cobaltstrike | df0cd48e12bd99f9545ecb319310e96c20428c27d9cdb713272071d457096af1

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11-11-2024 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b5d5e14bfc971bae9711b02066f668a1
SHA1

4c67610b61adbb0ccc441a3319c35f7f874fba86
SHA256

df0cd48e12bd99f9545ecb319310e96c20428c27d9cdb713272071d457096af1
SHA512

0c825992772f0e6960d36c33efbb15e0acb1e48f91a040979312e01c64891dc968dea1e0aa5c4cb90d2c9c6b392d6efb0a9b2cce7bd24024e6783fc2bc7efe1a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUe:T+q56utgpPF8u/7e

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b0000000120dc-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d52-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d29-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d66-19.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015fe0-39.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018741-58.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018636-43.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ef7-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f6d-31.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001907c-63.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019080-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191cf-98.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ad-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d1-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019219-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019369-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e6-185.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d1-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-170.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a8-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019371-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019329-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019345-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019232-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001921d-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019214-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f8-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191df-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001919c-77.dat	cobalt_reflective_dll
behavioral1/files/0x002a000000015cca-69.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2432-0-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x000b0000000120dc-6.dat	xmrig
behavioral1/files/0x0007000000015d52-9.dat	xmrig
behavioral1/files/0x0008000000015d29-10.dat	xmrig
behavioral1/files/0x0007000000015d66-19.dat	xmrig
behavioral1/memory/2432-32-0x0000000002300000-0x0000000002654000-memory.dmp	xmrig
behavioral1/files/0x0009000000015fe0-39.dat	xmrig
behavioral1/memory/2792-53-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2976-62-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2552-59-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x0006000000018741-58.dat	xmrig
behavioral1/memory/2596-52-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2556-49-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/files/0x0006000000018636-43.dat	xmrig
behavioral1/memory/2656-38-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x0007000000015ef7-36.dat	xmrig
behavioral1/memory/2404-35-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f6d-31.dat	xmrig
behavioral1/files/0x000600000001907c-63.dat	xmrig
behavioral1/files/0x0006000000019080-70.dat	xmrig
behavioral1/memory/1316-97-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2972-102-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/files/0x00050000000191cf-98.dat	xmrig
behavioral1/memory/536-95-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x00050000000191ad-93.dat	xmrig
behavioral1/memory/564-91-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x00050000000191d1-105.dat	xmrig
behavioral1/files/0x0005000000019219-125.dat	xmrig
behavioral1/files/0x0005000000019369-150.dat	xmrig
behavioral1/memory/2404-464-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2432-394-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/1692-627-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193e6-185.dat	xmrig
behavioral1/files/0x00050000000193d1-180.dat	xmrig
behavioral1/files/0x000500000001938e-170.dat	xmrig
behavioral1/files/0x00050000000193a8-175.dat	xmrig
behavioral1/files/0x000500000001937b-160.dat	xmrig
behavioral1/files/0x0005000000019382-164.dat	xmrig
behavioral1/files/0x0005000000019371-155.dat	xmrig
behavioral1/files/0x0005000000019329-140.dat	xmrig
behavioral1/files/0x0005000000019345-145.dat	xmrig
behavioral1/files/0x0005000000019232-135.dat	xmrig
behavioral1/files/0x000500000001921d-130.dat	xmrig
behavioral1/files/0x0005000000019214-120.dat	xmrig
behavioral1/files/0x00050000000191f8-115.dat	xmrig
behavioral1/files/0x00050000000191df-110.dat	xmrig
behavioral1/files/0x000500000001919c-77.dat	xmrig
behavioral1/memory/1692-87-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/files/0x002a000000015cca-69.dat	xmrig
behavioral1/memory/2764-25-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2708-29-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2656-4023-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2764-4024-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2708-4025-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2556-4026-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2792-4028-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2404-4027-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2596-4029-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2976-4031-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2552-4030-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/536-4032-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/564-4033-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/1692-4034-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/1316-4035-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2656	klMtYbG.exe
2764	RUttCNX.exe
2708	ujByoMt.exe
2556	gkbetrN.exe
2404	cmsPDXd.exe
2792	mmDAguA.exe
2552	LpgYJoC.exe
2596	RGGESCn.exe
2976	NgdmCEN.exe
536	Lglfhrg.exe
1316	UZJASsP.exe
1692	QBRIYtZ.exe
564	EkEGREr.exe
2972	YPvoobL.exe
1724	xTnuIGq.exe
1832	iDIrkjR.exe
1320	GSRAsDJ.exe
1868	Vtkaols.exe
2640	fREPLnr.exe
1856	SFScfqs.exe
1872	sEfHguL.exe
2500	HyWxOkJ.exe
1996	zCmhetO.exe
2744	nZSgAYH.exe
2140	othkBpC.exe
3044	kAaUtdJ.exe
2056	rbQwiec.exe
2936	nHZZyBP.exe
1588	gJczKZH.exe
2272	jWKaHtg.exe
408	MeaDqBz.exe
3004	usamYZw.exe
1088	TonWrtb.exe
1752	BkSkEpg.exe
1540	brvXEgL.exe
856	FnKDPaj.exe
2232	HujjzUu.exe
1392	zBgAAuO.exe
2288	bRGmTOD.exe
2060	vMrVgxz.exe
1972	HpXsiOg.exe
920	pBwoUqW.exe
2064	vsYORKS.exe
1976	QbkAifD.exe
2244	onYjFoF.exe
2196	aozmPWo.exe
2352	LSMuosS.exe
2908	meCqINu.exe
2148	pPaEBIg.exe
2200	XQDTldL.exe
896	rCtntDU.exe
1768	vTDgPtN.exe
1596	FCYvgWE.exe
3052	QDbvAPU.exe
2372	LTWuvID.exe
2796	VnTSLxe.exe
2684	JnRTzBI.exe
2768	TOgMdFK.exe
2724	CdbTDwC.exe
2600	gnEENtO.exe
2296	yuZzlyE.exe
876	PNaKucO.exe
2992	qXseXGO.exe
2292	luwqOGe.exe

