cobaltstrike | f21271b338330ba2358c05eabbeee2701ba10b0a2e18c2f5b747511a2e5d0ab9

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 11:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

38cc2676263394458e7864b26b99b18b
SHA1

6382c86195b5c7b0f017f72a2fefd1b9595fb575
SHA256

f21271b338330ba2358c05eabbeee2701ba10b0a2e18c2f5b747511a2e5d0ab9
SHA512

623939d2495fd2fee10c0810fc337e9eea6c3cee95d816c0237db18db066f0c9f07f04a0e7a2189eb1f51e909b086374addf373e9f7358cb396ac7651a2bc077
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUv:T+q56utgpPF8u/7v

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016890-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016b86-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c89-20.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ca0-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf0-45.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d68-61.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d4c-63.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d22-52.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000164de-51.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-181.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-141.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-136.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-131.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-126.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-92.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2284-0-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/memory/2188-8-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016890-9.dat	xmrig
behavioral1/files/0x0008000000016b86-11.dat	xmrig
behavioral1/files/0x0008000000016c89-20.dat	xmrig
behavioral1/memory/2816-34-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ca0-33.dat	xmrig
behavioral1/memory/2576-32-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2936-27-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/1988-24-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2284-40-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cf0-45.dat	xmrig
behavioral1/files/0x0009000000016d68-61.dat	xmrig
behavioral1/files/0x0007000000016d4c-63.dat	xmrig
behavioral1/memory/2188-57-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/3056-56-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/1276-53-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d22-52.dat	xmrig
behavioral1/files/0x00080000000164de-51.dat	xmrig
behavioral1/memory/2200-62-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/1988-70-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x000d000000018683-67.dat	xmrig
behavioral1/memory/2284-83-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2936-82-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2628-87-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2792-86-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2612-85-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2604-77-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x0005000000018697-76.dat	xmrig
behavioral1/memory/2544-93-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2508-99-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/3056-104-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x0006000000018be7-116.dat	xmrig
behavioral1/files/0x0005000000019261-154.dat	xmrig
behavioral1/files/0x000500000001927a-166.dat	xmrig
behavioral1/memory/2508-1321-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2544-1025-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2284-229-0x0000000002450000-0x00000000027A4000-memory.dmp	xmrig
behavioral1/memory/2284-228-0x0000000002450000-0x00000000027A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001938e-191.dat	xmrig
behavioral1/files/0x0005000000019358-186.dat	xmrig
behavioral1/files/0x0005000000019354-181.dat	xmrig
behavioral1/files/0x00050000000192a1-176.dat	xmrig
behavioral1/files/0x0005000000019299-171.dat	xmrig
behavioral1/files/0x0005000000019274-161.dat	xmrig
behavioral1/files/0x0005000000019237-146.dat	xmrig
behavioral1/files/0x000500000001924f-151.dat	xmrig
behavioral1/files/0x0005000000019203-141.dat	xmrig
behavioral1/files/0x0006000000019056-136.dat	xmrig
behavioral1/files/0x0006000000018fdf-131.dat	xmrig
behavioral1/files/0x0006000000018d83-126.dat	xmrig
behavioral1/files/0x0006000000018d7b-121.dat	xmrig
behavioral1/files/0x0005000000018745-111.dat	xmrig
behavioral1/files/0x000500000001871c-106.dat	xmrig
behavioral1/files/0x000500000001870c-98.dat	xmrig
behavioral1/files/0x0005000000018706-92.dat	xmrig
behavioral1/memory/2816-89-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2188-3297-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/1988-3314-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2936-3306-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2576-3335-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/3056-3606-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2816-3603-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2188	xWUkrRg.exe
1988	WrrIjQw.exe
2936	PPFCCBo.exe
2576	lhlEjgT.exe
2816	gYbDALH.exe
1276	YzUTsFx.exe
2200	QSxtVCO.exe
3056	VUgBzax.exe
2604	QRnzWOs.exe
2792	HgMHbBw.exe
2612	YSAyMui.exe
2628	tZKYOzz.exe
2544	AoxguGN.exe
2508	DWgciUr.exe
2572	WxpKtgf.exe
764	ZEoCtti.exe
1760	JnlJIxb.exe
1380	fcfswlL.exe
848	nrUkBHa.exe
1680	bIgpFUx.exe
1076	jTbigDQ.exe
1996	IEBFEqu.exe
1576	CupUCix.exe
1776	cfrFpEU.exe
2020	jLHXzIF.exe
2044	FveqvYj.exe
2824	nptxoLh.exe
2672	rKFAbzi.exe
484	DjezatU.exe
2740	VtBRVZI.exe
556	qystJkO.exe
1008	yYDMycz.exe
2760	eZqMzgi.exe
2096	vNvRapa.exe
2156	zbkwqcp.exe
1672	zkaFhNK.exe
1700	usZgoCK.exe
1360	EscvlNW.exe
1232	gqHhEHQ.exe
2436	pYsuMhV.exe
2060	jNXDGza.exe
1928	VHcVjdB.exe
1844	CgLipSZ.exe
1396	okYLvrd.exe
1100	kpEsswh.exe
2912	dxEKInN.exe
1324	OUKcHQc.exe
2148	dWDDfAu.exe
1632	UFrjIMa.exe
1792	MWYtoFj.exe
2368	OCnxaTs.exe
1708	KkqAiBy.exe
892	VbDJJUX.exe
2064	PUPImWl.exe
1804	moGhTpm.exe
1780	bTtwbbN.exe
2312	vmRdisw.exe
1880	BdrFnko.exe
2392	bjHAnlv.exe
3028	tzjsdIi.exe
2472	DOakmba.exe
3020	GqFIgxQ.exe
2244	RAYaADV.exe
3032	PvfciQU.exe

