cobaltstrike | 6ff30bba9867ef6d5e84b3b9118773d8628ca8c5d8c703d30046f1aae8902287

Analysis

max time kernel
134s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

9acce63f25d2959a6a99d89d77747689
SHA1

9dc709f63e546ced2b149ab4f321bab285595b0f
SHA256

6ff30bba9867ef6d5e84b3b9118773d8628ca8c5d8c703d30046f1aae8902287
SHA512

aabcb6c416f29d38a0ffc2a4cfe737c5495eaf8270c7af0296287398f199fc3ba3df23a3d0d2f70ae5090c8bbde586d159f6a1ccd4665a5e6c7f52008d9b46f5
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU1:T+q56utgpPF8u/71

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017409-12.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001748f-16.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001752f-22.dat	cobalt_reflective_dll
behavioral1/files/0x001600000001866d-27.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000018678-31.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018690-37.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-56.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942f-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947e-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967d-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196be-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019639-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019620-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e4-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019539-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d8-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-61.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-51.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193be-46.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001879b-42.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 57 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2224-0-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0008000000017409-12.dat	xmrig
behavioral1/files/0x000800000001748f-16.dat	xmrig
behavioral1/files/0x000700000001752f-22.dat	xmrig
behavioral1/files/0x001600000001866d-27.dat	xmrig
behavioral1/files/0x000a000000018678-31.dat	xmrig
behavioral1/files/0x0008000000018690-37.dat	xmrig
behavioral1/files/0x00050000000193cc-56.dat	xmrig
behavioral1/files/0x00050000000193df-66.dat	xmrig
behavioral1/files/0x0005000000019401-72.dat	xmrig
behavioral1/files/0x0005000000019403-76.dat	xmrig
behavioral1/files/0x000500000001942f-81.dat	xmrig
behavioral1/files/0x0005000000019441-86.dat	xmrig
behavioral1/files/0x000500000001947e-91.dat	xmrig
behavioral1/files/0x000500000001961f-121.dat	xmrig
behavioral1/files/0x0005000000019629-149.dat	xmrig
behavioral1/files/0x000500000001967d-156.dat	xmrig
behavioral1/files/0x00050000000196be-161.dat	xmrig
behavioral1/files/0x0005000000019639-154.dat	xmrig
behavioral1/files/0x0005000000019625-138.dat	xmrig
behavioral1/files/0x0005000000019621-132.dat	xmrig
behavioral1/files/0x0005000000019627-143.dat	xmrig
behavioral1/files/0x0005000000019623-135.dat	xmrig
behavioral1/files/0x000500000001961b-111.dat	xmrig
behavioral1/files/0x0005000000019620-127.dat	xmrig
behavioral1/files/0x000500000001961d-117.dat	xmrig
behavioral1/files/0x00050000000195e4-106.dat	xmrig
behavioral1/files/0x0005000000019539-101.dat	xmrig
behavioral1/files/0x00050000000194d8-96.dat	xmrig
behavioral1/files/0x00050000000193d9-61.dat	xmrig
behavioral1/files/0x00050000000193c4-51.dat	xmrig
behavioral1/files/0x00070000000193be-46.dat	xmrig
behavioral1/files/0x000800000001879b-42.dat	xmrig
behavioral1/memory/2796-1885-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2708-1920-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2688-1953-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2224-1956-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2716-1989-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2224-2049-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2576-2047-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2720-2070-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2820-2096-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2572-2136-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2676-2275-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2796-2725-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2720-2733-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2688-2729-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2716-2721-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2224-2703-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2820-2743-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2676-2746-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2572-2741-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2576-2738-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2224-3113-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2224-2917-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2708-2690-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

IPbnwPH.exetLiNKSe.exekBUGoYd.exesastOSN.exemjDWehj.exeiCoBZFR.exeZsUdkaB.exegeBEUgr.exeKqodkcq.exerjnktGu.exeJhxHobs.exekszskfP.exeSQaCzLk.exeVFvtKcJ.exeVWkMNxM.exeMygSGrr.exevnokYpX.exedBhglgM.exeTqTdISa.exeZENCIWT.exefXRdoOz.exeiqWfAIU.exefelEfgT.exeRuVBKuS.exeqZwurSG.exeqpGonmB.exeUNGMjZs.exeCOXuMCO.exeLSIGsKv.exeMbZlbza.exeWbyHkPn.exefycLwxZ.exezZepCIM.exegacSQhA.exeMySsQtR.exemhWHWhg.exeTfsCNaQ.execVqqLmO.exetWrawRx.exeAgLtZhL.exesgnTQYV.exePWvKvFp.execihgWpv.exejRleXNP.exegtJmcrk.exeitbKkCJ.exeMEUPMTs.exeInhOcOE.exepdioeqj.exeRyoCpOS.exeweeWvKP.exeljisMHL.exePFebMxo.exeYWucyYb.exeKRXoLpE.exeIfxryvJ.exeWWIlAqa.exeWzRBxln.exentujxBx.exeyuHQDMc.exejpaTOPw.exettAaAgY.exeOcjufDL.exeQYYzTnf.exe

