cobaltstrike | 51c4acf3bf8f9433797a230414c835cb551aaf1e161356788ba6bfcf7baf988a

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 04:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

1eb6db67c2af5c7b43da5e7debaccaa0
SHA1

17459d3c453f221e80e3bdb72c3711acadd98cd7
SHA256

51c4acf3bf8f9433797a230414c835cb551aaf1e161356788ba6bfcf7baf988a
SHA512

6d78ee6b4f9c856e93937cf59ea5905048fd779d06698c53f3b3daaaa451a92839532a4b5fc4a5b2b81063dcffb286cd26d1bf26ffc1e374a93d5b61ed1017b1
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lU4:eOl56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x000a00000001202a-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019284-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000192a9-12.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019379-20.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193a4-40.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-58.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195e6-55.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193ac-50.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019261-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c56-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c54-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dcb-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fbc-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dd7-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d3d-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967f-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c58-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001970b-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963b-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c73-159.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000199b9-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962b-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196c0-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-112.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001939d-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2396-0-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/files/0x000a00000001202a-3.dat	xmrig
behavioral1/files/0x0008000000019284-11.dat	xmrig
behavioral1/files/0x00070000000192a9-12.dat	xmrig
behavioral1/files/0x0006000000019379-20.dat	xmrig
behavioral1/memory/2396-30-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/files/0x00060000000193a4-40.dat	xmrig
behavioral1/memory/2728-64-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/1736-65-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x000500000001961f-70.dat	xmrig
behavioral1/memory/2396-78-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2652-72-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/files/0x0005000000019622-81.dat	xmrig
behavioral1/memory/3068-80-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2396-79-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019621-76.dat	xmrig
behavioral1/memory/2816-61-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x000500000001961d-58.dat	xmrig
behavioral1/files/0x00060000000195e6-55.dat	xmrig
behavioral1/memory/2840-54-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x00060000000193ac-50.dat	xmrig
behavioral1/files/0x0008000000019261-88.dat	xmrig
behavioral1/files/0x0005000000019c56-149.dat	xmrig
behavioral1/files/0x0005000000019c54-137.dat	xmrig
behavioral1/files/0x0005000000019dcb-180.dat	xmrig
behavioral1/files/0x0005000000019fbc-190.dat	xmrig
behavioral1/memory/2396-1315-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2396-1210-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/files/0x0005000000019dd7-185.dat	xmrig
behavioral1/files/0x0005000000019d62-175.dat	xmrig
behavioral1/files/0x0005000000019d3d-170.dat	xmrig
behavioral1/files/0x000500000001967f-153.dat	xmrig
behavioral1/files/0x0005000000019c58-151.dat	xmrig
behavioral1/files/0x000500000001970b-131.dat	xmrig
behavioral1/files/0x000500000001963b-126.dat	xmrig
behavioral1/files/0x0005000000019c73-159.dat	xmrig
behavioral1/files/0x00050000000199b9-148.dat	xmrig
behavioral1/files/0x000500000001962b-146.dat	xmrig
behavioral1/files/0x0005000000019625-106.dat	xmrig
behavioral1/files/0x00050000000196c0-129.dat	xmrig
behavioral1/memory/2692-115-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019623-99.dat	xmrig
behavioral1/memory/1660-95-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019627-122.dat	xmrig
behavioral1/memory/2396-120-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/files/0x0005000000019629-112.dat	xmrig
