cobaltstrike | 6836d1856a1fe01219461c1504e1539a50c08d9c4bafc910c62662d51caa2bff

Analysis

max time kernel
150s
max time network
127s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 00:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0cc06492bd4ff3e7eef07a650eca4da3
SHA1

3d19b9af57b80a7ca44c5adf43640526b5fed0f8
SHA256

6836d1856a1fe01219461c1504e1539a50c08d9c4bafc910c62662d51caa2bff
SHA512

e49164d5b11b8b23aac29ff84c8c1629fb75ac13a432e796c172e3d6b2a93b423e871425eeb52906e5a54abdc68fa662be2565af243d828801e25a058696199d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUj:T+q56utgpPF8u/7j

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001225c-3.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001660b-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ace-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c10-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c1a-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c23-30.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016fc9-36.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-41.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019480-45.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948c-55.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-103.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-185.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-184.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-182.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-75.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019489-50.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3040-0-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x000b00000001225c-3.dat	xmrig
behavioral1/files/0x000900000001660b-8.dat	xmrig
behavioral1/files/0x0008000000016ace-12.dat	xmrig
behavioral1/files/0x0007000000016c10-21.dat	xmrig
behavioral1/files/0x0007000000016c1a-22.dat	xmrig
behavioral1/files/0x0007000000016c23-30.dat	xmrig
behavioral1/files/0x0008000000016fc9-36.dat	xmrig
behavioral1/files/0x0002000000018334-41.dat	xmrig
behavioral1/files/0x0006000000019480-45.dat	xmrig
behavioral1/files/0x000500000001948c-55.dat	xmrig
behavioral1/files/0x00050000000194a3-65.dat	xmrig
behavioral1/files/0x000500000001950f-81.dat	xmrig
behavioral1/files/0x0005000000019547-90.dat	xmrig
behavioral1/files/0x000500000001957c-95.dat	xmrig
behavioral1/files/0x00050000000195a9-103.dat	xmrig
behavioral1/files/0x00050000000195ab-110.dat	xmrig
behavioral1/files/0x00050000000195af-120.dat	xmrig
behavioral1/files/0x00050000000195b7-134.dat	xmrig
behavioral1/files/0x00050000000195c3-185.dat	xmrig
behavioral1/files/0x00050000000195bd-184.dat	xmrig
behavioral1/memory/3040-590-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195b3-182.dat	xmrig
behavioral1/memory/1504-181-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/1168-178-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/3040-177-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2400-176-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/3040-175-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/1072-174-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2692-172-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2648-170-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/3040-169-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/memory/1856-168-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/3040-167-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/memory/3024-166-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/3040-165-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2856-164-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/3040-163-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/memory/2768-162-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2932-160-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/3040-159-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/memory/2896-158-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/3040-157-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2756-156-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2440-154-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c1-149.dat	xmrig
behavioral1/files/0x00050000000195bb-144.dat	xmrig
behavioral1/files/0x00050000000195b5-137.dat	xmrig
behavioral1/files/0x00050000000195b1-126.dat	xmrig
behavioral1/files/0x00050000000195ad-116.dat	xmrig
behavioral1/files/0x00050000000195a7-100.dat	xmrig
behavioral1/files/0x0005000000019515-85.dat	xmrig
behavioral1/files/0x00050000000194ef-75.dat	xmrig
behavioral1/files/0x00050000000194eb-70.dat	xmrig
behavioral1/files/0x0005000000019490-60.dat	xmrig
behavioral1/files/0x0005000000019489-50.dat	xmrig
behavioral1/memory/2440-1481-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/1856-1512-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2768-1502-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/1072-1534-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/1168-1535-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2648-1519-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2400-1530-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2692-1528-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1504	ECSTmvO.exe
2440	ZgQWftQ.exe
2756	FgPVBuz.exe
2896	uavDbYw.exe
2932	pDMHGWz.exe
2768	XISklky.exe
2856	uoJDyLZ.exe
3024	IIwzfEm.exe
1856	guKGEbY.exe
2648	WPVezWh.exe
2692	gsDbEAP.exe
1072	QtxVsfq.exe
2400	HhsiRUi.exe
1168	pxUEnxI.exe
1780	srlTXuB.exe
2228	oiQoTmH.exe
1676	tRiFttD.exe
2592	FZudslW.exe
2296	IAEGodu.exe
2948	FDKgSmG.exe
2996	eraFHyz.exe
2232	sFiSQxG.exe
992	meCVvVI.exe
2016	ypfJVJP.exe
2384	zAmpAsP.exe
2076	RaJgZBe.exe
2156	TinFVNW.exe
2064	pfgdrTL.exe
516	OCYIbEC.exe
2412	YCWSBsp.exe
2416	CHiTRUv.exe
2468	EGjBZSw.exe
660	QuqEmtU.exe
1096	aXoCyGt.exe
1972	ySRNeLi.exe
2552	FeyqESv.exe
1128	HFOTgTe.exe
1400	xciQCYW.exe
540	ddoqxwI.exe
1692	ykyPuwl.exe
508	pwtNool.exe
2516	wDAkQsS.exe
1916	CZIdjGb.exe
3068	ctDmqWI.exe
1864	DqPBytd.exe
928	mUonjei.exe
2256	eWWnCsN.exe
1952	DwUWMZS.exe
1468	rCgBvFk.exe
1568	XHXIVVT.exe
1484	ruRiImL.exe
1900	sUtdGVg.exe
1564	uqGefkS.exe
2448	qppjgQx.exe
3064	jJMIpRH.exe
2280	NlMiSoU.exe
2828	aqaxqyn.exe
2792	WlYKQLJ.exe
3048	UhDYvfk.exe
2864	djcBDls.exe
2728	xzFLXlb.exe
2712	gKtvHBg.exe
2320	xcBkgyA.exe
1748	AfRqnhJ.exe

