cobaltstrike | 065758a25ae87af863a5eb3b420e54c8c359ba0a25bcea1f3d5e213d1ff45c71

Analysis

max time kernel
124s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-11-2024 07:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

f2095b56dd33f6758d53ad37a62fd031
SHA1

f88818750fadf3b1472f04f56d4645bec4e8a20c
SHA256

065758a25ae87af863a5eb3b420e54c8c359ba0a25bcea1f3d5e213d1ff45c71
SHA512

135e1d9b7df25c82568d52f0a88b93fa5798c49e5fcc76e0c40f3617ae7c6af45a33c747ed98455816f5415b9e43e5c4965b9ecacb7a6a32d51e44925a143c85
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU2:T+q56utgpPF8u/72

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x000700000001211a-6.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001706d-12.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173da-19.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173f1-23.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173f4-31.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-45.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191d4-42.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-61.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936b-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946e-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944d-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ae-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019423-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946b-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019442-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019356-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-71.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-66.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-48.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-54.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173fc-37.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ea4-11.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 52 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2080-0-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x000700000001211a-6.dat	xmrig
behavioral1/files/0x000800000001706d-12.dat	xmrig
behavioral1/memory/2764-16-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x00070000000173da-19.dat	xmrig
behavioral1/files/0x00070000000173f1-23.dat	xmrig
behavioral1/files/0x00070000000173f4-31.dat	xmrig
behavioral1/files/0x00050000000191ff-45.dat	xmrig
behavioral1/files/0x00070000000191d4-42.dat	xmrig
behavioral1/files/0x0005000000019256-61.dat	xmrig
behavioral1/files/0x0005000000019284-81.dat	xmrig
behavioral1/files/0x0005000000019353-91.dat	xmrig
behavioral1/files/0x000500000001936b-101.dat	xmrig
behavioral1/files/0x0005000000019438-139.dat	xmrig
behavioral1/files/0x000500000001946e-158.dat	xmrig
behavioral1/memory/2776-1903-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x000500000001945c-152.dat	xmrig
behavioral1/files/0x000500000001944d-142.dat	xmrig
behavioral1/files/0x00050000000194ae-162.dat	xmrig
behavioral1/files/0x0005000000019423-130.dat	xmrig
behavioral1/files/0x000500000001946b-155.dat	xmrig
behavioral1/files/0x0005000000019458-145.dat	xmrig
behavioral1/files/0x0005000000019442-133.dat	xmrig
behavioral1/files/0x0005000000019397-111.dat	xmrig
behavioral1/files/0x0005000000019426-123.dat	xmrig
behavioral1/files/0x00050000000193a5-115.dat	xmrig
behavioral1/files/0x000500000001937b-106.dat	xmrig
behavioral1/files/0x0005000000019356-96.dat	xmrig
behavioral1/files/0x000500000001928c-86.dat	xmrig
behavioral1/files/0x0005000000019266-75.dat	xmrig
behavioral1/files/0x0005000000019263-71.dat	xmrig
behavioral1/files/0x0005000000019259-66.dat	xmrig
behavioral1/files/0x000500000001922c-48.dat	xmrig
behavioral1/files/0x0005000000019244-54.dat	xmrig
behavioral1/files/0x00070000000173fc-37.dat	xmrig
behavioral1/files/0x0008000000016ea4-11.dat	xmrig
behavioral1/memory/2672-1998-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2964-2140-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2828-2243-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2836-2315-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2080-2318-0x00000000021B0000-0x0000000002504000-memory.dmp	xmrig
behavioral1/memory/2824-2351-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2080-2986-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2764-3045-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2080-3090-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2776-3146-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2764-3149-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2964-3170-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2836-3168-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2828-3153-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2672-3152-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2824-3157-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

mbDAitZ.exeEOTpIOq.exeVAcGqPq.exeaETmxIy.exewXHZdhg.exeRjQUYfC.exeisPAIGA.exeIShebZN.exeVGlTRZC.exewrPPNFy.exeoMUfBBq.exejOBgaKc.exeicdFywF.exepypSHvn.exeBVlReYj.exeGQFpoWF.exeuKXDKrg.exeLIYEURY.exeBjADoXp.exevPsfEMr.exepftvnJe.exeRPqHbsE.exeFNllpZX.exevZNgwaC.exeiXJEAbW.exeVGNBpPe.exenFlMECy.exetUnJGqr.exexDtmeVR.exeRqfmMmF.exeHzGEogh.exePOShBAc.exeaJMTHWo.exeoIoCsjN.exeHwKuyop.exehCejYgF.exeONXXHlR.exeiaLAljI.exeSyzvGpB.exemLWpHYF.exeKHFQSMv.exeNjNkLyZ.exeMIpayQM.exeEGzeYQs.exeJCEGLTd.exengtxwvX.exegGWreQs.exeTWQrmuB.exeMlJTRAY.exeEeiSFSg.exeGpVcjjm.exedPvpbBc.exeOnoZDzy.exeYxITlEy.exebIIqZYM.exedmMWvev.exeKtheekK.exeTOMWNOB.exeBxFhUGV.exevkBLYed.exegPEbTsv.exeteHseSG.exeDbKOtZX.exeTOirwSh.exe

