cobaltstrike | 14129e5720788d06ed8f02240aa89b35aa7cd37140ee39a16fea0a4b344b10fe

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/11/2024, 04:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

491c65553dbeafec56e6aa9d227e13e2
SHA1

b17e724a7f419df3c241ecb1b5da1cb1533859ec
SHA256

14129e5720788d06ed8f02240aa89b35aa7cd37140ee39a16fea0a4b344b10fe
SHA512

1f55597e2c2a7916d520209f50ea2f083628002a2802305835af19d45b5ced64e71b04c5a67266cfce801d19ba5f207fec5329db99c40340fcc587ee4ce4b443
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUi:T+q56utgpPF8u/7i

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012101-6.dat	cobalt_reflective_dll
behavioral1/files/0x0016000000018657-12.dat	cobalt_reflective_dll
behavioral1/files/0x000f000000018662-10.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001867d-22.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000190c6-34.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878d-32.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000191fd-49.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000190c9-44.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017474-57.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db8-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9f-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a067-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a1-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42f-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49c-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4aa-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48c-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a434-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48e-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46a-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a431-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42b-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a345-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07b-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb9-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d44-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da4-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d20-78.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2228-0-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x0007000000012101-6.dat	xmrig
behavioral1/files/0x0016000000018657-12.dat	xmrig
behavioral1/memory/2208-15-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2236-14-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x000f000000018662-10.dat	xmrig
behavioral1/memory/2276-21-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/files/0x000700000001867d-22.dat	xmrig
behavioral1/memory/1464-28-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/files/0x00070000000190c6-34.dat	xmrig
behavioral1/memory/2228-43-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2796-42-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2228-40-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2784-38-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x000600000001878d-32.dat	xmrig
behavioral1/files/0x00080000000191fd-49.dat	xmrig
behavioral1/files/0x00070000000190c9-44.dat	xmrig
behavioral1/memory/2904-55-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2700-48-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x0008000000017474-57.dat	xmrig
behavioral1/files/0x0005000000019db8-70.dat	xmrig
behavioral1/files/0x0005000000019f9f-80.dat	xmrig
behavioral1/files/0x000500000001a067-97.dat	xmrig
behavioral1/files/0x000500000001a0a1-110.dat	xmrig
behavioral1/memory/2600-112-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2228-113-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/files/0x000500000001a42d-138.dat	xmrig
behavioral1/files/0x000500000001a42f-142.dat	xmrig
behavioral1/files/0x000500000001a49c-174.dat	xmrig
behavioral1/memory/2796-545-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2700-565-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2616-660-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2904-659-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/1464-258-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4aa-183.dat	xmrig
behavioral1/files/0x000500000001a49a-173.dat	xmrig
behavioral1/files/0x000500000001a4b5-187.dat	xmrig
behavioral1/files/0x000500000001a48c-163.dat	xmrig
behavioral1/files/0x000500000001a434-153.dat	xmrig
behavioral1/files/0x000500000001a48e-166.dat	xmrig
behavioral1/files/0x000500000001a46a-156.dat	xmrig
behavioral1/files/0x000500000001a431-146.dat	xmrig
behavioral1/files/0x000500000001a42b-133.dat	xmrig
behavioral1/files/0x000500000001a301-130.dat	xmrig
behavioral1/files/0x000500000001a345-129.dat	xmrig
behavioral1/files/0x000500000001a07b-127.dat	xmrig
behavioral1/files/0x0005000000019fb9-118.dat	xmrig
behavioral1/memory/2288-95-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2572-111-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2284-98-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2688-92-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d44-83.dat	xmrig
behavioral1/memory/2616-81-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/files/0x0005000000019da4-79.dat	xmrig
behavioral1/files/0x0005000000019d20-78.dat	xmrig
behavioral1/memory/2228-76-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2236-3944-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2208-3947-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/1464-3965-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2796-3977-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2700-3992-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2784-3996-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2904-3980-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2276-4006-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2236	aIqJQQu.exe
2208	NgtQMiR.exe
2276	RAiBXFS.exe
1464	jHqBHgz.exe
2784	ujzkSKa.exe
2796	RynEyiG.exe
2700	AhBeiov.exe
2904	GcnwDuW.exe
2616	RBxerOM.exe
2572	oeWmDBb.exe
2688	fiqguqQ.exe
2288	KpplSsP.exe
2600	wlkDGFh.exe
2284	dYEWmAl.exe
2864	LotiqIQ.exe
2096	xrTIgmd.exe
1716	zgyaqJj.exe
2900	iXMfMuj.exe
2940	nPhouGT.exe
2880	vBoLLbh.exe
2948	oTvUlqF.exe
2980	QmIJqVp.exe
2956	djijzRJ.exe
2872	SSypbuW.exe
1964	ePtiFdD.exe
2540	TelKyiD.exe
2268	WeGOJQl.exe
1600	GSoqBFv.exe
1128	LOfahdS.exe
272	DhMcAKo.exe
828	tAJPkjv.exe
1592	nvAQNCu.exe
1984	EIhDUtb.exe
2352	nzVTcam.exe
296	VqcXEPz.exe
888	VkiIVgI.exe
2444	tsupNWu.exe
1320	VjCHDou.exe
2084	SxBzqTt.exe
1720	JlyUzhR.exe
2548	ImHuBhT.exe
3024	IPXFrDr.exe
3064	ZiUIiVf.exe
1704	ZbLKNCf.exe
1180	nnHeHuh.exe
2056	bsCEZKD.exe
1468	ETPoqAx.exe
2420	HhfRKOV.exe
2344	wOGkmcf.exe
1652	lIZojJL.exe
2504	WGxkYAs.exe
280	PbVnLxn.exe
1572	YDSgzRb.exe
2256	JppQltL.exe
1636	pQZmmUC.exe
2176	vBkxXvi.exe
2696	JiIeDmx.exe
3032	zevgMgo.exe
2944	ryaCTzP.exe
2920	XxicsSr.exe
2448	fUAcJZg.exe
1788	JcZVpYL.exe
2656	LRKIyPa.exe
2744	lDDmMUH.exe

