cobaltstrike | f4b7425d6e5692601805663bbce8868e4d0f21dfda9068160c9786e8458f1aff

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-12-2024 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

6827f52860ae8d75efe03c41c446b8ac
SHA1

0c437d899b41197a6f47d24ad3f3cc858334d904
SHA256

f4b7425d6e5692601805663bbce8868e4d0f21dfda9068160c9786e8458f1aff
SHA512

565c22ce3bd1763bbad33c863935ef97708860e47ef1c2d1b0d8b0a7e3c6f50a7eb14d834f6a4e247639cb288f324c970647359cdf855b69c4987f536006b410
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUx:eOl56utgpPF8u/7x

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012115-6.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193c4-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193d9-18.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019401-24.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019403-33.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001942f-40.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001947e-57.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196be-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c63-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fc9-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a446-192.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a441-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a479-195.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a443-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a43d-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a43f-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a354-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a311-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b3-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a08b-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a078-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019faf-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dc1-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db5-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d54-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d2d-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c4a-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c48-102.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998a-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c43-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196f6-78.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001967d-61.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019441-48.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2644-0-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012115-6.dat	xmrig
behavioral1/memory/2644-8-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2780-9-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x00070000000193c4-11.dat	xmrig
behavioral1/files/0x00070000000193d9-18.dat	xmrig
behavioral1/memory/3008-23-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2644-21-0x0000000002420000-0x0000000002774000-memory.dmp	xmrig
behavioral1/files/0x0006000000019401-24.dat	xmrig
behavioral1/files/0x0006000000019403-33.dat	xmrig
behavioral1/memory/2680-35-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x000600000001942f-40.dat	xmrig
behavioral1/memory/2644-44-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2660-53-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/files/0x000800000001947e-57.dat	xmrig
behavioral1/files/0x00050000000196be-70.dat	xmrig
behavioral1/memory/2536-83-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/1856-90-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c63-114.dat	xmrig
behavioral1/files/0x0005000000019fc9-144.dat	xmrig
behavioral1/memory/484-835-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2376-518-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2832-315-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a446-192.dat	xmrig
behavioral1/files/0x000500000001a441-185.dat	xmrig
behavioral1/files/0x000500000001a479-195.dat	xmrig
behavioral1/files/0x000500000001a443-188.dat	xmrig
behavioral1/files/0x000500000001a43d-171.dat	xmrig
behavioral1/files/0x000500000001a43f-176.dat	xmrig
behavioral1/files/0x000500000001a354-169.dat	xmrig
behavioral1/files/0x000500000001a311-164.dat	xmrig
behavioral1/files/0x000500000001a0b3-159.dat	xmrig
behavioral1/files/0x000500000001a08b-154.dat	xmrig
behavioral1/files/0x000500000001a078-149.dat	xmrig
behavioral1/files/0x0005000000019faf-139.dat	xmrig
behavioral1/files/0x0005000000019dc1-134.dat	xmrig
behavioral1/files/0x0005000000019db5-129.dat	xmrig
behavioral1/files/0x0005000000019d54-124.dat	xmrig
behavioral1/files/0x0005000000019d2d-119.dat	xmrig
behavioral1/files/0x0005000000019c4a-107.dat	xmrig
behavioral1/memory/1980-104-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c48-102.dat	xmrig
behavioral1/memory/1048-99-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/484-98-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x000500000001998a-88.dat	xmrig
behavioral1/memory/2644-86-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c43-93.dat	xmrig
behavioral1/memory/2376-85-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2644-84-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2832-73-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2680-71-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x00050000000196f6-78.dat	xmrig
behavioral1/memory/576-66-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2824-64-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/files/0x000600000001967d-61.dat	xmrig
behavioral1/memory/2432-51-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000019441-48.dat	xmrig
behavioral1/memory/2536-43-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2824-29-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2660-19-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/3008-4043-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2780-4046-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2660-4047-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2432-4050-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2780	AzrxpVs.exe
2660	ZCRfutj.exe
3008	wRuQFEB.exe
2824	aCwfRPF.exe
2680	JAGsycF.exe
2536	uzwHtvq.exe
2432	eXjDBzm.exe
1048	wPxTrbP.exe
576	pUYxpmN.exe
2832	SpoxFwA.exe
2376	qLYWVlZ.exe
1856	BqpZYYQ.exe
484	LyabKFD.exe
1980	riykHtW.exe
1532	HElkjcX.exe
2332	kIHybnT.exe
988	FZixJQw.exe
2876	eWwTpVX.exe
1988	SdIkmrh.exe
2872	VSCtMLO.exe
2436	mWMnjoL.exe
3024	cRkUjVh.exe
2712	ynqDWeq.exe
3016	vLMkWQz.exe
1788	HTQtcak.exe
2988	LxKyzBE.exe
1344	GXganKc.exe
2288	bCjuwjA.exe
1624	pKeGWIg.exe
912	AFLSSIb.exe
2856	wfjckmQ.exe
2444	LIsExhI.exe
3052	Jsspnjq.exe
1228	onvaiqY.exe
2500	TpQUlpD.exe
1796	sqpWfjN.exe
948	JudlICK.exe
1032	vvdbwAj.exe
1840	utRSfkm.exe
1800	jjjvWCi.exe
1928	ZtAlXuf.exe
2892	BkApFPB.exe
2316	MtoUwpc.exe
1852	RRMEqmk.exe
1336	oElUCZe.exe
108	JkndNjN.exe
2976	qocqpPI.exe
2812	OJZemXb.exe
1744	cabcacF.exe
1544	kALClIt.exe
2904	IsphjGo.exe
3004	GPyTSGH.exe
2688	wnWIKHo.exe
2648	RrmPGsh.exe
2568	EFgpggB.exe
1600	UwdHvko.exe
2352	ejKQaVD.exe
2928	gItGTmX.exe
1352	cwBitvy.exe
2828	WjIkTun.exe
1432	qTIUluA.exe
2416	iPmspgn.exe
1652	QduASet.exe
1700	uxHCrKM.exe

