cobaltstrike | eff53750903127768d7cd0a4aa77c8f065f085d60a0ce8a944cf0cfcc16e8660

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

58e086ddeef7f3d7c85d9f8026baf7a7
SHA1

416e1bcbca768e9772d0fe302bea6a9344734aff
SHA256

eff53750903127768d7cd0a4aa77c8f065f085d60a0ce8a944cf0cfcc16e8660
SHA512

95d0c8a1de18d422e0e506c81d27cb7861b5d9449492fcc5bc1cae64fb9e2e992d14770a3cc24977fd03a5fe8a1c6f155e04af2aa785158e1dff790e6d169236
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU8:T+q56utgpPF8u/78

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x000c000000012263-3.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001921d-9.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019242-15.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001921f-16.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001876a-51.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001930d-48.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9a-67.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-192.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ad-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ab-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a5-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a495-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a494-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a489-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a487-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a467-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a423-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41f-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41c-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41a-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a355-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a303-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09a-102.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07a-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a071-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb8-77.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001932a-63.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001925b-34.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001925d-40.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2528-0-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x000c000000012263-3.dat	xmrig
behavioral1/memory/792-8-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/files/0x000700000001921d-9.dat	xmrig
behavioral1/files/0x0006000000019242-15.dat	xmrig
behavioral1/memory/2988-27-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/1852-26-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/1148-22-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x000700000001921f-16.dat	xmrig
behavioral1/memory/2760-35-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2884-41-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x000800000001876a-51.dat	xmrig
behavioral1/memory/2836-49-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2728-56-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x000700000001930d-48.dat	xmrig
behavioral1/files/0x0005000000019f9a-67.dat	xmrig
behavioral1/memory/2760-71-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2528-99-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/1480-1092-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2528-1039-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2260-907-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2228-669-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2632-496-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2660-276-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b3-196.dat	xmrig
behavioral1/files/0x000500000001a4b1-192.dat	xmrig
behavioral1/files/0x000500000001a4ad-182.dat	xmrig
behavioral1/files/0x000500000001a4af-186.dat	xmrig
behavioral1/files/0x000500000001a4ab-176.dat	xmrig
behavioral1/files/0x000500000001a4a5-171.dat	xmrig
behavioral1/files/0x000500000001a495-166.dat	xmrig
behavioral1/files/0x000500000001a494-162.dat	xmrig
behavioral1/files/0x000500000001a489-156.dat	xmrig
behavioral1/files/0x000500000001a487-151.dat	xmrig
behavioral1/files/0x000500000001a467-146.dat	xmrig
behavioral1/files/0x000500000001a42d-141.dat	xmrig
behavioral1/files/0x000500000001a423-136.dat	xmrig
behavioral1/files/0x000500000001a41f-131.dat	xmrig
behavioral1/files/0x000500000001a41c-127.dat	xmrig
behavioral1/files/0x000500000001a41a-121.dat	xmrig
behavioral1/files/0x000500000001a355-116.dat	xmrig
behavioral1/files/0x000500000001a303-111.dat	xmrig
behavioral1/memory/1480-104-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2852-103-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a09a-102.dat	xmrig
behavioral1/memory/2528-100-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2260-95-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2728-94-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x000500000001a07a-93.dat	xmrig
behavioral1/memory/2528-90-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2228-86-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2836-85-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a071-84.dat	xmrig
behavioral1/memory/2632-79-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2884-78-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019fb8-77.dat	xmrig
behavioral1/memory/2660-72-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2852-64-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x000700000001932a-63.dat	xmrig
behavioral1/memory/2988-60-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/1852-59-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/792-45-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/files/0x000600000001925b-34.dat	xmrig
behavioral1/files/0x000600000001925d-40.dat	xmrig

Executes dropped EXE 64 IoCs

Processes:

iKSFSle.execuOVacd.exenmgEsrh.exebpIUvsc.exeVHJihYj.exeTLqHHec.exeffBIyuj.exewmlFjBj.exenMjTvxA.exeEpcMSyh.exeGvVPYXU.exeKkWwBGO.exeDdhsOUX.exejsIDElm.exeDoPhevG.exemlsCmlL.exeZaVkOKp.exeuahNuMU.exeDbWCZGn.exelxDahwB.exesqqSJNw.exeIispyRq.exeXEzztRf.exeGvuTyvH.exeCjtzilY.exeJztYxDJ.exePSevBxD.exebVuFgtt.exeCXjovaN.exeNGmqcCL.exeVyEiiom.exeOZuPnXi.exeHRRtnSj.exeqqBzfMT.exeSmfCvZh.exeiDpteKo.exeJruHaHX.execghwrua.exePRFsapA.exeNaUjvNC.exejPsUHxm.exegzyvReL.exeTQuGNFn.exetEIKXWz.exeiRMINLH.exeQUygTXD.exefDyozPO.exeLXJOAXy.exeSfJCfOO.execZmFvdy.exeFWrBZIn.exeeCpxvCh.exekQFrRvi.exeuFynxjk.exeOPFpHIa.exeSyxqYPy.exebKmcZuW.exepvwyRJu.exeMEzFtzr.exePlgfylO.exeAVNdrhF.exeqECWZiH.exeqHpKpSG.exegNpfMJj.exe