Loads dropped DLL 64 IoCs

pid	Process
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2284-0-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/memory/2188-8-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x0008000000016890-9.dat	upx
behavioral1/files/0x0008000000016b86-11.dat	upx
behavioral1/files/0x0008000000016c89-20.dat	upx
behavioral1/memory/2816-34-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x0008000000016ca0-33.dat	upx
behavioral1/memory/2576-32-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2936-27-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/1988-24-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2284-40-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x0007000000016cf0-45.dat	upx
behavioral1/files/0x0009000000016d68-61.dat	upx
behavioral1/files/0x0007000000016d4c-63.dat	upx
behavioral1/memory/2188-57-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/3056-56-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/1276-53-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/files/0x0007000000016d22-52.dat	upx
behavioral1/files/0x00080000000164de-51.dat	upx
behavioral1/memory/2200-62-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/1988-70-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x000d000000018683-67.dat	upx
behavioral1/memory/2936-82-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2628-87-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2792-86-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2612-85-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2604-77-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x0005000000018697-76.dat	upx
behavioral1/memory/2544-93-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2508-99-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/3056-104-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x0006000000018be7-116.dat	upx
behavioral1/files/0x0005000000019261-154.dat	upx
behavioral1/files/0x000500000001927a-166.dat	upx
behavioral1/memory/2508-1321-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2544-1025-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2284-228-0x0000000002450000-0x00000000027A4000-memory.dmp	upx
behavioral1/files/0x000500000001938e-191.dat	upx
behavioral1/files/0x0005000000019358-186.dat	upx
behavioral1/files/0x0005000000019354-181.dat	upx
behavioral1/files/0x00050000000192a1-176.dat	upx
behavioral1/files/0x0005000000019299-171.dat	upx
behavioral1/files/0x0005000000019274-161.dat	upx
behavioral1/files/0x0005000000019237-146.dat	upx
behavioral1/files/0x000500000001924f-151.dat	upx
behavioral1/files/0x0005000000019203-141.dat	upx
behavioral1/files/0x0006000000019056-136.dat	upx
behavioral1/files/0x0006000000018fdf-131.dat	upx
behavioral1/files/0x0006000000018d83-126.dat	upx
behavioral1/files/0x0006000000018d7b-121.dat	upx
behavioral1/files/0x0005000000018745-111.dat	upx
behavioral1/files/0x000500000001871c-106.dat	upx
behavioral1/files/0x000500000001870c-98.dat	upx
behavioral1/files/0x0005000000018706-92.dat	upx
behavioral1/memory/2816-89-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2188-3297-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/1988-3314-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2936-3306-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2576-3335-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/3056-3606-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2816-3603-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/1276-3608-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2200-3638-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QGRtlir.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOOvcNu.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COaXamY.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OijdHza.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWChEIP.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pFAuVNa.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BInUtQn.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fWxOfte.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yYXJTnd.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\piIEhOX.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLWEPfR.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QsrnORg.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGcqnGs.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvJwRFO.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uQFLzKz.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EKckfuS.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxkRbKr.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HYwWiws.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WFbZBCK.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdYRGkr.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EfgIyId.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jzAzTza.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WAzGzGv.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhgkrVr.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JNXOyaa.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IfYqyjU.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecmKbCg.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mxUVeSn.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNzaGco.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RwpSVhb.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ddnbLyJ.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WrrIjQw.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XdiVUHO.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVqvxra.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DzdTlIS.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gVkzIie.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\igtmZrf.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eZbrjWW.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WObLbtz.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SixYCJm.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOzQuWm.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLhqoae.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pFNhJQW.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NTjyfqA.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SrPirTZ.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLdIqaY.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dtmDCqT.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpIbbwD.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iDirXPb.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LMykRPR.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qtQnhPM.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gnhQbWD.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQZeRqw.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yYDMycz.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABCtZyr.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zZGnBpB.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\enTVUUD.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lthuGaA.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJEorQm.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQwylCa.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gkzRHFY.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAAoNFy.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QIvSvTB.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TTmGBBp.exe	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 2188	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2284 wrote to memory of 2188	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2284 wrote to memory of 2188	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2284 wrote to memory of 1988	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2284 wrote to memory of 1988	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2284 wrote to memory of 1988	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2284 wrote to memory of 2576	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2284 wrote to memory of 2576	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2284 wrote to memory of 2576	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2284 wrote to memory of 2936	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2284 wrote to memory of 2936	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2284 wrote to memory of 2936	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2284 wrote to memory of 2816	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2284 wrote to memory of 2816	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2284 wrote to memory of 2816	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2284 wrote to memory of 1276	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2284 wrote to memory of 1276	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2284 wrote to memory of 1276	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2284 wrote to memory of 2200	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2284 wrote to memory of 2200	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2284 wrote to memory of 2200	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2284 wrote to memory of 3056	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2284 wrote to memory of 3056	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2284 wrote to memory of 3056	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2284 wrote to memory of 2604	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2284 wrote to memory of 2604	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2284 wrote to memory of 2604	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2284 wrote to memory of 2792	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2284 wrote to memory of 2792	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2284 wrote to memory of 2792	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2284 wrote to memory of 2628	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2284 wrote to memory of 2628	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2284 wrote to memory of 2628	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2284 wrote to memory of 2612	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2284 wrote to memory of 2612	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2284 wrote to memory of 2612	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2284 wrote to memory of 2544	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2284 wrote to memory of 2544	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2284 wrote to memory of 2544	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2284 wrote to memory of 2508	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2284 wrote to memory of 2508	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2284 wrote to memory of 2508	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2284 wrote to memory of 2572	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2284 wrote to memory of 2572	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2284 wrote to memory of 2572	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2284 wrote to memory of 764	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2284 wrote to memory of 764	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2284 wrote to memory of 764	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2284 wrote to memory of 1760	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2284 wrote to memory of 1760	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2284 wrote to memory of 1760	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2284 wrote to memory of 1380	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2284 wrote to memory of 1380	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2284 wrote to memory of 1380	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2284 wrote to memory of 848	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2284 wrote to memory of 848	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2284 wrote to memory of 848	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2284 wrote to memory of 1680	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2284 wrote to memory of 1680	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2284 wrote to memory of 1680	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2284 wrote to memory of 1076	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2284 wrote to memory of 1076	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2284 wrote to memory of 1076	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2284 wrote to memory of 1996	2284	2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_38cc2676263394458e7864b26b99b18b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Windows\System\xWUkrRg.exe
  C:\Windows\System\xWUkrRg.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\WrrIjQw.exe
  C:\Windows\System\WrrIjQw.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\lhlEjgT.exe
  C:\Windows\System\lhlEjgT.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\PPFCCBo.exe
  C:\Windows\System\PPFCCBo.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\gYbDALH.exe
  C:\Windows\System\gYbDALH.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\YzUTsFx.exe
  C:\Windows\System\YzUTsFx.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\QSxtVCO.exe
  C:\Windows\System\QSxtVCO.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\VUgBzax.exe
  C:\Windows\System\VUgBzax.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\QRnzWOs.exe
  C:\Windows\System\QRnzWOs.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\HgMHbBw.exe
  C:\Windows\System\HgMHbBw.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\tZKYOzz.exe
  C:\Windows\System\tZKYOzz.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\YSAyMui.exe
  C:\Windows\System\YSAyMui.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\AoxguGN.exe
  C:\Windows\System\AoxguGN.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\DWgciUr.exe
  C:\Windows\System\DWgciUr.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\WxpKtgf.exe
  C:\Windows\System\WxpKtgf.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\ZEoCtti.exe
  C:\Windows\System\ZEoCtti.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\JnlJIxb.exe
  C:\Windows\System\JnlJIxb.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\fcfswlL.exe
  C:\Windows\System\fcfswlL.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\nrUkBHa.exe
  C:\Windows\System\nrUkBHa.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\bIgpFUx.exe
  C:\Windows\System\bIgpFUx.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\jTbigDQ.exe
  C:\Windows\System\jTbigDQ.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\IEBFEqu.exe
  C:\Windows\System\IEBFEqu.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\CupUCix.exe
  C:\Windows\System\CupUCix.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\cfrFpEU.exe
  C:\Windows\System\cfrFpEU.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\jLHXzIF.exe
  C:\Windows\System\jLHXzIF.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\FveqvYj.exe
  C:\Windows\System\FveqvYj.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\nptxoLh.exe
  C:\Windows\System\nptxoLh.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\rKFAbzi.exe
  C:\Windows\System\rKFAbzi.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\DjezatU.exe
  C:\Windows\System\DjezatU.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\VtBRVZI.exe
  C:\Windows\System\VtBRVZI.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\qystJkO.exe
  C:\Windows\System\qystJkO.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\yYDMycz.exe
  C:\Windows\System\yYDMycz.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\eZqMzgi.exe
  C:\Windows\System\eZqMzgi.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\vNvRapa.exe
