cobaltstrike | 043a47e1554069aaf66aa51a233364228a598e272b75efb4359fa806efca9073

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 07:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

1810e16812f5caca4a8c632c3826b6af
SHA1

408c26c485e0f9862fc883c5c56d73892a968c93
SHA256

043a47e1554069aaf66aa51a233364228a598e272b75efb4359fa806efca9073
SHA512

0eaeb8f54e529514fd70eb13c02336014702f365e158229998eed0e7cb370621b5563c6407d62cb6f15da3759a5b405708f6511432bc824106bdd1705cab3f8f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU7:T+q56utgpPF8u/77

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x000c000000012263-4.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d13-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0b-25.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cfe-17.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d2e-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d24-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d36-43.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c58-50.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d3f-57.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d47-65.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174ac-73.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001752f-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-95.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-104.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-118.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018678-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-151.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001866d-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-180.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-189.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-185.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2496-0-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x000c000000012263-4.dat	xmrig
behavioral1/files/0x0008000000016d13-18.dat	xmrig
behavioral1/files/0x0007000000016d0b-25.dat	xmrig
behavioral1/memory/2380-28-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/1988-27-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2544-24-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2960-23-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0008000000016cfe-17.dat	xmrig
behavioral1/files/0x0007000000016d2e-36.dat	xmrig
behavioral1/memory/2908-40-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2764-34-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d24-33.dat	xmrig
behavioral1/memory/2496-37-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d36-43.dat	xmrig
behavioral1/memory/2692-49-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016c58-50.dat	xmrig
behavioral1/memory/2496-53-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2600-56-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d3f-57.dat	xmrig
behavioral1/memory/2624-64-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2496-61-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/2764-60-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d47-65.dat	xmrig
behavioral1/memory/2496-69-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2608-72-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2908-68-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/files/0x00060000000174ac-73.dat	xmrig
behavioral1/memory/2968-79-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x000600000001752f-80.dat	xmrig
behavioral1/memory/1764-85-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x0005000000018690-95.dat	xmrig
behavioral1/files/0x00060000000190d6-104.dat	xmrig
behavioral1/files/0x00060000000190cd-123.dat	xmrig
behavioral1/files/0x00050000000191f3-129.dat	xmrig
behavioral1/memory/2600-128-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2112-126-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f7-124.dat	xmrig
behavioral1/files/0x000500000001879b-118.dat	xmrig
behavioral1/files/0x0009000000018678-105.dat	xmrig
behavioral1/files/0x0005000000019229-137.dat	xmrig
behavioral1/files/0x000500000001924c-145.dat	xmrig
behavioral1/files/0x0005000000019218-133.dat	xmrig
behavioral1/files/0x000500000001926b-154.dat	xmrig
behavioral1/files/0x0005000000019234-151.dat	xmrig
behavioral1/files/0x001500000001866d-89.dat	xmrig
behavioral1/files/0x0005000000019271-158.dat	xmrig
behavioral1/files/0x0005000000019273-165.dat	xmrig
behavioral1/files/0x0005000000019382-172.dat	xmrig
behavioral1/files/0x0005000000019277-169.dat	xmrig
behavioral1/memory/2496-157-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x0005000000019389-180.dat	xmrig
behavioral1/files/0x00050000000193c4-189.dat	xmrig
behavioral1/memory/2608-197-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2968-362-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2496-274-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2496-441-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x00050000000193be-185.dat	xmrig
behavioral1/memory/2496-933-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2544-3308-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2960-3311-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/1988-3331-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2380-3330-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2764-3333-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

giyHhmJ.exeGWxCqlb.exeqGESqij.exeeWNrYTo.exeypQFEDp.exeloHOqlD.exeAUpjqsR.exeCbkgivf.exebVIscGF.exeVjkiMyQ.exexJSIYfy.exetjCsdUh.exeVhXDnoJ.exensmdQlJ.exeZeCrcxG.exehwEjjKc.exeGCZSQnj.execRcrYyg.exejDRFMCI.exeUPMpYxZ.exeqrTLWjk.exeSuKslck.exesscdgSA.exeVhUviqA.exetGMDjBo.exeTFVejGl.exeXQTARhr.exeLUwYLKA.exeRqHaoId.exeXvfWbhS.exeqVMynYa.exerHARpal.exeLKvHYpK.exeqQwRhNY.exevqOqjPB.exeXpuJOkY.exeeLahvma.exeSNiWUhh.exePfbZBxC.exeGqRfxFV.exeVvxUKfH.exeGCZwFEv.exeqxJFpUQ.exegMZwevg.exefXsmcWy.exeuzmxCSH.exeCKtrEVT.exefkNAdWk.exeNFFAhnO.exeaKSsRlw.exebZlyIVa.exeJMVWzXI.exeKPeHeIQ.exennEpcGx.exebVPvlZa.exedFtwPTB.exeOwsPnuN.exeXlFGYhU.exeHMKWqAs.exeepFTPVG.exeJRLFCWa.exeksvQKMx.exeoqmLBmG.exeYtBRFkZ.exe