pid	Process
2764	mbDAitZ.exe
2776	EOTpIOq.exe
2672	VAcGqPq.exe
2964	aETmxIy.exe
2828	wXHZdhg.exe
2836	RjQUYfC.exe
2824	isPAIGA.exe
2636	IShebZN.exe
2236	VGlTRZC.exe
2440	wrPPNFy.exe
2000	oMUfBBq.exe
1432	jOBgaKc.exe
628	icdFywF.exe
2912	pypSHvn.exe
2888	BVlReYj.exe
328	GQFpoWF.exe
2448	uKXDKrg.exe
1620	LIYEURY.exe
1284	BjADoXp.exe
1732	vPsfEMr.exe
2620	pftvnJe.exe
2600	RPqHbsE.exe
2116	FNllpZX.exe
532	vZNgwaC.exe
1252	iXJEAbW.exe
1032	VGNBpPe.exe
584	nFlMECy.exe
2172	tUnJGqr.exe
2332	xDtmeVR.exe
1936	RqfmMmF.exe
2348	HzGEogh.exe
2024	POShBAc.exe
2088	aJMTHWo.exe
2412	oIoCsjN.exe
1612	HwKuyop.exe
1336	hCejYgF.exe
2960	ONXXHlR.exe
1852	iaLAljI.exe
560	SyzvGpB.exe
1764	mLWpHYF.exe
1752	KHFQSMv.exe
1340	NjNkLyZ.exe
1084	MIpayQM.exe
1980	EGzeYQs.exe
1492	JCEGLTd.exe
2124	ngtxwvX.exe
2936	gGWreQs.exe
2464	TWQrmuB.exe
2268	MlJTRAY.exe
2404	EeiSFSg.exe
3012	GpVcjjm.exe
1012	dPvpbBc.exe
1736	OnoZDzy.exe
2452	YxITlEy.exe
2492	bIIqZYM.exe
3032	dmMWvev.exe
1028	KtheekK.exe
1596	TOMWNOB.exe
3020	BxFhUGV.exe
1568	vkBLYed.exe
2704	gPEbTsv.exe
2780	teHseSG.exe
2696	DbKOtZX.exe
2756	TOirwSh.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 50 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2080-0-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x000700000001211a-6.dat	upx
behavioral1/files/0x000800000001706d-12.dat	upx
behavioral1/memory/2764-16-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x00070000000173da-19.dat	upx
behavioral1/files/0x00070000000173f1-23.dat	upx
behavioral1/files/0x00070000000173f4-31.dat	upx
behavioral1/files/0x00050000000191ff-45.dat	upx
behavioral1/files/0x00070000000191d4-42.dat	upx
behavioral1/files/0x0005000000019256-61.dat	upx
behavioral1/files/0x0005000000019284-81.dat	upx
behavioral1/files/0x0005000000019353-91.dat	upx
behavioral1/files/0x000500000001936b-101.dat	upx
behavioral1/files/0x0005000000019438-139.dat	upx
behavioral1/files/0x000500000001946e-158.dat	upx
behavioral1/memory/2776-1903-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x000500000001945c-152.dat	upx
behavioral1/files/0x000500000001944d-142.dat	upx
behavioral1/files/0x00050000000194ae-162.dat	upx
behavioral1/files/0x0005000000019423-130.dat	upx
behavioral1/files/0x000500000001946b-155.dat	upx
behavioral1/files/0x0005000000019458-145.dat	upx
behavioral1/files/0x0005000000019442-133.dat	upx
behavioral1/files/0x0005000000019397-111.dat	upx
behavioral1/files/0x0005000000019426-123.dat	upx
behavioral1/files/0x00050000000193a5-115.dat	upx
behavioral1/files/0x000500000001937b-106.dat	upx
behavioral1/files/0x0005000000019356-96.dat	upx
behavioral1/files/0x000500000001928c-86.dat	upx
behavioral1/files/0x0005000000019266-75.dat	upx
behavioral1/files/0x0005000000019263-71.dat	upx
behavioral1/files/0x0005000000019259-66.dat	upx
behavioral1/files/0x000500000001922c-48.dat	upx
behavioral1/files/0x0005000000019244-54.dat	upx
behavioral1/files/0x00070000000173fc-37.dat	upx
behavioral1/files/0x0008000000016ea4-11.dat	upx
behavioral1/memory/2672-1998-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2964-2140-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2828-2243-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2836-2315-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2824-2351-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2080-2986-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2764-3045-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2776-3146-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2764-3149-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2964-3170-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2836-3168-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2828-3153-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2672-3152-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2824-3157-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\gzcNpde.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nzQemxh.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Niibzrm.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PkXJwCK.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LTqfbMV.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLaJhxg.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uDCtLmH.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kufqAwV.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wmrDTTG.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ENBQokr.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\txZVrKz.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VTLQNHe.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DYJarFj.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WohAoFB.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NOqhHzT.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jPqQpLq.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yUPwglK.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VlLxLJJ.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lhlKFRo.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RyNfgxw.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RmycCAD.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TxvZfuI.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CbGCwUJ.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lVecdpo.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iSlaKtw.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WCPtwSv.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RLOruCM.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MJPMBaj.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ypVXxfy.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UgfaSWc.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tSVZoyR.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UDseZzW.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NQklVgG.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lNmdsGq.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\StXBoOd.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOzOeNr.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdwQYlb.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MOUnOwz.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SyzvGpB.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFeNPqP.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iROkDYk.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rjZiIXG.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngVRBWT.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WibUttj.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVulWbI.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMPkAfR.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdlljuk.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jRLnLPc.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wyUhyRl.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\coxsuSu.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VedLfjf.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eOhoMJW.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vxBwhbg.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdqPJlb.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dfScXvT.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QfYIdOD.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lsnAzfn.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VimbymQ.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dWtRPty.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MMsmSEB.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nRxGNLL.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwlCzIV.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aonuRBp.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTfseaM.exe	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 2080 wrote to memory of 2764	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2080 wrote to memory of 2764	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2080 wrote to memory of 2764	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2080 wrote to memory of 2776	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2080 wrote to memory of 2776	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2080 wrote to memory of 2776	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2080 wrote to memory of 2672	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2080 wrote to memory of 2672	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2080 wrote to memory of 2672	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2080 wrote to memory of 2964	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2080 wrote to memory of 2964	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2080 wrote to memory of 2964	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2080 wrote to memory of 2828	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2080 wrote to memory of 2828	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2080 wrote to memory of 2828	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2080 wrote to memory of 2836	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2080 wrote to memory of 2836	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2080 wrote to memory of 2836	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2080 wrote to memory of 2824	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2080 wrote to memory of 2824	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2080 wrote to memory of 2824	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2080 wrote to memory of 2636	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2080 wrote to memory of 2636	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2080 wrote to memory of 2636	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2080 wrote to memory of 2236	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2080 wrote to memory of 2236	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2080 wrote to memory of 2236	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2080 wrote to memory of 2000	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2080 wrote to memory of 2000	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2080 wrote to memory of 2000	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2080 wrote to memory of 2440	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2080 wrote to memory of 2440	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2080 wrote to memory of 2440	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2080 wrote to memory of 1432	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2080 wrote to memory of 1432	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2080 wrote to memory of 1432	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2080 wrote to memory of 628	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2080 wrote to memory of 628	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2080 wrote to memory of 628	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2080 wrote to memory of 2912	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2080 wrote to memory of 2912	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2080 wrote to memory of 2912	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2080 wrote to memory of 2888	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2080 wrote to memory of 2888	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2080 wrote to memory of 2888	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2080 wrote to memory of 328	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2080 wrote to memory of 328	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2080 wrote to memory of 328	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2080 wrote to memory of 2448	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2080 wrote to memory of 2448	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2080 wrote to memory of 2448	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2080 wrote to memory of 1620	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2080 wrote to memory of 1620	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2080 wrote to memory of 1620	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2080 wrote to memory of 1284	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2080 wrote to memory of 1284	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2080 wrote to memory of 1284	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2080 wrote to memory of 1732	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2080 wrote to memory of 1732	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2080 wrote to memory of 1732	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2080 wrote to memory of 2620	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2080 wrote to memory of 2620	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2080 wrote to memory of 2620	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2080 wrote to memory of 2600	2080	2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-24_f2095b56dd33f6758d53ad37a62fd031_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\System\mbDAitZ.exe
  C:\Windows\System\mbDAitZ.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\EOTpIOq.exe
  C:\Windows\System\EOTpIOq.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\VAcGqPq.exe
  C:\Windows\System\VAcGqPq.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\aETmxIy.exe
  C:\Windows\System\aETmxIy.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\wXHZdhg.exe
  C:\Windows\System\wXHZdhg.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\RjQUYfC.exe
  C:\Windows\System\RjQUYfC.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\isPAIGA.exe
  C:\Windows\System\isPAIGA.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\IShebZN.exe
  C:\Windows\System\IShebZN.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\VGlTRZC.exe
  C:\Windows\System\VGlTRZC.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\oMUfBBq.exe
  C:\Windows\System\oMUfBBq.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\wrPPNFy.exe
  C:\Windows\System\wrPPNFy.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\jOBgaKc.exe
  C:\Windows\System\jOBgaKc.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\icdFywF.exe
  C:\Windows\System\icdFywF.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\pypSHvn.exe
  C:\Windows\System\pypSHvn.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\BVlReYj.exe
  C:\Windows\System\BVlReYj.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\GQFpoWF.exe
  C:\Windows\System\GQFpoWF.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\uKXDKrg.exe
  C:\Windows\System\uKXDKrg.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\LIYEURY.exe
  C:\Windows\System\LIYEURY.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\BjADoXp.exe
  C:\Windows\System\BjADoXp.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\vPsfEMr.exe
  C:\Windows\System\vPsfEMr.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\pftvnJe.exe
  C:\Windows\System\pftvnJe.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\RPqHbsE.exe
  C:\Windows\System\RPqHbsE.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\FNllpZX.exe
  C:\Windows\System\FNllpZX.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\iXJEAbW.exe
  C:\Windows\System\iXJEAbW.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\vZNgwaC.exe
  C:\Windows\System\vZNgwaC.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\nFlMECy.exe
  C:\Windows\System\nFlMECy.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\VGNBpPe.exe
  C:\Windows\System\VGNBpPe.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\tUnJGqr.exe
  C:\Windows\System\tUnJGqr.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\xDtmeVR.exe
  C:\Windows\System\xDtmeVR.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\RqfmMmF.exe
  C:\Windows\System\RqfmMmF.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\HzGEogh.exe
