cobaltstrike | d3be73bb762ad2663ce7fe98ae44d46438d64eb54d1c920cf81c5d06b37118b3

Analysis

max time kernel
142s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-12-2024 06:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

f71ea6ec4f086abbf4f42dbef1702736
SHA1

b8d38a5da49418f957b2f4024eecb80835b369f6
SHA256

d3be73bb762ad2663ce7fe98ae44d46438d64eb54d1c920cf81c5d06b37118b3
SHA512

11a8edd9dce4c1252c7276d7029057ce0c49b9fadb3b71d7eef1a5fa6e1344d907c8ea4131d59b7d7f2f15a5bf549a06edebbe20d7165ffabb312383cf92ece9
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUh:T+q56utgpPF8u/7h

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001202a-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019284-8.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000192a9-15.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019379-21.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001939d-33.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193a4-43.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-68.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dd7-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fbc-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dcb-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d3d-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c58-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c54-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c73-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c56-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000199b9-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001970b-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967f-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196c0-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962b-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963b-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-90.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193ac-57.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019261-52.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195e6-49.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2528-0-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x000a00000001202a-6.dat	xmrig
behavioral1/files/0x0008000000019284-8.dat	xmrig
behavioral1/files/0x00070000000192a9-15.dat	xmrig
behavioral1/memory/2028-14-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x0006000000019379-21.dat	xmrig
behavioral1/memory/2684-26-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/files/0x000600000001939d-33.dat	xmrig
behavioral1/memory/2072-27-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x00060000000193a4-43.dat	xmrig
behavioral1/memory/2912-64-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x000500000001961d-68.dat	xmrig
behavioral1/memory/2616-71-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2684-75-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2028-74-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x000500000001961f-72.dat	xmrig
behavioral1/memory/2528-70-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2104-63-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2528-62-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2732-61-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2808-60-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2072-81-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/1704-82-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x0005000000019621-83.dat	xmrig
behavioral1/files/0x0005000000019623-92.dat	xmrig
behavioral1/memory/2528-163-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019dd7-181.dat	xmrig
behavioral1/memory/2528-619-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2968-234-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019fbc-184.dat	xmrig
behavioral1/files/0x0005000000019dcb-176.dat	xmrig
behavioral1/files/0x0005000000019d62-173.dat	xmrig
behavioral1/files/0x0005000000019d3d-168.dat	xmrig
behavioral1/files/0x0005000000019c58-167.dat	xmrig
behavioral1/files/0x0005000000019c54-142.dat	xmrig
behavioral1/memory/2832-162-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2692-161-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2528-159-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/268-158-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2648-157-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c73-155.dat	xmrig
behavioral1/files/0x0005000000019c56-148.dat	xmrig
behavioral1/files/0x00050000000199b9-141.dat	xmrig
behavioral1/files/0x000500000001970b-139.dat	xmrig
behavioral1/files/0x000500000001967f-136.dat	xmrig
behavioral1/files/0x00050000000196c0-132.dat	xmrig
behavioral1/files/0x000500000001962b-108.dat	xmrig
behavioral1/files/0x0005000000019627-100.dat	xmrig
behavioral1/files/0x000500000001963b-115.dat	xmrig
behavioral1/files/0x0005000000019629-107.dat	xmrig
behavioral1/files/0x0005000000019625-98.dat	xmrig
behavioral1/files/0x0005000000019622-90.dat	xmrig
behavioral1/files/0x00060000000193ac-57.dat	xmrig
behavioral1/memory/2968-54-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x0008000000019261-52.dat	xmrig
behavioral1/files/0x00060000000195e6-49.dat	xmrig
behavioral1/memory/2832-34-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2104-10-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2104-1947-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2028-1956-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2684-1964-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2072-1982-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2832-1992-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2732-2000-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2104	lqyVNBE.exe
2028	FPHTbBd.exe
2684	jbuMgYF.exe
2072	LLZxWws.exe
2832	RXWDbnO.exe
2968	sYqmXnN.exe
2808	YPZrBOy.exe
2732	VKMqvXY.exe
2912	VFMUwqR.exe
2616	oQAqOdV.exe
1704	gKuxezt.exe
2648	baorXdg.exe
268	FQjYRDH.exe
2692	mfXKJrM.exe
1992	AzSHkrn.exe
1400	IOheLtu.exe
592	CJktjJY.exe
532	dFLITAS.exe
1452	jcpjukA.exe
1964	iPrfBOZ.exe
1560	FeNksAZ.exe
1696	wqVhckv.exe
2128	NyeWOJo.exe
2196	ZoxlzMY.exe
2052	SaNTwxA.exe
1036	GhzkkKV.exe
3048	wttSnRv.exe
1616	bJxLHUj.exe
552	WnJekbE.exe
1864	BZoqkpZ.exe
448	OoSCuRe.exe
2940	wbImLIO.exe
696	rrTwwZH.exe
956	CFRWcYL.exe
996	XHmPVGW.exe
1784	VSimHtf.exe
1428	CCVHzBW.exe
2112	aUWKOQl.exe
1720	Hgmhomc.exe
1356	pMUlQMQ.exe
2152	XQuNqgo.exe
1252	GUgzDYV.exe
912	MygmlAU.exe
272	ACZocLh.exe
2184	SjFUQmG.exe
1832	PBllaEu.exe
2484	fexinTo.exe
2280	CNtQPSU.exe
1780	DgIMutk.exe
2308	WkVZUhg.exe
2932	jUifmPV.exe
2360	ubpllxX.exe
1424	PwpdkLc.exe
2964	GNxfzDh.exe
1940	QbSolMI.exe
2544	JexIamm.exe
3028	BtoIYTs.exe
2320	buEXjCt.exe
1520	VXmQCUy.exe
1632	dwQFcWi.exe
1620	mbEImOl.exe
2536	XKoMFne.exe
2412	JXyZrzw.exe
2900	wlAlzfj.exe