Loads dropped DLL 64 IoCs

pid	Process
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2644-0-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x0007000000012115-6.dat	upx
behavioral1/memory/2780-9-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x00070000000193c4-11.dat	upx
behavioral1/files/0x00070000000193d9-18.dat	upx
behavioral1/memory/3008-23-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x0006000000019401-24.dat	upx
behavioral1/files/0x0006000000019403-33.dat	upx
behavioral1/memory/2680-35-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x000600000001942f-40.dat	upx
behavioral1/memory/2644-44-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2660-53-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/files/0x000800000001947e-57.dat	upx
behavioral1/files/0x00050000000196be-70.dat	upx
behavioral1/memory/2536-83-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/1856-90-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x0005000000019c63-114.dat	upx
behavioral1/files/0x0005000000019fc9-144.dat	upx
behavioral1/memory/484-835-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2376-518-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2832-315-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x000500000001a446-192.dat	upx
behavioral1/files/0x000500000001a441-185.dat	upx
behavioral1/files/0x000500000001a479-195.dat	upx
behavioral1/files/0x000500000001a443-188.dat	upx
behavioral1/files/0x000500000001a43d-171.dat	upx
behavioral1/files/0x000500000001a43f-176.dat	upx
behavioral1/files/0x000500000001a354-169.dat	upx
behavioral1/files/0x000500000001a311-164.dat	upx
behavioral1/files/0x000500000001a0b3-159.dat	upx
behavioral1/files/0x000500000001a08b-154.dat	upx
behavioral1/files/0x000500000001a078-149.dat	upx
behavioral1/files/0x0005000000019faf-139.dat	upx
behavioral1/files/0x0005000000019dc1-134.dat	upx
behavioral1/files/0x0005000000019db5-129.dat	upx
behavioral1/files/0x0005000000019d54-124.dat	upx
behavioral1/files/0x0005000000019d2d-119.dat	upx
behavioral1/files/0x0005000000019c4a-107.dat	upx
behavioral1/memory/1980-104-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x0005000000019c48-102.dat	upx
behavioral1/memory/1048-99-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/484-98-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/files/0x000500000001998a-88.dat	upx
behavioral1/files/0x0005000000019c43-93.dat	upx
behavioral1/memory/2376-85-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2832-73-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2680-71-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x00050000000196f6-78.dat	upx
behavioral1/memory/576-66-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2824-64-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/files/0x000600000001967d-61.dat	upx
behavioral1/memory/2432-51-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x0008000000019441-48.dat	upx
behavioral1/memory/2536-43-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2824-29-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2660-19-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/3008-4043-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2780-4046-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2660-4047-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2432-4050-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2824-4049-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2680-4048-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2536-4051-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/1048-4052-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TKiFBwu.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDxjCka.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iucPYvs.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ejKQaVD.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITZWUwg.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KoEQoEl.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hdStMuS.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yiSodPk.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbimoAN.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GyELjdO.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xAXntGj.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSQPRNp.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GFCQLbK.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\isAIbLt.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQQGYMI.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LnPlWor.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XIHYFWl.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\efYOnnW.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VUqHDDm.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybTwyhn.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZYwRRxI.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\diutvWq.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UrwxLQP.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iBIjmVc.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bZcjmUQ.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjDpKtu.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\maFylPZ.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KLdLZWU.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BEzIHic.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GINaKgb.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BKOFjMn.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WfEdsff.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lYThxye.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UwGRyvS.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zlPGiWF.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CTTlbQh.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIsExhI.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OJZemXb.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dMcGAAk.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rjXkDds.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aCwfRPF.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ELiTQXy.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YwItBPx.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BuqAXWU.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hTMZAmU.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LxHfaGx.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpiczqK.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zztjznt.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LzYrrQM.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CXBDzDv.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DcLhvEr.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFgNobv.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYBJdaO.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SAvJEJp.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ewspJka.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzVtGvO.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oahKLCo.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IrVyoSB.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RYpEzZA.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NRFdNUm.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mIvBQvS.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DGsOZLO.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gGvOTYQ.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hmYBZTB.exe	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2780	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2644 wrote to memory of 2780	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2644 wrote to memory of 2780	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2644 wrote to memory of 2660	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2644 wrote to memory of 2660	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2644 wrote to memory of 2660	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2644 wrote to memory of 3008	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2644 wrote to memory of 3008	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2644 wrote to memory of 3008	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2644 wrote to memory of 2824	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2644 wrote to memory of 2824	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2644 wrote to memory of 2824	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2644 wrote to memory of 2680	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2644 wrote to memory of 2680	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2644 wrote to memory of 2680	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2644 wrote to memory of 2536	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2644 wrote to memory of 2536	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2644 wrote to memory of 2536	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2644 wrote to memory of 2432	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2644 wrote to memory of 2432	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2644 wrote to memory of 2432	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2644 wrote to memory of 1048	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2644 wrote to memory of 1048	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2644 wrote to memory of 1048	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2644 wrote to memory of 576	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2644 wrote to memory of 576	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2644 wrote to memory of 576	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2644 wrote to memory of 2832	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2644 wrote to memory of 2832	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2644 wrote to memory of 2832	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2644 wrote to memory of 2376	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2644 wrote to memory of 2376	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2644 wrote to memory of 2376	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2644 wrote to memory of 1856	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2644 wrote to memory of 1856	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2644 wrote to memory of 1856	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2644 wrote to memory of 484	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2644 wrote to memory of 484	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2644 wrote to memory of 484	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2644 wrote to memory of 1980	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2644 wrote to memory of 1980	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2644 wrote to memory of 1980	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2644 wrote to memory of 1532	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2644 wrote to memory of 1532	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2644 wrote to memory of 1532	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2644 wrote to memory of 2332	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2644 wrote to memory of 2332	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2644 wrote to memory of 2332	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2644 wrote to memory of 988	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2644 wrote to memory of 988	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2644 wrote to memory of 988	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2644 wrote to memory of 2876	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2644 wrote to memory of 2876	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2644 wrote to memory of 2876	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2644 wrote to memory of 1988	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2644 wrote to memory of 1988	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2644 wrote to memory of 1988	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2644 wrote to memory of 2872	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2644 wrote to memory of 2872	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2644 wrote to memory of 2872	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2644 wrote to memory of 2436	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2644 wrote to memory of 2436	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2644 wrote to memory of 2436	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2644 wrote to memory of 3024	2644	2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-24_6827f52860ae8d75efe03c41c446b8ac_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\System\AzrxpVs.exe
  C:\Windows\System\AzrxpVs.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\ZCRfutj.exe
  C:\Windows\System\ZCRfutj.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\wRuQFEB.exe
  C:\Windows\System\wRuQFEB.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\aCwfRPF.exe
  C:\Windows\System\aCwfRPF.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\JAGsycF.exe
  C:\Windows\System\JAGsycF.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\uzwHtvq.exe
  C:\Windows\System\uzwHtvq.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\eXjDBzm.exe
  C:\Windows\System\eXjDBzm.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\wPxTrbP.exe
  C:\Windows\System\wPxTrbP.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\pUYxpmN.exe
  C:\Windows\System\pUYxpmN.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\SpoxFwA.exe
  C:\Windows\System\SpoxFwA.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\qLYWVlZ.exe
  C:\Windows\System\qLYWVlZ.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\BqpZYYQ.exe
  C:\Windows\System\BqpZYYQ.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\LyabKFD.exe
  C:\Windows\System\LyabKFD.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\riykHtW.exe
  C:\Windows\System\riykHtW.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\HElkjcX.exe
  C:\Windows\System\HElkjcX.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\kIHybnT.exe
  C:\Windows\System\kIHybnT.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\FZixJQw.exe
  C:\Windows\System\FZixJQw.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\eWwTpVX.exe
  C:\Windows\System\eWwTpVX.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\SdIkmrh.exe
  C:\Windows\System\SdIkmrh.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\VSCtMLO.exe
  C:\Windows\System\VSCtMLO.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\mWMnjoL.exe
  C:\Windows\System\mWMnjoL.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\cRkUjVh.exe
  C:\Windows\System\cRkUjVh.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\ynqDWeq.exe
  C:\Windows\System\ynqDWeq.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\vLMkWQz.exe
  C:\Windows\System\vLMkWQz.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\HTQtcak.exe
  C:\Windows\System\HTQtcak.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\LxKyzBE.exe
  C:\Windows\System\LxKyzBE.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\GXganKc.exe
  C:\Windows\System\GXganKc.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\pKeGWIg.exe
  C:\Windows\System\pKeGWIg.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\bCjuwjA.exe
  C:\Windows\System\bCjuwjA.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\AFLSSIb.exe
  C:\Windows\System\AFLSSIb.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\wfjckmQ.exe
  C:\Windows\System\wfjckmQ.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\Jsspnjq.exe
  C:\Windows\System\Jsspnjq.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\LIsExhI.exe
  C:\Windows\System\LIsExhI.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\onvaiqY.exe
