cobaltstrike | 6ade05fb9b46a19440cdcc805ee6da72b17812bb30a531bf35bb00cba7557b64

Analysis

max time kernel
122s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7def97e7d5c52ae330987c9cb031df4d
SHA1

c96831919f7103ec88e666640009c99069465ce2
SHA256

6ade05fb9b46a19440cdcc805ee6da72b17812bb30a531bf35bb00cba7557b64
SHA512

84250d7784705b491f4eef40c70a4e5d8f19bd8c20cb4fc422fa565c0f71a85d71e734ee34be6f44d2e43365339614915c5901395041e12184e1f6558c12a6bc
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUD:T+q56utgpPF8u/7D

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0003000000012000-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017079-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d89-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017488-38.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950c-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019582-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-99.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-87.dat	cobalt_reflective_dll
behavioral1/files/0x0034000000016d64-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-74.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000174cc-50.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019282-57.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000017492-47.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173a7-33.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173a9-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2124-0-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x0003000000012000-3.dat	xmrig
behavioral1/files/0x0008000000017079-11.dat	xmrig
behavioral1/files/0x0008000000016d89-9.dat	xmrig
behavioral1/memory/2736-34-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x0007000000017488-38.dat	xmrig
behavioral1/memory/2780-61-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2580-53-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2808-78-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/308-84-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/984-96-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019617-178.dat	xmrig
behavioral1/memory/308-474-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/984-826-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/340-645-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2124-473-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2220-317-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2124-316-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019613-159.dat	xmrig
behavioral1/files/0x000500000001960f-153.dat	xmrig
behavioral1/files/0x000500000001960b-145.dat	xmrig
behavioral1/files/0x0005000000019619-188.dat	xmrig
behavioral1/files/0x0005000000019615-172.dat	xmrig
behavioral1/files/0x00050000000195c5-137.dat	xmrig
behavioral1/files/0x000500000001950c-129.dat	xmrig
behavioral1/files/0x000500000001944f-121.dat	xmrig
behavioral1/files/0x0005000000019611-158.dat	xmrig
behavioral1/files/0x000500000001960d-150.dat	xmrig
behavioral1/files/0x0005000000019609-142.dat	xmrig
behavioral1/files/0x0005000000019582-133.dat	xmrig
behavioral1/files/0x0005000000019461-125.dat	xmrig
behavioral1/files/0x0005000000019441-118.dat	xmrig
behavioral1/files/0x0005000000019431-113.dat	xmrig
behavioral1/files/0x0005000000019427-109.dat	xmrig
behavioral1/files/0x000500000001941e-105.dat	xmrig
behavioral1/memory/2124-102-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2124-101-0x0000000002220000-0x0000000002574000-memory.dmp	xmrig
behavioral1/files/0x00050000000193e1-99.dat	xmrig
behavioral1/files/0x00050000000193c2-93.dat	xmrig
behavioral1/memory/340-89-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x00050000000193b4-87.dat	xmrig
behavioral1/files/0x0034000000016d64-82.dat	xmrig
behavioral1/memory/2220-77-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2124-76-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2900-70-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2736-68-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x0005000000019334-66.dat	xmrig
behavioral1/memory/2668-75-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x0005000000019350-74.dat	xmrig
behavioral1/files/0x00090000000174cc-50.dat	xmrig
behavioral1/memory/800-63-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2808-40-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2196-60-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2704-59-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2124-58-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019282-57.dat	xmrig
behavioral1/files/0x000a000000017492-47.dat	xmrig
behavioral1/memory/2668-35-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x00070000000173a7-33.dat	xmrig
behavioral1/files/0x00070000000173a9-30.dat	xmrig
behavioral1/memory/2780-21-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2704-18-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2804-13-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2804-3131-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2804	xhnmcRb.exe
2704	iqnpwqy.exe
2780	QyLxEXM.exe
2736	ROnlnQY.exe
2668	BcxKUpL.exe
2808	GXZiuLE.exe
2580	HdgMxuw.exe
2196	TPukYch.exe
800	dONmYET.exe
2900	NrlGBUn.exe
2220	ZCJWeWZ.exe
308	wVwkjtD.exe
340	qptagbb.exe
984	bFkGveK.exe
2284	HKHtWZv.exe
1304	MmdPRrv.exe
2640	OldGzgL.exe
2888	uAKFFQO.exe
1708	wuWPmdT.exe
596	qbyjaOp.exe
332	CnJaWcS.exe
2492	OjhyTTh.exe
2032	nyYgAxh.exe
2188	oipZSxa.exe
1720	mZdgBkc.exe
1600	UZPVbPl.exe
2320	HWQmUuV.exe
2456	MrGcjaa.exe
1076	YXeXZBt.exe
2168	lHMjzHI.exe
1500	IkeYfSQ.exe
2364	wprfqmA.exe
2484	YvQPIvA.exe
2164	KunQIAI.exe
848	kbVTHgV.exe
2224	bKjWCYw.exe
2448	KCJuaHQ.exe
1224	CftExTK.exe
568	wDlJuLa.exe
1780	zgVcENa.exe
856	yQWjoFp.exe
1440	UntKYda.exe
2960	butuwLw.exe
2112	AjXXLGV.exe
2480	UdgUwRs.exe
2288	MFdutun.exe
2236	OFNGmDV.exe
884	JoYtsLv.exe
1752	GGeIQMT.exe
3032	KCCZbrN.exe
1848	vtPtvVv.exe
2800	GVelBiG.exe
2784	NsXCoZY.exe
2916	KRiQfZM.exe
2680	txoDHMh.exe
2548	WvtBeEq.exe
3036	RVkpnZY.exe
3020	EkXvjTG.exe
2976	LDYXHNh.exe
1628	UPgSWrK.exe
2856	cgAJRSF.exe
1028	EGVcJZT.exe
1260	MThMgSk.exe
840	ZKGHHsX.exe

