cobaltstrike | af7d94e0e7f78b373b5b3f23a57a4d93651c821bd9eff9f7370bc2b6419baac6

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 02:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

425b67c39df4b4eab109ef05eebd84ef
SHA1

08d7c9f8082022e1e0879cd7534b3841b82bb7d1
SHA256

af7d94e0e7f78b373b5b3f23a57a4d93651c821bd9eff9f7370bc2b6419baac6
SHA512

e746cea8ba0897b4e6ed3aa2c2fd8248ee73b5b2cce1535a72f4d2ddcf62b2115a069c063ce76be08d38e0ee7d807ccdfdd0dfc1bf8d79d3f622d3f9eec3b190
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUG:T+q56utgpPF8u/7G

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012029-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014b28-9.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000014b54-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014bda-19.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014cde-29.dat	cobalt_reflective_dll
behavioral1/files/0x003500000001487e-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015016-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014f7b-47.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d11-61.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d33-67.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d46-73.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4a-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016db3-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dc7-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd6-121.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017051-131.dat	cobalt_reflective_dll
behavioral1/files/0x0031000000018654-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018669-166.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001875d-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018761-191.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186de-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186d2-171.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175d2-156.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175c6-146.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175cc-150.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017546-141.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000170b5-136.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ee0-126.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd2-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016db8-111.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4e-97.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2792-0-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x000b000000012029-6.dat	xmrig
behavioral1/memory/3004-8-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x0008000000014b28-9.dat	xmrig
behavioral1/memory/2748-14-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x0009000000014b54-11.dat	xmrig
behavioral1/files/0x0008000000014bda-19.dat	xmrig
behavioral1/memory/2792-27-0x0000000002250000-0x00000000025A4000-memory.dmp	xmrig
behavioral1/memory/2736-28-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2856-25-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/files/0x0007000000014cde-29.dat	xmrig
behavioral1/memory/2484-34-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x003500000001487e-38.dat	xmrig
behavioral1/memory/2792-39-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2572-42-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/files/0x0007000000015016-52.dat	xmrig
behavioral1/memory/2476-49-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2916-57-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/3004-48-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000014f7b-47.dat	xmrig
behavioral1/memory/2748-55-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/1748-62-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d11-61.dat	xmrig
behavioral1/memory/2484-65-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d33-67.dat	xmrig
behavioral1/memory/2572-72-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d46-73.dat	xmrig
behavioral1/files/0x0006000000016d4a-80.dat	xmrig
behavioral1/memory/1420-85-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016db3-90.dat	xmrig
behavioral1/memory/476-89-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x0006000000016dc7-110.dat	xmrig
behavioral1/memory/2476-105-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016dd6-121.dat	xmrig
behavioral1/files/0x0006000000017051-131.dat	xmrig
behavioral1/files/0x0031000000018654-158.dat	xmrig
behavioral1/files/0x0005000000018669-166.dat	xmrig
behavioral1/files/0x00050000000186ee-180.dat	xmrig
behavioral1/memory/960-721-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/1748-405-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2916-188-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x000500000001875d-187.dat	xmrig
behavioral1/files/0x0005000000018761-191.dat	xmrig
behavioral1/files/0x00050000000186de-176.dat	xmrig
behavioral1/files/0x00050000000186d2-171.dat	xmrig
behavioral1/files/0x00060000000175d2-156.dat	xmrig
behavioral1/files/0x00060000000175c6-146.dat	xmrig
behavioral1/files/0x00060000000175cc-150.dat	xmrig
behavioral1/files/0x0006000000017546-141.dat	xmrig
behavioral1/files/0x00060000000170b5-136.dat	xmrig
behavioral1/files/0x0006000000016ee0-126.dat	xmrig
behavioral1/files/0x0006000000016dd2-115.dat	xmrig
behavioral1/files/0x0006000000016db8-111.dat	xmrig
behavioral1/memory/2792-101-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2796-100-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2664-108-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d4e-97.dat	xmrig
behavioral1/memory/960-84-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2792-81-0x0000000002250000-0x00000000025A4000-memory.dmp	xmrig
behavioral1/memory/3004-3143-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2748-3144-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2856-3165-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2736-3172-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2572-3236-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3004	kbHDRlM.exe
2748	hduoQll.exe
2856	TkJVzlM.exe
2736	YbQYPMx.exe
2484	mUWPnlQ.exe
2572	ULoRfNT.exe
2476	oFmvLzu.exe
2916	lZhgIga.exe
1748	lhHPFca.exe
476	khACThn.exe
960	JWhyUJf.exe
1420	lhEIMKB.exe
2796	gAfzjnc.exe
2664	nbWrrwx.exe
2332	jPYAXzG.exe
1784	VOAaVPP.exe
1920	ykashcq.exe
852	XNoxHrS.exe
2224	MMyKpWN.exe
816	VhwjGhr.exe
1048	gJGehoB.exe
2144	tOLHsEA.exe
2024	gXxwqRf.exe
1872	dkhOeXA.exe
1884	IfOXOWX.exe
2304	swuURtf.exe
2308	OVJvWFG.exe
2872	fHaavqW.exe
2316	eJakmFL.exe
2644	rMOWkxD.exe
2336	sibGORm.exe
2164	IproxSR.exe
944	pKJDlFN.exe
2300	iXXuPrO.exe
1680	HCPwsbl.exe
2084	lHgJIYY.exe
884	GGKlDiM.exe
1220	GFWOBYs.exe
2444	SiXiUSW.exe
1556	KYjoLbj.exe
1732	nMGWbkr.exe
1364	sINbwkF.exe
1368	cFGsUCc.exe
1740	wBsLdnv.exe
924	OnnFFof.exe
600	OELxksE.exe
688	aFRzXnq.exe
1704	WtasPOk.exe
2356	SfFASrl.exe
2176	GKnfObb.exe
2172	ayYGkHY.exe
888	RTiBipN.exe
292	twclfow.exe
1328	ZRTUobr.exe
1444	RzVVBBT.exe
868	MSWKaHh.exe
2552	bEJOZqC.exe
1520	omwmGmf.exe
1548	JsUFOQV.exe
2564	DMRxkfs.exe
2776	yNytSad.exe
2132	kvsOSUC.exe
1972	bcPJJTT.exe
2648	KjdqtFo.exe

