cobaltstrike | 829d47d3a5300813beaf806a1401042fdd0b18a394198cd9fb8fb63a16d4fa03

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8ef18e06bb7762be9d65a67bb09096e5
SHA1

6795e521434af50c616632d93570c03d65322ddd
SHA256

829d47d3a5300813beaf806a1401042fdd0b18a394198cd9fb8fb63a16d4fa03
SHA512

b2ccdad620c2189bafb868e452283ebadeac93ce9bed9129c66dbebe1e8d2c77144c95fa57359eaacc6304ac4001ed4ba31ec2e8cc5fe2eabec9c738e482a20f
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUG:eOl56utgpPF8u/7G

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\system\JNlyMil.exe	cobalt_reflective_dll
\Windows\system\wdsLnmo.exe	cobalt_reflective_dll
C:\Windows\system\BWsIYHZ.exe	cobalt_reflective_dll
\Windows\system\obBogls.exe	cobalt_reflective_dll
C:\Windows\system\susneAX.exe	cobalt_reflective_dll
C:\Windows\system\bgpTDrU.exe	cobalt_reflective_dll
C:\Windows\system\Hyajjng.exe	cobalt_reflective_dll
C:\Windows\system\IRaTHqw.exe	cobalt_reflective_dll
C:\Windows\system\lCCHSAT.exe	cobalt_reflective_dll
C:\Windows\system\YBhKuiw.exe	cobalt_reflective_dll
C:\Windows\system\JKKDVbj.exe	cobalt_reflective_dll
C:\Windows\system\QrYZwIi.exe	cobalt_reflective_dll
C:\Windows\system\msCtpti.exe	cobalt_reflective_dll
C:\Windows\system\BgMTclv.exe	cobalt_reflective_dll
C:\Windows\system\iHjRAvj.exe	cobalt_reflective_dll
C:\Windows\system\hONlskj.exe	cobalt_reflective_dll
C:\Windows\system\EZnYIDg.exe	cobalt_reflective_dll
C:\Windows\system\kOPjpUs.exe	cobalt_reflective_dll
C:\Windows\system\WDulLMV.exe	cobalt_reflective_dll
C:\Windows\system\eGgnUCv.exe	cobalt_reflective_dll
C:\Windows\system\vTCDXfi.exe	cobalt_reflective_dll
C:\Windows\system\MYXAvAY.exe	cobalt_reflective_dll
C:\Windows\system\jENRCIE.exe	cobalt_reflective_dll
C:\Windows\system\rbcwCOT.exe	cobalt_reflective_dll
C:\Windows\system\kixbLwK.exe	cobalt_reflective_dll
C:\Windows\system\OdOZcbG.exe	cobalt_reflective_dll
C:\Windows\system\JCszsKG.exe	cobalt_reflective_dll
C:\Windows\system\uMiQOmn.exe	cobalt_reflective_dll
C:\Windows\system\LuEcHzf.exe	cobalt_reflective_dll
C:\Windows\system\bXWIfla.exe	cobalt_reflective_dll
C:\Windows\system\gQrRJnZ.exe	cobalt_reflective_dll
C:\Windows\system\NhWuCCo.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 52 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2960-0-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
C:\Windows\system\JNlyMil.exe	xmrig
\Windows\system\wdsLnmo.exe	xmrig
C:\Windows\system\BWsIYHZ.exe	xmrig
\Windows\system\obBogls.exe	xmrig
C:\Windows\system\susneAX.exe	xmrig
C:\Windows\system\bgpTDrU.exe	xmrig
C:\Windows\system\Hyajjng.exe	xmrig
C:\Windows\system\IRaTHqw.exe	xmrig
C:\Windows\system\lCCHSAT.exe	xmrig
C:\Windows\system\YBhKuiw.exe	xmrig
C:\Windows\system\JKKDVbj.exe	xmrig
C:\Windows\system\QrYZwIi.exe	xmrig
C:\Windows\system\msCtpti.exe	xmrig
C:\Windows\system\BgMTclv.exe	xmrig
C:\Windows\system\iHjRAvj.exe	xmrig
C:\Windows\system\hONlskj.exe	xmrig
C:\Windows\system\EZnYIDg.exe	xmrig
C:\Windows\system\kOPjpUs.exe	xmrig
C:\Windows\system\WDulLMV.exe	xmrig
C:\Windows\system\eGgnUCv.exe	xmrig
C:\Windows\system\vTCDXfi.exe	xmrig
C:\Windows\system\MYXAvAY.exe	xmrig
C:\Windows\system\jENRCIE.exe	xmrig
C:\Windows\system\rbcwCOT.exe	xmrig
C:\Windows\system\kixbLwK.exe	xmrig
C:\Windows\system\OdOZcbG.exe	xmrig
C:\Windows\system\JCszsKG.exe	xmrig
C:\Windows\system\uMiQOmn.exe	xmrig
C:\Windows\system\LuEcHzf.exe	xmrig
C:\Windows\system\bXWIfla.exe	xmrig
C:\Windows\system\gQrRJnZ.exe	xmrig
C:\Windows\system\NhWuCCo.exe	xmrig
behavioral1/memory/2852-2156-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2500-2179-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2288-2189-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2972-2167-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/1272-2338-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2672-2344-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/1044-2352-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2792-2358-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2936-2375-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2672-3291-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2972-3290-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2792-3293-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2936-3292-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2288-3338-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/1044-3366-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2500-3376-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/1272-3371-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2960-4370-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2852-4386-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

JNlyMil.exewdsLnmo.exeBWsIYHZ.exeobBogls.exeNhWuCCo.exesusneAX.exegQrRJnZ.exebXWIfla.exebgpTDrU.exeLuEcHzf.exeuMiQOmn.exeHyajjng.exeIRaTHqw.exeJCszsKG.exeOdOZcbG.exekixbLwK.exerbcwCOT.exejENRCIE.exeMYXAvAY.exevTCDXfi.exelCCHSAT.exeeGgnUCv.exeWDulLMV.exeYBhKuiw.exekOPjpUs.exeJKKDVbj.exeEZnYIDg.exehONlskj.exeiHjRAvj.exeBgMTclv.exemsCtpti.exeQrYZwIi.exeowIJHNZ.exesLlrbyT.exescJyaBs.exewBoUMmy.exeQQwLGvp.exePNJAgFE.exelxsRPLt.exesPZrWTU.exeUTpWFpE.exeiFNnIML.exeNfdzweS.exeXUZeCOc.exePhbwPrU.execAssbjJ.exeGTVXvSx.exeSUSHMLY.exeGeIiyXo.exerlzdsNi.execRhiDVX.exeQRUaIHJ.exemoWvguP.exeipCqWxc.exeVznXbGM.exeeDnsskA.exeBTVLhch.exepCckrUm.exenGiJovu.exequeVkoY.exeRxjedmx.exeqKAjmSg.exeCuLFoec.exesDjlYUr.exe