pid	Process
2696	IPbnwPH.exe
2796	tLiNKSe.exe
2708	kBUGoYd.exe
2688	sastOSN.exe
2716	mjDWehj.exe
2576	iCoBZFR.exe
2720	ZsUdkaB.exe
2820	geBEUgr.exe
2572	Kqodkcq.exe
2676	rjnktGu.exe
1984	JhxHobs.exe
1488	kszskfP.exe
2944	SQaCzLk.exe
2220	VFvtKcJ.exe
776	VWkMNxM.exe
1124	MygSGrr.exe
2872	vnokYpX.exe
688	dBhglgM.exe
2880	TqTdISa.exe
1684	ZENCIWT.exe
476	fXRdoOz.exe
3008	iqWfAIU.exe
2920	felEfgT.exe
2404	RuVBKuS.exe
1964	qZwurSG.exe
2392	qpGonmB.exe
2748	UNGMjZs.exe
1156	COXuMCO.exe
1232	LSIGsKv.exe
1292	MbZlbza.exe
2732	WbyHkPn.exe
1648	fycLwxZ.exe
2524	zZepCIM.exe
1272	gacSQhA.exe
1256	MySsQtR.exe
2120	mhWHWhg.exe
1320	TfsCNaQ.exe
1680	cVqqLmO.exe
1740	tWrawRx.exe
1640	AgLtZhL.exe
1540	sgnTQYV.exe
2444	PWvKvFp.exe
844	cihgWpv.exe
3020	jRleXNP.exe
1560	gtJmcrk.exe
2004	itbKkCJ.exe
1000	MEUPMTs.exe
2280	InhOcOE.exe
2332	pdioeqj.exe
2336	RyoCpOS.exe
884	weeWvKP.exe
352	ljisMHL.exe
2176	PFebMxo.exe
2032	YWucyYb.exe
2660	KRXoLpE.exe
912	IfxryvJ.exe
1716	WWIlAqa.exe
2680	WzRBxln.exe
2164	ntujxBx.exe
2724	yuHQDMc.exe
2568	jpaTOPw.exe
1396	ttAaAgY.exe
1996	OcjufDL.exe
2100	QYYzTnf.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 53 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2224-0-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0008000000017409-12.dat	upx
behavioral1/files/0x000800000001748f-16.dat	upx
behavioral1/files/0x000700000001752f-22.dat	upx
behavioral1/files/0x001600000001866d-27.dat	upx
behavioral1/files/0x000a000000018678-31.dat	upx
behavioral1/files/0x0008000000018690-37.dat	upx
behavioral1/files/0x00050000000193cc-56.dat	upx
behavioral1/files/0x00050000000193df-66.dat	upx
behavioral1/files/0x0005000000019401-72.dat	upx
behavioral1/files/0x0005000000019403-76.dat	upx
behavioral1/files/0x000500000001942f-81.dat	upx
behavioral1/files/0x0005000000019441-86.dat	upx
behavioral1/files/0x000500000001947e-91.dat	upx
behavioral1/files/0x000500000001961f-121.dat	upx
behavioral1/files/0x0005000000019629-149.dat	upx
behavioral1/files/0x000500000001967d-156.dat	upx
behavioral1/files/0x00050000000196be-161.dat	upx
behavioral1/files/0x0005000000019639-154.dat	upx
behavioral1/files/0x0005000000019625-138.dat	upx
behavioral1/files/0x0005000000019621-132.dat	upx
behavioral1/files/0x0005000000019627-143.dat	upx
behavioral1/files/0x0005000000019623-135.dat	upx
behavioral1/files/0x000500000001961b-111.dat	upx
behavioral1/files/0x0005000000019620-127.dat	upx
behavioral1/files/0x000500000001961d-117.dat	upx
behavioral1/files/0x00050000000195e4-106.dat	upx
behavioral1/files/0x0005000000019539-101.dat	upx
behavioral1/files/0x00050000000194d8-96.dat	upx
behavioral1/files/0x00050000000193d9-61.dat	upx
behavioral1/files/0x00050000000193c4-51.dat	upx
behavioral1/files/0x00070000000193be-46.dat	upx
behavioral1/files/0x000800000001879b-42.dat	upx
behavioral1/memory/2796-1885-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2708-1920-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2688-1953-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2716-1989-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2576-2047-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2720-2070-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2820-2096-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2572-2136-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2676-2275-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2796-2725-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2720-2733-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2688-2729-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2716-2721-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2224-2703-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2820-2743-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2676-2746-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2572-2741-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2576-2738-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2708-2690-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\AeGMvYd.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oqhHuYN.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WOSWgUK.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HwUwjIi.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tuOZirr.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lDvTYND.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VAnOoFP.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MiSOiyT.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLpaZsR.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uRUwWiZ.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xtYpkGq.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nMLXxcA.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ruTfloX.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ovJFKAS.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GCixrBP.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIEARRe.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vqgiAeX.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jlAcxrw.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGLdeFq.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\txLzcKA.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLrMZcz.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VmXemcB.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jRSVOtq.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XeqwcQs.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bhYmuyi.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GaDMbwv.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmtZacq.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OOFdYsx.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\emIOWPQ.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JJqzfbh.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IcAEpPx.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bUDBRCb.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kEyaJjL.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUpAKPI.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qolBMAF.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uAAavIe.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHuhCir.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRgwwAU.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZxLGqau.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GLRmUCP.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GGSTaSj.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zglxZsN.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SjMeKuL.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WrFngWb.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjDdCUv.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YmVvvxG.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uOvQSlq.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WAnZweG.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVuckLc.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\madQORp.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\epnJMlU.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MEUPMTs.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bdSJuWb.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xiqCORx.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xXLbDtK.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aeGVhKm.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jJJyanu.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxMHRSY.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rgvkmTj.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VvEGZHY.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DGbbyls.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LZLVlgW.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XcqQHcs.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nHwfHFO.exe	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 2224 wrote to memory of 2696	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2224 wrote to memory of 2696	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2224 wrote to memory of 2696	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2224 wrote to memory of 2796	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2224 wrote to memory of 2796	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2224 wrote to memory of 2796	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2224 wrote to memory of 2708	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2224 wrote to memory of 2708	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2224 wrote to memory of 2708	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2224 wrote to memory of 2688	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2224 wrote to memory of 2688	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2224 wrote to memory of 2688	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2224 wrote to memory of 2716	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2224 wrote to memory of 2716	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2224 wrote to memory of 2716	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2224 wrote to memory of 2576	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2224 wrote to memory of 2576	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2224 wrote to memory of 2576	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2224 wrote to memory of 2720	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2224 wrote to memory of 2720	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2224 wrote to memory of 2720	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2224 wrote to memory of 2820	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2224 wrote to memory of 2820	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2224 wrote to memory of 2820	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2224 wrote to memory of 2572	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2224 wrote to memory of 2572	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2224 wrote to memory of 2572	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2224 wrote to memory of 2676	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2224 wrote to memory of 2676	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2224 wrote to memory of 2676	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2224 wrote to memory of 1984	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2224 wrote to memory of 1984	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2224 wrote to memory of 1984	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2224 wrote to memory of 1488	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2224 wrote to memory of 1488	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2224 wrote to memory of 1488	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2224 wrote to memory of 2944	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2224 wrote to memory of 2944	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2224 wrote to memory of 2944	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2224 wrote to memory of 2220	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2224 wrote to memory of 2220	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2224 wrote to memory of 2220	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2224 wrote to memory of 776	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2224 wrote to memory of 776	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2224 wrote to memory of 776	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2224 wrote to memory of 1124	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2224 wrote to memory of 1124	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2224 wrote to memory of 1124	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2224 wrote to memory of 2872	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2224 wrote to memory of 2872	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2224 wrote to memory of 2872	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2224 wrote to memory of 688	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2224 wrote to memory of 688	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2224 wrote to memory of 688	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2224 wrote to memory of 2880	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2224 wrote to memory of 2880	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2224 wrote to memory of 2880	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2224 wrote to memory of 1684	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2224 wrote to memory of 1684	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2224 wrote to memory of 1684	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2224 wrote to memory of 476	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2224 wrote to memory of 476	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2224 wrote to memory of 476	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2224 wrote to memory of 3008	2224	2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_9acce63f25d2959a6a99d89d77747689_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\System\IPbnwPH.exe
  C:\Windows\System\IPbnwPH.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\tLiNKSe.exe
  C:\Windows\System\tLiNKSe.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\kBUGoYd.exe
  C:\Windows\System\kBUGoYd.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\sastOSN.exe
  C:\Windows\System\sastOSN.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\mjDWehj.exe
  C:\Windows\System\mjDWehj.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\iCoBZFR.exe
  C:\Windows\System\iCoBZFR.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\ZsUdkaB.exe
  C:\Windows\System\ZsUdkaB.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\geBEUgr.exe
  C:\Windows\System\geBEUgr.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\Kqodkcq.exe
  C:\Windows\System\Kqodkcq.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\rjnktGu.exe
  C:\Windows\System\rjnktGu.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\JhxHobs.exe
  C:\Windows\System\JhxHobs.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\kszskfP.exe
  C:\Windows\System\kszskfP.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\SQaCzLk.exe
  C:\Windows\System\SQaCzLk.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\VFvtKcJ.exe
  C:\Windows\System\VFvtKcJ.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\VWkMNxM.exe
  C:\Windows\System\VWkMNxM.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\MygSGrr.exe
  C:\Windows\System\MygSGrr.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\vnokYpX.exe
  C:\Windows\System\vnokYpX.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\dBhglgM.exe
  C:\Windows\System\dBhglgM.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\TqTdISa.exe
  C:\Windows\System\TqTdISa.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\ZENCIWT.exe
  C:\Windows\System\ZENCIWT.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\fXRdoOz.exe
  C:\Windows\System\fXRdoOz.exe
  2⤵
  - Executes dropped EXE
  PID:476
- C:\Windows\System\iqWfAIU.exe
  C:\Windows\System\iqWfAIU.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\felEfgT.exe
  C:\Windows\System\felEfgT.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\RuVBKuS.exe
  C:\Windows\System\RuVBKuS.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\qZwurSG.exe
  C:\Windows\System\qZwurSG.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\qpGonmB.exe
  C:\Windows\System\qpGonmB.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\UNGMjZs.exe
  C:\Windows\System\UNGMjZs.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\LSIGsKv.exe
  C:\Windows\System\LSIGsKv.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\COXuMCO.exe
  C:\Windows\System\COXuMCO.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\fycLwxZ.exe
