cobaltstrike | 5a576de4eee2f7124602968a7b051bb75eba545da342bfa11505f65fb1cacddc

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/11/2024, 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

4d7683ea61cbdad8ace5862b64a8007e
SHA1

900eb625941a8f2f0bb0dfadd3bfeb6771f8ed19
SHA256

5a576de4eee2f7124602968a7b051bb75eba545da342bfa11505f65fb1cacddc
SHA512

c271da62a11ec279e3c2b0aa96e954b40ec32f065bfd7d5c0a50a03c09bfd72241d366cfe6c446c0ffd291dad27d90889a5f4917051efb0a50d5bad8562cc296
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUR:T+q56utgpPF8u/7R

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012033-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014714-9.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000146e1-11.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001471c-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014864-31.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014a05-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014ac1-47.dat	cobalt_reflective_dll
behavioral1/files/0x0036000000014504-51.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014c00-70.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014b38-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d02-98.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d1f-112.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d30-122.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016da6-142.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173ee-181.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f6-188.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001746c-191.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173b2-178.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017390-168.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016e73-158.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739b-172.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f97-161.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dc1-152.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016daf-147.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d54-137.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d40-132.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d38-127.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d27-117.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d15-107.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d0c-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ccb-91.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cf6-85.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1716-0-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x000a000000012033-10.dat	xmrig
behavioral1/memory/1344-15-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x0008000000014714-9.dat	xmrig
behavioral1/memory/2640-14-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/files/0x00080000000146e1-11.dat	xmrig
behavioral1/memory/2816-21-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/1716-19-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/files/0x000800000001471c-22.dat	xmrig
behavioral1/memory/2824-35-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2632-34-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/files/0x0007000000014864-31.dat	xmrig
behavioral1/files/0x0007000000014a05-39.dat	xmrig
behavioral1/memory/2688-43-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/1716-49-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x0007000000014ac1-47.dat	xmrig
behavioral1/files/0x0036000000014504-51.dat	xmrig
behavioral1/memory/2612-54-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/1716-50-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/1716-65-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x0008000000014c00-70.dat	xmrig
behavioral1/memory/592-72-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/1716-69-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2512-64-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2620-62-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x0008000000014b38-60.dat	xmrig
behavioral1/memory/944-103-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2844-102-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/1716-101-0x0000000002460000-0x00000000027B4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d02-98.dat	xmrig
behavioral1/memory/1168-96-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d1f-112.dat	xmrig
behavioral1/files/0x0006000000016d30-122.dat	xmrig
behavioral1/files/0x0006000000016da6-142.dat	xmrig
behavioral1/files/0x00060000000173ee-181.dat	xmrig
behavioral1/memory/1716-587-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/592-741-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x00060000000173f6-188.dat	xmrig
behavioral1/files/0x000600000001746c-191.dat	xmrig
behavioral1/files/0x00060000000173b2-178.dat	xmrig
behavioral1/files/0x0006000000017390-168.dat	xmrig
behavioral1/files/0x0006000000016e73-158.dat	xmrig
behavioral1/files/0x000600000001739b-172.dat	xmrig
behavioral1/files/0x0006000000016f97-161.dat	xmrig
behavioral1/files/0x0006000000016dc1-152.dat	xmrig
behavioral1/files/0x0006000000016daf-147.dat	xmrig
behavioral1/files/0x0006000000016d54-137.dat	xmrig
behavioral1/files/0x0006000000016d40-132.dat	xmrig
behavioral1/files/0x0006000000016d38-127.dat	xmrig
behavioral1/files/0x0006000000016d27-117.dat	xmrig
behavioral1/files/0x0006000000016d15-107.dat	xmrig
behavioral1/files/0x0006000000016d0c-95.dat	xmrig
behavioral1/memory/1480-92-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x0006000000016ccb-91.dat	xmrig
behavioral1/files/0x0006000000016cf6-85.dat	xmrig
behavioral1/memory/2816-77-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2816-4022-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2632-4023-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2824-4024-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2688-4025-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2612-4026-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2512-4027-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2620-4028-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/592-4029-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1344	mEHthec.exe
2640	UQyfTda.exe
2816	pUnJdlB.exe
2632	qSGZwot.exe
2824	uAUOrEI.exe
2688	TXwapvD.exe
2612	FPfycrV.exe
2512	SWbkClM.exe
2620	duVPDzw.exe
592	OMzvHBz.exe
1480	FeNeUpx.exe
1168	owMMBHs.exe
2844	DdfMkhl.exe
944	ZcYRXCP.exe
3024	HvnvSeS.exe
2560	joHxgRU.exe
2084	BxlRMsd.exe
2340	YOyfKlh.exe
1132	QGeIjkJ.exe
1756	EVQYPuj.exe
1720	rUTlxrq.exe
2588	xNpTqHu.exe
2264	vBvZCMc.exe
1996	XKhpVqg.exe
1984	eUJWQvW.exe
2152	sUAStGp.exe
2336	NIWnLEl.exe
2068	MIoKRNm.exe
2696	vechcMR.exe
2172	TkQKneY.exe
2944	JNpbUQO.exe
468	hddRQcu.exe
640	HzmMbkT.exe
288	cXTBSLp.exe
2192	iisHoeJ.exe
2168	dUApmOR.exe
1652	bhTjhnS.exe
1368	tNjzSFQ.exe
792	RbBQdxy.exe
1780	jhEUIOx.exe
1328	ppoMAqq.exe
1528	VoHzpJc.exe
2004	JSxxIZl.exe
1820	xPXgyUQ.exe
620	qYOOyEq.exe
1052	aufGcLr.exe
2396	AUbuTLU.exe
856	xYVUsQw.exe
1768	nksEOnI.exe
1928	kqoxYOh.exe
2960	ZTIqgAz.exe
2968	OoooybI.exe
1952	lCEpiIG.exe
2904	EvkgmCv.exe
2324	PqAlIQX.exe
1616	LiHwFhR.exe
1604	ENYtJOp.exe
2656	TUGwifu.exe
2072	eWbuVfk.exe
2528	OiuDgwC.exe
2636	zTupBsx.exe
2576	mlScVyF.exe
2988	DiIiwuM.exe
2604	oygfzZY.exe