pid	Process
792	iKSFSle.exe
1148	cuOVacd.exe
1852	nmgEsrh.exe
2988	bpIUvsc.exe
2760	VHJihYj.exe
2884	TLqHHec.exe
2836	ffBIyuj.exe
2728	wmlFjBj.exe
2852	nMjTvxA.exe
2660	EpcMSyh.exe
2632	GvVPYXU.exe
2228	KkWwBGO.exe
2260	DdhsOUX.exe
1480	jsIDElm.exe
2972	DoPhevG.exe
2680	mlsCmlL.exe
2920	ZaVkOKp.exe
1592	uahNuMU.exe
2360	DbWCZGn.exe
320	lxDahwB.exe
1300	sqqSJNw.exe
1440	IispyRq.exe
2652	XEzztRf.exe
2164	GvuTyvH.exe
2216	CjtzilY.exe
1188	JztYxDJ.exe
664	PSevBxD.exe
904	bVuFgtt.exe
444	CXjovaN.exe
2028	NGmqcCL.exe
744	VyEiiom.exe
1584	OZuPnXi.exe
1716	HRRtnSj.exe
1712	qqBzfMT.exe
1612	SmfCvZh.exe
1744	iDpteKo.exe
2220	JruHaHX.exe
1524	cghwrua.exe
2388	PRFsapA.exe
1512	NaUjvNC.exe
1632	jPsUHxm.exe
552	gzyvReL.exe
2556	TQuGNFn.exe
2512	tEIKXWz.exe
496	iRMINLH.exe
1796	QUygTXD.exe
1088	fDyozPO.exe
1652	LXJOAXy.exe
1640	SfJCfOO.exe
1656	cZmFvdy.exe
1740	FWrBZIn.exe
980	eCpxvCh.exe
2324	kQFrRvi.exe
1692	uFynxjk.exe
1648	OPFpHIa.exe
1824	SyxqYPy.exe
2704	bKmcZuW.exe
2764	pvwyRJu.exe
2064	MEzFtzr.exe
2896	PlgfylO.exe
2780	AVNdrhF.exe
1044	qECWZiH.exe
1976	qHpKpSG.exe
2940	gNpfMJj.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2528-0-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x000c000000012263-3.dat	upx
behavioral1/memory/792-8-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/files/0x000700000001921d-9.dat	upx
behavioral1/files/0x0006000000019242-15.dat	upx
behavioral1/memory/2988-27-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/1852-26-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/1148-22-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x000700000001921f-16.dat	upx
behavioral1/memory/2760-35-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2884-41-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x000800000001876a-51.dat	upx
behavioral1/memory/2836-49-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2728-56-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x000700000001930d-48.dat	upx
behavioral1/files/0x0005000000019f9a-67.dat	upx
behavioral1/memory/2760-71-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/1480-1092-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2260-907-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2228-669-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2632-496-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2660-276-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x000500000001a4b3-196.dat	upx
behavioral1/files/0x000500000001a4b1-192.dat	upx
behavioral1/files/0x000500000001a4ad-182.dat	upx
behavioral1/files/0x000500000001a4af-186.dat	upx
behavioral1/files/0x000500000001a4ab-176.dat	upx
behavioral1/files/0x000500000001a4a5-171.dat	upx
behavioral1/files/0x000500000001a495-166.dat	upx
behavioral1/files/0x000500000001a494-162.dat	upx
behavioral1/files/0x000500000001a489-156.dat	upx
behavioral1/files/0x000500000001a487-151.dat	upx
behavioral1/files/0x000500000001a467-146.dat	upx
behavioral1/files/0x000500000001a42d-141.dat	upx
behavioral1/files/0x000500000001a423-136.dat	upx
behavioral1/files/0x000500000001a41f-131.dat	upx
behavioral1/files/0x000500000001a41c-127.dat	upx
behavioral1/files/0x000500000001a41a-121.dat	upx
behavioral1/files/0x000500000001a355-116.dat	upx
behavioral1/files/0x000500000001a303-111.dat	upx
behavioral1/memory/1480-104-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2852-103-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x000500000001a09a-102.dat	upx
behavioral1/memory/2260-95-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2728-94-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x000500000001a07a-93.dat	upx
behavioral1/memory/2228-86-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2836-85-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x000500000001a071-84.dat	upx
behavioral1/memory/2632-79-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2884-78-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x0005000000019fb8-77.dat	upx
behavioral1/memory/2660-72-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2852-64-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x000700000001932a-63.dat	upx
behavioral1/memory/2988-60-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/1852-59-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/792-45-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/files/0x000600000001925b-34.dat	upx
behavioral1/files/0x000600000001925d-40.dat	upx
behavioral1/memory/2528-38-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2728-3584-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/1852-3600-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2660-3596-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\qeUwPGM.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sbsSmmE.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aLEdriS.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JnMKZbr.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UKYZvUd.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XPcyBWH.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XInpsXQ.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\duUHqqh.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TtlLVNY.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vmfWuOa.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pbjbidF.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RMlvTsh.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kzgGlQU.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qWzOYqX.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VyxMNmU.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LbRRnhq.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QweJeiX.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MXlJRmi.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EfINklq.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\POWcAsB.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgTiSmt.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cQKzHMQ.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JLDrJMi.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ofwTrSn.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pyYUvUd.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SomIkgK.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gQTzBZP.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eZurKPs.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbrpgpL.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zMHtdLx.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FTAYCZi.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lYxxVKA.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OlQEgNI.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RzcXPjc.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qlxbIkw.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxBRAtF.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yVnstkT.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nyVMQEP.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lhaahcE.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\saAUlqx.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JEQrEEQ.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gvfdfDi.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EPwWPOT.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YoRwIBW.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bmAUqHY.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xhztnGi.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OUEFKKc.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IMFxoxU.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjviZYL.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eIqhQeP.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPOMwSg.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HsDCBKk.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGyUKHz.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpjvxFB.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JMjuDNv.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EDkdTAy.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wfASisT.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CQiHKLO.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Lzhersy.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZAkcunR.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sMMoKpj.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kCQZTFg.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NmkMLit.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjUHGAq.exe	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 2528 wrote to memory of 792	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2528 wrote to memory of 792	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2528 wrote to memory of 792	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2528 wrote to memory of 1852	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2528 wrote to memory of 1852	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2528 wrote to memory of 1852	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2528 wrote to memory of 1148	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2528 wrote to memory of 1148	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2528 wrote to memory of 1148	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2528 wrote to memory of 2988	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2528 wrote to memory of 2988	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2528 wrote to memory of 2988	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2528 wrote to memory of 2760	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2528 wrote to memory of 2760	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2528 wrote to memory of 2760	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2528 wrote to memory of 2884	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2528 wrote to memory of 2884	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2528 wrote to memory of 2884	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2528 wrote to memory of 2836	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2528 wrote to memory of 2836	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2528 wrote to memory of 2836	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2528 wrote to memory of 2728	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2528 wrote to memory of 2728	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2528 wrote to memory of 2728	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2528 wrote to memory of 2852	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2528 wrote to memory of 2852	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2528 wrote to memory of 2852	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2528 wrote to memory of 2660	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2528 wrote to memory of 2660	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2528 wrote to memory of 2660	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2528 wrote to memory of 2632	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2528 wrote to memory of 2632	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2528 wrote to memory of 2632	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2528 wrote to memory of 2228	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2528 wrote to memory of 2228	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2528 wrote to memory of 2228	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2528 wrote to memory of 2260	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2528 wrote to memory of 2260	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2528 wrote to memory of 2260	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2528 wrote to memory of 1480	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2528 wrote to memory of 1480	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2528 wrote to memory of 1480	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2528 wrote to memory of 2972	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2528 wrote to memory of 2972	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2528 wrote to memory of 2972	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2528 wrote to memory of 2680	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2528 wrote to memory of 2680	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2528 wrote to memory of 2680	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2528 wrote to memory of 2920	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2528 wrote to memory of 2920	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2528 wrote to memory of 2920	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2528 wrote to memory of 1592	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2528 wrote to memory of 1592	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2528 wrote to memory of 1592	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2528 wrote to memory of 2360	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2528 wrote to memory of 2360	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2528 wrote to memory of 2360	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2528 wrote to memory of 320	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2528 wrote to memory of 320	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2528 wrote to memory of 320	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2528 wrote to memory of 1300	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2528 wrote to memory of 1300	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2528 wrote to memory of 1300	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2528 wrote to memory of 1440	2528	2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-25_58e086ddeef7f3d7c85d9f8026baf7a7_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Windows\System\iKSFSle.exe
  C:\Windows\System\iKSFSle.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\nmgEsrh.exe
  C:\Windows\System\nmgEsrh.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\cuOVacd.exe
  C:\Windows\System\cuOVacd.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\bpIUvsc.exe
  C:\Windows\System\bpIUvsc.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\VHJihYj.exe
  C:\Windows\System\VHJihYj.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\TLqHHec.exe
  C:\Windows\System\TLqHHec.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\ffBIyuj.exe
  C:\Windows\System\ffBIyuj.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\wmlFjBj.exe
  C:\Windows\System\wmlFjBj.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\nMjTvxA.exe
  C:\Windows\System\nMjTvxA.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\EpcMSyh.exe
  C:\Windows\System\EpcMSyh.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\GvVPYXU.exe
  C:\Windows\System\GvVPYXU.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\KkWwBGO.exe
  C:\Windows\System\KkWwBGO.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\DdhsOUX.exe
  C:\Windows\System\DdhsOUX.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\jsIDElm.exe
  C:\Windows\System\jsIDElm.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\DoPhevG.exe
  C:\Windows\System\DoPhevG.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\mlsCmlL.exe
  C:\Windows\System\mlsCmlL.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\ZaVkOKp.exe
  C:\Windows\System\ZaVkOKp.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\uahNuMU.exe
  C:\Windows\System\uahNuMU.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\DbWCZGn.exe
  C:\Windows\System\DbWCZGn.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\lxDahwB.exe
  C:\Windows\System\lxDahwB.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\sqqSJNw.exe
  C:\Windows\System\sqqSJNw.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\IispyRq.exe
  C:\Windows\System\IispyRq.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\XEzztRf.exe
  C:\Windows\System\XEzztRf.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\GvuTyvH.exe
  C:\Windows\System\GvuTyvH.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\CjtzilY.exe