Loads dropped DLL 64 IoCs

pid	Process
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2792-0-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x000b000000012029-6.dat	upx
behavioral1/memory/3004-8-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x0008000000014b28-9.dat	upx
behavioral1/memory/2748-14-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x0009000000014b54-11.dat	upx
behavioral1/files/0x0008000000014bda-19.dat	upx
behavioral1/memory/2736-28-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2856-25-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/files/0x0007000000014cde-29.dat	upx
behavioral1/memory/2484-34-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x003500000001487e-38.dat	upx
behavioral1/memory/2792-39-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2572-42-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/files/0x0007000000015016-52.dat	upx
behavioral1/memory/2476-49-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2916-57-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/3004-48-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x0007000000014f7b-47.dat	upx
behavioral1/memory/2748-55-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/1748-62-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x0007000000016d11-61.dat	upx
behavioral1/memory/2484-65-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x0006000000016d33-67.dat	upx
behavioral1/memory/2572-72-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/files/0x0006000000016d46-73.dat	upx
behavioral1/files/0x0006000000016d4a-80.dat	upx
behavioral1/memory/1420-85-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/files/0x0006000000016db3-90.dat	upx
behavioral1/memory/476-89-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x0006000000016dc7-110.dat	upx
behavioral1/memory/2476-105-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/files/0x0006000000016dd6-121.dat	upx
behavioral1/files/0x0006000000017051-131.dat	upx
behavioral1/files/0x0031000000018654-158.dat	upx
behavioral1/files/0x0005000000018669-166.dat	upx
behavioral1/files/0x00050000000186ee-180.dat	upx
behavioral1/memory/960-721-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/1748-405-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2916-188-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x000500000001875d-187.dat	upx
behavioral1/files/0x0005000000018761-191.dat	upx
behavioral1/files/0x00050000000186de-176.dat	upx
behavioral1/files/0x00050000000186d2-171.dat	upx
behavioral1/files/0x00060000000175d2-156.dat	upx
behavioral1/files/0x00060000000175c6-146.dat	upx
behavioral1/files/0x00060000000175cc-150.dat	upx
behavioral1/files/0x0006000000017546-141.dat	upx
behavioral1/files/0x00060000000170b5-136.dat	upx
behavioral1/files/0x0006000000016ee0-126.dat	upx
behavioral1/files/0x0006000000016dd2-115.dat	upx
behavioral1/files/0x0006000000016db8-111.dat	upx
behavioral1/memory/2796-100-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2664-108-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x0006000000016d4e-97.dat	upx
behavioral1/memory/960-84-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/3004-3143-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2748-3144-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2856-3165-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2736-3172-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2572-3236-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2476-3237-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2484-3259-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2916-3311-0x000000013F140000-0x000000013F494000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\lhHPFca.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jhezSyf.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gUeCEbE.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ECtHgeT.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYdWXru.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VcThYFX.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pxkvMiM.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yngHLoI.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GWPXhZr.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WOllHUW.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rwyIAJH.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZOYmuIC.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xmrYgnI.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EoJwkrc.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lKZXMgi.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwANyAS.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ItysEnY.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rTXKvJy.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xrYQQOQ.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZxTaeS.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YoshxrO.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ejQpvxB.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WTFfClM.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xRhRTPO.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yvfBTxL.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aOcefBE.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGOcTZA.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZZNmpKB.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQNNHqB.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDpRMNp.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bIPwzcX.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ucCDZyk.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\knMWRwU.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eBgcCMP.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZXJTXjB.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KIbmvxG.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HqrsDZm.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zxxigKZ.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FttmRDy.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJJiCba.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JNgAWLt.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tAxyffe.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yBwsybG.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGcLHIv.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZeAAqRV.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bNBbXZb.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qviOXgJ.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qqSbEre.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RfvOJFe.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oafjQqe.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\luyvqfF.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vcSXFWd.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDvAINv.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pHeRTRi.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhCxZwl.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wbXxIxP.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SZOyltd.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TYXMzIu.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DkMHbNn.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NwUVUqm.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QIcOAUN.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\riWvGKl.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PGFmVSJ.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\beecEOh.exe	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 3004	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2792 wrote to memory of 3004	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2792 wrote to memory of 3004	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2792 wrote to memory of 2748	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2792 wrote to memory of 2748	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2792 wrote to memory of 2748	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2792 wrote to memory of 2856	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2792 wrote to memory of 2856	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2792 wrote to memory of 2856	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2792 wrote to memory of 2736	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2792 wrote to memory of 2736	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2792 wrote to memory of 2736	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2792 wrote to memory of 2484	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2792 wrote to memory of 2484	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2792 wrote to memory of 2484	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2792 wrote to memory of 2572	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2792 wrote to memory of 2572	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2792 wrote to memory of 2572	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2792 wrote to memory of 2476	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2792 wrote to memory of 2476	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2792 wrote to memory of 2476	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2792 wrote to memory of 2916	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2792 wrote to memory of 2916	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2792 wrote to memory of 2916	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2792 wrote to memory of 1748	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2792 wrote to memory of 1748	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2792 wrote to memory of 1748	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2792 wrote to memory of 476	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2792 wrote to memory of 476	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2792 wrote to memory of 476	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2792 wrote to memory of 960	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2792 wrote to memory of 960	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2792 wrote to memory of 960	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2792 wrote to memory of 1420	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2792 wrote to memory of 1420	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2792 wrote to memory of 1420	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2792 wrote to memory of 2664	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2792 wrote to memory of 2664	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2792 wrote to memory of 2664	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2792 wrote to memory of 2796	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2792 wrote to memory of 2796	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2792 wrote to memory of 2796	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2792 wrote to memory of 1784	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2792 wrote to memory of 1784	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2792 wrote to memory of 1784	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2792 wrote to memory of 2332	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2792 wrote to memory of 2332	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2792 wrote to memory of 2332	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2792 wrote to memory of 1920	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2792 wrote to memory of 1920	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2792 wrote to memory of 1920	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2792 wrote to memory of 852	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2792 wrote to memory of 852	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2792 wrote to memory of 852	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2792 wrote to memory of 2224	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2792 wrote to memory of 2224	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2792 wrote to memory of 2224	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2792 wrote to memory of 816	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2792 wrote to memory of 816	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2792 wrote to memory of 816	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2792 wrote to memory of 1048	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2792 wrote to memory of 1048	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2792 wrote to memory of 1048	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2792 wrote to memory of 2144	2792	2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_425b67c39df4b4eab109ef05eebd84ef_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\System\kbHDRlM.exe
  C:\Windows\System\kbHDRlM.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\hduoQll.exe
  C:\Windows\System\hduoQll.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\TkJVzlM.exe
  C:\Windows\System\TkJVzlM.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\YbQYPMx.exe
  C:\Windows\System\YbQYPMx.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\mUWPnlQ.exe
  C:\Windows\System\mUWPnlQ.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\ULoRfNT.exe
  C:\Windows\System\ULoRfNT.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\oFmvLzu.exe
  C:\Windows\System\oFmvLzu.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\lZhgIga.exe
  C:\Windows\System\lZhgIga.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\lhHPFca.exe
  C:\Windows\System\lhHPFca.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\khACThn.exe
  C:\Windows\System\khACThn.exe
  2⤵
  - Executes dropped EXE
  PID:476
- C:\Windows\System\JWhyUJf.exe
  C:\Windows\System\JWhyUJf.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\lhEIMKB.exe
  C:\Windows\System\lhEIMKB.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\nbWrrwx.exe
  C:\Windows\System\nbWrrwx.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\gAfzjnc.exe
  C:\Windows\System\gAfzjnc.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\VOAaVPP.exe
  C:\Windows\System\VOAaVPP.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\jPYAXzG.exe
  C:\Windows\System\jPYAXzG.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\ykashcq.exe
  C:\Windows\System\ykashcq.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\XNoxHrS.exe
  C:\Windows\System\XNoxHrS.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\MMyKpWN.exe
  C:\Windows\System\MMyKpWN.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\VhwjGhr.exe
  C:\Windows\System\VhwjGhr.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\gJGehoB.exe
  C:\Windows\System\gJGehoB.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\tOLHsEA.exe
  C:\Windows\System\tOLHsEA.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\gXxwqRf.exe
  C:\Windows\System\gXxwqRf.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\dkhOeXA.exe
  C:\Windows\System\dkhOeXA.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\IfOXOWX.exe
  C:\Windows\System\IfOXOWX.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\swuURtf.exe
  C:\Windows\System\swuURtf.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\OVJvWFG.exe
  C:\Windows\System\OVJvWFG.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\fHaavqW.exe
  C:\Windows\System\fHaavqW.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\eJakmFL.exe
  C:\Windows\System\eJakmFL.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\rMOWkxD.exe
  C:\Windows\System\rMOWkxD.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\sibGORm.exe
  C:\Windows\System\sibGORm.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\IproxSR.exe
  C:\Windows\System\IproxSR.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\pKJDlFN.exe