Loads dropped DLL 64 IoCs

pid	Process
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1716-0-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x000a000000012033-10.dat	upx
behavioral1/memory/1344-15-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x0008000000014714-9.dat	upx
behavioral1/memory/2640-14-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/files/0x00080000000146e1-11.dat	upx
behavioral1/memory/2816-21-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/files/0x000800000001471c-22.dat	upx
behavioral1/memory/2824-35-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2632-34-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x0007000000014864-31.dat	upx
behavioral1/files/0x0007000000014a05-39.dat	upx
behavioral1/memory/2688-43-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/1716-49-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x0007000000014ac1-47.dat	upx
behavioral1/files/0x0036000000014504-51.dat	upx
behavioral1/memory/2612-54-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x0008000000014c00-70.dat	upx
behavioral1/memory/592-72-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2512-64-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2620-62-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x0008000000014b38-60.dat	upx
behavioral1/memory/944-103-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2844-102-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x0006000000016d02-98.dat	upx
behavioral1/memory/1168-96-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x0006000000016d1f-112.dat	upx
behavioral1/files/0x0006000000016d30-122.dat	upx
behavioral1/files/0x0006000000016da6-142.dat	upx
behavioral1/files/0x00060000000173ee-181.dat	upx
behavioral1/memory/592-741-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x00060000000173f6-188.dat	upx
behavioral1/files/0x000600000001746c-191.dat	upx
behavioral1/files/0x00060000000173b2-178.dat	upx
behavioral1/files/0x0006000000017390-168.dat	upx
behavioral1/files/0x0006000000016e73-158.dat	upx
behavioral1/files/0x000600000001739b-172.dat	upx
behavioral1/files/0x0006000000016f97-161.dat	upx
behavioral1/files/0x0006000000016dc1-152.dat	upx
behavioral1/files/0x0006000000016daf-147.dat	upx
behavioral1/files/0x0006000000016d54-137.dat	upx
behavioral1/files/0x0006000000016d40-132.dat	upx
behavioral1/files/0x0006000000016d38-127.dat	upx
behavioral1/files/0x0006000000016d27-117.dat	upx
behavioral1/files/0x0006000000016d15-107.dat	upx
behavioral1/files/0x0006000000016d0c-95.dat	upx
behavioral1/memory/1480-92-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x0006000000016ccb-91.dat	upx
behavioral1/files/0x0006000000016cf6-85.dat	upx
behavioral1/memory/2816-77-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2816-4022-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2632-4023-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2824-4024-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2688-4025-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2612-4026-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2512-4027-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2620-4028-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/592-4029-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/1480-4030-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/1168-4031-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2844-4032-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/944-4033-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FPfycrV.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VrucXkr.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sZzhJFL.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PoyNRSC.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ROXoZpo.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRNnZjC.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MOZKJpW.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FuZNKqY.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CWjXIio.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nWTpDek.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pZsdQCx.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ivAbfxy.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KjiKZER.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKKiomM.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VcwxwBf.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nSviZqr.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gzDjgIq.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XKhpVqg.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ulodkqX.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xwaiOWu.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DlHnNOl.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TIyhGMj.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CePXZbV.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NvtXLuT.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IMPoCnx.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YsUBkCn.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QqGxkJZ.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CppORND.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESEoYeP.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OLGBkCs.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dvvXvdJ.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RbkqAiw.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ySvhxrI.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zeSPSOh.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNFDPGP.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LqKOEXR.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\glgqdiu.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qJQtKvK.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PfvxQmv.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XfqdkBh.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWPZULw.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWvsbaW.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQmeGEZ.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYijzYj.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kOWByMR.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sAwMObe.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMRizlj.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZgomXOK.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\txEnHFs.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gEbSgJa.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFgsIPb.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xnWWoUy.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zyKQygQ.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eciRGKO.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvnvSeS.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztnMhDi.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztBZySD.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FeNeUpx.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYRZNxV.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BycQCgO.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sQHBLfV.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jXKaOUu.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYgVlVX.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vQUqJwK.exe	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 1344	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1716 wrote to memory of 1344	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1716 wrote to memory of 1344	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1716 wrote to memory of 2640	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1716 wrote to memory of 2640	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1716 wrote to memory of 2640	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1716 wrote to memory of 2816	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1716 wrote to memory of 2816	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1716 wrote to memory of 2816	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1716 wrote to memory of 2632	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1716 wrote to memory of 2632	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1716 wrote to memory of 2632	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1716 wrote to memory of 2824	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1716 wrote to memory of 2824	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1716 wrote to memory of 2824	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1716 wrote to memory of 2688	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1716 wrote to memory of 2688	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1716 wrote to memory of 2688	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1716 wrote to memory of 2612	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1716 wrote to memory of 2612	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1716 wrote to memory of 2612	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1716 wrote to memory of 2512	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1716 wrote to memory of 2512	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1716 wrote to memory of 2512	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1716 wrote to memory of 2620	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1716 wrote to memory of 2620	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1716 wrote to memory of 2620	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1716 wrote to memory of 592	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1716 wrote to memory of 592	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1716 wrote to memory of 592	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1716 wrote to memory of 1168	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1716 wrote to memory of 1168	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1716 wrote to memory of 1168	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1716 wrote to memory of 1480	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1716 wrote to memory of 1480	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1716 wrote to memory of 1480	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1716 wrote to memory of 944	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1716 wrote to memory of 944	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1716 wrote to memory of 944	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1716 wrote to memory of 2844	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1716 wrote to memory of 2844	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1716 wrote to memory of 2844	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1716 wrote to memory of 3024	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1716 wrote to memory of 3024	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1716 wrote to memory of 3024	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1716 wrote to memory of 2560	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1716 wrote to memory of 2560	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1716 wrote to memory of 2560	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1716 wrote to memory of 2084	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1716 wrote to memory of 2084	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1716 wrote to memory of 2084	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1716 wrote to memory of 2340	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1716 wrote to memory of 2340	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1716 wrote to memory of 2340	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1716 wrote to memory of 1132	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1716 wrote to memory of 1132	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1716 wrote to memory of 1132	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1716 wrote to memory of 1756	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1716 wrote to memory of 1756	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1716 wrote to memory of 1756	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1716 wrote to memory of 1720	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1716 wrote to memory of 1720	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1716 wrote to memory of 1720	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1716 wrote to memory of 2588	1716	2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-27_4d7683ea61cbdad8ace5862b64a8007e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Windows\System\mEHthec.exe
  C:\Windows\System\mEHthec.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\UQyfTda.exe
  C:\Windows\System\UQyfTda.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\pUnJdlB.exe
  C:\Windows\System\pUnJdlB.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\qSGZwot.exe
  C:\Windows\System\qSGZwot.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\uAUOrEI.exe
  C:\Windows\System\uAUOrEI.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\TXwapvD.exe
  C:\Windows\System\TXwapvD.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\FPfycrV.exe
  C:\Windows\System\FPfycrV.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\SWbkClM.exe
  C:\Windows\System\SWbkClM.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\duVPDzw.exe
  C:\Windows\System\duVPDzw.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\OMzvHBz.exe
  C:\Windows\System\OMzvHBz.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\owMMBHs.exe
  C:\Windows\System\owMMBHs.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\FeNeUpx.exe
  C:\Windows\System\FeNeUpx.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\ZcYRXCP.exe
  C:\Windows\System\ZcYRXCP.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\DdfMkhl.exe
  C:\Windows\System\DdfMkhl.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\HvnvSeS.exe
  C:\Windows\System\HvnvSeS.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\joHxgRU.exe
  C:\Windows\System\joHxgRU.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\BxlRMsd.exe
  C:\Windows\System\BxlRMsd.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\YOyfKlh.exe
  C:\Windows\System\YOyfKlh.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\QGeIjkJ.exe
  C:\Windows\System\QGeIjkJ.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\EVQYPuj.exe
  C:\Windows\System\EVQYPuj.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\rUTlxrq.exe
  C:\Windows\System\rUTlxrq.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\xNpTqHu.exe
  C:\Windows\System\xNpTqHu.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\vBvZCMc.exe
  C:\Windows\System\vBvZCMc.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\XKhpVqg.exe
  C:\Windows\System\XKhpVqg.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\eUJWQvW.exe
  C:\Windows\System\eUJWQvW.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\sUAStGp.exe
  C:\Windows\System\sUAStGp.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\NIWnLEl.exe
  C:\Windows\System\NIWnLEl.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\MIoKRNm.exe
  C:\Windows\System\MIoKRNm.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\vechcMR.exe
  C:\Windows\System\vechcMR.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\TkQKneY.exe
  C:\Windows\System\TkQKneY.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\JNpbUQO.exe
  C:\Windows\System\JNpbUQO.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\hddRQcu.exe
  C:\Windows\System\hddRQcu.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\HzmMbkT.exe
  C:\Windows\System\HzmMbkT.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\cXTBSLp.exe
  C:\Windows\System\cXTBSLp.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\iisHoeJ.exe