  C:\Windows\System\vNvRapa.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\zbkwqcp.exe
  C:\Windows\System\zbkwqcp.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\zkaFhNK.exe
  C:\Windows\System\zkaFhNK.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\usZgoCK.exe
  C:\Windows\System\usZgoCK.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\EscvlNW.exe
  C:\Windows\System\EscvlNW.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\gqHhEHQ.exe
  C:\Windows\System\gqHhEHQ.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\pYsuMhV.exe
  C:\Windows\System\pYsuMhV.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\jNXDGza.exe
  C:\Windows\System\jNXDGza.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\VHcVjdB.exe
  C:\Windows\System\VHcVjdB.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\CgLipSZ.exe
  C:\Windows\System\CgLipSZ.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\okYLvrd.exe
  C:\Windows\System\okYLvrd.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\kpEsswh.exe
  C:\Windows\System\kpEsswh.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\dxEKInN.exe
  C:\Windows\System\dxEKInN.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\OUKcHQc.exe
  C:\Windows\System\OUKcHQc.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\dWDDfAu.exe
  C:\Windows\System\dWDDfAu.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\UFrjIMa.exe
  C:\Windows\System\UFrjIMa.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\MWYtoFj.exe
  C:\Windows\System\MWYtoFj.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\OCnxaTs.exe
  C:\Windows\System\OCnxaTs.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\KkqAiBy.exe
  C:\Windows\System\KkqAiBy.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\VbDJJUX.exe
  C:\Windows\System\VbDJJUX.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\PUPImWl.exe
  C:\Windows\System\PUPImWl.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\moGhTpm.exe
  C:\Windows\System\moGhTpm.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\bTtwbbN.exe
  C:\Windows\System\bTtwbbN.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\vmRdisw.exe
  C:\Windows\System\vmRdisw.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\BdrFnko.exe
  C:\Windows\System\BdrFnko.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\bjHAnlv.exe
  C:\Windows\System\bjHAnlv.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\tzjsdIi.exe
  C:\Windows\System\tzjsdIi.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\DOakmba.exe
  C:\Windows\System\DOakmba.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\GqFIgxQ.exe
  C:\Windows\System\GqFIgxQ.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\RAYaADV.exe
  C:\Windows\System\RAYaADV.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\PvfciQU.exe
  C:\Windows\System\PvfciQU.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\dPsKXfJ.exe
  C:\Windows\System\dPsKXfJ.exe
  2⤵
  PID:2880
- C:\Windows\System\JugwNit.exe
  C:\Windows\System\JugwNit.exe
  2⤵
  PID:1548
- C:\Windows\System\OFdiwcU.exe
  C:\Windows\System\OFdiwcU.exe
  2⤵
  PID:2344
- C:\Windows\System\NDbLSeR.exe
  C:\Windows\System\NDbLSeR.exe
  2⤵
  PID:2104
- C:\Windows\System\laorOcP.exe
  C:\Windows\System\laorOcP.exe
  2⤵
  PID:2636
- C:\Windows\System\roiKcJJ.exe
  C:\Windows\System\roiKcJJ.exe
  2⤵
  PID:2532
- C:\Windows\System\lcvvwvv.exe
  C:\Windows\System\lcvvwvv.exe
  2⤵
  PID:2500
- C:\Windows\System\kWvcwRL.exe
  C:\Windows\System\kWvcwRL.exe
  2⤵
  PID:852
- C:\Windows\System\LFrtBkH.exe
  C:\Windows\System\LFrtBkH.exe
  2⤵
  PID:1316
- C:\Windows\System\ezLhZGY.exe
  C:\Windows\System\ezLhZGY.exe
  2⤵
  PID:676
- C:\Windows\System\YFRRHPu.exe
  C:\Windows\System\YFRRHPu.exe
  2⤵
  PID:2400
- C:\Windows\System\brWpPDd.exe
  C:\Windows\System\brWpPDd.exe
  2⤵
  PID:1960
- C:\Windows\System\CpYbGjx.exe
  C:\Windows\System\CpYbGjx.exe
  2⤵
  PID:1808
- C:\Windows\System\zkBPgGd.exe
  C:\Windows\System\zkBPgGd.exe
  2⤵
  PID:2236
- C:\Windows\System\PQwylCa.exe
  C:\Windows\System\PQwylCa.exe
  2⤵
  PID:2036
- C:\Windows\System\cEcQPXk.exe
  C:\Windows\System\cEcQPXk.exe
  2⤵
  PID:2736
- C:\Windows\System\NtyeDom.exe
  C:\Windows\System\NtyeDom.exe
  2⤵
  PID:2832
- C:\Windows\System\VgOLTgh.exe
  C:\Windows\System\VgOLTgh.exe
  2⤵
  PID:2844
- C:\Windows\System\lyqThSX.exe
  C:\Windows\System\lyqThSX.exe
  2⤵
  PID:2852
- C:\Windows\System\PChXaIH.exe
  C:\Windows\System\PChXaIH.exe
  2⤵
  PID:576
- C:\Windows\System\NwCsihQ.exe
  C:\Windows\System\NwCsihQ.exe
  2⤵
  PID:448
- C:\Windows\System\DVvbzvQ.exe
  C:\Windows\System\DVvbzvQ.exe
  2⤵
  PID:272
- C:\Windows\System\FBImBUW.exe
  C:\Windows\System\FBImBUW.exe
  2⤵
  PID:936
- C:\Windows\System\RVNRWdr.exe
  C:\Windows\System\RVNRWdr.exe
  2⤵
  PID:1556
- C:\Windows\System\OMJRpjo.exe
  C:\Windows\System\OMJRpjo.exe
  2⤵
  PID:1552
- C:\Windows\System\rvFpuvZ.exe
  C:\Windows\System\rvFpuvZ.exe
  2⤵
  PID:1516
- C:\Windows\System\yigTThO.exe
  C:\Windows\System\yigTThO.exe
  2⤵
  PID:884
- C:\Windows\System\DEhTZqt.exe
  C:\Windows\System\DEhTZqt.exe
  2⤵
  PID:988
- C:\Windows\System\nkbmwDu.exe
  C:\Windows\System\nkbmwDu.exe
  2⤵
  PID:1084
- C:\Windows\System\pYrYrIp.exe
  C:\Windows\System\pYrYrIp.exe
  2⤵
  PID:320
- C:\Windows\System\LgQwUGz.exe
  C:\Windows\System\LgQwUGz.exe
  2⤵
  PID:1768
- C:\Windows\System\jQUJBep.exe
  C:\Windows\System\jQUJBep.exe
  2⤵
  PID:2440
- C:\Windows\System\UctuKya.exe
  C:\Windows\System\UctuKya.exe
  2⤵
  PID:2080
- C:\Windows\System\NTjyfqA.exe
  C:\Windows\System\NTjyfqA.exe
  2⤵
  PID:1604
- C:\Windows\System\PWgCjPg.exe
  C:\Windows\System\PWgCjPg.exe
  2⤵
  PID:2264
- C:\Windows\System\aukTZZW.exe
  C:\Windows\System\aukTZZW.exe
  2⤵
  PID:1816
- C:\Windows\System\cOXbLZo.exe
  C:\Windows\System\cOXbLZo.exe
  2⤵
  PID:2692
- C:\Windows\System\RvQzNAV.exe
  C:\Windows\System\RvQzNAV.exe
  2⤵
  PID:2632
- C:\Windows\System\VMNRUdP.exe
  C:\Windows\System\VMNRUdP.exe
  2⤵
  PID:1748
- C:\Windows\System\vpfPBQv.exe
  C:\Windows\System\vpfPBQv.exe
  2⤵
  PID:2944
- C:\Windows\System\GpTXTWz.exe
  C:\Windows\System\GpTXTWz.exe
  2⤵
  PID:1236
- C:\Windows\System\tjlSDYI.exe
  C:\Windows\System\tjlSDYI.exe
  2⤵
  PID:1976
- C:\Windows\System\jtzSwUn.exe
  C:\Windows\System\jtzSwUn.exe
  2⤵
  PID:2492
- C:\Windows\System\fAvcjCi.exe
  C:\Windows\System\fAvcjCi.exe
  2⤵
  PID:2984
- C:\Windows\System\Nomkdhe.exe
  C:\Windows\System\Nomkdhe.exe
  2⤵
  PID:2980
- C:\Windows\System\FDivXuw.exe
  C:\Windows\System\FDivXuw.exe
  2⤵
  PID:1384
- C:\Windows\System\pBUUaJj.exe
  C:\Windows\System\pBUUaJj.exe
  2⤵
  PID:1616
- C:\Windows\System\iOJkIDm.exe
  C:\Windows\System\iOJkIDm.exe
  2⤵
  PID:1832
- C:\Windows\System\fNisNCp.exe
  C:\Windows\System\fNisNCp.exe
  2⤵
  PID:2828
- C:\Windows\System\BJPufcW.exe
  C:\Windows\System\BJPufcW.exe
  2⤵
  PID:2768
- C:\Windows\System\zLkpKWB.exe
  C:\Windows\System\zLkpKWB.exe
  2⤵
  PID:2348
- C:\Windows\System\AkSbuDr.exe
  C:\Windows\System\AkSbuDr.exe
  2⤵
  PID:2796
- C:\Windows\System\UFDfwPe.exe
  C:\Windows\System\UFDfwPe.exe
  2⤵
  PID:2644
- C:\Windows\System\wGgDsJr.exe
  C:\Windows\System\wGgDsJr.exe
  2⤵
  PID:640
- C:\Windows\System\snZdiYZ.exe
  C:\Windows\System\snZdiYZ.exe
  2⤵
  PID:1704
- C:\Windows\System\sriMRrx.exe
  C:\Windows\System\sriMRrx.exe
  2⤵
  PID:2384
- C:\Windows\System\GvHqFIZ.exe
  C:\Windows\System\GvHqFIZ.exe
  2⤵
  PID:2372
- C:\Windows\System\UCQjctl.exe
  C:\Windows\System\UCQjctl.exe
  2⤵
  PID:2196
- C:\Windows\System\rSLNfOT.exe
  C:\Windows\System\rSLNfOT.exe
  2⤵
  PID:900
- C:\Windows\System\uMvlUsb.exe
  C:\Windows\System\uMvlUsb.exe
  2⤵
  PID:1572
- C:\Windows\System\PqDkjhQ.exe
  C:\Windows\System\PqDkjhQ.exe
  2⤵
  PID:1652
- C:\Windows\System\LcUhPhL.exe
  C:\Windows\System\LcUhPhL.exe
  2⤵
  PID:2300
- C:\Windows\System\AMfVphu.exe
  C:\Windows\System\AMfVphu.exe
  2⤵
  PID:2420
- C:\Windows\System\Ybavrbt.exe
  C:\Windows\System\Ybavrbt.exe
  2⤵
  PID:2660
- C:\Windows\System\aQuElIo.exe
  C:\Windows\System\aQuElIo.exe
  2⤵
  PID:2896
- C:\Windows\System\jzISybk.exe
  C:\Windows\System\jzISybk.exe
  2⤵
  PID:2712
- C:\Windows\System\ZOJBxrD.exe
  C:\Windows\System\ZOJBxrD.exe
  2⤵
  PID:1620
- C:\Windows\System\PDPJZMV.exe
  C:\Windows\System\PDPJZMV.exe
  2⤵
  PID:380
- C:\Windows\System\XMMhsBk.exe
  C:\Windows\System\XMMhsBk.exe
  2⤵
  PID:1948
- C:\Windows\System\uQFLzKz.exe
  C:\Windows\System\uQFLzKz.exe
  2⤵
  PID:2868
- C:\Windows\System\nGipdOs.exe
  C:\Windows\System\nGipdOs.exe
  2⤵
  PID:1872
- C:\Windows\System\VhCLIwK.exe
  C:\Windows\System\VhCLIwK.exe
  2⤵
  PID:788
- C:\Windows\System\BNsIivK.exe
  C:\Windows\System\BNsIivK.exe
  2⤵
  PID:1688
- C:\Windows\System\GbOmWnF.exe
  C:\Windows\System\GbOmWnF.exe
  2⤵
  PID:2920
- C:\Windows\System\KTnRgDX.exe
  C:\Windows\System\KTnRgDX.exe
  2⤵
  PID:1740
- C:\Windows\System\KveYAWc.exe
  C:\Windows\System\KveYAWc.exe
  2⤵
  PID:2688
- C:\Windows\System\GXSYDUf.exe
  C:\Windows\System\GXSYDUf.exe
  2⤵
  PID:3024
- C:\Windows\System\CqrvJSl.exe
  C:\Windows\System\CqrvJSl.exe
  2⤵
  PID:2888
- C:\Windows\System\AntXzpD.exe
  C:\Windows\System\AntXzpD.exe
  2⤵
  PID:2528
- C:\Windows\System\NFzMaNG.exe
  C:\Windows\System\NFzMaNG.exe
  2⤵
  PID:3092
- C:\Windows\System\uasjbZU.exe
  C:\Windows\System\uasjbZU.exe
  2⤵
  PID:3112
- C:\Windows\System\xWRldSt.exe
  C:\Windows\System\xWRldSt.exe
  2⤵
  PID:3132
- C:\Windows\System\Qiacxcx.exe
  C:\Windows\System\Qiacxcx.exe
  2⤵
  PID:3152
- C:\Windows\System\rbsyFBT.exe
  C:\Windows\System\rbsyFBT.exe
  2⤵
  PID:3172
- C:\Windows\System\daEVAeB.exe
  C:\Windows\System\daEVAeB.exe
  2⤵
  PID:3192
- C:\Windows\System\mJCvktd.exe
  C:\Windows\System\mJCvktd.exe
  2⤵
  PID:3212
- C:\Windows\System\vwDUmFy.exe
  C:\Windows\System\vwDUmFy.exe
  2⤵
  PID:3232
- C:\Windows\System\QdCiYAj.exe
  C:\Windows\System\QdCiYAj.exe
  2⤵
  PID:3252
- C:\Windows\System\tUMYCHL.exe
  C:\Windows\System\tUMYCHL.exe
  2⤵
  PID:3272
- C:\Windows\System\rMYuOeQ.exe
  C:\Windows\System\rMYuOeQ.exe
  2⤵
  PID:3292
- C:\Windows\System\fmKbljl.exe
  C:\Windows\System\fmKbljl.exe
  2⤵
  PID:3312
- C:\Windows\System\QpyTWeX.exe
  C:\Windows\System\QpyTWeX.exe
  2⤵
  PID:3332
- C:\Windows\System\WSjjRld.exe
  C:\Windows\System\WSjjRld.exe
  2⤵
  PID:3352
- C:\Windows\System\mHKsAta.exe
  C:\Windows\System\mHKsAta.exe
  2⤵
  PID:3372
- C:\Windows\System\gDNUlmD.exe
  C:\Windows\System\gDNUlmD.exe
  2⤵
  PID:3392
- C:\Windows\System\OUpbbnM.exe
  C:\Windows\System\OUpbbnM.exe
  2⤵
  PID:3412
- C:\Windows\System\nTBkPFN.exe
  C:\Windows\System\nTBkPFN.exe
  2⤵
  PID:3432
- C:\Windows\System\yfuNVIo.exe
  C:\Windows\System\yfuNVIo.exe
  2⤵
  PID:3452
- C:\Windows\System\tiHHAKH.exe
  C:\Windows\System\tiHHAKH.exe
  2⤵
  PID:3472
- C:\Windows\System\eTmJmKi.exe
  C:\Windows\System\eTmJmKi.exe
  2⤵
  PID:3488
- C:\Windows\System\DFJYXYP.exe
  C:\Windows\System\DFJYXYP.exe
  2⤵
  PID:3512
- C:\Windows\System\ysGkaMz.exe
  C:\Windows\System\ysGkaMz.exe
  2⤵
  PID:3532
- C:\Windows\System\TCQGmJd.exe
  C:\Windows\System\TCQGmJd.exe
  2⤵
  PID:3552
- C:\Windows\System\PeRPGGL.exe
  C:\Windows\System\PeRPGGL.exe
  2⤵
  PID:3572
- C:\Windows\System\ggFYdqA.exe
  C:\Windows\System\ggFYdqA.exe
  2⤵
  PID:3592
- C:\Windows\System\SouujDz.exe
  C:\Windows\System\SouujDz.exe
  2⤵
  PID:3612
- C:\Windows\System\pkfBniu.exe
  C:\Windows\System\pkfBniu.exe
  2⤵
  PID:3636
- C:\Windows\System\SUvGJBC.exe
  C:\Windows\System\SUvGJBC.exe
  2⤵
  PID:3656
- C:\Windows\System\YZbDlmo.exe
  C:\Windows\System\YZbDlmo.exe
  2⤵
  PID:3676
- C:\Windows\System\QAEBlim.exe
  C:\Windows\System\QAEBlim.exe
  2⤵
  PID:3696
- C:\Windows\System\txXBcvQ.exe
  C:\Windows\System\txXBcvQ.exe
  2⤵
  PID:3716
- C:\Windows\System\QYJcBDc.exe
  C:\Windows\System\QYJcBDc.exe
  2⤵
  PID:3736
- C:\Windows\System\JfDaFCT.exe
  C:\Windows\System\JfDaFCT.exe
  2⤵
  PID:3756
- C:\Windows\System\ENGRBeP.exe
  C:\Windows\System\ENGRBeP.exe
  2⤵
  PID:3776
- C:\Windows\System\heIcCsM.exe
  C:\Windows\System\heIcCsM.exe
  2⤵
  PID:3796
- C:\Windows\System\KITaUDn.exe
  C:\Windows\System\KITaUDn.exe
  2⤵
  PID:3816
- C:\Windows\System\pEnbsSK.exe
  C:\Windows\System\pEnbsSK.exe
  2⤵
  PID:3836
- C:\Windows\System\lsivkiT.exe
  C:\Windows\System\lsivkiT.exe
  2⤵
  PID:3856
- C:\Windows\System\TKOKMlz.exe
  C:\Windows\System\TKOKMlz.exe
  2⤵
  PID:3876
- C:\Windows\System\eZbrjWW.exe
  C:\Windows\System\eZbrjWW.exe
  2⤵
  PID:3896
- C:\Windows\System\WDqjntJ.exe
  C:\Windows\System\WDqjntJ.exe
  2⤵
  PID:3916
- C:\Windows\System\VFBHalf.exe
  C:\Windows\System\VFBHalf.exe
  2⤵
  PID:3936
- C:\Windows\System\pyPJAhJ.exe
  C:\Windows\System\pyPJAhJ.exe
  2⤵
  PID:3956
- C:\Windows\System\yFwfmVn.exe
  C:\Windows\System\yFwfmVn.exe
  2⤵
  PID:3980
- C:\Windows\System\wQrqlTY.exe
  C:\Windows\System\wQrqlTY.exe
  2⤵
  PID:4000
- C:\Windows\System\ITjXcPB.exe
  C:\Windows\System\ITjXcPB.exe
  2⤵
  PID:4020
- C:\Windows\System\vBCZlki.exe
  C:\Windows\System\vBCZlki.exe
  2⤵
  PID:4040
- C:\Windows\System\EFBdjOv.exe
  C:\Windows\System\EFBdjOv.exe
  2⤵
  PID:4060
- C:\Windows\System\axcviGb.exe
  C:\Windows\System\axcviGb.exe
  2⤵
  PID:4080
- C:\Windows\System\WqnrXcg.exe
  C:\Windows\System\WqnrXcg.exe
  2⤵
  PID:2900
- C:\Windows\System\uObMjGH.exe
  C:\Windows\System\uObMjGH.exe
  2⤵
  PID:2028
- C:\Windows\System\pyYfBAI.exe
  C:\Windows\System\pyYfBAI.exe
  2⤵
  PID:2836
- C:\Windows\System\EBnSGmC.exe
  C:\Windows\System\EBnSGmC.exe
  2⤵
  PID:2152
- C:\Windows\System\FgGsoyN.exe
  C:\Windows\System\FgGsoyN.exe
  2⤵
  PID:1716
- C:\Windows\System\VHlMoes.exe
  C:\Windows\System\VHlMoes.exe
  2⤵
  PID:2224
- C:\Windows\System\YtjUZPq.exe
  C:\Windows\System\YtjUZPq.exe
  2⤵
  PID:1784
- C:\Windows\System\fkDzeUY.exe
  C:\Windows\System\fkDzeUY.exe
  2⤵
  PID:2052
- C:\Windows\System\lBolkvr.exe
  C:\Windows\System\lBolkvr.exe
  2⤵
  PID:3080
- C:\Windows\System\JrsThHF.exe
  C:\Windows\System\JrsThHF.exe
  2⤵
  PID:3108
- C:\Windows\System\tLWEPfR.exe
  C:\Windows\System\tLWEPfR.exe
  2⤵
  PID:3128
- C:\Windows\System\wvOEvcC.exe
  C:\Windows\System\wvOEvcC.exe
  2⤵
  PID:3160
- C:\Windows\System\TbePwbB.exe
  C:\Windows\System\TbePwbB.exe
  2⤵
  PID:3220
- C:\Windows\System\WhzAAXg.exe
  C:\Windows\System\WhzAAXg.exe
  2⤵
  PID:3240
- C:\Windows\System\hYGrFSG.exe
  C:\Windows\System\hYGrFSG.exe
  2⤵
  PID:3264
- C:\Windows\System\yCrVqbG.exe
  C:\Windows\System\yCrVqbG.exe
  2⤵
  PID:3308
- C:\Windows\System\LxGVzEm.exe
  C:\Windows\System\LxGVzEm.exe
  2⤵
  PID:3348
- C:\Windows\System\GnpgRyg.exe
  C:\Windows\System\GnpgRyg.exe
  2⤵
  PID:3360
- C:\Windows\System\Phniqjr.exe
  C:\Windows\System\Phniqjr.exe
  2⤵
  PID:3420
- C:\Windows\System\PKptCzL.exe
  C:\Windows\System\PKptCzL.exe
  2⤵
  PID:3440
- C:\Windows\System\FkHznQK.exe
  C:\Windows\System\FkHznQK.exe
  2⤵
  PID:3464
- C:\Windows\System\OXBshqy.exe
  C:\Windows\System\OXBshqy.exe
  2⤵
  PID:3480
- C:\Windows\System\WSWrSUV.exe
  C:\Windows\System\WSWrSUV.exe
  2⤵
  PID:3528
- C:\Windows\System\NxfbVdI.exe
  C:\Windows\System\NxfbVdI.exe
  2⤵
  PID:3564
- C:\Windows\System\dfmepYk.exe
  C:\Windows\System\dfmepYk.exe
  2⤵
  PID:3620
- C:\Windows\System\uzXGEQx.exe
  C:\Windows\System\uzXGEQx.exe
  2⤵
  PID:3604
- C:\Windows\System\kxXzQYZ.exe
  C:\Windows\System\kxXzQYZ.exe
  2⤵
  PID:3648
- C:\Windows\System\SrPirTZ.exe
  C:\Windows\System\SrPirTZ.exe
  2⤵
  PID:3692
- C:\Windows\System\ndnsCct.exe
  C:\Windows\System\ndnsCct.exe
  2⤵
  PID:3752
- C:\Windows\System\BFbpckf.exe
  C:\Windows\System\BFbpckf.exe
  2⤵
  PID:3784
- C:\Windows\System\DbFJWYA.exe
  C:\Windows\System\DbFJWYA.exe
  2⤵
  PID:3788
- C:\Windows\System\ZCuDaCL.exe
  C:\Windows\System\ZCuDaCL.exe
  2⤵
  PID:3808
- C:\Windows\System\sJdLmNo.exe
  C:\Windows\System\sJdLmNo.exe
  2⤵
  PID:3864
- C:\Windows\System\tURvZtv.exe
  C:\Windows\System\tURvZtv.exe
  2⤵
  PID:3888
- C:\Windows\System\SxOcOOg.exe