Loads dropped DLL 64 IoCs

pid	Process
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2124-0-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x0003000000012000-3.dat	upx
behavioral1/files/0x0008000000017079-11.dat	upx
behavioral1/files/0x0008000000016d89-9.dat	upx
behavioral1/memory/2736-34-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x0007000000017488-38.dat	upx
behavioral1/memory/2780-61-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2580-53-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2808-78-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/308-84-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/984-96-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x0005000000019617-178.dat	upx
behavioral1/memory/308-474-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/984-826-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/340-645-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2220-317-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/files/0x0005000000019613-159.dat	upx
behavioral1/files/0x000500000001960f-153.dat	upx
behavioral1/files/0x000500000001960b-145.dat	upx
behavioral1/files/0x0005000000019619-188.dat	upx
behavioral1/files/0x0005000000019615-172.dat	upx
behavioral1/files/0x00050000000195c5-137.dat	upx
behavioral1/files/0x000500000001950c-129.dat	upx
behavioral1/files/0x000500000001944f-121.dat	upx
behavioral1/files/0x0005000000019611-158.dat	upx
behavioral1/files/0x000500000001960d-150.dat	upx
behavioral1/files/0x0005000000019609-142.dat	upx
behavioral1/files/0x0005000000019582-133.dat	upx
behavioral1/files/0x0005000000019461-125.dat	upx
behavioral1/files/0x0005000000019441-118.dat	upx
behavioral1/files/0x0005000000019431-113.dat	upx
behavioral1/files/0x0005000000019427-109.dat	upx
behavioral1/files/0x000500000001941e-105.dat	upx
behavioral1/files/0x00050000000193e1-99.dat	upx
behavioral1/files/0x00050000000193c2-93.dat	upx
behavioral1/memory/340-89-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x00050000000193b4-87.dat	upx
behavioral1/files/0x0034000000016d64-82.dat	upx
behavioral1/memory/2220-77-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2900-70-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2736-68-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x0005000000019334-66.dat	upx
behavioral1/memory/2668-75-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x0005000000019350-74.dat	upx
behavioral1/files/0x00090000000174cc-50.dat	upx
behavioral1/memory/800-63-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2808-40-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2196-60-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2704-59-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2124-58-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x0007000000019282-57.dat	upx
behavioral1/files/0x000a000000017492-47.dat	upx
behavioral1/memory/2668-35-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x00070000000173a7-33.dat	upx
behavioral1/files/0x00070000000173a9-30.dat	upx
behavioral1/memory/2780-21-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2704-18-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2804-13-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2804-3131-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2780-3134-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2704-3133-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2668-3138-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2580-3150-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2808-3152-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\uVSelKB.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HSbaIpN.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OEvntrF.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHXUKsI.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQnqSQB.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YNxKXmD.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYGLeKq.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QibMxKZ.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eRWAsbs.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gOfwxpc.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TQgWVNh.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oFaNdlO.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tuTremz.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VRHXBRm.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VRJiOAj.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mAyDQdM.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tEqYICz.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TxTetKj.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xoEyBCr.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TIimmVX.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wDZcXMY.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uwQzTzJ.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EuIzHbF.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wAoZTgX.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BoyDCvr.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxWRqYC.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pDSVvBo.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YbULPeq.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sKdQnfS.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\voeiqpK.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EeblFiv.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eetreUv.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBhfbrL.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngctTkJ.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lTZRMSn.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZOhxOpE.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uNxkmkU.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ufiAvcL.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BJMfnzb.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cTFrBDF.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VBWcMpN.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CZiaHLT.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLBZtim.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WUwLUnF.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkeYAVm.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uoxrWlT.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DvEQKOs.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\biTHEPh.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kqkMQLh.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkRKuAX.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fatxYPy.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CyFFeSN.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PEVGYDx.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OTRecfn.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HnSCNun.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZpKxAzu.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ySlCwJY.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EOodkZn.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ItIZjlc.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ULQQYkf.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAjRTtp.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbclxNj.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GSmsQMN.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXswGyD.exe	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2804	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2124 wrote to memory of 2804	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2124 wrote to memory of 2804	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2124 wrote to memory of 2704	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2124 wrote to memory of 2704	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2124 wrote to memory of 2704	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2124 wrote to memory of 2780	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2124 wrote to memory of 2780	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2124 wrote to memory of 2780	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2124 wrote to memory of 2668	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2124 wrote to memory of 2668	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2124 wrote to memory of 2668	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2124 wrote to memory of 2736	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2124 wrote to memory of 2736	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2124 wrote to memory of 2736	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2124 wrote to memory of 2808	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2124 wrote to memory of 2808	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2124 wrote to memory of 2808	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2124 wrote to memory of 2580	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2124 wrote to memory of 2580	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2124 wrote to memory of 2580	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2124 wrote to memory of 800	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2124 wrote to memory of 800	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2124 wrote to memory of 800	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2124 wrote to memory of 2196	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2124 wrote to memory of 2196	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2124 wrote to memory of 2196	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2124 wrote to memory of 2900	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2124 wrote to memory of 2900	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2124 wrote to memory of 2900	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2124 wrote to memory of 2220	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2124 wrote to memory of 2220	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2124 wrote to memory of 2220	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2124 wrote to memory of 308	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2124 wrote to memory of 308	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2124 wrote to memory of 308	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2124 wrote to memory of 340	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2124 wrote to memory of 340	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2124 wrote to memory of 340	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2124 wrote to memory of 984	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2124 wrote to memory of 984	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2124 wrote to memory of 984	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2124 wrote to memory of 2284	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2124 wrote to memory of 2284	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2124 wrote to memory of 2284	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2124 wrote to memory of 1304	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2124 wrote to memory of 1304	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2124 wrote to memory of 1304	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2124 wrote to memory of 2640	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2124 wrote to memory of 2640	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2124 wrote to memory of 2640	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2124 wrote to memory of 2888	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2124 wrote to memory of 2888	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2124 wrote to memory of 2888	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2124 wrote to memory of 1708	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2124 wrote to memory of 1708	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2124 wrote to memory of 1708	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2124 wrote to memory of 596	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2124 wrote to memory of 596	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2124 wrote to memory of 596	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2124 wrote to memory of 332	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2124 wrote to memory of 332	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2124 wrote to memory of 332	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2124 wrote to memory of 2492	2124	2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_7def97e7d5c52ae330987c9cb031df4d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\System\xhnmcRb.exe
  C:\Windows\System\xhnmcRb.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\iqnpwqy.exe
  C:\Windows\System\iqnpwqy.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\QyLxEXM.exe
  C:\Windows\System\QyLxEXM.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\BcxKUpL.exe
  C:\Windows\System\BcxKUpL.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\ROnlnQY.exe
  C:\Windows\System\ROnlnQY.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\GXZiuLE.exe
  C:\Windows\System\GXZiuLE.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\HdgMxuw.exe
  C:\Windows\System\HdgMxuw.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\dONmYET.exe
  C:\Windows\System\dONmYET.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\TPukYch.exe
  C:\Windows\System\TPukYch.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\NrlGBUn.exe
  C:\Windows\System\NrlGBUn.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\ZCJWeWZ.exe
  C:\Windows\System\ZCJWeWZ.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\wVwkjtD.exe
  C:\Windows\System\wVwkjtD.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\qptagbb.exe
  C:\Windows\System\qptagbb.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\bFkGveK.exe
  C:\Windows\System\bFkGveK.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\HKHtWZv.exe
  C:\Windows\System\HKHtWZv.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\MmdPRrv.exe
  C:\Windows\System\MmdPRrv.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\OldGzgL.exe
  C:\Windows\System\OldGzgL.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\uAKFFQO.exe
  C:\Windows\System\uAKFFQO.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\wuWPmdT.exe
  C:\Windows\System\wuWPmdT.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\qbyjaOp.exe
  C:\Windows\System\qbyjaOp.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\CnJaWcS.exe
  C:\Windows\System\CnJaWcS.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\OjhyTTh.exe
  C:\Windows\System\OjhyTTh.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\nyYgAxh.exe
  C:\Windows\System\nyYgAxh.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\oipZSxa.exe
  C:\Windows\System\oipZSxa.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\mZdgBkc.exe
  C:\Windows\System\mZdgBkc.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\UZPVbPl.exe
  C:\Windows\System\UZPVbPl.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\HWQmUuV.exe
  C:\Windows\System\HWQmUuV.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\MrGcjaa.exe
  C:\Windows\System\MrGcjaa.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\YXeXZBt.exe
  C:\Windows\System\YXeXZBt.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\wprfqmA.exe
  C:\Windows\System\wprfqmA.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\lHMjzHI.exe
  C:\Windows\System\lHMjzHI.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\KCJuaHQ.exe
  C:\Windows\System\KCJuaHQ.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\IkeYfSQ.exe
  C:\Windows\System\IkeYfSQ.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\wDlJuLa.exe