  C:\Windows\System\iisHoeJ.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\dUApmOR.exe
  C:\Windows\System\dUApmOR.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\bhTjhnS.exe
  C:\Windows\System\bhTjhnS.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\tNjzSFQ.exe
  C:\Windows\System\tNjzSFQ.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\RbBQdxy.exe
  C:\Windows\System\RbBQdxy.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\jhEUIOx.exe
  C:\Windows\System\jhEUIOx.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\ppoMAqq.exe
  C:\Windows\System\ppoMAqq.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\VoHzpJc.exe
  C:\Windows\System\VoHzpJc.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\JSxxIZl.exe
  C:\Windows\System\JSxxIZl.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\xPXgyUQ.exe
  C:\Windows\System\xPXgyUQ.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\qYOOyEq.exe
  C:\Windows\System\qYOOyEq.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\aufGcLr.exe
  C:\Windows\System\aufGcLr.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\AUbuTLU.exe
  C:\Windows\System\AUbuTLU.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\xYVUsQw.exe
  C:\Windows\System\xYVUsQw.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\nksEOnI.exe
  C:\Windows\System\nksEOnI.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\kqoxYOh.exe
  C:\Windows\System\kqoxYOh.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\ZTIqgAz.exe
  C:\Windows\System\ZTIqgAz.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\OoooybI.exe
  C:\Windows\System\OoooybI.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\lCEpiIG.exe
  C:\Windows\System\lCEpiIG.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\EvkgmCv.exe
  C:\Windows\System\EvkgmCv.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\PqAlIQX.exe
  C:\Windows\System\PqAlIQX.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\LiHwFhR.exe
  C:\Windows\System\LiHwFhR.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\ENYtJOp.exe
  C:\Windows\System\ENYtJOp.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\TUGwifu.exe
  C:\Windows\System\TUGwifu.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\eWbuVfk.exe
  C:\Windows\System\eWbuVfk.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\OiuDgwC.exe
  C:\Windows\System\OiuDgwC.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\zTupBsx.exe
  C:\Windows\System\zTupBsx.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\mlScVyF.exe
  C:\Windows\System\mlScVyF.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\DiIiwuM.exe
  C:\Windows\System\DiIiwuM.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\oygfzZY.exe
  C:\Windows\System\oygfzZY.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\YgygiCH.exe
  C:\Windows\System\YgygiCH.exe
  2⤵
  PID:844
- C:\Windows\System\hJCYGXG.exe
  C:\Windows\System\hJCYGXG.exe
  2⤵
  PID:2972
- C:\Windows\System\DQbxThL.exe
  C:\Windows\System\DQbxThL.exe
  2⤵
  PID:2752
- C:\Windows\System\lEoSBMK.exe
  C:\Windows\System\lEoSBMK.exe
  2⤵
  PID:2352
- C:\Windows\System\ylWCSiA.exe
  C:\Windows\System\ylWCSiA.exe
  2⤵
  PID:1248
- C:\Windows\System\vTPxTRP.exe
  C:\Windows\System\vTPxTRP.exe
  2⤵
  PID:2568
- C:\Windows\System\YnYscNb.exe
  C:\Windows\System\YnYscNb.exe
  2⤵
  PID:1828
- C:\Windows\System\iilNEyh.exe
  C:\Windows\System\iilNEyh.exe
  2⤵
  PID:2016
- C:\Windows\System\yhgfCqH.exe
  C:\Windows\System\yhgfCqH.exe
  2⤵
  PID:2596
- C:\Windows\System\EYWYOMb.exe
  C:\Windows\System\EYWYOMb.exe
  2⤵
  PID:2484
- C:\Windows\System\VrucXkr.exe
  C:\Windows\System\VrucXkr.exe
  2⤵
  PID:1396
- C:\Windows\System\ZvgvkxA.exe
  C:\Windows\System\ZvgvkxA.exe
  2⤵
  PID:2104
- C:\Windows\System\LzyEWXo.exe
  C:\Windows\System\LzyEWXo.exe
  2⤵
  PID:1876
- C:\Windows\System\lctOmiI.exe
  C:\Windows\System\lctOmiI.exe
  2⤵
  PID:2284
- C:\Windows\System\bwZACXi.exe
  C:\Windows\System\bwZACXi.exe
  2⤵
  PID:2356
- C:\Windows\System\QBFfZpe.exe
  C:\Windows\System\QBFfZpe.exe
  2⤵
  PID:2108
- C:\Windows\System\jXKaOUu.exe
  C:\Windows\System\jXKaOUu.exe
  2⤵
  PID:1040
- C:\Windows\System\icIFDik.exe
  C:\Windows\System\icIFDik.exe
  2⤵
  PID:1000
- C:\Windows\System\ZoyXcpU.exe
  C:\Windows\System\ZoyXcpU.exe
  2⤵
  PID:1568
- C:\Windows\System\erjwzxk.exe
  C:\Windows\System\erjwzxk.exe
  2⤵
  PID:2924
- C:\Windows\System\YMuZEoB.exe
  C:\Windows\System\YMuZEoB.exe
  2⤵
  PID:924
- C:\Windows\System\tIeYtKQ.exe
  C:\Windows\System\tIeYtKQ.exe
  2⤵
  PID:2736
- C:\Windows\System\oxHeokF.exe
  C:\Windows\System\oxHeokF.exe
  2⤵
  PID:2200
- C:\Windows\System\oyGfBeU.exe
  C:\Windows\System\oyGfBeU.exe
  2⤵
  PID:2444
- C:\Windows\System\dCLdBop.exe
  C:\Windows\System\dCLdBop.exe
  2⤵
  PID:2976
- C:\Windows\System\MSzFPpB.exe
  C:\Windows\System\MSzFPpB.exe
  2⤵
  PID:2320
- C:\Windows\System\gorFtNJ.exe
  C:\Windows\System\gorFtNJ.exe
  2⤵
  PID:1032
- C:\Windows\System\ZbbyTXM.exe
  C:\Windows\System\ZbbyTXM.exe
  2⤵
  PID:1508
- C:\Windows\System\yGEQkQx.exe
  C:\Windows\System\yGEQkQx.exe
  2⤵
  PID:1272
- C:\Windows\System\bGgzHwy.exe
  C:\Windows\System\bGgzHwy.exe
  2⤵
  PID:2652
- C:\Windows\System\JcxSxFo.exe
  C:\Windows\System\JcxSxFo.exe
  2⤵
  PID:2124
- C:\Windows\System\CGszOSi.exe
  C:\Windows\System\CGszOSi.exe
  2⤵
  PID:2916
- C:\Windows\System\glraVbx.exe
  C:\Windows\System\glraVbx.exe
  2⤵
  PID:2532
- C:\Windows\System\GHWiONt.exe
  C:\Windows\System\GHWiONt.exe
  2⤵
  PID:1440
- C:\Windows\System\YFDXyyX.exe
  C:\Windows\System\YFDXyyX.exe
  2⤵
  PID:824
- C:\Windows\System\cxRUkiF.exe
  C:\Windows\System\cxRUkiF.exe
  2⤵
  PID:2760
- C:\Windows\System\tHZoKPA.exe
  C:\Windows\System\tHZoKPA.exe
  2⤵
  PID:2628
- C:\Windows\System\AfoAYFz.exe
  C:\Windows\System\AfoAYFz.exe
  2⤵
  PID:1028
- C:\Windows\System\JkSzfdV.exe
  C:\Windows\System\JkSzfdV.exe
  2⤵
  PID:2032
- C:\Windows\System\DsZRfDK.exe
  C:\Windows\System\DsZRfDK.exe
  2⤵
  PID:1980
- C:\Windows\System\bLuglXC.exe
  C:\Windows\System\bLuglXC.exe
  2⤵
  PID:2896
- C:\Windows\System\pZsdQCx.exe
  C:\Windows\System\pZsdQCx.exe
  2⤵
  PID:1696
- C:\Windows\System\gurWecr.exe
  C:\Windows\System\gurWecr.exe
  2⤵
  PID:344
- C:\Windows\System\uXCZEBb.exe
  C:\Windows\System\uXCZEBb.exe
  2⤵
  PID:2380
- C:\Windows\System\EKDNGhH.exe
  C:\Windows\System\EKDNGhH.exe
  2⤵
  PID:1872
- C:\Windows\System\UYgVlVX.exe
  C:\Windows\System\UYgVlVX.exe
  2⤵
  PID:2100
- C:\Windows\System\nfvFHPz.exe
  C:\Windows\System\nfvFHPz.exe
  2⤵
  PID:2952
- C:\Windows\System\gzXIkmL.exe
  C:\Windows\System\gzXIkmL.exe
  2⤵
  PID:2956
- C:\Windows\System\lYDnNOo.exe
  C:\Windows\System\lYDnNOo.exe
  2⤵
  PID:2296
- C:\Windows\System\KnEmqDH.exe
  C:\Windows\System\KnEmqDH.exe
  2⤵
  PID:772
- C:\Windows\System\CwDZXVG.exe
  C:\Windows\System\CwDZXVG.exe
  2⤵
  PID:1724
- C:\Windows\System\TJwTvxw.exe
  C:\Windows\System\TJwTvxw.exe
  2⤵
  PID:1660
- C:\Windows\System\TPvqgeq.exe
  C:\Windows\System\TPvqgeq.exe
  2⤵
  PID:648
- C:\Windows\System\sIrDlvE.exe
  C:\Windows\System\sIrDlvE.exe
  2⤵
  PID:2800
- C:\Windows\System\FxsqNNW.exe
  C:\Windows\System\FxsqNNW.exe
  2⤵
  PID:2780
- C:\Windows\System\ACGVaWB.exe
  C:\Windows\System\ACGVaWB.exe
  2⤵
  PID:852
- C:\Windows\System\YKFlMBs.exe
  C:\Windows\System\YKFlMBs.exe
  2⤵
  PID:2868
- C:\Windows\System\VLNljgs.exe
  C:\Windows\System\VLNljgs.exe
  2⤵
  PID:1264
- C:\Windows\System\vPBJiGV.exe
  C:\Windows\System\vPBJiGV.exe
  2⤵
  PID:2364
- C:\Windows\System\JiNMcGo.exe
  C:\Windows\System\JiNMcGo.exe
  2⤵
  PID:1360
- C:\Windows\System\vFSxKBp.exe
  C:\Windows\System\vFSxKBp.exe
  2⤵
  PID:1292
- C:\Windows\System\WPCDEhk.exe
  C:\Windows\System\WPCDEhk.exe
  2⤵
  PID:1564
- C:\Windows\System\jrrwJrO.exe
  C:\Windows\System\jrrwJrO.exe
  2⤵
  PID:2228
- C:\Windows\System\LAIfsds.exe
  C:\Windows\System\LAIfsds.exe
  2⤵
  PID:1684
- C:\Windows\System\swFIYcc.exe
  C:\Windows\System\swFIYcc.exe
  2⤵
  PID:896
- C:\Windows\System\SQnYoRN.exe
  C:\Windows\System\SQnYoRN.exe
  2⤵
  PID:1224
- C:\Windows\System\VZVNTWN.exe
  C:\Windows\System\VZVNTWN.exe
  2⤵
  PID:1072
- C:\Windows\System\ivyPXzY.exe
  C:\Windows\System\ivyPXzY.exe
  2⤵
  PID:1576
- C:\Windows\System\zLdxaoE.exe
  C:\Windows\System\zLdxaoE.exe
  2⤵
  PID:2564
- C:\Windows\System\tkOQVZp.exe
  C:\Windows\System\tkOQVZp.exe
  2⤵
  PID:1916
- C:\Windows\System\lYofSun.exe
  C:\Windows\System\lYofSun.exe
  2⤵
  PID:2680
- C:\Windows\System\vQUqJwK.exe
  C:\Windows\System\vQUqJwK.exe
  2⤵
  PID:1560
- C:\Windows\System\dEfUZAf.exe
  C:\Windows\System\dEfUZAf.exe
  2⤵
  PID:1860
- C:\Windows\System\TnrczYe.exe
  C:\Windows\System\TnrczYe.exe
  2⤵
  PID:2132
- C:\Windows\System\ugpzdRP.exe
  C:\Windows\System\ugpzdRP.exe
  2⤵
  PID:2856
- C:\Windows\System\jMIIMHX.exe
  C:\Windows\System\jMIIMHX.exe
  2⤵
  PID:3084
- C:\Windows\System\SkRCfBE.exe
  C:\Windows\System\SkRCfBE.exe
  2⤵
  PID:3104
- C:\Windows\System\VTmyRZx.exe
  C:\Windows\System\VTmyRZx.exe
  2⤵
  PID:3128
- C:\Windows\System\ZisaHJo.exe
  C:\Windows\System\ZisaHJo.exe
  2⤵
  PID:3148
- C:\Windows\System\BwoRtBK.exe
  C:\Windows\System\BwoRtBK.exe
  2⤵
  PID:3168
- C:\Windows\System\IMPoCnx.exe
  C:\Windows\System\IMPoCnx.exe
  2⤵
  PID:3188
- C:\Windows\System\VDAqfYW.exe
  C:\Windows\System\VDAqfYW.exe
  2⤵
  PID:3204
- C:\Windows\System\ulodkqX.exe
  C:\Windows\System\ulodkqX.exe
  2⤵
  PID:3228
- C:\Windows\System\Gilysin.exe
  C:\Windows\System\Gilysin.exe
  2⤵
  PID:3248
- C:\Windows\System\YafMmoz.exe
  C:\Windows\System\YafMmoz.exe
  2⤵
  PID:3268
- C:\Windows\System\cjOiAGw.exe
  C:\Windows\System\cjOiAGw.exe
  2⤵
  PID:3288
- C:\Windows\System\zAjxQCI.exe
  C:\Windows\System\zAjxQCI.exe
  2⤵
  PID:3308
- C:\Windows\System\VRoozXM.exe
  C:\Windows\System\VRoozXM.exe
  2⤵
  PID:3328
- C:\Windows\System\ufgJfwZ.exe
  C:\Windows\System\ufgJfwZ.exe
  2⤵
  PID:3348
- C:\Windows\System\JOcjjtA.exe
  C:\Windows\System\JOcjjtA.exe
  2⤵
  PID:3368
- C:\Windows\System\nTZGAeh.exe
  C:\Windows\System\nTZGAeh.exe
  2⤵
  PID:3388
- C:\Windows\System\RDVDGif.exe
  C:\Windows\System\RDVDGif.exe
  2⤵
  PID:3404
- C:\Windows\System\KbKzjNh.exe
  C:\Windows\System\KbKzjNh.exe
  2⤵
  PID:3424
- C:\Windows\System\JLEmcxS.exe
  C:\Windows\System\JLEmcxS.exe
  2⤵
  PID:3448
- C:\Windows\System\gEliyAs.exe
  C:\Windows\System\gEliyAs.exe
  2⤵
  PID:3468
- C:\Windows\System\EpMZCZs.exe
  C:\Windows\System\EpMZCZs.exe
  2⤵
  PID:3484
- C:\Windows\System\wnEookI.exe
  C:\Windows\System\wnEookI.exe
  2⤵
  PID:3504
- C:\Windows\System\zFitFHf.exe
  C:\Windows\System\zFitFHf.exe
  2⤵
  PID:3524
- C:\Windows\System\fhECAfh.exe
  C:\Windows\System\fhECAfh.exe
  2⤵
  PID:3544
- C:\Windows\System\tlBnyrm.exe
  C:\Windows\System\tlBnyrm.exe
  2⤵
  PID:3568
- C:\Windows\System\gOhtCHW.exe
  C:\Windows\System\gOhtCHW.exe
  2⤵
  PID:3596
- C:\Windows\System\tyciPco.exe
  C:\Windows\System\tyciPco.exe
  2⤵
  PID:3616
- C:\Windows\System\EcOXfjl.exe
  C:\Windows\System\EcOXfjl.exe
  2⤵
  PID:3640
- C:\Windows\System\sZzhJFL.exe
  C:\Windows\System\sZzhJFL.exe
  2⤵
  PID:3664
- C:\Windows\System\UKpWXGj.exe
  C:\Windows\System\UKpWXGj.exe
  2⤵
  PID:3684
- C:\Windows\System\uxCngky.exe
  C:\Windows\System\uxCngky.exe
  2⤵
  PID:3700
- C:\Windows\System\nAHTTrA.exe
  C:\Windows\System\nAHTTrA.exe
  2⤵
  PID:3728
- C:\Windows\System\eQNAXcc.exe
  C:\Windows\System\eQNAXcc.exe
  2⤵
  PID:3744
- C:\Windows\System\LWNKUjE.exe
  C:\Windows\System\LWNKUjE.exe
  2⤵
  PID:3760
- C:\Windows\System\OnCpiZN.exe
  C:\Windows\System\OnCpiZN.exe
  2⤵
  PID:3784
- C:\Windows\System\VbHOsVj.exe
  C:\Windows\System\VbHOsVj.exe
  2⤵
  PID:3804
- C:\Windows\System\nLnjDkt.exe
  C:\Windows\System\nLnjDkt.exe
  2⤵
  PID:3824
- C:\Windows\System\BouwtEy.exe
  C:\Windows\System\BouwtEy.exe
  2⤵
  PID:3840
- C:\Windows\System\tRLTuwt.exe
  C:\Windows\System\tRLTuwt.exe
  2⤵
  PID:3856
- C:\Windows\System\InobAHI.exe
  C:\Windows\System\InobAHI.exe
  2⤵
  PID:3872
- C:\Windows\System\nRInopK.exe
  C:\Windows\System\nRInopK.exe
  2⤵
  PID:3888
- C:\Windows\System\HixLVAG.exe
  C:\Windows\System\HixLVAG.exe
  2⤵
  PID:3904
- C:\Windows\System\SNdQZTr.exe
  C:\Windows\System\SNdQZTr.exe
  2⤵
  PID:3928
- C:\Windows\System\dNfJLxp.exe
  C:\Windows\System\dNfJLxp.exe
  2⤵
  PID:3944
- C:\Windows\System\qfbyVud.exe
  C:\Windows\System\qfbyVud.exe
  2⤵
  PID:3960
- C:\Windows\System\aYjuEhh.exe
  C:\Windows\System\aYjuEhh.exe
  2⤵
  PID:3976
- C:\Windows\System\lozguWJ.exe
  C:\Windows\System\lozguWJ.exe
  2⤵
  PID:4000
- C:\Windows\System\YfszxdP.exe
  C:\Windows\System\YfszxdP.exe
  2⤵
  PID:4020
- C:\Windows\System\ySvhxrI.exe
  C:\Windows\System\ySvhxrI.exe
  2⤵
  PID:4036
- C:\Windows\System\zeSPSOh.exe
  C:\Windows\System\zeSPSOh.exe
  2⤵
  PID:4052
- C:\Windows\System\uMuCnfl.exe
  C:\Windows\System\uMuCnfl.exe
  2⤵
  PID:2088
- C:\Windows\System\lVpSLRs.exe
  C:\Windows\System\lVpSLRs.exe
  2⤵
  PID:1968
- C:\Windows\System\vExagJp.exe
  C:\Windows\System\vExagJp.exe
  2⤵
  PID:2504
- C:\Windows\System\TUnFXci.exe
  C:\Windows\System\TUnFXci.exe
  2⤵
  PID:1800
- C:\Windows\System\ptmXUPI.exe
  C:\Windows\System\ptmXUPI.exe
  2⤵
  PID:3100
- C:\Windows\System\ARobtaT.exe
  C:\Windows\System\ARobtaT.exe
  2⤵
  PID:3140
- C:\Windows\System\nVglJfY.exe
  C:\Windows\System\nVglJfY.exe
  2⤵
  PID:3120
- C:\Windows\System\AYmoezg.exe
  C:\Windows\System\AYmoezg.exe
  2⤵
  PID:3184
- C:\Windows\System\uSAJMTY.exe
  C:\Windows\System\uSAJMTY.exe
  2⤵
  PID:3160
- C:\Windows\System\txEnHFs.exe
  C:\Windows\System\txEnHFs.exe
  2⤵
  PID:3224
- C:\Windows\System\gwSJwdD.exe
  C:\Windows\System\gwSJwdD.exe
  2⤵
  PID:3236
- C:\Windows\System\jOFKaJp.exe
  C:\Windows\System\jOFKaJp.exe
  2⤵
  PID:3260
- C:\Windows\System\nEGrDDJ.exe
  C:\Windows\System\nEGrDDJ.exe
  2⤵
  PID:3300
- C:\Windows\System\YLKqgWS.exe
  C:\Windows\System\YLKqgWS.exe
  2⤵
  PID:3280
- C:\Windows\System\MdPTRLp.exe
  C:\Windows\System\MdPTRLp.exe
  2⤵
  PID:3340
- C:\Windows\System\xfOfSTh.exe
  C:\Windows\System\xfOfSTh.exe
  2⤵
  PID:3412
- C:\Windows\System\ouTHUav.exe
  C:\Windows\System\ouTHUav.exe
  2⤵
  PID:3360
- C:\Windows\System\KLtBgHD.exe
  C:\Windows\System\KLtBgHD.exe
  2⤵
  PID:3464
- C:\Windows\System\HqdCbGT.exe
  C:\Windows\System\HqdCbGT.exe
  2⤵
  PID:3496
- C:\Windows\System\ofHIWfO.exe
  C:\Windows\System\ofHIWfO.exe
  2⤵
  PID:3536
- C:\Windows\System\kItidJD.exe
  C:\Windows\System\kItidJD.exe
  2⤵
  PID:3400
- C:\Windows\System\UzMWiAR.exe
  C:\Windows\System\UzMWiAR.exe
  2⤵
  PID:1936
- C:\Windows\System\tACwiRP.exe
  C:\Windows\System\tACwiRP.exe
  2⤵
  PID:3584
- C:\Windows\System\imZuqEE.exe
  C:\Windows\System\imZuqEE.exe
  2⤵
  PID:3520
- C:\Windows\System\BGaVdRG.exe
  C:\Windows\System\BGaVdRG.exe
  2⤵
  PID:2616
- C:\Windows\System\oMaIwbV.exe
  C:\Windows\System\oMaIwbV.exe
  2⤵
  PID:2536
- C:\Windows\System\Ixkskgk.exe
  C:\Windows\System\Ixkskgk.exe
  2⤵
  PID:3624
- C:\Windows\System\VFJnJdy.exe
  C:\Windows\System\VFJnJdy.exe
  2⤵
  PID:3652
- C:\Windows\System\ndKQNQv.exe
  C:\Windows\System\ndKQNQv.exe
  2⤵
  PID:3672
- C:\Windows\System\TYuuPDE.exe
  C:\Windows\System\TYuuPDE.exe
  2⤵
  PID:3696
- C:\Windows\System\krrVRUI.exe
  C:\Windows\System\krrVRUI.exe
  2⤵
  PID:3740
- C:\Windows\System\SfWBoWQ.exe
  C:\Windows\System\SfWBoWQ.exe
  2⤵
  PID:3792
- C:\Windows\System\ZRESaAE.exe
  C:\Windows\System\ZRESaAE.exe
  2⤵
  PID:3836
- C:\Windows\System\yzZkhem.exe
  C:\Windows\System\yzZkhem.exe
  2⤵
  PID:3864
- C:\Windows\System\eCfmprP.exe
  C:\Windows\System\eCfmprP.exe
  2⤵
  PID:3940
- C:\Windows\System\GxYczDx.exe
  C:\Windows\System\GxYczDx.exe
  2⤵
  PID:4012
- C:\Windows\System\OQLEjle.exe
  C:\Windows\System\OQLEjle.exe
  2⤵
  PID:4068
- C:\Windows\System\CkWMwze.exe
  C:\Windows\System\CkWMwze.exe
  2⤵
  PID:3820
- C:\Windows\System\sOYQcTs.exe
  C:\Windows\System\sOYQcTs.exe
  2⤵
