cobaltstrike | dd58e1874b5daa8895c451a7a9909808151643d7e86c88a560c52dd91f09e077

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-09-2024 19:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

59cb54f98d05cbe25a90061d4c985d99
SHA1

c22b31ebf1aa8bb623facfc470cf5b973228eeac
SHA256

dd58e1874b5daa8895c451a7a9909808151643d7e86c88a560c52dd91f09e077
SHA512

e95e45fd5a6bbe5e8ae76cb14c8c2253f9f0f339cce32de17e9add954b2e4896f80f4e3d2fa4d84c0536a6a5993524b5f1e6764549ff8b629e446664e091eaba
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU+:T+q56utgpPF8u/7+

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012029-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014b28-7.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000014b54-9.dat	cobalt_reflective_dll
behavioral1/files/0x003500000001487e-25.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014bda-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014cde-37.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014f7b-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015016-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d11-62.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d33-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016db8-112.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd6-126.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175d2-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001875d-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018761-196.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-186.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186de-181.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186d2-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018669-171.dat	cobalt_reflective_dll
behavioral1/files/0x0031000000018654-166.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175cc-156.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175c6-151.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017546-146.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000170b5-141.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017051-136.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ee0-131.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd2-121.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dc7-116.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016db3-98.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4e-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4a-83.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d46-77.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2192-0-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012029-3.dat	xmrig
behavioral1/files/0x0008000000014b28-7.dat	xmrig
behavioral1/memory/2748-15-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2588-11-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x0009000000014b54-9.dat	xmrig
behavioral1/files/0x003500000001487e-25.dat	xmrig
behavioral1/memory/2716-28-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2192-26-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2604-24-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2192-34-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2104-35-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x0008000000014bda-33.dat	xmrig
behavioral1/files/0x0007000000014cde-37.dat	xmrig
behavioral1/memory/2712-44-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2588-43-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000014f7b-45.dat	xmrig
behavioral1/memory/2524-51-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015016-52.dat	xmrig
behavioral1/memory/2192-56-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2924-58-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2748-53-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/1960-66-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2716-63-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d11-62.dat	xmrig
behavioral1/memory/2104-71-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/564-72-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d33-70.dat	xmrig
behavioral1/memory/376-78-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/1332-85-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2924-91-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/1784-100-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/1960-99-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016db8-112.dat	xmrig
behavioral1/files/0x0006000000016dd6-126.dat	xmrig
behavioral1/files/0x00060000000175d2-161.dat	xmrig
behavioral1/files/0x000500000001875d-191.dat	xmrig
behavioral1/memory/1332-615-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2680-737-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2192-738-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/376-416-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/1784-749-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/564-211-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018761-196.dat	xmrig
behavioral1/files/0x00050000000186ee-186.dat	xmrig
behavioral1/files/0x00050000000186de-181.dat	xmrig
behavioral1/files/0x00050000000186d2-176.dat	xmrig
behavioral1/files/0x0005000000018669-171.dat	xmrig
behavioral1/files/0x0031000000018654-166.dat	xmrig
behavioral1/files/0x00060000000175cc-156.dat	xmrig
behavioral1/files/0x00060000000175c6-151.dat	xmrig
behavioral1/files/0x0006000000017546-146.dat	xmrig
behavioral1/files/0x00060000000170b5-141.dat	xmrig
behavioral1/files/0x0006000000017051-136.dat	xmrig
behavioral1/files/0x0006000000016ee0-131.dat	xmrig
behavioral1/files/0x0006000000016dd2-121.dat	xmrig
behavioral1/files/0x0006000000016dc7-116.dat	xmrig
behavioral1/files/0x0006000000016db3-98.dat	xmrig
behavioral1/memory/2192-96-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2192-95-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2680-92-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d4e-90.dat	xmrig
behavioral1/files/0x0006000000016d4a-83.dat	xmrig
behavioral1/files/0x0006000000016d46-77.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2588	mBtdNOD.exe
2748	cPsTbQJ.exe
2604	XnCIEeu.exe
2716	wALcaxG.exe
2104	PDuEqwe.exe
2712	zQdKMsF.exe
2524	fyaVtZp.exe
2924	YbXEnWf.exe
1960	lXgsxAl.exe
564	bZHXjnV.exe
376	CMaTbRP.exe
1332	TYcFqha.exe
2680	qZwuxYc.exe
1784	UmKJOdq.exe
2500	ypxKFiI.exe
1920	sEaFZeX.exe
2364	HjQOuwG.exe
1968	AFoFdQP.exe
1168	AIPySfz.exe
1664	mCHZCeo.exe
2684	yTENEzP.exe
2448	YGGJhKg.exe
1872	rJHIixI.exe
1868	QlFaSfy.exe
2304	pesfukQ.exe
2064	EZUEJNe.exe
2120	RjJJMSA.exe
2072	yFSwLdi.exe
2644	hUfkhTz.exe
2336	JuNmyfx.exe
1484	ANeWupZ.exe
1572	dRtpyDK.exe
2140	EsORdJV.exe
1116	iGIdilx.exe
2084	KYSMrzb.exe
884	GiKAjio.exe
772	fPfmFLS.exe
3036	XmqSQUh.exe
2984	FiNgIdA.exe
1708	lJBBHOM.exe
1712	BbzSTXm.exe
1384	DhDAZir.exe
896	mZTNlZo.exe
3056	eLXtIDB.exe
2864	IUCQckQ.exe
1200	DknsgBC.exe
2040	PLJlPgj.exe
2832	nwhFZip.exe
2012	ZkbBWgi.exe
3044	aRSTwte.exe
1668	kCJjmiF.exe
1468	ULrYgdB.exe
1956	wTLqFxI.exe
868	fCewQPM.exe
1672	zasywmX.exe
308	kwArarz.exe
1520	RLyGUjo.exe
1648	Loivbux.exe
2088	tcEdehJ.exe
2740	ZRFRZLn.exe
2752	bcZeffj.exe
2496	KKnwSgN.exe
2624	VhUYEES.exe
2560	JqgoMSx.exe