Loads dropped DLL 64 IoCs

pid	Process
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2528-0-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/files/0x000a00000001202a-6.dat	upx
behavioral1/files/0x0008000000019284-8.dat	upx
behavioral1/files/0x00070000000192a9-15.dat	upx
behavioral1/memory/2028-14-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x0006000000019379-21.dat	upx
behavioral1/memory/2684-26-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/files/0x000600000001939d-33.dat	upx
behavioral1/memory/2072-27-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x00060000000193a4-43.dat	upx
behavioral1/memory/2912-64-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x000500000001961d-68.dat	upx
behavioral1/memory/2616-71-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2684-75-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2028-74-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x000500000001961f-72.dat	upx
behavioral1/memory/2104-63-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2528-62-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2732-61-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2808-60-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2072-81-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/1704-82-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x0005000000019621-83.dat	upx
behavioral1/files/0x0005000000019623-92.dat	upx
behavioral1/files/0x0005000000019dd7-181.dat	upx
behavioral1/memory/2968-234-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x0005000000019fbc-184.dat	upx
behavioral1/files/0x0005000000019dcb-176.dat	upx
behavioral1/files/0x0005000000019d62-173.dat	upx
behavioral1/files/0x0005000000019d3d-168.dat	upx
behavioral1/files/0x0005000000019c58-167.dat	upx
behavioral1/files/0x0005000000019c54-142.dat	upx
behavioral1/memory/2832-162-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2692-161-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/268-158-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2648-157-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x0005000000019c73-155.dat	upx
behavioral1/files/0x0005000000019c56-148.dat	upx
behavioral1/files/0x00050000000199b9-141.dat	upx
behavioral1/files/0x000500000001970b-139.dat	upx
behavioral1/files/0x000500000001967f-136.dat	upx
behavioral1/files/0x00050000000196c0-132.dat	upx
behavioral1/files/0x000500000001962b-108.dat	upx
behavioral1/files/0x0005000000019627-100.dat	upx
behavioral1/files/0x000500000001963b-115.dat	upx
behavioral1/files/0x0005000000019629-107.dat	upx
behavioral1/files/0x0005000000019625-98.dat	upx
behavioral1/files/0x0005000000019622-90.dat	upx
behavioral1/files/0x00060000000193ac-57.dat	upx
behavioral1/memory/2968-54-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x0008000000019261-52.dat	upx
behavioral1/files/0x00060000000195e6-49.dat	upx
behavioral1/memory/2832-34-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2104-10-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2104-1947-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2028-1956-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2684-1964-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2072-1982-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2832-1992-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2732-2000-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2912-2011-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2616-2027-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2808-2017-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2968-2016-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BbISUQO.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QonnkJg.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cpUZOGd.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kltiHzM.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGxBRVT.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChSGktP.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HQlMvyC.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fWQeoTN.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVrGkLd.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RxPmYdF.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXYYoeY.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\apBSDHk.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hNmJKQZ.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mftooPi.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MIqYcon.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xobUtBO.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gVjesTC.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vJwmigt.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnBqqYa.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hVnHrZv.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UbqOMzW.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxCxSwj.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cTVhQHA.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPYDTxD.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPfNXZu.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMBtNCM.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UmADjxW.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BIQgdUq.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nsEFEhr.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAMfIyd.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jvsWTaV.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ckQNdrW.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqkWCiI.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FzmzRyR.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COqoSgP.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qSsCYux.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GYiQGvI.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lCebrtj.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrwhXfs.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrSUsiK.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GPpfhJB.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpoUChp.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AEqeiad.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YwOoBUX.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYMlcbi.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XkpLala.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YFpxfHX.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PAXjVMJ.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dretJgE.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UCXFrfC.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdPiVaP.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lBGLhwf.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zEMaGli.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EBYdUwE.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eJPXcNb.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hRwAPbe.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DiMGNeX.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bJxLHUj.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LwBrwLD.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kZHxary.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wesifkm.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PFPbkqW.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WajYzCE.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rOnjllm.exe	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 2104	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2528 wrote to memory of 2104	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2528 wrote to memory of 2104	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2528 wrote to memory of 2028	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2528 wrote to memory of 2028	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2528 wrote to memory of 2028	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2528 wrote to memory of 2684	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2528 wrote to memory of 2684	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2528 wrote to memory of 2684	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2528 wrote to memory of 2072	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2528 wrote to memory of 2072	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2528 wrote to memory of 2072	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2528 wrote to memory of 2832	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2528 wrote to memory of 2832	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2528 wrote to memory of 2832	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2528 wrote to memory of 2732	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2528 wrote to memory of 2732	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2528 wrote to memory of 2732	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2528 wrote to memory of 2968	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2528 wrote to memory of 2968	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2528 wrote to memory of 2968	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2528 wrote to memory of 2912	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2528 wrote to memory of 2912	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2528 wrote to memory of 2912	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2528 wrote to memory of 2808	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2528 wrote to memory of 2808	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2528 wrote to memory of 2808	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2528 wrote to memory of 2616	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2528 wrote to memory of 2616	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2528 wrote to memory of 2616	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2528 wrote to memory of 1704	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2528 wrote to memory of 1704	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2528 wrote to memory of 1704	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2528 wrote to memory of 2648	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2528 wrote to memory of 2648	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2528 wrote to memory of 2648	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2528 wrote to memory of 268	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2528 wrote to memory of 268	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2528 wrote to memory of 268	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2528 wrote to memory of 1400	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2528 wrote to memory of 1400	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2528 wrote to memory of 1400	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2528 wrote to memory of 2692	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2528 wrote to memory of 2692	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2528 wrote to memory of 2692	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2528 wrote to memory of 532	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2528 wrote to memory of 532	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2528 wrote to memory of 532	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2528 wrote to memory of 1992	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2528 wrote to memory of 1992	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2528 wrote to memory of 1992	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2528 wrote to memory of 1452	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2528 wrote to memory of 1452	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2528 wrote to memory of 1452	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2528 wrote to memory of 592	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2528 wrote to memory of 592	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2528 wrote to memory of 592	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2528 wrote to memory of 1560	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2528 wrote to memory of 1560	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2528 wrote to memory of 1560	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2528 wrote to memory of 1964	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2528 wrote to memory of 1964	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2528 wrote to memory of 1964	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2528 wrote to memory of 1696	2528	2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-11_f71ea6ec4f086abbf4f42dbef1702736_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Windows\System\lqyVNBE.exe
  C:\Windows\System\lqyVNBE.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\FPHTbBd.exe
  C:\Windows\System\FPHTbBd.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\jbuMgYF.exe
  C:\Windows\System\jbuMgYF.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\LLZxWws.exe
  C:\Windows\System\LLZxWws.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\RXWDbnO.exe
  C:\Windows\System\RXWDbnO.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\VKMqvXY.exe
  C:\Windows\System\VKMqvXY.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\sYqmXnN.exe
  C:\Windows\System\sYqmXnN.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\VFMUwqR.exe
  C:\Windows\System\VFMUwqR.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\YPZrBOy.exe
  C:\Windows\System\YPZrBOy.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\oQAqOdV.exe
  C:\Windows\System\oQAqOdV.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\gKuxezt.exe
  C:\Windows\System\gKuxezt.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\baorXdg.exe
  C:\Windows\System\baorXdg.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\FQjYRDH.exe
  C:\Windows\System\FQjYRDH.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\IOheLtu.exe
  C:\Windows\System\IOheLtu.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\mfXKJrM.exe
  C:\Windows\System\mfXKJrM.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\dFLITAS.exe
  C:\Windows\System\dFLITAS.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\AzSHkrn.exe
  C:\Windows\System\AzSHkrn.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\jcpjukA.exe
  C:\Windows\System\jcpjukA.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\CJktjJY.exe
  C:\Windows\System\CJktjJY.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\FeNksAZ.exe
  C:\Windows\System\FeNksAZ.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\iPrfBOZ.exe
  C:\Windows\System\iPrfBOZ.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\wqVhckv.exe
  C:\Windows\System\wqVhckv.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\NyeWOJo.exe
  C:\Windows\System\NyeWOJo.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\GhzkkKV.exe
  C:\Windows\System\GhzkkKV.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\ZoxlzMY.exe
  C:\Windows\System\ZoxlzMY.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\wttSnRv.exe
  C:\Windows\System\wttSnRv.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\SaNTwxA.exe
  C:\Windows\System\SaNTwxA.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\bJxLHUj.exe
  C:\Windows\System\bJxLHUj.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\WnJekbE.exe
  C:\Windows\System\WnJekbE.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\BZoqkpZ.exe
  C:\Windows\System\BZoqkpZ.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\OoSCuRe.exe
  C:\Windows\System\OoSCuRe.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\wbImLIO.exe
  C:\Windows\System\wbImLIO.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\rrTwwZH.exe
  C:\Windows\System\rrTwwZH.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\CFRWcYL.exe
