cobaltstrike | 50bc9e06708d726380784d4b5b37b630701248be80d7299e9a697389cae7964c

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-10-2024 17:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

3ca289918a4f732c9efe32132b320588
SHA1

7930bfcf024c349609dc4ecd1fc62fa6a7d23f76
SHA256

50bc9e06708d726380784d4b5b37b630701248be80d7299e9a697389cae7964c
SHA512

334b54835561ad2e3f61b02ff51c531b90e7395c21bd2bd5996dd51340c62f89957acd6626452e19b6af7650882a8ef660a34df1b528ecfeb083b07d1d9dc151
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUF:T+q56utgpPF8u/7F

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120f9-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000160da-9.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000162e4-18.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016141-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016399-34.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016689-37.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f38-50.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016890-54.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174b4-85.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016b86-65.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-200.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-195.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-180.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-175.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-165.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-160.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-130.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-125.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-120.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174f8-98.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017570-105.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707f-82.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c89-73.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2532-1-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x00080000000120f9-3.dat	xmrig
behavioral1/memory/1192-8-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x00080000000160da-9.dat	xmrig
behavioral1/files/0x00070000000162e4-18.dat	xmrig
behavioral1/files/0x0008000000016141-11.dat	xmrig
behavioral1/memory/1356-17-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2440-36-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2532-35-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x0008000000016399-34.dat	xmrig
behavioral1/memory/2928-30-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2320-28-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016689-37.dat	xmrig
behavioral1/memory/1192-41-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2944-45-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015f38-50.dat	xmrig
behavioral1/memory/1356-47-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2908-53-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016890-54.dat	xmrig
behavioral1/memory/2928-70-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2440-74-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x00060000000174b4-85.dat	xmrig
behavioral1/files/0x0008000000016b86-65.dat	xmrig
behavioral1/memory/1844-84-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/1468-100-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/files/0x00060000000175f1-115.dat	xmrig
behavioral1/files/0x0006000000018fdf-170.dat	xmrig
behavioral1/files/0x000500000001924f-190.dat	xmrig
behavioral1/memory/1844-374-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2532-1036-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/1648-920-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/1468-764-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/1236-559-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2164-218-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x0005000000019274-200.dat	xmrig
behavioral1/files/0x0005000000019261-195.dat	xmrig
behavioral1/files/0x0005000000019237-185.dat	xmrig
behavioral1/files/0x0005000000019203-180.dat	xmrig
behavioral1/files/0x0006000000019056-175.dat	xmrig
behavioral1/files/0x0006000000018d83-165.dat	xmrig
behavioral1/files/0x0006000000018d7b-160.dat	xmrig
behavioral1/files/0x0006000000018be7-155.dat	xmrig
behavioral1/files/0x0005000000018745-150.dat	xmrig
behavioral1/files/0x000500000001871c-145.dat	xmrig
behavioral1/files/0x000500000001870c-140.dat	xmrig
behavioral1/files/0x0005000000018706-135.dat	xmrig
behavioral1/files/0x0005000000018697-130.dat	xmrig
behavioral1/files/0x000d000000018683-125.dat	xmrig
behavioral1/files/0x00060000000175f7-120.dat	xmrig
behavioral1/memory/2532-113-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2532-112-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2652-99-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000174f8-98.dat	xmrig
behavioral1/memory/1648-107-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2660-106-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/files/0x0006000000017570-105.dat	xmrig
behavioral1/files/0x000600000001707f-82.dat	xmrig
behavioral1/memory/2660-67-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2320-66-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/1236-89-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2164-75-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c89-73.dat	xmrig
behavioral1/memory/2532-71-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2652-59-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1192	qnVMout.exe
1356	FQgVbCE.exe
2320	MYStBXc.exe
2928	EviEQjK.exe
2440	VCZXVdT.exe
2944	syOVSxD.exe
2908	FecGwNR.exe
2652	zgiLOaT.exe
2660	XuFwXdW.exe
2164	nGfGCwT.exe
1844	qHdvTVQ.exe
1236	xZJjEWO.exe
1468	EvEhSuI.exe
1648	wYYEkqZ.exe
1248	fKcHaof.exe
1916	tLLNguH.exe
2004	AVbIDHh.exe
2772	ruJEnLx.exe
2360	rFjveiR.exe
1904	IMGMsWl.exe
1752	xVPUjtU.exe
2084	BXbwYHx.exe
476	fFGPiZB.exe
868	bzGUkma.exe
624	ieyiQiU.exe
576	gotXPHc.exe
1600	RugCCia.exe
888	FLXszuO.exe
1140	nPYOHUM.exe
1684	YgTAvpI.exe
1948	OoVInAN.exe
1380	JyKFDrP.exe
1736	YtuxMHq.exe
900	YgPfhST.exe
2108	YRKyXPv.exe
1508	VJyUZkN.exe
1660	poMoAxk.exe
2376	ykUbEbn.exe
740	hWRMbjF.exe
1092	WuzaVVy.exe
3040	GfpTMhb.exe
2900	YZNuwZo.exe
2264	wRGtlHV.exe
2504	PzuWtKU.exe
2016	ibtQRda.exe
1040	YMGHWja.exe
344	WPtPEzd.exe
292	PVqxTLv.exe
2420	DmNFPyN.exe
2676	zovTasQ.exe
1908	teCDmEz.exe
1564	vdEpFCF.exe
1680	LYCqglT.exe
1708	XHJdbPg.exe
2476	BMNJkJG.exe
2952	zKqrgSx.exe
2712	bkeDzqX.exe
2640	iPLSboK.exe
1784	MIgnVbl.exe
1472	IZRthPr.exe
984	BFLmngf.exe
3016	HPozgcq.exe
1928	ZMXgqNV.exe
2012	FllRQNt.exe