  C:\Windows\System\onvaiqY.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\TpQUlpD.exe
  C:\Windows\System\TpQUlpD.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\sqpWfjN.exe
  C:\Windows\System\sqpWfjN.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\JudlICK.exe
  C:\Windows\System\JudlICK.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\vvdbwAj.exe
  C:\Windows\System\vvdbwAj.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\utRSfkm.exe
  C:\Windows\System\utRSfkm.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\jjjvWCi.exe
  C:\Windows\System\jjjvWCi.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\ZtAlXuf.exe
  C:\Windows\System\ZtAlXuf.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\MtoUwpc.exe
  C:\Windows\System\MtoUwpc.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\BkApFPB.exe
  C:\Windows\System\BkApFPB.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\oElUCZe.exe
  C:\Windows\System\oElUCZe.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\RRMEqmk.exe
  C:\Windows\System\RRMEqmk.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\JkndNjN.exe
  C:\Windows\System\JkndNjN.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\qocqpPI.exe
  C:\Windows\System\qocqpPI.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\cabcacF.exe
  C:\Windows\System\cabcacF.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\OJZemXb.exe
  C:\Windows\System\OJZemXb.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\IsphjGo.exe
  C:\Windows\System\IsphjGo.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\kALClIt.exe
  C:\Windows\System\kALClIt.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\GPyTSGH.exe
  C:\Windows\System\GPyTSGH.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\wnWIKHo.exe
  C:\Windows\System\wnWIKHo.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\EFgpggB.exe
  C:\Windows\System\EFgpggB.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\RrmPGsh.exe
  C:\Windows\System\RrmPGsh.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\gItGTmX.exe
  C:\Windows\System\gItGTmX.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\UwdHvko.exe
  C:\Windows\System\UwdHvko.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\WjIkTun.exe
  C:\Windows\System\WjIkTun.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\ejKQaVD.exe
  C:\Windows\System\ejKQaVD.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\iPmspgn.exe
  C:\Windows\System\iPmspgn.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\cwBitvy.exe
  C:\Windows\System\cwBitvy.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\QduASet.exe
  C:\Windows\System\QduASet.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\qTIUluA.exe
  C:\Windows\System\qTIUluA.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\uxHCrKM.exe
  C:\Windows\System\uxHCrKM.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\sgGkeiH.exe
  C:\Windows\System\sgGkeiH.exe
  2⤵
  PID:2080
- C:\Windows\System\xskWHnz.exe
  C:\Windows\System\xskWHnz.exe
  2⤵
  PID:2044
- C:\Windows\System\zSjRlGP.exe
  C:\Windows\System\zSjRlGP.exe
  2⤵
  PID:1136
- C:\Windows\System\QasOfIF.exe
  C:\Windows\System\QasOfIF.exe
  2⤵
  PID:768
- C:\Windows\System\dISSwvs.exe
  C:\Windows\System\dISSwvs.exe
  2⤵
  PID:904
- C:\Windows\System\uwQXFFr.exe
  C:\Windows\System\uwQXFFr.exe
  2⤵
  PID:652
- C:\Windows\System\LCaZgxQ.exe
  C:\Windows\System\LCaZgxQ.exe
  2⤵
  PID:2276
- C:\Windows\System\RljyTyZ.exe
  C:\Windows\System\RljyTyZ.exe
  2⤵
  PID:1548
- C:\Windows\System\cyniQnS.exe
  C:\Windows\System\cyniQnS.exe
  2⤵
  PID:2452
- C:\Windows\System\RiRqkQn.exe
  C:\Windows\System\RiRqkQn.exe
  2⤵
  PID:2084
- C:\Windows\System\QdSlvWS.exe
  C:\Windows\System\QdSlvWS.exe
  2⤵
  PID:1312
- C:\Windows\System\GRBbBZG.exe
  C:\Windows\System\GRBbBZG.exe
  2⤵
  PID:1592
- C:\Windows\System\tpaDtHf.exe
  C:\Windows\System\tpaDtHf.exe
  2⤵
  PID:380
- C:\Windows\System\yLmYZFY.exe
  C:\Windows\System\yLmYZFY.exe
  2⤵
  PID:2320
- C:\Windows\System\tyyebgt.exe
  C:\Windows\System\tyyebgt.exe
  2⤵
  PID:2092
- C:\Windows\System\OxIjLvW.exe
  C:\Windows\System\OxIjLvW.exe
  2⤵
  PID:1752
- C:\Windows\System\YjnNPvo.exe
  C:\Windows\System\YjnNPvo.exe
  2⤵
  PID:1576
- C:\Windows\System\sVApHxZ.exe
  C:\Windows\System\sVApHxZ.exe
  2⤵
  PID:2532
- C:\Windows\System\BZPkhwR.exe
  C:\Windows\System\BZPkhwR.exe
  2⤵
  PID:2588
- C:\Windows\System\NBygbHR.exe
  C:\Windows\System\NBygbHR.exe
  2⤵
  PID:892
- C:\Windows\System\sCgDWwM.exe
  C:\Windows\System\sCgDWwM.exe
  2⤵
  PID:2760
- C:\Windows\System\kbaqBtW.exe
  C:\Windows\System\kbaqBtW.exe
  2⤵
  PID:2364
- C:\Windows\System\jMQwkLt.exe
  C:\Windows\System\jMQwkLt.exe
  2⤵
  PID:1716
- C:\Windows\System\SWeqEto.exe
  C:\Windows\System\SWeqEto.exe
  2⤵
  PID:1500
- C:\Windows\System\ybTwyhn.exe
  C:\Windows\System\ybTwyhn.exe
  2⤵
  PID:2000
- C:\Windows\System\JUYqAkP.exe
  C:\Windows\System\JUYqAkP.exe
  2⤵
  PID:2064
- C:\Windows\System\zkMZmiV.exe
  C:\Windows\System\zkMZmiV.exe
  2⤵
  PID:2212
- C:\Windows\System\TypTOkH.exe
  C:\Windows\System\TypTOkH.exe
  2⤵
  PID:1656
- C:\Windows\System\DDgNUqr.exe
  C:\Windows\System\DDgNUqr.exe
  2⤵
  PID:1316
- C:\Windows\System\TkiOHPi.exe
  C:\Windows\System\TkiOHPi.exe
  2⤵
  PID:1748
- C:\Windows\System\SSjgyvr.exe
  C:\Windows\System\SSjgyvr.exe
  2⤵
  PID:1552
- C:\Windows\System\wNpLPAr.exe
  C:\Windows\System\wNpLPAr.exe
  2⤵
  PID:3076
- C:\Windows\System\IUhNkfb.exe
  C:\Windows\System\IUhNkfb.exe
  2⤵
  PID:3096
- C:\Windows\System\DJJwjWo.exe
  C:\Windows\System\DJJwjWo.exe
  2⤵
  PID:3112
- C:\Windows\System\hrUrwcx.exe
  C:\Windows\System\hrUrwcx.exe
  2⤵
  PID:3136
- C:\Windows\System\HVPjxdN.exe
  C:\Windows\System\HVPjxdN.exe
  2⤵
  PID:3156
- C:\Windows\System\SVuIIoj.exe
  C:\Windows\System\SVuIIoj.exe
  2⤵
  PID:3176
- C:\Windows\System\wYopmOy.exe
  C:\Windows\System\wYopmOy.exe
  2⤵
  PID:3196
- C:\Windows\System\vpcsKFl.exe
  C:\Windows\System\vpcsKFl.exe
  2⤵
  PID:3216
- C:\Windows\System\ftstPOx.exe
  C:\Windows\System\ftstPOx.exe
  2⤵
  PID:3236
- C:\Windows\System\XUEFzNe.exe
  C:\Windows\System\XUEFzNe.exe
  2⤵
  PID:3256
- C:\Windows\System\nkDfBkB.exe
  C:\Windows\System\nkDfBkB.exe
  2⤵
  PID:3276
- C:\Windows\System\zZLSQoQ.exe
  C:\Windows\System\zZLSQoQ.exe
  2⤵
  PID:3296
- C:\Windows\System\dcVCcdR.exe
  C:\Windows\System\dcVCcdR.exe
  2⤵
  PID:3316
- C:\Windows\System\OqssgIV.exe
  C:\Windows\System\OqssgIV.exe
  2⤵
  PID:3336
- C:\Windows\System\HqQdHav.exe
  C:\Windows\System\HqQdHav.exe
  2⤵
  PID:3356
- C:\Windows\System\WusJovp.exe
  C:\Windows\System\WusJovp.exe
  2⤵
  PID:3376
- C:\Windows\System\WFmpQLn.exe
  C:\Windows\System\WFmpQLn.exe
  2⤵
  PID:3396
- C:\Windows\System\fKEYTub.exe
  C:\Windows\System\fKEYTub.exe
  2⤵
  PID:3416
- C:\Windows\System\EjodczL.exe
  C:\Windows\System\EjodczL.exe
  2⤵
  PID:3436
- C:\Windows\System\mtlWXTg.exe
  C:\Windows\System\mtlWXTg.exe
  2⤵
  PID:3456
- C:\Windows\System\cFQLIip.exe
  C:\Windows\System\cFQLIip.exe
  2⤵
  PID:3476
- C:\Windows\System\XqrIueX.exe
  C:\Windows\System\XqrIueX.exe
  2⤵
  PID:3496
- C:\Windows\System\hmYBZTB.exe
  C:\Windows\System\hmYBZTB.exe
  2⤵
  PID:3516
- C:\Windows\System\ixMHAbq.exe
  C:\Windows\System\ixMHAbq.exe
  2⤵
  PID:3536
- C:\Windows\System\qQPDhkU.exe
  C:\Windows\System\qQPDhkU.exe
  2⤵
  PID:3556
- C:\Windows\System\PkQuKFw.exe
  C:\Windows\System\PkQuKFw.exe
  2⤵
  PID:3576
- C:\Windows\System\UowNdos.exe
  C:\Windows\System\UowNdos.exe
  2⤵
  PID:3596
- C:\Windows\System\bNjozEO.exe
  C:\Windows\System\bNjozEO.exe
  2⤵
  PID:3616
- C:\Windows\System\PxlxSGQ.exe
  C:\Windows\System\PxlxSGQ.exe
  2⤵
  PID:3636
- C:\Windows\System\zVhsMTN.exe
  C:\Windows\System\zVhsMTN.exe
  2⤵
  PID:3656
- C:\Windows\System\gamzwHd.exe
  C:\Windows\System\gamzwHd.exe
  2⤵
  PID:3676
- C:\Windows\System\epmNtLp.exe
  C:\Windows\System\epmNtLp.exe
  2⤵
  PID:3696
- C:\Windows\System\icRhlqH.exe
  C:\Windows\System\icRhlqH.exe
  2⤵
  PID:3716
- C:\Windows\System\ebBizVJ.exe
  C:\Windows\System\ebBizVJ.exe
  2⤵
  PID:3736
- C:\Windows\System\eWqTbND.exe
  C:\Windows\System\eWqTbND.exe
  2⤵
  PID:3756
- C:\Windows\System\TUiCIvq.exe
  C:\Windows\System\TUiCIvq.exe
  2⤵
  PID:3776
- C:\Windows\System\BEzIHic.exe
  C:\Windows\System\BEzIHic.exe
  2⤵
  PID:3796
- C:\Windows\System\LJIqyNH.exe
  C:\Windows\System\LJIqyNH.exe
  2⤵
  PID:3816
- C:\Windows\System\KDBzaMt.exe
  C:\Windows\System\KDBzaMt.exe
  2⤵
  PID:3836
- C:\Windows\System\kIZzkQB.exe
  C:\Windows\System\kIZzkQB.exe
  2⤵
  PID:3856
- C:\Windows\System\YMzvfwM.exe
  C:\Windows\System\YMzvfwM.exe
  2⤵
  PID:3876
- C:\Windows\System\amLiQIa.exe
  C:\Windows\System\amLiQIa.exe
  2⤵
  PID:3896
- C:\Windows\System\JzVtGvO.exe
  C:\Windows\System\JzVtGvO.exe
  2⤵
  PID:3916
- C:\Windows\System\fkDGYNX.exe
  C:\Windows\System\fkDGYNX.exe
  2⤵
  PID:3936
- C:\Windows\System\CSFVLYy.exe
  C:\Windows\System\CSFVLYy.exe
  2⤵
  PID:3964
- C:\Windows\System\oahKLCo.exe
  C:\Windows\System\oahKLCo.exe
  2⤵
  PID:3984
- C:\Windows\System\YubIQvj.exe
  C:\Windows\System\YubIQvj.exe
  2⤵
  PID:4004
- C:\Windows\System\LncTgkC.exe
  C:\Windows\System\LncTgkC.exe
  2⤵
  PID:4024
- C:\Windows\System\YyEqTCS.exe
  C:\Windows\System\YyEqTCS.exe
  2⤵
  PID:4044
- C:\Windows\System\WfoGTWH.exe
  C:\Windows\System\WfoGTWH.exe
  2⤵
  PID:4064
- C:\Windows\System\sgKNfAo.exe
  C:\Windows\System\sgKNfAo.exe
  2⤵
  PID:4084
- C:\Windows\System\pydKjpQ.exe
  C:\Windows\System\pydKjpQ.exe
  2⤵
  PID:560
- C:\Windows\System\bOJqPEe.exe
  C:\Windows\System\bOJqPEe.exe
  2⤵
  PID:1304
- C:\Windows\System\TjmUzOZ.exe
  C:\Windows\System\TjmUzOZ.exe
  2⤵
  PID:1168
- C:\Windows\System\XTFXEpt.exe
  C:\Windows\System\XTFXEpt.exe
  2⤵
  PID:2308
- C:\Windows\System\kIGZbwn.exe
  C:\Windows\System\kIGZbwn.exe
  2⤵
  PID:1572
- C:\Windows\System\bdDCRYi.exe
  C:\Windows\System\bdDCRYi.exe
  2⤵
  PID:2768
- C:\Windows\System\ltpXepA.exe
  C:\Windows\System\ltpXepA.exe
  2⤵
  PID:3064
- C:\Windows\System\UHdZYxq.exe
  C:\Windows\System\UHdZYxq.exe
  2⤵
  PID:780
- C:\Windows\System\BMSWdwO.exe
  C:\Windows\System\BMSWdwO.exe
  2⤵
  PID:1992
- C:\Windows\System\gRsUYdR.exe
  C:\Windows\System\gRsUYdR.exe
  2⤵
  PID:3044
- C:\Windows\System\JdbynTj.exe
  C:\Windows\System\JdbynTj.exe
  2⤵
  PID:752
- C:\Windows\System\melRBCz.exe
  C:\Windows\System\melRBCz.exe
  2⤵
  PID:1916
- C:\Windows\System\kMXfxoj.exe
  C:\Windows\System\kMXfxoj.exe
  2⤵
  PID:608
- C:\Windows\System\wGUnOTg.exe
  C:\Windows\System\wGUnOTg.exe
  2⤵
  PID:3084
- C:\Windows\System\keulseL.exe
  C:\Windows\System\keulseL.exe
  2⤵
  PID:3120
- C:\Windows\System\TvagjAs.exe
  C:\Windows\System\TvagjAs.exe
  2⤵
  PID:3152
- C:\Windows\System\DFeLTyI.exe
  C:\Windows\System\DFeLTyI.exe
  2⤵
  PID:3168
- C:\Windows\System\CXBDzDv.exe
  C:\Windows\System\CXBDzDv.exe
  2⤵
  PID:3212
- C:\Windows\System\RYpEzZA.exe
  C:\Windows\System\RYpEzZA.exe
  2⤵
  PID:3272
- C:\Windows\System\RvnaiiA.exe
  C:\Windows\System\RvnaiiA.exe
  2⤵
  PID:3284
- C:\Windows\System\SFXRamT.exe
  C:\Windows\System\SFXRamT.exe
  2⤵
  PID:3288
- C:\Windows\System\wIrdChb.exe
  C:\Windows\System\wIrdChb.exe
  2⤵
  PID:3344
- C:\Windows\System\FOLpMhj.exe
  C:\Windows\System\FOLpMhj.exe
  2⤵
  PID:3368
- C:\Windows\System\AzTLYGG.exe
  C:\Windows\System\AzTLYGG.exe
  2⤵
  PID:3412
- C:\Windows\System\aqtQfHX.exe
  C:\Windows\System\aqtQfHX.exe
  2⤵
  PID:3444
- C:\Windows\System\QzNIDSO.exe
  C:\Windows\System\QzNIDSO.exe
  2⤵
  PID:3468
- C:\Windows\System\YDexWlh.exe
  C:\Windows\System\YDexWlh.exe
  2⤵
  PID:3508
- C:\Windows\System\QXwhqNw.exe
  C:\Windows\System\QXwhqNw.exe
  2⤵
  PID:3532
- C:\Windows\System\tinMLjI.exe
  C:\Windows\System\tinMLjI.exe
  2⤵
  PID:3572
- C:\Windows\System\hEDtShs.exe
  C:\Windows\System\hEDtShs.exe
  2⤵
  PID:3588
- C:\Windows\System\vJHquJo.exe
  C:\Windows\System\vJHquJo.exe
  2⤵
  PID:3624
- C:\Windows\System\vDlgdfW.exe
  C:\Windows\System\vDlgdfW.exe
  2⤵
  PID:3652
- C:\Windows\System\hmKeRFw.exe
  C:\Windows\System\hmKeRFw.exe
  2⤵
  PID:3684
- C:\Windows\System\stucOzF.exe
  C:\Windows\System\stucOzF.exe
  2⤵
  PID:3712
- C:\Windows\System\yNqKtoW.exe
  C:\Windows\System\yNqKtoW.exe
  2⤵
  PID:3728
- C:\Windows\System\uWBgacb.exe
  C:\Windows\System\uWBgacb.exe
  2⤵
  PID:3784
- C:\Windows\System\PSqUgmB.exe
  C:\Windows\System\PSqUgmB.exe
  2⤵
  PID:3768
- C:\Windows\System\VXShRVG.exe
  C:\Windows\System\VXShRVG.exe
  2⤵
  PID:3844
- C:\Windows\System\dEaZyDH.exe
  C:\Windows\System\dEaZyDH.exe
  2⤵
  PID:3904
- C:\Windows\System\AOipHVJ.exe
  C:\Windows\System\AOipHVJ.exe
  2⤵
  PID:3892
- C:\Windows\System\NBCOACK.exe
  C:\Windows\System\NBCOACK.exe
  2⤵
  PID:3928
- C:\Windows\System\EdkxkpC.exe
  C:\Windows\System\EdkxkpC.exe
  2⤵
  PID:4040
- C:\Windows\System\jbbnfOl.exe
  C:\Windows\System\jbbnfOl.exe
  2⤵
  PID:4056
- C:\Windows\System\yExKGwc.exe
  C:\Windows\System\yExKGwc.exe
  2⤵
  PID:4092
- C:\Windows\System\hOUWLRV.exe
  C:\Windows\System\hOUWLRV.exe
  2⤵
  PID:1736
- C:\Windows\System\GINaKgb.exe
  C:\Windows\System\GINaKgb.exe
  2⤵
  PID:324
- C:\Windows\System\EdkEGrB.exe
  C:\Windows\System\EdkEGrB.exe
  2⤵
  PID:2952
- C:\Windows\System\AlFmSwf.exe
  C:\Windows\System\AlFmSwf.exe
  2⤵
  PID:1568
- C:\Windows\System\JePiOiw.exe
  C:\Windows\System\JePiOiw.exe
  2⤵
  PID:2620
- C:\Windows\System\RurKkEN.exe
  C:\Windows\System\RurKkEN.exe
  2⤵
  PID:2124
- C:\Windows\System\mmZTbea.exe
  C:\Windows\System\mmZTbea.exe
  2⤵
  PID:816
- C:\Windows\System\cqaaDwG.exe
  C:\Windows\System\cqaaDwG.exe
  2⤵
  PID:1028
- C:\Windows\System\DIQYFjb.exe
  C:\Windows\System\DIQYFjb.exe
  2⤵
  PID:3188
- C:\Windows\System\TfJKbEr.exe
  C:\Windows\System\TfJKbEr.exe
  2⤵
  PID:3128
- C:\Windows\System\ztimyvM.exe
  C:\Windows\System\ztimyvM.exe
  2⤵
  PID:3252
- C:\Windows\System\GVCWboV.exe
  C:\Windows\System\GVCWboV.exe
  2⤵
  PID:3328
- C:\Windows\System\qjBZUcN.exe
  C:\Windows\System\qjBZUcN.exe
  2⤵
  PID:3472
- C:\Windows\System\RmFCPrp.exe
  C:\Windows\System\RmFCPrp.exe
  2⤵
  PID:3348
- C:\Windows\System\lviBQld.exe
  C:\Windows\System\lviBQld.exe
  2⤵
  PID:3372
- C:\Windows\System\dxzsrhR.exe
  C:\Windows\System\dxzsrhR.exe
  2⤵
  PID:3504
- C:\Windows\System\YTSUKlE.exe
  C:\Windows\System\YTSUKlE.exe
  2⤵
  PID:3592
- C:\Windows\System\IYCWJXJ.exe
  C:\Windows\System\IYCWJXJ.exe
  2⤵
  PID:3748
- C:\Windows\System\AFliISr.exe
  C:\Windows\System\AFliISr.exe
  2⤵
  PID:3828
- C:\Windows\System\IweiLJz.exe
  C:\Windows\System\IweiLJz.exe
  2⤵
  PID:3672
- C:\Windows\System\rscesMU.exe
  C:\Windows\System\rscesMU.exe
  2⤵
  PID:3924
- C:\Windows\System\dGpEZpV.exe
  C:\Windows\System\dGpEZpV.exe
  2⤵
  PID:3764
- C:\Windows\System\kIGLHLa.exe
  C:\Windows\System\kIGLHLa.exe
  2⤵
  PID:3608
- C:\Windows\System\ymgcAFb.exe
  C:\Windows\System\ymgcAFb.exe
  2⤵
  PID:4000
- C:\Windows\System\hywVjpH.exe
  C:\Windows\System\hywVjpH.exe
  2⤵
  PID:4032
- C:\Windows\System\MaaDluA.exe
  C:\Windows\System\MaaDluA.exe
  2⤵
  PID:4076
- C:\Windows\System\bVcCXpY.exe
  C:\Windows\System\bVcCXpY.exe
  2⤵
  PID:2104
- C:\Windows\System\VXhZbBN.exe
  C:\Windows\System\VXhZbBN.exe
  2⤵
  PID:1724
- C:\Windows\System\IWSEbFM.exe
  C:\Windows\System\IWSEbFM.exe
  2⤵
  PID:2564
- C:\Windows\System\YSvMXyJ.exe
  C:\Windows\System\YSvMXyJ.exe
  2⤵
  PID:2992
- C:\Windows\System\ofdANrv.exe
  C:\Windows\System\ofdANrv.exe
  2⤵
  PID:956
- C:\Windows\System\cRtwguX.exe
  C:\Windows\System\cRtwguX.exe
  2⤵
  PID:3108
- C:\Windows\System\REPeBue.exe
  C:\Windows\System\REPeBue.exe
  2⤵
  PID:3164
- C:\Windows\System\ZUVppZe.exe
  C:\Windows\System\ZUVppZe.exe
  2⤵
  PID:3308
- C:\Windows\System\DkjtBxu.exe
  C:\Windows\System\DkjtBxu.exe
  2⤵
  PID:3428
- C:\Windows\System\DuJuZdg.exe
  C:\Windows\System\DuJuZdg.exe
  2⤵
  PID:3404
- C:\Windows\System\joGxlnz.exe
  C:\Windows\System\joGxlnz.exe
  2⤵
  PID:3512