Loads dropped DLL 64 IoCs

pid	Process
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3040-0-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x000b00000001225c-3.dat	upx
behavioral1/files/0x000900000001660b-8.dat	upx
behavioral1/files/0x0008000000016ace-12.dat	upx
behavioral1/files/0x0007000000016c10-21.dat	upx
behavioral1/files/0x0007000000016c1a-22.dat	upx
behavioral1/files/0x0007000000016c23-30.dat	upx
behavioral1/files/0x0008000000016fc9-36.dat	upx
behavioral1/files/0x0002000000018334-41.dat	upx
behavioral1/files/0x0006000000019480-45.dat	upx
behavioral1/files/0x000500000001948c-55.dat	upx
behavioral1/files/0x00050000000194a3-65.dat	upx
behavioral1/files/0x000500000001950f-81.dat	upx
behavioral1/files/0x0005000000019547-90.dat	upx
behavioral1/files/0x000500000001957c-95.dat	upx
behavioral1/files/0x00050000000195a9-103.dat	upx
behavioral1/files/0x00050000000195ab-110.dat	upx
behavioral1/files/0x00050000000195af-120.dat	upx
behavioral1/files/0x00050000000195b7-134.dat	upx
behavioral1/files/0x00050000000195c3-185.dat	upx
behavioral1/files/0x00050000000195bd-184.dat	upx
behavioral1/memory/3040-590-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x00050000000195b3-182.dat	upx
behavioral1/memory/1504-181-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/1168-178-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2400-176-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/1072-174-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2692-172-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2648-170-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/1856-168-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/3024-166-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2856-164-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2768-162-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2932-160-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2896-158-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2756-156-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2440-154-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x00050000000195c1-149.dat	upx
behavioral1/files/0x00050000000195bb-144.dat	upx
behavioral1/files/0x00050000000195b5-137.dat	upx
behavioral1/files/0x00050000000195b1-126.dat	upx
behavioral1/files/0x00050000000195ad-116.dat	upx
behavioral1/files/0x00050000000195a7-100.dat	upx
behavioral1/files/0x0005000000019515-85.dat	upx
behavioral1/files/0x00050000000194ef-75.dat	upx
behavioral1/files/0x00050000000194eb-70.dat	upx
behavioral1/files/0x0005000000019490-60.dat	upx
behavioral1/files/0x0005000000019489-50.dat	upx
behavioral1/memory/2440-1481-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/1856-1512-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2768-1502-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/1072-1534-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/1168-1535-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2648-1519-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2400-1530-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2692-1528-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2856-1509-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/3024-1514-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2932-1494-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2896-1492-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2756-1480-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/1504-1478-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qZxHMkU.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ySJlBqP.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQWjIoE.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bbGEyqw.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lEqVOSO.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\THDdIJK.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gUOIkvq.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MzPkDmO.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HupFngq.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HEdfEso.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jUOqYEV.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VpFfiUb.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCIETgO.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hIHCRRU.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhOyqLm.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hGrMstF.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DgcZLyO.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTwEXXQ.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UcgsCzH.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFHhVsn.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iIPGivD.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSuFDsv.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yieBhtX.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kvcdxAq.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NxmdsQS.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FIeGClS.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRsNWVr.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dbXRVWK.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NkAwkeI.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\escgJCn.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\toKJSMa.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wcNnyXx.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vmCEpAX.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vxoHfHz.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpDaUqF.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PrNYMAk.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hqCEbid.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tAHYhiC.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oVHizon.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHBHdah.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AhrvMty.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xZInmfT.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JEIYRFX.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qnyrgzz.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFDWwkJ.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCKTZre.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ACqBIIM.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CiVVNzd.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jdWxQER.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gVDWWzA.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MZkoqVB.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sraNBQV.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XvYkwVh.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\grLvcjs.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZKTECO.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aHKQzgN.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ocjOXVa.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQzVObO.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WEsjurC.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MyzyHEe.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lhOjvtS.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zDYHPsK.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qzqdJHR.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qpagTFd.exe	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 1504	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3040 wrote to memory of 1504	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3040 wrote to memory of 1504	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3040 wrote to memory of 2440	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3040 wrote to memory of 2440	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3040 wrote to memory of 2440	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3040 wrote to memory of 2756	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3040 wrote to memory of 2756	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3040 wrote to memory of 2756	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3040 wrote to memory of 2896	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3040 wrote to memory of 2896	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3040 wrote to memory of 2896	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3040 wrote to memory of 2932	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3040 wrote to memory of 2932	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3040 wrote to memory of 2932	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3040 wrote to memory of 2768	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3040 wrote to memory of 2768	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3040 wrote to memory of 2768	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3040 wrote to memory of 2856	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3040 wrote to memory of 2856	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3040 wrote to memory of 2856	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3040 wrote to memory of 3024	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3040 wrote to memory of 3024	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3040 wrote to memory of 3024	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3040 wrote to memory of 1856	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3040 wrote to memory of 1856	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3040 wrote to memory of 1856	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3040 wrote to memory of 2648	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3040 wrote to memory of 2648	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3040 wrote to memory of 2648	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3040 wrote to memory of 2692	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3040 wrote to memory of 2692	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3040 wrote to memory of 2692	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3040 wrote to memory of 1072	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3040 wrote to memory of 1072	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3040 wrote to memory of 1072	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3040 wrote to memory of 2400	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3040 wrote to memory of 2400	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3040 wrote to memory of 2400	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3040 wrote to memory of 1168	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3040 wrote to memory of 1168	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3040 wrote to memory of 1168	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3040 wrote to memory of 1780	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3040 wrote to memory of 1780	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3040 wrote to memory of 1780	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3040 wrote to memory of 2228	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3040 wrote to memory of 2228	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3040 wrote to memory of 2228	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3040 wrote to memory of 1676	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3040 wrote to memory of 1676	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3040 wrote to memory of 1676	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3040 wrote to memory of 2592	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3040 wrote to memory of 2592	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3040 wrote to memory of 2592	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3040 wrote to memory of 2296	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3040 wrote to memory of 2296	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3040 wrote to memory of 2296	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3040 wrote to memory of 2948	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3040 wrote to memory of 2948	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3040 wrote to memory of 2948	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3040 wrote to memory of 2996	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3040 wrote to memory of 2996	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3040 wrote to memory of 2996	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3040 wrote to memory of 2232	3040	2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-26_0cc06492bd4ff3e7eef07a650eca4da3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\System\ECSTmvO.exe
  C:\Windows\System\ECSTmvO.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\ZgQWftQ.exe
  C:\Windows\System\ZgQWftQ.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\FgPVBuz.exe
  C:\Windows\System\FgPVBuz.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\uavDbYw.exe
  C:\Windows\System\uavDbYw.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\pDMHGWz.exe
  C:\Windows\System\pDMHGWz.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\XISklky.exe
  C:\Windows\System\XISklky.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\uoJDyLZ.exe
  C:\Windows\System\uoJDyLZ.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\IIwzfEm.exe
  C:\Windows\System\IIwzfEm.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\guKGEbY.exe
  C:\Windows\System\guKGEbY.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\WPVezWh.exe
  C:\Windows\System\WPVezWh.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\gsDbEAP.exe
  C:\Windows\System\gsDbEAP.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\QtxVsfq.exe
  C:\Windows\System\QtxVsfq.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\HhsiRUi.exe
  C:\Windows\System\HhsiRUi.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\pxUEnxI.exe
  C:\Windows\System\pxUEnxI.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\srlTXuB.exe
  C:\Windows\System\srlTXuB.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\oiQoTmH.exe
  C:\Windows\System\oiQoTmH.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\tRiFttD.exe
  C:\Windows\System\tRiFttD.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\FZudslW.exe
  C:\Windows\System\FZudslW.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\IAEGodu.exe
  C:\Windows\System\IAEGodu.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\FDKgSmG.exe
  C:\Windows\System\FDKgSmG.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\eraFHyz.exe
  C:\Windows\System\eraFHyz.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\sFiSQxG.exe
  C:\Windows\System\sFiSQxG.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\meCVvVI.exe
  C:\Windows\System\meCVvVI.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\ypfJVJP.exe
  C:\Windows\System\ypfJVJP.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\zAmpAsP.exe
  C:\Windows\System\zAmpAsP.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\OCYIbEC.exe
  C:\Windows\System\OCYIbEC.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\RaJgZBe.exe
  C:\Windows\System\RaJgZBe.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\YCWSBsp.exe
  C:\Windows\System\YCWSBsp.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\TinFVNW.exe
  C:\Windows\System\TinFVNW.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\CHiTRUv.exe
  C:\Windows\System\CHiTRUv.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\pfgdrTL.exe
  C:\Windows\System\pfgdrTL.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\EGjBZSw.exe
  C:\Windows\System\EGjBZSw.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\QuqEmtU.exe
  C:\Windows\System\QuqEmtU.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\aXoCyGt.exe
  C:\Windows\System\aXoCyGt.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\ySRNeLi.exe