Loads dropped DLL 64 IoCs

pid	Process
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2192-0-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x000b000000012029-3.dat	upx
behavioral1/files/0x0008000000014b28-7.dat	upx
behavioral1/memory/2748-15-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2588-11-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x0009000000014b54-9.dat	upx
behavioral1/files/0x003500000001487e-25.dat	upx
behavioral1/memory/2716-28-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2604-24-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2192-34-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2104-35-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x0008000000014bda-33.dat	upx
behavioral1/files/0x0007000000014cde-37.dat	upx
behavioral1/memory/2712-44-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2588-43-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x0007000000014f7b-45.dat	upx
behavioral1/memory/2524-51-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x0007000000015016-52.dat	upx
behavioral1/memory/2924-58-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2748-53-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/1960-66-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2716-63-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x0007000000016d11-62.dat	upx
behavioral1/memory/2104-71-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/564-72-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x0006000000016d33-70.dat	upx
behavioral1/memory/376-78-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/1332-85-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2924-91-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/1784-100-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/1960-99-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/files/0x0006000000016db8-112.dat	upx
behavioral1/files/0x0006000000016dd6-126.dat	upx
behavioral1/files/0x00060000000175d2-161.dat	upx
behavioral1/files/0x000500000001875d-191.dat	upx
behavioral1/memory/1332-615-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2680-737-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/376-416-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/1784-749-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/564-211-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x0005000000018761-196.dat	upx
behavioral1/files/0x00050000000186ee-186.dat	upx
behavioral1/files/0x00050000000186de-181.dat	upx
behavioral1/files/0x00050000000186d2-176.dat	upx
behavioral1/files/0x0005000000018669-171.dat	upx
behavioral1/files/0x0031000000018654-166.dat	upx
behavioral1/files/0x00060000000175cc-156.dat	upx
behavioral1/files/0x00060000000175c6-151.dat	upx
behavioral1/files/0x0006000000017546-146.dat	upx
behavioral1/files/0x00060000000170b5-141.dat	upx
behavioral1/files/0x0006000000017051-136.dat	upx
behavioral1/files/0x0006000000016ee0-131.dat	upx
behavioral1/files/0x0006000000016dd2-121.dat	upx
behavioral1/files/0x0006000000016dc7-116.dat	upx
behavioral1/files/0x0006000000016db3-98.dat	upx
behavioral1/memory/2680-92-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x0006000000016d4e-90.dat	upx
behavioral1/files/0x0006000000016d4a-83.dat	upx
behavioral1/files/0x0006000000016d46-77.dat	upx
behavioral1/memory/2748-3989-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2588-3999-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2716-4002-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2604-4003-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2104-4004-0x000000013F130000-0x000000013F484000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rJHIixI.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OvOTmNF.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CsMBPEs.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YkfvOXw.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LURDepp.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BOQsMBM.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BTbGKpP.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RSCBhnT.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZIJHuPM.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iBUpikE.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VimfzML.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SffOhsY.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TAJkEkd.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\subUsCF.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KYSMrzb.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JEKqoLD.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SkKOXdz.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KKggjcq.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SVbgvYe.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfFZlys.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\veZmehe.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KhJaGyE.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QeUeqYi.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OEXMsFM.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\StTYmiW.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjemYkC.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VQGNWcD.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFbNvXn.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gXgSQYM.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQOHJGX.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qYXoSzS.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eXxaOaL.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GOPotqw.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BhaDqGG.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DBrPowP.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\srQxqgt.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCGdNPh.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YfynIQn.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqPBCCy.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TVwNWmp.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EsORdJV.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLXtIDB.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wXXyXNF.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rgXKfgl.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SgZRHPo.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DgObUlF.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvYTtAR.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kfuAwYB.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PDuEqwe.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iBmLiMy.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ayawsfr.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ssDmNHQ.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JqsjTyO.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MUiMYXn.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MjcbFth.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EYkgbpA.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIhIFrd.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\caHVpiX.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QcjxQdN.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pzhFnYz.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uENDAbR.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UNzOLKn.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WrywWJE.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nPuOBHP.exe	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2588	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2192 wrote to memory of 2588	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2192 wrote to memory of 2588	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2192 wrote to memory of 2748	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2192 wrote to memory of 2748	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2192 wrote to memory of 2748	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2192 wrote to memory of 2604	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2192 wrote to memory of 2604	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2192 wrote to memory of 2604	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2192 wrote to memory of 2716	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2192 wrote to memory of 2716	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2192 wrote to memory of 2716	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2192 wrote to memory of 2104	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2192 wrote to memory of 2104	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2192 wrote to memory of 2104	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2192 wrote to memory of 2712	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2192 wrote to memory of 2712	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2192 wrote to memory of 2712	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2192 wrote to memory of 2524	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2192 wrote to memory of 2524	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2192 wrote to memory of 2524	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2192 wrote to memory of 2924	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2192 wrote to memory of 2924	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2192 wrote to memory of 2924	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2192 wrote to memory of 1960	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2192 wrote to memory of 1960	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2192 wrote to memory of 1960	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2192 wrote to memory of 564	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2192 wrote to memory of 564	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2192 wrote to memory of 564	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2192 wrote to memory of 376	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2192 wrote to memory of 376	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2192 wrote to memory of 376	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2192 wrote to memory of 1332	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2192 wrote to memory of 1332	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2192 wrote to memory of 1332	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2192 wrote to memory of 2680	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2192 wrote to memory of 2680	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2192 wrote to memory of 2680	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2192 wrote to memory of 1784	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2192 wrote to memory of 1784	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2192 wrote to memory of 1784	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2192 wrote to memory of 2500	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2192 wrote to memory of 2500	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2192 wrote to memory of 2500	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2192 wrote to memory of 1920	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2192 wrote to memory of 1920	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2192 wrote to memory of 1920	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2192 wrote to memory of 2364	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2192 wrote to memory of 2364	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2192 wrote to memory of 2364	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2192 wrote to memory of 1968	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2192 wrote to memory of 1968	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2192 wrote to memory of 1968	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2192 wrote to memory of 1168	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2192 wrote to memory of 1168	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2192 wrote to memory of 1168	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2192 wrote to memory of 1664	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2192 wrote to memory of 1664	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2192 wrote to memory of 1664	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2192 wrote to memory of 2684	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2192 wrote to memory of 2684	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2192 wrote to memory of 2684	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2192 wrote to memory of 2448	2192	2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-24_59cb54f98d05cbe25a90061d4c985d99_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Windows\System\mBtdNOD.exe
  C:\Windows\System\mBtdNOD.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\cPsTbQJ.exe
  C:\Windows\System\cPsTbQJ.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\XnCIEeu.exe
  C:\Windows\System\XnCIEeu.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\wALcaxG.exe
  C:\Windows\System\wALcaxG.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\PDuEqwe.exe
  C:\Windows\System\PDuEqwe.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\zQdKMsF.exe
  C:\Windows\System\zQdKMsF.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\fyaVtZp.exe
  C:\Windows\System\fyaVtZp.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\YbXEnWf.exe
  C:\Windows\System\YbXEnWf.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\lXgsxAl.exe
  C:\Windows\System\lXgsxAl.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\bZHXjnV.exe
  C:\Windows\System\bZHXjnV.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\CMaTbRP.exe
  C:\Windows\System\CMaTbRP.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\TYcFqha.exe
  C:\Windows\System\TYcFqha.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\qZwuxYc.exe
  C:\Windows\System\qZwuxYc.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\UmKJOdq.exe
  C:\Windows\System\UmKJOdq.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\ypxKFiI.exe
  C:\Windows\System\ypxKFiI.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\sEaFZeX.exe
  C:\Windows\System\sEaFZeX.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\HjQOuwG.exe
  C:\Windows\System\HjQOuwG.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\AFoFdQP.exe
  C:\Windows\System\AFoFdQP.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\AIPySfz.exe
  C:\Windows\System\AIPySfz.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\mCHZCeo.exe
  C:\Windows\System\mCHZCeo.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\yTENEzP.exe
  C:\Windows\System\yTENEzP.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\YGGJhKg.exe
  C:\Windows\System\YGGJhKg.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\rJHIixI.exe
  C:\Windows\System\rJHIixI.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\QlFaSfy.exe
  C:\Windows\System\QlFaSfy.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\pesfukQ.exe
  C:\Windows\System\pesfukQ.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\EZUEJNe.exe
  C:\Windows\System\EZUEJNe.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\RjJJMSA.exe
  C:\Windows\System\RjJJMSA.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\yFSwLdi.exe
  C:\Windows\System\yFSwLdi.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\hUfkhTz.exe
  C:\Windows\System\hUfkhTz.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\JuNmyfx.exe
  C:\Windows\System\JuNmyfx.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\ANeWupZ.exe
  C:\Windows\System\ANeWupZ.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\dRtpyDK.exe
  C:\Windows\System\dRtpyDK.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\EsORdJV.exe