  C:\Windows\System\CjtzilY.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\JztYxDJ.exe
  C:\Windows\System\JztYxDJ.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\PSevBxD.exe
  C:\Windows\System\PSevBxD.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\bVuFgtt.exe
  C:\Windows\System\bVuFgtt.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\CXjovaN.exe
  C:\Windows\System\CXjovaN.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\NGmqcCL.exe
  C:\Windows\System\NGmqcCL.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\VyEiiom.exe
  C:\Windows\System\VyEiiom.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\OZuPnXi.exe
  C:\Windows\System\OZuPnXi.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\HRRtnSj.exe
  C:\Windows\System\HRRtnSj.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\qqBzfMT.exe
  C:\Windows\System\qqBzfMT.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\SmfCvZh.exe
  C:\Windows\System\SmfCvZh.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\iDpteKo.exe
  C:\Windows\System\iDpteKo.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\JruHaHX.exe
  C:\Windows\System\JruHaHX.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\cghwrua.exe
  C:\Windows\System\cghwrua.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\PRFsapA.exe
  C:\Windows\System\PRFsapA.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\NaUjvNC.exe
  C:\Windows\System\NaUjvNC.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\jPsUHxm.exe
  C:\Windows\System\jPsUHxm.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\gzyvReL.exe
  C:\Windows\System\gzyvReL.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\TQuGNFn.exe
  C:\Windows\System\TQuGNFn.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\tEIKXWz.exe
  C:\Windows\System\tEIKXWz.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\iRMINLH.exe
  C:\Windows\System\iRMINLH.exe
  2⤵
  - Executes dropped EXE
  PID:496
- C:\Windows\System\QUygTXD.exe
  C:\Windows\System\QUygTXD.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\fDyozPO.exe
  C:\Windows\System\fDyozPO.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\LXJOAXy.exe
  C:\Windows\System\LXJOAXy.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\SfJCfOO.exe
  C:\Windows\System\SfJCfOO.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\cZmFvdy.exe
  C:\Windows\System\cZmFvdy.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\FWrBZIn.exe
  C:\Windows\System\FWrBZIn.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\eCpxvCh.exe
  C:\Windows\System\eCpxvCh.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\kQFrRvi.exe
  C:\Windows\System\kQFrRvi.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\uFynxjk.exe
  C:\Windows\System\uFynxjk.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\OPFpHIa.exe
  C:\Windows\System\OPFpHIa.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\SyxqYPy.exe
  C:\Windows\System\SyxqYPy.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\bKmcZuW.exe
  C:\Windows\System\bKmcZuW.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\pvwyRJu.exe
  C:\Windows\System\pvwyRJu.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\MEzFtzr.exe
  C:\Windows\System\MEzFtzr.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\PlgfylO.exe
  C:\Windows\System\PlgfylO.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\AVNdrhF.exe
  C:\Windows\System\AVNdrhF.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\qECWZiH.exe
  C:\Windows\System\qECWZiH.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\qHpKpSG.exe
  C:\Windows\System\qHpKpSG.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\gNpfMJj.exe
  C:\Windows\System\gNpfMJj.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\SwNisSh.exe
  C:\Windows\System\SwNisSh.exe
  2⤵
  PID:924
- C:\Windows\System\YEaQLem.exe
  C:\Windows\System\YEaQLem.exe
  2⤵
  PID:2060
- C:\Windows\System\XQvesTi.exe
  C:\Windows\System\XQvesTi.exe
  2⤵
  PID:1940
- C:\Windows\System\HJyWbLM.exe
  C:\Windows\System\HJyWbLM.exe
  2⤵
  PID:1232
- C:\Windows\System\SYLRiSX.exe
  C:\Windows\System\SYLRiSX.exe
  2⤵
  PID:1792
- C:\Windows\System\MQgBfYJ.exe
  C:\Windows\System\MQgBfYJ.exe
  2⤵
  PID:2188
- C:\Windows\System\IRzAwyg.exe
  C:\Windows\System\IRzAwyg.exe
  2⤵
  PID:1272
- C:\Windows\System\OGqZaAs.exe
  C:\Windows\System\OGqZaAs.exe
  2⤵
  PID:304
- C:\Windows\System\GzqbXci.exe
  C:\Windows\System\GzqbXci.exe
  2⤵
  PID:836
- C:\Windows\System\hEWBQQK.exe
  C:\Windows\System\hEWBQQK.exe
  2⤵
  PID:948
- C:\Windows\System\bCPimAi.exe
  C:\Windows\System\bCPimAi.exe
  2⤵
  PID:2352
- C:\Windows\System\ykkvDav.exe
  C:\Windows\System\ykkvDav.exe
  2⤵
  PID:860
- C:\Windows\System\NbrMPrE.exe
  C:\Windows\System\NbrMPrE.exe
  2⤵
  PID:2356
- C:\Windows\System\hRUCTzS.exe
  C:\Windows\System\hRUCTzS.exe
  2⤵
  PID:2192
- C:\Windows\System\cYWlIPQ.exe
  C:\Windows\System\cYWlIPQ.exe
  2⤵
  PID:1360
- C:\Windows\System\BcABHoj.exe
  C:\Windows\System\BcABHoj.exe
  2⤵
  PID:2572
- C:\Windows\System\peeGhOi.exe
  C:\Windows\System\peeGhOi.exe
  2⤵
  PID:976
- C:\Windows\System\foZNZRT.exe
  C:\Windows\System\foZNZRT.exe
  2⤵
  PID:1384
- C:\Windows\System\QOeBGtL.exe
  C:\Windows\System\QOeBGtL.exe
  2⤵
  PID:1596
- C:\Windows\System\bYwvzFt.exe
  C:\Windows\System\bYwvzFt.exe
  2⤵
  PID:1676
- C:\Windows\System\saJoiwB.exe
  C:\Windows\System\saJoiwB.exe
  2⤵
  PID:292
- C:\Windows\System\RJvUJmI.exe
  C:\Windows\System\RJvUJmI.exe
  2⤵
  PID:1580
- C:\Windows\System\pYrRRSS.exe
  C:\Windows\System\pYrRRSS.exe
  2⤵
  PID:1576
- C:\Windows\System\FDAjBIO.exe
  C:\Windows\System\FDAjBIO.exe
  2⤵
  PID:1660
- C:\Windows\System\qciBuEx.exe
  C:\Windows\System\qciBuEx.exe
  2⤵
  PID:2744
- C:\Windows\System\rEmKcXo.exe
  C:\Windows\System\rEmKcXo.exe
  2⤵
  PID:2908
- C:\Windows\System\NauXhiM.exe
  C:\Windows\System\NauXhiM.exe
  2⤵
  PID:1144
- C:\Windows\System\QHrmwZp.exe
  C:\Windows\System\QHrmwZp.exe
  2⤵
  PID:2600
- C:\Windows\System\sYSPUrA.exe
  C:\Windows\System\sYSPUrA.exe
  2⤵
  PID:2960
- C:\Windows\System\kpgYMYJ.exe
  C:\Windows\System\kpgYMYJ.exe
  2⤵
  PID:1972
- C:\Windows\System\GTXPLjV.exe
  C:\Windows\System\GTXPLjV.exe
  2⤵
  PID:2136
- C:\Windows\System\oCrtQob.exe
  C:\Windows\System\oCrtQob.exe
  2⤵
  PID:1212
- C:\Windows\System\lHdfMor.exe
  C:\Windows\System\lHdfMor.exe
  2⤵
  PID:2580
- C:\Windows\System\BBwciJN.exe
  C:\Windows\System\BBwciJN.exe
  2⤵
  PID:1624
- C:\Windows\System\qpUpwuw.exe
  C:\Windows\System\qpUpwuw.exe
  2⤵
  PID:1356
- C:\Windows\System\XHnzUKd.exe
  C:\Windows\System\XHnzUKd.exe
  2⤵
  PID:1032
- C:\Windows\System\WffOcVb.exe
  C:\Windows\System\WffOcVb.exe
  2⤵
  PID:3084
- C:\Windows\System\iFzjNsE.exe
  C:\Windows\System\iFzjNsE.exe
  2⤵
  PID:3104
- C:\Windows\System\bZgydtL.exe
  C:\Windows\System\bZgydtL.exe
  2⤵
  PID:3124
- C:\Windows\System\FrewKqx.exe
  C:\Windows\System\FrewKqx.exe
  2⤵
  PID:3144
- C:\Windows\System\RzcXPjc.exe
  C:\Windows\System\RzcXPjc.exe
  2⤵
  PID:3164
- C:\Windows\System\qOPHgwD.exe
  C:\Windows\System\qOPHgwD.exe
  2⤵
  PID:3184
- C:\Windows\System\cqrgNHc.exe
  C:\Windows\System\cqrgNHc.exe
  2⤵
  PID:3204
- C:\Windows\System\xSsMORT.exe
  C:\Windows\System\xSsMORT.exe
  2⤵
  PID:3224
- C:\Windows\System\rfnZIEx.exe
  C:\Windows\System\rfnZIEx.exe
  2⤵
  PID:3244
- C:\Windows\System\yyzOHoC.exe
  C:\Windows\System\yyzOHoC.exe
  2⤵
  PID:3264
- C:\Windows\System\aHENOkF.exe
  C:\Windows\System\aHENOkF.exe
  2⤵
  PID:3284
- C:\Windows\System\TJAArii.exe
  C:\Windows\System\TJAArii.exe
  2⤵
  PID:3304
- C:\Windows\System\wWBpALc.exe
  C:\Windows\System\wWBpALc.exe
  2⤵
  PID:3324
- C:\Windows\System\vQXlKEb.exe
  C:\Windows\System\vQXlKEb.exe
  2⤵
  PID:3344
- C:\Windows\System\AfAmVZy.exe
  C:\Windows\System\AfAmVZy.exe
  2⤵
  PID:3364
- C:\Windows\System\pNNvsgG.exe
  C:\Windows\System\pNNvsgG.exe
  2⤵
  PID:3384
- C:\Windows\System\YHuNLOH.exe
  C:\Windows\System\YHuNLOH.exe
  2⤵
  PID:3404
- C:\Windows\System\InpbvNn.exe
  C:\Windows\System\InpbvNn.exe
  2⤵
  PID:3424
- C:\Windows\System\TNSyfIz.exe
  C:\Windows\System\TNSyfIz.exe
  2⤵
  PID:3444
- C:\Windows\System\DPcmrWT.exe
  C:\Windows\System\DPcmrWT.exe
  2⤵
  PID:3464
- C:\Windows\System\edMZOQK.exe
  C:\Windows\System\edMZOQK.exe
  2⤵
  PID:3484
- C:\Windows\System\HmfHuyW.exe
  C:\Windows\System\HmfHuyW.exe
  2⤵
  PID:3504
- C:\Windows\System\evjYqDI.exe
  C:\Windows\System\evjYqDI.exe
  2⤵
  PID:3524
- C:\Windows\System\fBOHuhh.exe
  C:\Windows\System\fBOHuhh.exe
  2⤵
  PID:3544
- C:\Windows\System\prdmHNB.exe
  C:\Windows\System\prdmHNB.exe
  2⤵
  PID:3564
- C:\Windows\System\kseqqAL.exe
  C:\Windows\System\kseqqAL.exe
  2⤵
  PID:3584
- C:\Windows\System\YktMdHW.exe
  C:\Windows\System\YktMdHW.exe
  2⤵
  PID:3604
- C:\Windows\System\vdggnGk.exe
  C:\Windows\System\vdggnGk.exe
  2⤵
  PID:3624
- C:\Windows\System\enVAHxe.exe
  C:\Windows\System\enVAHxe.exe
  2⤵
  PID:3644
- C:\Windows\System\VQHSslS.exe
  C:\Windows\System\VQHSslS.exe
  2⤵
  PID:3660
- C:\Windows\System\pcqroib.exe
  C:\Windows\System\pcqroib.exe
  2⤵
  PID:3684
- C:\Windows\System\qlolEca.exe
  C:\Windows\System\qlolEca.exe
  2⤵
  PID:3708
- C:\Windows\System\sQGcScH.exe
  C:\Windows\System\sQGcScH.exe
  2⤵
  PID:3728
- C:\Windows\System\zduUvvb.exe
  C:\Windows\System\zduUvvb.exe
  2⤵
  PID:3748
- C:\Windows\System\kPsdfVm.exe
  C:\Windows\System\kPsdfVm.exe
  2⤵
  PID:3768
- C:\Windows\System\iEVcnPx.exe
  C:\Windows\System\iEVcnPx.exe
  2⤵
  PID:3788
- C:\Windows\System\AtwMnZn.exe
  C:\Windows\System\AtwMnZn.exe
  2⤵
  PID:3808
- C:\Windows\System\nGSpFqW.exe
  C:\Windows\System\nGSpFqW.exe
  2⤵
  PID:3828
- C:\Windows\System\oXPwLGX.exe
  C:\Windows\System\oXPwLGX.exe
  2⤵
  PID:3848
- C:\Windows\System\VjLEKxi.exe
  C:\Windows\System\VjLEKxi.exe
  2⤵
  PID:3868
- C:\Windows\System\ojCayzU.exe
  C:\Windows\System\ojCayzU.exe
  2⤵
  PID:3888
- C:\Windows\System\KlIPrnv.exe
  C:\Windows\System\KlIPrnv.exe
  2⤵
  PID:3908
- C:\Windows\System\McUDWKo.exe
  C:\Windows\System\McUDWKo.exe
  2⤵
  PID:3928
- C:\Windows\System\YpevHzH.exe
  C:\Windows\System\YpevHzH.exe
  2⤵
  PID:3948
- C:\Windows\System\gVGKIpY.exe
  C:\Windows\System\gVGKIpY.exe
  2⤵
  PID:3968
- C:\Windows\System\IwHjUSG.exe
  C:\Windows\System\IwHjUSG.exe
  2⤵
  PID:3988
- C:\Windows\System\JMMQNhg.exe
  C:\Windows\System\JMMQNhg.exe
  2⤵
  PID:4008
- C:\Windows\System\jrcVGXy.exe
  C:\Windows\System\jrcVGXy.exe
  2⤵
  PID:4028
- C:\Windows\System\VUIBtTi.exe
  C:\Windows\System\VUIBtTi.exe
  2⤵
  PID:4048
- C:\Windows\System\AfhBllh.exe
  C:\Windows\System\AfhBllh.exe
  2⤵
  PID:4068
- C:\Windows\System\lkScdpa.exe
  C:\Windows\System\lkScdpa.exe
  2⤵
  PID:4088
- C:\Windows\System\IJxZXBZ.exe
  C:\Windows\System\IJxZXBZ.exe
  2⤵
  PID:1772
- C:\Windows\System\FJigopH.exe
  C:\Windows\System\FJigopH.exe
  2⤵
  PID:2168
- C:\Windows\System\iWcTTEv.exe
  C:\Windows\System\iWcTTEv.exe
  2⤵
  PID:928
- C:\Windows\System\PboNwmR.exe
  C:\Windows\System\PboNwmR.exe
  2⤵
  PID:2072
- C:\Windows\System\HZPmYky.exe
  C:\Windows\System\HZPmYky.exe
  2⤵
  PID:1736
- C:\Windows\System\rbXhYpu.exe
  C:\Windows\System\rbXhYpu.exe
  2⤵
  PID:684
- C:\Windows\System\azOvNZd.exe
  C:\Windows\System\azOvNZd.exe
  2⤵
  PID:2740
- C:\Windows\System\WYCSJpm.exe
  C:\Windows\System\WYCSJpm.exe
  2⤵
  PID:3000
- C:\Windows\System\fSJxQYY.exe
  C:\Windows\System\fSJxQYY.exe
  2⤵
  PID:1672
- C:\Windows\System\hGkSpgB.exe
  C:\Windows\System\hGkSpgB.exe
  2⤵
  PID:1948
- C:\Windows\System\sCBoimw.exe
  C:\Windows\System\sCBoimw.exe
  2⤵
  PID:2000
- C:\Windows\System\MugEwUC.exe
  C:\Windows\System\MugEwUC.exe
  2⤵
  PID:2224
- C:\Windows\System\LDoHXhw.exe
  C:\Windows\System\LDoHXhw.exe
  2⤵
  PID:408
- C:\Windows\System\MixEZrT.exe
  C:\Windows\System\MixEZrT.exe
  2⤵
  PID:1636
- C:\Windows\System\XKoizVn.exe
  C:\Windows\System\XKoizVn.exe
  2⤵
  PID:3100
- C:\Windows\System\WsPuMHQ.exe
  C:\Windows\System\WsPuMHQ.exe
  2⤵
  PID:284
- C:\Windows\System\jGyUKHz.exe
  C:\Windows\System\jGyUKHz.exe
  2⤵
  PID:3160
- C:\Windows\System\uAFKziL.exe
  C:\Windows\System\uAFKziL.exe
  2⤵
  PID:3192
- C:\Windows\System\cbCHKuX.exe
  C:\Windows\System\cbCHKuX.exe
  2⤵
  PID:3232
- C:\Windows\System\uedhXdO.exe
  C:\Windows\System\uedhXdO.exe
  2⤵
  PID:3260
- C:\Windows\System\jgMvZWp.exe
  C:\Windows\System\jgMvZWp.exe
  2⤵
  PID:3292
- C:\Windows\System\wQzdPWz.exe
  C:\Windows\System\wQzdPWz.exe
  2⤵
  PID:3316
- C:\Windows\System\GZhBfPu.exe
  C:\Windows\System\GZhBfPu.exe
  2⤵
  PID:3336
- C:\Windows\System\kPWXHsZ.exe
  C:\Windows\System\kPWXHsZ.exe
  2⤵
  PID:3376
- C:\Windows\System\WZZlYOC.exe
  C:\Windows\System\WZZlYOC.exe
  2⤵
  PID:3416
- C:\Windows\System\sGFlVTD.exe
  C:\Windows\System\sGFlVTD.exe
  2⤵
  PID:3456
- C:\Windows\System\mNZxnnD.exe
  C:\Windows\System\mNZxnnD.exe
  2⤵
  PID:3492
- C:\Windows\System\jdjWrvI.exe
  C:\Windows\System\jdjWrvI.exe
  2⤵
  PID:3516
- C:\Windows\System\GslRxbk.exe
  C:\Windows\System\GslRxbk.exe
  2⤵
  PID:3560
- C:\Windows\System\howanCw.exe
  C:\Windows\System\howanCw.exe
  2⤵
  PID:3592
- C:\Windows\System\QlrcVBI.exe
  C:\Windows\System\QlrcVBI.exe
  2⤵
  PID:3640
- C:\Windows\System\TLvwQOn.exe
  C:\Windows\System\TLvwQOn.exe
  2⤵
  PID:3656
- C:\Windows\System\FRdiwRr.exe
  C:\Windows\System\FRdiwRr.exe
  2⤵
  PID:3692
- C:\Windows\System\kgjbzUc.exe
  C:\Windows\System\kgjbzUc.exe
  2⤵
  PID:3720
- C:\Windows\System\LYscebY.exe
  C:\Windows\System\LYscebY.exe
  2⤵
  PID:3764
- C:\Windows\System\BHrWOog.exe
  C:\Windows\System\BHrWOog.exe
  2⤵
  PID:3804
- C:\Windows\System\qlotDTJ.exe
  C:\Windows\System\qlotDTJ.exe
  2⤵
  PID:3820
- C:\Windows\System\uYDZyEN.exe
  C:\Windows\System\uYDZyEN.exe
  2⤵
  PID:3876
- C:\Windows\System\hZZbjIq.exe
  C:\Windows\System\hZZbjIq.exe
  2⤵
  PID:3916
- C:\Windows\System\GloYZWk.exe
  C:\Windows\System\GloYZWk.exe
  2⤵
  PID:3936
- C:\Windows\System\WoRUgek.exe
  C:\Windows\System\WoRUgek.exe
  2⤵
  PID:3964
- C:\Windows\System\sJAUDCd.exe
  C:\Windows\System\sJAUDCd.exe
  2⤵
  PID:3984
- C:\Windows\System\WDRgEgG.exe
  C:\Windows\System\WDRgEgG.exe
  2⤵
  PID:4020
- C:\Windows\System\ZeSDjer.exe
  C:\Windows\System\ZeSDjer.exe
  2⤵
  PID:4064
- C:\Windows\System\LRZlNcS.exe
  C:\Windows\System\LRZlNcS.exe
  2⤵
  PID:1520
- C:\Windows\System\WCnpoOz.exe
  C:\Windows\System\WCnpoOz.exe
  2⤵
  PID:1620
- C:\Windows\System\VLjBPZs.exe
  C:\Windows\System\VLjBPZs.exe
  2⤵
  PID:2292
- C:\Windows\System\CJVnPOW.exe
  C:\Windows\System\CJVnPOW.exe
  2⤵
  PID:1732
- C:\Windows\System\NQihPqd.exe
  C:\Windows\System\NQihPqd.exe
  2⤵
  PID:2856
- C:\Windows\System\NQGWrwF.exe
  C:\Windows\System\NQGWrwF.exe
  2⤵
  PID:804
- C:\Windows\System\xePNIQa.exe
  C:\Windows\System\xePNIQa.exe
  2⤵
  PID:2236
- C:\Windows\System\GeoVWgd.exe
  C:\Windows\System\GeoVWgd.exe
  2⤵
  PID:1860
- C:\Windows\System\GbRmehr.exe
  C:\Windows\System\GbRmehr.exe
  2⤵
  PID:2284
- C:\Windows\System\fcvgrGc.exe
  C:\Windows\System\fcvgrGc.exe
  2⤵
  PID:3120
- C:\Windows\System\CiHsDWK.exe
  C:\Windows\System\CiHsDWK.exe
  2⤵
  PID:3172
- C:\Windows\System\XEGdhWx.exe
  C:\Windows\System\XEGdhWx.exe
  2⤵
  PID:3220
- C:\Windows\System\UUFYKGW.exe
  C:\Windows\System\UUFYKGW.exe
  2⤵
  PID:3296
- C:\Windows\System\WYqzsGQ.exe
  C:\Windows\System\WYqzsGQ.exe
  2⤵
  PID:3352
- C:\Windows\System\qeaxwXH.exe
  C:\Windows\System\qeaxwXH.exe
  2⤵
  PID:3380
- C:\Windows\System\GggBXUY.exe
  C:\Windows\System\GggBXUY.exe
  2⤵
  PID:3420
- C:\Windows\System\uGogNQp.exe
  C:\Windows\System\uGogNQp.exe
  2⤵
  PID:3476
- C:\Windows\System\qwyeLWP.exe
  C:\Windows\System\qwyeLWP.exe
  2⤵
  PID:3576
- C:\Windows\System\OyrOKOC.exe
  C:\Windows\System\OyrOKOC.exe
  2⤵
  PID:3632
- C:\Windows\System\UrJRebA.exe
  C:\Windows\System\UrJRebA.exe
  2⤵
  PID:3672
- C:\Windows\System\Atfzgmj.exe
  C:\Windows\System\Atfzgmj.exe
  2⤵
  PID:3696
- C:\Windows\System\qWSUVdU.exe
  C:\Windows\System\qWSUVdU.exe
  2⤵
  PID:3796
- C:\Windows\System\KDQDTZO.exe
  C:\Windows\System\KDQDTZO.exe
  2⤵
  PID:3816
- C:\Windows\System\qLIfZfB.exe
  C:\Windows\System\qLIfZfB.exe
  2⤵
  PID:3900