  C:\Windows\System\ySRNeLi.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\FeyqESv.exe
  C:\Windows\System\FeyqESv.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\HFOTgTe.exe
  C:\Windows\System\HFOTgTe.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\xciQCYW.exe
  C:\Windows\System\xciQCYW.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\ddoqxwI.exe
  C:\Windows\System\ddoqxwI.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\CZIdjGb.exe
  C:\Windows\System\CZIdjGb.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\ykyPuwl.exe
  C:\Windows\System\ykyPuwl.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\ctDmqWI.exe
  C:\Windows\System\ctDmqWI.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\pwtNool.exe
  C:\Windows\System\pwtNool.exe
  2⤵
  - Executes dropped EXE
  PID:508
- C:\Windows\System\eWWnCsN.exe
  C:\Windows\System\eWWnCsN.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\wDAkQsS.exe
  C:\Windows\System\wDAkQsS.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\DwUWMZS.exe
  C:\Windows\System\DwUWMZS.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\DqPBytd.exe
  C:\Windows\System\DqPBytd.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\rCgBvFk.exe
  C:\Windows\System\rCgBvFk.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\mUonjei.exe
  C:\Windows\System\mUonjei.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\XHXIVVT.exe
  C:\Windows\System\XHXIVVT.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\ruRiImL.exe
  C:\Windows\System\ruRiImL.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\sUtdGVg.exe
  C:\Windows\System\sUtdGVg.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\uqGefkS.exe
  C:\Windows\System\uqGefkS.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\NlMiSoU.exe
  C:\Windows\System\NlMiSoU.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\qppjgQx.exe
  C:\Windows\System\qppjgQx.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\WlYKQLJ.exe
  C:\Windows\System\WlYKQLJ.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\jJMIpRH.exe
  C:\Windows\System\jJMIpRH.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\UhDYvfk.exe
  C:\Windows\System\UhDYvfk.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\aqaxqyn.exe
  C:\Windows\System\aqaxqyn.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\djcBDls.exe
  C:\Windows\System\djcBDls.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\xzFLXlb.exe
  C:\Windows\System\xzFLXlb.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\xcBkgyA.exe
  C:\Windows\System\xcBkgyA.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\gKtvHBg.exe
  C:\Windows\System\gKtvHBg.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\AfRqnhJ.exe
  C:\Windows\System\AfRqnhJ.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\GqLQVnS.exe
  C:\Windows\System\GqLQVnS.exe
  2⤵
  PID:884
- C:\Windows\System\KXPqrKN.exe
  C:\Windows\System\KXPqrKN.exe
  2⤵
  PID:2388
- C:\Windows\System\ePzgxwY.exe
  C:\Windows\System\ePzgxwY.exe
  2⤵
  PID:2980
- C:\Windows\System\EiTLiFH.exe
  C:\Windows\System\EiTLiFH.exe
  2⤵
  PID:2460
- C:\Windows\System\VqoqfjO.exe
  C:\Windows\System\VqoqfjO.exe
  2⤵
  PID:2988
- C:\Windows\System\QUQmyXb.exe
  C:\Windows\System\QUQmyXb.exe
  2⤵
  PID:2368
- C:\Windows\System\BNBGsQC.exe
  C:\Windows\System\BNBGsQC.exe
  2⤵
  PID:2424
- C:\Windows\System\nOakzip.exe
  C:\Windows\System\nOakzip.exe
  2⤵
  PID:1656
- C:\Windows\System\VlydIOy.exe
  C:\Windows\System\VlydIOy.exe
  2⤵
  PID:2176
- C:\Windows\System\DxXWcfT.exe
  C:\Windows\System\DxXWcfT.exe
  2⤵
  PID:2172
- C:\Windows\System\VzxJdsF.exe
  C:\Windows\System\VzxJdsF.exe
  2⤵
  PID:2268
- C:\Windows\System\cuYGbFs.exe
  C:\Windows\System\cuYGbFs.exe
  2⤵
  PID:2604
- C:\Windows\System\VYwGNMt.exe
  C:\Windows\System\VYwGNMt.exe
  2⤵
  PID:2096
- C:\Windows\System\nQfrbCG.exe
  C:\Windows\System\nQfrbCG.exe
  2⤵
  PID:1316
- C:\Windows\System\RwOwPBT.exe
  C:\Windows\System\RwOwPBT.exe
  2⤵
  PID:1200
- C:\Windows\System\crumTQJ.exe
  C:\Windows\System\crumTQJ.exe
  2⤵
  PID:2304
- C:\Windows\System\aRdpGaD.exe
  C:\Windows\System\aRdpGaD.exe
  2⤵
  PID:1548
- C:\Windows\System\HkSZboi.exe
  C:\Windows\System\HkSZboi.exe
  2⤵
  PID:2540
- C:\Windows\System\YWrzRHk.exe
  C:\Windows\System\YWrzRHk.exe
  2⤵
  PID:2184
- C:\Windows\System\fpDaUqF.exe
  C:\Windows\System\fpDaUqF.exe
  2⤵
  PID:1716
- C:\Windows\System\KeHPjzd.exe
  C:\Windows\System\KeHPjzd.exe
  2⤵
  PID:2052
- C:\Windows\System\GCyQeQp.exe
  C:\Windows\System\GCyQeQp.exe
  2⤵
  PID:1632
- C:\Windows\System\lIqlmQX.exe
  C:\Windows\System\lIqlmQX.exe
  2⤵
  PID:544
- C:\Windows\System\OgyquFu.exe
  C:\Windows\System\OgyquFu.exe
  2⤵
  PID:2944
- C:\Windows\System\UQGAOFr.exe
  C:\Windows\System\UQGAOFr.exe
  2⤵
  PID:2876
- C:\Windows\System\FSERBfp.exe
  C:\Windows\System\FSERBfp.exe
  2⤵
  PID:2752
- C:\Windows\System\UwdSfrx.exe
  C:\Windows\System\UwdSfrx.exe
  2⤵
  PID:2544
- C:\Windows\System\EohzRoA.exe
  C:\Windows\System\EohzRoA.exe
  2⤵
  PID:2392
- C:\Windows\System\CiVVNzd.exe
  C:\Windows\System\CiVVNzd.exe
  2⤵
  PID:1800
- C:\Windows\System\oXtrHGo.exe
  C:\Windows\System\oXtrHGo.exe
  2⤵
  PID:2084
- C:\Windows\System\sknxETq.exe
  C:\Windows\System\sknxETq.exe
  2⤵
  PID:604
- C:\Windows\System\AbJSrcd.exe
  C:\Windows\System\AbJSrcd.exe
  2⤵
  PID:1996
- C:\Windows\System\JBmaNZg.exe
  C:\Windows\System\JBmaNZg.exe
  2⤵
  PID:1008
- C:\Windows\System\DCvoDkb.exe
  C:\Windows\System\DCvoDkb.exe
  2⤵
  PID:1804
- C:\Windows\System\PxBiLiU.exe
  C:\Windows\System\PxBiLiU.exe
  2⤵
  PID:1880
- C:\Windows\System\ydajLPU.exe
  C:\Windows\System\ydajLPU.exe
  2⤵
  PID:1160
- C:\Windows\System\tuNWwCZ.exe
  C:\Windows\System\tuNWwCZ.exe
  2⤵
  PID:3088
- C:\Windows\System\METLPGQ.exe
  C:\Windows\System\METLPGQ.exe
  2⤵
  PID:3108
- C:\Windows\System\SSqNVDT.exe
  C:\Windows\System\SSqNVDT.exe
  2⤵
  PID:3128
- C:\Windows\System\BOuIRRg.exe
  C:\Windows\System\BOuIRRg.exe
  2⤵
  PID:3144
- C:\Windows\System\kPgOHtR.exe
  C:\Windows\System\kPgOHtR.exe
  2⤵
  PID:3164
- C:\Windows\System\HtDTqVG.exe
  C:\Windows\System\HtDTqVG.exe
  2⤵
  PID:3180
- C:\Windows\System\MxNaQXm.exe
  C:\Windows\System\MxNaQXm.exe
  2⤵
  PID:3204
- C:\Windows\System\bjXWSsN.exe
  C:\Windows\System\bjXWSsN.exe
  2⤵
  PID:3220
- C:\Windows\System\zBxOSZv.exe
  C:\Windows\System\zBxOSZv.exe
  2⤵
  PID:3240
- C:\Windows\System\iQxBnvX.exe
  C:\Windows\System\iQxBnvX.exe
  2⤵
  PID:3256
- C:\Windows\System\GmQnqnf.exe
  C:\Windows\System\GmQnqnf.exe
  2⤵
  PID:3276
- C:\Windows\System\GFUmaxS.exe
  C:\Windows\System\GFUmaxS.exe
  2⤵
  PID:3296
- C:\Windows\System\hIPEfbT.exe
  C:\Windows\System\hIPEfbT.exe
  2⤵
  PID:3312
- C:\Windows\System\tHoGmpp.exe
  C:\Windows\System\tHoGmpp.exe
  2⤵
  PID:3328
- C:\Windows\System\XgoJbVL.exe
  C:\Windows\System\XgoJbVL.exe
  2⤵
  PID:3344
- C:\Windows\System\SNCsMBI.exe
  C:\Windows\System\SNCsMBI.exe
  2⤵
  PID:3372
- C:\Windows\System\sbJAJIQ.exe
  C:\Windows\System\sbJAJIQ.exe
  2⤵
  PID:3388
- C:\Windows\System\XpsBwTv.exe
  C:\Windows\System\XpsBwTv.exe
  2⤵
  PID:3404
- C:\Windows\System\aPObyZr.exe
  C:\Windows\System\aPObyZr.exe
  2⤵
  PID:3420
- C:\Windows\System\qAYBScG.exe
  C:\Windows\System\qAYBScG.exe
  2⤵
  PID:3436
- C:\Windows\System\pWtDZRu.exe
  C:\Windows\System\pWtDZRu.exe
  2⤵
  PID:3492
- C:\Windows\System\aXBexxj.exe
  C:\Windows\System\aXBexxj.exe
  2⤵
  PID:3624
- C:\Windows\System\XqJjrzC.exe
  C:\Windows\System\XqJjrzC.exe
  2⤵
  PID:3640
- C:\Windows\System\WNslxXq.exe
  C:\Windows\System\WNslxXq.exe
  2⤵
  PID:3660
- C:\Windows\System\hioVkHY.exe
  C:\Windows\System\hioVkHY.exe
  2⤵
  PID:3684
- C:\Windows\System\kVWkVSj.exe
  C:\Windows\System\kVWkVSj.exe
  2⤵
  PID:3704
- C:\Windows\System\iyAhYcj.exe
  C:\Windows\System\iyAhYcj.exe
  2⤵
  PID:3720
- C:\Windows\System\DtVndOm.exe
  C:\Windows\System\DtVndOm.exe
  2⤵
  PID:3740
- C:\Windows\System\qLTXhzC.exe
  C:\Windows\System\qLTXhzC.exe
  2⤵
  PID:3768
- C:\Windows\System\TtMWdFg.exe
  C:\Windows\System\TtMWdFg.exe
  2⤵
  PID:3788
- C:\Windows\System\YeUDLRb.exe
  C:\Windows\System\YeUDLRb.exe
  2⤵
  PID:3804
- C:\Windows\System\MffKpqw.exe
  C:\Windows\System\MffKpqw.exe
  2⤵
  PID:3820
- C:\Windows\System\FFRJidR.exe
  C:\Windows\System\FFRJidR.exe
  2⤵
  PID:3840
- C:\Windows\System\mjEvoYJ.exe
  C:\Windows\System\mjEvoYJ.exe
  2⤵
  PID:3864
- C:\Windows\System\LuDYudo.exe
  C:\Windows\System\LuDYudo.exe
  2⤵
  PID:3888
- C:\Windows\System\pAkVbzs.exe
  C:\Windows\System\pAkVbzs.exe
  2⤵
  PID:3908
- C:\Windows\System\tiVCAdV.exe
  C:\Windows\System\tiVCAdV.exe
  2⤵
  PID:3928
- C:\Windows\System\ZGtkgBM.exe
  C:\Windows\System\ZGtkgBM.exe
  2⤵
  PID:3948
- C:\Windows\System\miMyclK.exe
  C:\Windows\System\miMyclK.exe
  2⤵
  PID:3968
- C:\Windows\System\vvGpFKq.exe
  C:\Windows\System\vvGpFKq.exe
  2⤵
  PID:3988
- C:\Windows\System\YGqyIuw.exe
  C:\Windows\System\YGqyIuw.exe
  2⤵
  PID:4008
- C:\Windows\System\sUxWkeN.exe
  C:\Windows\System\sUxWkeN.exe
  2⤵
  PID:4028
- C:\Windows\System\XfKSfvJ.exe
  C:\Windows\System\XfKSfvJ.exe
  2⤵
  PID:4048
- C:\Windows\System\UPAzVXz.exe
  C:\Windows\System\UPAzVXz.exe
  2⤵
  PID:4068
- C:\Windows\System\kbIwmrR.exe
  C:\Windows\System\kbIwmrR.exe
  2⤵
  PID:4088
- C:\Windows\System\xXMRBod.exe
  C:\Windows\System\xXMRBod.exe
  2⤵
  PID:2968
- C:\Windows\System\oAcBFqe.exe
  C:\Windows\System\oAcBFqe.exe
  2⤵
  PID:1452
- C:\Windows\System\odcPOOJ.exe
  C:\Windows\System\odcPOOJ.exe
  2⤵
  PID:908
- C:\Windows\System\ygkFcei.exe
  C:\Windows\System\ygkFcei.exe
  2⤵
  PID:3136
- C:\Windows\System\ThxUcLU.exe
  C:\Windows\System\ThxUcLU.exe
  2⤵
  PID:3176
- C:\Windows\System\OrwEuus.exe
  C:\Windows\System\OrwEuus.exe
  2⤵
  PID:3284
- C:\Windows\System\RHurczE.exe
  C:\Windows\System\RHurczE.exe
  2⤵
  PID:3324
- C:\Windows\System\LakvISQ.exe
  C:\Windows\System\LakvISQ.exe
  2⤵
  PID:3364
- C:\Windows\System\xSBsSrX.exe
  C:\Windows\System\xSBsSrX.exe
  2⤵
  PID:2892
- C:\Windows\System\XNqRLfG.exe
  C:\Windows\System\XNqRLfG.exe
  2⤵
  PID:2584
- C:\Windows\System\mbXTWvR.exe
  C:\Windows\System\mbXTWvR.exe
  2⤵
  PID:2680
- C:\Windows\System\WRcqcGA.exe
  C:\Windows\System\WRcqcGA.exe
  2⤵
  PID:2472
- C:\Windows\System\UlnmWYt.exe
  C:\Windows\System\UlnmWYt.exe
  2⤵
  PID:3124
- C:\Windows\System\Jbqrdau.exe
  C:\Windows\System\Jbqrdau.exe
  2⤵
  PID:3268
- C:\Windows\System\onUbIYV.exe
  C:\Windows\System\onUbIYV.exe
  2⤵
  PID:3340
- C:\Windows\System\ZtaCVhN.exe
  C:\Windows\System\ZtaCVhN.exe
  2⤵
  PID:3444
- C:\Windows\System\IUEnODA.exe
  C:\Windows\System\IUEnODA.exe
  2⤵
  PID:3232
- C:\Windows\System\kvHACba.exe
  C:\Windows\System\kvHACba.exe
  2⤵
  PID:3116
- C:\Windows\System\lJtjKop.exe
  C:\Windows\System\lJtjKop.exe
  2⤵
  PID:2880
- C:\Windows\System\riYKKHv.exe
  C:\Windows\System\riYKKHv.exe
  2⤵
  PID:2164
- C:\Windows\System\KlPBAvq.exe
  C:\Windows\System\KlPBAvq.exe
  2⤵
  PID:2180
- C:\Windows\System\URiyNtM.exe
  C:\Windows\System\URiyNtM.exe
  2⤵
  PID:2244
- C:\Windows\System\oUpvBzo.exe
  C:\Windows\System\oUpvBzo.exe
  2⤵
  PID:372
- C:\Windows\System\ctwehqv.exe
  C:\Windows\System\ctwehqv.exe
  2⤵
  PID:1740
- C:\Windows\System\zEZJdyi.exe
  C:\Windows\System\zEZJdyi.exe
  2⤵
  PID:3508
- C:\Windows\System\fWuZKvr.exe
  C:\Windows\System\fWuZKvr.exe
  2⤵
  PID:3532
- C:\Windows\System\nuOhnjj.exe
  C:\Windows\System\nuOhnjj.exe
  2⤵
  PID:3556
- C:\Windows\System\hPwVSgn.exe
  C:\Windows\System\hPwVSgn.exe
  2⤵
  PID:3576
- C:\Windows\System\QVtCFdB.exe
  C:\Windows\System\QVtCFdB.exe
  2⤵
  PID:3596
- C:\Windows\System\McXnCFq.exe
  C:\Windows\System\McXnCFq.exe
  2⤵
  PID:3604
- C:\Windows\System\gvdRTfD.exe
  C:\Windows\System\gvdRTfD.exe
  2⤵
  PID:3648
- C:\Windows\System\rwtYcoe.exe
  C:\Windows\System\rwtYcoe.exe
  2⤵
  PID:3632
- C:\Windows\System\fGSVZNK.exe
  C:\Windows\System\fGSVZNK.exe
  2⤵
  PID:3696
- C:\Windows\System\HZNFrGy.exe
  C:\Windows\System\HZNFrGy.exe
  2⤵
  PID:3748
- C:\Windows\System\uPOmmhQ.exe
  C:\Windows\System\uPOmmhQ.exe
  2⤵
  PID:3784
- C:\Windows\System\KbpDqRU.exe
  C:\Windows\System\KbpDqRU.exe
  2⤵
  PID:3816
- C:\Windows\System\TDyfalT.exe
  C:\Windows\System\TDyfalT.exe
  2⤵
  PID:3796
- C:\Windows\System\ojOlIdG.exe
  C:\Windows\System\ojOlIdG.exe
  2⤵
  PID:3800
- C:\Windows\System\lCsxdCZ.exe
  C:\Windows\System\lCsxdCZ.exe
  2⤵
  PID:3944
- C:\Windows\System\xlhgdLy.exe
  C:\Windows\System\xlhgdLy.exe
  2⤵
  PID:3920
- C:\Windows\System\fMhQUck.exe
  C:\Windows\System\fMhQUck.exe
  2⤵
  PID:3984
- C:\Windows\System\YddvmNv.exe
  C:\Windows\System\YddvmNv.exe
  2⤵
  PID:4004
- C:\Windows\System\RFcccEu.exe
  C:\Windows\System\RFcccEu.exe
  2⤵
  PID:4056
- C:\Windows\System\ZlfcQPw.exe
  C:\Windows\System\ZlfcQPw.exe
  2⤵
  PID:4036
- C:\Windows\System\tsliNpf.exe
  C:\Windows\System\tsliNpf.exe
  2⤵
  PID:2816
- C:\Windows\System\eUGcKPE.exe
  C:\Windows\System\eUGcKPE.exe
  2⤵
  PID:2536
- C:\Windows\System\pregsVy.exe
  C:\Windows\System\pregsVy.exe
  2⤵
  PID:3400
- C:\Windows\System\drGAoDA.exe
  C:\Windows\System\drGAoDA.exe
  2⤵
  PID:1704
- C:\Windows\System\kPVTOxD.exe
  C:\Windows\System\kPVTOxD.exe
  2⤵
  PID:3248
- C:\Windows\System\FcKLgXm.exe
  C:\Windows\System\FcKLgXm.exe
  2⤵
  PID:3396
- C:\Windows\System\DypQAGy.exe
  C:\Windows\System\DypQAGy.exe
  2⤵
  PID:2908
- C:\Windows\System\hXbZDYa.exe
  C:\Windows\System\hXbZDYa.exe
  2⤵
  PID:2404
- C:\Windows\System\zrrqlWw.exe
  C:\Windows\System\zrrqlWw.exe
  2⤵
  PID:3452
- C:\Windows\System\iGZdMJT.exe
  C:\Windows\System\iGZdMJT.exe
  2⤵
  PID:3384
- C:\Windows\System\sxMPYZt.exe
  C:\Windows\System\sxMPYZt.exe
  2⤵
  PID:3152
- C:\Windows\System\GcvWsAF.exe
  C:\Windows\System\GcvWsAF.exe
  2⤵
  PID:1600
- C:\Windows\System\mfpGmNp.exe
  C:\Windows\System\mfpGmNp.exe
  2⤵
  PID:2772
- C:\Windows\System\YxIhhgS.exe
  C:\Windows\System\YxIhhgS.exe
  2⤵
  PID:3500
- C:\Windows\System\rLXawYK.exe
  C:\Windows\System\rLXawYK.exe
  2⤵
  PID:1732
- C:\Windows\System\HcyfdyN.exe
  C:\Windows\System\HcyfdyN.exe
  2⤵
  PID:3528
- C:\Windows\System\WCLvMpK.exe
  C:\Windows\System\WCLvMpK.exe
  2⤵
  PID:3584
- C:\Windows\System\AXhgowt.exe
  C:\Windows\System\AXhgowt.exe
  2⤵
  PID:3616
- C:\Windows\System\BjYqBIM.exe
  C:\Windows\System\BjYqBIM.exe
  2⤵
  PID:3488
- C:\Windows\System\ZXipXXY.exe
  C:\Windows\System\ZXipXXY.exe
  2⤵
  PID:3736
- C:\Windows\System\LqvvtJU.exe
  C:\Windows\System\LqvvtJU.exe
  2⤵
  PID:3716
- C:\Windows\System\BBdrfAH.exe
  C:\Windows\System\BBdrfAH.exe
  2⤵
  PID:3760
- C:\Windows\System\XqryEeG.exe
  C:\Windows\System\XqryEeG.exe
  2⤵
  PID:3872
- C:\Windows\System\LqbkLyf.exe
  C:\Windows\System\LqbkLyf.exe
  2⤵
  PID:3976
- C:\Windows\System\ievnnZo.exe
  C:\Windows\System\ievnnZo.exe
  2⤵
  PID:4040
- C:\Windows\System\FIeGClS.exe
  C:\Windows\System\FIeGClS.exe
  2⤵
  PID:3292
- C:\Windows\System\dhfOhai.exe
  C:\Windows\System\dhfOhai.exe
  2⤵
  PID:2912
- C:\Windows\System\kGSnunm.exe
  C:\Windows\System\kGSnunm.exe
  2⤵
  PID:3308
- C:\Windows\System\QNffQBs.exe
  C:\Windows\System\QNffQBs.exe
  2⤵
  PID:2032
- C:\Windows\System\qdsFoAj.exe
  C:\Windows\System\qdsFoAj.exe
  2⤵
  PID:2464
- C:\Windows\System\SUARvaT.exe
  C:\Windows\System\SUARvaT.exe
  2⤵
  PID:4060
- C:\Windows\System\SPJzcvh.exe
  C:\Windows\System\SPJzcvh.exe
  2⤵
  PID:2884
- C:\Windows\System\ONkgcaA.exe
  C:\Windows\System\ONkgcaA.exe
  2⤵
  PID:1588
- C:\Windows\System\EIgkusL.exe
  C:\Windows\System\EIgkusL.exe
  2⤵
  PID:3196
- C:\Windows\System\NHEwTRV.exe
  C:\Windows\System\NHEwTRV.exe
  2⤵
  PID:1672
- C:\Windows\System\arIdkcn.exe
  C:\Windows\System\arIdkcn.exe
  2⤵
  PID:3544
- C:\Windows\System\dKCKMsp.exe
  C:\Windows\System\dKCKMsp.exe
  2⤵
  PID:4108
- C:\Windows\System\ONGeAKK.exe
  C:\Windows\System\ONGeAKK.exe
  2⤵
  PID:4128
- C:\Windows\System\WCDKBUb.exe
  C:\Windows\System\WCDKBUb.exe