  C:\Windows\System\HzGEogh.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\aJMTHWo.exe
  C:\Windows\System\aJMTHWo.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\POShBAc.exe
  C:\Windows\System\POShBAc.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\hCejYgF.exe
  C:\Windows\System\hCejYgF.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\oIoCsjN.exe
  C:\Windows\System\oIoCsjN.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\ONXXHlR.exe
  C:\Windows\System\ONXXHlR.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\HwKuyop.exe
  C:\Windows\System\HwKuyop.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\iaLAljI.exe
  C:\Windows\System\iaLAljI.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\SyzvGpB.exe
  C:\Windows\System\SyzvGpB.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\KHFQSMv.exe
  C:\Windows\System\KHFQSMv.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\mLWpHYF.exe
  C:\Windows\System\mLWpHYF.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\NjNkLyZ.exe
  C:\Windows\System\NjNkLyZ.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\MIpayQM.exe
  C:\Windows\System\MIpayQM.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\EGzeYQs.exe
  C:\Windows\System\EGzeYQs.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\JCEGLTd.exe
  C:\Windows\System\JCEGLTd.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\ngtxwvX.exe
  C:\Windows\System\ngtxwvX.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\gGWreQs.exe
  C:\Windows\System\gGWreQs.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\TWQrmuB.exe
  C:\Windows\System\TWQrmuB.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\MlJTRAY.exe
  C:\Windows\System\MlJTRAY.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\EeiSFSg.exe
  C:\Windows\System\EeiSFSg.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\GpVcjjm.exe
  C:\Windows\System\GpVcjjm.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\OnoZDzy.exe
  C:\Windows\System\OnoZDzy.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\dPvpbBc.exe
  C:\Windows\System\dPvpbBc.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\YxITlEy.exe
  C:\Windows\System\YxITlEy.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\bIIqZYM.exe
  C:\Windows\System\bIIqZYM.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\KtheekK.exe
  C:\Windows\System\KtheekK.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\dmMWvev.exe
  C:\Windows\System\dmMWvev.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\TOMWNOB.exe
  C:\Windows\System\TOMWNOB.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\BxFhUGV.exe
  C:\Windows\System\BxFhUGV.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\vkBLYed.exe
  C:\Windows\System\vkBLYed.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\gPEbTsv.exe
  C:\Windows\System\gPEbTsv.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\teHseSG.exe
  C:\Windows\System\teHseSG.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\DbKOtZX.exe
  C:\Windows\System\DbKOtZX.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\TOirwSh.exe
  C:\Windows\System\TOirwSh.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\ttItqvV.exe
  C:\Windows\System\ttItqvV.exe
  2⤵
  PID:2820
- C:\Windows\System\tSNBima.exe
  C:\Windows\System\tSNBima.exe
  2⤵
  PID:672
- C:\Windows\System\SkBDkKT.exe
  C:\Windows\System\SkBDkKT.exe
  2⤵
  PID:1808
- C:\Windows\System\qQeYiWY.exe
  C:\Windows\System\qQeYiWY.exe
  2⤵
  PID:316
- C:\Windows\System\QEZYGad.exe
  C:\Windows\System\QEZYGad.exe
  2⤵
  PID:1720
- C:\Windows\System\opExlKu.exe
  C:\Windows\System\opExlKu.exe
  2⤵
  PID:2860
- C:\Windows\System\VpJpzKq.exe
  C:\Windows\System\VpJpzKq.exe
  2⤵
  PID:572
- C:\Windows\System\WNYlPsk.exe
  C:\Windows\System\WNYlPsk.exe
  2⤵
  PID:1380
- C:\Windows\System\OlDounq.exe
  C:\Windows\System\OlDounq.exe
  2⤵
  PID:108
- C:\Windows\System\CkUTfjJ.exe
  C:\Windows\System\CkUTfjJ.exe
  2⤵
  PID:1132
- C:\Windows\System\WrCJbCi.exe
  C:\Windows\System\WrCJbCi.exe
  2⤵
  PID:2856
- C:\Windows\System\dsCzAgz.exe
  C:\Windows\System\dsCzAgz.exe
  2⤵
  PID:2196
- C:\Windows\System\qsIcSfZ.exe
  C:\Windows\System\qsIcSfZ.exe
  2⤵
  PID:2364
- C:\Windows\System\hLdylzw.exe
  C:\Windows\System\hLdylzw.exe
  2⤵
  PID:1900
- C:\Windows\System\ItrYwpB.exe
  C:\Windows\System\ItrYwpB.exe
  2⤵
  PID:2512
- C:\Windows\System\gxNLeGG.exe
  C:\Windows\System\gxNLeGG.exe
  2⤵
  PID:288
- C:\Windows\System\dlXStya.exe
  C:\Windows\System\dlXStya.exe
  2⤵
  PID:840
- C:\Windows\System\jhzDtWA.exe
  C:\Windows\System\jhzDtWA.exe
  2⤵
  PID:2164
- C:\Windows\System\PNwAeVo.exe
  C:\Windows\System\PNwAeVo.exe
  2⤵
  PID:2532
- C:\Windows\System\bpJxjUF.exe
  C:\Windows\System\bpJxjUF.exe
  2⤵
  PID:1848
- C:\Windows\System\sIbapLz.exe
  C:\Windows\System\sIbapLz.exe
  2⤵
  PID:2928
- C:\Windows\System\lNyhvvG.exe
  C:\Windows\System\lNyhvvG.exe
  2⤵
  PID:1328
- C:\Windows\System\SXzIkrU.exe
  C:\Windows\System\SXzIkrU.exe
  2⤵
  PID:1968
- C:\Windows\System\saDliLR.exe
  C:\Windows\System\saDliLR.exe
  2⤵
  PID:3000
- C:\Windows\System\qmAkHxN.exe
  C:\Windows\System\qmAkHxN.exe
  2⤵
  PID:1908
- C:\Windows\System\OuILKCn.exe
  C:\Windows\System\OuILKCn.exe
  2⤵
  PID:1240
- C:\Windows\System\UgfaSWc.exe
  C:\Windows\System\UgfaSWc.exe
  2⤵
  PID:1984
- C:\Windows\System\WQULZOe.exe
  C:\Windows\System\WQULZOe.exe
  2⤵
  PID:2460
- C:\Windows\System\tESmgJK.exe
  C:\Windows\System\tESmgJK.exe
  2⤵
  PID:896
- C:\Windows\System\YUcoCcm.exe
  C:\Windows\System\YUcoCcm.exe
  2⤵
  PID:2216
- C:\Windows\System\UPzwiBt.exe
  C:\Windows\System\UPzwiBt.exe
  2⤵
  PID:1628
- C:\Windows\System\iSlaKtw.exe
  C:\Windows\System\iSlaKtw.exe
  2⤵
  PID:1748
- C:\Windows\System\XLALvub.exe
  C:\Windows\System\XLALvub.exe
  2⤵
  PID:2156
- C:\Windows\System\PCZldAL.exe
  C:\Windows\System\PCZldAL.exe
  2⤵
  PID:2724
- C:\Windows\System\ajbMohs.exe
  C:\Windows\System\ajbMohs.exe
  2⤵
  PID:3060
- C:\Windows\System\LvoZxvU.exe
  C:\Windows\System\LvoZxvU.exe
  2⤵
  PID:1576
- C:\Windows\System\DLvBbrE.exe
  C:\Windows\System\DLvBbrE.exe
  2⤵
  PID:2708
- C:\Windows\System\yWsCvkR.exe
  C:\Windows\System\yWsCvkR.exe
  2⤵
  PID:2784
- C:\Windows\System\UTMzgKz.exe
  C:\Windows\System\UTMzgKz.exe
  2⤵
  PID:696
- C:\Windows\System\aBTVkfN.exe
  C:\Windows\System\aBTVkfN.exe
  2⤵
  PID:900
- C:\Windows\System\qjTxpLR.exe
  C:\Windows\System\qjTxpLR.exe
  2⤵
  PID:876
- C:\Windows\System\zQFEaZW.exe
  C:\Windows\System\zQFEaZW.exe
  2⤵
  PID:1704
- C:\Windows\System\KpMEUEa.exe
  C:\Windows\System\KpMEUEa.exe
  2⤵
  PID:2096
- C:\Windows\System\pYTIiAf.exe
  C:\Windows\System\pYTIiAf.exe
  2⤵
  PID:2292
- C:\Windows\System\nalfuyo.exe
  C:\Windows\System\nalfuyo.exe
  2⤵
  PID:1008
- C:\Windows\System\dWRbZds.exe
  C:\Windows\System\dWRbZds.exe
  2⤵
  PID:536
- C:\Windows\System\MMsmSEB.exe
  C:\Windows\System\MMsmSEB.exe
  2⤵
  PID:2808
- C:\Windows\System\gZooRoS.exe
  C:\Windows\System\gZooRoS.exe
  2⤵
  PID:2120
- C:\Windows\System\VimbymQ.exe
  C:\Windows\System\VimbymQ.exe
  2⤵
  PID:968
- C:\Windows\System\CvAvADj.exe
  C:\Windows\System\CvAvADj.exe
  2⤵
  PID:1960
- C:\Windows\System\CvDHLBg.exe
  C:\Windows\System\CvDHLBg.exe
  2⤵
  PID:1000
- C:\Windows\System\yAXjAvu.exe
  C:\Windows\System\yAXjAvu.exe
  2⤵
  PID:2052
- C:\Windows\System\jRBtdVW.exe
  C:\Windows\System\jRBtdVW.exe
  2⤵
  PID:264
- C:\Windows\System\BpBibLy.exe
  C:\Windows\System\BpBibLy.exe
  2⤵
  PID:3076
- C:\Windows\System\ziqcAKJ.exe
  C:\Windows\System\ziqcAKJ.exe
  2⤵
  PID:3096
- C:\Windows\System\VEFMyVE.exe
  C:\Windows\System\VEFMyVE.exe
  2⤵
  PID:3112
- C:\Windows\System\CfpRdXe.exe
  C:\Windows\System\CfpRdXe.exe
  2⤵
  PID:3132
- C:\Windows\System\mtUVYgH.exe
  C:\Windows\System\mtUVYgH.exe
  2⤵
  PID:3148
- C:\Windows\System\nsnapUj.exe
  C:\Windows\System\nsnapUj.exe
  2⤵
  PID:3176
- C:\Windows\System\mcKLSzc.exe
  C:\Windows\System\mcKLSzc.exe
  2⤵
  PID:3196
- C:\Windows\System\WXfBcku.exe
  C:\Windows\System\WXfBcku.exe
  2⤵
  PID:3216
- C:\Windows\System\yUPwglK.exe
  C:\Windows\System\yUPwglK.exe
  2⤵
  PID:3236
- C:\Windows\System\phoalJZ.exe
  C:\Windows\System\phoalJZ.exe
  2⤵
  PID:3256
- C:\Windows\System\zErBUoG.exe
  C:\Windows\System\zErBUoG.exe
  2⤵
  PID:3272
- C:\Windows\System\VFKdKMC.exe
  C:\Windows\System\VFKdKMC.exe
  2⤵
  PID:3288
- C:\Windows\System\QJPiBiY.exe
  C:\Windows\System\QJPiBiY.exe
  2⤵
  PID:3304
- C:\Windows\System\KfdnOBJ.exe
  C:\Windows\System\KfdnOBJ.exe
  2⤵
  PID:3328
- C:\Windows\System\cFwUHLp.exe
  C:\Windows\System\cFwUHLp.exe
  2⤵
  PID:3344
- C:\Windows\System\EUGiQEZ.exe
  C:\Windows\System\EUGiQEZ.exe
  2⤵
  PID:3364
- C:\Windows\System\cCbLdrS.exe
  C:\Windows\System\cCbLdrS.exe
  2⤵
  PID:3388
- C:\Windows\System\SnRIEok.exe
  C:\Windows\System\SnRIEok.exe
  2⤵
  PID:3404
- C:\Windows\System\zuIPwEQ.exe
  C:\Windows\System\zuIPwEQ.exe
  2⤵
  PID:3428
- C:\Windows\System\ENXjfnl.exe
  C:\Windows\System\ENXjfnl.exe
  2⤵
  PID:3444
- C:\Windows\System\DiBzrRj.exe
  C:\Windows\System\DiBzrRj.exe
  2⤵
  PID:3460
- C:\Windows\System\zKBTNgs.exe
  C:\Windows\System\zKBTNgs.exe
  2⤵
  PID:3476
- C:\Windows\System\VjBseaP.exe
  C:\Windows\System\VjBseaP.exe
  2⤵
  PID:3504
- C:\Windows\System\SEjGDqH.exe
  C:\Windows\System\SEjGDqH.exe
  2⤵
  PID:3532
- C:\Windows\System\DkgjKyW.exe
  C:\Windows\System\DkgjKyW.exe
  2⤵
  PID:3560
- C:\Windows\System\lNqTlML.exe
  C:\Windows\System\lNqTlML.exe
  2⤵
  PID:3576
- C:\Windows\System\AdlYNeI.exe
  C:\Windows\System\AdlYNeI.exe
  2⤵
  PID:3596
- C:\Windows\System\yBJCQQt.exe
  C:\Windows\System\yBJCQQt.exe
  2⤵
  PID:3616
- C:\Windows\System\CdrZaXf.exe
  C:\Windows\System\CdrZaXf.exe
  2⤵
  PID:3640
- C:\Windows\System\xzdIIjp.exe
  C:\Windows\System\xzdIIjp.exe
  2⤵
  PID:3660
- C:\Windows\System\MzpQhAK.exe
  C:\Windows\System\MzpQhAK.exe
  2⤵
  PID:3680
- C:\Windows\System\OLhtAQK.exe
  C:\Windows\System\OLhtAQK.exe
  2⤵
  PID:3700
- C:\Windows\System\qeoBXFg.exe
  C:\Windows\System\qeoBXFg.exe
  2⤵
  PID:3716
- C:\Windows\System\VFohjLM.exe
  C:\Windows\System\VFohjLM.exe
  2⤵
  PID:3740
- C:\Windows\System\ZIxBpLb.exe
  C:\Windows\System\ZIxBpLb.exe
  2⤵
  PID:3760
- C:\Windows\System\GXMNgjf.exe
  C:\Windows\System\GXMNgjf.exe
  2⤵
  PID:3776
- C:\Windows\System\vWUmdCi.exe
  C:\Windows\System\vWUmdCi.exe
  2⤵
  PID:3792
- C:\Windows\System\CFVjcnb.exe
  C:\Windows\System\CFVjcnb.exe
  2⤵
  PID:3816
- C:\Windows\System\QUnufJE.exe
  C:\Windows\System\QUnufJE.exe
  2⤵
  PID:3832
- C:\Windows\System\wUbPrRk.exe
  C:\Windows\System\wUbPrRk.exe
  2⤵
  PID:3848
- C:\Windows\System\bHbzgxf.exe
  C:\Windows\System\bHbzgxf.exe
  2⤵
  PID:3868
- C:\Windows\System\ifmBLJe.exe
  C:\Windows\System\ifmBLJe.exe
  2⤵
  PID:3892
- C:\Windows\System\xdmwiei.exe
  C:\Windows\System\xdmwiei.exe
  2⤵
  PID:3912
- C:\Windows\System\fVHzXfu.exe
  C:\Windows\System\fVHzXfu.exe
  2⤵
  PID:3932
- C:\Windows\System\sJRDqlQ.exe
  C:\Windows\System\sJRDqlQ.exe
  2⤵
  PID:3952
- C:\Windows\System\MFdXZpW.exe
  C:\Windows\System\MFdXZpW.exe
  2⤵
  PID:3972
- C:\Windows\System\FurSXnE.exe
  C:\Windows\System\FurSXnE.exe
  2⤵
  PID:3992
- C:\Windows\System\CoJvxvQ.exe
  C:\Windows\System\CoJvxvQ.exe
  2⤵
  PID:4012
- C:\Windows\System\uScBBhn.exe
  C:\Windows\System\uScBBhn.exe
  2⤵
  PID:4032
- C:\Windows\System\XZDwdVQ.exe
  C:\Windows\System\XZDwdVQ.exe
  2⤵
  PID:4052
- C:\Windows\System\FNMhXPp.exe
  C:\Windows\System\FNMhXPp.exe
  2⤵
  PID:4072
- C:\Windows\System\bEqedwU.exe
  C:\Windows\System\bEqedwU.exe
  2⤵
  PID:4092
- C:\Windows\System\noWcbFZ.exe
  C:\Windows\System\noWcbFZ.exe
  2⤵
  PID:2092
- C:\Windows\System\GGTqTAh.exe
  C:\Windows\System\GGTqTAh.exe
  2⤵
  PID:568
- C:\Windows\System\TAJnbSf.exe
  C:\Windows\System\TAJnbSf.exe
  2⤵
  PID:2616
- C:\Windows\System\whdPJmJ.exe
  C:\Windows\System\whdPJmJ.exe
  2⤵
  PID:1564
- C:\Windows\System\JjrbyJe.exe
  C:\Windows\System\JjrbyJe.exe
  2⤵
  PID:2376
- C:\Windows\System\JvZLsPB.exe
  C:\Windows\System\JvZLsPB.exe
  2⤵
  PID:1688
- C:\Windows\System\YKwmMyq.exe
  C:\Windows\System\YKwmMyq.exe
  2⤵
  PID:2240
- C:\Windows\System\SgZgLvd.exe
  C:\Windows\System\SgZgLvd.exe
  2⤵
  PID:464
- C:\Windows\System\vSdajtI.exe
  C:\Windows\System\vSdajtI.exe
  2⤵
  PID:2152
- C:\Windows\System\ZoOZcsc.exe
  C:\Windows\System\ZoOZcsc.exe
  2⤵
  PID:2788
- C:\Windows\System\IxHTISl.exe
  C:\Windows\System\IxHTISl.exe
  2⤵
  PID:1524
- C:\Windows\System\dSwIhdG.exe
  C:\Windows\System\dSwIhdG.exe
  2⤵
  PID:2692
- C:\Windows\System\uhcnpYa.exe
  C:\Windows\System\uhcnpYa.exe
  2⤵
  PID:2996
- C:\Windows\System\YVNvVPC.exe
  C:\Windows\System\YVNvVPC.exe
  2⤵
  PID:3140
- C:\Windows\System\AJZKwGt.exe
  C:\Windows\System\AJZKwGt.exe
  2⤵
  PID:3156
- C:\Windows\System\BhlEaeN.exe
  C:\Windows\System\BhlEaeN.exe
  2⤵
  PID:3172
- C:\Windows\System\TqUXjyf.exe
  C:\Windows\System\TqUXjyf.exe
  2⤵
  PID:3232
- C:\Windows\System\wvdugfo.exe
  C:\Windows\System\wvdugfo.exe
  2⤵
  PID:3296
- C:\Windows\System\DkwdoPz.exe
  C:\Windows\System\DkwdoPz.exe
  2⤵
  PID:3372
- C:\Windows\System\bbhfuhc.exe
  C:\Windows\System\bbhfuhc.exe
  2⤵
  PID:3244
- C:\Windows\System\oHNqxnL.exe
  C:\Windows\System\oHNqxnL.exe
  2⤵
  PID:3284
- C:\Windows\System\nQAobhY.exe
  C:\Windows\System\nQAobhY.exe
  2⤵
  PID:3316
- C:\Windows\System\eJQnZDp.exe
  C:\Windows\System\eJQnZDp.exe
  2⤵
  PID:3496
- C:\Windows\System\JRTpAAv.exe
  C:\Windows\System\JRTpAAv.exe
  2⤵
  PID:3360
- C:\Windows\System\nzZRNYc.exe
  C:\Windows\System\nzZRNYc.exe
  2⤵
  PID:3400
- C:\Windows\System\xkWsGVi.exe
  C:\Windows\System\xkWsGVi.exe
  2⤵
  PID:3548
- C:\Windows\System\jKclqOL.exe
  C:\Windows\System\jKclqOL.exe
  2⤵
  PID:3588
- C:\Windows\System\yawkSOe.exe
  C:\Windows\System\yawkSOe.exe
  2⤵
  PID:3516
- C:\Windows\System\RpTrMju.exe
  C:\Windows\System\RpTrMju.exe
  2⤵
  PID:3668
- C:\Windows\System\XFfUwJB.exe
  C:\Windows\System\XFfUwJB.exe
  2⤵
  PID:3748
- C:\Windows\System\ImkJBks.exe
  C:\Windows\System\ImkJBks.exe
  2⤵
  PID:3604
- C:\Windows\System\baFrfGB.exe
  C:\Windows\System\baFrfGB.exe
  2⤵
  PID:3648
- C:\Windows\System\XjJrAfv.exe
  C:\Windows\System\XjJrAfv.exe
  2⤵
  PID:3652
- C:\Windows\System\bMQNdvQ.exe
  C:\Windows\System\bMQNdvQ.exe
  2⤵
  PID:3908
- C:\Windows\System\NOOWiaz.exe
  C:\Windows\System\NOOWiaz.exe
  2⤵
  PID:3696
- C:\Windows\System\FSBwJij.exe
  C:\Windows\System\FSBwJij.exe
  2⤵
  PID:3948
- C:\Windows\System\BPNBpYM.exe
  C:\Windows\System\BPNBpYM.exe
  2⤵
  PID:3804
- C:\Windows\System\jSoRxae.exe
  C:\Windows\System\jSoRxae.exe
  2⤵
  PID:3988
- C:\Windows\System\YTJZSrN.exe
  C:\Windows\System\YTJZSrN.exe
  2⤵
  PID:3884
- C:\Windows\System\VtNRmAo.exe
  C:\Windows\System\VtNRmAo.exe
  2⤵
  PID:4068
- C:\Windows\System\EUTrYyj.exe
  C:\Windows\System\EUTrYyj.exe
  2⤵
  PID:2208
- C:\Windows\System\KXGtAqE.exe
  C:\Windows\System\KXGtAqE.exe
  2⤵
  PID:2688
- C:\Windows\System\yLCVTCk.exe
  C:\Windows\System\yLCVTCk.exe
  2⤵
  PID:4048
- C:\Windows\System\wNsUMzf.exe
  C:\Windows\System\wNsUMzf.exe
  2⤵
  PID:4000
- C:\Windows\System\JlAjWZS.exe
  C:\Windows\System\JlAjWZS.exe
  2⤵
  PID:2108
- C:\Windows\System\dBzzIBl.exe
  C:\Windows\System\dBzzIBl.exe
  2⤵
  PID:2504
- C:\Windows\System\iJmZZRy.exe
  C:\Windows\System\iJmZZRy.exe
  2⤵
  PID:1672
- C:\Windows\System\slDjxMm.exe
  C:\Windows\System\slDjxMm.exe
  2⤵
  PID:2184
- C:\Windows\System\MhbUiWT.exe
  C:\Windows\System\MhbUiWT.exe
  2⤵
  PID:1600
- C:\Windows\System\LNzHDMl.exe
  C:\Windows\System\LNzHDMl.exe
  2⤵
  PID:2244
- C:\Windows\System\PklaJWP.exe
  C:\Windows\System\PklaJWP.exe
  2⤵
  PID:3004
- C:\Windows\System\fHvfgbx.exe
  C:\Windows\System\fHvfgbx.exe
  2⤵
  PID:3124
- C:\Windows\System\kehgBhz.exe
  C:\Windows\System\kehgBhz.exe
  2⤵
  PID:3164
- C:\Windows\System\ZYwcjke.exe
  C:\Windows\System\ZYwcjke.exe
  2⤵
  PID:3108
- C:\Windows\System\gULSULW.exe
  C:\Windows\System\gULSULW.exe
  2⤵
  PID:3268
- C:\Windows\System\Qvxcjap.exe
  C:\Windows\System\Qvxcjap.exe
  2⤵
