cobaltstrike | 195c0e57f4108cbdcb554d5cde400b2d90d178d95a51c1156fd89523e0b14638

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 10:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

df0b3d6d6e08ac4606f2901c924d5067
SHA1

5fc6ae4bfa04b92a7dc93b8f518150c1eeb18477
SHA256

195c0e57f4108cbdcb554d5cde400b2d90d178d95a51c1156fd89523e0b14638
SHA512

196b327879343805abe199b1c02bcc33d7ce7eddace1d60850b4f909bff6e21873a840acc609d8773ba369708cd8e5241ebf454fe8894adecfce6ca3254b7d9b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUQ:T+q56utgpPF8u/7Q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012033-6.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001471c-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014a05-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014864-33.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014714-17.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000146e1-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014b38-54.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014ac1-46.dat	cobalt_reflective_dll
behavioral1/files/0x0036000000014504-58.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014c00-69.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d02-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d0c-84.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d1f-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d15-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cf6-78.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ccb-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d27-114.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d30-117.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d40-128.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d54-130.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d38-124.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016da6-137.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016daf-143.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f97-155.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017390-190.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017474-186.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016e73-179.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f6-176.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173b2-164.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017481-191.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001746c-182.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173ee-172.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739b-171.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dc1-150.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2692-0-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x000a000000012033-6.dat	xmrig
behavioral1/memory/2608-18-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2644-20-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x000800000001471c-27.dat	xmrig
behavioral1/memory/2796-21-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2508-28-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2536-35-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/files/0x0007000000014a05-36.dat	xmrig
behavioral1/files/0x0007000000014864-33.dat	xmrig
behavioral1/files/0x0008000000014714-17.dat	xmrig
behavioral1/files/0x00080000000146e1-12.dat	xmrig
behavioral1/memory/2692-49-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2688-48-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2612-50-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000014b38-54.dat	xmrig
behavioral1/memory/2516-57-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x0007000000014ac1-46.dat	xmrig
behavioral1/files/0x0036000000014504-58.dat	xmrig
behavioral1/memory/2668-63-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2508-65-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2412-73-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2536-72-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/files/0x0008000000014c00-69.dat	xmrig
behavioral1/files/0x0006000000016d02-81.dat	xmrig
behavioral1/files/0x0006000000016d0c-84.dat	xmrig
behavioral1/files/0x0006000000016d1f-110.dat	xmrig
behavioral1/memory/1496-109-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2756-103-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/944-102-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d15-100.dat	xmrig
behavioral1/memory/1168-96-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/files/0x0006000000016cf6-78.dat	xmrig
behavioral1/files/0x0006000000016ccb-76.dat	xmrig
behavioral1/files/0x0006000000016d27-114.dat	xmrig
behavioral1/files/0x0006000000016d30-117.dat	xmrig
behavioral1/files/0x0006000000016d40-128.dat	xmrig
behavioral1/files/0x0006000000016d54-130.dat	xmrig
behavioral1/files/0x0006000000016d38-124.dat	xmrig
behavioral1/memory/2692-132-0x0000000002280000-0x00000000025D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016da6-137.dat	xmrig
behavioral1/files/0x0006000000016daf-143.dat	xmrig
behavioral1/files/0x0006000000016f97-155.dat	xmrig
behavioral1/files/0x0006000000017390-190.dat	xmrig
behavioral1/files/0x0006000000017474-186.dat	xmrig
behavioral1/files/0x0006000000016e73-179.dat	xmrig
behavioral1/files/0x00060000000173f6-176.dat	xmrig
behavioral1/files/0x00060000000173b2-164.dat	xmrig
behavioral1/files/0x0006000000017481-191.dat	xmrig
behavioral1/files/0x000600000001746c-182.dat	xmrig
behavioral1/memory/1168-777-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2668-367-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/files/0x00060000000173ee-172.dat	xmrig
behavioral1/files/0x000600000001739b-171.dat	xmrig
behavioral1/files/0x0006000000016dc1-150.dat	xmrig
behavioral1/memory/2796-4006-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2608-4013-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2536-4014-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2688-4015-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2612-4016-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2516-4017-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2668-4018-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2412-4019-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/1168-4021-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2608	agPcUOm.exe
2644	JNXTALt.exe
2796	PTJiUXC.exe
2508	eedOWcO.exe
2536	FfMMpHP.exe
2688	LXHRqlK.exe
2612	gVArsBy.exe
2516	CjjzxFg.exe
2668	OLvvYls.exe
2412	IrQBKOs.exe
1168	nJgTbZg.exe
1496	QQmlLUM.exe
944	hUNiZht.exe
2756	hSiMjXC.exe
2868	cOStHoG.exe
2024	WMqlUND.exe
2352	WTiTxTW.exe
1556	iPhViDs.exe
1280	mgklmSs.exe
2744	McMqBvC.exe
1976	sufIAqw.exe
1028	wPUrhdX.exe
2764	QzARBXG.exe
2596	SSKcxWS.exe
1980	HiSWqOL.exe
2336	FcTXZdH.exe
2208	RCxFmJD.exe
2012	OKXJznp.exe
2932	hRgEMld.exe
2096	GIGrFDH.exe
960	FwCqupL.exe
2368	GiCtRig.exe
2088	CpZESzo.exe
2172	IUCwGNn.exe
468	pDofEyu.exe
344	rudutWq.exe
2108	tPHbYfK.exe
1292	MFwppiO.exe
1040	DoVxmvq.exe
1624	YEUePbf.exe
792	axNOZnr.exe
1872	tfxggvI.exe
1560	MDXSnBL.exe
1820	wKGokxO.exe
2300	lgIsFcX.exe
1928	waUzQUB.exe
2344	QycHEyJ.exe
2968	UNjBHOb.exe
1512	vPrGuDs.exe
2124	HZAzvdK.exe
1612	RGWFEQy.exe
2916	hntwxQe.exe
1532	BBUpyfM.exe
1568	kKBfaMg.exe
2128	DjbBkFc.exe
2892	sEEwjFw.exe
3008	IVGeTAT.exe
2560	eMsRuOn.exe
2004	KBcHqvV.exe
1052	RxGcUaC.exe
2288	vvFosbn.exe
2976	uMNKvhF.exe
1956	AtbWDgr.exe
896	ULuFvxB.exe