  C:\Windows\System\EsORdJV.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\iGIdilx.exe
  C:\Windows\System\iGIdilx.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\KYSMrzb.exe
  C:\Windows\System\KYSMrzb.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\GiKAjio.exe
  C:\Windows\System\GiKAjio.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\fPfmFLS.exe
  C:\Windows\System\fPfmFLS.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\XmqSQUh.exe
  C:\Windows\System\XmqSQUh.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\FiNgIdA.exe
  C:\Windows\System\FiNgIdA.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\lJBBHOM.exe
  C:\Windows\System\lJBBHOM.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\BbzSTXm.exe
  C:\Windows\System\BbzSTXm.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\DhDAZir.exe
  C:\Windows\System\DhDAZir.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\mZTNlZo.exe
  C:\Windows\System\mZTNlZo.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\eLXtIDB.exe
  C:\Windows\System\eLXtIDB.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\IUCQckQ.exe
  C:\Windows\System\IUCQckQ.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\DknsgBC.exe
  C:\Windows\System\DknsgBC.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\PLJlPgj.exe
  C:\Windows\System\PLJlPgj.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\nwhFZip.exe
  C:\Windows\System\nwhFZip.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\ZkbBWgi.exe
  C:\Windows\System\ZkbBWgi.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\aRSTwte.exe
  C:\Windows\System\aRSTwte.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\kCJjmiF.exe
  C:\Windows\System\kCJjmiF.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\ULrYgdB.exe
  C:\Windows\System\ULrYgdB.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\wTLqFxI.exe
  C:\Windows\System\wTLqFxI.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\fCewQPM.exe
  C:\Windows\System\fCewQPM.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\zasywmX.exe
  C:\Windows\System\zasywmX.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\kwArarz.exe
  C:\Windows\System\kwArarz.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\RLyGUjo.exe
  C:\Windows\System\RLyGUjo.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\Loivbux.exe
  C:\Windows\System\Loivbux.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\tcEdehJ.exe
  C:\Windows\System\tcEdehJ.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\ZRFRZLn.exe
  C:\Windows\System\ZRFRZLn.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\bcZeffj.exe
  C:\Windows\System\bcZeffj.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\KKnwSgN.exe
  C:\Windows\System\KKnwSgN.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\VhUYEES.exe
  C:\Windows\System\VhUYEES.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\JqgoMSx.exe
  C:\Windows\System\JqgoMSx.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\LgOkSXT.exe
  C:\Windows\System\LgOkSXT.exe
  2⤵
  PID:2488
- C:\Windows\System\hwVIWzF.exe
  C:\Windows\System\hwVIWzF.exe
  2⤵
  PID:2916
- C:\Windows\System\efyKaGx.exe
  C:\Windows\System\efyKaGx.exe
  2⤵
  PID:2096
- C:\Windows\System\MQVBtWy.exe
  C:\Windows\System\MQVBtWy.exe
  2⤵
  PID:344
- C:\Windows\System\HsRAJWt.exe
  C:\Windows\System\HsRAJWt.exe
  2⤵
  PID:676
- C:\Windows\System\zYyxnCo.exe
  C:\Windows\System\zYyxnCo.exe
  2⤵
  PID:2520
- C:\Windows\System\jYSETOJ.exe
  C:\Windows\System\jYSETOJ.exe
  2⤵
  PID:1020
- C:\Windows\System\oMgkOxo.exe
  C:\Windows\System\oMgkOxo.exe
  2⤵
  PID:1940
- C:\Windows\System\GtxYujA.exe
  C:\Windows\System\GtxYujA.exe
  2⤵
  PID:2648
- C:\Windows\System\jALblrC.exe
  C:\Windows\System\jALblrC.exe
  2⤵
  PID:1932
- C:\Windows\System\qgiLHlg.exe
  C:\Windows\System\qgiLHlg.exe
  2⤵
  PID:2528
- C:\Windows\System\IWQHZze.exe
  C:\Windows\System\IWQHZze.exe
  2⤵
  PID:1460
- C:\Windows\System\KyLLIkI.exe
  C:\Windows\System\KyLLIkI.exe
  2⤵
  PID:1904
- C:\Windows\System\SjEhsQv.exe
  C:\Windows\System\SjEhsQv.exe
  2⤵
  PID:2324
- C:\Windows\System\XIdVZjZ.exe
  C:\Windows\System\XIdVZjZ.exe
  2⤵
  PID:348
- C:\Windows\System\HIxfrHl.exe
  C:\Windows\System\HIxfrHl.exe
  2⤵
  PID:2508
- C:\Windows\System\pksMwwD.exe
  C:\Windows\System\pksMwwD.exe
  2⤵
  PID:752
- C:\Windows\System\CSCQeuA.exe
  C:\Windows\System\CSCQeuA.exe
  2⤵
  PID:1524
- C:\Windows\System\KJRLpAN.exe
  C:\Windows\System\KJRLpAN.exe
  2⤵
  PID:2360
- C:\Windows\System\cRnkEYX.exe
  C:\Windows\System\cRnkEYX.exe
  2⤵
  PID:1844
- C:\Windows\System\mfCewOu.exe
  C:\Windows\System\mfCewOu.exe
  2⤵
  PID:1472
- C:\Windows\System\gEfkuYj.exe
  C:\Windows\System\gEfkuYj.exe
  2⤵
  PID:1320
- C:\Windows\System\AhxTPbi.exe
  C:\Windows\System\AhxTPbi.exe
  2⤵
  PID:2888
- C:\Windows\System\sGCdzxw.exe
  C:\Windows\System\sGCdzxw.exe
  2⤵
  PID:1740
- C:\Windows\System\ESTgyrp.exe
  C:\Windows\System\ESTgyrp.exe
  2⤵
  PID:1272
- C:\Windows\System\iBmLiMy.exe
  C:\Windows\System\iBmLiMy.exe
  2⤵
  PID:1724
- C:\Windows\System\DNTcbSL.exe
  C:\Windows\System\DNTcbSL.exe
  2⤵
  PID:1608
- C:\Windows\System\cVoulkN.exe
  C:\Windows\System\cVoulkN.exe
  2⤵
  PID:2216
- C:\Windows\System\TlqrBaN.exe
  C:\Windows\System\TlqrBaN.exe
  2⤵
  PID:2544
- C:\Windows\System\xmwvGfk.exe
  C:\Windows\System\xmwvGfk.exe
  2⤵
  PID:1328
- C:\Windows\System\lReQzeG.exe
  C:\Windows\System\lReQzeG.exe
  2⤵
  PID:616
- C:\Windows\System\ghhTpqc.exe
  C:\Windows\System\ghhTpqc.exe
  2⤵
  PID:1540
- C:\Windows\System\asdZLoJ.exe
  C:\Windows\System\asdZLoJ.exe
  2⤵
  PID:1588
- C:\Windows\System\MNYAHid.exe
  C:\Windows\System\MNYAHid.exe
  2⤵
  PID:2568
- C:\Windows\System\GBJITei.exe
  C:\Windows\System\GBJITei.exe
  2⤵
  PID:2768
- C:\Windows\System\mGbSeMk.exe
  C:\Windows\System\mGbSeMk.exe
  2⤵
  PID:2464
- C:\Windows\System\yUjmEZj.exe
  C:\Windows\System\yUjmEZj.exe
  2⤵
  PID:2620
- C:\Windows\System\PjGPUDX.exe
  C:\Windows\System\PjGPUDX.exe
  2⤵
  PID:2132
- C:\Windows\System\fuaByBI.exe
  C:\Windows\System\fuaByBI.exe
  2⤵
  PID:1080
- C:\Windows\System\hAxfEjG.exe
  C:\Windows\System\hAxfEjG.exe
  2⤵
  PID:2664
- C:\Windows\System\wUQiaxT.exe
  C:\Windows\System\wUQiaxT.exe
  2⤵
  PID:1928
- C:\Windows\System\uTAsLKD.exe
  C:\Windows\System\uTAsLKD.exe
  2⤵
  PID:2280
- C:\Windows\System\tdBcQeP.exe
  C:\Windows\System\tdBcQeP.exe
  2⤵
  PID:1452
- C:\Windows\System\ozYCuYL.exe
  C:\Windows\System\ozYCuYL.exe
  2⤵
  PID:1696
- C:\Windows\System\RHXjkPx.exe
  C:\Windows\System\RHXjkPx.exe
  2⤵
  PID:1592
- C:\Windows\System\fsYDhbc.exe
  C:\Windows\System\fsYDhbc.exe
  2⤵
  PID:1848
- C:\Windows\System\Ayawsfr.exe
  C:\Windows\System\Ayawsfr.exe
  2⤵
  PID:2196
- C:\Windows\System\wcKiXny.exe
  C:\Windows\System\wcKiXny.exe
  2⤵
  PID:596
- C:\Windows\System\MBqAVuO.exe
  C:\Windows\System\MBqAVuO.exe
  2⤵
  PID:448
- C:\Windows\System\xYXUTJk.exe
  C:\Windows\System\xYXUTJk.exe
  2⤵
  PID:2076
- C:\Windows\System\fBrufBn.exe
  C:\Windows\System\fBrufBn.exe
  2⤵
  PID:1660
- C:\Windows\System\LKtEytP.exe
  C:\Windows\System\LKtEytP.exe
  2⤵
  PID:688
- C:\Windows\System\TSXnUEd.exe
  C:\Windows\System\TSXnUEd.exe
  2⤵
  PID:2204
- C:\Windows\System\EIioyWj.exe
  C:\Windows\System\EIioyWj.exe
  2⤵
  PID:1444
- C:\Windows\System\aRKsTnF.exe
  C:\Windows\System\aRKsTnF.exe
  2⤵
  PID:888
- C:\Windows\System\BPIEJnF.exe
  C:\Windows\System\BPIEJnF.exe
  2⤵
  PID:2836
- C:\Windows\System\CZRzmdO.exe
  C:\Windows\System\CZRzmdO.exe
  2⤵
  PID:2788
- C:\Windows\System\hYdWUOP.exe
  C:\Windows\System\hYdWUOP.exe
  2⤵
  PID:2576
- C:\Windows\System\CdPMxRH.exe
  C:\Windows\System\CdPMxRH.exe
  2⤵
  PID:1052
- C:\Windows\System\lDjHSkD.exe
  C:\Windows\System\lDjHSkD.exe
  2⤵
  PID:2932
- C:\Windows\System\dvsjCNZ.exe
  C:\Windows\System\dvsjCNZ.exe
  2⤵
  PID:1688
- C:\Windows\System\Xcifhop.exe
  C:\Windows\System\Xcifhop.exe
  2⤵
  PID:2692
- C:\Windows\System\GBaXXWm.exe
  C:\Windows\System\GBaXXWm.exe
  2⤵
  PID:2296
- C:\Windows\System\ONwyTBC.exe
  C:\Windows\System\ONwyTBC.exe
  2⤵
  PID:1864
- C:\Windows\System\lYXFdXq.exe
  C:\Windows\System\lYXFdXq.exe
  2⤵
  PID:1056
- C:\Windows\System\jtkVUHS.exe
  C:\Windows\System\jtkVUHS.exe
  2⤵
  PID:544
- C:\Windows\System\KGEPVzo.exe
  C:\Windows\System\KGEPVzo.exe
  2⤵
  PID:2444
- C:\Windows\System\ItUFtVR.exe
  C:\Windows\System\ItUFtVR.exe
  2⤵
  PID:924
- C:\Windows\System\kdrELMx.exe
  C:\Windows\System\kdrELMx.exe
  2⤵
  PID:2540
- C:\Windows\System\DxMXMLx.exe
  C:\Windows\System\DxMXMLx.exe
  2⤵
  PID:2348
- C:\Windows\System\SfsZLuf.exe
  C:\Windows\System\SfsZLuf.exe
  2⤵
  PID:288
- C:\Windows\System\pFsVNRy.exe
  C:\Windows\System\pFsVNRy.exe
  2⤵
  PID:2844
- C:\Windows\System\LwrrUcm.exe
  C:\Windows\System\LwrrUcm.exe
  2⤵
  PID:272
- C:\Windows\System\JCaWDYE.exe
  C:\Windows\System\JCaWDYE.exe
  2⤵
  PID:2288
- C:\Windows\System\IQVeKPa.exe
  C:\Windows\System\IQVeKPa.exe
  2⤵
  PID:2036
- C:\Windows\System\swFfeDq.exe
  C:\Windows\System\swFfeDq.exe
  2⤵
  PID:1556
- C:\Windows\System\brgRmel.exe
  C:\Windows\System\brgRmel.exe
  2⤵
  PID:1744
- C:\Windows\System\Uytzbqi.exe
  C:\Windows\System\Uytzbqi.exe
  2⤵
  PID:904
- C:\Windows\System\TntNavI.exe
  C:\Windows\System\TntNavI.exe
  2⤵
  PID:3080
- C:\Windows\System\HcbEpyo.exe
  C:\Windows\System\HcbEpyo.exe
  2⤵
  PID:3100
- C:\Windows\System\YSNpAkT.exe
  C:\Windows\System\YSNpAkT.exe
  2⤵
  PID:3120
- C:\Windows\System\GauLuga.exe
  C:\Windows\System\GauLuga.exe
  2⤵
  PID:3140
- C:\Windows\System\yyaNrdb.exe
  C:\Windows\System\yyaNrdb.exe
  2⤵
  PID:3160
- C:\Windows\System\nBIUXyN.exe
  C:\Windows\System\nBIUXyN.exe
  2⤵
  PID:3176
- C:\Windows\System\YCIbndm.exe
  C:\Windows\System\YCIbndm.exe
  2⤵
  PID:3200
- C:\Windows\System\NCVNYFd.exe
  C:\Windows\System\NCVNYFd.exe
  2⤵
  PID:3216
- C:\Windows\System\VKPUZcR.exe
  C:\Windows\System\VKPUZcR.exe
  2⤵
  PID:3240
- C:\Windows\System\zjakMXz.exe
  C:\Windows\System\zjakMXz.exe
  2⤵
  PID:3256
- C:\Windows\System\OvOTmNF.exe
  C:\Windows\System\OvOTmNF.exe
  2⤵
  PID:3284
- C:\Windows\System\SkaVXQu.exe
  C:\Windows\System\SkaVXQu.exe
  2⤵
  PID:3304
- C:\Windows\System\ThYyBfb.exe
  C:\Windows\System\ThYyBfb.exe
  2⤵
  PID:3324
- C:\Windows\System\LOajYta.exe
  C:\Windows\System\LOajYta.exe
  2⤵
  PID:3340
- C:\Windows\System\dhEiVWT.exe
  C:\Windows\System\dhEiVWT.exe
  2⤵
  PID:3364
- C:\Windows\System\BmrBrid.exe
  C:\Windows\System\BmrBrid.exe
  2⤵
  PID:3384
- C:\Windows\System\HyisqqK.exe
  C:\Windows\System\HyisqqK.exe
  2⤵
  PID:3404
- C:\Windows\System\EzKBQBf.exe
  C:\Windows\System\EzKBQBf.exe
  2⤵
  PID:3424
- C:\Windows\System\ztwUHxb.exe
  C:\Windows\System\ztwUHxb.exe
  2⤵
  PID:3444
- C:\Windows\System\TkTzDBj.exe
  C:\Windows\System\TkTzDBj.exe
  2⤵
  PID:3460
- C:\Windows\System\btXDPOS.exe
  C:\Windows\System\btXDPOS.exe
  2⤵
  PID:3480
- C:\Windows\System\ZYweXhi.exe
  C:\Windows\System\ZYweXhi.exe
  2⤵
  PID:3500
- C:\Windows\System\OcBudgl.exe
  C:\Windows\System\OcBudgl.exe
  2⤵
  PID:3520
- C:\Windows\System\SkmGhSD.exe
  C:\Windows\System\SkmGhSD.exe
  2⤵
  PID:3544
- C:\Windows\System\wAPtxBo.exe
  C:\Windows\System\wAPtxBo.exe
  2⤵
  PID:3564
- C:\Windows\System\rawuBms.exe
  C:\Windows\System\rawuBms.exe
  2⤵
  PID:3584
- C:\Windows\System\LBGobyy.exe
  C:\Windows\System\LBGobyy.exe
  2⤵
  PID:3604
- C:\Windows\System\GVwzFsD.exe
  C:\Windows\System\GVwzFsD.exe
  2⤵
  PID:3624
- C:\Windows\System\qlFEgQw.exe
  C:\Windows\System\qlFEgQw.exe
  2⤵
  PID:3648
- C:\Windows\System\CZpqioI.exe
  C:\Windows\System\CZpqioI.exe
  2⤵
  PID:3668
- C:\Windows\System\HNcHwHe.exe
  C:\Windows\System\HNcHwHe.exe
  2⤵
  PID:3688
- C:\Windows\System\WBqcTNF.exe
  C:\Windows\System\WBqcTNF.exe
  2⤵
  PID:3708
- C:\Windows\System\kWNSSgC.exe
  C:\Windows\System\kWNSSgC.exe
  2⤵
  PID:3728
- C:\Windows\System\vkFXkOj.exe
  C:\Windows\System\vkFXkOj.exe
  2⤵
  PID:3744
- C:\Windows\System\qUGSeTx.exe
  C:\Windows\System\qUGSeTx.exe
  2⤵
  PID:3764
- C:\Windows\System\xyGZJui.exe
  C:\Windows\System\xyGZJui.exe
  2⤵
  PID:3784
- C:\Windows\System\wXXyXNF.exe
  C:\Windows\System\wXXyXNF.exe
  2⤵
  PID:3808
- C:\Windows\System\hrEZTXY.exe
  C:\Windows\System\hrEZTXY.exe
  2⤵
  PID:3828
- C:\Windows\System\Dddwndj.exe
  C:\Windows\System\Dddwndj.exe
  2⤵
  PID:3848
- C:\Windows\System\MbWzBtV.exe
  C:\Windows\System\MbWzBtV.exe
  2⤵
  PID:3864
- C:\Windows\System\tBUMNYi.exe
  C:\Windows\System\tBUMNYi.exe
  2⤵
  PID:3884
- C:\Windows\System\JNktXgc.exe
  C:\Windows\System\JNktXgc.exe
  2⤵
  PID:3904
- C:\Windows\System\axklyTb.exe
  C:\Windows\System\axklyTb.exe
  2⤵
  PID:3928
- C:\Windows\System\nCGdNPh.exe
  C:\Windows\System\nCGdNPh.exe
  2⤵
  PID:3948
- C:\Windows\System\ltNDbPR.exe
  C:\Windows\System\ltNDbPR.exe
  2⤵
  PID:3968
- C:\Windows\System\RLNHcdt.exe
  C:\Windows\System\RLNHcdt.exe
  2⤵
  PID:3984
- C:\Windows\System\sRBhgjg.exe
  C:\Windows\System\sRBhgjg.exe
  2⤵
  PID:4008
- C:\Windows\System\hQtZdqH.exe
  C:\Windows\System\hQtZdqH.exe
  2⤵
  PID:4024
- C:\Windows\System\PnhMivW.exe
  C:\Windows\System\PnhMivW.exe
  2⤵
  PID:4048
- C:\Windows\System\NzHMNGP.exe
  C:\Windows\System\NzHMNGP.exe
  2⤵
  PID:4068
- C:\Windows\System\GCFRteg.exe
  C:\Windows\System\GCFRteg.exe
  2⤵
  PID:4088
- C:\Windows\System\LhuCSJD.exe
  C:\Windows\System\LhuCSJD.exe
  2⤵
  PID:2908
- C:\Windows\System\dEZoXFn.exe
  C:\Windows\System\dEZoXFn.exe
  2⤵
  PID:1544
- C:\Windows\System\nHrqiID.exe
  C:\Windows\System\nHrqiID.exe
  2⤵
  PID:2004
- C:\Windows\System\XAXUAbp.exe
  C:\Windows\System\XAXUAbp.exe
  2⤵
  PID:800
- C:\Windows\System\ekfTmMt.exe
  C:\Windows\System\ekfTmMt.exe
  2⤵
  PID:3076
- C:\Windows\System\dXGbpuz.exe
  C:\Windows\System\dXGbpuz.exe
  2⤵
  PID:3116
- C:\Windows\System\ThaHXOg.exe
  C:\Windows\System\ThaHXOg.exe
  2⤵
  PID:3096
- C:\Windows\System\vcOEQNX.exe
  C:\Windows\System\vcOEQNX.exe
  2⤵
  PID:2944
- C:\Windows\System\tYXCJmL.exe
  C:\Windows\System\tYXCJmL.exe
  2⤵
  PID:3188
- C:\Windows\System\znXuJuM.exe
  C:\Windows\System\znXuJuM.exe
  2⤵
  PID:3168
- C:\Windows\System\ssDmNHQ.exe
  C:\Windows\System\ssDmNHQ.exe
  2⤵
  PID:3212
- C:\Windows\System\mGjCkFv.exe
  C:\Windows\System\mGjCkFv.exe
  2⤵
  PID:3276
- C:\Windows\System\RZkQwDY.exe
  C:\Windows\System\RZkQwDY.exe
  2⤵
  PID:3320
- C:\Windows\System\rcyvJex.exe
  C:\Windows\System\rcyvJex.exe
  2⤵
  PID:3352
- C:\Windows\System\UPcRaZT.exe
  C:\Windows\System\UPcRaZT.exe
  2⤵
  PID:3336
- C:\Windows\System\CkrgSTN.exe
  C:\Windows\System\CkrgSTN.exe
  2⤵
  PID:3440
- C:\Windows\System\rGlHKgl.exe
  C:\Windows\System\rGlHKgl.exe
  2⤵
  PID:3436
- C:\Windows\System\kqCCBAO.exe
  C:\Windows\System\kqCCBAO.exe
  2⤵
  PID:3512
- C:\Windows\System\RPOvoiF.exe
  C:\Windows\System\RPOvoiF.exe
  2⤵
  PID:3496
- C:\Windows\System\AYnoJqi.exe
  C:\Windows\System\AYnoJqi.exe
  2⤵
  PID:3536
- C:\Windows\System\xqsUMiW.exe
  C:\Windows\System\xqsUMiW.exe
  2⤵
  PID:3596
- C:\Windows\System\yxSwBUc.exe
  C:\Windows\System\yxSwBUc.exe
  2⤵
  PID:3640
- C:\Windows\System\TaJfQOG.exe
  C:\Windows\System\TaJfQOG.exe
  2⤵
  PID:3280
- C:\Windows\System\ketUtXX.exe
  C:\Windows\System\ketUtXX.exe
  2⤵
  PID:3696
- C:\Windows\System\sOBMwSr.exe
  C:\Windows\System\sOBMwSr.exe
  2⤵
  PID:3720
- C:\Windows\System\hFTtDNs.exe
  C:\Windows\System\hFTtDNs.exe
  2⤵
  PID:3796
- C:\Windows\System\kVtatuN.exe
  C:\Windows\System\kVtatuN.exe
  2⤵
  PID:3740
- C:\Windows\System\WdYaFPu.exe
  C:\Windows\System\WdYaFPu.exe
  2⤵
  PID:3816
- C:\Windows\System\MAWGPIp.exe
  C:\Windows\System\MAWGPIp.exe
  2⤵
  PID:3840
- C:\Windows\System\rgXKfgl.exe
  C:\Windows\System\rgXKfgl.exe
  2⤵
  PID:3920
- C:\Windows\System\StTYmiW.exe
  C:\Windows\System\StTYmiW.exe
  2⤵
  PID:3956
- C:\Windows\System\sbwgsWY.exe
  C:\Windows\System\sbwgsWY.exe
  2⤵
  PID:3964
- C:\Windows\System\sBNirpc.exe
  C:\Windows\System\sBNirpc.exe
  2⤵
  PID:4004
- C:\Windows\System\SRXDXfq.exe
  C:\Windows\System\SRXDXfq.exe