pid	process
2292	JNlyMil.exe
2852	wdsLnmo.exe
2972	BWsIYHZ.exe
2500	obBogls.exe
2288	NhWuCCo.exe
1272	susneAX.exe
2672	gQrRJnZ.exe
1044	bXWIfla.exe
2792	bgpTDrU.exe
2936	LuEcHzf.exe
2832	uMiQOmn.exe
2844	Hyajjng.exe
2616	IRaTHqw.exe
636	JCszsKG.exe
2628	OdOZcbG.exe
2576	kixbLwK.exe
2652	rbcwCOT.exe
3000	jENRCIE.exe
3008	MYXAvAY.exe
1088	vTCDXfi.exe
1684	lCCHSAT.exe
2012	eGgnUCv.exe
1848	WDulLMV.exe
2016	YBhKuiw.exe
352	kOPjpUs.exe
2364	JKKDVbj.exe
752	EZnYIDg.exe
2876	hONlskj.exe
2892	iHjRAvj.exe
2424	BgMTclv.exe
2860	msCtpti.exe
2276	QrYZwIi.exe
1240	owIJHNZ.exe
1508	sLlrbyT.exe
1536	scJyaBs.exe
1632	wBoUMmy.exe
1180	QQwLGvp.exe
2284	PNJAgFE.exe
2360	lxsRPLt.exe
1732	sPZrWTU.exe
1720	UTpWFpE.exe
892	iFNnIML.exe
1780	NfdzweS.exe
1620	XUZeCOc.exe
552	PhbwPrU.exe
2680	cAssbjJ.exe
2216	GTVXvSx.exe
2420	SUSHMLY.exe
884	GeIiyXo.exe
868	rlzdsNi.exe
968	cRhiDVX.exe
1532	QRUaIHJ.exe
1756	moWvguP.exe
2036	ipCqWxc.exe
2076	VznXbGM.exe
2260	eDnsskA.exe
1584	BTVLhch.exe
1580	pCckrUm.exe
2004	nGiJovu.exe
3024	queVkoY.exe
1592	Rxjedmx.exe
3052	qKAjmSg.exe
2808	CuLFoec.exe
2816	sDjlYUr.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 52 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2960-0-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
C:\Windows\system\JNlyMil.exe	upx
\Windows\system\wdsLnmo.exe	upx
C:\Windows\system\BWsIYHZ.exe	upx
\Windows\system\obBogls.exe	upx
C:\Windows\system\susneAX.exe	upx
C:\Windows\system\bgpTDrU.exe	upx
C:\Windows\system\Hyajjng.exe	upx
C:\Windows\system\IRaTHqw.exe	upx
C:\Windows\system\lCCHSAT.exe	upx
C:\Windows\system\YBhKuiw.exe	upx
C:\Windows\system\JKKDVbj.exe	upx
C:\Windows\system\QrYZwIi.exe	upx
C:\Windows\system\msCtpti.exe	upx
C:\Windows\system\BgMTclv.exe	upx
C:\Windows\system\iHjRAvj.exe	upx
C:\Windows\system\hONlskj.exe	upx
C:\Windows\system\EZnYIDg.exe	upx
C:\Windows\system\kOPjpUs.exe	upx
C:\Windows\system\WDulLMV.exe	upx
C:\Windows\system\eGgnUCv.exe	upx
C:\Windows\system\vTCDXfi.exe	upx
C:\Windows\system\MYXAvAY.exe	upx
C:\Windows\system\jENRCIE.exe	upx
C:\Windows\system\rbcwCOT.exe	upx
C:\Windows\system\kixbLwK.exe	upx
C:\Windows\system\OdOZcbG.exe	upx
C:\Windows\system\JCszsKG.exe	upx
C:\Windows\system\uMiQOmn.exe	upx
C:\Windows\system\LuEcHzf.exe	upx
C:\Windows\system\bXWIfla.exe	upx
C:\Windows\system\gQrRJnZ.exe	upx
C:\Windows\system\NhWuCCo.exe	upx
behavioral1/memory/2852-2156-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2500-2179-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2288-2189-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2972-2167-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/1272-2338-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2672-2344-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/1044-2352-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2792-2358-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2936-2375-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2672-3291-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2972-3290-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2792-3293-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2936-3292-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2288-3338-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/1044-3366-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2500-3376-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/1272-3371-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2960-4370-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2852-4386-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\kyEYTNs.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdKiWfr.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTwBMJO.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTtmKGp.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNUFCNu.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cstdGUv.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kixbLwK.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHkxNkL.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHSBwlb.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLGFgwK.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aWxDdmz.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WnIchzh.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bupBWwI.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WsRjYHy.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNnnHot.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JCszsKG.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xTdhOeH.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AVeQBzt.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rMvStbX.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FAOSQwK.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UAjAWyM.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLNtCwn.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BXsfBFE.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yqFyZse.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iHnuxVi.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yumECDk.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhSaLAz.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iQhanlC.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DUIjzNp.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ThraxKl.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NzEpuYF.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HbSJSFS.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tzoGwWK.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PlcxwrP.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GcMAOWd.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\szLkVjP.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HOGRYRS.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOKKeaY.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tDdioZN.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LTPZMfb.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yKHeoeX.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xXIIxRe.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZKoFbgM.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMnemtn.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TBdOJZb.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bujdvou.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFhNolu.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bTEYMaw.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fopymuz.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPLYaqq.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bqKAcXj.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOwrwkp.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPIHONG.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MshGTYi.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YANfhCx.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uevWeRK.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zxbEtsc.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YxTnMKP.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MueTkUe.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYACJnQ.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmzQSMt.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AEBKAcz.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cOJjioO.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKlOart.exe	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2960 wrote to memory of 2292	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	JNlyMil.exe
PID 2960 wrote to memory of 2292	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	JNlyMil.exe
PID 2960 wrote to memory of 2292	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	JNlyMil.exe
PID 2960 wrote to memory of 2852	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	wdsLnmo.exe
PID 2960 wrote to memory of 2852	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	wdsLnmo.exe
PID 2960 wrote to memory of 2852	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	wdsLnmo.exe
PID 2960 wrote to memory of 2972	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	BWsIYHZ.exe
PID 2960 wrote to memory of 2972	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	BWsIYHZ.exe
PID 2960 wrote to memory of 2972	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	BWsIYHZ.exe
PID 2960 wrote to memory of 2500	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	obBogls.exe
PID 2960 wrote to memory of 2500	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	obBogls.exe
PID 2960 wrote to memory of 2500	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	obBogls.exe
PID 2960 wrote to memory of 2288	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	NhWuCCo.exe
PID 2960 wrote to memory of 2288	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	NhWuCCo.exe
PID 2960 wrote to memory of 2288	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	NhWuCCo.exe
PID 2960 wrote to memory of 1272	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	susneAX.exe
PID 2960 wrote to memory of 1272	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	susneAX.exe
PID 2960 wrote to memory of 1272	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	susneAX.exe
PID 2960 wrote to memory of 2672	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	gQrRJnZ.exe
PID 2960 wrote to memory of 2672	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	gQrRJnZ.exe
PID 2960 wrote to memory of 2672	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	gQrRJnZ.exe
PID 2960 wrote to memory of 1044	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	bXWIfla.exe
PID 2960 wrote to memory of 1044	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	bXWIfla.exe
PID 2960 wrote to memory of 1044	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	bXWIfla.exe
PID 2960 wrote to memory of 2792	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	bgpTDrU.exe
PID 2960 wrote to memory of 2792	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	bgpTDrU.exe
PID 2960 wrote to memory of 2792	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	bgpTDrU.exe
PID 2960 wrote to memory of 2936	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	LuEcHzf.exe
PID 2960 wrote to memory of 2936	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	LuEcHzf.exe
PID 2960 wrote to memory of 2936	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	LuEcHzf.exe
PID 2960 wrote to memory of 2832	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	uMiQOmn.exe
PID 2960 wrote to memory of 2832	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	uMiQOmn.exe
PID 2960 wrote to memory of 2832	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	uMiQOmn.exe
PID 2960 wrote to memory of 2844	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	Hyajjng.exe
PID 2960 wrote to memory of 2844	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	Hyajjng.exe
PID 2960 wrote to memory of 2844	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	Hyajjng.exe
PID 2960 wrote to memory of 2616	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	IRaTHqw.exe
PID 2960 wrote to memory of 2616	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	IRaTHqw.exe
PID 2960 wrote to memory of 2616	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	IRaTHqw.exe
PID 2960 wrote to memory of 636	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	JCszsKG.exe
PID 2960 wrote to memory of 636	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	JCszsKG.exe
PID 2960 wrote to memory of 636	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	JCszsKG.exe
PID 2960 wrote to memory of 2628	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	OdOZcbG.exe
PID 2960 wrote to memory of 2628	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	OdOZcbG.exe
PID 2960 wrote to memory of 2628	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	OdOZcbG.exe
PID 2960 wrote to memory of 2576	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	kixbLwK.exe
PID 2960 wrote to memory of 2576	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	kixbLwK.exe
PID 2960 wrote to memory of 2576	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	kixbLwK.exe
PID 2960 wrote to memory of 2652	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	rbcwCOT.exe
PID 2960 wrote to memory of 2652	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	rbcwCOT.exe
PID 2960 wrote to memory of 2652	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	rbcwCOT.exe
PID 2960 wrote to memory of 3000	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	jENRCIE.exe
PID 2960 wrote to memory of 3000	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	jENRCIE.exe
PID 2960 wrote to memory of 3000	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	jENRCIE.exe
PID 2960 wrote to memory of 3008	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	MYXAvAY.exe
PID 2960 wrote to memory of 3008	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	MYXAvAY.exe
PID 2960 wrote to memory of 3008	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	MYXAvAY.exe
PID 2960 wrote to memory of 1088	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	vTCDXfi.exe
PID 2960 wrote to memory of 1088	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	vTCDXfi.exe
PID 2960 wrote to memory of 1088	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	vTCDXfi.exe
PID 2960 wrote to memory of 1684	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	lCCHSAT.exe
PID 2960 wrote to memory of 1684	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	lCCHSAT.exe
PID 2960 wrote to memory of 1684	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	lCCHSAT.exe
PID 2960 wrote to memory of 2012	2960	2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe	eGgnUCv.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_8ef18e06bb7762be9d65a67bb09096e5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Windows\System\JNlyMil.exe
  C:\Windows\System\JNlyMil.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\wdsLnmo.exe
  C:\Windows\System\wdsLnmo.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\BWsIYHZ.exe
  C:\Windows\System\BWsIYHZ.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\obBogls.exe
  C:\Windows\System\obBogls.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\NhWuCCo.exe
  C:\Windows\System\NhWuCCo.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\susneAX.exe
  C:\Windows\System\susneAX.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\gQrRJnZ.exe
  C:\Windows\System\gQrRJnZ.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\bXWIfla.exe
  C:\Windows\System\bXWIfla.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\bgpTDrU.exe
  C:\Windows\System\bgpTDrU.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\LuEcHzf.exe
  C:\Windows\System\LuEcHzf.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\uMiQOmn.exe
  C:\Windows\System\uMiQOmn.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\Hyajjng.exe
  C:\Windows\System\Hyajjng.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\IRaTHqw.exe
  C:\Windows\System\IRaTHqw.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\JCszsKG.exe
  C:\Windows\System\JCszsKG.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\OdOZcbG.exe
  C:\Windows\System\OdOZcbG.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\kixbLwK.exe
  C:\Windows\System\kixbLwK.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\rbcwCOT.exe
  C:\Windows\System\rbcwCOT.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\jENRCIE.exe
  C:\Windows\System\jENRCIE.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\MYXAvAY.exe
  C:\Windows\System\MYXAvAY.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\vTCDXfi.exe
  C:\Windows\System\vTCDXfi.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\lCCHSAT.exe
  C:\Windows\System\lCCHSAT.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\eGgnUCv.exe
  C:\Windows\System\eGgnUCv.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\WDulLMV.exe
  C:\Windows\System\WDulLMV.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\YBhKuiw.exe