  PID:3412
- C:\Windows\System\QeRtJqb.exe
  C:\Windows\System\QeRtJqb.exe
  2⤵
  PID:3456
- C:\Windows\System\YqMdnVS.exe
  C:\Windows\System\YqMdnVS.exe
  2⤵
  PID:3472
- C:\Windows\System\hxYwAVX.exe
  C:\Windows\System\hxYwAVX.exe
  2⤵
  PID:3592
- C:\Windows\System\EfmxYcf.exe
  C:\Windows\System\EfmxYcf.exe
  2⤵
  PID:3500
- C:\Windows\System\YylCacq.exe
  C:\Windows\System\YylCacq.exe
  2⤵
  PID:3572
- C:\Windows\System\nrxntzy.exe
  C:\Windows\System\nrxntzy.exe
  2⤵
  PID:3632
- C:\Windows\System\vFCJvTX.exe
  C:\Windows\System\vFCJvTX.exe
  2⤵
  PID:3860
- C:\Windows\System\QtPpYNE.exe
  C:\Windows\System\QtPpYNE.exe
  2⤵
  PID:3800
- C:\Windows\System\jefzcSS.exe
  C:\Windows\System\jefzcSS.exe
  2⤵
  PID:3608
- C:\Windows\System\uNOwkVq.exe
  C:\Windows\System\uNOwkVq.exe
  2⤵
  PID:3928
- C:\Windows\System\SPRUbDD.exe
  C:\Windows\System\SPRUbDD.exe
  2⤵
  PID:600
- C:\Windows\System\IiOHWWw.exe
  C:\Windows\System\IiOHWWw.exe
  2⤵
  PID:3736
- C:\Windows\System\quXZlog.exe
  C:\Windows\System\quXZlog.exe
  2⤵
  PID:4020
- C:\Windows\System\XyglKMq.exe
  C:\Windows\System\XyglKMq.exe
  2⤵
  PID:3964
- C:\Windows\System\Xhsrhqc.exe
  C:\Windows\System\Xhsrhqc.exe
  2⤵
  PID:1740
- C:\Windows\System\VzWrTDD.exe
  C:\Windows\System\VzWrTDD.exe
  2⤵
  PID:3188
- C:\Windows\System\qkbOUoI.exe
  C:\Windows\System\qkbOUoI.exe
  2⤵
  PID:916
- C:\Windows\System\UXZjLHm.exe
  C:\Windows\System\UXZjLHm.exe
  2⤵
  PID:1724
- C:\Windows\System\CKqpijx.exe
  C:\Windows\System\CKqpijx.exe
  2⤵
  PID:1160
- C:\Windows\System\uJyGtmd.exe
  C:\Windows\System\uJyGtmd.exe
  2⤵
  PID:3208
- C:\Windows\System\pCRptMG.exe
  C:\Windows\System\pCRptMG.exe
  2⤵
  PID:3492
- C:\Windows\System\iwvZmjT.exe
  C:\Windows\System\iwvZmjT.exe
  2⤵
  PID:3340
- C:\Windows\System\aNNwDHY.exe
  C:\Windows\System\aNNwDHY.exe
  2⤵
  PID:3524
- C:\Windows\System\VHaKeYo.exe
  C:\Windows\System\VHaKeYo.exe
  2⤵
  PID:3384
- C:\Windows\System\gCrNcZu.exe
  C:\Windows\System\gCrNcZu.exe
  2⤵
  PID:3672
- C:\Windows\System\RLrPEaf.exe
  C:\Windows\System\RLrPEaf.exe
  2⤵
  PID:3692
- C:\Windows\System\kplldmK.exe
  C:\Windows\System\kplldmK.exe
  2⤵
  PID:4044
- C:\Windows\System\sMgxtyT.exe
  C:\Windows\System\sMgxtyT.exe
  2⤵
  PID:1036
- C:\Windows\System\rjueKcI.exe
  C:\Windows\System\rjueKcI.exe
  2⤵
  PID:1636
- C:\Windows\System\jPqQpLq.exe
  C:\Windows\System\jPqQpLq.exe
  2⤵
  PID:4112
- C:\Windows\System\oNhxriW.exe
  C:\Windows\System\oNhxriW.exe
  2⤵
  PID:4132
- C:\Windows\System\vxBwhbg.exe
  C:\Windows\System\vxBwhbg.exe
  2⤵
  PID:4156
- C:\Windows\System\ksfRCZm.exe
  C:\Windows\System\ksfRCZm.exe
  2⤵
  PID:4176
- C:\Windows\System\jQzAuCR.exe
  C:\Windows\System\jQzAuCR.exe
  2⤵
  PID:4192
- C:\Windows\System\fUbwlQd.exe
  C:\Windows\System\fUbwlQd.exe
  2⤵
  PID:4208
- C:\Windows\System\crlKGVa.exe
  C:\Windows\System\crlKGVa.exe
  2⤵
  PID:4228
- C:\Windows\System\fUahWNq.exe
  C:\Windows\System\fUahWNq.exe
  2⤵
  PID:4252
- C:\Windows\System\isUpgIf.exe
  C:\Windows\System\isUpgIf.exe
  2⤵
  PID:4276
- C:\Windows\System\YFwLghx.exe
  C:\Windows\System\YFwLghx.exe
  2⤵
  PID:4292
- C:\Windows\System\HsBdeQl.exe
  C:\Windows\System\HsBdeQl.exe
  2⤵
  PID:4316
- C:\Windows\System\jWOuyyh.exe
  C:\Windows\System\jWOuyyh.exe
  2⤵
  PID:4336
- C:\Windows\System\rVreebG.exe
  C:\Windows\System\rVreebG.exe
  2⤵
  PID:4352
- C:\Windows\System\fKtaGQz.exe
  C:\Windows\System\fKtaGQz.exe
  2⤵
  PID:4372
- C:\Windows\System\raYCkPJ.exe
  C:\Windows\System\raYCkPJ.exe
  2⤵
  PID:4392
- C:\Windows\System\BlcloJm.exe
  C:\Windows\System\BlcloJm.exe
  2⤵
  PID:4408
- C:\Windows\System\KMskEbZ.exe
  C:\Windows\System\KMskEbZ.exe
  2⤵
  PID:4432
- C:\Windows\System\DYJarFj.exe
  C:\Windows\System\DYJarFj.exe
  2⤵
  PID:4452
- C:\Windows\System\sqDATbk.exe
  C:\Windows\System\sqDATbk.exe
  2⤵
  PID:4472
- C:\Windows\System\ixrgApu.exe
  C:\Windows\System\ixrgApu.exe
  2⤵
  PID:4488
- C:\Windows\System\ahXYViu.exe
  C:\Windows\System\ahXYViu.exe
  2⤵
  PID:4504
- C:\Windows\System\FvWHnqZ.exe
  C:\Windows\System\FvWHnqZ.exe
  2⤵
  PID:4528
- C:\Windows\System\dyDDxim.exe
  C:\Windows\System\dyDDxim.exe
  2⤵
  PID:4548
- C:\Windows\System\QcyaZEJ.exe
  C:\Windows\System\QcyaZEJ.exe
  2⤵
  PID:4568
- C:\Windows\System\WYfDYeK.exe
  C:\Windows\System\WYfDYeK.exe
  2⤵
  PID:4588
- C:\Windows\System\ZEYkeqE.exe
  C:\Windows\System\ZEYkeqE.exe
  2⤵
  PID:4608
- C:\Windows\System\SwAEJDd.exe
  C:\Windows\System\SwAEJDd.exe
  2⤵
  PID:4632
- C:\Windows\System\ZurOvgn.exe
  C:\Windows\System\ZurOvgn.exe
  2⤵
  PID:4656
- C:\Windows\System\XvFwLlF.exe
  C:\Windows\System\XvFwLlF.exe
  2⤵
  PID:4676
- C:\Windows\System\HyRhdfC.exe
  C:\Windows\System\HyRhdfC.exe
  2⤵
  PID:4696
- C:\Windows\System\NAwqxEc.exe
  C:\Windows\System\NAwqxEc.exe
  2⤵
  PID:4712
- C:\Windows\System\mSJXsTo.exe
  C:\Windows\System\mSJXsTo.exe
  2⤵
  PID:4736
- C:\Windows\System\lSrxexn.exe
  C:\Windows\System\lSrxexn.exe
  2⤵
  PID:4756
- C:\Windows\System\FAgcWBc.exe
  C:\Windows\System\FAgcWBc.exe
  2⤵
  PID:4772
- C:\Windows\System\PakwCft.exe
  C:\Windows\System\PakwCft.exe
  2⤵
  PID:4792
- C:\Windows\System\veJaxlA.exe
  C:\Windows\System\veJaxlA.exe
  2⤵
  PID:4816
- C:\Windows\System\QlPvWao.exe
  C:\Windows\System\QlPvWao.exe
  2⤵
  PID:4832
- C:\Windows\System\RZHkkTz.exe
  C:\Windows\System\RZHkkTz.exe
  2⤵
  PID:4852
- C:\Windows\System\GaUOUxk.exe
  C:\Windows\System\GaUOUxk.exe
  2⤵
  PID:4872
- C:\Windows\System\PUxAGGM.exe
  C:\Windows\System\PUxAGGM.exe
  2⤵
  PID:4896
- C:\Windows\System\AKsLZUk.exe
  C:\Windows\System\AKsLZUk.exe
  2⤵
  PID:4912
- C:\Windows\System\xOYIBYk.exe
  C:\Windows\System\xOYIBYk.exe
  2⤵
  PID:4932
- C:\Windows\System\zKXSDwo.exe
  C:\Windows\System\zKXSDwo.exe
  2⤵
  PID:4952
- C:\Windows\System\yXsizYt.exe
  C:\Windows\System\yXsizYt.exe
  2⤵
  PID:4976
- C:\Windows\System\VjBERrR.exe
  C:\Windows\System\VjBERrR.exe
  2⤵
  PID:5000
- C:\Windows\System\fALHSPz.exe
  C:\Windows\System\fALHSPz.exe
  2⤵
  PID:5020
- C:\Windows\System\kufqAwV.exe
  C:\Windows\System\kufqAwV.exe
  2⤵
  PID:5036
- C:\Windows\System\ANJvQWe.exe
  C:\Windows\System\ANJvQWe.exe
  2⤵
  PID:5056
- C:\Windows\System\buNNDAb.exe
  C:\Windows\System\buNNDAb.exe
  2⤵
  PID:5076
- C:\Windows\System\SYkTreL.exe
  C:\Windows\System\SYkTreL.exe
  2⤵
  PID:5092
- C:\Windows\System\dWhUVlU.exe
  C:\Windows\System\dWhUVlU.exe
  2⤵
  PID:5116
- C:\Windows\System\ZQqBqPF.exe
  C:\Windows\System\ZQqBqPF.exe
  2⤵
  PID:2220
- C:\Windows\System\BRYFGHn.exe
  C:\Windows\System\BRYFGHn.exe
  2⤵
  PID:3312
- C:\Windows\System\uMPkAfR.exe
  C:\Windows\System\uMPkAfR.exe
  2⤵
  PID:1324
- C:\Windows\System\bLJBLzN.exe
  C:\Windows\System\bLJBLzN.exe
  2⤵
  PID:3488
- C:\Windows\System\lrUxpOG.exe
  C:\Windows\System\lrUxpOG.exe
  2⤵
  PID:1712
- C:\Windows\System\WljMCCo.exe
  C:\Windows\System\WljMCCo.exe
  2⤵
  PID:3540
- C:\Windows\System\bntZmKQ.exe
  C:\Windows\System\bntZmKQ.exe
  2⤵
  PID:3880
- C:\Windows\System\buKJdUn.exe
  C:\Windows\System\buKJdUn.exe
  2⤵
  PID:3828
- C:\Windows\System\HgrfupD.exe
  C:\Windows\System\HgrfupD.exe
  2⤵
  PID:3756
- C:\Windows\System\pTpuZKs.exe
  C:\Windows\System\pTpuZKs.exe
  2⤵
  PID:3844
- C:\Windows\System\LmgGxkd.exe
  C:\Windows\System\LmgGxkd.exe
  2⤵
  PID:4104
- C:\Windows\System\TpfbBFF.exe
  C:\Windows\System\TpfbBFF.exe
  2⤵
  PID:4168
- C:\Windows\System\kLxHtUd.exe
  C:\Windows\System\kLxHtUd.exe
  2⤵
  PID:4240
- C:\Windows\System\UfaZxXJ.exe
  C:\Windows\System\UfaZxXJ.exe
  2⤵
  PID:4332
- C:\Windows\System\dDbPqeJ.exe
  C:\Windows\System\dDbPqeJ.exe
  2⤵
  PID:4184
- C:\Windows\System\OvKgukW.exe
  C:\Windows\System\OvKgukW.exe
  2⤵
  PID:4360
- C:\Windows\System\NHxARka.exe
  C:\Windows\System\NHxARka.exe
  2⤵
  PID:4308
- C:\Windows\System\QewbELi.exe
  C:\Windows\System\QewbELi.exe
  2⤵
  PID:4312
- C:\Windows\System\IKzRGtW.exe
  C:\Windows\System\IKzRGtW.exe
  2⤵
  PID:4384
- C:\Windows\System\NHLLLRI.exe
  C:\Windows\System\NHLLLRI.exe
  2⤵
  PID:4480
- C:\Windows\System\yzGwAmb.exe
  C:\Windows\System\yzGwAmb.exe
  2⤵
  PID:4520
- C:\Windows\System\dbGsTDl.exe
  C:\Windows\System\dbGsTDl.exe
  2⤵
  PID:4468
- C:\Windows\System\uCsIIuA.exe
  C:\Windows\System\uCsIIuA.exe
  2⤵
  PID:4604
- C:\Windows\System\ZOrwwcV.exe
  C:\Windows\System\ZOrwwcV.exe
  2⤵
  PID:4580
- C:\Windows\System\xZzEGWx.exe
  C:\Windows\System\xZzEGWx.exe
  2⤵
  PID:4648
- C:\Windows\System\lsOnRbr.exe
  C:\Windows\System\lsOnRbr.exe
  2⤵
  PID:4624
- C:\Windows\System\SPqvxFb.exe
  C:\Windows\System\SPqvxFb.exe
  2⤵
  PID:4664
- C:\Windows\System\UZXYEsp.exe
  C:\Windows\System\UZXYEsp.exe
  2⤵
  PID:4704
- C:\Windows\System\hlurHUc.exe
  C:\Windows\System\hlurHUc.exe
  2⤵
  PID:4708
- C:\Windows\System\CumVuyQ.exe
  C:\Windows\System\CumVuyQ.exe
  2⤵
  PID:4800
- C:\Windows\System\psVCxHA.exe
  C:\Windows\System\psVCxHA.exe
  2⤵
  PID:4780
- C:\Windows\System\YzMmANb.exe
  C:\Windows\System\YzMmANb.exe
  2⤵
  PID:4824
- C:\Windows\System\qlLZAgG.exe
  C:\Windows\System\qlLZAgG.exe
  2⤵
  PID:4860
- C:\Windows\System\JeEIvWt.exe
  C:\Windows\System\JeEIvWt.exe
  2⤵
  PID:4868
- C:\Windows\System\dzAzCVr.exe
  C:\Windows\System\dzAzCVr.exe
  2⤵
  PID:4944
- C:\Windows\System\kdlljuk.exe
  C:\Windows\System\kdlljuk.exe
  2⤵
  PID:5008
- C:\Windows\System\tQaeiyH.exe
  C:\Windows\System\tQaeiyH.exe
  2⤵
  PID:4988
- C:\Windows\System\LNCdsyH.exe
  C:\Windows\System\LNCdsyH.exe
  2⤵
  PID:5048
- C:\Windows\System\oWfnIFc.exe
  C:\Windows\System\oWfnIFc.exe
  2⤵
  PID:4088
- C:\Windows\System\uDreTxM.exe
  C:\Windows\System\uDreTxM.exe
  2⤵
  PID:5072
- C:\Windows\System\oiTktix.exe
  C:\Windows\System\oiTktix.exe
  2⤵
  PID:2984
- C:\Windows\System\afAfZDX.exe
  C:\Windows\System\afAfZDX.exe
  2⤵
  PID:908
- C:\Windows\System\gYzBZRN.exe
  C:\Windows\System\gYzBZRN.exe
  2⤵
  PID:3980
- C:\Windows\System\awhWofE.exe
  C:\Windows\System\awhWofE.exe
  2⤵
  PID:3212
- C:\Windows\System\Niibzrm.exe
  C:\Windows\System\Niibzrm.exe
  2⤵
  PID:4164
- C:\Windows\System\TgYnoNk.exe
  C:\Windows\System\TgYnoNk.exe
  2⤵
  PID:3920
- C:\Windows\System\aMWxifh.exe
  C:\Windows\System\aMWxifh.exe
  2⤵
  PID:4204
- C:\Windows\System\uuOYMgM.exe
  C:\Windows\System\uuOYMgM.exe
  2⤵
  PID:1248
- C:\Windows\System\OIlHiXb.exe
  C:\Windows\System\OIlHiXb.exe
  2⤵
  PID:4364
- C:\Windows\System\vDiMvws.exe
  C:\Windows\System\vDiMvws.exe
  2⤵
  PID:2744
- C:\Windows\System\nmNBfiD.exe
  C:\Windows\System\nmNBfiD.exe
  2⤵
  PID:4268
- C:\Windows\System\yveDqXL.exe
  C:\Windows\System\yveDqXL.exe
  2⤵
  PID:4344
- C:\Windows\System\zyHIxyC.exe
  C:\Windows\System\zyHIxyC.exe
  2⤵
  PID:4512
- C:\Windows\System\iOKBLsS.exe
  C:\Windows\System\iOKBLsS.exe
  2⤵
  PID:4556
- C:\Windows\System\ZzTTDGq.exe
  C:\Windows\System\ZzTTDGq.exe
  2⤵
  PID:4544
- C:\Windows\System\bJQkBJY.exe
  C:\Windows\System\bJQkBJY.exe
  2⤵
  PID:4584
- C:\Windows\System\ofBBDqa.exe
  C:\Windows\System\ofBBDqa.exe
  2⤵
  PID:4728
- C:\Windows\System\nToVcNz.exe
  C:\Windows\System\nToVcNz.exe
  2⤵
  PID:4752
- C:\Windows\System\gZHntCX.exe
  C:\Windows\System\gZHntCX.exe
  2⤵
  PID:4892
- C:\Windows\System\bAYSvBJ.exe
  C:\Windows\System\bAYSvBJ.exe
  2⤵
  PID:4904
- C:\Windows\System\gxlwlrE.exe
  C:\Windows\System\gxlwlrE.exe
  2⤵
  PID:4788
- C:\Windows\System\YToHXmI.exe
  C:\Windows\System\YToHXmI.exe
  2⤵
  PID:4884
- C:\Windows\System\TZNPaSt.exe
  C:\Windows\System\TZNPaSt.exe
  2⤵
  PID:5028
- C:\Windows\System\qFjuTKx.exe
  C:\Windows\System\qFjuTKx.exe
  2⤵
  PID:5112
- C:\Windows\System\sHIsiHV.exe
  C:\Windows\System\sHIsiHV.exe
  2⤵
  PID:3084
- C:\Windows\System\OBPaPMV.exe
  C:\Windows\System\OBPaPMV.exe
  2⤵
  PID:3192
- C:\Windows\System\fPJFtxB.exe
  C:\Windows\System\fPJFtxB.exe
  2⤵
  PID:4128
- C:\Windows\System\icwvihX.exe
  C:\Windows\System\icwvihX.exe
  2⤵
  PID:4188
- C:\Windows\System\GxxCkjj.exe
  C:\Windows\System\GxxCkjj.exe
  2⤵
  PID:3420
- C:\Windows\System\mFVcdjt.exe
  C:\Windows\System\mFVcdjt.exe
  2⤵
  PID:4172
- C:\Windows\System\XkZGHhv.exe
  C:\Windows\System\XkZGHhv.exe
  2⤵
  PID:4464
- C:\Windows\System\hicycAe.exe
  C:\Windows\System\hicycAe.exe
  2⤵
  PID:4600
- C:\Windows\System\uKDBptp.exe
  C:\Windows\System\uKDBptp.exe
  2⤵
  PID:4616
- C:\Windows\System\HBcmbOT.exe
  C:\Windows\System\HBcmbOT.exe
  2⤵
  PID:2748
- C:\Windows\System\WhFJQQM.exe
  C:\Windows\System\WhFJQQM.exe
  2⤵
  PID:4844
- C:\Windows\System\tsGYioN.exe
  C:\Windows\System\tsGYioN.exe
  2⤵
  PID:4748
- C:\Windows\System\RQCGjSK.exe
  C:\Windows\System\RQCGjSK.exe
  2⤵
  PID:4908
- C:\Windows\System\aIpwNWg.exe
  C:\Windows\System\aIpwNWg.exe
  2⤵
  PID:5088
- C:\Windows\System\VnAoevT.exe
  C:\Windows\System\VnAoevT.exe
  2⤵
  PID:5052
- C:\Windows\System\bAxxpEf.exe
  C:\Windows\System\bAxxpEf.exe
  2⤵
  PID:5136
- C:\Windows\System\lhvzUXo.exe
  C:\Windows\System\lhvzUXo.exe
  2⤵
  PID:5160
- C:\Windows\System\lTtqrhx.exe
  C:\Windows\System\lTtqrhx.exe
  2⤵
  PID:5180
- C:\Windows\System\eJdrDws.exe
  C:\Windows\System\eJdrDws.exe
  2⤵
  PID:5200
- C:\Windows\System\JlhHZFA.exe
  C:\Windows\System\JlhHZFA.exe
  2⤵
  PID:5220
- C:\Windows\System\DzRVFCf.exe
  C:\Windows\System\DzRVFCf.exe
  2⤵
  PID:5240
- C:\Windows\System\errVJHw.exe
  C:\Windows\System\errVJHw.exe
  2⤵
  PID:5260
- C:\Windows\System\kaAhJIl.exe
  C:\Windows\System\kaAhJIl.exe
  2⤵
  PID:5280
- C:\Windows\System\fYUJZDF.exe
  C:\Windows\System\fYUJZDF.exe
  2⤵
  PID:5300
- C:\Windows\System\LtIPuXL.exe
  C:\Windows\System\LtIPuXL.exe
  2⤵
  PID:5320
- C:\Windows\System\fdSvkbW.exe
  C:\Windows\System\fdSvkbW.exe
  2⤵
  PID:5340
- C:\Windows\System\yJCDGRD.exe
  C:\Windows\System\yJCDGRD.exe
  2⤵
  PID:5360
- C:\Windows\System\wneRCOQ.exe
  C:\Windows\System\wneRCOQ.exe
  2⤵
  PID:5380
- C:\Windows\System\HBFvISy.exe
  C:\Windows\System\HBFvISy.exe
  2⤵
  PID:5400
- C:\Windows\System\zVSTYIL.exe
  C:\Windows\System\zVSTYIL.exe
  2⤵
  PID:5420
- C:\Windows\System\WCyWVOD.exe
  C:\Windows\System\WCyWVOD.exe
  2⤵
  PID:5436
- C:\Windows\System\GdiNrGO.exe
  C:\Windows\System\GdiNrGO.exe
  2⤵
  PID:5456
- C:\Windows\System\iLkaaBN.exe
  C:\Windows\System\iLkaaBN.exe
  2⤵
  PID:5480
- C:\Windows\System\XGhzebL.exe
  C:\Windows\System\XGhzebL.exe
  2⤵
  PID:5496
- C:\Windows\System\XkoRRvR.exe
  C:\Windows\System\XkoRRvR.exe
  2⤵
  PID:5516
- C:\Windows\System\HTgGfeT.exe
  C:\Windows\System\HTgGfeT.exe
  2⤵
  PID:5536
- C:\Windows\System\GQdtKiK.exe
  C:\Windows\System\GQdtKiK.exe
  2⤵
  PID:5556
- C:\Windows\System\LCLATJc.exe
  C:\Windows\System\LCLATJc.exe
  2⤵
  PID:5572
- C:\Windows\System\ZiVugEW.exe
  C:\Windows\System\ZiVugEW.exe
  2⤵
  PID:5596
- C:\Windows\System\rzoBihj.exe
  C:\Windows\System\rzoBihj.exe
  2⤵
  PID:5616
- C:\Windows\System\yIrdRwl.exe
  C:\Windows\System\yIrdRwl.exe
  2⤵
  PID:5636
- C:\Windows\System\cDufvqj.exe
  C:\Windows\System\cDufvqj.exe
  2⤵
  PID:5656
- C:\Windows\System\CaeqzjZ.exe
  C:\Windows\System\CaeqzjZ.exe
  2⤵
  PID:5672
- C:\Windows\System\WCPtwSv.exe
  C:\Windows\System\WCPtwSv.exe
  2⤵
  PID:5692
- C:\Windows\System\ZIaZFbf.exe
  C:\Windows\System\ZIaZFbf.exe
  2⤵
  PID:5716
- C:\Windows\System\RfUWNzt.exe
  C:\Windows\System\RfUWNzt.exe
  2⤵
  PID:5732
- C:\Windows\System\qenqbqr.exe
  C:\Windows\System\qenqbqr.exe
  2⤵
  PID:5748
- C:\Windows\System\rCyrNPL.exe
  C:\Windows\System\rCyrNPL.exe
  2⤵
  PID:5764
- C:\Windows\System\TJWbMHR.exe
  C:\Windows\System\TJWbMHR.exe
  2⤵
  PID:5788
- C:\Windows\System\NXtNwaS.exe
  C:\Windows\System\NXtNwaS.exe
  2⤵
  PID:5820
- C:\Windows\System\NjMQidj.exe
  C:\Windows\System\NjMQidj.exe
  2⤵
  PID:5840
- C:\Windows\System\WywEBuo.exe
  C:\Windows\System\WywEBuo.exe
  2⤵
  PID:5860
- C:\Windows\System\oYvGThp.exe
  C:\Windows\System\oYvGThp.exe
  2⤵
  PID:5880
- C:\Windows\System\tSVZoyR.exe
  C:\Windows\System\tSVZoyR.exe
  2⤵
  PID:5900
- C:\Windows\System\EedlrkO.exe
  C:\Windows\System\EedlrkO.exe
  2⤵
  PID:5916
- C:\Windows\System\VIDEllU.exe
  C:\Windows\System\VIDEllU.exe