Loads dropped DLL 64 IoCs

pid	Process
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2432-0-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x000b0000000120dc-6.dat	upx
behavioral1/files/0x0007000000015d52-9.dat	upx
behavioral1/files/0x0008000000015d29-10.dat	upx
behavioral1/files/0x0007000000015d66-19.dat	upx
behavioral1/files/0x0009000000015fe0-39.dat	upx
behavioral1/memory/2792-53-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2976-62-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2552-59-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x0006000000018741-58.dat	upx
behavioral1/memory/2596-52-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2556-49-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/files/0x0006000000018636-43.dat	upx
behavioral1/memory/2656-38-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x0007000000015ef7-36.dat	upx
behavioral1/memory/2404-35-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x0007000000015f6d-31.dat	upx
behavioral1/files/0x000600000001907c-63.dat	upx
behavioral1/files/0x0006000000019080-70.dat	upx
behavioral1/memory/1316-97-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2972-102-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/files/0x00050000000191cf-98.dat	upx
behavioral1/memory/536-95-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x00050000000191ad-93.dat	upx
behavioral1/memory/564-91-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x00050000000191d1-105.dat	upx
behavioral1/files/0x0005000000019219-125.dat	upx
behavioral1/files/0x0005000000019369-150.dat	upx
behavioral1/memory/2404-464-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2432-394-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/1692-627-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/files/0x00050000000193e6-185.dat	upx
behavioral1/files/0x00050000000193d1-180.dat	upx
behavioral1/files/0x000500000001938e-170.dat	upx
behavioral1/files/0x00050000000193a8-175.dat	upx
behavioral1/files/0x000500000001937b-160.dat	upx
behavioral1/files/0x0005000000019382-164.dat	upx
behavioral1/files/0x0005000000019371-155.dat	upx
behavioral1/files/0x0005000000019329-140.dat	upx
behavioral1/files/0x0005000000019345-145.dat	upx
behavioral1/files/0x0005000000019232-135.dat	upx
behavioral1/files/0x000500000001921d-130.dat	upx
behavioral1/files/0x0005000000019214-120.dat	upx
behavioral1/files/0x00050000000191f8-115.dat	upx
behavioral1/files/0x00050000000191df-110.dat	upx
behavioral1/files/0x000500000001919c-77.dat	upx
behavioral1/memory/1692-87-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/files/0x002a000000015cca-69.dat	upx
behavioral1/memory/2764-25-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2708-29-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2656-4023-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2764-4024-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2708-4025-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2556-4026-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2792-4028-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2404-4027-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2596-4029-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2976-4031-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2552-4030-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/536-4032-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/564-4033-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/1692-4034-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/1316-4035-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2972-4036-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GSRAsDJ.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zjLPojg.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyVCIVL.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqGHLHe.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HqNhApt.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFmhXGS.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qAJWdkA.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gqfaBfT.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fREPLnr.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MiPZkMH.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvJcnqB.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\djuBrnW.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UtqMIeU.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kpaGoRo.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nvYOvNJ.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oEnYZMa.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LXBIkcD.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BzotxPs.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EkEGREr.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IeXUOCz.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EHoyrvK.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DJPitws.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WbpVIvb.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vbXKXsN.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WJUZnkL.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QDuTzmk.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmUZGJZ.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TqtHvwe.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\njxCSaU.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHPtqWQ.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zQToIVd.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oahKPin.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DtSjsqs.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ujByoMt.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HHoNCvF.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAFfHkP.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\icfvgrl.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DHlmRxS.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHQwLyp.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGVadPd.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQFmzHg.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UNWgILu.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEPBsgN.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vFBLzGw.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GJpEPZn.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MZFiMRF.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfrOfxF.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IrGSGKJ.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zBYRaGO.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EoxceZc.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OKzTOwc.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XXAqxrs.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\USlPMvx.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGnFugx.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGyCjSl.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ykuNUnV.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lcfplJG.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\irzFZXb.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SncLGmw.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hOQiMFv.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mGJrSuO.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EojOVfi.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KvqiqrS.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RessbNp.exe	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2656	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2432 wrote to memory of 2656	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2432 wrote to memory of 2656	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2432 wrote to memory of 2764	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2432 wrote to memory of 2764	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2432 wrote to memory of 2764	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2432 wrote to memory of 2708	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2432 wrote to memory of 2708	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2432 wrote to memory of 2708	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2432 wrote to memory of 2556	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2432 wrote to memory of 2556	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2432 wrote to memory of 2556	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2432 wrote to memory of 2792	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2432 wrote to memory of 2792	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2432 wrote to memory of 2792	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2432 wrote to memory of 2404	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2432 wrote to memory of 2404	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2432 wrote to memory of 2404	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2432 wrote to memory of 2596	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2432 wrote to memory of 2596	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2432 wrote to memory of 2596	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2432 wrote to memory of 2552	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2432 wrote to memory of 2552	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2432 wrote to memory of 2552	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2432 wrote to memory of 2976	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2432 wrote to memory of 2976	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2432 wrote to memory of 2976	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2432 wrote to memory of 1692	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2432 wrote to memory of 1692	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2432 wrote to memory of 1692	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2432 wrote to memory of 536	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2432 wrote to memory of 536	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2432 wrote to memory of 536	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2432 wrote to memory of 564	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2432 wrote to memory of 564	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2432 wrote to memory of 564	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2432 wrote to memory of 1316	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2432 wrote to memory of 1316	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2432 wrote to memory of 1316	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2432 wrote to memory of 2972	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2432 wrote to memory of 2972	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2432 wrote to memory of 2972	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2432 wrote to memory of 1724	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2432 wrote to memory of 1724	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2432 wrote to memory of 1724	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2432 wrote to memory of 1832	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2432 wrote to memory of 1832	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2432 wrote to memory of 1832	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2432 wrote to memory of 1320	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2432 wrote to memory of 1320	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2432 wrote to memory of 1320	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2432 wrote to memory of 1868	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2432 wrote to memory of 1868	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2432 wrote to memory of 1868	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2432 wrote to memory of 2640	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2432 wrote to memory of 2640	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2432 wrote to memory of 2640	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2432 wrote to memory of 1856	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2432 wrote to memory of 1856	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2432 wrote to memory of 1856	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2432 wrote to memory of 1872	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2432 wrote to memory of 1872	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2432 wrote to memory of 1872	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2432 wrote to memory of 2500	2432	2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-11_b5d5e14bfc971bae9711b02066f668a1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\System\klMtYbG.exe
  C:\Windows\System\klMtYbG.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\RUttCNX.exe
  C:\Windows\System\RUttCNX.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\ujByoMt.exe
  C:\Windows\System\ujByoMt.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\gkbetrN.exe
  C:\Windows\System\gkbetrN.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\mmDAguA.exe
  C:\Windows\System\mmDAguA.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\cmsPDXd.exe
  C:\Windows\System\cmsPDXd.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\RGGESCn.exe
  C:\Windows\System\RGGESCn.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\LpgYJoC.exe
  C:\Windows\System\LpgYJoC.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\NgdmCEN.exe
  C:\Windows\System\NgdmCEN.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\QBRIYtZ.exe
  C:\Windows\System\QBRIYtZ.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\Lglfhrg.exe
  C:\Windows\System\Lglfhrg.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\EkEGREr.exe
  C:\Windows\System\EkEGREr.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\UZJASsP.exe
  C:\Windows\System\UZJASsP.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\YPvoobL.exe
  C:\Windows\System\YPvoobL.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\xTnuIGq.exe
  C:\Windows\System\xTnuIGq.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\iDIrkjR.exe
  C:\Windows\System\iDIrkjR.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\GSRAsDJ.exe
  C:\Windows\System\GSRAsDJ.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\Vtkaols.exe
  C:\Windows\System\Vtkaols.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\fREPLnr.exe
  C:\Windows\System\fREPLnr.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\SFScfqs.exe
  C:\Windows\System\SFScfqs.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\sEfHguL.exe
  C:\Windows\System\sEfHguL.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\HyWxOkJ.exe
  C:\Windows\System\HyWxOkJ.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\zCmhetO.exe
  C:\Windows\System\zCmhetO.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\nZSgAYH.exe
  C:\Windows\System\nZSgAYH.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\othkBpC.exe
  C:\Windows\System\othkBpC.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\kAaUtdJ.exe
  C:\Windows\System\kAaUtdJ.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\rbQwiec.exe
  C:\Windows\System\rbQwiec.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\nHZZyBP.exe
  C:\Windows\System\nHZZyBP.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\gJczKZH.exe
  C:\Windows\System\gJczKZH.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\jWKaHtg.exe
  C:\Windows\System\jWKaHtg.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\MeaDqBz.exe
  C:\Windows\System\MeaDqBz.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\usamYZw.exe
  C:\Windows\System\usamYZw.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\TonWrtb.exe