  C:\Windows\System\CFRWcYL.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\XHmPVGW.exe
  C:\Windows\System\XHmPVGW.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\VSimHtf.exe
  C:\Windows\System\VSimHtf.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\CCVHzBW.exe
  C:\Windows\System\CCVHzBW.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\aUWKOQl.exe
  C:\Windows\System\aUWKOQl.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\Hgmhomc.exe
  C:\Windows\System\Hgmhomc.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\pMUlQMQ.exe
  C:\Windows\System\pMUlQMQ.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\XQuNqgo.exe
  C:\Windows\System\XQuNqgo.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\GUgzDYV.exe
  C:\Windows\System\GUgzDYV.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\MygmlAU.exe
  C:\Windows\System\MygmlAU.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\ACZocLh.exe
  C:\Windows\System\ACZocLh.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\SjFUQmG.exe
  C:\Windows\System\SjFUQmG.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\PBllaEu.exe
  C:\Windows\System\PBllaEu.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\fexinTo.exe
  C:\Windows\System\fexinTo.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\CNtQPSU.exe
  C:\Windows\System\CNtQPSU.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\DgIMutk.exe
  C:\Windows\System\DgIMutk.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\WkVZUhg.exe
  C:\Windows\System\WkVZUhg.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\jUifmPV.exe
  C:\Windows\System\jUifmPV.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\ubpllxX.exe
  C:\Windows\System\ubpllxX.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\PwpdkLc.exe
  C:\Windows\System\PwpdkLc.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\GNxfzDh.exe
  C:\Windows\System\GNxfzDh.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\QbSolMI.exe
  C:\Windows\System\QbSolMI.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\JexIamm.exe
  C:\Windows\System\JexIamm.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\BtoIYTs.exe
  C:\Windows\System\BtoIYTs.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\buEXjCt.exe
  C:\Windows\System\buEXjCt.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\VXmQCUy.exe
  C:\Windows\System\VXmQCUy.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\dwQFcWi.exe
  C:\Windows\System\dwQFcWi.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\mbEImOl.exe
  C:\Windows\System\mbEImOl.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\XKoMFne.exe
  C:\Windows\System\XKoMFne.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\JXyZrzw.exe
  C:\Windows\System\JXyZrzw.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\uROQfVs.exe
  C:\Windows\System\uROQfVs.exe
  2⤵
  PID:2748
- C:\Windows\System\wlAlzfj.exe
  C:\Windows\System\wlAlzfj.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\eREXAiO.exe
  C:\Windows\System\eREXAiO.exe
  2⤵
  PID:2872
- C:\Windows\System\PAXjVMJ.exe
  C:\Windows\System\PAXjVMJ.exe
  2⤵
  PID:2676
- C:\Windows\System\DorGETy.exe
  C:\Windows\System\DorGETy.exe
  2⤵
  PID:2328
- C:\Windows\System\KSkrLen.exe
  C:\Windows\System\KSkrLen.exe
  2⤵
  PID:1416
- C:\Windows\System\KplUZPr.exe
  C:\Windows\System\KplUZPr.exe
  2⤵
  PID:1984
- C:\Windows\System\ENudwWY.exe
  C:\Windows\System\ENudwWY.exe
  2⤵
  PID:2864
- C:\Windows\System\rhySijC.exe
  C:\Windows\System\rhySijC.exe
  2⤵
  PID:1116
- C:\Windows\System\iBoTUVT.exe
  C:\Windows\System\iBoTUVT.exe
  2⤵
  PID:1636
- C:\Windows\System\NCqhqjX.exe
  C:\Windows\System\NCqhqjX.exe
  2⤵
  PID:3052
- C:\Windows\System\TrtXsgo.exe
  C:\Windows\System\TrtXsgo.exe
  2⤵
  PID:2936
- C:\Windows\System\fylLcZx.exe
  C:\Windows\System\fylLcZx.exe
  2⤵
  PID:1988
- C:\Windows\System\DnTZMda.exe
  C:\Windows\System\DnTZMda.exe
  2⤵
  PID:1892
- C:\Windows\System\WXufaMN.exe
  C:\Windows\System\WXufaMN.exe
  2⤵
  PID:900
- C:\Windows\System\GetGeqv.exe
  C:\Windows\System\GetGeqv.exe
  2⤵
  PID:800
- C:\Windows\System\rTOTdQR.exe
  C:\Windows\System\rTOTdQR.exe
  2⤵
  PID:2088
- C:\Windows\System\zORbGTg.exe
  C:\Windows\System\zORbGTg.exe
  2⤵
  PID:1736
- C:\Windows\System\YDoGMFL.exe
  C:\Windows\System\YDoGMFL.exe
  2⤵
  PID:2924
- C:\Windows\System\JOkAIjc.exe
  C:\Windows\System\JOkAIjc.exe
  2⤵
  PID:1888
- C:\Windows\System\PQjbRYz.exe
  C:\Windows\System\PQjbRYz.exe
  2⤵
  PID:2168
- C:\Windows\System\qTegEYS.exe
  C:\Windows\System\qTegEYS.exe
  2⤵
  PID:1828
- C:\Windows\System\NVLbjqH.exe
  C:\Windows\System\NVLbjqH.exe
  2⤵
  PID:2884
- C:\Windows\System\mYgeVQu.exe
  C:\Windows\System\mYgeVQu.exe
  2⤵
  PID:896
- C:\Windows\System\cbTVYeg.exe
  C:\Windows\System\cbTVYeg.exe
  2⤵
  PID:2300
- C:\Windows\System\kfmagqo.exe
  C:\Windows\System\kfmagqo.exe
  2⤵
  PID:2600
- C:\Windows\System\MqWIiZE.exe
  C:\Windows\System\MqWIiZE.exe
  2⤵
  PID:2928
- C:\Windows\System\eycUxTO.exe
  C:\Windows\System\eycUxTO.exe
  2⤵
  PID:2656
- C:\Windows\System\AKJgSzE.exe
  C:\Windows\System\AKJgSzE.exe
  2⤵
  PID:1412
- C:\Windows\System\cTLddqR.exe
  C:\Windows\System\cTLddqR.exe
  2⤵
  PID:1464
- C:\Windows\System\YLHARMj.exe
  C:\Windows\System\YLHARMj.exe
  2⤵
  PID:2004
- C:\Windows\System\fuOrzhj.exe
  C:\Windows\System\fuOrzhj.exe
  2⤵
  PID:1432
- C:\Windows\System\SnAGxEu.exe
  C:\Windows\System\SnAGxEu.exe
  2⤵
  PID:1120
- C:\Windows\System\QTBheeE.exe
  C:\Windows\System\QTBheeE.exe
  2⤵
  PID:1908
- C:\Windows\System\adQJlLO.exe
  C:\Windows\System\adQJlLO.exe
  2⤵
  PID:1692
- C:\Windows\System\OucUXFp.exe
  C:\Windows\System\OucUXFp.exe
  2⤵
  PID:3064
- C:\Windows\System\fMFQNfX.exe
  C:\Windows\System\fMFQNfX.exe
  2⤵
  PID:2116
- C:\Windows\System\IpvXBIM.exe
  C:\Windows\System\IpvXBIM.exe
  2⤵
  PID:2064
- C:\Windows\System\sUDVkSa.exe
  C:\Windows\System\sUDVkSa.exe
  2⤵
  PID:3068
- C:\Windows\System\PIUbTuz.exe
  C:\Windows\System\PIUbTuz.exe
  2⤵
  PID:2728
- C:\Windows\System\WazirnY.exe
  C:\Windows\System\WazirnY.exe
  2⤵
  PID:1944
- C:\Windows\System\pSANycQ.exe
  C:\Windows\System\pSANycQ.exe
  2⤵
  PID:2040
- C:\Windows\System\JiXOKHU.exe
  C:\Windows\System\JiXOKHU.exe
  2⤵
  PID:2188
- C:\Windows\System\UDngeOQ.exe
  C:\Windows\System\UDngeOQ.exe
  2⤵
  PID:1912
- C:\Windows\System\cNdzDfO.exe
  C:\Windows\System\cNdzDfO.exe
  2⤵
  PID:1312
- C:\Windows\System\vnvncEH.exe
  C:\Windows\System\vnvncEH.exe
  2⤵
  PID:1476
- C:\Windows\System\tJZlyXt.exe
  C:\Windows\System\tJZlyXt.exe
  2⤵
  PID:2604
- C:\Windows\System\GOYszHl.exe
  C:\Windows\System\GOYszHl.exe
  2⤵
  PID:1928
- C:\Windows\System\lAAszOQ.exe
  C:\Windows\System\lAAszOQ.exe
  2⤵
  PID:2852
- C:\Windows\System\hIkyUoP.exe
  C:\Windows\System\hIkyUoP.exe
  2⤵
  PID:1144
- C:\Windows\System\LKOeahd.exe
  C:\Windows\System\LKOeahd.exe
  2⤵
  PID:2144
- C:\Windows\System\JzZYnkf.exe
  C:\Windows\System\JzZYnkf.exe
  2⤵
  PID:2224
- C:\Windows\System\pffByCf.exe
  C:\Windows\System\pffByCf.exe
  2⤵
  PID:2500
- C:\Windows\System\RMwWSZz.exe
  C:\Windows\System\RMwWSZz.exe
  2⤵
  PID:1976
- C:\Windows\System\tNLnxXE.exe
  C:\Windows\System\tNLnxXE.exe
  2⤵
  PID:1448
- C:\Windows\System\ZUzTarS.exe
  C:\Windows\System\ZUzTarS.exe
  2⤵
  PID:2160
- C:\Windows\System\PKKLeGg.exe
  C:\Windows\System\PKKLeGg.exe
  2⤵
  PID:2236
- C:\Windows\System\BzQpiqr.exe
  C:\Windows\System\BzQpiqr.exe
  2⤵
  PID:580
- C:\Windows\System\cTVhQHA.exe
  C:\Windows\System\cTVhQHA.exe
  2⤵
  PID:2496
- C:\Windows\System\HrIuNod.exe
  C:\Windows\System\HrIuNod.exe
  2⤵
  PID:2356
- C:\Windows\System\yDPKdRn.exe
  C:\Windows\System\yDPKdRn.exe
  2⤵
  PID:2952
- C:\Windows\System\oygGSoR.exe
  C:\Windows\System\oygGSoR.exe
  2⤵
  PID:2868
- C:\Windows\System\rjuKPVQ.exe
  C:\Windows\System\rjuKPVQ.exe
  2⤵
  PID:3084
- C:\Windows\System\AjfnMhz.exe
  C:\Windows\System\AjfnMhz.exe
  2⤵
  PID:3100
- C:\Windows\System\JcuJCRd.exe
  C:\Windows\System\JcuJCRd.exe
  2⤵
  PID:3116
- C:\Windows\System\wOjgEyC.exe
  C:\Windows\System\wOjgEyC.exe
  2⤵
  PID:3136
- C:\Windows\System\dOggKgP.exe
  C:\Windows\System\dOggKgP.exe
  2⤵
  PID:3156
- C:\Windows\System\NdbPEBW.exe
  C:\Windows\System\NdbPEBW.exe
  2⤵
  PID:3176
- C:\Windows\System\vjnqlXg.exe
  C:\Windows\System\vjnqlXg.exe
  2⤵
  PID:3196
- C:\Windows\System\xNhMjKN.exe
  C:\Windows\System\xNhMjKN.exe
  2⤵
  PID:3216
- C:\Windows\System\iunBrqp.exe
  C:\Windows\System\iunBrqp.exe
  2⤵
  PID:3232
- C:\Windows\System\kFWjIWj.exe
  C:\Windows\System\kFWjIWj.exe
  2⤵
  PID:3248
- C:\Windows\System\KpXKJRB.exe
  C:\Windows\System\KpXKJRB.exe
  2⤵
  PID:3268
- C:\Windows\System\NKJOBEf.exe
  C:\Windows\System\NKJOBEf.exe
  2⤵
  PID:3284
- C:\Windows\System\OtpKngL.exe
  C:\Windows\System\OtpKngL.exe
  2⤵
  PID:3320
- C:\Windows\System\sURdjXc.exe
  C:\Windows\System\sURdjXc.exe
  2⤵
  PID:3380
- C:\Windows\System\UNImctv.exe
  C:\Windows\System\UNImctv.exe
  2⤵
  PID:3396
- C:\Windows\System\PFPbkqW.exe
  C:\Windows\System\PFPbkqW.exe
  2⤵
  PID:3412
- C:\Windows\System\pnFDHgk.exe
  C:\Windows\System\pnFDHgk.exe
  2⤵
  PID:3428
- C:\Windows\System\giRCBIB.exe
  C:\Windows\System\giRCBIB.exe
  2⤵
  PID:3444
- C:\Windows\System\YuATqhh.exe
  C:\Windows\System\YuATqhh.exe
  2⤵
  PID:3460
- C:\Windows\System\jrJKEMJ.exe
  C:\Windows\System\jrJKEMJ.exe
  2⤵
  PID:3476
- C:\Windows\System\cPyRfYf.exe
  C:\Windows\System\cPyRfYf.exe
  2⤵
  PID:3492
- C:\Windows\System\mLEMpTq.exe
  C:\Windows\System\mLEMpTq.exe
  2⤵
  PID:3508
- C:\Windows\System\lZyFtcZ.exe
  C:\Windows\System\lZyFtcZ.exe
  2⤵
  PID:3524
- C:\Windows\System\BbISUQO.exe
  C:\Windows\System\BbISUQO.exe
  2⤵
  PID:3540
- C:\Windows\System\GeScBnL.exe
  C:\Windows\System\GeScBnL.exe
  2⤵
  PID:3556
- C:\Windows\System\IkTozHQ.exe
  C:\Windows\System\IkTozHQ.exe
  2⤵
  PID:3572
- C:\Windows\System\JpafgVe.exe
  C:\Windows\System\JpafgVe.exe
  2⤵
  PID:3588
- C:\Windows\System\gollzRP.exe
  C:\Windows\System\gollzRP.exe
  2⤵
  PID:3604
- C:\Windows\System\ywcHVnP.exe
  C:\Windows\System\ywcHVnP.exe
  2⤵
  PID:3620
- C:\Windows\System\JKiSWMm.exe
  C:\Windows\System\JKiSWMm.exe
  2⤵
  PID:3636
- C:\Windows\System\ZQOogeY.exe
  C:\Windows\System\ZQOogeY.exe
  2⤵
  PID:3652
- C:\Windows\System\WLomqAE.exe
  C:\Windows\System\WLomqAE.exe
  2⤵
  PID:3668
- C:\Windows\System\UMwhkSB.exe
  C:\Windows\System\UMwhkSB.exe
  2⤵
  PID:3688
- C:\Windows\System\QKoGbyI.exe
  C:\Windows\System\QKoGbyI.exe
  2⤵
  PID:3704
- C:\Windows\System\eiLzrVI.exe
  C:\Windows\System\eiLzrVI.exe
  2⤵
  PID:3720
- C:\Windows\System\Sttyinx.exe
  C:\Windows\System\Sttyinx.exe
  2⤵
  PID:3736
- C:\Windows\System\xBqJjxS.exe
  C:\Windows\System\xBqJjxS.exe
  2⤵
  PID:3752
- C:\Windows\System\MZqbZCQ.exe
  C:\Windows\System\MZqbZCQ.exe
  2⤵
  PID:3768
- C:\Windows\System\iYeiegT.exe
  C:\Windows\System\iYeiegT.exe
  2⤵
  PID:3784
- C:\Windows\System\YBwhjKe.exe
  C:\Windows\System\YBwhjKe.exe
  2⤵
  PID:3800
- C:\Windows\System\fiqAtwm.exe
  C:\Windows\System\fiqAtwm.exe
  2⤵
  PID:3820
- C:\Windows\System\ovQhUam.exe
  C:\Windows\System\ovQhUam.exe
  2⤵
  PID:3880
- C:\Windows\System\JQioiEy.exe
  C:\Windows\System\JQioiEy.exe
  2⤵
  PID:3960
- C:\Windows\System\kGHLRbp.exe
  C:\Windows\System\kGHLRbp.exe
  2⤵
  PID:3980
- C:\Windows\System\bdVPpBE.exe
  C:\Windows\System\bdVPpBE.exe
  2⤵
  PID:3996
- C:\Windows\System\PsGXrfJ.exe
  C:\Windows\System\PsGXrfJ.exe
  2⤵
  PID:4012
- C:\Windows\System\luWKUHv.exe
  C:\Windows\System\luWKUHv.exe
  2⤵
  PID:4052
- C:\Windows\System\fwkUckr.exe
  C:\Windows\System\fwkUckr.exe
  2⤵
  PID:4068
- C:\Windows\System\McCNZzM.exe
  C:\Windows\System\McCNZzM.exe
  2⤵
  PID:2812
- C:\Windows\System\aHJBJMl.exe
  C:\Windows\System\aHJBJMl.exe
  2⤵
  PID:3092
- C:\Windows\System\veiYXVh.exe
  C:\Windows\System\veiYXVh.exe
  2⤵
  PID:3132
- C:\Windows\System\jupalbd.exe
  C:\Windows\System\jupalbd.exe
  2⤵
  PID:3212
- C:\Windows\System\unGwREs.exe
  C:\Windows\System\unGwREs.exe
  2⤵
  PID:540
- C:\Windows\System\hqLDBkw.exe
  C:\Windows\System\hqLDBkw.exe
  2⤵
  PID:1960
- C:\Windows\System\CkfNdUr.exe
  C:\Windows\System\CkfNdUr.exe
  2⤵
  PID:296
- C:\Windows\System\VkytgSn.exe
  C:\Windows\System\VkytgSn.exe
  2⤵
  PID:3328
- C:\Windows\System\gvDSirh.exe
  C:\Windows\System\gvDSirh.exe
  2⤵
  PID:3344
- C:\Windows\System\vPNZVNE.exe
  C:\Windows\System\vPNZVNE.exe
  2⤵
  PID:3112
- C:\Windows\System\GyHvzUo.exe
  C:\Windows\System\GyHvzUo.exe
  2⤵
  PID:3152
- C:\Windows\System\VHpgLcz.exe
  C:\Windows\System\VHpgLcz.exe
  2⤵
  PID:3264
- C:\Windows\System\fwmdhqU.exe
  C:\Windows\System\fwmdhqU.exe
  2⤵
  PID:3192
- C:\Windows\System\jrSUsiK.exe
  C:\Windows\System\jrSUsiK.exe
  2⤵
  PID:1896
- C:\Windows\System\UZXZvMn.exe
  C:\Windows\System\UZXZvMn.exe
  2⤵
  PID:3404
- C:\Windows\System\hYTtsQH.exe
  C:\Windows\System\hYTtsQH.exe
  2⤵
  PID:3468
- C:\Windows\System\DSmCvIW.exe
  C:\Windows\System\DSmCvIW.exe
  2⤵
  PID:3424
- C:\Windows\System\MYFcrkh.exe
  C:\Windows\System\MYFcrkh.exe
  2⤵
  PID:3504
- C:\Windows\System\WAhCnTv.exe
  C:\Windows\System\WAhCnTv.exe
  2⤵
  PID:3564
- C:\Windows\System\guMXHBc.exe
  C:\Windows\System\guMXHBc.exe
  2⤵
  PID:3568
- C:\Windows\System\fUxHoJv.exe
  C:\Windows\System\fUxHoJv.exe
  2⤵
  PID:3548
- C:\Windows\System\mKfsftN.exe
  C:\Windows\System\mKfsftN.exe
  2⤵
  PID:3584
- C:\Windows\System\ckQNdrW.exe
  C:\Windows\System\ckQNdrW.exe
  2⤵
  PID:3700
- C:\Windows\System\jAyiDko.exe
  C:\Windows\System\jAyiDko.exe
  2⤵
  PID:3732
- C:\Windows\System\cdeGuGn.exe
  C:\Windows\System\cdeGuGn.exe
  2⤵
  PID:3644
- C:\Windows\System\tSlMDOB.exe
  C:\Windows\System\tSlMDOB.exe
  2⤵
  PID:3676
- C:\Windows\System\xVIapBy.exe
  C:\Windows\System\xVIapBy.exe
  2⤵
  PID:2720
- C:\Windows\System\YVvwOwg.exe
  C:\Windows\System\YVvwOwg.exe
  2⤵
  PID:3832
- C:\Windows\System\xnzPkuQ.exe
  C:\Windows\System\xnzPkuQ.exe
  2⤵
  PID:3848
- C:\Windows\System\wVolzte.exe
  C:\Windows\System\wVolzte.exe
  2⤵
  PID:3868
- C:\Windows\System\FFIITto.exe
  C:\Windows\System\FFIITto.exe
  2⤵
  PID:3776
- C:\Windows\System\jnmqJtk.exe
  C:\Windows\System\jnmqJtk.exe
  2⤵
  PID:3968
- C:\Windows\System\AZBSHIO.exe
  C:\Windows\System\AZBSHIO.exe
  2⤵
  PID:2680
- C:\Windows\System\NZzRPvY.exe
  C:\Windows\System\NZzRPvY.exe
  2⤵
  PID:3908
- C:\Windows\System\XQWUxJP.exe
  C:\Windows\System\XQWUxJP.exe
  2⤵
  PID:3924
- C:\Windows\System\YZboztl.exe
  C:\Windows\System\YZboztl.exe
  2⤵
  PID:3944
- C:\Windows\System\SrJeGhN.exe
  C:\Windows\System\SrJeGhN.exe
  2⤵
  PID:3988
- C:\Windows\System\CQAGjqJ.exe
  C:\Windows\System\CQAGjqJ.exe
  2⤵
  PID:4040
- C:\Windows\System\UcjeXcP.exe
  C:\Windows\System\UcjeXcP.exe
  2⤵
  PID:1664
- C:\Windows\System\qjZqFRH.exe
  C:\Windows\System\qjZqFRH.exe
  2⤵
  PID:2296
- C:\Windows\System\zMPAJRz.exe
  C:\Windows\System\zMPAJRz.exe
  2⤵
  PID:1016
- C:\Windows\System\aGYCzaO.exe
  C:\Windows\System\aGYCzaO.exe
  2⤵
  PID:576
- C:\Windows\System\UwRClKw.exe
  C:\Windows\System\UwRClKw.exe
  2⤵
  PID:2276
- C:\Windows\System\YfVIdPe.exe
  C:\Windows\System\YfVIdPe.exe
  2⤵
  PID:2696
- C:\Windows\System\bJpIVnM.exe
  C:\Windows\System\bJpIVnM.exe
  2⤵
  PID:2288
- C:\Windows\System\qGMMUPc.exe
  C:\Windows\System\qGMMUPc.exe
  2⤵
  PID:1204
- C:\Windows\System\vJpPctQ.exe
  C:\Windows\System\vJpPctQ.exe
  2⤵
  PID:3300
- C:\Windows\System\eAFHIPF.exe
  C:\Windows\System\eAFHIPF.exe
  2⤵
  PID:2624
- C:\Windows\System\AmfhtRa.exe
  C:\Windows\System\AmfhtRa.exe
  2⤵
  PID:3172
- C:\Windows\System\CgDtuzQ.exe
  C:\Windows\System\CgDtuzQ.exe
  2⤵
  PID:1268
- C:\Windows\System\VdeZSgH.exe
  C:\Windows\System\VdeZSgH.exe
  2⤵
  PID:2948
- C:\Windows\System\BVrGkLd.exe
  C:\Windows\System\BVrGkLd.exe
  2⤵
  PID:1600
- C:\Windows\System\GMYOitx.exe
  C:\Windows\System\GMYOitx.exe
  2⤵
  PID:3080
- C:\Windows\System\VsYvMNy.exe
  C:\Windows\System\VsYvMNy.exe
  2⤵
  PID:3292