Loads dropped DLL 64 IoCs

pid	Process
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2692-0-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x000a000000012033-6.dat	upx
behavioral1/memory/2608-18-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2644-20-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x000800000001471c-27.dat	upx
behavioral1/memory/2796-21-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2508-28-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2536-35-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/files/0x0007000000014a05-36.dat	upx
behavioral1/files/0x0007000000014864-33.dat	upx
behavioral1/files/0x0008000000014714-17.dat	upx
behavioral1/files/0x00080000000146e1-12.dat	upx
behavioral1/memory/2692-49-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2688-48-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2612-50-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x0008000000014b38-54.dat	upx
behavioral1/memory/2516-57-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x0007000000014ac1-46.dat	upx
behavioral1/files/0x0036000000014504-58.dat	upx
behavioral1/memory/2668-63-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2508-65-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2412-73-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2536-72-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/files/0x0008000000014c00-69.dat	upx
behavioral1/files/0x0006000000016d02-81.dat	upx
behavioral1/files/0x0006000000016d0c-84.dat	upx
behavioral1/files/0x0006000000016d1f-110.dat	upx
behavioral1/memory/1496-109-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2756-103-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/944-102-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x0006000000016d15-100.dat	upx
behavioral1/memory/1168-96-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x0006000000016cf6-78.dat	upx
behavioral1/files/0x0006000000016ccb-76.dat	upx
behavioral1/files/0x0006000000016d27-114.dat	upx
behavioral1/files/0x0006000000016d30-117.dat	upx
behavioral1/files/0x0006000000016d40-128.dat	upx
behavioral1/files/0x0006000000016d54-130.dat	upx
behavioral1/files/0x0006000000016d38-124.dat	upx
behavioral1/files/0x0006000000016da6-137.dat	upx
behavioral1/files/0x0006000000016daf-143.dat	upx
behavioral1/files/0x0006000000016f97-155.dat	upx
behavioral1/files/0x0006000000017390-190.dat	upx
behavioral1/files/0x0006000000017474-186.dat	upx
behavioral1/files/0x0006000000016e73-179.dat	upx
behavioral1/files/0x00060000000173f6-176.dat	upx
behavioral1/files/0x00060000000173b2-164.dat	upx
behavioral1/files/0x0006000000017481-191.dat	upx
behavioral1/files/0x000600000001746c-182.dat	upx
behavioral1/memory/1168-777-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2668-367-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/files/0x00060000000173ee-172.dat	upx
behavioral1/files/0x000600000001739b-171.dat	upx
behavioral1/files/0x0006000000016dc1-150.dat	upx
behavioral1/memory/2796-4006-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2608-4013-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2536-4014-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2688-4015-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2612-4016-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2516-4017-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2668-4018-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2412-4019-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/1168-4021-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/1496-4020-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\AtbWDgr.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gOiOWHX.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zvycisf.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zBTVKCg.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HDIsZEx.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\celLfDf.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sAvXvwn.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jJyxfoD.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVGeTAT.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNkjGeO.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RoWBowD.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DeINaTC.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LByluPV.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HYYUYwT.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fIBeovy.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iIfntYe.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQVoBkS.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMsRuOn.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzKEHKg.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQljOaV.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvosCdF.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZdNMFZ.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZcGBfdo.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ziSrJpR.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAZsgya.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLmQGfO.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rGmoWdY.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GSsZutR.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbxPArC.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GBMataN.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ACatvbq.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HJMskIo.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VqNnxBT.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GLMyueG.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jyfDtub.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MoXHmPb.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YJegldn.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\myoQyXD.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCQIWyX.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nAGArlJ.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aiXgJZL.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOnpzHB.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qplRpwS.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zyLjuVJ.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XBLNvyu.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\axNOZnr.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PLjFKjd.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yuYCIYE.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wpdhPqY.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tONNOtG.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jXfybgu.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ietuLeV.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSDzDGB.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaJuUuw.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SXITArx.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ehptPlJ.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RGWFEQy.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AAyoIrM.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dELnmYW.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jBpHqWN.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LMjTumv.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oLkdaJm.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UWYHwed.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HVoMBPZ.exe	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 2608	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2692 wrote to memory of 2608	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2692 wrote to memory of 2608	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2692 wrote to memory of 2644	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2692 wrote to memory of 2644	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2692 wrote to memory of 2644	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2692 wrote to memory of 2796	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2692 wrote to memory of 2796	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2692 wrote to memory of 2796	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2692 wrote to memory of 2508	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2692 wrote to memory of 2508	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2692 wrote to memory of 2508	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2692 wrote to memory of 2536	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2692 wrote to memory of 2536	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2692 wrote to memory of 2536	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2692 wrote to memory of 2688	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2692 wrote to memory of 2688	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2692 wrote to memory of 2688	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2692 wrote to memory of 2612	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2692 wrote to memory of 2612	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2692 wrote to memory of 2612	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2692 wrote to memory of 2516	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2692 wrote to memory of 2516	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2692 wrote to memory of 2516	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2692 wrote to memory of 2668	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2692 wrote to memory of 2668	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2692 wrote to memory of 2668	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2692 wrote to memory of 2412	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2692 wrote to memory of 2412	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2692 wrote to memory of 2412	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2692 wrote to memory of 1168	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2692 wrote to memory of 1168	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2692 wrote to memory of 1168	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2692 wrote to memory of 1496	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2692 wrote to memory of 1496	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2692 wrote to memory of 1496	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2692 wrote to memory of 944	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2692 wrote to memory of 944	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2692 wrote to memory of 944	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2692 wrote to memory of 2756	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2692 wrote to memory of 2756	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2692 wrote to memory of 2756	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2692 wrote to memory of 2868	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2692 wrote to memory of 2868	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2692 wrote to memory of 2868	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2692 wrote to memory of 2024	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2692 wrote to memory of 2024	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2692 wrote to memory of 2024	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2692 wrote to memory of 2352	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2692 wrote to memory of 2352	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2692 wrote to memory of 2352	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2692 wrote to memory of 1556	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2692 wrote to memory of 1556	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2692 wrote to memory of 1556	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2692 wrote to memory of 1280	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2692 wrote to memory of 1280	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2692 wrote to memory of 1280	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2692 wrote to memory of 2744	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2692 wrote to memory of 2744	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2692 wrote to memory of 2744	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2692 wrote to memory of 1976	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2692 wrote to memory of 1976	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2692 wrote to memory of 1976	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2692 wrote to memory of 1028	2692	2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-22_df0b3d6d6e08ac4606f2901c924d5067_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Windows\System\agPcUOm.exe
  C:\Windows\System\agPcUOm.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\JNXTALt.exe
  C:\Windows\System\JNXTALt.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\PTJiUXC.exe
  C:\Windows\System\PTJiUXC.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\eedOWcO.exe
  C:\Windows\System\eedOWcO.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\FfMMpHP.exe
  C:\Windows\System\FfMMpHP.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\LXHRqlK.exe
  C:\Windows\System\LXHRqlK.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\gVArsBy.exe
  C:\Windows\System\gVArsBy.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\CjjzxFg.exe
  C:\Windows\System\CjjzxFg.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\OLvvYls.exe
  C:\Windows\System\OLvvYls.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\IrQBKOs.exe
  C:\Windows\System\IrQBKOs.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\nJgTbZg.exe
  C:\Windows\System\nJgTbZg.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\QQmlLUM.exe
  C:\Windows\System\QQmlLUM.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\hUNiZht.exe
  C:\Windows\System\hUNiZht.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\hSiMjXC.exe
  C:\Windows\System\hSiMjXC.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\cOStHoG.exe
  C:\Windows\System\cOStHoG.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\WMqlUND.exe
  C:\Windows\System\WMqlUND.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\WTiTxTW.exe
  C:\Windows\System\WTiTxTW.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\iPhViDs.exe
  C:\Windows\System\iPhViDs.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\mgklmSs.exe
  C:\Windows\System\mgklmSs.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\McMqBvC.exe
  C:\Windows\System\McMqBvC.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\sufIAqw.exe
  C:\Windows\System\sufIAqw.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\wPUrhdX.exe
  C:\Windows\System\wPUrhdX.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\QzARBXG.exe
  C:\Windows\System\QzARBXG.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\SSKcxWS.exe
  C:\Windows\System\SSKcxWS.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\OKXJznp.exe
  C:\Windows\System\OKXJznp.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\HiSWqOL.exe
  C:\Windows\System\HiSWqOL.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\GIGrFDH.exe
  C:\Windows\System\GIGrFDH.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\FcTXZdH.exe
  C:\Windows\System\FcTXZdH.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\CpZESzo.exe
  C:\Windows\System\CpZESzo.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\RCxFmJD.exe
  C:\Windows\System\RCxFmJD.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\IUCwGNn.exe
  C:\Windows\System\IUCwGNn.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\hRgEMld.exe
  C:\Windows\System\hRgEMld.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\pDofEyu.exe
  C:\Windows\System\pDofEyu.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\FwCqupL.exe
