cobaltstrike | 8c2521f30ed01cede00ed649e90245ef895767250e6b14b66b6e3f017589fb74

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 04:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a68dbf185003426939d8a825f78ed051
SHA1

62df385993ee3f9056bc7efa55b0bf7868f0b9f4
SHA256

8c2521f30ed01cede00ed649e90245ef895767250e6b14b66b6e3f017589fb74
SHA512

6ee7c6c04d9e0a0984d34c44561e1bc0834bc3ee38e5207918f4fa8d3866ebcf6870193c6930b771ed0136de726e085c0d327aa75e8aa8bbbbbf6a8388e9239d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUM:T+q56utgpPF8u/7M

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x00080000000120ff-6.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000192f0-8.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001932a-15.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001933e-25.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019346-30.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019384-37.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000193af-43.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194f6-49.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019503-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-73.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c50-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8b-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a061-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f4e-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f4a-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c68-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a08a-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a04e-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cbf-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c66-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019aec-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019aee-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019aea-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197c1-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019589-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953a-77.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019228-62.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019501-57.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/1260-0-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/files/0x00080000000120ff-6.dat	xmrig
behavioral1/files/0x00070000000192f0-8.dat	xmrig
behavioral1/files/0x000600000001932a-15.dat	xmrig
behavioral1/memory/1984-21-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2516-20-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2012-19-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x000600000001933e-25.dat	xmrig
behavioral1/memory/2288-29-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x0006000000019346-30.dat	xmrig
behavioral1/memory/2816-36-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/files/0x0006000000019384-37.dat	xmrig
behavioral1/files/0x00080000000193af-43.dat	xmrig
behavioral1/files/0x00060000000194f6-49.dat	xmrig
behavioral1/memory/2864-42-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/files/0x0005000000019503-66.dat	xmrig
behavioral1/files/0x0005000000019515-73.dat	xmrig
behavioral1/files/0x000500000001961b-92.dat	xmrig
behavioral1/files/0x0005000000019c50-130.dat	xmrig
behavioral1/files/0x0005000000019d8b-150.dat	xmrig
behavioral1/files/0x000500000001a061-169.dat	xmrig
behavioral1/memory/2844-513-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2916-515-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/1260-512-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2640-510-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2288-947-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2864-2061-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2288-4019-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2012-4001-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/1984-3990-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2516-3996-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2844-4034-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2716-4037-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2864-4038-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2640-4042-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2608-4041-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2624-4040-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2712-4039-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2652-4036-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2916-4035-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2816-1831-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2716-508-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2624-443-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2608-506-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2652-464-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2712-387-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f4e-163.dat	xmrig
behavioral1/files/0x0005000000019f4a-158.dat	xmrig
behavioral1/files/0x0005000000019c68-142.dat	xmrig
behavioral1/files/0x000500000001a08a-172.dat	xmrig
behavioral1/files/0x000500000001a04e-166.dat	xmrig
behavioral1/files/0x0005000000019cbf-146.dat	xmrig
behavioral1/files/0x0005000000019c66-137.dat	xmrig
behavioral1/files/0x0005000000019aec-123.dat	xmrig
behavioral1/files/0x0005000000019aee-127.dat	xmrig
behavioral1/files/0x0005000000019aea-117.dat	xmrig
behavioral1/files/0x00050000000197c1-112.dat	xmrig
behavioral1/files/0x0005000000019625-107.dat	xmrig
behavioral1/files/0x0005000000019624-103.dat	xmrig
behavioral1/files/0x000500000001961f-97.dat	xmrig
behavioral1/files/0x0005000000019589-87.dat	xmrig
behavioral1/files/0x000500000001957c-82.dat	xmrig
behavioral1/files/0x000500000001953a-77.dat	xmrig
behavioral1/files/0x0008000000019228-62.dat	xmrig

Executes dropped EXE 64 IoCs

Processes:

BZySWNH.exemyWJjwL.exeqquiptg.exeplyDinm.exevwBECBn.exeStVBbYf.exeqxAsqZZ.exexrGeyfH.exeYHKFMvP.exeALOSOCG.exeYqVhXml.exeMuSaiBY.exeXLnRTPR.exewxpBaqm.exevRZSDdz.exeWGsRbhk.exentQbVJI.exeoTwcdFV.exeiMDqRkS.exeUcIUtGQ.exenWAjefx.exeQWDBeHU.exemSHJuQC.exeIwSegRu.exeAsOnnSC.exeOvHrdtT.exeJyitCVH.exeTSnqaRr.exeoNqWZqH.exeOvUIvpR.exeKgpwYcl.exeDnUzjCX.exeFnkWthS.exeIuDDSwf.exeVUwVWCO.exeIJCtucC.exedkkxAUI.exeOpLttww.exeDMcZPdq.exeDszrciG.exevlYKOkI.exefJkvuQH.exeDNGNHhA.exePqibUdW.exezQUhjog.exeFJYrrLz.exeWfvEsuA.exeGAhrihK.exeRWAHFnT.exeGyVHaQu.exendJdTjK.exeUaJGped.exevbGSXxt.exeecbVXej.exedDIjyJa.exeKTPtmtz.exeRAbeCIV.exeDKiXHGQ.exepvjFRiK.exePOJGjvf.exeSsktlSR.exeXfQDVZx.exehdyuKOy.exeBRtbNgi.exe