Loads dropped DLL 64 IoCs

pid	Process
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2532-1-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x00080000000120f9-3.dat	upx
behavioral1/memory/1192-8-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x00080000000160da-9.dat	upx
behavioral1/files/0x00070000000162e4-18.dat	upx
behavioral1/files/0x0008000000016141-11.dat	upx
behavioral1/memory/1356-17-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2440-36-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2532-35-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x0008000000016399-34.dat	upx
behavioral1/memory/2928-30-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2320-28-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x0007000000016689-37.dat	upx
behavioral1/memory/1192-41-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2944-45-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/files/0x0008000000015f38-50.dat	upx
behavioral1/memory/1356-47-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2908-53-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x0007000000016890-54.dat	upx
behavioral1/memory/2928-70-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2440-74-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x00060000000174b4-85.dat	upx
behavioral1/files/0x0008000000016b86-65.dat	upx
behavioral1/memory/1844-84-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/1468-100-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/files/0x00060000000175f1-115.dat	upx
behavioral1/files/0x0006000000018fdf-170.dat	upx
behavioral1/files/0x000500000001924f-190.dat	upx
behavioral1/memory/1844-374-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/1648-920-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/1468-764-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/1236-559-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2164-218-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x0005000000019274-200.dat	upx
behavioral1/files/0x0005000000019261-195.dat	upx
behavioral1/files/0x0005000000019237-185.dat	upx
behavioral1/files/0x0005000000019203-180.dat	upx
behavioral1/files/0x0006000000019056-175.dat	upx
behavioral1/files/0x0006000000018d83-165.dat	upx
behavioral1/files/0x0006000000018d7b-160.dat	upx
behavioral1/files/0x0006000000018be7-155.dat	upx
behavioral1/files/0x0005000000018745-150.dat	upx
behavioral1/files/0x000500000001871c-145.dat	upx
behavioral1/files/0x000500000001870c-140.dat	upx
behavioral1/files/0x0005000000018706-135.dat	upx
behavioral1/files/0x0005000000018697-130.dat	upx
behavioral1/files/0x000d000000018683-125.dat	upx
behavioral1/files/0x00060000000175f7-120.dat	upx
behavioral1/memory/2652-99-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x00060000000174f8-98.dat	upx
behavioral1/memory/1648-107-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2660-106-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/files/0x0006000000017570-105.dat	upx
behavioral1/files/0x000600000001707f-82.dat	upx
behavioral1/memory/2660-67-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2320-66-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/1236-89-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2164-75-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x0008000000016c89-73.dat	upx
behavioral1/memory/2652-59-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/1356-3953-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2928-3961-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2320-3965-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/1192-3996-0x000000013FE20000-0x0000000140174000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ACtKAIx.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\imEBhpz.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLzefGi.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ovtywcj.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VHbduPh.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VimZTED.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\snmOMcm.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYObNbZ.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VJyUZkN.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hUEnFWq.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWCyTLH.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\igBOZaB.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eVuNWCr.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sgNyJcJ.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WbqLNwA.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aliNKbT.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLfBXvo.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\poMoAxk.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tpWuKdp.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXgtoHv.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SpYsMCt.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mMOtBzn.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdKrAPs.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YGynggg.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OCqfYfg.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vvofjQb.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MQZiwaD.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xTndwis.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DkwpXTQ.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DfalAmy.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XqQveQj.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xTKcafM.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SzlLQpx.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HeMKuSU.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\piooJHs.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BbWolvk.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tUGIdXx.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbihHxd.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\stIxjvm.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qhZkNgs.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HgrGTSQ.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXBAFPd.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aAqYALt.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zUbizDN.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BhfhxCH.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GrEcqaA.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jZdGXBf.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HDJSgyz.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CKYrYSY.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWvVnCC.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\diQuYfq.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZeXEgxR.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xelHcAv.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wjoJavM.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vNqCQwO.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RwhReug.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BQEpQiU.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XEKNhXn.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kNUVXSN.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tdszkXK.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wtnTODQ.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\asjoJfL.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVpzaFY.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ienYXHD.exe	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 1192	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2532 wrote to memory of 1192	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2532 wrote to memory of 1192	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2532 wrote to memory of 1356	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2532 wrote to memory of 1356	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2532 wrote to memory of 1356	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2532 wrote to memory of 2928	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2532 wrote to memory of 2928	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2532 wrote to memory of 2928	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2532 wrote to memory of 2320	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2532 wrote to memory of 2320	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2532 wrote to memory of 2320	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2532 wrote to memory of 2440	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2532 wrote to memory of 2440	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2532 wrote to memory of 2440	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2532 wrote to memory of 2944	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2532 wrote to memory of 2944	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2532 wrote to memory of 2944	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2532 wrote to memory of 2908	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2532 wrote to memory of 2908	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2532 wrote to memory of 2908	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2532 wrote to memory of 2652	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2532 wrote to memory of 2652	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2532 wrote to memory of 2652	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2532 wrote to memory of 2660	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2532 wrote to memory of 2660	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2532 wrote to memory of 2660	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2532 wrote to memory of 2164	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2532 wrote to memory of 2164	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2532 wrote to memory of 2164	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2532 wrote to memory of 1844	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2532 wrote to memory of 1844	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2532 wrote to memory of 1844	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2532 wrote to memory of 1236	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2532 wrote to memory of 1236	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2532 wrote to memory of 1236	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2532 wrote to memory of 1468	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2532 wrote to memory of 1468	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2532 wrote to memory of 1468	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2532 wrote to memory of 1648	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2532 wrote to memory of 1648	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2532 wrote to memory of 1648	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2532 wrote to memory of 1248	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2532 wrote to memory of 1248	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2532 wrote to memory of 1248	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2532 wrote to memory of 1916	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2532 wrote to memory of 1916	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2532 wrote to memory of 1916	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2532 wrote to memory of 2004	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2532 wrote to memory of 2004	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2532 wrote to memory of 2004	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2532 wrote to memory of 2772	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2532 wrote to memory of 2772	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2532 wrote to memory of 2772	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2532 wrote to memory of 2360	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2532 wrote to memory of 2360	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2532 wrote to memory of 2360	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2532 wrote to memory of 1904	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2532 wrote to memory of 1904	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2532 wrote to memory of 1904	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2532 wrote to memory of 1752	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2532 wrote to memory of 1752	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2532 wrote to memory of 1752	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2532 wrote to memory of 2084	2532	2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-05_3ca289918a4f732c9efe32132b320588_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\System\qnVMout.exe
  C:\Windows\System\qnVMout.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\FQgVbCE.exe
  C:\Windows\System\FQgVbCE.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\EviEQjK.exe
  C:\Windows\System\EviEQjK.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\MYStBXc.exe
  C:\Windows\System\MYStBXc.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\VCZXVdT.exe
  C:\Windows\System\VCZXVdT.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\syOVSxD.exe
  C:\Windows\System\syOVSxD.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\FecGwNR.exe
  C:\Windows\System\FecGwNR.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\zgiLOaT.exe
  C:\Windows\System\zgiLOaT.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\XuFwXdW.exe
  C:\Windows\System\XuFwXdW.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\nGfGCwT.exe
  C:\Windows\System\nGfGCwT.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\qHdvTVQ.exe
  C:\Windows\System\qHdvTVQ.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\xZJjEWO.exe
  C:\Windows\System\xZJjEWO.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\EvEhSuI.exe
  C:\Windows\System\EvEhSuI.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\wYYEkqZ.exe
  C:\Windows\System\wYYEkqZ.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\fKcHaof.exe
  C:\Windows\System\fKcHaof.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\tLLNguH.exe
  C:\Windows\System\tLLNguH.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\AVbIDHh.exe
  C:\Windows\System\AVbIDHh.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\ruJEnLx.exe
  C:\Windows\System\ruJEnLx.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\rFjveiR.exe
  C:\Windows\System\rFjveiR.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\IMGMsWl.exe
  C:\Windows\System\IMGMsWl.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\xVPUjtU.exe
  C:\Windows\System\xVPUjtU.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\BXbwYHx.exe
  C:\Windows\System\BXbwYHx.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\fFGPiZB.exe
  C:\Windows\System\fFGPiZB.exe
  2⤵
  - Executes dropped EXE
  PID:476
- C:\Windows\System\bzGUkma.exe
  C:\Windows\System\bzGUkma.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\ieyiQiU.exe
  C:\Windows\System\ieyiQiU.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\gotXPHc.exe
  C:\Windows\System\gotXPHc.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\RugCCia.exe
  C:\Windows\System\RugCCia.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\FLXszuO.exe
  C:\Windows\System\FLXszuO.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\nPYOHUM.exe
  C:\Windows\System\nPYOHUM.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\YgTAvpI.exe
  C:\Windows\System\YgTAvpI.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\OoVInAN.exe
  C:\Windows\System\OoVInAN.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\JyKFDrP.exe
  C:\Windows\System\JyKFDrP.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\YtuxMHq.exe