  C:\Windows\System\FwCqupL.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\rudutWq.exe
  C:\Windows\System\rudutWq.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\GiCtRig.exe
  C:\Windows\System\GiCtRig.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\tPHbYfK.exe
  C:\Windows\System\tPHbYfK.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\MFwppiO.exe
  C:\Windows\System\MFwppiO.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\DoVxmvq.exe
  C:\Windows\System\DoVxmvq.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\YEUePbf.exe
  C:\Windows\System\YEUePbf.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\axNOZnr.exe
  C:\Windows\System\axNOZnr.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\tfxggvI.exe
  C:\Windows\System\tfxggvI.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\kKBfaMg.exe
  C:\Windows\System\kKBfaMg.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\MDXSnBL.exe
  C:\Windows\System\MDXSnBL.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\KBcHqvV.exe
  C:\Windows\System\KBcHqvV.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\wKGokxO.exe
  C:\Windows\System\wKGokxO.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\RxGcUaC.exe
  C:\Windows\System\RxGcUaC.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\lgIsFcX.exe
  C:\Windows\System\lgIsFcX.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\vvFosbn.exe
  C:\Windows\System\vvFosbn.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\waUzQUB.exe
  C:\Windows\System\waUzQUB.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\uMNKvhF.exe
  C:\Windows\System\uMNKvhF.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\QycHEyJ.exe
  C:\Windows\System\QycHEyJ.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\AtbWDgr.exe
  C:\Windows\System\AtbWDgr.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\UNjBHOb.exe
  C:\Windows\System\UNjBHOb.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\ULuFvxB.exe
  C:\Windows\System\ULuFvxB.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\vPrGuDs.exe
  C:\Windows\System\vPrGuDs.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\YPcQDfN.exe
  C:\Windows\System\YPcQDfN.exe
  2⤵
  PID:1072
- C:\Windows\System\HZAzvdK.exe
  C:\Windows\System\HZAzvdK.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\Vkbtggu.exe
  C:\Windows\System\Vkbtggu.exe
  2⤵
  PID:1608
- C:\Windows\System\RGWFEQy.exe
  C:\Windows\System\RGWFEQy.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\yCAcbxz.exe
  C:\Windows\System\yCAcbxz.exe
  2⤵
  PID:2712
- C:\Windows\System\hntwxQe.exe
  C:\Windows\System\hntwxQe.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\jsUyhaU.exe
  C:\Windows\System\jsUyhaU.exe
  2⤵
  PID:2528
- C:\Windows\System\BBUpyfM.exe
  C:\Windows\System\BBUpyfM.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\ONuvfaw.exe
  C:\Windows\System\ONuvfaw.exe
  2⤵
  PID:2552
- C:\Windows\System\DjbBkFc.exe
  C:\Windows\System\DjbBkFc.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\ZaGONEN.exe
  C:\Windows\System\ZaGONEN.exe
  2⤵
  PID:2788
- C:\Windows\System\sEEwjFw.exe
  C:\Windows\System\sEEwjFw.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\qzylFNL.exe
  C:\Windows\System\qzylFNL.exe
  2⤵
  PID:1648
- C:\Windows\System\IVGeTAT.exe
  C:\Windows\System\IVGeTAT.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\esKWxcK.exe
  C:\Windows\System\esKWxcK.exe
  2⤵
  PID:2660
- C:\Windows\System\eMsRuOn.exe
  C:\Windows\System\eMsRuOn.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\oZuGVet.exe
  C:\Windows\System\oZuGVet.exe
  2⤵
  PID:2820
- C:\Windows\System\BxtIRYk.exe
  C:\Windows\System\BxtIRYk.exe
  2⤵
  PID:2720
- C:\Windows\System\dwptoux.exe
  C:\Windows\System\dwptoux.exe
  2⤵
  PID:2824
- C:\Windows\System\BHLLMpq.exe
  C:\Windows\System\BHLLMpq.exe
  2⤵
  PID:2008
- C:\Windows\System\iLJvDpj.exe
  C:\Windows\System\iLJvDpj.exe
  2⤵
  PID:692
- C:\Windows\System\LsESdpU.exe
  C:\Windows\System\LsESdpU.exe
  2⤵
  PID:1992
- C:\Windows\System\OxeTATS.exe
  C:\Windows\System\OxeTATS.exe
  2⤵
  PID:2192
- C:\Windows\System\gXhfLEt.exe
  C:\Windows\System\gXhfLEt.exe
  2⤵
  PID:2484
- C:\Windows\System\BsLbjdo.exe
  C:\Windows\System\BsLbjdo.exe
  2⤵
  PID:2936
- C:\Windows\System\XPXDOqG.exe
  C:\Windows\System\XPXDOqG.exe
  2⤵
  PID:2360
- C:\Windows\System\enmXlRB.exe
  C:\Windows\System\enmXlRB.exe
  2⤵
  PID:1440
- C:\Windows\System\TjQXfno.exe
  C:\Windows\System\TjQXfno.exe
  2⤵
  PID:2540
- C:\Windows\System\gLmQGfO.exe
  C:\Windows\System\gLmQGfO.exe
  2⤵
  PID:2672
- C:\Windows\System\EgRCRST.exe
  C:\Windows\System\EgRCRST.exe
  2⤵
  PID:1244
- C:\Windows\System\aeZLCtu.exe
  C:\Windows\System\aeZLCtu.exe
  2⤵
  PID:1360
- C:\Windows\System\OxanKPk.exe
  C:\Windows\System\OxanKPk.exe
  2⤵
  PID:1744
- C:\Windows\System\UBlThnC.exe
  C:\Windows\System\UBlThnC.exe
  2⤵
  PID:1632
- C:\Windows\System\UgjXOez.exe
  C:\Windows\System\UgjXOez.exe
  2⤵
  PID:924
- C:\Windows\System\AqaCHZg.exe
  C:\Windows\System\AqaCHZg.exe
  2⤵
  PID:1940
- C:\Windows\System\PoPLfJg.exe
  C:\Windows\System\PoPLfJg.exe
  2⤵
  PID:2956
- C:\Windows\System\uybZwst.exe
  C:\Windows\System\uybZwst.exe
  2⤵
  PID:1604
- C:\Windows\System\eZmNgbN.exe
  C:\Windows\System\eZmNgbN.exe
  2⤵
  PID:2212
- C:\Windows\System\FObMSRi.exe
  C:\Windows\System\FObMSRi.exe
  2⤵
  PID:1616
- C:\Windows\System\itQFOnV.exe
  C:\Windows\System\itQFOnV.exe
  2⤵
  PID:2736
- C:\Windows\System\xtqLgrs.exe
  C:\Windows\System\xtqLgrs.exe
  2⤵
  PID:776
- C:\Windows\System\XLZSRlD.exe
  C:\Windows\System\XLZSRlD.exe
  2⤵
  PID:2188
- C:\Windows\System\VjGdcty.exe
  C:\Windows\System\VjGdcty.exe
  2⤵
  PID:648
- C:\Windows\System\rUgHfRh.exe
  C:\Windows\System\rUgHfRh.exe
  2⤵
  PID:2636
- C:\Windows\System\RzVQzlF.exe
  C:\Windows\System\RzVQzlF.exe
  2⤵
  PID:2952
- C:\Windows\System\potUuKq.exe
  C:\Windows\System\potUuKq.exe
  2⤵
  PID:2256
- C:\Windows\System\zePfZSr.exe
  C:\Windows\System\zePfZSr.exe
  2⤵
  PID:1860
- C:\Windows\System\prVKqiC.exe
  C:\Windows\System\prVKqiC.exe
  2⤵
  PID:1508
- C:\Windows\System\JGZcxLl.exe
  C:\Windows\System\JGZcxLl.exe
  2⤵
  PID:2456
- C:\Windows\System\MZwATiS.exe
  C:\Windows\System\MZwATiS.exe
  2⤵
  PID:1520
- C:\Windows\System\gNvwgdE.exe
  C:\Windows\System\gNvwgdE.exe
  2⤵
  PID:1264
- C:\Windows\System\TEYfOex.exe
  C:\Windows\System\TEYfOex.exe
  2⤵
  PID:1152
- C:\Windows\System\EebKDuH.exe
  C:\Windows\System\EebKDuH.exe
  2⤵
  PID:2748
- C:\Windows\System\EfoVQDB.exe
  C:\Windows\System\EfoVQDB.exe
  2⤵
  PID:2640
- C:\Windows\System\DEQfxOB.exe
  C:\Windows\System\DEQfxOB.exe
  2⤵
  PID:2364
- C:\Windows\System\nEtfcHP.exe
  C:\Windows\System\nEtfcHP.exe
  2⤵
  PID:808
- C:\Windows\System\GAJlLyg.exe
  C:\Windows\System\GAJlLyg.exe
  2⤵
  PID:1984
- C:\Windows\System\KTivuZz.exe
  C:\Windows\System\KTivuZz.exe
  2⤵
  PID:3068
- C:\Windows\System\CBbqULG.exe
  C:\Windows\System\CBbqULG.exe
  2⤵
  PID:708
- C:\Windows\System\SGOBvMH.exe
  C:\Windows\System\SGOBvMH.exe
  2⤵
  PID:620
- C:\Windows\System\mWrbtWR.exe
  C:\Windows\System\mWrbtWR.exe
  2⤵
  PID:1164
- C:\Windows\System\jXfybgu.exe
  C:\Windows\System\jXfybgu.exe
  2⤵
  PID:2980
- C:\Windows\System\XJLivHu.exe
  C:\Windows\System\XJLivHu.exe
  2⤵
  PID:1784
- C:\Windows\System\cgDrdHS.exe
  C:\Windows\System\cgDrdHS.exe
  2⤵
  PID:1652
- C:\Windows\System\sEnxQiL.exe
  C:\Windows\System\sEnxQiL.exe
  2⤵
  PID:3012
- C:\Windows\System\rGmoWdY.exe
  C:\Windows\System\rGmoWdY.exe
  2⤵
  PID:2920
- C:\Windows\System\CNkjGeO.exe
  C:\Windows\System\CNkjGeO.exe
  2⤵
  PID:1488
- C:\Windows\System\AAyoIrM.exe
  C:\Windows\System\AAyoIrM.exe
  2⤵
  PID:2408
- C:\Windows\System\HtKcXEY.exe
  C:\Windows\System\HtKcXEY.exe
  2⤵
  PID:696
- C:\Windows\System\EAPSRlp.exe
  C:\Windows\System\EAPSRlp.exe
  2⤵
  PID:2912
- C:\Windows\System\QaoqKQe.exe
  C:\Windows\System\QaoqKQe.exe
  2⤵
  PID:2468
- C:\Windows\System\FpGyQJf.exe
  C:\Windows\System\FpGyQJf.exe
  2⤵
  PID:2072
- C:\Windows\System\OzWXfFW.exe
  C:\Windows\System\OzWXfFW.exe
  2⤵
  PID:1964
- C:\Windows\System\OcAmoRT.exe
  C:\Windows\System\OcAmoRT.exe
  2⤵
  PID:1768
- C:\Windows\System\QAufqWt.exe
  C:\Windows\System\QAufqWt.exe
  2⤵
  PID:1576
- C:\Windows\System\BjAvBVA.exe
  C:\Windows\System\BjAvBVA.exe
  2⤵
  PID:1696
- C:\Windows\System\RXBaUwl.exe
  C:\Windows\System\RXBaUwl.exe
  2⤵
  PID:2176
- C:\Windows\System\UFiSspH.exe
  C:\Windows\System\UFiSspH.exe
  2⤵
  PID:2988
- C:\Windows\System\wEAwLrd.exe
  C:\Windows\System\wEAwLrd.exe
  2⤵
  PID:1036
- C:\Windows\System\lBhgiEC.exe
  C:\Windows\System\lBhgiEC.exe
  2⤵
  PID:2708
- C:\Windows\System\SlWbAJk.exe
  C:\Windows\System\SlWbAJk.exe
  2⤵
  PID:1536
- C:\Windows\System\jrdUcrM.exe
  C:\Windows\System\jrdUcrM.exe
  2⤵
  PID:3028
- C:\Windows\System\ZKxqlfr.exe
  C:\Windows\System\ZKxqlfr.exe
  2⤵
  PID:2872
- C:\Windows\System\GLMyueG.exe
  C:\Windows\System\GLMyueG.exe
  2⤵
  PID:2676
- C:\Windows\System\MCzUSjh.exe
  C:\Windows\System\MCzUSjh.exe
  2⤵
  PID:2776
- C:\Windows\System\gYWZkLp.exe
  C:\Windows\System\gYWZkLp.exe
  2⤵
  PID:916
- C:\Windows\System\EEmfnMw.exe
  C:\Windows\System\EEmfnMw.exe
  2⤵
  PID:2232
- C:\Windows\System\lazyJXs.exe
  C:\Windows\System\lazyJXs.exe
  2⤵
  PID:2624
- C:\Windows\System\HZtunug.exe
  C:\Windows\System\HZtunug.exe
  2⤵
  PID:2800
- C:\Windows\System\GSsZutR.exe
  C:\Windows\System\GSsZutR.exe
  2⤵
  PID:2264
- C:\Windows\System\GxHWnmi.exe
  C:\Windows\System\GxHWnmi.exe
  2⤵
  PID:1096
- C:\Windows\System\ZAsyrwK.exe
  C:\Windows\System\ZAsyrwK.exe
  2⤵
  PID:1480
- C:\Windows\System\BfLtEGK.exe
  C:\Windows\System\BfLtEGK.exe
  2⤵
  PID:1800
- C:\Windows\System\TTbseZB.exe
  C:\Windows\System\TTbseZB.exe
  2⤵
  PID:3084
- C:\Windows\System\fiPvwXM.exe
  C:\Windows\System\fiPvwXM.exe
  2⤵
  PID:3100
- C:\Windows\System\oflqaai.exe
  C:\Windows\System\oflqaai.exe
  2⤵
  PID:3116
- C:\Windows\System\VNEjANF.exe
  C:\Windows\System\VNEjANF.exe
  2⤵
  PID:3144
- C:\Windows\System\KNuLFaP.exe
  C:\Windows\System\KNuLFaP.exe
  2⤵
  PID:3188
- C:\Windows\System\cHlttgG.exe
  C:\Windows\System\cHlttgG.exe
  2⤵
  PID:3208
- C:\Windows\System\YcYaZAA.exe
  C:\Windows\System\YcYaZAA.exe
  2⤵
  PID:3228
- C:\Windows\System\vHYTjxS.exe
  C:\Windows\System\vHYTjxS.exe
  2⤵
  PID:3244
- C:\Windows\System\vlwfcTK.exe
  C:\Windows\System\vlwfcTK.exe
  2⤵
  PID:3264
- C:\Windows\System\hISVUck.exe
  C:\Windows\System\hISVUck.exe
  2⤵
  PID:3284
- C:\Windows\System\lcEqUSC.exe
  C:\Windows\System\lcEqUSC.exe
  2⤵
  PID:3300
- C:\Windows\System\oTAZpod.exe
  C:\Windows\System\oTAZpod.exe
  2⤵
  PID:3320
- C:\Windows\System\gOiOWHX.exe
  C:\Windows\System\gOiOWHX.exe
  2⤵
  PID:3372
- C:\Windows\System\OqVfmOD.exe
  C:\Windows\System\OqVfmOD.exe
  2⤵
  PID:3436
- C:\Windows\System\xYaoWXR.exe
  C:\Windows\System\xYaoWXR.exe
  2⤵
  PID:3452
- C:\Windows\System\bWededt.exe
  C:\Windows\System\bWededt.exe
  2⤵
  PID:3472
- C:\Windows\System\hEYhdyF.exe
  C:\Windows\System\hEYhdyF.exe
  2⤵
  PID:3500
- C:\Windows\System\yItIaEf.exe
  C:\Windows\System\yItIaEf.exe
  2⤵
  PID:3516
- C:\Windows\System\kxAMwDV.exe
  C:\Windows\System\kxAMwDV.exe
  2⤵
  PID:3532
- C:\Windows\System\tMBkbqK.exe
  C:\Windows\System\tMBkbqK.exe
  2⤵
  PID:3548
- C:\Windows\System\FzlfxNo.exe
  C:\Windows\System\FzlfxNo.exe
  2⤵
  PID:3568
- C:\Windows\System\yHoqgfk.exe
  C:\Windows\System\yHoqgfk.exe
  2⤵
  PID:3588
- C:\Windows\System\mPVdHiL.exe
  C:\Windows\System\mPVdHiL.exe
  2⤵
  PID:3604
- C:\Windows\System\ietuLeV.exe
  C:\Windows\System\ietuLeV.exe
  2⤵
  PID:3632
- C:\Windows\System\XFXLjEU.exe
  C:\Windows\System\XFXLjEU.exe
  2⤵
  PID:3652
- C:\Windows\System\IUXkcRP.exe
  C:\Windows\System\IUXkcRP.exe
  2⤵
  PID:3668
- C:\Windows\System\Gqgpjno.exe
  C:\Windows\System\Gqgpjno.exe
  2⤵
  PID:3684
- C:\Windows\System\ceplAlD.exe
  C:\Windows\System\ceplAlD.exe
  2⤵
  PID:3716
- C:\Windows\System\qIVjLnH.exe
  C:\Windows\System\qIVjLnH.exe
  2⤵
  PID:3732
- C:\Windows\System\kQvvIWP.exe
  C:\Windows\System\kQvvIWP.exe
  2⤵
  PID:3752
- C:\Windows\System\oLUtYyA.exe
  C:\Windows\System\oLUtYyA.exe
  2⤵
  PID:3768
- C:\Windows\System\bqqHXpO.exe
  C:\Windows\System\bqqHXpO.exe
  2⤵
  PID:3800
- C:\Windows\System\eurIBxo.exe
  C:\Windows\System\eurIBxo.exe
  2⤵
  PID:3816
- C:\Windows\System\uDUxMYB.exe
  C:\Windows\System\uDUxMYB.exe
  2⤵
  PID:3840
- C:\Windows\System\CQxwvMM.exe
  C:\Windows\System\CQxwvMM.exe
  2⤵
  PID:3860
- C:\Windows\System\zvycisf.exe
  C:\Windows\System\zvycisf.exe
  2⤵
  PID:3880
- C:\Windows\System\ELPhKqb.exe
  C:\Windows\System\ELPhKqb.exe
  2⤵
  PID:3904
- C:\Windows\System\xuFqYVG.exe
  C:\Windows\System\xuFqYVG.exe
  2⤵
  PID:3928
- C:\Windows\System\nzvtiyp.exe
  C:\Windows\System\nzvtiyp.exe
  2⤵
  PID:3944
- C:\Windows\System\xjazzwV.exe
  C:\Windows\System\xjazzwV.exe
  2⤵
  PID:3960
- C:\Windows\System\nTRTgxb.exe
  C:\Windows\System\nTRTgxb.exe
  2⤵
  PID:3976
- C:\Windows\System\INxVYQv.exe
  C:\Windows\System\INxVYQv.exe
  2⤵
  PID:4004
- C:\Windows\System\jMbcNZS.exe
  C:\Windows\System\jMbcNZS.exe
  2⤵
  PID:4024
- C:\Windows\System\VynuxYC.exe
  C:\Windows\System\VynuxYC.exe
  2⤵
  PID:4040
- C:\Windows\System\LZJgslQ.exe
  C:\Windows\System\LZJgslQ.exe
  2⤵
  PID:4056
- C:\Windows\System\RCxfuJi.exe
  C:\Windows\System\RCxfuJi.exe
  2⤵
  PID:4084
- C:\Windows\System\SvVJFZf.exe
  C:\Windows\System\SvVJFZf.exe
  2⤵
  PID:2396
- C:\Windows\System\iZYzDkG.exe
  C:\Windows\System\iZYzDkG.exe
  2⤵
  PID:3052
- C:\Windows\System\rVSwAyF.exe
  C:\Windows\System\rVSwAyF.exe
  2⤵
  PID:604
- C:\Windows\System\RlncqFy.exe
  C:\Windows\System\RlncqFy.exe
  2⤵
  PID:3092
- C:\Windows\System\RgTEjfh.exe
  C:\Windows\System\RgTEjfh.exe
  2⤵
  PID:3096
- C:\Windows\System\riKaVQm.exe
  C:\Windows\System\riKaVQm.exe
  2⤵
  PID:3124
- C:\Windows\System\mIknWwc.exe
  C:\Windows\System\mIknWwc.exe
  2⤵
  PID:3140
- C:\Windows\System\OQnsaie.exe
  C:\Windows\System\OQnsaie.exe
  2⤵
  PID:3156
- C:\Windows\System\DEOsmhp.exe
  C:\Windows\System\DEOsmhp.exe
  2⤵
  PID:3168
- C:\Windows\System\TkMqstT.exe
  C:\Windows\System\TkMqstT.exe
  2⤵
  PID:3184
- C:\Windows\System\RlGXhPN.exe
  C:\Windows\System\RlGXhPN.exe
  2⤵
  PID:3224
- C:\Windows\System\VxjFLoW.exe
  C:\Windows\System\VxjFLoW.exe
  2⤵
  PID:3252
- C:\Windows\System\LDnoIIA.exe
  C:\Windows\System\LDnoIIA.exe
  2⤵
  PID:2864
- C:\Windows\System\VocOFmi.exe
  C:\Windows\System\VocOFmi.exe
  2⤵
  PID:3332
- C:\Windows\System\eUjzWOB.exe
  C:\Windows\System\eUjzWOB.exe
  2⤵
  PID:3352
- C:\Windows\System\xWSpmPE.exe
  C:\Windows\System\xWSpmPE.exe
  2⤵
  PID:3368
- C:\Windows\System\nmIjhnl.exe
  C:\Windows\System\nmIjhnl.exe
  2⤵
  PID:3408
- C:\Windows\System\oLkdaJm.exe
  C:\Windows\System\oLkdaJm.exe
  2⤵
  PID:3428
- C:\Windows\System\lSqrtwa.exe
  C:\Windows\System\lSqrtwa.exe
  2⤵
  PID:3468
- C:\Windows\System\YcddUnR.exe
  C:\Windows\System\YcddUnR.exe
  2⤵
  PID:3492
- C:\Windows\System\zBTVKCg.exe
  C:\Windows\System\zBTVKCg.exe
  2⤵
  PID:3508
- C:\Windows\System\GyMIBXG.exe
  C:\Windows\System\GyMIBXG.exe
  2⤵
  PID:3580
- C:\Windows\System\uIVcBMA.exe
  C:\Windows\System\uIVcBMA.exe
  2⤵
  PID:3624
- C:\Windows\System\BLPgLXR.exe
  C:\Windows\System\BLPgLXR.exe
  2⤵
  PID:3556
- C:\Windows\System\hOZGiqu.exe
  C:\Windows\System\hOZGiqu.exe
  2⤵
  PID:3600
- C:\Windows\System\KWkcpwg.exe
  C:\Windows\System\KWkcpwg.exe
  2⤵
  PID:3648
- C:\Windows\System\wWOrBKx.exe
  C:\Windows\System\wWOrBKx.exe
  2⤵
  PID:3708
- C:\Windows\System\FAllzSQ.exe
  C:\Windows\System\FAllzSQ.exe
  2⤵
  PID:3680
- C:\Windows\System\lHeIRCQ.exe
  C:\Windows\System\lHeIRCQ.exe
  2⤵
  PID:3776
- C:\Windows\System\bfrQsoU.exe
  C:\Windows\System\bfrQsoU.exe
  2⤵
  PID:3780
- C:\Windows\System\CMeuAOX.exe
  C:\Windows\System\CMeuAOX.exe
  2⤵
  PID:3808
- C:\Windows\System\AJHOpoU.exe
  C:\Windows\System\AJHOpoU.exe
  2⤵
  PID:3872