  PID:3880
- C:\Windows\System\YADdVfD.exe
  C:\Windows\System\YADdVfD.exe
  2⤵
  PID:3920
- C:\Windows\System\NCtNSOa.exe
  C:\Windows\System\NCtNSOa.exe
  2⤵
  PID:3956
- C:\Windows\System\VRyXDDH.exe
  C:\Windows\System\VRyXDDH.exe
  2⤵
  PID:4060
- C:\Windows\System\qIYXOCX.exe
  C:\Windows\System\qIYXOCX.exe
  2⤵
  PID:1536
- C:\Windows\System\ztnMhDi.exe
  C:\Windows\System\ztnMhDi.exe
  2⤵
  PID:3080
- C:\Windows\System\wrpQAZz.exe
  C:\Windows\System\wrpQAZz.exe
  2⤵
  PID:3200
- C:\Windows\System\nkdnavp.exe
  C:\Windows\System\nkdnavp.exe
  2⤵
  PID:3320
- C:\Windows\System\AxEDzxu.exe
  C:\Windows\System\AxEDzxu.exe
  2⤵
  PID:3492
- C:\Windows\System\PAZrxSA.exe
  C:\Windows\System\PAZrxSA.exe
  2⤵
  PID:3480
- C:\Windows\System\WWCSwPM.exe
  C:\Windows\System\WWCSwPM.exe
  2⤵
  PID:3092
- C:\Windows\System\dDHYClG.exe
  C:\Windows\System\dDHYClG.exe
  2⤵
  PID:2728
- C:\Windows\System\IKZOVKn.exe
  C:\Windows\System\IKZOVKn.exe
  2⤵
  PID:3692
- C:\Windows\System\oAwXBMx.exe
  C:\Windows\System\oAwXBMx.exe
  2⤵
  PID:3516
- C:\Windows\System\VRnWmCu.exe
  C:\Windows\System\VRnWmCu.exe
  2⤵
  PID:3540
- C:\Windows\System\jwnkvYW.exe
  C:\Windows\System\jwnkvYW.exe
  2⤵
  PID:380
- C:\Windows\System\hmTpKvp.exe
  C:\Windows\System\hmTpKvp.exe
  2⤵
  PID:3812
- C:\Windows\System\ijrvIvp.exe
  C:\Windows\System\ijrvIvp.exe
  2⤵
  PID:4008
- C:\Windows\System\PyjFmoI.exe
  C:\Windows\System\PyjFmoI.exe
  2⤵
  PID:3580
- C:\Windows\System\YVyihir.exe
  C:\Windows\System\YVyihir.exe
  2⤵
  PID:3992
- C:\Windows\System\pzSWIXp.exe
  C:\Windows\System\pzSWIXp.exe
  2⤵
  PID:3996
- C:\Windows\System\TKoEFkM.exe
  C:\Windows\System\TKoEFkM.exe
  2⤵
  PID:776
- C:\Windows\System\tsOHcPd.exe
  C:\Windows\System\tsOHcPd.exe
  2⤵
  PID:3276
- C:\Windows\System\SVpBnUA.exe
  C:\Windows\System\SVpBnUA.exe
  2⤵
  PID:3432
- C:\Windows\System\KKwArFe.exe
  C:\Windows\System\KKwArFe.exe
  2⤵
  PID:3136
- C:\Windows\System\LZdUxHs.exe
  C:\Windows\System\LZdUxHs.exe
  2⤵
  PID:3216
- C:\Windows\System\Peuivjv.exe
  C:\Windows\System\Peuivjv.exe
  2⤵
  PID:536
- C:\Windows\System\efWKeaR.exe
  C:\Windows\System\efWKeaR.exe
  2⤵
  PID:3364
- C:\Windows\System\gaoEWKV.exe
  C:\Windows\System\gaoEWKV.exe
  2⤵
  PID:3936
- C:\Windows\System\YYeQGGG.exe
  C:\Windows\System\YYeQGGG.exe
  2⤵
  PID:3344
- C:\Windows\System\XcyRDey.exe
  C:\Windows\System\XcyRDey.exe
  2⤵
  PID:4048
- C:\Windows\System\ArlpbSA.exe
  C:\Windows\System\ArlpbSA.exe
  2⤵
  PID:3924
- C:\Windows\System\SotBcCi.exe
  C:\Windows\System\SotBcCi.exe
  2⤵
  PID:1156
- C:\Windows\System\iKgRoxf.exe
  C:\Windows\System\iKgRoxf.exe
  2⤵
  PID:3648
- C:\Windows\System\RzKPQrd.exe
  C:\Windows\System\RzKPQrd.exe
  2⤵
  PID:2700
- C:\Windows\System\sGYAOHD.exe
  C:\Windows\System\sGYAOHD.exe
  2⤵
  PID:3008
- C:\Windows\System\WKpAKnH.exe
  C:\Windows\System\WKpAKnH.exe
  2⤵
  PID:2520
- C:\Windows\System\oNOVOrV.exe
  C:\Windows\System\oNOVOrV.exe
  2⤵
  PID:3780
- C:\Windows\System\bjzdevw.exe
  C:\Windows\System\bjzdevw.exe
  2⤵
  PID:3772
- C:\Windows\System\CAkXrkp.exe
  C:\Windows\System\CAkXrkp.exe
  2⤵
  PID:3800
- C:\Windows\System\jSJLHhs.exe
  C:\Windows\System\jSJLHhs.exe
  2⤵
  PID:3988
- C:\Windows\System\hYRTICV.exe
  C:\Windows\System\hYRTICV.exe
  2⤵
  PID:2812
- C:\Windows\System\hRgogRL.exe
  C:\Windows\System\hRgogRL.exe
  2⤵
  PID:2920
- C:\Windows\System\WZrZNig.exe
  C:\Windows\System\WZrZNig.exe
  2⤵
  PID:3712
- C:\Windows\System\dSofwiX.exe
  C:\Windows\System\dSofwiX.exe
  2⤵
  PID:4076
- C:\Windows\System\yhPsiGg.exe
  C:\Windows\System\yhPsiGg.exe
  2⤵
  PID:4044
- C:\Windows\System\MgQEBKB.exe
  C:\Windows\System\MgQEBKB.exe
  2⤵
  PID:2932
- C:\Windows\System\TrJTrtP.exe
  C:\Windows\System\TrJTrtP.exe
  2⤵
  PID:4064
- C:\Windows\System\HbrAsSB.exe
  C:\Windows\System\HbrAsSB.exe
  2⤵
  PID:3752
- C:\Windows\System\QINYYUJ.exe
  C:\Windows\System\QINYYUJ.exe
  2⤵
  PID:3012
- C:\Windows\System\hZmpVBZ.exe
  C:\Windows\System\hZmpVBZ.exe
  2⤵
  PID:3384
- C:\Windows\System\YsUBkCn.exe
  C:\Windows\System\YsUBkCn.exe
  2⤵
  PID:3476
- C:\Windows\System\HchHUQL.exe
  C:\Windows\System\HchHUQL.exe
  2⤵
  PID:928
- C:\Windows\System\XfqdkBh.exe
  C:\Windows\System\XfqdkBh.exe
  2⤵
  PID:2672
- C:\Windows\System\hBOMXYZ.exe
  C:\Windows\System\hBOMXYZ.exe
  2⤵
  PID:2876
- C:\Windows\System\XaLtYAu.exe
  C:\Windows\System\XaLtYAu.exe
  2⤵
  PID:596
- C:\Windows\System\NbEotzm.exe
  C:\Windows\System\NbEotzm.exe
  2⤵
  PID:1796
- C:\Windows\System\HUndUkb.exe
  C:\Windows\System\HUndUkb.exe
  2⤵
  PID:3264
- C:\Windows\System\wzUnocf.exe
  C:\Windows\System\wzUnocf.exe
  2⤵
  PID:2540
- C:\Windows\System\ujgyAup.exe
  C:\Windows\System\ujgyAup.exe
  2⤵
  PID:2376
- C:\Windows\System\hZqKLJY.exe
  C:\Windows\System\hZqKLJY.exe
  2⤵
  PID:2928
- C:\Windows\System\DbUZuEg.exe
  C:\Windows\System\DbUZuEg.exe
  2⤵
  PID:2884
- C:\Windows\System\JzSCkoE.exe
  C:\Windows\System\JzSCkoE.exe
  2⤵
  PID:3036
- C:\Windows\System\yVxdekD.exe
  C:\Windows\System\yVxdekD.exe
  2⤵
  PID:2720
- C:\Windows\System\rvfOEAp.exe
  C:\Windows\System\rvfOEAp.exe
  2⤵
  PID:1644
- C:\Windows\System\YMWoCAc.exe
  C:\Windows\System\YMWoCAc.exe
  2⤵
  PID:3952
- C:\Windows\System\AFkWqhR.exe
  C:\Windows\System\AFkWqhR.exe
  2⤵
  PID:4108
- C:\Windows\System\xSmxwFX.exe
  C:\Windows\System\xSmxwFX.exe
  2⤵
  PID:4156
- C:\Windows\System\khRuZwj.exe
  C:\Windows\System\khRuZwj.exe
  2⤵
  PID:4172
- C:\Windows\System\FwgcEjf.exe
  C:\Windows\System\FwgcEjf.exe
  2⤵
  PID:4188
- C:\Windows\System\PHGftXH.exe
  C:\Windows\System\PHGftXH.exe
  2⤵
  PID:4208
- C:\Windows\System\YXQyPma.exe
  C:\Windows\System\YXQyPma.exe
  2⤵
  PID:4232
- C:\Windows\System\taaXbgu.exe
  C:\Windows\System\taaXbgu.exe
  2⤵
  PID:4248
- C:\Windows\System\HYzTsgL.exe
  C:\Windows\System\HYzTsgL.exe
  2⤵
  PID:4264
- C:\Windows\System\plPRaTU.exe
  C:\Windows\System\plPRaTU.exe
  2⤵
  PID:4280
- C:\Windows\System\QiqusIF.exe
  C:\Windows\System\QiqusIF.exe
  2⤵
  PID:4304
- C:\Windows\System\pCgQBpZ.exe
  C:\Windows\System\pCgQBpZ.exe
  2⤵
  PID:4320
- C:\Windows\System\xwaiOWu.exe
  C:\Windows\System\xwaiOWu.exe
  2⤵
  PID:4340
- C:\Windows\System\pcEFIzj.exe
  C:\Windows\System\pcEFIzj.exe
  2⤵
  PID:4364
- C:\Windows\System\qATcaKo.exe
  C:\Windows\System\qATcaKo.exe
  2⤵
  PID:4380
- C:\Windows\System\uPqzULF.exe
  C:\Windows\System\uPqzULF.exe
  2⤵
  PID:4400
- C:\Windows\System\XewxulY.exe
  C:\Windows\System\XewxulY.exe
  2⤵
  PID:4416
- C:\Windows\System\yEQknwS.exe
  C:\Windows\System\yEQknwS.exe
  2⤵
  PID:4436
- C:\Windows\System\ZRILwym.exe
  C:\Windows\System\ZRILwym.exe
  2⤵
  PID:4456
- C:\Windows\System\woukFAY.exe
  C:\Windows\System\woukFAY.exe
  2⤵
  PID:4472
- C:\Windows\System\Tcsjypw.exe
  C:\Windows\System\Tcsjypw.exe
  2⤵
  PID:4488
- C:\Windows\System\BhCgtlK.exe
  C:\Windows\System\BhCgtlK.exe
  2⤵
  PID:4504
- C:\Windows\System\ZNkiboA.exe
  C:\Windows\System\ZNkiboA.exe
  2⤵
  PID:4572
- C:\Windows\System\FmCzFqR.exe
  C:\Windows\System\FmCzFqR.exe
  2⤵
  PID:4596
- C:\Windows\System\RSJtWQq.exe
  C:\Windows\System\RSJtWQq.exe
  2⤵
  PID:4612
- C:\Windows\System\IstMQwf.exe
  C:\Windows\System\IstMQwf.exe
  2⤵
  PID:4636
- C:\Windows\System\qUHPlFb.exe
  C:\Windows\System\qUHPlFb.exe
  2⤵
  PID:4656
- C:\Windows\System\BvVubeZ.exe
  C:\Windows\System\BvVubeZ.exe
  2⤵
  PID:4676
- C:\Windows\System\wcTvTOX.exe
  C:\Windows\System\wcTvTOX.exe
  2⤵
  PID:4692
- C:\Windows\System\PFoeNsQ.exe
  C:\Windows\System\PFoeNsQ.exe
  2⤵
  PID:4708
- C:\Windows\System\Uzfyfnc.exe
  C:\Windows\System\Uzfyfnc.exe
  2⤵
  PID:4724
- C:\Windows\System\HnWxHXt.exe
  C:\Windows\System\HnWxHXt.exe
  2⤵
  PID:4740
- C:\Windows\System\ZToywwm.exe
  C:\Windows\System\ZToywwm.exe
  2⤵
  PID:4756
- C:\Windows\System\TQjWZyz.exe
  C:\Windows\System\TQjWZyz.exe
  2⤵
  PID:4776
- C:\Windows\System\pPXrFOs.exe
  C:\Windows\System\pPXrFOs.exe
  2⤵
  PID:4792
- C:\Windows\System\YixpqtD.exe
  C:\Windows\System\YixpqtD.exe
  2⤵
  PID:4816
- C:\Windows\System\DokeIHr.exe
  C:\Windows\System\DokeIHr.exe
  2⤵
  PID:4844
- C:\Windows\System\AYtLjra.exe
  C:\Windows\System\AYtLjra.exe
  2⤵
  PID:4864
- C:\Windows\System\VMsMsVX.exe
  C:\Windows\System\VMsMsVX.exe
  2⤵
  PID:4880
- C:\Windows\System\RHLceNA.exe
  C:\Windows\System\RHLceNA.exe
  2⤵
  PID:4904
- C:\Windows\System\xoGmRQU.exe
  C:\Windows\System\xoGmRQU.exe
  2⤵
  PID:4944
- C:\Windows\System\JoYLpyc.exe
  C:\Windows\System\JoYLpyc.exe
  2⤵
  PID:4960
- C:\Windows\System\cbIXorq.exe
  C:\Windows\System\cbIXorq.exe
  2⤵
  PID:4976
- C:\Windows\System\Vckmofr.exe
  C:\Windows\System\Vckmofr.exe
  2⤵
  PID:4992
- C:\Windows\System\yfbeHrI.exe
  C:\Windows\System\yfbeHrI.exe
  2⤵
  PID:5008
- C:\Windows\System\tSMzZMt.exe
  C:\Windows\System\tSMzZMt.exe
  2⤵
  PID:5024
- C:\Windows\System\SycnnfJ.exe
  C:\Windows\System\SycnnfJ.exe
  2⤵
  PID:5052
- C:\Windows\System\rWYVzCJ.exe
  C:\Windows\System\rWYVzCJ.exe
  2⤵
  PID:5068
- C:\Windows\System\rBSsWxG.exe
  C:\Windows\System\rBSsWxG.exe
  2⤵
  PID:5084
- C:\Windows\System\IJySPMW.exe
  C:\Windows\System\IJySPMW.exe
  2⤵
  PID:5100
- C:\Windows\System\HQSLZDv.exe
  C:\Windows\System\HQSLZDv.exe
  2⤵
  PID:5116
- C:\Windows\System\uZgCKxO.exe
  C:\Windows\System\uZgCKxO.exe
  2⤵
  PID:2936
- C:\Windows\System\YVCVovW.exe
  C:\Windows\System\YVCVovW.exe
  2⤵
  PID:4124
- C:\Windows\System\EArXOMv.exe
  C:\Windows\System\EArXOMv.exe
  2⤵
  PID:3164
- C:\Windows\System\sITvkCp.exe
  C:\Windows\System\sITvkCp.exe
  2⤵
  PID:4100
- C:\Windows\System\dDtFWpW.exe
  C:\Windows\System\dDtFWpW.exe
  2⤵
  PID:4148
- C:\Windows\System\YESlWNG.exe
  C:\Windows\System\YESlWNG.exe
  2⤵
  PID:4336
- C:\Windows\System\aenpXPU.exe
  C:\Windows\System\aenpXPU.exe
  2⤵
  PID:4196
- C:\Windows\System\dLbivwG.exe
  C:\Windows\System\dLbivwG.exe
  2⤵
  PID:4408
- C:\Windows\System\sXkhTgO.exe
  C:\Windows\System\sXkhTgO.exe
  2⤵
  PID:4448
- C:\Windows\System\mCPvbQU.exe
  C:\Windows\System\mCPvbQU.exe
  2⤵
  PID:4520
- C:\Windows\System\FrvmHKa.exe
  C:\Windows\System\FrvmHKa.exe
  2⤵
  PID:4544
- C:\Windows\System\CoDiwAv.exe
  C:\Windows\System\CoDiwAv.exe
  2⤵
  PID:4560
- C:\Windows\System\rACWPIv.exe
  C:\Windows\System\rACWPIv.exe
  2⤵
  PID:4204
- C:\Windows\System\xWniawF.exe
  C:\Windows\System\xWniawF.exe
  2⤵
  PID:4580
- C:\Windows\System\mggvfGP.exe
  C:\Windows\System\mggvfGP.exe
  2⤵
  PID:4392
- C:\Windows\System\nntQtBN.exe
  C:\Windows\System\nntQtBN.exe
  2⤵
  PID:4432
- C:\Windows\System\KNFDPGP.exe
  C:\Windows\System\KNFDPGP.exe
  2⤵
  PID:4588
- C:\Windows\System\FbxZkIJ.exe
  C:\Windows\System\FbxZkIJ.exe
  2⤵
  PID:4748
- C:\Windows\System\KCxKutT.exe
  C:\Windows\System\KCxKutT.exe
  2⤵
  PID:4752
- C:\Windows\System\VzFoYha.exe
  C:\Windows\System\VzFoYha.exe
  2⤵
  PID:4632
- C:\Windows\System\gvgxwVj.exe
  C:\Windows\System\gvgxwVj.exe
  2⤵
  PID:4772
- C:\Windows\System\XbyJCKv.exe
  C:\Windows\System\XbyJCKv.exe
  2⤵
  PID:4852
- C:\Windows\System\LwrMhSW.exe
  C:\Windows\System\LwrMhSW.exe
  2⤵
  PID:4672
- C:\Windows\System\puxGSYr.exe
  C:\Windows\System\puxGSYr.exe
  2⤵
  PID:4764
- C:\Windows\System\CRppIYz.exe
  C:\Windows\System\CRppIYz.exe
  2⤵
  PID:4876
- C:\Windows\System\lNHyXWF.exe
  C:\Windows\System\lNHyXWF.exe
  2⤵
  PID:4888
- C:\Windows\System\ORMekBA.exe
  C:\Windows\System\ORMekBA.exe
  2⤵
  PID:4924
- C:\Windows\System\xFhXDca.exe
  C:\Windows\System\xFhXDca.exe
  2⤵
  PID:4936
- C:\Windows\System\KARufWU.exe
  C:\Windows\System\KARufWU.exe
  2⤵
  PID:5000
- C:\Windows\System\MYijzYj.exe
  C:\Windows\System\MYijzYj.exe
  2⤵
  PID:5036
- C:\Windows\System\wdaoFiy.exe
  C:\Windows\System\wdaoFiy.exe
  2⤵
  PID:5020
- C:\Windows\System\NJGhcoD.exe
  C:\Windows\System\NJGhcoD.exe
  2⤵
  PID:5044
- C:\Windows\System\QQwaQxK.exe
  C:\Windows\System\QQwaQxK.exe
  2⤵
  PID:5080
- C:\Windows\System\dKYnAYV.exe
  C:\Windows\System\dKYnAYV.exe
  2⤵
  PID:2836
- C:\Windows\System\jNtJgnd.exe
  C:\Windows\System\jNtJgnd.exe
  2⤵
  PID:4180
- C:\Windows\System\RrsJmvs.exe
  C:\Windows\System\RrsJmvs.exe
  2⤵
  PID:4228
- C:\Windows\System\yquQklW.exe
  C:\Windows\System\yquQklW.exe
  2⤵
  PID:5096
- C:\Windows\System\ClmURud.exe
  C:\Windows\System\ClmURud.exe
  2⤵
  PID:4300
- C:\Windows\System\LbkbhAF.exe
  C:\Windows\System\LbkbhAF.exe
  2⤵
  PID:4164
- C:\Windows\System\YSQyByv.exe
  C:\Windows\System\YSQyByv.exe
  2⤵
  PID:4140
- C:\Windows\System\KNnLrno.exe
  C:\Windows\System\KNnLrno.exe
  2⤵
  PID:4540
- C:\Windows\System\PotonxK.exe
  C:\Windows\System\PotonxK.exe
  2⤵
  PID:4168
- C:\Windows\System\bQcutPC.exe
  C:\Windows\System\bQcutPC.exe
  2⤵
  PID:4312
- C:\Windows\System\BFwyVMB.exe
  C:\Windows\System\BFwyVMB.exe
  2⤵
  PID:4360
- C:\Windows\System\PCTvEtK.exe
  C:\Windows\System\PCTvEtK.exe
  2⤵
  PID:4688
- C:\Windows\System\cOaaoqZ.exe
  C:\Windows\System\cOaaoqZ.exe
  2⤵
  PID:4700
- C:\Windows\System\EGJaKub.exe
  C:\Windows\System\EGJaKub.exe
  2⤵
  PID:4628
- C:\Windows\System\ZAGiZTy.exe
  C:\Windows\System\ZAGiZTy.exe
  2⤵
  PID:4824
- C:\Windows\System\XtACOfj.exe
  C:\Windows\System\XtACOfj.exe
  2⤵
  PID:4812
- C:\Windows\System\xbFnGSK.exe
  C:\Windows\System\xbFnGSK.exe
  2⤵
  PID:4768
- C:\Windows\System\ZzIXPeM.exe
  C:\Windows\System\ZzIXPeM.exe
  2⤵
  PID:4940
- C:\Windows\System\RBaLrnp.exe
  C:\Windows\System\RBaLrnp.exe
  2⤵
  PID:5040
- C:\Windows\System\icJCtMD.exe
  C:\Windows\System\icJCtMD.exe
  2⤵
  PID:4184
- C:\Windows\System\OxEkwuL.exe
  C:\Windows\System\OxEkwuL.exe
  2⤵
  PID:4912
- C:\Windows\System\ovYTGyf.exe
  C:\Windows\System\ovYTGyf.exe
  2⤵
  PID:4296
- C:\Windows\System\JZxdfHe.exe
  C:\Windows\System\JZxdfHe.exe
  2⤵
  PID:4240
- C:\Windows\System\hDNIOUy.exe
  C:\Windows\System\hDNIOUy.exe
  2⤵
  PID:4200
- C:\Windows\System\uRydBuW.exe
  C:\Windows\System\uRydBuW.exe
  2⤵
  PID:4512
- C:\Windows\System\qtCMrlS.exe
  C:\Windows\System\qtCMrlS.exe
  2⤵
  PID:4984
- C:\Windows\System\WiBhRYC.exe
  C:\Windows\System\WiBhRYC.exe
  2⤵
  PID:4480
- C:\Windows\System\KRtrWnK.exe
  C:\Windows\System\KRtrWnK.exe
  2⤵
  PID:4584
- C:\Windows\System\WTlgWqj.exe
  C:\Windows\System\WTlgWqj.exe
  2⤵
  PID:1648
- C:\Windows\System\NYRZNxV.exe
  C:\Windows\System\NYRZNxV.exe
  2⤵
  PID:4716
- C:\Windows\System\wgcODyp.exe
  C:\Windows\System\wgcODyp.exe
  2⤵
  PID:4836
- C:\Windows\System\SAZjjGF.exe
  C:\Windows\System\SAZjjGF.exe
  2⤵
  PID:4808
- C:\Windows\System\sXOyMbx.exe
  C:\Windows\System\sXOyMbx.exe
  2⤵
  PID:1808
- C:\Windows\System\ANSqlUZ.exe
  C:\Windows\System\ANSqlUZ.exe
  2⤵
  PID:4736
- C:\Windows\System\GXcNeLi.exe
  C:\Windows\System\GXcNeLi.exe
  2⤵
  PID:4328
- C:\Windows\System\frWqPBs.exe
  C:\Windows\System\frWqPBs.exe
  2⤵
  PID:4260
- C:\Windows\System\HOyRDaE.exe
  C:\Windows\System\HOyRDaE.exe
  2⤵
  PID:1700
- C:\Windows\System\TEFRqwO.exe
  C:\Windows\System\TEFRqwO.exe
  2⤵
  PID:4216
- C:\Windows\System\TneLPkh.exe
  C:\Windows\System\TneLPkh.exe
  2⤵
  PID:4116
- C:\Windows\System\EKvDuPr.exe
  C:\Windows\System\EKvDuPr.exe
  2⤵
  PID:1400
- C:\Windows\System\gEbSgJa.exe
  C:\Windows\System\gEbSgJa.exe
  2⤵
  PID:2000
- C:\Windows\System\hximMFz.exe
  C:\Windows\System\hximMFz.exe
  2⤵
  PID:2400
- C:\Windows\System\HtOxYNg.exe
  C:\Windows\System\HtOxYNg.exe
  2⤵
  PID:1920
- C:\Windows\System\zNQyYWy.exe
  C:\Windows\System\zNQyYWy.exe
  2⤵
  PID:4972
- C:\Windows\System\CaRIRFV.exe
  C:\Windows\System\CaRIRFV.exe
  2⤵
  PID:4316
- C:\Windows\System\GsGOsKu.exe
  C:\Windows\System\GsGOsKu.exe
  2⤵
  PID:1736
- C:\Windows\System\QpUlTYI.exe
  C:\Windows\System\QpUlTYI.exe
  2⤵
  PID:5064
- C:\Windows\System\mWyXvAb.exe
  C:\Windows\System\mWyXvAb.exe
  2⤵
  PID:4496
- C:\Windows\System\kuubAwp.exe
  C:\Windows\System\kuubAwp.exe
  2⤵
  PID:5132
- C:\Windows\System\uWWNRbr.exe
  C:\Windows\System\uWWNRbr.exe
  2⤵
  PID:5152
- C:\Windows\System\XWTBrFZ.exe
  C:\Windows\System\XWTBrFZ.exe
  2⤵
  PID:5180