  C:\Windows\System\YtuxMHq.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\YgPfhST.exe
  C:\Windows\System\YgPfhST.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\YRKyXPv.exe
  C:\Windows\System\YRKyXPv.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\VJyUZkN.exe
  C:\Windows\System\VJyUZkN.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\poMoAxk.exe
  C:\Windows\System\poMoAxk.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\ykUbEbn.exe
  C:\Windows\System\ykUbEbn.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\hWRMbjF.exe
  C:\Windows\System\hWRMbjF.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\WuzaVVy.exe
  C:\Windows\System\WuzaVVy.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\GfpTMhb.exe
  C:\Windows\System\GfpTMhb.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\YZNuwZo.exe
  C:\Windows\System\YZNuwZo.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\wRGtlHV.exe
  C:\Windows\System\wRGtlHV.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\PzuWtKU.exe
  C:\Windows\System\PzuWtKU.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\ibtQRda.exe
  C:\Windows\System\ibtQRda.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\YMGHWja.exe
  C:\Windows\System\YMGHWja.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\WPtPEzd.exe
  C:\Windows\System\WPtPEzd.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\PVqxTLv.exe
  C:\Windows\System\PVqxTLv.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\DmNFPyN.exe
  C:\Windows\System\DmNFPyN.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\zovTasQ.exe
  C:\Windows\System\zovTasQ.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\teCDmEz.exe
  C:\Windows\System\teCDmEz.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\vdEpFCF.exe
  C:\Windows\System\vdEpFCF.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\LYCqglT.exe
  C:\Windows\System\LYCqglT.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\XHJdbPg.exe
  C:\Windows\System\XHJdbPg.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\BMNJkJG.exe
  C:\Windows\System\BMNJkJG.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\zKqrgSx.exe
  C:\Windows\System\zKqrgSx.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\bkeDzqX.exe
  C:\Windows\System\bkeDzqX.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\iPLSboK.exe
  C:\Windows\System\iPLSboK.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\MIgnVbl.exe
  C:\Windows\System\MIgnVbl.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\IZRthPr.exe
  C:\Windows\System\IZRthPr.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\BFLmngf.exe
  C:\Windows\System\BFLmngf.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\HPozgcq.exe
  C:\Windows\System\HPozgcq.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\ZMXgqNV.exe
  C:\Windows\System\ZMXgqNV.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\FllRQNt.exe
  C:\Windows\System\FllRQNt.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\shVgGAJ.exe
  C:\Windows\System\shVgGAJ.exe
  2⤵
  PID:1428
- C:\Windows\System\CMkgyOL.exe
  C:\Windows\System\CMkgyOL.exe
  2⤵
  PID:1512
- C:\Windows\System\rHbnHWW.exe
  C:\Windows\System\rHbnHWW.exe
  2⤵
  PID:2284
- C:\Windows\System\TJsdPOU.exe
  C:\Windows\System\TJsdPOU.exe
  2⤵
  PID:2576
- C:\Windows\System\KdoLgKW.exe
  C:\Windows\System\KdoLgKW.exe
  2⤵
  PID:2964
- C:\Windows\System\JwveNmJ.exe
  C:\Windows\System\JwveNmJ.exe
  2⤵
  PID:2116
- C:\Windows\System\pPCBDxe.exe
  C:\Windows\System\pPCBDxe.exe
  2⤵
  PID:2252
- C:\Windows\System\OOvZlSM.exe
  C:\Windows\System\OOvZlSM.exe
  2⤵
  PID:1080
- C:\Windows\System\lPHLJeX.exe
  C:\Windows\System\lPHLJeX.exe
  2⤵
  PID:944
- C:\Windows\System\ItHFWZh.exe
  C:\Windows\System\ItHFWZh.exe
  2⤵
  PID:2972
- C:\Windows\System\LWLdtSL.exe
  C:\Windows\System\LWLdtSL.exe
  2⤵
  PID:1520
- C:\Windows\System\CdrFvbD.exe
  C:\Windows\System\CdrFvbD.exe
  2⤵
  PID:1576
- C:\Windows\System\mrMbLDD.exe
  C:\Windows\System\mrMbLDD.exe
  2⤵
  PID:2460
- C:\Windows\System\AIemnRS.exe
  C:\Windows\System\AIemnRS.exe
  2⤵
  PID:2396
- C:\Windows\System\dlCaPMO.exe
  C:\Windows\System\dlCaPMO.exe
  2⤵
  PID:2384
- C:\Windows\System\cUkYGtD.exe
  C:\Windows\System\cUkYGtD.exe
  2⤵
  PID:556
- C:\Windows\System\BWdVUnJ.exe
  C:\Windows\System\BWdVUnJ.exe
  2⤵
  PID:2980
- C:\Windows\System\gtgbNPn.exe
  C:\Windows\System\gtgbNPn.exe
  2⤵
  PID:1056
- C:\Windows\System\nhoUbMq.exe
  C:\Windows\System\nhoUbMq.exe
  2⤵
  PID:1036
- C:\Windows\System\NHdsvhG.exe
  C:\Windows\System\NHdsvhG.exe
  2⤵
  PID:2992
- C:\Windows\System\hUEnFWq.exe
  C:\Windows\System\hUEnFWq.exe
  2⤵
  PID:2176
- C:\Windows\System\pQGCrGO.exe
  C:\Windows\System\pQGCrGO.exe
  2⤵
  PID:2188
- C:\Windows\System\PPjoCfu.exe
  C:\Windows\System\PPjoCfu.exe
  2⤵
  PID:2372
- C:\Windows\System\imzWnaP.exe
  C:\Windows\System\imzWnaP.exe
  2⤵
  PID:2628
- C:\Windows\System\EQTrryQ.exe
  C:\Windows\System\EQTrryQ.exe
  2⤵
  PID:2940
- C:\Windows\System\OiFnwqe.exe
  C:\Windows\System\OiFnwqe.exe
  2⤵
  PID:3036
- C:\Windows\System\uXCdsMW.exe
  C:\Windows\System\uXCdsMW.exe
  2⤵
  PID:2040
- C:\Windows\System\SDwsqCD.exe
  C:\Windows\System\SDwsqCD.exe
  2⤵
  PID:1692
- C:\Windows\System\QpCksGe.exe
  C:\Windows\System\QpCksGe.exe
  2⤵
  PID:2724
- C:\Windows\System\jYcVeLZ.exe
  C:\Windows\System\jYcVeLZ.exe
  2⤵
  PID:2220
- C:\Windows\System\PvFJMSz.exe
  C:\Windows\System\PvFJMSz.exe
  2⤵
  PID:1112
- C:\Windows\System\zQBMIiE.exe
  C:\Windows\System\zQBMIiE.exe
  2⤵
  PID:1300
- C:\Windows\System\CXdjDqy.exe
  C:\Windows\System\CXdjDqy.exe
  2⤵
  PID:604
- C:\Windows\System\eaCJysu.exe
  C:\Windows\System\eaCJysu.exe
  2⤵
  PID:656
- C:\Windows\System\AXKqzRv.exe
  C:\Windows\System\AXKqzRv.exe
  2⤵
  PID:1804
- C:\Windows\System\wfbNDkw.exe
  C:\Windows\System\wfbNDkw.exe
  2⤵
  PID:340
- C:\Windows\System\kqQcjmO.exe
  C:\Windows\System\kqQcjmO.exe
  2⤵
  PID:2268
- C:\Windows\System\aKftVmI.exe
  C:\Windows\System\aKftVmI.exe
  2⤵
  PID:1712
- C:\Windows\System\OWjFpGI.exe
  C:\Windows\System\OWjFpGI.exe
  2⤵
  PID:3008
- C:\Windows\System\yMkGxcX.exe
  C:\Windows\System\yMkGxcX.exe
  2⤵
  PID:2680
- C:\Windows\System\ujjsmVZ.exe
  C:\Windows\System\ujjsmVZ.exe
  2⤵
  PID:1568
- C:\Windows\System\onfpbbg.exe
  C:\Windows\System\onfpbbg.exe
  2⤵
  PID:2700
- C:\Windows\System\fjWvyQX.exe
  C:\Windows\System\fjWvyQX.exe
  2⤵
  PID:2792
- C:\Windows\System\GtIPrrP.exe
  C:\Windows\System\GtIPrrP.exe
  2⤵
  PID:2776
- C:\Windows\System\EIYogpt.exe
  C:\Windows\System\EIYogpt.exe
  2⤵
  PID:828
- C:\Windows\System\iPYszpE.exe
  C:\Windows\System\iPYszpE.exe
  2⤵
  PID:1060
- C:\Windows\System\knJnTEr.exe
  C:\Windows\System\knJnTEr.exe
  2⤵
  PID:532
- C:\Windows\System\tGwEyPZ.exe
  C:\Windows\System\tGwEyPZ.exe
  2⤵
  PID:2556
- C:\Windows\System\wUJkBvo.exe
  C:\Windows\System\wUJkBvo.exe
  2⤵
  PID:1616
- C:\Windows\System\MsRVGTq.exe
  C:\Windows\System\MsRVGTq.exe
  2⤵
  PID:3084
- C:\Windows\System\SYWKdZs.exe
  C:\Windows\System\SYWKdZs.exe
  2⤵
  PID:3104
- C:\Windows\System\LwZRdLN.exe
  C:\Windows\System\LwZRdLN.exe
  2⤵
  PID:3124
- C:\Windows\System\hfoonKL.exe
  C:\Windows\System\hfoonKL.exe
  2⤵
  PID:3144
- C:\Windows\System\SFXVbEM.exe
  C:\Windows\System\SFXVbEM.exe
  2⤵
  PID:3164
- C:\Windows\System\fZrNzOc.exe
  C:\Windows\System\fZrNzOc.exe
  2⤵
  PID:3184
- C:\Windows\System\LvVcAFe.exe
  C:\Windows\System\LvVcAFe.exe
  2⤵
  PID:3204
- C:\Windows\System\zlwDZVF.exe
  C:\Windows\System\zlwDZVF.exe
  2⤵
  PID:3224
- C:\Windows\System\bZUbfXS.exe
  C:\Windows\System\bZUbfXS.exe
  2⤵
  PID:3244
- C:\Windows\System\Ydfmjmz.exe
  C:\Windows\System\Ydfmjmz.exe
  2⤵
  PID:3264
- C:\Windows\System\XUONnze.exe
  C:\Windows\System\XUONnze.exe
  2⤵
  PID:3280
- C:\Windows\System\TUleukJ.exe
  C:\Windows\System\TUleukJ.exe
  2⤵
  PID:3304
- C:\Windows\System\VqVaGps.exe
  C:\Windows\System\VqVaGps.exe
  2⤵
  PID:3324
- C:\Windows\System\yLxWgki.exe
  C:\Windows\System\yLxWgki.exe
  2⤵
  PID:3344
- C:\Windows\System\avWUysB.exe
  C:\Windows\System\avWUysB.exe
  2⤵
  PID:3364
- C:\Windows\System\yYSqaBM.exe
  C:\Windows\System\yYSqaBM.exe
  2⤵
  PID:3384
- C:\Windows\System\BoGMgKL.exe
  C:\Windows\System\BoGMgKL.exe
  2⤵
  PID:3404
- C:\Windows\System\bTOtqvj.exe
  C:\Windows\System\bTOtqvj.exe
  2⤵
  PID:3424
- C:\Windows\System\fzbbasX.exe
  C:\Windows\System\fzbbasX.exe
  2⤵
  PID:3444
- C:\Windows\System\AitTkMK.exe
  C:\Windows\System\AitTkMK.exe
  2⤵
  PID:3464
- C:\Windows\System\RuJMKux.exe
  C:\Windows\System\RuJMKux.exe
  2⤵
  PID:3484
- C:\Windows\System\EeBBQDW.exe
  C:\Windows\System\EeBBQDW.exe
  2⤵
  PID:3504
- C:\Windows\System\XykULPC.exe
  C:\Windows\System\XykULPC.exe
  2⤵
  PID:3524
- C:\Windows\System\fyWACCy.exe
  C:\Windows\System\fyWACCy.exe
  2⤵
  PID:3544
- C:\Windows\System\XHNRhUS.exe
  C:\Windows\System\XHNRhUS.exe
  2⤵
  PID:3560
- C:\Windows\System\xgYmlQk.exe
  C:\Windows\System\xgYmlQk.exe
  2⤵
  PID:3584
- C:\Windows\System\repFUXA.exe
  C:\Windows\System\repFUXA.exe
  2⤵
  PID:3600
- C:\Windows\System\xCmBLii.exe
  C:\Windows\System\xCmBLii.exe
  2⤵
  PID:3624
- C:\Windows\System\HJAbLbZ.exe
  C:\Windows\System\HJAbLbZ.exe
  2⤵
  PID:3640
- C:\Windows\System\rxMXTzY.exe
  C:\Windows\System\rxMXTzY.exe
  2⤵
  PID:3664
- C:\Windows\System\lRIENOT.exe
  C:\Windows\System\lRIENOT.exe
  2⤵
  PID:3684
- C:\Windows\System\ihYZXWS.exe
  C:\Windows\System\ihYZXWS.exe
  2⤵
  PID:3704
- C:\Windows\System\GWFzjsy.exe
  C:\Windows\System\GWFzjsy.exe
  2⤵
  PID:3724
- C:\Windows\System\JlARkrb.exe
  C:\Windows\System\JlARkrb.exe
  2⤵
  PID:3744
- C:\Windows\System\RqMZLzR.exe
  C:\Windows\System\RqMZLzR.exe
  2⤵
  PID:3764
- C:\Windows\System\trTWAHc.exe
  C:\Windows\System\trTWAHc.exe
  2⤵
  PID:3784
- C:\Windows\System\MmGOnkt.exe
  C:\Windows\System\MmGOnkt.exe
  2⤵
  PID:3804
- C:\Windows\System\mCZTvox.exe
  C:\Windows\System\mCZTvox.exe
  2⤵
  PID:3828
- C:\Windows\System\GsCExvY.exe
  C:\Windows\System\GsCExvY.exe
  2⤵
  PID:3848
- C:\Windows\System\Ovtywcj.exe
  C:\Windows\System\Ovtywcj.exe
  2⤵
  PID:3868
- C:\Windows\System\dvXQPOE.exe
  C:\Windows\System\dvXQPOE.exe
  2⤵
  PID:3888
- C:\Windows\System\pQzPGwj.exe
  C:\Windows\System\pQzPGwj.exe
  2⤵
  PID:3908
- C:\Windows\System\PQWPoNT.exe
  C:\Windows\System\PQWPoNT.exe
  2⤵
  PID:3928
- C:\Windows\System\fFDKJcc.exe
  C:\Windows\System\fFDKJcc.exe
  2⤵
  PID:3948
- C:\Windows\System\fCOQDkY.exe
  C:\Windows\System\fCOQDkY.exe
  2⤵
  PID:3968
- C:\Windows\System\HWiDGmc.exe
  C:\Windows\System\HWiDGmc.exe
  2⤵
  PID:3988
- C:\Windows\System\eVPOlpe.exe
  C:\Windows\System\eVPOlpe.exe
  2⤵
  PID:4004
- C:\Windows\System\THIeIpo.exe
  C:\Windows\System\THIeIpo.exe
  2⤵
  PID:4024
- C:\Windows\System\WHwSucO.exe
  C:\Windows\System\WHwSucO.exe
  2⤵
  PID:4048
- C:\Windows\System\dkIDsgs.exe
  C:\Windows\System\dkIDsgs.exe
  2⤵
  PID:4068
- C:\Windows\System\nhdxTQm.exe
  C:\Windows\System\nhdxTQm.exe
  2⤵
  PID:4088
- C:\Windows\System\ZjnACRs.exe
  C:\Windows\System\ZjnACRs.exe
  2⤵
  PID:2296
- C:\Windows\System\ylTRGUk.exe
  C:\Windows\System\ylTRGUk.exe
  2⤵
  PID:348
- C:\Windows\System\brilcDZ.exe
  C:\Windows\System\brilcDZ.exe
  2⤵
  PID:3060
- C:\Windows\System\kaHnhUm.exe
  C:\Windows\System\kaHnhUm.exe
  2⤵
  PID:2536
- C:\Windows\System\aUiUxMi.exe
  C:\Windows\System\aUiUxMi.exe
  2⤵
  PID:2976
- C:\Windows\System\OJXhaSk.exe
  C:\Windows\System\OJXhaSk.exe
  2⤵
  PID:2896
- C:\Windows\System\ggokjHN.exe
  C:\Windows\System\ggokjHN.exe
  2⤵
  PID:568
- C:\Windows\System\BJCCzbJ.exe
  C:\Windows\System\BJCCzbJ.exe
  2⤵
  PID:1372
- C:\Windows\System\cspoGCE.exe
  C:\Windows\System\cspoGCE.exe
  2⤵
  PID:3092
- C:\Windows\System\XGyLzmV.exe
  C:\Windows\System\XGyLzmV.exe
  2⤵
  PID:3140
- C:\Windows\System\pLqpfEB.exe
  C:\Windows\System\pLqpfEB.exe
  2⤵
  PID:3136
- C:\Windows\System\ZiCAgsv.exe
  C:\Windows\System\ZiCAgsv.exe
  2⤵
  PID:3180
- C:\Windows\System\QbutxwR.exe
  C:\Windows\System\QbutxwR.exe
  2⤵
  PID:3196
- C:\Windows\System\LLReyKd.exe
  C:\Windows\System\LLReyKd.exe
  2⤵
  PID:3252
- C:\Windows\System\ABxFXWC.exe
  C:\Windows\System\ABxFXWC.exe
  2⤵
  PID:3288
- C:\Windows\System\rkKUySI.exe
  C:\Windows\System\rkKUySI.exe
  2⤵
  PID:3332
- C:\Windows\System\xZBbJUI.exe
  C:\Windows\System\xZBbJUI.exe
  2⤵
  PID:3316
- C:\Windows\System\JzBiMXu.exe
  C:\Windows\System\JzBiMXu.exe
  2⤵
  PID:3352
- C:\Windows\System\UWNrLjF.exe
  C:\Windows\System\UWNrLjF.exe
  2⤵
  PID:3416
- C:\Windows\System\UqwsQVo.exe
  C:\Windows\System\UqwsQVo.exe
  2⤵
  PID:3460
- C:\Windows\System\qOqVUjt.exe
  C:\Windows\System\qOqVUjt.exe
  2⤵
  PID:3492
- C:\Windows\System\hlzLKPe.exe
  C:\Windows\System\hlzLKPe.exe
  2⤵
  PID:3476
- C:\Windows\System\tlhhVWS.exe
  C:\Windows\System\tlhhVWS.exe
  2⤵
  PID:3568
- C:\Windows\System\BQAzYBj.exe
  C:\Windows\System\BQAzYBj.exe
  2⤵
  PID:3556
- C:\Windows\System\vGRCcej.exe
  C:\Windows\System\vGRCcej.exe
  2⤵
  PID:3592
- C:\Windows\System\SyvAyeN.exe
  C:\Windows\System\SyvAyeN.exe
  2⤵
  PID:3660
- C:\Windows\System\yroSHmK.exe
  C:\Windows\System\yroSHmK.exe
  2⤵
  PID:3700
- C:\Windows\System\MAAfzVZ.exe
  C:\Windows\System\MAAfzVZ.exe
  2⤵
  PID:3732
- C:\Windows\System\jozKDKa.exe
  C:\Windows\System\jozKDKa.exe
  2⤵
  PID:3752
- C:\Windows\System\JLnIeAD.exe
  C:\Windows\System\JLnIeAD.exe
  2⤵
  PID:3776
- C:\Windows\System\huMwcNg.exe
  C:\Windows\System\huMwcNg.exe
  2⤵
  PID:3800
- C:\Windows\System\huTHDhQ.exe
  C:\Windows\System\huTHDhQ.exe
  2⤵
  PID:3836
- C:\Windows\System\cTqKjsf.exe
  C:\Windows\System\cTqKjsf.exe
  2⤵
  PID:3900
- C:\Windows\System\VGbZdSs.exe
  C:\Windows\System\VGbZdSs.exe
  2⤵
  PID:3944
- C:\Windows\System\zdEoWgV.exe
  C:\Windows\System\zdEoWgV.exe
  2⤵
  PID:3980
- C:\Windows\System\etjapFd.exe
  C:\Windows\System\etjapFd.exe
  2⤵
  PID:3960
- C:\Windows\System\kaNKwBc.exe
  C:\Windows\System\kaNKwBc.exe
  2⤵
  PID:4064
- C:\Windows\System\IhndTkl.exe
  C:\Windows\System\IhndTkl.exe
  2⤵
  PID:4032
- C:\Windows\System\tRUMaQk.exe
  C:\Windows\System\tRUMaQk.exe
  2⤵
  PID:4040
- C:\Windows\System\zAMrnXT.exe
  C:\Windows\System\zAMrnXT.exe
  2⤵
  PID:4084
- C:\Windows\System\KAjnYSF.exe
  C:\Windows\System\KAjnYSF.exe
  2⤵
  PID:1932
- C:\Windows\System\irjpZwX.exe
  C:\Windows\System\irjpZwX.exe
  2⤵
  PID:2604
- C:\Windows\System\ISvmHxJ.exe
  C:\Windows\System\ISvmHxJ.exe
  2⤵
  PID:2120
- C:\Windows\System\UpOIjLT.exe
  C:\Windows\System\UpOIjLT.exe
  2⤵
  PID:2424
- C:\Windows\System\GREvoUb.exe
  C:\Windows\System\GREvoUb.exe
  2⤵
  PID:3116
- C:\Windows\System\tDVftmB.exe
  C:\Windows\System\tDVftmB.exe
  2⤵
  PID:3200
- C:\Windows\System\QLDlAjm.exe
  C:\Windows\System\QLDlAjm.exe
  2⤵
  PID:3240
- C:\Windows\System\EzAhqkD.exe
  C:\Windows\System\EzAhqkD.exe
  2⤵
  PID:3320
- C:\Windows\System\cMZYqOD.exe
  C:\Windows\System\cMZYqOD.exe
  2⤵
  PID:3296
- C:\Windows\System\zZSBdNr.exe
  C:\Windows\System\zZSBdNr.exe
  2⤵
  PID:3372
- C:\Windows\System\NSzRWkj.exe
  C:\Windows\System\NSzRWkj.exe
  2⤵
  PID:3432
- C:\Windows\System\kFjHmWK.exe
  C:\Windows\System\kFjHmWK.exe
  2⤵
  PID:3496
- C:\Windows\System\TzvUmWM.exe
  C:\Windows\System\TzvUmWM.exe
  2⤵
  PID:3480
- C:\Windows\System\WHkdTDy.exe
  C:\Windows\System\WHkdTDy.exe
  2⤵
  PID:3620
- C:\Windows\System\NcmnXYc.exe
  C:\Windows\System\NcmnXYc.exe
  2⤵
  PID:2796
- C:\Windows\System\HHoIrHu.exe
  C:\Windows\System\HHoIrHu.exe
  2⤵
  PID:2752
- C:\Windows\System\zJfcpMb.exe
  C:\Windows\System\zJfcpMb.exe
  2⤵
  PID:2812
- C:\Windows\System\qoYtGQC.exe
  C:\Windows\System\qoYtGQC.exe
  2⤵
  PID:3756
- C:\Windows\System\PCngbCr.exe
  C:\Windows\System\PCngbCr.exe
  2⤵
  PID:3856
- C:\Windows\System\LGzNquh.exe
  C:\Windows\System\LGzNquh.exe
  2⤵
  PID:3884
- C:\Windows\System\goXPaDx.exe
  C:\Windows\System\goXPaDx.exe
  2⤵
  PID:3880
- C:\Windows\System\LLcINAK.exe
  C:\Windows\System\LLcINAK.exe
  2⤵
  PID:3956
- C:\Windows\System\HxeMshW.exe