  C:\Windows\System\YBhKuiw.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\kOPjpUs.exe
  C:\Windows\System\kOPjpUs.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\JKKDVbj.exe
  C:\Windows\System\JKKDVbj.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\EZnYIDg.exe
  C:\Windows\System\EZnYIDg.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\hONlskj.exe
  C:\Windows\System\hONlskj.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\iHjRAvj.exe
  C:\Windows\System\iHjRAvj.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\BgMTclv.exe
  C:\Windows\System\BgMTclv.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\msCtpti.exe
  C:\Windows\System\msCtpti.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\QrYZwIi.exe
  C:\Windows\System\QrYZwIi.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\owIJHNZ.exe
  C:\Windows\System\owIJHNZ.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\sLlrbyT.exe
  C:\Windows\System\sLlrbyT.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\scJyaBs.exe
  C:\Windows\System\scJyaBs.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\wBoUMmy.exe
  C:\Windows\System\wBoUMmy.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\QQwLGvp.exe
  C:\Windows\System\QQwLGvp.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\PNJAgFE.exe
  C:\Windows\System\PNJAgFE.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\lxsRPLt.exe
  C:\Windows\System\lxsRPLt.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\UTpWFpE.exe
  C:\Windows\System\UTpWFpE.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\sPZrWTU.exe
  C:\Windows\System\sPZrWTU.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\iFNnIML.exe
  C:\Windows\System\iFNnIML.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\NfdzweS.exe
  C:\Windows\System\NfdzweS.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\XUZeCOc.exe
  C:\Windows\System\XUZeCOc.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\PhbwPrU.exe
  C:\Windows\System\PhbwPrU.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\cAssbjJ.exe
  C:\Windows\System\cAssbjJ.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\GTVXvSx.exe
  C:\Windows\System\GTVXvSx.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\SUSHMLY.exe
  C:\Windows\System\SUSHMLY.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\GeIiyXo.exe
  C:\Windows\System\GeIiyXo.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\rlzdsNi.exe
  C:\Windows\System\rlzdsNi.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\cRhiDVX.exe
  C:\Windows\System\cRhiDVX.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\QRUaIHJ.exe
  C:\Windows\System\QRUaIHJ.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\moWvguP.exe
  C:\Windows\System\moWvguP.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\ipCqWxc.exe
  C:\Windows\System\ipCqWxc.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\VznXbGM.exe
  C:\Windows\System\VznXbGM.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\eDnsskA.exe
  C:\Windows\System\eDnsskA.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\BTVLhch.exe
  C:\Windows\System\BTVLhch.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\pCckrUm.exe
  C:\Windows\System\pCckrUm.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\nGiJovu.exe
  C:\Windows\System\nGiJovu.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\queVkoY.exe
  C:\Windows\System\queVkoY.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\Rxjedmx.exe
  C:\Windows\System\Rxjedmx.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\qKAjmSg.exe
  C:\Windows\System\qKAjmSg.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\CuLFoec.exe
  C:\Windows\System\CuLFoec.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\sDjlYUr.exe
  C:\Windows\System\sDjlYUr.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\pnvGFBy.exe
  C:\Windows\System\pnvGFBy.exe
  2⤵
  PID:2772
- C:\Windows\System\WjcgOPD.exe
  C:\Windows\System\WjcgOPD.exe
  2⤵
  PID:2880
- C:\Windows\System\pTnYUHq.exe
  C:\Windows\System\pTnYUHq.exe
  2⤵
  PID:2584
- C:\Windows\System\lCMueZp.exe
  C:\Windows\System\lCMueZp.exe
  2⤵
  PID:2624
- C:\Windows\System\IQSHbvy.exe
  C:\Windows\System\IQSHbvy.exe
  2⤵
  PID:1636
- C:\Windows\System\AwKrPUK.exe
  C:\Windows\System\AwKrPUK.exe
  2⤵
  PID:828
- C:\Windows\System\OAclRLN.exe
  C:\Windows\System\OAclRLN.exe
  2⤵
  PID:1388
- C:\Windows\System\yeHGeTJ.exe
  C:\Windows\System\yeHGeTJ.exe
  2⤵
  PID:1528
- C:\Windows\System\jOGxomr.exe
  C:\Windows\System\jOGxomr.exe
  2⤵
  PID:2388
- C:\Windows\System\tPdQkim.exe
  C:\Windows\System\tPdQkim.exe
  2⤵
  PID:348
- C:\Windows\System\gEcasRW.exe
  C:\Windows\System\gEcasRW.exe
  2⤵
  PID:576
- C:\Windows\System\URHNFaM.exe
  C:\Windows\System\URHNFaM.exe
  2⤵
  PID:2236
- C:\Windows\System\gLFFdQn.exe
  C:\Windows\System\gLFFdQn.exe
  2⤵
  PID:2452
- C:\Windows\System\VLxbtge.exe
  C:\Windows\System\VLxbtge.exe
  2⤵
  PID:292
- C:\Windows\System\OaUcJob.exe
  C:\Windows\System\OaUcJob.exe
  2⤵
  PID:900
- C:\Windows\System\qaexizM.exe
  C:\Windows\System\qaexizM.exe
  2⤵
  PID:944
- C:\Windows\System\perMmAz.exe
  C:\Windows\System\perMmAz.exe
  2⤵
  PID:1740
- C:\Windows\System\sFHsdOv.exe
  C:\Windows\System\sFHsdOv.exe
  2⤵
  PID:1800
- C:\Windows\System\MueTkUe.exe
  C:\Windows\System\MueTkUe.exe
  2⤵
  PID:680
- C:\Windows\System\oBZKFsX.exe
  C:\Windows\System\oBZKFsX.exe
  2⤵
  PID:592
- C:\Windows\System\eQYQtun.exe
  C:\Windows\System\eQYQtun.exe
  2⤵
  PID:2228
- C:\Windows\System\dKESIRE.exe
  C:\Windows\System\dKESIRE.exe
  2⤵
  PID:2188
- C:\Windows\System\rwtUWTB.exe
  C:\Windows\System\rwtUWTB.exe
  2⤵
  PID:2340
- C:\Windows\System\uLPuAqt.exe
  C:\Windows\System\uLPuAqt.exe
  2⤵
  PID:2516
- C:\Windows\System\bybVimi.exe
  C:\Windows\System\bybVimi.exe
  2⤵
  PID:2304
- C:\Windows\System\jkjxhBm.exe
  C:\Windows\System\jkjxhBm.exe
  2⤵
  PID:376
- C:\Windows\System\lekIjEL.exe
  C:\Windows\System\lekIjEL.exe
  2⤵
  PID:1172
- C:\Windows\System\inoDPnX.exe
  C:\Windows\System\inoDPnX.exe
  2⤵
  PID:1700
- C:\Windows\System\EEHIxwQ.exe
  C:\Windows\System\EEHIxwQ.exe
  2⤵
  PID:1588
- C:\Windows\System\sncQxDC.exe
  C:\Windows\System\sncQxDC.exe
  2⤵
  PID:2296
- C:\Windows\System\YzdThtc.exe
  C:\Windows\System\YzdThtc.exe
  2⤵
  PID:2128
- C:\Windows\System\ldjAJMd.exe
  C:\Windows\System\ldjAJMd.exe
  2⤵
  PID:2168
- C:\Windows\System\uyOmIIh.exe
  C:\Windows\System\uyOmIIh.exe
  2⤵
  PID:2784
- C:\Windows\System\CpvFQIS.exe
  C:\Windows\System\CpvFQIS.exe
  2⤵
  PID:2644
- C:\Windows\System\YduKjDh.exe
  C:\Windows\System\YduKjDh.exe
  2⤵
  PID:2752
- C:\Windows\System\jUlqNjt.exe
  C:\Windows\System\jUlqNjt.exe
  2⤵
  PID:2024
- C:\Windows\System\BmQOeMV.exe
  C:\Windows\System\BmQOeMV.exe
  2⤵
  PID:1708
- C:\Windows\System\iLwVlRV.exe
  C:\Windows\System\iLwVlRV.exe
  2⤵
  PID:1560
- C:\Windows\System\XNTqTQu.exe
  C:\Windows\System\XNTqTQu.exe
  2⤵
  PID:2368
- C:\Windows\System\DiMJpJx.exe
  C:\Windows\System\DiMJpJx.exe
  2⤵
  PID:2668
- C:\Windows\System\wOBPlAA.exe
  C:\Windows\System\wOBPlAA.exe
  2⤵
  PID:2444
- C:\Windows\System\KJHtvCU.exe
  C:\Windows\System\KJHtvCU.exe
  2⤵
  PID:1716
- C:\Windows\System\YeMcRAe.exe
  C:\Windows\System\YeMcRAe.exe
  2⤵
  PID:1548
- C:\Windows\System\pQweurJ.exe
  C:\Windows\System\pQweurJ.exe
  2⤵
  PID:1304
- C:\Windows\System\vjbWWzX.exe
  C:\Windows\System\vjbWWzX.exe
  2⤵
  PID:972
- C:\Windows\System\gvIGGXN.exe
  C:\Windows\System\gvIGGXN.exe
  2⤵
  PID:1628
- C:\Windows\System\VIkOEnj.exe
  C:\Windows\System\VIkOEnj.exe
  2⤵
  PID:1048
- C:\Windows\System\qrQoqZf.exe
  C:\Windows\System\qrQoqZf.exe
  2⤵
  PID:2104
- C:\Windows\System\LAwGFCO.exe
  C:\Windows\System\LAwGFCO.exe
  2⤵
  PID:2052
- C:\Windows\System\oGXFYJH.exe
  C:\Windows\System\oGXFYJH.exe
  2⤵
  PID:864
- C:\Windows\System\MoniWTE.exe
  C:\Windows\System\MoniWTE.exe
  2⤵
  PID:2152
- C:\Windows\System\LHAZSRZ.exe
  C:\Windows\System\LHAZSRZ.exe
  2⤵
  PID:2732
- C:\Windows\System\tQTPeMN.exe
  C:\Windows\System\tQTPeMN.exe
  2⤵
  PID:2756
- C:\Windows\System\wckKKAT.exe
  C:\Windows\System\wckKKAT.exe
  2⤵
  PID:1168
- C:\Windows\System\jephYsw.exe
  C:\Windows\System\jephYsw.exe
  2⤵
  PID:3004
- C:\Windows\System\kyEYTNs.exe
  C:\Windows\System\kyEYTNs.exe
  2⤵
  PID:2408
- C:\Windows\System\BUoDjqM.exe
  C:\Windows\System\BUoDjqM.exe
  2⤵
  PID:3092
- C:\Windows\System\xTdhOeH.exe
  C:\Windows\System\xTdhOeH.exe
  2⤵
  PID:3124
- C:\Windows\System\OJEgZwq.exe
  C:\Windows\System\OJEgZwq.exe
  2⤵
  PID:3148
- C:\Windows\System\QMcppKc.exe
  C:\Windows\System\QMcppKc.exe
  2⤵
  PID:3176
- C:\Windows\System\vGmqDYW.exe
  C:\Windows\System\vGmqDYW.exe
  2⤵
  PID:3200
- C:\Windows\System\ubHVguD.exe
  C:\Windows\System\ubHVguD.exe
  2⤵
  PID:3220
- C:\Windows\System\rscngHh.exe
  C:\Windows\System\rscngHh.exe
  2⤵
  PID:3240
- C:\Windows\System\KcjXsfg.exe
  C:\Windows\System\KcjXsfg.exe
  2⤵
  PID:3256
- C:\Windows\System\qcPjZVo.exe
  C:\Windows\System\qcPjZVo.exe
  2⤵
  PID:3280
- C:\Windows\System\ICYfsKK.exe
  C:\Windows\System\ICYfsKK.exe
  2⤵
  PID:3296
- C:\Windows\System\caWRJbt.exe
  C:\Windows\System\caWRJbt.exe
  2⤵
  PID:3320
- C:\Windows\System\qRarGTX.exe
  C:\Windows\System\qRarGTX.exe
  2⤵
  PID:3336
- C:\Windows\System\vhWlCYf.exe
  C:\Windows\System\vhWlCYf.exe
  2⤵
  PID:3352
- C:\Windows\System\meHwIFp.exe
  C:\Windows\System\meHwIFp.exe
  2⤵
  PID:3376
- C:\Windows\System\dmihjLO.exe
  C:\Windows\System\dmihjLO.exe
  2⤵
  PID:3400
- C:\Windows\System\IGoWzhe.exe
  C:\Windows\System\IGoWzhe.exe
  2⤵
  PID:3420
- C:\Windows\System\UbyvYtr.exe
  C:\Windows\System\UbyvYtr.exe
  2⤵
  PID:3436
- C:\Windows\System\iuzJJNZ.exe
  C:\Windows\System\iuzJJNZ.exe
  2⤵
  PID:3452
- C:\Windows\System\VlHlwDz.exe
  C:\Windows\System\VlHlwDz.exe
  2⤵
  PID:3484
- C:\Windows\System\fzKYAKF.exe
  C:\Windows\System\fzKYAKF.exe
  2⤵
  PID:3500
- C:\Windows\System\TFAkZOQ.exe
  C:\Windows\System\TFAkZOQ.exe
  2⤵
  PID:3524
- C:\Windows\System\awxAhrO.exe
  C:\Windows\System\awxAhrO.exe
  2⤵
  PID:3544
- C:\Windows\System\XLMoWaX.exe
  C:\Windows\System\XLMoWaX.exe
  2⤵
  PID:3564
- C:\Windows\System\xLdluYx.exe
  C:\Windows\System\xLdluYx.exe
  2⤵
  PID:3584
- C:\Windows\System\dzQIxYL.exe
  C:\Windows\System\dzQIxYL.exe
  2⤵
  PID:3600
- C:\Windows\System\ccWsegv.exe
  C:\Windows\System\ccWsegv.exe
  2⤵
  PID:3620
- C:\Windows\System\FKawfUi.exe
  C:\Windows\System\FKawfUi.exe
  2⤵
  PID:3644
- C:\Windows\System\uGaITDp.exe
  C:\Windows\System\uGaITDp.exe
  2⤵
  PID:3660
- C:\Windows\System\jXFAaLF.exe
  C:\Windows\System\jXFAaLF.exe
  2⤵
  PID:3676
- C:\Windows\System\uQHZYFB.exe
  C:\Windows\System\uQHZYFB.exe
  2⤵
  PID:3700
- C:\Windows\System\ignwBUl.exe
  C:\Windows\System\ignwBUl.exe
  2⤵
  PID:3720
- C:\Windows\System\DWuwAZt.exe
  C:\Windows\System\DWuwAZt.exe
  2⤵
  PID:3736
- C:\Windows\System\LVhLSCZ.exe
  C:\Windows\System\LVhLSCZ.exe
  2⤵
  PID:3764
- C:\Windows\System\EvMBAjc.exe
  C:\Windows\System\EvMBAjc.exe
  2⤵
  PID:3784
- C:\Windows\System\ODGKzVA.exe
  C:\Windows\System\ODGKzVA.exe
  2⤵
  PID:3800
- C:\Windows\System\lnGqRzD.exe
  C:\Windows\System\lnGqRzD.exe
  2⤵
  PID:3820
- C:\Windows\System\HNgJcfk.exe
  C:\Windows\System\HNgJcfk.exe
  2⤵
  PID:3844
- C:\Windows\System\AVeQBzt.exe
  C:\Windows\System\AVeQBzt.exe
  2⤵
  PID:3864
- C:\Windows\System\YkvpVHz.exe
  C:\Windows\System\YkvpVHz.exe
  2⤵
  PID:3884
- C:\Windows\System\NMSJIqI.exe
  C:\Windows\System\NMSJIqI.exe
  2⤵
  PID:3904
- C:\Windows\System\LeXDQlV.exe
  C:\Windows\System\LeXDQlV.exe
  2⤵
  PID:3924
- C:\Windows\System\DlqxutH.exe
  C:\Windows\System\DlqxutH.exe
  2⤵
  PID:3944
- C:\Windows\System\jogZOgc.exe
  C:\Windows\System\jogZOgc.exe
  2⤵
  PID:3960
- C:\Windows\System\DSEneNt.exe
  C:\Windows\System\DSEneNt.exe
  2⤵
  PID:3980
- C:\Windows\System\hZdUbcP.exe
  C:\Windows\System\hZdUbcP.exe
  2⤵
  PID:4000
- C:\Windows\System\HovJSOa.exe
  C:\Windows\System\HovJSOa.exe
  2⤵
  PID:4020
- C:\Windows\System\ECdYUQz.exe
  C:\Windows\System\ECdYUQz.exe
  2⤵
  PID:4044
- C:\Windows\System\Vjzemwa.exe
  C:\Windows\System\Vjzemwa.exe
  2⤵
  PID:4064
- C:\Windows\System\ShAznGM.exe
  C:\Windows\System\ShAznGM.exe
  2⤵
  PID:4080
- C:\Windows\System\CqeGrcQ.exe
  C:\Windows\System\CqeGrcQ.exe
  2⤵
  PID:1512
- C:\Windows\System\fmTOspF.exe
  C:\Windows\System\fmTOspF.exe
  2⤵
  PID:620
- C:\Windows\System\BIrvKKq.exe
  C:\Windows\System\BIrvKKq.exe
  2⤵
  PID:1540
- C:\Windows\System\WWdTSOf.exe
  C:\Windows\System\WWdTSOf.exe
  2⤵
  PID:684
- C:\Windows\System\OtjpHVd.exe
  C:\Windows\System\OtjpHVd.exe
  2⤵
  PID:3044
- C:\Windows\System\poCVEVH.exe
  C:\Windows\System\poCVEVH.exe
  2⤵
  PID:1748
- C:\Windows\System\KenfWuh.exe
  C:\Windows\System\KenfWuh.exe
  2⤵
  PID:2412
- C:\Windows\System\mtzZEiM.exe
  C:\Windows\System\mtzZEiM.exe
  2⤵
  PID:660
- C:\Windows\System\MVviZYn.exe
  C:\Windows\System\MVviZYn.exe
  2⤵
  PID:2600
- C:\Windows\System\xUpICwg.exe
  C:\Windows\System\xUpICwg.exe
  2⤵
  PID:2436
- C:\Windows\System\EsnYwol.exe
  C:\Windows\System\EsnYwol.exe
  2⤵
  PID:3140
- C:\Windows\System\ntRpGMh.exe
  C:\Windows\System\ntRpGMh.exe
  2⤵
  PID:3192
- C:\Windows\System\nSwRuBC.exe
  C:\Windows\System\nSwRuBC.exe
  2⤵
  PID:3104
- C:\Windows\System\HAyDwLk.exe
  C:\Windows\System\HAyDwLk.exe
  2⤵
  PID:3208
- C:\Windows\System\peinEqH.exe
  C:\Windows\System\peinEqH.exe
  2⤵
  PID:3264
- C:\Windows\System\CgdrVsL.exe
  C:\Windows\System\CgdrVsL.exe
  2⤵
  PID:3312
- C:\Windows\System\VQXEbXG.exe
  C:\Windows\System\VQXEbXG.exe
  2⤵
  PID:3252
- C:\Windows\System\NFLBwUU.exe
  C:\Windows\System\NFLBwUU.exe
  2⤵
  PID:3360
- C:\Windows\System\HWFqRNA.exe
  C:\Windows\System\HWFqRNA.exe
  2⤵
  PID:3332
- C:\Windows\System\mhGojVq.exe
  C:\Windows\System\mhGojVq.exe
  2⤵
  PID:3460
- C:\Windows\System\rjtoaQj.exe
  C:\Windows\System\rjtoaQj.exe
  2⤵
  PID:3468
- C:\Windows\System\ulbJENe.exe
  C:\Windows\System\ulbJENe.exe
  2⤵
  PID:3508
- C:\Windows\System\wOSDSVU.exe
  C:\Windows\System\wOSDSVU.exe
  2⤵
  PID:3492
- C:\Windows\System\lYNgUzr.exe
  C:\Windows\System\lYNgUzr.exe
  2⤵
  PID:3592
- C:\Windows\System\VyRUmhe.exe
  C:\Windows\System\VyRUmhe.exe
  2⤵
  PID:3640
- C:\Windows\System\XFfxlGw.exe
  C:\Windows\System\XFfxlGw.exe
  2⤵
  PID:3580
- C:\Windows\System\FDiNHBZ.exe
  C:\Windows\System\FDiNHBZ.exe
  2⤵
  PID:3668
- C:\Windows\System\xHYmKYH.exe
  C:\Windows\System\xHYmKYH.exe
  2⤵
  PID:3712
- C:\Windows\System\iiHEBrl.exe
  C:\Windows\System\iiHEBrl.exe
  2⤵
  PID:3760
- C:\Windows\System\KMgtFJU.exe
  C:\Windows\System\KMgtFJU.exe
  2⤵
  PID:3732
- C:\Windows\System\KgGJNKx.exe
  C:\Windows\System\KgGJNKx.exe
  2⤵
  PID:3780
- C:\Windows\System\TjMtESI.exe
  C:\Windows\System\TjMtESI.exe
  2⤵
  PID:3836
- C:\Windows\System\YRqkZmS.exe
  C:\Windows\System\YRqkZmS.exe
  2⤵
  PID:3876
- C:\Windows\System\egXvBvL.exe
  C:\Windows\System\egXvBvL.exe
  2⤵
  PID:3912
- C:\Windows\System\AscCeTf.exe
  C:\Windows\System\AscCeTf.exe
  2⤵
  PID:3900
- C:\Windows\System\iNbaKfI.exe
  C:\Windows\System\iNbaKfI.exe
  2⤵
  PID:3996
- C:\Windows\System\sUHEVfW.exe
  C:\Windows\System\sUHEVfW.exe
  2⤵
  PID:3936
- C:\Windows\System\qHnbfdF.exe
  C:\Windows\System\qHnbfdF.exe
  2⤵
  PID:4012
- C:\Windows\System\ehofRVE.exe
  C:\Windows\System\ehofRVE.exe
  2⤵
  PID:4016
- C:\Windows\System\CsYXTwo.exe
  C:\Windows\System\CsYXTwo.exe
  2⤵
  PID:1816
- C:\Windows\System\MzJGoET.exe
  C:\Windows\System\MzJGoET.exe
  2⤵
  PID:2460
- C:\Windows\System\NDbzgux.exe
  C:\Windows\System\NDbzgux.exe
  2⤵
  PID:2676
- C:\Windows\System\RLHXYqo.exe
  C:\Windows\System\RLHXYqo.exe
  2⤵
  PID:2496
- C:\Windows\System\fHkxNkL.exe
  C:\Windows\System\fHkxNkL.exe
  2⤵
  PID:2344
- C:\Windows\System\YhoBDen.exe
  C:\Windows\System\YhoBDen.exe
  2⤵
  PID:764
- C:\Windows\System\mArIjaC.exe
  C:\Windows\System\mArIjaC.exe
  2⤵
  PID:2160
- C:\Windows\System\YnyQmsH.exe
  C:\Windows\System\YnyQmsH.exe
  2⤵
  PID:3156
- C:\Windows\System\ZLuJSTN.exe
  C:\Windows\System\ZLuJSTN.exe
  2⤵
  PID:3268
- C:\Windows\System\GSCzzvZ.exe
  C:\Windows\System\GSCzzvZ.exe
  2⤵
  PID:3212