  2⤵
  PID:4032
- C:\Windows\System\wmGIyJv.exe
  C:\Windows\System\wmGIyJv.exe
  2⤵
  PID:4080
- C:\Windows\System\kjPmvwD.exe
  C:\Windows\System\kjPmvwD.exe
  2⤵
  PID:4056
- C:\Windows\System\dLPecgj.exe
  C:\Windows\System\dLPecgj.exe
  2⤵
  PID:2268
- C:\Windows\System\wOerRMm.exe
  C:\Windows\System\wOerRMm.exe
  2⤵
  PID:2212
- C:\Windows\System\qkNqcxf.exe
  C:\Windows\System\qkNqcxf.exe
  2⤵
  PID:2612
- C:\Windows\System\ZIJHuPM.exe
  C:\Windows\System\ZIJHuPM.exe
  2⤵
  PID:3112
- C:\Windows\System\kCXXjro.exe
  C:\Windows\System\kCXXjro.exe
  2⤵
  PID:3132
- C:\Windows\System\UjAkvbU.exe
  C:\Windows\System\UjAkvbU.exe
  2⤵
  PID:3268
- C:\Windows\System\gfjbrEH.exe
  C:\Windows\System\gfjbrEH.exe
  2⤵
  PID:3020
- C:\Windows\System\vyXjwop.exe
  C:\Windows\System\vyXjwop.exe
  2⤵
  PID:3208
- C:\Windows\System\BbZPmag.exe
  C:\Windows\System\BbZPmag.exe
  2⤵
  PID:2476
- C:\Windows\System\IkIhKAb.exe
  C:\Windows\System\IkIhKAb.exe
  2⤵
  PID:3396
- C:\Windows\System\jqTBaqg.exe
  C:\Windows\System\jqTBaqg.exe
  2⤵
  PID:1576
- C:\Windows\System\nPuOBHP.exe
  C:\Windows\System\nPuOBHP.exe
  2⤵
  PID:2672
- C:\Windows\System\rvdvqBx.exe
  C:\Windows\System\rvdvqBx.exe
  2⤵
  PID:2820
- C:\Windows\System\WRSVryg.exe
  C:\Windows\System\WRSVryg.exe
  2⤵
  PID:1420
- C:\Windows\System\PxstMVj.exe
  C:\Windows\System\PxstMVj.exe
  2⤵
  PID:2668
- C:\Windows\System\BPiGmei.exe
  C:\Windows\System\BPiGmei.exe
  2⤵
  PID:3476
- C:\Windows\System\bvvLtDt.exe
  C:\Windows\System\bvvLtDt.exe
  2⤵
  PID:2536
- C:\Windows\System\EKUXgwG.exe
  C:\Windows\System\EKUXgwG.exe
  2⤵
  PID:2376
- C:\Windows\System\NOeftqU.exe
  C:\Windows\System\NOeftqU.exe
  2⤵
  PID:3560
- C:\Windows\System\mGsZHkn.exe
  C:\Windows\System\mGsZHkn.exe
  2⤵
  PID:568
- C:\Windows\System\MoSIKZU.exe
  C:\Windows\System\MoSIKZU.exe
  2⤵
  PID:2808
- C:\Windows\System\dJCmVpo.exe
  C:\Windows\System\dJCmVpo.exe
  2⤵
  PID:3612
- C:\Windows\System\xMkloOS.exe
  C:\Windows\System\xMkloOS.exe
  2⤵
  PID:3508
- C:\Windows\System\hGImxvz.exe
  C:\Windows\System\hGImxvz.exe
  2⤵
  PID:1676
- C:\Windows\System\SgZRHPo.exe
  C:\Windows\System\SgZRHPo.exe
  2⤵
  PID:1428
- C:\Windows\System\cVojUwb.exe
  C:\Windows\System\cVojUwb.exe
  2⤵
  PID:3752
- C:\Windows\System\qIlbnHx.exe
  C:\Windows\System\qIlbnHx.exe
  2⤵
  PID:3780
- C:\Windows\System\KNvSTII.exe
  C:\Windows\System\KNvSTII.exe
  2⤵
  PID:3856
- C:\Windows\System\tcPQILu.exe
  C:\Windows\System\tcPQILu.exe
  2⤵
  PID:3800
- C:\Windows\System\QpNGNhA.exe
  C:\Windows\System\QpNGNhA.exe
  2⤵
  PID:836
- C:\Windows\System\iKfhyuf.exe
  C:\Windows\System\iKfhyuf.exe
  2⤵
  PID:3944
- C:\Windows\System\cjadWEp.exe
  C:\Windows\System\cjadWEp.exe
  2⤵
  PID:2580
- C:\Windows\System\ADahaAA.exe
  C:\Windows\System\ADahaAA.exe
  2⤵
  PID:2472
- C:\Windows\System\vtUMYMb.exe
  C:\Windows\System\vtUMYMb.exe
  2⤵
  PID:2028
- C:\Windows\System\YAjExkX.exe
  C:\Windows\System\YAjExkX.exe
  2⤵
  PID:3892
- C:\Windows\System\HtlHmka.exe
  C:\Windows\System\HtlHmka.exe
  2⤵
  PID:3184
- C:\Windows\System\qQrqjmi.exe
  C:\Windows\System\qQrqjmi.exe
  2⤵
  PID:3232
- C:\Windows\System\gZregBc.exe
  C:\Windows\System\gZregBc.exe
  2⤵
  PID:3008
- C:\Windows\System\vtqaJGt.exe
  C:\Windows\System\vtqaJGt.exe
  2⤵
  PID:2128
- C:\Windows\System\TlCERJe.exe
  C:\Windows\System\TlCERJe.exe
  2⤵
  PID:1220
- C:\Windows\System\eiDSikF.exe
  C:\Windows\System\eiDSikF.exe
  2⤵
  PID:3532
- C:\Windows\System\XmPYyMe.exe
  C:\Windows\System\XmPYyMe.exe
  2⤵
  PID:1992
- C:\Windows\System\vdrrziz.exe
  C:\Windows\System\vdrrziz.exe
  2⤵
  PID:2824
- C:\Windows\System\rACteNW.exe
  C:\Windows\System\rACteNW.exe
  2⤵
  PID:3224
- C:\Windows\System\KNmKyJE.exe
  C:\Windows\System\KNmKyJE.exe
  2⤵
  PID:3332
- C:\Windows\System\jMsUjbN.exe
  C:\Windows\System\jMsUjbN.exe
  2⤵
  PID:3148
- C:\Windows\System\bFwoDec.exe
  C:\Windows\System\bFwoDec.exe
  2⤵
  PID:4036
- C:\Windows\System\JliSsUD.exe
  C:\Windows\System\JliSsUD.exe
  2⤵
  PID:3836
- C:\Windows\System\sqvqZhJ.exe
  C:\Windows\System\sqvqZhJ.exe
  2⤵
  PID:2332
- C:\Windows\System\WsKBzPg.exe
  C:\Windows\System\WsKBzPg.exe
  2⤵
  PID:3620
- C:\Windows\System\MdzjvKP.exe
  C:\Windows\System\MdzjvKP.exe
  2⤵
  PID:3756
- C:\Windows\System\SxaYJjo.exe
  C:\Windows\System\SxaYJjo.exe
  2⤵
  PID:2704
- C:\Windows\System\DgObUlF.exe
  C:\Windows\System\DgObUlF.exe
  2⤵
  PID:2952
- C:\Windows\System\MoBEFIN.exe
  C:\Windows\System\MoBEFIN.exe
  2⤵
  PID:3704
- C:\Windows\System\KoYnEBs.exe
  C:\Windows\System\KoYnEBs.exe
  2⤵
  PID:2344
- C:\Windows\System\MDnqIKW.exe
  C:\Windows\System\MDnqIKW.exe
  2⤵
  PID:1996
- C:\Windows\System\roOVPdv.exe
  C:\Windows\System\roOVPdv.exe
  2⤵
  PID:4020
- C:\Windows\System\QTYmVay.exe
  C:\Windows\System\QTYmVay.exe
  2⤵
  PID:2764
- C:\Windows\System\qiOSQkC.exe
  C:\Windows\System\qiOSQkC.exe
  2⤵
  PID:1856
- C:\Windows\System\knBDPpv.exe
  C:\Windows\System\knBDPpv.exe
  2⤵
  PID:2108
- C:\Windows\System\idBqeKb.exe
  C:\Windows\System\idBqeKb.exe
  2⤵
  PID:3136
- C:\Windows\System\jbKyvhy.exe
  C:\Windows\System\jbKyvhy.exe
  2⤵
  PID:540
- C:\Windows\System\HOMxaJH.exe
  C:\Windows\System\HOMxaJH.exe
  2⤵
  PID:2000
- C:\Windows\System\AxfHIpm.exe
  C:\Windows\System\AxfHIpm.exe
  2⤵
  PID:3592
- C:\Windows\System\AXYppmt.exe
  C:\Windows\System\AXYppmt.exe
  2⤵
  PID:2940
- C:\Windows\System\JqsjTyO.exe
  C:\Windows\System\JqsjTyO.exe
  2⤵
  PID:3656
- C:\Windows\System\PYhFEam.exe
  C:\Windows\System\PYhFEam.exe
  2⤵
  PID:3976
- C:\Windows\System\CPRCPqB.exe
  C:\Windows\System\CPRCPqB.exe
  2⤵
  PID:3300
- C:\Windows\System\kWssUnK.exe
  C:\Windows\System\kWssUnK.exe
  2⤵
  PID:3820
- C:\Windows\System\LZxsyAq.exe
  C:\Windows\System\LZxsyAq.exe
  2⤵
  PID:2112
- C:\Windows\System\xrGzWOV.exe
  C:\Windows\System\xrGzWOV.exe
  2⤵
  PID:2320
- C:\Windows\System\Encyfbf.exe
  C:\Windows\System\Encyfbf.exe
  2⤵
  PID:3420
- C:\Windows\System\AjhNMtX.exe
  C:\Windows\System\AjhNMtX.exe
  2⤵
  PID:3660
- C:\Windows\System\XGvnIUm.exe
  C:\Windows\System\XGvnIUm.exe
  2⤵
  PID:3376
- C:\Windows\System\NgkuKDm.exe
  C:\Windows\System\NgkuKDm.exe
  2⤵
  PID:2208
- C:\Windows\System\BkXYtHv.exe
  C:\Windows\System\BkXYtHv.exe
  2⤵
  PID:1948
- C:\Windows\System\bvBQEYZ.exe
  C:\Windows\System\bvBQEYZ.exe
  2⤵
  PID:4104
- C:\Windows\System\iBUpikE.exe
  C:\Windows\System\iBUpikE.exe
  2⤵
  PID:4120
- C:\Windows\System\IsBbQzm.exe
  C:\Windows\System\IsBbQzm.exe
  2⤵
  PID:4136
- C:\Windows\System\VwKDQAh.exe
  C:\Windows\System\VwKDQAh.exe
  2⤵
  PID:4152
- C:\Windows\System\XEJdPEf.exe
  C:\Windows\System\XEJdPEf.exe
  2⤵
  PID:4168
- C:\Windows\System\iYMQEOw.exe
  C:\Windows\System\iYMQEOw.exe
  2⤵
  PID:4184
- C:\Windows\System\UDbgPpt.exe
  C:\Windows\System\UDbgPpt.exe
  2⤵
  PID:4200
- C:\Windows\System\NcpcCkZ.exe
  C:\Windows\System\NcpcCkZ.exe
  2⤵
  PID:4216
- C:\Windows\System\yVNTmoE.exe
  C:\Windows\System\yVNTmoE.exe
  2⤵
  PID:4232
- C:\Windows\System\fbVMnFP.exe
  C:\Windows\System\fbVMnFP.exe
  2⤵
  PID:4248
- C:\Windows\System\MBkJNlG.exe
  C:\Windows\System\MBkJNlG.exe
  2⤵
  PID:4264
- C:\Windows\System\guTYWML.exe
  C:\Windows\System\guTYWML.exe
  2⤵
  PID:4280
- C:\Windows\System\CGazLso.exe
  C:\Windows\System\CGazLso.exe
  2⤵
  PID:4296
- C:\Windows\System\AFAAXzs.exe
  C:\Windows\System\AFAAXzs.exe
  2⤵
  PID:4312
- C:\Windows\System\ZVJFhFD.exe
  C:\Windows\System\ZVJFhFD.exe
  2⤵
  PID:4328
- C:\Windows\System\SdaezBf.exe
  C:\Windows\System\SdaezBf.exe
  2⤵
  PID:4344
- C:\Windows\System\seCJdfo.exe
  C:\Windows\System\seCJdfo.exe
  2⤵
  PID:4360
- C:\Windows\System\WxnEKdd.exe
  C:\Windows\System\WxnEKdd.exe
  2⤵
  PID:4376
- C:\Windows\System\UKALirm.exe
  C:\Windows\System\UKALirm.exe
  2⤵
  PID:4392
- C:\Windows\System\CxHReen.exe
  C:\Windows\System\CxHReen.exe
  2⤵
  PID:4408
- C:\Windows\System\fYCVgGV.exe
  C:\Windows\System\fYCVgGV.exe
  2⤵
  PID:4424
- C:\Windows\System\RTHYZOF.exe
  C:\Windows\System\RTHYZOF.exe
  2⤵
  PID:4440
- C:\Windows\System\heqtOrr.exe
  C:\Windows\System\heqtOrr.exe
  2⤵
  PID:4456
- C:\Windows\System\OjpsFTM.exe
  C:\Windows\System\OjpsFTM.exe
  2⤵
  PID:4472
- C:\Windows\System\kEpTsmq.exe
  C:\Windows\System\kEpTsmq.exe
  2⤵
  PID:4488
- C:\Windows\System\GOyGzKT.exe
  C:\Windows\System\GOyGzKT.exe
  2⤵
  PID:4504
- C:\Windows\System\CsMBPEs.exe
  C:\Windows\System\CsMBPEs.exe
  2⤵
  PID:4520
- C:\Windows\System\FDjOWaJ.exe
  C:\Windows\System\FDjOWaJ.exe
  2⤵
  PID:4536
- C:\Windows\System\bQuruXp.exe
  C:\Windows\System\bQuruXp.exe
  2⤵
  PID:4552
- C:\Windows\System\OAxblNx.exe
  C:\Windows\System\OAxblNx.exe
  2⤵
  PID:4568
- C:\Windows\System\sGZIAvP.exe
  C:\Windows\System\sGZIAvP.exe
  2⤵
  PID:4584
- C:\Windows\System\UZhErCl.exe
  C:\Windows\System\UZhErCl.exe
  2⤵
  PID:4600
- C:\Windows\System\jCuhtPk.exe
  C:\Windows\System\jCuhtPk.exe
  2⤵
  PID:4616
- C:\Windows\System\cSRukYh.exe
  C:\Windows\System\cSRukYh.exe
  2⤵
  PID:4632
- C:\Windows\System\opjHTkd.exe
  C:\Windows\System\opjHTkd.exe
  2⤵
  PID:4648
- C:\Windows\System\nOzfNnU.exe
  C:\Windows\System\nOzfNnU.exe
  2⤵
  PID:4664
- C:\Windows\System\fQnpMLz.exe
  C:\Windows\System\fQnpMLz.exe
  2⤵
  PID:4680
- C:\Windows\System\WpiJzdY.exe
  C:\Windows\System\WpiJzdY.exe
  2⤵
  PID:4696
- C:\Windows\System\wrvOvML.exe
  C:\Windows\System\wrvOvML.exe
  2⤵
  PID:4712
- C:\Windows\System\PavOCzo.exe
  C:\Windows\System\PavOCzo.exe
  2⤵
  PID:4728
- C:\Windows\System\cMzXwkH.exe
  C:\Windows\System\cMzXwkH.exe
  2⤵
  PID:4744
- C:\Windows\System\VimfzML.exe
  C:\Windows\System\VimfzML.exe
  2⤵
  PID:4760
- C:\Windows\System\vwcaEoJ.exe
  C:\Windows\System\vwcaEoJ.exe
  2⤵
  PID:4776
- C:\Windows\System\LVomzFW.exe
  C:\Windows\System\LVomzFW.exe
  2⤵
  PID:4792
- C:\Windows\System\ZIzqmJc.exe
  C:\Windows\System\ZIzqmJc.exe
  2⤵
  PID:4808
- C:\Windows\System\kHCkRLJ.exe
  C:\Windows\System\kHCkRLJ.exe
  2⤵
  PID:4824
- C:\Windows\System\XSXxuvz.exe
  C:\Windows\System\XSXxuvz.exe
  2⤵
  PID:4840
- C:\Windows\System\QjaPwYx.exe
  C:\Windows\System\QjaPwYx.exe
  2⤵
  PID:4856
- C:\Windows\System\mJvJdkm.exe
  C:\Windows\System\mJvJdkm.exe
  2⤵
  PID:4872
- C:\Windows\System\plkyikf.exe
  C:\Windows\System\plkyikf.exe
  2⤵
  PID:4892
- C:\Windows\System\tjvLjfB.exe
  C:\Windows\System\tjvLjfB.exe
  2⤵
  PID:4908
- C:\Windows\System\NyRgVbG.exe
  C:\Windows\System\NyRgVbG.exe
  2⤵
  PID:4924
- C:\Windows\System\GMSejiJ.exe
  C:\Windows\System\GMSejiJ.exe
  2⤵
  PID:4940
- C:\Windows\System\gTwePjC.exe
  C:\Windows\System\gTwePjC.exe
  2⤵
  PID:4956
- C:\Windows\System\WEQsPYC.exe
  C:\Windows\System\WEQsPYC.exe
  2⤵
  PID:4972
- C:\Windows\System\XcVCpsY.exe
  C:\Windows\System\XcVCpsY.exe
  2⤵
  PID:4988
- C:\Windows\System\eSoEpYg.exe
  C:\Windows\System\eSoEpYg.exe
  2⤵
  PID:5004
- C:\Windows\System\cGBIoJo.exe
  C:\Windows\System\cGBIoJo.exe
  2⤵
  PID:5020
- C:\Windows\System\ewVUPYK.exe
  C:\Windows\System\ewVUPYK.exe
  2⤵
  PID:5036
- C:\Windows\System\naYuuPr.exe
  C:\Windows\System\naYuuPr.exe
  2⤵
  PID:5052
- C:\Windows\System\ijRIqYz.exe
  C:\Windows\System\ijRIqYz.exe
  2⤵
  PID:5068
- C:\Windows\System\SdIzXjp.exe
  C:\Windows\System\SdIzXjp.exe
  2⤵
  PID:5084
- C:\Windows\System\FNjYjiR.exe
  C:\Windows\System\FNjYjiR.exe
  2⤵
  PID:5100
- C:\Windows\System\uZIAzdK.exe
  C:\Windows\System\uZIAzdK.exe
  2⤵
  PID:5116
- C:\Windows\System\IGVmpct.exe
  C:\Windows\System\IGVmpct.exe
  2⤵
  PID:1880
- C:\Windows\System\EAcdZjp.exe
  C:\Windows\System\EAcdZjp.exe
  2⤵
  PID:2060
- C:\Windows\System\pcWfZDa.exe
  C:\Windows\System\pcWfZDa.exe
  2⤵
  PID:4116
- C:\Windows\System\zIANxwB.exe
  C:\Windows\System\zIANxwB.exe
  2⤵
  PID:4176
- C:\Windows\System\GeLKbAN.exe
  C:\Windows\System\GeLKbAN.exe
  2⤵
  PID:4240
- C:\Windows\System\XTcmOUx.exe
  C:\Windows\System\XTcmOUx.exe
  2⤵
  PID:4272
- C:\Windows\System\YuORApq.exe
  C:\Windows\System\YuORApq.exe
  2⤵
  PID:4128
- C:\Windows\System\JfStiMO.exe
  C:\Windows\System\JfStiMO.exe
  2⤵
  PID:1620
- C:\Windows\System\qpjaSRp.exe
  C:\Windows\System\qpjaSRp.exe
  2⤵
  PID:1916
- C:\Windows\System\TVbooxo.exe
  C:\Windows\System\TVbooxo.exe
  2⤵
  PID:4256
- C:\Windows\System\PFdnYnE.exe
  C:\Windows\System\PFdnYnE.exe
  2⤵
  PID:4308
- C:\Windows\System\xhMqPKz.exe
  C:\Windows\System\xhMqPKz.exe
  2⤵
  PID:3860
- C:\Windows\System\DBrPowP.exe
  C:\Windows\System\DBrPowP.exe
  2⤵
  PID:4356
- C:\Windows\System\IJszjWT.exe
  C:\Windows\System\IJszjWT.exe
  2⤵
  PID:4432
- C:\Windows\System\dEwYilq.exe
  C:\Windows\System\dEwYilq.exe
  2⤵
  PID:4496
- C:\Windows\System\GeSrlSo.exe
  C:\Windows\System\GeSrlSo.exe
  2⤵
  PID:4388
- C:\Windows\System\ZHsrybw.exe
  C:\Windows\System\ZHsrybw.exe
  2⤵
  PID:4452
- C:\Windows\System\dggmnbu.exe
  C:\Windows\System\dggmnbu.exe
  2⤵
  PID:1628
- C:\Windows\System\KopjFvT.exe
  C:\Windows\System\KopjFvT.exe
  2⤵
  PID:1908
- C:\Windows\System\KFHKjpg.exe
  C:\Windows\System\KFHKjpg.exe
  2⤵
  PID:4580
- C:\Windows\System\ptijrIN.exe
  C:\Windows\System\ptijrIN.exe
  2⤵
  PID:2328
- C:\Windows\System\PnzxomV.exe
  C:\Windows\System\PnzxomV.exe
  2⤵
  PID:4804
- C:\Windows\System\ZToXzgD.exe
  C:\Windows\System\ZToXzgD.exe
  2⤵
  PID:4676
- C:\Windows\System\tGlzGBw.exe
  C:\Windows\System\tGlzGBw.exe
  2⤵
  PID:4900
- C:\Windows\System\YfynIQn.exe
  C:\Windows\System\YfynIQn.exe
  2⤵
  PID:4596
- C:\Windows\System\SffOhsY.exe
  C:\Windows\System\SffOhsY.exe
  2⤵
  PID:4660
- C:\Windows\System\pzENCpi.exe
  C:\Windows\System\pzENCpi.exe
  2⤵
  PID:4968
- C:\Windows\System\NsOYTcJ.exe
  C:\Windows\System\NsOYTcJ.exe
  2⤵
  PID:5032
- C:\Windows\System\jfnpMeH.exe
  C:\Windows\System\jfnpMeH.exe
  2⤵
  PID:5028
- C:\Windows\System\xUvDdNO.exe
  C:\Windows\System\xUvDdNO.exe
  2⤵
  PID:4720
- C:\Windows\System\OzGagCc.exe
  C:\Windows\System\OzGagCc.exe
  2⤵
  PID:4752
- C:\Windows\System\poBVSuf.exe
  C:\Windows\System\poBVSuf.exe
  2⤵
  PID:4884
- C:\Windows\System\ZLNVouk.exe
  C:\Windows\System\ZLNVouk.exe
  2⤵
  PID:4952
- C:\Windows\System\WXFDdGm.exe
  C:\Windows\System\WXFDdGm.exe
  2⤵
  PID:5016
- C:\Windows\System\VJGEhKJ.exe
  C:\Windows\System\VJGEhKJ.exe
  2⤵
  PID:5080
- C:\Windows\System\MpOFjXa.exe
  C:\Windows\System\MpOFjXa.exe
  2⤵
  PID:5096
- C:\Windows\System\CzwjRdQ.exe
  C:\Windows\System\CzwjRdQ.exe
  2⤵
  PID:3432
- C:\Windows\System\eLLDQTW.exe
  C:\Windows\System\eLLDQTW.exe
  2⤵
  PID:5112
- C:\Windows\System\kEpiCHZ.exe
  C:\Windows\System\kEpiCHZ.exe
  2⤵
  PID:3456
- C:\Windows\System\QTYFyam.exe
  C:\Windows\System\QTYFyam.exe
  2⤵
  PID:4192
- C:\Windows\System\XgNubZy.exe
  C:\Windows\System\XgNubZy.exe
  2⤵
  PID:4324
- C:\Windows\System\TrNCAFi.exe
  C:\Windows\System\TrNCAFi.exe
  2⤵
  PID:3264
- C:\Windows\System\nWhPOeR.exe
  C:\Windows\System\nWhPOeR.exe
  2⤵
  PID:4288
- C:\Windows\System\RmoNOqP.exe
  C:\Windows\System\RmoNOqP.exe
  2⤵
  PID:4464
- C:\Windows\System\HJhJWoU.exe
  C:\Windows\System\HJhJWoU.exe
  2⤵
  PID:4404
- C:\Windows\System\QoVdOHr.exe
  C:\Windows\System\QoVdOHr.exe
  2⤵
  PID:4512
- C:\Windows\System\mJrnXHQ.exe
  C:\Windows\System\mJrnXHQ.exe
  2⤵
  PID:4544
- C:\Windows\System\coIeGCq.exe
  C:\Windows\System\coIeGCq.exe
  2⤵
  PID:4800
- C:\Windows\System\YwdRoQt.exe
  C:\Windows\System\YwdRoQt.exe
  2⤵
  PID:1624
- C:\Windows\System\hiwKZgh.exe
  C:\Windows\System\hiwKZgh.exe
  2⤵
  PID:4868
- C:\Windows\System\rNvMbRB.exe
  C:\Windows\System\rNvMbRB.exe
  2⤵
  PID:4936
- C:\Windows\System\rnXkZuO.exe
  C:\Windows\System\rnXkZuO.exe
  2⤵
  PID:4816
- C:\Windows\System\jmBRntV.exe
  C:\Windows\System\jmBRntV.exe
  2⤵
  PID:4640
- C:\Windows\System\UqAaAXv.exe
  C:\Windows\System\UqAaAXv.exe
  2⤵
  PID:4836
- C:\Windows\System\aWdcCby.exe
  C:\Windows\System\aWdcCby.exe
  2⤵
  PID:4688
- C:\Windows\System\gWmwAuK.exe
  C:\Windows\System\gWmwAuK.exe
  2⤵
  PID:4984
- C:\Windows\System\NkaMtSL.exe
  C:\Windows\System\NkaMtSL.exe
  2⤵
  PID:4112