  2⤵
  PID:4148
- C:\Windows\System\madaKRY.exe
  C:\Windows\System\madaKRY.exe
  2⤵
  PID:4172
- C:\Windows\System\JUyquQW.exe
  C:\Windows\System\JUyquQW.exe
  2⤵
  PID:4192
- C:\Windows\System\JJRiRbi.exe
  C:\Windows\System\JJRiRbi.exe
  2⤵
  PID:4212
- C:\Windows\System\ytNMHRP.exe
  C:\Windows\System\ytNMHRP.exe
  2⤵
  PID:4232
- C:\Windows\System\HUgGjDh.exe
  C:\Windows\System\HUgGjDh.exe
  2⤵
  PID:4252
- C:\Windows\System\WjLjSxy.exe
  C:\Windows\System\WjLjSxy.exe
  2⤵
  PID:4272
- C:\Windows\System\vHlLeYT.exe
  C:\Windows\System\vHlLeYT.exe
  2⤵
  PID:4292
- C:\Windows\System\lKplkCt.exe
  C:\Windows\System\lKplkCt.exe
  2⤵
  PID:4392
- C:\Windows\System\MFUhYgG.exe
  C:\Windows\System\MFUhYgG.exe
  2⤵
  PID:4416
- C:\Windows\System\PgcPYvE.exe
  C:\Windows\System\PgcPYvE.exe
  2⤵
  PID:4436
- C:\Windows\System\IfqNzWe.exe
  C:\Windows\System\IfqNzWe.exe
  2⤵
  PID:4456
- C:\Windows\System\zBcHnjM.exe
  C:\Windows\System\zBcHnjM.exe
  2⤵
  PID:4472
- C:\Windows\System\zzqfEUB.exe
  C:\Windows\System\zzqfEUB.exe
  2⤵
  PID:4492
- C:\Windows\System\ehJhiAS.exe
  C:\Windows\System\ehJhiAS.exe
  2⤵
  PID:4516
- C:\Windows\System\wyDSiwE.exe
  C:\Windows\System\wyDSiwE.exe
  2⤵
  PID:4532
- C:\Windows\System\HrlmIYe.exe
  C:\Windows\System\HrlmIYe.exe
  2⤵
  PID:4560
- C:\Windows\System\oLGSogY.exe
  C:\Windows\System\oLGSogY.exe
  2⤵
  PID:4576
- C:\Windows\System\ROQrhTo.exe
  C:\Windows\System\ROQrhTo.exe
  2⤵
  PID:4596
- C:\Windows\System\wpNmOte.exe
  C:\Windows\System\wpNmOte.exe
  2⤵
  PID:4612
- C:\Windows\System\NgOhHaM.exe
  C:\Windows\System\NgOhHaM.exe
  2⤵
  PID:4632
- C:\Windows\System\TtUghOH.exe
  C:\Windows\System\TtUghOH.exe
  2⤵
  PID:4648
- C:\Windows\System\tZlcCFt.exe
  C:\Windows\System\tZlcCFt.exe
  2⤵
  PID:4668
- C:\Windows\System\BTNvahT.exe
  C:\Windows\System\BTNvahT.exe
  2⤵
  PID:4684
- C:\Windows\System\aTPZPdW.exe
  C:\Windows\System\aTPZPdW.exe
  2⤵
  PID:4704
- C:\Windows\System\JEIYRFX.exe
  C:\Windows\System\JEIYRFX.exe
  2⤵
  PID:4740
- C:\Windows\System\IIYLeJo.exe
  C:\Windows\System\IIYLeJo.exe
  2⤵
  PID:4756
- C:\Windows\System\kAQXLJt.exe
  C:\Windows\System\kAQXLJt.exe
  2⤵
  PID:4772
- C:\Windows\System\sJFmOda.exe
  C:\Windows\System\sJFmOda.exe
  2⤵
  PID:4796
- C:\Windows\System\lnoEkOL.exe
  C:\Windows\System\lnoEkOL.exe
  2⤵
  PID:4816
- C:\Windows\System\KlctUPt.exe
  C:\Windows\System\KlctUPt.exe
  2⤵
  PID:4832
- C:\Windows\System\bihESmt.exe
  C:\Windows\System\bihESmt.exe
  2⤵
  PID:4848
- C:\Windows\System\HCLAvyR.exe
  C:\Windows\System\HCLAvyR.exe
  2⤵
  PID:4864
- C:\Windows\System\RYPJemr.exe
  C:\Windows\System\RYPJemr.exe
  2⤵
  PID:4880
- C:\Windows\System\pVaAink.exe
  C:\Windows\System\pVaAink.exe
  2⤵
  PID:4912
- C:\Windows\System\QzGFeds.exe
  C:\Windows\System\QzGFeds.exe
  2⤵
  PID:4928
- C:\Windows\System\vSROPMq.exe
  C:\Windows\System\vSROPMq.exe
  2⤵
  PID:4948
- C:\Windows\System\GAsVcfL.exe
  C:\Windows\System\GAsVcfL.exe
  2⤵
  PID:4968
- C:\Windows\System\UUiYmuY.exe
  C:\Windows\System\UUiYmuY.exe
  2⤵
  PID:4984
- C:\Windows\System\dcpIFsd.exe
  C:\Windows\System\dcpIFsd.exe
  2⤵
  PID:5012
- C:\Windows\System\GkIyrUP.exe
  C:\Windows\System\GkIyrUP.exe
  2⤵
  PID:5028
- C:\Windows\System\uVCFELG.exe
  C:\Windows\System\uVCFELG.exe
  2⤵
  PID:5048
- C:\Windows\System\XioWtpc.exe
  C:\Windows\System\XioWtpc.exe
  2⤵
  PID:5072
- C:\Windows\System\fVPMcZy.exe
  C:\Windows\System\fVPMcZy.exe
  2⤵
  PID:5100
- C:\Windows\System\FXNRPvc.exe
  C:\Windows\System\FXNRPvc.exe
  2⤵
  PID:3680
- C:\Windows\System\NAWlQDE.exe
  C:\Windows\System\NAWlQDE.exe
  2⤵
  PID:2152
- C:\Windows\System\qpagTFd.exe
  C:\Windows\System\qpagTFd.exe
  2⤵
  PID:3732
- C:\Windows\System\FNQSamj.exe
  C:\Windows\System\FNQSamj.exe
  2⤵
  PID:3484
- C:\Windows\System\UFCYydk.exe
  C:\Windows\System\UFCYydk.exe
  2⤵
  PID:3860
- C:\Windows\System\jgCQtjW.exe
  C:\Windows\System\jgCQtjW.exe
  2⤵
  PID:4000
- C:\Windows\System\AUFhhPW.exe
  C:\Windows\System\AUFhhPW.exe
  2⤵
  PID:4076
- C:\Windows\System\qPrizHE.exe
  C:\Windows\System\qPrizHE.exe
  2⤵
  PID:2036
- C:\Windows\System\BvNpczy.exe
  C:\Windows\System\BvNpczy.exe
  2⤵
  PID:1560
- C:\Windows\System\TfvLYcO.exe
  C:\Windows\System\TfvLYcO.exe
  2⤵
  PID:3304
- C:\Windows\System\EEbLhJs.exe
  C:\Windows\System\EEbLhJs.exe
  2⤵
  PID:1768
- C:\Windows\System\NCcRkTj.exe
  C:\Windows\System\NCcRkTj.exe
  2⤵
  PID:1048
- C:\Windows\System\pGYCoJz.exe
  C:\Windows\System\pGYCoJz.exe
  2⤵
  PID:2292
- C:\Windows\System\SaSZzqS.exe
  C:\Windows\System\SaSZzqS.exe
  2⤵
  PID:4104
- C:\Windows\System\uCdgfXE.exe
  C:\Windows\System\uCdgfXE.exe
  2⤵
  PID:2808
- C:\Windows\System\VvRwgSJ.exe
  C:\Windows\System\VvRwgSJ.exe
  2⤵
  PID:4120
- C:\Windows\System\WeFGvYU.exe
  C:\Windows\System\WeFGvYU.exe
  2⤵
  PID:4188
- C:\Windows\System\qnyrgzz.exe
  C:\Windows\System\qnyrgzz.exe
  2⤵
  PID:4204
- C:\Windows\System\avGCjPs.exe
  C:\Windows\System\avGCjPs.exe
  2⤵
  PID:4168
- C:\Windows\System\wmFdfKy.exe
  C:\Windows\System\wmFdfKy.exe
  2⤵
  PID:4300
- C:\Windows\System\VKNEYUT.exe
  C:\Windows\System\VKNEYUT.exe
  2⤵
  PID:2028
- C:\Windows\System\wyLPkps.exe
  C:\Windows\System\wyLPkps.exe
  2⤵
  PID:2488
- C:\Windows\System\TkUNDpv.exe
  C:\Windows\System\TkUNDpv.exe
  2⤵
  PID:1620
- C:\Windows\System\MzAluJB.exe
  C:\Windows\System\MzAluJB.exe
  2⤵
  PID:1624
- C:\Windows\System\RpfRnOW.exe
  C:\Windows\System\RpfRnOW.exe
  2⤵
  PID:1232
- C:\Windows\System\rcnAhzR.exe
  C:\Windows\System\rcnAhzR.exe
  2⤵
  PID:112
- C:\Windows\System\uCXuVNN.exe
  C:\Windows\System\uCXuVNN.exe
  2⤵
  PID:2004
- C:\Windows\System\OrJDpDx.exe
  C:\Windows\System\OrJDpDx.exe
  2⤵
  PID:4340
- C:\Windows\System\FILNxlF.exe
  C:\Windows\System\FILNxlF.exe
  2⤵
  PID:2248
- C:\Windows\System\wGMVcqN.exe
  C:\Windows\System\wGMVcqN.exe
  2⤵
  PID:1904
- C:\Windows\System\JoKGvYg.exe
  C:\Windows\System\JoKGvYg.exe
  2⤵
  PID:4368
- C:\Windows\System\JgQXHzw.exe
  C:\Windows\System\JgQXHzw.exe
  2⤵
  PID:2664
- C:\Windows\System\xWnXsgb.exe
  C:\Windows\System\xWnXsgb.exe
  2⤵
  PID:2588
- C:\Windows\System\VnXsJsS.exe
  C:\Windows\System\VnXsJsS.exe
  2⤵
  PID:4388
- C:\Windows\System\sraNBQV.exe
  C:\Windows\System\sraNBQV.exe
  2⤵
  PID:900
- C:\Windows\System\xeCbzzW.exe
  C:\Windows\System\xeCbzzW.exe
  2⤵
  PID:2132
- C:\Windows\System\HxTdyjl.exe
  C:\Windows\System\HxTdyjl.exe
  2⤵
  PID:4408
- C:\Windows\System\zGkeFcX.exe
  C:\Windows\System\zGkeFcX.exe
  2⤵
  PID:4428
- C:\Windows\System\BvRWHZe.exe
  C:\Windows\System\BvRWHZe.exe
  2⤵
  PID:988
- C:\Windows\System\TZHpwVo.exe
  C:\Windows\System\TZHpwVo.exe
  2⤵
  PID:4488
- C:\Windows\System\hCMbTIb.exe
  C:\Windows\System\hCMbTIb.exe
  2⤵
  PID:4512
- C:\Windows\System\DXzbVkh.exe
  C:\Windows\System\DXzbVkh.exe
  2⤵
  PID:692
- C:\Windows\System\OlHgxwJ.exe
  C:\Windows\System\OlHgxwJ.exe
  2⤵
  PID:1156
- C:\Windows\System\TpHXpvH.exe
  C:\Windows\System\TpHXpvH.exe
  2⤵
  PID:2476
- C:\Windows\System\GWUmOCc.exe
  C:\Windows\System\GWUmOCc.exe
  2⤵
  PID:1696
- C:\Windows\System\NqeEdpZ.exe
  C:\Windows\System\NqeEdpZ.exe
  2⤵
  PID:4592
- C:\Windows\System\NKybPYT.exe
  C:\Windows\System\NKybPYT.exe
  2⤵
  PID:4676
- C:\Windows\System\MRwIAHo.exe
  C:\Windows\System\MRwIAHo.exe
  2⤵
  PID:4660
- C:\Windows\System\GmENODU.exe
  C:\Windows\System\GmENODU.exe
  2⤵
  PID:4700
- C:\Windows\System\MSRTQdj.exe
  C:\Windows\System\MSRTQdj.exe
  2⤵
  PID:4724
- C:\Windows\System\HKUjBLW.exe
  C:\Windows\System\HKUjBLW.exe
  2⤵
  PID:4716
- C:\Windows\System\AzaxHXu.exe
  C:\Windows\System\AzaxHXu.exe
  2⤵
  PID:4784
- C:\Windows\System\tloSeix.exe
  C:\Windows\System\tloSeix.exe
  2⤵
  PID:4824
- C:\Windows\System\yanyrRv.exe
  C:\Windows\System\yanyrRv.exe
  2⤵
  PID:4896
- C:\Windows\System\aMXhkgW.exe
  C:\Windows\System\aMXhkgW.exe
  2⤵
  PID:4892
- C:\Windows\System\oCmLkxh.exe
  C:\Windows\System\oCmLkxh.exe
  2⤵
  PID:4944
- C:\Windows\System\KfjFApS.exe
  C:\Windows\System\KfjFApS.exe
  2⤵
  PID:4924
- C:\Windows\System\ARIfQdl.exe
  C:\Windows\System\ARIfQdl.exe
  2⤵
  PID:4960
- C:\Windows\System\xNQToJX.exe
  C:\Windows\System\xNQToJX.exe
  2⤵
  PID:4992
- C:\Windows\System\iuAgWOT.exe
  C:\Windows\System\iuAgWOT.exe
  2⤵
  PID:5008
- C:\Windows\System\vaXtORN.exe
  C:\Windows\System\vaXtORN.exe
  2⤵
  PID:5064
- C:\Windows\System\lOrwyKi.exe
  C:\Windows\System\lOrwyKi.exe
  2⤵
  PID:5088
- C:\Windows\System\CnHxiQq.exe
  C:\Windows\System\CnHxiQq.exe
  2⤵
  PID:2636
- C:\Windows\System\EhwqVGo.exe
  C:\Windows\System\EhwqVGo.exe
  2⤵
  PID:5116
- C:\Windows\System\SiPFQfH.exe
  C:\Windows\System\SiPFQfH.exe
  2⤵
  PID:3856
- C:\Windows\System\ibWXdny.exe
  C:\Windows\System\ibWXdny.exe
  2⤵
  PID:1852
- C:\Windows\System\QrLHPay.exe
  C:\Windows\System\QrLHPay.exe
  2⤵
  PID:3936
- C:\Windows\System\WeLKAHO.exe
  C:\Windows\System\WeLKAHO.exe
  2⤵
  PID:3980
- C:\Windows\System\XSTcsPU.exe
  C:\Windows\System\XSTcsPU.exe
  2⤵
  PID:1520
- C:\Windows\System\jpXUJnZ.exe
  C:\Windows\System\jpXUJnZ.exe
  2⤵
  PID:3996
- C:\Windows\System\foltcRF.exe
  C:\Windows\System\foltcRF.exe
  2⤵
  PID:4100
- C:\Windows\System\WffRHMc.exe
  C:\Windows\System\WffRHMc.exe
  2⤵
  PID:3524
- C:\Windows\System\hsEQRmi.exe
  C:\Windows\System\hsEQRmi.exe
  2⤵
  PID:4228
- C:\Windows\System\sFLJWXn.exe
  C:\Windows\System\sFLJWXn.exe
  2⤵
  PID:4240
- C:\Windows\System\AmHPnaL.exe
  C:\Windows\System\AmHPnaL.exe
  2⤵
  PID:1124
- C:\Windows\System\lOcWinW.exe
  C:\Windows\System\lOcWinW.exe
  2⤵
  PID:2960
- C:\Windows\System\huTppgn.exe
  C:\Windows\System\huTppgn.exe
  2⤵
  PID:1976
- C:\Windows\System\GgZEAqS.exe
  C:\Windows\System\GgZEAqS.exe
  2⤵
  PID:2976
- C:\Windows\System\NEwPuwR.exe
  C:\Windows\System\NEwPuwR.exe
  2⤵
  PID:2492
- C:\Windows\System\VTdqpgY.exe
  C:\Windows\System\VTdqpgY.exe
  2⤵
  PID:2148
- C:\Windows\System\aJvNORy.exe
  C:\Windows\System\aJvNORy.exe
  2⤵
  PID:4400
- C:\Windows\System\UgzfciD.exe
  C:\Windows\System\UgzfciD.exe
  2⤵
  PID:1848
- C:\Windows\System\MxGTlry.exe
  C:\Windows\System\MxGTlry.exe
  2⤵
  PID:2428
- C:\Windows\System\JoCFdYZ.exe
  C:\Windows\System\JoCFdYZ.exe
  2⤵
  PID:940
- C:\Windows\System\PrNYMAk.exe
  C:\Windows\System\PrNYMAk.exe
  2⤵
  PID:1688
- C:\Windows\System\ituIAPD.exe
  C:\Windows\System\ituIAPD.exe
  2⤵
  PID:3916
- C:\Windows\System\fHBHdah.exe
  C:\Windows\System\fHBHdah.exe
  2⤵
  PID:2920
- C:\Windows\System\ZjeaiPt.exe
  C:\Windows\System\ZjeaiPt.exe
  2⤵
  PID:2840
- C:\Windows\System\MuKLOkP.exe
  C:\Windows\System\MuKLOkP.exe
  2⤵
  PID:4608
- C:\Windows\System\GOdBHzC.exe
  C:\Windows\System\GOdBHzC.exe
  2⤵
  PID:4712
- C:\Windows\System\SYbtznP.exe
  C:\Windows\System\SYbtznP.exe
  2⤵
  PID:4720
- C:\Windows\System\arOPVAv.exe
  C:\Windows\System\arOPVAv.exe
  2⤵
  PID:4584
- C:\Windows\System\LjwLiHV.exe
  C:\Windows\System\LjwLiHV.exe
  2⤵
  PID:4640
- C:\Windows\System\bTamWiC.exe
  C:\Windows\System\bTamWiC.exe
  2⤵
  PID:4624
- C:\Windows\System\lyjHScy.exe
  C:\Windows\System\lyjHScy.exe
  2⤵
  PID:4768
- C:\Windows\System\lzwLQIy.exe
  C:\Windows\System\lzwLQIy.exe
  2⤵
  PID:4732
- C:\Windows\System\IPILfbK.exe
  C:\Windows\System\IPILfbK.exe
  2⤵
  PID:4904
- C:\Windows\System\icWEGIA.exe
  C:\Windows\System\icWEGIA.exe
  2⤵
  PID:4920
- C:\Windows\System\GxfuCun.exe
  C:\Windows\System\GxfuCun.exe
  2⤵
  PID:4544
- C:\Windows\System\hjXNGNC.exe
  C:\Windows\System\hjXNGNC.exe
  2⤵
  PID:3540
- C:\Windows\System\xMMbkOJ.exe
  C:\Windows\System\xMMbkOJ.exe
  2⤵
  PID:3668
- C:\Windows\System\JFrOoee.exe
  C:\Windows\System\JFrOoee.exe
  2⤵
  PID:3832
- C:\Windows\System\klJkaft.exe
  C:\Windows\System\klJkaft.exe
  2⤵
  PID:3700
- C:\Windows\System\rGZfHYS.exe
  C:\Windows\System\rGZfHYS.exe
  2⤵
  PID:3880
- C:\Windows\System\hzUBVrE.exe
  C:\Windows\System\hzUBVrE.exe
  2⤵
  PID:4332
- C:\Windows\System\WCxlhqM.exe
  C:\Windows\System\WCxlhqM.exe
  2⤵
  PID:4284
- C:\Windows\System\YeSErsQ.exe
  C:\Windows\System\YeSErsQ.exe
  2⤵
  PID:4324
- C:\Windows\System\MzPkDmO.exe
  C:\Windows\System\MzPkDmO.exe
  2⤵
  PID:996
- C:\Windows\System\TvVspCX.exe
  C:\Windows\System\TvVspCX.exe
  2⤵
  PID:904
- C:\Windows\System\NwGlvmP.exe
  C:\Windows\System\NwGlvmP.exe
  2⤵
  PID:392
- C:\Windows\System\pxbtEij.exe
  C:\Windows\System\pxbtEij.exe
  2⤵
  PID:1944
- C:\Windows\System\XwknWpY.exe
  C:\Windows\System\XwknWpY.exe
  2⤵
  PID:4448
- C:\Windows\System\xzRwYip.exe
  C:\Windows\System\xzRwYip.exe
  2⤵
  PID:4872
- C:\Windows\System\hyyJQjc.exe
  C:\Windows\System\hyyJQjc.exe
  2⤵
  PID:2372
- C:\Windows\System\JncusUi.exe
  C:\Windows\System\JncusUi.exe
  2⤵
  PID:4480
- C:\Windows\System\Kcfrhma.exe
  C:\Windows\System\Kcfrhma.exe
  2⤵
  PID:1968
- C:\Windows\System\escgJCn.exe
  C:\Windows\System\escgJCn.exe
  2⤵
  PID:4940
- C:\Windows\System\ivtMzRu.exe
  C:\Windows\System\ivtMzRu.exe
  2⤵
  PID:5024
- C:\Windows\System\ZdUwmYo.exe
  C:\Windows\System\ZdUwmYo.exe
  2⤵
  PID:5060
- C:\Windows\System\OCOHLUk.exe
  C:\Windows\System\OCOHLUk.exe
  2⤵
  PID:3588
- C:\Windows\System\VLuhoAF.exe
  C:\Windows\System\VLuhoAF.exe
  2⤵
  PID:5092
- C:\Windows\System\TMUncqI.exe
  C:\Windows\System\TMUncqI.exe
  2⤵
  PID:2272
- C:\Windows\System\ndsPhOw.exe
  C:\Windows\System\ndsPhOw.exe
  2⤵
  PID:2348
- C:\Windows\System\cbXkaCd.exe
  C:\Windows\System\cbXkaCd.exe
  2⤵
  PID:1580
- C:\Windows\System\yTeTZVE.exe
  C:\Windows\System\yTeTZVE.exe
  2⤵
  PID:4308
- C:\Windows\System\YfmfhOp.exe
  C:\Windows\System\YfmfhOp.exe
  2⤵
  PID:1320
- C:\Windows\System\meidvWm.exe
  C:\Windows\System\meidvWm.exe
  2⤵
  PID:1700
- C:\Windows\System\jeQwlvn.exe
  C:\Windows\System\jeQwlvn.exe
  2⤵
  PID:2796
- C:\Windows\System\PtyRqRR.exe
  C:\Windows\System\PtyRqRR.exe
  2⤵
  PID:4840
- C:\Windows\System\ZjmNyyM.exe
  C:\Windows\System\ZjmNyyM.exe
  2⤵
  PID:784
- C:\Windows\System\jhyemYi.exe
  C:\Windows\System\jhyemYi.exe
  2⤵
  PID:4780
- C:\Windows\System\rtsilpQ.exe
  C:\Windows\System\rtsilpQ.exe
  2⤵
  PID:4248
- C:\Windows\System\wIYfeWY.exe
  C:\Windows\System\wIYfeWY.exe
  2⤵
  PID:4808
- C:\Windows\System\kWRFXYi.exe
  C:\Windows\System\kWRFXYi.exe
  2⤵
  PID:2804
- C:\Windows\System\kNRMiOd.exe
  C:\Windows\System\kNRMiOd.exe
  2⤵
  PID:1608
- C:\Windows\System\XpeaDxZ.exe
  C:\Windows\System\XpeaDxZ.exe
  2⤵
  PID:1584
- C:\Windows\System\ZlhIMip.exe
  C:\Windows\System\ZlhIMip.exe
  2⤵
  PID:4936
- C:\Windows\System\kKjCYbs.exe
  C:\Windows\System\kKjCYbs.exe
  2⤵
  PID:4024
- C:\Windows\System\TExQYtG.exe
  C:\Windows\System\TExQYtG.exe
  2⤵
  PID:4504
- C:\Windows\System\txqnSaR.exe
  C:\Windows\System\txqnSaR.exe
  2⤵
  PID:5140
- C:\Windows\System\YweTSSM.exe
  C:\Windows\System\YweTSSM.exe
  2⤵
  PID:5160
- C:\Windows\System\DRhfPsB.exe
  C:\Windows\System\DRhfPsB.exe
  2⤵
  PID:5180
- C:\Windows\System\BFHhVsn.exe
  C:\Windows\System\BFHhVsn.exe
  2⤵
  PID:5196
- C:\Windows\System\SBEXvdU.exe
  C:\Windows\System\SBEXvdU.exe
  2⤵
  PID:5236
- C:\Windows\System\TYnZEjj.exe
  C:\Windows\System\TYnZEjj.exe
  2⤵
  PID:5252
- C:\Windows\System\zLOGoEt.exe
  C:\Windows\System\zLOGoEt.exe
  2⤵
  PID:5272
- C:\Windows\System\BlHwJdE.exe
  C:\Windows\System\BlHwJdE.exe
  2⤵
  PID:5288
- C:\Windows\System\noABAUG.exe
  C:\Windows\System\noABAUG.exe
  2⤵
  PID:5316
- C:\Windows\System\mtxinbG.exe
  C:\Windows\System\mtxinbG.exe
  2⤵
  PID:5336
- C:\Windows\System\hLGGXWi.exe
  C:\Windows\System\hLGGXWi.exe
  2⤵
  PID:5352
- C:\Windows\System\MypsnmQ.exe
  C:\Windows\System\MypsnmQ.exe
  2⤵
  PID:5368
- C:\Windows\System\UQzqScK.exe
  C:\Windows\System\UQzqScK.exe
  2⤵
  PID:5388
- C:\Windows\System\EyJdfTA.exe
  C:\Windows\System\EyJdfTA.exe
  2⤵
  PID:5408
- C:\Windows\System\TCyoOTc.exe
  C:\Windows\System\TCyoOTc.exe
  2⤵
  PID:5424
- C:\Windows\System\OmVZCCN.exe
  C:\Windows\System\OmVZCCN.exe
  2⤵
  PID:5440
- C:\Windows\System\ZDMbcng.exe
  C:\Windows\System\ZDMbcng.exe
  2⤵