- C:\Windows\System\biJKIgH.exe
  C:\Windows\System\biJKIgH.exe
  2⤵
  PID:3428
- C:\Windows\System\tiekvpM.exe
  C:\Windows\System\tiekvpM.exe
  2⤵
  PID:3480
- C:\Windows\System\MImxBaT.exe
  C:\Windows\System\MImxBaT.exe
  2⤵
  PID:3372
- C:\Windows\System\iPjZsjR.exe
  C:\Windows\System\iPjZsjR.exe
  2⤵
  PID:3408
- C:\Windows\System\dRAIUJT.exe
  C:\Windows\System\dRAIUJT.exe
  2⤵
  PID:3636
- C:\Windows\System\IxTYpgg.exe
  C:\Windows\System\IxTYpgg.exe
  2⤵
  PID:3716
- C:\Windows\System\AuPoTDi.exe
  C:\Windows\System\AuPoTDi.exe
  2⤵
  PID:3616
- C:\Windows\System\kmpnFWr.exe
  C:\Windows\System\kmpnFWr.exe
  2⤵
  PID:3688
- C:\Windows\System\iobGyot.exe
  C:\Windows\System\iobGyot.exe
  2⤵
  PID:3748
- C:\Windows\System\ZjaJycq.exe
  C:\Windows\System\ZjaJycq.exe
  2⤵
  PID:3776
- C:\Windows\System\tlSYWzY.exe
  C:\Windows\System\tlSYWzY.exe
  2⤵
  PID:3812
- C:\Windows\System\VQABuhd.exe
  C:\Windows\System\VQABuhd.exe
  2⤵
  PID:3976
- C:\Windows\System\Fpqnogh.exe
  C:\Windows\System\Fpqnogh.exe
  2⤵
  PID:4028
- C:\Windows\System\ThraxKl.exe
  C:\Windows\System\ThraxKl.exe
  2⤵
  PID:3892
- C:\Windows\System\WbpbstN.exe
  C:\Windows\System\WbpbstN.exe
  2⤵
  PID:2440
- C:\Windows\System\xsRwdqi.exe
  C:\Windows\System\xsRwdqi.exe
  2⤵
  PID:1436
- C:\Windows\System\hLTTYeS.exe
  C:\Windows\System\hLTTYeS.exe
  2⤵
  PID:2744
- C:\Windows\System\rbAbaGE.exe
  C:\Windows\System\rbAbaGE.exe
  2⤵
  PID:3304
- C:\Windows\System\xinyoMb.exe
  C:\Windows\System\xinyoMb.exe
  2⤵
  PID:1888
- C:\Windows\System\BXxLxAq.exe
  C:\Windows\System\BXxLxAq.exe
  2⤵
  PID:3416
- C:\Windows\System\vYzddpq.exe
  C:\Windows\System\vYzddpq.exe
  2⤵
  PID:3516
- C:\Windows\System\WjjVHyh.exe
  C:\Windows\System\WjjVHyh.exe
  2⤵
  PID:1696
- C:\Windows\System\yhstDfs.exe
  C:\Windows\System\yhstDfs.exe
  2⤵
  PID:3100
- C:\Windows\System\IVZtIfa.exe
  C:\Windows\System\IVZtIfa.exe
  2⤵
  PID:4052
- C:\Windows\System\shEZfkS.exe
  C:\Windows\System\shEZfkS.exe
  2⤵
  PID:3132
- C:\Windows\System\Sotutde.exe
  C:\Windows\System\Sotutde.exe
  2⤵
  PID:3708
- C:\Windows\System\VQoSTYv.exe
  C:\Windows\System\VQoSTYv.exe
  2⤵
  PID:2456
- C:\Windows\System\szLkVjP.exe
  C:\Windows\System\szLkVjP.exe
  2⤵
  PID:3772
- C:\Windows\System\EVhtUsB.exe
  C:\Windows\System\EVhtUsB.exe
  2⤵
  PID:3540
- C:\Windows\System\STcYeyt.exe
  C:\Windows\System\STcYeyt.exe
  2⤵
  PID:4088
- C:\Windows\System\dkisrcD.exe
  C:\Windows\System\dkisrcD.exe
  2⤵
  PID:4112
- C:\Windows\System\MqdFljg.exe
  C:\Windows\System\MqdFljg.exe
  2⤵
  PID:4128
- C:\Windows\System\zWWVgjp.exe
  C:\Windows\System\zWWVgjp.exe
  2⤵
  PID:4144
- C:\Windows\System\sSVeRNi.exe
  C:\Windows\System\sSVeRNi.exe
  2⤵
  PID:4160
- C:\Windows\System\bIOwAdU.exe
  C:\Windows\System\bIOwAdU.exe
  2⤵
  PID:4188
- C:\Windows\System\iitjLwz.exe
  C:\Windows\System\iitjLwz.exe
  2⤵
  PID:4220
- C:\Windows\System\GBWAPfA.exe
  C:\Windows\System\GBWAPfA.exe
  2⤵
  PID:4240
- C:\Windows\System\qVDtJeK.exe
  C:\Windows\System\qVDtJeK.exe
  2⤵
  PID:4256
- C:\Windows\System\ZHSBwlb.exe
  C:\Windows\System\ZHSBwlb.exe
  2⤵
  PID:4280
- C:\Windows\System\triTLvO.exe
  C:\Windows\System\triTLvO.exe
  2⤵
  PID:4300
- C:\Windows\System\OOUXRsR.exe
  C:\Windows\System\OOUXRsR.exe
  2⤵
  PID:4320
- C:\Windows\System\KHubPdM.exe
  C:\Windows\System\KHubPdM.exe
  2⤵
  PID:4336
- C:\Windows\System\rVBNwyF.exe
  C:\Windows\System\rVBNwyF.exe
  2⤵
  PID:4352
- C:\Windows\System\TiVYFmx.exe
  C:\Windows\System\TiVYFmx.exe
  2⤵
  PID:4368
- C:\Windows\System\VBQlzgi.exe
  C:\Windows\System\VBQlzgi.exe
  2⤵
  PID:4392
- C:\Windows\System\sqoFpZE.exe
  C:\Windows\System\sqoFpZE.exe
  2⤵
  PID:4412
- C:\Windows\System\rDhAEDJ.exe
  C:\Windows\System\rDhAEDJ.exe
  2⤵
  PID:4428
- C:\Windows\System\FKlOart.exe
  C:\Windows\System\FKlOart.exe
  2⤵
  PID:4452
- C:\Windows\System\inDPgrV.exe
  C:\Windows\System\inDPgrV.exe
  2⤵
  PID:4472
- C:\Windows\System\mcQtoNN.exe
  C:\Windows\System\mcQtoNN.exe
  2⤵
  PID:4492
- C:\Windows\System\lhjGZzT.exe
  C:\Windows\System\lhjGZzT.exe
  2⤵
  PID:4516
- C:\Windows\System\BOQdoIU.exe
  C:\Windows\System\BOQdoIU.exe
  2⤵
  PID:4532
- C:\Windows\System\LupyndT.exe
  C:\Windows\System\LupyndT.exe
  2⤵
  PID:4548
- C:\Windows\System\oMrUIBG.exe
  C:\Windows\System\oMrUIBG.exe
  2⤵
  PID:4568
- C:\Windows\System\VMLkOKG.exe
  C:\Windows\System\VMLkOKG.exe
  2⤵
  PID:4596
- C:\Windows\System\IwQDYIJ.exe
  C:\Windows\System\IwQDYIJ.exe
  2⤵
  PID:4616
- C:\Windows\System\ckwpOMz.exe
  C:\Windows\System\ckwpOMz.exe
  2⤵
  PID:4640
- C:\Windows\System\PaSylLL.exe
  C:\Windows\System\PaSylLL.exe
  2⤵
  PID:4656
- C:\Windows\System\nUfQdnS.exe
  C:\Windows\System\nUfQdnS.exe
  2⤵
  PID:4676
- C:\Windows\System\nSUsCgJ.exe
  C:\Windows\System\nSUsCgJ.exe
  2⤵
  PID:4700
- C:\Windows\System\Eiexpdf.exe
  C:\Windows\System\Eiexpdf.exe
  2⤵
  PID:4716
- C:\Windows\System\ltHuRFQ.exe
  C:\Windows\System\ltHuRFQ.exe
  2⤵
  PID:4736
- C:\Windows\System\dQdfRhB.exe
  C:\Windows\System\dQdfRhB.exe
  2⤵
  PID:4756
- C:\Windows\System\KjMTNaQ.exe
  C:\Windows\System\KjMTNaQ.exe
  2⤵
  PID:4776
- C:\Windows\System\HlAtTnZ.exe
  C:\Windows\System\HlAtTnZ.exe
  2⤵
  PID:4792
- C:\Windows\System\WMxDRcp.exe
  C:\Windows\System\WMxDRcp.exe
  2⤵
  PID:4812
- C:\Windows\System\SIoqbDV.exe
  C:\Windows\System\SIoqbDV.exe
  2⤵
  PID:4840
- C:\Windows\System\SjDFMVd.exe
  C:\Windows\System\SjDFMVd.exe
  2⤵
  PID:4860
- C:\Windows\System\YociXQj.exe
  C:\Windows\System\YociXQj.exe
  2⤵
  PID:4880
- C:\Windows\System\gGfJPEE.exe
  C:\Windows\System\gGfJPEE.exe
  2⤵
  PID:4900
- C:\Windows\System\roeFSCM.exe
  C:\Windows\System\roeFSCM.exe
  2⤵
  PID:4920
- C:\Windows\System\NHVLnZi.exe
  C:\Windows\System\NHVLnZi.exe
  2⤵
  PID:4940
- C:\Windows\System\wlOVLIp.exe
  C:\Windows\System\wlOVLIp.exe
  2⤵
  PID:4960
- C:\Windows\System\dLSDuwH.exe
  C:\Windows\System\dLSDuwH.exe
  2⤵
  PID:4980
- C:\Windows\System\RLpWTZX.exe
  C:\Windows\System\RLpWTZX.exe
  2⤵
  PID:5000
- C:\Windows\System\uMnemtn.exe
  C:\Windows\System\uMnemtn.exe
  2⤵
  PID:5020
- C:\Windows\System\xbyRIRM.exe
  C:\Windows\System\xbyRIRM.exe
  2⤵
  PID:5040
- C:\Windows\System\ZkwDunq.exe
  C:\Windows\System\ZkwDunq.exe
  2⤵
  PID:5060
- C:\Windows\System\PDpPSxT.exe
  C:\Windows\System\PDpPSxT.exe
  2⤵
  PID:5080
- C:\Windows\System\XvoNJqr.exe
  C:\Windows\System\XvoNJqr.exe
  2⤵
  PID:5100
- C:\Windows\System\EdPOpRq.exe
  C:\Windows\System\EdPOpRq.exe
  2⤵
  PID:3020
- C:\Windows\System\WBnsynv.exe
  C:\Windows\System\WBnsynv.exe
  2⤵
  PID:3392
- C:\Windows\System\HvpncuB.exe
  C:\Windows\System\HvpncuB.exe
  2⤵
  PID:3872
- C:\Windows\System\OXNuKMw.exe
  C:\Windows\System\OXNuKMw.exe
  2⤵
  PID:3920
- C:\Windows\System\aSqoxSL.exe
  C:\Windows\System\aSqoxSL.exe
  2⤵
  PID:3932
- C:\Windows\System\NtHFxaY.exe
  C:\Windows\System\NtHFxaY.exe
  2⤵
  PID:3036
- C:\Windows\System\TBdOJZb.exe
  C:\Windows\System\TBdOJZb.exe
  2⤵
  PID:3328
- C:\Windows\System\LDnfJkU.exe
  C:\Windows\System\LDnfJkU.exe
  2⤵
  PID:4108
- C:\Windows\System\sMvHCjX.exe
  C:\Windows\System\sMvHCjX.exe
  2⤵
  PID:4172
- C:\Windows\System\CTdpFGn.exe
  C:\Windows\System\CTdpFGn.exe
  2⤵
  PID:3796
- C:\Windows\System\HcUEOow.exe
  C:\Windows\System\HcUEOow.exe
  2⤵
  PID:4268
- C:\Windows\System\ePMAcqM.exe
  C:\Windows\System\ePMAcqM.exe
  2⤵
  PID:4124
- C:\Windows\System\DNHzIpj.exe
  C:\Windows\System\DNHzIpj.exe
  2⤵
  PID:4344
- C:\Windows\System\ONLbndF.exe
  C:\Windows\System\ONLbndF.exe
  2⤵
  PID:3988
- C:\Windows\System\WKIEQkE.exe
  C:\Windows\System\WKIEQkE.exe
  2⤵
  PID:4420
- C:\Windows\System\WCkQpSM.exe
  C:\Windows\System\WCkQpSM.exe
  2⤵
  PID:4212
- C:\Windows\System\NMpSCdk.exe
  C:\Windows\System\NMpSCdk.exe
  2⤵
  PID:4292
- C:\Windows\System\jOjjEqT.exe
  C:\Windows\System\jOjjEqT.exe
  2⤵
  PID:4328
- C:\Windows\System\cZSXzkt.exe
  C:\Windows\System\cZSXzkt.exe
  2⤵
  PID:4404
- C:\Windows\System\KwwphAI.exe
  C:\Windows\System\KwwphAI.exe
  2⤵
  PID:4504
- C:\Windows\System\IESKGbf.exe
  C:\Windows\System\IESKGbf.exe
  2⤵
  PID:4448
- C:\Windows\System\vNoJeOb.exe
  C:\Windows\System\vNoJeOb.exe
  2⤵
  PID:4444
- C:\Windows\System\bFmezpP.exe
  C:\Windows\System\bFmezpP.exe
  2⤵
  PID:4576
- C:\Windows\System\mmcstMM.exe
  C:\Windows\System\mmcstMM.exe
  2⤵
  PID:4624
- C:\Windows\System\kvRXolI.exe
  C:\Windows\System\kvRXolI.exe
  2⤵
  PID:4668
- C:\Windows\System\VznFiRA.exe
  C:\Windows\System\VznFiRA.exe
  2⤵
  PID:4648
- C:\Windows\System\oBkKQYu.exe
  C:\Windows\System\oBkKQYu.exe
  2⤵
  PID:4696
- C:\Windows\System\SJGhRGq.exe
  C:\Windows\System\SJGhRGq.exe
  2⤵
  PID:4724
- C:\Windows\System\VdrmVkp.exe
  C:\Windows\System\VdrmVkp.exe
  2⤵
  PID:4768
- C:\Windows\System\xGPQHwg.exe
  C:\Windows\System\xGPQHwg.exe
  2⤵
  PID:4808
- C:\Windows\System\lpcCHiP.exe
  C:\Windows\System\lpcCHiP.exe
  2⤵
  PID:4836
- C:\Windows\System\pEBRwXH.exe
  C:\Windows\System\pEBRwXH.exe
  2⤵
  PID:4856
- C:\Windows\System\yUsdYnv.exe
  C:\Windows\System\yUsdYnv.exe
  2⤵
  PID:4892
- C:\Windows\System\ykzUtVM.exe
  C:\Windows\System\ykzUtVM.exe
  2⤵
  PID:4932
- C:\Windows\System\DTckdud.exe
  C:\Windows\System\DTckdud.exe
  2⤵
  PID:4988
- C:\Windows\System\SgQKzLK.exe
  C:\Windows\System\SgQKzLK.exe
  2⤵
  PID:5008
- C:\Windows\System\BkNOuHi.exe
  C:\Windows\System\BkNOuHi.exe
  2⤵
  PID:5012
- C:\Windows\System\RVYrmgu.exe
  C:\Windows\System\RVYrmgu.exe
  2⤵
  PID:5052
- C:\Windows\System\hDhQEdI.exe
  C:\Windows\System\hDhQEdI.exe
  2⤵
  PID:5116
- C:\Windows\System\HKoCKTW.exe
  C:\Windows\System\HKoCKTW.exe
  2⤵
  PID:3880
- C:\Windows\System\PvJUexb.exe
  C:\Windows\System\PvJUexb.exe
  2⤵
  PID:3628
- C:\Windows\System\OxvBytz.exe
  C:\Windows\System\OxvBytz.exe
  2⤵
  PID:1480
- C:\Windows\System\ifGmTOx.exe
  C:\Windows\System\ifGmTOx.exe
  2⤵
  PID:3344
- C:\Windows\System\FRTglvB.exe
  C:\Windows\System\FRTglvB.exe
  2⤵
  PID:4168
- C:\Windows\System\UMrtetF.exe
  C:\Windows\System\UMrtetF.exe
  2⤵
  PID:4180
- C:\Windows\System\BTUamOw.exe
  C:\Windows\System\BTUamOw.exe
  2⤵
  PID:4312
- C:\Windows\System\nIrWUYi.exe
  C:\Windows\System\nIrWUYi.exe
  2⤵
  PID:4384
- C:\Windows\System\XmrhQJy.exe
  C:\Windows\System\XmrhQJy.exe
  2⤵
  PID:4120
- C:\Windows\System\PuwlEZm.exe
  C:\Windows\System\PuwlEZm.exe
  2⤵
  PID:4252
- C:\Windows\System\ylHSyXn.exe
  C:\Windows\System\ylHSyXn.exe
  2⤵
  PID:4400
- C:\Windows\System\jWXCLMF.exe
  C:\Windows\System\jWXCLMF.exe
  2⤵
  PID:4544
- C:\Windows\System\TTtCusS.exe
  C:\Windows\System\TTtCusS.exe
  2⤵
  PID:4560
- C:\Windows\System\dHhFmds.exe
  C:\Windows\System\dHhFmds.exe
  2⤵
  PID:4592
- C:\Windows\System\fBBYLYS.exe
  C:\Windows\System\fBBYLYS.exe
  2⤵
  PID:4608
- C:\Windows\System\wabKhiW.exe
  C:\Windows\System\wabKhiW.exe
  2⤵
  PID:4708
- C:\Windows\System\JbthiAU.exe
  C:\Windows\System\JbthiAU.exe
  2⤵
  PID:4788
- C:\Windows\System\aseOXmg.exe
  C:\Windows\System\aseOXmg.exe
  2⤵
  PID:4824
- C:\Windows\System\GPhRBZR.exe
  C:\Windows\System\GPhRBZR.exe
  2⤵
  PID:4896
- C:\Windows\System\gFHKtnu.exe
  C:\Windows\System\gFHKtnu.exe
  2⤵
  PID:4912
- C:\Windows\System\DKqWxVH.exe
  C:\Windows\System\DKqWxVH.exe
  2⤵
  PID:4976
- C:\Windows\System\ylwnTjn.exe
  C:\Windows\System\ylwnTjn.exe
  2⤵
  PID:5036
- C:\Windows\System\GYZrQQe.exe
  C:\Windows\System\GYZrQQe.exe
  2⤵
  PID:5108
- C:\Windows\System\KXsIfLR.exe
  C:\Windows\System\KXsIfLR.exe
  2⤵
  PID:3172
- C:\Windows\System\CocPrFu.exe
  C:\Windows\System\CocPrFu.exe
  2⤵
  PID:3728
- C:\Windows\System\tsMfcAY.exe
  C:\Windows\System\tsMfcAY.exe
  2⤵
  PID:4184
- C:\Windows\System\PymklNa.exe
  C:\Windows\System\PymklNa.exe
  2⤵
  PID:5132
- C:\Windows\System\dSYqFGC.exe
  C:\Windows\System\dSYqFGC.exe
  2⤵
  PID:5152
- C:\Windows\System\NLAFfRG.exe
  C:\Windows\System\NLAFfRG.exe
  2⤵
  PID:5172
- C:\Windows\System\LYXkksE.exe
  C:\Windows\System\LYXkksE.exe
  2⤵
  PID:5192
- C:\Windows\System\EQXOCAq.exe
  C:\Windows\System\EQXOCAq.exe
  2⤵
  PID:5212
- C:\Windows\System\vPTuagU.exe
  C:\Windows\System\vPTuagU.exe
  2⤵
  PID:5232
- C:\Windows\System\uxpDXBU.exe
  C:\Windows\System\uxpDXBU.exe
  2⤵
  PID:5252
- C:\Windows\System\zjfMnNK.exe
  C:\Windows\System\zjfMnNK.exe
  2⤵
  PID:5272
- C:\Windows\System\URAgOEl.exe
  C:\Windows\System\URAgOEl.exe
  2⤵
  PID:5292
- C:\Windows\System\sxkZfCw.exe
  C:\Windows\System\sxkZfCw.exe
  2⤵
  PID:5312
- C:\Windows\System\aysQmWF.exe
  C:\Windows\System\aysQmWF.exe
  2⤵
  PID:5332
- C:\Windows\System\ngcKbQi.exe
  C:\Windows\System\ngcKbQi.exe
  2⤵
  PID:5352
- C:\Windows\System\ykKtMvI.exe
  C:\Windows\System\ykKtMvI.exe
  2⤵
  PID:5372
- C:\Windows\System\sgelhKJ.exe
  C:\Windows\System\sgelhKJ.exe
  2⤵
  PID:5392
- C:\Windows\System\pznVfwE.exe
  C:\Windows\System\pznVfwE.exe
  2⤵
  PID:5412
- C:\Windows\System\DcWyevy.exe
  C:\Windows\System\DcWyevy.exe
  2⤵
  PID:5432
- C:\Windows\System\vpAUjoe.exe
  C:\Windows\System\vpAUjoe.exe
  2⤵
  PID:5452
- C:\Windows\System\BzgnQjs.exe
  C:\Windows\System\BzgnQjs.exe
  2⤵
  PID:5472
- C:\Windows\System\IVVAdhd.exe
  C:\Windows\System\IVVAdhd.exe
  2⤵
  PID:5492
- C:\Windows\System\fCpJcgi.exe
  C:\Windows\System\fCpJcgi.exe
  2⤵
  PID:5512
- C:\Windows\System\viCzNGC.exe
  C:\Windows\System\viCzNGC.exe
  2⤵
  PID:5532
- C:\Windows\System\XTAodlX.exe
  C:\Windows\System\XTAodlX.exe
  2⤵
  PID:5552
- C:\Windows\System\axbjRNB.exe
  C:\Windows\System\axbjRNB.exe
  2⤵
  PID:5572
- C:\Windows\System\aKHRwdi.exe
  C:\Windows\System\aKHRwdi.exe
  2⤵
  PID:5592
- C:\Windows\System\VaEDWHc.exe
  C:\Windows\System\VaEDWHc.exe
  2⤵
  PID:5612
- C:\Windows\System\xHTRBJq.exe
  C:\Windows\System\xHTRBJq.exe
  2⤵
  PID:5632
- C:\Windows\System\uzKiwvI.exe
  C:\Windows\System\uzKiwvI.exe
  2⤵
  PID:5652
- C:\Windows\System\fIwqutN.exe
  C:\Windows\System\fIwqutN.exe
  2⤵
  PID:5672
- C:\Windows\System\KiuVyaQ.exe
  C:\Windows\System\KiuVyaQ.exe
  2⤵
  PID:5692
- C:\Windows\System\dfGVSCh.exe
  C:\Windows\System\dfGVSCh.exe
  2⤵
  PID:5712
- C:\Windows\System\dzWLUdc.exe
  C:\Windows\System\dzWLUdc.exe
  2⤵
  PID:5732
- C:\Windows\System\OFxduRi.exe
  C:\Windows\System\OFxduRi.exe
  2⤵
  PID:5752
- C:\Windows\System\gXQGWmI.exe
  C:\Windows\System\gXQGWmI.exe
  2⤵
  PID:5772
- C:\Windows\System\BGuMIkV.exe
  C:\Windows\System\BGuMIkV.exe
  2⤵
  PID:5792
- C:\Windows\System\yuKjSnk.exe
  C:\Windows\System\yuKjSnk.exe
  2⤵
  PID:5812
- C:\Windows\System\xpcaSRB.exe
  C:\Windows\System\xpcaSRB.exe
  2⤵
  PID:5832
- C:\Windows\System\BWlbJqh.exe
  C:\Windows\System\BWlbJqh.exe
  2⤵
  PID:5852
- C:\Windows\System\jFVspYr.exe
  C:\Windows\System\jFVspYr.exe
  2⤵
  PID:5872
- C:\Windows\System\WtRCVpl.exe
  C:\Windows\System\WtRCVpl.exe
  2⤵
  PID:5888
- C:\Windows\System\CUASYFy.exe
  C:\Windows\System\CUASYFy.exe
  2⤵
  PID:5912
- C:\Windows\System\SnvcOMr.exe
  C:\Windows\System\SnvcOMr.exe
  2⤵
  PID:5932
- C:\Windows\System\RmPZvMm.exe
  C:\Windows\System\RmPZvMm.exe
  2⤵
  PID:5952
- C:\Windows\System\vcozjUR.exe
  C:\Windows\System\vcozjUR.exe
  2⤵
  PID:5972
- C:\Windows\System\JxLeHuk.exe
  C:\Windows\System\JxLeHuk.exe
  2⤵
  PID:5992
- C:\Windows\System\pzOslOS.exe
  C:\Windows\System\pzOslOS.exe
  2⤵
  PID:6016
- C:\Windows\System\CLYQrhQ.exe
  C:\Windows\System\CLYQrhQ.exe
  2⤵
  PID:6036
- C:\Windows\System\PBbFQrm.exe
  C:\Windows\System\PBbFQrm.exe
  2⤵
  PID:6056
- C:\Windows\System\iIhwXOd.exe
  C:\Windows\System\iIhwXOd.exe
  2⤵
  PID:6076
- C:\Windows\System\bujdvou.exe
  C:\Windows\System\bujdvou.exe
  2⤵
  PID:6096
- C:\Windows\System\wkjjtQz.exe
  C:\Windows\System\wkjjtQz.exe
  2⤵
  PID:6116
- C:\Windows\System\yGuThQM.exe
  C:\Windows\System\yGuThQM.exe
  2⤵
  PID:6136
- C:\Windows\System\jFufwil.exe
  C:\Windows\System\jFufwil.exe
  2⤵
  PID:4156
- C:\Windows\System\JRPJdvH.exe
  C:\Windows\System\JRPJdvH.exe
  2⤵
  PID:4388
- C:\Windows\System\XbzPAfJ.exe
  C:\Windows\System\XbzPAfJ.exe
  2⤵
  PID:4296
- C:\Windows\System\RfOZGWg.exe
  C:\Windows\System\RfOZGWg.exe
  2⤵
  PID:4512
- C:\Windows\System\gLGFgwK.exe
  C:\Windows\System\gLGFgwK.exe
  2⤵
  PID:4584
- C:\Windows\System\dlLTIPY.exe