behavioral1/memory/628-87-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/1856-86-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/1856-37-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x000600000001939d-34.dat	xmrig
behavioral1/memory/2088-29-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2496-28-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/1644-27-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2396-25-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/memory/2512-24-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/1736-4043-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/1660-4050-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/628-4049-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/1644-4048-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/1856-4047-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2088-4046-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2816-4045-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/3068-4044-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2692-4052-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

sRWgYvN.exeraHDkbY.exeKNddErM.exeRLrlSih.exeXsEnTID.exeOYLAvcF.exepcCZpxq.exePxckxPu.exeEEJPryy.exenbskzzl.exeEBxqkmj.exeyEiYegK.exepcIJcaW.exeNbWwsKs.exeNSxpmtI.exefVLdpMB.exeylkQutt.exeqvnEkBL.exeyvzfewX.exeHbQPsUl.exeaCGNEWm.exeGfvXbjE.exeRDkEVJQ.exeqzhpVUf.exePIQJlkS.exeIkPrFlY.exeaZrqaXM.exevTmlYbH.exeNvXqneN.exeVBNJpBl.exezquENJo.exeuOArUuw.exejOtuYbQ.exeKzFjFKF.exenLvscGA.exeJfsOppF.exedeEtokm.exeocssvdp.exeQACPVwz.exezDFPzev.exeuaIvGtK.exerJYUeMh.exeUQNoEkc.exefysOUnU.exeSsBXzgA.exePKazheT.exeQBrLBJk.exegqoOFHt.exeqbKBpSw.exeIzbDgvZ.exeHvCOkyH.exeRVTIFnB.exeEBQAOsf.exewsEcrPH.exeBxJkWYL.exeUVSbzDM.exeAMioJIR.exeqawSMSN.exeGjYLQWW.exeOnzNoTf.exevFdzdjQ.exeWpjzMhE.exedeahowF.exeoVDouXv.exe

pid	Process
2088	sRWgYvN.exe
2512	raHDkbY.exe
1644	KNddErM.exe
2496	RLrlSih.exe
1856	XsEnTID.exe
2840	OYLAvcF.exe
2816	pcCZpxq.exe
2728	PxckxPu.exe
1736	EEJPryy.exe
2652	nbskzzl.exe
3068	EBxqkmj.exe
628	yEiYegK.exe
1660	pcIJcaW.exe
2692	NbWwsKs.exe
2440	NSxpmtI.exe
2592	fVLdpMB.exe
1956	ylkQutt.exe
1764	qvnEkBL.exe
1696	yvzfewX.exe
572	HbQPsUl.exe
1488	aCGNEWm.exe
2160	GfvXbjE.exe
1116	RDkEVJQ.exe
2076	qzhpVUf.exe
2128	PIQJlkS.exe
1952	IkPrFlY.exe
2052	aZrqaXM.exe
2164	vTmlYbH.exe
1864	NvXqneN.exe
844	VBNJpBl.exe
2984	zquENJo.exe
1988	uOArUuw.exe
2780	jOtuYbQ.exe
2188	KzFjFKF.exe
2112	nLvscGA.exe
1240	JfsOppF.exe
1976	deEtokm.exe
1908	ocssvdp.exe
1476	QACPVwz.exe
2120	zDFPzev.exe
2480	uaIvGtK.exe
272	rJYUeMh.exe
1676	UQNoEkc.exe
2932	fysOUnU.exe
1940	SsBXzgA.exe
1924	PKazheT.exe
2300	QBrLBJk.exe
1500	gqoOFHt.exe
1620	qbKBpSw.exe
2832	IzbDgvZ.exe
2808	HvCOkyH.exe
688	RVTIFnB.exe
2116	EBQAOsf.exe
2380	wsEcrPH.exe
2236	BxJkWYL.exe
2264	UVSbzDM.exe
1600	AMioJIR.exe
2132	qawSMSN.exe
2508	GjYLQWW.exe
1532	OnzNoTf.exe
2400	vFdzdjQ.exe
2612	WpjzMhE.exe
2792	deahowF.exe
772	oVDouXv.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2396-0-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/files/0x000a00000001202a-3.dat	upx
behavioral1/files/0x0008000000019284-11.dat	upx
behavioral1/files/0x00070000000192a9-12.dat	upx
behavioral1/files/0x0006000000019379-20.dat	upx
behavioral1/files/0x00060000000193a4-40.dat	upx
behavioral1/memory/2728-64-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/1736-65-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x000500000001961f-70.dat	upx
behavioral1/memory/2396-78-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2652-72-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/files/0x0005000000019622-81.dat	upx
behavioral1/memory/3068-80-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x0005000000019621-76.dat	upx
behavioral1/memory/2816-61-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x000500000001961d-58.dat	upx
behavioral1/files/0x00060000000195e6-55.dat	upx
behavioral1/memory/2840-54-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x00060000000193ac-50.dat	upx
behavioral1/files/0x0008000000019261-88.dat	upx
behavioral1/files/0x0005000000019c56-149.dat	upx
behavioral1/files/0x0005000000019c54-137.dat	upx
behavioral1/files/0x0005000000019dcb-180.dat	upx
behavioral1/files/0x0005000000019fbc-190.dat	upx
behavioral1/files/0x0005000000019dd7-185.dat	upx
behavioral1/files/0x0005000000019d62-175.dat	upx
behavioral1/files/0x0005000000019d3d-170.dat	upx
behavioral1/files/0x000500000001967f-153.dat	upx
behavioral1/files/0x0005000000019c58-151.dat	upx
behavioral1/files/0x000500000001970b-131.dat	upx
behavioral1/files/0x000500000001963b-126.dat	upx
behavioral1/files/0x0005000000019c73-159.dat	upx
behavioral1/files/0x00050000000199b9-148.dat	upx