  C:\Windows\System\fycLwxZ.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\MbZlbza.exe
  C:\Windows\System\MbZlbza.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\zZepCIM.exe
  C:\Windows\System\zZepCIM.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\WbyHkPn.exe
  C:\Windows\System\WbyHkPn.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\gacSQhA.exe
  C:\Windows\System\gacSQhA.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\MySsQtR.exe
  C:\Windows\System\MySsQtR.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\mhWHWhg.exe
  C:\Windows\System\mhWHWhg.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\TfsCNaQ.exe
  C:\Windows\System\TfsCNaQ.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\cVqqLmO.exe
  C:\Windows\System\cVqqLmO.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\tWrawRx.exe
  C:\Windows\System\tWrawRx.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\AgLtZhL.exe
  C:\Windows\System\AgLtZhL.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\sgnTQYV.exe
  C:\Windows\System\sgnTQYV.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\PWvKvFp.exe
  C:\Windows\System\PWvKvFp.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\cihgWpv.exe
  C:\Windows\System\cihgWpv.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\itbKkCJ.exe
  C:\Windows\System\itbKkCJ.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\jRleXNP.exe
  C:\Windows\System\jRleXNP.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\InhOcOE.exe
  C:\Windows\System\InhOcOE.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\gtJmcrk.exe
  C:\Windows\System\gtJmcrk.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\pdioeqj.exe
  C:\Windows\System\pdioeqj.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\MEUPMTs.exe
  C:\Windows\System\MEUPMTs.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\RyoCpOS.exe
  C:\Windows\System\RyoCpOS.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\weeWvKP.exe
  C:\Windows\System\weeWvKP.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\YWucyYb.exe
  C:\Windows\System\YWucyYb.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\ljisMHL.exe
  C:\Windows\System\ljisMHL.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\IfxryvJ.exe
  C:\Windows\System\IfxryvJ.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\PFebMxo.exe
  C:\Windows\System\PFebMxo.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\WWIlAqa.exe
  C:\Windows\System\WWIlAqa.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\KRXoLpE.exe
  C:\Windows\System\KRXoLpE.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\WzRBxln.exe
  C:\Windows\System\WzRBxln.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\ntujxBx.exe
  C:\Windows\System\ntujxBx.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\yuHQDMc.exe
  C:\Windows\System\yuHQDMc.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\jpaTOPw.exe
  C:\Windows\System\jpaTOPw.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\ttAaAgY.exe
  C:\Windows\System\ttAaAgY.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\OcjufDL.exe
  C:\Windows\System\OcjufDL.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\QYYzTnf.exe
  C:\Windows\System\QYYzTnf.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\onsLhJK.exe
  C:\Windows\System\onsLhJK.exe
  2⤵
  PID:1800
- C:\Windows\System\uaYkzmj.exe
  C:\Windows\System\uaYkzmj.exe
  2⤵
  PID:1636
- C:\Windows\System\ustugAS.exe
  C:\Windows\System\ustugAS.exe
  2⤵
  PID:564
- C:\Windows\System\cOUSkqN.exe
  C:\Windows\System\cOUSkqN.exe
  2⤵
  PID:2436
- C:\Windows\System\OrWSHgS.exe
  C:\Windows\System\OrWSHgS.exe
  2⤵
  PID:1912
- C:\Windows\System\llQvOAV.exe
  C:\Windows\System\llQvOAV.exe
  2⤵
  PID:3012
- C:\Windows\System\wlYjJOC.exe
  C:\Windows\System\wlYjJOC.exe
  2⤵
  PID:2144
- C:\Windows\System\xGKSMTK.exe
  C:\Windows\System\xGKSMTK.exe
  2⤵
  PID:2200
- C:\Windows\System\XsbDvIT.exe
  C:\Windows\System\XsbDvIT.exe
  2⤵
  PID:2412
- C:\Windows\System\fcrSCAT.exe
  C:\Windows\System\fcrSCAT.exe
  2⤵
  PID:448
- C:\Windows\System\VYnoPnC.exe
  C:\Windows\System\VYnoPnC.exe
  2⤵
  PID:2240
- C:\Windows\System\afxThKk.exe
  C:\Windows\System\afxThKk.exe
  2⤵
  PID:1860
- C:\Windows\System\VfNnPli.exe
  C:\Windows\System\VfNnPli.exe
  2⤵
  PID:592
- C:\Windows\System\SYUgNUC.exe
  C:\Windows\System\SYUgNUC.exe
  2⤵
  PID:1556
- C:\Windows\System\wzwGTFp.exe
  C:\Windows\System\wzwGTFp.exe
  2⤵
  PID:1356
- C:\Windows\System\KTzwIox.exe
  C:\Windows\System\KTzwIox.exe
  2⤵
  PID:2060
- C:\Windows\System\ztCyHxx.exe
  C:\Windows\System\ztCyHxx.exe
  2⤵
  PID:2468
- C:\Windows\System\FvjwjHu.exe
  C:\Windows\System\FvjwjHu.exe
  2⤵
  PID:2460
- C:\Windows\System\FBpubTn.exe
  C:\Windows\System\FBpubTn.exe
  2⤵
  PID:2500
- C:\Windows\System\EgACnrM.exe
  C:\Windows\System\EgACnrM.exe
  2⤵
  PID:2520
- C:\Windows\System\mhjyaoC.exe
  C:\Windows\System\mhjyaoC.exe
  2⤵
  PID:2040
- C:\Windows\System\zTWfotf.exe
  C:\Windows\System\zTWfotf.exe
  2⤵
  PID:1940
- C:\Windows\System\EzXVUww.exe
  C:\Windows\System\EzXVUww.exe
  2⤵
  PID:2472
- C:\Windows\System\BEKKvIj.exe
  C:\Windows\System\BEKKvIj.exe
  2⤵
  PID:1968
- C:\Windows\System\hWQqTuf.exe
  C:\Windows\System\hWQqTuf.exe
  2⤵
  PID:2800
- C:\Windows\System\LiuOHxF.exe
  C:\Windows\System\LiuOHxF.exe
  2⤵
  PID:1364
- C:\Windows\System\lsohdxg.exe
  C:\Windows\System\lsohdxg.exe
  2⤵
  PID:988
- C:\Windows\System\uhkYJZI.exe
  C:\Windows\System\uhkYJZI.exe
  2⤵
  PID:2580
- C:\Windows\System\vwtQuol.exe
  C:\Windows\System\vwtQuol.exe
  2⤵
  PID:2556
- C:\Windows\System\NRXEcld.exe
  C:\Windows\System\NRXEcld.exe
  2⤵
  PID:1824
- C:\Windows\System\XvmQgmq.exe
  C:\Windows\System\XvmQgmq.exe
  2⤵
  PID:1100
- C:\Windows\System\jEYMIfm.exe
  C:\Windows\System\jEYMIfm.exe
  2⤵
  PID:604
- C:\Windows\System\FRucgAn.exe
  C:\Windows\System\FRucgAn.exe
  2⤵
  PID:408
- C:\Windows\System\Jljuqha.exe
  C:\Windows\System\Jljuqha.exe
  2⤵
  PID:832
- C:\Windows\System\VAnOoFP.exe
  C:\Windows\System\VAnOoFP.exe
  2⤵
  PID:1544
- C:\Windows\System\GPypoBY.exe
  C:\Windows\System\GPypoBY.exe
  2⤵
  PID:3036
- C:\Windows\System\GNeWJsO.exe
  C:\Windows\System\GNeWJsO.exe
  2⤵
  PID:2900
- C:\Windows\System\OuiJEkq.exe
  C:\Windows\System\OuiJEkq.exe
  2⤵
  PID:2532
- C:\Windows\System\VtMUrzc.exe
  C:\Windows\System\VtMUrzc.exe
  2⤵
  PID:2232
- C:\Windows\System\FohmpNE.exe
  C:\Windows\System\FohmpNE.exe
  2⤵
  PID:1712
- C:\Windows\System\nOQceOA.exe
  C:\Windows\System\nOQceOA.exe
  2⤵
  PID:992
- C:\Windows\System\dNWRvKy.exe
  C:\Windows\System\dNWRvKy.exe
  2⤵
  PID:2808
- C:\Windows\System\eWeNAvM.exe
  C:\Windows\System\eWeNAvM.exe
  2⤵
  PID:1192
- C:\Windows\System\thOBHzA.exe
  C:\Windows\System\thOBHzA.exe
  2⤵
  PID:2636
- C:\Windows\System\lsVUsoi.exe
  C:\Windows\System\lsVUsoi.exe
  2⤵
  PID:2968
- C:\Windows\System\tLrMZcz.exe
  C:\Windows\System\tLrMZcz.exe
  2⤵
  PID:2456
- C:\Windows\System\iNpBrTV.exe
  C:\Windows\System\iNpBrTV.exe
  2⤵
  PID:852
- C:\Windows\System\BoEyjVw.exe
  C:\Windows\System\BoEyjVw.exe
  2⤵
  PID:2600
- C:\Windows\System\rihyHkj.exe
  C:\Windows\System\rihyHkj.exe
  2⤵
  PID:1696
- C:\Windows\System\VTqBkaR.exe
  C:\Windows\System\VTqBkaR.exe
  2⤵
  PID:2248
- C:\Windows\System\ehVlzgq.exe
  C:\Windows\System\ehVlzgq.exe
  2⤵
  PID:784
- C:\Windows\System\WlAexJF.exe
  C:\Windows\System\WlAexJF.exe
  2⤵
  PID:1548
- C:\Windows\System\yPLGhQW.exe
  C:\Windows\System\yPLGhQW.exe
  2⤵
  PID:2044
- C:\Windows\System\njxMaAp.exe
  C:\Windows\System\njxMaAp.exe
  2⤵
  PID:1620
- C:\Windows\System\VnFwXGs.exe
  C:\Windows\System\VnFwXGs.exe
  2⤵
  PID:1608
- C:\Windows\System\achcSFw.exe
  C:\Windows\System\achcSFw.exe
  2⤵
  PID:1584
- C:\Windows\System\CzNoYTn.exe
  C:\Windows\System\CzNoYTn.exe
  2⤵
  PID:2056
- C:\Windows\System\kmoKYHS.exe
  C:\Windows\System\kmoKYHS.exe
  2⤵
  PID:2644
- C:\Windows\System\thmkaol.exe
  C:\Windows\System\thmkaol.exe
  2⤵
  PID:3096
- C:\Windows\System\PdRiCtg.exe
  C:\Windows\System\PdRiCtg.exe
  2⤵
  PID:3116
- C:\Windows\System\ArRwwdZ.exe
  C:\Windows\System\ArRwwdZ.exe
  2⤵
  PID:3136
- C:\Windows\System\MxMHRSY.exe
  C:\Windows\System\MxMHRSY.exe
  2⤵
  PID:3152
- C:\Windows\System\cncbkyL.exe
  C:\Windows\System\cncbkyL.exe
  2⤵
  PID:3172
- C:\Windows\System\ClpSRtZ.exe
  C:\Windows\System\ClpSRtZ.exe
  2⤵
  PID:3196
- C:\Windows\System\GZcGtKu.exe
  C:\Windows\System\GZcGtKu.exe
  2⤵
  PID:3216
- C:\Windows\System\DNwnmnW.exe
  C:\Windows\System\DNwnmnW.exe
  2⤵
  PID:3236
- C:\Windows\System\nSbHChm.exe
  C:\Windows\System\nSbHChm.exe
  2⤵
  PID:3256
- C:\Windows\System\nzjVexm.exe
  C:\Windows\System\nzjVexm.exe
  2⤵
  PID:3276
- C:\Windows\System\vTHWHZL.exe
  C:\Windows\System\vTHWHZL.exe
  2⤵
  PID:3292
- C:\Windows\System\DZzUfGu.exe
  C:\Windows\System\DZzUfGu.exe
  2⤵
  PID:3316
- C:\Windows\System\RdfouFI.exe
  C:\Windows\System\RdfouFI.exe
  2⤵
  PID:3332
- C:\Windows\System\ZNAGKzd.exe
  C:\Windows\System\ZNAGKzd.exe
  2⤵
  PID:3356
- C:\Windows\System\rvFfrrY.exe
  C:\Windows\System\rvFfrrY.exe
  2⤵
  PID:3376
- C:\Windows\System\nlIhRwX.exe
  C:\Windows\System\nlIhRwX.exe
  2⤵
  PID:3396
- C:\Windows\System\NCuHxhm.exe
  C:\Windows\System\NCuHxhm.exe
  2⤵
  PID:3420
- C:\Windows\System\LsyNxBi.exe
  C:\Windows\System\LsyNxBi.exe
  2⤵
  PID:3436
- C:\Windows\System\PSebpFq.exe
  C:\Windows\System\PSebpFq.exe
  2⤵
  PID:3460
- C:\Windows\System\JBUZpvX.exe
  C:\Windows\System\JBUZpvX.exe
  2⤵
  PID:3480
- C:\Windows\System\ROIfCwK.exe
  C:\Windows\System\ROIfCwK.exe
  2⤵
  PID:3500
- C:\Windows\System\nIQrXGm.exe
  C:\Windows\System\nIQrXGm.exe
  2⤵
  PID:3520
- C:\Windows\System\RBKOPeB.exe
  C:\Windows\System\RBKOPeB.exe
  2⤵
  PID:3540
- C:\Windows\System\RkdlfIj.exe
  C:\Windows\System\RkdlfIj.exe
  2⤵
  PID:3560
- C:\Windows\System\jdZnxWH.exe
  C:\Windows\System\jdZnxWH.exe
  2⤵
  PID:3580
- C:\Windows\System\VuqRurj.exe
  C:\Windows\System\VuqRurj.exe
  2⤵
  PID:3596
- C:\Windows\System\ZnmARPs.exe
  C:\Windows\System\ZnmARPs.exe
  2⤵
  PID:3616
- C:\Windows\System\dGadRaf.exe
  C:\Windows\System\dGadRaf.exe
  2⤵
  PID:3640
- C:\Windows\System\nlAVRrP.exe
  C:\Windows\System\nlAVRrP.exe
  2⤵
  PID:3660
- C:\Windows\System\VajvaYz.exe
  C:\Windows\System\VajvaYz.exe
  2⤵
  PID:3680
- C:\Windows\System\mZkJzBF.exe
  C:\Windows\System\mZkJzBF.exe
  2⤵
  PID:3700
- C:\Windows\System\rHbwIFj.exe
  C:\Windows\System\rHbwIFj.exe
  2⤵
  PID:3716
- C:\Windows\System\VhfGVXL.exe
  C:\Windows\System\VhfGVXL.exe
  2⤵
  PID:3736
- C:\Windows\System\UljFOgH.exe
  C:\Windows\System\UljFOgH.exe
  2⤵
  PID:3760
- C:\Windows\System\ZdpXVzE.exe
  C:\Windows\System\ZdpXVzE.exe
  2⤵
  PID:3780
- C:\Windows\System\OBNsrMv.exe
  C:\Windows\System\OBNsrMv.exe
  2⤵
  PID:3800
- C:\Windows\System\pwaTKAj.exe
  C:\Windows\System\pwaTKAj.exe
  2⤵
  PID:3820
- C:\Windows\System\avvgIIc.exe
  C:\Windows\System\avvgIIc.exe
  2⤵
  PID:3840
- C:\Windows\System\GupUMKA.exe
  C:\Windows\System\GupUMKA.exe
  2⤵
  PID:3860
- C:\Windows\System\KTTcKoj.exe
  C:\Windows\System\KTTcKoj.exe
  2⤵
  PID:3880
- C:\Windows\System\DqJNTol.exe
  C:\Windows\System\DqJNTol.exe
  2⤵
  PID:3900
- C:\Windows\System\gkVqKcS.exe
  C:\Windows\System\gkVqKcS.exe
  2⤵
  PID:3920
- C:\Windows\System\ZPdjTQI.exe
  C:\Windows\System\ZPdjTQI.exe
  2⤵
  PID:3940
- C:\Windows\System\DxQQJmc.exe
  C:\Windows\System\DxQQJmc.exe
  2⤵
  PID:3964
- C:\Windows\System\TpRAKUN.exe
  C:\Windows\System\TpRAKUN.exe
  2⤵
  PID:3984
- C:\Windows\System\qejkQmU.exe
  C:\Windows\System\qejkQmU.exe
  2⤵
  PID:4004
- C:\Windows\System\ILDEjvQ.exe
  C:\Windows\System\ILDEjvQ.exe
  2⤵
  PID:4020
- C:\Windows\System\kchwBtd.exe
  C:\Windows\System\kchwBtd.exe
  2⤵
  PID:4044
- C:\Windows\System\kaXItjc.exe
  C:\Windows\System\kaXItjc.exe
  2⤵
  PID:4060
- C:\Windows\System\zLpaZsR.exe
  C:\Windows\System\zLpaZsR.exe
  2⤵
  PID:4084
- C:\Windows\System\oyaEbQU.exe
  C:\Windows\System\oyaEbQU.exe
  2⤵
  PID:1808
- C:\Windows\System\dVVVXBX.exe
  C:\Windows\System\dVVVXBX.exe
  2⤵
  PID:1656
- C:\Windows\System\iDojRCj.exe
  C:\Windows\System\iDojRCj.exe
  2⤵
  PID:2424
- C:\Windows\System\VTUFdWY.exe
  C:\Windows\System\VTUFdWY.exe
  2⤵
  PID:1700
- C:\Windows\System\owRwCAb.exe
  C:\Windows\System\owRwCAb.exe
  2⤵
  PID:2996
- C:\Windows\System\RNZMtbY.exe
  C:\Windows\System\RNZMtbY.exe
  2⤵
  PID:1512
- C:\Windows\System\lohcZAn.exe
  C:\Windows\System\lohcZAn.exe
  2⤵
  PID:1576
- C:\Windows\System\WeiOcBs.exe
  C:\Windows\System\WeiOcBs.exe
  2⤵
  PID:3104
- C:\Windows\System\rGIYbuQ.exe
  C:\Windows\System\rGIYbuQ.exe
  2⤵
  PID:3124
- C:\Windows\System\kEEYbhS.exe
  C:\Windows\System\kEEYbhS.exe
  2⤵
  PID:3180
- C:\Windows\System\dqHXOLR.exe
  C:\Windows\System\dqHXOLR.exe
  2⤵
  PID:3160
- C:\Windows\System\uOvQSlq.exe
  C:\Windows\System\uOvQSlq.exe
  2⤵
  PID:3232
- C:\Windows\System\YTGOikE.exe
  C:\Windows\System\YTGOikE.exe
  2⤵
  PID:3248
- C:\Windows\System\OonlFSU.exe
  C:\Windows\System\OonlFSU.exe
  2⤵
  PID:3284
- C:\Windows\System\flQyhJb.exe
  C:\Windows\System\flQyhJb.exe
  2⤵
  PID:3304
- C:\Windows\System\SCBiBeN.exe
  C:\Windows\System\SCBiBeN.exe
  2⤵
  PID:3352
- C:\Windows\System\eQmdNhx.exe
  C:\Windows\System\eQmdNhx.exe
  2⤵
  PID:3392
- C:\Windows\System\emIOWPQ.exe
  C:\Windows\System\emIOWPQ.exe
  2⤵
  PID:3408
- C:\Windows\System\Bzkfptd.exe
  C:\Windows\System\Bzkfptd.exe
  2⤵
  PID:3468
- C:\Windows\System\MxnKwkC.exe
  C:\Windows\System\MxnKwkC.exe
  2⤵
  PID:3516
- C:\Windows\System\dkvHSHT.exe
  C:\Windows\System\dkvHSHT.exe
  2⤵
  PID:3512
- C:\Windows\System\cbAeSiA.exe
  C:\Windows\System\cbAeSiA.exe
  2⤵
  PID:3552
- C:\Windows\System\NESxBoV.exe
  C:\Windows\System\NESxBoV.exe
  2⤵
  PID:3572
- C:\Windows\System\cGGHkIU.exe
  C:\Windows\System\cGGHkIU.exe
  2⤵
  PID:3632
- C:\Windows\System\gDZPMkc.exe
  C:\Windows\System\gDZPMkc.exe
  2⤵
  PID:3652
- C:\Windows\System\HztQRMU.exe
  C:\Windows\System\HztQRMU.exe
  2⤵
  PID:3696
- C:\Windows\System\MRVsHIP.exe
  C:\Windows\System\MRVsHIP.exe
  2⤵
  PID:3692
- C:\Windows\System\yULFlVq.exe
  C:\Windows\System\yULFlVq.exe
  2⤵
  PID:3412
- C:\Windows\System\JgambGX.exe
  C:\Windows\System\JgambGX.exe
  2⤵
  PID:3792
- C:\Windows\System\DSWhziF.exe
  C:\Windows\System\DSWhziF.exe
  2⤵
  PID:3816
- C:\Windows\System\JLNWpYF.exe
  C:\Windows\System\JLNWpYF.exe
  2⤵
  PID:3868
- C:\Windows\System\VmXemcB.exe
  C:\Windows\System\VmXemcB.exe
  2⤵
  PID:3888
- C:\Windows\System\SAIduam.exe
  C:\Windows\System\SAIduam.exe
  2⤵
  PID:3916
- C:\Windows\System\WAnZweG.exe
  C:\Windows\System\WAnZweG.exe
  2⤵
  PID:3936
- C:\Windows\System\oHmukUt.exe
  C:\Windows\System\oHmukUt.exe
  2⤵
  PID:3996
- C:\Windows\System\lJaWtyB.exe
  C:\Windows\System\lJaWtyB.exe
  2⤵
  PID:4040
- C:\Windows\System\dfadiGV.exe
  C:\Windows\System\dfadiGV.exe
  2⤵
  PID:4016
- C:\Windows\System\lpxjyzL.exe
  C:\Windows\System\lpxjyzL.exe
  2⤵
  PID:4092
- C:\Windows\System\qLNJISu.exe
  C:\Windows\System\qLNJISu.exe
  2⤵
  PID:2908
- C:\Windows\System\UlMGKvu.exe
  C:\Windows\System\UlMGKvu.exe
  2⤵
  PID:2384
- C:\Windows\System\cFqKjcC.exe
  C:\Windows\System\cFqKjcC.exe
  2⤵
  PID:2308
- C:\Windows\System\VaNKFrV.exe
  C:\Windows\System\VaNKFrV.exe
  2⤵
  PID:928
- C:\Windows\System\jxgbyaC.exe
  C:\Windows\System\jxgbyaC.exe
  2⤵
  PID:3144
- C:\Windows\System\twtdTxy.exe
  C:\Windows\System\twtdTxy.exe
  2⤵
  PID:2624
- C:\Windows\System\lObPmAU.exe
  C:\Windows\System\lObPmAU.exe
  2⤵
  PID:3204
- C:\Windows\System\nbFSEbl.exe
  C:\Windows\System\nbFSEbl.exe
  2⤵
  PID:3300
- C:\Windows\System\NbfUPON.exe
  C:\Windows\System\NbfUPON.exe
  2⤵
  PID:3324
- C:\Windows\System\gDRlDXi.exe
  C:\Windows\System\gDRlDXi.exe
  2⤵
  PID:3372
- C:\Windows\System\nTOnHoh.exe
  C:\Windows\System\nTOnHoh.exe
  2⤵
  PID:3444
- C:\Windows\System\IXujjXK.exe
  C:\Windows\System\IXujjXK.exe
  2⤵
  PID:3452
- C:\Windows\System\hnJwXrB.exe
  C:\Windows\System\hnJwXrB.exe
  2⤵
  PID:3492
- C:\Windows\System\WFkEnSM.exe
  C:\Windows\System\WFkEnSM.exe