  2⤵
  PID:5936
- C:\Windows\System\ZVmXnIt.exe
  C:\Windows\System\ZVmXnIt.exe
  2⤵
  PID:5956
- C:\Windows\System\gSMdUMr.exe
  C:\Windows\System\gSMdUMr.exe
  2⤵
  PID:5976
- C:\Windows\System\HGiVKLQ.exe
  C:\Windows\System\HGiVKLQ.exe
  2⤵
  PID:5996
- C:\Windows\System\dOasTUm.exe
  C:\Windows\System\dOasTUm.exe
  2⤵
  PID:6020
- C:\Windows\System\EBsueuq.exe
  C:\Windows\System\EBsueuq.exe
  2⤵
  PID:6040
- C:\Windows\System\Jkpuach.exe
  C:\Windows\System\Jkpuach.exe
  2⤵
  PID:6060
- C:\Windows\System\sxZryDJ.exe
  C:\Windows\System\sxZryDJ.exe
  2⤵
  PID:6080
- C:\Windows\System\ASOSwGL.exe
  C:\Windows\System\ASOSwGL.exe
  2⤵
  PID:6100
- C:\Windows\System\RFGWakn.exe
  C:\Windows\System\RFGWakn.exe
  2⤵
  PID:6120
- C:\Windows\System\ChaPdpK.exe
  C:\Windows\System\ChaPdpK.exe
  2⤵
  PID:6140
- C:\Windows\System\xvvLNLp.exe
  C:\Windows\System\xvvLNLp.exe
  2⤵
  PID:3712
- C:\Windows\System\IPfoqUo.exe
  C:\Windows\System\IPfoqUo.exe
  2⤵
  PID:3168
- C:\Windows\System\hEpqKnr.exe
  C:\Windows\System\hEpqKnr.exe
  2⤵
  PID:4260
- C:\Windows\System\cHhGcXS.exe
  C:\Windows\System\cHhGcXS.exe
  2⤵
  PID:4416
- C:\Windows\System\OQOLhEU.exe
  C:\Windows\System\OQOLhEU.exe
  2⤵
  PID:4516
- C:\Windows\System\EqsAlxl.exe
  C:\Windows\System\EqsAlxl.exe
  2⤵
  PID:2760
- C:\Windows\System\YpLyJui.exe
  C:\Windows\System\YpLyJui.exe
  2⤵
  PID:4724
- C:\Windows\System\JVulWbI.exe
  C:\Windows\System\JVulWbI.exe
  2⤵
  PID:4732
- C:\Windows\System\XYwxCuP.exe
  C:\Windows\System\XYwxCuP.exe
  2⤵
  PID:5044
- C:\Windows\System\vSysJPD.exe
  C:\Windows\System\vSysJPD.exe
  2⤵
  PID:5156
- C:\Windows\System\MBsPRXw.exe
  C:\Windows\System\MBsPRXw.exe
  2⤵
  PID:5168
- C:\Windows\System\hRmtMkb.exe
  C:\Windows\System\hRmtMkb.exe
  2⤵
  PID:5228
- C:\Windows\System\lvacUVG.exe
  C:\Windows\System\lvacUVG.exe
  2⤵
  PID:5272
- C:\Windows\System\APGNIuF.exe
  C:\Windows\System\APGNIuF.exe
  2⤵
  PID:5256
- C:\Windows\System\gNBhxbx.exe
  C:\Windows\System\gNBhxbx.exe
  2⤵
  PID:5296
- C:\Windows\System\UbGBTrG.exe
  C:\Windows\System\UbGBTrG.exe
  2⤵
  PID:5388
- C:\Windows\System\NRWbDOG.exe
  C:\Windows\System\NRWbDOG.exe
  2⤵
  PID:5332
- C:\Windows\System\hqjAMSa.exe
  C:\Windows\System\hqjAMSa.exe
  2⤵
  PID:5476
- C:\Windows\System\cEiogQc.exe
  C:\Windows\System\cEiogQc.exe
  2⤵
  PID:5408
- C:\Windows\System\kstYufW.exe
  C:\Windows\System\kstYufW.exe
  2⤵
  PID:5544
- C:\Windows\System\lgFtADt.exe
  C:\Windows\System\lgFtADt.exe
  2⤵
  PID:5448
- C:\Windows\System\DMXIZsG.exe
  C:\Windows\System\DMXIZsG.exe
  2⤵
  PID:5580
- C:\Windows\System\vtdxPso.exe
  C:\Windows\System\vtdxPso.exe
  2⤵
  PID:5632
- C:\Windows\System\DWZXIIK.exe
  C:\Windows\System\DWZXIIK.exe
  2⤵
  PID:5704
- C:\Windows\System\vXLrEDA.exe
  C:\Windows\System\vXLrEDA.exe
  2⤵
  PID:5524
- C:\Windows\System\IQaxJRA.exe
  C:\Windows\System\IQaxJRA.exe
  2⤵
  PID:5644
- C:\Windows\System\uBCAQaN.exe
  C:\Windows\System\uBCAQaN.exe
  2⤵
  PID:5772
- C:\Windows\System\eoAbZhK.exe
  C:\Windows\System\eoAbZhK.exe
  2⤵
  PID:5728
- C:\Windows\System\qHDiWec.exe
  C:\Windows\System\qHDiWec.exe
  2⤵
  PID:5800
- C:\Windows\System\gAbxSEe.exe
  C:\Windows\System\gAbxSEe.exe
  2⤵
  PID:5828
- C:\Windows\System\BYsqJRi.exe
  C:\Windows\System\BYsqJRi.exe
  2⤵
  PID:5804
- C:\Windows\System\FFmiPJL.exe
  C:\Windows\System\FFmiPJL.exe
  2⤵
  PID:5872
- C:\Windows\System\RmycCAD.exe
  C:\Windows\System\RmycCAD.exe
  2⤵
  PID:5888
- C:\Windows\System\pcnMLLB.exe
  C:\Windows\System\pcnMLLB.exe
  2⤵
  PID:5952
- C:\Windows\System\txdxGFA.exe
  C:\Windows\System\txdxGFA.exe
  2⤵
  PID:5932
- C:\Windows\System\TQPpAGq.exe
  C:\Windows\System\TQPpAGq.exe
  2⤵
  PID:6008
- C:\Windows\System\GhvMkEO.exe
  C:\Windows\System\GhvMkEO.exe
  2⤵
  PID:6036
- C:\Windows\System\dfHKDkf.exe
  C:\Windows\System\dfHKDkf.exe
  2⤵
  PID:6108
- C:\Windows\System\IlUmuTy.exe
  C:\Windows\System\IlUmuTy.exe
  2⤵
  PID:6116
- C:\Windows\System\OZoZfhR.exe
  C:\Windows\System\OZoZfhR.exe
  2⤵
  PID:6128
- C:\Windows\System\uJdmRLI.exe
  C:\Windows\System\uJdmRLI.exe
  2⤵
  PID:3812
- C:\Windows\System\JLoTBSR.exe
  C:\Windows\System\JLoTBSR.exe
  2⤵
  PID:4144
- C:\Windows\System\ylsoSxE.exe
  C:\Windows\System\ylsoSxE.exe
  2⤵
  PID:4008
- C:\Windows\System\NDSUGQq.exe
  C:\Windows\System\NDSUGQq.exe
  2⤵
  PID:4668
- C:\Windows\System\FexbtuA.exe
  C:\Windows\System\FexbtuA.exe
  2⤵
  PID:4968
- C:\Windows\System\BrBHxNT.exe
  C:\Windows\System\BrBHxNT.exe
  2⤵
  PID:5132
- C:\Windows\System\oJmrPbY.exe
  C:\Windows\System\oJmrPbY.exe
  2⤵
  PID:5232
- C:\Windows\System\GqhmjhS.exe
  C:\Windows\System\GqhmjhS.exe
  2⤵
  PID:5208
- C:\Windows\System\FZKdXmn.exe
  C:\Windows\System\FZKdXmn.exe
  2⤵
  PID:5308
- C:\Windows\System\tgmEwhj.exe
  C:\Windows\System\tgmEwhj.exe
  2⤵
  PID:5352
- C:\Windows\System\CHpqUXT.exe
  C:\Windows\System\CHpqUXT.exe
  2⤵
  PID:2732
- C:\Windows\System\urjWZaL.exe
  C:\Windows\System\urjWZaL.exe
  2⤵
  PID:5512
- C:\Windows\System\TsPgIzV.exe
  C:\Windows\System\TsPgIzV.exe
  2⤵
  PID:5444
- C:\Windows\System\njxVdcl.exe
  C:\Windows\System\njxVdcl.exe
  2⤵
  PID:5532
- C:\Windows\System\JqPpGoL.exe
  C:\Windows\System\JqPpGoL.exe
  2⤵
  PID:5668
- C:\Windows\System\cQzJlQV.exe
  C:\Windows\System\cQzJlQV.exe
  2⤵
  PID:5652
- C:\Windows\System\TxvZfuI.exe
  C:\Windows\System\TxvZfuI.exe
  2⤵
  PID:5688
- C:\Windows\System\hFrHEHS.exe
  C:\Windows\System\hFrHEHS.exe
  2⤵
  PID:5724
- C:\Windows\System\CKAuiHB.exe
  C:\Windows\System\CKAuiHB.exe
  2⤵
  PID:2952
- C:\Windows\System\MVYTIDe.exe
  C:\Windows\System\MVYTIDe.exe
  2⤵
  PID:5856
- C:\Windows\System\sXeSfBb.exe
  C:\Windows\System\sXeSfBb.exe
  2⤵
  PID:5924
- C:\Windows\System\zLsXoUU.exe
  C:\Windows\System\zLsXoUU.exe
  2⤵
  PID:5944
- C:\Windows\System\hpdMzJP.exe
  C:\Windows\System\hpdMzJP.exe
  2⤵
  PID:6012
- C:\Windows\System\gmxvcvd.exe
  C:\Windows\System\gmxvcvd.exe
  2⤵
  PID:6076
- C:\Windows\System\kvKrsOR.exe
  C:\Windows\System\kvKrsOR.exe
  2⤵
  PID:6112
- C:\Windows\System\ytehbzf.exe
  C:\Windows\System\ytehbzf.exe
  2⤵
  PID:4300
- C:\Windows\System\YrKKLdc.exe
  C:\Windows\System\YrKKLdc.exe
  2⤵
  PID:4564
- C:\Windows\System\ntYSxRr.exe
  C:\Windows\System\ntYSxRr.exe
  2⤵
  PID:5144
- C:\Windows\System\VaKvEMv.exe
  C:\Windows\System\VaKvEMv.exe
  2⤵
  PID:5188
- C:\Windows\System\tTfseaM.exe
  C:\Windows\System\tTfseaM.exe
  2⤵
  PID:5192
- C:\Windows\System\lwYrDkx.exe
  C:\Windows\System\lwYrDkx.exe
  2⤵
  PID:5348
- C:\Windows\System\uxlsiFr.exe
  C:\Windows\System\uxlsiFr.exe
  2⤵
  PID:5548
- C:\Windows\System\xvNXwwn.exe
  C:\Windows\System\xvNXwwn.exe
  2⤵
  PID:5664
- C:\Windows\System\MmBFkLv.exe
  C:\Windows\System\MmBFkLv.exe
  2⤵
  PID:5624
- C:\Windows\System\QoaNWWd.exe
  C:\Windows\System\QoaNWWd.exe
  2⤵
  PID:5608
- C:\Windows\System\BvofOBC.exe
  C:\Windows\System\BvofOBC.exe
  2⤵
  PID:5604
- C:\Windows\System\vlMVKCg.exe
  C:\Windows\System\vlMVKCg.exe
  2⤵
  PID:5680
- C:\Windows\System\yKRKeXu.exe
  C:\Windows\System\yKRKeXu.exe
  2⤵
  PID:5968
- C:\Windows\System\SgIXCjT.exe
  C:\Windows\System\SgIXCjT.exe
  2⤵
  PID:6132
- C:\Windows\System\zdgMoie.exe
  C:\Windows\System\zdgMoie.exe
  2⤵
  PID:6056
- C:\Windows\System\VVtMOap.exe
  C:\Windows\System\VVtMOap.exe
  2⤵
  PID:5064
- C:\Windows\System\jZVotvO.exe
  C:\Windows\System\jZVotvO.exe
  2⤵
  PID:4928
- C:\Windows\System\zKFAbRc.exe
  C:\Windows\System\zKFAbRc.exe
  2⤵
  PID:6156
- C:\Windows\System\fFuAGdc.exe
  C:\Windows\System\fFuAGdc.exe
  2⤵
  PID:6176
- C:\Windows\System\txZVrKz.exe
  C:\Windows\System\txZVrKz.exe
  2⤵
  PID:6196
- C:\Windows\System\YQLkREG.exe
  C:\Windows\System\YQLkREG.exe
  2⤵
  PID:6212
- C:\Windows\System\XjquuhW.exe
  C:\Windows\System\XjquuhW.exe
  2⤵
  PID:6236
- C:\Windows\System\XNRLeup.exe
  C:\Windows\System\XNRLeup.exe
  2⤵
  PID:6256
- C:\Windows\System\RJrOgUY.exe
  C:\Windows\System\RJrOgUY.exe
  2⤵
  PID:6276
- C:\Windows\System\KLhVkkD.exe
  C:\Windows\System\KLhVkkD.exe
  2⤵
  PID:6296
- C:\Windows\System\CvaukpP.exe
  C:\Windows\System\CvaukpP.exe
  2⤵
  PID:6316
- C:\Windows\System\RYshwkR.exe
  C:\Windows\System\RYshwkR.exe
  2⤵
  PID:6336
- C:\Windows\System\NPvpbGr.exe
  C:\Windows\System\NPvpbGr.exe
  2⤵
  PID:6356
- C:\Windows\System\cbmMPKO.exe
  C:\Windows\System\cbmMPKO.exe
  2⤵
  PID:6376
- C:\Windows\System\XApixjx.exe
  C:\Windows\System\XApixjx.exe
  2⤵
  PID:6400
- C:\Windows\System\FKXMAHE.exe
  C:\Windows\System\FKXMAHE.exe
  2⤵
  PID:6420
- C:\Windows\System\tNWxHbK.exe
  C:\Windows\System\tNWxHbK.exe
  2⤵
  PID:6440
- C:\Windows\System\WHfNdRN.exe
  C:\Windows\System\WHfNdRN.exe
  2⤵
  PID:6460
- C:\Windows\System\pDUeMjP.exe
  C:\Windows\System\pDUeMjP.exe
  2⤵
  PID:6480
- C:\Windows\System\kmoQhhj.exe
  C:\Windows\System\kmoQhhj.exe
  2⤵
  PID:6500
- C:\Windows\System\SDGqqos.exe
  C:\Windows\System\SDGqqos.exe
  2⤵
  PID:6520
- C:\Windows\System\kkQtvye.exe
  C:\Windows\System\kkQtvye.exe
  2⤵
  PID:6540
- C:\Windows\System\wFQzwvH.exe
  C:\Windows\System\wFQzwvH.exe
  2⤵
  PID:6560
- C:\Windows\System\PNzMkxO.exe
  C:\Windows\System\PNzMkxO.exe
  2⤵
  PID:6580
- C:\Windows\System\eVBiWtk.exe
  C:\Windows\System\eVBiWtk.exe
  2⤵
  PID:6600
- C:\Windows\System\jbBZnio.exe
  C:\Windows\System\jbBZnio.exe
  2⤵
  PID:6620
- C:\Windows\System\AcsKLOG.exe
  C:\Windows\System\AcsKLOG.exe
  2⤵
  PID:6640
- C:\Windows\System\iHKXxAX.exe
  C:\Windows\System\iHKXxAX.exe
  2⤵
  PID:6660
- C:\Windows\System\vuGvAWP.exe
  C:\Windows\System\vuGvAWP.exe
  2⤵
  PID:6680
- C:\Windows\System\kIlxdlP.exe
  C:\Windows\System\kIlxdlP.exe
  2⤵
  PID:6700
- C:\Windows\System\LHvjTTy.exe
  C:\Windows\System\LHvjTTy.exe
  2⤵
  PID:6720
- C:\Windows\System\GoECbIN.exe
  C:\Windows\System\GoECbIN.exe
  2⤵
  PID:6740
- C:\Windows\System\aEOvwKH.exe
  C:\Windows\System\aEOvwKH.exe
  2⤵
  PID:6760
- C:\Windows\System\DpIgNAU.exe
  C:\Windows\System\DpIgNAU.exe
  2⤵
  PID:6780
- C:\Windows\System\xXBbRfy.exe
  C:\Windows\System\xXBbRfy.exe
  2⤵
  PID:6800
- C:\Windows\System\otTdNaK.exe
  C:\Windows\System\otTdNaK.exe
  2⤵
  PID:6820
- C:\Windows\System\dEGmqjC.exe
  C:\Windows\System\dEGmqjC.exe
  2⤵
  PID:6840
- C:\Windows\System\WohAoFB.exe
  C:\Windows\System\WohAoFB.exe
  2⤵
  PID:6856
- C:\Windows\System\Rtoytcu.exe
  C:\Windows\System\Rtoytcu.exe
  2⤵
  PID:6880
- C:\Windows\System\QMrpTsc.exe
  C:\Windows\System\QMrpTsc.exe
  2⤵
  PID:6900
- C:\Windows\System\UMhCmhd.exe
  C:\Windows\System\UMhCmhd.exe
  2⤵
  PID:6920
- C:\Windows\System\ecoVGOE.exe
  C:\Windows\System\ecoVGOE.exe
  2⤵
  PID:6940
- C:\Windows\System\cUvsBEP.exe
  C:\Windows\System\cUvsBEP.exe
  2⤵
  PID:6960
- C:\Windows\System\gcRVaGr.exe
  C:\Windows\System\gcRVaGr.exe
  2⤵
  PID:6980
- C:\Windows\System\SAbCeXQ.exe
  C:\Windows\System\SAbCeXQ.exe
  2⤵
  PID:7000
- C:\Windows\System\PYArnNa.exe
  C:\Windows\System\PYArnNa.exe
  2⤵
  PID:7020
- C:\Windows\System\BsfiSzJ.exe
  C:\Windows\System\BsfiSzJ.exe
  2⤵
  PID:7040
- C:\Windows\System\DzxYAam.exe
  C:\Windows\System\DzxYAam.exe
  2⤵
  PID:7060
- C:\Windows\System\YQHNTFF.exe
  C:\Windows\System\YQHNTFF.exe
  2⤵
  PID:7080
- C:\Windows\System\nRxGNLL.exe
  C:\Windows\System\nRxGNLL.exe
  2⤵
  PID:7100
- C:\Windows\System\BnWZzGh.exe
  C:\Windows\System\BnWZzGh.exe
  2⤵
  PID:7120
- C:\Windows\System\fQAHGmN.exe
  C:\Windows\System\fQAHGmN.exe
  2⤵
  PID:7140
- C:\Windows\System\irPjNhh.exe
  C:\Windows\System\irPjNhh.exe
  2⤵
  PID:7160
- C:\Windows\System\zIXtChY.exe
  C:\Windows\System\zIXtChY.exe
  2⤵
  PID:5248
- C:\Windows\System\dtUfhGG.exe
  C:\Windows\System\dtUfhGG.exe
  2⤵
  PID:5336
- C:\Windows\System\HrfmDfh.exe
  C:\Windows\System\HrfmDfh.exe
  2⤵
  PID:2676
- C:\Windows\System\BfcjQoK.exe
  C:\Windows\System\BfcjQoK.exe
  2⤵
  PID:5784
- C:\Windows\System\ElFtBYu.exe
  C:\Windows\System\ElFtBYu.exe
  2⤵
  PID:5908
- C:\Windows\System\YGlRlIf.exe
  C:\Windows\System\YGlRlIf.exe
  2⤵
  PID:5988
- C:\Windows\System\LGpDzYl.exe
  C:\Windows\System\LGpDzYl.exe
  2⤵
  PID:5896
- C:\Windows\System\NJxNiFc.exe
  C:\Windows\System\NJxNiFc.exe
  2⤵
  PID:4420
- C:\Windows\System\aSXIjCw.exe
  C:\Windows\System\aSXIjCw.exe
  2⤵
  PID:6092
- C:\Windows\System\TSfYJcM.exe
  C:\Windows\System\TSfYJcM.exe
  2⤵
  PID:6184
- C:\Windows\System\hKBOKSj.exe
  C:\Windows\System\hKBOKSj.exe
  2⤵
  PID:6220
- C:\Windows\System\zudjwBz.exe
  C:\Windows\System\zudjwBz.exe
  2⤵
  PID:6228
- C:\Windows\System\ADLMitJ.exe
  C:\Windows\System\ADLMitJ.exe
  2⤵
  PID:6268
- C:\Windows\System\jAHKJhl.exe
  C:\Windows\System\jAHKJhl.exe
  2⤵
  PID:6312
- C:\Windows\System\vbJWplr.exe
  C:\Windows\System\vbJWplr.exe
  2⤵
  PID:6324
- C:\Windows\System\lNmdsGq.exe
  C:\Windows\System\lNmdsGq.exe
  2⤵
  PID:6348
- C:\Windows\System\CoKewLP.exe
  C:\Windows\System\CoKewLP.exe
  2⤵
  PID:6396
- C:\Windows\System\KMIQGjP.exe
  C:\Windows\System\KMIQGjP.exe
  2⤵
  PID:6436
- C:\Windows\System\qmxWQtW.exe
  C:\Windows\System\qmxWQtW.exe
  2⤵
  PID:6468
- C:\Windows\System\dwlCzIV.exe
  C:\Windows\System\dwlCzIV.exe
  2⤵
  PID:6472
- C:\Windows\System\IEBxxwY.exe
  C:\Windows\System\IEBxxwY.exe
  2⤵
  PID:6516
- C:\Windows\System\fJMriDO.exe
  C:\Windows\System\fJMriDO.exe
  2⤵
  PID:6588
- C:\Windows\System\mZjIrVM.exe
  C:\Windows\System\mZjIrVM.exe
  2⤵
  PID:6536
- C:\Windows\System\QRYoSCZ.exe
  C:\Windows\System\QRYoSCZ.exe
  2⤵
  PID:6572
- C:\Windows\System\lbOcIux.exe
  C:\Windows\System\lbOcIux.exe
  2⤵
  PID:6632
- C:\Windows\System\katlyVW.exe
  C:\Windows\System\katlyVW.exe
  2⤵
  PID:6676
- C:\Windows\System\BxJGqio.exe
  C:\Windows\System\BxJGqio.exe
  2⤵
  PID:6688
- C:\Windows\System\ikgULow.exe
  C:\Windows\System\ikgULow.exe
  2⤵
  PID:6748
- C:\Windows\System\roGtUPz.exe
  C:\Windows\System\roGtUPz.exe
  2⤵
  PID:6732
- C:\Windows\System\OlxGaji.exe
  C:\Windows\System\OlxGaji.exe
  2⤵
  PID:6772
- C:\Windows\System\jhXglMJ.exe
  C:\Windows\System\jhXglMJ.exe
  2⤵
  PID:6836
- C:\Windows\System\hLkEVyN.exe
  C:\Windows\System\hLkEVyN.exe
  2⤵
  PID:6864
- C:\Windows\System\QiPdGWS.exe
  C:\Windows\System\QiPdGWS.exe
  2⤵
  PID:6848
- C:\Windows\System\sXUzzAB.exe
  C:\Windows\System\sXUzzAB.exe
  2⤵
  PID:6896
- C:\Windows\System\KRGOmqQ.exe
  C:\Windows\System\KRGOmqQ.exe
  2⤵
  PID:6956
- C:\Windows\System\AtTFanT.exe
  C:\Windows\System\AtTFanT.exe
  2⤵
  PID:6988
- C:\Windows\System\pNbDeDx.exe
  C:\Windows\System\pNbDeDx.exe
  2⤵
  PID:2040
- C:\Windows\System\gbXsulf.exe
  C:\Windows\System\gbXsulf.exe
  2⤵
  PID:7012
- C:\Windows\System\MogHQLV.exe
  C:\Windows\System\MogHQLV.exe
  2⤵
  PID:7076
- C:\Windows\System\APsPQvb.exe
  C:\Windows\System\APsPQvb.exe
  2⤵
  PID:1756
- C:\Windows\System\EyzAnUD.exe
  C:\Windows\System\EyzAnUD.exe
  2⤵
  PID:1776
- C:\Windows\System\uYYnlJx.exe
  C:\Windows\System\uYYnlJx.exe
  2⤵
  PID:7156
- C:\Windows\System\GgraTIt.exe
  C:\Windows\System\GgraTIt.exe
  2⤵
  PID:7152
- C:\Windows\System\ULTPTUo.exe
  C:\Windows\System\ULTPTUo.exe
  2⤵
  PID:5108
- C:\Windows\System\MALTfBw.exe
  C:\Windows\System\MALTfBw.exe
  2⤵
  PID:5700
- C:\Windows\System\hQDtgWF.exe
  C:\Windows\System\hQDtgWF.exe
  2⤵
  PID:5992
- C:\Windows\System\CjFmsAY.exe
  C:\Windows\System\CjFmsAY.exe
  2⤵
  PID:2204
- C:\Windows\System\irMTJPJ.exe
  C:\Windows\System\irMTJPJ.exe
  2⤵
  PID:6164
- C:\Windows\System\XtvdXta.exe
  C:\Windows\System\XtvdXta.exe
  2⤵
  PID:2012
- C:\Windows\System\PjeHZwo.exe
  C:\Windows\System\PjeHZwo.exe
  2⤵
  PID:6168
- C:\Windows\System\uTHkyFf.exe
  C:\Windows\System\uTHkyFf.exe
  2⤵
  PID:6252
- C:\Windows\System\enKxBGN.exe
  C:\Windows\System\enKxBGN.exe
  2⤵
  PID:6264
- C:\Windows\System\BpqnCWA.exe
  C:\Windows\System\BpqnCWA.exe
  2⤵
  PID:6352
- C:\Windows\System\IOYjLDK.exe
  C:\Windows\System\IOYjLDK.exe
  2⤵
  PID:6408
- C:\Windows\System\qHBNuLY.exe
  C:\Windows\System\qHBNuLY.exe
  2⤵
  PID:6372
- C:\Windows\System\QzYIpeC.exe
  C:\Windows\System\QzYIpeC.exe
  2⤵
  PID:6452
- C:\Windows\System\JGqfyVo.exe