  C:\Windows\System\dlLTIPY.exe
  2⤵
  PID:4672
- C:\Windows\System\rtHcZLK.exe
  C:\Windows\System\rtHcZLK.exe
  2⤵
  PID:4752
- C:\Windows\System\LUjzZbf.exe
  C:\Windows\System\LUjzZbf.exe
  2⤵
  PID:4876
- C:\Windows\System\wpcSuLX.exe
  C:\Windows\System\wpcSuLX.exe
  2⤵
  PID:4928
- C:\Windows\System\mpXZIfB.exe
  C:\Windows\System\mpXZIfB.exe
  2⤵
  PID:5028
- C:\Windows\System\uadZMBU.exe
  C:\Windows\System\uadZMBU.exe
  2⤵
  PID:5088
- C:\Windows\System\UplweoE.exe
  C:\Windows\System\UplweoE.exe
  2⤵
  PID:3308
- C:\Windows\System\jUGmBah.exe
  C:\Windows\System\jUGmBah.exe
  2⤵
  PID:5128
- C:\Windows\System\NyzJIwe.exe
  C:\Windows\System\NyzJIwe.exe
  2⤵
  PID:5188
- C:\Windows\System\rJMTMiR.exe
  C:\Windows\System\rJMTMiR.exe
  2⤵
  PID:5220
- C:\Windows\System\BBZMjLB.exe
  C:\Windows\System\BBZMjLB.exe
  2⤵
  PID:5224
- C:\Windows\System\asDIzzt.exe
  C:\Windows\System\asDIzzt.exe
  2⤵
  PID:5264
- C:\Windows\System\egYOsiX.exe
  C:\Windows\System\egYOsiX.exe
  2⤵
  PID:5288
- C:\Windows\System\gtNGkZh.exe
  C:\Windows\System\gtNGkZh.exe
  2⤵
  PID:5348
- C:\Windows\System\dgNkzYC.exe
  C:\Windows\System\dgNkzYC.exe
  2⤵
  PID:5380
- C:\Windows\System\xYACJnQ.exe
  C:\Windows\System\xYACJnQ.exe
  2⤵
  PID:5400
- C:\Windows\System\IqJYCEo.exe
  C:\Windows\System\IqJYCEo.exe
  2⤵
  PID:5424
- C:\Windows\System\pHsjuPb.exe
  C:\Windows\System\pHsjuPb.exe
  2⤵
  PID:5444
- C:\Windows\System\kQfLYXL.exe
  C:\Windows\System\kQfLYXL.exe
  2⤵
  PID:5480
- C:\Windows\System\tmzQSMt.exe
  C:\Windows\System\tmzQSMt.exe
  2⤵
  PID:5528
- C:\Windows\System\GRmoUVR.exe
  C:\Windows\System\GRmoUVR.exe
  2⤵
  PID:5580
- C:\Windows\System\IdxxGVf.exe
  C:\Windows\System\IdxxGVf.exe
  2⤵
  PID:5600
- C:\Windows\System\ikjpvFV.exe
  C:\Windows\System\ikjpvFV.exe
  2⤵
  PID:5624
- C:\Windows\System\AQCIDbr.exe
  C:\Windows\System\AQCIDbr.exe
  2⤵
  PID:5668
- C:\Windows\System\NzEpuYF.exe
  C:\Windows\System\NzEpuYF.exe
  2⤵
  PID:5680
- C:\Windows\System\qVZmiwG.exe
  C:\Windows\System\qVZmiwG.exe
  2⤵
  PID:5720
- C:\Windows\System\EKinWET.exe
  C:\Windows\System\EKinWET.exe
  2⤵
  PID:5780
- C:\Windows\System\wkvkGbO.exe
  C:\Windows\System\wkvkGbO.exe
  2⤵
  PID:5800
- C:\Windows\System\cxIXagI.exe
  C:\Windows\System\cxIXagI.exe
  2⤵
  PID:5824
- C:\Windows\System\UfpVwTM.exe
  C:\Windows\System\UfpVwTM.exe
  2⤵
  PID:5864
- C:\Windows\System\BubouMo.exe
  C:\Windows\System\BubouMo.exe
  2⤵
  PID:5904
- C:\Windows\System\ESaJSYf.exe
  C:\Windows\System\ESaJSYf.exe
  2⤵
  PID:5944
- C:\Windows\System\HgTdMSN.exe
  C:\Windows\System\HgTdMSN.exe
  2⤵
  PID:5968
- C:\Windows\System\SprWvFA.exe
  C:\Windows\System\SprWvFA.exe
  2⤵
  PID:6000
- C:\Windows\System\IYYzrZG.exe
  C:\Windows\System\IYYzrZG.exe
  2⤵
  PID:6028
- C:\Windows\System\uukPLvl.exe
  C:\Windows\System\uukPLvl.exe
  2⤵
  PID:6048
- C:\Windows\System\vkDrDfm.exe
  C:\Windows\System\vkDrDfm.exe
  2⤵
  PID:6092
- C:\Windows\System\KXHrQkc.exe
  C:\Windows\System\KXHrQkc.exe
  2⤵
  PID:6124
- C:\Windows\System\RPfrOLz.exe
  C:\Windows\System\RPfrOLz.exe
  2⤵
  PID:3896
- C:\Windows\System\tELvayt.exe
  C:\Windows\System\tELvayt.exe
  2⤵
  PID:4464
- C:\Windows\System\XMcVTXo.exe
  C:\Windows\System\XMcVTXo.exe
  2⤵
  PID:4500
- C:\Windows\System\ubkDndH.exe
  C:\Windows\System\ubkDndH.exe
  2⤵
  PID:4728
- C:\Windows\System\DyLwYDr.exe
  C:\Windows\System\DyLwYDr.exe
  2⤵
  PID:4764
- C:\Windows\System\SRFWdsl.exe
  C:\Windows\System\SRFWdsl.exe
  2⤵
  PID:264
- C:\Windows\System\qdKiWfr.exe
  C:\Windows\System\qdKiWfr.exe
  2⤵
  PID:3520
- C:\Windows\System\rPLYaqq.exe
  C:\Windows\System\rPLYaqq.exe
  2⤵
  PID:5148
- C:\Windows\System\sNXFCuz.exe
  C:\Windows\System\sNXFCuz.exe
  2⤵
  PID:5184
- C:\Windows\System\opryDAD.exe
  C:\Windows\System\opryDAD.exe
  2⤵
  PID:5228
- C:\Windows\System\AceLGgM.exe
  C:\Windows\System\AceLGgM.exe
  2⤵
  PID:5308
- C:\Windows\System\EWYfcIK.exe
  C:\Windows\System\EWYfcIK.exe
  2⤵
  PID:5344
- C:\Windows\System\UaALdaR.exe
  C:\Windows\System\UaALdaR.exe
  2⤵
  PID:5428
- C:\Windows\System\IRGOcdf.exe
  C:\Windows\System\IRGOcdf.exe
  2⤵
  PID:5500
- C:\Windows\System\tAcZpxS.exe
  C:\Windows\System\tAcZpxS.exe
  2⤵
  PID:5540
- C:\Windows\System\jibLheO.exe
  C:\Windows\System\jibLheO.exe
  2⤵
  PID:5544
- C:\Windows\System\jRzsaLd.exe
  C:\Windows\System\jRzsaLd.exe
  2⤵
  PID:5644
- C:\Windows\System\FDOxveT.exe
  C:\Windows\System\FDOxveT.exe
  2⤵
  PID:5708
- C:\Windows\System\eZWAYeO.exe
  C:\Windows\System\eZWAYeO.exe
  2⤵
  PID:5724
- C:\Windows\System\MHfrMLJ.exe
  C:\Windows\System\MHfrMLJ.exe
  2⤵
  PID:5820
- C:\Windows\System\qgxcnxq.exe
  C:\Windows\System\qgxcnxq.exe
  2⤵
  PID:5828
- C:\Windows\System\viNWetD.exe
  C:\Windows\System\viNWetD.exe
  2⤵
  PID:5928
- C:\Windows\System\HOGRYRS.exe
  C:\Windows\System\HOGRYRS.exe
  2⤵
  PID:5984
- C:\Windows\System\TnhNeld.exe
  C:\Windows\System\TnhNeld.exe
  2⤵
  PID:6052
- C:\Windows\System\QskckXO.exe
  C:\Windows\System\QskckXO.exe
  2⤵
  PID:6112
- C:\Windows\System\FjXOGRa.exe
  C:\Windows\System\FjXOGRa.exe
  2⤵
  PID:4204
- C:\Windows\System\ibkpnHv.exe
  C:\Windows\System\ibkpnHv.exe
  2⤵
  PID:4248
- C:\Windows\System\SaHMjPq.exe
  C:\Windows\System\SaHMjPq.exe
  2⤵
  PID:4564
- C:\Windows\System\UcagMWz.exe
  C:\Windows\System\UcagMWz.exe
  2⤵
  PID:4908
- C:\Windows\System\xJgMdwH.exe
  C:\Windows\System\xJgMdwH.exe
  2⤵
  PID:4104
- C:\Windows\System\bPxdGKq.exe
  C:\Windows\System\bPxdGKq.exe
  2⤵
  PID:5208
- C:\Windows\System\UpNFcND.exe
  C:\Windows\System\UpNFcND.exe
  2⤵
  PID:5280
- C:\Windows\System\hUnzONZ.exe
  C:\Windows\System\hUnzONZ.exe
  2⤵
  PID:5324
- C:\Windows\System\ctBMgrJ.exe
  C:\Windows\System\ctBMgrJ.exe
  2⤵
  PID:5468
- C:\Windows\System\ltuqegW.exe
  C:\Windows\System\ltuqegW.exe
  2⤵
  PID:5508
- C:\Windows\System\MugKtVf.exe
  C:\Windows\System\MugKtVf.exe
  2⤵
  PID:5628
- C:\Windows\System\jHZDHfk.exe
  C:\Windows\System\jHZDHfk.exe
  2⤵
  PID:5788
- C:\Windows\System\iImbqHU.exe
  C:\Windows\System\iImbqHU.exe
  2⤵
  PID:5900
- C:\Windows\System\MJeUXza.exe
  C:\Windows\System\MJeUXza.exe
  2⤵
  PID:5940
- C:\Windows\System\aWxDdmz.exe
  C:\Windows\System\aWxDdmz.exe
  2⤵
  PID:6164
- C:\Windows\System\bZUkFDM.exe
  C:\Windows\System\bZUkFDM.exe
  2⤵
  PID:6184
- C:\Windows\System\cmNXdfh.exe
  C:\Windows\System\cmNXdfh.exe
  2⤵
  PID:6204
- C:\Windows\System\RblvpNz.exe
  C:\Windows\System\RblvpNz.exe
  2⤵
  PID:6224
- C:\Windows\System\ZSRsqIU.exe
  C:\Windows\System\ZSRsqIU.exe
  2⤵
  PID:6244
- C:\Windows\System\LGQnCpa.exe
  C:\Windows\System\LGQnCpa.exe
  2⤵
  PID:6264
- C:\Windows\System\pYFvxls.exe
  C:\Windows\System\pYFvxls.exe
  2⤵
  PID:6284
- C:\Windows\System\dGXChJl.exe
  C:\Windows\System\dGXChJl.exe
  2⤵
  PID:6304
- C:\Windows\System\RtcGqtC.exe
  C:\Windows\System\RtcGqtC.exe
  2⤵
  PID:6324
- C:\Windows\System\sTwuMFu.exe
  C:\Windows\System\sTwuMFu.exe
  2⤵
  PID:6344
- C:\Windows\System\FiowuDG.exe
  C:\Windows\System\FiowuDG.exe
  2⤵
  PID:6364
- C:\Windows\System\oQuucsE.exe
  C:\Windows\System\oQuucsE.exe
  2⤵
  PID:6384
- C:\Windows\System\SlIbKtL.exe
  C:\Windows\System\SlIbKtL.exe
  2⤵
  PID:6404
- C:\Windows\System\ZxIbmzR.exe
  C:\Windows\System\ZxIbmzR.exe
  2⤵
  PID:6424
- C:\Windows\System\PNIvUeu.exe
  C:\Windows\System\PNIvUeu.exe
  2⤵
  PID:6444
- C:\Windows\System\wYfGfOR.exe
  C:\Windows\System\wYfGfOR.exe
  2⤵
  PID:6464
- C:\Windows\System\vbRjOOm.exe
  C:\Windows\System\vbRjOOm.exe
  2⤵
  PID:6484
- C:\Windows\System\dgXMRfm.exe
  C:\Windows\System\dgXMRfm.exe
  2⤵
  PID:6504
- C:\Windows\System\tXhAZmm.exe
  C:\Windows\System\tXhAZmm.exe
  2⤵
  PID:6524
- C:\Windows\System\KOBkTWi.exe
  C:\Windows\System\KOBkTWi.exe
  2⤵
  PID:6544
- C:\Windows\System\nYfqgBk.exe
  C:\Windows\System\nYfqgBk.exe
  2⤵
  PID:6564
- C:\Windows\System\QgtIqFp.exe
  C:\Windows\System\QgtIqFp.exe
  2⤵
  PID:6584
- C:\Windows\System\LzHjPKi.exe
  C:\Windows\System\LzHjPKi.exe
  2⤵
  PID:6604
- C:\Windows\System\rTXElEL.exe
  C:\Windows\System\rTXElEL.exe
  2⤵
  PID:6624
- C:\Windows\System\FDKemCg.exe
  C:\Windows\System\FDKemCg.exe
  2⤵
  PID:6644
- C:\Windows\System\hwNNuBe.exe
  C:\Windows\System\hwNNuBe.exe
  2⤵
  PID:6664
- C:\Windows\System\UkaEPXa.exe
  C:\Windows\System\UkaEPXa.exe
  2⤵
  PID:6684
- C:\Windows\System\YNTZPSZ.exe
  C:\Windows\System\YNTZPSZ.exe
  2⤵
  PID:6704
- C:\Windows\System\XMKzBld.exe
  C:\Windows\System\XMKzBld.exe
  2⤵
  PID:6724
- C:\Windows\System\WpGlqNP.exe
  C:\Windows\System\WpGlqNP.exe
  2⤵
  PID:6744
- C:\Windows\System\ZJSlTVC.exe
  C:\Windows\System\ZJSlTVC.exe
  2⤵
  PID:6764
- C:\Windows\System\ChgrUgX.exe
  C:\Windows\System\ChgrUgX.exe
  2⤵
  PID:6784
- C:\Windows\System\FDdNHsy.exe
  C:\Windows\System\FDdNHsy.exe
  2⤵
  PID:6804
- C:\Windows\System\CSdGUac.exe
  C:\Windows\System\CSdGUac.exe
  2⤵
  PID:6824
- C:\Windows\System\fXKjkSX.exe
  C:\Windows\System\fXKjkSX.exe
  2⤵
  PID:6844
- C:\Windows\System\wUvzhZW.exe
  C:\Windows\System\wUvzhZW.exe
  2⤵
  PID:6864
- C:\Windows\System\ysNDfxs.exe
  C:\Windows\System\ysNDfxs.exe
  2⤵
  PID:6884
- C:\Windows\System\aLivTYa.exe
  C:\Windows\System\aLivTYa.exe
  2⤵
  PID:6904
- C:\Windows\System\cMrbsEz.exe
  C:\Windows\System\cMrbsEz.exe
  2⤵
  PID:6928
- C:\Windows\System\kbTfjDi.exe
  C:\Windows\System\kbTfjDi.exe
  2⤵
  PID:6948
- C:\Windows\System\FvdivpR.exe
  C:\Windows\System\FvdivpR.exe
  2⤵
  PID:6968
- C:\Windows\System\mroMCvf.exe
  C:\Windows\System\mroMCvf.exe
  2⤵
  PID:6988
- C:\Windows\System\ADUcthc.exe
  C:\Windows\System\ADUcthc.exe
  2⤵
  PID:7008
- C:\Windows\System\qAcDYiy.exe
  C:\Windows\System\qAcDYiy.exe
  2⤵
  PID:7028
- C:\Windows\System\wUENtxN.exe
  C:\Windows\System\wUENtxN.exe
  2⤵
  PID:7048
- C:\Windows\System\RVzelrh.exe
  C:\Windows\System\RVzelrh.exe
  2⤵
  PID:7068
- C:\Windows\System\grrhMdW.exe
  C:\Windows\System\grrhMdW.exe
  2⤵
  PID:7088
- C:\Windows\System\tMFmtmQ.exe
  C:\Windows\System\tMFmtmQ.exe
  2⤵
  PID:7108
- C:\Windows\System\xaOqnFp.exe
  C:\Windows\System\xaOqnFp.exe
  2⤵
  PID:7128
- C:\Windows\System\bqKAcXj.exe
  C:\Windows\System\bqKAcXj.exe
  2⤵
  PID:7144
- C:\Windows\System\mNZGiFF.exe
  C:\Windows\System\mNZGiFF.exe
  2⤵
  PID:7164
- C:\Windows\System\UMrQhvT.exe
  C:\Windows\System\UMrQhvT.exe
  2⤵
  PID:6008
- C:\Windows\System\IIQXuew.exe
  C:\Windows\System\IIQXuew.exe
  2⤵
  PID:6072
- C:\Windows\System\iYkRyGx.exe
  C:\Windows\System\iYkRyGx.exe
  2⤵
  PID:4288
- C:\Windows\System\uMZrLVg.exe
  C:\Windows\System\uMZrLVg.exe
  2⤵
  PID:4804
- C:\Windows\System\bbVXBUW.exe
  C:\Windows\System\bbVXBUW.exe
  2⤵
  PID:5248
- C:\Windows\System\EOQqEGL.exe
  C:\Windows\System\EOQqEGL.exe
  2⤵
  PID:2144
- C:\Windows\System\DAFwsyl.exe
  C:\Windows\System\DAFwsyl.exe
  2⤵
  PID:5340
- C:\Windows\System\xcMngLD.exe
  C:\Windows\System\xcMngLD.exe
  2⤵
  PID:5520
- C:\Windows\System\HAQcYSE.exe
  C:\Windows\System\HAQcYSE.exe
  2⤵
  PID:5880
- C:\Windows\System\BwtMbvE.exe
  C:\Windows\System\BwtMbvE.exe
  2⤵
  PID:5908
- C:\Windows\System\PwQuLXQ.exe
  C:\Windows\System\PwQuLXQ.exe
  2⤵
  PID:6172
- C:\Windows\System\kDsgRQP.exe
  C:\Windows\System\kDsgRQP.exe
  2⤵
  PID:6196
- C:\Windows\System\KnFMwrj.exe
  C:\Windows\System\KnFMwrj.exe
  2⤵
  PID:856
- C:\Windows\System\GaPvhld.exe
  C:\Windows\System\GaPvhld.exe
  2⤵
  PID:6272
- C:\Windows\System\BrlHgJI.exe
  C:\Windows\System\BrlHgJI.exe
  2⤵
  PID:6300
- C:\Windows\System\xlDKTDB.exe
  C:\Windows\System\xlDKTDB.exe
  2⤵
  PID:6332
- C:\Windows\System\XGcuBvv.exe
  C:\Windows\System\XGcuBvv.exe
  2⤵
  PID:6356
- C:\Windows\System\xuDzbzL.exe
  C:\Windows\System\xuDzbzL.exe
  2⤵
  PID:6376
- C:\Windows\System\IOwrwkp.exe
  C:\Windows\System\IOwrwkp.exe
  2⤵
  PID:6432
- C:\Windows\System\mpuWrDM.exe
  C:\Windows\System\mpuWrDM.exe
  2⤵
  PID:6472
- C:\Windows\System\wlIhDZE.exe
  C:\Windows\System\wlIhDZE.exe
  2⤵
  PID:6492
- C:\Windows\System\pAlHGyR.exe
  C:\Windows\System\pAlHGyR.exe
  2⤵
  PID:6532
- C:\Windows\System\dHxKKlp.exe
  C:\Windows\System\dHxKKlp.exe
  2⤵
  PID:6560
- C:\Windows\System\alCxviw.exe
  C:\Windows\System\alCxviw.exe
  2⤵
  PID:6596
- C:\Windows\System\ycffKaJ.exe
  C:\Windows\System\ycffKaJ.exe
  2⤵
  PID:6640
- C:\Windows\System\GazichK.exe
  C:\Windows\System\GazichK.exe
  2⤵
  PID:6660
- C:\Windows\System\ocqqlUh.exe
  C:\Windows\System\ocqqlUh.exe
  2⤵
  PID:6720
- C:\Windows\System\rMvStbX.exe
  C:\Windows\System\rMvStbX.exe
  2⤵
  PID:6716
- C:\Windows\System\jdXqjXc.exe
  C:\Windows\System\jdXqjXc.exe
  2⤵
  PID:6736
- C:\Windows\System\oaPwPqh.exe
  C:\Windows\System\oaPwPqh.exe
  2⤵
  PID:6800
- C:\Windows\System\nfTVKEX.exe
  C:\Windows\System\nfTVKEX.exe
  2⤵
  PID:6820
- C:\Windows\System\OhxECEA.exe
  C:\Windows\System\OhxECEA.exe
  2⤵
  PID:6880
- C:\Windows\System\XmRGxHY.exe
  C:\Windows\System\XmRGxHY.exe
  2⤵
  PID:6892
- C:\Windows\System\DpELmfc.exe
  C:\Windows\System\DpELmfc.exe
  2⤵
  PID:6916
- C:\Windows\System\JYENguh.exe
  C:\Windows\System\JYENguh.exe
  2⤵
  PID:6960
- C:\Windows\System\KIQULOH.exe
  C:\Windows\System\KIQULOH.exe
  2⤵
  PID:6980
- C:\Windows\System\nXZYBjy.exe
  C:\Windows\System\nXZYBjy.exe
  2⤵
  PID:7020
- C:\Windows\System\dysxsVE.exe
  C:\Windows\System\dysxsVE.exe
  2⤵
  PID:7064
- C:\Windows\System\MCvJXlC.exe
  C:\Windows\System\MCvJXlC.exe
  2⤵
  PID:7104
- C:\Windows\System\qlJWumN.exe
  C:\Windows\System\qlJWumN.exe
  2⤵
  PID:7152
- C:\Windows\System\nRhQnSi.exe
  C:\Windows\System\nRhQnSi.exe
  2⤵
  PID:7140
- C:\Windows\System\weSlUJR.exe
  C:\Windows\System\weSlUJR.exe
  2⤵
  PID:6084
- C:\Windows\System\yEAvbEj.exe
  C:\Windows\System\yEAvbEj.exe
  2⤵
  PID:4200
- C:\Windows\System\WLUGqPb.exe
  C:\Windows\System\WLUGqPb.exe
  2⤵
  PID:5268
- C:\Windows\System\Vmbvgbm.exe
  C:\Windows\System\Vmbvgbm.exe
  2⤵
  PID:5660
- C:\Windows\System\UmBKbXX.exe
  C:\Windows\System\UmBKbXX.exe
  2⤵
  PID:5764
- C:\Windows\System\cMABUuz.exe
  C:\Windows\System\cMABUuz.exe
  2⤵
  PID:6152
- C:\Windows\System\gqyzaTu.exe
  C:\Windows\System\gqyzaTu.exe
  2⤵
  PID:6236
- C:\Windows\System\KfvCwsE.exe
  C:\Windows\System\KfvCwsE.exe
  2⤵
  PID:6232
- C:\Windows\System\gfbtDoh.exe
  C:\Windows\System\gfbtDoh.exe
  2⤵
  PID:6320
- C:\Windows\System\ObHvUAU.exe
  C:\Windows\System\ObHvUAU.exe
  2⤵
  PID:6340
- C:\Windows\System\mqfQkRw.exe
  C:\Windows\System\mqfQkRw.exe
  2⤵
  PID:6460
- C:\Windows\System\eyOgaAg.exe
  C:\Windows\System\eyOgaAg.exe
  2⤵
  PID:6512
- C:\Windows\System\ZkVFNUl.exe
  C:\Windows\System\ZkVFNUl.exe
  2⤵
  PID:6572
- C:\Windows\System\xtWrcWH.exe
  C:\Windows\System\xtWrcWH.exe
  2⤵
  PID:6592
- C:\Windows\System\LZjxgcX.exe
  C:\Windows\System\LZjxgcX.exe
  2⤵
  PID:6620
- C:\Windows\System\gKgSrmq.exe
  C:\Windows\System\gKgSrmq.exe
  2⤵
  PID:6700
- C:\Windows\System\oFKlXzn.exe
  C:\Windows\System\oFKlXzn.exe
  2⤵
  PID:6792
- C:\Windows\System\shUTiKt.exe
  C:\Windows\System\shUTiKt.exe
  2⤵
  PID:6760
- C:\Windows\System\vigMFeN.exe
  C:\Windows\System\vigMFeN.exe
  2⤵
  PID:6812
- C:\Windows\System\LHVybDd.exe
  C:\Windows\System\LHVybDd.exe
  2⤵
  PID:6924
- C:\Windows\System\QVRAZVC.exe
  C:\Windows\System\QVRAZVC.exe
  2⤵
  PID:6940
- C:\Windows\System\OudXCuP.exe
  C:\Windows\System\OudXCuP.exe
  2⤵
  PID:7016
- C:\Windows\System\TUvnQgi.exe
  C:\Windows\System\TUvnQgi.exe
  2⤵
  PID:7056
- C:\Windows\System\QcAunxz.exe
  C:\Windows\System\QcAunxz.exe
  2⤵
  PID:7120
- C:\Windows\System\OLpfDIk.exe
  C:\Windows\System\OLpfDIk.exe
  2⤵
  PID:5960
- C:\Windows\System\ybFOIXG.exe
  C:\Windows\System\ybFOIXG.exe
  2⤵
  PID:4588
- C:\Windows\System\WqiulIu.exe
  C:\Windows\System\WqiulIu.exe
  2⤵
  PID:5484
- C:\Windows\System\rfsLCdJ.exe
  C:\Windows\System\rfsLCdJ.exe
  2⤵
  PID:5748
- C:\Windows\System\tSFPnkA.exe
  C:\Windows\System\tSFPnkA.exe
  2⤵
  PID:6312
- C:\Windows\System\gRUkkOr.exe
  C:\Windows\System\gRUkkOr.exe
  2⤵
  PID:6252
- C:\Windows\System\FjbxyWs.exe
  C:\Windows\System\FjbxyWs.exe
  2⤵
  PID:6380
- C:\Windows\System\qRNdCgl.exe
  C:\Windows\System\qRNdCgl.exe
  2⤵
  PID:6412
- C:\Windows\System\VfHLDYj.exe
  C:\Windows\System\VfHLDYj.exe
  2⤵
  PID:6600