  2⤵
  PID:3592
- C:\Windows\System\loIvBKS.exe
  C:\Windows\System\loIvBKS.exe
  2⤵
  PID:3688
- C:\Windows\System\LBwmkXq.exe
  C:\Windows\System\LBwmkXq.exe
  2⤵
  PID:3744
- C:\Windows\System\AEltUnG.exe
  C:\Windows\System\AEltUnG.exe
  2⤵
  PID:3752
- C:\Windows\System\kVLRETh.exe
  C:\Windows\System\kVLRETh.exe
  2⤵
  PID:3832
- C:\Windows\System\kcmAsJc.exe
  C:\Windows\System\kcmAsJc.exe
  2⤵
  PID:3948
- C:\Windows\System\CGiEqDD.exe
  C:\Windows\System\CGiEqDD.exe
  2⤵
  PID:3956
- C:\Windows\System\ECJYtZD.exe
  C:\Windows\System\ECJYtZD.exe
  2⤵
  PID:3972
- C:\Windows\System\bZraFdT.exe
  C:\Windows\System\bZraFdT.exe
  2⤵
  PID:4068
- C:\Windows\System\aZSqxwl.exe
  C:\Windows\System\aZSqxwl.exe
  2⤵
  PID:4052
- C:\Windows\System\GyqsOhM.exe
  C:\Windows\System\GyqsOhM.exe
  2⤵
  PID:872
- C:\Windows\System\bFlfYRX.exe
  C:\Windows\System\bFlfYRX.exe
  2⤵
  PID:2588
- C:\Windows\System\SizuMNL.exe
  C:\Windows\System\SizuMNL.exe
  2⤵
  PID:3164
- C:\Windows\System\PgcPZfJ.exe
  C:\Windows\System\PgcPZfJ.exe
  2⤵
  PID:3244
- C:\Windows\System\TlaAcWU.exe
  C:\Windows\System\TlaAcWU.exe
  2⤵
  PID:3224
- C:\Windows\System\QTmErpu.exe
  C:\Windows\System\QTmErpu.exe
  2⤵
  PID:3456
- C:\Windows\System\wVgBOdU.exe
  C:\Windows\System\wVgBOdU.exe
  2⤵
  PID:3404
- C:\Windows\System\ERJQWUk.exe
  C:\Windows\System\ERJQWUk.exe
  2⤵
  PID:3496
- C:\Windows\System\JGCdxLu.exe
  C:\Windows\System\JGCdxLu.exe
  2⤵
  PID:3676
- C:\Windows\System\TXJYZdg.exe
  C:\Windows\System\TXJYZdg.exe
  2⤵
  PID:3788
- C:\Windows\System\wAPpzxI.exe
  C:\Windows\System\wAPpzxI.exe
  2⤵
  PID:3856
- C:\Windows\System\MKzaIet.exe
  C:\Windows\System\MKzaIet.exe
  2⤵
  PID:2832
- C:\Windows\System\cvLjnNs.exe
  C:\Windows\System\cvLjnNs.exe
  2⤵
  PID:3992
- C:\Windows\System\nXFhhAv.exe
  C:\Windows\System\nXFhhAv.exe
  2⤵
  PID:836
- C:\Windows\System\qLaEZor.exe
  C:\Windows\System\qLaEZor.exe
  2⤵
  PID:1372
- C:\Windows\System\NkbnwVl.exe
  C:\Windows\System\NkbnwVl.exe
  2⤵
  PID:3080
- C:\Windows\System\VGoMzWG.exe
  C:\Windows\System\VGoMzWG.exe
  2⤵
  PID:3092
- C:\Windows\System\KQOorzp.exe
  C:\Windows\System\KQOorzp.exe
  2⤵
  PID:4108
- C:\Windows\System\rFpJgvv.exe
  C:\Windows\System\rFpJgvv.exe
  2⤵
  PID:4128
- C:\Windows\System\MlfXgzE.exe
  C:\Windows\System\MlfXgzE.exe
  2⤵
  PID:4148
- C:\Windows\System\lhiYcky.exe
  C:\Windows\System\lhiYcky.exe
  2⤵
  PID:4168
- C:\Windows\System\EBSRnDP.exe
  C:\Windows\System\EBSRnDP.exe
  2⤵
  PID:4188
- C:\Windows\System\NFmztiW.exe
  C:\Windows\System\NFmztiW.exe
  2⤵
  PID:4208
- C:\Windows\System\XJZnqIK.exe
  C:\Windows\System\XJZnqIK.exe
  2⤵
  PID:4224
- C:\Windows\System\FhySFnG.exe
  C:\Windows\System\FhySFnG.exe
  2⤵
  PID:4248
- C:\Windows\System\etKbblX.exe
  C:\Windows\System\etKbblX.exe
  2⤵
  PID:4264
- C:\Windows\System\fGcnmTw.exe
  C:\Windows\System\fGcnmTw.exe
  2⤵
  PID:4288
- C:\Windows\System\FikFfsQ.exe
  C:\Windows\System\FikFfsQ.exe
  2⤵
  PID:4308
- C:\Windows\System\pamuClc.exe
  C:\Windows\System\pamuClc.exe
  2⤵
  PID:4328
- C:\Windows\System\WgrjAjv.exe
  C:\Windows\System\WgrjAjv.exe
  2⤵
  PID:4348
- C:\Windows\System\nekWrBj.exe
  C:\Windows\System\nekWrBj.exe
  2⤵
  PID:4368
- C:\Windows\System\NzmobFb.exe
  C:\Windows\System\NzmobFb.exe
  2⤵
  PID:4388
- C:\Windows\System\QaVNKVY.exe
  C:\Windows\System\QaVNKVY.exe
  2⤵
  PID:4408
- C:\Windows\System\SYCZbMU.exe
  C:\Windows\System\SYCZbMU.exe
  2⤵
  PID:4428
- C:\Windows\System\ZGqWrvR.exe
  C:\Windows\System\ZGqWrvR.exe
  2⤵
  PID:4448
- C:\Windows\System\JiCjgmd.exe
  C:\Windows\System\JiCjgmd.exe
  2⤵
  PID:4472
- C:\Windows\System\BgFMkZu.exe
  C:\Windows\System\BgFMkZu.exe
  2⤵
  PID:4492
- C:\Windows\System\SusIvTQ.exe
  C:\Windows\System\SusIvTQ.exe
  2⤵
  PID:4508
- C:\Windows\System\zNOKdYQ.exe
  C:\Windows\System\zNOKdYQ.exe
  2⤵
  PID:4532
- C:\Windows\System\UqdjaVH.exe
  C:\Windows\System\UqdjaVH.exe
  2⤵
  PID:4548
- C:\Windows\System\tuOZirr.exe
  C:\Windows\System\tuOZirr.exe
  2⤵
  PID:4572
- C:\Windows\System\FGqTNQQ.exe
  C:\Windows\System\FGqTNQQ.exe
  2⤵
  PID:4588
- C:\Windows\System\iqgyBnH.exe
  C:\Windows\System\iqgyBnH.exe
  2⤵
  PID:4608
- C:\Windows\System\nCrZDjy.exe
  C:\Windows\System\nCrZDjy.exe
  2⤵
  PID:4632
- C:\Windows\System\wsDexXY.exe
  C:\Windows\System\wsDexXY.exe
  2⤵
  PID:4652
- C:\Windows\System\qzzkDRP.exe
  C:\Windows\System\qzzkDRP.exe
  2⤵
  PID:4672
- C:\Windows\System\RFtUfox.exe
  C:\Windows\System\RFtUfox.exe
  2⤵
  PID:4692
- C:\Windows\System\zYFnirE.exe
  C:\Windows\System\zYFnirE.exe
  2⤵
  PID:4712
- C:\Windows\System\sDFZWXC.exe
  C:\Windows\System\sDFZWXC.exe
  2⤵
  PID:4732
- C:\Windows\System\aEJrgbT.exe
  C:\Windows\System\aEJrgbT.exe
  2⤵
  PID:4752
- C:\Windows\System\CmKPIpX.exe
  C:\Windows\System\CmKPIpX.exe
  2⤵
  PID:4768
- C:\Windows\System\dnQTDHa.exe
  C:\Windows\System\dnQTDHa.exe
  2⤵
  PID:4792
- C:\Windows\System\VfyQGxe.exe
  C:\Windows\System\VfyQGxe.exe
  2⤵
  PID:4812
- C:\Windows\System\fEDsBgw.exe
  C:\Windows\System\fEDsBgw.exe
  2⤵
  PID:4832
- C:\Windows\System\CTBJPOU.exe
  C:\Windows\System\CTBJPOU.exe
  2⤵
  PID:4852
- C:\Windows\System\mXCotrZ.exe
  C:\Windows\System\mXCotrZ.exe
  2⤵
  PID:4872
- C:\Windows\System\pnbgkVJ.exe
  C:\Windows\System\pnbgkVJ.exe
  2⤵
  PID:4892
- C:\Windows\System\uVSKnhO.exe
  C:\Windows\System\uVSKnhO.exe
  2⤵
  PID:4912
- C:\Windows\System\mJsrnJt.exe
  C:\Windows\System\mJsrnJt.exe
  2⤵
  PID:4932
- C:\Windows\System\DBvSGUP.exe
  C:\Windows\System\DBvSGUP.exe
  2⤵
  PID:4948
- C:\Windows\System\DoyokhX.exe
  C:\Windows\System\DoyokhX.exe
  2⤵
  PID:4972
- C:\Windows\System\uJrZgmq.exe
  C:\Windows\System\uJrZgmq.exe
  2⤵
  PID:4992
- C:\Windows\System\wrQRMJC.exe
  C:\Windows\System\wrQRMJC.exe
  2⤵
  PID:5008
- C:\Windows\System\XAsDXFE.exe
  C:\Windows\System\XAsDXFE.exe
  2⤵
  PID:5028
- C:\Windows\System\NAkwUDp.exe
  C:\Windows\System\NAkwUDp.exe
  2⤵
  PID:5056
- C:\Windows\System\hMFLVtN.exe
  C:\Windows\System\hMFLVtN.exe
  2⤵
  PID:5076
- C:\Windows\System\kXgtLtO.exe
  C:\Windows\System\kXgtLtO.exe
  2⤵
  PID:5096
- C:\Windows\System\dCrYAzG.exe
  C:\Windows\System\dCrYAzG.exe
  2⤵
  PID:5112
- C:\Windows\System\zKuaSWv.exe
  C:\Windows\System\zKuaSWv.exe
  2⤵
  PID:3528
- C:\Windows\System\lMDrqMn.exe
  C:\Windows\System\lMDrqMn.exe
  2⤵
  PID:3732
- C:\Windows\System\IzWFppa.exe
  C:\Windows\System\IzWFppa.exe
  2⤵
  PID:3808
- C:\Windows\System\pnrLWna.exe
  C:\Windows\System\pnrLWna.exe
  2⤵
  PID:3852
- C:\Windows\System\FWbZqQW.exe
  C:\Windows\System\FWbZqQW.exe
  2⤵
  PID:468
- C:\Windows\System\GJLJEIs.exe
  C:\Windows\System\GJLJEIs.exe
  2⤵
  PID:3184
- C:\Windows\System\pMbCzki.exe
  C:\Windows\System\pMbCzki.exe
  2⤵
  PID:4116
- C:\Windows\System\pZLZfzB.exe
  C:\Windows\System\pZLZfzB.exe
  2⤵
  PID:4136
- C:\Windows\System\ZcgEIJw.exe
  C:\Windows\System\ZcgEIJw.exe
  2⤵
  PID:4160
- C:\Windows\System\TyqFJxu.exe
  C:\Windows\System\TyqFJxu.exe
  2⤵
  PID:4196
- C:\Windows\System\KpKptDv.exe
  C:\Windows\System\KpKptDv.exe
  2⤵
  PID:4236
- C:\Windows\System\LXCHiqM.exe
  C:\Windows\System\LXCHiqM.exe
  2⤵
  PID:4256
- C:\Windows\System\vMOXEFO.exe
  C:\Windows\System\vMOXEFO.exe
  2⤵
  PID:4296
- C:\Windows\System\cfCnqnm.exe
  C:\Windows\System\cfCnqnm.exe
  2⤵
  PID:4300
- C:\Windows\System\KBrCbDa.exe
  C:\Windows\System\KBrCbDa.exe
  2⤵
  PID:4344
- C:\Windows\System\yqCWxTX.exe
  C:\Windows\System\yqCWxTX.exe
  2⤵
  PID:4376
- C:\Windows\System\baIJmUg.exe
  C:\Windows\System\baIJmUg.exe
  2⤵
  PID:4416
- C:\Windows\System\lwQCgkz.exe
  C:\Windows\System\lwQCgkz.exe
  2⤵
  PID:4480
- C:\Windows\System\zdeIlMt.exe
  C:\Windows\System\zdeIlMt.exe
  2⤵
  PID:4500
- C:\Windows\System\PvyCjYR.exe
  C:\Windows\System\PvyCjYR.exe
  2⤵
  PID:4528
- C:\Windows\System\irVbyxG.exe
  C:\Windows\System\irVbyxG.exe
  2⤵
  PID:4568
- C:\Windows\System\YyziHbh.exe
  C:\Windows\System\YyziHbh.exe
  2⤵
  PID:4616
- C:\Windows\System\sNQOZlc.exe
  C:\Windows\System\sNQOZlc.exe
  2⤵
  PID:4628
- C:\Windows\System\mdELZmf.exe
  C:\Windows\System\mdELZmf.exe
  2⤵
  PID:4668
- C:\Windows\System\VLqybSc.exe
  C:\Windows\System\VLqybSc.exe
  2⤵
  PID:4720
- C:\Windows\System\tETEmZl.exe
  C:\Windows\System\tETEmZl.exe
  2⤵
  PID:4740
- C:\Windows\System\NsRnkin.exe
  C:\Windows\System\NsRnkin.exe
  2⤵
  PID:4764
- C:\Windows\System\XcqQHcs.exe
  C:\Windows\System\XcqQHcs.exe
  2⤵
  PID:4808
- C:\Windows\System\ButxIGV.exe
  C:\Windows\System\ButxIGV.exe
  2⤵
  PID:4840
- C:\Windows\System\iRpVrrq.exe
  C:\Windows\System\iRpVrrq.exe
  2⤵
  PID:4880
- C:\Windows\System\wwAgJpP.exe
  C:\Windows\System\wwAgJpP.exe
  2⤵
  PID:4920
- C:\Windows\System\gzqZFSr.exe
  C:\Windows\System\gzqZFSr.exe
  2⤵
  PID:4924
- C:\Windows\System\OyDVInT.exe
  C:\Windows\System\OyDVInT.exe
  2⤵
  PID:4968
- C:\Windows\System\pJYZtRV.exe
  C:\Windows\System\pJYZtRV.exe
  2⤵
  PID:4984
- C:\Windows\System\lBaWTvq.exe
  C:\Windows\System\lBaWTvq.exe
  2⤵
  PID:5020
- C:\Windows\System\UzHPGBi.exe
  C:\Windows\System\UzHPGBi.exe
  2⤵
  PID:5064
- C:\Windows\System\tvhkxJd.exe
  C:\Windows\System\tvhkxJd.exe
  2⤵
  PID:5088
- C:\Windows\System\IoxKFsW.exe
  C:\Windows\System\IoxKFsW.exe
  2⤵
  PID:3448
- C:\Windows\System\GxUlkOB.exe
  C:\Windows\System\GxUlkOB.exe
  2⤵
  PID:3536
- C:\Windows\System\aixINPy.exe
  C:\Windows\System\aixINPy.exe
  2⤵
  PID:4036
- C:\Windows\System\cPAwyrk.exe
  C:\Windows\System\cPAwyrk.exe
  2⤵
  PID:3624
- C:\Windows\System\rjNEhzU.exe
  C:\Windows\System\rjNEhzU.exe
  2⤵
  PID:4164
- C:\Windows\System\deibMRW.exe
  C:\Windows\System\deibMRW.exe
  2⤵
  PID:4100
- C:\Windows\System\iXuiKqh.exe
  C:\Windows\System\iXuiKqh.exe
  2⤵
  PID:4176
- C:\Windows\System\ovJFKAS.exe
  C:\Windows\System\ovJFKAS.exe
  2⤵
  PID:5024
- C:\Windows\System\KRTiqiv.exe
  C:\Windows\System\KRTiqiv.exe
  2⤵
  PID:4384
- C:\Windows\System\WzazJPA.exe
  C:\Windows\System\WzazJPA.exe
  2⤵
  PID:4324
- C:\Windows\System\fIAcRfi.exe
  C:\Windows\System\fIAcRfi.exe
  2⤵
  PID:4440
- C:\Windows\System\XlJgiDc.exe
  C:\Windows\System\XlJgiDc.exe
  2⤵
  PID:4488
- C:\Windows\System\jCZWmeE.exe
  C:\Windows\System\jCZWmeE.exe
  2⤵
  PID:4544
- C:\Windows\System\ahcjKom.exe
  C:\Windows\System\ahcjKom.exe
  2⤵
  PID:4624
- C:\Windows\System\pwDAiDN.exe
  C:\Windows\System\pwDAiDN.exe
  2⤵
  PID:4688
- C:\Windows\System\SoaLCwk.exe
  C:\Windows\System\SoaLCwk.exe
  2⤵
  PID:4748
- C:\Windows\System\YSDPUQZ.exe
  C:\Windows\System\YSDPUQZ.exe
  2⤵
  PID:4704
- C:\Windows\System\CSpbFfW.exe
  C:\Windows\System\CSpbFfW.exe
  2⤵
  PID:4776
- C:\Windows\System\LSelnJe.exe
  C:\Windows\System\LSelnJe.exe
  2⤵
  PID:4824
- C:\Windows\System\mAmilJw.exe
  C:\Windows\System\mAmilJw.exe
  2⤵
  PID:4960
- C:\Windows\System\feCuMmO.exe
  C:\Windows\System\feCuMmO.exe
  2⤵
  PID:2704
- C:\Windows\System\NpGIxjn.exe
  C:\Windows\System\NpGIxjn.exe
  2⤵
  PID:5000
- C:\Windows\System\OpdftVn.exe
  C:\Windows\System\OpdftVn.exe
  2⤵
  PID:5044
- C:\Windows\System\fmWlRTq.exe
  C:\Windows\System\fmWlRTq.exe
  2⤵
  PID:3344
- C:\Windows\System\sjGQwuS.exe
  C:\Windows\System\sjGQwuS.exe
  2⤵
  PID:2340
- C:\Windows\System\fNYGPxi.exe
  C:\Windows\System\fNYGPxi.exe
  2⤵
  PID:3384
- C:\Windows\System\ZvYZywu.exe
  C:\Windows\System\ZvYZywu.exe
  2⤵
  PID:4180
- C:\Windows\System\ZxZioei.exe
  C:\Windows\System\ZxZioei.exe
  2⤵
  PID:4280
- C:\Windows\System\HPHRFGc.exe
  C:\Windows\System\HPHRFGc.exe
  2⤵
  PID:4364
- C:\Windows\System\Yxlyzfg.exe
  C:\Windows\System\Yxlyzfg.exe
  2⤵
  PID:4400
- C:\Windows\System\NCJdhqq.exe
  C:\Windows\System\NCJdhqq.exe
  2⤵
  PID:5132
- C:\Windows\System\FPqeKSS.exe
  C:\Windows\System\FPqeKSS.exe
  2⤵
  PID:5152
- C:\Windows\System\FrGCNdy.exe
  C:\Windows\System\FrGCNdy.exe
  2⤵
  PID:5172
- C:\Windows\System\YdaGWbU.exe
  C:\Windows\System\YdaGWbU.exe
  2⤵
  PID:5192
- C:\Windows\System\yfIZEuY.exe
  C:\Windows\System\yfIZEuY.exe
  2⤵
  PID:5212
- C:\Windows\System\VuxjMBo.exe
  C:\Windows\System\VuxjMBo.exe
  2⤵
  PID:5232
- C:\Windows\System\tCWMkpu.exe
  C:\Windows\System\tCWMkpu.exe
  2⤵
  PID:5256
- C:\Windows\System\yREHMpu.exe
  C:\Windows\System\yREHMpu.exe
  2⤵
  PID:5276
- C:\Windows\System\IgtpIOI.exe
  C:\Windows\System\IgtpIOI.exe
  2⤵
  PID:5292
- C:\Windows\System\GiZTYpS.exe
  C:\Windows\System\GiZTYpS.exe
  2⤵
  PID:5316
- C:\Windows\System\bFDLkEa.exe
  C:\Windows\System\bFDLkEa.exe
  2⤵
  PID:5336
- C:\Windows\System\rbVCCjC.exe
  C:\Windows\System\rbVCCjC.exe
  2⤵
  PID:5356
- C:\Windows\System\AySNQAQ.exe
  C:\Windows\System\AySNQAQ.exe
  2⤵
  PID:5376
- C:\Windows\System\XktgAws.exe
  C:\Windows\System\XktgAws.exe
  2⤵
  PID:5392
- C:\Windows\System\oalqSGP.exe
  C:\Windows\System\oalqSGP.exe
  2⤵
  PID:5416
- C:\Windows\System\pJvGbhL.exe
  C:\Windows\System\pJvGbhL.exe
  2⤵
  PID:5436
- C:\Windows\System\OfLDUIK.exe
  C:\Windows\System\OfLDUIK.exe
  2⤵
  PID:5456
- C:\Windows\System\YEJhixS.exe
  C:\Windows\System\YEJhixS.exe
  2⤵
  PID:5476
- C:\Windows\System\uDCdWba.exe
  C:\Windows\System\uDCdWba.exe
  2⤵
  PID:5496
- C:\Windows\System\HlcsHfi.exe
  C:\Windows\System\HlcsHfi.exe
  2⤵
  PID:5516
- C:\Windows\System\MHlektV.exe
  C:\Windows\System\MHlektV.exe
  2⤵
  PID:5536
- C:\Windows\System\fWOSJvO.exe
  C:\Windows\System\fWOSJvO.exe
  2⤵
  PID:5560
- C:\Windows\System\PxnjzzT.exe
  C:\Windows\System\PxnjzzT.exe
  2⤵
  PID:5580
- C:\Windows\System\ySUZGhe.exe
  C:\Windows\System\ySUZGhe.exe
  2⤵
  PID:5600
- C:\Windows\System\TmErvGu.exe
  C:\Windows\System\TmErvGu.exe
  2⤵
  PID:5620
- C:\Windows\System\tNbTrkh.exe
  C:\Windows\System\tNbTrkh.exe
  2⤵
  PID:5640
- C:\Windows\System\TOUmBuC.exe
  C:\Windows\System\TOUmBuC.exe
  2⤵
  PID:5660
- C:\Windows\System\hnqJeqF.exe
  C:\Windows\System\hnqJeqF.exe
  2⤵
  PID:5680
- C:\Windows\System\rdwhLhU.exe
  C:\Windows\System\rdwhLhU.exe
  2⤵
  PID:5700
- C:\Windows\System\tyrRoAB.exe
  C:\Windows\System\tyrRoAB.exe
  2⤵
  PID:5720
- C:\Windows\System\XvkcMnv.exe
  C:\Windows\System\XvkcMnv.exe
  2⤵
  PID:5740
- C:\Windows\System\jMXTXgb.exe
  C:\Windows\System\jMXTXgb.exe
  2⤵
  PID:5760
- C:\Windows\System\zFsudLi.exe
  C:\Windows\System\zFsudLi.exe
  2⤵
  PID:5780
- C:\Windows\System\ybEsZES.exe
  C:\Windows\System\ybEsZES.exe
  2⤵
  PID:5800
- C:\Windows\System\LpomTNW.exe
  C:\Windows\System\LpomTNW.exe
  2⤵
  PID:5820
- C:\Windows\System\XVnaQFY.exe
  C:\Windows\System\XVnaQFY.exe
  2⤵
  PID:5840
- C:\Windows\System\RjpwZZN.exe
  C:\Windows\System\RjpwZZN.exe
  2⤵
  PID:5860
- C:\Windows\System\HsUtmzB.exe
  C:\Windows\System\HsUtmzB.exe
  2⤵
  PID:5880
- C:\Windows\System\GsfOalL.exe
  C:\Windows\System\GsfOalL.exe
  2⤵
  PID:5900
- C:\Windows\System\ZCAjEbX.exe
  C:\Windows\System\ZCAjEbX.exe
  2⤵
  PID:5920
- C:\Windows\System\AtvjCsb.exe
  C:\Windows\System\AtvjCsb.exe
  2⤵
  PID:5940
- C:\Windows\System\BqXptXd.exe
  C:\Windows\System\BqXptXd.exe
  2⤵
  PID:5964
- C:\Windows\System\blbWnWH.exe
  C:\Windows\System\blbWnWH.exe
  2⤵
  PID:5984
- C:\Windows\System\wGJnWFf.exe
  C:\Windows\System\wGJnWFf.exe
  2⤵
  PID:6004
- C:\Windows\System\NokBqFt.exe
  C:\Windows\System\NokBqFt.exe
  2⤵
  PID:6024
- C:\Windows\System\kYTTONy.exe
  C:\Windows\System\kYTTONy.exe
  2⤵
  PID:6044
- C:\Windows\System\NKRjIbR.exe
  C:\Windows\System\NKRjIbR.exe
  2⤵
  PID:6064
- C:\Windows\System\eqYlzPc.exe
  C:\Windows\System\eqYlzPc.exe
  2⤵
  PID:6084
- C:\Windows\System\ePjvXXu.exe
  C:\Windows\System\ePjvXXu.exe
  2⤵
  PID:6104
- C:\Windows\System\EdTLuVR.exe
  C:\Windows\System\EdTLuVR.exe
  2⤵
  PID:6124
- C:\Windows\System\GCixrBP.exe
  C:\Windows\System\GCixrBP.exe
  2⤵
  PID:4556
- C:\Windows\System\kVsqAxk.exe
  C:\Windows\System\kVsqAxk.exe
  2⤵
  PID:4560
- C:\Windows\System\eGWoevn.exe
  C:\Windows\System\eGWoevn.exe
  2⤵
  PID:4660
- C:\Windows\System\cmBGbiS.exe
  C:\Windows\System\cmBGbiS.exe
  2⤵
  PID:4760
- C:\Windows\System\hhfpbqL.exe
  C:\Windows\System\hhfpbqL.exe
  2⤵
  PID:4888
- C:\Windows\System\njRoBXE.exe
  C:\Windows\System\njRoBXE.exe