pid	Process
2960	giyHhmJ.exe
2544	GWxCqlb.exe
1988	qGESqij.exe
2380	eWNrYTo.exe
2764	ypQFEDp.exe
2908	loHOqlD.exe
2692	AUpjqsR.exe
2600	Cbkgivf.exe
2624	bVIscGF.exe
2608	VjkiMyQ.exe
2968	xJSIYfy.exe
1764	tjCsdUh.exe
2112	VhXDnoJ.exe
1152	nsmdQlJ.exe
348	ZeCrcxG.exe
1348	hwEjjKc.exe
1856	GCZSQnj.exe
1840	cRcrYyg.exe
844	jDRFMCI.exe
1648	UPMpYxZ.exe
2504	qrTLWjk.exe
1352	SuKslck.exe
2116	sscdgSA.exe
1564	VhUviqA.exe
2152	tGMDjBo.exe
2676	TFVejGl.exe
712	XQTARhr.exe
1220	LUwYLKA.exe
1768	RqHaoId.exe
448	XvfWbhS.exe
3052	qVMynYa.exe
988	rHARpal.exe
968	LKvHYpK.exe
2636	qQwRhNY.exe
1552	vqOqjPB.exe
2556	XpuJOkY.exe
1608	eLahvma.exe
1448	SNiWUhh.exe
1592	PfbZBxC.exe
1652	GqRfxFV.exe
1680	VvxUKfH.exe
860	GCZwFEv.exe
1548	qxJFpUQ.exe
2300	gMZwevg.exe
3040	fXsmcWy.exe
2236	uzmxCSH.exe
2336	CKtrEVT.exe
732	fkNAdWk.exe
2332	NFFAhnO.exe
1604	aKSsRlw.exe
3064	bZlyIVa.exe
316	JMVWzXI.exe
548	KPeHeIQ.exe
1416	nnEpcGx.exe
892	bVPvlZa.exe
2340	dFtwPTB.exe
3016	OwsPnuN.exe
1504	XlFGYhU.exe
1780	HMKWqAs.exe
2288	epFTPVG.exe
2868	JRLFCWa.exe
2880	ksvQKMx.exe
2276	oqmLBmG.exe
2372	YtBRFkZ.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2496-0-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x000c000000012263-4.dat	upx
behavioral1/files/0x0008000000016d13-18.dat	upx
behavioral1/files/0x0007000000016d0b-25.dat	upx
behavioral1/memory/2380-28-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/1988-27-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2544-24-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2960-23-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0008000000016cfe-17.dat	upx
behavioral1/files/0x0007000000016d2e-36.dat	upx
behavioral1/memory/2908-40-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2764-34-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x0007000000016d24-33.dat	upx
behavioral1/memory/2496-37-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2496-7-0x00000000023E0000-0x0000000002734000-memory.dmp	upx
behavioral1/files/0x0007000000016d36-43.dat	upx
behavioral1/memory/2692-49-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x0009000000016c58-50.dat	upx
behavioral1/memory/2600-56-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/files/0x0008000000016d3f-57.dat	upx
behavioral1/memory/2624-64-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2764-60-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x0008000000016d47-65.dat	upx
behavioral1/memory/2608-72-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2908-68-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/files/0x00060000000174ac-73.dat	upx
behavioral1/memory/2968-79-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x000600000001752f-80.dat	upx
behavioral1/memory/1764-85-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x0005000000018690-95.dat	upx
behavioral1/files/0x00060000000190d6-104.dat	upx
behavioral1/files/0x00060000000190cd-123.dat	upx
behavioral1/files/0x00050000000191f3-129.dat	upx
behavioral1/memory/2600-128-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2112-126-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/files/0x00050000000191f7-124.dat	upx
behavioral1/files/0x000500000001879b-118.dat	upx
behavioral1/files/0x0009000000018678-105.dat	upx
behavioral1/files/0x0005000000019229-137.dat	upx
behavioral1/files/0x000500000001924c-145.dat	upx
behavioral1/files/0x0005000000019218-133.dat	upx
behavioral1/files/0x000500000001926b-154.dat	upx
behavioral1/files/0x0005000000019234-151.dat	upx
behavioral1/files/0x001500000001866d-89.dat	upx
behavioral1/files/0x0005000000019271-158.dat	upx
behavioral1/files/0x0005000000019273-165.dat	upx
behavioral1/files/0x0005000000019382-172.dat	upx
behavioral1/files/0x0005000000019277-169.dat	upx
behavioral1/files/0x0005000000019389-180.dat	upx
behavioral1/files/0x00050000000193c4-189.dat	upx
behavioral1/memory/2608-197-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2968-362-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x00050000000193be-185.dat	upx
behavioral1/memory/2544-3308-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2960-3311-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/1988-3331-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2380-3330-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2764-3333-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2908-3353-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2600-3543-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2692-3568-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2624-3647-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2608-3677-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/1764-3805-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\KPeHeIQ.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDtMMHT.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wOtodmC.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uzhxTVy.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZhQKep.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NeLRjFb.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LKvHYpK.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dIzfPTF.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EaGFqZm.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sstWbfj.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ycAKvBt.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LvhjohI.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Odgkjkc.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\durYTRn.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DMsPFpK.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LPmkDvU.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ClzoZbV.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xdcNxuI.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hbKWKzY.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XBLlhLs.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IBMWcfT.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mcvOBoC.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YjOohyG.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wqVfeMd.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\blPkhxy.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPPPpFu.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCJHHpL.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eVwOoUK.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YwkFvvz.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KerWVTt.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HazYbkW.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EKVDnwq.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wKmLEqg.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCJqThZ.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YWmsuZd.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uzetStJ.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YbjALKb.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eHFArwp.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tUKTMto.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyAsgYH.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bOpXXQT.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kNZSFax.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dFtwPTB.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PqHwlmM.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VhTRQYM.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NchXWOP.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SSXickG.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMIOTso.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GWxCqlb.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Znntnjx.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IBwQWkR.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\THIGQSk.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yQDWntK.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ADRoemn.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vbxlcjm.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ykRIaGA.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sJbGchw.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGifTre.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EWfuYXe.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LZSGHfv.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BofIOxU.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jBHXzFB.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zjcxhvR.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRhBKvu.exe	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 2496 wrote to memory of 1988	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2496 wrote to memory of 1988	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2496 wrote to memory of 1988	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2496 wrote to memory of 2960	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2496 wrote to memory of 2960	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2496 wrote to memory of 2960	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2496 wrote to memory of 2380	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2496 wrote to memory of 2380	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2496 wrote to memory of 2380	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2496 wrote to memory of 2544	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2496 wrote to memory of 2544	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2496 wrote to memory of 2544	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2496 wrote to memory of 2764	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2496 wrote to memory of 2764	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2496 wrote to memory of 2764	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2496 wrote to memory of 2908	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2496 wrote to memory of 2908	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2496 wrote to memory of 2908	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2496 wrote to memory of 2692	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2496 wrote to memory of 2692	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2496 wrote to memory of 2692	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2496 wrote to memory of 2600	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2496 wrote to memory of 2600	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2496 wrote to memory of 2600	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2496 wrote to memory of 2624	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2496 wrote to memory of 2624	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2496 wrote to memory of 2624	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2496 wrote to memory of 2608	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2496 wrote to memory of 2608	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2496 wrote to memory of 2608	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2496 wrote to memory of 2968	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2496 wrote to memory of 2968	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2496 wrote to memory of 2968	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2496 wrote to memory of 1764	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2496 wrote to memory of 1764	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2496 wrote to memory of 1764	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2496 wrote to memory of 2112	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2496 wrote to memory of 2112	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2496 wrote to memory of 2112	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2496 wrote to memory of 1152	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2496 wrote to memory of 1152	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2496 wrote to memory of 1152	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2496 wrote to memory of 348	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2496 wrote to memory of 348	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2496 wrote to memory of 348	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2496 wrote to memory of 1348	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2496 wrote to memory of 1348	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2496 wrote to memory of 1348	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2496 wrote to memory of 1840	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2496 wrote to memory of 1840	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2496 wrote to memory of 1840	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2496 wrote to memory of 1856	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2496 wrote to memory of 1856	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2496 wrote to memory of 1856	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2496 wrote to memory of 1648	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2496 wrote to memory of 1648	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2496 wrote to memory of 1648	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2496 wrote to memory of 844	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2496 wrote to memory of 844	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2496 wrote to memory of 844	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2496 wrote to memory of 2504	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2496 wrote to memory of 2504	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2496 wrote to memory of 2504	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2496 wrote to memory of 1352	2496	2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-25_1810e16812f5caca4a8c632c3826b6af_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Windows\System\qGESqij.exe
  C:\Windows\System\qGESqij.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\giyHhmJ.exe
  C:\Windows\System\giyHhmJ.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\eWNrYTo.exe
  C:\Windows\System\eWNrYTo.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\GWxCqlb.exe
  C:\Windows\System\GWxCqlb.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\ypQFEDp.exe
  C:\Windows\System\ypQFEDp.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\loHOqlD.exe
  C:\Windows\System\loHOqlD.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\AUpjqsR.exe
  C:\Windows\System\AUpjqsR.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\Cbkgivf.exe
  C:\Windows\System\Cbkgivf.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\bVIscGF.exe
  C:\Windows\System\bVIscGF.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\VjkiMyQ.exe
  C:\Windows\System\VjkiMyQ.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\xJSIYfy.exe
  C:\Windows\System\xJSIYfy.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\tjCsdUh.exe
  C:\Windows\System\tjCsdUh.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\VhXDnoJ.exe
  C:\Windows\System\VhXDnoJ.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\nsmdQlJ.exe
  C:\Windows\System\nsmdQlJ.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\ZeCrcxG.exe
  C:\Windows\System\ZeCrcxG.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\hwEjjKc.exe
  C:\Windows\System\hwEjjKc.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\cRcrYyg.exe
  C:\Windows\System\cRcrYyg.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\GCZSQnj.exe
  C:\Windows\System\GCZSQnj.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\UPMpYxZ.exe
  C:\Windows\System\UPMpYxZ.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\jDRFMCI.exe
  C:\Windows\System\jDRFMCI.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\qrTLWjk.exe
  C:\Windows\System\qrTLWjk.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\SuKslck.exe
  C:\Windows\System\SuKslck.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\VhUviqA.exe
  C:\Windows\System\VhUviqA.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\sscdgSA.exe