  C:\Windows\System\JGqfyVo.exe
  2⤵
  PID:6552
- C:\Windows\System\vuuPiJJ.exe
  C:\Windows\System\vuuPiJJ.exe
  2⤵
  PID:6576
- C:\Windows\System\ciELRRF.exe
  C:\Windows\System\ciELRRF.exe
  2⤵
  PID:6672
- C:\Windows\System\eBukQKq.exe
  C:\Windows\System\eBukQKq.exe
  2⤵
  PID:6716
- C:\Windows\System\yAxqUgm.exe
  C:\Windows\System\yAxqUgm.exe
  2⤵
  PID:6696
- C:\Windows\System\OQUJaSq.exe
  C:\Windows\System\OQUJaSq.exe
  2⤵
  PID:6756
- C:\Windows\System\wDyChqz.exe
  C:\Windows\System\wDyChqz.exe
  2⤵
  PID:6832
- C:\Windows\System\zPDyGCU.exe
  C:\Windows\System\zPDyGCU.exe
  2⤵
  PID:6812
- C:\Windows\System\NqBVVqI.exe
  C:\Windows\System\NqBVVqI.exe
  2⤵
  PID:1484
- C:\Windows\System\oFNjlAO.exe
  C:\Windows\System\oFNjlAO.exe
  2⤵
  PID:6888
- C:\Windows\System\qHSwCCY.exe
  C:\Windows\System\qHSwCCY.exe
  2⤵
  PID:2540
- C:\Windows\System\lIicsaa.exe
  C:\Windows\System\lIicsaa.exe
  2⤵
  PID:7008
- C:\Windows\System\uTwAWZC.exe
  C:\Windows\System\uTwAWZC.exe
  2⤵
  PID:6996
- C:\Windows\System\eSKzQEg.exe
  C:\Windows\System\eSKzQEg.exe
  2⤵
  PID:7052
- C:\Windows\System\BNkcrhx.exe
  C:\Windows\System\BNkcrhx.exe
  2⤵
  PID:7148
- C:\Windows\System\uIfYvQe.exe
  C:\Windows\System\uIfYvQe.exe
  2⤵
  PID:1480
- C:\Windows\System\bOmgnZu.exe
  C:\Windows\System\bOmgnZu.exe
  2⤵
  PID:2008
- C:\Windows\System\MmxuBtj.exe
  C:\Windows\System\MmxuBtj.exe
  2⤵
  PID:2340
- C:\Windows\System\CinLCWf.exe
  C:\Windows\System\CinLCWf.exe
  2⤵
  PID:1700
- C:\Windows\System\CPkYdTy.exe
  C:\Windows\System\CPkYdTy.exe
  2⤵
  PID:6068
- C:\Windows\System\lMmPlAh.exe
  C:\Windows\System\lMmPlAh.exe
  2⤵
  PID:6188
- C:\Windows\System\oOuBerS.exe
  C:\Windows\System\oOuBerS.exe
  2⤵
  PID:6364
- C:\Windows\System\dRylsFh.exe
  C:\Windows\System\dRylsFh.exe
  2⤵
  PID:6496
- C:\Windows\System\zjCIxuY.exe
  C:\Windows\System\zjCIxuY.exe
  2⤵
  PID:6568
- C:\Windows\System\dRnOZQj.exe
  C:\Windows\System\dRnOZQj.exe
  2⤵
  PID:2872
- C:\Windows\System\IHFlPSG.exe
  C:\Windows\System\IHFlPSG.exe
  2⤵
  PID:6868
- C:\Windows\System\MPdZsMR.exe
  C:\Windows\System\MPdZsMR.exe
  2⤵
  PID:6972
- C:\Windows\System\dctwlKi.exe
  C:\Windows\System\dctwlKi.exe
  2⤵
  PID:7128
- C:\Windows\System\IwwFrZT.exe
  C:\Windows\System\IwwFrZT.exe
  2⤵
  PID:2944
- C:\Windows\System\SjgMwDs.exe
  C:\Windows\System\SjgMwDs.exe
  2⤵
  PID:6304
- C:\Windows\System\EyDdxqg.exe
  C:\Windows\System\EyDdxqg.exe
  2⤵
  PID:6448
- C:\Windows\System\NKROWEU.exe
  C:\Windows\System\NKROWEU.exe
  2⤵
  PID:1708
- C:\Windows\System\LbpdUFt.exe
  C:\Windows\System\LbpdUFt.exe
  2⤵
  PID:6556
- C:\Windows\System\wLqwwYK.exe
  C:\Windows\System\wLqwwYK.exe
  2⤵
  PID:6788
- C:\Windows\System\ngnEmSr.exe
  C:\Windows\System\ngnEmSr.exe
  2⤵
  PID:2128
- C:\Windows\System\AjVwWVr.exe
  C:\Windows\System\AjVwWVr.exe
  2⤵
  PID:2384
- C:\Windows\System\yZRNjOb.exe
  C:\Windows\System\yZRNjOb.exe
  2⤵
  PID:772
- C:\Windows\System\ggIzbiF.exe
  C:\Windows\System\ggIzbiF.exe
  2⤵
  PID:4644
- C:\Windows\System\aFxyJUq.exe
  C:\Windows\System\aFxyJUq.exe
  2⤵
  PID:1296
- C:\Windows\System\DeTFdDb.exe
  C:\Windows\System\DeTFdDb.exe
  2⤵
  PID:2148
- C:\Windows\System\SABbJtJ.exe
  C:\Windows\System\SABbJtJ.exe
  2⤵
  PID:596
- C:\Windows\System\XUtTDlh.exe
  C:\Windows\System\XUtTDlh.exe
  2⤵
  PID:1120
- C:\Windows\System\VnFcZnN.exe
  C:\Windows\System\VnFcZnN.exe
  2⤵
  PID:2664
- C:\Windows\System\PmolBjH.exe
  C:\Windows\System\PmolBjH.exe
  2⤵
  PID:6752
- C:\Windows\System\NGBFult.exe
  C:\Windows\System\NGBFult.exe
  2⤵
  PID:5288
- C:\Windows\System\kTbFhHV.exe
  C:\Windows\System\kTbFhHV.exe
  2⤵
  PID:6548
- C:\Windows\System\HhctCUK.exe
  C:\Windows\System\HhctCUK.exe
  2⤵
  PID:6248
- C:\Windows\System\xUWGqVO.exe
  C:\Windows\System\xUWGqVO.exe
  2⤵
  PID:6592
- C:\Windows\System\qZsZFFy.exe
  C:\Windows\System\qZsZFFy.exe
  2⤵
  PID:2192
- C:\Windows\System\IcERnjv.exe
  C:\Windows\System\IcERnjv.exe
  2⤵
  PID:6208
- C:\Windows\System\QzralIc.exe
  C:\Windows\System\QzralIc.exe
  2⤵
  PID:1164
- C:\Windows\System\bXTROFA.exe
  C:\Windows\System\bXTROFA.exe
  2⤵
  PID:6816
- C:\Windows\System\UytijKV.exe
  C:\Windows\System\UytijKV.exe
  2⤵
  PID:7180
- C:\Windows\System\ftvSTrs.exe
  C:\Windows\System\ftvSTrs.exe
  2⤵
  PID:7200
- C:\Windows\System\CGRIicH.exe
  C:\Windows\System\CGRIicH.exe
  2⤵
  PID:7224
- C:\Windows\System\msDItga.exe
  C:\Windows\System\msDItga.exe
  2⤵
  PID:7240
- C:\Windows\System\QmnAYMP.exe
  C:\Windows\System\QmnAYMP.exe
  2⤵
  PID:7256
- C:\Windows\System\ZkTwqeA.exe
  C:\Windows\System\ZkTwqeA.exe
  2⤵
  PID:7276
- C:\Windows\System\AdOyHGH.exe
  C:\Windows\System\AdOyHGH.exe
  2⤵
  PID:7296
- C:\Windows\System\lXJCjhK.exe
  C:\Windows\System\lXJCjhK.exe
  2⤵
  PID:7312
- C:\Windows\System\HQoQWLC.exe
  C:\Windows\System\HQoQWLC.exe
  2⤵
  PID:7344
- C:\Windows\System\lZHkNMV.exe
  C:\Windows\System\lZHkNMV.exe
  2⤵
  PID:7368
- C:\Windows\System\UKyXKyO.exe
  C:\Windows\System\UKyXKyO.exe
  2⤵
  PID:7384
- C:\Windows\System\WJxLWWq.exe
  C:\Windows\System\WJxLWWq.exe
  2⤵
  PID:7404
- C:\Windows\System\Pteivrm.exe
  C:\Windows\System\Pteivrm.exe
  2⤵
  PID:7420
- C:\Windows\System\BCJMSck.exe
  C:\Windows\System\BCJMSck.exe
  2⤵
  PID:7436
- C:\Windows\System\UTYznQS.exe
  C:\Windows\System\UTYznQS.exe
  2⤵
  PID:7460
- C:\Windows\System\gzcNpde.exe
  C:\Windows\System\gzcNpde.exe
  2⤵
  PID:7480
- C:\Windows\System\JeIGNdP.exe
  C:\Windows\System\JeIGNdP.exe
  2⤵
  PID:7496
- C:\Windows\System\VdUbhwr.exe
  C:\Windows\System\VdUbhwr.exe
  2⤵
  PID:7516
- C:\Windows\System\mHHrYIU.exe
  C:\Windows\System\mHHrYIU.exe
  2⤵
  PID:7536
- C:\Windows\System\vJMJQIu.exe
  C:\Windows\System\vJMJQIu.exe
  2⤵
  PID:7556
- C:\Windows\System\NFeNPqP.exe
  C:\Windows\System\NFeNPqP.exe
  2⤵
  PID:7580
- C:\Windows\System\Dnxvdgn.exe
  C:\Windows\System\Dnxvdgn.exe
  2⤵
  PID:7596
- C:\Windows\System\MiJuKma.exe
  C:\Windows\System\MiJuKma.exe
  2⤵
  PID:7620
- C:\Windows\System\qxJbPQG.exe
  C:\Windows\System\qxJbPQG.exe
  2⤵
  PID:7636
- C:\Windows\System\pHIANjJ.exe
  C:\Windows\System\pHIANjJ.exe
  2⤵
  PID:7664
- C:\Windows\System\KuSCngK.exe
  C:\Windows\System\KuSCngK.exe
  2⤵
  PID:7692
- C:\Windows\System\xdNbfiA.exe
  C:\Windows\System\xdNbfiA.exe
  2⤵
  PID:7708
- C:\Windows\System\duyENAm.exe
  C:\Windows\System\duyENAm.exe
  2⤵
  PID:7748
- C:\Windows\System\xDgOGpM.exe
  C:\Windows\System\xDgOGpM.exe
  2⤵
  PID:7780
- C:\Windows\System\XVQWysn.exe
  C:\Windows\System\XVQWysn.exe
  2⤵
  PID:7796
- C:\Windows\System\yYFZSzo.exe
  C:\Windows\System\yYFZSzo.exe
  2⤵
  PID:7820
- C:\Windows\System\RBpuebs.exe
  C:\Windows\System\RBpuebs.exe
  2⤵
  PID:7836
- C:\Windows\System\JDIKJXU.exe
  C:\Windows\System\JDIKJXU.exe
  2⤵
  PID:7856
- C:\Windows\System\KOLmugH.exe
  C:\Windows\System\KOLmugH.exe
  2⤵
  PID:7872
- C:\Windows\System\fIJGNDQ.exe
  C:\Windows\System\fIJGNDQ.exe
  2⤵
  PID:7892
- C:\Windows\System\FMLPIAU.exe
  C:\Windows\System\FMLPIAU.exe
  2⤵
  PID:7908
- C:\Windows\System\hHeXygg.exe
  C:\Windows\System\hHeXygg.exe
  2⤵
  PID:7924
- C:\Windows\System\RJjxxaP.exe
  C:\Windows\System\RJjxxaP.exe
  2⤵
  PID:7956
- C:\Windows\System\udAYJYT.exe
  C:\Windows\System\udAYJYT.exe
  2⤵
  PID:7972
- C:\Windows\System\TZrDvzO.exe
  C:\Windows\System\TZrDvzO.exe
  2⤵
  PID:7988
- C:\Windows\System\AHMsiiY.exe
  C:\Windows\System\AHMsiiY.exe
  2⤵
  PID:8004
- C:\Windows\System\RSuwZiH.exe
  C:\Windows\System\RSuwZiH.exe
  2⤵
  PID:8052
- C:\Windows\System\OYCHLxH.exe
  C:\Windows\System\OYCHLxH.exe
  2⤵
  PID:8068
- C:\Windows\System\SRWJvyy.exe
  C:\Windows\System\SRWJvyy.exe
  2⤵
  PID:8088
- C:\Windows\System\WsqsHDZ.exe
  C:\Windows\System\WsqsHDZ.exe
  2⤵
  PID:8108
- C:\Windows\System\jjfrEnX.exe
  C:\Windows\System\jjfrEnX.exe
  2⤵
  PID:8124
- C:\Windows\System\ZUYRvyb.exe
  C:\Windows\System\ZUYRvyb.exe
  2⤵
  PID:8144
- C:\Windows\System\TgLRUox.exe
  C:\Windows\System\TgLRUox.exe
  2⤵
  PID:8172
- C:\Windows\System\woNlEVZ.exe
  C:\Windows\System\woNlEVZ.exe
  2⤵
  PID:2604
- C:\Windows\System\AbdZjnQ.exe
  C:\Windows\System\AbdZjnQ.exe
  2⤵
  PID:7176
- C:\Windows\System\PVpFLoU.exe
  C:\Windows\System\PVpFLoU.exe
  2⤵
  PID:7248
- C:\Windows\System\FUiGWyI.exe
  C:\Windows\System\FUiGWyI.exe
  2⤵
  PID:7292
- C:\Windows\System\EvQTTvZ.exe
  C:\Windows\System\EvQTTvZ.exe
  2⤵
  PID:7336
- C:\Windows\System\JoOKICX.exe
  C:\Windows\System\JoOKICX.exe
  2⤵
  PID:7412
- C:\Windows\System\HXQtdVA.exe
  C:\Windows\System\HXQtdVA.exe
  2⤵
  PID:7456
- C:\Windows\System\PIqfohP.exe
  C:\Windows\System\PIqfohP.exe
  2⤵
  PID:1532
- C:\Windows\System\piGakra.exe
  C:\Windows\System\piGakra.exe
  2⤵
  PID:6968
- C:\Windows\System\Sziuyfn.exe
  C:\Windows\System\Sziuyfn.exe
  2⤵
  PID:3048
- C:\Windows\System\rDytzTM.exe
  C:\Windows\System\rDytzTM.exe
  2⤵
  PID:1048
- C:\Windows\System\IDFhkjT.exe
  C:\Windows\System\IDFhkjT.exe
  2⤵
  PID:6148
- C:\Windows\System\gcKvSJz.exe
  C:\Windows\System\gcKvSJz.exe
  2⤵
  PID:7068
- C:\Windows\System\FWFITBv.exe
  C:\Windows\System\FWFITBv.exe
  2⤵
  PID:7196
- C:\Windows\System\StXBoOd.exe
  C:\Windows\System\StXBoOd.exe
  2⤵
  PID:7268
- C:\Windows\System\kPuAwdZ.exe
  C:\Windows\System\kPuAwdZ.exe
  2⤵
  PID:7360
- C:\Windows\System\vXAxnrt.exe
  C:\Windows\System\vXAxnrt.exe
  2⤵
  PID:7396
- C:\Windows\System\JKivxkb.exe
  C:\Windows\System\JKivxkb.exe
  2⤵
  PID:7468
- C:\Windows\System\vpPcroK.exe
  C:\Windows\System\vpPcroK.exe
  2⤵
  PID:7508
- C:\Windows\System\hhSlyZB.exe
  C:\Windows\System\hhSlyZB.exe
  2⤵
  PID:7588
- C:\Windows\System\vYRogdL.exe
  C:\Windows\System\vYRogdL.exe
  2⤵
  PID:7680
- C:\Windows\System\KjZsFLS.exe
  C:\Windows\System\KjZsFLS.exe
  2⤵
  PID:7732
- C:\Windows\System\NtPFUAF.exe
  C:\Windows\System\NtPFUAF.exe
  2⤵
  PID:7652
- C:\Windows\System\lsWEosz.exe
  C:\Windows\System\lsWEosz.exe
  2⤵
  PID:7828
- C:\Windows\System\QWqNcJy.exe
  C:\Windows\System\QWqNcJy.exe
  2⤵
  PID:7900
- C:\Windows\System\LEwqNAU.exe
  C:\Windows\System\LEwqNAU.exe
  2⤵
  PID:7944
- C:\Windows\System\PTeKkhL.exe
  C:\Windows\System\PTeKkhL.exe
  2⤵
  PID:7804
- C:\Windows\System\Oeacwil.exe
  C:\Windows\System\Oeacwil.exe
  2⤵
  PID:7844
- C:\Windows\System\nJMeksY.exe
  C:\Windows\System\nJMeksY.exe
  2⤵
  PID:7568
- C:\Windows\System\CpsZIAE.exe
  C:\Windows\System\CpsZIAE.exe
  2⤵
  PID:8032
- C:\Windows\System\nzQemxh.exe
  C:\Windows\System\nzQemxh.exe
  2⤵
  PID:8048
- C:\Windows\System\YWDERUj.exe
  C:\Windows\System\YWDERUj.exe
  2⤵
  PID:8060
- C:\Windows\System\bykeCTT.exe
  C:\Windows\System\bykeCTT.exe
  2⤵
  PID:8120
- C:\Windows\System\BryuyRs.exe
  C:\Windows\System\BryuyRs.exe
  2⤵
  PID:8100
- C:\Windows\System\hkGNOxy.exe
  C:\Windows\System\hkGNOxy.exe
  2⤵
  PID:8140
- C:\Windows\System\SyRsMrx.exe
  C:\Windows\System\SyRsMrx.exe
  2⤵
  PID:7212
- C:\Windows\System\qcVkAVb.exe
  C:\Windows\System\qcVkAVb.exe
  2⤵
  PID:7444
- C:\Windows\System\EIiufoH.exe
  C:\Windows\System\EIiufoH.exe
  2⤵
  PID:7392
- C:\Windows\System\GYYzSaW.exe
  C:\Windows\System\GYYzSaW.exe
  2⤵
  PID:7684
- C:\Windows\System\VTLQNHe.exe
  C:\Windows\System\VTLQNHe.exe
  2⤵
  PID:7284
- C:\Windows\System\mCoeZeC.exe
  C:\Windows\System\mCoeZeC.exe
  2⤵
  PID:7288
- C:\Windows\System\uinrsKM.exe
  C:\Windows\System\uinrsKM.exe
  2⤵
  PID:7492
- C:\Windows\System\NBRIpZo.exe
  C:\Windows\System\NBRIpZo.exe
  2⤵
  PID:6796
- C:\Windows\System\RjoCcUM.exe
  C:\Windows\System\RjoCcUM.exe
  2⤵
  PID:7352
- C:\Windows\System\MBbhwda.exe
  C:\Windows\System\MBbhwda.exe
  2⤵
  PID:7632
- C:\Windows\System\aSvHhnO.exe
  C:\Windows\System\aSvHhnO.exe
  2⤵
  PID:7724
- C:\Windows\System\dlSqQFs.exe
  C:\Windows\System\dlSqQFs.exe
  2⤵
  PID:7772
- C:\Windows\System\aEsiJyX.exe
  C:\Windows\System\aEsiJyX.exe
  2⤵
  PID:7936
- C:\Windows\System\AlPohXc.exe
  C:\Windows\System\AlPohXc.exe
  2⤵
  PID:7720
- C:\Windows\System\ReDdWzA.exe
  C:\Windows\System\ReDdWzA.exe
  2⤵
  PID:7940
- C:\Windows\System\nEytunr.exe
  C:\Windows\System\nEytunr.exe
  2⤵
  PID:7888
- C:\Windows\System\RbgCExb.exe
  C:\Windows\System\RbgCExb.exe
  2⤵
  PID:7984
- C:\Windows\System\vJDCyit.exe
  C:\Windows\System\vJDCyit.exe
  2⤵
  PID:6016
- C:\Windows\System\qxJVsSq.exe
  C:\Windows\System\qxJVsSq.exe
  2⤵
  PID:8040
- C:\Windows\System\ObZejEq.exe
  C:\Windows\System\ObZejEq.exe
  2⤵
  PID:8116
- C:\Windows\System\aCfQYXj.exe
  C:\Windows\System\aCfQYXj.exe
  2⤵
  PID:8188
- C:\Windows\System\bRwjDbf.exe
  C:\Windows\System\bRwjDbf.exe
  2⤵
  PID:1468
- C:\Windows\System\qKiRxPG.exe
  C:\Windows\System\qKiRxPG.exe
  2⤵
  PID:7136
- C:\Windows\System\ePrDPSH.exe
  C:\Windows\System\ePrDPSH.exe
  2⤵
  PID:7564
- C:\Windows\System\egUWKIF.exe
  C:\Windows\System\egUWKIF.exe
  2⤵
  PID:7264
- C:\Windows\System\eyqldPu.exe
  C:\Windows\System\eyqldPu.exe
  2⤵
  PID:7676
- C:\Windows\System\CxsBcvL.exe
  C:\Windows\System\CxsBcvL.exe
  2⤵
  PID:7428
- C:\Windows\System\CkqKVGt.exe
  C:\Windows\System\CkqKVGt.exe
  2⤵
  PID:5196
- C:\Windows\System\nlQRGFs.exe
  C:\Windows\System\nlQRGFs.exe
  2⤵
  PID:7864
- C:\Windows\System\OVUBPhB.exe
  C:\Windows\System\OVUBPhB.exe
  2⤵
  PID:2064
- C:\Windows\System\YIshinL.exe
  C:\Windows\System\YIshinL.exe
  2⤵
  PID:8084
- C:\Windows\System\laCyMOC.exe
  C:\Windows\System\laCyMOC.exe
  2⤵
  PID:7236
- C:\Windows\System\ZkFqosm.exe
  C:\Windows\System\ZkFqosm.exe
  2⤵
  PID:6432
- C:\Windows\System\YrqwzvV.exe
  C:\Windows\System\YrqwzvV.exe
  2⤵
  PID:992
- C:\Windows\System\KmWFjpc.exe
  C:\Windows\System\KmWFjpc.exe
  2⤵
  PID:7308
- C:\Windows\System\kSXCaAp.exe
  C:\Windows\System\kSXCaAp.exe
  2⤵
  PID:7744
- C:\Windows\System\kmrSRqP.exe
  C:\Windows\System\kmrSRqP.exe
  2⤵
  PID:7916
- C:\Windows\System\kAsuCKe.exe
  C:\Windows\System\kAsuCKe.exe
  2⤵
  PID:7868
- C:\Windows\System\FgaWLyN.exe
  C:\Windows\System\FgaWLyN.exe
  2⤵
  PID:7816
- C:\Windows\System\EumTDip.exe
  C:\Windows\System\EumTDip.exe
  2⤵
  PID:8028
- C:\Windows\System\vJjEAJD.exe
  C:\Windows\System\vJjEAJD.exe
  2⤵
  PID:5488
- C:\Windows\System\PIXcCUv.exe
  C:\Windows\System\PIXcCUv.exe
  2⤵
  PID:7324
- C:\Windows\System\CbGCwUJ.exe
  C:\Windows\System\CbGCwUJ.exe
  2⤵
  PID:7628
- C:\Windows\System\vVDHpUI.exe
  C:\Windows\System\vVDHpUI.exe
  2⤵
  PID:7776
- C:\Windows\System\hMWVZPW.exe
  C:\Windows\System\hMWVZPW.exe
  2⤵
  PID:7880
- C:\Windows\System\iGOAUWr.exe
  C:\Windows\System\iGOAUWr.exe
  2⤵
  PID:7328
- C:\Windows\System\ZtLnCez.exe
  C:\Windows\System\ZtLnCez.exe
  2⤵
  PID:8208
- C:\Windows\System\VlLxLJJ.exe
  C:\Windows\System\VlLxLJJ.exe
  2⤵
  PID:8224
- C:\Windows\System\PzBVpoG.exe
  C:\Windows\System\PzBVpoG.exe
  2⤵
  PID:8260
- C:\Windows\System\fnJdktg.exe
  C:\Windows\System\fnJdktg.exe
  2⤵
  PID:8284
- C:\Windows\System\VNTcxum.exe
  C:\Windows\System\VNTcxum.exe
  2⤵
  PID:8300
- C:\Windows\System\Nkfjbjt.exe
  C:\Windows\System\Nkfjbjt.exe
  2⤵
  PID:8320
- C:\Windows\System\KiObdgU.exe
  C:\Windows\System\KiObdgU.exe
  2⤵
  PID:8336
- C:\Windows\System\BTYBzjU.exe
  C:\Windows\System\BTYBzjU.exe
  2⤵
  PID:8352
- C:\Windows\System\WcnaBLP.exe
  C:\Windows\System\WcnaBLP.exe
  2⤵
  PID:8380
- C:\Windows\System\EgonCSl.exe
  C:\Windows\System\EgonCSl.exe
  2⤵
  PID:8396
- C:\Windows\System\VmzWGba.exe
  C:\Windows\System\VmzWGba.exe
  2⤵
  PID:8416
- C:\Windows\System\gpojbbS.exe
  C:\Windows\System\gpojbbS.exe
  2⤵
  PID:8432
- C:\Windows\System\GyfNHQL.exe
  C:\Windows\System\GyfNHQL.exe
  2⤵
  PID:8448
- C:\Windows\System\uqgpzqf.exe
  C:\Windows\System\uqgpzqf.exe
  2⤵
  PID:8464
- C:\Windows\System\dBFsAVE.exe
  C:\Windows\System\dBFsAVE.exe
  2⤵
  PID:8480
- C:\Windows\System\VpHRhBU.exe
  C:\Windows\System\VpHRhBU.exe
  2⤵
  PID:8504
- C:\Windows\System\SBCLPMV.exe
  C:\Windows\System\SBCLPMV.exe
  2⤵
  PID:8520
- C:\Windows\System\WVfNXgc.exe
  C:\Windows\System\WVfNXgc.exe
  2⤵
  PID:8536
- C:\Windows\System\cBmaZiz.exe
  C:\Windows\System\cBmaZiz.exe
  2⤵
  PID:8552
- C:\Windows\System\JUlYkXT.exe