behavioral1/files/0x000500000001962b-146.dat	upx
behavioral1/files/0x0005000000019625-106.dat	upx
behavioral1/files/0x00050000000196c0-129.dat	upx
behavioral1/memory/2692-115-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x0005000000019623-99.dat	upx
behavioral1/memory/1660-95-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x0005000000019627-122.dat	upx
behavioral1/files/0x0005000000019629-112.dat	upx
behavioral1/memory/628-87-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/1856-86-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/1856-37-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x000600000001939d-34.dat	upx
behavioral1/memory/2088-29-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2496-28-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/1644-27-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2512-24-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/1736-4043-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/1660-4050-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/628-4049-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/1644-4048-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/1856-4047-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2088-4046-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2816-4045-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/3068-4044-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2692-4052-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2728-4051-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2512-4056-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2496-4055-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2652-4054-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2840-4053-0x000000013FE20000-0x0000000140174000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\ylkQutt.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VkMUPKx.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eiYLWur.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VQLcVYI.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BCvaOlA.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSuvktA.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vRpcioH.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBjZTiB.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JpGBgiU.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YVuZeNJ.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zOsWylb.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VPvYsiD.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNVKlvK.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybrzdbB.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IkPrFlY.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EmriHzD.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WqaYjKP.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eSiVdNh.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hgflEBW.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gmLONtE.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ooRUPtw.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ArGzOCH.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pipJLmJ.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QPNDzqn.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lHPkklI.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qYaCsdU.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEgPlLJ.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\stSuOxq.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pgFmnye.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jyeIKOp.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVpuBob.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OwWQqfO.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SHBUTfE.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oVtyLgt.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GtwDeDb.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOPnSOd.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PIQJlkS.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DIuzLbB.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PCRrbji.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pvXFfNC.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uAYHvzn.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gIBlQjz.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RGYbQIB.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MjxFQnS.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AVGdDDr.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RkCgzMt.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ejcDsUs.