- C:\Windows\System\BbAvNOe.exe
  C:\Windows\System\BbAvNOe.exe
  2⤵
  PID:3440
- C:\Windows\System\wQkLDJr.exe
  C:\Windows\System\wQkLDJr.exe
  2⤵
  PID:3516
- C:\Windows\System\rTzmgmZ.exe
  C:\Windows\System\rTzmgmZ.exe
  2⤵
  PID:3628
- C:\Windows\System\Brdetys.exe
  C:\Windows\System\Brdetys.exe
  2⤵
  PID:1772
- C:\Windows\System\CSBTyUV.exe
  C:\Windows\System\CSBTyUV.exe
  2⤵
  PID:3888
- C:\Windows\System\oTAVzHo.exe
  C:\Windows\System\oTAVzHo.exe
  2⤵
  PID:3716
- C:\Windows\System\rTfVVBS.exe
  C:\Windows\System\rTfVVBS.exe
  2⤵
  PID:3148
- C:\Windows\System\oupfBtk.exe
  C:\Windows\System\oupfBtk.exe
  2⤵
  PID:1776
- C:\Windows\System\ahqYwrU.exe
  C:\Windows\System\ahqYwrU.exe
  2⤵
  PID:3836
- C:\Windows\System\mUhKZNI.exe
  C:\Windows\System\mUhKZNI.exe
  2⤵
  PID:3920
- C:\Windows\System\MtRsWjO.exe
  C:\Windows\System\MtRsWjO.exe
  2⤵
  PID:3580
- C:\Windows\System\KTQqHVJ.exe
  C:\Windows\System\KTQqHVJ.exe
  2⤵
  PID:1496
- C:\Windows\System\PQgtwWs.exe
  C:\Windows\System\PQgtwWs.exe
  2⤵
  PID:316
- C:\Windows\System\WSwWkJX.exe
  C:\Windows\System\WSwWkJX.exe
  2⤵
  PID:3684
- C:\Windows\System\AFabtoN.exe
  C:\Windows\System\AFabtoN.exe
  2⤵
  PID:2124
- C:\Windows\System\sxQbnpy.exe
  C:\Windows\System\sxQbnpy.exe
  2⤵
  PID:2316
- C:\Windows\System\XMtfPmK.exe
  C:\Windows\System\XMtfPmK.exe
  2⤵
  PID:2804
- C:\Windows\System\gYvRYRF.exe
  C:\Windows\System\gYvRYRF.exe
  2⤵
  PID:320
- C:\Windows\System\cHRDKvL.exe
  C:\Windows\System\cHRDKvL.exe
  2⤵
  PID:1656
- C:\Windows\System\BAYPHhh.exe
  C:\Windows\System\BAYPHhh.exe
  2⤵
  PID:3356
- C:\Windows\System\dCIVoAy.exe
  C:\Windows\System\dCIVoAy.exe
  2⤵
  PID:3500
- C:\Windows\System\ihVOejR.exe
  C:\Windows\System\ihVOejR.exe
  2⤵
  PID:1352
- C:\Windows\System\NeLDXDR.exe
  C:\Windows\System\NeLDXDR.exe
  2⤵
  PID:3600
- C:\Windows\System\mrYrRCY.exe
  C:\Windows\System\mrYrRCY.exe
  2⤵
  PID:3420
- C:\Windows\System\PVEAdUz.exe
  C:\Windows\System\PVEAdUz.exe
  2⤵
  PID:2440
- C:\Windows\System\gnORWXy.exe
  C:\Windows\System\gnORWXy.exe
  2⤵
  PID:3348
- C:\Windows\System\kLPtWfH.exe
  C:\Windows\System\kLPtWfH.exe
  2⤵
  PID:3896
- C:\Windows\System\cvhIRPL.exe
  C:\Windows\System\cvhIRPL.exe
  2⤵
  PID:2760
- C:\Windows\System\anUxwAz.exe
  C:\Windows\System\anUxwAz.exe
  2⤵
  PID:4024
- C:\Windows\System\xHygxPy.exe
  C:\Windows\System\xHygxPy.exe
  2⤵
  PID:3664
- C:\Windows\System\EKFCPkg.exe
  C:\Windows\System\EKFCPkg.exe
  2⤵
  PID:3680
- C:\Windows\System\WDmbqTN.exe
  C:\Windows\System\WDmbqTN.exe
  2⤵
  PID:3712
- C:\Windows\System\NksDUHM.exe
  C:\Windows\System\NksDUHM.exe
  2⤵
  PID:4080
- C:\Windows\System\XwaVFQO.exe
  C:\Windows\System\XwaVFQO.exe
  2⤵
  PID:2848
- C:\Windows\System\mjwSBaw.exe
  C:\Windows\System\mjwSBaw.exe
  2⤵
  PID:4028
- C:\Windows\System\bOpBZWj.exe
  C:\Windows\System\bOpBZWj.exe
  2⤵
  PID:3024
- C:\Windows\System\GKJkuYc.exe
  C:\Windows\System\GKJkuYc.exe
  2⤵
  PID:2324
- C:\Windows\System\suzFRsr.exe
  C:\Windows\System\suzFRsr.exe
  2⤵
  PID:2632
- C:\Windows\System\GSlBPjv.exe
  C:\Windows\System\GSlBPjv.exe
  2⤵
  PID:3536
- C:\Windows\System\mmSNLsC.exe
  C:\Windows\System\mmSNLsC.exe
  2⤵
  PID:2132
- C:\Windows\System\GTCmkCc.exe
  C:\Windows\System\GTCmkCc.exe
  2⤵
  PID:3792
- C:\Windows\System\FiIbKqU.exe
  C:\Windows\System\FiIbKqU.exe
  2⤵
  PID:2908
- C:\Windows\System\cQeJOTc.exe
  C:\Windows\System\cQeJOTc.exe
  2⤵
  PID:628
- C:\Windows\System\wSjPoel.exe
  C:\Windows\System\wSjPoel.exe
  2⤵
  PID:3392
- C:\Windows\System\QnUOwPT.exe
  C:\Windows\System\QnUOwPT.exe
  2⤵
  PID:3892
- C:\Windows\System\JCvVixx.exe
  C:\Windows\System\JCvVixx.exe
  2⤵
  PID:640
- C:\Windows\System\kPLYqYY.exe
  C:\Windows\System\kPLYqYY.exe
  2⤵
  PID:3952
- C:\Windows\System\glbUaGK.exe
  C:\Windows\System\glbUaGK.exe
  2⤵
  PID:2000
- C:\Windows\System\YVVqEIc.exe
  C:\Windows\System\YVVqEIc.exe
  2⤵
  PID:2024
- C:\Windows\System\WwTunFC.exe
  C:\Windows\System\WwTunFC.exe
  2⤵
  PID:2092
- C:\Windows\System\BJSsNry.exe
  C:\Windows\System\BJSsNry.exe
  2⤵
  PID:2164
- C:\Windows\System\NWSkaRj.exe
  C:\Windows\System\NWSkaRj.exe
  2⤵
  PID:3184
- C:\Windows\System\pubejBd.exe
  C:\Windows\System\pubejBd.exe
  2⤵
  PID:3864
- C:\Windows\System\ptMyiSN.exe
  C:\Windows\System\ptMyiSN.exe
  2⤵
  PID:3128
- C:\Windows\System\OftCZeb.exe
  C:\Windows\System\OftCZeb.exe
  2⤵
  PID:1056
- C:\Windows\System\COqoSgP.exe
  C:\Windows\System\COqoSgP.exe
  2⤵
  PID:1208
- C:\Windows\System\qQNZagD.exe
  C:\Windows\System\qQNZagD.exe
  2⤵
  PID:3764
- C:\Windows\System\wVNWagX.exe
  C:\Windows\System\wVNWagX.exe
  2⤵
  PID:3208
- C:\Windows\System\tazcBQf.exe
  C:\Windows\System\tazcBQf.exe
  2⤵
  PID:2108
- C:\Windows\System\BhwHLEX.exe
  C:\Windows\System\BhwHLEX.exe
  2⤵
  PID:2548
- C:\Windows\System\apRFZuw.exe
  C:\Windows\System\apRFZuw.exe
  2⤵
  PID:3436
- C:\Windows\System\kAKpdQp.exe
  C:\Windows\System\kAKpdQp.exe
  2⤵
  PID:3076
- C:\Windows\System\CAqIRaU.exe
  C:\Windows\System\CAqIRaU.exe
  2⤵
  PID:3372
- C:\Windows\System\UjZYcSd.exe
  C:\Windows\System\UjZYcSd.exe
  2⤵
  PID:3876
- C:\Windows\System\ofMDXhC.exe
  C:\Windows\System\ofMDXhC.exe
  2⤵
  PID:4088
- C:\Windows\System\hvBrOSB.exe
  C:\Windows\System\hvBrOSB.exe
  2⤵
  PID:3532
- C:\Windows\System\ThtUCks.exe
  C:\Windows\System\ThtUCks.exe
  2⤵
  PID:2956
- C:\Windows\System\nywNPGm.exe
  C:\Windows\System\nywNPGm.exe
  2⤵
  PID:2576
- C:\Windows\System\fYzErNu.exe
  C:\Windows\System\fYzErNu.exe
  2⤵
  PID:1572
- C:\Windows\System\gjblrGY.exe
  C:\Windows\System\gjblrGY.exe
  2⤵
  PID:4100
- C:\Windows\System\ymccuTK.exe
  C:\Windows\System\ymccuTK.exe
  2⤵
  PID:4116
- C:\Windows\System\HXXsACh.exe
  C:\Windows\System\HXXsACh.exe
  2⤵
  PID:4136
- C:\Windows\System\kbmVKYN.exe
  C:\Windows\System\kbmVKYN.exe
  2⤵
  PID:4172
- C:\Windows\System\jNhVnxW.exe
  C:\Windows\System\jNhVnxW.exe
  2⤵
  PID:4188
- C:\Windows\System\QoxaqeA.exe
  C:\Windows\System\QoxaqeA.exe
  2⤵
  PID:4212
- C:\Windows\System\fpotHaF.exe
  C:\Windows\System\fpotHaF.exe
  2⤵
  PID:4228
- C:\Windows\System\GbqcZBs.exe
  C:\Windows\System\GbqcZBs.exe
  2⤵
  PID:4244
- C:\Windows\System\KcQpSod.exe
  C:\Windows\System\KcQpSod.exe
  2⤵
  PID:4268
- C:\Windows\System\pDOfyeP.exe
  C:\Windows\System\pDOfyeP.exe
  2⤵
  PID:4288
- C:\Windows\System\mEZcahZ.exe
  C:\Windows\System\mEZcahZ.exe
  2⤵
  PID:4316
- C:\Windows\System\histjER.exe
  C:\Windows\System\histjER.exe
  2⤵
  PID:4336
- C:\Windows\System\ldwBrqM.exe
  C:\Windows\System\ldwBrqM.exe
  2⤵
  PID:4356
- C:\Windows\System\IxFNNPI.exe
  C:\Windows\System\IxFNNPI.exe
  2⤵
  PID:4372
- C:\Windows\System\oHeMrcC.exe
  C:\Windows\System\oHeMrcC.exe
  2⤵
  PID:4392
- C:\Windows\System\yngneOV.exe
  C:\Windows\System\yngneOV.exe
  2⤵
  PID:4408
- C:\Windows\System\ruOMUJU.exe
  C:\Windows\System\ruOMUJU.exe
  2⤵
  PID:4424
- C:\Windows\System\egoJSTg.exe
  C:\Windows\System\egoJSTg.exe
  2⤵
  PID:4440
- C:\Windows\System\TcVQdog.exe
  C:\Windows\System\TcVQdog.exe
  2⤵
  PID:4456
- C:\Windows\System\WjMatnO.exe
  C:\Windows\System\WjMatnO.exe
  2⤵
  PID:4496
- C:\Windows\System\GRkSAPH.exe
  C:\Windows\System\GRkSAPH.exe
  2⤵
  PID:4516
- C:\Windows\System\tbCMbNs.exe
  C:\Windows\System\tbCMbNs.exe
  2⤵
  PID:4532
- C:\Windows\System\llnoJmd.exe
  C:\Windows\System\llnoJmd.exe
  2⤵
  PID:4548
- C:\Windows\System\MLONJSR.exe
  C:\Windows\System\MLONJSR.exe
  2⤵
  PID:4576
- C:\Windows\System\fPChVeo.exe
  C:\Windows\System\fPChVeo.exe
  2⤵
  PID:4596
- C:\Windows\System\TswTHli.exe
  C:\Windows\System\TswTHli.exe
  2⤵
  PID:4612
- C:\Windows\System\RoViWPr.exe
  C:\Windows\System\RoViWPr.exe
  2⤵
  PID:4636
- C:\Windows\System\XlAZtDd.exe
  C:\Windows\System\XlAZtDd.exe
  2⤵
  PID:4652
- C:\Windows\System\yjfFrzp.exe
  C:\Windows\System\yjfFrzp.exe
  2⤵
  PID:4676
- C:\Windows\System\QCqIeTx.exe
  C:\Windows\System\QCqIeTx.exe
  2⤵
  PID:4696
- C:\Windows\System\hHeMlDZ.exe
  C:\Windows\System\hHeMlDZ.exe
  2⤵
  PID:4720
- C:\Windows\System\WiNDSkv.exe
  C:\Windows\System\WiNDSkv.exe
  2⤵
  PID:4740
- C:\Windows\System\UZMCGzH.exe
  C:\Windows\System\UZMCGzH.exe
  2⤵
  PID:4760
- C:\Windows\System\TcSlyOg.exe
  C:\Windows\System\TcSlyOg.exe
  2⤵
  PID:4776
- C:\Windows\System\HsYbQmI.exe
  C:\Windows\System\HsYbQmI.exe
  2⤵
  PID:4792
- C:\Windows\System\BAamTqJ.exe
  C:\Windows\System\BAamTqJ.exe
  2⤵
  PID:4820
- C:\Windows\System\ltrcsVB.exe
  C:\Windows\System\ltrcsVB.exe
  2⤵
  PID:4840
- C:\Windows\System\IbOaDbO.exe
  C:\Windows\System\IbOaDbO.exe
  2⤵
  PID:4856
- C:\Windows\System\rZEcDxj.exe
  C:\Windows\System\rZEcDxj.exe
  2⤵
  PID:4876
- C:\Windows\System\JVKpQzE.exe
  C:\Windows\System\JVKpQzE.exe
  2⤵
  PID:4900
- C:\Windows\System\rBAefaE.exe
  C:\Windows\System\rBAefaE.exe
  2⤵
  PID:4916
- C:\Windows\System\bnsHbGJ.exe
  C:\Windows\System\bnsHbGJ.exe
  2⤵
  PID:4936
- C:\Windows\System\hKaUJpg.exe
  C:\Windows\System\hKaUJpg.exe
  2⤵
  PID:4960
- C:\Windows\System\sERZUMR.exe
  C:\Windows\System\sERZUMR.exe
  2⤵
  PID:4976
- C:\Windows\System\BIYHFXq.exe
  C:\Windows\System\BIYHFXq.exe
  2⤵
  PID:5000
- C:\Windows\System\AEqeiad.exe
  C:\Windows\System\AEqeiad.exe
  2⤵
  PID:5016
- C:\Windows\System\MIqYcon.exe
  C:\Windows\System\MIqYcon.exe
  2⤵
  PID:5040
- C:\Windows\System\GsqbhWn.exe
  C:\Windows\System\GsqbhWn.exe
  2⤵
  PID:5060
- C:\Windows\System\ncfnBdf.exe
  C:\Windows\System\ncfnBdf.exe
  2⤵
  PID:5076
- C:\Windows\System\IhOUuCr.exe
  C:\Windows\System\IhOUuCr.exe
  2⤵
  PID:5096
- C:\Windows\System\NjjeCYI.exe
  C:\Windows\System\NjjeCYI.exe
  2⤵
  PID:5116
- C:\Windows\System\uRHSoEy.exe
  C:\Windows\System\uRHSoEy.exe
  2⤵
  PID:4160
- C:\Windows\System\axqiRoy.exe
  C:\Windows\System\axqiRoy.exe
  2⤵
  PID:4128
- C:\Windows\System\vVdmobI.exe
  C:\Windows\System\vVdmobI.exe
  2⤵
  PID:4124
- C:\Windows\System\EwHgvtX.exe
  C:\Windows\System\EwHgvtX.exe
  2⤵
  PID:4200
- C:\Windows\System\WhrRhRj.exe
  C:\Windows\System\WhrRhRj.exe
  2⤵
  PID:4240
- C:\Windows\System\EMSvtxU.exe
  C:\Windows\System\EMSvtxU.exe
  2⤵
  PID:4264
- C:\Windows\System\QUIfxmC.exe
  C:\Windows\System\QUIfxmC.exe
  2⤵
  PID:4284
- C:\Windows\System\NSSKElu.exe
  C:\Windows\System\NSSKElu.exe
  2⤵
  PID:4324
- C:\Windows\System\BKpivbl.exe
  C:\Windows\System\BKpivbl.exe
  2⤵
  PID:4368
- C:\Windows\System\iXVzLiV.exe
  C:\Windows\System\iXVzLiV.exe
  2⤵
  PID:4464
- C:\Windows\System\YepgGOn.exe
  C:\Windows\System\YepgGOn.exe
  2⤵
  PID:4468
- C:\Windows\System\NKgwlHs.exe
  C:\Windows\System\NKgwlHs.exe
  2⤵
  PID:4384
- C:\Windows\System\eDFtsto.exe
  C:\Windows\System\eDFtsto.exe
  2⤵
  PID:4472
- C:\Windows\System\hhHFOCT.exe
  C:\Windows\System\hhHFOCT.exe
  2⤵
  PID:4524
- C:\Windows\System\YBBkPfA.exe
  C:\Windows\System\YBBkPfA.exe
  2⤵
  PID:4560
- C:\Windows\System\yslTzgj.exe
  C:\Windows\System\yslTzgj.exe
  2⤵
  PID:4592
- C:\Windows\System\LDtxbkd.exe
  C:\Windows\System\LDtxbkd.exe
  2⤵
  PID:4620
- C:\Windows\System\rOxZpYO.exe
  C:\Windows\System\rOxZpYO.exe
  2⤵
  PID:4660
- C:\Windows\System\lxcbAim.exe
  C:\Windows\System\lxcbAim.exe
  2⤵
  PID:4684
- C:\Windows\System\AiCopTk.exe
  C:\Windows\System\AiCopTk.exe
  2⤵
  PID:4712
- C:\Windows\System\QSLkAmK.exe
  C:\Windows\System\QSLkAmK.exe
  2⤵
  PID:4756
- C:\Windows\System\OcLzyve.exe
  C:\Windows\System\OcLzyve.exe
  2⤵
  PID:4804
- C:\Windows\System\YFpxfHX.exe
  C:\Windows\System\YFpxfHX.exe
  2⤵
  PID:4788
- C:\Windows\System\uvmvKjq.exe
  C:\Windows\System\uvmvKjq.exe
  2⤵
  PID:4852
- C:\Windows\System\jjNqXLE.exe
  C:\Windows\System\jjNqXLE.exe
  2⤵
  PID:4892
- C:\Windows\System\tphHQRK.exe
  C:\Windows\System\tphHQRK.exe
  2⤵
  PID:4912
- C:\Windows\System\ZJeJWPB.exe
  C:\Windows\System\ZJeJWPB.exe
  2⤵
  PID:4948
- C:\Windows\System\QccMCPH.exe
  C:\Windows\System\QccMCPH.exe
  2⤵
  PID:4984
- C:\Windows\System\xnszUKS.exe
  C:\Windows\System\xnszUKS.exe
  2⤵
  PID:5008
- C:\Windows\System\BIQgdUq.exe
  C:\Windows\System\BIQgdUq.exe
  2⤵
  PID:5036
- C:\Windows\System\hqMUhId.exe
  C:\Windows\System\hqMUhId.exe
  2⤵
  PID:5052
- C:\Windows\System\HwCOnwy.exe
  C:\Windows\System\HwCOnwy.exe
  2⤵
  PID:1372
- C:\Windows\System\WbMbTXt.exe
  C:\Windows\System\WbMbTXt.exe
  2⤵
  PID:4164
- C:\Windows\System\noiVQml.exe
  C:\Windows\System\noiVQml.exe
  2⤵
  PID:4196
- C:\Windows\System\jBjGUEI.exe
  C:\Windows\System\jBjGUEI.exe
  2⤵
  PID:4180
- C:\Windows\System\PdWWMFy.exe
  C:\Windows\System\PdWWMFy.exe
  2⤵
  PID:4260
- C:\Windows\System\efEycHF.exe
  C:\Windows\System\efEycHF.exe
  2⤵
  PID:4328
- C:\Windows\System\dobZNNh.exe
  C:\Windows\System\dobZNNh.exe
  2⤵
  PID:4348
- C:\Windows\System\taUhjcP.exe
  C:\Windows\System\taUhjcP.exe
  2⤵
  PID:4484
- C:\Windows\System\GVcDzCP.exe
  C:\Windows\System\GVcDzCP.exe
  2⤵
  PID:4452
- C:\Windows\System\SJnxtvB.exe
  C:\Windows\System\SJnxtvB.exe
  2⤵
  PID:4540
- C:\Windows\System\wHGuVgl.exe
  C:\Windows\System\wHGuVgl.exe
  2⤵
  PID:4508
- C:\Windows\System\wgTuCDC.exe
  C:\Windows\System\wgTuCDC.exe
  2⤵
  PID:4648
- C:\Windows\System\AjCHnLf.exe
  C:\Windows\System\AjCHnLf.exe
  2⤵
  PID:4732
- C:\Windows\System\kTVHkrB.exe
  C:\Windows\System\kTVHkrB.exe
  2⤵
  PID:4812
- C:\Windows\System\NWnJbXl.exe
  C:\Windows\System\NWnJbXl.exe
  2⤵
  PID:4832
- C:\Windows\System\RvnaRXG.exe
  C:\Windows\System\RvnaRXG.exe
  2⤵
  PID:4144
- C:\Windows\System\zJySWOv.exe
  C:\Windows\System\zJySWOv.exe
  2⤵
  PID:5032
- C:\Windows\System\DbvymHM.exe
  C:\Windows\System\DbvymHM.exe
  2⤵
  PID:4968
- C:\Windows\System\dIxveWY.exe
  C:\Windows\System\dIxveWY.exe
  2⤵
  PID:5028
- C:\Windows\System\lTjzPfk.exe
  C:\Windows\System\lTjzPfk.exe
  2⤵
  PID:5088
- C:\Windows\System\biLAVIk.exe
  C:\Windows\System\biLAVIk.exe
  2⤵
  PID:5104
- C:\Windows\System\Hcnpsaq.exe
  C:\Windows\System\Hcnpsaq.exe
  2⤵
  PID:4152
- C:\Windows\System\BmzNDoX.exe
  C:\Windows\System\BmzNDoX.exe
  2⤵
  PID:4168
- C:\Windows\System\CfZzEhM.exe
  C:\Windows\System\CfZzEhM.exe
  2⤵
  PID:4404
- C:\Windows\System\Zjlxxmk.exe
  C:\Windows\System\Zjlxxmk.exe
  2⤵
  PID:4380
- C:\Windows\System\QhjfXQO.exe
  C:\Windows\System\QhjfXQO.exe
  2⤵
  PID:4512
- C:\Windows\System\OBQSQQQ.exe
  C:\Windows\System\OBQSQQQ.exe
  2⤵
  PID:4672
- C:\Windows\System\IikgLUQ.exe
  C:\Windows\System\IikgLUQ.exe
  2⤵
  PID:4644
- C:\Windows\System\wYkXlsQ.exe
  C:\Windows\System\wYkXlsQ.exe
  2⤵
  PID:4716
- C:\Windows\System\BjPdQRP.exe
  C:\Windows\System\BjPdQRP.exe
  2⤵
  PID:4884
- C:\Windows\System\pGVjTMJ.exe
  C:\Windows\System\pGVjTMJ.exe
  2⤵
  PID:4992
- C:\Windows\System\UStUQlI.exe
  C:\Windows\System\UStUQlI.exe
  2⤵
  PID:4204
- C:\Windows\System\qXTophe.exe
  C:\Windows\System\qXTophe.exe
  2⤵
  PID:4608
- C:\Windows\System\ehfvQzF.exe
  C:\Windows\System\ehfvQzF.exe
  2⤵
  PID:4332
- C:\Windows\System\pmlrRaU.exe
  C:\Windows\System\pmlrRaU.exe
  2⤵
  PID:4728
- C:\Windows\System\RqIbOmQ.exe
  C:\Windows\System\RqIbOmQ.exe
  2⤵
  PID:4688
- C:\Windows\System\QkPYhSO.exe
  C:\Windows\System\QkPYhSO.exe
  2⤵
  PID:4300
- C:\Windows\System\gxxjVzL.exe
  C:\Windows\System\gxxjVzL.exe
  2⤵
  PID:4952
- C:\Windows\System\Rzddwyj.exe
  C:\Windows\System\Rzddwyj.exe
  2⤵
  PID:4112
- C:\Windows\System\xwtvtBh.exe
  C:\Windows\System\xwtvtBh.exe
  2⤵
  PID:4224
- C:\Windows\System\aZWZWWo.exe
  C:\Windows\System\aZWZWWo.exe
  2⤵
  PID:4800
- C:\Windows\System\WDQUetz.exe
  C:\Windows\System\WDQUetz.exe
  2⤵
  PID:4692
- C:\Windows\System\tyAtnca.exe
  C:\Windows\System\tyAtnca.exe
  2⤵
  PID:4256
- C:\Windows\System\iwuAhBG.exe
  C:\Windows\System\iwuAhBG.exe
  2⤵
  PID:5128
- C:\Windows\System\hBHXJfV.exe
  C:\Windows\System\hBHXJfV.exe
  2⤵
  PID:5144
- C:\Windows\System\HZvMCLw.exe
  C:\Windows\System\HZvMCLw.exe
  2⤵
  PID:5160
- C:\Windows\System\CiVIYKW.exe
  C:\Windows\System\CiVIYKW.exe
  2⤵
  PID:5208
- C:\Windows\System\sYWdQtf.exe
  C:\Windows\System\sYWdQtf.exe
  2⤵
  PID:5224
- C:\Windows\System\vKzijRr.exe