- C:\Windows\System\rMvPThy.exe
  C:\Windows\System\rMvPThy.exe
  2⤵
  PID:3808
- C:\Windows\System\YcvaxJh.exe
  C:\Windows\System\YcvaxJh.exe
  2⤵
  PID:3848
- C:\Windows\System\NouXieg.exe
  C:\Windows\System\NouXieg.exe
  2⤵
  PID:4104
- C:\Windows\System\BiGKYTW.exe
  C:\Windows\System\BiGKYTW.exe
  2⤵
  PID:4124
- C:\Windows\System\OstnZeO.exe
  C:\Windows\System\OstnZeO.exe
  2⤵
  PID:4144
- C:\Windows\System\diroeRe.exe
  C:\Windows\System\diroeRe.exe
  2⤵
  PID:4164
- C:\Windows\System\mImsLzX.exe
  C:\Windows\System\mImsLzX.exe
  2⤵
  PID:4184
- C:\Windows\System\PzAzAkT.exe
  C:\Windows\System\PzAzAkT.exe
  2⤵
  PID:4204
- C:\Windows\System\fwdBnbO.exe
  C:\Windows\System\fwdBnbO.exe
  2⤵
  PID:4224
- C:\Windows\System\LgyvTJe.exe
  C:\Windows\System\LgyvTJe.exe
  2⤵
  PID:4244
- C:\Windows\System\FTlhvNj.exe
  C:\Windows\System\FTlhvNj.exe
  2⤵
  PID:4264
- C:\Windows\System\kpjHEMe.exe
  C:\Windows\System\kpjHEMe.exe
  2⤵
  PID:4284
- C:\Windows\System\aAZySqu.exe
  C:\Windows\System\aAZySqu.exe
  2⤵
  PID:4304
- C:\Windows\System\xDGElyk.exe
  C:\Windows\System\xDGElyk.exe
  2⤵
  PID:4324
- C:\Windows\System\GrJEMSh.exe
  C:\Windows\System\GrJEMSh.exe
  2⤵
  PID:4344
- C:\Windows\System\ZYwRRxI.exe
  C:\Windows\System\ZYwRRxI.exe
  2⤵
  PID:4364
- C:\Windows\System\fATIyRz.exe
  C:\Windows\System\fATIyRz.exe
  2⤵
  PID:4388
- C:\Windows\System\bNXCPgt.exe
  C:\Windows\System\bNXCPgt.exe
  2⤵
  PID:4408
- C:\Windows\System\SYSjZdo.exe
  C:\Windows\System\SYSjZdo.exe
  2⤵
  PID:4428
- C:\Windows\System\aKYgxKe.exe
  C:\Windows\System\aKYgxKe.exe
  2⤵
  PID:4448
- C:\Windows\System\tQQGYMI.exe
  C:\Windows\System\tQQGYMI.exe
  2⤵
  PID:4468
- C:\Windows\System\buhTcyr.exe
  C:\Windows\System\buhTcyr.exe
  2⤵
  PID:4488
- C:\Windows\System\RIuyztT.exe
  C:\Windows\System\RIuyztT.exe
  2⤵
  PID:4508
- C:\Windows\System\FQfBPSB.exe
  C:\Windows\System\FQfBPSB.exe
  2⤵
  PID:4528
- C:\Windows\System\DcLhvEr.exe
  C:\Windows\System\DcLhvEr.exe
  2⤵
  PID:4548
- C:\Windows\System\wCEgRHt.exe
  C:\Windows\System\wCEgRHt.exe
  2⤵
  PID:4568
- C:\Windows\System\HhVFing.exe
  C:\Windows\System\HhVFing.exe
  2⤵
  PID:4588
- C:\Windows\System\fFaztrL.exe
  C:\Windows\System\fFaztrL.exe
  2⤵
  PID:4608
- C:\Windows\System\MAcZSeK.exe
  C:\Windows\System\MAcZSeK.exe
  2⤵
  PID:4628
- C:\Windows\System\YujOtLb.exe
  C:\Windows\System\YujOtLb.exe
  2⤵
  PID:4648
- C:\Windows\System\sETCYXn.exe
  C:\Windows\System\sETCYXn.exe
  2⤵
  PID:4668
- C:\Windows\System\zWiDAsb.exe
  C:\Windows\System\zWiDAsb.exe
  2⤵
  PID:4688
- C:\Windows\System\gVXAfnc.exe
  C:\Windows\System\gVXAfnc.exe
  2⤵
  PID:4708
- C:\Windows\System\jovuHll.exe
  C:\Windows\System\jovuHll.exe
  2⤵
  PID:4728
- C:\Windows\System\JHXRzcF.exe
  C:\Windows\System\JHXRzcF.exe
  2⤵
  PID:4748
- C:\Windows\System\NbwVHXT.exe
  C:\Windows\System\NbwVHXT.exe
  2⤵
  PID:4768
- C:\Windows\System\EryHtrG.exe
  C:\Windows\System\EryHtrG.exe
  2⤵
  PID:4788
- C:\Windows\System\wrudkRU.exe
  C:\Windows\System\wrudkRU.exe
  2⤵
  PID:4808
- C:\Windows\System\EoGswww.exe
  C:\Windows\System\EoGswww.exe
  2⤵
  PID:4828
- C:\Windows\System\rnWejlq.exe
  C:\Windows\System\rnWejlq.exe
  2⤵
  PID:4848
- C:\Windows\System\LIlfXDd.exe
  C:\Windows\System\LIlfXDd.exe
  2⤵
  PID:4868
- C:\Windows\System\KFlDpai.exe
  C:\Windows\System\KFlDpai.exe
  2⤵
  PID:4888
- C:\Windows\System\JqEAEvl.exe
  C:\Windows\System\JqEAEvl.exe
  2⤵
  PID:4908
- C:\Windows\System\EpMxhqt.exe
  C:\Windows\System\EpMxhqt.exe
  2⤵
  PID:4928
- C:\Windows\System\huKgrrJ.exe
  C:\Windows\System\huKgrrJ.exe
  2⤵
  PID:4948
- C:\Windows\System\AiixqvW.exe
  C:\Windows\System\AiixqvW.exe
  2⤵
  PID:4968
- C:\Windows\System\GkdlvGW.exe
  C:\Windows\System\GkdlvGW.exe
  2⤵
  PID:4988
- C:\Windows\System\iOezcxI.exe
  C:\Windows\System\iOezcxI.exe
  2⤵
  PID:5008
- C:\Windows\System\ygpCHbn.exe
  C:\Windows\System\ygpCHbn.exe
  2⤵
  PID:5028
- C:\Windows\System\NOcHXrL.exe
  C:\Windows\System\NOcHXrL.exe
  2⤵
  PID:5048
- C:\Windows\System\TcDJlTy.exe
  C:\Windows\System\TcDJlTy.exe
  2⤵
  PID:5068
- C:\Windows\System\MKOMdPF.exe
  C:\Windows\System\MKOMdPF.exe
  2⤵
  PID:5088
- C:\Windows\System\LnmaIPS.exe
  C:\Windows\System\LnmaIPS.exe
  2⤵
  PID:5112
- C:\Windows\System\UBeIpGt.exe
  C:\Windows\System\UBeIpGt.exe
  2⤵
  PID:3664
- C:\Windows\System\GkWrCkt.exe
  C:\Windows\System\GkWrCkt.exe
  2⤵
  PID:3980
- C:\Windows\System\MMYkYxF.exe
  C:\Windows\System\MMYkYxF.exe
  2⤵
  PID:2708
- C:\Windows\System\rmusCoG.exe
  C:\Windows\System\rmusCoG.exe
  2⤵
  PID:2636
- C:\Windows\System\syYYeiv.exe
  C:\Windows\System\syYYeiv.exe
  2⤵
  PID:2804
- C:\Windows\System\dcBKsvA.exe
  C:\Windows\System\dcBKsvA.exe
  2⤵
  PID:1512
- C:\Windows\System\xzvATcn.exe
  C:\Windows\System\xzvATcn.exe
  2⤵
  PID:3332
- C:\Windows\System\jbpIWOo.exe
  C:\Windows\System\jbpIWOo.exe
  2⤵
  PID:3388
- C:\Windows\System\lLcEHFv.exe
  C:\Windows\System\lLcEHFv.exe
  2⤵
  PID:3584
- C:\Windows\System\FSdJrZQ.exe
  C:\Windows\System\FSdJrZQ.exe
  2⤵
  PID:3884
- C:\Windows\System\cHxhWma.exe
  C:\Windows\System\cHxhWma.exe
  2⤵
  PID:4100
- C:\Windows\System\ITZWUwg.exe
  C:\Windows\System\ITZWUwg.exe
  2⤵
  PID:4132
- C:\Windows\System\hIqmjMm.exe
  C:\Windows\System\hIqmjMm.exe
  2⤵
  PID:4172
- C:\Windows\System\AcRMMqm.exe
  C:\Windows\System\AcRMMqm.exe
  2⤵
  PID:4200
- C:\Windows\System\XLhHPSw.exe
  C:\Windows\System\XLhHPSw.exe
  2⤵
  PID:4232
- C:\Windows\System\tocWaXR.exe
  C:\Windows\System\tocWaXR.exe
  2⤵
  PID:4272
- C:\Windows\System\hJDvVjD.exe
  C:\Windows\System\hJDvVjD.exe
  2⤵
  PID:4296
- C:\Windows\System\dFDbtXQ.exe
  C:\Windows\System\dFDbtXQ.exe
  2⤵
  PID:2816
- C:\Windows\System\sKKhJpH.exe
  C:\Windows\System\sKKhJpH.exe
  2⤵
  PID:4372
- C:\Windows\System\hrlyoxX.exe
  C:\Windows\System\hrlyoxX.exe
  2⤵
  PID:4376
- C:\Windows\System\fOcPncf.exe
  C:\Windows\System\fOcPncf.exe
  2⤵
  PID:4396
- C:\Windows\System\lNdcgWU.exe
  C:\Windows\System\lNdcgWU.exe
  2⤵
  PID:4444
- C:\Windows\System\mmDBByd.exe
  C:\Windows\System\mmDBByd.exe
  2⤵
  PID:4460
- C:\Windows\System\nNSZlpr.exe
  C:\Windows\System\nNSZlpr.exe
  2⤵
  PID:4504
- C:\Windows\System\bbNFCPB.exe
  C:\Windows\System\bbNFCPB.exe
  2⤵
  PID:4540
- C:\Windows\System\aLatTwo.exe
  C:\Windows\System\aLatTwo.exe
  2⤵
  PID:4580
- C:\Windows\System\GDtRVkY.exe
  C:\Windows\System\GDtRVkY.exe
  2⤵
  PID:4616
- C:\Windows\System\uSqHHgw.exe
  C:\Windows\System\uSqHHgw.exe
  2⤵
  PID:4640
- C:\Windows\System\lZqfUvw.exe
  C:\Windows\System\lZqfUvw.exe
  2⤵
  PID:4684
- C:\Windows\System\NNfOBju.exe
  C:\Windows\System\NNfOBju.exe
  2⤵
  PID:4716
- C:\Windows\System\dUOPXiZ.exe
  C:\Windows\System\dUOPXiZ.exe
  2⤵
  PID:4740
- C:\Windows\System\DxgzHWC.exe
  C:\Windows\System\DxgzHWC.exe
  2⤵
  PID:4784
- C:\Windows\System\zeEtuJG.exe
  C:\Windows\System\zeEtuJG.exe
  2⤵
  PID:4800
- C:\Windows\System\PfYUfvw.exe
  C:\Windows\System\PfYUfvw.exe
  2⤵
  PID:4856
- C:\Windows\System\WxylShZ.exe
  C:\Windows\System\WxylShZ.exe
  2⤵
  PID:4884
- C:\Windows\System\mtChENK.exe
  C:\Windows\System\mtChENK.exe
  2⤵
  PID:4916
- C:\Windows\System\GFyXlEh.exe
  C:\Windows\System\GFyXlEh.exe
  2⤵
  PID:4976
- C:\Windows\System\EpBfbGe.exe
  C:\Windows\System\EpBfbGe.exe
  2⤵
  PID:4980
- C:\Windows\System\NcULdWP.exe
  C:\Windows\System\NcULdWP.exe
  2⤵
  PID:5024
- C:\Windows\System\ThwNddS.exe
  C:\Windows\System\ThwNddS.exe
  2⤵
  PID:5036
- C:\Windows\System\gNqnuLn.exe
  C:\Windows\System\gNqnuLn.exe
  2⤵
  PID:5084
- C:\Windows\System\oIroyMr.exe
  C:\Windows\System\oIroyMr.exe
  2⤵
  PID:3724
- C:\Windows\System\rRHFFNm.exe
  C:\Windows\System\rRHFFNm.exe
  2⤵
  PID:2236
- C:\Windows\System\PsrWWmp.exe
  C:\Windows\System\PsrWWmp.exe
  2⤵
  PID:4052
- C:\Windows\System\gDgGNeQ.exe
  C:\Windows\System\gDgGNeQ.exe
  2⤵
  PID:1504
- C:\Windows\System\GyELjdO.exe
  C:\Windows\System\GyELjdO.exe
  2⤵
  PID:3144
- C:\Windows\System\zBDNHUK.exe
  C:\Windows\System\zBDNHUK.exe
  2⤵
  PID:3544
- C:\Windows\System\aPAhapF.exe
  C:\Windows\System\aPAhapF.exe
  2⤵
  PID:4120
- C:\Windows\System\fTGcUBS.exe
  C:\Windows\System\fTGcUBS.exe
  2⤵
  PID:3772
- C:\Windows\System\nLQgcHo.exe
  C:\Windows\System\nLQgcHo.exe
  2⤵
  PID:4152
- C:\Windows\System\VHJwdwU.exe
  C:\Windows\System\VHJwdwU.exe
  2⤵
  PID:4312
- C:\Windows\System\xVBwhTM.exe
  C:\Windows\System\xVBwhTM.exe
  2⤵
  PID:4300
- C:\Windows\System\tkWaUav.exe
  C:\Windows\System\tkWaUav.exe
  2⤵
  PID:4380
- C:\Windows\System\AdVbKGj.exe
  C:\Windows\System\AdVbKGj.exe
  2⤵
  PID:4400
- C:\Windows\System\QOOJREv.exe
  C:\Windows\System\QOOJREv.exe
  2⤵
  PID:4456
- C:\Windows\System\PVAMUxN.exe
  C:\Windows\System\PVAMUxN.exe
  2⤵
  PID:4584
- C:\Windows\System\QmPghQe.exe
  C:\Windows\System\QmPghQe.exe
  2⤵
  PID:4536
- C:\Windows\System\NRFdNUm.exe
  C:\Windows\System\NRFdNUm.exe
  2⤵
  PID:4620
- C:\Windows\System\mhmSsZs.exe
  C:\Windows\System\mhmSsZs.exe
  2⤵
  PID:4696
- C:\Windows\System\uexTLiy.exe
  C:\Windows\System\uexTLiy.exe
  2⤵
  PID:4764
- C:\Windows\System\YhEVidt.exe
  C:\Windows\System\YhEVidt.exe
  2⤵
  PID:4796
- C:\Windows\System\XYCNQZU.exe
  C:\Windows\System\XYCNQZU.exe
  2⤵
  PID:4840
- C:\Windows\System\uSNUjaV.exe
  C:\Windows\System\uSNUjaV.exe
  2⤵
  PID:4860
- C:\Windows\System\zwhOuSE.exe
  C:\Windows\System\zwhOuSE.exe
  2⤵
  PID:4940
- C:\Windows\System\AGlSAcF.exe
  C:\Windows\System\AGlSAcF.exe
  2⤵
  PID:5056
- C:\Windows\System\tilODBA.exe
  C:\Windows\System\tilODBA.exe
  2⤵
  PID:2944
- C:\Windows\System\irldQLf.exe
  C:\Windows\System\irldQLf.exe
  2⤵
  PID:5096
- C:\Windows\System\JRFwPGu.exe
  C:\Windows\System\JRFwPGu.exe
  2⤵
  PID:2696
- C:\Windows\System\BKOFjMn.exe
  C:\Windows\System\BKOFjMn.exe
  2⤵
  PID:888
- C:\Windows\System\BZdUyEk.exe
  C:\Windows\System\BZdUyEk.exe
  2⤵
  PID:3908
- C:\Windows\System\sIbixkz.exe
  C:\Windows\System\sIbixkz.exe
  2⤵
  PID:4136
- C:\Windows\System\jaGRXJF.exe
  C:\Windows\System\jaGRXJF.exe
  2⤵
  PID:4340
- C:\Windows\System\mCxbGtX.exe
  C:\Windows\System\mCxbGtX.exe
  2⤵
  PID:4260
- C:\Windows\System\MCoaYHg.exe
  C:\Windows\System\MCoaYHg.exe
  2⤵
  PID:4320
- C:\Windows\System\WblbrYN.exe
  C:\Windows\System\WblbrYN.exe
  2⤵
  PID:4496
- C:\Windows\System\QVLORAQ.exe
  C:\Windows\System\QVLORAQ.exe
  2⤵
  PID:2932
- C:\Windows\System\vlsTzNI.exe
  C:\Windows\System\vlsTzNI.exe
  2⤵
  PID:4524
- C:\Windows\System\jnEIzLy.exe
  C:\Windows\System\jnEIzLy.exe
  2⤵
  PID:4636
- C:\Windows\System\YKJTrNL.exe
  C:\Windows\System\YKJTrNL.exe
  2⤵
  PID:4760
- C:\Windows\System\JsiHfVc.exe
  C:\Windows\System\JsiHfVc.exe
  2⤵
  PID:2592
- C:\Windows\System\gmzGRUa.exe
  C:\Windows\System\gmzGRUa.exe
  2⤵
  PID:4896
- C:\Windows\System\luVsOEq.exe
  C:\Windows\System\luVsOEq.exe
  2⤵
  PID:4984
- C:\Windows\System\jMWDFcG.exe
  C:\Windows\System\jMWDFcG.exe
  2⤵
  PID:3956
- C:\Windows\System\aStCyoD.exe
  C:\Windows\System\aStCyoD.exe
  2⤵
  PID:5128
- C:\Windows\System\QZkNOJl.exe
  C:\Windows\System\QZkNOJl.exe
  2⤵
  PID:5148
- C:\Windows\System\ImiXDgb.exe
  C:\Windows\System\ImiXDgb.exe
  2⤵
  PID:5168
- C:\Windows\System\GmwLoQv.exe
  C:\Windows\System\GmwLoQv.exe
  2⤵
  PID:5188
- C:\Windows\System\GfpVEbd.exe
  C:\Windows\System\GfpVEbd.exe
  2⤵
  PID:5208
- C:\Windows\System\dWseHsJ.exe
  C:\Windows\System\dWseHsJ.exe
  2⤵
  PID:5228
- C:\Windows\System\LpBAFkz.exe
  C:\Windows\System\LpBAFkz.exe
  2⤵
  PID:5248
- C:\Windows\System\FuwvIhQ.exe
  C:\Windows\System\FuwvIhQ.exe
  2⤵
  PID:5268
- C:\Windows\System\UDkiWja.exe
  C:\Windows\System\UDkiWja.exe
  2⤵
  PID:5288
- C:\Windows\System\cCbNIhg.exe
  C:\Windows\System\cCbNIhg.exe
  2⤵
  PID:5308
- C:\Windows\System\ngoQitn.exe
  C:\Windows\System\ngoQitn.exe
  2⤵
  PID:5332
- C:\Windows\System\rgdmuzi.exe
  C:\Windows\System\rgdmuzi.exe
  2⤵
  PID:5356
- C:\Windows\System\VjKeQrs.exe
  C:\Windows\System\VjKeQrs.exe
  2⤵
  PID:5380
- C:\Windows\System\bhzvJlf.exe
  C:\Windows\System\bhzvJlf.exe
  2⤵
  PID:5404
- C:\Windows\System\fflQiXe.exe
  C:\Windows\System\fflQiXe.exe
  2⤵
  PID:5428
- C:\Windows\System\gGUQzjt.exe
  C:\Windows\System\gGUQzjt.exe
  2⤵
  PID:5452
- C:\Windows\System\slWYNRj.exe
  C:\Windows\System\slWYNRj.exe
  2⤵
  PID:5476
- C:\Windows\System\OdPbJCV.exe
  C:\Windows\System\OdPbJCV.exe
  2⤵
  PID:5500
- C:\Windows\System\PkUJZpv.exe
  C:\Windows\System\PkUJZpv.exe
  2⤵
  PID:5524
- C:\Windows\System\FUmvuth.exe
  C:\Windows\System\FUmvuth.exe
  2⤵
  PID:5548
- C:\Windows\System\HTnewYq.exe
  C:\Windows\System\HTnewYq.exe
  2⤵
  PID:5572
- C:\Windows\System\vmJwEAO.exe
  C:\Windows\System\vmJwEAO.exe
  2⤵
  PID:5596
- C:\Windows\System\ekJkWof.exe
  C:\Windows\System\ekJkWof.exe
  2⤵
  PID:5620
- C:\Windows\System\vCWVEIB.exe
  C:\Windows\System\vCWVEIB.exe
  2⤵
  PID:5640
- C:\Windows\System\UZDrSGI.exe
  C:\Windows\System\UZDrSGI.exe
  2⤵
  PID:5660
- C:\Windows\System\qOTArbw.exe
  C:\Windows\System\qOTArbw.exe
  2⤵
  PID:5680
- C:\Windows\System\KIBZwSF.exe
  C:\Windows\System\KIBZwSF.exe
  2⤵
  PID:5700
- C:\Windows\System\UFfhzdr.exe
  C:\Windows\System\UFfhzdr.exe
  2⤵
  PID:5720
- C:\Windows\System\IwBYDFo.exe
  C:\Windows\System\IwBYDFo.exe
  2⤵
  PID:5740
- C:\Windows\System\BmOOJxj.exe
  C:\Windows\System\BmOOJxj.exe
  2⤵
  PID:5760
- C:\Windows\System\cnwqyMr.exe
  C:\Windows\System\cnwqyMr.exe
  2⤵
  PID:5780
- C:\Windows\System\shSzjTi.exe
  C:\Windows\System\shSzjTi.exe
  2⤵
  PID:5800
- C:\Windows\System\dFeoYQQ.exe
  C:\Windows\System\dFeoYQQ.exe
  2⤵
  PID:5820
- C:\Windows\System\FbqeHUk.exe
  C:\Windows\System\FbqeHUk.exe
  2⤵
  PID:5840
- C:\Windows\System\DTqmieX.exe
  C:\Windows\System\DTqmieX.exe
  2⤵
  PID:5860
- C:\Windows\System\aJUweDU.exe
  C:\Windows\System\aJUweDU.exe
  2⤵
  PID:5880
- C:\Windows\System\XNINkXZ.exe
  C:\Windows\System\XNINkXZ.exe
  2⤵
  PID:5900
- C:\Windows\System\WkUbhGV.exe
  C:\Windows\System\WkUbhGV.exe
  2⤵
  PID:5920
- C:\Windows\System\RLTnGSh.exe
  C:\Windows\System\RLTnGSh.exe
  2⤵
  PID:5940
- C:\Windows\System\bZcjmUQ.exe
  C:\Windows\System\bZcjmUQ.exe
  2⤵
  PID:5960
- C:\Windows\System\ihhAIBk.exe
  C:\Windows\System\ihhAIBk.exe
  2⤵
  PID:5980
- C:\Windows\System\HpiczqK.exe
  C:\Windows\System\HpiczqK.exe
  2⤵
  PID:6000
- C:\Windows\System\frJdQzP.exe
  C:\Windows\System\frJdQzP.exe
  2⤵
  PID:6020
- C:\Windows\System\AgrTDdf.exe
  C:\Windows\System\AgrTDdf.exe
  2⤵
  PID:6040
- C:\Windows\System\EafYLke.exe
  C:\Windows\System\EafYLke.exe
  2⤵
  PID:6060
- C:\Windows\System\UbgjkGn.exe
  C:\Windows\System\UbgjkGn.exe
  2⤵
  PID:6080
- C:\Windows\System\ZMDHwhk.exe
  C:\Windows\System\ZMDHwhk.exe
  2⤵
  PID:6100
- C:\Windows\System\sCTwrUB.exe
  C:\Windows\System\sCTwrUB.exe
  2⤵
  PID:6120
- C:\Windows\System\OmJHCip.exe
  C:\Windows\System\OmJHCip.exe
  2⤵
  PID:6140
- C:\Windows\System\jqWYKoU.exe
  C:\Windows\System\jqWYKoU.exe
  2⤵
  PID:2692
- C:\Windows\System\gdICgiV.exe
  C:\Windows\System\gdICgiV.exe
  2⤵
  PID:4252
- C:\Windows\System\SMnkdXw.exe
  C:\Windows\System\SMnkdXw.exe
  2⤵
  PID:4192
- C:\Windows\System\TOeojnb.exe
  C:\Windows\System\TOeojnb.exe
  2⤵
  PID:2584
- C:\Windows\System\fPWKPes.exe
  C:\Windows\System\fPWKPes.exe
  2⤵
  PID:4424
- C:\Windows\System\lfxYcxk.exe
  C:\Windows\System\lfxYcxk.exe
  2⤵
  PID:4516
- C:\Windows\System\KwXeWIo.exe
  C:\Windows\System\KwXeWIo.exe
  2⤵
  PID:4744
- C:\Windows\System\HdZYddu.exe
  C:\Windows\System\HdZYddu.exe
  2⤵
  PID:4736
- C:\Windows\System\yiYyjMt.exe
  C:\Windows\System\yiYyjMt.exe
  2⤵
  PID:4936
- C:\Windows\System\YVTczlA.exe
  C:\Windows\System\YVTczlA.exe
  2⤵
  PID:5124
- C:\Windows\System\FHMfEEx.exe
  C:\Windows\System\FHMfEEx.exe
  2⤵
  PID:5140
- C:\Windows\System\PmpZrPg.exe
  C:\Windows\System\PmpZrPg.exe
  2⤵
  PID:2724
- C:\Windows\System\auPtnvU.exe
  C:\Windows\System\auPtnvU.exe
  2⤵
  PID:5180
- C:\Windows\System\eQKarpo.exe
  C:\Windows\System\eQKarpo.exe
  2⤵
  PID:5220
- C:\Windows\System\CAQMIxa.exe