- C:\Windows\System\xunKtdZ.exe
  C:\Windows\System\xunKtdZ.exe
  2⤵
  PID:3996
- C:\Windows\System\XVpbSGc.exe
  C:\Windows\System\XVpbSGc.exe
  2⤵
  PID:4016
- C:\Windows\System\iCLbvMa.exe
  C:\Windows\System\iCLbvMa.exe
  2⤵
  PID:4076
- C:\Windows\System\YNResVp.exe
  C:\Windows\System\YNResVp.exe
  2⤵
  PID:4084
- C:\Windows\System\ikBJaMs.exe
  C:\Windows\System\ikBJaMs.exe
  2⤵
  PID:1816
- C:\Windows\System\lUHmPro.exe
  C:\Windows\System\lUHmPro.exe
  2⤵
  PID:1572
- C:\Windows\System\QicPSTm.exe
  C:\Windows\System\QicPSTm.exe
  2⤵
  PID:2648
- C:\Windows\System\VpBhKZk.exe
  C:\Windows\System\VpBhKZk.exe
  2⤵
  PID:800
- C:\Windows\System\JbBDPVA.exe
  C:\Windows\System\JbBDPVA.exe
  2⤵
  PID:3140
- C:\Windows\System\CLNRpNX.exe
  C:\Windows\System\CLNRpNX.exe
  2⤵
  PID:3136
- C:\Windows\System\OgFziYs.exe
  C:\Windows\System\OgFziYs.exe
  2⤵
  PID:3312
- C:\Windows\System\MkyDQHj.exe
  C:\Windows\System\MkyDQHj.exe
  2⤵
  PID:3360
- C:\Windows\System\BXwwGYF.exe
  C:\Windows\System\BXwwGYF.exe
  2⤵
  PID:3472
- C:\Windows\System\qlxbIkw.exe
  C:\Windows\System\qlxbIkw.exe
  2⤵
  PID:3596
- C:\Windows\System\PqqKHQv.exe
  C:\Windows\System\PqqKHQv.exe
  2⤵
  PID:3716
- C:\Windows\System\sAhqwST.exe
  C:\Windows\System\sAhqwST.exe
  2⤵
  PID:4116
- C:\Windows\System\PeEIZNQ.exe
  C:\Windows\System\PeEIZNQ.exe
  2⤵
  PID:4136
- C:\Windows\System\qfoxovV.exe
  C:\Windows\System\qfoxovV.exe
  2⤵
  PID:4156
- C:\Windows\System\tMaBXcv.exe
  C:\Windows\System\tMaBXcv.exe
  2⤵
  PID:4176
- C:\Windows\System\wTEWIlH.exe
  C:\Windows\System\wTEWIlH.exe
  2⤵
  PID:4196
- C:\Windows\System\rrfCExJ.exe
  C:\Windows\System\rrfCExJ.exe
  2⤵
  PID:4216
- C:\Windows\System\zdpDIhY.exe
  C:\Windows\System\zdpDIhY.exe
  2⤵
  PID:4236
- C:\Windows\System\HwRRnHf.exe
  C:\Windows\System\HwRRnHf.exe
  2⤵
  PID:4256
- C:\Windows\System\fOPpMoa.exe
  C:\Windows\System\fOPpMoa.exe
  2⤵
  PID:4276
- C:\Windows\System\KnpVfxk.exe
  C:\Windows\System\KnpVfxk.exe
  2⤵
  PID:4296
- C:\Windows\System\fIFtuFk.exe
  C:\Windows\System\fIFtuFk.exe
  2⤵
  PID:4316
- C:\Windows\System\fYdWwUH.exe
  C:\Windows\System\fYdWwUH.exe
  2⤵
  PID:4336
- C:\Windows\System\ppfXlHs.exe
  C:\Windows\System\ppfXlHs.exe
  2⤵
  PID:4356
- C:\Windows\System\HqgKEdf.exe
  C:\Windows\System\HqgKEdf.exe
  2⤵
  PID:4376
- C:\Windows\System\hCZRtPr.exe
  C:\Windows\System\hCZRtPr.exe
  2⤵
  PID:4396
- C:\Windows\System\PHPckAr.exe
  C:\Windows\System\PHPckAr.exe
  2⤵
  PID:4416
- C:\Windows\System\kamsBZw.exe
  C:\Windows\System\kamsBZw.exe
  2⤵
  PID:4436
- C:\Windows\System\XhWksWe.exe
  C:\Windows\System\XhWksWe.exe
  2⤵
  PID:4456
- C:\Windows\System\gqysQQt.exe
  C:\Windows\System\gqysQQt.exe
  2⤵
  PID:4476
- C:\Windows\System\AiMmBBu.exe
  C:\Windows\System\AiMmBBu.exe
  2⤵
  PID:4496
- C:\Windows\System\RiHgeDD.exe
  C:\Windows\System\RiHgeDD.exe
  2⤵
  PID:4516
- C:\Windows\System\BtYvYKs.exe
  C:\Windows\System\BtYvYKs.exe
  2⤵
  PID:4536
- C:\Windows\System\ssSNXqh.exe
  C:\Windows\System\ssSNXqh.exe
  2⤵
  PID:4556
- C:\Windows\System\NcMdDTK.exe
  C:\Windows\System\NcMdDTK.exe
  2⤵
  PID:4576
- C:\Windows\System\RKMehVT.exe
  C:\Windows\System\RKMehVT.exe
  2⤵
  PID:4596
- C:\Windows\System\atmKnJf.exe
  C:\Windows\System\atmKnJf.exe
  2⤵
  PID:4616
- C:\Windows\System\JummUIq.exe
  C:\Windows\System\JummUIq.exe
  2⤵
  PID:4636
- C:\Windows\System\aVDGdxS.exe
  C:\Windows\System\aVDGdxS.exe
  2⤵
  PID:4656
- C:\Windows\System\XvlOEVD.exe
  C:\Windows\System\XvlOEVD.exe
  2⤵
  PID:4676
- C:\Windows\System\KrAGuho.exe
  C:\Windows\System\KrAGuho.exe
  2⤵
  PID:4696
- C:\Windows\System\ovAVsFo.exe
  C:\Windows\System\ovAVsFo.exe
  2⤵
  PID:4716
- C:\Windows\System\YFSnGGZ.exe
  C:\Windows\System\YFSnGGZ.exe
  2⤵
  PID:4736
- C:\Windows\System\owvhphZ.exe
  C:\Windows\System\owvhphZ.exe
  2⤵
  PID:4756
- C:\Windows\System\CXqVqvF.exe
  C:\Windows\System\CXqVqvF.exe
  2⤵
  PID:4780
- C:\Windows\System\XsGccqj.exe
  C:\Windows\System\XsGccqj.exe
  2⤵
  PID:4800
- C:\Windows\System\gXmzMWi.exe
  C:\Windows\System\gXmzMWi.exe
  2⤵
  PID:4820
- C:\Windows\System\VMchMVs.exe
  C:\Windows\System\VMchMVs.exe
  2⤵
  PID:4840
- C:\Windows\System\hyuAHqJ.exe
  C:\Windows\System\hyuAHqJ.exe
  2⤵
  PID:4860
- C:\Windows\System\GAylIlG.exe
  C:\Windows\System\GAylIlG.exe
  2⤵
  PID:4880
- C:\Windows\System\YKHNEFF.exe
  C:\Windows\System\YKHNEFF.exe
  2⤵
  PID:4900
- C:\Windows\System\RZBufgv.exe
  C:\Windows\System\RZBufgv.exe
  2⤵
  PID:4920
- C:\Windows\System\XeAVqLa.exe
  C:\Windows\System\XeAVqLa.exe
  2⤵
  PID:4940
- C:\Windows\System\EDNdXyb.exe
  C:\Windows\System\EDNdXyb.exe
  2⤵
  PID:4960
- C:\Windows\System\SQhpQiC.exe
  C:\Windows\System\SQhpQiC.exe
  2⤵
  PID:4980
- C:\Windows\System\BMTuYeg.exe
  C:\Windows\System\BMTuYeg.exe
  2⤵
  PID:5000
- C:\Windows\System\dLyLQss.exe
  C:\Windows\System\dLyLQss.exe
  2⤵
  PID:5020
- C:\Windows\System\CCeqIGi.exe
  C:\Windows\System\CCeqIGi.exe
  2⤵
  PID:5040
- C:\Windows\System\iORyfak.exe
  C:\Windows\System\iORyfak.exe
  2⤵
  PID:5060
- C:\Windows\System\utJgVwN.exe
  C:\Windows\System\utJgVwN.exe
  2⤵
  PID:5080
- C:\Windows\System\VYSjfop.exe
  C:\Windows\System\VYSjfop.exe
  2⤵
  PID:5100
- C:\Windows\System\TcJTjAt.exe
  C:\Windows\System\TcJTjAt.exe
  2⤵
  PID:3776
- C:\Windows\System\FRIsBFt.exe
  C:\Windows\System\FRIsBFt.exe
  2⤵
  PID:3844
- C:\Windows\System\BjgnoLp.exe
  C:\Windows\System\BjgnoLp.exe
  2⤵
  PID:3860
- C:\Windows\System\mEugvZg.exe
  C:\Windows\System\mEugvZg.exe
  2⤵
  PID:3956
- C:\Windows\System\zvFcmnB.exe
  C:\Windows\System\zvFcmnB.exe
  2⤵
  PID:728
- C:\Windows\System\gMJmYcr.exe
  C:\Windows\System\gMJmYcr.exe
  2⤵
  PID:2336
- C:\Windows\System\wGrJvfy.exe
  C:\Windows\System\wGrJvfy.exe
  2⤵
  PID:1984
- C:\Windows\System\OjeFLvu.exe
  C:\Windows\System\OjeFLvu.exe
  2⤵
  PID:3092
- C:\Windows\System\VSOBnUi.exe
  C:\Windows\System\VSOBnUi.exe
  2⤵
  PID:3152
- C:\Windows\System\gVuBOpL.exe
  C:\Windows\System\gVuBOpL.exe
  2⤵
  PID:3236
- C:\Windows\System\kwQNhpb.exe
  C:\Windows\System\kwQNhpb.exe
  2⤵
  PID:3496
- C:\Windows\System\YnHWoVj.exe
  C:\Windows\System\YnHWoVj.exe
  2⤵
  PID:3652
- C:\Windows\System\lycgZAS.exe
  C:\Windows\System\lycgZAS.exe
  2⤵
  PID:4124
- C:\Windows\System\CbrQeqm.exe
  C:\Windows\System\CbrQeqm.exe
  2⤵
  PID:4164
- C:\Windows\System\OorVEsg.exe
  C:\Windows\System\OorVEsg.exe
  2⤵
  PID:4188
- C:\Windows\System\mkzdyXN.exe
  C:\Windows\System\mkzdyXN.exe
  2⤵
  PID:4232
- C:\Windows\System\UUwnzdq.exe
  C:\Windows\System\UUwnzdq.exe
  2⤵
  PID:4252
- C:\Windows\System\TLDflwu.exe
  C:\Windows\System\TLDflwu.exe
  2⤵
  PID:4304
- C:\Windows\System\uPieJFr.exe
  C:\Windows\System\uPieJFr.exe
  2⤵
  PID:4344
- C:\Windows\System\ssLRLFo.exe
  C:\Windows\System\ssLRLFo.exe
  2⤵
  PID:4364
- C:\Windows\System\JZIlyJK.exe
  C:\Windows\System\JZIlyJK.exe
  2⤵
  PID:4388
- C:\Windows\System\zNnPKeC.exe
  C:\Windows\System\zNnPKeC.exe
  2⤵
  PID:4408
- C:\Windows\System\wdVcPyX.exe
  C:\Windows\System\wdVcPyX.exe
  2⤵
  PID:4472
- C:\Windows\System\dGhOppa.exe
  C:\Windows\System\dGhOppa.exe
  2⤵
  PID:4512
- C:\Windows\System\htaQEFY.exe
  C:\Windows\System\htaQEFY.exe
  2⤵
  PID:4532
- C:\Windows\System\BryGUcn.exe
  C:\Windows\System\BryGUcn.exe
  2⤵
  PID:4564
- C:\Windows\System\VHHHDOu.exe
  C:\Windows\System\VHHHDOu.exe
  2⤵
  PID:4568
- C:\Windows\System\iVZsjIr.exe
  C:\Windows\System\iVZsjIr.exe
  2⤵
  PID:4628
- C:\Windows\System\odmRYLk.exe
  C:\Windows\System\odmRYLk.exe
  2⤵
  PID:4648
- C:\Windows\System\bpjvxFB.exe
  C:\Windows\System\bpjvxFB.exe
  2⤵
  PID:4688
- C:\Windows\System\gryoqCE.exe
  C:\Windows\System\gryoqCE.exe
  2⤵
  PID:4732
- C:\Windows\System\DlLEeJy.exe
  C:\Windows\System\DlLEeJy.exe
  2⤵
  PID:4788
- C:\Windows\System\TXruUMo.exe
  C:\Windows\System\TXruUMo.exe
  2⤵
  PID:4808
- C:\Windows\System\zXPRshP.exe
  C:\Windows\System\zXPRshP.exe
  2⤵
  PID:4832
- C:\Windows\System\ccFqoOk.exe
  C:\Windows\System\ccFqoOk.exe
  2⤵
  PID:4876
- C:\Windows\System\xQcyqXY.exe
  C:\Windows\System\xQcyqXY.exe
  2⤵
  PID:4892
- C:\Windows\System\oyQLYPe.exe
  C:\Windows\System\oyQLYPe.exe
  2⤵
  PID:4956
- C:\Windows\System\LWdBwyJ.exe
  C:\Windows\System\LWdBwyJ.exe
  2⤵
  PID:4976
- C:\Windows\System\mZLElFS.exe
  C:\Windows\System\mZLElFS.exe
  2⤵
  PID:5008
- C:\Windows\System\JGSoCUC.exe
  C:\Windows\System\JGSoCUC.exe
  2⤵
  PID:5012
- C:\Windows\System\Eoyuorh.exe
  C:\Windows\System\Eoyuorh.exe
  2⤵
  PID:5072
- C:\Windows\System\BysNevp.exe
  C:\Windows\System\BysNevp.exe
  2⤵
  PID:5112
- C:\Windows\System\WNVPVqu.exe
  C:\Windows\System\WNVPVqu.exe
  2⤵
  PID:3724
- C:\Windows\System\HHUKAlI.exe
  C:\Windows\System\HHUKAlI.exe
  2⤵
  PID:3924
- C:\Windows\System\CCOhmcN.exe
  C:\Windows\System\CCOhmcN.exe
  2⤵
  PID:1028
- C:\Windows\System\MVShWsU.exe
  C:\Windows\System\MVShWsU.exe
  2⤵
  PID:3240
- C:\Windows\System\rbnUJbm.exe
  C:\Windows\System\rbnUJbm.exe
  2⤵
  PID:2664
- C:\Windows\System\cXrxHkV.exe
  C:\Windows\System\cXrxHkV.exe
  2⤵
  PID:3572
- C:\Windows\System\wqKgLue.exe
  C:\Windows\System\wqKgLue.exe
  2⤵
  PID:4104
- C:\Windows\System\ZgYbqhY.exe
  C:\Windows\System\ZgYbqhY.exe
  2⤵
  PID:4192
- C:\Windows\System\NtViAdo.exe
  C:\Windows\System\NtViAdo.exe
  2⤵
  PID:4208
- C:\Windows\System\GxxXDZk.exe
  C:\Windows\System\GxxXDZk.exe
  2⤵
  PID:4308
- C:\Windows\System\xIVYCyd.exe
  C:\Windows\System\xIVYCyd.exe
  2⤵
  PID:4288
- C:\Windows\System\LQqhCKS.exe
  C:\Windows\System\LQqhCKS.exe
  2⤵
  PID:4328
- C:\Windows\System\wlUqyba.exe
  C:\Windows\System\wlUqyba.exe
  2⤵
  PID:4412
- C:\Windows\System\rprumYA.exe
  C:\Windows\System\rprumYA.exe
  2⤵
  PID:4504
- C:\Windows\System\PDhPmRf.exe
  C:\Windows\System\PDhPmRf.exe
  2⤵
  PID:4544
- C:\Windows\System\BPapSXH.exe
  C:\Windows\System\BPapSXH.exe
  2⤵
  PID:4588
- C:\Windows\System\pkVduQy.exe
  C:\Windows\System\pkVduQy.exe
  2⤵
  PID:4664
- C:\Windows\System\WjnDydu.exe
  C:\Windows\System\WjnDydu.exe
  2⤵
  PID:4724
- C:\Windows\System\QgdYuKJ.exe
  C:\Windows\System\QgdYuKJ.exe
  2⤵
  PID:4792
- C:\Windows\System\zyYZBfe.exe
  C:\Windows\System\zyYZBfe.exe
  2⤵
  PID:4816
- C:\Windows\System\WAIYAlU.exe
  C:\Windows\System\WAIYAlU.exe
  2⤵
  PID:4896
- C:\Windows\System\cjpCtFo.exe
  C:\Windows\System\cjpCtFo.exe
  2⤵
  PID:4928
- C:\Windows\System\AGbnXuW.exe
  C:\Windows\System\AGbnXuW.exe
  2⤵
  PID:4972
- C:\Windows\System\SoQmEch.exe
  C:\Windows\System\SoQmEch.exe
  2⤵
  PID:5056
- C:\Windows\System\FYKFUAr.exe
  C:\Windows\System\FYKFUAr.exe
  2⤵
  PID:5088
- C:\Windows\System\rayWLtg.exe
  C:\Windows\System\rayWLtg.exe
  2⤵
  PID:3976
- C:\Windows\System\jiLClCU.exe
  C:\Windows\System\jiLClCU.exe
  2⤵
  PID:4024
- C:\Windows\System\SYjfNKg.exe
  C:\Windows\System\SYjfNKg.exe
  2⤵
  PID:2532
- C:\Windows\System\feMVvtz.exe
  C:\Windows\System\feMVvtz.exe
  2⤵
  PID:3452
- C:\Windows\System\SomIkgK.exe
  C:\Windows\System\SomIkgK.exe
  2⤵
  PID:3392
- C:\Windows\System\NzNMvuV.exe
  C:\Windows\System\NzNMvuV.exe
  2⤵
  PID:4284
- C:\Windows\System\dnuYWUs.exe
  C:\Windows\System\dnuYWUs.exe
  2⤵
  PID:4264
- C:\Windows\System\CVCkrVN.exe
  C:\Windows\System\CVCkrVN.exe
  2⤵
  PID:2468
- C:\Windows\System\zQnYFvE.exe
  C:\Windows\System\zQnYFvE.exe
  2⤵
  PID:4452
- C:\Windows\System\aTIDrDu.exe
  C:\Windows\System\aTIDrDu.exe
  2⤵
  PID:4652
- C:\Windows\System\qifmHQh.exe
  C:\Windows\System\qifmHQh.exe
  2⤵
  PID:4548
- C:\Windows\System\STaIqiA.exe
  C:\Windows\System\STaIqiA.exe
  2⤵
  PID:4692
- C:\Windows\System\caioTTQ.exe
  C:\Windows\System\caioTTQ.exe
  2⤵
  PID:4768
- C:\Windows\System\fjRwlvz.exe
  C:\Windows\System\fjRwlvz.exe
  2⤵
  PID:5128
- C:\Windows\System\bafxntz.exe
  C:\Windows\System\bafxntz.exe
  2⤵
  PID:5148
- C:\Windows\System\EkLokOg.exe
  C:\Windows\System\EkLokOg.exe
  2⤵
  PID:5168
- C:\Windows\System\RPNEoEK.exe
  C:\Windows\System\RPNEoEK.exe
  2⤵
  PID:5188
- C:\Windows\System\JRbxGXy.exe
  C:\Windows\System\JRbxGXy.exe
  2⤵
  PID:5208
- C:\Windows\System\dgvsLVV.exe
  C:\Windows\System\dgvsLVV.exe
  2⤵
  PID:5232
- C:\Windows\System\ZyZFKgk.exe
  C:\Windows\System\ZyZFKgk.exe
  2⤵
  PID:5252
- C:\Windows\System\muIgVQR.exe
  C:\Windows\System\muIgVQR.exe
  2⤵
  PID:5272
- C:\Windows\System\gFqyAgc.exe
  C:\Windows\System\gFqyAgc.exe
  2⤵
  PID:5292
- C:\Windows\System\ZJbGgrp.exe
  C:\Windows\System\ZJbGgrp.exe
  2⤵
  PID:5312
- C:\Windows\System\ppDMyma.exe
  C:\Windows\System\ppDMyma.exe
  2⤵
  PID:5332
- C:\Windows\System\xqLxwja.exe
  C:\Windows\System\xqLxwja.exe
  2⤵
  PID:5352
- C:\Windows\System\idjunKy.exe
  C:\Windows\System\idjunKy.exe
  2⤵
  PID:5372
- C:\Windows\System\wNRZQWr.exe
  C:\Windows\System\wNRZQWr.exe
  2⤵
  PID:5392
- C:\Windows\System\gOfsODP.exe
  C:\Windows\System\gOfsODP.exe
  2⤵
  PID:5412
- C:\Windows\System\xZMxEhD.exe
  C:\Windows\System\xZMxEhD.exe
  2⤵
  PID:5432
- C:\Windows\System\KdxIrHb.exe
  C:\Windows\System\KdxIrHb.exe
  2⤵
  PID:5452
- C:\Windows\System\vgFGvLv.exe
  C:\Windows\System\vgFGvLv.exe
  2⤵
  PID:5472
- C:\Windows\System\ldzMnAf.exe
  C:\Windows\System\ldzMnAf.exe
  2⤵
  PID:5492
- C:\Windows\System\ypmLvYn.exe
  C:\Windows\System\ypmLvYn.exe
  2⤵
  PID:5512
- C:\Windows\System\RBGmujO.exe
  C:\Windows\System\RBGmujO.exe
  2⤵
  PID:5532
- C:\Windows\System\nXIkcWY.exe
  C:\Windows\System\nXIkcWY.exe
  2⤵
  PID:5552
- C:\Windows\System\bxBRAtF.exe
  C:\Windows\System\bxBRAtF.exe
  2⤵
  PID:5572
- C:\Windows\System\ymWwlKG.exe
  C:\Windows\System\ymWwlKG.exe
  2⤵
  PID:5592
- C:\Windows\System\IgcMWmo.exe
  C:\Windows\System\IgcMWmo.exe
  2⤵
  PID:5612
- C:\Windows\System\jAYcdvW.exe
  C:\Windows\System\jAYcdvW.exe
  2⤵
  PID:5632
- C:\Windows\System\EnpovNr.exe
  C:\Windows\System\EnpovNr.exe
  2⤵
  PID:5652
- C:\Windows\System\oyJCYYT.exe
  C:\Windows\System\oyJCYYT.exe
  2⤵
  PID:5672
- C:\Windows\System\eBPnVBM.exe
  C:\Windows\System\eBPnVBM.exe
  2⤵
  PID:5692
- C:\Windows\System\QPxudmz.exe
  C:\Windows\System\QPxudmz.exe
  2⤵
  PID:5712
- C:\Windows\System\DwBOtZi.exe
  C:\Windows\System\DwBOtZi.exe
  2⤵
  PID:5732
- C:\Windows\System\ZQonhrK.exe
  C:\Windows\System\ZQonhrK.exe
  2⤵
  PID:5752
- C:\Windows\System\SrgjUCh.exe
  C:\Windows\System\SrgjUCh.exe
  2⤵
  PID:5772
- C:\Windows\System\ExeoYFE.exe
  C:\Windows\System\ExeoYFE.exe
  2⤵
  PID:5792
- C:\Windows\System\vBaoUwe.exe
  C:\Windows\System\vBaoUwe.exe
  2⤵
  PID:5812
- C:\Windows\System\gzSZeZC.exe
  C:\Windows\System\gzSZeZC.exe
  2⤵
  PID:5832
- C:\Windows\System\ekvIrBS.exe
  C:\Windows\System\ekvIrBS.exe
  2⤵
  PID:5852
- C:\Windows\System\rBewmAL.exe
  C:\Windows\System\rBewmAL.exe
  2⤵
  PID:5872
- C:\Windows\System\vPUNHTp.exe
  C:\Windows\System\vPUNHTp.exe
  2⤵
  PID:5892
- C:\Windows\System\qAOxczU.exe
  C:\Windows\System\qAOxczU.exe
  2⤵
  PID:5912
- C:\Windows\System\mWwZXNK.exe
  C:\Windows\System\mWwZXNK.exe
  2⤵
  PID:5936
- C:\Windows\System\auXycjZ.exe
  C:\Windows\System\auXycjZ.exe
  2⤵
  PID:5956
- C:\Windows\System\YQuphcp.exe
  C:\Windows\System\YQuphcp.exe
  2⤵
  PID:5976
- C:\Windows\System\QBeWGXT.exe
  C:\Windows\System\QBeWGXT.exe
  2⤵
  PID:5996
- C:\Windows\System\JloUmwv.exe
  C:\Windows\System\JloUmwv.exe
  2⤵
  PID:6016
- C:\Windows\System\EVtSaNv.exe
  C:\Windows\System\EVtSaNv.exe
  2⤵
  PID:6036
- C:\Windows\System\LmEvBmL.exe
  C:\Windows\System\LmEvBmL.exe
  2⤵
  PID:6056
- C:\Windows\System\aNkZLEg.exe
  C:\Windows\System\aNkZLEg.exe
  2⤵
  PID:6076
- C:\Windows\System\imuZlYn.exe
  C:\Windows\System\imuZlYn.exe
  2⤵
  PID:6096
- C:\Windows\System\CTwKHtT.exe
  C:\Windows\System\CTwKHtT.exe
  2⤵
  PID:6116
- C:\Windows\System\HiEApKr.exe
  C:\Windows\System\HiEApKr.exe
  2⤵
  PID:6136
- C:\Windows\System\YGSrRaz.exe
  C:\Windows\System\YGSrRaz.exe
  2⤵
  PID:4996
- C:\Windows\System\aFJtJTM.exe
  C:\Windows\System\aFJtJTM.exe
  2⤵
  PID:5092
- C:\Windows\System\jiCsYrx.exe
  C:\Windows\System\jiCsYrx.exe
  2⤵
  PID:3880
- C:\Windows\System\iTOoJuM.exe
  C:\Windows\System\iTOoJuM.exe
  2⤵
  PID:3096
- C:\Windows\System\MgiMqvD.exe
  C:\Windows\System\MgiMqvD.exe
  2⤵
  PID:3396
- C:\Windows\System\CCOTvJD.exe
  C:\Windows\System\CCOTvJD.exe
  2⤵
  PID:4212