  C:\Windows\System\wDlJuLa.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\YvQPIvA.exe
  C:\Windows\System\YvQPIvA.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\zgVcENa.exe
  C:\Windows\System\zgVcENa.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\KunQIAI.exe
  C:\Windows\System\KunQIAI.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\yQWjoFp.exe
  C:\Windows\System\yQWjoFp.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\kbVTHgV.exe
  C:\Windows\System\kbVTHgV.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\UntKYda.exe
  C:\Windows\System\UntKYda.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\bKjWCYw.exe
  C:\Windows\System\bKjWCYw.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\butuwLw.exe
  C:\Windows\System\butuwLw.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\CftExTK.exe
  C:\Windows\System\CftExTK.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\AjXXLGV.exe
  C:\Windows\System\AjXXLGV.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\UdgUwRs.exe
  C:\Windows\System\UdgUwRs.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\MFdutun.exe
  C:\Windows\System\MFdutun.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\OFNGmDV.exe
  C:\Windows\System\OFNGmDV.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\JoYtsLv.exe
  C:\Windows\System\JoYtsLv.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\GGeIQMT.exe
  C:\Windows\System\GGeIQMT.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\KCCZbrN.exe
  C:\Windows\System\KCCZbrN.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\vtPtvVv.exe
  C:\Windows\System\vtPtvVv.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\NsXCoZY.exe
  C:\Windows\System\NsXCoZY.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\GVelBiG.exe
  C:\Windows\System\GVelBiG.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\txoDHMh.exe
  C:\Windows\System\txoDHMh.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\KRiQfZM.exe
  C:\Windows\System\KRiQfZM.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\RVkpnZY.exe
  C:\Windows\System\RVkpnZY.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\WvtBeEq.exe
  C:\Windows\System\WvtBeEq.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\EkXvjTG.exe
  C:\Windows\System\EkXvjTG.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\LDYXHNh.exe
  C:\Windows\System\LDYXHNh.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\UPgSWrK.exe
  C:\Windows\System\UPgSWrK.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\cgAJRSF.exe
  C:\Windows\System\cgAJRSF.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\EGVcJZT.exe
  C:\Windows\System\EGVcJZT.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\MThMgSk.exe
  C:\Windows\System\MThMgSk.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\WeNHPhA.exe
  C:\Windows\System\WeNHPhA.exe
  2⤵
  PID:2108
- C:\Windows\System\ZKGHHsX.exe
  C:\Windows\System\ZKGHHsX.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\bRlqaWN.exe
  C:\Windows\System\bRlqaWN.exe
  2⤵
  PID:936
- C:\Windows\System\lYstmqP.exe
  C:\Windows\System\lYstmqP.exe
  2⤵
  PID:860
- C:\Windows\System\yFMYsZT.exe
  C:\Windows\System\yFMYsZT.exe
  2⤵
  PID:2528
- C:\Windows\System\SqtLipm.exe
  C:\Windows\System\SqtLipm.exe
  2⤵
  PID:2192
- C:\Windows\System\SkEhnpt.exe
  C:\Windows\System\SkEhnpt.exe
  2⤵
  PID:2332
- C:\Windows\System\EuLipSk.exe
  C:\Windows\System\EuLipSk.exe
  2⤵
  PID:2424
- C:\Windows\System\GCVNUPp.exe
  C:\Windows\System\GCVNUPp.exe
  2⤵
  PID:1960
- C:\Windows\System\QszrLNK.exe
  C:\Windows\System\QszrLNK.exe
  2⤵
  PID:3028
- C:\Windows\System\jeZUiGZ.exe
  C:\Windows\System\jeZUiGZ.exe
  2⤵
  PID:1864
- C:\Windows\System\vUCukSk.exe
  C:\Windows\System\vUCukSk.exe
  2⤵
  PID:2956
- C:\Windows\System\MtnXgOr.exe
  C:\Windows\System\MtnXgOr.exe
  2⤵
  PID:1320
- C:\Windows\System\osCnBnM.exe
  C:\Windows\System\osCnBnM.exe
  2⤵
  PID:1656
- C:\Windows\System\HEMhaAg.exe
  C:\Windows\System\HEMhaAg.exe
  2⤵
  PID:1784
- C:\Windows\System\vUHntrY.exe
  C:\Windows\System\vUHntrY.exe
  2⤵
  PID:2248
- C:\Windows\System\YszFOKf.exe
  C:\Windows\System\YszFOKf.exe
  2⤵
  PID:992
- C:\Windows\System\QWjOQtO.exe
  C:\Windows\System\QWjOQtO.exe
  2⤵
  PID:1948
- C:\Windows\System\SwXwWwJ.exe
  C:\Windows\System\SwXwWwJ.exe
  2⤵
  PID:1944
- C:\Windows\System\BDxDYBT.exe
  C:\Windows\System\BDxDYBT.exe
  2⤵
  PID:1692
- C:\Windows\System\TxTetKj.exe
  C:\Windows\System\TxTetKj.exe
  2⤵
  PID:2820
- C:\Windows\System\MYueXPX.exe
  C:\Windows\System\MYueXPX.exe
  2⤵
  PID:2828
- C:\Windows\System\TfLsCSt.exe
  C:\Windows\System\TfLsCSt.exe
  2⤵
  PID:2564
- C:\Windows\System\rfDHoDu.exe
  C:\Windows\System\rfDHoDu.exe
  2⤵
  PID:3004
- C:\Windows\System\jIRWRhI.exe
  C:\Windows\System\jIRWRhI.exe
  2⤵
  PID:1356
- C:\Windows\System\GmGHfrO.exe
  C:\Windows\System\GmGHfrO.exe
  2⤵
  PID:1760
- C:\Windows\System\FCMVAtg.exe
  C:\Windows\System\FCMVAtg.exe
  2⤵
  PID:1984
- C:\Windows\System\xaGFNHN.exe
  C:\Windows\System\xaGFNHN.exe
  2⤵
  PID:1480
- C:\Windows\System\nnFrHJm.exe
  C:\Windows\System\nnFrHJm.exe
  2⤵
  PID:2496
- C:\Windows\System\UMnqldS.exe
  C:\Windows\System\UMnqldS.exe
  2⤵
  PID:2200
- C:\Windows\System\bJPDQyL.exe
  C:\Windows\System\bJPDQyL.exe
  2⤵
  PID:2352
- C:\Windows\System\bwLUDav.exe
  C:\Windows\System\bwLUDav.exe
  2⤵
  PID:280
- C:\Windows\System\rROIdJf.exe
  C:\Windows\System\rROIdJf.exe
  2⤵
  PID:1324
- C:\Windows\System\hWENtLM.exe
  C:\Windows\System\hWENtLM.exe
  2⤵
  PID:2952
- C:\Windows\System\wLYckUj.exe
  C:\Windows\System\wLYckUj.exe
  2⤵
  PID:2972
- C:\Windows\System\PabhBTl.exe
  C:\Windows\System\PabhBTl.exe
  2⤵
  PID:1536
- C:\Windows\System\tMonmuL.exe
  C:\Windows\System\tMonmuL.exe
  2⤵
  PID:2428
- C:\Windows\System\LFEawEe.exe
  C:\Windows\System\LFEawEe.exe
  2⤵
  PID:2348
- C:\Windows\System\rFQSzwv.exe
  C:\Windows\System\rFQSzwv.exe
  2⤵
  PID:1924
- C:\Windows\System\RWCLvTo.exe
  C:\Windows\System\RWCLvTo.exe
  2⤵
  PID:2716
- C:\Windows\System\TUKLwvq.exe
  C:\Windows\System\TUKLwvq.exe
  2⤵
  PID:1724
- C:\Windows\System\gZFXFzp.exe
  C:\Windows\System\gZFXFzp.exe
  2⤵
  PID:1676
- C:\Windows\System\tIBQDVR.exe
  C:\Windows\System\tIBQDVR.exe
  2⤵
  PID:2028
- C:\Windows\System\hYBYkHt.exe
  C:\Windows\System\hYBYkHt.exe
  2⤵
  PID:2172
- C:\Windows\System\jAEsMtw.exe
  C:\Windows\System\jAEsMtw.exe
  2⤵
  PID:1380
- C:\Windows\System\gdKrckn.exe
  C:\Windows\System\gdKrckn.exe
  2⤵
  PID:2436
- C:\Windows\System\YWvUdLw.exe
  C:\Windows\System\YWvUdLw.exe
  2⤵
  PID:3084
- C:\Windows\System\oMFESuj.exe
  C:\Windows\System\oMFESuj.exe
  2⤵
  PID:3104
- C:\Windows\System\mehKzuT.exe
  C:\Windows\System\mehKzuT.exe
  2⤵
  PID:3120
- C:\Windows\System\QGHhPKu.exe
  C:\Windows\System\QGHhPKu.exe
  2⤵
  PID:3140
- C:\Windows\System\svFCkJS.exe
  C:\Windows\System\svFCkJS.exe
  2⤵
  PID:3164
- C:\Windows\System\OEvntrF.exe
  C:\Windows\System\OEvntrF.exe
  2⤵
  PID:3180
- C:\Windows\System\DCCOOKC.exe
  C:\Windows\System\DCCOOKC.exe
  2⤵
  PID:3200
- C:\Windows\System\NFlkDtf.exe
  C:\Windows\System\NFlkDtf.exe
  2⤵
  PID:3220
- C:\Windows\System\wpJqcMW.exe
  C:\Windows\System\wpJqcMW.exe
  2⤵
  PID:3240
- C:\Windows\System\ZgHlbWv.exe
  C:\Windows\System\ZgHlbWv.exe
  2⤵
  PID:3256
- C:\Windows\System\qkwMUnc.exe
  C:\Windows\System\qkwMUnc.exe
  2⤵
  PID:3284
- C:\Windows\System\hqfbIig.exe
  C:\Windows\System\hqfbIig.exe
  2⤵
  PID:3300
- C:\Windows\System\tUTfJNw.exe
  C:\Windows\System\tUTfJNw.exe
  2⤵
  PID:3320
- C:\Windows\System\diYVhqh.exe
  C:\Windows\System\diYVhqh.exe
  2⤵
  PID:3344
- C:\Windows\System\GtBnChx.exe
  C:\Windows\System\GtBnChx.exe
  2⤵
  PID:3360
- C:\Windows\System\ySlCwJY.exe
  C:\Windows\System\ySlCwJY.exe
  2⤵
  PID:3388
- C:\Windows\System\mwjXwvc.exe
  C:\Windows\System\mwjXwvc.exe
  2⤵
  PID:3404
- C:\Windows\System\sMXJfbt.exe
  C:\Windows\System\sMXJfbt.exe
  2⤵
  PID:3428
- C:\Windows\System\IgQoXPk.exe
  C:\Windows\System\IgQoXPk.exe
  2⤵
  PID:3448
- C:\Windows\System\nvQGfqw.exe
  C:\Windows\System\nvQGfqw.exe
  2⤵
  PID:3464
- C:\Windows\System\SllKkWQ.exe
  C:\Windows\System\SllKkWQ.exe
  2⤵
  PID:3484
- C:\Windows\System\jUvBOEa.exe
  C:\Windows\System\jUvBOEa.exe
  2⤵
  PID:3504
- C:\Windows\System\mqHLkcR.exe
  C:\Windows\System\mqHLkcR.exe
  2⤵
  PID:3520
- C:\Windows\System\hsZNbBY.exe
  C:\Windows\System\hsZNbBY.exe
  2⤵
  PID:3544
- C:\Windows\System\ItGtwsD.exe
  C:\Windows\System\ItGtwsD.exe
  2⤵
  PID:3560
- C:\Windows\System\wbitiLa.exe
  C:\Windows\System\wbitiLa.exe
  2⤵
  PID:3576
- C:\Windows\System\oZLPTTr.exe
  C:\Windows\System\oZLPTTr.exe
  2⤵
  PID:3596
- C:\Windows\System\gRDrebW.exe
  C:\Windows\System\gRDrebW.exe
  2⤵
  PID:3620
- C:\Windows\System\JbEpOLC.exe
  C:\Windows\System\JbEpOLC.exe
  2⤵
  PID:3640
- C:\Windows\System\iEBZEKL.exe
  C:\Windows\System\iEBZEKL.exe
  2⤵
  PID:3668
- C:\Windows\System\qoNfhQN.exe
  C:\Windows\System\qoNfhQN.exe
  2⤵
  PID:3692
- C:\Windows\System\SClMdbd.exe
  C:\Windows\System\SClMdbd.exe
  2⤵
  PID:3708
- C:\Windows\System\erwuiDH.exe
  C:\Windows\System\erwuiDH.exe
  2⤵
  PID:3732
- C:\Windows\System\nTOpzXW.exe
  C:\Windows\System\nTOpzXW.exe
  2⤵
  PID:3752
- C:\Windows\System\FtTpKJH.exe
  C:\Windows\System\FtTpKJH.exe
  2⤵
  PID:3772
- C:\Windows\System\EaMsKVn.exe
  C:\Windows\System\EaMsKVn.exe
  2⤵
  PID:3792
- C:\Windows\System\iWmiePf.exe
  C:\Windows\System\iWmiePf.exe
  2⤵
  PID:3808
- C:\Windows\System\zGZqGyg.exe
  C:\Windows\System\zGZqGyg.exe
  2⤵
  PID:3828
- C:\Windows\System\SnyOSIe.exe
  C:\Windows\System\SnyOSIe.exe
  2⤵
  PID:3852
- C:\Windows\System\DvEQKOs.exe
  C:\Windows\System\DvEQKOs.exe
  2⤵
  PID:3868
- C:\Windows\System\LDEcZIP.exe
  C:\Windows\System\LDEcZIP.exe
  2⤵
  PID:3892
- C:\Windows\System\xQOmcDo.exe
  C:\Windows\System\xQOmcDo.exe
  2⤵
  PID:3908
- C:\Windows\System\voeiqpK.exe
  C:\Windows\System\voeiqpK.exe
  2⤵
  PID:3928
- C:\Windows\System\kDuHqEG.exe
  C:\Windows\System\kDuHqEG.exe
  2⤵
  PID:3948
- C:\Windows\System\OGPJbXC.exe
  C:\Windows\System\OGPJbXC.exe
  2⤵
  PID:3972
- C:\Windows\System\XcCvNct.exe
  C:\Windows\System\XcCvNct.exe
  2⤵
  PID:3992
- C:\Windows\System\IWPjEyM.exe
  C:\Windows\System\IWPjEyM.exe
  2⤵
  PID:4012
- C:\Windows\System\cXERvSL.exe
  C:\Windows\System\cXERvSL.exe
  2⤵
  PID:4032
- C:\Windows\System\lIDQcgL.exe
  C:\Windows\System\lIDQcgL.exe
  2⤵
  PID:4052
- C:\Windows\System\QCRhQot.exe
  C:\Windows\System\QCRhQot.exe
  2⤵
  PID:4072
- C:\Windows\System\duQJjba.exe
  C:\Windows\System\duQJjba.exe
  2⤵
  PID:4088
- C:\Windows\System\pPaEGiK.exe
  C:\Windows\System\pPaEGiK.exe
  2⤵
  PID:2264
- C:\Windows\System\MAIFBqb.exe
  C:\Windows\System\MAIFBqb.exe
  2⤵
  PID:2268
- C:\Windows\System\HLqZFoh.exe
  C:\Windows\System\HLqZFoh.exe
  2⤵
  PID:1956
- C:\Windows\System\mFPqwSW.exe
  C:\Windows\System\mFPqwSW.exe
  2⤵
  PID:1928
- C:\Windows\System\ufiAvcL.exe
  C:\Windows\System\ufiAvcL.exe
  2⤵
  PID:1592
- C:\Windows\System\WWjjXtu.exe
  C:\Windows\System\WWjjXtu.exe
  2⤵
  PID:2004
- C:\Windows\System\oFjVxnV.exe
  C:\Windows\System\oFjVxnV.exe
  2⤵
  PID:2136
- C:\Windows\System\TQgWVNh.exe
  C:\Windows\System\TQgWVNh.exe
  2⤵
  PID:956
- C:\Windows\System\HUbRlQj.exe
  C:\Windows\System\HUbRlQj.exe
  2⤵
  PID:3076
- C:\Windows\System\nIWMnyW.exe
  C:\Windows\System\nIWMnyW.exe
  2⤵
  PID:3116
- C:\Windows\System\YzjXFbH.exe
  C:\Windows\System\YzjXFbH.exe
  2⤵
  PID:3132
- C:\Windows\System\Rionyvs.exe
  C:\Windows\System\Rionyvs.exe
  2⤵
  PID:3196
- C:\Windows\System\FjNOguu.exe
  C:\Windows\System\FjNOguu.exe
  2⤵
  PID:3268
- C:\Windows\System\eAwLVVK.exe
  C:\Windows\System\eAwLVVK.exe
  2⤵
  PID:3212
- C:\Windows\System\EuIzHbF.exe
  C:\Windows\System\EuIzHbF.exe
  2⤵
  PID:3252
- C:\Windows\System\PJMOwFj.exe
  C:\Windows\System\PJMOwFj.exe
  2⤵
  PID:3352
- C:\Windows\System\GXYbvOs.exe
  C:\Windows\System\GXYbvOs.exe
  2⤵
  PID:3336
- C:\Windows\System\LSdBbTq.exe
  C:\Windows\System\LSdBbTq.exe
  2⤵
  PID:3440
- C:\Windows\System\WIsveOH.exe
  C:\Windows\System\WIsveOH.exe
  2⤵
  PID:3480
- C:\Windows\System\oIaDBZy.exe
  C:\Windows\System\oIaDBZy.exe
  2⤵
  PID:3476
- C:\Windows\System\ITOKjUI.exe
  C:\Windows\System\ITOKjUI.exe
  2⤵
  PID:3456
- C:\Windows\System\VhDyaag.exe
  C:\Windows\System\VhDyaag.exe
  2⤵
  PID:3628
- C:\Windows\System\PbkvzWA.exe
  C:\Windows\System\PbkvzWA.exe
  2⤵
  PID:3568
- C:\Windows\System\IdiZRNn.exe
  C:\Windows\System\IdiZRNn.exe
  2⤵
  PID:3632
- C:\Windows\System\nRJpvBq.exe
  C:\Windows\System\nRJpvBq.exe
  2⤵
  PID:3676
- C:\Windows\System\bnQiVIC.exe
  C:\Windows\System\bnQiVIC.exe
  2⤵
  PID:3652
- C:\Windows\System\rYOTnbw.exe
  C:\Windows\System\rYOTnbw.exe
  2⤵
  PID:3728
- C:\Windows\System\LvxuThq.exe
  C:\Windows\System\LvxuThq.exe
  2⤵
  PID:3760
- C:\Windows\System\dKYGOIr.exe
  C:\Windows\System\dKYGOIr.exe
  2⤵
  PID:3748
- C:\Windows\System\XBMSYon.exe
  C:\Windows\System\XBMSYon.exe
  2⤵
  PID:3784
- C:\Windows\System\WBRsSiv.exe
  C:\Windows\System\WBRsSiv.exe
  2⤵
  PID:3840
- C:\Windows\System\aEFxyZG.exe
  C:\Windows\System\aEFxyZG.exe
  2⤵
  PID:3916
- C:\Windows\System\IRpJXyu.exe
  C:\Windows\System\IRpJXyu.exe
  2⤵
  PID:3960
- C:\Windows\System\pQihoFW.exe
  C:\Windows\System\pQihoFW.exe
  2⤵
  PID:3860
- C:\Windows\System\JacrZnI.exe
  C:\Windows\System\JacrZnI.exe
  2⤵
  PID:3900
- C:\Windows\System\AvJfZQJ.exe
  C:\Windows\System\AvJfZQJ.exe
  2⤵
  PID:4044
- C:\Windows\System\HpWufFl.exe
  C:\Windows\System\HpWufFl.exe
  2⤵
  PID:3988
- C:\Windows\System\VSVDeyn.exe
  C:\Windows\System\VSVDeyn.exe
  2⤵
  PID:1512
- C:\Windows\System\PEVGYDx.exe
  C:\Windows\System\PEVGYDx.exe
  2⤵
  PID:2012
- C:\Windows\System\KpKVEHY.exe
  C:\Windows\System\KpKVEHY.exe
  2⤵
  PID:324
- C:\Windows\System\TujHazX.exe
  C:\Windows\System\TujHazX.exe
  2⤵
  PID:1528
- C:\Windows\System\EOodkZn.exe
  C:\Windows\System\EOodkZn.exe
  2⤵
  PID:2420
- C:\Windows\System\CiCcLCZ.exe
  C:\Windows\System\CiCcLCZ.exe
  2⤵
  PID:3188
- C:\Windows\System\LszIsRB.exe
  C:\Windows\System\LszIsRB.exe
  2⤵
  PID:3280
- C:\Windows\System\NdlkIEG.exe
  C:\Windows\System\NdlkIEG.exe
  2⤵
  PID:1044
- C:\Windows\System\bTLnrMl.exe
  C:\Windows\System\bTLnrMl.exe
  2⤵
  PID:3176
- C:\Windows\System\JlFtPCN.exe
  C:\Windows\System\JlFtPCN.exe
  2⤵
  PID:3308
- C:\Windows\System\zbclxNj.exe
  C:\Windows\System\zbclxNj.exe
  2⤵
  PID:3372
- C:\Windows\System\SrUrwON.exe
  C:\Windows\System\SrUrwON.exe
  2⤵
  PID:3332
- C:\Windows\System\biTHEPh.exe
  C:\Windows\System\biTHEPh.exe
  2⤵
  PID:3584
- C:\Windows\System\hgTEmzM.exe
  C:\Windows\System\hgTEmzM.exe
  2⤵
  PID:3472
- C:\Windows\System\QBOQjEv.exe
  C:\Windows\System\QBOQjEv.exe
  2⤵
  PID:3500
- C:\Windows\System\PAjCkic.exe
  C:\Windows\System\PAjCkic.exe
  2⤵
  PID:3516
- C:\Windows\System\aLdUFne.exe
  C:\Windows\System\aLdUFne.exe
  2⤵
  PID:3700
- C:\Windows\System\eylbpdn.exe
  C:\Windows\System\eylbpdn.exe
  2⤵
  PID:3716
- C:\Windows\System\fiRJatw.exe
  C:\Windows\System\fiRJatw.exe
  2⤵
  PID:3888
- C:\Windows\System\JoSolLs.exe
  C:\Windows\System\JoSolLs.exe
  2⤵
  PID:3848
- C:\Windows\System\kXPzYKc.exe
  C:\Windows\System\kXPzYKc.exe
  2⤵
  PID:4000
- C:\Windows\System\hdzNvto.exe
  C:\Windows\System\hdzNvto.exe
  2⤵
  PID:4040
- C:\Windows\System\omRclCE.exe
  C:\Windows\System\omRclCE.exe
  2⤵
  PID:4004
- C:\Windows\System\xoEyBCr.exe
  C:\Windows\System\xoEyBCr.exe
  2⤵
  PID:1008
- C:\Windows\System\BrWOwgg.exe
  C:\Windows\System\BrWOwgg.exe
  2⤵
  PID:3980
- C:\Windows\System\YzLclws.exe
  C:\Windows\System\YzLclws.exe
  2⤵
  PID:2256
- C:\Windows\System\ItIZjlc.exe
  C:\Windows\System\ItIZjlc.exe
  2⤵
  PID:3272
- C:\Windows\System\LRfAFzF.exe
  C:\Windows\System\LRfAFzF.exe
  2⤵
  PID:4112
- C:\Windows\System\ewXeMYr.exe
  C:\Windows\System\ewXeMYr.exe
  2⤵
  PID:4132
- C:\Windows\System\sGglEZl.exe
  C:\Windows\System\sGglEZl.exe
  2⤵
  PID:4152
- C:\Windows\System\KudDMcu.exe