  C:\Windows\System\JUlYkXT.exe
  2⤵
  PID:8572
- C:\Windows\System\JzLZuUU.exe
  C:\Windows\System\JzLZuUU.exe
  2⤵
  PID:8592
- C:\Windows\System\jJUUELA.exe
  C:\Windows\System\jJUUELA.exe
  2⤵
  PID:8608
- C:\Windows\System\wWTGKiC.exe
  C:\Windows\System\wWTGKiC.exe
  2⤵
  PID:8624
- C:\Windows\System\qPcBWRM.exe
  C:\Windows\System\qPcBWRM.exe
  2⤵
  PID:8640
- C:\Windows\System\PkXJwCK.exe
  C:\Windows\System\PkXJwCK.exe
  2⤵
  PID:8660
- C:\Windows\System\TeGezCY.exe
  C:\Windows\System\TeGezCY.exe
  2⤵
  PID:8684
- C:\Windows\System\vSKBoeg.exe
  C:\Windows\System\vSKBoeg.exe
  2⤵
  PID:8700
- C:\Windows\System\IPNSSnI.exe
  C:\Windows\System\IPNSSnI.exe
  2⤵
  PID:8716
- C:\Windows\System\UeeXcCw.exe
  C:\Windows\System\UeeXcCw.exe
  2⤵
  PID:8740
- C:\Windows\System\rZgenjC.exe
  C:\Windows\System\rZgenjC.exe
  2⤵
  PID:8756
- C:\Windows\System\AgykQQe.exe
  C:\Windows\System\AgykQQe.exe
  2⤵
  PID:8772
- C:\Windows\System\eKWvHgj.exe
  C:\Windows\System\eKWvHgj.exe
  2⤵
  PID:8796
- C:\Windows\System\lGdNURW.exe
  C:\Windows\System\lGdNURW.exe
  2⤵
  PID:8820
- C:\Windows\System\rUCZCqe.exe
  C:\Windows\System\rUCZCqe.exe
  2⤵
  PID:8836
- C:\Windows\System\xRlgVQH.exe
  C:\Windows\System\xRlgVQH.exe
  2⤵
  PID:8852
- C:\Windows\System\hNnaFoW.exe
  C:\Windows\System\hNnaFoW.exe
  2⤵
  PID:8868
- C:\Windows\System\JxTpQHj.exe
  C:\Windows\System\JxTpQHj.exe
  2⤵
  PID:8884
- C:\Windows\System\RbdYGxz.exe
  C:\Windows\System\RbdYGxz.exe
  2⤵
  PID:8900
- C:\Windows\System\yYFefhZ.exe
  C:\Windows\System\yYFefhZ.exe
  2⤵
  PID:8916
- C:\Windows\System\RZkRsKR.exe
  C:\Windows\System\RZkRsKR.exe
  2⤵
  PID:8932
- C:\Windows\System\orgwEUp.exe
  C:\Windows\System\orgwEUp.exe
  2⤵
  PID:8948
- C:\Windows\System\jSuhmrv.exe
  C:\Windows\System\jSuhmrv.exe
  2⤵
  PID:8964
- C:\Windows\System\BMRINUX.exe
  C:\Windows\System\BMRINUX.exe
  2⤵
  PID:8980
- C:\Windows\System\oxHYixC.exe
  C:\Windows\System\oxHYixC.exe
  2⤵
  PID:9000
- C:\Windows\System\PxZvSkI.exe
  C:\Windows\System\PxZvSkI.exe
  2⤵
  PID:9016
- C:\Windows\System\KWkCcAy.exe
  C:\Windows\System\KWkCcAy.exe
  2⤵
  PID:9076
- C:\Windows\System\IOzOeNr.exe
  C:\Windows\System\IOzOeNr.exe
  2⤵
  PID:9096
- C:\Windows\System\nOYcmmf.exe
  C:\Windows\System\nOYcmmf.exe
  2⤵
  PID:9112
- C:\Windows\System\GoRfQqH.exe
  C:\Windows\System\GoRfQqH.exe
  2⤵
  PID:9128
- C:\Windows\System\wEKBVTg.exe
  C:\Windows\System\wEKBVTg.exe
  2⤵
  PID:9144
- C:\Windows\System\VbESnwv.exe
  C:\Windows\System\VbESnwv.exe
  2⤵
  PID:9160
- C:\Windows\System\ZbCfvet.exe
  C:\Windows\System\ZbCfvet.exe
  2⤵
  PID:9176
- C:\Windows\System\mHjAuEH.exe
  C:\Windows\System\mHjAuEH.exe
  2⤵
  PID:9192
- C:\Windows\System\xoqndHA.exe
  C:\Windows\System\xoqndHA.exe
  2⤵
  PID:9212
- C:\Windows\System\StGjCyP.exe
  C:\Windows\System\StGjCyP.exe
  2⤵
  PID:7932
- C:\Windows\System\ZRizGGY.exe
  C:\Windows\System\ZRizGGY.exe
  2⤵
  PID:7532
- C:\Windows\System\hClLbcL.exe
  C:\Windows\System\hClLbcL.exe
  2⤵
  PID:7096
- C:\Windows\System\GNhWmWv.exe
  C:\Windows\System\GNhWmWv.exe
  2⤵
  PID:7552
- C:\Windows\System\QVVyQRk.exe
  C:\Windows\System\QVVyQRk.exe
  2⤵
  PID:8272
- C:\Windows\System\QxaZxpj.exe
  C:\Windows\System\QxaZxpj.exe
  2⤵
  PID:8344
- C:\Windows\System\ZuwcCEV.exe
  C:\Windows\System\ZuwcCEV.exe
  2⤵
  PID:8236
- C:\Windows\System\jgruKed.exe
  C:\Windows\System\jgruKed.exe
  2⤵
  PID:8360
- C:\Windows\System\segPyIH.exe
  C:\Windows\System\segPyIH.exe
  2⤵
  PID:8256
- C:\Windows\System\bANKfJH.exe
  C:\Windows\System\bANKfJH.exe
  2⤵
  PID:8368
- C:\Windows\System\inNsqcG.exe
  C:\Windows\System\inNsqcG.exe
  2⤵
  PID:8404
- C:\Windows\System\xSGgWGQ.exe
  C:\Windows\System\xSGgWGQ.exe
  2⤵
  PID:8444
- C:\Windows\System\MtAFVuJ.exe
  C:\Windows\System\MtAFVuJ.exe
  2⤵
  PID:8456
- C:\Windows\System\gWohXHe.exe
  C:\Windows\System\gWohXHe.exe
  2⤵
  PID:8528
- C:\Windows\System\EVpMBtc.exe
  C:\Windows\System\EVpMBtc.exe
  2⤵
  PID:8560
- C:\Windows\System\UxrsWeI.exe
  C:\Windows\System\UxrsWeI.exe
  2⤵
  PID:8600
- C:\Windows\System\FQLxgMd.exe
  C:\Windows\System\FQLxgMd.exe
  2⤵
  PID:8584
- C:\Windows\System\Bveebtx.exe
  C:\Windows\System\Bveebtx.exe
  2⤵
  PID:8588
- C:\Windows\System\GxUvfZS.exe
  C:\Windows\System\GxUvfZS.exe
  2⤵
  PID:8548
- C:\Windows\System\dNItzJT.exe
  C:\Windows\System\dNItzJT.exe
  2⤵
  PID:8656
- C:\Windows\System\QcZjiJF.exe
  C:\Windows\System\QcZjiJF.exe
  2⤵
  PID:8680
- C:\Windows\System\yaryKxB.exe
  C:\Windows\System\yaryKxB.exe
  2⤵
  PID:8752
- C:\Windows\System\dmeEgxT.exe
  C:\Windows\System\dmeEgxT.exe
  2⤵
  PID:8728
- C:\Windows\System\UsMPsEG.exe
  C:\Windows\System\UsMPsEG.exe
  2⤵
  PID:8792
- C:\Windows\System\eFZamct.exe
  C:\Windows\System\eFZamct.exe
  2⤵
  PID:8844
- C:\Windows\System\hvzkFoT.exe
  C:\Windows\System\hvzkFoT.exe
  2⤵
  PID:8896
- C:\Windows\System\YIMVryf.exe
  C:\Windows\System\YIMVryf.exe
  2⤵
  PID:8976
- C:\Windows\System\XXiWXua.exe
  C:\Windows\System\XXiWXua.exe
  2⤵
  PID:8996
- C:\Windows\System\FPjgzyb.exe
  C:\Windows\System\FPjgzyb.exe
  2⤵
  PID:9028
- C:\Windows\System\swUOUff.exe
  C:\Windows\System\swUOUff.exe
  2⤵
  PID:9048
- C:\Windows\System\ZNEXWuQ.exe
  C:\Windows\System\ZNEXWuQ.exe
  2⤵
  PID:9064
- C:\Windows\System\KMDQHkA.exe
  C:\Windows\System\KMDQHkA.exe
  2⤵
  PID:9120
- C:\Windows\System\JNceefm.exe
  C:\Windows\System\JNceefm.exe
  2⤵
  PID:9184
- C:\Windows\System\mUIrhpV.exe
  C:\Windows\System\mUIrhpV.exe
  2⤵
  PID:7332
- C:\Windows\System\SuxxgJg.exe
  C:\Windows\System\SuxxgJg.exe
  2⤵
  PID:8308
- C:\Windows\System\ioWqQSk.exe
  C:\Windows\System\ioWqQSk.exe
  2⤵
  PID:8488
- C:\Windows\System\kHtvRjH.exe
  C:\Windows\System\kHtvRjH.exe
  2⤵
  PID:8248
- C:\Windows\System\BaxNLcH.exe
  C:\Windows\System\BaxNLcH.exe
  2⤵
  PID:8500
- C:\Windows\System\ZNiKcWb.exe
  C:\Windows\System\ZNiKcWb.exe
  2⤵
  PID:8652
- C:\Windows\System\dbqGfiu.exe
  C:\Windows\System\dbqGfiu.exe
  2⤵
  PID:8804
- C:\Windows\System\gkxPKgt.exe
  C:\Windows\System\gkxPKgt.exe
  2⤵
  PID:8808
- C:\Windows\System\TlRQzNQ.exe
  C:\Windows\System\TlRQzNQ.exe
  2⤵
  PID:8908
- C:\Windows\System\LMVvCaL.exe
  C:\Windows\System\LMVvCaL.exe
  2⤵
  PID:8940
- C:\Windows\System\RBXnZEt.exe
  C:\Windows\System\RBXnZEt.exe
  2⤵
  PID:8988
- C:\Windows\System\ECXtXLt.exe
  C:\Windows\System\ECXtXLt.exe
  2⤵
  PID:9040
- C:\Windows\System\JkcsATn.exe
  C:\Windows\System\JkcsATn.exe
  2⤵
  PID:9068
- C:\Windows\System\QWJAlES.exe
  C:\Windows\System\QWJAlES.exe
  2⤵
  PID:9188
- C:\Windows\System\ciBRbDH.exe
  C:\Windows\System\ciBRbDH.exe
  2⤵
  PID:9104
- C:\Windows\System\zGSTGFu.exe
  C:\Windows\System\zGSTGFu.exe
  2⤵
  PID:9136
- C:\Windows\System\zIMvapA.exe
  C:\Windows\System\zIMvapA.exe
  2⤵
  PID:7740
- C:\Windows\System\CwAAGKN.exe
  C:\Windows\System\CwAAGKN.exe
  2⤵
  PID:8280
- C:\Windows\System\WibUttj.exe
  C:\Windows\System\WibUttj.exe
  2⤵
  PID:8364
- C:\Windows\System\TcuxKjL.exe
  C:\Windows\System\TcuxKjL.exe
  2⤵
  PID:8232
- C:\Windows\System\ekHIXLK.exe
  C:\Windows\System\ekHIXLK.exe
  2⤵
  PID:8956
- C:\Windows\System\AhehVdw.exe
  C:\Windows\System\AhehVdw.exe
  2⤵
  PID:8408
- C:\Windows\System\OTaeYKc.exe
  C:\Windows\System\OTaeYKc.exe
  2⤵
  PID:8724
- C:\Windows\System\fQQEyce.exe
  C:\Windows\System\fQQEyce.exe
  2⤵
  PID:8712
- C:\Windows\System\vAsbqjM.exe
  C:\Windows\System\vAsbqjM.exe
  2⤵
  PID:8748
- C:\Windows\System\RiICOkW.exe
  C:\Windows\System\RiICOkW.exe
  2⤵
  PID:8780
- C:\Windows\System\MCFJBqv.exe
  C:\Windows\System\MCFJBqv.exe
  2⤵
  PID:8816
- C:\Windows\System\YkkCsYq.exe
  C:\Windows\System\YkkCsYq.exe
  2⤵
  PID:9168
- C:\Windows\System\nMgrevl.exe
  C:\Windows\System\nMgrevl.exe
  2⤵
  PID:9124
- C:\Windows\System\dzguzvg.exe
  C:\Windows\System\dzguzvg.exe
  2⤵
  PID:8516
- C:\Windows\System\EQmXsXF.exe
  C:\Windows\System\EQmXsXF.exe
  2⤵
  PID:8784
- C:\Windows\System\hxbyJZf.exe
  C:\Windows\System\hxbyJZf.exe
  2⤵
  PID:9140
- C:\Windows\System\SAdOjqc.exe
  C:\Windows\System\SAdOjqc.exe
  2⤵
  PID:8944
- C:\Windows\System\OQOWGJt.exe
  C:\Windows\System\OQOWGJt.exe
  2⤵
  PID:8388
- C:\Windows\System\iVFzUCp.exe
  C:\Windows\System\iVFzUCp.exe
  2⤵
  PID:9052
- C:\Windows\System\ZkkoSBc.exe
  C:\Windows\System\ZkkoSBc.exe
  2⤵
  PID:8544
- C:\Windows\System\yiXhrps.exe
  C:\Windows\System\yiXhrps.exe
  2⤵
  PID:9204
- C:\Windows\System\jIBSlEo.exe
  C:\Windows\System\jIBSlEo.exe
  2⤵
  PID:8960
- C:\Windows\System\OZTsVRY.exe
  C:\Windows\System\OZTsVRY.exe
  2⤵
  PID:8972
- C:\Windows\System\YMtjJfk.exe
  C:\Windows\System\YMtjJfk.exe
  2⤵
  PID:8636
- C:\Windows\System\MdYLXsR.exe
  C:\Windows\System\MdYLXsR.exe
  2⤵
  PID:9208
- C:\Windows\System\UHavtke.exe
  C:\Windows\System\UHavtke.exe
  2⤵
  PID:9224
- C:\Windows\System\lLrZdpf.exe
  C:\Windows\System\lLrZdpf.exe
  2⤵
  PID:9240
- C:\Windows\System\xdwhhSf.exe
  C:\Windows\System\xdwhhSf.exe
  2⤵
  PID:9256
- C:\Windows\System\aiANAQb.exe
  C:\Windows\System\aiANAQb.exe
  2⤵
  PID:9272
- C:\Windows\System\HoHDvRR.exe
  C:\Windows\System\HoHDvRR.exe
  2⤵
  PID:9288
- C:\Windows\System\mlLFbqF.exe
  C:\Windows\System\mlLFbqF.exe
  2⤵
  PID:9320
- C:\Windows\System\cGekmiO.exe
  C:\Windows\System\cGekmiO.exe
  2⤵
  PID:9336
- C:\Windows\System\XJcNYxv.exe
  C:\Windows\System\XJcNYxv.exe
  2⤵
  PID:9352
- C:\Windows\System\sWkLVxZ.exe
  C:\Windows\System\sWkLVxZ.exe
  2⤵
  PID:9368
- C:\Windows\System\wrGhDPR.exe
  C:\Windows\System\wrGhDPR.exe
  2⤵
  PID:9384
- C:\Windows\System\BIagfXG.exe
  C:\Windows\System\BIagfXG.exe
  2⤵
  PID:9400
- C:\Windows\System\dHDLgaj.exe
  C:\Windows\System\dHDLgaj.exe
  2⤵
  PID:9416
- C:\Windows\System\nFywlbS.exe
  C:\Windows\System\nFywlbS.exe
  2⤵
  PID:9432
- C:\Windows\System\UowdrSg.exe
  C:\Windows\System\UowdrSg.exe
  2⤵
  PID:9448
- C:\Windows\System\dFbZPKm.exe
  C:\Windows\System\dFbZPKm.exe
  2⤵
  PID:9464
- C:\Windows\System\QTjPycJ.exe
  C:\Windows\System\QTjPycJ.exe
  2⤵
  PID:9480
- C:\Windows\System\LkxOOfc.exe
  C:\Windows\System\LkxOOfc.exe
  2⤵
  PID:9500
- C:\Windows\System\GBnNeLZ.exe
  C:\Windows\System\GBnNeLZ.exe
  2⤵
  PID:9516
- C:\Windows\System\xEVpKPp.exe
  C:\Windows\System\xEVpKPp.exe
  2⤵
  PID:9532
- C:\Windows\System\waRpCCQ.exe
  C:\Windows\System\waRpCCQ.exe
  2⤵
  PID:9556
- C:\Windows\System\caJtEQS.exe
  C:\Windows\System\caJtEQS.exe
  2⤵
  PID:9584
- C:\Windows\System\lFGYbSa.exe
  C:\Windows\System\lFGYbSa.exe
  2⤵
  PID:9612
- C:\Windows\System\XhwTVjz.exe
  C:\Windows\System\XhwTVjz.exe
  2⤵
  PID:9632
- C:\Windows\System\EWEBMRk.exe
  C:\Windows\System\EWEBMRk.exe
  2⤵
  PID:9648
- C:\Windows\System\eEtbyjv.exe
  C:\Windows\System\eEtbyjv.exe
  2⤵
  PID:9664
- C:\Windows\System\iaTkEtI.exe
  C:\Windows\System\iaTkEtI.exe
  2⤵
  PID:9684
- C:\Windows\System\QkvpTOr.exe
  C:\Windows\System\QkvpTOr.exe
  2⤵
  PID:9708
- C:\Windows\System\PtbBKbl.exe
  C:\Windows\System\PtbBKbl.exe
  2⤵
  PID:9728
- C:\Windows\System\dDVeyDU.exe
  C:\Windows\System\dDVeyDU.exe
  2⤵
  PID:9756
- C:\Windows\System\JoxiQpF.exe
  C:\Windows\System\JoxiQpF.exe
  2⤵
  PID:9780
- C:\Windows\System\QEfIfWs.exe
  C:\Windows\System\QEfIfWs.exe
  2⤵
  PID:9828
- C:\Windows\System\PfYizuH.exe
  C:\Windows\System\PfYizuH.exe
  2⤵
  PID:9848
- C:\Windows\System\NxrHvlh.exe
  C:\Windows\System\NxrHvlh.exe
  2⤵
  PID:9868
- C:\Windows\System\krTmPZt.exe
  C:\Windows\System\krTmPZt.exe
  2⤵
  PID:9896
- C:\Windows\System\aBUPnqe.exe
  C:\Windows\System\aBUPnqe.exe
  2⤵
  PID:9912
- C:\Windows\System\poAINyc.exe
  C:\Windows\System\poAINyc.exe
  2⤵
  PID:9936
- C:\Windows\System\NXHnQOE.exe
  C:\Windows\System\NXHnQOE.exe
  2⤵
  PID:9960
- C:\Windows\System\WjOSUhR.exe
  C:\Windows\System\WjOSUhR.exe
  2⤵
  PID:9992
- C:\Windows\System\NdwQYlb.exe
  C:\Windows\System\NdwQYlb.exe
  2⤵
  PID:10008
- C:\Windows\System\nNxxesC.exe
  C:\Windows\System\nNxxesC.exe
  2⤵
  PID:10024
- C:\Windows\System\OhnWwAo.exe
  C:\Windows\System\OhnWwAo.exe
  2⤵
  PID:10040
- C:\Windows\System\NOqhHzT.exe
  C:\Windows\System\NOqhHzT.exe
  2⤵
  PID:10056
- C:\Windows\System\UqURjcd.exe
  C:\Windows\System\UqURjcd.exe
  2⤵
  PID:10076
- C:\Windows\System\OLctWrn.exe
  C:\Windows\System\OLctWrn.exe
  2⤵
  PID:10096
- C:\Windows\System\UDseZzW.exe
  C:\Windows\System\UDseZzW.exe
  2⤵
  PID:10112
- C:\Windows\System\MWxCVcR.exe
  C:\Windows\System\MWxCVcR.exe
  2⤵
  PID:10128
- C:\Windows\System\mfPZoWF.exe
  C:\Windows\System\mfPZoWF.exe
  2⤵
  PID:10144
- C:\Windows\System\ueENctm.exe
  C:\Windows\System\ueENctm.exe
  2⤵
  PID:10164
- C:\Windows\System\UEujOvK.exe
  C:\Windows\System\UEujOvK.exe
  2⤵
  PID:10192
- C:\Windows\System\dwpfjZR.exe
  C:\Windows\System\dwpfjZR.exe
  2⤵
  PID:10208
- C:\Windows\System\ZArhddv.exe
  C:\Windows\System\ZArhddv.exe
  2⤵
  PID:10224
- C:\Windows\System\OZgyUTC.exe
  C:\Windows\System\OZgyUTC.exe
  2⤵
  PID:9248
- C:\Windows\System\shasJPO.exe
  C:\Windows\System\shasJPO.exe
  2⤵
  PID:9220
- C:\Windows\System\fPFbdjM.exe
  C:\Windows\System\fPFbdjM.exe
  2⤵
  PID:9024
- C:\Windows\System\qhSiEmw.exe
  C:\Windows\System\qhSiEmw.exe
  2⤵
  PID:9332
- C:\Windows\System\TabGVbS.exe
  C:\Windows\System\TabGVbS.exe
  2⤵
  PID:9236
- C:\Windows\System\gftPoII.exe
  C:\Windows\System\gftPoII.exe
  2⤵
  PID:9456
- C:\Windows\System\baAhmcL.exe
  C:\Windows\System\baAhmcL.exe
  2⤵
  PID:9300
- C:\Windows\System\NKnhBlZ.exe
  C:\Windows\System\NKnhBlZ.exe
  2⤵
  PID:9268
- C:\Windows\System\lcmugMA.exe
  C:\Windows\System\lcmugMA.exe
  2⤵
  PID:9348
- C:\Windows\System\pFyTJFU.exe
  C:\Windows\System\pFyTJFU.exe
  2⤵
  PID:9544
- C:\Windows\System\cmHewdB.exe
  C:\Windows\System\cmHewdB.exe
  2⤵
  PID:9564
- C:\Windows\System\EfzFzFx.exe
  C:\Windows\System\EfzFzFx.exe
  2⤵
  PID:9576
- C:\Windows\System\MEHwvwp.exe
  C:\Windows\System\MEHwvwp.exe
  2⤵
  PID:9628
- C:\Windows\System\ffdnzeJ.exe
  C:\Windows\System\ffdnzeJ.exe
  2⤵
  PID:9600
- C:\Windows\System\vZFfqTu.exe
  C:\Windows\System\vZFfqTu.exe
  2⤵
  PID:9672
- C:\Windows\System\wETQPqe.exe
  C:\Windows\System\wETQPqe.exe
  2⤵
  PID:9776
- C:\Windows\System\KLDgtAM.exe
  C:\Windows\System\KLDgtAM.exe
  2⤵
  PID:9744
- C:\Windows\System\MSxWKNT.exe
  C:\Windows\System\MSxWKNT.exe
  2⤵
  PID:9796
- C:\Windows\System\fwAWBbQ.exe
  C:\Windows\System\fwAWBbQ.exe
  2⤵
  PID:9836
- C:\Windows\System\BCgxsvM.exe
  C:\Windows\System\BCgxsvM.exe
  2⤵
  PID:9864
- C:\Windows\System\FtCpepg.exe
  C:\Windows\System\FtCpepg.exe
  2⤵
  PID:9908
- C:\Windows\System\GoBkODl.exe
  C:\Windows\System\GoBkODl.exe
  2⤵
  PID:9932
- C:\Windows\System\oimrzYz.exe
  C:\Windows\System\oimrzYz.exe
  2⤵
  PID:9980
- C:\Windows\System\uXAseeJ.exe
  C:\Windows\System\uXAseeJ.exe
  2⤵
  PID:10068
- C:\Windows\System\BNyuVRi.exe
  C:\Windows\System\BNyuVRi.exe
  2⤵
  PID:10020
- C:\Windows\System\JWpHbJD.exe
  C:\Windows\System\JWpHbJD.exe
  2⤵
  PID:10088
- C:\Windows\System\QPQqDRY.exe
  C:\Windows\System\QPQqDRY.exe
  2⤵
  PID:10136
- C:\Windows\System\KqvjfTf.exe
  C:\Windows\System\KqvjfTf.exe
  2⤵
  PID:10172
- C:\Windows\System\PybRIAF.exe
  C:\Windows\System\PybRIAF.exe
  2⤵
  PID:10220
- C:\Windows\System\ggbTQOG.exe
  C:\Windows\System\ggbTQOG.exe
  2⤵
  PID:9360
- C:\Windows\System\eIuKprX.exe
  C:\Windows\System\eIuKprX.exe
  2⤵
  PID:10236
- C:\Windows\System\UMqGCUt.exe
  C:\Windows\System\UMqGCUt.exe
  2⤵
  PID:9424
- C:\Windows\System\abVaUTo.exe
  C:\Windows\System\abVaUTo.exe
  2⤵
  PID:9376
- C:\Windows\System\GeuTmeu.exe
  C:\Windows\System\GeuTmeu.exe
  2⤵
  PID:9296
- C:\Windows\System\POywxtL.exe
  C:\Windows\System\POywxtL.exe
  2⤵
  PID:9344
- C:\Windows\System\KZXKzNL.exe
  C:\Windows\System\KZXKzNL.exe
  2⤵
  PID:9608
- C:\Windows\System\WktmQWe.exe
  C:\Windows\System\WktmQWe.exe
  2⤵
  PID:9984
- C:\Windows\System\ifTmUDR.exe
  C:\Windows\System\ifTmUDR.exe
  2⤵
  PID:9440
- C:\Windows\System\jRLnLPc.exe
  C:\Windows\System\jRLnLPc.exe
  2⤵
  PID:9596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BVlReYj.exe