- C:\Windows\System\IEWWGxF.exe
  C:\Windows\System\IEWWGxF.exe
  2⤵
  PID:6612
- C:\Windows\System\vNYELOS.exe
  C:\Windows\System\vNYELOS.exe
  2⤵
  PID:6672
- C:\Windows\System\bfQaHeD.exe
  C:\Windows\System\bfQaHeD.exe
  2⤵
  PID:6756
- C:\Windows\System\MhtYVNs.exe
  C:\Windows\System\MhtYVNs.exe
  2⤵
  PID:6956
- C:\Windows\System\vpaDlCS.exe
  C:\Windows\System\vpaDlCS.exe
  2⤵
  PID:7004
- C:\Windows\System\zRxLSCz.exe
  C:\Windows\System\zRxLSCz.exe
  2⤵
  PID:7040
- C:\Windows\System\QRBejJE.exe
  C:\Windows\System\QRBejJE.exe
  2⤵
  PID:7156
- C:\Windows\System\JjGoiWS.exe
  C:\Windows\System\JjGoiWS.exe
  2⤵
  PID:7180
- C:\Windows\System\PSOTxBt.exe
  C:\Windows\System\PSOTxBt.exe
  2⤵
  PID:7200
- C:\Windows\System\FQxJtSN.exe
  C:\Windows\System\FQxJtSN.exe
  2⤵
  PID:7224
- C:\Windows\System\HpyLoQN.exe
  C:\Windows\System\HpyLoQN.exe
  2⤵
  PID:7240
- C:\Windows\System\NqxAtwx.exe
  C:\Windows\System\NqxAtwx.exe
  2⤵
  PID:7264
- C:\Windows\System\GFLYDYW.exe
  C:\Windows\System\GFLYDYW.exe
  2⤵
  PID:7284
- C:\Windows\System\ugRulIZ.exe
  C:\Windows\System\ugRulIZ.exe
  2⤵
  PID:7304
- C:\Windows\System\osOYgVG.exe
  C:\Windows\System\osOYgVG.exe
  2⤵
  PID:7324
- C:\Windows\System\Bdnrfns.exe
  C:\Windows\System\Bdnrfns.exe
  2⤵
  PID:7344
- C:\Windows\System\BOqNgut.exe
  C:\Windows\System\BOqNgut.exe
  2⤵
  PID:7364
- C:\Windows\System\lLppyYp.exe
  C:\Windows\System\lLppyYp.exe
  2⤵
  PID:7384
- C:\Windows\System\DrnFoWS.exe
  C:\Windows\System\DrnFoWS.exe
  2⤵
  PID:7404
- C:\Windows\System\GwcSAbw.exe
  C:\Windows\System\GwcSAbw.exe
  2⤵
  PID:7424
- C:\Windows\System\eTwBMJO.exe
  C:\Windows\System\eTwBMJO.exe
  2⤵
  PID:7444
- C:\Windows\System\ypSvBkl.exe
  C:\Windows\System\ypSvBkl.exe
  2⤵
  PID:7464
- C:\Windows\System\iyYpHxX.exe
  C:\Windows\System\iyYpHxX.exe
  2⤵
  PID:7484
- C:\Windows\System\yeejawa.exe
  C:\Windows\System\yeejawa.exe
  2⤵
  PID:7504
- C:\Windows\System\oOPumPN.exe
  C:\Windows\System\oOPumPN.exe
  2⤵
  PID:7520
- C:\Windows\System\mTEdXsR.exe
  C:\Windows\System\mTEdXsR.exe
  2⤵
  PID:7540
- C:\Windows\System\aonNbFw.exe
  C:\Windows\System\aonNbFw.exe
  2⤵
  PID:7564
- C:\Windows\System\IkQAVqR.exe
  C:\Windows\System\IkQAVqR.exe
  2⤵
  PID:7584
- C:\Windows\System\iKifxsJ.exe
  C:\Windows\System\iKifxsJ.exe
  2⤵
  PID:7604
- C:\Windows\System\YPxLrNk.exe
  C:\Windows\System\YPxLrNk.exe
  2⤵
  PID:7624
- C:\Windows\System\LQhzqDh.exe
  C:\Windows\System\LQhzqDh.exe
  2⤵
  PID:7640
- C:\Windows\System\AyGqwAr.exe
  C:\Windows\System\AyGqwAr.exe
  2⤵
  PID:7664
- C:\Windows\System\QpZkwMc.exe
  C:\Windows\System\QpZkwMc.exe
  2⤵
  PID:7684
- C:\Windows\System\MNaCUGB.exe
  C:\Windows\System\MNaCUGB.exe
  2⤵
  PID:7704
- C:\Windows\System\okaIGiX.exe
  C:\Windows\System\okaIGiX.exe
  2⤵
  PID:7720
- C:\Windows\System\gpbLLXs.exe
  C:\Windows\System\gpbLLXs.exe
  2⤵
  PID:7744
- C:\Windows\System\xjvDeYZ.exe
  C:\Windows\System\xjvDeYZ.exe
  2⤵
  PID:7764
- C:\Windows\System\iHjOabz.exe
  C:\Windows\System\iHjOabz.exe
  2⤵
  PID:7784
- C:\Windows\System\NpCKfjD.exe
  C:\Windows\System\NpCKfjD.exe
  2⤵
  PID:7804
- C:\Windows\System\tvyllaB.exe
  C:\Windows\System\tvyllaB.exe
  2⤵
  PID:7824
- C:\Windows\System\TSXoZxy.exe
  C:\Windows\System\TSXoZxy.exe
  2⤵
  PID:7844
- C:\Windows\System\izVZkHF.exe
  C:\Windows\System\izVZkHF.exe
  2⤵
  PID:7864
- C:\Windows\System\pGbnDEI.exe
  C:\Windows\System\pGbnDEI.exe
  2⤵
  PID:7884
- C:\Windows\System\CIMoqlF.exe
  C:\Windows\System\CIMoqlF.exe
  2⤵
  PID:7904
- C:\Windows\System\QdQwzEa.exe
  C:\Windows\System\QdQwzEa.exe
  2⤵
  PID:7928
- C:\Windows\System\ZrasllJ.exe
  C:\Windows\System\ZrasllJ.exe
  2⤵
  PID:7948
- C:\Windows\System\XDWpvXr.exe
  C:\Windows\System\XDWpvXr.exe
  2⤵
  PID:7968
- C:\Windows\System\roUzHHx.exe
  C:\Windows\System\roUzHHx.exe
  2⤵
  PID:7988
- C:\Windows\System\apnBDfd.exe
  C:\Windows\System\apnBDfd.exe
  2⤵
  PID:8008
- C:\Windows\System\kwbEuMx.exe
  C:\Windows\System\kwbEuMx.exe
  2⤵
  PID:8032
- C:\Windows\System\YLVcPiI.exe
  C:\Windows\System\YLVcPiI.exe
  2⤵
  PID:8052
- C:\Windows\System\pWEGCvP.exe
  C:\Windows\System\pWEGCvP.exe
  2⤵
  PID:8072
- C:\Windows\System\oKNItgW.exe
  C:\Windows\System\oKNItgW.exe
  2⤵
  PID:8088
- C:\Windows\System\XkaHoqm.exe
  C:\Windows\System\XkaHoqm.exe
  2⤵
  PID:8112
- C:\Windows\System\RrphtAU.exe
  C:\Windows\System\RrphtAU.exe
  2⤵
  PID:8132
- C:\Windows\System\XHjCOJA.exe
  C:\Windows\System\XHjCOJA.exe
  2⤵
  PID:8152
- C:\Windows\System\ENpTeSd.exe
  C:\Windows\System\ENpTeSd.exe
  2⤵
  PID:8172
- C:\Windows\System\HDZdecM.exe
  C:\Windows\System\HDZdecM.exe
  2⤵
  PID:4968
- C:\Windows\System\yFhNolu.exe
  C:\Windows\System\yFhNolu.exe
  2⤵
  PID:4612
- C:\Windows\System\EWJQuLR.exe
  C:\Windows\System\EWJQuLR.exe
  2⤵
  PID:6220
- C:\Windows\System\MnnJWRH.exe
  C:\Windows\System\MnnJWRH.exe
  2⤵
  PID:6160
- C:\Windows\System\JQTMhoE.exe
  C:\Windows\System\JQTMhoE.exe
  2⤵
  PID:6456
- C:\Windows\System\rWYaDIQ.exe
  C:\Windows\System\rWYaDIQ.exe
  2⤵
  PID:6652
- C:\Windows\System\NTVpoYN.exe
  C:\Windows\System\NTVpoYN.exe
  2⤵
  PID:3032
- C:\Windows\System\TfaVxAm.exe
  C:\Windows\System\TfaVxAm.exe
  2⤵
  PID:6860
- C:\Windows\System\QvroQiO.exe
  C:\Windows\System\QvroQiO.exe
  2⤵
  PID:6984
- C:\Windows\System\YsPbEgq.exe
  C:\Windows\System\YsPbEgq.exe
  2⤵
  PID:7176
- C:\Windows\System\IvEhRmg.exe
  C:\Windows\System\IvEhRmg.exe
  2⤵
  PID:7196
- C:\Windows\System\MZwJfiv.exe
  C:\Windows\System\MZwJfiv.exe
  2⤵
  PID:7252
- C:\Windows\System\sugvjcv.exe
  C:\Windows\System\sugvjcv.exe
  2⤵
  PID:7292
- C:\Windows\System\tTtmKGp.exe
  C:\Windows\System\tTtmKGp.exe
  2⤵
  PID:7276
- C:\Windows\System\EuRwHsL.exe
  C:\Windows\System\EuRwHsL.exe
  2⤵
  PID:7332
- C:\Windows\System\jtHUxuW.exe
  C:\Windows\System\jtHUxuW.exe
  2⤵
  PID:7352
- C:\Windows\System\hbjUmjb.exe
  C:\Windows\System\hbjUmjb.exe
  2⤵
  PID:7376
- C:\Windows\System\xqpXtdx.exe
  C:\Windows\System\xqpXtdx.exe
  2⤵
  PID:7400
- C:\Windows\System\YQMZErp.exe
  C:\Windows\System\YQMZErp.exe
  2⤵
  PID:7456
- C:\Windows\System\ejCDFtj.exe
  C:\Windows\System\ejCDFtj.exe
  2⤵
  PID:7480
- C:\Windows\System\ORMYJZs.exe
  C:\Windows\System\ORMYJZs.exe
  2⤵
  PID:7532
- C:\Windows\System\RiAOpxP.exe
  C:\Windows\System\RiAOpxP.exe
  2⤵
  PID:7548
- C:\Windows\System\gAfuoxl.exe
  C:\Windows\System\gAfuoxl.exe
  2⤵
  PID:1868
- C:\Windows\System\XvIhbxd.exe
  C:\Windows\System\XvIhbxd.exe
  2⤵
  PID:7600
- C:\Windows\System\oplknfj.exe
  C:\Windows\System\oplknfj.exe
  2⤵
  PID:7648
- C:\Windows\System\GmcafJC.exe
  C:\Windows\System\GmcafJC.exe
  2⤵
  PID:7692
- C:\Windows\System\iJUsBRE.exe
  C:\Windows\System\iJUsBRE.exe
  2⤵
  PID:7700
- C:\Windows\System\UYmbAFQ.exe
  C:\Windows\System\UYmbAFQ.exe
  2⤵
  PID:7736
- C:\Windows\System\aZDMhMQ.exe
  C:\Windows\System\aZDMhMQ.exe
  2⤵
  PID:7772
- C:\Windows\System\mwaLsZu.exe
  C:\Windows\System\mwaLsZu.exe
  2⤵
  PID:7812
- C:\Windows\System\thMRHFG.exe
  C:\Windows\System\thMRHFG.exe
  2⤵
  PID:7820
- C:\Windows\System\pQHvgyq.exe
  C:\Windows\System\pQHvgyq.exe
  2⤵
  PID:7872
- C:\Windows\System\IOKKeaY.exe
  C:\Windows\System\IOKKeaY.exe
  2⤵
  PID:7936
- C:\Windows\System\ZGGYCzd.exe
  C:\Windows\System\ZGGYCzd.exe
  2⤵
  PID:2968
- C:\Windows\System\XZvvObD.exe
  C:\Windows\System\XZvvObD.exe
  2⤵
  PID:7984
- C:\Windows\System\FPusarP.exe
  C:\Windows\System\FPusarP.exe
  2⤵
  PID:7996
- C:\Windows\System\KzCeNvY.exe
  C:\Windows\System\KzCeNvY.exe
  2⤵
  PID:8020
- C:\Windows\System\sLPLFGj.exe
  C:\Windows\System\sLPLFGj.exe
  2⤵
  PID:8048
- C:\Windows\System\USCFKdA.exe
  C:\Windows\System\USCFKdA.exe
  2⤵
  PID:8104
- C:\Windows\System\EyQmJeC.exe
  C:\Windows\System\EyQmJeC.exe
  2⤵
  PID:8080
- C:\Windows\System\kqaqFGf.exe
  C:\Windows\System\kqaqFGf.exe
  2⤵
  PID:8140
- C:\Windows\System\vrXXlMg.exe
  C:\Windows\System\vrXXlMg.exe
  2⤵
  PID:2180
- C:\Windows\System\aToArVW.exe
  C:\Windows\System\aToArVW.exe
  2⤵
  PID:8164
- C:\Windows\System\SkfStOJ.exe
  C:\Windows\System\SkfStOJ.exe
  2⤵
  PID:5304
- C:\Windows\System\aRACUbv.exe
  C:\Windows\System\aRACUbv.exe
  2⤵
  PID:5168
- C:\Windows\System\NOTZpIi.exe
  C:\Windows\System\NOTZpIi.exe
  2⤵
  PID:6416
- C:\Windows\System\fUKXpnr.exe
  C:\Windows\System\fUKXpnr.exe
  2⤵
  PID:6752
- C:\Windows\System\iZqwpgR.exe
  C:\Windows\System\iZqwpgR.exe
  2⤵
  PID:6632
- C:\Windows\System\TcSOPGP.exe
  C:\Windows\System\TcSOPGP.exe
  2⤵
  PID:7208
- C:\Windows\System\jAEwqAQ.exe
  C:\Windows\System\jAEwqAQ.exe
  2⤵
  PID:1552
- C:\Windows\System\mGaHbfJ.exe
  C:\Windows\System\mGaHbfJ.exe
  2⤵
  PID:6064
- C:\Windows\System\WCTjIKc.exe
  C:\Windows\System\WCTjIKc.exe
  2⤵
  PID:7320
- C:\Windows\System\avNNIWi.exe
  C:\Windows\System\avNNIWi.exe
  2⤵
  PID:7260
- C:\Windows\System\IDUlqOp.exe
  C:\Windows\System\IDUlqOp.exe
  2⤵
  PID:768
- C:\Windows\System\yoSUVvc.exe
  C:\Windows\System\yoSUVvc.exe
  2⤵
  PID:7356
- C:\Windows\System\JvRKgAK.exe
  C:\Windows\System\JvRKgAK.exe
  2⤵
  PID:7460
- C:\Windows\System\uKwnKAi.exe
  C:\Windows\System\uKwnKAi.exe
  2⤵
  PID:7336
- C:\Windows\System\ENLsdRW.exe
  C:\Windows\System\ENLsdRW.exe
  2⤵
  PID:1728
- C:\Windows\System\YDBkyiR.exe
  C:\Windows\System\YDBkyiR.exe
  2⤵
  PID:2740
- C:\Windows\System\CoBHNuD.exe
  C:\Windows\System\CoBHNuD.exe
  2⤵
  PID:2540
- C:\Windows\System\blSRZrl.exe
  C:\Windows\System\blSRZrl.exe
  2⤵
  PID:2428
- C:\Windows\System\hZzAiUa.exe
  C:\Windows\System\hZzAiUa.exe
  2⤵
  PID:528
- C:\Windows\System\YAlvidu.exe
  C:\Windows\System\YAlvidu.exe
  2⤵
  PID:1692
- C:\Windows\System\gyfVLNw.exe
  C:\Windows\System\gyfVLNw.exe
  2⤵
  PID:1420
- C:\Windows\System\inzMLqL.exe
  C:\Windows\System\inzMLqL.exe
  2⤵
  PID:1136
- C:\Windows\System\FAOSQwK.exe
  C:\Windows\System\FAOSQwK.exe
  2⤵
  PID:1884
- C:\Windows\System\FlzGJnz.exe
  C:\Windows\System\FlzGJnz.exe
  2⤵
  PID:2596
- C:\Windows\System\gmTEdPW.exe
  C:\Windows\System\gmTEdPW.exe
  2⤵
  PID:7572
- C:\Windows\System\oawmeie.exe
  C:\Windows\System\oawmeie.exe
  2⤵
  PID:7680
- C:\Windows\System\GGegsRj.exe
  C:\Windows\System\GGegsRj.exe
  2⤵
  PID:7792
- C:\Windows\System\lwwNPLJ.exe
  C:\Windows\System\lwwNPLJ.exe
  2⤵
  PID:2588
- C:\Windows\System\DxYRgbI.exe
  C:\Windows\System\DxYRgbI.exe
  2⤵
  PID:7856
- C:\Windows\System\XXUQKiL.exe
  C:\Windows\System\XXUQKiL.exe
  2⤵
  PID:7512
- C:\Windows\System\llspCJw.exe
  C:\Windows\System\llspCJw.exe
  2⤵
  PID:7660
- C:\Windows\System\dcXuZIE.exe
  C:\Windows\System\dcXuZIE.exe
  2⤵
  PID:8000
- C:\Windows\System\liGSXlD.exe
  C:\Windows\System\liGSXlD.exe
  2⤵
  PID:8128
- C:\Windows\System\VYgwxNL.exe
  C:\Windows\System\VYgwxNL.exe
  2⤵
  PID:6876
- C:\Windows\System\BoEJQLL.exe
  C:\Windows\System\BoEJQLL.exe
  2⤵
  PID:7248
- C:\Windows\System\nNUFCNu.exe
  C:\Windows\System\nNUFCNu.exe
  2⤵
  PID:3016
- C:\Windows\System\ZPnEFpv.exe
  C:\Windows\System\ZPnEFpv.exe
  2⤵
  PID:1676
- C:\Windows\System\YxbPjcx.exe
  C:\Windows\System\YxbPjcx.exe
  2⤵
  PID:7472
- C:\Windows\System\TAYZFqo.exe
  C:\Windows\System\TAYZFqo.exe
  2⤵
  PID:2124
- C:\Windows\System\MshGTYi.exe
  C:\Windows\System\MshGTYi.exe
  2⤵
  PID:1932
- C:\Windows\System\GKVVUmq.exe
  C:\Windows\System\GKVVUmq.exe
  2⤵
  PID:2720
- C:\Windows\System\tgwouxy.exe
  C:\Windows\System\tgwouxy.exe
  2⤵
  PID:7900
- C:\Windows\System\LIBbWaV.exe
  C:\Windows\System\LIBbWaV.exe
  2⤵
  PID:7976
- C:\Windows\System\XZwDeHI.exe
  C:\Windows\System\XZwDeHI.exe
  2⤵
  PID:7632
- C:\Windows\System\HbSJSFS.exe
  C:\Windows\System\HbSJSFS.exe
  2⤵
  PID:8044
- C:\Windows\System\BeIgPzi.exe
  C:\Windows\System\BeIgPzi.exe
  2⤵
  PID:7728
- C:\Windows\System\cmRVQsF.exe
  C:\Windows\System\cmRVQsF.exe
  2⤵
  PID:7756
- C:\Windows\System\PBmOpZA.exe
  C:\Windows\System\PBmOpZA.exe
  2⤵
  PID:8120
- C:\Windows\System\yDNDhMo.exe
  C:\Windows\System\yDNDhMo.exe
  2⤵
  PID:7732
- C:\Windows\System\OTBnDTG.exe
  C:\Windows\System\OTBnDTG.exe
  2⤵
  PID:5648
- C:\Windows\System\UOSulBC.exe
  C:\Windows\System\UOSulBC.exe
  2⤵
  PID:5804
- C:\Windows\System\MZXYqtC.exe
  C:\Windows\System\MZXYqtC.exe
  2⤵
  PID:7212
- C:\Windows\System\nYrddyn.exe
  C:\Windows\System\nYrddyn.exe
  2⤵
  PID:6740
- C:\Windows\System\wQDTFuD.exe
  C:\Windows\System\wQDTFuD.exe
  2⤵
  PID:8064
- C:\Windows\System\suFGnsU.exe
  C:\Windows\System\suFGnsU.exe
  2⤵
  PID:7740
- C:\Windows\System\FlpXrOt.exe
  C:\Windows\System\FlpXrOt.exe
  2⤵
  PID:7296
- C:\Windows\System\vgiiwoA.exe
  C:\Windows\System\vgiiwoA.exe
  2⤵
  PID:7652
- C:\Windows\System\zjzalAA.exe
  C:\Windows\System\zjzalAA.exe
  2⤵
  PID:7360
- C:\Windows\System\EcduQhX.exe
  C:\Windows\System\EcduQhX.exe
  2⤵
  PID:7392
- C:\Windows\System\kAvquyk.exe
  C:\Windows\System\kAvquyk.exe
  2⤵
  PID:2000
- C:\Windows\System\liiHyUU.exe
  C:\Windows\System\liiHyUU.exe
  2⤵
  PID:7956
- C:\Windows\System\lWRzSLG.exe
  C:\Windows\System\lWRzSLG.exe
  2⤵
  PID:8160
- C:\Windows\System\WHzhalm.exe
  C:\Windows\System\WHzhalm.exe
  2⤵
  PID:7916
- C:\Windows\System\OYQJisV.exe
  C:\Windows\System\OYQJisV.exe
  2⤵
  PID:7924
- C:\Windows\System\TZooqjN.exe
  C:\Windows\System\TZooqjN.exe
  2⤵
  PID:7432
- C:\Windows\System\bcCQXuG.exe
  C:\Windows\System\bcCQXuG.exe
  2⤵
  PID:7876
- C:\Windows\System\IbzVDii.exe
  C:\Windows\System\IbzVDii.exe
  2⤵
  PID:2028
- C:\Windows\System\nOSIqUA.exe
  C:\Windows\System\nOSIqUA.exe
  2⤵
  PID:7316
- C:\Windows\System\bWDktnZ.exe
  C:\Windows\System\bWDktnZ.exe
  2⤵
  PID:7528
- C:\Windows\System\irGPGuJ.exe
  C:\Windows\System\irGPGuJ.exe
  2⤵
  PID:7796
- C:\Windows\System\oSpDWee.exe
  C:\Windows\System\oSpDWee.exe
  2⤵
  PID:8068
- C:\Windows\System\SJXHYCf.exe
  C:\Windows\System\SJXHYCf.exe
  2⤵
  PID:7312
- C:\Windows\System\UAjAWyM.exe
  C:\Windows\System\UAjAWyM.exe
  2⤵
  PID:7716
- C:\Windows\System\wAKJkKx.exe
  C:\Windows\System\wAKJkKx.exe
  2⤵
  PID:8124
- C:\Windows\System\HKQkgpI.exe
  C:\Windows\System\HKQkgpI.exe
  2⤵
  PID:2684
- C:\Windows\System\kdiSIZP.exe
  C:\Windows\System\kdiSIZP.exe
  2⤵
  PID:6176
- C:\Windows\System\FNWQIvL.exe
  C:\Windows\System\FNWQIvL.exe
  2⤵
  PID:2872
- C:\Windows\System\GPpuWof.exe
  C:\Windows\System\GPpuWof.exe
  2⤵
  PID:2480
- C:\Windows\System\tzoGwWK.exe
  C:\Windows\System\tzoGwWK.exe
  2⤵
  PID:7840
- C:\Windows\System\wOACKmE.exe
  C:\Windows\System\wOACKmE.exe
  2⤵
  PID:7380
- C:\Windows\System\rjKQoXT.exe
  C:\Windows\System\rjKQoXT.exe
  2⤵
  PID:8200
- C:\Windows\System\ejKlzMq.exe
  C:\Windows\System\ejKlzMq.exe
  2⤵
  PID:8216
- C:\Windows\System\lnNXTNc.exe
  C:\Windows\System\lnNXTNc.exe
  2⤵
  PID:8244
- C:\Windows\System\tjxCvIi.exe
  C:\Windows\System\tjxCvIi.exe
  2⤵
  PID:8260
- C:\Windows\System\ByHCcuM.exe
  C:\Windows\System\ByHCcuM.exe
  2⤵
  PID:8276
- C:\Windows\System\yzLrQMz.exe
  C:\Windows\System\yzLrQMz.exe
  2⤵
  PID:8292
- C:\Windows\System\TEzcCKV.exe
  C:\Windows\System\TEzcCKV.exe
  2⤵
  PID:8308
- C:\Windows\System\rPAzbEh.exe
  C:\Windows\System\rPAzbEh.exe
  2⤵
  PID:8324
- C:\Windows\System\ceMOGMA.exe
  C:\Windows\System\ceMOGMA.exe
  2⤵
  PID:8344
- C:\Windows\System\vJaGRyP.exe
  C:\Windows\System\vJaGRyP.exe
  2⤵
  PID:8360
- C:\Windows\System\qFHtpjS.exe
  C:\Windows\System\qFHtpjS.exe
  2⤵
  PID:8376
- C:\Windows\System\NuALciN.exe
  C:\Windows\System\NuALciN.exe
  2⤵
  PID:8392
- C:\Windows\System\tLNtCwn.exe
  C:\Windows\System\tLNtCwn.exe
  2⤵
  PID:8408
- C:\Windows\System\HrctTsl.exe
  C:\Windows\System\HrctTsl.exe
  2⤵
  PID:8424
- C:\Windows\System\FEFSxaY.exe
  C:\Windows\System\FEFSxaY.exe
  2⤵
  PID:8440
- C:\Windows\System\TZAHEnp.exe
  C:\Windows\System\TZAHEnp.exe
  2⤵
  PID:8456
- C:\Windows\System\FZhsJPm.exe
  C:\Windows\System\FZhsJPm.exe
  2⤵
  PID:8472
- C:\Windows\System\BXsfBFE.exe
  C:\Windows\System\BXsfBFE.exe
  2⤵
  PID:8488
- C:\Windows\System\iYNVCZd.exe
  C:\Windows\System\iYNVCZd.exe
  2⤵
  PID:8504
- C:\Windows\System\WaxkClZ.exe
  C:\Windows\System\WaxkClZ.exe
  2⤵
  PID:8520
- C:\Windows\System\ZotVxhl.exe
  C:\Windows\System\ZotVxhl.exe
  2⤵
  PID:8548
- C:\Windows\System\PynmMPc.exe