  2⤵
  PID:5004
- C:\Windows\System\wUtRPlI.exe
  C:\Windows\System\wUtRPlI.exe
  2⤵
  PID:4000
- C:\Windows\System\SXemgMm.exe
  C:\Windows\System\SXemgMm.exe
  2⤵
  PID:5108
- C:\Windows\System\jdDtNNj.exe
  C:\Windows\System\jdDtNNj.exe
  2⤵
  PID:4144
- C:\Windows\System\xRzziwz.exe
  C:\Windows\System\xRzziwz.exe
  2⤵
  PID:4204
- C:\Windows\System\QENCJgw.exe
  C:\Windows\System\QENCJgw.exe
  2⤵
  PID:4336
- C:\Windows\System\Kujaqyb.exe
  C:\Windows\System\Kujaqyb.exe
  2⤵
  PID:4468
- C:\Windows\System\YPyuDou.exe
  C:\Windows\System\YPyuDou.exe
  2⤵
  PID:5128
- C:\Windows\System\MyRnSnM.exe
  C:\Windows\System\MyRnSnM.exe
  2⤵
  PID:5164
- C:\Windows\System\nwelhFm.exe
  C:\Windows\System\nwelhFm.exe
  2⤵
  PID:5228
- C:\Windows\System\GHmMoyx.exe
  C:\Windows\System\GHmMoyx.exe
  2⤵
  PID:5248
- C:\Windows\System\YYzYzXp.exe
  C:\Windows\System\YYzYzXp.exe
  2⤵
  PID:5308
- C:\Windows\System\JQVNmqA.exe
  C:\Windows\System\JQVNmqA.exe
  2⤵
  PID:5352
- C:\Windows\System\wZCGcbj.exe
  C:\Windows\System\wZCGcbj.exe
  2⤵
  PID:2684
- C:\Windows\System\PSVedwa.exe
  C:\Windows\System\PSVedwa.exe
  2⤵
  PID:5368
- C:\Windows\System\dkcKQkr.exe
  C:\Windows\System\dkcKQkr.exe
  2⤵
  PID:5432
- C:\Windows\System\XCWhlMV.exe
  C:\Windows\System\XCWhlMV.exe
  2⤵
  PID:5464
- C:\Windows\System\fWrVKms.exe
  C:\Windows\System\fWrVKms.exe
  2⤵
  PID:5484
- C:\Windows\System\RrSEhCc.exe
  C:\Windows\System\RrSEhCc.exe
  2⤵
  PID:5508
- C:\Windows\System\GURHITx.exe
  C:\Windows\System\GURHITx.exe
  2⤵
  PID:5528
- C:\Windows\System\STWxtWQ.exe
  C:\Windows\System\STWxtWQ.exe
  2⤵
  PID:5576
- C:\Windows\System\umDUZeF.exe
  C:\Windows\System\umDUZeF.exe
  2⤵
  PID:5608
- C:\Windows\System\wYEyuLx.exe
  C:\Windows\System\wYEyuLx.exe
  2⤵
  PID:5648
- C:\Windows\System\ZQFowyd.exe
  C:\Windows\System\ZQFowyd.exe
  2⤵
  PID:5688
- C:\Windows\System\vodxaHV.exe
  C:\Windows\System\vodxaHV.exe
  2⤵
  PID:5712
- C:\Windows\System\OteTRMQ.exe
  C:\Windows\System\OteTRMQ.exe
  2⤵
  PID:5756
- C:\Windows\System\JJqzfbh.exe
  C:\Windows\System\JJqzfbh.exe
  2⤵
  PID:5796
- C:\Windows\System\YvBluRl.exe
  C:\Windows\System\YvBluRl.exe
  2⤵
  PID:5816
- C:\Windows\System\waXwSFZ.exe
  C:\Windows\System\waXwSFZ.exe
  2⤵
  PID:5868
- C:\Windows\System\plfKaya.exe
  C:\Windows\System\plfKaya.exe
  2⤵
  PID:5888
- C:\Windows\System\UqobLHV.exe
  C:\Windows\System\UqobLHV.exe
  2⤵
  PID:5916
- C:\Windows\System\XhVCpVn.exe
  C:\Windows\System\XhVCpVn.exe
  2⤵
  PID:5932
- C:\Windows\System\jbXLGNY.exe
  C:\Windows\System\jbXLGNY.exe
  2⤵
  PID:5972
- C:\Windows\System\NBWAHEN.exe
  C:\Windows\System\NBWAHEN.exe
  2⤵
  PID:6012
- C:\Windows\System\CQdEtgt.exe
  C:\Windows\System\CQdEtgt.exe
  2⤵
  PID:6052
- C:\Windows\System\ASATlYG.exe
  C:\Windows\System\ASATlYG.exe
  2⤵
  PID:6076
- C:\Windows\System\wYbsTXJ.exe
  C:\Windows\System\wYbsTXJ.exe
  2⤵
  PID:6120
- C:\Windows\System\ypupgdh.exe
  C:\Windows\System\ypupgdh.exe
  2⤵
  PID:6132
- C:\Windows\System\vbHcUeM.exe
  C:\Windows\System\vbHcUeM.exe
  2⤵
  PID:4684
- C:\Windows\System\beXybVG.exe
  C:\Windows\System\beXybVG.exe
  2⤵
  PID:4828
- C:\Windows\System\tHuhCir.exe
  C:\Windows\System\tHuhCir.exe
  2⤵
  PID:4944
- C:\Windows\System\QNBDtSH.exe
  C:\Windows\System\QNBDtSH.exe
  2⤵
  PID:5016
- C:\Windows\System\GaoIQFb.exe
  C:\Windows\System\GaoIQFb.exe
  2⤵
  PID:4216
- C:\Windows\System\qvtSTgy.exe
  C:\Windows\System\qvtSTgy.exe
  2⤵
  PID:4484
- C:\Windows\System\nnEOInE.exe
  C:\Windows\System\nnEOInE.exe
  2⤵
  PID:5188
- C:\Windows\System\RbCtcZb.exe
  C:\Windows\System\RbCtcZb.exe
  2⤵
  PID:5208
- C:\Windows\System\MTvhXKP.exe
  C:\Windows\System\MTvhXKP.exe
  2⤵
  PID:2836
- C:\Windows\System\oSvzQDv.exe
  C:\Windows\System\oSvzQDv.exe
  2⤵
  PID:2784
- C:\Windows\System\mjXEKLD.exe
  C:\Windows\System\mjXEKLD.exe
  2⤵
  PID:5328
- C:\Windows\System\AcObjdL.exe
  C:\Windows\System\AcObjdL.exe
  2⤵
  PID:5408
- C:\Windows\System\Khinlfr.exe
  C:\Windows\System\Khinlfr.exe
  2⤵
  PID:5468
- C:\Windows\System\ghzvSkS.exe
  C:\Windows\System\ghzvSkS.exe
  2⤵
  PID:2788
- C:\Windows\System\BaYRUuf.exe
  C:\Windows\System\BaYRUuf.exe
  2⤵
  PID:5592
- C:\Windows\System\DYZjIwz.exe
  C:\Windows\System\DYZjIwz.exe
  2⤵
  PID:5628
- C:\Windows\System\DwVECqy.exe
  C:\Windows\System\DwVECqy.exe
  2⤵
  PID:5716
- C:\Windows\System\NMluugP.exe
  C:\Windows\System\NMluugP.exe
  2⤵
  PID:5788
- C:\Windows\System\OrxAWIN.exe
  C:\Windows\System\OrxAWIN.exe
  2⤵
  PID:5792
- C:\Windows\System\dsSUouw.exe
  C:\Windows\System\dsSUouw.exe
  2⤵
  PID:5848
- C:\Windows\System\BiMnArp.exe
  C:\Windows\System\BiMnArp.exe
  2⤵
  PID:5896
- C:\Windows\System\UvmfFDp.exe
  C:\Windows\System\UvmfFDp.exe
  2⤵
  PID:5936
- C:\Windows\System\cRjLaCg.exe
  C:\Windows\System\cRjLaCg.exe
  2⤵
  PID:5996
- C:\Windows\System\SmeIafQ.exe
  C:\Windows\System\SmeIafQ.exe
  2⤵
  PID:6060
- C:\Windows\System\PBvBpiC.exe
  C:\Windows\System\PBvBpiC.exe
  2⤵
  PID:6112
- C:\Windows\System\WVzGnNB.exe
  C:\Windows\System\WVzGnNB.exe
  2⤵
  PID:4804
- C:\Windows\System\YEihCIv.exe
  C:\Windows\System\YEihCIv.exe
  2⤵
  PID:4864
- C:\Windows\System\nVQxWha.exe
  C:\Windows\System\nVQxWha.exe
  2⤵
  PID:4980
- C:\Windows\System\ZEnVwPd.exe
  C:\Windows\System\ZEnVwPd.exe
  2⤵
  PID:4260
- C:\Windows\System\qDyKNVa.exe
  C:\Windows\System\qDyKNVa.exe
  2⤵
  PID:5180
- C:\Windows\System\JzpJajV.exe
  C:\Windows\System\JzpJajV.exe
  2⤵
  PID:5204
- C:\Windows\System\vJIsbwq.exe
  C:\Windows\System\vJIsbwq.exe
  2⤵
  PID:5268
- C:\Windows\System\wYInIxp.exe
  C:\Windows\System\wYInIxp.exe
  2⤵
  PID:5424
- C:\Windows\System\nttduam.exe
  C:\Windows\System\nttduam.exe
  2⤵
  PID:5428
- C:\Windows\System\lrSBnYA.exe
  C:\Windows\System\lrSBnYA.exe
  2⤵
  PID:5488
- C:\Windows\System\XGWslLI.exe
  C:\Windows\System\XGWslLI.exe
  2⤵
  PID:5692
- C:\Windows\System\vmvrkcU.exe
  C:\Windows\System\vmvrkcU.exe
  2⤵
  PID:2756
- C:\Windows\System\zFoTgXm.exe
  C:\Windows\System\zFoTgXm.exe
  2⤵
  PID:5856
- C:\Windows\System\DVSWZsE.exe
  C:\Windows\System\DVSWZsE.exe
  2⤵
  PID:5948
- C:\Windows\System\NTtnlFA.exe
  C:\Windows\System\NTtnlFA.exe
  2⤵
  PID:5956
- C:\Windows\System\LULOenw.exe
  C:\Windows\System\LULOenw.exe
  2⤵
  PID:6040
- C:\Windows\System\rPzKnsG.exe
  C:\Windows\System\rPzKnsG.exe
  2⤵
  PID:4724
- C:\Windows\System\buSEkRq.exe
  C:\Windows\System\buSEkRq.exe
  2⤵
  PID:4104
- C:\Windows\System\AiMtwZf.exe
  C:\Windows\System\AiMtwZf.exe
  2⤵
  PID:4940
- C:\Windows\System\gszNYay.exe
  C:\Windows\System\gszNYay.exe
  2⤵
  PID:5400
- C:\Windows\System\ZpFsCEI.exe
  C:\Windows\System\ZpFsCEI.exe
  2⤵
  PID:5344
- C:\Windows\System\sAqytlG.exe
  C:\Windows\System\sAqytlG.exe
  2⤵
  PID:5412
- C:\Windows\System\IFBtFqw.exe
  C:\Windows\System\IFBtFqw.exe
  2⤵
  PID:5596
- C:\Windows\System\cJrGYqD.exe
  C:\Windows\System\cJrGYqD.exe
  2⤵
  PID:2180
- C:\Windows\System\BJElePE.exe
  C:\Windows\System\BJElePE.exe
  2⤵
  PID:6156
- C:\Windows\System\WGJwESF.exe
  C:\Windows\System\WGJwESF.exe
  2⤵
  PID:6180
- C:\Windows\System\QAZqaTv.exe
  C:\Windows\System\QAZqaTv.exe
  2⤵
  PID:6200
- C:\Windows\System\zxFxuSL.exe
  C:\Windows\System\zxFxuSL.exe
  2⤵
  PID:6224
- C:\Windows\System\iTSCkog.exe
  C:\Windows\System\iTSCkog.exe
  2⤵
  PID:6244
- C:\Windows\System\YhGXJiF.exe
  C:\Windows\System\YhGXJiF.exe
  2⤵
  PID:6264
- C:\Windows\System\jXLeOJW.exe
  C:\Windows\System\jXLeOJW.exe
  2⤵
  PID:6280
- C:\Windows\System\yUGIFbV.exe
  C:\Windows\System\yUGIFbV.exe
  2⤵
  PID:6304
- C:\Windows\System\oJbOuGY.exe
  C:\Windows\System\oJbOuGY.exe
  2⤵
  PID:6324
- C:\Windows\System\pIoWNoZ.exe
  C:\Windows\System\pIoWNoZ.exe
  2⤵
  PID:6344
- C:\Windows\System\GiLEvti.exe
  C:\Windows\System\GiLEvti.exe
  2⤵
  PID:6364
- C:\Windows\System\HbZXRyj.exe
  C:\Windows\System\HbZXRyj.exe
  2⤵
  PID:6384
- C:\Windows\System\llSdsXp.exe
  C:\Windows\System\llSdsXp.exe
  2⤵
  PID:6404
- C:\Windows\System\dGmGNEm.exe
  C:\Windows\System\dGmGNEm.exe
  2⤵
  PID:6424
- C:\Windows\System\eCBJLzE.exe
  C:\Windows\System\eCBJLzE.exe
  2⤵
  PID:6444
- C:\Windows\System\qOiJcfc.exe
  C:\Windows\System\qOiJcfc.exe
  2⤵
  PID:6464
- C:\Windows\System\ovNeOPW.exe
  C:\Windows\System\ovNeOPW.exe
  2⤵
  PID:6484
- C:\Windows\System\XNekyef.exe
  C:\Windows\System\XNekyef.exe
  2⤵
  PID:6504
- C:\Windows\System\nvEnqgF.exe
  C:\Windows\System\nvEnqgF.exe
  2⤵
  PID:6524
- C:\Windows\System\jGWttXf.exe
  C:\Windows\System\jGWttXf.exe
  2⤵
  PID:6544
- C:\Windows\System\pDPHlxA.exe
  C:\Windows\System\pDPHlxA.exe
  2⤵
  PID:6564
- C:\Windows\System\VDBpHZZ.exe
  C:\Windows\System\VDBpHZZ.exe
  2⤵
  PID:6584
- C:\Windows\System\BSHOQGs.exe
  C:\Windows\System\BSHOQGs.exe
  2⤵
  PID:6604
- C:\Windows\System\fzijAZS.exe
  C:\Windows\System\fzijAZS.exe
  2⤵
  PID:6624
- C:\Windows\System\XvPzawE.exe
  C:\Windows\System\XvPzawE.exe
  2⤵
  PID:6644
- C:\Windows\System\euXtuNG.exe
  C:\Windows\System\euXtuNG.exe
  2⤵
  PID:6664
- C:\Windows\System\estSXzb.exe
  C:\Windows\System\estSXzb.exe
  2⤵
  PID:6684
- C:\Windows\System\jPScPFl.exe
  C:\Windows\System\jPScPFl.exe
  2⤵
  PID:6704
- C:\Windows\System\pVBQjMT.exe
  C:\Windows\System\pVBQjMT.exe
  2⤵
  PID:6724
- C:\Windows\System\jcFWBfE.exe
  C:\Windows\System\jcFWBfE.exe
  2⤵
  PID:6744
- C:\Windows\System\OLgSwRg.exe
  C:\Windows\System\OLgSwRg.exe
  2⤵
  PID:6764
- C:\Windows\System\sTtUmDS.exe
  C:\Windows\System\sTtUmDS.exe
  2⤵
  PID:6784
- C:\Windows\System\sbQIwUX.exe
  C:\Windows\System\sbQIwUX.exe
  2⤵
  PID:6800
- C:\Windows\System\mrvonWx.exe
  C:\Windows\System\mrvonWx.exe
  2⤵
  PID:6828
- C:\Windows\System\zuUUNdg.exe
  C:\Windows\System\zuUUNdg.exe
  2⤵
  PID:6848
- C:\Windows\System\fubUZXt.exe
  C:\Windows\System\fubUZXt.exe
  2⤵
  PID:6868
- C:\Windows\System\OmzKQrF.exe
  C:\Windows\System\OmzKQrF.exe
  2⤵
  PID:6888
- C:\Windows\System\rTowtjM.exe
  C:\Windows\System\rTowtjM.exe
  2⤵
  PID:6908
- C:\Windows\System\hdgIFkA.exe
  C:\Windows\System\hdgIFkA.exe
  2⤵
  PID:6928
- C:\Windows\System\xZFXfZW.exe
  C:\Windows\System\xZFXfZW.exe
  2⤵
  PID:6948
- C:\Windows\System\tOyubEM.exe
  C:\Windows\System\tOyubEM.exe
  2⤵
  PID:6968
- C:\Windows\System\SEHfyrq.exe
  C:\Windows\System\SEHfyrq.exe
  2⤵
  PID:6988
- C:\Windows\System\lPXBcoB.exe
  C:\Windows\System\lPXBcoB.exe
  2⤵
  PID:7008
- C:\Windows\System\ooeLfvH.exe
  C:\Windows\System\ooeLfvH.exe
  2⤵
  PID:7028
- C:\Windows\System\lJSBKDV.exe
  C:\Windows\System\lJSBKDV.exe
  2⤵
  PID:7048
- C:\Windows\System\bSDqlmE.exe
  C:\Windows\System\bSDqlmE.exe
  2⤵
  PID:7068
- C:\Windows\System\qpAbTHr.exe
  C:\Windows\System\qpAbTHr.exe
  2⤵
  PID:7088
- C:\Windows\System\hnEQugL.exe
  C:\Windows\System\hnEQugL.exe
  2⤵
  PID:7112
- C:\Windows\System\YROTmnP.exe
  C:\Windows\System\YROTmnP.exe
  2⤵
  PID:7132
- C:\Windows\System\pzRUnHH.exe
  C:\Windows\System\pzRUnHH.exe
  2⤵
  PID:7152
- C:\Windows\System\pzxxOJn.exe
  C:\Windows\System\pzxxOJn.exe
  2⤵
  PID:5808
- C:\Windows\System\rNxOmLd.exe
  C:\Windows\System\rNxOmLd.exe
  2⤵
  PID:5748
- C:\Windows\System\fSayLwS.exe
  C:\Windows\System\fSayLwS.exe
  2⤵
  PID:6056
- C:\Windows\System\dnTqNiG.exe
  C:\Windows\System\dnTqNiG.exe
  2⤵
  PID:4744
- C:\Windows\System\jFtgVpx.exe
  C:\Windows\System\jFtgVpx.exe
  2⤵
  PID:4956
- C:\Windows\System\RvNePqM.exe
  C:\Windows\System\RvNePqM.exe
  2⤵
  PID:5532
- C:\Windows\System\QkUFnbe.exe
  C:\Windows\System\QkUFnbe.exe
  2⤵
  PID:2964
- C:\Windows\System\cxiXJPf.exe
  C:\Windows\System\cxiXJPf.exe
  2⤵
  PID:5652
- C:\Windows\System\nHwfHFO.exe
  C:\Windows\System\nHwfHFO.exe
  2⤵
  PID:6176
- C:\Windows\System\TAGrGun.exe
  C:\Windows\System\TAGrGun.exe
  2⤵
  PID:6188
- C:\Windows\System\UfNuaGd.exe
  C:\Windows\System\UfNuaGd.exe
  2⤵
  PID:6212
- C:\Windows\System\XPZqUIq.exe
  C:\Windows\System\XPZqUIq.exe
  2⤵
  PID:6260
- C:\Windows\System\nMIeuIv.exe
  C:\Windows\System\nMIeuIv.exe
  2⤵
  PID:6272
- C:\Windows\System\LwCFCpH.exe
  C:\Windows\System\LwCFCpH.exe
  2⤵
  PID:6340
- C:\Windows\System\iDXQEfo.exe
  C:\Windows\System\iDXQEfo.exe
  2⤵
  PID:6352
- C:\Windows\System\ctNgskx.exe
  C:\Windows\System\ctNgskx.exe
  2⤵
  PID:6392
- C:\Windows\System\JlzzzSL.exe
  C:\Windows\System\JlzzzSL.exe
  2⤵
  PID:2128
- C:\Windows\System\RtANYvk.exe
  C:\Windows\System\RtANYvk.exe
  2⤵
  PID:6440
- C:\Windows\System\tfPrRha.exe
  C:\Windows\System\tfPrRha.exe
  2⤵
  PID:6500
- C:\Windows\System\ZmXpgjO.exe
  C:\Windows\System\ZmXpgjO.exe
  2⤵
  PID:6532
- C:\Windows\System\pMjzMpq.exe
  C:\Windows\System\pMjzMpq.exe
  2⤵
  PID:6560
- C:\Windows\System\XkDfjiC.exe
  C:\Windows\System\XkDfjiC.exe
  2⤵
  PID:6576
- C:\Windows\System\skQqgvO.exe
  C:\Windows\System\skQqgvO.exe
  2⤵
  PID:6600
- C:\Windows\System\CpaSJLh.exe
  C:\Windows\System\CpaSJLh.exe
  2⤵
  PID:6640
- C:\Windows\System\IlrTMqb.exe
  C:\Windows\System\IlrTMqb.exe
  2⤵
  PID:6636
- C:\Windows\System\wFGefVV.exe
  C:\Windows\System\wFGefVV.exe
  2⤵
  PID:6676
- C:\Windows\System\aRgwwAU.exe
  C:\Windows\System\aRgwwAU.exe
  2⤵
  PID:6732
- C:\Windows\System\ULZbSxs.exe
  C:\Windows\System\ULZbSxs.exe
  2⤵
  PID:6740
- C:\Windows\System\ZaVGYSj.exe
  C:\Windows\System\ZaVGYSj.exe
  2⤵
  PID:6772
- C:\Windows\System\QrkYkwi.exe
  C:\Windows\System\QrkYkwi.exe
  2⤵
  PID:6776
- C:\Windows\System\kGylpkU.exe
  C:\Windows\System\kGylpkU.exe
  2⤵
  PID:6820
- C:\Windows\System\egHuZwd.exe
  C:\Windows\System\egHuZwd.exe
  2⤵
  PID:2108
- C:\Windows\System\ACLiKyx.exe
  C:\Windows\System\ACLiKyx.exe
  2⤵
  PID:6860
- C:\Windows\System\oppCwca.exe
  C:\Windows\System\oppCwca.exe
  2⤵
  PID:6884
- C:\Windows\System\QkKAhzq.exe
  C:\Windows\System\QkKAhzq.exe
  2⤵
  PID:6904
- C:\Windows\System\JohWzvz.exe
  C:\Windows\System\JohWzvz.exe
  2⤵
  PID:6924
- C:\Windows\System\IGiAPMw.exe
  C:\Windows\System\IGiAPMw.exe
  2⤵
  PID:6976
- C:\Windows\System\MxLEZrS.exe
  C:\Windows\System\MxLEZrS.exe
  2⤵
  PID:1744
- C:\Windows\System\BtOZgVa.exe
  C:\Windows\System\BtOZgVa.exe
  2⤵
  PID:7016
- C:\Windows\System\bacDwMc.exe
  C:\Windows\System\bacDwMc.exe
  2⤵
  PID:7000
- C:\Windows\System\OnjvcQZ.exe
  C:\Windows\System\OnjvcQZ.exe
  2⤵
  PID:7064
- C:\Windows\System\kJLKkxV.exe
  C:\Windows\System\kJLKkxV.exe
  2⤵
  PID:7060
- C:\Windows\System\GUwOOdY.exe
  C:\Windows\System\GUwOOdY.exe
  2⤵
  PID:7080
- C:\Windows\System\EcmlrbH.exe
  C:\Windows\System\EcmlrbH.exe
  2⤵
  PID:7148
- C:\Windows\System\wqcZrAJ.exe
  C:\Windows\System\wqcZrAJ.exe
  2⤵
  PID:7144
- C:\Windows\System\nrlaTks.exe
  C:\Windows\System\nrlaTks.exe
  2⤵
  PID:2228
- C:\Windows\System\UYyxqUz.exe
  C:\Windows\System\UYyxqUz.exe
  2⤵
  PID:5872
- C:\Windows\System\rbKAuaZ.exe
  C:\Windows\System\rbKAuaZ.exe
  2⤵
  PID:3148
- C:\Windows\System\WJxWXII.exe
  C:\Windows\System\WJxWXII.exe
  2⤵
  PID:5892
- C:\Windows\System\RiHiTxz.exe
  C:\Windows\System\RiHiTxz.exe
  2⤵
  PID:1628
- C:\Windows\System\xiqCORx.exe
  C:\Windows\System\xiqCORx.exe
  2⤵
  PID:2064
- C:\Windows\System\EWJbAIS.exe
  C:\Windows\System\EWJbAIS.exe
  2⤵
  PID:2124
- C:\Windows\System\hoMhXcH.exe
  C:\Windows\System\hoMhXcH.exe
  2⤵
  PID:5364
- C:\Windows\System\owtMdhQ.exe
  C:\Windows\System\owtMdhQ.exe
  2⤵
  PID:5512
- C:\Windows\System\euZVrPt.exe
  C:\Windows\System\euZVrPt.exe
  2⤵
  PID:6152
- C:\Windows\System\PNJsvMU.exe
  C:\Windows\System\PNJsvMU.exe
  2⤵
  PID:6148
- C:\Windows\System\AWYrbbZ.exe
  C:\Windows\System\AWYrbbZ.exe
  2⤵
  PID:6236
- C:\Windows\System\XINzFmE.exe
  C:\Windows\System\XINzFmE.exe
  2⤵
  PID:6288
- C:\Windows\System\cKzQeKO.exe
  C:\Windows\System\cKzQeKO.exe
  2⤵
  PID:6320
- C:\Windows\System\PjDGtkB.exe
  C:\Windows\System\PjDGtkB.exe
  2⤵
  PID:6356
- C:\Windows\System\mBVTNvL.exe
  C:\Windows\System\mBVTNvL.exe
  2⤵
  PID:6432
- C:\Windows\System\wxofRuw.exe
  C:\Windows\System\wxofRuw.exe
  2⤵
  PID:6436
- C:\Windows\System\fOXTxcN.exe
  C:\Windows\System\fOXTxcN.exe
  2⤵
  PID:5240
- C:\Windows\System\drsPcox.exe
  C:\Windows\System\drsPcox.exe
  2⤵