- C:\Windows\System\Ehdhjpm.exe
  C:\Windows\System\Ehdhjpm.exe
  2⤵
  PID:4272
- C:\Windows\System\IxjoFbg.exe
  C:\Windows\System\IxjoFbg.exe
  2⤵
  PID:4508
- C:\Windows\System\rwVYkcZ.exe
  C:\Windows\System\rwVYkcZ.exe
  2⤵
  PID:4748
- C:\Windows\System\uozvSvA.exe
  C:\Windows\System\uozvSvA.exe
  2⤵
  PID:4908
- C:\Windows\System\fcIusCf.exe
  C:\Windows\System\fcIusCf.exe
  2⤵
  PID:4868
- C:\Windows\System\mDzOTJI.exe
  C:\Windows\System\mDzOTJI.exe
  2⤵
  PID:5140
- C:\Windows\System\kIRMJYU.exe
  C:\Windows\System\kIRMJYU.exe
  2⤵
  PID:5196
- C:\Windows\System\zxbhOZY.exe
  C:\Windows\System\zxbhOZY.exe
  2⤵
  PID:5248
- C:\Windows\System\KlPRdNa.exe
  C:\Windows\System\KlPRdNa.exe
  2⤵
  PID:5288
- C:\Windows\System\AFLyKyf.exe
  C:\Windows\System\AFLyKyf.exe
  2⤵
  PID:5284
- C:\Windows\System\bPQawYE.exe
  C:\Windows\System\bPQawYE.exe
  2⤵
  PID:5308
- C:\Windows\System\oZmSqYA.exe
  C:\Windows\System\oZmSqYA.exe
  2⤵
  PID:5344
- C:\Windows\System\PesVbpI.exe
  C:\Windows\System\PesVbpI.exe
  2⤵
  PID:5380
- C:\Windows\System\fxuinKl.exe
  C:\Windows\System\fxuinKl.exe
  2⤵
  PID:5448
- C:\Windows\System\CdXgAUZ.exe
  C:\Windows\System\CdXgAUZ.exe
  2⤵
  PID:5480
- C:\Windows\System\wXDwDAr.exe
  C:\Windows\System\wXDwDAr.exe
  2⤵
  PID:5484
- C:\Windows\System\sAMAVnA.exe
  C:\Windows\System\sAMAVnA.exe
  2⤵
  PID:5504
- C:\Windows\System\DUuPZRQ.exe
  C:\Windows\System\DUuPZRQ.exe
  2⤵
  PID:5564
- C:\Windows\System\VWauALd.exe
  C:\Windows\System\VWauALd.exe
  2⤵
  PID:5588
- C:\Windows\System\WsYFLzK.exe
  C:\Windows\System\WsYFLzK.exe
  2⤵
  PID:5640
- C:\Windows\System\SrsyaDg.exe
  C:\Windows\System\SrsyaDg.exe
  2⤵
  PID:5660
- C:\Windows\System\lXjmcAW.exe
  C:\Windows\System\lXjmcAW.exe
  2⤵
  PID:5684
- C:\Windows\System\eOoPPze.exe
  C:\Windows\System\eOoPPze.exe
  2⤵
  PID:5704
- C:\Windows\System\GWhcZvF.exe
  C:\Windows\System\GWhcZvF.exe
  2⤵
  PID:5744
- C:\Windows\System\jJjoKsc.exe
  C:\Windows\System\jJjoKsc.exe
  2⤵
  PID:5788
- C:\Windows\System\MToEOvf.exe
  C:\Windows\System\MToEOvf.exe
  2⤵
  PID:5848
- C:\Windows\System\vIqAitq.exe
  C:\Windows\System\vIqAitq.exe
  2⤵
  PID:5860
- C:\Windows\System\aEUGodT.exe
  C:\Windows\System\aEUGodT.exe
  2⤵
  PID:5884
- C:\Windows\System\DCVDnKj.exe
  C:\Windows\System\DCVDnKj.exe
  2⤵
  PID:5904
- C:\Windows\System\FYDFyVz.exe
  C:\Windows\System\FYDFyVz.exe
  2⤵
  PID:5952
- C:\Windows\System\yvWwBSU.exe
  C:\Windows\System\yvWwBSU.exe
  2⤵
  PID:6012
- C:\Windows\System\RSHCiQW.exe
  C:\Windows\System\RSHCiQW.exe
  2⤵
  PID:6044
- C:\Windows\System\nqjBUBt.exe
  C:\Windows\System\nqjBUBt.exe
  2⤵
  PID:6084
- C:\Windows\System\xigjlLx.exe
  C:\Windows\System\xigjlLx.exe
  2⤵
  PID:6088
- C:\Windows\System\ujEcasu.exe
  C:\Windows\System\ujEcasu.exe
  2⤵
  PID:6128
- C:\Windows\System\pwjdUUF.exe
  C:\Windows\System\pwjdUUF.exe
  2⤵
  PID:4948
- C:\Windows\System\ZgheTAx.exe
  C:\Windows\System\ZgheTAx.exe
  2⤵
  PID:5036
- C:\Windows\System\LchkngO.exe
  C:\Windows\System\LchkngO.exe
  2⤵
  PID:3540
- C:\Windows\System\lkcRHvJ.exe
  C:\Windows\System\lkcRHvJ.exe
  2⤵
  PID:4152
- C:\Windows\System\UFjtkqE.exe
  C:\Windows\System\UFjtkqE.exe
  2⤵
  PID:4268
- C:\Windows\System\imQCrgh.exe
  C:\Windows\System\imQCrgh.exe
  2⤵
  PID:4672
- C:\Windows\System\NKPHuBy.exe
  C:\Windows\System\NKPHuBy.exe
  2⤵
  PID:5156
- C:\Windows\System\rLsDbFg.exe
  C:\Windows\System\rLsDbFg.exe
  2⤵
  PID:5200
- C:\Windows\System\CoGWOHo.exe
  C:\Windows\System\CoGWOHo.exe
  2⤵
  PID:5260
- C:\Windows\System\DXEKyBg.exe
  C:\Windows\System\DXEKyBg.exe
  2⤵
  PID:5268
- C:\Windows\System\HbyvDjI.exe
  C:\Windows\System\HbyvDjI.exe
  2⤵
  PID:5304
- C:\Windows\System\fclVapZ.exe
  C:\Windows\System\fclVapZ.exe
  2⤵
  PID:5364
- C:\Windows\System\mPQOkxJ.exe
  C:\Windows\System\mPQOkxJ.exe
  2⤵
  PID:5464
- C:\Windows\System\HRfATAq.exe
  C:\Windows\System\HRfATAq.exe
  2⤵
  PID:5528
- C:\Windows\System\JlHKdaN.exe
  C:\Windows\System\JlHKdaN.exe
  2⤵
  PID:2640
- C:\Windows\System\WVDAeEn.exe
  C:\Windows\System\WVDAeEn.exe
  2⤵
  PID:5600
- C:\Windows\System\NeTtKsZ.exe
  C:\Windows\System\NeTtKsZ.exe
  2⤵
  PID:5668
- C:\Windows\System\uyDndih.exe
  C:\Windows\System\uyDndih.exe
  2⤵
  PID:5728
- C:\Windows\System\IDGlggG.exe
  C:\Windows\System\IDGlggG.exe
  2⤵
  PID:5800
- C:\Windows\System\KTKmTJx.exe
  C:\Windows\System\KTKmTJx.exe
  2⤵
  PID:5804
- C:\Windows\System\gTrzOCz.exe
  C:\Windows\System\gTrzOCz.exe
  2⤵
  PID:5888
- C:\Windows\System\lGMycQn.exe
  C:\Windows\System\lGMycQn.exe
  2⤵
  PID:5908
- C:\Windows\System\sYVpGaU.exe
  C:\Windows\System\sYVpGaU.exe
  2⤵
  PID:6024
- C:\Windows\System\FYtbOnR.exe
  C:\Windows\System\FYtbOnR.exe
  2⤵
  PID:6072
- C:\Windows\System\wwKCClq.exe
  C:\Windows\System\wwKCClq.exe
  2⤵
  PID:6092
- C:\Windows\System\COXEutd.exe
  C:\Windows\System\COXEutd.exe
  2⤵
  PID:4968
- C:\Windows\System\bjFeeJU.exe
  C:\Windows\System\bjFeeJU.exe
  2⤵
  PID:4992
- C:\Windows\System\dROpYwu.exe
  C:\Windows\System\dROpYwu.exe
  2⤵
  PID:2444
- C:\Windows\System\XQIQAYx.exe
  C:\Windows\System\XQIQAYx.exe
  2⤵
  PID:4348
- C:\Windows\System\WPdyYgd.exe
  C:\Windows\System\WPdyYgd.exe
  2⤵
  PID:4488
- C:\Windows\System\UKYZvUd.exe
  C:\Windows\System\UKYZvUd.exe
  2⤵
  PID:5176
- C:\Windows\System\HmtAOyR.exe
  C:\Windows\System\HmtAOyR.exe
  2⤵
  PID:5348
- C:\Windows\System\UpBUxdb.exe
  C:\Windows\System\UpBUxdb.exe
  2⤵
  PID:5400
- C:\Windows\System\MvbpHll.exe
  C:\Windows\System\MvbpHll.exe
  2⤵
  PID:5508
- C:\Windows\System\yyanSfg.exe
  C:\Windows\System\yyanSfg.exe
  2⤵
  PID:5500
- C:\Windows\System\cnfdIsO.exe
  C:\Windows\System\cnfdIsO.exe
  2⤵
  PID:5624
- C:\Windows\System\LIEZurg.exe
  C:\Windows\System\LIEZurg.exe
  2⤵
  PID:5764
- C:\Windows\System\zsWVxfO.exe
  C:\Windows\System\zsWVxfO.exe
  2⤵
  PID:2892
- C:\Windows\System\qtAGuUL.exe
  C:\Windows\System\qtAGuUL.exe
  2⤵
  PID:5968
- C:\Windows\System\uCxnTAm.exe
  C:\Windows\System\uCxnTAm.exe
  2⤵
  PID:5964
- C:\Windows\System\KNksDSX.exe
  C:\Windows\System\KNksDSX.exe
  2⤵
  PID:6048
- C:\Windows\System\pOykyhG.exe
  C:\Windows\System\pOykyhG.exe
  2⤵
  PID:4852
- C:\Windows\System\hyxdagt.exe
  C:\Windows\System\hyxdagt.exe
  2⤵
  PID:4144
- C:\Windows\System\pxhodWk.exe
  C:\Windows\System\pxhodWk.exe
  2⤵
  PID:2460
- C:\Windows\System\IvqslkO.exe
  C:\Windows\System\IvqslkO.exe
  2⤵
  PID:4592
- C:\Windows\System\eXwKPmR.exe
  C:\Windows\System\eXwKPmR.exe
  2⤵
  PID:5540
- C:\Windows\System\wSBeZeY.exe
  C:\Windows\System\wSBeZeY.exe
  2⤵
  PID:5428
- C:\Windows\System\GXMZXjf.exe
  C:\Windows\System\GXMZXjf.exe
  2⤵
  PID:5708
- C:\Windows\System\dDoIYOA.exe
  C:\Windows\System\dDoIYOA.exe
  2⤵
  PID:6164
- C:\Windows\System\RPxyDpt.exe
  C:\Windows\System\RPxyDpt.exe
  2⤵
  PID:6180
- C:\Windows\System\PmwkVxU.exe
  C:\Windows\System\PmwkVxU.exe
  2⤵
  PID:6204
- C:\Windows\System\mesmHHC.exe
  C:\Windows\System\mesmHHC.exe
  2⤵
  PID:6220
- C:\Windows\System\zFrXlUs.exe
  C:\Windows\System\zFrXlUs.exe
  2⤵
  PID:6244
- C:\Windows\System\BDIrLSW.exe
  C:\Windows\System\BDIrLSW.exe
  2⤵
  PID:6264
- C:\Windows\System\zEaBtkN.exe
  C:\Windows\System\zEaBtkN.exe
  2⤵
  PID:6284
- C:\Windows\System\ZGLcpSJ.exe
  C:\Windows\System\ZGLcpSJ.exe
  2⤵
  PID:6300
- C:\Windows\System\RIpbbxZ.exe
  C:\Windows\System\RIpbbxZ.exe
  2⤵
  PID:6324
- C:\Windows\System\MAHMURB.exe
  C:\Windows\System\MAHMURB.exe
  2⤵
  PID:6344
- C:\Windows\System\UBExidu.exe
  C:\Windows\System\UBExidu.exe
  2⤵
  PID:6364
- C:\Windows\System\sPhyKUM.exe
  C:\Windows\System\sPhyKUM.exe
  2⤵
  PID:6380
- C:\Windows\System\CfxgRvU.exe
  C:\Windows\System\CfxgRvU.exe
  2⤵
  PID:6404
- C:\Windows\System\rcqfEle.exe
  C:\Windows\System\rcqfEle.exe
  2⤵
  PID:6420
- C:\Windows\System\QcDvgKJ.exe
  C:\Windows\System\QcDvgKJ.exe
  2⤵
  PID:6444
- C:\Windows\System\paFVPHA.exe
  C:\Windows\System\paFVPHA.exe
  2⤵
  PID:6464
- C:\Windows\System\roQNbyP.exe
  C:\Windows\System\roQNbyP.exe
  2⤵
  PID:6484
- C:\Windows\System\buChHjf.exe
  C:\Windows\System\buChHjf.exe
  2⤵
  PID:6504
- C:\Windows\System\oiOAYeh.exe
  C:\Windows\System\oiOAYeh.exe
  2⤵
  PID:6524
- C:\Windows\System\sVYEqiW.exe
  C:\Windows\System\sVYEqiW.exe
  2⤵
  PID:6544
- C:\Windows\System\GWRffOu.exe
  C:\Windows\System\GWRffOu.exe
  2⤵
  PID:6564
- C:\Windows\System\LseGzJA.exe
  C:\Windows\System\LseGzJA.exe
  2⤵
  PID:6584
- C:\Windows\System\BTDrXYv.exe
  C:\Windows\System\BTDrXYv.exe
  2⤵
  PID:6604
- C:\Windows\System\OxzbPJO.exe
  C:\Windows\System\OxzbPJO.exe
  2⤵
  PID:6624
- C:\Windows\System\xAkABGY.exe
  C:\Windows\System\xAkABGY.exe
  2⤵
  PID:6644
- C:\Windows\System\UwTvQPs.exe
  C:\Windows\System\UwTvQPs.exe
  2⤵
  PID:6664
- C:\Windows\System\QKqsany.exe
  C:\Windows\System\QKqsany.exe
  2⤵
  PID:6684
- C:\Windows\System\LYvyBgs.exe
  C:\Windows\System\LYvyBgs.exe
  2⤵
  PID:6704
- C:\Windows\System\KGZKfps.exe
  C:\Windows\System\KGZKfps.exe
  2⤵
  PID:6724
- C:\Windows\System\pUrbnwf.exe
  C:\Windows\System\pUrbnwf.exe
  2⤵
  PID:6744
- C:\Windows\System\NlgApir.exe
  C:\Windows\System\NlgApir.exe
  2⤵
  PID:6764
- C:\Windows\System\VQVNwuf.exe
  C:\Windows\System\VQVNwuf.exe
  2⤵
  PID:6784
- C:\Windows\System\rTVDPGi.exe
  C:\Windows\System\rTVDPGi.exe
  2⤵
  PID:6804
- C:\Windows\System\BqLLvEN.exe
  C:\Windows\System\BqLLvEN.exe
  2⤵
  PID:6824
- C:\Windows\System\eFynPlM.exe
  C:\Windows\System\eFynPlM.exe
  2⤵
  PID:6840
- C:\Windows\System\diAsXxo.exe
  C:\Windows\System\diAsXxo.exe
  2⤵
  PID:6860
- C:\Windows\System\zvhMNYf.exe
  C:\Windows\System\zvhMNYf.exe
  2⤵
  PID:6888
- C:\Windows\System\iqHIQxQ.exe
  C:\Windows\System\iqHIQxQ.exe
  2⤵
  PID:6908
- C:\Windows\System\cZKeQJO.exe
  C:\Windows\System\cZKeQJO.exe
  2⤵
  PID:6928
- C:\Windows\System\wNVWCUQ.exe
  C:\Windows\System\wNVWCUQ.exe
  2⤵
  PID:6948
- C:\Windows\System\FfLAPbl.exe
  C:\Windows\System\FfLAPbl.exe
  2⤵
  PID:6968
- C:\Windows\System\JEWzOnR.exe
  C:\Windows\System\JEWzOnR.exe
  2⤵
  PID:6984
- C:\Windows\System\cxSDRvE.exe
  C:\Windows\System\cxSDRvE.exe
  2⤵
  PID:7008
- C:\Windows\System\hmRzbvf.exe
  C:\Windows\System\hmRzbvf.exe
  2⤵
  PID:7028
- C:\Windows\System\kTUJxHT.exe
  C:\Windows\System\kTUJxHT.exe
  2⤵
  PID:7048
- C:\Windows\System\yJQUCtn.exe
  C:\Windows\System\yJQUCtn.exe
  2⤵
  PID:7068
- C:\Windows\System\eepATHA.exe
  C:\Windows\System\eepATHA.exe
  2⤵
  PID:7088
- C:\Windows\System\MKLLLYV.exe
  C:\Windows\System\MKLLLYV.exe
  2⤵
  PID:7108
- C:\Windows\System\RzPWdyc.exe
  C:\Windows\System\RzPWdyc.exe
  2⤵
  PID:7128
- C:\Windows\System\GdXklHH.exe
  C:\Windows\System\GdXklHH.exe
  2⤵
  PID:7144
- C:\Windows\System\wPCXkpH.exe
  C:\Windows\System\wPCXkpH.exe
  2⤵
  PID:2608
- C:\Windows\System\ZdJfraa.exe
  C:\Windows\System\ZdJfraa.exe
  2⤵
  PID:5984
- C:\Windows\System\gKyPgJw.exe
  C:\Windows\System\gKyPgJw.exe
  2⤵
  PID:5720
- C:\Windows\System\PQuLlaY.exe
  C:\Windows\System\PQuLlaY.exe
  2⤵
  PID:5840
- C:\Windows\System\fSIrGsW.exe
  C:\Windows\System\fSIrGsW.exe
  2⤵
  PID:5264
- C:\Windows\System\erbnAwD.exe
  C:\Windows\System\erbnAwD.exe
  2⤵
  PID:2876
- C:\Windows\System\qtuDsjI.exe
  C:\Windows\System\qtuDsjI.exe
  2⤵
  PID:5468
- C:\Windows\System\tPKvLRg.exe
  C:\Windows\System\tPKvLRg.exe
  2⤵
  PID:6160
- C:\Windows\System\YxWYQGR.exe
  C:\Windows\System\YxWYQGR.exe
  2⤵
  PID:5760
- C:\Windows\System\mdrqGfA.exe
  C:\Windows\System\mdrqGfA.exe
  2⤵
  PID:6200
- C:\Windows\System\Bhebxkc.exe
  C:\Windows\System\Bhebxkc.exe
  2⤵
  PID:6236
- C:\Windows\System\avoutDM.exe
  C:\Windows\System\avoutDM.exe
  2⤵
  PID:6212
- C:\Windows\System\DFcHJBV.exe
  C:\Windows\System\DFcHJBV.exe
  2⤵
  PID:6308
- C:\Windows\System\DXzAQyR.exe
  C:\Windows\System\DXzAQyR.exe
  2⤵
  PID:2916
- C:\Windows\System\jvcAlzb.exe
  C:\Windows\System\jvcAlzb.exe
  2⤵
  PID:6352
- C:\Windows\System\stUpaea.exe
  C:\Windows\System\stUpaea.exe
  2⤵
  PID:6360
- C:\Windows\System\CDSRlPm.exe
  C:\Windows\System\CDSRlPm.exe
  2⤵
  PID:6392
- C:\Windows\System\ofsXHiw.exe
  C:\Windows\System\ofsXHiw.exe
  2⤵
  PID:6440
- C:\Windows\System\sSeaXkR.exe
  C:\Windows\System\sSeaXkR.exe
  2⤵
  PID:6472
- C:\Windows\System\GQVfYWG.exe
  C:\Windows\System\GQVfYWG.exe
  2⤵
  PID:6456
- C:\Windows\System\rqyzuIU.exe
  C:\Windows\System\rqyzuIU.exe
  2⤵
  PID:6520
- C:\Windows\System\QRiPhLP.exe
  C:\Windows\System\QRiPhLP.exe
  2⤵
  PID:6560
- C:\Windows\System\rzCFqPq.exe
  C:\Windows\System\rzCFqPq.exe
  2⤵
  PID:2688
- C:\Windows\System\ZLGpsFj.exe
  C:\Windows\System\ZLGpsFj.exe
  2⤵
  PID:6576
- C:\Windows\System\vTuDUpr.exe
  C:\Windows\System\vTuDUpr.exe
  2⤵
  PID:6616
- C:\Windows\System\REABTox.exe
  C:\Windows\System\REABTox.exe
  2⤵
  PID:6676
- C:\Windows\System\IpvUzaZ.exe
  C:\Windows\System\IpvUzaZ.exe
  2⤵
  PID:6692
- C:\Windows\System\AOJSMsY.exe
  C:\Windows\System\AOJSMsY.exe
  2⤵
  PID:2344
- C:\Windows\System\eXFIIYO.exe
  C:\Windows\System\eXFIIYO.exe
  2⤵
  PID:6792
- C:\Windows\System\Jrjezry.exe
  C:\Windows\System\Jrjezry.exe
  2⤵
  PID:2952
- C:\Windows\System\HPchAxr.exe
  C:\Windows\System\HPchAxr.exe
  2⤵
  PID:6776
- C:\Windows\System\BfVDmug.exe
  C:\Windows\System\BfVDmug.exe
  2⤵
  PID:1608
- C:\Windows\System\huVUnVo.exe
  C:\Windows\System\huVUnVo.exe
  2⤵
  PID:272
- C:\Windows\System\ohwpGjk.exe
  C:\Windows\System\ohwpGjk.exe
  2⤵
  PID:6924
- C:\Windows\System\esDzYGT.exe
  C:\Windows\System\esDzYGT.exe
  2⤵
  PID:6936
- C:\Windows\System\qBXiLIJ.exe
  C:\Windows\System\qBXiLIJ.exe
  2⤵
  PID:6960
- C:\Windows\System\ngOpelq.exe
  C:\Windows\System\ngOpelq.exe
  2⤵
  PID:536
- C:\Windows\System\OBxThBH.exe
  C:\Windows\System\OBxThBH.exe
  2⤵
  PID:7024
- C:\Windows\System\nwtckoa.exe
  C:\Windows\System\nwtckoa.exe
  2⤵
  PID:332
- C:\Windows\System\WvgoUNr.exe
  C:\Windows\System\WvgoUNr.exe
  2⤵
  PID:7080
- C:\Windows\System\xiUlowI.exe
  C:\Windows\System\xiUlowI.exe
  2⤵
  PID:7100
- C:\Windows\System\KgJAQaF.exe
  C:\Windows\System\KgJAQaF.exe
  2⤵
  PID:7164
- C:\Windows\System\EfINklq.exe
  C:\Windows\System\EfINklq.exe
  2⤵
  PID:5620
- C:\Windows\System\bDrrkuP.exe
  C:\Windows\System\bDrrkuP.exe
  2⤵
  PID:5828
- C:\Windows\System\cmJvuIr.exe
  C:\Windows\System\cmJvuIr.exe
  2⤵
  PID:2384
- C:\Windows\System\FsRmsIX.exe
  C:\Windows\System\FsRmsIX.exe
  2⤵
  PID:2636
- C:\Windows\System\sRjaRqI.exe
  C:\Windows\System\sRjaRqI.exe
  2⤵
  PID:5384
- C:\Windows\System\xLFagZm.exe
  C:\Windows\System\xLFagZm.exe
  2⤵
  PID:5608
- C:\Windows\System\NhXLAeq.exe
  C:\Windows\System\NhXLAeq.exe
  2⤵
  PID:6228
- C:\Windows\System\zxBvUKh.exe
  C:\Windows\System\zxBvUKh.exe
  2⤵
  PID:6176
- C:\Windows\System\aSZBvHa.exe
  C:\Windows\System\aSZBvHa.exe
  2⤵
  PID:6316
- C:\Windows\System\GteyKxP.exe
  C:\Windows\System\GteyKxP.exe
  2⤵
  PID:6332
- C:\Windows\System\mDzBKiH.exe
  C:\Windows\System\mDzBKiH.exe
  2⤵
  PID:2488
- C:\Windows\System\fziFchO.exe
  C:\Windows\System\fziFchO.exe
  2⤵
  PID:6416
- C:\Windows\System\EawXhea.exe
  C:\Windows\System\EawXhea.exe
  2⤵
  PID:6452
- C:\Windows\System\JIPhyZt.exe
  C:\Windows\System\JIPhyZt.exe
  2⤵
  PID:6536
- C:\Windows\System\ZpBHPxc.exe
  C:\Windows\System\ZpBHPxc.exe
  2⤵
  PID:6572
- C:\Windows\System\zXziycB.exe
  C:\Windows\System\zXziycB.exe
  2⤵
  PID:6720
- C:\Windows\System\PdOlgyw.exe
  C:\Windows\System\PdOlgyw.exe
  2⤵
  PID:6760
- C:\Windows\System\pIqIVVy.exe
  C:\Windows\System\pIqIVVy.exe
  2⤵
  PID:6736
- C:\Windows\System\UbdDnfU.exe
  C:\Windows\System\UbdDnfU.exe
  2⤵
  PID:6812
- C:\Windows\System\KQWZqap.exe
  C:\Windows\System\KQWZqap.exe
  2⤵
  PID:6872
- C:\Windows\System\RRdGWEy.exe
  C:\Windows\System\RRdGWEy.exe
  2⤵
  PID:6856
- C:\Windows\System\FJxadyg.exe
  C:\Windows\System\FJxadyg.exe
  2⤵
  PID:6944
- C:\Windows\System\pmjntEq.exe
  C:\Windows\System\pmjntEq.exe
  2⤵
  PID:7040
- C:\Windows\System\pEeivaX.exe
  C:\Windows\System\pEeivaX.exe
  2⤵
  PID:6976
- C:\Windows\System\aBxdhob.exe
  C:\Windows\System\aBxdhob.exe
  2⤵
  PID:7140
- C:\Windows\System\ubYSZBn.exe
  C:\Windows\System\ubYSZBn.exe
  2⤵
  PID:3756
- C:\Windows\System\brrhvLh.exe
  C:\Windows\System\brrhvLh.exe
  2⤵
  PID:5184
- C:\Windows\System\qaTaQIg.exe