  C:\Windows\System\sscdgSA.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\tGMDjBo.exe
  C:\Windows\System\tGMDjBo.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\TFVejGl.exe
  C:\Windows\System\TFVejGl.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\XQTARhr.exe
  C:\Windows\System\XQTARhr.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\LUwYLKA.exe
  C:\Windows\System\LUwYLKA.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\RqHaoId.exe
  C:\Windows\System\RqHaoId.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\XvfWbhS.exe
  C:\Windows\System\XvfWbhS.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\qVMynYa.exe
  C:\Windows\System\qVMynYa.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\rHARpal.exe
  C:\Windows\System\rHARpal.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\LKvHYpK.exe
  C:\Windows\System\LKvHYpK.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\qQwRhNY.exe
  C:\Windows\System\qQwRhNY.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\vqOqjPB.exe
  C:\Windows\System\vqOqjPB.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\XpuJOkY.exe
  C:\Windows\System\XpuJOkY.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\eLahvma.exe
  C:\Windows\System\eLahvma.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\SNiWUhh.exe
  C:\Windows\System\SNiWUhh.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\PfbZBxC.exe
  C:\Windows\System\PfbZBxC.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\GqRfxFV.exe
  C:\Windows\System\GqRfxFV.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\VvxUKfH.exe
  C:\Windows\System\VvxUKfH.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\GCZwFEv.exe
  C:\Windows\System\GCZwFEv.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\qxJFpUQ.exe
  C:\Windows\System\qxJFpUQ.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\gMZwevg.exe
  C:\Windows\System\gMZwevg.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\fXsmcWy.exe
  C:\Windows\System\fXsmcWy.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\uzmxCSH.exe
  C:\Windows\System\uzmxCSH.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\CKtrEVT.exe
  C:\Windows\System\CKtrEVT.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\fkNAdWk.exe
  C:\Windows\System\fkNAdWk.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\NFFAhnO.exe
  C:\Windows\System\NFFAhnO.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\aKSsRlw.exe
  C:\Windows\System\aKSsRlw.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\bZlyIVa.exe
  C:\Windows\System\bZlyIVa.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\JMVWzXI.exe
  C:\Windows\System\JMVWzXI.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\KPeHeIQ.exe
  C:\Windows\System\KPeHeIQ.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\nnEpcGx.exe
  C:\Windows\System\nnEpcGx.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\bVPvlZa.exe
  C:\Windows\System\bVPvlZa.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\dFtwPTB.exe
  C:\Windows\System\dFtwPTB.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\OwsPnuN.exe
  C:\Windows\System\OwsPnuN.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\XlFGYhU.exe
  C:\Windows\System\XlFGYhU.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\HMKWqAs.exe
  C:\Windows\System\HMKWqAs.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\epFTPVG.exe
  C:\Windows\System\epFTPVG.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\JRLFCWa.exe
  C:\Windows\System\JRLFCWa.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\ksvQKMx.exe
  C:\Windows\System\ksvQKMx.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\oqmLBmG.exe
  C:\Windows\System\oqmLBmG.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\YtBRFkZ.exe
  C:\Windows\System\YtBRFkZ.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\pjndMNz.exe
  C:\Windows\System\pjndMNz.exe
  2⤵
  PID:1488
- C:\Windows\System\BzVIvIy.exe
  C:\Windows\System\BzVIvIy.exe
  2⤵
  PID:2864
- C:\Windows\System\wCqPfLt.exe
  C:\Windows\System\wCqPfLt.exe
  2⤵
  PID:2784
- C:\Windows\System\ZXcPvGq.exe
  C:\Windows\System\ZXcPvGq.exe
  2⤵
  PID:2352
- C:\Windows\System\qFeWGLE.exe
  C:\Windows\System\qFeWGLE.exe
  2⤵
  PID:3032
- C:\Windows\System\sPrVudN.exe
  C:\Windows\System\sPrVudN.exe
  2⤵
  PID:2820
- C:\Windows\System\CPPdDZU.exe
  C:\Windows\System\CPPdDZU.exe
  2⤵
  PID:2844
- C:\Windows\System\tMDGgLQ.exe
  C:\Windows\System\tMDGgLQ.exe
  2⤵
  PID:2744
- C:\Windows\System\fBGEiWo.exe
  C:\Windows\System\fBGEiWo.exe
  2⤵
  PID:2752
- C:\Windows\System\KIGMoye.exe
  C:\Windows\System\KIGMoye.exe
  2⤵
  PID:2988
- C:\Windows\System\wxSxeoM.exe
  C:\Windows\System\wxSxeoM.exe
  2⤵
  PID:2572
- C:\Windows\System\CGIxHVI.exe
  C:\Windows\System\CGIxHVI.exe
  2⤵
  PID:2972
- C:\Windows\System\WgQiPkv.exe
  C:\Windows\System\WgQiPkv.exe
  2⤵
  PID:2688
- C:\Windows\System\Odgkjkc.exe
  C:\Windows\System\Odgkjkc.exe
  2⤵
  PID:2588
- C:\Windows\System\OipMDBB.exe
  C:\Windows\System\OipMDBB.exe
  2⤵
  PID:2980
- C:\Windows\System\nfKDWps.exe
  C:\Windows\System\nfKDWps.exe
  2⤵
  PID:1536
- C:\Windows\System\xlyCcPA.exe
  C:\Windows\System\xlyCcPA.exe
  2⤵
  PID:1940
- C:\Windows\System\RMoxxNn.exe
  C:\Windows\System\RMoxxNn.exe
  2⤵
  PID:2644
- C:\Windows\System\eiuBbTA.exe
  C:\Windows\System\eiuBbTA.exe
  2⤵
  PID:372
- C:\Windows\System\NZgPpWx.exe
  C:\Windows\System\NZgPpWx.exe
  2⤵
  PID:1544
- C:\Windows\System\sEAsBmN.exe
  C:\Windows\System\sEAsBmN.exe
  2⤵
  PID:1820
- C:\Windows\System\eItSrCe.exe
  C:\Windows\System\eItSrCe.exe
  2⤵
  PID:2208
- C:\Windows\System\uoGVOSz.exe
  C:\Windows\System\uoGVOSz.exe
  2⤵
  PID:1176
- C:\Windows\System\QHLkHnZ.exe
  C:\Windows\System\QHLkHnZ.exe
  2⤵
  PID:1420
- C:\Windows\System\bDtMMHT.exe
  C:\Windows\System\bDtMMHT.exe
  2⤵
  PID:1000
- C:\Windows\System\rcjmXTh.exe
  C:\Windows\System\rcjmXTh.exe
  2⤵
  PID:1852
- C:\Windows\System\ZqMHfMO.exe
  C:\Windows\System\ZqMHfMO.exe
  2⤵
  PID:1632
- C:\Windows\System\vYiFFVk.exe
  C:\Windows\System\vYiFFVk.exe
  2⤵
  PID:964
- C:\Windows\System\IbsLvAn.exe
  C:\Windows\System\IbsLvAn.exe
  2⤵
  PID:2388
- C:\Windows\System\ZZwqZjW.exe
  C:\Windows\System\ZZwqZjW.exe
  2⤵
  PID:2248
- C:\Windows\System\eMtrkJQ.exe
  C:\Windows\System\eMtrkJQ.exe
  2⤵
  PID:1568
- C:\Windows\System\CrHxygj.exe
  C:\Windows\System\CrHxygj.exe
  2⤵
  PID:1012
- C:\Windows\System\fLSColD.exe
  C:\Windows\System\fLSColD.exe
  2⤵
  PID:1756
- C:\Windows\System\ZawkqZO.exe
  C:\Windows\System\ZawkqZO.exe
  2⤵
  PID:1304
- C:\Windows\System\PqHwlmM.exe
  C:\Windows\System\PqHwlmM.exe
  2⤵
  PID:1540
- C:\Windows\System\jfIeFVI.exe
  C:\Windows\System\jfIeFVI.exe
  2⤵
  PID:836
- C:\Windows\System\HGcBiSw.exe
  C:\Windows\System\HGcBiSw.exe
  2⤵
  PID:1224
- C:\Windows\System\OkqSuak.exe
  C:\Windows\System\OkqSuak.exe
  2⤵
  PID:1932
- C:\Windows\System\NkAaGxQ.exe
  C:\Windows\System\NkAaGxQ.exe
  2⤵
  PID:760
- C:\Windows\System\vYpjSvY.exe
  C:\Windows\System\vYpjSvY.exe
  2⤵
  PID:808
- C:\Windows\System\kuFfMOw.exe
  C:\Windows\System\kuFfMOw.exe
  2⤵
  PID:2660
- C:\Windows\System\fXyeSIK.exe
  C:\Windows\System\fXyeSIK.exe
  2⤵
  PID:3008
- C:\Windows\System\VsosZOq.exe
  C:\Windows\System\VsosZOq.exe
  2⤵
  PID:1636
- C:\Windows\System\wOtodmC.exe
  C:\Windows\System\wOtodmC.exe
  2⤵
  PID:2948
- C:\Windows\System\mvHjvJG.exe
  C:\Windows\System\mvHjvJG.exe
  2⤵
  PID:2436
- C:\Windows\System\FyFzNop.exe
  C:\Windows\System\FyFzNop.exe
  2⤵
  PID:2320
- C:\Windows\System\xKEpyab.exe
  C:\Windows\System\xKEpyab.exe
  2⤵
  PID:2580
- C:\Windows\System\hWxrdpL.exe
  C:\Windows\System\hWxrdpL.exe
  2⤵
  PID:1936
- C:\Windows\System\rZLzPJW.exe
  C:\Windows\System\rZLzPJW.exe
  2⤵
  PID:2616
- C:\Windows\System\vhqRtNy.exe
  C:\Windows\System\vhqRtNy.exe
  2⤵
  PID:2220
- C:\Windows\System\oNnbeSD.exe
  C:\Windows\System\oNnbeSD.exe
  2⤵
  PID:772
- C:\Windows\System\MCEQawm.exe
  C:\Windows\System\MCEQawm.exe
  2⤵
  PID:1732
- C:\Windows\System\zyOjLbi.exe
  C:\Windows\System\zyOjLbi.exe
  2⤵
  PID:1044
- C:\Windows\System\VtzsoEr.exe
  C:\Windows\System\VtzsoEr.exe
  2⤵
  PID:696
- C:\Windows\System\LubPaYk.exe
  C:\Windows\System\LubPaYk.exe
  2⤵
  PID:1728
- C:\Windows\System\EhYFSpU.exe
  C:\Windows\System\EhYFSpU.exe
  2⤵
  PID:1524
- C:\Windows\System\YXnWkAP.exe
  C:\Windows\System\YXnWkAP.exe
  2⤵
  PID:1884
- C:\Windows\System\kAmOxyw.exe
  C:\Windows\System\kAmOxyw.exe
  2⤵
  PID:680
- C:\Windows\System\mttRCfr.exe
  C:\Windows\System\mttRCfr.exe
  2⤵
  PID:2424
- C:\Windows\System\ZLlPBLx.exe
  C:\Windows\System\ZLlPBLx.exe
  2⤵
  PID:2800
- C:\Windows\System\GzRQckN.exe
  C:\Windows\System\GzRQckN.exe
  2⤵
  PID:2412
- C:\Windows\System\GTumUhk.exe
  C:\Windows\System\GTumUhk.exe
  2⤵
  PID:908
- C:\Windows\System\cBXQsFh.exe
  C:\Windows\System\cBXQsFh.exe
  2⤵
  PID:1432
- C:\Windows\System\MzfpPaD.exe
  C:\Windows\System\MzfpPaD.exe
  2⤵
  PID:1104
- C:\Windows\System\ahuFKfR.exe
  C:\Windows\System\ahuFKfR.exe
  2⤵
  PID:2196
- C:\Windows\System\CaaADeR.exe
  C:\Windows\System\CaaADeR.exe
  2⤵
  PID:2852
- C:\Windows\System\qbUWhfi.exe
  C:\Windows\System\qbUWhfi.exe
  2⤵
  PID:1928
- C:\Windows\System\FsmYVRT.exe
  C:\Windows\System\FsmYVRT.exe
  2⤵
  PID:2996
- C:\Windows\System\frnFyLP.exe
  C:\Windows\System\frnFyLP.exe
  2⤵
  PID:2716
- C:\Windows\System\Znntnjx.exe
  C:\Windows\System\Znntnjx.exe
  2⤵
  PID:2656
- C:\Windows\System\PKBUJIk.exe
  C:\Windows\System\PKBUJIk.exe
  2⤵
  PID:1692
- C:\Windows\System\kagCHXV.exe
  C:\Windows\System\kagCHXV.exe
  2⤵
  PID:1492
- C:\Windows\System\WObZQUA.exe
  C:\Windows\System\WObZQUA.exe
  2⤵
  PID:2536
- C:\Windows\System\rnGFrmd.exe
  C:\Windows\System\rnGFrmd.exe
  2⤵
  PID:2024
- C:\Windows\System\DqkkfyO.exe
  C:\Windows\System\DqkkfyO.exe
  2⤵
  PID:1676
- C:\Windows\System\ieaPakN.exe
  C:\Windows\System\ieaPakN.exe
  2⤵
  PID:1880
- C:\Windows\System\ftsRpgJ.exe
  C:\Windows\System\ftsRpgJ.exe
  2⤵
  PID:1948
- C:\Windows\System\MyRpOaN.exe
  C:\Windows\System\MyRpOaN.exe
  2⤵
  PID:2664
- C:\Windows\System\WyXiPLG.exe
  C:\Windows\System\WyXiPLG.exe
  2⤵
  PID:1996
- C:\Windows\System\hrQFHtP.exe
  C:\Windows\System\hrQFHtP.exe
  2⤵
  PID:2668
- C:\Windows\System\nuclNih.exe
  C:\Windows\System\nuclNih.exe
  2⤵
  PID:264
- C:\Windows\System\howDEfO.exe
  C:\Windows\System\howDEfO.exe
  2⤵
  PID:2652
- C:\Windows\System\wLxUlCL.exe
  C:\Windows\System\wLxUlCL.exe
  2⤵
  PID:2648
- C:\Windows\System\RDLtvIz.exe
  C:\Windows\System\RDLtvIz.exe
  2⤵
  PID:1580
- C:\Windows\System\aKbMzhn.exe
  C:\Windows\System\aKbMzhn.exe
  2⤵
  PID:2456
- C:\Windows\System\xuEOZZt.exe
  C:\Windows\System\xuEOZZt.exe
  2⤵
  PID:2740
- C:\Windows\System\FHcofgs.exe
  C:\Windows\System\FHcofgs.exe
  2⤵
  PID:2240
- C:\Windows\System\tTQjWPq.exe
  C:\Windows\System\tTQjWPq.exe
  2⤵
  PID:1832
- C:\Windows\System\BvOSdww.exe
  C:\Windows\System\BvOSdww.exe
  2⤵
  PID:1472
- C:\Windows\System\ECvGtXA.exe
  C:\Windows\System\ECvGtXA.exe
  2⤵
  PID:888
- C:\Windows\System\kCKVDuk.exe
  C:\Windows\System\kCKVDuk.exe
  2⤵
  PID:3060
- C:\Windows\System\VkgQnLh.exe
  C:\Windows\System\VkgQnLh.exe
  2⤵
  PID:2076
- C:\Windows\System\ntvQIZt.exe
  C:\Windows\System\ntvQIZt.exe
  2⤵
  PID:632
- C:\Windows\System\mqVXfjH.exe
  C:\Windows\System\mqVXfjH.exe
  2⤵
  PID:536
- C:\Windows\System\fXysiNF.exe
  C:\Windows\System\fXysiNF.exe
  2⤵
  PID:2468
- C:\Windows\System\VMJBBjV.exe
  C:\Windows\System\VMJBBjV.exe
  2⤵
  PID:2524
- C:\Windows\System\NUgDVQJ.exe
  C:\Windows\System\NUgDVQJ.exe
  2⤵
  PID:1920
- C:\Windows\System\pOySGRv.exe
  C:\Windows\System\pOySGRv.exe
  2⤵
  PID:584
- C:\Windows\System\DxOdiUf.exe
  C:\Windows\System\DxOdiUf.exe
  2⤵
  PID:2444
- C:\Windows\System\dUWItFS.exe
  C:\Windows\System\dUWItFS.exe
  2⤵
  PID:2924
- C:\Windows\System\YbjALKb.exe
  C:\Windows\System\YbjALKb.exe
  2⤵
  PID:2704
- C:\Windows\System\RrqXVBs.exe
  C:\Windows\System\RrqXVBs.exe
  2⤵
  PID:2480
- C:\Windows\System\thLTsvn.exe
  C:\Windows\System\thLTsvn.exe
  2⤵
  PID:2256
- C:\Windows\System\IcXVBBb.exe
  C:\Windows\System\IcXVBBb.exe
  2⤵
  PID:280
- C:\Windows\System\OwrPiPA.exe
  C:\Windows\System\OwrPiPA.exe
  2⤵
  PID:3020
- C:\Windows\System\BFwSKYQ.exe
  C:\Windows\System\BFwSKYQ.exe
  2⤵
  PID:1392
- C:\Windows\System\hkpnbEv.exe
  C:\Windows\System\hkpnbEv.exe
  2⤵
  PID:1656
- C:\Windows\System\wsEogIi.exe
  C:\Windows\System\wsEogIi.exe
  2⤵
  PID:2124
- C:\Windows\System\ppTTJbS.exe
  C:\Windows\System\ppTTJbS.exe
  2⤵
  PID:1620
- C:\Windows\System\yWASxdd.exe
  C:\Windows\System\yWASxdd.exe
  2⤵
  PID:1624
- C:\Windows\System\SWaMbpB.exe
  C:\Windows\System\SWaMbpB.exe
  2⤵
  PID:3080
- C:\Windows\System\vKblEFy.exe
  C:\Windows\System\vKblEFy.exe
  2⤵
  PID:3132
- C:\Windows\System\PCNvGhI.exe
  C:\Windows\System\PCNvGhI.exe
  2⤵
  PID:3148
- C:\Windows\System\durYTRn.exe
  C:\Windows\System\durYTRn.exe
  2⤵
  PID:3164
- C:\Windows\System\oXvLcWQ.exe
  C:\Windows\System\oXvLcWQ.exe
  2⤵
  PID:3188
- C:\Windows\System\hxLnWjd.exe
  C:\Windows\System\hxLnWjd.exe
  2⤵
  PID:3204
- C:\Windows\System\KsbHqyz.exe
  C:\Windows\System\KsbHqyz.exe
  2⤵
  PID:3220
- C:\Windows\System\JUBUZFr.exe
  C:\Windows\System\JUBUZFr.exe
  2⤵
  PID:3236
- C:\Windows\System\pjXxnVo.exe
  C:\Windows\System\pjXxnVo.exe
  2⤵
  PID:3252
- C:\Windows\System\vqRBYjn.exe
  C:\Windows\System\vqRBYjn.exe
  2⤵
  PID:3276
- C:\Windows\System\htGeevK.exe
  C:\Windows\System\htGeevK.exe
  2⤵
  PID:3308
- C:\Windows\System\MwdeNfX.exe
  C:\Windows\System\MwdeNfX.exe
  2⤵
  PID:3328
- C:\Windows\System\NluOIid.exe
  C:\Windows\System\NluOIid.exe
  2⤵
  PID:3344
- C:\Windows\System\LBdQXMV.exe
  C:\Windows\System\LBdQXMV.exe
  2⤵
  PID:3360
- C:\Windows\System\bWVOVyt.exe
  C:\Windows\System\bWVOVyt.exe
  2⤵
  PID:3376
- C:\Windows\System\irZOPQw.exe
  C:\Windows\System\irZOPQw.exe
  2⤵
  PID:3396
- C:\Windows\System\HoEOAVS.exe
  C:\Windows\System\HoEOAVS.exe
  2⤵
  PID:3424
- C:\Windows\System\bcbkTtp.exe
  C:\Windows\System\bcbkTtp.exe
  2⤵
  PID:3440
- C:\Windows\System\mOcPRys.exe
  C:\Windows\System\mOcPRys.exe
  2⤵
  PID:3456
- C:\Windows\System\gvFYikF.exe
  C:\Windows\System\gvFYikF.exe
  2⤵
  PID:3472
- C:\Windows\System\tfngAMb.exe
  C:\Windows\System\tfngAMb.exe
  2⤵
  PID:3488
- C:\Windows\System\ZxnyXGK.exe
  C:\Windows\System\ZxnyXGK.exe
  2⤵
  PID:3504
- C:\Windows\System\MPdQlLN.exe
  C:\Windows\System\MPdQlLN.exe
  2⤵
  PID:3520
- C:\Windows\System\FGvfQzO.exe
  C:\Windows\System\FGvfQzO.exe
  2⤵
  PID:3536
- C:\Windows\System\GhaIryG.exe
  C:\Windows\System\GhaIryG.exe
  2⤵
  PID:3552
- C:\Windows\System\PLyuKcy.exe
  C:\Windows\System\PLyuKcy.exe
  2⤵
  PID:3572
- C:\Windows\System\HazYbkW.exe
  C:\Windows\System\HazYbkW.exe
  2⤵
  PID:3588
- C:\Windows\System\BRfdQFP.exe
  C:\Windows\System\BRfdQFP.exe
  2⤵
  PID:3608
- C:\Windows\System\gebyXYX.exe
  C:\Windows\System\gebyXYX.exe
  2⤵
  PID:3628
- C:\Windows\System\RaLXqxY.exe
  C:\Windows\System\RaLXqxY.exe
  2⤵
  PID:3648
- C:\Windows\System\VdhKHlq.exe
  C:\Windows\System\VdhKHlq.exe
  2⤵
  PID:3672
- C:\Windows\System\xAxryhw.exe
  C:\Windows\System\xAxryhw.exe
  2⤵
  PID:3688
- C:\Windows\System\tKYCvPw.exe
  C:\Windows\System\tKYCvPw.exe
  2⤵
  PID:3704
- C:\Windows\System\EKVDnwq.exe
  C:\Windows\System\EKVDnwq.exe
  2⤵
  PID:3780
- C:\Windows\System\VmJhqDE.exe
  C:\Windows\System\VmJhqDE.exe
  2⤵
  PID:3796
- C:\Windows\System\ZnCoCdG.exe
  C:\Windows\System\ZnCoCdG.exe
  2⤵
  PID:3812
- C:\Windows\System\jWiiCYK.exe
  C:\Windows\System\jWiiCYK.exe
  2⤵
  PID:3840
- C:\Windows\System\UOyBdFn.exe
  C:\Windows\System\UOyBdFn.exe
  2⤵
  PID:3856
- C:\Windows\System\gDToEQU.exe
  C:\Windows\System\gDToEQU.exe
  2⤵
  PID:3880
- C:\Windows\System\XRCudHR.exe
  C:\Windows\System\XRCudHR.exe
  2⤵
  PID:3896
- C:\Windows\System\DiJJtsr.exe
  C:\Windows\System\DiJJtsr.exe
  2⤵
  PID:3916
- C:\Windows\System\vBakbjb.exe
  C:\Windows\System\vBakbjb.exe
  2⤵
  PID:3936
- C:\Windows\System\FUWojnO.exe
  C:\Windows\System\FUWojnO.exe
  2⤵
  PID:3952
- C:\Windows\System\pOAFWQX.exe
  C:\Windows\System\pOAFWQX.exe