  PID:2428
- C:\Windows\System\BJThWiD.exe
  C:\Windows\System\BJThWiD.exe
  2⤵
  PID:2264
- C:\Windows\System\gIMqiMV.exe
  C:\Windows\System\gIMqiMV.exe
  2⤵
  PID:2388
- C:\Windows\System\yKGKATt.exe
  C:\Windows\System\yKGKATt.exe
  2⤵
  PID:7100
- C:\Windows\System\QTGAJQV.exe
  C:\Windows\System\QTGAJQV.exe
  2⤵
  PID:6580
- C:\Windows\System\ZimDCnd.exe
  C:\Windows\System\ZimDCnd.exe
  2⤵
  PID:6672
- C:\Windows\System\ZkbAMgt.exe
  C:\Windows\System\ZkbAMgt.exe
  2⤵
  PID:6656
- C:\Windows\System\WPIHzVC.exe
  C:\Windows\System\WPIHzVC.exe
  2⤵
  PID:6696
- C:\Windows\System\xsQfMjq.exe
  C:\Windows\System\xsQfMjq.exe
  2⤵
  PID:6756
- C:\Windows\System\seYTRny.exe
  C:\Windows\System\seYTRny.exe
  2⤵
  PID:6920
- C:\Windows\System\yUZSSlv.exe
  C:\Windows\System\yUZSSlv.exe
  2⤵
  PID:6944
- C:\Windows\System\LAiMQiB.exe
  C:\Windows\System\LAiMQiB.exe
  2⤵
  PID:6864
- C:\Windows\System\xHwRYmL.exe
  C:\Windows\System\xHwRYmL.exe
  2⤵
  PID:7024
- C:\Windows\System\BDYzCMt.exe
  C:\Windows\System\BDYzCMt.exe
  2⤵
  PID:7044
- C:\Windows\System\ThfbIob.exe
  C:\Windows\System\ThfbIob.exe
  2⤵
  PID:6980
- C:\Windows\System\SfMTmfJ.exe
  C:\Windows\System\SfMTmfJ.exe
  2⤵
  PID:7056
- C:\Windows\System\DTrMnbQ.exe
  C:\Windows\System\DTrMnbQ.exe
  2⤵
  PID:908
- C:\Windows\System\bvQSogQ.exe
  C:\Windows\System\bvQSogQ.exe
  2⤵
  PID:2452
- C:\Windows\System\HhFVANE.exe
  C:\Windows\System\HhFVANE.exe
  2⤵
  PID:4276
- C:\Windows\System\fOmdkPY.exe
  C:\Windows\System\fOmdkPY.exe
  2⤵
  PID:2092
- C:\Windows\System\pcLZvbo.exe
  C:\Windows\System\pcLZvbo.exe
  2⤵
  PID:6172
- C:\Windows\System\KJJcQDA.exe
  C:\Windows\System\KJJcQDA.exe
  2⤵
  PID:5144
- C:\Windows\System\iVzBRlM.exe
  C:\Windows\System\iVzBRlM.exe
  2⤵
  PID:1432
- C:\Windows\System\mEsgisd.exe
  C:\Windows\System\mEsgisd.exe
  2⤵
  PID:6452
- C:\Windows\System\MpdmIRJ.exe
  C:\Windows\System\MpdmIRJ.exe
  2⤵
  PID:2536
- C:\Windows\System\NaSItzm.exe
  C:\Windows\System\NaSItzm.exe
  2⤵
  PID:6700
- C:\Windows\System\ZTsiLCO.exe
  C:\Windows\System\ZTsiLCO.exe
  2⤵
  PID:6552
- C:\Windows\System\PIILbed.exe
  C:\Windows\System\PIILbed.exe
  2⤵
  PID:1380
- C:\Windows\System\JAwWEJH.exe
  C:\Windows\System\JAwWEJH.exe
  2⤵
  PID:6680
- C:\Windows\System\NNLYjPF.exe
  C:\Windows\System\NNLYjPF.exe
  2⤵
  PID:2516
- C:\Windows\System\gZJPAkA.exe
  C:\Windows\System\gZJPAkA.exe
  2⤵
  PID:2244
- C:\Windows\System\jWenUgi.exe
  C:\Windows\System\jWenUgi.exe
  2⤵
  PID:6808
- C:\Windows\System\ESZKyrP.exe
  C:\Windows\System\ESZKyrP.exe
  2⤵
  PID:6516
- C:\Windows\System\HLUPibR.exe
  C:\Windows\System\HLUPibR.exe
  2⤵
  PID:6720
- C:\Windows\System\hnYoWGc.exe
  C:\Windows\System\hnYoWGc.exe
  2⤵
  PID:2552
- C:\Windows\System\IweCTnP.exe
  C:\Windows\System\IweCTnP.exe
  2⤵
  PID:7124
- C:\Windows\System\YelKXkv.exe
  C:\Windows\System\YelKXkv.exe
  2⤵
  PID:5732
- C:\Windows\System\kImHDZT.exe
  C:\Windows\System\kImHDZT.exe
  2⤵
  PID:6332
- C:\Windows\System\kFIbuxE.exe
  C:\Windows\System\kFIbuxE.exe
  2⤵
  PID:6660
- C:\Windows\System\MYjyuVe.exe
  C:\Windows\System\MYjyuVe.exe
  2⤵
  PID:6856
- C:\Windows\System\ABCtowt.exe
  C:\Windows\System\ABCtowt.exe
  2⤵
  PID:6984
- C:\Windows\System\sDDHIQM.exe
  C:\Windows\System\sDDHIQM.exe
  2⤵
  PID:6964
- C:\Windows\System\FndtnOx.exe
  C:\Windows\System\FndtnOx.exe
  2⤵
  PID:7040
- C:\Windows\System\zfckrQw.exe
  C:\Windows\System\zfckrQw.exe
  2⤵
  PID:6296
- C:\Windows\System\vJyTBba.exe
  C:\Windows\System\vJyTBba.exe
  2⤵
  PID:6312
- C:\Windows\System\PAhdEgw.exe
  C:\Windows\System\PAhdEgw.exe
  2⤵
  PID:7180
- C:\Windows\System\lMIfHcv.exe
  C:\Windows\System\lMIfHcv.exe
  2⤵
  PID:7196
- C:\Windows\System\HXzRQYR.exe
  C:\Windows\System\HXzRQYR.exe
  2⤵
  PID:7212
- C:\Windows\System\jTelfwD.exe
  C:\Windows\System\jTelfwD.exe
  2⤵
  PID:7228
- C:\Windows\System\krCjgmS.exe
  C:\Windows\System\krCjgmS.exe
  2⤵
  PID:7244
- C:\Windows\System\DqUwkEd.exe
  C:\Windows\System\DqUwkEd.exe
  2⤵
  PID:7268
- C:\Windows\System\XRZeugb.exe
  C:\Windows\System\XRZeugb.exe
  2⤵
  PID:7284
- C:\Windows\System\ubdgHYt.exe
  C:\Windows\System\ubdgHYt.exe
  2⤵
  PID:7308
- C:\Windows\System\BjoTWYR.exe
  C:\Windows\System\BjoTWYR.exe
  2⤵
  PID:7324
- C:\Windows\System\ygUrjUD.exe
  C:\Windows\System\ygUrjUD.exe
  2⤵
  PID:7340
- C:\Windows\System\xXLbDtK.exe
  C:\Windows\System\xXLbDtK.exe
  2⤵
  PID:7356
- C:\Windows\System\FVNnbyB.exe
  C:\Windows\System\FVNnbyB.exe
  2⤵
  PID:7372
- C:\Windows\System\OwhrJGy.exe
  C:\Windows\System\OwhrJGy.exe
  2⤵
  PID:7388
- C:\Windows\System\uwCDIpd.exe
  C:\Windows\System\uwCDIpd.exe
  2⤵
  PID:7404
- C:\Windows\System\TSmnQUn.exe
  C:\Windows\System\TSmnQUn.exe
  2⤵
  PID:7428
- C:\Windows\System\dWrxtWv.exe
  C:\Windows\System\dWrxtWv.exe
  2⤵
  PID:7444
- C:\Windows\System\SUfneNz.exe
  C:\Windows\System\SUfneNz.exe
  2⤵
  PID:7460
- C:\Windows\System\gYOAzsN.exe
  C:\Windows\System\gYOAzsN.exe
  2⤵
  PID:7476
- C:\Windows\System\UdfGAso.exe
  C:\Windows\System\UdfGAso.exe
  2⤵
  PID:7492
- C:\Windows\System\yfgPMqi.exe
  C:\Windows\System\yfgPMqi.exe
  2⤵
  PID:7508
- C:\Windows\System\nhgAWQg.exe
  C:\Windows\System\nhgAWQg.exe
  2⤵
  PID:7524
- C:\Windows\System\dWtCAXp.exe
  C:\Windows\System\dWtCAXp.exe
  2⤵
  PID:7540
- C:\Windows\System\hqnqUsg.exe
  C:\Windows\System\hqnqUsg.exe
  2⤵
  PID:7556
- C:\Windows\System\NpRGRdN.exe
  C:\Windows\System\NpRGRdN.exe
  2⤵
  PID:7572
- C:\Windows\System\TSFJWmA.exe
  C:\Windows\System\TSFJWmA.exe
  2⤵
  PID:7588
- C:\Windows\System\EunBBCn.exe
  C:\Windows\System\EunBBCn.exe
  2⤵
  PID:7624
- C:\Windows\System\fPgjDbQ.exe
  C:\Windows\System\fPgjDbQ.exe
  2⤵
  PID:7640
- C:\Windows\System\dXHAVYp.exe
  C:\Windows\System\dXHAVYp.exe
  2⤵
  PID:7660
- C:\Windows\System\jXaXAiX.exe
  C:\Windows\System\jXaXAiX.exe
  2⤵
  PID:7676
- C:\Windows\System\dreVLtK.exe
  C:\Windows\System\dreVLtK.exe
  2⤵
  PID:7776
- C:\Windows\System\Kwlecox.exe
  C:\Windows\System\Kwlecox.exe
  2⤵
  PID:7792
- C:\Windows\System\RJtGsAI.exe
  C:\Windows\System\RJtGsAI.exe
  2⤵
  PID:7812
- C:\Windows\System\opVOANe.exe
  C:\Windows\System\opVOANe.exe
  2⤵
  PID:7836
- C:\Windows\System\dEDTDyQ.exe
  C:\Windows\System\dEDTDyQ.exe
  2⤵
  PID:7856
- C:\Windows\System\rwtDxqj.exe
  C:\Windows\System\rwtDxqj.exe
  2⤵
  PID:7880
- C:\Windows\System\tAOxbri.exe
  C:\Windows\System\tAOxbri.exe
  2⤵
  PID:7896
- C:\Windows\System\soUJSmG.exe
  C:\Windows\System\soUJSmG.exe
  2⤵
  PID:7916
- C:\Windows\System\RcWpRBf.exe
  C:\Windows\System\RcWpRBf.exe
  2⤵
  PID:7932
- C:\Windows\System\uVuckLc.exe
  C:\Windows\System\uVuckLc.exe
  2⤵
  PID:7952
- C:\Windows\System\rgvkmTj.exe
  C:\Windows\System\rgvkmTj.exe
  2⤵
  PID:7972
- C:\Windows\System\syUyfvS.exe
  C:\Windows\System\syUyfvS.exe
  2⤵
  PID:7992
- C:\Windows\System\OEOhbsj.exe
  C:\Windows\System\OEOhbsj.exe
  2⤵
  PID:8016
- C:\Windows\System\nGAhxkl.exe
  C:\Windows\System\nGAhxkl.exe
  2⤵
  PID:8032
- C:\Windows\System\GQNDlMv.exe
  C:\Windows\System\GQNDlMv.exe
  2⤵
  PID:8060
- C:\Windows\System\IcAEpPx.exe
  C:\Windows\System\IcAEpPx.exe
  2⤵
  PID:8140
- C:\Windows\System\rcXiaca.exe
  C:\Windows\System\rcXiaca.exe
  2⤵
  PID:8160
- C:\Windows\System\IypLwud.exe
  C:\Windows\System\IypLwud.exe
  2⤵
  PID:7188
- C:\Windows\System\YgRsWhj.exe
  C:\Windows\System\YgRsWhj.exe
  2⤵
  PID:7252
- C:\Windows\System\NBSeJJh.exe
  C:\Windows\System\NBSeJJh.exe
  2⤵
  PID:7296
- C:\Windows\System\SltclgE.exe
  C:\Windows\System\SltclgE.exe
  2⤵
  PID:7348
- C:\Windows\System\fDCsQxm.exe
  C:\Windows\System\fDCsQxm.exe
  2⤵
  PID:7412
- C:\Windows\System\jTQmgob.exe
  C:\Windows\System\jTQmgob.exe
  2⤵
  PID:7364
- C:\Windows\System\Amhrnkr.exe
  C:\Windows\System\Amhrnkr.exe
  2⤵
  PID:7456
- C:\Windows\System\aBBjJVV.exe
  C:\Windows\System\aBBjJVV.exe
  2⤵
  PID:7468
- C:\Windows\System\LkTlnlf.exe
  C:\Windows\System\LkTlnlf.exe
  2⤵
  PID:7580
- C:\Windows\System\cXrEEVU.exe
  C:\Windows\System\cXrEEVU.exe
  2⤵
  PID:7568
- C:\Windows\System\kDfOGfe.exe
  C:\Windows\System\kDfOGfe.exe
  2⤵
  PID:7612
- C:\Windows\System\lqIFYTm.exe
  C:\Windows\System\lqIFYTm.exe
  2⤵
  PID:7420
- C:\Windows\System\ONsZYty.exe
  C:\Windows\System\ONsZYty.exe
  2⤵
  PID:7652
- C:\Windows\System\tkuwXPu.exe
  C:\Windows\System\tkuwXPu.exe
  2⤵
  PID:7700
- C:\Windows\System\sYvOJIY.exe
  C:\Windows\System\sYvOJIY.exe
  2⤵
  PID:7728
- C:\Windows\System\TNcVwxQ.exe
  C:\Windows\System\TNcVwxQ.exe
  2⤵
  PID:7744
- C:\Windows\System\wxpDjsw.exe
  C:\Windows\System\wxpDjsw.exe
  2⤵
  PID:7768
- C:\Windows\System\QsVzLTG.exe
  C:\Windows\System\QsVzLTG.exe
  2⤵
  PID:7876
- C:\Windows\System\yCnyDiP.exe
  C:\Windows\System\yCnyDiP.exe
  2⤵
  PID:7868
- C:\Windows\System\ITuvsoX.exe
  C:\Windows\System\ITuvsoX.exe
  2⤵
  PID:7800
- C:\Windows\System\ETHzfjQ.exe
  C:\Windows\System\ETHzfjQ.exe
  2⤵
  PID:8024
- C:\Windows\System\AOnqSkM.exe
  C:\Windows\System\AOnqSkM.exe
  2⤵
  PID:8028
- C:\Windows\System\oqhHuYN.exe
  C:\Windows\System\oqhHuYN.exe
  2⤵
  PID:8096
- C:\Windows\System\VxiXPly.exe
  C:\Windows\System\VxiXPly.exe
  2⤵
  PID:8100
- C:\Windows\System\mbKrcVR.exe
  C:\Windows\System\mbKrcVR.exe
  2⤵
  PID:7844
- C:\Windows\System\rKYoWkV.exe
  C:\Windows\System\rKYoWkV.exe
  2⤵
  PID:7964
- C:\Windows\System\puFyrvO.exe
  C:\Windows\System\puFyrvO.exe
  2⤵
  PID:8004
- C:\Windows\System\WRnFJmT.exe
  C:\Windows\System\WRnFJmT.exe
  2⤵
  PID:8052
- C:\Windows\System\TNzTzTR.exe
  C:\Windows\System\TNzTzTR.exe
  2⤵
  PID:8108
- C:\Windows\System\TsuexWB.exe
  C:\Windows\System\TsuexWB.exe
  2⤵
  PID:8132
- C:\Windows\System\WukPEsE.exe
  C:\Windows\System\WukPEsE.exe
  2⤵
  PID:8128
- C:\Windows\System\qjLMRXM.exe
  C:\Windows\System\qjLMRXM.exe
  2⤵
  PID:8180
- C:\Windows\System\WrFngWb.exe
  C:\Windows\System\WrFngWb.exe
  2⤵
  PID:948
- C:\Windows\System\amSWFgd.exe
  C:\Windows\System\amSWFgd.exe
  2⤵
  PID:6876
- C:\Windows\System\mvLvUQJ.exe
  C:\Windows\System\mvLvUQJ.exe
  2⤵
  PID:6896
- C:\Windows\System\HgstGyD.exe
  C:\Windows\System\HgstGyD.exe
  2⤵
  PID:7380
- C:\Windows\System\XhmcEVI.exe
  C:\Windows\System\XhmcEVI.exe
  2⤵
  PID:7548
- C:\Windows\System\XOiQSlG.exe
  C:\Windows\System\XOiQSlG.exe
  2⤵
  PID:7332
- C:\Windows\System\DigNrUq.exe
  C:\Windows\System\DigNrUq.exe
  2⤵
  PID:7520
- C:\Windows\System\zMODQnL.exe
  C:\Windows\System\zMODQnL.exe
  2⤵
  PID:7536
- C:\Windows\System\FtcfZSV.exe
  C:\Windows\System\FtcfZSV.exe
  2⤵
  PID:7600
- C:\Windows\System\UojBmGa.exe
  C:\Windows\System\UojBmGa.exe
  2⤵
  PID:5768
- C:\Windows\System\JzhNUjC.exe
  C:\Windows\System\JzhNUjC.exe
  2⤵
  PID:7832
- C:\Windows\System\UGmAyfO.exe
  C:\Windows\System\UGmAyfO.exe
  2⤵
  PID:7752
- C:\Windows\System\mpCZsdH.exe
  C:\Windows\System\mpCZsdH.exe
  2⤵
  PID:7824
- C:\Windows\System\uGXFxAP.exe
  C:\Windows\System\uGXFxAP.exe
  2⤵
  PID:7736
- C:\Windows\System\oJgRrYa.exe
  C:\Windows\System\oJgRrYa.exe
  2⤵
  PID:7788
- C:\Windows\System\hzEFzLN.exe
  C:\Windows\System\hzEFzLN.exe
  2⤵
  PID:7948
- C:\Windows\System\aRhSXzg.exe
  C:\Windows\System\aRhSXzg.exe
  2⤵
  PID:8088
- C:\Windows\System\TNiiMdM.exe
  C:\Windows\System\TNiiMdM.exe
  2⤵
  PID:8040
- C:\Windows\System\vbsZwgu.exe
  C:\Windows\System\vbsZwgu.exe
  2⤵
  PID:8104
- C:\Windows\System\CIPqtjr.exe
  C:\Windows\System\CIPqtjr.exe
  2⤵
  PID:7924
- C:\Windows\System\zDZDfRX.exe
  C:\Windows\System\zDZDfRX.exe
  2⤵
  PID:8156
- C:\Windows\System\gFevphD.exe
  C:\Windows\System\gFevphD.exe
  2⤵
  PID:6520
- C:\Windows\System\rFHqjwe.exe
  C:\Windows\System\rFHqjwe.exe
  2⤵
  PID:6632
- C:\Windows\System\njJipzC.exe
  C:\Windows\System\njJipzC.exe
  2⤵
  PID:8188
- C:\Windows\System\kUbnDpn.exe
  C:\Windows\System\kUbnDpn.exe
  2⤵
  PID:788
- C:\Windows\System\LKOtlLI.exe
  C:\Windows\System\LKOtlLI.exe
  2⤵
  PID:7300
- C:\Windows\System\LOgJjAv.exe
  C:\Windows\System\LOgJjAv.exe
  2⤵
  PID:7848
- C:\Windows\System\FwEYNKE.exe
  C:\Windows\System\FwEYNKE.exe
  2⤵
  PID:7452
- C:\Windows\System\lNmALDm.exe
  C:\Windows\System\lNmALDm.exe
  2⤵
  PID:7304
- C:\Windows\System\AsDlwUJ.exe
  C:\Windows\System\AsDlwUJ.exe
  2⤵
  PID:7764
- C:\Windows\System\VodTafu.exe
  C:\Windows\System\VodTafu.exe
  2⤵
  PID:7564
- C:\Windows\System\oZvPmMF.exe
  C:\Windows\System\oZvPmMF.exe
  2⤵
  PID:8092
- C:\Windows\System\iIfcXkl.exe
  C:\Windows\System\iIfcXkl.exe
  2⤵
  PID:7968
- C:\Windows\System\epNMQUF.exe
  C:\Windows\System\epNMQUF.exe
  2⤵
  PID:7264
- C:\Windows\System\kESxEWB.exe
  C:\Windows\System\kESxEWB.exe
  2⤵
  PID:8116
- C:\Windows\System\SiQveTx.exe
  C:\Windows\System\SiQveTx.exe
  2⤵
  PID:584
- C:\Windows\System\xHEDPZC.exe
  C:\Windows\System\xHEDPZC.exe
  2⤵
  PID:7208
- C:\Windows\System\CgkTVar.exe
  C:\Windows\System\CgkTVar.exe
  2⤵
  PID:7176
- C:\Windows\System\EupCnVR.exe
  C:\Windows\System\EupCnVR.exe
  2⤵
  PID:7500
- C:\Windows\System\DjbjuuJ.exe
  C:\Windows\System\DjbjuuJ.exe
  2⤵
  PID:7648
- C:\Windows\System\vrCoyUy.exe
  C:\Windows\System\vrCoyUy.exe
  2⤵
  PID:7688
- C:\Windows\System\SFRVQiV.exe
  C:\Windows\System\SFRVQiV.exe
  2⤵
  PID:7692
- C:\Windows\System\YhNWfqQ.exe
  C:\Windows\System\YhNWfqQ.exe
  2⤵
  PID:7940
- C:\Windows\System\hRLaNge.exe
  C:\Windows\System\hRLaNge.exe
  2⤵
  PID:7912
- C:\Windows\System\yIdTKFk.exe
  C:\Windows\System\yIdTKFk.exe
  2⤵
  PID:8084
- C:\Windows\System\GqSwTrp.exe
  C:\Windows\System\GqSwTrp.exe
  2⤵
  PID:8120
- C:\Windows\System\fnXziMl.exe
  C:\Windows\System\fnXziMl.exe
  2⤵
  PID:6480
- C:\Windows\System\oGdpbqd.exe
  C:\Windows\System\oGdpbqd.exe
  2⤵
  PID:7336
- C:\Windows\System\GHPrUSi.exe
  C:\Windows\System\GHPrUSi.exe
  2⤵
  PID:7224
- C:\Windows\System\bsLiRqg.exe
  C:\Windows\System\bsLiRqg.exe
  2⤵
  PID:7892
- C:\Windows\System\AoOnkWV.exe
  C:\Windows\System\AoOnkWV.exe
  2⤵
  PID:7804
- C:\Windows\System\ykvFgfM.exe
  C:\Windows\System\ykvFgfM.exe
  2⤵
  PID:8204
- C:\Windows\System\DQSrZeM.exe
  C:\Windows\System\DQSrZeM.exe
  2⤵
  PID:8220
- C:\Windows\System\JJKEwcp.exe
  C:\Windows\System\JJKEwcp.exe
  2⤵
  PID:8300
- C:\Windows\System\mKQdbRZ.exe
  C:\Windows\System\mKQdbRZ.exe
  2⤵
  PID:8332
- C:\Windows\System\HDufwPa.exe
  C:\Windows\System\HDufwPa.exe
  2⤵
  PID:8348
- C:\Windows\System\JqzwEXC.exe
  C:\Windows\System\JqzwEXC.exe
  2⤵
  PID:8364
- C:\Windows\System\SLfbWIO.exe
  C:\Windows\System\SLfbWIO.exe
  2⤵
  PID:8384
- C:\Windows\System\RgkxXbn.exe
  C:\Windows\System\RgkxXbn.exe
  2⤵
  PID:8400
- C:\Windows\System\wxBRskE.exe
  C:\Windows\System\wxBRskE.exe
  2⤵
  PID:8420
- C:\Windows\System\GNzanhB.exe
  C:\Windows\System\GNzanhB.exe
  2⤵
  PID:8436
- C:\Windows\System\VvEGZHY.exe
  C:\Windows\System\VvEGZHY.exe
  2⤵
  PID:8452
- C:\Windows\System\oLnELVf.exe
  C:\Windows\System\oLnELVf.exe
  2⤵
  PID:8468
- C:\Windows\System\ZqaFJev.exe
  C:\Windows\System\ZqaFJev.exe
  2⤵
  PID:8484
- C:\Windows\System\WjCASXi.exe
  C:\Windows\System\WjCASXi.exe
  2⤵
  PID:8500
- C:\Windows\System\sAXCBld.exe
  C:\Windows\System\sAXCBld.exe
  2⤵
  PID:8516
- C:\Windows\System\VmPtFBT.exe
  C:\Windows\System\VmPtFBT.exe
  2⤵
  PID:8532
- C:\Windows\System\wWtMQsi.exe
  C:\Windows\System\wWtMQsi.exe
  2⤵
  PID:8548
- C:\Windows\System\pDssjIR.exe
  C:\Windows\System\pDssjIR.exe
  2⤵
  PID:8568
- C:\Windows\System\oJRhafW.exe
  C:\Windows\System\oJRhafW.exe
  2⤵
  PID:8588
- C:\Windows\System\GFANsht.exe
  C:\Windows\System\GFANsht.exe
  2⤵
  PID:8608
- C:\Windows\System\wORRnBR.exe
  C:\Windows\System\wORRnBR.exe
  2⤵
  PID:8628
- C:\Windows\System\xdPtpya.exe
  C:\Windows\System\xdPtpya.exe
  2⤵
  PID:8644
- C:\Windows\System\uRUwWiZ.exe
  C:\Windows\System\uRUwWiZ.exe
  2⤵
  PID:8664
- C:\Windows\System\PCpVcxj.exe
  C:\Windows\System\PCpVcxj.exe
  2⤵
  PID:8688
- C:\Windows\System\fUlqYsj.exe
  C:\Windows\System\fUlqYsj.exe
  2⤵
  PID:8704
- C:\Windows\System\PBUPIDn.exe
  C:\Windows\System\PBUPIDn.exe
  2⤵
  PID:8720
- C:\Windows\System\gYonCAQ.exe
  C:\Windows\System\gYonCAQ.exe
  2⤵
  PID:8736