  C:\Windows\System\vKzijRr.exe
  2⤵
  PID:5240
- C:\Windows\System\GxtNTRQ.exe
  C:\Windows\System\GxtNTRQ.exe
  2⤵
  PID:5268
- C:\Windows\System\KbFqwQg.exe
  C:\Windows\System\KbFqwQg.exe
  2⤵
  PID:5288
- C:\Windows\System\ugbbtfP.exe
  C:\Windows\System\ugbbtfP.exe
  2⤵
  PID:5304
- C:\Windows\System\qwCqqYj.exe
  C:\Windows\System\qwCqqYj.exe
  2⤵
  PID:5324
- C:\Windows\System\cpUZOGd.exe
  C:\Windows\System\cpUZOGd.exe
  2⤵
  PID:5352
- C:\Windows\System\GSmwZPf.exe
  C:\Windows\System\GSmwZPf.exe
  2⤵
  PID:5372
- C:\Windows\System\OjokQaw.exe
  C:\Windows\System\OjokQaw.exe
  2⤵
  PID:5392
- C:\Windows\System\FneCuHd.exe
  C:\Windows\System\FneCuHd.exe
  2⤵
  PID:5408
- C:\Windows\System\aVICkZq.exe
  C:\Windows\System\aVICkZq.exe
  2⤵
  PID:5428
- C:\Windows\System\YmyvxyM.exe
  C:\Windows\System\YmyvxyM.exe
  2⤵
  PID:5448
- C:\Windows\System\XnlgxYB.exe
  C:\Windows\System\XnlgxYB.exe
  2⤵
  PID:5472
- C:\Windows\System\dftjwHv.exe
  C:\Windows\System\dftjwHv.exe
  2⤵
  PID:5488
- C:\Windows\System\kMAIfEx.exe
  C:\Windows\System\kMAIfEx.exe
  2⤵
  PID:5508
- C:\Windows\System\nlZowPz.exe
  C:\Windows\System\nlZowPz.exe
  2⤵
  PID:5528
- C:\Windows\System\bLTthcg.exe
  C:\Windows\System\bLTthcg.exe
  2⤵
  PID:5552
- C:\Windows\System\OZzcZyl.exe
  C:\Windows\System\OZzcZyl.exe
  2⤵
  PID:5568
- C:\Windows\System\yafbNyL.exe
  C:\Windows\System\yafbNyL.exe
  2⤵
  PID:5584
- C:\Windows\System\GHAIAza.exe
  C:\Windows\System\GHAIAza.exe
  2⤵
  PID:5604
- C:\Windows\System\FkRrKUI.exe
  C:\Windows\System\FkRrKUI.exe
  2⤵
  PID:5624
- C:\Windows\System\dDDMqQH.exe
  C:\Windows\System\dDDMqQH.exe
  2⤵
  PID:5652
- C:\Windows\System\yimkSiO.exe
  C:\Windows\System\yimkSiO.exe
  2⤵
  PID:5668
- C:\Windows\System\AkLIOhK.exe
  C:\Windows\System\AkLIOhK.exe
  2⤵
  PID:5688
- C:\Windows\System\RMGEAZN.exe
  C:\Windows\System\RMGEAZN.exe
  2⤵
  PID:5704
- C:\Windows\System\CTGsAGU.exe
  C:\Windows\System\CTGsAGU.exe
  2⤵
  PID:5720
- C:\Windows\System\FjqNTEy.exe
  C:\Windows\System\FjqNTEy.exe
  2⤵
  PID:5736
- C:\Windows\System\wqCVtyn.exe
  C:\Windows\System\wqCVtyn.exe
  2⤵
  PID:5768
- C:\Windows\System\ocxngvq.exe
  C:\Windows\System\ocxngvq.exe
  2⤵
  PID:5788
- C:\Windows\System\Apnspzc.exe
  C:\Windows\System\Apnspzc.exe
  2⤵
  PID:5812
- C:\Windows\System\ljYoOwf.exe
  C:\Windows\System\ljYoOwf.exe
  2⤵
  PID:5828
- C:\Windows\System\bVAYhvw.exe
  C:\Windows\System\bVAYhvw.exe
  2⤵
  PID:5852
- C:\Windows\System\PqzXdXC.exe
  C:\Windows\System\PqzXdXC.exe
  2⤵
  PID:5868
- C:\Windows\System\xroGIMn.exe
  C:\Windows\System\xroGIMn.exe
  2⤵
  PID:5884
- C:\Windows\System\fUelTHo.exe
  C:\Windows\System\fUelTHo.exe
  2⤵
  PID:5904
- C:\Windows\System\SfSLNRt.exe
  C:\Windows\System\SfSLNRt.exe
  2⤵
  PID:5924
- C:\Windows\System\HtxaJgV.exe
  C:\Windows\System\HtxaJgV.exe
  2⤵
  PID:5940
- C:\Windows\System\fCXopnB.exe
  C:\Windows\System\fCXopnB.exe
  2⤵
  PID:5960
- C:\Windows\System\FDznlSX.exe
  C:\Windows\System\FDznlSX.exe
  2⤵
  PID:5980
- C:\Windows\System\dmIgJBu.exe
  C:\Windows\System\dmIgJBu.exe
  2⤵
  PID:6008
- C:\Windows\System\bzWoKrc.exe
  C:\Windows\System\bzWoKrc.exe
  2⤵
  PID:6024
- C:\Windows\System\rtrzVJu.exe
  C:\Windows\System\rtrzVJu.exe
  2⤵
  PID:6056
- C:\Windows\System\ehaVQFS.exe
  C:\Windows\System\ehaVQFS.exe
  2⤵
  PID:6076
- C:\Windows\System\eFFmDuz.exe
  C:\Windows\System\eFFmDuz.exe
  2⤵
  PID:6092
- C:\Windows\System\EBINmiG.exe
  C:\Windows\System\EBINmiG.exe
  2⤵
  PID:6116
- C:\Windows\System\VafusXo.exe
  C:\Windows\System\VafusXo.exe
  2⤵
  PID:6136
- C:\Windows\System\GaZAnjM.exe
  C:\Windows\System\GaZAnjM.exe
  2⤵
  PID:4432
- C:\Windows\System\kOInvPu.exe
  C:\Windows\System\kOInvPu.exe
  2⤵
  PID:5072
- C:\Windows\System\wAJlqBD.exe
  C:\Windows\System\wAJlqBD.exe
  2⤵
  PID:4828
- C:\Windows\System\aMoDmQP.exe
  C:\Windows\System\aMoDmQP.exe
  2⤵
  PID:5168
- C:\Windows\System\KKkOWHf.exe
  C:\Windows\System\KKkOWHf.exe
  2⤵
  PID:5192
- C:\Windows\System\oPZtlFP.exe
  C:\Windows\System\oPZtlFP.exe
  2⤵
  PID:5236
- C:\Windows\System\oRhUqxo.exe
  C:\Windows\System\oRhUqxo.exe
  2⤵
  PID:5256
- C:\Windows\System\dPIrbvw.exe
  C:\Windows\System\dPIrbvw.exe
  2⤵
  PID:5300
- C:\Windows\System\GszajbB.exe
  C:\Windows\System\GszajbB.exe
  2⤵
  PID:5312
- C:\Windows\System\ukxxNIa.exe
  C:\Windows\System\ukxxNIa.exe
  2⤵
  PID:5360
- C:\Windows\System\ppxhKpa.exe
  C:\Windows\System\ppxhKpa.exe
  2⤵
  PID:5384
- C:\Windows\System\dNSVniU.exe
  C:\Windows\System\dNSVniU.exe
  2⤵
  PID:5424
- C:\Windows\System\zKFxAcZ.exe
  C:\Windows\System\zKFxAcZ.exe
  2⤵
  PID:5440
- C:\Windows\System\uirkdEZ.exe
  C:\Windows\System\uirkdEZ.exe
  2⤵
  PID:5500
- C:\Windows\System\kltiHzM.exe
  C:\Windows\System\kltiHzM.exe
  2⤵
  PID:5484
- C:\Windows\System\tySoTQu.exe
  C:\Windows\System\tySoTQu.exe
  2⤵
  PID:5548
- C:\Windows\System\sIszhHa.exe
  C:\Windows\System\sIszhHa.exe
  2⤵
  PID:5596
- C:\Windows\System\AAkSUqg.exe
  C:\Windows\System\AAkSUqg.exe
  2⤵
  PID:5620
- C:\Windows\System\jLKEDRL.exe
  C:\Windows\System\jLKEDRL.exe
  2⤵
  PID:5636
- C:\Windows\System\yUcrAoo.exe
  C:\Windows\System\yUcrAoo.exe
  2⤵
  PID:5732
- C:\Windows\System\OUzvRmM.exe
  C:\Windows\System\OUzvRmM.exe
  2⤵
  PID:5684
- C:\Windows\System\nQEljSz.exe
  C:\Windows\System\nQEljSz.exe
  2⤵
  PID:5752
- C:\Windows\System\wdFeJDU.exe
  C:\Windows\System\wdFeJDU.exe
  2⤵
  PID:5784
- C:\Windows\System\lwLHGWF.exe
  C:\Windows\System\lwLHGWF.exe
  2⤵
  PID:5820
- C:\Windows\System\LkwryTz.exe
  C:\Windows\System\LkwryTz.exe
  2⤵
  PID:5860
- C:\Windows\System\AWgsHKM.exe
  C:\Windows\System\AWgsHKM.exe
  2⤵
  PID:5936
- C:\Windows\System\yCXLqmv.exe
  C:\Windows\System\yCXLqmv.exe
  2⤵
  PID:5880
- C:\Windows\System\jSCrTNm.exe
  C:\Windows\System\jSCrTNm.exe
  2⤵
  PID:5916
- C:\Windows\System\qxABFUI.exe
  C:\Windows\System\qxABFUI.exe
  2⤵
  PID:6020
- C:\Windows\System\VvWznGd.exe
  C:\Windows\System\VvWznGd.exe
  2⤵
  PID:6032
- C:\Windows\System\uzdGgkN.exe
  C:\Windows\System\uzdGgkN.exe
  2⤵
  PID:6052
- C:\Windows\System\Sxbxcqm.exe
  C:\Windows\System\Sxbxcqm.exe
  2⤵
  PID:6084
- C:\Windows\System\VtrqjZZ.exe
  C:\Windows\System\VtrqjZZ.exe
  2⤵
  PID:6112
- C:\Windows\System\TUfjCSN.exe
  C:\Windows\System\TUfjCSN.exe
  2⤵
  PID:4476
- C:\Windows\System\HOnaiKg.exe
  C:\Windows\System\HOnaiKg.exe
  2⤵
  PID:5124
- C:\Windows\System\ryvUnfm.exe
  C:\Windows\System\ryvUnfm.exe
  2⤵
  PID:5140
- C:\Windows\System\vKXCxOa.exe
  C:\Windows\System\vKXCxOa.exe
  2⤵
  PID:5204
- C:\Windows\System\oiZxAuH.exe
  C:\Windows\System\oiZxAuH.exe
  2⤵
  PID:5172
- C:\Windows\System\FyljIzg.exe
  C:\Windows\System\FyljIzg.exe
  2⤵
  PID:5220
- C:\Windows\System\oTacHUv.exe
  C:\Windows\System\oTacHUv.exe
  2⤵
  PID:5340
- C:\Windows\System\obwYWXo.exe
  C:\Windows\System\obwYWXo.exe
  2⤵
  PID:5380
- C:\Windows\System\kuDirwL.exe
  C:\Windows\System\kuDirwL.exe
  2⤵
  PID:5404
- C:\Windows\System\syhkJgw.exe
  C:\Windows\System\syhkJgw.exe
  2⤵
  PID:5536
- C:\Windows\System\wIwnudP.exe
  C:\Windows\System\wIwnudP.exe
  2⤵
  PID:5544
- C:\Windows\System\dXwkQcd.exe
  C:\Windows\System\dXwkQcd.exe
  2⤵
  PID:5644
- C:\Windows\System\HWtQFbL.exe
  C:\Windows\System\HWtQFbL.exe
  2⤵
  PID:5728
- C:\Windows\System\kiJkRgu.exe
  C:\Windows\System\kiJkRgu.exe
  2⤵
  PID:5748
- C:\Windows\System\cFRdBUs.exe
  C:\Windows\System\cFRdBUs.exe
  2⤵
  PID:5824
- C:\Windows\System\osfuZvE.exe
  C:\Windows\System\osfuZvE.exe
  2⤵
  PID:5836
- C:\Windows\System\yDiJrzu.exe
  C:\Windows\System\yDiJrzu.exe
  2⤵
  PID:5864
- C:\Windows\System\ndoSqwf.exe
  C:\Windows\System\ndoSqwf.exe
  2⤵
  PID:6016
- C:\Windows\System\WJtYTYu.exe
  C:\Windows\System\WJtYTYu.exe
  2⤵
  PID:5876
- C:\Windows\System\jzbXSgz.exe
  C:\Windows\System\jzbXSgz.exe
  2⤵
  PID:6108
- C:\Windows\System\naLAFvz.exe
  C:\Windows\System\naLAFvz.exe
  2⤵
  PID:6000
- C:\Windows\System\hNmJKQZ.exe
  C:\Windows\System\hNmJKQZ.exe
  2⤵
  PID:5456
- C:\Windows\System\YzRiQbJ.exe
  C:\Windows\System\YzRiQbJ.exe
  2⤵
  PID:5676
- C:\Windows\System\FmoRfYV.exe
  C:\Windows\System\FmoRfYV.exe
  2⤵
  PID:5744
- C:\Windows\System\wHmSWup.exe
  C:\Windows\System\wHmSWup.exe
  2⤵
  PID:6064
- C:\Windows\System\jvKaNTS.exe
  C:\Windows\System\jvKaNTS.exe
  2⤵
  PID:6004
- C:\Windows\System\wOZqriV.exe
  C:\Windows\System\wOZqriV.exe
  2⤵
  PID:4784
- C:\Windows\System\QarWzhq.exe
  C:\Windows\System\QarWzhq.exe
  2⤵
  PID:5316
- C:\Windows\System\VuluPeg.exe
  C:\Windows\System\VuluPeg.exe
  2⤵
  PID:5436
- C:\Windows\System\IitZPJU.exe
  C:\Windows\System\IitZPJU.exe
  2⤵
  PID:5848
- C:\Windows\System\OjUnFDD.exe
  C:\Windows\System\OjUnFDD.exe
  2⤵
  PID:5580
- C:\Windows\System\XcexPaH.exe
  C:\Windows\System\XcexPaH.exe
  2⤵
  PID:5216
- C:\Windows\System\kQJNqen.exe
  C:\Windows\System\kQJNqen.exe
  2⤵
  PID:4352
- C:\Windows\System\ZPEQZgc.exe
  C:\Windows\System\ZPEQZgc.exe
  2⤵
  PID:5996
- C:\Windows\System\lxEcLGc.exe
  C:\Windows\System\lxEcLGc.exe
  2⤵
  PID:6132
- C:\Windows\System\IOTJgzJ.exe
  C:\Windows\System\IOTJgzJ.exe
  2⤵
  PID:3808
- C:\Windows\System\tUkwGTz.exe
  C:\Windows\System\tUkwGTz.exe
  2⤵
  PID:5280
- C:\Windows\System\fFkEFcM.exe
  C:\Windows\System\fFkEFcM.exe
  2⤵
  PID:5716
- C:\Windows\System\ecEZKZz.exe
  C:\Windows\System\ecEZKZz.exe
  2⤵
  PID:5844
- C:\Windows\System\VxUGMhQ.exe
  C:\Windows\System\VxUGMhQ.exe
  2⤵
  PID:5840
- C:\Windows\System\cnStoRo.exe
  C:\Windows\System\cnStoRo.exe
  2⤵
  PID:5896
- C:\Windows\System\zFaAkPM.exe
  C:\Windows\System\zFaAkPM.exe
  2⤵
  PID:5468
- C:\Windows\System\msKHZLe.exe
  C:\Windows\System\msKHZLe.exe
  2⤵
  PID:5992
- C:\Windows\System\Jbblsyr.exe
  C:\Windows\System\Jbblsyr.exe
  2⤵
  PID:5576
- C:\Windows\System\WGqYPmS.exe
  C:\Windows\System\WGqYPmS.exe
  2⤵
  PID:5152
- C:\Windows\System\HQlMvyC.exe
  C:\Windows\System\HQlMvyC.exe
  2⤵
  PID:5680
- C:\Windows\System\BVoMFwv.exe
  C:\Windows\System\BVoMFwv.exe
  2⤵
  PID:5276
- C:\Windows\System\nPNYchF.exe
  C:\Windows\System\nPNYchF.exe
  2⤵
  PID:5804
- C:\Windows\System\jxZQrKq.exe
  C:\Windows\System\jxZQrKq.exe
  2⤵
  PID:5184
- C:\Windows\System\AWWbene.exe
  C:\Windows\System\AWWbene.exe
  2⤵
  PID:6164
- C:\Windows\System\MGxBRVT.exe
  C:\Windows\System\MGxBRVT.exe
  2⤵
  PID:6180
- C:\Windows\System\qzqFqCK.exe
  C:\Windows\System\qzqFqCK.exe
  2⤵
  PID:6204
- C:\Windows\System\ndDwrjF.exe
  C:\Windows\System\ndDwrjF.exe
  2⤵
  PID:6224
- C:\Windows\System\zRkEobk.exe
  C:\Windows\System\zRkEobk.exe
  2⤵
  PID:6244
- C:\Windows\System\EfurofM.exe
  C:\Windows\System\EfurofM.exe
  2⤵
  PID:6264
- C:\Windows\System\MvZuaft.exe
  C:\Windows\System\MvZuaft.exe
  2⤵
  PID:6280
- C:\Windows\System\OhvMXRI.exe
  C:\Windows\System\OhvMXRI.exe
  2⤵
  PID:6300
- C:\Windows\System\hcJYZlg.exe
  C:\Windows\System\hcJYZlg.exe
  2⤵
  PID:6316
- C:\Windows\System\vaCAUto.exe
  C:\Windows\System\vaCAUto.exe
  2⤵
  PID:6344
- C:\Windows\System\eYpLUOG.exe
  C:\Windows\System\eYpLUOG.exe
  2⤵
  PID:6364
- C:\Windows\System\lkdQljb.exe
  C:\Windows\System\lkdQljb.exe
  2⤵
  PID:6388
- C:\Windows\System\tevoJRx.exe
  C:\Windows\System\tevoJRx.exe
  2⤵
  PID:6408
- C:\Windows\System\HMbSniS.exe
  C:\Windows\System\HMbSniS.exe
  2⤵
  PID:6424
- C:\Windows\System\AJetvbX.exe
  C:\Windows\System\AJetvbX.exe
  2⤵
  PID:6444
- C:\Windows\System\rFCRKhu.exe
  C:\Windows\System\rFCRKhu.exe
  2⤵
  PID:6464
- C:\Windows\System\ywpVjiB.exe
  C:\Windows\System\ywpVjiB.exe
  2⤵
  PID:6484
- C:\Windows\System\fePdvap.exe
  C:\Windows\System\fePdvap.exe
  2⤵
  PID:6500
- C:\Windows\System\NRRoLmv.exe
  C:\Windows\System\NRRoLmv.exe
  2⤵
  PID:6520
- C:\Windows\System\gVCzRjb.exe
  C:\Windows\System\gVCzRjb.exe
  2⤵
  PID:6548
- C:\Windows\System\YeiCAGH.exe
  C:\Windows\System\YeiCAGH.exe
  2⤵
  PID:6564
- C:\Windows\System\LJikijr.exe
  C:\Windows\System\LJikijr.exe
  2⤵
  PID:6580
- C:\Windows\System\VnBkmCk.exe
  C:\Windows\System\VnBkmCk.exe
  2⤵
  PID:6604
- C:\Windows\System\cGarSPL.exe
  C:\Windows\System\cGarSPL.exe
  2⤵
  PID:6628
- C:\Windows\System\SVXRHCZ.exe
  C:\Windows\System\SVXRHCZ.exe
  2⤵
  PID:6644
- C:\Windows\System\tyhbdpv.exe
  C:\Windows\System\tyhbdpv.exe
  2⤵
  PID:6668
- C:\Windows\System\RxPmYdF.exe
  C:\Windows\System\RxPmYdF.exe
  2⤵
  PID:6688
- C:\Windows\System\EKPFluk.exe
  C:\Windows\System\EKPFluk.exe
  2⤵
  PID:6704
- C:\Windows\System\xCqjFcm.exe
  C:\Windows\System\xCqjFcm.exe
  2⤵
  PID:6728
- C:\Windows\System\lfNtvpN.exe
  C:\Windows\System\lfNtvpN.exe
  2⤵
  PID:6744
- C:\Windows\System\XpmhZcO.exe
  C:\Windows\System\XpmhZcO.exe
  2⤵
  PID:6760
- C:\Windows\System\NSGqHbs.exe
  C:\Windows\System\NSGqHbs.exe
  2⤵
  PID:6780
- C:\Windows\System\yhjuLXG.exe
  C:\Windows\System\yhjuLXG.exe
  2⤵
  PID:6808
- C:\Windows\System\GDmKKSW.exe
  C:\Windows\System\GDmKKSW.exe
  2⤵
  PID:6824
- C:\Windows\System\cgxQwVi.exe
  C:\Windows\System\cgxQwVi.exe
  2⤵
  PID:6848
- C:\Windows\System\eZsuVGX.exe
  C:\Windows\System\eZsuVGX.exe
  2⤵
  PID:6864
- C:\Windows\System\AIrjWYF.exe
  C:\Windows\System\AIrjWYF.exe
  2⤵
  PID:6880
- C:\Windows\System\mnFkyCx.exe
  C:\Windows\System\mnFkyCx.exe
  2⤵
  PID:6900
- C:\Windows\System\YJflVVQ.exe
  C:\Windows\System\YJflVVQ.exe
  2⤵
  PID:6916
- C:\Windows\System\VDiXWUf.exe
  C:\Windows\System\VDiXWUf.exe
  2⤵
  PID:6932
- C:\Windows\System\JIqCgxe.exe
  C:\Windows\System\JIqCgxe.exe
  2⤵
  PID:6960
- C:\Windows\System\AUCOYJG.exe
  C:\Windows\System\AUCOYJG.exe
  2⤵
  PID:6984
- C:\Windows\System\iGKBaiV.exe
  C:\Windows\System\iGKBaiV.exe
  2⤵
  PID:7000
- C:\Windows\System\WrowYBX.exe
  C:\Windows\System\WrowYBX.exe
  2⤵
  PID:7016
- C:\Windows\System\eqscYjt.exe
  C:\Windows\System\eqscYjt.exe
  2⤵
  PID:7032
- C:\Windows\System\YevUJba.exe
  C:\Windows\System\YevUJba.exe
  2⤵
  PID:7072
- C:\Windows\System\ZraaoQk.exe
  C:\Windows\System\ZraaoQk.exe
  2⤵
  PID:7088
- C:\Windows\System\QonnkJg.exe
  C:\Windows\System\QonnkJg.exe
  2⤵
  PID:7108
- C:\Windows\System\eJPXcNb.exe
  C:\Windows\System\eJPXcNb.exe
  2⤵
  PID:7128
- C:\Windows\System\CGHJIqo.exe
  C:\Windows\System\CGHJIqo.exe
  2⤵
  PID:7144
- C:\Windows\System\SroHDXn.exe
  C:\Windows\System\SroHDXn.exe
  2⤵
  PID:7160
- C:\Windows\System\pOfRLQm.exe
  C:\Windows\System\pOfRLQm.exe
  2⤵
  PID:6152
- C:\Windows\System\stsiWYL.exe
  C:\Windows\System\stsiWYL.exe
  2⤵
  PID:6188
- C:\Windows\System\wrJqRCF.exe
  C:\Windows\System\wrJqRCF.exe
  2⤵
  PID:6212
- C:\Windows\System\IBFPfBB.exe
  C:\Windows\System\IBFPfBB.exe
  2⤵
  PID:6260
- C:\Windows\System\jgmwrry.exe
  C:\Windows\System\jgmwrry.exe
  2⤵
  PID:6296
- C:\Windows\System\MqRzeok.exe
  C:\Windows\System\MqRzeok.exe
  2⤵
  PID:6340
- C:\Windows\System\bUNRsvR.exe
  C:\Windows\System\bUNRsvR.exe
  2⤵
  PID:6356
- C:\Windows\System\omjpXlM.exe
  C:\Windows\System\omjpXlM.exe
  2⤵
  PID:6396
- C:\Windows\System\tqkWCiI.exe
  C:\Windows\System\tqkWCiI.exe
  2⤵
  PID:6432
- C:\Windows\System\XZARqgr.exe
  C:\Windows\System\XZARqgr.exe
  2⤵
  PID:6492
- C:\Windows\System\yqbgtlv.exe
  C:\Windows\System\yqbgtlv.exe
  2⤵
  PID:6496
- C:\Windows\System\IiKuoNi.exe
  C:\Windows\System\IiKuoNi.exe
  2⤵
  PID:6532
- C:\Windows\System\iPgYsHw.exe
  C:\Windows\System\iPgYsHw.exe
  2⤵
  PID:6576
- C:\Windows\System\wdOYyUN.exe
  C:\Windows\System\wdOYyUN.exe
  2⤵
  PID:6616
- C:\Windows\System\FUCnfBk.exe
  C:\Windows\System\FUCnfBk.exe
  2⤵
  PID:6664
- C:\Windows\System\EfLxZjl.exe
  C:\Windows\System\EfLxZjl.exe
  2⤵
  PID:6700
- C:\Windows\System\heyZkhL.exe
  C:\Windows\System\heyZkhL.exe
  2⤵
  PID:6720
- C:\Windows\System\ifImVgg.exe
  C:\Windows\System\ifImVgg.exe
  2⤵
  PID:6736
- C:\Windows\System\QcSyNFF.exe
  C:\Windows\System\QcSyNFF.exe
  2⤵
  PID:6776
- C:\Windows\System\gGEOeAK.exe
  C:\Windows\System\gGEOeAK.exe
  2⤵
  PID:6832
- C:\Windows\System\wVEyGdE.exe
  C:\Windows\System\wVEyGdE.exe
  2⤵
  PID:6836
- C:\Windows\System\vvfelOu.exe