- C:\Windows\System\zaQkGED.exe
  C:\Windows\System\zaQkGED.exe
  2⤵
  PID:4528
- C:\Windows\System\vRtMhNJ.exe
  C:\Windows\System\vRtMhNJ.exe
  2⤵
  PID:4304
- C:\Windows\System\QFbqtUH.exe
  C:\Windows\System\QFbqtUH.exe
  2⤵
  PID:4384
- C:\Windows\System\IhduzqP.exe
  C:\Windows\System\IhduzqP.exe
  2⤵
  PID:3900
- C:\Windows\System\JKMBIFS.exe
  C:\Windows\System\JKMBIFS.exe
  2⤵
  PID:2340
- C:\Windows\System\WMhyDFV.exe
  C:\Windows\System\WMhyDFV.exe
  2⤵
  PID:4532
- C:\Windows\System\KgePXvb.exe
  C:\Windows\System\KgePXvb.exe
  2⤵
  PID:3576
- C:\Windows\System\bxjfeee.exe
  C:\Windows\System\bxjfeee.exe
  2⤵
  PID:5128
- C:\Windows\System\vXzBgsu.exe
  C:\Windows\System\vXzBgsu.exe
  2⤵
  PID:5144
- C:\Windows\System\ilsOEeO.exe
  C:\Windows\System\ilsOEeO.exe
  2⤵
  PID:5160
- C:\Windows\System\iLJHWJN.exe
  C:\Windows\System\iLJHWJN.exe
  2⤵
  PID:5176
- C:\Windows\System\lGqpITc.exe
  C:\Windows\System\lGqpITc.exe
  2⤵
  PID:5192
- C:\Windows\System\lQOjqtg.exe
  C:\Windows\System\lQOjqtg.exe
  2⤵
  PID:5788
- C:\Windows\System\RsQrYGw.exe
  C:\Windows\System\RsQrYGw.exe
  2⤵
  PID:5864
- C:\Windows\System\XTsUMOd.exe
  C:\Windows\System\XTsUMOd.exe
  2⤵
  PID:5884
- C:\Windows\System\sgPitye.exe
  C:\Windows\System\sgPitye.exe
  2⤵
  PID:5900
- C:\Windows\System\cpPDZbd.exe
  C:\Windows\System\cpPDZbd.exe
  2⤵
  PID:5916
- C:\Windows\System\lBuXVBZ.exe
  C:\Windows\System\lBuXVBZ.exe
  2⤵
  PID:5944
- C:\Windows\System\Drvokxl.exe
  C:\Windows\System\Drvokxl.exe
  2⤵
  PID:5976
- C:\Windows\System\alBdLfM.exe
  C:\Windows\System\alBdLfM.exe
  2⤵
  PID:5996
- C:\Windows\System\jbNhWjk.exe
  C:\Windows\System\jbNhWjk.exe
  2⤵
  PID:6012
- C:\Windows\System\SzefDxt.exe
  C:\Windows\System\SzefDxt.exe
  2⤵
  PID:6036
- C:\Windows\System\qQaDgho.exe
  C:\Windows\System\qQaDgho.exe
  2⤵
  PID:6052
- C:\Windows\System\rHtcrhH.exe
  C:\Windows\System\rHtcrhH.exe
  2⤵
  PID:6076
- C:\Windows\System\KGnEsOE.exe
  C:\Windows\System\KGnEsOE.exe
  2⤵
  PID:6092
- C:\Windows\System\sKDoxuD.exe
  C:\Windows\System\sKDoxuD.exe
  2⤵
  PID:6108
- C:\Windows\System\UNFXnNP.exe
  C:\Windows\System\UNFXnNP.exe
  2⤵
  PID:6124
- C:\Windows\System\KozTEpY.exe
  C:\Windows\System\KozTEpY.exe
  2⤵
  PID:6140
- C:\Windows\System\MYDIcmM.exe
  C:\Windows\System\MYDIcmM.exe
  2⤵
  PID:5092
- C:\Windows\System\aPZMkFI.exe
  C:\Windows\System\aPZMkFI.exe
  2⤵
  PID:4788
- C:\Windows\System\UbmEIGU.exe
  C:\Windows\System\UbmEIGU.exe
  2⤵
  PID:4148
- C:\Windows\System\aVSTYak.exe
  C:\Windows\System\aVSTYak.exe
  2⤵
  PID:5140
- C:\Windows\System\EOkWnEJ.exe
  C:\Windows\System\EOkWnEJ.exe
  2⤵
  PID:4212
- C:\Windows\System\EzksHCH.exe
  C:\Windows\System\EzksHCH.exe
  2⤵
  PID:4852
- C:\Windows\System\PUYuLAp.exe
  C:\Windows\System\PUYuLAp.exe
  2⤵
  PID:5000
- C:\Windows\System\zzwKbnv.exe
  C:\Windows\System\zzwKbnv.exe
  2⤵
  PID:5184
- C:\Windows\System\vKziSVD.exe
  C:\Windows\System\vKziSVD.exe
  2⤵
  PID:4448
- C:\Windows\System\ymlQEuu.exe
  C:\Windows\System\ymlQEuu.exe
  2⤵
  PID:5208
- C:\Windows\System\ZntEuRk.exe
  C:\Windows\System\ZntEuRk.exe
  2⤵
  PID:5228
- C:\Windows\System\FzWQKel.exe
  C:\Windows\System\FzWQKel.exe
  2⤵
  PID:5244
- C:\Windows\System\GTDhlVz.exe
  C:\Windows\System\GTDhlVz.exe
  2⤵
  PID:5260
- C:\Windows\System\pruotnA.exe
  C:\Windows\System\pruotnA.exe
  2⤵
  PID:5276
- C:\Windows\System\FgYLEZF.exe
  C:\Windows\System\FgYLEZF.exe
  2⤵
  PID:5292
- C:\Windows\System\JjVrXmz.exe
  C:\Windows\System\JjVrXmz.exe
  2⤵
  PID:5304
- C:\Windows\System\BusvmfL.exe
  C:\Windows\System\BusvmfL.exe
  2⤵
  PID:5324
- C:\Windows\System\TAflwPX.exe
  C:\Windows\System\TAflwPX.exe
  2⤵
  PID:5340
- C:\Windows\System\FCWbCwr.exe
  C:\Windows\System\FCWbCwr.exe
  2⤵
  PID:5360
- C:\Windows\System\HKTpzXd.exe
  C:\Windows\System\HKTpzXd.exe
  2⤵
  PID:5372
- C:\Windows\System\nvuJkYB.exe
  C:\Windows\System\nvuJkYB.exe
  2⤵
  PID:5388
- C:\Windows\System\wZOXyXj.exe
  C:\Windows\System\wZOXyXj.exe
  2⤵
  PID:5404
- C:\Windows\System\TWbWIzp.exe
  C:\Windows\System\TWbWIzp.exe
  2⤵
  PID:5424
- C:\Windows\System\JobLwfm.exe
  C:\Windows\System\JobLwfm.exe
  2⤵
  PID:5440
- C:\Windows\System\ryUjJyA.exe
  C:\Windows\System\ryUjJyA.exe
  2⤵
  PID:5460
- C:\Windows\System\GjemYkC.exe
  C:\Windows\System\GjemYkC.exe
  2⤵
  PID:5480
- C:\Windows\System\fbTTWPi.exe
  C:\Windows\System\fbTTWPi.exe
  2⤵
  PID:5496
- C:\Windows\System\fythykO.exe
  C:\Windows\System\fythykO.exe
  2⤵
  PID:5512
- C:\Windows\System\bafmnRs.exe
  C:\Windows\System\bafmnRs.exe
  2⤵
  PID:5536
- C:\Windows\System\NQXXUup.exe
  C:\Windows\System\NQXXUup.exe
  2⤵
  PID:5552
- C:\Windows\System\YeLZNDL.exe
  C:\Windows\System\YeLZNDL.exe
  2⤵
  PID:5568
- C:\Windows\System\RWNjtYm.exe
  C:\Windows\System\RWNjtYm.exe
  2⤵
  PID:5580
- C:\Windows\System\HpVMgbM.exe
  C:\Windows\System\HpVMgbM.exe
  2⤵
  PID:5600
- C:\Windows\System\goNoxnw.exe
  C:\Windows\System\goNoxnw.exe
  2⤵
  PID:5612
- C:\Windows\System\tBnIibW.exe
  C:\Windows\System\tBnIibW.exe
  2⤵
  PID:5628
- C:\Windows\System\BRvBtBr.exe
  C:\Windows\System\BRvBtBr.exe
  2⤵
  PID:5644
- C:\Windows\System\gpWAUoy.exe
  C:\Windows\System\gpWAUoy.exe
  2⤵
  PID:5660
- C:\Windows\System\bUWmhMj.exe
  C:\Windows\System\bUWmhMj.exe
  2⤵
  PID:5676
- C:\Windows\System\OWFOTdo.exe
  C:\Windows\System\OWFOTdo.exe
  2⤵
  PID:5692
- C:\Windows\System\iUWilgw.exe
  C:\Windows\System\iUWilgw.exe
  2⤵
  PID:5708
- C:\Windows\System\jfaFfiZ.exe
  C:\Windows\System\jfaFfiZ.exe
  2⤵
  PID:5724
- C:\Windows\System\JXVoqVt.exe
  C:\Windows\System\JXVoqVt.exe
  2⤵
  PID:5740
- C:\Windows\System\usFvcMv.exe
  C:\Windows\System\usFvcMv.exe
  2⤵
  PID:5756
- C:\Windows\System\YzTlORn.exe
  C:\Windows\System\YzTlORn.exe
  2⤵
  PID:5772
- C:\Windows\System\Qkwxemb.exe
  C:\Windows\System\Qkwxemb.exe
  2⤵
  PID:5204
- C:\Windows\System\vECKwRA.exe
  C:\Windows\System\vECKwRA.exe
  2⤵
  PID:5800
- C:\Windows\System\rpZBjDa.exe
  C:\Windows\System\rpZBjDa.exe
  2⤵
  PID:5820
- C:\Windows\System\vrSlAJz.exe
  C:\Windows\System\vrSlAJz.exe
  2⤵
  PID:5828
- C:\Windows\System\yNbasZC.exe
  C:\Windows\System\yNbasZC.exe
  2⤵
  PID:5844
- C:\Windows\System\tGBBpcO.exe
  C:\Windows\System\tGBBpcO.exe
  2⤵
  PID:5856
- C:\Windows\System\qwLocrr.exe
  C:\Windows\System\qwLocrr.exe
  2⤵
  PID:5924
- C:\Windows\System\nahtIZM.exe
  C:\Windows\System\nahtIZM.exe
  2⤵
  PID:5960
- C:\Windows\System\LpmCiKS.exe
  C:\Windows\System\LpmCiKS.exe
  2⤵
  PID:5988
- C:\Windows\System\TqvKPRB.exe
  C:\Windows\System\TqvKPRB.exe
  2⤵
  PID:6032
- C:\Windows\System\uJZawdr.exe
  C:\Windows\System\uJZawdr.exe
  2⤵
  PID:6072
- C:\Windows\System\eCzFUFX.exe
  C:\Windows\System\eCzFUFX.exe
  2⤵
  PID:6116
- C:\Windows\System\vGfQuMU.exe
  C:\Windows\System\vGfQuMU.exe
  2⤵
  PID:4164
- C:\Windows\System\xRGykfK.exe
  C:\Windows\System\xRGykfK.exe
  2⤵
  PID:6104
- C:\Windows\System\dLTpwoL.exe
  C:\Windows\System\dLTpwoL.exe
  2⤵
  PID:4708
- C:\Windows\System\nXYObEI.exe
  C:\Windows\System\nXYObEI.exe
  2⤵
  PID:5236
- C:\Windows\System\cQxqoaX.exe
  C:\Windows\System\cQxqoaX.exe
  2⤵
  PID:5188
- C:\Windows\System\BiKwXUq.exe
  C:\Windows\System\BiKwXUq.exe
  2⤵
  PID:5252
- C:\Windows\System\vcDcDGK.exe
  C:\Windows\System\vcDcDGK.exe
  2⤵
  PID:5268
- C:\Windows\System\PgBpztl.exe
  C:\Windows\System\PgBpztl.exe
  2⤵
  PID:5320
- C:\Windows\System\RdIqWpG.exe
  C:\Windows\System\RdIqWpG.exe
  2⤵
  PID:5384
- C:\Windows\System\lScesga.exe
  C:\Windows\System\lScesga.exe
  2⤵
  PID:5364
- C:\Windows\System\ykAgkbp.exe
  C:\Windows\System\ykAgkbp.exe
  2⤵
  PID:5456
- C:\Windows\System\OyEEUaO.exe
  C:\Windows\System\OyEEUaO.exe
  2⤵
  PID:5396
- C:\Windows\System\rFGGMEK.exe
  C:\Windows\System\rFGGMEK.exe
  2⤵
  PID:5516
- C:\Windows\System\BFVRiNm.exe
  C:\Windows\System\BFVRiNm.exe
  2⤵
  PID:5560
- C:\Windows\System\GndwHIO.exe
  C:\Windows\System\GndwHIO.exe
  2⤵
  PID:5608
- C:\Windows\System\aNxBosW.exe
  C:\Windows\System\aNxBosW.exe
  2⤵
  PID:5716
- C:\Windows\System\hQyvivh.exe
  C:\Windows\System\hQyvivh.exe
  2⤵
  PID:5752
- C:\Windows\System\gFbWLTY.exe
  C:\Windows\System\gFbWLTY.exe
  2⤵
  PID:5816
- C:\Windows\System\JEKqoLD.exe
  C:\Windows\System\JEKqoLD.exe
  2⤵
  PID:5896
- C:\Windows\System\mjKMATD.exe
  C:\Windows\System\mjKMATD.exe
  2⤵
  PID:5548
- C:\Windows\System\AKsoKFN.exe
  C:\Windows\System\AKsoKFN.exe
  2⤵
  PID:5764
- C:\Windows\System\eeDpWDx.exe
  C:\Windows\System\eeDpWDx.exe
  2⤵
  PID:5876
- C:\Windows\System\pydJxvg.exe
  C:\Windows\System\pydJxvg.exe
  2⤵
  PID:5928
- C:\Windows\System\HkXtPih.exe
  C:\Windows\System\HkXtPih.exe
  2⤵
  PID:5700
- C:\Windows\System\UKnZPDe.exe
  C:\Windows\System\UKnZPDe.exe
  2⤵
  PID:5636
- C:\Windows\System\HLWVqHu.exe
  C:\Windows\System\HLWVqHu.exe
  2⤵
  PID:5932
- C:\Windows\System\JCFTtFq.exe
  C:\Windows\System\JCFTtFq.exe
  2⤵
  PID:6024
- C:\Windows\System\xMHdNCx.exe
  C:\Windows\System\xMHdNCx.exe
  2⤵
  PID:6020
- C:\Windows\System\xfzNVbo.exe
  C:\Windows\System\xfzNVbo.exe
  2⤵
  PID:5064
- C:\Windows\System\EYFQXbM.exe
  C:\Windows\System\EYFQXbM.exe
  2⤵
  PID:4612
- C:\Windows\System\URBKGOL.exe
  C:\Windows\System\URBKGOL.exe
  2⤵
  PID:5076
- C:\Windows\System\abdifIj.exe
  C:\Windows\System\abdifIj.exe
  2⤵
  PID:5284
- C:\Windows\System\OaUQiVc.exe
  C:\Windows\System\OaUQiVc.exe
  2⤵
  PID:5300
- C:\Windows\System\AEUFsPI.exe
  C:\Windows\System\AEUFsPI.exe
  2⤵
  PID:4468
- C:\Windows\System\Gvqmzrg.exe
  C:\Windows\System\Gvqmzrg.exe
  2⤵
  PID:5352
- C:\Windows\System\UHfcsSP.exe
  C:\Windows\System\UHfcsSP.exe
  2⤵
  PID:5452
- C:\Windows\System\ChEaNgT.exe
  C:\Windows\System\ChEaNgT.exe
  2⤵
  PID:5336
- C:\Windows\System\uAUoSVL.exe
  C:\Windows\System\uAUoSVL.exe
  2⤵
  PID:5472
- C:\Windows\System\eJBaJph.exe
  C:\Windows\System\eJBaJph.exe
  2⤵
  PID:5652
- C:\Windows\System\CKFCkZb.exe
  C:\Windows\System\CKFCkZb.exe
  2⤵
  PID:5748
- C:\Windows\System\GhiVsVv.exe
  C:\Windows\System\GhiVsVv.exe
  2⤵
  PID:5812
- C:\Windows\System\zVYrnky.exe
  C:\Windows\System\zVYrnky.exe
  2⤵
  PID:5632
- C:\Windows\System\lFtLMmV.exe
  C:\Windows\System\lFtLMmV.exe
  2⤵
  PID:5872
- C:\Windows\System\caHVpiX.exe
  C:\Windows\System\caHVpiX.exe
  2⤵
  PID:5936
- C:\Windows\System\WzGxRsy.exe
  C:\Windows\System\WzGxRsy.exe
  2⤵
  PID:5984
- C:\Windows\System\HcfmHDs.exe
  C:\Windows\System\HcfmHDs.exe
  2⤵
  PID:2068
- C:\Windows\System\yTNadlR.exe
  C:\Windows\System\yTNadlR.exe
  2⤵
  PID:5432
- C:\Windows\System\HvYTtAR.exe
  C:\Windows\System\HvYTtAR.exe
  2⤵
  PID:5840
- C:\Windows\System\BuITrCv.exe
  C:\Windows\System\BuITrCv.exe
  2⤵
  PID:6064
- C:\Windows\System\RGhaKrZ.exe
  C:\Windows\System\RGhaKrZ.exe
  2⤵
  PID:5420
- C:\Windows\System\epQOHki.exe
  C:\Windows\System\epQOHki.exe
  2⤵
  PID:6100
- C:\Windows\System\eTKPKcl.exe
  C:\Windows\System\eTKPKcl.exe
  2⤵
  PID:5224
- C:\Windows\System\btMtcAd.exe
  C:\Windows\System\btMtcAd.exe
  2⤵
  PID:5588
- C:\Windows\System\DXFdGms.exe
  C:\Windows\System\DXFdGms.exe
  2⤵
  PID:4772
- C:\Windows\System\JjnDUWA.exe
  C:\Windows\System\JjnDUWA.exe
  2⤵
  PID:5848
- C:\Windows\System\lIWQQvY.exe
  C:\Windows\System\lIWQQvY.exe
  2⤵
  PID:6004
- C:\Windows\System\GsOnrpT.exe
  C:\Windows\System\GsOnrpT.exe
  2⤵
  PID:6152
- C:\Windows\System\anorZEB.exe
  C:\Windows\System\anorZEB.exe
  2⤵
  PID:6168
- C:\Windows\System\YLSstQQ.exe
  C:\Windows\System\YLSstQQ.exe
  2⤵
  PID:6184
- C:\Windows\System\zoXtnYq.exe
  C:\Windows\System\zoXtnYq.exe
  2⤵
  PID:6200
- C:\Windows\System\MAAWqDU.exe
  C:\Windows\System\MAAWqDU.exe
  2⤵
  PID:6216
- C:\Windows\System\ZEmivlr.exe
  C:\Windows\System\ZEmivlr.exe
  2⤵
  PID:6232
- C:\Windows\System\UFCcgKR.exe
  C:\Windows\System\UFCcgKR.exe
  2⤵
  PID:6248
- C:\Windows\System\FsGgSWl.exe
  C:\Windows\System\FsGgSWl.exe
  2⤵
  PID:6264
- C:\Windows\System\ZmRyDgv.exe
  C:\Windows\System\ZmRyDgv.exe
  2⤵
  PID:6280
- C:\Windows\System\eOpVcqC.exe
  C:\Windows\System\eOpVcqC.exe
  2⤵
  PID:6296
- C:\Windows\System\gPwxaOo.exe
  C:\Windows\System\gPwxaOo.exe
  2⤵
  PID:6312
- C:\Windows\System\RlacLMp.exe
  C:\Windows\System\RlacLMp.exe
  2⤵
  PID:6332
- C:\Windows\System\MUiMYXn.exe
  C:\Windows\System\MUiMYXn.exe
  2⤵
  PID:6348
- C:\Windows\System\OPJCuRf.exe
  C:\Windows\System\OPJCuRf.exe
  2⤵
  PID:6364
- C:\Windows\System\onKRGoy.exe
  C:\Windows\System\onKRGoy.exe
  2⤵
  PID:6384
- C:\Windows\System\MpTyrAx.exe
  C:\Windows\System\MpTyrAx.exe
  2⤵
  PID:6404
- C:\Windows\System\tYiGSvS.exe
  C:\Windows\System\tYiGSvS.exe
  2⤵
  PID:6424
- C:\Windows\System\lByMMUc.exe
  C:\Windows\System\lByMMUc.exe
  2⤵
  PID:6440
- C:\Windows\System\kjSFmqu.exe
  C:\Windows\System\kjSFmqu.exe
  2⤵
  PID:6464
- C:\Windows\System\POBBQHd.exe
  C:\Windows\System\POBBQHd.exe
  2⤵
  PID:6480
- C:\Windows\System\MjcbFth.exe
  C:\Windows\System\MjcbFth.exe
  2⤵
  PID:6504
- C:\Windows\System\TTjQSEE.exe
  C:\Windows\System\TTjQSEE.exe
  2⤵
  PID:6520
- C:\Windows\System\yWEyXOo.exe
  C:\Windows\System\yWEyXOo.exe
  2⤵
  PID:6536
- C:\Windows\System\JvHSHQg.exe
  C:\Windows\System\JvHSHQg.exe
  2⤵
  PID:6560
- C:\Windows\System\XjbzztL.exe
  C:\Windows\System\XjbzztL.exe
  2⤵
  PID:6576
- C:\Windows\System\vKHsKlL.exe
  C:\Windows\System\vKHsKlL.exe
  2⤵
  PID:6600
- C:\Windows\System\FRIaMpV.exe
  C:\Windows\System\FRIaMpV.exe
  2⤵
  PID:6616
- C:\Windows\System\VFIgGRd.exe
  C:\Windows\System\VFIgGRd.exe
  2⤵
  PID:6636
- C:\Windows\System\jNvelLc.exe
  C:\Windows\System\jNvelLc.exe
  2⤵
  PID:6652
- C:\Windows\System\BystEiV.exe
  C:\Windows\System\BystEiV.exe
  2⤵
  PID:6668
- C:\Windows\System\OrdDlCM.exe
  C:\Windows\System\OrdDlCM.exe
  2⤵
  PID:6684
- C:\Windows\System\hjmFMth.exe
  C:\Windows\System\hjmFMth.exe
  2⤵
  PID:6700
- C:\Windows\System\iTVZUOM.exe
  C:\Windows\System\iTVZUOM.exe
  2⤵
  PID:6716
- C:\Windows\System\VFRpMOp.exe
  C:\Windows\System\VFRpMOp.exe
  2⤵
  PID:6732
- C:\Windows\System\JjZBJdE.exe
  C:\Windows\System\JjZBJdE.exe
  2⤵
  PID:6748
- C:\Windows\System\xhxtAfi.exe
  C:\Windows\System\xhxtAfi.exe
  2⤵
  PID:6764
- C:\Windows\System\MdaEBwF.exe
  C:\Windows\System\MdaEBwF.exe
  2⤵
  PID:6780
- C:\Windows\System\zhTMpbH.exe
  C:\Windows\System\zhTMpbH.exe
  2⤵
  PID:6796
- C:\Windows\System\aTpOwKO.exe
  C:\Windows\System\aTpOwKO.exe
  2⤵
  PID:6816
- C:\Windows\System\DAxbAZq.exe
  C:\Windows\System\DAxbAZq.exe
  2⤵
  PID:6836
- C:\Windows\System\hjxKBKa.exe
  C:\Windows\System\hjxKBKa.exe
  2⤵
  PID:6852
- C:\Windows\System\YhQpsCg.exe
  C:\Windows\System\YhQpsCg.exe
  2⤵
  PID:6868
- C:\Windows\System\xwKjiPA.exe
  C:\Windows\System\xwKjiPA.exe
  2⤵
  PID:6884
- C:\Windows\System\GjwMSUg.exe
  C:\Windows\System\GjwMSUg.exe
  2⤵
  PID:6900
- C:\Windows\System\vrMDLzz.exe
  C:\Windows\System\vrMDLzz.exe
  2⤵
  PID:6916
- C:\Windows\System\eKdDOAz.exe
  C:\Windows\System\eKdDOAz.exe
  2⤵
  PID:6932
- C:\Windows\System\ZiybAnP.exe
  C:\Windows\System\ZiybAnP.exe
  2⤵
  PID:6948
- C:\Windows\System\WQlkhiq.exe
  C:\Windows\System\WQlkhiq.exe
  2⤵
  PID:6972
- C:\Windows\System\EzYcLPx.exe
  C:\Windows\System\EzYcLPx.exe
  2⤵
  PID:6988
- C:\Windows\System\JVxLUrU.exe
  C:\Windows\System\JVxLUrU.exe
  2⤵
  PID:7008
- C:\Windows\System\VmIMNlr.exe
  C:\Windows\System\VmIMNlr.exe
  2⤵
  PID:7024
- C:\Windows\System\nGBuUXg.exe
  C:\Windows\System\nGBuUXg.exe
  2⤵
  PID:7052
- C:\Windows\System\aIIpKCS.exe
  C:\Windows\System\aIIpKCS.exe
  2⤵
  PID:7068
- C:\Windows\System\GaFQiCn.exe
  C:\Windows\System\GaFQiCn.exe
  2⤵
  PID:7084
- C:\Windows\System\rLIvmVr.exe
  C:\Windows\System\rLIvmVr.exe
  2⤵
  PID:7120
- C:\Windows\System\YkfvOXw.exe
  C:\Windows\System\YkfvOXw.exe
  2⤵
  PID:7136
- C:\Windows\System\byLzBBE.exe
  C:\Windows\System\byLzBBE.exe
  2⤵
  PID:6048
- C:\Windows\System\fvCMFiz.exe
  C:\Windows\System\fvCMFiz.exe
  2⤵
  PID:6224
- C:\Windows\System\GnkiPLL.exe
  C:\Windows\System\GnkiPLL.exe
  2⤵
  PID:5620
- C:\Windows\System\OrctlVg.exe