Loads dropped DLL 64 IoCs

pid	Process
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2228-0-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x0007000000012101-6.dat	upx
behavioral1/files/0x0016000000018657-12.dat	upx
behavioral1/memory/2208-15-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2236-14-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x000f000000018662-10.dat	upx
behavioral1/memory/2276-21-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/files/0x000700000001867d-22.dat	upx
behavioral1/memory/1464-28-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/files/0x00070000000190c6-34.dat	upx
behavioral1/memory/2228-43-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2796-42-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2784-38-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x000600000001878d-32.dat	upx
behavioral1/files/0x00080000000191fd-49.dat	upx
behavioral1/files/0x00070000000190c9-44.dat	upx
behavioral1/memory/2904-55-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2700-48-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/files/0x0008000000017474-57.dat	upx
behavioral1/files/0x0005000000019db8-70.dat	upx
behavioral1/files/0x0005000000019f9f-80.dat	upx
behavioral1/files/0x000500000001a067-97.dat	upx
behavioral1/files/0x000500000001a0a1-110.dat	upx
behavioral1/memory/2600-112-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x000500000001a42d-138.dat	upx
behavioral1/files/0x000500000001a42f-142.dat	upx
behavioral1/files/0x000500000001a49c-174.dat	upx
behavioral1/memory/2796-545-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2700-565-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2616-660-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2904-659-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/1464-258-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/files/0x000500000001a4aa-183.dat	upx
behavioral1/files/0x000500000001a49a-173.dat	upx
behavioral1/files/0x000500000001a4b5-187.dat	upx
behavioral1/files/0x000500000001a48c-163.dat	upx
behavioral1/files/0x000500000001a434-153.dat	upx
behavioral1/files/0x000500000001a48e-166.dat	upx
behavioral1/files/0x000500000001a46a-156.dat	upx
behavioral1/files/0x000500000001a431-146.dat	upx
behavioral1/files/0x000500000001a42b-133.dat	upx
behavioral1/files/0x000500000001a301-130.dat	upx
behavioral1/files/0x000500000001a345-129.dat	upx
behavioral1/files/0x000500000001a07b-127.dat	upx
behavioral1/files/0x0005000000019fb9-118.dat	upx
behavioral1/memory/2288-95-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2572-111-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2284-98-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2688-92-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/files/0x0005000000019d44-83.dat	upx
behavioral1/memory/2616-81-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/files/0x0005000000019da4-79.dat	upx
behavioral1/files/0x0005000000019d20-78.dat	upx
behavioral1/memory/2236-3944-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2208-3947-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/1464-3965-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2796-3977-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2700-3992-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2784-3996-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2904-3980-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2276-4006-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2572-4028-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2288-4030-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2600-4038-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\LYVoWlR.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uGOXtzY.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\udDdcBQ.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChyRXKF.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mUNHHmA.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dLnNYxo.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KMUNMxQ.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jxylYYe.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BwdHfnA.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DMASboK.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JoonaUo.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KbuIcJw.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OkQXHyP.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KlavxGg.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bOawQqh.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDLuehb.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDjeirn.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JIJdjrG.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\smhKbKd.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kSnVsGi.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jZwNodV.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rJTzkzI.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tjsBsns.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWTtgaX.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\noJqxav.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\taAJwTY.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ozHViTS.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\esnAZdr.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSSCfzW.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Irmbkug.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DQUjXhf.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FOjlmYG.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuQHKen.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ImHuBhT.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uaiidGO.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGSsxPl.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hUADclX.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FduHDrI.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpkHlnP.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HXIHAkm.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wrwtCqs.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kazpunr.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYKyosW.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JppQltL.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bzVpJiz.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KuPDsYq.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FCsxruY.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxbronS.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NAopcro.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HNyUQOP.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZyYDnbc.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YGtZfnh.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YOdhiyu.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNeLppD.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OxsKfKn.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WVqfhoL.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nTATfgw.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OECWnAy.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ePtiFdD.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLQsygi.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HdiHKNW.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xwSZmhh.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtOXxDw.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oyaoEXz.exe	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2236	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2228 wrote to memory of 2236	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2228 wrote to memory of 2236	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2228 wrote to memory of 2208	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2228 wrote to memory of 2208	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2228 wrote to memory of 2208	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2228 wrote to memory of 2276	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2228 wrote to memory of 2276	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2228 wrote to memory of 2276	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2228 wrote to memory of 1464	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2228 wrote to memory of 1464	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2228 wrote to memory of 1464	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2228 wrote to memory of 2784	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2228 wrote to memory of 2784	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2228 wrote to memory of 2784	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2228 wrote to memory of 2796	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2228 wrote to memory of 2796	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2228 wrote to memory of 2796	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2228 wrote to memory of 2700	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2228 wrote to memory of 2700	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2228 wrote to memory of 2700	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2228 wrote to memory of 2904	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2228 wrote to memory of 2904	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2228 wrote to memory of 2904	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2228 wrote to memory of 2616	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2228 wrote to memory of 2616	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2228 wrote to memory of 2616	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2228 wrote to memory of 2572	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2228 wrote to memory of 2572	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2228 wrote to memory of 2572	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2228 wrote to memory of 2600	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2228 wrote to memory of 2600	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2228 wrote to memory of 2600	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2228 wrote to memory of 2688	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2228 wrote to memory of 2688	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2228 wrote to memory of 2688	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2228 wrote to memory of 2284	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2228 wrote to memory of 2284	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2228 wrote to memory of 2284	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2228 wrote to memory of 2288	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2228 wrote to memory of 2288	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2228 wrote to memory of 2288	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2228 wrote to memory of 1716	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2228 wrote to memory of 1716	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2228 wrote to memory of 1716	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2228 wrote to memory of 2864	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2228 wrote to memory of 2864	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2228 wrote to memory of 2864	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2228 wrote to memory of 2900	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2228 wrote to memory of 2900	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2228 wrote to memory of 2900	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2228 wrote to memory of 2096	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2228 wrote to memory of 2096	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2228 wrote to memory of 2096	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2228 wrote to memory of 2880	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2228 wrote to memory of 2880	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2228 wrote to memory of 2880	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2228 wrote to memory of 2940	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2228 wrote to memory of 2940	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2228 wrote to memory of 2940	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2228 wrote to memory of 2948	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2228 wrote to memory of 2948	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2228 wrote to memory of 2948	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2228 wrote to memory of 2980	2228	2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-27_491c65553dbeafec56e6aa9d227e13e2_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\System\aIqJQQu.exe
  C:\Windows\System\aIqJQQu.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\NgtQMiR.exe
  C:\Windows\System\NgtQMiR.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\RAiBXFS.exe
  C:\Windows\System\RAiBXFS.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\jHqBHgz.exe
  C:\Windows\System\jHqBHgz.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\ujzkSKa.exe
  C:\Windows\System\ujzkSKa.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\RynEyiG.exe
  C:\Windows\System\RynEyiG.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\AhBeiov.exe
  C:\Windows\System\AhBeiov.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\GcnwDuW.exe
  C:\Windows\System\GcnwDuW.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\RBxerOM.exe
  C:\Windows\System\RBxerOM.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\oeWmDBb.exe
  C:\Windows\System\oeWmDBb.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\wlkDGFh.exe
  C:\Windows\System\wlkDGFh.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\fiqguqQ.exe
  C:\Windows\System\fiqguqQ.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\dYEWmAl.exe
  C:\Windows\System\dYEWmAl.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\KpplSsP.exe
  C:\Windows\System\KpplSsP.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\zgyaqJj.exe
  C:\Windows\System\zgyaqJj.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\LotiqIQ.exe
  C:\Windows\System\LotiqIQ.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\iXMfMuj.exe
  C:\Windows\System\iXMfMuj.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\xrTIgmd.exe
  C:\Windows\System\xrTIgmd.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\vBoLLbh.exe
  C:\Windows\System\vBoLLbh.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\nPhouGT.exe
  C:\Windows\System\nPhouGT.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\oTvUlqF.exe
  C:\Windows\System\oTvUlqF.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\QmIJqVp.exe
  C:\Windows\System\QmIJqVp.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\djijzRJ.exe
  C:\Windows\System\djijzRJ.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\SSypbuW.exe
  C:\Windows\System\SSypbuW.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\ePtiFdD.exe
  C:\Windows\System\ePtiFdD.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\TelKyiD.exe
  C:\Windows\System\TelKyiD.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\WeGOJQl.exe
  C:\Windows\System\WeGOJQl.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\GSoqBFv.exe
  C:\Windows\System\GSoqBFv.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\LOfahdS.exe
  C:\Windows\System\LOfahdS.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\DhMcAKo.exe
  C:\Windows\System\DhMcAKo.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\tAJPkjv.exe
  C:\Windows\System\tAJPkjv.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\nvAQNCu.exe
  C:\Windows\System\nvAQNCu.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\EIhDUtb.exe