- C:\Windows\System\CJuspFi.exe
  C:\Windows\System\CJuspFi.exe
  2⤵
  PID:5228
- C:\Windows\System\JLPLbxy.exe
  C:\Windows\System\JLPLbxy.exe
  2⤵
  PID:5244
- C:\Windows\System\PoyNRSC.exe
  C:\Windows\System\PoyNRSC.exe
  2⤵
  PID:5264
- C:\Windows\System\qqPHmjW.exe
  C:\Windows\System\qqPHmjW.exe
  2⤵
  PID:5288
- C:\Windows\System\kuEFueY.exe
  C:\Windows\System\kuEFueY.exe
  2⤵
  PID:5304
- C:\Windows\System\cxonVwZ.exe
  C:\Windows\System\cxonVwZ.exe
  2⤵
  PID:5324
- C:\Windows\System\UUVzEKs.exe
  C:\Windows\System\UUVzEKs.exe
  2⤵
  PID:5340
- C:\Windows\System\hNEBmRj.exe
  C:\Windows\System\hNEBmRj.exe
  2⤵
  PID:5356
- C:\Windows\System\IpXvjGQ.exe
  C:\Windows\System\IpXvjGQ.exe
  2⤵
  PID:5372
- C:\Windows\System\VTyQuXx.exe
  C:\Windows\System\VTyQuXx.exe
  2⤵
  PID:5392
- C:\Windows\System\JbKBoSr.exe
  C:\Windows\System\JbKBoSr.exe
  2⤵
  PID:5424
- C:\Windows\System\IiMckUd.exe
  C:\Windows\System\IiMckUd.exe
  2⤵
  PID:5440
- C:\Windows\System\lCjQGCF.exe
  C:\Windows\System\lCjQGCF.exe
  2⤵
  PID:5460
- C:\Windows\System\BgUkrto.exe
  C:\Windows\System\BgUkrto.exe
  2⤵
  PID:5476
- C:\Windows\System\YzQVCZl.exe
  C:\Windows\System\YzQVCZl.exe
  2⤵
  PID:5504
- C:\Windows\System\pXagcDc.exe
  C:\Windows\System\pXagcDc.exe
  2⤵
  PID:5528
- C:\Windows\System\prXiPSw.exe
  C:\Windows\System\prXiPSw.exe
  2⤵
  PID:5544
- C:\Windows\System\VyyHYLj.exe
  C:\Windows\System\VyyHYLj.exe
  2⤵
  PID:5564
- C:\Windows\System\hlvXjuM.exe
  C:\Windows\System\hlvXjuM.exe
  2⤵
  PID:5580
- C:\Windows\System\NkApahA.exe
  C:\Windows\System\NkApahA.exe
  2⤵
  PID:5596
- C:\Windows\System\FurWRUr.exe
  C:\Windows\System\FurWRUr.exe
  2⤵
  PID:5620
- C:\Windows\System\oVZexFr.exe
  C:\Windows\System\oVZexFr.exe
  2⤵
  PID:5636
- C:\Windows\System\EOdaMav.exe
  C:\Windows\System\EOdaMav.exe
  2⤵
  PID:5656
- C:\Windows\System\WVJZzRY.exe
  C:\Windows\System\WVJZzRY.exe
  2⤵
  PID:5672
- C:\Windows\System\OxzacuU.exe
  C:\Windows\System\OxzacuU.exe
  2⤵
  PID:5688
- C:\Windows\System\gbNFaJf.exe
  C:\Windows\System\gbNFaJf.exe
  2⤵
  PID:5708
- C:\Windows\System\PTtLzZx.exe
  C:\Windows\System\PTtLzZx.exe
  2⤵
  PID:5724
- C:\Windows\System\PRNnZjC.exe
  C:\Windows\System\PRNnZjC.exe
  2⤵
  PID:5740
- C:\Windows\System\PlwyzZa.exe
  C:\Windows\System\PlwyzZa.exe
  2⤵
  PID:5788
- C:\Windows\System\NzFKEWq.exe
  C:\Windows\System\NzFKEWq.exe
  2⤵
  PID:5808
- C:\Windows\System\rNBjdGh.exe
  C:\Windows\System\rNBjdGh.exe
  2⤵
  PID:5828
- C:\Windows\System\FdBSSoT.exe
  C:\Windows\System\FdBSSoT.exe
  2⤵
  PID:5844
- C:\Windows\System\dZSxcwG.exe
  C:\Windows\System\dZSxcwG.exe
  2⤵
  PID:5864
- C:\Windows\System\wZzSuhy.exe
  C:\Windows\System\wZzSuhy.exe
  2⤵
  PID:5880
- C:\Windows\System\eWPZULw.exe
  C:\Windows\System\eWPZULw.exe
  2⤵
  PID:5896
- C:\Windows\System\sThRXwk.exe
  C:\Windows\System\sThRXwk.exe
  2⤵
  PID:5912
- C:\Windows\System\ZiVavwB.exe
  C:\Windows\System\ZiVavwB.exe
  2⤵
  PID:5928
- C:\Windows\System\cgRJYDR.exe
  C:\Windows\System\cgRJYDR.exe
  2⤵
  PID:5944
- C:\Windows\System\oviYTre.exe
  C:\Windows\System\oviYTre.exe
  2⤵
  PID:5960
- C:\Windows\System\zNDLqGf.exe
  C:\Windows\System\zNDLqGf.exe
  2⤵
  PID:5976
- C:\Windows\System\nYRaaLp.exe
  C:\Windows\System\nYRaaLp.exe
  2⤵
  PID:5996
- C:\Windows\System\OQOSwDX.exe
  C:\Windows\System\OQOSwDX.exe
  2⤵
  PID:6016
- C:\Windows\System\dkrokMR.exe
  C:\Windows\System\dkrokMR.exe
  2⤵
  PID:6076
- C:\Windows\System\hJqKGzY.exe
  C:\Windows\System\hJqKGzY.exe
  2⤵
  PID:6092
- C:\Windows\System\jhTkuDv.exe
  C:\Windows\System\jhTkuDv.exe
  2⤵
  PID:6112
- C:\Windows\System\iOOjRRt.exe
  C:\Windows\System\iOOjRRt.exe
  2⤵
  PID:6128
- C:\Windows\System\gcXTaoC.exe
  C:\Windows\System\gcXTaoC.exe
  2⤵
  PID:1096
- C:\Windows\System\xoORHNU.exe
  C:\Windows\System\xoORHNU.exe
  2⤵
  PID:4664
- C:\Windows\System\IgCNNTz.exe
  C:\Windows\System\IgCNNTz.exe
  2⤵
  PID:3632
- C:\Windows\System\xOkPzcB.exe
  C:\Windows\System\xOkPzcB.exe
  2⤵
  PID:5124
- C:\Windows\System\KqoZGnW.exe
  C:\Windows\System\KqoZGnW.exe
  2⤵
  PID:4356
- C:\Windows\System\XrcVkyN.exe
  C:\Windows\System\XrcVkyN.exe
  2⤵
  PID:4528
- C:\Windows\System\lgswgyY.exe
  C:\Windows\System\lgswgyY.exe
  2⤵
  PID:4968
- C:\Windows\System\ZTVipxx.exe
  C:\Windows\System\ZTVipxx.exe
  2⤵
  PID:5188
- C:\Windows\System\CeWpkQo.exe
  C:\Windows\System\CeWpkQo.exe
  2⤵
  PID:5160
- C:\Windows\System\xZqQySb.exe
  C:\Windows\System\xZqQySb.exe
  2⤵
  PID:5148
- C:\Windows\System\NCSbFuQ.exe
  C:\Windows\System\NCSbFuQ.exe
  2⤵
  PID:5208
- C:\Windows\System\kYpwGqZ.exe
  C:\Windows\System\kYpwGqZ.exe
  2⤵
  PID:5284
- C:\Windows\System\IrhCSDG.exe
  C:\Windows\System\IrhCSDG.exe
  2⤵
  PID:5316
- C:\Windows\System\cKOyixo.exe
  C:\Windows\System\cKOyixo.exe
  2⤵
  PID:5380
- C:\Windows\System\eKZDOOi.exe
  C:\Windows\System\eKZDOOi.exe
  2⤵
  PID:5384
- C:\Windows\System\elvatNm.exe
  C:\Windows\System\elvatNm.exe
  2⤵
  PID:5368
- C:\Windows\System\GMsujRy.exe
  C:\Windows\System\GMsujRy.exe
  2⤵
  PID:5436
- C:\Windows\System\yHjNEJd.exe
  C:\Windows\System\yHjNEJd.exe
  2⤵
  PID:5456
- C:\Windows\System\DmHwfin.exe
  C:\Windows\System\DmHwfin.exe
  2⤵
  PID:5488
- C:\Windows\System\POFAqbR.exe
  C:\Windows\System\POFAqbR.exe
  2⤵
  PID:5524
- C:\Windows\System\tPijJxo.exe
  C:\Windows\System\tPijJxo.exe
  2⤵
  PID:5540
- C:\Windows\System\YKJWmHe.exe
  C:\Windows\System\YKJWmHe.exe
  2⤵
  PID:5632
- C:\Windows\System\vFswCdh.exe
  C:\Windows\System\vFswCdh.exe
  2⤵
  PID:5612
- C:\Windows\System\RWdGoEj.exe
  C:\Windows\System\RWdGoEj.exe
  2⤵
  PID:5684
- C:\Windows\System\aVPPicA.exe
  C:\Windows\System\aVPPicA.exe
  2⤵
  PID:5668
- C:\Windows\System\iLVPcHn.exe
  C:\Windows\System\iLVPcHn.exe
  2⤵
  PID:5648
- C:\Windows\System\dCNNntm.exe
  C:\Windows\System\dCNNntm.exe
  2⤵
  PID:5776
- C:\Windows\System\ENTlgaP.exe
  C:\Windows\System\ENTlgaP.exe
  2⤵
  PID:5796
- C:\Windows\System\wAfvrwa.exe
  C:\Windows\System\wAfvrwa.exe
  2⤵
  PID:5824
- C:\Windows\System\SixZdaJ.exe
  C:\Windows\System\SixZdaJ.exe
  2⤵
  PID:5840
- C:\Windows\System\izkYTDz.exe
  C:\Windows\System\izkYTDz.exe
  2⤵
  PID:5904
- C:\Windows\System\RnDXKMJ.exe
  C:\Windows\System\RnDXKMJ.exe
  2⤵
  PID:5940
- C:\Windows\System\nbykmfc.exe
  C:\Windows\System\nbykmfc.exe
  2⤵
  PID:6012
- C:\Windows\System\CdNKMWX.exe
  C:\Windows\System\CdNKMWX.exe
  2⤵
  PID:6024
- C:\Windows\System\UXbFgJg.exe
  C:\Windows\System\UXbFgJg.exe
  2⤵
  PID:6056
- C:\Windows\System\EZOZFVY.exe
  C:\Windows\System\EZOZFVY.exe
  2⤵
  PID:6048
- C:\Windows\System\JHBkFrR.exe
  C:\Windows\System\JHBkFrR.exe
  2⤵
  PID:6108
- C:\Windows\System\YPQtbez.exe
  C:\Windows\System\YPQtbez.exe
  2⤵
  PID:6140
- C:\Windows\System\coJleBK.exe
  C:\Windows\System\coJleBK.exe
  2⤵
  PID:4956
- C:\Windows\System\kOWByMR.exe
  C:\Windows\System\kOWByMR.exe
  2⤵
  PID:4424
- C:\Windows\System\lxwBpwI.exe
  C:\Windows\System\lxwBpwI.exe
  2⤵
  PID:2176
- C:\Windows\System\QAVvWCo.exe
  C:\Windows\System\QAVvWCo.exe
  2⤵
  PID:5176
- C:\Windows\System\AQzaWeA.exe
  C:\Windows\System\AQzaWeA.exe
  2⤵
  PID:2208
- C:\Windows\System\MfGyGgQ.exe
  C:\Windows\System\MfGyGgQ.exe
  2⤵
  PID:5200
- C:\Windows\System\xpaOBGB.exe
  C:\Windows\System\xpaOBGB.exe
  2⤵
  PID:5276
- C:\Windows\System\IfvRyhb.exe
  C:\Windows\System\IfvRyhb.exe
  2⤵
  PID:5352
- C:\Windows\System\HgZlUfl.exe
  C:\Windows\System\HgZlUfl.exe
  2⤵
  PID:5448
- C:\Windows\System\QqGxkJZ.exe
  C:\Windows\System\QqGxkJZ.exe
  2⤵
  PID:5452
- C:\Windows\System\uUkSqTu.exe
  C:\Windows\System\uUkSqTu.exe
  2⤵
  PID:2732
- C:\Windows\System\anOgvmg.exe
  C:\Windows\System\anOgvmg.exe
  2⤵
  PID:5588
- C:\Windows\System\YXQyZjY.exe
  C:\Windows\System\YXQyZjY.exe
  2⤵
  PID:5608
- C:\Windows\System\CadrTot.exe
  C:\Windows\System\CadrTot.exe
  2⤵
  PID:5652
- C:\Windows\System\qGaDjfu.exe
  C:\Windows\System\qGaDjfu.exe
  2⤵
  PID:5736
- C:\Windows\System\uVlKPgv.exe
  C:\Windows\System\uVlKPgv.exe
  2⤵
  PID:5752
- C:\Windows\System\KqqqTNv.exe
  C:\Windows\System\KqqqTNv.exe
  2⤵
  PID:5756
- C:\Windows\System\EHjaTSR.exe
  C:\Windows\System\EHjaTSR.exe
  2⤵
  PID:5816
- C:\Windows\System\ivAbfxy.exe
  C:\Windows\System\ivAbfxy.exe
  2⤵
  PID:5984
- C:\Windows\System\EiLQGwH.exe
  C:\Windows\System\EiLQGwH.exe
  2⤵
  PID:5892
- C:\Windows\System\TrVrLgZ.exe
  C:\Windows\System\TrVrLgZ.exe
  2⤵
  PID:6068
- C:\Windows\System\LXkYhgq.exe
  C:\Windows\System\LXkYhgq.exe
  2⤵
  PID:6044
- C:\Windows\System\wESNDWj.exe
  C:\Windows\System\wESNDWj.exe
  2⤵
  PID:4500
- C:\Windows\System\DlHnNOl.exe
  C:\Windows\System\DlHnNOl.exe
  2⤵
  PID:6084
- C:\Windows\System\dILUYNc.exe
  C:\Windows\System\dILUYNc.exe
  2⤵
  PID:4536
- C:\Windows\System\mgtWaBG.exe
  C:\Windows\System\mgtWaBG.exe
  2⤵
  PID:4920
- C:\Windows\System\dVNYWEv.exe
  C:\Windows\System\dVNYWEv.exe
  2⤵
  PID:5256
- C:\Windows\System\krTZabN.exe
  C:\Windows\System\krTZabN.exe
  2⤵
  PID:5224
- C:\Windows\System\AgusLME.exe
  C:\Windows\System\AgusLME.exe
  2⤵
  PID:4720
- C:\Windows\System\BFEIFOn.exe
  C:\Windows\System\BFEIFOn.exe
  2⤵
  PID:5412
- C:\Windows\System\HdaDTps.exe
  C:\Windows\System\HdaDTps.exe
  2⤵
  PID:5468
- C:\Windows\System\eraQdaf.exe
  C:\Windows\System\eraQdaf.exe
  2⤵
  PID:5872
- C:\Windows\System\ajyFgFU.exe
  C:\Windows\System\ajyFgFU.exe
  2⤵
  PID:5700
- C:\Windows\System\sKgUoff.exe
  C:\Windows\System\sKgUoff.exe
  2⤵
  PID:5968
- C:\Windows\System\ossMnrd.exe
  C:\Windows\System\ossMnrd.exe
  2⤵
  PID:6104
- C:\Windows\System\zGxSTjH.exe
  C:\Windows\System\zGxSTjH.exe
  2⤵
  PID:5192
- C:\Windows\System\aLoCDlW.exe
  C:\Windows\System\aLoCDlW.exe
  2⤵
  PID:5336
- C:\Windows\System\bobgmvZ.exe
  C:\Windows\System\bobgmvZ.exe
  2⤵
  PID:5496
- C:\Windows\System\dfjTxbM.exe
  C:\Windows\System\dfjTxbM.exe
  2⤵
  PID:6008
- C:\Windows\System\XzMAJrO.exe
  C:\Windows\System\XzMAJrO.exe
  2⤵
  PID:5272
- C:\Windows\System\CkJRkss.exe
  C:\Windows\System\CkJRkss.exe
  2⤵
  PID:4872
- C:\Windows\System\TNvPXlJ.exe
  C:\Windows\System\TNvPXlJ.exe
  2⤵
  PID:5168
- C:\Windows\System\rJDSLrp.exe
  C:\Windows\System\rJDSLrp.exe
  2⤵
  PID:5764
- C:\Windows\System\ZGhVpUc.exe
  C:\Windows\System\ZGhVpUc.exe
  2⤵
  PID:588
- C:\Windows\System\SYgIdWp.exe
  C:\Windows\System\SYgIdWp.exe
  2⤵
  PID:5956
- C:\Windows\System\ZftdcSr.exe
  C:\Windows\System\ZftdcSr.exe
  2⤵
  PID:5664
- C:\Windows\System\PPIGCur.exe
  C:\Windows\System\PPIGCur.exe
  2⤵
  PID:5800
- C:\Windows\System\OnLlCqA.exe
  C:\Windows\System\OnLlCqA.exe
  2⤵
  PID:6064
- C:\Windows\System\KjiKZER.exe
  C:\Windows\System\KjiKZER.exe
  2⤵
  PID:6004
- C:\Windows\System\RrJOgez.exe
  C:\Windows\System\RrJOgez.exe
  2⤵
  PID:6100
- C:\Windows\System\tIzKiuI.exe
  C:\Windows\System\tIzKiuI.exe
  2⤵
  PID:6124
- C:\Windows\System\ELcfRdb.exe
  C:\Windows\System\ELcfRdb.exe
  2⤵
  PID:6152
- C:\Windows\System\QbDQgGd.exe
  C:\Windows\System\QbDQgGd.exe
  2⤵
  PID:6200
- C:\Windows\System\rlfwkZQ.exe
  C:\Windows\System\rlfwkZQ.exe
  2⤵
  PID:6220
- C:\Windows\System\CuTKOdj.exe
  C:\Windows\System\CuTKOdj.exe
  2⤵
  PID:6236
- C:\Windows\System\SraHCKz.exe
  C:\Windows\System\SraHCKz.exe
  2⤵
  PID:6252
- C:\Windows\System\ANrXywc.exe
  C:\Windows\System\ANrXywc.exe
  2⤵
  PID:6268
- C:\Windows\System\fBKuhlg.exe
  C:\Windows\System\fBKuhlg.exe
  2⤵
  PID:6288
- C:\Windows\System\CppORND.exe
  C:\Windows\System\CppORND.exe
  2⤵
  PID:6304
- C:\Windows\System\jWvsbaW.exe
  C:\Windows\System\jWvsbaW.exe
  2⤵
  PID:6320
- C:\Windows\System\xgHKwWa.exe
  C:\Windows\System\xgHKwWa.exe
  2⤵
  PID:6336
- C:\Windows\System\IKRWETR.exe
  C:\Windows\System\IKRWETR.exe
  2⤵
  PID:6368
- C:\Windows\System\cmXGElw.exe
  C:\Windows\System\cmXGElw.exe
  2⤵
  PID:6384
- C:\Windows\System\qNAPwFM.exe
  C:\Windows\System\qNAPwFM.exe
  2⤵
  PID:6412
- C:\Windows\System\npUHhmI.exe
  C:\Windows\System\npUHhmI.exe
  2⤵
  PID:6436
- C:\Windows\System\TGSgVtF.exe
  C:\Windows\System\TGSgVtF.exe
  2⤵
  PID:6452
- C:\Windows\System\vDxGuHU.exe
  C:\Windows\System\vDxGuHU.exe
  2⤵
  PID:6472
- C:\Windows\System\DcqAZzj.exe
  C:\Windows\System\DcqAZzj.exe
  2⤵
  PID:6488
- C:\Windows\System\kzWjAHe.exe
  C:\Windows\System\kzWjAHe.exe
  2⤵
  PID:6504
- C:\Windows\System\xgQIZvK.exe
  C:\Windows\System\xgQIZvK.exe
  2⤵
  PID:6524
- C:\Windows\System\eHyNUwm.exe
  C:\Windows\System\eHyNUwm.exe
  2⤵
  PID:6540
- C:\Windows\System\IYtEbwW.exe
  C:\Windows\System\IYtEbwW.exe
  2⤵
  PID:6560
- C:\Windows\System\kRgLbKv.exe
  C:\Windows\System\kRgLbKv.exe
  2⤵
  PID:6588
- C:\Windows\System\WKKiomM.exe
  C:\Windows\System\WKKiomM.exe
  2⤵
  PID:6604
- C:\Windows\System\hKJQKPD.exe
  C:\Windows\System\hKJQKPD.exe
  2⤵
  PID:6620
- C:\Windows\System\bTttKAp.exe
  C:\Windows\System\bTttKAp.exe
  2⤵
  PID:6636
- C:\Windows\System\sIorFMz.exe
  C:\Windows\System\sIorFMz.exe
  2⤵
  PID:6656
- C:\Windows\System\tCHumyX.exe
  C:\Windows\System\tCHumyX.exe
  2⤵
  PID:6676
- C:\Windows\System\IFZGGxC.exe
  C:\Windows\System\IFZGGxC.exe
  2⤵
  PID:6692
- C:\Windows\System\LvYwUSJ.exe
  C:\Windows\System\LvYwUSJ.exe
  2⤵
  PID:6708
- C:\Windows\System\goYeJrt.exe
  C:\Windows\System\goYeJrt.exe
  2⤵
  PID:6724
- C:\Windows\System\saKRaks.exe
  C:\Windows\System\saKRaks.exe
  2⤵
  PID:6740
- C:\Windows\System\tSbqYzR.exe
  C:\Windows\System\tSbqYzR.exe
  2⤵
  PID:6796
- C:\Windows\System\aFgsIPb.exe
  C:\Windows\System\aFgsIPb.exe
  2⤵
  PID:6816
- C:\Windows\System\ijAcYco.exe
  C:\Windows\System\ijAcYco.exe
  2⤵
  PID:6832
- C:\Windows\System\IksNZNZ.exe
  C:\Windows\System\IksNZNZ.exe
  2⤵
  PID:6848
- C:\Windows\System\ZcTHDhm.exe
  C:\Windows\System\ZcTHDhm.exe
  2⤵
  PID:6864
- C:\Windows\System\tOElkjP.exe
  C:\Windows\System\tOElkjP.exe
  2⤵
  PID:6888
- C:\Windows\System\DpELFWu.exe
  C:\Windows\System\DpELFWu.exe
  2⤵
  PID:6908
- C:\Windows\System\ODXDMMS.exe
  C:\Windows\System\ODXDMMS.exe
  2⤵
  PID:6924
- C:\Windows\System\ucNvEYY.exe
  C:\Windows\System\ucNvEYY.exe
  2⤵
  PID:6940
- C:\Windows\System\XxRnlZq.exe
  C:\Windows\System\XxRnlZq.exe
  2⤵
  PID:6956
- C:\Windows\System\SBCxmym.exe
  C:\Windows\System\SBCxmym.exe
  2⤵
  PID:6972
- C:\Windows\System\NJhduwo.exe
  C:\Windows\System\NJhduwo.exe
  2⤵
  PID:6988
- C:\Windows\System\QvPxQkU.exe
  C:\Windows\System\QvPxQkU.exe
  2⤵
  PID:7004
- C:\Windows\System\voLYPkW.exe
  C:\Windows\System\voLYPkW.exe
  2⤵
  PID:7024
- C:\Windows\System\QNmsbct.exe
  C:\Windows\System\QNmsbct.exe
  2⤵
  PID:7044
- C:\Windows\System\qoeuvLJ.exe
  C:\Windows\System\qoeuvLJ.exe
  2⤵
  PID:7064
- C:\Windows\System\ehPlZqN.exe
  C:\Windows\System\ehPlZqN.exe
  2⤵
  PID:7100
- C:\Windows\System\iqUjnYa.exe
  C:\Windows\System\iqUjnYa.exe
  2⤵
  PID:7120
- C:\Windows\System\JNVipxP.exe
  C:\Windows\System\JNVipxP.exe
  2⤵
  PID:7136
- C:\Windows\System\bmuusEQ.exe
  C:\Windows\System\bmuusEQ.exe
  2⤵
  PID:7152
- C:\Windows\System\BzRtEBg.exe
  C:\Windows\System\BzRtEBg.exe
  2⤵
  PID:5520
- C:\Windows\System\wdyYBwq.exe
  C:\Windows\System\wdyYBwq.exe
  2⤵
  PID:5144
- C:\Windows\System\UnTrszu.exe
  C:\Windows\System\UnTrszu.exe
  2⤵
  PID:6184
- C:\Windows\System\qByAZfS.exe
  C:\Windows\System\qByAZfS.exe
  2⤵
  PID:6188
- C:\Windows\System\owNGiug.exe
  C:\Windows\System\owNGiug.exe
  2⤵
  PID:6176
- C:\Windows\System\FbQXPYv.exe
  C:\Windows\System\FbQXPYv.exe
  2⤵
  PID:6196
- C:\Windows\System\ghwvNMh.exe
  C:\Windows\System\ghwvNMh.exe
  2⤵
  PID:6244
- C:\Windows\System\sFjcJxB.exe
  C:\Windows\System\sFjcJxB.exe
  2⤵
  PID:6284
- C:\Windows\System\Debxchg.exe
  C:\Windows\System\Debxchg.exe
  2⤵
  PID:6344
- C:\Windows\System\ujkxPbM.exe
  C:\Windows\System\ujkxPbM.exe
  2⤵
  PID:6360
- C:\Windows\System\aipXyEJ.exe
  C:\Windows\System\aipXyEJ.exe
  2⤵
  PID:6296
- C:\Windows\System\ULlrsPY.exe
  C:\Windows\System\ULlrsPY.exe
  2⤵
  PID:6300
- C:\Windows\System\UNBgZsv.exe
  C:\Windows\System\UNBgZsv.exe
  2⤵
  PID:6408