  C:\Windows\System\TonWrtb.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\BkSkEpg.exe
  C:\Windows\System\BkSkEpg.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\brvXEgL.exe
  C:\Windows\System\brvXEgL.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\FnKDPaj.exe
  C:\Windows\System\FnKDPaj.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\HujjzUu.exe
  C:\Windows\System\HujjzUu.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\zBgAAuO.exe
  C:\Windows\System\zBgAAuO.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\bRGmTOD.exe
  C:\Windows\System\bRGmTOD.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\vMrVgxz.exe
  C:\Windows\System\vMrVgxz.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\HpXsiOg.exe
  C:\Windows\System\HpXsiOg.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\pBwoUqW.exe
  C:\Windows\System\pBwoUqW.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\vsYORKS.exe
  C:\Windows\System\vsYORKS.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\QbkAifD.exe
  C:\Windows\System\QbkAifD.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\onYjFoF.exe
  C:\Windows\System\onYjFoF.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\aozmPWo.exe
  C:\Windows\System\aozmPWo.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\LSMuosS.exe
  C:\Windows\System\LSMuosS.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\meCqINu.exe
  C:\Windows\System\meCqINu.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\pPaEBIg.exe
  C:\Windows\System\pPaEBIg.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\XQDTldL.exe
  C:\Windows\System\XQDTldL.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\rCtntDU.exe
  C:\Windows\System\rCtntDU.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\vTDgPtN.exe
  C:\Windows\System\vTDgPtN.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\QDbvAPU.exe
  C:\Windows\System\QDbvAPU.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\FCYvgWE.exe
  C:\Windows\System\FCYvgWE.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\LTWuvID.exe
  C:\Windows\System\LTWuvID.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\VnTSLxe.exe
  C:\Windows\System\VnTSLxe.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\JnRTzBI.exe
  C:\Windows\System\JnRTzBI.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\TOgMdFK.exe
  C:\Windows\System\TOgMdFK.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\CdbTDwC.exe
  C:\Windows\System\CdbTDwC.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\gnEENtO.exe
  C:\Windows\System\gnEENtO.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\yuZzlyE.exe
  C:\Windows\System\yuZzlyE.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\PNaKucO.exe
  C:\Windows\System\PNaKucO.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\qXseXGO.exe
  C:\Windows\System\qXseXGO.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\luwqOGe.exe
  C:\Windows\System\luwqOGe.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\LcMduuN.exe
  C:\Windows\System\LcMduuN.exe
  2⤵
  PID:2872
- C:\Windows\System\dHAbOTL.exe
  C:\Windows\System\dHAbOTL.exe
  2⤵
  PID:2836
- C:\Windows\System\AXuJhdr.exe
  C:\Windows\System\AXuJhdr.exe
  2⤵
  PID:1880
- C:\Windows\System\qilZBoq.exe
  C:\Windows\System\qilZBoq.exe
  2⤵
  PID:2528
- C:\Windows\System\bpspamQ.exe
  C:\Windows\System\bpspamQ.exe
  2⤵
  PID:1656
- C:\Windows\System\eBFiIkN.exe
  C:\Windows\System\eBFiIkN.exe
  2⤵
  PID:2104
- C:\Windows\System\EPuICEs.exe
  C:\Windows\System\EPuICEs.exe
  2⤵
  PID:2236
- C:\Windows\System\AgRHGWD.exe
  C:\Windows\System\AgRHGWD.exe
  2⤵
  PID:1216
- C:\Windows\System\NgnhvkR.exe
  C:\Windows\System\NgnhvkR.exe
  2⤵
  PID:1548
- C:\Windows\System\QyiwBab.exe
  C:\Windows\System\QyiwBab.exe
  2⤵
  PID:1512
- C:\Windows\System\uCFwhuZ.exe
  C:\Windows\System\uCFwhuZ.exe
  2⤵
  PID:2948
- C:\Windows\System\IThbWnv.exe
  C:\Windows\System\IThbWnv.exe
  2⤵
  PID:1352
- C:\Windows\System\EAMBxKd.exe
  C:\Windows\System\EAMBxKd.exe
  2⤵
  PID:1152
- C:\Windows\System\hKFpvtE.exe
  C:\Windows\System\hKFpvtE.exe
  2⤵
  PID:796
- C:\Windows\System\TLXulwy.exe
  C:\Windows\System\TLXulwy.exe
  2⤵
  PID:1348
- C:\Windows\System\SOSuROz.exe
  C:\Windows\System\SOSuROz.exe
  2⤵
  PID:1700
- C:\Windows\System\Gczfffm.exe
  C:\Windows\System\Gczfffm.exe
  2⤵
  PID:908
- C:\Windows\System\DFtZdyT.exe
  C:\Windows\System\DFtZdyT.exe
  2⤵
  PID:916
- C:\Windows\System\RcdNUAB.exe
  C:\Windows\System\RcdNUAB.exe
  2⤵
  PID:2896
- C:\Windows\System\aoLDSGZ.exe
  C:\Windows\System\aoLDSGZ.exe
  2⤵
  PID:1328
- C:\Windows\System\hbaTafI.exe
  C:\Windows\System\hbaTafI.exe
  2⤵
  PID:2408
- C:\Windows\System\VGtilpe.exe
  C:\Windows\System\VGtilpe.exe
  2⤵
  PID:2376
- C:\Windows\System\XOtoMUq.exe
  C:\Windows\System\XOtoMUq.exe
  2⤵
  PID:1600
- C:\Windows\System\etdHCQi.exe
  C:\Windows\System\etdHCQi.exe
  2⤵
  PID:2788
- C:\Windows\System\GwJyFfq.exe
  C:\Windows\System\GwJyFfq.exe
  2⤵
  PID:2748
- C:\Windows\System\tPfGNCb.exe
  C:\Windows\System\tPfGNCb.exe
  2⤵
  PID:2876
- C:\Windows\System\ZfUKiNy.exe
  C:\Windows\System\ZfUKiNy.exe
  2⤵
  PID:3064
- C:\Windows\System\dRNZWiH.exe
  C:\Windows\System\dRNZWiH.exe
  2⤵
  PID:2884
- C:\Windows\System\txGgPKA.exe
  C:\Windows\System\txGgPKA.exe
  2⤵
  PID:2308
- C:\Windows\System\mYXOcwo.exe
  C:\Windows\System\mYXOcwo.exe
  2⤵
  PID:2568
- C:\Windows\System\noQKAvG.exe
  C:\Windows\System\noQKAvG.exe
  2⤵
  PID:888
- C:\Windows\System\GLVErtt.exe
  C:\Windows\System\GLVErtt.exe
  2⤵
  PID:2080
- C:\Windows\System\KqdpWzh.exe
  C:\Windows\System\KqdpWzh.exe
  2⤵
  PID:2224
- C:\Windows\System\tmYesrA.exe
  C:\Windows\System\tmYesrA.exe
  2⤵
  PID:3008
- C:\Windows\System\mXmOvMA.exe
  C:\Windows\System\mXmOvMA.exe
  2⤵
  PID:2132
- C:\Windows\System\KnJNAua.exe
  C:\Windows\System\KnJNAua.exe
  2⤵
  PID:1736
- C:\Windows\System\WOqdgWD.exe
  C:\Windows\System\WOqdgWD.exe
  2⤵
  PID:2920
- C:\Windows\System\QWrtRdR.exe
  C:\Windows\System\QWrtRdR.exe
  2⤵
  PID:956
- C:\Windows\System\DJeSExF.exe
  C:\Windows\System\DJeSExF.exe
  2⤵
  PID:2284
- C:\Windows\System\kCKbSPr.exe
  C:\Windows\System\kCKbSPr.exe
  2⤵
  PID:2416
- C:\Windows\System\xdkMqnF.exe
  C:\Windows\System\xdkMqnF.exe
  2⤵
  PID:2428
- C:\Windows\System\vweewdO.exe
  C:\Windows\System\vweewdO.exe
  2⤵
  PID:2924
- C:\Windows\System\UrhZBPh.exe
  C:\Windows\System\UrhZBPh.exe
  2⤵
  PID:812
- C:\Windows\System\SmBaOLM.exe
  C:\Windows\System\SmBaOLM.exe
  2⤵
  PID:2628
- C:\Windows\System\ZBuPidL.exe
  C:\Windows\System\ZBuPidL.exe
  2⤵
  PID:1680
- C:\Windows\System\tSlrtYS.exe
  C:\Windows\System\tSlrtYS.exe
  2⤵
  PID:2816
- C:\Windows\System\YXyRRdS.exe
  C:\Windows\System\YXyRRdS.exe
  2⤵
  PID:2160
- C:\Windows\System\QGdetmS.exe
  C:\Windows\System\QGdetmS.exe
  2⤵
  PID:1496
- C:\Windows\System\oLmNgic.exe
  C:\Windows\System\oLmNgic.exe
  2⤵
  PID:2012
- C:\Windows\System\IbHhzSW.exe
  C:\Windows\System\IbHhzSW.exe
  2⤵
  PID:1808
- C:\Windows\System\NUZAzFe.exe
  C:\Windows\System\NUZAzFe.exe
  2⤵
  PID:2648
- C:\Windows\System\nEXywsd.exe
  C:\Windows\System\nEXywsd.exe
  2⤵
  PID:2400
- C:\Windows\System\LPTASvf.exe
  C:\Windows\System\LPTASvf.exe
  2⤵
  PID:604
- C:\Windows\System\LxlnHKJ.exe
  C:\Windows\System\LxlnHKJ.exe
  2⤵
  PID:1876
- C:\Windows\System\YnltrVg.exe
  C:\Windows\System\YnltrVg.exe
  2⤵
  PID:2112
- C:\Windows\System\LCEhmih.exe
  C:\Windows\System\LCEhmih.exe
  2⤵
  PID:2488
- C:\Windows\System\puKGFUt.exe
  C:\Windows\System\puKGFUt.exe
  2⤵
  PID:2808
- C:\Windows\System\Lemnckm.exe
  C:\Windows\System\Lemnckm.exe
  2⤵
  PID:1608
- C:\Windows\System\eGPTOBZ.exe
  C:\Windows\System\eGPTOBZ.exe
  2⤵
  PID:2740
- C:\Windows\System\LxfxPLO.exe
  C:\Windows\System\LxfxPLO.exe
  2⤵
  PID:2712
- C:\Windows\System\LRaQgCV.exe
  C:\Windows\System\LRaQgCV.exe
  2⤵
  PID:792
- C:\Windows\System\YfnmqsS.exe
  C:\Windows\System\YfnmqsS.exe
  2⤵
  PID:1820
- C:\Windows\System\DCAvhko.exe
  C:\Windows\System\DCAvhko.exe
  2⤵
  PID:1052
- C:\Windows\System\jVnGzdc.exe
  C:\Windows\System\jVnGzdc.exe
  2⤵
  PID:2108
- C:\Windows\System\EojOVfi.exe
  C:\Windows\System\EojOVfi.exe
  2⤵
  PID:704
- C:\Windows\System\GJpEPZn.exe
  C:\Windows\System\GJpEPZn.exe
  2⤵
  PID:1668
- C:\Windows\System\fmEDBNw.exe
  C:\Windows\System\fmEDBNw.exe
  2⤵
  PID:2072
- C:\Windows\System\ytqxbsA.exe
  C:\Windows\System\ytqxbsA.exe
  2⤵
  PID:2152
- C:\Windows\System\IeXUOCz.exe
  C:\Windows\System\IeXUOCz.exe
  2⤵
  PID:844
- C:\Windows\System\KvqiqrS.exe
  C:\Windows\System\KvqiqrS.exe
  2⤵
  PID:3076
- C:\Windows\System\lYiwyVm.exe
  C:\Windows\System\lYiwyVm.exe
  2⤵
  PID:3096
- C:\Windows\System\HqiVpDL.exe
  C:\Windows\System\HqiVpDL.exe
  2⤵
  PID:3120
- C:\Windows\System\gokRhrE.exe
  C:\Windows\System\gokRhrE.exe
  2⤵
  PID:3140
- C:\Windows\System\cmUcgzh.exe
  C:\Windows\System\cmUcgzh.exe
  2⤵
  PID:3156
- C:\Windows\System\KXGUlFy.exe
  C:\Windows\System\KXGUlFy.exe
  2⤵
  PID:3176
- C:\Windows\System\Hepxght.exe
  C:\Windows\System\Hepxght.exe
  2⤵
  PID:3200
- C:\Windows\System\xmSRoLO.exe
  C:\Windows\System\xmSRoLO.exe
  2⤵
  PID:3220
- C:\Windows\System\OcPDjRm.exe
  C:\Windows\System\OcPDjRm.exe
  2⤵
  PID:3236
- C:\Windows\System\nGDAvQo.exe
  C:\Windows\System\nGDAvQo.exe
  2⤵
  PID:3256
- C:\Windows\System\HjVsCop.exe
  C:\Windows\System\HjVsCop.exe
  2⤵
  PID:3276
- C:\Windows\System\ctwebEF.exe
  C:\Windows\System\ctwebEF.exe
  2⤵
  PID:3296
- C:\Windows\System\MzZXsrJ.exe
  C:\Windows\System\MzZXsrJ.exe
  2⤵
  PID:3312
- C:\Windows\System\XRgyItv.exe
  C:\Windows\System\XRgyItv.exe
  2⤵
  PID:3332
- C:\Windows\System\ZvkrDko.exe
  C:\Windows\System\ZvkrDko.exe
  2⤵
  PID:3356
- C:\Windows\System\qnHCfVp.exe
  C:\Windows\System\qnHCfVp.exe
  2⤵
  PID:3380
- C:\Windows\System\qzowXBO.exe
  C:\Windows\System\qzowXBO.exe
  2⤵
  PID:3396
- C:\Windows\System\eacEaSQ.exe
  C:\Windows\System\eacEaSQ.exe
  2⤵
  PID:3416
- C:\Windows\System\VPxeLtl.exe
  C:\Windows\System\VPxeLtl.exe
  2⤵
  PID:3432
- C:\Windows\System\iQGmRrU.exe
  C:\Windows\System\iQGmRrU.exe
  2⤵
  PID:3452
- C:\Windows\System\jgpXfHR.exe
  C:\Windows\System\jgpXfHR.exe
  2⤵
  PID:3468
- C:\Windows\System\vFhMroa.exe
  C:\Windows\System\vFhMroa.exe
  2⤵
  PID:3488
- C:\Windows\System\irwLaIU.exe
  C:\Windows\System\irwLaIU.exe
  2⤵
  PID:3504
- C:\Windows\System\EPWNzbx.exe
  C:\Windows\System\EPWNzbx.exe
  2⤵
  PID:3520
- C:\Windows\System\kNkjqSp.exe
  C:\Windows\System\kNkjqSp.exe
  2⤵
  PID:3552
- C:\Windows\System\UmBKOUv.exe
  C:\Windows\System\UmBKOUv.exe
  2⤵
  PID:3584
- C:\Windows\System\gTmaEqs.exe
  C:\Windows\System\gTmaEqs.exe
  2⤵
  PID:3600
- C:\Windows\System\PrjptKY.exe
  C:\Windows\System\PrjptKY.exe
  2⤵
  PID:3620
- C:\Windows\System\iLEKTRI.exe
  C:\Windows\System\iLEKTRI.exe
  2⤵
  PID:3636
- C:\Windows\System\NhvsgIt.exe
  C:\Windows\System\NhvsgIt.exe
  2⤵
  PID:3652
- C:\Windows\System\SAoHqBL.exe
  C:\Windows\System\SAoHqBL.exe
  2⤵
  PID:3672
- C:\Windows\System\NhNeYfY.exe
  C:\Windows\System\NhNeYfY.exe
  2⤵
  PID:3696
- C:\Windows\System\wOuczvN.exe
  C:\Windows\System\wOuczvN.exe
  2⤵
  PID:3716
- C:\Windows\System\uuabfSQ.exe
  C:\Windows\System\uuabfSQ.exe
  2⤵
  PID:3732
- C:\Windows\System\bDOVPsn.exe
  C:\Windows\System\bDOVPsn.exe
  2⤵
  PID:3748
- C:\Windows\System\RVqNyHZ.exe
  C:\Windows\System\RVqNyHZ.exe
  2⤵
  PID:3764
- C:\Windows\System\JIxvDYa.exe
  C:\Windows\System\JIxvDYa.exe
  2⤵
  PID:3788
- C:\Windows\System\DwsSQsE.exe
  C:\Windows\System\DwsSQsE.exe
  2⤵
  PID:3804
- C:\Windows\System\aRRNKJD.exe
  C:\Windows\System\aRRNKJD.exe
  2⤵
  PID:3820
- C:\Windows\System\mufvyLM.exe
  C:\Windows\System\mufvyLM.exe
  2⤵
  PID:3836
- C:\Windows\System\bdDBvlV.exe
  C:\Windows\System\bdDBvlV.exe
  2⤵
  PID:3876
- C:\Windows\System\QdLmTpr.exe
  C:\Windows\System\QdLmTpr.exe
  2⤵
  PID:3892
- C:\Windows\System\ckJiwyy.exe
  C:\Windows\System\ckJiwyy.exe
  2⤵
  PID:3908
- C:\Windows\System\SzFDMDO.exe
  C:\Windows\System\SzFDMDO.exe
  2⤵
  PID:3924
- C:\Windows\System\zdxTcfY.exe
  C:\Windows\System\zdxTcfY.exe
  2⤵
  PID:3940
- C:\Windows\System\QsuBESU.exe
  C:\Windows\System\QsuBESU.exe
  2⤵
  PID:3968
- C:\Windows\System\dtZcAej.exe
  C:\Windows\System\dtZcAej.exe
  2⤵
  PID:3984
- C:\Windows\System\uEcNWfy.exe
  C:\Windows\System\uEcNWfy.exe
  2⤵
  PID:4000
- C:\Windows\System\rkCISBT.exe
  C:\Windows\System\rkCISBT.exe
  2⤵
  PID:4020
- C:\Windows\System\EHoyrvK.exe
  C:\Windows\System\EHoyrvK.exe
  2⤵
  PID:4052
- C:\Windows\System\zjLPojg.exe
  C:\Windows\System\zjLPojg.exe
  2⤵
  PID:4076
- C:\Windows\System\ueSOXRA.exe
  C:\Windows\System\ueSOXRA.exe
  2⤵
  PID:4092
- C:\Windows\System\jctytrd.exe
  C:\Windows\System\jctytrd.exe
  2⤵
  PID:2128
- C:\Windows\System\aBFKvbH.exe
  C:\Windows\System\aBFKvbH.exe
  2⤵
  PID:1156
- C:\Windows\System\dXybWTk.exe
  C:\Windows\System\dXybWTk.exe
  2⤵
  PID:2964
- C:\Windows\System\mKFEdXV.exe
  C:\Windows\System\mKFEdXV.exe
  2⤵
  PID:1368
- C:\Windows\System\TUckSGl.exe
  C:\Windows\System\TUckSGl.exe
  2⤵
  PID:3216
- C:\Windows\System\MiPZkMH.exe
  C:\Windows\System\MiPZkMH.exe
  2⤵
  PID:3284
- C:\Windows\System\zPBlIsa.exe
  C:\Windows\System\zPBlIsa.exe
  2⤵
  PID:3152
- C:\Windows\System\ZgrNctk.exe
  C:\Windows\System\ZgrNctk.exe
  2⤵
  PID:3328
- C:\Windows\System\bNgZsvG.exe
  C:\Windows\System\bNgZsvG.exe
  2⤵
  PID:3364
- C:\Windows\System\bjPsMeN.exe
  C:\Windows\System\bjPsMeN.exe
  2⤵
  PID:3408
- C:\Windows\System\lIfylyE.exe
  C:\Windows\System\lIfylyE.exe
  2⤵
  PID:3344
- C:\Windows\System\qRILdiZ.exe
  C:\Windows\System\qRILdiZ.exe
  2⤵
  PID:3476
- C:\Windows\System\FSvnMXJ.exe
  C:\Windows\System\FSvnMXJ.exe
  2⤵
  PID:3460
- C:\Windows\System\RVmyXLG.exe
  C:\Windows\System\RVmyXLG.exe
  2⤵
  PID:3512
- C:\Windows\System\ldSjHVf.exe
  C:\Windows\System\ldSjHVf.exe
  2⤵
  PID:3496
- C:\Windows\System\yNZmwIE.exe
  C:\Windows\System\yNZmwIE.exe
  2⤵
  PID:3540
- C:\Windows\System\oAZuKpG.exe
  C:\Windows\System\oAZuKpG.exe
  2⤵
  PID:3560
- C:\Windows\System\DhZjqYm.exe
  C:\Windows\System\DhZjqYm.exe
  2⤵
  PID:2856
- C:\Windows\System\UpBJfIJ.exe
  C:\Windows\System\UpBJfIJ.exe
  2⤵
  PID:2452
- C:\Windows\System\PCNgFVc.exe
  C:\Windows\System\PCNgFVc.exe
  2⤵
  PID:3576
- C:\Windows\System\ZLAmEPO.exe
  C:\Windows\System\ZLAmEPO.exe
  2⤵
  PID:1824
- C:\Windows\System\eWerJHc.exe
  C:\Windows\System\eWerJHc.exe
  2⤵
  PID:3580
- C:\Windows\System\hOyYJPm.exe
  C:\Windows\System\hOyYJPm.exe
  2⤵
  PID:2616
- C:\Windows\System\dzSvbHO.exe
  C:\Windows\System\dzSvbHO.exe
  2⤵
  PID:3616
- C:\Windows\System\zDtACob.exe
  C:\Windows\System\zDtACob.exe
  2⤵
  PID:3660
- C:\Windows\System\idAGuLZ.exe
  C:\Windows\System\idAGuLZ.exe
  2⤵
  PID:3724
- C:\Windows\System\HqNhApt.exe
  C:\Windows\System\HqNhApt.exe
  2⤵
  PID:3796
- C:\Windows\System\MKlVuze.exe
  C:\Windows\System\MKlVuze.exe
  2⤵
  PID:3776
- C:\Windows\System\iQzrDKj.exe
  C:\Windows\System\iQzrDKj.exe
  2⤵
  PID:3916
- C:\Windows\System\beqCRiv.exe
  C:\Windows\System\beqCRiv.exe
  2⤵
  PID:4028
- C:\Windows\System\hzDAjSE.exe
  C:\Windows\System\hzDAjSE.exe
  2⤵
  PID:4032
- C:\Windows\System\NTqGRGE.exe
  C:\Windows\System\NTqGRGE.exe
  2⤵
  PID:3852
- C:\Windows\System\yvZQgxv.exe
  C:\Windows\System\yvZQgxv.exe
  2⤵
  PID:4088
- C:\Windows\System\qpnlsEn.exe
  C:\Windows\System\qpnlsEn.exe
  2⤵
  PID:1740
- C:\Windows\System\hRXKzhL.exe
  C:\Windows\System\hRXKzhL.exe
  2⤵
  PID:3812
- C:\Windows\System\ePTlafV.exe
  C:\Windows\System\ePTlafV.exe
  2⤵
  PID:3900
- C:\Windows\System\wXcxtpE.exe
  C:\Windows\System\wXcxtpE.exe
  2⤵
  PID:3088
- C:\Windows\System\bPGzBHZ.exe
  C:\Windows\System\bPGzBHZ.exe
  2⤵
  PID:4064
- C:\Windows\System\hJcuPCw.exe
  C:\Windows\System\hJcuPCw.exe
  2⤵
  PID:4016
- C:\Windows\System\uxUysgh.exe
  C:\Windows\System\uxUysgh.exe
  2⤵
  PID:3132
- C:\Windows\System\MShaFjf.exe
  C:\Windows\System\MShaFjf.exe
  2⤵
  PID:3248
- C:\Windows\System\NlZMoVi.exe
  C:\Windows\System\NlZMoVi.exe