  C:\Windows\System\SxOcOOg.exe
  2⤵
  PID:3932
- C:\Windows\System\NHCJvzg.exe
  C:\Windows\System\NHCJvzg.exe
  2⤵
  PID:3964
- C:\Windows\System\LyJBayw.exe
  C:\Windows\System\LyJBayw.exe
  2⤵
  PID:3992
- C:\Windows\System\gnhQbWD.exe
  C:\Windows\System\gnhQbWD.exe
  2⤵
  PID:4036
- C:\Windows\System\RyCtHFv.exe
  C:\Windows\System\RyCtHFv.exe
  2⤵
  PID:4052
- C:\Windows\System\GcoZVLz.exe
  C:\Windows\System\GcoZVLz.exe
  2⤵
  PID:2340
- C:\Windows\System\aaCQatM.exe
  C:\Windows\System\aaCQatM.exe
  2⤵
  PID:2620
- C:\Windows\System\aMKvuLK.exe
  C:\Windows\System\aMKvuLK.exe
  2⤵
  PID:2120
- C:\Windows\System\izcwVvZ.exe
  C:\Windows\System\izcwVvZ.exe
  2⤵
  PID:2216
- C:\Windows\System\NsYwWTA.exe
  C:\Windows\System\NsYwWTA.exe
  2⤵
  PID:2716
- C:\Windows\System\BqgIRlz.exe
  C:\Windows\System\BqgIRlz.exe
  2⤵
  PID:3104
- C:\Windows\System\UVTbDHY.exe
  C:\Windows\System\UVTbDHY.exe
  2⤵
  PID:3124
- C:\Windows\System\ksRmCem.exe
  C:\Windows\System\ksRmCem.exe
  2⤵
  PID:3224
- C:\Windows\System\UuAsfTo.exe
  C:\Windows\System\UuAsfTo.exe
  2⤵
  PID:3268
- C:\Windows\System\WLPSwsA.exe
  C:\Windows\System\WLPSwsA.exe
  2⤵
  PID:3320
- C:\Windows\System\qazhyRH.exe
  C:\Windows\System\qazhyRH.exe
  2⤵
  PID:3380
- C:\Windows\System\wLFWYFi.exe
  C:\Windows\System\wLFWYFi.exe
  2⤵
  PID:3404
- C:\Windows\System\QIxSscq.exe
  C:\Windows\System\QIxSscq.exe
  2⤵
  PID:3448
- C:\Windows\System\meNraAH.exe
  C:\Windows\System\meNraAH.exe
  2⤵
  PID:3520
- C:\Windows\System\dAQYAQg.exe
  C:\Windows\System\dAQYAQg.exe
  2⤵
  PID:3608
- C:\Windows\System\PtzRltU.exe
  C:\Windows\System\PtzRltU.exe
  2⤵
  PID:3668
- C:\Windows\System\Fsfwvow.exe
  C:\Windows\System\Fsfwvow.exe
  2⤵
  PID:3644
- C:\Windows\System\gdorcFS.exe
  C:\Windows\System\gdorcFS.exe
  2⤵
  PID:3708
- C:\Windows\System\BYaHRMr.exe
  C:\Windows\System\BYaHRMr.exe
  2⤵
  PID:3824
- C:\Windows\System\GavWtEm.exe
  C:\Windows\System\GavWtEm.exe
  2⤵
  PID:3848
- C:\Windows\System\gPjLXkU.exe
  C:\Windows\System\gPjLXkU.exe
  2⤵
  PID:3944
- C:\Windows\System\JtIOYzS.exe
  C:\Windows\System\JtIOYzS.exe
  2⤵
  PID:3968
- C:\Windows\System\zZzyPsd.exe
  C:\Windows\System\zZzyPsd.exe
  2⤵
  PID:4012
- C:\Windows\System\mcqCwRZ.exe
  C:\Windows\System\mcqCwRZ.exe
  2⤵
  PID:4068
- C:\Windows\System\DBQKAJp.exe
  C:\Windows\System\DBQKAJp.exe
  2⤵
  PID:1368
- C:\Windows\System\AXNGpZU.exe
  C:\Windows\System\AXNGpZU.exe
  2⤵
  PID:2208
- C:\Windows\System\hXltkQo.exe
  C:\Windows\System\hXltkQo.exe
  2⤵
  PID:3140
- C:\Windows\System\LCbqkye.exe
  C:\Windows\System\LCbqkye.exe
  2⤵
  PID:3180
- C:\Windows\System\bLNhonR.exe
  C:\Windows\System\bLNhonR.exe
  2⤵
  PID:3284
- C:\Windows\System\xnThWLa.exe
  C:\Windows\System\xnThWLa.exe
  2⤵
  PID:3344
- C:\Windows\System\qNqIesW.exe
  C:\Windows\System\qNqIesW.exe
  2⤵
  PID:3444
- C:\Windows\System\JwILbFD.exe
  C:\Windows\System\JwILbFD.exe
  2⤵
  PID:3540
- C:\Windows\System\WnazvPV.exe
  C:\Windows\System\WnazvPV.exe
  2⤵
  PID:3704
- C:\Windows\System\lQSHecC.exe
  C:\Windows\System\lQSHecC.exe
  2⤵
  PID:3812
- C:\Windows\System\nYlcyWb.exe
  C:\Windows\System\nYlcyWb.exe
  2⤵
  PID:3768
- C:\Windows\System\NmYtINO.exe
  C:\Windows\System\NmYtINO.exe
  2⤵
  PID:3884
- C:\Windows\System\goCzEZC.exe
  C:\Windows\System\goCzEZC.exe
  2⤵
  PID:3952
- C:\Windows\System\TYmkVWw.exe
  C:\Windows\System\TYmkVWw.exe
  2⤵
  PID:4108
- C:\Windows\System\TTOiyhc.exe
  C:\Windows\System\TTOiyhc.exe
  2⤵
  PID:4128
- C:\Windows\System\bZbNIff.exe
  C:\Windows\System\bZbNIff.exe
  2⤵
  PID:4148
- C:\Windows\System\LGDHDDm.exe
  C:\Windows\System\LGDHDDm.exe
  2⤵
  PID:4176
- C:\Windows\System\bOnMmeF.exe
  C:\Windows\System\bOnMmeF.exe
  2⤵
  PID:4196
- C:\Windows\System\qTMHFPh.exe
  C:\Windows\System\qTMHFPh.exe
  2⤵
  PID:4216
- C:\Windows\System\nGHOZfq.exe
  C:\Windows\System\nGHOZfq.exe
  2⤵
  PID:4236
- C:\Windows\System\krNzoDv.exe
  C:\Windows\System\krNzoDv.exe
  2⤵
  PID:4256
- C:\Windows\System\tcZYVCZ.exe
  C:\Windows\System\tcZYVCZ.exe
  2⤵
  PID:4276
- C:\Windows\System\ZVnvOKM.exe
  C:\Windows\System\ZVnvOKM.exe
  2⤵
  PID:4296
- C:\Windows\System\xUCSEjL.exe
  C:\Windows\System\xUCSEjL.exe
  2⤵
  PID:4320
- C:\Windows\System\MYQvqpd.exe
  C:\Windows\System\MYQvqpd.exe
  2⤵
  PID:4344
- C:\Windows\System\RYbJVaO.exe
  C:\Windows\System\RYbJVaO.exe
  2⤵
  PID:4364
- C:\Windows\System\bizkYqD.exe
  C:\Windows\System\bizkYqD.exe
  2⤵
  PID:4392
- C:\Windows\System\YCCkFYB.exe
  C:\Windows\System\YCCkFYB.exe
  2⤵
  PID:4412
- C:\Windows\System\xsqotIa.exe
  C:\Windows\System\xsqotIa.exe
  2⤵
  PID:4432
- C:\Windows\System\gHAZaUk.exe
  C:\Windows\System\gHAZaUk.exe
  2⤵
  PID:4452
- C:\Windows\System\rXmWZDq.exe
  C:\Windows\System\rXmWZDq.exe
  2⤵
  PID:4472
- C:\Windows\System\SXktRlu.exe
  C:\Windows\System\SXktRlu.exe
  2⤵
  PID:4492
- C:\Windows\System\wsVHHIV.exe
  C:\Windows\System\wsVHHIV.exe
  2⤵
  PID:4524
- C:\Windows\System\hUCsgqd.exe
  C:\Windows\System\hUCsgqd.exe
  2⤵
  PID:4544
- C:\Windows\System\PkXNHzJ.exe
  C:\Windows\System\PkXNHzJ.exe
  2⤵
  PID:4572
- C:\Windows\System\XFDvPem.exe
  C:\Windows\System\XFDvPem.exe
  2⤵
  PID:4592
- C:\Windows\System\JdarTRS.exe
  C:\Windows\System\JdarTRS.exe
  2⤵
  PID:4612
- C:\Windows\System\JvIXgmR.exe
  C:\Windows\System\JvIXgmR.exe
  2⤵
  PID:4632
- C:\Windows\System\eMOqKQH.exe
  C:\Windows\System\eMOqKQH.exe
  2⤵
  PID:4652
- C:\Windows\System\dfyqkTN.exe
  C:\Windows\System\dfyqkTN.exe
  2⤵
  PID:4672
- C:\Windows\System\pSVbbXO.exe
  C:\Windows\System\pSVbbXO.exe
  2⤵
  PID:4692
- C:\Windows\System\fLkCKDq.exe
  C:\Windows\System\fLkCKDq.exe
  2⤵
  PID:4712
- C:\Windows\System\hHgwlMw.exe
  C:\Windows\System\hHgwlMw.exe
  2⤵
  PID:4732
- C:\Windows\System\tSKXjWX.exe
  C:\Windows\System\tSKXjWX.exe
  2⤵
  PID:4752
- C:\Windows\System\VcvwvHs.exe
  C:\Windows\System\VcvwvHs.exe
  2⤵
  PID:4772
- C:\Windows\System\hrZXvgA.exe
  C:\Windows\System\hrZXvgA.exe
  2⤵
  PID:4792
- C:\Windows\System\kxtVJhQ.exe
  C:\Windows\System\kxtVJhQ.exe
  2⤵
  PID:4812
- C:\Windows\System\TSwrvUe.exe
  C:\Windows\System\TSwrvUe.exe
  2⤵
  PID:4840
- C:\Windows\System\bYrXGtE.exe
  C:\Windows\System\bYrXGtE.exe
  2⤵
  PID:4860
- C:\Windows\System\hbfreen.exe
  C:\Windows\System\hbfreen.exe
  2⤵
  PID:4880
- C:\Windows\System\JQdNvLU.exe
  C:\Windows\System\JQdNvLU.exe
  2⤵
  PID:4900
- C:\Windows\System\CmQKagh.exe
  C:\Windows\System\CmQKagh.exe
  2⤵
  PID:4920
- C:\Windows\System\KCzTMjg.exe
  C:\Windows\System\KCzTMjg.exe
  2⤵
  PID:4944
- C:\Windows\System\wXlMTYD.exe
  C:\Windows\System\wXlMTYD.exe
  2⤵
  PID:4976
- C:\Windows\System\IiWCWAk.exe
  C:\Windows\System\IiWCWAk.exe
  2⤵
  PID:4996
- C:\Windows\System\RbymwsX.exe
  C:\Windows\System\RbymwsX.exe
  2⤵
  PID:5016
- C:\Windows\System\NrcShRT.exe
  C:\Windows\System\NrcShRT.exe
  2⤵
  PID:5044
- C:\Windows\System\WijBmRm.exe
  C:\Windows\System\WijBmRm.exe
  2⤵
  PID:5068
- C:\Windows\System\IwjcXbP.exe
  C:\Windows\System\IwjcXbP.exe
  2⤵
  PID:5088
- C:\Windows\System\zyytvAw.exe
  C:\Windows\System\zyytvAw.exe
  2⤵
  PID:5108
- C:\Windows\System\WQRuZpa.exe
  C:\Windows\System\WQRuZpa.exe
  2⤵
  PID:2708
- C:\Windows\System\mjOlBwW.exe
  C:\Windows\System\mjOlBwW.exe
  2⤵
  PID:568
- C:\Windows\System\CAYUjuw.exe
  C:\Windows\System\CAYUjuw.exe
  2⤵
  PID:3244
- C:\Windows\System\nNLyVYl.exe
  C:\Windows\System\nNLyVYl.exe
  2⤵
  PID:3460
- C:\Windows\System\EZxOgOi.exe
  C:\Windows\System\EZxOgOi.exe
  2⤵
  PID:3384
- C:\Windows\System\sNWQCau.exe
  C:\Windows\System\sNWQCau.exe
  2⤵
  PID:3568
- C:\Windows\System\SNaFVuq.exe
  C:\Windows\System\SNaFVuq.exe
  2⤵
  PID:3748
- C:\Windows\System\hsmOomr.exe
  C:\Windows\System\hsmOomr.exe
  2⤵
  PID:3912
- C:\Windows\System\cLfHKvZ.exe
  C:\Windows\System\cLfHKvZ.exe
  2⤵
  PID:4072
- C:\Windows\System\oWVnTdB.exe
  C:\Windows\System\oWVnTdB.exe
  2⤵
  PID:4100
- C:\Windows\System\oJMoCjs.exe
  C:\Windows\System\oJMoCjs.exe
  2⤵
  PID:4140
- C:\Windows\System\IkIdAzl.exe
  C:\Windows\System\IkIdAzl.exe
  2⤵
  PID:4204
- C:\Windows\System\syPTObJ.exe
  C:\Windows\System\syPTObJ.exe
  2⤵
  PID:4232
- C:\Windows\System\ABGAkPb.exe
  C:\Windows\System\ABGAkPb.exe
  2⤵
  PID:4264
- C:\Windows\System\PjogXZA.exe
  C:\Windows\System\PjogXZA.exe
  2⤵
  PID:4304
- C:\Windows\System\cdqjrhy.exe
  C:\Windows\System\cdqjrhy.exe
  2⤵
  PID:4328
- C:\Windows\System\frmcRMH.exe
  C:\Windows\System\frmcRMH.exe
  2⤵
  PID:4356
- C:\Windows\System\DFwNATC.exe
  C:\Windows\System\DFwNATC.exe
  2⤵
  PID:4408
- C:\Windows\System\hIBZHGT.exe
  C:\Windows\System\hIBZHGT.exe
  2⤵
  PID:4424
- C:\Windows\System\mDDVPzO.exe
  C:\Windows\System\mDDVPzO.exe
  2⤵
  PID:4480
- C:\Windows\System\MmkXCJe.exe
  C:\Windows\System\MmkXCJe.exe
  2⤵
  PID:4500
- C:\Windows\System\iNbORUc.exe
  C:\Windows\System\iNbORUc.exe
  2⤵
  PID:4540
- C:\Windows\System\UsuAWga.exe
  C:\Windows\System\UsuAWga.exe
  2⤵
  PID:4556
- C:\Windows\System\vPNvmhA.exe
  C:\Windows\System\vPNvmhA.exe
  2⤵
  PID:4628
- C:\Windows\System\OOQoGjz.exe
  C:\Windows\System\OOQoGjz.exe
  2⤵
  PID:4660
- C:\Windows\System\czTpMZY.exe
  C:\Windows\System\czTpMZY.exe
  2⤵
  PID:4688
- C:\Windows\System\gKiYlzq.exe
  C:\Windows\System\gKiYlzq.exe
  2⤵
  PID:4740
- C:\Windows\System\DhgkrVr.exe
  C:\Windows\System\DhgkrVr.exe
  2⤵
  PID:4744
- C:\Windows\System\YASDovJ.exe
  C:\Windows\System\YASDovJ.exe
  2⤵
  PID:4788
- C:\Windows\System\DDjqRzR.exe
  C:\Windows\System\DDjqRzR.exe
  2⤵
  PID:4804
- C:\Windows\System\TeGQjaZ.exe
  C:\Windows\System\TeGQjaZ.exe
  2⤵
  PID:4852
- C:\Windows\System\xlOFHZB.exe
  C:\Windows\System\xlOFHZB.exe
  2⤵
  PID:4868
- C:\Windows\System\KEIZvVV.exe
  C:\Windows\System\KEIZvVV.exe
  2⤵
  PID:4916
- C:\Windows\System\idbjhKa.exe
  C:\Windows\System\idbjhKa.exe
  2⤵
  PID:4932
- C:\Windows\System\pEykAsv.exe
  C:\Windows\System\pEykAsv.exe
  2⤵
  PID:4968
- C:\Windows\System\XlzUASM.exe
  C:\Windows\System\XlzUASM.exe
  2⤵
  PID:5028
- C:\Windows\System\fpADXEp.exe
  C:\Windows\System\fpADXEp.exe
  2⤵
  PID:5064
- C:\Windows\System\gJPzZOY.exe
  C:\Windows\System\gJPzZOY.exe
  2⤵
  PID:5100
- C:\Windows\System\LmnmkZw.exe
  C:\Windows\System\LmnmkZw.exe
  2⤵
  PID:3100
- C:\Windows\System\bGMvjQu.exe
  C:\Windows\System\bGMvjQu.exe
  2⤵
  PID:3388
- C:\Windows\System\nGZFzfs.exe
  C:\Windows\System\nGZFzfs.exe
  2⤵
  PID:3560
- C:\Windows\System\ywFGgEc.exe
  C:\Windows\System\ywFGgEc.exe
  2⤵
  PID:3744
- C:\Windows\System\AthwuBi.exe
  C:\Windows\System\AthwuBi.exe
  2⤵
  PID:3844
- C:\Windows\System\TqhlOUc.exe
  C:\Windows\System\TqhlOUc.exe
  2⤵
  PID:4144
- C:\Windows\System\UZGeIQr.exe
  C:\Windows\System\UZGeIQr.exe
  2⤵
  PID:4164
- C:\Windows\System\vwiCikZ.exe
  C:\Windows\System\vwiCikZ.exe
  2⤵
  PID:4212
- C:\Windows\System\SCxjoFy.exe
  C:\Windows\System\SCxjoFy.exe
  2⤵
  PID:4244
- C:\Windows\System\RdpnTHN.exe
  C:\Windows\System\RdpnTHN.exe
  2⤵
  PID:4308
- C:\Windows\System\auWjEGy.exe
  C:\Windows\System\auWjEGy.exe
  2⤵
  PID:4440
- C:\Windows\System\NXTbzub.exe
  C:\Windows\System\NXTbzub.exe
  2⤵
  PID:4488
- C:\Windows\System\PgrIYce.exe
  C:\Windows\System\PgrIYce.exe
  2⤵
  PID:4380
- C:\Windows\System\ItuXYnT.exe
  C:\Windows\System\ItuXYnT.exe
  2⤵
  PID:4460
- C:\Windows\System\ixaGlaM.exe
  C:\Windows\System\ixaGlaM.exe
  2⤵
  PID:4536
- C:\Windows\System\icDWpDD.exe
  C:\Windows\System\icDWpDD.exe
  2⤵
  PID:4704
- C:\Windows\System\SwSsbjO.exe
  C:\Windows\System\SwSsbjO.exe
  2⤵
  PID:4768
- C:\Windows\System\loETaAu.exe
  C:\Windows\System\loETaAu.exe
  2⤵
  PID:4824
- C:\Windows\System\xCMnRYz.exe
  C:\Windows\System\xCMnRYz.exe
  2⤵
  PID:4872
- C:\Windows\System\FzjiNmx.exe
  C:\Windows\System\FzjiNmx.exe
  2⤵
  PID:4800
- C:\Windows\System\TvOlbOL.exe
  C:\Windows\System\TvOlbOL.exe
  2⤵
  PID:2548
- C:\Windows\System\GusNqrH.exe
  C:\Windows\System\GusNqrH.exe
  2⤵
  PID:4912
- C:\Windows\System\JnPRNTU.exe
  C:\Windows\System\JnPRNTU.exe
  2⤵
  PID:2652
- C:\Windows\System\FFgBoxH.exe
  C:\Windows\System\FFgBoxH.exe
  2⤵
  PID:2444
- C:\Windows\System\cFYwYmc.exe
  C:\Windows\System\cFYwYmc.exe
  2⤵
  PID:4092
- C:\Windows\System\DJHxzvd.exe
  C:\Windows\System\DJHxzvd.exe
  2⤵
  PID:3792
- C:\Windows\System\iaSFXOp.exe
  C:\Windows\System\iaSFXOp.exe
  2⤵
  PID:4104
- C:\Windows\System\jMGBVma.exe
  C:\Windows\System\jMGBVma.exe
  2⤵
  PID:4208
- C:\Windows\System\ifXquqh.exe
  C:\Windows\System\ifXquqh.exe
  2⤵
  PID:4292
- C:\Windows\System\xXfoaKe.exe
  C:\Windows\System\xXfoaKe.exe
  2⤵
  PID:4384
- C:\Windows\System\NpvXrlC.exe
  C:\Windows\System\NpvXrlC.exe
  2⤵
  PID:1000
- C:\Windows\System\GtmAMai.exe
  C:\Windows\System\GtmAMai.exe
  2⤵
  PID:4444
- C:\Windows\System\yNmDboB.exe
  C:\Windows\System\yNmDboB.exe
  2⤵
  PID:4780
- C:\Windows\System\EHmmrfv.exe
  C:\Windows\System\EHmmrfv.exe
  2⤵
  PID:4728
- C:\Windows\System\vkDQoLj.exe
  C:\Windows\System\vkDQoLj.exe
  2⤵
  PID:4892
- C:\Windows\System\ktlOnZg.exe
  C:\Windows\System\ktlOnZg.exe
  2⤵
  PID:4972
- C:\Windows\System\CWQlDhF.exe
  C:\Windows\System\CWQlDhF.exe
  2⤵
  PID:5052
- C:\Windows\System\WFjqxkZ.exe
  C:\Windows\System\WFjqxkZ.exe
  2⤵
  PID:5096
- C:\Windows\System\TcJMsBw.exe
  C:\Windows\System\TcJMsBw.exe
  2⤵
  PID:3712
- C:\Windows\System\lcZjOrc.exe
  C:\Windows\System\lcZjOrc.exe
  2⤵
  PID:4192
- C:\Windows\System\lgfThnF.exe
  C:\Windows\System\lgfThnF.exe
  2⤵
  PID:5132
- C:\Windows\System\YfKZALc.exe
  C:\Windows\System\YfKZALc.exe
  2⤵
  PID:5152
- C:\Windows\System\jIwAugh.exe
  C:\Windows\System\jIwAugh.exe
  2⤵
  PID:5172
- C:\Windows\System\TluTJhP.exe
  C:\Windows\System\TluTJhP.exe
  2⤵
  PID:5192
- C:\Windows\System\bFDgSwh.exe
  C:\Windows\System\bFDgSwh.exe
  2⤵
  PID:5212
- C:\Windows\System\kzLwiHl.exe
  C:\Windows\System\kzLwiHl.exe
  2⤵
  PID:5232
- C:\Windows\System\txmWXgh.exe
  C:\Windows\System\txmWXgh.exe
  2⤵
  PID:5252
- C:\Windows\System\ihOGXVM.exe
  C:\Windows\System\ihOGXVM.exe
  2⤵
  PID:5272
- C:\Windows\System\gymQLht.exe
  C:\Windows\System\gymQLht.exe
  2⤵
  PID:5292
- C:\Windows\System\brkMyZV.exe
  C:\Windows\System\brkMyZV.exe
  2⤵
  PID:5312
- C:\Windows\System\HHCDorB.exe
  C:\Windows\System\HHCDorB.exe
  2⤵
  PID:5332
- C:\Windows\System\wNvbyFC.exe
  C:\Windows\System\wNvbyFC.exe
  2⤵
  PID:5352
- C:\Windows\System\ncXtuZP.exe
  C:\Windows\System\ncXtuZP.exe
  2⤵
  PID:5376
- C:\Windows\System\TPKANMP.exe
  C:\Windows\System\TPKANMP.exe
  2⤵
  PID:5396
- C:\Windows\System\YLdIqaY.exe
  C:\Windows\System\YLdIqaY.exe
  2⤵
  PID:5416
- C:\Windows\System\AjeiddU.exe
  C:\Windows\System\AjeiddU.exe
  2⤵
  PID:5436
- C:\Windows\System\AcdMCbM.exe
  C:\Windows\System\AcdMCbM.exe
  2⤵
  PID:5456
- C:\Windows\System\CxnoMsD.exe
  C:\Windows\System\CxnoMsD.exe
  2⤵
  PID:5476
- C:\Windows\System\ZJhpdJs.exe
  C:\Windows\System\ZJhpdJs.exe
  2⤵
  PID:5500
- C:\Windows\System\DCXNdtb.exe
  C:\Windows\System\DCXNdtb.exe
  2⤵
  PID:5520
- C:\Windows\System\DNPmZzM.exe
  C:\Windows\System\DNPmZzM.exe
  2⤵
  PID:5540
- C:\Windows\System\bIAVnOk.exe
  C:\Windows\System\bIAVnOk.exe
  2⤵
  PID:5560
- C:\Windows\System\irRYVil.exe
  C:\Windows\System\irRYVil.exe
  2⤵
  PID:5580
- C:\Windows\System\lkzRfuv.exe
  C:\Windows\System\lkzRfuv.exe
  2⤵
  PID:5600
- C:\Windows\System\WwbyiPz.exe
  C:\Windows\System\WwbyiPz.exe
  2⤵
  PID:5620
- C:\Windows\System\neXfBQC.exe
  C:\Windows\System\neXfBQC.exe
  2⤵
  PID:5640
- C:\Windows\System\XoHhMlg.exe
  C:\Windows\System\XoHhMlg.exe
  2⤵
  PID:5660
- C:\Windows\System\IFoZqSX.exe
  C:\Windows\System\IFoZqSX.exe
  2⤵
  PID:5680
- C:\Windows\System\KRdXBjZ.exe
  C:\Windows\System\KRdXBjZ.exe
  2⤵
  PID:5700
- C:\Windows\System\AmAfHNk.exe
  C:\Windows\System\AmAfHNk.exe
  2⤵
  PID:5720
- C:\Windows\System\vjgVeKA.exe
  C:\Windows\System\vjgVeKA.exe
  2⤵
  PID:5740
- C:\Windows\System\ZkDkWGF.exe
  C:\Windows\System\ZkDkWGF.exe
  2⤵
  PID:5760
- C:\Windows\System\NYZoURq.exe