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pfwHIcz.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AlbmjOO.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGzDiMU.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CXrVfSN.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NpCiarL.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\taZjpDE.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jnejamO.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RRDBHMt.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zEAXsmZ.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VBNJpBl.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdULPPo.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\azPOwlA.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZPbUapP.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZpuuKZN.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XFiGugi.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eDDwtXX.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LKfJZnd.exe	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 2396 wrote to memory of 2088	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2396 wrote to memory of 2088	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2396 wrote to memory of 2088	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2396 wrote to memory of 2512	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2396 wrote to memory of 2512	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2396 wrote to memory of 2512	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2396 wrote to memory of 1644	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2396 wrote to memory of 1644	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2396 wrote to memory of 1644	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2396 wrote to memory of 2496	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2396 wrote to memory of 2496	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2396 wrote to memory of 2496	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2396 wrote to memory of 1856	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2396 wrote to memory of 1856	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2396 wrote to memory of 1856	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2396 wrote to memory of 2840	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2396 wrote to memory of 2840	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2396 wrote to memory of 2840	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2396 wrote to memory of 2816	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2396 wrote to memory of 2816	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2396 wrote to memory of 2816	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2396 wrote to memory of 2728	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2396 wrote to memory of 2728	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2396 wrote to memory of 2728	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2396 wrote to memory of 1736	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2396 wrote to memory of 1736	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2396 wrote to memory of 1736	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2396 wrote to memory of 2652	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2396 wrote to memory of 2652	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2396 wrote to memory of 2652	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2396 wrote to memory of 3068	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2396 wrote to memory of 3068	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2396 wrote to memory of 3068	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2396 wrote to memory of 628	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2396 wrote to memory of 628	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2396 wrote to memory of 628	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2396 wrote to memory of 1660	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2396 wrote to memory of 1660	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2396 wrote to memory of 1660	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2396 wrote to memory of 2692	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2396 wrote to memory of 2692	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2396 wrote to memory of 2692	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2396 wrote to memory of 2440	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2396 