  C:\Windows\System\KudDMcu.exe
  2⤵
  PID:4168
- C:\Windows\System\peboQkF.exe
  C:\Windows\System\peboQkF.exe
  2⤵
  PID:4184
- C:\Windows\System\wAoZTgX.exe
  C:\Windows\System\wAoZTgX.exe
  2⤵
  PID:4200
- C:\Windows\System\JtUwfGL.exe
  C:\Windows\System\JtUwfGL.exe
  2⤵
  PID:4216
- C:\Windows\System\gupluPY.exe
  C:\Windows\System\gupluPY.exe
  2⤵
  PID:4244
- C:\Windows\System\ZXdRhkL.exe
  C:\Windows\System\ZXdRhkL.exe
  2⤵
  PID:4276
- C:\Windows\System\eetreUv.exe
  C:\Windows\System\eetreUv.exe
  2⤵
  PID:4292
- C:\Windows\System\gMSdJXB.exe
  C:\Windows\System\gMSdJXB.exe
  2⤵
  PID:4316
- C:\Windows\System\hkYjlHq.exe
  C:\Windows\System\hkYjlHq.exe
  2⤵
  PID:4336
- C:\Windows\System\LYmDZBQ.exe
  C:\Windows\System\LYmDZBQ.exe
  2⤵
  PID:4352
- C:\Windows\System\LZlraVi.exe
  C:\Windows\System\LZlraVi.exe
  2⤵
  PID:4368
- C:\Windows\System\ERarNKy.exe
  C:\Windows\System\ERarNKy.exe
  2⤵
  PID:4384
- C:\Windows\System\ZDUhcMv.exe
  C:\Windows\System\ZDUhcMv.exe
  2⤵
  PID:4412
- C:\Windows\System\iTYqgpC.exe
  C:\Windows\System\iTYqgpC.exe
  2⤵
  PID:4444
- C:\Windows\System\aciIZZC.exe
  C:\Windows\System\aciIZZC.exe
  2⤵
  PID:4460
- C:\Windows\System\bKjvJdh.exe
  C:\Windows\System\bKjvJdh.exe
  2⤵
  PID:4484
- C:\Windows\System\HWJxkiQ.exe
  C:\Windows\System\HWJxkiQ.exe
  2⤵
  PID:4504
- C:\Windows\System\kHoXCss.exe
  C:\Windows\System\kHoXCss.exe
  2⤵
  PID:4524
- C:\Windows\System\JFTbwvk.exe
  C:\Windows\System\JFTbwvk.exe
  2⤵
  PID:4544
- C:\Windows\System\fXdaMji.exe
  C:\Windows\System\fXdaMji.exe
  2⤵
  PID:4560
- C:\Windows\System\TgeuAPn.exe
  C:\Windows\System\TgeuAPn.exe
  2⤵
  PID:4580
- C:\Windows\System\vsDFXPr.exe
  C:\Windows\System\vsDFXPr.exe
  2⤵
  PID:4604
- C:\Windows\System\FoXAYij.exe
  C:\Windows\System\FoXAYij.exe
  2⤵
  PID:4620
- C:\Windows\System\OTWQyIX.exe
  C:\Windows\System\OTWQyIX.exe
  2⤵
  PID:4644
- C:\Windows\System\GZlilgR.exe
  C:\Windows\System\GZlilgR.exe
  2⤵
  PID:4664
- C:\Windows\System\RoUNvat.exe
  C:\Windows\System\RoUNvat.exe
  2⤵
  PID:4680
- C:\Windows\System\OTRecfn.exe
  C:\Windows\System\OTRecfn.exe
  2⤵
  PID:4700
- C:\Windows\System\zTvXWXf.exe
  C:\Windows\System\zTvXWXf.exe
  2⤵
  PID:4720
- C:\Windows\System\uqYdIUh.exe
  C:\Windows\System\uqYdIUh.exe
  2⤵
  PID:4744
- C:\Windows\System\kPzecYH.exe
  C:\Windows\System\kPzecYH.exe
  2⤵
  PID:4760
- C:\Windows\System\sBxcKlT.exe
  C:\Windows\System\sBxcKlT.exe
  2⤵
  PID:4784
- C:\Windows\System\gmSdfWx.exe
  C:\Windows\System\gmSdfWx.exe
  2⤵
  PID:4804
- C:\Windows\System\osvZnna.exe
  C:\Windows\System\osvZnna.exe
  2⤵
  PID:4820
- C:\Windows\System\XrdaOym.exe
  C:\Windows\System\XrdaOym.exe
  2⤵
  PID:4840
- C:\Windows\System\UfSZhKs.exe
  C:\Windows\System\UfSZhKs.exe
  2⤵
  PID:4856
- C:\Windows\System\UefnmFy.exe
  C:\Windows\System\UefnmFy.exe
  2⤵
  PID:4880
- C:\Windows\System\RQDlwgR.exe
  C:\Windows\System\RQDlwgR.exe
  2⤵
  PID:4904
- C:\Windows\System\cfGpbSS.exe
  C:\Windows\System\cfGpbSS.exe
  2⤵
  PID:4920
- C:\Windows\System\johggjr.exe
  C:\Windows\System\johggjr.exe
  2⤵
  PID:4940
- C:\Windows\System\CGMSEWD.exe
  C:\Windows\System\CGMSEWD.exe
  2⤵
  PID:4960
- C:\Windows\System\PMVWnIy.exe
  C:\Windows\System\PMVWnIy.exe
  2⤵
  PID:4984
- C:\Windows\System\tnvPFZy.exe
  C:\Windows\System\tnvPFZy.exe
  2⤵
  PID:5000
- C:\Windows\System\HuGyUMc.exe
  C:\Windows\System\HuGyUMc.exe
  2⤵
  PID:5020
- C:\Windows\System\pwAyfyv.exe
  C:\Windows\System\pwAyfyv.exe
  2⤵
  PID:5040
- C:\Windows\System\JIrnmsy.exe
  C:\Windows\System\JIrnmsy.exe
  2⤵
  PID:5060
- C:\Windows\System\EQVDHiZ.exe
  C:\Windows\System\EQVDHiZ.exe
  2⤵
  PID:5084
- C:\Windows\System\BoyDCvr.exe
  C:\Windows\System\BoyDCvr.exe
  2⤵
  PID:5104
- C:\Windows\System\QDbFUQn.exe
  C:\Windows\System\QDbFUQn.exe
  2⤵
  PID:3080
- C:\Windows\System\MnlKdbd.exe
  C:\Windows\System\MnlKdbd.exe
  2⤵
  PID:3160
- C:\Windows\System\cTkSQNA.exe
  C:\Windows\System\cTkSQNA.exe
  2⤵
  PID:3316
- C:\Windows\System\TIimmVX.exe
  C:\Windows\System\TIimmVX.exe
  2⤵
  PID:3636
- C:\Windows\System\enDBCWB.exe
  C:\Windows\System\enDBCWB.exe
  2⤵
  PID:3228
- C:\Windows\System\QLpEoJl.exe
  C:\Windows\System\QLpEoJl.exe
  2⤵
  PID:3612
- C:\Windows\System\lNRTtIP.exe
  C:\Windows\System\lNRTtIP.exe
  2⤵
  PID:3528
- C:\Windows\System\jHBlhlV.exe
  C:\Windows\System\jHBlhlV.exe
  2⤵
  PID:3880
- C:\Windows\System\lTZRMSn.exe
  C:\Windows\System\lTZRMSn.exe
  2⤵
  PID:3940
- C:\Windows\System\uODPXvN.exe
  C:\Windows\System\uODPXvN.exe
  2⤵
  PID:3780
- C:\Windows\System\zvFTIvo.exe
  C:\Windows\System\zvFTIvo.exe
  2⤵
  PID:3740
- C:\Windows\System\vHdpUmM.exe
  C:\Windows\System\vHdpUmM.exe
  2⤵
  PID:2984
- C:\Windows\System\OBxEMaV.exe
  C:\Windows\System\OBxEMaV.exe
  2⤵
  PID:4064
- C:\Windows\System\XPZFOQf.exe
  C:\Windows\System\XPZFOQf.exe
  2⤵
  PID:4068
- C:\Windows\System\AzkVMeH.exe
  C:\Windows\System\AzkVMeH.exe
  2⤵
  PID:4164
- C:\Windows\System\ouummSj.exe
  C:\Windows\System\ouummSj.exe
  2⤵
  PID:4228
- C:\Windows\System\xPLlNqw.exe
  C:\Windows\System\xPLlNqw.exe
  2⤵
  PID:4148
- C:\Windows\System\gUfRvfo.exe
  C:\Windows\System\gUfRvfo.exe
  2⤵
  PID:4252
- C:\Windows\System\UQwEwFq.exe
  C:\Windows\System\UQwEwFq.exe
  2⤵
  PID:4176
- C:\Windows\System\VBWcMpN.exe
  C:\Windows\System\VBWcMpN.exe
  2⤵
  PID:4272
- C:\Windows\System\uEUUBPi.exe
  C:\Windows\System\uEUUBPi.exe
  2⤵
  PID:4304
- C:\Windows\System\ByukRtn.exe
  C:\Windows\System\ByukRtn.exe
  2⤵
  PID:4392
- C:\Windows\System\RWaRCxU.exe
  C:\Windows\System\RWaRCxU.exe
  2⤵
  PID:4376
- C:\Windows\System\WntaMtT.exe
  C:\Windows\System\WntaMtT.exe
  2⤵
  PID:4456
- C:\Windows\System\IXbGMwf.exe
  C:\Windows\System\IXbGMwf.exe
  2⤵
  PID:4500
- C:\Windows\System\hGPjUlO.exe
  C:\Windows\System\hGPjUlO.exe
  2⤵
  PID:2384
- C:\Windows\System\ceBsWkG.exe
  C:\Windows\System\ceBsWkG.exe
  2⤵
  PID:4520
- C:\Windows\System\CzakcUc.exe
  C:\Windows\System\CzakcUc.exe
  2⤵
  PID:4556
- C:\Windows\System\yvVxgAE.exe
  C:\Windows\System\yvVxgAE.exe
  2⤵
  PID:4612
- C:\Windows\System\HrVXXAK.exe
  C:\Windows\System\HrVXXAK.exe
  2⤵
  PID:4628
- C:\Windows\System\EIBDRdL.exe
  C:\Windows\System\EIBDRdL.exe
  2⤵
  PID:4696
- C:\Windows\System\HLupCfB.exe
  C:\Windows\System\HLupCfB.exe
  2⤵
  PID:4708
- C:\Windows\System\cLsKbsO.exe
  C:\Windows\System\cLsKbsO.exe
  2⤵
  PID:4736
- C:\Windows\System\dYAYUyb.exe
  C:\Windows\System\dYAYUyb.exe
  2⤵
  PID:4780
- C:\Windows\System\pJEEwHU.exe
  C:\Windows\System\pJEEwHU.exe
  2⤵
  PID:4848
- C:\Windows\System\zKQRDZe.exe
  C:\Windows\System\zKQRDZe.exe
  2⤵
  PID:4828
- C:\Windows\System\aWxqqqK.exe
  C:\Windows\System\aWxqqqK.exe
  2⤵
  PID:4896
- C:\Windows\System\SSzyOCl.exe
  C:\Windows\System\SSzyOCl.exe
  2⤵
  PID:4876
- C:\Windows\System\XfwiTAF.exe
  C:\Windows\System\XfwiTAF.exe
  2⤵
  PID:4968
- C:\Windows\System\AWAyWVc.exe
  C:\Windows\System\AWAyWVc.exe
  2⤵
  PID:5016
- C:\Windows\System\ihwotFa.exe
  C:\Windows\System\ihwotFa.exe
  2⤵
  PID:5052
- C:\Windows\System\QfAPzEd.exe
  C:\Windows\System\QfAPzEd.exe
  2⤵
  PID:1968
- C:\Windows\System\Jcakexz.exe
  C:\Windows\System\Jcakexz.exe
  2⤵
  PID:4956
- C:\Windows\System\wMmEsgK.exe
  C:\Windows\System\wMmEsgK.exe
  2⤵
  PID:5028
- C:\Windows\System\HhwAyOM.exe
  C:\Windows\System\HhwAyOM.exe
  2⤵
  PID:3420
- C:\Windows\System\BHkIoeP.exe
  C:\Windows\System\BHkIoeP.exe
  2⤵
  PID:3396
- C:\Windows\System\iJgjhwB.exe
  C:\Windows\System\iJgjhwB.exe
  2⤵
  PID:3804
- C:\Windows\System\owaRHpB.exe
  C:\Windows\System\owaRHpB.exe
  2⤵
  PID:4008
- C:\Windows\System\rYClchD.exe
  C:\Windows\System\rYClchD.exe
  2⤵
  PID:4120
- C:\Windows\System\MdxrxwA.exe
  C:\Windows\System\MdxrxwA.exe
  2⤵
  PID:3552
- C:\Windows\System\WUhljCL.exe
  C:\Windows\System\WUhljCL.exe
  2⤵
  PID:3648
- C:\Windows\System\aRgEwAs.exe
  C:\Windows\System\aRgEwAs.exe
  2⤵
  PID:3836
- C:\Windows\System\jLViFhA.exe
  C:\Windows\System\jLViFhA.exe
  2⤵
  PID:4260
- C:\Windows\System\oxWRqYC.exe
  C:\Windows\System\oxWRqYC.exe
  2⤵
  PID:4364
- C:\Windows\System\kYVogDm.exe
  C:\Windows\System\kYVogDm.exe
  2⤵
  PID:4124
- C:\Windows\System\XTcyfIX.exe
  C:\Windows\System\XTcyfIX.exe
  2⤵
  PID:4284
- C:\Windows\System\bwcHALN.exe
  C:\Windows\System\bwcHALN.exe
  2⤵
  PID:4404
- C:\Windows\System\KQbWKpA.exe
  C:\Windows\System\KQbWKpA.exe
  2⤵
  PID:4240
- C:\Windows\System\ZSmhxaa.exe
  C:\Windows\System\ZSmhxaa.exe
  2⤵
  PID:4420
- C:\Windows\System\SChKqps.exe
  C:\Windows\System\SChKqps.exe
  2⤵
  PID:4472
- C:\Windows\System\RbucLUa.exe
  C:\Windows\System\RbucLUa.exe
  2⤵
  PID:2228
- C:\Windows\System\QLHZKQx.exe
  C:\Windows\System\QLHZKQx.exe
  2⤵
  PID:4652
- C:\Windows\System\fhIEvgS.exe
  C:\Windows\System\fhIEvgS.exe
  2⤵
  PID:4772
- C:\Windows\System\DBKShng.exe
  C:\Windows\System\DBKShng.exe
  2⤵
  PID:4656
- C:\Windows\System\AZoCJBm.exe
  C:\Windows\System\AZoCJBm.exe
  2⤵
  PID:4732
- C:\Windows\System\fmrSbTl.exe
  C:\Windows\System\fmrSbTl.exe
  2⤵
  PID:4756
- C:\Windows\System\ZwzGjpz.exe
  C:\Windows\System\ZwzGjpz.exe
  2⤵
  PID:4868
- C:\Windows\System\uwSVvIm.exe
  C:\Windows\System\uwSVvIm.exe
  2⤵
  PID:4892
- C:\Windows\System\MJpTYAb.exe
  C:\Windows\System\MJpTYAb.exe
  2⤵
  PID:3100
- C:\Windows\System\ixDBNlp.exe
  C:\Windows\System\ixDBNlp.exe
  2⤵
  PID:4996
- C:\Windows\System\MyUmFbQ.exe
  C:\Windows\System\MyUmFbQ.exe
  2⤵
  PID:4948
- C:\Windows\System\CtQyUEC.exe
  C:\Windows\System\CtQyUEC.exe
  2⤵
  PID:5072
- C:\Windows\System\JgaBYUR.exe
  C:\Windows\System\JgaBYUR.exe
  2⤵
  PID:3660
- C:\Windows\System\PmsKOXw.exe
  C:\Windows\System\PmsKOXw.exe
  2⤵
  PID:3312
- C:\Windows\System\eUUnnQz.exe
  C:\Windows\System\eUUnnQz.exe
  2⤵
  PID:2664
- C:\Windows\System\pnXtNiR.exe
  C:\Windows\System\pnXtNiR.exe
  2⤵
  PID:3152
- C:\Windows\System\rnqGSOD.exe
  C:\Windows\System\rnqGSOD.exe
  2⤵
  PID:4328
- C:\Windows\System\jGoDUaY.exe
  C:\Windows\System\jGoDUaY.exe
  2⤵
  PID:5132
- C:\Windows\System\AhRcIXh.exe
  C:\Windows\System\AhRcIXh.exe
  2⤵
  PID:5152
- C:\Windows\System\SWstWEa.exe
  C:\Windows\System\SWstWEa.exe
  2⤵
  PID:5172
- C:\Windows\System\rWUDQvE.exe
  C:\Windows\System\rWUDQvE.exe
  2⤵
  PID:5192
- C:\Windows\System\FFogAJX.exe
  C:\Windows\System\FFogAJX.exe
  2⤵
  PID:5212
- C:\Windows\System\NIjuDWW.exe
  C:\Windows\System\NIjuDWW.exe
  2⤵
  PID:5232
- C:\Windows\System\cyvoVcJ.exe
  C:\Windows\System\cyvoVcJ.exe
  2⤵
  PID:5252
- C:\Windows\System\BAgBsKc.exe
  C:\Windows\System\BAgBsKc.exe
  2⤵
  PID:5272
- C:\Windows\System\vwSlzje.exe
  C:\Windows\System\vwSlzje.exe
  2⤵
  PID:5292
- C:\Windows\System\ItTfYBI.exe
  C:\Windows\System\ItTfYBI.exe
  2⤵
  PID:5312
- C:\Windows\System\qFnHNzb.exe
  C:\Windows\System\qFnHNzb.exe
  2⤵
  PID:5332
- C:\Windows\System\lteXFwU.exe
  C:\Windows\System\lteXFwU.exe
  2⤵
  PID:5352
- C:\Windows\System\mcHVEFY.exe
  C:\Windows\System\mcHVEFY.exe
  2⤵
  PID:5372
- C:\Windows\System\fXZctzA.exe
  C:\Windows\System\fXZctzA.exe
  2⤵
  PID:5392
- C:\Windows\System\AYKLWBg.exe
  C:\Windows\System\AYKLWBg.exe
  2⤵
  PID:5412
- C:\Windows\System\mivDKEc.exe
  C:\Windows\System\mivDKEc.exe
  2⤵
  PID:5432
- C:\Windows\System\bpVFwYc.exe
  C:\Windows\System\bpVFwYc.exe
  2⤵
  PID:5452
- C:\Windows\System\BxoEHop.exe
  C:\Windows\System\BxoEHop.exe
  2⤵
  PID:5472
- C:\Windows\System\rRzeBVk.exe
  C:\Windows\System\rRzeBVk.exe
  2⤵
  PID:5492
- C:\Windows\System\aaeEXnT.exe
  C:\Windows\System\aaeEXnT.exe
  2⤵
  PID:5512
- C:\Windows\System\djGsdTo.exe
  C:\Windows\System\djGsdTo.exe
  2⤵
  PID:5532
- C:\Windows\System\DxSroDv.exe
  C:\Windows\System\DxSroDv.exe
  2⤵
  PID:5552
- C:\Windows\System\UGkAiem.exe
  C:\Windows\System\UGkAiem.exe
  2⤵
  PID:5572
- C:\Windows\System\sihUgkY.exe
  C:\Windows\System\sihUgkY.exe
  2⤵
  PID:5592
- C:\Windows\System\uRStawc.exe
  C:\Windows\System\uRStawc.exe
  2⤵
  PID:5612
- C:\Windows\System\MGdMouE.exe
  C:\Windows\System\MGdMouE.exe
  2⤵
  PID:5636
- C:\Windows\System\QkOKKQN.exe
  C:\Windows\System\QkOKKQN.exe
  2⤵
  PID:5656
- C:\Windows\System\eprTGDA.exe
  C:\Windows\System\eprTGDA.exe
  2⤵
  PID:5676
- C:\Windows\System\AhnlObz.exe
  C:\Windows\System\AhnlObz.exe
  2⤵
  PID:5696
- C:\Windows\System\uGuVocZ.exe
  C:\Windows\System\uGuVocZ.exe
  2⤵
  PID:5716
- C:\Windows\System\RKqDmXJ.exe
  C:\Windows\System\RKqDmXJ.exe
  2⤵
  PID:5736
- C:\Windows\System\dLByDXQ.exe
  C:\Windows\System\dLByDXQ.exe
  2⤵
  PID:5756
- C:\Windows\System\GlxSfVQ.exe
  C:\Windows\System\GlxSfVQ.exe
  2⤵
  PID:5776
- C:\Windows\System\jbQOLvw.exe
  C:\Windows\System\jbQOLvw.exe
  2⤵
  PID:5796
- C:\Windows\System\VlECfmG.exe
  C:\Windows\System\VlECfmG.exe
  2⤵
  PID:5812
- C:\Windows\System\vkMRDoj.exe
  C:\Windows\System\vkMRDoj.exe
  2⤵
  PID:5832
- C:\Windows\System\GDOjkHF.exe
  C:\Windows\System\GDOjkHF.exe
  2⤵
  PID:5856
- C:\Windows\System\fTXvrPP.exe
  C:\Windows\System\fTXvrPP.exe
  2⤵
  PID:5876
- C:\Windows\System\DuBpUVQ.exe
  C:\Windows\System\DuBpUVQ.exe
  2⤵
  PID:5896
- C:\Windows\System\ypbxorc.exe
  C:\Windows\System\ypbxorc.exe
  2⤵
  PID:5916
- C:\Windows\System\cAmMvMy.exe
  C:\Windows\System\cAmMvMy.exe
  2⤵
  PID:5936
- C:\Windows\System\edENqZY.exe
  C:\Windows\System\edENqZY.exe
  2⤵
  PID:5952
- C:\Windows\System\MpNHBiT.exe
  C:\Windows\System\MpNHBiT.exe
  2⤵
  PID:5976
- C:\Windows\System\IkhbbjG.exe
  C:\Windows\System\IkhbbjG.exe
  2⤵
  PID:5996
- C:\Windows\System\TckyaoI.exe
  C:\Windows\System\TckyaoI.exe
  2⤵
  PID:6016
- C:\Windows\System\ykHXDvN.exe
  C:\Windows\System\ykHXDvN.exe
  2⤵
  PID:6032
- C:\Windows\System\PqvDRdO.exe
  C:\Windows\System\PqvDRdO.exe
  2⤵
  PID:6056
- C:\Windows\System\meIbdha.exe
  C:\Windows\System\meIbdha.exe
  2⤵
  PID:6076
- C:\Windows\System\LQWyBnA.exe
  C:\Windows\System\LQWyBnA.exe
  2⤵
  PID:6096
- C:\Windows\System\yeseXrh.exe
  C:\Windows\System\yeseXrh.exe
  2⤵
  PID:6116
- C:\Windows\System\uzcRIXd.exe
  C:\Windows\System\uzcRIXd.exe
  2⤵
  PID:6136
- C:\Windows\System\cRvlVyd.exe
  C:\Windows\System\cRvlVyd.exe
  2⤵
  PID:4428
- C:\Windows\System\RoNHCuD.exe
  C:\Windows\System\RoNHCuD.exe
  2⤵
  PID:4400
- C:\Windows\System\LrQxMpn.exe
  C:\Windows\System\LrQxMpn.exe
  2⤵
  PID:4452
- C:\Windows\System\xMCYJCi.exe
  C:\Windows\System\xMCYJCi.exe
  2⤵
  PID:4600
- C:\Windows\System\paffHFQ.exe
  C:\Windows\System\paffHFQ.exe
  2⤵
  PID:4592
- C:\Windows\System\wWzqpyB.exe
  C:\Windows\System\wWzqpyB.exe
  2⤵
  PID:4572
- C:\Windows\System\RjzCmEK.exe
  C:\Windows\System\RjzCmEK.exe
  2⤵
  PID:4728
- C:\Windows\System\OBiaRTm.exe
  C:\Windows\System\OBiaRTm.exe
  2⤵
  PID:4980
- C:\Windows\System\JLDAGxz.exe
  C:\Windows\System\JLDAGxz.exe
  2⤵
  PID:4936
- C:\Windows\System\LWRzhct.exe
  C:\Windows\System\LWRzhct.exe
  2⤵
  PID:4916
- C:\Windows\System\BXFeAhj.exe
  C:\Windows\System\BXFeAhj.exe
  2⤵
  PID:5076
- C:\Windows\System\oKxiXgL.exe
  C:\Windows\System\oKxiXgL.exe
  2⤵
  PID:3956
- C:\Windows\System\XdeUucv.exe
  C:\Windows\System\XdeUucv.exe
  2⤵
  PID:4144
- C:\Windows\System\wEgVIVy.exe
  C:\Windows\System\wEgVIVy.exe
  2⤵
  PID:4208
- C:\Windows\System\mnlPgzW.exe
  C:\Windows\System\mnlPgzW.exe
  2⤵
  PID:5148
- C:\Windows\System\dEnrVeU.exe
  C:\Windows\System\dEnrVeU.exe
  2⤵
  PID:5188
- C:\Windows\System\tbWMHsi.exe
  C:\Windows\System\tbWMHsi.exe
  2⤵
  PID:5220
- C:\Windows\System\waCglGI.exe
  C:\Windows\System\waCglGI.exe
  2⤵
  PID:5244
- C:\Windows\System\Wlcsoau.exe
  C:\Windows\System\Wlcsoau.exe
  2⤵
  PID:5288
- C:\Windows\System\yAMNDNe.exe
  C:\Windows\System\yAMNDNe.exe
  2⤵
  PID:5300
- C:\Windows\System\uvrDMfG.exe
  C:\Windows\System\uvrDMfG.exe
  2⤵
  PID:5348
- C:\Windows\System\ZIHVvGQ.exe
  C:\Windows\System\ZIHVvGQ.exe
  2⤵
  PID:5388
- C:\Windows\System\WowCqvV.exe
  C:\Windows\System\WowCqvV.exe
  2⤵
  PID:5384
- C:\Windows\System\TemwslT.exe
  C:\Windows\System\TemwslT.exe
  2⤵
  PID:5424
- C:\Windows\System\DgiehoB.exe