pid	Process
1984	BZySWNH.exe
2012	myWJjwL.exe
2516	qquiptg.exe
2288	plyDinm.exe
2816	vwBECBn.exe
2864	StVBbYf.exe
2844	qxAsqZZ.exe
2712	xrGeyfH.exe
2916	YHKFMvP.exe
2624	ALOSOCG.exe
2652	YqVhXml.exe
2608	MuSaiBY.exe
2716	XLnRTPR.exe
2640	wxpBaqm.exe
1788	vRZSDdz.exe
1424	WGsRbhk.exe
748	ntQbVJI.exe
676	oTwcdFV.exe
1244	iMDqRkS.exe
756	UcIUtGQ.exe
1688	nWAjefx.exe
2092	QWDBeHU.exe
2144	mSHJuQC.exe
1776	IwSegRu.exe
2896	AsOnnSC.exe
2168	OvHrdtT.exe
1676	JyitCVH.exe
2784	TSnqaRr.exe
1500	oNqWZqH.exe
2424	OvUIvpR.exe
2580	KgpwYcl.exe
1600	DnUzjCX.exe
816	FnkWthS.exe
1532	IuDDSwf.exe
1924	VUwVWCO.exe
324	IJCtucC.exe
2556	dkkxAUI.exe
912	OpLttww.exe
1060	DMcZPdq.exe
3024	DszrciG.exe
1648	vlYKOkI.exe
2808	fJkvuQH.exe
1940	DNGNHhA.exe
2156	PqibUdW.exe
888	zQUhjog.exe
2444	FJYrrLz.exe
2076	WfvEsuA.exe
1636	GAhrihK.exe
2188	RWAHFnT.exe
2160	GyVHaQu.exe
1740	ndJdTjK.exe
1232	UaJGped.exe
1944	vbGSXxt.exe
1588	ecbVXej.exe
2548	dDIjyJa.exe
1968	KTPtmtz.exe
1712	RAbeCIV.exe
2800	DKiXHGQ.exe
2760	pvjFRiK.exe
1964	POJGjvf.exe
2260	SsktlSR.exe
564	XfQDVZx.exe
2972	hdyuKOy.exe
1420	BRtbNgi.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1260-0-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/files/0x00080000000120ff-6.dat	upx
behavioral1/files/0x00070000000192f0-8.dat	upx
behavioral1/files/0x000600000001932a-15.dat	upx
behavioral1/memory/1984-21-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2516-20-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2012-19-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x000600000001933e-25.dat	upx
behavioral1/memory/2288-29-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x0006000000019346-30.dat	upx
behavioral1/memory/2816-36-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/files/0x0006000000019384-37.dat	upx
behavioral1/files/0x00080000000193af-43.dat	upx
behavioral1/files/0x00060000000194f6-49.dat	upx
behavioral1/memory/2864-42-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/files/0x0005000000019503-66.dat	upx
behavioral1/files/0x0005000000019515-73.dat	upx
behavioral1/files/0x000500000001961b-92.dat	upx
behavioral1/files/0x0005000000019c50-130.dat	upx
behavioral1/files/0x0005000000019d8b-150.dat	upx
behavioral1/files/0x000500000001a061-169.dat	upx
behavioral1/memory/2844-513-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2916-515-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/1260-512-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2640-510-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2288-947-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2864-2061-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2288-4019-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2012-4001-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/1984-3990-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2516-3996-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2844-4034-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2716-4037-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2864-4038-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2640-4042-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2608-4041-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2624-4040-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2712-4039-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2652-4036-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2916-4035-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2816-1831-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2716-508-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2624-443-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2608-506-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2652-464-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2712-387-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x0005000000019f4e-163.dat	upx
behavioral1/files/0x0005000000019f4a-158.dat	upx
behavioral1/files/0x0005000000019c68-142.dat	upx
behavioral1/files/0x000500000001a08a-172.dat	upx
behavioral1/files/0x000500000001a04e-166.dat	upx
behavioral1/files/0x0005000000019cbf-146.dat	upx
behavioral1/files/0x0005000000019c66-137.dat	upx
behavioral1/files/0x0005000000019aec-123.dat	upx
behavioral1/files/0x0005000000019aee-127.dat	upx
behavioral1/files/0x0005000000019aea-117.dat	upx
behavioral1/files/0x00050000000197c1-112.dat	upx
behavioral1/files/0x0005000000019625-107.dat	upx
behavioral1/files/0x0005000000019624-103.dat	upx
behavioral1/files/0x000500000001961f-97.dat	upx
behavioral1/files/0x0005000000019589-87.dat	upx
behavioral1/files/0x000500000001957c-82.dat	upx
behavioral1/files/0x000500000001953a-77.dat	upx
behavioral1/files/0x0008000000019228-62.dat	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\xrGeyfH.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mTttxFq.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LQHvEXe.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBeLimy.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqSKEOd.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNbzFMm.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\myWJjwL.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntQbVJI.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MomNBnE.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\otkwKvZ.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpZUVAD.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QhdCrUw.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUIVUQn.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RhUCFdy.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BRjkUtj.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZRjaERR.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HUKyuvn.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BMOnDxS.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zUahUwG.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hvedViy.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVakrNO.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pFCNtaG.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OQCGdEg.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LkrFHLB.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ICVAYxw.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bFbqeXP.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpTMqgI.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PtuYoKy.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZANhFA.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XlCdcGt.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxpBaqm.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XlJhDQW.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\avFDxWM.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RBizmCj.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iEzoSfU.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gSlRQcH.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdNKQss.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MdBvhXQ.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ocrDuWm.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dkDZiKK.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LfNNBRc.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eSXbciR.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UDLAcRg.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zFdRXsZ.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TZkaUpj.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SAtWyMP.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGEvlZC.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CpTkkaS.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nvVpCNt.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KeRPdrg.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LoecBEa.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SkzmjPx.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RTRhTpn.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjeyCex.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gqHLEcX.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UUpSNar.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFaOxvM.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MXeiuoT.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iucUvsJ.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VJJvaoU.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxCyiwr.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BCVpdhe.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VTaEUas.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AagLzYa.exe	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 1260 wrote to memory of 1984	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1260 wrote to memory of 1984	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1260 wrote to memory of 1984	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1260 wrote to memory of 2516	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1260 wrote to memory of 2516	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1260 wrote to memory of 2516	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1260 wrote to memory of 2012	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1260 wrote to memory of 2012	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1260 wrote to memory of 2012	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1260 wrote to memory of 2288	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1260 wrote to memory of 2288	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1260 wrote to memory of 2288	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1260 wrote to memory of 2816	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1260 wrote to memory of 2816	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1260 wrote to memory of 2816	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1260 wrote to memory of 2864	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1260 wrote to memory of 2864	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1260 wrote to memory of 2864	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1260 wrote to memory of 2844	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1260 wrote to memory of 2844	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1260 wrote to memory of 2844	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1260 wrote to memory of 2712	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1260 wrote to memory of 2712	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1260 wrote to memory of 2712	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1260 wrote to memory of 2916	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1260 wrote to memory of 2916	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1260 wrote to memory of 2916	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1260 wrote to memory of 2624	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1260 wrote to memory of 2624	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1260 wrote to memory of 2624	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1260 wrote to memory of 2652	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1260 wrote to memory of 2652	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1260 wrote to memory of 2652	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1260 wrote to memory of 2608	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1260 wrote to memory of 2608	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1260 wrote to memory of 2608	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1260 wrote to memory of 2716	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1260 wrote to memory of 2716	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1260 wrote to memory of 2716	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1260 wrote to memory of 2640	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1260 wrote to memory of 2640	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1260 wrote to memory of 2640	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1260 wrote to memory of 1788	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1260 wrote to memory of 1788	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1260 wrote to memory of 1788	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1260 wrote to memory of 1424	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1260 wrote to memory of 1424	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1260 wrote to memory of 1424	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1260 wrote to memory of 748	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1260 wrote to memory of 748	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1260 wrote to memory of 748	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1260 wrote to memory of 676	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1260 wrote to memory of 676	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1260 wrote to memory of 676	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1260 wrote to memory of 1244	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1260 wrote to memory of 1244	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1260 wrote to memory of 1244	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1260 wrote to memory of 756	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1260 wrote to memory of 756	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1260 wrote to memory of 756	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1260 wrote to memory of 1688	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1260 wrote to memory of 1688	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1260 wrote to memory of 1688	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1260 wrote to memory of 2092	1260	2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-23_a68dbf185003426939d8a825f78ed051_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Windows\System\BZySWNH.exe
  C:\Windows\System\BZySWNH.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\qquiptg.exe
  C:\Windows\System\qquiptg.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\myWJjwL.exe
  C:\Windows\System\myWJjwL.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\plyDinm.exe
  C:\Windows\System\plyDinm.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\vwBECBn.exe
  C:\Windows\System\vwBECBn.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\StVBbYf.exe
  C:\Windows\System\StVBbYf.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\qxAsqZZ.exe
  C:\Windows\System\qxAsqZZ.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\xrGeyfH.exe
  C:\Windows\System\xrGeyfH.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\YHKFMvP.exe
  C:\Windows\System\YHKFMvP.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\ALOSOCG.exe
  C:\Windows\System\ALOSOCG.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\YqVhXml.exe
  C:\Windows\System\YqVhXml.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\MuSaiBY.exe
  C:\Windows\System\MuSaiBY.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\XLnRTPR.exe
  C:\Windows\System\XLnRTPR.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\wxpBaqm.exe
  C:\Windows\System\wxpBaqm.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\vRZSDdz.exe
  C:\Windows\System\vRZSDdz.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\WGsRbhk.exe
  C:\Windows\System\WGsRbhk.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\ntQbVJI.exe
  C:\Windows\System\ntQbVJI.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\oTwcdFV.exe
  C:\Windows\System\oTwcdFV.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\iMDqRkS.exe
  C:\Windows\System\iMDqRkS.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\UcIUtGQ.exe
  C:\Windows\System\UcIUtGQ.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\nWAjefx.exe
  C:\Windows\System\nWAjefx.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\QWDBeHU.exe
  C:\Windows\System\QWDBeHU.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\mSHJuQC.exe
  C:\Windows\System\mSHJuQC.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\IwSegRu.exe