  C:\Windows\System\NYZoURq.exe
  2⤵
  PID:5780
- C:\Windows\System\dDNvqdt.exe
  C:\Windows\System\dDNvqdt.exe
  2⤵
  PID:5800
- C:\Windows\System\KCwktlR.exe
  C:\Windows\System\KCwktlR.exe
  2⤵
  PID:5824
- C:\Windows\System\GvWvxYG.exe
  C:\Windows\System\GvWvxYG.exe
  2⤵
  PID:5844
- C:\Windows\System\HTvAiZM.exe
  C:\Windows\System\HTvAiZM.exe
  2⤵
  PID:5864
- C:\Windows\System\XiLtpZQ.exe
  C:\Windows\System\XiLtpZQ.exe
  2⤵
  PID:5884
- C:\Windows\System\xbDTBcO.exe
  C:\Windows\System\xbDTBcO.exe
  2⤵
  PID:5904
- C:\Windows\System\mXJrQEA.exe
  C:\Windows\System\mXJrQEA.exe
  2⤵
  PID:5924
- C:\Windows\System\xabFAwB.exe
  C:\Windows\System\xabFAwB.exe
  2⤵
  PID:5944
- C:\Windows\System\HaJRdbn.exe
  C:\Windows\System\HaJRdbn.exe
  2⤵
  PID:5964
- C:\Windows\System\bgAWdSw.exe
  C:\Windows\System\bgAWdSw.exe
  2⤵
  PID:5984
- C:\Windows\System\rwJImCi.exe
  C:\Windows\System\rwJImCi.exe
  2⤵
  PID:6004
- C:\Windows\System\qofIRdF.exe
  C:\Windows\System\qofIRdF.exe
  2⤵
  PID:6024
- C:\Windows\System\dHNqUFg.exe
  C:\Windows\System\dHNqUFg.exe
  2⤵
  PID:6044
- C:\Windows\System\gZClTHR.exe
  C:\Windows\System\gZClTHR.exe
  2⤵
  PID:6064
- C:\Windows\System\zaZcSEF.exe
  C:\Windows\System\zaZcSEF.exe
  2⤵
  PID:6084
- C:\Windows\System\vEQDRIG.exe
  C:\Windows\System\vEQDRIG.exe
  2⤵
  PID:6104
- C:\Windows\System\spUGByx.exe
  C:\Windows\System\spUGByx.exe
  2⤵
  PID:6124
- C:\Windows\System\EaLFZCh.exe
  C:\Windows\System\EaLFZCh.exe
  2⤵
  PID:2808
- C:\Windows\System\NeWaTLU.exe
  C:\Windows\System\NeWaTLU.exe
  2⤵
  PID:4420
- C:\Windows\System\eiXYyLp.exe
  C:\Windows\System\eiXYyLp.exe
  2⤵
  PID:4624
- C:\Windows\System\ZQyloMA.exe
  C:\Windows\System\ZQyloMA.exe
  2⤵
  PID:4664
- C:\Windows\System\SEigIKt.exe
  C:\Windows\System\SEigIKt.exe
  2⤵
  PID:4724
- C:\Windows\System\miCASCW.exe
  C:\Windows\System\miCASCW.exe
  2⤵
  PID:4820
- C:\Windows\System\cPpoBhC.exe
  C:\Windows\System\cPpoBhC.exe
  2⤵
  PID:2864
- C:\Windows\System\WFsfspT.exe
  C:\Windows\System\WFsfspT.exe
  2⤵
  PID:4136
- C:\Windows\System\UrTbuyh.exe
  C:\Windows\System\UrTbuyh.exe
  2⤵
  PID:5140
- C:\Windows\System\jzCZsPT.exe
  C:\Windows\System\jzCZsPT.exe
  2⤵
  PID:5168
- C:\Windows\System\QGwTbzZ.exe
  C:\Windows\System\QGwTbzZ.exe
  2⤵
  PID:5208
- C:\Windows\System\FAxVzRx.exe
  C:\Windows\System\FAxVzRx.exe
  2⤵
  PID:5240
- C:\Windows\System\KqoWEgb.exe
  C:\Windows\System\KqoWEgb.exe
  2⤵
  PID:5280
- C:\Windows\System\YYUtkaj.exe
  C:\Windows\System\YYUtkaj.exe
  2⤵
  PID:5320
- C:\Windows\System\tKdciZj.exe
  C:\Windows\System\tKdciZj.exe
  2⤵
  PID:5340
- C:\Windows\System\fmfnIOL.exe
  C:\Windows\System\fmfnIOL.exe
  2⤵
  PID:5364
- C:\Windows\System\OetiLfp.exe
  C:\Windows\System\OetiLfp.exe
  2⤵
  PID:5412
- C:\Windows\System\EhCuwVM.exe
  C:\Windows\System\EhCuwVM.exe
  2⤵
  PID:5444
- C:\Windows\System\lONkGgi.exe
  C:\Windows\System\lONkGgi.exe
  2⤵
  PID:5468
- C:\Windows\System\ENSZBjh.exe
  C:\Windows\System\ENSZBjh.exe
  2⤵
  PID:5516
- C:\Windows\System\OstfKVX.exe
  C:\Windows\System\OstfKVX.exe
  2⤵
  PID:5548
- C:\Windows\System\xzwVWtC.exe
  C:\Windows\System\xzwVWtC.exe
  2⤵
  PID:5572
- C:\Windows\System\yyiPbhA.exe
  C:\Windows\System\yyiPbhA.exe
  2⤵
  PID:5616
- C:\Windows\System\YzLqvet.exe
  C:\Windows\System\YzLqvet.exe
  2⤵
  PID:5656
- C:\Windows\System\ZBshrGY.exe
  C:\Windows\System\ZBshrGY.exe
  2⤵
  PID:5672
- C:\Windows\System\ATIhiLG.exe
  C:\Windows\System\ATIhiLG.exe
  2⤵
  PID:5716
- C:\Windows\System\KhoPKRX.exe
  C:\Windows\System\KhoPKRX.exe
  2⤵
  PID:5748
- C:\Windows\System\dKrjEuR.exe
  C:\Windows\System\dKrjEuR.exe
  2⤵
  PID:5788
- C:\Windows\System\bWaOVPm.exe
  C:\Windows\System\bWaOVPm.exe
  2⤵
  PID:5812
- C:\Windows\System\qctkFuN.exe
  C:\Windows\System\qctkFuN.exe
  2⤵
  PID:5836
- C:\Windows\System\EMCZiTV.exe
  C:\Windows\System\EMCZiTV.exe
  2⤵
  PID:5876
- C:\Windows\System\eAVnfdp.exe
  C:\Windows\System\eAVnfdp.exe
  2⤵
  PID:5932
- C:\Windows\System\TcJvrNR.exe
  C:\Windows\System\TcJvrNR.exe
  2⤵
  PID:5960
- C:\Windows\System\FjDQYCL.exe
  C:\Windows\System\FjDQYCL.exe
  2⤵
  PID:6000
- C:\Windows\System\JaeZtzo.exe
  C:\Windows\System\JaeZtzo.exe
  2⤵
  PID:6032
- C:\Windows\System\UpISDFI.exe
  C:\Windows\System\UpISDFI.exe
  2⤵
  PID:6036
- C:\Windows\System\RsSWgdT.exe
  C:\Windows\System\RsSWgdT.exe
  2⤵
  PID:6100
- C:\Windows\System\ckyVBxI.exe
  C:\Windows\System\ckyVBxI.exe
  2⤵
  PID:6116
- C:\Windows\System\fBOQbIY.exe
  C:\Windows\System\fBOQbIY.exe
  2⤵
  PID:4332
- C:\Windows\System\sabVJih.exe
  C:\Windows\System\sabVJih.exe
  2⤵
  PID:4648
- C:\Windows\System\BsUAEat.exe
  C:\Windows\System\BsUAEat.exe
  2⤵
  PID:4764
- C:\Windows\System\qhnwfzQ.exe
  C:\Windows\System\qhnwfzQ.exe
  2⤵
  PID:5024
- C:\Windows\System\dtmDCqT.exe
  C:\Windows\System\dtmDCqT.exe
  2⤵
  PID:3948
- C:\Windows\System\KQdkZSB.exe
  C:\Windows\System\KQdkZSB.exe
  2⤵
  PID:5200
- C:\Windows\System\hMYFneQ.exe
  C:\Windows\System\hMYFneQ.exe
  2⤵
  PID:5244
- C:\Windows\System\RNPdvCm.exe
  C:\Windows\System\RNPdvCm.exe
  2⤵
  PID:5288
- C:\Windows\System\yvNBbBj.exe
  C:\Windows\System\yvNBbBj.exe
  2⤵
  PID:5304
- C:\Windows\System\MVTgCJp.exe
  C:\Windows\System\MVTgCJp.exe
  2⤵
  PID:5388
- C:\Windows\System\ovwEuol.exe
  C:\Windows\System\ovwEuol.exe
  2⤵
  PID:5432
- C:\Windows\System\SfOEVlQ.exe
  C:\Windows\System\SfOEVlQ.exe
  2⤵
  PID:5508
- C:\Windows\System\jWYUOYh.exe
  C:\Windows\System\jWYUOYh.exe
  2⤵
  PID:5596
- C:\Windows\System\wcjhWOH.exe
  C:\Windows\System\wcjhWOH.exe
  2⤵
  PID:5628
- C:\Windows\System\ATBXnsk.exe
  C:\Windows\System\ATBXnsk.exe
  2⤵
  PID:5668
- C:\Windows\System\bIfnbpe.exe
  C:\Windows\System\bIfnbpe.exe
  2⤵
  PID:5692
- C:\Windows\System\uFOJRAt.exe
  C:\Windows\System\uFOJRAt.exe
  2⤵
  PID:5776
- C:\Windows\System\SoDTRXX.exe
  C:\Windows\System\SoDTRXX.exe
  2⤵
  PID:5880
- C:\Windows\System\yrLIpzZ.exe
  C:\Windows\System\yrLIpzZ.exe
  2⤵
  PID:1884
- C:\Windows\System\BohXtnT.exe
  C:\Windows\System\BohXtnT.exe
  2⤵
  PID:5972
- C:\Windows\System\KBRkRCP.exe
  C:\Windows\System\KBRkRCP.exe
  2⤵
  PID:5992
- C:\Windows\System\uZOfLmH.exe
  C:\Windows\System\uZOfLmH.exe
  2⤵
  PID:6056
- C:\Windows\System\gkzRHFY.exe
  C:\Windows\System\gkzRHFY.exe
  2⤵
  PID:6120
- C:\Windows\System\ydhmEyF.exe
  C:\Windows\System\ydhmEyF.exe
  2⤵
  PID:4620
- C:\Windows\System\nsvAreN.exe
  C:\Windows\System\nsvAreN.exe
  2⤵
  PID:4640
- C:\Windows\System\lnPrBks.exe
  C:\Windows\System\lnPrBks.exe
  2⤵
  PID:5128
- C:\Windows\System\ADXFDiv.exe
  C:\Windows\System\ADXFDiv.exe
  2⤵
  PID:916
- C:\Windows\System\DGTbaxe.exe
  C:\Windows\System\DGTbaxe.exe
  2⤵
  PID:5260
- C:\Windows\System\OVIAtOp.exe
  C:\Windows\System\OVIAtOp.exe
  2⤵
  PID:5428
- C:\Windows\System\UFUkVdU.exe
  C:\Windows\System\UFUkVdU.exe
  2⤵
  PID:5464
- C:\Windows\System\vWaCCww.exe
  C:\Windows\System\vWaCCww.exe
  2⤵
  PID:5536
- C:\Windows\System\ExclkBD.exe
  C:\Windows\System\ExclkBD.exe
  2⤵
  PID:5648
- C:\Windows\System\nuQDSWT.exe
  C:\Windows\System\nuQDSWT.exe
  2⤵
  PID:5708
- C:\Windows\System\VaucvGB.exe
  C:\Windows\System\VaucvGB.exe
  2⤵
  PID:5852
- C:\Windows\System\PLitRxF.exe
  C:\Windows\System\PLitRxF.exe
  2⤵
  PID:5980
- C:\Windows\System\ntPCfHQ.exe
  C:\Windows\System\ntPCfHQ.exe
  2⤵
  PID:6020
- C:\Windows\System\ruhtpQh.exe
  C:\Windows\System\ruhtpQh.exe
  2⤵
  PID:6076
- C:\Windows\System\TVyLEVb.exe
  C:\Windows\System\TVyLEVb.exe
  2⤵
  PID:4748
- C:\Windows\System\JXAUZtw.exe
  C:\Windows\System\JXAUZtw.exe
  2⤵
  PID:5144
- C:\Windows\System\BuyxGoi.exe
  C:\Windows\System\BuyxGoi.exe
  2⤵
  PID:5284
- C:\Windows\System\nGGPYHy.exe
  C:\Windows\System\nGGPYHy.exe
  2⤵
  PID:5372
- C:\Windows\System\bXtHFuw.exe
  C:\Windows\System\bXtHFuw.exe
  2⤵
  PID:5592
- C:\Windows\System\fyWLVuB.exe
  C:\Windows\System\fyWLVuB.exe
  2⤵
  PID:6168
- C:\Windows\System\ABCtZyr.exe
  C:\Windows\System\ABCtZyr.exe
  2⤵
  PID:6188
- C:\Windows\System\PWQUtNL.exe
  C:\Windows\System\PWQUtNL.exe
  2⤵
  PID:6208
- C:\Windows\System\GcYRciT.exe
  C:\Windows\System\GcYRciT.exe
  2⤵
  PID:6228
- C:\Windows\System\jPGkjDA.exe
  C:\Windows\System\jPGkjDA.exe
  2⤵
  PID:6248
- C:\Windows\System\RuWelGk.exe
  C:\Windows\System\RuWelGk.exe
  2⤵
  PID:6268
- C:\Windows\System\yYmcwZp.exe
  C:\Windows\System\yYmcwZp.exe
  2⤵
  PID:6288
- C:\Windows\System\BCgxbNw.exe
  C:\Windows\System\BCgxbNw.exe
  2⤵
  PID:6308
- C:\Windows\System\yBYqJRj.exe
  C:\Windows\System\yBYqJRj.exe
  2⤵
  PID:6328
- C:\Windows\System\XdiVUHO.exe
  C:\Windows\System\XdiVUHO.exe
  2⤵
  PID:6348
- C:\Windows\System\RdPRPbq.exe
  C:\Windows\System\RdPRPbq.exe
  2⤵
  PID:6368
- C:\Windows\System\xbDZGfk.exe
  C:\Windows\System\xbDZGfk.exe
  2⤵
  PID:6388
- C:\Windows\System\TEzpmZf.exe
  C:\Windows\System\TEzpmZf.exe
  2⤵
  PID:6408
- C:\Windows\System\bcipOeD.exe
  C:\Windows\System\bcipOeD.exe
  2⤵
  PID:6428
- C:\Windows\System\pNDJdKm.exe
  C:\Windows\System\pNDJdKm.exe
  2⤵
  PID:6448
- C:\Windows\System\TvtScbi.exe
  C:\Windows\System\TvtScbi.exe
  2⤵
  PID:6468
- C:\Windows\System\CQQYJYL.exe
  C:\Windows\System\CQQYJYL.exe
  2⤵
  PID:6488
- C:\Windows\System\CjRDFJe.exe
  C:\Windows\System\CjRDFJe.exe
  2⤵
  PID:6508
- C:\Windows\System\vShxWpY.exe
  C:\Windows\System\vShxWpY.exe
  2⤵
  PID:6528
- C:\Windows\System\wEEYCUy.exe
  C:\Windows\System\wEEYCUy.exe
  2⤵
  PID:6548
- C:\Windows\System\hUdYyWx.exe
  C:\Windows\System\hUdYyWx.exe
  2⤵
  PID:6568
- C:\Windows\System\xusgPVy.exe
  C:\Windows\System\xusgPVy.exe
  2⤵
  PID:6588
- C:\Windows\System\NnzNlBi.exe
  C:\Windows\System\NnzNlBi.exe
  2⤵
  PID:6608
- C:\Windows\System\xNxGfpX.exe
  C:\Windows\System\xNxGfpX.exe
  2⤵
  PID:6628
- C:\Windows\System\iFxpdrv.exe
  C:\Windows\System\iFxpdrv.exe
  2⤵
  PID:6648
- C:\Windows\System\MQPpRBh.exe
  C:\Windows\System\MQPpRBh.exe
  2⤵
  PID:6668
- C:\Windows\System\PcwUFYD.exe
  C:\Windows\System\PcwUFYD.exe
  2⤵
  PID:6688
- C:\Windows\System\LoiXeLH.exe
  C:\Windows\System\LoiXeLH.exe
  2⤵
  PID:6708
- C:\Windows\System\ROQeqwn.exe
  C:\Windows\System\ROQeqwn.exe
  2⤵
  PID:6728
- C:\Windows\System\QQPtTTA.exe
  C:\Windows\System\QQPtTTA.exe
  2⤵
  PID:6748
- C:\Windows\System\tTPsPkx.exe
  C:\Windows\System\tTPsPkx.exe
  2⤵
  PID:6768
- C:\Windows\System\gzuuFGb.exe
  C:\Windows\System\gzuuFGb.exe
  2⤵
  PID:6788
- C:\Windows\System\ceFOvHi.exe
  C:\Windows\System\ceFOvHi.exe
  2⤵
  PID:6808
- C:\Windows\System\jXjWcfx.exe
  C:\Windows\System\jXjWcfx.exe
  2⤵
  PID:6828
- C:\Windows\System\fMCVogp.exe
  C:\Windows\System\fMCVogp.exe
  2⤵
  PID:6848
- C:\Windows\System\rcHlgvo.exe
  C:\Windows\System\rcHlgvo.exe
  2⤵
  PID:6872
- C:\Windows\System\sYUhHRU.exe
  C:\Windows\System\sYUhHRU.exe
  2⤵
  PID:6892
- C:\Windows\System\vqgeOph.exe
  C:\Windows\System\vqgeOph.exe
  2⤵
  PID:6912
- C:\Windows\System\dFVgWwr.exe
  C:\Windows\System\dFVgWwr.exe
  2⤵
  PID:6932
- C:\Windows\System\UxbigwG.exe
  C:\Windows\System\UxbigwG.exe
  2⤵
  PID:6952
- C:\Windows\System\EwJvKUT.exe
  C:\Windows\System\EwJvKUT.exe
  2⤵
  PID:6972
- C:\Windows\System\rvByixq.exe
  C:\Windows\System\rvByixq.exe
  2⤵
  PID:6992
- C:\Windows\System\BSZBkJP.exe
  C:\Windows\System\BSZBkJP.exe
  2⤵
  PID:7012
- C:\Windows\System\tBJqGsy.exe
  C:\Windows\System\tBJqGsy.exe
  2⤵
  PID:7032
- C:\Windows\System\puthCEz.exe
  C:\Windows\System\puthCEz.exe
  2⤵
  PID:7052
- C:\Windows\System\IVkWOhN.exe
  C:\Windows\System\IVkWOhN.exe
  2⤵
  PID:7072
- C:\Windows\System\uiKrJHx.exe
  C:\Windows\System\uiKrJHx.exe
  2⤵
  PID:7092
- C:\Windows\System\aajYXvf.exe
  C:\Windows\System\aajYXvf.exe
  2⤵
  PID:7112
- C:\Windows\System\XXBPthJ.exe
  C:\Windows\System\XXBPthJ.exe
  2⤵
  PID:7132
- C:\Windows\System\MfaxkMT.exe
  C:\Windows\System\MfaxkMT.exe
  2⤵
  PID:7152
- C:\Windows\System\yLuoNro.exe
  C:\Windows\System\yLuoNro.exe
  2⤵
  PID:5636
- C:\Windows\System\JZlKiig.exe
  C:\Windows\System\JZlKiig.exe
  2⤵
  PID:5892
- C:\Windows\System\VRPUXDZ.exe
  C:\Windows\System\VRPUXDZ.exe
  2⤵
  PID:6092
- C:\Windows\System\kyeaSsW.exe
  C:\Windows\System\kyeaSsW.exe
  2⤵
  PID:2664
- C:\Windows\System\pndiQjG.exe
  C:\Windows\System\pndiQjG.exe
  2⤵
  PID:5148
- C:\Windows\System\wTCeAsP.exe
  C:\Windows\System\wTCeAsP.exe
  2⤵
  PID:5384
- C:\Windows\System\FqQiIUZ.exe
  C:\Windows\System\FqQiIUZ.exe
  2⤵
  PID:5552
- C:\Windows\System\rXmuxQQ.exe
  C:\Windows\System\rXmuxQQ.exe
  2⤵
  PID:6180
- C:\Windows\System\RVkQyOn.exe
  C:\Windows\System\RVkQyOn.exe
  2⤵
  PID:6224
- C:\Windows\System\CfioOyS.exe
  C:\Windows\System\CfioOyS.exe
  2⤵
  PID:6264
- C:\Windows\System\UsJPdUd.exe
  C:\Windows\System\UsJPdUd.exe
  2⤵
  PID:6320
- C:\Windows\System\pymAduz.exe
  C:\Windows\System\pymAduz.exe
  2⤵
  PID:2516
- C:\Windows\System\sPGGppn.exe
  C:\Windows\System\sPGGppn.exe
  2⤵
  PID:6384
- C:\Windows\System\bdUHJlc.exe
  C:\Windows\System\bdUHJlc.exe
  2⤵
  PID:6416
- C:\Windows\System\CgpvmoH.exe
  C:\Windows\System\CgpvmoH.exe
  2⤵
  PID:6444
- C:\Windows\System\lkwthtp.exe
  C:\Windows\System\lkwthtp.exe
  2⤵
  PID:6464
- C:\Windows\System\dTpRXoC.exe
  C:\Windows\System\dTpRXoC.exe
  2⤵
  PID:6496
- C:\Windows\System\KJwUUFO.exe
  C:\Windows\System\KJwUUFO.exe
  2⤵
  PID:6520
- C:\Windows\System\lpjGLUk.exe
  C:\Windows\System\lpjGLUk.exe
  2⤵
  PID:6564
- C:\Windows\System\IfOGNak.exe
  C:\Windows\System\IfOGNak.exe
  2⤵
  PID:6604
- C:\Windows\System\AcMsNYj.exe
  C:\Windows\System\AcMsNYj.exe
  2⤵
  PID:6616
- C:\Windows\System\lBDUMtH.exe
  C:\Windows\System\lBDUMtH.exe
  2⤵
  PID:6620
- C:\Windows\System\prQVojI.exe
  C:\Windows\System\prQVojI.exe
  2⤵
  PID:6684
- C:\Windows\System\LKdoklS.exe
  C:\Windows\System\LKdoklS.exe
  2⤵
  PID:6716
- C:\Windows\System\NmfATTo.exe
  C:\Windows\System\NmfATTo.exe
  2⤵
  PID:6720
- C:\Windows\System\LeidpYo.exe
  C:\Windows\System\LeidpYo.exe
  2⤵
  PID:6740
- C:\Windows\System\keNwutw.exe
  C:\Windows\System\keNwutw.exe
  2⤵
  PID:6804
- C:\Windows\System\WVThyKr.exe
  C:\Windows\System\WVThyKr.exe
  2⤵
  PID:6816
- C:\Windows\System\lsPERlF.exe
  C:\Windows\System\lsPERlF.exe
  2⤵
  PID:6820
- C:\Windows\System\wdteQbG.exe
  C:\Windows\System\wdteQbG.exe
  2⤵
  PID:6868
- C:\Windows\System\fGyHYch.exe
  C:\Windows\System\fGyHYch.exe
  2⤵
  PID:6900
- C:\Windows\System\YsRIMmk.exe
  C:\Windows\System\YsRIMmk.exe
  2⤵
  PID:6904
- C:\Windows\System\luylmQS.exe
  C:\Windows\System\luylmQS.exe
  2⤵
  PID:6968
- C:\Windows\System\qEzyubB.exe
  C:\Windows\System\qEzyubB.exe
  2⤵
  PID:6980
- C:\Windows\System\YAxPKUi.exe
  C:\Windows\System\YAxPKUi.exe
  2⤵
  PID:1472
- C:\Windows\System\gtxSlTp.exe
  C:\Windows\System\gtxSlTp.exe
  2⤵
  PID:7024
- C:\Windows\System\uLklTBW.exe
  C:\Windows\System\uLklTBW.exe
  2⤵
  PID:7064
- C:\Windows\System\yILFbeo.exe
  C:\Windows\System\yILFbeo.exe
  2⤵
  PID:7108
- C:\Windows\System\wgUthzT.exe
  C:\Windows\System\wgUthzT.exe
  2⤵
  PID:1436
- C:\Windows\System\OExeuVJ.exe
  C:\Windows\System\OExeuVJ.exe
  2⤵
  PID:5896
- C:\Windows\System\VXnxuyj.exe
  C:\Windows\System\VXnxuyj.exe
  2⤵
  PID:5116
- C:\Windows\System\hhiJQHn.exe
  C:\Windows\System\hhiJQHn.exe
  2⤵
  PID:6012
- C:\Windows\System\MzmzTYt.exe
  C:\Windows\System\MzmzTYt.exe
  2⤵
  PID:5180
- C:\Windows\System\AYZrPbw.exe
  C:\Windows\System\AYZrPbw.exe
  2⤵
  PID:1772
- C:\Windows\System\jONFnsg.exe
  C:\Windows\System\jONFnsg.exe
  2⤵
  PID:6176
- C:\Windows\System\UwFAmiN.exe
  C:\Windows\System\UwFAmiN.exe
  2⤵
  PID:6244
- C:\Windows\System\iegPVdo.exe
  C:\Windows\System\iegPVdo.exe
  2⤵
  PID:2564
- C:\Windows\System\IKCEUHR.exe
  C:\Windows\System\IKCEUHR.exe
  2⤵
  PID:2240
- C:\Windows\System\zepuJqc.exe
  C:\Windows\System\zepuJqc.exe
  2⤵
  PID:2860
- C:\Windows\System\EOBTVkB.exe
  C:\Windows\System\EOBTVkB.exe
  2⤵
  PID:4936
- C:\Windows\System\vwcPuok.exe
  C:\Windows\System\vwcPuok.exe
  2⤵
  PID:1568
- C:\Windows\System\ZCobloN.exe
  C:\Windows\System\ZCobloN.exe