  C:\Windows\System\DgiehoB.exe
  2⤵
  PID:5464
- C:\Windows\System\naCEsPn.exe
  C:\Windows\System\naCEsPn.exe
  2⤵
  PID:5508
- C:\Windows\System\eePPbah.exe
  C:\Windows\System\eePPbah.exe
  2⤵
  PID:5564
- C:\Windows\System\AGemlbp.exe
  C:\Windows\System\AGemlbp.exe
  2⤵
  PID:5580
- C:\Windows\System\BNMzqxt.exe
  C:\Windows\System\BNMzqxt.exe
  2⤵
  PID:5620
- C:\Windows\System\CFetkrf.exe
  C:\Windows\System\CFetkrf.exe
  2⤵
  PID:5652
- C:\Windows\System\dqTzmpV.exe
  C:\Windows\System\dqTzmpV.exe
  2⤵
  PID:5672
- C:\Windows\System\cENiXLD.exe
  C:\Windows\System\cENiXLD.exe
  2⤵
  PID:5724
- C:\Windows\System\NbKhiuQ.exe
  C:\Windows\System\NbKhiuQ.exe
  2⤵
  PID:5764
- C:\Windows\System\stMSKjy.exe
  C:\Windows\System\stMSKjy.exe
  2⤵
  PID:5804
- C:\Windows\System\RvZJXve.exe
  C:\Windows\System\RvZJXve.exe
  2⤵
  PID:5788
- C:\Windows\System\kzMRHRW.exe
  C:\Windows\System\kzMRHRW.exe
  2⤵
  PID:5824
- C:\Windows\System\cGcWvAX.exe
  C:\Windows\System\cGcWvAX.exe
  2⤵
  PID:5864
- C:\Windows\System\jnebZiK.exe
  C:\Windows\System\jnebZiK.exe
  2⤵
  PID:5924
- C:\Windows\System\NtenJSu.exe
  C:\Windows\System\NtenJSu.exe
  2⤵
  PID:5912
- C:\Windows\System\EPKitDi.exe
  C:\Windows\System\EPKitDi.exe
  2⤵
  PID:5948
- C:\Windows\System\HHImhAq.exe
  C:\Windows\System\HHImhAq.exe
  2⤵
  PID:5984
- C:\Windows\System\QHOcGfO.exe
  C:\Windows\System\QHOcGfO.exe
  2⤵
  PID:6052
- C:\Windows\System\HjPCkby.exe
  C:\Windows\System\HjPCkby.exe
  2⤵
  PID:6084
- C:\Windows\System\AYCvkxT.exe
  C:\Windows\System\AYCvkxT.exe
  2⤵
  PID:6104
- C:\Windows\System\mdqpBqw.exe
  C:\Windows\System\mdqpBqw.exe
  2⤵
  PID:576
- C:\Windows\System\SGRUhjd.exe
  C:\Windows\System\SGRUhjd.exe
  2⤵
  PID:4300
- C:\Windows\System\yVoWizS.exe
  C:\Windows\System\yVoWizS.exe
  2⤵
  PID:4512
- C:\Windows\System\rEQJdyC.exe
  C:\Windows\System\rEQJdyC.exe
  2⤵
  PID:4516
- C:\Windows\System\UfHUpsA.exe
  C:\Windows\System\UfHUpsA.exe
  2⤵
  PID:4812
- C:\Windows\System\bUXbngK.exe
  C:\Windows\System\bUXbngK.exe
  2⤵
  PID:5008
- C:\Windows\System\YcLUqIX.exe
  C:\Windows\System\YcLUqIX.exe
  2⤵
  PID:4932
- C:\Windows\System\GoRPMHf.exe
  C:\Windows\System\GoRPMHf.exe
  2⤵
  PID:3400
- C:\Windows\System\THwWMnu.exe
  C:\Windows\System\THwWMnu.exe
  2⤵
  PID:5128
- C:\Windows\System\diMSXZq.exe
  C:\Windows\System\diMSXZq.exe
  2⤵
  PID:5144
- C:\Windows\System\jWnuliw.exe
  C:\Windows\System\jWnuliw.exe
  2⤵
  PID:5164
- C:\Windows\System\JQnLWIO.exe
  C:\Windows\System\JQnLWIO.exe
  2⤵
  PID:5248
- C:\Windows\System\ijJaogj.exe
  C:\Windows\System\ijJaogj.exe
  2⤵
  PID:5268
- C:\Windows\System\DtcEPFO.exe
  C:\Windows\System\DtcEPFO.exe
  2⤵
  PID:5360
- C:\Windows\System\cEKPoYc.exe
  C:\Windows\System\cEKPoYc.exe
  2⤵
  PID:5448
- C:\Windows\System\veZtwLe.exe
  C:\Windows\System\veZtwLe.exe
  2⤵
  PID:5408
- C:\Windows\System\XNVHDgE.exe
  C:\Windows\System\XNVHDgE.exe
  2⤵
  PID:5500
- C:\Windows\System\QIJWeby.exe
  C:\Windows\System\QIJWeby.exe
  2⤵
  PID:5600
- C:\Windows\System\zTrpgxC.exe
  C:\Windows\System\zTrpgxC.exe
  2⤵
  PID:5584
- C:\Windows\System\GkjqRcp.exe
  C:\Windows\System\GkjqRcp.exe
  2⤵
  PID:5664
- C:\Windows\System\ZbYMHAg.exe
  C:\Windows\System\ZbYMHAg.exe
  2⤵
  PID:5732
- C:\Windows\System\RLfZWaK.exe
  C:\Windows\System\RLfZWaK.exe
  2⤵
  PID:5772
- C:\Windows\System\ZlOLNpp.exe
  C:\Windows\System\ZlOLNpp.exe
  2⤵
  PID:5792
- C:\Windows\System\Whltfeg.exe
  C:\Windows\System\Whltfeg.exe
  2⤵
  PID:5868
- C:\Windows\System\dIIgCcC.exe
  C:\Windows\System\dIIgCcC.exe
  2⤵
  PID:5968
- C:\Windows\System\rtkynWl.exe
  C:\Windows\System\rtkynWl.exe
  2⤵
  PID:6004
- C:\Windows\System\UUVkcse.exe
  C:\Windows\System\UUVkcse.exe
  2⤵
  PID:6040
- C:\Windows\System\CMMtdOH.exe
  C:\Windows\System\CMMtdOH.exe
  2⤵
  PID:6088
- C:\Windows\System\yErJXLp.exe
  C:\Windows\System\yErJXLp.exe
  2⤵
  PID:6132
- C:\Windows\System\KnqZJUj.exe
  C:\Windows\System\KnqZJUj.exe
  2⤵
  PID:4236
- C:\Windows\System\sRTFwqu.exe
  C:\Windows\System\sRTFwqu.exe
  2⤵
  PID:4532
- C:\Windows\System\HGvEZFU.exe
  C:\Windows\System\HGvEZFU.exe
  2⤵
  PID:4712
- C:\Windows\System\tHXUKsI.exe
  C:\Windows\System\tHXUKsI.exe
  2⤵
  PID:3884
- C:\Windows\System\JkHuXMb.exe
  C:\Windows\System\JkHuXMb.exe
  2⤵
  PID:3680
- C:\Windows\System\jVJYBko.exe
  C:\Windows\System\jVJYBko.exe
  2⤵
  PID:5180
- C:\Windows\System\pIQUfVT.exe
  C:\Windows\System\pIQUfVT.exe
  2⤵
  PID:2128
- C:\Windows\System\IDGJUeJ.exe
  C:\Windows\System\IDGJUeJ.exe
  2⤵
  PID:2776
- C:\Windows\System\ykKBrsv.exe
  C:\Windows\System\ykKBrsv.exe
  2⤵
  PID:5428
- C:\Windows\System\DFLpQXK.exe
  C:\Windows\System\DFLpQXK.exe
  2⤵
  PID:5488
- C:\Windows\System\bKAjOJe.exe
  C:\Windows\System\bKAjOJe.exe
  2⤵
  PID:5544
- C:\Windows\System\vjyKgLn.exe
  C:\Windows\System\vjyKgLn.exe
  2⤵
  PID:5624
- C:\Windows\System\ACVtOlq.exe
  C:\Windows\System\ACVtOlq.exe
  2⤵
  PID:6160
- C:\Windows\System\CcYGNLz.exe
  C:\Windows\System\CcYGNLz.exe
  2⤵
  PID:6180
- C:\Windows\System\RNAcWDO.exe
  C:\Windows\System\RNAcWDO.exe
  2⤵
  PID:6200
- C:\Windows\System\ptshkdC.exe
  C:\Windows\System\ptshkdC.exe
  2⤵
  PID:6220
- C:\Windows\System\mwIQunH.exe
  C:\Windows\System\mwIQunH.exe
  2⤵
  PID:6240
- C:\Windows\System\evnBXla.exe
  C:\Windows\System\evnBXla.exe
  2⤵
  PID:6260
- C:\Windows\System\kkerJMj.exe
  C:\Windows\System\kkerJMj.exe
  2⤵
  PID:6280
- C:\Windows\System\boCcGdA.exe
  C:\Windows\System\boCcGdA.exe
  2⤵
  PID:6300
- C:\Windows\System\vwgdjDN.exe
  C:\Windows\System\vwgdjDN.exe
  2⤵
  PID:6320
- C:\Windows\System\ovOfxwP.exe
  C:\Windows\System\ovOfxwP.exe
  2⤵
  PID:6340
- C:\Windows\System\KSZFHJl.exe
  C:\Windows\System\KSZFHJl.exe
  2⤵
  PID:6360
- C:\Windows\System\QKnykqc.exe
  C:\Windows\System\QKnykqc.exe
  2⤵
  PID:6380
- C:\Windows\System\CIWAUBu.exe
  C:\Windows\System\CIWAUBu.exe
  2⤵
  PID:6400
- C:\Windows\System\rcOvJHJ.exe
  C:\Windows\System\rcOvJHJ.exe
  2⤵
  PID:6420
- C:\Windows\System\GgPqnqR.exe
  C:\Windows\System\GgPqnqR.exe
  2⤵
  PID:6440
- C:\Windows\System\ztXqXSk.exe
  C:\Windows\System\ztXqXSk.exe
  2⤵
  PID:6460
- C:\Windows\System\wLMNDNj.exe
  C:\Windows\System\wLMNDNj.exe
  2⤵
  PID:6480
- C:\Windows\System\INarXtl.exe
  C:\Windows\System\INarXtl.exe
  2⤵
  PID:6500
- C:\Windows\System\EogoCaC.exe
  C:\Windows\System\EogoCaC.exe
  2⤵
  PID:6520
- C:\Windows\System\YraDIOT.exe
  C:\Windows\System\YraDIOT.exe
  2⤵
  PID:6540
- C:\Windows\System\Jtktaas.exe
  C:\Windows\System\Jtktaas.exe
  2⤵
  PID:6560
- C:\Windows\System\RZGOnyT.exe
  C:\Windows\System\RZGOnyT.exe
  2⤵
  PID:6580
- C:\Windows\System\eaJXvIm.exe
  C:\Windows\System\eaJXvIm.exe
  2⤵
  PID:6600
- C:\Windows\System\BbOlYDP.exe
  C:\Windows\System\BbOlYDP.exe
  2⤵
  PID:6620
- C:\Windows\System\cJKUFWm.exe
  C:\Windows\System\cJKUFWm.exe
  2⤵
  PID:6640
- C:\Windows\System\ELoDReM.exe
  C:\Windows\System\ELoDReM.exe
  2⤵
  PID:6660
- C:\Windows\System\VhOMDyW.exe
  C:\Windows\System\VhOMDyW.exe
  2⤵
  PID:6680
- C:\Windows\System\JfMyZXw.exe
  C:\Windows\System\JfMyZXw.exe
  2⤵
  PID:6700
- C:\Windows\System\qyUxbMK.exe
  C:\Windows\System\qyUxbMK.exe
  2⤵
  PID:6720
- C:\Windows\System\OzYNLFe.exe
  C:\Windows\System\OzYNLFe.exe
  2⤵
  PID:6740
- C:\Windows\System\kFFGNPz.exe
  C:\Windows\System\kFFGNPz.exe
  2⤵
  PID:6760
- C:\Windows\System\qFJsVuR.exe
  C:\Windows\System\qFJsVuR.exe
  2⤵
  PID:6784
- C:\Windows\System\mJHDhdO.exe
  C:\Windows\System\mJHDhdO.exe
  2⤵
  PID:6804
- C:\Windows\System\LkdUUxt.exe
  C:\Windows\System\LkdUUxt.exe
  2⤵
  PID:6820
- C:\Windows\System\zGTLtPF.exe
  C:\Windows\System\zGTLtPF.exe
  2⤵
  PID:6844
- C:\Windows\System\VTpgIoz.exe
  C:\Windows\System\VTpgIoz.exe
  2⤵
  PID:6864
- C:\Windows\System\ZVNOYkG.exe
  C:\Windows\System\ZVNOYkG.exe
  2⤵
  PID:6884
- C:\Windows\System\qiWPoZz.exe
  C:\Windows\System\qiWPoZz.exe
  2⤵
  PID:6904
- C:\Windows\System\mOKkcjc.exe
  C:\Windows\System\mOKkcjc.exe
  2⤵
  PID:6924
- C:\Windows\System\eceEhFU.exe
  C:\Windows\System\eceEhFU.exe
  2⤵
  PID:6944
- C:\Windows\System\AJPZqPr.exe
  C:\Windows\System\AJPZqPr.exe
  2⤵
  PID:6964
- C:\Windows\System\fYKFdpw.exe
  C:\Windows\System\fYKFdpw.exe
  2⤵
  PID:6984
- C:\Windows\System\ijgnxUW.exe
  C:\Windows\System\ijgnxUW.exe
  2⤵
  PID:7004
- C:\Windows\System\qzKCstq.exe
  C:\Windows\System\qzKCstq.exe
  2⤵
  PID:7024
- C:\Windows\System\IlNgmRf.exe
  C:\Windows\System\IlNgmRf.exe
  2⤵
  PID:7044
- C:\Windows\System\AsyVfJA.exe
  C:\Windows\System\AsyVfJA.exe
  2⤵
  PID:7064
- C:\Windows\System\JKwznsz.exe
  C:\Windows\System\JKwznsz.exe
  2⤵
  PID:7084
- C:\Windows\System\fmJTGte.exe
  C:\Windows\System\fmJTGte.exe
  2⤵
  PID:7104
- C:\Windows\System\zazgwPJ.exe
  C:\Windows\System\zazgwPJ.exe
  2⤵
  PID:7124
- C:\Windows\System\XSDjedk.exe
  C:\Windows\System\XSDjedk.exe
  2⤵
  PID:7144
- C:\Windows\System\LolzcxS.exe
  C:\Windows\System\LolzcxS.exe
  2⤵
  PID:7164
- C:\Windows\System\MDIuTpu.exe
  C:\Windows\System\MDIuTpu.exe
  2⤵
  PID:5692
- C:\Windows\System\LjaMGOT.exe
  C:\Windows\System\LjaMGOT.exe
  2⤵
  PID:5844
- C:\Windows\System\tMqWSwc.exe
  C:\Windows\System\tMqWSwc.exe
  2⤵
  PID:5884
- C:\Windows\System\kqkMQLh.exe
  C:\Windows\System\kqkMQLh.exe
  2⤵
  PID:6008
- C:\Windows\System\yhrgfPw.exe
  C:\Windows\System\yhrgfPw.exe
  2⤵
  PID:4324
- C:\Windows\System\rirCIvk.exe
  C:\Windows\System\rirCIvk.exe
  2⤵
  PID:4360
- C:\Windows\System\WvNxTsD.exe
  C:\Windows\System\WvNxTsD.exe
  2⤵
  PID:4740
- C:\Windows\System\NzGJoDJ.exe
  C:\Windows\System\NzGJoDJ.exe
  2⤵
  PID:5124
- C:\Windows\System\wgIMQnH.exe
  C:\Windows\System\wgIMQnH.exe
  2⤵
  PID:5228
- C:\Windows\System\GGzEBwT.exe
  C:\Windows\System\GGzEBwT.exe
  2⤵
  PID:5380
- C:\Windows\System\JwTRjwJ.exe
  C:\Windows\System\JwTRjwJ.exe
  2⤵
  PID:5468
- C:\Windows\System\KPoSlOa.exe
  C:\Windows\System\KPoSlOa.exe
  2⤵
  PID:2020
- C:\Windows\System\RLZvtcV.exe
  C:\Windows\System\RLZvtcV.exe
  2⤵
  PID:6156
- C:\Windows\System\YaqTYrL.exe
  C:\Windows\System\YaqTYrL.exe
  2⤵
  PID:6172
- C:\Windows\System\NHIfpRX.exe
  C:\Windows\System\NHIfpRX.exe
  2⤵
  PID:6216
- C:\Windows\System\HFenCqc.exe
  C:\Windows\System\HFenCqc.exe
  2⤵
  PID:6256
- C:\Windows\System\MdIXham.exe
  C:\Windows\System\MdIXham.exe
  2⤵
  PID:6276
- C:\Windows\System\MnimPta.exe
  C:\Windows\System\MnimPta.exe
  2⤵
  PID:6308
- C:\Windows\System\DqYmOMT.exe
  C:\Windows\System\DqYmOMT.exe
  2⤵
  PID:6336
- C:\Windows\System\NihxtzE.exe
  C:\Windows\System\NihxtzE.exe
  2⤵
  PID:6388
- C:\Windows\System\kjDNfLJ.exe
  C:\Windows\System\kjDNfLJ.exe
  2⤵
  PID:6436
- C:\Windows\System\IMlAQLm.exe
  C:\Windows\System\IMlAQLm.exe
  2⤵
  PID:6468
- C:\Windows\System\ZltkFpa.exe
  C:\Windows\System\ZltkFpa.exe
  2⤵
  PID:6472
- C:\Windows\System\VGTrGML.exe
  C:\Windows\System\VGTrGML.exe
  2⤵
  PID:6516
- C:\Windows\System\MDGJMBs.exe
  C:\Windows\System\MDGJMBs.exe
  2⤵
  PID:6548
- C:\Windows\System\mbjwvkc.exe
  C:\Windows\System\mbjwvkc.exe
  2⤵
  PID:6552
- C:\Windows\System\DzNsdLv.exe
  C:\Windows\System\DzNsdLv.exe
  2⤵
  PID:6576
- C:\Windows\System\HkWtZZN.exe
  C:\Windows\System\HkWtZZN.exe
  2⤵
  PID:6636
- C:\Windows\System\xNxzHmL.exe
  C:\Windows\System\xNxzHmL.exe
  2⤵
  PID:6668
- C:\Windows\System\WVApfUN.exe
  C:\Windows\System\WVApfUN.exe
  2⤵
  PID:6656
- C:\Windows\System\xkdMthd.exe
  C:\Windows\System\xkdMthd.exe
  2⤵
  PID:6692
- C:\Windows\System\GrHWKih.exe
  C:\Windows\System\GrHWKih.exe
  2⤵
  PID:6732
- C:\Windows\System\CpmgNEc.exe
  C:\Windows\System\CpmgNEc.exe
  2⤵
  PID:6792
- C:\Windows\System\ikiqfHG.exe
  C:\Windows\System\ikiqfHG.exe
  2⤵
  PID:6832
- C:\Windows\System\EeblFiv.exe
  C:\Windows\System\EeblFiv.exe
  2⤵
  PID:6852
- C:\Windows\System\WAsKWKG.exe
  C:\Windows\System\WAsKWKG.exe
  2⤵
  PID:6876
- C:\Windows\System\fZtyTbT.exe
  C:\Windows\System\fZtyTbT.exe
  2⤵
  PID:6920
- C:\Windows\System\GGxYopf.exe
  C:\Windows\System\GGxYopf.exe
  2⤵
  PID:6956
- C:\Windows\System\dlwpVil.exe
  C:\Windows\System\dlwpVil.exe
  2⤵
  PID:6976
- C:\Windows\System\TlhSWja.exe
  C:\Windows\System\TlhSWja.exe
  2⤵
  PID:7020
- C:\Windows\System\bqebQvI.exe
  C:\Windows\System\bqebQvI.exe
  2⤵
  PID:7036
- C:\Windows\System\kkEYsBn.exe
  C:\Windows\System\kkEYsBn.exe
  2⤵
  PID:7080
- C:\Windows\System\RITgnGi.exe
  C:\Windows\System\RITgnGi.exe
  2⤵
  PID:7100
- C:\Windows\System\tPZmreg.exe
  C:\Windows\System\tPZmreg.exe
  2⤵
  PID:1684
- C:\Windows\System\AHyfOKC.exe
  C:\Windows\System\AHyfOKC.exe
  2⤵
  PID:7136
- C:\Windows\System\omYPaep.exe
  C:\Windows\System\omYPaep.exe
  2⤵
  PID:5748
- C:\Windows\System\lKCQDLI.exe
  C:\Windows\System\lKCQDLI.exe
  2⤵
  PID:5960
- C:\Windows\System\ZOhxOpE.exe
  C:\Windows\System\ZOhxOpE.exe
  2⤵
  PID:4308
- C:\Windows\System\wakpTtn.exe
  C:\Windows\System\wakpTtn.exe
  2⤵
  PID:6072
- C:\Windows\System\SiQGWeX.exe
  C:\Windows\System\SiQGWeX.exe
  2⤵
  PID:5036
- C:\Windows\System\xWkufPJ.exe
  C:\Windows\System\xWkufPJ.exe
  2⤵
  PID:2560
- C:\Windows\System\buXxIlf.exe
  C:\Windows\System\buXxIlf.exe
  2⤵
  PID:5524
- C:\Windows\System\ELXTQMO.exe
  C:\Windows\System\ELXTQMO.exe
  2⤵
  PID:6248
- C:\Windows\System\SFCUUDN.exe
  C:\Windows\System\SFCUUDN.exe
  2⤵
  PID:5688
- C:\Windows\System\VNMfvko.exe
  C:\Windows\System\VNMfvko.exe
  2⤵
  PID:6288
- C:\Windows\System\rcuWfJl.exe
  C:\Windows\System\rcuWfJl.exe
  2⤵
  PID:6252
- C:\Windows\System\gVKHkLc.exe
  C:\Windows\System\gVKHkLc.exe
  2⤵
  PID:2824
- C:\Windows\System\iYWQLiG.exe
  C:\Windows\System\iYWQLiG.exe
  2⤵
  PID:6376
- C:\Windows\System\POTthJq.exe
  C:\Windows\System\POTthJq.exe
  2⤵
  PID:6392
- C:\Windows\System\jnnjKAs.exe
  C:\Windows\System\jnnjKAs.exe
  2⤵
  PID:6448
- C:\Windows\System\wkRKuAX.exe
  C:\Windows\System\wkRKuAX.exe
  2⤵
  PID:6536
- C:\Windows\System\zFXaQwg.exe
  C:\Windows\System\zFXaQwg.exe
  2⤵
  PID:6672
- C:\Windows\System\QodLVNX.exe
  C:\Windows\System\QodLVNX.exe
  2⤵
  PID:6616
- C:\Windows\System\ZeHptcK.exe
  C:\Windows\System\ZeHptcK.exe
  2⤵
  PID:6696
- C:\Windows\System\CAnjFfT.exe
  C:\Windows\System\CAnjFfT.exe
  2⤵
  PID:6800
- C:\Windows\System\egSwjCt.exe
  C:\Windows\System\egSwjCt.exe
  2⤵
  PID:2812
- C:\Windows\System\iGUiLlD.exe
  C:\Windows\System\iGUiLlD.exe
  2⤵
  PID:6952
- C:\Windows\System\MqJgQMB.exe
  C:\Windows\System\MqJgQMB.exe
  2⤵
  PID:6900
- C:\Windows\System\JTuaQHE.exe
  C:\Windows\System\JTuaQHE.exe
  2⤵
  PID:6996
- C:\Windows\System\qSUZgCI.exe
  C:\Windows\System\qSUZgCI.exe
  2⤵
  PID:7060
- C:\Windows\System\wuIMRhl.exe
  C:\Windows\System\wuIMRhl.exe
  2⤵
  PID:7112
- C:\Windows\System\ufesimr.exe
  C:\Windows\System\ufesimr.exe
  2⤵
  PID:7152
- C:\Windows\System\EYHHWNc.exe
  C:\Windows\System\EYHHWNc.exe
  2⤵
  PID:2212
- C:\Windows\System\KkHXAjp.exe
  C:\Windows\System\KkHXAjp.exe
  2⤵
  PID:1280
- C:\Windows\System\swRAcCI.exe
  C:\Windows\System\swRAcCI.exe
  2⤵
  PID:4640
- C:\Windows\System\sRcPZGh.exe
  C:\Windows\System\sRcPZGh.exe
  2⤵
  PID:5304
- C:\Windows\System\fHHRHMN.exe
  C:\Windows\System\fHHRHMN.exe
  2⤵
  PID:6176
- C:\Windows\System\kpMtkOs.exe
  C:\Windows\System\kpMtkOs.exe
  2⤵
  PID:5632
- C:\Windows\System\nbnxtmd.exe
  C:\Windows\System\nbnxtmd.exe
  2⤵
  PID:6228
- C:\Windows\System\uITBpAr.exe
  C:\Windows\System\uITBpAr.exe
  2⤵
  PID:1980
- C:\Windows\System\AfRjBra.exe
  C:\Windows\System\AfRjBra.exe
  2⤵
  PID:6416
- C:\Windows\System\MlYgeyt.exe
  C:\Windows\System\MlYgeyt.exe
  2⤵
  PID:2276
- C:\Windows\System\ULjusMH.exe
  C:\Windows\System\ULjusMH.exe
  2⤵
  PID:6528
- C:\Windows\System\WIMkGtF.exe
  C:\Windows\System\WIMkGtF.exe
  2⤵
  PID:6712
- C:\Windows\System\DjvQxnz.exe
  C:\Windows\System\DjvQxnz.exe
  2⤵
  PID:6752
- C:\Windows\System\uDyGInD.exe
  C:\Windows\System\uDyGInD.exe
  2⤵
  PID:6816
- C:\Windows\System\AKLixkK.exe
  C:\Windows\System\AKLixkK.exe
  2⤵
  PID:6896
- C:\Windows\System\YkisfXI.exe
  C:\Windows\System\YkisfXI.exe