  C:\Windows\System\qaTaQIg.exe
  2⤵
  PID:6028
- C:\Windows\System\waPPqta.exe
  C:\Windows\System\waPPqta.exe
  2⤵
  PID:1784
- C:\Windows\System\gXwdbFK.exe
  C:\Windows\System\gXwdbFK.exe
  2⤵
  PID:5160
- C:\Windows\System\oPYqVUR.exe
  C:\Windows\System\oPYqVUR.exe
  2⤵
  PID:6412
- C:\Windows\System\OlNETFJ.exe
  C:\Windows\System\OlNETFJ.exe
  2⤵
  PID:6256
- C:\Windows\System\CZkSAAS.exe
  C:\Windows\System\CZkSAAS.exe
  2⤵
  PID:6500
- C:\Windows\System\oyQHceA.exe
  C:\Windows\System\oyQHceA.exe
  2⤵
  PID:6620
- C:\Windows\System\tkaByHz.exe
  C:\Windows\System\tkaByHz.exe
  2⤵
  PID:6632
- C:\Windows\System\FQLGEuP.exe
  C:\Windows\System\FQLGEuP.exe
  2⤵
  PID:6696
- C:\Windows\System\rGEWbSI.exe
  C:\Windows\System\rGEWbSI.exe
  2⤵
  PID:2980
- C:\Windows\System\QykAMQq.exe
  C:\Windows\System\QykAMQq.exe
  2⤵
  PID:6852
- C:\Windows\System\RfmhfsE.exe
  C:\Windows\System\RfmhfsE.exe
  2⤵
  PID:7004
- C:\Windows\System\VbTcsPT.exe
  C:\Windows\System\VbTcsPT.exe
  2⤵
  PID:7000
- C:\Windows\System\uFfglEj.exe
  C:\Windows\System\uFfglEj.exe
  2⤵
  PID:7060
- C:\Windows\System\NyWdNBA.exe
  C:\Windows\System\NyWdNBA.exe
  2⤵
  PID:5144
- C:\Windows\System\jonejOW.exe
  C:\Windows\System\jonejOW.exe
  2⤵
  PID:7120
- C:\Windows\System\jLSRBIJ.exe
  C:\Windows\System\jLSRBIJ.exe
  2⤵
  PID:4148
- C:\Windows\System\zmWlyHk.exe
  C:\Windows\System\zmWlyHk.exe
  2⤵
  PID:6252
- C:\Windows\System\PETgrBk.exe
  C:\Windows\System\PETgrBk.exe
  2⤵
  PID:6476
- C:\Windows\System\XQBxael.exe
  C:\Windows\System\XQBxael.exe
  2⤵
  PID:6540
- C:\Windows\System\ARXFdKM.exe
  C:\Windows\System\ARXFdKM.exe
  2⤵
  PID:6756
- C:\Windows\System\vWIbwNe.exe
  C:\Windows\System\vWIbwNe.exe
  2⤵
  PID:6920
- C:\Windows\System\VhEqdhc.exe
  C:\Windows\System\VhEqdhc.exe
  2⤵
  PID:6816
- C:\Windows\System\LeMyoQd.exe
  C:\Windows\System\LeMyoQd.exe
  2⤵
  PID:7136
- C:\Windows\System\hWfVqvr.exe
  C:\Windows\System\hWfVqvr.exe
  2⤵
  PID:7156
- C:\Windows\System\KbPnVrw.exe
  C:\Windows\System\KbPnVrw.exe
  2⤵
  PID:3004
- C:\Windows\System\YSuEAES.exe
  C:\Windows\System\YSuEAES.exe
  2⤵
  PID:6216
- C:\Windows\System\ssVrFTX.exe
  C:\Windows\System\ssVrFTX.exe
  2⤵
  PID:6460
- C:\Windows\System\guHzyTk.exe
  C:\Windows\System\guHzyTk.exe
  2⤵
  PID:6780
- C:\Windows\System\uJIqUGA.exe
  C:\Windows\System\uJIqUGA.exe
  2⤵
  PID:6800
- C:\Windows\System\QnbwfRr.exe
  C:\Windows\System\QnbwfRr.exe
  2⤵
  PID:7064
- C:\Windows\System\wlGbptD.exe
  C:\Windows\System\wlGbptD.exe
  2⤵
  PID:7176
- C:\Windows\System\GXbqfCb.exe
  C:\Windows\System\GXbqfCb.exe
  2⤵
  PID:7196
- C:\Windows\System\zBHQFvx.exe
  C:\Windows\System\zBHQFvx.exe
  2⤵
  PID:7216
- C:\Windows\System\QgfHjjH.exe
  C:\Windows\System\QgfHjjH.exe
  2⤵
  PID:7236
- C:\Windows\System\vQvQQwF.exe
  C:\Windows\System\vQvQQwF.exe
  2⤵
  PID:7260
- C:\Windows\System\PwCDMtk.exe
  C:\Windows\System\PwCDMtk.exe
  2⤵
  PID:7276
- C:\Windows\System\RmxTMpI.exe
  C:\Windows\System\RmxTMpI.exe
  2⤵
  PID:7300
- C:\Windows\System\TvWZxGc.exe
  C:\Windows\System\TvWZxGc.exe
  2⤵
  PID:7320
- C:\Windows\System\ZTFgHNF.exe
  C:\Windows\System\ZTFgHNF.exe
  2⤵
  PID:7340
- C:\Windows\System\tDadPyz.exe
  C:\Windows\System\tDadPyz.exe
  2⤵
  PID:7360
- C:\Windows\System\APQKvoA.exe
  C:\Windows\System\APQKvoA.exe
  2⤵
  PID:7380
- C:\Windows\System\NqAwTvW.exe
  C:\Windows\System\NqAwTvW.exe
  2⤵
  PID:7400
- C:\Windows\System\QYGDnMk.exe
  C:\Windows\System\QYGDnMk.exe
  2⤵
  PID:7420
- C:\Windows\System\PrmHpSr.exe
  C:\Windows\System\PrmHpSr.exe
  2⤵
  PID:7440
- C:\Windows\System\SaPAQBy.exe
  C:\Windows\System\SaPAQBy.exe
  2⤵
  PID:7460
- C:\Windows\System\FBRGUzw.exe
  C:\Windows\System\FBRGUzw.exe
  2⤵
  PID:7480
- C:\Windows\System\XVXZehV.exe
  C:\Windows\System\XVXZehV.exe
  2⤵
  PID:7500
- C:\Windows\System\mESGEHg.exe
  C:\Windows\System\mESGEHg.exe
  2⤵
  PID:7520
- C:\Windows\System\NisTbzl.exe
  C:\Windows\System\NisTbzl.exe
  2⤵
  PID:7544
- C:\Windows\System\pbFqbPk.exe
  C:\Windows\System\pbFqbPk.exe
  2⤵
  PID:7564
- C:\Windows\System\XXWykrD.exe
  C:\Windows\System\XXWykrD.exe
  2⤵
  PID:7584
- C:\Windows\System\ssarGns.exe
  C:\Windows\System\ssarGns.exe
  2⤵
  PID:7604
- C:\Windows\System\CZlrSRB.exe
  C:\Windows\System\CZlrSRB.exe
  2⤵
  PID:7624
- C:\Windows\System\PeNxwrW.exe
  C:\Windows\System\PeNxwrW.exe
  2⤵
  PID:7644
- C:\Windows\System\gMBYrKa.exe
  C:\Windows\System\gMBYrKa.exe
  2⤵
  PID:7664
- C:\Windows\System\pELaMEA.exe
  C:\Windows\System\pELaMEA.exe
  2⤵
  PID:7680
- C:\Windows\System\HKWubNr.exe
  C:\Windows\System\HKWubNr.exe
  2⤵
  PID:7704
- C:\Windows\System\UXYDUhB.exe
  C:\Windows\System\UXYDUhB.exe
  2⤵
  PID:7724
- C:\Windows\System\IXPxQvE.exe
  C:\Windows\System\IXPxQvE.exe
  2⤵
  PID:7744
- C:\Windows\System\sXXnLdd.exe
  C:\Windows\System\sXXnLdd.exe
  2⤵
  PID:7764
- C:\Windows\System\MLiyoqK.exe
  C:\Windows\System\MLiyoqK.exe
  2⤵
  PID:7784
- C:\Windows\System\rzveqZA.exe
  C:\Windows\System\rzveqZA.exe
  2⤵
  PID:7612
- C:\Windows\System\aMCMAjD.exe
  C:\Windows\System\aMCMAjD.exe
  2⤵
  PID:9780
- C:\Windows\System\TEhhqRF.exe
  C:\Windows\System\TEhhqRF.exe
  2⤵
  PID:9800
- C:\Windows\System\uuAABuy.exe
  C:\Windows\System\uuAABuy.exe
  2⤵
  PID:9820
- C:\Windows\System\VpYeVFr.exe
  C:\Windows\System\VpYeVFr.exe
  2⤵
  PID:9852
- C:\Windows\System\oysHQPk.exe
  C:\Windows\System\oysHQPk.exe
  2⤵
  PID:9896
- C:\Windows\System\opuASyo.exe
  C:\Windows\System\opuASyo.exe
  2⤵
  PID:9920
- C:\Windows\System\Afgwpos.exe
  C:\Windows\System\Afgwpos.exe
  2⤵
  PID:9936
- C:\Windows\System\ixvBXjG.exe
  C:\Windows\System\ixvBXjG.exe
  2⤵
  PID:9952
- C:\Windows\System\tfIAwCc.exe
  C:\Windows\System\tfIAwCc.exe
  2⤵
  PID:9968
- C:\Windows\System\QsBfeDo.exe
  C:\Windows\System\QsBfeDo.exe
  2⤵
  PID:9984
- C:\Windows\System\uyTJdrr.exe
  C:\Windows\System\uyTJdrr.exe
  2⤵
  PID:10000
- C:\Windows\System\wcCSROm.exe
  C:\Windows\System\wcCSROm.exe
  2⤵
  PID:10016
- C:\Windows\System\UQQAwyF.exe
  C:\Windows\System\UQQAwyF.exe
  2⤵
  PID:10032
- C:\Windows\System\RUOnedp.exe
  C:\Windows\System\RUOnedp.exe
  2⤵
  PID:10048
- C:\Windows\System\EHmVtVM.exe
  C:\Windows\System\EHmVtVM.exe
  2⤵
  PID:10064
- C:\Windows\System\zLunsOz.exe
  C:\Windows\System\zLunsOz.exe
  2⤵
  PID:10080
- C:\Windows\System\pjbTUmc.exe
  C:\Windows\System\pjbTUmc.exe
  2⤵
  PID:10096
- C:\Windows\System\HHhavBu.exe
  C:\Windows\System\HHhavBu.exe
  2⤵
  PID:10204
- C:\Windows\System\GeOJfxT.exe
  C:\Windows\System\GeOJfxT.exe
  2⤵
  PID:10228
- C:\Windows\System\eYCnUNF.exe
  C:\Windows\System\eYCnUNF.exe
  2⤵
  PID:2808
- C:\Windows\System\vLSWeWG.exe
  C:\Windows\System\vLSWeWG.exe
  2⤵
  PID:9776
- C:\Windows\System\KuxuLah.exe
  C:\Windows\System\KuxuLah.exe
  2⤵
  PID:9788
- C:\Windows\System\mxeafBH.exe
  C:\Windows\System\mxeafBH.exe
  2⤵
  PID:2296
- C:\Windows\System\QfakTbN.exe
  C:\Windows\System\QfakTbN.exe
  2⤵
  PID:9876
- C:\Windows\System\ydxptui.exe
  C:\Windows\System\ydxptui.exe
  2⤵
  PID:2068
- C:\Windows\System\ybFcTjg.exe
  C:\Windows\System\ybFcTjg.exe
  2⤵
  PID:9960
- C:\Windows\System\UvWGqbT.exe
  C:\Windows\System\UvWGqbT.exe
  2⤵
  PID:10024
- C:\Windows\System\IncZgTi.exe
  C:\Windows\System\IncZgTi.exe
  2⤵
  PID:10092
- C:\Windows\System\iEYVyeJ.exe
  C:\Windows\System\iEYVyeJ.exe
  2⤵
  PID:10076
- C:\Windows\System\uLWGekq.exe
  C:\Windows\System\uLWGekq.exe
  2⤵
  PID:10072
- C:\Windows\System\yICNjTB.exe
  C:\Windows\System\yICNjTB.exe
  2⤵
  PID:1996
- C:\Windows\System\hAYCJkj.exe
  C:\Windows\System\hAYCJkj.exe
  2⤵
  PID:1960
- C:\Windows\System\oadDdGB.exe
  C:\Windows\System\oadDdGB.exe
  2⤵
  PID:10192
- C:\Windows\System\LMcQSKc.exe
  C:\Windows\System\LMcQSKc.exe
  2⤵
  PID:2672
- C:\Windows\System\BxQiOBG.exe
  C:\Windows\System\BxQiOBG.exe
  2⤵
  PID:2848
- C:\Windows\System\TPPaRZi.exe
  C:\Windows\System\TPPaRZi.exe
  2⤵
  PID:5224
- C:\Windows\System\GBjnWJO.exe
  C:\Windows\System\GBjnWJO.exe
  2⤵
  PID:1052
- C:\Windows\System\zEHTEPI.exe
  C:\Windows\System\zEHTEPI.exe
  2⤵
  PID:9860
- C:\Windows\System\UMYcTxW.exe
  C:\Windows\System\UMYcTxW.exe
  2⤵
  PID:9992
- C:\Windows\System\titTLtP.exe
  C:\Windows\System\titTLtP.exe
  2⤵
  PID:2656
- C:\Windows\System\JgMdRbg.exe
  C:\Windows\System\JgMdRbg.exe
  2⤵
  PID:10060
- C:\Windows\System\igNstoi.exe
  C:\Windows\System\igNstoi.exe
  2⤵
  PID:9916
- C:\Windows\System\iIlrNwt.exe
  C:\Windows\System\iIlrNwt.exe
  2⤵
  PID:10040
- C:\Windows\System\NkUBxpp.exe
  C:\Windows\System\NkUBxpp.exe
  2⤵
  PID:10212
- C:\Windows\System\wwjyeGx.exe
  C:\Windows\System\wwjyeGx.exe
  2⤵
  PID:10224
- C:\Windows\System\qebITMr.exe
  C:\Windows\System\qebITMr.exe
  2⤵
  PID:2676
- C:\Windows\System\voHyXMQ.exe
  C:\Windows\System\voHyXMQ.exe
  2⤵
  PID:9944
- C:\Windows\System\iZznOiW.exe
  C:\Windows\System\iZznOiW.exe
  2⤵
  PID:9980
- C:\Windows\System\mgHJyiM.exe
  C:\Windows\System\mgHJyiM.exe
  2⤵
  PID:10220
- C:\Windows\System\ynfvUYh.exe
  C:\Windows\System\ynfvUYh.exe
  2⤵
  PID:10108
- C:\Windows\System\CVggeeh.exe
  C:\Windows\System\CVggeeh.exe
  2⤵
  PID:10164
- C:\Windows\System\qrsDINH.exe
  C:\Windows\System\qrsDINH.exe
  2⤵
  PID:2956
- C:\Windows\System\aXMNfCu.exe
  C:\Windows\System\aXMNfCu.exe
  2⤵
  PID:10180
- C:\Windows\System\DdgBvMK.exe
  C:\Windows\System\DdgBvMK.exe
  2⤵
  PID:10252
- C:\Windows\System\JPOmqkB.exe
  C:\Windows\System\JPOmqkB.exe
  2⤵
  PID:10268
- C:\Windows\System\vNnvQWM.exe
  C:\Windows\System\vNnvQWM.exe
  2⤵
  PID:10284
- C:\Windows\System\mtxCYLZ.exe
  C:\Windows\System\mtxCYLZ.exe
  2⤵
  PID:10300
- C:\Windows\System\ATBLkKv.exe
  C:\Windows\System\ATBLkKv.exe
  2⤵
  PID:10316
- C:\Windows\System\QoXUtIQ.exe
  C:\Windows\System\QoXUtIQ.exe
  2⤵
  PID:10332
- C:\Windows\System\MTeDtci.exe
  C:\Windows\System\MTeDtci.exe
  2⤵
  PID:10348
- C:\Windows\System\vmYDSRC.exe
  C:\Windows\System\vmYDSRC.exe
  2⤵
  PID:10364
- C:\Windows\System\SOocUNC.exe
  C:\Windows\System\SOocUNC.exe
  2⤵
  PID:10380
- C:\Windows\System\XfZbqxZ.exe
  C:\Windows\System\XfZbqxZ.exe
  2⤵
  PID:10420
- C:\Windows\System\XDtIArf.exe
  C:\Windows\System\XDtIArf.exe
  2⤵
  PID:10436
- C:\Windows\System\LZpYWuG.exe
  C:\Windows\System\LZpYWuG.exe
  2⤵
  PID:10452
- C:\Windows\System\UDUqvJJ.exe
  C:\Windows\System\UDUqvJJ.exe
  2⤵
  PID:10468
- C:\Windows\System\OvhLslU.exe
  C:\Windows\System\OvhLslU.exe
  2⤵
  PID:10488
- C:\Windows\System\SBJyGZf.exe
  C:\Windows\System\SBJyGZf.exe
  2⤵
  PID:10504
- C:\Windows\System\tkNLyVL.exe
  C:\Windows\System\tkNLyVL.exe
  2⤵
  PID:10520
- C:\Windows\System\WpXhQFR.exe
  C:\Windows\System\WpXhQFR.exe
  2⤵
  PID:10544
- C:\Windows\System\vUNYBky.exe
  C:\Windows\System\vUNYBky.exe
  2⤵
  PID:10564
- C:\Windows\System\eVWMzre.exe
  C:\Windows\System\eVWMzre.exe
  2⤵
  PID:10584
- C:\Windows\System\ISyoWAu.exe
  C:\Windows\System\ISyoWAu.exe
  2⤵
  PID:10604
- C:\Windows\System\jOFHDvF.exe
  C:\Windows\System\jOFHDvF.exe
  2⤵
  PID:10624
- C:\Windows\System\cmalQrr.exe
  C:\Windows\System\cmalQrr.exe
  2⤵
  PID:10648
- C:\Windows\System\xpiGAMF.exe
  C:\Windows\System\xpiGAMF.exe
  2⤵
  PID:10680
- C:\Windows\System\YkrLsEq.exe
  C:\Windows\System\YkrLsEq.exe
  2⤵
  PID:10712
- C:\Windows\System\PxNKwyD.exe
  C:\Windows\System\PxNKwyD.exe
  2⤵
  PID:10732
- C:\Windows\System\TuOhztk.exe
  C:\Windows\System\TuOhztk.exe
  2⤵
  PID:10748
- C:\Windows\System\vBKPTtQ.exe
  C:\Windows\System\vBKPTtQ.exe
  2⤵
  PID:10764
- C:\Windows\System\CJrkqYR.exe
  C:\Windows\System\CJrkqYR.exe
  2⤵
  PID:10780
- C:\Windows\System\gJomrTb.exe
  C:\Windows\System\gJomrTb.exe
  2⤵
  PID:10796
- C:\Windows\System\QRpTQiA.exe
  C:\Windows\System\QRpTQiA.exe
  2⤵
  PID:10832
- C:\Windows\System\xhztnGi.exe
  C:\Windows\System\xhztnGi.exe
  2⤵
  PID:10848
- C:\Windows\System\MxxCgXf.exe
  C:\Windows\System\MxxCgXf.exe
  2⤵
  PID:10868
- C:\Windows\System\PsvMeFf.exe
  C:\Windows\System\PsvMeFf.exe
  2⤵
  PID:10888
- C:\Windows\System\qKlrEYn.exe
  C:\Windows\System\qKlrEYn.exe
  2⤵
  PID:10908
- C:\Windows\System\RePOJkw.exe
  C:\Windows\System\RePOJkw.exe
  2⤵
  PID:10924
- C:\Windows\System\AkXFuGs.exe
  C:\Windows\System\AkXFuGs.exe
  2⤵
  PID:10940
- C:\Windows\System\jnkSjAJ.exe
  C:\Windows\System\jnkSjAJ.exe
  2⤵
  PID:10964
- C:\Windows\System\EzZOgJP.exe
  C:\Windows\System\EzZOgJP.exe
  2⤵
  PID:10980
- C:\Windows\System\UiUUHyv.exe
  C:\Windows\System\UiUUHyv.exe
  2⤵
  PID:11004
- C:\Windows\System\Wynuhpv.exe
  C:\Windows\System\Wynuhpv.exe
  2⤵
  PID:11024
- C:\Windows\System\nwQWkDZ.exe
  C:\Windows\System\nwQWkDZ.exe
  2⤵
  PID:11056
- C:\Windows\System\PFtDAwi.exe
  C:\Windows\System\PFtDAwi.exe
  2⤵
  PID:11072
- C:\Windows\System\AmzajpE.exe
  C:\Windows\System\AmzajpE.exe
  2⤵
  PID:11088
- C:\Windows\System\mTXUFax.exe
  C:\Windows\System\mTXUFax.exe
  2⤵
  PID:11104
- C:\Windows\System\JmuhBKU.exe
  C:\Windows\System\JmuhBKU.exe
  2⤵
  PID:11120
- C:\Windows\System\neglnhV.exe
  C:\Windows\System\neglnhV.exe
  2⤵
  PID:11140
- C:\Windows\System\ewRjhUg.exe
  C:\Windows\System\ewRjhUg.exe
  2⤵
  PID:11176
- C:\Windows\System\FMxoQBv.exe
  C:\Windows\System\FMxoQBv.exe
  2⤵
  PID:11192
- C:\Windows\System\pcEBKvN.exe
  C:\Windows\System\pcEBKvN.exe
  2⤵
  PID:11208
- C:\Windows\System\rvoMwiP.exe
  C:\Windows\System\rvoMwiP.exe
  2⤵
  PID:11224
- C:\Windows\System\jisjFFn.exe
  C:\Windows\System\jisjFFn.exe
  2⤵
  PID:11252
- C:\Windows\System\wBQUoAN.exe
  C:\Windows\System\wBQUoAN.exe
  2⤵
  PID:10328
- C:\Windows\System\HjKBVCE.exe
  C:\Windows\System\HjKBVCE.exe
  2⤵
  PID:10400
- C:\Windows\System\zqqphzc.exe
  C:\Windows\System\zqqphzc.exe
  2⤵
  PID:10416
- C:\Windows\System\zMHtdLx.exe
  C:\Windows\System\zMHtdLx.exe
  2⤵
  PID:9812
- C:\Windows\System\dnBgHsO.exe
  C:\Windows\System\dnBgHsO.exe
  2⤵
  PID:9928
- C:\Windows\System\AZoCZoJ.exe
  C:\Windows\System\AZoCZoJ.exe
  2⤵
  PID:10480
- C:\Windows\System\EtUIlWn.exe
  C:\Windows\System\EtUIlWn.exe
  2⤵
  PID:10552
- C:\Windows\System\adBZZom.exe
  C:\Windows\System\adBZZom.exe
  2⤵
  PID:10600
- C:\Windows\System\giWzqBq.exe
  C:\Windows\System\giWzqBq.exe
  2⤵
  PID:10636
- C:\Windows\System\bMBnqWa.exe
  C:\Windows\System\bMBnqWa.exe
  2⤵
  PID:10340
- C:\Windows\System\VhbmKsf.exe
  C:\Windows\System\VhbmKsf.exe
  2⤵
  PID:10376
- C:\Windows\System\ceiCzDd.exe
  C:\Windows\System\ceiCzDd.exe
  2⤵
  PID:10696
- C:\Windows\System\yhfCdJs.exe
  C:\Windows\System\yhfCdJs.exe
  2⤵
  PID:10532
- C:\Windows\System\xqRDUoB.exe
  C:\Windows\System\xqRDUoB.exe
  2⤵
  PID:10572
- C:\Windows\System\ZrQXNsp.exe
  C:\Windows\System\ZrQXNsp.exe
  2⤵
  PID:10656
- C:\Windows\System\CzIKREo.exe
  C:\Windows\System\CzIKREo.exe
  2⤵
  PID:10672
- C:\Windows\System\HWwAOir.exe
  C:\Windows\System\HWwAOir.exe
  2⤵
  PID:10812
- C:\Windows\System\Lzhersy.exe
  C:\Windows\System\Lzhersy.exe
  2⤵
  PID:10728
- C:\Windows\System\LqASENM.exe
  C:\Windows\System\LqASENM.exe
  2⤵
  PID:10824
- C:\Windows\System\AlkOdDS.exe
  C:\Windows\System\AlkOdDS.exe
  2⤵
  PID:10864
- C:\Windows\System\PTmHWgU.exe
  C:\Windows\System\PTmHWgU.exe
  2⤵
  PID:10936
- C:\Windows\System\WpwDCPw.exe
  C:\Windows\System\WpwDCPw.exe
  2⤵
  PID:10876
- C:\Windows\System\fVqeTEf.exe
  C:\Windows\System\fVqeTEf.exe
  2⤵
  PID:10952
- C:\Windows\System\ZTvWeLD.exe
  C:\Windows\System\ZTvWeLD.exe
  2⤵
  PID:10992
- C:\Windows\System\PXDphqy.exe
  C:\Windows\System\PXDphqy.exe
  2⤵
  PID:11032
- C:\Windows\System\GJdbDKp.exe
  C:\Windows\System\GJdbDKp.exe
  2⤵
  PID:11040
- C:\Windows\System\IPRSsWP.exe
  C:\Windows\System\IPRSsWP.exe
  2⤵
  PID:10692
- C:\Windows\System\gIEdmtk.exe
  C:\Windows\System\gIEdmtk.exe
  2⤵
  PID:11116
- C:\Windows\System\HMIanUl.exe
  C:\Windows\System\HMIanUl.exe
  2⤵
  PID:11216
- C:\Windows\System\RxrTESQ.exe
  C:\Windows\System\RxrTESQ.exe
  2⤵
  PID:11164
- C:\Windows\System\OasQURX.exe
  C:\Windows\System\OasQURX.exe
  2⤵
  PID:11232
- C:\Windows\System\YxowsAj.exe
  C:\Windows\System\YxowsAj.exe
  2⤵
  PID:10156
- C:\Windows\System\GJzJpnV.exe
  C:\Windows\System\GJzJpnV.exe
  2⤵
  PID:10260
- C:\Windows\System\TCyKrvJ.exe
  C:\Windows\System\TCyKrvJ.exe
  2⤵
  PID:10396