- C:\Windows\System\ddpbrMP.exe
  C:\Windows\System\ddpbrMP.exe
  2⤵
  PID:3892
- C:\Windows\System\ulaXdWh.exe
  C:\Windows\System\ulaXdWh.exe
  2⤵
  PID:3952
- C:\Windows\System\soicFAT.exe
  C:\Windows\System\soicFAT.exe
  2⤵
  PID:3940
- C:\Windows\System\hEhXERW.exe
  C:\Windows\System\hEhXERW.exe
  2⤵
  PID:4032
- C:\Windows\System\ZqSRKZV.exe
  C:\Windows\System\ZqSRKZV.exe
  2⤵
  PID:2084
- C:\Windows\System\EPSOGgR.exe
  C:\Windows\System\EPSOGgR.exe
  2⤵
  PID:4076
- C:\Windows\System\TTZTrOP.exe
  C:\Windows\System\TTZTrOP.exe
  2⤵
  PID:4052
- C:\Windows\System\qoHQFCd.exe
  C:\Windows\System\qoHQFCd.exe
  2⤵
  PID:3080
- C:\Windows\System\hXHWaBv.exe
  C:\Windows\System\hXHWaBv.exe
  2⤵
  PID:2392
- C:\Windows\System\bmldbsw.exe
  C:\Windows\System\bmldbsw.exe
  2⤵
  PID:1064
- C:\Windows\System\CYjgGok.exe
  C:\Windows\System\CYjgGok.exe
  2⤵
  PID:3108
- C:\Windows\System\dxSwNHQ.exe
  C:\Windows\System\dxSwNHQ.exe
  2⤵
  PID:3200
- C:\Windows\System\DviDdJK.exe
  C:\Windows\System\DviDdJK.exe
  2⤵
  PID:3112
- C:\Windows\System\OGCOqmB.exe
  C:\Windows\System\OGCOqmB.exe
  2⤵
  PID:3312
- C:\Windows\System\vYwHRGz.exe
  C:\Windows\System\vYwHRGz.exe
  2⤵
  PID:3328
- C:\Windows\System\Lfhskah.exe
  C:\Windows\System\Lfhskah.exe
  2⤵
  PID:3360
- C:\Windows\System\aJzsSzX.exe
  C:\Windows\System\aJzsSzX.exe
  2⤵
  PID:3424
- C:\Windows\System\BtobgRN.exe
  C:\Windows\System\BtobgRN.exe
  2⤵
  PID:3344
- C:\Windows\System\luYxBeA.exe
  C:\Windows\System\luYxBeA.exe
  2⤵
  PID:3444
- C:\Windows\System\BffefUI.exe
  C:\Windows\System\BffefUI.exe
  2⤵
  PID:2240
- C:\Windows\System\qLSxVOn.exe
  C:\Windows\System\qLSxVOn.exe
  2⤵
  PID:3620
- C:\Windows\System\imWZqhC.exe
  C:\Windows\System\imWZqhC.exe
  2⤵
  PID:3696
- C:\Windows\System\iyLZtsO.exe
  C:\Windows\System\iyLZtsO.exe
  2⤵
  PID:3700
- C:\Windows\System\lGwdFyL.exe
  C:\Windows\System\lGwdFyL.exe
  2⤵
  PID:3760
- C:\Windows\System\VjElhIx.exe
  C:\Windows\System\VjElhIx.exe
  2⤵
  PID:3812
- C:\Windows\System\UEhvHqT.exe
  C:\Windows\System\UEhvHqT.exe
  2⤵
  PID:3836
- C:\Windows\System\KCUykQE.exe
  C:\Windows\System\KCUykQE.exe
  2⤵
  PID:3920
- C:\Windows\System\UuaixEO.exe
  C:\Windows\System\UuaixEO.exe
  2⤵
  PID:3972
- C:\Windows\System\qiqhqJy.exe
  C:\Windows\System\qiqhqJy.exe
  2⤵
  PID:3996
- C:\Windows\System\rDYTlxw.exe
  C:\Windows\System\rDYTlxw.exe
  2⤵
  PID:4068
- C:\Windows\System\mAgSPOV.exe
  C:\Windows\System\mAgSPOV.exe
  2⤵
  PID:4072
- C:\Windows\System\sauYeWv.exe
  C:\Windows\System\sauYeWv.exe
  2⤵
  PID:2548
- C:\Windows\System\nZStnft.exe
  C:\Windows\System\nZStnft.exe
  2⤵
  PID:3204
- C:\Windows\System\czxkFSh.exe
  C:\Windows\System\czxkFSh.exe
  2⤵
  PID:3828
- C:\Windows\System\nywktrq.exe
  C:\Windows\System\nywktrq.exe
  2⤵
  PID:2380
- C:\Windows\System\icTBMWW.exe
  C:\Windows\System\icTBMWW.exe
  2⤵
  PID:2900
- C:\Windows\System\iDBLCAN.exe
  C:\Windows\System\iDBLCAN.exe
  2⤵
  PID:3412
- C:\Windows\System\IoLEnKD.exe
  C:\Windows\System\IoLEnKD.exe
  2⤵
  PID:3540
- C:\Windows\System\fYdjshC.exe
  C:\Windows\System\fYdjshC.exe
  2⤵
  PID:3544
- C:\Windows\System\QQouuxp.exe
  C:\Windows\System\QQouuxp.exe
  2⤵
  PID:1796
- C:\Windows\System\HfdEsMC.exe
  C:\Windows\System\HfdEsMC.exe
  2⤵
  PID:3692
- C:\Windows\System\AZcbhhz.exe
  C:\Windows\System\AZcbhhz.exe
  2⤵
  PID:3744
- C:\Windows\System\WniaTHT.exe
  C:\Windows\System\WniaTHT.exe
  2⤵
  PID:3788
- C:\Windows\System\aCoJksW.exe
  C:\Windows\System\aCoJksW.exe
  2⤵
  PID:3728
- C:\Windows\System\yYCDGmc.exe
  C:\Windows\System\yYCDGmc.exe
  2⤵
  PID:3936
- C:\Windows\System\jIPIARM.exe
  C:\Windows\System\jIPIARM.exe
  2⤵
  PID:2880
- C:\Windows\System\hGpBRkd.exe
  C:\Windows\System\hGpBRkd.exe
  2⤵
  PID:3992
- C:\Windows\System\pqIIUmz.exe
  C:\Windows\System\pqIIUmz.exe
  2⤵
  PID:2752
- C:\Windows\System\toajQRI.exe
  C:\Windows\System\toajQRI.exe
  2⤵
  PID:2768
- C:\Windows\System\JliVHST.exe
  C:\Windows\System\JliVHST.exe
  2⤵
  PID:4048
- C:\Windows\System\YLhlaKq.exe
  C:\Windows\System\YLhlaKq.exe
  2⤵
  PID:3180
- C:\Windows\System\peDlGvd.exe
  C:\Windows\System\peDlGvd.exe
  2⤵
  PID:3064
- C:\Windows\System\UZLkumk.exe
  C:\Windows\System\UZLkumk.exe
  2⤵
  PID:3888
- C:\Windows\System\HYYUYwT.exe
  C:\Windows\System\HYYUYwT.exe
  2⤵
  PID:2948
- C:\Windows\System\kjKZMqV.exe
  C:\Windows\System\kjKZMqV.exe
  2⤵
  PID:320
- C:\Windows\System\tCInQdZ.exe
  C:\Windows\System\tCInQdZ.exe
  2⤵
  PID:2268
- C:\Windows\System\RoWBowD.exe
  C:\Windows\System\RoWBowD.exe
  2⤵
  PID:2532
- C:\Windows\System\fFySmYf.exe
  C:\Windows\System\fFySmYf.exe
  2⤵
  PID:3460
- C:\Windows\System\NgptshT.exe
  C:\Windows\System\NgptshT.exe
  2⤵
  PID:3464
- C:\Windows\System\hBMbUrm.exe
  C:\Windows\System\hBMbUrm.exe
  2⤵
  PID:3704
- C:\Windows\System\TQvBSrG.exe
  C:\Windows\System\TQvBSrG.exe
  2⤵
  PID:3796
- C:\Windows\System\GEueVHO.exe
  C:\Windows\System\GEueVHO.exe
  2⤵
  PID:3664
- C:\Windows\System\NZEqBOB.exe
  C:\Windows\System\NZEqBOB.exe
  2⤵
  PID:2120
- C:\Windows\System\PLjFKjd.exe
  C:\Windows\System\PLjFKjd.exe
  2⤵
  PID:2700
- C:\Windows\System\GLIgpwR.exe
  C:\Windows\System\GLIgpwR.exe
  2⤵
  PID:3308
- C:\Windows\System\TCUcPES.exe
  C:\Windows\System\TCUcPES.exe
  2⤵
  PID:3388
- C:\Windows\System\TjORreH.exe
  C:\Windows\System\TjORreH.exe
  2⤵
  PID:4100
- C:\Windows\System\fpVsUar.exe
  C:\Windows\System\fpVsUar.exe
  2⤵
  PID:4116
- C:\Windows\System\oXHWnYm.exe
  C:\Windows\System\oXHWnYm.exe
  2⤵
  PID:4136
- C:\Windows\System\XbrnTeb.exe
  C:\Windows\System\XbrnTeb.exe
  2⤵
  PID:4160
- C:\Windows\System\LrcPxIv.exe
  C:\Windows\System\LrcPxIv.exe
  2⤵
  PID:4176
- C:\Windows\System\AQdbJjL.exe
  C:\Windows\System\AQdbJjL.exe
  2⤵
  PID:4204
- C:\Windows\System\vQyBLfO.exe
  C:\Windows\System\vQyBLfO.exe
  2⤵
  PID:4220
- C:\Windows\System\JwoxieM.exe
  C:\Windows\System\JwoxieM.exe
  2⤵
  PID:4236
- C:\Windows\System\UEniccQ.exe
  C:\Windows\System\UEniccQ.exe
  2⤵
  PID:4252
- C:\Windows\System\mwSNQgH.exe
  C:\Windows\System\mwSNQgH.exe
  2⤵
  PID:4268
- C:\Windows\System\tTySWjc.exe
  C:\Windows\System\tTySWjc.exe
  2⤵
  PID:4284
- C:\Windows\System\DeINaTC.exe
  C:\Windows\System\DeINaTC.exe
  2⤵
  PID:4300
- C:\Windows\System\yypraev.exe
  C:\Windows\System\yypraev.exe
  2⤵
  PID:4316
- C:\Windows\System\QJOQwDs.exe
  C:\Windows\System\QJOQwDs.exe
  2⤵
  PID:4356
- C:\Windows\System\AwzceWp.exe
  C:\Windows\System\AwzceWp.exe
  2⤵
  PID:4376
- C:\Windows\System\AbEMVuY.exe
  C:\Windows\System\AbEMVuY.exe
  2⤵
  PID:4392
- C:\Windows\System\TwaAWxL.exe
  C:\Windows\System\TwaAWxL.exe
  2⤵
  PID:4440
- C:\Windows\System\gFaCbHs.exe
  C:\Windows\System\gFaCbHs.exe
  2⤵
  PID:4460
- C:\Windows\System\cNpCqyj.exe
  C:\Windows\System\cNpCqyj.exe
  2⤵
  PID:4476
- C:\Windows\System\JzKEHKg.exe
  C:\Windows\System\JzKEHKg.exe
  2⤵
  PID:4492
- C:\Windows\System\fIBeovy.exe
  C:\Windows\System\fIBeovy.exe
  2⤵
  PID:4512
- C:\Windows\System\LByluPV.exe
  C:\Windows\System\LByluPV.exe
  2⤵
  PID:4536
- C:\Windows\System\DkiKmBw.exe
  C:\Windows\System\DkiKmBw.exe
  2⤵
  PID:4556
- C:\Windows\System\mpHGCgi.exe
  C:\Windows\System\mpHGCgi.exe
  2⤵
  PID:4576
- C:\Windows\System\wPfsquj.exe
  C:\Windows\System\wPfsquj.exe
  2⤵
  PID:4592
- C:\Windows\System\YvQhWfc.exe
  C:\Windows\System\YvQhWfc.exe
  2⤵
  PID:4608
- C:\Windows\System\TzgzPTP.exe
  C:\Windows\System\TzgzPTP.exe
  2⤵
  PID:4632
- C:\Windows\System\iwaOuZd.exe
  C:\Windows\System\iwaOuZd.exe
  2⤵
  PID:4652
- C:\Windows\System\CbGhOxW.exe
  C:\Windows\System\CbGhOxW.exe
  2⤵
  PID:4680
- C:\Windows\System\ECKNmnN.exe
  C:\Windows\System\ECKNmnN.exe
  2⤵
  PID:4704
- C:\Windows\System\bnknSha.exe
  C:\Windows\System\bnknSha.exe
  2⤵
  PID:4720
- C:\Windows\System\wANuTMU.exe
  C:\Windows\System\wANuTMU.exe
  2⤵
  PID:4744
- C:\Windows\System\CtZvkqO.exe
  C:\Windows\System\CtZvkqO.exe
  2⤵
  PID:4760
- C:\Windows\System\OvzNOql.exe
  C:\Windows\System\OvzNOql.exe
  2⤵
  PID:4776
- C:\Windows\System\thtGyRy.exe
  C:\Windows\System\thtGyRy.exe
  2⤵
  PID:4800
- C:\Windows\System\EzpPjXS.exe
  C:\Windows\System\EzpPjXS.exe
  2⤵
  PID:4820
- C:\Windows\System\uMBHGYI.exe
  C:\Windows\System\uMBHGYI.exe
  2⤵
  PID:4840
- C:\Windows\System\NQjRmWR.exe
  C:\Windows\System\NQjRmWR.exe
  2⤵
  PID:4856
- C:\Windows\System\gyQSjyW.exe
  C:\Windows\System\gyQSjyW.exe
  2⤵
  PID:4876
- C:\Windows\System\fZKxCej.exe
  C:\Windows\System\fZKxCej.exe
  2⤵
  PID:4896
- C:\Windows\System\CCOwIWk.exe
  C:\Windows\System\CCOwIWk.exe
  2⤵
  PID:4920
- C:\Windows\System\iduHMOo.exe
  C:\Windows\System\iduHMOo.exe
  2⤵
  PID:4936
- C:\Windows\System\HEshbho.exe
  C:\Windows\System\HEshbho.exe
  2⤵
  PID:4952
- C:\Windows\System\IYjFBvv.exe
  C:\Windows\System\IYjFBvv.exe
  2⤵
  PID:4980
- C:\Windows\System\sSljUDR.exe
  C:\Windows\System\sSljUDR.exe
  2⤵
  PID:5000
- C:\Windows\System\nqsyxuK.exe
  C:\Windows\System\nqsyxuK.exe
  2⤵
  PID:5016
- C:\Windows\System\uMoUcXd.exe
  C:\Windows\System\uMoUcXd.exe
  2⤵
  PID:5044
- C:\Windows\System\jPsucfg.exe
  C:\Windows\System\jPsucfg.exe
  2⤵
  PID:5060
- C:\Windows\System\tldtYbQ.exe
  C:\Windows\System\tldtYbQ.exe
  2⤵
  PID:5080
- C:\Windows\System\FubApGf.exe
  C:\Windows\System\FubApGf.exe
  2⤵
  PID:5096
- C:\Windows\System\DVFMZII.exe
  C:\Windows\System\DVFMZII.exe
  2⤵
  PID:5112
- C:\Windows\System\QbxPArC.exe
  C:\Windows\System\QbxPArC.exe
  2⤵
  PID:4108
- C:\Windows\System\vJhWWCT.exe
  C:\Windows\System\vJhWWCT.exe
  2⤵
  PID:4152
- C:\Windows\System\BhbSVHh.exe
  C:\Windows\System\BhbSVHh.exe
  2⤵
  PID:300
- C:\Windows\System\RYBdTgP.exe
  C:\Windows\System\RYBdTgP.exe
  2⤵
  PID:4232
- C:\Windows\System\xHHYjZe.exe
  C:\Windows\System\xHHYjZe.exe
  2⤵
  PID:4296
- C:\Windows\System\hDhKNvL.exe
  C:\Windows\System\hDhKNvL.exe
  2⤵
  PID:3484
- C:\Windows\System\NvsrbwP.exe
  C:\Windows\System\NvsrbwP.exe
  2⤵
  PID:3764
- C:\Windows\System\LlaTyNx.exe
  C:\Windows\System\LlaTyNx.exe
  2⤵
  PID:4216
- C:\Windows\System\UieCXBC.exe
  C:\Windows\System\UieCXBC.exe
  2⤵
  PID:4168
- C:\Windows\System\mpdOOzm.exe
  C:\Windows\System\mpdOOzm.exe
  2⤵
  PID:4332
- C:\Windows\System\wUfoQvo.exe
  C:\Windows\System\wUfoQvo.exe
  2⤵
  PID:4348
- C:\Windows\System\aiQTFHE.exe
  C:\Windows\System\aiQTFHE.exe
  2⤵
  PID:4416
- C:\Windows\System\mCtulLf.exe
  C:\Windows\System\mCtulLf.exe
  2⤵
  PID:4448
- C:\Windows\System\OWOYnba.exe
  C:\Windows\System\OWOYnba.exe
  2⤵
  PID:4364
- C:\Windows\System\ZfRyWlH.exe
  C:\Windows\System\ZfRyWlH.exe
  2⤵
  PID:2696
- C:\Windows\System\gCGEVQj.exe
  C:\Windows\System\gCGEVQj.exe
  2⤵
  PID:4524
- C:\Windows\System\VptqyHg.exe
  C:\Windows\System\VptqyHg.exe
  2⤵
  PID:4504
- C:\Windows\System\celLfDf.exe
  C:\Windows\System\celLfDf.exe
  2⤵
  PID:4620
- C:\Windows\System\fzmxNEd.exe
  C:\Windows\System\fzmxNEd.exe
  2⤵
  PID:4696
- C:\Windows\System\pCSbRQP.exe
  C:\Windows\System\pCSbRQP.exe
  2⤵
  PID:4732
- C:\Windows\System\wCqFphg.exe
  C:\Windows\System\wCqFphg.exe
  2⤵
  PID:2996
- C:\Windows\System\uSwbPCq.exe
  C:\Windows\System\uSwbPCq.exe
  2⤵
  PID:1728
- C:\Windows\System\XPysQAp.exe
  C:\Windows\System\XPysQAp.exe
  2⤵
  PID:4716
- C:\Windows\System\tjdlAKL.exe
  C:\Windows\System\tjdlAKL.exe
  2⤵
  PID:4792
- C:\Windows\System\oHiXXnx.exe
  C:\Windows\System\oHiXXnx.exe
  2⤵
  PID:4888
- C:\Windows\System\roZEPAA.exe
  C:\Windows\System\roZEPAA.exe
  2⤵
  PID:4872
- C:\Windows\System\udSKrWo.exe
  C:\Windows\System\udSKrWo.exe
  2⤵
  PID:4960
- C:\Windows\System\xUnLTJB.exe
  C:\Windows\System\xUnLTJB.exe
  2⤵
  PID:4964
- C:\Windows\System\NZqQWxT.exe
  C:\Windows\System\NZqQWxT.exe
  2⤵
  PID:4908
- C:\Windows\System\sKQMhsh.exe
  C:\Windows\System\sKQMhsh.exe
  2⤵
  PID:4912
- C:\Windows\System\GHGbVWk.exe
  C:\Windows\System\GHGbVWk.exe
  2⤵
  PID:5024
- C:\Windows\System\EOvgDuz.exe
  C:\Windows\System\EOvgDuz.exe
  2⤵
  PID:5092
- C:\Windows\System\vJzNGhs.exe
  C:\Windows\System\vJzNGhs.exe
  2⤵
  PID:4196
- C:\Windows\System\JOOXGPS.exe
  C:\Windows\System\JOOXGPS.exe
  2⤵
  PID:4312
- C:\Windows\System\vnOYzSz.exe
  C:\Windows\System\vnOYzSz.exe
  2⤵
  PID:4172
- C:\Windows\System\RTVagVp.exe
  C:\Windows\System\RTVagVp.exe
  2⤵
  PID:4424
- C:\Windows\System\BEfihke.exe
  C:\Windows\System\BEfihke.exe
  2⤵
  PID:4404
- C:\Windows\System\apnDtvo.exe
  C:\Windows\System\apnDtvo.exe
  2⤵
  PID:4148
- C:\Windows\System\LKGKiZg.exe
  C:\Windows\System\LKGKiZg.exe
  2⤵
  PID:3612
- C:\Windows\System\RTENnOU.exe
  C:\Windows\System\RTENnOU.exe
  2⤵
  PID:4384
- C:\Windows\System\wzMnRZt.exe
  C:\Windows\System\wzMnRZt.exe
  2⤵
  PID:4124
- C:\Windows\System\sAOvRJt.exe
  C:\Windows\System\sAOvRJt.exe
  2⤵
  PID:4192
- C:\Windows\System\uYRmpKk.exe
  C:\Windows\System\uYRmpKk.exe
  2⤵
  PID:4436
- C:\Windows\System\DzebjeN.exe
  C:\Windows\System\DzebjeN.exe
  2⤵
  PID:4548
- C:\Windows\System\JkjgpUg.exe
  C:\Windows\System\JkjgpUg.exe
  2⤵
  PID:4604
- C:\Windows\System\YxIbUsA.exe
  C:\Windows\System\YxIbUsA.exe
  2⤵
  PID:4676
- C:\Windows\System\mkUfzNS.exe
  C:\Windows\System\mkUfzNS.exe
  2⤵
  PID:4728
- C:\Windows\System\yuYCIYE.exe
  C:\Windows\System\yuYCIYE.exe
  2⤵
  PID:4756
- C:\Windows\System\JXbtoko.exe
  C:\Windows\System\JXbtoko.exe
  2⤵
  PID:4884
- C:\Windows\System\yWDPvDy.exe
  C:\Windows\System\yWDPvDy.exe
  2⤵
  PID:4904
- C:\Windows\System\GXBzpoa.exe
  C:\Windows\System\GXBzpoa.exe
  2⤵
  PID:4976
- C:\Windows\System\jDUWofp.exe
  C:\Windows\System\jDUWofp.exe
  2⤵
  PID:5032
- C:\Windows\System\sAvXvwn.exe
  C:\Windows\System\sAvXvwn.exe
  2⤵
  PID:4996
- C:\Windows\System\yCTgRsj.exe
  C:\Windows\System\yCTgRsj.exe
  2⤵
  PID:5052
- C:\Windows\System\rhpMZAZ.exe
  C:\Windows\System\rhpMZAZ.exe
  2⤵
  PID:4280
- C:\Windows\System\aLUEQNB.exe
  C:\Windows\System\aLUEQNB.exe
  2⤵
  PID:5072
- C:\Windows\System\hKkULNq.exe
  C:\Windows\System\hKkULNq.exe
  2⤵
  PID:4144
- C:\Windows\System\CdIRmbX.exe
  C:\Windows\System\CdIRmbX.exe
  2⤵
  PID:4468
- C:\Windows\System\GonqCDe.exe
  C:\Windows\System\GonqCDe.exe
  2⤵
  PID:5108
- C:\Windows\System\PlygXzh.exe
  C:\Windows\System\PlygXzh.exe
  2⤵
  PID:4672
- C:\Windows\System\TAcHECm.exe
  C:\Windows\System\TAcHECm.exe
  2⤵
  PID:4644
- C:\Windows\System\XwSDfTl.exe
  C:\Windows\System\XwSDfTl.exe
  2⤵
  PID:4852
- C:\Windows\System\hXjkiwU.exe
  C:\Windows\System\hXjkiwU.exe
  2⤵
  PID:4868
- C:\Windows\System\DwnbMPA.exe
  C:\Windows\System\DwnbMPA.exe
  2⤵
  PID:4812
- C:\Windows\System\kXmLKKj.exe
  C:\Windows\System\kXmLKKj.exe
  2⤵
  PID:4228
- C:\Windows\System\gWPDELW.exe
  C:\Windows\System\gWPDELW.exe
  2⤵
  PID:5056
- C:\Windows\System\YvAyRSl.exe
  C:\Windows\System\YvAyRSl.exe
  2⤵
  PID:4988
- C:\Windows\System\wtnMxEV.exe
  C:\Windows\System\wtnMxEV.exe
  2⤵
  PID:4572
- C:\Windows\System\lImekEO.exe
  C:\Windows\System\lImekEO.exe
  2⤵
  PID:4488
- C:\Windows\System\FTZQzLC.exe
  C:\Windows\System\FTZQzLC.exe
  2⤵
  PID:1224
- C:\Windows\System\MTthPPL.exe
  C:\Windows\System\MTthPPL.exe
  2⤵
  PID:4740
- C:\Windows\System\kdEpSJg.exe
  C:\Windows\System\kdEpSJg.exe
  2⤵
  PID:4944
- C:\Windows\System\CuHxKWt.exe
  C:\Windows\System\CuHxKWt.exe
  2⤵
  PID:2832
- C:\Windows\System\tQljOaV.exe
  C:\Windows\System\tQljOaV.exe
  2⤵
  PID:4816
- C:\Windows\System\XFEnJEH.exe
  C:\Windows\System\XFEnJEH.exe
  2⤵
  PID:4692
- C:\Windows\System\KOlQLpr.exe
  C:\Windows\System\KOlQLpr.exe
  2⤵
  PID:4712
- C:\Windows\System\yOxfGne.exe
  C:\Windows\System\yOxfGne.exe
  2⤵
  PID:5156
- C:\Windows\System\JeHOkrs.exe
  C:\Windows\System\JeHOkrs.exe
  2⤵
  PID:5172
- C:\Windows\System\feysBQF.exe
  C:\Windows\System\feysBQF.exe
  2⤵
  PID:5188
- C:\Windows\System\NQoJtdl.exe
  C:\Windows\System\NQoJtdl.exe
  2⤵
  PID:5204
- C:\Windows\System\TQXWyuD.exe
  C:\Windows\System\TQXWyuD.exe
  2⤵
  PID:5228
- C:\Windows\System\EMAXMUw.exe
  C:\Windows\System\EMAXMUw.exe
  2⤵
  PID:5248
- C:\Windows\System\zKlfYjk.exe