  PID:5460
- C:\Windows\System\PwJEPBv.exe
  C:\Windows\System\PwJEPBv.exe
  2⤵
  PID:5480
- C:\Windows\System\KzFPyvv.exe
  C:\Windows\System\KzFPyvv.exe
  2⤵
  PID:5496
- C:\Windows\System\DeYfpVs.exe
  C:\Windows\System\DeYfpVs.exe
  2⤵
  PID:5516
- C:\Windows\System\kvcdxAq.exe
  C:\Windows\System\kvcdxAq.exe
  2⤵
  PID:5532
- C:\Windows\System\DMJfpoo.exe
  C:\Windows\System\DMJfpoo.exe
  2⤵
  PID:5548
- C:\Windows\System\kgpubLP.exe
  C:\Windows\System\kgpubLP.exe
  2⤵
  PID:5572
- C:\Windows\System\VzabOtJ.exe
  C:\Windows\System\VzabOtJ.exe
  2⤵
  PID:5588
- C:\Windows\System\OOczrUe.exe
  C:\Windows\System\OOczrUe.exe
  2⤵
  PID:5632
- C:\Windows\System\eCIETgO.exe
  C:\Windows\System\eCIETgO.exe
  2⤵
  PID:5648
- C:\Windows\System\gYQMhCX.exe
  C:\Windows\System\gYQMhCX.exe
  2⤵
  PID:5668
- C:\Windows\System\ouwAtUm.exe
  C:\Windows\System\ouwAtUm.exe
  2⤵
  PID:5700
- C:\Windows\System\aMpUNva.exe
  C:\Windows\System\aMpUNva.exe
  2⤵
  PID:5716
- C:\Windows\System\JkxPFko.exe
  C:\Windows\System\JkxPFko.exe
  2⤵
  PID:5732
- C:\Windows\System\OIydWXc.exe
  C:\Windows\System\OIydWXc.exe
  2⤵
  PID:5748
- C:\Windows\System\KxqRLCC.exe
  C:\Windows\System\KxqRLCC.exe
  2⤵
  PID:5764
- C:\Windows\System\iIPGivD.exe
  C:\Windows\System\iIPGivD.exe
  2⤵
  PID:5792
- C:\Windows\System\HxJyoyD.exe
  C:\Windows\System\HxJyoyD.exe
  2⤵
  PID:5808
- C:\Windows\System\exuSHwP.exe
  C:\Windows\System\exuSHwP.exe
  2⤵
  PID:5824
- C:\Windows\System\mqvyhRn.exe
  C:\Windows\System\mqvyhRn.exe
  2⤵
  PID:5848
- C:\Windows\System\ItmacmN.exe
  C:\Windows\System\ItmacmN.exe
  2⤵
  PID:5868
- C:\Windows\System\ocjcIPi.exe
  C:\Windows\System\ocjcIPi.exe
  2⤵
  PID:5896
- C:\Windows\System\UEJhgpa.exe
  C:\Windows\System\UEJhgpa.exe
  2⤵
  PID:5916
- C:\Windows\System\armFNXl.exe
  C:\Windows\System\armFNXl.exe
  2⤵
  PID:5936
- C:\Windows\System\ANamSii.exe
  C:\Windows\System\ANamSii.exe
  2⤵
  PID:5952
- C:\Windows\System\ZyzQhBp.exe
  C:\Windows\System\ZyzQhBp.exe
  2⤵
  PID:5968
- C:\Windows\System\nnPWgrU.exe
  C:\Windows\System\nnPWgrU.exe
  2⤵
  PID:5996
- C:\Windows\System\inAmgAY.exe
  C:\Windows\System\inAmgAY.exe
  2⤵
  PID:6016
- C:\Windows\System\CwoDZjE.exe
  C:\Windows\System\CwoDZjE.exe
  2⤵
  PID:6032
- C:\Windows\System\YijWetX.exe
  C:\Windows\System\YijWetX.exe
  2⤵
  PID:6056
- C:\Windows\System\xpGxJUV.exe
  C:\Windows\System\xpGxJUV.exe
  2⤵
  PID:6076
- C:\Windows\System\NEsbLUl.exe
  C:\Windows\System\NEsbLUl.exe
  2⤵
  PID:6092
- C:\Windows\System\OpLZPTV.exe
  C:\Windows\System\OpLZPTV.exe
  2⤵
  PID:6112
- C:\Windows\System\sRoDoth.exe
  C:\Windows\System\sRoDoth.exe
  2⤵
  PID:6128
- C:\Windows\System\IjlSKoc.exe
  C:\Windows\System\IjlSKoc.exe
  2⤵
  PID:4528
- C:\Windows\System\haghgYz.exe
  C:\Windows\System\haghgYz.exe
  2⤵
  PID:4116
- C:\Windows\System\slcAmnr.exe
  C:\Windows\System\slcAmnr.exe
  2⤵
  PID:2724
- C:\Windows\System\YvKKnoi.exe
  C:\Windows\System\YvKKnoi.exe
  2⤵
  PID:5004
- C:\Windows\System\PVEYnBU.exe
  C:\Windows\System\PVEYnBU.exe
  2⤵
  PID:3336
- C:\Windows\System\hqhOmkV.exe
  C:\Windows\System\hqhOmkV.exe
  2⤵
  PID:4444
- C:\Windows\System\IdmSbFh.exe
  C:\Windows\System\IdmSbFh.exe
  2⤵
  PID:4764
- C:\Windows\System\LEMhpoO.exe
  C:\Windows\System\LEMhpoO.exe
  2⤵
  PID:5216
- C:\Windows\System\dCwqLer.exe
  C:\Windows\System\dCwqLer.exe
  2⤵
  PID:5228
- C:\Windows\System\QELdxTZ.exe
  C:\Windows\System\QELdxTZ.exe
  2⤵
  PID:5264
- C:\Windows\System\zwgSsSX.exe
  C:\Windows\System\zwgSsSX.exe
  2⤵
  PID:5348
- C:\Windows\System\CayttQj.exe
  C:\Windows\System\CayttQj.exe
  2⤵
  PID:5524
- C:\Windows\System\RohZSOP.exe
  C:\Windows\System\RohZSOP.exe
  2⤵
  PID:5492
- C:\Windows\System\funVjuD.exe
  C:\Windows\System\funVjuD.exe
  2⤵
  PID:5324
- C:\Windows\System\MtRdVZe.exe
  C:\Windows\System\MtRdVZe.exe
  2⤵
  PID:5396
- C:\Windows\System\cHwIvHn.exe
  C:\Windows\System\cHwIvHn.exe
  2⤵
  PID:5512
- C:\Windows\System\TjCnUHH.exe
  C:\Windows\System\TjCnUHH.exe
  2⤵
  PID:5560
- C:\Windows\System\smNVEsL.exe
  C:\Windows\System\smNVEsL.exe
  2⤵
  PID:5608
- C:\Windows\System\WseHpSG.exe
  C:\Windows\System\WseHpSG.exe
  2⤵
  PID:5580
- C:\Windows\System\MWDlXnz.exe
  C:\Windows\System\MWDlXnz.exe
  2⤵
  PID:5676
- C:\Windows\System\pIRDECE.exe
  C:\Windows\System\pIRDECE.exe
  2⤵
  PID:5708
- C:\Windows\System\vKaSDhl.exe
  C:\Windows\System\vKaSDhl.exe
  2⤵
  PID:5712
- C:\Windows\System\xJsaWlT.exe
  C:\Windows\System\xJsaWlT.exe
  2⤵
  PID:5744
- C:\Windows\System\kKPoXqd.exe
  C:\Windows\System\kKPoXqd.exe
  2⤵
  PID:5760
- C:\Windows\System\gywNXfY.exe
  C:\Windows\System\gywNXfY.exe
  2⤵
  PID:5816
- C:\Windows\System\hkpHNCo.exe
  C:\Windows\System\hkpHNCo.exe
  2⤵
  PID:5888
- C:\Windows\System\ZzvRjxR.exe
  C:\Windows\System\ZzvRjxR.exe
  2⤵
  PID:5844
- C:\Windows\System\DZaghtU.exe
  C:\Windows\System\DZaghtU.exe
  2⤵
  PID:5904
- C:\Windows\System\OMuqsqH.exe
  C:\Windows\System\OMuqsqH.exe
  2⤵
  PID:5976
- C:\Windows\System\NAUigbZ.exe
  C:\Windows\System\NAUigbZ.exe
  2⤵
  PID:6008
- C:\Windows\System\pKbxdHI.exe
  C:\Windows\System\pKbxdHI.exe
  2⤵
  PID:6048
- C:\Windows\System\ZfsnkPS.exe
  C:\Windows\System\ZfsnkPS.exe
  2⤵
  PID:6072
- C:\Windows\System\aDltlqz.exe
  C:\Windows\System\aDltlqz.exe
  2⤵
  PID:6100
- C:\Windows\System\LjzioBs.exe
  C:\Windows\System\LjzioBs.exe
  2⤵
  PID:6088
- C:\Windows\System\UxfGeYL.exe
  C:\Windows\System\UxfGeYL.exe
  2⤵
  PID:2360
- C:\Windows\System\yIgMRKt.exe
  C:\Windows\System\yIgMRKt.exe
  2⤵
  PID:5132
- C:\Windows\System\pdTvVyb.exe
  C:\Windows\System\pdTvVyb.exe
  2⤵
  PID:4280
- C:\Windows\System\AkWZDqN.exe
  C:\Windows\System\AkWZDqN.exe
  2⤵
  PID:4696
- C:\Windows\System\vWauLQt.exe
  C:\Windows\System\vWauLQt.exe
  2⤵
  PID:5456
- C:\Windows\System\EckPRJI.exe
  C:\Windows\System\EckPRJI.exe
  2⤵
  PID:5488
- C:\Windows\System\SyVNUkX.exe
  C:\Windows\System\SyVNUkX.exe
  2⤵
  PID:5300
- C:\Windows\System\XjqTwEr.exe
  C:\Windows\System\XjqTwEr.exe
  2⤵
  PID:5248
- C:\Windows\System\DENbEei.exe
  C:\Windows\System\DENbEei.exe
  2⤵
  PID:5544
- C:\Windows\System\mILmQLw.exe
  C:\Windows\System\mILmQLw.exe
  2⤵
  PID:5624
- C:\Windows\System\VzFvSkK.exe
  C:\Windows\System\VzFvSkK.exe
  2⤵
  PID:5684
- C:\Windows\System\sRDnllr.exe
  C:\Windows\System\sRDnllr.exe
  2⤵
  PID:5212
- C:\Windows\System\QKIAzZM.exe
  C:\Windows\System\QKIAzZM.exe
  2⤵
  PID:5776
- C:\Windows\System\JyEWDpA.exe
  C:\Windows\System\JyEWDpA.exe
  2⤵
  PID:4164
- C:\Windows\System\OarxllH.exe
  C:\Windows\System\OarxllH.exe
  2⤵
  PID:5692
- C:\Windows\System\apTFmyB.exe
  C:\Windows\System\apTFmyB.exe
  2⤵
  PID:5960
- C:\Windows\System\KTkGqXD.exe
  C:\Windows\System\KTkGqXD.exe
  2⤵
  PID:6064
- C:\Windows\System\DgmEbSp.exe
  C:\Windows\System\DgmEbSp.exe
  2⤵
  PID:4956
- C:\Windows\System\lrAsYPN.exe
  C:\Windows\System\lrAsYPN.exe
  2⤵
  PID:5772
- C:\Windows\System\UICGknP.exe
  C:\Windows\System\UICGknP.exe
  2⤵
  PID:6136
- C:\Windows\System\GpyJtMQ.exe
  C:\Windows\System\GpyJtMQ.exe
  2⤵
  PID:5176
- C:\Windows\System\dlBmwDc.exe
  C:\Windows\System\dlBmwDc.exe
  2⤵
  PID:6040
- C:\Windows\System\LDzVoDh.exe
  C:\Windows\System\LDzVoDh.exe
  2⤵
  PID:5912
- C:\Windows\System\JLvzebp.exe
  C:\Windows\System\JLvzebp.exe
  2⤵
  PID:5504
- C:\Windows\System\dYOtgtZ.exe
  C:\Windows\System\dYOtgtZ.exe
  2⤵
  PID:4980
- C:\Windows\System\wGIDGHl.exe
  C:\Windows\System\wGIDGHl.exe
  2⤵
  PID:5448
- C:\Windows\System\JPQfVpr.exe
  C:\Windows\System\JPQfVpr.exe
  2⤵
  PID:868
- C:\Windows\System\LESUgMN.exe
  C:\Windows\System\LESUgMN.exe
  2⤵
  PID:5304
- C:\Windows\System\kKRCnmR.exe
  C:\Windows\System\kKRCnmR.exe
  2⤵
  PID:5644
- C:\Windows\System\PUFBEgu.exe
  C:\Windows\System\PUFBEgu.exe
  2⤵
  PID:5984
- C:\Windows\System\PnSrqsh.exe
  C:\Windows\System\PnSrqsh.exe
  2⤵
  PID:6028
- C:\Windows\System\vQpHtKK.exe
  C:\Windows\System\vQpHtKK.exe
  2⤵
  PID:876
- C:\Windows\System\fCPyfnE.exe
  C:\Windows\System\fCPyfnE.exe
  2⤵
  PID:5788
- C:\Windows\System\xxDjmFr.exe
  C:\Windows\System\xxDjmFr.exe
  2⤵
  PID:5928
- C:\Windows\System\qZxHMkU.exe
  C:\Windows\System\qZxHMkU.exe
  2⤵
  PID:5128
- C:\Windows\System\MXxKZyv.exe
  C:\Windows\System\MXxKZyv.exe
  2⤵
  PID:5436
- C:\Windows\System\RERYjux.exe
  C:\Windows\System\RERYjux.exe
  2⤵
  PID:6124
- C:\Windows\System\wKPhIlF.exe
  C:\Windows\System\wKPhIlF.exe
  2⤵
  PID:4736
- C:\Windows\System\lTsZBCn.exe
  C:\Windows\System\lTsZBCn.exe
  2⤵
  PID:5476
- C:\Windows\System\xIticXg.exe
  C:\Windows\System\xIticXg.exe
  2⤵
  PID:5156
- C:\Windows\System\BVtVpCH.exe
  C:\Windows\System\BVtVpCH.exe
  2⤵
  PID:5584
- C:\Windows\System\KChqRvU.exe
  C:\Windows\System\KChqRvU.exe
  2⤵
  PID:3904
- C:\Windows\System\BAbjFZf.exe
  C:\Windows\System\BAbjFZf.exe
  2⤵
  PID:5696
- C:\Windows\System\vjjDocI.exe
  C:\Windows\System\vjjDocI.exe
  2⤵
  PID:5660
- C:\Windows\System\ALFEVfi.exe
  C:\Windows\System\ALFEVfi.exe
  2⤵
  PID:5964
- C:\Windows\System\XcYbtAj.exe
  C:\Windows\System\XcYbtAj.exe
  2⤵
  PID:6044
- C:\Windows\System\zLIHrxE.exe
  C:\Windows\System\zLIHrxE.exe
  2⤵
  PID:5980
- C:\Windows\System\keqYTUX.exe
  C:\Windows\System\keqYTUX.exe
  2⤵
  PID:5168
- C:\Windows\System\AJQpjfk.exe
  C:\Windows\System\AJQpjfk.exe
  2⤵
  PID:5864
- C:\Windows\System\RUpucEy.exe
  C:\Windows\System\RUpucEy.exe
  2⤵
  PID:5596
- C:\Windows\System\WywXpcc.exe
  C:\Windows\System\WywXpcc.exe
  2⤵
  PID:5724
- C:\Windows\System\hqCEbid.exe
  C:\Windows\System\hqCEbid.exe
  2⤵
  PID:6148
- C:\Windows\System\bNwomUM.exe
  C:\Windows\System\bNwomUM.exe
  2⤵
  PID:6164
- C:\Windows\System\cYdsewZ.exe
  C:\Windows\System\cYdsewZ.exe
  2⤵
  PID:6184
- C:\Windows\System\qkaQuik.exe
  C:\Windows\System\qkaQuik.exe
  2⤵
  PID:6204
- C:\Windows\System\DPbFLli.exe
  C:\Windows\System\DPbFLli.exe
  2⤵
  PID:6220
- C:\Windows\System\BACSMJI.exe
  C:\Windows\System\BACSMJI.exe
  2⤵
  PID:6248
- C:\Windows\System\WEsjurC.exe
  C:\Windows\System\WEsjurC.exe
  2⤵
  PID:6264
- C:\Windows\System\DLNrHkg.exe
  C:\Windows\System\DLNrHkg.exe
  2⤵
  PID:6284
- C:\Windows\System\WBsnPih.exe
  C:\Windows\System\WBsnPih.exe
  2⤵
  PID:6316
- C:\Windows\System\xsHSYpc.exe
  C:\Windows\System\xsHSYpc.exe
  2⤵
  PID:6332
- C:\Windows\System\toKJSMa.exe
  C:\Windows\System\toKJSMa.exe
  2⤵
  PID:6348
- C:\Windows\System\FjHXCDi.exe
  C:\Windows\System\FjHXCDi.exe
  2⤵
  PID:6364
- C:\Windows\System\pSKLDgR.exe
  C:\Windows\System\pSKLDgR.exe
  2⤵
  PID:6380
- C:\Windows\System\SsuuPPd.exe
  C:\Windows\System\SsuuPPd.exe
  2⤵
  PID:6400
- C:\Windows\System\BgQCryJ.exe
  C:\Windows\System\BgQCryJ.exe
  2⤵
  PID:6428
- C:\Windows\System\njrLaMk.exe
  C:\Windows\System\njrLaMk.exe
  2⤵
  PID:6444
- C:\Windows\System\jFHgXdV.exe
  C:\Windows\System\jFHgXdV.exe
  2⤵
  PID:6464
- C:\Windows\System\VBeOoWP.exe
  C:\Windows\System\VBeOoWP.exe
  2⤵
  PID:6488
- C:\Windows\System\ssbUYrI.exe
  C:\Windows\System\ssbUYrI.exe
  2⤵
  PID:6508
- C:\Windows\System\ZcwMdKf.exe
  C:\Windows\System\ZcwMdKf.exe
  2⤵
  PID:6540
- C:\Windows\System\nPcBPVK.exe
  C:\Windows\System\nPcBPVK.exe
  2⤵
  PID:6556
- C:\Windows\System\VuQxXQY.exe
  C:\Windows\System\VuQxXQY.exe
  2⤵
  PID:6572
- C:\Windows\System\KkHyszS.exe
  C:\Windows\System\KkHyszS.exe
  2⤵
  PID:6588
- C:\Windows\System\ZfpNLJo.exe
  C:\Windows\System\ZfpNLJo.exe
  2⤵
  PID:6604
- C:\Windows\System\GYuOpLL.exe
  C:\Windows\System\GYuOpLL.exe
  2⤵
  PID:6644
- C:\Windows\System\iOPDDFs.exe
  C:\Windows\System\iOPDDFs.exe
  2⤵
  PID:6660
- C:\Windows\System\YzbxXkL.exe
  C:\Windows\System\YzbxXkL.exe
  2⤵
  PID:6676
- C:\Windows\System\fLiDFrG.exe
  C:\Windows\System\fLiDFrG.exe
  2⤵
  PID:6692
- C:\Windows\System\HFdjbIA.exe
  C:\Windows\System\HFdjbIA.exe
  2⤵
  PID:6708
- C:\Windows\System\bbJmEDa.exe
  C:\Windows\System\bbJmEDa.exe
  2⤵
  PID:6732
- C:\Windows\System\zoShjiA.exe
  C:\Windows\System\zoShjiA.exe
  2⤵
  PID:6748
- C:\Windows\System\owxtRES.exe
  C:\Windows\System\owxtRES.exe
  2⤵
  PID:6764
- C:\Windows\System\qPuKhpJ.exe
  C:\Windows\System\qPuKhpJ.exe
  2⤵
  PID:6788
- C:\Windows\System\EprBWEa.exe
  C:\Windows\System\EprBWEa.exe
  2⤵
  PID:6808
- C:\Windows\System\wSHEkCZ.exe
  C:\Windows\System\wSHEkCZ.exe
  2⤵
  PID:6824
- C:\Windows\System\EzQlVIN.exe
  C:\Windows\System\EzQlVIN.exe
  2⤵
  PID:6856
- C:\Windows\System\uttScfL.exe
  C:\Windows\System\uttScfL.exe
  2⤵
  PID:6876
- C:\Windows\System\hVWdLPn.exe
  C:\Windows\System\hVWdLPn.exe
  2⤵
  PID:6892
- C:\Windows\System\bpvlLfN.exe
  C:\Windows\System\bpvlLfN.exe
  2⤵
  PID:6908
- C:\Windows\System\ofdjuxG.exe
  C:\Windows\System\ofdjuxG.exe
  2⤵
  PID:6932
- C:\Windows\System\Bjcmylg.exe
  C:\Windows\System\Bjcmylg.exe
  2⤵
  PID:6960
- C:\Windows\System\aWghpnU.exe
  C:\Windows\System\aWghpnU.exe
  2⤵
  PID:6976
- C:\Windows\System\kVRbbrV.exe
  C:\Windows\System\kVRbbrV.exe
  2⤵
  PID:6992
- C:\Windows\System\XvYkwVh.exe
  C:\Windows\System\XvYkwVh.exe
  2⤵
  PID:7008
- C:\Windows\System\KMOMyvF.exe
  C:\Windows\System\KMOMyvF.exe
  2⤵
  PID:7028
- C:\Windows\System\RckHIaT.exe
  C:\Windows\System\RckHIaT.exe
  2⤵
  PID:7044
- C:\Windows\System\rfumTQu.exe
  C:\Windows\System\rfumTQu.exe
  2⤵
  PID:7060
- C:\Windows\System\QOOkauW.exe
  C:\Windows\System\QOOkauW.exe
  2⤵
  PID:7076
- C:\Windows\System\HAPTxik.exe
  C:\Windows\System\HAPTxik.exe
  2⤵
  PID:7096
- C:\Windows\System\qzhquNZ.exe
  C:\Windows\System\qzhquNZ.exe
  2⤵
  PID:7120
- C:\Windows\System\sNyEGmp.exe
  C:\Windows\System\sNyEGmp.exe
  2⤵
  PID:7136
- C:\Windows\System\mqZLdcO.exe
  C:\Windows\System\mqZLdcO.exe
  2⤵
  PID:7152
- C:\Windows\System\tvucHYD.exe
  C:\Windows\System\tvucHYD.exe
  2⤵
  PID:5328
- C:\Windows\System\VYGSuqT.exe
  C:\Windows\System\VYGSuqT.exe
  2⤵
  PID:6212
- C:\Windows\System\OGFQCww.exe
  C:\Windows\System\OGFQCww.exe
  2⤵
  PID:6300
- C:\Windows\System\vVbEIQQ.exe
  C:\Windows\System\vVbEIQQ.exe
  2⤵
  PID:6312
- C:\Windows\System\QwoGvIs.exe
  C:\Windows\System\QwoGvIs.exe
  2⤵
  PID:5376
- C:\Windows\System\wamDQeO.exe
  C:\Windows\System\wamDQeO.exe
  2⤵
  PID:6196
- C:\Windows\System\AzwZSJA.exe
  C:\Windows\System\AzwZSJA.exe
  2⤵
  PID:6372
- C:\Windows\System\QETMATY.exe
  C:\Windows\System\QETMATY.exe
  2⤵
  PID:6420
- C:\Windows\System\PrSlHvx.exe
  C:\Windows\System\PrSlHvx.exe
  2⤵
  PID:5224
- C:\Windows\System\UkdyBfU.exe
  C:\Windows\System\UkdyBfU.exe
  2⤵
  PID:6456
- C:\Windows\System\fqvzUbw.exe
  C:\Windows\System\fqvzUbw.exe
  2⤵
  PID:6240
- C:\Windows\System\UBpmZNZ.exe
  C:\Windows\System\UBpmZNZ.exe
  2⤵
  PID:6392
- C:\Windows\System\HJynRhw.exe
  C:\Windows\System\HJynRhw.exe
  2⤵
  PID:6472
- C:\Windows\System\WpJqIAD.exe
  C:\Windows\System\WpJqIAD.exe
  2⤵
  PID:6480
- C:\Windows\System\ePOeeLa.exe
  C:\Windows\System\ePOeeLa.exe
  2⤵
  PID:6528
- C:\Windows\System\ByCQCew.exe
  C:\Windows\System\ByCQCew.exe
  2⤵
  PID:6504
- C:\Windows\System\XvBBtYk.exe
  C:\Windows\System\XvBBtYk.exe
  2⤵
  PID:6580
- C:\Windows\System\WGsGBpp.exe
  C:\Windows\System\WGsGBpp.exe
  2⤵
  PID:6568
- C:\Windows\System\qrPYVQA.exe
  C:\Windows\System\qrPYVQA.exe
  2⤵
  PID:6616
- C:\Windows\System\fPciqLN.exe
  C:\Windows\System\fPciqLN.exe
  2⤵
  PID:6628
- C:\Windows\System\ySJlBqP.exe
  C:\Windows\System\ySJlBqP.exe
  2⤵
  PID:6700
- C:\Windows\System\NngxNEe.exe
  C:\Windows\System\NngxNEe.exe
  2⤵
  PID:6688
- C:\Windows\System\AtsCfBz.exe
  C:\Windows\System\AtsCfBz.exe
  2⤵
  PID:6740
- C:\Windows\System\dCdfYZw.exe
  C:\Windows\System\dCdfYZw.exe
  2⤵
  PID:6800
- C:\Windows\System\NbggznH.exe
  C:\Windows\System\NbggznH.exe
  2⤵
  PID:6820
- C:\Windows\System\jlfBkWA.exe
  C:\Windows\System\jlfBkWA.exe
  2⤵
  PID:6836
- C:\Windows\System\VXtVfjs.exe
  C:\Windows\System\VXtVfjs.exe
  2⤵
  PID:6720
- C:\Windows\System\cTYJLOq.exe
  C:\Windows\System\cTYJLOq.exe
  2⤵
  PID:6900
- C:\Windows\System\aphDtRk.exe
  C:\Windows\System\aphDtRk.exe
  2⤵