  2⤵
  PID:3968
- C:\Windows\System\PoOGSZe.exe
  C:\Windows\System\PoOGSZe.exe
  2⤵
  PID:3984
- C:\Windows\System\ykRIaGA.exe
  C:\Windows\System\ykRIaGA.exe
  2⤵
  PID:4000
- C:\Windows\System\LizrUZu.exe
  C:\Windows\System\LizrUZu.exe
  2⤵
  PID:4020
- C:\Windows\System\pENZqRC.exe
  C:\Windows\System\pENZqRC.exe
  2⤵
  PID:4040
- C:\Windows\System\MzTbkmG.exe
  C:\Windows\System\MzTbkmG.exe
  2⤵
  PID:4056
- C:\Windows\System\pXskmVL.exe
  C:\Windows\System\pXskmVL.exe
  2⤵
  PID:4072
- C:\Windows\System\CKeZGpO.exe
  C:\Windows\System\CKeZGpO.exe
  2⤵
  PID:736
- C:\Windows\System\ZIWvYdx.exe
  C:\Windows\System\ZIWvYdx.exe
  2⤵
  PID:1720
- C:\Windows\System\AJqodnO.exe
  C:\Windows\System\AJqodnO.exe
  2⤵
  PID:3076
- C:\Windows\System\qxbHKXl.exe
  C:\Windows\System\qxbHKXl.exe
  2⤵
  PID:1040
- C:\Windows\System\VvAiDKZ.exe
  C:\Windows\System\VvAiDKZ.exe
  2⤵
  PID:3104
- C:\Windows\System\mXJxUqS.exe
  C:\Windows\System\mXJxUqS.exe
  2⤵
  PID:3128
- C:\Windows\System\naKKbEM.exe
  C:\Windows\System\naKKbEM.exe
  2⤵
  PID:872
- C:\Windows\System\SaGOibi.exe
  C:\Windows\System\SaGOibi.exe
  2⤵
  PID:3184
- C:\Windows\System\fbaEdrk.exe
  C:\Windows\System\fbaEdrk.exe
  2⤵
  PID:3232
- C:\Windows\System\rqwaNbu.exe
  C:\Windows\System\rqwaNbu.exe
  2⤵
  PID:3200
- C:\Windows\System\arbxIWk.exe
  C:\Windows\System\arbxIWk.exe
  2⤵
  PID:3268
- C:\Windows\System\JyzWAQH.exe
  C:\Windows\System\JyzWAQH.exe
  2⤵
  PID:3292
- C:\Windows\System\FJlqqZJ.exe
  C:\Windows\System\FJlqqZJ.exe
  2⤵
  PID:3316
- C:\Windows\System\aFCHVrm.exe
  C:\Windows\System\aFCHVrm.exe
  2⤵
  PID:3384
- C:\Windows\System\qqXECWQ.exe
  C:\Windows\System\qqXECWQ.exe
  2⤵
  PID:3436
- C:\Windows\System\jUKzdEd.exe
  C:\Windows\System\jUKzdEd.exe
  2⤵
  PID:3496
- C:\Windows\System\VyKchIc.exe
  C:\Windows\System\VyKchIc.exe
  2⤵
  PID:3560
- C:\Windows\System\wKmLEqg.exe
  C:\Windows\System\wKmLEqg.exe
  2⤵
  PID:3408
- C:\Windows\System\ycpbEXx.exe
  C:\Windows\System\ycpbEXx.exe
  2⤵
  PID:3480
- C:\Windows\System\OjVLLFa.exe
  C:\Windows\System\OjVLLFa.exe
  2⤵
  PID:3636
- C:\Windows\System\NwrOsSo.exe
  C:\Windows\System\NwrOsSo.exe
  2⤵
  PID:3712
- C:\Windows\System\kyXBjDg.exe
  C:\Windows\System\kyXBjDg.exe
  2⤵
  PID:3620
- C:\Windows\System\KUKEpwN.exe
  C:\Windows\System\KUKEpwN.exe
  2⤵
  PID:3668
- C:\Windows\System\jCUMQWG.exe
  C:\Windows\System\jCUMQWG.exe
  2⤵
  PID:3724
- C:\Windows\System\AIsooZz.exe
  C:\Windows\System\AIsooZz.exe
  2⤵
  PID:3744
- C:\Windows\System\eHFArwp.exe
  C:\Windows\System\eHFArwp.exe
  2⤵
  PID:3716
- C:\Windows\System\kmtTEBL.exe
  C:\Windows\System\kmtTEBL.exe
  2⤵
  PID:3824
- C:\Windows\System\HDkOqOH.exe
  C:\Windows\System\HDkOqOH.exe
  2⤵
  PID:3864
- C:\Windows\System\tUKTMto.exe
  C:\Windows\System\tUKTMto.exe
  2⤵
  PID:3876
- C:\Windows\System\QvjWOuS.exe
  C:\Windows\System\QvjWOuS.exe
  2⤵
  PID:3912
- C:\Windows\System\RnQWhQZ.exe
  C:\Windows\System\RnQWhQZ.exe
  2⤵
  PID:3980
- C:\Windows\System\bWNDOPD.exe
  C:\Windows\System\bWNDOPD.exe
  2⤵
  PID:4052
- C:\Windows\System\UASllAx.exe
  C:\Windows\System\UASllAx.exe
  2⤵
  PID:1868
- C:\Windows\System\TuhqwiM.exe
  C:\Windows\System\TuhqwiM.exe
  2⤵
  PID:2488
- C:\Windows\System\tNwZfpE.exe
  C:\Windows\System\tNwZfpE.exe
  2⤵
  PID:4032
- C:\Windows\System\bzpuylG.exe
  C:\Windows\System\bzpuylG.exe
  2⤵
  PID:3964
- C:\Windows\System\TpwRCMf.exe
  C:\Windows\System\TpwRCMf.exe
  2⤵
  PID:1824
- C:\Windows\System\UphxeZo.exe
  C:\Windows\System\UphxeZo.exe
  2⤵
  PID:2396
- C:\Windows\System\scbhqmS.exe
  C:\Windows\System\scbhqmS.exe
  2⤵
  PID:2168
- C:\Windows\System\rCLlDUa.exe
  C:\Windows\System\rCLlDUa.exe
  2⤵
  PID:3092
- C:\Windows\System\bfvMuza.exe
  C:\Windows\System\bfvMuza.exe
  2⤵
  PID:3288
- C:\Windows\System\ssBQkpF.exe
  C:\Windows\System\ssBQkpF.exe
  2⤵
  PID:3468
- C:\Windows\System\QIwrReT.exe
  C:\Windows\System\QIwrReT.exe
  2⤵
  PID:3300
- C:\Windows\System\ieAPaoE.exe
  C:\Windows\System\ieAPaoE.exe
  2⤵
  PID:3644
- C:\Windows\System\HunDjpr.exe
  C:\Windows\System\HunDjpr.exe
  2⤵
  PID:3372
- C:\Windows\System\gqteKXU.exe
  C:\Windows\System\gqteKXU.exe
  2⤵
  PID:3732
- C:\Windows\System\GnKWUNA.exe
  C:\Windows\System\GnKWUNA.exe
  2⤵
  PID:3604
- C:\Windows\System\bUrgWcU.exe
  C:\Windows\System\bUrgWcU.exe
  2⤵
  PID:3832
- C:\Windows\System\BOivwno.exe
  C:\Windows\System\BOivwno.exe
  2⤵
  PID:4016
- C:\Windows\System\KkqlOLA.exe
  C:\Windows\System\KkqlOLA.exe
  2⤵
  PID:3996
- C:\Windows\System\DwlzZjM.exe
  C:\Windows\System\DwlzZjM.exe
  2⤵
  PID:1696
- C:\Windows\System\akoiMzF.exe
  C:\Windows\System\akoiMzF.exe
  2⤵
  PID:3176
- C:\Windows\System\XaJGvjU.exe
  C:\Windows\System\XaJGvjU.exe
  2⤵
  PID:3700
- C:\Windows\System\ffsIczf.exe
  C:\Windows\System\ffsIczf.exe
  2⤵
  PID:3772
- C:\Windows\System\vpySTGP.exe
  C:\Windows\System\vpySTGP.exe
  2⤵
  PID:2460
- C:\Windows\System\VuhZXzn.exe
  C:\Windows\System\VuhZXzn.exe
  2⤵
  PID:3096
- C:\Windows\System\rprgJDS.exe
  C:\Windows\System\rprgJDS.exe
  2⤵
  PID:3260
- C:\Windows\System\DMsPFpK.exe
  C:\Windows\System\DMsPFpK.exe
  2⤵
  PID:3244
- C:\Windows\System\wFDyMIn.exe
  C:\Windows\System\wFDyMIn.exe
  2⤵
  PID:840
- C:\Windows\System\qYuApYB.exe
  C:\Windows\System\qYuApYB.exe
  2⤵
  PID:3548
- C:\Windows\System\zZFKrJf.exe
  C:\Windows\System\zZFKrJf.exe
  2⤵
  PID:3908
- C:\Windows\System\Limleaz.exe
  C:\Windows\System\Limleaz.exe
  2⤵
  PID:2400
- C:\Windows\System\jivPbyS.exe
  C:\Windows\System\jivPbyS.exe
  2⤵
  PID:3760
- C:\Windows\System\OVoBnIl.exe
  C:\Windows\System\OVoBnIl.exe
  2⤵
  PID:3740
- C:\Windows\System\yPYfIgM.exe
  C:\Windows\System\yPYfIgM.exe
  2⤵
  PID:4092
- C:\Windows\System\SAHLlOp.exe
  C:\Windows\System\SAHLlOp.exe
  2⤵
  PID:3324
- C:\Windows\System\ekAfbuI.exe
  C:\Windows\System\ekAfbuI.exe
  2⤵
  PID:3248
- C:\Windows\System\ljMXzja.exe
  C:\Windows\System\ljMXzja.exe
  2⤵
  PID:3892
- C:\Windows\System\EcuQCHC.exe
  C:\Windows\System\EcuQCHC.exe
  2⤵
  PID:3616
- C:\Windows\System\CiYMEdh.exe
  C:\Windows\System\CiYMEdh.exe
  2⤵
  PID:3868
- C:\Windows\System\wLVhubW.exe
  C:\Windows\System\wLVhubW.exe
  2⤵
  PID:3752
- C:\Windows\System\YOzOTCk.exe
  C:\Windows\System\YOzOTCk.exe
  2⤵
  PID:3924
- C:\Windows\System\WKIqhEz.exe
  C:\Windows\System\WKIqhEz.exe
  2⤵
  PID:4012
- C:\Windows\System\SweZGjn.exe
  C:\Windows\System\SweZGjn.exe
  2⤵
  PID:4112
- C:\Windows\System\jErOXwk.exe
  C:\Windows\System\jErOXwk.exe
  2⤵
  PID:4128
- C:\Windows\System\iMydUyC.exe
  C:\Windows\System\iMydUyC.exe
  2⤵
  PID:4148
- C:\Windows\System\qLAtpEw.exe
  C:\Windows\System\qLAtpEw.exe
  2⤵
  PID:4172
- C:\Windows\System\IBwQWkR.exe
  C:\Windows\System\IBwQWkR.exe
  2⤵
  PID:4196
- C:\Windows\System\JvMdROB.exe
  C:\Windows\System\JvMdROB.exe
  2⤵
  PID:4224
- C:\Windows\System\qcTrBwf.exe
  C:\Windows\System\qcTrBwf.exe
  2⤵
  PID:4248
- C:\Windows\System\XvridAB.exe
  C:\Windows\System\XvridAB.exe
  2⤵
  PID:4268
- C:\Windows\System\zMulcqZ.exe
  C:\Windows\System\zMulcqZ.exe
  2⤵
  PID:4296
- C:\Windows\System\EOgqqgN.exe
  C:\Windows\System\EOgqqgN.exe
  2⤵
  PID:4312
- C:\Windows\System\VhTRQYM.exe
  C:\Windows\System\VhTRQYM.exe
  2⤵
  PID:4328
- C:\Windows\System\YmDQgZh.exe
  C:\Windows\System\YmDQgZh.exe
  2⤵
  PID:4344
- C:\Windows\System\idBIpsv.exe
  C:\Windows\System\idBIpsv.exe
  2⤵
  PID:4360
- C:\Windows\System\muxcDVM.exe
  C:\Windows\System\muxcDVM.exe
  2⤵
  PID:4376
- C:\Windows\System\sztCbUY.exe
  C:\Windows\System\sztCbUY.exe
  2⤵
  PID:4408
- C:\Windows\System\yHmOHZi.exe
  C:\Windows\System\yHmOHZi.exe
  2⤵
  PID:4432
- C:\Windows\System\sJbGchw.exe
  C:\Windows\System\sJbGchw.exe
  2⤵
  PID:4448
- C:\Windows\System\FVlDHQI.exe
  C:\Windows\System\FVlDHQI.exe
  2⤵
  PID:4464
- C:\Windows\System\qlDSGHO.exe
  C:\Windows\System\qlDSGHO.exe
  2⤵
  PID:4480
- C:\Windows\System\gUFXmrn.exe
  C:\Windows\System\gUFXmrn.exe
  2⤵
  PID:4496
- C:\Windows\System\JGpoGZZ.exe
  C:\Windows\System\JGpoGZZ.exe
  2⤵
  PID:4512
- C:\Windows\System\xPIqGNd.exe
  C:\Windows\System\xPIqGNd.exe
  2⤵
  PID:4536
- C:\Windows\System\EfBQsKs.exe
  C:\Windows\System\EfBQsKs.exe
  2⤵
  PID:4564
- C:\Windows\System\lZQMlcM.exe
  C:\Windows\System\lZQMlcM.exe
  2⤵
  PID:4588
- C:\Windows\System\LnjgEgi.exe
  C:\Windows\System\LnjgEgi.exe
  2⤵
  PID:4604
- C:\Windows\System\VFbCUdU.exe
  C:\Windows\System\VFbCUdU.exe
  2⤵
  PID:4624
- C:\Windows\System\gwizJeg.exe
  C:\Windows\System\gwizJeg.exe
  2⤵
  PID:4672
- C:\Windows\System\FilCaoo.exe
  C:\Windows\System\FilCaoo.exe
  2⤵
  PID:4688
- C:\Windows\System\ZlchgWJ.exe
  C:\Windows\System\ZlchgWJ.exe
  2⤵
  PID:4708
- C:\Windows\System\sLYXSzv.exe
  C:\Windows\System\sLYXSzv.exe
  2⤵
  PID:4728
- C:\Windows\System\scdbWgm.exe
  C:\Windows\System\scdbWgm.exe
  2⤵
  PID:4744
- C:\Windows\System\aoTkCvX.exe
  C:\Windows\System\aoTkCvX.exe
  2⤵
  PID:4760
- C:\Windows\System\jiCfuNu.exe
  C:\Windows\System\jiCfuNu.exe
  2⤵
  PID:4792
- C:\Windows\System\OwnYSUH.exe
  C:\Windows\System\OwnYSUH.exe
  2⤵
  PID:4808
- C:\Windows\System\uzhxTVy.exe
  C:\Windows\System\uzhxTVy.exe
  2⤵
  PID:4824
- C:\Windows\System\KdXvRuU.exe
  C:\Windows\System\KdXvRuU.exe
  2⤵
  PID:4840
- C:\Windows\System\WwBqELq.exe
  C:\Windows\System\WwBqELq.exe
  2⤵
  PID:4860
- C:\Windows\System\aDnUVhC.exe
  C:\Windows\System\aDnUVhC.exe
  2⤵
  PID:4876
- C:\Windows\System\MfHsjwn.exe
  C:\Windows\System\MfHsjwn.exe
  2⤵
  PID:4908
- C:\Windows\System\DzTymsD.exe
  C:\Windows\System\DzTymsD.exe
  2⤵
  PID:4924
- C:\Windows\System\XGzApGL.exe
  C:\Windows\System\XGzApGL.exe
  2⤵
  PID:4940
- C:\Windows\System\AfJXDqG.exe
  C:\Windows\System\AfJXDqG.exe
  2⤵
  PID:4956
- C:\Windows\System\CTWErME.exe
  C:\Windows\System\CTWErME.exe
  2⤵
  PID:4972
- C:\Windows\System\DvtEATh.exe
  C:\Windows\System\DvtEATh.exe
  2⤵
  PID:4988
- C:\Windows\System\WWOfZJX.exe
  C:\Windows\System\WWOfZJX.exe
  2⤵
  PID:5004
- C:\Windows\System\SxzximI.exe
  C:\Windows\System\SxzximI.exe
  2⤵
  PID:5020
- C:\Windows\System\kdLpBYr.exe
  C:\Windows\System\kdLpBYr.exe
  2⤵
  PID:5036
- C:\Windows\System\EKCxJqo.exe
  C:\Windows\System\EKCxJqo.exe
  2⤵
  PID:5092
- C:\Windows\System\FVscDek.exe
  C:\Windows\System\FVscDek.exe
  2⤵
  PID:5108
- C:\Windows\System\gTOJBTc.exe
  C:\Windows\System\gTOJBTc.exe
  2⤵
  PID:3516
- C:\Windows\System\wReitAP.exe
  C:\Windows\System\wReitAP.exe
  2⤵
  PID:4136
- C:\Windows\System\witzECn.exe
  C:\Windows\System\witzECn.exe
  2⤵
  PID:3124
- C:\Windows\System\HwlBiwR.exe
  C:\Windows\System\HwlBiwR.exe
  2⤵
  PID:4064
- C:\Windows\System\UCzUCED.exe
  C:\Windows\System\UCzUCED.exe
  2⤵
  PID:4188
- C:\Windows\System\rJaSKTG.exe
  C:\Windows\System\rJaSKTG.exe
  2⤵
  PID:4240
- C:\Windows\System\oJuXTlj.exe
  C:\Windows\System\oJuXTlj.exe
  2⤵
  PID:4276
- C:\Windows\System\sWKiRWe.exe
  C:\Windows\System\sWKiRWe.exe
  2⤵
  PID:4292
- C:\Windows\System\NNABXIy.exe
  C:\Windows\System\NNABXIy.exe
  2⤵
  PID:3764
- C:\Windows\System\nYBspSJ.exe
  C:\Windows\System\nYBspSJ.exe
  2⤵
  PID:4208
- C:\Windows\System\LPmkDvU.exe
  C:\Windows\System\LPmkDvU.exe
  2⤵
  PID:4260
- C:\Windows\System\ZCuQxTT.exe
  C:\Windows\System\ZCuQxTT.exe
  2⤵
  PID:4372
- C:\Windows\System\AYcmyDm.exe
  C:\Windows\System\AYcmyDm.exe
  2⤵
  PID:4504
- C:\Windows\System\PQaeeYZ.exe
  C:\Windows\System\PQaeeYZ.exe
  2⤵
  PID:4508
- C:\Windows\System\AlmaBoP.exe
  C:\Windows\System\AlmaBoP.exe
  2⤵
  PID:4420
- C:\Windows\System\etNHOUU.exe
  C:\Windows\System\etNHOUU.exe
  2⤵
  PID:4524
- C:\Windows\System\RDkaRiI.exe
  C:\Windows\System\RDkaRiI.exe
  2⤵
  PID:4584
- C:\Windows\System\tqhJxzj.exe
  C:\Windows\System\tqhJxzj.exe
  2⤵
  PID:4644
- C:\Windows\System\rcJKjzS.exe
  C:\Windows\System\rcJKjzS.exe
  2⤵
  PID:4664
- C:\Windows\System\idpnbvS.exe
  C:\Windows\System\idpnbvS.exe
  2⤵
  PID:4460
- C:\Windows\System\SLlbZjP.exe
  C:\Windows\System\SLlbZjP.exe
  2⤵
  PID:4660
- C:\Windows\System\bDKvbwh.exe
  C:\Windows\System\bDKvbwh.exe
  2⤵
  PID:4704
- C:\Windows\System\DnnuSeI.exe
  C:\Windows\System\DnnuSeI.exe
  2⤵
  PID:4716
- C:\Windows\System\vzQiaOZ.exe
  C:\Windows\System\vzQiaOZ.exe
  2⤵
  PID:4772
- C:\Windows\System\KDtXrJE.exe
  C:\Windows\System\KDtXrJE.exe
  2⤵
  PID:4820
- C:\Windows\System\jARLqec.exe
  C:\Windows\System\jARLqec.exe
  2⤵
  PID:4856
- C:\Windows\System\MGaNTEh.exe
  C:\Windows\System\MGaNTEh.exe
  2⤵
  PID:4836
- C:\Windows\System\qfizUzE.exe
  C:\Windows\System\qfizUzE.exe
  2⤵
  PID:4904
- C:\Windows\System\IjjZexY.exe
  C:\Windows\System\IjjZexY.exe
  2⤵
  PID:4916
- C:\Windows\System\hLXklbl.exe
  C:\Windows\System\hLXklbl.exe
  2⤵
  PID:4980
- C:\Windows\System\KWwyiXP.exe
  C:\Windows\System\KWwyiXP.exe
  2⤵
  PID:5000
- C:\Windows\System\LcvKTuS.exe
  C:\Windows\System\LcvKTuS.exe
  2⤵
  PID:5068
- C:\Windows\System\GDnKxzF.exe
  C:\Windows\System\GDnKxzF.exe
  2⤵
  PID:5016
- C:\Windows\System\MrRaSKL.exe
  C:\Windows\System\MrRaSKL.exe
  2⤵
  PID:5084
- C:\Windows\System\QqpeOCt.exe
  C:\Windows\System\QqpeOCt.exe
  2⤵
  PID:3304
- C:\Windows\System\pGifTre.exe
  C:\Windows\System\pGifTre.exe
  2⤵
  PID:4184
- C:\Windows\System\gyAsgYH.exe
  C:\Windows\System\gyAsgYH.exe
  2⤵
  PID:4144
- C:\Windows\System\GyaAwhh.exe
  C:\Windows\System\GyaAwhh.exe
  2⤵
  PID:3532
- C:\Windows\System\drZRKCJ.exe
  C:\Windows\System\drZRKCJ.exe
  2⤵
  PID:4324
- C:\Windows\System\PqaxLTE.exe
  C:\Windows\System\PqaxLTE.exe
  2⤵
  PID:4304
- C:\Windows\System\ivvpEKv.exe
  C:\Windows\System\ivvpEKv.exe
  2⤵
  PID:4168
- C:\Windows\System\XCGIhOI.exe
  C:\Windows\System\XCGIhOI.exe
  2⤵
  PID:4544
- C:\Windows\System\dsYWtcB.exe
  C:\Windows\System\dsYWtcB.exe
  2⤵
  PID:4632
- C:\Windows\System\pJiirsz.exe
  C:\Windows\System\pJiirsz.exe
  2⤵
  PID:4424
- C:\Windows\System\zSFjCba.exe
  C:\Windows\System\zSFjCba.exe
  2⤵
  PID:4576
- C:\Windows\System\FLkclty.exe
  C:\Windows\System\FLkclty.exe
  2⤵
  PID:4700
- C:\Windows\System\PtbyTaa.exe
  C:\Windows\System\PtbyTaa.exe
  2⤵
  PID:4776
- C:\Windows\System\fSgAvOj.exe
  C:\Windows\System\fSgAvOj.exe
  2⤵
  PID:4900
- C:\Windows\System\MevkdGL.exe
  C:\Windows\System\MevkdGL.exe
  2⤵
  PID:4952
- C:\Windows\System\svdXwQZ.exe
  C:\Windows\System\svdXwQZ.exe
  2⤵
  PID:5032
- C:\Windows\System\azdCrjU.exe
  C:\Windows\System\azdCrjU.exe
  2⤵
  PID:4788
- C:\Windows\System\XeZntJB.exe
  C:\Windows\System\XeZntJB.exe
  2⤵
  PID:4888
- C:\Windows\System\dIzfPTF.exe
  C:\Windows\System\dIzfPTF.exe
  2⤵
  PID:5060
- C:\Windows\System\MMoHXQQ.exe
  C:\Windows\System\MMoHXQQ.exe
  2⤵
  PID:4872
- C:\Windows\System\RkjOVsW.exe
  C:\Windows\System\RkjOVsW.exe
  2⤵
  PID:4368
- C:\Windows\System\eTOfnER.exe
  C:\Windows\System\eTOfnER.exe
  2⤵
  PID:4964
- C:\Windows\System\UBmyfpA.exe
  C:\Windows\System\UBmyfpA.exe
  2⤵
  PID:3448
- C:\Windows\System\tBfXQXZ.exe
  C:\Windows\System\tBfXQXZ.exe
  2⤵
  PID:4472
- C:\Windows\System\gGGJpyN.exe
  C:\Windows\System\gGGJpyN.exe
  2⤵
  PID:4256
- C:\Windows\System\AtDnOpJ.exe
  C:\Windows\System\AtDnOpJ.exe
  2⤵
  PID:4444
- C:\Windows\System\sIHZdVL.exe
  C:\Windows\System\sIHZdVL.exe
  2⤵
  PID:4656
- C:\Windows\System\kapXCRq.exe
  C:\Windows\System\kapXCRq.exe
  2⤵
  PID:5048
- C:\Windows\System\kvikkPv.exe
  C:\Windows\System\kvikkPv.exe
  2⤵
  PID:5100
- C:\Windows\System\IjvMIzu.exe
  C:\Windows\System\IjvMIzu.exe
  2⤵
  PID:4104
- C:\Windows\System\JYbUIDh.exe
  C:\Windows\System\JYbUIDh.exe
  2⤵
  PID:4724
- C:\Windows\System\ahHJhtP.exe
  C:\Windows\System\ahHJhtP.exe
  2⤵
  PID:5056
- C:\Windows\System\GpSYsTv.exe
  C:\Windows\System\GpSYsTv.exe
  2⤵
  PID:4620
- C:\Windows\System\rCJqThZ.exe
  C:\Windows\System\rCJqThZ.exe
  2⤵
  PID:4336
- C:\Windows\System\JtWSbIe.exe
  C:\Windows\System\JtWSbIe.exe
  2⤵
  PID:3528
- C:\Windows\System\hbuOzuy.exe
  C:\Windows\System\hbuOzuy.exe
  2⤵
  PID:4784
- C:\Windows\System\NLzRWUY.exe
  C:\Windows\System\NLzRWUY.exe
  2⤵
  PID:3776
- C:\Windows\System\WDOszeW.exe
  C:\Windows\System\WDOszeW.exe
  2⤵
  PID:4428
- C:\Windows\System\YotGrfH.exe
  C:\Windows\System\YotGrfH.exe
  2⤵
  PID:4108
- C:\Windows\System\betPPal.exe