  C:\Windows\System\EIhDUtb.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\nzVTcam.exe
  C:\Windows\System\nzVTcam.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\VqcXEPz.exe
  C:\Windows\System\VqcXEPz.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\VkiIVgI.exe
  C:\Windows\System\VkiIVgI.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\tsupNWu.exe
  C:\Windows\System\tsupNWu.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\VjCHDou.exe
  C:\Windows\System\VjCHDou.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\SxBzqTt.exe
  C:\Windows\System\SxBzqTt.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\JlyUzhR.exe
  C:\Windows\System\JlyUzhR.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\ImHuBhT.exe
  C:\Windows\System\ImHuBhT.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\IPXFrDr.exe
  C:\Windows\System\IPXFrDr.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\ZiUIiVf.exe
  C:\Windows\System\ZiUIiVf.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\ZbLKNCf.exe
  C:\Windows\System\ZbLKNCf.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\nnHeHuh.exe
  C:\Windows\System\nnHeHuh.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\bsCEZKD.exe
  C:\Windows\System\bsCEZKD.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\ETPoqAx.exe
  C:\Windows\System\ETPoqAx.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\HhfRKOV.exe
  C:\Windows\System\HhfRKOV.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\wOGkmcf.exe
  C:\Windows\System\wOGkmcf.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\lIZojJL.exe
  C:\Windows\System\lIZojJL.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\WGxkYAs.exe
  C:\Windows\System\WGxkYAs.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\PbVnLxn.exe
  C:\Windows\System\PbVnLxn.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\YDSgzRb.exe
  C:\Windows\System\YDSgzRb.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\JppQltL.exe
  C:\Windows\System\JppQltL.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\pQZmmUC.exe
  C:\Windows\System\pQZmmUC.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\vBkxXvi.exe
  C:\Windows\System\vBkxXvi.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\JiIeDmx.exe
  C:\Windows\System\JiIeDmx.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\zevgMgo.exe
  C:\Windows\System\zevgMgo.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\ryaCTzP.exe
  C:\Windows\System\ryaCTzP.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\XxicsSr.exe
  C:\Windows\System\XxicsSr.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\fUAcJZg.exe
  C:\Windows\System\fUAcJZg.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\JcZVpYL.exe
  C:\Windows\System\JcZVpYL.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\LRKIyPa.exe
  C:\Windows\System\LRKIyPa.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\lDDmMUH.exe
  C:\Windows\System\lDDmMUH.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\gBTklHa.exe
  C:\Windows\System\gBTklHa.exe
  2⤵
  PID:1372
- C:\Windows\System\hTGmAIK.exe
  C:\Windows\System\hTGmAIK.exe
  2⤵
  PID:2968
- C:\Windows\System\yGfqIHX.exe
  C:\Windows\System\yGfqIHX.exe
  2⤵
  PID:1480
- C:\Windows\System\FlSmYCn.exe
  C:\Windows\System\FlSmYCn.exe
  2⤵
  PID:3004
- C:\Windows\System\MQcqfGe.exe
  C:\Windows\System\MQcqfGe.exe
  2⤵
  PID:2664
- C:\Windows\System\zoTXdDX.exe
  C:\Windows\System\zoTXdDX.exe
  2⤵
  PID:264
- C:\Windows\System\eVrLPBI.exe
  C:\Windows\System\eVrLPBI.exe
  2⤵
  PID:1780
- C:\Windows\System\fCoJITB.exe
  C:\Windows\System\fCoJITB.exe
  2⤵
  PID:2460
- C:\Windows\System\GoRblOn.exe
  C:\Windows\System\GoRblOn.exe
  2⤵
  PID:660
- C:\Windows\System\FzCGRZZ.exe
  C:\Windows\System\FzCGRZZ.exe
  2⤵
  PID:1336
- C:\Windows\System\WHwNsVg.exe
  C:\Windows\System\WHwNsVg.exe
  2⤵
  PID:1692
- C:\Windows\System\xQhPXYq.exe
  C:\Windows\System\xQhPXYq.exe
  2⤵
  PID:2180
- C:\Windows\System\iIaDvmp.exe
  C:\Windows\System\iIaDvmp.exe
  2⤵
  PID:852
- C:\Windows\System\rQbYRhK.exe
  C:\Windows\System\rQbYRhK.exe
  2⤵
  PID:1328
- C:\Windows\System\SZFHpdx.exe
  C:\Windows\System\SZFHpdx.exe
  2⤵
  PID:1536
- C:\Windows\System\GXnyOeL.exe
  C:\Windows\System\GXnyOeL.exe
  2⤵
  PID:3000
- C:\Windows\System\zqoHvyS.exe
  C:\Windows\System\zqoHvyS.exe
  2⤵
  PID:1708
- C:\Windows\System\YUveYXn.exe
  C:\Windows\System\YUveYXn.exe
  2⤵
  PID:1676
- C:\Windows\System\VzSHaFM.exe
  C:\Windows\System\VzSHaFM.exe
  2⤵
  PID:3068
- C:\Windows\System\XBjzrse.exe
  C:\Windows\System\XBjzrse.exe
  2⤵
  PID:1484
- C:\Windows\System\mZwGuvF.exe
  C:\Windows\System\mZwGuvF.exe
  2⤵
  PID:556
- C:\Windows\System\GaHgPLB.exe
  C:\Windows\System\GaHgPLB.exe
  2⤵
  PID:2100
- C:\Windows\System\cisSqFl.exe
  C:\Windows\System\cisSqFl.exe
  2⤵
  PID:1588
- C:\Windows\System\uaiidGO.exe
  C:\Windows\System\uaiidGO.exe
  2⤵
  PID:788
- C:\Windows\System\QwmFSwJ.exe
  C:\Windows\System\QwmFSwJ.exe
  2⤵
  PID:2928
- C:\Windows\System\fGZNNKH.exe
  C:\Windows\System\fGZNNKH.exe
  2⤵
  PID:2672
- C:\Windows\System\nTNydxR.exe
  C:\Windows\System\nTNydxR.exe
  2⤵
  PID:2392
- C:\Windows\System\zRwfJGo.exe
  C:\Windows\System\zRwfJGo.exe
  2⤵
  PID:2628
- C:\Windows\System\eIUgLGQ.exe
  C:\Windows\System\eIUgLGQ.exe
  2⤵
  PID:2668
- C:\Windows\System\QbbwKOa.exe
  C:\Windows\System\QbbwKOa.exe
  2⤵
  PID:1904
- C:\Windows\System\MCtQJxD.exe
  C:\Windows\System\MCtQJxD.exe
  2⤵
  PID:2964
- C:\Windows\System\YXvTeqY.exe
  C:\Windows\System\YXvTeqY.exe
  2⤵
  PID:1792
- C:\Windows\System\zSLiIaS.exe
  C:\Windows\System\zSLiIaS.exe
  2⤵
  PID:1304
- C:\Windows\System\JIJdjrG.exe
  C:\Windows\System\JIJdjrG.exe
  2⤵
  PID:2992
- C:\Windows\System\dqIpTnD.exe
  C:\Windows\System\dqIpTnD.exe
  2⤵
  PID:2524
- C:\Windows\System\YPUssRG.exe
  C:\Windows\System\YPUssRG.exe
  2⤵
  PID:1824
- C:\Windows\System\TpfVTCE.exe
  C:\Windows\System\TpfVTCE.exe
  2⤵
  PID:1488
- C:\Windows\System\YOfOczC.exe
  C:\Windows\System\YOfOczC.exe
  2⤵
  PID:1528
- C:\Windows\System\PBbOPMT.exe
  C:\Windows\System\PBbOPMT.exe
  2⤵
  PID:308
- C:\Windows\System\chyNLJb.exe
  C:\Windows\System\chyNLJb.exe
  2⤵
  PID:2436
- C:\Windows\System\AXbNLaS.exe
  C:\Windows\System\AXbNLaS.exe
  2⤵
  PID:564
- C:\Windows\System\VMIoOJY.exe
  C:\Windows\System\VMIoOJY.exe
  2⤵
  PID:1800
- C:\Windows\System\bzVpJiz.exe
  C:\Windows\System\bzVpJiz.exe
  2⤵
  PID:1680
- C:\Windows\System\mcJLKvN.exe
  C:\Windows\System\mcJLKvN.exe
  2⤵
  PID:2388
- C:\Windows\System\iVzwfEp.exe
  C:\Windows\System\iVzwfEp.exe
  2⤵
  PID:1576
- C:\Windows\System\nuYwrHD.exe
  C:\Windows\System\nuYwrHD.exe
  2⤵
  PID:2588
- C:\Windows\System\VVIjMam.exe
  C:\Windows\System\VVIjMam.exe
  2⤵
  PID:2884
- C:\Windows\System\nUdjEiZ.exe
  C:\Windows\System\nUdjEiZ.exe
  2⤵
  PID:2856
- C:\Windows\System\LxMYHDo.exe
  C:\Windows\System\LxMYHDo.exe
  2⤵
  PID:316
- C:\Windows\System\iDADKQM.exe
  C:\Windows\System\iDADKQM.exe
  2⤵
  PID:944
- C:\Windows\System\yWaJaRL.exe
  C:\Windows\System\yWaJaRL.exe
  2⤵
  PID:2240
- C:\Windows\System\UZFFOqp.exe
  C:\Windows\System\UZFFOqp.exe
  2⤵
  PID:1952
- C:\Windows\System\zRxkwow.exe
  C:\Windows\System\zRxkwow.exe
  2⤵
  PID:1624
- C:\Windows\System\UCezIhV.exe
  C:\Windows\System\UCezIhV.exe
  2⤵
  PID:1648
- C:\Windows\System\GqDvhAT.exe
  C:\Windows\System\GqDvhAT.exe
  2⤵
  PID:1552
- C:\Windows\System\NreYkii.exe
  C:\Windows\System\NreYkii.exe
  2⤵
  PID:1908
- C:\Windows\System\lRNeIqc.exe
  C:\Windows\System\lRNeIqc.exe
  2⤵
  PID:2396
- C:\Windows\System\wlTJkEO.exe
  C:\Windows\System\wlTJkEO.exe
  2⤵
  PID:2976
- C:\Windows\System\Uiusbkt.exe
  C:\Windows\System\Uiusbkt.exe
  2⤵
  PID:1380
- C:\Windows\System\AnOzhrY.exe
  C:\Windows\System\AnOzhrY.exe
  2⤵
  PID:1044
- C:\Windows\System\sLjSixZ.exe
  C:\Windows\System\sLjSixZ.exe
  2⤵
  PID:2512
- C:\Windows\System\txUjjUS.exe
  C:\Windows\System\txUjjUS.exe
  2⤵
  PID:2832
- C:\Windows\System\fgmYWAG.exe
  C:\Windows\System\fgmYWAG.exe
  2⤵
  PID:1684
- C:\Windows\System\qjHgCdg.exe
  C:\Windows\System\qjHgCdg.exe
  2⤵
  PID:2716
- C:\Windows\System\gczLrpb.exe
  C:\Windows\System\gczLrpb.exe
  2⤵
  PID:1956
- C:\Windows\System\mqwAiUl.exe
  C:\Windows\System\mqwAiUl.exe
  2⤵
  PID:1216
- C:\Windows\System\oASoWuz.exe
  C:\Windows\System\oASoWuz.exe
  2⤵
  PID:3088
- C:\Windows\System\ytBJJFf.exe
  C:\Windows\System\ytBJJFf.exe
  2⤵
  PID:3104
- C:\Windows\System\SJNLtwt.exe
  C:\Windows\System\SJNLtwt.exe
  2⤵
  PID:3124
- C:\Windows\System\HRygUnO.exe
  C:\Windows\System\HRygUnO.exe
  2⤵
  PID:3144
- C:\Windows\System\OkQXHyP.exe
  C:\Windows\System\OkQXHyP.exe
  2⤵
  PID:3172
- C:\Windows\System\AjjjkyH.exe
  C:\Windows\System\AjjjkyH.exe
  2⤵
  PID:3192
- C:\Windows\System\FEtXPjL.exe
  C:\Windows\System\FEtXPjL.exe
  2⤵
  PID:3212
- C:\Windows\System\TvzfIbr.exe
  C:\Windows\System\TvzfIbr.exe
  2⤵
  PID:3236
- C:\Windows\System\fUKUsYp.exe
  C:\Windows\System\fUKUsYp.exe
  2⤵
  PID:3256
- C:\Windows\System\IfAVFOJ.exe
  C:\Windows\System\IfAVFOJ.exe
  2⤵
  PID:3272
- C:\Windows\System\HrFFvzR.exe
  C:\Windows\System\HrFFvzR.exe
  2⤵
  PID:3292
- C:\Windows\System\yJNZMHe.exe
  C:\Windows\System\yJNZMHe.exe
  2⤵
  PID:3312
- C:\Windows\System\kXkaNuN.exe
  C:\Windows\System\kXkaNuN.exe
  2⤵
  PID:3332
- C:\Windows\System\mOqaBrl.exe
  C:\Windows\System\mOqaBrl.exe
  2⤵
  PID:3348
- C:\Windows\System\LCYqCPF.exe
  C:\Windows\System\LCYqCPF.exe
  2⤵
  PID:3376
- C:\Windows\System\zVwZKBH.exe
  C:\Windows\System\zVwZKBH.exe
  2⤵
  PID:3392
- C:\Windows\System\mNNEHEL.exe
  C:\Windows\System\mNNEHEL.exe
  2⤵
  PID:3412
- C:\Windows\System\BIsVwTf.exe
  C:\Windows\System\BIsVwTf.exe
  2⤵
  PID:3436
- C:\Windows\System\lLTsMzs.exe
  C:\Windows\System\lLTsMzs.exe
  2⤵
  PID:3456
- C:\Windows\System\iAZXIit.exe
  C:\Windows\System\iAZXIit.exe
  2⤵
  PID:3476
- C:\Windows\System\YHaoGZL.exe
  C:\Windows\System\YHaoGZL.exe
  2⤵
  PID:3500
- C:\Windows\System\pdTBRbl.exe
  C:\Windows\System\pdTBRbl.exe
  2⤵
  PID:3516
- C:\Windows\System\ULCevjE.exe
  C:\Windows\System\ULCevjE.exe
  2⤵
  PID:3536
- C:\Windows\System\UJNJSDT.exe
  C:\Windows\System\UJNJSDT.exe
  2⤵
  PID:3556
- C:\Windows\System\MTajiGR.exe
  C:\Windows\System\MTajiGR.exe
  2⤵
  PID:3576
- C:\Windows\System\rvHrmCu.exe
  C:\Windows\System\rvHrmCu.exe
  2⤵
  PID:3592
- C:\Windows\System\plZDDYw.exe
  C:\Windows\System\plZDDYw.exe
  2⤵
  PID:3612
- C:\Windows\System\kWNEQSS.exe
  C:\Windows\System\kWNEQSS.exe
  2⤵
  PID:3628
- C:\Windows\System\RijEXrZ.exe
  C:\Windows\System\RijEXrZ.exe
  2⤵
  PID:3652
- C:\Windows\System\IWccEYm.exe
  C:\Windows\System\IWccEYm.exe
  2⤵
  PID:3688
- C:\Windows\System\kKZYTWq.exe
  C:\Windows\System\kKZYTWq.exe
  2⤵
  PID:3704
- C:\Windows\System\QVyzoKZ.exe
  C:\Windows\System\QVyzoKZ.exe
  2⤵
  PID:3728
- C:\Windows\System\AKqjdBL.exe
  C:\Windows\System\AKqjdBL.exe
  2⤵
  PID:3748
- C:\Windows\System\iYJfLtl.exe
  C:\Windows\System\iYJfLtl.exe
  2⤵
  PID:3764
- C:\Windows\System\dWJhLdN.exe
  C:\Windows\System\dWJhLdN.exe
  2⤵
  PID:3780
- C:\Windows\System\xfDKdhP.exe
  C:\Windows\System\xfDKdhP.exe
  2⤵
  PID:3796
- C:\Windows\System\KuPDsYq.exe
  C:\Windows\System\KuPDsYq.exe
  2⤵
  PID:3816
- C:\Windows\System\QMjWWHp.exe
  C:\Windows\System\QMjWWHp.exe
  2⤵
  PID:3836
- C:\Windows\System\aHWdxeX.exe
  C:\Windows\System\aHWdxeX.exe
  2⤵
  PID:3872
- C:\Windows\System\npqEHnf.exe
  C:\Windows\System\npqEHnf.exe
  2⤵
  PID:3892
- C:\Windows\System\UgPuqNi.exe
  C:\Windows\System\UgPuqNi.exe
  2⤵
  PID:3912
- C:\Windows\System\QBMOfdc.exe
  C:\Windows\System\QBMOfdc.exe
  2⤵
  PID:3928
- C:\Windows\System\dykKmXd.exe
  C:\Windows\System\dykKmXd.exe
  2⤵
  PID:3956
- C:\Windows\System\BlVDCAj.exe
  C:\Windows\System\BlVDCAj.exe
  2⤵
  PID:3972
- C:\Windows\System\zLAilog.exe
  C:\Windows\System\zLAilog.exe
  2⤵
  PID:3996
- C:\Windows\System\TLVioPN.exe
  C:\Windows\System\TLVioPN.exe
  2⤵
  PID:4012
- C:\Windows\System\vqZGJFW.exe
  C:\Windows\System\vqZGJFW.exe
  2⤵
  PID:4032
- C:\Windows\System\XyDyMGE.exe
  C:\Windows\System\XyDyMGE.exe
  2⤵
  PID:4048
- C:\Windows\System\xGkWijJ.exe
  C:\Windows\System\xGkWijJ.exe
  2⤵
  PID:4076
- C:\Windows\System\nmoDhKk.exe
  C:\Windows\System\nmoDhKk.exe
  2⤵
  PID:4092
- C:\Windows\System\KmUggEV.exe
  C:\Windows\System\KmUggEV.exe
  2⤵
  PID:1428
- C:\Windows\System\tIiIoxs.exe
  C:\Windows\System\tIiIoxs.exe
  2⤵
  PID:2312
- C:\Windows\System\iWhKNAy.exe
  C:\Windows\System\iWhKNAy.exe
  2⤵
  PID:2660
- C:\Windows\System\OAKmziV.exe
  C:\Windows\System\OAKmziV.exe
  2⤵
  PID:1204
- C:\Windows\System\YvtkVhQ.exe
  C:\Windows\System\YvtkVhQ.exe
  2⤵
  PID:3120
- C:\Windows\System\gZADLuf.exe
  C:\Windows\System\gZADLuf.exe
  2⤵
  PID:3160
- C:\Windows\System\hCDsmbt.exe
  C:\Windows\System\hCDsmbt.exe
  2⤵
  PID:3164
- C:\Windows\System\TAokhjv.exe
  C:\Windows\System\TAokhjv.exe
  2⤵
  PID:3136
- C:\Windows\System\dmCWlLh.exe
  C:\Windows\System\dmCWlLh.exe
  2⤵
  PID:3280
- C:\Windows\System\MzhHhQi.exe
  C:\Windows\System\MzhHhQi.exe
  2⤵
  PID:3328
- C:\Windows\System\hAqjVgC.exe
  C:\Windows\System\hAqjVgC.exe
  2⤵
  PID:3324
- C:\Windows\System\iukTdzT.exe
  C:\Windows\System\iukTdzT.exe
  2⤵
  PID:3268
- C:\Windows\System\OVKogfN.exe
  C:\Windows\System\OVKogfN.exe
  2⤵
  PID:3372
- C:\Windows\System\zJwuaao.exe
  C:\Windows\System\zJwuaao.exe
  2⤵
  PID:3408
- C:\Windows\System\atmjLiG.exe
  C:\Windows\System\atmjLiG.exe
  2⤵
  PID:3340
- C:\Windows\System\kPswCXY.exe
  C:\Windows\System\kPswCXY.exe
  2⤵
  PID:3384
- C:\Windows\System\IuYKirT.exe
  C:\Windows\System\IuYKirT.exe
  2⤵
  PID:3528
- C:\Windows\System\iCzEXLF.exe
  C:\Windows\System\iCzEXLF.exe
  2⤵
  PID:3608
- C:\Windows\System\swcqcSO.exe
  C:\Windows\System\swcqcSO.exe
  2⤵
  PID:3464
- C:\Windows\System\GBjYNHN.exe
  C:\Windows\System\GBjYNHN.exe
  2⤵
  PID:3552
- C:\Windows\System\TykBFuQ.exe
  C:\Windows\System\TykBFuQ.exe
  2⤵
  PID:1108
- C:\Windows\System\xIKtuGL.exe
  C:\Windows\System\xIKtuGL.exe
  2⤵
  PID:2876
- C:\Windows\System\NNEfCky.exe
  C:\Windows\System\NNEfCky.exe
  2⤵
  PID:2852
- C:\Windows\System\OjtOSXF.exe
  C:\Windows\System\OjtOSXF.exe
  2⤵
  PID:3620
- C:\Windows\System\QWJfkcE.exe
  C:\Windows\System\QWJfkcE.exe
  2⤵
  PID:3016
- C:\Windows\System\zLVlfnT.exe
  C:\Windows\System\zLVlfnT.exe
  2⤵
  PID:3672
- C:\Windows\System\jWiPUmp.exe
  C:\Windows\System\jWiPUmp.exe
  2⤵
  PID:3740
- C:\Windows\System\ptuHzFq.exe
  C:\Windows\System\ptuHzFq.exe
  2⤵
  PID:3684
- C:\Windows\System\McrISvx.exe
  C:\Windows\System\McrISvx.exe
  2⤵
  PID:2708
- C:\Windows\System\utCxXhy.exe
  C:\Windows\System\utCxXhy.exe
  2⤵
  PID:3848
- C:\Windows\System\kCNSmRB.exe
  C:\Windows\System\kCNSmRB.exe
  2⤵
  PID:2712
- C:\Windows\System\VRMqtIh.exe
  C:\Windows\System\VRMqtIh.exe
  2⤵
  PID:3824
- C:\Windows\System\sUXidrq.exe
  C:\Windows\System\sUXidrq.exe
  2⤵
  PID:3944
- C:\Windows\System\wDnzeob.exe
  C:\Windows\System\wDnzeob.exe
  2⤵
  PID:3884
- C:\Windows\System\XyLQSgu.exe
  C:\Windows\System\XyLQSgu.exe
  2⤵
  PID:3948
- C:\Windows\System\YcxgfmE.exe
  C:\Windows\System\YcxgfmE.exe
  2⤵
  PID:2812
- C:\Windows\System\uLKRMGs.exe
  C:\Windows\System\uLKRMGs.exe
  2⤵
  PID:3964
- C:\Windows\System\hgPNOKt.exe
  C:\Windows\System\hgPNOKt.exe
  2⤵
  PID:3984
- C:\Windows\System\JGDBCOv.exe
  C:\Windows\System\JGDBCOv.exe
  2⤵
  PID:4028
- C:\Windows\System\iypRmCt.exe
  C:\Windows\System\iypRmCt.exe
  2⤵
  PID:4064
- C:\Windows\System\oqTWRJk.exe
  C:\Windows\System\oqTWRJk.exe
  2⤵
  PID:3008
- C:\Windows\System\RnPWmqO.exe
  C:\Windows\System\RnPWmqO.exe
  2⤵
  PID:3076
- C:\Windows\System\AjQCUdI.exe
  C:\Windows\System\AjQCUdI.exe
  2⤵
  PID:3112
- C:\Windows\System\NehhZHb.exe
  C:\Windows\System\NehhZHb.exe
  2⤵
  PID:3096
- C:\Windows\System\LTmEaCK.exe
  C:\Windows\System\LTmEaCK.exe
  2⤵
  PID:2788
- C:\Windows\System\beIGzHj.exe
  C:\Windows\System\beIGzHj.exe
  2⤵
  PID:3132
- C:\Windows\System\oZwCIUd.exe