  C:\Windows\System\HxeMshW.exe
  2⤵
  PID:4000
- C:\Windows\System\OJjCxLj.exe
  C:\Windows\System\OJjCxLj.exe
  2⤵
  PID:4076
- C:\Windows\System\InFTNZz.exe
  C:\Windows\System\InFTNZz.exe
  2⤵
  PID:2236
- C:\Windows\System\yiUbWRq.exe
  C:\Windows\System\yiUbWRq.exe
  2⤵
  PID:1292
- C:\Windows\System\IlSXVkJ.exe
  C:\Windows\System\IlSXVkJ.exe
  2⤵
  PID:1996
- C:\Windows\System\wXyzZoN.exe
  C:\Windows\System\wXyzZoN.exe
  2⤵
  PID:3156
- C:\Windows\System\GqOCunt.exe
  C:\Windows\System\GqOCunt.exe
  2⤵
  PID:3300
- C:\Windows\System\iKlgwCp.exe
  C:\Windows\System\iKlgwCp.exe
  2⤵
  PID:3396
- C:\Windows\System\HFFbPXZ.exe
  C:\Windows\System\HFFbPXZ.exe
  2⤵
  PID:3516
- C:\Windows\System\jpiglat.exe
  C:\Windows\System\jpiglat.exe
  2⤵
  PID:2340
- C:\Windows\System\GEuggos.exe
  C:\Windows\System\GEuggos.exe
  2⤵
  PID:3636
- C:\Windows\System\MHCVELU.exe
  C:\Windows\System\MHCVELU.exe
  2⤵
  PID:2736
- C:\Windows\System\iJXVsAl.exe
  C:\Windows\System\iJXVsAl.exe
  2⤵
  PID:3820
- C:\Windows\System\yJSAtDq.exe
  C:\Windows\System\yJSAtDq.exe
  2⤵
  PID:3936
- C:\Windows\System\MHEkPrg.exe
  C:\Windows\System\MHEkPrg.exe
  2⤵
  PID:3964
- C:\Windows\System\URgQRrl.exe
  C:\Windows\System\URgQRrl.exe
  2⤵
  PID:940
- C:\Windows\System\IJjHxRx.exe
  C:\Windows\System\IJjHxRx.exe
  2⤵
  PID:2492
- C:\Windows\System\edxxtpu.exe
  C:\Windows\System\edxxtpu.exe
  2⤵
  PID:4112
- C:\Windows\System\GCoCmjN.exe
  C:\Windows\System\GCoCmjN.exe
  2⤵
  PID:4132
- C:\Windows\System\cfHODSP.exe
  C:\Windows\System\cfHODSP.exe
  2⤵
  PID:4156
- C:\Windows\System\IZPvkTo.exe
  C:\Windows\System\IZPvkTo.exe
  2⤵
  PID:4176
- C:\Windows\System\DJRBIeC.exe
  C:\Windows\System\DJRBIeC.exe
  2⤵
  PID:4192
- C:\Windows\System\ehoaZwg.exe
  C:\Windows\System\ehoaZwg.exe
  2⤵
  PID:4224
- C:\Windows\System\NNhEadv.exe
  C:\Windows\System\NNhEadv.exe
  2⤵
  PID:4244
- C:\Windows\System\oYZEWvh.exe
  C:\Windows\System\oYZEWvh.exe
  2⤵
  PID:4264
- C:\Windows\System\AZWbuDr.exe
  C:\Windows\System\AZWbuDr.exe
  2⤵
  PID:4280
- C:\Windows\System\YTwuOAC.exe
  C:\Windows\System\YTwuOAC.exe
  2⤵
  PID:4300
- C:\Windows\System\bPRUnxI.exe
  C:\Windows\System\bPRUnxI.exe
  2⤵
  PID:4324
- C:\Windows\System\OczPcfx.exe
  C:\Windows\System\OczPcfx.exe
  2⤵
  PID:4344
- C:\Windows\System\AcKSMGC.exe
  C:\Windows\System\AcKSMGC.exe
  2⤵
  PID:4364
- C:\Windows\System\wOlpjVu.exe
  C:\Windows\System\wOlpjVu.exe
  2⤵
  PID:4384
- C:\Windows\System\HoHwQDX.exe
  C:\Windows\System\HoHwQDX.exe
  2⤵
  PID:4400
- C:\Windows\System\AwpTiAp.exe
  C:\Windows\System\AwpTiAp.exe
  2⤵
  PID:4424
- C:\Windows\System\kmzlZGE.exe
  C:\Windows\System\kmzlZGE.exe
  2⤵
  PID:4444
- C:\Windows\System\NfomGUw.exe
  C:\Windows\System\NfomGUw.exe
  2⤵
  PID:4464
- C:\Windows\System\tzCYFkO.exe
  C:\Windows\System\tzCYFkO.exe
  2⤵
  PID:4480
- C:\Windows\System\iWYFuMS.exe
  C:\Windows\System\iWYFuMS.exe
  2⤵
  PID:4500
- C:\Windows\System\SwMpetp.exe
  C:\Windows\System\SwMpetp.exe
  2⤵
  PID:4516
- C:\Windows\System\mTVjXzQ.exe
  C:\Windows\System\mTVjXzQ.exe
  2⤵
  PID:4536
- C:\Windows\System\mNrsxRM.exe
  C:\Windows\System\mNrsxRM.exe
  2⤵
  PID:4556
- C:\Windows\System\uxeXKka.exe
  C:\Windows\System\uxeXKka.exe
  2⤵
  PID:4576
- C:\Windows\System\DUAczlY.exe
  C:\Windows\System\DUAczlY.exe
  2⤵
  PID:4604
- C:\Windows\System\RhqBIqh.exe
  C:\Windows\System\RhqBIqh.exe
  2⤵
  PID:4624
- C:\Windows\System\JuPSFMc.exe
  C:\Windows\System\JuPSFMc.exe
  2⤵
  PID:4648
- C:\Windows\System\xAzvyCI.exe
  C:\Windows\System\xAzvyCI.exe
  2⤵
  PID:4668
- C:\Windows\System\cPHEIaQ.exe
  C:\Windows\System\cPHEIaQ.exe
  2⤵
  PID:4684
- C:\Windows\System\uhErflm.exe
  C:\Windows\System\uhErflm.exe
  2⤵
  PID:4704
- C:\Windows\System\nerbnRF.exe
  C:\Windows\System\nerbnRF.exe
  2⤵
  PID:4724
- C:\Windows\System\lNgaYoo.exe
  C:\Windows\System\lNgaYoo.exe
  2⤵
  PID:4748
- C:\Windows\System\IcAHRRQ.exe
  C:\Windows\System\IcAHRRQ.exe
  2⤵
  PID:4768
- C:\Windows\System\PZiHHpq.exe
  C:\Windows\System\PZiHHpq.exe
  2⤵
  PID:4788
- C:\Windows\System\JhHtxOz.exe
  C:\Windows\System\JhHtxOz.exe
  2⤵
  PID:4804
- C:\Windows\System\TbGEWbg.exe
  C:\Windows\System\TbGEWbg.exe
  2⤵
  PID:4828
- C:\Windows\System\kSAGEuc.exe
  C:\Windows\System\kSAGEuc.exe
  2⤵
  PID:4848
- C:\Windows\System\ZsyvKnA.exe
  C:\Windows\System\ZsyvKnA.exe
  2⤵
  PID:4868
- C:\Windows\System\JLINyNB.exe
  C:\Windows\System\JLINyNB.exe
  2⤵
  PID:4884
- C:\Windows\System\vfoqMep.exe
  C:\Windows\System\vfoqMep.exe
  2⤵
  PID:4904
- C:\Windows\System\bKXbwRX.exe
  C:\Windows\System\bKXbwRX.exe
  2⤵
  PID:4928
- C:\Windows\System\VApiNhO.exe
  C:\Windows\System\VApiNhO.exe
  2⤵
  PID:4948
- C:\Windows\System\YgTwiPm.exe
  C:\Windows\System\YgTwiPm.exe
  2⤵
  PID:4964
- C:\Windows\System\TkBHwdV.exe
  C:\Windows\System\TkBHwdV.exe
  2⤵
  PID:4988
- C:\Windows\System\mhKgrYY.exe
  C:\Windows\System\mhKgrYY.exe
  2⤵
  PID:5004
- C:\Windows\System\JmITKgZ.exe
  C:\Windows\System\JmITKgZ.exe
  2⤵
  PID:5024
- C:\Windows\System\VHMKldT.exe
  C:\Windows\System\VHMKldT.exe
  2⤵
  PID:5044
- C:\Windows\System\kMatfqI.exe
  C:\Windows\System\kMatfqI.exe
  2⤵
  PID:5068
- C:\Windows\System\MCRNcRm.exe
  C:\Windows\System\MCRNcRm.exe
  2⤵
  PID:5088
- C:\Windows\System\YblvUCf.exe
  C:\Windows\System\YblvUCf.exe
  2⤵
  PID:5108
- C:\Windows\System\VrNXPdL.exe
  C:\Windows\System\VrNXPdL.exe
  2⤵
  PID:3120
- C:\Windows\System\EROWswf.exe
  C:\Windows\System\EROWswf.exe
  2⤵
  PID:3356
- C:\Windows\System\dYjYgSd.exe
  C:\Windows\System\dYjYgSd.exe
  2⤵
  PID:3152
- C:\Windows\System\daSOYcW.exe
  C:\Windows\System\daSOYcW.exe
  2⤵
  PID:3376
- C:\Windows\System\zaTsSLq.exe
  C:\Windows\System\zaTsSLq.exe
  2⤵
  PID:3648
- C:\Windows\System\LdQlbIc.exe
  C:\Windows\System\LdQlbIc.exe
  2⤵
  PID:3840
- C:\Windows\System\JbSjEkI.exe
  C:\Windows\System\JbSjEkI.exe
  2⤵
  PID:3736
- C:\Windows\System\RSwRysx.exe
  C:\Windows\System\RSwRysx.exe
  2⤵
  PID:3772
- C:\Windows\System\NRiwaLv.exe
  C:\Windows\System\NRiwaLv.exe
  2⤵
  PID:3996
- C:\Windows\System\LAtQczz.exe
  C:\Windows\System\LAtQczz.exe
  2⤵
  PID:4128
- C:\Windows\System\hnQEzei.exe
  C:\Windows\System\hnQEzei.exe
  2⤵
  PID:4104
- C:\Windows\System\wMnlqqz.exe
  C:\Windows\System\wMnlqqz.exe
  2⤵
  PID:4148
- C:\Windows\System\WWmGxFV.exe
  C:\Windows\System\WWmGxFV.exe
  2⤵
  PID:4212
- C:\Windows\System\KUEKTVY.exe
  C:\Windows\System\KUEKTVY.exe
  2⤵
  PID:4252
- C:\Windows\System\RXHEqza.exe
  C:\Windows\System\RXHEqza.exe
  2⤵
  PID:4296
- C:\Windows\System\BieRAkf.exe
  C:\Windows\System\BieRAkf.exe
  2⤵
  PID:4320
- C:\Windows\System\WYjjokf.exe
  C:\Windows\System\WYjjokf.exe
  2⤵
  PID:4376
- C:\Windows\System\tlTmAxT.exe
  C:\Windows\System\tlTmAxT.exe
  2⤵
  PID:4420
- C:\Windows\System\MHYiXMZ.exe
  C:\Windows\System\MHYiXMZ.exe
  2⤵
  PID:4452
- C:\Windows\System\IRkQYRl.exe
  C:\Windows\System\IRkQYRl.exe
  2⤵
  PID:4488
- C:\Windows\System\GcatdIt.exe
  C:\Windows\System\GcatdIt.exe
  2⤵
  PID:4524
- C:\Windows\System\xvJPrlN.exe
  C:\Windows\System\xvJPrlN.exe
  2⤵
  PID:4564
- C:\Windows\System\hjGVBsJ.exe
  C:\Windows\System\hjGVBsJ.exe
  2⤵
  PID:4584
- C:\Windows\System\zfdnwAm.exe
  C:\Windows\System\zfdnwAm.exe
  2⤵
  PID:4544
- C:\Windows\System\HxcPeoi.exe
  C:\Windows\System\HxcPeoi.exe
  2⤵
  PID:4616
- C:\Windows\System\BqwHXUK.exe
  C:\Windows\System\BqwHXUK.exe
  2⤵
  PID:4640
- C:\Windows\System\ZjudoBk.exe
  C:\Windows\System\ZjudoBk.exe
  2⤵
  PID:4696
- C:\Windows\System\tZEpDgh.exe
  C:\Windows\System\tZEpDgh.exe
  2⤵
  PID:4740
- C:\Windows\System\eViolPh.exe
  C:\Windows\System\eViolPh.exe
  2⤵
  PID:4720
- C:\Windows\System\xNwGEoM.exe
  C:\Windows\System\xNwGEoM.exe
  2⤵
  PID:4764
- C:\Windows\System\qMYaVFz.exe
  C:\Windows\System\qMYaVFz.exe
  2⤵
  PID:4824
- C:\Windows\System\xKeGIum.exe
  C:\Windows\System\xKeGIum.exe
  2⤵
  PID:4860
- C:\Windows\System\ghtuvSC.exe
  C:\Windows\System\ghtuvSC.exe
  2⤵
  PID:4836
- C:\Windows\System\ogYMAIi.exe
  C:\Windows\System\ogYMAIi.exe
  2⤵
  PID:4916
- C:\Windows\System\EysULBh.exe
  C:\Windows\System\EysULBh.exe
  2⤵
  PID:4940
- C:\Windows\System\vBpLIUf.exe
  C:\Windows\System\vBpLIUf.exe
  2⤵
  PID:2840
- C:\Windows\System\OhFovPf.exe
  C:\Windows\System\OhFovPf.exe
  2⤵
  PID:3068
- C:\Windows\System\dsHtudg.exe
  C:\Windows\System\dsHtudg.exe
  2⤵
  PID:5016
- C:\Windows\System\rcIShTw.exe
  C:\Windows\System\rcIShTw.exe
  2⤵
  PID:5060
- C:\Windows\System\FxIjrgm.exe
  C:\Windows\System\FxIjrgm.exe
  2⤵
  PID:5032
- C:\Windows\System\zfXpzfQ.exe
  C:\Windows\System\zfXpzfQ.exe
  2⤵
  PID:3076
- C:\Windows\System\pADbGqe.exe
  C:\Windows\System\pADbGqe.exe
  2⤵
  PID:5084
- C:\Windows\System\ipnwJqy.exe
  C:\Windows\System\ipnwJqy.exe
  2⤵
  PID:3712
- C:\Windows\System\WPpZDBb.exe
  C:\Windows\System\WPpZDBb.exe
  2⤵
  PID:3896
- C:\Windows\System\hNJrIFB.exe
  C:\Windows\System\hNJrIFB.exe
  2⤵
  PID:1760
- C:\Windows\System\HqknrzY.exe
  C:\Windows\System\HqknrzY.exe
  2⤵
  PID:4144
- C:\Windows\System\Hvuzfob.exe
  C:\Windows\System\Hvuzfob.exe
  2⤵
  PID:3656
- C:\Windows\System\phVSEaC.exe
  C:\Windows\System\phVSEaC.exe
  2⤵
  PID:2224
- C:\Windows\System\HmtAuty.exe
  C:\Windows\System\HmtAuty.exe
  2⤵
  PID:4308
- C:\Windows\System\FJCxoCE.exe
  C:\Windows\System\FJCxoCE.exe
  2⤵
  PID:4108
- C:\Windows\System\hBXhBmP.exe
  C:\Windows\System\hBXhBmP.exe
  2⤵
  PID:4288
- C:\Windows\System\ByWtTiz.exe
  C:\Windows\System\ByWtTiz.exe
  2⤵
  PID:4200
- C:\Windows\System\dRyiNYd.exe
  C:\Windows\System\dRyiNYd.exe
  2⤵
  PID:4372
- C:\Windows\System\OhctpQo.exe
  C:\Windows\System\OhctpQo.exe
  2⤵
  PID:4392
- C:\Windows\System\nTuEaVb.exe
  C:\Windows\System\nTuEaVb.exe
  2⤵
  PID:2540
- C:\Windows\System\sKpAAAa.exe
  C:\Windows\System\sKpAAAa.exe
  2⤵
  PID:4568
- C:\Windows\System\DgOlghJ.exe
  C:\Windows\System\DgOlghJ.exe
  2⤵
  PID:4552
- C:\Windows\System\qrrQYXl.exe
  C:\Windows\System\qrrQYXl.exe
  2⤵
  PID:4660
- C:\Windows\System\GkbTnIs.exe
  C:\Windows\System\GkbTnIs.exe
  2⤵
  PID:4592
- C:\Windows\System\ydFMPYz.exe
  C:\Windows\System\ydFMPYz.exe
  2⤵
  PID:4776
- C:\Windows\System\ORdNooR.exe
  C:\Windows\System\ORdNooR.exe
  2⤵
  PID:4716
- C:\Windows\System\uvcWbVm.exe
  C:\Windows\System\uvcWbVm.exe
  2⤵
  PID:4816
- C:\Windows\System\ioFLoCc.exe
  C:\Windows\System\ioFLoCc.exe
  2⤵
  PID:2716
- C:\Windows\System\CtYUKYH.exe
  C:\Windows\System\CtYUKYH.exe
  2⤵
  PID:4896
- C:\Windows\System\wObZWsT.exe
  C:\Windows\System\wObZWsT.exe
  2⤵
  PID:4920
- C:\Windows\System\EZTABzU.exe
  C:\Windows\System\EZTABzU.exe
  2⤵
  PID:4956
- C:\Windows\System\AbihHxd.exe
  C:\Windows\System\AbihHxd.exe
  2⤵
  PID:5064
- C:\Windows\System\fiTQYxr.exe
  C:\Windows\System\fiTQYxr.exe
  2⤵
  PID:5040
- C:\Windows\System\hBOQsmM.exe
  C:\Windows\System\hBOQsmM.exe
  2⤵
  PID:5076
- C:\Windows\System\RkCHyup.exe
  C:\Windows\System\RkCHyup.exe
  2⤵
  PID:2080
- C:\Windows\System\qWqtMSy.exe
  C:\Windows\System\qWqtMSy.exe
  2⤵
  PID:3044
- C:\Windows\System\uQeJjcy.exe
  C:\Windows\System\uQeJjcy.exe
  2⤵
  PID:2704
- C:\Windows\System\BIumaCj.exe
  C:\Windows\System\BIumaCj.exe
  2⤵
  PID:3920
- C:\Windows\System\ToEUtgI.exe
  C:\Windows\System\ToEUtgI.exe
  2⤵
  PID:4240
- C:\Windows\System\GdNMwGi.exe
  C:\Windows\System\GdNMwGi.exe
  2⤵
  PID:4204
- C:\Windows\System\HjSATck.exe
  C:\Windows\System\HjSATck.exe
  2⤵
  PID:4456
- C:\Windows\System\ZXvtgca.exe
  C:\Windows\System\ZXvtgca.exe
  2⤵
  PID:1700
- C:\Windows\System\xTndwis.exe
  C:\Windows\System\xTndwis.exe
  2⤵
  PID:4476
- C:\Windows\System\AnfRMos.exe
  C:\Windows\System\AnfRMos.exe
  2⤵
  PID:4548
- C:\Windows\System\NhuUNhJ.exe
  C:\Windows\System\NhuUNhJ.exe
  2⤵
  PID:4692
- C:\Windows\System\INTfORB.exe
  C:\Windows\System\INTfORB.exe
  2⤵
  PID:4812
- C:\Windows\System\UVDKEvb.exe
  C:\Windows\System\UVDKEvb.exe
  2⤵
  PID:4840
- C:\Windows\System\CgOzlkM.exe
  C:\Windows\System\CgOzlkM.exe
  2⤵
  PID:4912
- C:\Windows\System\vdAhsch.exe
  C:\Windows\System\vdAhsch.exe
  2⤵
  PID:4976
- C:\Windows\System\RWCyTLH.exe
  C:\Windows\System\RWCyTLH.exe
  2⤵
  PID:1772
- C:\Windows\System\LgGjHYe.exe
  C:\Windows\System\LgGjHYe.exe
  2⤵
  PID:1676
- C:\Windows\System\zaBhykT.exe
  C:\Windows\System\zaBhykT.exe
  2⤵
  PID:3720
- C:\Windows\System\LvtDFJO.exe
  C:\Windows\System\LvtDFJO.exe
  2⤵
  PID:3132
- C:\Windows\System\XVIDvte.exe
  C:\Windows\System\XVIDvte.exe
  2⤵
  PID:4312
- C:\Windows\System\stIxjvm.exe
  C:\Windows\System\stIxjvm.exe
  2⤵
  PID:4352
- C:\Windows\System\IxNYUBi.exe
  C:\Windows\System\IxNYUBi.exe
  2⤵
  PID:4412
- C:\Windows\System\tYLotdP.exe
  C:\Windows\System\tYLotdP.exe
  2⤵
  PID:4632
- C:\Windows\System\XOjAqkP.exe
  C:\Windows\System\XOjAqkP.exe
  2⤵
  PID:5136
- C:\Windows\System\cBClxlz.exe
  C:\Windows\System\cBClxlz.exe
  2⤵
  PID:5156
- C:\Windows\System\LvCYaEk.exe
  C:\Windows\System\LvCYaEk.exe
  2⤵
  PID:5176
- C:\Windows\System\hoCLyMF.exe
  C:\Windows\System\hoCLyMF.exe
  2⤵
  PID:5196
- C:\Windows\System\PUxxfzN.exe
  C:\Windows\System\PUxxfzN.exe
  2⤵
  PID:5216
- C:\Windows\System\CDJhDfA.exe
  C:\Windows\System\CDJhDfA.exe
  2⤵
  PID:5236
- C:\Windows\System\wnLngjJ.exe
  C:\Windows\System\wnLngjJ.exe
  2⤵
  PID:5256
- C:\Windows\System\zQOQfsJ.exe
  C:\Windows\System\zQOQfsJ.exe
  2⤵
  PID:5276
- C:\Windows\System\wQSYFGU.exe
  C:\Windows\System\wQSYFGU.exe
  2⤵
  PID:5296
- C:\Windows\System\aLibdEX.exe
  C:\Windows\System\aLibdEX.exe
  2⤵
  PID:5316
- C:\Windows\System\OSRLFYH.exe
  C:\Windows\System\OSRLFYH.exe
  2⤵
  PID:5336
- C:\Windows\System\mApuafj.exe
  C:\Windows\System\mApuafj.exe
  2⤵
  PID:5356
- C:\Windows\System\FYcZiym.exe
  C:\Windows\System\FYcZiym.exe
  2⤵
  PID:5376
- C:\Windows\System\hAEAgpe.exe
  C:\Windows\System\hAEAgpe.exe
  2⤵
  PID:5396
- C:\Windows\System\ZSygynp.exe
  C:\Windows\System\ZSygynp.exe
  2⤵
  PID:5416
- C:\Windows\System\pOyJAVY.exe
  C:\Windows\System\pOyJAVY.exe
  2⤵
  PID:5436
- C:\Windows\System\eTUPkDq.exe
  C:\Windows\System\eTUPkDq.exe
  2⤵
  PID:5456
- C:\Windows\System\sWalqKA.exe
  C:\Windows\System\sWalqKA.exe
  2⤵
  PID:5476
- C:\Windows\System\VHbduPh.exe
  C:\Windows\System\VHbduPh.exe
  2⤵
  PID:5496
- C:\Windows\System\QknCJwb.exe
  C:\Windows\System\QknCJwb.exe
  2⤵
  PID:5516
- C:\Windows\System\lxjpNsg.exe
  C:\Windows\System\lxjpNsg.exe
  2⤵
  PID:5536
- C:\Windows\System\HdaRIHy.exe
  C:\Windows\System\HdaRIHy.exe
  2⤵
  PID:5556
- C:\Windows\System\wckgNMP.exe
  C:\Windows\System\wckgNMP.exe
  2⤵
  PID:5576
- C:\Windows\System\CKyhyCQ.exe
  C:\Windows\System\CKyhyCQ.exe
  2⤵
  PID:5596
- C:\Windows\System\fHXPnVZ.exe
  C:\Windows\System\fHXPnVZ.exe
  2⤵
  PID:5616
- C:\Windows\System\TuvQRYv.exe
  C:\Windows\System\TuvQRYv.exe
  2⤵
  PID:5636
- C:\Windows\System\CRbnetl.exe
  C:\Windows\System\CRbnetl.exe
  2⤵
  PID:5656
- C:\Windows\System\aPlLjfu.exe
  C:\Windows\System\aPlLjfu.exe
  2⤵
  PID:5676
- C:\Windows\System\daWUPan.exe
  C:\Windows\System\daWUPan.exe
  2⤵
  PID:5696
- C:\Windows\System\hqrnJoJ.exe
  C:\Windows\System\hqrnJoJ.exe
  2⤵
  PID:5716
- C:\Windows\System\kmPTnAp.exe
  C:\Windows\System\kmPTnAp.exe
  2⤵
  PID:5736
- C:\Windows\System\OSOQizM.exe
  C:\Windows\System\OSOQizM.exe
  2⤵
  PID:5756
- C:\Windows\System\gjubmMP.exe
  C:\Windows\System\gjubmMP.exe
  2⤵
  PID:5776
- C:\Windows\System\pptLKZV.exe
  C:\Windows\System\pptLKZV.exe
  2⤵
  PID:5796
- C:\Windows\System\LvJXvXJ.exe
  C:\Windows\System\LvJXvXJ.exe
  2⤵
  PID:5816
- C:\Windows\System\eHRkUHQ.exe
  C:\Windows\System\eHRkUHQ.exe
  2⤵
  PID:5836
- C:\Windows\System\zlhdaih.exe
  C:\Windows\System\zlhdaih.exe
  2⤵
  PID:5856
- C:\Windows\System\gbIFDWo.exe
  C:\Windows\System\gbIFDWo.exe
  2⤵
  PID:5876
- C:\Windows\System\oBUaxKm.exe
  C:\Windows\System\oBUaxKm.exe
  2⤵
  PID:5896
- C:\Windows\System\WUoBldO.exe
  C:\Windows\System\WUoBldO.exe
  2⤵
  PID:5916
- C:\Windows\System\OUpApaa.exe
  C:\Windows\System\OUpApaa.exe