  C:\Windows\System\betPPal.exe
  2⤵
  PID:4340
- C:\Windows\System\yZksfAg.exe
  C:\Windows\System\yZksfAg.exe
  2⤵
  PID:4204
- C:\Windows\System\eisiCix.exe
  C:\Windows\System\eisiCix.exe
  2⤵
  PID:4164
- C:\Windows\System\Syewqec.exe
  C:\Windows\System\Syewqec.exe
  2⤵
  PID:4532
- C:\Windows\System\npWsHzj.exe
  C:\Windows\System\npWsHzj.exe
  2⤵
  PID:1480
- C:\Windows\System\AAvGupA.exe
  C:\Windows\System\AAvGupA.exe
  2⤵
  PID:4288
- C:\Windows\System\iYGUIcB.exe
  C:\Windows\System\iYGUIcB.exe
  2⤵
  PID:5128
- C:\Windows\System\rkbFmAQ.exe
  C:\Windows\System\rkbFmAQ.exe
  2⤵
  PID:5152
- C:\Windows\System\jBHXzFB.exe
  C:\Windows\System\jBHXzFB.exe
  2⤵
  PID:5176
- C:\Windows\System\heITEuE.exe
  C:\Windows\System\heITEuE.exe
  2⤵
  PID:5200
- C:\Windows\System\NJbvigY.exe
  C:\Windows\System\NJbvigY.exe
  2⤵
  PID:5232
- C:\Windows\System\CMJzJGo.exe
  C:\Windows\System\CMJzJGo.exe
  2⤵
  PID:5248
- C:\Windows\System\YzyytMv.exe
  C:\Windows\System\YzyytMv.exe
  2⤵
  PID:5264
- C:\Windows\System\FkrqXLZ.exe
  C:\Windows\System\FkrqXLZ.exe
  2⤵
  PID:5284
- C:\Windows\System\TZEyLHN.exe
  C:\Windows\System\TZEyLHN.exe
  2⤵
  PID:5304
- C:\Windows\System\GNggvWY.exe
  C:\Windows\System\GNggvWY.exe
  2⤵
  PID:5328
- C:\Windows\System\rzuTwee.exe
  C:\Windows\System\rzuTwee.exe
  2⤵
  PID:5344
- C:\Windows\System\ZQqStks.exe
  C:\Windows\System\ZQqStks.exe
  2⤵
  PID:5360
- C:\Windows\System\VqHkDUq.exe
  C:\Windows\System\VqHkDUq.exe
  2⤵
  PID:5380
- C:\Windows\System\BMFLaqC.exe
  C:\Windows\System\BMFLaqC.exe
  2⤵
  PID:5396
- C:\Windows\System\HxyQVCr.exe
  C:\Windows\System\HxyQVCr.exe
  2⤵
  PID:5412
- C:\Windows\System\CVhjzzR.exe
  C:\Windows\System\CVhjzzR.exe
  2⤵
  PID:5452
- C:\Windows\System\qNUeRHj.exe
  C:\Windows\System\qNUeRHj.exe
  2⤵
  PID:5472
- C:\Windows\System\fCmIpGx.exe
  C:\Windows\System\fCmIpGx.exe
  2⤵
  PID:5488
- C:\Windows\System\laDoHvm.exe
  C:\Windows\System\laDoHvm.exe
  2⤵
  PID:5508
- C:\Windows\System\cCXRShr.exe
  C:\Windows\System\cCXRShr.exe
  2⤵
  PID:5528
- C:\Windows\System\wDITQiJ.exe
  C:\Windows\System\wDITQiJ.exe
  2⤵
  PID:5544
- C:\Windows\System\mCLuKJP.exe
  C:\Windows\System\mCLuKJP.exe
  2⤵
  PID:5564
- C:\Windows\System\EHUQXAm.exe
  C:\Windows\System\EHUQXAm.exe
  2⤵
  PID:5580
- C:\Windows\System\nlqiPKz.exe
  C:\Windows\System\nlqiPKz.exe
  2⤵
  PID:5620
- C:\Windows\System\LAMNNNq.exe
  C:\Windows\System\LAMNNNq.exe
  2⤵
  PID:5636
- C:\Windows\System\Dnlcjgf.exe
  C:\Windows\System\Dnlcjgf.exe
  2⤵
  PID:5656
- C:\Windows\System\tAyLSXN.exe
  C:\Windows\System\tAyLSXN.exe
  2⤵
  PID:5676
- C:\Windows\System\YFZJWNm.exe
  C:\Windows\System\YFZJWNm.exe
  2⤵
  PID:5696
- C:\Windows\System\YlUYzxm.exe
  C:\Windows\System\YlUYzxm.exe
  2⤵
  PID:5712
- C:\Windows\System\ZCJHHpL.exe
  C:\Windows\System\ZCJHHpL.exe
  2⤵
  PID:5736
- C:\Windows\System\nZhQKep.exe
  C:\Windows\System\nZhQKep.exe
  2⤵
  PID:5756
- C:\Windows\System\DiSiUGy.exe
  C:\Windows\System\DiSiUGy.exe
  2⤵
  PID:5772
- C:\Windows\System\bQUNTmT.exe
  C:\Windows\System\bQUNTmT.exe
  2⤵
  PID:5788
- C:\Windows\System\bOpXXQT.exe
  C:\Windows\System\bOpXXQT.exe
  2⤵
  PID:5812
- C:\Windows\System\NchXWOP.exe
  C:\Windows\System\NchXWOP.exe
  2⤵
  PID:5828
- C:\Windows\System\STVJzrw.exe
  C:\Windows\System\STVJzrw.exe
  2⤵
  PID:5844
- C:\Windows\System\SMkOsNv.exe
  C:\Windows\System\SMkOsNv.exe
  2⤵
  PID:5860
- C:\Windows\System\OdLbOwe.exe
  C:\Windows\System\OdLbOwe.exe
  2⤵
  PID:5876
- C:\Windows\System\mcvOBoC.exe
  C:\Windows\System\mcvOBoC.exe
  2⤵
  PID:5900
- C:\Windows\System\AtDXkdc.exe
  C:\Windows\System\AtDXkdc.exe
  2⤵
  PID:5940
- C:\Windows\System\MurVzXf.exe
  C:\Windows\System\MurVzXf.exe
  2⤵
  PID:5956
- C:\Windows\System\msCdbch.exe
  C:\Windows\System\msCdbch.exe
  2⤵
  PID:5972
- C:\Windows\System\zEsvQIz.exe
  C:\Windows\System\zEsvQIz.exe
  2⤵
  PID:5996
- C:\Windows\System\ZThAcGs.exe
  C:\Windows\System\ZThAcGs.exe
  2⤵
  PID:6016
- C:\Windows\System\sUshgXU.exe
  C:\Windows\System\sUshgXU.exe
  2⤵
  PID:6036
- C:\Windows\System\QELRJJk.exe
  C:\Windows\System\QELRJJk.exe
  2⤵
  PID:6056
- C:\Windows\System\slyFpZa.exe
  C:\Windows\System\slyFpZa.exe
  2⤵
  PID:6080
- C:\Windows\System\zstXpXQ.exe
  C:\Windows\System\zstXpXQ.exe
  2⤵
  PID:6096
- C:\Windows\System\AHHQDpD.exe
  C:\Windows\System\AHHQDpD.exe
  2⤵
  PID:6112
- C:\Windows\System\DjtNyOC.exe
  C:\Windows\System\DjtNyOC.exe
  2⤵
  PID:6136
- C:\Windows\System\FCWJOtE.exe
  C:\Windows\System\FCWJOtE.exe
  2⤵
  PID:5124
- C:\Windows\System\RKZEbIn.exe
  C:\Windows\System\RKZEbIn.exe
  2⤵
  PID:5148
- C:\Windows\System\ckkhJPa.exe
  C:\Windows\System\ckkhJPa.exe
  2⤵
  PID:5172
- C:\Windows\System\Ihatriu.exe
  C:\Windows\System\Ihatriu.exe
  2⤵
  PID:4652
- C:\Windows\System\fvghDBH.exe
  C:\Windows\System\fvghDBH.exe
  2⤵
  PID:5220
- C:\Windows\System\hdsnyVr.exe
  C:\Windows\System\hdsnyVr.exe
  2⤵
  PID:5184
- C:\Windows\System\VFIisLN.exe
  C:\Windows\System\VFIisLN.exe
  2⤵
  PID:5296
- C:\Windows\System\UiILULd.exe
  C:\Windows\System\UiILULd.exe
  2⤵
  PID:5196
- C:\Windows\System\fQVKaVT.exe
  C:\Windows\System\fQVKaVT.exe
  2⤵
  PID:5368
- C:\Windows\System\XpLSisd.exe
  C:\Windows\System\XpLSisd.exe
  2⤵
  PID:5316
- C:\Windows\System\qiWccgm.exe
  C:\Windows\System\qiWccgm.exe
  2⤵
  PID:5388
- C:\Windows\System\fHMrzkL.exe
  C:\Windows\System\fHMrzkL.exe
  2⤵
  PID:5424
- C:\Windows\System\THIGQSk.exe
  C:\Windows\System\THIGQSk.exe
  2⤵
  PID:5440
- C:\Windows\System\zTUUQtM.exe
  C:\Windows\System\zTUUQtM.exe
  2⤵
  PID:5444
- C:\Windows\System\XBcIFcp.exe
  C:\Windows\System\XBcIFcp.exe
  2⤵
  PID:5520
- C:\Windows\System\uLQwNrn.exe
  C:\Windows\System\uLQwNrn.exe
  2⤵
  PID:5572
- C:\Windows\System\DcslNmZ.exe
  C:\Windows\System\DcslNmZ.exe
  2⤵
  PID:5556
- C:\Windows\System\cbQvPQi.exe
  C:\Windows\System\cbQvPQi.exe
  2⤵
  PID:5608
- C:\Windows\System\USokIDc.exe
  C:\Windows\System\USokIDc.exe
  2⤵
  PID:5628
- C:\Windows\System\tNRTKgN.exe
  C:\Windows\System\tNRTKgN.exe
  2⤵
  PID:5664
- C:\Windows\System\leAIssc.exe
  C:\Windows\System\leAIssc.exe
  2⤵
  PID:5688
- C:\Windows\System\ChPghyX.exe
  C:\Windows\System\ChPghyX.exe
  2⤵
  PID:5732
- C:\Windows\System\NpuGPnp.exe
  C:\Windows\System\NpuGPnp.exe
  2⤵
  PID:5784
- C:\Windows\System\eCAQSLv.exe
  C:\Windows\System\eCAQSLv.exe
  2⤵
  PID:5852
- C:\Windows\System\OeLgcEJ.exe
  C:\Windows\System\OeLgcEJ.exe
  2⤵
  PID:5892
- C:\Windows\System\bksddkQ.exe
  C:\Windows\System\bksddkQ.exe
  2⤵
  PID:5840
- C:\Windows\System\eVwOoUK.exe
  C:\Windows\System\eVwOoUK.exe
  2⤵
  PID:5920
- C:\Windows\System\NCLraue.exe
  C:\Windows\System\NCLraue.exe
  2⤵
  PID:5936
- C:\Windows\System\Zdgskkz.exe
  C:\Windows\System\Zdgskkz.exe
  2⤵
  PID:5964
- C:\Windows\System\nkiFzSY.exe
  C:\Windows\System\nkiFzSY.exe
  2⤵
  PID:5984
- C:\Windows\System\SZfZyBZ.exe
  C:\Windows\System\SZfZyBZ.exe
  2⤵
  PID:6008
- C:\Windows\System\qYTNsGe.exe
  C:\Windows\System\qYTNsGe.exe
  2⤵
  PID:6104
- C:\Windows\System\PFBaUSy.exe
  C:\Windows\System\PFBaUSy.exe
  2⤵
  PID:3960
- C:\Windows\System\xITeEoQ.exe
  C:\Windows\System\xITeEoQ.exe
  2⤵
  PID:5140
- C:\Windows\System\FHoISIR.exe
  C:\Windows\System\FHoISIR.exe
  2⤵
  PID:4388
- C:\Windows\System\uWKOdcE.exe
  C:\Windows\System\uWKOdcE.exe
  2⤵
  PID:5212
- C:\Windows\System\resmsDa.exe
  C:\Windows\System\resmsDa.exe
  2⤵
  PID:5292
- C:\Windows\System\wvPxZQm.exe
  C:\Windows\System\wvPxZQm.exe
  2⤵
  PID:5408
- C:\Windows\System\BrGwxkk.exe
  C:\Windows\System\BrGwxkk.exe
  2⤵
  PID:5340
- C:\Windows\System\pRJOMRV.exe
  C:\Windows\System\pRJOMRV.exe
  2⤵
  PID:5256
- C:\Windows\System\hWuXnbs.exe
  C:\Windows\System\hWuXnbs.exe
  2⤵
  PID:5500
- C:\Windows\System\tcbHeym.exe
  C:\Windows\System\tcbHeym.exe
  2⤵
  PID:5480
- C:\Windows\System\VNiHnMc.exe
  C:\Windows\System\VNiHnMc.exe
  2⤵
  PID:5596
- C:\Windows\System\JdgloJV.exe
  C:\Windows\System\JdgloJV.exe
  2⤵
  PID:5744
- C:\Windows\System\iMkftLI.exe
  C:\Windows\System\iMkftLI.exe
  2⤵
  PID:5720
- C:\Windows\System\ZrxiGxU.exe
  C:\Windows\System\ZrxiGxU.exe
  2⤵
  PID:5464
- C:\Windows\System\MgBkVCb.exe
  C:\Windows\System\MgBkVCb.exe
  2⤵
  PID:5820
- C:\Windows\System\CYAQwHe.exe
  C:\Windows\System\CYAQwHe.exe
  2⤵
  PID:5644
- C:\Windows\System\cwxcJdR.exe
  C:\Windows\System\cwxcJdR.exe
  2⤵
  PID:5872
- C:\Windows\System\HEWmNwj.exe
  C:\Windows\System\HEWmNwj.exe
  2⤵
  PID:5928
- C:\Windows\System\wWeBrPx.exe
  C:\Windows\System\wWeBrPx.exe
  2⤵
  PID:6028
- C:\Windows\System\ClzoZbV.exe
  C:\Windows\System\ClzoZbV.exe
  2⤵
  PID:6052
- C:\Windows\System\UdYfGUr.exe
  C:\Windows\System\UdYfGUr.exe
  2⤵
  PID:6072
- C:\Windows\System\juahBpz.exe
  C:\Windows\System\juahBpz.exe
  2⤵
  PID:5104
- C:\Windows\System\IXBdahI.exe
  C:\Windows\System\IXBdahI.exe
  2⤵
  PID:5192
- C:\Windows\System\EWfuYXe.exe
  C:\Windows\System\EWfuYXe.exe
  2⤵
  PID:5432
- C:\Windows\System\zzhhuLA.exe
  C:\Windows\System\zzhhuLA.exe
  2⤵
  PID:4548
- C:\Windows\System\fDmrNGT.exe
  C:\Windows\System\fDmrNGT.exe
  2⤵
  PID:5376
- C:\Windows\System\DrUrWrE.exe
  C:\Windows\System\DrUrWrE.exe
  2⤵
  PID:5160
- C:\Windows\System\vLqzZcn.exe
  C:\Windows\System\vLqzZcn.exe
  2⤵
  PID:5504
- C:\Windows\System\YiwrQek.exe
  C:\Windows\System\YiwrQek.exe
  2⤵
  PID:5228
- C:\Windows\System\slAIGwW.exe
  C:\Windows\System\slAIGwW.exe
  2⤵
  PID:5988
- C:\Windows\System\USwmhCk.exe
  C:\Windows\System\USwmhCk.exe
  2⤵
  PID:5144
- C:\Windows\System\ufpaely.exe
  C:\Windows\System\ufpaely.exe
  2⤵
  PID:5336
- C:\Windows\System\bWOOgkw.exe
  C:\Windows\System\bWOOgkw.exe
  2⤵
  PID:5588
- C:\Windows\System\UlFnAVX.exe
  C:\Windows\System\UlFnAVX.exe
  2⤵
  PID:6156
- C:\Windows\System\xGKxDAh.exe
  C:\Windows\System\xGKxDAh.exe
  2⤵
  PID:6176
- C:\Windows\System\xdcNxuI.exe
  C:\Windows\System\xdcNxuI.exe
  2⤵
  PID:6196
- C:\Windows\System\DxXMOYf.exe
  C:\Windows\System\DxXMOYf.exe
  2⤵
  PID:6228
- C:\Windows\System\fHUmWgU.exe
  C:\Windows\System\fHUmWgU.exe
  2⤵
  PID:6244
- C:\Windows\System\xyDnYMN.exe
  C:\Windows\System\xyDnYMN.exe
  2⤵
  PID:6268
- C:\Windows\System\AlwOpWJ.exe
  C:\Windows\System\AlwOpWJ.exe
  2⤵
  PID:6284
- C:\Windows\System\RmlLShn.exe
  C:\Windows\System\RmlLShn.exe
  2⤵
  PID:6300
- C:\Windows\System\cvEwXhF.exe
  C:\Windows\System\cvEwXhF.exe
  2⤵
  PID:6316
- C:\Windows\System\lmTULQI.exe
  C:\Windows\System\lmTULQI.exe
  2⤵
  PID:6356
- C:\Windows\System\zRJsFrA.exe
  C:\Windows\System\zRJsFrA.exe
  2⤵
  PID:6376
- C:\Windows\System\sUMnadw.exe
  C:\Windows\System\sUMnadw.exe
  2⤵
  PID:6396
- C:\Windows\System\lCpzKXU.exe
  C:\Windows\System\lCpzKXU.exe
  2⤵
  PID:6412
- C:\Windows\System\gYNPxhF.exe
  C:\Windows\System\gYNPxhF.exe
  2⤵
  PID:6428
- C:\Windows\System\ChGBbVm.exe
  C:\Windows\System\ChGBbVm.exe
  2⤵
  PID:6468
- C:\Windows\System\qqWlQYj.exe
  C:\Windows\System\qqWlQYj.exe
  2⤵
  PID:6488
- C:\Windows\System\XSKudsf.exe
  C:\Windows\System\XSKudsf.exe
  2⤵
  PID:6504
- C:\Windows\System\JGMScRG.exe
  C:\Windows\System\JGMScRG.exe
  2⤵
  PID:6520
- C:\Windows\System\aatREcp.exe
  C:\Windows\System\aatREcp.exe
  2⤵
  PID:6540
- C:\Windows\System\QukVDol.exe
  C:\Windows\System\QukVDol.exe
  2⤵
  PID:6556
- C:\Windows\System\aOeWgHv.exe
  C:\Windows\System\aOeWgHv.exe
  2⤵
  PID:6576
- C:\Windows\System\SzpwhAU.exe
  C:\Windows\System\SzpwhAU.exe
  2⤵
  PID:6608
- C:\Windows\System\utGfvYO.exe
  C:\Windows\System\utGfvYO.exe
  2⤵
  PID:6624
- C:\Windows\System\rdTynwG.exe
  C:\Windows\System\rdTynwG.exe
  2⤵
  PID:6640
- C:\Windows\System\lSLcsXz.exe
  C:\Windows\System\lSLcsXz.exe
  2⤵
  PID:6660
- C:\Windows\System\ukYZgRX.exe
  C:\Windows\System\ukYZgRX.exe
  2⤵
  PID:6680
- C:\Windows\System\LQNLvDj.exe
  C:\Windows\System\LQNLvDj.exe
  2⤵
  PID:6700
- C:\Windows\System\NHXOtHw.exe
  C:\Windows\System\NHXOtHw.exe
  2⤵
  PID:6728
- C:\Windows\System\YjOohyG.exe
  C:\Windows\System\YjOohyG.exe
  2⤵
  PID:6744
- C:\Windows\System\bXTzxCu.exe
  C:\Windows\System\bXTzxCu.exe
  2⤵
  PID:6760
- C:\Windows\System\UIepOpO.exe
  C:\Windows\System\UIepOpO.exe
  2⤵
  PID:6776
- C:\Windows\System\hbKWKzY.exe
  C:\Windows\System\hbKWKzY.exe
  2⤵
  PID:6792
- C:\Windows\System\uVQvsPq.exe
  C:\Windows\System\uVQvsPq.exe
  2⤵
  PID:6808
- C:\Windows\System\gPVLRQz.exe
  C:\Windows\System\gPVLRQz.exe
  2⤵
  PID:6824
- C:\Windows\System\JWAHhNe.exe
  C:\Windows\System\JWAHhNe.exe
  2⤵
  PID:6840
- C:\Windows\System\WDqIcuJ.exe
  C:\Windows\System\WDqIcuJ.exe
  2⤵
  PID:6856
- C:\Windows\System\rxPRsZf.exe
  C:\Windows\System\rxPRsZf.exe
  2⤵
  PID:6908
- C:\Windows\System\rtHSMjl.exe
  C:\Windows\System\rtHSMjl.exe
  2⤵
  PID:6924
- C:\Windows\System\kiObfmA.exe
  C:\Windows\System\kiObfmA.exe
  2⤵
  PID:6940
- C:\Windows\System\MIGZRAU.exe
  C:\Windows\System\MIGZRAU.exe
  2⤵
  PID:6960
- C:\Windows\System\WdTdNLS.exe
  C:\Windows\System\WdTdNLS.exe
  2⤵
  PID:6980
- C:\Windows\System\ZVbfApf.exe
  C:\Windows\System\ZVbfApf.exe
  2⤵
  PID:6996
- C:\Windows\System\cxncuoI.exe
  C:\Windows\System\cxncuoI.exe
  2⤵
  PID:7012
- C:\Windows\System\VmEOrwW.exe
  C:\Windows\System\VmEOrwW.exe
  2⤵
  PID:7032
- C:\Windows\System\KlfPsuA.exe
  C:\Windows\System\KlfPsuA.exe
  2⤵
  PID:7052
- C:\Windows\System\iWAzCTf.exe
  C:\Windows\System\iWAzCTf.exe
  2⤵
  PID:7072
- C:\Windows\System\yNyCXtp.exe
  C:\Windows\System\yNyCXtp.exe
  2⤵
  PID:7092
- C:\Windows\System\bhwaYzC.exe
  C:\Windows\System\bhwaYzC.exe
  2⤵
  PID:7128
- C:\Windows\System\FwUqOCK.exe
  C:\Windows\System\FwUqOCK.exe
  2⤵
  PID:7148
- C:\Windows\System\sVhinse.exe
  C:\Windows\System\sVhinse.exe
  2⤵
  PID:7164
- C:\Windows\System\dGzOBbZ.exe
  C:\Windows\System\dGzOBbZ.exe
  2⤵
  PID:5312
- C:\Windows\System\OFqYqoT.exe
  C:\Windows\System\OFqYqoT.exe
  2⤵
  PID:6128
- C:\Windows\System\AnGAmnH.exe
  C:\Windows\System\AnGAmnH.exe
  2⤵
  PID:6064
- C:\Windows\System\seJRkox.exe
  C:\Windows\System\seJRkox.exe
  2⤵
  PID:6032
- C:\Windows\System\XClftSW.exe
  C:\Windows\System\XClftSW.exe
  2⤵
  PID:5600
- C:\Windows\System\qOFXAIV.exe
  C:\Windows\System\qOFXAIV.exe
  2⤵
  PID:6224
- C:\Windows\System\NEsFBFC.exe
  C:\Windows\System\NEsFBFC.exe
  2⤵
  PID:5604
- C:\Windows\System\AWsyFZW.exe
  C:\Windows\System\AWsyFZW.exe
  2⤵
  PID:6076
- C:\Windows\System\dzWezJX.exe
  C:\Windows\System\dzWezJX.exe
  2⤵
  PID:6236
- C:\Windows\System\aRcLYTX.exe
  C:\Windows\System\aRcLYTX.exe
  2⤵
  PID:6252
- C:\Windows\System\DPCFQcG.exe
  C:\Windows\System\DPCFQcG.exe
  2⤵
  PID:6296
- C:\Windows\System\FPgwOAx.exe
  C:\Windows\System\FPgwOAx.exe
  2⤵
  PID:6332
- C:\Windows\System\pCTWBdd.exe
  C:\Windows\System\pCTWBdd.exe
  2⤵
  PID:6352
- C:\Windows\System\IzJFPEo.exe
  C:\Windows\System\IzJFPEo.exe
  2⤵
  PID:6420
- C:\Windows\System\jbDSAqO.exe
  C:\Windows\System\jbDSAqO.exe
  2⤵
  PID:6404
- C:\Windows\System\IxsuKvy.exe
  C:\Windows\System\IxsuKvy.exe
  2⤵
  PID:6448
- C:\Windows\System\NtbHHET.exe
  C:\Windows\System\NtbHHET.exe
  2⤵
  PID:6436
- C:\Windows\System\OFzVHTG.exe
  C:\Windows\System\OFzVHTG.exe
  2⤵
  PID:6476
- C:\Windows\System\INorLiq.exe
  C:\Windows\System\INorLiq.exe
  2⤵
  PID:6500
- C:\Windows\System\tYpuiVs.exe
  C:\Windows\System\tYpuiVs.exe
  2⤵
  PID:6532
- C:\Windows\System\RzeUIRe.exe
  C:\Windows\System\RzeUIRe.exe
  2⤵
  PID:6572
- C:\Windows\System\tAIhOgA.exe
  C:\Windows\System\tAIhOgA.exe
  2⤵
  PID:6596
- C:\Windows\System\VTjBXqh.exe
  C:\Windows\System\VTjBXqh.exe
  2⤵
  PID:6620
- C:\Windows\System\eywNmSw.exe
  C:\Windows\System\eywNmSw.exe
  2⤵
  PID:6656
- C:\Windows\System\pvqJUki.exe
  C:\Windows\System\pvqJUki.exe
  2⤵
  PID:6692
- C:\Windows\System\aihfowx.exe
  C:\Windows\System\aihfowx.exe
  2⤵
  PID:6724
- C:\Windows\System\hmVHNvL.exe
  C:\Windows\System\hmVHNvL.exe
  2⤵
  PID:6804
- C:\Windows\System\CVOBzFh.exe
  C:\Windows\System\CVOBzFh.exe
  2⤵
  PID:6816
- C:\Windows\System\bgiuAUt.exe
  C:\Windows\System\bgiuAUt.exe
  2⤵
  PID:6916
- C:\Windows\System\bxPxUlu.exe
  C:\Windows\System\bxPxUlu.exe
  2⤵
  PID:6952
- C:\Windows\System\HLxANrE.exe
  C:\Windows\System\HLxANrE.exe
  2⤵