  C:\Windows\System\CAQMIxa.exe
  2⤵
  PID:5264
- C:\Windows\System\WLGKCnM.exe
  C:\Windows\System\WLGKCnM.exe
  2⤵
  PID:5320
- C:\Windows\System\PgLdMJy.exe
  C:\Windows\System\PgLdMJy.exe
  2⤵
  PID:5344
- C:\Windows\System\OKTCDWE.exe
  C:\Windows\System\OKTCDWE.exe
  2⤵
  PID:5372
- C:\Windows\System\iFgNobv.exe
  C:\Windows\System\iFgNobv.exe
  2⤵
  PID:5396
- C:\Windows\System\StbnisD.exe
  C:\Windows\System\StbnisD.exe
  2⤵
  PID:5444
- C:\Windows\System\ZEHjuSX.exe
  C:\Windows\System\ZEHjuSX.exe
  2⤵
  PID:5496
- C:\Windows\System\GXvNGCH.exe
  C:\Windows\System\GXvNGCH.exe
  2⤵
  PID:5560
- C:\Windows\System\IaxfOWY.exe
  C:\Windows\System\IaxfOWY.exe
  2⤵
  PID:5584
- C:\Windows\System\kCutVin.exe
  C:\Windows\System\kCutVin.exe
  2⤵
  PID:5588
- C:\Windows\System\JMimcBn.exe
  C:\Windows\System\JMimcBn.exe
  2⤵
  PID:5636
- C:\Windows\System\IjhWEMe.exe
  C:\Windows\System\IjhWEMe.exe
  2⤵
  PID:5696
- C:\Windows\System\AkfNaRB.exe
  C:\Windows\System\AkfNaRB.exe
  2⤵
  PID:5716
- C:\Windows\System\RZSDhGy.exe
  C:\Windows\System\RZSDhGy.exe
  2⤵
  PID:5748
- C:\Windows\System\OrmMOCC.exe
  C:\Windows\System\OrmMOCC.exe
  2⤵
  PID:5772
- C:\Windows\System\vjvSUzz.exe
  C:\Windows\System\vjvSUzz.exe
  2⤵
  PID:5816
- C:\Windows\System\roLIQvR.exe
  C:\Windows\System\roLIQvR.exe
  2⤵
  PID:5852
- C:\Windows\System\lcxToDa.exe
  C:\Windows\System\lcxToDa.exe
  2⤵
  PID:5888
- C:\Windows\System\XSGZkEy.exe
  C:\Windows\System\XSGZkEy.exe
  2⤵
  PID:5928
- C:\Windows\System\SpdGICO.exe
  C:\Windows\System\SpdGICO.exe
  2⤵
  PID:5948
- C:\Windows\System\lwxSxdG.exe
  C:\Windows\System\lwxSxdG.exe
  2⤵
  PID:5952
- C:\Windows\System\EBoGppe.exe
  C:\Windows\System\EBoGppe.exe
  2⤵
  PID:6016
- C:\Windows\System\BfYMfJa.exe
  C:\Windows\System\BfYMfJa.exe
  2⤵
  PID:6032
- C:\Windows\System\BpVFuSg.exe
  C:\Windows\System\BpVFuSg.exe
  2⤵
  PID:6076
- C:\Windows\System\BbsrLKY.exe
  C:\Windows\System\BbsrLKY.exe
  2⤵
  PID:6116
- C:\Windows\System\RFkjcnl.exe
  C:\Windows\System\RFkjcnl.exe
  2⤵
  PID:6112
- C:\Windows\System\mqQoJKY.exe
  C:\Windows\System\mqQoJKY.exe
  2⤵
  PID:3244
- C:\Windows\System\tZGXHEy.exe
  C:\Windows\System\tZGXHEy.exe
  2⤵
  PID:4156
- C:\Windows\System\oUedxPy.exe
  C:\Windows\System\oUedxPy.exe
  2⤵
  PID:1704
- C:\Windows\System\AlbaKQT.exe
  C:\Windows\System\AlbaKQT.exe
  2⤵
  PID:4676
- C:\Windows\System\jXOxveV.exe
  C:\Windows\System\jXOxveV.exe
  2⤵
  PID:4900
- C:\Windows\System\SDeNwsH.exe
  C:\Windows\System\SDeNwsH.exe
  2⤵
  PID:3972
- C:\Windows\System\AGhBHzo.exe
  C:\Windows\System\AGhBHzo.exe
  2⤵
  PID:3424
- C:\Windows\System\BPqwAWP.exe
  C:\Windows\System\BPqwAWP.exe
  2⤵
  PID:1632
- C:\Windows\System\CyHAxJm.exe
  C:\Windows\System\CyHAxJm.exe
  2⤵
  PID:5184
- C:\Windows\System\oAbwibR.exe
  C:\Windows\System\oAbwibR.exe
  2⤵
  PID:5240
- C:\Windows\System\TXfElif.exe
  C:\Windows\System\TXfElif.exe
  2⤵
  PID:5280
- C:\Windows\System\zCiAUyR.exe
  C:\Windows\System\zCiAUyR.exe
  2⤵
  PID:5348
- C:\Windows\System\wyZJyZm.exe
  C:\Windows\System\wyZJyZm.exe
  2⤵
  PID:5440
- C:\Windows\System\qVsnnGU.exe
  C:\Windows\System\qVsnnGU.exe
  2⤵
  PID:5468
- C:\Windows\System\NZUtouU.exe
  C:\Windows\System\NZUtouU.exe
  2⤵
  PID:1984
- C:\Windows\System\McqdlxA.exe
  C:\Windows\System\McqdlxA.exe
  2⤵
  PID:5564
- C:\Windows\System\UpnewyI.exe
  C:\Windows\System\UpnewyI.exe
  2⤵
  PID:5628
- C:\Windows\System\SIItUvZ.exe
  C:\Windows\System\SIItUvZ.exe
  2⤵
  PID:5668
- C:\Windows\System\cIuVAVE.exe
  C:\Windows\System\cIuVAVE.exe
  2⤵
  PID:5692
- C:\Windows\System\ndOgjwo.exe
  C:\Windows\System\ndOgjwo.exe
  2⤵
  PID:5808
- C:\Windows\System\uWvZpVL.exe
  C:\Windows\System\uWvZpVL.exe
  2⤵
  PID:5832
- C:\Windows\System\CKGmPIw.exe
  C:\Windows\System\CKGmPIw.exe
  2⤵
  PID:5896
- C:\Windows\System\HuEhewH.exe
  C:\Windows\System\HuEhewH.exe
  2⤵
  PID:5976
- C:\Windows\System\XWwxxFB.exe
  C:\Windows\System\XWwxxFB.exe
  2⤵
  PID:5996
- C:\Windows\System\ePwVpes.exe
  C:\Windows\System\ePwVpes.exe
  2⤵
  PID:6088
- C:\Windows\System\CwlbsZZ.exe
  C:\Windows\System\CwlbsZZ.exe
  2⤵
  PID:6108
- C:\Windows\System\LnPlWor.exe
  C:\Windows\System\LnPlWor.exe
  2⤵
  PID:2796
- C:\Windows\System\hXocSLq.exe
  C:\Windows\System\hXocSLq.exe
  2⤵
  PID:4352
- C:\Windows\System\efzQEAk.exe
  C:\Windows\System\efzQEAk.exe
  2⤵
  PID:4836
- C:\Windows\System\KoEQoEl.exe
  C:\Windows\System\KoEQoEl.exe
  2⤵
  PID:4904
- C:\Windows\System\SBQKILL.exe
  C:\Windows\System\SBQKILL.exe
  2⤵
  PID:5136
- C:\Windows\System\xAXntGj.exe
  C:\Windows\System\xAXntGj.exe
  2⤵
  PID:1960
- C:\Windows\System\eJqfNfn.exe
  C:\Windows\System\eJqfNfn.exe
  2⤵
  PID:5352
- C:\Windows\System\FtqjgjE.exe
  C:\Windows\System\FtqjgjE.exe
  2⤵
  PID:5376
- C:\Windows\System\EcgeaQN.exe
  C:\Windows\System\EcgeaQN.exe
  2⤵
  PID:5464
- C:\Windows\System\RDPxDLL.exe
  C:\Windows\System\RDPxDLL.exe
  2⤵
  PID:1728
- C:\Windows\System\gZnbFmf.exe
  C:\Windows\System\gZnbFmf.exe
  2⤵
  PID:5688
- C:\Windows\System\gHWqykd.exe
  C:\Windows\System\gHWqykd.exe
  2⤵
  PID:5796
- C:\Windows\System\LYQyGtO.exe
  C:\Windows\System\LYQyGtO.exe
  2⤵
  PID:5876
- C:\Windows\System\CyXWqrM.exe
  C:\Windows\System\CyXWqrM.exe
  2⤵
  PID:5848
- C:\Windows\System\KoXyCbD.exe
  C:\Windows\System\KoXyCbD.exe
  2⤵
  PID:5936
- C:\Windows\System\rUwkwcP.exe
  C:\Windows\System\rUwkwcP.exe
  2⤵
  PID:6148
- C:\Windows\System\FvoOZfN.exe
  C:\Windows\System\FvoOZfN.exe
  2⤵
  PID:6168
- C:\Windows\System\zYSXeXt.exe
  C:\Windows\System\zYSXeXt.exe
  2⤵
  PID:6192
- C:\Windows\System\oFrjWFD.exe
  C:\Windows\System\oFrjWFD.exe
  2⤵
  PID:6212
- C:\Windows\System\pdDQKEq.exe
  C:\Windows\System\pdDQKEq.exe
  2⤵
  PID:6232
- C:\Windows\System\hOYcIIQ.exe
  C:\Windows\System\hOYcIIQ.exe
  2⤵
  PID:6248
- C:\Windows\System\MLQbtue.exe
  C:\Windows\System\MLQbtue.exe
  2⤵
  PID:6272
- C:\Windows\System\GCsAKID.exe
  C:\Windows\System\GCsAKID.exe
  2⤵
  PID:6288
- C:\Windows\System\ELiTQXy.exe
  C:\Windows\System\ELiTQXy.exe
  2⤵
  PID:6312
- C:\Windows\System\UOaHkLH.exe
  C:\Windows\System\UOaHkLH.exe
  2⤵
  PID:6332
- C:\Windows\System\OZdKpTR.exe
  C:\Windows\System\OZdKpTR.exe
  2⤵
  PID:6352
- C:\Windows\System\QsBJsXX.exe
  C:\Windows\System\QsBJsXX.exe
  2⤵
  PID:6368
- C:\Windows\System\BsIONMx.exe
  C:\Windows\System\BsIONMx.exe
  2⤵
  PID:6392
- C:\Windows\System\nSRBEix.exe
  C:\Windows\System\nSRBEix.exe
  2⤵
  PID:6408
- C:\Windows\System\xVViktE.exe
  C:\Windows\System\xVViktE.exe
  2⤵
  PID:6424
- C:\Windows\System\gXTMTwS.exe
  C:\Windows\System\gXTMTwS.exe
  2⤵
  PID:6448
- C:\Windows\System\cpdowPn.exe
  C:\Windows\System\cpdowPn.exe
  2⤵
  PID:6472
- C:\Windows\System\MiXtgig.exe
  C:\Windows\System\MiXtgig.exe
  2⤵
  PID:6492
- C:\Windows\System\CAyLaRK.exe
  C:\Windows\System\CAyLaRK.exe
  2⤵
  PID:6512
- C:\Windows\System\SqYVDbJ.exe
  C:\Windows\System\SqYVDbJ.exe
  2⤵
  PID:6532
- C:\Windows\System\hXjoVHM.exe
  C:\Windows\System\hXjoVHM.exe
  2⤵
  PID:6552
- C:\Windows\System\IwkjNSQ.exe
  C:\Windows\System\IwkjNSQ.exe
  2⤵
  PID:6572
- C:\Windows\System\tnYHrhY.exe
  C:\Windows\System\tnYHrhY.exe
  2⤵
  PID:6592
- C:\Windows\System\GOPGJrj.exe
  C:\Windows\System\GOPGJrj.exe
  2⤵
  PID:6612
- C:\Windows\System\vQfwGji.exe
  C:\Windows\System\vQfwGji.exe
  2⤵
  PID:6632
- C:\Windows\System\vuqIrhD.exe
  C:\Windows\System\vuqIrhD.exe
  2⤵
  PID:6648
- C:\Windows\System\NUwdFBn.exe
  C:\Windows\System\NUwdFBn.exe
  2⤵
  PID:6668
- C:\Windows\System\cUWuWjG.exe
  C:\Windows\System\cUWuWjG.exe
  2⤵
  PID:6688
- C:\Windows\System\IkaCFaT.exe
  C:\Windows\System\IkaCFaT.exe
  2⤵
  PID:6712
- C:\Windows\System\GFCQLbK.exe
  C:\Windows\System\GFCQLbK.exe
  2⤵
  PID:6728
- C:\Windows\System\EkHvlAk.exe
  C:\Windows\System\EkHvlAk.exe
  2⤵
  PID:6748
- C:\Windows\System\orPwSRv.exe
  C:\Windows\System\orPwSRv.exe
  2⤵
  PID:6768
- C:\Windows\System\hYAOIoi.exe
  C:\Windows\System\hYAOIoi.exe
  2⤵
  PID:6788
- C:\Windows\System\EYNXYOg.exe
  C:\Windows\System\EYNXYOg.exe
  2⤵
  PID:6808
- C:\Windows\System\wDKUGZl.exe
  C:\Windows\System\wDKUGZl.exe
  2⤵
  PID:6828
- C:\Windows\System\JRvLRAB.exe
  C:\Windows\System\JRvLRAB.exe
  2⤵
  PID:6848
- C:\Windows\System\MsfQmss.exe
  C:\Windows\System\MsfQmss.exe
  2⤵
  PID:6872
- C:\Windows\System\IeehtKU.exe
  C:\Windows\System\IeehtKU.exe
  2⤵
  PID:6888
- C:\Windows\System\hdStMuS.exe
  C:\Windows\System\hdStMuS.exe
  2⤵
  PID:6908
- C:\Windows\System\uNNYlIa.exe
  C:\Windows\System\uNNYlIa.exe
  2⤵
  PID:6932
- C:\Windows\System\LwEoumN.exe
  C:\Windows\System\LwEoumN.exe
  2⤵
  PID:6952
- C:\Windows\System\sEBXOme.exe
  C:\Windows\System\sEBXOme.exe
  2⤵
  PID:6972
- C:\Windows\System\SQvtHfv.exe
  C:\Windows\System\SQvtHfv.exe
  2⤵
  PID:6988
- C:\Windows\System\MEjdLEx.exe
  C:\Windows\System\MEjdLEx.exe
  2⤵
  PID:7012
- C:\Windows\System\sJMumBX.exe
  C:\Windows\System\sJMumBX.exe
  2⤵
  PID:7028
- C:\Windows\System\wfvvvOt.exe
  C:\Windows\System\wfvvvOt.exe
  2⤵
  PID:7048
- C:\Windows\System\yxAsluv.exe
  C:\Windows\System\yxAsluv.exe
  2⤵
  PID:7072
- C:\Windows\System\qxgDicx.exe
  C:\Windows\System\qxgDicx.exe
  2⤵
  PID:7088
- C:\Windows\System\oZFENIv.exe
  C:\Windows\System\oZFENIv.exe
  2⤵
  PID:7112
- C:\Windows\System\HkcufRh.exe
  C:\Windows\System\HkcufRh.exe
  2⤵
  PID:7132
- C:\Windows\System\EAkCQCU.exe
  C:\Windows\System\EAkCQCU.exe
  2⤵
  PID:7152
- C:\Windows\System\RlBKzKJ.exe
  C:\Windows\System\RlBKzKJ.exe
  2⤵
  PID:2192
- C:\Windows\System\kCiaCae.exe
  C:\Windows\System\kCiaCae.exe
  2⤵
  PID:6092
- C:\Windows\System\cjDpKtu.exe
  C:\Windows\System\cjDpKtu.exe
  2⤵
  PID:2152
- C:\Windows\System\fuSVWzR.exe
  C:\Windows\System\fuSVWzR.exe
  2⤵
  PID:1484
- C:\Windows\System\HPuNvLJ.exe
  C:\Windows\System\HPuNvLJ.exe
  2⤵
  PID:2736
- C:\Windows\System\MzWWuej.exe
  C:\Windows\System\MzWWuej.exe
  2⤵
  PID:5516
- C:\Windows\System\LfwdtZj.exe
  C:\Windows\System\LfwdtZj.exe
  2⤵
  PID:5276
- C:\Windows\System\NWXfJee.exe
  C:\Windows\System\NWXfJee.exe
  2⤵
  PID:5776
- C:\Windows\System\oLLgJlh.exe
  C:\Windows\System\oLLgJlh.exe
  2⤵
  PID:5956
- C:\Windows\System\TqDIByj.exe
  C:\Windows\System\TqDIByj.exe
  2⤵
  PID:6128
- C:\Windows\System\pJiujQK.exe
  C:\Windows\System\pJiujQK.exe
  2⤵
  PID:6180
- C:\Windows\System\EJnVsUe.exe
  C:\Windows\System\EJnVsUe.exe
  2⤵
  PID:5972
- C:\Windows\System\bVKsawF.exe
  C:\Windows\System\bVKsawF.exe
  2⤵
  PID:6200
- C:\Windows\System\fEKKyYh.exe
  C:\Windows\System\fEKKyYh.exe
  2⤵
  PID:6256
- C:\Windows\System\zztjznt.exe
  C:\Windows\System\zztjznt.exe
  2⤵
  PID:6304
- C:\Windows\System\RXHEGxs.exe
  C:\Windows\System\RXHEGxs.exe
  2⤵
  PID:6344
- C:\Windows\System\fbGzPlJ.exe
  C:\Windows\System\fbGzPlJ.exe
  2⤵
  PID:6320
- C:\Windows\System\upcopkq.exe
  C:\Windows\System\upcopkq.exe
  2⤵
  PID:6388
- C:\Windows\System\DXNyUCN.exe
  C:\Windows\System\DXNyUCN.exe
  2⤵
  PID:6400
- C:\Windows\System\nszVzHL.exe
  C:\Windows\System\nszVzHL.exe
  2⤵
  PID:6468
- C:\Windows\System\kVTbomD.exe
  C:\Windows\System\kVTbomD.exe
  2⤵
  PID:6436
- C:\Windows\System\wvsogQh.exe
  C:\Windows\System\wvsogQh.exe
  2⤵
  PID:6544
- C:\Windows\System\IatNeqi.exe
  C:\Windows\System\IatNeqi.exe
  2⤵
  PID:6524
- C:\Windows\System\AMNScwz.exe
  C:\Windows\System\AMNScwz.exe
  2⤵
  PID:6628
- C:\Windows\System\RLoGnRe.exe
  C:\Windows\System\RLoGnRe.exe
  2⤵
  PID:6656
- C:\Windows\System\narbydD.exe
  C:\Windows\System\narbydD.exe
  2⤵
  PID:6608
- C:\Windows\System\oZBArLF.exe
  C:\Windows\System\oZBArLF.exe
  2⤵
  PID:6736
- C:\Windows\System\cdNIRwH.exe
  C:\Windows\System\cdNIRwH.exe
  2⤵
  PID:6684
- C:\Windows\System\XsGJsKD.exe
  C:\Windows\System\XsGJsKD.exe
  2⤵
  PID:6784
- C:\Windows\System\RPBERgy.exe
  C:\Windows\System\RPBERgy.exe
  2⤵
  PID:6824
- C:\Windows\System\ySOQgjZ.exe
  C:\Windows\System\ySOQgjZ.exe
  2⤵
  PID:6756
- C:\Windows\System\dnbVVDK.exe
  C:\Windows\System\dnbVVDK.exe
  2⤵
  PID:6804
- C:\Windows\System\PMjogGN.exe
  C:\Windows\System\PMjogGN.exe
  2⤵
  PID:1676
- C:\Windows\System\qdEdnzR.exe
  C:\Windows\System\qdEdnzR.exe
  2⤵
  PID:6940
- C:\Windows\System\kjtIDxD.exe
  C:\Windows\System\kjtIDxD.exe
  2⤵
  PID:6980
- C:\Windows\System\nsFPKvK.exe
  C:\Windows\System\nsFPKvK.exe
  2⤵
  PID:6984
- C:\Windows\System\YjgBsnD.exe
  C:\Windows\System\YjgBsnD.exe
  2⤵
  PID:7024
- C:\Windows\System\kONNfGf.exe
  C:\Windows\System\kONNfGf.exe
  2⤵
  PID:7068
- C:\Windows\System\dKOfTge.exe
  C:\Windows\System\dKOfTge.exe
  2⤵
  PID:7036
- C:\Windows\System\ciPhzlO.exe
  C:\Windows\System\ciPhzlO.exe
  2⤵
  PID:7100
- C:\Windows\System\QyyoGZU.exe
  C:\Windows\System\QyyoGZU.exe
  2⤵
  PID:2776
- C:\Windows\System\cSwtxUH.exe
  C:\Windows\System\cSwtxUH.exe
  2⤵
  PID:7120
- C:\Windows\System\QYdwaxk.exe
  C:\Windows\System\QYdwaxk.exe
  2⤵
  PID:5224
- C:\Windows\System\iIAGDrz.exe
  C:\Windows\System\iIAGDrz.exe
  2⤵
  PID:5296
- C:\Windows\System\PwEqGXp.exe
  C:\Windows\System\PwEqGXp.exe
  2⤵
  PID:1684
- C:\Windows\System\BSVEONY.exe
  C:\Windows\System\BSVEONY.exe
  2⤵
  PID:4960
- C:\Windows\System\MjQdNaL.exe
  C:\Windows\System\MjQdNaL.exe
  2⤵
  PID:6132
- C:\Windows\System\LcRabmF.exe
  C:\Windows\System\LcRabmF.exe
  2⤵
  PID:5736
- C:\Windows\System\VzIhUQy.exe
  C:\Windows\System\VzIhUQy.exe
  2⤵
  PID:6188
- C:\Windows\System\jXsnFeA.exe
  C:\Windows\System\jXsnFeA.exe
  2⤵
  PID:6244
- C:\Windows\System\MPeXZUV.exe
  C:\Windows\System\MPeXZUV.exe
  2⤵
  PID:6296
- C:\Windows\System\mIvBQvS.exe
  C:\Windows\System\mIvBQvS.exe
  2⤵
  PID:6280
- C:\Windows\System\dCSJIVT.exe
  C:\Windows\System\dCSJIVT.exe
  2⤵
  PID:6444
- C:\Windows\System\svbndjH.exe
  C:\Windows\System\svbndjH.exe
  2⤵
  PID:6508
- C:\Windows\System\jBrVxHz.exe
  C:\Windows\System\jBrVxHz.exe
  2⤵
  PID:6540
- C:\Windows\System\jovchhd.exe
  C:\Windows\System\jovchhd.exe
  2⤵
  PID:6584
- C:\Windows\System\YoaKPoR.exe
  C:\Windows\System\YoaKPoR.exe
  2⤵
  PID:6564
- C:\Windows\System\nhkEUdL.exe
  C:\Windows\System\nhkEUdL.exe
  2⤵
  PID:6644
- C:\Windows\System\yILXQXv.exe
  C:\Windows\System\yILXQXv.exe
  2⤵
  PID:2668
- C:\Windows\System\BSwCfjM.exe
  C:\Windows\System\BSwCfjM.exe
  2⤵
  PID:6820
- C:\Windows\System\krSDHUN.exe
  C:\Windows\System\krSDHUN.exe
  2⤵
  PID:6860
- C:\Windows\System\cMZhXUX.exe
  C:\Windows\System\cMZhXUX.exe
  2⤵
  PID:1812
- C:\Windows\System\LQFLGCJ.exe
  C:\Windows\System\LQFLGCJ.exe
  2⤵
  PID:6920
- C:\Windows\System\TKiFBwu.exe
  C:\Windows\System\TKiFBwu.exe
  2⤵
  PID:6968
- C:\Windows\System\zKbAHdt.exe
  C:\Windows\System\zKbAHdt.exe
  2⤵
  PID:6964
- C:\Windows\System\UltVsXa.exe
  C:\Windows\System\UltVsXa.exe
  2⤵
  PID:7004
- C:\Windows\System\uewdTBC.exe
  C:\Windows\System\uewdTBC.exe
  2⤵
  PID:3944
- C:\Windows\System\vyAfoqu.exe
  C:\Windows\System\vyAfoqu.exe
  2⤵
  PID:7160
- C:\Windows\System\WzcNIPz.exe
  C:\Windows\System\WzcNIPz.exe
  2⤵
  PID:3948
- C:\Windows\System\jtVpFyD.exe
  C:\Windows\System\jtVpFyD.exe
  2⤵
  PID:3752
- C:\Windows\System\sIkYdDr.exe
  C:\Windows\System\sIkYdDr.exe
  2⤵
  PID:5708
- C:\Windows\System\mFlHufG.exe
  C:\Windows\System\mFlHufG.exe
  2⤵
  PID:6184
- C:\Windows\System\szARlSM.exe
  C:\Windows\System\szARlSM.exe
  2⤵
  PID:6300
- C:\Windows\System\MyurCHV.exe
  C:\Windows\System\MyurCHV.exe
  2⤵
  PID:1044
- C:\Windows\System\UavbkqT.exe
  C:\Windows\System\UavbkqT.exe
  2⤵
  PID:6504
- C:\Windows\System\SGggTNK.exe
  C:\Windows\System\SGggTNK.exe
  2⤵
  PID:6548
- C:\Windows\System\oCKhCYP.exe
  C:\Windows\System\oCKhCYP.exe
  2⤵
  PID:6604
- C:\Windows\System\GgHDNUM.exe
  C:\Windows\System\GgHDNUM.exe
  2⤵
  PID:6560
- C:\Windows\System\tNyHibL.exe
  C:\Windows\System\tNyHibL.exe
  2⤵
  PID:6700
- C:\Windows\System\ojXLFZC.exe
  C:\Windows\System\ojXLFZC.exe
  2⤵
  PID:6896
- C:\Windows\System\MxeSRVl.exe
  C:\Windows\System\MxeSRVl.exe
  2⤵
  PID:6900
- C:\Windows\System\EQoCfGa.exe