  2⤵
  PID:5936
- C:\Windows\System\EdLytpi.exe
  C:\Windows\System\EdLytpi.exe
  2⤵
  PID:5956
- C:\Windows\System\fqUVDKi.exe
  C:\Windows\System\fqUVDKi.exe
  2⤵
  PID:5976
- C:\Windows\System\FJqBMmX.exe
  C:\Windows\System\FJqBMmX.exe
  2⤵
  PID:5996
- C:\Windows\System\REfOIoP.exe
  C:\Windows\System\REfOIoP.exe
  2⤵
  PID:6016
- C:\Windows\System\vhLHntQ.exe
  C:\Windows\System\vhLHntQ.exe
  2⤵
  PID:6036
- C:\Windows\System\YSNQIEv.exe
  C:\Windows\System\YSNQIEv.exe
  2⤵
  PID:6060
- C:\Windows\System\COqhitz.exe
  C:\Windows\System\COqhitz.exe
  2⤵
  PID:6080
- C:\Windows\System\zaarewj.exe
  C:\Windows\System\zaarewj.exe
  2⤵
  PID:6100
- C:\Windows\System\iYRthEs.exe
  C:\Windows\System\iYRthEs.exe
  2⤵
  PID:6120
- C:\Windows\System\CLbYQYh.exe
  C:\Windows\System\CLbYQYh.exe
  2⤵
  PID:6140
- C:\Windows\System\ncuDOjc.exe
  C:\Windows\System\ncuDOjc.exe
  2⤵
  PID:4984
- C:\Windows\System\OAvFCNm.exe
  C:\Windows\System\OAvFCNm.exe
  2⤵
  PID:3024
- C:\Windows\System\EXXZTgv.exe
  C:\Windows\System\EXXZTgv.exe
  2⤵
  PID:5100
- C:\Windows\System\VgTgccI.exe
  C:\Windows\System\VgTgccI.exe
  2⤵
  PID:3580
- C:\Windows\System\RPQIWXA.exe
  C:\Windows\System\RPQIWXA.exe
  2⤵
  PID:4316
- C:\Windows\System\KPMTdIF.exe
  C:\Windows\System\KPMTdIF.exe
  2⤵
  PID:2356
- C:\Windows\System\LhLCzhj.exe
  C:\Windows\System\LhLCzhj.exe
  2⤵
  PID:2600
- C:\Windows\System\oeSnJvO.exe
  C:\Windows\System\oeSnJvO.exe
  2⤵
  PID:5124
- C:\Windows\System\dNkYeSv.exe
  C:\Windows\System\dNkYeSv.exe
  2⤵
  PID:5188
- C:\Windows\System\TVANZuB.exe
  C:\Windows\System\TVANZuB.exe
  2⤵
  PID:5212
- C:\Windows\System\fyeaNKV.exe
  C:\Windows\System\fyeaNKV.exe
  2⤵
  PID:5228
- C:\Windows\System\ZDOjXhl.exe
  C:\Windows\System\ZDOjXhl.exe
  2⤵
  PID:5252
- C:\Windows\System\BhfhxCH.exe
  C:\Windows\System\BhfhxCH.exe
  2⤵
  PID:5292
- C:\Windows\System\qJOFKHh.exe
  C:\Windows\System\qJOFKHh.exe
  2⤵
  PID:5344
- C:\Windows\System\Fpiktbm.exe
  C:\Windows\System\Fpiktbm.exe
  2⤵
  PID:5364
- C:\Windows\System\pyUNSmc.exe
  C:\Windows\System\pyUNSmc.exe
  2⤵
  PID:5424
- C:\Windows\System\wltjXgY.exe
  C:\Windows\System\wltjXgY.exe
  2⤵
  PID:5428
- C:\Windows\System\JtOGonf.exe
  C:\Windows\System\JtOGonf.exe
  2⤵
  PID:5452
- C:\Windows\System\zQnYwNJ.exe
  C:\Windows\System\zQnYwNJ.exe
  2⤵
  PID:5512
- C:\Windows\System\pjdKAiG.exe
  C:\Windows\System\pjdKAiG.exe
  2⤵
  PID:5552
- C:\Windows\System\rcMfDTd.exe
  C:\Windows\System\rcMfDTd.exe
  2⤵
  PID:5592
- C:\Windows\System\fiKEmmE.exe
  C:\Windows\System\fiKEmmE.exe
  2⤵
  PID:5604
- C:\Windows\System\wAguAoC.exe
  C:\Windows\System\wAguAoC.exe
  2⤵
  PID:5608
- C:\Windows\System\xILOSgZ.exe
  C:\Windows\System\xILOSgZ.exe
  2⤵
  PID:5652
- C:\Windows\System\aagYZjt.exe
  C:\Windows\System\aagYZjt.exe
  2⤵
  PID:5712
- C:\Windows\System\jLtUmDC.exe
  C:\Windows\System\jLtUmDC.exe
  2⤵
  PID:5724
- C:\Windows\System\NCCcXQK.exe
  C:\Windows\System\NCCcXQK.exe
  2⤵
  PID:5728
- C:\Windows\System\WWrFLtQ.exe
  C:\Windows\System\WWrFLtQ.exe
  2⤵
  PID:5772
- C:\Windows\System\oHUscHb.exe
  C:\Windows\System\oHUscHb.exe
  2⤵
  PID:5832
- C:\Windows\System\AMjgpuQ.exe
  C:\Windows\System\AMjgpuQ.exe
  2⤵
  PID:5864
- C:\Windows\System\dtXStnt.exe
  C:\Windows\System\dtXStnt.exe
  2⤵
  PID:5884
- C:\Windows\System\DsKuKom.exe
  C:\Windows\System\DsKuKom.exe
  2⤵
  PID:5908
- C:\Windows\System\VObxyzk.exe
  C:\Windows\System\VObxyzk.exe
  2⤵
  PID:5952
- C:\Windows\System\mUisWVc.exe
  C:\Windows\System\mUisWVc.exe
  2⤵
  PID:2688
- C:\Windows\System\slTzFEO.exe
  C:\Windows\System\slTzFEO.exe
  2⤵
  PID:6012
- C:\Windows\System\VKkjZbE.exe
  C:\Windows\System\VKkjZbE.exe
  2⤵
  PID:6008
- C:\Windows\System\uqPTjUE.exe
  C:\Windows\System\uqPTjUE.exe
  2⤵
  PID:6048
- C:\Windows\System\ffeBxWy.exe
  C:\Windows\System\ffeBxWy.exe
  2⤵
  PID:6088
- C:\Windows\System\WqtIdBC.exe
  C:\Windows\System\WqtIdBC.exe
  2⤵
  PID:6128
- C:\Windows\System\RXjwTsW.exe
  C:\Windows\System\RXjwTsW.exe
  2⤵
  PID:2764
- C:\Windows\System\gDzVCjM.exe
  C:\Windows\System\gDzVCjM.exe
  2⤵
  PID:1308
- C:\Windows\System\GFrqYSg.exe
  C:\Windows\System\GFrqYSg.exe
  2⤵
  PID:4188
- C:\Windows\System\PLmMsoC.exe
  C:\Windows\System\PLmMsoC.exe
  2⤵
  PID:1312
- C:\Windows\System\kfeWOZq.exe
  C:\Windows\System\kfeWOZq.exe
  2⤵
  PID:5128
- C:\Windows\System\hXomrJQ.exe
  C:\Windows\System\hXomrJQ.exe
  2⤵
  PID:5232
- C:\Windows\System\TcBlBVa.exe
  C:\Windows\System\TcBlBVa.exe
  2⤵
  PID:5204
- C:\Windows\System\iVNRcBd.exe
  C:\Windows\System\iVNRcBd.exe
  2⤵
  PID:5312
- C:\Windows\System\kkdMPOc.exe
  C:\Windows\System\kkdMPOc.exe
  2⤵
  PID:308
- C:\Windows\System\XEVYxbC.exe
  C:\Windows\System\XEVYxbC.exe
  2⤵
  PID:5368
- C:\Windows\System\BqscUka.exe
  C:\Windows\System\BqscUka.exe
  2⤵
  PID:5484
- C:\Windows\System\XeyfGDD.exe
  C:\Windows\System\XeyfGDD.exe
  2⤵
  PID:5528
- C:\Windows\System\urBjnXf.exe
  C:\Windows\System\urBjnXf.exe
  2⤵
  PID:5548
- C:\Windows\System\rnqXRUH.exe
  C:\Windows\System\rnqXRUH.exe
  2⤵
  PID:5564
- C:\Windows\System\EVicqGG.exe
  C:\Windows\System\EVicqGG.exe
  2⤵
  PID:5672
- C:\Windows\System\arqocxI.exe
  C:\Windows\System\arqocxI.exe
  2⤵
  PID:5748
- C:\Windows\System\oHiefKx.exe
  C:\Windows\System\oHiefKx.exe
  2⤵
  PID:5788
- C:\Windows\System\dNAepMi.exe
  C:\Windows\System\dNAepMi.exe
  2⤵
  PID:5792
- C:\Windows\System\MZlwURR.exe
  C:\Windows\System\MZlwURR.exe
  2⤵
  PID:5944
- C:\Windows\System\OnzEHFX.exe
  C:\Windows\System\OnzEHFX.exe
  2⤵
  PID:5972
- C:\Windows\System\EpLRZHk.exe
  C:\Windows\System\EpLRZHk.exe
  2⤵
  PID:5892
- C:\Windows\System\BXSNWJx.exe
  C:\Windows\System\BXSNWJx.exe
  2⤵
  PID:5992
- C:\Windows\System\CZXhsFx.exe
  C:\Windows\System\CZXhsFx.exe
  2⤵
  PID:6032
- C:\Windows\System\tJxIdfF.exe
  C:\Windows\System\tJxIdfF.exe
  2⤵
  PID:4944
- C:\Windows\System\spIBFnh.exe
  C:\Windows\System\spIBFnh.exe
  2⤵
  PID:3020
- C:\Windows\System\vZDDqng.exe
  C:\Windows\System\vZDDqng.exe
  2⤵
  PID:4164
- C:\Windows\System\Dhgprpq.exe
  C:\Windows\System\Dhgprpq.exe
  2⤵
  PID:2880
- C:\Windows\System\TeBqjRt.exe
  C:\Windows\System\TeBqjRt.exe
  2⤵
  PID:4612
- C:\Windows\System\PgXJKSJ.exe
  C:\Windows\System\PgXJKSJ.exe
  2⤵
  PID:5208
- C:\Windows\System\jWBhKAl.exe
  C:\Windows\System\jWBhKAl.exe
  2⤵
  PID:5412
- C:\Windows\System\FvFozCB.exe
  C:\Windows\System\FvFozCB.exe
  2⤵
  PID:5472
- C:\Windows\System\YRWWnup.exe
  C:\Windows\System\YRWWnup.exe
  2⤵
  PID:5632
- C:\Windows\System\xUzfpyR.exe
  C:\Windows\System\xUzfpyR.exe
  2⤵
  PID:5628
- C:\Windows\System\kvFwetE.exe
  C:\Windows\System\kvFwetE.exe
  2⤵
  PID:5572
- C:\Windows\System\GKdSZOb.exe
  C:\Windows\System\GKdSZOb.exe
  2⤵
  PID:5784
- C:\Windows\System\lDwEBky.exe
  C:\Windows\System\lDwEBky.exe
  2⤵
  PID:5868
- C:\Windows\System\TLuHHrI.exe
  C:\Windows\System\TLuHHrI.exe
  2⤵
  PID:3824
- C:\Windows\System\gvzwLaK.exe
  C:\Windows\System\gvzwLaK.exe
  2⤵
  PID:6004
- C:\Windows\System\PvtZuKo.exe
  C:\Windows\System\PvtZuKo.exe
  2⤵
  PID:2808
- C:\Windows\System\rPtUmHO.exe
  C:\Windows\System\rPtUmHO.exe
  2⤵
  PID:4152
- C:\Windows\System\RzjAjDq.exe
  C:\Windows\System\RzjAjDq.exe
  2⤵
  PID:4056
- C:\Windows\System\gaiLVhc.exe
  C:\Windows\System\gaiLVhc.exe
  2⤵
  PID:4256
- C:\Windows\System\XOPGLyr.exe
  C:\Windows\System\XOPGLyr.exe
  2⤵
  PID:5268
- C:\Windows\System\IlxxmNB.exe
  C:\Windows\System\IlxxmNB.exe
  2⤵
  PID:5492
- C:\Windows\System\vapdUtI.exe
  C:\Windows\System\vapdUtI.exe
  2⤵
  PID:2132
- C:\Windows\System\rdORlOs.exe
  C:\Windows\System\rdORlOs.exe
  2⤵
  PID:5544
- C:\Windows\System\IzxVjPq.exe
  C:\Windows\System\IzxVjPq.exe
  2⤵
  PID:5692
- C:\Windows\System\IRZsuli.exe
  C:\Windows\System\IRZsuli.exe
  2⤵
  PID:5852
- C:\Windows\System\ocRrdnx.exe
  C:\Windows\System\ocRrdnx.exe
  2⤵
  PID:6092
- C:\Windows\System\DEqHrVE.exe
  C:\Windows\System\DEqHrVE.exe
  2⤵
  PID:2728
- C:\Windows\System\UPrxYQy.exe
  C:\Windows\System\UPrxYQy.exe
  2⤵
  PID:3512
- C:\Windows\System\EVASQxT.exe
  C:\Windows\System\EVASQxT.exe
  2⤵
  PID:2456
- C:\Windows\System\BGipXRX.exe
  C:\Windows\System\BGipXRX.exe
  2⤵
  PID:2596
- C:\Windows\System\iUXANBY.exe
  C:\Windows\System\iUXANBY.exe
  2⤵
  PID:5744
- C:\Windows\System\gwQgBJC.exe
  C:\Windows\System\gwQgBJC.exe
  2⤵
  PID:5804
- C:\Windows\System\NfDrbgy.exe
  C:\Windows\System\NfDrbgy.exe
  2⤵
  PID:6096
- C:\Windows\System\lGlAIBZ.exe
  C:\Windows\System\lGlAIBZ.exe
  2⤵
  PID:5172
- C:\Windows\System\IDqcuvG.exe
  C:\Windows\System\IDqcuvG.exe
  2⤵
  PID:5448
- C:\Windows\System\LtqhEGr.exe
  C:\Windows\System\LtqhEGr.exe
  2⤵
  PID:5984
- C:\Windows\System\prwDIbO.exe
  C:\Windows\System\prwDIbO.exe
  2⤵
  PID:5056
- C:\Windows\System\TTLeJjV.exe
  C:\Windows\System\TTLeJjV.exe
  2⤵
  PID:6160
- C:\Windows\System\RkAHOdT.exe
  C:\Windows\System\RkAHOdT.exe
  2⤵
  PID:6180
- C:\Windows\System\UHMOftQ.exe
  C:\Windows\System\UHMOftQ.exe
  2⤵
  PID:6200
- C:\Windows\System\WmdAsDa.exe
  C:\Windows\System\WmdAsDa.exe
  2⤵
  PID:6220
- C:\Windows\System\vINMbiC.exe
  C:\Windows\System\vINMbiC.exe
  2⤵
  PID:6240
- C:\Windows\System\ZeXEgxR.exe
  C:\Windows\System\ZeXEgxR.exe
  2⤵
  PID:6260
- C:\Windows\System\XBcZPWz.exe
  C:\Windows\System\XBcZPWz.exe
  2⤵
  PID:6280
- C:\Windows\System\ZBDQcIX.exe
  C:\Windows\System\ZBDQcIX.exe
  2⤵
  PID:6300
- C:\Windows\System\tPXGdck.exe
  C:\Windows\System\tPXGdck.exe
  2⤵
  PID:6320
- C:\Windows\System\JaDWdPC.exe
  C:\Windows\System\JaDWdPC.exe
  2⤵
  PID:6340
- C:\Windows\System\UcOcWrJ.exe
  C:\Windows\System\UcOcWrJ.exe
  2⤵
  PID:6360
- C:\Windows\System\FybqCvO.exe
  C:\Windows\System\FybqCvO.exe
  2⤵
  PID:6380
- C:\Windows\System\NZekNRi.exe
  C:\Windows\System\NZekNRi.exe
  2⤵
  PID:6416
- C:\Windows\System\qsIRClo.exe
  C:\Windows\System\qsIRClo.exe
  2⤵
  PID:6452
- C:\Windows\System\DEYwIJu.exe
  C:\Windows\System\DEYwIJu.exe
  2⤵
  PID:6484
- C:\Windows\System\umRbwMP.exe
  C:\Windows\System\umRbwMP.exe
  2⤵
  PID:6504
- C:\Windows\System\pAgkNte.exe
  C:\Windows\System\pAgkNte.exe
  2⤵
  PID:6524
- C:\Windows\System\pjdQBes.exe
  C:\Windows\System\pjdQBes.exe
  2⤵
  PID:6556
- C:\Windows\System\jSKdPoB.exe
  C:\Windows\System\jSKdPoB.exe
  2⤵
  PID:6576
- C:\Windows\System\IHgjDyO.exe
  C:\Windows\System\IHgjDyO.exe
  2⤵
  PID:6592
- C:\Windows\System\YCUqQgy.exe
  C:\Windows\System\YCUqQgy.exe
  2⤵
  PID:6608
- C:\Windows\System\LYyblgJ.exe
  C:\Windows\System\LYyblgJ.exe
  2⤵
  PID:6624
- C:\Windows\System\jggExVJ.exe
  C:\Windows\System\jggExVJ.exe
  2⤵
  PID:6652
- C:\Windows\System\NWkPhAY.exe
  C:\Windows\System\NWkPhAY.exe
  2⤵
  PID:6668
- C:\Windows\System\qcQphLe.exe
  C:\Windows\System\qcQphLe.exe
  2⤵
  PID:6688
- C:\Windows\System\ztTCssO.exe
  C:\Windows\System\ztTCssO.exe
  2⤵
  PID:6712
- C:\Windows\System\eOskKns.exe
  C:\Windows\System\eOskKns.exe
  2⤵
  PID:6740
- C:\Windows\System\RZwrdjb.exe
  C:\Windows\System\RZwrdjb.exe
  2⤵
  PID:6756
- C:\Windows\System\qEZZkSY.exe
  C:\Windows\System\qEZZkSY.exe
  2⤵
  PID:6772
- C:\Windows\System\EeEmWss.exe
  C:\Windows\System\EeEmWss.exe
  2⤵
  PID:6788
- C:\Windows\System\vWCTyTw.exe
  C:\Windows\System\vWCTyTw.exe
  2⤵
  PID:6812
- C:\Windows\System\uvaNxQl.exe
  C:\Windows\System\uvaNxQl.exe
  2⤵
  PID:6832
- C:\Windows\System\SWdGrku.exe
  C:\Windows\System\SWdGrku.exe
  2⤵
  PID:6848
- C:\Windows\System\wDbYjRJ.exe
  C:\Windows\System\wDbYjRJ.exe
  2⤵
  PID:6868
- C:\Windows\System\dPQyNCx.exe
  C:\Windows\System\dPQyNCx.exe
  2⤵
  PID:6884
- C:\Windows\System\gYfeCJr.exe
  C:\Windows\System\gYfeCJr.exe
  2⤵
  PID:6904
- C:\Windows\System\BSlyDjK.exe
  C:\Windows\System\BSlyDjK.exe
  2⤵
  PID:6920
- C:\Windows\System\aMtpbOb.exe
  C:\Windows\System\aMtpbOb.exe
  2⤵
  PID:6936
- C:\Windows\System\RJvASVj.exe
  C:\Windows\System\RJvASVj.exe
  2⤵
  PID:6980
- C:\Windows\System\vCnoqBx.exe
  C:\Windows\System\vCnoqBx.exe
  2⤵
  PID:7000
- C:\Windows\System\bPlWFyN.exe
  C:\Windows\System\bPlWFyN.exe
  2⤵
  PID:7016
- C:\Windows\System\TSYNOVc.exe
  C:\Windows\System\TSYNOVc.exe
  2⤵
  PID:7032
- C:\Windows\System\ppCeSbo.exe
  C:\Windows\System\ppCeSbo.exe
  2⤵
  PID:7056
- C:\Windows\System\OJDDqrz.exe
  C:\Windows\System\OJDDqrz.exe
  2⤵
  PID:7072
- C:\Windows\System\iJLBRnX.exe
  C:\Windows\System\iJLBRnX.exe
  2⤵
  PID:7092
- C:\Windows\System\CheMarM.exe
  C:\Windows\System\CheMarM.exe
  2⤵
  PID:7112
- C:\Windows\System\dBtILci.exe
  C:\Windows\System\dBtILci.exe
  2⤵
  PID:7132
- C:\Windows\System\hogtTGr.exe
  C:\Windows\System\hogtTGr.exe
  2⤵
  PID:7148
- C:\Windows\System\sIoJfCv.exe
  C:\Windows\System\sIoJfCv.exe
  2⤵
  PID:4220
- C:\Windows\System\mElohcS.exe
  C:\Windows\System\mElohcS.exe
  2⤵
  PID:5704
- C:\Windows\System\KPCRrao.exe
  C:\Windows\System\KPCRrao.exe
  2⤵
  PID:2348
- C:\Windows\System\WxULlKL.exe
  C:\Windows\System\WxULlKL.exe
  2⤵
  PID:6172
- C:\Windows\System\ulAuZJs.exe
  C:\Windows\System\ulAuZJs.exe
  2⤵
  PID:6192
- C:\Windows\System\tNXeRbX.exe
  C:\Windows\System\tNXeRbX.exe
  2⤵
  PID:6232
- C:\Windows\System\VIOtQUU.exe
  C:\Windows\System\VIOtQUU.exe
  2⤵
  PID:6276
- C:\Windows\System\XtbSvak.exe
  C:\Windows\System\XtbSvak.exe
  2⤵
  PID:6316
- C:\Windows\System\OkRiGhc.exe
  C:\Windows\System\OkRiGhc.exe
  2⤵
  PID:6312
- C:\Windows\System\AWGnrSw.exe
  C:\Windows\System\AWGnrSw.exe
  2⤵
  PID:6348
- C:\Windows\System\tLzhoGV.exe
  C:\Windows\System\tLzhoGV.exe
  2⤵
  PID:2968
- C:\Windows\System\KBFppno.exe
  C:\Windows\System\KBFppno.exe
  2⤵
  PID:1964
- C:\Windows\System\vVoocpn.exe
  C:\Windows\System\vVoocpn.exe
  2⤵
  PID:2448
- C:\Windows\System\kbUYWJl.exe
  C:\Windows\System\kbUYWJl.exe
  2⤵
  PID:2684
- C:\Windows\System\kPucYqF.exe
  C:\Windows\System\kPucYqF.exe
  2⤵
  PID:1620
- C:\Windows\System\KuDNViQ.exe
  C:\Windows\System\KuDNViQ.exe
  2⤵
  PID:2904
- C:\Windows\System\fnohEtO.exe
  C:\Windows\System\fnohEtO.exe
  2⤵
  PID:6460
- C:\Windows\System\MTWxexc.exe
  C:\Windows\System\MTWxexc.exe
  2⤵
  PID:6464
- C:\Windows\System\HSNTABi.exe
  C:\Windows\System\HSNTABi.exe
  2⤵
  PID:6520
- C:\Windows\System\IsUPYTH.exe
  C:\Windows\System\IsUPYTH.exe
  2⤵
  PID:6540
- C:\Windows\System\JxTtrHU.exe
  C:\Windows\System\JxTtrHU.exe
  2⤵
  PID:6568
- C:\Windows\System\rJjDGIE.exe
  C:\Windows\System\rJjDGIE.exe
  2⤵
  PID:6644
- C:\Windows\System\UuGvvoA.exe
  C:\Windows\System\UuGvvoA.exe
  2⤵
  PID:6680
- C:\Windows\System\TkkJemS.exe
  C:\Windows\System\TkkJemS.exe
  2⤵
  PID:6728
- C:\Windows\System\vanFszW.exe
  C:\Windows\System\vanFszW.exe
  2⤵
  PID:6616
- C:\Windows\System\IlrUJjH.exe
  C:\Windows\System\IlrUJjH.exe
  2⤵
  PID:6796
- C:\Windows\System\XbTWUeF.exe
  C:\Windows\System\XbTWUeF.exe
  2⤵
  PID:6840
- C:\Windows\System\idIkYCX.exe
  C:\Windows\System\idIkYCX.exe
  2⤵
  PID:6748
- C:\Windows\System\dUkyYKa.exe
  C:\Windows\System\dUkyYKa.exe
  2⤵
  PID:6664
- C:\Windows\System\yDVlXra.exe
  C:\Windows\System\yDVlXra.exe
  2⤵
  PID:6964
- C:\Windows\System\UDUzZMo.exe
  C:\Windows\System\UDUzZMo.exe
  2⤵
  PID:6708
- C:\Windows\System\ETMGXjb.exe
  C:\Windows\System\ETMGXjb.exe
  2⤵
  PID:6948
- C:\Windows\System\zLyuCtw.exe
  C:\Windows\System\zLyuCtw.exe
  2⤵
  PID:7044
- C:\Windows\System\mgIKkHr.exe
  C:\Windows\System\mgIKkHr.exe
  2⤵
  PID:6996
- C:\Windows\System\BZclLbe.exe
  C:\Windows\System\BZclLbe.exe
  2⤵
  PID:6828
- C:\Windows\System\pChuVBB.exe
  C:\Windows\System\pChuVBB.exe
  2⤵
  PID:6864
- C:\Windows\System\AZHEEWC.exe
  C:\Windows\System\AZHEEWC.exe
  2⤵
  PID:7124
- C:\Windows\System\WqxkFdc.exe
  C:\Windows\System\WqxkFdc.exe
  2⤵
  PID:7064
- C:\Windows\System\WPDCftB.exe
  C:\Windows\System\WPDCftB.exe
  2⤵
  PID:7028
- C:\Windows\System\snVMAnv.exe
  C:\Windows\System\snVMAnv.exe
  2⤵
  PID:5284
- C:\Windows\System\pOoOQAZ.exe
  C:\Windows\System\pOoOQAZ.exe
  2⤵
  PID:2328
- C:\Windows\System\FoAKPey.exe
  C:\Windows\System\FoAKPey.exe
  2⤵
  PID:7140
- C:\Windows\System\hTfvPif.exe