  PID:7020
- C:\Windows\System\lmQVIUd.exe
  C:\Windows\System\lmQVIUd.exe
  2⤵
  PID:7028
- C:\Windows\System\WvYTOaa.exe
  C:\Windows\System\WvYTOaa.exe
  2⤵
  PID:7064
- C:\Windows\System\LlNVEkR.exe
  C:\Windows\System\LlNVEkR.exe
  2⤵
  PID:6976
- C:\Windows\System\lbtenSM.exe
  C:\Windows\System\lbtenSM.exe
  2⤵
  PID:7112
- C:\Windows\System\xIJKuJn.exe
  C:\Windows\System\xIJKuJn.exe
  2⤵
  PID:6936
- C:\Windows\System\rCZGmGg.exe
  C:\Windows\System\rCZGmGg.exe
  2⤵
  PID:6068
- C:\Windows\System\bgIVwXB.exe
  C:\Windows\System\bgIVwXB.exe
  2⤵
  PID:7084
- C:\Windows\System\zjcxhvR.exe
  C:\Windows\System\zjcxhvR.exe
  2⤵
  PID:7144
- C:\Windows\System\BsEFuYq.exe
  C:\Windows\System\BsEFuYq.exe
  2⤵
  PID:6216
- C:\Windows\System\UqtVhHG.exe
  C:\Windows\System\UqtVhHG.exe
  2⤵
  PID:5392
- C:\Windows\System\gYTEpOE.exe
  C:\Windows\System\gYTEpOE.exe
  2⤵
  PID:5352
- C:\Windows\System\TLmMnpA.exe
  C:\Windows\System\TLmMnpA.exe
  2⤵
  PID:6184
- C:\Windows\System\IuKwroO.exe
  C:\Windows\System\IuKwroO.exe
  2⤵
  PID:5436
- C:\Windows\System\YWmsuZd.exe
  C:\Windows\System\YWmsuZd.exe
  2⤵
  PID:6292
- C:\Windows\System\lKXvdmQ.exe
  C:\Windows\System\lKXvdmQ.exe
  2⤵
  PID:6392
- C:\Windows\System\YbjXPuu.exe
  C:\Windows\System\YbjXPuu.exe
  2⤵
  PID:6348
- C:\Windows\System\vsFKYuL.exe
  C:\Windows\System\vsFKYuL.exe
  2⤵
  PID:6496
- C:\Windows\System\emDVOMn.exe
  C:\Windows\System\emDVOMn.exe
  2⤵
  PID:6676
- C:\Windows\System\ifKhvyh.exe
  C:\Windows\System\ifKhvyh.exe
  2⤵
  PID:6836
- C:\Windows\System\lznufHO.exe
  C:\Windows\System\lznufHO.exe
  2⤵
  PID:6708
- C:\Windows\System\pFFreSF.exe
  C:\Windows\System\pFFreSF.exe
  2⤵
  PID:6364
- C:\Windows\System\nsNTuPS.exe
  C:\Windows\System\nsNTuPS.exe
  2⤵
  PID:6568
- C:\Windows\System\uiFfQAW.exe
  C:\Windows\System\uiFfQAW.exe
  2⤵
  PID:6800
- C:\Windows\System\oskNmEB.exe
  C:\Windows\System\oskNmEB.exe
  2⤵
  PID:6864
- C:\Windows\System\fdfdVgz.exe
  C:\Windows\System\fdfdVgz.exe
  2⤵
  PID:6788
- C:\Windows\System\eNCkRkO.exe
  C:\Windows\System\eNCkRkO.exe
  2⤵
  PID:6872
- C:\Windows\System\pueXAlQ.exe
  C:\Windows\System\pueXAlQ.exe
  2⤵
  PID:6876
- C:\Windows\System\OqJJLpF.exe
  C:\Windows\System\OqJJLpF.exe
  2⤵
  PID:6904
- C:\Windows\System\NmUNGcH.exe
  C:\Windows\System\NmUNGcH.exe
  2⤵
  PID:6888
- C:\Windows\System\XbwqRYj.exe
  C:\Windows\System\XbwqRYj.exe
  2⤵
  PID:7080
- C:\Windows\System\MePhEDQ.exe
  C:\Windows\System\MePhEDQ.exe
  2⤵
  PID:6212
- C:\Windows\System\bqtmOjF.exe
  C:\Windows\System\bqtmOjF.exe
  2⤵
  PID:5836
- C:\Windows\System\fnPnHyQ.exe
  C:\Windows\System\fnPnHyQ.exe
  2⤵
  PID:6148
- C:\Windows\System\msmVWGv.exe
  C:\Windows\System\msmVWGv.exe
  2⤵
  PID:6192
- C:\Windows\System\lDSEUlc.exe
  C:\Windows\System\lDSEUlc.exe
  2⤵
  PID:6328
- C:\Windows\System\gsgkbvy.exe
  C:\Windows\System\gsgkbvy.exe
  2⤵
  PID:6464
- C:\Windows\System\tkKpMLG.exe
  C:\Windows\System\tkKpMLG.exe
  2⤵
  PID:6716
- C:\Windows\System\fwpHwme.exe
  C:\Windows\System\fwpHwme.exe
  2⤵
  PID:6768
- C:\Windows\System\jphLncx.exe
  C:\Windows\System\jphLncx.exe
  2⤵
  PID:7100
- C:\Windows\System\IcvngNd.exe
  C:\Windows\System\IcvngNd.exe
  2⤵
  PID:6992
- C:\Windows\System\QhcXFue.exe
  C:\Windows\System\QhcXFue.exe
  2⤵
  PID:6564
- C:\Windows\System\NjgvRYp.exe
  C:\Windows\System\NjgvRYp.exe
  2⤵
  PID:6208
- C:\Windows\System\AWNSoZl.exe
  C:\Windows\System\AWNSoZl.exe
  2⤵
  PID:6552
- C:\Windows\System\KMEoOxo.exe
  C:\Windows\System\KMEoOxo.exe
  2⤵
  PID:6756
- C:\Windows\System\nOxxRiV.exe
  C:\Windows\System\nOxxRiV.exe
  2⤵
  PID:6668
- C:\Windows\System\FcWJyxZ.exe
  C:\Windows\System\FcWJyxZ.exe
  2⤵
  PID:7044
- C:\Windows\System\kYcECOT.exe
  C:\Windows\System\kYcECOT.exe
  2⤵
  PID:5404
- C:\Windows\System\sWrDCTA.exe
  C:\Windows\System\sWrDCTA.exe
  2⤵
  PID:5752
- C:\Windows\System\hjWcWsw.exe
  C:\Windows\System\hjWcWsw.exe
  2⤵
  PID:6368
- C:\Windows\System\slZVqtN.exe
  C:\Windows\System\slZVqtN.exe
  2⤵
  PID:6312
- C:\Windows\System\LbipPzp.exe
  C:\Windows\System\LbipPzp.exe
  2⤵
  PID:6092
- C:\Windows\System\fbckdJp.exe
  C:\Windows\System\fbckdJp.exe
  2⤵
  PID:6336
- C:\Windows\System\apUxzOu.exe
  C:\Windows\System\apUxzOu.exe
  2⤵
  PID:6636
- C:\Windows\System\TCeKpRm.exe
  C:\Windows\System\TCeKpRm.exe
  2⤵
  PID:5768
- C:\Windows\System\UCPfrRT.exe
  C:\Windows\System\UCPfrRT.exe
  2⤵
  PID:6688
- C:\Windows\System\XBLlhLs.exe
  C:\Windows\System\XBLlhLs.exe
  2⤵
  PID:6896
- C:\Windows\System\ZqlHKmJ.exe
  C:\Windows\System\ZqlHKmJ.exe
  2⤵
  PID:6948
- C:\Windows\System\ipjAXEO.exe
  C:\Windows\System\ipjAXEO.exe
  2⤵
  PID:6344
- C:\Windows\System\gjsmYXV.exe
  C:\Windows\System\gjsmYXV.exe
  2⤵
  PID:7140
- C:\Windows\System\kZhcIlv.exe
  C:\Windows\System\kZhcIlv.exe
  2⤵
  PID:7048
- C:\Windows\System\NdaPwWY.exe
  C:\Windows\System\NdaPwWY.exe
  2⤵
  PID:6852
- C:\Windows\System\bqcZHan.exe
  C:\Windows\System\bqcZHan.exe
  2⤵
  PID:6988
- C:\Windows\System\gUzjYQT.exe
  C:\Windows\System\gUzjYQT.exe
  2⤵
  PID:4520
- C:\Windows\System\wqKlMKd.exe
  C:\Windows\System\wqKlMKd.exe
  2⤵
  PID:7180
- C:\Windows\System\rLMlsqO.exe
  C:\Windows\System\rLMlsqO.exe
  2⤵
  PID:7204
- C:\Windows\System\kgbnBaE.exe
  C:\Windows\System\kgbnBaE.exe
  2⤵
  PID:7224
- C:\Windows\System\aijwEJS.exe
  C:\Windows\System\aijwEJS.exe
  2⤵
  PID:7244
- C:\Windows\System\ChcDKXD.exe
  C:\Windows\System\ChcDKXD.exe
  2⤵
  PID:7260
- C:\Windows\System\UekqZeB.exe
  C:\Windows\System\UekqZeB.exe
  2⤵
  PID:7280
- C:\Windows\System\VFCrBTq.exe
  C:\Windows\System\VFCrBTq.exe
  2⤵
  PID:7304
- C:\Windows\System\irrZFPd.exe
  C:\Windows\System\irrZFPd.exe
  2⤵
  PID:7320
- C:\Windows\System\zWKeOXQ.exe
  C:\Windows\System\zWKeOXQ.exe
  2⤵
  PID:7336
- C:\Windows\System\vDDqUyv.exe
  C:\Windows\System\vDDqUyv.exe
  2⤵
  PID:7360
- C:\Windows\System\AzSEzxv.exe
  C:\Windows\System\AzSEzxv.exe
  2⤵
  PID:7376
- C:\Windows\System\xexNkOg.exe
  C:\Windows\System\xexNkOg.exe
  2⤵
  PID:7392
- C:\Windows\System\IaGtZxl.exe
  C:\Windows\System\IaGtZxl.exe
  2⤵
  PID:7412
- C:\Windows\System\iUtJkCi.exe
  C:\Windows\System\iUtJkCi.exe
  2⤵
  PID:7428
- C:\Windows\System\UmQTVZw.exe
  C:\Windows\System\UmQTVZw.exe
  2⤵
  PID:7444
- C:\Windows\System\EVTZIQh.exe
  C:\Windows\System\EVTZIQh.exe
  2⤵
  PID:7464
- C:\Windows\System\zYzudWj.exe
  C:\Windows\System\zYzudWj.exe
  2⤵
  PID:7492
- C:\Windows\System\wAczYSg.exe
  C:\Windows\System\wAczYSg.exe
  2⤵
  PID:7508
- C:\Windows\System\SWwQfGB.exe
  C:\Windows\System\SWwQfGB.exe
  2⤵
  PID:7532
- C:\Windows\System\LgLtMBA.exe
  C:\Windows\System\LgLtMBA.exe
  2⤵
  PID:7548
- C:\Windows\System\OViQXwz.exe
  C:\Windows\System\OViQXwz.exe
  2⤵
  PID:7564
- C:\Windows\System\gHhMORC.exe
  C:\Windows\System\gHhMORC.exe
  2⤵
  PID:7592
- C:\Windows\System\jlxyHJw.exe
  C:\Windows\System\jlxyHJw.exe
  2⤵
  PID:7612
- C:\Windows\System\PAjyDCK.exe
  C:\Windows\System\PAjyDCK.exe
  2⤵
  PID:7628
- C:\Windows\System\ChvBmZk.exe
  C:\Windows\System\ChvBmZk.exe
  2⤵
  PID:7648
- C:\Windows\System\QGsHrlZ.exe
  C:\Windows\System\QGsHrlZ.exe
  2⤵
  PID:7664
- C:\Windows\System\OFxxAzp.exe
  C:\Windows\System\OFxxAzp.exe
  2⤵
  PID:7688
- C:\Windows\System\SgucEmq.exe
  C:\Windows\System\SgucEmq.exe
  2⤵
  PID:7704
- C:\Windows\System\gQLZfOk.exe
  C:\Windows\System\gQLZfOk.exe
  2⤵
  PID:7720
- C:\Windows\System\YZimgJW.exe
  C:\Windows\System\YZimgJW.exe
  2⤵
  PID:7736
- C:\Windows\System\oABNCrd.exe
  C:\Windows\System\oABNCrd.exe
  2⤵
  PID:7756
- C:\Windows\System\DPdOEtz.exe
  C:\Windows\System\DPdOEtz.exe
  2⤵
  PID:7788
- C:\Windows\System\xrTVQwj.exe
  C:\Windows\System\xrTVQwj.exe
  2⤵
  PID:7828
- C:\Windows\System\cSkmojb.exe
  C:\Windows\System\cSkmojb.exe
  2⤵
  PID:7844
- C:\Windows\System\OFguvHG.exe
  C:\Windows\System\OFguvHG.exe
  2⤵
  PID:7860
- C:\Windows\System\dDUWtxX.exe
  C:\Windows\System\dDUWtxX.exe
  2⤵
  PID:7876
- C:\Windows\System\yCLeBRC.exe
  C:\Windows\System\yCLeBRC.exe
  2⤵
  PID:7892
- C:\Windows\System\WDNnbiG.exe
  C:\Windows\System\WDNnbiG.exe
  2⤵
  PID:7928
- C:\Windows\System\bJrCtuK.exe
  C:\Windows\System\bJrCtuK.exe
  2⤵
  PID:7944
- C:\Windows\System\HxBPudO.exe
  C:\Windows\System\HxBPudO.exe
  2⤵
  PID:7964
- C:\Windows\System\TRhvCeD.exe
  C:\Windows\System\TRhvCeD.exe
  2⤵
  PID:7988
- C:\Windows\System\LZnhpJM.exe
  C:\Windows\System\LZnhpJM.exe
  2⤵
  PID:8004
- C:\Windows\System\YPfQztU.exe
  C:\Windows\System\YPfQztU.exe
  2⤵
  PID:8020
- C:\Windows\System\rykNCSW.exe
  C:\Windows\System\rykNCSW.exe
  2⤵
  PID:8036
- C:\Windows\System\TKlQxRr.exe
  C:\Windows\System\TKlQxRr.exe
  2⤵
  PID:8072
- C:\Windows\System\pDDoLrR.exe
  C:\Windows\System\pDDoLrR.exe
  2⤵
  PID:8088
- C:\Windows\System\xfDHPhs.exe
  C:\Windows\System\xfDHPhs.exe
  2⤵
  PID:8104
- C:\Windows\System\OBqNxvf.exe
  C:\Windows\System\OBqNxvf.exe
  2⤵
  PID:8120
- C:\Windows\System\JQQQLZK.exe
  C:\Windows\System\JQQQLZK.exe
  2⤵
  PID:8140
- C:\Windows\System\OCozmDo.exe
  C:\Windows\System\OCozmDo.exe
  2⤵
  PID:8156
- C:\Windows\System\FxSZZbf.exe
  C:\Windows\System\FxSZZbf.exe
  2⤵
  PID:8172
- C:\Windows\System\YUqZCOk.exe
  C:\Windows\System\YUqZCOk.exe
  2⤵
  PID:8188
- C:\Windows\System\laPPfbr.exe
  C:\Windows\System\laPPfbr.exe
  2⤵
  PID:7172
- C:\Windows\System\UsAnirk.exe
  C:\Windows\System\UsAnirk.exe
  2⤵
  PID:7216
- C:\Windows\System\ZsPjuod.exe
  C:\Windows\System\ZsPjuod.exe
  2⤵
  PID:7276
- C:\Windows\System\ykmfcAn.exe
  C:\Windows\System\ykmfcAn.exe
  2⤵
  PID:7352
- C:\Windows\System\eptgWAD.exe
  C:\Windows\System\eptgWAD.exe
  2⤵
  PID:7256
- C:\Windows\System\orJCiAw.exe
  C:\Windows\System\orJCiAw.exe
  2⤵
  PID:7452
- C:\Windows\System\BPrPSlg.exe
  C:\Windows\System\BPrPSlg.exe
  2⤵
  PID:7332
- C:\Windows\System\XWgkLGw.exe
  C:\Windows\System\XWgkLGw.exe
  2⤵
  PID:7500
- C:\Windows\System\etkGUpx.exe
  C:\Windows\System\etkGUpx.exe
  2⤵
  PID:7572
- C:\Windows\System\YmTwfDH.exe
  C:\Windows\System\YmTwfDH.exe
  2⤵
  PID:7488
- C:\Windows\System\BGfwFRl.exe
  C:\Windows\System\BGfwFRl.exe
  2⤵
  PID:7624
- C:\Windows\System\unHOtht.exe
  C:\Windows\System\unHOtht.exe
  2⤵
  PID:7728
- C:\Windows\System\trldKSx.exe
  C:\Windows\System\trldKSx.exe
  2⤵
  PID:7636
- C:\Windows\System\QETnuhQ.exe
  C:\Windows\System\QETnuhQ.exe
  2⤵
  PID:7516
- C:\Windows\System\ZKVggMw.exe
  C:\Windows\System\ZKVggMw.exe
  2⤵
  PID:7684
- C:\Windows\System\ShALWuF.exe
  C:\Windows\System\ShALWuF.exe
  2⤵
  PID:7772
- C:\Windows\System\ZSCdXCc.exe
  C:\Windows\System\ZSCdXCc.exe
  2⤵
  PID:7776
- C:\Windows\System\EHjagPf.exe
  C:\Windows\System\EHjagPf.exe
  2⤵
  PID:7808
- C:\Windows\System\vOJsCNf.exe
  C:\Windows\System\vOJsCNf.exe
  2⤵
  PID:7820
- C:\Windows\System\PGjuSaj.exe
  C:\Windows\System\PGjuSaj.exe
  2⤵
  PID:7872
- C:\Windows\System\SSXickG.exe
  C:\Windows\System\SSXickG.exe
  2⤵
  PID:7888
- C:\Windows\System\bqeQeqp.exe
  C:\Windows\System\bqeQeqp.exe
  2⤵
  PID:7924
- C:\Windows\System\COCkedZ.exe
  C:\Windows\System\COCkedZ.exe
  2⤵
  PID:8000
- C:\Windows\System\uHlxBtX.exe
  C:\Windows\System\uHlxBtX.exe
  2⤵
  PID:7972
- C:\Windows\System\tWloAMD.exe
  C:\Windows\System\tWloAMD.exe
  2⤵
  PID:8012
- C:\Windows\System\UwXYDHG.exe
  C:\Windows\System\UwXYDHG.exe
  2⤵
  PID:8032
- C:\Windows\System\xBcRrBX.exe
  C:\Windows\System\xBcRrBX.exe
  2⤵
  PID:8152
- C:\Windows\System\KcPMonI.exe
  C:\Windows\System\KcPMonI.exe
  2⤵
  PID:8064
- C:\Windows\System\WrywJNT.exe
  C:\Windows\System\WrywJNT.exe
  2⤵
  PID:7196
- C:\Windows\System\nJkIEUy.exe
  C:\Windows\System\nJkIEUy.exe
  2⤵
  PID:7288
- C:\Windows\System\RjmMIlQ.exe
  C:\Windows\System\RjmMIlQ.exe
  2⤵
  PID:7236
- C:\Windows\System\YImocVm.exe
  C:\Windows\System\YImocVm.exe
  2⤵
  PID:7344
- C:\Windows\System\JclsMrl.exe
  C:\Windows\System\JclsMrl.exe
  2⤵
  PID:7420
- C:\Windows\System\IfWvxkW.exe
  C:\Windows\System\IfWvxkW.exe
  2⤵
  PID:7372
- C:\Windows\System\QQzAmXx.exe
  C:\Windows\System\QQzAmXx.exe
  2⤵
  PID:7404
- C:\Windows\System\WiefXeH.exe
  C:\Windows\System\WiefXeH.exe
  2⤵
  PID:7588
- C:\Windows\System\ygIbQSn.exe
  C:\Windows\System\ygIbQSn.exe
  2⤵
  PID:7520
- C:\Windows\System\MScTSIt.exe
  C:\Windows\System\MScTSIt.exe
  2⤵
  PID:7604
- C:\Windows\System\ZRXzYbR.exe
  C:\Windows\System\ZRXzYbR.exe
  2⤵
  PID:7680
- C:\Windows\System\zUrsmkb.exe
  C:\Windows\System\zUrsmkb.exe
  2⤵
  PID:7800
- C:\Windows\System\NVAaMKt.exe
  C:\Windows\System\NVAaMKt.exe
  2⤵
  PID:7868
- C:\Windows\System\nNmLFRc.exe
  C:\Windows\System\nNmLFRc.exe
  2⤵
  PID:7940
- C:\Windows\System\yzTLdiH.exe
  C:\Windows\System\yzTLdiH.exe
  2⤵
  PID:8060
- C:\Windows\System\tMDTuZo.exe
  C:\Windows\System\tMDTuZo.exe
  2⤵
  PID:7192
- C:\Windows\System\xFuqtuJ.exe
  C:\Windows\System\xFuqtuJ.exe
  2⤵
  PID:8132
- C:\Windows\System\tdJqBqA.exe
  C:\Windows\System\tdJqBqA.exe
  2⤵
  PID:7956
- C:\Windows\System\wuLrdqn.exe
  C:\Windows\System\wuLrdqn.exe
  2⤵
  PID:7980
- C:\Windows\System\ulvYJqv.exe
  C:\Windows\System\ulvYJqv.exe
  2⤵
  PID:8116
- C:\Windows\System\HLFQcKD.exe
  C:\Windows\System\HLFQcKD.exe
  2⤵
  PID:8164
- C:\Windows\System\otyEwNy.exe
  C:\Windows\System\otyEwNy.exe
  2⤵
  PID:7524
- C:\Windows\System\TfvMalh.exe
  C:\Windows\System\TfvMalh.exe
  2⤵
  PID:7460
- C:\Windows\System\ScMdyhJ.exe
  C:\Windows\System\ScMdyhJ.exe
  2⤵
  PID:7644
- C:\Windows\System\UNMTqms.exe
  C:\Windows\System\UNMTqms.exe
  2⤵
  PID:7600
- C:\Windows\System\BYKcatL.exe
  C:\Windows\System\BYKcatL.exe
  2⤵
  PID:7796
- C:\Windows\System\BLRKSMN.exe
  C:\Windows\System\BLRKSMN.exe
  2⤵
  PID:7936
- C:\Windows\System\SYxyjPj.exe
  C:\Windows\System\SYxyjPj.exe
  2⤵
  PID:7884
- C:\Windows\System\WMrBITg.exe
  C:\Windows\System\WMrBITg.exe
  2⤵
  PID:7440
- C:\Windows\System\MmnPAZR.exe
  C:\Windows\System\MmnPAZR.exe
  2⤵
  PID:7852
- C:\Windows\System\ScpMptq.exe
  C:\Windows\System\ScpMptq.exe
  2⤵
  PID:7252
- C:\Windows\System\LyIvutw.exe
  C:\Windows\System\LyIvutw.exe
  2⤵
  PID:7996
- C:\Windows\System\ukPrLiU.exe
  C:\Windows\System\ukPrLiU.exe
  2⤵
  PID:7672
- C:\Windows\System\JJRvSki.exe
  C:\Windows\System\JJRvSki.exe
  2⤵
  PID:7780
- C:\Windows\System\BavCNYk.exe
  C:\Windows\System\BavCNYk.exe
  2⤵
  PID:7580
- C:\Windows\System\JjXonSr.exe
  C:\Windows\System\JjXonSr.exe
  2⤵
  PID:7920
- C:\Windows\System\mEaPKDJ.exe
  C:\Windows\System\mEaPKDJ.exe
  2⤵
  PID:7212
- C:\Windows\System\KVmMxMq.exe
  C:\Windows\System\KVmMxMq.exe
  2⤵
  PID:7812
- C:\Windows\System\cYuDNsM.exe
  C:\Windows\System\cYuDNsM.exe
  2⤵
  PID:8056
- C:\Windows\System\SXQJOZR.exe
  C:\Windows\System\SXQJOZR.exe
  2⤵
  PID:7960
- C:\Windows\System\NLoaWCl.exe
  C:\Windows\System\NLoaWCl.exe
  2⤵
  PID:7348
- C:\Windows\System\Rbxmvwc.exe
  C:\Windows\System\Rbxmvwc.exe
  2⤵
  PID:6276
- C:\Windows\System\LxbAPBQ.exe
  C:\Windows\System\LxbAPBQ.exe
  2⤵
  PID:8168
- C:\Windows\System\uQmOIir.exe
  C:\Windows\System\uQmOIir.exe
  2⤵
  PID:7744
- C:\Windows\System\GZfNdIA.exe
  C:\Windows\System\GZfNdIA.exe
  2⤵
  PID:7700
- C:\Windows\System\wqVfeMd.exe
  C:\Windows\System\wqVfeMd.exe
  2⤵
  PID:8208
- C:\Windows\System\DYQGCUi.exe
  C:\Windows\System\DYQGCUi.exe
  2⤵
  PID:8224
- C:\Windows\System\ESTqSUt.exe
  C:\Windows\System\ESTqSUt.exe
  2⤵
  PID:8240
- C:\Windows\System\uzetStJ.exe
  C:\Windows\System\uzetStJ.exe
  2⤵
  PID:8256
- C:\Windows\System\zUyNEDw.exe
  C:\Windows\System\zUyNEDw.exe
  2⤵
  PID:8272
- C:\Windows\System\tTUOAQm.exe
  C:\Windows\System\tTUOAQm.exe
  2⤵
  PID:8288
- C:\Windows\System\DqikLKh.exe
  C:\Windows\System\DqikLKh.exe
  2⤵
  PID:8308
- C:\Windows\System\EoboUkC.exe
  C:\Windows\System\EoboUkC.exe
  2⤵
  PID:8324
- C:\Windows\System\MdRZkdZ.exe
  C:\Windows\System\MdRZkdZ.exe
  2⤵
  PID:8348
- C:\Windows\System\TWRDZnc.exe
  C:\Windows\System\TWRDZnc.exe
  2⤵
  PID:8368
- C:\Windows\System\bWeAVeH.exe
  C:\Windows\System\bWeAVeH.exe
  2⤵
  PID:8384
- C:\Windows\System\DNMhekX.exe
  C:\Windows\System\DNMhekX.exe
  2⤵
  PID:8408
- C:\Windows\System\ZGZXZoF.exe
  C:\Windows\System\ZGZXZoF.exe
  2⤵
  PID:8428
- C:\Windows\System\mkuBdot.exe