- C:\Windows\System\yRYnxEH.exe
  C:\Windows\System\yRYnxEH.exe
  2⤵
  PID:6448
- C:\Windows\System\OpMsuoy.exe
  C:\Windows\System\OpMsuoy.exe
  2⤵
  PID:6480
- C:\Windows\System\CTXaoUp.exe
  C:\Windows\System\CTXaoUp.exe
  2⤵
  PID:6464
- C:\Windows\System\ecDjvnd.exe
  C:\Windows\System\ecDjvnd.exe
  2⤵
  PID:6520
- C:\Windows\System\IzLSApO.exe
  C:\Windows\System\IzLSApO.exe
  2⤵
  PID:6468
- C:\Windows\System\CdbKcqF.exe
  C:\Windows\System\CdbKcqF.exe
  2⤵
  PID:6572
- C:\Windows\System\zEljeFQ.exe
  C:\Windows\System\zEljeFQ.exe
  2⤵
  PID:6596
- C:\Windows\System\ClKnPot.exe
  C:\Windows\System\ClKnPot.exe
  2⤵
  PID:6632
- C:\Windows\System\tEdMkOd.exe
  C:\Windows\System\tEdMkOd.exe
  2⤵
  PID:6700
- C:\Windows\System\ksuzmep.exe
  C:\Windows\System\ksuzmep.exe
  2⤵
  PID:6496
- C:\Windows\System\oKtuSti.exe
  C:\Windows\System\oKtuSti.exe
  2⤵
  PID:6644
- C:\Windows\System\SZUtIds.exe
  C:\Windows\System\SZUtIds.exe
  2⤵
  PID:6688
- C:\Windows\System\fbrubfW.exe
  C:\Windows\System\fbrubfW.exe
  2⤵
  PID:6748
- C:\Windows\System\roxUjvK.exe
  C:\Windows\System\roxUjvK.exe
  2⤵
  PID:6764
- C:\Windows\System\cjuiEgf.exe
  C:\Windows\System\cjuiEgf.exe
  2⤵
  PID:6780
- C:\Windows\System\euLLYbk.exe
  C:\Windows\System\euLLYbk.exe
  2⤵
  PID:6804
- C:\Windows\System\KDUpygm.exe
  C:\Windows\System\KDUpygm.exe
  2⤵
  PID:6812
- C:\Windows\System\ubFRXKd.exe
  C:\Windows\System\ubFRXKd.exe
  2⤵
  PID:6884
- C:\Windows\System\TfUkrGv.exe
  C:\Windows\System\TfUkrGv.exe
  2⤵
  PID:6900
- C:\Windows\System\FBhiUxs.exe
  C:\Windows\System\FBhiUxs.exe
  2⤵
  PID:6980
- C:\Windows\System\uSmYuOD.exe
  C:\Windows\System\uSmYuOD.exe
  2⤵
  PID:7052
- C:\Windows\System\JElQlQt.exe
  C:\Windows\System\JElQlQt.exe
  2⤵
  PID:6964
- C:\Windows\System\aJpMsVq.exe
  C:\Windows\System\aJpMsVq.exe
  2⤵
  PID:6996
- C:\Windows\System\hmTNknH.exe
  C:\Windows\System\hmTNknH.exe
  2⤵
  PID:7072
- C:\Windows\System\hFxdYel.exe
  C:\Windows\System\hFxdYel.exe
  2⤵
  PID:6904
- C:\Windows\System\vqMGDvs.exe
  C:\Windows\System\vqMGDvs.exe
  2⤵
  PID:5784
- C:\Windows\System\IMEFMZA.exe
  C:\Windows\System\IMEFMZA.exe
  2⤵
  PID:6172
- C:\Windows\System\eFPriJY.exe
  C:\Windows\System\eFPriJY.exe
  2⤵
  PID:6264
- C:\Windows\System\yCTvBOf.exe
  C:\Windows\System\yCTvBOf.exe
  2⤵
  PID:6552
- C:\Windows\System\WoUthgX.exe
  C:\Windows\System\WoUthgX.exe
  2⤵
  PID:6556
- C:\Windows\System\tEjknfM.exe
  C:\Windows\System\tEjknfM.exe
  2⤵
  PID:6500
- C:\Windows\System\ROXoZpo.exe
  C:\Windows\System\ROXoZpo.exe
  2⤵
  PID:6628
- C:\Windows\System\AOjQcJn.exe
  C:\Windows\System\AOjQcJn.exe
  2⤵
  PID:6716
- C:\Windows\System\wiXvSuf.exe
  C:\Windows\System\wiXvSuf.exe
  2⤵
  PID:6756
- C:\Windows\System\uTBFEuQ.exe
  C:\Windows\System\uTBFEuQ.exe
  2⤵
  PID:6844
- C:\Windows\System\hEpacrz.exe
  C:\Windows\System\hEpacrz.exe
  2⤵
  PID:6760
- C:\Windows\System\cTYIxPs.exe
  C:\Windows\System\cTYIxPs.exe
  2⤵
  PID:7080
- C:\Windows\System\ZJLtsEj.exe
  C:\Windows\System\ZJLtsEj.exe
  2⤵
  PID:6880
- C:\Windows\System\AByEXIT.exe
  C:\Windows\System\AByEXIT.exe
  2⤵
  PID:6936
- C:\Windows\System\wNPypds.exe
  C:\Windows\System\wNPypds.exe
  2⤵
  PID:6860
- C:\Windows\System\gVgxNfa.exe
  C:\Windows\System\gVgxNfa.exe
  2⤵
  PID:7092
- C:\Windows\System\nKNTSSG.exe
  C:\Windows\System\nKNTSSG.exe
  2⤵
  PID:7112
- C:\Windows\System\hEABBqg.exe
  C:\Windows\System\hEABBqg.exe
  2⤵
  PID:7160
- C:\Windows\System\qCRliFV.exe
  C:\Windows\System\qCRliFV.exe
  2⤵
  PID:6432
- C:\Windows\System\vggtSxD.exe
  C:\Windows\System\vggtSxD.exe
  2⤵
  PID:6148
- C:\Windows\System\iJofQnM.exe
  C:\Windows\System\iJofQnM.exe
  2⤵
  PID:5772
- C:\Windows\System\iPjeSha.exe
  C:\Windows\System\iPjeSha.exe
  2⤵
  PID:5720
- C:\Windows\System\pkMBNRd.exe
  C:\Windows\System\pkMBNRd.exe
  2⤵
  PID:5616
- C:\Windows\System\KbWHVCg.exe
  C:\Windows\System\KbWHVCg.exe
  2⤵
  PID:6332
- C:\Windows\System\LqKOEXR.exe
  C:\Windows\System\LqKOEXR.exe
  2⤵
  PID:6400
- C:\Windows\System\DLfwNBv.exe
  C:\Windows\System\DLfwNBv.exe
  2⤵
  PID:6612
- C:\Windows\System\wnaIQpi.exe
  C:\Windows\System\wnaIQpi.exe
  2⤵
  PID:6736
- C:\Windows\System\rrHAJvk.exe
  C:\Windows\System\rrHAJvk.exe
  2⤵
  PID:6916
- C:\Windows\System\JNikjVs.exe
  C:\Windows\System\JNikjVs.exe
  2⤵
  PID:6792
- C:\Windows\System\roGvwrI.exe
  C:\Windows\System\roGvwrI.exe
  2⤵
  PID:7040
- C:\Windows\System\XpEYIgG.exe
  C:\Windows\System\XpEYIgG.exe
  2⤵
  PID:7088
- C:\Windows\System\tGBNtch.exe
  C:\Windows\System\tGBNtch.exe
  2⤵
  PID:7132
- C:\Windows\System\JjMGZMv.exe
  C:\Windows\System\JjMGZMv.exe
  2⤵
  PID:7116
- C:\Windows\System\cDeyMUK.exe
  C:\Windows\System\cDeyMUK.exe
  2⤵
  PID:6516
- C:\Windows\System\RWRnCeK.exe
  C:\Windows\System\RWRnCeK.exe
  2⤵
  PID:6420
- C:\Windows\System\pYhrJyq.exe
  C:\Windows\System\pYhrJyq.exe
  2⤵
  PID:7036
- C:\Windows\System\zPeYqfo.exe
  C:\Windows\System\zPeYqfo.exe
  2⤵
  PID:7180
- C:\Windows\System\ZQYtYdD.exe
  C:\Windows\System\ZQYtYdD.exe
  2⤵
  PID:7196
- C:\Windows\System\QwBtnKS.exe
  C:\Windows\System\QwBtnKS.exe
  2⤵
  PID:7212
- C:\Windows\System\pdauvuL.exe
  C:\Windows\System\pdauvuL.exe
  2⤵
  PID:7228
- C:\Windows\System\HGJxwJw.exe
  C:\Windows\System\HGJxwJw.exe
  2⤵
  PID:7244
- C:\Windows\System\OzmMFXq.exe
  C:\Windows\System\OzmMFXq.exe
  2⤵
  PID:7260
- C:\Windows\System\FCCAcYd.exe
  C:\Windows\System\FCCAcYd.exe
  2⤵
  PID:7276
- C:\Windows\System\dwjmDVz.exe
  C:\Windows\System\dwjmDVz.exe
  2⤵
  PID:7292
- C:\Windows\System\xwFzpfe.exe
  C:\Windows\System\xwFzpfe.exe
  2⤵
  PID:7308
- C:\Windows\System\PDTlPSm.exe
  C:\Windows\System\PDTlPSm.exe
  2⤵
  PID:7324
- C:\Windows\System\WUIsLCz.exe
  C:\Windows\System\WUIsLCz.exe
  2⤵
  PID:7340
- C:\Windows\System\XVCDAiT.exe
  C:\Windows\System\XVCDAiT.exe
  2⤵
  PID:7356
- C:\Windows\System\jxNOEbO.exe
  C:\Windows\System\jxNOEbO.exe
  2⤵
  PID:7372
- C:\Windows\System\pLftTrP.exe
  C:\Windows\System\pLftTrP.exe
  2⤵
  PID:7388
- C:\Windows\System\yDFWQoi.exe
  C:\Windows\System\yDFWQoi.exe
  2⤵
  PID:7404
- C:\Windows\System\meeqGGq.exe
  C:\Windows\System\meeqGGq.exe
  2⤵
  PID:7420
- C:\Windows\System\gNLVUYv.exe
  C:\Windows\System\gNLVUYv.exe
  2⤵
  PID:7436
- C:\Windows\System\QkZgIlO.exe
  C:\Windows\System\QkZgIlO.exe
  2⤵
  PID:7452
- C:\Windows\System\tcnDmCU.exe
  C:\Windows\System\tcnDmCU.exe
  2⤵
  PID:7468
- C:\Windows\System\irxwWRc.exe
  C:\Windows\System\irxwWRc.exe
  2⤵
  PID:7484
- C:\Windows\System\gekxyIO.exe
  C:\Windows\System\gekxyIO.exe
  2⤵
  PID:7500
- C:\Windows\System\RliXXdv.exe
  C:\Windows\System\RliXXdv.exe
  2⤵
  PID:7516
- C:\Windows\System\ejQcocc.exe
  C:\Windows\System\ejQcocc.exe
  2⤵
  PID:7532
- C:\Windows\System\PUshQyV.exe
  C:\Windows\System\PUshQyV.exe
  2⤵
  PID:7548
- C:\Windows\System\nJfFhnr.exe
  C:\Windows\System\nJfFhnr.exe
  2⤵
  PID:7564
- C:\Windows\System\FNwPFut.exe
  C:\Windows\System\FNwPFut.exe
  2⤵
  PID:7580
- C:\Windows\System\WMHhBED.exe
  C:\Windows\System\WMHhBED.exe
  2⤵
  PID:7596
- C:\Windows\System\sZiQxwp.exe
  C:\Windows\System\sZiQxwp.exe
  2⤵
  PID:7612
- C:\Windows\System\pAMeVQu.exe
  C:\Windows\System\pAMeVQu.exe
  2⤵
  PID:7628
- C:\Windows\System\ooqDkUu.exe
  C:\Windows\System\ooqDkUu.exe
  2⤵
  PID:7644
- C:\Windows\System\lJJNWXL.exe
  C:\Windows\System\lJJNWXL.exe
  2⤵
  PID:7660
- C:\Windows\System\EAOzrQr.exe
  C:\Windows\System\EAOzrQr.exe
  2⤵
  PID:7676
- C:\Windows\System\tDirFph.exe
  C:\Windows\System\tDirFph.exe
  2⤵
  PID:7692
- C:\Windows\System\WEFEYdp.exe
  C:\Windows\System\WEFEYdp.exe
  2⤵
  PID:7708
- C:\Windows\System\xohVQUP.exe
  C:\Windows\System\xohVQUP.exe
  2⤵
  PID:7724
- C:\Windows\System\btUaofS.exe
  C:\Windows\System\btUaofS.exe
  2⤵
  PID:7740
- C:\Windows\System\jmeiMuV.exe
  C:\Windows\System\jmeiMuV.exe
  2⤵
  PID:7756
- C:\Windows\System\EMksFjn.exe
  C:\Windows\System\EMksFjn.exe
  2⤵
  PID:7772
- C:\Windows\System\bMqCBue.exe
  C:\Windows\System\bMqCBue.exe
  2⤵
  PID:7788
- C:\Windows\System\XncxKkx.exe
  C:\Windows\System\XncxKkx.exe
  2⤵
  PID:7804
- C:\Windows\System\dKoqShj.exe
  C:\Windows\System\dKoqShj.exe
  2⤵
  PID:7820
- C:\Windows\System\cwUSCHV.exe
  C:\Windows\System\cwUSCHV.exe
  2⤵
  PID:7836
- C:\Windows\System\PlqMJVQ.exe
  C:\Windows\System\PlqMJVQ.exe
  2⤵
  PID:7852
- C:\Windows\System\MOZKJpW.exe
  C:\Windows\System\MOZKJpW.exe
  2⤵
  PID:7868
- C:\Windows\System\TrcGaxg.exe
  C:\Windows\System\TrcGaxg.exe
  2⤵
  PID:7884
- C:\Windows\System\XoRbgAZ.exe
  C:\Windows\System\XoRbgAZ.exe
  2⤵
  PID:7900
- C:\Windows\System\gJBKJJn.exe
  C:\Windows\System\gJBKJJn.exe
  2⤵
  PID:7916
- C:\Windows\System\eZBjpry.exe
  C:\Windows\System\eZBjpry.exe
  2⤵
  PID:7932
- C:\Windows\System\ZzfhUnA.exe
  C:\Windows\System\ZzfhUnA.exe
  2⤵
  PID:7948
- C:\Windows\System\dyAjWhE.exe
  C:\Windows\System\dyAjWhE.exe
  2⤵
  PID:7984
- C:\Windows\System\tpnhsQx.exe
  C:\Windows\System\tpnhsQx.exe
  2⤵
  PID:8004
- C:\Windows\System\inhqOje.exe
  C:\Windows\System\inhqOje.exe
  2⤵
  PID:8020
- C:\Windows\System\ccDosAN.exe
  C:\Windows\System\ccDosAN.exe
  2⤵
  PID:8040
- C:\Windows\System\fKNNpPp.exe
  C:\Windows\System\fKNNpPp.exe
  2⤵
  PID:8056
- C:\Windows\System\pbHhEDd.exe
  C:\Windows\System\pbHhEDd.exe
  2⤵
  PID:8072
- C:\Windows\System\ZFICXIn.exe
  C:\Windows\System\ZFICXIn.exe
  2⤵
  PID:8088
- C:\Windows\System\gCsYhUO.exe
  C:\Windows\System\gCsYhUO.exe
  2⤵
  PID:8104
- C:\Windows\System\HwdqzdQ.exe
  C:\Windows\System\HwdqzdQ.exe
  2⤵
  PID:8120
- C:\Windows\System\WTcikbP.exe
  C:\Windows\System\WTcikbP.exe
  2⤵
  PID:8136
- C:\Windows\System\CrcelFf.exe
  C:\Windows\System\CrcelFf.exe
  2⤵
  PID:8152
- C:\Windows\System\glgqdiu.exe
  C:\Windows\System\glgqdiu.exe
  2⤵
  PID:8168
- C:\Windows\System\luXoavH.exe
  C:\Windows\System\luXoavH.exe
  2⤵
  PID:8184
- C:\Windows\System\KWPJAxa.exe
  C:\Windows\System\KWPJAxa.exe
  2⤵
  PID:6404
- C:\Windows\System\KUKSsLx.exe
  C:\Windows\System\KUKSsLx.exe
  2⤵
  PID:6672
- C:\Windows\System\YbFfteM.exe
  C:\Windows\System\YbFfteM.exe
  2⤵
  PID:7084
- C:\Windows\System\FuYsRWn.exe
  C:\Windows\System\FuYsRWn.exe
  2⤵
  PID:7220
- C:\Windows\System\NeSirRE.exe
  C:\Windows\System\NeSirRE.exe
  2⤵
  PID:7288
- C:\Windows\System\IDJMvcW.exe
  C:\Windows\System\IDJMvcW.exe
  2⤵
  PID:5332
- C:\Windows\System\KYBLfVE.exe
  C:\Windows\System\KYBLfVE.exe
  2⤵
  PID:7208
- C:\Windows\System\ztBZySD.exe
  C:\Windows\System\ztBZySD.exe
  2⤵
  PID:5432
- C:\Windows\System\TUJDZye.exe
  C:\Windows\System\TUJDZye.exe
  2⤵
  PID:7304
- C:\Windows\System\VdTDCsO.exe
  C:\Windows\System\VdTDCsO.exe
  2⤵
  PID:7320
- C:\Windows\System\NApoMRm.exe
  C:\Windows\System\NApoMRm.exe
  2⤵
  PID:7380
- C:\Windows\System\dWlQMOt.exe
  C:\Windows\System\dWlQMOt.exe
  2⤵
  PID:7400
- C:\Windows\System\nognWBd.exe
  C:\Windows\System\nognWBd.exe
  2⤵
  PID:7480
- C:\Windows\System\nUIyfuh.exe
  C:\Windows\System\nUIyfuh.exe
  2⤵
  PID:7496
- C:\Windows\System\rGwNSPF.exe
  C:\Windows\System\rGwNSPF.exe
  2⤵
  PID:7464
- C:\Windows\System\PLKHrlb.exe
  C:\Windows\System\PLKHrlb.exe
  2⤵
  PID:7528
- C:\Windows\System\BeazpVB.exe
  C:\Windows\System\BeazpVB.exe
  2⤵
  PID:7572
- C:\Windows\System\cEdTJcv.exe
  C:\Windows\System\cEdTJcv.exe
  2⤵
  PID:7656
- C:\Windows\System\iwPsjSt.exe
  C:\Windows\System\iwPsjSt.exe
  2⤵
  PID:7560
- C:\Windows\System\SesPMQL.exe
  C:\Windows\System\SesPMQL.exe
  2⤵
  PID:7700
- C:\Windows\System\FoAjaJT.exe
  C:\Windows\System\FoAjaJT.exe
  2⤵
  PID:7716
- C:\Windows\System\jqHDMjS.exe
  C:\Windows\System\jqHDMjS.exe
  2⤵
  PID:7780
- C:\Windows\System\IWWpiAx.exe
  C:\Windows\System\IWWpiAx.exe
  2⤵
  PID:7796
- C:\Windows\System\MpVKLls.exe
  C:\Windows\System\MpVKLls.exe
  2⤵
  PID:7832
- C:\Windows\System\TZDPNKi.exe
  C:\Windows\System\TZDPNKi.exe
  2⤵
  PID:7848
- C:\Windows\System\amgsMRR.exe
  C:\Windows\System\amgsMRR.exe
  2⤵
  PID:7876
- C:\Windows\System\OkPwMVp.exe
  C:\Windows\System\OkPwMVp.exe
  2⤵
  PID:3040
- C:\Windows\System\utbQHhu.exe
  C:\Windows\System\utbQHhu.exe
  2⤵
  PID:7960
- C:\Windows\System\TkoYJIj.exe
  C:\Windows\System\TkoYJIj.exe
  2⤵
  PID:7976
- C:\Windows\System\zAmalqd.exe
  C:\Windows\System\zAmalqd.exe
  2⤵
  PID:8028
- C:\Windows\System\eWsHkHm.exe
  C:\Windows\System\eWsHkHm.exe
  2⤵
  PID:8000
- C:\Windows\System\NTGYHEz.exe
  C:\Windows\System\NTGYHEz.exe
  2⤵
  PID:8080
- C:\Windows\System\ERvzEfM.exe
  C:\Windows\System\ERvzEfM.exe
  2⤵
  PID:8112
- C:\Windows\System\NXJAqUt.exe
  C:\Windows\System\NXJAqUt.exe
  2⤵
  PID:8176
- C:\Windows\System\xUuwnTe.exe
  C:\Windows\System\xUuwnTe.exe
  2⤵
  PID:7076
- C:\Windows\System\trBWNwN.exe
  C:\Windows\System\trBWNwN.exe
  2⤵
  PID:8164
- C:\Windows\System\altMyKR.exe
  C:\Windows\System\altMyKR.exe
  2⤵
  PID:8100
- C:\Windows\System\TbijeaJ.exe
  C:\Windows\System\TbijeaJ.exe
  2⤵
  PID:7272
- C:\Windows\System\COQXPQD.exe
  C:\Windows\System\COQXPQD.exe
  2⤵
  PID:7432
- C:\Windows\System\rPFWwNV.exe
  C:\Windows\System\rPFWwNV.exe
  2⤵
  PID:7172
- C:\Windows\System\FwrnLca.exe
  C:\Windows\System\FwrnLca.exe
  2⤵
  PID:7352
- C:\Windows\System\ooknPop.exe
  C:\Windows\System\ooknPop.exe
  2⤵
  PID:7544
- C:\Windows\System\ZSnWfXQ.exe
  C:\Windows\System\ZSnWfXQ.exe
  2⤵
  PID:7588
- C:\Windows\System\PfOGCUF.exe
  C:\Windows\System\PfOGCUF.exe
  2⤵
  PID:7732
- C:\Windows\System\WGvVTOj.exe
  C:\Windows\System\WGvVTOj.exe
  2⤵
  PID:7956
- C:\Windows\System\yqMCrXm.exe
  C:\Windows\System\yqMCrXm.exe
  2⤵
  PID:7968
- C:\Windows\System\ZsOCbKA.exe
  C:\Windows\System\ZsOCbKA.exe
  2⤵
  PID:8068
- C:\Windows\System\VzjZEyY.exe
  C:\Windows\System\VzjZEyY.exe
  2⤵
  PID:8132
- C:\Windows\System\MwycMXj.exe
  C:\Windows\System\MwycMXj.exe
  2⤵
  PID:8084
- C:\Windows\System\vpBbhMO.exe
  C:\Windows\System\vpBbhMO.exe
  2⤵
  PID:7252
- C:\Windows\System\pDoCLCG.exe
  C:\Windows\System\pDoCLCG.exe
  2⤵
  PID:7128
- C:\Windows\System\PSlNDnz.exe
  C:\Windows\System\PSlNDnz.exe
  2⤵
  PID:7240
- C:\Windows\System\FQrMBYE.exe
  C:\Windows\System\FQrMBYE.exe
  2⤵
  PID:7364
- C:\Windows\System\PtqQatM.exe
  C:\Windows\System\PtqQatM.exe
  2⤵
  PID:7448
- C:\Windows\System\rabgoPy.exe
  C:\Windows\System\rabgoPy.exe
  2⤵
  PID:7512
- C:\Windows\System\QSBBYMr.exe
  C:\Windows\System\QSBBYMr.exe
  2⤵
  PID:7636
- C:\Windows\System\lsQqRAN.exe
  C:\Windows\System\lsQqRAN.exe
  2⤵
  PID:7652
- C:\Windows\System\efEloYA.exe
  C:\Windows\System\efEloYA.exe
  2⤵
  PID:7812
- C:\Windows\System\TgOrVLr.exe
  C:\Windows\System\TgOrVLr.exe
  2⤵
  PID:7620
- C:\Windows\System\eobHUWa.exe
  C:\Windows\System\eobHUWa.exe
  2⤵
  PID:7880
- C:\Windows\System\BZnXbhV.exe
  C:\Windows\System\BZnXbhV.exe
  2⤵
  PID:7844
- C:\Windows\System\UvsmoJg.exe
  C:\Windows\System\UvsmoJg.exe
  2⤵
  PID:8148
- C:\Windows\System\mrskGiX.exe
  C:\Windows\System\mrskGiX.exe
  2⤵
  PID:7300
- C:\Windows\System\ybOxeew.exe
  C:\Windows\System\ybOxeew.exe
  2⤵
  PID:8096
- C:\Windows\System\ieUcUug.exe
  C:\Windows\System\ieUcUug.exe
  2⤵
  PID:6212
- C:\Windows\System\elKZbGt.exe
  C:\Windows\System\elKZbGt.exe
  2⤵
  PID:7428
- C:\Windows\System\udVKuGK.exe
  C:\Windows\System\udVKuGK.exe
  2⤵
  PID:7704
- C:\Windows\System\rfeMnRF.exe
  C:\Windows\System\rfeMnRF.exe
  2⤵
  PID:7928
- C:\Windows\System\qJQtKvK.exe
  C:\Windows\System\qJQtKvK.exe
  2⤵
  PID:7924
- C:\Windows\System\sQHBLfV.exe
  C:\Windows\System\sQHBLfV.exe
  2⤵
  PID:8128
- C:\Windows\System\EGhWmyS.exe
  C:\Windows\System\EGhWmyS.exe
  2⤵
  PID:7592
- C:\Windows\System\sBflVaT.exe
  C:\Windows\System\sBflVaT.exe
  2⤵
  PID:8208
- C:\Windows\System\gHMrYzd.exe
  C:\Windows\System\gHMrYzd.exe
  2⤵
  PID:8224
- C:\Windows\System\YeeVOBe.exe
  C:\Windows\System\YeeVOBe.exe
  2⤵
  PID:8240
- C:\Windows\System\lDyEKPP.exe
  C:\Windows\System\lDyEKPP.exe
  2⤵
  PID:8264
- C:\Windows\System\ZBGwDEq.exe
  C:\Windows\System\ZBGwDEq.exe
  2⤵
  PID:8280