- C:\Windows\System\EappEQl.exe
  C:\Windows\System\EappEQl.exe
  2⤵
  PID:9864
- C:\Windows\System\eQzKJGU.exe
  C:\Windows\System\eQzKJGU.exe
  2⤵
  PID:10640
- C:\Windows\System\hqMMeGf.exe
  C:\Windows\System\hqMMeGf.exe
  2⤵
  PID:10372
- C:\Windows\System\ounPjlM.exe
  C:\Windows\System\ounPjlM.exe
  2⤵
  PID:9816
- C:\Windows\System\bssQNmc.exe
  C:\Windows\System\bssQNmc.exe
  2⤵
  PID:10592
- C:\Windows\System\PjuHmBv.exe
  C:\Windows\System\PjuHmBv.exe
  2⤵
  PID:10244
- C:\Windows\System\dTmvFob.exe
  C:\Windows\System\dTmvFob.exe
  2⤵
  PID:10616
- C:\Windows\System\NdemfkY.exe
  C:\Windows\System\NdemfkY.exe
  2⤵
  PID:10720
- C:\Windows\System\YRFaikH.exe
  C:\Windows\System\YRFaikH.exe
  2⤵
  PID:10708
- C:\Windows\System\txRCKSK.exe
  C:\Windows\System\txRCKSK.exe
  2⤵
  PID:10856
- C:\Windows\System\uYSFqnf.exe
  C:\Windows\System\uYSFqnf.exe
  2⤵
  PID:10904
- C:\Windows\System\alMjmxz.exe
  C:\Windows\System\alMjmxz.exe
  2⤵
  PID:10976
- C:\Windows\System\DZXARYb.exe
  C:\Windows\System\DZXARYb.exe
  2⤵
  PID:10844
- C:\Windows\System\SJZKILM.exe
  C:\Windows\System\SJZKILM.exe
  2⤵
  PID:11068
- C:\Windows\System\MLErooY.exe
  C:\Windows\System\MLErooY.exe
  2⤵
  PID:620
- C:\Windows\System\tAVjFky.exe
  C:\Windows\System\tAVjFky.exe
  2⤵
  PID:11136
- C:\Windows\System\PLToLVG.exe
  C:\Windows\System\PLToLVG.exe
  2⤵
  PID:11128
- C:\Windows\System\AYKbEmr.exe
  C:\Windows\System\AYKbEmr.exe
  2⤵
  PID:2244
- C:\Windows\System\qaZGHsd.exe
  C:\Windows\System\qaZGHsd.exe
  2⤵
  PID:10344
- C:\Windows\System\bpLLORC.exe
  C:\Windows\System\bpLLORC.exe
  2⤵
  PID:10476
- C:\Windows\System\tYeoYMe.exe
  C:\Windows\System\tYeoYMe.exe
  2⤵
  PID:10632
- C:\Windows\System\KcXvydf.exe
  C:\Windows\System\KcXvydf.exe
  2⤵
  PID:10184
- C:\Windows\System\fFhVWru.exe
  C:\Windows\System\fFhVWru.exe
  2⤵
  PID:1920
- C:\Windows\System\PjGpmHf.exe
  C:\Windows\System\PjGpmHf.exe
  2⤵
  PID:10276
- C:\Windows\System\XPAhdDB.exe
  C:\Windows\System\XPAhdDB.exe
  2⤵
  PID:10500
- C:\Windows\System\yUFMgCi.exe
  C:\Windows\System\yUFMgCi.exe
  2⤵
  PID:10740
- C:\Windows\System\pdlVoaP.exe
  C:\Windows\System\pdlVoaP.exe
  2⤵
  PID:10664
- C:\Windows\System\qtMDfFR.exe
  C:\Windows\System\qtMDfFR.exe
  2⤵
  PID:10820
- C:\Windows\System\yJVYAqw.exe
  C:\Windows\System\yJVYAqw.exe
  2⤵
  PID:10900
- C:\Windows\System\POWcAsB.exe
  C:\Windows\System\POWcAsB.exe
  2⤵
  PID:10792
- C:\Windows\System\xCzHLSb.exe
  C:\Windows\System\xCzHLSb.exe
  2⤵
  PID:10956
- C:\Windows\System\tgUeIFT.exe
  C:\Windows\System\tgUeIFT.exe
  2⤵
  PID:11188
- C:\Windows\System\ekehBTZ.exe
  C:\Windows\System\ekehBTZ.exe
  2⤵
  PID:11064
- C:\Windows\System\kVrpIVI.exe
  C:\Windows\System\kVrpIVI.exe
  2⤵
  PID:11156
- C:\Windows\System\mEBhqiW.exe
  C:\Windows\System\mEBhqiW.exe
  2⤵
  PID:2240
- C:\Windows\System\owwGQaQ.exe
  C:\Windows\System\owwGQaQ.exe
  2⤵
  PID:10444
- C:\Windows\System\uzCIald.exe
  C:\Windows\System\uzCIald.exe
  2⤵
  PID:1904
- C:\Windows\System\VNuEVkf.exe
  C:\Windows\System\VNuEVkf.exe
  2⤵
  PID:10776
- C:\Windows\System\tElTbuM.exe
  C:\Windows\System\tElTbuM.exe
  2⤵
  PID:1760
- C:\Windows\System\ZXduqHq.exe
  C:\Windows\System\ZXduqHq.exe
  2⤵
  PID:11172
- C:\Windows\System\yFyOWfb.exe
  C:\Windows\System\yFyOWfb.exe
  2⤵
  PID:3020
- C:\Windows\System\ebJNBWA.exe
  C:\Windows\System\ebJNBWA.exe
  2⤵
  PID:11100
- C:\Windows\System\eJpTCPC.exe
  C:\Windows\System\eJpTCPC.exe
  2⤵
  PID:10528
- C:\Windows\System\OoaTGVK.exe
  C:\Windows\System\OoaTGVK.exe
  2⤵
  PID:2248
- C:\Windows\System\qdIjHbh.exe
  C:\Windows\System\qdIjHbh.exe
  2⤵
  PID:10612
- C:\Windows\System\sKJeich.exe
  C:\Windows\System\sKJeich.exe
  2⤵
  PID:2712
- C:\Windows\System\PrnAFnZ.exe
  C:\Windows\System\PrnAFnZ.exe
  2⤵
  PID:10808
- C:\Windows\System\MiHFxvg.exe
  C:\Windows\System\MiHFxvg.exe
  2⤵
  PID:2140
- C:\Windows\System\SIkqDwt.exe
  C:\Windows\System\SIkqDwt.exe
  2⤵
  PID:10916
- C:\Windows\System\ZOxskKO.exe
  C:\Windows\System\ZOxskKO.exe
  2⤵
  PID:1492
- C:\Windows\System\DnnzOfR.exe
  C:\Windows\System\DnnzOfR.exe
  2⤵
  PID:11132
- C:\Windows\System\losjkIz.exe
  C:\Windows\System\losjkIz.exe
  2⤵
  PID:11000
- C:\Windows\System\DJoIGyl.exe
  C:\Windows\System\DJoIGyl.exe
  2⤵
  PID:11260
- C:\Windows\System\OLEeVSh.exe
  C:\Windows\System\OLEeVSh.exe
  2⤵
  PID:10760
- C:\Windows\System\VodQYdZ.exe
  C:\Windows\System\VodQYdZ.exe
  2⤵
  PID:11244
- C:\Windows\System\hEsPpqc.exe
  C:\Windows\System\hEsPpqc.exe
  2⤵
  PID:2708
- C:\Windows\System\FYBPAlA.exe
  C:\Windows\System\FYBPAlA.exe
  2⤵
  PID:10896
- C:\Windows\System\uQEYQis.exe
  C:\Windows\System\uQEYQis.exe
  2⤵
  PID:10580
- C:\Windows\System\pSFdOPz.exe
  C:\Windows\System\pSFdOPz.exe
  2⤵
  PID:11280
- C:\Windows\System\QqTqsRs.exe
  C:\Windows\System\QqTqsRs.exe
  2⤵
  PID:11296
- C:\Windows\System\CTETpSj.exe
  C:\Windows\System\CTETpSj.exe
  2⤵
  PID:11320
- C:\Windows\System\KJaOxgy.exe
  C:\Windows\System\KJaOxgy.exe
  2⤵
  PID:11348
- C:\Windows\System\TUbTVZH.exe
  C:\Windows\System\TUbTVZH.exe
  2⤵
  PID:11368
- C:\Windows\System\PoFJtMV.exe
  C:\Windows\System\PoFJtMV.exe
  2⤵
  PID:11384
- C:\Windows\System\HeTYMMU.exe
  C:\Windows\System\HeTYMMU.exe
  2⤵
  PID:11400
- C:\Windows\System\xRahipX.exe
  C:\Windows\System\xRahipX.exe
  2⤵
  PID:11420
- C:\Windows\System\jmzhzQf.exe
  C:\Windows\System\jmzhzQf.exe
  2⤵
  PID:11444
- C:\Windows\System\zAxtKyq.exe
  C:\Windows\System\zAxtKyq.exe
  2⤵
  PID:11460
- C:\Windows\System\TPrCJLw.exe
  C:\Windows\System\TPrCJLw.exe
  2⤵
  PID:11476
- C:\Windows\System\EdJByxb.exe
  C:\Windows\System\EdJByxb.exe
  2⤵
  PID:11508
- C:\Windows\System\fOhPASS.exe
  C:\Windows\System\fOhPASS.exe
  2⤵
  PID:11524
- C:\Windows\System\DDFEZOs.exe
  C:\Windows\System\DDFEZOs.exe
  2⤵
  PID:11540
- C:\Windows\System\PxIWRBr.exe
  C:\Windows\System\PxIWRBr.exe
  2⤵
  PID:11560
- C:\Windows\System\qXRWXLu.exe
  C:\Windows\System\qXRWXLu.exe
  2⤵
  PID:11576
- C:\Windows\System\QFQvqUT.exe
  C:\Windows\System\QFQvqUT.exe
  2⤵
  PID:11600
- C:\Windows\System\sOxXisR.exe
  C:\Windows\System\sOxXisR.exe
  2⤵
  PID:11620
- C:\Windows\System\ciJUYLz.exe
  C:\Windows\System\ciJUYLz.exe
  2⤵
  PID:11636
- C:\Windows\System\pjWSTsL.exe
  C:\Windows\System\pjWSTsL.exe
  2⤵
  PID:11660
- C:\Windows\System\LucRjsa.exe
  C:\Windows\System\LucRjsa.exe
  2⤵
  PID:11688
- C:\Windows\System\AgTvOhC.exe
  C:\Windows\System\AgTvOhC.exe
  2⤵
  PID:11708
- C:\Windows\System\AjViDDd.exe
  C:\Windows\System\AjViDDd.exe
  2⤵
  PID:11724
- C:\Windows\System\SPphcZO.exe
  C:\Windows\System\SPphcZO.exe
  2⤵
  PID:11748
- C:\Windows\System\HJUSnfu.exe
  C:\Windows\System\HJUSnfu.exe
  2⤵
  PID:11764
- C:\Windows\System\pqUFYNc.exe
  C:\Windows\System\pqUFYNc.exe
  2⤵
  PID:11788
- C:\Windows\System\odFsbFG.exe
  C:\Windows\System\odFsbFG.exe
  2⤵
  PID:11808
- C:\Windows\System\XOGhZPY.exe
  C:\Windows\System\XOGhZPY.exe
  2⤵
  PID:11824
- C:\Windows\System\jqrwXDp.exe
  C:\Windows\System\jqrwXDp.exe
  2⤵
  PID:11840
- C:\Windows\System\yVnstkT.exe
  C:\Windows\System\yVnstkT.exe
  2⤵
  PID:11860
- C:\Windows\System\twQHkcO.exe
  C:\Windows\System\twQHkcO.exe
  2⤵
  PID:11876
- C:\Windows\System\TNKgGxI.exe
  C:\Windows\System\TNKgGxI.exe
  2⤵
  PID:11896
- C:\Windows\System\OwntyDT.exe
  C:\Windows\System\OwntyDT.exe
  2⤵
  PID:11936
- C:\Windows\System\KRAXmCJ.exe
  C:\Windows\System\KRAXmCJ.exe
  2⤵
  PID:11952
- C:\Windows\System\bNxbTvw.exe
  C:\Windows\System\bNxbTvw.exe
  2⤵
  PID:11968
- C:\Windows\System\BdkWMsl.exe
  C:\Windows\System\BdkWMsl.exe
  2⤵
  PID:11992
- C:\Windows\System\EPpUTLP.exe
  C:\Windows\System\EPpUTLP.exe
  2⤵
  PID:12016
- C:\Windows\System\oHUamvB.exe
  C:\Windows\System\oHUamvB.exe
  2⤵
  PID:12032
- C:\Windows\System\FLuWViT.exe
  C:\Windows\System\FLuWViT.exe
  2⤵
  PID:12048
- C:\Windows\System\HNlXaEa.exe
  C:\Windows\System\HNlXaEa.exe
  2⤵
  PID:12064
- C:\Windows\System\YLHRYEi.exe
  C:\Windows\System\YLHRYEi.exe
  2⤵
  PID:12088
- C:\Windows\System\awbGgKt.exe
  C:\Windows\System\awbGgKt.exe
  2⤵
  PID:12104
- C:\Windows\System\JcOEhAa.exe
  C:\Windows\System\JcOEhAa.exe
  2⤵
  PID:12120
- C:\Windows\System\CpvhSqr.exe
  C:\Windows\System\CpvhSqr.exe
  2⤵
  PID:12136
- C:\Windows\System\IHofNZV.exe
  C:\Windows\System\IHofNZV.exe
  2⤵
  PID:12152
- C:\Windows\System\XYnIOFy.exe
  C:\Windows\System\XYnIOFy.exe
  2⤵
  PID:12168
- C:\Windows\System\aZlWfBQ.exe
  C:\Windows\System\aZlWfBQ.exe
  2⤵
  PID:12184
- C:\Windows\System\FmBiFoR.exe
  C:\Windows\System\FmBiFoR.exe
  2⤵
  PID:12208
- C:\Windows\System\ysDLNys.exe
  C:\Windows\System\ysDLNys.exe
  2⤵
  PID:12256
- C:\Windows\System\pZfQppg.exe
  C:\Windows\System\pZfQppg.exe
  2⤵
  PID:12272
- C:\Windows\System\jtySHDQ.exe
  C:\Windows\System\jtySHDQ.exe
  2⤵
  PID:11272
- C:\Windows\System\MxKXwOw.exe
  C:\Windows\System\MxKXwOw.exe
  2⤵
  PID:11288
- C:\Windows\System\NkBKEPa.exe
  C:\Windows\System\NkBKEPa.exe
  2⤵
  PID:11312
- C:\Windows\System\JnCXNly.exe
  C:\Windows\System\JnCXNly.exe
  2⤵
  PID:11332
- C:\Windows\System\ieMTCCX.exe
  C:\Windows\System\ieMTCCX.exe
  2⤵
  PID:11356
- C:\Windows\System\fMnRhyh.exe
  C:\Windows\System\fMnRhyh.exe
  2⤵
  PID:11376
- C:\Windows\System\QMlWPPW.exe
  C:\Windows\System\QMlWPPW.exe
  2⤵
  PID:11428
- C:\Windows\System\yPknfDV.exe
  C:\Windows\System\yPknfDV.exe
  2⤵
  PID:11436
- C:\Windows\System\ozjSINz.exe
  C:\Windows\System\ozjSINz.exe
  2⤵
  PID:11552
- C:\Windows\System\WXxudrk.exe
  C:\Windows\System\WXxudrk.exe
  2⤵
  PID:11592
- C:\Windows\System\myjvMKg.exe
  C:\Windows\System\myjvMKg.exe
  2⤵
  PID:11572
- C:\Windows\System\wuMFqLb.exe
  C:\Windows\System\wuMFqLb.exe
  2⤵
  PID:11616
- C:\Windows\System\FBxlFLz.exe
  C:\Windows\System\FBxlFLz.exe
  2⤵
  PID:11676
- C:\Windows\System\BWSpZuo.exe
  C:\Windows\System\BWSpZuo.exe
  2⤵
  PID:11656
- C:\Windows\System\gGTWgiF.exe
  C:\Windows\System\gGTWgiF.exe
  2⤵
  PID:11700
- C:\Windows\System\VOvCteK.exe
  C:\Windows\System\VOvCteK.exe
  2⤵
  PID:11756
- C:\Windows\System\LSqaFGT.exe
  C:\Windows\System\LSqaFGT.exe
  2⤵
  PID:11732
- C:\Windows\System\ZYcIPVe.exe
  C:\Windows\System\ZYcIPVe.exe
  2⤵
  PID:11784
- C:\Windows\System\OzEHVlV.exe
  C:\Windows\System\OzEHVlV.exe
  2⤵
  PID:11868
- C:\Windows\System\EEyCeAJ.exe
  C:\Windows\System\EEyCeAJ.exe
  2⤵
  PID:11816
- C:\Windows\System\oeRztmR.exe
  C:\Windows\System\oeRztmR.exe
  2⤵
  PID:11856
- C:\Windows\System\nwanJnl.exe
  C:\Windows\System\nwanJnl.exe
  2⤵
  PID:11888
- C:\Windows\System\ZIHIeaf.exe
  C:\Windows\System\ZIHIeaf.exe
  2⤵
  PID:11920
- C:\Windows\System\RhiACiB.exe
  C:\Windows\System\RhiACiB.exe
  2⤵
  PID:11504
- C:\Windows\System\AVYrrUw.exe
  C:\Windows\System\AVYrrUw.exe
  2⤵
  PID:11980
- C:\Windows\System\NfYUrWp.exe
  C:\Windows\System\NfYUrWp.exe
  2⤵
  PID:12000
- C:\Windows\System\YcfXEHY.exe
  C:\Windows\System\YcfXEHY.exe
  2⤵
  PID:12028
- C:\Windows\System\pntSBYs.exe
  C:\Windows\System\pntSBYs.exe
  2⤵
  PID:12180
- C:\Windows\System\oJaLIQd.exe
  C:\Windows\System\oJaLIQd.exe
  2⤵
  PID:12128
- C:\Windows\System\vbOteLd.exe
  C:\Windows\System\vbOteLd.exe
  2⤵
  PID:12224
- C:\Windows\System\PpUtgFS.exe
  C:\Windows\System\PpUtgFS.exe
  2⤵
  PID:12228
- C:\Windows\System\JouFLhM.exe
  C:\Windows\System\JouFLhM.exe
  2⤵
  PID:1800
- C:\Windows\System\NVGrBPq.exe
  C:\Windows\System\NVGrBPq.exe
  2⤵
  PID:11392
- C:\Windows\System\aSqIjvj.exe
  C:\Windows\System\aSqIjvj.exe
  2⤵
  PID:11408
- C:\Windows\System\lCNJSXx.exe
  C:\Windows\System\lCNJSXx.exe
  2⤵
  PID:11364
- C:\Windows\System\DKTDiJR.exe
  C:\Windows\System\DKTDiJR.exe
  2⤵
  PID:11456
- C:\Windows\System\AjHZXoz.exe
  C:\Windows\System\AjHZXoz.exe
  2⤵
  PID:11472
- C:\Windows\System\wpiCvsu.exe
  C:\Windows\System\wpiCvsu.exe
  2⤵
  PID:11488
- C:\Windows\System\olJQKCr.exe
  C:\Windows\System\olJQKCr.exe
  2⤵
  PID:11548
- C:\Windows\System\pgulUqw.exe
  C:\Windows\System\pgulUqw.exe
  2⤵
  PID:11568
- C:\Windows\System\fcOjAyd.exe
  C:\Windows\System\fcOjAyd.exe
  2⤵
  PID:11652
- C:\Windows\System\CJBwhSm.exe
  C:\Windows\System\CJBwhSm.exe
  2⤵
  PID:11832
- C:\Windows\System\dwdQSpW.exe
  C:\Windows\System\dwdQSpW.exe
  2⤵
  PID:11720
- C:\Windows\System\GSyLTpp.exe
  C:\Windows\System\GSyLTpp.exe
  2⤵
  PID:11904
- C:\Windows\System\GNvJvCC.exe
  C:\Windows\System\GNvJvCC.exe
  2⤵
  PID:12060
- C:\Windows\System\YZBHyTy.exe
  C:\Windows\System\YZBHyTy.exe
  2⤵
  PID:12084
- C:\Windows\System\PtmEfIy.exe
  C:\Windows\System\PtmEfIy.exe
  2⤵
  PID:12148
- C:\Windows\System\MCUwxYw.exe
  C:\Windows\System\MCUwxYw.exe
  2⤵
  PID:12160
- C:\Windows\System\DixwcEM.exe
  C:\Windows\System\DixwcEM.exe
  2⤵
  PID:12240
- C:\Windows\System\ytCNAnu.exe
  C:\Windows\System\ytCNAnu.exe
  2⤵
  PID:11340
- C:\Windows\System\HtHirmh.exe
  C:\Windows\System\HtHirmh.exe
  2⤵
  PID:11468
- C:\Windows\System\IYldGym.exe
  C:\Windows\System\IYldGym.exe
  2⤵
  PID:11440
- C:\Windows\System\BxabeHH.exe
  C:\Windows\System\BxabeHH.exe
  2⤵
  PID:11084
- C:\Windows\System\OUEFKKc.exe
  C:\Windows\System\OUEFKKc.exe
  2⤵
  PID:11628
- C:\Windows\System\eMuEZqe.exe
  C:\Windows\System\eMuEZqe.exe
  2⤵
  PID:11836
- C:\Windows\System\wLHMsFT.exe
  C:\Windows\System\wLHMsFT.exe
  2⤵
  PID:11672
- C:\Windows\System\kXsDHbk.exe
  C:\Windows\System\kXsDHbk.exe
  2⤵
  PID:11932
- C:\Windows\System\lpEybPz.exe
  C:\Windows\System\lpEybPz.exe
  2⤵
  PID:11892
- C:\Windows\System\yqzwDnz.exe
  C:\Windows\System\yqzwDnz.exe
  2⤵
  PID:12072
- C:\Windows\System\qozZUfK.exe
  C:\Windows\System\qozZUfK.exe
  2⤵
  PID:11452
- C:\Windows\System\xVLolhH.exe
  C:\Windows\System\xVLolhH.exe
  2⤵
  PID:12132
- C:\Windows\System\UnojEvf.exe
  C:\Windows\System\UnojEvf.exe
  2⤵
  PID:12220
- C:\Windows\System\HdUZrlS.exe
  C:\Windows\System\HdUZrlS.exe
  2⤵
  PID:11928
- C:\Windows\System\vrMOAzg.exe
  C:\Windows\System\vrMOAzg.exe
  2⤵
  PID:11396
- C:\Windows\System\mnplinn.exe
  C:\Windows\System\mnplinn.exe
  2⤵
  PID:11532
- C:\Windows\System\TMCRaHV.exe
  C:\Windows\System\TMCRaHV.exe
  2⤵
  PID:11736
- C:\Windows\System\umnofEA.exe
  C:\Windows\System\umnofEA.exe
  2⤵
  PID:12304
- C:\Windows\System\maDnkIb.exe
  C:\Windows\System\maDnkIb.exe
  2⤵
  PID:12320
- C:\Windows\System\WhztfxM.exe
  C:\Windows\System\WhztfxM.exe
  2⤵
  PID:12336
- C:\Windows\System\VhuiZNg.exe
  C:\Windows\System\VhuiZNg.exe
  2⤵
  PID:12352
- C:\Windows\System\isoIwGX.exe
  C:\Windows\System\isoIwGX.exe
  2⤵
  PID:12376
- C:\Windows\System\mbrBuIk.exe
  C:\Windows\System\mbrBuIk.exe
  2⤵
  PID:12416
- C:\Windows\System\JEQrEEQ.exe
  C:\Windows\System\JEQrEEQ.exe
  2⤵
  PID:12432
- C:\Windows\System\hjOABFJ.exe
  C:\Windows\System\hjOABFJ.exe
  2⤵
  PID:12448
- C:\Windows\System\pYEQIdO.exe
  C:\Windows\System\pYEQIdO.exe
  2⤵
  PID:12464
- C:\Windows\System\symTVce.exe
  C:\Windows\System\symTVce.exe
  2⤵
  PID:12480
- C:\Windows\System\ICoYfWP.exe
  C:\Windows\System\ICoYfWP.exe
  2⤵
  PID:12496
- C:\Windows\System\lXaWJfD.exe
  C:\Windows\System\lXaWJfD.exe
  2⤵
  PID:12516
- C:\Windows\System\TULncZi.exe
  C:\Windows\System\TULncZi.exe
  2⤵
  PID:12532
- C:\Windows\System\ILbkGeF.exe
  C:\Windows\System\ILbkGeF.exe
  2⤵
  PID:12548
- C:\Windows\System\gbqnIDr.exe
  C:\Windows\System\gbqnIDr.exe
  2⤵
  PID:12564
- C:\Windows\System\ExxcSdM.exe
  C:\Windows\System\ExxcSdM.exe
  2⤵
  PID:12580
- C:\Windows\System\zLMTuLi.exe
  C:\Windows\System\zLMTuLi.exe
  2⤵
  PID:12596
- C:\Windows\System\eHgTeNg.exe
  C:\Windows\System\eHgTeNg.exe
  2⤵
  PID:12612
- C:\Windows\System\UTWbyOM.exe
  C:\Windows\System\UTWbyOM.exe
  2⤵
  PID:12628
- C:\Windows\System\rFZNTRP.exe
  C:\Windows\System\rFZNTRP.exe
  2⤵
  PID:12644
- C:\Windows\System\cMVHQkf.exe
  C:\Windows\System\cMVHQkf.exe
  2⤵
  PID:12660
- C:\Windows\System\yOcVTnn.exe
  C:\Windows\System\yOcVTnn.exe
  2⤵
  PID:12676
- C:\Windows\System\RJXAcJv.exe
  C:\Windows\System\RJXAcJv.exe
  2⤵
  PID:12692
- C:\Windows\System\EOjQklJ.exe
  C:\Windows\System\EOjQklJ.exe
  2⤵
  PID:12708
- C:\Windows\System\DXexxdn.exe
  C:\Windows\System\DXexxdn.exe
  2⤵
  PID:12724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CXjovaN.exe