  C:\Windows\System\hTfvPif.exe
  2⤵
  PID:6168
- C:\Windows\System\fYOfVRF.exe
  C:\Windows\System\fYOfVRF.exe
  2⤵
  PID:6188
- C:\Windows\System\TrrvFDJ.exe
  C:\Windows\System\TrrvFDJ.exe
  2⤵
  PID:6356
- C:\Windows\System\faKihmh.exe
  C:\Windows\System\faKihmh.exe
  2⤵
  PID:1980
- C:\Windows\System\cEQDnUt.exe
  C:\Windows\System\cEQDnUt.exe
  2⤵
  PID:6372
- C:\Windows\System\gYxGket.exe
  C:\Windows\System\gYxGket.exe
  2⤵
  PID:1612
- C:\Windows\System\HcKwtAA.exe
  C:\Windows\System\HcKwtAA.exe
  2⤵
  PID:1352
- C:\Windows\System\NgaFqNw.exe
  C:\Windows\System\NgaFqNw.exe
  2⤵
  PID:6308
- C:\Windows\System\qpmjmiN.exe
  C:\Windows\System\qpmjmiN.exe
  2⤵
  PID:6476
- C:\Windows\System\kCXNhxe.exe
  C:\Windows\System\kCXNhxe.exe
  2⤵
  PID:2888
- C:\Windows\System\dSDifMm.exe
  C:\Windows\System\dSDifMm.exe
  2⤵
  PID:6636
- C:\Windows\System\kIACSjV.exe
  C:\Windows\System\kIACSjV.exe
  2⤵
  PID:6588
- C:\Windows\System\gRhhFju.exe
  C:\Windows\System\gRhhFju.exe
  2⤵
  PID:2276
- C:\Windows\System\JhSbJls.exe
  C:\Windows\System\JhSbJls.exe
  2⤵
  PID:6604
- C:\Windows\System\RtOuITt.exe
  C:\Windows\System\RtOuITt.exe
  2⤵
  PID:928
- C:\Windows\System\SnmAHvM.exe
  C:\Windows\System\SnmAHvM.exe
  2⤵
  PID:1836
- C:\Windows\System\ohtmpYl.exe
  C:\Windows\System\ohtmpYl.exe
  2⤵
  PID:6880
- C:\Windows\System\TpPjpJp.exe
  C:\Windows\System\TpPjpJp.exe
  2⤵
  PID:6928
- C:\Windows\System\KQvAJSj.exe
  C:\Windows\System\KQvAJSj.exe
  2⤵
  PID:7008
- C:\Windows\System\hAJVeiS.exe
  C:\Windows\System\hAJVeiS.exe
  2⤵
  PID:6824
- C:\Windows\System\aEYrxdM.exe
  C:\Windows\System\aEYrxdM.exe
  2⤵
  PID:7100
- C:\Windows\System\pfUKYdQ.exe
  C:\Windows\System\pfUKYdQ.exe
  2⤵
  PID:1704
- C:\Windows\System\WNtcGxa.exe
  C:\Windows\System\WNtcGxa.exe
  2⤵
  PID:5688
- C:\Windows\System\dDhCuAS.exe
  C:\Windows\System\dDhCuAS.exe
  2⤵
  PID:7088
- C:\Windows\System\WiZdnND.exe
  C:\Windows\System\WiZdnND.exe
  2⤵
  PID:7164
- C:\Windows\System\ljiyyyQ.exe
  C:\Windows\System\ljiyyyQ.exe
  2⤵
  PID:1792
- C:\Windows\System\snbnvbh.exe
  C:\Windows\System\snbnvbh.exe
  2⤵
  PID:6288
- C:\Windows\System\OQmRjXb.exe
  C:\Windows\System\OQmRjXb.exe
  2⤵
  PID:6176
- C:\Windows\System\OCOaKXI.exe
  C:\Windows\System\OCOaKXI.exe
  2⤵
  PID:2912
- C:\Windows\System\hqKcvKP.exe
  C:\Windows\System\hqKcvKP.exe
  2⤵
  PID:6444
- C:\Windows\System\YyKquiN.exe
  C:\Windows\System\YyKquiN.exe
  2⤵
  PID:1388
- C:\Windows\System\eiWQjWP.exe
  C:\Windows\System\eiWQjWP.exe
  2⤵
  PID:3000
- C:\Windows\System\AGmGvUF.exe
  C:\Windows\System\AGmGvUF.exe
  2⤵
  PID:6544
- C:\Windows\System\RByGKnn.exe
  C:\Windows\System\RByGKnn.exe
  2⤵
  PID:6808
- C:\Windows\System\ASJrCUz.exe
  C:\Windows\System\ASJrCUz.exe
  2⤵
  PID:6952
- C:\Windows\System\tDosRro.exe
  C:\Windows\System\tDosRro.exe
  2⤵
  PID:6768
- C:\Windows\System\kSWhyxV.exe
  C:\Windows\System\kSWhyxV.exe
  2⤵
  PID:6700
- C:\Windows\System\yStRLoI.exe
  C:\Windows\System\yStRLoI.exe
  2⤵
  PID:6960
- C:\Windows\System\sewBIjN.exe
  C:\Windows\System\sewBIjN.exe
  2⤵
  PID:6784
- C:\Windows\System\Pjpdfpg.exe
  C:\Windows\System\Pjpdfpg.exe
  2⤵
  PID:7120
- C:\Windows\System\TcQlxpt.exe
  C:\Windows\System\TcQlxpt.exe
  2⤵
  PID:5328
- C:\Windows\System\YGRXWDh.exe
  C:\Windows\System\YGRXWDh.exe
  2⤵
  PID:6376
- C:\Windows\System\TfhJuXh.exe
  C:\Windows\System\TfhJuXh.exe
  2⤵
  PID:6236
- C:\Windows\System\qCMScPL.exe
  C:\Windows\System\qCMScPL.exe
  2⤵
  PID:1892
- C:\Windows\System\YhRnhGY.exe
  C:\Windows\System\YhRnhGY.exe
  2⤵
  PID:7012
- C:\Windows\System\htRJmAj.exe
  C:\Windows\System\htRJmAj.exe
  2⤵
  PID:6448
- C:\Windows\System\AMKxqwu.exe
  C:\Windows\System\AMKxqwu.exe
  2⤵
  PID:6532
- C:\Windows\System\OmnVLnu.exe
  C:\Windows\System\OmnVLnu.exe
  2⤵
  PID:6988
- C:\Windows\System\oROJVyS.exe
  C:\Windows\System\oROJVyS.exe
  2⤵
  PID:6860
- C:\Windows\System\IfshynJ.exe
  C:\Windows\System\IfshynJ.exe
  2⤵
  PID:6900
- C:\Windows\System\tXHzJjO.exe
  C:\Windows\System\tXHzJjO.exe
  2⤵
  PID:6916
- C:\Windows\System\BFVyvjK.exe
  C:\Windows\System\BFVyvjK.exe
  2⤵
  PID:6632
- C:\Windows\System\CvZcYTN.exe
  C:\Windows\System\CvZcYTN.exe
  2⤵
  PID:6432
- C:\Windows\System\KBoWTaZ.exe
  C:\Windows\System\KBoWTaZ.exe
  2⤵
  PID:7184
- C:\Windows\System\qyLnXOc.exe
  C:\Windows\System\qyLnXOc.exe
  2⤵
  PID:7200
- C:\Windows\System\jaYzAvc.exe
  C:\Windows\System\jaYzAvc.exe
  2⤵
  PID:7216
- C:\Windows\System\wIBOzzf.exe
  C:\Windows\System\wIBOzzf.exe
  2⤵
  PID:7232
- C:\Windows\System\jIsFSZx.exe
  C:\Windows\System\jIsFSZx.exe
  2⤵
  PID:7256
- C:\Windows\System\giXJwnF.exe
  C:\Windows\System\giXJwnF.exe
  2⤵
  PID:7276
- C:\Windows\System\vDMJgPQ.exe
  C:\Windows\System\vDMJgPQ.exe
  2⤵
  PID:7296
- C:\Windows\System\wsWbAzv.exe
  C:\Windows\System\wsWbAzv.exe
  2⤵
  PID:7316
- C:\Windows\System\aMHvuge.exe
  C:\Windows\System\aMHvuge.exe
  2⤵
  PID:7340
- C:\Windows\System\iPizLqA.exe
  C:\Windows\System\iPizLqA.exe
  2⤵
  PID:7356
- C:\Windows\System\CUPoAIg.exe
  C:\Windows\System\CUPoAIg.exe
  2⤵
  PID:7372
- C:\Windows\System\oPQewHf.exe
  C:\Windows\System\oPQewHf.exe
  2⤵
  PID:7388
- C:\Windows\System\OCqfYfg.exe
  C:\Windows\System\OCqfYfg.exe
  2⤵
  PID:7404
- C:\Windows\System\UUiujIR.exe
  C:\Windows\System\UUiujIR.exe
  2⤵
  PID:7432
- C:\Windows\System\fRICpFD.exe
  C:\Windows\System\fRICpFD.exe
  2⤵
  PID:7448
- C:\Windows\System\YAjiRVQ.exe
  C:\Windows\System\YAjiRVQ.exe
  2⤵
  PID:7476
- C:\Windows\System\mWExJoH.exe
  C:\Windows\System\mWExJoH.exe
  2⤵
  PID:7492
- C:\Windows\System\FJhtBdn.exe
  C:\Windows\System\FJhtBdn.exe
  2⤵
  PID:7520
- C:\Windows\System\WvVpesF.exe
  C:\Windows\System\WvVpesF.exe
  2⤵
  PID:7540
- C:\Windows\System\WLDJmHm.exe
  C:\Windows\System\WLDJmHm.exe
  2⤵
  PID:7556
- C:\Windows\System\DfalAmy.exe
  C:\Windows\System\DfalAmy.exe
  2⤵
  PID:7576
- C:\Windows\System\AjuZcYk.exe
  C:\Windows\System\AjuZcYk.exe
  2⤵
  PID:7592
- C:\Windows\System\FLljORd.exe
  C:\Windows\System\FLljORd.exe
  2⤵
  PID:7616
- C:\Windows\System\mykACxg.exe
  C:\Windows\System\mykACxg.exe
  2⤵
  PID:7640
- C:\Windows\System\CqyYhIl.exe
  C:\Windows\System\CqyYhIl.exe
  2⤵
  PID:7656
- C:\Windows\System\MjGySUT.exe
  C:\Windows\System\MjGySUT.exe
  2⤵
  PID:7672
- C:\Windows\System\ssgKtQq.exe
  C:\Windows\System\ssgKtQq.exe
  2⤵
  PID:7688
- C:\Windows\System\tdszkXK.exe
  C:\Windows\System\tdszkXK.exe
  2⤵
  PID:7704
- C:\Windows\System\yNSXBUX.exe
  C:\Windows\System\yNSXBUX.exe
  2⤵
  PID:7720
- C:\Windows\System\ShHOjVK.exe
  C:\Windows\System\ShHOjVK.exe
  2⤵
  PID:7736
- C:\Windows\System\aiahiqj.exe
  C:\Windows\System\aiahiqj.exe
  2⤵
  PID:7756
- C:\Windows\System\zZHJdeE.exe
  C:\Windows\System\zZHJdeE.exe
  2⤵
  PID:7776
- C:\Windows\System\dQgagHf.exe
  C:\Windows\System\dQgagHf.exe
  2⤵
  PID:7792
- C:\Windows\System\GetkBwi.exe
  C:\Windows\System\GetkBwi.exe
  2⤵
  PID:7820
- C:\Windows\System\sgNyJcJ.exe
  C:\Windows\System\sgNyJcJ.exe
  2⤵
  PID:7840
- C:\Windows\System\QIgquuW.exe
  C:\Windows\System\QIgquuW.exe
  2⤵
  PID:7856
- C:\Windows\System\qhOhAKm.exe
  C:\Windows\System\qhOhAKm.exe
  2⤵
  PID:7872
- C:\Windows\System\tmrqjDd.exe
  C:\Windows\System\tmrqjDd.exe
  2⤵
  PID:7892
- C:\Windows\System\QbkokfM.exe
  C:\Windows\System\QbkokfM.exe
  2⤵
  PID:7908
- C:\Windows\System\SJqBVxg.exe
  C:\Windows\System\SJqBVxg.exe
  2⤵
  PID:7924
- C:\Windows\System\zQegttE.exe
  C:\Windows\System\zQegttE.exe
  2⤵
  PID:7940
- C:\Windows\System\LmdfpZq.exe
  C:\Windows\System\LmdfpZq.exe
  2⤵
  PID:7964
- C:\Windows\System\jGyXdNE.exe
  C:\Windows\System\jGyXdNE.exe
  2⤵
  PID:7988
- C:\Windows\System\JHuzafJ.exe
  C:\Windows\System\JHuzafJ.exe
  2⤵
  PID:8004
- C:\Windows\System\ZVOMYgK.exe
  C:\Windows\System\ZVOMYgK.exe
  2⤵
  PID:8024
- C:\Windows\System\QLaAteq.exe
  C:\Windows\System\QLaAteq.exe
  2⤵
  PID:8044
- C:\Windows\System\hxbIALA.exe
  C:\Windows\System\hxbIALA.exe
  2⤵
  PID:8064
- C:\Windows\System\YeUxZso.exe
  C:\Windows\System\YeUxZso.exe
  2⤵
  PID:8084
- C:\Windows\System\aPhvbxU.exe
  C:\Windows\System\aPhvbxU.exe
  2⤵
  PID:8108
- C:\Windows\System\sUHImzD.exe
  C:\Windows\System\sUHImzD.exe
  2⤵
  PID:8124
- C:\Windows\System\OQgkzgu.exe
  C:\Windows\System\OQgkzgu.exe
  2⤵
  PID:8144
- C:\Windows\System\NFqbGPx.exe
  C:\Windows\System\NFqbGPx.exe
  2⤵
  PID:8160
- C:\Windows\System\pbijJcj.exe
  C:\Windows\System\pbijJcj.exe
  2⤵
  PID:8180
- C:\Windows\System\YSALGGd.exe
  C:\Windows\System\YSALGGd.exe
  2⤵
  PID:6572
- C:\Windows\System\ADJpZsv.exe
  C:\Windows\System\ADJpZsv.exe
  2⤵
  PID:7192
- C:\Windows\System\UEstRnD.exe
  C:\Windows\System\UEstRnD.exe
  2⤵
  PID:1196
- C:\Windows\System\qWoPXlA.exe
  C:\Windows\System\qWoPXlA.exe
  2⤵
  PID:6912
- C:\Windows\System\GWrlgmp.exe
  C:\Windows\System\GWrlgmp.exe
  2⤵
  PID:6332
- C:\Windows\System\wIrPmOM.exe
  C:\Windows\System\wIrPmOM.exe
  2⤵
  PID:7244
- C:\Windows\System\yOTkOsb.exe
  C:\Windows\System\yOTkOsb.exe
  2⤵
  PID:7268
- C:\Windows\System\zsmPrsL.exe
  C:\Windows\System\zsmPrsL.exe
  2⤵
  PID:7288
- C:\Windows\System\JYGdzvH.exe
  C:\Windows\System\JYGdzvH.exe
  2⤵
  PID:7332
- C:\Windows\System\senTzMe.exe
  C:\Windows\System\senTzMe.exe
  2⤵
  PID:7384
- C:\Windows\System\ipifIJs.exe
  C:\Windows\System\ipifIJs.exe
  2⤵
  PID:7368
- C:\Windows\System\EkFRywC.exe
  C:\Windows\System\EkFRywC.exe
  2⤵
  PID:7416
- C:\Windows\System\iEmJkHg.exe
  C:\Windows\System\iEmJkHg.exe
  2⤵
  PID:7460
- C:\Windows\System\TiNidXo.exe
  C:\Windows\System\TiNidXo.exe
  2⤵
  PID:7468
- C:\Windows\System\geRSWZx.exe
  C:\Windows\System\geRSWZx.exe
  2⤵
  PID:7484
- C:\Windows\System\KKWgnNt.exe
  C:\Windows\System\KKWgnNt.exe
  2⤵
  PID:7548
- C:\Windows\System\ncXDbnS.exe
  C:\Windows\System\ncXDbnS.exe
  2⤵
  PID:7564
- C:\Windows\System\qMBaXbx.exe
  C:\Windows\System\qMBaXbx.exe
  2⤵
  PID:7588
- C:\Windows\System\itvlWVz.exe
  C:\Windows\System\itvlWVz.exe
  2⤵
  PID:7608
- C:\Windows\System\UHFUUlj.exe
  C:\Windows\System\UHFUUlj.exe
  2⤵
  PID:7632
- C:\Windows\System\IjPQiRs.exe
  C:\Windows\System\IjPQiRs.exe
  2⤵
  PID:7700
- C:\Windows\System\fpVYzwt.exe
  C:\Windows\System\fpVYzwt.exe
  2⤵
  PID:7748
- C:\Windows\System\eWodZdL.exe
  C:\Windows\System\eWodZdL.exe
  2⤵
  PID:7712
- C:\Windows\System\YLlPbzM.exe
  C:\Windows\System\YLlPbzM.exe
  2⤵
  PID:7800
- C:\Windows\System\oCBEbHn.exe
  C:\Windows\System\oCBEbHn.exe
  2⤵
  PID:7816
- C:\Windows\System\BncyPVl.exe
  C:\Windows\System\BncyPVl.exe
  2⤵
  PID:7788
- C:\Windows\System\vQHytxf.exe
  C:\Windows\System\vQHytxf.exe
  2⤵
  PID:7880
- C:\Windows\System\EaoiAwf.exe
  C:\Windows\System\EaoiAwf.exe
  2⤵
  PID:7900
- C:\Windows\System\lgrzKXm.exe
  C:\Windows\System\lgrzKXm.exe
  2⤵
  PID:7920
- C:\Windows\System\SKsqsLR.exe
  C:\Windows\System\SKsqsLR.exe
  2⤵
  PID:7904
- C:\Windows\System\zsayjqI.exe
  C:\Windows\System\zsayjqI.exe
  2⤵
  PID:7996
- C:\Windows\System\nEIyuwW.exe
  C:\Windows\System\nEIyuwW.exe
  2⤵
  PID:8012
- C:\Windows\System\URByHCl.exe
  C:\Windows\System\URByHCl.exe
  2⤵
  PID:8040
- C:\Windows\System\fdxMBNh.exe
  C:\Windows\System\fdxMBNh.exe
  2⤵
  PID:8072
- C:\Windows\System\AsDFthE.exe
  C:\Windows\System\AsDFthE.exe
  2⤵
  PID:8188
- C:\Windows\System\LgmOPKA.exe
  C:\Windows\System\LgmOPKA.exe
  2⤵
  PID:8132
- C:\Windows\System\lIlqnDV.exe
  C:\Windows\System\lIlqnDV.exe
  2⤵
  PID:7196
- C:\Windows\System\myPBVhA.exe
  C:\Windows\System\myPBVhA.exe
  2⤵
  PID:8172
- C:\Windows\System\MAkgOnz.exe
  C:\Windows\System\MAkgOnz.exe
  2⤵
  PID:7104
- C:\Windows\System\TsIDbom.exe
  C:\Windows\System\TsIDbom.exe
  2⤵
  PID:7240
- C:\Windows\System\ZmJBOGr.exe
  C:\Windows\System\ZmJBOGr.exe
  2⤵
  PID:7328
- C:\Windows\System\AfeSaIS.exe
  C:\Windows\System\AfeSaIS.exe
  2⤵
  PID:7508
- C:\Windows\System\ArTNKlT.exe
  C:\Windows\System\ArTNKlT.exe
  2⤵
  PID:7624
- C:\Windows\System\sqxkRMq.exe
  C:\Windows\System\sqxkRMq.exe
  2⤵
  PID:7380
- C:\Windows\System\TGorMQG.exe
  C:\Windows\System\TGorMQG.exe
  2⤵
  PID:7636
- C:\Windows\System\aeeYJrS.exe
  C:\Windows\System\aeeYJrS.exe
  2⤵
  PID:7784
- C:\Windows\System\vSELyMy.exe
  C:\Windows\System\vSELyMy.exe
  2⤵
  PID:7764
- C:\Windows\System\kvFctLF.exe
  C:\Windows\System\kvFctLF.exe
  2⤵
  PID:7972
- C:\Windows\System\GmITAzA.exe
  C:\Windows\System\GmITAzA.exe
  2⤵
  PID:7916
- C:\Windows\System\DJAzdNB.exe
  C:\Windows\System\DJAzdNB.exe
  2⤵
  PID:7980
- C:\Windows\System\CVKXOyF.exe
  C:\Windows\System\CVKXOyF.exe
  2⤵
  PID:8080
- C:\Windows\System\ZbzTsbx.exe
  C:\Windows\System\ZbzTsbx.exe
  2⤵
  PID:1544
- C:\Windows\System\wiXYLxU.exe
  C:\Windows\System\wiXYLxU.exe
  2⤵
  PID:8168
- C:\Windows\System\IEUUBrQ.exe
  C:\Windows\System\IEUUBrQ.exe
  2⤵
  PID:7212
- C:\Windows\System\fESwlTm.exe
  C:\Windows\System\fESwlTm.exe
  2⤵
  PID:7464
- C:\Windows\System\XUwigWG.exe
  C:\Windows\System\XUwigWG.exe
  2⤵
  PID:8208
- C:\Windows\System\AazfaTQ.exe
  C:\Windows\System\AazfaTQ.exe
  2⤵
  PID:8232
- C:\Windows\System\uHEcPDp.exe
  C:\Windows\System\uHEcPDp.exe
  2⤵
  PID:8256
- C:\Windows\System\bHqONlF.exe
  C:\Windows\System\bHqONlF.exe
  2⤵
  PID:8280
- C:\Windows\System\dFZLUNN.exe
  C:\Windows\System\dFZLUNN.exe
  2⤵
  PID:8300
- C:\Windows\System\EGMEkLT.exe
  C:\Windows\System\EGMEkLT.exe
  2⤵
  PID:8324
- C:\Windows\System\IKooHRH.exe
  C:\Windows\System\IKooHRH.exe
  2⤵
  PID:8340
- C:\Windows\System\lyPgWTd.exe
  C:\Windows\System\lyPgWTd.exe
  2⤵
  PID:8356
- C:\Windows\System\smsArnx.exe
  C:\Windows\System\smsArnx.exe
  2⤵
  PID:8376
- C:\Windows\System\RHArAJL.exe
  C:\Windows\System\RHArAJL.exe
  2⤵
  PID:8416
- C:\Windows\System\HHsMmKH.exe
  C:\Windows\System\HHsMmKH.exe
  2⤵
  PID:8436
- C:\Windows\System\UpzVyrV.exe
  C:\Windows\System\UpzVyrV.exe
  2⤵
  PID:8452
- C:\Windows\System\WNafuwL.exe
  C:\Windows\System\WNafuwL.exe
  2⤵
  PID:8476
- C:\Windows\System\KKbhlJS.exe
  C:\Windows\System\KKbhlJS.exe
  2⤵
  PID:8492
- C:\Windows\System\OflcDgN.exe
  C:\Windows\System\OflcDgN.exe
  2⤵
  PID:8512
- C:\Windows\System\NzLjqON.exe
  C:\Windows\System\NzLjqON.exe
  2⤵
  PID:8540
- C:\Windows\System\JJTVDPC.exe
  C:\Windows\System\JJTVDPC.exe
  2⤵
  PID:8556
- C:\Windows\System\YCZRfKE.exe
  C:\Windows\System\YCZRfKE.exe
  2⤵
  PID:8576
- C:\Windows\System\KvRwiGb.exe
  C:\Windows\System\KvRwiGb.exe
  2⤵
  PID:8596
- C:\Windows\System\HfgwTuL.exe
  C:\Windows\System\HfgwTuL.exe
  2⤵
  PID:8616
- C:\Windows\System\utyalpi.exe
  C:\Windows\System\utyalpi.exe
  2⤵
  PID:8636
- C:\Windows\System\UmQbIKw.exe
  C:\Windows\System\UmQbIKw.exe
  2⤵
  PID:8660
- C:\Windows\System\naOndWv.exe
  C:\Windows\System\naOndWv.exe
  2⤵
  PID:8676
- C:\Windows\System\iTfXRLX.exe
  C:\Windows\System\iTfXRLX.exe
  2⤵
  PID:8820
- C:\Windows\System\krKfUTK.exe
  C:\Windows\System\krKfUTK.exe
  2⤵
  PID:8872
- C:\Windows\System\myYTzva.exe
  C:\Windows\System\myYTzva.exe
  2⤵
  PID:8888
- C:\Windows\System\mYRnurX.exe
  C:\Windows\System\mYRnurX.exe
  2⤵
  PID:8904
- C:\Windows\System\EIcWJKu.exe
  C:\Windows\System\EIcWJKu.exe
  2⤵
  PID:9004
- C:\Windows\System\KvkQAMi.exe
  C:\Windows\System\KvkQAMi.exe
  2⤵
  PID:9020
- C:\Windows\System\cnKZEdE.exe
  C:\Windows\System\cnKZEdE.exe
  2⤵
  PID:9040
- C:\Windows\System\MwBSLkw.exe
  C:\Windows\System\MwBSLkw.exe
  2⤵
  PID:9060
- C:\Windows\System\hFHYFHM.exe
  C:\Windows\System\hFHYFHM.exe
  2⤵
  PID:9080
- C:\Windows\System\WTaniow.exe
  C:\Windows\System\WTaniow.exe
  2⤵
  PID:9096
- C:\Windows\System\gGRYpGw.exe
  C:\Windows\System\gGRYpGw.exe
  2⤵
  PID:9116
- C:\Windows\System\xEzqyCQ.exe
  C:\Windows\System\xEzqyCQ.exe
  2⤵
  PID:9140
- C:\Windows\System\HSXVKQD.exe
  C:\Windows\System\HSXVKQD.exe
  2⤵
  PID:9160
- C:\Windows\System\hXQuMYG.exe
  C:\Windows\System\hXQuMYG.exe
  2⤵
  PID:9176
- C:\Windows\System\uHbVSjy.exe
  C:\Windows\System\uHbVSjy.exe
  2⤵
  PID:9196
- C:\Windows\System\ezpqckT.exe
  C:\Windows\System\ezpqckT.exe