  C:\Windows\System\vvfelOu.exe
  2⤵
  PID:6908
- C:\Windows\System\ymVLeHL.exe
  C:\Windows\System\ymVLeHL.exe
  2⤵
  PID:6992
- C:\Windows\System\PtpopRL.exe
  C:\Windows\System\PtpopRL.exe
  2⤵
  PID:6888
- C:\Windows\System\DZdPofS.exe
  C:\Windows\System\DZdPofS.exe
  2⤵
  PID:7008
- C:\Windows\System\onTAEBk.exe
  C:\Windows\System\onTAEBk.exe
  2⤵
  PID:7056
- C:\Windows\System\qSsCYux.exe
  C:\Windows\System\qSsCYux.exe
  2⤵
  PID:7080
- C:\Windows\System\augdcgu.exe
  C:\Windows\System\augdcgu.exe
  2⤵
  PID:6376
- C:\Windows\System\LcXWBZy.exe
  C:\Windows\System\LcXWBZy.exe
  2⤵
  PID:7096
- C:\Windows\System\gawFdMN.exe
  C:\Windows\System\gawFdMN.exe
  2⤵
  PID:4752
- C:\Windows\System\ZvSwnat.exe
  C:\Windows\System\ZvSwnat.exe
  2⤵
  PID:6172
- C:\Windows\System\XRseQqF.exe
  C:\Windows\System\XRseQqF.exe
  2⤵
  PID:6252
- C:\Windows\System\rRmWrmw.exe
  C:\Windows\System\rRmWrmw.exe
  2⤵
  PID:6384
- C:\Windows\System\lcVIvGS.exe
  C:\Windows\System\lcVIvGS.exe
  2⤵
  PID:6436
- C:\Windows\System\rVwjzHf.exe
  C:\Windows\System\rVwjzHf.exe
  2⤵
  PID:6456
- C:\Windows\System\JrhGzPW.exe
  C:\Windows\System\JrhGzPW.exe
  2⤵
  PID:6512
- C:\Windows\System\FcOLDbO.exe
  C:\Windows\System\FcOLDbO.exe
  2⤵
  PID:6636
- C:\Windows\System\WTlDqVI.exe
  C:\Windows\System\WTlDqVI.exe
  2⤵
  PID:6976
- C:\Windows\System\EUuYUYx.exe
  C:\Windows\System\EUuYUYx.exe
  2⤵
  PID:6740
- C:\Windows\System\iNcbSyc.exe
  C:\Windows\System\iNcbSyc.exe
  2⤵
  PID:6820
- C:\Windows\System\tSqHmTr.exe
  C:\Windows\System\tSqHmTr.exe
  2⤵
  PID:6856
- C:\Windows\System\LIhdnBp.exe
  C:\Windows\System\LIhdnBp.exe
  2⤵
  PID:6816
- C:\Windows\System\qLrcFOF.exe
  C:\Windows\System\qLrcFOF.exe
  2⤵
  PID:6944
- C:\Windows\System\nmwaFPK.exe
  C:\Windows\System\nmwaFPK.exe
  2⤵
  PID:6968
- C:\Windows\System\EQzaSkN.exe
  C:\Windows\System\EQzaSkN.exe
  2⤵
  PID:7068
- C:\Windows\System\jYXnZhj.exe
  C:\Windows\System\jYXnZhj.exe
  2⤵
  PID:7044
- C:\Windows\System\whCdqSL.exe
  C:\Windows\System\whCdqSL.exe
  2⤵
  PID:7120
- C:\Windows\System\lTZYNGo.exe
  C:\Windows\System\lTZYNGo.exe
  2⤵
  PID:6192
- C:\Windows\System\EsRFSQx.exe
  C:\Windows\System\EsRFSQx.exe
  2⤵
  PID:6372
- C:\Windows\System\QdXAsxJ.exe
  C:\Windows\System\QdXAsxJ.exe
  2⤵
  PID:6480
- C:\Windows\System\YJyJSuV.exe
  C:\Windows\System\YJyJSuV.exe
  2⤵
  PID:6216
- C:\Windows\System\BJzOgoG.exe
  C:\Windows\System\BJzOgoG.exe
  2⤵
  PID:6572
- C:\Windows\System\VYnHMxY.exe
  C:\Windows\System\VYnHMxY.exe
  2⤵
  PID:6676
- C:\Windows\System\ChSGktP.exe
  C:\Windows\System\ChSGktP.exe
  2⤵
  PID:6796
- C:\Windows\System\WajYzCE.exe
  C:\Windows\System\WajYzCE.exe
  2⤵
  PID:6972
- C:\Windows\System\GYiQGvI.exe
  C:\Windows\System\GYiQGvI.exe
  2⤵
  PID:6312
- C:\Windows\System\BEjzFGA.exe
  C:\Windows\System\BEjzFGA.exe
  2⤵
  PID:7028
- C:\Windows\System\MUQKjqS.exe
  C:\Windows\System\MUQKjqS.exe
  2⤵
  PID:7140
- C:\Windows\System\rKHMULV.exe
  C:\Windows\System\rKHMULV.exe
  2⤵
  PID:6328
- C:\Windows\System\LXPhNsK.exe
  C:\Windows\System\LXPhNsK.exe
  2⤵
  PID:6232
- C:\Windows\System\UqPEBYU.exe
  C:\Windows\System\UqPEBYU.exe
  2⤵
  PID:6840
- C:\Windows\System\pHtzhgr.exe
  C:\Windows\System\pHtzhgr.exe
  2⤵
  PID:5200
- C:\Windows\System\WXfAagF.exe
  C:\Windows\System\WXfAagF.exe
  2⤵
  PID:6336
- C:\Windows\System\gjOACTw.exe
  C:\Windows\System\gjOACTw.exe
  2⤵
  PID:6332
- C:\Windows\System\PbVmNSC.exe
  C:\Windows\System\PbVmNSC.exe
  2⤵
  PID:6600
- C:\Windows\System\kCqsKkO.exe
  C:\Windows\System\kCqsKkO.exe
  2⤵
  PID:6544
- C:\Windows\System\ChovWIa.exe
  C:\Windows\System\ChovWIa.exe
  2⤵
  PID:6472
- C:\Windows\System\phpJCEs.exe
  C:\Windows\System\phpJCEs.exe
  2⤵
  PID:6680
- C:\Windows\System\qTrtMIw.exe
  C:\Windows\System\qTrtMIw.exe
  2⤵
  PID:6996
- C:\Windows\System\EqNoRKZ.exe
  C:\Windows\System\EqNoRKZ.exe
  2⤵
  PID:6912
- C:\Windows\System\mcQpgpu.exe
  C:\Windows\System\mcQpgpu.exe
  2⤵
  PID:7176
- C:\Windows\System\rPtUMEp.exe
  C:\Windows\System\rPtUMEp.exe
  2⤵
  PID:7200
- C:\Windows\System\jeDwlYs.exe
  C:\Windows\System\jeDwlYs.exe
  2⤵
  PID:7224
- C:\Windows\System\jNjZkLw.exe
  C:\Windows\System\jNjZkLw.exe
  2⤵
  PID:7240
- C:\Windows\System\YJLOXOC.exe
  C:\Windows\System\YJLOXOC.exe
  2⤵
  PID:7256
- C:\Windows\System\oRmVsbV.exe
  C:\Windows\System\oRmVsbV.exe
  2⤵
  PID:7272
- C:\Windows\System\CIQkcfF.exe
  C:\Windows\System\CIQkcfF.exe
  2⤵
  PID:7288
- C:\Windows\System\btpGyXH.exe
  C:\Windows\System\btpGyXH.exe
  2⤵
  PID:7304
- C:\Windows\System\xauQlOf.exe
  C:\Windows\System\xauQlOf.exe
  2⤵
  PID:7320
- C:\Windows\System\xheZEpX.exe
  C:\Windows\System\xheZEpX.exe
  2⤵
  PID:7364
- C:\Windows\System\GjcPpSr.exe
  C:\Windows\System\GjcPpSr.exe
  2⤵
  PID:7380
- C:\Windows\System\yqbyQUs.exe
  C:\Windows\System\yqbyQUs.exe
  2⤵
  PID:7400
- C:\Windows\System\RmgMpKj.exe
  C:\Windows\System\RmgMpKj.exe
  2⤵
  PID:7416
- C:\Windows\System\nmAczUI.exe
  C:\Windows\System\nmAczUI.exe
  2⤵
  PID:7436
- C:\Windows\System\AQqcgNP.exe
  C:\Windows\System\AQqcgNP.exe
  2⤵
  PID:7456
- C:\Windows\System\bdUVdla.exe
  C:\Windows\System\bdUVdla.exe
  2⤵
  PID:7484
- C:\Windows\System\ItoXVbV.exe
  C:\Windows\System\ItoXVbV.exe
  2⤵
  PID:7504
- C:\Windows\System\dretJgE.exe
  C:\Windows\System\dretJgE.exe
  2⤵
  PID:7532
- C:\Windows\System\UaAqLZo.exe
  C:\Windows\System\UaAqLZo.exe
  2⤵
  PID:7556
- C:\Windows\System\ExcsPCX.exe
  C:\Windows\System\ExcsPCX.exe
  2⤵
  PID:7572
- C:\Windows\System\YeDqVmD.exe
  C:\Windows\System\YeDqVmD.exe
  2⤵
  PID:7588
- C:\Windows\System\nEqSiXT.exe
  C:\Windows\System\nEqSiXT.exe
  2⤵
  PID:7604
- C:\Windows\System\YZyjXEO.exe
  C:\Windows\System\YZyjXEO.exe
  2⤵
  PID:7624
- C:\Windows\System\sQGWHcm.exe
  C:\Windows\System\sQGWHcm.exe
  2⤵
  PID:7640
- C:\Windows\System\OxVzzVX.exe
  C:\Windows\System\OxVzzVX.exe
  2⤵
  PID:7660
- C:\Windows\System\mIJqouS.exe
  C:\Windows\System\mIJqouS.exe
  2⤵
  PID:7684
- C:\Windows\System\dAXSGzr.exe
  C:\Windows\System\dAXSGzr.exe
  2⤵
  PID:7700
- C:\Windows\System\SlamQxV.exe
  C:\Windows\System\SlamQxV.exe
  2⤵
  PID:7720
- C:\Windows\System\YLcNXuW.exe
  C:\Windows\System\YLcNXuW.exe
  2⤵
  PID:7740
- C:\Windows\System\DbxswPq.exe
  C:\Windows\System\DbxswPq.exe
  2⤵
  PID:7756
- C:\Windows\System\CYcaMnK.exe
  C:\Windows\System\CYcaMnK.exe
  2⤵
  PID:7784
- C:\Windows\System\lCqShnE.exe
  C:\Windows\System\lCqShnE.exe
  2⤵
  PID:7800
- C:\Windows\System\jKDWQxt.exe
  C:\Windows\System\jKDWQxt.exe
  2⤵
  PID:7816
- C:\Windows\System\gUiDbTf.exe
  C:\Windows\System\gUiDbTf.exe
  2⤵
  PID:7860
- C:\Windows\System\XOjdMHQ.exe
  C:\Windows\System\XOjdMHQ.exe
  2⤵
  PID:7884
- C:\Windows\System\VsyzwCM.exe
  C:\Windows\System\VsyzwCM.exe
  2⤵
  PID:7900
- C:\Windows\System\ElTOszY.exe
  C:\Windows\System\ElTOszY.exe
  2⤵
  PID:7916
- C:\Windows\System\DHWHVxX.exe
  C:\Windows\System\DHWHVxX.exe
  2⤵
  PID:7936
- C:\Windows\System\gfGlPAf.exe
  C:\Windows\System\gfGlPAf.exe
  2⤵
  PID:7952
- C:\Windows\System\HnSegxV.exe
  C:\Windows\System\HnSegxV.exe
  2⤵
  PID:7972
- C:\Windows\System\MTGinFO.exe
  C:\Windows\System\MTGinFO.exe
  2⤵
  PID:8004
- C:\Windows\System\LEGgJXm.exe
  C:\Windows\System\LEGgJXm.exe
  2⤵
  PID:8020
- C:\Windows\System\kwtFIoI.exe
  C:\Windows\System\kwtFIoI.exe
  2⤵
  PID:8040
- C:\Windows\System\srUQdil.exe
  C:\Windows\System\srUQdil.exe
  2⤵
  PID:8056
- C:\Windows\System\zNJARyY.exe
  C:\Windows\System\zNJARyY.exe
  2⤵
  PID:8076
- C:\Windows\System\tASsghZ.exe
  C:\Windows\System\tASsghZ.exe
  2⤵
  PID:8100
- C:\Windows\System\zInWNXR.exe
  C:\Windows\System\zInWNXR.exe
  2⤵
  PID:8120
- C:\Windows\System\idhwUXy.exe
  C:\Windows\System\idhwUXy.exe
  2⤵
  PID:8140
- C:\Windows\System\HsoGyKJ.exe
  C:\Windows\System\HsoGyKJ.exe
  2⤵
  PID:8160
- C:\Windows\System\lEcSygn.exe
  C:\Windows\System\lEcSygn.exe
  2⤵
  PID:8180
- C:\Windows\System\sqGsXgy.exe
  C:\Windows\System\sqGsXgy.exe
  2⤵
  PID:6620
- C:\Windows\System\OTyPQFn.exe
  C:\Windows\System\OTyPQFn.exe
  2⤵
  PID:7232
- C:\Windows\System\WxhLaXE.exe
  C:\Windows\System\WxhLaXE.exe
  2⤵
  PID:7296
- C:\Windows\System\nmuJDWO.exe
  C:\Windows\System\nmuJDWO.exe
  2⤵
  PID:7348
- C:\Windows\System\WScvIEc.exe
  C:\Windows\System\WScvIEc.exe
  2⤵
  PID:7332
- C:\Windows\System\myLtZWV.exe
  C:\Windows\System\myLtZWV.exe
  2⤵
  PID:7388
- C:\Windows\System\YwOoBUX.exe
  C:\Windows\System\YwOoBUX.exe
  2⤵
  PID:7472
- C:\Windows\System\QRisLbV.exe
  C:\Windows\System\QRisLbV.exe
  2⤵
  PID:7480
- C:\Windows\System\AMHpISn.exe
  C:\Windows\System\AMHpISn.exe
  2⤵
  PID:7172
- C:\Windows\System\uxphUDg.exe
  C:\Windows\System\uxphUDg.exe
  2⤵
  PID:7248
- C:\Windows\System\REsDhmn.exe
  C:\Windows\System\REsDhmn.exe
  2⤵
  PID:7312
- C:\Windows\System\UStUGIw.exe
  C:\Windows\System\UStUGIw.exe
  2⤵
  PID:7496
- C:\Windows\System\xABuvat.exe
  C:\Windows\System\xABuvat.exe
  2⤵
  PID:7412
- C:\Windows\System\KjoGdnB.exe
  C:\Windows\System\KjoGdnB.exe
  2⤵
  PID:7520
- C:\Windows\System\TYbOsxV.exe
  C:\Windows\System\TYbOsxV.exe
  2⤵
  PID:7596
- C:\Windows\System\vnYlJPq.exe
  C:\Windows\System\vnYlJPq.exe
  2⤵
  PID:7568
- C:\Windows\System\rvcvBIF.exe
  C:\Windows\System\rvcvBIF.exe
  2⤵
  PID:7716
- C:\Windows\System\POlEoSZ.exe
  C:\Windows\System\POlEoSZ.exe
  2⤵
  PID:7752
- C:\Windows\System\mftooPi.exe
  C:\Windows\System\mftooPi.exe
  2⤵
  PID:7580
- C:\Windows\System\bMeFdIJ.exe
  C:\Windows\System\bMeFdIJ.exe
  2⤵
  PID:7648
- C:\Windows\System\TLSWvUS.exe
  C:\Windows\System\TLSWvUS.exe
  2⤵
  PID:7732
- C:\Windows\System\kckoLDK.exe
  C:\Windows\System\kckoLDK.exe
  2⤵
  PID:7772
- C:\Windows\System\rMSFQmz.exe
  C:\Windows\System\rMSFQmz.exe
  2⤵
  PID:7812
- C:\Windows\System\clicIGZ.exe
  C:\Windows\System\clicIGZ.exe
  2⤵
  PID:7868
- C:\Windows\System\mJauLBl.exe
  C:\Windows\System\mJauLBl.exe
  2⤵
  PID:7432
- C:\Windows\System\TInGyFf.exe
  C:\Windows\System\TInGyFf.exe
  2⤵
  PID:7928
- C:\Windows\System\ifAhboc.exe
  C:\Windows\System\ifAhboc.exe
  2⤵
  PID:7908
- C:\Windows\System\sNTeRiY.exe
  C:\Windows\System\sNTeRiY.exe
  2⤵
  PID:7996
- C:\Windows\System\EZaVcUy.exe
  C:\Windows\System\EZaVcUy.exe
  2⤵
  PID:8048
- C:\Windows\System\ikleOHI.exe
  C:\Windows\System\ikleOHI.exe
  2⤵
  PID:8028
- C:\Windows\System\IxGgJOk.exe
  C:\Windows\System\IxGgJOk.exe
  2⤵
  PID:8096
- C:\Windows\System\fIJQUHt.exe
  C:\Windows\System\fIJQUHt.exe
  2⤵
  PID:6952
- C:\Windows\System\Ajizoxm.exe
  C:\Windows\System\Ajizoxm.exe
  2⤵
  PID:8132
- C:\Windows\System\JuvLXjq.exe
  C:\Windows\System\JuvLXjq.exe
  2⤵
  PID:8152
- C:\Windows\System\kUAAHSa.exe
  C:\Windows\System\kUAAHSa.exe
  2⤵
  PID:8188
- C:\Windows\System\SNYhEMW.exe
  C:\Windows\System\SNYhEMW.exe
  2⤵
  PID:7340
- C:\Windows\System\GRGmrYy.exe
  C:\Windows\System\GRGmrYy.exe
  2⤵
  PID:7396
- C:\Windows\System\jXgkOSU.exe
  C:\Windows\System\jXgkOSU.exe
  2⤵
  PID:7212
- C:\Windows\System\OqUbgqu.exe
  C:\Windows\System\OqUbgqu.exe
  2⤵
  PID:7500
- C:\Windows\System\BNAueGD.exe
  C:\Windows\System\BNAueGD.exe
  2⤵
  PID:7712
- C:\Windows\System\dUyfpbX.exe
  C:\Windows\System\dUyfpbX.exe
  2⤵
  PID:7428
- C:\Windows\System\krQCwlf.exe
  C:\Windows\System\krQCwlf.exe
  2⤵
  PID:7444
- C:\Windows\System\BQVjiad.exe
  C:\Windows\System\BQVjiad.exe
  2⤵
  PID:7636
- C:\Windows\System\IIJQmcz.exe
  C:\Windows\System\IIJQmcz.exe
  2⤵
  PID:7652
- C:\Windows\System\kPzpjPZ.exe
  C:\Windows\System\kPzpjPZ.exe
  2⤵
  PID:7696
- C:\Windows\System\jJnvNTC.exe
  C:\Windows\System\jJnvNTC.exe
  2⤵
  PID:7764
- C:\Windows\System\TYYSwYK.exe
  C:\Windows\System\TYYSwYK.exe
  2⤵
  PID:7808
- C:\Windows\System\CECaOoJ.exe
  C:\Windows\System\CECaOoJ.exe
  2⤵
  PID:7840
- C:\Windows\System\lnBqqYa.exe
  C:\Windows\System\lnBqqYa.exe
  2⤵
  PID:7932
- C:\Windows\System\wKccPzC.exe
  C:\Windows\System\wKccPzC.exe
  2⤵
  PID:7948
- C:\Windows\System\bGAgrgf.exe
  C:\Windows\System\bGAgrgf.exe
  2⤵
  PID:8088
- C:\Windows\System\JNUKLYr.exe
  C:\Windows\System\JNUKLYr.exe
  2⤵
  PID:8168
- C:\Windows\System\hVnHrZv.exe
  C:\Windows\System\hVnHrZv.exe
  2⤵
  PID:7196
- C:\Windows\System\ynpRzfF.exe
  C:\Windows\System\ynpRzfF.exe
  2⤵
  PID:7264
- C:\Windows\System\IBRQsJH.exe
  C:\Windows\System\IBRQsJH.exe
  2⤵
  PID:8000
- C:\Windows\System\aAVuPcQ.exe
  C:\Windows\System\aAVuPcQ.exe
  2⤵
  PID:7328
- C:\Windows\System\frAjeKw.exe
  C:\Windows\System\frAjeKw.exe
  2⤵
  PID:7548
- C:\Windows\System\toTkNaA.exe
  C:\Windows\System\toTkNaA.exe
  2⤵
  PID:7876
- C:\Windows\System\unRPLun.exe
  C:\Windows\System\unRPLun.exe
  2⤵
  PID:8064
- C:\Windows\System\oIxjwgp.exe
  C:\Windows\System\oIxjwgp.exe
  2⤵
  PID:8176
- C:\Windows\System\BqbMhJO.exe
  C:\Windows\System\BqbMhJO.exe
  2⤵
  PID:7692
- C:\Windows\System\UygPFEa.exe
  C:\Windows\System\UygPFEa.exe
  2⤵
  PID:7852
- C:\Windows\System\vaAqdTy.exe
  C:\Windows\System\vaAqdTy.exe
  2⤵
  PID:7360
- C:\Windows\System\mqTLwVx.exe
  C:\Windows\System\mqTLwVx.exe
  2⤵
  PID:7616
- C:\Windows\System\trEhyJp.exe
  C:\Windows\System\trEhyJp.exe
  2⤵
  PID:7836
- C:\Windows\System\ZZScsoT.exe
  C:\Windows\System\ZZScsoT.exe
  2⤵
  PID:7980
- C:\Windows\System\yuwdqbi.exe
  C:\Windows\System\yuwdqbi.exe
  2⤵
  PID:8148
- C:\Windows\System\qFauZij.exe
  C:\Windows\System\qFauZij.exe
  2⤵
  PID:7792
- C:\Windows\System\AVkqZco.exe
  C:\Windows\System\AVkqZco.exe
  2⤵
  PID:7968
- C:\Windows\System\XcFcvZg.exe
  C:\Windows\System\XcFcvZg.exe
  2⤵
  PID:7848
- C:\Windows\System\ZKYNZyz.exe
  C:\Windows\System\ZKYNZyz.exe
  2⤵
  PID:6800
- C:\Windows\System\blTEvQG.exe
  C:\Windows\System\blTEvQG.exe
  2⤵
  PID:7896
- C:\Windows\System\oeFknRu.exe
  C:\Windows\System\oeFknRu.exe
  2⤵
  PID:6288
- C:\Windows\System\QXDJOTa.exe
  C:\Windows\System\QXDJOTa.exe
  2⤵
  PID:7676
- C:\Windows\System\xWONbwE.exe
  C:\Windows\System\xWONbwE.exe
  2⤵
  PID:6588
- C:\Windows\System\LChxuTe.exe
  C:\Windows\System\LChxuTe.exe
  2⤵
  PID:7512
- C:\Windows\System\WgBmaEO.exe
  C:\Windows\System\WgBmaEO.exe
  2⤵
  PID:7448
- C:\Windows\System\jEbxtud.exe
  C:\Windows\System\jEbxtud.exe
  2⤵
  PID:8200
- C:\Windows\System\fYRzRLZ.exe
  C:\Windows\System\fYRzRLZ.exe
  2⤵
  PID:8220
- C:\Windows\System\AUtWXay.exe
  C:\Windows\System\AUtWXay.exe
  2⤵
  PID:8236
- C:\Windows\System\tfRwKng.exe
  C:\Windows\System\tfRwKng.exe
  2⤵
  PID:8252
- C:\Windows\System\FRwOLtZ.exe
  C:\Windows\System\FRwOLtZ.exe
  2⤵
  PID:8268
- C:\Windows\System\dqZpYYt.exe
  C:\Windows\System\dqZpYYt.exe
  2⤵
  PID:8284
- C:\Windows\System\AktyLKr.exe
  C:\Windows\System\AktyLKr.exe
  2⤵
  PID:8300
- C:\Windows\System\IEeUwIm.exe
  C:\Windows\System\IEeUwIm.exe
  2⤵
  PID:8316
- C:\Windows\System\EYvQYOP.exe
  C:\Windows\System\EYvQYOP.exe
  2⤵
  PID:8332
- C:\Windows\System\kiJrAjU.exe
  C:\Windows\System\kiJrAjU.exe
  2⤵
  PID:8348
- C:\Windows\System\bwYGUjW.exe
  C:\Windows\System\bwYGUjW.exe
  2⤵
  PID:8364
- C:\Windows\System\wnkuNeV.exe
  C:\Windows\System\wnkuNeV.exe
  2⤵
  PID:8380
- C:\Windows\System\cAMFfmy.exe
  C:\Windows\System\cAMFfmy.exe
  2⤵
  PID:8396
- C:\Windows\System\geBaUmh.exe
  C:\Windows\System\geBaUmh.exe
  2⤵
  PID:8412
- C:\Windows\System\opRaQOx.exe
  C:\Windows\System\opRaQOx.exe
  2⤵
  PID:8428
- C:\Windows\System\MAfsHgZ.exe
  C:\Windows\System\MAfsHgZ.exe
  2⤵
  PID:8444
- C:\Windows\System\DbqbnWX.exe
  C:\Windows\System\DbqbnWX.exe
  2⤵
  PID:8460
- C:\Windows\System\HWYaQOM.exe
  C:\Windows\System\HWYaQOM.exe
  2⤵
  PID:8476
- C:\Windows\System\qTxPuiN.exe
  C:\Windows\System\qTxPuiN.exe
  2⤵
  PID:8492
- C:\Windows\System\exoNxnn.exe
  C:\Windows\System\exoNxnn.exe
  2⤵
  PID:8508
- C:\Windows\System\bFnJTwM.exe
  C:\Windows\System\bFnJTwM.exe
  2⤵
  PID:8524
- C:\Windows\System\YICCxOg.exe
  C:\Windows\System\YICCxOg.exe
  2⤵
  PID:8540
- C:\Windows\System\hSRUrbS.exe
  C:\Windows\System\hSRUrbS.exe
  2⤵
  PID:8556
- C:\Windows\System\IissCLV.exe
  C:\Windows\System\IissCLV.exe