  C:\Windows\System\pKJDlFN.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\iXXuPrO.exe
  C:\Windows\System\iXXuPrO.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\HCPwsbl.exe
  C:\Windows\System\HCPwsbl.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\lHgJIYY.exe
  C:\Windows\System\lHgJIYY.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\GGKlDiM.exe
  C:\Windows\System\GGKlDiM.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\GFWOBYs.exe
  C:\Windows\System\GFWOBYs.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\SiXiUSW.exe
  C:\Windows\System\SiXiUSW.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\KYjoLbj.exe
  C:\Windows\System\KYjoLbj.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\nMGWbkr.exe
  C:\Windows\System\nMGWbkr.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\sINbwkF.exe
  C:\Windows\System\sINbwkF.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\cFGsUCc.exe
  C:\Windows\System\cFGsUCc.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\wBsLdnv.exe
  C:\Windows\System\wBsLdnv.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\OnnFFof.exe
  C:\Windows\System\OnnFFof.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\OELxksE.exe
  C:\Windows\System\OELxksE.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\aFRzXnq.exe
  C:\Windows\System\aFRzXnq.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\WtasPOk.exe
  C:\Windows\System\WtasPOk.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\SfFASrl.exe
  C:\Windows\System\SfFASrl.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\GKnfObb.exe
  C:\Windows\System\GKnfObb.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\ayYGkHY.exe
  C:\Windows\System\ayYGkHY.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\RTiBipN.exe
  C:\Windows\System\RTiBipN.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\twclfow.exe
  C:\Windows\System\twclfow.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\ZRTUobr.exe
  C:\Windows\System\ZRTUobr.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\RzVVBBT.exe
  C:\Windows\System\RzVVBBT.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\MSWKaHh.exe
  C:\Windows\System\MSWKaHh.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\bEJOZqC.exe
  C:\Windows\System\bEJOZqC.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\omwmGmf.exe
  C:\Windows\System\omwmGmf.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\JsUFOQV.exe
  C:\Windows\System\JsUFOQV.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\DMRxkfs.exe
  C:\Windows\System\DMRxkfs.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\yNytSad.exe
  C:\Windows\System\yNytSad.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\kvsOSUC.exe
  C:\Windows\System\kvsOSUC.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\KjdqtFo.exe
  C:\Windows\System\KjdqtFo.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\bcPJJTT.exe
  C:\Windows\System\bcPJJTT.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\dXCTxtA.exe
  C:\Windows\System\dXCTxtA.exe
  2⤵
  PID:2504
- C:\Windows\System\YNGhFZE.exe
  C:\Windows\System\YNGhFZE.exe
  2⤵
  PID:1640
- C:\Windows\System\bjtXrxk.exe
  C:\Windows\System\bjtXrxk.exe
  2⤵
  PID:2764
- C:\Windows\System\IjLFOjN.exe
  C:\Windows\System\IjLFOjN.exe
  2⤵
  PID:2844
- C:\Windows\System\CDHrKGL.exe
  C:\Windows\System\CDHrKGL.exe
  2⤵
  PID:1016
- C:\Windows\System\BJlkwTP.exe
  C:\Windows\System\BJlkwTP.exe
  2⤵
  PID:1576
- C:\Windows\System\oVgAIil.exe
  C:\Windows\System\oVgAIil.exe
  2⤵
  PID:2632
- C:\Windows\System\edazrUr.exe
  C:\Windows\System\edazrUr.exe
  2⤵
  PID:2492
- C:\Windows\System\JoLaXpo.exe
  C:\Windows\System\JoLaXpo.exe
  2⤵
  PID:756
- C:\Windows\System\CGaOpEs.exe
  C:\Windows\System\CGaOpEs.exe
  2⤵
  PID:980
- C:\Windows\System\nzWCuah.exe
  C:\Windows\System\nzWCuah.exe
  2⤵
  PID:2812
- C:\Windows\System\gumKVOq.exe
  C:\Windows\System\gumKVOq.exe
  2⤵
  PID:2348
- C:\Windows\System\cijoKAx.exe
  C:\Windows\System\cijoKAx.exe
  2⤵
  PID:2288
- C:\Windows\System\PDUveiQ.exe
  C:\Windows\System\PDUveiQ.exe
  2⤵
  PID:1940
- C:\Windows\System\eilVblV.exe
  C:\Windows\System\eilVblV.exe
  2⤵
  PID:988
- C:\Windows\System\dsUZiVw.exe
  C:\Windows\System\dsUZiVw.exe
  2⤵
  PID:1996
- C:\Windows\System\CEephMp.exe
  C:\Windows\System\CEephMp.exe
  2⤵
  PID:1904
- C:\Windows\System\DVkfrMW.exe
  C:\Windows\System\DVkfrMW.exe
  2⤵
  PID:2160
- C:\Windows\System\rBPwjpJ.exe
  C:\Windows\System\rBPwjpJ.exe
  2⤵
  PID:1696
- C:\Windows\System\WXOcFOo.exe
  C:\Windows\System\WXOcFOo.exe
  2⤵
  PID:2120
- C:\Windows\System\srRikEl.exe
  C:\Windows\System\srRikEl.exe
  2⤵
  PID:3008
- C:\Windows\System\tAxyffe.exe
  C:\Windows\System\tAxyffe.exe
  2⤵
  PID:2424
- C:\Windows\System\QHBHNdS.exe
  C:\Windows\System\QHBHNdS.exe
  2⤵
  PID:2900
- C:\Windows\System\TxRCdzk.exe
  C:\Windows\System\TxRCdzk.exe
  2⤵
  PID:2236
- C:\Windows\System\cqgYmcm.exe
  C:\Windows\System\cqgYmcm.exe
  2⤵
  PID:1448
- C:\Windows\System\kGkrsWQ.exe
  C:\Windows\System\kGkrsWQ.exe
  2⤵
  PID:2028
- C:\Windows\System\OgPZdor.exe
  C:\Windows\System\OgPZdor.exe
  2⤵
  PID:1320
- C:\Windows\System\iYCWDoX.exe
  C:\Windows\System\iYCWDoX.exe
  2⤵
  PID:1488
- C:\Windows\System\EFmlqBi.exe
  C:\Windows\System\EFmlqBi.exe
  2⤵
  PID:908
- C:\Windows\System\GIJZMJf.exe
  C:\Windows\System\GIJZMJf.exe
  2⤵
  PID:2864
- C:\Windows\System\vmMmFrU.exe
  C:\Windows\System\vmMmFrU.exe
  2⤵
  PID:3040
- C:\Windows\System\hJdanPU.exe
  C:\Windows\System\hJdanPU.exe
  2⤵
  PID:1308
- C:\Windows\System\yLUDJUG.exe
  C:\Windows\System\yLUDJUG.exe
  2⤵
  PID:1468
- C:\Windows\System\SVgUxfb.exe
  C:\Windows\System\SVgUxfb.exe
  2⤵
  PID:872
- C:\Windows\System\APgfyjb.exe
  C:\Windows\System\APgfyjb.exe
  2⤵
  PID:2408
- C:\Windows\System\lZiuFBN.exe
  C:\Windows\System\lZiuFBN.exe
  2⤵
  PID:1648
- C:\Windows\System\ZJeISoH.exe
  C:\Windows\System\ZJeISoH.exe
  2⤵
  PID:2232
- C:\Windows\System\mcjQbBA.exe
  C:\Windows\System\mcjQbBA.exe
  2⤵
  PID:2092
- C:\Windows\System\zlXhYdQ.exe
  C:\Windows\System\zlXhYdQ.exe
  2⤵
  PID:2568
- C:\Windows\System\hcdsMGj.exe
  C:\Windows\System\hcdsMGj.exe
  2⤵
  PID:2752
- C:\Windows\System\FXojwpo.exe
  C:\Windows\System\FXojwpo.exe
  2⤵
  PID:264
- C:\Windows\System\oUSuili.exe
  C:\Windows\System\oUSuili.exe
  2⤵
  PID:2712
- C:\Windows\System\VPivSMi.exe
  C:\Windows\System\VPivSMi.exe
  2⤵
  PID:2096
- C:\Windows\System\ZocfRUr.exe
  C:\Windows\System\ZocfRUr.exe
  2⤵
  PID:2512
- C:\Windows\System\XxJDyjh.exe
  C:\Windows\System\XxJDyjh.exe
  2⤵
  PID:2508
- C:\Windows\System\XbyDRLT.exe
  C:\Windows\System\XbyDRLT.exe
  2⤵
  PID:1676
- C:\Windows\System\aPSdxQl.exe
  C:\Windows\System\aPSdxQl.exe
  2⤵
  PID:1196
- C:\Windows\System\OLtgJVi.exe
  C:\Windows\System\OLtgJVi.exe
  2⤵
  PID:2904
- C:\Windows\System\FNRJXWq.exe
  C:\Windows\System\FNRJXWq.exe
  2⤵
  PID:1916
- C:\Windows\System\PYwyYrd.exe
  C:\Windows\System\PYwyYrd.exe
  2⤵
  PID:1944
- C:\Windows\System\SRbJghp.exe
  C:\Windows\System\SRbJghp.exe
  2⤵
  PID:2548
- C:\Windows\System\CDcRCIQ.exe
  C:\Windows\System\CDcRCIQ.exe
  2⤵
  PID:1856
- C:\Windows\System\Iyidwhk.exe
  C:\Windows\System\Iyidwhk.exe
  2⤵
  PID:2056
- C:\Windows\System\sEtbLUL.exe
  C:\Windows\System\sEtbLUL.exe
  2⤵
  PID:1572
- C:\Windows\System\ufbujCB.exe
  C:\Windows\System\ufbujCB.exe
  2⤵
  PID:1112
- C:\Windows\System\TmnnzLH.exe
  C:\Windows\System\TmnnzLH.exe
  2⤵
  PID:544
- C:\Windows\System\RbZtnwT.exe
  C:\Windows\System\RbZtnwT.exe
  2⤵
  PID:904
- C:\Windows\System\fANHwwA.exe
  C:\Windows\System\fANHwwA.exe
  2⤵
  PID:1028
- C:\Windows\System\ELNSUIm.exe
  C:\Windows\System\ELNSUIm.exe
  2⤵
  PID:1584
- C:\Windows\System\bQsTLtt.exe
  C:\Windows\System\bQsTLtt.exe
  2⤵
  PID:2788
- C:\Windows\System\IHbsCCK.exe
  C:\Windows\System\IHbsCCK.exe
  2⤵
  PID:2400
- C:\Windows\System\RDFqZUy.exe
  C:\Windows\System\RDFqZUy.exe
  2⤵
  PID:672
- C:\Windows\System\Scrttdn.exe
  C:\Windows\System\Scrttdn.exe
  2⤵
  PID:2392
- C:\Windows\System\bcZqyGG.exe
  C:\Windows\System\bcZqyGG.exe
  2⤵
  PID:1540
- C:\Windows\System\IqWndmO.exe
  C:\Windows\System\IqWndmO.exe
  2⤵
  PID:2088
- C:\Windows\System\gJssooP.exe
  C:\Windows\System\gJssooP.exe
  2⤵
  PID:2168
- C:\Windows\System\gCnPfEj.exe
  C:\Windows\System\gCnPfEj.exe
  2⤵
  PID:2468
- C:\Windows\System\wmeSLmP.exe
  C:\Windows\System\wmeSLmP.exe
  2⤵
  PID:568
- C:\Windows\System\nWOZsFP.exe
  C:\Windows\System\nWOZsFP.exe
  2⤵
  PID:2696
- C:\Windows\System\ZSytmzw.exe
  C:\Windows\System\ZSytmzw.exe
  2⤵
  PID:1644
- C:\Windows\System\nnepTKi.exe
  C:\Windows\System\nnepTKi.exe
  2⤵
  PID:2692
- C:\Windows\System\BzBTyNN.exe
  C:\Windows\System\BzBTyNN.exe
  2⤵
  PID:348
- C:\Windows\System\QBqhOaP.exe
  C:\Windows\System\QBqhOaP.exe
  2⤵
  PID:1168
- C:\Windows\System\IzSUjSK.exe
  C:\Windows\System\IzSUjSK.exe
  2⤵
  PID:1496
- C:\Windows\System\GldnHyf.exe
  C:\Windows\System\GldnHyf.exe
  2⤵
  PID:2008
- C:\Windows\System\yJFTowl.exe
  C:\Windows\System\yJFTowl.exe
  2⤵
  PID:1860
- C:\Windows\System\CDuGtSG.exe
  C:\Windows\System\CDuGtSG.exe
  2⤵
  PID:2708
- C:\Windows\System\WuIztpu.exe
  C:\Windows\System\WuIztpu.exe
  2⤵
  PID:1812
- C:\Windows\System\mBhfZYu.exe
  C:\Windows\System\mBhfZYu.exe
  2⤵
  PID:1416
- C:\Windows\System\TuSAwZG.exe
  C:\Windows\System\TuSAwZG.exe
  2⤵
  PID:1608
- C:\Windows\System\EOzOzFf.exe
  C:\Windows\System\EOzOzFf.exe
  2⤵
  PID:272
- C:\Windows\System\ZZpzikP.exe
  C:\Windows\System\ZZpzikP.exe
  2⤵
  PID:2464
- C:\Windows\System\XrbMhnI.exe
  C:\Windows\System\XrbMhnI.exe
  2⤵
  PID:1412
- C:\Windows\System\aDMXlHc.exe
  C:\Windows\System\aDMXlHc.exe
  2⤵
  PID:376
- C:\Windows\System\VVvpVzN.exe
  C:\Windows\System\VVvpVzN.exe
  2⤵
  PID:448
- C:\Windows\System\swHBiqX.exe
  C:\Windows\System\swHBiqX.exe
  2⤵
  PID:2072
- C:\Windows\System\iqReKuz.exe
  C:\Windows\System\iqReKuz.exe
  2⤵
  PID:1660
- C:\Windows\System\zWEMPeP.exe
  C:\Windows\System\zWEMPeP.exe
  2⤵
  PID:2704
- C:\Windows\System\WpZBTWu.exe
  C:\Windows\System\WpZBTWu.exe
  2⤵
  PID:896
- C:\Windows\System\FoQPWpk.exe
  C:\Windows\System\FoQPWpk.exe
  2⤵
  PID:2716
- C:\Windows\System\bCOgrdb.exe
  C:\Windows\System\bCOgrdb.exe
  2⤵
  PID:1744
- C:\Windows\System\ooHFkyv.exe
  C:\Windows\System\ooHFkyv.exe
  2⤵
  PID:2732
- C:\Windows\System\PGMZIJY.exe
  C:\Windows\System\PGMZIJY.exe
  2⤵
  PID:2948
- C:\Windows\System\UnXrWpS.exe
  C:\Windows\System\UnXrWpS.exe
  2⤵
  PID:3084
- C:\Windows\System\KMNJhes.exe
  C:\Windows\System\KMNJhes.exe
  2⤵
  PID:3104
- C:\Windows\System\UWOWLbk.exe
  C:\Windows\System\UWOWLbk.exe
  2⤵
  PID:3124
- C:\Windows\System\NIsHWXh.exe
  C:\Windows\System\NIsHWXh.exe
  2⤵
  PID:3144
- C:\Windows\System\PofIChU.exe
  C:\Windows\System\PofIChU.exe
  2⤵
  PID:3164
- C:\Windows\System\hhrQvZw.exe
  C:\Windows\System\hhrQvZw.exe
  2⤵
  PID:3184
- C:\Windows\System\sJZiSuM.exe
  C:\Windows\System\sJZiSuM.exe
  2⤵
  PID:3200
- C:\Windows\System\RFwRYEa.exe
  C:\Windows\System\RFwRYEa.exe
  2⤵
  PID:3220
- C:\Windows\System\eyZCmDT.exe
  C:\Windows\System\eyZCmDT.exe
  2⤵
  PID:3240
- C:\Windows\System\nzfklBU.exe
  C:\Windows\System\nzfklBU.exe
  2⤵
  PID:3264
- C:\Windows\System\gvRFgHn.exe
  C:\Windows\System\gvRFgHn.exe
  2⤵
  PID:3280
- C:\Windows\System\VEWQZnf.exe
  C:\Windows\System\VEWQZnf.exe
  2⤵
  PID:3304
- C:\Windows\System\iqdPXMw.exe
  C:\Windows\System\iqdPXMw.exe
  2⤵
  PID:3320
- C:\Windows\System\mZlTips.exe
  C:\Windows\System\mZlTips.exe
  2⤵
  PID:3344
- C:\Windows\System\IHVKmGt.exe
  C:\Windows\System\IHVKmGt.exe
  2⤵
  PID:3364
- C:\Windows\System\CkNxeNE.exe
  C:\Windows\System\CkNxeNE.exe
  2⤵
  PID:3384
- C:\Windows\System\XQgFrbg.exe
  C:\Windows\System\XQgFrbg.exe
  2⤵
  PID:3400
- C:\Windows\System\yjqysBv.exe
  C:\Windows\System\yjqysBv.exe
  2⤵
  PID:3420
- C:\Windows\System\nVaGenI.exe
  C:\Windows\System\nVaGenI.exe
  2⤵
  PID:3440
- C:\Windows\System\TJaJepJ.exe
  C:\Windows\System\TJaJepJ.exe
  2⤵
  PID:3460
- C:\Windows\System\FDTDFig.exe
  C:\Windows\System\FDTDFig.exe
  2⤵
  PID:3480
- C:\Windows\System\fFMlnqv.exe
  C:\Windows\System\fFMlnqv.exe
  2⤵
  PID:3500
- C:\Windows\System\yVeIOco.exe
  C:\Windows\System\yVeIOco.exe
  2⤵
  PID:3520
- C:\Windows\System\MhrelVU.exe
  C:\Windows\System\MhrelVU.exe
  2⤵
  PID:3540
- C:\Windows\System\DxAhjKN.exe
  C:\Windows\System\DxAhjKN.exe
  2⤵
  PID:3560
- C:\Windows\System\OpNiGvZ.exe
  C:\Windows\System\OpNiGvZ.exe
  2⤵
  PID:3580
- C:\Windows\System\AKzqDQN.exe
  C:\Windows\System\AKzqDQN.exe
  2⤵
  PID:3604
- C:\Windows\System\lsxofnW.exe
  C:\Windows\System\lsxofnW.exe
  2⤵
  PID:3628
- C:\Windows\System\WDlPOZJ.exe
  C:\Windows\System\WDlPOZJ.exe
  2⤵
  PID:3648
- C:\Windows\System\DujIdTX.exe
  C:\Windows\System\DujIdTX.exe
  2⤵
  PID:3672
- C:\Windows\System\jfrUKgA.exe
  C:\Windows\System\jfrUKgA.exe
  2⤵
  PID:3688
- C:\Windows\System\oGOAeVO.exe
  C:\Windows\System\oGOAeVO.exe
  2⤵
  PID:3708
- C:\Windows\System\IFRyGlL.exe
  C:\Windows\System\IFRyGlL.exe
  2⤵
  PID:3728
- C:\Windows\System\wcMkNSw.exe
  C:\Windows\System\wcMkNSw.exe
  2⤵
  PID:3752
- C:\Windows\System\AiAFCbZ.exe
  C:\Windows\System\AiAFCbZ.exe
  2⤵
  PID:3772
- C:\Windows\System\bUSjbbz.exe
  C:\Windows\System\bUSjbbz.exe
  2⤵
  PID:3792
- C:\Windows\System\WWFIrVi.exe
  C:\Windows\System\WWFIrVi.exe
  2⤵
  PID:3812
- C:\Windows\System\ayXZiqr.exe
  C:\Windows\System\ayXZiqr.exe
  2⤵
  PID:3832
- C:\Windows\System\zzFnhWv.exe
  C:\Windows\System\zzFnhWv.exe
  2⤵
  PID:3852
- C:\Windows\System\RunxqPa.exe
  C:\Windows\System\RunxqPa.exe
  2⤵
  PID:3872
- C:\Windows\System\VZPjtzc.exe
  C:\Windows\System\VZPjtzc.exe
  2⤵
  PID:3892
- C:\Windows\System\EEoZyjN.exe
  C:\Windows\System\EEoZyjN.exe
  2⤵
  PID:3912
- C:\Windows\System\ZNylUef.exe
  C:\Windows\System\ZNylUef.exe
  2⤵
  PID:3932
- C:\Windows\System\yNKgmMp.exe
  C:\Windows\System\yNKgmMp.exe
  2⤵
  PID:3952
- C:\Windows\System\IJwobnQ.exe
  C:\Windows\System\IJwobnQ.exe
  2⤵
  PID:3972
- C:\Windows\System\afiqfcx.exe
  C:\Windows\System\afiqfcx.exe
  2⤵
  PID:3992
- C:\Windows\System\XmoUweO.exe
  C:\Windows\System\XmoUweO.exe
  2⤵
  PID:4012
- C:\Windows\System\RcPRzEz.exe
  C:\Windows\System\RcPRzEz.exe
  2⤵
  PID:4032
- C:\Windows\System\nrNPKhu.exe
  C:\Windows\System\nrNPKhu.exe
  2⤵
  PID:4052
- C:\Windows\System\dGJYdbA.exe
  C:\Windows\System\dGJYdbA.exe
  2⤵
  PID:4072
- C:\Windows\System\nQelwAo.exe
  C:\Windows\System\nQelwAo.exe
  2⤵
  PID:1956
- C:\Windows\System\SALXerH.exe
  C:\Windows\System\SALXerH.exe
  2⤵
  PID:2584
- C:\Windows\System\wWNNliw.exe
  C:\Windows\System\wWNNliw.exe
  2⤵
  PID:2772
- C:\Windows\System\ElRhmzA.exe
  C:\Windows\System\ElRhmzA.exe
  2⤵
  PID:112
- C:\Windows\System\miunWpB.exe
  C:\Windows\System\miunWpB.exe
  2⤵
  PID:3100
- C:\Windows\System\QYyJNMe.exe
  C:\Windows\System\QYyJNMe.exe
  2⤵
  PID:2840
- C:\Windows\System\GLSzuuz.exe
  C:\Windows\System\GLSzuuz.exe
  2⤵
  PID:3076
- C:\Windows\System\ATVEXMr.exe
  C:\Windows\System\ATVEXMr.exe
  2⤵
  PID:3208
- C:\Windows\System\oYNklTH.exe
  C:\Windows\System\oYNklTH.exe
  2⤵
  PID:3160
- C:\Windows\System\sqrWSiQ.exe
  C:\Windows\System\sqrWSiQ.exe
  2⤵
  PID:3192
- C:\Windows\System\brHJTUV.exe
  C:\Windows\System\brHJTUV.exe
  2⤵
  PID:3228
- C:\Windows\System\hWUBwlw.exe
  C:\Windows\System\hWUBwlw.exe
  2⤵
  PID:3292
- C:\Windows\System\xmcoGaY.exe
  C:\Windows\System\xmcoGaY.exe
  2⤵
  PID:3276
- C:\Windows\System\bDJiJyz.exe
  C:\Windows\System\bDJiJyz.exe
  2⤵
  PID:332
- C:\Windows\System\tNKUtqr.exe
  C:\Windows\System\tNKUtqr.exe
  2⤵
  PID:3352
- C:\Windows\System\UhfTiSm.exe
  C:\Windows\System\UhfTiSm.exe
  2⤵
  PID:3396
- C:\Windows\System\AMVvHeD.exe
  C:\Windows\System\AMVvHeD.exe
  2⤵
  PID:3528
- C:\Windows\System\oXbjgSP.exe
  C:\Windows\System\oXbjgSP.exe
  2⤵
  PID:3432
- C:\Windows\System\VfJxeel.exe
  C:\Windows\System\VfJxeel.exe
  2⤵
  PID:3508
- C:\Windows\System\ULJPgWq.exe