  C:\Windows\System\zKlfYjk.exe
  2⤵
  PID:5264
- C:\Windows\System\mVSyIpr.exe
  C:\Windows\System\mVSyIpr.exe
  2⤵
  PID:5284
- C:\Windows\System\FbyNUqV.exe
  C:\Windows\System\FbyNUqV.exe
  2⤵
  PID:5300
- C:\Windows\System\oNZefIT.exe
  C:\Windows\System\oNZefIT.exe
  2⤵
  PID:5316
- C:\Windows\System\zkbSSPt.exe
  C:\Windows\System\zkbSSPt.exe
  2⤵
  PID:5332
- C:\Windows\System\riaYNXj.exe
  C:\Windows\System\riaYNXj.exe
  2⤵
  PID:5356
- C:\Windows\System\pytrPtv.exe
  C:\Windows\System\pytrPtv.exe
  2⤵
  PID:5372
- C:\Windows\System\hRfQHHi.exe
  C:\Windows\System\hRfQHHi.exe
  2⤵
  PID:5408
- C:\Windows\System\itpDSxE.exe
  C:\Windows\System\itpDSxE.exe
  2⤵
  PID:5428
- C:\Windows\System\VSYgqwE.exe
  C:\Windows\System\VSYgqwE.exe
  2⤵
  PID:5448
- C:\Windows\System\cRPtXsc.exe
  C:\Windows\System\cRPtXsc.exe
  2⤵
  PID:5468
- C:\Windows\System\iGXzORt.exe
  C:\Windows\System\iGXzORt.exe
  2⤵
  PID:5488
- C:\Windows\System\raSzpvq.exe
  C:\Windows\System\raSzpvq.exe
  2⤵
  PID:5504
- C:\Windows\System\JmsJAgM.exe
  C:\Windows\System\JmsJAgM.exe
  2⤵
  PID:5520
- C:\Windows\System\xchQvIf.exe
  C:\Windows\System\xchQvIf.exe
  2⤵
  PID:5540
- C:\Windows\System\EjJFolv.exe
  C:\Windows\System\EjJFolv.exe
  2⤵
  PID:5556
- C:\Windows\System\QIpTDyq.exe
  C:\Windows\System\QIpTDyq.exe
  2⤵
  PID:5584
- C:\Windows\System\vGMkApM.exe
  C:\Windows\System\vGMkApM.exe
  2⤵
  PID:5604
- C:\Windows\System\qLSCkpC.exe
  C:\Windows\System\qLSCkpC.exe
  2⤵
  PID:5620
- C:\Windows\System\QcIFivR.exe
  C:\Windows\System\QcIFivR.exe
  2⤵
  PID:5636
- C:\Windows\System\imZlfSo.exe
  C:\Windows\System\imZlfSo.exe
  2⤵
  PID:5676
- C:\Windows\System\JfoHPil.exe
  C:\Windows\System\JfoHPil.exe
  2⤵
  PID:5696
- C:\Windows\System\pnTnycv.exe
  C:\Windows\System\pnTnycv.exe
  2⤵
  PID:5712
- C:\Windows\System\wpdhPqY.exe
  C:\Windows\System\wpdhPqY.exe
  2⤵
  PID:5740
- C:\Windows\System\KCGfYFL.exe
  C:\Windows\System\KCGfYFL.exe
  2⤵
  PID:5756
- C:\Windows\System\PcRGmqC.exe
  C:\Windows\System\PcRGmqC.exe
  2⤵
  PID:5772
- C:\Windows\System\AcwFOAo.exe
  C:\Windows\System\AcwFOAo.exe
  2⤵
  PID:5792
- C:\Windows\System\jBTduSt.exe
  C:\Windows\System\jBTduSt.exe
  2⤵
  PID:5808
- C:\Windows\System\VtdjJLF.exe
  C:\Windows\System\VtdjJLF.exe
  2⤵
  PID:5824
- C:\Windows\System\VGtlvAe.exe
  C:\Windows\System\VGtlvAe.exe
  2⤵
  PID:5840
- C:\Windows\System\wYidvbh.exe
  C:\Windows\System\wYidvbh.exe
  2⤵
  PID:5860
- C:\Windows\System\sXkfMcx.exe
  C:\Windows\System\sXkfMcx.exe
  2⤵
  PID:5884
- C:\Windows\System\GNmBgbH.exe
  C:\Windows\System\GNmBgbH.exe
  2⤵
  PID:5900
- C:\Windows\System\SowBanW.exe
  C:\Windows\System\SowBanW.exe
  2⤵
  PID:5916
- C:\Windows\System\GyWxIbh.exe
  C:\Windows\System\GyWxIbh.exe
  2⤵
  PID:5932
- C:\Windows\System\JHluRdl.exe
  C:\Windows\System\JHluRdl.exe
  2⤵
  PID:5948
- C:\Windows\System\ySYLzhF.exe
  C:\Windows\System\ySYLzhF.exe
  2⤵
  PID:5968
- C:\Windows\System\jyfDtub.exe
  C:\Windows\System\jyfDtub.exe
  2⤵
  PID:5988
- C:\Windows\System\FtZNvdH.exe
  C:\Windows\System\FtZNvdH.exe
  2⤵
  PID:6008
- C:\Windows\System\RMScIox.exe
  C:\Windows\System\RMScIox.exe
  2⤵
  PID:6028
- C:\Windows\System\PKtBDla.exe
  C:\Windows\System\PKtBDla.exe
  2⤵
  PID:6044
- C:\Windows\System\fzxKXfT.exe
  C:\Windows\System\fzxKXfT.exe
  2⤵
  PID:6060
- C:\Windows\System\YAuzFSI.exe
  C:\Windows\System\YAuzFSI.exe
  2⤵
  PID:6108
- C:\Windows\System\IUvHFmx.exe
  C:\Windows\System\IUvHFmx.exe
  2⤵
  PID:6136
- C:\Windows\System\xdnLMpv.exe
  C:\Windows\System\xdnLMpv.exe
  2⤵
  PID:5068
- C:\Windows\System\FxvzzvC.exe
  C:\Windows\System\FxvzzvC.exe
  2⤵
  PID:4184
- C:\Windows\System\vdopZJP.exe
  C:\Windows\System\vdopZJP.exe
  2⤵
  PID:5104
- C:\Windows\System\ivMcuVV.exe
  C:\Windows\System\ivMcuVV.exe
  2⤵
  PID:5132
- C:\Windows\System\zHVxluy.exe
  C:\Windows\System\zHVxluy.exe
  2⤵
  PID:2588
- C:\Windows\System\cLPVPXO.exe
  C:\Windows\System\cLPVPXO.exe
  2⤵
  PID:5216
- C:\Windows\System\iIcMAje.exe
  C:\Windows\System\iIcMAje.exe
  2⤵
  PID:5256
- C:\Windows\System\MxiZjnY.exe
  C:\Windows\System\MxiZjnY.exe
  2⤵
  PID:5324
- C:\Windows\System\XzLBBGa.exe
  C:\Windows\System\XzLBBGa.exe
  2⤵
  PID:5244
- C:\Windows\System\HQsnihM.exe
  C:\Windows\System\HQsnihM.exe
  2⤵
  PID:5272
- C:\Windows\System\ryVBgCD.exe
  C:\Windows\System\ryVBgCD.exe
  2⤵
  PID:5340
- C:\Windows\System\hnvriNQ.exe
  C:\Windows\System\hnvriNQ.exe
  2⤵
  PID:5424
- C:\Windows\System\rUFjiSq.exe
  C:\Windows\System\rUFjiSq.exe
  2⤵
  PID:5380
- C:\Windows\System\VIrIrbA.exe
  C:\Windows\System\VIrIrbA.exe
  2⤵
  PID:5404
- C:\Windows\System\odzdLMQ.exe
  C:\Windows\System\odzdLMQ.exe
  2⤵
  PID:5496
- C:\Windows\System\jXcFjGo.exe
  C:\Windows\System\jXcFjGo.exe
  2⤵
  PID:5564
- C:\Windows\System\NqYzCmC.exe
  C:\Windows\System\NqYzCmC.exe
  2⤵
  PID:5480
- C:\Windows\System\dKpbWMD.exe
  C:\Windows\System\dKpbWMD.exe
  2⤵
  PID:5592
- C:\Windows\System\NPntsZR.exe
  C:\Windows\System\NPntsZR.exe
  2⤵
  PID:5552
- C:\Windows\System\UFHvtBe.exe
  C:\Windows\System\UFHvtBe.exe
  2⤵
  PID:5648
- C:\Windows\System\ynnyfaT.exe
  C:\Windows\System\ynnyfaT.exe
  2⤵
  PID:292
- C:\Windows\System\nNKbmRa.exe
  C:\Windows\System\nNKbmRa.exe
  2⤵
  PID:5664
- C:\Windows\System\ovFhKfi.exe
  C:\Windows\System\ovFhKfi.exe
  2⤵
  PID:5732
- C:\Windows\System\dELnmYW.exe
  C:\Windows\System\dELnmYW.exe
  2⤵
  PID:5728
- C:\Windows\System\GBMataN.exe
  C:\Windows\System\GBMataN.exe
  2⤵
  PID:5784
- C:\Windows\System\yfXTptD.exe
  C:\Windows\System\yfXTptD.exe
  2⤵
  PID:5820
- C:\Windows\System\tlEtAPL.exe
  C:\Windows\System\tlEtAPL.exe
  2⤵
  PID:5856
- C:\Windows\System\NigYHWY.exe
  C:\Windows\System\NigYHWY.exe
  2⤵
  PID:1828
- C:\Windows\System\MNqUBWJ.exe
  C:\Windows\System\MNqUBWJ.exe
  2⤵
  PID:6036
- C:\Windows\System\uNGrfRK.exe
  C:\Windows\System\uNGrfRK.exe
  2⤵
  PID:5836
- C:\Windows\System\kRDqjpQ.exe
  C:\Windows\System\kRDqjpQ.exe
  2⤵
  PID:5908
- C:\Windows\System\nKyEMGI.exe
  C:\Windows\System\nKyEMGI.exe
  2⤵
  PID:6084
- C:\Windows\System\FvLluoX.exe
  C:\Windows\System\FvLluoX.exe
  2⤵
  PID:6020
- C:\Windows\System\fJXPIeJ.exe
  C:\Windows\System\fJXPIeJ.exe
  2⤵
  PID:5764
- C:\Windows\System\OYoCdlA.exe
  C:\Windows\System\OYoCdlA.exe
  2⤵
  PID:5980
- C:\Windows\System\iOHyyUV.exe
  C:\Windows\System\iOHyyUV.exe
  2⤵
  PID:6104
- C:\Windows\System\fYHXzTu.exe
  C:\Windows\System\fYHXzTu.exe
  2⤵
  PID:4500
- C:\Windows\System\HzcQKre.exe
  C:\Windows\System\HzcQKre.exe
  2⤵
  PID:5124
- C:\Windows\System\wYfiufy.exe
  C:\Windows\System\wYfiufy.exe
  2⤵
  PID:5148
- C:\Windows\System\dAFghDQ.exe
  C:\Windows\System\dAFghDQ.exe
  2⤵
  PID:5184
- C:\Windows\System\hPdGiWV.exe
  C:\Windows\System\hPdGiWV.exe
  2⤵
  PID:5224
- C:\Windows\System\TZVBPvI.exe
  C:\Windows\System\TZVBPvI.exe
  2⤵
  PID:5280
- C:\Windows\System\qgnwMdl.exe
  C:\Windows\System\qgnwMdl.exe
  2⤵
  PID:5236
- C:\Windows\System\xpHwFwb.exe
  C:\Windows\System\xpHwFwb.exe
  2⤵
  PID:5464
- C:\Windows\System\rbllSqH.exe
  C:\Windows\System\rbllSqH.exe
  2⤵
  PID:5388
- C:\Windows\System\iKtuCRr.exe
  C:\Windows\System\iKtuCRr.exe
  2⤵
  PID:5440
- C:\Windows\System\dSDzDGB.exe
  C:\Windows\System\dSDzDGB.exe
  2⤵
  PID:5616
- C:\Windows\System\MfuqGqx.exe
  C:\Windows\System\MfuqGqx.exe
  2⤵
  PID:5628
- C:\Windows\System\NoridYM.exe
  C:\Windows\System\NoridYM.exe
  2⤵
  PID:5692
- C:\Windows\System\NldNVpU.exe
  C:\Windows\System\NldNVpU.exe
  2⤵
  PID:5848
- C:\Windows\System\kaevQNk.exe
  C:\Windows\System\kaevQNk.exe
  2⤵
  PID:5924
- C:\Windows\System\oMYIZal.exe
  C:\Windows\System\oMYIZal.exe
  2⤵
  PID:5928
- C:\Windows\System\PiREbYw.exe
  C:\Windows\System\PiREbYw.exe
  2⤵
  PID:2164
- C:\Windows\System\RbNdSey.exe
  C:\Windows\System\RbNdSey.exe
  2⤵
  PID:5960
- C:\Windows\System\dUEjcfi.exe
  C:\Windows\System\dUEjcfi.exe
  2⤵
  PID:5996
- C:\Windows\System\slkWKRi.exe
  C:\Windows\System\slkWKRi.exe
  2⤵
  PID:2112
- C:\Windows\System\eYcLnlo.exe
  C:\Windows\System\eYcLnlo.exe
  2⤵
  PID:5880
- C:\Windows\System\ZzhGtYu.exe
  C:\Windows\System\ZzhGtYu.exe
  2⤵
  PID:6052
- C:\Windows\System\xSjjxZf.exe
  C:\Windows\System\xSjjxZf.exe
  2⤵
  PID:6016
- C:\Windows\System\RuqmCuf.exe
  C:\Windows\System\RuqmCuf.exe
  2⤵
  PID:4400
- C:\Windows\System\yKSYsMT.exe
  C:\Windows\System\yKSYsMT.exe
  2⤵
  PID:4244
- C:\Windows\System\UaJuUuw.exe
  C:\Windows\System\UaJuUuw.exe
  2⤵
  PID:5292
- C:\Windows\System\rvHQsHg.exe
  C:\Windows\System\rvHQsHg.exe
  2⤵
  PID:5200
- C:\Windows\System\JNlhglb.exe
  C:\Windows\System\JNlhglb.exe
  2⤵
  PID:1920
- C:\Windows\System\wcVoYtZ.exe
  C:\Windows\System\wcVoYtZ.exe
  2⤵
  PID:5532
- C:\Windows\System\QalHVIH.exe
  C:\Windows\System\QalHVIH.exe
  2⤵
  PID:5536
- C:\Windows\System\zsnODeS.exe
  C:\Windows\System\zsnODeS.exe
  2⤵
  PID:5444
- C:\Windows\System\qyjaIsl.exe
  C:\Windows\System\qyjaIsl.exe
  2⤵
  PID:5656
- C:\Windows\System\dLYpNkA.exe
  C:\Windows\System\dLYpNkA.exe
  2⤵
  PID:5816
- C:\Windows\System\KenUAdu.exe
  C:\Windows\System\KenUAdu.exe
  2⤵
  PID:5724
- C:\Windows\System\untyIkz.exe
  C:\Windows\System\untyIkz.exe
  2⤵
  PID:3876
- C:\Windows\System\vIEzxSA.exe
  C:\Windows\System\vIEzxSA.exe
  2⤵
  PID:6076
- C:\Windows\System\VUlPhsv.exe
  C:\Windows\System\VUlPhsv.exe
  2⤵
  PID:6096
- C:\Windows\System\gCPthbd.exe
  C:\Windows\System\gCPthbd.exe
  2⤵
  PID:2032
- C:\Windows\System\EIrcbmc.exe
  C:\Windows\System\EIrcbmc.exe
  2⤵
  PID:6120
- C:\Windows\System\HsUwiOw.exe
  C:\Windows\System\HsUwiOw.exe
  2⤵
  PID:4564
- C:\Windows\System\hnkeqya.exe
  C:\Windows\System\hnkeqya.exe
  2⤵
  PID:5456
- C:\Windows\System\cKsxPnf.exe
  C:\Windows\System\cKsxPnf.exe
  2⤵
  PID:5804
- C:\Windows\System\XPYnoHg.exe
  C:\Windows\System\XPYnoHg.exe
  2⤵
  PID:5752
- C:\Windows\System\MiyXTIj.exe
  C:\Windows\System\MiyXTIj.exe
  2⤵
  PID:2400
- C:\Windows\System\WsuAJDm.exe
  C:\Windows\System\WsuAJDm.exe
  2⤵
  PID:5580
- C:\Windows\System\aLMBmTq.exe
  C:\Windows\System\aLMBmTq.exe
  2⤵
  PID:6072
- C:\Windows\System\KAbGfLZ.exe
  C:\Windows\System\KAbGfLZ.exe
  2⤵
  PID:6128
- C:\Windows\System\DdgcFzw.exe
  C:\Windows\System\DdgcFzw.exe
  2⤵
  PID:2732
- C:\Windows\System\CUMYpDj.exe
  C:\Windows\System\CUMYpDj.exe
  2⤵
  PID:4864
- C:\Windows\System\EuYHwbD.exe
  C:\Windows\System\EuYHwbD.exe
  2⤵
  PID:888
- C:\Windows\System\tSGBYKR.exe
  C:\Windows\System\tSGBYKR.exe
  2⤵
  PID:448
- C:\Windows\System\KhOamoA.exe
  C:\Windows\System\KhOamoA.exe
  2⤵
  PID:5956
- C:\Windows\System\lkHISDa.exe
  C:\Windows\System\lkHISDa.exe
  2⤵
  PID:5144
- C:\Windows\System\zEtmNYg.exe
  C:\Windows\System\zEtmNYg.exe
  2⤵
  PID:5140
- C:\Windows\System\tONNOtG.exe
  C:\Windows\System\tONNOtG.exe
  2⤵
  PID:6152
- C:\Windows\System\axcpWnT.exe
  C:\Windows\System\axcpWnT.exe
  2⤵
  PID:6168
- C:\Windows\System\IbZdXze.exe
  C:\Windows\System\IbZdXze.exe
  2⤵
  PID:6184
- C:\Windows\System\JcYAdxu.exe
  C:\Windows\System\JcYAdxu.exe
  2⤵
  PID:6200
- C:\Windows\System\evSnqOK.exe
  C:\Windows\System\evSnqOK.exe
  2⤵
  PID:6216
- C:\Windows\System\rgGYQSa.exe
  C:\Windows\System\rgGYQSa.exe
  2⤵
  PID:6232
- C:\Windows\System\mBgUxvm.exe
  C:\Windows\System\mBgUxvm.exe
  2⤵
  PID:6248
- C:\Windows\System\YwRtAuA.exe
  C:\Windows\System\YwRtAuA.exe
  2⤵
  PID:6280
- C:\Windows\System\gBzFBKk.exe
  C:\Windows\System\gBzFBKk.exe
  2⤵
  PID:6296
- C:\Windows\System\EVMjTnz.exe
  C:\Windows\System\EVMjTnz.exe
  2⤵
  PID:6316
- C:\Windows\System\zAvrGhu.exe
  C:\Windows\System\zAvrGhu.exe
  2⤵
  PID:6332
- C:\Windows\System\kMQGRdH.exe
  C:\Windows\System\kMQGRdH.exe
  2⤵
  PID:6356
- C:\Windows\System\sxXLomc.exe
  C:\Windows\System\sxXLomc.exe
  2⤵
  PID:6372
- C:\Windows\System\CxPudii.exe
  C:\Windows\System\CxPudii.exe
  2⤵
  PID:6388
- C:\Windows\System\rhtdaWG.exe
  C:\Windows\System\rhtdaWG.exe
  2⤵
  PID:6404
- C:\Windows\System\OTSXuJv.exe
  C:\Windows\System\OTSXuJv.exe
  2⤵
  PID:6420
- C:\Windows\System\DirUsCE.exe
  C:\Windows\System\DirUsCE.exe
  2⤵
  PID:6436
- C:\Windows\System\MoXHmPb.exe
  C:\Windows\System\MoXHmPb.exe
  2⤵
  PID:6452
- C:\Windows\System\enQCdos.exe
  C:\Windows\System\enQCdos.exe
  2⤵
  PID:6468
- C:\Windows\System\lJVBcTW.exe
  C:\Windows\System\lJVBcTW.exe
  2⤵
  PID:6484
- C:\Windows\System\PnVBrhf.exe
  C:\Windows\System\PnVBrhf.exe
  2⤵
  PID:6500
- C:\Windows\System\iPnBTeD.exe
  C:\Windows\System\iPnBTeD.exe
  2⤵
  PID:6516
- C:\Windows\System\YQCKydB.exe
  C:\Windows\System\YQCKydB.exe
  2⤵
  PID:6532
- C:\Windows\System\nbDFjHQ.exe
  C:\Windows\System\nbDFjHQ.exe
  2⤵
  PID:6548
- C:\Windows\System\fOOjeTa.exe
  C:\Windows\System\fOOjeTa.exe
  2⤵
  PID:6564
- C:\Windows\System\dwmIhpm.exe
  C:\Windows\System\dwmIhpm.exe
  2⤵
  PID:6580
- C:\Windows\System\SGfnuVn.exe
  C:\Windows\System\SGfnuVn.exe
  2⤵
  PID:6596
- C:\Windows\System\UTXYIsZ.exe
  C:\Windows\System\UTXYIsZ.exe
  2⤵
  PID:6612
- C:\Windows\System\jAtOnAJ.exe
  C:\Windows\System\jAtOnAJ.exe
  2⤵
  PID:6628
- C:\Windows\System\PpnItNB.exe
  C:\Windows\System\PpnItNB.exe
  2⤵
  PID:6644
- C:\Windows\System\xsMqtgV.exe
  C:\Windows\System\xsMqtgV.exe
  2⤵
  PID:6660
- C:\Windows\System\QLJZBIN.exe
  C:\Windows\System\QLJZBIN.exe
  2⤵
  PID:6676
- C:\Windows\System\xXRpMXZ.exe
  C:\Windows\System\xXRpMXZ.exe
  2⤵
  PID:6692
- C:\Windows\System\vPhFIJL.exe
  C:\Windows\System\vPhFIJL.exe
  2⤵
  PID:6708
- C:\Windows\System\CKBookd.exe
  C:\Windows\System\CKBookd.exe
  2⤵
  PID:6724
- C:\Windows\System\nfeMTQM.exe
  C:\Windows\System\nfeMTQM.exe
  2⤵
  PID:6740
- C:\Windows\System\YdTxIOX.exe
  C:\Windows\System\YdTxIOX.exe
  2⤵
  PID:6756
- C:\Windows\System\JrrZlSw.exe
  C:\Windows\System\JrrZlSw.exe
  2⤵
  PID:6776
- C:\Windows\System\jQibeEy.exe
  C:\Windows\System\jQibeEy.exe
  2⤵
  PID:6792
- C:\Windows\System\CauvWbu.exe
  C:\Windows\System\CauvWbu.exe
  2⤵
  PID:6808
- C:\Windows\System\OXiwNGf.exe
  C:\Windows\System\OXiwNGf.exe
  2⤵
  PID:6824
- C:\Windows\System\oklzNVm.exe
  C:\Windows\System\oklzNVm.exe
  2⤵
  PID:6840
- C:\Windows\System\kShokbf.exe
  C:\Windows\System\kShokbf.exe
  2⤵
  PID:6856
- C:\Windows\System\VCcFqGI.exe
  C:\Windows\System\VCcFqGI.exe
  2⤵
  PID:6872
- C:\Windows\System\uKFIIpJ.exe
  C:\Windows\System\uKFIIpJ.exe
  2⤵
  PID:6888
- C:\Windows\System\VPKkUpr.exe
  C:\Windows\System\VPKkUpr.exe
  2⤵
  PID:6904
- C:\Windows\System\zjHYOxG.exe
  C:\Windows\System\zjHYOxG.exe
  2⤵
  PID:6920
- C:\Windows\System\inNHUNO.exe
  C:\Windows\System\inNHUNO.exe
  2⤵
  PID:6936
- C:\Windows\System\RilYYIb.exe
  C:\Windows\System\RilYYIb.exe
  2⤵
  PID:6952
- C:\Windows\System\LxMdlnU.exe
  C:\Windows\System\LxMdlnU.exe
  2⤵
  PID:6968
- C:\Windows\System\tkptSqD.exe
  C:\Windows\System\tkptSqD.exe
  2⤵
  PID:6984
- C:\Windows\System\naDlGzu.exe
  C:\Windows\System\naDlGzu.exe
  2⤵
  PID:7000
- C:\Windows\System\pQstcag.exe
  C:\Windows\System\pQstcag.exe
  2⤵
  PID:7016
- C:\Windows\System\KpYfRRl.exe
  C:\Windows\System\KpYfRRl.exe
  2⤵
  PID:7032
- C:\Windows\System\OyFMprs.exe
  C:\Windows\System\OyFMprs.exe
  2⤵
  PID:7048
- C:\Windows\System\kzePpAy.exe
  C:\Windows\System\kzePpAy.exe
  2⤵
  PID:7064
- C:\Windows\System\LKjNZMo.exe
  C:\Windows\System\LKjNZMo.exe
  2⤵
  PID:7080
- C:\Windows\System\bcAAJzS.exe
  C:\Windows\System\bcAAJzS.exe
  2⤵
  PID:7096
- C:\Windows\System\TInbkJo.exe
  C:\Windows\System\TInbkJo.exe
  2⤵
  PID:7112
- C:\Windows\System\YJegldn.exe
  C:\Windows\System\YJegldn.exe
  2⤵
  PID:7128
- C:\Windows\System\LMaRmOL.exe
  C:\Windows\System\LMaRmOL.exe
  2⤵
  PID:7144
- C:\Windows\System\ezOcbHN.exe
  C:\Windows\System\ezOcbHN.exe
  2⤵
  PID:7160
- C:\Windows\System\wMFMFoL.exe
  C:\Windows\System\wMFMFoL.exe
  2⤵
  PID:5312
- C:\Windows\System\VUTlBMV.exe
  C:\Windows\System\VUTlBMV.exe
  2⤵
  PID:3852
- C:\Windows\System\ZAVPeNs.exe
  C:\Windows\System\ZAVPeNs.exe
  2⤵
  PID:6176
- C:\Windows\System\priOytH.exe