  2⤵
  PID:6344
- C:\Windows\System\rPDFLPl.exe
  C:\Windows\System\rPDFLPl.exe
  2⤵
  PID:6396
- C:\Windows\System\zSzOEnM.exe
  C:\Windows\System\zSzOEnM.exe
  2⤵
  PID:6484
- C:\Windows\System\oeiOXAb.exe
  C:\Windows\System\oeiOXAb.exe
  2⤵
  PID:6580
- C:\Windows\System\pfTPFmx.exe
  C:\Windows\System\pfTPFmx.exe
  2⤵
  PID:6704
- C:\Windows\System\xKdyZxz.exe
  C:\Windows\System\xKdyZxz.exe
  2⤵
  PID:6404
- C:\Windows\System\XfwTRVn.exe
  C:\Windows\System\XfwTRVn.exe
  2⤵
  PID:6456
- C:\Windows\System\xgIXmhR.exe
  C:\Windows\System\xgIXmhR.exe
  2⤵
  PID:6940
- C:\Windows\System\MfqBJzb.exe
  C:\Windows\System\MfqBJzb.exe
  2⤵
  PID:7008
- C:\Windows\System\vCXJaYL.exe
  C:\Windows\System\vCXJaYL.exe
  2⤵
  PID:7068
- C:\Windows\System\fwEPHrZ.exe
  C:\Windows\System\fwEPHrZ.exe
  2⤵
  PID:7128
- C:\Windows\System\rYTQMIY.exe
  C:\Windows\System\rYTQMIY.exe
  2⤵
  PID:6988
- C:\Windows\System\uyWjAti.exe
  C:\Windows\System\uyWjAti.exe
  2⤵
  PID:6596
- C:\Windows\System\uROokBe.exe
  C:\Windows\System\uROokBe.exe
  2⤵
  PID:6660
- C:\Windows\System\raBnYfq.exe
  C:\Windows\System\raBnYfq.exe
  2⤵
  PID:2424
- C:\Windows\System\KDScaxa.exe
  C:\Windows\System\KDScaxa.exe
  2⤵
  PID:7100
- C:\Windows\System\ecXpNrF.exe
  C:\Windows\System\ecXpNrF.exe
  2⤵
  PID:7160
- C:\Windows\System\xqqKyzu.exe
  C:\Windows\System\xqqKyzu.exe
  2⤵
  PID:7148
- C:\Windows\System\SwHBETk.exe
  C:\Windows\System\SwHBETk.exe
  2⤵
  PID:5228
- C:\Windows\System\wxZlOqT.exe
  C:\Windows\System\wxZlOqT.exe
  2⤵
  PID:2536
- C:\Windows\System\LQakcak.exe
  C:\Windows\System\LQakcak.exe
  2⤵
  PID:5300
- C:\Windows\System\sIUbsVF.exe
  C:\Windows\System\sIUbsVF.exe
  2⤵
  PID:1944
- C:\Windows\System\sTujkGq.exe
  C:\Windows\System\sTujkGq.exe
  2⤵
  PID:5912
- C:\Windows\System\jZnSbQU.exe
  C:\Windows\System\jZnSbQU.exe
  2⤵
  PID:2524
- C:\Windows\System\WvqOfAR.exe
  C:\Windows\System\WvqOfAR.exe
  2⤵
  PID:6304
- C:\Windows\System\uHpOvNB.exe
  C:\Windows\System\uHpOvNB.exe
  2⤵
  PID:6544
- C:\Windows\System\AKtznBv.exe
  C:\Windows\System\AKtznBv.exe
  2⤵
  PID:6420
- C:\Windows\System\jPcJjCF.exe
  C:\Windows\System\jPcJjCF.exe
  2⤵
  PID:6924
- C:\Windows\System\qbXiTWD.exe
  C:\Windows\System\qbXiTWD.exe
  2⤵
  PID:6656
- C:\Windows\System\biyvqxl.exe
  C:\Windows\System\biyvqxl.exe
  2⤵
  PID:2668
- C:\Windows\System\VvpRccR.exe
  C:\Windows\System\VvpRccR.exe
  2⤵
  PID:7120
- C:\Windows\System\yPWMAZw.exe
  C:\Windows\System\yPWMAZw.exe
  2⤵
  PID:6964
- C:\Windows\System\temBUBd.exe
  C:\Windows\System\temBUBd.exe
  2⤵
  PID:6624
- C:\Windows\System\NBJqibW.exe
  C:\Windows\System\NBJqibW.exe
  2⤵
  PID:6500
- C:\Windows\System\mIyEsTk.exe
  C:\Windows\System\mIyEsTk.exe
  2⤵
  PID:1788
- C:\Windows\System\WObLbtz.exe
  C:\Windows\System\WObLbtz.exe
  2⤵
  PID:308
- C:\Windows\System\QcSlGwg.exe
  C:\Windows\System\QcSlGwg.exe
  2⤵
  PID:6200
- C:\Windows\System\MlontkZ.exe
  C:\Windows\System\MlontkZ.exe
  2⤵
  PID:5220
- C:\Windows\System\wPsYgpB.exe
  C:\Windows\System\wPsYgpB.exe
  2⤵
  PID:1308
- C:\Windows\System\kstzzXr.exe
  C:\Windows\System\kstzzXr.exe
  2⤵
  PID:6340
- C:\Windows\System\PHmnfuP.exe
  C:\Windows\System\PHmnfuP.exe
  2⤵
  PID:5712
- C:\Windows\System\jZyipwJ.exe
  C:\Windows\System\jZyipwJ.exe
  2⤵
  PID:6560
- C:\Windows\System\uffDlUS.exe
  C:\Windows\System\uffDlUS.exe
  2⤵
  PID:5568
- C:\Windows\System\XekpiuB.exe
  C:\Windows\System\XekpiuB.exe
  2⤵
  PID:6744
- C:\Windows\System\WLdwlAZ.exe
  C:\Windows\System\WLdwlAZ.exe
  2⤵
  PID:6204
- C:\Windows\System\HCYiIhj.exe
  C:\Windows\System\HCYiIhj.exe
  2⤵
  PID:5368
- C:\Windows\System\muJCliR.exe
  C:\Windows\System\muJCliR.exe
  2⤵
  PID:7088
- C:\Windows\System\cYaKksD.exe
  C:\Windows\System\cYaKksD.exe
  2⤵
  PID:6296
- C:\Windows\System\eKqqYSt.exe
  C:\Windows\System\eKqqYSt.exe
  2⤵
  PID:6700
- C:\Windows\System\xBZzqNy.exe
  C:\Windows\System\xBZzqNy.exe
  2⤵
  PID:6960
- C:\Windows\System\CjTwOUN.exe
  C:\Windows\System\CjTwOUN.exe
  2⤵
  PID:6184
- C:\Windows\System\lxfnKnT.exe
  C:\Windows\System\lxfnKnT.exe
  2⤵
  PID:6324
- C:\Windows\System\sjrzMDg.exe
  C:\Windows\System\sjrzMDg.exe
  2⤵
  PID:7124
- C:\Windows\System\wafSCvv.exe
  C:\Windows\System\wafSCvv.exe
  2⤵
  PID:7084
- C:\Windows\System\WwtxaWn.exe
  C:\Windows\System\WwtxaWn.exe
  2⤵
  PID:6824
- C:\Windows\System\nThJWxS.exe
  C:\Windows\System\nThJWxS.exe
  2⤵
  PID:6884
- C:\Windows\System\LOPUISA.exe
  C:\Windows\System\LOPUISA.exe
  2⤵
  PID:2608
- C:\Windows\System\CWyVXGc.exe
  C:\Windows\System\CWyVXGc.exe
  2⤵
  PID:2024
- C:\Windows\System\JVqvxra.exe
  C:\Windows\System\JVqvxra.exe
  2⤵
  PID:7184
- C:\Windows\System\GwGLqjH.exe
  C:\Windows\System\GwGLqjH.exe
  2⤵
  PID:7200
- C:\Windows\System\FoBHDkU.exe
  C:\Windows\System\FoBHDkU.exe
  2⤵
  PID:7216
- C:\Windows\System\YDtwzBi.exe
  C:\Windows\System\YDtwzBi.exe
  2⤵
  PID:7232
- C:\Windows\System\ERnPfIb.exe
  C:\Windows\System\ERnPfIb.exe
  2⤵
  PID:7248
- C:\Windows\System\fIlFnsD.exe
  C:\Windows\System\fIlFnsD.exe
  2⤵
  PID:7264
- C:\Windows\System\tjHjJMf.exe
  C:\Windows\System\tjHjJMf.exe
  2⤵
  PID:7284
- C:\Windows\System\qLnRMyZ.exe
  C:\Windows\System\qLnRMyZ.exe
  2⤵
  PID:7312
- C:\Windows\System\uzRGLkV.exe
  C:\Windows\System\uzRGLkV.exe
  2⤵
  PID:7328
- C:\Windows\System\jyTjcgQ.exe
  C:\Windows\System\jyTjcgQ.exe
  2⤵
  PID:7344
- C:\Windows\System\rBWbyjH.exe
  C:\Windows\System\rBWbyjH.exe
  2⤵
  PID:7360
- C:\Windows\System\oFvwgDi.exe
  C:\Windows\System\oFvwgDi.exe
  2⤵
  PID:7376
- C:\Windows\System\KuifENY.exe
  C:\Windows\System\KuifENY.exe
  2⤵
  PID:7392
- C:\Windows\System\NRAFlLK.exe
  C:\Windows\System\NRAFlLK.exe
  2⤵
  PID:7412
- C:\Windows\System\COjTIcy.exe
  C:\Windows\System\COjTIcy.exe
  2⤵
  PID:7428
- C:\Windows\System\mDkacFx.exe
  C:\Windows\System\mDkacFx.exe
  2⤵
  PID:7444
- C:\Windows\System\sSmGVFh.exe
  C:\Windows\System\sSmGVFh.exe
  2⤵
  PID:7512
- C:\Windows\System\CyIPyrF.exe
  C:\Windows\System\CyIPyrF.exe
  2⤵
  PID:7536
- C:\Windows\System\EGmnDkB.exe
  C:\Windows\System\EGmnDkB.exe
  2⤵
  PID:7552
- C:\Windows\System\TiSVxVH.exe
  C:\Windows\System\TiSVxVH.exe
  2⤵
  PID:7568
- C:\Windows\System\YtdWuXc.exe
  C:\Windows\System\YtdWuXc.exe
  2⤵
  PID:7592
- C:\Windows\System\YsZvQPx.exe
  C:\Windows\System\YsZvQPx.exe
  2⤵
  PID:7608
- C:\Windows\System\DovXLJe.exe
  C:\Windows\System\DovXLJe.exe
  2⤵
  PID:7624
- C:\Windows\System\rmxGBfj.exe
  C:\Windows\System\rmxGBfj.exe
  2⤵
  PID:7640
- C:\Windows\System\JxBhhgY.exe
  C:\Windows\System\JxBhhgY.exe
  2⤵
  PID:7660
- C:\Windows\System\yLxHJEu.exe
  C:\Windows\System\yLxHJEu.exe
  2⤵
  PID:7684
- C:\Windows\System\wMYpGfe.exe
  C:\Windows\System\wMYpGfe.exe
  2⤵
  PID:7704
- C:\Windows\System\maBXAPh.exe
  C:\Windows\System\maBXAPh.exe
  2⤵
  PID:7736
- C:\Windows\System\QpExuhv.exe
  C:\Windows\System\QpExuhv.exe
  2⤵
  PID:7752
- C:\Windows\System\jRnacKb.exe
  C:\Windows\System\jRnacKb.exe
  2⤵
  PID:7772
- C:\Windows\System\yOZqaCg.exe
  C:\Windows\System\yOZqaCg.exe
  2⤵
  PID:7788
- C:\Windows\System\PDnypaP.exe
  C:\Windows\System\PDnypaP.exe
  2⤵
  PID:7804
- C:\Windows\System\wvSkzDm.exe
  C:\Windows\System\wvSkzDm.exe
  2⤵
  PID:7824
- C:\Windows\System\WEeClnt.exe
  C:\Windows\System\WEeClnt.exe
  2⤵
  PID:7852
- C:\Windows\System\PRDnCsc.exe
  C:\Windows\System\PRDnCsc.exe
  2⤵
  PID:7868
- C:\Windows\System\GhRdvrn.exe
  C:\Windows\System\GhRdvrn.exe
  2⤵
  PID:7892
- C:\Windows\System\Zcolrei.exe
  C:\Windows\System\Zcolrei.exe
  2⤵
  PID:7908
- C:\Windows\System\YpWDUFK.exe
  C:\Windows\System\YpWDUFK.exe
  2⤵
  PID:7932
- C:\Windows\System\cmlejgj.exe
  C:\Windows\System\cmlejgj.exe
  2⤵
  PID:7956
- C:\Windows\System\zHaoEGm.exe
  C:\Windows\System\zHaoEGm.exe
  2⤵
  PID:7972
- C:\Windows\System\HvqMaDB.exe
  C:\Windows\System\HvqMaDB.exe
  2⤵
  PID:7988
- C:\Windows\System\RbZHCvG.exe
  C:\Windows\System\RbZHCvG.exe
  2⤵
  PID:8004
- C:\Windows\System\kgXuOgd.exe
  C:\Windows\System\kgXuOgd.exe
  2⤵
  PID:8020
- C:\Windows\System\ApSYtSO.exe
  C:\Windows\System\ApSYtSO.exe
  2⤵
  PID:8036
- C:\Windows\System\ClNFbdk.exe
  C:\Windows\System\ClNFbdk.exe
  2⤵
  PID:8056
- C:\Windows\System\UJmPjOS.exe
  C:\Windows\System\UJmPjOS.exe
  2⤵
  PID:8096
- C:\Windows\System\SExkbtw.exe
  C:\Windows\System\SExkbtw.exe
  2⤵
  PID:8112
- C:\Windows\System\zTUqVDW.exe
  C:\Windows\System\zTUqVDW.exe
  2⤵
  PID:8136
- C:\Windows\System\XBiIATQ.exe
  C:\Windows\System\XBiIATQ.exe
  2⤵
  PID:8156
- C:\Windows\System\JvhlZBL.exe
  C:\Windows\System\JvhlZBL.exe
  2⤵
  PID:8176
- C:\Windows\System\UPuepHa.exe
  C:\Windows\System\UPuepHa.exe
  2⤵
  PID:1124
- C:\Windows\System\GtDLsUY.exe
  C:\Windows\System\GtDLsUY.exe
  2⤵
  PID:7192
- C:\Windows\System\wSmgFUj.exe
  C:\Windows\System\wSmgFUj.exe
  2⤵
  PID:7256
- C:\Windows\System\fgwapCS.exe
  C:\Windows\System\fgwapCS.exe
  2⤵
  PID:7308
- C:\Windows\System\eBZFOQP.exe
  C:\Windows\System\eBZFOQP.exe
  2⤵
  PID:7240
- C:\Windows\System\SEwboNv.exe
  C:\Windows\System\SEwboNv.exe
  2⤵
  PID:7280
- C:\Windows\System\IJvTCcs.exe
  C:\Windows\System\IJvTCcs.exe
  2⤵
  PID:7340
- C:\Windows\System\IvdVfLd.exe
  C:\Windows\System\IvdVfLd.exe
  2⤵
  PID:7440
- C:\Windows\System\eNPORuK.exe
  C:\Windows\System\eNPORuK.exe
  2⤵
  PID:7480
- C:\Windows\System\fYAdrht.exe
  C:\Windows\System\fYAdrht.exe
  2⤵
  PID:7352
- C:\Windows\System\tgLlsCN.exe
  C:\Windows\System\tgLlsCN.exe
  2⤵
  PID:7420
- C:\Windows\System\uzdfgjX.exe
  C:\Windows\System\uzdfgjX.exe
  2⤵
  PID:7460
- C:\Windows\System\PuvohKu.exe
  C:\Windows\System\PuvohKu.exe
  2⤵
  PID:7508
- C:\Windows\System\onygLdy.exe
  C:\Windows\System\onygLdy.exe
  2⤵
  PID:7528
- C:\Windows\System\xasbCRq.exe
  C:\Windows\System\xasbCRq.exe
  2⤵
  PID:7564
- C:\Windows\System\wwTZIIU.exe
  C:\Windows\System\wwTZIIU.exe
  2⤵
  PID:7668
- C:\Windows\System\SqancQK.exe
  C:\Windows\System\SqancQK.exe
  2⤵
  PID:7672
- C:\Windows\System\kAKDryD.exe
  C:\Windows\System\kAKDryD.exe
  2⤵
  PID:7692
- C:\Windows\System\VOgXNkb.exe
  C:\Windows\System\VOgXNkb.exe
  2⤵
  PID:7620
- C:\Windows\System\aLgVNqh.exe
  C:\Windows\System\aLgVNqh.exe
  2⤵
  PID:7724
- C:\Windows\System\PCuOkrq.exe
  C:\Windows\System\PCuOkrq.exe
  2⤵
  PID:7760
- C:\Windows\System\IJQbRVe.exe
  C:\Windows\System\IJQbRVe.exe
  2⤵
  PID:7796
- C:\Windows\System\hDIvMmZ.exe
  C:\Windows\System\hDIvMmZ.exe
  2⤵
  PID:7840
- C:\Windows\System\TkuftPR.exe
  C:\Windows\System\TkuftPR.exe
  2⤵
  PID:7880
- C:\Windows\System\OIqFunU.exe
  C:\Windows\System\OIqFunU.exe
  2⤵
  PID:7816
- C:\Windows\System\ExVexag.exe
  C:\Windows\System\ExVexag.exe
  2⤵
  PID:7864
- C:\Windows\System\ojrCntv.exe
  C:\Windows\System\ojrCntv.exe
  2⤵
  PID:7952
- C:\Windows\System\GvmHCse.exe
  C:\Windows\System\GvmHCse.exe
  2⤵
  PID:7964
- C:\Windows\System\uLwbuNe.exe
  C:\Windows\System\uLwbuNe.exe
  2⤵
  PID:8064
- C:\Windows\System\vGHeChZ.exe
  C:\Windows\System\vGHeChZ.exe
  2⤵
  PID:8044
- C:\Windows\System\KHtWilN.exe
  C:\Windows\System\KHtWilN.exe
  2⤵
  PID:8076
- C:\Windows\System\vOZhZNn.exe
  C:\Windows\System\vOZhZNn.exe
  2⤵
  PID:8104
- C:\Windows\System\idcmztz.exe
  C:\Windows\System\idcmztz.exe
  2⤵
  PID:8124
- C:\Windows\System\nzMbsqT.exe
  C:\Windows\System\nzMbsqT.exe
  2⤵
  PID:8168
- C:\Windows\System\vxLccnw.exe
  C:\Windows\System\vxLccnw.exe
  2⤵
  PID:7292
- C:\Windows\System\WaWITEI.exe
  C:\Windows\System\WaWITEI.exe
  2⤵
  PID:7228
- C:\Windows\System\uZCnyDU.exe
  C:\Windows\System\uZCnyDU.exe
  2⤵
  PID:7272
- C:\Windows\System\rQQwXrV.exe
  C:\Windows\System\rQQwXrV.exe
  2⤵
  PID:7436
- C:\Windows\System\ZlEYZvj.exe
  C:\Windows\System\ZlEYZvj.exe
  2⤵
  PID:7320
- C:\Windows\System\KmdMoRW.exe
  C:\Windows\System\KmdMoRW.exe
  2⤵
  PID:7408
- C:\Windows\System\sdKAGUM.exe
  C:\Windows\System\sdKAGUM.exe
  2⤵
  PID:7560
- C:\Windows\System\hhSojqV.exe
  C:\Windows\System\hhSojqV.exe
  2⤵
  PID:7588
- C:\Windows\System\GUyFcQV.exe
  C:\Windows\System\GUyFcQV.exe
  2⤵
  PID:7716
- C:\Windows\System\uZgnqxh.exe
  C:\Windows\System\uZgnqxh.exe
  2⤵
  PID:7800
- C:\Windows\System\jGYVZjR.exe
  C:\Windows\System\jGYVZjR.exe
  2⤵
  PID:7488
- C:\Windows\System\NiBsPSD.exe
  C:\Windows\System\NiBsPSD.exe
  2⤵
  PID:7656
- C:\Windows\System\cfVupuM.exe
  C:\Windows\System\cfVupuM.exe
  2⤵
  PID:7636
- C:\Windows\System\EjPmrYq.exe
  C:\Windows\System\EjPmrYq.exe
  2⤵
  PID:7768
- C:\Windows\System\sbIhoIQ.exe
  C:\Windows\System\sbIhoIQ.exe
  2⤵
  PID:7876
- C:\Windows\System\EwFMTvY.exe
  C:\Windows\System\EwFMTvY.exe
  2⤵
  PID:7860
- C:\Windows\System\cleIHsM.exe
  C:\Windows\System\cleIHsM.exe
  2⤵
  PID:7984
- C:\Windows\System\OGvuWyY.exe
  C:\Windows\System\OGvuWyY.exe
  2⤵
  PID:8012
- C:\Windows\System\WEuiPPS.exe
  C:\Windows\System\WEuiPPS.exe
  2⤵
  PID:7904
- C:\Windows\System\sgFHFtT.exe
  C:\Windows\System\sgFHFtT.exe
  2⤵
  PID:8032
- C:\Windows\System\FNQuqYJ.exe
  C:\Windows\System\FNQuqYJ.exe
  2⤵
  PID:8072
- C:\Windows\System\PRKfpEa.exe
  C:\Windows\System\PRKfpEa.exe
  2⤵
  PID:8164
- C:\Windows\System\AVOwhTO.exe
  C:\Windows\System\AVOwhTO.exe
  2⤵
  PID:7224
- C:\Windows\System\oMRUPTB.exe
  C:\Windows\System\oMRUPTB.exe
  2⤵
  PID:6756
- C:\Windows\System\rcGxuVD.exe
  C:\Windows\System\rcGxuVD.exe
  2⤵
  PID:7324
- C:\Windows\System\VGMgFPQ.exe
  C:\Windows\System\VGMgFPQ.exe
  2⤵
  PID:7676
- C:\Windows\System\ztjswYf.exe
  C:\Windows\System\ztjswYf.exe
  2⤵
  PID:7496
- C:\Windows\System\OadlppA.exe
  C:\Windows\System\OadlppA.exe
  2⤵
  PID:7720
- C:\Windows\System\wuByeMJ.exe
  C:\Windows\System\wuByeMJ.exe
  2⤵
  PID:7456
- C:\Windows\System\tqQVYPF.exe
  C:\Windows\System\tqQVYPF.exe
  2⤵
  PID:7820
- C:\Windows\System\SixYCJm.exe
  C:\Windows\System\SixYCJm.exe
  2⤵
  PID:8028
- C:\Windows\System\EIXpiIk.exe
  C:\Windows\System\EIXpiIk.exe
  2⤵
  PID:8148
- C:\Windows\System\wHadBJV.exe
  C:\Windows\System\wHadBJV.exe
  2⤵
  PID:8052
- C:\Windows\System\LrvHrFo.exe
  C:\Windows\System\LrvHrFo.exe
  2⤵
  PID:8196
- C:\Windows\System\TlQHVmZ.exe
  C:\Windows\System\TlQHVmZ.exe
  2⤵
  PID:8212
- C:\Windows\System\acmzKoy.exe
  C:\Windows\System\acmzKoy.exe
  2⤵
  PID:8228
- C:\Windows\System\pPdAtKn.exe
  C:\Windows\System\pPdAtKn.exe
  2⤵
  PID:8244
- C:\Windows\System\MrpoUmn.exe
  C:\Windows\System\MrpoUmn.exe
  2⤵
  PID:8260
- C:\Windows\System\RnwMoSU.exe
  C:\Windows\System\RnwMoSU.exe
  2⤵
  PID:8276
- C:\Windows\System\COrszNu.exe
  C:\Windows\System\COrszNu.exe
  2⤵
  PID:8292
- C:\Windows\System\eqseuBz.exe
  C:\Windows\System\eqseuBz.exe
  2⤵
  PID:8308
- C:\Windows\System\mLeSHMa.exe
  C:\Windows\System\mLeSHMa.exe
  2⤵
  PID:8324
- C:\Windows\System\ibjWqVl.exe
  C:\Windows\System\ibjWqVl.exe
  2⤵
  PID:8340
- C:\Windows\System\QOleLbI.exe
  C:\Windows\System\QOleLbI.exe
  2⤵
  PID:8368
- C:\Windows\System\lqrbtJe.exe
  C:\Windows\System\lqrbtJe.exe
  2⤵
  PID:8384
- C:\Windows\System\pJcWmNN.exe
  C:\Windows\System\pJcWmNN.exe
  2⤵
  PID:8400
- C:\Windows\System\zwnTDII.exe
  C:\Windows\System\zwnTDII.exe
  2⤵
  PID:8416
- C:\Windows\System\FttKCBs.exe
  C:\Windows\System\FttKCBs.exe
  2⤵
  PID:8436
- C:\Windows\System\BZrUrIf.exe
  C:\Windows\System\BZrUrIf.exe
  2⤵
  PID:8480
- C:\Windows\System\mOzQuWm.exe
  C:\Windows\System\mOzQuWm.exe
  2⤵
  PID:8496
- C:\Windows\System\PzjLUVh.exe
  C:\Windows\System\PzjLUVh.exe
  2⤵
  PID:8520
- C:\Windows\System\gczwjrk.exe
  C:\Windows\System\gczwjrk.exe
  2⤵
  PID:8536
- C:\Windows\System\lTIYgGg.exe
  C:\Windows\System\lTIYgGg.exe
  2⤵
  PID:8552
- C:\Windows\System\tLpGyvk.exe
  C:\Windows\System\tLpGyvk.exe
  2⤵
  PID:8572
- C:\Windows\System\wCDrbcc.exe
  C:\Windows\System\wCDrbcc.exe
  2⤵
  PID:8588
- C:\Windows\System\gbJJIHx.exe
  C:\Windows\System\gbJJIHx.exe
  2⤵
  PID:8604
- C:\Windows\System\PVXnWBf.exe
  C:\Windows\System\PVXnWBf.exe
  2⤵
  PID:8620
- C:\Windows\System\yjAOJBK.exe
  C:\Windows\System\yjAOJBK.exe
  2⤵