  2⤵
  PID:3320
- C:\Windows\System\UZanUaO.exe
  C:\Windows\System\UZanUaO.exe
  2⤵
  PID:3412
- C:\Windows\System\ltjSGCw.exe
  C:\Windows\System\ltjSGCw.exe
  2⤵
  PID:3112
- C:\Windows\System\yHJXeTP.exe
  C:\Windows\System\yHJXeTP.exe
  2⤵
  PID:3188
- C:\Windows\System\njxCSaU.exe
  C:\Windows\System\njxCSaU.exe
  2⤵
  PID:3448
- C:\Windows\System\CtlCOiH.exe
  C:\Windows\System\CtlCOiH.exe
  2⤵
  PID:3444
- C:\Windows\System\DaqefNq.exe
  C:\Windows\System\DaqefNq.exe
  2⤵
  PID:3480
- C:\Windows\System\obXfsQh.exe
  C:\Windows\System\obXfsQh.exe
  2⤵
  PID:3392
- C:\Windows\System\mwYqBRe.exe
  C:\Windows\System\mwYqBRe.exe
  2⤵
  PID:2000
- C:\Windows\System\tQpprOH.exe
  C:\Windows\System\tQpprOH.exe
  2⤵
  PID:2780
- C:\Windows\System\MZFiMRF.exe
  C:\Windows\System\MZFiMRF.exe
  2⤵
  PID:3548
- C:\Windows\System\jvIVCQJ.exe
  C:\Windows\System\jvIVCQJ.exe
  2⤵
  PID:3692
- C:\Windows\System\qXkbBSB.exe
  C:\Windows\System\qXkbBSB.exe
  2⤵
  PID:3828
- C:\Windows\System\DQaQvjp.exe
  C:\Windows\System\DQaQvjp.exe
  2⤵
  PID:2868
- C:\Windows\System\SSsyNRJ.exe
  C:\Windows\System\SSsyNRJ.exe
  2⤵
  PID:3756
- C:\Windows\System\BUFTDBu.exe
  C:\Windows\System\BUFTDBu.exe
  2⤵
  PID:3992
- C:\Windows\System\bHFsXMG.exe
  C:\Windows\System\bHFsXMG.exe
  2⤵
  PID:3704
- C:\Windows\System\WaQBKZW.exe
  C:\Windows\System\WaQBKZW.exe
  2⤵
  PID:3028
- C:\Windows\System\qsrVNHQ.exe
  C:\Windows\System\qsrVNHQ.exe
  2⤵
  PID:3024
- C:\Windows\System\uryKCdL.exe
  C:\Windows\System\uryKCdL.exe
  2⤵
  PID:3712
- C:\Windows\System\nvmkQcy.exe
  C:\Windows\System\nvmkQcy.exe
  2⤵
  PID:3932
- C:\Windows\System\fOstVEW.exe
  C:\Windows\System\fOstVEW.exe
  2⤵
  PID:3136
- C:\Windows\System\zBmXWxg.exe
  C:\Windows\System\zBmXWxg.exe
  2⤵
  PID:3244
- C:\Windows\System\kJZkyvV.exe
  C:\Windows\System\kJZkyvV.exe
  2⤵
  PID:3980
- C:\Windows\System\XWMYeAF.exe
  C:\Windows\System\XWMYeAF.exe
  2⤵
  PID:3340
- C:\Windows\System\VShfpAI.exe
  C:\Windows\System\VShfpAI.exe
  2⤵
  PID:2912
- C:\Windows\System\BSFIlkl.exe
  C:\Windows\System\BSFIlkl.exe
  2⤵
  PID:3264
- C:\Windows\System\ZGwLvbt.exe
  C:\Windows\System\ZGwLvbt.exe
  2⤵
  PID:2592
- C:\Windows\System\qmulDyg.exe
  C:\Windows\System\qmulDyg.exe
  2⤵
  PID:2176
- C:\Windows\System\jiwfriD.exe
  C:\Windows\System\jiwfriD.exe
  2⤵
  PID:3592
- C:\Windows\System\IYeAIaA.exe
  C:\Windows\System\IYeAIaA.exe
  2⤵
  PID:1044
- C:\Windows\System\RessbNp.exe
  C:\Windows\System\RessbNp.exe
  2⤵
  PID:3648
- C:\Windows\System\gmBRdmN.exe
  C:\Windows\System\gmBRdmN.exe
  2⤵
  PID:3952
- C:\Windows\System\WPDlvGu.exe
  C:\Windows\System\WPDlvGu.exe
  2⤵
  PID:3012
- C:\Windows\System\sPmEjef.exe
  C:\Windows\System\sPmEjef.exe
  2⤵
  PID:3760
- C:\Windows\System\nhwdfGJ.exe
  C:\Windows\System\nhwdfGJ.exe
  2⤵
  PID:3888
- C:\Windows\System\XKFxUXb.exe
  C:\Windows\System\XKFxUXb.exe
  2⤵
  PID:4084
- C:\Windows\System\ZfvbUze.exe
  C:\Windows\System\ZfvbUze.exe
  2⤵
  PID:4068
- C:\Windows\System\BFmhXGS.exe
  C:\Windows\System\BFmhXGS.exe
  2⤵
  PID:2996
- C:\Windows\System\hfvIHGv.exe
  C:\Windows\System\hfvIHGv.exe
  2⤵
  PID:2904
- C:\Windows\System\oaCRrgX.exe
  C:\Windows\System\oaCRrgX.exe
  2⤵
  PID:3232
- C:\Windows\System\QcJiSma.exe
  C:\Windows\System\QcJiSma.exe
  2⤵
  PID:3612
- C:\Windows\System\hcubEDF.exe
  C:\Windows\System\hcubEDF.exe
  2⤵
  PID:3348
- C:\Windows\System\uCSyBjL.exe
  C:\Windows\System\uCSyBjL.exe
  2⤵
  PID:936
- C:\Windows\System\USlPMvx.exe
  C:\Windows\System\USlPMvx.exe
  2⤵
  PID:2608
- C:\Windows\System\zfpIOOj.exe
  C:\Windows\System\zfpIOOj.exe
  2⤵
  PID:2572
- C:\Windows\System\FFKZIZA.exe
  C:\Windows\System\FFKZIZA.exe
  2⤵
  PID:2172
- C:\Windows\System\eSEcTNN.exe
  C:\Windows\System\eSEcTNN.exe
  2⤵
  PID:584
- C:\Windows\System\CKehrhS.exe
  C:\Windows\System\CKehrhS.exe
  2⤵
  PID:4048
- C:\Windows\System\ntlDqjH.exe
  C:\Windows\System\ntlDqjH.exe
  2⤵
  PID:3184
- C:\Windows\System\ebIeNBe.exe
  C:\Windows\System\ebIeNBe.exe
  2⤵
  PID:3192
- C:\Windows\System\QNJYbeG.exe
  C:\Windows\System\QNJYbeG.exe
  2⤵
  PID:3424
- C:\Windows\System\DWoUlEo.exe
  C:\Windows\System\DWoUlEo.exe
  2⤵
  PID:3632
- C:\Windows\System\ChelNri.exe
  C:\Windows\System\ChelNri.exe
  2⤵
  PID:3744
- C:\Windows\System\rvJcnqB.exe
  C:\Windows\System\rvJcnqB.exe
  2⤵
  PID:1128
- C:\Windows\System\GMWjTGY.exe
  C:\Windows\System\GMWjTGY.exe
  2⤵
  PID:1544
- C:\Windows\System\enHIzvn.exe
  C:\Windows\System\enHIzvn.exe
  2⤵
  PID:2344
- C:\Windows\System\nghGMMP.exe
  C:\Windows\System\nghGMMP.exe
  2⤵
  PID:2916
- C:\Windows\System\qmLYvAB.exe
  C:\Windows\System\qmLYvAB.exe
  2⤵
  PID:3708
- C:\Windows\System\ItsRMnh.exe
  C:\Windows\System\ItsRMnh.exe
  2⤵
  PID:2156
- C:\Windows\System\hlfFZYl.exe
  C:\Windows\System\hlfFZYl.exe
  2⤵
  PID:2968
- C:\Windows\System\UOMGxTL.exe
  C:\Windows\System\UOMGxTL.exe
  2⤵
  PID:3816
- C:\Windows\System\RXFcUEw.exe
  C:\Windows\System\RXFcUEw.exe
  2⤵
  PID:4008
- C:\Windows\System\qjMRCdV.exe
  C:\Windows\System\qjMRCdV.exe
  2⤵
  PID:1228
- C:\Windows\System\GPaoHeq.exe
  C:\Windows\System\GPaoHeq.exe
  2⤵
  PID:700
- C:\Windows\System\pWtovVa.exe
  C:\Windows\System\pWtovVa.exe
  2⤵
  PID:4108
- C:\Windows\System\ybiFPAY.exe
  C:\Windows\System\ybiFPAY.exe
  2⤵
  PID:4124
- C:\Windows\System\TwncZJy.exe
  C:\Windows\System\TwncZJy.exe
  2⤵
  PID:4168
- C:\Windows\System\nkIhKvu.exe
  C:\Windows\System\nkIhKvu.exe
  2⤵
  PID:4184
- C:\Windows\System\hiVCAoS.exe
  C:\Windows\System\hiVCAoS.exe
  2⤵
  PID:4200
- C:\Windows\System\MHfxgRA.exe
  C:\Windows\System\MHfxgRA.exe
  2⤵
  PID:4220
- C:\Windows\System\wMZWMHI.exe
  C:\Windows\System\wMZWMHI.exe
  2⤵
  PID:4240
- C:\Windows\System\Fudmsbg.exe
  C:\Windows\System\Fudmsbg.exe
  2⤵
  PID:4260
- C:\Windows\System\WggjVYN.exe
  C:\Windows\System\WggjVYN.exe
  2⤵
  PID:4276
- C:\Windows\System\basvxvC.exe
  C:\Windows\System\basvxvC.exe
  2⤵
  PID:4308
- C:\Windows\System\qGJShxf.exe
  C:\Windows\System\qGJShxf.exe
  2⤵
  PID:4324
- C:\Windows\System\rNFxURd.exe
  C:\Windows\System\rNFxURd.exe
  2⤵
  PID:4340
- C:\Windows\System\ciqiUUE.exe
  C:\Windows\System\ciqiUUE.exe
  2⤵
  PID:4356
- C:\Windows\System\haXDSCC.exe
  C:\Windows\System\haXDSCC.exe
  2⤵
  PID:4372
- C:\Windows\System\JBWvtGA.exe
  C:\Windows\System\JBWvtGA.exe
  2⤵
  PID:4396
- C:\Windows\System\HbSPWxr.exe
  C:\Windows\System\HbSPWxr.exe
  2⤵
  PID:4420
- C:\Windows\System\draiEPv.exe
  C:\Windows\System\draiEPv.exe
  2⤵
  PID:4440
- C:\Windows\System\XWEIuPi.exe
  C:\Windows\System\XWEIuPi.exe
  2⤵
  PID:4456
- C:\Windows\System\MGnFugx.exe
  C:\Windows\System\MGnFugx.exe
  2⤵
  PID:4472
- C:\Windows\System\hbgLWjM.exe
  C:\Windows\System\hbgLWjM.exe
  2⤵
  PID:4488
- C:\Windows\System\kruGxxs.exe
  C:\Windows\System\kruGxxs.exe
  2⤵
  PID:4508
- C:\Windows\System\pFxVSuS.exe
  C:\Windows\System\pFxVSuS.exe
  2⤵
  PID:4544
- C:\Windows\System\mfbdQuz.exe
  C:\Windows\System\mfbdQuz.exe
  2⤵
  PID:4568
- C:\Windows\System\tZNJRmj.exe
  C:\Windows\System\tZNJRmj.exe
  2⤵
  PID:4584
- C:\Windows\System\AwfXBhF.exe
  C:\Windows\System\AwfXBhF.exe
  2⤵
  PID:4600
- C:\Windows\System\cfrOfxF.exe
  C:\Windows\System\cfrOfxF.exe
  2⤵
  PID:4616
- C:\Windows\System\JQYLZda.exe
  C:\Windows\System\JQYLZda.exe
  2⤵
  PID:4632
- C:\Windows\System\oOFyruz.exe
  C:\Windows\System\oOFyruz.exe
  2⤵
  PID:4648
- C:\Windows\System\bkBYkNo.exe
  C:\Windows\System\bkBYkNo.exe
  2⤵
  PID:4664
- C:\Windows\System\ZEUxVlt.exe
  C:\Windows\System\ZEUxVlt.exe
  2⤵
  PID:4684
- C:\Windows\System\wKlDlPk.exe
  C:\Windows\System\wKlDlPk.exe
  2⤵
  PID:4700
- C:\Windows\System\droIBHl.exe
  C:\Windows\System\droIBHl.exe
  2⤵
  PID:4716
- C:\Windows\System\aqnsOMF.exe
  C:\Windows\System\aqnsOMF.exe
  2⤵
  PID:4732
- C:\Windows\System\jSypzCt.exe
  C:\Windows\System\jSypzCt.exe
  2⤵
  PID:4748
- C:\Windows\System\rQYBacU.exe
  C:\Windows\System\rQYBacU.exe
  2⤵
  PID:4772
- C:\Windows\System\BbwdiGi.exe
  C:\Windows\System\BbwdiGi.exe
  2⤵
  PID:4792
- C:\Windows\System\BGyCjSl.exe
  C:\Windows\System\BGyCjSl.exe
  2⤵
  PID:4812
- C:\Windows\System\UiGgLgN.exe
  C:\Windows\System\UiGgLgN.exe
  2⤵
  PID:4852
- C:\Windows\System\nJOZuMk.exe
  C:\Windows\System\nJOZuMk.exe
  2⤵
  PID:4868
- C:\Windows\System\OIBGWPe.exe
  C:\Windows\System\OIBGWPe.exe
  2⤵
  PID:4900
- C:\Windows\System\nIQAqZw.exe
  C:\Windows\System\nIQAqZw.exe
  2⤵
  PID:4920
- C:\Windows\System\EYosqZh.exe
  C:\Windows\System\EYosqZh.exe
  2⤵
  PID:4936
- C:\Windows\System\apSbbpS.exe
  C:\Windows\System\apSbbpS.exe
  2⤵
  PID:4952
- C:\Windows\System\oizQbNI.exe
  C:\Windows\System\oizQbNI.exe
  2⤵
  PID:4972
- C:\Windows\System\maxkaRw.exe
  C:\Windows\System\maxkaRw.exe
  2⤵
  PID:4996
- C:\Windows\System\bbfEOcw.exe
  C:\Windows\System\bbfEOcw.exe
  2⤵
  PID:5012
- C:\Windows\System\eGIIeTP.exe
  C:\Windows\System\eGIIeTP.exe
  2⤵
  PID:5028
- C:\Windows\System\qmpjveT.exe
  C:\Windows\System\qmpjveT.exe
  2⤵
  PID:5068
- C:\Windows\System\icRHUQi.exe
  C:\Windows\System\icRHUQi.exe
  2⤵
  PID:5084
- C:\Windows\System\hOKjxES.exe
  C:\Windows\System\hOKjxES.exe
  2⤵
  PID:5100
- C:\Windows\System\pKXZLff.exe
  C:\Windows\System\pKXZLff.exe
  2⤵
  PID:3948
- C:\Windows\System\SKSLFou.exe
  C:\Windows\System\SKSLFou.exe
  2⤵
  PID:4116
- C:\Windows\System\DJPitws.exe
  C:\Windows\System\DJPitws.exe
  2⤵
  PID:1640
- C:\Windows\System\rrVrxFI.exe
  C:\Windows\System\rrVrxFI.exe
  2⤵
  PID:4140
- C:\Windows\System\qAJWdkA.exe
  C:\Windows\System\qAJWdkA.exe
  2⤵
  PID:4148
- C:\Windows\System\KLJnMrD.exe
  C:\Windows\System\KLJnMrD.exe
  2⤵
  PID:4144
- C:\Windows\System\juTTqJN.exe
  C:\Windows\System\juTTqJN.exe
  2⤵
  PID:4192
- C:\Windows\System\CiXWDVs.exe
  C:\Windows\System\CiXWDVs.exe
  2⤵
  PID:4196
- C:\Windows\System\OvopciA.exe
  C:\Windows\System\OvopciA.exe
  2⤵
  PID:4288
- C:\Windows\System\ifoMmjm.exe
  C:\Windows\System\ifoMmjm.exe
  2⤵
  PID:4304
- C:\Windows\System\DgapuEJ.exe
  C:\Windows\System\DgapuEJ.exe
  2⤵
  PID:4300
- C:\Windows\System\lNtfxKA.exe
  C:\Windows\System\lNtfxKA.exe
  2⤵
  PID:4320
- C:\Windows\System\FSQwBAs.exe
  C:\Windows\System\FSQwBAs.exe
  2⤵
  PID:4368
- C:\Windows\System\sXjAEPm.exe
  C:\Windows\System\sXjAEPm.exe
  2⤵
  PID:4384
- C:\Windows\System\IrGSGKJ.exe
  C:\Windows\System\IrGSGKJ.exe
  2⤵
  PID:4432
- C:\Windows\System\zEnYKGc.exe
  C:\Windows\System\zEnYKGc.exe
  2⤵
  PID:4516
- C:\Windows\System\OyVCIVL.exe
  C:\Windows\System\OyVCIVL.exe
  2⤵
  PID:4524
- C:\Windows\System\tavWGbK.exe
  C:\Windows\System\tavWGbK.exe
  2⤵
  PID:4536
- C:\Windows\System\ykuNUnV.exe
  C:\Windows\System\ykuNUnV.exe
  2⤵
  PID:4500
- C:\Windows\System\MrjmeTw.exe
  C:\Windows\System\MrjmeTw.exe
  2⤵
  PID:4560
- C:\Windows\System\IHSAqjP.exe
  C:\Windows\System\IHSAqjP.exe
  2⤵
  PID:4676
- C:\Windows\System\eRMhjQq.exe
  C:\Windows\System\eRMhjQq.exe
  2⤵
  PID:4644
- C:\Windows\System\KvvVfdw.exe
  C:\Windows\System\KvvVfdw.exe
  2⤵
  PID:4712
- C:\Windows\System\KFhcENm.exe
  C:\Windows\System\KFhcENm.exe
  2⤵
  PID:4784
- C:\Windows\System\jZGzBVv.exe
  C:\Windows\System\jZGzBVv.exe
  2⤵
  PID:4696
- C:\Windows\System\WbpVIvb.exe
  C:\Windows\System\WbpVIvb.exe
  2⤵
  PID:4760
- C:\Windows\System\xGzSjZb.exe
  C:\Windows\System\xGzSjZb.exe
  2⤵
  PID:4828
- C:\Windows\System\ruWwUkJ.exe
  C:\Windows\System\ruWwUkJ.exe
  2⤵
  PID:4844
- C:\Windows\System\NFxuyTB.exe
  C:\Windows\System\NFxuyTB.exe
  2⤵
  PID:4848
- C:\Windows\System\LigJrrA.exe
  C:\Windows\System\LigJrrA.exe
  2⤵
  PID:4888
- C:\Windows\System\rowguWl.exe
  C:\Windows\System\rowguWl.exe
  2⤵
  PID:4960
- C:\Windows\System\JuqqiTo.exe
  C:\Windows\System\JuqqiTo.exe
  2⤵
  PID:5004
- C:\Windows\System\YtKtjYg.exe
  C:\Windows\System\YtKtjYg.exe
  2⤵
  PID:5048
- C:\Windows\System\NHWbNwb.exe
  C:\Windows\System\NHWbNwb.exe
  2⤵
  PID:4916
- C:\Windows\System\VqCVDuu.exe
  C:\Windows\System\VqCVDuu.exe
  2⤵
  PID:4984
- C:\Windows\System\PNkZayC.exe
  C:\Windows\System\PNkZayC.exe
  2⤵
  PID:5024
- C:\Windows\System\MojBtye.exe
  C:\Windows\System\MojBtye.exe
  2⤵
  PID:5060
- C:\Windows\System\bqQmWbF.exe
  C:\Windows\System\bqQmWbF.exe
  2⤵
  PID:5076
- C:\Windows\System\KyxltvM.exe
  C:\Windows\System\KyxltvM.exe
  2⤵
  PID:4100
- C:\Windows\System\ZzLYkOw.exe
  C:\Windows\System\ZzLYkOw.exe
  2⤵
  PID:5108
- C:\Windows\System\EuoYPuC.exe
  C:\Windows\System\EuoYPuC.exe
  2⤵
  PID:4164
- C:\Windows\System\gqvMIsH.exe
  C:\Windows\System\gqvMIsH.exe
  2⤵
  PID:4212
- C:\Windows\System\NcHRoYY.exe
  C:\Windows\System\NcHRoYY.exe
  2⤵
  PID:4236
- C:\Windows\System\tsjrCbc.exe
  C:\Windows\System\tsjrCbc.exe
  2⤵
  PID:4292
- C:\Windows\System\jEgsRmG.exe
  C:\Windows\System\jEgsRmG.exe
  2⤵
  PID:4176
- C:\Windows\System\DDcnoMh.exe
  C:\Windows\System\DDcnoMh.exe
  2⤵
  PID:316
- C:\Windows\System\pCHVmsa.exe
  C:\Windows\System\pCHVmsa.exe
  2⤵
  PID:4408
- C:\Windows\System\XYcJVnr.exe
  C:\Windows\System\XYcJVnr.exe
  2⤵
  PID:2928
- C:\Windows\System\RYfhzHD.exe
  C:\Windows\System\RYfhzHD.exe
  2⤵
  PID:4744
- C:\Windows\System\MwCfZun.exe
  C:\Windows\System\MwCfZun.exe
  2⤵
  PID:4532
- C:\Windows\System\pwqVUkY.exe
  C:\Windows\System\pwqVUkY.exe
  2⤵
  PID:4640
- C:\Windows\System\djuBrnW.exe
  C:\Windows\System\djuBrnW.exe
  2⤵
  PID:4392
- C:\Windows\System\OZQYUpU.exe
  C:\Windows\System\OZQYUpU.exe
  2⤵
  PID:4428
- C:\Windows\System\tddKHfi.exe
  C:\Windows\System\tddKHfi.exe
  2⤵
  PID:4820
- C:\Windows\System\IbDjfzx.exe
  C:\Windows\System\IbDjfzx.exe
  2⤵
  PID:4496
- C:\Windows\System\LOopvbt.exe
  C:\Windows\System\LOopvbt.exe
  2⤵
  PID:4708
- C:\Windows\System\ZEzSRZn.exe
  C:\Windows\System\ZEzSRZn.exe
  2⤵
  PID:4596
- C:\Windows\System\riymPKl.exe
  C:\Windows\System\riymPKl.exe
  2⤵
  PID:4836
- C:\Windows\System\hLzOtoc.exe
  C:\Windows\System\hLzOtoc.exe
  2⤵
  PID:4860
- C:\Windows\System\UhjAIml.exe
  C:\Windows\System\UhjAIml.exe
  2⤵
  PID:2052
- C:\Windows\System\qRxOYgQ.exe
  C:\Windows\System\qRxOYgQ.exe
  2⤵
  PID:3036
- C:\Windows\System\DECFRgI.exe
  C:\Windows\System\DECFRgI.exe
  2⤵
  PID:5092
- C:\Windows\System\DnlQHjX.exe
  C:\Windows\System\DnlQHjX.exe
  2⤵
  PID:4980
- C:\Windows\System\djwihaN.exe
  C:\Windows\System\djwihaN.exe
  2⤵
  PID:3032
- C:\Windows\System\ILZwAXV.exe
  C:\Windows\System\ILZwAXV.exe
  2⤵
  PID:3572
- C:\Windows\System\InXEKyG.exe
  C:\Windows\System\InXEKyG.exe
  2⤵
  PID:4228
- C:\Windows\System\UriZBeS.exe
  C:\Windows\System\UriZBeS.exe
  2⤵
  PID:4252
- C:\Windows\System\yXrLfCM.exe
  C:\Windows\System\yXrLfCM.exe
  2⤵
  PID:4316
- C:\Windows\System\OCuHWxZ.exe
  C:\Windows\System\OCuHWxZ.exe
  2⤵
  PID:4728
- C:\Windows\System\eKpxpbW.exe
  C:\Windows\System\eKpxpbW.exe
  2⤵
  PID:4724
- C:\Windows\System\ypNRBJl.exe
  C:\Windows\System\ypNRBJl.exe
  2⤵
  PID:4468
- C:\Windows\System\qdyEZaH.exe
  C:\Windows\System\qdyEZaH.exe
  2⤵
  PID:4680
- C:\Windows\System\OBPTZwM.exe
  C:\Windows\System\OBPTZwM.exe
  2⤵
  PID:4520
- C:\Windows\System\exYdHAx.exe
  C:\Windows\System\exYdHAx.exe
  2⤵
  PID:4580
- C:\Windows\System\OFZnSho.exe
  C:\Windows\System\OFZnSho.exe
  2⤵
  PID:4012
- C:\Windows\System\lTJUPiq.exe
  C:\Windows\System\lTJUPiq.exe
  2⤵
  PID:4992
- C:\Windows\System\sTyBuma.exe
  C:\Windows\System\sTyBuma.exe
  2⤵
  PID:3964
- C:\Windows\System\idfyMwu.exe
  C:\Windows\System\idfyMwu.exe
  2⤵
  PID:5116
- C:\Windows\System\eZctyFk.exe
  C:\Windows\System\eZctyFk.exe
  2⤵
  PID:4296
- C:\Windows\System\lfZRQsD.exe
  C:\Windows\System\lfZRQsD.exe
  2⤵
  PID:4612
- C:\Windows\System\IDvRtcF.exe
  C:\Windows\System\IDvRtcF.exe
  2⤵
  PID:4416
- C:\Windows\System\KXxwjYs.exe
  C:\Windows\System\KXxwjYs.exe
  2⤵
  PID:4576
- C:\Windows\System\zBBPXpf.exe
  C:\Windows\System\zBBPXpf.exe
  2⤵
  PID:4864
- C:\Windows\System\LMrfBPO.exe
  C:\Windows\System\LMrfBPO.exe
  2⤵
  PID:1696
- C:\Windows\System\toACkvR.exe
  C:\Windows\System\toACkvR.exe
  2⤵
  PID:4528