  C:\Windows\System\IwSegRu.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\AsOnnSC.exe
  C:\Windows\System\AsOnnSC.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\OvHrdtT.exe
  C:\Windows\System\OvHrdtT.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\JyitCVH.exe
  C:\Windows\System\JyitCVH.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\TSnqaRr.exe
  C:\Windows\System\TSnqaRr.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\oNqWZqH.exe
  C:\Windows\System\oNqWZqH.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\OvUIvpR.exe
  C:\Windows\System\OvUIvpR.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\KgpwYcl.exe
  C:\Windows\System\KgpwYcl.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\VUwVWCO.exe
  C:\Windows\System\VUwVWCO.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\DnUzjCX.exe
  C:\Windows\System\DnUzjCX.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\dkkxAUI.exe
  C:\Windows\System\dkkxAUI.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\FnkWthS.exe
  C:\Windows\System\FnkWthS.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\DMcZPdq.exe
  C:\Windows\System\DMcZPdq.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\IuDDSwf.exe
  C:\Windows\System\IuDDSwf.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\DszrciG.exe
  C:\Windows\System\DszrciG.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\IJCtucC.exe
  C:\Windows\System\IJCtucC.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\vlYKOkI.exe
  C:\Windows\System\vlYKOkI.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\OpLttww.exe
  C:\Windows\System\OpLttww.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\DNGNHhA.exe
  C:\Windows\System\DNGNHhA.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\fJkvuQH.exe
  C:\Windows\System\fJkvuQH.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\PqibUdW.exe
  C:\Windows\System\PqibUdW.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\zQUhjog.exe
  C:\Windows\System\zQUhjog.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\FJYrrLz.exe
  C:\Windows\System\FJYrrLz.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\WfvEsuA.exe
  C:\Windows\System\WfvEsuA.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\GAhrihK.exe
  C:\Windows\System\GAhrihK.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\RWAHFnT.exe
  C:\Windows\System\RWAHFnT.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\ndJdTjK.exe
  C:\Windows\System\ndJdTjK.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\GyVHaQu.exe
  C:\Windows\System\GyVHaQu.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\vbGSXxt.exe
  C:\Windows\System\vbGSXxt.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\UaJGped.exe
  C:\Windows\System\UaJGped.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\ecbVXej.exe
  C:\Windows\System\ecbVXej.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\dDIjyJa.exe
  C:\Windows\System\dDIjyJa.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\KTPtmtz.exe
  C:\Windows\System\KTPtmtz.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\RAbeCIV.exe
  C:\Windows\System\RAbeCIV.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\POJGjvf.exe
  C:\Windows\System\POJGjvf.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\DKiXHGQ.exe
  C:\Windows\System\DKiXHGQ.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\hdyuKOy.exe
  C:\Windows\System\hdyuKOy.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\pvjFRiK.exe
  C:\Windows\System\pvjFRiK.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\ogGfQRi.exe
  C:\Windows\System\ogGfQRi.exe
  2⤵
  PID:2648
- C:\Windows\System\SsktlSR.exe
  C:\Windows\System\SsktlSR.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\EkXzEWA.exe
  C:\Windows\System\EkXzEWA.exe
  2⤵
  PID:660
- C:\Windows\System\XfQDVZx.exe
  C:\Windows\System\XfQDVZx.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\dPJauky.exe
  C:\Windows\System\dPJauky.exe
  2⤵
  PID:1816
- C:\Windows\System\BRtbNgi.exe
  C:\Windows\System\BRtbNgi.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\fJUxQIu.exe
  C:\Windows\System\fJUxQIu.exe
  2⤵
  PID:1252
- C:\Windows\System\GWkrEdN.exe
  C:\Windows\System\GWkrEdN.exe
  2⤵
  PID:2100
- C:\Windows\System\vFubaHs.exe
  C:\Windows\System\vFubaHs.exe
  2⤵
  PID:2328
- C:\Windows\System\OOkjVzY.exe
  C:\Windows\System\OOkjVzY.exe
  2⤵
  PID:968
- C:\Windows\System\knITDGR.exe
  C:\Windows\System\knITDGR.exe
  2⤵
  PID:1772
- C:\Windows\System\XlJhDQW.exe
  C:\Windows\System\XlJhDQW.exe
  2⤵
  PID:1720
- C:\Windows\System\zPzEnWv.exe
  C:\Windows\System\zPzEnWv.exe
  2⤵
  PID:1804
- C:\Windows\System\mFNPgEl.exe
  C:\Windows\System\mFNPgEl.exe
  2⤵
  PID:3036
- C:\Windows\System\mTttxFq.exe
  C:\Windows\System\mTttxFq.exe
  2⤵
  PID:1800
- C:\Windows\System\sUVMvcl.exe
  C:\Windows\System\sUVMvcl.exe
  2⤵
  PID:2200
- C:\Windows\System\STNwFPE.exe
  C:\Windows\System\STNwFPE.exe
  2⤵
  PID:1664
- C:\Windows\System\eEvOtPa.exe
  C:\Windows\System\eEvOtPa.exe
  2⤵
  PID:1828
- C:\Windows\System\nIJRZMC.exe
  C:\Windows\System\nIJRZMC.exe
  2⤵
  PID:3032
- C:\Windows\System\oNbzFMm.exe
  C:\Windows\System\oNbzFMm.exe
  2⤵
  PID:680
- C:\Windows\System\MnrnWgi.exe
  C:\Windows\System\MnrnWgi.exe
  2⤵
  PID:868
- C:\Windows\System\FkwidUx.exe
  C:\Windows\System\FkwidUx.exe
  2⤵
  PID:2256
- C:\Windows\System\ztmAjcS.exe
  C:\Windows\System\ztmAjcS.exe
  2⤵
  PID:1572
- C:\Windows\System\HpeBYAI.exe
  C:\Windows\System\HpeBYAI.exe
  2⤵
  PID:1028
- C:\Windows\System\EsmdDBq.exe
  C:\Windows\System\EsmdDBq.exe
  2⤵
  PID:2528
- C:\Windows\System\LmZUopq.exe
  C:\Windows\System\LmZUopq.exe
  2⤵
  PID:1580
- C:\Windows\System\BLHfJXW.exe
  C:\Windows\System\BLHfJXW.exe
  2⤵
  PID:1584
- C:\Windows\System\PljTBjD.exe
  C:\Windows\System\PljTBjD.exe
  2⤵
  PID:2592
- C:\Windows\System\oyFuHpY.exe
  C:\Windows\System\oyFuHpY.exe
  2⤵
  PID:2420
- C:\Windows\System\ugfIlqv.exe
  C:\Windows\System\ugfIlqv.exe
  2⤵
  PID:2724
- C:\Windows\System\inodsNx.exe
  C:\Windows\System\inodsNx.exe
  2⤵
  PID:396
- C:\Windows\System\AwRdyOZ.exe
  C:\Windows\System\AwRdyOZ.exe
  2⤵
  PID:1932
- C:\Windows\System\cFwLtFE.exe
  C:\Windows\System\cFwLtFE.exe
  2⤵
  PID:2028
- C:\Windows\System\xpITHVg.exe
  C:\Windows\System\xpITHVg.exe
  2⤵
  PID:576
- C:\Windows\System\fkcvrPm.exe
  C:\Windows\System\fkcvrPm.exe
  2⤵
  PID:1596
- C:\Windows\System\hsrVDhT.exe
  C:\Windows\System\hsrVDhT.exe
  2⤵
  PID:1768
- C:\Windows\System\atRKXfd.exe
  C:\Windows\System\atRKXfd.exe
  2⤵
  PID:2388
- C:\Windows\System\dZxipUX.exe
  C:\Windows\System\dZxipUX.exe
  2⤵
  PID:1248
- C:\Windows\System\tDYYvdx.exe
  C:\Windows\System\tDYYvdx.exe
  2⤵
  PID:2428
- C:\Windows\System\TauuxuC.exe
  C:\Windows\System\TauuxuC.exe
  2⤵
  PID:1632
- C:\Windows\System\BCVpdhe.exe
  C:\Windows\System\BCVpdhe.exe
  2⤵
  PID:2448
- C:\Windows\System\rflPsbd.exe
  C:\Windows\System\rflPsbd.exe
  2⤵
  PID:2152
- C:\Windows\System\QBoAtMc.exe
  C:\Windows\System\QBoAtMc.exe
  2⤵
  PID:2452
- C:\Windows\System\Pnsrzvo.exe
  C:\Windows\System\Pnsrzvo.exe
  2⤵
  PID:2272
- C:\Windows\System\eSXbciR.exe
  C:\Windows\System\eSXbciR.exe
  2⤵
  PID:2296
- C:\Windows\System\NtUBhMp.exe
  C:\Windows\System\NtUBhMp.exe
  2⤵
  PID:2584
- C:\Windows\System\cBLEGWw.exe
  C:\Windows\System\cBLEGWw.exe
  2⤵
  PID:2660
- C:\Windows\System\HoptLVP.exe
  C:\Windows\System\HoptLVP.exe
  2⤵
  PID:760
- C:\Windows\System\hEAZFlx.exe
  C:\Windows\System\hEAZFlx.exe
  2⤵
  PID:1992
- C:\Windows\System\PIOYbDp.exe
  C:\Windows\System\PIOYbDp.exe
  2⤵
  PID:2836
- C:\Windows\System\aXOWAjE.exe
  C:\Windows\System\aXOWAjE.exe
  2⤵
  PID:2316
- C:\Windows\System\LIdEPAD.exe
  C:\Windows\System\LIdEPAD.exe
  2⤵
  PID:272
- C:\Windows\System\lQfyXNN.exe
  C:\Windows\System\lQfyXNN.exe
  2⤵
  PID:1564
- C:\Windows\System\aWEFmxE.exe
  C:\Windows\System\aWEFmxE.exe
  2⤵
  PID:3092
- C:\Windows\System\HeJnXiF.exe
  C:\Windows\System\HeJnXiF.exe
  2⤵
  PID:3108
- C:\Windows\System\PDWofym.exe
  C:\Windows\System\PDWofym.exe
  2⤵
  PID:3132
- C:\Windows\System\bLfKqDe.exe
  C:\Windows\System\bLfKqDe.exe
  2⤵
  PID:3156
- C:\Windows\System\IwVVDoa.exe
  C:\Windows\System\IwVVDoa.exe
  2⤵
  PID:3172
- C:\Windows\System\QRLbSIy.exe
  C:\Windows\System\QRLbSIy.exe
  2⤵
  PID:3188
- C:\Windows\System\nOHxrPW.exe
  C:\Windows\System\nOHxrPW.exe
  2⤵
  PID:3204
- C:\Windows\System\JubZSNF.exe
  C:\Windows\System\JubZSNF.exe
  2⤵
  PID:3228
- C:\Windows\System\zqHyXOl.exe
  C:\Windows\System\zqHyXOl.exe
  2⤵
  PID:3244
- C:\Windows\System\WOKMsDt.exe
  C:\Windows\System\WOKMsDt.exe
  2⤵
  PID:3264
- C:\Windows\System\eBURMiP.exe
  C:\Windows\System\eBURMiP.exe
  2⤵
  PID:3288
- C:\Windows\System\INJlVGV.exe
  C:\Windows\System\INJlVGV.exe
  2⤵
  PID:3308
- C:\Windows\System\GgpwOqq.exe
  C:\Windows\System\GgpwOqq.exe
  2⤵
  PID:3324
- C:\Windows\System\uVXJxCI.exe
  C:\Windows\System\uVXJxCI.exe
  2⤵
  PID:3340
- C:\Windows\System\RyIZqXL.exe
  C:\Windows\System\RyIZqXL.exe
  2⤵
  PID:3356
- C:\Windows\System\LnMxgUe.exe
  C:\Windows\System\LnMxgUe.exe
  2⤵
  PID:3372
- C:\Windows\System\KrgkxwG.exe
  C:\Windows\System\KrgkxwG.exe
  2⤵
  PID:3392
- C:\Windows\System\amMymcW.exe
  C:\Windows\System\amMymcW.exe
  2⤵
  PID:3408
- C:\Windows\System\vSGmoNh.exe
  C:\Windows\System\vSGmoNh.exe
  2⤵
  PID:3424
- C:\Windows\System\tlZWcFu.exe
  C:\Windows\System\tlZWcFu.exe
  2⤵
  PID:3444
- C:\Windows\System\IMqsXbD.exe
  C:\Windows\System\IMqsXbD.exe
  2⤵
  PID:3464
- C:\Windows\System\avFDxWM.exe
  C:\Windows\System\avFDxWM.exe
  2⤵
  PID:3516
- C:\Windows\System\XPNthFy.exe
  C:\Windows\System\XPNthFy.exe
  2⤵
  PID:3532
- C:\Windows\System\ulwOFGa.exe
  C:\Windows\System\ulwOFGa.exe
  2⤵
  PID:3548
- C:\Windows\System\EOBpLdo.exe
  C:\Windows\System\EOBpLdo.exe
  2⤵
  PID:3564
- C:\Windows\System\ymdJPIE.exe
  C:\Windows\System\ymdJPIE.exe
  2⤵
  PID:3584
- C:\Windows\System\SbYmlhW.exe
  C:\Windows\System\SbYmlhW.exe
  2⤵
  PID:3600
- C:\Windows\System\ciIhbiC.exe
  C:\Windows\System\ciIhbiC.exe
  2⤵
  PID:3616
- C:\Windows\System\rofPJTZ.exe
  C:\Windows\System\rofPJTZ.exe
  2⤵
  PID:3632
- C:\Windows\System\XFaHwEq.exe
  C:\Windows\System\XFaHwEq.exe
  2⤵
  PID:3652
- C:\Windows\System\qaxpoMQ.exe
  C:\Windows\System\qaxpoMQ.exe
  2⤵
  PID:3668
- C:\Windows\System\sFvOsDo.exe
  C:\Windows\System\sFvOsDo.exe
  2⤵
  PID:3684
- C:\Windows\System\SrFZXaG.exe
  C:\Windows\System\SrFZXaG.exe
  2⤵
  PID:3704
- C:\Windows\System\HuCKZAB.exe
  C:\Windows\System\HuCKZAB.exe
  2⤵
  PID:3880
- C:\Windows\System\SMPLKLi.exe
  C:\Windows\System\SMPLKLi.exe
  2⤵
  PID:3900
- C:\Windows\System\tqvcbir.exe
  C:\Windows\System\tqvcbir.exe
  2⤵
  PID:3916
- C:\Windows\System\YMGCRVC.exe
  C:\Windows\System\YMGCRVC.exe
  2⤵
  PID:3936
- C:\Windows\System\oRtXbXk.exe
  C:\Windows\System\oRtXbXk.exe
  2⤵
  PID:3960
- C:\Windows\System\wLewhHI.exe
  C:\Windows\System\wLewhHI.exe
  2⤵
  PID:3976
- C:\Windows\System\xwvBmxG.exe
  C:\Windows\System\xwvBmxG.exe
  2⤵
  PID:3996
- C:\Windows\System\HNIPZoe.exe
  C:\Windows\System\HNIPZoe.exe
  2⤵
  PID:4012
- C:\Windows\System\OQCGdEg.exe
  C:\Windows\System\OQCGdEg.exe
  2⤵
  PID:4028
- C:\Windows\System\HWkDEKt.exe
  C:\Windows\System\HWkDEKt.exe
  2⤵
  PID:4048
- C:\Windows\System\WONwOkY.exe
  C:\Windows\System\WONwOkY.exe
  2⤵
  PID:4068
- C:\Windows\System\BkiYGgr.exe
  C:\Windows\System\BkiYGgr.exe
  2⤵
  PID:4088
- C:\Windows\System\UzEhipD.exe
  C:\Windows\System\UzEhipD.exe
  2⤵
  PID:1268
- C:\Windows\System\MBYcqnD.exe
  C:\Windows\System\MBYcqnD.exe
  2⤵
  PID:2644
- C:\Windows\System\lQPLcbw.exe
  C:\Windows\System\lQPLcbw.exe
  2⤵
  PID:528
- C:\Windows\System\UGqNAlP.exe
  C:\Windows\System\UGqNAlP.exe
  2⤵
  PID:3148
- C:\Windows\System\xfBeCgH.exe
  C:\Windows\System\xfBeCgH.exe
  2⤵
  PID:3180
- C:\Windows\System\IgoJpdU.exe
  C:\Windows\System\IgoJpdU.exe
  2⤵
  PID:3220
- C:\Windows\System\PEelRWl.exe
  C:\Windows\System\PEelRWl.exe
  2⤵
  PID:1044
- C:\Windows\System\faKuaFY.exe
  C:\Windows\System\faKuaFY.exe
  2⤵
  PID:3260
- C:\Windows\System\gYgHCMH.exe
  C:\Windows\System\gYgHCMH.exe
  2⤵
  PID:3004
- C:\Windows\System\uicXpBE.exe
  C:\Windows\System\uicXpBE.exe
  2⤵
  PID:1716
- C:\Windows\System\EiNZClZ.exe
  C:\Windows\System\EiNZClZ.exe
  2⤵
  PID:3304
- C:\Windows\System\LQACMYF.exe
  C:\Windows\System\LQACMYF.exe
  2⤵
  PID:3368
- C:\Windows\System\SHSscnV.exe
  C:\Windows\System\SHSscnV.exe
  2⤵
  PID:3440
- C:\Windows\System\pveBHaH.exe
  C:\Windows\System\pveBHaH.exe
  2⤵
  PID:3116
- C:\Windows\System\OzWgDBH.exe
  C:\Windows\System\OzWgDBH.exe
  2⤵
  PID:3168
- C:\Windows\System\EnvSWfq.exe
  C:\Windows\System\EnvSWfq.exe
  2⤵
  PID:2236
- C:\Windows\System\WOPRstN.exe
  C:\Windows\System\WOPRstN.exe
  2⤵
  PID:3492
- C:\Windows\System\Zcbukgr.exe
  C:\Windows\System\Zcbukgr.exe
  2⤵
  PID:3504
- C:\Windows\System\uegfPZb.exe
  C:\Windows\System\uegfPZb.exe
  2⤵
  PID:2664
- C:\Windows\System\hzvGWKw.exe
  C:\Windows\System\hzvGWKw.exe
  2⤵
  PID:848
- C:\Windows\System\XNqaCaR.exe
  C:\Windows\System\XNqaCaR.exe
  2⤵
  PID:3560
- C:\Windows\System\GTIOWHw.exe
  C:\Windows\System\GTIOWHw.exe
  2⤵
  PID:3628
- C:\Windows\System\YwBSMfG.exe
  C:\Windows\System\YwBSMfG.exe
  2⤵
  PID:3576
- C:\Windows\System\sCUpUxS.exe
  C:\Windows\System\sCUpUxS.exe
  2⤵
  PID:3644
- C:\Windows\System\CjOOzjr.exe
  C:\Windows\System\CjOOzjr.exe
  2⤵
  PID:3660
- C:\Windows\System\KkZxzQb.exe
  C:\Windows\System\KkZxzQb.exe
  2⤵
  PID:3196
- C:\Windows\System\ehFvtLg.exe
  C:\Windows\System\ehFvtLg.exe
  2⤵
  PID:3416
- C:\Windows\System\fYVAwGZ.exe
  C:\Windows\System\fYVAwGZ.exe
  2⤵
  PID:3456
- C:\Windows\System\tIEksrX.exe
  C:\Windows\System\tIEksrX.exe
  2⤵
  PID:3664
- C:\Windows\System\fyNxtuj.exe
  C:\Windows\System\fyNxtuj.exe
  2⤵
  PID:3320
- C:\Windows\System\xUeFOuA.exe
  C:\Windows\System\xUeFOuA.exe
  2⤵
  PID:3240
- C:\Windows\System\qJkaukv.exe
  C:\Windows\System\qJkaukv.exe
  2⤵
  PID:2852
- C:\Windows\System\aRveNOy.exe
  C:\Windows\System\aRveNOy.exe
  2⤵
  PID:3808
- C:\Windows\System\JRipjgJ.exe
  C:\Windows\System\JRipjgJ.exe
  2⤵
  PID:3832
- C:\Windows\System\UmgoDhs.exe
  C:\Windows\System\UmgoDhs.exe
  2⤵
  PID:3844
- C:\Windows\System\TnDGWcJ.exe
  C:\Windows\System\TnDGWcJ.exe
  2⤵
  PID:3856
- C:\Windows\System\ukXwvav.exe
  C:\Windows\System\ukXwvav.exe
  2⤵
  PID:3872
- C:\Windows\System\RSZxcqz.exe
  C:\Windows\System\RSZxcqz.exe
  2⤵
  PID:3944
- C:\Windows\System\AxzWyVg.exe
  C:\Windows\System\AxzWyVg.exe
  2⤵
  PID:3984
- C:\Windows\System\OrqCcvW.exe
  C:\Windows\System\OrqCcvW.exe
  2⤵
  PID:4024
- C:\Windows\System\UJLncrB.exe
  C:\Windows\System\UJLncrB.exe
  2⤵
  PID:1256
- C:\Windows\System\svQwqgu.exe
  C:\Windows\System\svQwqgu.exe
  2⤵
  PID:3892
- C:\Windows\System\zdpzYzr.exe
  C:\Windows\System\zdpzYzr.exe
  2⤵
  PID:3972
- C:\Windows\System\RmtqnEJ.exe
  C:\Windows\System\RmtqnEJ.exe
  2⤵
  PID:3144
- C:\Windows\System\HpXLICJ.exe
  C:\Windows\System\HpXLICJ.exe
  2⤵
  PID:2768
- C:\Windows\System\CpTkkaS.exe
  C:\Windows\System\CpTkkaS.exe
  2⤵
  PID:3084
- C:\Windows\System\jauftTt.exe
  C:\Windows\System\jauftTt.exe
  2⤵
  PID:3404
- C:\Windows\System\lFaOxvM.exe
  C:\Windows\System\lFaOxvM.exe
  2⤵
  PID:3932
- C:\Windows\System\ftLuIVs.exe
  C:\Windows\System\ftLuIVs.exe
  2⤵
  PID:4004
- C:\Windows\System\xAkYOkP.exe
  C:\Windows\System\xAkYOkP.exe
  2⤵
  PID:4044
- C:\Windows\System\bvfZgeZ.exe
  C:\Windows\System\bvfZgeZ.exe
  2⤵
  PID:3140
- C:\Windows\System\uoGsqTV.exe
  C:\Windows\System\uoGsqTV.exe
  2⤵
  PID:2744
- C:\Windows\System\wggOuLP.exe
  C:\Windows\System\wggOuLP.exe
  2⤵
  PID:3476
- C:\Windows\System\zhFJOuO.exe
  C:\Windows\System\zhFJOuO.exe
  2⤵
  PID:3088
- C:\Windows\System\shKsbBF.exe
  C:\Windows\System\shKsbBF.exe
  2⤵
  PID:3364
- C:\Windows\System\jKMIdkS.exe
  C:\Windows\System\jKMIdkS.exe
  2⤵
  PID:3252
- C:\Windows\System\LSvrmSQ.exe
  C:\Windows\System\LSvrmSQ.exe
  2⤵
  PID:2840
- C:\Windows\System\FZcHNaF.exe
  C:\Windows\System\FZcHNaF.exe
  2⤵
  PID:3680
- C:\Windows\System\mURLyyb.exe