  C:\Windows\System\oZwCIUd.exe
  2⤵
  PID:2760
- C:\Windows\System\hmxgeVt.exe
  C:\Windows\System\hmxgeVt.exe
  2⤵
  PID:1256
- C:\Windows\System\PeEiFRh.exe
  C:\Windows\System\PeEiFRh.exe
  2⤵
  PID:3360
- C:\Windows\System\dSOSevQ.exe
  C:\Windows\System\dSOSevQ.exe
  2⤵
  PID:3492
- C:\Windows\System\QlvfYMv.exe
  C:\Windows\System\QlvfYMv.exe
  2⤵
  PID:3420
- C:\Windows\System\DTCtGTS.exe
  C:\Windows\System\DTCtGTS.exe
  2⤵
  PID:3992
- C:\Windows\System\bbdNHVc.exe
  C:\Windows\System\bbdNHVc.exe
  2⤵
  PID:3320
- C:\Windows\System\dhtwOQt.exe
  C:\Windows\System\dhtwOQt.exe
  2⤵
  PID:3304
- C:\Windows\System\KlavxGg.exe
  C:\Windows\System\KlavxGg.exe
  2⤵
  PID:3264
- C:\Windows\System\dpJkdKp.exe
  C:\Windows\System\dpJkdKp.exe
  2⤵
  PID:2604
- C:\Windows\System\oyzYWvX.exe
  C:\Windows\System\oyzYWvX.exe
  2⤵
  PID:1880
- C:\Windows\System\RSpMldF.exe
  C:\Windows\System\RSpMldF.exe
  2⤵
  PID:376
- C:\Windows\System\EIIbzeH.exe
  C:\Windows\System\EIIbzeH.exe
  2⤵
  PID:2952
- C:\Windows\System\KFulCCD.exe
  C:\Windows\System\KFulCCD.exe
  2⤵
  PID:3716
- C:\Windows\System\SFSfyrl.exe
  C:\Windows\System\SFSfyrl.exe
  2⤵
  PID:3668
- C:\Windows\System\kAnejEj.exe
  C:\Windows\System\kAnejEj.exe
  2⤵
  PID:1604
- C:\Windows\System\ddegAGC.exe
  C:\Windows\System\ddegAGC.exe
  2⤵
  PID:1932
- C:\Windows\System\QUFvQyJ.exe
  C:\Windows\System\QUFvQyJ.exe
  2⤵
  PID:4020
- C:\Windows\System\RMNNadh.exe
  C:\Windows\System\RMNNadh.exe
  2⤵
  PID:4072
- C:\Windows\System\gghcPdc.exe
  C:\Windows\System\gghcPdc.exe
  2⤵
  PID:3868
- C:\Windows\System\kjdDtXV.exe
  C:\Windows\System\kjdDtXV.exe
  2⤵
  PID:3788
- C:\Windows\System\ElmGcgS.exe
  C:\Windows\System\ElmGcgS.exe
  2⤵
  PID:2780
- C:\Windows\System\qutJzvx.exe
  C:\Windows\System\qutJzvx.exe
  2⤵
  PID:3980
- C:\Windows\System\Jwnxjqb.exe
  C:\Windows\System\Jwnxjqb.exe
  2⤵
  PID:3880
- C:\Windows\System\CBycvHl.exe
  C:\Windows\System\CBycvHl.exe
  2⤵
  PID:2416
- C:\Windows\System\sSOjmnq.exe
  C:\Windows\System\sSOjmnq.exe
  2⤵
  PID:3496
- C:\Windows\System\KgHtOKI.exe
  C:\Windows\System\KgHtOKI.exe
  2⤵
  PID:1244
- C:\Windows\System\ACWSvMb.exe
  C:\Windows\System\ACWSvMb.exe
  2⤵
  PID:3184
- C:\Windows\System\BmpVpsX.exe
  C:\Windows\System\BmpVpsX.exe
  2⤵
  PID:3224
- C:\Windows\System\DRyGvIp.exe
  C:\Windows\System\DRyGvIp.exe
  2⤵
  PID:3356
- C:\Windows\System\qfMbelJ.exe
  C:\Windows\System\qfMbelJ.exe
  2⤵
  PID:3572
- C:\Windows\System\sfptkNe.exe
  C:\Windows\System\sfptkNe.exe
  2⤵
  PID:796
- C:\Windows\System\bCrWKAk.exe
  C:\Windows\System\bCrWKAk.exe
  2⤵
  PID:3700
- C:\Windows\System\hSpEDsX.exe
  C:\Windows\System\hSpEDsX.exe
  2⤵
  PID:2972
- C:\Windows\System\CaUJyUB.exe
  C:\Windows\System\CaUJyUB.exe
  2⤵
  PID:3308
- C:\Windows\System\neUbqPh.exe
  C:\Windows\System\neUbqPh.exe
  2⤵
  PID:3832
- C:\Windows\System\QGjTReD.exe
  C:\Windows\System\QGjTReD.exe
  2⤵
  PID:2400
- C:\Windows\System\btcTJZt.exe
  C:\Windows\System\btcTJZt.exe
  2⤵
  PID:3904
- C:\Windows\System\byqOHuC.exe
  C:\Windows\System\byqOHuC.exe
  2⤵
  PID:836
- C:\Windows\System\LgqYmED.exe
  C:\Windows\System\LgqYmED.exe
  2⤵
  PID:3852
- C:\Windows\System\zpnXKBe.exe
  C:\Windows\System\zpnXKBe.exe
  2⤵
  PID:3860
- C:\Windows\System\SyGJcwG.exe
  C:\Windows\System\SyGJcwG.exe
  2⤵
  PID:2172
- C:\Windows\System\RwiaQYm.exe
  C:\Windows\System\RwiaQYm.exe
  2⤵
  PID:1564
- C:\Windows\System\qPpIecq.exe
  C:\Windows\System\qPpIecq.exe
  2⤵
  PID:3200
- C:\Windows\System\xkCsctf.exe
  C:\Windows\System\xkCsctf.exe
  2⤵
  PID:3532
- C:\Windows\System\ZPMEuVy.exe
  C:\Windows\System\ZPMEuVy.exe
  2⤵
  PID:3508
- C:\Windows\System\ocxsymn.exe
  C:\Windows\System\ocxsymn.exe
  2⤵
  PID:4084
- C:\Windows\System\BehBFTl.exe
  C:\Windows\System\BehBFTl.exe
  2⤵
  PID:3208
- C:\Windows\System\iLDNkXi.exe
  C:\Windows\System\iLDNkXi.exe
  2⤵
  PID:2292
- C:\Windows\System\nEYWrKU.exe
  C:\Windows\System\nEYWrKU.exe
  2⤵
  PID:3432
- C:\Windows\System\ztkKPGo.exe
  C:\Windows\System\ztkKPGo.exe
  2⤵
  PID:288
- C:\Windows\System\YggnXtF.exe
  C:\Windows\System\YggnXtF.exe
  2⤵
  PID:2840
- C:\Windows\System\kibribW.exe
  C:\Windows\System\kibribW.exe
  2⤵
  PID:4044
- C:\Windows\System\ADBIkjV.exe
  C:\Windows\System\ADBIkjV.exe
  2⤵
  PID:3152
- C:\Windows\System\apBotwG.exe
  C:\Windows\System\apBotwG.exe
  2⤵
  PID:3084
- C:\Windows\System\OnCdArX.exe
  C:\Windows\System\OnCdArX.exe
  2⤵
  PID:3756
- C:\Windows\System\CGWvkDF.exe
  C:\Windows\System\CGWvkDF.exe
  2⤵
  PID:3644
- C:\Windows\System\mrPGfCS.exe
  C:\Windows\System\mrPGfCS.exe
  2⤵
  PID:3248
- C:\Windows\System\AWPutiH.exe
  C:\Windows\System\AWPutiH.exe
  2⤵
  PID:2800
- C:\Windows\System\FlDuUlo.exe
  C:\Windows\System\FlDuUlo.exe
  2⤵
  PID:4024
- C:\Windows\System\hxFPaLc.exe
  C:\Windows\System\hxFPaLc.exe
  2⤵
  PID:2296
- C:\Windows\System\GJoGsBn.exe
  C:\Windows\System\GJoGsBn.exe
  2⤵
  PID:1768
- C:\Windows\System\gONfihA.exe
  C:\Windows\System\gONfihA.exe
  2⤵
  PID:2608
- C:\Windows\System\iGLdEhg.exe
  C:\Windows\System\iGLdEhg.exe
  2⤵
  PID:3428
- C:\Windows\System\QgMimpL.exe
  C:\Windows\System\QgMimpL.exe
  2⤵
  PID:2988
- C:\Windows\System\fLQsygi.exe
  C:\Windows\System\fLQsygi.exe
  2⤵
  PID:3804
- C:\Windows\System\deIbtTk.exe
  C:\Windows\System\deIbtTk.exe
  2⤵
  PID:2912
- C:\Windows\System\vWxUnEz.exe
  C:\Windows\System\vWxUnEz.exe
  2⤵
  PID:3776
- C:\Windows\System\LiJSNcI.exe
  C:\Windows\System\LiJSNcI.exe
  2⤵
  PID:1280
- C:\Windows\System\fKtsdku.exe
  C:\Windows\System\fKtsdku.exe
  2⤵
  PID:3284
- C:\Windows\System\qSCnKEH.exe
  C:\Windows\System\qSCnKEH.exe
  2⤵
  PID:2104
- C:\Windows\System\jdJhzCO.exe
  C:\Windows\System\jdJhzCO.exe
  2⤵
  PID:4108
- C:\Windows\System\cduiCZi.exe
  C:\Windows\System\cduiCZi.exe
  2⤵
  PID:4124
- C:\Windows\System\sqlNmOm.exe
  C:\Windows\System\sqlNmOm.exe
  2⤵
  PID:4160
- C:\Windows\System\IHXEpmZ.exe
  C:\Windows\System\IHXEpmZ.exe
  2⤵
  PID:4176
- C:\Windows\System\LBMNYRo.exe
  C:\Windows\System\LBMNYRo.exe
  2⤵
  PID:4196
- C:\Windows\System\fmeawkX.exe
  C:\Windows\System\fmeawkX.exe
  2⤵
  PID:4220
- C:\Windows\System\iDMMaeh.exe
  C:\Windows\System\iDMMaeh.exe
  2⤵
  PID:4240
- C:\Windows\System\nVFrIZJ.exe
  C:\Windows\System\nVFrIZJ.exe
  2⤵
  PID:4256
- C:\Windows\System\JWNbhtZ.exe
  C:\Windows\System\JWNbhtZ.exe
  2⤵
  PID:4272
- C:\Windows\System\FUyDhIb.exe
  C:\Windows\System\FUyDhIb.exe
  2⤵
  PID:4288
- C:\Windows\System\frWyMFW.exe
  C:\Windows\System\frWyMFW.exe
  2⤵
  PID:4304
- C:\Windows\System\YJarBVL.exe
  C:\Windows\System\YJarBVL.exe
  2⤵
  PID:4328
- C:\Windows\System\denDWEy.exe
  C:\Windows\System\denDWEy.exe
  2⤵
  PID:4352
- C:\Windows\System\nyULRda.exe
  C:\Windows\System\nyULRda.exe
  2⤵
  PID:4372
- C:\Windows\System\tmMOnbL.exe
  C:\Windows\System\tmMOnbL.exe
  2⤵
  PID:4396
- C:\Windows\System\JLXtYZP.exe
  C:\Windows\System\JLXtYZP.exe
  2⤵
  PID:4412
- C:\Windows\System\GueUaIu.exe
  C:\Windows\System\GueUaIu.exe
  2⤵
  PID:4428
- C:\Windows\System\LYVoWlR.exe
  C:\Windows\System\LYVoWlR.exe
  2⤵
  PID:4460
- C:\Windows\System\LdHGObn.exe
  C:\Windows\System\LdHGObn.exe
  2⤵
  PID:4480
- C:\Windows\System\UaVmWWv.exe
  C:\Windows\System\UaVmWWv.exe
  2⤵
  PID:4496
- C:\Windows\System\bUCgNfh.exe
  C:\Windows\System\bUCgNfh.exe
  2⤵
  PID:4520
- C:\Windows\System\kdnhIfq.exe
  C:\Windows\System\kdnhIfq.exe
  2⤵
  PID:4536
- C:\Windows\System\skyWPSD.exe
  C:\Windows\System\skyWPSD.exe
  2⤵
  PID:4556
- C:\Windows\System\smhKbKd.exe
  C:\Windows\System\smhKbKd.exe
  2⤵
  PID:4572
- C:\Windows\System\elnNAiC.exe
  C:\Windows\System\elnNAiC.exe
  2⤵
  PID:4592
- C:\Windows\System\VvyiCUR.exe
  C:\Windows\System\VvyiCUR.exe
  2⤵
  PID:4608
- C:\Windows\System\EzuQVyP.exe
  C:\Windows\System\EzuQVyP.exe
  2⤵
  PID:4624
- C:\Windows\System\YGtZfnh.exe
  C:\Windows\System\YGtZfnh.exe
  2⤵
  PID:4640
- C:\Windows\System\tDUUWGf.exe
  C:\Windows\System\tDUUWGf.exe
  2⤵
  PID:4656
- C:\Windows\System\DNVrGeV.exe
  C:\Windows\System\DNVrGeV.exe
  2⤵
  PID:4672
- C:\Windows\System\tOaCnlJ.exe
  C:\Windows\System\tOaCnlJ.exe
  2⤵
  PID:4720
- C:\Windows\System\QTTRaty.exe
  C:\Windows\System\QTTRaty.exe
  2⤵
  PID:4744
- C:\Windows\System\ZnKLxSy.exe
  C:\Windows\System\ZnKLxSy.exe
  2⤵
  PID:4760
- C:\Windows\System\KRogdwZ.exe
  C:\Windows\System\KRogdwZ.exe
  2⤵
  PID:4776
- C:\Windows\System\ouOTJto.exe
  C:\Windows\System\ouOTJto.exe
  2⤵
  PID:4796
- C:\Windows\System\DClhmJD.exe
  C:\Windows\System\DClhmJD.exe
  2⤵
  PID:4812
- C:\Windows\System\QFXOZod.exe
  C:\Windows\System\QFXOZod.exe
  2⤵
  PID:4828
- C:\Windows\System\Nzerkxq.exe
  C:\Windows\System\Nzerkxq.exe
  2⤵
  PID:4860
- C:\Windows\System\FwaaTml.exe
  C:\Windows\System\FwaaTml.exe
  2⤵
  PID:4876
- C:\Windows\System\OBaDViK.exe
  C:\Windows\System\OBaDViK.exe
  2⤵
  PID:4892
- C:\Windows\System\MJpaeSi.exe
  C:\Windows\System\MJpaeSi.exe
  2⤵
  PID:4908
- C:\Windows\System\YkBELzS.exe
  C:\Windows\System\YkBELzS.exe
  2⤵
  PID:4928
- C:\Windows\System\QgmoQfM.exe
  C:\Windows\System\QgmoQfM.exe
  2⤵
  PID:4944
- C:\Windows\System\POCNEGI.exe
  C:\Windows\System\POCNEGI.exe
  2⤵
  PID:4964
- C:\Windows\System\SSjpMeN.exe
  C:\Windows\System\SSjpMeN.exe
  2⤵
  PID:4984
- C:\Windows\System\vgGMORH.exe
  C:\Windows\System\vgGMORH.exe
  2⤵
  PID:5000
- C:\Windows\System\YeVseld.exe
  C:\Windows\System\YeVseld.exe
  2⤵
  PID:5020
- C:\Windows\System\JgftHaY.exe
  C:\Windows\System\JgftHaY.exe
  2⤵
  PID:5060
- C:\Windows\System\HGKOztA.exe
  C:\Windows\System\HGKOztA.exe
  2⤵
  PID:5080
- C:\Windows\System\XlGaMdd.exe
  C:\Windows\System\XlGaMdd.exe
  2⤵
  PID:5096
- C:\Windows\System\gJkqwZn.exe
  C:\Windows\System\gJkqwZn.exe
  2⤵
  PID:5112
- C:\Windows\System\DajbTOd.exe
  C:\Windows\System\DajbTOd.exe
  2⤵
  PID:4116
- C:\Windows\System\fVKJmIf.exe
  C:\Windows\System\fVKJmIf.exe
  2⤵
  PID:4132
- C:\Windows\System\tigPIAd.exe
  C:\Windows\System\tigPIAd.exe
  2⤵
  PID:4144
- C:\Windows\System\jTkoNzO.exe
  C:\Windows\System\jTkoNzO.exe
  2⤵
  PID:4140
- C:\Windows\System\nbUEiVT.exe
  C:\Windows\System\nbUEiVT.exe
  2⤵
  PID:4188
- C:\Windows\System\uNApkMh.exe
  C:\Windows\System\uNApkMh.exe
  2⤵
  PID:4212
- C:\Windows\System\UPxGOoo.exe
  C:\Windows\System\UPxGOoo.exe
  2⤵
  PID:4284
- C:\Windows\System\nQaPdoc.exe
  C:\Windows\System\nQaPdoc.exe
  2⤵
  PID:3660
- C:\Windows\System\LeeJjzy.exe
  C:\Windows\System\LeeJjzy.exe
  2⤵
  PID:4368
- C:\Windows\System\XcjdZlQ.exe
  C:\Windows\System\XcjdZlQ.exe
  2⤵
  PID:4408
- C:\Windows\System\EUPLyLK.exe
  C:\Windows\System\EUPLyLK.exe
  2⤵
  PID:4424
- C:\Windows\System\LsOnymK.exe
  C:\Windows\System\LsOnymK.exe
  2⤵
  PID:4300
- C:\Windows\System\fOfUcTr.exe
  C:\Windows\System\fOfUcTr.exe
  2⤵
  PID:4384
- C:\Windows\System\NMqqnGL.exe
  C:\Windows\System\NMqqnGL.exe
  2⤵
  PID:4476
- C:\Windows\System\PBTlWNa.exe
  C:\Windows\System\PBTlWNa.exe
  2⤵
  PID:4568
- C:\Windows\System\ZhkAwjl.exe
  C:\Windows\System\ZhkAwjl.exe
  2⤵
  PID:4544
- C:\Windows\System\reYrWWe.exe
  C:\Windows\System\reYrWWe.exe
  2⤵
  PID:4668
- C:\Windows\System\XmObkFg.exe
  C:\Windows\System\XmObkFg.exe
  2⤵
  PID:4688
- C:\Windows\System\UyLRKNA.exe
  C:\Windows\System\UyLRKNA.exe
  2⤵
  PID:4584
- C:\Windows\System\qsnphdS.exe
  C:\Windows\System\qsnphdS.exe
  2⤵
  PID:4652
- C:\Windows\System\GnwJmqa.exe
  C:\Windows\System\GnwJmqa.exe
  2⤵
  PID:4696
- C:\Windows\System\eccAhzK.exe
  C:\Windows\System\eccAhzK.exe
  2⤵
  PID:4740
- C:\Windows\System\pqbuLTb.exe
  C:\Windows\System\pqbuLTb.exe
  2⤵
  PID:4808
- C:\Windows\System\xkyzDEt.exe
  C:\Windows\System\xkyzDEt.exe
  2⤵
  PID:4792
- C:\Windows\System\DxVpjht.exe
  C:\Windows\System\DxVpjht.exe
  2⤵
  PID:4856
- C:\Windows\System\gRcMOrs.exe
  C:\Windows\System\gRcMOrs.exe
  2⤵
  PID:4916
- C:\Windows\System\ZjzidPX.exe
  C:\Windows\System\ZjzidPX.exe
  2⤵
  PID:3252
- C:\Windows\System\XynzlIP.exe
  C:\Windows\System\XynzlIP.exe
  2⤵
  PID:4872
- C:\Windows\System\qJAnuzW.exe
  C:\Windows\System\qJAnuzW.exe
  2⤵
  PID:4940
- C:\Windows\System\zRLoTjo.exe
  C:\Windows\System\zRLoTjo.exe
  2⤵
  PID:4996
- C:\Windows\System\FXFprYH.exe
  C:\Windows\System\FXFprYH.exe
  2⤵
  PID:5016
- C:\Windows\System\hygDzOF.exe
  C:\Windows\System\hygDzOF.exe
  2⤵
  PID:1088
- C:\Windows\System\eIkvfZY.exe
  C:\Windows\System\eIkvfZY.exe
  2⤵
  PID:4172
- C:\Windows\System\YudZjFk.exe
  C:\Windows\System\YudZjFk.exe
  2⤵
  PID:4280
- C:\Windows\System\MGssIyJ.exe
  C:\Windows\System\MGssIyJ.exe
  2⤵
  PID:4296
- C:\Windows\System\RSmShhc.exe
  C:\Windows\System\RSmShhc.exe
  2⤵
  PID:4320
- C:\Windows\System\ZISjpjf.exe
  C:\Windows\System\ZISjpjf.exe
  2⤵
  PID:4228
- C:\Windows\System\TjOZaQu.exe
  C:\Windows\System\TjOZaQu.exe
  2⤵
  PID:528
- C:\Windows\System\HQpGOBi.exe
  C:\Windows\System\HQpGOBi.exe
  2⤵
  PID:4420
- C:\Windows\System\RKaKmWw.exe
  C:\Windows\System\RKaKmWw.exe
  2⤵
  PID:4344
- C:\Windows\System\adrJmTJ.exe
  C:\Windows\System\adrJmTJ.exe
  2⤵
  PID:4532
- C:\Windows\System\CiUoNVm.exe
  C:\Windows\System\CiUoNVm.exe
  2⤵
  PID:624
- C:\Windows\System\bKbZbNk.exe
  C:\Windows\System\bKbZbNk.exe
  2⤵
  PID:4444
- C:\Windows\System\fGtuzDc.exe
  C:\Windows\System\fGtuzDc.exe
  2⤵
  PID:4700
- C:\Windows\System\winzQkO.exe
  C:\Windows\System\winzQkO.exe
  2⤵
  PID:4848
- C:\Windows\System\fTYKhXU.exe
  C:\Windows\System\fTYKhXU.exe
  2⤵
  PID:4616
- C:\Windows\System\kguRxBn.exe
  C:\Windows\System\kguRxBn.exe
  2⤵
  PID:4960
- C:\Windows\System\YvJoHpf.exe
  C:\Windows\System\YvJoHpf.exe
  2⤵
  PID:5012
- C:\Windows\System\ZUweZoQ.exe
  C:\Windows\System\ZUweZoQ.exe
  2⤵
  PID:4680
- C:\Windows\System\HsxecHq.exe
  C:\Windows\System\HsxecHq.exe
  2⤵
  PID:4820
- C:\Windows\System\PnxUobC.exe
  C:\Windows\System\PnxUobC.exe
  2⤵
  PID:4684
- C:\Windows\System\paSdnlc.exe
  C:\Windows\System\paSdnlc.exe
  2⤵
  PID:4120
- C:\Windows\System\ObPkBRq.exe
  C:\Windows\System\ObPkBRq.exe
  2⤵
  PID:1364
- C:\Windows\System\IJyQdTD.exe
  C:\Windows\System\IJyQdTD.exe
  2⤵
  PID:4664
- C:\Windows\System\GQpjJlB.exe
  C:\Windows\System\GQpjJlB.exe
  2⤵
  PID:4632
- C:\Windows\System\eGcAKEN.exe
  C:\Windows\System\eGcAKEN.exe
  2⤵
  PID:5068
- C:\Windows\System\OKuyDDv.exe
  C:\Windows\System\OKuyDDv.exe
  2⤵
  PID:4348
- C:\Windows\System\vvWxyLu.exe
  C:\Windows\System\vvWxyLu.exe
  2⤵
  PID:5056
- C:\Windows\System\ELAUynK.exe
  C:\Windows\System\ELAUynK.exe
  2⤵
  PID:4252
- C:\Windows\System\wgWZfVh.exe
  C:\Windows\System\wgWZfVh.exe
  2⤵
  PID:4636
- C:\Windows\System\lqIwFQM.exe
  C:\Windows\System\lqIwFQM.exe
  2⤵
  PID:4804
- C:\Windows\System\osIARNM.exe
  C:\Windows\System\osIARNM.exe
  2⤵
  PID:4732
- C:\Windows\System\wLjWGBN.exe
  C:\Windows\System\wLjWGBN.exe
  2⤵
  PID:4784
- C:\Windows\System\ppDQEMe.exe
  C:\Windows\System\ppDQEMe.exe
  2⤵
  PID:4316
- C:\Windows\System\HxRVkDC.exe
  C:\Windows\System\HxRVkDC.exe
  2⤵
  PID:4528
- C:\Windows\System\XnpTRDq.exe
  C:\Windows\System\XnpTRDq.exe
  2⤵
  PID:4268
- C:\Windows\System\yArpetz.exe
  C:\Windows\System\yArpetz.exe
  2⤵
  PID:5128
- C:\Windows\System\QNgzgIc.exe
  C:\Windows\System\QNgzgIc.exe
  2⤵
  PID:5152
- C:\Windows\System\NxOVmbP.exe
  C:\Windows\System\NxOVmbP.exe
  2⤵
  PID:5168
- C:\Windows\System\xRlyRyc.exe
  C:\Windows\System\xRlyRyc.exe
  2⤵
  PID:5192
- C:\Windows\System\ExKvcEc.exe
  C:\Windows\System\ExKvcEc.exe
  2⤵
  PID:5220
- C:\Windows\System\FosoxGg.exe
  C:\Windows\System\FosoxGg.exe
  2⤵
  PID:5240
- C:\Windows\System\xpsYMYP.exe
  C:\Windows\System\xpsYMYP.exe
  2⤵
  PID:5256
- C:\Windows\System\kQLMSyJ.exe
  C:\Windows\System\kQLMSyJ.exe
  2⤵
  PID:5284
- C:\Windows\System\IgQTfOK.exe
  C:\Windows\System\IgQTfOK.exe
  2⤵
  PID:5300
- C:\Windows\System\aOgrVHg.exe
  C:\Windows\System\aOgrVHg.exe
  2⤵
  PID:5348
- C:\Windows\System\avDDvyE.exe
  C:\Windows\System\avDDvyE.exe
  2⤵
  PID:5364
- C:\Windows\System\fHNoYvX.exe
  C:\Windows\System\fHNoYvX.exe
  2⤵
  PID:5380