  C:\Windows\System\PynmMPc.exe
  2⤵
  PID:8568
- C:\Windows\System\EjMRCjt.exe
  C:\Windows\System\EjMRCjt.exe
  2⤵
  PID:8584
- C:\Windows\System\BYEkZuM.exe
  C:\Windows\System\BYEkZuM.exe
  2⤵
  PID:8600
- C:\Windows\System\ifRqxmT.exe
  C:\Windows\System\ifRqxmT.exe
  2⤵
  PID:8704
- C:\Windows\System\tPdbFMn.exe
  C:\Windows\System\tPdbFMn.exe
  2⤵
  PID:8728
- C:\Windows\System\eRYdOgQ.exe
  C:\Windows\System\eRYdOgQ.exe
  2⤵
  PID:8756
- C:\Windows\System\hqqnSXq.exe
  C:\Windows\System\hqqnSXq.exe
  2⤵
  PID:8772
- C:\Windows\System\kiKMAeY.exe
  C:\Windows\System\kiKMAeY.exe
  2⤵
  PID:8792
- C:\Windows\System\sTmfjci.exe
  C:\Windows\System\sTmfjci.exe
  2⤵
  PID:8816
- C:\Windows\System\qjUmKJn.exe
  C:\Windows\System\qjUmKJn.exe
  2⤵
  PID:8832
- C:\Windows\System\SkTkBtp.exe
  C:\Windows\System\SkTkBtp.exe
  2⤵
  PID:8848
- C:\Windows\System\bGwtUef.exe
  C:\Windows\System\bGwtUef.exe
  2⤵
  PID:8864
- C:\Windows\System\RFssChP.exe
  C:\Windows\System\RFssChP.exe
  2⤵
  PID:8880
- C:\Windows\System\sztBmfX.exe
  C:\Windows\System\sztBmfX.exe
  2⤵
  PID:8896
- C:\Windows\System\TWrqaIb.exe
  C:\Windows\System\TWrqaIb.exe
  2⤵
  PID:8912
- C:\Windows\System\DgVWdjx.exe
  C:\Windows\System\DgVWdjx.exe
  2⤵
  PID:8928
- C:\Windows\System\RAXlIvL.exe
  C:\Windows\System\RAXlIvL.exe
  2⤵
  PID:8948
- C:\Windows\System\SiRlGsS.exe
  C:\Windows\System\SiRlGsS.exe
  2⤵
  PID:8976
- C:\Windows\System\YRtOzCw.exe
  C:\Windows\System\YRtOzCw.exe
  2⤵
  PID:9004
- C:\Windows\System\MvvHjBf.exe
  C:\Windows\System\MvvHjBf.exe
  2⤵
  PID:9020
- C:\Windows\System\UsdqSoa.exe
  C:\Windows\System\UsdqSoa.exe
  2⤵
  PID:9036
- C:\Windows\System\xlFWyOy.exe
  C:\Windows\System\xlFWyOy.exe
  2⤵
  PID:9064
- C:\Windows\System\TfBJIOX.exe
  C:\Windows\System\TfBJIOX.exe
  2⤵
  PID:9080
- C:\Windows\System\cZXRyQn.exe
  C:\Windows\System\cZXRyQn.exe
  2⤵
  PID:9096
- C:\Windows\System\oNazjdS.exe
  C:\Windows\System\oNazjdS.exe
  2⤵
  PID:9112
- C:\Windows\System\cggNEtY.exe
  C:\Windows\System\cggNEtY.exe
  2⤵
  PID:9128
- C:\Windows\System\AEXOFPg.exe
  C:\Windows\System\AEXOFPg.exe
  2⤵
  PID:9144
- C:\Windows\System\nkVvlPa.exe
  C:\Windows\System\nkVvlPa.exe
  2⤵
  PID:9160
- C:\Windows\System\TQJFYDf.exe
  C:\Windows\System\TQJFYDf.exe
  2⤵
  PID:9176
- C:\Windows\System\kTetsRr.exe
  C:\Windows\System\kTetsRr.exe
  2⤵
  PID:9200
- C:\Windows\System\ItGiRcI.exe
  C:\Windows\System\ItGiRcI.exe
  2⤵
  PID:1472
- C:\Windows\System\ZfWRdPJ.exe
  C:\Windows\System\ZfWRdPJ.exe
  2⤵
  PID:8212
- C:\Windows\System\fuhUYjE.exe
  C:\Windows\System\fuhUYjE.exe
  2⤵
  PID:8284
- C:\Windows\System\WmnEQwm.exe
  C:\Windows\System\WmnEQwm.exe
  2⤵
  PID:7272
- C:\Windows\System\hyOmYmh.exe
  C:\Windows\System\hyOmYmh.exe
  2⤵
  PID:3068
- C:\Windows\System\xTXHOCX.exe
  C:\Windows\System\xTXHOCX.exe
  2⤵
  PID:8268
- C:\Windows\System\UpLiSBb.exe
  C:\Windows\System\UpLiSBb.exe
  2⤵
  PID:8304
- C:\Windows\System\AgKorKX.exe
  C:\Windows\System\AgKorKX.exe
  2⤵
  PID:8372
- C:\Windows\System\iveKhLc.exe
  C:\Windows\System\iveKhLc.exe
  2⤵
  PID:8388
- C:\Windows\System\oSxGknp.exe
  C:\Windows\System\oSxGknp.exe
  2⤵
  PID:8420
- C:\Windows\System\ITICSOZ.exe
  C:\Windows\System\ITICSOZ.exe
  2⤵
  PID:8484
- C:\Windows\System\RDrelHl.exe
  C:\Windows\System\RDrelHl.exe
  2⤵
  PID:8432
- C:\Windows\System\SpScSvv.exe
  C:\Windows\System\SpScSvv.exe
  2⤵
  PID:8496
- C:\Windows\System\RbDvIWJ.exe
  C:\Windows\System\RbDvIWJ.exe
  2⤵
  PID:8540
- C:\Windows\System\RurPgLy.exe
  C:\Windows\System\RurPgLy.exe
  2⤵
  PID:8544
- C:\Windows\System\kjBGnnD.exe
  C:\Windows\System\kjBGnnD.exe
  2⤵
  PID:8608
- C:\Windows\System\RKdPbfR.exe
  C:\Windows\System\RKdPbfR.exe
  2⤵
  PID:8624
- C:\Windows\System\vCHslXc.exe
  C:\Windows\System\vCHslXc.exe
  2⤵
  PID:8632
- C:\Windows\System\kpKjorv.exe
  C:\Windows\System\kpKjorv.exe
  2⤵
  PID:8672
- C:\Windows\System\dZyZaAa.exe
  C:\Windows\System\dZyZaAa.exe
  2⤵
  PID:8656
- C:\Windows\System\nTIIWzl.exe
  C:\Windows\System\nTIIWzl.exe
  2⤵
  PID:8692
- C:\Windows\System\bLRKYot.exe
  C:\Windows\System\bLRKYot.exe
  2⤵
  PID:8712
- C:\Windows\System\KtMohue.exe
  C:\Windows\System\KtMohue.exe
  2⤵
  PID:8740
- C:\Windows\System\YnijpOz.exe
  C:\Windows\System\YnijpOz.exe
  2⤵
  PID:8764
- C:\Windows\System\gSobmoe.exe
  C:\Windows\System\gSobmoe.exe
  2⤵
  PID:8800
- C:\Windows\System\xXZFAKW.exe
  C:\Windows\System\xXZFAKW.exe
  2⤵
  PID:8840
- C:\Windows\System\FVPxLDv.exe
  C:\Windows\System\FVPxLDv.exe
  2⤵
  PID:8856
- C:\Windows\System\FAWtvRn.exe
  C:\Windows\System\FAWtvRn.exe
  2⤵
  PID:8924
- C:\Windows\System\wgIUzEm.exe
  C:\Windows\System\wgIUzEm.exe
  2⤵
  PID:8964
- C:\Windows\System\pAZZwlr.exe
  C:\Windows\System\pAZZwlr.exe
  2⤵
  PID:9016
- C:\Windows\System\dkBFTMh.exe
  C:\Windows\System\dkBFTMh.exe
  2⤵
  PID:9076
- C:\Windows\System\xjJFvRw.exe
  C:\Windows\System\xjJFvRw.exe
  2⤵
  PID:9140
- C:\Windows\System\EUOyQUF.exe
  C:\Windows\System\EUOyQUF.exe
  2⤵
  PID:9136
- C:\Windows\System\ycWRBaA.exe
  C:\Windows\System\ycWRBaA.exe
  2⤵
  PID:9044
- C:\Windows\System\xfYWYuT.exe
  C:\Windows\System\xfYWYuT.exe
  2⤵
  PID:8984
- C:\Windows\System\doIbhqp.exe
  C:\Windows\System\doIbhqp.exe
  2⤵
  PID:7616
- C:\Windows\System\JaXVHka.exe
  C:\Windows\System\JaXVHka.exe
  2⤵
  PID:8316
- C:\Windows\System\lppUklL.exe
  C:\Windows\System\lppUklL.exe
  2⤵
  PID:8352
- C:\Windows\System\rnGTOXq.exe
  C:\Windows\System\rnGTOXq.exe
  2⤵
  PID:8480
- C:\Windows\System\jBafiUY.exe
  C:\Windows\System\jBafiUY.exe
  2⤵
  PID:8336
- C:\Windows\System\jhcBMKa.exe
  C:\Windows\System\jhcBMKa.exe
  2⤵
  PID:8592
- C:\Windows\System\vAIQFVK.exe
  C:\Windows\System\vAIQFVK.exe
  2⤵
  PID:8536
- C:\Windows\System\oimzbqe.exe
  C:\Windows\System\oimzbqe.exe
  2⤵
  PID:8620
- C:\Windows\System\EJautlw.exe
  C:\Windows\System\EJautlw.exe
  2⤵
  PID:8688
- C:\Windows\System\jqqbpPr.exe
  C:\Windows\System\jqqbpPr.exe
  2⤵
  PID:8664
- C:\Windows\System\MDoJdzd.exe
  C:\Windows\System\MDoJdzd.exe
  2⤵
  PID:8720
- C:\Windows\System\UxHrYay.exe
  C:\Windows\System\UxHrYay.exe
  2⤵
  PID:8812
- C:\Windows\System\BDmwORw.exe
  C:\Windows\System\BDmwORw.exe
  2⤵
  PID:8972
- C:\Windows\System\JALSBWA.exe
  C:\Windows\System\JALSBWA.exe
  2⤵
  PID:8944
- C:\Windows\System\FnBUGGc.exe
  C:\Windows\System\FnBUGGc.exe
  2⤵
  PID:8824
- C:\Windows\System\UhdKKVP.exe
  C:\Windows\System\UhdKKVP.exe
  2⤵
  PID:8940
- C:\Windows\System\ocqPKLC.exe
  C:\Windows\System\ocqPKLC.exe
  2⤵
  PID:9028
- C:\Windows\System\oTMKXbX.exe
  C:\Windows\System\oTMKXbX.exe
  2⤵
  PID:9088
- C:\Windows\System\tDdioZN.exe
  C:\Windows\System\tDdioZN.exe
  2⤵
  PID:9152
- C:\Windows\System\NvzTxXL.exe
  C:\Windows\System\NvzTxXL.exe
  2⤵
  PID:8232
- C:\Windows\System\PMXWUzz.exe
  C:\Windows\System\PMXWUzz.exe
  2⤵
  PID:9188
- C:\Windows\System\iLEWXFA.exe
  C:\Windows\System\iLEWXFA.exe
  2⤵
  PID:8340
- C:\Windows\System\kHSvJML.exe
  C:\Windows\System\kHSvJML.exe
  2⤵
  PID:8596
- C:\Windows\System\hnqgHIy.exe
  C:\Windows\System\hnqgHIy.exe
  2⤵
  PID:8652
- C:\Windows\System\priyAsE.exe
  C:\Windows\System\priyAsE.exe
  2⤵
  PID:7620
- C:\Windows\System\LDoXMsE.exe
  C:\Windows\System\LDoXMsE.exe
  2⤵
  PID:9124
- C:\Windows\System\bgDdFGr.exe
  C:\Windows\System\bgDdFGr.exe
  2⤵
  PID:8236
- C:\Windows\System\TtgPnEb.exe
  C:\Windows\System\TtgPnEb.exe
  2⤵
  PID:8888
- C:\Windows\System\lxPliNB.exe
  C:\Windows\System\lxPliNB.exe
  2⤵
  PID:8696
- C:\Windows\System\syQviuO.exe
  C:\Windows\System\syQviuO.exe
  2⤵
  PID:8828
- C:\Windows\System\pXImMpO.exe
  C:\Windows\System\pXImMpO.exe
  2⤵
  PID:9060
- C:\Windows\System\RcGqKJc.exe
  C:\Windows\System\RcGqKJc.exe
  2⤵
  PID:8452
- C:\Windows\System\CnWfgJx.exe
  C:\Windows\System\CnWfgJx.exe
  2⤵
  PID:8224
- C:\Windows\System\RmjCDcj.exe
  C:\Windows\System\RmjCDcj.exe
  2⤵
  PID:988
- C:\Windows\System\CfPgwkk.exe
  C:\Windows\System\CfPgwkk.exe
  2⤵
  PID:9072
- C:\Windows\System\pUkiBDP.exe
  C:\Windows\System\pUkiBDP.exe
  2⤵
  PID:8996
- C:\Windows\System\uCTcUYD.exe
  C:\Windows\System\uCTcUYD.exe
  2⤵
  PID:8528
- C:\Windows\System\QPGxcIw.exe
  C:\Windows\System\QPGxcIw.exe
  2⤵
  PID:8904
- C:\Windows\System\DKvwowU.exe
  C:\Windows\System\DKvwowU.exe
  2⤵
  PID:8908
- C:\Windows\System\PuZOlkU.exe
  C:\Windows\System\PuZOlkU.exe
  2⤵
  PID:9052
- C:\Windows\System\sEWQrbX.exe
  C:\Windows\System\sEWQrbX.exe
  2⤵
  PID:8560
- C:\Windows\System\yfrDyxj.exe
  C:\Windows\System\yfrDyxj.exe
  2⤵
  PID:8736
- C:\Windows\System\xQpIpxK.exe
  C:\Windows\System\xQpIpxK.exe
  2⤵
  PID:8788
- C:\Windows\System\QCkTmqU.exe
  C:\Windows\System\QCkTmqU.exe
  2⤵
  PID:9232
- C:\Windows\System\kLkZjCD.exe
  C:\Windows\System\kLkZjCD.exe
  2⤵
  PID:9248
- C:\Windows\System\lHZaUcP.exe
  C:\Windows\System\lHZaUcP.exe
  2⤵
  PID:9264
- C:\Windows\System\QUsOlWl.exe
  C:\Windows\System\QUsOlWl.exe
  2⤵
  PID:9280
- C:\Windows\System\cDkOAMI.exe
  C:\Windows\System\cDkOAMI.exe
  2⤵
  PID:9296
- C:\Windows\System\nrJoHQW.exe
  C:\Windows\System\nrJoHQW.exe
  2⤵
  PID:9312
- C:\Windows\System\koqqjCo.exe
  C:\Windows\System\koqqjCo.exe
  2⤵
  PID:9328
- C:\Windows\System\CmbHYoY.exe
  C:\Windows\System\CmbHYoY.exe
  2⤵
  PID:9344
- C:\Windows\System\JOrRvFk.exe
  C:\Windows\System\JOrRvFk.exe
  2⤵
  PID:9364
- C:\Windows\System\zQIdQSI.exe
  C:\Windows\System\zQIdQSI.exe
  2⤵
  PID:9380
- C:\Windows\System\SmZhmYn.exe
  C:\Windows\System\SmZhmYn.exe
  2⤵
  PID:9396
- C:\Windows\System\eLUZFaO.exe
  C:\Windows\System\eLUZFaO.exe
  2⤵
  PID:9412
- C:\Windows\System\dvkarnt.exe
  C:\Windows\System\dvkarnt.exe
  2⤵
  PID:9428
- C:\Windows\System\YtpWWwo.exe
  C:\Windows\System\YtpWWwo.exe
  2⤵
  PID:9444
- C:\Windows\System\KfWOtJM.exe
  C:\Windows\System\KfWOtJM.exe
  2⤵
  PID:9460
- C:\Windows\System\NQJYJhy.exe
  C:\Windows\System\NQJYJhy.exe
  2⤵
  PID:9476
- C:\Windows\System\hKnZajg.exe
  C:\Windows\System\hKnZajg.exe
  2⤵
  PID:9492
- C:\Windows\System\dSvmcVs.exe
  C:\Windows\System\dSvmcVs.exe
  2⤵
  PID:9508
- C:\Windows\System\uHDOHmJ.exe
  C:\Windows\System\uHDOHmJ.exe
  2⤵
  PID:9524
- C:\Windows\System\EruWsMH.exe
  C:\Windows\System\EruWsMH.exe
  2⤵
  PID:9540
- C:\Windows\System\AOpdYXH.exe
  C:\Windows\System\AOpdYXH.exe
  2⤵
  PID:9556
- C:\Windows\System\ONFgxcX.exe
  C:\Windows\System\ONFgxcX.exe
  2⤵
  PID:9572
- C:\Windows\System\KMMnNcZ.exe
  C:\Windows\System\KMMnNcZ.exe
  2⤵
  PID:9588
- C:\Windows\System\MvSEIHu.exe
  C:\Windows\System\MvSEIHu.exe
  2⤵
  PID:9604
- C:\Windows\System\yhoiYJX.exe
  C:\Windows\System\yhoiYJX.exe
  2⤵
  PID:9620
- C:\Windows\System\WMmpGAo.exe
  C:\Windows\System\WMmpGAo.exe
  2⤵
  PID:9640
- C:\Windows\System\RRbwXFx.exe
  C:\Windows\System\RRbwXFx.exe
  2⤵
  PID:9656
- C:\Windows\System\cmhwHAp.exe
  C:\Windows\System\cmhwHAp.exe
  2⤵
  PID:9672
- C:\Windows\System\SBhfmxD.exe
  C:\Windows\System\SBhfmxD.exe
  2⤵
  PID:9688
- C:\Windows\System\NYmffVv.exe
  C:\Windows\System\NYmffVv.exe
  2⤵
  PID:9704
- C:\Windows\System\JYEJURN.exe
  C:\Windows\System\JYEJURN.exe
  2⤵
  PID:9720
- C:\Windows\System\ZIMkokV.exe
  C:\Windows\System\ZIMkokV.exe
  2⤵
  PID:9736
- C:\Windows\System\eKasuGA.exe
  C:\Windows\System\eKasuGA.exe
  2⤵
  PID:9752
- C:\Windows\System\oaOrqNa.exe
  C:\Windows\System\oaOrqNa.exe
  2⤵
  PID:9768
- C:\Windows\System\LTPZMfb.exe
  C:\Windows\System\LTPZMfb.exe
  2⤵
  PID:9788
- C:\Windows\System\EBYymVL.exe
  C:\Windows\System\EBYymVL.exe
  2⤵
  PID:9804
- C:\Windows\System\UQewwox.exe
  C:\Windows\System\UQewwox.exe
  2⤵
  PID:9820
- C:\Windows\System\azLTMNt.exe
  C:\Windows\System\azLTMNt.exe
  2⤵
  PID:9840
- C:\Windows\System\LhWdCFj.exe
  C:\Windows\System\LhWdCFj.exe
  2⤵
  PID:9856
- C:\Windows\System\qkLLLEx.exe
  C:\Windows\System\qkLLLEx.exe
  2⤵
  PID:9872
- C:\Windows\System\pvCeaSK.exe
  C:\Windows\System\pvCeaSK.exe
  2⤵
  PID:9888
- C:\Windows\System\ITwOeyQ.exe
  C:\Windows\System\ITwOeyQ.exe
  2⤵
  PID:9904
- C:\Windows\System\wUrZssr.exe
  C:\Windows\System\wUrZssr.exe
  2⤵
  PID:9920
- C:\Windows\System\KYsRAmP.exe
  C:\Windows\System\KYsRAmP.exe
  2⤵
  PID:9936
- C:\Windows\System\YsgFzZP.exe
  C:\Windows\System\YsgFzZP.exe
  2⤵
  PID:9952
- C:\Windows\System\SnZKqWH.exe
  C:\Windows\System\SnZKqWH.exe
  2⤵
  PID:9968
- C:\Windows\System\oNDNCuc.exe
  C:\Windows\System\oNDNCuc.exe
  2⤵
  PID:9984
- C:\Windows\System\nhWNyku.exe
  C:\Windows\System\nhWNyku.exe
  2⤵
  PID:10000
- C:\Windows\System\mLIsLQl.exe
  C:\Windows\System\mLIsLQl.exe
  2⤵
  PID:10020
- C:\Windows\System\wHPuiyf.exe
  C:\Windows\System\wHPuiyf.exe
  2⤵
  PID:10036
- C:\Windows\System\DjJOUgX.exe
  C:\Windows\System\DjJOUgX.exe
  2⤵
  PID:10052
- C:\Windows\System\jNRDPED.exe
  C:\Windows\System\jNRDPED.exe
  2⤵
  PID:10072
- C:\Windows\System\pdRPYMc.exe
  C:\Windows\System\pdRPYMc.exe
  2⤵
  PID:10088
- C:\Windows\System\XpZwhov.exe
  C:\Windows\System\XpZwhov.exe
  2⤵
  PID:10104
- C:\Windows\System\fBkNDiH.exe
  C:\Windows\System\fBkNDiH.exe
  2⤵
  PID:10120
- C:\Windows\System\zltYjSc.exe
  C:\Windows\System\zltYjSc.exe
  2⤵
  PID:10168
- C:\Windows\System\pwHkGEe.exe
  C:\Windows\System\pwHkGEe.exe
  2⤵
  PID:10196
- C:\Windows\System\BGfcufH.exe
  C:\Windows\System\BGfcufH.exe
  2⤵
  PID:10224
- C:\Windows\System\lHkmsQe.exe
  C:\Windows\System\lHkmsQe.exe
  2⤵
  PID:7780
- C:\Windows\System\RNLynqb.exe
  C:\Windows\System\RNLynqb.exe
  2⤵
  PID:9240
- C:\Windows\System\AEBKAcz.exe
  C:\Windows\System\AEBKAcz.exe
  2⤵
  PID:9256
- C:\Windows\System\nCuFruL.exe
  C:\Windows\System\nCuFruL.exe
  2⤵
  PID:9276
- C:\Windows\System\jUChNYM.exe
  C:\Windows\System\jUChNYM.exe
  2⤵
  PID:9340
- C:\Windows\System\WHUEQDO.exe
  C:\Windows\System\WHUEQDO.exe
  2⤵
  PID:9320
- C:\Windows\System\vcWdJsl.exe
  C:\Windows\System\vcWdJsl.exe
  2⤵
  PID:9420
- C:\Windows\System\lNhEjjH.exe
  C:\Windows\System\lNhEjjH.exe
  2⤵
  PID:9424
- C:\Windows\System\pNuTehs.exe
  C:\Windows\System\pNuTehs.exe
  2⤵
  PID:9440
- C:\Windows\System\SedQNyj.exe
  C:\Windows\System\SedQNyj.exe
  2⤵
  PID:9504
- C:\Windows\System\pvUmoaZ.exe
  C:\Windows\System\pvUmoaZ.exe
  2⤵
  PID:9568
- C:\Windows\System\ZikBNYY.exe
  C:\Windows\System\ZikBNYY.exe
  2⤵
  PID:9456
- C:\Windows\System\YLjscnB.exe
  C:\Windows\System\YLjscnB.exe
  2⤵
  PID:9548
- C:\Windows\System\ROJbCeh.exe
  C:\Windows\System\ROJbCeh.exe
  2⤵
  PID:9616
- C:\Windows\System\XtOvPjV.exe
  C:\Windows\System\XtOvPjV.exe
  2⤵
  PID:9628
- C:\Windows\System\UtMXwrx.exe
  C:\Windows\System\UtMXwrx.exe
  2⤵
  PID:9652
- C:\Windows\System\sAmNcYq.exe
  C:\Windows\System\sAmNcYq.exe
  2⤵
  PID:9700
- C:\Windows\System\ZiptiWe.exe
  C:\Windows\System\ZiptiWe.exe
  2⤵
  PID:9712
- C:\Windows\System\CIorXkR.exe
  C:\Windows\System\CIorXkR.exe
  2⤵
  PID:9732
- C:\Windows\System\PXPkSew.exe
  C:\Windows\System\PXPkSew.exe
  2⤵
  PID:9800
- C:\Windows\System\xRPnzIv.exe
  C:\Windows\System\xRPnzIv.exe
  2⤵
  PID:9816
- C:\Windows\System\keOBgRx.exe
  C:\Windows\System\keOBgRx.exe
  2⤵
  PID:9864
- C:\Windows\System\wkFqnIG.exe
  C:\Windows\System\wkFqnIG.exe
  2⤵
  PID:9868
- C:\Windows\System\nLIKdzY.exe
  C:\Windows\System\nLIKdzY.exe
  2⤵
  PID:9928
- C:\Windows\System\QDGjYon.exe
  C:\Windows\System\QDGjYon.exe
  2⤵
  PID:9992
- C:\Windows\System\JJIfjrz.exe
  C:\Windows\System\JJIfjrz.exe
  2⤵
  PID:10060
- C:\Windows\System\ghUJPlg.exe
  C:\Windows\System\ghUJPlg.exe
  2⤵
  PID:10100
- C:\Windows\System\WMvGjyQ.exe
  C:\Windows\System\WMvGjyQ.exe
  2⤵
  PID:9944
- C:\Windows\System\sBvhWlw.exe
  C:\Windows\System\sBvhWlw.exe
  2⤵
  PID:10044
- C:\Windows\System\XTszHZv.exe
  C:\Windows\System\XTszHZv.exe
  2⤵
  PID:10128
- C:\Windows\System\cDvzsFg.exe
  C:\Windows\System\cDvzsFg.exe
  2⤵
  PID:10144
- C:\Windows\System\baODtGQ.exe
  C:\Windows\System\baODtGQ.exe
  2⤵
  PID:10164
- C:\Windows\System\yKHeoeX.exe
  C:\Windows\System\yKHeoeX.exe
  2⤵
  PID:10192
- C:\Windows\System\uexYktF.exe
  C:\Windows\System\uexYktF.exe
  2⤵
  PID:10208
- C:\Windows\System\yuzTgxI.exe
  C:\Windows\System\yuzTgxI.exe
  2⤵
  PID:9228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BWsIYHZ.exe