  C:\Windows\System\mURLyyb.exe
  2⤵
  PID:3596
- C:\Windows\System\ahBlLLi.exe
  C:\Windows\System\ahBlLLi.exe
  2⤵
  PID:3804
- C:\Windows\System\XarRhqz.exe
  C:\Windows\System\XarRhqz.exe
  2⤵
  PID:3824
- C:\Windows\System\FebFTvH.exe
  C:\Windows\System\FebFTvH.exe
  2⤵
  PID:3956
- C:\Windows\System\OldrKpr.exe
  C:\Windows\System\OldrKpr.exe
  2⤵
  PID:3612
- C:\Windows\System\mSKqTaK.exe
  C:\Windows\System\mSKqTaK.exe
  2⤵
  PID:3968
- C:\Windows\System\EgAexgm.exe
  C:\Windows\System\EgAexgm.exe
  2⤵
  PID:3928
- C:\Windows\System\YDsVcDT.exe
  C:\Windows\System\YDsVcDT.exe
  2⤵
  PID:3380
- C:\Windows\System\jqQkZkh.exe
  C:\Windows\System\jqQkZkh.exe
  2⤵
  PID:3512
- C:\Windows\System\juDNfeA.exe
  C:\Windows\System\juDNfeA.exe
  2⤵
  PID:4080
- C:\Windows\System\ZXxhReG.exe
  C:\Windows\System\ZXxhReG.exe
  2⤵
  PID:3572
- C:\Windows\System\FMrzSUj.exe
  C:\Windows\System\FMrzSUj.exe
  2⤵
  PID:3852
- C:\Windows\System\zHhacep.exe
  C:\Windows\System\zHhacep.exe
  2⤵
  PID:3888
- C:\Windows\System\kJBUWNf.exe
  C:\Windows\System\kJBUWNf.exe
  2⤵
  PID:3100
- C:\Windows\System\mVnFfNP.exe
  C:\Windows\System\mVnFfNP.exe
  2⤵
  PID:1820
- C:\Windows\System\JWNEphw.exe
  C:\Windows\System\JWNEphw.exe
  2⤵
  PID:3080
- C:\Windows\System\hMSuaUw.exe
  C:\Windows\System\hMSuaUw.exe
  2⤵
  PID:4036
- C:\Windows\System\fdAEhxH.exe
  C:\Windows\System\fdAEhxH.exe
  2⤵
  PID:3524
- C:\Windows\System\BfMhFyT.exe
  C:\Windows\System\BfMhFyT.exe
  2⤵
  PID:4064
- C:\Windows\System\XoXxwMy.exe
  C:\Windows\System\XoXxwMy.exe
  2⤵
  PID:4108
- C:\Windows\System\MvvlUkS.exe
  C:\Windows\System\MvvlUkS.exe
  2⤵
  PID:4124
- C:\Windows\System\mOHKjCH.exe
  C:\Windows\System\mOHKjCH.exe
  2⤵
  PID:4140
- C:\Windows\System\ZCQjFUs.exe
  C:\Windows\System\ZCQjFUs.exe
  2⤵
  PID:4156
- C:\Windows\System\FooSEPD.exe
  C:\Windows\System\FooSEPD.exe
  2⤵
  PID:4172
- C:\Windows\System\uvGwJJy.exe
  C:\Windows\System\uvGwJJy.exe
  2⤵
  PID:4188
- C:\Windows\System\bgyvLZO.exe
  C:\Windows\System\bgyvLZO.exe
  2⤵
  PID:4204
- C:\Windows\System\RCVeocK.exe
  C:\Windows\System\RCVeocK.exe
  2⤵
  PID:4220
- C:\Windows\System\HBKMjUt.exe
  C:\Windows\System\HBKMjUt.exe
  2⤵
  PID:4236
- C:\Windows\System\LBdKtiy.exe
  C:\Windows\System\LBdKtiy.exe
  2⤵
  PID:4252
- C:\Windows\System\BMOnDxS.exe
  C:\Windows\System\BMOnDxS.exe
  2⤵
  PID:4268
- C:\Windows\System\CeCEwkG.exe
  C:\Windows\System\CeCEwkG.exe
  2⤵
  PID:4284
- C:\Windows\System\OTemPoA.exe
  C:\Windows\System\OTemPoA.exe
  2⤵
  PID:4300
- C:\Windows\System\RzIlWjW.exe
  C:\Windows\System\RzIlWjW.exe
  2⤵
  PID:4316
- C:\Windows\System\zhevijC.exe
  C:\Windows\System\zhevijC.exe
  2⤵
  PID:4332
- C:\Windows\System\NXgtLWm.exe
  C:\Windows\System\NXgtLWm.exe
  2⤵
  PID:4348
- C:\Windows\System\KiCVjvM.exe
  C:\Windows\System\KiCVjvM.exe
  2⤵
  PID:4364
- C:\Windows\System\bromGtk.exe
  C:\Windows\System\bromGtk.exe
  2⤵
  PID:4380
- C:\Windows\System\wGtVhRU.exe
  C:\Windows\System\wGtVhRU.exe
  2⤵
  PID:4396
- C:\Windows\System\iULEJzD.exe
  C:\Windows\System\iULEJzD.exe
  2⤵
  PID:4412
- C:\Windows\System\GhmLiPk.exe
  C:\Windows\System\GhmLiPk.exe
  2⤵
  PID:4428
- C:\Windows\System\UXQPLyY.exe
  C:\Windows\System\UXQPLyY.exe
  2⤵
  PID:4444
- C:\Windows\System\HzKCzpF.exe
  C:\Windows\System\HzKCzpF.exe
  2⤵
  PID:4460
- C:\Windows\System\bqTcEPX.exe
  C:\Windows\System\bqTcEPX.exe
  2⤵
  PID:4476
- C:\Windows\System\xcffCHT.exe
  C:\Windows\System\xcffCHT.exe
  2⤵
  PID:4492
- C:\Windows\System\saTVTFK.exe
  C:\Windows\System\saTVTFK.exe
  2⤵
  PID:4508
- C:\Windows\System\WjsGYYe.exe
  C:\Windows\System\WjsGYYe.exe
  2⤵
  PID:4524
- C:\Windows\System\stFzMEh.exe
  C:\Windows\System\stFzMEh.exe
  2⤵
  PID:4540
- C:\Windows\System\uHporli.exe
  C:\Windows\System\uHporli.exe
  2⤵
  PID:4556
- C:\Windows\System\QJfkUMG.exe
  C:\Windows\System\QJfkUMG.exe
  2⤵
  PID:4572
- C:\Windows\System\NtWrsPl.exe
  C:\Windows\System\NtWrsPl.exe
  2⤵
  PID:4588
- C:\Windows\System\ZQsfBrP.exe
  C:\Windows\System\ZQsfBrP.exe
  2⤵
  PID:4604
- C:\Windows\System\lNGxsAY.exe
  C:\Windows\System\lNGxsAY.exe
  2⤵
  PID:4620
- C:\Windows\System\MKBypcz.exe
  C:\Windows\System\MKBypcz.exe
  2⤵
  PID:4636
- C:\Windows\System\AiXvUQH.exe
  C:\Windows\System\AiXvUQH.exe
  2⤵
  PID:4652
- C:\Windows\System\JXkUOyA.exe
  C:\Windows\System\JXkUOyA.exe
  2⤵
  PID:4668
- C:\Windows\System\hGKhQKJ.exe
  C:\Windows\System\hGKhQKJ.exe
  2⤵
  PID:4684
- C:\Windows\System\tfOHcDD.exe
  C:\Windows\System\tfOHcDD.exe
  2⤵
  PID:4700
- C:\Windows\System\ucHfaea.exe
  C:\Windows\System\ucHfaea.exe
  2⤵
  PID:4716
- C:\Windows\System\aiUDihW.exe
  C:\Windows\System\aiUDihW.exe
  2⤵
  PID:4732
- C:\Windows\System\UoDOrZL.exe
  C:\Windows\System\UoDOrZL.exe
  2⤵
  PID:4748
- C:\Windows\System\LkLFdfn.exe
  C:\Windows\System\LkLFdfn.exe
  2⤵
  PID:4764
- C:\Windows\System\XExBEdm.exe
  C:\Windows\System\XExBEdm.exe
  2⤵
  PID:4780
- C:\Windows\System\hVpnajm.exe
  C:\Windows\System\hVpnajm.exe
  2⤵
  PID:4796
- C:\Windows\System\LQHvEXe.exe
  C:\Windows\System\LQHvEXe.exe
  2⤵
  PID:4812
- C:\Windows\System\tTURUYG.exe
  C:\Windows\System\tTURUYG.exe
  2⤵
  PID:4828
- C:\Windows\System\tTTHhCl.exe
  C:\Windows\System\tTTHhCl.exe
  2⤵
  PID:4844
- C:\Windows\System\VpXlEuW.exe
  C:\Windows\System\VpXlEuW.exe
  2⤵
  PID:4860
- C:\Windows\System\WSWOAYI.exe
  C:\Windows\System\WSWOAYI.exe
  2⤵
  PID:4876
- C:\Windows\System\ScDfdBH.exe
  C:\Windows\System\ScDfdBH.exe
  2⤵
  PID:4892
- C:\Windows\System\kadmMiV.exe
  C:\Windows\System\kadmMiV.exe
  2⤵
  PID:4920
- C:\Windows\System\oowjWLU.exe
  C:\Windows\System\oowjWLU.exe
  2⤵
  PID:5084
- C:\Windows\System\aJNvBNn.exe
  C:\Windows\System\aJNvBNn.exe
  2⤵
  PID:5100
- C:\Windows\System\VTaEUas.exe
  C:\Windows\System\VTaEUas.exe
  2⤵
  PID:5116
- C:\Windows\System\stwTjrg.exe
  C:\Windows\System\stwTjrg.exe
  2⤵
  PID:3348
- C:\Windows\System\XbelLCo.exe
  C:\Windows\System\XbelLCo.exe
  2⤵
  PID:3800
- C:\Windows\System\BTitIDA.exe
  C:\Windows\System\BTitIDA.exe
  2⤵
  PID:3992
- C:\Windows\System\nvVpCNt.exe
  C:\Windows\System\nvVpCNt.exe
  2⤵
  PID:4008
- C:\Windows\System\ilzWuwa.exe
  C:\Windows\System\ilzWuwa.exe
  2⤵
  PID:3460
- C:\Windows\System\MxPOyLe.exe
  C:\Windows\System\MxPOyLe.exe
  2⤵
  PID:3164
- C:\Windows\System\SuNzVwY.exe
  C:\Windows\System\SuNzVwY.exe
  2⤵
  PID:3580
- C:\Windows\System\dUEPqIE.exe
  C:\Windows\System\dUEPqIE.exe
  2⤵
  PID:3848
- C:\Windows\System\WlBpGOv.exe
  C:\Windows\System\WlBpGOv.exe
  2⤵
  PID:4116
- C:\Windows\System\eLoTdkZ.exe
  C:\Windows\System\eLoTdkZ.exe
  2⤵
  PID:4152
- C:\Windows\System\Qwcwzfb.exe
  C:\Windows\System\Qwcwzfb.exe
  2⤵
  PID:4164
- C:\Windows\System\TvRfgat.exe
  C:\Windows\System\TvRfgat.exe
  2⤵
  PID:4216
- C:\Windows\System\qtFgfHE.exe
  C:\Windows\System\qtFgfHE.exe
  2⤵
  PID:4248
- C:\Windows\System\DiZdzPW.exe
  C:\Windows\System\DiZdzPW.exe
  2⤵
  PID:4232
- C:\Windows\System\pkfEDsE.exe
  C:\Windows\System\pkfEDsE.exe
  2⤵
  PID:4312
- C:\Windows\System\SKcksBM.exe
  C:\Windows\System\SKcksBM.exe
  2⤵
  PID:4344
- C:\Windows\System\ILJMeHq.exe
  C:\Windows\System\ILJMeHq.exe
  2⤵
  PID:4376
- C:\Windows\System\USGkKRD.exe
  C:\Windows\System\USGkKRD.exe
  2⤵
  PID:4360
- C:\Windows\System\gKUpQWw.exe
  C:\Windows\System\gKUpQWw.exe
  2⤵
  PID:4436
- C:\Windows\System\rfUpNHe.exe
  C:\Windows\System\rfUpNHe.exe
  2⤵
  PID:4500
- C:\Windows\System\MXeiuoT.exe
  C:\Windows\System\MXeiuoT.exe
  2⤵
  PID:4536
- C:\Windows\System\iRWxXID.exe
  C:\Windows\System\iRWxXID.exe
  2⤵
  PID:4600
- C:\Windows\System\rOAaaux.exe
  C:\Windows\System\rOAaaux.exe
  2⤵
  PID:4664
- C:\Windows\System\kviTczu.exe
  C:\Windows\System\kviTczu.exe
  2⤵
  PID:4724
- C:\Windows\System\tpsslhK.exe
  C:\Windows\System\tpsslhK.exe
  2⤵
  PID:4584
- C:\Windows\System\mOOoqgB.exe
  C:\Windows\System\mOOoqgB.exe
  2⤵
  PID:4788
- C:\Windows\System\FhvQaxf.exe
  C:\Windows\System\FhvQaxf.exe
  2⤵
  PID:4820
- C:\Windows\System\nKNtIWw.exe
  C:\Windows\System\nKNtIWw.exe
  2⤵
  PID:4856
- C:\Windows\System\TbxuENF.exe
  C:\Windows\System\TbxuENF.exe
  2⤵
  PID:4884
- C:\Windows\System\FlDQCVW.exe
  C:\Windows\System\FlDQCVW.exe
  2⤵
  PID:4644
- C:\Windows\System\YWFihty.exe
  C:\Windows\System\YWFihty.exe
  2⤵
  PID:4772
- C:\Windows\System\vPnxgQW.exe
  C:\Windows\System\vPnxgQW.exe
  2⤵
  PID:4840
- C:\Windows\System\igKDyLU.exe
  C:\Windows\System\igKDyLU.exe
  2⤵
  PID:2148
- C:\Windows\System\hZSdDnI.exe
  C:\Windows\System\hZSdDnI.exe
  2⤵
  PID:4908
- C:\Windows\System\QASZVde.exe
  C:\Windows\System\QASZVde.exe
  2⤵
  PID:4928
- C:\Windows\System\FYJsruA.exe
  C:\Windows\System\FYJsruA.exe
  2⤵
  PID:4280
- C:\Windows\System\LPYQYVN.exe
  C:\Windows\System\LPYQYVN.exe
  2⤵
  PID:4340
- C:\Windows\System\vsbfpqT.exe
  C:\Windows\System\vsbfpqT.exe
  2⤵
  PID:4468
- C:\Windows\System\ZfMOuda.exe
  C:\Windows\System\ZfMOuda.exe
  2⤵
  PID:4568
- C:\Windows\System\oPYJZmc.exe
  C:\Windows\System\oPYJZmc.exe
  2⤵
  PID:4392
- C:\Windows\System\QWWMbLy.exe
  C:\Windows\System\QWWMbLy.exe
  2⤵
  PID:4692
- C:\Windows\System\EFHQIOR.exe
  C:\Windows\System\EFHQIOR.exe
  2⤵
  PID:4756
- C:\Windows\System\EsVyFbY.exe
  C:\Windows\System\EsVyFbY.exe
  2⤵
  PID:4612
- C:\Windows\System\FGWgJHG.exe
  C:\Windows\System\FGWgJHG.exe
  2⤵
  PID:4456
- C:\Windows\System\cANVSNG.exe
  C:\Windows\System\cANVSNG.exe
  2⤵
  PID:2848
- C:\Windows\System\zUahUwG.exe
  C:\Windows\System\zUahUwG.exe
  2⤵
  PID:4580
- C:\Windows\System\qJGgkzn.exe
  C:\Windows\System\qJGgkzn.exe
  2⤵
  PID:2788
- C:\Windows\System\mJSxJIY.exe
  C:\Windows\System\mJSxJIY.exe
  2⤵
  PID:5108
- C:\Windows\System\dGJyHZW.exe
  C:\Windows\System\dGJyHZW.exe
  2⤵
  PID:3732
- C:\Windows\System\SpCixBx.exe
  C:\Windows\System\SpCixBx.exe
  2⤵
  PID:2696
- C:\Windows\System\BCobJhD.exe
  C:\Windows\System\BCobJhD.exe
  2⤵
  PID:3924
- C:\Windows\System\LkrFHLB.exe
  C:\Windows\System\LkrFHLB.exe
  2⤵
  PID:3352
- C:\Windows\System\UAcriNv.exe
  C:\Windows\System\UAcriNv.exe
  2⤵
  PID:4132
- C:\Windows\System\bDXigMO.exe
  C:\Windows\System\bDXigMO.exe
  2⤵
  PID:3760
- C:\Windows\System\DYItfjT.exe
  C:\Windows\System\DYItfjT.exe
  2⤵
  PID:4912
- C:\Windows\System\cBeLimy.exe
  C:\Windows\System\cBeLimy.exe
  2⤵
  PID:4356
- C:\Windows\System\PEgJcum.exe
  C:\Windows\System\PEgJcum.exe
  2⤵
  PID:3016
- C:\Windows\System\xFouehx.exe
  C:\Windows\System\xFouehx.exe
  2⤵
  PID:2876
- C:\Windows\System\mfdjtim.exe
  C:\Windows\System\mfdjtim.exe
  2⤵
  PID:4904
- C:\Windows\System\wAzovgj.exe
  C:\Windows\System\wAzovgj.exe
  2⤵
  PID:4852
- C:\Windows\System\ICVAYxw.exe
  C:\Windows\System\ICVAYxw.exe
  2⤵
  PID:4804
- C:\Windows\System\WmBAkns.exe
  C:\Windows\System\WmBAkns.exe
  2⤵
  PID:4488
- C:\Windows\System\QExjCjg.exe
  C:\Windows\System\QExjCjg.exe
  2⤵
  PID:4740
- C:\Windows\System\OWkQcIe.exe
  C:\Windows\System\OWkQcIe.exe
  2⤵
  PID:2636
- C:\Windows\System\QqaaAJu.exe
  C:\Windows\System\QqaaAJu.exe
  2⤵
  PID:2964
- C:\Windows\System\mMaYIhb.exe
  C:\Windows\System\mMaYIhb.exe
  2⤵
  PID:4964
- C:\Windows\System\zxJrUcA.exe
  C:\Windows\System\zxJrUcA.exe
  2⤵
  PID:2796
- C:\Windows\System\RTIKIqF.exe
  C:\Windows\System\RTIKIqF.exe
  2⤵
  PID:2436
- C:\Windows\System\pFKnFqy.exe
  C:\Windows\System\pFKnFqy.exe
  2⤵
  PID:5060
- C:\Windows\System\ljjApNT.exe
  C:\Windows\System\ljjApNT.exe
  2⤵
  PID:3812
- C:\Windows\System\UDLAcRg.exe
  C:\Windows\System\UDLAcRg.exe
  2⤵
  PID:5068
- C:\Windows\System\sodHgIC.exe
  C:\Windows\System\sodHgIC.exe
  2⤵
  PID:4196
- C:\Windows\System\RAOxlMV.exe
  C:\Windows\System\RAOxlMV.exe
  2⤵
  PID:4968
- C:\Windows\System\zrhzoZv.exe
  C:\Windows\System\zrhzoZv.exe
  2⤵
  PID:928
- C:\Windows\System\sKlXfae.exe
  C:\Windows\System\sKlXfae.exe
  2⤵
  PID:3724
- C:\Windows\System\bkpPDqM.exe
  C:\Windows\System\bkpPDqM.exe
  2⤵
  PID:2568
- C:\Windows\System\zhluPOB.exe
  C:\Windows\System\zhluPOB.exe
  2⤵
  PID:3912
- C:\Windows\System\QAWuOrh.exe
  C:\Windows\System\QAWuOrh.exe
  2⤵
  PID:3452
- C:\Windows\System\ThcwNYo.exe
  C:\Windows\System\ThcwNYo.exe
  2⤵
  PID:4408
- C:\Windows\System\YsSMYuE.exe
  C:\Windows\System\YsSMYuE.exe
  2⤵
  PID:4516
- C:\Windows\System\QlFYufB.exe
  C:\Windows\System\QlFYufB.exe
  2⤵
  PID:4548
- C:\Windows\System\wQtYrtM.exe
  C:\Windows\System\wQtYrtM.exe
  2⤵
  PID:4956
- C:\Windows\System\zFdRXsZ.exe
  C:\Windows\System\zFdRXsZ.exe
  2⤵
  PID:4992
- C:\Windows\System\slshQDy.exe
  C:\Windows\System\slshQDy.exe
  2⤵
  PID:5012
- C:\Windows\System\gCcPwRf.exe
  C:\Windows\System\gCcPwRf.exe
  2⤵
  PID:5024
- C:\Windows\System\FCqiriK.exe
  C:\Windows\System\FCqiriK.exe
  2⤵
  PID:5040
- C:\Windows\System\tOZzUsq.exe
  C:\Windows\System\tOZzUsq.exe
  2⤵
  PID:2656
- C:\Windows\System\XWZlzTY.exe
  C:\Windows\System\XWZlzTY.exe
  2⤵
  PID:5128
- C:\Windows\System\qjFeNjQ.exe
  C:\Windows\System\qjFeNjQ.exe
  2⤵
  PID:5148
- C:\Windows\System\zSnwYAQ.exe
  C:\Windows\System\zSnwYAQ.exe
  2⤵
  PID:5164
- C:\Windows\System\jOIDiXV.exe
  C:\Windows\System\jOIDiXV.exe
  2⤵
  PID:5180
- C:\Windows\System\nmMBOik.exe
  C:\Windows\System\nmMBOik.exe
  2⤵
  PID:5200
- C:\Windows\System\TuGYRXm.exe
  C:\Windows\System\TuGYRXm.exe
  2⤵
  PID:5220
- C:\Windows\System\vkUpwHK.exe
  C:\Windows\System\vkUpwHK.exe
  2⤵
  PID:5244
- C:\Windows\System\LLJPHWk.exe
  C:\Windows\System\LLJPHWk.exe
  2⤵
  PID:5264
- C:\Windows\System\tKnebKb.exe
  C:\Windows\System\tKnebKb.exe
  2⤵
  PID:5284
- C:\Windows\System\QNpHmix.exe
  C:\Windows\System\QNpHmix.exe
  2⤵
  PID:5304
- C:\Windows\System\sFnIxdR.exe
  C:\Windows\System\sFnIxdR.exe
  2⤵
  PID:5320
- C:\Windows\System\nzFrNEK.exe
  C:\Windows\System\nzFrNEK.exe
  2⤵
  PID:5336
- C:\Windows\System\vjJambO.exe
  C:\Windows\System\vjJambO.exe
  2⤵
  PID:5356
- C:\Windows\System\trfXCwM.exe
  C:\Windows\System\trfXCwM.exe
  2⤵
  PID:5380
- C:\Windows\System\SCNmXJK.exe
  C:\Windows\System\SCNmXJK.exe
  2⤵
  PID:5396
- C:\Windows\System\esFJNoC.exe
  C:\Windows\System\esFJNoC.exe
  2⤵
  PID:5412
- C:\Windows\System\zLKWLVD.exe
  C:\Windows\System\zLKWLVD.exe
  2⤵
  PID:5432
- C:\Windows\System\CSPAWDZ.exe
  C:\Windows\System\CSPAWDZ.exe
  2⤵
  PID:5456
- C:\Windows\System\kaYfnwr.exe
  C:\Windows\System\kaYfnwr.exe
  2⤵
  PID:5472
- C:\Windows\System\BeEbAHu.exe
  C:\Windows\System\BeEbAHu.exe
  2⤵
  PID:5496
- C:\Windows\System\cgibXEZ.exe
  C:\Windows\System\cgibXEZ.exe
  2⤵
  PID:5512
- C:\Windows\System\uOmRjAZ.exe
  C:\Windows\System\uOmRjAZ.exe
  2⤵
  PID:5528
- C:\Windows\System\jnjrQim.exe
  C:\Windows\System\jnjrQim.exe
  2⤵
  PID:5544
- C:\Windows\System\wZUokWW.exe
  C:\Windows\System\wZUokWW.exe
  2⤵
  PID:5560
- C:\Windows\System\qyaDYdX.exe
  C:\Windows\System\qyaDYdX.exe
  2⤵
  PID:5576
- C:\Windows\System\rDGwBBn.exe
  C:\Windows\System\rDGwBBn.exe
  2⤵
  PID:5592
- C:\Windows\System\uNuqLYv.exe
  C:\Windows\System\uNuqLYv.exe
  2⤵
  PID:5616
- C:\Windows\System\cjvvsmm.exe
  C:\Windows\System\cjvvsmm.exe
  2⤵
  PID:5632
- C:\Windows\System\dtwOUCr.exe
  C:\Windows\System\dtwOUCr.exe
  2⤵
  PID:5648
- C:\Windows\System\KLdbbUf.exe
  C:\Windows\System\KLdbbUf.exe
  2⤵
  PID:5664
- C:\Windows\System\jTxReeU.exe
  C:\Windows\System\jTxReeU.exe
  2⤵
  PID:5680
- C:\Windows\System\cIwtcJI.exe
  C:\Windows\System\cIwtcJI.exe
  2⤵
  PID:5696
- C:\Windows\System\pBVUyxJ.exe
  C:\Windows\System\pBVUyxJ.exe
  2⤵
  PID:5712
- C:\Windows\System\UEeChLB.exe
  C:\Windows\System\UEeChLB.exe
  2⤵
  PID:5728
- C:\Windows\System\NxHCsGg.exe
  C:\Windows\System\NxHCsGg.exe
  2⤵
  PID:5744
- C:\Windows\System\GwUcIxP.exe
  C:\Windows\System\GwUcIxP.exe
  2⤵
  PID:5760
- C:\Windows\System\ThJgddj.exe
  C:\Windows\System\ThJgddj.exe
  2⤵
  PID:5776
- C:\Windows\System\YbrfXzD.exe
  C:\Windows\System\YbrfXzD.exe
  2⤵
  PID:5792
- C:\Windows\System\rXdwfQO.exe
  C:\Windows\System\rXdwfQO.exe
  2⤵
  PID:5808
- C:\Windows\System\MomNBnE.exe
  C:\Windows\System\MomNBnE.exe
  2⤵
  PID:5832
- C:\Windows\System\mkesRmt.exe
  C:\Windows\System\mkesRmt.exe
  2⤵
  PID:5848
- C:\Windows\System\YZvMDQC.exe
  C:\Windows\System\YZvMDQC.exe
  2⤵
  PID:5864