  C:\Windows\System\priOytH.exe
  2⤵
  PID:6164
- C:\Windows\System\VYQrRaM.exe
  C:\Windows\System\VYQrRaM.exe
  2⤵
  PID:6240
- C:\Windows\System\dlXThtt.exe
  C:\Windows\System\dlXThtt.exe
  2⤵
  PID:6224
- C:\Windows\System\SJfgBtA.exe
  C:\Windows\System\SJfgBtA.exe
  2⤵
  PID:6292
- C:\Windows\System\DzrtxBq.exe
  C:\Windows\System\DzrtxBq.exe
  2⤵
  PID:5876
- C:\Windows\System\CjzyeOg.exe
  C:\Windows\System\CjzyeOg.exe
  2⤵
  PID:5460
- C:\Windows\System\eSqXArS.exe
  C:\Windows\System\eSqXArS.exe
  2⤵
  PID:1864
- C:\Windows\System\IzSPXyf.exe
  C:\Windows\System\IzSPXyf.exe
  2⤵
  PID:6344
- C:\Windows\System\VfLRokW.exe
  C:\Windows\System\VfLRokW.exe
  2⤵
  PID:6428
- C:\Windows\System\heWWKgL.exe
  C:\Windows\System\heWWKgL.exe
  2⤵
  PID:6492
- C:\Windows\System\cneaypj.exe
  C:\Windows\System\cneaypj.exe
  2⤵
  PID:6556
- C:\Windows\System\JRCnZuG.exe
  C:\Windows\System\JRCnZuG.exe
  2⤵
  PID:6572
- C:\Windows\System\yXZSvXu.exe
  C:\Windows\System\yXZSvXu.exe
  2⤵
  PID:6636
- C:\Windows\System\xAWfUIt.exe
  C:\Windows\System\xAWfUIt.exe
  2⤵
  PID:6512
- C:\Windows\System\XwxhEkm.exe
  C:\Windows\System\XwxhEkm.exe
  2⤵
  PID:6444
- C:\Windows\System\cFkZKuL.exe
  C:\Windows\System\cFkZKuL.exe
  2⤵
  PID:6592
- C:\Windows\System\AmaFbnQ.exe
  C:\Windows\System\AmaFbnQ.exe
  2⤵
  PID:6652
- C:\Windows\System\qWVcSLR.exe
  C:\Windows\System\qWVcSLR.exe
  2⤵
  PID:6764
- C:\Windows\System\jFaBTIj.exe
  C:\Windows\System\jFaBTIj.exe
  2⤵
  PID:6736
- C:\Windows\System\PsqHnNd.exe
  C:\Windows\System\PsqHnNd.exe
  2⤵
  PID:6784
- C:\Windows\System\DHTuepk.exe
  C:\Windows\System\DHTuepk.exe
  2⤵
  PID:6768
- C:\Windows\System\ytRpZsk.exe
  C:\Windows\System\ytRpZsk.exe
  2⤵
  PID:6804
- C:\Windows\System\mhoJsWA.exe
  C:\Windows\System\mhoJsWA.exe
  2⤵
  PID:6852
- C:\Windows\System\BumxekG.exe
  C:\Windows\System\BumxekG.exe
  2⤵
  PID:6916
- C:\Windows\System\ImTRhZP.exe
  C:\Windows\System\ImTRhZP.exe
  2⤵
  PID:6868
- C:\Windows\System\SJYesEO.exe
  C:\Windows\System\SJYesEO.exe
  2⤵
  PID:6932
- C:\Windows\System\OwdtHWa.exe
  C:\Windows\System\OwdtHWa.exe
  2⤵
  PID:6976
- C:\Windows\System\CUdgLTs.exe
  C:\Windows\System\CUdgLTs.exe
  2⤵
  PID:6996
- C:\Windows\System\JhydNTT.exe
  C:\Windows\System\JhydNTT.exe
  2⤵
  PID:7040
- C:\Windows\System\wAKvkjs.exe
  C:\Windows\System\wAKvkjs.exe
  2⤵
  PID:7024
- C:\Windows\System\SbzVxkJ.exe
  C:\Windows\System\SbzVxkJ.exe
  2⤵
  PID:7088
- C:\Windows\System\MdkUdNG.exe
  C:\Windows\System\MdkUdNG.exe
  2⤵
  PID:7124
- C:\Windows\System\jvnstib.exe
  C:\Windows\System\jvnstib.exe
  2⤵
  PID:1996
- C:\Windows\System\chebTOP.exe
  C:\Windows\System\chebTOP.exe
  2⤵
  PID:5672
- C:\Windows\System\vcLkIBS.exe
  C:\Windows\System\vcLkIBS.exe
  2⤵
  PID:5688
- C:\Windows\System\ynWWTJQ.exe
  C:\Windows\System\ynWWTJQ.exe
  2⤵
  PID:6212
- C:\Windows\System\RXGbnLs.exe
  C:\Windows\System\RXGbnLs.exe
  2⤵
  PID:6328
- C:\Windows\System\FOdIRiZ.exe
  C:\Windows\System\FOdIRiZ.exe
  2⤵
  PID:6308
- C:\Windows\System\Iaabcih.exe
  C:\Windows\System\Iaabcih.exe
  2⤵
  PID:6368
- C:\Windows\System\UMilCSP.exe
  C:\Windows\System\UMilCSP.exe
  2⤵
  PID:6400
- C:\Windows\System\zeOxBuj.exe
  C:\Windows\System\zeOxBuj.exe
  2⤵
  PID:6528
- C:\Windows\System\lAWAHCC.exe
  C:\Windows\System\lAWAHCC.exe
  2⤵
  PID:6540
- C:\Windows\System\bTdkeyB.exe
  C:\Windows\System\bTdkeyB.exe
  2⤵
  PID:6476
- C:\Windows\System\dDHDHMT.exe
  C:\Windows\System\dDHDHMT.exe
  2⤵
  PID:6684
- C:\Windows\System\QUZHQyB.exe
  C:\Windows\System\QUZHQyB.exe
  2⤵
  PID:6732
- C:\Windows\System\kLvmNhp.exe
  C:\Windows\System\kLvmNhp.exe
  2⤵
  PID:6820
- C:\Windows\System\ZcGBfdo.exe
  C:\Windows\System\ZcGBfdo.exe
  2⤵
  PID:6900
- C:\Windows\System\hWQDamc.exe
  C:\Windows\System\hWQDamc.exe
  2⤵
  PID:6992
- C:\Windows\System\olahgKt.exe
  C:\Windows\System\olahgKt.exe
  2⤵
  PID:6980
- C:\Windows\System\WRCVuoB.exe
  C:\Windows\System\WRCVuoB.exe
  2⤵
  PID:7056
- C:\Windows\System\taGnGaf.exe
  C:\Windows\System\taGnGaf.exe
  2⤵
  PID:7076
- C:\Windows\System\rUaPwjk.exe
  C:\Windows\System\rUaPwjk.exe
  2⤵
  PID:6124
- C:\Windows\System\yOUFxCN.exe
  C:\Windows\System\yOUFxCN.exe
  2⤵
  PID:6080
- C:\Windows\System\baBBXut.exe
  C:\Windows\System\baBBXut.exe
  2⤵
  PID:6228
- C:\Windows\System\EmaxxlS.exe
  C:\Windows\System\EmaxxlS.exe
  2⤵
  PID:6704
- C:\Windows\System\DpozDlK.exe
  C:\Windows\System\DpozDlK.exe
  2⤵
  PID:6288
- C:\Windows\System\BDiBkwG.exe
  C:\Windows\System\BDiBkwG.exe
  2⤵
  PID:6396
- C:\Windows\System\LbdSpod.exe
  C:\Windows\System\LbdSpod.exe
  2⤵
  PID:6752
- C:\Windows\System\oFcgveF.exe
  C:\Windows\System\oFcgveF.exe
  2⤵
  PID:6884
- C:\Windows\System\jVxKrjL.exe
  C:\Windows\System\jVxKrjL.exe
  2⤵
  PID:7012
- C:\Windows\System\jjCnCNk.exe
  C:\Windows\System\jjCnCNk.exe
  2⤵
  PID:5008
- C:\Windows\System\vxBilsa.exe
  C:\Windows\System\vxBilsa.exe
  2⤵
  PID:6816
- C:\Windows\System\tXTYhdP.exe
  C:\Windows\System\tXTYhdP.exe
  2⤵
  PID:6208
- C:\Windows\System\gfPTUkw.exe
  C:\Windows\System\gfPTUkw.exe
  2⤵
  PID:6588
- C:\Windows\System\yRrfkcT.exe
  C:\Windows\System\yRrfkcT.exe
  2⤵
  PID:6524
- C:\Windows\System\TtRRrmT.exe
  C:\Windows\System\TtRRrmT.exe
  2⤵
  PID:6948
- C:\Windows\System\YvOojnf.exe
  C:\Windows\System\YvOojnf.exe
  2⤵
  PID:6544
- C:\Windows\System\nObtQxH.exe
  C:\Windows\System\nObtQxH.exe
  2⤵
  PID:7180
- C:\Windows\System\HDIsZEx.exe
  C:\Windows\System\HDIsZEx.exe
  2⤵
  PID:7196
- C:\Windows\System\fjBmAMx.exe
  C:\Windows\System\fjBmAMx.exe
  2⤵
  PID:7212
- C:\Windows\System\ZWlhLZC.exe
  C:\Windows\System\ZWlhLZC.exe
  2⤵
  PID:7228
- C:\Windows\System\FOWzKlM.exe
  C:\Windows\System\FOWzKlM.exe
  2⤵
  PID:7244
- C:\Windows\System\rNJOlmV.exe
  C:\Windows\System\rNJOlmV.exe
  2⤵
  PID:7260
- C:\Windows\System\QYIKMJc.exe
  C:\Windows\System\QYIKMJc.exe
  2⤵
  PID:7276
- C:\Windows\System\ETnElxN.exe
  C:\Windows\System\ETnElxN.exe
  2⤵
  PID:7292
- C:\Windows\System\AcvTqTQ.exe
  C:\Windows\System\AcvTqTQ.exe
  2⤵
  PID:7308
- C:\Windows\System\GLpsrkp.exe
  C:\Windows\System\GLpsrkp.exe
  2⤵
  PID:7324
- C:\Windows\System\KEQzUyn.exe
  C:\Windows\System\KEQzUyn.exe
  2⤵
  PID:7340
- C:\Windows\System\dYXbrRb.exe
  C:\Windows\System\dYXbrRb.exe
  2⤵
  PID:7356
- C:\Windows\System\EtGldOP.exe
  C:\Windows\System\EtGldOP.exe
  2⤵
  PID:7376
- C:\Windows\System\uwAAYkJ.exe
  C:\Windows\System\uwAAYkJ.exe
  2⤵
  PID:7392
- C:\Windows\System\AAsxkEz.exe
  C:\Windows\System\AAsxkEz.exe
  2⤵
  PID:7408
- C:\Windows\System\BmAEEFD.exe
  C:\Windows\System\BmAEEFD.exe
  2⤵
  PID:7424
- C:\Windows\System\ZEaiPeg.exe
  C:\Windows\System\ZEaiPeg.exe
  2⤵
  PID:7440
- C:\Windows\System\wchhubj.exe
  C:\Windows\System\wchhubj.exe
  2⤵
  PID:7460
- C:\Windows\System\krxtiTX.exe
  C:\Windows\System\krxtiTX.exe
  2⤵
  PID:7476
- C:\Windows\System\DtAheys.exe
  C:\Windows\System\DtAheys.exe
  2⤵
  PID:7492
- C:\Windows\System\gEgtcTt.exe
  C:\Windows\System\gEgtcTt.exe
  2⤵
  PID:7508
- C:\Windows\System\NwPhQSU.exe
  C:\Windows\System\NwPhQSU.exe
  2⤵
  PID:7524
- C:\Windows\System\sErNZLd.exe
  C:\Windows\System\sErNZLd.exe
  2⤵
  PID:7540
- C:\Windows\System\UWYHwed.exe
  C:\Windows\System\UWYHwed.exe
  2⤵
  PID:7556
- C:\Windows\System\uHnKSTE.exe
  C:\Windows\System\uHnKSTE.exe
  2⤵
  PID:7572
- C:\Windows\System\TfbHPdg.exe
  C:\Windows\System\TfbHPdg.exe
  2⤵
  PID:7588
- C:\Windows\System\aWXrhAD.exe
  C:\Windows\System\aWXrhAD.exe
  2⤵
  PID:7604
- C:\Windows\System\BKdwUiV.exe
  C:\Windows\System\BKdwUiV.exe
  2⤵
  PID:7620
- C:\Windows\System\TNoFfCN.exe
  C:\Windows\System\TNoFfCN.exe
  2⤵
  PID:7636
- C:\Windows\System\lOLnRMz.exe
  C:\Windows\System\lOLnRMz.exe
  2⤵
  PID:7652
- C:\Windows\System\nznjnYa.exe
  C:\Windows\System\nznjnYa.exe
  2⤵
  PID:7668
- C:\Windows\System\CjhrXRb.exe
  C:\Windows\System\CjhrXRb.exe
  2⤵
  PID:7684
- C:\Windows\System\qrrImxJ.exe
  C:\Windows\System\qrrImxJ.exe
  2⤵
  PID:7700
- C:\Windows\System\tgSgPHO.exe
  C:\Windows\System\tgSgPHO.exe
  2⤵
  PID:7716
- C:\Windows\System\zEQnqIP.exe
  C:\Windows\System\zEQnqIP.exe
  2⤵
  PID:7732
- C:\Windows\System\ZElvxvJ.exe
  C:\Windows\System\ZElvxvJ.exe
  2⤵
  PID:7748
- C:\Windows\System\SCbgMwy.exe
  C:\Windows\System\SCbgMwy.exe
  2⤵
  PID:7764
- C:\Windows\System\IPxSuNh.exe
  C:\Windows\System\IPxSuNh.exe
  2⤵
  PID:7780
- C:\Windows\System\PJwUuTq.exe
  C:\Windows\System\PJwUuTq.exe
  2⤵
  PID:7796
- C:\Windows\System\wSzqHak.exe
  C:\Windows\System\wSzqHak.exe
  2⤵
  PID:7812
- C:\Windows\System\JYXlKsK.exe
  C:\Windows\System\JYXlKsK.exe
  2⤵
  PID:7828
- C:\Windows\System\daEYvOd.exe
  C:\Windows\System\daEYvOd.exe
  2⤵
  PID:7844
- C:\Windows\System\iIfntYe.exe
  C:\Windows\System\iIfntYe.exe
  2⤵
  PID:7860
- C:\Windows\System\fvRcxCq.exe
  C:\Windows\System\fvRcxCq.exe
  2⤵
  PID:7876
- C:\Windows\System\ZbsIaiY.exe
  C:\Windows\System\ZbsIaiY.exe
  2⤵
  PID:7892
- C:\Windows\System\LLHeruT.exe
  C:\Windows\System\LLHeruT.exe
  2⤵
  PID:7908
- C:\Windows\System\RNJRxjD.exe
  C:\Windows\System\RNJRxjD.exe
  2⤵
  PID:7924
- C:\Windows\System\rAaDcYe.exe
  C:\Windows\System\rAaDcYe.exe
  2⤵
  PID:7940
- C:\Windows\System\ATCmgsZ.exe
  C:\Windows\System\ATCmgsZ.exe
  2⤵
  PID:7956
- C:\Windows\System\XwntmdA.exe
  C:\Windows\System\XwntmdA.exe
  2⤵
  PID:7972
- C:\Windows\System\zKJZKMh.exe
  C:\Windows\System\zKJZKMh.exe
  2⤵
  PID:7988
- C:\Windows\System\moOHDcn.exe
  C:\Windows\System\moOHDcn.exe
  2⤵
  PID:8004
- C:\Windows\System\LmiucYe.exe
  C:\Windows\System\LmiucYe.exe
  2⤵
  PID:8020
- C:\Windows\System\cgzKwxW.exe
  C:\Windows\System\cgzKwxW.exe
  2⤵
  PID:8036
- C:\Windows\System\jJyxfoD.exe
  C:\Windows\System\jJyxfoD.exe
  2⤵
  PID:8052
- C:\Windows\System\kRYinWO.exe
  C:\Windows\System\kRYinWO.exe
  2⤵
  PID:8068
- C:\Windows\System\kFiCMhD.exe
  C:\Windows\System\kFiCMhD.exe
  2⤵
  PID:8084
- C:\Windows\System\KLupvqa.exe
  C:\Windows\System\KLupvqa.exe
  2⤵
  PID:8100
- C:\Windows\System\RzZGDrf.exe
  C:\Windows\System\RzZGDrf.exe
  2⤵
  PID:8116
- C:\Windows\System\rWBQwfG.exe
  C:\Windows\System\rWBQwfG.exe
  2⤵
  PID:8132
- C:\Windows\System\PPlSLfT.exe
  C:\Windows\System\PPlSLfT.exe
  2⤵
  PID:8156
- C:\Windows\System\opCcHgU.exe
  C:\Windows\System\opCcHgU.exe
  2⤵
  PID:8172
- C:\Windows\System\EMsSQzC.exe
  C:\Windows\System\EMsSQzC.exe
  2⤵
  PID:8188
- C:\Windows\System\LPysiVb.exe
  C:\Windows\System\LPysiVb.exe
  2⤵
  PID:6464
- C:\Windows\System\uGZqfuK.exe
  C:\Windows\System\uGZqfuK.exe
  2⤵
  PID:7220
- C:\Windows\System\XMWyZlq.exe
  C:\Windows\System\XMWyZlq.exe
  2⤵
  PID:7172
- C:\Windows\System\SgJdshQ.exe
  C:\Windows\System\SgJdshQ.exe
  2⤵
  PID:7240
- C:\Windows\System\zGyjtca.exe
  C:\Windows\System\zGyjtca.exe
  2⤵
  PID:7304
- C:\Windows\System\NrDYLzI.exe
  C:\Windows\System\NrDYLzI.exe
  2⤵
  PID:7316
- C:\Windows\System\vZmkhJW.exe
  C:\Windows\System\vZmkhJW.exe
  2⤵
  PID:7448
- C:\Windows\System\uVESrmG.exe
  C:\Windows\System\uVESrmG.exe
  2⤵
  PID:7432
- C:\Windows\System\Moyxtcm.exe
  C:\Windows\System\Moyxtcm.exe
  2⤵
  PID:7400
- C:\Windows\System\tWPQbWn.exe
  C:\Windows\System\tWPQbWn.exe
  2⤵
  PID:7500
- C:\Windows\System\GDYwQge.exe
  C:\Windows\System\GDYwQge.exe
  2⤵
  PID:7348
- C:\Windows\System\HtaItef.exe
  C:\Windows\System\HtaItef.exe
  2⤵
  PID:7536
- C:\Windows\System\xLrKJyf.exe
  C:\Windows\System\xLrKJyf.exe
  2⤵
  PID:7600
- C:\Windows\System\nfwfxQH.exe
  C:\Windows\System\nfwfxQH.exe
  2⤵
  PID:7520
- C:\Windows\System\iwEPkfz.exe
  C:\Windows\System\iwEPkfz.exe
  2⤵
  PID:7584
- C:\Windows\System\UqDjlRZ.exe
  C:\Windows\System\UqDjlRZ.exe
  2⤵
  PID:7644
- C:\Windows\System\PdaxnMK.exe
  C:\Windows\System\PdaxnMK.exe
  2⤵
  PID:7648
- C:\Windows\System\kqwsLJg.exe
  C:\Windows\System\kqwsLJg.exe
  2⤵
  PID:7696
- C:\Windows\System\wbrmYkK.exe
  C:\Windows\System\wbrmYkK.exe
  2⤵
  PID:7676
- C:\Windows\System\GLKAkVs.exe
  C:\Windows\System\GLKAkVs.exe
  2⤵
  PID:7740
- C:\Windows\System\Ktnymkh.exe
  C:\Windows\System\Ktnymkh.exe
  2⤵
  PID:7824
- C:\Windows\System\hbysTWv.exe
  C:\Windows\System\hbysTWv.exe
  2⤵
  PID:7836
- C:\Windows\System\PitmHVL.exe
  C:\Windows\System\PitmHVL.exe
  2⤵
  PID:7856
- C:\Windows\System\QFRYiIJ.exe
  C:\Windows\System\QFRYiIJ.exe
  2⤵
  PID:7888
- C:\Windows\System\xCrsrCA.exe
  C:\Windows\System\xCrsrCA.exe
  2⤵
  PID:7920
- C:\Windows\System\oZPpYXQ.exe
  C:\Windows\System\oZPpYXQ.exe
  2⤵
  PID:7952
- C:\Windows\System\cCQIWyX.exe
  C:\Windows\System\cCQIWyX.exe
  2⤵
  PID:7984
- C:\Windows\System\UlSEgcc.exe
  C:\Windows\System\UlSEgcc.exe
  2⤵
  PID:7996
- C:\Windows\System\VvNzXxG.exe
  C:\Windows\System\VvNzXxG.exe
  2⤵
  PID:8044
- C:\Windows\System\OedZfGY.exe
  C:\Windows\System\OedZfGY.exe
  2⤵
  PID:8092
- C:\Windows\System\ogiqxiw.exe
  C:\Windows\System\ogiqxiw.exe
  2⤵
  PID:8108
- C:\Windows\System\UYJnWcG.exe
  C:\Windows\System\UYJnWcG.exe
  2⤵
  PID:8128
- C:\Windows\System\ozjnfUm.exe
  C:\Windows\System\ozjnfUm.exe
  2⤵
  PID:8180
- C:\Windows\System\cHahcDH.exe
  C:\Windows\System\cHahcDH.exe
  2⤵
  PID:8164
- C:\Windows\System\YVSbUOe.exe
  C:\Windows\System\YVSbUOe.exe
  2⤵
  PID:4412
- C:\Windows\System\FwooZdr.exe
  C:\Windows\System\FwooZdr.exe
  2⤵
  PID:7236
- C:\Windows\System\ziSrJpR.exe
  C:\Windows\System\ziSrJpR.exe
  2⤵
  PID:7284
- C:\Windows\System\sdYVjyX.exe
  C:\Windows\System\sdYVjyX.exe
  2⤵
  PID:7468
- C:\Windows\System\PnjwSor.exe
  C:\Windows\System\PnjwSor.exe
  2⤵
  PID:7632
- C:\Windows\System\PyKoIFS.exe
  C:\Windows\System\PyKoIFS.exe
  2⤵
  PID:7504
- C:\Windows\System\ymiNGMC.exe
  C:\Windows\System\ymiNGMC.exe
  2⤵
  PID:7596
- C:\Windows\System\ScfwFFR.exe
  C:\Windows\System\ScfwFFR.exe
  2⤵
  PID:7664
- C:\Windows\System\fdZzPOc.exe
  C:\Windows\System\fdZzPOc.exe
  2⤵
  PID:7708
- C:\Windows\System\SSfSHOh.exe
  C:\Windows\System\SSfSHOh.exe
  2⤵
  PID:7792
- C:\Windows\System\OiKSfgW.exe
  C:\Windows\System\OiKSfgW.exe
  2⤵
  PID:7772
- C:\Windows\System\cVJbPSn.exe
  C:\Windows\System\cVJbPSn.exe
  2⤵
  PID:7936
- C:\Windows\System\YpuMpDl.exe
  C:\Windows\System\YpuMpDl.exe
  2⤵
  PID:7980
- C:\Windows\System\CAiFszd.exe
  C:\Windows\System\CAiFszd.exe
  2⤵
  PID:7852
- C:\Windows\System\cXTpItc.exe
  C:\Windows\System\cXTpItc.exe
  2⤵
  PID:8124
- C:\Windows\System\ytyMXnf.exe
  C:\Windows\System\ytyMXnf.exe
  2⤵
  PID:8060
- C:\Windows\System\nfYDpMB.exe
  C:\Windows\System\nfYDpMB.exe
  2⤵
  PID:6340
- C:\Windows\System\KISvXaH.exe
  C:\Windows\System\KISvXaH.exe
  2⤵
  PID:7204
- C:\Windows\System\ZZXZWgg.exe
  C:\Windows\System\ZZXZWgg.exe
  2⤵
  PID:7420
- C:\Windows\System\bXIbyTd.exe
  C:\Windows\System\bXIbyTd.exe
  2⤵
  PID:7416
- C:\Windows\System\JZujjEu.exe
  C:\Windows\System\JZujjEu.exe
  2⤵
  PID:7336
- C:\Windows\System\mStQgut.exe
  C:\Windows\System\mStQgut.exe
  2⤵
  PID:7968
- C:\Windows\System\rXTKAOW.exe
  C:\Windows\System\rXTKAOW.exe
  2⤵
  PID:7868
- C:\Windows\System\vBGbctn.exe
  C:\Windows\System\vBGbctn.exe
  2⤵
  PID:8032
- C:\Windows\System\iELQlPm.exe
  C:\Windows\System\iELQlPm.exe
  2⤵
  PID:7660
- C:\Windows\System\vWKIGBs.exe
  C:\Windows\System\vWKIGBs.exe
  2⤵
  PID:8080
- C:\Windows\System\aLXnKfZ.exe
  C:\Windows\System\aLXnKfZ.exe
  2⤵
  PID:7252
- C:\Windows\System\JZHesRo.exe
  C:\Windows\System\JZHesRo.exe
  2⤵
  PID:8028
- C:\Windows\System\UttdxCZ.exe
  C:\Windows\System\UttdxCZ.exe
  2⤵
  PID:8196
- C:\Windows\System\WziMhFK.exe
  C:\Windows\System\WziMhFK.exe
  2⤵
  PID:8212
- C:\Windows\System\ljTdbum.exe
  C:\Windows\System\ljTdbum.exe
  2⤵
  PID:8228
- C:\Windows\System\qdqwxgK.exe
  C:\Windows\System\qdqwxgK.exe
  2⤵
  PID:8244
- C:\Windows\System\aDtaABq.exe
  C:\Windows\System\aDtaABq.exe
  2⤵
  PID:8260
- C:\Windows\System\eClZlSO.exe
  C:\Windows\System\eClZlSO.exe
  2⤵
  PID:8276
- C:\Windows\System\hNDCAwO.exe
  C:\Windows\System\hNDCAwO.exe
  2⤵
  PID:8292
- C:\Windows\System\splJhBT.exe
  C:\Windows\System\splJhBT.exe
