c532d3392daff74f51048573

SHA1
9450425831ad076553a4689cd1f2b1c5f719c291

SHA256
c0f6ee26124ba1ddd1d1f94f48f88120176be522f0e152d94d48ef7fcae5a7c2

SHA512
941a0ccc339965f701ff0958438888a6f8c1615ec1eb9c9f3ffb144ed3899520610da45f120316a7515f04ad574b2cac37ab0cd28bce2bb638b0d22f363e1df8

Download Submit
C:\Windows\system\lqWdYdk.exe

Filesize
6.0MB

MD5
db973cbbb0b2fd70cbd31790358535b2

SHA1
6afc7501324b85c794c6ca227d912f8b0c7858dd

SHA256
3ee96ea1469f02e5f5edb1af8e301dc0b5fa40c2b6641fa9e18527185a732254

SHA512
9323f9f7d21ef201416bd387bf63cabdf241f5ef85463ac7e73cd449af051930e49ca111c5551d59e40617deda474a44bc7a739816328e4a5b367c9656b7ec81

Download Submit
C:\Windows\system\mhwgVRf.exe

Filesize
6.0MB

MD5
12ca3e250e284e90ee4141effda70332

SHA1
ab2d534f7f12f5fc97ba21da4f4caeab7481ee9d

SHA256
bc74bd69f48e473fdb38c5aaef8cd1ae8553c1cdc736f3a19f7c2a9e754b17e4

SHA512
d56e4324f5005dc638de06a51331ceffbf3a5465c0749e451a27830dba5a67a4cafbf9f15f50b674410761d31667c311d9dda5b625fcd94d633375ffe06e4b00

Download Submit
C:\Windows\system\nJyLQmS.exe

Filesize
6.0MB

MD5
c60ee333d977f2d92beac5d6883e1aa3

SHA1
9d5f4ba177333142ac9e94d327a9d03302a178f8

SHA256
a76761e3219de76a6f747b7d9e3b3263c5bbff56679a37ac4725936a02a53348

SHA512
8480a3ec5812d0e3aa8a17807a0959078e3f45088cd772f921096460e6e8dabf36882688d5e3f8470a797194ee04d683acc37fe5561e5020792b2567c7cd2474

Download Submit
C:\Windows\system\qfQiiaP.exe

Filesize
6.0MB

MD5
d2fa7eaa34cc8f4f5ebf3e19ea5657ca

SHA1
5caeb6b5b628d146a7e87956ac06754feca2f20f

SHA256
18cb25f61e144d08e3343e54a4c1dde150baf082ca3cb2259cd96ab5ab09cb5f

SHA512
a70dbfad8f750071c8f62cff7228eb428b773d37cb0f0c5bd1204cab02829b534c3509de4ac835076d61759ddf06f1484c4e17e07c8e0126a8b48c4b49a0b6a3

Download Submit
C:\Windows\system\rbYmTTc.exe

Filesize
6.0MB

MD5
3fc2780007245c7eeee574b68bbd8292

SHA1
eb5df75771dbf98618dadd1916abf9f4fd04317a

SHA256
e8d1573d7be82c29bf099c67e9a950f92d1f8dc7ae54798929b3b2d278f8406f

SHA512
5d9cbd59a57faae17c22304ea7770c3c4ac9f50711709ddc56c9159b13a8bcf792e1ddadb0bd7443e88aaa42d29e6709741e030a95ce52ba1a012a09098ec618

Download Submit
C:\Windows\system\runuyHG.exe

Filesize
6.0MB

MD5
1d7f39bb9314c192ac0a2d4d34fdd19b

SHA1
4d841ab96c31fa52a27982d1754d78a48e7bc77e

SHA256
d9f14528e649cc4fd1bf7b9ee6c6f98614156eb45d0f767a866723ba8ae6feac

SHA512
746b8bd2596cbe0b5948c9fd978fc0648f4cd00d276bf2422be1e2cc9c4e3c2b1637c74b80add6374e9f6839888648dae796b291f8193f0ac45a592ebb687e53