  PID:6952
- C:\Windows\System\mvLGUSg.exe
  C:\Windows\System\mvLGUSg.exe
  2⤵
  PID:6848
- C:\Windows\System\rqsMjEw.exe
  C:\Windows\System\rqsMjEw.exe
  2⤵
  PID:6924
- C:\Windows\System\gmUnkrG.exe
  C:\Windows\System\gmUnkrG.exe
  2⤵
  PID:6916
- C:\Windows\System\akEpeMG.exe
  C:\Windows\System\akEpeMG.exe
  2⤵
  PID:7020
- C:\Windows\System\memKJaf.exe
  C:\Windows\System\memKJaf.exe
  2⤵
  PID:7084
- C:\Windows\System\nEjOHVU.exe
  C:\Windows\System\nEjOHVU.exe
  2⤵
  PID:7072
- C:\Windows\System\ARDIYdY.exe
  C:\Windows\System\ARDIYdY.exe
  2⤵
  PID:7004
- C:\Windows\System\ALlFbNO.exe
  C:\Windows\System\ALlFbNO.exe
  2⤵
  PID:7132
- C:\Windows\System\gqGXIjU.exe
  C:\Windows\System\gqGXIjU.exe
  2⤵
  PID:5172
- C:\Windows\System\TLsqWXG.exe
  C:\Windows\System\TLsqWXG.exe
  2⤵
  PID:6292
- C:\Windows\System\YHOffSr.exe
  C:\Windows\System\YHOffSr.exe
  2⤵
  PID:5080
- C:\Windows\System\jHbkdFt.exe
  C:\Windows\System\jHbkdFt.exe
  2⤵
  PID:7068
- C:\Windows\System\WUdwuDX.exe
  C:\Windows\System\WUdwuDX.exe
  2⤵
  PID:7116
- C:\Windows\System\SbkHaMq.exe
  C:\Windows\System\SbkHaMq.exe
  2⤵
  PID:6176
- C:\Windows\System\ZqWNdJQ.exe
  C:\Windows\System\ZqWNdJQ.exe
  2⤵
  PID:5404
- C:\Windows\System\EjPkIhx.exe
  C:\Windows\System\EjPkIhx.exe
  2⤵
  PID:6452
- C:\Windows\System\LopqVBz.exe
  C:\Windows\System\LopqVBz.exe
  2⤵
  PID:6172
- C:\Windows\System\NQnUYzT.exe
  C:\Windows\System\NQnUYzT.exe
  2⤵
  PID:6524
- C:\Windows\System\BruxdPh.exe
  C:\Windows\System\BruxdPh.exe
  2⤵
  PID:6520
- C:\Windows\System\dhqnatq.exe
  C:\Windows\System\dhqnatq.exe
  2⤵
  PID:6552
- C:\Windows\System\MMCpGta.exe
  C:\Windows\System\MMCpGta.exe
  2⤵
  PID:6632
- C:\Windows\System\LvCnQgx.exe
  C:\Windows\System\LvCnQgx.exe
  2⤵
  PID:6684
- C:\Windows\System\kgpRita.exe
  C:\Windows\System\kgpRita.exe
  2⤵
  PID:6760
- C:\Windows\System\MFEsHkC.exe
  C:\Windows\System\MFEsHkC.exe
  2⤵
  PID:6816
- C:\Windows\System\ImArhdm.exe
  C:\Windows\System\ImArhdm.exe
  2⤵
  PID:6948
- C:\Windows\System\MYUTDmk.exe
  C:\Windows\System\MYUTDmk.exe
  2⤵
  PID:6872
- C:\Windows\System\HqzRAkB.exe
  C:\Windows\System\HqzRAkB.exe
  2⤵
  PID:6884
- C:\Windows\System\fCdfMwp.exe
  C:\Windows\System\fCdfMwp.exe
  2⤵
  PID:7164
- C:\Windows\System\gMpPZxj.exe
  C:\Windows\System\gMpPZxj.exe
  2⤵
  PID:6228
- C:\Windows\System\QoBEGYt.exe
  C:\Windows\System\QoBEGYt.exe
  2⤵
  PID:6272
- C:\Windows\System\ERRgToZ.exe
  C:\Windows\System\ERRgToZ.exe
  2⤵
  PID:6988
- C:\Windows\System\iMdggbM.exe
  C:\Windows\System\iMdggbM.exe
  2⤵
  PID:7148
- C:\Windows\System\QVDsGCT.exe
  C:\Windows\System\QVDsGCT.exe
  2⤵
  PID:6476
- C:\Windows\System\NxjBpzS.exe
  C:\Windows\System\NxjBpzS.exe
  2⤵
  PID:6236
- C:\Windows\System\fusPLgd.exe
  C:\Windows\System\fusPLgd.exe
  2⤵
  PID:6940
- C:\Windows\System\LKqCjnX.exe
  C:\Windows\System\LKqCjnX.exe
  2⤵
  PID:6724
- C:\Windows\System\DANWCGo.exe
  C:\Windows\System\DANWCGo.exe
  2⤵
  PID:5260
- C:\Windows\System\nSmDibv.exe
  C:\Windows\System\nSmDibv.exe
  2⤵
  PID:6496
- C:\Windows\System\uEfXvWT.exe
  C:\Windows\System\uEfXvWT.exe
  2⤵
  PID:7000
- C:\Windows\System\EsmdpOr.exe
  C:\Windows\System\EsmdpOr.exe
  2⤵
  PID:6232
- C:\Windows\System\wwAXwGZ.exe
  C:\Windows\System\wwAXwGZ.exe
  2⤵
  PID:6324
- C:\Windows\System\XDTSYuy.exe
  C:\Windows\System\XDTSYuy.exe
  2⤵
  PID:6944
- C:\Windows\System\FQbOHgL.exe
  C:\Windows\System\FQbOHgL.exe
  2⤵
  PID:6868
- C:\Windows\System\cKRduWM.exe
  C:\Windows\System\cKRduWM.exe
  2⤵
  PID:6296
- C:\Windows\System\CcodzLd.exe
  C:\Windows\System\CcodzLd.exe
  2⤵
  PID:7180
- C:\Windows\System\UvbFxcy.exe
  C:\Windows\System\UvbFxcy.exe
  2⤵
  PID:7196
- C:\Windows\System\QrxbCyX.exe
  C:\Windows\System\QrxbCyX.exe
  2⤵
  PID:7224
- C:\Windows\System\xQwbuBG.exe
  C:\Windows\System\xQwbuBG.exe
  2⤵
  PID:7240
- C:\Windows\System\kwwlUah.exe
  C:\Windows\System\kwwlUah.exe
  2⤵
  PID:7256
- C:\Windows\System\KIyrGow.exe
  C:\Windows\System\KIyrGow.exe
  2⤵
  PID:7272
- C:\Windows\System\AXGYZkD.exe
  C:\Windows\System\AXGYZkD.exe
  2⤵
  PID:7288
- C:\Windows\System\tNmsHjA.exe
  C:\Windows\System\tNmsHjA.exe
  2⤵
  PID:7328
- C:\Windows\System\ephxuYv.exe
  C:\Windows\System\ephxuYv.exe
  2⤵
  PID:7348
- C:\Windows\System\OOLQSCV.exe
  C:\Windows\System\OOLQSCV.exe
  2⤵
  PID:7364
- C:\Windows\System\YKREgpL.exe
  C:\Windows\System\YKREgpL.exe
  2⤵
  PID:7384
- C:\Windows\System\CeMftAt.exe
  C:\Windows\System\CeMftAt.exe
  2⤵
  PID:7408
- C:\Windows\System\RRXUURE.exe
  C:\Windows\System\RRXUURE.exe
  2⤵
  PID:7424
- C:\Windows\System\wZdJpdF.exe
  C:\Windows\System\wZdJpdF.exe
  2⤵
  PID:7440
- C:\Windows\System\FRZbxcl.exe
  C:\Windows\System\FRZbxcl.exe
  2⤵
  PID:7456
- C:\Windows\System\YppOuam.exe
  C:\Windows\System\YppOuam.exe
  2⤵
  PID:7472
- C:\Windows\System\hIHCRRU.exe
  C:\Windows\System\hIHCRRU.exe
  2⤵
  PID:7496
- C:\Windows\System\waHsFOO.exe
  C:\Windows\System\waHsFOO.exe
  2⤵
  PID:7516
- C:\Windows\System\zdnyBsm.exe
  C:\Windows\System\zdnyBsm.exe
  2⤵
  PID:7540
- C:\Windows\System\BBYTojW.exe
  C:\Windows\System\BBYTojW.exe
  2⤵
  PID:7556
- C:\Windows\System\TldPJIs.exe
  C:\Windows\System\TldPJIs.exe
  2⤵
  PID:7572
- C:\Windows\System\LOVrqcS.exe
  C:\Windows\System\LOVrqcS.exe
  2⤵
  PID:7592
- C:\Windows\System\rLdzCtr.exe
  C:\Windows\System\rLdzCtr.exe
  2⤵
  PID:7608
- C:\Windows\System\rewXJsb.exe
  C:\Windows\System\rewXJsb.exe
  2⤵
  PID:7628
- C:\Windows\System\uTnVojP.exe
  C:\Windows\System\uTnVojP.exe
  2⤵
  PID:7644
- C:\Windows\System\ATpDrBx.exe
  C:\Windows\System\ATpDrBx.exe
  2⤵
  PID:7660
- C:\Windows\System\htAXkNd.exe
  C:\Windows\System\htAXkNd.exe
  2⤵
  PID:7676
- C:\Windows\System\zhWsQmZ.exe
  C:\Windows\System\zhWsQmZ.exe
  2⤵
  PID:7692
- C:\Windows\System\GmrjoTq.exe
  C:\Windows\System\GmrjoTq.exe
  2⤵
  PID:7728
- C:\Windows\System\bIRKqhK.exe
  C:\Windows\System\bIRKqhK.exe
  2⤵
  PID:7744
- C:\Windows\System\grLvcjs.exe
  C:\Windows\System\grLvcjs.exe
  2⤵
  PID:7760
- C:\Windows\System\xHMLnKm.exe
  C:\Windows\System\xHMLnKm.exe
  2⤵
  PID:7812
- C:\Windows\System\nXdZcPM.exe
  C:\Windows\System\nXdZcPM.exe
  2⤵
  PID:7828
- C:\Windows\System\RaGVqjr.exe
  C:\Windows\System\RaGVqjr.exe
  2⤵
  PID:7844
- C:\Windows\System\JHqAKOa.exe
  C:\Windows\System\JHqAKOa.exe
  2⤵
  PID:7860
- C:\Windows\System\aWauKWJ.exe
  C:\Windows\System\aWauKWJ.exe
  2⤵
  PID:7876
- C:\Windows\System\FDgfiUL.exe
  C:\Windows\System\FDgfiUL.exe
  2⤵
  PID:7892
- C:\Windows\System\RgDeslK.exe
  C:\Windows\System\RgDeslK.exe
  2⤵
  PID:7908
- C:\Windows\System\vipGDwg.exe
  C:\Windows\System\vipGDwg.exe
  2⤵
  PID:7924
- C:\Windows\System\rWXQsEq.exe
  C:\Windows\System\rWXQsEq.exe
  2⤵
  PID:7944
- C:\Windows\System\wNlKNvD.exe
  C:\Windows\System\wNlKNvD.exe
  2⤵
  PID:7960
- C:\Windows\System\uCbGCnj.exe
  C:\Windows\System\uCbGCnj.exe
  2⤵
  PID:7976
- C:\Windows\System\KIAKDVD.exe
  C:\Windows\System\KIAKDVD.exe
  2⤵
  PID:7992
- C:\Windows\System\yLFPehk.exe
  C:\Windows\System\yLFPehk.exe
  2⤵
  PID:8008
- C:\Windows\System\eyFnIxT.exe
  C:\Windows\System\eyFnIxT.exe
  2⤵
  PID:8024
- C:\Windows\System\OIelDMJ.exe
  C:\Windows\System\OIelDMJ.exe
  2⤵
  PID:8040
- C:\Windows\System\npvLCFY.exe
  C:\Windows\System\npvLCFY.exe
  2⤵
  PID:8056
- C:\Windows\System\XRsNWVr.exe
  C:\Windows\System\XRsNWVr.exe
  2⤵
  PID:8072
- C:\Windows\System\iihVDLH.exe
  C:\Windows\System\iihVDLH.exe
  2⤵
  PID:8088
- C:\Windows\System\JlSYHSD.exe
  C:\Windows\System\JlSYHSD.exe
  2⤵
  PID:8104
- C:\Windows\System\SyYyFWF.exe
  C:\Windows\System\SyYyFWF.exe
  2⤵
  PID:8120
- C:\Windows\System\VYhjVhs.exe
  C:\Windows\System\VYhjVhs.exe
  2⤵
  PID:8136
- C:\Windows\System\BPBAtIR.exe
  C:\Windows\System\BPBAtIR.exe
  2⤵
  PID:8152
- C:\Windows\System\FcnegAY.exe
  C:\Windows\System\FcnegAY.exe
  2⤵
  PID:8168
- C:\Windows\System\AhrvMty.exe
  C:\Windows\System\AhrvMty.exe
  2⤵
  PID:8184
- C:\Windows\System\rcBCWHl.exe
  C:\Windows\System\rcBCWHl.exe
  2⤵
  PID:5364
- C:\Windows\System\HqkYwVH.exe
  C:\Windows\System\HqkYwVH.exe
  2⤵
  PID:5640
- C:\Windows\System\oFsWfXC.exe
  C:\Windows\System\oFsWfXC.exe
  2⤵
  PID:7172
- C:\Windows\System\sQqBpfG.exe
  C:\Windows\System\sQqBpfG.exe
  2⤵
  PID:7204
- C:\Windows\System\koxOYJJ.exe
  C:\Windows\System\koxOYJJ.exe
  2⤵
  PID:7212
- C:\Windows\System\NSXsjUD.exe
  C:\Windows\System\NSXsjUD.exe
  2⤵
  PID:7252
- C:\Windows\System\ZNttCGx.exe
  C:\Windows\System\ZNttCGx.exe
  2⤵
  PID:7340
- C:\Windows\System\GgAhROa.exe
  C:\Windows\System\GgAhROa.exe
  2⤵
  PID:7376
- C:\Windows\System\fWvgyVr.exe
  C:\Windows\System\fWvgyVr.exe
  2⤵
  PID:7264
- C:\Windows\System\CWnzpnT.exe
  C:\Windows\System\CWnzpnT.exe
  2⤵
  PID:7316
- C:\Windows\System\KwIHpuu.exe
  C:\Windows\System\KwIHpuu.exe
  2⤵
  PID:7304
- C:\Windows\System\fKJDuyi.exe
  C:\Windows\System\fKJDuyi.exe
  2⤵
  PID:7360
- C:\Windows\System\fjncUjT.exe
  C:\Windows\System\fjncUjT.exe
  2⤵
  PID:7416
- C:\Windows\System\TXUIWur.exe
  C:\Windows\System\TXUIWur.exe
  2⤵
  PID:7420
- C:\Windows\System\UfdDWuw.exe
  C:\Windows\System\UfdDWuw.exe
  2⤵
  PID:7452
- C:\Windows\System\UIgmCva.exe
  C:\Windows\System\UIgmCva.exe
  2⤵
  PID:7480
- C:\Windows\System\KRyeJtx.exe
  C:\Windows\System\KRyeJtx.exe
  2⤵
  PID:7548
- C:\Windows\System\jbimPgC.exe
  C:\Windows\System\jbimPgC.exe
  2⤵
  PID:7528
- C:\Windows\System\dMFeKiy.exe
  C:\Windows\System\dMFeKiy.exe
  2⤵
  PID:7604
- C:\Windows\System\TWGdHKr.exe
  C:\Windows\System\TWGdHKr.exe
  2⤵
  PID:7616
- C:\Windows\System\jGHvrPO.exe
  C:\Windows\System\jGHvrPO.exe
  2⤵
  PID:7656
- C:\Windows\System\yiucFog.exe
  C:\Windows\System\yiucFog.exe
  2⤵
  PID:7708
- C:\Windows\System\LqpnzZY.exe
  C:\Windows\System\LqpnzZY.exe
  2⤵
  PID:7640
- C:\Windows\System\FkxDsCt.exe
  C:\Windows\System\FkxDsCt.exe
  2⤵
  PID:7684
- C:\Windows\System\QpBvCFu.exe
  C:\Windows\System\QpBvCFu.exe
  2⤵
  PID:7756
- C:\Windows\System\OMbOWgR.exe
  C:\Windows\System\OMbOWgR.exe
  2⤵
  PID:7784
- C:\Windows\System\gdWsZrf.exe
  C:\Windows\System\gdWsZrf.exe
  2⤵
  PID:7792
- C:\Windows\System\McxeHFO.exe
  C:\Windows\System\McxeHFO.exe
  2⤵
  PID:7804
- C:\Windows\System\MdFLeqX.exe
  C:\Windows\System\MdFLeqX.exe
  2⤵
  PID:7820
- C:\Windows\System\FHIppPL.exe
  C:\Windows\System\FHIppPL.exe
  2⤵
  PID:7888
- C:\Windows\System\azxZRVU.exe
  C:\Windows\System\azxZRVU.exe
  2⤵
  PID:7956
- C:\Windows\System\fQrnhZc.exe
  C:\Windows\System\fQrnhZc.exe
  2⤵
  PID:8020
- C:\Windows\System\qzqdJHR.exe
  C:\Windows\System\qzqdJHR.exe
  2⤵
  PID:8000
- C:\Windows\System\vmvzkUk.exe
  C:\Windows\System\vmvzkUk.exe
  2⤵
  PID:7940
- C:\Windows\System\oqHVKyZ.exe
  C:\Windows\System\oqHVKyZ.exe
  2⤵
  PID:8004
- C:\Windows\System\cGVwptD.exe
  C:\Windows\System\cGVwptD.exe
  2⤵
  PID:8080
- C:\Windows\System\hHohiUr.exe
  C:\Windows\System\hHohiUr.exe
  2⤵
  PID:8148
- C:\Windows\System\sWxoGwL.exe
  C:\Windows\System\sWxoGwL.exe
  2⤵
  PID:8068
- C:\Windows\System\FusIiXo.exe
  C:\Windows\System\FusIiXo.exe
  2⤵
  PID:8132
- C:\Windows\System\tGoXeiw.exe
  C:\Windows\System\tGoXeiw.exe
  2⤵
  PID:6784
- C:\Windows\System\lIfNUSk.exe
  C:\Windows\System\lIfNUSk.exe
  2⤵
  PID:6532
- C:\Windows\System\XgzkTmT.exe
  C:\Windows\System\XgzkTmT.exe
  2⤵
  PID:6436
- C:\Windows\System\hByAZoH.exe
  C:\Windows\System\hByAZoH.exe
  2⤵
  PID:7372
- C:\Windows\System\OERVXOu.exe
  C:\Windows\System\OERVXOu.exe
  2⤵
  PID:7400
- C:\Windows\System\QgFEtFw.exe
  C:\Windows\System\QgFEtFw.exe
  2⤵
  PID:7532
- C:\Windows\System\UuoERkC.exe
  C:\Windows\System\UuoERkC.exe
  2⤵
  PID:7284
- C:\Windows\System\iZKTECO.exe
  C:\Windows\System\iZKTECO.exe
  2⤵
  PID:7512
- C:\Windows\System\MlSfXGd.exe
  C:\Windows\System\MlSfXGd.exe
  2⤵
  PID:7468
- C:\Windows\System\TsenjeD.exe
  C:\Windows\System\TsenjeD.exe
  2⤵
  PID:7700
- C:\Windows\System\nnjHUcg.exe
  C:\Windows\System\nnjHUcg.exe
  2⤵
  PID:7624
- C:\Windows\System\KIZGSPh.exe
  C:\Windows\System\KIZGSPh.exe
  2⤵
  PID:7800
- C:\Windows\System\XsySAQl.exe
  C:\Windows\System\XsySAQl.exe
  2⤵
  PID:7856
- C:\Windows\System\VxruLvE.exe
  C:\Windows\System\VxruLvE.exe
  2⤵
  PID:7836
- C:\Windows\System\UuXjYWD.exe
  C:\Windows\System\UuXjYWD.exe
  2⤵
  PID:7884
- C:\Windows\System\hKknOqL.exe
  C:\Windows\System\hKknOqL.exe
  2⤵
  PID:8112
- C:\Windows\System\LzcSKXq.exe
  C:\Windows\System\LzcSKXq.exe
  2⤵
  PID:7952
- C:\Windows\System\sdNWfZC.exe
  C:\Windows\System\sdNWfZC.exe
  2⤵
  PID:6388
- C:\Windows\System\qZBOkGd.exe
  C:\Windows\System\qZBOkGd.exe
  2⤵
  PID:7972
- C:\Windows\System\TOoUnpQ.exe
  C:\Windows\System\TOoUnpQ.exe
  2⤵
  PID:8128
- C:\Windows\System\yQqPDvG.exe
  C:\Windows\System\yQqPDvG.exe
  2⤵
  PID:7320
- C:\Windows\System\hYKBkKm.exe
  C:\Windows\System\hYKBkKm.exe
  2⤵
  PID:7248
- C:\Windows\System\PpsUuIm.exe
  C:\Windows\System\PpsUuIm.exe
  2⤵
  PID:7280
- C:\Windows\System\DoTUjMz.exe
  C:\Windows\System\DoTUjMz.exe
  2⤵
  PID:7508
- C:\Windows\System\SXgLiXH.exe
  C:\Windows\System\SXgLiXH.exe
  2⤵
  PID:7492
- C:\Windows\System\pzbkyiL.exe
  C:\Windows\System\pzbkyiL.exe
  2⤵
  PID:7920
- C:\Windows\System\pqOxZsb.exe
  C:\Windows\System\pqOxZsb.exe
  2⤵
  PID:1184
- C:\Windows\System\hDjuvxv.exe
  C:\Windows\System\hDjuvxv.exe
  2⤵
  PID:8144
- C:\Windows\System\kzoRFZj.exe
  C:\Windows\System\kzoRFZj.exe
  2⤵
  PID:7312
- C:\Windows\System\FoZmWyK.exe
  C:\Windows\System\FoZmWyK.exe
  2⤵
  PID:7128
- C:\Windows\System\VHQJIMs.exe
  C:\Windows\System\VHQJIMs.exe
  2⤵
  PID:7588
- C:\Windows\System\AMazsWZ.exe
  C:\Windows\System\AMazsWZ.exe
  2⤵
  PID:8204
- C:\Windows\System\HHTPgNU.exe
  C:\Windows\System\HHTPgNU.exe
  2⤵
  PID:8224
- C:\Windows\System\QoJFajo.exe
  C:\Windows\System\QoJFajo.exe
  2⤵
  PID:8240
- C:\Windows\System\ZmlkECG.exe
  C:\Windows\System\ZmlkECG.exe
  2⤵
  PID:8256
- C:\Windows\System\DsePnaa.exe
  C:\Windows\System\DsePnaa.exe
  2⤵
  PID:8272
- C:\Windows\System\LSHufqS.exe
  C:\Windows\System\LSHufqS.exe
  2⤵
  PID:8456
- C:\Windows\System\eyswtnf.exe
  C:\Windows\System\eyswtnf.exe
  2⤵
  PID:8472
- C:\Windows\System\dBhEfDP.exe
  C:\Windows\System\dBhEfDP.exe
  2⤵
  PID:8488
- C:\Windows\System\NTYCCzo.exe
  C:\Windows\System\NTYCCzo.exe
  2⤵
  PID:8504
- C:\Windows\System\ncHvVRz.exe
  C:\Windows\System\ncHvVRz.exe
  2⤵
  PID:8520
- C:\Windows\System\xjFGcfq.exe
  C:\Windows\System\xjFGcfq.exe
  2⤵
  PID:8536
- C:\Windows\System\LOFZsGi.exe
  C:\Windows\System\LOFZsGi.exe
  2⤵
  PID:8552
- C:\Windows\System\RtPMLTh.exe
  C:\Windows\System\RtPMLTh.exe
  2⤵
  PID:8568
- C:\Windows\System\pPuYicw.exe
  C:\Windows\System\pPuYicw.exe
  2⤵
  PID:8584
- C:\Windows\System\XOAandq.exe
  C:\Windows\System\XOAandq.exe
  2⤵
  PID:8600
- C:\Windows\System\SMTgYcw.exe
  C:\Windows\System\SMTgYcw.exe
  2⤵
  PID:8616
- C:\Windows\System\QZIsRpN.exe
  C:\Windows\System\QZIsRpN.exe
  2⤵
  PID:8632
- C:\Windows\System\huXUxtJ.exe
  C:\Windows\System\huXUxtJ.exe
  2⤵
  PID:8648
- C:\Windows\System\fOgPePb.exe
  C:\Windows\System\fOgPePb.exe
  2⤵
  PID:8664
- C:\Windows\System\ZOCooWv.exe
  C:\Windows\System\ZOCooWv.exe
  2⤵
  PID:8680
- C:\Windows\System\AUPUwJg.exe
  C:\Windows\System\AUPUwJg.exe
  2⤵
  PID:8696
- C:\Windows\System\HlGotWA.exe
  C:\Windows\System\HlGotWA.exe
  2⤵
  PID:8712
- C:\Windows\System\HgyIbzr.exe
  C:\Windows\System\HgyIbzr.exe
  2⤵
  PID:8728
- C:\Windows\System\HJYHPbq.exe
  C:\Windows\System\HJYHPbq.exe
  2⤵
  PID:8748
- C:\Windows\System\DOkNwBQ.exe
  C:\Windows\System\DOkNwBQ.exe
  2⤵
  PID:8764
- C:\Windows\System\KYasvfw.exe
  C:\Windows\System\KYasvfw.exe
  2⤵
  PID:8780
- C:\Windows\System\cNstsuE.exe
  C:\Windows\System\cNstsuE.exe
  2⤵
  PID:8800
- C:\Windows\System\GeLDXdH.exe
  C:\Windows\System\GeLDXdH.exe
  2⤵
  PID:8816
- C:\Windows\System\NVLPXNw.exe
  C:\Windows\System\NVLPXNw.exe
  2⤵
  PID:8832
- C:\Windows\System\xlAAbcy.exe
  C:\Windows\System\xlAAbcy.exe
  2⤵
  PID:8848