  C:\Windows\System\ULJPgWq.exe
  2⤵
  PID:3620
- C:\Windows\System\zYwHAEp.exe
  C:\Windows\System\zYwHAEp.exe
  2⤵
  PID:3552
- C:\Windows\System\dVkLJDe.exe
  C:\Windows\System\dVkLJDe.exe
  2⤵
  PID:3664
- C:\Windows\System\hXuDVBz.exe
  C:\Windows\System\hXuDVBz.exe
  2⤵
  PID:3696
- C:\Windows\System\bXnGnOy.exe
  C:\Windows\System\bXnGnOy.exe
  2⤵
  PID:3736
- C:\Windows\System\UsMUkjX.exe
  C:\Windows\System\UsMUkjX.exe
  2⤵
  PID:3716
- C:\Windows\System\VzUpgSQ.exe
  C:\Windows\System\VzUpgSQ.exe
  2⤵
  PID:3760
- C:\Windows\System\EMqmHOO.exe
  C:\Windows\System\EMqmHOO.exe
  2⤵
  PID:3800
- C:\Windows\System\hIFceNe.exe
  C:\Windows\System\hIFceNe.exe
  2⤵
  PID:3868
- C:\Windows\System\rQWBRoR.exe
  C:\Windows\System\rQWBRoR.exe
  2⤵
  PID:3844
- C:\Windows\System\JjPamuW.exe
  C:\Windows\System\JjPamuW.exe
  2⤵
  PID:3940
- C:\Windows\System\ScvSubT.exe
  C:\Windows\System\ScvSubT.exe
  2⤵
  PID:3920
- C:\Windows\System\oiWEseS.exe
  C:\Windows\System\oiWEseS.exe
  2⤵
  PID:2052
- C:\Windows\System\VIRSfva.exe
  C:\Windows\System\VIRSfva.exe
  2⤵
  PID:4020
- C:\Windows\System\RfvOJFe.exe
  C:\Windows\System\RfvOJFe.exe
  2⤵
  PID:3964
- C:\Windows\System\VfMuZrX.exe
  C:\Windows\System\VfMuZrX.exe
  2⤵
  PID:4024
- C:\Windows\System\VSOHdOg.exe
  C:\Windows\System\VSOHdOg.exe
  2⤵
  PID:4044
- C:\Windows\System\dpQfAoz.exe
  C:\Windows\System\dpQfAoz.exe
  2⤵
  PID:1876
- C:\Windows\System\dUJJFsZ.exe
  C:\Windows\System\dUJJFsZ.exe
  2⤵
  PID:2768
- C:\Windows\System\xemnYgl.exe
  C:\Windows\System\xemnYgl.exe
  2⤵
  PID:2488
- C:\Windows\System\FujLyls.exe
  C:\Windows\System\FujLyls.exe
  2⤵
  PID:3140
- C:\Windows\System\JeVWypz.exe
  C:\Windows\System\JeVWypz.exe
  2⤵
  PID:3180
- C:\Windows\System\UUJjwDU.exe
  C:\Windows\System\UUJjwDU.exe
  2⤵
  PID:3248
- C:\Windows\System\HWSsuNa.exe
  C:\Windows\System\HWSsuNa.exe
  2⤵
  PID:3236
- C:\Windows\System\oissiIc.exe
  C:\Windows\System\oissiIc.exe
  2⤵
  PID:3376
- C:\Windows\System\KxthDrM.exe
  C:\Windows\System\KxthDrM.exe
  2⤵
  PID:3356
- C:\Windows\System\ZmAWhyr.exe
  C:\Windows\System\ZmAWhyr.exe
  2⤵
  PID:3488
- C:\Windows\System\nyqdLyz.exe
  C:\Windows\System\nyqdLyz.exe
  2⤵
  PID:3492
- C:\Windows\System\lmtKfwv.exe
  C:\Windows\System\lmtKfwv.exe
  2⤵
  PID:3576
- C:\Windows\System\DIKJVjN.exe
  C:\Windows\System\DIKJVjN.exe
  2⤵
  PID:3548
- C:\Windows\System\NkxyOZx.exe
  C:\Windows\System\NkxyOZx.exe
  2⤵
  PID:3636
- C:\Windows\System\MMnulNF.exe
  C:\Windows\System\MMnulNF.exe
  2⤵
  PID:3640
- C:\Windows\System\WvRZEyC.exe
  C:\Windows\System\WvRZEyC.exe
  2⤵
  PID:3740
- C:\Windows\System\cDwToae.exe
  C:\Windows\System\cDwToae.exe
  2⤵
  PID:3824
- C:\Windows\System\lmCKLTZ.exe
  C:\Windows\System\lmCKLTZ.exe
  2⤵
  PID:3908
- C:\Windows\System\jzNMWDe.exe
  C:\Windows\System\jzNMWDe.exe
  2⤵
  PID:3864
- C:\Windows\System\FnehioO.exe
  C:\Windows\System\FnehioO.exe
  2⤵
  PID:3668
- C:\Windows\System\ewixAdN.exe
  C:\Windows\System\ewixAdN.exe
  2⤵
  PID:4064
- C:\Windows\System\LQSOrjW.exe
  C:\Windows\System\LQSOrjW.exe
  2⤵
  PID:4068
- C:\Windows\System\RYUJqWK.exe
  C:\Windows\System\RYUJqWK.exe
  2⤵
  PID:596
- C:\Windows\System\jKxyWFH.exe
  C:\Windows\System\jKxyWFH.exe
  2⤵
  PID:3656
- C:\Windows\System\QqHZBZO.exe
  C:\Windows\System\QqHZBZO.exe
  2⤵
  PID:2360
- C:\Windows\System\GuiTvIv.exe
  C:\Windows\System\GuiTvIv.exe
  2⤵
  PID:3316
- C:\Windows\System\smKCXdg.exe
  C:\Windows\System\smKCXdg.exe
  2⤵
  PID:2136
- C:\Windows\System\DiNleTp.exe
  C:\Windows\System\DiNleTp.exe
  2⤵
  PID:3416
- C:\Windows\System\AfIEQWH.exe
  C:\Windows\System\AfIEQWH.exe
  2⤵
  PID:3468
- C:\Windows\System\LsUHCdV.exe
  C:\Windows\System\LsUHCdV.exe
  2⤵
  PID:3472
- C:\Windows\System\kkTYeKC.exe
  C:\Windows\System\kkTYeKC.exe
  2⤵
  PID:540
- C:\Windows\System\bIVExKo.exe
  C:\Windows\System\bIVExKo.exe
  2⤵
  PID:3684
- C:\Windows\System\QIcOAUN.exe
  C:\Windows\System\QIcOAUN.exe
  2⤵
  PID:3644
- C:\Windows\System\XkkiRIK.exe
  C:\Windows\System\XkkiRIK.exe
  2⤵
  PID:3944
- C:\Windows\System\nxIBovE.exe
  C:\Windows\System\nxIBovE.exe
  2⤵
  PID:3820
- C:\Windows\System\FUKWKqV.exe
  C:\Windows\System\FUKWKqV.exe
  2⤵
  PID:3984
- C:\Windows\System\vnvdRXw.exe
  C:\Windows\System\vnvdRXw.exe
  2⤵
  PID:3884
- C:\Windows\System\ZZNmpKB.exe
  C:\Windows\System\ZZNmpKB.exe
  2⤵
  PID:4008
- C:\Windows\System\inPhDty.exe
  C:\Windows\System\inPhDty.exe
  2⤵
  PID:3156
- C:\Windows\System\xOcsggZ.exe
  C:\Windows\System\xOcsggZ.exe
  2⤵
  PID:2368
- C:\Windows\System\RbMvhVQ.exe
  C:\Windows\System\RbMvhVQ.exe
  2⤵
  PID:3392
- C:\Windows\System\VZTMefu.exe
  C:\Windows\System\VZTMefu.exe
  2⤵
  PID:3336
- C:\Windows\System\uFxNZQx.exe
  C:\Windows\System\uFxNZQx.exe
  2⤵
  PID:1928
- C:\Windows\System\xhMNsOK.exe
  C:\Windows\System\xhMNsOK.exe
  2⤵
  PID:3780
- C:\Windows\System\JilOSDq.exe
  C:\Windows\System\JilOSDq.exe
  2⤵
  PID:3788
- C:\Windows\System\tUXywzH.exe
  C:\Windows\System\tUXywzH.exe
  2⤵
  PID:3988
- C:\Windows\System\AzwAeJS.exe
  C:\Windows\System\AzwAeJS.exe
  2⤵
  PID:1588
- C:\Windows\System\UKATsWI.exe
  C:\Windows\System\UKATsWI.exe
  2⤵
  PID:1516
- C:\Windows\System\UJvjYbx.exe
  C:\Windows\System\UJvjYbx.exe
  2⤵
  PID:4084
- C:\Windows\System\faqAmNd.exe
  C:\Windows\System\faqAmNd.exe
  2⤵
  PID:3096
- C:\Windows\System\fikkKQC.exe
  C:\Windows\System\fikkKQC.exe
  2⤵
  PID:1908
- C:\Windows\System\lKPUyIP.exe
  C:\Windows\System\lKPUyIP.exe
  2⤵
  PID:2080
- C:\Windows\System\edoIatP.exe
  C:\Windows\System\edoIatP.exe
  2⤵
  PID:2328
- C:\Windows\System\AZKhwZz.exe
  C:\Windows\System\AZKhwZz.exe
  2⤵
  PID:3848
- C:\Windows\System\MLBGOzk.exe
  C:\Windows\System\MLBGOzk.exe
  2⤵
  PID:3904
- C:\Windows\System\dLzUBPo.exe
  C:\Windows\System\dLzUBPo.exe
  2⤵
  PID:3532
- C:\Windows\System\lHjsQjQ.exe
  C:\Windows\System\lHjsQjQ.exe
  2⤵
  PID:3252
- C:\Windows\System\OMHkMZx.exe
  C:\Windows\System\OMHkMZx.exe
  2⤵
  PID:3260
- C:\Windows\System\cPCTqLF.exe
  C:\Windows\System\cPCTqLF.exe
  2⤵
  PID:4040
- C:\Windows\System\STLxaJY.exe
  C:\Windows\System\STLxaJY.exe
  2⤵
  PID:3428
- C:\Windows\System\cDnLSml.exe
  C:\Windows\System\cDnLSml.exe
  2⤵
  PID:2252
- C:\Windows\System\FMomuZN.exe
  C:\Windows\System\FMomuZN.exe
  2⤵
  PID:2820
- C:\Windows\System\VrruMDP.exe
  C:\Windows\System\VrruMDP.exe
  2⤵
  PID:1684
- C:\Windows\System\wjjPmwy.exe
  C:\Windows\System\wjjPmwy.exe
  2⤵
  PID:1288
- C:\Windows\System\jMKOrJg.exe
  C:\Windows\System\jMKOrJg.exe
  2⤵
  PID:3784
- C:\Windows\System\TUeJUpF.exe
  C:\Windows\System\TUeJUpF.exe
  2⤵
  PID:4108
- C:\Windows\System\ihRtCHb.exe
  C:\Windows\System\ihRtCHb.exe
  2⤵
  PID:4132
- C:\Windows\System\HpVivYN.exe
  C:\Windows\System\HpVivYN.exe
  2⤵
  PID:4148
- C:\Windows\System\QARAkwJ.exe
  C:\Windows\System\QARAkwJ.exe
  2⤵
  PID:4164
- C:\Windows\System\DDBRyvc.exe
  C:\Windows\System\DDBRyvc.exe
  2⤵
  PID:4192
- C:\Windows\System\NqyOGfj.exe
  C:\Windows\System\NqyOGfj.exe
  2⤵
  PID:4208
- C:\Windows\System\mrLuRgR.exe
  C:\Windows\System\mrLuRgR.exe
  2⤵
  PID:4224
- C:\Windows\System\TpEWlAT.exe
  C:\Windows\System\TpEWlAT.exe
  2⤵
  PID:4240
- C:\Windows\System\PKEJcSk.exe
  C:\Windows\System\PKEJcSk.exe
  2⤵
  PID:4256
- C:\Windows\System\VSXoycp.exe
  C:\Windows\System\VSXoycp.exe
  2⤵
  PID:4276
- C:\Windows\System\WrDQFjM.exe
  C:\Windows\System\WrDQFjM.exe
  2⤵
  PID:4296
- C:\Windows\System\juGLomg.exe
  C:\Windows\System\juGLomg.exe
  2⤵
  PID:4312
- C:\Windows\System\LPBJaYq.exe
  C:\Windows\System\LPBJaYq.exe
  2⤵
  PID:4332
- C:\Windows\System\IioiacA.exe
  C:\Windows\System\IioiacA.exe
  2⤵
  PID:4348
- C:\Windows\System\GAGamFm.exe
  C:\Windows\System\GAGamFm.exe
  2⤵
  PID:4364
- C:\Windows\System\dmXLUnG.exe
  C:\Windows\System\dmXLUnG.exe
  2⤵
  PID:4384
- C:\Windows\System\JsnVzeF.exe
  C:\Windows\System\JsnVzeF.exe
  2⤵
  PID:4404
- C:\Windows\System\dsaJPId.exe
  C:\Windows\System\dsaJPId.exe
  2⤵
  PID:4424
- C:\Windows\System\OOEJwGl.exe
  C:\Windows\System\OOEJwGl.exe
  2⤵
  PID:4448
- C:\Windows\System\IXvWcXg.exe
  C:\Windows\System\IXvWcXg.exe
  2⤵
  PID:4472
- C:\Windows\System\XaLAdHk.exe
  C:\Windows\System\XaLAdHk.exe
  2⤵
  PID:4488
- C:\Windows\System\bHekdwk.exe
  C:\Windows\System\bHekdwk.exe
  2⤵
  PID:4540
- C:\Windows\System\xuroJAV.exe
  C:\Windows\System\xuroJAV.exe
  2⤵
  PID:4560
- C:\Windows\System\LdqOLIv.exe
  C:\Windows\System\LdqOLIv.exe
  2⤵
  PID:4576
- C:\Windows\System\jUDdrOI.exe
  C:\Windows\System\jUDdrOI.exe
  2⤵
  PID:4592
- C:\Windows\System\DsLlumJ.exe
  C:\Windows\System\DsLlumJ.exe
  2⤵
  PID:4608
- C:\Windows\System\lVKWUzI.exe
  C:\Windows\System\lVKWUzI.exe
  2⤵
  PID:4624
- C:\Windows\System\ePRsPOx.exe
  C:\Windows\System\ePRsPOx.exe
  2⤵
  PID:4640
- C:\Windows\System\neteAXS.exe
  C:\Windows\System\neteAXS.exe
  2⤵
  PID:4656
- C:\Windows\System\pfYxjiL.exe
  C:\Windows\System\pfYxjiL.exe
  2⤵
  PID:4680
- C:\Windows\System\TDvxsvs.exe
  C:\Windows\System\TDvxsvs.exe
  2⤵
  PID:4696
- C:\Windows\System\KRyNETr.exe
  C:\Windows\System\KRyNETr.exe
  2⤵
  PID:4716
- C:\Windows\System\kcMyvHD.exe
  C:\Windows\System\kcMyvHD.exe
  2⤵
  PID:4732
- C:\Windows\System\QNfrfBf.exe
  C:\Windows\System\QNfrfBf.exe
  2⤵
  PID:4748
- C:\Windows\System\JeqIuFh.exe
  C:\Windows\System\JeqIuFh.exe
  2⤵
  PID:4768
- C:\Windows\System\OvQPZlo.exe
  C:\Windows\System\OvQPZlo.exe
  2⤵
  PID:4784
- C:\Windows\System\BnbeOKU.exe
  C:\Windows\System\BnbeOKU.exe
  2⤵
  PID:4800
- C:\Windows\System\nPGvXoL.exe
  C:\Windows\System\nPGvXoL.exe
  2⤵
  PID:4820
- C:\Windows\System\pHeRTRi.exe
  C:\Windows\System\pHeRTRi.exe
  2⤵
  PID:4840
- C:\Windows\System\YOmhdOq.exe
  C:\Windows\System\YOmhdOq.exe
  2⤵
  PID:4856
- C:\Windows\System\osAlWWt.exe
  C:\Windows\System\osAlWWt.exe
  2⤵
  PID:4872
- C:\Windows\System\dckaiOu.exe
  C:\Windows\System\dckaiOu.exe
  2⤵
  PID:4892
- C:\Windows\System\RTOXfHx.exe
  C:\Windows\System\RTOXfHx.exe
  2⤵
  PID:4912
- C:\Windows\System\bJszPzi.exe
  C:\Windows\System\bJszPzi.exe
  2⤵
  PID:4928
- C:\Windows\System\SwPQYII.exe
  C:\Windows\System\SwPQYII.exe
  2⤵
  PID:4952
- C:\Windows\System\gsOgMDv.exe
  C:\Windows\System\gsOgMDv.exe
  2⤵
  PID:4996
- C:\Windows\System\lumBGoW.exe
  C:\Windows\System\lumBGoW.exe
  2⤵
  PID:5012
- C:\Windows\System\ERrSZye.exe
  C:\Windows\System\ERrSZye.exe
  2⤵
  PID:5028
- C:\Windows\System\ujeNlld.exe
  C:\Windows\System\ujeNlld.exe
  2⤵
  PID:5044
- C:\Windows\System\UMdFoon.exe
  C:\Windows\System\UMdFoon.exe
  2⤵
  PID:5060
- C:\Windows\System\znkZuCF.exe
  C:\Windows\System\znkZuCF.exe
  2⤵
  PID:3060
- C:\Windows\System\MKmmbGL.exe
  C:\Windows\System\MKmmbGL.exe
  2⤵
  PID:4100
- C:\Windows\System\mCQFgkQ.exe
  C:\Windows\System\mCQFgkQ.exe
  2⤵
  PID:2824
- C:\Windows\System\gGmIYKq.exe
  C:\Windows\System\gGmIYKq.exe
  2⤵
  PID:1900
- C:\Windows\System\RrAsHoi.exe
  C:\Windows\System\RrAsHoi.exe
  2⤵
  PID:4124
- C:\Windows\System\KZAqhXo.exe
  C:\Windows\System\KZAqhXo.exe
  2⤵
  PID:2004
- C:\Windows\System\AghHebA.exe
  C:\Windows\System\AghHebA.exe
  2⤵
  PID:2296
- C:\Windows\System\BZFQvxo.exe
  C:\Windows\System\BZFQvxo.exe
  2⤵
  PID:3332
- C:\Windows\System\DnvyUbI.exe
  C:\Windows\System\DnvyUbI.exe
  2⤵
  PID:3272
- C:\Windows\System\VviaZgn.exe
  C:\Windows\System\VviaZgn.exe
  2⤵
  PID:4160
- C:\Windows\System\lENVIWb.exe
  C:\Windows\System\lENVIWb.exe
  2⤵
  PID:4172
- C:\Windows\System\foEnWmi.exe
  C:\Windows\System\foEnWmi.exe
  2⤵
  PID:4216
- C:\Windows\System\wdmMjxs.exe
  C:\Windows\System\wdmMjxs.exe
  2⤵
  PID:4400
- C:\Windows\System\ImotTKT.exe
  C:\Windows\System\ImotTKT.exe
  2⤵
  PID:4444
- C:\Windows\System\qtJgOhO.exe
  C:\Windows\System\qtJgOhO.exe
  2⤵
  PID:4268
- C:\Windows\System\aejbSHM.exe
  C:\Windows\System\aejbSHM.exe
  2⤵
  PID:4340
- C:\Windows\System\prgCanM.exe
  C:\Windows\System\prgCanM.exe
  2⤵
  PID:4420
- C:\Windows\System\kRnDBGc.exe
  C:\Windows\System\kRnDBGc.exe
  2⤵
  PID:4504
- C:\Windows\System\dFxTRAd.exe
  C:\Windows\System\dFxTRAd.exe
  2⤵
  PID:4516
- C:\Windows\System\knMWRwU.exe
  C:\Windows\System\knMWRwU.exe
  2⤵
  PID:4416
- C:\Windows\System\RsUFcym.exe
  C:\Windows\System\RsUFcym.exe
  2⤵
  PID:4500
- C:\Windows\System\ogYeUAw.exe
  C:\Windows\System\ogYeUAw.exe
  2⤵
  PID:4556
- C:\Windows\System\ejxqhcV.exe
  C:\Windows\System\ejxqhcV.exe
  2⤵
  PID:4584
- C:\Windows\System\WIEPxvV.exe
  C:\Windows\System\WIEPxvV.exe
  2⤵
  PID:4652
- C:\Windows\System\VfgixmH.exe
  C:\Windows\System\VfgixmH.exe
  2⤵
  PID:4688
- C:\Windows\System\DxwqhjU.exe
  C:\Windows\System\DxwqhjU.exe
  2⤵
  PID:4796
- C:\Windows\System\TQVnTfx.exe
  C:\Windows\System\TQVnTfx.exe
  2⤵
  PID:4836
- C:\Windows\System\pRjPOGo.exe
  C:\Windows\System\pRjPOGo.exe
  2⤵
  PID:4940
- C:\Windows\System\QyYdGfm.exe
  C:\Windows\System\QyYdGfm.exe
  2⤵
  PID:4960
- C:\Windows\System\FLiWmFl.exe
  C:\Windows\System\FLiWmFl.exe
  2⤵
  PID:4816
- C:\Windows\System\bVThqrR.exe
  C:\Windows\System\bVThqrR.exe
  2⤵
  PID:4880
- C:\Windows\System\eXMRCiD.exe
  C:\Windows\System\eXMRCiD.exe
  2⤵
  PID:4920
- C:\Windows\System\pafYrMG.exe
  C:\Windows\System\pafYrMG.exe
  2⤵
  PID:4972
- C:\Windows\System\HrLBfLu.exe
  C:\Windows\System\HrLBfLu.exe
  2⤵
  PID:5068
- C:\Windows\System\fmfWhLw.exe
  C:\Windows\System\fmfWhLw.exe
  2⤵
  PID:5092
- C:\Windows\System\HyWhPcm.exe
  C:\Windows\System\HyWhPcm.exe
  2⤵
  PID:5108
- C:\Windows\System\lKOcmGz.exe
  C:\Windows\System\lKOcmGz.exe
  2⤵
  PID:5024
- C:\Windows\System\WrJeqgr.exe
  C:\Windows\System\WrJeqgr.exe
  2⤵
  PID:4116
- C:\Windows\System\dDWajTp.exe
  C:\Windows\System\dDWajTp.exe
  2⤵
  PID:2196
- C:\Windows\System\eBgcCMP.exe
  C:\Windows\System\eBgcCMP.exe
  2⤵
  PID:2344
- C:\Windows\System\Vebjndt.exe
  C:\Windows\System\Vebjndt.exe
  2⤵
  PID:4140
- C:\Windows\System\RPrOShQ.exe
  C:\Windows\System\RPrOShQ.exe
  2⤵
  PID:4292
- C:\Windows\System\eXOGefY.exe
  C:\Windows\System\eXOGefY.exe
  2⤵
  PID:4360
- C:\Windows\System\PeuQjgw.exe
  C:\Windows\System\PeuQjgw.exe
  2⤵
  PID:4264
- C:\Windows\System\XoXjKcE.exe
  C:\Windows\System\XoXjKcE.exe
  2⤵
  PID:4468
- C:\Windows\System\HcBzwbP.exe
  C:\Windows\System\HcBzwbP.exe
  2⤵
  PID:4792
- C:\Windows\System\aJGTxcM.exe
  C:\Windows\System\aJGTxcM.exe
  2⤵
  PID:4828
- C:\Windows\System\HoKEvjd.exe
  C:\Windows\System\HoKEvjd.exe
  2⤵
  PID:4480
- C:\Windows\System\gUGJfJz.exe
  C:\Windows\System\gUGJfJz.exe
  2⤵
  PID:4616
- C:\Windows\System\ubbzkKw.exe
  C:\Windows\System\ubbzkKw.exe
  2⤵
  PID:4528
- C:\Windows\System\BAiOwXF.exe
  C:\Windows\System\BAiOwXF.exe
  2⤵
  PID:4304
- C:\Windows\System\MgLiZCZ.exe
  C:\Windows\System\MgLiZCZ.exe
  2⤵
  PID:4708
- C:\Windows\System\HNKndpU.exe
  C:\Windows\System\HNKndpU.exe
  2⤵
  PID:4848
- C:\Windows\System\TEbLfLy.exe
  C:\Windows\System\TEbLfLy.exe
  2⤵
  PID:4632
- C:\Windows\System\TPnqdMY.exe
  C:\Windows\System\TPnqdMY.exe
  2⤵
  PID:5088
- C:\Windows\System\UlPeUZJ.exe
  C:\Windows\System\UlPeUZJ.exe
  2⤵
  PID:4780
- C:\Windows\System\QErsDgd.exe
  C:\Windows\System\QErsDgd.exe
  2⤵
  PID:5040
- C:\Windows\System\HoGhsul.exe
  C:\Windows\System\HoGhsul.exe
  2⤵
  PID:5100
- C:\Windows\System\OPLryRQ.exe
  C:\Windows\System\OPLryRQ.exe
  2⤵
  PID:5072
- C:\Windows\System\ixmCCMR.exe
  C:\Windows\System\ixmCCMR.exe
  2⤵
  PID:1460
- C:\Windows\System\XGxFkxs.exe
  C:\Windows\System\XGxFkxs.exe
  2⤵
  PID:4320
- C:\Windows\System\ocWZzye.exe
  C:\Windows\System\ocWZzye.exe
  2⤵
  PID:2680
- C:\Windows\System\HxQxMgZ.exe
  C:\Windows\System\HxQxMgZ.exe
  2⤵
  PID:4284
- C:\Windows\System\RBvVToK.exe
  C:\Windows\System\RBvVToK.exe
  2⤵
  PID:4512
- C:\Windows\System\kDEOrgd.exe
  C:\Windows\System\kDEOrgd.exe
  2⤵
  PID:4668
- C:\Windows\System\UZTKkao.exe
  C:\Windows\System\UZTKkao.exe
  2⤵
  PID:4380
- C:\Windows\System\TVrYLlo.exe
  C:\Windows\System\TVrYLlo.exe
  2⤵
  PID:4764
- C:\Windows\System\KiiXloM.exe
  C:\Windows\System\KiiXloM.exe
  2⤵