  PID:8636
- C:\Windows\System\dmzClin.exe
  C:\Windows\System\dmzClin.exe
  2⤵
  PID:8652
- C:\Windows\System\PjGkxhx.exe
  C:\Windows\System\PjGkxhx.exe
  2⤵
  PID:8668
- C:\Windows\System\zcmaJDA.exe
  C:\Windows\System\zcmaJDA.exe
  2⤵
  PID:8684
- C:\Windows\System\GQsFojl.exe
  C:\Windows\System\GQsFojl.exe
  2⤵
  PID:8700
- C:\Windows\System\QkTLBbt.exe
  C:\Windows\System\QkTLBbt.exe
  2⤵
  PID:8716
- C:\Windows\System\gMuuFpi.exe
  C:\Windows\System\gMuuFpi.exe
  2⤵
  PID:8732
- C:\Windows\System\FTNwSjF.exe
  C:\Windows\System\FTNwSjF.exe
  2⤵
  PID:8752
- C:\Windows\System\wzkZYyO.exe
  C:\Windows\System\wzkZYyO.exe
  2⤵
  PID:8768
- C:\Windows\System\OAseEcf.exe
  C:\Windows\System\OAseEcf.exe
  2⤵
  PID:8872
- C:\Windows\System\KgOdNuA.exe
  C:\Windows\System\KgOdNuA.exe
  2⤵
  PID:8888
- C:\Windows\System\shBVqwV.exe
  C:\Windows\System\shBVqwV.exe
  2⤵
  PID:8968
- C:\Windows\System\QqLrLSA.exe
  C:\Windows\System\QqLrLSA.exe
  2⤵
  PID:9000
- C:\Windows\System\pthLAYl.exe
  C:\Windows\System\pthLAYl.exe
  2⤵
  PID:9024
- C:\Windows\System\kuiFjas.exe
  C:\Windows\System\kuiFjas.exe
  2⤵
  PID:9044
- C:\Windows\System\iBrwKrQ.exe
  C:\Windows\System\iBrwKrQ.exe
  2⤵
  PID:9064
- C:\Windows\System\ytBwCmi.exe
  C:\Windows\System\ytBwCmi.exe
  2⤵
  PID:9212
- C:\Windows\System\bspqUzO.exe
  C:\Windows\System\bspqUzO.exe
  2⤵
  PID:7924
- C:\Windows\System\yuFFuOw.exe
  C:\Windows\System\yuFFuOw.exe
  2⤵
  PID:7944
- C:\Windows\System\lnEtJbF.exe
  C:\Windows\System\lnEtJbF.exe
  2⤵
  PID:8132
- C:\Windows\System\TXPsBls.exe
  C:\Windows\System\TXPsBls.exe
  2⤵
  PID:8000
- C:\Windows\System\FpPUUVD.exe
  C:\Windows\System\FpPUUVD.exe
  2⤵
  PID:8208
- C:\Windows\System\PjKMtgI.exe
  C:\Windows\System\PjKMtgI.exe
  2⤵
  PID:8252
- C:\Windows\System\QRIpHNs.exe
  C:\Windows\System\QRIpHNs.exe
  2⤵
  PID:8320
- C:\Windows\System\oDNbqUE.exe
  C:\Windows\System\oDNbqUE.exe
  2⤵
  PID:8360
- C:\Windows\System\JjzNjhW.exe
  C:\Windows\System\JjzNjhW.exe
  2⤵
  PID:8268
- C:\Windows\System\DCcOevy.exe
  C:\Windows\System\DCcOevy.exe
  2⤵
  PID:8336
- C:\Windows\System\SeergjM.exe
  C:\Windows\System\SeergjM.exe
  2⤵
  PID:8408
- C:\Windows\System\WpeoMJA.exe
  C:\Windows\System\WpeoMJA.exe
  2⤵
  PID:8432
- C:\Windows\System\BgKaNzx.exe
  C:\Windows\System\BgKaNzx.exe
  2⤵
  PID:8464
- C:\Windows\System\AzmiHxk.exe
  C:\Windows\System\AzmiHxk.exe
  2⤵
  PID:8476
- C:\Windows\System\ZqVUpdw.exe
  C:\Windows\System\ZqVUpdw.exe
  2⤵
  PID:8568
- C:\Windows\System\emPCdiF.exe
  C:\Windows\System\emPCdiF.exe
  2⤵
  PID:8504
- C:\Windows\System\KtcOFPK.exe
  C:\Windows\System\KtcOFPK.exe
  2⤵
  PID:8612
- C:\Windows\System\ekmqBLg.exe
  C:\Windows\System\ekmqBLg.exe
  2⤵
  PID:8664
- C:\Windows\System\WruZSyi.exe
  C:\Windows\System\WruZSyi.exe
  2⤵
  PID:8696
- C:\Windows\System\zzvDXpc.exe
  C:\Windows\System\zzvDXpc.exe
  2⤵
  PID:8740
- C:\Windows\System\NoAPiEZ.exe
  C:\Windows\System\NoAPiEZ.exe
  2⤵
  PID:8776
- C:\Windows\System\DqYcyWG.exe
  C:\Windows\System\DqYcyWG.exe
  2⤵
  PID:8792
- C:\Windows\System\qtdVBXQ.exe
  C:\Windows\System\qtdVBXQ.exe
  2⤵
  PID:8828
- C:\Windows\System\bJAgjeW.exe
  C:\Windows\System\bJAgjeW.exe
  2⤵
  PID:8848
- C:\Windows\System\TPGjUHB.exe
  C:\Windows\System\TPGjUHB.exe
  2⤵
  PID:8864
- C:\Windows\System\vLQBpbi.exe
  C:\Windows\System\vLQBpbi.exe
  2⤵
  PID:8916
- C:\Windows\System\eRsRZdp.exe
  C:\Windows\System\eRsRZdp.exe
  2⤵
  PID:8948
- C:\Windows\System\rIRXORH.exe
  C:\Windows\System\rIRXORH.exe
  2⤵
  PID:8956
- C:\Windows\System\HBqcFFQ.exe
  C:\Windows\System\HBqcFFQ.exe
  2⤵
  PID:8988
- C:\Windows\System\wMbPNyX.exe
  C:\Windows\System\wMbPNyX.exe
  2⤵
  PID:9032
- C:\Windows\System\uOdHRLv.exe
  C:\Windows\System\uOdHRLv.exe
  2⤵
  PID:9012
- C:\Windows\System\GuRSYiZ.exe
  C:\Windows\System\GuRSYiZ.exe
  2⤵
  PID:9084
- C:\Windows\System\XSWXzrt.exe
  C:\Windows\System\XSWXzrt.exe
  2⤵
  PID:9100
- C:\Windows\System\uPbGTAA.exe
  C:\Windows\System\uPbGTAA.exe
  2⤵
  PID:9120
- C:\Windows\System\CSYgWrY.exe
  C:\Windows\System\CSYgWrY.exe
  2⤵
  PID:9136
- C:\Windows\System\TgUxcyo.exe
  C:\Windows\System\TgUxcyo.exe
  2⤵
  PID:9160
- C:\Windows\System\gWuAAzE.exe
  C:\Windows\System\gWuAAzE.exe
  2⤵
  PID:9180
- C:\Windows\System\OhMWzlr.exe
  C:\Windows\System\OhMWzlr.exe
  2⤵
  PID:9196
- C:\Windows\System\jxetFjt.exe
  C:\Windows\System\jxetFjt.exe
  2⤵
  PID:9208
- C:\Windows\System\WBEFBcK.exe
  C:\Windows\System\WBEFBcK.exe
  2⤵
  PID:7584
- C:\Windows\System\mRoHobC.exe
  C:\Windows\System\mRoHobC.exe
  2⤵
  PID:7888
- C:\Windows\System\mRZoslK.exe
  C:\Windows\System\mRZoslK.exe
  2⤵
  PID:7616
- C:\Windows\System\YmZGFYr.exe
  C:\Windows\System\YmZGFYr.exe
  2⤵
  PID:8304
- C:\Windows\System\yETfLFA.exe
  C:\Windows\System\yETfLFA.exe
  2⤵
  PID:8488
- C:\Windows\System\nItxHTT.exe
  C:\Windows\System\nItxHTT.exe
  2⤵
  PID:8616
- C:\Windows\System\kOOFtCB.exe
  C:\Windows\System\kOOFtCB.exe
  2⤵
  PID:8712
- C:\Windows\System\NZywtxs.exe
  C:\Windows\System\NZywtxs.exe
  2⤵
  PID:8240
- C:\Windows\System\nYIyKlc.exe
  C:\Windows\System\nYIyKlc.exe
  2⤵
  PID:8836
- C:\Windows\System\FOOzEnN.exe
  C:\Windows\System\FOOzEnN.exe
  2⤵
  PID:8884
- C:\Windows\System\INgAHNH.exe
  C:\Windows\System\INgAHNH.exe
  2⤵
  PID:8460
- C:\Windows\System\BdTftuC.exe
  C:\Windows\System\BdTftuC.exe
  2⤵
  PID:8676
- C:\Windows\System\bHCsDwx.exe
  C:\Windows\System\bHCsDwx.exe
  2⤵
  PID:8580
- C:\Windows\System\rLMYqTp.exe
  C:\Windows\System\rLMYqTp.exe
  2⤵
  PID:8744
- C:\Windows\System\FAKJgel.exe
  C:\Windows\System\FAKJgel.exe
  2⤵
  PID:8692
- C:\Windows\System\MWyjgar.exe
  C:\Windows\System\MWyjgar.exe
  2⤵
  PID:8940
- C:\Windows\System\mzrOQaH.exe
  C:\Windows\System\mzrOQaH.exe
  2⤵
  PID:8992
- C:\Windows\System\hJVXLZT.exe
  C:\Windows\System\hJVXLZT.exe
  2⤵
  PID:9080
- C:\Windows\System\CVDUMgI.exe
  C:\Windows\System\CVDUMgI.exe
  2⤵
  PID:9076
- C:\Windows\System\vYCyyme.exe
  C:\Windows\System\vYCyyme.exe
  2⤵
  PID:9144
- C:\Windows\System\QVJYrLa.exe
  C:\Windows\System\QVJYrLa.exe
  2⤵
  PID:9156
- C:\Windows\System\dJCnIRl.exe
  C:\Windows\System\dJCnIRl.exe
  2⤵
  PID:7732
- C:\Windows\System\fsOjCIK.exe
  C:\Windows\System\fsOjCIK.exe
  2⤵
  PID:8428
- C:\Windows\System\BAveVtF.exe
  C:\Windows\System\BAveVtF.exe
  2⤵
  PID:9176
- C:\Windows\System\GQIaBVr.exe
  C:\Windows\System\GQIaBVr.exe
  2⤵
  PID:9172
- C:\Windows\System\dMxbLUd.exe
  C:\Windows\System\dMxbLUd.exe
  2⤵
  PID:8284
- C:\Windows\System\drhMYqy.exe
  C:\Windows\System\drhMYqy.exe
  2⤵
  PID:8840
- C:\Windows\System\JuBsDhM.exe
  C:\Windows\System\JuBsDhM.exe
  2⤵
  PID:8316
- C:\Windows\System\xJqVfyE.exe
  C:\Windows\System\xJqVfyE.exe
  2⤵
  PID:8516
- C:\Windows\System\LbOPeIx.exe
  C:\Windows\System\LbOPeIx.exe
  2⤵
  PID:8844
- C:\Windows\System\GtgIgXf.exe
  C:\Windows\System\GtgIgXf.exe
  2⤵
  PID:8584
- C:\Windows\System\PKcJDSA.exe
  C:\Windows\System\PKcJDSA.exe
  2⤵
  PID:8908
- C:\Windows\System\eDEzYMk.exe
  C:\Windows\System\eDEzYMk.exe
  2⤵
  PID:8920
- C:\Windows\System\yEXCfLQ.exe
  C:\Windows\System\yEXCfLQ.exe
  2⤵
  PID:8964
- C:\Windows\System\INazwkZ.exe
  C:\Windows\System\INazwkZ.exe
  2⤵
  PID:7504
- C:\Windows\System\vjamNzq.exe
  C:\Windows\System\vjamNzq.exe
  2⤵
  PID:8300
- C:\Windows\System\EHahrOC.exe
  C:\Windows\System\EHahrOC.exe
  2⤵
  PID:9092
- C:\Windows\System\FMKpEkQ.exe
  C:\Windows\System\FMKpEkQ.exe
  2⤵
  PID:7916
- C:\Windows\System\UJPkxwq.exe
  C:\Windows\System\UJPkxwq.exe
  2⤵
  PID:8600
- C:\Windows\System\exEatEN.exe
  C:\Windows\System\exEatEN.exe
  2⤵
  PID:8376
- C:\Windows\System\KbbEfml.exe
  C:\Windows\System\KbbEfml.exe
  2⤵
  PID:8564
- C:\Windows\System\IORLiZb.exe
  C:\Windows\System\IORLiZb.exe
  2⤵
  PID:9036
- C:\Windows\System\RvJGasA.exe
  C:\Windows\System\RvJGasA.exe
  2⤵
  PID:8680
- C:\Windows\System\EHMkkGm.exe
  C:\Windows\System\EHMkkGm.exe
  2⤵
  PID:9148
- C:\Windows\System\HBRfiSB.exe
  C:\Windows\System\HBRfiSB.exe
  2⤵
  PID:9132
- C:\Windows\System\jHJyzcC.exe
  C:\Windows\System\jHJyzcC.exe
  2⤵
  PID:8396
- C:\Windows\System\qAXswZk.exe
  C:\Windows\System\qAXswZk.exe
  2⤵
  PID:9204
- C:\Windows\System\qSXwhcZ.exe
  C:\Windows\System\qSXwhcZ.exe
  2⤵
  PID:1624
- C:\Windows\System\DstamdC.exe
  C:\Windows\System\DstamdC.exe
  2⤵
  PID:8928
- C:\Windows\System\NqjiLcx.exe
  C:\Windows\System\NqjiLcx.exe
  2⤵
  PID:9124
- C:\Windows\System\vDUFLqe.exe
  C:\Windows\System\vDUFLqe.exe
  2⤵
  PID:8356
- C:\Windows\System\DysawWx.exe
  C:\Windows\System\DysawWx.exe
  2⤵
  PID:8708
- C:\Windows\System\RAVQHAU.exe
  C:\Windows\System\RAVQHAU.exe
  2⤵
  PID:7208
- C:\Windows\System\qbRssdE.exe
  C:\Windows\System\qbRssdE.exe
  2⤵
  PID:9192
- C:\Windows\System\cpjgEdC.exe
  C:\Windows\System\cpjgEdC.exe
  2⤵
  PID:9108
- C:\Windows\System\vbsGTRQ.exe
  C:\Windows\System\vbsGTRQ.exe
  2⤵
  PID:9152
- C:\Windows\System\qKkOsFn.exe
  C:\Windows\System\qKkOsFn.exe
  2⤵
  PID:9056
- C:\Windows\System\yOMyYtO.exe
  C:\Windows\System\yOMyYtO.exe
  2⤵
  PID:9240
- C:\Windows\System\Cagwgys.exe
  C:\Windows\System\Cagwgys.exe
  2⤵
  PID:9256
- C:\Windows\System\LZtFNuO.exe
  C:\Windows\System\LZtFNuO.exe
  2⤵
  PID:9280
- C:\Windows\System\UhuHWCA.exe
  C:\Windows\System\UhuHWCA.exe
  2⤵
  PID:9304
- C:\Windows\System\GnqFDiQ.exe
  C:\Windows\System\GnqFDiQ.exe
  2⤵
  PID:9324
- C:\Windows\System\CZRTWXu.exe
  C:\Windows\System\CZRTWXu.exe
  2⤵
  PID:9344
- C:\Windows\System\zHpEbCQ.exe
  C:\Windows\System\zHpEbCQ.exe
  2⤵
  PID:9360
- C:\Windows\System\aTiqqbC.exe
  C:\Windows\System\aTiqqbC.exe
  2⤵
  PID:9380
- C:\Windows\System\mhXyHBc.exe
  C:\Windows\System\mhXyHBc.exe
  2⤵
  PID:9400
- C:\Windows\System\ufeGiOP.exe
  C:\Windows\System\ufeGiOP.exe
  2⤵
  PID:9416
- C:\Windows\System\DlshAvx.exe
  C:\Windows\System\DlshAvx.exe
  2⤵
  PID:9432
- C:\Windows\System\QjAusMC.exe
  C:\Windows\System\QjAusMC.exe
  2⤵
  PID:9456
- C:\Windows\System\RdNJIrh.exe
  C:\Windows\System\RdNJIrh.exe
  2⤵
  PID:9480
- C:\Windows\System\cckGMLd.exe
  C:\Windows\System\cckGMLd.exe
  2⤵
  PID:9496
- C:\Windows\System\pXgatQL.exe
  C:\Windows\System\pXgatQL.exe
  2⤵
  PID:9524
- C:\Windows\System\YTczpmS.exe
  C:\Windows\System\YTczpmS.exe
  2⤵
  PID:9540
- C:\Windows\System\vsAYvLd.exe
  C:\Windows\System\vsAYvLd.exe
  2⤵
  PID:9556
- C:\Windows\System\ABBsZcy.exe
  C:\Windows\System\ABBsZcy.exe
  2⤵
  PID:9576
- C:\Windows\System\iBewoLg.exe
  C:\Windows\System\iBewoLg.exe
  2⤵
  PID:9596
- C:\Windows\System\SQgemmm.exe
  C:\Windows\System\SQgemmm.exe
  2⤵
  PID:9616
- C:\Windows\System\ZJFthEl.exe
  C:\Windows\System\ZJFthEl.exe
  2⤵
  PID:9636
- C:\Windows\System\ConJWkq.exe
  C:\Windows\System\ConJWkq.exe
  2⤵
  PID:9660
- C:\Windows\System\VMWVyty.exe
  C:\Windows\System\VMWVyty.exe
  2⤵
  PID:9684
- C:\Windows\System\kPTVCPv.exe
  C:\Windows\System\kPTVCPv.exe
  2⤵
  PID:9708
- C:\Windows\System\qPyMOas.exe
  C:\Windows\System\qPyMOas.exe
  2⤵
  PID:9728
- C:\Windows\System\dgjSXzd.exe
  C:\Windows\System\dgjSXzd.exe
  2⤵
  PID:9748
- C:\Windows\System\jjdgQhz.exe
  C:\Windows\System\jjdgQhz.exe
  2⤵
  PID:9768
- C:\Windows\System\edRZCHp.exe
  C:\Windows\System\edRZCHp.exe
  2⤵
  PID:9784
- C:\Windows\System\WgEbSEE.exe
  C:\Windows\System\WgEbSEE.exe
  2⤵
  PID:9804
- C:\Windows\System\yBDFjsb.exe
  C:\Windows\System\yBDFjsb.exe
  2⤵
  PID:9824
- C:\Windows\System\VoSeTXe.exe
  C:\Windows\System\VoSeTXe.exe
  2⤵
  PID:9848
- C:\Windows\System\STUFeuu.exe
  C:\Windows\System\STUFeuu.exe
  2⤵
  PID:9864
- C:\Windows\System\RZhNeQw.exe
  C:\Windows\System\RZhNeQw.exe
  2⤵
  PID:9884
- C:\Windows\System\qioqWNW.exe
  C:\Windows\System\qioqWNW.exe
  2⤵
  PID:9900
- C:\Windows\System\ayXTAJL.exe
  C:\Windows\System\ayXTAJL.exe
  2⤵
  PID:9920
- C:\Windows\System\EAIoxiw.exe
  C:\Windows\System\EAIoxiw.exe
  2⤵
  PID:9948
- C:\Windows\System\IgnPXZW.exe
  C:\Windows\System\IgnPXZW.exe
  2⤵
  PID:9964
- C:\Windows\System\AbTJOcJ.exe
  C:\Windows\System\AbTJOcJ.exe
  2⤵
  PID:9980
- C:\Windows\System\EEcLgzR.exe
  C:\Windows\System\EEcLgzR.exe
  2⤵
  PID:10000
- C:\Windows\System\MrZlwWT.exe
  C:\Windows\System\MrZlwWT.exe
  2⤵
  PID:10016
- C:\Windows\System\OvXeGZO.exe
  C:\Windows\System\OvXeGZO.exe
  2⤵
  PID:10036
- C:\Windows\System\rOPOWGC.exe
  C:\Windows\System\rOPOWGC.exe
  2⤵
  PID:10056
- C:\Windows\System\FcvRLFz.exe
  C:\Windows\System\FcvRLFz.exe
  2⤵
  PID:10092
- C:\Windows\System\EKckfuS.exe
  C:\Windows\System\EKckfuS.exe
  2⤵
  PID:10108
- C:\Windows\System\qjQRcoi.exe
  C:\Windows\System\qjQRcoi.exe
  2⤵
  PID:10132
- C:\Windows\System\QXyXadb.exe
  C:\Windows\System\QXyXadb.exe
  2⤵
  PID:10152
- C:\Windows\System\tNOBsrs.exe
  C:\Windows\System\tNOBsrs.exe
  2⤵
  PID:10168
- C:\Windows\System\zysXrYM.exe
  C:\Windows\System\zysXrYM.exe
  2⤵
  PID:10192
- C:\Windows\System\YNMWsTV.exe
  C:\Windows\System\YNMWsTV.exe
  2⤵
  PID:10208
- C:\Windows\System\RnUFCZi.exe
  C:\Windows\System\RnUFCZi.exe
  2⤵
  PID:10224
- C:\Windows\System\hvoMEQg.exe
  C:\Windows\System\hvoMEQg.exe
  2⤵
  PID:9116
- C:\Windows\System\pVeSRPC.exe
  C:\Windows\System\pVeSRPC.exe
  2⤵
  PID:9248
- C:\Windows\System\ikHSrOr.exe
  C:\Windows\System\ikHSrOr.exe
  2⤵
  PID:9276
- C:\Windows\System\FiGkljh.exe
  C:\Windows\System\FiGkljh.exe
  2⤵
  PID:9300
- C:\Windows\System\lgpdGgb.exe
  C:\Windows\System\lgpdGgb.exe
  2⤵
  PID:9340
- C:\Windows\System\rKgxbZW.exe
  C:\Windows\System\rKgxbZW.exe
  2⤵
  PID:9356
- C:\Windows\System\BInUtQn.exe
  C:\Windows\System\BInUtQn.exe
  2⤵
  PID:9408
- C:\Windows\System\ocAxyAo.exe
  C:\Windows\System\ocAxyAo.exe
  2⤵
  PID:9452
- C:\Windows\System\lrxAZEx.exe
  C:\Windows\System\lrxAZEx.exe
  2⤵
  PID:9476
- C:\Windows\System\ckjkUaa.exe
  C:\Windows\System\ckjkUaa.exe
  2⤵
  PID:9532
- C:\Windows\System\RMhZame.exe
  C:\Windows\System\RMhZame.exe
  2⤵
  PID:9572
- C:\Windows\System\fWdcSGp.exe
  C:\Windows\System\fWdcSGp.exe
  2⤵
  PID:9520
- C:\Windows\System\jWbrGrG.exe
  C:\Windows\System\jWbrGrG.exe
  2⤵
  PID:9624
- C:\Windows\System\SAgHOOo.exe
  C:\Windows\System\SAgHOOo.exe
  2⤵
  PID:9652
- C:\Windows\System\rBdolTM.exe
  C:\Windows\System\rBdolTM.exe
  2⤵
  PID:9680
- C:\Windows\System\gSxeICS.exe
  C:\Windows\System\gSxeICS.exe
  2⤵
  PID:9716
- C:\Windows\System\IsnnLnK.exe
  C:\Windows\System\IsnnLnK.exe
  2⤵
  PID:9740
- C:\Windows\System\uTcsEqg.exe
  C:\Windows\System\uTcsEqg.exe
  2⤵
  PID:9780
- C:\Windows\System\roELUgX.exe
  C:\Windows\System\roELUgX.exe
  2⤵
  PID:9820
- C:\Windows\System\rNXMzPg.exe
  C:\Windows\System\rNXMzPg.exe
  2⤵
  PID:9840
- C:\Windows\System\FqGiNRI.exe
  C:\Windows\System\FqGiNRI.exe
  2⤵
  PID:9872
- C:\Windows\System\GxpQSPw.exe
  C:\Windows\System\GxpQSPw.exe
  2⤵
  PID:9932
- C:\Windows\System\Nvezbrr.exe
  C:\Windows\System\Nvezbrr.exe
  2⤵
  PID:9972
- C:\Windows\System\UDvfgTE.exe
  C:\Windows\System\UDvfgTE.exe
  2⤵
  PID:10012
- C:\Windows\System\fEnEysZ.exe
  C:\Windows\System\fEnEysZ.exe
  2⤵
  PID:9992
- C:\Windows\System\NzktyCw.exe
  C:\Windows\System\NzktyCw.exe
  2⤵
  PID:9996
- C:\Windows\System\UWhFgFn.exe
  C:\Windows\System\UWhFgFn.exe
  2⤵
  PID:10088
- C:\Windows\System\MefnyVj.exe
  C:\Windows\System\MefnyVj.exe
  2⤵
  PID:10124
- C:\Windows\System\vyCXYqq.exe
  C:\Windows\System\vyCXYqq.exe
  2⤵
  PID:10148
- C:\Windows\System\BbCECwr.exe
  C:\Windows\System\BbCECwr.exe
  2⤵
  PID:10188
- C:\Windows\System\kgJCXuB.exe
  C:\Windows\System\kgJCXuB.exe
  2⤵
  PID:10220
- C:\Windows\System\tCxCAbW.exe
  C:\Windows\System\tCxCAbW.exe
  2⤵
  PID:9272
- C:\Windows\System\MJGKpdc.exe
  C:\Windows\System\MJGKpdc.exe
  2⤵
  PID:8456
- C:\Windows\System\HbdDtaB.exe
  C:\Windows\System\HbdDtaB.exe
  2⤵
  PID:8924
- C:\Windows\System\sinfuTr.exe
  C:\Windows\System\sinfuTr.exe
  2⤵
  PID:9396
- C:\Windows\System\rrRNRMP.exe
  C:\Windows\System\rrRNRMP.exe
  2⤵
  PID:9428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AoxguGN.exe