- C:\Windows\System\jzNXzyH.exe
  C:\Windows\System\jzNXzyH.exe
  2⤵
  PID:4272
- C:\Windows\System\hryFeMO.exe
  C:\Windows\System\hryFeMO.exe
  2⤵
  PID:4764
- C:\Windows\System\VaMZDLK.exe
  C:\Windows\System\VaMZDLK.exe
  2⤵
  PID:5128
- C:\Windows\System\YIySWOB.exe
  C:\Windows\System\YIySWOB.exe
  2⤵
  PID:5144
- C:\Windows\System\JBZWMva.exe
  C:\Windows\System\JBZWMva.exe
  2⤵
  PID:5160
- C:\Windows\System\zEJaJax.exe
  C:\Windows\System\zEJaJax.exe
  2⤵
  PID:5176
- C:\Windows\System\jTzDrNp.exe
  C:\Windows\System\jTzDrNp.exe
  2⤵
  PID:5192
- C:\Windows\System\xLRQtVO.exe
  C:\Windows\System\xLRQtVO.exe
  2⤵
  PID:5208
- C:\Windows\System\lnkCiBc.exe
  C:\Windows\System\lnkCiBc.exe
  2⤵
  PID:5224
- C:\Windows\System\UexTJQl.exe
  C:\Windows\System\UexTJQl.exe
  2⤵
  PID:5240
- C:\Windows\System\vpaDlkV.exe
  C:\Windows\System\vpaDlkV.exe
  2⤵
  PID:5256
- C:\Windows\System\qZOiYrJ.exe
  C:\Windows\System\qZOiYrJ.exe
  2⤵
  PID:5272
- C:\Windows\System\nQrcwYs.exe
  C:\Windows\System\nQrcwYs.exe
  2⤵
  PID:5288
- C:\Windows\System\jLHwAbD.exe
  C:\Windows\System\jLHwAbD.exe
  2⤵
  PID:5304
- C:\Windows\System\HRLNrkv.exe
  C:\Windows\System\HRLNrkv.exe
  2⤵
  PID:5320
- C:\Windows\System\TmBYJWo.exe
  C:\Windows\System\TmBYJWo.exe
  2⤵
  PID:5336
- C:\Windows\System\WSgetFS.exe
  C:\Windows\System\WSgetFS.exe
  2⤵
  PID:5352
- C:\Windows\System\yJHceHI.exe
  C:\Windows\System\yJHceHI.exe
  2⤵
  PID:5368
- C:\Windows\System\KtQJYbf.exe
  C:\Windows\System\KtQJYbf.exe
  2⤵
  PID:5384
- C:\Windows\System\GYnSKxi.exe
  C:\Windows\System\GYnSKxi.exe
  2⤵
  PID:5400
- C:\Windows\System\jqBzyEl.exe
  C:\Windows\System\jqBzyEl.exe
  2⤵
  PID:5416
- C:\Windows\System\jtvEbLA.exe
  C:\Windows\System\jtvEbLA.exe
  2⤵
  PID:5432
- C:\Windows\System\IEZCIyF.exe
  C:\Windows\System\IEZCIyF.exe
  2⤵
  PID:5448
- C:\Windows\System\qtJBsoc.exe
  C:\Windows\System\qtJBsoc.exe
  2⤵
  PID:5464
- C:\Windows\System\RUXthBg.exe
  C:\Windows\System\RUXthBg.exe
  2⤵
  PID:5480
- C:\Windows\System\XRafaec.exe
  C:\Windows\System\XRafaec.exe
  2⤵
  PID:5496
- C:\Windows\System\rMHkznY.exe
  C:\Windows\System\rMHkznY.exe
  2⤵
  PID:5512
- C:\Windows\System\rbzzfoN.exe
  C:\Windows\System\rbzzfoN.exe
  2⤵
  PID:5528
- C:\Windows\System\vKAhEdR.exe
  C:\Windows\System\vKAhEdR.exe
  2⤵
  PID:5544
- C:\Windows\System\SUcjhyO.exe
  C:\Windows\System\SUcjhyO.exe
  2⤵
  PID:5560
- C:\Windows\System\dAaXUwR.exe
  C:\Windows\System\dAaXUwR.exe
  2⤵
  PID:5576
- C:\Windows\System\pYWvNPc.exe
  C:\Windows\System\pYWvNPc.exe
  2⤵
  PID:5592
- C:\Windows\System\AYGybTl.exe
  C:\Windows\System\AYGybTl.exe
  2⤵
  PID:5608
- C:\Windows\System\AzVbMDT.exe
  C:\Windows\System\AzVbMDT.exe
  2⤵
  PID:5624
- C:\Windows\System\oeKsjJx.exe
  C:\Windows\System\oeKsjJx.exe
  2⤵
  PID:5640
- C:\Windows\System\jPPNIrR.exe
  C:\Windows\System\jPPNIrR.exe
  2⤵
  PID:5656
- C:\Windows\System\kvrNrVX.exe
  C:\Windows\System\kvrNrVX.exe
  2⤵
  PID:5672
- C:\Windows\System\tOuLfvo.exe
  C:\Windows\System\tOuLfvo.exe
  2⤵
  PID:5688
- C:\Windows\System\jPnJHag.exe
  C:\Windows\System\jPnJHag.exe
  2⤵
  PID:5704
- C:\Windows\System\HmFYFuo.exe
  C:\Windows\System\HmFYFuo.exe
  2⤵
  PID:5720
- C:\Windows\System\kYpxuqM.exe
  C:\Windows\System\kYpxuqM.exe
  2⤵
  PID:5740
- C:\Windows\System\DbkmmTS.exe
  C:\Windows\System\DbkmmTS.exe
  2⤵
  PID:5756
- C:\Windows\System\uzlRblg.exe
  C:\Windows\System\uzlRblg.exe
  2⤵
  PID:5772
- C:\Windows\System\WRKEyRM.exe
  C:\Windows\System\WRKEyRM.exe
  2⤵
  PID:5788
- C:\Windows\System\APsiPWQ.exe
  C:\Windows\System\APsiPWQ.exe
  2⤵
  PID:5804
- C:\Windows\System\rbmPbTH.exe
  C:\Windows\System\rbmPbTH.exe
  2⤵
  PID:5820
- C:\Windows\System\nrWMfoO.exe
  C:\Windows\System\nrWMfoO.exe
  2⤵
  PID:5836
- C:\Windows\System\vpwYljs.exe
  C:\Windows\System\vpwYljs.exe
  2⤵
  PID:5852
- C:\Windows\System\YqajoWF.exe
  C:\Windows\System\YqajoWF.exe
  2⤵
  PID:5868
- C:\Windows\System\wTfNtGK.exe
  C:\Windows\System\wTfNtGK.exe
  2⤵
  PID:5884
- C:\Windows\System\bKKYOcu.exe
  C:\Windows\System\bKKYOcu.exe
  2⤵
  PID:5900
- C:\Windows\System\hbWqSYB.exe
  C:\Windows\System\hbWqSYB.exe
  2⤵
  PID:5916
- C:\Windows\System\IQTiBTC.exe
  C:\Windows\System\IQTiBTC.exe
  2⤵
  PID:5932
- C:\Windows\System\CciIoKJ.exe
  C:\Windows\System\CciIoKJ.exe
  2⤵
  PID:5948
- C:\Windows\System\bVVpZFN.exe
  C:\Windows\System\bVVpZFN.exe
  2⤵
  PID:5964
- C:\Windows\System\hiCpblf.exe
  C:\Windows\System\hiCpblf.exe
  2⤵
  PID:5980
- C:\Windows\System\EisHqBZ.exe
  C:\Windows\System\EisHqBZ.exe
  2⤵
  PID:5996
- C:\Windows\System\XKBBjrN.exe
  C:\Windows\System\XKBBjrN.exe
  2⤵
  PID:6012
- C:\Windows\System\YctmhTG.exe
  C:\Windows\System\YctmhTG.exe
  2⤵
  PID:6028
- C:\Windows\System\lYIdeEd.exe
  C:\Windows\System\lYIdeEd.exe
  2⤵
  PID:6044
- C:\Windows\System\elDXsQv.exe
  C:\Windows\System\elDXsQv.exe
  2⤵
  PID:6068
- C:\Windows\System\ogGcJAt.exe
  C:\Windows\System\ogGcJAt.exe
  2⤵
  PID:6084
- C:\Windows\System\QVapFhi.exe
  C:\Windows\System\QVapFhi.exe
  2⤵
  PID:6100
- C:\Windows\System\WwTeArD.exe
  C:\Windows\System\WwTeArD.exe
  2⤵
  PID:6116
- C:\Windows\System\YXkIDgM.exe
  C:\Windows\System\YXkIDgM.exe
  2⤵
  PID:6132
- C:\Windows\System\anIFxoI.exe
  C:\Windows\System\anIFxoI.exe
  2⤵
  PID:5040
- C:\Windows\System\eeRcXxm.exe
  C:\Windows\System\eeRcXxm.exe
  2⤵
  PID:5184
- C:\Windows\System\KceSzNU.exe
  C:\Windows\System\KceSzNU.exe
  2⤵
  PID:5140
- C:\Windows\System\pvMIJdH.exe
  C:\Windows\System\pvMIJdH.exe
  2⤵
  PID:5168
- C:\Windows\System\dNNpyjr.exe
  C:\Windows\System\dNNpyjr.exe
  2⤵
  PID:5204
- C:\Windows\System\FLpvWkr.exe
  C:\Windows\System\FLpvWkr.exe
  2⤵
  PID:5252
- C:\Windows\System\qCfVXGr.exe
  C:\Windows\System\qCfVXGr.exe
  2⤵
  PID:5344
- C:\Windows\System\aCdioIY.exe
  C:\Windows\System\aCdioIY.exe
  2⤵
  PID:5232
- C:\Windows\System\jrKgxMX.exe
  C:\Windows\System\jrKgxMX.exe
  2⤵
  PID:5268
- C:\Windows\System\GBXwGky.exe
  C:\Windows\System\GBXwGky.exe
  2⤵
  PID:5328
- C:\Windows\System\wsRFCob.exe
  C:\Windows\System\wsRFCob.exe
  2⤵
  PID:5412
- C:\Windows\System\NYcCDhC.exe
  C:\Windows\System\NYcCDhC.exe
  2⤵
  PID:5396
- C:\Windows\System\enSCDpA.exe
  C:\Windows\System\enSCDpA.exe
  2⤵
  PID:5456
- C:\Windows\System\CpFDNce.exe
  C:\Windows\System\CpFDNce.exe
  2⤵
  PID:5508
- C:\Windows\System\XnEGISi.exe
  C:\Windows\System\XnEGISi.exe
  2⤵
  PID:5488
- C:\Windows\System\CPCkTDT.exe
  C:\Windows\System\CPCkTDT.exe
  2⤵
  PID:5600
- C:\Windows\System\pYYEkWi.exe
  C:\Windows\System\pYYEkWi.exe
  2⤵
  PID:5552
- C:\Windows\System\nxbxXwF.exe
  C:\Windows\System\nxbxXwF.exe
  2⤵
  PID:5664
- C:\Windows\System\XeRexWx.exe
  C:\Windows\System\XeRexWx.exe
  2⤵
  PID:5524
- C:\Windows\System\IWWrEuI.exe
  C:\Windows\System\IWWrEuI.exe
  2⤵
  PID:5684
- C:\Windows\System\FdhncvA.exe
  C:\Windows\System\FdhncvA.exe
  2⤵
  PID:3596
- C:\Windows\System\ZIGCqLb.exe
  C:\Windows\System\ZIGCqLb.exe
  2⤵
  PID:5752
- C:\Windows\System\HHoNCvF.exe
  C:\Windows\System\HHoNCvF.exe
  2⤵
  PID:5768
- C:\Windows\System\wbepJmT.exe
  C:\Windows\System\wbepJmT.exe
  2⤵
  PID:5800
- C:\Windows\System\DtVNrzg.exe
  C:\Windows\System\DtVNrzg.exe
  2⤵
  PID:5816
- C:\Windows\System\MOwubgE.exe
  C:\Windows\System\MOwubgE.exe
  2⤵
  PID:2932
- C:\Windows\System\zbSZxIX.exe
  C:\Windows\System\zbSZxIX.exe
  2⤵
  PID:5928
- C:\Windows\System\EQipUWR.exe
  C:\Windows\System\EQipUWR.exe
  2⤵
  PID:3976
- C:\Windows\System\EObjkdw.exe
  C:\Windows\System\EObjkdw.exe
  2⤵
  PID:6024
- C:\Windows\System\AVpuyXJ.exe
  C:\Windows\System\AVpuyXJ.exe
  2⤵
  PID:5880
- C:\Windows\System\QELiEto.exe
  C:\Windows\System\QELiEto.exe
  2⤵
  PID:5912
- C:\Windows\System\cdeYyfo.exe
  C:\Windows\System\cdeYyfo.exe
  2⤵
  PID:5976
- C:\Windows\System\bHXAWpO.exe
  C:\Windows\System\bHXAWpO.exe
  2⤵
  PID:6064
- C:\Windows\System\otZLJYQ.exe
  C:\Windows\System\otZLJYQ.exe
  2⤵
  PID:6124
- C:\Windows\System\DqmiYAd.exe
  C:\Windows\System\DqmiYAd.exe
  2⤵
  PID:6140
- C:\Windows\System\YPBKFav.exe
  C:\Windows\System\YPBKFav.exe
  2⤵
  PID:6108
- C:\Windows\System\GozgXuA.exe
  C:\Windows\System\GozgXuA.exe
  2⤵
  PID:5312
- C:\Windows\System\deefXoF.exe
  C:\Windows\System\deefXoF.exe
  2⤵
  PID:5376
- C:\Windows\System\otWFoHV.exe
  C:\Windows\System\otWFoHV.exe
  2⤵
  PID:5428
- C:\Windows\System\jWFVJZo.exe
  C:\Windows\System\jWFVJZo.exe
  2⤵
  PID:5568
- C:\Windows\System\iurFSWP.exe
  C:\Windows\System\iurFSWP.exe
  2⤵
  PID:5392
- C:\Windows\System\rMXTrnC.exe
  C:\Windows\System\rMXTrnC.exe
  2⤵
  PID:5492
- C:\Windows\System\TazlhJG.exe
  C:\Windows\System\TazlhJG.exe
  2⤵
  PID:5632
- C:\Windows\System\SABUpIz.exe
  C:\Windows\System\SABUpIz.exe
  2⤵
  PID:5732
- C:\Windows\System\qKERXpA.exe
  C:\Windows\System\qKERXpA.exe
  2⤵
  PID:5680
- C:\Windows\System\DrQyKNi.exe
  C:\Windows\System\DrQyKNi.exe
  2⤵
  PID:5812
- C:\Windows\System\pvYojpo.exe
  C:\Windows\System\pvYojpo.exe
  2⤵
  PID:5864
- C:\Windows\System\eVgzdmc.exe
  C:\Windows\System\eVgzdmc.exe
  2⤵
  PID:5876
- C:\Windows\System\YyMJdep.exe
  C:\Windows\System\YyMJdep.exe
  2⤵
  PID:5944
- C:\Windows\System\ZlnQOtE.exe
  C:\Windows\System\ZlnQOtE.exe
  2⤵
  PID:5156
- C:\Windows\System\DqdmMeJ.exe
  C:\Windows\System\DqdmMeJ.exe
  2⤵
  PID:6056
- C:\Windows\System\UWTRnxc.exe
  C:\Windows\System\UWTRnxc.exe
  2⤵
  PID:5248
- C:\Windows\System\DhEkREP.exe
  C:\Windows\System\DhEkREP.exe
  2⤵
  PID:5200
- C:\Windows\System\cMogLdu.exe
  C:\Windows\System\cMogLdu.exe
  2⤵
  PID:5584
- C:\Windows\System\JHfpWAR.exe
  C:\Windows\System\JHfpWAR.exe
  2⤵
  PID:5504
- C:\Windows\System\UtqMIeU.exe
  C:\Windows\System\UtqMIeU.exe
  2⤵
  PID:5520
- C:\Windows\System\WYmTweE.exe
  C:\Windows\System\WYmTweE.exe
  2⤵
  PID:5832
- C:\Windows\System\LjDdUyU.exe
  C:\Windows\System\LjDdUyU.exe
  2⤵
  PID:5716
- C:\Windows\System\kSYLTHL.exe
  C:\Windows\System\kSYLTHL.exe
  2⤵
  PID:6096
- C:\Windows\System\oOsznyP.exe
  C:\Windows\System\oOsznyP.exe
  2⤵
  PID:5360
- C:\Windows\System\WJQRJOz.exe
  C:\Windows\System\WJQRJOz.exe
  2⤵
  PID:5648
- C:\Windows\System\AjFVNKb.exe
  C:\Windows\System\AjFVNKb.exe
  2⤵
  PID:5992
- C:\Windows\System\oBROabg.exe
  C:\Windows\System\oBROabg.exe
  2⤵
  PID:4448
- C:\Windows\System\KBkYVGY.exe
  C:\Windows\System\KBkYVGY.exe
  2⤵
  PID:5472
- C:\Windows\System\KzeThgB.exe
  C:\Windows\System\KzeThgB.exe
  2⤵
  PID:6156
- C:\Windows\System\vbXKXsN.exe
  C:\Windows\System\vbXKXsN.exe
  2⤵
  PID:6172
- C:\Windows\System\QbZghXx.exe
  C:\Windows\System\QbZghXx.exe
  2⤵
  PID:6188
- C:\Windows\System\duYTWZm.exe
  C:\Windows\System\duYTWZm.exe
  2⤵
  PID:6204
- C:\Windows\System\ATjjZpE.exe
  C:\Windows\System\ATjjZpE.exe
  2⤵
  PID:6220
- C:\Windows\System\zzigOJe.exe
  C:\Windows\System\zzigOJe.exe
  2⤵
  PID:6236
- C:\Windows\System\UszOEwT.exe
  C:\Windows\System\UszOEwT.exe
  2⤵
  PID:6252
- C:\Windows\System\NbktdWM.exe
  C:\Windows\System\NbktdWM.exe
  2⤵
  PID:6268
- C:\Windows\System\hxjSSGa.exe
  C:\Windows\System\hxjSSGa.exe
  2⤵
  PID:6284
- C:\Windows\System\JkmXaVG.exe
  C:\Windows\System\JkmXaVG.exe
  2⤵
  PID:6300
- C:\Windows\System\sgPEJfg.exe
  C:\Windows\System\sgPEJfg.exe
  2⤵
  PID:6316
- C:\Windows\System\cFElkMS.exe
  C:\Windows\System\cFElkMS.exe
  2⤵
  PID:6332
- C:\Windows\System\xUXYNrR.exe
  C:\Windows\System\xUXYNrR.exe
  2⤵
  PID:6348
- C:\Windows\System\HtTmnmS.exe
  C:\Windows\System\HtTmnmS.exe
  2⤵
  PID:6364
- C:\Windows\System\XqgIdyj.exe
  C:\Windows\System\XqgIdyj.exe
  2⤵
  PID:6380
- C:\Windows\System\SbZqoBr.exe
  C:\Windows\System\SbZqoBr.exe
  2⤵
  PID:6396
- C:\Windows\System\PLtJSuO.exe
  C:\Windows\System\PLtJSuO.exe
  2⤵
  PID:6412
- C:\Windows\System\BPrwUmv.exe
  C:\Windows\System\BPrwUmv.exe
  2⤵
  PID:6428
- C:\Windows\System\GZIWNxp.exe
  C:\Windows\System\GZIWNxp.exe
  2⤵
  PID:6444
- C:\Windows\System\cDkAOPp.exe
  C:\Windows\System\cDkAOPp.exe
  2⤵
  PID:6460
- C:\Windows\System\AIkNMeT.exe
  C:\Windows\System\AIkNMeT.exe
  2⤵
  PID:6492
- C:\Windows\System\pFXDtvb.exe
  C:\Windows\System\pFXDtvb.exe
  2⤵
  PID:6508
- C:\Windows\System\sPkYieG.exe
  C:\Windows\System\sPkYieG.exe
  2⤵
  PID:6524
- C:\Windows\System\EFohDIS.exe
  C:\Windows\System\EFohDIS.exe
  2⤵
  PID:6540
- C:\Windows\System\lcfplJG.exe
  C:\Windows\System\lcfplJG.exe
  2⤵
  PID:6556
- C:\Windows\System\xKaLxEh.exe
  C:\Windows\System\xKaLxEh.exe
  2⤵
  PID:6572
- C:\Windows\System\BKAZXtc.exe
  C:\Windows\System\BKAZXtc.exe
  2⤵
  PID:6592
- C:\Windows\System\vpbdgRq.exe
  C:\Windows\System\vpbdgRq.exe
  2⤵
  PID:6608
- C:\Windows\System\zKhLFDh.exe
  C:\Windows\System\zKhLFDh.exe
  2⤵
  PID:6628
- C:\Windows\System\hOQiMFv.exe
  C:\Windows\System\hOQiMFv.exe
  2⤵
  PID:6644
- C:\Windows\System\tnpfCfH.exe
  C:\Windows\System\tnpfCfH.exe
  2⤵
  PID:6660
- C:\Windows\System\wkjmkPK.exe
  C:\Windows\System\wkjmkPK.exe
  2⤵
  PID:6676
- C:\Windows\System\EzFGAlP.exe
  C:\Windows\System\EzFGAlP.exe
  2⤵
  PID:6692
- C:\Windows\System\udmpJmL.exe
  C:\Windows\System\udmpJmL.exe
  2⤵
  PID:6708
- C:\Windows\System\tyOIgHD.exe
  C:\Windows\System\tyOIgHD.exe
  2⤵
  PID:6724
- C:\Windows\System\HzeXupI.exe
  C:\Windows\System\HzeXupI.exe
  2⤵
  PID:6740
- C:\Windows\System\PvuXFmL.exe
  C:\Windows\System\PvuXFmL.exe
  2⤵
  PID:6756
- C:\Windows\System\GAFfHkP.exe
  C:\Windows\System\GAFfHkP.exe
  2⤵
  PID:6772
- C:\Windows\System\WmUZGJZ.exe
  C:\Windows\System\WmUZGJZ.exe
  2⤵
  PID:6788
- C:\Windows\System\NyHgrfH.exe
  C:\Windows\System\NyHgrfH.exe
  2⤵
  PID:6804
- C:\Windows\System\jWlVfAl.exe
  C:\Windows\System\jWlVfAl.exe
  2⤵
  PID:6820
- C:\Windows\System\kUDMmmJ.exe
  C:\Windows\System\kUDMmmJ.exe
  2⤵
  PID:6836
- C:\Windows\System\icfvgrl.exe
  C:\Windows\System\icfvgrl.exe
  2⤵
  PID:6856
- C:\Windows\System\fBVgkBk.exe
  C:\Windows\System\fBVgkBk.exe
  2⤵
  PID:6872
- C:\Windows\System\JXcSXGk.exe
  C:\Windows\System\JXcSXGk.exe
  2⤵
  PID:6888
- C:\Windows\System\STSabIz.exe
  C:\Windows\System\STSabIz.exe
  2⤵
  PID:6904
- C:\Windows\System\sHVPDzn.exe
  C:\Windows\System\sHVPDzn.exe
  2⤵
  PID:6920
- C:\Windows\System\QBdmRry.exe
  C:\Windows\System\QBdmRry.exe
  2⤵
  PID:6936
- C:\Windows\System\TREvtzy.exe
  C:\Windows\System\TREvtzy.exe
  2⤵
  PID:6952
- C:\Windows\System\senbYfS.exe
  C:\Windows\System\senbYfS.exe
  2⤵
  PID:6968
- C:\Windows\System\jgTjWyC.exe
  C:\Windows\System\jgTjWyC.exe
  2⤵
  PID:6984
- C:\Windows\System\oJxFaMA.exe
  C:\Windows\System\oJxFaMA.exe
  2⤵
  PID:7000
- C:\Windows\System\pwsMUxw.exe
  C:\Windows\System\pwsMUxw.exe
  2⤵
  PID:7016
- C:\Windows\System\fGfgTcF.exe
  C:\Windows\System\fGfgTcF.exe
  2⤵
  PID:7032
- C:\Windows\System\XLCnrOt.exe
  C:\Windows\System\XLCnrOt.exe
  2⤵
  PID:7048
- C:\Windows\System\ohrXrDi.exe
  C:\Windows\System\ohrXrDi.exe
  2⤵
  PID:7068
- C:\Windows\System\sySxuwx.exe
  C:\Windows\System\sySxuwx.exe
  2⤵
  PID:7084
- C:\Windows\System\LIykKYm.exe
  C:\Windows\System\LIykKYm.exe
  2⤵
  PID:7100
- C:\Windows\System\CsRdyIy.exe
  C:\Windows\System\CsRdyIy.exe
  2⤵
  PID:7116
- C:\Windows\System\RMhQJuW.exe
  C:\Windows\System\RMhQJuW.exe
  2⤵
  PID:7132
- C:\Windows\System\xUAsMdg.exe
  C:\Windows\System\xUAsMdg.exe
  2⤵
  PID:7148
- C:\Windows\System\aokhVRF.exe
  C:\Windows\System\aokhVRF.exe
  2⤵
  PID:7164
- C:\Windows\System\jRgxTnh.exe
  C:\Windows\System\jRgxTnh.exe
  2⤵
  PID:5988
- C:\Windows\System\piSXqEY.exe
  C:\Windows\System\piSXqEY.exe
  2⤵
  PID:6060
- C:\Windows\System\MvkqeJb.exe
  C:\Windows\System\MvkqeJb.exe
  2⤵
  PID:3608
- C:\Windows\System\MnuAdmk.exe
  C:\Windows\System\MnuAdmk.exe
  2⤵
  PID:6184
- C:\Windows\System\cGMyEXz.exe
  C:\Windows\System\cGMyEXz.exe
  2⤵
  PID:6212
- C:\Windows\System\vAujVLu.exe
  C:\Windows\System\vAujVLu.exe
  2⤵
  PID:6344
- C:\Windows\System\kcTcHCh.exe
  C:\Windows\System\kcTcHCh.exe
  2⤵
  PID:6452
- C:\Windows\System\HsziCUn.exe
  C:\Windows\System\HsziCUn.exe
  2⤵
  PID:6456
- C:\Windows\System\DwJBPar.exe