  C:\Windows\System\mkuBdot.exe
  2⤵
  PID:8448
- C:\Windows\System\blPkhxy.exe
  C:\Windows\System\blPkhxy.exe
  2⤵
  PID:8492
- C:\Windows\System\nuwHwZT.exe
  C:\Windows\System\nuwHwZT.exe
  2⤵
  PID:8508
- C:\Windows\System\fjOHtKR.exe
  C:\Windows\System\fjOHtKR.exe
  2⤵
  PID:8528
- C:\Windows\System\KRlNTJN.exe
  C:\Windows\System\KRlNTJN.exe
  2⤵
  PID:8548
- C:\Windows\System\agvEthw.exe
  C:\Windows\System\agvEthw.exe
  2⤵
  PID:8564
- C:\Windows\System\uUJFwpz.exe
  C:\Windows\System\uUJFwpz.exe
  2⤵
  PID:8600
- C:\Windows\System\WSnjBUv.exe
  C:\Windows\System\WSnjBUv.exe
  2⤵
  PID:8616
- C:\Windows\System\yPDKOzy.exe
  C:\Windows\System\yPDKOzy.exe
  2⤵
  PID:8640
- C:\Windows\System\KJuvntx.exe
  C:\Windows\System\KJuvntx.exe
  2⤵
  PID:8660
- C:\Windows\System\vOsslog.exe
  C:\Windows\System\vOsslog.exe
  2⤵
  PID:8676
- C:\Windows\System\xlpSWrx.exe
  C:\Windows\System\xlpSWrx.exe
  2⤵
  PID:8692
- C:\Windows\System\tJTWRRC.exe
  C:\Windows\System\tJTWRRC.exe
  2⤵
  PID:8712
- C:\Windows\System\PlEZfAy.exe
  C:\Windows\System\PlEZfAy.exe
  2⤵
  PID:8740
- C:\Windows\System\VeKFpXC.exe
  C:\Windows\System\VeKFpXC.exe
  2⤵
  PID:8756
- C:\Windows\System\WPPPpFu.exe
  C:\Windows\System\WPPPpFu.exe
  2⤵
  PID:8772
- C:\Windows\System\CalSJqb.exe
  C:\Windows\System\CalSJqb.exe
  2⤵
  PID:8788
- C:\Windows\System\ZyCPeVM.exe
  C:\Windows\System\ZyCPeVM.exe
  2⤵
  PID:8804
- C:\Windows\System\lzdMxjD.exe
  C:\Windows\System\lzdMxjD.exe
  2⤵
  PID:8824
- C:\Windows\System\HgfyNPj.exe
  C:\Windows\System\HgfyNPj.exe
  2⤵
  PID:8840
- C:\Windows\System\tQmFDxU.exe
  C:\Windows\System\tQmFDxU.exe
  2⤵
  PID:8864
- C:\Windows\System\yqxOfTf.exe
  C:\Windows\System\yqxOfTf.exe
  2⤵
  PID:8888
- C:\Windows\System\ZlvXZHr.exe
  C:\Windows\System\ZlvXZHr.exe
  2⤵
  PID:8916
- C:\Windows\System\wrezEOH.exe
  C:\Windows\System\wrezEOH.exe
  2⤵
  PID:8932
- C:\Windows\System\xwNuPgW.exe
  C:\Windows\System\xwNuPgW.exe
  2⤵
  PID:8956
- C:\Windows\System\PRkBLfq.exe
  C:\Windows\System\PRkBLfq.exe
  2⤵
  PID:8976
- C:\Windows\System\jNCoPcy.exe
  C:\Windows\System\jNCoPcy.exe
  2⤵
  PID:8996
- C:\Windows\System\HsAlcZx.exe
  C:\Windows\System\HsAlcZx.exe
  2⤵
  PID:9024
- C:\Windows\System\JvsJAhw.exe
  C:\Windows\System\JvsJAhw.exe
  2⤵
  PID:9044
- C:\Windows\System\nUHMjip.exe
  C:\Windows\System\nUHMjip.exe
  2⤵
  PID:9060
- C:\Windows\System\lDIpMmu.exe
  C:\Windows\System\lDIpMmu.exe
  2⤵
  PID:9080
- C:\Windows\System\owIYAgE.exe
  C:\Windows\System\owIYAgE.exe
  2⤵
  PID:9096
- C:\Windows\System\FDGWmxc.exe
  C:\Windows\System\FDGWmxc.exe
  2⤵
  PID:9112
- C:\Windows\System\iXDDGZk.exe
  C:\Windows\System\iXDDGZk.exe
  2⤵
  PID:9128
- C:\Windows\System\Ihnvgvb.exe
  C:\Windows\System\Ihnvgvb.exe
  2⤵
  PID:9164
- C:\Windows\System\jbdWnMg.exe
  C:\Windows\System\jbdWnMg.exe
  2⤵
  PID:9184
- C:\Windows\System\AkVZnJM.exe
  C:\Windows\System\AkVZnJM.exe
  2⤵
  PID:9200
- C:\Windows\System\OIhCjSw.exe
  C:\Windows\System\OIhCjSw.exe
  2⤵
  PID:8048
- C:\Windows\System\wygKBIO.exe
  C:\Windows\System\wygKBIO.exe
  2⤵
  PID:8252
- C:\Windows\System\CUxQYoR.exe
  C:\Windows\System\CUxQYoR.exe
  2⤵
  PID:8268
- C:\Windows\System\IqoMxXC.exe
  C:\Windows\System\IqoMxXC.exe
  2⤵
  PID:8336
- C:\Windows\System\obCebmJ.exe
  C:\Windows\System\obCebmJ.exe
  2⤵
  PID:8340
- C:\Windows\System\JjsoNxO.exe
  C:\Windows\System\JjsoNxO.exe
  2⤵
  PID:8376
- C:\Windows\System\ZlWdBpL.exe
  C:\Windows\System\ZlWdBpL.exe
  2⤵
  PID:8396
- C:\Windows\System\vmmOCAL.exe
  C:\Windows\System\vmmOCAL.exe
  2⤵
  PID:8420
- C:\Windows\System\FxWXpch.exe
  C:\Windows\System\FxWXpch.exe
  2⤵
  PID:8436
- C:\Windows\System\tMlcFjo.exe
  C:\Windows\System\tMlcFjo.exe
  2⤵
  PID:8476
- C:\Windows\System\kMYrBTn.exe
  C:\Windows\System\kMYrBTn.exe
  2⤵
  PID:8520
- C:\Windows\System\MrjCzbp.exe
  C:\Windows\System\MrjCzbp.exe
  2⤵
  PID:8576
- C:\Windows\System\GrKycdK.exe
  C:\Windows\System\GrKycdK.exe
  2⤵
  PID:8584
- C:\Windows\System\JlCteAp.exe
  C:\Windows\System\JlCteAp.exe
  2⤵
  PID:8628
- C:\Windows\System\BkFyShs.exe
  C:\Windows\System\BkFyShs.exe
  2⤵
  PID:8632
- C:\Windows\System\WUenpAz.exe
  C:\Windows\System\WUenpAz.exe
  2⤵
  PID:8652
- C:\Windows\System\wiDLAhv.exe
  C:\Windows\System\wiDLAhv.exe
  2⤵
  PID:8704
- C:\Windows\System\RggrBtw.exe
  C:\Windows\System\RggrBtw.exe
  2⤵
  PID:8732
- C:\Windows\System\aRhBKvu.exe
  C:\Windows\System\aRhBKvu.exe
  2⤵
  PID:8752
- C:\Windows\System\rhhKJuu.exe
  C:\Windows\System\rhhKJuu.exe
  2⤵
  PID:8872
- C:\Windows\System\UilpeLw.exe
  C:\Windows\System\UilpeLw.exe
  2⤵
  PID:8820
- C:\Windows\System\dKlUyrS.exe
  C:\Windows\System\dKlUyrS.exe
  2⤵
  PID:8884
- C:\Windows\System\hqkToKm.exe
  C:\Windows\System\hqkToKm.exe
  2⤵
  PID:8928
- C:\Windows\System\mzvaTZx.exe
  C:\Windows\System\mzvaTZx.exe
  2⤵
  PID:8912
- C:\Windows\System\uZkUMNg.exe
  C:\Windows\System\uZkUMNg.exe
  2⤵
  PID:8972
- C:\Windows\System\ceEfaxI.exe
  C:\Windows\System\ceEfaxI.exe
  2⤵
  PID:8992
- C:\Windows\System\KifAVYH.exe
  C:\Windows\System\KifAVYH.exe
  2⤵
  PID:9032
- C:\Windows\System\qepHVcK.exe
  C:\Windows\System\qepHVcK.exe
  2⤵
  PID:9092
- C:\Windows\System\hqyiEwt.exe
  C:\Windows\System\hqyiEwt.exe
  2⤵
  PID:9072
- C:\Windows\System\pOHopQE.exe
  C:\Windows\System\pOHopQE.exe
  2⤵
  PID:9136
- C:\Windows\System\TLasBow.exe
  C:\Windows\System\TLasBow.exe
  2⤵
  PID:9020
- C:\Windows\System\wkoxmhH.exe
  C:\Windows\System\wkoxmhH.exe
  2⤵
  PID:9192
- C:\Windows\System\EbGOiVW.exe
  C:\Windows\System\EbGOiVW.exe
  2⤵
  PID:8220
- C:\Windows\System\qHPxGUi.exe
  C:\Windows\System\qHPxGUi.exe
  2⤵
  PID:8284
- C:\Windows\System\iLhPnjl.exe
  C:\Windows\System\iLhPnjl.exe
  2⤵
  PID:8360
- C:\Windows\System\OkTQJbN.exe
  C:\Windows\System\OkTQJbN.exe
  2⤵
  PID:8460
- C:\Windows\System\VVQkoNq.exe
  C:\Windows\System\VVQkoNq.exe
  2⤵
  PID:8416
- C:\Windows\System\MZKGTHq.exe
  C:\Windows\System\MZKGTHq.exe
  2⤵
  PID:8488
- C:\Windows\System\aJNkCXV.exe
  C:\Windows\System\aJNkCXV.exe
  2⤵
  PID:7856
- C:\Windows\System\vAMipKH.exe
  C:\Windows\System\vAMipKH.exe
  2⤵
  PID:8560
- C:\Windows\System\kARPQZC.exe
  C:\Windows\System\kARPQZC.exe
  2⤵
  PID:3028
- C:\Windows\System\mdiWBdc.exe
  C:\Windows\System\mdiWBdc.exe
  2⤵
  PID:8592
- C:\Windows\System\bzPlplB.exe
  C:\Windows\System\bzPlplB.exe
  2⤵
  PID:8648
- C:\Windows\System\SCmbirj.exe
  C:\Windows\System\SCmbirj.exe
  2⤵
  PID:8800
- C:\Windows\System\baqBiPB.exe
  C:\Windows\System\baqBiPB.exe
  2⤵
  PID:8836
- C:\Windows\System\nNWbCXf.exe
  C:\Windows\System\nNWbCXf.exe
  2⤵
  PID:8880
- C:\Windows\System\wNKUPsd.exe
  C:\Windows\System\wNKUPsd.exe
  2⤵
  PID:8904
- C:\Windows\System\ILAiLkt.exe
  C:\Windows\System\ILAiLkt.exe
  2⤵
  PID:9016
- C:\Windows\System\pHmiOvg.exe
  C:\Windows\System\pHmiOvg.exe
  2⤵
  PID:9156
- C:\Windows\System\mkKPThY.exe
  C:\Windows\System\mkKPThY.exe
  2⤵
  PID:9108
- C:\Windows\System\NSDeXVc.exe
  C:\Windows\System\NSDeXVc.exe
  2⤵
  PID:9052
- C:\Windows\System\gFGySbG.exe
  C:\Windows\System\gFGySbG.exe
  2⤵
  PID:8100
- C:\Windows\System\gMGCcYd.exe
  C:\Windows\System\gMGCcYd.exe
  2⤵
  PID:8612
- C:\Windows\System\NeLRjFb.exe
  C:\Windows\System\NeLRjFb.exe
  2⤵
  PID:8468
- C:\Windows\System\OWAoXEY.exe
  C:\Windows\System\OWAoXEY.exe
  2⤵
  PID:8536
- C:\Windows\System\nuXeuZr.exe
  C:\Windows\System\nuXeuZr.exe
  2⤵
  PID:592
- C:\Windows\System\zPScQCr.exe
  C:\Windows\System\zPScQCr.exe
  2⤵
  PID:8656
- C:\Windows\System\mDfzyHL.exe
  C:\Windows\System\mDfzyHL.exe
  2⤵
  PID:8724
- C:\Windows\System\TQCBWdS.exe
  C:\Windows\System\TQCBWdS.exe
  2⤵
  PID:8948
- C:\Windows\System\EkkfChE.exe
  C:\Windows\System\EkkfChE.exe
  2⤵
  PID:8848
- C:\Windows\System\mRTPUvZ.exe
  C:\Windows\System\mRTPUvZ.exe
  2⤵
  PID:8440
- C:\Windows\System\ZbYqpJH.exe
  C:\Windows\System\ZbYqpJH.exe
  2⤵
  PID:9068
- C:\Windows\System\rWFPVWL.exe
  C:\Windows\System\rWFPVWL.exe
  2⤵
  PID:9104
- C:\Windows\System\epHUbNe.exe
  C:\Windows\System\epHUbNe.exe
  2⤵
  PID:8236
- C:\Windows\System\AtCaoVx.exe
  C:\Windows\System\AtCaoVx.exe
  2⤵
  PID:8200
- C:\Windows\System\XqykOSX.exe
  C:\Windows\System\XqykOSX.exe
  2⤵
  PID:9040
- C:\Windows\System\mDabyZG.exe
  C:\Windows\System\mDabyZG.exe
  2⤵
  PID:9196
- C:\Windows\System\ZvVTnwC.exe
  C:\Windows\System\ZvVTnwC.exe
  2⤵
  PID:8924
- C:\Windows\System\iSLvaaK.exe
  C:\Windows\System\iSLvaaK.exe
  2⤵
  PID:8356
- C:\Windows\System\vWGadNs.exe
  C:\Windows\System\vWGadNs.exe
  2⤵
  PID:9088
- C:\Windows\System\ouzMBvQ.exe
  C:\Windows\System\ouzMBvQ.exe
  2⤵
  PID:9004
- C:\Windows\System\raUQiAS.exe
  C:\Windows\System\raUQiAS.exe
  2⤵
  PID:8264
- C:\Windows\System\TkHGkCW.exe
  C:\Windows\System\TkHGkCW.exe
  2⤵
  PID:8556
- C:\Windows\System\auoYSxV.exe
  C:\Windows\System\auoYSxV.exe
  2⤵
  PID:8988
- C:\Windows\System\rpnlHHK.exe
  C:\Windows\System\rpnlHHK.exe
  2⤵
  PID:8684
- C:\Windows\System\UWKhZbb.exe
  C:\Windows\System\UWKhZbb.exe
  2⤵
  PID:1004
- C:\Windows\System\jUbGXlk.exe
  C:\Windows\System\jUbGXlk.exe
  2⤵
  PID:8700
- C:\Windows\System\atMfIvg.exe
  C:\Windows\System\atMfIvg.exe
  2⤵
  PID:8736
- C:\Windows\System\iAjYSyd.exe
  C:\Windows\System\iAjYSyd.exe
  2⤵
  PID:9228
- C:\Windows\System\mCCcKXg.exe
  C:\Windows\System\mCCcKXg.exe
  2⤵
  PID:9248
- C:\Windows\System\uZeVLpe.exe
  C:\Windows\System\uZeVLpe.exe
  2⤵
  PID:9268
- C:\Windows\System\cQjRvpL.exe
  C:\Windows\System\cQjRvpL.exe
  2⤵
  PID:9288
- C:\Windows\System\uvfmxFF.exe
  C:\Windows\System\uvfmxFF.exe
  2⤵
  PID:9304
- C:\Windows\System\Aizmurf.exe
  C:\Windows\System\Aizmurf.exe
  2⤵
  PID:9332
- C:\Windows\System\PfXgFQm.exe
  C:\Windows\System\PfXgFQm.exe
  2⤵
  PID:9348
- C:\Windows\System\AbKyIlo.exe
  C:\Windows\System\AbKyIlo.exe
  2⤵
  PID:9368
- C:\Windows\System\aNpQyDv.exe
  C:\Windows\System\aNpQyDv.exe
  2⤵
  PID:9392
- C:\Windows\System\uPLUULZ.exe
  C:\Windows\System\uPLUULZ.exe
  2⤵
  PID:9408
- C:\Windows\System\TxnxzWa.exe
  C:\Windows\System\TxnxzWa.exe
  2⤵
  PID:9428
- C:\Windows\System\yFNkYtl.exe
  C:\Windows\System\yFNkYtl.exe
  2⤵
  PID:9448
- C:\Windows\System\OuZmuui.exe
  C:\Windows\System\OuZmuui.exe
  2⤵
  PID:9472
- C:\Windows\System\IhleiHJ.exe
  C:\Windows\System\IhleiHJ.exe
  2⤵
  PID:9488
- C:\Windows\System\olrwpcr.exe
  C:\Windows\System\olrwpcr.exe
  2⤵
  PID:9512
- C:\Windows\System\BaRmqNX.exe
  C:\Windows\System\BaRmqNX.exe
  2⤵
  PID:9532
- C:\Windows\System\npwlZmf.exe
  C:\Windows\System\npwlZmf.exe
  2⤵
  PID:9556
- C:\Windows\System\nolkHdN.exe
  C:\Windows\System\nolkHdN.exe
  2⤵
  PID:9572
- C:\Windows\System\SWdMkXS.exe
  C:\Windows\System\SWdMkXS.exe
  2⤵
  PID:9592
- C:\Windows\System\LsSdWIt.exe
  C:\Windows\System\LsSdWIt.exe
  2⤵
  PID:9612
- C:\Windows\System\usHAhMl.exe
  C:\Windows\System\usHAhMl.exe
  2⤵
  PID:9636
- C:\Windows\System\VJIctZR.exe
  C:\Windows\System\VJIctZR.exe
  2⤵
  PID:9652
- C:\Windows\System\gbgVQlE.exe
  C:\Windows\System\gbgVQlE.exe
  2⤵
  PID:9676
- C:\Windows\System\Dwosdcl.exe
  C:\Windows\System\Dwosdcl.exe
  2⤵
  PID:9696
- C:\Windows\System\DkABpyP.exe
  C:\Windows\System\DkABpyP.exe
  2⤵
  PID:9712
- C:\Windows\System\pFPWpVb.exe
  C:\Windows\System\pFPWpVb.exe
  2⤵
  PID:9728
- C:\Windows\System\reCvSTB.exe
  C:\Windows\System\reCvSTB.exe
  2⤵
  PID:9760
- C:\Windows\System\WrviDrd.exe
  C:\Windows\System\WrviDrd.exe
  2⤵
  PID:9776
- C:\Windows\System\XMhQKDm.exe
  C:\Windows\System\XMhQKDm.exe
  2⤵
  PID:9792
- C:\Windows\System\FGLwEiV.exe
  C:\Windows\System\FGLwEiV.exe
  2⤵
  PID:9808
- C:\Windows\System\SpUifBl.exe
  C:\Windows\System\SpUifBl.exe
  2⤵
  PID:9840
- C:\Windows\System\AfKTBYc.exe
  C:\Windows\System\AfKTBYc.exe
  2⤵
  PID:9856
- C:\Windows\System\yQDWntK.exe
  C:\Windows\System\yQDWntK.exe
  2⤵
  PID:9876
- C:\Windows\System\bYnuKkN.exe
  C:\Windows\System\bYnuKkN.exe
  2⤵
  PID:9896
- C:\Windows\System\fRnahGi.exe
  C:\Windows\System\fRnahGi.exe
  2⤵
  PID:9912
- C:\Windows\System\vRrrszN.exe
  C:\Windows\System\vRrrszN.exe
  2⤵
  PID:9932
- C:\Windows\System\FaPJyDy.exe
  C:\Windows\System\FaPJyDy.exe
  2⤵
  PID:9952
- C:\Windows\System\bvXzCZQ.exe
  C:\Windows\System\bvXzCZQ.exe
  2⤵
  PID:9968
- C:\Windows\System\HkWdklr.exe
  C:\Windows\System\HkWdklr.exe
  2⤵
  PID:9988
- C:\Windows\System\CgQbMfV.exe
  C:\Windows\System\CgQbMfV.exe
  2⤵
  PID:10004
- C:\Windows\System\GqSHUgz.exe
  C:\Windows\System\GqSHUgz.exe
  2⤵
  PID:10024
- C:\Windows\System\xHLhCFJ.exe
  C:\Windows\System\xHLhCFJ.exe
  2⤵
  PID:10044
- C:\Windows\System\GfQtSwu.exe
  C:\Windows\System\GfQtSwu.exe
  2⤵
  PID:10060
- C:\Windows\System\wlfYKPT.exe
  C:\Windows\System\wlfYKPT.exe
  2⤵
  PID:10080
- C:\Windows\System\sksXdUW.exe
  C:\Windows\System\sksXdUW.exe
  2⤵
  PID:10096
- C:\Windows\System\NosBfem.exe
  C:\Windows\System\NosBfem.exe
  2⤵
  PID:10116
- C:\Windows\System\IZcaskB.exe
  C:\Windows\System\IZcaskB.exe
  2⤵
  PID:10132
- C:\Windows\System\pugePBp.exe
  C:\Windows\System\pugePBp.exe
  2⤵
  PID:10156
- C:\Windows\System\sgmDloR.exe
  C:\Windows\System\sgmDloR.exe
  2⤵
  PID:10180
- C:\Windows\System\xNmDaVv.exe
  C:\Windows\System\xNmDaVv.exe
  2⤵
  PID:10196
- C:\Windows\System\ZTbHimX.exe
  C:\Windows\System\ZTbHimX.exe
  2⤵
  PID:8984
- C:\Windows\System\HIqVdQk.exe
  C:\Windows\System\HIqVdQk.exe
  2⤵
  PID:9220
- C:\Windows\System\ZqqPcZJ.exe
  C:\Windows\System\ZqqPcZJ.exe
  2⤵
  PID:9244
- C:\Windows\System\pANbgPn.exe
  C:\Windows\System\pANbgPn.exe
  2⤵
  PID:9276
- C:\Windows\System\SzuTTes.exe
  C:\Windows\System\SzuTTes.exe
  2⤵
  PID:9312
- C:\Windows\System\ElwdirE.exe
  C:\Windows\System\ElwdirE.exe
  2⤵
  PID:9324
- C:\Windows\System\IiyjbhF.exe
  C:\Windows\System\IiyjbhF.exe
  2⤵
  PID:9376
- C:\Windows\System\cMEdxEw.exe
  C:\Windows\System\cMEdxEw.exe
  2⤵
  PID:9400
- C:\Windows\System\znIvwdJ.exe
  C:\Windows\System\znIvwdJ.exe
  2⤵
  PID:9420
- C:\Windows\System\XHQAduT.exe
  C:\Windows\System\XHQAduT.exe
  2⤵
  PID:9456
- C:\Windows\System\LuGNSus.exe
  C:\Windows\System\LuGNSus.exe
  2⤵
  PID:9500
- C:\Windows\System\REtpLBA.exe
  C:\Windows\System\REtpLBA.exe
  2⤵
  PID:9568
- C:\Windows\System\QUuxAJm.exe
  C:\Windows\System\QUuxAJm.exe
  2⤵
  PID:9600
- C:\Windows\System\LRSijfY.exe
  C:\Windows\System\LRSijfY.exe
  2⤵
  PID:9632
- C:\Windows\System\oGHRocz.exe
  C:\Windows\System\oGHRocz.exe
  2⤵
  PID:9648
- C:\Windows\System\mmgvHaw.exe
  C:\Windows\System\mmgvHaw.exe
  2⤵
  PID:9692
- C:\Windows\System\cRFBiej.exe
  C:\Windows\System\cRFBiej.exe
  2⤵
  PID:9724
- C:\Windows\System\fyMlLVa.exe
  C:\Windows\System\fyMlLVa.exe
  2⤵
  PID:9784
- C:\Windows\System\qIJMpGS.exe
  C:\Windows\System\qIJMpGS.exe
  2⤵
  PID:9824
- C:\Windows\System\EcYIsBy.exe
  C:\Windows\System\EcYIsBy.exe
  2⤵
  PID:9800
- C:\Windows\System\dbazpVA.exe
  C:\Windows\System\dbazpVA.exe
  2⤵
  PID:9848
- C:\Windows\System\ipPkjZj.exe
  C:\Windows\System\ipPkjZj.exe
  2⤵
  PID:9904
- C:\Windows\System\IWjcqpE.exe
  C:\Windows\System\IWjcqpE.exe
  2⤵
  PID:9944
- C:\Windows\System\LdApwJJ.exe
  C:\Windows\System\LdApwJJ.exe
  2⤵
  PID:9984
- C:\Windows\System\XVpmnFP.exe
  C:\Windows\System\XVpmnFP.exe
  2⤵
  PID:10052
- C:\Windows\System\MrAlWOl.exe
  C:\Windows\System\MrAlWOl.exe
  2⤵
  PID:10164
- C:\Windows\System\pGHtvGz.exe
  C:\Windows\System\pGHtvGz.exe
  2⤵
  PID:10208
- C:\Windows\System\RDTKfXq.exe
  C:\Windows\System\RDTKfXq.exe
  2⤵
  PID:9964
- C:\Windows\System\YeNgxwR.exe
  C:\Windows\System\YeNgxwR.exe
  2⤵
  PID:10220
- C:\Windows\System\AijZsgc.exe
  C:\Windows\System\AijZsgc.exe
  2⤵
  PID:10236
- C:\Windows\System\kakJyop.exe
  C:\Windows\System\kakJyop.exe
  2⤵
  PID:9284
- C:\Windows\System\GDPLrWC.exe
  C:\Windows\System\GDPLrWC.exe
  2⤵
  PID:9364
- C:\Windows\System\yyoEzDv.exe
  C:\Windows\System\yyoEzDv.exe
  2⤵
  PID:9996
- C:\Windows\System\JTmPhIT.exe
  C:\Windows\System\JTmPhIT.exe
  2⤵
  PID:10108
- C:\Windows\System\stBSsOC.exe
  C:\Windows\System\stBSsOC.exe
  2⤵
  PID:10188
- C:\Windows\System\CdshFpj.exe
  C:\Windows\System\CdshFpj.exe
  2⤵
  PID:9588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\GWxCqlb.exe