- C:\Windows\System\MRIlylm.exe
  C:\Windows\System\MRIlylm.exe
  2⤵
  PID:8752
- C:\Windows\System\wZvJZSe.exe
  C:\Windows\System\wZvJZSe.exe
  2⤵
  PID:8768
- C:\Windows\System\xFFCrMK.exe
  C:\Windows\System\xFFCrMK.exe
  2⤵
  PID:8784
- C:\Windows\System\XedQUWM.exe
  C:\Windows\System\XedQUWM.exe
  2⤵
  PID:8808
- C:\Windows\System\KVEMqAG.exe
  C:\Windows\System\KVEMqAG.exe
  2⤵
  PID:8832
- C:\Windows\System\ERVUosL.exe
  C:\Windows\System\ERVUosL.exe
  2⤵
  PID:8860
- C:\Windows\System\RjDdCUv.exe
  C:\Windows\System\RjDdCUv.exe
  2⤵
  PID:8880
- C:\Windows\System\vqjButr.exe
  C:\Windows\System\vqjButr.exe
  2⤵
  PID:8916
- C:\Windows\System\YJJxFZG.exe
  C:\Windows\System\YJJxFZG.exe
  2⤵
  PID:8940
- C:\Windows\System\ValEzOj.exe
  C:\Windows\System\ValEzOj.exe
  2⤵
  PID:8968
- C:\Windows\System\zCaTwIa.exe
  C:\Windows\System\zCaTwIa.exe
  2⤵
  PID:9020
- C:\Windows\System\xtYpkGq.exe
  C:\Windows\System\xtYpkGq.exe
  2⤵
  PID:9036
- C:\Windows\System\JWxwSTr.exe
  C:\Windows\System\JWxwSTr.exe
  2⤵
  PID:9060
- C:\Windows\System\XKtOwge.exe
  C:\Windows\System\XKtOwge.exe
  2⤵
  PID:9084
- C:\Windows\System\CWUCBnx.exe
  C:\Windows\System\CWUCBnx.exe
  2⤵
  PID:9100
- C:\Windows\System\aHpntWy.exe
  C:\Windows\System\aHpntWy.exe
  2⤵
  PID:9124
- C:\Windows\System\ohGcbnM.exe
  C:\Windows\System\ohGcbnM.exe
  2⤵
  PID:9140
- C:\Windows\System\aGgVlyv.exe
  C:\Windows\System\aGgVlyv.exe
  2⤵
  PID:9156
- C:\Windows\System\XSCJIDk.exe
  C:\Windows\System\XSCJIDk.exe
  2⤵
  PID:9172
- C:\Windows\System\tclTmvz.exe
  C:\Windows\System\tclTmvz.exe
  2⤵
  PID:9204
- C:\Windows\System\AePlWzM.exe
  C:\Windows\System\AePlWzM.exe
  2⤵
  PID:7320
- C:\Windows\System\IRLKCbH.exe
  C:\Windows\System\IRLKCbH.exe
  2⤵
  PID:8212
- C:\Windows\System\WMOULwc.exe
  C:\Windows\System\WMOULwc.exe
  2⤵
  PID:7944
- C:\Windows\System\dhBBVfK.exe
  C:\Windows\System\dhBBVfK.exe
  2⤵
  PID:6956
- C:\Windows\System\BEUjoxV.exe
  C:\Windows\System\BEUjoxV.exe
  2⤵
  PID:8200
- C:\Windows\System\RVeCupQ.exe
  C:\Windows\System\RVeCupQ.exe
  2⤵
  PID:8232
- C:\Windows\System\DyVkeEZ.exe
  C:\Windows\System\DyVkeEZ.exe
  2⤵
  PID:8256
- C:\Windows\System\LUpdUWs.exe
  C:\Windows\System\LUpdUWs.exe
  2⤵
  PID:8288
- C:\Windows\System\hbZiisQ.exe
  C:\Windows\System\hbZiisQ.exe
  2⤵
  PID:8284
- C:\Windows\System\yupRXVX.exe
  C:\Windows\System\yupRXVX.exe
  2⤵
  PID:8308
- C:\Windows\System\EMcMZAK.exe
  C:\Windows\System\EMcMZAK.exe
  2⤵
  PID:8328
- C:\Windows\System\vkEUWkw.exe
  C:\Windows\System\vkEUWkw.exe
  2⤵
  PID:8396
- C:\Windows\System\XEBfzXj.exe
  C:\Windows\System\XEBfzXj.exe
  2⤵
  PID:8492
- C:\Windows\System\WOSWgUK.exe
  C:\Windows\System\WOSWgUK.exe
  2⤵
  PID:8556
- C:\Windows\System\sNDXwun.exe
  C:\Windows\System\sNDXwun.exe
  2⤵
  PID:8560
- C:\Windows\System\USsYbVP.exe
  C:\Windows\System\USsYbVP.exe
  2⤵
  PID:8376
- C:\Windows\System\vKmULHB.exe
  C:\Windows\System\vKmULHB.exe
  2⤵
  PID:8416
- C:\Windows\System\JHjOJuG.exe
  C:\Windows\System\JHjOJuG.exe
  2⤵
  PID:8540
- C:\Windows\System\IEIWgwd.exe
  C:\Windows\System\IEIWgwd.exe
  2⤵
  PID:8576
- C:\Windows\System\mwNDYHF.exe
  C:\Windows\System\mwNDYHF.exe
  2⤵
  PID:8652
- C:\Windows\System\OFCuRPq.exe
  C:\Windows\System\OFCuRPq.exe
  2⤵
  PID:8672
- C:\Windows\System\SaSHTLl.exe
  C:\Windows\System\SaSHTLl.exe
  2⤵
  PID:8804
- C:\Windows\System\ooiuaYC.exe
  C:\Windows\System\ooiuaYC.exe
  2⤵
  PID:8840
- C:\Windows\System\jlAcxrw.exe
  C:\Windows\System\jlAcxrw.exe
  2⤵
  PID:8852
- C:\Windows\System\RFTcAYG.exe
  C:\Windows\System\RFTcAYG.exe
  2⤵
  PID:8900
- C:\Windows\System\QudwaOq.exe
  C:\Windows\System\QudwaOq.exe
  2⤵
  PID:8908
- C:\Windows\System\EnyvoKG.exe
  C:\Windows\System\EnyvoKG.exe
  2⤵
  PID:8948
- C:\Windows\System\bqDfrGT.exe
  C:\Windows\System\bqDfrGT.exe
  2⤵
  PID:8976
- C:\Windows\System\MxdFaTs.exe
  C:\Windows\System\MxdFaTs.exe
  2⤵
  PID:8988
- C:\Windows\System\VhGXiCJ.exe
  C:\Windows\System\VhGXiCJ.exe
  2⤵
  PID:9008
- C:\Windows\System\KureaFh.exe
  C:\Windows\System\KureaFh.exe
  2⤵
  PID:9028
- C:\Windows\System\ZAsAtSW.exe
  C:\Windows\System\ZAsAtSW.exe
  2⤵
  PID:9056
- C:\Windows\System\SYAXXQf.exe
  C:\Windows\System\SYAXXQf.exe
  2⤵
  PID:9080
- C:\Windows\System\AKhVHNb.exe
  C:\Windows\System\AKhVHNb.exe
  2⤵
  PID:9132
- C:\Windows\System\wrdjXcU.exe
  C:\Windows\System\wrdjXcU.exe
  2⤵
  PID:9168
- C:\Windows\System\NExzgqE.exe
  C:\Windows\System\NExzgqE.exe
  2⤵
  PID:9212
- C:\Windows\System\qubItpu.exe
  C:\Windows\System\qubItpu.exe
  2⤵
  PID:9200
- C:\Windows\System\RrEPolG.exe
  C:\Windows\System\RrEPolG.exe
  2⤵
  PID:7928
- C:\Windows\System\pvoLmbS.exe
  C:\Windows\System\pvoLmbS.exe
  2⤵
  PID:8240
- C:\Windows\System\ePkhzik.exe
  C:\Windows\System\ePkhzik.exe
  2⤵
  PID:8432
- C:\Windows\System\dizGmNb.exe
  C:\Windows\System\dizGmNb.exe
  2⤵
  PID:8544
- C:\Windows\System\nHajNBU.exe
  C:\Windows\System\nHajNBU.exe
  2⤵
  PID:8524
- C:\Windows\System\qulDgcl.exe
  C:\Windows\System\qulDgcl.exe
  2⤵
  PID:8264
- C:\Windows\System\dieeSfg.exe
  C:\Windows\System\dieeSfg.exe
  2⤵
  PID:8360
- C:\Windows\System\lbUMZfW.exe
  C:\Windows\System\lbUMZfW.exe
  2⤵
  PID:8476
- C:\Windows\System\cArHmzn.exe
  C:\Windows\System\cArHmzn.exe
  2⤵
  PID:8684
- C:\Windows\System\ZUHuuvD.exe
  C:\Windows\System\ZUHuuvD.exe
  2⤵
  PID:8780
- C:\Windows\System\JhgikXd.exe
  C:\Windows\System\JhgikXd.exe
  2⤵
  PID:8696
- C:\Windows\System\FeRkqmo.exe
  C:\Windows\System\FeRkqmo.exe
  2⤵
  PID:8924
- C:\Windows\System\lMDUrhL.exe
  C:\Windows\System\lMDUrhL.exe
  2⤵
  PID:9192
- C:\Windows\System\RyNVpKl.exe
  C:\Windows\System\RyNVpKl.exe
  2⤵
  PID:9052
- C:\Windows\System\CnVENOm.exe
  C:\Windows\System\CnVENOm.exe
  2⤵
  PID:9108
- C:\Windows\System\HOHDzOc.exe
  C:\Windows\System\HOHDzOc.exe
  2⤵
  PID:8460
- C:\Windows\System\QgWzIbo.exe
  C:\Windows\System\QgWzIbo.exe
  2⤵
  PID:8912
- C:\Windows\System\iHRTQFA.exe
  C:\Windows\System\iHRTQFA.exe
  2⤵
  PID:8508
- C:\Windows\System\haEcIlo.exe
  C:\Windows\System\haEcIlo.exe
  2⤵
  PID:8012
- C:\Windows\System\nBToCPu.exe
  C:\Windows\System\nBToCPu.exe
  2⤵
  PID:8292
- C:\Windows\System\yyGuPyw.exe
  C:\Windows\System\yyGuPyw.exe
  2⤵
  PID:8716
- C:\Windows\System\shsnoCE.exe
  C:\Windows\System\shsnoCE.exe
  2⤵
  PID:8760
- C:\Windows\System\pFphYmW.exe
  C:\Windows\System\pFphYmW.exe
  2⤵
  PID:8800
- C:\Windows\System\ZAGQISL.exe
  C:\Windows\System\ZAGQISL.exe
  2⤵
  PID:9004
- C:\Windows\System\DGbbyls.exe
  C:\Windows\System\DGbbyls.exe
  2⤵
  PID:8932
- C:\Windows\System\lDOnHYt.exe
  C:\Windows\System\lDOnHYt.exe
  2⤵
  PID:9096
- C:\Windows\System\bUDBRCb.exe
  C:\Windows\System\bUDBRCb.exe
  2⤵
  PID:9000
- C:\Windows\System\FgVFJLb.exe
  C:\Windows\System\FgVFJLb.exe
  2⤵
  PID:8444
- C:\Windows\System\EmAnTNK.exe
  C:\Windows\System\EmAnTNK.exe
  2⤵
  PID:7668
- C:\Windows\System\EWGoDrv.exe
  C:\Windows\System\EWGoDrv.exe
  2⤵
  PID:8216
- C:\Windows\System\wNEHKMA.exe
  C:\Windows\System\wNEHKMA.exe
  2⤵
  PID:8776
- C:\Windows\System\JLHHNJq.exe
  C:\Windows\System\JLHHNJq.exe
  2⤵
  PID:8764
- C:\Windows\System\mGDfwFj.exe
  C:\Windows\System\mGDfwFj.exe
  2⤵
  PID:8636
- C:\Windows\System\rxmxVLW.exe
  C:\Windows\System\rxmxVLW.exe
  2⤵
  PID:8888
- C:\Windows\System\CWNPpyc.exe
  C:\Windows\System\CWNPpyc.exe
  2⤵
  PID:8792
- C:\Windows\System\pQNoPbE.exe
  C:\Windows\System\pQNoPbE.exe
  2⤵
  PID:8276
- C:\Windows\System\yUyzUhh.exe
  C:\Windows\System\yUyzUhh.exe
  2⤵
  PID:8528
- C:\Windows\System\EOaLXfW.exe
  C:\Windows\System\EOaLXfW.exe
  2⤵
  PID:8892
- C:\Windows\System\oxvxfEZ.exe
  C:\Windows\System\oxvxfEZ.exe
  2⤵
  PID:8324
- C:\Windows\System\WGuNwrf.exe
  C:\Windows\System\WGuNwrf.exe
  2⤵
  PID:8992
- C:\Windows\System\jmFzXcD.exe
  C:\Windows\System\jmFzXcD.exe
  2⤵
  PID:8196
- C:\Windows\System\JaPEZXM.exe
  C:\Windows\System\JaPEZXM.exe
  2⤵
  PID:9136
- C:\Windows\System\HWRNtkf.exe
  C:\Windows\System\HWRNtkf.exe
  2⤵
  PID:9116
- C:\Windows\System\PfDPMKB.exe
  C:\Windows\System\PfDPMKB.exe
  2⤵
  PID:8600
- C:\Windows\System\PriGGli.exe
  C:\Windows\System\PriGGli.exe
  2⤵
  PID:9244
- C:\Windows\System\bVWkfGT.exe
  C:\Windows\System\bVWkfGT.exe
  2⤵
  PID:9260
- C:\Windows\System\LSOOVbw.exe
  C:\Windows\System\LSOOVbw.exe
  2⤵
  PID:9288
- C:\Windows\System\sYDiPvk.exe
  C:\Windows\System\sYDiPvk.exe
  2⤵
  PID:9316
- C:\Windows\System\cowPspz.exe
  C:\Windows\System\cowPspz.exe
  2⤵
  PID:9332
- C:\Windows\System\jRSVOtq.exe
  C:\Windows\System\jRSVOtq.exe
  2⤵
  PID:9348
- C:\Windows\System\zcxgpGj.exe
  C:\Windows\System\zcxgpGj.exe
  2⤵
  PID:9364
- C:\Windows\System\CSgMsUl.exe
  C:\Windows\System\CSgMsUl.exe
  2⤵
  PID:9380
- C:\Windows\System\zAdClIR.exe
  C:\Windows\System\zAdClIR.exe
  2⤵
  PID:9396
- C:\Windows\System\fDdjEHQ.exe
  C:\Windows\System\fDdjEHQ.exe
  2⤵
  PID:9416
- C:\Windows\System\KprcHrg.exe
  C:\Windows\System\KprcHrg.exe
  2⤵
  PID:9432
- C:\Windows\System\iVmYhAG.exe
  C:\Windows\System\iVmYhAG.exe
  2⤵
  PID:9448
- C:\Windows\System\hLbuGoe.exe
  C:\Windows\System\hLbuGoe.exe
  2⤵
  PID:9464
- C:\Windows\System\ZOCkURW.exe
  C:\Windows\System\ZOCkURW.exe
  2⤵
  PID:9492
- C:\Windows\System\ktxNhmc.exe
  C:\Windows\System\ktxNhmc.exe
  2⤵
  PID:9520
- C:\Windows\System\eKPlUsP.exe
  C:\Windows\System\eKPlUsP.exe
  2⤵
  PID:9536
- C:\Windows\System\lgIJqJd.exe
  C:\Windows\System\lgIJqJd.exe
  2⤵
  PID:9552
- C:\Windows\System\apqNbDH.exe
  C:\Windows\System\apqNbDH.exe
  2⤵
  PID:9568
- C:\Windows\System\aeGVhKm.exe
  C:\Windows\System\aeGVhKm.exe
  2⤵
  PID:9588
- C:\Windows\System\BwgNiYn.exe
  C:\Windows\System\BwgNiYn.exe
  2⤵
  PID:9616
- C:\Windows\System\LsJeOaW.exe
  C:\Windows\System\LsJeOaW.exe
  2⤵
  PID:9636
- C:\Windows\System\JGpyebp.exe
  C:\Windows\System\JGpyebp.exe
  2⤵
  PID:9656
- C:\Windows\System\fXHozWA.exe
  C:\Windows\System\fXHozWA.exe
  2⤵
  PID:9672
- C:\Windows\System\wFKXyDH.exe
  C:\Windows\System\wFKXyDH.exe
  2⤵
  PID:9688
- C:\Windows\System\iEzWzRW.exe
  C:\Windows\System\iEzWzRW.exe
  2⤵
  PID:9704
- C:\Windows\System\bBlZdNz.exe
  C:\Windows\System\bBlZdNz.exe
  2⤵
  PID:9720
- C:\Windows\System\WvyJwHn.exe
  C:\Windows\System\WvyJwHn.exe
  2⤵
  PID:9744
- C:\Windows\System\laTKcDw.exe
  C:\Windows\System\laTKcDw.exe
  2⤵
  PID:9760
- C:\Windows\System\IuccQmu.exe
  C:\Windows\System\IuccQmu.exe
  2⤵
  PID:9776
- C:\Windows\System\BXTALXr.exe
  C:\Windows\System\BXTALXr.exe
  2⤵
  PID:9796
- C:\Windows\System\plGJhTX.exe
  C:\Windows\System\plGJhTX.exe
  2⤵
  PID:9832
- C:\Windows\System\MjuNYOS.exe
  C:\Windows\System\MjuNYOS.exe
  2⤵
  PID:9852
- C:\Windows\System\IBQvaip.exe
  C:\Windows\System\IBQvaip.exe
  2⤵
  PID:9872
- C:\Windows\System\YNOADkM.exe
  C:\Windows\System\YNOADkM.exe
  2⤵
  PID:9892
- C:\Windows\System\RPcotWp.exe
  C:\Windows\System\RPcotWp.exe
  2⤵
  PID:9908
- C:\Windows\System\tMXYpTP.exe
  C:\Windows\System\tMXYpTP.exe
  2⤵
  PID:9924
- C:\Windows\System\aSYGimE.exe
  C:\Windows\System\aSYGimE.exe
  2⤵
  PID:9944
- C:\Windows\System\NlZQFwU.exe
  C:\Windows\System\NlZQFwU.exe
  2⤵
  PID:9960
- C:\Windows\System\AQBpQsU.exe
  C:\Windows\System\AQBpQsU.exe
  2⤵
  PID:9976
- C:\Windows\System\mIyFVlE.exe
  C:\Windows\System\mIyFVlE.exe
  2⤵
  PID:9992
- C:\Windows\System\fPJxRvE.exe
  C:\Windows\System\fPJxRvE.exe
  2⤵
  PID:10008
- C:\Windows\System\RJUWuMF.exe
  C:\Windows\System\RJUWuMF.exe
  2⤵
  PID:10028
- C:\Windows\System\zglxZsN.exe
  C:\Windows\System\zglxZsN.exe
  2⤵
  PID:10056
- C:\Windows\System\AwQGpcL.exe
  C:\Windows\System\AwQGpcL.exe
  2⤵
  PID:10076
- C:\Windows\System\dGeKsvN.exe
  C:\Windows\System\dGeKsvN.exe
  2⤵
  PID:10096
- C:\Windows\System\LJUFFzu.exe
  C:\Windows\System\LJUFFzu.exe
  2⤵
  PID:10112
- C:\Windows\System\fOJBfIH.exe
  C:\Windows\System\fOJBfIH.exe
  2⤵
  PID:10128
- C:\Windows\System\tGIuDks.exe
  C:\Windows\System\tGIuDks.exe
  2⤵
  PID:10144
- C:\Windows\System\ektCYIO.exe
  C:\Windows\System\ektCYIO.exe
  2⤵
  PID:10160
- C:\Windows\System\VKivHej.exe
  C:\Windows\System\VKivHej.exe
  2⤵
  PID:10180
- C:\Windows\System\LZLVlgW.exe
  C:\Windows\System\LZLVlgW.exe
  2⤵
  PID:10200
- C:\Windows\System\vIcyqsg.exe
  C:\Windows\System\vIcyqsg.exe
  2⤵
  PID:10216
- C:\Windows\System\EKAQofQ.exe
  C:\Windows\System\EKAQofQ.exe
  2⤵
  PID:10232
- C:\Windows\System\bvgaynL.exe
  C:\Windows\System\bvgaynL.exe
  2⤵
  PID:8392
- C:\Windows\System\bxAgORJ.exe
  C:\Windows\System\bxAgORJ.exe
  2⤵
  PID:9224
- C:\Windows\System\GFLtTHT.exe
  C:\Windows\System\GFLtTHT.exe
  2⤵
  PID:9252
- C:\Windows\System\gDiwSdg.exe
  C:\Windows\System\gDiwSdg.exe
  2⤵
  PID:9324
- C:\Windows\System\rCspWZP.exe
  C:\Windows\System\rCspWZP.exe
  2⤵
  PID:9392
- C:\Windows\System\Wjfmdda.exe
  C:\Windows\System\Wjfmdda.exe
  2⤵
  PID:9444
- C:\Windows\System\fyzKBtj.exe
  C:\Windows\System\fyzKBtj.exe
  2⤵
  PID:9648
- C:\Windows\System\VOJJkRa.exe
  C:\Windows\System\VOJJkRa.exe
  2⤵
  PID:9308
- C:\Windows\System\DbZtxyg.exe
  C:\Windows\System\DbZtxyg.exe
  2⤵
  PID:9564
- C:\Windows\System\IzgAwGA.exe
  C:\Windows\System\IzgAwGA.exe
  2⤵
  PID:9644
- C:\Windows\System\WnyqjOZ.exe
  C:\Windows\System\WnyqjOZ.exe
  2⤵
  PID:9884
- C:\Windows\System\XEVEnXO.exe
  C:\Windows\System\XEVEnXO.exe
  2⤵
  PID:9792
- C:\Windows\System\QvPlqwD.exe
  C:\Windows\System\QvPlqwD.exe
  2⤵
  PID:10016
- C:\Windows\System\kgIKpdK.exe
  C:\Windows\System\kgIKpdK.exe
  2⤵
  PID:9632
- C:\Windows\System\BCDUtEg.exe
  C:\Windows\System\BCDUtEg.exe
  2⤵
  PID:9668
- C:\Windows\System\nBilwFx.exe
  C:\Windows\System\nBilwFx.exe
  2⤵
  PID:9740
- C:\Windows\System\aGXZYpQ.exe
  C:\Windows\System\aGXZYpQ.exe
  2⤵
  PID:9816
- C:\Windows\System\ISgLwYb.exe
  C:\Windows\System\ISgLwYb.exe
  2⤵
  PID:9900
- C:\Windows\System\qjqtWRn.exe
  C:\Windows\System\qjqtWRn.exe
  2⤵
  PID:9936
- C:\Windows\System\bQRmMld.exe
  C:\Windows\System\bQRmMld.exe
  2⤵
  PID:10004
- C:\Windows\System\BQehlrD.exe
  C:\Windows\System\BQehlrD.exe
  2⤵
  PID:10052
- C:\Windows\System\UTQhyBF.exe
  C:\Windows\System\UTQhyBF.exe
  2⤵
  PID:10124
- C:\Windows\System\qmvidIs.exe
  C:\Windows\System\qmvidIs.exe
  2⤵
  PID:10192
- C:\Windows\System\VlVtgIS.exe
  C:\Windows\System\VlVtgIS.exe
  2⤵
  PID:10072
- C:\Windows\System\pQeeEaP.exe
  C:\Windows\System\pQeeEaP.exe
  2⤵
  PID:10108
- C:\Windows\System\RzcZmrA.exe
  C:\Windows\System\RzcZmrA.exe
  2⤵
  PID:10168
- C:\Windows\System\CIHATKm.exe
  C:\Windows\System\CIHATKm.exe
  2⤵
  PID:8820
- C:\Windows\System\sLaUNxH.exe
  C:\Windows\System\sLaUNxH.exe
  2⤵
  PID:8660
- C:\Windows\System\iQplfFI.exe
  C:\Windows\System\iQplfFI.exe
  2⤵
  PID:9032
- C:\Windows\System\TbsUrxL.exe
  C:\Windows\System\TbsUrxL.exe
  2⤵
  PID:9360
- C:\Windows\System\SgphXEW.exe
  C:\Windows\System\SgphXEW.exe
  2⤵
  PID:9328
- C:\Windows\System\EZXKLlt.exe
  C:\Windows\System\EZXKLlt.exe
  2⤵
  PID:9512
- C:\Windows\System\pEnNsfb.exe
  C:\Windows\System\pEnNsfb.exe
  2⤵
  PID:9480
- C:\Windows\System\TFazIJG.exe
  C:\Windows\System\TFazIJG.exe
  2⤵
  PID:9344
- C:\Windows\System\uUqRNbx.exe
  C:\Windows\System\uUqRNbx.exe
  2⤵
  PID:9528
- C:\Windows\System\PKfABBm.exe
  C:\Windows\System\PKfABBm.exe
  2⤵
  PID:9372
- C:\Windows\System\mSUXadD.exe
  C:\Windows\System\mSUXadD.exe
  2⤵
  PID:9596
- C:\Windows\System\wYCNcZS.exe
  C:\Windows\System\wYCNcZS.exe
  2⤵
  PID:9612
- C:\Windows\System\nbBywUj.exe
  C:\Windows\System\nbBywUj.exe
  2⤵
  PID:9916
- C:\Windows\System\gQPvIiR.exe
  C:\Windows\System\gQPvIiR.exe
  2⤵
  PID:9580
- C:\Windows\System\pGLdeFq.exe
  C:\Windows\System\pGLdeFq.exe
  2⤵
  PID:9732
- C:\Windows\System\owvcVTz.exe
  C:\Windows\System\owvcVTz.exe
  2⤵
  PID:9804
- C:\Windows\System\ogtihje.exe
  C:\Windows\System\ogtihje.exe
  2⤵
  PID:10088
- C:\Windows\System\tAEwpmQ.exe
  C:\Windows\System\tAEwpmQ.exe
  2⤵
  PID:10136
- C:\Windows\System\wPTuCis.exe
  C:\Windows\System\wPTuCis.exe
  2⤵
  PID:10040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\COXuMCO.exe