  C:\Windows\System\OrctlVg.exe
  2⤵
  PID:6292
- C:\Windows\System\bhXSeII.exe
  C:\Windows\System\bhXSeII.exe
  2⤵
  PID:5688
- C:\Windows\System\uwtVNfI.exe
  C:\Windows\System\uwtVNfI.exe
  2⤵
  PID:5668
- C:\Windows\System\JTLNUeq.exe
  C:\Windows\System\JTLNUeq.exe
  2⤵
  PID:6272
- C:\Windows\System\yvfVvzk.exe
  C:\Windows\System\yvfVvzk.exe
  2⤵
  PID:6356
- C:\Windows\System\fcJDnPy.exe
  C:\Windows\System\fcJDnPy.exe
  2⤵
  PID:6376
- C:\Windows\System\kfuAwYB.exe
  C:\Windows\System\kfuAwYB.exe
  2⤵
  PID:6420
- C:\Windows\System\dOypQUv.exe
  C:\Windows\System\dOypQUv.exe
  2⤵
  PID:6456
- C:\Windows\System\OonZhpp.exe
  C:\Windows\System\OonZhpp.exe
  2⤵
  PID:6396
- C:\Windows\System\KOUlmMn.exe
  C:\Windows\System\KOUlmMn.exe
  2⤵
  PID:6516
- C:\Windows\System\icZZFIU.exe
  C:\Windows\System\icZZFIU.exe
  2⤵
  PID:6556
- C:\Windows\System\LtVfjhY.exe
  C:\Windows\System\LtVfjhY.exe
  2⤵
  PID:6592
- C:\Windows\System\EDekiee.exe
  C:\Windows\System\EDekiee.exe
  2⤵
  PID:6608
- C:\Windows\System\IHkeKLZ.exe
  C:\Windows\System\IHkeKLZ.exe
  2⤵
  PID:6664
- C:\Windows\System\pCKgwKY.exe
  C:\Windows\System\pCKgwKY.exe
  2⤵
  PID:6792
- C:\Windows\System\eVCvCSI.exe
  C:\Windows\System\eVCvCSI.exe
  2⤵
  PID:6832
- C:\Windows\System\wfKmytX.exe
  C:\Windows\System\wfKmytX.exe
  2⤵
  PID:6828
- C:\Windows\System\SkKOXdz.exe
  C:\Windows\System\SkKOXdz.exe
  2⤵
  PID:6896
- C:\Windows\System\DpBDXuT.exe
  C:\Windows\System\DpBDXuT.exe
  2⤵
  PID:6960
- C:\Windows\System\CkRGpTy.exe
  C:\Windows\System\CkRGpTy.exe
  2⤵
  PID:6908
- C:\Windows\System\JjuEMzj.exe
  C:\Windows\System\JjuEMzj.exe
  2⤵
  PID:6880
- C:\Windows\System\BQQLfwR.exe
  C:\Windows\System\BQQLfwR.exe
  2⤵
  PID:6744
- C:\Windows\System\PzqCUNe.exe
  C:\Windows\System\PzqCUNe.exe
  2⤵
  PID:6804
- C:\Windows\System\aXldZkZ.exe
  C:\Windows\System\aXldZkZ.exe
  2⤵
  PID:6996
- C:\Windows\System\etBxThA.exe
  C:\Windows\System\etBxThA.exe
  2⤵
  PID:7064
- C:\Windows\System\jjcEOAj.exe
  C:\Windows\System\jjcEOAj.exe
  2⤵
  PID:7036
- C:\Windows\System\AvVJwhE.exe
  C:\Windows\System\AvVJwhE.exe
  2⤵
  PID:7112
- C:\Windows\System\lPyFeRy.exe
  C:\Windows\System\lPyFeRy.exe
  2⤵
  PID:7152
- C:\Windows\System\oTOFzvJ.exe
  C:\Windows\System\oTOFzvJ.exe
  2⤵
  PID:7164
- C:\Windows\System\YAIcBqj.exe
  C:\Windows\System\YAIcBqj.exe
  2⤵
  PID:5468
- C:\Windows\System\IfuWZlD.exe
  C:\Windows\System\IfuWZlD.exe
  2⤵
  PID:5784
- C:\Windows\System\ksqzJmW.exe
  C:\Windows\System\ksqzJmW.exe
  2⤵
  PID:6328
- C:\Windows\System\CaiETVU.exe
  C:\Windows\System\CaiETVU.exe
  2⤵
  PID:6308
- C:\Windows\System\kilIdNb.exe
  C:\Windows\System\kilIdNb.exe
  2⤵
  PID:6448
- C:\Windows\System\lTOuRxE.exe
  C:\Windows\System\lTOuRxE.exe
  2⤵
  PID:6496
- C:\Windows\System\tXDpZTR.exe
  C:\Windows\System\tXDpZTR.exe
  2⤵
  PID:6532
- C:\Windows\System\KyRDjbA.exe
  C:\Windows\System\KyRDjbA.exe
  2⤵
  PID:6344
- C:\Windows\System\sWBQwEZ.exe
  C:\Windows\System\sWBQwEZ.exe
  2⤵
  PID:6392
- C:\Windows\System\IrKRKhV.exe
  C:\Windows\System\IrKRKhV.exe
  2⤵
  PID:6432
- C:\Windows\System\EZZKzAB.exe
  C:\Windows\System\EZZKzAB.exe
  2⤵
  PID:6644
- C:\Windows\System\qluJeYT.exe
  C:\Windows\System\qluJeYT.exe
  2⤵
  PID:6572
- C:\Windows\System\dHXMsiG.exe
  C:\Windows\System\dHXMsiG.exe
  2⤵
  PID:6696
- C:\Windows\System\OoKFGdJ.exe
  C:\Windows\System\OoKFGdJ.exe
  2⤵
  PID:6724
- C:\Windows\System\qEXDxvB.exe
  C:\Windows\System\qEXDxvB.exe
  2⤵
  PID:6712
- C:\Windows\System\YuNrLth.exe
  C:\Windows\System\YuNrLth.exe
  2⤵
  PID:6984
- C:\Windows\System\PkqnAzf.exe
  C:\Windows\System\PkqnAzf.exe
  2⤵
  PID:6812
- C:\Windows\System\hMjUATr.exe
  C:\Windows\System\hMjUATr.exe
  2⤵
  PID:6928
- C:\Windows\System\nWyOrhw.exe
  C:\Windows\System\nWyOrhw.exe
  2⤵
  PID:7004
- C:\Windows\System\KKggjcq.exe
  C:\Windows\System\KKggjcq.exe
  2⤵
  PID:7060
- C:\Windows\System\lUHbwIr.exe
  C:\Windows\System\lUHbwIr.exe
  2⤵
  PID:7048
- C:\Windows\System\vsXMkKj.exe
  C:\Windows\System\vsXMkKj.exe
  2⤵
  PID:5524
- C:\Windows\System\GXSorXh.exe
  C:\Windows\System\GXSorXh.exe
  2⤵
  PID:6288
- C:\Windows\System\bfTbwyo.exe
  C:\Windows\System\bfTbwyo.exe
  2⤵
  PID:6180
- C:\Windows\System\WtutOfp.exe
  C:\Windows\System\WtutOfp.exe
  2⤵
  PID:5212
- C:\Windows\System\zpdneqv.exe
  C:\Windows\System\zpdneqv.exe
  2⤵
  PID:6412
- C:\Windows\System\ElXqrPr.exe
  C:\Windows\System\ElXqrPr.exe
  2⤵
  PID:7104
- C:\Windows\System\BBOLbSJ.exe
  C:\Windows\System\BBOLbSJ.exe
  2⤵
  PID:5308
- C:\Windows\System\jouuGlQ.exe
  C:\Windows\System\jouuGlQ.exe
  2⤵
  PID:6304
- C:\Windows\System\NknIaXZ.exe
  C:\Windows\System\NknIaXZ.exe
  2⤵
  PID:6192
- C:\Windows\System\aiZLrSh.exe
  C:\Windows\System\aiZLrSh.exe
  2⤵
  PID:6628
- C:\Windows\System\QjCqxKy.exe
  C:\Windows\System\QjCqxKy.exe
  2⤵
  PID:6760
- C:\Windows\System\Qzetobb.exe
  C:\Windows\System\Qzetobb.exe
  2⤵
  PID:7144
- C:\Windows\System\nfDujSl.exe
  C:\Windows\System\nfDujSl.exe
  2⤵
  PID:7076
- C:\Windows\System\dLJJqhz.exe
  C:\Windows\System\dLJJqhz.exe
  2⤵
  PID:4888
- C:\Windows\System\AGxPAzP.exe
  C:\Windows\System\AGxPAzP.exe
  2⤵
  PID:6940
- C:\Windows\System\pAhKjZk.exe
  C:\Windows\System\pAhKjZk.exe
  2⤵
  PID:7100
- C:\Windows\System\lKJEDDx.exe
  C:\Windows\System\lKJEDDx.exe
  2⤵
  PID:6624
- C:\Windows\System\yLrfknp.exe
  C:\Windows\System\yLrfknp.exe
  2⤵
  PID:6588
- C:\Windows\System\DfsNurW.exe
  C:\Windows\System\DfsNurW.exe
  2⤵
  PID:6492
- C:\Windows\System\OVBUisk.exe
  C:\Windows\System\OVBUisk.exe
  2⤵
  PID:6788
- C:\Windows\System\sWuLgWJ.exe
  C:\Windows\System\sWuLgWJ.exe
  2⤵
  PID:6148
- C:\Windows\System\zfuEFeh.exe
  C:\Windows\System\zfuEFeh.exe
  2⤵
  PID:7040
- C:\Windows\System\mYxInLx.exe
  C:\Windows\System\mYxInLx.exe
  2⤵
  PID:7184
- C:\Windows\System\qPnNxWq.exe
  C:\Windows\System\qPnNxWq.exe
  2⤵
  PID:7200
- C:\Windows\System\DQARcSY.exe
  C:\Windows\System\DQARcSY.exe
  2⤵
  PID:7216
- C:\Windows\System\TgHJikI.exe
  C:\Windows\System\TgHJikI.exe
  2⤵
  PID:7236
- C:\Windows\System\CYuzTJS.exe
  C:\Windows\System\CYuzTJS.exe
  2⤵
  PID:7252
- C:\Windows\System\WejsjBV.exe
  C:\Windows\System\WejsjBV.exe
  2⤵
  PID:7272
- C:\Windows\System\dZqgfXK.exe
  C:\Windows\System\dZqgfXK.exe
  2⤵
  PID:7288
- C:\Windows\System\gbZAQWT.exe
  C:\Windows\System\gbZAQWT.exe
  2⤵
  PID:7304
- C:\Windows\System\ZUGspYq.exe
  C:\Windows\System\ZUGspYq.exe
  2⤵
  PID:7320
- C:\Windows\System\lLAtqsX.exe
  C:\Windows\System\lLAtqsX.exe
  2⤵
  PID:7336
- C:\Windows\System\jQRduSu.exe
  C:\Windows\System\jQRduSu.exe
  2⤵
  PID:7352
- C:\Windows\System\qBOfcsP.exe
  C:\Windows\System\qBOfcsP.exe
  2⤵
  PID:7368
- C:\Windows\System\VyuhcAE.exe
  C:\Windows\System\VyuhcAE.exe
  2⤵
  PID:7384
- C:\Windows\System\ZyTHqwL.exe
  C:\Windows\System\ZyTHqwL.exe
  2⤵
  PID:7400
- C:\Windows\System\arlQzzm.exe
  C:\Windows\System\arlQzzm.exe
  2⤵
  PID:7416
- C:\Windows\System\bUtLuKm.exe
  C:\Windows\System\bUtLuKm.exe
  2⤵
  PID:7436
- C:\Windows\System\KUniqRE.exe
  C:\Windows\System\KUniqRE.exe
  2⤵
  PID:7456
- C:\Windows\System\XjWUGjf.exe
  C:\Windows\System\XjWUGjf.exe
  2⤵
  PID:7492
- C:\Windows\System\VosFoGI.exe
  C:\Windows\System\VosFoGI.exe
  2⤵
  PID:7508
- C:\Windows\System\BEjLhVp.exe
  C:\Windows\System\BEjLhVp.exe
  2⤵
  PID:7528
- C:\Windows\System\CoSeRds.exe
  C:\Windows\System\CoSeRds.exe
  2⤵
  PID:7548
- C:\Windows\System\tpCTtKC.exe
  C:\Windows\System\tpCTtKC.exe
  2⤵
  PID:7564
- C:\Windows\System\zXstzdj.exe
  C:\Windows\System\zXstzdj.exe
  2⤵
  PID:7580
- C:\Windows\System\zENvwFV.exe
  C:\Windows\System\zENvwFV.exe
  2⤵
  PID:7596
- C:\Windows\System\YTxsMdc.exe
  C:\Windows\System\YTxsMdc.exe
  2⤵
  PID:7612
- C:\Windows\System\LTWnQtv.exe
  C:\Windows\System\LTWnQtv.exe
  2⤵
  PID:7628
- C:\Windows\System\UCRGTOF.exe
  C:\Windows\System\UCRGTOF.exe
  2⤵
  PID:7644
- C:\Windows\System\ZjsXwly.exe
  C:\Windows\System\ZjsXwly.exe
  2⤵
  PID:7664
- C:\Windows\System\bbxrAgO.exe
  C:\Windows\System\bbxrAgO.exe
  2⤵
  PID:7684
- C:\Windows\System\qphctpA.exe
  C:\Windows\System\qphctpA.exe
  2⤵
  PID:7700
- C:\Windows\System\lniZrZZ.exe
  C:\Windows\System\lniZrZZ.exe
  2⤵
  PID:7724
- C:\Windows\System\gQBoybQ.exe
  C:\Windows\System\gQBoybQ.exe
  2⤵
  PID:7740
- C:\Windows\System\ZBSgXXh.exe
  C:\Windows\System\ZBSgXXh.exe
  2⤵
  PID:7756
- C:\Windows\System\EYkgbpA.exe
  C:\Windows\System\EYkgbpA.exe
  2⤵
  PID:7784
- C:\Windows\System\ZvqFEDO.exe
  C:\Windows\System\ZvqFEDO.exe
  2⤵
  PID:7820
- C:\Windows\System\LURDepp.exe
  C:\Windows\System\LURDepp.exe
  2⤵
  PID:7840
- C:\Windows\System\gRJJXwV.exe
  C:\Windows\System\gRJJXwV.exe
  2⤵
  PID:7860
- C:\Windows\System\pHciiiO.exe
  C:\Windows\System\pHciiiO.exe
  2⤵
  PID:7884
- C:\Windows\System\cHQrXwk.exe
  C:\Windows\System\cHQrXwk.exe
  2⤵
  PID:7904
- C:\Windows\System\BNDUFbt.exe
  C:\Windows\System\BNDUFbt.exe
  2⤵
  PID:7920
- C:\Windows\System\QcjxQdN.exe
  C:\Windows\System\QcjxQdN.exe
  2⤵
  PID:7936
- C:\Windows\System\JAAEZOw.exe
  C:\Windows\System\JAAEZOw.exe
  2⤵
  PID:7952
- C:\Windows\System\PkqAkUd.exe
  C:\Windows\System\PkqAkUd.exe
  2⤵
  PID:7984
- C:\Windows\System\tbAuRUV.exe
  C:\Windows\System\tbAuRUV.exe
  2⤵
  PID:8000
- C:\Windows\System\HnlBwtA.exe
  C:\Windows\System\HnlBwtA.exe
  2⤵
  PID:8024
- C:\Windows\System\vtqAczI.exe
  C:\Windows\System\vtqAczI.exe
  2⤵
  PID:8040
- C:\Windows\System\MXjwPjn.exe
  C:\Windows\System\MXjwPjn.exe
  2⤵
  PID:8056
- C:\Windows\System\vYDTLZu.exe
  C:\Windows\System\vYDTLZu.exe
  2⤵
  PID:8072
- C:\Windows\System\IvlYiaT.exe
  C:\Windows\System\IvlYiaT.exe
  2⤵
  PID:8088
- C:\Windows\System\esdXSih.exe
  C:\Windows\System\esdXSih.exe
  2⤵
  PID:8104
- C:\Windows\System\ccCLlXl.exe
  C:\Windows\System\ccCLlXl.exe
  2⤵
  PID:8120
- C:\Windows\System\TAJkEkd.exe
  C:\Windows\System\TAJkEkd.exe
  2⤵
  PID:8136
- C:\Windows\System\UuWqyIX.exe
  C:\Windows\System\UuWqyIX.exe
  2⤵
  PID:8152
- C:\Windows\System\VhGqNZe.exe
  C:\Windows\System\VhGqNZe.exe
  2⤵
  PID:8168
- C:\Windows\System\UDCxhDP.exe
  C:\Windows\System\UDCxhDP.exe
  2⤵
  PID:8184
- C:\Windows\System\jXyqZWJ.exe
  C:\Windows\System\jXyqZWJ.exe
  2⤵
  PID:6380
- C:\Windows\System\zUYBHDX.exe
  C:\Windows\System\zUYBHDX.exe
  2⤵
  PID:7212
- C:\Windows\System\QmIvoLI.exe
  C:\Windows\System\QmIvoLI.exe
  2⤵
  PID:7224
- C:\Windows\System\EQaJuOa.exe
  C:\Windows\System\EQaJuOa.exe
  2⤵
  PID:7268
- C:\Windows\System\qeNpLNo.exe
  C:\Windows\System\qeNpLNo.exe
  2⤵
  PID:7332
- C:\Windows\System\cgeeYiT.exe
  C:\Windows\System\cgeeYiT.exe
  2⤵
  PID:7424
- C:\Windows\System\qHJASFR.exe
  C:\Windows\System\qHJASFR.exe
  2⤵
  PID:7376
- C:\Windows\System\KoRtjVG.exe
  C:\Windows\System\KoRtjVG.exe
  2⤵
  PID:7464
- C:\Windows\System\vxHNLAi.exe
  C:\Windows\System\vxHNLAi.exe
  2⤵
  PID:7448
- C:\Windows\System\nPydwad.exe
  C:\Windows\System\nPydwad.exe
  2⤵
  PID:7504
- C:\Windows\System\LcphYmS.exe
  C:\Windows\System\LcphYmS.exe
  2⤵
  PID:7520
- C:\Windows\System\EOEUtrG.exe
  C:\Windows\System\EOEUtrG.exe
  2⤵
  PID:7624
- C:\Windows\System\BOQsMBM.exe
  C:\Windows\System\BOQsMBM.exe
  2⤵
  PID:7604
- C:\Windows\System\cVvseAc.exe
  C:\Windows\System\cVvseAc.exe
  2⤵
  PID:7576
- C:\Windows\System\klckuSf.exe
  C:\Windows\System\klckuSf.exe
  2⤵
  PID:7680
- C:\Windows\System\TblnyKB.exe
  C:\Windows\System\TblnyKB.exe
  2⤵
  PID:7712
- C:\Windows\System\xLIWflA.exe
  C:\Windows\System\xLIWflA.exe
  2⤵
  PID:7764
- C:\Windows\System\LoHaQLp.exe
  C:\Windows\System\LoHaQLp.exe
  2⤵
  PID:7792
- C:\Windows\System\WJEjplZ.exe
  C:\Windows\System\WJEjplZ.exe
  2⤵
  PID:7868
- C:\Windows\System\TMKZGIb.exe
  C:\Windows\System\TMKZGIb.exe
  2⤵
  PID:7912
- C:\Windows\System\QUmoyBV.exe
  C:\Windows\System\QUmoyBV.exe
  2⤵
  PID:7944
- C:\Windows\System\oHeolZs.exe
  C:\Windows\System\oHeolZs.exe
  2⤵
  PID:7856
- C:\Windows\System\VQGNWcD.exe
  C:\Windows\System\VQGNWcD.exe
  2⤵
  PID:7928
- C:\Windows\System\EjzuCeC.exe
  C:\Windows\System\EjzuCeC.exe
  2⤵
  PID:7964
- C:\Windows\System\IKJDpHf.exe
  C:\Windows\System\IKJDpHf.exe
  2⤵
  PID:7980
- C:\Windows\System\IxwboJU.exe
  C:\Windows\System\IxwboJU.exe
  2⤵
  PID:8020
- C:\Windows\System\hqTdWEH.exe
  C:\Windows\System\hqTdWEH.exe
  2⤵
  PID:8180
- C:\Windows\System\GWjOZiN.exe
  C:\Windows\System\GWjOZiN.exe
  2⤵
  PID:8132
- C:\Windows\System\irmOASs.exe
  C:\Windows\System\irmOASs.exe
  2⤵
  PID:8036
- C:\Windows\System\YdWtUyK.exe
  C:\Windows\System\YdWtUyK.exe
  2⤵
  PID:8164
- C:\Windows\System\SkchnBv.exe
  C:\Windows\System\SkchnBv.exe
  2⤵
  PID:7248
- C:\Windows\System\XiErxfY.exe
  C:\Windows\System\XiErxfY.exe
  2⤵
  PID:7132
- C:\Windows\System\KBkZBIz.exe
  C:\Windows\System\KBkZBIz.exe
  2⤵
  PID:7156
- C:\Windows\System\QjMZdvk.exe
  C:\Windows\System\QjMZdvk.exe
  2⤵
  PID:7392
- C:\Windows\System\HPJlSJL.exe
  C:\Windows\System\HPJlSJL.exe
  2⤵
  PID:7472
- C:\Windows\System\bBoAPnp.exe
  C:\Windows\System\bBoAPnp.exe
  2⤵
  PID:7540
- C:\Windows\System\vFPZYkI.exe
  C:\Windows\System\vFPZYkI.exe
  2⤵
  PID:7428
- C:\Windows\System\sgBVGxO.exe
  C:\Windows\System\sgBVGxO.exe
  2⤵
  PID:7260
- C:\Windows\System\bGVbEBq.exe
  C:\Windows\System\bGVbEBq.exe
  2⤵
  PID:7516
- C:\Windows\System\kvUBviS.exe
  C:\Windows\System\kvUBviS.exe
  2⤵
  PID:7656
- C:\Windows\System\SVbgvYe.exe
  C:\Windows\System\SVbgvYe.exe
  2⤵
  PID:7672
- C:\Windows\System\hfFZlys.exe
  C:\Windows\System\hfFZlys.exe
  2⤵
  PID:7836
- C:\Windows\System\cwLcCVm.exe
  C:\Windows\System\cwLcCVm.exe
  2⤵
  PID:8272
- C:\Windows\System\jrLzbjq.exe
  C:\Windows\System\jrLzbjq.exe
  2⤵
  PID:8296
- C:\Windows\System\OUxsykW.exe
  C:\Windows\System\OUxsykW.exe
  2⤵
  PID:8312
- C:\Windows\System\kpSBhCx.exe
  C:\Windows\System\kpSBhCx.exe
  2⤵
  PID:8340
- C:\Windows\System\armLVxM.exe
  C:\Windows\System\armLVxM.exe
  2⤵
  PID:8364
- C:\Windows\System\pZYXKHN.exe
  C:\Windows\System\pZYXKHN.exe
  2⤵
  PID:8380
- C:\Windows\System\CxNXRnO.exe
  C:\Windows\System\CxNXRnO.exe
  2⤵
  PID:8396
- C:\Windows\System\byUtZfA.exe
  C:\Windows\System\byUtZfA.exe
  2⤵
  PID:8428
- C:\Windows\System\PQMQthO.exe
  C:\Windows\System\PQMQthO.exe
  2⤵
  PID:8456
- C:\Windows\System\KUlpVgN.exe
  C:\Windows\System\KUlpVgN.exe
  2⤵
  PID:8476
- C:\Windows\System\WzBfTvZ.exe
  C:\Windows\System\WzBfTvZ.exe
  2⤵
  PID:8492
- C:\Windows\System\OcjlerT.exe
  C:\Windows\System\OcjlerT.exe
  2⤵
  PID:8900
- C:\Windows\System\JSxxPya.exe
  C:\Windows\System\JSxxPya.exe
  2⤵
  PID:8920
- C:\Windows\System\SMxMjoT.exe
  C:\Windows\System\SMxMjoT.exe
  2⤵
  PID:8936
- C:\Windows\System\qZPSIpw.exe
  C:\Windows\System\qZPSIpw.exe
  2⤵
  PID:8952
- C:\Windows\System\ZUfBYfe.exe
  C:\Windows\System\ZUfBYfe.exe
  2⤵
  PID:8968
- C:\Windows\System\nXkcujU.exe
  C:\Windows\System\nXkcujU.exe
  2⤵
  PID:8984
- C:\Windows\System\SACjZvQ.exe
  C:\Windows\System\SACjZvQ.exe
  2⤵
  PID:9000
- C:\Windows\System\GKrpkIc.exe
  C:\Windows\System\GKrpkIc.exe
  2⤵
  PID:9016
- C:\Windows\System\wCqEIIW.exe
  C:\Windows\System\wCqEIIW.exe
  2⤵
  PID:9032
- C:\Windows\System\ZlXgode.exe
  C:\Windows\System\ZlXgode.exe
  2⤵
  PID:9052
- C:\Windows\System\fVXznVm.exe
  C:\Windows\System\fVXznVm.exe
  2⤵
  PID:9080
- C:\Windows\System\SREhnnb.exe
  C:\Windows\System\SREhnnb.exe
  2⤵
  PID:9100
- C:\Windows\System\USRjOnE.exe
  C:\Windows\System\USRjOnE.exe
  2⤵
  PID:9116
- C:\Windows\System\lIzTUPh.exe
  C:\Windows\System\lIzTUPh.exe
  2⤵
  PID:9132
- C:\Windows\System\DMXsScZ.exe
  C:\Windows\System\DMXsScZ.exe
  2⤵
  PID:9156
- C:\Windows\System\fgSkmtc.exe
  C:\Windows\System\fgSkmtc.exe
  2⤵
  PID:9204
- C:\Windows\System\pzhFnYz.exe
  C:\Windows\System\pzhFnYz.exe
  2⤵
  PID:8096
- C:\Windows\System\NeOpjhU.exe
  C:\Windows\System\NeOpjhU.exe
  2⤵
  PID:7284
- C:\Windows\System\mFbXRpb.exe
  C:\Windows\System\mFbXRpb.exe
  2⤵
  PID:7364
- C:\Windows\System\kghJbCF.exe
  C:\Windows\System\kghJbCF.exe