- C:\Windows\System\xnWWoUy.exe
  C:\Windows\System\xnWWoUy.exe
  2⤵
  PID:8300
- C:\Windows\System\eZTMcLu.exe
  C:\Windows\System\eZTMcLu.exe
  2⤵
  PID:8316
- C:\Windows\System\zrGWGhp.exe
  C:\Windows\System\zrGWGhp.exe
  2⤵
  PID:8332
- C:\Windows\System\lpbFFrq.exe
  C:\Windows\System\lpbFFrq.exe
  2⤵
  PID:8348
- C:\Windows\System\ORSyPPC.exe
  C:\Windows\System\ORSyPPC.exe
  2⤵
  PID:8364
- C:\Windows\System\pXLhGsq.exe
  C:\Windows\System\pXLhGsq.exe
  2⤵
  PID:8380
- C:\Windows\System\sBRTBPV.exe
  C:\Windows\System\sBRTBPV.exe
  2⤵
  PID:8400
- C:\Windows\System\TffEVRh.exe
  C:\Windows\System\TffEVRh.exe
  2⤵
  PID:8416
- C:\Windows\System\dPbNhdS.exe
  C:\Windows\System\dPbNhdS.exe
  2⤵
  PID:8432
- C:\Windows\System\IveZFYg.exe
  C:\Windows\System\IveZFYg.exe
  2⤵
  PID:8536
- C:\Windows\System\WewvTxR.exe
  C:\Windows\System\WewvTxR.exe
  2⤵
  PID:8560
- C:\Windows\System\AbWPYso.exe
  C:\Windows\System\AbWPYso.exe
  2⤵
  PID:8576
- C:\Windows\System\ynSfmJK.exe
  C:\Windows\System\ynSfmJK.exe
  2⤵
  PID:8592
- C:\Windows\System\RYVzodr.exe
  C:\Windows\System\RYVzodr.exe
  2⤵
  PID:8608
- C:\Windows\System\ypNXFwV.exe
  C:\Windows\System\ypNXFwV.exe
  2⤵
  PID:8624
- C:\Windows\System\nJBdtvI.exe
  C:\Windows\System\nJBdtvI.exe
  2⤵
  PID:8644
- C:\Windows\System\sOHWbFO.exe
  C:\Windows\System\sOHWbFO.exe
  2⤵
  PID:8660
- C:\Windows\System\vwXMrBw.exe
  C:\Windows\System\vwXMrBw.exe
  2⤵
  PID:8680
- C:\Windows\System\JcjVfss.exe
  C:\Windows\System\JcjVfss.exe
  2⤵
  PID:8700
- C:\Windows\System\SjTRZzT.exe
  C:\Windows\System\SjTRZzT.exe
  2⤵
  PID:8716
- C:\Windows\System\BdcvFeO.exe
  C:\Windows\System\BdcvFeO.exe
  2⤵
  PID:8732
- C:\Windows\System\EaDelCJ.exe
  C:\Windows\System\EaDelCJ.exe
  2⤵
  PID:8748
- C:\Windows\System\ZznRLkK.exe
  C:\Windows\System\ZznRLkK.exe
  2⤵
  PID:8764
- C:\Windows\System\TSKBYKy.exe
  C:\Windows\System\TSKBYKy.exe
  2⤵
  PID:8784
- C:\Windows\System\gMHwyJn.exe
  C:\Windows\System\gMHwyJn.exe
  2⤵
  PID:8816
- C:\Windows\System\zyKQygQ.exe
  C:\Windows\System\zyKQygQ.exe
  2⤵
  PID:8860
- C:\Windows\System\zBWtbFY.exe
  C:\Windows\System\zBWtbFY.exe
  2⤵
  PID:8876
- C:\Windows\System\vAfsvCb.exe
  C:\Windows\System\vAfsvCb.exe
  2⤵
  PID:8892
- C:\Windows\System\YQLxKQo.exe
  C:\Windows\System\YQLxKQo.exe
  2⤵
  PID:8916
- C:\Windows\System\kxHRKeq.exe
  C:\Windows\System\kxHRKeq.exe
  2⤵
  PID:8932
- C:\Windows\System\tEnuiRv.exe
  C:\Windows\System\tEnuiRv.exe
  2⤵
  PID:8948
- C:\Windows\System\xObvOuX.exe
  C:\Windows\System\xObvOuX.exe
  2⤵
  PID:8964
- C:\Windows\System\aWJBMzm.exe
  C:\Windows\System\aWJBMzm.exe
  2⤵
  PID:8980
- C:\Windows\System\skhOoOR.exe
  C:\Windows\System\skhOoOR.exe
  2⤵
  PID:9004
- C:\Windows\System\CNEAZQV.exe
  C:\Windows\System\CNEAZQV.exe
  2⤵
  PID:9020
- C:\Windows\System\rMfuYsk.exe
  C:\Windows\System\rMfuYsk.exe
  2⤵
  PID:9036
- C:\Windows\System\fXOLQrV.exe
  C:\Windows\System\fXOLQrV.exe
  2⤵
  PID:9052
- C:\Windows\System\nepgqTI.exe
  C:\Windows\System\nepgqTI.exe
  2⤵
  PID:9068
- C:\Windows\System\OiWiMit.exe
  C:\Windows\System\OiWiMit.exe
  2⤵
  PID:9084
- C:\Windows\System\wZaEYfB.exe
  C:\Windows\System\wZaEYfB.exe
  2⤵
  PID:9100
- C:\Windows\System\Zxludfz.exe
  C:\Windows\System\Zxludfz.exe
  2⤵
  PID:9116
- C:\Windows\System\lhESUGC.exe
  C:\Windows\System\lhESUGC.exe
  2⤵
  PID:9132
- C:\Windows\System\xQPoVnN.exe
  C:\Windows\System\xQPoVnN.exe
  2⤵
  PID:9148
- C:\Windows\System\udPAkyB.exe
  C:\Windows\System\udPAkyB.exe
  2⤵
  PID:9164
- C:\Windows\System\LoQdTOc.exe
  C:\Windows\System\LoQdTOc.exe
  2⤵
  PID:9180
- C:\Windows\System\edZhjFq.exe
  C:\Windows\System\edZhjFq.exe
  2⤵
  PID:9196
- C:\Windows\System\DMrtEqs.exe
  C:\Windows\System\DMrtEqs.exe
  2⤵
  PID:8640
- C:\Windows\System\QsBNUMZ.exe
  C:\Windows\System\QsBNUMZ.exe
  2⤵
  PID:8840
- C:\Windows\System\NgizhUe.exe
  C:\Windows\System\NgizhUe.exe
  2⤵
  PID:9156
- C:\Windows\System\iIuVNte.exe
  C:\Windows\System\iIuVNte.exe
  2⤵
  PID:9076
- C:\Windows\System\CJKOERR.exe
  C:\Windows\System\CJKOERR.exe
  2⤵
  PID:9204
- C:\Windows\System\LOaMtCg.exe
  C:\Windows\System\LOaMtCg.exe
  2⤵
  PID:9212
- C:\Windows\System\hWZZgNH.exe
  C:\Windows\System\hWZZgNH.exe
  2⤵
  PID:7752
- C:\Windows\System\kCauakk.exe
  C:\Windows\System\kCauakk.exe
  2⤵
  PID:8200
- C:\Windows\System\dBDQiiV.exe
  C:\Windows\System\dBDQiiV.exe
  2⤵
  PID:8236
- C:\Windows\System\wwZpiOB.exe
  C:\Windows\System\wwZpiOB.exe
  2⤵
  PID:1704
- C:\Windows\System\ovJQgik.exe
  C:\Windows\System\ovJQgik.exe
  2⤵
  PID:8312
- C:\Windows\System\tKVFJab.exe
  C:\Windows\System\tKVFJab.exe
  2⤵
  PID:8376
- C:\Windows\System\sINDqpF.exe
  C:\Windows\System\sINDqpF.exe
  2⤵
  PID:8408
- C:\Windows\System\WwGImFu.exe
  C:\Windows\System\WwGImFu.exe
  2⤵
  PID:8356
- C:\Windows\System\XRmveWe.exe
  C:\Windows\System\XRmveWe.exe
  2⤵
  PID:8444
- C:\Windows\System\VTZYGgw.exe
  C:\Windows\System\VTZYGgw.exe
  2⤵
  PID:8456
- C:\Windows\System\iwRrrZm.exe
  C:\Windows\System\iwRrrZm.exe
  2⤵
  PID:8472
- C:\Windows\System\gIvtxcZ.exe
  C:\Windows\System\gIvtxcZ.exe
  2⤵
  PID:8488
- C:\Windows\System\boJUcHr.exe
  C:\Windows\System\boJUcHr.exe
  2⤵
  PID:8512
- C:\Windows\System\ToMNUff.exe
  C:\Windows\System\ToMNUff.exe
  2⤵
  PID:8544
- C:\Windows\System\lQAkpNH.exe
  C:\Windows\System\lQAkpNH.exe
  2⤵
  PID:8588
- C:\Windows\System\oNaZhpW.exe
  C:\Windows\System\oNaZhpW.exe
  2⤵
  PID:8636
- C:\Windows\System\KBeutYN.exe
  C:\Windows\System\KBeutYN.exe
  2⤵
  PID:8708
- C:\Windows\System\QOBkaqX.exe
  C:\Windows\System\QOBkaqX.exe
  2⤵
  PID:8832
- C:\Windows\System\bpQIOFe.exe
  C:\Windows\System\bpQIOFe.exe
  2⤵
  PID:8744
- C:\Windows\System\jAZdDxd.exe
  C:\Windows\System\jAZdDxd.exe
  2⤵
  PID:8760
- C:\Windows\System\GnwuiMN.exe
  C:\Windows\System\GnwuiMN.exe
  2⤵
  PID:8780
- C:\Windows\System\CqrmxKN.exe
  C:\Windows\System\CqrmxKN.exe
  2⤵
  PID:8956
- C:\Windows\System\TyKOotf.exe
  C:\Windows\System\TyKOotf.exe
  2⤵
  PID:8996
- C:\Windows\System\gPxUkQv.exe
  C:\Windows\System\gPxUkQv.exe
  2⤵
  PID:8972
- C:\Windows\System\ESEoYeP.exe
  C:\Windows\System\ESEoYeP.exe
  2⤵
  PID:8904
- C:\Windows\System\lSREJXO.exe
  C:\Windows\System\lSREJXO.exe
  2⤵
  PID:9028
- C:\Windows\System\WFUtGvK.exe
  C:\Windows\System\WFUtGvK.exe
  2⤵
  PID:9096
- C:\Windows\System\FpnUUqM.exe
  C:\Windows\System\FpnUUqM.exe
  2⤵
  PID:9000
- C:\Windows\System\rOcIoOV.exe
  C:\Windows\System\rOcIoOV.exe
  2⤵
  PID:9016
- C:\Windows\System\QTtxvTX.exe
  C:\Windows\System\QTtxvTX.exe
  2⤵
  PID:9192
- C:\Windows\System\XuOAPAv.exe
  C:\Windows\System\XuOAPAv.exe
  2⤵
  PID:8144
- C:\Windows\System\UNyIuSg.exe
  C:\Windows\System\UNyIuSg.exe
  2⤵
  PID:6036
- C:\Windows\System\JxlcQyO.exe
  C:\Windows\System\JxlcQyO.exe
  2⤵
  PID:8272
- C:\Windows\System\OdYaqze.exe
  C:\Windows\System\OdYaqze.exe
  2⤵
  PID:8276
- C:\Windows\System\WHxgrqX.exe
  C:\Windows\System\WHxgrqX.exe
  2⤵
  PID:8448
- C:\Windows\System\TdyJyOU.exe
  C:\Windows\System\TdyJyOU.exe
  2⤵
  PID:8520
- C:\Windows\System\ugueJLl.exe
  C:\Windows\System\ugueJLl.exe
  2⤵
  PID:8412
- C:\Windows\System\sAwMObe.exe
  C:\Windows\System\sAwMObe.exe
  2⤵
  PID:8496
- C:\Windows\System\jNXcbjO.exe
  C:\Windows\System\jNXcbjO.exe
  2⤵
  PID:8552
- C:\Windows\System\PMvkAwg.exe
  C:\Windows\System\PMvkAwg.exe
  2⤵
  PID:8692
- C:\Windows\System\HFnVhqD.exe
  C:\Windows\System\HFnVhqD.exe
  2⤵
  PID:8724
- C:\Windows\System\OLGBkCs.exe
  C:\Windows\System\OLGBkCs.exe
  2⤵
  PID:8824
- C:\Windows\System\OssUQXb.exe
  C:\Windows\System\OssUQXb.exe
  2⤵
  PID:8884
- C:\Windows\System\SxQwEQj.exe
  C:\Windows\System\SxQwEQj.exe
  2⤵
  PID:8988
- C:\Windows\System\bgdlEcJ.exe
  C:\Windows\System\bgdlEcJ.exe
  2⤵
  PID:8900
- C:\Windows\System\TorILEE.exe
  C:\Windows\System\TorILEE.exe
  2⤵
  PID:9044
- C:\Windows\System\paOSfZT.exe
  C:\Windows\System\paOSfZT.exe
  2⤵
  PID:9188
- C:\Windows\System\GvYqyHD.exe
  C:\Windows\System\GvYqyHD.exe
  2⤵
  PID:8220
- C:\Windows\System\EySIZhR.exe
  C:\Windows\System\EySIZhR.exe
  2⤵
  PID:8232
- C:\Windows\System\FDhRzAg.exe
  C:\Windows\System\FDhRzAg.exe
  2⤵
  PID:8256
- C:\Windows\System\rGmVkGz.exe
  C:\Windows\System\rGmVkGz.exe
  2⤵
  PID:8452
- C:\Windows\System\zwWEuWA.exe
  C:\Windows\System\zwWEuWA.exe
  2⤵
  PID:8328
- C:\Windows\System\DkELDvB.exe
  C:\Windows\System\DkELDvB.exe
  2⤵
  PID:8584
- C:\Windows\System\rLcONcr.exe
  C:\Windows\System\rLcONcr.exe
  2⤵
  PID:8604
- C:\Windows\System\RuyFDiq.exe
  C:\Windows\System\RuyFDiq.exe
  2⤵
  PID:8672
- C:\Windows\System\pSHTIrO.exe
  C:\Windows\System\pSHTIrO.exe
  2⤵
  PID:8848
- C:\Windows\System\gxEYFOQ.exe
  C:\Windows\System\gxEYFOQ.exe
  2⤵
  PID:9032
- C:\Windows\System\MHEWiIC.exe
  C:\Windows\System\MHEWiIC.exe
  2⤵
  PID:9124
- C:\Windows\System\zXReWZo.exe
  C:\Windows\System\zXReWZo.exe
  2⤵
  PID:1572
- C:\Windows\System\wIvEShe.exe
  C:\Windows\System\wIvEShe.exe
  2⤵
  PID:8396
- C:\Windows\System\ehEqFPm.exe
  C:\Windows\System\ehEqFPm.exe
  2⤵
  PID:8464
- C:\Windows\System\RoJjZua.exe
  C:\Windows\System\RoJjZua.exe
  2⤵
  PID:8792
- C:\Windows\System\OTFWyRJ.exe
  C:\Windows\System\OTFWyRJ.exe
  2⤵
  PID:8652
- C:\Windows\System\CgoLnJN.exe
  C:\Windows\System\CgoLnJN.exe
  2⤵
  PID:8856
- C:\Windows\System\qmGKRHk.exe
  C:\Windows\System\qmGKRHk.exe
  2⤵
  PID:8908
- C:\Windows\System\ljyonrY.exe
  C:\Windows\System\ljyonrY.exe
  2⤵
  PID:8324
- C:\Windows\System\QbCFlxP.exe
  C:\Windows\System\QbCFlxP.exe
  2⤵
  PID:8504
- C:\Windows\System\EGzcFtq.exe
  C:\Windows\System\EGzcFtq.exe
  2⤵
  PID:8756
- C:\Windows\System\XbuZsJZ.exe
  C:\Windows\System\XbuZsJZ.exe
  2⤵
  PID:9108
- C:\Windows\System\iPKYllx.exe
  C:\Windows\System\iPKYllx.exe
  2⤵
  PID:8476
- C:\Windows\System\vyQcnfu.exe
  C:\Windows\System\vyQcnfu.exe
  2⤵
  PID:8740
- C:\Windows\System\JUXyTFd.exe
  C:\Windows\System\JUXyTFd.exe
  2⤵
  PID:8568
- C:\Windows\System\oYgNGnU.exe
  C:\Windows\System\oYgNGnU.exe
  2⤵
  PID:8216
- C:\Windows\System\VcwxwBf.exe
  C:\Windows\System\VcwxwBf.exe
  2⤵
  PID:8812
- C:\Windows\System\PTJVSnV.exe
  C:\Windows\System\PTJVSnV.exe
  2⤵
  PID:9220
- C:\Windows\System\OLUQZul.exe
  C:\Windows\System\OLUQZul.exe
  2⤵
  PID:9240
- C:\Windows\System\WfOYfWw.exe
  C:\Windows\System\WfOYfWw.exe
  2⤵
  PID:9256
- C:\Windows\System\wJLFbUs.exe
  C:\Windows\System\wJLFbUs.exe
  2⤵
  PID:9284
- C:\Windows\System\mWdLWvW.exe
  C:\Windows\System\mWdLWvW.exe
  2⤵
  PID:9300
- C:\Windows\System\jLmVZoM.exe
  C:\Windows\System\jLmVZoM.exe
  2⤵
  PID:9316
- C:\Windows\System\dspuwbV.exe
  C:\Windows\System\dspuwbV.exe
  2⤵
  PID:9340
- C:\Windows\System\uNqMYuu.exe
  C:\Windows\System\uNqMYuu.exe
  2⤵
  PID:9360
- C:\Windows\System\KWtdRTq.exe
  C:\Windows\System\KWtdRTq.exe
  2⤵
  PID:9376
- C:\Windows\System\Cqvclnb.exe
  C:\Windows\System\Cqvclnb.exe
  2⤵
  PID:9392
- C:\Windows\System\ohOfygn.exe
  C:\Windows\System\ohOfygn.exe
  2⤵
  PID:9416
- C:\Windows\System\wMKmHIW.exe
  C:\Windows\System\wMKmHIW.exe
  2⤵
  PID:9436
- C:\Windows\System\jqnuajW.exe
  C:\Windows\System\jqnuajW.exe
  2⤵
  PID:9460
- C:\Windows\System\hxZsvEG.exe
  C:\Windows\System\hxZsvEG.exe
  2⤵
  PID:9484
- C:\Windows\System\wQeOvKS.exe
  C:\Windows\System\wQeOvKS.exe
  2⤵
  PID:9500
- C:\Windows\System\JMMpGQT.exe
  C:\Windows\System\JMMpGQT.exe
  2⤵
  PID:9520
- C:\Windows\System\aeFiQiu.exe
  C:\Windows\System\aeFiQiu.exe
  2⤵
  PID:9540
- C:\Windows\System\DOhncQu.exe
  C:\Windows\System\DOhncQu.exe
  2⤵
  PID:9560
- C:\Windows\System\ipKFQjj.exe
  C:\Windows\System\ipKFQjj.exe
  2⤵
  PID:9576
- C:\Windows\System\lcSQvWe.exe
  C:\Windows\System\lcSQvWe.exe
  2⤵
  PID:9592
- C:\Windows\System\vpscUtI.exe
  C:\Windows\System\vpscUtI.exe
  2⤵
  PID:9612
- C:\Windows\System\nSviZqr.exe
  C:\Windows\System\nSviZqr.exe
  2⤵
  PID:9632
- C:\Windows\System\PyJLvRU.exe
  C:\Windows\System\PyJLvRU.exe
  2⤵
  PID:9652
- C:\Windows\System\GUOqqhx.exe
  C:\Windows\System\GUOqqhx.exe
  2⤵
  PID:9676
- C:\Windows\System\brqDxEq.exe
  C:\Windows\System\brqDxEq.exe
  2⤵
  PID:9700
- C:\Windows\System\SRyKSQc.exe
  C:\Windows\System\SRyKSQc.exe
  2⤵
  PID:9716
- C:\Windows\System\ZzrnGCu.exe
  C:\Windows\System\ZzrnGCu.exe
  2⤵
  PID:9792
- C:\Windows\System\yYLznCo.exe
  C:\Windows\System\yYLznCo.exe
  2⤵
  PID:9808
- C:\Windows\System\mWggUAW.exe
  C:\Windows\System\mWggUAW.exe
  2⤵
  PID:9824
- C:\Windows\System\UFJUnCV.exe
  C:\Windows\System\UFJUnCV.exe
  2⤵
  PID:9852
- C:\Windows\System\EZjRJKF.exe
  C:\Windows\System\EZjRJKF.exe
  2⤵
  PID:9868
- C:\Windows\System\bAUKgAM.exe
  C:\Windows\System\bAUKgAM.exe
  2⤵
  PID:9884
- C:\Windows\System\UqQycpm.exe
  C:\Windows\System\UqQycpm.exe
  2⤵
  PID:9900
- C:\Windows\System\FNYzJnc.exe
  C:\Windows\System\FNYzJnc.exe
  2⤵
  PID:9924
- C:\Windows\System\oUvXWVn.exe
  C:\Windows\System\oUvXWVn.exe
  2⤵
  PID:9940
- C:\Windows\System\GjmOdjn.exe
  C:\Windows\System\GjmOdjn.exe
  2⤵
  PID:9956
- C:\Windows\System\fzTiWoA.exe
  C:\Windows\System\fzTiWoA.exe
  2⤵
  PID:9976
- C:\Windows\System\KMfiCxG.exe
  C:\Windows\System\KMfiCxG.exe
  2⤵
  PID:10004
- C:\Windows\System\AeBdCVS.exe
  C:\Windows\System\AeBdCVS.exe
  2⤵
  PID:10020
- C:\Windows\System\CskUpPZ.exe
  C:\Windows\System\CskUpPZ.exe
  2⤵
  PID:10036
- C:\Windows\System\gdYAapJ.exe
  C:\Windows\System\gdYAapJ.exe
  2⤵
  PID:10056
- C:\Windows\System\AIGBhTI.exe
  C:\Windows\System\AIGBhTI.exe
  2⤵
  PID:10076
- C:\Windows\System\hCmvBHL.exe
  C:\Windows\System\hCmvBHL.exe
  2⤵
  PID:10092
- C:\Windows\System\NXumFOw.exe
  C:\Windows\System\NXumFOw.exe
  2⤵
  PID:10108
- C:\Windows\System\gEVgRYs.exe
  C:\Windows\System\gEVgRYs.exe
  2⤵
  PID:10124
- C:\Windows\System\QxckSpT.exe
  C:\Windows\System\QxckSpT.exe
  2⤵
  PID:10148
- C:\Windows\System\YBgBcBR.exe
  C:\Windows\System\YBgBcBR.exe
  2⤵
  PID:10164
- C:\Windows\System\IBIZBmE.exe
  C:\Windows\System\IBIZBmE.exe
  2⤵
  PID:10180
- C:\Windows\System\kHNXycs.exe
  C:\Windows\System\kHNXycs.exe
  2⤵
  PID:10200
- C:\Windows\System\ahpszHJ.exe
  C:\Windows\System\ahpszHJ.exe
  2⤵
  PID:10224
- C:\Windows\System\jNjsgaf.exe
  C:\Windows\System\jNjsgaf.exe
  2⤵
  PID:9336
- C:\Windows\System\JSKIcTX.exe
  C:\Windows\System\JSKIcTX.exe
  2⤵
  PID:9388
- C:\Windows\System\TOPLRgj.exe
  C:\Windows\System\TOPLRgj.exe
  2⤵
  PID:9424
- C:\Windows\System\xAYRbho.exe
  C:\Windows\System\xAYRbho.exe
  2⤵
  PID:9444
- C:\Windows\System\pbypiHD.exe
  C:\Windows\System\pbypiHD.exe
  2⤵
  PID:9468
- C:\Windows\System\dApUwtp.exe
  C:\Windows\System\dApUwtp.exe
  2⤵
  PID:9492
- C:\Windows\System\UjzhORR.exe
  C:\Windows\System\UjzhORR.exe
  2⤵
  PID:9548
- C:\Windows\System\yfgfhSt.exe
  C:\Windows\System\yfgfhSt.exe
  2⤵
  PID:9572
- C:\Windows\System\WFeivDG.exe
  C:\Windows\System\WFeivDG.exe
  2⤵
  PID:9628
- C:\Windows\System\UqUDMIv.exe
  C:\Windows\System\UqUDMIv.exe
  2⤵
  PID:9648
- C:\Windows\System\xojLgiJ.exe
  C:\Windows\System\xojLgiJ.exe
  2⤵
  PID:9640
- C:\Windows\System\UXBDZdQ.exe
  C:\Windows\System\UXBDZdQ.exe
  2⤵
  PID:9696
- C:\Windows\System\FuZNKqY.exe
  C:\Windows\System\FuZNKqY.exe
  2⤵
  PID:9740
- C:\Windows\System\zOuWdAY.exe
  C:\Windows\System\zOuWdAY.exe
  2⤵
  PID:9832
- C:\Windows\System\BEzOcNw.exe
  C:\Windows\System\BEzOcNw.exe
  2⤵
  PID:9860
- C:\Windows\System\CagLpGD.exe
  C:\Windows\System\CagLpGD.exe
  2⤵
  PID:9920
- C:\Windows\System\loYAYtU.exe
  C:\Windows\System\loYAYtU.exe
  2⤵
  PID:9984
- C:\Windows\System\qVcosBw.exe
  C:\Windows\System\qVcosBw.exe
  2⤵
  PID:10028
- C:\Windows\System\dDLnLzD.exe
  C:\Windows\System\dDLnLzD.exe
  2⤵
  PID:10136
- C:\Windows\System\LjYQjnX.exe
  C:\Windows\System\LjYQjnX.exe
  2⤵
  PID:10208
- C:\Windows\System\KXRYLxf.exe
  C:\Windows\System\KXRYLxf.exe
  2⤵
  PID:10052
- C:\Windows\System\CwnGyom.exe
  C:\Windows\System\CwnGyom.exe
  2⤵
  PID:10012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BxlRMsd.exe