  C:\Windows\System\EQoCfGa.exe
  2⤵
  PID:7064
- C:\Windows\System\ZFZnACN.exe
  C:\Windows\System\ZFZnACN.exe
  2⤵
  PID:7140
- C:\Windows\System\uvZTJhW.exe
  C:\Windows\System\uvZTJhW.exe
  2⤵
  PID:6036
- C:\Windows\System\IxlVhmX.exe
  C:\Windows\System\IxlVhmX.exe
  2⤵
  PID:7176
- C:\Windows\System\udWpGQH.exe
  C:\Windows\System\udWpGQH.exe
  2⤵
  PID:7200
- C:\Windows\System\aFkfSKw.exe
  C:\Windows\System\aFkfSKw.exe
  2⤵
  PID:7216
- C:\Windows\System\rhQwGPm.exe
  C:\Windows\System\rhQwGPm.exe
  2⤵
  PID:7240
- C:\Windows\System\ewkiTDP.exe
  C:\Windows\System\ewkiTDP.exe
  2⤵
  PID:7260
- C:\Windows\System\zIglBMd.exe
  C:\Windows\System\zIglBMd.exe
  2⤵
  PID:7280
- C:\Windows\System\KwnVNnJ.exe
  C:\Windows\System\KwnVNnJ.exe
  2⤵
  PID:7300
- C:\Windows\System\ikFGzHF.exe
  C:\Windows\System\ikFGzHF.exe
  2⤵
  PID:7320
- C:\Windows\System\XjAIEgk.exe
  C:\Windows\System\XjAIEgk.exe
  2⤵
  PID:7340
- C:\Windows\System\hMxNMCX.exe
  C:\Windows\System\hMxNMCX.exe
  2⤵
  PID:7360
- C:\Windows\System\rmpGyZU.exe
  C:\Windows\System\rmpGyZU.exe
  2⤵
  PID:7380
- C:\Windows\System\aPWdkkz.exe
  C:\Windows\System\aPWdkkz.exe
  2⤵
  PID:7400
- C:\Windows\System\uYnAXpA.exe
  C:\Windows\System\uYnAXpA.exe
  2⤵
  PID:7420
- C:\Windows\System\IBaLwta.exe
  C:\Windows\System\IBaLwta.exe
  2⤵
  PID:7440
- C:\Windows\System\eVpvrrv.exe
  C:\Windows\System\eVpvrrv.exe
  2⤵
  PID:7460
- C:\Windows\System\xUtLbhl.exe
  C:\Windows\System\xUtLbhl.exe
  2⤵
  PID:7480
- C:\Windows\System\LNrxbqL.exe
  C:\Windows\System\LNrxbqL.exe
  2⤵
  PID:7500
- C:\Windows\System\gfDyJCL.exe
  C:\Windows\System\gfDyJCL.exe
  2⤵
  PID:7520
- C:\Windows\System\mlSdQsv.exe
  C:\Windows\System\mlSdQsv.exe
  2⤵
  PID:7540
- C:\Windows\System\nuAbQfK.exe
  C:\Windows\System\nuAbQfK.exe
  2⤵
  PID:7560
- C:\Windows\System\rsfBjTZ.exe
  C:\Windows\System\rsfBjTZ.exe
  2⤵
  PID:7580
- C:\Windows\System\NUlRoHD.exe
  C:\Windows\System\NUlRoHD.exe
  2⤵
  PID:7600
- C:\Windows\System\oUHuYaa.exe
  C:\Windows\System\oUHuYaa.exe
  2⤵
  PID:7620
- C:\Windows\System\DyRtTaE.exe
  C:\Windows\System\DyRtTaE.exe
  2⤵
  PID:7640
- C:\Windows\System\bpMdhEX.exe
  C:\Windows\System\bpMdhEX.exe
  2⤵
  PID:7660
- C:\Windows\System\QKzJmrd.exe
  C:\Windows\System\QKzJmrd.exe
  2⤵
  PID:7680
- C:\Windows\System\fRfAffc.exe
  C:\Windows\System\fRfAffc.exe
  2⤵
  PID:7700
- C:\Windows\System\jfmuAOy.exe
  C:\Windows\System\jfmuAOy.exe
  2⤵
  PID:7720
- C:\Windows\System\skGGBou.exe
  C:\Windows\System\skGGBou.exe
  2⤵
  PID:7740
- C:\Windows\System\YIfkLyQ.exe
  C:\Windows\System\YIfkLyQ.exe
  2⤵
  PID:7760
- C:\Windows\System\KVRqIWR.exe
  C:\Windows\System\KVRqIWR.exe
  2⤵
  PID:7780
- C:\Windows\System\uPboqVQ.exe
  C:\Windows\System\uPboqVQ.exe
  2⤵
  PID:7800
- C:\Windows\System\xMRfSxd.exe
  C:\Windows\System\xMRfSxd.exe
  2⤵
  PID:7820
- C:\Windows\System\scbNRgD.exe
  C:\Windows\System\scbNRgD.exe
  2⤵
  PID:7840
- C:\Windows\System\FqvTlRa.exe
  C:\Windows\System\FqvTlRa.exe
  2⤵
  PID:7860
- C:\Windows\System\wpAFDhk.exe
  C:\Windows\System\wpAFDhk.exe
  2⤵
  PID:7880
- C:\Windows\System\QbaiXpL.exe
  C:\Windows\System\QbaiXpL.exe
  2⤵
  PID:7900
- C:\Windows\System\HCWbdDg.exe
  C:\Windows\System\HCWbdDg.exe
  2⤵
  PID:7920
- C:\Windows\System\diutvWq.exe
  C:\Windows\System\diutvWq.exe
  2⤵
  PID:7940
- C:\Windows\System\fqAfxQG.exe
  C:\Windows\System\fqAfxQG.exe
  2⤵
  PID:7960
- C:\Windows\System\WtrQfuO.exe
  C:\Windows\System\WtrQfuO.exe
  2⤵
  PID:7980
- C:\Windows\System\YzeFaYB.exe
  C:\Windows\System\YzeFaYB.exe
  2⤵
  PID:8000
- C:\Windows\System\ufxbGAy.exe
  C:\Windows\System\ufxbGAy.exe
  2⤵
  PID:8020
- C:\Windows\System\soSmSEh.exe
  C:\Windows\System\soSmSEh.exe
  2⤵
  PID:8040
- C:\Windows\System\clMxcpb.exe
  C:\Windows\System\clMxcpb.exe
  2⤵
  PID:8064
- C:\Windows\System\Zwjukbn.exe
  C:\Windows\System\Zwjukbn.exe
  2⤵
  PID:8084
- C:\Windows\System\yVzCXwd.exe
  C:\Windows\System\yVzCXwd.exe
  2⤵
  PID:8104
- C:\Windows\System\ORTAwZc.exe
  C:\Windows\System\ORTAwZc.exe
  2⤵
  PID:8124
- C:\Windows\System\ZDhCIJN.exe
  C:\Windows\System\ZDhCIJN.exe
  2⤵
  PID:8144
- C:\Windows\System\tBdneqK.exe
  C:\Windows\System\tBdneqK.exe
  2⤵
  PID:8164
- C:\Windows\System\dgAKHNK.exe
  C:\Windows\System\dgAKHNK.exe
  2⤵
  PID:8184
- C:\Windows\System\cFpwjHS.exe
  C:\Windows\System\cFpwjHS.exe
  2⤵
  PID:5868
- C:\Windows\System\idYavSO.exe
  C:\Windows\System\idYavSO.exe
  2⤵
  PID:1648
- C:\Windows\System\hvsozCz.exe
  C:\Windows\System\hvsozCz.exe
  2⤵
  PID:6204
- C:\Windows\System\MslKnmH.exe
  C:\Windows\System\MslKnmH.exe
  2⤵
  PID:6416
- C:\Windows\System\ONhivXg.exe
  C:\Windows\System\ONhivXg.exe
  2⤵
  PID:6580
- C:\Windows\System\HENnQGk.exe
  C:\Windows\System\HENnQGk.exe
  2⤵
  PID:6764
- C:\Windows\System\xCkotga.exe
  C:\Windows\System\xCkotga.exe
  2⤵
  PID:6944
- C:\Windows\System\BeHDLBH.exe
  C:\Windows\System\BeHDLBH.exe
  2⤵
  PID:7108
- C:\Windows\System\YkZjHoB.exe
  C:\Windows\System\YkZjHoB.exe
  2⤵
  PID:6052
- C:\Windows\System\tBqpEOc.exe
  C:\Windows\System\tBqpEOc.exe
  2⤵
  PID:5196
- C:\Windows\System\XZuVdzW.exe
  C:\Windows\System\XZuVdzW.exe
  2⤵
  PID:7228
- C:\Windows\System\GPipKIi.exe
  C:\Windows\System\GPipKIi.exe
  2⤵
  PID:7248
- C:\Windows\System\TUUoZvX.exe
  C:\Windows\System\TUUoZvX.exe
  2⤵
  PID:7276
- C:\Windows\System\RhRcUhP.exe
  C:\Windows\System\RhRcUhP.exe
  2⤵
  PID:7292
- C:\Windows\System\sZjlkqC.exe
  C:\Windows\System\sZjlkqC.exe
  2⤵
  PID:7356
- C:\Windows\System\kvbAnaU.exe
  C:\Windows\System\kvbAnaU.exe
  2⤵
  PID:7372
- C:\Windows\System\jJAfsAQ.exe
  C:\Windows\System\jJAfsAQ.exe
  2⤵
  PID:7416
- C:\Windows\System\NhTNMSC.exe
  C:\Windows\System\NhTNMSC.exe
  2⤵
  PID:7448
- C:\Windows\System\YDTmoOz.exe
  C:\Windows\System\YDTmoOz.exe
  2⤵
  PID:7472
- C:\Windows\System\CkfXiGJ.exe
  C:\Windows\System\CkfXiGJ.exe
  2⤵
  PID:7492
- C:\Windows\System\YppHGfV.exe
  C:\Windows\System\YppHGfV.exe
  2⤵
  PID:7532
- C:\Windows\System\VSnQYbs.exe
  C:\Windows\System\VSnQYbs.exe
  2⤵
  PID:7588
- C:\Windows\System\lMuFLhm.exe
  C:\Windows\System\lMuFLhm.exe
  2⤵
  PID:3688
- C:\Windows\System\DvfsoId.exe
  C:\Windows\System\DvfsoId.exe
  2⤵
  PID:7636
- C:\Windows\System\fIkzWAv.exe
  C:\Windows\System\fIkzWAv.exe
  2⤵
  PID:7676
- C:\Windows\System\MXvDiVd.exe
  C:\Windows\System\MXvDiVd.exe
  2⤵
  PID:7708
- C:\Windows\System\TUbzYiL.exe
  C:\Windows\System\TUbzYiL.exe
  2⤵
  PID:7728
- C:\Windows\System\olzbizO.exe
  C:\Windows\System\olzbizO.exe
  2⤵
  PID:7732
- C:\Windows\System\uaCuCoT.exe
  C:\Windows\System\uaCuCoT.exe
  2⤵
  PID:7792
- C:\Windows\System\TwxkJcP.exe
  C:\Windows\System\TwxkJcP.exe
  2⤵
  PID:7836
- C:\Windows\System\cWcKgXt.exe
  C:\Windows\System\cWcKgXt.exe
  2⤵
  PID:7868
- C:\Windows\System\yCqnGJq.exe
  C:\Windows\System\yCqnGJq.exe
  2⤵
  PID:7888
- C:\Windows\System\LmAPsxe.exe
  C:\Windows\System\LmAPsxe.exe
  2⤵
  PID:7928
- C:\Windows\System\pEMCSbs.exe
  C:\Windows\System\pEMCSbs.exe
  2⤵
  PID:7932
- C:\Windows\System\gDzyjST.exe
  C:\Windows\System\gDzyjST.exe
  2⤵
  PID:7996
- C:\Windows\System\VQiyZBR.exe
  C:\Windows\System\VQiyZBR.exe
  2⤵
  PID:8032
- C:\Windows\System\vnOPDWH.exe
  C:\Windows\System\vnOPDWH.exe
  2⤵
  PID:8048
- C:\Windows\System\JLWOEIY.exe
  C:\Windows\System\JLWOEIY.exe
  2⤵
  PID:8056
- C:\Windows\System\SSQeHOo.exe
  C:\Windows\System\SSQeHOo.exe
  2⤵
  PID:8096
- C:\Windows\System\lVxxKdA.exe
  C:\Windows\System\lVxxKdA.exe
  2⤵
  PID:8152
- C:\Windows\System\gSYbcoO.exe
  C:\Windows\System\gSYbcoO.exe
  2⤵
  PID:8172
- C:\Windows\System\XUIXXxr.exe
  C:\Windows\System\XUIXXxr.exe
  2⤵
  PID:6220
- C:\Windows\System\dMcGAAk.exe
  C:\Windows\System\dMcGAAk.exe
  2⤵
  PID:6160
- C:\Windows\System\EAtvyKe.exe
  C:\Windows\System\EAtvyKe.exe
  2⤵
  PID:6484
- C:\Windows\System\FYEHILk.exe
  C:\Windows\System\FYEHILk.exe
  2⤵
  PID:6796
- C:\Windows\System\bXiHIDU.exe
  C:\Windows\System\bXiHIDU.exe
  2⤵
  PID:6884
- C:\Windows\System\IYzHfWa.exe
  C:\Windows\System\IYzHfWa.exe
  2⤵
  PID:7188
- C:\Windows\System\iNWoGgL.exe
  C:\Windows\System\iNWoGgL.exe
  2⤵
  PID:7196
- C:\Windows\System\nOYvIQv.exe
  C:\Windows\System\nOYvIQv.exe
  2⤵
  PID:7208
- C:\Windows\System\TFhxRKs.exe
  C:\Windows\System\TFhxRKs.exe
  2⤵
  PID:7296
- C:\Windows\System\ZbikJcI.exe
  C:\Windows\System\ZbikJcI.exe
  2⤵
  PID:7392
- C:\Windows\System\FgwkGcs.exe
  C:\Windows\System\FgwkGcs.exe
  2⤵
  PID:7456
- C:\Windows\System\kYYtBWL.exe
  C:\Windows\System\kYYtBWL.exe
  2⤵
  PID:7452
- C:\Windows\System\mNdLuvX.exe
  C:\Windows\System\mNdLuvX.exe
  2⤵
  PID:7536
- C:\Windows\System\nMmUOFS.exe
  C:\Windows\System\nMmUOFS.exe
  2⤵
  PID:7572
- C:\Windows\System\PYaqwzq.exe
  C:\Windows\System\PYaqwzq.exe
  2⤵
  PID:7648
- C:\Windows\System\vnoVlPv.exe
  C:\Windows\System\vnoVlPv.exe
  2⤵
  PID:7616
- C:\Windows\System\AQCiCJb.exe
  C:\Windows\System\AQCiCJb.exe
  2⤵
  PID:7692
- C:\Windows\System\fACtshY.exe
  C:\Windows\System\fACtshY.exe
  2⤵
  PID:7736
- C:\Windows\System\bNUlCCJ.exe
  C:\Windows\System\bNUlCCJ.exe
  2⤵
  PID:7788
- C:\Windows\System\dLGFMMR.exe
  C:\Windows\System\dLGFMMR.exe
  2⤵
  PID:7848
- C:\Windows\System\iDrtsqb.exe
  C:\Windows\System\iDrtsqb.exe
  2⤵
  PID:7912
- C:\Windows\System\CDJlTbz.exe
  C:\Windows\System\CDJlTbz.exe
  2⤵
  PID:7956
- C:\Windows\System\ZTIMVDG.exe
  C:\Windows\System\ZTIMVDG.exe
  2⤵
  PID:2504
- C:\Windows\System\LxAeKBC.exe
  C:\Windows\System\LxAeKBC.exe
  2⤵
  PID:8012
- C:\Windows\System\YDxjCka.exe
  C:\Windows\System\YDxjCka.exe
  2⤵
  PID:8076
- C:\Windows\System\goQzzMi.exe
  C:\Windows\System\goQzzMi.exe
  2⤵
  PID:4660
- C:\Windows\System\NfePCoL.exe
  C:\Windows\System\NfePCoL.exe
  2⤵
  PID:8176
- C:\Windows\System\SLSEUdQ.exe
  C:\Windows\System\SLSEUdQ.exe
  2⤵
  PID:6156
- C:\Windows\System\rrqKGvy.exe
  C:\Windows\System\rrqKGvy.exe
  2⤵
  PID:6776
- C:\Windows\System\DKKNbGK.exe
  C:\Windows\System\DKKNbGK.exe
  2⤵
  PID:1688
- C:\Windows\System\hOjjwne.exe
  C:\Windows\System\hOjjwne.exe
  2⤵
  PID:7256
- C:\Windows\System\SdgRNmz.exe
  C:\Windows\System\SdgRNmz.exe
  2⤵
  PID:7232
- C:\Windows\System\RwKIpPM.exe
  C:\Windows\System\RwKIpPM.exe
  2⤵
  PID:7308
- C:\Windows\System\PCLGNve.exe
  C:\Windows\System\PCLGNve.exe
  2⤵
  PID:7368
- C:\Windows\System\nqmwwGD.exe
  C:\Windows\System\nqmwwGD.exe
  2⤵
  PID:7496
- C:\Windows\System\joHFCqe.exe
  C:\Windows\System\joHFCqe.exe
  2⤵
  PID:2552
- C:\Windows\System\HmDgHuH.exe
  C:\Windows\System\HmDgHuH.exe
  2⤵
  PID:7568
- C:\Windows\System\EExBMQT.exe
  C:\Windows\System\EExBMQT.exe
  2⤵
  PID:7652
- C:\Windows\System\MQGtcTG.exe
  C:\Windows\System\MQGtcTG.exe
  2⤵
  PID:5108
- C:\Windows\System\ETLIwED.exe
  C:\Windows\System\ETLIwED.exe
  2⤵
  PID:1476
- C:\Windows\System\XETROaU.exe
  C:\Windows\System\XETROaU.exe
  2⤵
  PID:7936
- C:\Windows\System\SWkYRqJ.exe
  C:\Windows\System\SWkYRqJ.exe
  2⤵
  PID:400
- C:\Windows\System\SFhzTXm.exe
  C:\Windows\System\SFhzTXm.exe
  2⤵
  PID:2556
- C:\Windows\System\gRNEePy.exe
  C:\Windows\System\gRNEePy.exe
  2⤵
  PID:7976
- C:\Windows\System\bekGeOt.exe
  C:\Windows\System\bekGeOt.exe
  2⤵
  PID:8100
- C:\Windows\System\DKWQwEI.exe
  C:\Windows\System\DKWQwEI.exe
  2⤵
  PID:4484
- C:\Windows\System\CYuSIbQ.exe
  C:\Windows\System\CYuSIbQ.exe
  2⤵
  PID:6868
- C:\Windows\System\myzXXOM.exe
  C:\Windows\System\myzXXOM.exe
  2⤵
  PID:5004
- C:\Windows\System\GcPRzVs.exe
  C:\Windows\System\GcPRzVs.exe
  2⤵
  PID:7084
- C:\Windows\System\IUxYIlk.exe
  C:\Windows\System\IUxYIlk.exe
  2⤵
  PID:7352
- C:\Windows\System\zhYRNyy.exe
  C:\Windows\System\zhYRNyy.exe
  2⤵
  PID:1720
- C:\Windows\System\vrntlAj.exe
  C:\Windows\System\vrntlAj.exe
  2⤵
  PID:7592
- C:\Windows\System\UrYfxEf.exe
  C:\Windows\System\UrYfxEf.exe
  2⤵
  PID:2572
- C:\Windows\System\CASKAgd.exe
  C:\Windows\System\CASKAgd.exe
  2⤵
  PID:2616
- C:\Windows\System\eWiBJKw.exe
  C:\Windows\System\eWiBJKw.exe
  2⤵
  PID:7756
- C:\Windows\System\tXtBXBa.exe
  C:\Windows\System\tXtBXBa.exe
  2⤵
  PID:1668
- C:\Windows\System\mCkeRud.exe
  C:\Windows\System\mCkeRud.exe
  2⤵
  PID:2032
- C:\Windows\System\HXMOsbX.exe
  C:\Windows\System\HXMOsbX.exe
  2⤵
  PID:8036
- C:\Windows\System\GVksRfH.exe
  C:\Windows\System\GVksRfH.exe
  2⤵
  PID:916
- C:\Windows\System\befhtXE.exe
  C:\Windows\System\befhtXE.exe
  2⤵
  PID:6328
- C:\Windows\System\rSCYpyq.exe
  C:\Windows\System\rSCYpyq.exe
  2⤵
  PID:7184
- C:\Windows\System\PQmqVqx.exe
  C:\Windows\System\PQmqVqx.exe
  2⤵
  PID:2852
- C:\Windows\System\yRQrinR.exe
  C:\Windows\System\yRQrinR.exe
  2⤵
  PID:2612
- C:\Windows\System\mJFmbVT.exe
  C:\Windows\System\mJFmbVT.exe
  2⤵
  PID:7656
- C:\Windows\System\EWygKbX.exe
  C:\Windows\System\EWygKbX.exe
  2⤵
  PID:2920
- C:\Windows\System\EiPSQNw.exe
  C:\Windows\System\EiPSQNw.exe
  2⤵
  PID:7992
- C:\Windows\System\UrwxLQP.exe
  C:\Windows\System\UrwxLQP.exe
  2⤵
  PID:3048
- C:\Windows\System\PLhKEKa.exe
  C:\Windows\System\PLhKEKa.exe
  2⤵
  PID:8136
- C:\Windows\System\ZqJYIDi.exe
  C:\Windows\System\ZqJYIDi.exe
  2⤵
  PID:6588
- C:\Windows\System\GartBsO.exe
  C:\Windows\System\GartBsO.exe
  2⤵
  PID:2516
- C:\Windows\System\ujtUhLG.exe
  C:\Windows\System\ujtUhLG.exe
  2⤵
  PID:7816
- C:\Windows\System\LcuTglq.exe
  C:\Windows\System\LcuTglq.exe
  2⤵
  PID:2180
- C:\Windows\System\BVtQwUK.exe
  C:\Windows\System\BVtQwUK.exe
  2⤵
  PID:4816
- C:\Windows\System\nVETQAQ.exe
  C:\Windows\System\nVETQAQ.exe
  2⤵
  PID:7428
- C:\Windows\System\izvdcJj.exe
  C:\Windows\System\izvdcJj.exe
  2⤵
  PID:2972
- C:\Windows\System\AyYKupS.exe
  C:\Windows\System\AyYKupS.exe
  2⤵
  PID:8208
- C:\Windows\System\bRGQEjw.exe
  C:\Windows\System\bRGQEjw.exe
  2⤵
  PID:8228
- C:\Windows\System\dXzQXPo.exe
  C:\Windows\System\dXzQXPo.exe
  2⤵
  PID:8248
- C:\Windows\System\MgbqmDs.exe
  C:\Windows\System\MgbqmDs.exe
  2⤵
  PID:8268
- C:\Windows\System\ijgJMVm.exe
  C:\Windows\System\ijgJMVm.exe
  2⤵
  PID:8300
- C:\Windows\System\TccWpKR.exe
  C:\Windows\System\TccWpKR.exe
  2⤵
  PID:8320
- C:\Windows\System\mhsZfGp.exe
  C:\Windows\System\mhsZfGp.exe
  2⤵
  PID:8336
- C:\Windows\System\tZPGkGt.exe
  C:\Windows\System\tZPGkGt.exe
  2⤵
  PID:8352
- C:\Windows\System\rXBRGxI.exe
  C:\Windows\System\rXBRGxI.exe
  2⤵
  PID:8368
- C:\Windows\System\rxsyChl.exe
  C:\Windows\System\rxsyChl.exe
  2⤵
  PID:8384
- C:\Windows\System\ekhTCpW.exe
  C:\Windows\System\ekhTCpW.exe
  2⤵
  PID:8400
- C:\Windows\System\EYQKlnt.exe
  C:\Windows\System\EYQKlnt.exe
  2⤵
  PID:8416
- C:\Windows\System\DGsOZLO.exe
  C:\Windows\System\DGsOZLO.exe
  2⤵
  PID:8432
- C:\Windows\System\FOiPWCY.exe
  C:\Windows\System\FOiPWCY.exe
  2⤵
  PID:8448
- C:\Windows\System\UmxTewE.exe
  C:\Windows\System\UmxTewE.exe
  2⤵
  PID:8464
- C:\Windows\System\oqFpTCw.exe
  C:\Windows\System\oqFpTCw.exe
  2⤵
  PID:8480
- C:\Windows\System\lUEiuMr.exe
  C:\Windows\System\lUEiuMr.exe
  2⤵
  PID:8496
- C:\Windows\System\AGBDHmA.exe
  C:\Windows\System\AGBDHmA.exe
  2⤵
  PID:8512
- C:\Windows\System\nmgVRzI.exe
  C:\Windows\System\nmgVRzI.exe
  2⤵
  PID:8528
- C:\Windows\System\vBBSzCO.exe
  C:\Windows\System\vBBSzCO.exe
  2⤵
  PID:8544
- C:\Windows\System\UXGptaC.exe
  C:\Windows\System\UXGptaC.exe
  2⤵
  PID:8560
- C:\Windows\System\YGSCyZb.exe
  C:\Windows\System\YGSCyZb.exe
  2⤵
  PID:8576
- C:\Windows\System\oYBJdaO.exe
  C:\Windows\System\oYBJdaO.exe
  2⤵
  PID:8592
- C:\Windows\System\ZOApJVr.exe
  C:\Windows\System\ZOApJVr.exe
  2⤵
  PID:8608
- C:\Windows\System\HHyZcpw.exe
  C:\Windows\System\HHyZcpw.exe
  2⤵
  PID:8624
- C:\Windows\System\ezLaCCo.exe
  C:\Windows\System\ezLaCCo.exe
  2⤵
  PID:8640
- C:\Windows\System\EiHMVzb.exe
  C:\Windows\System\EiHMVzb.exe
  2⤵
  PID:8656
- C:\Windows\System\IziCfgK.exe
  C:\Windows\System\IziCfgK.exe
  2⤵
  PID:8672
- C:\Windows\System\rZYncje.exe
  C:\Windows\System\rZYncje.exe
  2⤵
  PID:8688
- C:\Windows\System\xZzwCyY.exe
  C:\Windows\System\xZzwCyY.exe