  2⤵
  PID:7544
- C:\Windows\System\SxCtpiy.exe
  C:\Windows\System\SxCtpiy.exe
  2⤵
  PID:7852
- C:\Windows\System\qPRprOP.exe
  C:\Windows\System\qPRprOP.exe
  2⤵
  PID:7412
- C:\Windows\System\QFRJLHC.exe
  C:\Windows\System\QFRJLHC.exe
  2⤵
  PID:8248
- C:\Windows\System\FzvjnHV.exe
  C:\Windows\System\FzvjnHV.exe
  2⤵
  PID:7696
- C:\Windows\System\yYsTDNR.exe
  C:\Windows\System\yYsTDNR.exe
  2⤵
  PID:7748
- C:\Windows\System\ZmEOmrF.exe
  C:\Windows\System\ZmEOmrF.exe
  2⤵
  PID:7876
- C:\Windows\System\ysqnNZo.exe
  C:\Windows\System\ysqnNZo.exe
  2⤵
  PID:7812
- C:\Windows\System\jIQToIA.exe
  C:\Windows\System\jIQToIA.exe
  2⤵
  PID:8116
- C:\Windows\System\fjkZSMw.exe
  C:\Windows\System\fjkZSMw.exe
  2⤵
  PID:8128
- C:\Windows\System\ISoWHef.exe
  C:\Windows\System\ISoWHef.exe
  2⤵
  PID:8204
- C:\Windows\System\CNsAASH.exe
  C:\Windows\System\CNsAASH.exe
  2⤵
  PID:8228
- C:\Windows\System\jzIuQsr.exe
  C:\Windows\System\jzIuQsr.exe
  2⤵
  PID:8244
- C:\Windows\System\AYXVndy.exe
  C:\Windows\System\AYXVndy.exe
  2⤵
  PID:8268
- C:\Windows\System\AziCYOm.exe
  C:\Windows\System\AziCYOm.exe
  2⤵
  PID:8348
- C:\Windows\System\iqcpAaj.exe
  C:\Windows\System\iqcpAaj.exe
  2⤵
  PID:8392
- C:\Windows\System\IVSllDy.exe
  C:\Windows\System\IVSllDy.exe
  2⤵
  PID:8292
- C:\Windows\System\MGnEKWF.exe
  C:\Windows\System\MGnEKWF.exe
  2⤵
  PID:8336
- C:\Windows\System\MNrWmuM.exe
  C:\Windows\System\MNrWmuM.exe
  2⤵
  PID:8448
- C:\Windows\System\apnewVW.exe
  C:\Windows\System\apnewVW.exe
  2⤵
  PID:8416
- C:\Windows\System\FycBSoB.exe
  C:\Windows\System\FycBSoB.exe
  2⤵
  PID:8464
- C:\Windows\System\RUKLdzi.exe
  C:\Windows\System\RUKLdzi.exe
  2⤵
  PID:8528
- C:\Windows\System\mQrJvLH.exe
  C:\Windows\System\mQrJvLH.exe
  2⤵
  PID:8564
- C:\Windows\System\pUnmDlK.exe
  C:\Windows\System\pUnmDlK.exe
  2⤵
  PID:8604
- C:\Windows\System\wrZBjqE.exe
  C:\Windows\System\wrZBjqE.exe
  2⤵
  PID:8516
- C:\Windows\System\OxhpRiV.exe
  C:\Windows\System\OxhpRiV.exe
  2⤵
  PID:8632
- C:\Windows\System\pWHMdvI.exe
  C:\Windows\System\pWHMdvI.exe
  2⤵
  PID:8572
- C:\Windows\System\ZeUgUeD.exe
  C:\Windows\System\ZeUgUeD.exe
  2⤵
  PID:8692
- C:\Windows\System\rOpkjsm.exe
  C:\Windows\System\rOpkjsm.exe
  2⤵
  PID:8744
- C:\Windows\System\UHyaGcF.exe
  C:\Windows\System\UHyaGcF.exe
  2⤵
  PID:8608
- C:\Windows\System\UYzPMcH.exe
  C:\Windows\System\UYzPMcH.exe
  2⤵
  PID:8568
- C:\Windows\System\ACpykFU.exe
  C:\Windows\System\ACpykFU.exe
  2⤵
  PID:8796
- C:\Windows\System\ZWxDOxX.exe
  C:\Windows\System\ZWxDOxX.exe
  2⤵
  PID:8704
- C:\Windows\System\noKxqPL.exe
  C:\Windows\System\noKxqPL.exe
  2⤵
  PID:8668
- C:\Windows\System\iPUMBKl.exe
  C:\Windows\System\iPUMBKl.exe
  2⤵
  PID:8636
- C:\Windows\System\RAMXFrY.exe
  C:\Windows\System\RAMXFrY.exe
  2⤵
  PID:8776
- C:\Windows\System\rjLZWtH.exe
  C:\Windows\System\rjLZWtH.exe
  2⤵
  PID:8780
- C:\Windows\System\HKQDUPf.exe
  C:\Windows\System\HKQDUPf.exe
  2⤵
  PID:8856
- C:\Windows\System\rwifyjp.exe
  C:\Windows\System\rwifyjp.exe
  2⤵
  PID:8868
- C:\Windows\System\PifrYby.exe
  C:\Windows\System\PifrYby.exe
  2⤵
  PID:8808
- C:\Windows\System\TDTJnTV.exe
  C:\Windows\System\TDTJnTV.exe
  2⤵
  PID:8888
- C:\Windows\System\kKnNRSQ.exe
  C:\Windows\System\kKnNRSQ.exe
  2⤵
  PID:8932
- C:\Windows\System\eCfRCRA.exe
  C:\Windows\System\eCfRCRA.exe
  2⤵
  PID:8960
- C:\Windows\System\BSlRbzc.exe
  C:\Windows\System\BSlRbzc.exe
  2⤵
  PID:9044
- C:\Windows\System\wZtVFCZ.exe
  C:\Windows\System\wZtVFCZ.exe
  2⤵
  PID:9124
- C:\Windows\System\heybpNh.exe
  C:\Windows\System\heybpNh.exe
  2⤵
  PID:9028
- C:\Windows\System\xouoUoS.exe
  C:\Windows\System\xouoUoS.exe
  2⤵
  PID:9024
- C:\Windows\System\VpYkMHY.exe
  C:\Windows\System\VpYkMHY.exe
  2⤵
  PID:9140
- C:\Windows\System\ULMzzwQ.exe
  C:\Windows\System\ULMzzwQ.exe
  2⤵
  PID:9188
- C:\Windows\System\DoYCyVB.exe
  C:\Windows\System\DoYCyVB.exe
  2⤵
  PID:9200
- C:\Windows\System\hQFJhaL.exe
  C:\Windows\System\hQFJhaL.exe
  2⤵
  PID:6808
- C:\Windows\System\YqiSmxu.exe
  C:\Windows\System\YqiSmxu.exe
  2⤵
  PID:7736
- C:\Windows\System\eaBdIVR.exe
  C:\Windows\System\eaBdIVR.exe
  2⤵
  PID:7300
- C:\Windows\System\fAjJgMv.exe
  C:\Windows\System\fAjJgMv.exe
  2⤵
  PID:7900
- C:\Windows\System\VhMtAxV.exe
  C:\Windows\System\VhMtAxV.exe
  2⤵
  PID:7780
- C:\Windows\System\MTAKhge.exe
  C:\Windows\System\MTAKhge.exe
  2⤵
  PID:7976
- C:\Windows\System\wHKKCOW.exe
  C:\Windows\System\wHKKCOW.exe
  2⤵
  PID:8176
- C:\Windows\System\OCaSAol.exe
  C:\Windows\System\OCaSAol.exe
  2⤵
  PID:9152
- C:\Windows\System\EwIkQzq.exe
  C:\Windows\System\EwIkQzq.exe
  2⤵
  PID:8216
- C:\Windows\System\pKNVQtn.exe
  C:\Windows\System\pKNVQtn.exe
  2⤵
  PID:8264
- C:\Windows\System\JdliplN.exe
  C:\Windows\System\JdliplN.exe
  2⤵
  PID:8360
- C:\Windows\System\tGwTgVZ.exe
  C:\Windows\System\tGwTgVZ.exe
  2⤵
  PID:8324
- C:\Windows\System\ombpLkq.exe
  C:\Windows\System\ombpLkq.exe
  2⤵
  PID:8444
- C:\Windows\System\XpXOjuh.exe
  C:\Windows\System\XpXOjuh.exe
  2⤵
  PID:8440
- C:\Windows\System\YwHvgeD.exe
  C:\Windows\System\YwHvgeD.exe
  2⤵
  PID:8512
- C:\Windows\System\fSoZCoP.exe
  C:\Windows\System\fSoZCoP.exe
  2⤵
  PID:8556
- C:\Windows\System\vqoptwM.exe
  C:\Windows\System\vqoptwM.exe
  2⤵
  PID:8588
- C:\Windows\System\EJXlPjO.exe
  C:\Windows\System\EJXlPjO.exe
  2⤵
  PID:8680
- C:\Windows\System\bbhChSX.exe
  C:\Windows\System\bbhChSX.exe
  2⤵
  PID:8624
- C:\Windows\System\zgWAlqo.exe
  C:\Windows\System\zgWAlqo.exe
  2⤵
  PID:8804
- C:\Windows\System\unOWPih.exe
  C:\Windows\System\unOWPih.exe
  2⤵
  PID:8828
- C:\Windows\System\fxeqnpc.exe
  C:\Windows\System\fxeqnpc.exe
  2⤵
  PID:8792
- C:\Windows\System\veZmehe.exe
  C:\Windows\System\veZmehe.exe
  2⤵
  PID:8772
- C:\Windows\System\tVbbcqB.exe
  C:\Windows\System\tVbbcqB.exe
  2⤵
  PID:8864
- C:\Windows\System\kmtNxpx.exe
  C:\Windows\System\kmtNxpx.exe
  2⤵
  PID:8820
- C:\Windows\System\tnysDnl.exe
  C:\Windows\System\tnysDnl.exe
  2⤵
  PID:8880
- C:\Windows\System\ERBwyky.exe
  C:\Windows\System\ERBwyky.exe
  2⤵
  PID:8732
- C:\Windows\System\nDVgjTb.exe
  C:\Windows\System\nDVgjTb.exe
  2⤵
  PID:8908
- C:\Windows\System\OUHQDsA.exe
  C:\Windows\System\OUHQDsA.exe
  2⤵
  PID:9012
- C:\Windows\System\vRfTqQA.exe
  C:\Windows\System\vRfTqQA.exe
  2⤵
  PID:9092
- C:\Windows\System\AGjJXiT.exe
  C:\Windows\System\AGjJXiT.exe
  2⤵
  PID:9112
- C:\Windows\System\Nyhigdb.exe
  C:\Windows\System\Nyhigdb.exe
  2⤵
  PID:9068
- C:\Windows\System\JSibBZZ.exe
  C:\Windows\System\JSibBZZ.exe
  2⤵
  PID:9172
- C:\Windows\System\mabDovN.exe
  C:\Windows\System\mabDovN.exe
  2⤵
  PID:8032
- C:\Windows\System\uENDAbR.exe
  C:\Windows\System\uENDAbR.exe
  2⤵
  PID:7328
- C:\Windows\System\GQAnUmR.exe
  C:\Windows\System\GQAnUmR.exe
  2⤵
  PID:8012
- C:\Windows\System\mVquEAK.exe
  C:\Windows\System\mVquEAK.exe
  2⤵
  PID:8200
- C:\Windows\System\kWNxIxs.exe
  C:\Windows\System\kWNxIxs.exe
  2⤵
  PID:8236
- C:\Windows\System\JKVEDzD.exe
  C:\Windows\System\JKVEDzD.exe
  2⤵
  PID:8388
- C:\Windows\System\hbAqNqT.exe
  C:\Windows\System\hbAqNqT.exe
  2⤵
  PID:8288
- C:\Windows\System\xsHPGii.exe
  C:\Windows\System\xsHPGii.exe
  2⤵
  PID:8552
- C:\Windows\System\jQUObdI.exe
  C:\Windows\System\jQUObdI.exe
  2⤵
  PID:8752
- C:\Windows\System\wzqjlRZ.exe
  C:\Windows\System\wzqjlRZ.exe
  2⤵
  PID:8424
- C:\Windows\System\crMQwjP.exe
  C:\Windows\System\crMQwjP.exe
  2⤵
  PID:8600
- C:\Windows\System\ECIGmnG.exe
  C:\Windows\System\ECIGmnG.exe
  2⤵
  PID:8836
- C:\Windows\System\KIRmMRT.exe
  C:\Windows\System\KIRmMRT.exe
  2⤵
  PID:8976
- C:\Windows\System\jZPomAi.exe
  C:\Windows\System\jZPomAi.exe
  2⤵
  PID:8992
- C:\Windows\System\TNeVaZz.exe
  C:\Windows\System\TNeVaZz.exe
  2⤵
  PID:7620
- C:\Windows\System\JBwUrsE.exe
  C:\Windows\System\JBwUrsE.exe
  2⤵
  PID:8852
- C:\Windows\System\PDSFLeU.exe
  C:\Windows\System\PDSFLeU.exe
  2⤵
  PID:8372
- C:\Windows\System\JYYueqF.exe
  C:\Windows\System\JYYueqF.exe
  2⤵
  PID:7808
- C:\Windows\System\WgDbpjA.exe
  C:\Windows\System\WgDbpjA.exe
  2⤵
  PID:8884
- C:\Windows\System\kDdAZII.exe
  C:\Windows\System\kDdAZII.exe
  2⤵
  PID:9048
- C:\Windows\System\XacGukJ.exe
  C:\Windows\System\XacGukJ.exe
  2⤵
  PID:7992
- C:\Windows\System\gFGBOSf.exe
  C:\Windows\System\gFGBOSf.exe
  2⤵
  PID:8580
- C:\Windows\System\PGaWoCF.exe
  C:\Windows\System\PGaWoCF.exe
  2⤵
  PID:7396
- C:\Windows\System\voAapWj.exe
  C:\Windows\System\voAapWj.exe
  2⤵
  PID:8284
- C:\Windows\System\cFqnIOq.exe
  C:\Windows\System\cFqnIOq.exe
  2⤵
  PID:8656
- C:\Windows\System\bqLCPyH.exe
  C:\Windows\System\bqLCPyH.exe
  2⤵
  PID:8816
- C:\Windows\System\wxuviZJ.exe
  C:\Windows\System\wxuviZJ.exe
  2⤵
  PID:8912
- C:\Windows\System\mfvFOWl.exe
  C:\Windows\System\mfvFOWl.exe
  2⤵
  PID:8724
- C:\Windows\System\HZjtPje.exe
  C:\Windows\System\HZjtPje.exe
  2⤵
  PID:8308
- C:\Windows\System\ayGfEXX.exe
  C:\Windows\System\ayGfEXX.exe
  2⤵
  PID:7196
- C:\Windows\System\TnTbrMx.exe
  C:\Windows\System\TnTbrMx.exe
  2⤵
  PID:8848
- C:\Windows\System\pZxSAdr.exe
  C:\Windows\System\pZxSAdr.exe
  2⤵
  PID:8824
- C:\Windows\System\KJfOaHu.exe
  C:\Windows\System\KJfOaHu.exe
  2⤵
  PID:9176
- C:\Windows\System\DCpSQya.exe
  C:\Windows\System\DCpSQya.exe
  2⤵
  PID:8664
- C:\Windows\System\SCgQdzU.exe
  C:\Windows\System\SCgQdzU.exe
  2⤵
  PID:9076
- C:\Windows\System\lzqAGoH.exe
  C:\Windows\System\lzqAGoH.exe
  2⤵
  PID:9228
- C:\Windows\System\qEDJSYO.exe
  C:\Windows\System\qEDJSYO.exe
  2⤵
  PID:9252
- C:\Windows\System\JXxNitN.exe
  C:\Windows\System\JXxNitN.exe
  2⤵
  PID:9272
- C:\Windows\System\KqlVJff.exe
  C:\Windows\System\KqlVJff.exe
  2⤵
  PID:9292
- C:\Windows\System\AAgFwko.exe
  C:\Windows\System\AAgFwko.exe
  2⤵
  PID:9308
- C:\Windows\System\HwQcYGn.exe
  C:\Windows\System\HwQcYGn.exe
  2⤵
  PID:9328
- C:\Windows\System\lFbNvXn.exe
  C:\Windows\System\lFbNvXn.exe
  2⤵
  PID:9344
- C:\Windows\System\srIHmFK.exe
  C:\Windows\System\srIHmFK.exe
  2⤵
  PID:9360
- C:\Windows\System\GcGbXqj.exe
  C:\Windows\System\GcGbXqj.exe
  2⤵
  PID:9376
- C:\Windows\System\FJSINow.exe
  C:\Windows\System\FJSINow.exe
  2⤵
  PID:9416
- C:\Windows\System\IJKPPlo.exe
  C:\Windows\System\IJKPPlo.exe
  2⤵
  PID:9432
- C:\Windows\System\SyxNyWl.exe
  C:\Windows\System\SyxNyWl.exe
  2⤵
  PID:9456
- C:\Windows\System\VHphjvy.exe
  C:\Windows\System\VHphjvy.exe
  2⤵
  PID:9476
- C:\Windows\System\nCpCBZw.exe
  C:\Windows\System\nCpCBZw.exe
  2⤵
  PID:9500
- C:\Windows\System\qWWliCR.exe
  C:\Windows\System\qWWliCR.exe
  2⤵
  PID:9516
- C:\Windows\System\UZdfJau.exe
  C:\Windows\System\UZdfJau.exe
  2⤵
  PID:9536
- C:\Windows\System\quQEaFD.exe
  C:\Windows\System\quQEaFD.exe
  2⤵
  PID:9556
- C:\Windows\System\ahNKRLx.exe
  C:\Windows\System\ahNKRLx.exe
  2⤵
  PID:9572
- C:\Windows\System\EByaaFP.exe
  C:\Windows\System\EByaaFP.exe
  2⤵
  PID:9592
- C:\Windows\System\BiciGoG.exe
  C:\Windows\System\BiciGoG.exe
  2⤵
  PID:9612
- C:\Windows\System\WlyETdM.exe
  C:\Windows\System\WlyETdM.exe
  2⤵
  PID:9640
- C:\Windows\System\cHlngTu.exe
  C:\Windows\System\cHlngTu.exe
  2⤵
  PID:9656
- C:\Windows\System\yOcxfRO.exe
  C:\Windows\System\yOcxfRO.exe
  2⤵
  PID:9676
- C:\Windows\System\dXfVRtT.exe
  C:\Windows\System\dXfVRtT.exe
  2⤵
  PID:9692
- C:\Windows\System\QaRgNVc.exe
  C:\Windows\System\QaRgNVc.exe
  2⤵
  PID:9712
- C:\Windows\System\NCAikGy.exe
  C:\Windows\System\NCAikGy.exe
  2⤵
  PID:9732
- C:\Windows\System\EjRwOAb.exe
  C:\Windows\System\EjRwOAb.exe
  2⤵
  PID:9752
- C:\Windows\System\kZibxlR.exe
  C:\Windows\System\kZibxlR.exe
  2⤵
  PID:9768
- C:\Windows\System\IejZcBb.exe
  C:\Windows\System\IejZcBb.exe
  2⤵
  PID:9784
- C:\Windows\System\xjpPata.exe
  C:\Windows\System\xjpPata.exe
  2⤵
  PID:9808
- C:\Windows\System\NVkuNvP.exe
  C:\Windows\System\NVkuNvP.exe
  2⤵
  PID:9828
- C:\Windows\System\zCSAglj.exe
  C:\Windows\System\zCSAglj.exe
  2⤵
  PID:9844
- C:\Windows\System\BTbGKpP.exe
  C:\Windows\System\BTbGKpP.exe
  2⤵
  PID:9860
- C:\Windows\System\ROpTtSG.exe
  C:\Windows\System\ROpTtSG.exe
  2⤵
  PID:9888
- C:\Windows\System\bPfYAQg.exe
  C:\Windows\System\bPfYAQg.exe
  2⤵
  PID:9904
- C:\Windows\System\hlDWInp.exe
  C:\Windows\System\hlDWInp.exe
  2⤵
  PID:9924
- C:\Windows\System\OZvyECE.exe
  C:\Windows\System\OZvyECE.exe
  2⤵
  PID:9940
- C:\Windows\System\MOhnXng.exe
  C:\Windows\System\MOhnXng.exe
  2⤵
  PID:9968
- C:\Windows\System\bXJWrbl.exe
  C:\Windows\System\bXJWrbl.exe
  2⤵
  PID:9996
- C:\Windows\System\DYCRHQf.exe
  C:\Windows\System\DYCRHQf.exe
  2⤵
  PID:10016
- C:\Windows\System\tufrOYU.exe
  C:\Windows\System\tufrOYU.exe
  2⤵
  PID:10032
- C:\Windows\System\xtHLbGm.exe
  C:\Windows\System\xtHLbGm.exe
  2⤵
  PID:10048
- C:\Windows\System\ApLvMXw.exe
  C:\Windows\System\ApLvMXw.exe
  2⤵
  PID:10064
- C:\Windows\System\gNcSqAv.exe
  C:\Windows\System\gNcSqAv.exe
  2⤵
  PID:10080
- C:\Windows\System\aKDcoAE.exe
  C:\Windows\System\aKDcoAE.exe
  2⤵
  PID:10116
- C:\Windows\System\gXgSQYM.exe
  C:\Windows\System\gXgSQYM.exe
  2⤵
  PID:10132
- C:\Windows\System\xxMPhZf.exe
  C:\Windows\System\xxMPhZf.exe
  2⤵
  PID:10156
- C:\Windows\System\doylQaj.exe
  C:\Windows\System\doylQaj.exe
  2⤵
  PID:10172
- C:\Windows\System\ROWThAS.exe
  C:\Windows\System\ROWThAS.exe
  2⤵
  PID:10200
- C:\Windows\System\wFciIao.exe
  C:\Windows\System\wFciIao.exe
  2⤵
  PID:10216
- C:\Windows\System\MBhLvMf.exe
  C:\Windows\System\MBhLvMf.exe
  2⤵
  PID:10236
- C:\Windows\System\zVfHskW.exe
  C:\Windows\System\zVfHskW.exe
  2⤵
  PID:9264
- C:\Windows\System\ZVEjZwG.exe
  C:\Windows\System\ZVEjZwG.exe
  2⤵
  PID:9340
- C:\Windows\System\LlHOmMe.exe
  C:\Windows\System\LlHOmMe.exe
  2⤵
  PID:9240
- C:\Windows\System\RbYcsog.exe
  C:\Windows\System\RbYcsog.exe
  2⤵
  PID:9324
- C:\Windows\System\aRGehdY.exe
  C:\Windows\System\aRGehdY.exe
  2⤵
  PID:9280
- C:\Windows\System\igUNaKq.exe
  C:\Windows\System\igUNaKq.exe
  2⤵
  PID:9392
- C:\Windows\System\KwXOHEs.exe
  C:\Windows\System\KwXOHEs.exe
  2⤵
  PID:9428
- C:\Windows\System\jmgEKcQ.exe
  C:\Windows\System\jmgEKcQ.exe
  2⤵
  PID:9444
- C:\Windows\System\BGlNpoG.exe
  C:\Windows\System\BGlNpoG.exe
  2⤵
  PID:9472
- C:\Windows\System\KJvTDSf.exe
  C:\Windows\System\KJvTDSf.exe
  2⤵
  PID:9508
- C:\Windows\System\vZlhHIV.exe
  C:\Windows\System\vZlhHIV.exe
  2⤵
  PID:9532
- C:\Windows\System\bQDgDVc.exe
  C:\Windows\System\bQDgDVc.exe
  2⤵
  PID:9584
- C:\Windows\System\VGrQMub.exe
  C:\Windows\System\VGrQMub.exe
  2⤵
  PID:9608
- C:\Windows\System\wxUJpqg.exe
  C:\Windows\System\wxUJpqg.exe
  2⤵
  PID:9668
- C:\Windows\System\qYEwmCX.exe
  C:\Windows\System\qYEwmCX.exe
  2⤵
  PID:9688
- C:\Windows\System\GMNTATu.exe
  C:\Windows\System\GMNTATu.exe
  2⤵
  PID:9744
- C:\Windows\System\UYubWjF.exe
  C:\Windows\System\UYubWjF.exe
  2⤵
  PID:9816
- C:\Windows\System\eyzubjf.exe
  C:\Windows\System\eyzubjf.exe
  2⤵
  PID:9760
- C:\Windows\System\IDYeNxO.exe
  C:\Windows\System\IDYeNxO.exe
  2⤵
  PID:9896
- C:\Windows\System\TIXcVuF.exe
  C:\Windows\System\TIXcVuF.exe
  2⤵
  PID:9840
- C:\Windows\System\sAFczZS.exe
  C:\Windows\System\sAFczZS.exe
  2⤵
  PID:9936
- C:\Windows\System\gmxvqre.exe
  C:\Windows\System\gmxvqre.exe
  2⤵
  PID:9980
- C:\Windows\System\qQAXCYc.exe
  C:\Windows\System\qQAXCYc.exe
  2⤵
  PID:9948
- C:\Windows\System\jbZEEwn.exe
  C:\Windows\System\jbZEEwn.exe
  2⤵
  PID:10024
- C:\Windows\System\KhJaGyE.exe
  C:\Windows\System\KhJaGyE.exe
  2⤵
  PID:10004
- C:\Windows\System\ZQZJEjo.exe
  C:\Windows\System\ZQZJEjo.exe
  2⤵
  PID:10100
- C:\Windows\System\WFUBcro.exe
  C:\Windows\System\WFUBcro.exe
  2⤵
  PID:10112
- C:\Windows\System\iRloTLw.exe
  C:\Windows\System\iRloTLw.exe
  2⤵
  PID:10076
- C:\Windows\System\UjhNChO.exe
  C:\Windows\System\UjhNChO.exe
  2⤵
  PID:10152
- C:\Windows\System\bKOlrHk.exe
  C:\Windows\System\bKOlrHk.exe
  2⤵
  PID:10196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AFoFdQP.exe