  C:\Windows\System\DwJBPar.exe
  2⤵
  PID:6536
- C:\Windows\System\kCZcsMz.exe
  C:\Windows\System\kCZcsMz.exe
  2⤵
  PID:6604
- C:\Windows\System\aCnUHGn.exe
  C:\Windows\System\aCnUHGn.exe
  2⤵
  PID:6476
- C:\Windows\System\RsnqBiu.exe
  C:\Windows\System\RsnqBiu.exe
  2⤵
  PID:6616
- C:\Windows\System\mQylJRl.exe
  C:\Windows\System\mQylJRl.exe
  2⤵
  PID:6636
- C:\Windows\System\nesOFeY.exe
  C:\Windows\System\nesOFeY.exe
  2⤵
  PID:6672
- C:\Windows\System\Rkacpwx.exe
  C:\Windows\System\Rkacpwx.exe
  2⤵
  PID:6580
- C:\Windows\System\LtEeueg.exe
  C:\Windows\System\LtEeueg.exe
  2⤵
  PID:6656
- C:\Windows\System\cvnVRyY.exe
  C:\Windows\System\cvnVRyY.exe
  2⤵
  PID:6828
- C:\Windows\System\bAjboDb.exe
  C:\Windows\System\bAjboDb.exe
  2⤵
  PID:6748
- C:\Windows\System\zCVzdZE.exe
  C:\Windows\System\zCVzdZE.exe
  2⤵
  PID:6780
- C:\Windows\System\AXdbnzh.exe
  C:\Windows\System\AXdbnzh.exe
  2⤵
  PID:6852
- C:\Windows\System\rXiEmyH.exe
  C:\Windows\System\rXiEmyH.exe
  2⤵
  PID:6896
- C:\Windows\System\fnQvyZM.exe
  C:\Windows\System\fnQvyZM.exe
  2⤵
  PID:6884
- C:\Windows\System\gQZyrCK.exe
  C:\Windows\System\gQZyrCK.exe
  2⤵
  PID:6944
- C:\Windows\System\AhcVQkB.exe
  C:\Windows\System\AhcVQkB.exe
  2⤵
  PID:6976
- C:\Windows\System\dCCWlVP.exe
  C:\Windows\System\dCCWlVP.exe
  2⤵
  PID:7008
- C:\Windows\System\kljZAxE.exe
  C:\Windows\System\kljZAxE.exe
  2⤵
  PID:7056
- C:\Windows\System\qcWGfeJ.exe
  C:\Windows\System\qcWGfeJ.exe
  2⤵
  PID:7060
- C:\Windows\System\rQqgXNR.exe
  C:\Windows\System\rQqgXNR.exe
  2⤵
  PID:7160
- C:\Windows\System\rSeuJxK.exe
  C:\Windows\System\rSeuJxK.exe
  2⤵
  PID:7080
- C:\Windows\System\ZfkzGCm.exe
  C:\Windows\System\ZfkzGCm.exe
  2⤵
  PID:7144
- C:\Windows\System\CwrzOWP.exe
  C:\Windows\System\CwrzOWP.exe
  2⤵
  PID:6148
- C:\Windows\System\cMSnLBy.exe
  C:\Windows\System\cMSnLBy.exe
  2⤵
  PID:6196
- C:\Windows\System\WDVbeeG.exe
  C:\Windows\System\WDVbeeG.exe
  2⤵
  PID:6260
- C:\Windows\System\tlhfgTU.exe
  C:\Windows\System\tlhfgTU.exe
  2⤵
  PID:6280
- C:\Windows\System\MHSWfnW.exe
  C:\Windows\System\MHSWfnW.exe
  2⤵
  PID:6324
- C:\Windows\System\DsQmJlu.exe
  C:\Windows\System\DsQmJlu.exe
  2⤵
  PID:6372
- C:\Windows\System\HdsuxHW.exe
  C:\Windows\System\HdsuxHW.exe
  2⤵
  PID:6404
- C:\Windows\System\QkWyRio.exe
  C:\Windows\System\QkWyRio.exe
  2⤵
  PID:6440
- C:\Windows\System\lpaiHVm.exe
  C:\Windows\System\lpaiHVm.exe
  2⤵
  PID:6504
- C:\Windows\System\NjAHEKX.exe
  C:\Windows\System\NjAHEKX.exe
  2⤵
  PID:6488
- C:\Windows\System\JRUgPnw.exe
  C:\Windows\System\JRUgPnw.exe
  2⤵
  PID:6472
- C:\Windows\System\VciiIpT.exe
  C:\Windows\System\VciiIpT.exe
  2⤵
  PID:6768
- C:\Windows\System\fCbTFnJ.exe
  C:\Windows\System\fCbTFnJ.exe
  2⤵
  PID:6704
- C:\Windows\System\DRMgwdT.exe
  C:\Windows\System\DRMgwdT.exe
  2⤵
  PID:6880
- C:\Windows\System\gurSgAV.exe
  C:\Windows\System\gurSgAV.exe
  2⤵
  PID:7012
- C:\Windows\System\LVZlLYi.exe
  C:\Windows\System\LVZlLYi.exe
  2⤵
  PID:7112
- C:\Windows\System\CtNeRsY.exe
  C:\Windows\System\CtNeRsY.exe
  2⤵
  PID:6932
- C:\Windows\System\crXuYyW.exe
  C:\Windows\System\crXuYyW.exe
  2⤵
  PID:7096
- C:\Windows\System\zBYRaGO.exe
  C:\Windows\System\zBYRaGO.exe
  2⤵
  PID:6180
- C:\Windows\System\YoPhQfU.exe
  C:\Windows\System\YoPhQfU.exe
  2⤵
  PID:7044
- C:\Windows\System\sYYSaDU.exe
  C:\Windows\System\sYYSaDU.exe
  2⤵
  PID:5940
- C:\Windows\System\rFbwhog.exe
  C:\Windows\System\rFbwhog.exe
  2⤵
  PID:6340
- C:\Windows\System\uHNJldU.exe
  C:\Windows\System\uHNJldU.exe
  2⤵
  PID:6520
- C:\Windows\System\yTcSSSJ.exe
  C:\Windows\System\yTcSSSJ.exe
  2⤵
  PID:6668
- C:\Windows\System\jGiGWzd.exe
  C:\Windows\System\jGiGWzd.exe
  2⤵
  PID:6568
- C:\Windows\System\thuMTFh.exe
  C:\Windows\System\thuMTFh.exe
  2⤵
  PID:6248
- C:\Windows\System\JlHtPdy.exe
  C:\Windows\System\JlHtPdy.exe
  2⤵
  PID:6620
- C:\Windows\System\IEFGSxA.exe
  C:\Windows\System\IEFGSxA.exe
  2⤵
  PID:6652
- C:\Windows\System\RjaBtYz.exe
  C:\Windows\System\RjaBtYz.exe
  2⤵
  PID:7124
- C:\Windows\System\nfrmLng.exe
  C:\Windows\System\nfrmLng.exe
  2⤵
  PID:7064
- C:\Windows\System\TCJJNyH.exe
  C:\Windows\System\TCJJNyH.exe
  2⤵
  PID:6816
- C:\Windows\System\kCuaFwm.exe
  C:\Windows\System\kCuaFwm.exe
  2⤵
  PID:6588
- C:\Windows\System\lxGPuYZ.exe
  C:\Windows\System\lxGPuYZ.exe
  2⤵
  PID:6868
- C:\Windows\System\vdmPiZi.exe
  C:\Windows\System\vdmPiZi.exe
  2⤵
  PID:1660
- C:\Windows\System\SKoynLy.exe
  C:\Windows\System\SKoynLy.exe
  2⤵
  PID:6624
- C:\Windows\System\IAZFhOY.exe
  C:\Windows\System\IAZFhOY.exe
  2⤵
  PID:6964
- C:\Windows\System\aTBKgUy.exe
  C:\Windows\System\aTBKgUy.exe
  2⤵
  PID:6292
- C:\Windows\System\PRIUVBe.exe
  C:\Windows\System\PRIUVBe.exe
  2⤵
  PID:5364
- C:\Windows\System\WuLpLxz.exe
  C:\Windows\System\WuLpLxz.exe
  2⤵
  PID:6420
- C:\Windows\System\DfhYTXY.exe
  C:\Windows\System\DfhYTXY.exe
  2⤵
  PID:6812
- C:\Windows\System\AzkkAMC.exe
  C:\Windows\System\AzkkAMC.exe
  2⤵
  PID:6232
- C:\Windows\System\ltMlfpO.exe
  C:\Windows\System\ltMlfpO.exe
  2⤵
  PID:7176
- C:\Windows\System\ueEMZIm.exe
  C:\Windows\System\ueEMZIm.exe
  2⤵
  PID:7192
- C:\Windows\System\QcbNmXm.exe
  C:\Windows\System\QcbNmXm.exe
  2⤵
  PID:7208
- C:\Windows\System\FMLYVBC.exe
  C:\Windows\System\FMLYVBC.exe
  2⤵
  PID:7228
- C:\Windows\System\tzRwCXm.exe
  C:\Windows\System\tzRwCXm.exe
  2⤵
  PID:7244
- C:\Windows\System\bzMzxsZ.exe
  C:\Windows\System\bzMzxsZ.exe
  2⤵
  PID:7260
- C:\Windows\System\MrEryCf.exe
  C:\Windows\System\MrEryCf.exe
  2⤵
  PID:7276
- C:\Windows\System\iKujJWV.exe
  C:\Windows\System\iKujJWV.exe
  2⤵
  PID:7292
- C:\Windows\System\CuSXFIs.exe
  C:\Windows\System\CuSXFIs.exe
  2⤵
  PID:7308
- C:\Windows\System\NqnwDSR.exe
  C:\Windows\System\NqnwDSR.exe
  2⤵
  PID:7324
- C:\Windows\System\FMJrutr.exe
  C:\Windows\System\FMJrutr.exe
  2⤵
  PID:7340
- C:\Windows\System\OBxKVKj.exe
  C:\Windows\System\OBxKVKj.exe
  2⤵
  PID:7356
- C:\Windows\System\QZRsGha.exe
  C:\Windows\System\QZRsGha.exe
  2⤵
  PID:7372
- C:\Windows\System\ciHenSu.exe
  C:\Windows\System\ciHenSu.exe
  2⤵
  PID:7388
- C:\Windows\System\YcdKuGY.exe
  C:\Windows\System\YcdKuGY.exe
  2⤵
  PID:7404
- C:\Windows\System\sWjigJJ.exe
  C:\Windows\System\sWjigJJ.exe
  2⤵
  PID:7420
- C:\Windows\System\RyAlxMQ.exe
  C:\Windows\System\RyAlxMQ.exe
  2⤵
  PID:7436
- C:\Windows\System\ELxAigv.exe
  C:\Windows\System\ELxAigv.exe
  2⤵
  PID:7456
- C:\Windows\System\lfoXEHm.exe
  C:\Windows\System\lfoXEHm.exe
  2⤵
  PID:7472
- C:\Windows\System\CQThqBi.exe
  C:\Windows\System\CQThqBi.exe
  2⤵
  PID:7488
- C:\Windows\System\WoMTyCU.exe
  C:\Windows\System\WoMTyCU.exe
  2⤵
  PID:7504
- C:\Windows\System\ryEEgLq.exe
  C:\Windows\System\ryEEgLq.exe
  2⤵
  PID:7524
- C:\Windows\System\itkKLJq.exe
  C:\Windows\System\itkKLJq.exe
  2⤵
  PID:7540
- C:\Windows\System\RwgdRNr.exe
  C:\Windows\System\RwgdRNr.exe
  2⤵
  PID:7560
- C:\Windows\System\PZUtTqn.exe
  C:\Windows\System\PZUtTqn.exe
  2⤵
  PID:7640
- C:\Windows\System\biuXlgh.exe
  C:\Windows\System\biuXlgh.exe
  2⤵
  PID:7656
- C:\Windows\System\LVpzrvV.exe
  C:\Windows\System\LVpzrvV.exe
  2⤵
  PID:7672
- C:\Windows\System\WzXurPD.exe
  C:\Windows\System\WzXurPD.exe
  2⤵
  PID:7688
- C:\Windows\System\eloqTvs.exe
  C:\Windows\System\eloqTvs.exe
  2⤵
  PID:7708
- C:\Windows\System\vBPGbiy.exe
  C:\Windows\System\vBPGbiy.exe
  2⤵
  PID:7724
- C:\Windows\System\kpaGoRo.exe
  C:\Windows\System\kpaGoRo.exe
  2⤵
  PID:7740
- C:\Windows\System\EJcEPZR.exe
  C:\Windows\System\EJcEPZR.exe
  2⤵
  PID:7756
- C:\Windows\System\TpqdVqJ.exe
  C:\Windows\System\TpqdVqJ.exe
  2⤵
  PID:7772
- C:\Windows\System\FWWuuFL.exe
  C:\Windows\System\FWWuuFL.exe
  2⤵
  PID:7788
- C:\Windows\System\VpsrnIZ.exe
  C:\Windows\System\VpsrnIZ.exe
  2⤵
  PID:7804
- C:\Windows\System\ZyhhDsu.exe
  C:\Windows\System\ZyhhDsu.exe
  2⤵
  PID:7824
- C:\Windows\System\xdkcZAQ.exe
  C:\Windows\System\xdkcZAQ.exe
  2⤵
  PID:7840
- C:\Windows\System\xMffoWg.exe
  C:\Windows\System\xMffoWg.exe
  2⤵
  PID:7856
- C:\Windows\System\GqUoLEP.exe
  C:\Windows\System\GqUoLEP.exe
  2⤵
  PID:7872
- C:\Windows\System\yGsJZqs.exe
  C:\Windows\System\yGsJZqs.exe
  2⤵
  PID:7892
- C:\Windows\System\sAwwWRS.exe
  C:\Windows\System\sAwwWRS.exe
  2⤵
  PID:7908
- C:\Windows\System\zWlmwQc.exe
  C:\Windows\System\zWlmwQc.exe
  2⤵
  PID:7924
- C:\Windows\System\nZKPBvt.exe
  C:\Windows\System\nZKPBvt.exe
  2⤵
  PID:7940
- C:\Windows\System\EIMNYhQ.exe
  C:\Windows\System\EIMNYhQ.exe
  2⤵
  PID:7956
- C:\Windows\System\vGylNSN.exe
  C:\Windows\System\vGylNSN.exe
  2⤵
  PID:7980
- C:\Windows\System\ABmMNhA.exe
  C:\Windows\System\ABmMNhA.exe
  2⤵
  PID:8004
- C:\Windows\System\yqiMyOg.exe
  C:\Windows\System\yqiMyOg.exe
  2⤵
  PID:8024
- C:\Windows\System\NNZMflF.exe
  C:\Windows\System\NNZMflF.exe
  2⤵
  PID:8040
- C:\Windows\System\xEkybLb.exe
  C:\Windows\System\xEkybLb.exe
  2⤵
  PID:8056
- C:\Windows\System\roNqCRi.exe
  C:\Windows\System\roNqCRi.exe
  2⤵
  PID:8072
- C:\Windows\System\RVQUHeS.exe
  C:\Windows\System\RVQUHeS.exe
  2⤵
  PID:8088
- C:\Windows\System\gRqqwuf.exe
  C:\Windows\System\gRqqwuf.exe
  2⤵
  PID:8104
- C:\Windows\System\AAtLqqp.exe
  C:\Windows\System\AAtLqqp.exe
  2⤵
  PID:8120
- C:\Windows\System\mcIFozK.exe
  C:\Windows\System\mcIFozK.exe
  2⤵
  PID:8136
- C:\Windows\System\PAnGltz.exe
  C:\Windows\System\PAnGltz.exe
  2⤵
  PID:8152
- C:\Windows\System\hNhVKnC.exe
  C:\Windows\System\hNhVKnC.exe
  2⤵
  PID:8168
- C:\Windows\System\THoGkgX.exe
  C:\Windows\System\THoGkgX.exe
  2⤵
  PID:8184
- C:\Windows\System\WaGspgK.exe
  C:\Windows\System\WaGspgK.exe
  2⤵
  PID:6228
- C:\Windows\System\MguXrNf.exe
  C:\Windows\System\MguXrNf.exe
  2⤵
  PID:7204
- C:\Windows\System\VXyPuNj.exe
  C:\Windows\System\VXyPuNj.exe
  2⤵
  PID:6480
- C:\Windows\System\GIOoYEw.exe
  C:\Windows\System\GIOoYEw.exe
  2⤵
  PID:7252
- C:\Windows\System\QmxWfJE.exe
  C:\Windows\System\QmxWfJE.exe
  2⤵
  PID:7288
- C:\Windows\System\CKPOPZo.exe
  C:\Windows\System\CKPOPZo.exe
  2⤵
  PID:7304
- C:\Windows\System\FICcjxO.exe
  C:\Windows\System\FICcjxO.exe
  2⤵
  PID:7352
- C:\Windows\System\jBcFFRX.exe
  C:\Windows\System\jBcFFRX.exe
  2⤵
  PID:7400
- C:\Windows\System\yfUhlCl.exe
  C:\Windows\System\yfUhlCl.exe
  2⤵
  PID:7412
- C:\Windows\System\UfDSnJR.exe
  C:\Windows\System\UfDSnJR.exe
  2⤵
  PID:7468
- C:\Windows\System\HSSxbZq.exe
  C:\Windows\System\HSSxbZq.exe
  2⤵
  PID:7480
- C:\Windows\System\jsJRKYV.exe
  C:\Windows\System\jsJRKYV.exe
  2⤵
  PID:7532
- C:\Windows\System\DHlmRxS.exe
  C:\Windows\System\DHlmRxS.exe
  2⤵
  PID:7520
- C:\Windows\System\oArCZss.exe
  C:\Windows\System\oArCZss.exe
  2⤵
  PID:7568
- C:\Windows\System\vOHyaQU.exe
  C:\Windows\System\vOHyaQU.exe
  2⤵
  PID:7584
- C:\Windows\System\HmyBJQh.exe
  C:\Windows\System\HmyBJQh.exe
  2⤵
  PID:7600
- C:\Windows\System\XYITMfd.exe
  C:\Windows\System\XYITMfd.exe
  2⤵
  PID:7616
- C:\Windows\System\vOenSAC.exe
  C:\Windows\System\vOenSAC.exe
  2⤵
  PID:7632
- C:\Windows\System\HYtLpZn.exe
  C:\Windows\System\HYtLpZn.exe
  2⤵
  PID:7636
- C:\Windows\System\URutafn.exe
  C:\Windows\System\URutafn.exe
  2⤵
  PID:7700
- C:\Windows\System\XJxKhHj.exe
  C:\Windows\System\XJxKhHj.exe
  2⤵
  PID:7716
- C:\Windows\System\oxwbOBa.exe
  C:\Windows\System\oxwbOBa.exe
  2⤵
  PID:7764
- C:\Windows\System\BnXlYhP.exe
  C:\Windows\System\BnXlYhP.exe
  2⤵
  PID:7832
- C:\Windows\System\pTcNSuM.exe
  C:\Windows\System\pTcNSuM.exe
  2⤵
  PID:7904
- C:\Windows\System\rGSUavL.exe
  C:\Windows\System\rGSUavL.exe
  2⤵
  PID:7972
- C:\Windows\System\CHuEisT.exe
  C:\Windows\System\CHuEisT.exe
  2⤵
  PID:7848
- C:\Windows\System\VslEmmp.exe
  C:\Windows\System\VslEmmp.exe
  2⤵
  PID:7916
- C:\Windows\System\BnPeZvr.exe
  C:\Windows\System\BnPeZvr.exe
  2⤵
  PID:8020
- C:\Windows\System\dGincPo.exe
  C:\Windows\System\dGincPo.exe
  2⤵
  PID:7992
- C:\Windows\System\aPZqyXt.exe
  C:\Windows\System\aPZqyXt.exe
  2⤵
  PID:8000
- C:\Windows\System\ijCCWQg.exe
  C:\Windows\System\ijCCWQg.exe
  2⤵
  PID:8068
- C:\Windows\System\ATatfSa.exe
  C:\Windows\System\ATatfSa.exe
  2⤵
  PID:8148
- C:\Windows\System\KfRlXez.exe
  C:\Windows\System\KfRlXez.exe
  2⤵
  PID:8164
- C:\Windows\System\hqbKEYq.exe
  C:\Windows\System\hqbKEYq.exe
  2⤵
  PID:8116
- C:\Windows\System\zHQwLyp.exe
  C:\Windows\System\zHQwLyp.exe
  2⤵
  PID:8180
- C:\Windows\System\JIWereW.exe
  C:\Windows\System\JIWereW.exe
  2⤵
  PID:7240
- C:\Windows\System\BhlEZjl.exe
  C:\Windows\System\BhlEZjl.exe
  2⤵
  PID:7272
- C:\Windows\System\vOWvIHH.exe
  C:\Windows\System\vOWvIHH.exe
  2⤵
  PID:7284
- C:\Windows\System\XjbBlpv.exe
  C:\Windows\System\XjbBlpv.exe
  2⤵
  PID:7396
- C:\Windows\System\YAQUXZY.exe
  C:\Windows\System\YAQUXZY.exe
  2⤵
  PID:7512
- C:\Windows\System\NxufoLG.exe
  C:\Windows\System\NxufoLG.exe
  2⤵
  PID:7576
- C:\Windows\System\VnyXhLM.exe
  C:\Windows\System\VnyXhLM.exe
  2⤵
  PID:7624
- C:\Windows\System\OiqZZcZ.exe
  C:\Windows\System\OiqZZcZ.exe
  2⤵
  PID:7696
- C:\Windows\System\JzsaArl.exe
  C:\Windows\System\JzsaArl.exe
  2⤵
  PID:7748
- C:\Windows\System\oqKMhPs.exe
  C:\Windows\System\oqKMhPs.exe
  2⤵
  PID:7796
- C:\Windows\System\PMHXXPo.exe
  C:\Windows\System\PMHXXPo.exe
  2⤵
  PID:7780
- C:\Windows\System\kRMbcQr.exe
  C:\Windows\System\kRMbcQr.exe
  2⤵
  PID:7888
- C:\Windows\System\aNpKUms.exe
  C:\Windows\System\aNpKUms.exe
  2⤵
  PID:7820
- C:\Windows\System\XQbnQDC.exe
  C:\Windows\System\XQbnQDC.exe
  2⤵
  PID:7812
- C:\Windows\System\sIAItwG.exe
  C:\Windows\System\sIAItwG.exe
  2⤵
  PID:7952
- C:\Windows\System\nvYOvNJ.exe
  C:\Windows\System\nvYOvNJ.exe
  2⤵
  PID:8048
- C:\Windows\System\LiSezEi.exe
  C:\Windows\System\LiSezEi.exe
  2⤵
  PID:7368
- C:\Windows\System\oEnYZMa.exe
  C:\Windows\System\oEnYZMa.exe
  2⤵
  PID:6356
- C:\Windows\System\RpMDPsF.exe
  C:\Windows\System\RpMDPsF.exe
  2⤵
  PID:7432
- C:\Windows\System\RfqRWqh.exe
  C:\Windows\System\RfqRWqh.exe
  2⤵
  PID:7988
- C:\Windows\System\xTaNMkH.exe
  C:\Windows\System\xTaNMkH.exe
  2⤵
  PID:7596
- C:\Windows\System\CKBizYS.exe
  C:\Windows\System\CKBizYS.exe
  2⤵
  PID:7884
- C:\Windows\System\TQtZCUD.exe
  C:\Windows\System\TQtZCUD.exe
  2⤵
  PID:8176
- C:\Windows\System\yfpEIac.exe
  C:\Windows\System\yfpEIac.exe
  2⤵
  PID:8196
- C:\Windows\System\KUFggCC.exe
  C:\Windows\System\KUFggCC.exe
  2⤵
  PID:8212
- C:\Windows\System\ASIbAae.exe
  C:\Windows\System\ASIbAae.exe
  2⤵
  PID:8228
- C:\Windows\System\LCDryXz.exe
  C:\Windows\System\LCDryXz.exe
  2⤵
  PID:8244
- C:\Windows\System\tiWRpme.exe
  C:\Windows\System\tiWRpme.exe
  2⤵
  PID:8260
- C:\Windows\System\dtBCbJv.exe
  C:\Windows\System\dtBCbJv.exe
  2⤵
  PID:8276
- C:\Windows\System\KcKkSEW.exe
  C:\Windows\System\KcKkSEW.exe
  2⤵
  PID:8292
- C:\Windows\System\RrNbsbG.exe
  C:\Windows\System\RrNbsbG.exe
  2⤵
  PID:8308
- C:\Windows\System\ozidUdm.exe
  C:\Windows\System\ozidUdm.exe
  2⤵
  PID:8324
- C:\Windows\System\JaTHGPu.exe
  C:\Windows\System\JaTHGPu.exe
  2⤵
  PID:8340
- C:\Windows\System\TyLYcDg.exe
  C:\Windows\System\TyLYcDg.exe
  2⤵
  PID:8356
- C:\Windows\System\wRxOXap.exe
  C:\Windows\System\wRxOXap.exe
  2⤵
  PID:8372
- C:\Windows\System\qrXutza.exe
  C:\Windows\System\qrXutza.exe
  2⤵
  PID:8388
- C:\Windows\System\mGPKHOF.exe
  C:\Windows\System\mGPKHOF.exe
  2⤵
  PID:8404
- C:\Windows\System\SBmuwVQ.exe
  C:\Windows\System\SBmuwVQ.exe
  2⤵
  PID:8420
- C:\Windows\System\NhFaqEn.exe
  C:\Windows\System\NhFaqEn.exe
  2⤵
  PID:8436
- C:\Windows\System\TIdUSIM.exe
  C:\Windows\System\TIdUSIM.exe
  2⤵
  PID:8452
- C:\Windows\System\wDCxgVA.exe
  C:\Windows\System\wDCxgVA.exe
  2⤵
  PID:8468
- C:\Windows\System\OYCerRZ.exe
  C:\Windows\System\OYCerRZ.exe
  2⤵
  PID:8484
- C:\Windows\System\mFSizAP.exe
  C:\Windows\System\mFSizAP.exe
  2⤵
  PID:8500
- C:\Windows\System\hQngDWM.exe
  C:\Windows\System\hQngDWM.exe
  2⤵
  PID:8516
- C:\Windows\System\LbTAurM.exe
  C:\Windows\System\LbTAurM.exe