  PID:4728
- C:\Windows\System\LQavQDg.exe
  C:\Windows\System\LQavQDg.exe
  2⤵
  PID:4948
- C:\Windows\System\iqJoSPL.exe
  C:\Windows\System\iqJoSPL.exe
  2⤵
  PID:4676
- C:\Windows\System\PGiZOTT.exe
  C:\Windows\System\PGiZOTT.exe
  2⤵
  PID:4636
- C:\Windows\System\yBwsybG.exe
  C:\Windows\System\yBwsybG.exe
  2⤵
  PID:5036
- C:\Windows\System\LhsKQzW.exe
  C:\Windows\System\LhsKQzW.exe
  2⤵
  PID:4092
- C:\Windows\System\yEsnyQK.exe
  C:\Windows\System\yEsnyQK.exe
  2⤵
  PID:5052
- C:\Windows\System\zfGkfAW.exe
  C:\Windows\System\zfGkfAW.exe
  2⤵
  PID:4248
- C:\Windows\System\pBMjQDW.exe
  C:\Windows\System\pBMjQDW.exe
  2⤵
  PID:4568
- C:\Windows\System\JXEjroK.exe
  C:\Windows\System\JXEjroK.exe
  2⤵
  PID:4868
- C:\Windows\System\JCTfoxg.exe
  C:\Windows\System\JCTfoxg.exe
  2⤵
  PID:4664
- C:\Windows\System\PeqDMsz.exe
  C:\Windows\System\PeqDMsz.exe
  2⤵
  PID:4356
- C:\Windows\System\lTyUenK.exe
  C:\Windows\System\lTyUenK.exe
  2⤵
  PID:4184
- C:\Windows\System\mgaZBXB.exe
  C:\Windows\System\mgaZBXB.exe
  2⤵
  PID:5008
- C:\Windows\System\BYjohGu.exe
  C:\Windows\System\BYjohGu.exe
  2⤵
  PID:4984
- C:\Windows\System\OlZQqBx.exe
  C:\Windows\System\OlZQqBx.exe
  2⤵
  PID:4200
- C:\Windows\System\YYHQfXN.exe
  C:\Windows\System\YYHQfXN.exe
  2⤵
  PID:1616
- C:\Windows\System\KJnGuzz.exe
  C:\Windows\System\KJnGuzz.exe
  2⤵
  PID:4188
- C:\Windows\System\MRLuAqk.exe
  C:\Windows\System\MRLuAqk.exe
  2⤵
  PID:3340
- C:\Windows\System\bQdRxVa.exe
  C:\Windows\System\bQdRxVa.exe
  2⤵
  PID:5132
- C:\Windows\System\fhNxyOX.exe
  C:\Windows\System\fhNxyOX.exe
  2⤵
  PID:5148
- C:\Windows\System\ItizGZV.exe
  C:\Windows\System\ItizGZV.exe
  2⤵
  PID:5164
- C:\Windows\System\pFwDdPH.exe
  C:\Windows\System\pFwDdPH.exe
  2⤵
  PID:5184
- C:\Windows\System\eNlmljq.exe
  C:\Windows\System\eNlmljq.exe
  2⤵
  PID:5200
- C:\Windows\System\jQANJuj.exe
  C:\Windows\System\jQANJuj.exe
  2⤵
  PID:5216
- C:\Windows\System\aFltRrC.exe
  C:\Windows\System\aFltRrC.exe
  2⤵
  PID:5232
- C:\Windows\System\pbipMbd.exe
  C:\Windows\System\pbipMbd.exe
  2⤵
  PID:5248
- C:\Windows\System\mwIjQIR.exe
  C:\Windows\System\mwIjQIR.exe
  2⤵
  PID:5264
- C:\Windows\System\mheBRRb.exe
  C:\Windows\System\mheBRRb.exe
  2⤵
  PID:5280
- C:\Windows\System\fyxHXXO.exe
  C:\Windows\System\fyxHXXO.exe
  2⤵
  PID:5296
- C:\Windows\System\nYMBdeJ.exe
  C:\Windows\System\nYMBdeJ.exe
  2⤵
  PID:5312
- C:\Windows\System\lwzrlzv.exe
  C:\Windows\System\lwzrlzv.exe
  2⤵
  PID:5328
- C:\Windows\System\XPlDnjE.exe
  C:\Windows\System\XPlDnjE.exe
  2⤵
  PID:5344
- C:\Windows\System\BTYZHjd.exe
  C:\Windows\System\BTYZHjd.exe
  2⤵
  PID:5360
- C:\Windows\System\AbUGStM.exe
  C:\Windows\System\AbUGStM.exe
  2⤵
  PID:5376
- C:\Windows\System\FzEQVfu.exe
  C:\Windows\System\FzEQVfu.exe
  2⤵
  PID:5392
- C:\Windows\System\slFyDCI.exe
  C:\Windows\System\slFyDCI.exe
  2⤵
  PID:5408
- C:\Windows\System\VqHrfeg.exe
  C:\Windows\System\VqHrfeg.exe
  2⤵
  PID:5424
- C:\Windows\System\lMgBbzj.exe
  C:\Windows\System\lMgBbzj.exe
  2⤵
  PID:5440
- C:\Windows\System\wrrtWnV.exe
  C:\Windows\System\wrrtWnV.exe
  2⤵
  PID:5460
- C:\Windows\System\qxukmFe.exe
  C:\Windows\System\qxukmFe.exe
  2⤵
  PID:5476
- C:\Windows\System\BkpTQOg.exe
  C:\Windows\System\BkpTQOg.exe
  2⤵
  PID:5492
- C:\Windows\System\DpXhmvV.exe
  C:\Windows\System\DpXhmvV.exe
  2⤵
  PID:5508
- C:\Windows\System\lrapWch.exe
  C:\Windows\System\lrapWch.exe
  2⤵
  PID:5524
- C:\Windows\System\eStJotU.exe
  C:\Windows\System\eStJotU.exe
  2⤵
  PID:5540
- C:\Windows\System\ewDNdRz.exe
  C:\Windows\System\ewDNdRz.exe
  2⤵
  PID:5556
- C:\Windows\System\cQRlqWV.exe
  C:\Windows\System\cQRlqWV.exe
  2⤵
  PID:5572
- C:\Windows\System\zvkJHBw.exe
  C:\Windows\System\zvkJHBw.exe
  2⤵
  PID:5588
- C:\Windows\System\HSiqLLu.exe
  C:\Windows\System\HSiqLLu.exe
  2⤵
  PID:5604
- C:\Windows\System\GzsvevR.exe
  C:\Windows\System\GzsvevR.exe
  2⤵
  PID:5620
- C:\Windows\System\UBMNudk.exe
  C:\Windows\System\UBMNudk.exe
  2⤵
  PID:5640
- C:\Windows\System\YTAaPQL.exe
  C:\Windows\System\YTAaPQL.exe
  2⤵
  PID:5656
- C:\Windows\System\eOyPTou.exe
  C:\Windows\System\eOyPTou.exe
  2⤵
  PID:5672
- C:\Windows\System\WgNpBSc.exe
  C:\Windows\System\WgNpBSc.exe
  2⤵
  PID:5688
- C:\Windows\System\XcpZILN.exe
  C:\Windows\System\XcpZILN.exe
  2⤵
  PID:5704
- C:\Windows\System\dJIcNzO.exe
  C:\Windows\System\dJIcNzO.exe
  2⤵
  PID:5720
- C:\Windows\System\UvYNrPi.exe
  C:\Windows\System\UvYNrPi.exe
  2⤵
  PID:5736
- C:\Windows\System\GfzCRMa.exe
  C:\Windows\System\GfzCRMa.exe
  2⤵
  PID:5752
- C:\Windows\System\PdyoeTk.exe
  C:\Windows\System\PdyoeTk.exe
  2⤵
  PID:5768
- C:\Windows\System\IcZFVqN.exe
  C:\Windows\System\IcZFVqN.exe
  2⤵
  PID:5784
- C:\Windows\System\wIZhPBj.exe
  C:\Windows\System\wIZhPBj.exe
  2⤵
  PID:5800
- C:\Windows\System\walnpAM.exe
  C:\Windows\System\walnpAM.exe
  2⤵
  PID:5816
- C:\Windows\System\VQWvsYk.exe
  C:\Windows\System\VQWvsYk.exe
  2⤵
  PID:5832
- C:\Windows\System\rHlXeiJ.exe
  C:\Windows\System\rHlXeiJ.exe
  2⤵
  PID:5852
- C:\Windows\System\xvvkdEC.exe
  C:\Windows\System\xvvkdEC.exe
  2⤵
  PID:5868
- C:\Windows\System\qFnLYVr.exe
  C:\Windows\System\qFnLYVr.exe
  2⤵
  PID:5944
- C:\Windows\System\mtuidgn.exe
  C:\Windows\System\mtuidgn.exe
  2⤵
  PID:6016
- C:\Windows\System\HgcEaOH.exe
  C:\Windows\System\HgcEaOH.exe
  2⤵
  PID:6044
- C:\Windows\System\yMLcRFl.exe
  C:\Windows\System\yMLcRFl.exe
  2⤵
  PID:6064
- C:\Windows\System\GzdeBzG.exe
  C:\Windows\System\GzdeBzG.exe
  2⤵
  PID:6088
- C:\Windows\System\JpEpPHt.exe
  C:\Windows\System\JpEpPHt.exe
  2⤵
  PID:6120
- C:\Windows\System\pMLvDfA.exe
  C:\Windows\System\pMLvDfA.exe
  2⤵
  PID:5156
- C:\Windows\System\dnxsAXt.exe
  C:\Windows\System\dnxsAXt.exe
  2⤵
  PID:1452
- C:\Windows\System\UiDUCWU.exe
  C:\Windows\System\UiDUCWU.exe
  2⤵
  PID:5144
- C:\Windows\System\wxlFSnD.exe
  C:\Windows\System\wxlFSnD.exe
  2⤵
  PID:5212
- C:\Windows\System\YkBZYlw.exe
  C:\Windows\System\YkBZYlw.exe
  2⤵
  PID:5288
- C:\Windows\System\TdlsXUv.exe
  C:\Windows\System\TdlsXUv.exe
  2⤵
  PID:5352
- C:\Windows\System\NHtjizo.exe
  C:\Windows\System\NHtjizo.exe
  2⤵
  PID:5272
- C:\Windows\System\HnxnJFZ.exe
  C:\Windows\System\HnxnJFZ.exe
  2⤵
  PID:5340
- C:\Windows\System\dDidrPn.exe
  C:\Windows\System\dDidrPn.exe
  2⤵
  PID:5244
- C:\Windows\System\ValYEFv.exe
  C:\Windows\System\ValYEFv.exe
  2⤵
  PID:5400
- C:\Windows\System\PstQvnh.exe
  C:\Windows\System\PstQvnh.exe
  2⤵
  PID:5448
- C:\Windows\System\zhCxZwl.exe
  C:\Windows\System\zhCxZwl.exe
  2⤵
  PID:5488
- C:\Windows\System\suLBlVb.exe
  C:\Windows\System\suLBlVb.exe
  2⤵
  PID:5552
- C:\Windows\System\OMmHUhH.exe
  C:\Windows\System\OMmHUhH.exe
  2⤵
  PID:5500
- C:\Windows\System\qqgYcqd.exe
  C:\Windows\System\qqgYcqd.exe
  2⤵
  PID:5564
- C:\Windows\System\oBXSxKr.exe
  C:\Windows\System\oBXSxKr.exe
  2⤵
  PID:5472
- C:\Windows\System\dravMHh.exe
  C:\Windows\System\dravMHh.exe
  2⤵
  PID:5684
- C:\Windows\System\upLGvUD.exe
  C:\Windows\System\upLGvUD.exe
  2⤵
  PID:5716
- C:\Windows\System\aooXcmH.exe
  C:\Windows\System\aooXcmH.exe
  2⤵
  PID:5780
- C:\Windows\System\LSOozeA.exe
  C:\Windows\System\LSOozeA.exe
  2⤵
  PID:5664
- C:\Windows\System\VTQTBmp.exe
  C:\Windows\System\VTQTBmp.exe
  2⤵
  PID:5728
- C:\Windows\System\RKEEiMi.exe
  C:\Windows\System\RKEEiMi.exe
  2⤵
  PID:5792
- C:\Windows\System\dLwGQzY.exe
  C:\Windows\System\dLwGQzY.exe
  2⤵
  PID:5632
- C:\Windows\System\hxsnngT.exe
  C:\Windows\System\hxsnngT.exe
  2⤵
  PID:5848
- C:\Windows\System\fqwgbdD.exe
  C:\Windows\System\fqwgbdD.exe
  2⤵
  PID:5884
- C:\Windows\System\QEprztz.exe
  C:\Windows\System\QEprztz.exe
  2⤵
  PID:5900
- C:\Windows\System\LZswvug.exe
  C:\Windows\System\LZswvug.exe
  2⤵
  PID:5920
- C:\Windows\System\tebRsqI.exe
  C:\Windows\System\tebRsqI.exe
  2⤵
  PID:5936
- C:\Windows\System\aXnYqxM.exe
  C:\Windows\System\aXnYqxM.exe
  2⤵
  PID:5960
- C:\Windows\System\hvufVxO.exe
  C:\Windows\System\hvufVxO.exe
  2⤵
  PID:5976
- C:\Windows\System\LAcbtVh.exe
  C:\Windows\System\LAcbtVh.exe
  2⤵
  PID:5992
- C:\Windows\System\GiPyHPp.exe
  C:\Windows\System\GiPyHPp.exe
  2⤵
  PID:6004
- C:\Windows\System\OltDafj.exe
  C:\Windows\System\OltDafj.exe
  2⤵
  PID:6060
- C:\Windows\System\beReAUU.exe
  C:\Windows\System\beReAUU.exe
  2⤵
  PID:6080
- C:\Windows\System\kCRIsUE.exe
  C:\Windows\System\kCRIsUE.exe
  2⤵
  PID:6104
- C:\Windows\System\eGqOxMO.exe
  C:\Windows\System\eGqOxMO.exe
  2⤵
  PID:6128
- C:\Windows\System\ZVwRyzm.exe
  C:\Windows\System\ZVwRyzm.exe
  2⤵
  PID:4704
- C:\Windows\System\EWghKEm.exe
  C:\Windows\System\EWghKEm.exe
  2⤵
  PID:5224
- C:\Windows\System\veEKgSt.exe
  C:\Windows\System\veEKgSt.exe
  2⤵
  PID:4600
- C:\Windows\System\nBoJvQN.exe
  C:\Windows\System\nBoJvQN.exe
  2⤵
  PID:5388
- C:\Windows\System\JZLEXYt.exe
  C:\Windows\System\JZLEXYt.exe
  2⤵
  PID:5436
- C:\Windows\System\bgrFLCj.exe
  C:\Windows\System\bgrFLCj.exe
  2⤵
  PID:5176
- C:\Windows\System\eVRofYv.exe
  C:\Windows\System\eVRofYv.exe
  2⤵
  PID:5548
- C:\Windows\System\FhNuxvB.exe
  C:\Windows\System\FhNuxvB.exe
  2⤵
  PID:5456
- C:\Windows\System\izXfILa.exe
  C:\Windows\System\izXfILa.exe
  2⤵
  PID:5532
- C:\Windows\System\LYBCUZS.exe
  C:\Windows\System\LYBCUZS.exe
  2⤵
  PID:5536
- C:\Windows\System\UKPewkM.exe
  C:\Windows\System\UKPewkM.exe
  2⤵
  PID:5696
- C:\Windows\System\dNCSgXN.exe
  C:\Windows\System\dNCSgXN.exe
  2⤵
  PID:5880
- C:\Windows\System\jdEaBaG.exe
  C:\Windows\System\jdEaBaG.exe
  2⤵
  PID:5860
- C:\Windows\System\kZYLyNg.exe
  C:\Windows\System\kZYLyNg.exe
  2⤵
  PID:5912
- C:\Windows\System\eRfwtaw.exe
  C:\Windows\System\eRfwtaw.exe
  2⤵
  PID:5952
- C:\Windows\System\JhtfKAP.exe
  C:\Windows\System\JhtfKAP.exe
  2⤵
  PID:5968
- C:\Windows\System\SvwoCSZ.exe
  C:\Windows\System\SvwoCSZ.exe
  2⤵
  PID:5956
- C:\Windows\System\nCHotWv.exe
  C:\Windows\System\nCHotWv.exe
  2⤵
  PID:6028
- C:\Windows\System\rbSnlcB.exe
  C:\Windows\System\rbSnlcB.exe
  2⤵
  PID:6040
- C:\Windows\System\jPrmnVF.exe
  C:\Windows\System\jPrmnVF.exe
  2⤵
  PID:6136
- C:\Windows\System\CowWuzt.exe
  C:\Windows\System\CowWuzt.exe
  2⤵
  PID:6140
- C:\Windows\System\lEHDprx.exe
  C:\Windows\System\lEHDprx.exe
  2⤵
  PID:5416
- C:\Windows\System\zveNvKd.exe
  C:\Windows\System\zveNvKd.exe
  2⤵
  PID:5308
- C:\Windows\System\ongDdGe.exe
  C:\Windows\System\ongDdGe.exe
  2⤵
  PID:5128
- C:\Windows\System\kOtghkC.exe
  C:\Windows\System\kOtghkC.exe
  2⤵
  PID:5124
- C:\Windows\System\EJWwWFv.exe
  C:\Windows\System\EJWwWFv.exe
  2⤵
  PID:5828
- C:\Windows\System\cXOBDUA.exe
  C:\Windows\System\cXOBDUA.exe
  2⤵
  PID:5844
- C:\Windows\System\JjGhzQI.exe
  C:\Windows\System\JjGhzQI.exe
  2⤵
  PID:5984
- C:\Windows\System\iMQSAdP.exe
  C:\Windows\System\iMQSAdP.exe
  2⤵
  PID:6116
- C:\Windows\System\KixeEGp.exe
  C:\Windows\System\KixeEGp.exe
  2⤵
  PID:5324
- C:\Windows\System\DSwurTH.exe
  C:\Windows\System\DSwurTH.exe
  2⤵
  PID:5140
- C:\Windows\System\XrQSOLp.exe
  C:\Windows\System\XrQSOLp.exe
  2⤵
  PID:6100
- C:\Windows\System\PeiEQhp.exe
  C:\Windows\System\PeiEQhp.exe
  2⤵
  PID:5468
- C:\Windows\System\AzkZiua.exe
  C:\Windows\System\AzkZiua.exe
  2⤵
  PID:5192
- C:\Windows\System\ctjZgoZ.exe
  C:\Windows\System\ctjZgoZ.exe
  2⤵
  PID:5764
- C:\Windows\System\OzWfQfr.exe
  C:\Windows\System\OzWfQfr.exe
  2⤵
  PID:6072
- C:\Windows\System\lZzWCWA.exe
  C:\Windows\System\lZzWCWA.exe
  2⤵
  PID:6012
- C:\Windows\System\QgmlgGU.exe
  C:\Windows\System\QgmlgGU.exe
  2⤵
  PID:6152
- C:\Windows\System\mrMtjda.exe
  C:\Windows\System\mrMtjda.exe
  2⤵
  PID:6168
- C:\Windows\System\uwmYXbg.exe
  C:\Windows\System\uwmYXbg.exe
  2⤵
  PID:6184
- C:\Windows\System\XJcboIl.exe
  C:\Windows\System\XJcboIl.exe
  2⤵
  PID:6200
- C:\Windows\System\sKjUvOu.exe
  C:\Windows\System\sKjUvOu.exe
  2⤵
  PID:6216
- C:\Windows\System\fFicHmO.exe
  C:\Windows\System\fFicHmO.exe
  2⤵
  PID:6232
- C:\Windows\System\NPfSkLf.exe
  C:\Windows\System\NPfSkLf.exe
  2⤵
  PID:6248
- C:\Windows\System\HRChRsW.exe
  C:\Windows\System\HRChRsW.exe
  2⤵
  PID:6264
- C:\Windows\System\KhoIUdj.exe
  C:\Windows\System\KhoIUdj.exe
  2⤵
  PID:6280
- C:\Windows\System\XAlmejv.exe
  C:\Windows\System\XAlmejv.exe
  2⤵
  PID:6296
- C:\Windows\System\APFKQup.exe
  C:\Windows\System\APFKQup.exe
  2⤵
  PID:6312
- C:\Windows\System\yGpMVcN.exe
  C:\Windows\System\yGpMVcN.exe
  2⤵
  PID:6328
- C:\Windows\System\PNCUYkO.exe
  C:\Windows\System\PNCUYkO.exe
  2⤵
  PID:6344
- C:\Windows\System\pYHIWHL.exe
  C:\Windows\System\pYHIWHL.exe
  2⤵
  PID:6360
- C:\Windows\System\zfmXTgW.exe
  C:\Windows\System\zfmXTgW.exe
  2⤵
  PID:6376
- C:\Windows\System\AKkdWmu.exe
  C:\Windows\System\AKkdWmu.exe
  2⤵
  PID:6392
- C:\Windows\System\XhcAihV.exe
  C:\Windows\System\XhcAihV.exe
  2⤵
  PID:6408
- C:\Windows\System\qXqhFIW.exe
  C:\Windows\System\qXqhFIW.exe
  2⤵
  PID:6424
- C:\Windows\System\xLfcyMi.exe
  C:\Windows\System\xLfcyMi.exe
  2⤵
  PID:6444
- C:\Windows\System\gYxdXSl.exe
  C:\Windows\System\gYxdXSl.exe
  2⤵
  PID:6460
- C:\Windows\System\CvXpdpf.exe
  C:\Windows\System\CvXpdpf.exe
  2⤵
  PID:6476
- C:\Windows\System\tZVibwk.exe
  C:\Windows\System\tZVibwk.exe
  2⤵
  PID:6492
- C:\Windows\System\twYlrSs.exe
  C:\Windows\System\twYlrSs.exe
  2⤵
  PID:6508
- C:\Windows\System\SeeSsJg.exe
  C:\Windows\System\SeeSsJg.exe
  2⤵
  PID:6524
- C:\Windows\System\gXShtiZ.exe
  C:\Windows\System\gXShtiZ.exe
  2⤵
  PID:6552
- C:\Windows\System\RooHgoU.exe
  C:\Windows\System\RooHgoU.exe
  2⤵
  PID:6568
- C:\Windows\System\IxVkNKQ.exe
  C:\Windows\System\IxVkNKQ.exe
  2⤵
  PID:6584
- C:\Windows\System\CEoLFoX.exe
  C:\Windows\System\CEoLFoX.exe
  2⤵
  PID:6600
- C:\Windows\System\NlHmRsG.exe
  C:\Windows\System\NlHmRsG.exe
  2⤵
  PID:6616
- C:\Windows\System\kbsuYTp.exe
  C:\Windows\System\kbsuYTp.exe
  2⤵
  PID:6632
- C:\Windows\System\HXSaPtK.exe
  C:\Windows\System\HXSaPtK.exe
  2⤵
  PID:6648
- C:\Windows\System\pSxOUPM.exe
  C:\Windows\System\pSxOUPM.exe
  2⤵
  PID:6676
- C:\Windows\System\IPmwHgF.exe
  C:\Windows\System\IPmwHgF.exe
  2⤵
  PID:6692
- C:\Windows\System\XRjHWEU.exe
  C:\Windows\System\XRjHWEU.exe
  2⤵
  PID:6708
- C:\Windows\System\BvXjiab.exe
  C:\Windows\System\BvXjiab.exe
  2⤵
  PID:6724
- C:\Windows\System\JAYigte.exe
  C:\Windows\System\JAYigte.exe
  2⤵
  PID:6740
- C:\Windows\System\XihZJxL.exe
  C:\Windows\System\XihZJxL.exe
  2⤵
  PID:6756
- C:\Windows\System\AblqHIn.exe
  C:\Windows\System\AblqHIn.exe
  2⤵
  PID:6772
- C:\Windows\System\YumpSxp.exe
  C:\Windows\System\YumpSxp.exe
  2⤵
  PID:6788
- C:\Windows\System\EvwDiNx.exe
  C:\Windows\System\EvwDiNx.exe
  2⤵
  PID:6804
- C:\Windows\System\hsyWxNu.exe
  C:\Windows\System\hsyWxNu.exe
  2⤵
  PID:6820
- C:\Windows\System\gjJVlvf.exe
  C:\Windows\System\gjJVlvf.exe
  2⤵
  PID:6836
- C:\Windows\System\qQNNHqB.exe
  C:\Windows\System\qQNNHqB.exe
  2⤵
  PID:6852
- C:\Windows\System\mTgoOlp.exe
  C:\Windows\System\mTgoOlp.exe
  2⤵
  PID:6872
- C:\Windows\System\YyVLrcg.exe
  C:\Windows\System\YyVLrcg.exe
  2⤵
  PID:6888
- C:\Windows\System\lTOjyIM.exe
  C:\Windows\System\lTOjyIM.exe
  2⤵
  PID:6904
- C:\Windows\System\OHCrxdm.exe
  C:\Windows\System\OHCrxdm.exe
  2⤵
  PID:6924
- C:\Windows\System\ZfelnqD.exe
  C:\Windows\System\ZfelnqD.exe
  2⤵
  PID:6940
- C:\Windows\System\WOEDsNY.exe
  C:\Windows\System\WOEDsNY.exe
  2⤵
  PID:6956
- C:\Windows\System\UBzURRY.exe
  C:\Windows\System\UBzURRY.exe
  2⤵
  PID:6972
- C:\Windows\System\eQtkOwT.exe
  C:\Windows\System\eQtkOwT.exe
  2⤵
  PID:6988
- C:\Windows\System\riAqjAl.exe
  C:\Windows\System\riAqjAl.exe
  2⤵
  PID:7004
- C:\Windows\System\elKLMhL.exe
  C:\Windows\System\elKLMhL.exe
  2⤵
  PID:7020
- C:\Windows\System\mZPIWpd.exe
  C:\Windows\System\mZPIWpd.exe
  2⤵
  PID:7036
- C:\Windows\System\ONOuaof.exe
  C:\Windows\System\ONOuaof.exe
  2⤵
  PID:7056
- C:\Windows\System\GGqMGVB.exe
  C:\Windows\System\GGqMGVB.exe
  2⤵
  PID:7072
- C:\Windows\System\IljrfjN.exe