- C:\Windows\System\yWgjYfy.exe
  C:\Windows\System\yWgjYfy.exe
  2⤵
  PID:5880
- C:\Windows\System\tWAAcdN.exe
  C:\Windows\System\tWAAcdN.exe
  2⤵
  PID:5896
- C:\Windows\System\IwJIQWB.exe
  C:\Windows\System\IwJIQWB.exe
  2⤵
  PID:5916
- C:\Windows\System\GGLVvSN.exe
  C:\Windows\System\GGLVvSN.exe
  2⤵
  PID:5952
- C:\Windows\System\dYcVCwm.exe
  C:\Windows\System\dYcVCwm.exe
  2⤵
  PID:5968
- C:\Windows\System\HUvyfRw.exe
  C:\Windows\System\HUvyfRw.exe
  2⤵
  PID:6000
- C:\Windows\System\nivsvBv.exe
  C:\Windows\System\nivsvBv.exe
  2⤵
  PID:6020
- C:\Windows\System\vJqNRHG.exe
  C:\Windows\System\vJqNRHG.exe
  2⤵
  PID:6036
- C:\Windows\System\GwhRCkC.exe
  C:\Windows\System\GwhRCkC.exe
  2⤵
  PID:6052
- C:\Windows\System\jDaWsWX.exe
  C:\Windows\System\jDaWsWX.exe
  2⤵
  PID:6068
- C:\Windows\System\YuIZRNL.exe
  C:\Windows\System\YuIZRNL.exe
  2⤵
  PID:6084
- C:\Windows\System\FOnTixC.exe
  C:\Windows\System\FOnTixC.exe
  2⤵
  PID:6108
- C:\Windows\System\YJAbukS.exe
  C:\Windows\System\YJAbukS.exe
  2⤵
  PID:6124
- C:\Windows\System\yDnxOvR.exe
  C:\Windows\System\yDnxOvR.exe
  2⤵
  PID:3716
- C:\Windows\System\iooHdYC.exe
  C:\Windows\System\iooHdYC.exe
  2⤵
  PID:3736
- C:\Windows\System\otkwKvZ.exe
  C:\Windows\System\otkwKvZ.exe
  2⤵
  PID:4552
- C:\Windows\System\NOqJmHE.exe
  C:\Windows\System\NOqJmHE.exe
  2⤵
  PID:1792
- C:\Windows\System\CsAxDzY.exe
  C:\Windows\System\CsAxDzY.exe
  2⤵
  PID:4308
- C:\Windows\System\OAnzuRq.exe
  C:\Windows\System\OAnzuRq.exe
  2⤵
  PID:4940
- C:\Windows\System\ojQmUZc.exe
  C:\Windows\System\ojQmUZc.exe
  2⤵
  PID:5008
- C:\Windows\System\aOHPtEY.exe
  C:\Windows\System\aOHPtEY.exe
  2⤵
  PID:5124
- C:\Windows\System\UzfpMvM.exe
  C:\Windows\System\UzfpMvM.exe
  2⤵
  PID:5192
- C:\Windows\System\kUMKTMY.exe
  C:\Windows\System\kUMKTMY.exe
  2⤵
  PID:5236
- C:\Windows\System\LYzzSKw.exe
  C:\Windows\System\LYzzSKw.exe
  2⤵
  PID:5280
- C:\Windows\System\KeRPdrg.exe
  C:\Windows\System\KeRPdrg.exe
  2⤵
  PID:3056
- C:\Windows\System\QCFJryM.exe
  C:\Windows\System\QCFJryM.exe
  2⤵
  PID:5172
- C:\Windows\System\JLpYXwE.exe
  C:\Windows\System\JLpYXwE.exe
  2⤵
  PID:5252
- C:\Windows\System\gpZUVAD.exe
  C:\Windows\System\gpZUVAD.exe
  2⤵
  PID:5296
- C:\Windows\System\sfUxACl.exe
  C:\Windows\System\sfUxACl.exe
  2⤵
  PID:5328
- C:\Windows\System\TZkaUpj.exe
  C:\Windows\System\TZkaUpj.exe
  2⤵
  PID:5256
- C:\Windows\System\fDTsudR.exe
  C:\Windows\System\fDTsudR.exe
  2⤵
  PID:5404
- C:\Windows\System\tshbDhs.exe
  C:\Windows\System\tshbDhs.exe
  2⤵
  PID:5448
- C:\Windows\System\FheBzSe.exe
  C:\Windows\System\FheBzSe.exe
  2⤵
  PID:5492
- C:\Windows\System\gRksOnJ.exe
  C:\Windows\System\gRksOnJ.exe
  2⤵
  PID:5588
- C:\Windows\System\fWblEes.exe
  C:\Windows\System\fWblEes.exe
  2⤵
  PID:5624
- C:\Windows\System\wtLoUJU.exe
  C:\Windows\System\wtLoUJU.exe
  2⤵
  PID:5660
- C:\Windows\System\ITXsbMg.exe
  C:\Windows\System\ITXsbMg.exe
  2⤵
  PID:5752
- C:\Windows\System\DOYqqNL.exe
  C:\Windows\System\DOYqqNL.exe
  2⤵
  PID:2484
- C:\Windows\System\pXsSPYJ.exe
  C:\Windows\System\pXsSPYJ.exe
  2⤵
  PID:5352
- C:\Windows\System\jdcMTUr.exe
  C:\Windows\System\jdcMTUr.exe
  2⤵
  PID:5424
- C:\Windows\System\GvLwEYe.exe
  C:\Windows\System\GvLwEYe.exe
  2⤵
  PID:5504
- C:\Windows\System\qykbXjG.exe
  C:\Windows\System\qykbXjG.exe
  2⤵
  PID:5568
- C:\Windows\System\MePbdUs.exe
  C:\Windows\System\MePbdUs.exe
  2⤵
  PID:5608
- C:\Windows\System\gBBmrCw.exe
  C:\Windows\System\gBBmrCw.exe
  2⤵
  PID:2180
- C:\Windows\System\vtZAdFd.exe
  C:\Windows\System\vtZAdFd.exe
  2⤵
  PID:5704
- C:\Windows\System\QhdCrUw.exe
  C:\Windows\System\QhdCrUw.exe
  2⤵
  PID:5768
- C:\Windows\System\NaKsMrs.exe
  C:\Windows\System\NaKsMrs.exe
  2⤵
  PID:5844
- C:\Windows\System\cDEyBVX.exe
  C:\Windows\System\cDEyBVX.exe
  2⤵
  PID:5628
- C:\Windows\System\INRUoJn.exe
  C:\Windows\System\INRUoJn.exe
  2⤵
  PID:5912
- C:\Windows\System\WPlDJke.exe
  C:\Windows\System\WPlDJke.exe
  2⤵
  PID:5828
- C:\Windows\System\UCYEcYK.exe
  C:\Windows\System\UCYEcYK.exe
  2⤵
  PID:5892
- C:\Windows\System\OcUkTJA.exe
  C:\Windows\System\OcUkTJA.exe
  2⤵
  PID:5964
- C:\Windows\System\niTsuAx.exe
  C:\Windows\System\niTsuAx.exe
  2⤵
  PID:5932
- C:\Windows\System\eVSqdmx.exe
  C:\Windows\System\eVSqdmx.exe
  2⤵
  PID:5944
- C:\Windows\System\WUQdONO.exe
  C:\Windows\System\WUQdONO.exe
  2⤵
  PID:5988
- C:\Windows\System\AagLzYa.exe
  C:\Windows\System\AagLzYa.exe
  2⤵
  PID:6032
- C:\Windows\System\rtJbcuP.exe
  C:\Windows\System\rtJbcuP.exe
  2⤵
  PID:3028
- C:\Windows\System\AzgcXcK.exe
  C:\Windows\System\AzgcXcK.exe
  2⤵
  PID:6016
- C:\Windows\System\LiZRRFL.exe
  C:\Windows\System\LiZRRFL.exe
  2⤵
  PID:6080
- C:\Windows\System\aUokNPT.exe
  C:\Windows\System\aUokNPT.exe
  2⤵
  PID:2820
- C:\Windows\System\IreYPpq.exe
  C:\Windows\System\IreYPpq.exe
  2⤵
  PID:2368
- C:\Windows\System\xcmIIVd.exe
  C:\Windows\System\xcmIIVd.exe
  2⤵
  PID:6104
- C:\Windows\System\pIgXzST.exe
  C:\Windows\System\pIgXzST.exe
  2⤵
  PID:1808
- C:\Windows\System\fUBxDoY.exe
  C:\Windows\System\fUBxDoY.exe
  2⤵
  PID:4660
- C:\Windows\System\nNIhHfR.exe
  C:\Windows\System\nNIhHfR.exe
  2⤵
  PID:5036
- C:\Windows\System\XhPBSid.exe
  C:\Windows\System\XhPBSid.exe
  2⤵
  PID:276
- C:\Windows\System\kdZIYIe.exe
  C:\Windows\System\kdZIYIe.exe
  2⤵
  PID:5216
- C:\Windows\System\rQzpgNp.exe
  C:\Windows\System\rQzpgNp.exe
  2⤵
  PID:5376
- C:\Windows\System\pUIVUQn.exe
  C:\Windows\System\pUIVUQn.exe
  2⤵
  PID:5488
- C:\Windows\System\PiKxQQR.exe
  C:\Windows\System\PiKxQQR.exe
  2⤵
  PID:2740
- C:\Windows\System\laZcDXh.exe
  C:\Windows\System\laZcDXh.exe
  2⤵
  PID:5272
- C:\Windows\System\slzRmex.exe
  C:\Windows\System\slzRmex.exe
  2⤵
  PID:5720
- C:\Windows\System\qWPgbRk.exe
  C:\Windows\System\qWPgbRk.exe
  2⤵
  PID:5468
- C:\Windows\System\NrgMCKm.exe
  C:\Windows\System\NrgMCKm.exe
  2⤵
  PID:5604
- C:\Windows\System\rAxJDmG.exe
  C:\Windows\System\rAxJDmG.exe
  2⤵
  PID:5804
- C:\Windows\System\oUDRcKY.exe
  C:\Windows\System\oUDRcKY.exe
  2⤵
  PID:5212
- C:\Windows\System\UsJIIti.exe
  C:\Windows\System\UsJIIti.exe
  2⤵
  PID:5584
- C:\Windows\System\CBYnHMh.exe
  C:\Windows\System\CBYnHMh.exe
  2⤵
  PID:2472
- C:\Windows\System\vvKGoza.exe
  C:\Windows\System\vvKGoza.exe
  2⤵
  PID:5640
- C:\Windows\System\CAIskrQ.exe
  C:\Windows\System\CAIskrQ.exe
  2⤵
  PID:5860
- C:\Windows\System\LoecBEa.exe
  C:\Windows\System\LoecBEa.exe
  2⤵
  PID:5904
- C:\Windows\System\wcKhnjG.exe
  C:\Windows\System\wcKhnjG.exe
  2⤵
  PID:5984
- C:\Windows\System\GsUSAiu.exe
  C:\Windows\System\GsUSAiu.exe
  2⤵
  PID:5824
- C:\Windows\System\azueAAA.exe
  C:\Windows\System\azueAAA.exe
  2⤵
  PID:5940
- C:\Windows\System\jMPEbmv.exe
  C:\Windows\System\jMPEbmv.exe
  2⤵
  PID:3280
- C:\Windows\System\wQgptuJ.exe
  C:\Windows\System\wQgptuJ.exe
  2⤵
  PID:6132
- C:\Windows\System\kQbbwSi.exe
  C:\Windows\System\kQbbwSi.exe
  2⤵
  PID:5048
- C:\Windows\System\jPRwUdu.exe
  C:\Windows\System\jPRwUdu.exe
  2⤵
  PID:6092
- C:\Windows\System\nfOipof.exe
  C:\Windows\System\nfOipof.exe
  2⤵
  PID:5020
- C:\Windows\System\oEfbBCW.exe
  C:\Windows\System\oEfbBCW.exe
  2⤵
  PID:5372
- C:\Windows\System\nVMbXuk.exe
  C:\Windows\System\nVMbXuk.exe
  2⤵
  PID:5056
- C:\Windows\System\GcLeVoN.exe
  C:\Windows\System\GcLeVoN.exe
  2⤵
  PID:5052
- C:\Windows\System\scBABha.exe
  C:\Windows\System\scBABha.exe
  2⤵
  PID:5440
- C:\Windows\System\okxSoPW.exe
  C:\Windows\System\okxSoPW.exe
  2⤵
  PID:2812
- C:\Windows\System\nrQFfJG.exe
  C:\Windows\System\nrQFfJG.exe
  2⤵
  PID:5820
- C:\Windows\System\RhUCFdy.exe
  C:\Windows\System\RhUCFdy.exe
  2⤵
  PID:4532
- C:\Windows\System\aevDLlD.exe
  C:\Windows\System\aevDLlD.exe
  2⤵
  PID:2632
- C:\Windows\System\xdMUwvi.exe
  C:\Windows\System\xdMUwvi.exe
  2⤵
  PID:5676
- C:\Windows\System\DOnmtYm.exe
  C:\Windows\System\DOnmtYm.exe
  2⤵
  PID:5788
- C:\Windows\System\cTCTpyo.exe
  C:\Windows\System\cTCTpyo.exe
  2⤵
  PID:3272
- C:\Windows\System\ESuLvoQ.exe
  C:\Windows\System\ESuLvoQ.exe
  2⤵
  PID:6160
- C:\Windows\System\mkhsjNP.exe
  C:\Windows\System\mkhsjNP.exe
  2⤵
  PID:6176
- C:\Windows\System\eEqZXAo.exe
  C:\Windows\System\eEqZXAo.exe
  2⤵
  PID:6192
- C:\Windows\System\UaRwYmH.exe
  C:\Windows\System\UaRwYmH.exe
  2⤵
  PID:6208
- C:\Windows\System\EZEelDM.exe
  C:\Windows\System\EZEelDM.exe
  2⤵
  PID:6224
- C:\Windows\System\upnrkzk.exe
  C:\Windows\System\upnrkzk.exe
  2⤵
  PID:6240
- C:\Windows\System\JIbBObD.exe
  C:\Windows\System\JIbBObD.exe
  2⤵
  PID:6256
- C:\Windows\System\ENylfKc.exe
  C:\Windows\System\ENylfKc.exe
  2⤵
  PID:6272
- C:\Windows\System\COiEvNZ.exe
  C:\Windows\System\COiEvNZ.exe
  2⤵
  PID:6288
- C:\Windows\System\UtbdZIL.exe
  C:\Windows\System\UtbdZIL.exe
  2⤵
  PID:6304
- C:\Windows\System\jwuhRKL.exe
  C:\Windows\System\jwuhRKL.exe
  2⤵
  PID:6320
- C:\Windows\System\UpVvBeV.exe
  C:\Windows\System\UpVvBeV.exe
  2⤵
  PID:6336
- C:\Windows\System\HGioZSC.exe
  C:\Windows\System\HGioZSC.exe
  2⤵
  PID:6352
- C:\Windows\System\MlrvaGU.exe
  C:\Windows\System\MlrvaGU.exe
  2⤵
  PID:6368
- C:\Windows\System\skGcjYo.exe
  C:\Windows\System\skGcjYo.exe
  2⤵
  PID:6384
- C:\Windows\System\mxJHvhh.exe
  C:\Windows\System\mxJHvhh.exe
  2⤵
  PID:6404
- C:\Windows\System\xgiCvjv.exe
  C:\Windows\System\xgiCvjv.exe
  2⤵
  PID:6420
- C:\Windows\System\pvORgGX.exe
  C:\Windows\System\pvORgGX.exe
  2⤵
  PID:6436
- C:\Windows\System\mhjqIpe.exe
  C:\Windows\System\mhjqIpe.exe
  2⤵
  PID:6452
- C:\Windows\System\bbWoSyV.exe
  C:\Windows\System\bbWoSyV.exe
  2⤵
  PID:6468
- C:\Windows\System\WLUVwhn.exe
  C:\Windows\System\WLUVwhn.exe
  2⤵
  PID:6484
- C:\Windows\System\SNjsYcy.exe
  C:\Windows\System\SNjsYcy.exe
  2⤵
  PID:6500
- C:\Windows\System\pgjzRvn.exe
  C:\Windows\System\pgjzRvn.exe
  2⤵
  PID:6516
- C:\Windows\System\VmDeKCe.exe
  C:\Windows\System\VmDeKCe.exe
  2⤵
  PID:6532
- C:\Windows\System\sdunIDI.exe
  C:\Windows\System\sdunIDI.exe
  2⤵
  PID:6548
- C:\Windows\System\HJgluvC.exe
  C:\Windows\System\HJgluvC.exe
  2⤵
  PID:6564
- C:\Windows\System\HjeFqen.exe
  C:\Windows\System\HjeFqen.exe
  2⤵
  PID:6580
- C:\Windows\System\lMfGowA.exe
  C:\Windows\System\lMfGowA.exe
  2⤵
  PID:6596
- C:\Windows\System\tQCEZSE.exe
  C:\Windows\System\tQCEZSE.exe
  2⤵
  PID:6616
- C:\Windows\System\LziGtEL.exe
  C:\Windows\System\LziGtEL.exe
  2⤵
  PID:6632
- C:\Windows\System\JDOKPlS.exe
  C:\Windows\System\JDOKPlS.exe
  2⤵
  PID:6648
- C:\Windows\System\eepGdjZ.exe
  C:\Windows\System\eepGdjZ.exe
  2⤵
  PID:6664
- C:\Windows\System\vvsNHca.exe
  C:\Windows\System\vvsNHca.exe
  2⤵
  PID:6680
- C:\Windows\System\kxaPohB.exe
  C:\Windows\System\kxaPohB.exe
  2⤵
  PID:6696
- C:\Windows\System\lJjfcdW.exe
  C:\Windows\System\lJjfcdW.exe
  2⤵
  PID:6712
- C:\Windows\System\McoFpmx.exe
  C:\Windows\System\McoFpmx.exe
  2⤵
  PID:6728
- C:\Windows\System\fVvhnmG.exe
  C:\Windows\System\fVvhnmG.exe
  2⤵
  PID:6744
- C:\Windows\System\DBVepTg.exe
  C:\Windows\System\DBVepTg.exe
  2⤵
  PID:6760
- C:\Windows\System\ibvmveh.exe
  C:\Windows\System\ibvmveh.exe
  2⤵
  PID:6776
- C:\Windows\System\giBRpBN.exe
  C:\Windows\System\giBRpBN.exe
  2⤵
  PID:6792
- C:\Windows\System\yeHUOrv.exe
  C:\Windows\System\yeHUOrv.exe
  2⤵
  PID:6808
- C:\Windows\System\vpkMOsW.exe
  C:\Windows\System\vpkMOsW.exe
  2⤵
  PID:6824
- C:\Windows\System\TlQxbqg.exe
  C:\Windows\System\TlQxbqg.exe
  2⤵
  PID:6840
- C:\Windows\System\UtELUgl.exe
  C:\Windows\System\UtELUgl.exe
  2⤵
  PID:6856
- C:\Windows\System\zQsgnfT.exe
  C:\Windows\System\zQsgnfT.exe
  2⤵
  PID:6872
- C:\Windows\System\VocNVrB.exe
  C:\Windows\System\VocNVrB.exe
  2⤵
  PID:6888
- C:\Windows\System\OEerUaT.exe
  C:\Windows\System\OEerUaT.exe
  2⤵
  PID:6904
- C:\Windows\System\JtKgLVV.exe
  C:\Windows\System\JtKgLVV.exe
  2⤵
  PID:6920
- C:\Windows\System\oNwsmih.exe
  C:\Windows\System\oNwsmih.exe
  2⤵
  PID:6936
- C:\Windows\System\CSjDUjX.exe
  C:\Windows\System\CSjDUjX.exe
  2⤵
  PID:6952
- C:\Windows\System\UDuzDwO.exe
  C:\Windows\System\UDuzDwO.exe
  2⤵
  PID:6968
- C:\Windows\System\BRjkUtj.exe
  C:\Windows\System\BRjkUtj.exe
  2⤵
  PID:6984
- C:\Windows\System\QxAoUcG.exe
  C:\Windows\System\QxAoUcG.exe
  2⤵
  PID:7000
- C:\Windows\System\vpoNZGG.exe
  C:\Windows\System\vpoNZGG.exe
  2⤵
  PID:7016
- C:\Windows\System\DnGBvlk.exe
  C:\Windows\System\DnGBvlk.exe
  2⤵
  PID:7032
- C:\Windows\System\ahHNwqz.exe
  C:\Windows\System\ahHNwqz.exe
  2⤵
  PID:7048
- C:\Windows\System\LTKTile.exe
  C:\Windows\System\LTKTile.exe
  2⤵
  PID:7064
- C:\Windows\System\znAzUMV.exe
  C:\Windows\System\znAzUMV.exe
  2⤵
  PID:7080
- C:\Windows\System\fNUhdFl.exe
  C:\Windows\System\fNUhdFl.exe
  2⤵
  PID:7096
- C:\Windows\System\VJoZVxF.exe
  C:\Windows\System\VJoZVxF.exe
  2⤵
  PID:7112
- C:\Windows\System\tbefnoF.exe
  C:\Windows\System\tbefnoF.exe
  2⤵
  PID:7128
- C:\Windows\System\xpLxfbN.exe
  C:\Windows\System\xpLxfbN.exe
  2⤵
  PID:7144
- C:\Windows\System\diFgmgB.exe
  C:\Windows\System\diFgmgB.exe
  2⤵
  PID:7160
- C:\Windows\System\tNzXtEQ.exe
  C:\Windows\System\tNzXtEQ.exe
  2⤵
  PID:2044
- C:\Windows\System\cLUBpgX.exe
  C:\Windows\System\cLUBpgX.exe
  2⤵
  PID:5208
- C:\Windows\System\uvNdfgE.exe
  C:\Windows\System\uvNdfgE.exe
  2⤵
  PID:5656
- C:\Windows\System\yJwZBxO.exe
  C:\Windows\System\yJwZBxO.exe
  2⤵
  PID:5160
- C:\Windows\System\PyqrPAl.exe
  C:\Windows\System\PyqrPAl.exe
  2⤵
  PID:6064
- C:\Windows\System\McHqxRz.exe
  C:\Windows\System\McHqxRz.exe
  2⤵
  PID:5464
- C:\Windows\System\hLrzKll.exe
  C:\Windows\System\hLrzKll.exe
  2⤵
  PID:3752
- C:\Windows\System\rzBdOIS.exe
  C:\Windows\System\rzBdOIS.exe
  2⤵
  PID:6152
- C:\Windows\System\YuSSBpo.exe
  C:\Windows\System\YuSSBpo.exe
  2⤵
  PID:6216
- C:\Windows\System\UJAgmxM.exe
  C:\Windows\System\UJAgmxM.exe
  2⤵
  PID:6252
- C:\Windows\System\SnbLWUm.exe
  C:\Windows\System\SnbLWUm.exe
  2⤵
  PID:6316
- C:\Windows\System\BqrJbBt.exe
  C:\Windows\System\BqrJbBt.exe
  2⤵
  PID:6380
- C:\Windows\System\HazUTPY.exe
  C:\Windows\System\HazUTPY.exe
  2⤵
  PID:6480
- C:\Windows\System\rAoVQwR.exe
  C:\Windows\System\rAoVQwR.exe
  2⤵
  PID:6268
- C:\Windows\System\wJVitUx.exe
  C:\Windows\System\wJVitUx.exe
  2⤵
  PID:6332
- C:\Windows\System\BbGqhXL.exe
  C:\Windows\System\BbGqhXL.exe
  2⤵
  PID:6400
- C:\Windows\System\ELoQWsm.exe
  C:\Windows\System\ELoQWsm.exe
  2⤵
  PID:6432
- C:\Windows\System\nYEgxHI.exe
  C:\Windows\System\nYEgxHI.exe
  2⤵
  PID:6496
- C:\Windows\System\ZNIWTch.exe
  C:\Windows\System\ZNIWTch.exe
  2⤵
  PID:6512
- C:\Windows\System\FZmqLNL.exe
  C:\Windows\System\FZmqLNL.exe
  2⤵
  PID:6588
- C:\Windows\System\VGscekH.exe
  C:\Windows\System\VGscekH.exe
  2⤵
  PID:6640
- C:\Windows\System\iNmmKSa.exe
  C:\Windows\System\iNmmKSa.exe
  2⤵
  PID:6672
- C:\Windows\System\PlzDGwd.exe
  C:\Windows\System\PlzDGwd.exe
  2⤵
  PID:6708
- C:\Windows\System\TyMkYEr.exe
  C:\Windows\System\TyMkYEr.exe
  2⤵
  PID:6768
- C:\Windows\System\xIDyOoK.exe
  C:\Windows\System\xIDyOoK.exe
  2⤵
  PID:6800
- C:\Windows\System\PaTObhA.exe
  C:\Windows\System\PaTObhA.exe
  2⤵
  PID:6624
- C:\Windows\System\aeQMCLH.exe
  C:\Windows\System\aeQMCLH.exe
  2⤵
  PID:6688
- C:\Windows\System\UpVYaSt.exe
  C:\Windows\System\UpVYaSt.exe
  2⤵
  PID:6752
- C:\Windows\System\mEVHhBr.exe
  C:\Windows\System\mEVHhBr.exe
  2⤵
  PID:2708
- C:\Windows\System\QMKBKPI.exe
  C:\Windows\System\QMKBKPI.exe
  2⤵
  PID:404
- C:\Windows\System\iDOSxXb.exe
  C:\Windows\System\iDOSxXb.exe
  2⤵
  PID:7028
- C:\Windows\System\rWRVJtv.exe
  C:\Windows\System\rWRVJtv.exe
  2⤵
  PID:7056
- C:\Windows\System\SBQZorx.exe
  C:\Windows\System\SBQZorx.exe
  2⤵
  PID:7060
- C:\Windows\System\pQxJIhf.exe
  C:\Windows\System\pQxJIhf.exe
  2⤵
  PID:6916
- C:\Windows\System\XoViYJi.exe
  C:\Windows\System\XoViYJi.exe
  2⤵
  PID:6820
- C:\Windows\System\JrheiMV.exe
  C:\Windows\System\JrheiMV.exe
  2⤵
  PID:7120
- C:\Windows\System\jxhQcnI.exe
  C:\Windows\System\jxhQcnI.exe
  2⤵
  PID:6944
- C:\Windows\System\tcCcnpt.exe
  C:\Windows\System\tcCcnpt.exe
  2⤵
  PID:6852
- C:\Windows\System\vWHXFNL.exe
  C:\Windows\System\vWHXFNL.exe