- C:\Windows\System\UQamDDD.exe
  C:\Windows\System\UQamDDD.exe
  2⤵
  PID:8864
- C:\Windows\System\TRMyWaU.exe
  C:\Windows\System\TRMyWaU.exe
  2⤵
  PID:8884
- C:\Windows\System\RnbGOpH.exe
  C:\Windows\System\RnbGOpH.exe
  2⤵
  PID:8900
- C:\Windows\System\rJcdDXY.exe
  C:\Windows\System\rJcdDXY.exe
  2⤵
  PID:8916
- C:\Windows\System\PPmeSSA.exe
  C:\Windows\System\PPmeSSA.exe
  2⤵
  PID:8932
- C:\Windows\System\MSZKdVG.exe
  C:\Windows\System\MSZKdVG.exe
  2⤵
  PID:8948
- C:\Windows\System\pHGkuvL.exe
  C:\Windows\System\pHGkuvL.exe
  2⤵
  PID:8972
- C:\Windows\System\iELNsaj.exe
  C:\Windows\System\iELNsaj.exe
  2⤵
  PID:8988
- C:\Windows\System\fXyAviq.exe
  C:\Windows\System\fXyAviq.exe
  2⤵
  PID:9004
- C:\Windows\System\nchLvOk.exe
  C:\Windows\System\nchLvOk.exe
  2⤵
  PID:9024
- C:\Windows\System\llIfgLf.exe
  C:\Windows\System\llIfgLf.exe
  2⤵
  PID:9044
- C:\Windows\System\dbXRVWK.exe
  C:\Windows\System\dbXRVWK.exe
  2⤵
  PID:9068
- C:\Windows\System\MlNIFgm.exe
  C:\Windows\System\MlNIFgm.exe
  2⤵
  PID:9092
- C:\Windows\System\oDQGTEn.exe
  C:\Windows\System\oDQGTEn.exe
  2⤵
  PID:9112
- C:\Windows\System\elUHoeO.exe
  C:\Windows\System\elUHoeO.exe
  2⤵
  PID:9132
- C:\Windows\System\KHcJSMk.exe
  C:\Windows\System\KHcJSMk.exe
  2⤵
  PID:9156
- C:\Windows\System\XHaTWHY.exe
  C:\Windows\System\XHaTWHY.exe
  2⤵
  PID:9176
- C:\Windows\System\XBWLLZf.exe
  C:\Windows\System\XBWLLZf.exe
  2⤵
  PID:9192
- C:\Windows\System\XiIaOru.exe
  C:\Windows\System\XiIaOru.exe
  2⤵
  PID:9212
- C:\Windows\System\nZnFQTf.exe
  C:\Windows\System\nZnFQTf.exe
  2⤵
  PID:7904
- C:\Windows\System\oTWFptl.exe
  C:\Windows\System\oTWFptl.exe
  2⤵
  PID:7052
- C:\Windows\System\AVfWqoQ.exe
  C:\Windows\System\AVfWqoQ.exe
  2⤵
  PID:8248
- C:\Windows\System\JWHJwTw.exe
  C:\Windows\System\JWHJwTw.exe
  2⤵
  PID:7932
- C:\Windows\System\AgbOJEE.exe
  C:\Windows\System\AgbOJEE.exe
  2⤵
  PID:7724
- C:\Windows\System\knAFBUA.exe
  C:\Windows\System\knAFBUA.exe
  2⤵
  PID:8064
- C:\Windows\System\ViFMVZm.exe
  C:\Windows\System\ViFMVZm.exe
  2⤵
  PID:8236
- C:\Windows\System\nZSijHI.exe
  C:\Windows\System\nZSijHI.exe
  2⤵
  PID:8288
- C:\Windows\System\HupFngq.exe
  C:\Windows\System\HupFngq.exe
  2⤵
  PID:8308
- C:\Windows\System\lspGZEb.exe
  C:\Windows\System\lspGZEb.exe
  2⤵
  PID:8324
- C:\Windows\System\qXPdynY.exe
  C:\Windows\System\qXPdynY.exe
  2⤵
  PID:8340
- C:\Windows\System\KyLXJdw.exe
  C:\Windows\System\KyLXJdw.exe
  2⤵
  PID:8356
- C:\Windows\System\zGVcwWo.exe
  C:\Windows\System\zGVcwWo.exe
  2⤵
  PID:8376
- C:\Windows\System\ijLjRgL.exe
  C:\Windows\System\ijLjRgL.exe
  2⤵
  PID:8448
- C:\Windows\System\mktXjaE.exe
  C:\Windows\System\mktXjaE.exe
  2⤵
  PID:8396
- C:\Windows\System\lFvMmla.exe
  C:\Windows\System\lFvMmla.exe
  2⤵
  PID:8412
- C:\Windows\System\YKjPyGs.exe
  C:\Windows\System\YKjPyGs.exe
  2⤵
  PID:8428
- C:\Windows\System\fIRJmES.exe
  C:\Windows\System\fIRJmES.exe
  2⤵
  PID:8480
- C:\Windows\System\RPCLGgX.exe
  C:\Windows\System\RPCLGgX.exe
  2⤵
  PID:8500
- C:\Windows\System\RsRvTwh.exe
  C:\Windows\System\RsRvTwh.exe
  2⤵
  PID:8468
- C:\Windows\System\eNJrQWQ.exe
  C:\Windows\System\eNJrQWQ.exe
  2⤵
  PID:8576
- C:\Windows\System\AopeXgr.exe
  C:\Windows\System\AopeXgr.exe
  2⤵
  PID:8608
- C:\Windows\System\gQGlher.exe
  C:\Windows\System\gQGlher.exe
  2⤵
  PID:8592
- C:\Windows\System\fFVrmDS.exe
  C:\Windows\System\fFVrmDS.exe
  2⤵
  PID:8660
- C:\Windows\System\WcTCzfn.exe
  C:\Windows\System\WcTCzfn.exe
  2⤵
  PID:8708
- C:\Windows\System\lqbJHwZ.exe
  C:\Windows\System\lqbJHwZ.exe
  2⤵
  PID:8720
- C:\Windows\System\RSssxdb.exe
  C:\Windows\System\RSssxdb.exe
  2⤵
  PID:8808
- C:\Windows\System\tzHieCs.exe
  C:\Windows\System\tzHieCs.exe
  2⤵
  PID:8756
- C:\Windows\System\FzFZmgK.exe
  C:\Windows\System\FzFZmgK.exe
  2⤵
  PID:8880
- C:\Windows\System\QNFvFbR.exe
  C:\Windows\System\QNFvFbR.exe
  2⤵
  PID:8824
- C:\Windows\System\LphZKmL.exe
  C:\Windows\System\LphZKmL.exe
  2⤵
  PID:8912
- C:\Windows\System\fKqDncX.exe
  C:\Windows\System\fKqDncX.exe
  2⤵
  PID:8928
- C:\Windows\System\hkmOJez.exe
  C:\Windows\System\hkmOJez.exe
  2⤵
  PID:8964
- C:\Windows\System\IVSiKIJ.exe
  C:\Windows\System\IVSiKIJ.exe
  2⤵
  PID:9000
- C:\Windows\System\umYlBDT.exe
  C:\Windows\System\umYlBDT.exe
  2⤵
  PID:9040
- C:\Windows\System\nKctcRX.exe
  C:\Windows\System\nKctcRX.exe
  2⤵
  PID:9060
- C:\Windows\System\AYbRPnP.exe
  C:\Windows\System\AYbRPnP.exe
  2⤵
  PID:9080
- C:\Windows\System\bLZeVqC.exe
  C:\Windows\System\bLZeVqC.exe
  2⤵
  PID:9140
- C:\Windows\System\IaxuvCf.exe
  C:\Windows\System\IaxuvCf.exe
  2⤵
  PID:9120
- C:\Windows\System\eyfLvQp.exe
  C:\Windows\System\eyfLvQp.exe
  2⤵
  PID:9184
- C:\Windows\System\NgylfWg.exe
  C:\Windows\System\NgylfWg.exe
  2⤵
  PID:8216
- C:\Windows\System\HEdfEso.exe
  C:\Windows\System\HEdfEso.exe
  2⤵
  PID:9168
- C:\Windows\System\UUxmyOS.exe
  C:\Windows\System\UUxmyOS.exe
  2⤵
  PID:9204
- C:\Windows\System\eHUeipy.exe
  C:\Windows\System\eHUeipy.exe
  2⤵
  PID:7504
- C:\Windows\System\tKXGUSO.exe
  C:\Windows\System\tKXGUSO.exe
  2⤵
  PID:8292
- C:\Windows\System\fdSfiwH.exe
  C:\Windows\System\fdSfiwH.exe
  2⤵
  PID:8336
- C:\Windows\System\NkAwkeI.exe
  C:\Windows\System\NkAwkeI.exe
  2⤵
  PID:8316
- C:\Windows\System\UUxVmWP.exe
  C:\Windows\System\UUxVmWP.exe
  2⤵
  PID:8388
- C:\Windows\System\wgYPihe.exe
  C:\Windows\System\wgYPihe.exe
  2⤵
  PID:8320
- C:\Windows\System\cXJdcWs.exe
  C:\Windows\System\cXJdcWs.exe
  2⤵
  PID:8404
- C:\Windows\System\sGhrwkf.exe
  C:\Windows\System\sGhrwkf.exe
  2⤵
  PID:8444
- C:\Windows\System\hNgodnx.exe
  C:\Windows\System\hNgodnx.exe
  2⤵
  PID:8560
- C:\Windows\System\oxNfhZp.exe
  C:\Windows\System\oxNfhZp.exe
  2⤵
  PID:8644
- C:\Windows\System\RgoYvcb.exe
  C:\Windows\System\RgoYvcb.exe
  2⤵
  PID:8704
- C:\Windows\System\VyIuWKZ.exe
  C:\Windows\System\VyIuWKZ.exe
  2⤵
  PID:8736
- C:\Windows\System\vGxdNrJ.exe
  C:\Windows\System\vGxdNrJ.exe
  2⤵
  PID:8876
- C:\Windows\System\zNOYKUO.exe
  C:\Windows\System\zNOYKUO.exe
  2⤵
  PID:8908
- C:\Windows\System\wPbdcVx.exe
  C:\Windows\System\wPbdcVx.exe
  2⤵
  PID:9076
- C:\Windows\System\vAoQekO.exe
  C:\Windows\System\vAoQekO.exe
  2⤵
  PID:7716
- C:\Windows\System\iaEUNJG.exe
  C:\Windows\System\iaEUNJG.exe
  2⤵
  PID:8232
- C:\Windows\System\PnASrap.exe
  C:\Windows\System\PnASrap.exe
  2⤵
  PID:9016
- C:\Windows\System\KMqvXFG.exe
  C:\Windows\System\KMqvXFG.exe
  2⤵
  PID:8788
- C:\Windows\System\djbtriR.exe
  C:\Windows\System\djbtriR.exe
  2⤵
  PID:2308
- C:\Windows\System\TPANLMO.exe
  C:\Windows\System\TPANLMO.exe
  2⤵
  PID:8464
- C:\Windows\System\PTqWEIb.exe
  C:\Windows\System\PTqWEIb.exe
  2⤵
  PID:9088
- C:\Windows\System\qDeDDdS.exe
  C:\Windows\System\qDeDDdS.exe
  2⤵
  PID:8724
- C:\Windows\System\MkEIrRo.exe
  C:\Windows\System\MkEIrRo.exe
  2⤵
  PID:7720
- C:\Windows\System\biDGkRX.exe
  C:\Windows\System\biDGkRX.exe
  2⤵
  PID:8264
- C:\Windows\System\IZXEjoM.exe
  C:\Windows\System\IZXEjoM.exe
  2⤵
  PID:3056
- C:\Windows\System\QGLVNDh.exe
  C:\Windows\System\QGLVNDh.exe
  2⤵
  PID:8740
- C:\Windows\System\ynTVqdZ.exe
  C:\Windows\System\ynTVqdZ.exe
  2⤵
  PID:9104
- C:\Windows\System\tFjaiPZ.exe
  C:\Windows\System\tFjaiPZ.exe
  2⤵
  PID:8364
- C:\Windows\System\pTMOydJ.exe
  C:\Windows\System\pTMOydJ.exe
  2⤵
  PID:2108
- C:\Windows\System\IeNGhCo.exe
  C:\Windows\System\IeNGhCo.exe
  2⤵
  PID:7776
- C:\Windows\System\wKvvzxy.exe
  C:\Windows\System\wKvvzxy.exe
  2⤵
  PID:920
- C:\Windows\System\PUFYxGc.exe
  C:\Windows\System\PUFYxGc.exe
  2⤵
  PID:8440
- C:\Windows\System\HEBqDiL.exe
  C:\Windows\System\HEBqDiL.exe
  2⤵
  PID:9164
- C:\Windows\System\LWhhvMy.exe
  C:\Windows\System\LWhhvMy.exe
  2⤵
  PID:8212
- C:\Windows\System\aFQVQVT.exe
  C:\Windows\System\aFQVQVT.exe
  2⤵
  PID:804
- C:\Windows\System\FIGXIYx.exe
  C:\Windows\System\FIGXIYx.exe
  2⤵
  PID:8580
- C:\Windows\System\dkPTydM.exe
  C:\Windows\System\dkPTydM.exe
  2⤵
  PID:8284
- C:\Windows\System\pRFLeaS.exe
  C:\Windows\System\pRFLeaS.exe
  2⤵
  PID:8220
- C:\Windows\System\IBuVJTc.exe
  C:\Windows\System\IBuVJTc.exe
  2⤵
  PID:8384
- C:\Windows\System\nMeDlrX.exe
  C:\Windows\System\nMeDlrX.exe
  2⤵
  PID:9020
- C:\Windows\System\jcODdVf.exe
  C:\Windows\System\jcODdVf.exe
  2⤵
  PID:8796
- C:\Windows\System\HJnQoPl.exe
  C:\Windows\System\HJnQoPl.exe
  2⤵
  PID:8200
- C:\Windows\System\XhOyqLm.exe
  C:\Windows\System\XhOyqLm.exe
  2⤵
  PID:8280
- C:\Windows\System\URKzDjh.exe
  C:\Windows\System\URKzDjh.exe
  2⤵
  PID:9224
- C:\Windows\System\uUQdGgr.exe
  C:\Windows\System\uUQdGgr.exe
  2⤵
  PID:9240
- C:\Windows\System\IHwLNFu.exe
  C:\Windows\System\IHwLNFu.exe
  2⤵
  PID:9256
- C:\Windows\System\NYuprbV.exe
  C:\Windows\System\NYuprbV.exe
  2⤵
  PID:9272
- C:\Windows\System\aIkaITN.exe
  C:\Windows\System\aIkaITN.exe
  2⤵
  PID:9292
- C:\Windows\System\XbfKRtp.exe
  C:\Windows\System\XbfKRtp.exe
  2⤵
  PID:9308
- C:\Windows\System\hEQUhwn.exe
  C:\Windows\System\hEQUhwn.exe
  2⤵
  PID:9324
- C:\Windows\System\jRILWlp.exe
  C:\Windows\System\jRILWlp.exe
  2⤵
  PID:9340
- C:\Windows\System\MYDxxbB.exe
  C:\Windows\System\MYDxxbB.exe
  2⤵
  PID:9356
- C:\Windows\System\BiiAGAF.exe
  C:\Windows\System\BiiAGAF.exe
  2⤵
  PID:9372
- C:\Windows\System\DSoXOSd.exe
  C:\Windows\System\DSoXOSd.exe
  2⤵
  PID:9388
- C:\Windows\System\RvVsftc.exe
  C:\Windows\System\RvVsftc.exe
  2⤵
  PID:9404
- C:\Windows\System\XjnvDnm.exe
  C:\Windows\System\XjnvDnm.exe
  2⤵
  PID:9420
- C:\Windows\System\wonoNTb.exe
  C:\Windows\System\wonoNTb.exe
  2⤵
  PID:9436
- C:\Windows\System\HWcldjE.exe
  C:\Windows\System\HWcldjE.exe
  2⤵
  PID:9452
- C:\Windows\System\uGrVZWQ.exe
  C:\Windows\System\uGrVZWQ.exe
  2⤵
  PID:9468
- C:\Windows\System\XIcxjXE.exe
  C:\Windows\System\XIcxjXE.exe
  2⤵
  PID:9484
- C:\Windows\System\pIEEZKG.exe
  C:\Windows\System\pIEEZKG.exe
  2⤵
  PID:9500
- C:\Windows\System\AlxFEaW.exe
  C:\Windows\System\AlxFEaW.exe
  2⤵
  PID:9516
- C:\Windows\System\DgDkemX.exe
  C:\Windows\System\DgDkemX.exe
  2⤵
  PID:9532
- C:\Windows\System\QpOJvjc.exe
  C:\Windows\System\QpOJvjc.exe
  2⤵
  PID:9548
- C:\Windows\System\SwJfdVT.exe
  C:\Windows\System\SwJfdVT.exe
  2⤵
  PID:9564
- C:\Windows\System\OCcBibm.exe
  C:\Windows\System\OCcBibm.exe
  2⤵
  PID:9580
- C:\Windows\System\sihfocm.exe
  C:\Windows\System\sihfocm.exe
  2⤵
  PID:9596
- C:\Windows\System\JwmMKbM.exe
  C:\Windows\System\JwmMKbM.exe
  2⤵
  PID:9612
- C:\Windows\System\ZbhdDIj.exe
  C:\Windows\System\ZbhdDIj.exe
  2⤵
  PID:9628
- C:\Windows\System\SyeHOtO.exe
  C:\Windows\System\SyeHOtO.exe
  2⤵
  PID:9644
- C:\Windows\System\ZEdKfWB.exe
  C:\Windows\System\ZEdKfWB.exe
  2⤵
  PID:9660
- C:\Windows\System\VCLguJa.exe
  C:\Windows\System\VCLguJa.exe
  2⤵
  PID:9676
- C:\Windows\System\IsRsCYI.exe
  C:\Windows\System\IsRsCYI.exe
  2⤵
  PID:9692
- C:\Windows\System\UCHYgfX.exe
  C:\Windows\System\UCHYgfX.exe
  2⤵
  PID:9708
- C:\Windows\System\sAEJQfW.exe
  C:\Windows\System\sAEJQfW.exe
  2⤵
  PID:9724
- C:\Windows\System\TMVCFTl.exe
  C:\Windows\System\TMVCFTl.exe
  2⤵
  PID:9744
- C:\Windows\System\AKekQHZ.exe
  C:\Windows\System\AKekQHZ.exe
  2⤵
  PID:9760
- C:\Windows\System\euzQTuq.exe
  C:\Windows\System\euzQTuq.exe
  2⤵
  PID:9776
- C:\Windows\System\IfMoqEL.exe
  C:\Windows\System\IfMoqEL.exe
  2⤵
  PID:9792
- C:\Windows\System\XnJBsjp.exe
  C:\Windows\System\XnJBsjp.exe
  2⤵
  PID:9808
- C:\Windows\System\RUUKAkW.exe
  C:\Windows\System\RUUKAkW.exe
  2⤵
  PID:9824
- C:\Windows\System\JpgFXMo.exe
  C:\Windows\System\JpgFXMo.exe
  2⤵
  PID:9840
- C:\Windows\System\gecfCMz.exe
  C:\Windows\System\gecfCMz.exe
  2⤵
  PID:9856
- C:\Windows\System\SybaXhQ.exe
  C:\Windows\System\SybaXhQ.exe
  2⤵
  PID:9872
- C:\Windows\System\gAzGLEq.exe
  C:\Windows\System\gAzGLEq.exe
  2⤵
  PID:9888
- C:\Windows\System\ypxHZEQ.exe
  C:\Windows\System\ypxHZEQ.exe
  2⤵
  PID:9904
- C:\Windows\System\Skptpyp.exe
  C:\Windows\System\Skptpyp.exe
  2⤵
  PID:9920
- C:\Windows\System\VlEgdal.exe
  C:\Windows\System\VlEgdal.exe
  2⤵
  PID:9936
- C:\Windows\System\vFWRBoE.exe
  C:\Windows\System\vFWRBoE.exe
  2⤵
  PID:9952
- C:\Windows\System\nwcBGsJ.exe
  C:\Windows\System\nwcBGsJ.exe
  2⤵
  PID:9968
- C:\Windows\System\McyzNhL.exe
  C:\Windows\System\McyzNhL.exe
  2⤵
  PID:9984
- C:\Windows\System\dZEsSOU.exe
  C:\Windows\System\dZEsSOU.exe
  2⤵
  PID:10000
- C:\Windows\System\KFMNbJz.exe
  C:\Windows\System\KFMNbJz.exe
  2⤵
  PID:10016
- C:\Windows\System\YiRQpAW.exe
  C:\Windows\System\YiRQpAW.exe
  2⤵
  PID:10032
- C:\Windows\System\BiKwdXR.exe
  C:\Windows\System\BiKwdXR.exe
  2⤵
  PID:10048
- C:\Windows\System\oFXebxj.exe
  C:\Windows\System\oFXebxj.exe
  2⤵
  PID:10064
- C:\Windows\System\erNCaqf.exe
  C:\Windows\System\erNCaqf.exe
  2⤵
  PID:10080
- C:\Windows\System\oltkriV.exe
  C:\Windows\System\oltkriV.exe
  2⤵
  PID:10096
- C:\Windows\System\bdkEPxt.exe
  C:\Windows\System\bdkEPxt.exe
  2⤵
  PID:10112
- C:\Windows\System\bMhgiTs.exe
  C:\Windows\System\bMhgiTs.exe
  2⤵
  PID:10128
- C:\Windows\System\vftIMmj.exe
  C:\Windows\System\vftIMmj.exe
  2⤵
  PID:10144
- C:\Windows\System\swQoKXi.exe
  C:\Windows\System\swQoKXi.exe
  2⤵
  PID:10160
- C:\Windows\System\AaeiIhy.exe
  C:\Windows\System\AaeiIhy.exe
  2⤵
  PID:10176
- C:\Windows\System\ZLjoZbg.exe
  C:\Windows\System\ZLjoZbg.exe
  2⤵
  PID:10192
- C:\Windows\System\GqqZKQq.exe
  C:\Windows\System\GqqZKQq.exe
  2⤵
  PID:10208
- C:\Windows\System\BTHjvAD.exe
  C:\Windows\System\BTHjvAD.exe
  2⤵
  PID:10224
- C:\Windows\System\GLOoZJM.exe
  C:\Windows\System\GLOoZJM.exe
  2⤵
  PID:8628
- C:\Windows\System\zOmRfXJ.exe
  C:\Windows\System\zOmRfXJ.exe
  2⤵
  PID:9264
- C:\Windows\System\qgaoMZd.exe
  C:\Windows\System\qgaoMZd.exe
  2⤵
  PID:9336
- C:\Windows\System\ZBZfYCv.exe
  C:\Windows\System\ZBZfYCv.exe
  2⤵
  PID:8924
- C:\Windows\System\ngjhYFB.exe
  C:\Windows\System\ngjhYFB.exe
  2⤵
  PID:9248
- C:\Windows\System\iwxmwxO.exe
  C:\Windows\System\iwxmwxO.exe
  2⤵
  PID:9316
- C:\Windows\System\vuUJcJx.exe
  C:\Windows\System\vuUJcJx.exe
  2⤵
  PID:8360
- C:\Windows\System\GiIOgKl.exe
  C:\Windows\System\GiIOgKl.exe
  2⤵
  PID:9368
- C:\Windows\System\wpQBgmi.exe
  C:\Windows\System\wpQBgmi.exe
  2⤵
  PID:9384
- C:\Windows\System\YnDJTCB.exe
  C:\Windows\System\YnDJTCB.exe
  2⤵
  PID:9444
- C:\Windows\System\mXzneYe.exe
  C:\Windows\System\mXzneYe.exe
  2⤵
  PID:9460
- C:\Windows\System\wcNnyXx.exe
  C:\Windows\System\wcNnyXx.exe
  2⤵
  PID:9528
- C:\Windows\System\CGlDFZN.exe
  C:\Windows\System\CGlDFZN.exe
  2⤵
  PID:9508
- C:\Windows\System\HsehHCI.exe
  C:\Windows\System\HsehHCI.exe
  2⤵
  PID:9572
- C:\Windows\System\tilrbbw.exe
  C:\Windows\System\tilrbbw.exe
  2⤵
  PID:9636
- C:\Windows\System\iMhoYtK.exe
  C:\Windows\System\iMhoYtK.exe
  2⤵
  PID:9652
- C:\Windows\System\wHTFCjs.exe
  C:\Windows\System\wHTFCjs.exe
  2⤵
  PID:9668
- C:\Windows\System\TAAVCGb.exe
  C:\Windows\System\TAAVCGb.exe
  2⤵
  PID:9716
- C:\Windows\System\FfuyZNX.exe
  C:\Windows\System\FfuyZNX.exe
  2⤵
  PID:9732
- C:\Windows\System\UURkQgw.exe
  C:\Windows\System\UURkQgw.exe
  2⤵
  PID:9768
- C:\Windows\System\ZdIkNdw.exe
  C:\Windows\System\ZdIkNdw.exe
  2⤵
  PID:9832
- C:\Windows\System\NGxVyPA.exe
  C:\Windows\System\NGxVyPA.exe
  2⤵
  PID:9788
- C:\Windows\System\GUaTfjy.exe
  C:\Windows\System\GUaTfjy.exe
  2⤵
  PID:9816
- C:\Windows\System\dzasJsN.exe
  C:\Windows\System\dzasJsN.exe
  2⤵
  PID:9896
- C:\Windows\System\TIMaWIM.exe
  C:\Windows\System\TIMaWIM.exe
  2⤵
  PID:9932
- C:\Windows\System\bFitXPa.exe
  C:\Windows\System\bFitXPa.exe
  2⤵
  PID:9948
- C:\Windows\System\jNMkiOg.exe
  C:\Windows\System\jNMkiOg.exe
  2⤵
  PID:9980
- C:\Windows\System\btGTkYt.exe
  C:\Windows\System\btGTkYt.exe
  2⤵
  PID:9996
- C:\Windows\System\pTosFAw.exe
  C:\Windows\System\pTosFAw.exe
  2⤵
  PID:10088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CHiTRUv.exe