  C:\Windows\System\IljrfjN.exe
  2⤵
  PID:7088
- C:\Windows\System\kacicOl.exe
  C:\Windows\System\kacicOl.exe
  2⤵
  PID:7104
- C:\Windows\System\pbnnSnI.exe
  C:\Windows\System\pbnnSnI.exe
  2⤵
  PID:7120
- C:\Windows\System\fBpcqbG.exe
  C:\Windows\System\fBpcqbG.exe
  2⤵
  PID:7136
- C:\Windows\System\xXLIyAL.exe
  C:\Windows\System\xXLIyAL.exe
  2⤵
  PID:7152
- C:\Windows\System\iSaPrOF.exe
  C:\Windows\System\iSaPrOF.exe
  2⤵
  PID:6056
- C:\Windows\System\XPYdJbK.exe
  C:\Windows\System\XPYdJbK.exe
  2⤵
  PID:6212
- C:\Windows\System\nVHutaC.exe
  C:\Windows\System\nVHutaC.exe
  2⤵
  PID:5652
- C:\Windows\System\fDMHIFO.exe
  C:\Windows\System\fDMHIFO.exe
  2⤵
  PID:6008
- C:\Windows\System\NHayiSw.exe
  C:\Windows\System\NHayiSw.exe
  2⤵
  PID:5896
- C:\Windows\System\rZxTaeS.exe
  C:\Windows\System\rZxTaeS.exe
  2⤵
  PID:6164
- C:\Windows\System\KtqvmtG.exe
  C:\Windows\System\KtqvmtG.exe
  2⤵
  PID:6304
- C:\Windows\System\Srpybjy.exe
  C:\Windows\System\Srpybjy.exe
  2⤵
  PID:6372
- C:\Windows\System\fvsUQsu.exe
  C:\Windows\System\fvsUQsu.exe
  2⤵
  PID:6228
- C:\Windows\System\yQOMSfD.exe
  C:\Windows\System\yQOMSfD.exe
  2⤵
  PID:6320
- C:\Windows\System\cVnaiCO.exe
  C:\Windows\System\cVnaiCO.exe
  2⤵
  PID:6388
- C:\Windows\System\IvXgxZe.exe
  C:\Windows\System\IvXgxZe.exe
  2⤵
  PID:6416
- C:\Windows\System\dBggKPf.exe
  C:\Windows\System\dBggKPf.exe
  2⤵
  PID:6456
- C:\Windows\System\hHlIquE.exe
  C:\Windows\System\hHlIquE.exe
  2⤵
  PID:6516
- C:\Windows\System\AqZflkN.exe
  C:\Windows\System\AqZflkN.exe
  2⤵
  PID:6440
- C:\Windows\System\kHEWbwd.exe
  C:\Windows\System\kHEWbwd.exe
  2⤵
  PID:6532
- C:\Windows\System\ZPNmNkh.exe
  C:\Windows\System\ZPNmNkh.exe
  2⤵
  PID:6592
- C:\Windows\System\zheIfPx.exe
  C:\Windows\System\zheIfPx.exe
  2⤵
  PID:6576
- C:\Windows\System\UEtxalL.exe
  C:\Windows\System\UEtxalL.exe
  2⤵
  PID:6500
- C:\Windows\System\HsxAdUE.exe
  C:\Windows\System\HsxAdUE.exe
  2⤵
  PID:6656
- C:\Windows\System\mKOnLNx.exe
  C:\Windows\System\mKOnLNx.exe
  2⤵
  PID:6672
- C:\Windows\System\IHTyGaW.exe
  C:\Windows\System\IHTyGaW.exe
  2⤵
  PID:6732
- C:\Windows\System\bGhsuWj.exe
  C:\Windows\System\bGhsuWj.exe
  2⤵
  PID:6716
- C:\Windows\System\tzpqtJO.exe
  C:\Windows\System\tzpqtJO.exe
  2⤵
  PID:6796
- C:\Windows\System\iJrlPQq.exe
  C:\Windows\System\iJrlPQq.exe
  2⤵
  PID:6816
- C:\Windows\System\ITXlmEg.exe
  C:\Windows\System\ITXlmEg.exe
  2⤵
  PID:6864
- C:\Windows\System\SmrkfXX.exe
  C:\Windows\System\SmrkfXX.exe
  2⤵
  PID:6900
- C:\Windows\System\vcUKxev.exe
  C:\Windows\System\vcUKxev.exe
  2⤵
  PID:6968
- C:\Windows\System\OKwQKSx.exe
  C:\Windows\System\OKwQKSx.exe
  2⤵
  PID:7012
- C:\Windows\System\xKvAiUZ.exe
  C:\Windows\System\xKvAiUZ.exe
  2⤵
  PID:7032
- C:\Windows\System\tLWXXrE.exe
  C:\Windows\System\tLWXXrE.exe
  2⤵
  PID:6920
- C:\Windows\System\haSZhJo.exe
  C:\Windows\System\haSZhJo.exe
  2⤵
  PID:7064
- C:\Windows\System\bbhimlo.exe
  C:\Windows\System\bbhimlo.exe
  2⤵
  PID:7100
- C:\Windows\System\DWZBOwz.exe
  C:\Windows\System\DWZBOwz.exe
  2⤵
  PID:7128
- C:\Windows\System\pVIIKyd.exe
  C:\Windows\System\pVIIKyd.exe
  2⤵
  PID:7148
- C:\Windows\System\KSTmidj.exe
  C:\Windows\System\KSTmidj.exe
  2⤵
  PID:7164
- C:\Windows\System\BpQTRKG.exe
  C:\Windows\System\BpQTRKG.exe
  2⤵
  PID:6244
- C:\Windows\System\MHBUMeg.exe
  C:\Windows\System\MHBUMeg.exe
  2⤵
  PID:6260
- C:\Windows\System\KWQGwVR.exe
  C:\Windows\System\KWQGwVR.exe
  2⤵
  PID:6196
- C:\Windows\System\OikYsrf.exe
  C:\Windows\System\OikYsrf.exe
  2⤵
  PID:6272
- C:\Windows\System\wKbKUwU.exe
  C:\Windows\System\wKbKUwU.exe
  2⤵
  PID:6384
- C:\Windows\System\DkzWPbV.exe
  C:\Windows\System\DkzWPbV.exe
  2⤵
  PID:6488
- C:\Windows\System\VtVIcNZ.exe
  C:\Windows\System\VtVIcNZ.exe
  2⤵
  PID:6564
- C:\Windows\System\rYnqDBE.exe
  C:\Windows\System\rYnqDBE.exe
  2⤵
  PID:6544
- C:\Windows\System\CBVLXOZ.exe
  C:\Windows\System\CBVLXOZ.exe
  2⤵
  PID:6612
- C:\Windows\System\mtFftMN.exe
  C:\Windows\System\mtFftMN.exe
  2⤵
  PID:6660
- C:\Windows\System\CIfedmZ.exe
  C:\Windows\System\CIfedmZ.exe
  2⤵
  PID:6752
- C:\Windows\System\dtDyPHY.exe
  C:\Windows\System\dtDyPHY.exe
  2⤵
  PID:6780
- C:\Windows\System\uRvLfFd.exe
  C:\Windows\System\uRvLfFd.exe
  2⤵
  PID:6812
- C:\Windows\System\mwbZCTD.exe
  C:\Windows\System\mwbZCTD.exe
  2⤵
  PID:7000
- C:\Windows\System\mpBXSRu.exe
  C:\Windows\System\mpBXSRu.exe
  2⤵
  PID:7052
- C:\Windows\System\dNIdxlK.exe
  C:\Windows\System\dNIdxlK.exe
  2⤵
  PID:6948
- C:\Windows\System\SAuNjvn.exe
  C:\Windows\System\SAuNjvn.exe
  2⤵
  PID:6952
- C:\Windows\System\fDrgBrO.exe
  C:\Windows\System\fDrgBrO.exe
  2⤵
  PID:7112
- C:\Windows\System\qhJOknx.exe
  C:\Windows\System\qhJOknx.exe
  2⤵
  PID:6336
- C:\Windows\System\PolqLpV.exe
  C:\Windows\System\PolqLpV.exe
  2⤵
  PID:5824
- C:\Windows\System\KSYnGfP.exe
  C:\Windows\System\KSYnGfP.exe
  2⤵
  PID:6452
- C:\Windows\System\YoshxrO.exe
  C:\Windows\System\YoshxrO.exe
  2⤵
  PID:6688
- C:\Windows\System\dnPBWNp.exe
  C:\Windows\System\dnPBWNp.exe
  2⤵
  PID:6352
- C:\Windows\System\UxvNtTh.exe
  C:\Windows\System\UxvNtTh.exe
  2⤵
  PID:6936
- C:\Windows\System\WHSvhAY.exe
  C:\Windows\System\WHSvhAY.exe
  2⤵
  PID:6880
- C:\Windows\System\aCuwYbq.exe
  C:\Windows\System\aCuwYbq.exe
  2⤵
  PID:6828
- C:\Windows\System\kZHmkMY.exe
  C:\Windows\System\kZHmkMY.exe
  2⤵
  PID:6148
- C:\Windows\System\QuzAzny.exe
  C:\Windows\System\QuzAzny.exe
  2⤵
  PID:6432
- C:\Windows\System\bBFpHUC.exe
  C:\Windows\System\bBFpHUC.exe
  2⤵
  PID:6356
- C:\Windows\System\UMhYKKh.exe
  C:\Windows\System\UMhYKKh.exe
  2⤵
  PID:7180
- C:\Windows\System\gvMSKme.exe
  C:\Windows\System\gvMSKme.exe
  2⤵
  PID:7196
- C:\Windows\System\sfYoGzT.exe
  C:\Windows\System\sfYoGzT.exe
  2⤵
  PID:7212
- C:\Windows\System\CfNqsOi.exe
  C:\Windows\System\CfNqsOi.exe
  2⤵
  PID:7228
- C:\Windows\System\MxRdzCt.exe
  C:\Windows\System\MxRdzCt.exe
  2⤵
  PID:7244
- C:\Windows\System\TRKkfws.exe
  C:\Windows\System\TRKkfws.exe
  2⤵
  PID:7260
- C:\Windows\System\LCqKkwF.exe
  C:\Windows\System\LCqKkwF.exe
  2⤵
  PID:7276
- C:\Windows\System\SIrIlus.exe
  C:\Windows\System\SIrIlus.exe
  2⤵
  PID:7296
- C:\Windows\System\IWGXbxL.exe
  C:\Windows\System\IWGXbxL.exe
  2⤵
  PID:7312
- C:\Windows\System\InnmRsH.exe
  C:\Windows\System\InnmRsH.exe
  2⤵
  PID:7328
- C:\Windows\System\OBxhNoa.exe
  C:\Windows\System\OBxhNoa.exe
  2⤵
  PID:7344
- C:\Windows\System\Eapjuig.exe
  C:\Windows\System\Eapjuig.exe
  2⤵
  PID:7360
- C:\Windows\System\MytVZyR.exe
  C:\Windows\System\MytVZyR.exe
  2⤵
  PID:7376
- C:\Windows\System\ofTMLnC.exe
  C:\Windows\System\ofTMLnC.exe
  2⤵
  PID:7392
- C:\Windows\System\ETPpbpx.exe
  C:\Windows\System\ETPpbpx.exe
  2⤵
  PID:7408
- C:\Windows\System\kVkPFpt.exe
  C:\Windows\System\kVkPFpt.exe
  2⤵
  PID:7424
- C:\Windows\System\kIgfRAc.exe
  C:\Windows\System\kIgfRAc.exe
  2⤵
  PID:7444
- C:\Windows\System\TWOZHwa.exe
  C:\Windows\System\TWOZHwa.exe
  2⤵
  PID:7460
- C:\Windows\System\kaYcyCn.exe
  C:\Windows\System\kaYcyCn.exe
  2⤵
  PID:7476
- C:\Windows\System\nhUvgMc.exe
  C:\Windows\System\nhUvgMc.exe
  2⤵
  PID:7492
- C:\Windows\System\yhitrZc.exe
  C:\Windows\System\yhitrZc.exe
  2⤵
  PID:7508
- C:\Windows\System\DQPtdkA.exe
  C:\Windows\System\DQPtdkA.exe
  2⤵
  PID:7524
- C:\Windows\System\kdOyvJz.exe
  C:\Windows\System\kdOyvJz.exe
  2⤵
  PID:7540
- C:\Windows\System\SoUfnQR.exe
  C:\Windows\System\SoUfnQR.exe
  2⤵
  PID:7556
- C:\Windows\System\BGcLHIv.exe
  C:\Windows\System\BGcLHIv.exe
  2⤵
  PID:7572
- C:\Windows\System\kcdZHRQ.exe
  C:\Windows\System\kcdZHRQ.exe
  2⤵
  PID:7588
- C:\Windows\System\TWNhFRV.exe
  C:\Windows\System\TWNhFRV.exe
  2⤵
  PID:7604
- C:\Windows\System\IufGQwN.exe
  C:\Windows\System\IufGQwN.exe
  2⤵
  PID:7620
- C:\Windows\System\eGCRIPn.exe
  C:\Windows\System\eGCRIPn.exe
  2⤵
  PID:7636
- C:\Windows\System\cvPIdeF.exe
  C:\Windows\System\cvPIdeF.exe
  2⤵
  PID:7652
- C:\Windows\System\gudJLes.exe
  C:\Windows\System\gudJLes.exe
  2⤵
  PID:7668
- C:\Windows\System\GWuxRUA.exe
  C:\Windows\System\GWuxRUA.exe
  2⤵
  PID:7684
- C:\Windows\System\mtrRtXA.exe
  C:\Windows\System\mtrRtXA.exe
  2⤵
  PID:7700
- C:\Windows\System\EfXqxzJ.exe
  C:\Windows\System\EfXqxzJ.exe
  2⤵
  PID:7716
- C:\Windows\System\tqTpsgc.exe
  C:\Windows\System\tqTpsgc.exe
  2⤵
  PID:7732
- C:\Windows\System\IVDOvPQ.exe
  C:\Windows\System\IVDOvPQ.exe
  2⤵
  PID:7752
- C:\Windows\System\qGyATOD.exe
  C:\Windows\System\qGyATOD.exe
  2⤵
  PID:7768
- C:\Windows\System\fABYKkB.exe
  C:\Windows\System\fABYKkB.exe
  2⤵
  PID:7784
- C:\Windows\System\AwAXUBw.exe
  C:\Windows\System\AwAXUBw.exe
  2⤵
  PID:7800
- C:\Windows\System\voyCaAz.exe
  C:\Windows\System\voyCaAz.exe
  2⤵
  PID:7816
- C:\Windows\System\EfTsgmC.exe
  C:\Windows\System\EfTsgmC.exe
  2⤵
  PID:7832
- C:\Windows\System\wZyEDaA.exe
  C:\Windows\System\wZyEDaA.exe
  2⤵
  PID:7848
- C:\Windows\System\OQRwlSq.exe
  C:\Windows\System\OQRwlSq.exe
  2⤵
  PID:7864
- C:\Windows\System\uxHbVQc.exe
  C:\Windows\System\uxHbVQc.exe
  2⤵
  PID:7880
- C:\Windows\System\tRZAdAA.exe
  C:\Windows\System\tRZAdAA.exe
  2⤵
  PID:7896
- C:\Windows\System\IBcGfiK.exe
  C:\Windows\System\IBcGfiK.exe
  2⤵
  PID:7912
- C:\Windows\System\pvWMwOx.exe
  C:\Windows\System\pvWMwOx.exe
  2⤵
  PID:7928
- C:\Windows\System\fSBeyrw.exe
  C:\Windows\System\fSBeyrw.exe
  2⤵
  PID:7944
- C:\Windows\System\cWmgeks.exe
  C:\Windows\System\cWmgeks.exe
  2⤵
  PID:7960
- C:\Windows\System\POwkiEY.exe
  C:\Windows\System\POwkiEY.exe
  2⤵
  PID:7976
- C:\Windows\System\goCpKQh.exe
  C:\Windows\System\goCpKQh.exe
  2⤵
  PID:7992
- C:\Windows\System\SkwoMrh.exe
  C:\Windows\System\SkwoMrh.exe
  2⤵
  PID:8008
- C:\Windows\System\fZlYMmc.exe
  C:\Windows\System\fZlYMmc.exe
  2⤵
  PID:8024
- C:\Windows\System\neYfNVJ.exe
  C:\Windows\System\neYfNVJ.exe
  2⤵
  PID:8040
- C:\Windows\System\LtNozOF.exe
  C:\Windows\System\LtNozOF.exe
  2⤵
  PID:8056
- C:\Windows\System\iiCOnGY.exe
  C:\Windows\System\iiCOnGY.exe
  2⤵
  PID:8072
- C:\Windows\System\vIQymJd.exe
  C:\Windows\System\vIQymJd.exe
  2⤵
  PID:8088
- C:\Windows\System\LPtLeCz.exe
  C:\Windows\System\LPtLeCz.exe
  2⤵
  PID:8104
- C:\Windows\System\Eldwmhh.exe
  C:\Windows\System\Eldwmhh.exe
  2⤵
  PID:8120
- C:\Windows\System\ZFhzQNO.exe
  C:\Windows\System\ZFhzQNO.exe
  2⤵
  PID:8136
- C:\Windows\System\ijRAOhG.exe
  C:\Windows\System\ijRAOhG.exe
  2⤵
  PID:8152
- C:\Windows\System\WReOBot.exe
  C:\Windows\System\WReOBot.exe
  2⤵
  PID:8168
- C:\Windows\System\LzuLhef.exe
  C:\Windows\System\LzuLhef.exe
  2⤵
  PID:8184
- C:\Windows\System\AHwKcPS.exe
  C:\Windows\System\AHwKcPS.exe
  2⤵
  PID:7084
- C:\Windows\System\zdXCKPE.exe
  C:\Windows\System\zdXCKPE.exe
  2⤵
  PID:7204
- C:\Windows\System\UcFFYqN.exe
  C:\Windows\System\UcFFYqN.exe
  2⤵
  PID:6720
- C:\Windows\System\NzPCUEt.exe
  C:\Windows\System\NzPCUEt.exe
  2⤵
  PID:6844
- C:\Windows\System\goXPSwo.exe
  C:\Windows\System\goXPSwo.exe
  2⤵
  PID:6644
- C:\Windows\System\HvxfRjP.exe
  C:\Windows\System\HvxfRjP.exe
  2⤵
  PID:7220
- C:\Windows\System\lRtnjSi.exe
  C:\Windows\System\lRtnjSi.exe
  2⤵
  PID:7252
- C:\Windows\System\DsMDDPZ.exe
  C:\Windows\System\DsMDDPZ.exe
  2⤵
  PID:7272
- C:\Windows\System\BzdrkVN.exe
  C:\Windows\System\BzdrkVN.exe
  2⤵
  PID:7324
- C:\Windows\System\AlJEXGU.exe
  C:\Windows\System\AlJEXGU.exe
  2⤵
  PID:7388
- C:\Windows\System\LtIWlnb.exe
  C:\Windows\System\LtIWlnb.exe
  2⤵
  PID:7336
- C:\Windows\System\KzYIcRH.exe
  C:\Windows\System\KzYIcRH.exe
  2⤵
  PID:7420
- C:\Windows\System\ATEHaLN.exe
  C:\Windows\System\ATEHaLN.exe
  2⤵
  PID:7452
- C:\Windows\System\zfhypUd.exe
  C:\Windows\System\zfhypUd.exe
  2⤵
  PID:7468
- C:\Windows\System\clzClYO.exe
  C:\Windows\System\clzClYO.exe
  2⤵
  PID:7500
- C:\Windows\System\IelHIDs.exe
  C:\Windows\System\IelHIDs.exe
  2⤵
  PID:7536
- C:\Windows\System\aGwIbDo.exe
  C:\Windows\System\aGwIbDo.exe
  2⤵
  PID:7580
- C:\Windows\System\GIUEXFr.exe
  C:\Windows\System\GIUEXFr.exe
  2⤵
  PID:7612
- C:\Windows\System\FFHEVAf.exe
  C:\Windows\System\FFHEVAf.exe
  2⤵
  PID:7628
- C:\Windows\System\SatLeyu.exe
  C:\Windows\System\SatLeyu.exe
  2⤵
  PID:7680
- C:\Windows\System\NNBgdun.exe
  C:\Windows\System\NNBgdun.exe
  2⤵
  PID:7692
- C:\Windows\System\AvqDRRV.exe
  C:\Windows\System\AvqDRRV.exe
  2⤵
  PID:7740
- C:\Windows\System\knnfflm.exe
  C:\Windows\System\knnfflm.exe
  2⤵
  PID:7780
- C:\Windows\System\xlMHRfj.exe
  C:\Windows\System\xlMHRfj.exe
  2⤵
  PID:7796
- C:\Windows\System\tBpadpv.exe
  C:\Windows\System\tBpadpv.exe
  2⤵
  PID:7760
- C:\Windows\System\LOEfEGC.exe
  C:\Windows\System\LOEfEGC.exe
  2⤵
  PID:7860
- C:\Windows\System\mNXaYgz.exe
  C:\Windows\System\mNXaYgz.exe
  2⤵
  PID:7892
- C:\Windows\System\TpYFHHo.exe
  C:\Windows\System\TpYFHHo.exe
  2⤵
  PID:7940
- C:\Windows\System\QpMWtEi.exe
  C:\Windows\System\QpMWtEi.exe
  2⤵
  PID:7956
- C:\Windows\System\tVSlHHw.exe
  C:\Windows\System\tVSlHHw.exe
  2⤵
  PID:8004
- C:\Windows\System\VYVyNjj.exe
  C:\Windows\System\VYVyNjj.exe
  2⤵
  PID:8068
- C:\Windows\System\SJZUNEK.exe
  C:\Windows\System\SJZUNEK.exe
  2⤵
  PID:8052
- C:\Windows\System\IzgwIjH.exe
  C:\Windows\System\IzgwIjH.exe
  2⤵
  PID:8144
- C:\Windows\System\ZVbrajB.exe
  C:\Windows\System\ZVbrajB.exe
  2⤵
  PID:8128
- C:\Windows\System\enmbuEP.exe
  C:\Windows\System\enmbuEP.exe
  2⤵
  PID:8164
- C:\Windows\System\xLoaKOC.exe
  C:\Windows\System\xLoaKOC.exe
  2⤵
  PID:7160
- C:\Windows\System\FiLBsiu.exe
  C:\Windows\System\FiLBsiu.exe
  2⤵
  PID:6276
- C:\Windows\System\roEcPfD.exe
  C:\Windows\System\roEcPfD.exe
  2⤵
  PID:7188
- C:\Windows\System\ODlwMiF.exe
  C:\Windows\System\ODlwMiF.exe
  2⤵
  PID:7308
- C:\Windows\System\mdbFRjM.exe
  C:\Windows\System\mdbFRjM.exe
  2⤵
  PID:7284
- C:\Windows\System\JtoJpRg.exe
  C:\Windows\System\JtoJpRg.exe
  2⤵
  PID:7368
- C:\Windows\System\GWlIwBu.exe
  C:\Windows\System\GWlIwBu.exe
  2⤵
  PID:7516
- C:\Windows\System\jfGUPfY.exe
  C:\Windows\System\jfGUPfY.exe
  2⤵
  PID:7648
- C:\Windows\System\SleEZrI.exe
  C:\Windows\System\SleEZrI.exe
  2⤵
  PID:7600
- C:\Windows\System\nZsEhlz.exe
  C:\Windows\System\nZsEhlz.exe
  2⤵
  PID:7776
- C:\Windows\System\ffFFJXQ.exe
  C:\Windows\System\ffFFJXQ.exe
  2⤵
  PID:7972
- C:\Windows\System\bzHPtFm.exe
  C:\Windows\System\bzHPtFm.exe
  2⤵
  PID:7596
- C:\Windows\System\EjseeWZ.exe
  C:\Windows\System\EjseeWZ.exe
  2⤵
  PID:7676
- C:\Windows\System\CWuJuOp.exe
  C:\Windows\System\CWuJuOp.exe
  2⤵
  PID:7824
- C:\Windows\System\uQzadnV.exe
  C:\Windows\System\uQzadnV.exe
  2⤵
  PID:8000
- C:\Windows\System\HFnVqMp.exe
  C:\Windows\System\HFnVqMp.exe
  2⤵
  PID:996
- C:\Windows\System\tomeCxk.exe
  C:\Windows\System\tomeCxk.exe
  2⤵
  PID:8084
- C:\Windows\System\nhXMrfR.exe
  C:\Windows\System\nhXMrfR.exe
  2⤵
  PID:7320
- C:\Windows\System\uKbMMuP.exe
  C:\Windows\System\uKbMMuP.exe
  2⤵
  PID:7028
- C:\Windows\System\pHpuMhV.exe
  C:\Windows\System\pHpuMhV.exe
  2⤵
  PID:8132
- C:\Windows\System\qpFuZAk.exe
  C:\Windows\System\qpFuZAk.exe
  2⤵
  PID:7644
- C:\Windows\System\cIXsOVb.exe
  C:\Windows\System\cIXsOVb.exe
  2⤵
  PID:7240
- C:\Windows\System\IwikadN.exe
  C:\Windows\System\IwikadN.exe
  2⤵
  PID:7404
- C:\Windows\System\JZzAIzL.exe
  C:\Windows\System\JZzAIzL.exe
  2⤵
  PID:7808
- C:\Windows\System\NeRNOPd.exe
  C:\Windows\System\NeRNOPd.exe
  2⤵
  PID:7548
- C:\Windows\System\pDjvSkd.exe
  C:\Windows\System\pDjvSkd.exe
  2⤵
  PID:8036
- C:\Windows\System\RbgcaGb.exe
  C:\Windows\System\RbgcaGb.exe
  2⤵
  PID:7792
- C:\Windows\System\piUwZmv.exe
  C:\Windows\System\piUwZmv.exe
  2⤵
  PID:7812
- C:\Windows\System\VTOegKi.exe
  C:\Windows\System\VTOegKi.exe
  2⤵
  PID:7908
- C:\Windows\System\vjMnCDU.exe
  C:\Windows\System\vjMnCDU.exe
  2⤵
  PID:7936
- C:\Windows\System\boscdnn.exe
  C:\Windows\System\boscdnn.exe
  2⤵
  PID:7728
- C:\Windows\System\ksSZTEu.exe
  C:\Windows\System\ksSZTEu.exe