Filesize
6.0MB

MD5
594f7610c125c6e07597cd70ed3b1bf0

SHA1
e2bdd223c22cdd0cc22bb8eac0a86f9040881b83

SHA256
52d2551178a8d63fa9e5f4bac9ea0d6753eb241daa588b284714d445f3c0f3e0

SHA512
0ad76138fd674b9736420d9fa19153dc125f86f7bcb6f872bf1d9362d21faaf4bb9e5108e3facc2e356675306d9fb1ad51d0699924339fd5e5210550bfb86618

Download Submit
C:\Windows\system\LUwYLKA.exe

Filesize
6.0MB

MD5
992e01cbb0b2fde201fcc8a80becbb68

SHA1
2a5415ce9b75c701742b0c1bfaac4a9862d03f2b

SHA256
85df90bb7728df500e55e95c41409ae7ace3572ea3298ce1d73f61ee3508d97f

SHA512
5bc556cf3c6f88b553b45ad20eda5aa6b7d0e93013039e4ed90fa24d0a35e7c70d2b0ea302d3b1eb03f36a797e49685f0fd5184ff9ecee4cc82dd9d6ca17bb14

Download Submit
C:\Windows\system\SuKslck.exe

Filesize
6.0MB

MD5
d967ed0805bffefa4a9896addae11f87

SHA1
be7ccd4ed429e584ad70899663bb6e4315f16ccd

SHA256
f8fb2d3455b5b2f4f6ef20044a06048432a2301b322a5e3967b7f3213c950083

SHA512
6f97a02e94f965e990efad5ed866d97c2c64678097bb8a440f145d7434656075b51209ce63c3fb2137ccbbb471e846fb5cf773c28d208beb7e148fe3246f5da2

Download Submit
C:\Windows\system\UPMpYxZ.exe

Filesize
6.0MB

MD5
622ecc5fb2e08cfb00292c1392033c9f

SHA1
c18a2febfc84938f4269310a6b9152092724bfa3

SHA256
670317e5d4ac8f33d00184635e76992c1556a3135d9a9e6009cef1aff6af695f

SHA512
b4d6d7410ed11bd3a3c33a1a0eedeadb534b453514d070e6ac94da0d6a8aacdd32bda6fa7281768dd2a14d299bc8f8f7d837e19896a780c255ee7d69cd266072

Download Submit
C:\Windows\system\VhUviqA.exe

Filesize
6.0MB

MD5
d57dc9f6e9ed264084f7287ba8af3fdc

SHA1
f2ac53ec6602b3692067c53ddd3c32c5b014ae75

SHA256
1c58a2dd3c74528e3c40e622ee5656134ac7b6913a9d4079f2da0a39d5a50705

SHA512
9773303c2115546b2767c929ac1dfaa9acf91a3f9f2ffac51424f129987e068633b34f4a6914cf849d8def1b31533a9b87695ac681de24be76c475c064ee9a9a

Download Submit
C:\Windows\system\VhXDnoJ.exe

Filesize
6.0MB

MD5
839732825d88baa1c1bb33b9305c31cd

SHA1
32db1311c17c2f7969576958d4eda8b87452b275

SHA256
894b3eb137f4de096d47a6f4f2a310cce8db0eb524dcb08d3de59def37aa567e

SHA512
0c4cc429ce25d6b3dc3f5627b0ff5f99aa4104bd9342006260bf3cccced99fd5875cc5bd0950ee89ad826377a9aa6fb8f8f2fb5796833b1de9458428a6ec016d

Download Submit
C:\Windows\system\XQTARhr.exe

Filesize
6.0MB

MD5
8fbc9502779008d13b230b0ff98e0726

SHA1
9b5f4c9f2dfbc7862d227276c8ba0963597ba4bd

SHA256
1c4def1851b80a3f7e7dcdf541300ae27e1dab6dbb63b5f2dd3d0bf915ed8079

SHA512
3375618e4627bfb5cb5dcf195230b0242653ab0b1ff0aac992ddadfce24303cf723091a529ee5f7564a732462c636416871a936452c0dc9adbaee1e3a45fea6b

Download Submit
C:\Windows\system\XvfWbhS.exe

Filesize
6.0MB

MD5
edae372e8f90e4052b473970314265ca

SHA1
3516183f7ba7ce05831ced24fc7b69177d3b75ca

SHA256
fe6a744f9c72412658ae7c68f159e19a3c300985ab6eed2bb929dc264bbace89

SHA512
fece355e6084aa64a830e4c66f9c514a6bca54b561731d2595afd9cb99baf89e3c16fb4bd94976f5e52791f4f2ac396ee16f3501abd6e7ab1d2d89596a1b4fb6

Download Submit
C:\Windows\system\cRcrYyg.exe

Filesize
6.0MB

MD5
435268901154d475d853388cf5022809

SHA1
007008aace1455d94cd292ff0607cfc900e6c656

SHA256
14015c13155267423d69856aac81179bc4a25e02afc1127cb4efc7734b270e4c

SHA512
5fa9d3361d467af60ea6a2e59c504a2ac1eea765fd471900535562207b0698bd01669ce5d0576c092202bce86e6c7c19104c4189e1fc8698e846d0defbb0716c

Download Submit
C:\Windows\system\eWNrYTo.exe

Filesize
6.0MB

MD5
60cefe151edb55bb5093bedbb3a55e7b

SHA1
1458bede58ca9d4bb375936ff96767803e245b7f

SHA256
32e4c1304a335776af2f0f0cde546fa50612c68175e79e678fcf3ae8144b985c

SHA512
1e972241195a143c0bc07800e6d89a3c851a8110d87db246ed3114c5b4ba03aebe5b35867be79316de9637e91ab9bc01638b62e6cb800da483900e40e8665beb

Download Submit
C:\Windows\system\giyHhmJ.exe

Filesize
6.0MB

MD5
e8c0bd9a0ce3fd1095ffe4b58ae42a30

SHA1
8cdc81c4528135acb7e26e817f564e5872ecdf5b

SHA256
f98101d498ecec43c716034ba11e25d0c65f6f3c7a743930615e7b5c7998c888

SHA512
f70e4a7498e5d51fd3a865bcb3dc34888c3776e61d8c38d514e8e44841f4145e309f80811d0bc69df8916926cdb1183032165b2424d7e3def296c25aaa1c0d54

Download Submit
C:\Windows\system\hwEjjKc.exe

Filesize
6.0MB

MD5
a0b2036b54e52223082574864ef57198

SHA1
58a4494b512e3bc64f40d6bfb066eb61a324c1e5

SHA256
e60efd8d6bb56012dd5f1d408b8ffbf5026545309bafb622014cb5ec3fcb0102

SHA512
77dfbe661ec04de1a3a7376d835cdb1467f193d7b2258bec2545c0785f3a2bcb49dd625c99fc1622619ba818a73be1af2f923feec799dd594c659d4efa071dcc

Download Submit
C:\Windows\system\jDRFMCI.exe

Filesize
6.0MB

MD5
b9a450e9ef46595609c443dbb6b0e453

SHA1
52a8e7461aa2847e9639cb7a872e477e46432a97

SHA256
aa2e783d39c04c5275d71bcc8f6c3f8a39434de7e6ce03635dd92aa968857816

SHA512
0d3692cf774794e6e40c26b26c3591035d594243fcea7d5d1f95a870c85325dfd1dad684de733135fe706b864b77b3280865781ff385382e6829e011cc686ecc

Download Submit
C:\Windows\system\nsmdQlJ.exe

Filesize
6.0MB

MD5
b78fba41a646eb90e274d988920b2ad2

SHA1
c9c48bbf90c4e35d4f492e2b80b46f185e804aac

SHA256
b814392e37592d18325fc3b10bd9cbdca13ea67243866ad79b5e3916c5928f6f

SHA512
c1b56c1c02008c65401da566b538075ecc472c0a1b6b79a33c7551aa7ebf11b81783ceb4f1a396f0a58fd5be3079f0850a46b3602c99552e718ed1991c4b191a

Download Submit
C:\Windows\system\qGESqij.exe

Filesize
6.0MB

MD5
8c510e5396dea71aa0badcb871230778

SHA1
176183060b05c3f49014fe22d7459f1ccd1b772b

SHA256
97e33396785db43387d4ceb00731f5c4a05e03210834e971da54b39f6f929226

SHA512
255a7d6dad09e28253c14e63892f2314ef72277b21e2b9b0f988038273bd88e55eb8233dde56db8fd90b15baf3803fc9028f330c27e2e8c104c70772965f5296

Download Submit
C:\Windows\system\qVMynYa.exe

Filesize
6.0MB

MD5
f84c343d77ba985a31488c7ba491623b

SHA1
f58a4e5cd7735c4e691905d2b1e30aca2b965b60

SHA256
525b11c16f97b7f6e2eb3e6ed61e3cb0b8248cd99b6310e068e55944e789662c

SHA512
8471f247d8175de4ea813fbb56fd84b3f762765dd47ff150311aa2c696712a2bb576847c3e8e4b61925bfe887eef1f7ca6bd244aa052ae57fb173edcd21d7129

Download Submit
C:\Windows\system\qrTLWjk.exe

Filesize
6.0MB

MD5
ea7214c5b63a746ddcbc71cf039ba8d9

SHA1
f5f8b115d22d705d4882bf8582c8187a6068c4ae

SHA256
d8d502abda09d288d6fec5fbea66dde42d723f2e0a807f93e7bd10ba6c50ac7b

SHA512
de3347c4d797f96c01ccc873de47285e2205861f367daced382780aa0677aaefeea1261a9324c070a77bf55bb176accd42ac71717c5029e9ab62c94f77f34f12

Download Submit
C:\Windows\system\rHARpal.exe

Filesize
6.0MB

MD5
2444c7f09d3c307ab8c44d72206f98b3

SHA1
ef0d95f2e0eccf4009d9889f9f823812864bb77b

SHA256
58209a41f610a08015904b1640f827a2a3b98fd63e8e9e6443902c7d9cf9b946

SHA512
08b83b986bc65e3233f955c7168ea4a8a501efce38f85a961c447709bcc85270898ff19c7d3cd811d40d182bdff306ec95cd7b3d728dbe0dceeb76a5b0350e52

Download Submit
C:\Windows\system\sscdgSA.exe

Filesize
6.0MB

MD5
ceef4bea4e4ee340dca4e70026858db1

SHA1
e5c1273ff919ab96b12703efbaef517929dd3ba1

SHA256
8f0698ee6a4dede75d4b262177053297130c9b479b9637e8d1f7583871b4d76a

SHA512
033a40490adda4fd4bc611e4dbd02b4127c7f98057447d8be2bcc947c3366d3d5918a51462293956b732ba2ab6d859241579eb2d7a76c8af7c625af53172cdbf

Download Submit
C:\Windows\system\tGMDjBo.exe

Filesize
6.0MB

MD5
02a82acdf738c73ede6a8991217a8138

SHA1
b8cb0341b96b8767aaa12eef741189a2cfd65610

SHA256
a0c4a3d5178f4f9cacd43cae22dbfcabed47228a0eb9b6431c57bf6ba410440a

SHA512
a5fef737f69690c1dd7caa887d3c60c5383e84903cf175badcfc2117ccbcc8864c26a684bd6aacf02f88705baa2a7629e77bfdae41c061d47df1d7483d3b913b

Download Submit
C:\Windows\system\ypQFEDp.exe

Filesize
6.0MB

MD5
b43787ed1095e3c5b19be93e25be3c7e

SHA1
894942258a67511932b4cb3a64d0c57b9f7748f3

SHA256
ca7cb663180931c198613cfa037b3b1640cc40a31a98387b0a2f5cd944e6d494

SHA512
433dcf801e5657e3d3dbfe4cc36d7b8b4346c23e559a0dcbdf5a4a14a48b54c3b8ac5c03a1dc74bb8cf6e06457fcef93ccdafc78caf7273a38bda2dda2659d84

Download Submit
\Windows\system\AUpjqsR.exe

Filesize
6.0MB

MD5
6244a9a653ea511787a1330c0e910b14

SHA1
be45958a6fa8e3d74c7f76f2179428f00d1cecbf

SHA256
c960361357a463774e14e6f2b3847ac0bb9412b91f739d76f35a0f96d42cc49c

SHA512
5afc0712541e26a64c4b8ad85c0be84d01e51af28097ef16490c3076c0b71b816d68e5d3807c5aaa0a63a93aecfdfa8829b452951f083f1307114e6b354a684e

Download Submit
\Windows\system\Cbkgivf.exe

Filesize
6.0MB

MD5
363f57f59123c48f6eacabac50f5bf62

SHA1
711371d9d9d7f2796c90e857686679feeacce684

SHA256
e736570aa4834a6aba693ddc2bdd7fd5e338659c72f6078d1a970ef42487d628

SHA512
9773eb9a75e5796b1a00d079c0d0635368d435b2ae68e4265a41c4d743c192fe26890b1d222893ba4b62042a88a0f9a44fc10119898e8032d957a7ad32d408bc

Download Submit
\Windows\system\GCZSQnj.exe

Filesize
6.0MB

MD5
7bacf50223bb4a02c7439b50bcc4664d

SHA1
4eaa6ceebccf89c211662ad5cd62cbbd58051249

SHA256
0aa6eaddbd3da6ac89077d068a82920d7eefd87d2a83b2332877937d921e3c8c

SHA512
b833134985df9f268cb4bed02f0972f3cdcad80d0ae86d3aa01287a472f590a470db1bf1a6c5277366d1176fdc282bda8fea9722dbadb2791f812465ae8580e3

Download Submit
\Windows\system\RqHaoId.exe

Filesize
6.0MB

MD5
cf1a154dced063d6fd919def5f5383fd

SHA1
d8f3dca8317b3b5ac5a98426b88682dbc5c0912d

SHA256
184b9cf568d8fea252364cd35a468ea49e68bd426c9d295e9bfab189eb2169a4

SHA512
dfa3b2cf64264f4558636d241bad2bbcf918b8d08acde5ab981c6a570c12c6b7dce9982edd193fd5369c32f4266822a68d238ff30f7219f40723e84db76daf4f

Download Submit
\Windows\system\TFVejGl.exe

Filesize
6.0MB

MD5
020a5fb9f9715c19bc92c3e4e92595a9

SHA1
63b799e20a306c9ddd29db1c0152c0c83957aeeb

SHA256
e416da6d13f2ccf054476fe6dd85b2b9a2eae2197d10af0253f04ef0804c93a6

SHA512
83a1ac3becb2b6d0a0f7a4aeb060d6789761dc4ee63a23088284e50acc748739737f3453537d87a23a2cf2a82deb8f1aa34073ac9a8043ad6570fa2d6a1969a5

Download Submit
\Windows\system\VjkiMyQ.exe

Filesize
6.0MB

MD5
4659299e85055e1a7e66b1dd540f52f9

SHA1
e0f1c6899fe88b77674e8d360211da0efb443798

SHA256
2a9598cea83eace3c20cf57afdb65af54a55cb9dc382d2a8369cd23f8564b7a7

SHA512
978d991948fbce5c16ce1bcea90f2db1ad9c639386bd52f0370757785b83c0b11379ad65d3350a9916ddaed33d3e28ceaff6a4fd02d65a8b18d6b83c6b401ed2

Download Submit
\Windows\system\ZeCrcxG.exe

Filesize
6.0MB

MD5
2a55077d0d098a6911d264028f775829

SHA1
e7ad73010997097e3b456117f5f7e9d6f9b3c3d2

SHA256
5e4d7194756a3d56a888843e3b14831af6443b7fe315b1989c1d878c8b82712d

SHA512
4002cb634615c5f24730026ef1d8d0ff925205f036b36f742da16935158be82689040724a0ea979f2c7ce250eeb9a1994f9fb4f3f5c6264e90c5e5cfcb082ebc

Download Submit
\Windows\system\bVIscGF.exe

Filesize
6.0MB

MD5
ed6a6766ad4a0a2c8aaf1d7582978396

SHA1
971020fc600cdfd7a2ae36403a0628e8ee667172

SHA256
b190aefc073d6d628bfb3f682bd7f42ad74a2f98b4dcb91ac9b64566cf1fdc2d

SHA512
456e60576079db6c2680d0e49eec6ee9cf66e1ff774ed2c53883ef69950f1b50abb193286f5270a818a94e346a24ff6bdb79e15b0d1f24939bfecdb2766b9d52

Download Submit
\Windows\system\loHOqlD.exe

Filesize
6.0MB

MD5
1c1caf74e109228149225db2891c9917

SHA1
da7713d4754ba93273f90b54bdd904bc10962f66

SHA256
124aeeb37d3a48df5e1dc69afd79b1bc8d03ce7428971f9c7199549848d6a738

SHA512
0985d11c3f74155c53cd949d28447d3fe87f2608a6ec8f83ae2f06e26186057a5c3b4aec7fa053d81f00f7a5439c42fa3e155ffb18b5f656eeb45bda0b8025f8

Download Submit
\Windows\system\tjCsdUh.exe

Filesize
6.0MB

MD5
e3f9f72d14936961d062a1dbe10c2938

SHA1
e39618ac7bb38e4ddd5b43e8965103bec9270aa3

SHA256
aae00cc20aeabc3df007a56715695b244c2150f693205aca812a026c9eb72f0b

SHA512
03afe54496ea2f51356e3314b92abbca7f5071701b0d6c1c58911d3179d9b27a61b084771212dfd50674b042a74b3715987e486cdeb9dfe9a0fa53ad72b73477

Download Submit
\Windows\system\xJSIYfy.exe

Filesize
6.0MB

MD5
ced3060e5ff802f0a218e6b0950d08b0

SHA1
0d3f831c75dc1d31e7fe54dc9bd75612d83cbe17

SHA256
5b58bdc4474f3d78a1bff5dfc06cc22216ffb3ab7b2fa50a91a2a80528fac8fc

SHA512
8f15607ad4f7e57a273d38fc41d16292c99a2ed31168f99c779d367b31df52ed702c8341149be22c9ab2bee387125cc3ccce016ed865286d9b7bb907b179f14b

Download Submit
memory/1764-85-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1764-3805-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1988-3331-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1988-27-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2112-126-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-3821-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-28-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2380-3330-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2496-48-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2496-13-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2496-112-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2496-0-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-76-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-130-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2496-933-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2496-106-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2496-710-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2496-91-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-69-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2496-503-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2496-61-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2496-441-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2496-274-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-53-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-156-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2496-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2496-30-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2496-7-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2496-37-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-157-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2544-24-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2544-3308-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2600-128-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-56-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3543-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-72-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2608-197-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3677-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2624-64-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3647-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3568-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-49-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-60-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2764-34-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3333-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2908-3353-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2908-40-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2908-68-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2960-23-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2960-3311-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2968-79-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-362-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-3807-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download