- C:\Windows\System\FktMAae.exe
  C:\Windows\System\FktMAae.exe
  2⤵
  PID:5396
- C:\Windows\System\UBbSifJ.exe
  C:\Windows\System\UBbSifJ.exe
  2⤵
  PID:5420
- C:\Windows\System\jGSsxPl.exe
  C:\Windows\System\jGSsxPl.exe
  2⤵
  PID:5436
- C:\Windows\System\SsQBXEl.exe
  C:\Windows\System\SsQBXEl.exe
  2⤵
  PID:5452
- C:\Windows\System\HTQdgJP.exe
  C:\Windows\System\HTQdgJP.exe
  2⤵
  PID:5468
- C:\Windows\System\eVjqJcm.exe
  C:\Windows\System\eVjqJcm.exe
  2⤵
  PID:5488
- C:\Windows\System\TKqiIGU.exe
  C:\Windows\System\TKqiIGU.exe
  2⤵
  PID:5516
- C:\Windows\System\IFUajfm.exe
  C:\Windows\System\IFUajfm.exe
  2⤵
  PID:5536
- C:\Windows\System\lIhGwvR.exe
  C:\Windows\System\lIhGwvR.exe
  2⤵
  PID:5552
- C:\Windows\System\kHmLHTc.exe
  C:\Windows\System\kHmLHTc.exe
  2⤵
  PID:5568
- C:\Windows\System\DeFInUm.exe
  C:\Windows\System\DeFInUm.exe
  2⤵
  PID:5584
- C:\Windows\System\iulkVGY.exe
  C:\Windows\System\iulkVGY.exe
  2⤵
  PID:5628
- C:\Windows\System\ZJhoBNO.exe
  C:\Windows\System\ZJhoBNO.exe
  2⤵
  PID:5644
- C:\Windows\System\BqPkgPz.exe
  C:\Windows\System\BqPkgPz.exe
  2⤵
  PID:5660
- C:\Windows\System\CJhQjkK.exe
  C:\Windows\System\CJhQjkK.exe
  2⤵
  PID:5676
- C:\Windows\System\wDNgOTy.exe
  C:\Windows\System\wDNgOTy.exe
  2⤵
  PID:5692
- C:\Windows\System\Shrzqlc.exe
  C:\Windows\System\Shrzqlc.exe
  2⤵
  PID:5708
- C:\Windows\System\cNXGwtE.exe
  C:\Windows\System\cNXGwtE.exe
  2⤵
  PID:5724
- C:\Windows\System\vqZkehl.exe
  C:\Windows\System\vqZkehl.exe
  2⤵
  PID:5740
- C:\Windows\System\vjTEWwJ.exe
  C:\Windows\System\vjTEWwJ.exe
  2⤵
  PID:5756
- C:\Windows\System\TBFNQlG.exe
  C:\Windows\System\TBFNQlG.exe
  2⤵
  PID:5772
- C:\Windows\System\SYPTBPD.exe
  C:\Windows\System\SYPTBPD.exe
  2⤵
  PID:5796
- C:\Windows\System\rjmmnQN.exe
  C:\Windows\System\rjmmnQN.exe
  2⤵
  PID:5820
- C:\Windows\System\wwamvhp.exe
  C:\Windows\System\wwamvhp.exe
  2⤵
  PID:5840
- C:\Windows\System\BQtHXwJ.exe
  C:\Windows\System\BQtHXwJ.exe
  2⤵
  PID:5868
- C:\Windows\System\wSZGUTp.exe
  C:\Windows\System\wSZGUTp.exe
  2⤵
  PID:5884
- C:\Windows\System\htGKots.exe
  C:\Windows\System\htGKots.exe
  2⤵
  PID:5924
- C:\Windows\System\ZSSPdAh.exe
  C:\Windows\System\ZSSPdAh.exe
  2⤵
  PID:5940
- C:\Windows\System\ChfvMUE.exe
  C:\Windows\System\ChfvMUE.exe
  2⤵
  PID:5956
- C:\Windows\System\JKmbBii.exe
  C:\Windows\System\JKmbBii.exe
  2⤵
  PID:5992
- C:\Windows\System\GCyPDCs.exe
  C:\Windows\System\GCyPDCs.exe
  2⤵
  PID:6008
- C:\Windows\System\hdXrjBW.exe
  C:\Windows\System\hdXrjBW.exe
  2⤵
  PID:6024
- C:\Windows\System\KAVzMYs.exe
  C:\Windows\System\KAVzMYs.exe
  2⤵
  PID:6040
- C:\Windows\System\iWDLhgb.exe
  C:\Windows\System\iWDLhgb.exe
  2⤵
  PID:6056
- C:\Windows\System\OdZCQIv.exe
  C:\Windows\System\OdZCQIv.exe
  2⤵
  PID:6072
- C:\Windows\System\FFGkcrz.exe
  C:\Windows\System\FFGkcrz.exe
  2⤵
  PID:6088
- C:\Windows\System\HpfgcyD.exe
  C:\Windows\System\HpfgcyD.exe
  2⤵
  PID:6104
- C:\Windows\System\NzfIgOZ.exe
  C:\Windows\System\NzfIgOZ.exe
  2⤵
  PID:6124
- C:\Windows\System\MQidVbG.exe
  C:\Windows\System\MQidVbG.exe
  2⤵
  PID:4956
- C:\Windows\System\rwBuuGj.exe
  C:\Windows\System\rwBuuGj.exe
  2⤵
  PID:5124
- C:\Windows\System\wsSMAdT.exe
  C:\Windows\System\wsSMAdT.exe
  2⤵
  PID:5204
- C:\Windows\System\beQPjcb.exe
  C:\Windows\System\beQPjcb.exe
  2⤵
  PID:5212
- C:\Windows\System\iDqDcLe.exe
  C:\Windows\System\iDqDcLe.exe
  2⤵
  PID:5248
- C:\Windows\System\ZgoZswd.exe
  C:\Windows\System\ZgoZswd.exe
  2⤵
  PID:5176
- C:\Windows\System\zchnuhp.exe
  C:\Windows\System\zchnuhp.exe
  2⤵
  PID:5108
- C:\Windows\System\zVRvlDI.exe
  C:\Windows\System\zVRvlDI.exe
  2⤵
  PID:4472
- C:\Windows\System\YQwfmBB.exe
  C:\Windows\System\YQwfmBB.exe
  2⤵
  PID:5272
- C:\Windows\System\pJKnFWb.exe
  C:\Windows\System\pJKnFWb.exe
  2⤵
  PID:4580
- C:\Windows\System\CtdymTY.exe
  C:\Windows\System\CtdymTY.exe
  2⤵
  PID:5032
- C:\Windows\System\POSlVrh.exe
  C:\Windows\System\POSlVrh.exe
  2⤵
  PID:5360
- C:\Windows\System\jtMiSOm.exe
  C:\Windows\System\jtMiSOm.exe
  2⤵
  PID:4736
- C:\Windows\System\RiLzLRH.exe
  C:\Windows\System\RiLzLRH.exe
  2⤵
  PID:5268
- C:\Windows\System\KzViEdq.exe
  C:\Windows\System\KzViEdq.exe
  2⤵
  PID:5432
- C:\Windows\System\hDCrtCy.exe
  C:\Windows\System\hDCrtCy.exe
  2⤵
  PID:5404
- C:\Windows\System\YxwbWio.exe
  C:\Windows\System\YxwbWio.exe
  2⤵
  PID:5408
- C:\Windows\System\hUADclX.exe
  C:\Windows\System\hUADclX.exe
  2⤵
  PID:5512
- C:\Windows\System\EzRYBWX.exe
  C:\Windows\System\EzRYBWX.exe
  2⤵
  PID:5372
- C:\Windows\System\lhEwIVQ.exe
  C:\Windows\System\lhEwIVQ.exe
  2⤵
  PID:5524
- C:\Windows\System\QIADCKn.exe
  C:\Windows\System\QIADCKn.exe
  2⤵
  PID:5612
- C:\Windows\System\pFbSkKL.exe
  C:\Windows\System\pFbSkKL.exe
  2⤵
  PID:5624
- C:\Windows\System\KSsVtNT.exe
  C:\Windows\System\KSsVtNT.exe
  2⤵
  PID:5576
- C:\Windows\System\icjUqNy.exe
  C:\Windows\System\icjUqNy.exe
  2⤵
  PID:5672
- C:\Windows\System\fWyJWEK.exe
  C:\Windows\System\fWyJWEK.exe
  2⤵
  PID:5736
- C:\Windows\System\higjkGN.exe
  C:\Windows\System\higjkGN.exe
  2⤵
  PID:5808
- C:\Windows\System\IjwdztV.exe
  C:\Windows\System\IjwdztV.exe
  2⤵
  PID:5788
- C:\Windows\System\VHdGciO.exe
  C:\Windows\System\VHdGciO.exe
  2⤵
  PID:5656
- C:\Windows\System\LhJlGak.exe
  C:\Windows\System\LhJlGak.exe
  2⤵
  PID:5688
- C:\Windows\System\PXoVSnw.exe
  C:\Windows\System\PXoVSnw.exe
  2⤵
  PID:5856
- C:\Windows\System\YSDFWSi.exe
  C:\Windows\System\YSDFWSi.exe
  2⤵
  PID:5900
- C:\Windows\System\vyAzIqd.exe
  C:\Windows\System\vyAzIqd.exe
  2⤵
  PID:5920
- C:\Windows\System\CcvFyzM.exe
  C:\Windows\System\CcvFyzM.exe
  2⤵
  PID:5832
- C:\Windows\System\Jydgvwd.exe
  C:\Windows\System\Jydgvwd.exe
  2⤵
  PID:5976
- C:\Windows\System\VaNfLNz.exe
  C:\Windows\System\VaNfLNz.exe
  2⤵
  PID:5968
- C:\Windows\System\ujECHpV.exe
  C:\Windows\System\ujECHpV.exe
  2⤵
  PID:4952
- C:\Windows\System\uhSHVIK.exe
  C:\Windows\System\uhSHVIK.exe
  2⤵
  PID:5200
- C:\Windows\System\BNdbtEQ.exe
  C:\Windows\System\BNdbtEQ.exe
  2⤵
  PID:4924
- C:\Windows\System\AVpcVDi.exe
  C:\Windows\System\AVpcVDi.exe
  2⤵
  PID:4404
- C:\Windows\System\LxYGGQN.exe
  C:\Windows\System\LxYGGQN.exe
  2⤵
  PID:5292
- C:\Windows\System\fXcgNBk.exe
  C:\Windows\System\fXcgNBk.exe
  2⤵
  PID:2636
- C:\Windows\System\WUPlbmO.exe
  C:\Windows\System\WUPlbmO.exe
  2⤵
  PID:4824
- C:\Windows\System\bbCdzMx.exe
  C:\Windows\System\bbCdzMx.exe
  2⤵
  PID:5104
- C:\Windows\System\yZVAZno.exe
  C:\Windows\System\yZVAZno.exe
  2⤵
  PID:5312
- C:\Windows\System\lrGPAKx.exe
  C:\Windows\System\lrGPAKx.exe
  2⤵
  PID:5320
- C:\Windows\System\IRsZUmy.exe
  C:\Windows\System\IRsZUmy.exe
  2⤵
  PID:1420
- C:\Windows\System\PtEasfA.exe
  C:\Windows\System\PtEasfA.exe
  2⤵
  PID:5464
- C:\Windows\System\EaGBDFm.exe
  C:\Windows\System\EaGBDFm.exe
  2⤵
  PID:4340
- C:\Windows\System\sDMYdQN.exe
  C:\Windows\System\sDMYdQN.exe
  2⤵
  PID:5344
- C:\Windows\System\mIbAlCU.exe
  C:\Windows\System\mIbAlCU.exe
  2⤵
  PID:5564
- C:\Windows\System\sfbJSBI.exe
  C:\Windows\System\sfbJSBI.exe
  2⤵
  PID:5604
- C:\Windows\System\RcLqOLV.exe
  C:\Windows\System\RcLqOLV.exe
  2⤵
  PID:5700
- C:\Windows\System\XfKkcgW.exe
  C:\Windows\System\XfKkcgW.exe
  2⤵
  PID:5716
- C:\Windows\System\yAfkNme.exe
  C:\Windows\System\yAfkNme.exe
  2⤵
  PID:5880
- C:\Windows\System\zNLSRWO.exe
  C:\Windows\System\zNLSRWO.exe
  2⤵
  PID:5852
- C:\Windows\System\nlDwlrf.exe
  C:\Windows\System\nlDwlrf.exe
  2⤵
  PID:5636
- C:\Windows\System\mQNrmsW.exe
  C:\Windows\System\mQNrmsW.exe
  2⤵
  PID:5804
- C:\Windows\System\TAIYkNy.exe
  C:\Windows\System\TAIYkNy.exe
  2⤵
  PID:5932
- C:\Windows\System\JutqJko.exe
  C:\Windows\System\JutqJko.exe
  2⤵
  PID:6032
- C:\Windows\System\ybQlbkp.exe
  C:\Windows\System\ybQlbkp.exe
  2⤵
  PID:6136
- C:\Windows\System\AqaMcCy.exe
  C:\Windows\System\AqaMcCy.exe
  2⤵
  PID:5160
- C:\Windows\System\YLyuXZC.exe
  C:\Windows\System\YLyuXZC.exe
  2⤵
  PID:4604
- C:\Windows\System\VdIjsUN.exe
  C:\Windows\System\VdIjsUN.exe
  2⤵
  PID:5252
- C:\Windows\System\aHcEIgm.exe
  C:\Windows\System\aHcEIgm.exe
  2⤵
  PID:5144
- C:\Windows\System\MiFHtVV.exe
  C:\Windows\System\MiFHtVV.exe
  2⤵
  PID:5476
- C:\Windows\System\LuAtZSa.exe
  C:\Windows\System\LuAtZSa.exe
  2⤵
  PID:5296
- C:\Windows\System\qbDMKqF.exe
  C:\Windows\System\qbDMKqF.exe
  2⤵
  PID:5052
- C:\Windows\System\aLsVhQO.exe
  C:\Windows\System\aLsVhQO.exe
  2⤵
  PID:5316
- C:\Windows\System\pKMVbcE.exe
  C:\Windows\System\pKMVbcE.exe
  2⤵
  PID:5784
- C:\Windows\System\SQWDhsw.exe
  C:\Windows\System\SQWDhsw.exe
  2⤵
  PID:5816
- C:\Windows\System\orxtPSu.exe
  C:\Windows\System\orxtPSu.exe
  2⤵
  PID:5544
- C:\Windows\System\YOdhiyu.exe
  C:\Windows\System\YOdhiyu.exe
  2⤵
  PID:5640
- C:\Windows\System\EBzwIKj.exe
  C:\Windows\System\EBzwIKj.exe
  2⤵
  PID:5652
- C:\Windows\System\iHhqzZh.exe
  C:\Windows\System\iHhqzZh.exe
  2⤵
  PID:6132
- C:\Windows\System\fboOZzC.exe
  C:\Windows\System\fboOZzC.exe
  2⤵
  PID:6004
- C:\Windows\System\YJIsilW.exe
  C:\Windows\System\YJIsilW.exe
  2⤵
  PID:5164
- C:\Windows\System\aMYdnmd.exe
  C:\Windows\System\aMYdnmd.exe
  2⤵
  PID:2552
- C:\Windows\System\JDYSufO.exe
  C:\Windows\System\JDYSufO.exe
  2⤵
  PID:5232
- C:\Windows\System\gcuhSlf.exe
  C:\Windows\System\gcuhSlf.exe
  2⤵
  PID:5504
- C:\Windows\System\eJKvgZy.exe
  C:\Windows\System\eJKvgZy.exe
  2⤵
  PID:5140
- C:\Windows\System\KGAFSwj.exe
  C:\Windows\System\KGAFSwj.exe
  2⤵
  PID:5892
- C:\Windows\System\IesFaZg.exe
  C:\Windows\System\IesFaZg.exe
  2⤵
  PID:5332
- C:\Windows\System\McOGDFl.exe
  C:\Windows\System\McOGDFl.exe
  2⤵
  PID:5548
- C:\Windows\System\YjUTgHq.exe
  C:\Windows\System\YjUTgHq.exe
  2⤵
  PID:6096
- C:\Windows\System\riFfrHb.exe
  C:\Windows\System\riFfrHb.exe
  2⤵
  PID:5228
- C:\Windows\System\HUGOmOz.exe
  C:\Windows\System\HUGOmOz.exe
  2⤵
  PID:5180
- C:\Windows\System\ZpfSSjF.exe
  C:\Windows\System\ZpfSSjF.exe
  2⤵
  PID:5780
- C:\Windows\System\yJrxqYO.exe
  C:\Windows\System\yJrxqYO.exe
  2⤵
  PID:5732
- C:\Windows\System\STsFASR.exe
  C:\Windows\System\STsFASR.exe
  2⤵
  PID:5416
- C:\Windows\System\noJqxav.exe
  C:\Windows\System\noJqxav.exe
  2⤵
  PID:5340
- C:\Windows\System\KOFyFGX.exe
  C:\Windows\System\KOFyFGX.exe
  2⤵
  PID:4232
- C:\Windows\System\YqBhqts.exe
  C:\Windows\System\YqBhqts.exe
  2⤵
  PID:3400
- C:\Windows\System\rMFzFrL.exe
  C:\Windows\System\rMFzFrL.exe
  2⤵
  PID:5620
- C:\Windows\System\JxkfyuL.exe
  C:\Windows\System\JxkfyuL.exe
  2⤵
  PID:5908
- C:\Windows\System\jfSLMJT.exe
  C:\Windows\System\jfSLMJT.exe
  2⤵
  PID:5508
- C:\Windows\System\jKjutdU.exe
  C:\Windows\System\jKjutdU.exe
  2⤵
  PID:6064
- C:\Windows\System\DCnPYHM.exe
  C:\Windows\System\DCnPYHM.exe
  2⤵
  PID:6160
- C:\Windows\System\HunrFHk.exe
  C:\Windows\System\HunrFHk.exe
  2⤵
  PID:6192
- C:\Windows\System\CkJAjVU.exe
  C:\Windows\System\CkJAjVU.exe
  2⤵
  PID:6208
- C:\Windows\System\mFVXTHj.exe
  C:\Windows\System\mFVXTHj.exe
  2⤵
  PID:6224
- C:\Windows\System\ChIciGO.exe
  C:\Windows\System\ChIciGO.exe
  2⤵
  PID:6244
- C:\Windows\System\TFbABmW.exe
  C:\Windows\System\TFbABmW.exe
  2⤵
  PID:6268
- C:\Windows\System\UelCyQL.exe
  C:\Windows\System\UelCyQL.exe
  2⤵
  PID:6284
- C:\Windows\System\ZkzIGma.exe
  C:\Windows\System\ZkzIGma.exe
  2⤵
  PID:6304
- C:\Windows\System\bGbeDKy.exe
  C:\Windows\System\bGbeDKy.exe
  2⤵
  PID:6320
- C:\Windows\System\LtnWKOO.exe
  C:\Windows\System\LtnWKOO.exe
  2⤵
  PID:6336
- C:\Windows\System\xZOoGAQ.exe
  C:\Windows\System\xZOoGAQ.exe
  2⤵
  PID:6364
- C:\Windows\System\KzfdWlG.exe
  C:\Windows\System\KzfdWlG.exe
  2⤵
  PID:6384
- C:\Windows\System\rLxeANU.exe
  C:\Windows\System\rLxeANU.exe
  2⤵
  PID:6408
- C:\Windows\System\vhJmXvB.exe
  C:\Windows\System\vhJmXvB.exe
  2⤵
  PID:6428
- C:\Windows\System\iznYxdz.exe
  C:\Windows\System\iznYxdz.exe
  2⤵
  PID:6452
- C:\Windows\System\tLKcTGN.exe
  C:\Windows\System\tLKcTGN.exe
  2⤵
  PID:6472
- C:\Windows\System\jxylYYe.exe
  C:\Windows\System\jxylYYe.exe
  2⤵
  PID:6488
- C:\Windows\System\EtOGeqx.exe
  C:\Windows\System\EtOGeqx.exe
  2⤵
  PID:6504
- C:\Windows\System\iymMjHu.exe
  C:\Windows\System\iymMjHu.exe
  2⤵
  PID:6520
- C:\Windows\System\onwDczR.exe
  C:\Windows\System\onwDczR.exe
  2⤵
  PID:6536
- C:\Windows\System\OegCdJH.exe
  C:\Windows\System\OegCdJH.exe
  2⤵
  PID:6568
- C:\Windows\System\qYwAgkx.exe
  C:\Windows\System\qYwAgkx.exe
  2⤵
  PID:6588
- C:\Windows\System\OPtFXAA.exe
  C:\Windows\System\OPtFXAA.exe
  2⤵
  PID:6604
- C:\Windows\System\ZkqpgRD.exe
  C:\Windows\System\ZkqpgRD.exe
  2⤵
  PID:6620
- C:\Windows\System\NoGEhNW.exe
  C:\Windows\System\NoGEhNW.exe
  2⤵
  PID:6652
- C:\Windows\System\aaZlfiR.exe
  C:\Windows\System\aaZlfiR.exe
  2⤵
  PID:6668
- C:\Windows\System\kRKtMNg.exe
  C:\Windows\System\kRKtMNg.exe
  2⤵
  PID:6688
- C:\Windows\System\gJAlVjX.exe
  C:\Windows\System\gJAlVjX.exe
  2⤵
  PID:6704
- C:\Windows\System\Sjlqeef.exe
  C:\Windows\System\Sjlqeef.exe
  2⤵
  PID:6724
- C:\Windows\System\qzdOrku.exe
  C:\Windows\System\qzdOrku.exe
  2⤵
  PID:6740
- C:\Windows\System\qKdZwqQ.exe
  C:\Windows\System\qKdZwqQ.exe
  2⤵
  PID:6756
- C:\Windows\System\KnfISgS.exe
  C:\Windows\System\KnfISgS.exe
  2⤵
  PID:6776
- C:\Windows\System\WNiBKbA.exe
  C:\Windows\System\WNiBKbA.exe
  2⤵
  PID:6792
- C:\Windows\System\zBVkqYU.exe
  C:\Windows\System\zBVkqYU.exe
  2⤵
  PID:6808
- C:\Windows\System\BHumacx.exe
  C:\Windows\System\BHumacx.exe
  2⤵
  PID:6824
- C:\Windows\System\PSzOjEz.exe
  C:\Windows\System\PSzOjEz.exe
  2⤵
  PID:6840
- C:\Windows\System\NhPTJuo.exe
  C:\Windows\System\NhPTJuo.exe
  2⤵
  PID:6856
- C:\Windows\System\FduHDrI.exe
  C:\Windows\System\FduHDrI.exe
  2⤵
  PID:6872
- C:\Windows\System\XjBRLXP.exe
  C:\Windows\System\XjBRLXP.exe
  2⤵
  PID:6888
- C:\Windows\System\wDuYNDL.exe
  C:\Windows\System\wDuYNDL.exe
  2⤵
  PID:6904
- C:\Windows\System\nrxPuGi.exe
  C:\Windows\System\nrxPuGi.exe
  2⤵
  PID:6920
- C:\Windows\System\gYmKAeW.exe
  C:\Windows\System\gYmKAeW.exe
  2⤵
  PID:6936
- C:\Windows\System\NEVURsD.exe
  C:\Windows\System\NEVURsD.exe
  2⤵
  PID:6952
- C:\Windows\System\veVeQvY.exe
  C:\Windows\System\veVeQvY.exe
  2⤵
  PID:6968
- C:\Windows\System\iCVQOYE.exe
  C:\Windows\System\iCVQOYE.exe
  2⤵
  PID:6984
- C:\Windows\System\XGkQIYp.exe
  C:\Windows\System\XGkQIYp.exe
  2⤵
  PID:7000
- C:\Windows\System\bTOXgFp.exe
  C:\Windows\System\bTOXgFp.exe
  2⤵
  PID:7016
- C:\Windows\System\wuuwZrq.exe
  C:\Windows\System\wuuwZrq.exe
  2⤵
  PID:7032
- C:\Windows\System\SpTtKta.exe
  C:\Windows\System\SpTtKta.exe
  2⤵
  PID:7048
- C:\Windows\System\kkhEaox.exe
  C:\Windows\System\kkhEaox.exe
  2⤵
  PID:7064
- C:\Windows\System\lBnBLKS.exe
  C:\Windows\System\lBnBLKS.exe
  2⤵
  PID:7080
- C:\Windows\System\wnLQoYl.exe
  C:\Windows\System\wnLQoYl.exe
  2⤵
  PID:7096
- C:\Windows\System\tJPMGVB.exe
  C:\Windows\System\tJPMGVB.exe
  2⤵
  PID:7112
- C:\Windows\System\XMIZUOI.exe
  C:\Windows\System\XMIZUOI.exe
  2⤵
  PID:7128
- C:\Windows\System\fZFiMNo.exe
  C:\Windows\System\fZFiMNo.exe
  2⤵
  PID:7144
- C:\Windows\System\PKMnXqm.exe
  C:\Windows\System\PKMnXqm.exe
  2⤵
  PID:7160
- C:\Windows\System\jixAzni.exe
  C:\Windows\System\jixAzni.exe
  2⤵
  PID:6200
- C:\Windows\System\iubudwY.exe
  C:\Windows\System\iubudwY.exe
  2⤵
  PID:6240
- C:\Windows\System\BkzPJdj.exe
  C:\Windows\System\BkzPJdj.exe
  2⤵
  PID:6280
- C:\Windows\System\OkJbogv.exe
  C:\Windows\System\OkJbogv.exe
  2⤵
  PID:6352
- C:\Windows\System\TuCJSqc.exe
  C:\Windows\System\TuCJSqc.exe
  2⤵
  PID:6404
- C:\Windows\System\aMGJiEw.exe
  C:\Windows\System\aMGJiEw.exe
  2⤵
  PID:6220
- C:\Windows\System\ZBYIDdd.exe
  C:\Windows\System\ZBYIDdd.exe
  2⤵
  PID:6184
- C:\Windows\System\bOawQqh.exe
  C:\Windows\System\bOawQqh.exe
  2⤵
  PID:6516
- C:\Windows\System\qrSACua.exe
  C:\Windows\System\qrSACua.exe
  2⤵
  PID:6420
- C:\Windows\System\hWKfJIC.exe