  2⤵
  PID:8572
- C:\Windows\System\dWNcSLc.exe
  C:\Windows\System\dWNcSLc.exe
  2⤵
  PID:8588
- C:\Windows\System\NPWdKxr.exe
  C:\Windows\System\NPWdKxr.exe
  2⤵
  PID:8604
- C:\Windows\System\JcMBwfr.exe
  C:\Windows\System\JcMBwfr.exe
  2⤵
  PID:8620
- C:\Windows\System\gnGxUEB.exe
  C:\Windows\System\gnGxUEB.exe
  2⤵
  PID:8636
- C:\Windows\System\yEwWKJF.exe
  C:\Windows\System\yEwWKJF.exe
  2⤵
  PID:8652
- C:\Windows\System\LuPHYCU.exe
  C:\Windows\System\LuPHYCU.exe
  2⤵
  PID:8668
- C:\Windows\System\wlVhFse.exe
  C:\Windows\System\wlVhFse.exe
  2⤵
  PID:8684
- C:\Windows\System\TnUnczj.exe
  C:\Windows\System\TnUnczj.exe
  2⤵
  PID:8700
- C:\Windows\System\XsQxxBm.exe
  C:\Windows\System\XsQxxBm.exe
  2⤵
  PID:8716
- C:\Windows\System\HCYiKJV.exe
  C:\Windows\System\HCYiKJV.exe
  2⤵
  PID:8732
- C:\Windows\System\xLIVwRn.exe
  C:\Windows\System\xLIVwRn.exe
  2⤵
  PID:8748
- C:\Windows\System\lrKbhMe.exe
  C:\Windows\System\lrKbhMe.exe
  2⤵
  PID:8768
- C:\Windows\System\MrMfJYc.exe
  C:\Windows\System\MrMfJYc.exe
  2⤵
  PID:8784
- C:\Windows\System\uhWkkFW.exe
  C:\Windows\System\uhWkkFW.exe
  2⤵
  PID:8800
- C:\Windows\System\KKpuRaj.exe
  C:\Windows\System\KKpuRaj.exe
  2⤵
  PID:8816
- C:\Windows\System\LhiwOKI.exe
  C:\Windows\System\LhiwOKI.exe
  2⤵
  PID:8832
- C:\Windows\System\vXvePrn.exe
  C:\Windows\System\vXvePrn.exe
  2⤵
  PID:8848
- C:\Windows\System\OItDqIi.exe
  C:\Windows\System\OItDqIi.exe
  2⤵
  PID:8864
- C:\Windows\System\Jaysbyp.exe
  C:\Windows\System\Jaysbyp.exe
  2⤵
  PID:8880
- C:\Windows\System\tXwFZeD.exe
  C:\Windows\System\tXwFZeD.exe
  2⤵
  PID:8896
- C:\Windows\System\DbDujLT.exe
  C:\Windows\System\DbDujLT.exe
  2⤵
  PID:8916
- C:\Windows\System\bPcdjSB.exe
  C:\Windows\System\bPcdjSB.exe
  2⤵
  PID:8976
- C:\Windows\System\VozXdZj.exe
  C:\Windows\System\VozXdZj.exe
  2⤵
  PID:8992
- C:\Windows\System\oCOGbTP.exe
  C:\Windows\System\oCOGbTP.exe
  2⤵
  PID:9008
- C:\Windows\System\hrrHPqE.exe
  C:\Windows\System\hrrHPqE.exe
  2⤵
  PID:9028
- C:\Windows\System\ZQgCyXK.exe
  C:\Windows\System\ZQgCyXK.exe
  2⤵
  PID:9044
- C:\Windows\System\rmVctSv.exe
  C:\Windows\System\rmVctSv.exe
  2⤵
  PID:9060
- C:\Windows\System\ZRCzZEz.exe
  C:\Windows\System\ZRCzZEz.exe
  2⤵
  PID:9076
- C:\Windows\System\VZTLTXz.exe
  C:\Windows\System\VZTLTXz.exe
  2⤵
  PID:9092
- C:\Windows\System\utlOFbr.exe
  C:\Windows\System\utlOFbr.exe
  2⤵
  PID:9108
- C:\Windows\System\HZRQYcG.exe
  C:\Windows\System\HZRQYcG.exe
  2⤵
  PID:9124
- C:\Windows\System\DlMsBzP.exe
  C:\Windows\System\DlMsBzP.exe
  2⤵
  PID:9140
- C:\Windows\System\KveARnF.exe
  C:\Windows\System\KveARnF.exe
  2⤵
  PID:9156
- C:\Windows\System\FzmzRyR.exe
  C:\Windows\System\FzmzRyR.exe
  2⤵
  PID:9172
- C:\Windows\System\UDyuVgq.exe
  C:\Windows\System\UDyuVgq.exe
  2⤵
  PID:9188
- C:\Windows\System\qQehfFD.exe
  C:\Windows\System\qQehfFD.exe
  2⤵
  PID:9204
- C:\Windows\System\qGZUavA.exe
  C:\Windows\System\qGZUavA.exe
  2⤵
  PID:7544
- C:\Windows\System\xdBPweM.exe
  C:\Windows\System\xdBPweM.exe
  2⤵
  PID:7336
- C:\Windows\System\UPcGTDd.exe
  C:\Windows\System\UPcGTDd.exe
  2⤵
  PID:7516
- C:\Windows\System\HlHOamG.exe
  C:\Windows\System\HlHOamG.exe
  2⤵
  PID:7376
- C:\Windows\System\DZlpejU.exe
  C:\Windows\System\DZlpejU.exe
  2⤵
  PID:8212
- C:\Windows\System\yYXaifP.exe
  C:\Windows\System\yYXaifP.exe
  2⤵
  PID:8264
- C:\Windows\System\FYMWxpS.exe
  C:\Windows\System\FYMWxpS.exe
  2⤵
  PID:8276
- C:\Windows\System\HTCWHLl.exe
  C:\Windows\System\HTCWHLl.exe
  2⤵
  PID:8424
- C:\Windows\System\LnFToYx.exe
  C:\Windows\System\LnFToYx.exe
  2⤵
  PID:8376
- C:\Windows\System\JADhWGT.exe
  C:\Windows\System\JADhWGT.exe
  2⤵
  PID:8436
- C:\Windows\System\wXwpRvr.exe
  C:\Windows\System\wXwpRvr.exe
  2⤵
  PID:8472
- C:\Windows\System\mfbdMNf.exe
  C:\Windows\System\mfbdMNf.exe
  2⤵
  PID:8516
- C:\Windows\System\XoppCjN.exe
  C:\Windows\System\XoppCjN.exe
  2⤵
  PID:8584
- C:\Windows\System\PJwecXY.exe
  C:\Windows\System\PJwecXY.exe
  2⤵
  PID:8596
- C:\Windows\System\edbXqFz.exe
  C:\Windows\System\edbXqFz.exe
  2⤵
  PID:8664
- C:\Windows\System\lkFjgZW.exe
  C:\Windows\System\lkFjgZW.exe
  2⤵
  PID:8648
- C:\Windows\System\qGjPTHt.exe
  C:\Windows\System\qGjPTHt.exe
  2⤵
  PID:8644
- C:\Windows\System\mIkWDkV.exe
  C:\Windows\System\mIkWDkV.exe
  2⤵
  PID:8740
- C:\Windows\System\TcLfzIw.exe
  C:\Windows\System\TcLfzIw.exe
  2⤵
  PID:8808
- C:\Windows\System\lBGLhwf.exe
  C:\Windows\System\lBGLhwf.exe
  2⤵
  PID:7284
- C:\Windows\System\gGyGhQo.exe
  C:\Windows\System\gGyGhQo.exe
  2⤵
  PID:8828
- C:\Windows\System\YSSylVq.exe
  C:\Windows\System\YSSylVq.exe
  2⤵
  PID:8860
- C:\Windows\System\BpbZWBA.exe
  C:\Windows\System\BpbZWBA.exe
  2⤵
  PID:8892
- C:\Windows\System\LKCkuLl.exe
  C:\Windows\System\LKCkuLl.exe
  2⤵
  PID:8924
- C:\Windows\System\BuFGdmS.exe
  C:\Windows\System\BuFGdmS.exe
  2⤵
  PID:8940
- C:\Windows\System\liWnVuJ.exe
  C:\Windows\System\liWnVuJ.exe
  2⤵
  PID:8984
- C:\Windows\System\dYClaUo.exe
  C:\Windows\System\dYClaUo.exe
  2⤵
  PID:8972
- C:\Windows\System\fWQeoTN.exe
  C:\Windows\System\fWQeoTN.exe
  2⤵
  PID:9052
- C:\Windows\System\ZpyIupy.exe
  C:\Windows\System\ZpyIupy.exe
  2⤵
  PID:9088
- C:\Windows\System\SZQgFbS.exe
  C:\Windows\System\SZQgFbS.exe
  2⤵
  PID:8760
- C:\Windows\System\KuKHjHH.exe
  C:\Windows\System\KuKHjHH.exe
  2⤵
  PID:9072
- C:\Windows\System\WfRwJoV.exe
  C:\Windows\System\WfRwJoV.exe
  2⤵
  PID:9136
- C:\Windows\System\RGWxTRC.exe
  C:\Windows\System\RGWxTRC.exe
  2⤵
  PID:9196
- C:\Windows\System\SHAaIqi.exe
  C:\Windows\System\SHAaIqi.exe
  2⤵
  PID:7356
- C:\Windows\System\ihQvwda.exe
  C:\Windows\System\ihQvwda.exe
  2⤵
  PID:8296
- C:\Windows\System\OquPQPG.exe
  C:\Windows\System\OquPQPG.exe
  2⤵
  PID:6980
- C:\Windows\System\aPYDTxD.exe
  C:\Windows\System\aPYDTxD.exe
  2⤵
  PID:7728
- C:\Windows\System\dwnMTFe.exe
  C:\Windows\System\dwnMTFe.exe
  2⤵
  PID:8324
- C:\Windows\System\pcXvVuJ.exe
  C:\Windows\System\pcXvVuJ.exe
  2⤵
  PID:8456
- C:\Windows\System\vAvpxNA.exe
  C:\Windows\System\vAvpxNA.exe
  2⤵
  PID:8548
- C:\Windows\System\smamGaO.exe
  C:\Windows\System\smamGaO.exe
  2⤵
  PID:8632
- C:\Windows\System\uBjAEms.exe
  C:\Windows\System\uBjAEms.exe
  2⤵
  PID:8356
- C:\Windows\System\lgWbzBV.exe
  C:\Windows\System\lgWbzBV.exe
  2⤵
  PID:8776
- C:\Windows\System\NgyhTOP.exe
  C:\Windows\System\NgyhTOP.exe
  2⤵
  PID:8856
- C:\Windows\System\XHhTDZi.exe
  C:\Windows\System\XHhTDZi.exe
  2⤵
  PID:8408
- C:\Windows\System\rOnjllm.exe
  C:\Windows\System\rOnjllm.exe
  2⤵
  PID:8876
- C:\Windows\System\hRwAPbe.exe
  C:\Windows\System\hRwAPbe.exe
  2⤵
  PID:8696
- C:\Windows\System\VvnJUgP.exe
  C:\Windows\System\VvnJUgP.exe
  2⤵
  PID:8912
- C:\Windows\System\ZZBoUQZ.exe
  C:\Windows\System\ZZBoUQZ.exe
  2⤵
  PID:8792
- C:\Windows\System\PVTrmef.exe
  C:\Windows\System\PVTrmef.exe
  2⤵
  PID:8964
- C:\Windows\System\RrRxqcX.exe
  C:\Windows\System\RrRxqcX.exe
  2⤵
  PID:8952
- C:\Windows\System\fUaOMJv.exe
  C:\Windows\System\fUaOMJv.exe
  2⤵
  PID:9040
- C:\Windows\System\QYlEBTg.exe
  C:\Windows\System\QYlEBTg.exe
  2⤵
  PID:9180
- C:\Windows\System\hOHYHxz.exe
  C:\Windows\System\hOHYHxz.exe
  2⤵
  PID:7944
- C:\Windows\System\BkvDYnR.exe
  C:\Windows\System\BkvDYnR.exe
  2⤵
  PID:9184
- C:\Windows\System\fioPMqm.exe
  C:\Windows\System\fioPMqm.exe
  2⤵
  PID:9020
- C:\Windows\System\qsWysrv.exe
  C:\Windows\System\qsWysrv.exe
  2⤵
  PID:8392
- C:\Windows\System\vnwTKTh.exe
  C:\Windows\System\vnwTKTh.exe
  2⤵
  PID:8440
- C:\Windows\System\TwIvgMz.exe
  C:\Windows\System\TwIvgMz.exe
  2⤵
  PID:8388
- C:\Windows\System\OQHeEbW.exe
  C:\Windows\System\OQHeEbW.exe
  2⤵
  PID:8680
- C:\Windows\System\rePRDqM.exe
  C:\Windows\System\rePRDqM.exe
  2⤵
  PID:8796
- C:\Windows\System\XlUStsJ.exe
  C:\Windows\System\XlUStsJ.exe
  2⤵
  PID:9004
- C:\Windows\System\xrTTqVS.exe
  C:\Windows\System\xrTTqVS.exe
  2⤵
  PID:9132
- C:\Windows\System\XezjIUR.exe
  C:\Windows\System\XezjIUR.exe
  2⤵
  PID:9120
- C:\Windows\System\mgSTsLB.exe
  C:\Windows\System\mgSTsLB.exe
  2⤵
  PID:8292
- C:\Windows\System\STawEgY.exe
  C:\Windows\System\STawEgY.exe
  2⤵
  PID:7992
- C:\Windows\System\fALZduH.exe
  C:\Windows\System\fALZduH.exe
  2⤵
  PID:8404
- C:\Windows\System\sVSwaki.exe
  C:\Windows\System\sVSwaki.exe
  2⤵
  PID:8948
- C:\Windows\System\dKjvrKg.exe
  C:\Windows\System\dKjvrKg.exe
  2⤵
  PID:9212
- C:\Windows\System\zVgHQeG.exe
  C:\Windows\System\zVgHQeG.exe
  2⤵
  PID:8228
- C:\Windows\System\HGUShsN.exe
  C:\Windows\System\HGUShsN.exe
  2⤵
  PID:9232
- C:\Windows\System\LEXptWz.exe
  C:\Windows\System\LEXptWz.exe
  2⤵
  PID:9248
- C:\Windows\System\FLfIQgk.exe
  C:\Windows\System\FLfIQgk.exe
  2⤵
  PID:9264
- C:\Windows\System\lUOMjbJ.exe
  C:\Windows\System\lUOMjbJ.exe
  2⤵
  PID:9280
- C:\Windows\System\jzTMsSE.exe
  C:\Windows\System\jzTMsSE.exe
  2⤵
  PID:9296
- C:\Windows\System\coqheKu.exe
  C:\Windows\System\coqheKu.exe
  2⤵
  PID:9312
- C:\Windows\System\EwHAVSJ.exe
  C:\Windows\System\EwHAVSJ.exe
  2⤵
  PID:9328
- C:\Windows\System\VgDzFxU.exe
  C:\Windows\System\VgDzFxU.exe
  2⤵
  PID:9344
- C:\Windows\System\Skgbyuc.exe
  C:\Windows\System\Skgbyuc.exe
  2⤵
  PID:9364
- C:\Windows\System\omSdcip.exe
  C:\Windows\System\omSdcip.exe
  2⤵
  PID:9388
- C:\Windows\System\cigMRUT.exe
  C:\Windows\System\cigMRUT.exe
  2⤵
  PID:9404
- C:\Windows\System\tbdgZaR.exe
  C:\Windows\System\tbdgZaR.exe
  2⤵
  PID:9420
- C:\Windows\System\UoNFHRQ.exe
  C:\Windows\System\UoNFHRQ.exe
  2⤵
  PID:9448
- C:\Windows\System\DYHSlxZ.exe
  C:\Windows\System\DYHSlxZ.exe
  2⤵
  PID:9464
- C:\Windows\System\eZqVAXX.exe
  C:\Windows\System\eZqVAXX.exe
  2⤵
  PID:9480
- C:\Windows\System\sqEaiqe.exe
  C:\Windows\System\sqEaiqe.exe
  2⤵
  PID:9496
- C:\Windows\System\doKOEdY.exe
  C:\Windows\System\doKOEdY.exe
  2⤵
  PID:9516
- C:\Windows\System\LwQQwZt.exe
  C:\Windows\System\LwQQwZt.exe
  2⤵
  PID:9536
- C:\Windows\System\sONvqrH.exe
  C:\Windows\System\sONvqrH.exe
  2⤵
  PID:9552
- C:\Windows\System\eTcPgLy.exe
  C:\Windows\System\eTcPgLy.exe
  2⤵
  PID:9576
- C:\Windows\System\oZPfefX.exe
  C:\Windows\System\oZPfefX.exe
  2⤵
  PID:9592
- C:\Windows\System\LwBrwLD.exe
  C:\Windows\System\LwBrwLD.exe
  2⤵
  PID:9612
- C:\Windows\System\QcXZHya.exe
  C:\Windows\System\QcXZHya.exe
  2⤵
  PID:9628
- C:\Windows\System\dmmokaW.exe
  C:\Windows\System\dmmokaW.exe
  2⤵
  PID:9644
- C:\Windows\System\cBVQhkS.exe
  C:\Windows\System\cBVQhkS.exe
  2⤵
  PID:9660
- C:\Windows\System\KDsJVle.exe
  C:\Windows\System\KDsJVle.exe
  2⤵
  PID:9676
- C:\Windows\System\sLljndQ.exe
  C:\Windows\System\sLljndQ.exe
  2⤵
  PID:9700
- C:\Windows\System\xCyFXSQ.exe
  C:\Windows\System\xCyFXSQ.exe
  2⤵
  PID:9716
- C:\Windows\System\XivisZI.exe
  C:\Windows\System\XivisZI.exe
  2⤵
  PID:9732
- C:\Windows\System\afTbnXE.exe
  C:\Windows\System\afTbnXE.exe
  2⤵
  PID:9768
- C:\Windows\System\jKAPQTO.exe
  C:\Windows\System\jKAPQTO.exe
  2⤵
  PID:9784
- C:\Windows\System\OGeHOGs.exe
  C:\Windows\System\OGeHOGs.exe
  2⤵
  PID:9800
- C:\Windows\System\ZOALEYa.exe
  C:\Windows\System\ZOALEYa.exe
  2⤵
  PID:9816
- C:\Windows\System\tIHQhNb.exe
  C:\Windows\System\tIHQhNb.exe
  2⤵
  PID:9832
- C:\Windows\System\xGJoGXL.exe
  C:\Windows\System\xGJoGXL.exe
  2⤵
  PID:9848
- C:\Windows\System\WQVPKUi.exe
  C:\Windows\System\WQVPKUi.exe
  2⤵
  PID:9864
- C:\Windows\System\fxDBrvJ.exe
  C:\Windows\System\fxDBrvJ.exe
  2⤵
  PID:9880
- C:\Windows\System\ooLwDTL.exe
  C:\Windows\System\ooLwDTL.exe
  2⤵
  PID:9896
- C:\Windows\System\KfymUlb.exe
  C:\Windows\System\KfymUlb.exe
  2⤵
  PID:9912
- C:\Windows\System\yVugEkT.exe
  C:\Windows\System\yVugEkT.exe
  2⤵
  PID:9928
- C:\Windows\System\GvAoFhm.exe
  C:\Windows\System\GvAoFhm.exe
  2⤵
  PID:9944
- C:\Windows\System\UnVWMkk.exe
  C:\Windows\System\UnVWMkk.exe
  2⤵
  PID:9960
- C:\Windows\System\rUZkjdT.exe
  C:\Windows\System\rUZkjdT.exe
  2⤵
  PID:9976
- C:\Windows\System\xRRLfCx.exe
  C:\Windows\System\xRRLfCx.exe
  2⤵
  PID:9992
- C:\Windows\System\ITzrYNs.exe
  C:\Windows\System\ITzrYNs.exe
  2⤵
  PID:10008
- C:\Windows\System\cBPSHjn.exe
  C:\Windows\System\cBPSHjn.exe
  2⤵
  PID:10024
- C:\Windows\System\qGriouZ.exe
  C:\Windows\System\qGriouZ.exe
  2⤵
  PID:10040
- C:\Windows\System\BBbDMRB.exe
  C:\Windows\System\BBbDMRB.exe
  2⤵
  PID:10056
- C:\Windows\System\nYoNSlG.exe
  C:\Windows\System\nYoNSlG.exe
  2⤵
  PID:10072
- C:\Windows\System\wkZItRO.exe
  C:\Windows\System\wkZItRO.exe
  2⤵
  PID:10088
- C:\Windows\System\DEPAMOy.exe
  C:\Windows\System\DEPAMOy.exe
  2⤵
  PID:10104
- C:\Windows\System\BWEGmwu.exe
  C:\Windows\System\BWEGmwu.exe
  2⤵
  PID:10120
- C:\Windows\System\KwyEMmV.exe
  C:\Windows\System\KwyEMmV.exe
  2⤵
  PID:10136
- C:\Windows\System\SRjuOXQ.exe
  C:\Windows\System\SRjuOXQ.exe
  2⤵
  PID:10156
- C:\Windows\System\jBzHXEI.exe
  C:\Windows\System\jBzHXEI.exe
  2⤵
  PID:10172
- C:\Windows\System\cmRrXBG.exe
  C:\Windows\System\cmRrXBG.exe
  2⤵
  PID:10188
- C:\Windows\System\vOBQKNp.exe
  C:\Windows\System\vOBQKNp.exe
  2⤵
  PID:10204
- C:\Windows\System\qkTqtlx.exe
  C:\Windows\System\qkTqtlx.exe
  2⤵
  PID:10220
- C:\Windows\System\egUQJja.exe
  C:\Windows\System\egUQJja.exe
  2⤵
  PID:10236
- C:\Windows\System\wTdsqSc.exe
  C:\Windows\System\wTdsqSc.exe
  2⤵
  PID:8628
- C:\Windows\System\xFKQLnZ.exe
  C:\Windows\System\xFKQLnZ.exe
  2⤵
  PID:9024
- C:\Windows\System\PvDOgaa.exe
  C:\Windows\System\PvDOgaa.exe
  2⤵
  PID:9228
- C:\Windows\System\pPhJpPS.exe
  C:\Windows\System\pPhJpPS.exe
  2⤵
  PID:9256
- C:\Windows\System\Lxxsnur.exe
  C:\Windows\System\Lxxsnur.exe
  2⤵
  PID:9308
- C:\Windows\System\CydosYk.exe
  C:\Windows\System\CydosYk.exe
  2⤵
  PID:9324
- C:\Windows\System\JNntoDT.exe
  C:\Windows\System\JNntoDT.exe
  2⤵
  PID:9376
- C:\Windows\System\phLkPXP.exe
  C:\Windows\System\phLkPXP.exe
  2⤵
  PID:9352
- C:\Windows\System\WurbHxr.exe
  C:\Windows\System\WurbHxr.exe
  2⤵
  PID:9412
- C:\Windows\System\kXlhLei.exe
  C:\Windows\System\kXlhLei.exe
  2⤵
  PID:9428
- C:\Windows\System\jHmAMHu.exe
  C:\Windows\System\jHmAMHu.exe
  2⤵
  PID:9440
- C:\Windows\System\gsAnlcL.exe
  C:\Windows\System\gsAnlcL.exe
  2⤵
  PID:9504
- C:\Windows\System\hOFBqVj.exe
  C:\Windows\System\hOFBqVj.exe
  2⤵
  PID:9524
- C:\Windows\System\PQDPekc.exe
  C:\Windows\System\PQDPekc.exe
  2⤵
  PID:9548
- C:\Windows\System\fcagZex.exe
  C:\Windows\System\fcagZex.exe
  2⤵
  PID:9572
- C:\Windows\System\nZPMKhV.exe
  C:\Windows\System\nZPMKhV.exe
  2⤵
  PID:9652
- C:\Windows\System\VYHiKVc.exe
  C:\Windows\System\VYHiKVc.exe
  2⤵
  PID:9636
- C:\Windows\System\gwbIXTD.exe
  C:\Windows\System\gwbIXTD.exe
  2⤵
  PID:9668
- C:\Windows\System\lCebrtj.exe
  C:\Windows\System\lCebrtj.exe
  2⤵
  PID:9708
- C:\Windows\System\ARSuHJj.exe
  C:\Windows\System\ARSuHJj.exe
  2⤵
  PID:9724
- C:\Windows\System\rblokhI.exe
  C:\Windows\System\rblokhI.exe
  2⤵
  PID:9776
- C:\Windows\System\uZTSWwP.exe
  C:\Windows\System\uZTSWwP.exe
  2⤵
  PID:9744
- C:\Windows\System\luJBrle.exe
  C:\Windows\System\luJBrle.exe
  2⤵
  PID:9812
- C:\Windows\System\nvviJEw.exe
  C:\Windows\System\nvviJEw.exe
  2⤵
  PID:9860
- C:\Windows\System\spfedLf.exe
  C:\Windows\System\spfedLf.exe
  2⤵
  PID:9924
- C:\Windows\System\CDfqnVh.exe
  C:\Windows\System\CDfqnVh.exe
  2⤵
  PID:9844
- C:\Windows\System\DEErGXN.exe
  C:\Windows\System\DEErGXN.exe
  2⤵
  PID:9908
- C:\Windows\System\BXPAZRn.exe
  C:\Windows\System\BXPAZRn.exe
  2⤵
  PID:9972
- C:\Windows\System\TEHALEQ.exe
  C:\Windows\System\TEHALEQ.exe
  2⤵
  PID:10016
- C:\Windows\System\yqGYipe.exe
  C:\Windows\System\yqGYipe.exe
  2⤵
  PID:10020
- C:\Windows\System\dfKLHtJ.exe
  C:\Windows\System\dfKLHtJ.exe
  2⤵
  PID:10128
- C:\Windows\System\VaWYWhU.exe
  C:\Windows\System\VaWYWhU.exe
  2⤵
  PID:10196
- C:\Windows\System\JrxbYvF.exe
  C:\Windows\System\JrxbYvF.exe
  2⤵
  PID:8612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AzSHkrn.exe