  2⤵
  PID:7532
- C:\Windows\System\QArhBHT.exe
  C:\Windows\System\QArhBHT.exe
  2⤵
  PID:8204
- C:\Windows\System\fJXFuJa.exe
  C:\Windows\System\fJXFuJa.exe
  2⤵
  PID:8220
- C:\Windows\System\KpFtjIH.exe
  C:\Windows\System\KpFtjIH.exe
  2⤵
  PID:8244
- C:\Windows\System\QfaLaHf.exe
  C:\Windows\System\QfaLaHf.exe
  2⤵
  PID:8260
- C:\Windows\System\qtefyig.exe
  C:\Windows\System\qtefyig.exe
  2⤵
  PID:8280
- C:\Windows\System\CRfGrsz.exe
  C:\Windows\System\CRfGrsz.exe
  2⤵
  PID:8296
- C:\Windows\System\UVyLOac.exe
  C:\Windows\System\UVyLOac.exe
  2⤵
  PID:8316
- C:\Windows\System\pYhCmjE.exe
  C:\Windows\System\pYhCmjE.exe
  2⤵
  PID:8340
- C:\Windows\System\mzSAFhn.exe
  C:\Windows\System\mzSAFhn.exe
  2⤵
  PID:8356
- C:\Windows\System\KCOZEfi.exe
  C:\Windows\System\KCOZEfi.exe
  2⤵
  PID:8372
- C:\Windows\System\BfanmGu.exe
  C:\Windows\System\BfanmGu.exe
  2⤵
  PID:8388
- C:\Windows\System\NLBWSYf.exe
  C:\Windows\System\NLBWSYf.exe
  2⤵
  PID:8404
- C:\Windows\System\KkcdHdt.exe
  C:\Windows\System\KkcdHdt.exe
  2⤵
  PID:8420
- C:\Windows\System\PpnZlKU.exe
  C:\Windows\System\PpnZlKU.exe
  2⤵
  PID:8436
- C:\Windows\System\tYrmcTy.exe
  C:\Windows\System\tYrmcTy.exe
  2⤵
  PID:8452
- C:\Windows\System\DcIDNYa.exe
  C:\Windows\System\DcIDNYa.exe
  2⤵
  PID:8468
- C:\Windows\System\BKkzSxB.exe
  C:\Windows\System\BKkzSxB.exe
  2⤵
  PID:8484
- C:\Windows\System\oafjQqe.exe
  C:\Windows\System\oafjQqe.exe
  2⤵
  PID:8500
- C:\Windows\System\UyiUsRX.exe
  C:\Windows\System\UyiUsRX.exe
  2⤵
  PID:8524
- C:\Windows\System\GyBLMpQ.exe
  C:\Windows\System\GyBLMpQ.exe
  2⤵
  PID:8540
- C:\Windows\System\WYyPhZo.exe
  C:\Windows\System\WYyPhZo.exe
  2⤵
  PID:8560
- C:\Windows\System\DgXkwKz.exe
  C:\Windows\System\DgXkwKz.exe
  2⤵
  PID:8576
- C:\Windows\System\mXBscYu.exe
  C:\Windows\System\mXBscYu.exe
  2⤵
  PID:8592
- C:\Windows\System\PtFDyAQ.exe
  C:\Windows\System\PtFDyAQ.exe
  2⤵
  PID:8608
- C:\Windows\System\JtWrlsi.exe
  C:\Windows\System\JtWrlsi.exe
  2⤵
  PID:8624
- C:\Windows\System\ESLjhWX.exe
  C:\Windows\System\ESLjhWX.exe
  2⤵
  PID:8640
- C:\Windows\System\sKZRIHz.exe
  C:\Windows\System\sKZRIHz.exe
  2⤵
  PID:8656
- C:\Windows\System\vdurFWx.exe
  C:\Windows\System\vdurFWx.exe
  2⤵
  PID:8672
- C:\Windows\System\rGJCRWD.exe
  C:\Windows\System\rGJCRWD.exe
  2⤵
  PID:8688
- C:\Windows\System\pnJuFrs.exe
  C:\Windows\System\pnJuFrs.exe
  2⤵
  PID:8704
- C:\Windows\System\BJlCnTz.exe
  C:\Windows\System\BJlCnTz.exe
  2⤵
  PID:8720
- C:\Windows\System\DmZIYxm.exe
  C:\Windows\System\DmZIYxm.exe
  2⤵
  PID:8736
- C:\Windows\System\fEskiyE.exe
  C:\Windows\System\fEskiyE.exe
  2⤵
  PID:8752
- C:\Windows\System\GQOrcQc.exe
  C:\Windows\System\GQOrcQc.exe
  2⤵
  PID:8768
- C:\Windows\System\EhCfxRy.exe
  C:\Windows\System\EhCfxRy.exe
  2⤵
  PID:8784
- C:\Windows\System\FPHlJmh.exe
  C:\Windows\System\FPHlJmh.exe
  2⤵
  PID:8800
- C:\Windows\System\qBrnPee.exe
  C:\Windows\System\qBrnPee.exe
  2⤵
  PID:8816
- C:\Windows\System\OkzPCvo.exe
  C:\Windows\System\OkzPCvo.exe
  2⤵
  PID:8832
- C:\Windows\System\mCVmvWv.exe
  C:\Windows\System\mCVmvWv.exe
  2⤵
  PID:8848
- C:\Windows\System\hoTQRhH.exe
  C:\Windows\System\hoTQRhH.exe
  2⤵
  PID:8864
- C:\Windows\System\bTwZlGb.exe
  C:\Windows\System\bTwZlGb.exe
  2⤵
  PID:8880
- C:\Windows\System\xmWfVAR.exe
  C:\Windows\System\xmWfVAR.exe
  2⤵
  PID:8896
- C:\Windows\System\dgemDgT.exe
  C:\Windows\System\dgemDgT.exe
  2⤵
  PID:8912
- C:\Windows\System\rlhxlCf.exe
  C:\Windows\System\rlhxlCf.exe
  2⤵
  PID:8928
- C:\Windows\System\yuHLdjb.exe
  C:\Windows\System\yuHLdjb.exe
  2⤵
  PID:8944
- C:\Windows\System\xJTDXtA.exe
  C:\Windows\System\xJTDXtA.exe
  2⤵
  PID:8964
- C:\Windows\System\OyPpUBC.exe
  C:\Windows\System\OyPpUBC.exe
  2⤵
  PID:8980
- C:\Windows\System\mHuOkFX.exe
  C:\Windows\System\mHuOkFX.exe
  2⤵
  PID:8996
- C:\Windows\System\mcldJdD.exe
  C:\Windows\System\mcldJdD.exe
  2⤵
  PID:9012
- C:\Windows\System\JKJeewo.exe
  C:\Windows\System\JKJeewo.exe
  2⤵
  PID:9032
- C:\Windows\System\wNBHurR.exe
  C:\Windows\System\wNBHurR.exe
  2⤵
  PID:9048
- C:\Windows\System\AVEjTsF.exe
  C:\Windows\System\AVEjTsF.exe
  2⤵
  PID:9064
- C:\Windows\System\JoxMTiU.exe
  C:\Windows\System\JoxMTiU.exe
  2⤵
  PID:9080
- C:\Windows\System\aJlxBhH.exe
  C:\Windows\System\aJlxBhH.exe
  2⤵
  PID:9096
- C:\Windows\System\RpnkWfU.exe
  C:\Windows\System\RpnkWfU.exe
  2⤵
  PID:9112
- C:\Windows\System\hGVQjql.exe
  C:\Windows\System\hGVQjql.exe
  2⤵
  PID:9128
- C:\Windows\System\QEvsFeC.exe
  C:\Windows\System\QEvsFeC.exe
  2⤵
  PID:9144
- C:\Windows\System\SWjWwmk.exe
  C:\Windows\System\SWjWwmk.exe
  2⤵
  PID:9160
- C:\Windows\System\XaEPblz.exe
  C:\Windows\System\XaEPblz.exe
  2⤵
  PID:9176
- C:\Windows\System\JwYnUfJ.exe
  C:\Windows\System\JwYnUfJ.exe
  2⤵
  PID:9192
- C:\Windows\System\mGFcofM.exe
  C:\Windows\System\mGFcofM.exe
  2⤵
  PID:9208
- C:\Windows\System\duLTuLX.exe
  C:\Windows\System\duLTuLX.exe
  2⤵
  PID:6700
- C:\Windows\System\kKDxsCz.exe
  C:\Windows\System\kKDxsCz.exe
  2⤵
  PID:8216
- C:\Windows\System\zPUjnxw.exe
  C:\Windows\System\zPUjnxw.exe
  2⤵
  PID:8288
- C:\Windows\System\kyeShRx.exe
  C:\Windows\System\kyeShRx.exe
  2⤵
  PID:8304
- C:\Windows\System\PTFuSQs.exe
  C:\Windows\System\PTFuSQs.exe
  2⤵
  PID:8364
- C:\Windows\System\YMJyDCR.exe
  C:\Windows\System\YMJyDCR.exe
  2⤵
  PID:8396
- C:\Windows\System\YoEdUTJ.exe
  C:\Windows\System\YoEdUTJ.exe
  2⤵
  PID:8412
- C:\Windows\System\IoEWzFZ.exe
  C:\Windows\System\IoEWzFZ.exe
  2⤵
  PID:8492
- C:\Windows\System\vumlwQL.exe
  C:\Windows\System\vumlwQL.exe
  2⤵
  PID:8448
- C:\Windows\System\iRlbNkV.exe
  C:\Windows\System\iRlbNkV.exe
  2⤵
  PID:8508
- C:\Windows\System\yjGyYbg.exe
  C:\Windows\System\yjGyYbg.exe
  2⤵
  PID:8600
- C:\Windows\System\YbuqyzH.exe
  C:\Windows\System\YbuqyzH.exe
  2⤵
  PID:8552
- C:\Windows\System\UVFhNFe.exe
  C:\Windows\System\UVFhNFe.exe
  2⤵
  PID:8664
- C:\Windows\System\KVSsIJC.exe
  C:\Windows\System\KVSsIJC.exe
  2⤵
  PID:8696
- C:\Windows\System\wOmEmzc.exe
  C:\Windows\System\wOmEmzc.exe
  2⤵
  PID:8684
- C:\Windows\System\AAWOSwY.exe
  C:\Windows\System\AAWOSwY.exe
  2⤵
  PID:8728
- C:\Windows\System\LueNdhK.exe
  C:\Windows\System\LueNdhK.exe
  2⤵
  PID:8796
- C:\Windows\System\pBPSINV.exe
  C:\Windows\System\pBPSINV.exe
  2⤵
  PID:8748
- C:\Windows\System\DNGGNlf.exe
  C:\Windows\System\DNGGNlf.exe
  2⤵
  PID:8860
- C:\Windows\System\tPJUlmk.exe
  C:\Windows\System\tPJUlmk.exe
  2⤵
  PID:8952
- C:\Windows\System\grUQCZZ.exe
  C:\Windows\System\grUQCZZ.exe
  2⤵
  PID:8888
- C:\Windows\System\oFKpYmM.exe
  C:\Windows\System\oFKpYmM.exe
  2⤵
  PID:8972
- C:\Windows\System\qeiQYDm.exe
  C:\Windows\System\qeiQYDm.exe
  2⤵
  PID:7268
- C:\Windows\System\CWsOOsz.exe
  C:\Windows\System\CWsOOsz.exe
  2⤵
  PID:9056
- C:\Windows\System\ZDpRMNp.exe
  C:\Windows\System\ZDpRMNp.exe
  2⤵
  PID:9044
- C:\Windows\System\CoFyMQF.exe
  C:\Windows\System\CoFyMQF.exe
  2⤵
  PID:9092
- C:\Windows\System\TLDbCsL.exe
  C:\Windows\System\TLDbCsL.exe
  2⤵
  PID:9156
- C:\Windows\System\hJVbyrY.exe
  C:\Windows\System\hJVbyrY.exe
  2⤵
  PID:9172
- C:\Windows\System\GDwGQPc.exe
  C:\Windows\System\GDwGQPc.exe
  2⤵
  PID:8196
- C:\Windows\System\aiMclIU.exe
  C:\Windows\System\aiMclIU.exe
  2⤵
  PID:9200
- C:\Windows\System\uzhFoBn.exe
  C:\Windows\System\uzhFoBn.exe
  2⤵
  PID:8336
- C:\Windows\System\IeMwuhB.exe
  C:\Windows\System\IeMwuhB.exe
  2⤵
  PID:8352
- C:\Windows\System\ZBCtjPb.exe
  C:\Windows\System\ZBCtjPb.exe
  2⤵
  PID:8480
- C:\Windows\System\fXdkfdg.exe
  C:\Windows\System\fXdkfdg.exe
  2⤵
  PID:8668
- C:\Windows\System\rsRZuso.exe
  C:\Windows\System\rsRZuso.exe
  2⤵
  PID:8536
- C:\Windows\System\RqGIJBn.exe
  C:\Windows\System\RqGIJBn.exe
  2⤵
  PID:8636
- C:\Windows\System\FbQunNW.exe
  C:\Windows\System\FbQunNW.exe
  2⤵
  PID:8716
- C:\Windows\System\PUQiTLj.exe
  C:\Windows\System\PUQiTLj.exe
  2⤵
  PID:8808
- C:\Windows\System\ivDcYxF.exe
  C:\Windows\System\ivDcYxF.exe
  2⤵
  PID:8856
- C:\Windows\System\iMToCuW.exe
  C:\Windows\System\iMToCuW.exe
  2⤵
  PID:9020
- C:\Windows\System\COGyXJN.exe
  C:\Windows\System\COGyXJN.exe
  2⤵
  PID:8988
- C:\Windows\System\SCrdBNr.exe
  C:\Windows\System\SCrdBNr.exe
  2⤵
  PID:9108
- C:\Windows\System\yYoroAA.exe
  C:\Windows\System\yYoroAA.exe
  2⤵
  PID:8936
- C:\Windows\System\GFlYngt.exe
  C:\Windows\System\GFlYngt.exe
  2⤵
  PID:9140
- C:\Windows\System\YfrjkWZ.exe
  C:\Windows\System\YfrjkWZ.exe
  2⤵
  PID:8228
- C:\Windows\System\xMeWuxn.exe
  C:\Windows\System\xMeWuxn.exe
  2⤵
  PID:8272
- C:\Windows\System\MIcqQuQ.exe
  C:\Windows\System\MIcqQuQ.exe
  2⤵
  PID:8476
- C:\Windows\System\IQuERIn.exe
  C:\Windows\System\IQuERIn.exe
  2⤵
  PID:8384
- C:\Windows\System\fWFJWMi.exe
  C:\Windows\System\fWFJWMi.exe
  2⤵
  PID:8812
- C:\Windows\System\mCpZtaw.exe
  C:\Windows\System\mCpZtaw.exe
  2⤵
  PID:9024
- C:\Windows\System\EDSHreH.exe
  C:\Windows\System\EDSHreH.exe
  2⤵
  PID:8764
- C:\Windows\System\FVddcEG.exe
  C:\Windows\System\FVddcEG.exe
  2⤵
  PID:8908
- C:\Windows\System\MfMZMZf.exe
  C:\Windows\System\MfMZMZf.exe
  2⤵
  PID:8620
- C:\Windows\System\lDLqRAg.exe
  C:\Windows\System\lDLqRAg.exe
  2⤵
  PID:9040
- C:\Windows\System\MrypohF.exe
  C:\Windows\System\MrypohF.exe
  2⤵
  PID:8992
- C:\Windows\System\KFldSlb.exe
  C:\Windows\System\KFldSlb.exe
  2⤵
  PID:9224
- C:\Windows\System\fZCXete.exe
  C:\Windows\System\fZCXete.exe
  2⤵
  PID:9240
- C:\Windows\System\cLmeFBg.exe
  C:\Windows\System\cLmeFBg.exe
  2⤵
  PID:9256
- C:\Windows\System\NlPYbIi.exe
  C:\Windows\System\NlPYbIi.exe
  2⤵
  PID:9272
- C:\Windows\System\QPfEvJq.exe
  C:\Windows\System\QPfEvJq.exe
  2⤵
  PID:9288
- C:\Windows\System\tdSllmH.exe
  C:\Windows\System\tdSllmH.exe
  2⤵
  PID:9304
- C:\Windows\System\wXvWlUq.exe
  C:\Windows\System\wXvWlUq.exe
  2⤵
  PID:9320
- C:\Windows\System\famIPDm.exe
  C:\Windows\System\famIPDm.exe
  2⤵
  PID:9336
- C:\Windows\System\CrZuWYP.exe
  C:\Windows\System\CrZuWYP.exe
  2⤵
  PID:9352
- C:\Windows\System\ngLPqUl.exe
  C:\Windows\System\ngLPqUl.exe
  2⤵
  PID:9368
- C:\Windows\System\iGBPpHi.exe
  C:\Windows\System\iGBPpHi.exe
  2⤵
  PID:9384
- C:\Windows\System\BIpiZUp.exe
  C:\Windows\System\BIpiZUp.exe
  2⤵
  PID:9400
- C:\Windows\System\pIPFMxs.exe
  C:\Windows\System\pIPFMxs.exe
  2⤵
  PID:9416
- C:\Windows\System\MWVYFSz.exe
  C:\Windows\System\MWVYFSz.exe
  2⤵
  PID:9432
- C:\Windows\System\dHtDggN.exe
  C:\Windows\System\dHtDggN.exe
  2⤵
  PID:9448
- C:\Windows\System\OjJtOZs.exe
  C:\Windows\System\OjJtOZs.exe
  2⤵
  PID:9464
- C:\Windows\System\pCuRxxQ.exe
  C:\Windows\System\pCuRxxQ.exe
  2⤵
  PID:9480
- C:\Windows\System\zFxHKNa.exe
  C:\Windows\System\zFxHKNa.exe
  2⤵
  PID:9496
- C:\Windows\System\FKyBKBi.exe
  C:\Windows\System\FKyBKBi.exe
  2⤵
  PID:9516
- C:\Windows\System\bsPVjIC.exe
  C:\Windows\System\bsPVjIC.exe
  2⤵
  PID:9532
- C:\Windows\System\rfIOLAM.exe
  C:\Windows\System\rfIOLAM.exe
  2⤵
  PID:9548
- C:\Windows\System\wUHuuSQ.exe
  C:\Windows\System\wUHuuSQ.exe
  2⤵
  PID:9564
- C:\Windows\System\KqKEwQz.exe
  C:\Windows\System\KqKEwQz.exe
  2⤵
  PID:9580
- C:\Windows\System\QNYzdUc.exe
  C:\Windows\System\QNYzdUc.exe
  2⤵
  PID:9596
- C:\Windows\System\ZXJTXjB.exe
  C:\Windows\System\ZXJTXjB.exe
  2⤵
  PID:9612
- C:\Windows\System\fLKhKhD.exe
  C:\Windows\System\fLKhKhD.exe
  2⤵
  PID:9628
- C:\Windows\System\SzeXDRB.exe
  C:\Windows\System\SzeXDRB.exe
  2⤵
  PID:9644
- C:\Windows\System\HdjYTnv.exe
  C:\Windows\System\HdjYTnv.exe
  2⤵
  PID:9660
- C:\Windows\System\OAYPaHf.exe
  C:\Windows\System\OAYPaHf.exe
  2⤵
  PID:9676
- C:\Windows\System\qdGykbV.exe
  C:\Windows\System\qdGykbV.exe
  2⤵
  PID:9692
- C:\Windows\System\zqrexQu.exe
  C:\Windows\System\zqrexQu.exe
  2⤵
  PID:9708
- C:\Windows\System\yngHLoI.exe
  C:\Windows\System\yngHLoI.exe
  2⤵
  PID:9724
- C:\Windows\System\RnihYfV.exe
  C:\Windows\System\RnihYfV.exe
  2⤵
  PID:9740
- C:\Windows\System\VbyeSLV.exe
  C:\Windows\System\VbyeSLV.exe
  2⤵
  PID:9756
- C:\Windows\System\riWvGKl.exe
  C:\Windows\System\riWvGKl.exe
  2⤵
  PID:9772
- C:\Windows\System\zEprChF.exe
  C:\Windows\System\zEprChF.exe
  2⤵
  PID:9788
- C:\Windows\System\dxewWQj.exe
  C:\Windows\System\dxewWQj.exe
  2⤵
  PID:9808
- C:\Windows\System\BRTLOzt.exe
  C:\Windows\System\BRTLOzt.exe
  2⤵
  PID:9828
- C:\Windows\System\btgPERb.exe
  C:\Windows\System\btgPERb.exe
  2⤵
  PID:9844
- C:\Windows\System\yRGYSpM.exe
  C:\Windows\System\yRGYSpM.exe
  2⤵
  PID:9860
- C:\Windows\System\MYMKwRy.exe
  C:\Windows\System\MYMKwRy.exe
  2⤵
  PID:9876
- C:\Windows\System\ISMiiIE.exe
  C:\Windows\System\ISMiiIE.exe
  2⤵
  PID:9892
- C:\Windows\System\dwnLWuN.exe
  C:\Windows\System\dwnLWuN.exe
  2⤵
  PID:9908
- C:\Windows\System\btMNiKM.exe
  C:\Windows\System\btMNiKM.exe
  2⤵
  PID:9924
- C:\Windows\System\FwCCsXd.exe
  C:\Windows\System\FwCCsXd.exe
  2⤵
  PID:9940
- C:\Windows\System\debLaQl.exe
  C:\Windows\System\debLaQl.exe
  2⤵
  PID:9956
- C:\Windows\System\GSXNjhL.exe
  C:\Windows\System\GSXNjhL.exe
  2⤵
  PID:9996
- C:\Windows\System\cMFssKx.exe
  C:\Windows\System\cMFssKx.exe
  2⤵
  PID:10020
- C:\Windows\System\VRQBbvE.exe
  C:\Windows\System\VRQBbvE.exe
  2⤵
  PID:10036
- C:\Windows\System\xrwsOAR.exe
  C:\Windows\System\xrwsOAR.exe
  2⤵
  PID:10072
- C:\Windows\System\EfTiqbQ.exe
  C:\Windows\System\EfTiqbQ.exe
  2⤵
  PID:10100
- C:\Windows\System\KPaybbb.exe
  C:\Windows\System\KPaybbb.exe
  2⤵
  PID:10128
- C:\Windows\System\RgIxlUU.exe
  C:\Windows\System\RgIxlUU.exe
  2⤵
  PID:9428
- C:\Windows\System\wJetKKk.exe
  C:\Windows\System\wJetKKk.exe
  2⤵
  PID:9396
- C:\Windows\System\NyPqSKS.exe
  C:\Windows\System\NyPqSKS.exe
  2⤵
  PID:9572
- C:\Windows\System\PQGIvEB.exe
  C:\Windows\System\PQGIvEB.exe
  2⤵
  PID:9652
- C:\Windows\System\wIhNOql.exe
  C:\Windows\System\wIhNOql.exe
  2⤵
  PID:9668
- C:\Windows\System\YhqXJVR.exe
  C:\Windows\System\YhqXJVR.exe
  2⤵
  PID:9688
- C:\Windows\System\IiQwGVB.exe
  C:\Windows\System\IiQwGVB.exe
  2⤵
  PID:9748
- C:\Windows\System\lKZXMgi.exe
  C:\Windows\System\lKZXMgi.exe
  2⤵
  PID:9780
- C:\Windows\System\JzkvlqK.exe
  C:\Windows\System\JzkvlqK.exe
  2⤵
  PID:9784
- C:\Windows\System\INGeSMu.exe
  C:\Windows\System\INGeSMu.exe
  2⤵
  PID:9824
- C:\Windows\System\dPlVVWi.exe
  C:\Windows\System\dPlVVWi.exe
  2⤵
  PID:9856
- C:\Windows\System\FyJdtKd.exe
  C:\Windows\System\FyJdtKd.exe
  2⤵
  PID:9840
- C:\Windows\System\nBJKndD.exe
  C:\Windows\System\nBJKndD.exe
  2⤵
  PID:9544
- C:\Windows\System\LvEfMbg.exe
  C:\Windows\System\LvEfMbg.exe
  2⤵
  PID:10028
- C:\Windows\System\oZGxDkk.exe
  C:\Windows\System\oZGxDkk.exe
  2⤵
  PID:10144
- C:\Windows\System\wrNsoco.exe
  C:\Windows\System\wrNsoco.exe
  2⤵
  PID:9640
- C:\Windows\System\cemGFCH.exe
  C:\Windows\System\cemGFCH.exe
  2⤵
  PID:10084
- C:\Windows\System\EByLgqm.exe
  C:\Windows\System\EByLgqm.exe
  2⤵
  PID:10048
- C:\Windows\System\NLXhRYe.exe
  C:\Windows\System\NLXhRYe.exe
  2⤵
  PID:10096
- C:\Windows\System\FxiOgBc.exe
  C:\Windows\System\FxiOgBc.exe
  2⤵
  PID:10068
- C:\Windows\System\ZftMAid.exe
  C:\Windows\System\ZftMAid.exe
  2⤵
  PID:9968
- C:\Windows\System\cQuPcVm.exe
  C:\Windows\System\cQuPcVm.exe
  2⤵
  PID:10056
- C:\Windows\System\pqorNzG.exe
  C:\Windows\System\pqorNzG.exe
  2⤵
  PID:10196
- C:\Windows\System\GTqUDXg.exe
  C:\Windows\System\GTqUDXg.exe
  2⤵
  PID:9264
- C:\Windows\System\EDaSCAu.exe
  C:\Windows\System\EDaSCAu.exe
  2⤵
  PID:9380
- C:\Windows\System\amIznrZ.exe
  C:\Windows\System\amIznrZ.exe
  2⤵
  PID:9408
- C:\Windows\System\xEFbuLU.exe
  C:\Windows\System\xEFbuLU.exe
  2⤵
  PID:9624
- C:\Windows\System\kGgSeSC.exe
  C:\Windows\System\kGgSeSC.exe
  2⤵
  PID:10220
- C:\Windows\System\BKIwIOl.exe
  C:\Windows\System\BKIwIOl.exe
  2⤵
  PID:9252
- C:\Windows\System\hroFROu.exe
  C:\Windows\System\hroFROu.exe
  2⤵
  PID:10212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\IfOXOWX.exe