Filesize
6.0MB

MD5
5a09518ac58926deb880f33fa47b5b38

SHA1
08fd4a82df73cc57cbee9d1125703086ab5109bd

SHA256
6516877a78d363575ac2795d8a5bb23dc2d83c56f93ba8377dfb7e43c052d10c

SHA512
ffedd7147a4e5d438920bacb5031f03673cac28ee1bbf80c5e8deaaf236e6081d52ece77c46c879778afb1643b7c7607dc39be9da138de56c6edff50d06320ed

Download Submit
C:\Windows\system\BjADoXp.exe

Filesize
6.0MB

MD5
38ca25271747ff078a9e18998af4140e

SHA1
58fadef843400f857eb7e56d0e66067942b4128f

SHA256
68a50cb2181cda97f0d41125940a9a86c7c93e7d23869f0cbeec408bf28bbcc5

SHA512
6f003caaf7cf89412626daf1eafed26a0698e2b077d0492d15499d8f8712595cb3f4ba50477c01ac9840aebcdf2226b5215c82616c7a814287f4a1b4d1831ab5

Download Submit
C:\Windows\system\EOTpIOq.exe

Filesize
6.0MB

MD5
691cd09840af451052561cb17dc3f714

SHA1
fe7c3dd1491441599bca36a0702675395a97199e

SHA256
f86dde445ac0501382403b345feeca8ce6349a6db46e7e31b0dc4ff769f797c5

SHA512
354a1f10d85224058db87e79180f117d00e6e1c0659718c56cd290568416d632f6b5413e5d5b4d31067911ced1f4fdc970be421e6590f9d64f54853dc22234cf

Download Submit
C:\Windows\system\FNllpZX.exe

Filesize
6.0MB

MD5
e03b8c7d5fdb1afff4d444191fadca35

SHA1
5927579a98205511f07603faa10ffee527e0e9ef

SHA256
dc29094a2caf0085b5931db000393cda77e0e62c3479a092389c0ef6c6928c9b

SHA512
ec6cd1eb01512fabefbbb92175b980341f6397e97c4e1ee583405e5740466283020e6ba249214e06f7cd2bdceaeb56c306bcddffd6f95f2b549836d11ff3d2be

Download Submit
C:\Windows\system\GQFpoWF.exe

Filesize
6.0MB

MD5
5bed6713b539e388908cb3430d8b045a

SHA1
5a224c5cdabb07824f48029788c812c5f12089da

SHA256
5457571cc3eaa304c8dbe45f62179ed4a4029579c452be220ba7421ba0b20ed7

SHA512
e06dda9fa97e93024beeaa36c6ae2e0c7281d293755d09827d2f69f216e186543bb8cb3037eb59d626be641eaee087d4227e04e9619b0eaffccf2e37bbf73bb7

Download Submit
C:\Windows\system\HzGEogh.exe

Filesize
6.0MB

MD5
86232d786eaafd4f0e934917e49a3297

SHA1
eed99106d4d0ef8047687e366233470ac74d98e8

SHA256
1361006c8ca5fef5e553199b0d35ee98c5f74772e6cb5105564760c5df6c9e8b

SHA512
bdd769325ce8498ec6ad570371e9b809bcf8095bb0f1739e702446c047889a29de275698b74f4b9f3304194e34b80aba3712bacd225c09242f7b3501aa088839

Download Submit
C:\Windows\system\IShebZN.exe

Filesize
6.0MB

MD5
ec64a4f61a78d1a09077d2ae62b0d289

SHA1
45d2f7a97229f5541708e60fb6fa202e9ae3266e

SHA256
9ba1ebefc090cf3fea5af08a46d307a53ddce60d48c72d85f27732d2e9ecec81

SHA512
07a153cf7e2cbcfa6943b3414a11e3022a0ea9fc5fb117c99ee3a473c3f1c6eca1cfa07efaf4fdf5a1c1d4ca4e84b875f200b6db457e7637b19747412af5946f

Download Submit
C:\Windows\system\LIYEURY.exe

Filesize
6.0MB

MD5
2af8973b48e3a19a7aadf04399e31d3f

SHA1
58d4f4537c2e769c434ef13802b46271de481b4b

SHA256
b57011de2b6df93fe54aac7bdc83049d94675c1fdd4b286d4a113af597a3479f

SHA512
082eca4337d0bc1f4f3cca33e0ffa37229634ac921607e0008b90ccdab3d578e0f41f33382a9f2624dbef22c41d96d24dfae414d9690e32d081e77ee802a2bb5

Download Submit
C:\Windows\system\RPqHbsE.exe

Filesize
6.0MB

MD5
de77169443b4b0a74981843125d9078f

SHA1
a8befa20a44ba4848b85c54fbc120a677fea3fc4

SHA256
8b29a424ae32ae3eca76ee6c4de8935ab81f0ef837a034e0ae344e78610f4dad

SHA512
83f2bd692592f46b79b6f463eeccda87146ef75e771a43dac845b56bea0236a6874f1fa82ea04dbadd25b3268b8e105263c9e515920327b87e3770585d1398d5

Download Submit
C:\Windows\system\RjQUYfC.exe

Filesize
6.0MB

MD5
eee102aeae438ecc059d273cbed73603

SHA1
8a034fb9fd24fdb94cd714186a3b751ba2dc7759

SHA256
4960da0616c62f0d71f142b78a910e236c931d94792d3ebfb3453b8d2f4bacac

SHA512
59b70eee0cb6cf15fcbbab2945c0de657eabaf0167d0d7382bca109f7f39fc6844b11d30e7169e89c778eb6c7b2ee1a884edcb4ed5f0da5b80e3e7255cd19567

Download Submit
C:\Windows\system\RqfmMmF.exe

Filesize
6.0MB

MD5
b5a35d5e6ec3636a9a11cab7cf1d0704

SHA1
6ca9869f567f0c6444a2e5acaec6cae0e0677338

SHA256
730e228957e946b121f04477320242fbeea2ce7ecf570231465adb5239456143

SHA512
d74a80f07e615c7170f3f1ca903cadfa5e1ede124131083ad755fdbf3b140de0e6897feebb252a60e05c0d6d74a435adbf895f9ef39db3207beb4468796c2fba

Download Submit
C:\Windows\system\VGNBpPe.exe

Filesize
6.0MB

MD5
9351b278edf0484ceb99c64f8c9cf608

SHA1
47f3df32d2aa0aaf55077369aa01b3dd519a4393

SHA256
f90fa6515ec63dea5813ed0814e5b6eb06c994a5c6a7a6b3689cdfa5082b6f3f

SHA512
eec50453fee020d57f5d0b6f2d6956f1e0ad323159d73800d2edf08f2daacaf6f9224f19d2e75090bc820263a8ed3cae9a7c8bba4c38c6a6c83c881e90bf4008

Download Submit
C:\Windows\system\VGlTRZC.exe

Filesize
6.0MB

MD5
0cc214cd3eb7433b85bd0757a5d992d8

SHA1
e014d3fd9b6fdc8cedaed001a9cf0bb99f44b6cf

SHA256
be09b2d0706c0b86704cc89d121caba3faaaed6bd458da294db2eec1a9935534

SHA512
80f9a048dd10c536c71af93fc65cc4611039220cd781be8f0266a443ad5fe4f76cb02010bc75b8ee3ec356bdf50a1a0c500d2891e03498538ec94f7682c06a6f

Download Submit
C:\Windows\system\iXJEAbW.exe

Filesize
6.0MB

MD5
3e0cac302f9625634dbd7c04f3c21faf

SHA1
d94b4701ac65bfce2ad8d2ddd8d422aaafe7a9ba

SHA256
db07119f7e6951151e822b5880781318ca539c7fae4532912825166f5dc2e237

SHA512
a1e4459185fdd3e1995c8660bfdcbba7277f8128dddac4038dd434d2ead2f58f5b9eb8737485b2354a84706dc73ae772f6d302fa698cee7d1bc40d4881fa9132

Download Submit
C:\Windows\system\icdFywF.exe

Filesize
6.0MB

MD5
86cf0118b52f63d538388d7e8b94c67a

SHA1
cee3208eb3e1b6a9d6a96f6075832d9a552ee592

SHA256
c87fccd3a0cafb0ad3069c867b1291d7a41fd9b30c19c935122aa2f5cf7c2c30

SHA512
d1f0aaa0e59841a06ca93a6ec87771745f106e01dd6999323c17f400c586a5ff6cc5ae517acd807f68ca13f88279751adc336b4839c63784e7b563f6436824f2

Download Submit
C:\Windows\system\isPAIGA.exe

Filesize
6.0MB

MD5
46ce3e9e1f655e4e1cf92bba246ac97d

SHA1
52297daf446906f2068a952fcfc8f5c083e7e3b5

SHA256
37370e24a45ddfe4bc7046f8a30ed1da09da820a9b0fa0974b6681581d8d235d

SHA512
fe3391a8b5390f71d805b59f15cc3fe0c688fb11acd322437af9828789135b9990a04ec4661e0f5f4385ebe4c439ca0a7c651666a20a06d0cc30b5102912927c

Download Submit
C:\Windows\system\jOBgaKc.exe

Filesize
6.0MB

MD5
018c21231e71edfd183c750036cd551c

SHA1
07eb176d663acf20255db245e8a71477f11c2945

SHA256
5b2fbcb4a857baefe645e34295d5b8c469d141344c4bcb763decfb0ebf16bc28

SHA512
d2ed45db0ba29d5946420ff2c4f5ba4be91e76170e8fa1ad98563e13062bbfe347d1bb6b20c19dd3833c2d69c0e4b02e1ec7691d032502ec78a971080a6049bc

Download Submit
C:\Windows\system\mbDAitZ.exe

Filesize
6.0MB

MD5
01a7663764742dc7ce4a998c95b73dde

SHA1
591c9c17e3e702c53b8b6388061e5de8a41b507a

SHA256
73d92884ccc5bf3e19f7187a117dd9592c4fa5b90614b7f742a916df6e34762e

SHA512
57aa55020b297cc8173d425e9a1654786d90d4540c69db3a83e7a93e624906d0b8d17f0cbd890b056eb875743e05a5cd2da23beba1805a4324ad1696bf8cfc57

Download Submit
C:\Windows\system\nFlMECy.exe

Filesize
6.0MB

MD5
2efbdba2d787b0d004d6ee8a4f3df2bc

SHA1
c528a384b2969d6ec170d9ed1422db96f9d0a752

SHA256
707d93c8ffafcfbd2b911add6ba855f1b6fc718dd2945975cb3169d610f5ba92

SHA512
94dd07435aaff14e4d488d801b90399551202f0cac26c6b9462a143a066885d5cacb209fd641b8e50f106fcc256e3a71e85f1f024e5fa3ff7eac4eb2415806c7

Download Submit
C:\Windows\system\pftvnJe.exe

Filesize
6.0MB

MD5
ce1f5b96b08195791a81ab5e91d949ac

SHA1
d676663b5427e32c30b17beb16f079e9a4dceda3

SHA256
f96dafd68fbe399365bd2bf872a5b1999b3f2cf2bb2e3d6abc05d57d7d0922a6

SHA512
0f8365100f2f2398da0b25acc73950bb4af7deca617d0f6e3b7288f3c42d1f2227a4859597ff9c2035b58647cfe98dcec7f4232471b238ae4d818025519b5145

Download Submit
C:\Windows\system\pypSHvn.exe

Filesize
6.0MB

MD5
16a6719efb1a78aa6ddbdbbb608db288

SHA1
fd1c135fb2739065d9e0926aef279096a91676dc

SHA256
3c4d62d82b8ef5eb8fba44e08c80945210aa3f6ad77eeee42d8d0068fbcc7f1c

SHA512
8b0d51ccc0e04d187e65beb8f342559c148751dd31fa445579f18463683651d0224e43f7b9c0c5724d9c3df2ac5aa006b827b47663016d82ae458ca005036cbb

Download Submit
C:\Windows\system\tUnJGqr.exe

Filesize
6.0MB

MD5
fbc2316dafad58aae8a831ac8d9f9e4d

SHA1
52b05b80feaa110c388609f2178061defb377e7a

SHA256
6da025916df80a81c4475a24d6c5ae9d929830393ee3cb19a7be688fcd2cdb99

SHA512
cdfb6547f542be553c1f649f5a5c2723a46fa2ce387b54da487c242f27daaff1abe91bf2769db0f42b766fc28e6c08d22f261df415dd61508f8e5d092465b341

Download Submit
C:\Windows\system\uKXDKrg.exe

Filesize
6.0MB

MD5
d22b1dccdf3b903ce4108297d1438d21

SHA1
aad47533cfcb6e7b9d02d2a0c71d0ca31c21dc58

SHA256
382c4fd80b89c22a26ea0b8956a551b1b0adf4bba09f53ed2a8b11d2daf57295

SHA512
f3e044ba53b62c9b336dd19db4bd05364c3bbafb8ce71be0a7f2665c93ad11e0db161b04fa1963bd467035508d1270f8da0989aba6103cfba402d5998d297cb2

Download Submit
C:\Windows\system\vPsfEMr.exe

Filesize
6.0MB

MD5
9ec14b6977560629bf681961109cbc1d

SHA1
216f021e44b033fef98ff922d1924c2bc8273ae2

SHA256
3f795b9f315ea60e5e308f148920b63a2681d484ace47efec5742426226448e5

SHA512
18abed7414be607f69570e3e9b852f1e06a4e586795dd3f86cf794cf265d196795aec2d0b791da522657d0a502bde1ec6c6e1388e08cc6d150bbe01312b4a542

Download Submit
C:\Windows\system\vZNgwaC.exe

Filesize
6.0MB

MD5
f94bc6c82e7638cb2c603b6130604193

SHA1
e67ef200661baa2e5a03e27f5de988226aed9cb2

SHA256
d3ebf3f913864b62a7d638674a0befd05b752517d1e68246c55873123cd0d905

SHA512
02dc212168cd2e5ffd8d1268dd07d474d49d0d627204f15b54912b4906718c5dd2bc6f9d1a8b08c7c309980943ff36fe9f8e49f57a2826635691d97915812996

Download Submit
C:\Windows\system\wrPPNFy.exe

Filesize
6.0MB

MD5
748243d041dc34404736917e37d118be

SHA1
512b43179cc841ccc7a221b46d9f17cc56559ff2

SHA256
88450971d330a24765206edbfa3499d6d786fd631c1948debf4a2c7b7c78c308

SHA512
0c0c3a6df4f8ad5fe455e3766e19105f761fec3763ba0fadf905ae9d39d72af2cbbd5f73fbc0c113fef337036733f79388954a0c9575b4e789afe3a4a2645760

Download Submit
C:\Windows\system\xDtmeVR.exe

Filesize
6.0MB

MD5
2f17c3fb7eb35022f179868b61dff701

SHA1
b2c19f4e16e0d37bf32dce07ab802803f72e84e8

SHA256
f7041d9e719f2cc5d75d630bda6a5ba8b87e122960d56630297c61fc433e9316

SHA512
930b44430afee7eb322047adc1162186d9eadd682c727cdbcdb59b36fc68264ece743c70973557b9cb827073d628e1ce5f5d36cf8facf54141c93161ebe7a678

Download Submit
\Windows\system\POShBAc.exe

Filesize
6.0MB

MD5
4f015f2cad66c4fcdc510812d5b1b7c0

SHA1
5211432fa7c324c422c3106f25f54976b0ecf003

SHA256
ab00fce0d79084cbcd11220f1d8632f4a7acd8cab11bdbd3ad499473b8e73449

SHA512
f38d5af8cd3b66b6d58b6fcdbf80ed901e46b52653df524b1081837cb90fab5d118cd2075adf2e0c075b3ff97669feae25f7b337d716a37b8c5463c998e7b419

Download Submit
\Windows\system\VAcGqPq.exe

Filesize
6.0MB

MD5
4e8a61bde32fe827470c4b2e709689ca

SHA1
8302caa2f3ed4fcaa46c7f40a59d8582deaa590c

SHA256
617faaeb02e9723809829649360975dcd63ad79e3a3b1ab5795bafb9dcd25e25

SHA512
e938aa169203b3319d424c605af176e7d2cf5c323d71e7c819a87ff0eb7bdb5f227e218e4cd2b006327f017dc69de97a8e1cefd5a60f11504e01de9fb7aabc6c

Download Submit
\Windows\system\aETmxIy.exe

Filesize
6.0MB

MD5
d02278275837f4b6822121add664b302

SHA1
e7a1bbca4f5dce89b495002a742be454d631605d

SHA256
58e8b9799dfd6cde4130c6d6ed96db2afce7fe7e90fc117372a9bc2522e30d8f

SHA512
a25d6ad74cfa0befa3eaee724171716bd493ae2f44382910a9a8f8dd58f9c4390ab3d03405b38e4e2b31592c02edaa86796307658f2b5c2aac9ee2b86177d59a

Download Submit
\Windows\system\aJMTHWo.exe

Filesize
6.0MB

MD5
d42d7f907489121ed9743ceaf607c969

SHA1
fbf0e61e1542a79bd57dd2970e482a8cef1e6518

SHA256
80ad2a12663bec18103bba4f62b12c1cc639e2bebfe41b2281a042dbb3e2f5dd

SHA512
a5f7195276dfc7397a40e4f1199d610ff3438cd6ec3ee7b2ee30f7ff0b7da6b6cc69cb4f9266265e60da9b93a088c0444d07383a7931af9613b5aace59752117

Download Submit
\Windows\system\oMUfBBq.exe

Filesize
6.0MB

MD5
0255b93a3065d93a2398e98da4fc10f9

SHA1
693aa54edc50a3e75cded76dac29a169fbbde30e

SHA256
9de63722bf5ffc76974432e958aaec137f441f165f526cc47b7d6f5809b79861

SHA512
d3e31b05c6d4ec0274df355f533513a6db891a227e1a96a2890401c93a629343985c0cdb8bbce8dcd424e0f7608e0d04f70ad90340c53c5452d688f719fd8336

Download Submit
\Windows\system\wXHZdhg.exe

Filesize
6.0MB

MD5
27e3654efa2338cc4852be6b93e61f93

SHA1
30c152f8e675f3b0427267f04b5a6b5bedbf6517

SHA256
c7f4ab5db4ab0fc6a44355e44f6392450f56e77e1cf3513dc962fd4de7caabee

SHA512
0b344938c13910bedd0727f0811eb3b04ecfa411a03898983b3e70180c1fb2ab5aa853857b96158a03992d8cc129e7867811b5f99bfb7e0b9525c93e562a382d

Download Submit
memory/2080-3105-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2146-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2080-3101-0x00000000021B0000-0x0000000002504000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1-0x0000000000470000-0x0000000000480000-memory.dmp

Filesize
64KB

Download
memory/2080-1904-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2080-3102-0x00000000021B0000-0x0000000002504000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2988-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2080-0-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-3099-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2299-0x00000000021B0000-0x0000000002504000-memory.dmp

Filesize
3.3MB

Download
memory/2080-3090-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2318-0x00000000021B0000-0x0000000002504000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2986-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2355-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1998-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3152-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3149-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3045-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2764-16-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2776-1903-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3146-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3157-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2824-2351-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2828-2243-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3153-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3168-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2315-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2964-3170-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2140-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download