  2⤵
  PID:7092
- C:\Windows\System\kqDjLVU.exe
  C:\Windows\System\kqDjLVU.exe
  2⤵
  PID:7040
- C:\Windows\System\BmABWeY.exe
  C:\Windows\System\BmABWeY.exe
  2⤵
  PID:5888
- C:\Windows\System\HLFYQPJ.exe
  C:\Windows\System\HLFYQPJ.exe
  2⤵
  PID:5904
- C:\Windows\System\TBIZPib.exe
  C:\Windows\System\TBIZPib.exe
  2⤵
  PID:7180
- C:\Windows\System\ZFUNYsD.exe
  C:\Windows\System\ZFUNYsD.exe
  2⤵
  PID:7196
- C:\Windows\System\BZllCni.exe
  C:\Windows\System\BZllCni.exe
  2⤵
  PID:7220
- C:\Windows\System\qIVHFsP.exe
  C:\Windows\System\qIVHFsP.exe
  2⤵
  PID:7240
- C:\Windows\System\ohYrxVg.exe
  C:\Windows\System\ohYrxVg.exe
  2⤵
  PID:7260
- C:\Windows\System\RFYjAKh.exe
  C:\Windows\System\RFYjAKh.exe
  2⤵
  PID:7280
- C:\Windows\System\QuEJAyz.exe
  C:\Windows\System\QuEJAyz.exe
  2⤵
  PID:7300
- C:\Windows\System\bpZndZH.exe
  C:\Windows\System\bpZndZH.exe
  2⤵
  PID:7320
- C:\Windows\System\tSjtWmt.exe
  C:\Windows\System\tSjtWmt.exe
  2⤵
  PID:7340
- C:\Windows\System\sDZUKYA.exe
  C:\Windows\System\sDZUKYA.exe
  2⤵
  PID:7360
- C:\Windows\System\ZZlmqIn.exe
  C:\Windows\System\ZZlmqIn.exe
  2⤵
  PID:7380
- C:\Windows\System\kIDNuhj.exe
  C:\Windows\System\kIDNuhj.exe
  2⤵
  PID:7400
- C:\Windows\System\TiaDcIW.exe
  C:\Windows\System\TiaDcIW.exe
  2⤵
  PID:7420
- C:\Windows\System\CXKEmmX.exe
  C:\Windows\System\CXKEmmX.exe
  2⤵
  PID:7440
- C:\Windows\System\YpEQdlS.exe
  C:\Windows\System\YpEQdlS.exe
  2⤵
  PID:7460
- C:\Windows\System\YjEPxjY.exe
  C:\Windows\System\YjEPxjY.exe
  2⤵
  PID:7476
- C:\Windows\System\ApRfxLc.exe
  C:\Windows\System\ApRfxLc.exe
  2⤵
  PID:7500
- C:\Windows\System\VdaLwNl.exe
  C:\Windows\System\VdaLwNl.exe
  2⤵
  PID:7520
- C:\Windows\System\LKTOtnI.exe
  C:\Windows\System\LKTOtnI.exe
  2⤵
  PID:7540
- C:\Windows\System\CvzBgSh.exe
  C:\Windows\System\CvzBgSh.exe
  2⤵
  PID:7560
- C:\Windows\System\Fssbnny.exe
  C:\Windows\System\Fssbnny.exe
  2⤵
  PID:7580
- C:\Windows\System\YbUKgWn.exe
  C:\Windows\System\YbUKgWn.exe
  2⤵
  PID:7600
- C:\Windows\System\qekHBap.exe
  C:\Windows\System\qekHBap.exe
  2⤵
  PID:7620
- C:\Windows\System\INYPbQj.exe
  C:\Windows\System\INYPbQj.exe
  2⤵
  PID:7640
- C:\Windows\System\rGoeVCD.exe
  C:\Windows\System\rGoeVCD.exe
  2⤵
  PID:7660
- C:\Windows\System\gKPOINd.exe
  C:\Windows\System\gKPOINd.exe
  2⤵
  PID:7680
- C:\Windows\System\AuvVCTG.exe
  C:\Windows\System\AuvVCTG.exe
  2⤵
  PID:7708
- C:\Windows\System\yfSRWsl.exe
  C:\Windows\System\yfSRWsl.exe
  2⤵
  PID:7728
- C:\Windows\System\EfLBEJR.exe
  C:\Windows\System\EfLBEJR.exe
  2⤵
  PID:7748
- C:\Windows\System\fqonGEV.exe
  C:\Windows\System\fqonGEV.exe
  2⤵
  PID:7764
- C:\Windows\System\OjWRcNi.exe
  C:\Windows\System\OjWRcNi.exe
  2⤵
  PID:7788
- C:\Windows\System\kGCgtBk.exe
  C:\Windows\System\kGCgtBk.exe
  2⤵
  PID:7808
- C:\Windows\System\gIuDbfP.exe
  C:\Windows\System\gIuDbfP.exe
  2⤵
  PID:7824
- C:\Windows\System\HGtyHFC.exe
  C:\Windows\System\HGtyHFC.exe
  2⤵
  PID:7852
- C:\Windows\System\UuZfeJG.exe
  C:\Windows\System\UuZfeJG.exe
  2⤵
  PID:7872
- C:\Windows\System\XdaAdDQ.exe
  C:\Windows\System\XdaAdDQ.exe
  2⤵
  PID:7892
- C:\Windows\System\TLSptIJ.exe
  C:\Windows\System\TLSptIJ.exe
  2⤵
  PID:7912
- C:\Windows\System\yMzeWJL.exe
  C:\Windows\System\yMzeWJL.exe
  2⤵
  PID:7932
- C:\Windows\System\wEZpAIE.exe
  C:\Windows\System\wEZpAIE.exe
  2⤵
  PID:7952
- C:\Windows\System\fCfSPzU.exe
  C:\Windows\System\fCfSPzU.exe
  2⤵
  PID:7972
- C:\Windows\System\WneyEvi.exe
  C:\Windows\System\WneyEvi.exe
  2⤵
  PID:7992
- C:\Windows\System\beRJSOP.exe
  C:\Windows\System\beRJSOP.exe
  2⤵
  PID:8012
- C:\Windows\System\VsHfrVg.exe
  C:\Windows\System\VsHfrVg.exe
  2⤵
  PID:8028
- C:\Windows\System\lYbwsBk.exe
  C:\Windows\System\lYbwsBk.exe
  2⤵
  PID:8048
- C:\Windows\System\oyAjgkg.exe
  C:\Windows\System\oyAjgkg.exe
  2⤵
  PID:8072
- C:\Windows\System\dGYtrTp.exe
  C:\Windows\System\dGYtrTp.exe
  2⤵
  PID:8092
- C:\Windows\System\cNGUUHR.exe
  C:\Windows\System\cNGUUHR.exe
  2⤵
  PID:8112
- C:\Windows\System\jWUGzjD.exe
  C:\Windows\System\jWUGzjD.exe
  2⤵
  PID:8132
- C:\Windows\System\IjzdyEl.exe
  C:\Windows\System\IjzdyEl.exe
  2⤵
  PID:8152
- C:\Windows\System\TPxjpGG.exe
  C:\Windows\System\TPxjpGG.exe
  2⤵
  PID:8172
- C:\Windows\System\piLKHdx.exe
  C:\Windows\System\piLKHdx.exe
  2⤵
  PID:2920
- C:\Windows\System\jjKYdoI.exe
  C:\Windows\System\jjKYdoI.exe
  2⤵
  PID:5320
- C:\Windows\System\leFDXvN.exe
  C:\Windows\System\leFDXvN.exe
  2⤵
  PID:6192
- C:\Windows\System\oTEHTsR.exe
  C:\Windows\System\oTEHTsR.exe
  2⤵
  PID:6428
- C:\Windows\System\vgBgpNn.exe
  C:\Windows\System\vgBgpNn.exe
  2⤵
  PID:6632
- C:\Windows\System\pnnJUHT.exe
  C:\Windows\System\pnnJUHT.exe
  2⤵
  PID:6796
- C:\Windows\System\dHisPgV.exe
  C:\Windows\System\dHisPgV.exe
  2⤵
  PID:6768
- C:\Windows\System\oGDZPNb.exe
  C:\Windows\System\oGDZPNb.exe
  2⤵
  PID:7032
- C:\Windows\System\ovaXWfE.exe
  C:\Windows\System\ovaXWfE.exe
  2⤵
  PID:2556
- C:\Windows\System\jkpVeGV.exe
  C:\Windows\System\jkpVeGV.exe
  2⤵
  PID:7176
- C:\Windows\System\AIftQZq.exe
  C:\Windows\System\AIftQZq.exe
  2⤵
  PID:7208
- C:\Windows\System\hgVdRdv.exe
  C:\Windows\System\hgVdRdv.exe
  2⤵
  PID:7248
- C:\Windows\System\WQZfqrF.exe
  C:\Windows\System\WQZfqrF.exe
  2⤵
  PID:7252
- C:\Windows\System\POHnFLq.exe
  C:\Windows\System\POHnFLq.exe
  2⤵
  PID:7296
- C:\Windows\System\FufGWVz.exe
  C:\Windows\System\FufGWVz.exe
  2⤵
  PID:7316
- C:\Windows\System\EqBsRYp.exe
  C:\Windows\System\EqBsRYp.exe
  2⤵
  PID:7372
- C:\Windows\System\UPIvbuW.exe
  C:\Windows\System\UPIvbuW.exe
  2⤵
  PID:7396
- C:\Windows\System\RosOBdb.exe
  C:\Windows\System\RosOBdb.exe
  2⤵
  PID:7428
- C:\Windows\System\ahCfeUT.exe
  C:\Windows\System\ahCfeUT.exe
  2⤵
  PID:7452
- C:\Windows\System\QQnqSQB.exe
  C:\Windows\System\QQnqSQB.exe
  2⤵
  PID:7528
- C:\Windows\System\ylpFzXo.exe
  C:\Windows\System\ylpFzXo.exe
  2⤵
  PID:7512
- C:\Windows\System\nGhkMFT.exe
  C:\Windows\System\nGhkMFT.exe
  2⤵
  PID:7556
- C:\Windows\System\zsiNaQZ.exe
  C:\Windows\System\zsiNaQZ.exe
  2⤵
  PID:7596
- C:\Windows\System\XGEAiIw.exe
  C:\Windows\System\XGEAiIw.exe
  2⤵
  PID:7656
- C:\Windows\System\USrAecP.exe
  C:\Windows\System\USrAecP.exe
  2⤵
  PID:7632
- C:\Windows\System\GqNdjar.exe
  C:\Windows\System\GqNdjar.exe
  2⤵
  PID:7696
- C:\Windows\System\XucPhMN.exe
  C:\Windows\System\XucPhMN.exe
  2⤵
  PID:7716
- C:\Windows\System\hSAzmCS.exe
  C:\Windows\System\hSAzmCS.exe
  2⤵
  PID:7776
- C:\Windows\System\noXdPvG.exe
  C:\Windows\System\noXdPvG.exe
  2⤵
  PID:7756
- C:\Windows\System\vBaNOZD.exe
  C:\Windows\System\vBaNOZD.exe
  2⤵
  PID:7820
- C:\Windows\System\KvQpkGk.exe
  C:\Windows\System\KvQpkGk.exe
  2⤵
  PID:7836
- C:\Windows\System\cDZJDiZ.exe
  C:\Windows\System\cDZJDiZ.exe
  2⤵
  PID:7904
- C:\Windows\System\qUIZcsW.exe
  C:\Windows\System\qUIZcsW.exe
  2⤵
  PID:7948
- C:\Windows\System\SNcnBDn.exe
  C:\Windows\System\SNcnBDn.exe
  2⤵
  PID:7960
- C:\Windows\System\YcVECms.exe
  C:\Windows\System\YcVECms.exe
  2⤵
  PID:7964
- C:\Windows\System\EmlJYfS.exe
  C:\Windows\System\EmlJYfS.exe
  2⤵
  PID:8024
- C:\Windows\System\QjbVMrO.exe
  C:\Windows\System\QjbVMrO.exe
  2⤵
  PID:8060
- C:\Windows\System\MxJUfet.exe
  C:\Windows\System\MxJUfet.exe
  2⤵
  PID:7700
- C:\Windows\System\pmUZjAO.exe
  C:\Windows\System\pmUZjAO.exe
  2⤵
  PID:8080
- C:\Windows\System\zuffcwF.exe
  C:\Windows\System\zuffcwF.exe
  2⤵
  PID:8144
- C:\Windows\System\WyxaZEj.exe
  C:\Windows\System\WyxaZEj.exe
  2⤵
  PID:8160
- C:\Windows\System\itoVRmA.exe
  C:\Windows\System\itoVRmA.exe
  2⤵
  PID:6232
- C:\Windows\System\CwpfjCM.exe
  C:\Windows\System\CwpfjCM.exe
  2⤵
  PID:5568
- C:\Windows\System\iQPSHSS.exe
  C:\Windows\System\iQPSHSS.exe
  2⤵
  PID:1732
- C:\Windows\System\hSHgmPk.exe
  C:\Windows\System\hSHgmPk.exe
  2⤵
  PID:6628
- C:\Windows\System\ZEffcSB.exe
  C:\Windows\System\ZEffcSB.exe
  2⤵
  PID:7056
- C:\Windows\System\AREpAzv.exe
  C:\Windows\System\AREpAzv.exe
  2⤵
  PID:6064
- C:\Windows\System\NUJANcf.exe
  C:\Windows\System\NUJANcf.exe
  2⤵
  PID:7256
- C:\Windows\System\VZhsbOd.exe
  C:\Windows\System\VZhsbOd.exe
  2⤵
  PID:7188
- C:\Windows\System\pHzGRjz.exe
  C:\Windows\System\pHzGRjz.exe
  2⤵
  PID:7276
- C:\Windows\System\WCYVsro.exe
  C:\Windows\System\WCYVsro.exe
  2⤵
  PID:7352
- C:\Windows\System\BhVENDE.exe
  C:\Windows\System\BhVENDE.exe
  2⤵
  PID:7456
- C:\Windows\System\RRgEHst.exe
  C:\Windows\System\RRgEHst.exe
  2⤵
  PID:7448
- C:\Windows\System\FYzdxQm.exe
  C:\Windows\System\FYzdxQm.exe
  2⤵
  PID:7572
- C:\Windows\System\DDydtUx.exe
  C:\Windows\System\DDydtUx.exe
  2⤵
  PID:7608
- C:\Windows\System\AkYxwff.exe
  C:\Windows\System\AkYxwff.exe
  2⤵
  PID:7636
- C:\Windows\System\IckdlgT.exe
  C:\Windows\System\IckdlgT.exe
  2⤵
  PID:7692
- C:\Windows\System\QPCZTLk.exe
  C:\Windows\System\QPCZTLk.exe
  2⤵
  PID:7780
- C:\Windows\System\iDfFEDN.exe
  C:\Windows\System\iDfFEDN.exe
  2⤵
  PID:7740
- C:\Windows\System\qWeKutm.exe
  C:\Windows\System\qWeKutm.exe
  2⤵
  PID:7804
- C:\Windows\System\AgShYiy.exe
  C:\Windows\System\AgShYiy.exe
  2⤵
  PID:7908
- C:\Windows\System\LnhgCwx.exe
  C:\Windows\System\LnhgCwx.exe
  2⤵
  PID:7988
- C:\Windows\System\bOyLvIa.exe
  C:\Windows\System\bOyLvIa.exe
  2⤵
  PID:3024
- C:\Windows\System\mwTvIlt.exe
  C:\Windows\System\mwTvIlt.exe
  2⤵
  PID:8056
- C:\Windows\System\DsYOYIV.exe
  C:\Windows\System\DsYOYIV.exe
  2⤵
  PID:8040
- C:\Windows\System\SDJgzYF.exe
  C:\Windows\System\SDJgzYF.exe
  2⤵
  PID:8140
- C:\Windows\System\FNZvnRW.exe
  C:\Windows\System\FNZvnRW.exe
  2⤵
  PID:8164
- C:\Windows\System\JlIHhtI.exe
  C:\Windows\System\JlIHhtI.exe
  2⤵
  PID:2076
- C:\Windows\System\IfikAlq.exe
  C:\Windows\System\IfikAlq.exe
  2⤵
  PID:6960
- C:\Windows\System\oQlEjjm.exe
  C:\Windows\System\oQlEjjm.exe
  2⤵
  PID:7232
- C:\Windows\System\DJVpNFq.exe
  C:\Windows\System\DJVpNFq.exe
  2⤵
  PID:7204
- C:\Windows\System\FSzituE.exe
  C:\Windows\System\FSzituE.exe
  2⤵
  PID:7356
- C:\Windows\System\jaLfnEN.exe
  C:\Windows\System\jaLfnEN.exe
  2⤵
  PID:7416
- C:\Windows\System\UdydUtt.exe
  C:\Windows\System\UdydUtt.exe
  2⤵
  PID:7488
- C:\Windows\System\AfyofUO.exe
  C:\Windows\System\AfyofUO.exe
  2⤵
  PID:2628
- C:\Windows\System\XnhGJNO.exe
  C:\Windows\System\XnhGJNO.exe
  2⤵
  PID:7612
- C:\Windows\System\ioVeKpf.exe
  C:\Windows\System\ioVeKpf.exe
  2⤵
  PID:7720
- C:\Windows\System\QzilVAH.exe
  C:\Windows\System\QzilVAH.exe
  2⤵
  PID:7800
- C:\Windows\System\pIgUNjQ.exe
  C:\Windows\System\pIgUNjQ.exe
  2⤵
  PID:7884
- C:\Windows\System\xqTAfmo.exe
  C:\Windows\System\xqTAfmo.exe
  2⤵
  PID:7920
- C:\Windows\System\rbxhgBe.exe
  C:\Windows\System\rbxhgBe.exe
  2⤵
  PID:8108
- C:\Windows\System\WgGbBYs.exe
  C:\Windows\System\WgGbBYs.exe
  2⤵
  PID:8084
- C:\Windows\System\ymXWOQe.exe
  C:\Windows\System\ymXWOQe.exe
  2⤵
  PID:1376
- C:\Windows\System\IMUUvWB.exe
  C:\Windows\System\IMUUvWB.exe
  2⤵
  PID:6556
- C:\Windows\System\qouulfI.exe
  C:\Windows\System\qouulfI.exe
  2⤵
  PID:7192
- C:\Windows\System\rFmoWxm.exe
  C:\Windows\System\rFmoWxm.exe
  2⤵
  PID:7272
- C:\Windows\System\nbMCcja.exe
  C:\Windows\System\nbMCcja.exe
  2⤵
  PID:7376
- C:\Windows\System\ZIjkDap.exe
  C:\Windows\System\ZIjkDap.exe
  2⤵
  PID:2616
- C:\Windows\System\ZpKxAzu.exe
  C:\Windows\System\ZpKxAzu.exe
  2⤵
  PID:7816
- C:\Windows\System\npQblts.exe
  C:\Windows\System\npQblts.exe
  2⤵
  PID:7940
- C:\Windows\System\bEMLNpz.exe
  C:\Windows\System\bEMLNpz.exe
  2⤵
  PID:2396
- C:\Windows\System\FTzehyZ.exe
  C:\Windows\System\FTzehyZ.exe
  2⤵
  PID:2748
- C:\Windows\System\JqagqGY.exe
  C:\Windows\System\JqagqGY.exe
  2⤵
  PID:8004
- C:\Windows\System\QYmquiV.exe
  C:\Windows\System\QYmquiV.exe
  2⤵
  PID:8200
- C:\Windows\System\aKrcTPj.exe
  C:\Windows\System\aKrcTPj.exe
  2⤵
  PID:8220
- C:\Windows\System\vVlfOVv.exe
  C:\Windows\System\vVlfOVv.exe
  2⤵
  PID:8240
- C:\Windows\System\WsCyEFA.exe
  C:\Windows\System\WsCyEFA.exe
  2⤵
  PID:8256
- C:\Windows\System\UTVtnrr.exe
  C:\Windows\System\UTVtnrr.exe
  2⤵
  PID:8276
- C:\Windows\System\BTAYntB.exe
  C:\Windows\System\BTAYntB.exe
  2⤵
  PID:8300
- C:\Windows\System\lbxsqJJ.exe
  C:\Windows\System\lbxsqJJ.exe
  2⤵
  PID:8316
- C:\Windows\System\hYSIkTg.exe
  C:\Windows\System\hYSIkTg.exe
  2⤵
  PID:8340
- C:\Windows\System\JMvERLu.exe
  C:\Windows\System\JMvERLu.exe
  2⤵
  PID:8360
- C:\Windows\System\yDUMlES.exe
  C:\Windows\System\yDUMlES.exe
  2⤵
  PID:8380
- C:\Windows\System\ByrdWWH.exe
  C:\Windows\System\ByrdWWH.exe
  2⤵
  PID:8400
- C:\Windows\System\FIdiwUX.exe
  C:\Windows\System\FIdiwUX.exe
  2⤵
  PID:8420
- C:\Windows\System\oWpWJPV.exe
  C:\Windows\System\oWpWJPV.exe
  2⤵
  PID:8440
- C:\Windows\System\lDQYmzu.exe
  C:\Windows\System\lDQYmzu.exe
  2⤵
  PID:8456
- C:\Windows\System\KdXwvsq.exe
  C:\Windows\System\KdXwvsq.exe
  2⤵
  PID:8480
- C:\Windows\System\alfQNCD.exe
  C:\Windows\System\alfQNCD.exe
  2⤵
  PID:8500
- C:\Windows\System\CIhppSu.exe
  C:\Windows\System\CIhppSu.exe
  2⤵
  PID:8516
- C:\Windows\System\KWdnmRh.exe
  C:\Windows\System\KWdnmRh.exe
  2⤵
  PID:8544
- C:\Windows\System\eTQfkWR.exe
  C:\Windows\System\eTQfkWR.exe
  2⤵
  PID:8564
- C:\Windows\System\TaDTOfv.exe
  C:\Windows\System\TaDTOfv.exe
  2⤵
  PID:8584
- C:\Windows\System\epTpSVT.exe
  C:\Windows\System\epTpSVT.exe
  2⤵
  PID:8600
- C:\Windows\System\tTHEFza.exe
  C:\Windows\System\tTHEFza.exe
  2⤵
  PID:8616
- C:\Windows\System\uBFCvlf.exe
  C:\Windows\System\uBFCvlf.exe
  2⤵
  PID:8632
- C:\Windows\System\RejzqXf.exe
  C:\Windows\System\RejzqXf.exe
  2⤵
  PID:8648
- C:\Windows\System\YIBreCj.exe
  C:\Windows\System\YIBreCj.exe
  2⤵
  PID:8664
- C:\Windows\System\bIuBivd.exe
  C:\Windows\System\bIuBivd.exe
  2⤵
  PID:8684
- C:\Windows\System\HLjWgeJ.exe
  C:\Windows\System\HLjWgeJ.exe
  2⤵
  PID:8700
- C:\Windows\System\JKqtlAb.exe
  C:\Windows\System\JKqtlAb.exe
  2⤵
  PID:8720
- C:\Windows\System\CmEDYbG.exe
  C:\Windows\System\CmEDYbG.exe
  2⤵
  PID:8736
- C:\Windows\System\JeEGLuB.exe
  C:\Windows\System\JeEGLuB.exe
  2⤵
  PID:8752
- C:\Windows\System\okfWVbX.exe
  C:\Windows\System\okfWVbX.exe
  2⤵
  PID:8768
- C:\Windows\System\fesgZzh.exe
  C:\Windows\System\fesgZzh.exe
  2⤵
  PID:8788
- C:\Windows\System\AZQErmT.exe
  C:\Windows\System\AZQErmT.exe
  2⤵
  PID:8804
- C:\Windows\System\xEljlay.exe
  C:\Windows\System\xEljlay.exe
  2⤵
  PID:8820
- C:\Windows\System\jocAQrC.exe
  C:\Windows\System\jocAQrC.exe
  2⤵
  PID:8836
- C:\Windows\System\RtHZoHN.exe
  C:\Windows\System\RtHZoHN.exe
  2⤵
  PID:8852
- C:\Windows\System\kTEOxvI.exe
  C:\Windows\System\kTEOxvI.exe
  2⤵
  PID:8928
- C:\Windows\System\aWyuSYD.exe
  C:\Windows\System\aWyuSYD.exe
  2⤵
  PID:8944
- C:\Windows\System\mxqZISz.exe
  C:\Windows\System\mxqZISz.exe
  2⤵
  PID:8960
- C:\Windows\System\pWPKEQX.exe
  C:\Windows\System\pWPKEQX.exe
  2⤵
  PID:8976
- C:\Windows\System\zcdqdrd.exe
  C:\Windows\System\zcdqdrd.exe
  2⤵
  PID:8996
- C:\Windows\System\zYOTElp.exe
  C:\Windows\System\zYOTElp.exe
  2⤵
  PID:9016
- C:\Windows\System\AZqwdwX.exe
  C:\Windows\System\AZqwdwX.exe
  2⤵
  PID:9032
- C:\Windows\System\CLqqroR.exe
  C:\Windows\System\CLqqroR.exe
  2⤵
  PID:9048
- C:\Windows\System\LXHLKXC.exe
  C:\Windows\System\LXHLKXC.exe
  2⤵
  PID:9064
- C:\Windows\System\xjifcHr.exe
  C:\Windows\System\xjifcHr.exe
  2⤵
  PID:9080
- C:\Windows\System\JJOCAVw.exe
  C:\Windows\System\JJOCAVw.exe
  2⤵
  PID:9096
- C:\Windows\System\tfpWTpr.exe
  C:\Windows\System\tfpWTpr.exe
  2⤵
  PID:9112
- C:\Windows\System\KufuUgo.exe
  C:\Windows\System\KufuUgo.exe
  2⤵
  PID:9136
- C:\Windows\System\RVabdXK.exe
  C:\Windows\System\RVabdXK.exe
  2⤵
  PID:9156
- C:\Windows\System\pHUdCbx.exe
  C:\Windows\System\pHUdCbx.exe
  2⤵
  PID:9176
- C:\Windows\System\AuXKKcW.exe
  C:\Windows\System\AuXKKcW.exe
  2⤵
  PID:9204
- C:\Windows\System\yMtByZH.exe
  C:\Windows\System\yMtByZH.exe
  2⤵