  2⤵
  PID:7124
- C:\Windows\System\zaMcPts.exe
  C:\Windows\System\zaMcPts.exe
  2⤵
  PID:1032
- C:\Windows\System\BVNrlkL.exe
  C:\Windows\System\BVNrlkL.exe
  2⤵
  PID:1508
- C:\Windows\System\MydcqKb.exe
  C:\Windows\System\MydcqKb.exe
  2⤵
  PID:684
- C:\Windows\System\dARulfH.exe
  C:\Windows\System\dARulfH.exe
  2⤵
  PID:2248
- C:\Windows\System\qGWzURl.exe
  C:\Windows\System\qGWzURl.exe
  2⤵
  PID:6204
- C:\Windows\System\VicOImk.exe
  C:\Windows\System\VicOImk.exe
  2⤵
  PID:5292
- C:\Windows\System\TALnsFk.exe
  C:\Windows\System\TALnsFk.exe
  2⤵
  PID:6348
- C:\Windows\System\BOHcRwP.exe
  C:\Windows\System\BOHcRwP.exe
  2⤵
  PID:6232
- C:\Windows\System\cpzSckn.exe
  C:\Windows\System\cpzSckn.exe
  2⤵
  PID:6172
- C:\Windows\System\JrszSJS.exe
  C:\Windows\System\JrszSJS.exe
  2⤵
  PID:6300
- C:\Windows\System\LJgfvWN.exe
  C:\Windows\System\LJgfvWN.exe
  2⤵
  PID:6464
- C:\Windows\System\NEIayyV.exe
  C:\Windows\System\NEIayyV.exe
  2⤵
  PID:6448
- C:\Windows\System\vAlbuft.exe
  C:\Windows\System\vAlbuft.exe
  2⤵
  PID:2456
- C:\Windows\System\rWZIASB.exe
  C:\Windows\System\rWZIASB.exe
  2⤵
  PID:2668
- C:\Windows\System\OHJbmfe.exe
  C:\Windows\System\OHJbmfe.exe
  2⤵
  PID:6676
- C:\Windows\System\loCOJLo.exe
  C:\Windows\System\loCOJLo.exe
  2⤵
  PID:6528
- C:\Windows\System\gJhsRgY.exe
  C:\Windows\System\gJhsRgY.exe
  2⤵
  PID:6012
- C:\Windows\System\KmJKqbA.exe
  C:\Windows\System\KmJKqbA.exe
  2⤵
  PID:6832
- C:\Windows\System\mJjmlOX.exe
  C:\Windows\System\mJjmlOX.exe
  2⤵
  PID:6932
- C:\Windows\System\inRPWjA.exe
  C:\Windows\System\inRPWjA.exe
  2⤵
  PID:6996
- C:\Windows\System\eqgdcqG.exe
  C:\Windows\System\eqgdcqG.exe
  2⤵
  PID:6912
- C:\Windows\System\rsgkBuu.exe
  C:\Windows\System\rsgkBuu.exe
  2⤵
  PID:6816
- C:\Windows\System\RdbZSsS.exe
  C:\Windows\System\RdbZSsS.exe
  2⤵
  PID:7104
- C:\Windows\System\QOepgsy.exe
  C:\Windows\System\QOepgsy.exe
  2⤵
  PID:5996
- C:\Windows\System\oreYdHr.exe
  C:\Windows\System\oreYdHr.exe
  2⤵
  PID:6248
- C:\Windows\System\claxsKk.exe
  C:\Windows\System\claxsKk.exe
  2⤵
  PID:2576
- C:\Windows\System\HwHywZb.exe
  C:\Windows\System\HwHywZb.exe
  2⤵
  PID:7136
- C:\Windows\System\zLWSuJU.exe
  C:\Windows\System\zLWSuJU.exe
  2⤵
  PID:2880
- C:\Windows\System\ykakICS.exe
  C:\Windows\System\ykakICS.exe
  2⤵
  PID:6492
- C:\Windows\System\aELiDPh.exe
  C:\Windows\System\aELiDPh.exe
  2⤵
  PID:3008
- C:\Windows\System\szEUABR.exe
  C:\Windows\System\szEUABR.exe
  2⤵
  PID:6476
- C:\Windows\System\DvrWIXL.exe
  C:\Windows\System\DvrWIXL.exe
  2⤵
  PID:6772
- C:\Windows\System\qDVrNhi.exe
  C:\Windows\System\qDVrNhi.exe
  2⤵
  PID:6960
- C:\Windows\System\KvnEzaX.exe
  C:\Windows\System\KvnEzaX.exe
  2⤵
  PID:6884
- C:\Windows\System\JvWgayd.exe
  C:\Windows\System\JvWgayd.exe
  2⤵
  PID:6896
- C:\Windows\System\BNulCyV.exe
  C:\Windows\System\BNulCyV.exe
  2⤵
  PID:7184
- C:\Windows\System\ZZDaydU.exe
  C:\Windows\System\ZZDaydU.exe
  2⤵
  PID:7200
- C:\Windows\System\NdxouKi.exe
  C:\Windows\System\NdxouKi.exe
  2⤵
  PID:7216
- C:\Windows\System\EatYzWg.exe
  C:\Windows\System\EatYzWg.exe
  2⤵
  PID:7236
- C:\Windows\System\wJgRBwH.exe
  C:\Windows\System\wJgRBwH.exe
  2⤵
  PID:7252
- C:\Windows\System\zyUBOxx.exe
  C:\Windows\System\zyUBOxx.exe
  2⤵
  PID:7268
- C:\Windows\System\CleqzhP.exe
  C:\Windows\System\CleqzhP.exe
  2⤵
  PID:7284
- C:\Windows\System\EbfBorb.exe
  C:\Windows\System\EbfBorb.exe
  2⤵
  PID:7300
- C:\Windows\System\WUsQhtW.exe
  C:\Windows\System\WUsQhtW.exe
  2⤵
  PID:7316
- C:\Windows\System\YAJKfjz.exe
  C:\Windows\System\YAJKfjz.exe
  2⤵
  PID:7332
- C:\Windows\System\zRKoDza.exe
  C:\Windows\System\zRKoDza.exe
  2⤵
  PID:7348
- C:\Windows\System\jneQwqK.exe
  C:\Windows\System\jneQwqK.exe
  2⤵
  PID:7364
- C:\Windows\System\fwbqZlL.exe
  C:\Windows\System\fwbqZlL.exe
  2⤵
  PID:7384
- C:\Windows\System\DFqROsb.exe
  C:\Windows\System\DFqROsb.exe
  2⤵
  PID:7400
- C:\Windows\System\ugekGYe.exe
  C:\Windows\System\ugekGYe.exe
  2⤵
  PID:7416
- C:\Windows\System\FykNOQC.exe
  C:\Windows\System\FykNOQC.exe
  2⤵
  PID:7432
- C:\Windows\System\mYCgqRA.exe
  C:\Windows\System\mYCgqRA.exe
  2⤵
  PID:7448
- C:\Windows\System\lBnSQPk.exe
  C:\Windows\System\lBnSQPk.exe
  2⤵
  PID:7464
- C:\Windows\System\WarsVOT.exe
  C:\Windows\System\WarsVOT.exe
  2⤵
  PID:7480
- C:\Windows\System\cUxrHvb.exe
  C:\Windows\System\cUxrHvb.exe
  2⤵
  PID:7496
- C:\Windows\System\BexuSnh.exe
  C:\Windows\System\BexuSnh.exe
  2⤵
  PID:7512
- C:\Windows\System\bFbqeXP.exe
  C:\Windows\System\bFbqeXP.exe
  2⤵
  PID:7532
- C:\Windows\System\jMaijCd.exe
  C:\Windows\System\jMaijCd.exe
  2⤵
  PID:7552
- C:\Windows\System\JbWQNiq.exe
  C:\Windows\System\JbWQNiq.exe
  2⤵
  PID:7568
- C:\Windows\System\SAtWyMP.exe
  C:\Windows\System\SAtWyMP.exe
  2⤵
  PID:7588
- C:\Windows\System\kPbtZHi.exe
  C:\Windows\System\kPbtZHi.exe
  2⤵
  PID:7604
- C:\Windows\System\BVrmEYF.exe
  C:\Windows\System\BVrmEYF.exe
  2⤵
  PID:7620
- C:\Windows\System\JjicJWs.exe
  C:\Windows\System\JjicJWs.exe
  2⤵
  PID:7636
- C:\Windows\System\XSJYXrl.exe
  C:\Windows\System\XSJYXrl.exe
  2⤵
  PID:7652
- C:\Windows\System\ROXIRHE.exe
  C:\Windows\System\ROXIRHE.exe
  2⤵
  PID:7668
- C:\Windows\System\cAwCElx.exe
  C:\Windows\System\cAwCElx.exe
  2⤵
  PID:7684
- C:\Windows\System\ZKzArRN.exe
  C:\Windows\System\ZKzArRN.exe
  2⤵
  PID:7700
- C:\Windows\System\BsFJXgY.exe
  C:\Windows\System\BsFJXgY.exe
  2⤵
  PID:7716
- C:\Windows\System\AVBdOSj.exe
  C:\Windows\System\AVBdOSj.exe
  2⤵
  PID:7732
- C:\Windows\System\EYokhpV.exe
  C:\Windows\System\EYokhpV.exe
  2⤵
  PID:7748
- C:\Windows\System\xoFexWG.exe
  C:\Windows\System\xoFexWG.exe
  2⤵
  PID:7764
- C:\Windows\System\UiBHBqK.exe
  C:\Windows\System\UiBHBqK.exe
  2⤵
  PID:7780
- C:\Windows\System\OyKyzFA.exe
  C:\Windows\System\OyKyzFA.exe
  2⤵
  PID:7796
- C:\Windows\System\judYHbr.exe
  C:\Windows\System\judYHbr.exe
  2⤵
  PID:7812
- C:\Windows\System\tDJzgqT.exe
  C:\Windows\System\tDJzgqT.exe
  2⤵
  PID:7828
- C:\Windows\System\FDvrnYq.exe
  C:\Windows\System\FDvrnYq.exe
  2⤵
  PID:7844
- C:\Windows\System\oUIXPHN.exe
  C:\Windows\System\oUIXPHN.exe
  2⤵
  PID:7860
- C:\Windows\System\kWEQKDu.exe
  C:\Windows\System\kWEQKDu.exe
  2⤵
  PID:7876
- C:\Windows\System\KKoMgka.exe
  C:\Windows\System\KKoMgka.exe
  2⤵
  PID:7892
- C:\Windows\System\nLUTDkw.exe
  C:\Windows\System\nLUTDkw.exe
  2⤵
  PID:7908
- C:\Windows\System\OdzwOpZ.exe
  C:\Windows\System\OdzwOpZ.exe
  2⤵
  PID:7924
- C:\Windows\System\YfpBnjq.exe
  C:\Windows\System\YfpBnjq.exe
  2⤵
  PID:7940
- C:\Windows\System\TOwVdzi.exe
  C:\Windows\System\TOwVdzi.exe
  2⤵
  PID:7956
- C:\Windows\System\TjcAklT.exe
  C:\Windows\System\TjcAklT.exe
  2⤵
  PID:7972
- C:\Windows\System\UqFJEnR.exe
  C:\Windows\System\UqFJEnR.exe
  2⤵
  PID:7988
- C:\Windows\System\FmkGPYq.exe
  C:\Windows\System\FmkGPYq.exe
  2⤵
  PID:8004
- C:\Windows\System\KEHooIP.exe
  C:\Windows\System\KEHooIP.exe
  2⤵
  PID:8020
- C:\Windows\System\GeWAtiF.exe
  C:\Windows\System\GeWAtiF.exe
  2⤵
  PID:8036
- C:\Windows\System\UpBCoBK.exe
  C:\Windows\System\UpBCoBK.exe
  2⤵
  PID:8052
- C:\Windows\System\vIHoGyY.exe
  C:\Windows\System\vIHoGyY.exe
  2⤵
  PID:8068
- C:\Windows\System\GOODIzN.exe
  C:\Windows\System\GOODIzN.exe
  2⤵
  PID:8084
- C:\Windows\System\ZrqqYdJ.exe
  C:\Windows\System\ZrqqYdJ.exe
  2⤵
  PID:8100
- C:\Windows\System\pSAWXos.exe
  C:\Windows\System\pSAWXos.exe
  2⤵
  PID:8116
- C:\Windows\System\gZItwqj.exe
  C:\Windows\System\gZItwqj.exe
  2⤵
  PID:8132
- C:\Windows\System\OncXmkI.exe
  C:\Windows\System\OncXmkI.exe
  2⤵
  PID:8148
- C:\Windows\System\MiOpolQ.exe
  C:\Windows\System\MiOpolQ.exe
  2⤵
  PID:8164
- C:\Windows\System\SkzmjPx.exe
  C:\Windows\System\SkzmjPx.exe
  2⤵
  PID:8184
- C:\Windows\System\pwnAATb.exe
  C:\Windows\System\pwnAATb.exe
  2⤵
  PID:5740
- C:\Windows\System\ePULYnk.exe
  C:\Windows\System\ePULYnk.exe
  2⤵
  PID:2764
- C:\Windows\System\dTzeyOM.exe
  C:\Windows\System\dTzeyOM.exe
  2⤵
  PID:7076
- C:\Windows\System\FkYZimu.exe
  C:\Windows\System\FkYZimu.exe
  2⤵
  PID:7008
- C:\Windows\System\zDvFqsG.exe
  C:\Windows\System\zDvFqsG.exe
  2⤵
  PID:7092
- C:\Windows\System\OlshZKQ.exe
  C:\Windows\System\OlshZKQ.exe
  2⤵
  PID:6572
- C:\Windows\System\vzPgGIQ.exe
  C:\Windows\System\vzPgGIQ.exe
  2⤵
  PID:6788
- C:\Windows\System\OOgCDBk.exe
  C:\Windows\System\OOgCDBk.exe
  2⤵
  PID:7224
- C:\Windows\System\uEByUxQ.exe
  C:\Windows\System\uEByUxQ.exe
  2⤵
  PID:1140
- C:\Windows\System\UpancEU.exe
  C:\Windows\System\UpancEU.exe
  2⤵
  PID:7296
- C:\Windows\System\YLqoWoA.exe
  C:\Windows\System\YLqoWoA.exe
  2⤵
  PID:7264
- C:\Windows\System\xtRhcNw.exe
  C:\Windows\System\xtRhcNw.exe
  2⤵
  PID:7312
- C:\Windows\System\XpVzVbs.exe
  C:\Windows\System\XpVzVbs.exe
  2⤵
  PID:7248
- C:\Windows\System\pGEvlZC.exe
  C:\Windows\System\pGEvlZC.exe
  2⤵
  PID:7372
- C:\Windows\System\FprRCjq.exe
  C:\Windows\System\FprRCjq.exe
  2⤵
  PID:7232
- C:\Windows\System\nYbVXGQ.exe
  C:\Windows\System\nYbVXGQ.exe
  2⤵
  PID:7392
- C:\Windows\System\ovfXoLy.exe
  C:\Windows\System\ovfXoLy.exe
  2⤵
  PID:7492
- C:\Windows\System\acNvfUb.exe
  C:\Windows\System\acNvfUb.exe
  2⤵
  PID:7564
- C:\Windows\System\vjeyCex.exe
  C:\Windows\System\vjeyCex.exe
  2⤵
  PID:7632
- C:\Windows\System\ooKEatv.exe
  C:\Windows\System\ooKEatv.exe
  2⤵
  PID:7664
- C:\Windows\System\pTVYhgm.exe
  C:\Windows\System\pTVYhgm.exe
  2⤵
  PID:7788
- C:\Windows\System\mZRXqez.exe
  C:\Windows\System\mZRXqez.exe
  2⤵
  PID:7852
- C:\Windows\System\mEBVYLV.exe
  C:\Windows\System\mEBVYLV.exe
  2⤵
  PID:7916
- C:\Windows\System\bpTMqgI.exe
  C:\Windows\System\bpTMqgI.exe
  2⤵
  PID:7980
- C:\Windows\System\BRqUoDV.exe
  C:\Windows\System\BRqUoDV.exe
  2⤵
  PID:8044
- C:\Windows\System\xZzrswo.exe
  C:\Windows\System\xZzrswo.exe
  2⤵
  PID:7612
- C:\Windows\System\LFQpoVE.exe
  C:\Windows\System\LFQpoVE.exe
  2⤵
  PID:7740
- C:\Windows\System\XXWjOsN.exe
  C:\Windows\System\XXWjOsN.exe
  2⤵
  PID:7808
- C:\Windows\System\avUVGud.exe
  C:\Windows\System\avUVGud.exe
  2⤵
  PID:7900
- C:\Windows\System\VIBmXDe.exe
  C:\Windows\System\VIBmXDe.exe
  2⤵
  PID:7968
- C:\Windows\System\CYPNhip.exe
  C:\Windows\System\CYPNhip.exe
  2⤵
  PID:8032
- C:\Windows\System\HnhabWz.exe
  C:\Windows\System\HnhabWz.exe
  2⤵
  PID:7440
- C:\Windows\System\zgUyGAP.exe
  C:\Windows\System\zgUyGAP.exe
  2⤵
  PID:7508
- C:\Windows\System\NnxHtRJ.exe
  C:\Windows\System\NnxHtRJ.exe
  2⤵
  PID:7872
- C:\Windows\System\NpfGAUl.exe
  C:\Windows\System\NpfGAUl.exe
  2⤵
  PID:7584
- C:\Windows\System\huACgDY.exe
  C:\Windows\System\huACgDY.exe
  2⤵
  PID:7904
- C:\Windows\System\caoOUUI.exe
  C:\Windows\System\caoOUUI.exe
  2⤵
  PID:8096
- C:\Windows\System\cBhMoVP.exe
  C:\Windows\System\cBhMoVP.exe
  2⤵
  PID:8124
- C:\Windows\System\LSIVqUc.exe
  C:\Windows\System\LSIVqUc.exe
  2⤵
  PID:8172
- C:\Windows\System\SUoYFVd.exe
  C:\Windows\System\SUoYFVd.exe
  2⤵
  PID:8156
- C:\Windows\System\xprDPpV.exe
  C:\Windows\System\xprDPpV.exe
  2⤵
  PID:1304
- C:\Windows\System\LkmlXbf.exe
  C:\Windows\System\LkmlXbf.exe
  2⤵
  PID:6656
- C:\Windows\System\RvAegZw.exe
  C:\Windows\System\RvAegZw.exe
  2⤵
  PID:7328
- C:\Windows\System\xXTaYHE.exe
  C:\Windows\System\xXTaYHE.exe
  2⤵
  PID:7012
- C:\Windows\System\oASTVho.exe
  C:\Windows\System\oASTVho.exe
  2⤵
  PID:2500
- C:\Windows\System\zdtmUoG.exe
  C:\Windows\System\zdtmUoG.exe
  2⤵
  PID:6048
- C:\Windows\System\zfKEqCv.exe
  C:\Windows\System\zfKEqCv.exe
  2⤵
  PID:7488
- C:\Windows\System\qhzDfEJ.exe
  C:\Windows\System\qhzDfEJ.exe
  2⤵
  PID:7692
- C:\Windows\System\HRrRnZE.exe
  C:\Windows\System\HRrRnZE.exe
  2⤵
  PID:7948
- C:\Windows\System\oidrbZg.exe
  C:\Windows\System\oidrbZg.exe
  2⤵
  PID:7580
- C:\Windows\System\JcpmwBe.exe
  C:\Windows\System\JcpmwBe.exe
  2⤵
  PID:7964
- C:\Windows\System\VsWFVlW.exe
  C:\Windows\System\VsWFVlW.exe
  2⤵
  PID:520
- C:\Windows\System\mmoIeeM.exe
  C:\Windows\System\mmoIeeM.exe
  2⤵
  PID:6428
- C:\Windows\System\YDIpZqJ.exe
  C:\Windows\System\YDIpZqJ.exe
  2⤵
  PID:8012
- C:\Windows\System\nhiskhi.exe
  C:\Windows\System\nhiskhi.exe
  2⤵
  PID:7600
- C:\Windows\System\BfZVBRR.exe
  C:\Windows\System\BfZVBRR.exe
  2⤵
  PID:7444
- C:\Windows\System\MZOVjlU.exe
  C:\Windows\System\MZOVjlU.exe
  2⤵
  PID:7840
- C:\Windows\System\nkhwFNK.exe
  C:\Windows\System\nkhwFNK.exe
  2⤵
  PID:7548
- C:\Windows\System\UIEXici.exe
  C:\Windows\System\UIEXici.exe
  2⤵
  PID:8112
- C:\Windows\System\aqTwkCU.exe
  C:\Windows\System\aqTwkCU.exe
  2⤵
  PID:8140
- C:\Windows\System\RBizmCj.exe
  C:\Windows\System\RBizmCj.exe
  2⤵
  PID:7212
- C:\Windows\System\ZUtbcmj.exe
  C:\Windows\System\ZUtbcmj.exe
  2⤵
  PID:6312
- C:\Windows\System\AEqHpZn.exe
  C:\Windows\System\AEqHpZn.exe
  2⤵
  PID:7280
- C:\Windows\System\AVYaBQp.exe
  C:\Windows\System\AVYaBQp.exe
  2⤵
  PID:7196
- C:\Windows\System\Vjkdcln.exe
  C:\Windows\System\Vjkdcln.exe
  2⤵
  PID:7340
- C:\Windows\System\JWaCWBV.exe
  C:\Windows\System\JWaCWBV.exe
  2⤵
  PID:7412
- C:\Windows\System\avhYEBs.exe
  C:\Windows\System\avhYEBs.exe
  2⤵
  PID:7644
- C:\Windows\System\cYIdMPN.exe
  C:\Windows\System\cYIdMPN.exe
  2⤵
  PID:7156
- C:\Windows\System\jwqsfop.exe
  C:\Windows\System\jwqsfop.exe
  2⤵
  PID:7576
- C:\Windows\System\GJNTCIM.exe
  C:\Windows\System\GJNTCIM.exe
  2⤵
  PID:8064
- C:\Windows\System\FjVyggL.exe
  C:\Windows\System\FjVyggL.exe
  2⤵
  PID:8208
- C:\Windows\System\umadmML.exe
  C:\Windows\System\umadmML.exe
  2⤵
  PID:8224
- C:\Windows\System\zkznIHt.exe
  C:\Windows\System\zkznIHt.exe
  2⤵
  PID:8248
- C:\Windows\System\PRFHCVX.exe
  C:\Windows\System\PRFHCVX.exe
  2⤵
  PID:8264
- C:\Windows\System\EfGpuDy.exe
  C:\Windows\System\EfGpuDy.exe
  2⤵
  PID:8280
- C:\Windows\System\GuYIHrw.exe
  C:\Windows\System\GuYIHrw.exe
  2⤵
  PID:8296
- C:\Windows\System\nFbqpHw.exe
  C:\Windows\System\nFbqpHw.exe
  2⤵
  PID:8312
- C:\Windows\System\QugIhCS.exe
  C:\Windows\System\QugIhCS.exe
  2⤵
  PID:8328
- C:\Windows\System\QJPYzOH.exe
  C:\Windows\System\QJPYzOH.exe
  2⤵
  PID:8344
- C:\Windows\System\RRyiPzt.exe
  C:\Windows\System\RRyiPzt.exe
  2⤵
  PID:8360
- C:\Windows\System\IAjoidi.exe
  C:\Windows\System\IAjoidi.exe
  2⤵
  PID:8376
- C:\Windows\System\iQmxFMx.exe
  C:\Windows\System\iQmxFMx.exe
  2⤵
  PID:8392
- C:\Windows\System\VTsNUmi.exe
  C:\Windows\System\VTsNUmi.exe
  2⤵
  PID:8408
- C:\Windows\System\LWJBOUT.exe
  C:\Windows\System\LWJBOUT.exe
  2⤵
  PID:8424
- C:\Windows\System\LiPsGGP.exe
  C:\Windows\System\LiPsGGP.exe
  2⤵
  PID:8440
- C:\Windows\System\kjUlxba.exe
  C:\Windows\System\kjUlxba.exe
  2⤵
  PID:8456
- C:\Windows\System\fQBsnYI.exe
  C:\Windows\System\fQBsnYI.exe
  2⤵
  PID:8472
- C:\Windows\System\JqQUqLR.exe
  C:\Windows\System\JqQUqLR.exe
  2⤵
  PID:8488
- C:\Windows\System\ANFYFDF.exe
  C:\Windows\System\ANFYFDF.exe
  2⤵
  PID:8504
- C:\Windows\System\sKgaDXo.exe
  C:\Windows\System\sKgaDXo.exe
  2⤵
  PID:8520
- C:\Windows\System\dilsZpF.exe
  C:\Windows\System\dilsZpF.exe
  2⤵
  PID:8536
- C:\Windows\System\wgUxrsC.exe
  C:\Windows\System\wgUxrsC.exe
  2⤵
  PID:8552
- C:\Windows\System\ngSLJsy.exe
  C:\Windows\System\ngSLJsy.exe
  2⤵
  PID:8568
- C:\Windows\System\GlpOwpl.exe
  C:\Windows\System\GlpOwpl.exe
  2⤵
  PID:8584
- C:\Windows\System\AllBtZW.exe
  C:\Windows\System\AllBtZW.exe
  2⤵
  PID:8600
- C:\Windows\System\MFwqYJH.exe
  C:\Windows\System\MFwqYJH.exe
  2⤵
  PID:8616
- C:\Windows\System\sRnBMGh.exe
  C:\Windows\System\sRnBMGh.exe
  2⤵
  PID:8632
- C:\Windows\System\IYrqUpD.exe
  C:\Windows\System\IYrqUpD.exe
  2⤵
  PID:8648
- C:\Windows\System\rfbVcyz.exe
  C:\Windows\System\rfbVcyz.exe
  2⤵
  PID:8664
- C:\Windows\System\OCmQAEv.exe
  C:\Windows\System\OCmQAEv.exe
  2⤵
  PID:8684
- C:\Windows\System\iucUvsJ.exe
  C:\Windows\System\iucUvsJ.exe
  2⤵
  PID:8700
- C:\Windows\System\UHMXrzV.exe
  C:\Windows\System\UHMXrzV.exe
  2⤵
  PID:8716
- C:\Windows\System\QkXvxXo.exe
  C:\Windows\System\QkXvxXo.exe
  2⤵
  PID:8732
- C:\Windows\System\nXvXuXy.exe
  C:\Windows\System\nXvXuXy.exe
  2⤵
  PID:8748
- C:\Windows\System\hVAvvAi.exe