Filesize
6.0MB

MD5
6f88f2709eb9eece812c8f09f088e308

SHA1
1a8952231f67f7036b349d51a747190f1f7c8858

SHA256
31da051a5b755e3c04225b5617c155a205409ee3fae1d28df8f8b2657e94c4da

SHA512
c2302bcb391986deb3cadb55ae1d6dcc3a85773985590f86c2fa48832f11bf2211837f3434f5349b212543a012f74e679e1b570c4d3caf702df07900c1baa8ea

Download Submit
C:\Windows\system\IPbnwPH.exe

Filesize
6.0MB

MD5
9bb9d4d2b8767d7e613ad015fba8deea

SHA1
c2d12e7fe6a4ed1c9fb8746962ec88ce3d595814

SHA256
9ec4226803513559f6010670e0d77e9ca545976a6cc0a45ab339ca43481fb417

SHA512
93c062f75469a28a126e2cf101f1bfa239b6ad926b3b47c5631d5f9969331e042be3c428b578477a06a0ca33cc2a1088c5d1cf199d2b2a6b444c8fe6f04ac59b

Download Submit
C:\Windows\system\JhxHobs.exe

Filesize
6.0MB

MD5
3849159ac3e94c2fea285028f7c03fe1

SHA1
9c77dcbeece7401bb44fe44bd7ed7842ad26c039

SHA256
b6051013e180b51bad6d23854f5a7e61f86011056ac3280d119d5dd31964458b

SHA512
8dcb17edd5d0e771e7ab59b7bcad0a2fe09dfbba5c3b6befbd6249f8c421435da854c34e6aa325a689f4aea40c70ee0599849e2d030a66c12951368afdee79fa

Download Submit
C:\Windows\system\Kqodkcq.exe

Filesize
6.0MB

MD5
f767a6b640958d7a8fdab17d82bb8069

SHA1
be2ea073ea4d35ce0d79637d4a121df0eb5ed318

SHA256
1cec9dfba43a9fe69b34ff3ac892b46b7f08176ed06cfd7596db945c0c662a1b

SHA512
3a6cbc4d66d460fd6e76528bf4d25d9f47101007579832d605104ca8971a0e2d8fb1e4e13e9ffb052ae887119d68f73fbf2da7cdf53b1af629ec64502d6ecc40

Download Submit
C:\Windows\system\MbZlbza.exe

Filesize
6.0MB

MD5
83c1acb79db660a8ad4cbd2522ee62a4

SHA1
bc3168c435fd54fdd3c08a91fe36c69c0aca1544

SHA256
223b018091d038d95286471ebb599e87968627e06d36a87fec7a59c50c314d22

SHA512
66aa3b623c21dd063adb034af2c29ba37d4cdaebf6b3ad8d86dde65db9b18063c62b2e7dbef4179997a6d85020e83c92e3a3fead073cd665db852a9807ac136a

Download Submit
C:\Windows\system\MygSGrr.exe

Filesize
6.0MB

MD5
3031da9198ee3e9738ee4a7b903e0013

SHA1
08b2e13fee80e4e14f9f7555da3b50281de19090

SHA256
7421b468282e598a2b6bf7d0235a7c310ebf2b3e5634557df9a13bd7e3a0b0f8

SHA512
a9861bbf7e2d8470f9b4fb67f06df995b2f6c9c4b5282f1381fbe5c2b31424bbd87e9b6f9249c341fe5cb43b145aa9835aa270b19655bd346d722b74fb0e0fa0

Download Submit
C:\Windows\system\RuVBKuS.exe

Filesize
6.0MB

MD5
6475495645f93b84d151f7dcdb4a7fa8

SHA1
4c3da9d0810c40904a47908cd3ed1be2a1debf30

SHA256
ccb056f084b47936f27e6a0481de5d1005a620931cc37d000bbb8725173ab001

SHA512
085b9a8a31c270a20a910d89576cde47c394d743bd26aa741b6d0bc1516c45e3bf2de8917acdd41ab01bb16978e73197286c5b1df60208bbddb5490a787a4b49

Download Submit
C:\Windows\system\SQaCzLk.exe

Filesize
6.0MB

MD5
9144242fecac9d1c1b07e3f483548484

SHA1
e1d6e099fd2ec9bc1634a0edbebe4782effc95cb

SHA256
7f19a69b2e31e70f42a4d2bc1fdd6f2b0d38585350c97971a85f341b5c1e5a20

SHA512
0651b4da5cf2f392c73a4ec5f406d7c8931f41f350327ff9722789202606c2e25fceb3f080686b3ae8db28f4acc2926e039c79227a646f257b2eb79eb68c5f39

Download Submit
C:\Windows\system\TqTdISa.exe

Filesize
6.0MB

MD5
43140ab6e057a07f0ab0ceb0d475b325

SHA1
849047a429322c25e010b476512f52098d19e3d0

SHA256
36a8c77a7f29d1319498babaaa20b5eecb634c683531da72e66fe35899f4eb18

SHA512
9c059bde49c2abcf2a868371fafff9578d0f977fd8f30b2ffd017361893f812f59341becf3fdac6942b150074c96df90e3acf39c2c761f4da20dae159e504273

Download Submit
C:\Windows\system\UNGMjZs.exe

Filesize
6.0MB

MD5
efb573c260360324331ee9ed80ee7ad9

SHA1
78687c013ba36135133e258e9de087c81be36b94

SHA256
1da53839f5889790d89a82faf308d6e3dec9cd56d083b524f5fb0c8e9040e95a

SHA512
9193ac7ffc0654fc8cdfb60a90bf019bc5f04581d8253019379cddc06a8481f753a2bf80314b340218264ed4c5e1ceca1672bb620eaaf529e7d77d887509deab

Download Submit
C:\Windows\system\VFvtKcJ.exe

Filesize
6.0MB

MD5
4a3423169b36aa0806a710b1e9c65c4d

SHA1
9e69a69f8e22a940db8042824e006013942747c5

SHA256
d7b15ad826bfe7648bbab3d2472df61949be21d913caf4b7f215d087049330c5

SHA512
5ada0a58139bd0e7faf5cc7b8c91739af3b0cfe207ccdea023ae9bf46cb8c6cd583e4150dd63e6b791ef53be14deaa616caa713ddc1e7daf5989586109959b14

Download Submit
C:\Windows\system\VWkMNxM.exe

Filesize
6.0MB

MD5
d8d53cd5dca731d001a82a5b1bdeb395

SHA1
4b88555ccd5211b568d36e3287cdc4d59355671f

SHA256
abc48c8df6f21d9e65cc70aa4186a06dd6efb3947e188a684dd13728d65a7f7c

SHA512
7a25ffde921f304ed6eac70c7d6b83a8dcf279065794b8bcfd5548d47160158ad400f1fc755055171f38d2765228bcf597da5ec79c166911ab4dc0a633c92619

Download Submit
C:\Windows\system\WbyHkPn.exe

Filesize
6.0MB

MD5
2ee07b905fc95d1432b9012b551bd9ce

SHA1
72b43530371c67b4860e7a85fe98cf97b417874b

SHA256
d184140e2dcacd89be38be28592860e5afd66b365f69e241056b4e42b89091f9

SHA512
36ac1853210fb6fb53706de7587d2cf735aa4f2b3892296dcdeaeb0eebb0c692335113306a83a9d94f608a0aa0ecc1898e7e29c464db3d7646ce6d8722aa70d7

Download Submit
C:\Windows\system\ZENCIWT.exe

Filesize
6.0MB

MD5
61fa263baa3e1c720b915e3411ac63ce

SHA1
df60e3e8b8a78f09518f1d87543991ac46c43534

SHA256
ade18f5168b640f045358331e069f8a14a47c947bd5fe6d6f3a77e9ecda284c2

SHA512
cbd0c533143f38cb3c82a84dd9b939f746a77b5c9f13cda62ce556363c728ef3334a197bdb6872578e9b886ed698ef07db0d2d273b6edc021b422943022ef12e

Download Submit
C:\Windows\system\ZsUdkaB.exe

Filesize
6.0MB

MD5
0ae354fec5b60eb8eabe2993b727bc14

SHA1
808dfc70393e81574642ebee3b3c21a8c939043b

SHA256
c321537cc0823e066a786263e941f7dfb3be26798ac1f4123bb291b0c9ad5873

SHA512
d04c0e8f102e6e9f4ebefca81a65e49424adec286c9b33efbde1d30f6cd07f8c1d8ecc732e558731a2e5721de424b666845f99c49cf4fad75c3692e8fb9bd8fe

Download Submit
C:\Windows\system\dBhglgM.exe

Filesize
6.0MB

MD5
d818a5d91f790f34d631ec7f2f4ed6d1

SHA1
793322c53af04a8eeb6c508d513518fadf1851e5

SHA256
0d44a4fad37e89c2235ba48438be99c358331341696bf6da6ebee190ae0e373a

SHA512
bd809032b4a8f2d5f99e68b3573ee031c6ee23d4a4eabb2724f4f634e32cbd5fc2abfc22211a173236f2067b49ee388003a3aa0beb16d8c4adc8b8ab947e0eab

Download Submit
C:\Windows\system\fXRdoOz.exe

Filesize
6.0MB

MD5
d0003662979ce5f64c47b37b63e9fcd1

SHA1
6ddb4db99374b2dddb9e036d93e0bb6fa7fa5b74

SHA256
a112b48e07ebb8be99d9901aa76bf261c6978d72f16488a6cc4deb3f280a56b8

SHA512
6fd97b100afdace4a1faf50de2445bc0ddd3bc7a545afd6ed3619d62a30158b5fb34642344ffe338bde3022055e5db07e0406628d9aa8a2012eeea782c322914

Download Submit
C:\Windows\system\felEfgT.exe

Filesize
6.0MB

MD5
c959885610e53548fb392c6d26a5cf82

SHA1
66a9945c583b511c925feba9c9b212390adbae8b

SHA256
f7eb0bf68acf9fd981f6cf648306cc36365b08ae398f537885b8d72f31548fb6

SHA512
512029cf09c3dbd7c433273d2a294259cd1a5cc0ae78adde812d663511503ccde4ce7c309c2a46c7e05235ab5d4fb662e3d6f602fab8109dbab98bebfd65c970

Download Submit
C:\Windows\system\geBEUgr.exe

Filesize
6.0MB

MD5
f9f36d586b354ce8641b8ab09fec68be

SHA1
6bff3bb6ff31ca990c388d76c378aabd2bbe3a80

SHA256
1002fb5cf693c9939d2bd961314c5ef203015cd840fe0c3f36d0bfa073ffeb56

SHA512
b9145f0c231efef677f26df8ff788dba9b645c0882e9e94d402078c6abf261074e6c9a4ada8515917acd91acbf4d68da3f95f8757a072ea15181ba02ea45dd69

Download Submit
C:\Windows\system\iCoBZFR.exe

Filesize
6.0MB

MD5
541d256c5dd677519712eb18be861024

SHA1
824089e3b40cdaff882365aeba775c6ef433b1e0

SHA256
9110324dab6974ba22363fa1cd76eaa306fbd9bebc40d8d06a719264d431ad21

SHA512
e6b88e897133f37c13e4274673d2efb418c9e387e8ce9ddcc25198ad72972f9e8f0c0ca3c97b8069993a9b238f7523e70efb0d4eef88497147b6c0012d2895d5

Download Submit
C:\Windows\system\iqWfAIU.exe

Filesize
6.0MB

MD5
11bd0f083e662c244852046227694f4b

SHA1
1173cb0f2b78263868edd14b3eb479f8477ff294

SHA256
85f07635fed3402941a2d639ecc2d5308cc674511881257aa71b1bef28ac6b9e

SHA512
5fb91d28f5d45e2eea2f5491a2025c72332edaad0bd21b5371504116d6b7d6118c1a20ea08ccfa453ef6ca80088cb6f2cf52e5681e639685758de347c5561fbf

Download Submit
C:\Windows\system\kBUGoYd.exe

Filesize
6.0MB

MD5
f31a3d1f3f1343afff4463981cd7fbf7

SHA1
3b5fe80818b99f78d4db5e6dcfc782ff1eedfa95

SHA256
b0e4c80fdabe050453ec6987d534ab71992aeed09050e18e11b13737c483e658

SHA512
8b0e05473a8e07a883cb8a4614dacd5c80feaf8b978f0d6043629cff1f4f440a76be1119cf266e1433b28b72be4805c4814cf01457cf36b2298c127e97915a67

Download Submit
C:\Windows\system\kszskfP.exe

Filesize
6.0MB

MD5
6182b194c17464cb6e8afc3c00e10af4

SHA1
5aa15aca1a1981f87be262324524ed9b0e9ef801

SHA256
e512c2ddf5cf4e302ad60745695361de95e527c65e5e2908969f3691a197e146

SHA512
7d34b275e3224fcd79223d804362afa6530c91095b94211acfeaa3c6dac26a2e911c28abe1cd051808e3548ad77fb971d8f771091035619f2ddb9f4c5282d294

Download Submit
C:\Windows\system\mjDWehj.exe

Filesize
6.0MB

MD5
d9bbd1ac2a150f91fd0febc9a28c11a8

SHA1
a288ad736b155f61d210ace3cf09f48eeb14a062

SHA256
75b8956550941f097f7f41c5c01de920da4f85b9478b1a4eed03e196a77a437f

SHA512
751bac425b424ee23b3dd7d2b8215ca6d28d4433ebedc9e8ba00ae9bd95fee918668e437e14ba7f0669c869c54adae83db816c7645951f468a082c2accecd0a2

Download Submit
C:\Windows\system\qZwurSG.exe

Filesize
6.0MB

MD5
55b09d578b9e3b50ae5982d96fae01bd

SHA1
f9ae17a6bd56d812d6d4a586a512fb85051d4cbd

SHA256
5b858a84a0241cdda0c8dfb783af8ceb27fded2be0b794c2e0f3fb25d85a5bec

SHA512
a97eebe03722a7f47355e4e84babe970f19623603217c114613a291b0cb7029daa71ee295a54e9e61131847dd7f80b3ff11d3a86ae38902a0310937c374498a1

Download Submit
C:\Windows\system\qpGonmB.exe

Filesize
6.0MB

MD5
8574b022bd286b0d1e7da8afe479d2c1

SHA1
cc1eb0796bf681909afd58683277c74ad45d3ebb

SHA256
52800e83e35f251b6fca6b1c977b90b45a0bf4dc704a0be9666aa662f84084b0

SHA512
2d7e1e5d2ac823d1113662e31a7884bf9f419ce40c1e111c10648bdf147a8535e74b428abb4e29b66937fb3b7b52dd72e25727c2db449c54ec33461b0057df67

Download Submit
C:\Windows\system\rjnktGu.exe

Filesize
6.0MB

MD5
4901d9234693feced67595433cebb12b

SHA1
6b905bbde75d01a4d450a8ba94c4a786cba64431

SHA256
2f53d561acaf5d54bce0a65f508ff8f9b5dea288657568605a5ceb9d30a96cbe

SHA512
165f85c327b85d4879a4381420e93f331567551c71b0f3e77f896655b50a7022ca974bbf42ee8b575706ecc5401db5ac106ca87de8fe1a1dfee91407f693345a

Download Submit
C:\Windows\system\sastOSN.exe

Filesize
6.0MB

MD5
d832dc3c3c2987b4a96499c9003efcfa

SHA1
17f73dac9d7907cdf3203aadf64b7b5fbd0149ed

SHA256
895147d53bdd7dcc56dd9d726014f384089a076dfbf9900bedb4700402ac329e

SHA512
d4d1a5b2e6443685f366cbd49a9bb9104bd8823a4fe9979c8cae532fd3f5d4dd972cc14a9052d9cc2fe05f06ffc9517c4c9fac8bb43104a24a213579a227c3cf

Download Submit
C:\Windows\system\tLiNKSe.exe

Filesize
6.0MB

MD5
abe708cb55973cfb5817e50564d595b5

SHA1
84d1502b54cd82197716786b32f4805241751f76

SHA256
d49440ff01fb0e78e968293a66c2499e0dadca3ff712cd0bb85d39479a6676b3

SHA512
7ae31b592e75175572021093e0e0299697f85a5485b844ee0effd8720988fba18aa137b84e0b4e5f0590cfa643356b59760c78883fed316d064ab4012ab96efc

Download Submit
C:\Windows\system\vnokYpX.exe

Filesize
6.0MB

MD5
7b8608080aba928ef87daf6ff58dd874

SHA1
e418bb092b77b55422a1e064e92793e61f6a7180

SHA256
55c3ac88070f90c1b7e8c3cc77d851667a5686d55969910d729a66e5900d4394

SHA512
ece509a61b1cb55b1bd361e184f578511183632338d65c312af1e5d315f197d2f201bc6bfa897e15c60105e59f8da64d2f1561f1b335118255a82c408348ac64

Download Submit
\Windows\system\LSIGsKv.exe

Filesize
6.0MB

MD5
82f59868a2f9a022c5e796ba4a9548cf

SHA1
a23224e59436885074f1e08075ea9b0e2c81731b

SHA256
ac3a2c54580dac831c179e11df16d182dd92e22df068138749066249d2577d6b

SHA512
f16563aee5bda8bf62b3f906e8a7a3decd3d67dbd13ba39286ed9798d8903d115058e5850513593741ffedf2e2eb4fb298c64bc71f7331b2f78b6d8e519bffc1

Download Submit
\Windows\system\fycLwxZ.exe

Filesize
6.0MB

MD5
a888c11a3035c03614b64393c33125dd

SHA1
73be747d98549f8716192ba82a96fd166d9dccd0

SHA256
ca881f26e49d5426ea9af06e9da2f9f53e1734fcd9e110d891674c8d3a23f698

SHA512
024628eb61b570c787d4359eae8f0713df0a5a765e457857817f881507847157d144fcec415099b8fbc5650ce0d256174ef429f0eddda11f57e73db1f18e5194

Download Submit
\Windows\system\zZepCIM.exe

Filesize
6.0MB

MD5
0651996aee552c8037817e3fc9b706db

SHA1
b2d2a138738cc2b8153921737d1f30b8e64f91a4

SHA256
07805db9c9e0dd2bcdb0f673e33f25faa4e0ad43cf6fe7a9450ea39ded6f10a2

SHA512
6fdcd8d5372ebc1e372a1bb0ac93bd5256c58b74de4e058dff8b301ad00f098b426619881b606b0adbc0545597c0c7f566c08933fd7c59796cca6974bec06338

Download Submit
memory/2224-1817-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-2138-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2224-0-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2224-1886-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-3363-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-1925-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-2917-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-3038-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2224-1956-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2224-2004-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-3083-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2224-2049-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2224-3157-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-3113-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2224-2071-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2224-2097-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-3058-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-3018-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-10-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-2842-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-2703-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2741-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2136-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2576-2047-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-2738-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-2275-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2676-2746-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2688-2729-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1953-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2708-2690-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1920-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-2721-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2716-1989-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2720-2733-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2720-2070-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2796-2725-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-1885-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-2096-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2820-2743-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download