Filesize
6.0MB

MD5
3499f4bc54ea50cb898f8a3ecf46df34

SHA1
a8ad4a2eb9ec5d997e5ca5c1036098c2cd41e337

SHA256
73b32d6cd98aa0149a0f24547f5b0b86569b35ffd264516dba56b2b04b11edb6

SHA512
9d5e081bc126cce780ac12a77603d8a5f1a369206a13167e65c398e58505e23c451647b18cf5e34249fa9b3fd8ee719055daa321a4bd84731012d114192877af

Download Submit
C:\Windows\system\AIPySfz.exe

Filesize
6.0MB

MD5
3a3f057fd1558641250bc19a6a36c852

SHA1
15cd822e9e2b0511a4d987cf793dc8858904bc9c

SHA256
7cfe50b4b1f695264fa8558d5f83ca20b97d5d038591e9fe93cd8b3bb50cffe4

SHA512
90cd9c3eee99b4b158a7985dac2f9662169f0af0457ef05db8ef9de0e1fbf695165aeb1c64cfc729500d33219a1560d2772370897cb5def98f25e07c99b1a4e7

Download Submit
C:\Windows\system\ANeWupZ.exe

Filesize
6.0MB

MD5
88803cc30e60b8e9e42409afd58574e6

SHA1
769e0acf59759fb8024b6a7cef2e50188ceb1c44

SHA256
fd99efddde229607e6925dc7a796f140cb230b8011abd99a8a09ccbba5383d6a

SHA512
c0ac5deaf1f270ad1c9ddb2cc65d1b4b8d04de24543e9ba0b097ff16e599e084a1df69fa3628b6bbcbfc84ce82b03909211ce19b4fae2dc36dd499743b26a7da

Download Submit
C:\Windows\system\CMaTbRP.exe

Filesize
6.0MB

MD5
2f6d14f157ccbc00ec70a2c3855bc9fb

SHA1
4dc5af87ab24853a2b374b0e16b24c17026227cc

SHA256
6f70157fb473ac01ec55030e8666dbbd12c328eb576f8cd49be5c57774b3d3d2

SHA512
664eb713bc72498f1823edfa1c07d371cd36d1823ec41791f6126c4d9948c35d98807455272284e07cda4493515c6a2d5fd19d1c7e6913ef7f1bc79b6bf6b403

Download Submit
C:\Windows\system\EZUEJNe.exe

Filesize
6.0MB

MD5
7bae707bb0d70ee6bc26ccfd8946789d

SHA1
46171d65b6e201e45653934caa47adbe00fd7c90

SHA256
ff116513202e680e6cc56f7b2f69b77eac44062c7cf6c2ed9ff48cac6fd6bb0b

SHA512
3b759167b899f972666040dd927a90130c9ae62da5fd50e35c04952d5159bff6b52676a0c56b028852c4acdcfd6c07fabc9fd9a43774a3424c6174044f9709ff

Download Submit
C:\Windows\system\HjQOuwG.exe

Filesize
6.0MB

MD5
9a7e95b6db4cefaa3f4396953eee6f5d

SHA1
6263d58718032c3a8aba8e98013cb13f3e4c9b16

SHA256
8a49538917bb279b124d3dfc765667ec523a305c63914aa614d51472edbd6260

SHA512
504a5841641aaa98182d382cb0097c6a9a036c42f2770a7d97349f68fcf5c47f69cf5003e5022db24f8323353e3da512841a240e09fe57706d9ea8f11a8890fd

Download Submit
C:\Windows\system\JuNmyfx.exe

Filesize
6.0MB

MD5
9ce69d2e9ad5dbe25ea133465b9d13b2

SHA1
fa233dfd84abbce62b301fba3db72c5204290222

SHA256
f67275c8086c6d6bfb140326acd69edc99d39563bc882adb106c84ab4d14f5fd

SHA512
0c8ca0c1afda23ae2e34c5203075bbc4bdd449264a63c2ee08c9bdf2e42e67dbda184aadcb8e5e4dae2e6f4df5a2c90645b1c7ec44fa62678a68f32a2fb4f78c

Download Submit
C:\Windows\system\PDuEqwe.exe

Filesize
6.0MB

MD5
b7c246e9c2288c89f06dde1955338267

SHA1
51524be2a4e0edfd4ece7651efa61caf0bf24c1c

SHA256
389ea3ac4847ab24de35ed690576294ecc138fcafcb0bd632cb6059e5348168c

SHA512
ebf6fb22b0765004c0769598619fef85809b92b93de12a363b666d2fdce454b83fbe57928c8deb652ea34c3ec63ae7df6db8ce301f9883d4d920a1610b102532

Download Submit
C:\Windows\system\QlFaSfy.exe

Filesize
6.0MB

MD5
dc244dc0ff21f15812a16c3255d8ec89

SHA1
1d9924becff499ed5322672d4ba45271650e0a2f

SHA256
c542cc24c381fad178bc140875545e961d16520e11c3aee240e895e1600f0c9b

SHA512
de7cd2bed8ad4405f2625f11a7c09eb88485df55be7bc374db84579660773a74247272a272f8146fff7f3d508aa9969af5b2b992ee5df4f6af32c6f1e7935ab9

Download Submit
C:\Windows\system\RjJJMSA.exe

Filesize
6.0MB

MD5
c6dbfbba243105401fd891e5614fa87c

SHA1
cbe7d3d58d866eb3a386378354d5aa59cc9098db

SHA256
ce3b9a24482762aedd6969164ef5ac2ac45a3d560a2b217ada3ef3d2c9b3db08

SHA512
8ee3f88e6a7a4f0fd7728dcc2786344683d8c546fd473f24bcd53f6e1d32bf0c02841ba66c73f42f9fa330ca152a3503b42acf07aee6afe7ec01a3069d6d5397

Download Submit
C:\Windows\system\TYcFqha.exe

Filesize
6.0MB

MD5
f276f93a985302dd32d9c091ffadfe8f

SHA1
4e8e2f4085c39940440bf0afed0ba36c76fb7686

SHA256
0a06a985224535773a9984cde2acc74796a0a95e850950191f3d30d95bb56a8e

SHA512
4dfd6cac40ce8f8f171e42a50e6f46cd55f480b54ba785865b63d8781db1544c4032e0d0bc1072f9f2e18a9752c52b3ba553e6ef04e294db8e1f4bb96ba2d1cd

Download Submit
C:\Windows\system\UmKJOdq.exe

Filesize
6.0MB

MD5
5f5b5291be049df68285a879720d1eab

SHA1
1936dcb5c189f8657fdf369afa1fe6a20d0b3dc7

SHA256
ed3562c1cbdaab28869f7bbff5747d597aa76f399605004f5745e5456f6079e9

SHA512
b22a3316ba4d447ec1a2bd924df92d0015f0a94dd308d7ebcc7e0870f28109a5b2ef3868534420ee30b31fa925cc3eb809cf2621c64eef5afc31dc3003d7d972

Download Submit
C:\Windows\system\XnCIEeu.exe

Filesize
6.0MB

MD5
748fb6daa1d3e2b673213a9ff0706ab3

SHA1
947a2730ff46e7a9e3dc986997623df22f4dfa07

SHA256
489cb0e4f7ecbb187aa10f318b0628e4275f99ce10e7663e604895f13ce54f7b

SHA512
f7825303892cac433af03206e69620c159839f9549a42e680933df6ba118860912a96b681397660c4e4ece4fa4b9af0e05609fc79df9a36df195bb554800abd9

Download Submit
C:\Windows\system\YGGJhKg.exe

Filesize
6.0MB

MD5
94db7d40a5c66e4353c2b472b21dab7f

SHA1
a0e639bc5686f81ffeb8d31096f7d0968d4b584c

SHA256
6eadf47339d275d41aa57f0face153d45eb87a344f3cd6ab78c56f8927e7c3a7

SHA512
57dea3080130e9a6f7f9a529321db167aa4fdfa2a1e78c8a0e24849ac9b58a4f8b50dc97855b7b00953c4a92fbf7a6d591dfc2197c55ee98274a4d6d43dec0f5

Download Submit
C:\Windows\system\bZHXjnV.exe

Filesize
6.0MB

MD5
71756d477fda50172a91bb283cac1772

SHA1
e36e50c163866c146baaa677830c57896b8e8f52

SHA256
b8aceeeb2c7ac0e90dda21eb84408094b819f4294a58de02cb2df98e58128d10

SHA512
f1659058a725065cccd241ae397835cb1e33c09f2c5c0eecb56e57280e78d0a5072897080e1fed3585696fb4967fd263a628b2e10dcae7f5365d06172996b0a8

Download Submit
C:\Windows\system\dRtpyDK.exe

Filesize
6.0MB

MD5
dca543b3dfd704c8a8f2f1a0e63c9b1e

SHA1
8f3d263e4acfdc9e2e7efee5a4f5c341dd6e71f3

SHA256
f2a564dd77829ff582f57613fc998498f382248db435dc309ef828ba576b08e6

SHA512
3d6054bef31bf5cedbe5eddc1293349bbad40f8b54d61323f7e9ee71c11a7115a4b39b9f1d66b2dcea86c400058a42154b019fc7635e6a19531970eaf70ab992

Download Submit
C:\Windows\system\hUfkhTz.exe

Filesize
6.0MB

MD5
693820b56c0db74e82f2199ddd38544e

SHA1
66df5b77a44cedd1b5e3e7b46013d66fb4f080ee

SHA256
44b2d77d9ce4c18ba4721ecb33ff0956bb9d962c5fcf5b696eb68e3f5724fa1a

SHA512
a52cc773adab69345307c05eaf091b310fbd7c70c34205605703df9e6b9a85b8548de3a99c948000db33510e391f73b755cc9bcd0ee4227a750aac6bf219f64b

Download Submit
C:\Windows\system\lXgsxAl.exe

Filesize
6.0MB

MD5
3c33996dd4099a7591906f2895520dc7

SHA1
a7768d1b7e7b3c9cd43d57d046adbf9bc7713925

SHA256
7a2927981ae128fa88df384c1d5328cd4b4d084e06865d8de6a3a8b67a60ae09

SHA512
4a860b82c6e1201560faec1c498d4df3660290c518efc7d6ba397d83e9a8f6654f595ac268c89e49d981ad072ddcbcb719308004188bc3803a4c502621af9bac

Download Submit
C:\Windows\system\mCHZCeo.exe

Filesize
6.0MB

MD5
289db24fce1100378d252f60afbf3431

SHA1
65bcd302540a479096b6db60c9eb9f4ac4c880a1

SHA256
3b0af22aefcbd87b2ce085f2ed5f5968cedda9961d418cef383a698256a7d498

SHA512
0d6c260a7463f9dc194f40b5778d7471e2ebd6c6d50d2614340c52768eb1ab4cd71dac25c204bce9d005817fe5e24750e49f416fb98d51114a7c7ac622a685d9

Download Submit
C:\Windows\system\pesfukQ.exe

Filesize
6.0MB

MD5
62def517fd8faffc40823edca8bb103d

SHA1
6eda032b6bb0081c6937f32ca6a2a96758fbf6f7

SHA256
b67a986bd972eb550e488ef765b654df205e439824c18c180142176114c3f942

SHA512
39015b3b98866bef42905a114d9a07f725feeee4a05b4df6d2dd2ef3d34cc6e315c0fd1aef0367edc498da476e1b07e78e85673d3ca336815432eb0bf5f445d4

Download Submit
C:\Windows\system\qZwuxYc.exe

Filesize
6.0MB

MD5
f0706bf4441e70c0bc39603d1cd59699

SHA1
accf5bcd3f811a3851f8ed44d66941dd4bfa9d6b

SHA256
8cf738d0c661769f6743fd47fa8bc7e7e653e7e0c03a09de992880f9800a9e37

SHA512
b9f6d575d1151f457d0c1c48e06671efe701dbc03dd58dfce8fdc4dd231dda58dade73547e7102cdbeb3ecf07bdbda7093d4c6310a2ae08f0464d7d7d372b585

Download Submit
C:\Windows\system\rJHIixI.exe

Filesize
6.0MB

MD5
b26cf05fab64ae920804e9c4b82e682e

SHA1
2296a96ffb59e2e1165130a402ff3740f74ca826

SHA256
af9c5abf335ef5c9e0541aebd1853255700b726ac10a99588939bbef8810a000

SHA512
95d1becd123de4483e6fae0b1bf96717ff5cbfdfe834a6eb4ba0b6260af49657d9ba169b4e29ab5b06c257c260b2664b97681c1c125c29cfc70ed07653894cec

Download Submit
C:\Windows\system\sEaFZeX.exe

Filesize
6.0MB

MD5
18c97a5fd2f4eb5335197b36a07c0367

SHA1
82eb45f937f5c20ad8e7e7da7fcc0ef7115340f1

SHA256
a0f1f0abd79e2022c6cf28af89567e86068de88485d4d9e3544e2fa5dd0d6f72

SHA512
1ac0b509bcc3a2932a63d031c422655690a93b788aabcd0a2bb40afc8b991c5871521ab3b0e8bb2c684b61b9bfa850913229b51b092a1c93836bec5fb0b7d430

Download Submit
C:\Windows\system\wALcaxG.exe

Filesize
6.0MB

MD5
5de795cd93abfc0ceebfaa4b27a00d80

SHA1
f04958095f2b040e773de20e426ff11f97d3e9c4

SHA256
89feb5c2f0d1fbfd2b95449a84c3c3081f8fbbcda1c4464d8c08b6a6b756e67b

SHA512
9618b31decd349fc44766e7ee91149a957d9a17140bf26752720fa6c3bb87eab9029c23c15ec3fdbfdf4045441f610a3b9941d17888dcdfbe536370f8fce370a

Download Submit
C:\Windows\system\yFSwLdi.exe

Filesize
6.0MB

MD5
6cd09c1f4fa56a4d0d23174125f4e0ee

SHA1
232db6686fe13a508c44fe1f40aa6294117a00c7

SHA256
5264c333d8100f8960a86faa31a277a99876019614ecd625acf79be6cc8f053c

SHA512
fad896001ce512c8108125f5be405e6e78e2fd621109580f86d5dc3c87cfb409333971240a26bf1cbe5e6a71f5bf3a3e0384df763ae07a77b0acd1d2e39038cb

Download Submit
C:\Windows\system\yTENEzP.exe

Filesize
6.0MB

MD5
d59bb8b07ab434b63fb0acb8ec1d7991

SHA1
f0b48b058fc6978c84766e99ff5d0ae43640e6c9

SHA256
1a00d5b59aa40eebb740de581858cf7942909015bfbd29de9f3ec0af27f01cb1

SHA512
b5dfc671b519c83b969e30a2e8d321c1366c48531631d651236a75bdd0d80a0040689d3c30c25d492cb5a07dfe1bd027bc26aedf9b9433e90c8b365c4337db89

Download Submit
C:\Windows\system\ypxKFiI.exe

Filesize
6.0MB

MD5
16f84d5b57f2d6c21ae843477cbfc1c0

SHA1
a04b07458b37b73916a84b0c83a2ecaf9862f3c8

SHA256
10ca9506695d4b071405b0e66d39da4eff1b9b87086d552c84cb5d29c768d5ee

SHA512
d637838b3b79f869a9f393d5897b89397810fa18a3fe278b296da2ee27e52f6b9fb51d50a35b6a97e6e08c3c03eae64996bea501aed1937e2ab4bfe619ee176b

Download Submit
\Windows\system\YbXEnWf.exe

Filesize
6.0MB

MD5
17280c29e82e31c4f115ee948e61cfaa

SHA1
4361d5b2b02f13c125e62e82b8265ae2305a59b7

SHA256
2f877f5173c383e7b5d5b08af5cbfb770f0956ce5702dfbb60ec6fd2af7cde8b

SHA512
3c966cf24e9620b4883e2689c2430a05fa910361ba82640d60b7dcb4174fa2727b7ea8f1cd402d38d37bfb6b93ed01a6e5ec84218782d593cb4fe67d51c2c311

Download Submit
\Windows\system\cPsTbQJ.exe

Filesize
6.0MB

MD5
eea5fb8e709e9d2e970166dffb69463e

SHA1
a198188216c5f925d0979de2f943bd7a04d353a3

SHA256
d44c296a0d1529afee7dd734aeea39376561530165672d269de7e609cfeabece

SHA512
e507c6fbae6aea3e9cfd729f0a8bf30836016de0d496e35125565541bde7cdb449f3266059d6bdb882d2e47b07877f9b45c97988a1dd3dfb94cd44d0fe122ab0

Download Submit
\Windows\system\fyaVtZp.exe

Filesize
6.0MB

MD5
8f085ded12b9739ad44d379967545a90

SHA1
dc5afe81ce2d7cc2f095725243ecf51bb13138e2

SHA256
b8108d205835743aa398fd0143c9671f70c12dcd994fc629622d48782e8bcf24

SHA512
af3fc1e9f1f5c44a3ac02b00895355101f8a35eded95ae09db8a92e5f5815a807b6619cdde5cdb348a43a40ed66bdcb68b61896f5ac1de43e55d55724af11dd2

Download Submit
\Windows\system\mBtdNOD.exe

Filesize
6.0MB

MD5
7787046fec11a31f9d720ac0498e9e50

SHA1
5bf1ca1b32782c93c0acb445f2017dabfb2b6dfd

SHA256
e8e40d5e4276524a3ac1189b2f090a1d17a0557bcf2332aa40aaddce9f7723f3

SHA512
431783300b2a113a34ec450cff8704b6d040c249c1f072b841aed85fc1116979fcf20cc92034e00e69e299556edfba6fa95f4ba5c0514c9b717ca36c9169caa3

Download Submit
\Windows\system\zQdKMsF.exe

Filesize
6.0MB

MD5
3d686a70c087b797aa6fedad1703cb85

SHA1
4d4ff86955ebc2573cc596fa86f6b11e04f6d576

SHA256
d10c51b3aee02ff05f531f785f2f017a3ca54e21e1cd3256f4c646b08380cf02

SHA512
f809b93b5aa4a8809bdf6b840fb544f322355a5dba95018f6366dca6b2f114df17d02eccb3fed0b964408b31e3e178b09ea78fddd1971ffead601cfd36a8d3e2

Download Submit
memory/376-416-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/376-4012-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/376-78-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/564-72-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/564-4008-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/564-211-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1332-615-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1332-85-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1332-4009-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1784-749-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1784-4013-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1784-100-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-99-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-4010-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-66-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-35-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2104-4004-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2104-71-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2192-510-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-32-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-0-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2192-722-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2192-311-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-12-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-60-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-26-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2192-2281-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2192-68-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-56-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2192-48-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-81-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-75-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-34-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-103-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2192-40-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2192-96-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-95-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-87-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2192-738-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-88-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2524-51-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-4006-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-43-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-11-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-3999-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-24-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2604-4003-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2680-737-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2680-4011-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2680-92-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2712-4005-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2712-44-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2716-28-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2716-63-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4002-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3989-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2748-15-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2748-53-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2924-4007-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2924-91-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2924-58-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download