  C:\Windows\System\hVAvvAi.exe
  2⤵
  PID:8764
- C:\Windows\System\QnfMTpd.exe
  C:\Windows\System\QnfMTpd.exe
  2⤵
  PID:8780
- C:\Windows\System\bTAaMZu.exe
  C:\Windows\System\bTAaMZu.exe
  2⤵
  PID:8796
- C:\Windows\System\tUHlnoo.exe
  C:\Windows\System\tUHlnoo.exe
  2⤵
  PID:8812
- C:\Windows\System\YklaZAV.exe
  C:\Windows\System\YklaZAV.exe
  2⤵
  PID:8828
- C:\Windows\System\stkqcKq.exe
  C:\Windows\System\stkqcKq.exe
  2⤵
  PID:8844
- C:\Windows\System\jnAMKdD.exe
  C:\Windows\System\jnAMKdD.exe
  2⤵
  PID:8860
- C:\Windows\System\qptTnXq.exe
  C:\Windows\System\qptTnXq.exe
  2⤵
  PID:8876
- C:\Windows\System\ncTmeWu.exe
  C:\Windows\System\ncTmeWu.exe
  2⤵
  PID:8892
- C:\Windows\System\gcCpFEc.exe
  C:\Windows\System\gcCpFEc.exe
  2⤵
  PID:8908
- C:\Windows\System\YacDwoh.exe
  C:\Windows\System\YacDwoh.exe
  2⤵
  PID:8924
- C:\Windows\System\NxOYHcZ.exe
  C:\Windows\System\NxOYHcZ.exe
  2⤵
  PID:8940
- C:\Windows\System\iFxOOJb.exe
  C:\Windows\System\iFxOOJb.exe
  2⤵
  PID:8956
- C:\Windows\System\zjsbGOH.exe
  C:\Windows\System\zjsbGOH.exe
  2⤵
  PID:8972
- C:\Windows\System\jLCPcgK.exe
  C:\Windows\System\jLCPcgK.exe
  2⤵
  PID:8988
- C:\Windows\System\HyYCSoc.exe
  C:\Windows\System\HyYCSoc.exe
  2⤵
  PID:9004
- C:\Windows\System\SGDojih.exe
  C:\Windows\System\SGDojih.exe
  2⤵
  PID:9020
- C:\Windows\System\zwgRzsl.exe
  C:\Windows\System\zwgRzsl.exe
  2⤵
  PID:9036
- C:\Windows\System\BSceWRY.exe
  C:\Windows\System\BSceWRY.exe
  2⤵
  PID:9052
- C:\Windows\System\zxpCvtf.exe
  C:\Windows\System\zxpCvtf.exe
  2⤵
  PID:9068
- C:\Windows\System\RrLQdnh.exe
  C:\Windows\System\RrLQdnh.exe
  2⤵
  PID:9084
- C:\Windows\System\xtdeoOm.exe
  C:\Windows\System\xtdeoOm.exe
  2⤵
  PID:9100
- C:\Windows\System\IkTdUYQ.exe
  C:\Windows\System\IkTdUYQ.exe
  2⤵
  PID:9116
- C:\Windows\System\ebmNRgx.exe
  C:\Windows\System\ebmNRgx.exe
  2⤵
  PID:9132
- C:\Windows\System\qeENLXA.exe
  C:\Windows\System\qeENLXA.exe
  2⤵
  PID:9148
- C:\Windows\System\QEoJisY.exe
  C:\Windows\System\QEoJisY.exe
  2⤵
  PID:9164
- C:\Windows\System\suGXuTL.exe
  C:\Windows\System\suGXuTL.exe
  2⤵
  PID:9180
- C:\Windows\System\eEhYWJj.exe
  C:\Windows\System\eEhYWJj.exe
  2⤵
  PID:9196
- C:\Windows\System\bMswFEl.exe
  C:\Windows\System\bMswFEl.exe
  2⤵
  PID:9212
- C:\Windows\System\GVkHKKP.exe
  C:\Windows\System\GVkHKKP.exe
  2⤵
  PID:8180
- C:\Windows\System\CScQTts.exe
  C:\Windows\System\CScQTts.exe
  2⤵
  PID:7804
- C:\Windows\System\IXqFVCG.exe
  C:\Windows\System\IXqFVCG.exe
  2⤵
  PID:7460
- C:\Windows\System\ZkraIAP.exe
  C:\Windows\System\ZkraIAP.exe
  2⤵
  PID:8092
- C:\Windows\System\hwcQEfw.exe
  C:\Windows\System\hwcQEfw.exe
  2⤵
  PID:7292
- C:\Windows\System\MMFhdPB.exe
  C:\Windows\System\MMFhdPB.exe
  2⤵
  PID:5332
- C:\Windows\System\JMsXaaS.exe
  C:\Windows\System\JMsXaaS.exe
  2⤵
  PID:8232
- C:\Windows\System\uvypVch.exe
  C:\Windows\System\uvypVch.exe
  2⤵
  PID:8288
- C:\Windows\System\ECSXgmS.exe
  C:\Windows\System\ECSXgmS.exe
  2⤵
  PID:8356
- C:\Windows\System\lwPCRRz.exe
  C:\Windows\System\lwPCRRz.exe
  2⤵
  PID:8416
- C:\Windows\System\oajdWvd.exe
  C:\Windows\System\oajdWvd.exe
  2⤵
  PID:8480
- C:\Windows\System\QlkLXla.exe
  C:\Windows\System\QlkLXla.exe
  2⤵
  PID:8544
- C:\Windows\System\ZcUaXpe.exe
  C:\Windows\System\ZcUaXpe.exe
  2⤵
  PID:8608
- C:\Windows\System\ZHRuVIg.exe
  C:\Windows\System\ZHRuVIg.exe
  2⤵
  PID:8464
- C:\Windows\System\YuHarzZ.exe
  C:\Windows\System\YuHarzZ.exe
  2⤵
  PID:8532
- C:\Windows\System\JUxnUOe.exe
  C:\Windows\System\JUxnUOe.exe
  2⤵
  PID:8672
- C:\Windows\System\YxBYvXW.exe
  C:\Windows\System\YxBYvXW.exe
  2⤵
  PID:8564
- C:\Windows\System\vPhzfpU.exe
  C:\Windows\System\vPhzfpU.exe
  2⤵
  PID:8660
- C:\Windows\System\UbAqoGu.exe
  C:\Windows\System\UbAqoGu.exe
  2⤵
  PID:8740
- C:\Windows\System\lzNSNSa.exe
  C:\Windows\System\lzNSNSa.exe
  2⤵
  PID:8728
- C:\Windows\System\OKtMkON.exe
  C:\Windows\System\OKtMkON.exe
  2⤵
  PID:8776
- C:\Windows\System\AYsupfK.exe
  C:\Windows\System\AYsupfK.exe
  2⤵
  PID:8756
- C:\Windows\System\ocrDuWm.exe
  C:\Windows\System\ocrDuWm.exe
  2⤵
  PID:8824
- C:\Windows\System\vjbAAvd.exe
  C:\Windows\System\vjbAAvd.exe
  2⤵
  PID:8856
- C:\Windows\System\xWwbsbJ.exe
  C:\Windows\System\xWwbsbJ.exe
  2⤵
  PID:7520
- C:\Windows\System\dkDZiKK.exe
  C:\Windows\System\dkDZiKK.exe
  2⤵
  PID:8920
- C:\Windows\System\hnBzcyb.exe
  C:\Windows\System\hnBzcyb.exe
  2⤵
  PID:8964
- C:\Windows\System\lysdEbX.exe
  C:\Windows\System\lysdEbX.exe
  2⤵
  PID:9156
- C:\Windows\System\GnuAwOc.exe
  C:\Windows\System\GnuAwOc.exe
  2⤵
  PID:8220
- C:\Windows\System\WRJqHXk.exe
  C:\Windows\System\WRJqHXk.exe
  2⤵
  PID:7824
- C:\Windows\System\JlxUhKc.exe
  C:\Windows\System\JlxUhKc.exe
  2⤵
  PID:8320
- C:\Windows\System\XBlpcQd.exe
  C:\Windows\System\XBlpcQd.exe
  2⤵
  PID:9076
- C:\Windows\System\tVsvMoz.exe
  C:\Windows\System\tVsvMoz.exe
  2⤵
  PID:9140
- C:\Windows\System\VAKpFrm.exe
  C:\Windows\System\VAKpFrm.exe
  2⤵
  PID:9204
- C:\Windows\System\NuEkiIX.exe
  C:\Windows\System\NuEkiIX.exe
  2⤵
  PID:8256
- C:\Windows\System\FRTBWDv.exe
  C:\Windows\System\FRTBWDv.exe
  2⤵
  PID:7756
- C:\Windows\System\nawuoLF.exe
  C:\Windows\System\nawuoLF.exe
  2⤵
  PID:8388
- C:\Windows\System\PcZYWbx.exe
  C:\Windows\System\PcZYWbx.exe
  2⤵
  PID:8644
- C:\Windows\System\xIjrPiX.exe
  C:\Windows\System\xIjrPiX.exe
  2⤵
  PID:8500
- C:\Windows\System\iEzoSfU.exe
  C:\Windows\System\iEzoSfU.exe
  2⤵
  PID:8872
- C:\Windows\System\niCvHHS.exe
  C:\Windows\System\niCvHHS.exe
  2⤵
  PID:8792
- C:\Windows\System\ixusfoO.exe
  C:\Windows\System\ixusfoO.exe
  2⤵
  PID:9060
- C:\Windows\System\TyFgicX.exe
  C:\Windows\System\TyFgicX.exe
  2⤵
  PID:8216
- C:\Windows\System\gzBWIll.exe
  C:\Windows\System\gzBWIll.exe
  2⤵
  PID:932
- C:\Windows\System\TVTqIfh.exe
  C:\Windows\System\TVTqIfh.exe
  2⤵
  PID:8496
- C:\Windows\System\QYiQHGZ.exe
  C:\Windows\System\QYiQHGZ.exe
  2⤵
  PID:8272
- C:\Windows\System\pVTmGrn.exe
  C:\Windows\System\pVTmGrn.exe
  2⤵
  PID:8516
- C:\Windows\System\ZWtbjAd.exe
  C:\Windows\System\ZWtbjAd.exe
  2⤵
  PID:8900
- C:\Windows\System\fUSLphN.exe
  C:\Windows\System\fUSLphN.exe
  2⤵
  PID:8884
- C:\Windows\System\nrSJdvr.exe
  C:\Windows\System\nrSJdvr.exe
  2⤵
  PID:8808
- C:\Windows\System\GppUCNr.exe
  C:\Windows\System\GppUCNr.exe
  2⤵
  PID:9032
- C:\Windows\System\dYiAvyd.exe
  C:\Windows\System\dYiAvyd.exe
  2⤵
  PID:8324
- C:\Windows\System\zzLZesC.exe
  C:\Windows\System\zzLZesC.exe
  2⤵
  PID:8712
- C:\Windows\System\uMmKOQp.exe
  C:\Windows\System\uMmKOQp.exe
  2⤵
  PID:8204
- C:\Windows\System\DrQrytj.exe
  C:\Windows\System\DrQrytj.exe
  2⤵
  PID:7504
- C:\Windows\System\EoRyuke.exe
  C:\Windows\System\EoRyuke.exe
  2⤵
  PID:8276
- C:\Windows\System\KTzmcpF.exe
  C:\Windows\System\KTzmcpF.exe
  2⤵
  PID:9000
- C:\Windows\System\SnzLzFX.exe
  C:\Windows\System\SnzLzFX.exe
  2⤵
  PID:8404
- C:\Windows\System\OVOtlbd.exe
  C:\Windows\System\OVOtlbd.exe
  2⤵
  PID:8980
- C:\Windows\System\hBmJFfg.exe
  C:\Windows\System\hBmJFfg.exe
  2⤵
  PID:9192
- C:\Windows\System\GwjzqbR.exe
  C:\Windows\System\GwjzqbR.exe
  2⤵
  PID:8840
- C:\Windows\System\snxRyni.exe
  C:\Windows\System\snxRyni.exe
  2⤵
  PID:8400
- C:\Windows\System\jeqeqAz.exe
  C:\Windows\System\jeqeqAz.exe
  2⤵
  PID:8236
- C:\Windows\System\KmuLkEQ.exe
  C:\Windows\System\KmuLkEQ.exe
  2⤵
  PID:8432
- C:\Windows\System\MtmQRNL.exe
  C:\Windows\System\MtmQRNL.exe
  2⤵
  PID:8696
- C:\Windows\System\KAbtjbj.exe
  C:\Windows\System\KAbtjbj.exe
  2⤵
  PID:8708
- C:\Windows\System\iNdLvyx.exe
  C:\Windows\System\iNdLvyx.exe
  2⤵
  PID:8000
- C:\Windows\System\VJJvaoU.exe
  C:\Windows\System\VJJvaoU.exe
  2⤵
  PID:9172
- C:\Windows\System\CVrMIyE.exe
  C:\Windows\System\CVrMIyE.exe
  2⤵
  PID:9096
- C:\Windows\System\iVpRAnn.exe
  C:\Windows\System\iVpRAnn.exe
  2⤵
  PID:8724
- C:\Windows\System\QlkZLqq.exe
  C:\Windows\System\QlkZLqq.exe
  2⤵
  PID:9468
- C:\Windows\System\cXlTbFd.exe
  C:\Windows\System\cXlTbFd.exe
  2⤵
  PID:9740
- C:\Windows\System\GwDHHsu.exe
  C:\Windows\System\GwDHHsu.exe
  2⤵
  PID:9756
- C:\Windows\System\hqLLBwg.exe
  C:\Windows\System\hqLLBwg.exe
  2⤵
  PID:9772
- C:\Windows\System\MvKVhxu.exe
  C:\Windows\System\MvKVhxu.exe
  2⤵
  PID:9788
- C:\Windows\System\eTrjPvW.exe
  C:\Windows\System\eTrjPvW.exe
  2⤵
  PID:9812
- C:\Windows\System\ISNMPbR.exe
  C:\Windows\System\ISNMPbR.exe
  2⤵
  PID:9832
- C:\Windows\System\BDEpiVt.exe
  C:\Windows\System\BDEpiVt.exe
  2⤵
  PID:9876
- C:\Windows\System\NVCmZGq.exe
  C:\Windows\System\NVCmZGq.exe
  2⤵
  PID:9912
- C:\Windows\System\xNIecxn.exe
  C:\Windows\System\xNIecxn.exe
  2⤵
  PID:10216
- C:\Windows\System\lcgZopW.exe
  C:\Windows\System\lcgZopW.exe
  2⤵
  PID:9736
- C:\Windows\System\OUltBXz.exe
  C:\Windows\System\OUltBXz.exe
  2⤵
  PID:9800
- C:\Windows\System\kFatOif.exe
  C:\Windows\System\kFatOif.exe
  2⤵
  PID:9804
- C:\Windows\System\ShDRsna.exe
  C:\Windows\System\ShDRsna.exe
  2⤵
  PID:9784
- C:\Windows\System\jMOWeKV.exe
  C:\Windows\System\jMOWeKV.exe
  2⤵
  PID:9856
- C:\Windows\System\gSlRQcH.exe
  C:\Windows\System\gSlRQcH.exe
  2⤵
  PID:852
- C:\Windows\System\QfdQSwv.exe
  C:\Windows\System\QfdQSwv.exe
  2⤵
  PID:9888
- C:\Windows\System\ByVNxXv.exe
  C:\Windows\System\ByVNxXv.exe
  2⤵
  PID:9824
- C:\Windows\System\pcNmXHc.exe
  C:\Windows\System\pcNmXHc.exe
  2⤵
  PID:10224
- C:\Windows\System\lyFYsWp.exe
  C:\Windows\System\lyFYsWp.exe
  2⤵
  PID:10000
- C:\Windows\System\fVJqIKf.exe
  C:\Windows\System\fVJqIKf.exe
  2⤵
  PID:10052
- C:\Windows\System\cYbqAWe.exe
  C:\Windows\System\cYbqAWe.exe
  2⤵
  PID:10112
- C:\Windows\System\fBYahIS.exe
  C:\Windows\System\fBYahIS.exe
  2⤵
  PID:10168
- C:\Windows\System\WspQhja.exe
  C:\Windows\System\WspQhja.exe
  2⤵
  PID:9928
- C:\Windows\System\cDgJABr.exe
  C:\Windows\System\cDgJABr.exe
  2⤵
  PID:9944
- C:\Windows\System\HCBmWFy.exe
  C:\Windows\System\HCBmWFy.exe
  2⤵
  PID:9964
- C:\Windows\System\LAGuhHJ.exe
  C:\Windows\System\LAGuhHJ.exe
  2⤵
  PID:9996
- C:\Windows\System\JzRKZvC.exe
  C:\Windows\System\JzRKZvC.exe
  2⤵
  PID:10072
- C:\Windows\System\QyITSbQ.exe
  C:\Windows\System\QyITSbQ.exe
  2⤵
  PID:10176
- C:\Windows\System\fHIVIsl.exe
  C:\Windows\System\fHIVIsl.exe
  2⤵
  PID:10212
- C:\Windows\System\aqdsiis.exe
  C:\Windows\System\aqdsiis.exe
  2⤵
  PID:9780
- C:\Windows\System\bqJIorv.exe
  C:\Windows\System\bqJIorv.exe
  2⤵
  PID:9768
- C:\Windows\System\TbSFIwg.exe
  C:\Windows\System\TbSFIwg.exe
  2⤵
  PID:9308
- C:\Windows\System\kRCmovt.exe
  C:\Windows\System\kRCmovt.exe
  2⤵
  PID:9320
- C:\Windows\System\XHNDZPq.exe
  C:\Windows\System\XHNDZPq.exe
  2⤵
  PID:9352
- C:\Windows\System\kuFjZIu.exe
  C:\Windows\System\kuFjZIu.exe
  2⤵
  PID:9356
- C:\Windows\System\KEjzUrM.exe
  C:\Windows\System\KEjzUrM.exe
  2⤵
  PID:9392
- C:\Windows\System\izqrmTT.exe
  C:\Windows\System\izqrmTT.exe
  2⤵
  PID:9388
- C:\Windows\System\VMlXxjB.exe
  C:\Windows\System\VMlXxjB.exe
  2⤵
  PID:9796
- C:\Windows\System\ZreIByh.exe
  C:\Windows\System\ZreIByh.exe
  2⤵
  PID:9428
- C:\Windows\System\TvkZvPS.exe
  C:\Windows\System\TvkZvPS.exe
  2⤵
  PID:9448
- C:\Windows\System\vamwZVh.exe
  C:\Windows\System\vamwZVh.exe
  2⤵
  PID:9500
- C:\Windows\System\BFCRAHT.exe
  C:\Windows\System\BFCRAHT.exe
  2⤵
  PID:9524
- C:\Windows\System\pemzLsr.exe
  C:\Windows\System\pemzLsr.exe
  2⤵
  PID:9532
- C:\Windows\System\LZcxKBm.exe
  C:\Windows\System\LZcxKBm.exe
  2⤵
  PID:9548
- C:\Windows\System\RiAmxtG.exe
  C:\Windows\System\RiAmxtG.exe
  2⤵
  PID:9564
- C:\Windows\System\SkiwjUM.exe
  C:\Windows\System\SkiwjUM.exe
  2⤵
  PID:9580
- C:\Windows\System\JfisAjy.exe
  C:\Windows\System\JfisAjy.exe
  2⤵
  PID:9596
- C:\Windows\System\SznIaBK.exe
  C:\Windows\System\SznIaBK.exe
  2⤵
  PID:9616
- C:\Windows\System\usfvbCU.exe
  C:\Windows\System\usfvbCU.exe
  2⤵
  PID:9624
- C:\Windows\System\FazjvuY.exe
  C:\Windows\System\FazjvuY.exe
  2⤵
  PID:9644
- C:\Windows\System\EUzxXuo.exe
  C:\Windows\System\EUzxXuo.exe
  2⤵
  PID:9660
- C:\Windows\System\zwxqQQR.exe
  C:\Windows\System\zwxqQQR.exe
  2⤵
  PID:9900
- C:\Windows\System\EJusmmE.exe
  C:\Windows\System\EJusmmE.exe
  2⤵
  PID:9676
- C:\Windows\System\ebRJsMh.exe
  C:\Windows\System\ebRJsMh.exe
  2⤵
  PID:9696
- C:\Windows\System\sILfqye.exe
  C:\Windows\System\sILfqye.exe
  2⤵
  PID:9712
- C:\Windows\System\TvvwnTh.exe
  C:\Windows\System\TvvwnTh.exe
  2⤵
  PID:9728
- C:\Windows\System\EuxeBqU.exe
  C:\Windows\System\EuxeBqU.exe
  2⤵
  PID:10100
- C:\Windows\System\yvhzcAn.exe
  C:\Windows\System\yvhzcAn.exe
  2⤵
  PID:6660
- C:\Windows\System\VteCoOc.exe
  C:\Windows\System\VteCoOc.exe
  2⤵
  PID:9248
- C:\Windows\System\avePoJE.exe
  C:\Windows\System\avePoJE.exe
  2⤵
  PID:9260
- C:\Windows\System\hORqzme.exe
  C:\Windows\System\hORqzme.exe
  2⤵
  PID:9936
- C:\Windows\System\TJGDgBx.exe
  C:\Windows\System\TJGDgBx.exe
  2⤵
  PID:9920
- C:\Windows\System\JDMElpV.exe
  C:\Windows\System\JDMElpV.exe
  2⤵
  PID:8352
- C:\Windows\System\aVTDIrw.exe
  C:\Windows\System\aVTDIrw.exe
  2⤵
  PID:9280
- C:\Windows\System\ZynpybM.exe
  C:\Windows\System\ZynpybM.exe
  2⤵
  PID:9872
- C:\Windows\System\wNdlolu.exe
  C:\Windows\System\wNdlolu.exe
  2⤵
  PID:9976
- C:\Windows\System\ZGrECks.exe
  C:\Windows\System\ZGrECks.exe
  2⤵
  PID:10084
- C:\Windows\System\hdrbOOr.exe
  C:\Windows\System\hdrbOOr.exe
  2⤵
  PID:10044
- C:\Windows\System\shhlipL.exe
  C:\Windows\System\shhlipL.exe
  2⤵
  PID:10116
- C:\Windows\System\OXXcBxG.exe
  C:\Windows\System\OXXcBxG.exe
  2⤵
  PID:10164
- C:\Windows\System\rUoFRZn.exe
  C:\Windows\System\rUoFRZn.exe
  2⤵
  PID:9408
- C:\Windows\System\heNWkTY.exe
  C:\Windows\System\heNWkTY.exe
  2⤵
  PID:9364
- C:\Windows\System\xwzFJaO.exe
  C:\Windows\System\xwzFJaO.exe
  2⤵
  PID:9456
- C:\Windows\System\zLxvwvq.exe
  C:\Windows\System\zLxvwvq.exe
  2⤵
  PID:9404
- C:\Windows\System\ckZbTZI.exe
  C:\Windows\System\ckZbTZI.exe
  2⤵
  PID:9508
- C:\Windows\System\RXvOWmR.exe
  C:\Windows\System\RXvOWmR.exe
  2⤵
  PID:9864
- C:\Windows\System\pbUuGnv.exe
  C:\Windows\System\pbUuGnv.exe
  2⤵
  PID:9840
- C:\Windows\System\PYTwZCT.exe
  C:\Windows\System\PYTwZCT.exe
  2⤵
  PID:9604
- C:\Windows\System\Jloafwh.exe
  C:\Windows\System\Jloafwh.exe
  2⤵
  PID:9896
- C:\Windows\System\KtwFbWD.exe
  C:\Windows\System\KtwFbWD.exe
  2⤵
  PID:9592
- C:\Windows\System\TrDaTzi.exe
  C:\Windows\System\TrDaTzi.exe
  2⤵
  PID:9656
- C:\Windows\System\WLECiWn.exe
  C:\Windows\System\WLECiWn.exe
  2⤵
  PID:984
- C:\Windows\System\cnYQrAN.exe
  C:\Windows\System\cnYQrAN.exe
  2⤵
  PID:9252
- C:\Windows\System\OtjuWBH.exe
  C:\Windows\System\OtjuWBH.exe
  2⤵
  PID:9708
- C:\Windows\System\AacCnQk.exe
  C:\Windows\System\AacCnQk.exe
  2⤵
  PID:10024
- C:\Windows\System\URTMvei.exe
  C:\Windows\System\URTMvei.exe
  2⤵
  PID:10076
- C:\Windows\System\LzjgGhT.exe
  C:\Windows\System\LzjgGhT.exe
  2⤵
  PID:9292
- C:\Windows\System\mvLVnBU.exe
  C:\Windows\System\mvLVnBU.exe
  2⤵
  PID:9288
- C:\Windows\System\rSmSpDe.exe
  C:\Windows\System\rSmSpDe.exe
  2⤵
  PID:9984
- C:\Windows\System\icTxlpL.exe
  C:\Windows\System\icTxlpL.exe
  2⤵
  PID:10028
- C:\Windows\System\ctIvrAU.exe
  C:\Windows\System\ctIvrAU.exe
  2⤵
  PID:9960
- C:\Windows\System\hzSvsJd.exe
  C:\Windows\System\hzSvsJd.exe
  2⤵
  PID:10196
- C:\Windows\System\GUHelDj.exe
  C:\Windows\System\GUHelDj.exe
  2⤵
  PID:9232
- C:\Windows\System\ceidiiY.exe
  C:\Windows\System\ceidiiY.exe
  2⤵
  PID:9312
- C:\Windows\System\IQLRZPm.exe
  C:\Windows\System\IQLRZPm.exe
  2⤵
  PID:9376
- C:\Windows\System\YMuPzfA.exe
  C:\Windows\System\YMuPzfA.exe
  2⤵
  PID:9372
- C:\Windows\System\weRYYLw.exe
  C:\Windows\System\weRYYLw.exe
  2⤵
  PID:9484
- C:\Windows\System\lJbHSey.exe
  C:\Windows\System\lJbHSey.exe
  2⤵
  PID:9452
- C:\Windows\System\ZRjaERR.exe
  C:\Windows\System\ZRjaERR.exe
  2⤵
  PID:9572
- C:\Windows\System\OejgRBl.exe
  C:\Windows\System\OejgRBl.exe
  2⤵
  PID:9692
- C:\Windows\System\hYoxyIy.exe
  C:\Windows\System\hYoxyIy.exe
  2⤵
  PID:9588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ALOSOCG.exe