Download Submit
C:\Windows\system\tAIENbG.exe

Filesize
6.0MB

MD5
4ced46114db344f0f138128438c3ad2b

SHA1
5002ff11e531b242b16dcb8e9c441ea7afdfa162

SHA256
7732ea4974cb135e400338f53ef38bc1209016933eaab2e11bd2e69f23a81047

SHA512
c4a0cf4bae74e55118f85032b89fe9dabc0e62366d30ed8a23a5944256c09a4717de9ec228e3bd370ef55c2236346e3081d0b7e8e7482854d0375ad6fc14a65d

Download Submit
\Windows\system\XgcXJCW.exe

Filesize
6.0MB

MD5
5dd3507162b2f5b804952f4810289bf0

SHA1
524ec71c1550713f3163c77e0dc34ffbfee03c55

SHA256
7ec52a8d1c3ee75ae1845203ff291812d750897f950a9a9e75b2f4d12ed3d8ae

SHA512
81ea8e0028529548e175fc51f9396ef7fb4ec611a822b83ac2bc112551bb803ccf2a8f67d1e3624db0289be82192901c9032b93be5b6cf4f8af05dbb20d27d5d

Download Submit
\Windows\system\ZBZKhlr.exe

Filesize
6.0MB

MD5
920ebcadae84a9222143d70ffe851865

SHA1
4d5e97a18aa0062ba2eb5120ab6478f4b116bcf7

SHA256
5ef19ac33ba2b7305888c78a9c8fc7c5e42a3b58f5068c35c0e72501ce9de8fc

SHA512
7275d3c2ccd2fcbdd25d546612e1ab483c73c78a95cfeb92912edaf4ceaa48b5742b1c64471e2a2b5a609393cac5616ea01b154cb1b97d440a687ca742423f0c

Download Submit
\Windows\system\aTVfbFM.exe

Filesize
6.0MB

MD5
b5649e26711589175f402a8f2c359e93

SHA1
10ca5fdadc3205e3a9c3a902d1447419a48d6bab

SHA256
c6f1930c322cef4018441e44aea2970ec3542c5750f8f2e5b4e1be0e4fc4f373

SHA512
a8620a4f8c0ed0e56094b2b2e611eb0e9f2f56225ad858fff93542b13e65382d813780dcef397a8892d5017fe3b4aadfbed9c23c1d6c4611369ef186d2f12652

Download Submit
\Windows\system\fNhjuIK.exe

Filesize
6.0MB

MD5
18a7fc316fa52b1896c346e0cc8f1564

SHA1
bb9e5305138be5ea2d876f3898db54abf59a4387

SHA256
6e377872790e473fef4af270c3f5a8243bffaf2a3c06fec31cf40bed13052430

SHA512
589a5eaf9df738efb43ca20e3c2ae58e01e78c9b3fff614e8a94d2af60b826201294df9c6f0ebffa51411e89e04dd31473938247f74c7b0b9c81659da2533182

Download Submit
\Windows\system\mfWEFdu.exe

Filesize
6.0MB

MD5
f5734d51b6d95b0ebad19fe2af7351ca

SHA1
32d723a98cc4128d2ff33f0a4e3df9f0cdc70789

SHA256
848286d86522f99a4a600a5e92fc6cc6747b7599f114c69e063b6a40da3d40c2

SHA512
1f8071e410f987294c89daf5d5e79a0faa47e0d9a48dc089b8254926009d03f0399b668449812a49ee758ab668c635c3691cc029dfd3f5271b2655059e091e4d

Download Submit
memory/1432-106-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1432-3840-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1432-976-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1960-46-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1960-3701-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1960-13-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1988-17-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-3673-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-52-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-3693-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-29-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-3754-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2352-44-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2384-97-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-813-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-3922-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-20-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3706-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-59-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-0-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2592-340-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2592-15-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2592-876-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2592-47-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2592-37-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2592-717-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-78-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2592-31-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2592-111-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2592-110-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2592-1078-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2592-23-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2592-85-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2592-55-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2592-63-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-103-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2592-92-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2592-18-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-101-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-51-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2592-40-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2592-70-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2592-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2592-93-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3906-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2632-81-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2632-422-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2704-88-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2704-611-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3827-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2776-249-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2776-74-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3816-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2788-53-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2788-4981-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2836-60-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2836-96-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3803-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2976-105-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-3869-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-66-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-35-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2988-3768-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2988-73-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download