wrote to memory of 2440	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2396 wrote to memory of 2440	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2396 wrote to memory of 1956	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2396 wrote to memory of 1956	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2396 wrote to memory of 1956	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2396 wrote to memory of 2592	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2396 wrote to memory of 2592	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2396 wrote to memory of 2592	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2396 wrote to memory of 572	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2396 wrote to memory of 572	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2396 wrote to memory of 572	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2396 wrote to memory of 1764	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2396 wrote to memory of 1764	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2396 wrote to memory of 1764	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2396 wrote to memory of 1116	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2396 wrote to memory of 1116	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2396 wrote to memory of 1116	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2396 wrote to memory of 1696	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2396 wrote to memory of 1696	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2396 wrote to memory of 1696	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2396 wrote to memory of 2128	2396	2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-25_1eb6db67c2af5c7b43da5e7debaccaa0_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Windows\System\sRWgYvN.exe
  C:\Windows\System\sRWgYvN.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\raHDkbY.exe
  C:\Windows\System\raHDkbY.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\KNddErM.exe
  C:\Windows\System\KNddErM.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\RLrlSih.exe
  C:\Windows\System\RLrlSih.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\XsEnTID.exe
  C:\Windows\System\XsEnTID.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\OYLAvcF.exe
  C:\Windows\System\OYLAvcF.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\pcCZpxq.exe
  C:\Windows\System\pcCZpxq.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\PxckxPu.exe
  C:\Windows\System\PxckxPu.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\EEJPryy.exe
  C:\Windows\System\EEJPryy.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\nbskzzl.exe
  C:\Windows\System\nbskzzl.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\EBxqkmj.exe
  C:\Windows\System\EBxqkmj.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\yEiYegK.exe
  C:\Windows\System\yEiYegK.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\pcIJcaW.exe
  C:\Windows\System\pcIJcaW.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\NbWwsKs.exe
  C:\Windows\System\NbWwsKs.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\NSxpmtI.exe
  C:\Windows\System\NSxpmtI.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\ylkQutt.exe
  C:\Windows\System\ylkQutt.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\fVLdpMB.exe
  C:\Windows\System\fVLdpMB.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\HbQPsUl.exe
  C:\Windows\System\HbQPsUl.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\qvnEkBL.exe
  C:\Windows\System\qvnEkBL.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\RDkEVJQ.exe
  C:\Windows\System\RDkEVJQ.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\yvzfewX.exe
  C:\Windows\System\yvzfewX.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\PIQJlkS.exe
  C:\Windows\System\PIQJlkS.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\aCGNEWm.exe
  C:\Windows\System\aCGNEWm.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\IkPrFlY.exe
  C:\Windows\System\IkPrFlY.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\GfvXbjE.exe
  C:\Windows\System\GfvXbjE.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\aZrqaXM.exe
  C:\Windows\System\aZrqaXM.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\qzhpVUf.exe
  C:\Windows\System\qzhpVUf.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\vTmlYbH.exe
  C:\Windows\System\vTmlYbH.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\NvXqneN.exe
  C:\Windows\System\NvXqneN.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\VBNJpBl.exe