Filesize
6.0MB

MD5
2b25838b8799e1cd2742e72377f6db49

SHA1
f94d32d81fc03653b24df02aa89132de915e234c

SHA256
e7660c6639990ce9ee950a82d05e6a8cd378a1c472be85d31af17ab99769b1c5

SHA512
58d94947325e65945866d194f28ee1d9b910fd2acd27e758836e011426b767aa00d13bb3ce06ca2e494cf4b2d89a7d15c69fd1ffa5f5738eaf14e334ea5ec6c0

Download Submit
C:\Windows\system\BgMTclv.exe

Filesize
6.0MB

MD5
0a914da0f3c552c2db08ec242146916f

SHA1
65838f0ca138c23a5de0dd0aeece9a9f2922ede6

SHA256
d27011c42488d75d9457044d070974504f51d4583ebb5d7d77f191b7e6464de7

SHA512
ff95e53e95c9bcf384fb99a3449f901e8a1e5a47939f5fb3b48bee65d467237eaf3d472f7a3f63eab804b8e1a0c3f5ab52af603ce8e455735ac7d0ec168b6e05

Download Submit
C:\Windows\system\EZnYIDg.exe

Filesize
6.0MB

MD5
9e81fc97aa6492101ec7650d53109ff7

SHA1
6c39408cdbc55f3d4d48a8bc0d1385dbf4bc4bfe

SHA256
58ad47b85b203ab791711f6b814e2c3c9fa3bf0e3585c39fa02ad2b64832f106

SHA512
641f5b464fde287421499a831443c59a440b8e2353ba41077e8fde45d5dc8c1dc79bec442686678dcd15545f08ec56cda3bed4148adcf7502cbe7f0400506676

Download Submit
C:\Windows\system\Hyajjng.exe

Filesize
6.0MB

MD5
d64b2fa1868d0b82ae56d90749bcebc0

SHA1
174c2d4afb3fe860cbbc71edf2faa9c9e768e2e3

SHA256
d67e0c06ba72286cedd1caab4aa9496b9961471233a9cf6d37845253fea83390

SHA512
32901b2e72758cf9b80bca1993006311b19af391fcc733dc6d89c4e3624207935203d5b640731a738dc988965f4f3e1adeb945d0028e174757af34d2776e80ee

Download Submit
C:\Windows\system\IRaTHqw.exe

Filesize
6.0MB

MD5
f13329e320ad37338d0697feb3a3cb97

SHA1
9b3ce46ef25b13d879eb805608a174e21a38490b

SHA256
c5b643157f5e0b884773a2e34da2ecedbb8fd47eadd241df8912f70ec82a61af

SHA512
81a84ca3c7469c8bfe6051b2bdcd2186424fb1a7c9653a04e4c151375c53e013ca6340b7c748095a351a3fa5d7f7da32bb2edeee183be93bd2151a1210a12b6b

Download Submit
C:\Windows\system\JCszsKG.exe

Filesize
6.0MB

MD5
de4ac3ce528bcad271edf8e76e524221

SHA1
7b9d543c047ae730104edc2d5b46c1a2797f484e

SHA256
537ddd65925c578e4088ceb00de2b7fe557ed49be236428eec3d30ca9f34e54e

SHA512
e61d220677b7d1c7d969c198f40cad53c5b06279db9945abfc25adcc7232417e4886ee79f4c717060ac6b9fd010929e7429f4dfde682391590856456c8db1b8d

Download Submit
C:\Windows\system\JKKDVbj.exe

Filesize
6.0MB

MD5
9bc467ce3c31ae5cc4c4d73cf6a1d189

SHA1
246952873bb58a08b2ec1989b90cacab6284e39d

SHA256
9dd812b08201d8e32fbdb119b198709a8c056515fed030cdeecd3157680564ac

SHA512
dcda2273bb37e596d60e0537bcf22d2cff491e5cdaee610e0a25ef65d5b5667186614a5d90885148a387201a27a4e8ea4b5fcf8cdc4aeb3c9e9f7115fe341ee7

Download Submit
C:\Windows\system\JNlyMil.exe

Filesize
6.0MB

MD5
688be070ec3345689d8c2c78ce665156

SHA1
fb159a58ebdf53887430339d34b68d237dece5de

SHA256
bc95e93d26d459d0774d5398a0fbdcde9792d48155e473db9cda7f9706d503a1

SHA512
10f7e969a7aa541cf98bd19284a3bc073b11e20a1caa32437c5b50712048b3acf1e4d4e984396658f18e77ade3654756712b96291ea64e020fb6d6391ae8e1e4

Download Submit
C:\Windows\system\LuEcHzf.exe

Filesize
6.0MB

MD5
537b651507140afde0a1c766a2be4a9a

SHA1
95fc7fb0543b803700a6e9853f33e0032fa5a264

SHA256
4d112873f68e30df74d08dd07a6376dbadf9a016c0f5ab9e41f3a493cf9710ce

SHA512
138c6af5957f046e81407f783ca1843decbcc5992aaab24cc11f63855afe5d11fc8483de6d50c124432d647e928195296258d858197836fc287060ed099c8309

Download Submit
C:\Windows\system\MYXAvAY.exe

Filesize
6.0MB

MD5
66f2f897434bd7152b11bcd45a13dc94

SHA1
02104a3cbae95edafeafd9dbfc45461975bc7d50

SHA256
93cce03dfb9bee9dcd478967a3edcddb1b7857eb0204e84f9c9ca15183b1e740

SHA512
d98c9f0c80603c74832a07c6601569556aa84b86a9379da09801ba3bf01c8ed226f921cbd5dae13a59dc351b327422a142e1b8faba722eff539172acf55b6b94

Download Submit
C:\Windows\system\NhWuCCo.exe

Filesize
6.0MB

MD5
4fb9e60de4eec6c702ff2e948db878d4

SHA1
86245969e3eafcfb13b0bb376827ad5dd21203ff

SHA256
7ac2998d3a7dcd61d71fbb481d26cbf53b4ac91375beebaf5c744e9d9ab88b97

SHA512
a7148a9868ae30f54f03cf90509075c0b6530327328f450f68e8fce69a30bbf0bf346b41d6f3e29e97dc71ee6dfe2d6339e3ceedfef17f9b0fe1f4f4b41b4d2f

Download Submit
C:\Windows\system\OdOZcbG.exe

Filesize
6.0MB

MD5
b830b00731e19ff9abefc720fe9fbfe6

SHA1
933cf15547f1b2b4bd7fe41731fc36125b0d5ddb

SHA256
1e69ea4f57fad73737fdc73e9d644fb2b5294e3bdf0c72aabb41f3efe983f82f

SHA512
6608356a149c80dd1b7c477de0dc4b3320df2cb0652b68214139c691dd18ca13dc731cb2b811cf244cb9c4fc626b4896117d495f918099acb71d2548c9b518f0

Download Submit
C:\Windows\system\QrYZwIi.exe

Filesize
6.0MB

MD5
ca33b2798bbb6d41dad216b53b9a0180

SHA1
06eb53712c889f403608cb31b355cf479b9e1e24

SHA256
b24c4e7673a8d28e9efcd3c94bcf7eca8a75abd2dfd1e011e816aba6f491765d

SHA512
15b9574aa178b0bd817fbfa704da52ca1d4841574b828fa1135f8e5acc0fb8a37b8db8de6d503e68ef3f05b0142935ce8c28d6d86fd876c60c425d9f9bda7767

Download Submit
C:\Windows\system\WDulLMV.exe

Filesize
6.0MB

MD5
5dfdda08f85ad55ab3054b00c510198e

SHA1
f3a23ae1b54afff0aeea360b9769e4e9cac43e30

SHA256
18798f366956099e21d66a09b35bef11e0b687a071285d978d0cf470ecb616fa

SHA512
6c5025db7c335399f1ab45f2bec13dc895b6aa4297304f639b3b83322b36b19445e61a61afec31f5174f2797d43821c1ebcff733ff5daca09af8106826abfc3d

Download Submit
C:\Windows\system\YBhKuiw.exe

Filesize
6.0MB

MD5
e14432a58c2ffeec1460fdd53bd39cd3

SHA1
e5e55788b2bb10e2c78101b09baa980f2967ffaf

SHA256
4bc3c80a48c9b5d2eb8cc2903575c03838232327be2f967812e918deb4c3a5fc

SHA512
c79516d1c67a59352d22fe3d6ae75d550c4558dde86ac380e2a4b48a655bf92b7912bf7ccd6b2a1c69e769c05c03b95a089f9bdd68554bdd27046c94142921a9

Download Submit
C:\Windows\system\bXWIfla.exe

Filesize
6.0MB

MD5
b56cc116f267cde5630a4af2e4f391c7

SHA1
8d57ca95380636f5c286485e0ae6f06b7553287e

SHA256
bd99cf8a883099116ac957f334b314eac330de9cd6a2c790ca4bce6370d77a94

SHA512
6d40d0b5bf65dd5a4241fb8d0d360fe0e82dd2b6f5ac4967d166784da82f7979ef2d609bd83d3030c7a34e94e29297a076b5d5948fac7ce1a1c796b7fcfa591b

Download Submit
C:\Windows\system\bgpTDrU.exe

Filesize
6.0MB

MD5
d752695ae3748dba019d618af93b7a44

SHA1
fe38e0bf7042692257bb7e66edef44cebe62af45

SHA256
8234ec2a829bf38902436ef223e0971477fa1ea038b38da02368becda88730cd

SHA512
ae701b0e9ef37cb33a2afb93751abdcefa76abb655e13b7577c7734d94c8e770d91b57331eaeba403197db2ecd64257c495b793bd838779a34eff8d55f47f58c

Download Submit
C:\Windows\system\eGgnUCv.exe

Filesize
6.0MB

MD5
9afa5b80ca944466dde44d52a7e3da97

SHA1
9bf125465c171c2b90a546c6f2231e9dfb77ac53

SHA256
071b6a67904a08d4d24890fe5cbebd2a3e1c4d9477cd560350b89378a71613fb

SHA512
bfbc244f9faaa6dd98d6ed2fff752457204ca0dcc2e32d4487ab366992553929e50696a4420a9a70e2d36a6a67b6c03038fe2c8d226d3808e1af7b672424d8df

Download Submit
C:\Windows\system\gQrRJnZ.exe

Filesize
6.0MB

MD5
5004adde5a5984b2be3a9ef9647be63a

SHA1
29ec5afe87ad6686d7541c6c9b37ca0180c2ed82

SHA256
d020c36e067b031ac30aaf93608f167089b6fea9b2188e5f6f70c17501f8c217

SHA512
30ea476916b6c96e4850c4c8a02ec7da6643f71583d6ba284e2835b9f57004ea1b7d38a45f71008e542d1367b4696fffac6435ce474f6bc92183e9dbe259f069

Download Submit
C:\Windows\system\hONlskj.exe

Filesize
6.0MB

MD5
4e7414209a5d6d17d8cb12990f89dfc5

SHA1
ffeed4fa36389c44f1c7e97476d5785a005a281f

SHA256
b87aa5a63cd1702aa609fe1b3ee5b3df3a598a75a254208f32dc2e16bac8e0cf

SHA512
a84a3a9810725bd23673537c049dc7a65fa1ee627fd70c0c897d96b90f845465de00f2e09c960108c2e478261048d995149fba55eca3b13919d38e3cf622b5f5

Download Submit
C:\Windows\system\iHjRAvj.exe

Filesize
6.0MB

MD5
348ce732da620d151d63d9102f0ddf58

SHA1
0c54984cf9dd8b6965e77afa69123143ef9c2eb0

SHA256
29156fe58539b30bf72cc41f83d0168334ab2574dc025c6d42c1865baf259b85

SHA512
b7e1adc8f263eeb0498745202871fd4a6dc07dbd965cfa3eeab76cbc3520f724caa8da8127beef3dda20abd0c6d98378627efd1ff9177eabdf0ed23c388330a6

Download Submit
C:\Windows\system\jENRCIE.exe

Filesize
6.0MB

MD5
bf76486142937c5173ec2f4df2e2308b

SHA1
603db2e81b11ba5856384cffeaf303b2cf36eaf3

SHA256
6dbf2a3bfd6fb76b2333f37bbee167f22d3a3d4f1513c952127aab4414839b4a

SHA512
c08f1d8879ff19a284ba9dec91205d1a41fa2f85abe0eaee1a9a0d8d5ba7910f40a3c928c8bb389f22f87c8938ce6666b81cc093075521a7c1e2aeea40c92eb4

Download Submit
C:\Windows\system\kOPjpUs.exe

Filesize
6.0MB

MD5
815773a6eff69b028b9bbf4712eb52d5

SHA1
fca6da86c06dec9e65b3cbafc36adf5903167a89

SHA256
09c3d42295b3fa2395f39f0cc97da62e250fbbdf832e7a1d7c6aa5f7e3c9f33b

SHA512
fcc25fbd94e00e283687abbf4da9f78c714f60f9494706e6bc62728e58c5404b95cb8aa84d7c047d7b2789ddf9cb5e4aa294e8c940e7019377895887882357d0

Download Submit
C:\Windows\system\kixbLwK.exe

Filesize
6.0MB

MD5
fdcafbaca491e10c63874f564a564921

SHA1
b53993d950e2382ffc208032a162c81a1e0053c2

SHA256
ebaa4b3fb299941a4df2daae90205efb40c40b103c7b3acbb1eca1da89da792c

SHA512
483bec760e6a2e2ccc0d3407f5b970e8048001d0b561d2a5957f33c3014552d017674577548277e1bf6edc4be8446a5d333b2958734ee529c5496bc286ee113c

Download Submit
C:\Windows\system\lCCHSAT.exe

Filesize
6.0MB

MD5
24b69f59a68a46738c83b04c51214695

SHA1
10323fd740d178c5cad1ffaaa3c0af2a0174f0ae

SHA256
7f5ee034b5ecb72915c5f23ccc4c6f27219a98ef7c2809bb706679d305c75423

SHA512
89ed9298e285442b241652f0eca93bf10dba0b562cf4266a3d1a82ef647396207b22755056b3c33b2df546b7a71f6a45807d276f82ee358f8b81e04a6a9e1580

Download Submit
C:\Windows\system\msCtpti.exe

Filesize
6.0MB

MD5
20abcee606a81d023f55df3d269bd7c9

SHA1
d44d539b5afdb4ba24d16dc2619217969090e4ea

SHA256
1000387e1de4645ad3c21f7e3eb2350a03cbe361fcbf6c7636beb82a544675f4

SHA512
9173f63dc0805ac24b4f8a6b82f31dbbdc4d70bcf05d27d90d9b466f0c6d21a8e684f5e0249137d74fdfd6736a26d6f846f3cd8fa550341e982ac84e8bb64ae0

Download Submit
C:\Windows\system\rbcwCOT.exe

Filesize
6.0MB

MD5
2af1b7debe97d3862878fae06533ee06

SHA1
5b5847bc69f0a0fd586d356a08604b5ab01f7886

SHA256
62af0752b63c2d29a561c370b1944fc0f72bcd6b342d5a711def9002cc4a2762

SHA512
cadfdaf32ab6390347f3a597746f0471d70019e0d821e6b138d29344c3b903d025dffac2a88c9e9096a371968c650162887666742c14fdc3d2ffc2d70405903d

Download Submit
C:\Windows\system\susneAX.exe

Filesize
6.0MB

MD5
36b60fb300b92482132d7bd6dd4f2f71

SHA1
efb1374feaa88737fa225d2dad6cd1307d660046

SHA256
12f1b90d3feabe52c879335d42c4fad26fd7211c7d191f7c54ccc21e12e498d4

SHA512
a8a064fe5dc1c0776b9e06cf5f4f76e438bfe67033057a17937007e8bdb57202c2ebacfb5a38ae361f171251814122472c8514029793796846b947f60406c43e

Download Submit
C:\Windows\system\uMiQOmn.exe

Filesize
6.0MB

MD5
67bc79ff107344bef745a768f4e2ac96

SHA1
edba6228afeae867bc581ed1332d9de524210607

SHA256
73fcc07867c30b7c01b4bc4e8fecadc79be3cd139f20a00c566096dab50ed6da

SHA512
f3706ce953e79d5a775059224554c6ae4e919f47d127156121ee50c13dfd4828872d2bfd6a65530bd488e05744f8dc4c455d33609eea935cdc2e547d6e1990a3

Download Submit
C:\Windows\system\vTCDXfi.exe

Filesize
6.0MB

MD5
9994c9d52fda42d8c7d2d22f4a32c2f7

SHA1
b0ddd38c09e4c0ba3947420a6d26dd15848590ca

SHA256
f35f4b9a2cce930851fe6815aacac7d903e9db5c26f78c654b9851765f78d338

SHA512
a22bbf12d92ca3b70e599109cab635ca69769e3282bad84e2950d4df949d9b122287b7359337b5632ba6ff29af66589455795e2d20c1d8d69f92af63c9b7aab9

Download Submit
\Windows\system\obBogls.exe

Filesize
6.0MB

MD5
8c21e30e9714759d99f72a91f5a405d0

SHA1
707aed7f6a1cd00780b1a60b08c98ae837de249d

SHA256
3a7962dbcf49150c0912ea079c331470aef8106a04b9f3752c217b1a50d06f53

SHA512
9e79d4a0db13b893c6733785757134a55e379c2b9b05cbe2b724de8799624f623ae4218419ec07ab869b1d09bfce61e7936ea30a96c67cf725db306d64845314

Download Submit
\Windows\system\wdsLnmo.exe

Filesize
6.0MB

MD5
d2800e9faacb78703d20c938a8c91280

SHA1
c95524852ff2a098b15efb8e8779364256a7f269

SHA256
d4962c0c1cdbcadb02480a74b8fbb7d5dbe34cb9668c68d6c885a2e64194acd3

SHA512
42730bfe92588613e638a311604fffe70390365ab0889ebb4dc19203ac63a7e49747f0d3f62f5908dace8a3fb35de81ad7e0110da55ce80ce564d47d514ebe7c

Download Submit
memory/1044-3366-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1044-2352-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1272-2338-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1272-3371-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2288-3338-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2189-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2500-3376-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2500-2179-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3291-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2344-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2792-2358-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3293-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-4386-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-2156-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3292-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2936-2375-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2960-2172-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2960-2368-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2960-2183-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2960-2354-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-2348-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-2213-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2960-2157-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/2960-0-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2960-4370-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2960-2339-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2972-2167-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2972-3290-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download