  2⤵
  PID:7696
- C:\Windows\System\JEYETaH.exe
  C:\Windows\System\JEYETaH.exe
  2⤵
  PID:7604
- C:\Windows\System\ZfoqHrX.exe
  C:\Windows\System\ZfoqHrX.exe
  2⤵
  PID:8308
- C:\Windows\System\SAVNQUs.exe
  C:\Windows\System\SAVNQUs.exe
  2⤵
  PID:7848
- C:\Windows\System\DvbmjRJ.exe
  C:\Windows\System\DvbmjRJ.exe
  2⤵
  PID:8116
- C:\Windows\System\tncINNH.exe
  C:\Windows\System\tncINNH.exe
  2⤵
  PID:7836
- C:\Windows\System\vvofjQb.exe
  C:\Windows\System\vvofjQb.exe
  2⤵
  PID:388
- C:\Windows\System\bcumxOw.exe
  C:\Windows\System\bcumxOw.exe
  2⤵
  PID:7536
- C:\Windows\System\UujjfkE.exe
  C:\Windows\System\UujjfkE.exe
  2⤵
  PID:8224
- C:\Windows\System\ZyoFcMe.exe
  C:\Windows\System\ZyoFcMe.exe
  2⤵
  PID:8388
- C:\Windows\System\FeILSJF.exe
  C:\Windows\System\FeILSJF.exe
  2⤵
  PID:8404
- C:\Windows\System\wUPebvC.exe
  C:\Windows\System\wUPebvC.exe
  2⤵
  PID:8484
- C:\Windows\System\sfMXBCN.exe
  C:\Windows\System\sfMXBCN.exe
  2⤵
  PID:8528
- C:\Windows\System\MKLIdII.exe
  C:\Windows\System\MKLIdII.exe
  2⤵
  PID:2496
- C:\Windows\System\gxXwrlC.exe
  C:\Windows\System\gxXwrlC.exe
  2⤵
  PID:8644
- C:\Windows\System\WwVrWaT.exe
  C:\Windows\System\WwVrWaT.exe
  2⤵
  PID:8704
- C:\Windows\System\kJXUkNy.exe
  C:\Windows\System\kJXUkNy.exe
  2⤵
  PID:8720
- C:\Windows\System\kvoUETz.exe
  C:\Windows\System\kvoUETz.exe
  2⤵
  PID:8736
- C:\Windows\System\kXzYeus.exe
  C:\Windows\System\kXzYeus.exe
  2⤵
  PID:8752
- C:\Windows\System\PURbbWh.exe
  C:\Windows\System\PURbbWh.exe
  2⤵
  PID:8780
- C:\Windows\System\MSfSCUX.exe
  C:\Windows\System\MSfSCUX.exe
  2⤵
  PID:8796
- C:\Windows\System\tnXzMPG.exe
  C:\Windows\System\tnXzMPG.exe
  2⤵
  PID:8152
- C:\Windows\System\zfoDNYf.exe
  C:\Windows\System\zfoDNYf.exe
  2⤵
  PID:8200
- C:\Windows\System\rVMVmiH.exe
  C:\Windows\System\rVMVmiH.exe
  2⤵
  PID:8364
- C:\Windows\System\oHJPuIX.exe
  C:\Windows\System\oHJPuIX.exe
  2⤵
  PID:8204
- C:\Windows\System\zMQRzFz.exe
  C:\Windows\System\zMQRzFz.exe
  2⤵
  PID:8288
- C:\Windows\System\uaVcdyq.exe
  C:\Windows\System\uaVcdyq.exe
  2⤵
  PID:8428
- C:\Windows\System\AKJswMA.exe
  C:\Windows\System\AKJswMA.exe
  2⤵
  PID:8688
- C:\Windows\System\kogkBNO.exe
  C:\Windows\System\kogkBNO.exe
  2⤵
  PID:7364
- C:\Windows\System\yxQmwFN.exe
  C:\Windows\System\yxQmwFN.exe
  2⤵
  PID:7648
- C:\Windows\System\oISqfVK.exe
  C:\Windows\System\oISqfVK.exe
  2⤵
  PID:8584
- C:\Windows\System\vGogSxb.exe
  C:\Windows\System\vGogSxb.exe
  2⤵
  PID:8628
- C:\Windows\System\qBFbiuH.exe
  C:\Windows\System\qBFbiuH.exe
  2⤵
  PID:8828
- C:\Windows\System\nFqCxbW.exe
  C:\Windows\System\nFqCxbW.exe
  2⤵
  PID:8884
- C:\Windows\System\pdCkEjd.exe
  C:\Windows\System\pdCkEjd.exe
  2⤵
  PID:8920
- C:\Windows\System\CVJFnqk.exe
  C:\Windows\System\CVJFnqk.exe
  2⤵
  PID:2584
- C:\Windows\System\jyCMaic.exe
  C:\Windows\System\jyCMaic.exe
  2⤵
  PID:8932
- C:\Windows\System\rCIzFWR.exe
  C:\Windows\System\rCIzFWR.exe
  2⤵
  PID:8948
- C:\Windows\System\DsCBKLc.exe
  C:\Windows\System\DsCBKLc.exe
  2⤵
  PID:8968
- C:\Windows\System\PCVhuhb.exe
  C:\Windows\System\PCVhuhb.exe
  2⤵
  PID:8996
- C:\Windows\System\YLzalNA.exe
  C:\Windows\System\YLzalNA.exe
  2⤵
  PID:9032
- C:\Windows\System\zaaqSuI.exe
  C:\Windows\System\zaaqSuI.exe
  2⤵
  PID:9068
- C:\Windows\System\QNOLIqO.exe
  C:\Windows\System\QNOLIqO.exe
  2⤵
  PID:9108
- C:\Windows\System\rFeAVkX.exe
  C:\Windows\System\rFeAVkX.exe
  2⤵
  PID:9056
- C:\Windows\System\tKgZilc.exe
  C:\Windows\System\tKgZilc.exe
  2⤵
  PID:9128
- C:\Windows\System\PfjzOvz.exe
  C:\Windows\System\PfjzOvz.exe
  2⤵
  PID:9136
- C:\Windows\System\HGwtDVA.exe
  C:\Windows\System\HGwtDVA.exe
  2⤵
  PID:9168
- C:\Windows\System\YONJUCK.exe
  C:\Windows\System\YONJUCK.exe
  2⤵
  PID:9208
- C:\Windows\System\bMvOSTQ.exe
  C:\Windows\System\bMvOSTQ.exe
  2⤵
  PID:8320
- C:\Windows\System\ikcIcHa.exe
  C:\Windows\System\ikcIcHa.exe
  2⤵
  PID:7680
- C:\Windows\System\DrtyRSH.exe
  C:\Windows\System\DrtyRSH.exe
  2⤵
  PID:7532
- C:\Windows\System\piWiVtc.exe
  C:\Windows\System\piWiVtc.exe
  2⤵
  PID:8216
- C:\Windows\System\IWzAsoJ.exe
  C:\Windows\System\IWzAsoJ.exe
  2⤵
  PID:8348
- C:\Windows\System\RwhReug.exe
  C:\Windows\System\RwhReug.exe
  2⤵
  PID:8612
- C:\Windows\System\DsAZefo.exe
  C:\Windows\System\DsAZefo.exe
  2⤵
  PID:8712
- C:\Windows\System\idRWevR.exe
  C:\Windows\System\idRWevR.exe
  2⤵
  PID:8760
- C:\Windows\System\grhqhTS.exe
  C:\Windows\System\grhqhTS.exe
  2⤵
  PID:8768
- C:\Windows\System\SGJLRDu.exe
  C:\Windows\System\SGJLRDu.exe
  2⤵
  PID:8808
- C:\Windows\System\PPnDItl.exe
  C:\Windows\System\PPnDItl.exe
  2⤵
  PID:7176
- C:\Windows\System\YeNyIYQ.exe
  C:\Windows\System\YeNyIYQ.exe
  2⤵
  PID:8464
- C:\Windows\System\vBBKIQD.exe
  C:\Windows\System\vBBKIQD.exe
  2⤵
  PID:8504
- C:\Windows\System\KlYeRGL.exe
  C:\Windows\System\KlYeRGL.exe
  2⤵
  PID:8372
- C:\Windows\System\GBFzqLI.exe
  C:\Windows\System\GBFzqLI.exe
  2⤵
  PID:7744
- C:\Windows\System\BevqyPa.exe
  C:\Windows\System\BevqyPa.exe
  2⤵
  PID:8548
- C:\Windows\System\aVdDxxY.exe
  C:\Windows\System\aVdDxxY.exe
  2⤵
  PID:8928
- C:\Windows\System\BzIymOW.exe
  C:\Windows\System\BzIymOW.exe
  2⤵
  PID:8980
- C:\Windows\System\ImmmVXR.exe
  C:\Windows\System\ImmmVXR.exe
  2⤵
  PID:8812
- C:\Windows\System\VcquKSz.exe
  C:\Windows\System\VcquKSz.exe
  2⤵
  PID:2836
- C:\Windows\System\QLITiHz.exe
  C:\Windows\System\QLITiHz.exe
  2⤵
  PID:9012
- C:\Windows\System\STEGKrA.exe
  C:\Windows\System\STEGKrA.exe
  2⤵
  PID:9152
- C:\Windows\System\kkBCsEb.exe
  C:\Windows\System\kkBCsEb.exe
  2⤵
  PID:9188
- C:\Windows\System\wIJeKLL.exe
  C:\Windows\System\wIJeKLL.exe
  2⤵
  PID:7812
- C:\Windows\System\FnbnqTy.exe
  C:\Windows\System\FnbnqTy.exe
  2⤵
  PID:8140
- C:\Windows\System\zTajeyc.exe
  C:\Windows\System\zTajeyc.exe
  2⤵
  PID:8312
- C:\Windows\System\RcPbczB.exe
  C:\Windows\System\RcPbczB.exe
  2⤵
  PID:8104
- C:\Windows\System\jMZmSjh.exe
  C:\Windows\System\jMZmSjh.exe
  2⤵
  PID:8448
- C:\Windows\System\KKdlgaE.exe
  C:\Windows\System\KKdlgaE.exe
  2⤵
  PID:8652
- C:\Windows\System\DqkkiaQ.exe
  C:\Windows\System\DqkkiaQ.exe
  2⤵
  PID:8700
- C:\Windows\System\eVNmURO.exe
  C:\Windows\System\eVNmURO.exe
  2⤵
  PID:8776
- C:\Windows\System\ieVvfQx.exe
  C:\Windows\System\ieVvfQx.exe
  2⤵
  PID:8252
- C:\Windows\System\FRSKrLB.exe
  C:\Windows\System\FRSKrLB.exe
  2⤵
  PID:8368
- C:\Windows\System\neaFTvM.exe
  C:\Windows\System\neaFTvM.exe
  2⤵
  PID:8592
- C:\Windows\System\iaXXKlQ.exe
  C:\Windows\System\iaXXKlQ.exe
  2⤵
  PID:8468
- C:\Windows\System\fOLNMMh.exe
  C:\Windows\System\fOLNMMh.exe
  2⤵
  PID:8240
- C:\Windows\System\HfhiKEV.exe
  C:\Windows\System\HfhiKEV.exe
  2⤵
  PID:8924
- C:\Windows\System\wplUYut.exe
  C:\Windows\System\wplUYut.exe
  2⤵
  PID:8912
- C:\Windows\System\QRGWAYx.exe
  C:\Windows\System\QRGWAYx.exe
  2⤵
  PID:8960
- C:\Windows\System\wPcPfQP.exe
  C:\Windows\System\wPcPfQP.exe
  2⤵
  PID:8352
- C:\Windows\System\BLEMgxw.exe
  C:\Windows\System\BLEMgxw.exe
  2⤵
  PID:8220
- C:\Windows\System\VzBaIzd.exe
  C:\Windows\System\VzBaIzd.exe
  2⤵
  PID:8400
- C:\Windows\System\XLYStSz.exe
  C:\Windows\System\XLYStSz.exe
  2⤵
  PID:8508
- C:\Windows\System\UPELczf.exe
  C:\Windows\System\UPELczf.exe
  2⤵
  PID:8332
- C:\Windows\System\EoLojkY.exe
  C:\Windows\System\EoLojkY.exe
  2⤵
  PID:8764
- C:\Windows\System\lZrgUds.exe
  C:\Windows\System\lZrgUds.exe
  2⤵
  PID:8500
- C:\Windows\System\DoDqoDR.exe
  C:\Windows\System\DoDqoDR.exe
  2⤵
  PID:8992
- C:\Windows\System\eubgIYY.exe
  C:\Windows\System\eubgIYY.exe
  2⤵
  PID:7500
- C:\Windows\System\zmaEeSN.exe
  C:\Windows\System\zmaEeSN.exe
  2⤵
  PID:9156
- C:\Windows\System\GcokZkD.exe
  C:\Windows\System\GcokZkD.exe
  2⤵
  PID:8316
- C:\Windows\System\HYeUhIJ.exe
  C:\Windows\System\HYeUhIJ.exe
  2⤵
  PID:8268
- C:\Windows\System\KDiVYfA.exe
  C:\Windows\System\KDiVYfA.exe
  2⤵
  PID:8536
- C:\Windows\System\tIKPSWl.exe
  C:\Windows\System\tIKPSWl.exe
  2⤵
  PID:8552
- C:\Windows\System\qhZkNgs.exe
  C:\Windows\System\qhZkNgs.exe
  2⤵
  PID:8296
- C:\Windows\System\eduNdeY.exe
  C:\Windows\System\eduNdeY.exe
  2⤵
  PID:8916
- C:\Windows\System\ixGxbXM.exe
  C:\Windows\System\ixGxbXM.exe
  2⤵
  PID:9076
- C:\Windows\System\dhJTyFq.exe
  C:\Windows\System\dhJTyFq.exe
  2⤵
  PID:8692
- C:\Windows\System\uFzWOKT.exe
  C:\Windows\System\uFzWOKT.exe
  2⤵
  PID:8880
- C:\Windows\System\MrIFPzS.exe
  C:\Windows\System\MrIFPzS.exe
  2⤵
  PID:996
- C:\Windows\System\lxbBJec.exe
  C:\Windows\System\lxbBJec.exe
  2⤵
  PID:8412
- C:\Windows\System\JlPCspy.exe
  C:\Windows\System\JlPCspy.exe
  2⤵
  PID:8668
- C:\Windows\System\KHbZMKb.exe
  C:\Windows\System\KHbZMKb.exe
  2⤵
  PID:8728
- C:\Windows\System\bleeuMN.exe
  C:\Windows\System\bleeuMN.exe
  2⤵
  PID:8264
- C:\Windows\System\JtEbrcw.exe
  C:\Windows\System\JtEbrcw.exe
  2⤵
  PID:9192
- C:\Windows\System\CymYAcQ.exe
  C:\Windows\System\CymYAcQ.exe
  2⤵
  PID:9232
- C:\Windows\System\PvjlqTh.exe
  C:\Windows\System\PvjlqTh.exe
  2⤵
  PID:9252
- C:\Windows\System\XCzGJGN.exe
  C:\Windows\System\XCzGJGN.exe
  2⤵
  PID:9268
- C:\Windows\System\rPULcia.exe
  C:\Windows\System\rPULcia.exe
  2⤵
  PID:9292
- C:\Windows\System\gYoSerw.exe
  C:\Windows\System\gYoSerw.exe
  2⤵
  PID:9308
- C:\Windows\System\eRsyhJh.exe
  C:\Windows\System\eRsyhJh.exe
  2⤵
  PID:9328
- C:\Windows\System\cmMRepJ.exe
  C:\Windows\System\cmMRepJ.exe
  2⤵
  PID:9348
- C:\Windows\System\ZrxvUJf.exe
  C:\Windows\System\ZrxvUJf.exe
  2⤵
  PID:9368
- C:\Windows\System\AIOYcVG.exe
  C:\Windows\System\AIOYcVG.exe
  2⤵
  PID:9388
- C:\Windows\System\ACtKAIx.exe
  C:\Windows\System\ACtKAIx.exe
  2⤵
  PID:9408
- C:\Windows\System\BNxnGUe.exe
  C:\Windows\System\BNxnGUe.exe
  2⤵
  PID:9424
- C:\Windows\System\sgqOVxy.exe
  C:\Windows\System\sgqOVxy.exe
  2⤵
  PID:9440
- C:\Windows\System\uktCVYP.exe
  C:\Windows\System\uktCVYP.exe
  2⤵
  PID:9456
- C:\Windows\System\AhyxiXp.exe
  C:\Windows\System\AhyxiXp.exe
  2⤵
  PID:9480
- C:\Windows\System\vYnbBJk.exe
  C:\Windows\System\vYnbBJk.exe
  2⤵
  PID:9496
- C:\Windows\System\yrIFZsQ.exe
  C:\Windows\System\yrIFZsQ.exe
  2⤵
  PID:9516
- C:\Windows\System\tYDDoAI.exe
  C:\Windows\System\tYDDoAI.exe
  2⤵
  PID:9536
- C:\Windows\System\DtAMpga.exe
  C:\Windows\System\DtAMpga.exe
  2⤵
  PID:9552
- C:\Windows\System\hbkbaJb.exe
  C:\Windows\System\hbkbaJb.exe
  2⤵
  PID:9592
- C:\Windows\System\jSQtRGv.exe
  C:\Windows\System\jSQtRGv.exe
  2⤵
  PID:9616
- C:\Windows\System\jXolnes.exe
  C:\Windows\System\jXolnes.exe
  2⤵
  PID:9632
- C:\Windows\System\nUKFxpU.exe
  C:\Windows\System\nUKFxpU.exe
  2⤵
  PID:9652
- C:\Windows\System\nVIQfgb.exe
  C:\Windows\System\nVIQfgb.exe
  2⤵
  PID:9676
- C:\Windows\System\dCMSyRH.exe
  C:\Windows\System\dCMSyRH.exe
  2⤵
  PID:9692
- C:\Windows\System\ClcEzQQ.exe
  C:\Windows\System\ClcEzQQ.exe
  2⤵
  PID:9708
- C:\Windows\System\TzDcwmw.exe
  C:\Windows\System\TzDcwmw.exe
  2⤵
  PID:9728
- C:\Windows\System\OAcnySx.exe
  C:\Windows\System\OAcnySx.exe
  2⤵
  PID:9752
- C:\Windows\System\ZVlgKRZ.exe
  C:\Windows\System\ZVlgKRZ.exe
  2⤵
  PID:9772
- C:\Windows\System\iItKrHU.exe
  C:\Windows\System\iItKrHU.exe
  2⤵
  PID:9796
- C:\Windows\System\LbeOIzn.exe
  C:\Windows\System\LbeOIzn.exe
  2⤵
  PID:9816
- C:\Windows\System\FqYKKUI.exe
  C:\Windows\System\FqYKKUI.exe
  2⤵
  PID:9832
- C:\Windows\System\wbDHMIn.exe
  C:\Windows\System\wbDHMIn.exe
  2⤵
  PID:9860
- C:\Windows\System\iPQXJDi.exe
  C:\Windows\System\iPQXJDi.exe
  2⤵
  PID:9876
- C:\Windows\System\vVjCFUu.exe
  C:\Windows\System\vVjCFUu.exe
  2⤵
  PID:9900
- C:\Windows\System\tJSvWug.exe
  C:\Windows\System\tJSvWug.exe
  2⤵
  PID:9916
- C:\Windows\System\jKGYiNf.exe
  C:\Windows\System\jKGYiNf.exe
  2⤵
  PID:9936
- C:\Windows\System\vyFpOBk.exe
  C:\Windows\System\vyFpOBk.exe
  2⤵
  PID:9956
- C:\Windows\System\GhccihT.exe
  C:\Windows\System\GhccihT.exe
  2⤵
  PID:9976
- C:\Windows\System\IXpSIoV.exe
  C:\Windows\System\IXpSIoV.exe
  2⤵
  PID:10004
- C:\Windows\System\SkaEZLH.exe
  C:\Windows\System\SkaEZLH.exe
  2⤵
  PID:10020
- C:\Windows\System\kwnLdsI.exe
  C:\Windows\System\kwnLdsI.exe
  2⤵
  PID:10040
- C:\Windows\System\UNsvuTU.exe
  C:\Windows\System\UNsvuTU.exe
  2⤵
  PID:10060
- C:\Windows\System\KDWtwsh.exe
  C:\Windows\System\KDWtwsh.exe
  2⤵
  PID:10076
- C:\Windows\System\rproyiU.exe
  C:\Windows\System\rproyiU.exe
  2⤵
  PID:10096
- C:\Windows\System\urxQIoe.exe
  C:\Windows\System\urxQIoe.exe
  2⤵
  PID:10112
- C:\Windows\System\bVboNMN.exe
  C:\Windows\System\bVboNMN.exe
  2⤵
  PID:10128
- C:\Windows\System\lOVFStX.exe
  C:\Windows\System\lOVFStX.exe
  2⤵
  PID:10144
- C:\Windows\System\UhYoBAp.exe
  C:\Windows\System\UhYoBAp.exe
  2⤵
  PID:10164
- C:\Windows\System\IboiUKi.exe
  C:\Windows\System\IboiUKi.exe
  2⤵
  PID:10180
- C:\Windows\System\aBMCEDl.exe
  C:\Windows\System\aBMCEDl.exe
  2⤵
  PID:10196
- C:\Windows\System\eFMtuyd.exe
  C:\Windows\System\eFMtuyd.exe
  2⤵
  PID:8976
- C:\Windows\System\SfEbGnO.exe
  C:\Windows\System\SfEbGnO.exe
  2⤵
  PID:9244
- C:\Windows\System\NNdbObU.exe
  C:\Windows\System\NNdbObU.exe
  2⤵
  PID:9280
- C:\Windows\System\NRvePGZ.exe
  C:\Windows\System\NRvePGZ.exe
  2⤵
  PID:9104
- C:\Windows\System\eHDjozL.exe
  C:\Windows\System\eHDjozL.exe
  2⤵
  PID:9340
- C:\Windows\System\WLGKPhy.exe
  C:\Windows\System\WLGKPhy.exe
  2⤵
  PID:9360
- C:\Windows\System\RbsiLob.exe
  C:\Windows\System\RbsiLob.exe
  2⤵
  PID:9400
- C:\Windows\System\yDLpBwL.exe
  C:\Windows\System\yDLpBwL.exe
  2⤵
  PID:9464
- C:\Windows\System\eFVwrZX.exe
  C:\Windows\System\eFVwrZX.exe
  2⤵
  PID:9488
- C:\Windows\System\zDUgmiU.exe
  C:\Windows\System\zDUgmiU.exe
  2⤵
  PID:9504
- C:\Windows\System\vHQQvWE.exe
  C:\Windows\System\vHQQvWE.exe
  2⤵
  PID:9528
- C:\Windows\System\VNHoHxB.exe
  C:\Windows\System\VNHoHxB.exe
  2⤵
  PID:9580
- C:\Windows\System\fRZZfLo.exe
  C:\Windows\System\fRZZfLo.exe
  2⤵
  PID:9600
- C:\Windows\System\gYmhyqu.exe
  C:\Windows\System\gYmhyqu.exe
  2⤵
  PID:9628
- C:\Windows\System\xelHcAv.exe
  C:\Windows\System\xelHcAv.exe
  2⤵
  PID:9664
- C:\Windows\System\uxdaUZO.exe
  C:\Windows\System\uxdaUZO.exe
  2⤵
  PID:9700
- C:\Windows\System\ZQDVRAY.exe
  C:\Windows\System\ZQDVRAY.exe
  2⤵
  PID:9720
- C:\Windows\System\BWDedHV.exe
  C:\Windows\System\BWDedHV.exe
  2⤵
  PID:9768
- C:\Windows\System\hpYMgTj.exe
  C:\Windows\System\hpYMgTj.exe
  2⤵
  PID:9792
- C:\Windows\System\iEypSLY.exe
  C:\Windows\System\iEypSLY.exe
  2⤵
  PID:9824
- C:\Windows\System\QpBfTOp.exe
  C:\Windows\System\QpBfTOp.exe
  2⤵
  PID:9884
- C:\Windows\System\aPFBJZx.exe
  C:\Windows\System\aPFBJZx.exe
  2⤵
  PID:9908
- C:\Windows\System\kRvtxmW.exe
  C:\Windows\System\kRvtxmW.exe
  2⤵
  PID:9932
- C:\Windows\System\kKTyMbI.exe
  C:\Windows\System\kKTyMbI.exe
  2⤵
  PID:9984
- C:\Windows\System\MjTHjJM.exe
  C:\Windows\System\MjTHjJM.exe
  2⤵
  PID:10000
- C:\Windows\System\bmglPZP.exe
  C:\Windows\System\bmglPZP.exe
  2⤵
  PID:10028
- C:\Windows\System\CbrqfYA.exe
  C:\Windows\System\CbrqfYA.exe
  2⤵
  PID:10056
- C:\Windows\System\aiIelbx.exe
  C:\Windows\System\aiIelbx.exe
  2⤵
  PID:10092
- C:\Windows\System\jYBhaGn.exe
  C:\Windows\System\jYBhaGn.exe
  2⤵
  PID:10188
- C:\Windows\System\kfNnIzR.exe
  C:\Windows\System\kfNnIzR.exe
  2⤵
  PID:10140
- C:\Windows\System\cQFZNLW.exe
  C:\Windows\System\cQFZNLW.exe
  2⤵
  PID:10208
- C:\Windows\System\HOVzQbS.exe
  C:\Windows\System\HOVzQbS.exe
  2⤵
  PID:10236
- C:\Windows\System\LQATfPu.exe
  C:\Windows\System\LQATfPu.exe
  2⤵
  PID:9248
- C:\Windows\System\souPjpr.exe
  C:\Windows\System\souPjpr.exe
  2⤵
  PID:9344
- C:\Windows\System\weayBKT.exe
  C:\Windows\System\weayBKT.exe
  2⤵
  PID:9404
- C:\Windows\System\nzMjCyD.exe
  C:\Windows\System\nzMjCyD.exe
  2⤵
  PID:9476
- C:\Windows\System\DjzHAPR.exe
  C:\Windows\System\DjzHAPR.exe
  2⤵
  PID:9380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AVbIDHh.exe