  C:\Windows\System\VBNJpBl.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\zquENJo.exe
  C:\Windows\System\zquENJo.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\uOArUuw.exe
  C:\Windows\System\uOArUuw.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\jOtuYbQ.exe
  C:\Windows\System\jOtuYbQ.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\KzFjFKF.exe
  C:\Windows\System\KzFjFKF.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\nLvscGA.exe
  C:\Windows\System\nLvscGA.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\JfsOppF.exe
  C:\Windows\System\JfsOppF.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\deEtokm.exe
  C:\Windows\System\deEtokm.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\ocssvdp.exe
  C:\Windows\System\ocssvdp.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\QACPVwz.exe
  C:\Windows\System\QACPVwz.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\rJYUeMh.exe
  C:\Windows\System\rJYUeMh.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\zDFPzev.exe
  C:\Windows\System\zDFPzev.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\RVTIFnB.exe
  C:\Windows\System\RVTIFnB.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\uaIvGtK.exe
  C:\Windows\System\uaIvGtK.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\wsEcrPH.exe
  C:\Windows\System\wsEcrPH.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\UQNoEkc.exe
  C:\Windows\System\UQNoEkc.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\BxJkWYL.exe
  C:\Windows\System\BxJkWYL.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\fysOUnU.exe
  C:\Windows\System\fysOUnU.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\UVSbzDM.exe
  C:\Windows\System\UVSbzDM.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\SsBXzgA.exe
  C:\Windows\System\SsBXzgA.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\AMioJIR.exe
  C:\Windows\System\AMioJIR.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\PKazheT.exe
  C:\Windows\System\PKazheT.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\qawSMSN.exe
  C:\Windows\System\qawSMSN.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\QBrLBJk.exe
  C:\Windows\System\QBrLBJk.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\GjYLQWW.exe
  C:\Windows\System\GjYLQWW.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\gqoOFHt.exe
  C:\Windows\System\gqoOFHt.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\OnzNoTf.exe
  C:\Windows\System\OnzNoTf.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\qbKBpSw.exe
  C:\Windows\System\qbKBpSw.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\vFdzdjQ.exe
  C:\Windows\System\vFdzdjQ.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\IzbDgvZ.exe
  C:\Windows\System\IzbDgvZ.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\WpjzMhE.exe
  C:\Windows\System\WpjzMhE.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\HvCOkyH.exe
  C:\Windows\System\HvCOkyH.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\deahowF.exe
  C:\Windows\System\deahowF.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\EBQAOsf.exe
  C:\Windows\System\EBQAOsf.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\wzrLAqs.exe
  C:\Windows\System\wzrLAqs.exe
  2⤵
  PID:2000
- C:\Windows\System\oVDouXv.exe
  C:\Windows\System\oVDouXv.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\iVOwEpG.exe
  C:\Windows\System\iVOwEpG.exe
  2⤵
  PID:2948
- C:\Windows\System\KaxJCMk.exe
  C:\Windows\System\KaxJCMk.exe
  2⤵
  PID:3040
- C:\Windows\System\uljXXCq.exe
  C:\Windows\System\uljXXCq.exe
  2⤵
  PID:2172
- C:\Windows\System\rtaIrqE.exe
  C:\Windows\System\rtaIrqE.exe
  2⤵
  PID:2700
- C:\Windows\System\BnUqycF.exe
  C:\Windows\System\BnUqycF.exe
  2⤵
  PID:1680
- C:\Windows\System\AFgjjEj.exe
  C:\Windows\System\AFgjjEj.exe
  2⤵
  PID:1208
- C:\Windows\System\KEOvAox.exe
  C:\Windows\System\KEOvAox.exe
  2⤵
  PID:1464
- C:\Windows\System\OTpztVk.exe
  C:\Windows\System\OTpztVk.exe
  2⤵
  PID:1216
- C:\Windows\System\jSLjJlK.exe
  C:\Windows\System\jSLjJlK.exe
  2⤵
  PID:2564
- C:\Windows\System\hUlxtrX.exe
  C:\Windows\System\hUlxtrX.exe
  2⤵
  PID:2216
- C:\Windows\System\OnPWVjD.exe
  C:\Windows\System\OnPWVjD.exe
  2⤵
  PID:1892
- C:\Windows\System\qeRovKn.exe
  C:\Windows\System\qeRovKn.exe
  2⤵
  PID:1916
- C:\Windows\System\gPIxfce.exe
  C:\Windows\System\gPIxfce.exe
  2⤵
  PID:2144
- C:\Windows\System\cXwUONi.exe
  C:\Windows\System\cXwUONi.exe
  2⤵
  PID:2976
- C:\Windows\System\xsQogvn.exe
  C:\Windows\System\xsQogvn.exe
  2⤵
  PID:2012
- C:\Windows\System\ZxFaWvE.exe
  C:\Windows\System\ZxFaWvE.exe
  2⤵
  PID:796
- C:\Windows\System\NhYKrjw.exe
  C:\Windows\System\NhYKrjw.exe