Filesize
6.0MB

MD5
2b34919cae38a4b5b874e4a8a68e64f1

SHA1
04b51d33fc37d6d1b16c629428d130f23e992a1b

SHA256
de51992037c109c40792ffc2be375ac53f84126e1ad5f61cc751225f03b43406

SHA512
00590fb670567661923de82644dd39bfe0b0c101d4bac344d0bc72f9bf92356d3c5ab1ffc6f32b6379879113ba4e349cfd6cb45cb8bf953f312a6a643581fc65

Download Submit
C:\Windows\system\DdfMkhl.exe

Filesize
6.0MB

MD5
0dfab626e826295d5f2a79cccf1daa9c

SHA1
c106df91a5c0123fb96214ff51921b95e57c2f22

SHA256
8b25a207dd283d042e81ed5ca053c2cb9d86a38489555ac41972d4493b143561

SHA512
82ae3cce4e12c4a950b127616dc7bb592381e7d034fcf7563e1b9930b436c8ec48b23a9d93ba6d4469a2eb02a7c31d85b8576bdcfda171b5d31d251576bc92ae

Download Submit
C:\Windows\system\EVQYPuj.exe

Filesize
6.0MB

MD5
1b654b035d903c4fded2780710f36f83

SHA1
a96c888934e929b37695c7ba58d3ca4beba5415a

SHA256
23f3a11f6bc34b17f1775eb89480d038171875fd7cc658be5d7563e9e456998b

SHA512
0dd16a80d8aff34c537e216c852749ac0e479f601a6e1b38ef70e14231f877a9760aceb289d4575c8d2ca6474aaa4ebd1eedfddce96bd0124cc17f4cdde0018e

Download Submit
C:\Windows\system\FPfycrV.exe

Filesize
6.0MB

MD5
16bf4584d04d039a2e7503c1155c4661

SHA1
be408f34824650317dd63cc5e8ea204e236b05ec

SHA256
039915816b9e11f90899522a5f8e9553d803263b6e202007645e9ff167028b30

SHA512
80076369d40d83bcc5ebeca21daad540b1e361e0d12ee5fb59c5742bbc7712060c3aa89b49c63ac9758551d3ef70d806193dedff3bdb477170f325ed545013e3

Download Submit
C:\Windows\system\FeNeUpx.exe

Filesize
6.0MB

MD5
daf8db9d9ca717e0226f7a28f4020b3f

SHA1
8df50561574e47f8e21bebc655cf10a6dcad443f

SHA256
9d1f8a89c6b3d2c5af0c17c72f8b4ee1b026d64a5d6428e4c52c5d18301341e8

SHA512
0aa1216c6912256e3638c55ff8c6d225f28dcd0b1229b096d322baaae3dd72ffec33c1d834dacdad48c033517e87b9d55b0f902f5586221cd8edb318f3dc181b

Download Submit
C:\Windows\system\HvnvSeS.exe

Filesize
6.0MB

MD5
6475a199a84998ebfe8c1a54fe9fd8e9

SHA1
8a6a17cd57ad8a25517082fec3083fba2c556cdc

SHA256
8c744b6b477c44e257c2d11fc9a32838c94b8f2febbe087d9d185662cd382961

SHA512
0b249063391d7db2f0ad0f9a517050832457f1dd4d0d4beb3afb9701a231af2f2e2a9a023ac9a56b4d7d89a1e831ba7203383e7964574f59d984520f66794bc3

Download Submit
C:\Windows\system\JNpbUQO.exe

Filesize
6.0MB

MD5
e57be2db232f5d926672e0a9a536a75b

SHA1
8b6a76b077df71248356904a410d4ddf635523c5

SHA256
0b4ad5d26a462a10275e8daaa7d57aeb24963efb62f25ef5f0cea2bab53e6176

SHA512
1600389c902ad6d17c5824eb826d8641e4062dbf405ac90642d28fcb7c47daff3df1fb87935256a291cd3792e18aa44668296d29d198c0a04daf15fbdefd6df8

Download Submit
C:\Windows\system\MIoKRNm.exe

Filesize
6.0MB

MD5
f9aa3e89233fa38af5879f033885e1f9

SHA1
0639066be8b67bbb364516b6e5d0da9be8dc40b0

SHA256
cedfb0bb7c3a0c0154d948c03e56ded12c74f00f16671a44b3948d87d07614ec

SHA512
a7fc4430a52643f24242d7da3295f5ce1556eed481cfc56a99b3416221ef09475a1319aa5e38c72a9b38fd8a86384285df0f351ad5589f75cabcd9a2081cccb3

Download Submit
C:\Windows\system\NIWnLEl.exe

Filesize
6.0MB

MD5
433c0e003417be41631c8e64d9cf0759

SHA1
2f4b4aa386c9632765af0d43cf16e7c82cbc3019

SHA256
745ab65e5dc14d2a1a7db3ec56b5d6c992d453fc08885ecb59278923b03136cb

SHA512
10ecd6bd7f7df9fb5f3fa849e8a8bd59228a963ca46dd5345c8c28a26a9c475fb8e617b6e1b1e41d299acf1909116009999f8e87258665928357c53948648d6d

Download Submit
C:\Windows\system\OMzvHBz.exe

Filesize
6.0MB

MD5
a1414b7fdf1aa060b4678c6a17b038ca

SHA1
9625b589693745435056e259052796f2d354d2f1

SHA256
af7315d39a2014fbe9cf2b252c5f76cc9c693af49d7dfcd23df29c9c7f81df38

SHA512
f8edc6b3e04a87bf78ba418868737466ca283416fa5ff6a94237cd01e542b2ea83803b07e035fd9ff287aa3a10333f761dd2300087f5b91b123d4f6b21f24024

Download Submit
C:\Windows\system\QGeIjkJ.exe

Filesize
6.0MB

MD5
96a47ecef7af7b728a19bd350ab1c452

SHA1
f57f0eacadd46ead76f301d52c192cef483d9893

SHA256
7206791d6c6beccb7e961a3c8d365e8c88eb42287eadc9971708cf5fe9116d6f

SHA512
777023afd6a3a9e9cd54c1ca9c74449d8f6bbf4ecf6f8e27fb2b9789532162a9dd48c8411f8223aa501761f6959f39eba08450782ef63e23498cde1422dfb9c4

Download Submit
C:\Windows\system\TXwapvD.exe

Filesize
6.0MB

MD5
b36f0e4935b4972371716ba7d9b9090e

SHA1
90aadde1ef099730f6375d0d6b21dfcffa9305eb

SHA256
b71fa1efe24f82ff5477f4691938e863929575809ff1289c693cf579c9a0e623

SHA512
e16017b5827ba15e48f0d035913d0846f7bd0dce54a7aeae2f479ca27ae3a2490d4f3b9fe1973a0627bbb7ef00689a7e48eacf64c4d662b9f560b671078c011f

Download Submit
C:\Windows\system\TkQKneY.exe

Filesize
6.0MB

MD5
45506c2179e25fa5c60c6c97aab5e3ad

SHA1
c2624615da53a884fb7c1598234beb9b71a1acb1

SHA256
2169793d5fa4312809e78570244fe79a60eb7e3f8bf4f29131b375b557bc0280

SHA512
ff4b8fff793c1a4141cdf32a9de24ab128812420236789667e7a8b9216213aed48315f29cc3f4e5df9b779978a45ad5b59bbd5979eb08ca8f5a1b17bbf88d6ca

Download Submit
C:\Windows\system\UQyfTda.exe

Filesize
6.0MB

MD5
577fc834c3859964599b50bdb97f7ccd

SHA1
dfca4c9b9af17d527a47333c2eb62b9f12e5b2b2

SHA256
90481fb1e3611046dbf33b95d9b1b5b9f14ef040a67e735c49269b09c5d89ffb

SHA512
3497aea96fc94951ebaa9a5a310a78fe31ef817bace436a0c2a4c095ac47de68e996b5347807cbe425a1b7ce172119d22186c604419c28c36e163ba456044c32

Download Submit
C:\Windows\system\XKhpVqg.exe

Filesize
6.0MB

MD5
7015cf9352bdd4f097ffe2808ddab27d

SHA1
775c7259c37eddf6d228168308806dad1534adbc

SHA256
35c1232f027a7354ecf9c41efc28a1b461df796918528120ee205600536f23db

SHA512
0af442e4d200588c7e22d79429023fb2b03f8c2e04829b0c220c31a3e8800afe326dfb3dbc35da47a99eae0b9e72923fe2e7a311595a9c1c1b997b71fc2bf0d0

Download Submit
C:\Windows\system\YOyfKlh.exe

Filesize
6.0MB

MD5
6918a9a45ed06ab62458adc9c728a0a0

SHA1
60d1e6cf8967edce0b8052539d2b7d2f52b0a5bc

SHA256
65a678ccf2599f2afd70becbb73c5cac4de2a0a4b1419dfdb6af25aa62d02ece

SHA512
2cdede4046d4234d96f9f5e4133edebccdc2bc3c3128a6d557353d35ccb8e7f0360bb8a3e691c14d2fd776ce7f302d6c9ba3c44e1088d7d99c8ba0ef753816a9

Download Submit
C:\Windows\system\ZcYRXCP.exe

Filesize
6.0MB

MD5
d76eefe63a9e190c6a46aa70de3d818a

SHA1
946c7705a297d74c3eab694e367bd1b11c20da80

SHA256
2ffc259ce85f2a6a6e64d2a9a845abfba619958d4de67ea2fca93d51a4923e23

SHA512
ab9d143c0af52863492f0efa938442826e40fb03db917d832701dffc6f7dff692ce9da77451dd0aabc858f2951f2aff79f811fef416b1f1426e82459e12f6fd0

Download Submit
C:\Windows\system\duVPDzw.exe

Filesize
6.0MB

MD5
c18ca532736617ed2550410a53052db3

SHA1
b7e1616364ce1f03eace695a759c81ad60070135

SHA256
e5282489148b8a4f46f45efa173f1c8303f7903fe88285f1c2c7d07000f16e7e

SHA512
a57543ea71ce26d06f6cf5b3313517162112b11d6591fc59c2ca149e06d5314fa2ea1ca02d98c534f5049ce73be385531f94e2927d1d6ed22c4b9933a8586742

Download Submit
C:\Windows\system\eUJWQvW.exe

Filesize
6.0MB

MD5
fd64e52201abb2f1db049e1095cf597b

SHA1
2aa5858823deaff50baad561fa25dff54e1aa3ba

SHA256
2a55a477e28f148fcaac0ef525b2e856ec39ed97e5e11042a1b27cc59fbf5a70

SHA512
6c28567c07ac4e2059cefb58293a3bbab519fd6589943b25be5905f736da6bf35bfa1110e4daf1f4b20f366ff449a5c964d7e68fd986fb8c7832ab2ba7812616

Download Submit
C:\Windows\system\hddRQcu.exe

Filesize
6.0MB

MD5
42d36743c0d4520649fb5f9e603c622d

SHA1
b591d1709e695c8c713c8b2c4f91c8a759963166

SHA256
8fecf67a99714e92204dcf73d1812b7c74a1f7d4cf4751fd3e5c023e91de8232

SHA512
8ea1ce11f2b26eec103b468bd5c3919f25ae3e4836a63b1e0f555e4287fa3afb676170d11e56353270a1a3f458032d900a224fcab9c8fae632b5d53f47e0a56f

Download Submit
C:\Windows\system\joHxgRU.exe

Filesize
6.0MB

MD5
6f8a55af54f2040c9c9eaf0b2737c6bf

SHA1
3dfda746ffbb6f27ec515fc1614e426e9a804524

SHA256
07a6e5a0228f917211949cd82a8bc5352815242755c69aa6070f882c362c4301

SHA512
495141ca350c98c4cdde38b6e10009c7299da6e41b95b6669f73a597a3a1e83d12361529538a98771a1923c4d3dff44473f2d8717d9d4671e0709b5afa19f281

Download Submit
C:\Windows\system\mEHthec.exe

Filesize
6.0MB

MD5
cabe4f016c048c23906530bac2dbc30e

SHA1
458086869da508b0689778555c1e98977b1df487

SHA256
6c2319c478d78abd934c570520c7db9037955137f1e62b2abca93ae235157c81

SHA512
625b2669a8d263872de3b059d5818e2db9298b3579b0c7f5b5e2eb2e0041c2af3f5e4bbff232b0235349a4cfa29d2462bce371916884df0d5dc2c8ee0d0648eb

Download Submit
C:\Windows\system\owMMBHs.exe

Filesize
6.0MB

MD5
2956c3219a7323cb8a6b88117fb66f15

SHA1
e56a94d0a7da7aed937b838c0f77dd322c0dc2c4

SHA256
11089efbcf89fd015cf2ddb7217c41de8b50ed3c9a6b05ed5624d8506a1acd55

SHA512
3cea86c753e094247703776b6e54ff4368a27d392cd8cb7ceaaff434158a794d3a39f07a75262d2db4773eef26fcf23787840cd77f1d0ff070d31cea2d54a068

Download Submit
C:\Windows\system\pUnJdlB.exe

Filesize
6.0MB

MD5
f330e17f232f80caec5ff4dff54a53b7

SHA1
d68d4af5c2785dcd9eff455f657ed6666ef64f59

SHA256
1c6876274617b20c0c6a290d93c372374c2a5ee0c1b82f6380e562aeca8e5b4d

SHA512
222b2cc8c43b1bec430c5aeb3eb13d2480627f1c113d5e2efd66960a0d5896d03e5e587f3f7854009c2c7ba2195b14c6519b0de1e838da25248ac7bdbe29f41a

Download Submit
C:\Windows\system\rUTlxrq.exe

Filesize
6.0MB

MD5
8d0bc2745bf16949cc5f39f4b9a458bf

SHA1
46bf9c4c3b137668a948e1255e6f3d1cf69c149d

SHA256
1575cf39d88b4593f1b193a8d2b91dfb11e2988fb79581e85a3ab9c3eb5d3009

SHA512
56c11dcb9a91597ebaf797447c2b7bd130b3d23c28f9f3eb93f8dcc6483b4f14ce8d3c189eb994a59d7b5ba8572cc296ec24e334dd7ae64e8e24e7681abde908

Download Submit
C:\Windows\system\sUAStGp.exe

Filesize
6.0MB

MD5
ed948c3dd885a8346a07954e6d424069

SHA1
0db890a0714163706af1bb2d5fb773856313e996

SHA256
fabe2fcf85c757dec548f552c9be37020229e064a3bcaba6d25ddb03cb0ebfef

SHA512
ba1ea3ce791cd6e1f66c14f41851b87c6e6d8fd0e702b6d4421ec57ea460a615ea77bddfbb7152cc86bdbc53a1268d49a3b17286fb46bac5ad1187172e652b61

Download Submit
C:\Windows\system\uAUOrEI.exe

Filesize
6.0MB

MD5
3d4970330687568301d9e23b45cb1585

SHA1
6e75d149432d9c27e7c386ba4ead88ae229872a5

SHA256
2c06e81640b8cf594e7b2ebe82ee35024e1d4b8e29e33553157dde29ddad0e11

SHA512
a7074a487bc42906081a2acfec0041f45e9f2a7fc52137fd5edd6423ac186c0ab6b2214b47397f1c3d7bcf6b7f71253c7661ed3987a9c8ab51cec3157293e2f5

Download Submit
C:\Windows\system\vBvZCMc.exe

Filesize
6.0MB

MD5
c3e2d1358128d13e777e89f1473d74cc

SHA1
fdc75cff160cce8bc44c60de6ae00844989ff2fc

SHA256
f139c49cf497e2ba10b5fb6a5c2bc503e8c70920e085f3ab1e43c7d5c5ac6398

SHA512
e3dc3040913a3a1419c8d6b633d0fa10d04be7f4260c161ceec0c439bc454f90d96f2a2bbc4a73004370ca94db52a4905f6d9838511f933b48c6958432d8e0be

Download Submit
C:\Windows\system\vechcMR.exe

Filesize
6.0MB

MD5
76f340b0ce419e05a4e7dbe2925dfb9e

SHA1
8a6c8c8482ca6c9f7873a35b4af79d3d0057d03d

SHA256
d3b42077d92cff8872182c8ff7da3ab70266767ce9498f73c3e7aab07693b324

SHA512
9fd7acec63b47129c6350dddc983c7cd2312e7d4e6716b34fdd31595a36b654ccd7896cb9bda34bd9f9194782e8ca4a099025342b899272d8e484790ce845649

Download Submit
C:\Windows\system\xNpTqHu.exe

Filesize
6.0MB

MD5
a8161c92762adc7f0ecce34d78d42b31

SHA1
a963f35835992f754b80709df3b49993d35c4959

SHA256
01ee87c0890513e569bb98651c5991ce26c5bca04d6c677be1d3048fc875fc07

SHA512
2d6839958b3e3492e4d1e71253bb91288f68ffa5d4b94333c19b62a5649d4c7c13dec4d79435b12f8299c5ec39ad5435dd066aef35422c67dab7bd25f59a4609

Download Submit
\Windows\system\SWbkClM.exe

Filesize
6.0MB

MD5
3b8d1c5a49450d4878407ab1403e4ba9

SHA1
24849a0aa4c38c0d02370a78b19761477fc244de

SHA256
cfa31cfe9f6e7074429ebc90a3bbee6c3d4a3ed4769d96255a5ef6b909146a63

SHA512
137bd1d23528ae1bdad02003f8e666ef02f4701580d6c16fda918efb8bd7118625dbf598258727fe476f107476b7d233a5350db4d6695ddc1b128eb07ee11349

Download Submit
\Windows\system\qSGZwot.exe

Filesize
6.0MB

MD5
40bac29fefe2c84ac51f5f8ae54405d6

SHA1
cb2e6a8734b48651eb0ccbc431a626960d9c106e

SHA256
bcf233e66e68508110f9d6d2275ba53716cd64c1753ec35806d539fdf9fc2042

SHA512
b13b31a0d13ea32c327ad71bd5eb6fc6b5ce6c64259fa7e5f1d0375bc838c785c0b469164bb1942b33d7cd274453de23f2ac9a6994145dcb5c6f8ac8181b20a5

Download Submit
memory/592-4029-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/592-72-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/592-741-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/944-103-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/944-4033-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/1168-96-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1168-4031-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1344-15-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/1480-4030-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1480-92-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1716-101-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-94-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1716-0-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/1716-587-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1716-586-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-598-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1716-745-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1716-1037-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-1504-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-1036-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1716-90-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1716-50-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1716-63-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-32-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/1716-100-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-19-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1716-49-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/1716-65-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1716-81-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/1716-42-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/1716-36-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-71-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1716-6-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-69-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1716-105-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-64-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-4027-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-4026-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2612-54-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2620-62-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2620-4028-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2632-34-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2632-4023-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2640-14-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2688-4025-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2688-43-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2816-4022-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2816-77-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2816-21-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2824-4024-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2824-35-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2844-102-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2844-4032-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download