Filesize
6.0MB

MD5
04b5d96f852043d9b4e5841621f3a02f

SHA1
08900177c5ced1b4a7bc9489d6b484e7a7f728c8

SHA256
8ff1f72f6e35eb21dcb10de487a7fb3c0f6e2855f2587a5261f3dd06ccdbdbe5

SHA512
318a1fcd6ab4fb6a3f68a180376efecc68e9619d5562d8af508af7977bdc86479ad27b62fe628358256534ad868e6da234f496be7d3f493cec59fc3abfaae3ab

Download Submit
C:\Windows\system\AsOnnSC.exe

Filesize
6.0MB

MD5
ec242f62106b068e15324715b31a01fb

SHA1
375bf7f3cbaa4c18788eb192e7fab484251a0c2c

SHA256
5b17a2f933b09db7552dc10a56819acbe2c500e30d3cf9bd5bd03299cd400c7c

SHA512
bf093c55c7809236696305cbc78cd14c39440b16ef4a572905ec3895bcc5d93b2b8ef68f0d68e38f245cccbe350563e4994626dcce9c907e2f2743dd36926395

Download Submit
C:\Windows\system\BZySWNH.exe

Filesize
6.0MB

MD5
f13fd0fe2c6c913c2b028ca53c2b16a3

SHA1
a24d9d74dd14550fabf68215d019abe390fbb9c9

SHA256
e1bdf8feea3ca7262b7e3434aaf2fcd145bc5758d5a3c7b140573f628d985816

SHA512
b716144ee2a72047d5fe3d7a8ee218335f79418b3f58fcd35aa85d400096e738b2b6bb9d2902b0e4065971f2bbfbb022fdd48ddb9885f3115d2819f101bfc792

Download Submit
C:\Windows\system\JyitCVH.exe

Filesize
6.0MB

MD5
fc985bb75f6619c13530665172726505

SHA1
eada65c720c34814fbe6940b43542b760e423571

SHA256
b038ea671c868e92c04c054c6507226c11bfd79a577a1dac432a17b358563bb1

SHA512
e6d4920f622178ec7c8fc8f02a3ee2ebc3026c8327f7978ace0fea2c69c8902f5b14c3dd0765fb86e5994865104506b1bda56b8b5a8dbf37399706fc8942a6f6

Download Submit
C:\Windows\system\KgpwYcl.exe

Filesize
6.0MB

MD5
bf74e904ed2ffbf7f7eec556adb16a8b

SHA1
cae8c53d7607e37a2d7acf6513168aedfd51635d

SHA256
6641b9440bcd678058cd8322bdaf23d22dc3698c948f3f30b4f81d6d83b31463

SHA512
c8a33c3b2bef7554215eccec1bf6f1eaf66ee2a8a84eef43a1c5f9077fb6494e2d4687081a44b3a210a10d131cf9a75e8dd69aa284793d227c404d3d8ff3690c

Download Submit
C:\Windows\system\MuSaiBY.exe

Filesize
6.0MB

MD5
19f969213dcc98dd8514990ef2ce9364

SHA1
4b7d2b6b7575931cb2cfc3f3de34d5e826706ce7

SHA256
351ba833851e8cf8b7fbbaac018e15e6e547bb033fe704f10aa4724ebe66315f

SHA512
31b82963d9cc2c12258c98553316901cf80e8373a214f0e7ae480c48cda71ec75d798673ecdae6a411e9ad329e7614e1e61a2e89756c0dcd582fdae8f5286033

Download Submit
C:\Windows\system\OvHrdtT.exe

Filesize
6.0MB

MD5
bb77c995ed8e7b5fd09fd5ad0ba77664

SHA1
f342bb52b44a5ad66f69449a513368a7ad62e4e1

SHA256
41579dfd848f36629814ac0774eaa773abeae81648c1b8a784984c9beed3c533

SHA512
b748819c47029cc24e6dadd0405f221df4f85f58c8828efb79a72c1a3a4f79f51dc79d788c1cedf5517832d41c7668c70b8b71198244b734f38fec32f42f815b

Download Submit
C:\Windows\system\OvUIvpR.exe

Filesize
6.0MB

MD5
b06dd2c52b5b4411538764a822256c42

SHA1
797cff9d5323afbb5fe34024d1478905c33ee536

SHA256
349178916e68ed2554fd9aec15c0406225d352c614296517f8bb1f940266a574

SHA512
2f9a1492955ace2a1d52d1c27bebdc291be2f3f9aacbc95f56fca870455bada6fb5967679c2ead30e9033eb1be5ae9ccdac3e5f2c513fd8a46ac66bd2f0ffba5

Download Submit
C:\Windows\system\QWDBeHU.exe

Filesize
6.0MB

MD5
5909cdb8a20b8657d500facbe664bc57

SHA1
1508faad29b6ebc781ce2b0fe2061ecd469f3ed6

SHA256
26503be0613831370bae0a458d36d97c2cecfa0ea6c12aaea0874b25c0973419

SHA512
c87c8b20f87a7779e26605337b1dbc091251f33648371391bf6040e962cd7719bd87c83648abd2fb44a7f438bb0fd6c9ef650c169b43d0db496670d2f42d2908

Download Submit
C:\Windows\system\UcIUtGQ.exe

Filesize
6.0MB

MD5
0abba6869848b14b77b00b9b270b13e4

SHA1
674bf94e448dc4c9b959001decb9d80f98e16cc9

SHA256
3551993159816b8a83dcb86b691e6197d1aec5bbf22fc758f0799babd765dcb0

SHA512
df77910dd75748559a07785055e28405747999f118d21040bbe6e94fd839322b2b7ba9e971ecd91170336fe2f0b6395f50ed50f938ed8d5b88cdc041b4d66ab1

Download Submit
C:\Windows\system\WGsRbhk.exe

Filesize
6.0MB

MD5
101612d2a482338d1e31a304cd61159c

SHA1
8af09d50fd72b1e0abe987cf7aba3a6e6f309109

SHA256
05ca2c7d490e39165f9e84dee280d0e9c4cfca79381ef5e4b9904c8b511bf754

SHA512
1cdc7ac07c7aa8166e7c76b85abbafa117a0ce7fd8c8805fb36147fcaa787ab415b31a369a6bd6f115869afea80abed4e696eb0e973eeed4ef98c892091870b9

Download Submit
C:\Windows\system\XLnRTPR.exe

Filesize
6.0MB

MD5
f8479498cd917af097f9ba7ed6c8adbe

SHA1
f97fd320ec5d510520427733661808c489fa0937

SHA256
256c0dd9417d8c315b27616ff54f78739cd38fa571782094d5bcbf43c7ebbe46

SHA512
a681709b19a4b8a68d079391c6e07060d8b926cafbe879e2395774b30e4346c4ccceef5cdc3317ed3eb1097ccccb1c934d22ae1611dca35ce087f7fdd49ac9d5

Download Submit
C:\Windows\system\YHKFMvP.exe

Filesize
6.0MB

MD5
c65e54164196229f41c0f3ae6dbb15a2

SHA1
4abe8d1b17b36580219caf67203dd766b9aa8cf0

SHA256
2738b2d035032a45b766653ed5e7f85db6879e9e3b9c0c5731e0e8b1e78d051e

SHA512
ba3d4b1f60c9b46b196288086f2c9394acc0bc9b1aa1827a30759bb2c63e5083042aac1b38935595561acf2f1534e04d9b2989aa54699390589b325475ea8f0b

Download Submit
C:\Windows\system\YqVhXml.exe

Filesize
6.0MB

MD5
57672bf419becae6ddc940b5d2ea9bb2

SHA1
f93f317b273d0c76bb83eb962e5f333eb83143d9

SHA256
21ae504511577898aba67c1fd71113af090e8694d5e2b1a33a81d65d96f58f7a

SHA512
22de566d97e807519af8a4fcd9d68920f215b6a892ad019a6689caf40e70ab548c1227d9296c1b8e87cb11bd8739299f7c508ff037394c7a2e81cc89f6bf716a

Download Submit
C:\Windows\system\iMDqRkS.exe

Filesize
6.0MB

MD5
b54f133d1462181aec4d249b12ab1b00

SHA1
d3295751840136e02ec9690bc0c83e2548abdb33

SHA256
13d7dc30abff699726c21fc2c870a06d4b6249affd2874b8dab76e9e654f9d8a

SHA512
39cac9a25c9550fdee9316b2037cd35c8458574a2ea5771585079dfb993372fd0630bc4ee366b1ec90c3a3a04d8c0d4182031d566d59d925662c5ae3f2bcb459

Download Submit
C:\Windows\system\mSHJuQC.exe

Filesize
6.0MB

MD5
99e3fece17a40c8b0d94cc0d40095dfd

SHA1
662bda5ea3a16abea80809f7050b3727ecaf8ade

SHA256
9091c7ac0f56524de8b9b5a100594d1de3462222be331035bf63d286f307d22c

SHA512
df5c3ebbc2ff43bfe4e3a2c68962c441473078b731ec8f207bdeae16b7764d1cbafb95ef1d3071c6795d7f07e9f598245d15c56d03bedcc4bd3df77a5637ebc6

Download Submit
C:\Windows\system\myWJjwL.exe

Filesize
6.0MB

MD5
4156b8bcb966b85edc9c11ddade42d84

SHA1
1f166017a74028293c09cf9fb9de2c64667e2352

SHA256
ee19488c8b4153786903d4a2c60f8580cdec2135c3f74ce6d028f1abd4141deb

SHA512
321de4a84d14b1b15c4dad41d63000c94afc52535a882d2af5d295a258bca703bf7b1cd411623a193aec35725c4a2188f6e055a253536797b738fff71fa0e3f5

Download Submit
C:\Windows\system\nWAjefx.exe

Filesize
6.0MB

MD5
08140b4bb7800d6d8aa0c72fdb52ab40

SHA1
510418a87b55938ffb1a51ad72e2d97f1b5855e9

SHA256
57883b152b32542523c872fcdc9bba3a00be5d42a21621c60c22be1ef93d57f0

SHA512
c220c99e99863e004807ef255a4a32682e59e8cb4ec5e6b5657d9783e75c2a2033206127bab8699b4c3e2aae45a449ebc73b375c776ce2b57b532294ada4dccb

Download Submit
C:\Windows\system\ntQbVJI.exe

Filesize
6.0MB

MD5
ffa782e54ab6be39a4627080b9e71a31

SHA1
2e86ddaafbda43030fd6f4c22079a26b4a437d05

SHA256
541a61c1a04e5339efe14694928596bed86af4c5f45e1896b0f38a572ba7203f

SHA512
a9dacf782b98d1c7593f8f62104788e28fe787a5d0c7d949aa0ef24f642f283894c5ac8972edd4e105a31f07a328eb7397801f0b72cc69b09c0754a7cd375c32

Download Submit
C:\Windows\system\oNqWZqH.exe

Filesize
6.0MB

MD5
cc000f1eb3f344dd62e4729d188ea30f

SHA1
f2a25295266a62703d8866fa9d603a6df5f596fe

SHA256
191360ae9a208e9d11ffae935ddc8daeff19b2094ff6baf47f9809016615ef44

SHA512
70eab703b169efea9313bbf1697cf34b9c4ee97c9a14ac26c61161c191eb4c4bd24d0ec36edeb3c1c613950c7bf11714b44264d99fc5ae32bf28a8d204b5b22e

Download Submit
C:\Windows\system\oTwcdFV.exe

Filesize
6.0MB

MD5
c3e6497af3ccdcc8749adc2374ed23aa

SHA1
40324e2ac41efa9bdb1cbd3ebea5dc498d241e4d

SHA256
06fcfa28b4ccb4f40ed4c2f486ef313936107899a1e8c0dabfdf54a6b35410f8

SHA512
c8f02516fd8b0bb19a6f2aa8d2c2967be86f2051634afc4269db520302b83fd16286b1cfac2112be354556b7af59e5a0e6e801abf739b56d82d29c658fd94863

Download Submit
C:\Windows\system\plyDinm.exe

Filesize
6.0MB

MD5
40d043b10f4643450a76dce16506111e

SHA1
728073f021dea6c1e9547d003d37fd9d8a635499

SHA256
c682801ca1e7884ce95b08ab7bf119a13fbe0a5c658f2ed040bfe6b0a1bbf67b

SHA512
e2206df7fa5006c28fda412dc05b34f872b6d79cadfe0766e14c7432cbf1fc3e030d0f82e79e0210444c798d7c762e588a3e75ad12c8def3c49fa4010f0b3c9b

Download Submit
C:\Windows\system\vRZSDdz.exe

Filesize
6.0MB

MD5
1a15df657ff0155d7b89ee0c3fb66b6f

SHA1
779e0af3aeb2060a0645dafbc1628124cbda1381

SHA256
c850a3f2f3c0c5229b5f0b0dcf6c32fa3b699a761a98608120963cf5f613bb65

SHA512
85300ece8402a8ccc49278e823ff5488e5cd10a8e109f039a031d37fab2fa7b45b05aa04893f88984b7f4eb5563a98f641c6bbb499caae6ec5801d372c773ca7

Download Submit
C:\Windows\system\wxpBaqm.exe

Filesize
6.0MB

MD5
c9583dc62ec01dbd77f6c34f5dfccbb8

SHA1
94c86e31c51253e49b37d0107b794659c882a3da

SHA256
b0f1af8a62fa4fb6c5badb4249ab04d9be5b42fcb3220aa373ada07e272afdaa

SHA512
b4b03bcec1b0b9b231fa945a73820bde75ce5d0bfc38de7854799133bd83f3c7dbad46abea4c0859144d9b1883a40c586db09a6b6207bae5b85b2abd43404687

Download Submit
\Windows\system\DnUzjCX.exe

Filesize
6.0MB

MD5
e034e827509629e99059240dd5337b61

SHA1
701d5545b47b355a9713801beb52e88a6cbb1609

SHA256
8b63e8b2a683a5b113d4691ef79623b4b407b1d25deb425a3d3e375fa1c04eea

SHA512
af6de8786d1065a040e04d45e0dfa3331bb1d5ed5aad0bfcd918ee090329f08347529df78440328df6a6225c30e17f8828a830cdcf2dc0ab0f3edaf98a9ffd1f

Download Submit
\Windows\system\IwSegRu.exe

Filesize
6.0MB

MD5
a37af5dab84ff5d2d3a268a429527fbb

SHA1
bc214620a6e186a718e365ca88768fa00f69d706

SHA256
66bd6de93b085db3e1cc5e6f05a282e23da04c5f71a237b844798b0c2b8e49ae

SHA512
157d6d3c9ef5474725e0922a82664737ffbb544bc9b13fa6f509c17606a3f501570d174d0ee489cdd63251240a774b2b967b73ac23a343a0966177fb54273e29

Download Submit
\Windows\system\StVBbYf.exe

Filesize
6.0MB

MD5
f07248752b29bdc20db2595068c27598

SHA1
1fd7bcfb74ff4710ccb8e2f4480adccd8801aec5

SHA256
6590a5cf54d1ad5a387d0edec54608d98b9efd81eb4c26d360c438439492dfd7

SHA512
a9d72ee727ff4733eda4363359995a0cfa55613ad5300012c885ed4400b6773e27883e47fa332aabba9875d8092003ff980a2e4f515a45c496648a96bfd43aea

Download Submit
\Windows\system\TSnqaRr.exe

Filesize
6.0MB

MD5
ef7afed397110812c65eace4d465db33

SHA1
2e51e72d0dcea9984df47f9ecc775b52b9832598

SHA256
fb11232ef57e22513a5d294d603ef1d70f3d793ce2da70c1d18d588d5a921506

SHA512
cc6c38a8f6ce22913abc077b727c8dbaab16f6784a9d2035c6845ed9827e3f91b58ab51dd2c2839fe5eba3ae85747cc68ad2361434832aa697c10f433de8c92c

Download Submit
\Windows\system\VUwVWCO.exe

Filesize
6.0MB

MD5
8e7d14451b227e956ec0583e65327c2a

SHA1
fa951c4ffb6fc7c75336a80a296a1256c7e16af2

SHA256
79d7ff246e0a87ffb23a04b5418d726858e1c7e8aa93b6476b972806e386c377

SHA512
cac93acc9550867b072d3c22dee71bb26d909e7c38b588c10431b3017b3214ca09e55c63294114f331f90ce2e15e0bdce7d66e549ef20dfbb9c582cea23d858d

Download Submit
\Windows\system\qquiptg.exe

Filesize
6.0MB

MD5
04997741368d747fdfc0c9de11ade390

SHA1
49ff7066676c86cf97e6b69e7b0b67e7c23be278

SHA256
26256a06ac5b279db5c80ab95bb18ae5d2fdd0b66d0785e2d4525b726e8504d7

SHA512
3064e2043a256f08c046d654aa0f630eeb6e91ebf0c7c3cf2dc843dc4faedef350cec22e8ea08c4e98a76657ea5a6287428f739a1700cc25014bcc561cc52995

Download Submit
\Windows\system\qxAsqZZ.exe

Filesize
6.0MB

MD5
681652932ba4957ae84ca7d5e4d1b68b

SHA1
7f64666bd767da4673cbf517501eaf48af7d9208

SHA256
a3c435bb6cd1123b3677104694af72a80c471257c8703c71f6697b07626fcf42

SHA512
49ec637a61d40d7ef69d6ac8084d4608ec9bb3f2bba14ecd95017f7cee9af22964264df32b34a0298e79c056bfc8c5381bf919a9d10884f1038711bf784ef13a

Download Submit
\Windows\system\vwBECBn.exe

Filesize
6.0MB

MD5
4fb632a0a7a1fa6d927c11f53d99510c

SHA1
4a45c649a89ba2a2d2998ca53f62cfdfa5f0ed93

SHA256
a30176a4e98d4fd1c206c4999e202ef7fecda44ad9cd6fb6c8926ad228ee91c3

SHA512
01d06fc9422cbce0d61e52028f4687b685c7f8bbe30d7e4e3f782b120baf2ec2b8561553e73a71ea5a60c076ebbfef497d5e782187a5aaa65efe7b7a1d44505b

Download Submit
\Windows\system\xrGeyfH.exe

Filesize
6.0MB

MD5
bd14acfc0a871510e3b2d19073de3d21

SHA1
ce35e1923b172795972e73ac5f78f81fe6670057

SHA256
d7ca16dd1c9ba23d67c23564a3ce9aff121ea6916e33a3965242fe3704a69d1e

SHA512
dcbcc370e551df91916ecd9ccfc615357f2cfd0558b96939f3756d99b94e4bf4c196c7d4e23fd5c8604ad88c7fa305acbae63bc420670a3febfca26f2be0bfe7

Download Submit
memory/1260-505-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1260-27-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1260-509-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1260-33-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1260-2063-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1260-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1260-2940-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/1260-2952-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1260-2950-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1260-2949-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1260-3031-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1260-53-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1260-457-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1260-1085-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1260-514-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1260-10-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1260-512-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/1260-22-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1260-511-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1260-393-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/1260-395-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1260-0-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/1260-507-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1260-38-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/1260-2948-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1260-2947-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1260-2946-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1260-717-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1984-21-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1984-3990-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2012-19-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2012-4001-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2288-947-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2288-4019-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2288-29-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2516-3996-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2516-20-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2608-506-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-4041-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4040-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-443-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-4042-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-510-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-464-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-4036-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-387-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2712-4039-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4037-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2716-508-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2816-36-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1831-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2844-513-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-4034-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-42-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2864-4038-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2864-2061-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2916-515-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2916-4035-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download