  C:\Windows\System\hWKfJIC.exe
  2⤵
  PID:6424
- C:\Windows\System\ChzuejA.exe
  C:\Windows\System\ChzuejA.exe
  2⤵
  PID:6560
- C:\Windows\System\EtyfDsq.exe
  C:\Windows\System\EtyfDsq.exe
  2⤵
  PID:6580
- C:\Windows\System\iozIQVA.exe
  C:\Windows\System\iozIQVA.exe
  2⤵
  PID:6680
- C:\Windows\System\rHlUZox.exe
  C:\Windows\System\rHlUZox.exe
  2⤵
  PID:6748
- C:\Windows\System\qRgAGZm.exe
  C:\Windows\System\qRgAGZm.exe
  2⤵
  PID:6700
- C:\Windows\System\XLWYUdP.exe
  C:\Windows\System\XLWYUdP.exe
  2⤵
  PID:6820
- C:\Windows\System\VDZvRSO.exe
  C:\Windows\System\VDZvRSO.exe
  2⤵
  PID:6800
- C:\Windows\System\lqlkTfd.exe
  C:\Windows\System\lqlkTfd.exe
  2⤵
  PID:6864
- C:\Windows\System\LyOcAqr.exe
  C:\Windows\System\LyOcAqr.exe
  2⤵
  PID:6912
- C:\Windows\System\gnQxzPQ.exe
  C:\Windows\System\gnQxzPQ.exe
  2⤵
  PID:6928
- C:\Windows\System\VQAZCCa.exe
  C:\Windows\System\VQAZCCa.exe
  2⤵
  PID:6996
- C:\Windows\System\dCgVWRt.exe
  C:\Windows\System\dCgVWRt.exe
  2⤵
  PID:7028
- C:\Windows\System\HbQalmj.exe
  C:\Windows\System\HbQalmj.exe
  2⤵
  PID:7024
- C:\Windows\System\fkibegK.exe
  C:\Windows\System\fkibegK.exe
  2⤵
  PID:7076
- C:\Windows\System\gtbQGEo.exe
  C:\Windows\System\gtbQGEo.exe
  2⤵
  PID:7136
- C:\Windows\System\mFlFpLu.exe
  C:\Windows\System\mFlFpLu.exe
  2⤵
  PID:6152
- C:\Windows\System\BFtfzLT.exe
  C:\Windows\System\BFtfzLT.exe
  2⤵
  PID:6000
- C:\Windows\System\OcAMOme.exe
  C:\Windows\System\OcAMOme.exe
  2⤵
  PID:7156
- C:\Windows\System\VAqRxUP.exe
  C:\Windows\System\VAqRxUP.exe
  2⤵
  PID:6356
- C:\Windows\System\DVLHxVk.exe
  C:\Windows\System\DVLHxVk.exe
  2⤵
  PID:6360
- C:\Windows\System\LPPGVWD.exe
  C:\Windows\System\LPPGVWD.exe
  2⤵
  PID:6440
- C:\Windows\System\LzZgkVj.exe
  C:\Windows\System\LzZgkVj.exe
  2⤵
  PID:6180
- C:\Windows\System\BFzVYHf.exe
  C:\Windows\System\BFzVYHf.exe
  2⤵
  PID:6512
- C:\Windows\System\sUfsoFw.exe
  C:\Windows\System\sUfsoFw.exe
  2⤵
  PID:6328
- C:\Windows\System\aXsFhpO.exe
  C:\Windows\System\aXsFhpO.exe
  2⤵
  PID:6256
- C:\Windows\System\ZFUAQZH.exe
  C:\Windows\System\ZFUAQZH.exe
  2⤵
  PID:6556
- C:\Windows\System\crddivo.exe
  C:\Windows\System\crddivo.exe
  2⤵
  PID:6528
- C:\Windows\System\SpUwfqT.exe
  C:\Windows\System\SpUwfqT.exe
  2⤵
  PID:6600
- C:\Windows\System\kBQdcTV.exe
  C:\Windows\System\kBQdcTV.exe
  2⤵
  PID:6632
- C:\Windows\System\vLwyKyR.exe
  C:\Windows\System\vLwyKyR.exe
  2⤵
  PID:6616
- C:\Windows\System\fLrRmEA.exe
  C:\Windows\System\fLrRmEA.exe
  2⤵
  PID:6664
- C:\Windows\System\OXTcGvp.exe
  C:\Windows\System\OXTcGvp.exe
  2⤵
  PID:6720
- C:\Windows\System\DlqwgpF.exe
  C:\Windows\System\DlqwgpF.exe
  2⤵
  PID:6768
- C:\Windows\System\GORdhvc.exe
  C:\Windows\System\GORdhvc.exe
  2⤵
  PID:6880
- C:\Windows\System\xcumACI.exe
  C:\Windows\System\xcumACI.exe
  2⤵
  PID:6836
- C:\Windows\System\GARepve.exe
  C:\Windows\System\GARepve.exe
  2⤵
  PID:6964
- C:\Windows\System\xRcLsYC.exe
  C:\Windows\System\xRcLsYC.exe
  2⤵
  PID:6980
- C:\Windows\System\ssYTudX.exe
  C:\Windows\System\ssYTudX.exe
  2⤵
  PID:7108
- C:\Windows\System\kSnVsGi.exe
  C:\Windows\System\kSnVsGi.exe
  2⤵
  PID:7120
- C:\Windows\System\lIEmWJW.exe
  C:\Windows\System\lIEmWJW.exe
  2⤵
  PID:6276
- C:\Windows\System\fdSOYbA.exe
  C:\Windows\System\fdSOYbA.exe
  2⤵
  PID:7152
- C:\Windows\System\oNeLppD.exe
  C:\Windows\System\oNeLppD.exe
  2⤵
  PID:6292
- C:\Windows\System\HorwzwR.exe
  C:\Windows\System\HorwzwR.exe
  2⤵
  PID:6300
- C:\Windows\System\QmTkHVJ.exe
  C:\Windows\System\QmTkHVJ.exe
  2⤵
  PID:6500
- C:\Windows\System\RTRcbAz.exe
  C:\Windows\System\RTRcbAz.exe
  2⤵
  PID:6640
- C:\Windows\System\FLLxxiY.exe
  C:\Windows\System\FLLxxiY.exe
  2⤵
  PID:6764
- C:\Windows\System\UKewPHH.exe
  C:\Windows\System\UKewPHH.exe
  2⤵
  PID:6684
- C:\Windows\System\oeHjYLx.exe
  C:\Windows\System\oeHjYLx.exe
  2⤵
  PID:6736
- C:\Windows\System\VGpAaJn.exe
  C:\Windows\System\VGpAaJn.exe
  2⤵
  PID:6216
- C:\Windows\System\jxdQAlJ.exe
  C:\Windows\System\jxdQAlJ.exe
  2⤵
  PID:6788
- C:\Windows\System\UGKprsH.exe
  C:\Windows\System\UGKprsH.exe
  2⤵
  PID:6464
- C:\Windows\System\izZDytt.exe
  C:\Windows\System\izZDytt.exe
  2⤵
  PID:7176
- C:\Windows\System\PszkJus.exe
  C:\Windows\System\PszkJus.exe
  2⤵
  PID:7192
- C:\Windows\System\fmGWvkl.exe
  C:\Windows\System\fmGWvkl.exe
  2⤵
  PID:7208
- C:\Windows\System\XWZKzkz.exe
  C:\Windows\System\XWZKzkz.exe
  2⤵
  PID:7224
- C:\Windows\System\BriCrAN.exe
  C:\Windows\System\BriCrAN.exe
  2⤵
  PID:7240
- C:\Windows\System\IqdVrpU.exe
  C:\Windows\System\IqdVrpU.exe
  2⤵
  PID:7256
- C:\Windows\System\VKokTaP.exe
  C:\Windows\System\VKokTaP.exe
  2⤵
  PID:7272
- C:\Windows\System\vYlouaU.exe
  C:\Windows\System\vYlouaU.exe
  2⤵
  PID:7288
- C:\Windows\System\xUIceip.exe
  C:\Windows\System\xUIceip.exe
  2⤵
  PID:7336
- C:\Windows\System\YBBTNYU.exe
  C:\Windows\System\YBBTNYU.exe
  2⤵
  PID:7356
- C:\Windows\System\wizIZke.exe
  C:\Windows\System\wizIZke.exe
  2⤵
  PID:7372
- C:\Windows\System\gxxnlxN.exe
  C:\Windows\System\gxxnlxN.exe
  2⤵
  PID:7396
- C:\Windows\System\DKbnUiT.exe
  C:\Windows\System\DKbnUiT.exe
  2⤵
  PID:7412
- C:\Windows\System\vJdwgOk.exe
  C:\Windows\System\vJdwgOk.exe
  2⤵
  PID:7428
- C:\Windows\System\kaqFDpm.exe
  C:\Windows\System\kaqFDpm.exe
  2⤵
  PID:7444
- C:\Windows\System\CfUWFqO.exe
  C:\Windows\System\CfUWFqO.exe
  2⤵
  PID:7460
- C:\Windows\System\FDaiVRp.exe
  C:\Windows\System\FDaiVRp.exe
  2⤵
  PID:7476
- C:\Windows\System\HWbAvlV.exe
  C:\Windows\System\HWbAvlV.exe
  2⤵
  PID:7492
- C:\Windows\System\elDjMPj.exe
  C:\Windows\System\elDjMPj.exe
  2⤵
  PID:7508
- C:\Windows\System\FJCmLST.exe
  C:\Windows\System\FJCmLST.exe
  2⤵
  PID:7524
- C:\Windows\System\WXfHfqP.exe
  C:\Windows\System\WXfHfqP.exe
  2⤵
  PID:7540
- C:\Windows\System\FDtgQKV.exe
  C:\Windows\System\FDtgQKV.exe
  2⤵
  PID:7556
- C:\Windows\System\ksHXpcs.exe
  C:\Windows\System\ksHXpcs.exe
  2⤵
  PID:7572
- C:\Windows\System\zkRdyFT.exe
  C:\Windows\System\zkRdyFT.exe
  2⤵
  PID:7588
- C:\Windows\System\cBzaxBS.exe
  C:\Windows\System\cBzaxBS.exe
  2⤵
  PID:7604
- C:\Windows\System\GghKNfB.exe
  C:\Windows\System\GghKNfB.exe
  2⤵
  PID:7620
- C:\Windows\System\YZEiHkG.exe
  C:\Windows\System\YZEiHkG.exe
  2⤵
  PID:7636
- C:\Windows\System\jLcugTT.exe
  C:\Windows\System\jLcugTT.exe
  2⤵
  PID:7652
- C:\Windows\System\LQGRWRF.exe
  C:\Windows\System\LQGRWRF.exe
  2⤵
  PID:7668
- C:\Windows\System\fIWGdYr.exe
  C:\Windows\System\fIWGdYr.exe
  2⤵
  PID:7684
- C:\Windows\System\KHcLAVR.exe
  C:\Windows\System\KHcLAVR.exe
  2⤵
  PID:7700
- C:\Windows\System\AVCcLVq.exe
  C:\Windows\System\AVCcLVq.exe
  2⤵
  PID:7716
- C:\Windows\System\jMCgVOI.exe
  C:\Windows\System\jMCgVOI.exe
  2⤵
  PID:7736
- C:\Windows\System\CQMJOzk.exe
  C:\Windows\System\CQMJOzk.exe
  2⤵
  PID:7764
- C:\Windows\System\qJujLXF.exe
  C:\Windows\System\qJujLXF.exe
  2⤵
  PID:7780
- C:\Windows\System\kEncTbJ.exe
  C:\Windows\System\kEncTbJ.exe
  2⤵
  PID:7796
- C:\Windows\System\PRTenqy.exe
  C:\Windows\System\PRTenqy.exe
  2⤵
  PID:7812
- C:\Windows\System\ZFTVMiY.exe
  C:\Windows\System\ZFTVMiY.exe
  2⤵
  PID:7836
- C:\Windows\System\nbTiSoo.exe
  C:\Windows\System\nbTiSoo.exe
  2⤵
  PID:7860
- C:\Windows\System\yfGoBqY.exe
  C:\Windows\System\yfGoBqY.exe
  2⤵
  PID:7884
- C:\Windows\System\EUNlnMS.exe
  C:\Windows\System\EUNlnMS.exe
  2⤵
  PID:7944
- C:\Windows\System\tKPjlwy.exe
  C:\Windows\System\tKPjlwy.exe
  2⤵
  PID:7960
- C:\Windows\System\HvlvkVH.exe
  C:\Windows\System\HvlvkVH.exe
  2⤵
  PID:7976
- C:\Windows\System\lFDbWFa.exe
  C:\Windows\System\lFDbWFa.exe
  2⤵
  PID:7992
- C:\Windows\System\WEydDwS.exe
  C:\Windows\System\WEydDwS.exe
  2⤵
  PID:8016
- C:\Windows\System\ygUTMOE.exe
  C:\Windows\System\ygUTMOE.exe
  2⤵
  PID:8032
- C:\Windows\System\PFfHrWX.exe
  C:\Windows\System\PFfHrWX.exe
  2⤵
  PID:8048
- C:\Windows\System\NrTauoo.exe
  C:\Windows\System\NrTauoo.exe
  2⤵
  PID:8064
- C:\Windows\System\pUccYeM.exe
  C:\Windows\System\pUccYeM.exe
  2⤵
  PID:8080
- C:\Windows\System\dFZctQO.exe
  C:\Windows\System\dFZctQO.exe
  2⤵
  PID:8096
- C:\Windows\System\dcDENBG.exe
  C:\Windows\System\dcDENBG.exe
  2⤵
  PID:8112
- C:\Windows\System\vQzefej.exe
  C:\Windows\System\vQzefej.exe
  2⤵
  PID:8128
- C:\Windows\System\HdiHKNW.exe
  C:\Windows\System\HdiHKNW.exe
  2⤵
  PID:8144
- C:\Windows\System\lOpYgzr.exe
  C:\Windows\System\lOpYgzr.exe
  2⤵
  PID:8160
- C:\Windows\System\blxjOOX.exe
  C:\Windows\System\blxjOOX.exe
  2⤵
  PID:8176
- C:\Windows\System\XKGFyte.exe
  C:\Windows\System\XKGFyte.exe
  2⤵
  PID:6852
- C:\Windows\System\avdnWeb.exe
  C:\Windows\System\avdnWeb.exe
  2⤵
  PID:6960
- C:\Windows\System\GpkHlnP.exe
  C:\Windows\System\GpkHlnP.exe
  2⤵
  PID:7092
- C:\Windows\System\fLKnPCC.exe
  C:\Windows\System\fLKnPCC.exe
  2⤵
  PID:6896
- C:\Windows\System\MUApzsp.exe
  C:\Windows\System\MUApzsp.exe
  2⤵
  PID:6172
- C:\Windows\System\QciXYZx.exe
  C:\Windows\System\QciXYZx.exe
  2⤵
  PID:6156
- C:\Windows\System\OmpELxq.exe
  C:\Windows\System\OmpELxq.exe
  2⤵
  PID:7280
- C:\Windows\System\PBmKpyC.exe
  C:\Windows\System\PBmKpyC.exe
  2⤵
  PID:7252
- C:\Windows\System\nIavaFQ.exe
  C:\Windows\System\nIavaFQ.exe
  2⤵
  PID:7236
- C:\Windows\System\iCuQAAg.exe
  C:\Windows\System\iCuQAAg.exe
  2⤵
  PID:7232
- C:\Windows\System\tgTxHIZ.exe
  C:\Windows\System\tgTxHIZ.exe
  2⤵
  PID:7344
- C:\Windows\System\oWiZwhv.exe
  C:\Windows\System\oWiZwhv.exe
  2⤵
  PID:7380
- C:\Windows\System\cTUfqpC.exe
  C:\Windows\System\cTUfqpC.exe
  2⤵
  PID:7332
- C:\Windows\System\fcGkryo.exe
  C:\Windows\System\fcGkryo.exe
  2⤵
  PID:7328
- C:\Windows\System\HbVIcrP.exe
  C:\Windows\System\HbVIcrP.exe
  2⤵
  PID:7388
- C:\Windows\System\HLDbdsl.exe
  C:\Windows\System\HLDbdsl.exe
  2⤵
  PID:7404
- C:\Windows\System\jWtosDo.exe
  C:\Windows\System\jWtosDo.exe
  2⤵
  PID:7484
- C:\Windows\System\OSRHCEE.exe
  C:\Windows\System\OSRHCEE.exe
  2⤵
  PID:7468
- C:\Windows\System\OaxpYnY.exe
  C:\Windows\System\OaxpYnY.exe
  2⤵
  PID:7500
- C:\Windows\System\JxpMEAZ.exe
  C:\Windows\System\JxpMEAZ.exe
  2⤵
  PID:7596
- C:\Windows\System\zVKFTMN.exe
  C:\Windows\System\zVKFTMN.exe
  2⤵
  PID:7660
- C:\Windows\System\pVkosWi.exe
  C:\Windows\System\pVkosWi.exe
  2⤵
  PID:7580
- C:\Windows\System\AhNbXjy.exe
  C:\Windows\System\AhNbXjy.exe
  2⤵
  PID:7552
- C:\Windows\System\OxsKfKn.exe
  C:\Windows\System\OxsKfKn.exe
  2⤵
  PID:7644
- C:\Windows\System\KphUjdq.exe
  C:\Windows\System\KphUjdq.exe
  2⤵
  PID:7708
- C:\Windows\System\pEWXJyv.exe
  C:\Windows\System\pEWXJyv.exe
  2⤵
  PID:7732
- C:\Windows\System\WpMmURi.exe
  C:\Windows\System\WpMmURi.exe
  2⤵
  PID:7756
- C:\Windows\System\AHQMOhJ.exe
  C:\Windows\System\AHQMOhJ.exe
  2⤵
  PID:7788
- C:\Windows\System\DOqEayA.exe
  C:\Windows\System\DOqEayA.exe
  2⤵
  PID:7820
- C:\Windows\System\MvGitLs.exe
  C:\Windows\System\MvGitLs.exe
  2⤵
  PID:7844
- C:\Windows\System\zDkptXq.exe
  C:\Windows\System\zDkptXq.exe
  2⤵
  PID:7868
- C:\Windows\System\avePmxQ.exe
  C:\Windows\System\avePmxQ.exe
  2⤵
  PID:7892
- C:\Windows\System\OXzaEVz.exe
  C:\Windows\System\OXzaEVz.exe
  2⤵
  PID:7908
- C:\Windows\System\ethaQeg.exe
  C:\Windows\System\ethaQeg.exe
  2⤵
  PID:7928
- C:\Windows\System\cPlkKgv.exe
  C:\Windows\System\cPlkKgv.exe
  2⤵
  PID:7972
- C:\Windows\System\KdnTJVZ.exe
  C:\Windows\System\KdnTJVZ.exe
  2⤵
  PID:8012
- C:\Windows\System\IeHDjNf.exe
  C:\Windows\System\IeHDjNf.exe
  2⤵
  PID:7984
- C:\Windows\System\GQkhBmE.exe
  C:\Windows\System\GQkhBmE.exe
  2⤵
  PID:8056
- C:\Windows\System\midakse.exe
  C:\Windows\System\midakse.exe
  2⤵
  PID:8120
- C:\Windows\System\vbWFakc.exe
  C:\Windows\System\vbWFakc.exe
  2⤵
  PID:8040
- C:\Windows\System\DiXUPPl.exe
  C:\Windows\System\DiXUPPl.exe
  2⤵
  PID:8104
- C:\Windows\System\EZMDJLy.exe
  C:\Windows\System\EZMDJLy.exe
  2⤵
  PID:8168
- C:\Windows\System\HXIHAkm.exe
  C:\Windows\System\HXIHAkm.exe
  2⤵
  PID:6468
- C:\Windows\System\EDUabOb.exe
  C:\Windows\System\EDUabOb.exe
  2⤵
  PID:6396
- C:\Windows\System\QAaGfgg.exe
  C:\Windows\System\QAaGfgg.exe
  2⤵
  PID:6460
- C:\Windows\System\maAWcYf.exe
  C:\Windows\System\maAWcYf.exe
  2⤵
  PID:4992
- C:\Windows\System\IOIOdsl.exe
  C:\Windows\System\IOIOdsl.exe
  2⤵
  PID:7312
- C:\Windows\System\QesKNJy.exe
  C:\Windows\System\QesKNJy.exe
  2⤵
  PID:7452
- C:\Windows\System\dmUQOSz.exe
  C:\Windows\System\dmUQOSz.exe
  2⤵
  PID:7628
- C:\Windows\System\AdedzJx.exe
  C:\Windows\System\AdedzJx.exe
  2⤵
  PID:7632
- C:\Windows\System\AcRdqJh.exe
  C:\Windows\System\AcRdqJh.exe
  2⤵
  PID:1544
- C:\Windows\System\QyzScdg.exe
  C:\Windows\System\QyzScdg.exe
  2⤵
  PID:7472
- C:\Windows\System\eqydTew.exe
  C:\Windows\System\eqydTew.exe
  2⤵
  PID:7692
- C:\Windows\System\ChqmjjV.exe
  C:\Windows\System\ChqmjjV.exe
  2⤵
  PID:7548
- C:\Windows\System\teaWLmq.exe
  C:\Windows\System\teaWLmq.exe
  2⤵
  PID:7612
- C:\Windows\System\mUDrqZP.exe
  C:\Windows\System\mUDrqZP.exe
  2⤵
  PID:7792
- C:\Windows\System\FdRSZQe.exe
  C:\Windows\System\FdRSZQe.exe
  2⤵
  PID:7828
- C:\Windows\System\mmGUScM.exe
  C:\Windows\System\mmGUScM.exe
  2⤵
  PID:7900
- C:\Windows\System\OeucBUn.exe
  C:\Windows\System\OeucBUn.exe
  2⤵
  PID:7880
- C:\Windows\System\BcTImPw.exe
  C:\Windows\System\BcTImPw.exe
  2⤵
  PID:7936
- C:\Windows\System\YnzFNxO.exe
  C:\Windows\System\YnzFNxO.exe
  2⤵
  PID:8024
- C:\Windows\System\tYKFVWl.exe
  C:\Windows\System\tYKFVWl.exe
  2⤵
  PID:8072
- C:\Windows\System\Hupsvta.exe
  C:\Windows\System\Hupsvta.exe
  2⤵
  PID:8156
- C:\Windows\System\taAJwTY.exe
  C:\Windows\System\taAJwTY.exe
  2⤵
  PID:7088
- C:\Windows\System\PrnCPcO.exe
  C:\Windows\System\PrnCPcO.exe
  2⤵
  PID:7504
- C:\Windows\System\zHagJWR.exe
  C:\Windows\System\zHagJWR.exe
  2⤵
  PID:6168
- C:\Windows\System\IVtlghE.exe
  C:\Windows\System\IVtlghE.exe
  2⤵
  PID:7392
- C:\Windows\System\djFBqMT.exe
  C:\Windows\System\djFBqMT.exe
  2⤵
  PID:7200
- C:\Windows\System\uUJhIks.exe
  C:\Windows\System\uUJhIks.exe
  2⤵
  PID:7808
- C:\Windows\System\wVXnKgv.exe
  C:\Windows\System\wVXnKgv.exe
  2⤵
  PID:7424
- C:\Windows\System\ruRFyTB.exe
  C:\Windows\System\ruRFyTB.exe
  2⤵
  PID:7920
- C:\Windows\System\uGOXtzY.exe
  C:\Windows\System\uGOXtzY.exe
  2⤵
  PID:7616
- C:\Windows\System\mhkJvww.exe
  C:\Windows\System\mhkJvww.exe
  2⤵
  PID:7940
- C:\Windows\System\BwdHfnA.exe
  C:\Windows\System\BwdHfnA.exe
  2⤵
  PID:8140
- C:\Windows\System\KJLgVof.exe
  C:\Windows\System\KJLgVof.exe
  2⤵
  PID:6648
- C:\Windows\System\QamZkjM.exe
  C:\Windows\System\QamZkjM.exe
  2⤵
  PID:7752
- C:\Windows\System\cfvGNJh.exe
  C:\Windows\System\cfvGNJh.exe
  2⤵
  PID:8088
- C:\Windows\System\ulrZRVO.exe
  C:\Windows\System\ulrZRVO.exe
  2⤵
  PID:6532
- C:\Windows\System\ylyDaOV.exe
  C:\Windows\System\ylyDaOV.exe
  2⤵
  PID:7968
- C:\Windows\System\vhgkQCb.exe
  C:\Windows\System\vhgkQCb.exe
  2⤵
  PID:7368
- C:\Windows\System\gjBkDrm.exe
  C:\Windows\System\gjBkDrm.exe
  2⤵
  PID:8196
- C:\Windows\System\WehMGRI.exe
  C:\Windows\System\WehMGRI.exe
  2⤵
  PID:8212
- C:\Windows\System\eVhWqFt.exe
  C:\Windows\System\eVhWqFt.exe
  2⤵
  PID:8228
- C:\Windows\System\ekMhpZQ.exe
  C:\Windows\System\ekMhpZQ.exe
  2⤵
  PID:8244
- C:\Windows\System\xubuCTO.exe
  C:\Windows\System\xubuCTO.exe
  2⤵
  PID:8260
- C:\Windows\System\rMHaXzC.exe
  C:\Windows\System\rMHaXzC.exe
  2⤵
  PID:8280
- C:\Windows\System\ttOfcFA.exe
  C:\Windows\System\ttOfcFA.exe
  2⤵
  PID:8300
- C:\Windows\System\PaKGLTS.exe
  C:\Windows\System\PaKGLTS.exe
  2⤵
  PID:8316
- C:\Windows\System\GrQuolS.exe
  C:\Windows\System\GrQuolS.exe
  2⤵
  PID:8332
- C:\Windows\System\Leqnmuh.exe
  C:\Windows\System\Leqnmuh.exe
  2⤵
  PID:8348
- C:\Windows\System\HdUrZJX.exe
  C:\Windows\System\HdUrZJX.exe
  2⤵
  PID:8364
- C:\Windows\System\DRHVimX.exe
  C:\Windows\System\DRHVimX.exe
  2⤵
  PID:8380
- C:\Windows\System\bHFtIxs.exe
  C:\Windows\System\bHFtIxs.exe