Filesize
6.0MB

MD5
c91ca674857abed80b7d0bf4106ea12d

SHA1
bbd65e586fdff7c4a0bee36e16bf762d86c167dc

SHA256
d4ae38d1784eb5f0fe9a3248e2291d95b8f38266a04f4f223a6be366d437701e

SHA512
aef8d461e6bf8f1cc60e314daa506955476523158360354ed4e62932c427c225d6826ae9c1c7a42673b8867bf3b96b6961909ba0fbd3887eb0ebab42b6ce1fe9

Download Submit
C:\Windows\system\BZoqkpZ.exe

Filesize
6.0MB

MD5
58b942267575b8b9b0148885e9a92336

SHA1
17f0bb4aa0f80e4311bfa34676c3f059453b6372

SHA256
a0055abd9e93efc9aa7212bddb491cd3d33073a9b4efb4540dfd0d35d13fe68d

SHA512
92a94b601f0f159cc64397d539f8ef1e214e7f46506ada0db896cfca27bafaf3d0062b4a776e5ed4b0757d6ad6bd77f9f2147359c982b9022f5ddec0f26b0cda

Download Submit
C:\Windows\system\CJktjJY.exe

Filesize
6.0MB

MD5
85c66e18fa602974cbc58e4d8e7b6fc6

SHA1
d7d2be14d22778e49e95dca98e54587e32e7c34b

SHA256
87bd3ed22d0648625eaf08eef5e1ea021f1a8c372bd4dbb5fcdca600e08c85bf

SHA512
a540fee6c0930f396b2d5ed558d7be4425fcb8e0e023e3b179ed37020354a558e456065ce599eb9305eec938b2f123e50601665b465660bda420efb288d6fca4

Download Submit
C:\Windows\system\FQjYRDH.exe

Filesize
6.0MB

MD5
d2aaf4fcd4b637bc05bf02bb498ce8b0

SHA1
b6ef38237415252375420197d9c777a996d98963

SHA256
1ff2ab1c7997408f68a0b0eb476839b660c4f5fd60fbd66fac1a435cc950d5cc

SHA512
6980bf8c4113ca7a08784674208b92f0a724e677867c5d8aec0e144c30fd0e2fcf39cbd5ee9c7a3b7d038b46a5781cee154effc814cfaf1319630e75b6066acb

Download Submit
C:\Windows\system\FeNksAZ.exe

Filesize
6.0MB

MD5
8e70c67a90da7eb38642e291ededb1e8

SHA1
f82e08d69858a829c4fecfd3f6a7a36a0735dd0b

SHA256
a95271fab5c9fc6d8e5e6c24b0dcf2a6e2d19f39b353107b45236b1d7b8e5edb

SHA512
b1449d3e0126c8187caea3c9c457576a64f0a080bb4a16858ca639b586403a589276a049000881103c645234d7db7b3a8ee7d2ce74c79f9f2c07542432bbd9fc

Download Submit
C:\Windows\system\NyeWOJo.exe

Filesize
6.0MB

MD5
f274db3dda008af65bdd31951f465d23

SHA1
139336875f096d938a5edc79e7a8b0a034597897

SHA256
74a7f250aea39043c304baf61bbe07c3ccca12d44985b027685d5914b2c56bd6

SHA512
aa268fdfc2d3b16aee35b6378df36b5c76419e2cde3e6dda217315a52fd7dd5ba758a02cce91f9d83e91690204187784c183ef3bdcb9e9e0643aef1785cab536

Download Submit
C:\Windows\system\OoSCuRe.exe

Filesize
6.0MB

MD5
3fbd21891a94aa0414a6211588969e47

SHA1
1d2bcfa9cd52d19d092a589d0cd8159985a93408

SHA256
ebee9f0944ef82f154ff779f2c51f4240afdc6b775d6230609fba806456bf921

SHA512
ae869b198d8ebabdc172fe198838ade4520bc366dedb504b3a289d0cc7b56819769101ef8a527f3807e80e5141507ae80df8344f5bed15bb1a9a40513bd689b1

Download Submit
C:\Windows\system\RXWDbnO.exe

Filesize
6.0MB

MD5
28158fe9f501fb662888312780e33700

SHA1
06075a4c1c8a00bf14f9e2d870ca89fc8b73e293

SHA256
67e68c3808b81977de4df279710371b1395540d4bf47eeefbcad829e7397793d

SHA512
a1126ed7588cc2343d96cdbad23ceeef79bbc5e5de17a12e7bedde5aaec4ade81c1e6ef1aab913a680896ff8c179d896a12f93f5f8c33005382f1c4beacc83a0

Download Submit
C:\Windows\system\SaNTwxA.exe

Filesize
6.0MB

MD5
2e131cf55e08091990b57a32b6e41cb4

SHA1
2b713710e872ea368c1aa3661af0b0e1352c2afe

SHA256
57af846a342faac1b73dc5df2f70c4c6d6d7e24e88b0350b79300c20243eef61

SHA512
6668bd2bebefcc1c493b4821f26766c24d111b70fe59a6fc73989174f8f5f97de61e714622b61c3c08a3cf046624e318436dfeeb01a3cc621337c21f1d5fc71a

Download Submit
C:\Windows\system\VFMUwqR.exe

Filesize
6.0MB

MD5
77ba35ac54813e316694dba3a469ae3b

SHA1
2e56fe5d31f93f7fdb91954bf9fca13b55114ac3

SHA256
da2e518f955b76d704cc1c9b2f9d2960c91431b0348400472a729a0c7f5950e6

SHA512
bd8d5fe455b2a9049a6d20d0697342e7d515e534857fd141a5218f8266513e63339dfd6896d087305bad7840e82d24da33d400649c64089d05bc6dd1999cb5ca

Download Submit
C:\Windows\system\VKMqvXY.exe

Filesize
6.0MB

MD5
d1e59d37a77601ebab596c192ba8645b

SHA1
52398eac488ad8702c67397270a45a4dd4b1c983

SHA256
ec2b6bece42e6bcb0eb702414e1ff09b48c7df0e77223c85578d0c72ece87b05

SHA512
0fe81ee7ec1b17157c4732de64601122a4ace65ea891519ef1805d2c59b566ddaa35ab45865d0af9384de99c31f9a2ebb5354899523c8e41bf97410b9ff4dddc

Download Submit
C:\Windows\system\WnJekbE.exe

Filesize
6.0MB

MD5
b444bd54a2bb7c6e3d05cdd0f03e8305

SHA1
6b3e72b53e5c2e8af2fb0a339cf45c846b03db0c

SHA256
937e718c7072ca4e205418ea54017203c8f7b2f12680d7832a6b5d08371c7b24

SHA512
9208c459387247de9c3659bced9ab218d3a5d22fe0ccc58913122479a06c3a80e361c547d67c0e027f0bf6c41b7817328d6394fc5c60406fb723ef7c22adf88e

Download Submit
C:\Windows\system\YPZrBOy.exe

Filesize
6.0MB

MD5
f97da93e07f6282e19c1d381461003ac

SHA1
94396f7fd2c95b885c565b3628f20b23c3394228

SHA256
d9cad171da830426f89ebd48ba6c9da89d8fc4df1333a03b164c87697edfb44d

SHA512
13e3bc7f08872ca9f6fc8b6eb629007fd1740fcf175b0af2f500098bd60baa1cdd9a4065c1d986cbe1683c25f9e4c76185de0bcb16a5edcb4fb1935d558d0102

Download Submit
C:\Windows\system\ZoxlzMY.exe

Filesize
6.0MB

MD5
669066856b199f6dd04fd7aa7cc6a63d

SHA1
ef9f8f762e1bd53a9edef86d92512ff01bb58c64

SHA256
1615259308f3fe43c650069aa6892209fae33e7bda32a3590cca45dd080eccca

SHA512
a423359a23c92d5f1d99a3ffe4c513c0151b4f6021b443cf8be623badc8d87f86cf53bf7efddb162202ce7baadb3efe6be24d2ed9bf4cfaf033f19953d6dcafd

Download Submit
C:\Windows\system\bJxLHUj.exe

Filesize
6.0MB

MD5
8d8c9ed7ea59efd330da0370b7a7dda8

SHA1
2022ebc5f7bc2f35831266a721466664990781fd

SHA256
7aaa87b98e6ecd5003625ae3519a64dc764e6437bf0ce49fa053e9496e670676

SHA512
304e12dd4a44299b920e19ee9f1731838a8c036d3730b15855236ccbd641a97d0e8b48a8d20e0d24a96e8084240766480f4f32c8c32877455af81f6534d8e242

Download Submit
C:\Windows\system\iPrfBOZ.exe

Filesize
6.0MB

MD5
6f1d3ff5ef8635e5bb69bc6f8e1ee221

SHA1
348df43c82d5bb785bc2a04480fa9e85ad9e22cd

SHA256
264b96acc7adbc89ba28724b5248c8126e6242d81efcc48888270e73f6b801ca

SHA512
9f23d9e3fdfb2c63222ee316a934f0243834846b431af4baf1aada09a9f1c886352501b2243c8e76960ee846dc5ffbd37c86fcfb8864eb38371b7b2e1d3e02f8

Download Submit
C:\Windows\system\lqyVNBE.exe

Filesize
6.0MB

MD5
fe690d0979ea4e78c9c0d0bfd2dd90bd

SHA1
ef018a4453b0835d207ae91f1d8b990f399fb083

SHA256
42eacb831a944df20114103121e3378bf4814e5b631b595dffd588bea9c865ca

SHA512
9e8a86630c22c8ced41f19cf3b2d55ff47c5bc5689e708e7789280fce2a6e1e0876574940b7e33561b3c9b3be3f4bb5063215fa8ce0eb6a8a676159d8d5453b6

Download Submit
C:\Windows\system\mfXKJrM.exe

Filesize
6.0MB

MD5
0dd5eacf1b49b30cd10fb2a080211836

SHA1
2186febbfb203d5c9bd4a320e75a3994c07ef041

SHA256
8bd097d2356d0dec7faa6056f70aa4bd26167c9afa4c256edc528af2f8719db6

SHA512
b7977196b7ad6ace7789acac6069c34b2ffe5536780d52939af3d924912e02a95cbc307fc10e0f092da7a00e29261de1a604f63affcd6af7c36d7554f96f073d

Download Submit
C:\Windows\system\oQAqOdV.exe

Filesize
6.0MB

MD5
acd65f4130dba50916a950a0b057fb04

SHA1
88ff58c9df64e77257d327ab0b1df248cf0cc407

SHA256
81fd0306bbb20b872bf91f6171aad9309441c73ed310cf2e5f65dbd70abca207

SHA512
a26a86ba3bd1409836cd90f4c23e3e4e89815c5e2ee53e0d19db14a8bcd3cb3987926c30fcfd3bd0f696514d0951c423d45051b2d0f57a72c8f1b8164a01df53

Download Submit
C:\Windows\system\sYqmXnN.exe

Filesize
6.0MB

MD5
09212fe7c4364cb5f4337eac5b4c1a68

SHA1
d8d39dfa0fd083d41c5018c0f7d73c7a20652bae

SHA256
c0a52024bc249c2103f34fbcfa001b90547232ad3dea9635db1c952ad5a500bb

SHA512
0297a2a629c9661ba5e1eace758ec927db42eafc4d21e30d2283a542e8bd6969f5c692a2d01a1513d940d31be3cb2f288df23fedb4214ff007c849e75322023c

Download Submit
C:\Windows\system\wbImLIO.exe

Filesize
6.0MB

MD5
3d5bd3d7d635c559b9944088f573f5f2

SHA1
6a43016505deba97fe67cbd68868bb6a2ae67980

SHA256
d992f8f168639d35bc512385d3444b307bc1ffa53061fe4143120e296138bd1f

SHA512
3c04ac2f58fe1285e9f032665083e320981944275ecf319a5e5513cdfc869cbd6f6c64c5e5b5cc184ea2ad2fce503f29cb62f5838cdcf7324bf14ef07aa6de40

Download Submit
C:\Windows\system\wqVhckv.exe

Filesize
6.0MB

MD5
f949570a5b8f6443e13ed4c888194f16

SHA1
41486f09d209a2c4d619663ae5db578901764868

SHA256
c862cd2aec75532d6a7d23051b6479fe362d450b3b75a197d7846afe95929f24

SHA512
f65ffb0271c2ebf29b010497a70f9e293c2c803505f47f89435889c9fb7660c4d39d44b2a2dd9c5a2b9d5a568bae1c460460584d5dd88aabeec1ff7c5508fe8e

Download Submit
C:\Windows\system\wttSnRv.exe

Filesize
6.0MB

MD5
69d7c22b6b2cf2a70e61da4b2d9c12e0

SHA1
4a46d7ef106b304dc4b15c3e61af9382122e971f

SHA256
de73b9d50fa3b90a0ab2be62c2fa79762a7bb43b44d480fa51bb8116b74f5520

SHA512
527fd385bd5cfc777d97be10ac5a5276cb1dda22bc3e05935428c66d2ae9b2462173ec53219336e2f9e02306e7d5ece92c22ebb443fd3a4a40c46bd0c05fc040

Download Submit
\Windows\system\FPHTbBd.exe

Filesize
6.0MB

MD5
93c0f231f39eb8e199841aaee37a1a74

SHA1
3701520aa7e7c8d2c567c9246be9c8ab30573ae4

SHA256
c75e295775d64ee57db71cd22e2a0dc3609d04ca662e39efb6241a5f9b062be5

SHA512
68497342be1ed9482b66114c4b805eb426ada24a2d0ab011a5ef75fb1186b546a45eb04d8728c445bea5ea93110b4665afe7fb2dfbc46462f2e712a3abfca95e

Download Submit
\Windows\system\GhzkkKV.exe

Filesize
6.0MB

MD5
db3849694d1eaee781f1b2d69ca7b8d2

SHA1
0d837a2cd76d6bc38ff7cc8e4b7d23f2e37c10ee

SHA256
9de9ba104b8672845d8e1307017e60d07a54c45bd9b7d5e2cd8f7f7877dc404f

SHA512
05c4d709bde87d710b6f5926435e43826b90ad79c68f6b4a910b44ee8436b30cec08bfd11d4ee4dcd560249449da0f837f87647969fd923da229b19713bb4c7c

Download Submit
\Windows\system\IOheLtu.exe

Filesize
6.0MB

MD5
27f609f7102d23f1e5e8be8ba83969cb

SHA1
689cb1622f7f18346d82e114618a04809df2d09f

SHA256
0e94318cb6121e1679794382518e93f9a1c9f5f660931621d63be88bb439f52b

SHA512
16f54aaf8f2d3390d0fc63c6c0220a9de52efd1e8acb2111b99701b71ed7c646e0a9915aac7174bbd190632f240a71de17457c3f0312d88be48f634c3c5171ee

Download Submit
\Windows\system\LLZxWws.exe

Filesize
6.0MB

MD5
d7f589e01b0e4089b281d117b84a1bec

SHA1
2fc26dd1c11e6c5c28b8d69c12221baa4b5b5bc9

SHA256
8cf47f4196b82fa579656d6b40255223cc281e0d5ab07cba5c9bebd97c276739

SHA512
e15bb152504a1c49b3b7caa08f6e3ddb6098f8bdcd8aedaf43bc98e0b2c6eb65188025a84357636b8b834644c1d2fa02db3d31176dd5fc59b07eacb1b83c4f84

Download Submit
\Windows\system\baorXdg.exe

Filesize
6.0MB

MD5
f5957297fe3f7fbd2edb9f2126d4f8a5

SHA1
5778cf0040e2d7a9bc8f0921ec4a766bd30fe636

SHA256
6ffc7bb5f294b094242a0ed7fde3beebd45957e598cfe37229ba211a5c5c4393

SHA512
bf4ba90fe78a322046cbab0c68168954259bc22614e5a173eb2a2ac119e98703d0eccca4490cb4d29c4af1639865594a77f280547f1285fe465a02cd7d5c9b6e

Download Submit
\Windows\system\dFLITAS.exe

Filesize
6.0MB

MD5
d04fb373355161755ab50890fa1cf7cf

SHA1
36293ba5bf48802420a0a188252f8df76616c836

SHA256
b565f86b0bb71fee193c9ce961f423350cd9102e58f5256db18dec6dd06a352c

SHA512
546eb2f41a1548375ed68dcbe6035ba3be2d7549aec981197c4d344349d86076fced5e20657632bbd216fdce2e4c8cbbf96cc5dc22a46a3868255fa5cde26e41

Download Submit
\Windows\system\gKuxezt.exe

Filesize
6.0MB

MD5
c479963f77efe7a32bdfb8e3587fd414

SHA1
d78663530726383fbafe4b19f8e35d9eb02e2200

SHA256
59223c63f30a0c347a974ffecb6cabeb6143a0af09da6f14d94055a57ff1bcda

SHA512
7f8f580a02ed2be330469bce37e7b635baf868b11f6f1f2dc32c1ff2d694bd7d5a79950af4ab2e03180431b580fe250469b9657a37ccfc92b268ca0708d6ef27

Download Submit
\Windows\system\jbuMgYF.exe

Filesize
6.0MB

MD5
b05e8de9c999045329689bb3d0aa6b59

SHA1
80f16471e479b4c9e62632cd5867e0853fa614ab

SHA256
85911914f1ddf6f0df06d47d1427c95046ea65624bc7f5fb8a267c6140db9e87

SHA512
dc3db7da00c4d626a896fa464677d4138892ea6c93fded04675b240a21e65e41d0635bf462740029a56ed5708a461abb482025c586dca3f7c262af4ec29bcb8d

Download Submit
\Windows\system\jcpjukA.exe

Filesize
6.0MB

MD5
b0ef1b14a192aa5bb935252654b185e3

SHA1
ac0509ee6c487516dce9d892b2e05f074e93cbab

SHA256
ed5a233264f532f3c3d39a6a102fe60910c1ead7c8f19cb96e8c892e3093a2d8

SHA512
05256ee0f33e953d379dcefc6d017ee35d7548e0fa85d78e4daa9829b5973278e0071e56574e21d7527109c06ece2600c633f6be6e6e8f804b8131899a1f7a79

Download Submit
memory/268-158-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/268-2114-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-82-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1704-2094-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2028-1956-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2028-14-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2028-74-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2072-81-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2072-27-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2072-1982-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2104-63-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-10-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-1947-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-159-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-39-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2528-76-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2528-0-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-73-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2528-32-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2528-156-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-19-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2528-70-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2528-619-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-570-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-425-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2528-327-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2528-163-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-160-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-1-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download
memory/2528-13-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2528-55-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-56-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-62-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-2027-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2616-71-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2648-2113-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-157-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1964-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2684-26-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2684-75-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2692-2133-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-161-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-61-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2732-2000-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2808-60-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2808-2017-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2832-1992-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-162-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-34-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-2011-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2912-64-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2968-2016-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-54-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-234-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download