Filesize
6.0MB

MD5
3b8405a1478b5257d09fb6436b0ca3d4

SHA1
5e7dc1224608370f7a6db200725e12918fd001a8

SHA256
a70f0016ee563427ffbd6c21e9e575513a6c9e57d76692bbc04f86de6651a8c9

SHA512
9ca1f95231590ad1aaa94717c58582f829ef0d51f6546e444302840a3b0758faec58b0278bd793d4e8c14b5a1330492bbf79a24ea8fbc11cf50775e7e1621b66

Download Submit
C:\Windows\system\EGjBZSw.exe

Filesize
6.0MB

MD5
48c9e32f40f0bf4b5593fdefb4f3726c

SHA1
bf3743f2b2c65210cbc5ca9dfe0d5d0e1d1f203a

SHA256
503e0dfcc45392d65576930af608dcdb860d142425b5af25fab1f94982df4392

SHA512
0362564f720b37ec1e5501c930f225d025e5f1fba42a6ed9dac6ba5c82650386b858e11122c1bd44497dcb2772fd9b459313eda188bcada7dd0186db1ef73485

Download Submit
C:\Windows\system\FDKgSmG.exe

Filesize
6.0MB

MD5
a5f800410531d363c29c77790e98cd8f

SHA1
be1f62c4b071b0807f1cf54e115110d62a27b82e

SHA256
feac1f89583f9edb748aeb68c8ad28d5fa743a3e2dd47952d5e2dc6146109995

SHA512
3cb46994cfac19ea91d048627f24e9961595e5f16c10cfa165fa233ae990596f3e704bca2913a4f2d9b622d8225a5e6e175884ced50974fd4aeee77324284783

Download Submit
C:\Windows\system\FZudslW.exe

Filesize
6.0MB

MD5
ee4bf59c7d79efb6af1bea6ba9c31572

SHA1
7c0195cb52923bce2c1fb733ec5d9458fae486ad

SHA256
7db809816fd103ba28494146346b2e8352022506b89203b571c8dcf445b59e25

SHA512
5334d2273a6322b7290562f74b290765075cba673bdaf548dd5e2bcff2ff8a1dcd534554335a9456e69d6d84e610741176f10d9c474183d1246fcf36eb186d12

Download Submit
C:\Windows\system\HhsiRUi.exe

Filesize
6.0MB

MD5
7cd1a35d5f50939d727b7e0af884fc60

SHA1
7d3f251a14f62645159161ba23139bdab16fc547

SHA256
720d3c333be72f58833531afeaeec69ac1149cc531176230834270912afe39cd

SHA512
735f1a50d0bbdf7e5f41746aa231b1de26cbcfa36819b007f7e5e8ebb452811d7033808ba202e36265ef840727614d05a726a5dd3604039341fb956678d1eb2b

Download Submit
C:\Windows\system\IAEGodu.exe

Filesize
6.0MB

MD5
a4f6269b0b4fe632868a16bca53cc2ae

SHA1
31b54e790e280f28d61ab528c7347c3fc8c2853c

SHA256
f5df2a0adf9937dfa518da404a8c994d8f54af560e7cc24b7d544163c49852d0

SHA512
e79f0890b97d6f7916fce18a1b8f663b8b1f454ac81f4338e52c0ba95d8e8ff7aef0ffab34b3f14c021d4e5885fde72a7edb640a51b01bf483570f207505ef5e

Download Submit
C:\Windows\system\IIwzfEm.exe

Filesize
6.0MB

MD5
74d31038beef6b5789479ad119f79895

SHA1
0b459f4dcd847ed3a05c6f969c6a40808d71f813

SHA256
fb263ed905593f54f415bc40b2a4760050c9daf0df424859e52d039a260368d5

SHA512
58d6ea8941d12044ec96ea7066fb67151080be24aa8f83d2e939ed3f36df832573eb2223d7c5b4f6f3d6c9087b1d883ac5cc184c2e2da04b6b127445c4b4f82e

Download Submit
C:\Windows\system\OCYIbEC.exe

Filesize
6.0MB

MD5
8cc251a2a9aa0d8eabd22a89f52ad9b2

SHA1
2a2d1114bf6ff0c3f7d42ad747a1719db12836bd

SHA256
7c5a1e6f8963e831236ed988e0be75de2d05b6ac4c5e101e780928085f9de9d2

SHA512
ade9cf6faaa633582592f3820fe2049e8e6cf5f09788c3bab3fb77da92d09d86d75def200b818dacef2962a8d12f0ab0b3118a1e3cc59807e5a4a5e7b2a0c744

Download Submit
C:\Windows\system\QtxVsfq.exe

Filesize
6.0MB

MD5
9e08921076a77a65cc506851bcb0d2c6

SHA1
497a9a2b54842983913e4825979b638789c1d7d8

SHA256
4f8e753774e07201be6d06800c74d37ca41ce5057d6d070e731c10fb10c6e512

SHA512
b6a2c70328dd5aee5e9789965e47bf5e118167c52217b45d8520d5ee1834d7cd56b413c99f618db0a98bec8122be83c1e6ef80aaec07e95e13ac099170139150

Download Submit
C:\Windows\system\RaJgZBe.exe

Filesize
6.0MB

MD5
d9e217f532b21e739e0b30a68bd6bb9e

SHA1
91fdf671bfd2417fe7ecf05ce5c099a49bf1580a

SHA256
45be13be0c650283a47f869c784502bd931194b9e3cc1494580f2e12ccd810a3

SHA512
5c8b11f259884ec89c8e598532a7f5ac430bb148346d7616eec1e99cd627b560fea33af43428c83758a3d4891700632f921554f4c36b45f2e4b3d35bb0e882a4

Download Submit
C:\Windows\system\TinFVNW.exe

Filesize
6.0MB

MD5
a25b8b80e136579578ad2869aec1308c

SHA1
6e55010f5b9de802427ce4c371e0b4fca5b54263

SHA256
0d718cfb36c8126cbee3ebeb738b4c3bd6f04440a3f21c9bbdd52d0af3a5e2d8

SHA512
33ca7f14e2a915e9420685b12488a31691e7d535454a71214e713d0dfcd2560ad6ba3b15ea46824d2378e28bbd14e20a4bed31e0115fae6978157e9fb6d7ed8c

Download Submit
C:\Windows\system\WPVezWh.exe

Filesize
6.0MB

MD5
efa6e5f12d9b6ed965ba6e507bd9861a

SHA1
98b2d26dd7709e52bfdf771f3835ea16804dc78a

SHA256
fcc09a9ffff85f7cd2ef028c92d1b98ea945f896ee201657cea9bd4fd98c4010

SHA512
3e6a3f53f44044efaf4a1fed536c9f9e491018988ee91aafad29af0aa18a5d195400699fd629f1c613607573a0791dbe1974365fec87311fb05a85b315979c8d

Download Submit
C:\Windows\system\XISklky.exe

Filesize
6.0MB

MD5
e9c68e3c50916e2927d89769602a70dd

SHA1
1b9bcf6d78f63a5fab09a7b383bd770e2efc1d15

SHA256
baebdca0925e622025e2468d6524b23ff9da57ca3a95030e318d69a77500d058

SHA512
1a1c6678c7f66c17c895db71b007278dd0e6f347716810c7c9c1b55cc2ceff109f20e1bfcc1f4613c75031b0a959304ec8b713c5b490e58d8a19b98d0a01654f

Download Submit
C:\Windows\system\gsDbEAP.exe

Filesize
6.0MB

MD5
90fb24d580682289bb4ab16d75d4e032

SHA1
18fcb0149cd4ce7642d6cc324d3a7abf6afea7d0

SHA256
679ce57c3cb9d02ec7f96ccf422d6c05d24bc6852c17a91a4979cdd80d7f1adf

SHA512
d44d7f043ec78815b336be92f6a90805a6f47b91f2430504f41b77c7ddb13cee10fe9b4594dcc1b3630a1891b753394724271048a6dbbe203988e5efa30a702d

Download Submit
C:\Windows\system\guKGEbY.exe

Filesize
6.0MB

MD5
ce033852a5bb895877c3a5df45a9f4a1

SHA1
6ffb6beaf37098216a847dd636d7bf6db541aed7

SHA256
9408aff5bba0c7e0c328b2367c83cd78e5ddf5047d141ec5a6833c11f3c86b33

SHA512
288736c290a4f399208ddad4182737240dbe8ec7dc738ff112a297a3f2ba3adbd79ac1b0785eb3c2a20f14e99110620191a29bf3d6542093a451a6e53d5cfac9

Download Submit
C:\Windows\system\meCVvVI.exe

Filesize
6.0MB

MD5
12ce81e323bb36230d5d73c9ee042d08

SHA1
e7cbfb3c958ef34afd23ebcd88fc19c55b09dd07

SHA256
ea90da521079662043b5b11183c4d5a68af7d484c0a7c40d111595aa6a22e22f

SHA512
d7034b15d0296ce14282c31a53ce15f1c3e5ac3893e1c81f106c625c4a30dd319ac7e80b77682e6354aa621f779b718dd8a2372e8c944f5e0f0de1b081629bb2

Download Submit
C:\Windows\system\oiQoTmH.exe

Filesize
6.0MB

MD5
ba2045c41edccb35cee037ddb58028ec

SHA1
e344974605d18c1ad2c0dc70b93e0f0f53b1a989

SHA256
eec80f9ebf2794c1701c548fc308fd05b51d0b1466e822594a4617e1b8acd91c

SHA512
54ca0d410a3913f3799fcacd307f24da0d393c0fa67142338c03fa83082315a4094cd20ee89cf5d3e0a75159396c130f9f1194daa9720e29ffe9a43b96cf720d

Download Submit
C:\Windows\system\pfgdrTL.exe

Filesize
6.0MB

MD5
91351c9dbc1447669ba6e295878cf474

SHA1
72355ef6932b1d5f5b3e8a8a5d81bad9d0d7ee20

SHA256
902d969a481dba34e6dbbed52df0e499ddf5a9dd03919bee141bde86372fdd43

SHA512
d1a07b4cd1f39afbf8b0dfb8c7e5a7876310dc80d03290970b0cbdacba17c8e08d16a6c4a8d3db567ed965e86d4113d42777074b7621524dd3471e9f2cb7afaa

Download Submit
C:\Windows\system\pxUEnxI.exe

Filesize
6.0MB

MD5
1cd891dcb3539f7e30498643c9b2924a

SHA1
fc4fdccc4cb45d20c764bcb86b17d5c123612e88

SHA256
9a4a266df15c1161a9e182aa8249f401b6b89f03ed912df99370a362f2704b02

SHA512
93633fe314d1613cf1d89d6461a426dc096c2094a52a49784e28229d8d04a79cc13dba6ca5675f1b86cb30d55b81c5a73970cc72d6ee557d5977ed74e391c6b8

Download Submit
C:\Windows\system\sFiSQxG.exe

Filesize
6.0MB

MD5
8a9a339c984c915f02f372653ee138cd

SHA1
bfb9df0b8486c434baa28aaa62e9f56c8331efa1

SHA256
7b7bc1d5fead6d91b9eeb774ff6ca8c4fe142be59d888b3e08d9b2d1f39761b6

SHA512
0686c3128f0aa1d02675587f87d76afa4fc517f8a55b47d9344f7991a4cc7fc2210b9a14402feda2b2f94dcada3072708f445e51363893bd4da92e97c9e33a7e

Download Submit
C:\Windows\system\srlTXuB.exe

Filesize
6.0MB

MD5
229f10113bd80195423c4b2255566d22

SHA1
8ad8e129525058daffc43ae010c40a3fb6d24563

SHA256
0f2e96b649480e07ac9b30ea05f78522b0e034d42f3e417346e1731bda894689

SHA512
7f64e95a2eb93ec81d88f1d71aa7b4cd9b0aed5d2dd06bd86bc04faf4b22cd0fc595c49c0c61e2f388574e75c5aa2e8c77e91467f8d949c4530ded9ae3b5371e

Download Submit
C:\Windows\system\tRiFttD.exe

Filesize
6.0MB

MD5
b3ef716bf9b69194990a8c89985830a0

SHA1
f743d87fff9f5fe2390275a05e41c124d136a660

SHA256
35beea383e8f86ab3617a9f437c4d946eced15098de3aea2206be2aeaf4c77ba

SHA512
2b1c27655fa1dd3337aaa1741618c1ad81821f5b7651c258e4b6c3c009a004ee5073a5e9fd2a10fffa59787eda0b63030e23e26262012dcc33ac6ee27a1f8de6

Download Submit
C:\Windows\system\uavDbYw.exe

Filesize
6.0MB

MD5
c2c369b4f15b25614227179f97b95142

SHA1
3a46a3efe0dc4a0e6cd7b049c71bb9165fb5cca1

SHA256
6bad0d1a293852661aadf1fecab52f367fbaa77df73d6db6bebf1b94556ccda4

SHA512
3b008ee8b1e77f2877cb121b15d211e7b2856f52fd3c8969f85b84cd37964a8791bc0dbec46809f36943b483bdbea91d7f38584e67f34d136a872a5561f33e32

Download Submit
C:\Windows\system\uoJDyLZ.exe

Filesize
6.0MB

MD5
0947adecf7522f86e09462d7fe239325

SHA1
8751215e5cb1b64fa5c1873c5e5353b44085ee65

SHA256
e396d64c0179488cc4f86ed759f0002f6137398cba15e2ace544076d67609375

SHA512
4e6f3d6b517764e2f860e0d8212abc543f08b499741a8a023ac0550e4ef3760063f24ec53eb5cde443537f5dfb8cd49c9d0fa8afe8b49435e029ce8f20cd71b6

Download Submit
C:\Windows\system\ypfJVJP.exe

Filesize
6.0MB

MD5
bde01fb82f686dc2a9510a239cd5def7

SHA1
88cfea22333dfafbdd1236411f2c38ad0129699e

SHA256
13d01876cca49a1ffdde287eec53c2e40d3ba777dcf66dc102d2e8da3d73a78a

SHA512
f67dc4e2594fe6292b01a85b617fcc41c52029792baefe7d1064a311258b9286d68964dad3508f76b82ce42027cebc36cd38ff2ce5da3942d0b977498bc36711

Download Submit
C:\Windows\system\zAmpAsP.exe

Filesize
6.0MB

MD5
945b24258c9ed53cf1062b8801adee77

SHA1
2f3dcaa4d4db2f44e03adab2a5f127e3c5b11af0

SHA256
b1ba8ea3ea5ee13a8cf12548a3a9909da5295a5438997c6e08299eb6a13c6a8a

SHA512
4c019fafe085e97a3be2fd0cee0471da4cb2fd8722c380725c426f4e5db85869afa58ee710ecef9b1d96ff0eb610e72f7d8e6e1ed3ff7e2e72fa93524eb8b1c6

Download Submit
\Windows\system\ECSTmvO.exe

Filesize
6.0MB

MD5
4cf3906d9d29c7cbe3e364ae467b4700

SHA1
47d7f77f9dea70037f5d46ff4339ada1aa22fba4

SHA256
d2e9e69be1f5dfc81e382e4bf826afc69aa336309b30605c3b2615687845a007

SHA512
58f57dff4cfe9118650b2cc99504f1b25b6975d3248b257a59aeeef89934c1000094d8a97929f8146a8f369ecf93030411e00a6fa789d62ddbe24116bcc00938

Download Submit
\Windows\system\FgPVBuz.exe

Filesize
6.0MB

MD5
220cec19a53824de03fda191e3465e53

SHA1
491df7db3333fd35c9ededa26e38297248b40e56

SHA256
d5eee4f15a557688539cf696c16a793dedd18fbea19a148c72d86d25d3db4c30

SHA512
085a1563f57a6e3e85d5ff7f2913a2c860f383247385c96184b8847c7a62bb3512929608512b2d7ab70e30163cfd3e3cefc9efdad079577fe87e04762d6233e2

Download Submit
\Windows\system\YCWSBsp.exe

Filesize
6.0MB

MD5
9ee5e7ed69b2ec4e87ef97c8a550ec64

SHA1
96a2679cc798feabf1f1e0a4681565172e552c63

SHA256
46d280957be7916c7c3dc727487f71d5c3b88ca4e1a31a77dd752680d312bbeb

SHA512
0a77715f1888bc3b6085ed3b4746aca13430e2b175ed86f04d78414c0b121e6aa21d8673ac953d3d11eb2f4d9564245bc2ec86a964162997aefd0cad3c71d44d

Download Submit
\Windows\system\ZgQWftQ.exe

Filesize
6.0MB

MD5
52f1a565dffd9f577d1461d7bc43a549

SHA1
db0958e2a2da9df0a4ac0f1cf21858ee22455596

SHA256
cb8e6c03cdb257cfb7d7fce3ab06e7614987cfac24f0122bee081ac1e70276e8

SHA512
83b06d6b86ca448a2e4902768337814c314a69f55f83385f9a1339f1c8fe47a80d1745c32730a420547719e637e7ea1b1afe7c7ecd84aa35debc538a853ca150

Download Submit
\Windows\system\eraFHyz.exe

Filesize
6.0MB

MD5
7cc752e9f2ef29ed6fb633092d0e9833

SHA1
7021011ec13329781113880b455376c962fc2ed0

SHA256
a24b8736d9689e41d68b09dacc56f13678d6d58d5ad6fb32164e60f45545f345

SHA512
3af240402e617410bd4ef46f2ee4d5c6ed076ab365727f935114171f96dfe76e07cb1b436804cd51921b8423ffd641ccff18c25e4843c9e706f1a48d6d2a60fc

Download Submit
\Windows\system\pDMHGWz.exe

Filesize
6.0MB

MD5
0d8724baf2d676eaaa7373daf2f8b5eb

SHA1
5b3f4d81928fd51aa0f7a5b23556e1f9e95730e3

SHA256
15a9139be139d523cbccee0138c83ff8de1478bc876ccfd826138d99c4bb9a7d

SHA512
374bc9b16a5c57b834d81d6b813dedae3ac651d8fd6414b84246805e8307891aefc5063fa94d90310cb9d40899b19d57168741d68325bb03537a82f868b99f78

Download Submit
memory/1072-174-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/1072-1534-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/1168-178-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1168-1535-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1504-1478-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1504-181-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-168-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-1512-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-176-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2400-1530-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2440-1481-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2440-154-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2648-170-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-1519-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-172-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2692-1528-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2756-156-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1480-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-162-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2768-1502-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2856-1509-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-164-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-1492-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2896-158-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1494-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-160-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-1514-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/3024-166-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/3040-165-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/3040-171-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/3040-161-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/3040-157-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/3040-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/3040-0-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-167-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/3040-159-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/3040-169-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/3040-163-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/3040-173-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/3040-175-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/3040-177-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-590-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-709-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/3040-153-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/3040-155-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/3040-648-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/3040-180-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download