  2⤵
  PID:8704
- C:\Windows\System\ZSbHytY.exe
  C:\Windows\System\ZSbHytY.exe
  2⤵
  PID:8720
- C:\Windows\System\EXtxmPP.exe
  C:\Windows\System\EXtxmPP.exe
  2⤵
  PID:8736
- C:\Windows\System\sLtZspO.exe
  C:\Windows\System\sLtZspO.exe
  2⤵
  PID:8752
- C:\Windows\System\GeQSsru.exe
  C:\Windows\System\GeQSsru.exe
  2⤵
  PID:8768
- C:\Windows\System\tznfWAr.exe
  C:\Windows\System\tznfWAr.exe
  2⤵
  PID:8784
- C:\Windows\System\xbBPBLp.exe
  C:\Windows\System\xbBPBLp.exe
  2⤵
  PID:8800
- C:\Windows\System\isAIbLt.exe
  C:\Windows\System\isAIbLt.exe
  2⤵
  PID:8816
- C:\Windows\System\XIHYFWl.exe
  C:\Windows\System\XIHYFWl.exe
  2⤵
  PID:8832
- C:\Windows\System\pBGDyvR.exe
  C:\Windows\System\pBGDyvR.exe
  2⤵
  PID:8848
- C:\Windows\System\ImixGfu.exe
  C:\Windows\System\ImixGfu.exe
  2⤵
  PID:8864
- C:\Windows\System\eWMvZBF.exe
  C:\Windows\System\eWMvZBF.exe
  2⤵
  PID:8880
- C:\Windows\System\zSqxdnQ.exe
  C:\Windows\System\zSqxdnQ.exe
  2⤵
  PID:8896
- C:\Windows\System\gIohtyP.exe
  C:\Windows\System\gIohtyP.exe
  2⤵
  PID:8920
- C:\Windows\System\ItWnlPg.exe
  C:\Windows\System\ItWnlPg.exe
  2⤵
  PID:8936
- C:\Windows\System\cIssJTu.exe
  C:\Windows\System\cIssJTu.exe
  2⤵
  PID:8952
- C:\Windows\System\DfROuHo.exe
  C:\Windows\System\DfROuHo.exe
  2⤵
  PID:8968
- C:\Windows\System\vnbPZDQ.exe
  C:\Windows\System\vnbPZDQ.exe
  2⤵
  PID:8984
- C:\Windows\System\piEzYYy.exe
  C:\Windows\System\piEzYYy.exe
  2⤵
  PID:9000
- C:\Windows\System\tsQbLcw.exe
  C:\Windows\System\tsQbLcw.exe
  2⤵
  PID:9016
- C:\Windows\System\DuYYyjU.exe
  C:\Windows\System\DuYYyjU.exe
  2⤵
  PID:9032
- C:\Windows\System\vEgeguc.exe
  C:\Windows\System\vEgeguc.exe
  2⤵
  PID:9048
- C:\Windows\System\amkkXmB.exe
  C:\Windows\System\amkkXmB.exe
  2⤵
  PID:9064
- C:\Windows\System\JJcypYM.exe
  C:\Windows\System\JJcypYM.exe
  2⤵
  PID:9080
- C:\Windows\System\VTYYKFQ.exe
  C:\Windows\System\VTYYKFQ.exe
  2⤵
  PID:9100
- C:\Windows\System\gcoLrFA.exe
  C:\Windows\System\gcoLrFA.exe
  2⤵
  PID:9120
- C:\Windows\System\xjRFEdg.exe
  C:\Windows\System\xjRFEdg.exe
  2⤵
  PID:9136
- C:\Windows\System\QlmAcGD.exe
  C:\Windows\System\QlmAcGD.exe
  2⤵
  PID:9152
- C:\Windows\System\JeuvwDs.exe
  C:\Windows\System\JeuvwDs.exe
  2⤵
  PID:9168
- C:\Windows\System\nYDGofR.exe
  C:\Windows\System\nYDGofR.exe
  2⤵
  PID:9184
- C:\Windows\System\WfEdsff.exe
  C:\Windows\System\WfEdsff.exe
  2⤵
  PID:9200
- C:\Windows\System\YXSQnaV.exe
  C:\Windows\System\YXSQnaV.exe
  2⤵
  PID:1864
- C:\Windows\System\vAtTMLf.exe
  C:\Windows\System\vAtTMLf.exe
  2⤵
  PID:7908
- C:\Windows\System\LTlsjON.exe
  C:\Windows\System\LTlsjON.exe
  2⤵
  PID:7688
- C:\Windows\System\krgUJQC.exe
  C:\Windows\System\krgUJQC.exe
  2⤵
  PID:2676
- C:\Windows\System\LRwqYRr.exe
  C:\Windows\System\LRwqYRr.exe
  2⤵
  PID:8244
- C:\Windows\System\ZJknmiJ.exe
  C:\Windows\System\ZJknmiJ.exe
  2⤵
  PID:8256
- C:\Windows\System\mSQPRNp.exe
  C:\Windows\System\mSQPRNp.exe
  2⤵
  PID:1588
- C:\Windows\System\oiRthbo.exe
  C:\Windows\System\oiRthbo.exe
  2⤵
  PID:2220
- C:\Windows\System\CHXHahF.exe
  C:\Windows\System\CHXHahF.exe
  2⤵
  PID:1740
- C:\Windows\System\KwWSCnB.exe
  C:\Windows\System\KwWSCnB.exe
  2⤵
  PID:8276
- C:\Windows\System\OycLFVT.exe
  C:\Windows\System\OycLFVT.exe
  2⤵
  PID:1108
- C:\Windows\System\kKINxhx.exe
  C:\Windows\System\kKINxhx.exe
  2⤵
  PID:8308
- C:\Windows\System\oaQGFld.exe
  C:\Windows\System\oaQGFld.exe
  2⤵
  PID:8492
- C:\Windows\System\CjmskLv.exe
  C:\Windows\System\CjmskLv.exe
  2⤵
  PID:8524
- C:\Windows\System\ZMdMybD.exe
  C:\Windows\System\ZMdMybD.exe
  2⤵
  PID:8572
- C:\Windows\System\GYNjqHd.exe
  C:\Windows\System\GYNjqHd.exe
  2⤵
  PID:8636
- C:\Windows\System\YEDMDOq.exe
  C:\Windows\System\YEDMDOq.exe
  2⤵
  PID:8700
- C:\Windows\System\hFXLMxp.exe
  C:\Windows\System\hFXLMxp.exe
  2⤵
  PID:8716
- C:\Windows\System\dpxZkrP.exe
  C:\Windows\System\dpxZkrP.exe
  2⤵
  PID:8620
- C:\Windows\System\fWBpUdd.exe
  C:\Windows\System\fWBpUdd.exe
  2⤵
  PID:8472
- C:\Windows\System\bXJAZAH.exe
  C:\Windows\System\bXJAZAH.exe
  2⤵
  PID:8348
- C:\Windows\System\XJjWsEP.exe
  C:\Windows\System\XJjWsEP.exe
  2⤵
  PID:8728
- C:\Windows\System\HQuVhCM.exe
  C:\Windows\System\HQuVhCM.exe
  2⤵
  PID:8364
- C:\Windows\System\hySleVx.exe
  C:\Windows\System\hySleVx.exe
  2⤵
  PID:8460
- C:\Windows\System\UBuyNxF.exe
  C:\Windows\System\UBuyNxF.exe
  2⤵
  PID:9196
- C:\Windows\System\yiSodPk.exe
  C:\Windows\System\yiSodPk.exe
  2⤵
  PID:8260
- C:\Windows\System\rCdhUDO.exe
  C:\Windows\System\rCdhUDO.exe
  2⤵
  PID:2996
- C:\Windows\System\geIwZoE.exe
  C:\Windows\System\geIwZoE.exe
  2⤵
  PID:992
- C:\Windows\System\ClRSzZP.exe
  C:\Windows\System\ClRSzZP.exe
  2⤵
  PID:8296
- C:\Windows\System\GNRqzJc.exe
  C:\Windows\System\GNRqzJc.exe
  2⤵
  PID:8604
- C:\Windows\System\vHRjbmM.exe
  C:\Windows\System\vHRjbmM.exe
  2⤵
  PID:8680
- C:\Windows\System\vsheYCg.exe
  C:\Windows\System\vsheYCg.exe
  2⤵
  PID:8588
- C:\Windows\System\WonfWBR.exe
  C:\Windows\System\WonfWBR.exe
  2⤵
  PID:8744
- C:\Windows\System\iVXLOrh.exe
  C:\Windows\System\iVXLOrh.exe
  2⤵
  PID:8412
- C:\Windows\System\xnpMmzW.exe
  C:\Windows\System\xnpMmzW.exe
  2⤵
  PID:8780
- C:\Windows\System\vVQIVKD.exe
  C:\Windows\System\vVQIVKD.exe
  2⤵
  PID:8344
- C:\Windows\System\jkypOiE.exe
  C:\Windows\System\jkypOiE.exe
  2⤵
  PID:8824
- C:\Windows\System\PHuLdXE.exe
  C:\Windows\System\PHuLdXE.exe
  2⤵
  PID:8888
- C:\Windows\System\dbMaNFJ.exe
  C:\Windows\System\dbMaNFJ.exe
  2⤵
  PID:8916
- C:\Windows\System\uJxMnvw.exe
  C:\Windows\System\uJxMnvw.exe
  2⤵
  PID:8944
- C:\Windows\System\fKQLTvu.exe
  C:\Windows\System\fKQLTvu.exe
  2⤵
  PID:8904
- C:\Windows\System\rXPlscg.exe
  C:\Windows\System\rXPlscg.exe
  2⤵
  PID:8408
- C:\Windows\System\YHZgYQq.exe
  C:\Windows\System\YHZgYQq.exe
  2⤵
  PID:9028
- C:\Windows\System\evKSTHC.exe
  C:\Windows\System\evKSTHC.exe
  2⤵
  PID:9040
- C:\Windows\System\EcJZuOl.exe
  C:\Windows\System\EcJZuOl.exe
  2⤵
  PID:9144
- C:\Windows\System\OeSssoE.exe
  C:\Windows\System\OeSssoE.exe
  2⤵
  PID:9112
- C:\Windows\System\RkKoLwH.exe
  C:\Windows\System\RkKoLwH.exe
  2⤵
  PID:9148
- C:\Windows\System\imDQvhx.exe
  C:\Windows\System\imDQvhx.exe
  2⤵
  PID:8240
- C:\Windows\System\AmGgPEi.exe
  C:\Windows\System\AmGgPEi.exe
  2⤵
  PID:8200
- C:\Windows\System\yDqhEgO.exe
  C:\Windows\System\yDqhEgO.exe
  2⤵
  PID:8652
- C:\Windows\System\VoERxJM.exe
  C:\Windows\System\VoERxJM.exe
  2⤵
  PID:8540
- C:\Windows\System\iFqEPrt.exe
  C:\Windows\System\iFqEPrt.exe
  2⤵
  PID:8520
- C:\Windows\System\PNuwbKx.exe
  C:\Windows\System\PNuwbKx.exe
  2⤵
  PID:8732
- C:\Windows\System\AexORCb.exe
  C:\Windows\System\AexORCb.exe
  2⤵
  PID:8908
- C:\Windows\System\zomOQDB.exe
  C:\Windows\System\zomOQDB.exe
  2⤵
  PID:8876
- C:\Windows\System\pXDRpmP.exe
  C:\Windows\System\pXDRpmP.exe
  2⤵
  PID:8808
- C:\Windows\System\RqlYOTt.exe
  C:\Windows\System\RqlYOTt.exe
  2⤵
  PID:8992
- C:\Windows\System\IaSwrQY.exe
  C:\Windows\System\IaSwrQY.exe
  2⤵
  PID:9056
- C:\Windows\System\tDEuavY.exe
  C:\Windows\System\tDEuavY.exe
  2⤵
  PID:9072
- C:\Windows\System\brkXXFJ.exe
  C:\Windows\System\brkXXFJ.exe
  2⤵
  PID:9212
- C:\Windows\System\wOHWOet.exe
  C:\Windows\System\wOHWOet.exe
  2⤵
  PID:9160
- C:\Windows\System\hSpvvpb.exe
  C:\Windows\System\hSpvvpb.exe
  2⤵
  PID:9128
- C:\Windows\System\wjvvRHF.exe
  C:\Windows\System\wjvvRHF.exe
  2⤵
  PID:8216
- C:\Windows\System\UKIldbm.exe
  C:\Windows\System\UKIldbm.exe
  2⤵
  PID:8668
- C:\Windows\System\OKInFgQ.exe
  C:\Windows\System\OKInFgQ.exe
  2⤵
  PID:9224
- C:\Windows\System\vldGVaK.exe
  C:\Windows\System\vldGVaK.exe
  2⤵
  PID:9240
- C:\Windows\System\oWruovt.exe
  C:\Windows\System\oWruovt.exe
  2⤵
  PID:9256
- C:\Windows\System\fLgolSQ.exe
  C:\Windows\System\fLgolSQ.exe
  2⤵
  PID:9272
- C:\Windows\System\CAtKbtC.exe
  C:\Windows\System\CAtKbtC.exe
  2⤵
  PID:9288
- C:\Windows\System\EGVzmzu.exe
  C:\Windows\System\EGVzmzu.exe
  2⤵
  PID:9304
- C:\Windows\System\KuFilAj.exe
  C:\Windows\System\KuFilAj.exe
  2⤵
  PID:9320
- C:\Windows\System\fzGjaQL.exe
  C:\Windows\System\fzGjaQL.exe
  2⤵
  PID:9336
- C:\Windows\System\UYoHPwA.exe
  C:\Windows\System\UYoHPwA.exe
  2⤵
  PID:9352
- C:\Windows\System\HytanFv.exe
  C:\Windows\System\HytanFv.exe
  2⤵
  PID:9368
- C:\Windows\System\rkCeOHM.exe
  C:\Windows\System\rkCeOHM.exe
  2⤵
  PID:9384
- C:\Windows\System\ogEhxSJ.exe
  C:\Windows\System\ogEhxSJ.exe
  2⤵
  PID:9400
- C:\Windows\System\AbXaFng.exe
  C:\Windows\System\AbXaFng.exe
  2⤵
  PID:9416
- C:\Windows\System\CxDAQYC.exe
  C:\Windows\System\CxDAQYC.exe
  2⤵
  PID:9440
- C:\Windows\System\DvdVXea.exe
  C:\Windows\System\DvdVXea.exe
  2⤵
  PID:9472
- C:\Windows\System\rrtswrE.exe
  C:\Windows\System\rrtswrE.exe
  2⤵
  PID:9600
- C:\Windows\System\euPkohe.exe
  C:\Windows\System\euPkohe.exe
  2⤵
  PID:9620
- C:\Windows\System\YqUyGsj.exe
  C:\Windows\System\YqUyGsj.exe
  2⤵
  PID:9716
- C:\Windows\System\Ponwatd.exe
  C:\Windows\System\Ponwatd.exe
  2⤵
  PID:9732
- C:\Windows\System\cSEOcoK.exe
  C:\Windows\System\cSEOcoK.exe
  2⤵
  PID:9748
- C:\Windows\System\oFSpxUi.exe
  C:\Windows\System\oFSpxUi.exe
  2⤵
  PID:9764
- C:\Windows\System\GqWifxd.exe
  C:\Windows\System\GqWifxd.exe
  2⤵
  PID:9784
- C:\Windows\System\OMgtCxC.exe
  C:\Windows\System\OMgtCxC.exe
  2⤵
  PID:9816
- C:\Windows\System\qarHjBy.exe
  C:\Windows\System\qarHjBy.exe
  2⤵
  PID:9832
- C:\Windows\System\BUBxzyw.exe
  C:\Windows\System\BUBxzyw.exe
  2⤵
  PID:9852
- C:\Windows\System\TxaKprO.exe
  C:\Windows\System\TxaKprO.exe
  2⤵
  PID:9876
- C:\Windows\System\SxMLaCi.exe
  C:\Windows\System\SxMLaCi.exe
  2⤵
  PID:9896
- C:\Windows\System\JDyZoVq.exe
  C:\Windows\System\JDyZoVq.exe
  2⤵
  PID:9920
- C:\Windows\System\btAVEpp.exe
  C:\Windows\System\btAVEpp.exe
  2⤵
  PID:9940
- C:\Windows\System\PwWzHmx.exe
  C:\Windows\System\PwWzHmx.exe
  2⤵
  PID:9956
- C:\Windows\System\xiUCaes.exe
  C:\Windows\System\xiUCaes.exe
  2⤵
  PID:9976
- C:\Windows\System\NhtJNlN.exe
  C:\Windows\System\NhtJNlN.exe
  2⤵
  PID:9996
- C:\Windows\System\LHZNQdR.exe
  C:\Windows\System\LHZNQdR.exe
  2⤵
  PID:10032
- C:\Windows\System\SAvJEJp.exe
  C:\Windows\System\SAvJEJp.exe
  2⤵
  PID:10048
- C:\Windows\System\nUQHRzR.exe
  C:\Windows\System\nUQHRzR.exe
  2⤵
  PID:10064
- C:\Windows\System\bzUxrzg.exe
  C:\Windows\System\bzUxrzg.exe
  2⤵
  PID:10084
- C:\Windows\System\xACJCVN.exe
  C:\Windows\System\xACJCVN.exe
  2⤵
  PID:10104
- C:\Windows\System\IEWmZBN.exe
  C:\Windows\System\IEWmZBN.exe
  2⤵
  PID:10120
- C:\Windows\System\hhxVFqg.exe
  C:\Windows\System\hhxVFqg.exe
  2⤵
  PID:10144
- C:\Windows\System\jNgUKwZ.exe
  C:\Windows\System\jNgUKwZ.exe
  2⤵
  PID:10168
- C:\Windows\System\BGGnVZv.exe
  C:\Windows\System\BGGnVZv.exe
  2⤵
  PID:10192
- C:\Windows\System\usjjgXO.exe
  C:\Windows\System\usjjgXO.exe
  2⤵
  PID:10212
- C:\Windows\System\rVGSkXo.exe
  C:\Windows\System\rVGSkXo.exe
  2⤵
  PID:10232
- C:\Windows\System\oxRtzGy.exe
  C:\Windows\System\oxRtzGy.exe
  2⤵
  PID:8764
- C:\Windows\System\WBazBMb.exe
  C:\Windows\System\WBazBMb.exe
  2⤵
  PID:8748
- C:\Windows\System\rbXhLox.exe
  C:\Windows\System\rbXhLox.exe
  2⤵
  PID:444
- C:\Windows\System\dNlHLXl.exe
  C:\Windows\System\dNlHLXl.exe
  2⤵
  PID:8980
- C:\Windows\System\fekotod.exe
  C:\Windows\System\fekotod.exe
  2⤵
  PID:2072
- C:\Windows\System\xVWrboO.exe
  C:\Windows\System\xVWrboO.exe
  2⤵
  PID:9192
- C:\Windows\System\lmHhbWt.exe
  C:\Windows\System\lmHhbWt.exe
  2⤵
  PID:9220
- C:\Windows\System\INXZHGd.exe
  C:\Windows\System\INXZHGd.exe
  2⤵
  PID:9312
- C:\Windows\System\fbiWAhw.exe
  C:\Windows\System\fbiWAhw.exe
  2⤵
  PID:9296
- C:\Windows\System\fErVwJB.exe
  C:\Windows\System\fErVwJB.exe
  2⤵
  PID:9360
- C:\Windows\System\CmTposh.exe
  C:\Windows\System\CmTposh.exe
  2⤵
  PID:9424
- C:\Windows\System\JRMOaIg.exe
  C:\Windows\System\JRMOaIg.exe
  2⤵
  PID:9408
- C:\Windows\System\gGapxGT.exe
  C:\Windows\System\gGapxGT.exe
  2⤵
  PID:9448
- C:\Windows\System\Solgqby.exe
  C:\Windows\System\Solgqby.exe
  2⤵
  PID:9508
- C:\Windows\System\rQFHBLi.exe
  C:\Windows\System\rQFHBLi.exe
  2⤵
  PID:9524
- C:\Windows\System\LitnPwx.exe
  C:\Windows\System\LitnPwx.exe
  2⤵
  PID:9544
- C:\Windows\System\Cwhaqcu.exe
  C:\Windows\System\Cwhaqcu.exe
  2⤵
  PID:9608
- C:\Windows\System\TxVAhrG.exe
  C:\Windows\System\TxVAhrG.exe
  2⤵
  PID:9584
- C:\Windows\System\vXPOZNh.exe
  C:\Windows\System\vXPOZNh.exe
  2⤵
  PID:9644
- C:\Windows\System\UqPofrg.exe
  C:\Windows\System\UqPofrg.exe
  2⤵
  PID:9656
- C:\Windows\System\CkrAXAk.exe
  C:\Windows\System\CkrAXAk.exe
  2⤵
  PID:9680
- C:\Windows\System\hFogjSb.exe
  C:\Windows\System\hFogjSb.exe
  2⤵
  PID:9704
- C:\Windows\System\aVJEHKH.exe
  C:\Windows\System\aVJEHKH.exe
  2⤵
  PID:9728
- C:\Windows\System\OWUBdvW.exe
  C:\Windows\System\OWUBdvW.exe
  2⤵
  PID:9772
- C:\Windows\System\ooNRxiT.exe
  C:\Windows\System\ooNRxiT.exe
  2⤵
  PID:9824
- C:\Windows\System\jZtuzGX.exe
  C:\Windows\System\jZtuzGX.exe
  2⤵
  PID:9812
- C:\Windows\System\AcYoiCM.exe
  C:\Windows\System\AcYoiCM.exe
  2⤵
  PID:9848
- C:\Windows\System\mSaAiQc.exe
  C:\Windows\System\mSaAiQc.exe
  2⤵
  PID:9872
- C:\Windows\System\WDzSANf.exe
  C:\Windows\System\WDzSANf.exe
  2⤵
  PID:9904
- C:\Windows\System\GKqAnNz.exe
  C:\Windows\System\GKqAnNz.exe
  2⤵
  PID:9928
- C:\Windows\System\gDLBKEo.exe
  C:\Windows\System\gDLBKEo.exe
  2⤵
  PID:9968
- C:\Windows\System\tKWTuIy.exe
  C:\Windows\System\tKWTuIy.exe
  2⤵
  PID:10004
- C:\Windows\System\maFylPZ.exe
  C:\Windows\System\maFylPZ.exe
  2⤵
  PID:10028
- C:\Windows\System\DfjhKNW.exe
  C:\Windows\System\DfjhKNW.exe
  2⤵
  PID:10056
- C:\Windows\System\jkumUHt.exe
  C:\Windows\System\jkumUHt.exe
  2⤵
  PID:10128
- C:\Windows\System\pstOxdM.exe
  C:\Windows\System\pstOxdM.exe
  2⤵
  PID:10076
- C:\Windows\System\gousHcR.exe
  C:\Windows\System\gousHcR.exe
  2⤵
  PID:10160
- C:\Windows\System\ipGRkqu.exe
  C:\Windows\System\ipGRkqu.exe
  2⤵
  PID:10180
- C:\Windows\System\iatJyUY.exe
  C:\Windows\System\iatJyUY.exe
  2⤵
  PID:10204
- C:\Windows\System\GMHViFI.exe
  C:\Windows\System\GMHViFI.exe
  2⤵
  PID:8856
- C:\Windows\System\KUiujND.exe
  C:\Windows\System\KUiujND.exe
  2⤵
  PID:2460
- C:\Windows\System\YyAxnVL.exe
  C:\Windows\System\YyAxnVL.exe
  2⤵
  PID:1540
- C:\Windows\System\TrfwlMz.exe
  C:\Windows\System\TrfwlMz.exe
  2⤵
  PID:9060
- C:\Windows\System\cLiEoRD.exe
  C:\Windows\System\cLiEoRD.exe
  2⤵
  PID:8080
- C:\Windows\System\OoQGNFx.exe
  C:\Windows\System\OoQGNFx.exe
  2⤵
  PID:9316
- C:\Windows\System\usNWJKP.exe
  C:\Windows\System\usNWJKP.exe
  2⤵
  PID:9436
- C:\Windows\System\MSXDVOX.exe
  C:\Windows\System\MSXDVOX.exe
  2⤵
  PID:9556
- C:\Windows\System\DRsanhH.exe
  C:\Windows\System\DRsanhH.exe
  2⤵
  PID:9328
- C:\Windows\System\TASrKtP.exe
  C:\Windows\System\TASrKtP.exe
  2⤵
  PID:9488
- C:\Windows\System\YwItBPx.exe
  C:\Windows\System\YwItBPx.exe
  2⤵
  PID:9564
- C:\Windows\System\evIGzOB.exe
  C:\Windows\System\evIGzOB.exe
  2⤵
  PID:9612
- C:\Windows\System\nrqlPWu.exe
  C:\Windows\System\nrqlPWu.exe
  2⤵
  PID:9592
- C:\Windows\System\OEghnUj.exe
  C:\Windows\System\OEghnUj.exe
  2⤵
  PID:9664
- C:\Windows\System\dvANFPc.exe
  C:\Windows\System\dvANFPc.exe
  2⤵
  PID:9700
- C:\Windows\System\RWPfDzz.exe
  C:\Windows\System\RWPfDzz.exe
  2⤵
  PID:9708
- C:\Windows\System\BuqAXWU.exe
  C:\Windows\System\BuqAXWU.exe
  2⤵
  PID:9828
- C:\Windows\System\cvDIEnp.exe
  C:\Windows\System\cvDIEnp.exe
  2⤵
  PID:9916
- C:\Windows\System\eWPRbUT.exe
  C:\Windows\System\eWPRbUT.exe
  2⤵
  PID:9912
- C:\Windows\System\biwWEWO.exe
  C:\Windows\System\biwWEWO.exe
  2⤵
  PID:9964
- C:\Windows\System\gqCTeUa.exe
  C:\Windows\System\gqCTeUa.exe
  2⤵
  PID:10024
- C:\Windows\System\TcvIrqZ.exe
  C:\Windows\System\TcvIrqZ.exe
  2⤵
  PID:10100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AFLSSIb.exe