  2⤵
  PID:8532
- C:\Windows\System\avjVQXJ.exe
  C:\Windows\System\avjVQXJ.exe
  2⤵
  PID:8548
- C:\Windows\System\iDIleCl.exe
  C:\Windows\System\iDIleCl.exe
  2⤵
  PID:8564
- C:\Windows\System\nYMsGKm.exe
  C:\Windows\System\nYMsGKm.exe
  2⤵
  PID:8580
- C:\Windows\System\EoxceZc.exe
  C:\Windows\System\EoxceZc.exe
  2⤵
  PID:8596
- C:\Windows\System\QgRXYjO.exe
  C:\Windows\System\QgRXYjO.exe
  2⤵
  PID:8612
- C:\Windows\System\TCMBPmS.exe
  C:\Windows\System\TCMBPmS.exe
  2⤵
  PID:8628
- C:\Windows\System\rRlPPBl.exe
  C:\Windows\System\rRlPPBl.exe
  2⤵
  PID:8648
- C:\Windows\System\Mscbnyv.exe
  C:\Windows\System\Mscbnyv.exe
  2⤵
  PID:8664
- C:\Windows\System\OrpUdOS.exe
  C:\Windows\System\OrpUdOS.exe
  2⤵
  PID:8680
- C:\Windows\System\gJCRruA.exe
  C:\Windows\System\gJCRruA.exe
  2⤵
  PID:8696
- C:\Windows\System\iYWcWNB.exe
  C:\Windows\System\iYWcWNB.exe
  2⤵
  PID:8712
- C:\Windows\System\pLAoepG.exe
  C:\Windows\System\pLAoepG.exe
  2⤵
  PID:8728
- C:\Windows\System\qePoFZH.exe
  C:\Windows\System\qePoFZH.exe
  2⤵
  PID:8744
- C:\Windows\System\MyEDNuJ.exe
  C:\Windows\System\MyEDNuJ.exe
  2⤵
  PID:8760
- C:\Windows\System\jQKDSfU.exe
  C:\Windows\System\jQKDSfU.exe
  2⤵
  PID:8776
- C:\Windows\System\jonVkwa.exe
  C:\Windows\System\jonVkwa.exe
  2⤵
  PID:8792
- C:\Windows\System\oGWrfFg.exe
  C:\Windows\System\oGWrfFg.exe
  2⤵
  PID:8812
- C:\Windows\System\sCrMQkv.exe
  C:\Windows\System\sCrMQkv.exe
  2⤵
  PID:8828
- C:\Windows\System\zjMLAro.exe
  C:\Windows\System\zjMLAro.exe
  2⤵
  PID:8844
- C:\Windows\System\lJdwmpo.exe
  C:\Windows\System\lJdwmpo.exe
  2⤵
  PID:8860
- C:\Windows\System\ydHefXp.exe
  C:\Windows\System\ydHefXp.exe
  2⤵
  PID:8876
- C:\Windows\System\IHqRcen.exe
  C:\Windows\System\IHqRcen.exe
  2⤵
  PID:8892
- C:\Windows\System\fDgRrtI.exe
  C:\Windows\System\fDgRrtI.exe
  2⤵
  PID:8908
- C:\Windows\System\jTSYGlB.exe
  C:\Windows\System\jTSYGlB.exe
  2⤵
  PID:8924
- C:\Windows\System\lznvwqZ.exe
  C:\Windows\System\lznvwqZ.exe
  2⤵
  PID:8940
- C:\Windows\System\nAneqSa.exe
  C:\Windows\System\nAneqSa.exe
  2⤵
  PID:8956
- C:\Windows\System\iabWxpi.exe
  C:\Windows\System\iabWxpi.exe
  2⤵
  PID:8972
- C:\Windows\System\NnaMCaK.exe
  C:\Windows\System\NnaMCaK.exe
  2⤵
  PID:8988
- C:\Windows\System\REVnLVJ.exe
  C:\Windows\System\REVnLVJ.exe
  2⤵
  PID:9004
- C:\Windows\System\rtuLhIw.exe
  C:\Windows\System\rtuLhIw.exe
  2⤵
  PID:9020
- C:\Windows\System\eiqQaCu.exe
  C:\Windows\System\eiqQaCu.exe
  2⤵
  PID:9036
- C:\Windows\System\blpajGE.exe
  C:\Windows\System\blpajGE.exe
  2⤵
  PID:9052
- C:\Windows\System\sITqXdk.exe
  C:\Windows\System\sITqXdk.exe
  2⤵
  PID:9068
- C:\Windows\System\RNWgwwv.exe
  C:\Windows\System\RNWgwwv.exe
  2⤵
  PID:9084
- C:\Windows\System\oSndWnI.exe
  C:\Windows\System\oSndWnI.exe
  2⤵
  PID:9100
- C:\Windows\System\IbIpwey.exe
  C:\Windows\System\IbIpwey.exe
  2⤵
  PID:9116
- C:\Windows\System\LfcaOca.exe
  C:\Windows\System\LfcaOca.exe
  2⤵
  PID:9132
- C:\Windows\System\DsZnAAb.exe
  C:\Windows\System\DsZnAAb.exe
  2⤵
  PID:9148
- C:\Windows\System\JSUVskd.exe
  C:\Windows\System\JSUVskd.exe
  2⤵
  PID:9164
- C:\Windows\System\uqXGmbM.exe
  C:\Windows\System\uqXGmbM.exe
  2⤵
  PID:9180
- C:\Windows\System\yeKdLvx.exe
  C:\Windows\System\yeKdLvx.exe
  2⤵
  PID:9196
- C:\Windows\System\exIBUKg.exe
  C:\Windows\System\exIBUKg.exe
  2⤵
  PID:9212
- C:\Windows\System\SmknEcP.exe
  C:\Windows\System\SmknEcP.exe
  2⤵
  PID:7200
- C:\Windows\System\ElrHEFD.exe
  C:\Windows\System\ElrHEFD.exe
  2⤵
  PID:8256
- C:\Windows\System\MsPeRcA.exe
  C:\Windows\System\MsPeRcA.exe
  2⤵
  PID:7448
- C:\Windows\System\vFyEDMz.exe
  C:\Windows\System\vFyEDMz.exe
  2⤵
  PID:8352
- C:\Windows\System\GOwValK.exe
  C:\Windows\System\GOwValK.exe
  2⤵
  PID:8412
- C:\Windows\System\OKzTOwc.exe
  C:\Windows\System\OKzTOwc.exe
  2⤵
  PID:7452
- C:\Windows\System\YoHvWVO.exe
  C:\Windows\System\YoHvWVO.exe
  2⤵
  PID:7612
- C:\Windows\System\Cotbfyd.exe
  C:\Windows\System\Cotbfyd.exe
  2⤵
  PID:7864
- C:\Windows\System\ZoORMXL.exe
  C:\Windows\System\ZoORMXL.exe
  2⤵
  PID:8080
- C:\Windows\System\BrFVXmL.exe
  C:\Windows\System\BrFVXmL.exe
  2⤵
  PID:7256
- C:\Windows\System\qGVadPd.exe
  C:\Windows\System\qGVadPd.exe
  2⤵
  PID:8204
- C:\Windows\System\dAefXsE.exe
  C:\Windows\System\dAefXsE.exe
  2⤵
  PID:8476
- C:\Windows\System\MoRAqZS.exe
  C:\Windows\System\MoRAqZS.exe
  2⤵
  PID:8300
- C:\Windows\System\ZHPtqWQ.exe
  C:\Windows\System\ZHPtqWQ.exe
  2⤵
  PID:8508
- C:\Windows\System\jeaaSHa.exe
  C:\Windows\System\jeaaSHa.exe
  2⤵
  PID:8368
- C:\Windows\System\DRcYAvV.exe
  C:\Windows\System\DRcYAvV.exe
  2⤵
  PID:8428
- C:\Windows\System\HjwruUP.exe
  C:\Windows\System\HjwruUP.exe
  2⤵
  PID:8608
- C:\Windows\System\zolstjT.exe
  C:\Windows\System\zolstjT.exe
  2⤵
  PID:8492
- C:\Windows\System\TQbPNbt.exe
  C:\Windows\System\TQbPNbt.exe
  2⤵
  PID:8556
- C:\Windows\System\YvULjSz.exe
  C:\Windows\System\YvULjSz.exe
  2⤵
  PID:8624
- C:\Windows\System\DcHEWxa.exe
  C:\Windows\System\DcHEWxa.exe
  2⤵
  PID:8688
- C:\Windows\System\GwfwDcd.exe
  C:\Windows\System\GwfwDcd.exe
  2⤵
  PID:7224
- C:\Windows\System\FJUOeIY.exe
  C:\Windows\System\FJUOeIY.exe
  2⤵
  PID:8724
- C:\Windows\System\lNILgZr.exe
  C:\Windows\System\lNILgZr.exe
  2⤵
  PID:8788
- C:\Windows\System\urDTbZJ.exe
  C:\Windows\System\urDTbZJ.exe
  2⤵
  PID:8704
- C:\Windows\System\KtCTsvA.exe
  C:\Windows\System\KtCTsvA.exe
  2⤵
  PID:8804
- C:\Windows\System\UzCRbxG.exe
  C:\Windows\System\UzCRbxG.exe
  2⤵
  PID:8852
- C:\Windows\System\kHrvBtj.exe
  C:\Windows\System\kHrvBtj.exe
  2⤵
  PID:8888
- C:\Windows\System\BOEhAha.exe
  C:\Windows\System\BOEhAha.exe
  2⤵
  PID:8932
- C:\Windows\System\VlXSBkn.exe
  C:\Windows\System\VlXSBkn.exe
  2⤵
  PID:8948
- C:\Windows\System\mGJrSuO.exe
  C:\Windows\System\mGJrSuO.exe
  2⤵
  PID:8936
- C:\Windows\System\fJYpiId.exe
  C:\Windows\System\fJYpiId.exe
  2⤵
  PID:9012
- C:\Windows\System\OkiqvaT.exe
  C:\Windows\System\OkiqvaT.exe
  2⤵
  PID:9000
- C:\Windows\System\GKytyil.exe
  C:\Windows\System\GKytyil.exe
  2⤵
  PID:9032
- C:\Windows\System\iazduZH.exe
  C:\Windows\System\iazduZH.exe
  2⤵
  PID:9160
- C:\Windows\System\oIYCwQS.exe
  C:\Windows\System\oIYCwQS.exe
  2⤵
  PID:9192
- C:\Windows\System\gqfaBfT.exe
  C:\Windows\System\gqfaBfT.exe
  2⤵
  PID:9112
- C:\Windows\System\WuIvhFY.exe
  C:\Windows\System\WuIvhFY.exe
  2⤵
  PID:9176
- C:\Windows\System\cLowCge.exe
  C:\Windows\System\cLowCge.exe
  2⤵
  PID:8112
- C:\Windows\System\EogBzpU.exe
  C:\Windows\System\EogBzpU.exe
  2⤵
  PID:8284
- C:\Windows\System\hogzSRe.exe
  C:\Windows\System\hogzSRe.exe
  2⤵
  PID:7428
- C:\Windows\System\tQOyoox.exe
  C:\Windows\System\tQOyoox.exe
  2⤵
  PID:7868
- C:\Windows\System\WJUZnkL.exe
  C:\Windows\System\WJUZnkL.exe
  2⤵
  PID:7976
- C:\Windows\System\wYNAVoc.exe
  C:\Windows\System\wYNAVoc.exe
  2⤵
  PID:8016
- C:\Windows\System\vhfQapi.exe
  C:\Windows\System\vhfQapi.exe
  2⤵
  PID:8336
- C:\Windows\System\hSfRZkP.exe
  C:\Windows\System\hSfRZkP.exe
  2⤵
  PID:8268
- C:\Windows\System\zipLLYL.exe
  C:\Windows\System\zipLLYL.exe
  2⤵
  PID:8588
- C:\Windows\System\dThBdBj.exe
  C:\Windows\System\dThBdBj.exe
  2⤵
  PID:8272
- C:\Windows\System\ZaQbBlo.exe
  C:\Windows\System\ZaQbBlo.exe
  2⤵
  PID:8640
- C:\Windows\System\eROpySa.exe
  C:\Windows\System\eROpySa.exe
  2⤵
  PID:8824
- C:\Windows\System\iuUDVec.exe
  C:\Windows\System\iuUDVec.exe
  2⤵
  PID:8900
- C:\Windows\System\ViQNKzh.exe
  C:\Windows\System\ViQNKzh.exe
  2⤵
  PID:8996
- C:\Windows\System\NeWgmlp.exe
  C:\Windows\System\NeWgmlp.exe
  2⤵
  PID:8820
- C:\Windows\System\TqtHvwe.exe
  C:\Windows\System\TqtHvwe.exe
  2⤵
  PID:8868
- C:\Windows\System\aDhFJwR.exe
  C:\Windows\System\aDhFJwR.exe
  2⤵
  PID:9028
- C:\Windows\System\bVTvNln.exe
  C:\Windows\System\bVTvNln.exe
  2⤵
  PID:9044
- C:\Windows\System\omqkOLR.exe
  C:\Windows\System\omqkOLR.exe
  2⤵
  PID:9080
- C:\Windows\System\ZXXXjQq.exe
  C:\Windows\System\ZXXXjQq.exe
  2⤵
  PID:8320
- C:\Windows\System\MWsdEnX.exe
  C:\Windows\System\MWsdEnX.exe
  2⤵
  PID:9208
- C:\Windows\System\ELKdWSb.exe
  C:\Windows\System\ELKdWSb.exe
  2⤵
  PID:7608
- C:\Windows\System\hYJosuI.exe
  C:\Windows\System\hYJosuI.exe
  2⤵
  PID:8460
- C:\Windows\System\jBgjstr.exe
  C:\Windows\System\jBgjstr.exe
  2⤵
  PID:8332
- C:\Windows\System\LYNUSLc.exe
  C:\Windows\System\LYNUSLc.exe
  2⤵
  PID:7464
- C:\Windows\System\tpFsBIU.exe
  C:\Windows\System\tpFsBIU.exe
  2⤵
  PID:8768
- C:\Windows\System\ZUiXlIM.exe
  C:\Windows\System\ZUiXlIM.exe
  2⤵
  PID:8772
- C:\Windows\System\rlaxfUj.exe
  C:\Windows\System\rlaxfUj.exe
  2⤵
  PID:9172
- C:\Windows\System\ziNmmXw.exe
  C:\Windows\System\ziNmmXw.exe
  2⤵
  PID:8252
- C:\Windows\System\BHJLJma.exe
  C:\Windows\System\BHJLJma.exe
  2⤵
  PID:7300
- C:\Windows\System\QIFZmIF.exe
  C:\Windows\System\QIFZmIF.exe
  2⤵
  PID:8348
- C:\Windows\System\WsPdutb.exe
  C:\Windows\System\WsPdutb.exe
  2⤵
  PID:7648
- C:\Windows\System\ZWDNUKh.exe
  C:\Windows\System\ZWDNUKh.exe
  2⤵
  PID:8708
- C:\Windows\System\sbXWdRH.exe
  C:\Windows\System\sbXWdRH.exe
  2⤵
  PID:8884
- C:\Windows\System\EQuJYCF.exe
  C:\Windows\System\EQuJYCF.exe
  2⤵
  PID:8528
- C:\Windows\System\utheeJk.exe
  C:\Windows\System\utheeJk.exe
  2⤵
  PID:8656
- C:\Windows\System\jWOGiNn.exe
  C:\Windows\System\jWOGiNn.exe
  2⤵
  PID:9228
- C:\Windows\System\cTHIJRg.exe
  C:\Windows\System\cTHIJRg.exe
  2⤵
  PID:9244
- C:\Windows\System\HHQNFDB.exe
  C:\Windows\System\HHQNFDB.exe
  2⤵
  PID:9260
- C:\Windows\System\mdqgand.exe
  C:\Windows\System\mdqgand.exe
  2⤵
  PID:9276
- C:\Windows\System\twAdWGk.exe
  C:\Windows\System\twAdWGk.exe
  2⤵
  PID:9292
- C:\Windows\System\ZjdCNSG.exe
  C:\Windows\System\ZjdCNSG.exe
  2⤵
  PID:9308
- C:\Windows\System\wJWjurY.exe
  C:\Windows\System\wJWjurY.exe
  2⤵
  PID:9324
- C:\Windows\System\yfWqtYB.exe
  C:\Windows\System\yfWqtYB.exe
  2⤵
  PID:9340
- C:\Windows\System\PQPqDHr.exe
  C:\Windows\System\PQPqDHr.exe
  2⤵
  PID:9356
- C:\Windows\System\HsmFXyl.exe
  C:\Windows\System\HsmFXyl.exe
  2⤵
  PID:9372
- C:\Windows\System\KnGoEDB.exe
  C:\Windows\System\KnGoEDB.exe
  2⤵
  PID:9388
- C:\Windows\System\fVaKNCD.exe
  C:\Windows\System\fVaKNCD.exe
  2⤵
  PID:9404
- C:\Windows\System\RMHmLFz.exe
  C:\Windows\System\RMHmLFz.exe
  2⤵
  PID:9420
- C:\Windows\System\ZllvUMS.exe
  C:\Windows\System\ZllvUMS.exe
  2⤵
  PID:9436
- C:\Windows\System\nbKztCz.exe
  C:\Windows\System\nbKztCz.exe
  2⤵
  PID:9456
- C:\Windows\System\XvQBlRg.exe
  C:\Windows\System\XvQBlRg.exe
  2⤵
  PID:9472
- C:\Windows\System\rqCIfAU.exe
  C:\Windows\System\rqCIfAU.exe
  2⤵
  PID:9488
- C:\Windows\System\PwSfYeS.exe
  C:\Windows\System\PwSfYeS.exe
  2⤵
  PID:9504
- C:\Windows\System\MZxlIpf.exe
  C:\Windows\System\MZxlIpf.exe
  2⤵
  PID:9520
- C:\Windows\System\FKWusFZ.exe
  C:\Windows\System\FKWusFZ.exe
  2⤵
  PID:9536
- C:\Windows\System\LjvUuaw.exe
  C:\Windows\System\LjvUuaw.exe
  2⤵
  PID:9552
- C:\Windows\System\moXrpKm.exe
  C:\Windows\System\moXrpKm.exe
  2⤵
  PID:9568
- C:\Windows\System\otTRACu.exe
  C:\Windows\System\otTRACu.exe
  2⤵
  PID:9584
- C:\Windows\System\fDqNAPj.exe
  C:\Windows\System\fDqNAPj.exe
  2⤵
  PID:9600
- C:\Windows\System\UPYwfMe.exe
  C:\Windows\System\UPYwfMe.exe
  2⤵
  PID:9616
- C:\Windows\System\UmLthTW.exe
  C:\Windows\System\UmLthTW.exe
  2⤵
  PID:9632
- C:\Windows\System\XbWdGeH.exe
  C:\Windows\System\XbWdGeH.exe
  2⤵
  PID:9652
- C:\Windows\System\qQFmzHg.exe
  C:\Windows\System\qQFmzHg.exe
  2⤵
  PID:9668
- C:\Windows\System\AuokQSP.exe
  C:\Windows\System\AuokQSP.exe
  2⤵
  PID:9684
- C:\Windows\System\kImKciE.exe
  C:\Windows\System\kImKciE.exe
  2⤵
  PID:9700
- C:\Windows\System\ahTYcWh.exe
  C:\Windows\System\ahTYcWh.exe
  2⤵
  PID:9716
- C:\Windows\System\PNZOsYu.exe
  C:\Windows\System\PNZOsYu.exe
  2⤵
  PID:9732
- C:\Windows\System\lxhOTXi.exe
  C:\Windows\System\lxhOTXi.exe
  2⤵
  PID:9748
- C:\Windows\System\GBEArIr.exe
  C:\Windows\System\GBEArIr.exe
  2⤵
  PID:9764
- C:\Windows\System\wCMCxNr.exe
  C:\Windows\System\wCMCxNr.exe
  2⤵
  PID:9780
- C:\Windows\System\VurjNpn.exe
  C:\Windows\System\VurjNpn.exe
  2⤵
  PID:9796
- C:\Windows\System\pkmNZrc.exe
  C:\Windows\System\pkmNZrc.exe
  2⤵
  PID:9812
- C:\Windows\System\bIImXkV.exe
  C:\Windows\System\bIImXkV.exe
  2⤵
  PID:9828
- C:\Windows\System\SnwCRrY.exe
  C:\Windows\System\SnwCRrY.exe
  2⤵
  PID:9844
- C:\Windows\System\nCsINpe.exe
  C:\Windows\System\nCsINpe.exe
  2⤵
  PID:9860
- C:\Windows\System\ZhWkENB.exe
  C:\Windows\System\ZhWkENB.exe
  2⤵
  PID:9876
- C:\Windows\System\agGYlpj.exe
  C:\Windows\System\agGYlpj.exe
  2⤵
  PID:9892
- C:\Windows\System\knvAKHf.exe
  C:\Windows\System\knvAKHf.exe
  2⤵
  PID:9908
- C:\Windows\System\aTcVrEN.exe
  C:\Windows\System\aTcVrEN.exe
  2⤵
  PID:9924
- C:\Windows\System\sEgbxHC.exe
  C:\Windows\System\sEgbxHC.exe
  2⤵
  PID:9940
- C:\Windows\System\tiFJxaH.exe
  C:\Windows\System\tiFJxaH.exe
  2⤵
  PID:9956
- C:\Windows\System\zKIsiCP.exe
  C:\Windows\System\zKIsiCP.exe
  2⤵
  PID:9972
- C:\Windows\System\MxQlxui.exe
  C:\Windows\System\MxQlxui.exe
  2⤵
  PID:9988
- C:\Windows\System\MhoIGIZ.exe
  C:\Windows\System\MhoIGIZ.exe
  2⤵
  PID:10004
- C:\Windows\System\bDXjNel.exe
  C:\Windows\System\bDXjNel.exe
  2⤵
  PID:10020
- C:\Windows\System\ikqGPZP.exe
  C:\Windows\System\ikqGPZP.exe
  2⤵
  PID:10036
- C:\Windows\System\WAxyokn.exe
  C:\Windows\System\WAxyokn.exe
  2⤵
  PID:10052
- C:\Windows\System\YNGJXKn.exe
  C:\Windows\System\YNGJXKn.exe
  2⤵
  PID:10068
- C:\Windows\System\MeLipuV.exe
  C:\Windows\System\MeLipuV.exe
  2⤵
  PID:10084
- C:\Windows\System\zTsgbPW.exe
  C:\Windows\System\zTsgbPW.exe
  2⤵
  PID:10100
- C:\Windows\System\jDLzxID.exe
  C:\Windows\System\jDLzxID.exe
  2⤵
  PID:10116
- C:\Windows\System\BFfvgAB.exe
  C:\Windows\System\BFfvgAB.exe
  2⤵
  PID:10132
- C:\Windows\System\RmUPbXi.exe
  C:\Windows\System\RmUPbXi.exe
  2⤵
  PID:10148
- C:\Windows\System\vMyzxwI.exe
  C:\Windows\System\vMyzxwI.exe
  2⤵
  PID:10172
- C:\Windows\System\wicxOhj.exe
  C:\Windows\System\wicxOhj.exe
  2⤵
  PID:10192
- C:\Windows\System\YennFys.exe
  C:\Windows\System\YennFys.exe
  2⤵
  PID:10224
- C:\Windows\System\DYGYCEN.exe
  C:\Windows\System\DYGYCEN.exe
  2⤵
  PID:8720
- C:\Windows\System\fFFzYMx.exe
  C:\Windows\System\fFFzYMx.exe
  2⤵
  PID:9268
- C:\Windows\System\DNOWcst.exe
  C:\Windows\System\DNOWcst.exe
  2⤵
  PID:9252
- C:\Windows\System\jKXrNCn.exe
  C:\Windows\System\jKXrNCn.exe
  2⤵
  PID:9284
- C:\Windows\System\WiXvLwq.exe
  C:\Windows\System\WiXvLwq.exe
  2⤵
  PID:9320
- C:\Windows\System\CNhlWug.exe
  C:\Windows\System\CNhlWug.exe
  2⤵
  PID:9336
- C:\Windows\System\iuEtCvs.exe
  C:\Windows\System\iuEtCvs.exe
  2⤵
  PID:9380
- C:\Windows\System\TdPTxIl.exe
  C:\Windows\System\TdPTxIl.exe
  2⤵
  PID:9416
- C:\Windows\System\kHfgYhr.exe
  C:\Windows\System\kHfgYhr.exe
  2⤵
  PID:9448
- C:\Windows\System\JUEtHcT.exe
  C:\Windows\System\JUEtHcT.exe
  2⤵
  PID:9496
- C:\Windows\System\GNkvnSm.exe
  C:\Windows\System\GNkvnSm.exe
  2⤵
  PID:9512
- C:\Windows\System\xRjFSBu.exe
  C:\Windows\System\xRjFSBu.exe
  2⤵
  PID:9560
- C:\Windows\System\qqIhAQE.exe
  C:\Windows\System\qqIhAQE.exe
  2⤵
  PID:9576
- C:\Windows\System\CzCrEpH.exe
  C:\Windows\System\CzCrEpH.exe
  2⤵
  PID:9596
- C:\Windows\System\XaGBgfX.exe
  C:\Windows\System\XaGBgfX.exe
  2⤵
  PID:9664
- C:\Windows\System\eWTqLGu.exe
  C:\Windows\System\eWTqLGu.exe
  2⤵
  PID:10096
- C:\Windows\System\KEwvrjL.exe
  C:\Windows\System\KEwvrjL.exe
  2⤵
  PID:10180
- C:\Windows\System\fDMoEmi.exe
  C:\Windows\System\fDMoEmi.exe
  2⤵
  PID:9300
- C:\Windows\System\eUUGgMQ.exe
  C:\Windows\System\eUUGgMQ.exe
  2⤵
  PID:10212
- C:\Windows\System\kdKtUab.exe
  C:\Windows\System\kdKtUab.exe
  2⤵
  PID:10156
- C:\Windows\System\SalZTWm.exe
  C:\Windows\System\SalZTWm.exe
  2⤵
  PID:7556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\GSRAsDJ.exe