  2⤵
  PID:2084
- C:\Windows\System\zVqWnpG.exe
  C:\Windows\System\zVqWnpG.exe
  2⤵
  PID:2524
- C:\Windows\System\WbqVHik.exe
  C:\Windows\System\WbqVHik.exe
  2⤵
  PID:2748
- C:\Windows\System\wVwOQSt.exe
  C:\Windows\System\wVwOQSt.exe
  2⤵
  PID:2636
- C:\Windows\System\hrJnTvb.exe
  C:\Windows\System\hrJnTvb.exe
  2⤵
  PID:564
- C:\Windows\System\YNpIGJQ.exe
  C:\Windows\System\YNpIGJQ.exe
  2⤵
  PID:668
- C:\Windows\System\qZpBtuR.exe
  C:\Windows\System\qZpBtuR.exe
  2⤵
  PID:2672
- C:\Windows\System\AegNVZD.exe
  C:\Windows\System\AegNVZD.exe
  2⤵
  PID:3056
- C:\Windows\System\RfrZJKL.exe
  C:\Windows\System\RfrZJKL.exe
  2⤵
  PID:448
- C:\Windows\System\YqaUHDh.exe
  C:\Windows\System\YqaUHDh.exe
  2⤵
  PID:3084
- C:\Windows\System\PLwhjha.exe
  C:\Windows\System\PLwhjha.exe
  2⤵
  PID:3104
- C:\Windows\System\hXgryQD.exe
  C:\Windows\System\hXgryQD.exe
  2⤵
  PID:3128
- C:\Windows\System\dNQnMzU.exe
  C:\Windows\System\dNQnMzU.exe
  2⤵
  PID:3144
- C:\Windows\System\YXIAEEG.exe
  C:\Windows\System\YXIAEEG.exe
  2⤵
  PID:3160
- C:\Windows\System\vDYApdG.exe
  C:\Windows\System\vDYApdG.exe
  2⤵
  PID:3180
- C:\Windows\System\uUkZKiu.exe
  C:\Windows\System\uUkZKiu.exe
  2⤵
  PID:3280
- C:\Windows\System\dhHbaHe.exe
  C:\Windows\System\dhHbaHe.exe
  2⤵
  PID:3304
- C:\Windows\System\TLmsuHH.exe
  C:\Windows\System\TLmsuHH.exe
  2⤵
  PID:3324
- C:\Windows\System\hqOwzlx.exe
  C:\Windows\System\hqOwzlx.exe
  2⤵
  PID:3344
- C:\Windows\System\DIuzLbB.exe
  C:\Windows\System\DIuzLbB.exe
  2⤵
  PID:3364
- C:\Windows\System\TdPQTdY.exe
  C:\Windows\System\TdPQTdY.exe
  2⤵
  PID:3384
- C:\Windows\System\QpIpxsV.exe
  C:\Windows\System\QpIpxsV.exe
  2⤵
  PID:3404
- C:\Windows\System\SXZvblc.exe
  C:\Windows\System\SXZvblc.exe
  2⤵
  PID:3424
- C:\Windows\System\PCRrbji.exe
  C:\Windows\System\PCRrbji.exe
  2⤵
  PID:3444
- C:\Windows\System\bFvRmvQ.exe
  C:\Windows\System\bFvRmvQ.exe
  2⤵
  PID:3464
- C:\Windows\System\SvVbyMs.exe
  C:\Windows\System\SvVbyMs.exe
  2⤵
  PID:3480
- C:\Windows\System\FHcbIDC.exe
  C:\Windows\System\FHcbIDC.exe
  2⤵
  PID:3504
- C:\Windows\System\hlkaMtJ.exe
  C:\Windows\System\hlkaMtJ.exe
  2⤵
  PID:3524
- C:\Windows\System\qRfuXzS.exe
  C:\Windows\System\qRfuXzS.exe
  2⤵
  PID:3544
- C:\Windows\System\YdxwAqR.exe
  C:\Windows\System\YdxwAqR.exe
  2⤵
  PID:3564
- C:\Windows\System\NeyZEEX.exe
  C:\Windows\System\NeyZEEX.exe
  2⤵
  PID:3584
- C:\Windows\System\EbxyEhC.exe
  C:\Windows\System\EbxyEhC.exe
  2⤵
  PID:3600
- C:\Windows\System\KZRjyjE.exe
  C:\Windows\System\KZRjyjE.exe
  2⤵
  PID:3624
- C:\Windows\System\MffklWy.exe
  C:\Windows\System\MffklWy.exe
  2⤵
  PID:3644
- C:\Windows\System\zAISjiD.exe
  C:\Windows\System\zAISjiD.exe
  2⤵
  PID:3664
- C:\Windows\System\kwhTrQX.exe
  C:\Windows\System\kwhTrQX.exe
  2⤵
  PID:3684
- C:\Windows\System\TMeMXsF.exe
  C:\Windows\System\TMeMXsF.exe
  2⤵
  PID:3704
- C:\Windows\System\DEPBtCc.exe
  C:\Windows\System\DEPBtCc.exe
  2⤵
  PID:3724
- C:\Windows\System\hMHygdz.exe
  C:\Windows\System\hMHygdz.exe
  2⤵
  PID:3744
- C:\Windows\System\eGLXCpk.exe
  C:\Windows\System\eGLXCpk.exe
  2⤵
  PID:3760
- C:\Windows\System\RkCgzMt.exe
  C:\Windows\System\RkCgzMt.exe
  2⤵
  PID:3784
- C:\Windows\System\AvKzJza.exe
  C:\Windows\System\AvKzJza.exe
  2⤵
  PID:3804
- C:\Windows\System\DOEfFgY.exe
  C:\Windows\System\DOEfFgY.exe
  2⤵
  PID:3824
- C:\Windows\System\bzuvQLB.exe
  C:\Windows\System\bzuvQLB.exe
  2⤵
  PID:3840
- C:\Windows\System\Sbccdzp.exe
  C:\Windows\System\Sbccdzp.exe
  2⤵
  PID:3860
- C:\Windows\System\loAXxRN.exe
  C:\Windows\System\loAXxRN.exe
  2⤵
  PID:3880
- C:\Windows\System\PMDyjfL.exe
  C:\Windows\System\PMDyjfL.exe
  2⤵
  PID:3904
- C:\Windows\System\GiAashk.exe
  C:\Windows\System\GiAashk.exe
  2⤵
  PID:3924
- C:\Windows\System\JTPcOSf.exe
  C:\Windows\System\JTPcOSf.exe
  2⤵
  PID:3944
- C:\Windows\System\bNKlZdb.exe
  C:\Windows\System\bNKlZdb.exe
  2⤵
  PID:3960
- C:\Windows\System\hPvjRNM.exe
  C:\Windows\System\hPvjRNM.exe
  2⤵
  PID:3980
- C:\Windows\System\YbQoBoV.exe
  C:\Windows\System\YbQoBoV.exe
  2⤵
  PID:4000
- C:\Windows\System\SeYxLXC.exe
  C:\Windows\System\SeYxLXC.exe
  2⤵
  PID:4024
- C:\Windows\System\BPmqNRC.exe
  C:\Windows\System\BPmqNRC.exe
  2⤵
  PID:4044
- C:\Windows\System\exBqLko.exe
  C:\Windows\System\exBqLko.exe
  2⤵
  PID:4064
- C:\Windows\System\ylpgIuL.exe
  C:\Windows\System\ylpgIuL.exe
  2⤵
  PID:4084
- C:\Windows\System\aGnuGmT.exe
  C:\Windows\System\aGnuGmT.exe
  2⤵
  PID:1304
- C:\Windows\System\YmzLBcj.exe
  C:\Windows\System\YmzLBcj.exe
  2⤵
  PID:1780
- C:\Windows\System\BCbqEUO.exe