  PID:7496
- C:\Windows\System\FKglJcI.exe
  C:\Windows\System\FKglJcI.exe
  2⤵
  PID:6648
- C:\Windows\System\lLGlOkd.exe
  C:\Windows\System\lLGlOkd.exe
  2⤵
  PID:7628
- C:\Windows\System\dzHUNAF.exe
  C:\Windows\System\dzHUNAF.exe
  2⤵
  PID:3172
- C:\Windows\System\oWZAOYJ.exe
  C:\Windows\System\oWZAOYJ.exe
  2⤵
  PID:8000
- C:\Windows\System\GmNpNCp.exe
  C:\Windows\System\GmNpNCp.exe
  2⤵
  PID:8216
- C:\Windows\System\iHxyZiz.exe
  C:\Windows\System\iHxyZiz.exe
  2⤵
  PID:2576
- C:\Windows\System\NnnJGDd.exe
  C:\Windows\System\NnnJGDd.exe
  2⤵
  PID:3012
- C:\Windows\System\yMuxTeb.exe
  C:\Windows\System\yMuxTeb.exe
  2⤵
  PID:8288
- C:\Windows\System\oUORXWW.exe
  C:\Windows\System\oUORXWW.exe
  2⤵
  PID:8308
- C:\Windows\System\lGYHOin.exe
  C:\Windows\System\lGYHOin.exe
  2⤵
  PID:8412
- C:\Windows\System\WwpvRkY.exe
  C:\Windows\System\WwpvRkY.exe
  2⤵
  PID:8452
- C:\Windows\System\ZCHqQwe.exe
  C:\Windows\System\ZCHqQwe.exe
  2⤵
  PID:8436
- C:\Windows\System\lUVdXGP.exe
  C:\Windows\System\lUVdXGP.exe
  2⤵
  PID:8468
- C:\Windows\System\jwUPGCa.exe
  C:\Windows\System\jwUPGCa.exe
  2⤵
  PID:8524
- C:\Windows\System\nWNvEqu.exe
  C:\Windows\System\nWNvEqu.exe
  2⤵
  PID:8508
- C:\Windows\System\FJhadRc.exe
  C:\Windows\System\FJhadRc.exe
  2⤵
  PID:8580
- C:\Windows\System\ifsvcPW.exe
  C:\Windows\System\ifsvcPW.exe
  2⤵
  PID:8608
- C:\Windows\System\XyuanuX.exe
  C:\Windows\System\XyuanuX.exe
  2⤵
  PID:8640
- C:\Windows\System\INMhJRb.exe
  C:\Windows\System\INMhJRb.exe
  2⤵
  PID:8644
- C:\Windows\System\igMMKpv.exe
  C:\Windows\System\igMMKpv.exe
  2⤵
  PID:828
- C:\Windows\System\KoshoXP.exe
  C:\Windows\System\KoshoXP.exe
  2⤵
  PID:8692
- C:\Windows\System\tlycHVb.exe
  C:\Windows\System\tlycHVb.exe
  2⤵
  PID:8744
- C:\Windows\System\NkWollX.exe
  C:\Windows\System\NkWollX.exe
  2⤵
  PID:8748
- C:\Windows\System\hUWAOaM.exe
  C:\Windows\System\hUWAOaM.exe
  2⤵
  PID:8764
- C:\Windows\System\FtVxKcI.exe
  C:\Windows\System\FtVxKcI.exe
  2⤵
  PID:8796
- C:\Windows\System\HnSCNun.exe
  C:\Windows\System\HnSCNun.exe
  2⤵
  PID:8828
- C:\Windows\System\eRWAsbs.exe
  C:\Windows\System\eRWAsbs.exe
  2⤵
  PID:8860
- C:\Windows\System\AmNqZjO.exe
  C:\Windows\System\AmNqZjO.exe
  2⤵
  PID:8872
- C:\Windows\System\aQGTkaw.exe
  C:\Windows\System\aQGTkaw.exe
  2⤵
  PID:8888
- C:\Windows\System\hBLjbJZ.exe
  C:\Windows\System\hBLjbJZ.exe
  2⤵
  PID:8904
- C:\Windows\System\GeKqUMY.exe
  C:\Windows\System\GeKqUMY.exe
  2⤵
  PID:8920
- C:\Windows\System\KnrxbRp.exe
  C:\Windows\System\KnrxbRp.exe
  2⤵
  PID:8940
- C:\Windows\System\yiPyRnk.exe
  C:\Windows\System\yiPyRnk.exe
  2⤵
  PID:8956
- C:\Windows\System\mCWaIHX.exe
  C:\Windows\System\mCWaIHX.exe
  2⤵
  PID:9008
- C:\Windows\System\fnpgqrD.exe
  C:\Windows\System\fnpgqrD.exe
  2⤵
  PID:888
- C:\Windows\System\keBYigI.exe
  C:\Windows\System\keBYigI.exe
  2⤵
  PID:6368
- C:\Windows\System\xUxWkcD.exe
  C:\Windows\System\xUxWkcD.exe
  2⤵
  PID:7736
- C:\Windows\System\NKxkPTY.exe
  C:\Windows\System\NKxkPTY.exe
  2⤵
  PID:2596
- C:\Windows\System\mDCFHzx.exe
  C:\Windows\System\mDCFHzx.exe
  2⤵
  PID:8208
- C:\Windows\System\bcOqYKO.exe
  C:\Windows\System\bcOqYKO.exe
  2⤵
  PID:3588
- C:\Windows\System\pzqqRlJ.exe
  C:\Windows\System\pzqqRlJ.exe
  2⤵
  PID:8252
- C:\Windows\System\XUgVNBP.exe
  C:\Windows\System\XUgVNBP.exe
  2⤵
  PID:8284
- C:\Windows\System\xYzwiqF.exe
  C:\Windows\System\xYzwiqF.exe
  2⤵
  PID:8272
- C:\Windows\System\hSMAGcI.exe
  C:\Windows\System\hSMAGcI.exe
  2⤵
  PID:8376
- C:\Windows\System\uqnEbub.exe
  C:\Windows\System\uqnEbub.exe
  2⤵
  PID:8392
- C:\Windows\System\blRiEXI.exe
  C:\Windows\System\blRiEXI.exe
  2⤵
  PID:3016
- C:\Windows\System\kYcnjHQ.exe
  C:\Windows\System\kYcnjHQ.exe
  2⤵
  PID:8488
- C:\Windows\System\wDZcXMY.exe
  C:\Windows\System\wDZcXMY.exe
  2⤵
  PID:1640
- C:\Windows\System\DixJsfY.exe
  C:\Windows\System\DixJsfY.exe
  2⤵
  PID:8628
- C:\Windows\System\YTSqnkV.exe
  C:\Windows\System\YTSqnkV.exe
  2⤵
  PID:8624
- C:\Windows\System\HNrxJtN.exe
  C:\Windows\System\HNrxJtN.exe
  2⤵
  PID:536
- C:\Windows\System\imCilnY.exe
  C:\Windows\System\imCilnY.exe
  2⤵
  PID:2180
- C:\Windows\System\eLYXHvt.exe
  C:\Windows\System\eLYXHvt.exe
  2⤵
  PID:2760
- C:\Windows\System\VhdQdJo.exe
  C:\Windows\System\VhdQdJo.exe
  2⤵
  PID:8716
- C:\Windows\System\SeGUBtk.exe
  C:\Windows\System\SeGUBtk.exe
  2⤵
  PID:1484
- C:\Windows\System\BNgpRLx.exe
  C:\Windows\System\BNgpRLx.exe
  2⤵
  PID:2652
- C:\Windows\System\jNsJciX.exe
  C:\Windows\System\jNsJciX.exe
  2⤵
  PID:8848
- C:\Windows\System\oFaNdlO.exe
  C:\Windows\System\oFaNdlO.exe
  2⤵
  PID:2344
- C:\Windows\System\yykPFgN.exe
  C:\Windows\System\yykPFgN.exe
  2⤵
  PID:8912
- C:\Windows\System\gsafNZo.exe
  C:\Windows\System\gsafNZo.exe
  2⤵
  PID:8916
- C:\Windows\System\HPrDmET.exe
  C:\Windows\System\HPrDmET.exe
  2⤵
  PID:9040
- C:\Windows\System\sHpbhlM.exe
  C:\Windows\System\sHpbhlM.exe
  2⤵
  PID:8936
- C:\Windows\System\xeDGgbN.exe
  C:\Windows\System\xeDGgbN.exe
  2⤵
  PID:9104
- C:\Windows\System\JULnAJI.exe
  C:\Windows\System\JULnAJI.exe
  2⤵
  PID:8988
- C:\Windows\System\GkkSOcq.exe
  C:\Windows\System\GkkSOcq.exe
  2⤵
  PID:9124
- C:\Windows\System\qAOhoCg.exe
  C:\Windows\System\qAOhoCg.exe
  2⤵
  PID:9188
- C:\Windows\System\LKbvVMI.exe
  C:\Windows\System\LKbvVMI.exe
  2⤵
  PID:9172
- C:\Windows\System\GRGGtso.exe
  C:\Windows\System\GRGGtso.exe
  2⤵
  PID:1096
- C:\Windows\System\oEnpEmm.exe
  C:\Windows\System\oEnpEmm.exe
  2⤵
  PID:7784
- C:\Windows\System\duHZbAv.exe
  C:\Windows\System\duHZbAv.exe
  2⤵
  PID:7888
- C:\Windows\System\qGKEmGQ.exe
  C:\Windows\System\qGKEmGQ.exe
  2⤵
  PID:8236
- C:\Windows\System\YvTJaWk.exe
  C:\Windows\System\YvTJaWk.exe
  2⤵
  PID:8448
- C:\Windows\System\GWhfQoE.exe
  C:\Windows\System\GWhfQoE.exe
  2⤵
  PID:1688
- C:\Windows\System\yTHESep.exe
  C:\Windows\System\yTHESep.exe
  2⤵
  PID:2280
- C:\Windows\System\tSjkdsF.exe
  C:\Windows\System\tSjkdsF.exe
  2⤵
  PID:8680
- C:\Windows\System\qundBqU.exe
  C:\Windows\System\qundBqU.exe
  2⤵
  PID:8864
- C:\Windows\System\njXywTF.exe
  C:\Windows\System\njXywTF.exe
  2⤵
  PID:1156
- C:\Windows\System\uWenuZr.exe
  C:\Windows\System\uWenuZr.exe
  2⤵
  PID:9076
- C:\Windows\System\kSaTuov.exe
  C:\Windows\System\kSaTuov.exe
  2⤵
  PID:444
- C:\Windows\System\AkdLskr.exe
  C:\Windows\System\AkdLskr.exe
  2⤵
  PID:8900
- C:\Windows\System\fuqByqv.exe
  C:\Windows\System\fuqByqv.exe
  2⤵
  PID:9152
- C:\Windows\System\uwQzTzJ.exe
  C:\Windows\System\uwQzTzJ.exe
  2⤵
  PID:8612
- C:\Windows\System\OWiWCBN.exe
  C:\Windows\System\OWiWCBN.exe
  2⤵
  PID:8268
- C:\Windows\System\YbqWSXA.exe
  C:\Windows\System\YbqWSXA.exe
  2⤵
  PID:8352
- C:\Windows\System\cwrLAQy.exe
  C:\Windows\System\cwrLAQy.exe
  2⤵
  PID:8556
- C:\Windows\System\wJJUBbR.exe
  C:\Windows\System\wJJUBbR.exe
  2⤵
  PID:8592
- C:\Windows\System\qqdOENO.exe
  C:\Windows\System\qqdOENO.exe
  2⤵
  PID:2052
- C:\Windows\System\AOevvGk.exe
  C:\Windows\System\AOevvGk.exe
  2⤵
  PID:9088
- C:\Windows\System\QJoEWeC.exe
  C:\Windows\System\QJoEWeC.exe
  2⤵
  PID:8816
- C:\Windows\System\MIaWBFG.exe
  C:\Windows\System\MIaWBFG.exe
  2⤵
  PID:8924
- C:\Windows\System\VwauwDr.exe
  C:\Windows\System\VwauwDr.exe
  2⤵
  PID:9200
- C:\Windows\System\jbqaknK.exe
  C:\Windows\System\jbqaknK.exe
  2⤵
  PID:8292
- C:\Windows\System\eBjIHlV.exe
  C:\Windows\System\eBjIHlV.exe
  2⤵
  PID:9128
- C:\Windows\System\nQFoCLi.exe
  C:\Windows\System\nQFoCLi.exe
  2⤵
  PID:8476
- C:\Windows\System\tHirFeK.exe
  C:\Windows\System\tHirFeK.exe
  2⤵
  PID:1040
- C:\Windows\System\wSvbFgN.exe
  C:\Windows\System\wSvbFgN.exe
  2⤵
  PID:2176
- C:\Windows\System\mjJPsPN.exe
  C:\Windows\System\mjJPsPN.exe
  2⤵
  PID:9060
- C:\Windows\System\EetyPmq.exe
  C:\Windows\System\EetyPmq.exe
  2⤵
  PID:2720
- C:\Windows\System\YMzeiKN.exe
  C:\Windows\System\YMzeiKN.exe
  2⤵
  PID:2216
- C:\Windows\System\kLnsISc.exe
  C:\Windows\System\kLnsISc.exe
  2⤵
  PID:8972
- C:\Windows\System\upFBzXj.exe
  C:\Windows\System\upFBzXj.exe
  2⤵
  PID:8332
- C:\Windows\System\ykTPcCx.exe
  C:\Windows\System\ykTPcCx.exe
  2⤵
  PID:7508
- C:\Windows\System\bWogxfE.exe
  C:\Windows\System\bWogxfE.exe
  2⤵
  PID:1716
- C:\Windows\System\SzffeKs.exe
  C:\Windows\System\SzffeKs.exe
  2⤵
  PID:8408
- C:\Windows\System\FKKFVlt.exe
  C:\Windows\System\FKKFVlt.exe
  2⤵
  PID:9220
- C:\Windows\System\fnoMFvT.exe
  C:\Windows\System\fnoMFvT.exe
  2⤵
  PID:9236
- C:\Windows\System\pzlZALL.exe
  C:\Windows\System\pzlZALL.exe
  2⤵
  PID:9256
- C:\Windows\System\HZOadFh.exe
  C:\Windows\System\HZOadFh.exe
  2⤵
  PID:9272
- C:\Windows\System\RVJWWwh.exe
  C:\Windows\System\RVJWWwh.exe
  2⤵
  PID:9296
- C:\Windows\System\yFdSVWo.exe
  C:\Windows\System\yFdSVWo.exe
  2⤵
  PID:9316
- C:\Windows\System\npmBkWD.exe
  C:\Windows\System\npmBkWD.exe
  2⤵
  PID:9332
- C:\Windows\System\WTXQivu.exe
  C:\Windows\System\WTXQivu.exe
  2⤵
  PID:9348
- C:\Windows\System\hnejUyJ.exe
  C:\Windows\System\hnejUyJ.exe
  2⤵
  PID:9368
- C:\Windows\System\vEInIFH.exe
  C:\Windows\System\vEInIFH.exe
  2⤵
  PID:9388
- C:\Windows\System\NUPxXIx.exe
  C:\Windows\System\NUPxXIx.exe
  2⤵
  PID:9408
- C:\Windows\System\OJxmgjS.exe
  C:\Windows\System\OJxmgjS.exe
  2⤵
  PID:9424
- C:\Windows\System\PBhfbrL.exe
  C:\Windows\System\PBhfbrL.exe
  2⤵
  PID:9444
- C:\Windows\System\BdUYdba.exe
  C:\Windows\System\BdUYdba.exe
  2⤵
  PID:9460
- C:\Windows\System\PjgWqSo.exe
  C:\Windows\System\PjgWqSo.exe
  2⤵
  PID:9480
- C:\Windows\System\aHMpVZa.exe
  C:\Windows\System\aHMpVZa.exe
  2⤵
  PID:9496
- C:\Windows\System\BqgWLCn.exe
  C:\Windows\System\BqgWLCn.exe
  2⤵
  PID:9520
- C:\Windows\System\zLiThtw.exe
  C:\Windows\System\zLiThtw.exe
  2⤵
  PID:9536
- C:\Windows\System\WGvZvVR.exe
  C:\Windows\System\WGvZvVR.exe
  2⤵
  PID:9556
- C:\Windows\System\LDeeFOM.exe
  C:\Windows\System\LDeeFOM.exe
  2⤵
  PID:9572
- C:\Windows\System\ngctTkJ.exe
  C:\Windows\System\ngctTkJ.exe
  2⤵
  PID:9592
- C:\Windows\System\hYtTdqs.exe
  C:\Windows\System\hYtTdqs.exe
  2⤵
  PID:9608
- C:\Windows\System\mJwVUvZ.exe
  C:\Windows\System\mJwVUvZ.exe
  2⤵
  PID:9628
- C:\Windows\System\igMgWyi.exe
  C:\Windows\System\igMgWyi.exe
  2⤵
  PID:9648
- C:\Windows\System\zFpDOYH.exe
  C:\Windows\System\zFpDOYH.exe
  2⤵
  PID:9664
- C:\Windows\System\AbgclNH.exe
  C:\Windows\System\AbgclNH.exe
  2⤵
  PID:9680
- C:\Windows\System\DZWzxlF.exe
  C:\Windows\System\DZWzxlF.exe
  2⤵
  PID:9696
- C:\Windows\System\oTEIydK.exe
  C:\Windows\System\oTEIydK.exe
  2⤵
  PID:9720
- C:\Windows\System\gnjaHsN.exe
  C:\Windows\System\gnjaHsN.exe
  2⤵
  PID:9744
- C:\Windows\System\fxEYqoh.exe
  C:\Windows\System\fxEYqoh.exe
  2⤵
  PID:9760
- C:\Windows\System\YkLPgGC.exe
  C:\Windows\System\YkLPgGC.exe
  2⤵
  PID:9780
- C:\Windows\System\MicCWnS.exe
  C:\Windows\System\MicCWnS.exe
  2⤵
  PID:9820
- C:\Windows\System\kyufnBt.exe
  C:\Windows\System\kyufnBt.exe
  2⤵
  PID:9836
- C:\Windows\System\ITXAdzT.exe
  C:\Windows\System\ITXAdzT.exe
  2⤵
  PID:9852
- C:\Windows\System\ihJVJvE.exe
  C:\Windows\System\ihJVJvE.exe
  2⤵
  PID:9868
- C:\Windows\System\wAjQRrZ.exe
  C:\Windows\System\wAjQRrZ.exe
  2⤵
  PID:9888
- C:\Windows\System\vlsVNaY.exe
  C:\Windows\System\vlsVNaY.exe
  2⤵
  PID:9908
- C:\Windows\System\YlpVruO.exe
  C:\Windows\System\YlpVruO.exe
  2⤵
  PID:9924
- C:\Windows\System\OAhCrVI.exe
  C:\Windows\System\OAhCrVI.exe
  2⤵
  PID:9944
- C:\Windows\System\aikFHSs.exe
  C:\Windows\System\aikFHSs.exe
  2⤵
  PID:9960
- C:\Windows\System\yfRaEZb.exe
  C:\Windows\System\yfRaEZb.exe
  2⤵
  PID:9976
- C:\Windows\System\hboLNBn.exe
  C:\Windows\System\hboLNBn.exe
  2⤵
  PID:9992
- C:\Windows\System\HjIhsTb.exe
  C:\Windows\System\HjIhsTb.exe
  2⤵
  PID:10016
- C:\Windows\System\mAyDQdM.exe
  C:\Windows\System\mAyDQdM.exe
  2⤵
  PID:10040
- C:\Windows\System\ttxagXD.exe
  C:\Windows\System\ttxagXD.exe
  2⤵
  PID:10056
- C:\Windows\System\ZtPdYDo.exe
  C:\Windows\System\ZtPdYDo.exe
  2⤵
  PID:10076
- C:\Windows\System\LCeDKGV.exe
  C:\Windows\System\LCeDKGV.exe
  2⤵
  PID:10096
- C:\Windows\System\HkmPlBt.exe
  C:\Windows\System\HkmPlBt.exe
  2⤵
  PID:10112
- C:\Windows\System\FmkqMLE.exe
  C:\Windows\System\FmkqMLE.exe
  2⤵
  PID:10128
- C:\Windows\System\Wfrypje.exe
  C:\Windows\System\Wfrypje.exe
  2⤵
  PID:10148
- C:\Windows\System\OLANlBj.exe
  C:\Windows\System\OLANlBj.exe
  2⤵
  PID:10168
- C:\Windows\System\etSBBMW.exe
  C:\Windows\System\etSBBMW.exe
  2⤵
  PID:10200
- C:\Windows\System\cvsGeec.exe
  C:\Windows\System\cvsGeec.exe
  2⤵
  PID:10216
- C:\Windows\System\IbXeCnx.exe
  C:\Windows\System\IbXeCnx.exe
  2⤵
  PID:10236
- C:\Windows\System\FTkMcLO.exe
  C:\Windows\System\FTkMcLO.exe
  2⤵
  PID:9144
- C:\Windows\System\wIyVoIy.exe
  C:\Windows\System\wIyVoIy.exe
  2⤵
  PID:9308
- C:\Windows\System\ASVzJLL.exe
  C:\Windows\System\ASVzJLL.exe
  2⤵
  PID:9384
- C:\Windows\System\igqdhMA.exe
  C:\Windows\System\igqdhMA.exe
  2⤵
  PID:9488
- C:\Windows\System\TKBwvOk.exe
  C:\Windows\System\TKBwvOk.exe
  2⤵
  PID:9800
- C:\Windows\System\MBeXREk.exe
  C:\Windows\System\MBeXREk.exe
  2⤵
  PID:9808
- C:\Windows\System\KSTYHJo.exe
  C:\Windows\System\KSTYHJo.exe
  2⤵
  PID:9848
- C:\Windows\System\dEoMpDf.exe
  C:\Windows\System\dEoMpDf.exe
  2⤵
  PID:9920
- C:\Windows\System\qSXqszu.exe
  C:\Windows\System\qSXqszu.exe
  2⤵
  PID:9956
- C:\Windows\System\wDQcEZL.exe
  C:\Windows\System\wDQcEZL.exe
  2⤵
  PID:10036
- C:\Windows\System\NzAzPsJ.exe
  C:\Windows\System\NzAzPsJ.exe
  2⤵
  PID:10068
- C:\Windows\System\LztJrhm.exe
  C:\Windows\System\LztJrhm.exe
  2⤵
  PID:10136
- C:\Windows\System\UFroTWD.exe
  C:\Windows\System\UFroTWD.exe
  2⤵
  PID:9616
- C:\Windows\System\mmCMxve.exe
  C:\Windows\System\mmCMxve.exe
  2⤵
  PID:9328
- C:\Windows\System\mASimhh.exe
  C:\Windows\System\mASimhh.exe
  2⤵
  PID:9232
- C:\Windows\System\XuNGyaG.exe
  C:\Windows\System\XuNGyaG.exe
  2⤵
  PID:9244
- C:\Windows\System\bRptUqG.exe
  C:\Windows\System\bRptUqG.exe
  2⤵
  PID:9420
- C:\Windows\System\UgYNioS.exe
  C:\Windows\System\UgYNioS.exe
  2⤵
  PID:9456
- C:\Windows\System\EvMIXZJ.exe
  C:\Windows\System\EvMIXZJ.exe
  2⤵
  PID:9292
- C:\Windows\System\uWSyXnh.exe
  C:\Windows\System\uWSyXnh.exe
  2⤵
  PID:9396
- C:\Windows\System\FUumFeD.exe
  C:\Windows\System\FUumFeD.exe
  2⤵
  PID:9476
- C:\Windows\System\zTxtVXY.exe
  C:\Windows\System\zTxtVXY.exe
  2⤵
  PID:9516
- C:\Windows\System\kEZhXIT.exe
  C:\Windows\System\kEZhXIT.exe
  2⤵
  PID:9588
- C:\Windows\System\gVGSDkq.exe
  C:\Windows\System\gVGSDkq.exe
  2⤵
  PID:9660
- C:\Windows\System\ZmgvSaj.exe
  C:\Windows\System\ZmgvSaj.exe
  2⤵
  PID:9900
- C:\Windows\System\WtUaBRh.exe
  C:\Windows\System\WtUaBRh.exe
  2⤵
  PID:9860
- C:\Windows\System\sxxigZm.exe
  C:\Windows\System\sxxigZm.exe
  2⤵
  PID:9768
- C:\Windows\System\PThEkSx.exe
  C:\Windows\System\PThEkSx.exe
  2⤵
  PID:9728
- C:\Windows\System\xtWJSne.exe
  C:\Windows\System\xtWJSne.exe
  2⤵
  PID:9972
- C:\Windows\System\XxItDTI.exe
  C:\Windows\System\XxItDTI.exe
  2⤵
  PID:10156
- C:\Windows\System\TSwDlWs.exe
  C:\Windows\System\TSwDlWs.exe
  2⤵
  PID:10212
- C:\Windows\System\xNBASRO.exe
  C:\Windows\System\xNBASRO.exe
  2⤵
  PID:9528
- C:\Windows\System\tuTremz.exe
  C:\Windows\System\tuTremz.exe
  2⤵
  PID:9640
- C:\Windows\System\eVBVJWS.exe
  C:\Windows\System\eVBVJWS.exe
  2⤵
  PID:9712
- C:\Windows\System\lzrSAUU.exe
  C:\Windows\System\lzrSAUU.exe
  2⤵
  PID:9756
- C:\Windows\System\qIHvcsi.exe
  C:\Windows\System\qIHvcsi.exe
  2⤵
  PID:9568
- C:\Windows\System\BdaZidD.exe
  C:\Windows\System\BdaZidD.exe
  2⤵
  PID:9916
- C:\Windows\System\veclPNQ.exe
  C:\Windows\System\veclPNQ.exe
  2⤵
  PID:9580
- C:\Windows\System\vGgAzlt.exe
  C:\Windows\System\vGgAzlt.exe
  2⤵
  PID:10028
- C:\Windows\System\LctWZzc.exe
  C:\Windows\System\LctWZzc.exe
  2⤵
  PID:10196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BcxKUpL.exe