Filesize
6.0MB

MD5
bdcc23fec7350799e2b03faa5169706b

SHA1
5b21b53a5b836914f039b0f5167428698d2f4e8d

SHA256
fcb0a012e8f4862f31de28ecc33d315671bf83bfc9e256a410fc0ef02c05a617

SHA512
347a062cc02b62bdadc86575ac2a523b5ccd23730579879f704e7781380c1be41b89880d242c45b9ee666e28a5de32dcf522eb2e9a3c8446089e73e8f67454b3

Download Submit
C:\Windows\system\HyWxOkJ.exe

Filesize
6.0MB

MD5
82a971ca0ba82d0b3253e812bf84f4f0

SHA1
078b7fc91bb8fe07e839ee212bfa5dc090676a5b

SHA256
a485236eabdd4a235de8a9f7dee07b1315aa98bd613d4678e788d51e6dd039bc

SHA512
b90e8bb83c37aee997cc565c5083ce6044d2084a217a1dbd9eb7a2f442bc82e08e4523a19fe067c215f3357bb0619b2eb452013b2ed264b57055544bb840c3aa

Download Submit
C:\Windows\system\Lglfhrg.exe

Filesize
6.0MB

MD5
e26c13dfac8e49c7ee796aa7b3276f01

SHA1
d1eeeb572805fd4bf88754df677581a61c8d8177

SHA256
c458cbf7cc5ea8b0219f228b32db6e51bd42f85587f3e52ab112d60b8660e7bd

SHA512
10cee1729f8255b5e82bbe5e6384631284df9e9b8f1f8e5f2c7b4dfab9d61170d88c3e07cdd9651be99c11ba7bd1e056518004b26ed84eb2880e9a81ade5d6f7

Download Submit
C:\Windows\system\MeaDqBz.exe

Filesize
6.0MB

MD5
4c89b5a822e83d1117ff0e88d6ec1df3

SHA1
3e31d52fc2064d2a9876e7091712abf31a608e76

SHA256
8591919d956bb6fd0aa42b1914a5c4abbfc4d087455ba34f784821f309a02fa4

SHA512
bb94e0307821045fe165cd48358fade335f3256a47cd72e428ed06202b807871c340b193aa69962f36948da0c88311dcebd2ae646a0ec0c844f6292f76bab474

Download Submit
C:\Windows\system\NgdmCEN.exe

Filesize
6.0MB

MD5
a70c0efe2d87a44ac9dcb64fa6f410ad

SHA1
3f81640d14cb21dde4861757f94bcddb1134224f

SHA256
01e5aceb28d2efd5c97dff8b82d0db37338319baf61bfad1b77ea0ec7afff7d5

SHA512
2f648b31d4fc2f3923f240e77a91d4aa154613837fb071183f9246ff682c0c864516704529486a0f1c681711abfb373639982c05afddaea3920cc2be9bd45c79

Download Submit
C:\Windows\system\RUttCNX.exe

Filesize
6.0MB

MD5
7f1870c8a91d305f796fba00bd98e488

SHA1
3238b95844e2580484a1ac8e0a968b6daa582a5d

SHA256
6d53a79b2b2e139a6c870848472af31012605bffb37056186ce8a48bd0bedc85

SHA512
a31a03a3db850b887150bdd02aff9e7bc3963f7735c5e4ebee324fc51b7bcddcd05b357cbe08c0b29b5d25def31f433a38c02d29f20cf09e1d7dc7d1b9575196

Download Submit
C:\Windows\system\SFScfqs.exe

Filesize
6.0MB

MD5
70c140d60fca5536c54caa48be63a1a8

SHA1
4556de7028fe9bdf40b216bc20570316859843d3

SHA256
610b8faa9be13f70a6ed7adae01fe8fe188f2feff558bb2a2403bcd4e2efcba4

SHA512
c123e387d0c1d9a4052c2d5819b7c870df67d92b9baaad1ece7698b41a42288e1892e2991956d700de9abb72fb0bf39a48d04735f84a97cbbdda4a0755859863

Download Submit
C:\Windows\system\UZJASsP.exe

Filesize
6.0MB

MD5
da538a9c23437af84d884e12aee9f08a

SHA1
8ce4dfa1449dff3fac4fc873ed946583b2084ed5

SHA256
1c46484774dbf20f18df9aa7fceafea7503bf336cf6fcf3422ea85d09b30e137

SHA512
4123c392038f8f795bf4797d1987b6c409b3c7d10b509c92e65d8946ae4f2b94d5da71f97263534fb8399d5e8f15e4043cb56e4571604bf1c6555bd54792cbcb

Download Submit
C:\Windows\system\Vtkaols.exe

Filesize
6.0MB

MD5
c7917cabac87d7645d6e5263bbe026a5

SHA1
477602d89117b49aa7509d6658b6d57ea0214fc7

SHA256
607f92c36e37e38f5c977b5328ffc836f8a26b4cb194788e9a7b8fbc010b3390

SHA512
5076af7875db45e30577759c10c7a92f468e3a082f54df13a52ed4683cc6802f2f84734e4830e60c31f9f1d9e2155314c0dce345187e02763b7cf2e3a79af7c0

Download Submit
C:\Windows\system\YPvoobL.exe

Filesize
6.0MB

MD5
0233152dd4c21d6ff7ec15019cd1c012

SHA1
b091d7e925a92a9730c4f1299ccbe65f8492511a

SHA256
b24e23b8b3155db496c7c00cc1f6bb3b37373360833f85b23e7866c897730e97

SHA512
8f8054aa14814b315021446b454b4c8fedab4d0aa85aeb8bf9ec1f980d67dcd3f786727fba578a4a4f7954c7d57cec40715a1eacc812605a3f1568961bac5e31

Download Submit
C:\Windows\system\cmsPDXd.exe

Filesize
6.0MB

MD5
033c8202f808ad8965d141e6b2a80da2

SHA1
56995bb27d235baced188dfea18c0fb4101cdabf

SHA256
dea43aac91fc586c25a844acadda78478ed8fd7805d43101b6efda9e930d4054

SHA512
8e7daeadcde6b0bd989ec9d9eaf4ce8a9d1cdf6f356339f83d20d96975ddc4b06aa4068ecfe4f91a90ef1849ac02a3e5185ee83f210d383d1e17e65986b2e27d

Download Submit
C:\Windows\system\fREPLnr.exe

Filesize
6.0MB

MD5
bdd7523e734e233a09ce3d6caba6c3c3

SHA1
6f84ca267e3cf0975a432f76ad70f2435140354d

SHA256
e030a945d12f3a60e0a0f1fbc503ff9f6f42ec6872b446eaaf63ced9e7ab7f4c

SHA512
066e6e11e1eac53f619fdb6a54aa03087773fabd03069018a640e4114d8a8ae71b7d41192101e92bf963ca42b443692fbe04949667eb9619b8836c1c9dbddb45

Download Submit
C:\Windows\system\gJczKZH.exe

Filesize
6.0MB

MD5
2859eae42eac707e19b66930124d1571

SHA1
4cd3efbfda22314405a2b6af44e8879480dfa169

SHA256
715f9dc0d0054ec029a93699cd6eb9d60a3ab8275dc918852e647c5ab16b34c9

SHA512
b1296f9e13e75f68dc1258a201ad5ed2d0e7fda99ba8f3fcf43aff127c101bd6ecd4baf432ea0fc9bcd898d4d6d278704ddca2cb9e078dcfeb60a4b7af82b35b

Download Submit
C:\Windows\system\iDIrkjR.exe

Filesize
6.0MB

MD5
aa85e01302417d16d238dd14f0c03792

SHA1
367821ed49937102db56295d811eb4cfb2042ba4

SHA256
23b5218e9e54eb007dc372040cc77a4fd332de783836672e9bb826640822a06e

SHA512
6401baee6f3b696d47cda0a159453e176b54647edd911035f15b35d209f4a9244f2a8bb4728c6874ff3a94f189ff26d0dd83d14a3220a71c2714f65bb5093a38

Download Submit
C:\Windows\system\jWKaHtg.exe

Filesize
6.0MB

MD5
7d7aaa383f16fb7170df92374fc85b64

SHA1
7f14744c82111c90f4ade314ee16531e6b4f8b75

SHA256
81cc2ec583b40067e0dabae5d04222459bd2d272b8bf4a61f1d95e79ca8cbb1d

SHA512
3f838d3920c62616c89fdfdd4be507f200e148256a0acb918d37dfcb56a92866452857aed7dcc0d52f64356986e7af95597946ef3fbb558de10f86c534607e98

Download Submit
C:\Windows\system\kAaUtdJ.exe

Filesize
6.0MB

MD5
f5eef2fa5c058e880d6c373a1bcfdcb6

SHA1
93d933daafaf3afd980b1c7f610f872abbe32c1d

SHA256
e63885a0c0e9d723dd7b62b53254979044fb69a0241916a0a6b269acf7729f00

SHA512
bed93d075522833674acb475b4d72338cdf7e108499a5150c3d6a1a1e28fc916d13a88b8152edf65f2015b472c8fa15c12ed636c42792b40b572729f7e320d1c

Download Submit
C:\Windows\system\klMtYbG.exe

Filesize
6.0MB

MD5
b6ccbdb7f27a6fd72700cb2e6585cac0

SHA1
b9caed6fc22611b397853f681637dcebb8c30034

SHA256
73c516cb1078cbb9404fb4c3e11a0bdfb7af8227bfa03dba3c87014bfd98fd63

SHA512
e72dd3fa74428b26ebae708b470affbb5d85341a073ea2f62f2c657d7710d8471c1e4eb1951d764d66437cc1053852508031413b2682d27d29cf975b5186ccb6

Download Submit
C:\Windows\system\mmDAguA.exe

Filesize
6.0MB

MD5
09d752d3abe9ef31eb093a45496d80ed

SHA1
be9dc62f5c98f2b2af92298e5e095ca00aad5593

SHA256
37f5a6f04ea7e84631b8606d820af2861fbe2043f5fa2b39c58380fda5f64d76

SHA512
be0dc5e68d2e48e392a6e01360fb1f5520bd080b6c9bb1c767ebba6116d3976ccc9b6a50d433ff9345022ea0beae80c0316b0c1babebcdd67d895d21d055afc1

Download Submit
C:\Windows\system\nHZZyBP.exe

Filesize
6.0MB

MD5
e7abbbf09a62ca80d5bf46e2d4426df4

SHA1
9697904315532af28d2f8c819fcc0f1e4c7e078b

SHA256
3c74040dbb77217107b8463d999fa7f47659ceaa5d0d25124fc34c7fa3923711

SHA512
bee87b0967a65f0f3c9bad1714df90c0a59f284d3dc17d0257449fdb1d2425400caddcb4ddeaf17fb970df9cc0257152dca5e81e4a502a042f507c82464b160f

Download Submit
C:\Windows\system\nZSgAYH.exe

Filesize
6.0MB

MD5
acbf429521b2a793eceda6af29132fbd

SHA1
f557a72197a4e78f8c8d4985004a6f6c300a9d48

SHA256
1348ec6e42758d0ec98fbbc8853f4140a0b46238742165756d7ab14f078d386b

SHA512
67fe3e81b713acc83ce527a5a46ef461a12131483e1be4c3c30bb2590d9938bb0576c73e541a4602c8557858bb131da0111edbeead8356ea11e598e18cd0dda5

Download Submit
C:\Windows\system\othkBpC.exe

Filesize
6.0MB

MD5
584977b42a02f9bacf56704e18bb11d0

SHA1
5c0ff255171fe423cf817433a897dce1beeaf480

SHA256
714dc3248b1e04fc33428f6800cd2bb5970e281bc837944c646b1d7aa346e3c3

SHA512
a7475e88fa1c54bb4c951ed38ba737dc6830e496b745f44f2947edd9aea38c3bb638078183dd18c8af6652b5a87f9bf36158f61f5bf7630d9fbecbcd604af618

Download Submit
C:\Windows\system\rbQwiec.exe

Filesize
6.0MB

MD5
2e9a5143622a3139389b15432cd16e3d

SHA1
c2000aa9529cc9651873bab40bb2f3c2bd889030

SHA256
25ff1fb0f37ba1ab445bb5e169a089fb957cccaea2b5456339b145819f6f2a12

SHA512
e51859d1d4ae0c5588bdc85b2515051c73c6db3aa5485f685f1311da7efa496752e865dfba9f836c3dbafad91b78aefd17fc9954a05e4de6bb9736604bb3284d

Download Submit
C:\Windows\system\sEfHguL.exe

Filesize
6.0MB

MD5
e691f3d5c73a101e2d605ad9261f48c2

SHA1
0a9c39da3b36858819edc982f5f5e1609e47ca63

SHA256
8666a85d5ba55d44e93e30d1b622269893ccd8c806d87378cebb1b242915d01a

SHA512
dccef8f0e14d9b935b3535452bb6e4158f954200c5a31eeac0535966fa5330485180b53af6934e7ce420c0ee6073d7bd7cc3dee3d593214e64a37b2c46eeec2a

Download Submit
C:\Windows\system\ujByoMt.exe

Filesize
6.0MB

MD5
70ee4f481313173440e06acfa2667867

SHA1
5cd212b14e92ff6b65e6f8cad277933cfaf52f72

SHA256
cb8f65c5740f901c9030a0b0be50928eb1c6f79ba41f0ac9f422ddb9251bf729

SHA512
0d5456abc9048e8c82d376fc9856073e4e1ba9fefde3c20f347061cd6fd8c5c0c758be2a574bcc870caa6b4980bf6a7f0ff203709b673b33743e0fc900a3ef36

Download Submit
C:\Windows\system\usamYZw.exe

Filesize
6.0MB

MD5
ed47720fbb6a508e99cb8c3263233d35

SHA1
462e94635eaf49b71d871dfa301ab97fe41d27c4

SHA256
eac4981e8963b34c5772114b92f7309b7d8cb29305267d0965e956aafa3f6fd1

SHA512
4a485f010b9555483e480a882ea4c074c8db116f298ea2e7d996fa5d13c2063323fe7fa57992a00885f5ab4de8c52b1f75927fc7a698a27c8663df85172a8aed

Download Submit
C:\Windows\system\xTnuIGq.exe

Filesize
6.0MB

MD5
ec31ff1f32f49c3d85dc090eb17e7587

SHA1
7e6d3c6bef7759599015fae19dedd1d0b03194b1

SHA256
8bd2440ae75a6ca5e571835a04e1d86257bc873422019133dcd83ac0c931c2a4

SHA512
d7ebe401ae25df371b8a3f24473e7a1b0b7b654b1b8ca5490671a9f5db7a53b1ee081b728f83252d4bddbe4de1017bb4106e1c144e81a588aa4cfeb6d86efafc

Download Submit
C:\Windows\system\zCmhetO.exe

Filesize
6.0MB

MD5
a76ccfe7f358d354c5ae44d25df33f43

SHA1
390aa4d2317468de97a680e8ffac9930025e7be4

SHA256
b9bb2920dac9d93c5d7a65eb7023260f02dcaab4ea7ace64f4e01cdceda3db96

SHA512
0a264b5736c3d779dd51cbb1e21c6edbc5712b25b8389239407c94dd2f29d0aa8122363c51eaa908b0a98ce8e59244f491008eb4ef3af7a88148e338440f82ce

Download Submit
\Windows\system\EkEGREr.exe

Filesize
6.0MB

MD5
5cf2a937795d7c9374e198b39a0eb9b1

SHA1
3187e528033ab438bc1d5150ea22958b0751c9c0

SHA256
2adceec05a127ce253b63bd0c595fa09cd9dca5a793cdccec3ebe615c20efb54

SHA512
b7c102d230751259afd9aeb9776df42c349979a9e53e1195beb825d960651a689419db3250143c77575be61702cdd5bfabad9b918db94da3f16d7ac7d533867b

Download Submit
\Windows\system\LpgYJoC.exe

Filesize
6.0MB

MD5
c59b047b873fae6d2b8bbec1686b516c

SHA1
c9ae19921a36ac6fbd178edb30db43bf255af8ae

SHA256
5aa9aa959525e7b592d062ef7013ab8d5946406dcbe5d5d551739d27338dbbdb

SHA512
0aed9b3d7970d28a0d646ad2bd92e070e8b9c351588447dc053d5c43f3f0ae08b94ce18cb0c1fc4e7c35f804f15562cc9a4ce7424ce8b441347ca05160a15548

Download Submit
\Windows\system\QBRIYtZ.exe

Filesize
6.0MB

MD5
00387cbb57dc6660e6999ff2ab08a600

SHA1
b735e3126bc18a3082d09eeb3cdfb832275b5d58

SHA256
d8e7452c044f716f1e9220b0bde64258483dce6512303506a3ec39c3090992bc

SHA512
b52710bb4813a5880ae1584cd3c70975f83581f47cd12f1ba8ed4bf6f87956104b64d73000ea7fcb995d88c7b3b197f846c7443009e056bae943ace11e8a9a34

Download Submit
\Windows\system\RGGESCn.exe

Filesize
6.0MB

MD5
786ce17cd9488399714ace1491af1fb8

SHA1
9e462903987cb7e37bdeeb598038ed871637a2c4

SHA256
9a39c6e8b1055c980f13b6cb8cb291bf97f6f954dcca422d8cf5b481b31bd8aa

SHA512
c39f8128a3136f4b4a9e01fea1b3e5a83f5f1ce49d06697e9f541e2d7c640c1c888980940bdb5842725c1553b4f2c701cb5310230ad5beaabb1b72f7e2a847c3

Download Submit
\Windows\system\gkbetrN.exe

Filesize
6.0MB

MD5
96bee391063e75df417a65296357a927

SHA1
e5964c8bc082796adc2648b258770fc5d7fe4ace

SHA256
1aaad7033b1f45388b0093a37b765b08d65fae1c9214f297c63fd9988bd53e70

SHA512
47c80d0f2e6ae5a465141d5a86b5c5a1548efa80d1d84ec0bbbb5f791a8e7b2a77ae4cff2651844fdd957fed35057e7242984ca656ec650b32e03027aafad1b0

Download Submit
memory/536-95-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/536-4032-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/564-4033-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/564-91-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1316-4035-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1316-97-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-87-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-4034-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-627-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-4027-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2404-464-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2404-35-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2432-895-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2432-61-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-794-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2432-0-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2432-46-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2432-621-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2432-394-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2432-56-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2432-99-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2432-896-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-80-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2432-1-0x0000000000300000-0x0000000000310000-memory.dmp

Filesize
64KB

Download
memory/2432-94-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2432-41-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2432-32-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2432-101-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-11-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2432-76-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2552-59-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2552-4030-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2556-49-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2556-4026-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2596-4029-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2596-52-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2656-38-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4023-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2708-29-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2708-4025-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4024-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2764-25-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2792-4028-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2792-53-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2972-102-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2972-4036-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2976-4031-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-62-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download