  2⤵
  PID:8396
- C:\Windows\System\eyjeYuQ.exe
  C:\Windows\System\eyjeYuQ.exe
  2⤵
  PID:8412
- C:\Windows\System\lncbtNm.exe
  C:\Windows\System\lncbtNm.exe
  2⤵
  PID:8428
- C:\Windows\System\vnYvsSa.exe
  C:\Windows\System\vnYvsSa.exe
  2⤵
  PID:8444
- C:\Windows\System\oyaoEXz.exe
  C:\Windows\System\oyaoEXz.exe
  2⤵
  PID:8468
- C:\Windows\System\KgipLuX.exe
  C:\Windows\System\KgipLuX.exe
  2⤵
  PID:8492
- C:\Windows\System\DMASboK.exe
  C:\Windows\System\DMASboK.exe
  2⤵
  PID:8508
- C:\Windows\System\sFoDuQk.exe
  C:\Windows\System\sFoDuQk.exe
  2⤵
  PID:8524
- C:\Windows\System\XaxumEt.exe
  C:\Windows\System\XaxumEt.exe
  2⤵
  PID:8540
- C:\Windows\System\cSPOGYK.exe
  C:\Windows\System\cSPOGYK.exe
  2⤵
  PID:8556
- C:\Windows\System\JoonaUo.exe
  C:\Windows\System\JoonaUo.exe
  2⤵
  PID:8588
- C:\Windows\System\jtYNZOV.exe
  C:\Windows\System\jtYNZOV.exe
  2⤵
  PID:8604
- C:\Windows\System\WTpFGqu.exe
  C:\Windows\System\WTpFGqu.exe
  2⤵
  PID:8620
- C:\Windows\System\cTpupPI.exe
  C:\Windows\System\cTpupPI.exe
  2⤵
  PID:8640
- C:\Windows\System\avIoWkB.exe
  C:\Windows\System\avIoWkB.exe
  2⤵
  PID:8656
- C:\Windows\System\fsfuCLX.exe
  C:\Windows\System\fsfuCLX.exe
  2⤵
  PID:8680
- C:\Windows\System\DnIaOcd.exe
  C:\Windows\System\DnIaOcd.exe
  2⤵
  PID:8696
- C:\Windows\System\xGxyfAj.exe
  C:\Windows\System\xGxyfAj.exe
  2⤵
  PID:8712
- C:\Windows\System\ILhYNgx.exe
  C:\Windows\System\ILhYNgx.exe
  2⤵
  PID:8728
- C:\Windows\System\vHRpzzJ.exe
  C:\Windows\System\vHRpzzJ.exe
  2⤵
  PID:8744
- C:\Windows\System\bJgwgER.exe
  C:\Windows\System\bJgwgER.exe
  2⤵
  PID:8760
- C:\Windows\System\SoZALuN.exe
  C:\Windows\System\SoZALuN.exe
  2⤵
  PID:8776
- C:\Windows\System\xwSZmhh.exe
  C:\Windows\System\xwSZmhh.exe
  2⤵
  PID:8792
- C:\Windows\System\RsTZPcN.exe
  C:\Windows\System\RsTZPcN.exe
  2⤵
  PID:8808
- C:\Windows\System\dcchIec.exe
  C:\Windows\System\dcchIec.exe
  2⤵
  PID:8824
- C:\Windows\System\TmLENDE.exe
  C:\Windows\System\TmLENDE.exe
  2⤵
  PID:8840
- C:\Windows\System\knaKHff.exe
  C:\Windows\System\knaKHff.exe
  2⤵
  PID:8856
- C:\Windows\System\XaGekHU.exe
  C:\Windows\System\XaGekHU.exe
  2⤵
  PID:8872
- C:\Windows\System\NrZvDZb.exe
  C:\Windows\System\NrZvDZb.exe
  2⤵
  PID:8888
- C:\Windows\System\pZeXkTV.exe
  C:\Windows\System\pZeXkTV.exe
  2⤵
  PID:8904
- C:\Windows\System\KVqLqPm.exe
  C:\Windows\System\KVqLqPm.exe
  2⤵
  PID:8920
- C:\Windows\System\ejAOWyG.exe
  C:\Windows\System\ejAOWyG.exe
  2⤵
  PID:8936
- C:\Windows\System\MPSDTkN.exe
  C:\Windows\System\MPSDTkN.exe
  2⤵
  PID:8952
- C:\Windows\System\TEYzWNi.exe
  C:\Windows\System\TEYzWNi.exe
  2⤵
  PID:8968
- C:\Windows\System\luevcQo.exe
  C:\Windows\System\luevcQo.exe
  2⤵
  PID:8984
- C:\Windows\System\Uylpefb.exe
  C:\Windows\System\Uylpefb.exe
  2⤵
  PID:9000
- C:\Windows\System\MwgDfQx.exe
  C:\Windows\System\MwgDfQx.exe
  2⤵
  PID:9016
- C:\Windows\System\mUDMQqJ.exe
  C:\Windows\System\mUDMQqJ.exe
  2⤵
  PID:9032
- C:\Windows\System\QyOSjsC.exe
  C:\Windows\System\QyOSjsC.exe
  2⤵
  PID:9048
- C:\Windows\System\PWqRUED.exe
  C:\Windows\System\PWqRUED.exe
  2⤵
  PID:9064
- C:\Windows\System\HBRnJoU.exe
  C:\Windows\System\HBRnJoU.exe
  2⤵
  PID:9080
- C:\Windows\System\kZUQSFU.exe
  C:\Windows\System\kZUQSFU.exe
  2⤵
  PID:9096
- C:\Windows\System\gufmrLv.exe
  C:\Windows\System\gufmrLv.exe
  2⤵
  PID:9112
- C:\Windows\System\nhJjNnH.exe
  C:\Windows\System\nhJjNnH.exe
  2⤵
  PID:9128
- C:\Windows\System\OqWAPlX.exe
  C:\Windows\System\OqWAPlX.exe
  2⤵
  PID:9144
- C:\Windows\System\GvgcBBV.exe
  C:\Windows\System\GvgcBBV.exe
  2⤵
  PID:9160
- C:\Windows\System\ARKvbtX.exe
  C:\Windows\System\ARKvbtX.exe
  2⤵
  PID:9176
- C:\Windows\System\pJwuaTU.exe
  C:\Windows\System\pJwuaTU.exe
  2⤵
  PID:9192
- C:\Windows\System\uUoHdVS.exe
  C:\Windows\System\uUoHdVS.exe
  2⤵
  PID:9208
- C:\Windows\System\xxiIZVw.exe
  C:\Windows\System\xxiIZVw.exe
  2⤵
  PID:7772
- C:\Windows\System\VptjGbP.exe
  C:\Windows\System\VptjGbP.exe
  2⤵
  PID:6496
- C:\Windows\System\pxwMPrP.exe
  C:\Windows\System\pxwMPrP.exe
  2⤵
  PID:8204
- C:\Windows\System\wQbBNLg.exe
  C:\Windows\System\wQbBNLg.exe
  2⤵
  PID:8136
- C:\Windows\System\njNEWWB.exe
  C:\Windows\System\njNEWWB.exe
  2⤵
  PID:8276
- C:\Windows\System\YanBBvs.exe
  C:\Windows\System\YanBBvs.exe
  2⤵
  PID:8328
- C:\Windows\System\PGkaJlK.exe
  C:\Windows\System\PGkaJlK.exe
  2⤵
  PID:8392
- C:\Windows\System\VJrtZBF.exe
  C:\Windows\System\VJrtZBF.exe
  2⤵
  PID:8268
- C:\Windows\System\ZvegwqU.exe
  C:\Windows\System\ZvegwqU.exe
  2⤵
  PID:8372
- C:\Windows\System\KtscUNM.exe
  C:\Windows\System\KtscUNM.exe
  2⤵
  PID:8452
- C:\Windows\System\NIXkAXh.exe
  C:\Windows\System\NIXkAXh.exe
  2⤵
  PID:8464
- C:\Windows\System\aQcpfXJ.exe
  C:\Windows\System\aQcpfXJ.exe
  2⤵
  PID:8520
- C:\Windows\System\wrwtCqs.exe
  C:\Windows\System\wrwtCqs.exe
  2⤵
  PID:8488
- C:\Windows\System\FKELKMG.exe
  C:\Windows\System\FKELKMG.exe
  2⤵
  PID:8564
- C:\Windows\System\WOjTdMs.exe
  C:\Windows\System\WOjTdMs.exe
  2⤵
  PID:8580
- C:\Windows\System\qnMIzAQ.exe
  C:\Windows\System\qnMIzAQ.exe
  2⤵
  PID:8616
- C:\Windows\System\UqUbKar.exe
  C:\Windows\System\UqUbKar.exe
  2⤵
  PID:7184
- C:\Windows\System\zzSdvie.exe
  C:\Windows\System\zzSdvie.exe
  2⤵
  PID:8668
- C:\Windows\System\xhOgSyd.exe
  C:\Windows\System\xhOgSyd.exe
  2⤵
  PID:8688
- C:\Windows\System\DxaajyR.exe
  C:\Windows\System\DxaajyR.exe
  2⤵
  PID:8752
- C:\Windows\System\AbKqmCo.exe
  C:\Windows\System\AbKqmCo.exe
  2⤵
  PID:8816
- C:\Windows\System\MWOGQwn.exe
  C:\Windows\System\MWOGQwn.exe
  2⤵
  PID:8800
- C:\Windows\System\aAxpNVm.exe
  C:\Windows\System\aAxpNVm.exe
  2⤵
  PID:8832
- C:\Windows\System\kdrEJaT.exe
  C:\Windows\System\kdrEJaT.exe
  2⤵
  PID:8848
- C:\Windows\System\axXfuLr.exe
  C:\Windows\System\axXfuLr.exe
  2⤵
  PID:8868
- C:\Windows\System\kdsNKPq.exe
  C:\Windows\System\kdsNKPq.exe
  2⤵
  PID:8932
- C:\Windows\System\txVcDYH.exe
  C:\Windows\System\txVcDYH.exe
  2⤵
  PID:8916
- C:\Windows\System\pAMrmUD.exe
  C:\Windows\System\pAMrmUD.exe
  2⤵
  PID:8964
- C:\Windows\System\OzZjaPA.exe
  C:\Windows\System\OzZjaPA.exe
  2⤵
  PID:8992
- C:\Windows\System\IJugwtJ.exe
  C:\Windows\System\IJugwtJ.exe
  2⤵
  PID:9040
- C:\Windows\System\mFYXjmn.exe
  C:\Windows\System\mFYXjmn.exe
  2⤵
  PID:9056
- C:\Windows\System\kShdKEe.exe
  C:\Windows\System\kShdKEe.exe
  2⤵
  PID:9124
- C:\Windows\System\IDwbsFy.exe
  C:\Windows\System\IDwbsFy.exe
  2⤵
  PID:9140
- C:\Windows\System\DEUOuqA.exe
  C:\Windows\System\DEUOuqA.exe
  2⤵
  PID:9172
- C:\Windows\System\EWdPygl.exe
  C:\Windows\System\EWdPygl.exe
  2⤵
  PID:8224
- C:\Windows\System\aIgOdsj.exe
  C:\Windows\System\aIgOdsj.exe
  2⤵
  PID:8292
- C:\Windows\System\PgghvHD.exe
  C:\Windows\System\PgghvHD.exe
  2⤵
  PID:8404
- C:\Windows\System\ACybbti.exe
  C:\Windows\System\ACybbti.exe
  2⤵
  PID:9184
- C:\Windows\System\eLjVXIM.exe
  C:\Windows\System\eLjVXIM.exe
  2⤵
  PID:8440
- C:\Windows\System\OwGPtWZ.exe
  C:\Windows\System\OwGPtWZ.exe
  2⤵
  PID:8272
- C:\Windows\System\nCVPUxh.exe
  C:\Windows\System\nCVPUxh.exe
  2⤵
  PID:8344
- C:\Windows\System\TpCnGWP.exe
  C:\Windows\System\TpCnGWP.exe
  2⤵
  PID:8576
- C:\Windows\System\TpxQnJu.exe
  C:\Windows\System\TpxQnJu.exe
  2⤵
  PID:8772
- C:\Windows\System\aoVRzHw.exe
  C:\Windows\System\aoVRzHw.exe
  2⤵
  PID:8252
- C:\Windows\System\TrSZfEf.exe
  C:\Windows\System\TrSZfEf.exe
  2⤵
  PID:8652
- C:\Windows\System\wtRswGd.exe
  C:\Windows\System\wtRswGd.exe
  2⤵
  PID:8768
- C:\Windows\System\DGbgTbb.exe
  C:\Windows\System\DGbgTbb.exe
  2⤵
  PID:8788
- C:\Windows\System\pxEsyLm.exe
  C:\Windows\System\pxEsyLm.exe
  2⤵
  PID:8884
- C:\Windows\System\lnWKFuL.exe
  C:\Windows\System\lnWKFuL.exe
  2⤵
  PID:9076
- C:\Windows\System\nRIETqg.exe
  C:\Windows\System\nRIETqg.exe
  2⤵
  PID:9152
- C:\Windows\System\KLOscvy.exe
  C:\Windows\System\KLOscvy.exe
  2⤵
  PID:9136
- C:\Windows\System\YhDmobX.exe
  C:\Windows\System\YhDmobX.exe
  2⤵
  PID:7520
- C:\Windows\System\riCPolS.exe
  C:\Windows\System\riCPolS.exe
  2⤵
  PID:8836
- C:\Windows\System\bVutKtZ.exe
  C:\Windows\System\bVutKtZ.exe
  2⤵
  PID:8008
- C:\Windows\System\pCgMImr.exe
  C:\Windows\System\pCgMImr.exe
  2⤵
  PID:8532
- C:\Windows\System\hwUheEh.exe
  C:\Windows\System\hwUheEh.exe
  2⤵
  PID:8784
- C:\Windows\System\ZuzCdzt.exe
  C:\Windows\System\ZuzCdzt.exe
  2⤵
  PID:8960
- C:\Windows\System\xdGMSQc.exe
  C:\Windows\System\xdGMSQc.exe
  2⤵
  PID:9092
- C:\Windows\System\GJzxCyv.exe
  C:\Windows\System\GJzxCyv.exe
  2⤵
  PID:9024
- C:\Windows\System\xyCoErp.exe
  C:\Windows\System\xyCoErp.exe
  2⤵
  PID:8460
- C:\Windows\System\ljuJAmc.exe
  C:\Windows\System\ljuJAmc.exe
  2⤵
  PID:8864
- C:\Windows\System\xxcjlJb.exe
  C:\Windows\System\xxcjlJb.exe
  2⤵
  PID:9088
- C:\Windows\System\mQHjKUA.exe
  C:\Windows\System\mQHjKUA.exe
  2⤵
  PID:9120
- C:\Windows\System\GehAZUc.exe
  C:\Windows\System\GehAZUc.exe
  2⤵
  PID:8296
- C:\Windows\System\hhVfsrU.exe
  C:\Windows\System\hhVfsrU.exe
  2⤵
  PID:8308
- C:\Windows\System\FSIcdKb.exe
  C:\Windows\System\FSIcdKb.exe
  2⤵
  PID:8360
- C:\Windows\System\FyonGcM.exe
  C:\Windows\System\FyonGcM.exe
  2⤵
  PID:8636
- C:\Windows\System\FAuKNaJ.exe
  C:\Windows\System\FAuKNaJ.exe
  2⤵
  PID:9228
- C:\Windows\System\aHnKGSr.exe
  C:\Windows\System\aHnKGSr.exe
  2⤵
  PID:9252
- C:\Windows\System\MMZXklL.exe
  C:\Windows\System\MMZXklL.exe
  2⤵
  PID:9276
- C:\Windows\System\YVRcmRn.exe
  C:\Windows\System\YVRcmRn.exe
  2⤵
  PID:9296
- C:\Windows\System\btSbEOI.exe
  C:\Windows\System\btSbEOI.exe
  2⤵
  PID:9312
- C:\Windows\System\UNvrvPd.exe
  C:\Windows\System\UNvrvPd.exe
  2⤵
  PID:9328
- C:\Windows\System\PIPMJKo.exe
  C:\Windows\System\PIPMJKo.exe
  2⤵
  PID:9344
- C:\Windows\System\aAMFAaG.exe
  C:\Windows\System\aAMFAaG.exe
  2⤵
  PID:9368
- C:\Windows\System\DCFlMur.exe
  C:\Windows\System\DCFlMur.exe
  2⤵
  PID:9392
- C:\Windows\System\ytmaryt.exe
  C:\Windows\System\ytmaryt.exe
  2⤵
  PID:9412
- C:\Windows\System\nCTZnLW.exe
  C:\Windows\System\nCTZnLW.exe
  2⤵
  PID:9440
- C:\Windows\System\FHsRFAl.exe
  C:\Windows\System\FHsRFAl.exe
  2⤵
  PID:9460
- C:\Windows\System\GAZSRSB.exe
  C:\Windows\System\GAZSRSB.exe
  2⤵
  PID:9480
- C:\Windows\System\OkXoyHy.exe
  C:\Windows\System\OkXoyHy.exe
  2⤵
  PID:9500
- C:\Windows\System\eiwwwsE.exe
  C:\Windows\System\eiwwwsE.exe
  2⤵
  PID:9516
- C:\Windows\System\SRqhoOp.exe
  C:\Windows\System\SRqhoOp.exe
  2⤵
  PID:9532
- C:\Windows\System\RjrMjDj.exe
  C:\Windows\System\RjrMjDj.exe
  2⤵
  PID:9564
- C:\Windows\System\sRditxp.exe
  C:\Windows\System\sRditxp.exe
  2⤵
  PID:9580
- C:\Windows\System\ANoAhMt.exe
  C:\Windows\System\ANoAhMt.exe
  2⤵
  PID:9600
- C:\Windows\System\ELTDGzb.exe
  C:\Windows\System\ELTDGzb.exe
  2⤵
  PID:9616
- C:\Windows\System\QRDRgXv.exe
  C:\Windows\System\QRDRgXv.exe
  2⤵
  PID:9636
- C:\Windows\System\NDUtnQH.exe
  C:\Windows\System\NDUtnQH.exe
  2⤵
  PID:9652
- C:\Windows\System\jmyTRnW.exe
  C:\Windows\System\jmyTRnW.exe
  2⤵
  PID:9676
- C:\Windows\System\xStOium.exe
  C:\Windows\System\xStOium.exe
  2⤵
  PID:9692
- C:\Windows\System\JoUVpzr.exe
  C:\Windows\System\JoUVpzr.exe
  2⤵
  PID:9712
- C:\Windows\System\WUFKnHZ.exe
  C:\Windows\System\WUFKnHZ.exe
  2⤵
  PID:9732
- C:\Windows\System\zRLGPsi.exe
  C:\Windows\System\zRLGPsi.exe
  2⤵
  PID:9768
- C:\Windows\System\BqNdqCi.exe
  C:\Windows\System\BqNdqCi.exe
  2⤵
  PID:9788
- C:\Windows\System\TINPRHt.exe
  C:\Windows\System\TINPRHt.exe
  2⤵
  PID:9804
- C:\Windows\System\TaQkMMU.exe
  C:\Windows\System\TaQkMMU.exe
  2⤵
  PID:9824
- C:\Windows\System\igwBWSW.exe
  C:\Windows\System\igwBWSW.exe
  2⤵
  PID:9840
- C:\Windows\System\PmknJFm.exe
  C:\Windows\System\PmknJFm.exe
  2⤵
  PID:9856
- C:\Windows\System\VqCHkpb.exe
  C:\Windows\System\VqCHkpb.exe
  2⤵
  PID:9876
- C:\Windows\System\xemAnzu.exe
  C:\Windows\System\xemAnzu.exe
  2⤵
  PID:9912
- C:\Windows\System\hVdIsMk.exe
  C:\Windows\System\hVdIsMk.exe
  2⤵
  PID:9932
- C:\Windows\System\rNdFWxD.exe
  C:\Windows\System\rNdFWxD.exe
  2⤵
  PID:9948
- C:\Windows\System\FxikSyb.exe
  C:\Windows\System\FxikSyb.exe
  2⤵
  PID:9964
- C:\Windows\System\MuBuSFG.exe
  C:\Windows\System\MuBuSFG.exe
  2⤵
  PID:9984
- C:\Windows\System\WSEAvii.exe
  C:\Windows\System\WSEAvii.exe
  2⤵
  PID:10000
- C:\Windows\System\RtfEpOx.exe
  C:\Windows\System\RtfEpOx.exe
  2⤵
  PID:10020
- C:\Windows\System\WVqfhoL.exe
  C:\Windows\System\WVqfhoL.exe
  2⤵
  PID:10040
- C:\Windows\System\udmZSGO.exe
  C:\Windows\System\udmZSGO.exe
  2⤵
  PID:10060
- C:\Windows\System\YzcYVZN.exe
  C:\Windows\System\YzcYVZN.exe
  2⤵
  PID:10076
- C:\Windows\System\QZDejKu.exe
  C:\Windows\System\QZDejKu.exe
  2⤵
  PID:10096
- C:\Windows\System\dxhrFNU.exe
  C:\Windows\System\dxhrFNU.exe
  2⤵
  PID:10116
- C:\Windows\System\IixNCdr.exe
  C:\Windows\System\IixNCdr.exe
  2⤵
  PID:10140
- C:\Windows\System\udDdcBQ.exe
  C:\Windows\System\udDdcBQ.exe
  2⤵
  PID:10172
- C:\Windows\System\lhaStXv.exe
  C:\Windows\System\lhaStXv.exe
  2⤵
  PID:10220
- C:\Windows\System\NNzdIGA.exe
  C:\Windows\System\NNzdIGA.exe
  2⤵
  PID:8720
- C:\Windows\System\CjFMbBg.exe
  C:\Windows\System\CjFMbBg.exe
  2⤵
  PID:9244
- C:\Windows\System\cuRTVDu.exe
  C:\Windows\System\cuRTVDu.exe
  2⤵
  PID:9248
- C:\Windows\System\DovpyhF.exe
  C:\Windows\System\DovpyhF.exe
  2⤵
  PID:9272
- C:\Windows\System\ulWgXYb.exe
  C:\Windows\System\ulWgXYb.exe
  2⤵
  PID:9376
- C:\Windows\System\FteANzg.exe
  C:\Windows\System\FteANzg.exe
  2⤵
  PID:9356
- C:\Windows\System\OwqGTzM.exe
  C:\Windows\System\OwqGTzM.exe
  2⤵
  PID:9292
- C:\Windows\System\jDVivGB.exe
  C:\Windows\System\jDVivGB.exe
  2⤵
  PID:9428
- C:\Windows\System\VyWgMfz.exe
  C:\Windows\System\VyWgMfz.exe
  2⤵
  PID:9400
- C:\Windows\System\ilbcecL.exe
  C:\Windows\System\ilbcecL.exe
  2⤵
  PID:9492
- C:\Windows\System\jUdrYQB.exe
  C:\Windows\System\jUdrYQB.exe
  2⤵
  PID:9496
- C:\Windows\System\TvuFwDW.exe
  C:\Windows\System\TvuFwDW.exe
  2⤵
  PID:9556
- C:\Windows\System\cHNaoHX.exe
  C:\Windows\System\cHNaoHX.exe
  2⤵
  PID:9576
- C:\Windows\System\gVuasDM.exe
  C:\Windows\System\gVuasDM.exe
  2⤵
  PID:9668
- C:\Windows\System\UiMdqSn.exe
  C:\Windows\System\UiMdqSn.exe
  2⤵
  PID:9644
- C:\Windows\System\XxOBBlm.exe
  C:\Windows\System\XxOBBlm.exe
  2⤵
  PID:9688
- C:\Windows\System\ChyRXKF.exe
  C:\Windows\System\ChyRXKF.exe
  2⤵
  PID:9744
- C:\Windows\System\gTVzfyT.exe
  C:\Windows\System\gTVzfyT.exe
  2⤵
  PID:9724
- C:\Windows\System\mUNHHmA.exe
  C:\Windows\System\mUNHHmA.exe
  2⤵
  PID:9784
- C:\Windows\System\pqDjmUr.exe
  C:\Windows\System\pqDjmUr.exe
  2⤵
  PID:9812
- C:\Windows\System\nTATfgw.exe
  C:\Windows\System\nTATfgw.exe
  2⤵
  PID:9888
- C:\Windows\System\mLpzoVN.exe
  C:\Windows\System\mLpzoVN.exe
  2⤵
  PID:9900
- C:\Windows\System\wfQaRiT.exe
  C:\Windows\System\wfQaRiT.exe
  2⤵
  PID:9924
- C:\Windows\System\wRzhJRY.exe
  C:\Windows\System\wRzhJRY.exe
  2⤵
  PID:9996
- C:\Windows\System\PazGLkg.exe
  C:\Windows\System\PazGLkg.exe
  2⤵
  PID:10048
- C:\Windows\System\rYWyzVz.exe
  C:\Windows\System\rYWyzVz.exe
  2⤵
  PID:9976
- C:\Windows\System\iKwXFxP.exe
  C:\Windows\System\iKwXFxP.exe
  2⤵
  PID:10068
- C:\Windows\System\wrSwAJE.exe
  C:\Windows\System\wrSwAJE.exe
  2⤵
  PID:10112
- C:\Windows\System\ZeuXAgH.exe
  C:\Windows\System\ZeuXAgH.exe
  2⤵
  PID:10152
- C:\Windows\System\NbvaITn.exe
  C:\Windows\System\NbvaITn.exe
  2⤵
  PID:10088
- C:\Windows\System\MBMDGsF.exe
  C:\Windows\System\MBMDGsF.exe
  2⤵
  PID:10180
- C:\Windows\System\sqFcuNa.exe
  C:\Windows\System\sqFcuNa.exe
  2⤵
  PID:9236
- C:\Windows\System\khawaFM.exe
  C:\Windows\System\khawaFM.exe
  2⤵
  PID:9360
- C:\Windows\System\WAThpUc.exe
  C:\Windows\System\WAThpUc.exe
  2⤵
  PID:9424
- C:\Windows\System\aXAdKTY.exe
  C:\Windows\System\aXAdKTY.exe
  2⤵
  PID:9260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\GSoqBFv.exe