Filesize
6.0MB

MD5
6ef42e9adafd333de27612fcb42d8f99

SHA1
e93c2a5a729796741f46342e08bbd0ef83d5094b

SHA256
b8ccba7fa6c75d6f56a5f4f8923f820f5577a22606561930cbd6ccb3615a6ac7

SHA512
c4eef3d032b1bd9ad9feb4e18e2eaf4081b3f5f9eab4da85550c146efd30c4a877829e4a03b2367b1a554a5381707ef5f88c1d2608e36486f832577050b14261

Download Submit
C:\Windows\system\CjtzilY.exe

Filesize
6.0MB

MD5
269d095525244de388e25cd378605348

SHA1
853a0a84449fe10016baba5310ed49b1a445395e

SHA256
6e8e295338b8f0f45471d97a82f021c6ed6b344359f90126c684bd9f1a3a176b

SHA512
7067a8c39952a74f3ec701918d2031982003d14be7a766319e5df29c65269cd8289db31a0460577ce16c3be760f80ef3a2dabbda5cdda8c01a15dd7aec658b1f

Download Submit
C:\Windows\system\DbWCZGn.exe

Filesize
6.0MB

MD5
89f61acf7809ad881817042778d84738

SHA1
8de3d4cf8f072ee398d448f9b1bfbfd057a2ad81

SHA256
e55940bc0407facc82881311bad50a098342b4b9de9dcf6dbf6b5d6220745bee

SHA512
dc792b32f4b9aec8c73c75fe0126a7caecc354991663961aa028a6124fb2ceacbc78f2634b7085bc66b1e94dfcf97592f7e8d97f3e0d1b3b63ccaa6f4d0a7740

Download Submit
C:\Windows\system\DdhsOUX.exe

Filesize
6.0MB

MD5
642388ac09ba8dabea89b0884e866a99

SHA1
2c8367b8af01e953d5a25ff0d262a72c9ada4159

SHA256
5258bdf3458357835e7998a00ed3793b48b6b04d756429d61a6b586e5c329d0e

SHA512
9037dae10ce386d4dc3120742c6b238fea76d30d612da3b3a01a19dcde03e843bcc01117e9d04bf564811c7bfa612e14e9883244d0e0c82bf815b224365b28cc

Download Submit
C:\Windows\system\DoPhevG.exe

Filesize
6.0MB

MD5
02d9a6049648821bab4601b7b33822a6

SHA1
52ef3baa289f54ba044131bdb3800ef42e386030

SHA256
8e2018ccc9945fe8489f051eece9189d024143317eb740ba3028d75081c52b74

SHA512
8f13b040e40f07fdaaee43694fb6e15711d30db53ee86e961aad7c311fa5e2912e092f52205802df03de45a6d13e974a019e299e0027f619298bfad04a3fc7ca

Download Submit
C:\Windows\system\GvVPYXU.exe

Filesize
6.0MB

MD5
4d83de276f59fac7c9392955f699f416

SHA1
0c96f5566487d5ab7cbc4713290233ca556b287f

SHA256
50657c74ad60f91c78ed99a56373f620036c51557a63eaf0e11e0cfd878a756f

SHA512
ace8d29d8197380d56c3b46eac4b852c2ff0f8c7ffac7368674ea8db6ab730bbb08164cadd5f030e5f42a7b9018f39f9407bd7448a6eec6967e48b0080b888b8

Download Submit
C:\Windows\system\GvuTyvH.exe

Filesize
6.0MB

MD5
1c71e00d8321b2766b2ff46e303c766d

SHA1
48bc899a5ceb8cb236cbc2f66208e0d5e90e6423

SHA256
782100a311d36b13773d072b5684ace937e01312e51918169cb173884e8d1731

SHA512
bee95d2abcb1069cc83069e90d106d2414014914000546a30445bb49a15ac6d7eafbbda3b6cef0096f29d4f27e61d6d476c1f74d0a1b2a761301e62386c96a31

Download Submit
C:\Windows\system\IispyRq.exe

Filesize
6.0MB

MD5
56e3585c47395f6569f4030ed2c09da7

SHA1
4c6d9ec43923895b2ea6aae1af5435fc9483dc23

SHA256
c835b270c384965e31f4490516df88c2fee5fb2ffce83ecc3a1638e621571063

SHA512
3dd5add8de70d47186ea4521f39291c74891923f6eacca6a8a26798ae54e33cd2369a70cc7b70ab7db10b56c8dfd292159dda99bacb690f3e9a8930dd7563ad3

Download Submit
C:\Windows\system\JztYxDJ.exe

Filesize
6.0MB

MD5
f33b40008beada1a39c779782c2da5e1

SHA1
256604169ccd2ccc52f1d91154adc2e488628d75

SHA256
512c219ddd3aa2dd441c243bda96f22a136e5361a15b3daf4511a8b50233551c

SHA512
2a92ad0d42107ffd9b5851d234afe1ac68c03ac2e1aa4816452b154c7a62f98aa8724765349082f84a1aade759709ddffce4b6d56e57b2aa91ca16e9d5b593de

Download Submit
C:\Windows\system\KkWwBGO.exe

Filesize
6.0MB

MD5
d65dae82a41bac4b97ad0be16674d1b8

SHA1
d8b7221ee0a0b1c68967f83feb84807a037445ad

SHA256
c8fba32044b2f46061b4f55ed7efc97d1db705144917f4f0356b3989d80bb405

SHA512
78f3a53b0bf0c5187894a8c0d825041354b46443ac3c216f6bc22b1c9a9f373a6efd1d97ae41625015044c8aa902d62750be6f83dfb9add720ed7b0544fe87e4

Download Submit
C:\Windows\system\NGmqcCL.exe

Filesize
6.0MB

MD5
b5eabd2d318f1fa0e2381528c4599067

SHA1
de6e24cf4acdaf954296ced93a3124c8fc888567

SHA256
e82321ae157f2968c92b63873561202ab3cd6fb44faec181c7391e4e351a2715

SHA512
b25f38d228d9cd7eb3b78e4fc669ec1555bf1f435b21f526b8f02648e9ea61afb03b2b1f8963bf319da0a4e8770dff0ebfd88c89851a6c50357e7b602e3dd248

Download Submit
C:\Windows\system\OZuPnXi.exe

Filesize
6.0MB

MD5
5c429adb3d901d6b2e89983b67ef3c62

SHA1
3a91955bf4676bcb6b0361ab74ef02101a4d8e84

SHA256
57c5a2c14d0f5ccf7d0c128d0861b2da2469a4212d519a6473d3fd2f428f2b8e

SHA512
b2da0177e55669c9974ecea6708960070b4ee208ffe98a14e7ff6a40a45b656dffbd961a250ff8e85601ff7198856baa8194c3cd18d08b9dccafd2dbf5651c7b

Download Submit
C:\Windows\system\PSevBxD.exe

Filesize
6.0MB

MD5
95bcb0a875b88bc12f2505cb2a704025

SHA1
e6f92a16bc27932eb69d0c37f7b2180818993e31

SHA256
b8017da8cc2ffd995dde2a9bd616b9981f5030efffed34f378f754e416af9473

SHA512
1e74d578b2878c1c14cf7d97e082f4bc3957b4f5755693693e7f1ef66d29f747a77d783b51eaed9378568c1063d644d616034a0a17c8bf739e852373ad109752

Download Submit
C:\Windows\system\TLqHHec.exe

Filesize
6.0MB

MD5
04ef7e266b83cbcc001ae10f3b8946cd

SHA1
ea8225d8c59f752cdf1283f6412c9f982318be18

SHA256
fa1e76c5949032c011fed4a9aee5fd061cdd79137767983e94987deaf18f356c

SHA512
90df998f6ba0c2dbed5a7f10985cff26cb1bff74613d390148ef6c7af045fce3c7f6964dcfb367697bf8ab3c11416d541ad40c3bcb906c6bff9ab6dcbad0fff7

Download Submit
C:\Windows\system\VHJihYj.exe

Filesize
6.0MB

MD5
61acd7b13becc5c7d93f9ed8383a7843

SHA1
325859dd0d0ae44899c1d3eb1830850192364bf6

SHA256
8ca079e94dbda95b99f520dab77ef4189bcf76ead9ca6bb67264b6508256a29a

SHA512
13f8b45103d1a9eb79cd7fe6d479d0807168ad7873955aa463e9428e34d5a73ad6eeb6c63bd89a1339f4e4a9f8b736b26b58c5e0e148e2d06f71d9b958bde8ec

Download Submit
C:\Windows\system\VyEiiom.exe

Filesize
6.0MB

MD5
9505cd2c7049d40e0747d744577749a0

SHA1
a300ffbbe04b077687fbbb9690a1cddee8dbad51

SHA256
afa853443803e39cb6afb5ddf55584f44b051254afb67c44b097083dc2317dd8

SHA512
faebc5b93ffa5eaea6965cc2607bfb1401207379012c3f80acd34ed336eccb9993f108d0f3f880e92b3a5f614ea901419f73c1d43b61a48f3fccda30769548ff

Download Submit
C:\Windows\system\XEzztRf.exe

Filesize
6.0MB

MD5
54388d4e6ebd070eefdc00593a0327f7

SHA1
9cf8e7c3e332476354eadd1ac6f6544f9e482177

SHA256
bbacd281637002c7a8a6070754f039c1267d23183f93dc6fd0e8fb9fcc191704

SHA512
e1cab683b74d9ce1be310128ed635f824a1aef622eb44d881b7216850e5917962065e853d745dd4934bc68e8977301e821122d79527f1e5337dd7c9db71dd99d

Download Submit
C:\Windows\system\ZaVkOKp.exe

Filesize
6.0MB

MD5
3bfd880881337c96c8acc8eccd68b007

SHA1
fbb2b36fddfc940b1d32d98f565f093cbe170d18

SHA256
383c4e95a188d01c42b4231e2a6f4b1573ce861ee9a7ecd4105ce8a25c0bfb5a

SHA512
1fe1ed2e3a6cb98191e36b1abd42fba5623dd30edc5cc6fe728e88133d6e8cddbc307aaded2ebf85953608eaa3298ce9b2eed2ca6b90c8cca9b40facad9fd7d7

Download Submit
C:\Windows\system\bVuFgtt.exe

Filesize
6.0MB

MD5
155e7d3420eee0972a98271d3083d838

SHA1
def4ac8976ea869d2f18d76447bbdc1095b0cb1b

SHA256
79bcbc6fbe692cda4b3e26adcbf70cf42cf18a980b4e23ebf1f0291a495a8e05

SHA512
091d14895d12397dd6d952afdb1bc1e0397426111286ebcedfca068a198a16ce888b33c912c3000382a86f0b95ef34736cc9a37952c55ccad5ca39ce9e3c8bbd

Download Submit
C:\Windows\system\bpIUvsc.exe

Filesize
6.0MB

MD5
67b863d09a7fa58447be16d5c92d4263

SHA1
5538a4c98c2ea3f48d9b3f63914c26eae31c7ef5

SHA256
8e725eb06f9aef6b7dbe2b694ce8d6f2fcb84f4f39241598c7593b31a37815d0

SHA512
d9017a89efe27c0723ee365fff9ef38a6a0a59776d4e0b5e89d9bbd385ddc1554ba7615c6d3f47bccc45a9e3b9f2665f4e57aedf7e854743bdac5b10e9d143ea

Download Submit
C:\Windows\system\cuOVacd.exe

Filesize
6.0MB

MD5
f5b87169ca536b34d932dc9a0ed68d9b

SHA1
a872e048af14ce22e261588aa9e3f09521de1896

SHA256
c5be48cb3cb715b3d30c475bff74eb73568cf48584185491466e8948bdeac401

SHA512
ba7110c20e55457101c6bc725452fa29d7f72eca38791944d4dd3b5d0ac28ea0784d4d615772e57c82d35582dbb769ae0e28a6772ab67174f7a31ea2a30c2e6e

Download Submit
C:\Windows\system\ffBIyuj.exe

Filesize
6.0MB

MD5
91869a03b48240101052d799cc476a6a

SHA1
cf0b379b8e0aa5b2dda3c4aaa2178e5e56122dea

SHA256
699b64b9a46f095f744931845b33f4ca608b1a17c5f55ae829dbda58aa4bcad0

SHA512
0bf5164cbb3b14eee324dff36eae4581e631fef62fbcb5a934869e7e4ecfcea855eb599ef7c4fde458aa3ecb6a9abb8c34a00ad705180a41ab8aba1dd267b15c

Download Submit
C:\Windows\system\jsIDElm.exe

Filesize
6.0MB

MD5
8d38f3da67d84739821e1a7906b0c68f

SHA1
f4c560ec43596de6450ab6393deb7cc3bbe35b7a

SHA256
f20234e98030c8f1197853a735cd8062421bb2823b912e32fc6e40e6da080812

SHA512
7ddc67e12eda7171e67ff31c6ac093c472c491a6127067e10bf9a28c9c63f523f111fa7e3d0bafcb17e2d7df76b3290178d367cca9ba4b7c3da1ee60b7e73ffe

Download Submit
C:\Windows\system\lxDahwB.exe

Filesize
6.0MB

MD5
17eb867563e66ec95c0303b82f728a3b

SHA1
47df022fd24c7866df32fe8d1a5b3bc064ae78ad

SHA256
aaeaf1ba3c6a8e56cbb987561756029c15412bd4618ba54c0e015fbc6c27c5e4

SHA512
11db462ae54d93ab769142f015a43f2bd874b3bdf5b88194f13263286711a84409b402966f3617943c7668022d3008d1ab5ab469e14f18b537de31a89437b34a

Download Submit
C:\Windows\system\mlsCmlL.exe

Filesize
6.0MB

MD5
e0b42be1ec5e03f63d4fde4df774fef9

SHA1
18f362c072d1f868535e1c4f8bacc3e20aa27119

SHA256
85ffd2082047a251da3ed893397055e588a699a66e6449032b28fa36f152d26c

SHA512
e4d7bb1b8b0b1976ba60ac0f00a17eedf2ba46029b03cabe54197ef14f4665c316dc8879d56f175087719f3d03766bdd92f831ecbc4a8026deedac05a8154011

Download Submit
C:\Windows\system\nMjTvxA.exe

Filesize
6.0MB

MD5
ad0b085f47d0d01ed8b16201049fe233

SHA1
8bb7a4661d00ab36b8116eae8a52d3805281b43b

SHA256
77aff90d18744895406d510f50fdc634a9847ee60a773b856f4f4dc59f619a59

SHA512
45786f5767abcfec57c64af11901d14f84ef95a521830c28296b1424d2ad898c9e8740262e8d7f5e571d0df80dcb865d48720ab0914c81d4c4070cfb455bade3

Download Submit
C:\Windows\system\sqqSJNw.exe

Filesize
6.0MB

MD5
fbfde9d1e58a6ffd73db09d312444e31

SHA1
8ae34859b117926b733cfeeed6d33a086fe68e16

SHA256
645a37d62c1d077a365acf39f2fef444dd75386d0e49037f4de3afd19232c37a

SHA512
b6be85df0fdde624f6a1ca5eae61a74d3801eb9b875e7267094715969c2f6be2abae6616ae4a2b119bf2b3f4c415604de60a0ad56e5e928b1656f849110b4d8f

Download Submit
C:\Windows\system\uahNuMU.exe

Filesize
6.0MB

MD5
a6c6a49d8d221abd2129b01262a5f026

SHA1
f1d9ab92fd498e452c03cb9bf8ac0f6f70464af2

SHA256
b84156af65fdaad5a6a705ea25ec0baaf5827d3af9a533a5989591e8d6c08958

SHA512
8ae5de078ce464d00d86aef3330e19fff62c3a0a18d0f55f53bb6b56883fa8ff020ce582853ee93597e25f9f43fdeff189515833b116242b15d06baa9737f873

Download Submit
C:\Windows\system\vHViOJk.exe

Filesize
8B

MD5
a5ce0e1cd1d3917f12b2586698d6dcc3

SHA1
2f4215182cfc776d7694eb4ff7274612b0593eeb

SHA256
48b3f31c2ddcc55f74d70a7833a2b09f6b374689bbf4cb6de601d6a621a2abbc

SHA512
f349489705218d3925cc06581c9fd70709fc5a0bb4f86496e55ebbbc637c745339459701ffd3b7a8c11bbfdd4f5b738df89620bf4327ebc87ea6731f85a01281

Download Submit
\Windows\system\EpcMSyh.exe

Filesize
6.0MB

MD5
b234ace10f0070209b869de1af77c660

SHA1
594d6d1e4fe3fe0af7380aa3cebde926a4a7647f

SHA256
4dc926cf2d95e759e9d9b9ad9769d9c56328a59ffab8cdb414414a662fadc099

SHA512
fb991bfe721a56384068ea802adeac415139dcaa722678a7337f9555f90f89de856c7aefa840e3f961fcedcab4301a9e3290f8ffededc4446be81d1ff8d3b71f

Download Submit
\Windows\system\iKSFSle.exe

Filesize
6.0MB

MD5
1dcd59a82a43de04245cf7cae4b51452

SHA1
b9be4a8caa665c5c1d8df1ff5ed4d2e9a5d22465

SHA256
4322a564254474f4c47f118c30c497d7673eb699faaa5f981733e963842c9d0b

SHA512
0aa11cefe51ff68622ba039b90f95885c2d7ba14e185472b77bcbe441eee610e7bc32a14d30dd3d690484863c63bfd427bf60a6a044070189fa11e5210506af9

Download Submit
\Windows\system\nmgEsrh.exe

Filesize
6.0MB

MD5
dd4d5755472844213ca06baec6624a67

SHA1
d0acd87e8ad004505407f1fe5e232d6e90859a4d

SHA256
d23084841aa1280a3dc5adf0523d79fed809cee70f237e7847f3076340a80f46

SHA512
93273b66284ded363e1fe6e762a3fd57faf84453011196cb8ed102771434fe73133d4420ad48e49d39a6fb78db37fe3af26bb78c80029c0ed389c9f5efc7e33f

Download Submit
\Windows\system\wmlFjBj.exe

Filesize
6.0MB

MD5
7326b9d2c673f634d728e84caaccb920

SHA1
9e8c07b8f6a5572667b1ff07360eace7b98222bb

SHA256
ab20daf8cb822e63d7c238fceb2558267373c1e8568e1e7e1c9591f4e5d84d2e

SHA512
9dab50aa795b8dd7d37bdbf389e1944b5ecb3690718d37f443ccb44cb03248efc6291b8bc4c7394cb39925b022c09270daebbaa64fa3c6e683fdc160310b0f19

Download Submit
memory/792-3612-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/792-45-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/792-8-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/1148-3618-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1148-22-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1480-104-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1480-1092-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1480-3635-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1852-59-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-3600-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-26-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-3616-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-669-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-86-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-95-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2260-907-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2260-3641-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2528-1216-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2528-1039-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2528-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2528-109-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2528-100-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2528-21-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-38-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2528-23-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2528-91-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2528-90-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2528-556-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2528-108-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-785-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2528-31-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2528-52-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2528-99-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-61-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-68-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-12-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-0-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3638-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2632-79-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2632-496-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2660-72-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-276-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-3596-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-56-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2728-94-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3584-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2760-35-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2760-71-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3617-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2836-85-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3605-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-49-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-64-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3615-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-103-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3591-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-41-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-78-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-3587-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2988-60-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2988-27-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download