Filesize
6.0MB

MD5
ef631f93c98b8930573919b643d2c532

SHA1
5ee9abc462ad9026d8f2d0b4274ea4a5722a3b71

SHA256
5555cec11340f0a017039fbd670a1d44504b0b7e386d535b47e788b0d0d77b1c

SHA512
ea4d707185506953d90a1227d1ad319bd2587e52e7b83de3e15f2069669d867bb9ee5c522b0d3119a9c1e07554128764c86573c8ea9d1d5681812f2e38c977dc

Download Submit
C:\Windows\system\AzrxpVs.exe

Filesize
6.0MB

MD5
c3b2ff0c2e36a17c31dc8a4f4d2ecc91

SHA1
8994eece26df745bf4882b7c130429fd7035f45b

SHA256
dafa7d451cf34dfe45d2ce60edd9b73c7e2c4772ccf0e8d16556ade8e28ff11f

SHA512
53947b4c6fd03fb82a161d4749a4730b942f2c9763894460e37fd80041059e7aa36a5db91ef5dfed9996d59141e297f1b7f84519d2b7f067703cbd9730a979b2

Download Submit
C:\Windows\system\BqpZYYQ.exe

Filesize
6.0MB

MD5
8d679b25fc5f769a892317b2622fd08e

SHA1
7105e4bd93175b60040e91b1c94d7ab0b75b9eb8

SHA256
583bfca5531af4fdc2d8fb4b30f1b96be512526b6a733073d73cedea5bf9e8d3

SHA512
4b3a742ae476def1eceb97303503c02a40a8df0281f8e09f31ada6f119581cd6991a71f902a071669667f41b1d2e136f91c89d3b8ed494a9182e94009e01efb6

Download Submit
C:\Windows\system\FZixJQw.exe

Filesize
6.0MB

MD5
4a065bd74dcae3e9028712050c6c3960

SHA1
6e5846ac9b3200543b21841c8aa26adbf03453a2

SHA256
0d6314884a3cc2eb8965b1f7f84ec831fff6551919d20f2cb60215ef6e1baea6

SHA512
44303271b863a36e56ad9677ce397cc19934ae04292d1727e835db5e0e163a8ecf37a2c50dfd8eb4229965753f384587afcc6fc26235d196901203c9d888cac9

Download Submit
C:\Windows\system\GXganKc.exe

Filesize
6.0MB

MD5
c2b833758890da8e5254fd216cc0f778

SHA1
2abd3d3e23022161773ccf04a3c51a89ba952c42

SHA256
6b2e2e66c9f330a2b21f1696443005fb532090cf721900b5f8e20344cc8b6dd7

SHA512
48ea6e6760d176a884691e4421116b419dac5109046fdabccd97799974cb30b5cc9e96dc0dd594aaac3346e11dcaa04f5b8005692a0cd243bfb4901bfc8bb079

Download Submit
C:\Windows\system\HElkjcX.exe

Filesize
6.0MB

MD5
dcc1aff59bb5b31a221360220eade01c

SHA1
7e6ce1c73504161810e060b4e08d3829e4bbabd9

SHA256
21d9603bb6097db022d9f742e219a1fd4f60f6a7ddeb32dba8776fc3e7984a1f

SHA512
5f23c265829f7c2d15eee1df7430d0e507830d5fd6b394184dd8503167b31c06550f295010328a9e90f0ef0d5766aaa48ff4f6c7438e13b8bcc97a755941c0d6

Download Submit
C:\Windows\system\HTQtcak.exe

Filesize
6.0MB

MD5
2b2e9ff944cad76b3849ac512973f7f1

SHA1
a13490defb9af928707c1af0f63a294b2d56a88b

SHA256
5936ceb817b88024bd4af7ee52d9d82ae64e18ede22ff8dd0f6a6492469ce412

SHA512
e564fb57606fb3f7801e6449f772e5188896b214dff1402b47e5ce7c743a81187f3833941cae6dc38c453732092e7d987fc673f2f025fa4f2860a3a9365567e2

Download Submit
C:\Windows\system\JAGsycF.exe

Filesize
6.0MB

MD5
6deee95ae3d503475489b87294f21c01

SHA1
69834a973a30cf4efd5afb5e1d35e5cbde49ce7e

SHA256
84ffaaec8e53c10d7b9f479aa75b328529740e74fb6252fe20f3aae74cd497ba

SHA512
7a4d58c9c7a5ea3cf375335be4dfee6fc02a53e8c4ba3995ad1b119ab38d0e332eb6faa611465f20892d4d1da188384cec46ce1a7d2bbec9130a5d8065aaa93f

Download Submit
C:\Windows\system\LxKyzBE.exe

Filesize
6.0MB

MD5
7d7e3ffbd4e8e1f5c1e7d0a6cc24b4d3

SHA1
7188ece851e71a941be81f14362c40ef33e41a28

SHA256
6bc9c5479df24329c15988ac14cdf03587c2951f2cd0c83abfed7d340e64c1f3

SHA512
8684e8f8835db71b54650acf4e24282e8486c86ec19b19da9e103492d4176f973e68851a6e566806c717f086bd099fd6007fc89610730231a474a888a9b663ea

Download Submit
C:\Windows\system\LyabKFD.exe

Filesize
6.0MB

MD5
5e3f4a5a3eb6afc6ae7f7c895466c47d

SHA1
a92d5dbaaf61841793e651ddb13f157d6e05e155

SHA256
05c83ce26afc1d7f8aaf3641788289e4bea651bb873e0503d554fd965ba48343

SHA512
7fe52bbd3e024210667706a059f8896eb6513a403d27616870234985237f25134bbe1036f1cc4421f9ede4708db28910ce79af8c84890aa09b6256b5e061f28b

Download Submit
C:\Windows\system\SdIkmrh.exe

Filesize
6.0MB

MD5
81468976530f224129f79c9b64721ab4

SHA1
610ba82b7a764b90a386b0f575ab1ff00f7c07f4

SHA256
6e2da0e98d17d7a2dff2b78ea52fa0ce86bd75a61cf1243f75c74d8a7fd21485

SHA512
5200d735824d165446d78a07d3d18710b625f8aef1ba6d220296eaaf2df91c00238f66d73c67013e348d4a7c6360295c2f60bc7ca1fbe026f7d631968c32e9ff

Download Submit
C:\Windows\system\SpoxFwA.exe

Filesize
6.0MB

MD5
c6b41c7f2c369d05caddfeb566c9f898

SHA1
8b48c10551e4263e2f97c5bb02aa46aeea951bda

SHA256
e347dc90f482ae50b2af728cdf55cc42fc330139402db1fdcfffe4851339271d

SHA512
06e8cafdc741181aa935e9cdcf129626f1b36e9c0069367c1e3086c37c792209e4caace0ff4efe161c8ad9e258679e670bc5076560313a73d2eb6e070b8db421

Download Submit
C:\Windows\system\VSCtMLO.exe

Filesize
6.0MB

MD5
a5f7ff6f59dd3423e7fd65bb0fd96585

SHA1
406da98c9dd2076453f4a8ac73f728779aac16a5

SHA256
be2e22c43783a6725ebc474dab1c051ed005dc3e1cbae038e6a5ab4e4f4dfc00

SHA512
d6d809bfae2619960a5e14c0f6671a3eb87a8f1f0c1ac571e505c1a8977911aa8e076e049764e090d40b1bc9bb4b8da356381527bb28e9c29d581f179f5cff97

Download Submit
C:\Windows\system\ZCRfutj.exe

Filesize
6.0MB

MD5
775510e5a94f701b4e589bdd13b25ce3

SHA1
3fd19bcb24e3333a469fb57f4da2cd4591ef1925

SHA256
7397171405478a2b2eeb60d0f24eddf68a08c3a9bdbb33ee0622bc2df3399f78

SHA512
dc2bd74df9258e39f49dab34a4e2baa275a037d78601cb81af1b236f4e61ee98422f15863f34b2187fed990ae70f44b6dac331f76f66ddcd326747a4732004a2

Download Submit
C:\Windows\system\bCjuwjA.exe

Filesize
6.0MB

MD5
6878bccad56b0025da902096e6fe89ae

SHA1
12e31c48fadc39d3089a307451d86c22c4a8eb40

SHA256
acdefc3225973a7e0752902c2a90d2e10265dc14ea43150053f57311c30ed8c0

SHA512
85b835803c9349e3683ee9c1272543e57ee99c40b9118ae0f279017a254464e24a8e6f74e9c2bfeda7e435360bbdec258796731567275129ea0e3fa0226bad0a

Download Submit
C:\Windows\system\cRkUjVh.exe

Filesize
6.0MB

MD5
78ba73236148616035a9d58fa4ea3b97

SHA1
03004cd08aa97d8c8ddb15e3ef0ed9d214087f97

SHA256
933d44581e99a853b2104c20e59d7d89bd68d0d05713b2c08cb1e89637a18573

SHA512
722af1379e4d80ab07befebdc73f92082ae8092006023f1890c7ba05595fb2ed0e0d78915db97669208d4951f8d45d508b9644103f4031ccc23e85641a9b39ea

Download Submit
C:\Windows\system\eWwTpVX.exe

Filesize
6.0MB

MD5
6901f63fd70cbae1e40253d9640f8890

SHA1
6c62e3ca91a20684a4965ad832445132cb195605

SHA256
4b630d36b52863ecf2f0feb17e65c984ae03fd98dac917a6518cde237b450f12

SHA512
2a72c10b88ca705a9486b984785d2d0b832af701dc1851c59686b3ac166921bb61da1f4572dd5d518699d586e2d73f3306747694333857b1d2bfb5c4bf14b4e4

Download Submit
C:\Windows\system\eXjDBzm.exe

Filesize
6.0MB

MD5
05be12f2d324a4763e3e0a38bc5253f2

SHA1
549d462ec908f23b399dc4fefa0281191cdc218b

SHA256
3b923dffa08e6e09c7b5096ddaf2a745393a23488d25b8e8e6a3fb77a5ec02c3

SHA512
099aeccabe500d23df517f9dee68282455ea55c08085368d8562ef3aa69e411fadaee56d62c79a785949f7632a6752f7be8b83e2a41c729016998be4d72bca2c

Download Submit
C:\Windows\system\kIHybnT.exe

Filesize
6.0MB

MD5
bf508092bcbfc5bae9a18ab88642b906

SHA1
d86f0de49e300a5579ba88ec01875779f594b080

SHA256
b00ed7315cabb9ff38f464dc3e0ff9d926d742b1c66fa641d82fd971f58220f3

SHA512
28bb95f04c6d55e3175095d036b2898ca7b27e6a93fb5718ad1d1da4e3ef1e6193caa7b3dca246f0ecfcd98080d282471aec2af253517445e44672ceed0532fa

Download Submit
C:\Windows\system\mWMnjoL.exe

Filesize
6.0MB

MD5
0b51d3a7ab464ce330f3e6cb073f387d

SHA1
18ab81f253728098ae975f9706cc2ad4c2343163

SHA256
11217f133263ab0362b0291ce4c30485d35ce618b1341fa523b6b126de120aeb

SHA512
00422042c3b6e741c82c7d47a2d08c91c4d273cf1c2ea9a28ccaf12172d681aba2dfaf0fc098585679dd8013cce44da23d4857baf116633c2304b05ab8c7d49a

Download Submit
C:\Windows\system\pUYxpmN.exe

Filesize
6.0MB

MD5
2412b1537f949427e6749706dd91fe34

SHA1
e837544c4b8247be735d7e474d95d4712d0bd481

SHA256
d5412aa090521d63ec7a5cd95b6fd6a048ce87ec872a9094cfe91eab391d1529

SHA512
d3e3a08480081335b791227c9743dc01316074be91633c4d62df5883db3378b5d00bf486d790ddbbf371af911f1d57d51c4c96bd0cbe15760d19a7aef03cce8b

Download Submit
C:\Windows\system\qLYWVlZ.exe

Filesize
6.0MB

MD5
83567f390ce0d6110999407fc0df75cc

SHA1
2864d3cbc5c93654d6f08074f6becd5b9e0e28a2

SHA256
83844178de7dc877fc36f44c3921503eecf92e25dcd756481991e2f1ad5cbca9

SHA512
9f7144318179fd4bde126b082ca8ad9ce440380994ff5b68a5b796b272460e4e6124c06babb9760b7ef7071d7cd0827f4ac23c6329679f18ade9883475663a49

Download Submit
C:\Windows\system\riykHtW.exe

Filesize
6.0MB

MD5
d1663875db97fd097770e54632fe9fab

SHA1
aa93b1540c60d1e23acb656904233ec08a8096d7

SHA256
b6c2b6ed32df5c2f17c94d3cdc2be390d329aef190de3604f134772ae6d89750

SHA512
182bdb222372c4ebd1e0f1aeee66238e9d59cb46598cb6df2ee45ec8d855a26b4718d43de99a1b22da560dc8f14e4dd4e7a0308451ba7ab9b93104d13f738709

Download Submit
C:\Windows\system\uzwHtvq.exe

Filesize
6.0MB

MD5
8e53385c152113b1c678d59952d4ce8f

SHA1
5e5b8f5eb83eb6c11bda3a3055beb22952c5d74a

SHA256
12ef3fb22229268c33e9d657c95d78d7acc63a868dadd81cfbf477105b29d19e

SHA512
110b4c1ddb41268cba1b97c8916ca03cb46d07e561a19bffd5b9b7fca06287d8d871700d0d3f723fefaac297612b90bd967a20d04b2436d74ec349333452b46a

Download Submit
C:\Windows\system\vLMkWQz.exe

Filesize
6.0MB

MD5
dc3e4da8caf7b671ce1dcfb5918a98ef

SHA1
2812aabbaaa2e4b16e129a8066886ea2363dd268

SHA256
69da71e93b7e7eeec1ac11139252efa7851e07f8230afec2823f458c2b3c5b3a

SHA512
2df3c1abeaa68518913f0b5299f8ee601a452f8d79047fba4ca4dd222695e5a13ce0ebf02c5204da53ae58eeb3f40d75580276c4e3c0a164c3c204811c15f446

Download Submit
C:\Windows\system\wPxTrbP.exe

Filesize
6.0MB

MD5
646496a223abc81cf0752b06ba91440a

SHA1
099cafc9579722b2ea65a4651df9b58802929c25

SHA256
63bba3f292886be32f9ba1f7096f93109417850c767e1293ebb0931af2b2c91d

SHA512
a0b0d9ca8e39100a1069e63622a88ca26fabb75fa484174a722218c821a6d0f0ef04f4fa6457bab32541d44c7cd0135293e73d503e4ba359a254c141351c314d

Download Submit
C:\Windows\system\wRuQFEB.exe

Filesize
6.0MB

MD5
382f7db4c2ec17beb24a8dc6fd4e2033

SHA1
8ef41a6d0ec0e2ce53d98c2338c2619a4b9a1127

SHA256
ed5f99467938490c85505a33e18c644d197c6e85d1c52a6f4efef2e7524bd8a1

SHA512
bcef0a2f83521c7727cf50afa231230e2b0eddccccf3baf137d8db44223360f5f1161076348b7cd683b64d40f25e31a93c4a4bb5c7faa357240c3eb888bdae42

Download Submit
C:\Windows\system\wfjckmQ.exe

Filesize
6.0MB

MD5
5f00d50826c0c028ba557fe4780e46df

SHA1
f2b29170f5de4adbe094f091a218487ccca91c0d

SHA256
ec78890eb5c5137551c437f3c49349ac692c64c1cadd1e58c9001ed328756f2c

SHA512
48ddde7dec940f7b68676ecdad77c0c1cf254e1af57a903d0b1e82a678b9968330352ffcd876c10e466872b1cd002063c747fe707fa2ede0532736de2d3ea7c9

Download Submit
C:\Windows\system\ynqDWeq.exe

Filesize
6.0MB

MD5
e6101fe7edbe275687444e6224877a12

SHA1
65e849839b1b0e5294ec521564752a30016f54c3

SHA256
c664bd9cea2a8dc1f9e116b7dd7b4d806c37e0d1ff88c62038de6d7147249693

SHA512
a7193ad07d81e5a978f3a550ccb0abbe6ca7759ffea8c05dacee5a251d3652245efd34b1206bf488d90d2db6fcd1bf5e84c65b7171fb121a115e4e5f003ab4be

Download Submit
\Windows\system\Jsspnjq.exe

Filesize
6.0MB

MD5
8628205934fccbe40891da53edaa6505

SHA1
581d74a44cee20dd0357ed944b5b34122a5a2b78

SHA256
0358cde4540d55fe83564cd7216eb3ed59c4fbddee737eaa7dc02db9d7d35b8e

SHA512
0bfcbf56c90881225998279b0b1a30df1551b06a0e4f546d2aec870d1ef710420fa2b948a201cb500eda309cd7c95f4399a6f9c0bbad451b2ba94f04e50d5f0d

Download Submit
\Windows\system\LIsExhI.exe

Filesize
6.0MB

MD5
1329b0cde4d980b485df58c98e4eb1d8

SHA1
cb7632433c6775da5d0842fdda1b4fa87029d5e1

SHA256
f1e3f10976e57bbb621ae494087975f09fd3e77a63347634a4c07125bb6c1d56

SHA512
96e049df5e3e7e98a71a203f279c7eed8e8cc19c911adc05fdff535a9709df7ee77b5aeac8fc542262b719c1af5de3fe5ea37355df50b97cf4b1265ff7cc3034

Download Submit
\Windows\system\aCwfRPF.exe

Filesize
6.0MB

MD5
6a2af8cdca94f65ec0c1814eedd679e7

SHA1
7c7bd2c6278800345fe85eaa23a4c81f9f92c31d

SHA256
41152cc117535cae61c555e6238cd30c22f84237aa8c59fb701b45580da00d75

SHA512
8a57a6406c62b2a0b4557cc08947b604440c024b899e2cb5b5f3326160d3b85110a50a066cdff81c6410c2800734506f0c138692f7b930bfe84b24611ea99331

Download Submit
\Windows\system\pKeGWIg.exe

Filesize
6.0MB

MD5
b73871973e3b78fc5bd1488bf4414f0e

SHA1
86de2c8cd566c83fc2730a81f85b8c404e567f27

SHA256
b256812850c9f89477889224614120acd58ad1a698e2e2410ecbdd8e5a7185a7

SHA512
40d9b233bfb1fdda78734909cea24b1f5f078e5f0aeda1f6ae1b57e0e39d35e57053ffd8cd6b5ed078e819425526c98d54cc292882a197e00522f16dcbf6d1c5

Download Submit
memory/484-4058-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/484-835-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/484-98-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/576-66-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/576-4053-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-99-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/1048-4052-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/1856-90-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1856-4056-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1980-104-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/1980-4057-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-518-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-4055-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-85-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-51-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-4050-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-83-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2536-43-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2536-4051-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2644-8-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2644-21-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2644-100-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2644-86-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2644-111-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2644-17-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2644-84-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-0-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-72-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1140-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2644-944-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2644-28-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2644-65-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-724-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2644-58-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2644-517-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-52-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2644-44-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2644-110-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-42-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2644-34-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2644-314-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2660-53-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2660-4047-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2660-19-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2680-4048-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2680-35-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2680-71-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4046-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2780-9-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2824-29-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2824-4049-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2824-64-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2832-315-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-4054-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-73-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-4043-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-23-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download