Filesize
6.0MB

MD5
51ad357c2a7b7ae4f1897617199123a2

SHA1
10aa9570ebbd54cfbef8298ab7374f29ed6c4b99

SHA256
d7938f5851e006ced5069105419054e0f002af529c3e0057f331c96f353c695a

SHA512
8726dad025603bee7eacd24292c37cf68ffc77de6ad1bfad29518da6b635f6a1a4287b041617833a68c9f021b4b29b868d08c3a73141b0ba1f3ea0a077896b7f

Download Submit
C:\Windows\system\IproxSR.exe

Filesize
6.0MB

MD5
f2647f057ed426a090b9f59e66789775

SHA1
4c8c15361efbdf5cb6f45a58a0a883409837c3c0

SHA256
f4753e6783b5374b96d398f27f71711f838d0a1c4a06c79e477fb1d3436892bf

SHA512
24056257ae1bc25377bf9f41467ad67d9df0702eb975e5a6a34607ed2797cc1c59d919f962d4926f3fa4f124d2624be019287ca2cf5318901d04e3ca9de7e4b1

Download Submit
C:\Windows\system\MMyKpWN.exe

Filesize
6.0MB

MD5
49254edd381ab30e26fcdf22436de5e7

SHA1
6b3a7ed4445d1c8bebedeb7de08df215b8deb4ee

SHA256
f44904e199abf251454f817e9160e2d2f1e11c8669fa54b420ffae3bb60315ff

SHA512
c08a2a30df06953efc8c7fc66dc0b1334053ec4e4755f149aee77afddcad93b10216e62f141b8711d0837f8e1a3db686a25b575c3b0672285c89635d13ec4e2d

Download Submit
C:\Windows\system\OVJvWFG.exe

Filesize
6.0MB

MD5
58595882d7b25ba7fe94fb1f5fb19172

SHA1
315fd2e9239a26824fbd8e01e70d9a8f8185eb3c

SHA256
44ae685c282c06d17ca4a92b615cb95f017c36fcaf02d513eef4bc8bbfbc78f2

SHA512
23bf9e0b3cc82658068b99eaf6f64799843f76718c3ab1518b6eca280b9fd8387068ae4b5ac589016f2fed1683734e72c26e5e4e5af491df1a14c56d9ca6d0bc

Download Submit
C:\Windows\system\TkJVzlM.exe

Filesize
6.0MB

MD5
02a612a3b913098ac030ac58adea6a7e

SHA1
3e0bff23c74c1567c1cc8c7611562eb0d128dc47

SHA256
2fb62c87c98408172a6c834d2013a67a05820c3268dabf47e50c7624c3552e34

SHA512
98771ed9a1ae76b0a513a53a36910354eb2897e3c3eaa503d604bd37959e6846eadcfbb9142442feb53e4c7f76b92ba1e920bad2bff9e9875beaf18cc2d14bc2

Download Submit
C:\Windows\system\ULoRfNT.exe

Filesize
6.0MB

MD5
2655c2028bcedbb2c7e6725c3e7ab75e

SHA1
101694da2eddc64612be40eee605fe1940497013

SHA256
1dbbb3e8de02f41df84ede5b59e60a8b11af7401f03f4f02d578e01c01c3cf5e

SHA512
0cd5a64b27573e7ee1621142cb35f4573906d58acd7810eed3c4b8485058c6ef4b6007fccc5118ccc7b4aa02de5913fa5c73bf5300c1cbb29205d11e7a1e40f3

Download Submit
C:\Windows\system\VOAaVPP.exe

Filesize
6.0MB

MD5
79cd5b908e1a5754ea157dc28b05c18a

SHA1
07f7f4360d34d8d31071a2849ede3cae581748f4

SHA256
8c27f39c7234527294788c33e1908b6dc7c2e453a91b6861ecebb6685226b03b

SHA512
fb728f254df94fd07406dbdb110be52de0bafcdc2bc705262f47eeb76e83f14e32c34c774c6d55f70be717ab8e2e28fbacba2fad5827cff1d794fc70ec182c7f

Download Submit
C:\Windows\system\VhwjGhr.exe

Filesize
6.0MB

MD5
50e6d1d06f0e0dde302aae6401e129ea

SHA1
657fe0ad680750de942379afa3cb4765554ebef0

SHA256
8736cea3d87d9128da0a3c0bae5893c7d3701e912554b8d0430b32dbe2777598

SHA512
db0b22b0ba77d24d7fbac16cd1efbf9bd5b7099bf63da3710dade02ca5395b9d5d3a02d190bd55b2cf9a6eb1bedd1ae3043bd16f9d92430fb2b7d597c7b5a311

Download Submit
C:\Windows\system\XNoxHrS.exe

Filesize
6.0MB

MD5
6b48633e6e3a942c4c9ae98a74c088af

SHA1
f50e264dcccebee6ce6d9f97639d72a3076f745b

SHA256
3dccfe6d2e3745e3464fdd4d590d384424c7d614b9932a9bbbacc961cb0b3c55

SHA512
a077dee10134f6518e7231234cd0fa01282cfefd53593a238a4eee9c5a7ec5d1dc3ba2bef128311f669dcd2bfa458c02129776fb22d70d39da03b22d3790f0a3

Download Submit
C:\Windows\system\dkhOeXA.exe

Filesize
6.0MB

MD5
908a1649482a60ade6fdc51de9bcf6dc

SHA1
215ada997bbfc0b20d9e245685f5ae868343f7f7

SHA256
cb20afcf24d5f1166fc78e237020ade2516ea7fde2be88e4aee5b348b6fa66a4

SHA512
c799d526c7284d3d71f81c70cb15575f782d0495ea10cfc9ccd601d4805149233122d920213de85254daf201417e6cd1c2a3cb9f879f9a63e1f6a7d6282fb615

Download Submit
C:\Windows\system\eJakmFL.exe

Filesize
6.0MB

MD5
a30d94e3a8410cda84c7a12ea6451419

SHA1
6c717e4c6211aa13d7057cd5c42e9ef75810c4c3

SHA256
92211a906c1fa9ca7f412a3d6b8ee51982038c2645e5c19d4b4c307d5a2e869b

SHA512
6d23fe44408cb302ac2d96d5d52c7bf42c4779186883b545715c0ef08348bdaffc14d19455a40953cf48759a1e7552f424d40cd9743615aaa2c17f78dd48f589

Download Submit
C:\Windows\system\fHaavqW.exe

Filesize
6.0MB

MD5
a1842eb49c60f4d69c27c7d24bba8089

SHA1
26f46c9e38511de4e1f38f13ab3473014dba2c60

SHA256
5085099939b4e67f023fce0bd691f71cdf363aaac84d7e0f49c3121a2f5d38ca

SHA512
a5081b83f2627eb19f9502c5a657e8931524a4433d7778d0f6e865dc40fe860f43d0b337b77de03f07f73fa6ac8cf17800044ad2d20de4eb47b04da0c04f7d53

Download Submit
C:\Windows\system\gJGehoB.exe

Filesize
6.0MB

MD5
4d88f57156ece61adab5a8b0289aaf35

SHA1
580dbc232e927c1bbe7b4f9d1232715d92546c08

SHA256
992f1504283513b13b825c90ab084c2bb114f2dd2e88dbf26dd8c7bf9d17c07c

SHA512
85c4853c2bcc28a650b8ce7de066178179b82326f5330a8b237a47fa8e820c7599b1c2beb6fc4b7c2cc2deec6ae7a559db31715f87764cc1fc8775f0a6c3b2f6

Download Submit
C:\Windows\system\gXxwqRf.exe

Filesize
6.0MB

MD5
f3d9cc552b9245f0c0c1d6020bfa795c

SHA1
12a2fbbcc0667436a4ecbd690e43f0e7d716a9ea

SHA256
be5064a1ae99d857ff8ba8d5e70d084867fb4062841567b2031092f9674d3040

SHA512
dd72a4afd64a8e82df219e33efbbc8eaee93f34b16062daa523f47fda9c3f0a12113511caaad4bc7f1b11b85c40631c005ce914119e9ea0826818f9e402c84b4

Download Submit
C:\Windows\system\jPYAXzG.exe

Filesize
6.0MB

MD5
41ee4499c98679d79c41ac11bdb733e0

SHA1
62a276151936a6f5525cb1022e686351f2d25652

SHA256
bb0d80e824d45fdf2365c47dde3783626b80bdf2a8c0259a5ac5bbcc80b22a06

SHA512
d21d839e1352b935c94e819372a83d4718cdc2e177db0d9b84ae717eaf815ca91da38048a4cbb246378c46814b26015ba58afd082fad366bc2e527df37db49d7

Download Submit
C:\Windows\system\kbHDRlM.exe

Filesize
6.0MB

MD5
d72cd8988c0b556937e58985c6300994

SHA1
9528242a3e6edb652201a21e64817c664e35a564

SHA256
48c56cabfedd764d595565e560a4900815900a7482dd960a2aedb829e7b1743e

SHA512
fdc0b03e589be04c55823feacc55c5ebdaf2b17a91ad30768408c249f9f2972b44e308387a1a4be58799f28b919df54786c0ac758523c94afdf48ddcbdb3c1ab

Download Submit
C:\Windows\system\lhEIMKB.exe

Filesize
6.0MB

MD5
1c40faa059b3a1d5fdef5f112d9ab33a

SHA1
eb1a900d314ba0f5de363e344925e00b607ecd3e

SHA256
9ccf667d03cedc5771132007177f60504512a1381d695684bb6e4d523bdf37a2

SHA512
4f63226f14499dead668bec9748790d96a66fd987a729837e70df5b3a6e2efb2b7f03ec62694e52fd1e09f2cb5bf2eb91b41d36eb9337c1e73a92423f1245aad

Download Submit
C:\Windows\system\lhHPFca.exe

Filesize
6.0MB

MD5
effbe0ff9b76c71afa77f293537b8d7d

SHA1
04626e753cdd54d92d0d76087bc521434c5f3bec

SHA256
80b3c07e67e6162608335097e0415be8da4350e8907b0ca4b5aec2ae45377831

SHA512
64c1054d41d4fba04d7a6115e0c0ccfafc9437235e7b9301c01c91a48125b34d36b546203f917b0a651ba9d4f86200408b02e3f10e00de786466a49416465c25

Download Submit
C:\Windows\system\nbWrrwx.exe

Filesize
6.0MB

MD5
39110a58ad2b099f20c839f056407caf

SHA1
ccad845aaad493d6e119469977d6a28b199b7a0e

SHA256
d829c4acd7529157b16b3d4dd1ddbb8615839e0e5b9d52db355c32b4747336b4

SHA512
61b002a0f546544b2b93d3ec223e45d4aada25248d09ca31a2665717fbe330df86ec98b8f83d4f1c9d629750c7f4cd0670da45deb894f0aa876961dfbd6a112e

Download Submit
C:\Windows\system\nxfSltM.exe

Filesize
8B

MD5
c8230b42d85139b7ba8736c2590cbd60

SHA1
ded03c5d540e863d87fd995f2ebd957adf91f77f

SHA256
f64fba4059215094f20af4131eac76500f3f6811f0db0a6921162f3a8883f404

SHA512
0a34b6550f67610c5a24100d138df50102d48b2fffaa6afd2569eb4549829cd89914fa646ba3d1e3e3e1ba13eae4abc1fb9e8d13e0c6b7948be8f38c05a49417

Download Submit
C:\Windows\system\oFmvLzu.exe

Filesize
6.0MB

MD5
a46130daca788fe50b2180c73866d982

SHA1
7900cbe6190195274e1879caff516d4b17758e28

SHA256
4b5c9e78b088692109ae16d55d7f0c77c078f6110f5a087910227a0e676e470e

SHA512
7007c4c7d56ba4503bfca63d5c85a6eb7206a6dbac45fcee501618c0cf26bc7213dbef05202b48be2d937710689d84ff4488b33444345e9a9b2fc689c9202cb6

Download Submit
C:\Windows\system\rMOWkxD.exe

Filesize
6.0MB

MD5
688bcf918e9a51f976547575b08a5bbf

SHA1
ce686d018565c352f6504e8fffa6689575b31280

SHA256
5202fed0b1c8b949c032aca380b9f1c625123f5327b6c30e34611690820852a6

SHA512
0848ff755e280d271ccfc9772ab402a65bcbb1906968a4a8ff6e3c62cfaf31380771e144be90e488eac9bb961d5f2e6b1bd277df3dd198066f4730b98ea5e8e7

Download Submit
C:\Windows\system\sibGORm.exe

Filesize
6.0MB

MD5
1cdef862b03c43b8c193bbeefb58e8b5

SHA1
becff2662e8276c3d86205d9c61df9556fc14731

SHA256
5bc04f7c9db3a4055155d5b73a9fa3a8d0dd135791b98e5aa3779aacb4c73b52

SHA512
6338aa24d38f85c58bd41e7885086f52184216d35ff83cc74eb95806b135f894f6cc87be00f6329e4d683ae6e5408fa82defb619c8bb4b3b27ae712bde32ade4

Download Submit
C:\Windows\system\tOLHsEA.exe

Filesize
6.0MB

MD5
eecd0bd8ee0b5a7ddee60f7e37c28243

SHA1
9ad52512a37f047bb0eb534e047b2d7a3fbcf7a4

SHA256
24a391dc745ad92fd840e3a43b19a0c67046e8b271d00799dd6ca7befb391991

SHA512
0aaf6d3e1e8ff0bbbe33b19d0830ef791871caf428aa0e199da864f4a75542240c233534c71574b68587b346d025e46dc086ced070254e2a8df71223d2fef4a1

Download Submit
C:\Windows\system\ykashcq.exe

Filesize
6.0MB

MD5
ede42947eb6805615c682898e024dbb3

SHA1
ba601c3b2f809b9a9cd41cbb3bc39704ab898e40

SHA256
0f2d0b085106a803188e42002d65065b6bda79c9a6f03ab0ff18e943d614013c

SHA512
2ecb064c434a3acaf4e4d4680d48678ae7222b1e25b3ec4d64c3acb17e22a01ca200a6d2b30f648d5970722719207bf446de20f567280f8c1c81d9565a2a42d7

Download Submit
\Windows\system\JWhyUJf.exe

Filesize
6.0MB

MD5
18695dcfc3010f77d219a615be5c389b

SHA1
0be0343d32aa69ec96b5c3573a0fa3944ec48974

SHA256
8dcf62200b450587357e3f72aa0a4abd20687b25279e6092398d935e4b215692

SHA512
36b3457684686edfbc768bfb4cfbc95a2cbaf62bedab739399641904bd6d6f805ee1f1418c32d1179f4335b166e3dd57dd46ba9ef596f21cc2aebb7f833e1dee

Download Submit
\Windows\system\YbQYPMx.exe

Filesize
6.0MB

MD5
d84cbea41c139069bf6be581d5f90eaf

SHA1
3d2f4d8b48946830a034da2a7448d1eae95ecd41

SHA256
4cdc757dc5b44bd997e7537e8115a3df912623fb37a61c5dc976c072a6691ba9

SHA512
0b72d39d56de4876e6287ff03d2787808492590341de712f382ab6350f82d23c2b3acb8c2cf044e7a090fee30787f07423b67f7af329445ca3de326fcd79ac21

Download Submit
\Windows\system\gAfzjnc.exe

Filesize
6.0MB

MD5
5f312e6bb8b3d46f0e706bb8be94305d

SHA1
1371b203dab4d1e0988fcdcade3a64299499acd9

SHA256
61e027164342d796686eaf9613af7b8510d1b5a848c3f07ef0e5436bc19b9c16

SHA512
b1f8f829086290090e22a8832f0cd2b33bb4c881adeb05df9eeda0d6ad4d0e9ad176d6c7f2d56bb109a4caa322b435f905a5847a99d5577191b765ae1718c969

Download Submit
\Windows\system\hduoQll.exe

Filesize
6.0MB

MD5
d1293b1a8708396d95e2263a89a30ae0

SHA1
54534f69c067d85d94da26311a935857c8b9bc5d

SHA256
3d86105990865177641ccc29b740c9a7d3c11115f1a827b189dca67fa0cf7abe

SHA512
f1d3f8f9cd323a47d10fc06aa3865d512ed2a712e90f49666839bce39d17d4ffba0df910fea4618701cf024bcf7e2bc121338dc99481cf3b636f88c3a69e60bb

Download Submit
\Windows\system\khACThn.exe

Filesize
6.0MB

MD5
34b4ba50957dc4591c8c1de09087dd7f

SHA1
9cea0d07f7fe494f4942a2da2292f459796a5762

SHA256
6532d75b7fa640da41ebeb2c62862ff2e6eb65c4cdb0a85d9ed711e6809a24b9

SHA512
67fbd1622e6c9a2f94fac21a8afdfe34e630d0a1a92707a0720c8694026c571267243b330b3cef39bf4b3fcff93be3ee7c0fe8aed4f9e2cebc66603bd6796485

Download Submit
\Windows\system\lZhgIga.exe

Filesize
6.0MB

MD5
4853486ad6e6d2d9b827b9f0065a5d45

SHA1
d3e8870309c64a5ea251ad2e85b917973652605d

SHA256
6aa82a804f6d5893335d1ac9888ce2ff25b39f4635c896a35e26ac36cd235126

SHA512
7d02483d44c930b2056b1b1ed898ebffe052030cd6956d9fae93154804686566f44aa1957bd72b27d3aa95ce09061280ca89e4ce216a3315c0699d1131ac9118

Download Submit
\Windows\system\mUWPnlQ.exe

Filesize
6.0MB

MD5
40eb0ffdb01e94fd2f137f4529d4b8b7

SHA1
6c71c9bf7c1c49107dd74fa03be29a2cb3d9b320

SHA256
45fca8d4335217c0356a2ca0480c793712fd5478a4872087a3fd140f5fee5810

SHA512
5c843d101d4f7eb15f0e7513cc2e0c4891dd3424017c07e8fd60068e8978e290088eee274df955e97fc3d4cb7f633799f255a31fa87a8af0018eec01c2ff6f6b

Download Submit
\Windows\system\swuURtf.exe

Filesize
6.0MB

MD5
360ed680355b85c3be542a5ba8f8bfff

SHA1
45e3d19a7882553d1a38cbe547757e4113326b20

SHA256
6e9bdb970f934217b3cf102e210754cd21db46af21fc92780a8fcb932771e4c6

SHA512
1475997b627ae548d12c67db01b4dac62483acc2dd55e3817e0203fc3465600286dcfe40af56e0ab13d3b5ce4bc49fb52278cdd6a83df684297cded6bb518fa8

Download Submit
memory/476-3498-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/476-89-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/960-3517-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/960-721-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/960-84-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1420-85-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1420-3516-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1748-405-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1748-62-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1748-3316-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2476-105-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-3237-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-49-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-3259-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2484-34-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2484-65-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2572-72-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2572-42-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2572-3236-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2664-108-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3506-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3172-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-28-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-14-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2748-55-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3144-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2792-59-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-99-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-760-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-648-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-0-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2792-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2792-101-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2792-39-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2792-722-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-104-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2792-96-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-36-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2792-81-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-32-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-44-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-23-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2792-759-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-27-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-100-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3504-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2856-3165-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2856-25-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2916-57-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2916-3311-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2916-188-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/3004-8-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-48-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-3143-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download