Filesize
6.0MB

MD5
ce69f5cf1d43ed8df01f408923b9c15c

SHA1
48d5e6f056602528f162c5f1245288c455e6133c

SHA256
c017717f27bb53c9ca0ad7be8a5ea508aab513aa8f943faf4501491c621cdcd0

SHA512
2a7b9054db6992a09a215a081b3fd9a3e54118cc661e3801c42463c239e194e4ed8e90624fe4ed3540bb1c1df576f80d61b9c7b2d3601ffe9e71c0c0240c517d

Download Submit
C:\Windows\system\CupUCix.exe

Filesize
6.0MB

MD5
90cbeda235494814e1d0c6749642956e

SHA1
d5a8dfa76db4cfd579b5b658cc51aa38de71e295

SHA256
7bfe95dbadf206298063d3a2dbc47eb4e3db2dd263591d0df1134f483f053b55

SHA512
27cbe15f898ca7daf4a400041d840fe3e93a008234a692040619e6121d02c579a97c4c8e3c8cd3983d9c53cb9041765cf2931d13046c991fcc13986f53736b4f

Download Submit
C:\Windows\system\DWgciUr.exe

Filesize
6.0MB

MD5
f19f7082c3cd33cb6534a66d04035fcc

SHA1
6642c935cbed88ca27dc310f060a0e8cfe789dbe

SHA256
f95e4a2366b4183eb2560c8364431ff90b27baa2fa27df7024026dd6ae17f525

SHA512
725926ed4e535755f5b7a6af131238d780edb739dd5b3402aa1483e62a96a61d92175e54699d75316a0ca575dab87e8eb869348e02e12c5e8fbe7350e9995e6a

Download Submit
C:\Windows\system\DjezatU.exe

Filesize
6.0MB

MD5
1d637836f858d89fb99b7d5f92e3632c

SHA1
6dd5d9e93b73a8987b927a7e3f816e8771ecb6b3

SHA256
8163a03099fef8eeb57a186626725553b4a8e7cec13581118f987597f72a7d86

SHA512
a03a84e0189aa020b58fe4f96131c6ea8bd7c7f838285b10e47728d649d4bc7fd2542e6931b80892f0bd8666738db7501e91bd2f47fb30982eb154e4cf5a53a2

Download Submit
C:\Windows\system\FveqvYj.exe

Filesize
6.0MB

MD5
9ba5de0baf5a1bd9987c8f97aa179550

SHA1
1ac1bfcc9266cbf1ca63d48911c515ba76abaf5c

SHA256
647fecb95c971ef826bfd72f3fd59e1f33c40ea3e96fd733ae3167747480669a

SHA512
40da77fd72c71db62f0af9ed29d8ca4602897b789c933f9ed82d31dc9b1a67c5b2f5dd247d154fab044ec5828beb8b5a3e42d677f50a6e882b9d2c37f7f640f2

Download Submit
C:\Windows\system\IEBFEqu.exe

Filesize
6.0MB

MD5
e3bf129af0e58af0234a886f293e37a3

SHA1
fa7ce6e2c54512afd0d1ff8c9370270085307b03

SHA256
2e7eb8af3fbb78bddfc2da0043481e2fd4cb2b016b1e2e372fbcac5964bf7eb9

SHA512
dbaf0e41048069a5abe5bb7656291e10929099041f6d4cde3236f348a17c8287830ac6d489f5fcdbbcf2342624c3d89c0be5d03953812733148e1f512f7f3d6b

Download Submit
C:\Windows\system\JnlJIxb.exe

Filesize
6.0MB

MD5
dbd018cfc0e688e1289d31bbd95c4251

SHA1
cf398ebe997d817051f23f79fc921c4a83e189f1

SHA256
7bb10daebbb5ce620481bbf2dc03a48ed422ae759f935fa6072b28e01ff95e3e

SHA512
84271e2ff81ed37803017f872c929ae4ec76643e0d0ff4219734cb5892e41d25a7e8241bf8109eb87afce42d124c4330c9e3a66744b12401244862e8e6e40894

Download Submit
C:\Windows\system\PPFCCBo.exe

Filesize
6.0MB

MD5
fe6e0804d7fd22bc0408dd4f50ec3287

SHA1
afcb6fb08b857bbcfc7e6c7707a579562f813972

SHA256
07e3c849a968d310442586b014c49cbb13f486ac9ce8a16d5213e858e1f88995

SHA512
ebf93b996a6427ed965fd4768e9bf38eb71758eddc850d412c9ab031907e0e2e2f5c4510c37b318872c91f0f8b8ba0f0e60b1b7646bedbd87a93917cfd0b474f

Download Submit
C:\Windows\system\QRnzWOs.exe

Filesize
6.0MB

MD5
c838e58c698035cb3dfc90d7a8e14447

SHA1
1c3cd11894d6b9dd3352439595d0474975a245eb

SHA256
47714fb1f28a7221bb4def513ee4c682a669e199adcf4a77273b5321fa30db8c

SHA512
b4567ab5fd715526cbc37e1ad2bf2d848f27cd40bc3e819a64296ba4856128998167de50a5ddfa2e0f19d360f89a6bdf18f3be8a360da03c15fa9caa1c1f2f65

Download Submit
C:\Windows\system\QSxtVCO.exe

Filesize
6.0MB

MD5
7e386906bd1e90fc4124dacf470c7d86

SHA1
b91b4f0fe555a13a67d7d27f809f9811d27ecd19

SHA256
157fdbfb6266ffa2833f23c9d3e4573cf6eac7253484f746fa6d1b3c315b96dd

SHA512
975b34ac1d9c25b3d2fb37a62047cb037ecb7d2928420bd6a7b707ba090a093180ff0d07e52b72904e0211702ae35c0e811c6dc9a6b74a8a34540f317be2a165

Download Submit
C:\Windows\system\VUgBzax.exe

Filesize
6.0MB

MD5
ab0ffc93985751864638d01557654b5e

SHA1
2ac4606bd0bb85abfc172856058f9c05409422ec

SHA256
ec3bbc7780fef6b8178dc9ce7fa3d10020cdea4052b30050547637e6f3658e3c

SHA512
1ce154b18775a269eabf5c526c9f2eb697d9f326cda42d6e34008442c46464a2b26501a4dc15ac37e370d07fde17a06e8f9c2a98db3a5cd2a0d543920a837b45

Download Submit
C:\Windows\system\VtBRVZI.exe

Filesize
6.0MB

MD5
92969f11a45b33eb842ca5ada1839ba1

SHA1
1651e89427500765af5e4e70a6bf71a07ad4399f

SHA256
214da5630b1c760770d2d542763ddc914da85d00a530f5d72868b69d3298e574

SHA512
04065890e124c824cf5d284bdb5eac9e97398206b7d70bd43196f11eb38df71edd7ea8e5c878529defb268939f766bb66be5bbb6e1191f8aec5c566a63ffda6e

Download Submit
C:\Windows\system\WxpKtgf.exe

Filesize
6.0MB

MD5
e99519e3abeefe668d4247ce7a719ceb

SHA1
65428bfe6fdd262fb67c039a6b98a3ecf6c8d035

SHA256
071ae501999796ed8e0fee6fd5110252b83f69d6631e59b45206f01320a3dcb5

SHA512
56d2df2a65ad127d48ef48ae45a3d2f07092bfd95218a352ba43e0cdb758464467df02b3e27a4f50f54973ef84ccfaccf9dcf3dfc2580847a3d56244386b2d0d

Download Submit
C:\Windows\system\YSAyMui.exe

Filesize
6.0MB

MD5
7603902df81e15f8c7bebcc51678c09a

SHA1
0240abf796b6fa53d8f1f9e4032fc2a653a48af1

SHA256
9ea467ce0641425da9ccea689435e1a056e70866045b5f6a97d6eb5257310e62

SHA512
45b41809e5396625128d9be2c299fdbce8fe1f7eabab6d054274058e27a86837ac1b4497d64a915303d8bb0ad56c6e431bc8b23f3830f4d3182dc05a341ef592

Download Submit
C:\Windows\system\YzUTsFx.exe

Filesize
6.0MB

MD5
9adea4a5398fb1a51534f7918434a622

SHA1
b96172a29128c7c4f57bde984a1fdd4516b25b60

SHA256
0aad56a809b6c19d670522186ed455fe9139787c603ea63ead1da1965bccf680

SHA512
9ee6594e2c325ef9bca5f2a8ed7b937f9aa9f8fc9e7558f992573b7efd9f3240840859bbf35e4867036fbc035bbdba636ac9387ec3535201bbd75411e546a1b3

Download Submit
C:\Windows\system\ZEoCtti.exe

Filesize
6.0MB

MD5
23ef84548f834696d9ee89e48d16ec73

SHA1
0ede5eaf939d17cf4d599ca34e804c300a230166

SHA256
489ff5ee1353379f14e42431cce81378ac36c54cd60f8fff51698e796f807b5d

SHA512
6182924d680fe778b339891c7c2ec327177bbd2a540ec3421e2d978669939da8b9d1d6773be9622b1246c85d82de1c19db522d134bebf82b3b9b0e0d41f7d087

Download Submit
C:\Windows\system\bIgpFUx.exe

Filesize
6.0MB

MD5
cccedfa395233c265d118cbe7b205033

SHA1
2719db9c3c01fbbb047d710c4bc0bc9a39abf21f

SHA256
efa40e6f28e43e34c085f1156f408e62a8f335481ddc30b20f752249b65dc34b

SHA512
c448f58e4e4863989729d4583f524c0972d90c1dd1d43f8b0f977ca7ad92450d020bf160348daa19064c3d8d9e0b8ad7a15913b0f52cdade3d17da694d92770d

Download Submit
C:\Windows\system\cfrFpEU.exe

Filesize
6.0MB

MD5
b14550ca756ec7186cdb7172b58348eb

SHA1
42e2fdd1fb75b852c84de4a971cf5b6bd820dcc4

SHA256
2c555f7c63fd2574dd3666919fb3488bbaabe1cc2f2faf906b949bd14edb4e4e

SHA512
3e3c0be7696901c5be14d65d6887d479ecd3011a0d9cb5733f76e7162aab29b0ff5aff8dd97697d5a41ed4d74c0d6bd6f66c29a1cd754fe07ebf4218a679b3f5

Download Submit
C:\Windows\system\fcfswlL.exe

Filesize
6.0MB

MD5
2c006417a32e1ef6164b0e9fbe8126d0

SHA1
c4756a1e66e5e17804cdbc72222e13cfbbfeff98

SHA256
eb3f9a737670b44d4fc1adac72d4d501efaf8738d3bd4b1e0c9a55beca5b869e

SHA512
7d0e542e75eb291632ae1d70dbe0370d7f5a000bcc7110913401ecc19fb4e46103a1a8248edace87d089acec57dc36f759041469cca46cdac2126979e9b703a6

Download Submit
C:\Windows\system\gYbDALH.exe

Filesize
6.0MB

MD5
40e733420efa9f1aafd8547a2502a3e4

SHA1
d1a52768e09e501a79af26404591f03795a3f443

SHA256
f0c1502f8e74d041662a3010f7a48214cbba801d9d068302c0ef95d724d4af27

SHA512
b74a871b51e2040136fece6558a5689deb43fb78e0f81102d85dcb1729b5eef310f09392da8830785018aef4da8947a01ade612c4675e07f138d6d48bd873f8d

Download Submit
C:\Windows\system\jTbigDQ.exe

Filesize
6.0MB

MD5
318e05b9504074eecc082fb142541ff2

SHA1
db3d0583272f7988aa4e2a3f9a94fe871a9d2ec8

SHA256
fe5f230b004033f2481480291f8b31043ad27ac684db4870fbfd0e42b4c45a4b

SHA512
69cc3aef968a3be4a004e13ba835685503f9048cf5d65c2cbe3bb4fd11377ec38c042cf6193e3d5d27efd7a2e6e9747fc9d6b791e1e1bea8af0f8418dca87df5

Download Submit
C:\Windows\system\lhlEjgT.exe

Filesize
6.0MB

MD5
7a621e8067b94ce9e7c6b8111f7ac6eb

SHA1
8fa2f4ce92f3bfdbd55df040eaac85e2c4d0d5e2

SHA256
36fee060f275412e46950b416dfe1ad25175476e92569c11bd6955c5fd9824b7

SHA512
6dde1d922c0a6958087b04e1eb11c25091503a6c38f8e24a018126cfbe2e809453636af475f4044ccd0047dfb484bf02d63d5be4cb5122a60de4d3dde9265c07

Download Submit
C:\Windows\system\nptxoLh.exe

Filesize
6.0MB

MD5
38723276207d84661de6e4da01689af7

SHA1
3af16a80b64029409d92d410c1bbc014138bdd24

SHA256
1e56980983d1b4773311cb3a65cabf3389920baf186be685d438da55669f6a52

SHA512
7fcb28d7e0658e1de51ec049347eda53f03d029b1d16cc59a0e8562a611d790e917ca1dec72fb0066d7e095fc319c97f15eb8c77ae1fb6cae2de156f8a2930cb

Download Submit
C:\Windows\system\nrUkBHa.exe

Filesize
6.0MB

MD5
e0f8a63761742f7ffc57d2b76eebf649

SHA1
b2a3486462b8b6586c31627fa5a244b168ffb2d7

SHA256
a373e46ee659769b18177cf2560ee899cf1fc27af7babd70a8629d8ca4215a24

SHA512
70d9138cb1e52802640150059926ac0e3025138d6b0e53152650a8c16bf4d338e7981a0270369deb3374b7523abb43a20c321f45d8b23d887b6694754a9f9762

Download Submit
C:\Windows\system\qystJkO.exe

Filesize
6.0MB

MD5
bd08e3f47204406edc56c2381ec453e1

SHA1
4f16bdc361f6472f3664e3936b95f4f1530aa431

SHA256
b55c5a6a15606c07c90e87e07c32fec001deb79b8b8478eb65d41aae83dc7604

SHA512
b24bef9d7d9681a255e8e67bbc02a55047c09551691d7b0f77b5db0a2b43472243475d507cef962141f9697da777aab157a004985524f3b9e7c8977a1cc665cc

Download Submit
C:\Windows\system\rKFAbzi.exe

Filesize
6.0MB

MD5
d3465c6ce26336911a704588652a370d

SHA1
02d1f6e8f23d32f995f613a475fcc1b9c4804957

SHA256
ab66ed247d49509c9ffb011b4adc3d4bc74f7745cce4ef8d9780920d2205940c

SHA512
3b27b77f36a17b4f71eba884e99e4d8f6e4831bffc1a867a1d5d86e4537eca606c191d430cb027ff22d8784981ff71ce6ef8c930a19ec08cf0198dfb7c3fb48a

Download Submit
C:\Windows\system\vEjNKwY.exe

Filesize
8B

MD5
4660a46da923a53682c73e31f5e85d99

SHA1
783c662cbe5947d29a97fe498c1594e5d2e3e8dc

SHA256
baa676ea7ae1b95a1552eb575501a62fb6128cb5ffa8225822d34734527dccb6

SHA512
31a17c181fb654b1d83a3e3b3bea0db9764af88f210d874cb87f818858fdacd4e4f31d619e09300edbf80032c3e2ed34d1444e9d407656586f1b47e9dc276367

Download Submit
C:\Windows\system\yYDMycz.exe

Filesize
6.0MB

MD5
d3ea6c89e56b63745fb508aa2e7209fd

SHA1
d46e9448ef04cb46c661fbdf57472cd128243402

SHA256
9098d12438b9176fd87873b2ef8c4de68ab7b0a3e23a016eecb3266b511bb3e4

SHA512
469e61d44f65223f165e850bfa6af1f73e40a9f5c26e36203795b115600339f09a58e1d307b9450fb569768d3d4e1f267c0ec8037c1a898079bdb9ddbfb5fae6

Download Submit
\Windows\system\HgMHbBw.exe

Filesize
6.0MB

MD5
0b2960bd5ef32401eaa472420d42742a

SHA1
8ba469266ea34ee5473260f13f9277cd750fbe3b

SHA256
e7d58ca1b47ff28f70f489f4fbb945705fe6e0f4ccd51ebd9230eb03f4ca8287

SHA512
7a20dc18ee49675213aa5c49f913d3839921104ba04fa8a8aebac4f8bd7828db7ffe22391f920dbea7c0e262786620c25e7a62e8f6c493032091469622e30714

Download Submit
\Windows\system\WrrIjQw.exe

Filesize
6.0MB

MD5
4cf5190d5d7f7b870ff7d62d7e009d44

SHA1
98c0eb06711ce2f3e4d05391133ae30030271059

SHA256
87fd7df580e8e0c2d7efb05ce11761af4a116e838a75956101153551fc6fab25

SHA512
e6da3cd6699fff4b1abf66d14b2658ca8954bd713ff6a3612dba4a4c339b717a4fb64debca9b554cc25f0fbcdb5801cd875eb38accbc1e5869125e197fa6fcd4

Download Submit
\Windows\system\jLHXzIF.exe

Filesize
6.0MB

MD5
63b92716fb5084d5d8d297cc358e417d

SHA1
aa9b72d2935cd27c320ff90268bb6a555b90ff42

SHA256
db5f12cdbb524422dabcde4ddd505fe273f9a9dbdab3980b28e785055baa7f60

SHA512
3983ba34108325e148ababee4f2400051898a5b3b073776ac5953d4048ce5f6ab1b103c2e5fa122cb97a4486de8ef655a97569afaa6efc0e033f775d1f9e2e1d

Download Submit
\Windows\system\tZKYOzz.exe

Filesize
6.0MB

MD5
d8cf61cd08b7f96f75630cd2c60ff547

SHA1
27cd56dee22e6bec009160b685004030588ca88c

SHA256
24414031f1477178c036359873de81d5e1e96fba65375d0a6435769bf73f0abc

SHA512
443293bc18c15ff755178d13f3bf3c851cf8265fc2d390e256ba678f996f262280ab74735409d858f0a3cc95d00c1c763974f47820177e8fc6367ba3583151be

Download Submit
\Windows\system\xWUkrRg.exe

Filesize
6.0MB

MD5
868540cf5e7c5dc0328c3ff7cbd51ccb

SHA1
30cc8f6b3d5c33b665e14fd8789fb9b372301130

SHA256
7cae5f63638ecc9bf2cca1b3f7d28a506f64a8b3db10b9b445e8cea4bf334386

SHA512
2a8d83254e66984a21c20ad68e537ad1d62bcce407e1e967afeda10c3c7a180560d0ee29b511d2201bc55be5974214206b4af38e0786b73a7c3c73ae11933950

Download Submit
memory/1276-3608-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1276-53-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-70-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1988-3314-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1988-24-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2188-3297-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-8-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-57-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-3638-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-62-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-50-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-74-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-1468-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2284-103-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-1170-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-16-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-881-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-446-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-445-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-229-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-228-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2284-90-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-0-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-30-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-58-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-84-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-40-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-12-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2284-83-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-28-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2508-3884-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2508-99-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2508-1321-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-3875-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2544-93-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2544-1025-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2576-32-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3335-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3760-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2604-77-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2612-85-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3746-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-87-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-3764-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3742-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-86-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3603-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-89-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-34-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-82-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3306-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-27-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/3056-3606-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/3056-56-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/3056-104-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download