Filesize
6.0MB

MD5
e7b33722a68c5441a9dc7c447d24eee8

SHA1
057935dcb673b3cfd422e4d14231d2acf63e56f2

SHA256
1c8ba0369e702b0663207874204a90b2d86ebe071e799a87e6e7ff076aa914ee

SHA512
a847927ded347acf0c234dca3ea4346e907ade3ea231e5d433073d95b877f749f57a2d6e239df4b8f68ec4db7aed308c900c2199d1ed10356333521465fee5cc

Download Submit
C:\Windows\system\KpplSsP.exe

Filesize
6.0MB

MD5
b7f02920b9cfc0c6eb56803165c60f56

SHA1
8c4d6b67a9386c65c82644bfab8a06e7e3fe27f6

SHA256
6c33cf151d0aabddc00a95d8c4137f1aa751e54ac33574f6d5b7d1a3b5cfaccd

SHA512
09309173c021c9f13c2091476de6741c133ba5108e5c9755364ecf9e7e26f58d33a5d2885fe64b4baf2811ba9a3b375a60e4f139f9c52ac7414c111d2cd8c155

Download Submit
C:\Windows\system\LOfahdS.exe

Filesize
6.0MB

MD5
59772ab11a980f85033796e76d49a5dc

SHA1
1116e951a18db565ae5e07c8cc6a6b276395e0c7

SHA256
4064dd6ff655988f27519a5f8e80e3034d4c4c18368849d8261059e2cea82f85

SHA512
05d182d73940490723e30bf36a2d018a61ce52cc636dc19cd3c50e70426aed6e7ecb67817360cfff155273c7466ab8405106e48fd46e8d31d4f89f0b328764c6

Download Submit
C:\Windows\system\NgtQMiR.exe

Filesize
6.0MB

MD5
fb598d8897ce96117d9a69a1bf5df2fa

SHA1
cfd48c6f2f31b36a682d89a80c57db173a54783a

SHA256
1926844238704dc79541ae89ba7f05964aa26c371258d81245c8681d235e20a7

SHA512
e72be01e4f73f06cff0fb15379464746f60419a41df513b1337e828fe2a52220963435533414fdcc4d1adfc24fef1c16c435d6a3d861574f3242804f8c0fb423

Download Submit
C:\Windows\system\QmIJqVp.exe

Filesize
6.0MB

MD5
70113c87301cd60c8654f162e339db87

SHA1
f340da070f589c96166e17f86c2fd01910870326

SHA256
23536845357c960f04efbfeb2169307aa8f7d12df95eb917078f3f206773fa60

SHA512
36d18ed9866813d5c817388d60dd546889c111d6167d9031627210f4c0e4379e785f0be29ac0d1d373b14645426ff1a55b040a77979efc785d309aa1b7269109

Download Submit
C:\Windows\system\RAiBXFS.exe

Filesize
6.0MB

MD5
b605e229f5f27f839e7a8bff7ade7581

SHA1
21e20a39b48ce97e4a38f47810c17cb9b26b247b

SHA256
61245a10b5c8483454c55c68a0be1e8a944f6443e2438ee5a942ff5a9cb2ad78

SHA512
7dc7d0c44fff8f1692391a1c5202c0da7f43de395d5eb9c846694f5c66247ab9ce7d9d9bb9b35dfa1ee447ba722d1008fc8cd48620d024077a42b49f85af8d28

Download Submit
C:\Windows\system\SSypbuW.exe

Filesize
6.0MB

MD5
f90342c40570d67731489e0a393f498e

SHA1
1d53d5bc0f1e6c16a2ca9f8140be4dd3b7bcc853

SHA256
aebee75749efd5289f43f75f66ab3bc6a80075de22597dcf2835a0fce6a80470

SHA512
b165767b3a7e3ee88cacea4da3f11bff47b35b64d68b6afeefeb55dc07772749b95d63d98fa77cff715ffd40faafeb30fea4afc7f95807947f858c6dc7206550

Download Submit
C:\Windows\system\TelKyiD.exe

Filesize
6.0MB

MD5
0be509c70f7ff219025d56b3ca35fbff

SHA1
357e7497ce8a379c8ea4a57f93f5818b59385de8

SHA256
c216b74d28f54012e95660fb4cc5f763f8114a40f31b57eef29a49367e91f944

SHA512
9e6df845b2c876d6a0f1e3660d71ab79469d7ad5f33c883fdea9970cca7041dadb394b103457406e0124ec1e1383fe77bf6e72465acdcd878839a680403db3b6

Download Submit
C:\Windows\system\WeGOJQl.exe

Filesize
6.0MB

MD5
29e15da93d23597fb3dc77dd986df99e

SHA1
b42967d21ca66698e2c78dc2bad08ef76c424368

SHA256
87a5625902eca1dc82509acc304ea9e13d8d8dd1038e26efc92fb7b6677cee2e

SHA512
7b69ab989a3dca6c7951e58f71645c000129a2bf80bb70a9d968f307385c1cdf6adee4587d853cdb8ecd11486cd662ec10cb0caa0fb3ed6a51a609ef199188ab

Download Submit
C:\Windows\system\aIqJQQu.exe

Filesize
6.0MB

MD5
dcc5bd3a0f6b849d19a23aed57943178

SHA1
cb295df1e92337fc79393be8dab9a186542536c4

SHA256
b04053cddb9f618c855aac738050d6ad5c6feef13b9ca0a7134b5a78e53aeee9

SHA512
29778004f905d53d7ed41f8f79c1ed68d2925b3c0bf213ab6ef47dc3c3819d824ac82b0c976d071df1a55e1f05005c2d83e5d92ac9d74b6144ebd6d5653a8a24

Download Submit
C:\Windows\system\djijzRJ.exe

Filesize
6.0MB

MD5
c43161beec0fbc16462db3cdf8e98826

SHA1
ac5a3e29dd036ce5a6690b830b93be563bb7091d

SHA256
c7fe93430049714a9580809b19458f5f44b6e852ec5d10fdb0b57ee018cae40f

SHA512
ae5b564d4e968c450865d8f32e053126a0f81479288e0ba4fe20bf8cdf5444ebf23eb3de23a57e24844a3d6899c76cbbad8d3295ada14d3511e758462699611b

Download Submit
C:\Windows\system\ePtiFdD.exe

Filesize
6.0MB

MD5
42556e4515192d6738d88da9f5419a96

SHA1
747780097e2074edede161655dcbf77ce2e5a332

SHA256
60f269fd9ffa9c90d0e077cea957994f470b10372cf133039cb3144f7e1d8880

SHA512
b44ea00ed7351315148d6326c55dc16cab7a19390c89878a70c6172fbfa9746c58e8d6af52525625f5acf0be9d7a2f5902df1c1df40df7ea3488cc75ffbfcf64

Download Submit
C:\Windows\system\fiqguqQ.exe

Filesize
6.0MB

MD5
8b6a2b699819ea2b3d0130e2cf699a15

SHA1
84039ae27e08f2514e09db519df65c8512c13737

SHA256
5aa55fb54e59a817226030b518612852dcee3b1cdcc4cd4198054448c4f88f72

SHA512
fb932c3429f8f0674fa23e2aab02882b95e554bd11a91e6e82cda402e7ac121a0e236226104d255c12169dfc5e34687aac86f02b2a49a281ba7950dec73c4ec1

Download Submit
C:\Windows\system\iXMfMuj.exe

Filesize
6.0MB

MD5
f0ff6c600f1f73507bbec89a3446733d

SHA1
c16ca463cb5e07dd6624a736d6f94f5e31efbb3e

SHA256
bb3aee574ca5f3862aad0b6433fc45e3b07a62867d43bf2aeffb8d68b7fe68f5

SHA512
92ed9635354eaeca3a55ba4e75033679db71b99edc50d5295f17ff7ba09fb9303bcb8db9cc42e083c9f2314779cd4b867a672739a3d1f4c7434deb76b3e9dced

Download Submit
C:\Windows\system\nPhouGT.exe

Filesize
6.0MB

MD5
7ab01aeddabb57fc94660008a0189b1f

SHA1
1d97ee10418fd1f6ca1830e7a78cd4fc435434af

SHA256
43b390f5875a86c96ab9949abd932b7f4d5a4368ff96c7e0cab6c79bf0f34a64

SHA512
c93c20e4ec9a104566be225fd45a76004b157536322ddd5f2423dc003b658d96738b17c8f549c3e260204fb6c1175217e87d02c4c356aaa38c29240787a4cbd3

Download Submit
C:\Windows\system\nvAQNCu.exe

Filesize
6.0MB

MD5
ee24d6dea7276722efe3ee744a8810dc

SHA1
8bb7309e5b89c5fe39fd030b8ee95b78b21e7206

SHA256
13248225df73e219bf1bdf7c9a6e984862525ad9b23a7af3d6fc3bb90d148368

SHA512
28f7f5228a2de344ae09f755716b66e7f4e77cdea282eac01a959defcb579e704709f60ecf569b2a0fd71346a8e8cdf1a2ffe2b5217e5bf88a64007bcce3e0e6

Download Submit
C:\Windows\system\oTvUlqF.exe

Filesize
6.0MB

MD5
a67d3203de59590f40737d49f6790e58

SHA1
3fe42e245f1fd9118eda19bf881f1ea50ff0a62e

SHA256
3ed3a7b65511f00fbc7c9d590ba8bbe818d7940970ab3bff711cdee79b2f4280

SHA512
561abbbbb1facc43127a11cc84054ff05951d41aaaf7b4e651d825e7d390c742d973cb22395b44f55d20f446f47a19e101cd4397d60d51cdcbafaabee5b39f00

Download Submit
C:\Windows\system\oeWmDBb.exe

Filesize
6.0MB

MD5
81d34837afd641dd7698e6ae0dab98d5

SHA1
496db146daacac2cf226b77e3c29c59d97fbdc2e

SHA256
868832672b6f2f88fb118c63ca79f8d37de4e9b6a9b01976231d37a45fccbc92

SHA512
1050ca5ac6af9ade0360571b4ade037d0bbe8727aaa7c67a0df991894a3d5642338f4ac6edce5138629e78faefdf7db168c9b42447224065d2233d3fcdf508a4

Download Submit
C:\Windows\system\tAJPkjv.exe

Filesize
6.0MB

MD5
566f2fa531e3fd65e808d513c9b49c69

SHA1
2d7f931af5ac8eb8a5c29d4fb62b21a3b6eacf05

SHA256
15652d768950a48877ef0d0287934ed4713db60b18c9d3808a4193a6172852c4

SHA512
34be404ad585fb07ba0b7cb036ce4e32c1f411a3b97952b4fb706483648f059d52bd76e06e2728be573981030fb4d2de5530670c5aabae87acd9fff188cf226e

Download Submit
C:\Windows\system\ujzkSKa.exe

Filesize
6.0MB

MD5
4c05781d061a0e08c40435703aa111f8

SHA1
e6543735e90f4da2d35a2bdf1edaa57f5cceb472

SHA256
571f3131b4bba003740e68024f680de5419a82073d0f5d37b6fe7bbaf2682087

SHA512
1d9ce5b6e76d0f54aa042b177a3dff34dfd404e81bc6e81e493de5713a5d7642209eb27629d79fff4cadfbe613981d77fc3fa07dfc7b35e1beb6282b4190412a

Download Submit
C:\Windows\system\vBoLLbh.exe

Filesize
6.0MB

MD5
d4d6551cfdf0a098968bc6804d35c627

SHA1
d8daabc32c5d358eb7307378e6265c860d58f660

SHA256
610d4d4d5ba16d4105b6224cbfcaaf8eeead1594bc8a45af292a53b4a7bc0443

SHA512
af7f94a892f1756a763b5eb0346f126fce92cc81439ce11c06eb58acd8efcc1a086daa0b40e6ea97672290b7fe37ca0e503535909c071ba18de321ebf4d9cfc3

Download Submit
C:\Windows\system\wlkDGFh.exe

Filesize
6.0MB

MD5
2eb41e29a415744fc60f2cfda471fe3b

SHA1
160f7c094161a017377bed7726d257e0c8bc80f2

SHA256
31d570d2b2c6f8c205756a80765652716765f4dc006936ed590cd31492e8c340

SHA512
d6fb6e754e9463d7bbef515a997c5be9febd7920256772ff2c32bd96e534a06d4a87f6d57dbdf2348e0a8c34a7969038ef6974bca4547b05d050ba80c2ba4975

Download Submit
C:\Windows\system\xrTIgmd.exe

Filesize
6.0MB

MD5
de579c9acccbb497a65473c6e897e20d

SHA1
00946bef0d838e62018dba08684433ce268e1019

SHA256
86fd8b25a5afbcf8cab13047b95d30ec76237d9745539c310eef3727d71e417b

SHA512
61397b2470bd23c7d9fc2e54f203d5abbae76c8cae62899440e71468f3f7fac8c8642b76155bcf926c005c55af39209eb9a178d7471b42522160f546978169b8

Download Submit
C:\Windows\system\zgyaqJj.exe

Filesize
6.0MB

MD5
fc2e53de9b785d99377bdb1a2aa0267b

SHA1
fa63803d336b879162a80e3125042e8a8b523b79

SHA256
f7c6a9984b7139de927003acd31c43b2bf9dc8e3822780dafe7ce82face7b489

SHA512
6098ebeb5aee905defb19fdbfc7aece57a59de47c7bca759a383d71c1205dfbe1a12fa04574cafb9d7b5cee7ae1e889e41cc0340848b93abfb8c0d84d444ae28

Download Submit
\Windows\system\AhBeiov.exe

Filesize
6.0MB

MD5
440f100655071836d70980fa1cdbee08

SHA1
7a1a1db2ceb78f82657c279d87e37ebe581d933a

SHA256
57779894bcee7b155e0703374b047ad23a01c8516b6788dd492c3ee82f35eabe

SHA512
7491032e9fa0969e9ae4f401cbff47d1856997ee1b0dfaee2514766c329e67f1bca047cfb7357989ac3a4cac6b44706d187f2218ebbee42d9f8a94ac7c469f15

Download Submit
\Windows\system\DhMcAKo.exe

Filesize
6.0MB

MD5
590641149d33c80fb44c50fad9b8542e

SHA1
7e0116aa4f37ddfbc6b658555a88330695de9b98

SHA256
b9044aac1420cb9b906def3e8d5e0d5bcd6bea6c1b94176d542eaaa796ab31bc

SHA512
84360df007961a981a6f9392c5827cab3accb3ed21a7260f0945516eb66897cbdfe79f67f87b940b06d7c9d2ed50ca4c1c2f97e9127ca19aca4ed8c840a02842

Download Submit
\Windows\system\GcnwDuW.exe

Filesize
6.0MB

MD5
a368e0942f58c1fcf8c21ea93c474cb5

SHA1
a06b12d299ddb2b6f9a348c8c492ac8e011c2135

SHA256
3423100a6deb59c4a17fa6bfdfa88bd079ecdd2c977613951f108f95904fbbe1

SHA512
d3f94dc94baa6b31b27af619681673eede012f057c97a6b62700d6a89260711923689b125051873acc808836162390a41057131e5bde4b1130c8deabf5d5f533

Download Submit
\Windows\system\LotiqIQ.exe

Filesize
6.0MB

MD5
ad38a34cdad2991f531df8c7244ad5fc

SHA1
c31213e5ce0c129128f9989689769751692036d3

SHA256
41a9301018fd77027525cafe62d13712e09c1d8cccb9f7e1b45d2eed140c4351

SHA512
6527e386b1992e19ff487552c76c903e3ed490d13909d41860bdbf9c54859f4a2b0b46cdba084668f6b8676fd5ff04c93d0f690f623fea3a124ac0a538d2fc4e

Download Submit
\Windows\system\RBxerOM.exe

Filesize
6.0MB

MD5
e727aeecb3c33be61afbc9ff2971b85c

SHA1
f5a20e7d0353d8286d687136a9587bf118b3674c

SHA256
7218210c09084144e06d59d2179cd964663004cbf78f1b82619d60dc64b5b343

SHA512
bc9d7571855d302967058bc917eda7a3f20e40bc2e4db0dfe0d29b5647392ae276edab515cec2eca145a8a6e3d4408a49122adf1da61b9887240aadabd8dec09

Download Submit
\Windows\system\RynEyiG.exe

Filesize
6.0MB

MD5
c9a1145bf1bd34c0d93f175f5f1ebe62

SHA1
0bba4a0ae401f12413ceb75a81ed5e14f618c294

SHA256
ee6d4c0749c8811d285aa3304b0f8a2f8aa3379d587bd4e06bffb1fb577ef1b2

SHA512
4a3d65fe6a5c7bcbf2ff072bb0d70c4d12d6c429393f230db117a07db489549c5bfa7bbacc79e92c71dbb21fb8173912f99e52585e7c7d42f094c33dc1886425

Download Submit
\Windows\system\dYEWmAl.exe

Filesize
6.0MB

MD5
c80fa335a8eecf681ac601f851a632f7

SHA1
7940d4b69eefbf0ed24786b4bf92e8d09475199e

SHA256
4ce4c40c8028cf9e98c4a00e299a83e85e15018a0c2c33e0e519fd903626c619

SHA512
b90da669fa1f2c671eccd3a7914a53bbf2a1172b745b6dd9305c0c46dec9607baf54949e66c0dbaabb82f8157ee451d56cd9d66dfa5aa3764150de9d4d3cca32

Download Submit
\Windows\system\jHqBHgz.exe

Filesize
6.0MB

MD5
7161db07a87caaf8a784ba5c6dc5f4cd

SHA1
1f3ed978de4d017eb33c1a4aa6a9dd3d1f1baf46

SHA256
7a1ab8e19e983a25984bad4033f151236a7cbec94971a72fb3edbf77653e76f5

SHA512
4a5d7111b484a1ba48cf8c7261f0e4cad3c4084ecaf004424635a0c464faf1f09b71ccd607384c0faee7510eef12dd24e8bd63392969bd732c5b3c642d233b54

Download Submit
memory/1464-258-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/1464-28-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/1464-3965-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2208-15-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-3947-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-1008-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2228-43-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2228-76-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2228-794-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2228-0-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2228-613-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2228-82-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2228-25-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2228-102-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2228-113-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2228-90-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2228-53-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2228-91-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2228-107-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-33-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2228-40-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2228-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2228-8-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2236-3944-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-14-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-4006-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-21-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-98-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-4032-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-4030-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2288-95-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2572-4028-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2572-111-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2600-112-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2600-4038-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2616-660-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2616-81-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2616-4062-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2688-92-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2688-4031-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2700-3992-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-48-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-565-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3996-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2784-38-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2796-42-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3977-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2796-545-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3980-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-55-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-659-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download