  2⤵
  PID:8308
- C:\Windows\System\kQReoSG.exe
  C:\Windows\System\kQReoSG.exe
  2⤵
  PID:8324
- C:\Windows\System\FNbDlxR.exe
  C:\Windows\System\FNbDlxR.exe
  2⤵
  PID:8340
- C:\Windows\System\raVTzyx.exe
  C:\Windows\System\raVTzyx.exe
  2⤵
  PID:8356
- C:\Windows\System\YQSZrJr.exe
  C:\Windows\System\YQSZrJr.exe
  2⤵
  PID:8372
- C:\Windows\System\dRpujTu.exe
  C:\Windows\System\dRpujTu.exe
  2⤵
  PID:8388
- C:\Windows\System\kAZsgya.exe
  C:\Windows\System\kAZsgya.exe
  2⤵
  PID:8404
- C:\Windows\System\TJOcKZp.exe
  C:\Windows\System\TJOcKZp.exe
  2⤵
  PID:8420
- C:\Windows\System\DJzPgZN.exe
  C:\Windows\System\DJzPgZN.exe
  2⤵
  PID:8436
- C:\Windows\System\PMXvgve.exe
  C:\Windows\System\PMXvgve.exe
  2⤵
  PID:8452
- C:\Windows\System\FSTVCkE.exe
  C:\Windows\System\FSTVCkE.exe
  2⤵
  PID:8472
- C:\Windows\System\sARgbjY.exe
  C:\Windows\System\sARgbjY.exe
  2⤵
  PID:8488
- C:\Windows\System\hgwKmQQ.exe
  C:\Windows\System\hgwKmQQ.exe
  2⤵
  PID:8504
- C:\Windows\System\MSSJoBu.exe
  C:\Windows\System\MSSJoBu.exe
  2⤵
  PID:8520
- C:\Windows\System\rPzFkuv.exe
  C:\Windows\System\rPzFkuv.exe
  2⤵
  PID:8536
- C:\Windows\System\CQMWnmT.exe
  C:\Windows\System\CQMWnmT.exe
  2⤵
  PID:8552
- C:\Windows\System\TvJkEUz.exe
  C:\Windows\System\TvJkEUz.exe
  2⤵
  PID:8572
- C:\Windows\System\rWKTysW.exe
  C:\Windows\System\rWKTysW.exe
  2⤵
  PID:8588
- C:\Windows\System\NGVzPWS.exe
  C:\Windows\System\NGVzPWS.exe
  2⤵
  PID:8608
- C:\Windows\System\WqXTnxV.exe
  C:\Windows\System\WqXTnxV.exe
  2⤵
  PID:8624
- C:\Windows\System\kmOcbBV.exe
  C:\Windows\System\kmOcbBV.exe
  2⤵
  PID:8640
- C:\Windows\System\OKBDICY.exe
  C:\Windows\System\OKBDICY.exe
  2⤵
  PID:8656
- C:\Windows\System\Vohnkcn.exe
  C:\Windows\System\Vohnkcn.exe
  2⤵
  PID:8676
- C:\Windows\System\XsXbapA.exe
  C:\Windows\System\XsXbapA.exe
  2⤵
  PID:8692
- C:\Windows\System\EwZGJqE.exe
  C:\Windows\System\EwZGJqE.exe
  2⤵
  PID:8708
- C:\Windows\System\gVztVii.exe
  C:\Windows\System\gVztVii.exe
  2⤵
  PID:8724
- C:\Windows\System\vJzfAgC.exe
  C:\Windows\System\vJzfAgC.exe
  2⤵
  PID:8740
- C:\Windows\System\OHqWUvI.exe
  C:\Windows\System\OHqWUvI.exe
  2⤵
  PID:8756
- C:\Windows\System\jBpHqWN.exe
  C:\Windows\System\jBpHqWN.exe
  2⤵
  PID:8772
- C:\Windows\System\jsXbPci.exe
  C:\Windows\System\jsXbPci.exe
  2⤵
  PID:8788
- C:\Windows\System\mwUExIn.exe
  C:\Windows\System\mwUExIn.exe
  2⤵
  PID:8804
- C:\Windows\System\KahDVPa.exe
  C:\Windows\System\KahDVPa.exe
  2⤵
  PID:8820
- C:\Windows\System\RBeoQzv.exe
  C:\Windows\System\RBeoQzv.exe
  2⤵
  PID:8836
- C:\Windows\System\fmoWZBu.exe
  C:\Windows\System\fmoWZBu.exe
  2⤵
  PID:8852
- C:\Windows\System\NNSBxVj.exe
  C:\Windows\System\NNSBxVj.exe
  2⤵
  PID:8868
- C:\Windows\System\XyBjrWL.exe
  C:\Windows\System\XyBjrWL.exe
  2⤵
  PID:8884
- C:\Windows\System\BShnbrJ.exe
  C:\Windows\System\BShnbrJ.exe
  2⤵
  PID:8900
- C:\Windows\System\MyRxQFZ.exe
  C:\Windows\System\MyRxQFZ.exe
  2⤵
  PID:8916
- C:\Windows\System\DdwDvTU.exe
  C:\Windows\System\DdwDvTU.exe
  2⤵
  PID:8932
- C:\Windows\System\WQyhQwF.exe
  C:\Windows\System\WQyhQwF.exe
  2⤵
  PID:8948
- C:\Windows\System\nAGArlJ.exe
  C:\Windows\System\nAGArlJ.exe
  2⤵
  PID:8964
- C:\Windows\System\ePMVTRg.exe
  C:\Windows\System\ePMVTRg.exe
  2⤵
  PID:8980
- C:\Windows\System\UOipqQp.exe
  C:\Windows\System\UOipqQp.exe
  2⤵
  PID:8996
- C:\Windows\System\WQoZxdx.exe
  C:\Windows\System\WQoZxdx.exe
  2⤵
  PID:9012
- C:\Windows\System\uHoLuPO.exe
  C:\Windows\System\uHoLuPO.exe
  2⤵
  PID:9028
- C:\Windows\System\vnFTCaB.exe
  C:\Windows\System\vnFTCaB.exe
  2⤵
  PID:9048
- C:\Windows\System\lnEjGmo.exe
  C:\Windows\System\lnEjGmo.exe
  2⤵
  PID:9072
- C:\Windows\System\DeEsMhi.exe
  C:\Windows\System\DeEsMhi.exe
  2⤵
  PID:9092
- C:\Windows\System\KeDTVML.exe
  C:\Windows\System\KeDTVML.exe
  2⤵
  PID:9108
- C:\Windows\System\wpYsJwo.exe
  C:\Windows\System\wpYsJwo.exe
  2⤵
  PID:9124
- C:\Windows\System\KSeMBQA.exe
  C:\Windows\System\KSeMBQA.exe
  2⤵
  PID:9144
- C:\Windows\System\ayAgroQ.exe
  C:\Windows\System\ayAgroQ.exe
  2⤵
  PID:9172
- C:\Windows\System\UoJwAVR.exe
  C:\Windows\System\UoJwAVR.exe
  2⤵
  PID:9196
- C:\Windows\System\hfZWpWd.exe
  C:\Windows\System\hfZWpWd.exe
  2⤵
  PID:9212
- C:\Windows\System\YTXNvOy.exe
  C:\Windows\System\YTXNvOy.exe
  2⤵
  PID:8208
- C:\Windows\System\PUjjVLl.exe
  C:\Windows\System\PUjjVLl.exe
  2⤵
  PID:7188
- C:\Windows\System\LvTpnhw.exe
  C:\Windows\System\LvTpnhw.exe
  2⤵
  PID:8256
- C:\Windows\System\xAxCfkz.exe
  C:\Windows\System\xAxCfkz.exe
  2⤵
  PID:8336
- C:\Windows\System\VVnKBBO.exe
  C:\Windows\System\VVnKBBO.exe
  2⤵
  PID:8320
- C:\Windows\System\DwMFeGn.exe
  C:\Windows\System\DwMFeGn.exe
  2⤵
  PID:8464
- C:\Windows\System\kLiJDcb.exe
  C:\Windows\System\kLiJDcb.exe
  2⤵
  PID:8380
- C:\Windows\System\kaYosJV.exe
  C:\Windows\System\kaYosJV.exe
  2⤵
  PID:8444
- C:\Windows\System\xKmAENW.exe
  C:\Windows\System\xKmAENW.exe
  2⤵
  PID:8500
- C:\Windows\System\WwqQeKo.exe
  C:\Windows\System\WwqQeKo.exe
  2⤵
  PID:7452
- C:\Windows\System\MDjLJBg.exe
  C:\Windows\System\MDjLJBg.exe
  2⤵
  PID:8512
- C:\Windows\System\XjncYPc.exe
  C:\Windows\System\XjncYPc.exe
  2⤵
  PID:8596
- C:\Windows\System\RMIXyRE.exe
  C:\Windows\System\RMIXyRE.exe
  2⤵
  PID:8664
- C:\Windows\System\myoQyXD.exe
  C:\Windows\System\myoQyXD.exe
  2⤵
  PID:8616
- C:\Windows\System\wcnafmQ.exe
  C:\Windows\System\wcnafmQ.exe
  2⤵
  PID:8704
- C:\Windows\System\woeCnOh.exe
  C:\Windows\System\woeCnOh.exe
  2⤵
  PID:8768
- C:\Windows\System\MwNGkpz.exe
  C:\Windows\System\MwNGkpz.exe
  2⤵
  PID:8720
- C:\Windows\System\fWUTEZL.exe
  C:\Windows\System\fWUTEZL.exe
  2⤵
  PID:7320
- C:\Windows\System\qFWtQqi.exe
  C:\Windows\System\qFWtQqi.exe
  2⤵
  PID:9088
- C:\Windows\System\muQCUjZ.exe
  C:\Windows\System\muQCUjZ.exe
  2⤵
  PID:9120
- C:\Windows\System\UWbXaDs.exe
  C:\Windows\System\UWbXaDs.exe
  2⤵
  PID:8876
- C:\Windows\System\RVsuVtE.exe
  C:\Windows\System\RVsuVtE.exe
  2⤵
  PID:8560
- C:\Windows\System\DtwtcVB.exe
  C:\Windows\System\DtwtcVB.exe
  2⤵
  PID:8860
- C:\Windows\System\kTZSqYi.exe
  C:\Windows\System\kTZSqYi.exe
  2⤵
  PID:8620
- C:\Windows\System\QtJgduV.exe
  C:\Windows\System\QtJgduV.exe
  2⤵
  PID:8832
- C:\Windows\System\siDCOCO.exe
  C:\Windows\System\siDCOCO.exe
  2⤵
  PID:9084
- C:\Windows\System\sYoLCOC.exe
  C:\Windows\System\sYoLCOC.exe
  2⤵
  PID:9160
- C:\Windows\System\IZCgwhJ.exe
  C:\Windows\System\IZCgwhJ.exe
  2⤵
  PID:9116
- C:\Windows\System\kScOwFI.exe
  C:\Windows\System\kScOwFI.exe
  2⤵
  PID:8368
- C:\Windows\System\rooFxjV.exe
  C:\Windows\System\rooFxjV.exe
  2⤵
  PID:8544
- C:\Windows\System\yGYnkMf.exe
  C:\Windows\System\yGYnkMf.exe
  2⤵
  PID:8568
- C:\Windows\System\uvosCdF.exe
  C:\Windows\System\uvosCdF.exe
  2⤵
  PID:8632
- C:\Windows\System\zJZJaLV.exe
  C:\Windows\System\zJZJaLV.exe
  2⤵
  PID:8688
- C:\Windows\System\zMZHkiq.exe
  C:\Windows\System\zMZHkiq.exe
  2⤵
  PID:8940
- C:\Windows\System\iDjOYwQ.exe
  C:\Windows\System\iDjOYwQ.exe
  2⤵
  PID:9180
- C:\Windows\System\fajUxfQ.exe
  C:\Windows\System\fajUxfQ.exe
  2⤵
  PID:8988
- C:\Windows\System\LMjTumv.exe
  C:\Windows\System\LMjTumv.exe
  2⤵
  PID:9004
- C:\Windows\System\gJhyskV.exe
  C:\Windows\System\gJhyskV.exe
  2⤵
  PID:8864
- C:\Windows\System\EjKcPKU.exe
  C:\Windows\System\EjKcPKU.exe
  2⤵
  PID:8716
- C:\Windows\System\WERaEtc.exe
  C:\Windows\System\WERaEtc.exe
  2⤵
  PID:8748
- C:\Windows\System\bCBlbfA.exe
  C:\Windows\System\bCBlbfA.exe
  2⤵
  PID:9136
- C:\Windows\System\guoEhjY.exe
  C:\Windows\System\guoEhjY.exe
  2⤵
  PID:8648
- C:\Windows\System\OHsZPvO.exe
  C:\Windows\System\OHsZPvO.exe
  2⤵
  PID:8240
- C:\Windows\System\NEjYsLe.exe
  C:\Windows\System\NEjYsLe.exe
  2⤵
  PID:8752
- C:\Windows\System\kENlLRp.exe
  C:\Windows\System\kENlLRp.exe
  2⤵
  PID:8800
- C:\Windows\System\nUBOxOq.exe
  C:\Windows\System\nUBOxOq.exe
  2⤵
  PID:8548
- C:\Windows\System\mgByQSS.exe
  C:\Windows\System\mgByQSS.exe
  2⤵
  PID:8736
- C:\Windows\System\lrHwISR.exe
  C:\Windows\System\lrHwISR.exe
  2⤵
  PID:8976
- C:\Windows\System\TtyiAUx.exe
  C:\Windows\System\TtyiAUx.exe
  2⤵
  PID:9168
- C:\Windows\System\IQVoBkS.exe
  C:\Windows\System\IQVoBkS.exe
  2⤵
  PID:9192
- C:\Windows\System\ugYvLzZ.exe
  C:\Windows\System\ugYvLzZ.exe
  2⤵
  PID:9100
- C:\Windows\System\BnxmQBo.exe
  C:\Windows\System\BnxmQBo.exe
  2⤵
  PID:8224
- C:\Windows\System\kLhZICp.exe
  C:\Windows\System\kLhZICp.exe
  2⤵
  PID:8700
- C:\Windows\System\GlGzPVc.exe
  C:\Windows\System\GlGzPVc.exe
  2⤵
  PID:8284
- C:\Windows\System\jwUdkBd.exe
  C:\Windows\System\jwUdkBd.exe
  2⤵
  PID:8816
- C:\Windows\System\OJjukvg.exe
  C:\Windows\System\OJjukvg.exe
  2⤵
  PID:8972
- C:\Windows\System\EHSBGCb.exe
  C:\Windows\System\EHSBGCb.exe
  2⤵
  PID:9064
- C:\Windows\System\BFTaiox.exe
  C:\Windows\System\BFTaiox.exe
  2⤵
  PID:9164
- C:\Windows\System\lNHpuhX.exe
  C:\Windows\System\lNHpuhX.exe
  2⤵
  PID:8636
- C:\Windows\System\cThpPOS.exe
  C:\Windows\System\cThpPOS.exe
  2⤵
  PID:8956
- C:\Windows\System\kJXftsQ.exe
  C:\Windows\System\kJXftsQ.exe
  2⤵
  PID:8912
- C:\Windows\System\EOJFgZB.exe
  C:\Windows\System\EOJFgZB.exe
  2⤵
  PID:8672
- C:\Windows\System\iBKNkqT.exe
  C:\Windows\System\iBKNkqT.exe
  2⤵
  PID:9224
- C:\Windows\System\XGgufBn.exe
  C:\Windows\System\XGgufBn.exe
  2⤵
  PID:9244
- C:\Windows\System\NQhjGqs.exe
  C:\Windows\System\NQhjGqs.exe
  2⤵
  PID:9276
- C:\Windows\System\mjlvPVi.exe
  C:\Windows\System\mjlvPVi.exe
  2⤵
  PID:9300
- C:\Windows\System\tyHmfpv.exe
  C:\Windows\System\tyHmfpv.exe
  2⤵
  PID:9320
- C:\Windows\System\RWtUgYC.exe
  C:\Windows\System\RWtUgYC.exe
  2⤵
  PID:9336
- C:\Windows\System\aiXgJZL.exe
  C:\Windows\System\aiXgJZL.exe
  2⤵
  PID:9356
- C:\Windows\System\NnCHatP.exe
  C:\Windows\System\NnCHatP.exe
  2⤵
  PID:9372
- C:\Windows\System\chMnYwE.exe
  C:\Windows\System\chMnYwE.exe
  2⤵
  PID:9388
- C:\Windows\System\PvAsRQG.exe
  C:\Windows\System\PvAsRQG.exe
  2⤵
  PID:9404
- C:\Windows\System\sSLEVrt.exe
  C:\Windows\System\sSLEVrt.exe
  2⤵
  PID:9428
- C:\Windows\System\sRHPEwG.exe
  C:\Windows\System\sRHPEwG.exe
  2⤵
  PID:9448
- C:\Windows\System\abCbnxU.exe
  C:\Windows\System\abCbnxU.exe
  2⤵
  PID:9472
- C:\Windows\System\wRzinFC.exe
  C:\Windows\System\wRzinFC.exe
  2⤵
  PID:9524
- C:\Windows\System\LWArThY.exe
  C:\Windows\System\LWArThY.exe
  2⤵
  PID:9544
- C:\Windows\System\ciwnHDs.exe
  C:\Windows\System\ciwnHDs.exe
  2⤵
  PID:9576
- C:\Windows\System\Bonzjop.exe
  C:\Windows\System\Bonzjop.exe
  2⤵
  PID:9592
- C:\Windows\System\SQopVnG.exe
  C:\Windows\System\SQopVnG.exe
  2⤵
  PID:9612
- C:\Windows\System\UINOffb.exe
  C:\Windows\System\UINOffb.exe
  2⤵
  PID:9632
- C:\Windows\System\QiwGgSO.exe
  C:\Windows\System\QiwGgSO.exe
  2⤵
  PID:9652
- C:\Windows\System\wiCStyh.exe
  C:\Windows\System\wiCStyh.exe
  2⤵
  PID:9672
- C:\Windows\System\jAcdDtV.exe
  C:\Windows\System\jAcdDtV.exe
  2⤵
  PID:9692
- C:\Windows\System\pZFFmgA.exe
  C:\Windows\System\pZFFmgA.exe
  2⤵
  PID:9708
- C:\Windows\System\eDYVIuv.exe
  C:\Windows\System\eDYVIuv.exe
  2⤵
  PID:9724
- C:\Windows\System\YyacaXO.exe
  C:\Windows\System\YyacaXO.exe
  2⤵
  PID:9740
- C:\Windows\System\rhJuFSk.exe
  C:\Windows\System\rhJuFSk.exe
  2⤵
  PID:9764
- C:\Windows\System\trjFMhe.exe
  C:\Windows\System\trjFMhe.exe
  2⤵
  PID:9784
- C:\Windows\System\rHOzSHN.exe
  C:\Windows\System\rHOzSHN.exe
  2⤵
  PID:9800
- C:\Windows\System\FewECGf.exe
  C:\Windows\System\FewECGf.exe
  2⤵
  PID:9816
- C:\Windows\System\jIYBWfl.exe
  C:\Windows\System\jIYBWfl.exe
  2⤵
  PID:9832
- C:\Windows\System\tNCmIRS.exe
  C:\Windows\System\tNCmIRS.exe
  2⤵
  PID:9872
- C:\Windows\System\DSCgNwb.exe
  C:\Windows\System\DSCgNwb.exe
  2⤵
  PID:9896
- C:\Windows\System\BhleuIx.exe
  C:\Windows\System\BhleuIx.exe
  2⤵
  PID:9912
- C:\Windows\System\jJmnHvY.exe
  C:\Windows\System\jJmnHvY.exe
  2⤵
  PID:9928
- C:\Windows\System\fXRIqta.exe
  C:\Windows\System\fXRIqta.exe
  2⤵
  PID:9948
- C:\Windows\System\tEJfCgJ.exe
  C:\Windows\System\tEJfCgJ.exe
  2⤵
  PID:9964
- C:\Windows\System\vLJMtRO.exe
  C:\Windows\System\vLJMtRO.exe
  2⤵
  PID:9984
- C:\Windows\System\fpuAEOn.exe
  C:\Windows\System\fpuAEOn.exe
  2⤵
  PID:10004
- C:\Windows\System\pTSjMFI.exe
  C:\Windows\System\pTSjMFI.exe
  2⤵
  PID:10024
- C:\Windows\System\CgORQhV.exe
  C:\Windows\System\CgORQhV.exe
  2⤵
  PID:10040
- C:\Windows\System\DspywzL.exe
  C:\Windows\System\DspywzL.exe
  2⤵
  PID:10056
- C:\Windows\System\MlPLbhw.exe
  C:\Windows\System\MlPLbhw.exe
  2⤵
  PID:10076
- C:\Windows\System\XhzRrFd.exe
  C:\Windows\System\XhzRrFd.exe
  2⤵
  PID:10100
- C:\Windows\System\qplRpwS.exe
  C:\Windows\System\qplRpwS.exe
  2⤵
  PID:10120
- C:\Windows\System\TFfoIqP.exe
  C:\Windows\System\TFfoIqP.exe
  2⤵
  PID:10140
- C:\Windows\System\IllGnyj.exe
  C:\Windows\System\IllGnyj.exe
  2⤵
  PID:10160
- C:\Windows\System\tqmSoij.exe
  C:\Windows\System\tqmSoij.exe
  2⤵
  PID:10176
- C:\Windows\System\DPmsNmY.exe
  C:\Windows\System\DPmsNmY.exe
  2⤵
  PID:9240
- C:\Windows\System\JGgtaCs.exe
  C:\Windows\System\JGgtaCs.exe
  2⤵
  PID:9104
- C:\Windows\System\FCxGIjY.exe
  C:\Windows\System\FCxGIjY.exe
  2⤵
  PID:9272
- C:\Windows\System\baVHHUE.exe
  C:\Windows\System\baVHHUE.exe
  2⤵
  PID:9188
- C:\Windows\System\AwrXyxn.exe
  C:\Windows\System\AwrXyxn.exe
  2⤵
  PID:9328
- C:\Windows\System\geywapU.exe
  C:\Windows\System\geywapU.exe
  2⤵
  PID:9384
- C:\Windows\System\vqJABhc.exe
  C:\Windows\System\vqJABhc.exe
  2⤵
  PID:9368
- C:\Windows\System\RzfBiNZ.exe
  C:\Windows\System\RzfBiNZ.exe
  2⤵
  PID:9444
- C:\Windows\System\zjorAvG.exe
  C:\Windows\System\zjorAvG.exe
  2⤵
  PID:9396
- C:\Windows\System\qzIUyrg.exe
  C:\Windows\System\qzIUyrg.exe
  2⤵
  PID:9496
- C:\Windows\System\lDZucbR.exe
  C:\Windows\System\lDZucbR.exe
  2⤵
  PID:9564
- C:\Windows\System\KZdNMFZ.exe
  C:\Windows\System\KZdNMFZ.exe
  2⤵
  PID:9624
- C:\Windows\System\BoEJzTE.exe
  C:\Windows\System\BoEJzTE.exe
  2⤵
  PID:9660
- C:\Windows\System\wqnpxpy.exe
  C:\Windows\System\wqnpxpy.exe
  2⤵
  PID:9732
- C:\Windows\System\eJJiZgk.exe
  C:\Windows\System\eJJiZgk.exe
  2⤵
  PID:9680
- C:\Windows\System\vEmqBhp.exe
  C:\Windows\System\vEmqBhp.exe
  2⤵
  PID:9760
- C:\Windows\System\bYDbGyN.exe
  C:\Windows\System\bYDbGyN.exe
  2⤵
  PID:9828
- C:\Windows\System\eOqqnlZ.exe
  C:\Windows\System\eOqqnlZ.exe
  2⤵
  PID:9920
- C:\Windows\System\VfncOnz.exe
  C:\Windows\System\VfncOnz.exe
  2⤵
  PID:9992
- C:\Windows\System\iPosWOM.exe
  C:\Windows\System\iPosWOM.exe
  2⤵
  PID:9976
- C:\Windows\System\OiyjccD.exe
  C:\Windows\System\OiyjccD.exe
  2⤵
  PID:10068
- C:\Windows\System\iHzERMN.exe
  C:\Windows\System\iHzERMN.exe
  2⤵
  PID:9808
- C:\Windows\System\hDzlBlZ.exe
  C:\Windows\System\hDzlBlZ.exe
  2⤵
  PID:9848
- C:\Windows\System\VytTtvR.exe
  C:\Windows\System\VytTtvR.exe
  2⤵
  PID:10116
- C:\Windows\System\aqZqcgS.exe
  C:\Windows\System\aqZqcgS.exe
  2⤵
  PID:9864
- C:\Windows\System\pNJhhSC.exe
  C:\Windows\System\pNJhhSC.exe
  2⤵
  PID:10136
- C:\Windows\System\JAZaACG.exe
  C:\Windows\System\JAZaACG.exe
  2⤵
  PID:9980
- C:\Windows\System\SsNzrpD.exe
  C:\Windows\System\SsNzrpD.exe
  2⤵
  PID:9904
- C:\Windows\System\oxsOVcI.exe
  C:\Windows\System\oxsOVcI.exe
  2⤵
  PID:10156
- C:\Windows\System\hoRFirK.exe
  C:\Windows\System\hoRFirK.exe
  2⤵
  PID:10220
- C:\Windows\System\SFiJZpg.exe
  C:\Windows\System\SFiJZpg.exe
  2⤵
  PID:9288
- C:\Windows\System\rbnIsjF.exe
  C:\Windows\System\rbnIsjF.exe
  2⤵
  PID:9460
- C:\Windows\System\ukZQCnb.exe
  C:\Windows\System\ukZQCnb.exe
  2⤵
  PID:9264
- C:\Windows\System\dmxkaTy.exe
  C:\Windows\System\dmxkaTy.exe
  2⤵
  PID:9488
- C:\Windows\System\RRKeBvG.exe
  C:\Windows\System\RRKeBvG.exe
  2⤵
  PID:9456
- C:\Windows\System\TqmJCla.exe
  C:\Windows\System\TqmJCla.exe
  2⤵
  PID:9540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CjjzxFg.exe