Filesize
6.0MB

MD5
4ea5dc3fcfb34739f4aa12aa4369f1de

SHA1
6f5df95335cc1d63dfbda26591d63c629f8959d0

SHA256
f0d9220a62668387e3a231d83b743c7d6aabf1b3cf549e7dcca13d0c999ea44f

SHA512
fb3617cf4e046564785b7cff27b95993271525d678b462c6ce8a73553666d8d335bd1215e87bc033326de90ea98d2505e332d54d3d6c1abe70859952dd59ec5a

Download Submit
C:\Windows\system\BXbwYHx.exe

Filesize
6.0MB

MD5
44b7c0af5a6d547a924d0f87d20b1083

SHA1
8c0cb4d7a61ab90fbd91d1c6262537dbcdeb7444

SHA256
a546a1f7a95399c7c4e8d6d8e1b02297d1475eb68365811d21ee0478261eaffa

SHA512
4333246be06c39ef6189712595f0c44ccf6fd8ab7b8eae63937700debc4c82bc935a7426c12b3bd038b36412ac48f0c5b2ced0b40afb612648e75a2ffb7566a6

Download Submit
C:\Windows\system\EvEhSuI.exe

Filesize
6.0MB

MD5
dad0571157528d0b0618889e0a0edd12

SHA1
9a3867a42d00fd8bd2fb150dfba95011782ce465

SHA256
b358718570e3cf691ad607f7183a2da90e134b9e2fd1218e429cd9dca6784159

SHA512
1b4f511f769f74502a43d22e24dee4fcd615580892bad2391bba933fda124faf1b18466f87ea475811136c86d5e4a39f326bd40793cc697c6b54a0002d22709d

Download Submit
C:\Windows\system\EviEQjK.exe

Filesize
6.0MB

MD5
256d15452e615ed90e702a85bad8df90

SHA1
37f9ab5079bc8158c970b3dcde0e102f6dd3e597

SHA256
919afa07ae90ae4bd9004bfe122822f6dc89adaeb68af0b731177a7deb103fa5

SHA512
5d1e03f3b2e5b45b7752d2b4b405e38dee8a60577e07fdb7a80c51bd1434f3d4a2783d3c7ca24785a036ec4a4f7b2514b6bddcaba364167441a552a4ec9b3248

Download Submit
C:\Windows\system\FLXszuO.exe

Filesize
6.0MB

MD5
b7516fd8ae35929481feb785fe56dbe2

SHA1
5544581879912a194e192207e3710b27cc58797c

SHA256
4991321d648282a6b8a027ab995f27b4e505bd7c99ecac07ad3669801909c44d

SHA512
7b4966ce67397f68113622788627e8492adcfbe047368f42cb4b254e37a8f8e84c52de4dd8aa8862a436cfd2c4489b452f184516a1dbcab4235a5a9234a88e0a

Download Submit
C:\Windows\system\FecGwNR.exe

Filesize
6.0MB

MD5
1ff281ab3ebb131a44c79fd265e83e21

SHA1
c54544907a6e6a129ebcc7b6f4375cf95d8fdd44

SHA256
c36cca221863f894666506e080035156bf36a47cd4fa46b574121b16b5989309

SHA512
52f750e6bc12afc8fc30fec89857e4c55c1528cc6bb6915551c1fc41cff941e0c71c58ce3cdb8d895ae4bd9c515ee989f419a2ac1d9447c582b29eff059aa5c3

Download Submit
C:\Windows\system\IMGMsWl.exe

Filesize
6.0MB

MD5
3a21619ec0060c1d9e8e1d59aad7f149

SHA1
09c341c018ab7670dc6544743b8efbf5380d2479

SHA256
e14d19b56634459c38bf9df32029a80fccbb86bbd067d405fc50554438fb7a7c

SHA512
7c1ae642cae42775fa96d43f29af1068b30443b50acfddc09c42b9fbb27051086145c76f93201e7028eb898066f916df44d412304317214dc1d8beac1c99aa2a

Download Submit
C:\Windows\system\JyKFDrP.exe

Filesize
6.0MB

MD5
632b5ce703c3b86d54f6f23c004c9a8d

SHA1
c815e354b39291d8c11dd00fdae8871e895879d6

SHA256
7bc696b679e100cd400935ed5663dcd6acc4ad7ab806bb40791bcc39b52aa14d

SHA512
998477c9cc2c09506e7fe2c90add6a9f0185c565f161b8d37a0455b77bffbf7e431974e356f720a7d3ef0dcac91e9810d867dd5ff9c2002613e01f2ad09f7d60

Download Submit
C:\Windows\system\OoVInAN.exe

Filesize
6.0MB

MD5
b1652e68cd91871a6f24e865f4471b82

SHA1
c11120fa4a3430e5db9cbe35be687abb64875ea7

SHA256
393389aa44931425172df6234b56cabf46755b7ebaa90a992a292bc70f151596

SHA512
8dff5291bccf12fa1e7a15ecb79ebeae697b8832e6d990bc676133f85947a0c06347abf1e7c527c00c2216edd0eaea7b8a75e17d0678cf329a383f55e74da762

Download Submit
C:\Windows\system\PupdDyu.exe

Filesize
8B

MD5
f57d602e9bc509314beb8d317da9d207

SHA1
d8e6f7fde8fd7b44928fbd638ec69fbc2299a6d4

SHA256
345de527950310747e4332a4b582a4add27c62d9370984a08a6204dd7c0f834b

SHA512
557d9ec25aa54e42f15276357fab20fb924a3c64906176506aa1b8cc6b3538edeeacda3d5cac0d3d88cca0c1cf790573e10c1e2f8f82a7d99b7ef9455b37c70b

Download Submit
C:\Windows\system\RugCCia.exe

Filesize
6.0MB

MD5
005966887dd48b1e875b4cf8a3f733a2

SHA1
01cc41a15cf5dd551415d646c846d095ecf04fc9

SHA256
0890752ff31d0d026950df0a2044bdde2cacaa74a8f8ad7c8d19975fdaf230a5

SHA512
bca711423bce230a0a28d109c6ef378c5f0863af11b950db1b330b3e5e3d169193b9cda47676f9ef5444fa38ec76f13535b0a5ce33d1dc5eef680ab6b2cbf5e0

Download Submit
C:\Windows\system\VCZXVdT.exe

Filesize
6.0MB

MD5
859f6d6227b53b0b9a57b88b129f3a30

SHA1
4b4fe698f0ff355ca5519fd48a1acf6eeee2104c

SHA256
ecb32c0506705afca5d959a993968233110071da5dd242a8c09d038f9a8d7ce8

SHA512
bade6d4c317d4a1c542b521ef45ae0a26ddf8d2975aa55ad0a1fe32490d793ab458d5e4bd6d0985bb111ae47edc934a4ecd8f4aaa1d73732949b87eab9e0a690

Download Submit
C:\Windows\system\XuFwXdW.exe

Filesize
6.0MB

MD5
0b9fa72f018f9cd64ddd8b07b44a859d

SHA1
678aa6b7b23c3edb58b6aa85b16f4b9d71d02e07

SHA256
2f54d57d5350a6fded0713e30a83be4b044a6bc04eb2ec58db7f566083f71583

SHA512
e78d143b030c430089d8be4e4b4404ae2799a3964919fe910a743357eebead3bbc481519da26140718eb323333346c534ea0e89acaa7a780e0bd4120f21bd0c0

Download Submit
C:\Windows\system\YgTAvpI.exe

Filesize
6.0MB

MD5
f6191cccab9a08423eea09f897c6d5ce

SHA1
00bf5de2a84d0059ac21938aee3ad53dfff65198

SHA256
30d36f1c53bb060e885a308b2b9132bd63a0708141b318f19b02e0801eb75f49

SHA512
424e3208b95349043555540912af8c57ab61309d6be90495e6986d2af9d626abbc5bfe61bbc8392dfecc118c007089e67ffdcb9f86787f29f45f9aacc36829fe

Download Submit
C:\Windows\system\bzGUkma.exe

Filesize
6.0MB

MD5
365b6036cd3e788d7449213f24f0e8b3

SHA1
4899495040cccbfe4d7ac6b2b79eb9498f1ccae0

SHA256
91d940164580f7a5154f1ec4aa3ebb9f0bcbfae9132aa6ce6990601e5277804f

SHA512
72e2cd972c21662e7bde66234292a7efa594042813118afabf390ebe90f36d5ce6ccd3cd81043bbdfa2d8fe86de4ec06319dc59fabaf02306f07216341e081b4

Download Submit
C:\Windows\system\fFGPiZB.exe

Filesize
6.0MB

MD5
65e8c889b12daa9f27e878cf9fa0e020

SHA1
2cc9a7c088b3cd0e29030dc5f1109c387ee99eb5

SHA256
a86ffbbbfc9e56c52050688f253fd9162008ee101a62571ba13dbbaa1dcd00dc

SHA512
c7d9ee3beda0df6fd34c70f8c038b8de35ef6b78b0b4d7a90c676e848c19b3884340db28ad8bbfc3735dc8a0e29b0831702d696e1720c97556eb743dcdbd284e

Download Submit
C:\Windows\system\fKcHaof.exe

Filesize
6.0MB

MD5
eed99957927f06e821c417d862efa3f2

SHA1
846106e8dc95118873e24b634133d3627efe3e71

SHA256
c3d6e4ca56578617ca8fd59e6e013a2c462564906f20b67154afc5ef03db7c4d

SHA512
47d0a50d79d534a674501af54331f7f1b1cf3fd74ef4559158f62af81f0564a846a4428251093790cec7f7ca61bd63c69e89cd619730af6e231b0bca86f3819e

Download Submit
C:\Windows\system\gotXPHc.exe

Filesize
6.0MB

MD5
939d4c68031e0405eba2e91f3413243a

SHA1
cfd442f3d1f921e73485f63ecbac65f66e7d8b86

SHA256
9882da3c2e00744b950294e67560a30cc203bee90e0efd38be4c791d04c10472

SHA512
b735d9ea44f14e10e8c276e9bce6d702dd2239894c8cb1da0f904445eb0c28e35f18609cdc816060081e4df60ab72920199d2cc477b522e2009faaa9bb604a86

Download Submit
C:\Windows\system\ieyiQiU.exe

Filesize
6.0MB

MD5
8f8f71793315018ede83d1f4425aecd0

SHA1
ebec082425ed148c00d45ba2601f217fbb03c0f7

SHA256
55d6d18cd3757c293850db7531f19b27b1c5833111aff97d86b7c50119df85ac

SHA512
1f04ef5738b94d0a6b06f8ef4a0c82f0e1cb6a11d500c3136b4e8c656d63f9234f5c97fa10861385b82c207007aafd6a4680c8d465bba2786d603e9b1e966778

Download Submit
C:\Windows\system\nGfGCwT.exe

Filesize
6.0MB

MD5
2a8434e4647ba30c59498d892f595a13

SHA1
5d35a6c588bc77efcb20b99edfdfcaf32a141b73

SHA256
088f1a7375e717c3d76ec0db8f4d1e6af2d9574c0685636870450632ebbbece8

SHA512
76d11885cdeaca428cf27012eec5eb1f3f7153e1c23e8ae3cf37a524381e70502ceee1926c28701b38df0d02e815b57c65a78657442664b0886484f6179cdfa5

Download Submit
C:\Windows\system\nPYOHUM.exe

Filesize
6.0MB

MD5
614157b16756ae06e9abf5b6808ac9a1

SHA1
bb19c5498e3799cdc32def722efe66bc2767552b

SHA256
cf1c0566476d2565c1aa24854acd6765b9bfee04f38eb1549a821c0017024441

SHA512
08d3d2185d73c3ae8b8eb26952bada422f1d11c8c992617ce1c1fec33abdeabf1200f46229cce508a33a4cac285e58bae5bb0a933ca6bdc074f80520ccc75187

Download Submit
C:\Windows\system\qHdvTVQ.exe

Filesize
6.0MB

MD5
cad006ef54a3306adfcac2f3614446b2

SHA1
d035f1e3663e8031e59ccec964745d5bbe3ac642

SHA256
b26c8f50c8bca4fa08cf818bb4d653b478874cec447ba96d4c8e405e4dd2c1e1

SHA512
146137368e678a3cd8e8ecb891903b9bbba4016f0a6da95ea8549f6cc5dfb23f5ac522078e6adbca2d730d42a767deca504b5b12a8a39c081f42a43f3dc18a81

Download Submit
C:\Windows\system\rFjveiR.exe

Filesize
6.0MB

MD5
ff2f1085f810b0002d791321e3f14b62

SHA1
9d9b260418253b578d482d0611f656c6033dc674

SHA256
675f69f12161f99b732dc66e7b5415b25f78df479fbcce9cfcb9ba78dfc04e91

SHA512
099aba1aa00d2a466f4dd3c8cfe3015b463fa631a1a33fd735cef0b09039d37feeb51d6af2ff7cd567668d416b844729b38d8913d6071c1f9f60cc44c6927aaa

Download Submit
C:\Windows\system\ruJEnLx.exe

Filesize
6.0MB

MD5
8db68b0a02d9261a183bcc15ca2c3419

SHA1
cbaeecaa971c0875368f5993aaabcc8c3733683c

SHA256
9e7bbe9fa12b2dd404bde612089b7b308cdbea7ce9b269292107751ecab73298

SHA512
4734d103a884fb28a7c5c92fca04f2ce885c9cb7cae0f3cc86d8badf6cf21099f45d138121cc954cfd0e8fb04dd6b7dcb2bc70cfd10b0b26b907026bb7d728ff

Download Submit
C:\Windows\system\tLLNguH.exe

Filesize
6.0MB

MD5
87ba67351d1f790fa4135c1747cc4a49

SHA1
b84f54365563608226049263f712387de0a9817c

SHA256
dd4b24e04804fe21090aa504cd4e69aeeca9292ab36501f8f244bad3f93307d2

SHA512
6ac3bb73e97787559d92d2fc7470a9247eaa62511ba52eb678077488c49632c617641965b4e13a7299155811746e6af068625d20fc71674fd5016dfcb018c9e2

Download Submit
C:\Windows\system\wYYEkqZ.exe

Filesize
6.0MB

MD5
8844b22fca1547ae1e8d7a12ddce767b

SHA1
2d766bb2285deb37327e34e3ba57513a2e6d515e

SHA256
ea1bb2efe38c6030967c82c871c1f4c81026960158ce3b48bd71df184206fb23

SHA512
f10b538f13f5ed66b8a35819eef4be96bf668dcf0ac677987c0b4352741dffb52b0c08e1c254b60c3cfdaa50b50773afbaa8da621e320dab787fe81e133a8fab

Download Submit
C:\Windows\system\xVPUjtU.exe

Filesize
6.0MB

MD5
ff3771fcfdb2875849b2c60eebabdbbe

SHA1
af1f65de1094f9acf9be0aea67548e2975bdf5ea

SHA256
415554f3c966b964a8752fed7882f3b2ed0109ad32b0c71a9bfe4bbdba5ef780

SHA512
6a6f0f6536213c6284bf60e03a0b1cc1c79593629706cd87cb4784a3adf1294d738f7ff322794da3846438b5027a6d9084854ea4b4e282d9e76b3ec062e8ce7c

Download Submit
\Windows\system\FQgVbCE.exe

Filesize
6.0MB

MD5
f3581b9147d90706971da09b9bd9e712

SHA1
b3cdeadd3bee4269ccd58152d6a38d3b6df78e04

SHA256
a607c8da9139047879297bdb09fa644752d20c96bce79cdb160a56a4df67621c

SHA512
e2c3b1b2a373fa8f5ac4416ce883cc1b61d2335951e98b3f0d3325f913a14b73cc07f0ad6051e1a682bd3e508dde1fa409f71bfb590b4dc14301459248d709c2

Download Submit
\Windows\system\MYStBXc.exe

Filesize
6.0MB

MD5
7a6f8c3413369d415676a6e96a9a8e20

SHA1
90f15edeea6a847a91ab5373bd93254c4428129d

SHA256
f82bc1e1514f2328bf41f5a9c268e84184902f97f7f7cc6ed53d7d31ab17328a

SHA512
30097bea7bbe2be159a2169325de1009189ce9cdab17e1669ffd99b9ebfff062bd3b2359a9d9424adb745ef9ef442204329ec071b70610f1ebc9351ce8c89b7b

Download Submit
\Windows\system\qnVMout.exe

Filesize
6.0MB

MD5
75870f1fd4c4a800f839ea500caf5b44

SHA1
f54fbf423966756079ee2ecd2bc9f49d6b3cfa42

SHA256
a7d0323ecd6458f337299099bc7b5c12adfc66df8a69680b2985a3f046c83e90

SHA512
e790554de14b7e200760af030a3d41e66a02410bbad1690cf3e76d12ffee4937bf352ec280b625f6938a9710e0d445c2df9c60c229d1386dad2c505f7963082c

Download Submit
\Windows\system\syOVSxD.exe

Filesize
6.0MB

MD5
4a8ae3a5f17eb7256c7b92ce106beacd

SHA1
a338affeaaf9b1268c2c04e70832d30f64186572

SHA256
50f12a51a7f3a3c6581057af1b64f7b068d81772dcc63a55d9c166b73c7d8157

SHA512
696f84dfe2044629cb9d3b80d35d232a6995f0b850b2c980a6b1bb8972d2a5ac9472ad25fba4f85a3b1cf21b7c9911b429082e1e8721e648d66fa60645ca9df0

Download Submit
\Windows\system\xZJjEWO.exe

Filesize
6.0MB

MD5
edd9daa7a76a57553b323a7ae3550a22

SHA1
e73d0796c28a1e78e4f7a6e13aa266ac11955b47

SHA256
c1f7d0db4e4fc7b66cc501834523edc677507da8b084b874e449937b9f6fdd42

SHA512
cf7bab759ced826cfebd5bab27d847ffd612a4239140728fdd00af979208566bc8ffaa410f8cd30216e60bb6088adb14565236f0c8599c18200d1a1180ec33e0

Download Submit
\Windows\system\zgiLOaT.exe

Filesize
6.0MB

MD5
417924217a2b7c56f590597ae582b4b7

SHA1
72b66455d28f00adbfdb8d7b58d90fcee000d876

SHA256
8a9e646991ea99773b014400ebb869cc2cecb212644b081f69fd4e7709178035

SHA512
92bb4e588c94d0c8eba886d0e0da92facf96ea92babf33f86cc136a5f17343a003b847a762f031c5f1f86d49e2d7583e0b5ac92b19d03116e0e66e9ddb05ac56

Download Submit
memory/1192-8-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1192-3996-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1192-41-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1236-4038-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1236-89-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1236-559-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1356-17-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1356-47-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1356-3953-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1468-764-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1468-100-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1648-107-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/1648-4048-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/1648-920-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/1844-4063-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1844-374-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1844-84-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-4022-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2164-75-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2164-218-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2320-3965-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-28-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-66-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-4020-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2440-36-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2440-74-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2532-38-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-71-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2532-94-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-93-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-112-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2532-113-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2532-103-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-102-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-83-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-665-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-79-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-6-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1036-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2532-62-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-856-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-86-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-22-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-0-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2532-12-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2532-35-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2532-55-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-51-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-24-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2652-99-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-4019-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-59-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-4028-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-67-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-106-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-53-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-4025-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-30-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-3961-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-70-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-45-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-4013-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download