Filesize
6.0MB

MD5
e05bc2a82f139efeeed52da2aa4951cf

SHA1
57c706bc57acb8395a8d9c02c51477be5cb1c189

SHA256
9dd434123ab94cbdaefd24a59460e59c1386cae356e489eed1264d7a210f6c65

SHA512
f88c88506879ea606c176b891bff536318c461df115e504d0712b21b8de0ae7795a127a9b448dd172290e4f1b2e30e80f05d78717b88e9c8b869bdc22a6088b3

Download Submit
C:\Windows\system\CnJaWcS.exe

Filesize
6.0MB

MD5
61e66d66c011fb348b937f3c7de11f28

SHA1
ebfe3f95af1f08a7dfdcf764167e6d25b0b71056

SHA256
54d6c59859b66729fc3889f25c169d2e941e9cdbe509d0c2bc6e077f2a9373ed

SHA512
0bfca98c61bb66cb1f5efa18f4437f279dc09c444519b0f90ce0ecb47ebc692e3478d5a753d123f41e41f2ee423ac84ffd2b491bbf85481c78562e54dcfb2f7e

Download Submit
C:\Windows\system\GXZiuLE.exe

Filesize
6.0MB

MD5
2b7e291ec7558c1572993133bc97f6a8

SHA1
9608afca835c4a1145f3e9812aee53fc3305ee69

SHA256
34d929e9dd1d5f2f1cce3053deef2cf0ce4a149c909f50671bade84d65195a80

SHA512
4e664fe30e82350c24d400bfc35d39232c87ad7b6890c82628272b887850132bd7ac75728f273f0e7c681bc93d82937361887ac7bbc824932e2adee5713b93d6

Download Submit
C:\Windows\system\HKHtWZv.exe

Filesize
6.0MB

MD5
1c42e619f7ef362f4b66447978a65cb3

SHA1
a5bf253bebb7821d0657af64cdd4d53112a59e74

SHA256
6f84006beb1635b39161df7c90263336dfd7dbb90f09f0f0a0d21613a192920a

SHA512
8eb82f65bc228669523d153cd882b1d8e97d159a22af6d9c9210284549c9feba0e121476420617604e549c962431afb9c9abd3c4766381be64873c42aafd98f4

Download Submit
C:\Windows\system\HWQmUuV.exe

Filesize
6.0MB

MD5
72404640217529d82284ef60fae7efe2

SHA1
6a23d1022ccdcefe9c8ff8f005c55c3e80340d8b

SHA256
f3cba20ce1ccfc73f53d9fe13122376689247d9b93533f66c8e157ad6b827492

SHA512
7554e3ec9dc740299f8994e19c712a793fef508f57ce360739496a1b0385f698dff96faab61563cab14fb51bf473245cd873b09ce178b5d30f7ed3026e4582c8

Download Submit
C:\Windows\system\HdgMxuw.exe

Filesize
6.0MB

MD5
bdc68976dcb5ee82c56ddb0bfa66c776

SHA1
b5870a8d545bd76d9d25a58f0e7271476fe7fa2f

SHA256
07af04a64dbe548c1b48107e8bebe7a99c846cc26919bc4218c94e0df5c5c95e

SHA512
902ec51a72dfd2ed09967f99adc0c3f23795ae80b0032d43254bf677df7cc7a1e61969e278a4c8f4bcaff4b619c340266e757030b21f019c504be94957645001

Download Submit
C:\Windows\system\IkeYfSQ.exe

Filesize
6.0MB

MD5
900a16f100bf2a8b0f8efa7f67e6b22f

SHA1
0167b6a11d3245d3ef1e0da89eefb9a392df45e6

SHA256
83d87e206c9e9e4089c2cb6af662a087fae01557e4a17d9ed8e65fcadcf7ae9b

SHA512
a3518fb81b4cf8d8e7688bf6b65ddceba95dbb3430512436fb4b62e5408ea39670796b488d4bb95a0b2f6c5078e309d5cc1e476f52b590a39cc36a910b46fe20

Download Submit
C:\Windows\system\MmdPRrv.exe

Filesize
6.0MB

MD5
7a6737e6c984d7846be2a1c1eacc5d60

SHA1
5332a6faccc94fc4357c1da1c349ff9473f00b70

SHA256
16359837f6f1e4f05593c6f79dd9c5d145a454812b926237bedbca596f09c75e

SHA512
842fab8bcc5452f84a7a2b9e414b8feb7aaa3cef36adc82658d5f98489c6641d7c664d71afe81fa01563f85babd7f415937f9c4f5b421d23699929c94953cdfa

Download Submit
C:\Windows\system\MrGcjaa.exe

Filesize
6.0MB

MD5
554d63c671c0a51d7fbbb1b8849e17e2

SHA1
da99b21c171a2d7df9011d2ab2844207549e7872

SHA256
600998211f458e54baa80c6316e86a76200497e693ba3d3f284191900e867f08

SHA512
437a65425c6e1f4797855d583045a85bbd5d4259ec952d7228c1bf1ebfe379472f5d0ba7f34b1dfbd9712057caa0f52085343b94e87445a807601aa960ea4f2e

Download Submit
C:\Windows\system\NrlGBUn.exe

Filesize
6.0MB

MD5
b37aa834e576018a8e40732e1150cf47

SHA1
b3001b7ceb1f77a973216bb788777c14654a21b9

SHA256
96f4e7b3bce0bc79f9cef4c7a82a2ed93a553f77c0a4135f4e95161f0dc2e4cb

SHA512
94cbd11efa1f3e63464c49333e688330c97d0301aa0fb67ef64439c721657d557ea160009bb722dc7c89eefbd397d515a9a9eb278b64040b89bcad2ca9b94da4

Download Submit
C:\Windows\system\OjhyTTh.exe

Filesize
6.0MB

MD5
badddc8092e432c1a50d49b6f0ceebf0

SHA1
3ae1e543dff67b500b4a8e227809dda0460fe7c7

SHA256
96207ae505924c5808a9d075f43ae370557b50d54d4ddbd233912c8c8a5bf052

SHA512
f8cc58b168f0650b01bc34e9fc89785ec84faea5fbe2bc1e1c79d8833bf42a76fd58b8b5ef8977c67e89b69a11a533990582a8aea3ed0766d7a3c80d993f0de3

Download Submit
C:\Windows\system\OldGzgL.exe

Filesize
6.0MB

MD5
7a81f8e81a31e30a9deb7829972204a9

SHA1
96cd63b1b6cdb49b427c017b53abb0bfa391eac6

SHA256
b7d3f85f846ab4a92db7515d866af6c070bf7b16efd272e052019c3b6fe9090b

SHA512
a131bee5eec5a32d692f9286669363dac7e1ab13aa5119ba1efb04a91aae7b496452b09f7528c1cebca1e7ee6eafe59a7c04d8546648fda93eac91a6a561976b

Download Submit
C:\Windows\system\QyLxEXM.exe

Filesize
6.0MB

MD5
7a1fd142b7faa25842065c5d799a0345

SHA1
0cdd8c142f824a919187cea4e9017611f69e3791

SHA256
6db2bd12a8d1b3096a861c975f2bd405aab019fb349c7b5da4192f87c3b4ea0c

SHA512
20b158513318b00b36016297821efcfbed938aecdbd3f9d75b40fab5d3645a26bc488ca43bb59b1361e3f9d1d127385f607d256186d85580f0caed44d0290ec8

Download Submit
C:\Windows\system\ROnlnQY.exe

Filesize
6.0MB

MD5
4dcd4e7b1266eb15a76d42cf30027916

SHA1
158d4c0bac2fa10576a6e9a9a2e74f05abb58edd

SHA256
2f3e273139d36f9bd7bef3d2b3a671b229bbc550a3041a312d1e765b20e8e12d

SHA512
3de72fefcfc4fb9d2b61df5051c8f7704ffa5371012d6b32e4f644a83d088f2ea5104b056ed5fc9a8df68d47ddf2843712940017f15be857b5a1de91cb4462cd

Download Submit
C:\Windows\system\TPukYch.exe

Filesize
6.0MB

MD5
32bae84f7e9455de0fff5c9bf8d20ab0

SHA1
d297a2ea7233e1210b338d9001ee9c0770607444

SHA256
76ac0eb533e17570e2ca2bdd37429c651fd5b1c3d1665a9adedef49a7ae090b5

SHA512
d2e616a79d85a9f64903b288a5f2295d69ecd06e6f002ac687604abed157147f031e836af791518f98862f2360c7f5d4116821e01341c4ab8a9f3a89c3557b9c

Download Submit
C:\Windows\system\UZPVbPl.exe

Filesize
6.0MB

MD5
6f472a5d81861e75422c8addc6d9ff24

SHA1
9a8eb860a1066ba6c754b5fe8bd18f626a73f3a3

SHA256
ae92aa200fa625ade86dcc1e4c383bef0552efc6e8f44d6c065b7bee0252fb0c

SHA512
98211dc40ff4334080639ecd35fc123b13d210e69aad3bd19a2f5fd1473ce3fe189769c29f82fc06e0ad66bd670deb0fc991126d16e691f6b9aba5b40127b73a

Download Submit
C:\Windows\system\YXeXZBt.exe

Filesize
6.0MB

MD5
256e6baa5863df490c09715191c9464b

SHA1
42486571e35a3b6656cfb5fdd4ebeeaab50bc245

SHA256
81da6d73194c4eca538be0bb141dbb79f6b8a7a42c1aaeca1a293ebdb24e5308

SHA512
97d521a48d12c189d1ac2184e53eea809aeb364557971ef227777cec0b9b784f5a926613f55b540ddc1519f0eaa510912f7d78dd46cd940fae314612f28fdef8

Download Submit
C:\Windows\system\ZCJWeWZ.exe

Filesize
6.0MB

MD5
47797e3a64f3db16483c16d29bbcf1cb

SHA1
dff1f7d6997eb1310b90f86975e525518856b332

SHA256
476bf8b1a42b58e88fddd4cb58060c95ccc073b528fac2f5f1a83fea04ae7f60

SHA512
d13791c1df38fabe2497dec95da73f39a86f4a5a254136e56f502ebe9ffd67eb0f0ebefcc041937f8be99cfc0807730dde13b9be6a012c798b28fa0d7903ee83

Download Submit
C:\Windows\system\bFkGveK.exe

Filesize
6.0MB

MD5
2ef12911904aa9e277e3323bd386f048

SHA1
84214d802575c1f4723636dc1d14ef29b0e5cc6b

SHA256
9da1122328c2fcba8442016969cef87eb3b71af98fdd0485762d8a8874621d1b

SHA512
fa07a66345e1398364bfc556505889436dfa8ac6a2b82185ab23f2edbac5e4ba0800a3ca0506e8f9100c3bb2e59ec276dfc9dfcd22fd90e3e4d181bdda6e6a64

Download Submit
C:\Windows\system\lHMjzHI.exe

Filesize
6.0MB

MD5
3b8fd51d15a029c2c003286a19133137

SHA1
b1bcf10010cc2442645f3527d8688197baa361e1

SHA256
aceda63a21e4228c5ef5f849b7885d35ca99e4088014a2bc37f1163a14440552

SHA512
f033c86e4ebf9798ab778767e06617002d7dd75d90f32df5d74ea27fe48715405cfc2c128ff0b8aaa4972b356fee0799018982a364ff41c2b8b329ca361a6a4d

Download Submit
C:\Windows\system\mZdgBkc.exe

Filesize
6.0MB

MD5
32b87c29d624324ac574af23320e3934

SHA1
4289579ac936e0e7ecef7c5b12229711e5d855ae

SHA256
102ffca574eaaae298715591a0341595cf62d167c09f417914ca94c30805e59d

SHA512
a33cff002c9fefc20e20b87d460ebdd63ca08401ce01e4f2bc3341a73faf72b9fc40a18736297639256def016b7cb4f044486a144f5cf46aa77332a06cc737fd

Download Submit
C:\Windows\system\nyYgAxh.exe

Filesize
6.0MB

MD5
aa054cc46378b4c64b678dd5c7e968ad

SHA1
7c2b2bf1cc6977539217b36e648218ff7d7dc877

SHA256
247e844b8391feed35615f72d2c7b5d4427f6ebd7430c988dd6ce939d2c91746

SHA512
2c87ef2a91e8645a59c9bd34a97dd3de6aa741c28c7a9fd98927d8874f0bd3ae8ed621a2c974ee74b6127f74bc91fd10228eac42b429a6018bb99effc8ce65fa

Download Submit
C:\Windows\system\oipZSxa.exe

Filesize
6.0MB

MD5
18b567ea001108342b1b4b1d097bf5cf

SHA1
ebc46dd10b428834891e84bc70d4b86446b083f7

SHA256
ec4dc862394cc50bb84f187e84aea7e07bb57676b1bac41115986915d0258427

SHA512
ea1219a41f84b24412ed3514e93a2b80d0c44ab0143e7590d64ff674955ad0b227b9b27e96cf2b9d470a19bfded82d75906f031694b597622d6ae526d42d1b09

Download Submit
C:\Windows\system\qbyjaOp.exe

Filesize
6.0MB

MD5
f223d14dc51bff45aa15fe025546093a

SHA1
4d0d96045abfa47f1f060182f6ad7f9a6721ba46

SHA256
a44d5eb6982b4c49192b5849179064b3ae0ffc9301dca300965d7e0ca4a100f1

SHA512
e3423509e2d6f8206af3b846d81ff3b7eecc6480dd919b9adc252c7d171320638bf091f931cb98a323f79b9aeab45f9c739b0edca7af39a9c3a50921d8248537

Download Submit
C:\Windows\system\qptagbb.exe

Filesize
6.0MB

MD5
87b83f7f2d9bcd91cd09bd80a41d9f96

SHA1
53721df84c5a6bb3eb927cf16cdaa8648307a4b7

SHA256
f7f3535d46311528bead18a140b72e7f8b4c6a45e7a188119d4958e058a9fdfe

SHA512
9514a891c6c1329ee570d8bd662fc7fea0166a2cc6b78c83f73dfc69e98a9e9cc7eb7a5d89a8416f99298528f4d81c3127cc6dfca40f2216b8b6c4ad045312e0

Download Submit
C:\Windows\system\uAKFFQO.exe

Filesize
6.0MB

MD5
09b209569563e666daf460f1343597c2

SHA1
dc8b5d0e08eff7c82a5f5143561161a6b6ba83c5

SHA256
f2874d20e7662a3cb8d953b4c34ebf5387df1e9832768b2ed8a83698ead89d28

SHA512
595ba232a00f3b10b24d79999da2f644d70755de635a34b03006512800cd6ccb55c56c577c227fd6722a7da2709942887ba798d548c43aa0635225fdbd744159

Download Submit
C:\Windows\system\wVwkjtD.exe

Filesize
6.0MB

MD5
9a7b9e6998327ba441ddb08bf3417b0c

SHA1
aa6acae02d9731b0794b4536fb273b43897b70ae

SHA256
753f9c1eda577ca8790d8a4c9442a6501da5922f2e9563cba054625d01e3dacd

SHA512
b68db97ce4e7bbf3bfe9cd337bdca0708633172625d7c2ced6dd46b1a4d35b531d7dc09c318baf9c35baf29ec2bf203e093c9adffdf7b8a1cb99e3140e96f808

Download Submit
C:\Windows\system\wuWPmdT.exe

Filesize
6.0MB

MD5
8d11201b259a12bd6baba1a96d475589

SHA1
c929e2456834edbc05eb2009e17f7dd8c3117c6d

SHA256
0ea47796d2905b0ed6271e3f4a3fc270e48235415e9b8eb12d082853a024ba91

SHA512
e17fae351a87b30031047262fcb52d9cb145324938e6530ed3651ddcf74af12f39cb31c5be57994dc79a188da610d1c8b9d09c6cf4a1e5c5b902aa89b9f9e357

Download Submit
\Windows\system\KCJuaHQ.exe

Filesize
6.0MB

MD5
586b6e96e62b66ddaf20ef89406e1bdf

SHA1
ffadb014993ea38b35dd26245fc446c33e925521

SHA256
813da9374520da5eda6937330d2fa6c9d43ac4d5e90274d80c391eecb6544235

SHA512
717321c655d5d6da19fec9c51842d5440d2207b628eb4cb5e9168f1849a2a72e5105dd4099934a6fa1d95112d4fd6244f1022f7f841efcb70968ce24554c9471

Download Submit
\Windows\system\dONmYET.exe

Filesize
6.0MB

MD5
53974f54c0ca0d5f3724f112df1253e4

SHA1
73b79b76e452d0560234ef1e4bc9e85a0c6126e6

SHA256
0ed2d951ec2ce4379365339286af5521b130706e2224bcaccb09c16b259d5fdf

SHA512
976706b5432b1f72129fdfad36deda7ac3ba1c3c1ad704d261002e437cae1b3616c49b77ae5b8731f517df9818e632640eb64ba7d25ad00c4b96bae1bc32337f

Download Submit
\Windows\system\iqnpwqy.exe

Filesize
6.0MB

MD5
f1a766a23dfccb296c514d6a7e4bccd6

SHA1
6e56b17e14a922878c36b681262ebccbe63022b1

SHA256
26190b01b7fa6a297af4e70b808f2951f849beef709548bc543648cbcf2019b2

SHA512
e3e1030b73701c2fac968c998138c752374cd84d8b550f89a561752deeb04b15897bd3d06717a2fe3d7acc57644ca3f113eaa7a45a66537832b7a34fcd37fdb5

Download Submit
\Windows\system\wprfqmA.exe

Filesize
6.0MB

MD5
ccf14fc15bba3e49a3a7148ada7b0936

SHA1
b07a9b215f67c138db631eef5bfd55240825cab3

SHA256
a229cc64f3905fe9c5e85d6c492cea4a70d94b78f19d80ba30529eb4d9cd30f5

SHA512
a2bcacc58703834679112daa3f7fa21d1927c618249012f4049817cdea3ce93109ed360675d1b5fc6980198f54790d8287a09f8f1000da972ba5759e535f6b00

Download Submit
\Windows\system\xhnmcRb.exe

Filesize
6.0MB

MD5
341629b3fbc6fc744bd196f23e7cb583

SHA1
d0cba742412502cdfff5d2a1c319a7627dda87ae

SHA256
1db3db09a4ee89dbc6fccca3f251bdc17f1b4e4302a34856fe890434cd92c274

SHA512
4a8555804f6542f191313aded6074b0df4b092fc20f929c7066da9d9a2b8c835c4aeb6b302c12f31ffc6509162f8b1ab4a69b9777e18935a01468d6093ff36f7

Download Submit
memory/308-84-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/308-474-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/308-3214-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/340-645-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/340-89-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/340-3190-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/800-63-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/800-3226-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/984-96-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/984-3227-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/984-826-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2124-102-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-49-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2124-95-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2124-0-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-316-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2124-83-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-473-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-8-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2124-76-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-25-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2124-26-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2124-825-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2124-31-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2124-962-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-90-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2124-101-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2124-69-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2124-39-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-58-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-60-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2196-3189-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2220-3196-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-317-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-77-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-53-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3150-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2668-75-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2668-35-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3138-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2704-59-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2704-18-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3133-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2736-68-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2736-34-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3151-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2780-61-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3134-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2780-21-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3131-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2804-13-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3152-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-78-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-40-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-3192-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-70-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download