Filesize
6.0MB

MD5
f6994181b3e73dbf322c7f1f2033a302

SHA1
f6df5179060ef10eae2869adb760f35b0505e986

SHA256
fa40f49b76ad0e77c0d11f2e252ccb4d565bf27046c65ef4bc01488271dabcc9

SHA512
7834ab82cbce8c447c973e92d8226763d9ed64d867c8f75b65921f196b8cb822bee2e919d665ffa0fb843da6f42ceb47a83e19c9c25d3e5a88f5567de37de10d

Download Submit
C:\Windows\system\FcTXZdH.exe

Filesize
6.0MB

MD5
f39c2c130574e78da06d8ebd78fdfdac

SHA1
43fe173156569a501b814999723038dcbeb8a83c

SHA256
a5197d56e305aa8bb2831646e428c17ef3806a247ab0e57f027535f86ff95990

SHA512
59a80ebc930ffc652293b22f4b25baabcc866d1ac7e9fc35feaa1bbb2f992620755ae92841dbeec385b2ead037f64c80b6f75e720fb0faa407e13b24be9c2fb3

Download Submit
C:\Windows\system\FfMMpHP.exe

Filesize
6.0MB

MD5
b070d39c3ea2ed583f915c5be1544d46

SHA1
0e52c321ddae26d1bf5bb4e17febea366cfaeb37

SHA256
99195f7c46ff2cd435d37f7568324fdcca180959decea3ae9923f191d0e9ff29

SHA512
5f90217208230bc88bd960af559c3d18ac241a71c051760d249de79ba47edfa4658d96ea246782208b3036b36482c21ce4b9f517637dcc0725056a5be76450db

Download Submit
C:\Windows\system\GIGrFDH.exe

Filesize
6.0MB

MD5
a67a48a4ef5a8aa9c5cd3a87f4cac582

SHA1
af9d551501d2906ab87b938a7f912e24dcdc7362

SHA256
1cbdbbeb1b05a6c7ee8f04e357c9c61f7b3194cda6a77e46e42dbb5e88653faf

SHA512
55053af8b78e61fa1f72cb5bdc9964b23d0312737e14e38e6817142a602f30ddb951771b2cbaddba82f264a78e0964cac940bb36f26ee93513d8d1e688ddea62

Download Submit
C:\Windows\system\IrQBKOs.exe

Filesize
6.0MB

MD5
ea720427a1aedf1569a741bb5d06a66f

SHA1
18137dc92c0f4ee256f37e2a26f559c62731b963

SHA256
6e5d2bf0cfc58704ecceebb50f6ba808d852fd3f83c635b74f047976c60847ec

SHA512
e4c4f484a1aa334517ea900daed03f3400c32edfe233c7345d5e75613368d82124b6704a37db2627e23978302cd81ac0cdcff7db50596793efa78adae4ac8f49

Download Submit
C:\Windows\system\JNXTALt.exe

Filesize
6.0MB

MD5
e4aabc223773ba31742e6fe19ea1237a

SHA1
38a265c2ae41a3bc64dce39dc59f29bb4f588d88

SHA256
eec7caa713411d3b46f1ee8540c9f191daab16e8f48cd6a98fdd552616b07f28

SHA512
cbedb06b272ff21519755ae6db19d28c14ae82f44a9beefb0be04febee9314259139dd3d38e256b892ddf012c29d436baca1a0f2e42331032a730f62b06d027c

Download Submit
C:\Windows\system\McMqBvC.exe

Filesize
6.0MB

MD5
6a2e69c62624128dbb26320ac7f0e609

SHA1
4017b8107dcb5fdf43f35710752f451a5dc479bd

SHA256
f4a4ceeda3b848620ce06e83807ef5a18697fdea8cbc091b56405aed5a401ffb

SHA512
a4df6381028387f33c2046597125ee48617f2557b33758a23b412cb17dfc2601dc070160adf8462daf90809b8b0b4b5d5216add5ff44c7411bfacf6dda604e10

Download Submit
C:\Windows\system\OKXJznp.exe

Filesize
6.0MB

MD5
e57c192040ca45bcc902515587e80b6c

SHA1
c331d4c5013169664a1bbff72a6610264718b69f

SHA256
179efb2a9e6488441cd7713e0ca1d4da086c3d0b5339782d06676e7369062fa6

SHA512
ba7e0164567812770513e0b282371a6bc6c01a0f77f1216454e241bdfaaa77348298765890f6683ce40337cc19692ae4dcccc921725f29df7be6111c33c533e4

Download Submit
C:\Windows\system\PTJiUXC.exe

Filesize
6.0MB

MD5
d5645427cd758e55ea5c87e99bceb6db

SHA1
04bc96e65ee840d03e1f46c337325b3e3a456d49

SHA256
d2e87ec290877a75867e41f146312a1535df7206843e5f0616526ff58f3074fe

SHA512
3d533f178e3a6844758a981b88fc9e1e656954a46fbe26a913ad293cd2a1e9c37c4a394b4e54a2579880788c218e3ebf12708db701c3f00e9fff1590f0955ae1

Download Submit
C:\Windows\system\QzARBXG.exe

Filesize
6.0MB

MD5
23f262e984647e10e7c96a40ed6bbd94

SHA1
f94cd2ff577568fd86f3e2682b155860f8efc873

SHA256
d9230a86afc9db7c240aa978b9176dd00582f81a93bb0332cc28ca731b9caf07

SHA512
db54f2e0e11fe54afce90f57cafac4f87f5fff6af38bfb3e910dd9af70f43560a3306cb12b16089fcd75138aa16e02af757208a876420b8a76e4e9de019b6e9e

Download Submit
C:\Windows\system\RCxFmJD.exe

Filesize
6.0MB

MD5
6dfcd3d826098b3c419ac5ecf476a091

SHA1
734865b4381bce0980a6f2664ef225d03a94bee6

SHA256
4cd9cb8a8d84f2189b76c92c7dfede2861a922320a0382b146383ce545a1ae20

SHA512
d957adf338085f1f75aa46ed160a4e6c76e4cedb7dc673c506bd2caaeb7a1538b14ae6e1b46f6d532b2bb00935ee38acd8d0be47b2f8dfbd4e27e6585d1d87cc

Download Submit
C:\Windows\system\SSKcxWS.exe

Filesize
6.0MB

MD5
ffd3bbc22ef8c1dd114dedad1a9d623f

SHA1
42bff6f9bbd5d5e00b7025b2e9a9639ee1bb77cc

SHA256
8df22a69f8b1a50fb7b740208f48110aa8e1ae0c22cd198f46d98f300e060017

SHA512
1709e6c2fa7b4eabd22d481652051fea97d820083111c263edc07839194554947a441fd9ff63b63f734503b29db943d60e4f040613e5e641c9e44e9ec45e3340

Download Submit
C:\Windows\system\WMqlUND.exe

Filesize
6.0MB

MD5
01bcb460ec83532456901a76556dffe1

SHA1
99706d9119fff537d200a35bdec1cf283ca8250a

SHA256
a485bed5f2b48a177da461430891c3058afc255f48a411f7b34fe358c9b9a29b

SHA512
023f6e16eb389bfda1d990666a1217c1d3e18c2db3f0146de57281b6176646a5d3e256db35a07990aa939f17d86f00be3aa768ae971bb76369dee3aef5dc4e54

Download Submit
C:\Windows\system\WTiTxTW.exe

Filesize
6.0MB

MD5
20cee937bf4fbf39647c0e8425538f10

SHA1
d0a90693b10808f9112b804a150920072e2c77d4

SHA256
5e41f8cc35eb0869c9d9e7a308352c73b484a86b1bed29eea32a783615b3e20c

SHA512
51efb4b80f2e898c9a73f6f45ebc845bbe208e7854e0bbb6b307a0d3edb5bcf451949b65280f197e6ef61f901ec407c7c67c241a59299845f5abec4788251ba9

Download Submit
C:\Windows\system\agPcUOm.exe

Filesize
6.0MB

MD5
42ea5d6a91df7a3a261099ec7fff76eb

SHA1
f19988c3c4ffd79a5eead36b856f75d682db512d

SHA256
9535aea8a83327fc924f81f15c2c6c5afa8d0d815c199149f5b840a5200fbc28

SHA512
cbf7ed9be3ac0f822dfd2cd8b6ddbe53ffc3d874c5213695f22ccc1a725c87c68d9705afc12ea2e1a73ac3817a140f3188cd3458504ed6d84d2b92ae7feb1d2d

Download Submit
C:\Windows\system\cOStHoG.exe

Filesize
6.0MB

MD5
94cf7a40b6882b36b8d5a3a7c085154a

SHA1
2ee8ffc68f6eda07a7b84248da3d11ac2f22bd45

SHA256
b86adc8b666b8898ab7f6d9c406fe664029b9ecb1e81ee914c21933dbe0e16d0

SHA512
a7347df54abde6a3260317dae5112321a7a02dbd5fa8a5464d0ced4cb4bcc92b7f9ec0cfffd211398dba5d5bf96e5cf92b15410124dc4da3eef99d12a1540963

Download Submit
C:\Windows\system\eedOWcO.exe

Filesize
6.0MB

MD5
5cc1b19ef73b4d914cadb530658027b3

SHA1
6ec3f51002230132ae624258dc5b38e871324a78

SHA256
e4f91476190886a5efe8da02a69ec47a8ca1e985760222844db567067678238b

SHA512
b1cf52d082d52f7c4bd00b43e6374f16c6dd76036717e85ff6645672ab8e065ad2dc82bd642c7a8fa74e9fe736b6406e94a1b30c6ccda254d49be384d1de17c8

Download Submit
C:\Windows\system\gVArsBy.exe

Filesize
6.0MB

MD5
3c8216d04d2ffb9ebea0c3e0caf193d6

SHA1
765e34fff350bb5c7036bbf29e3c8a3a77f78f1e

SHA256
dea8e76df1d1a1a84a6d52aa1ad43d772e54459838700f11513596fcb6d33e18

SHA512
6071a761ae95097bb0dd6df3d823cd33197ae3b1ae495a359f3595efb8605e9a8b3d26768df4523c923c39c740f55e317a018d4b283dbbc55eff2232f1efa33d

Download Submit
C:\Windows\system\hRgEMld.exe

Filesize
6.0MB

MD5
84cce826d6e7e723e4aeba172045b23e

SHA1
b352987fc0d18e1362c290b92d443f60818e8020

SHA256
ffd0242e5ca1d68af5dd43ef363aa07857d7f3939ae3dfc5c3eb144e30af0b3e

SHA512
d36c04d6ba9eeb7bc875ae73352d5ab6180fe86d7e89e3e4971ad079bc661d32543c314394b6693f93de23508fffcdc34a8d3f83af954f1684a5beacb805c1b7

Download Submit
C:\Windows\system\mgklmSs.exe

Filesize
6.0MB

MD5
8f0fffc36138a30dd22ea95e53ae5aa3

SHA1
cec7575dced8bfb92c83de0d3d49d5011bfb35a8

SHA256
d710c05623ac9e35a79bad85384bc28207492cf9136aae16c6c64eeeb8bb220a

SHA512
9493d02c1c88c20d98e73297174cfa769c0a6f61b3495b4b61869605ad1a6a0f452a3e29b2d340e0a57b64a19f176809fe244442476da346f5b8412699e167fd

Download Submit
C:\Windows\system\nJgTbZg.exe

Filesize
6.0MB

MD5
66ed6fa39107c30eb1ee5ea6531bd3f0

SHA1
0b5daf7b0f56d075ac08b952766d5c7f4c7d5b9d

SHA256
a073d0f835901103ebed038988f4734ce557c3fb82769637773187e50991a67c

SHA512
2c18e08c8bc8b03bbbf6c7074e5232a88208b96199fae718fe042c2a1fee0915e03c595b92d003c159886c3cd75d3b43adfe23c7ed64aed52332419373d2e628

Download Submit
\Windows\system\CpZESzo.exe

Filesize
6.0MB

MD5
5acdb4e45ad7b62710689c68dc567b28

SHA1
aff779cb8531c9d097062cad9845a0e56d36ffa4

SHA256
8ee32022b30c9775e5b256ea317311c7f4d38cf00bca362f3fbe7b4b4aeb182d

SHA512
b3ace5af3ee293722025764bffb63e77d9fc812558a48123eb5cb06adeae7a55ef2f44343d4ff6db128e8a700664abc48189bc82d30945b2ac9d48ffd608f815

Download Submit
\Windows\system\FwCqupL.exe

Filesize
6.0MB

MD5
73988c20fd9a599a5cd0b33df5357abd

SHA1
d8438c021f516dab477c75c548d0ee44acede7c0

SHA256
39862d6b9318d7be3f34719ff87d60a81b1fa0f827c820415e6d2134be332c77

SHA512
6c53f11a4e52eec42ce803391b7483864d0d13d89424afe37f36e47bd7b7dccd9f1540380e713c602d9b34868430c7901275296870afe4117b10a5daf1878959

Download Submit
\Windows\system\HiSWqOL.exe

Filesize
6.0MB

MD5
e8fe973e24d68ab9ac069335a6aaf043

SHA1
5c8e79bea378e2ecb2c72dae0d53f46b7925c03b

SHA256
ea1fd80101115c450cd1b9e7e6f31755d2010490d1cff31b8629a8286557975f

SHA512
7a7a4a1e9596492b6e03524fbe193f8ddb04b489dd2a12513ce53709d3261b9c601864e19b0805564440ba7ca26362972a85f891779e961db2512ee753fb1f42

Download Submit
\Windows\system\IUCwGNn.exe

Filesize
6.0MB

MD5
8d0211a041355efcdb08759f650ff73d

SHA1
13c3677dc881776b17768839111f16cee5dc2884

SHA256
899d2b1e71c1c88fbe4241ae064a52f3b22eb9f78deeddf367397c234b4d7931

SHA512
49f4d9100ce03ff1b884e9db6ed08b4f1721dafe23b2ed0ec229134e65e1799a9ff58bf9081de6257b6e068b7f2dbc749ad9f697ef55ee8aa59fa9056fd4fac0

Download Submit
\Windows\system\LXHRqlK.exe

Filesize
6.0MB

MD5
3c27b7b0fbe99ad4fdf0e12727c91f34

SHA1
7000bcc158b21077ab10dfe33253e52722871ce4

SHA256
4668c1aa43b772fa0d7527fd091507ce4cf0699ca7aafec371193e69a7b4d339

SHA512
21958cd61bb7e1ad2828ece3ae63ed80004bd28e1398b62de09bc4a976b26287b9d057acf43bf6f2cc7d2720ea3763ef2f78dcb4222feb1bbb0c51699863629a

Download Submit
\Windows\system\OLvvYls.exe

Filesize
6.0MB

MD5
7dad4fcf41e60f60cfe18b309fc4dbe0

SHA1
8c47c695411663e8c5782a2716e1430683276471

SHA256
beedb024e726870bf5275400ceff2acd1e49304d7f525de7d3bae60188fb0b93

SHA512
e1c6ca1e8e074797b5a0e5bf80256518b0f70a4d71957081e2cdd8ca2922f5df61ab56b07d8f3a4b1e412f8b260b63e31c768706cab050763ca0c80841b511da

Download Submit
\Windows\system\QQmlLUM.exe

Filesize
6.0MB

MD5
8e4c93e7c85c5c8529d831f923cb229c

SHA1
3c9690c81126e59e7b74e7d173ca0426d447874a

SHA256
4afc5808ffd47a8b8851c8351c3f1af492dbe1bff5477db98a59dd0c4973210a

SHA512
ef0d1c6781705e4677b8b22771d584805ea07209e033bcaeb64bd135235477bfb5937576af47faa5c54bb7555db3929f10c482ab925f0ed11bff8b6dfb3e3d71

Download Submit
\Windows\system\hSiMjXC.exe

Filesize
6.0MB

MD5
e5efe7a18359c0a23d6362fcd2d3cfc1

SHA1
977280b508aa4d3261b7b0853a6d60ce2d337efc

SHA256
7098389d50650202c11ad915eec5c22ad24f714268a0c94cc6ab4dcc43287a1f

SHA512
eec478460e52be98b8804f67e9662f972ac0c074aa534a70ee2468142c5cd9c828641a9141e949fae8aa2edf5c6d3664967214c884532ed6b9186d349f971e7c

Download Submit
\Windows\system\hUNiZht.exe

Filesize
6.0MB

MD5
7d3a62ab4bea7fb0dda4cc06da178d57

SHA1
96bb9233c3cf4a11ab1fcce335b1f84e5e56f742

SHA256
78b8192f6f5ef78476e731d0cfecdc95869401b1b26b0a14852fb9819073ac31

SHA512
b80b06077d83f71058e12591c83d217f56986f23420be9db47873019455728319b9f54bbbba7d707b856cf1e14cd6630a4ef93a7a1dd77e968adef24f527e371

Download Submit
\Windows\system\iPhViDs.exe

Filesize
6.0MB

MD5
7f3217cbc5a874ae6b052fbe8cf6f89b

SHA1
1e8d08ebd3ff1be32f561be4110518262a28174d

SHA256
7b012fb63e35bca0c04a62c05ebf0063783e6a5c0889b0cd3c64f1cd067598b4

SHA512
c14881a7d2b361e7164cdd950dedb79bc26086341c512de16139d52de0bcacb25e3b01dd7e447981c241c5ca310fdd0536e87d98283bb240b68047be435296b3

Download Submit
\Windows\system\pDofEyu.exe

Filesize
6.0MB

MD5
843f2375c1fa8268cdd04ac10e0f5e27

SHA1
058ed72120945edef38e622d93b3f5404ee74cd2

SHA256
c8a9a17dc246ad63163209ab8db1dfc057c95aec8bacb7e95e75f1b50438cf1b

SHA512
e2206d80f23bfdd771e8483884bf883409c8bd8fd4dca2519b1d143588dfb4ea92f2e48bf326cb465cec81462d7683211125156a1c9f50501786fe6f575ae52d

Download Submit
\Windows\system\sufIAqw.exe

Filesize
6.0MB

MD5
4da6b6f104fadb3fb1d549118d7e97bc

SHA1
11336398152212e608809368f39ed94775e7bfeb

SHA256
5de21b10cbc10d1aa89b32fbc14dd7174d52696c00d4ea101c3014ffd1997bf3

SHA512
ccbe40b449e2013a7f98805b32cebcbacf713464188455f94b8e7cbc6d8b6bc68880362c3d5c9d8198fa9bf194b3972fce9ea821b7e638df18296f87c62d870c

Download Submit
\Windows\system\wPUrhdX.exe

Filesize
6.0MB

MD5
8dd64af0512dfccb69572c3194332ae7

SHA1
682a255ddc1bf27a5062d5f4bf2cb49d373114f0

SHA256
b355c596f772d9b561c1f2f07ed07e19eb9276e7a67f76be9e489a3f7cbb0230

SHA512
03c4e215a654c798fd2e20139755c0a6cd7a85897af61adbf63cf2fab70ab38958b7490984c2a64661e40a42748aa4fbc2e8f8237111ca15b45ff3e3d9eb6559

Download Submit
memory/944-102-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/944-4022-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/1168-777-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1168-96-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1168-4021-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1496-109-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1496-4020-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2412-73-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-4019-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2508-65-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2508-28-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2516-4017-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-57-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-72-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2536-35-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2536-4014-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2608-18-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2608-4013-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2612-4016-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-50-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-20-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2668-4018-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-63-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-367-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-48-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2688-4015-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2692-25-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2692-37-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-1156-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2692-0-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2692-776-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-370-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-9-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2692-26-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-49-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2692-104-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2692-98-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-56-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-132-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-70-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-61-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-30-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2692-97-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2692-105-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2756-103-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2756-4023-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2796-4006-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-21-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download