  C:\Windows\System\BCbqEUO.exe
  2⤵
  PID:2392
- C:\Windows\System\faPuQXM.exe
  C:\Windows\System\faPuQXM.exe
  2⤵
  PID:3060
- C:\Windows\System\LKmTjZq.exe
  C:\Windows\System\LKmTjZq.exe
  2⤵
  PID:2072
- C:\Windows\System\xMrhbLR.exe
  C:\Windows\System\xMrhbLR.exe
  2⤵
  PID:2356
- C:\Windows\System\khFDsml.exe
  C:\Windows\System\khFDsml.exe
  2⤵
  PID:996
- C:\Windows\System\PCaEXPJ.exe
  C:\Windows\System\PCaEXPJ.exe
  2⤵
  PID:3176
- C:\Windows\System\kZKRFlO.exe
  C:\Windows\System\kZKRFlO.exe
  2⤵
  PID:2892
- C:\Windows\System\tkeCINs.exe
  C:\Windows\System\tkeCINs.exe
  2⤵
  PID:2476
- C:\Windows\System\WfjEeZZ.exe
  C:\Windows\System\WfjEeZZ.exe
  2⤵
  PID:2384
- C:\Windows\System\PhmYdEi.exe
  C:\Windows\System\PhmYdEi.exe
  2⤵
  PID:2148
- C:\Windows\System\tWZWzwV.exe
  C:\Windows\System\tWZWzwV.exe
  2⤵
  PID:2504
- C:\Windows\System\hLMXYaJ.exe
  C:\Windows\System\hLMXYaJ.exe
  2⤵
  PID:2852
- C:\Windows\System\Bopmmgs.exe
  C:\Windows\System\Bopmmgs.exe
  2⤵
  PID:2168
- C:\Windows\System\cdYwkej.exe
  C:\Windows\System\cdYwkej.exe
  2⤵
  PID:1772
- C:\Windows\System\VzIsySO.exe
  C:\Windows\System\VzIsySO.exe
  2⤵
  PID:2208
- C:\Windows\System\TDeynZH.exe
  C:\Windows\System\TDeynZH.exe
  2⤵
  PID:1612
- C:\Windows\System\xEhKjey.exe
  C:\Windows\System\xEhKjey.exe
  2⤵
  PID:1120
- C:\Windows\System\qGeLTJZ.exe
  C:\Windows\System\qGeLTJZ.exe
  2⤵
  PID:1236
- C:\Windows\System\jCXeoUx.exe
  C:\Windows\System\jCXeoUx.exe
  2⤵
  PID:3112
- C:\Windows\System\sELNYFy.exe
  C:\Windows\System\sELNYFy.exe
  2⤵
  PID:3156
- C:\Windows\System\QeQFfjX.exe
  C:\Windows\System\QeQFfjX.exe
  2⤵
  PID:3200
- C:\Windows\System\ULPRwbN.exe
  C:\Windows\System\ULPRwbN.exe
  2⤵
  PID:3224
- C:\Windows\System\cqPqdpU.exe
  C:\Windows\System\cqPqdpU.exe
  2⤵
  PID:3240
- C:\Windows\System\YZCHTge.exe
  C:\Windows\System\YZCHTge.exe
  2⤵
  PID:3260
- C:\Windows\System\fezOtCe.exe
  C:\Windows\System\fezOtCe.exe
  2⤵
  PID:3288
- C:\Windows\System\eXxtczk.exe
  C:\Windows\System\eXxtczk.exe
  2⤵
  PID:3312
- C:\Windows\System\HygiQGo.exe
  C:\Windows\System\HygiQGo.exe
  2⤵
  PID:3316
- C:\Windows\System\WDSMWqB.exe
  C:\Windows\System\WDSMWqB.exe
  2⤵
  PID:3356
- C:\Windows\System\qrqVDae.exe
  C:\Windows\System\qrqVDae.exe
  2⤵
  PID:3416
- C:\Windows\System\hoAJctK.exe
  C:\Windows\System\hoAJctK.exe
  2⤵
  PID:3396
- C:\Windows\System\NGsaGPX.exe
  C:\Windows\System\NGsaGPX.exe
  2⤵
  PID:3496
- C:\Windows\System\HhUzxHe.exe
  C:\Windows\System\HhUzxHe.exe
  2⤵
  PID:3536
- C:\Windows\System\NaEnmll.exe
  C:\Windows\System\NaEnmll.exe
  2⤵
  PID:3520
- C:\Windows\System\vwdbTRC.exe
  C:\Windows\System\vwdbTRC.exe
  2⤵
  PID:3560
- C:\Windows\System\SUIwlhy.exe
  C:\Windows\System\SUIwlhy.exe
  2⤵
  PID:3612
- C:\Windows\System\dtRXdcz.exe
  C:\Windows\System\dtRXdcz.exe
  2⤵
  PID:3592
- C:\Windows\System\vQoRUdn.exe
  C:\Windows\System\vQoRUdn.exe
  2⤵
  PID:3636
- C:\Windows\System\RVvDqdO.exe
  C:\Windows\System\RVvDqdO.exe
  2⤵
  PID:3680
- C:\Windows\System\JkZeJxe.exe
  C:\Windows\System\JkZeJxe.exe
  2⤵
  PID:3712
- C:\Windows\System\CxCEkWw.exe
  C:\Windows\System\CxCEkWw.exe
  2⤵
  PID:3772
- C:\Windows\System\KmkreMr.exe
  C:\Windows\System\KmkreMr.exe
  2⤵
  PID:3756
- C:\Windows\System\dNALXgK.exe
  C:\Windows\System\dNALXgK.exe
  2⤵
  PID:3816
- C:\Windows\System\epsybAi.exe
  C:\Windows\System\epsybAi.exe
  2⤵
  PID:3832
- C:\Windows\System\NnOSSMp.exe
  C:\Windows\System\NnOSSMp.exe
  2⤵
  PID:3892
- C:\Windows\System\QyZfffq.exe
  C:\Windows\System\QyZfffq.exe
  2⤵
  PID:3912
- C:\Windows\System\zqDuvPd.exe
  C:\Windows\System\zqDuvPd.exe
  2⤵
  PID:3976
- C:\Windows\System\fNxZzGN.exe
  C:\Windows\System\fNxZzGN.exe
  2⤵
  PID:3952
- C:\Windows\System\ZhqvVYR.exe
  C:\Windows\System\ZhqvVYR.exe
  2⤵
  PID:4056
- C:\Windows\System\rGNsrGt.exe
  C:\Windows\System\rGNsrGt.exe
  2⤵
  PID:4092
- C:\Windows\System\UYsvulb.exe
  C:\Windows\System\UYsvulb.exe
  2⤵
  PID:3092
- C:\Windows\System\lYrXbgX.exe
  C:\Windows\System\lYrXbgX.exe
  2⤵
  PID:4032
- C:\Windows\System\EvVKpxU.exe
  C:\Windows\System\EvVKpxU.exe
  2⤵
  PID:2420
- C:\Windows\System\LEVZpDO.exe
  C:\Windows\System\LEVZpDO.exe
  2⤵
  PID:876
- C:\Windows\System\oGVknSC.exe
  C:\Windows\System\oGVknSC.exe
  2⤵
  PID:2500
- C:\Windows\System\FWCTTjw.exe
  C:\Windows\System\FWCTTjw.exe
  2⤵
  PID:1352
- C:\Windows\System\ASGzEPK.exe
  C:\Windows\System\ASGzEPK.exe
  2⤵
  PID:992
- C:\Windows\System\TZKIjtg.exe
  C:\Windows\System\TZKIjtg.exe
  2⤵
  PID:3136
- C:\Windows\System\BwhXOWq.exe
  C:\Windows\System\BwhXOWq.exe
  2⤵
  PID:3236
- C:\Windows\System\ilIaEcu.exe
  C:\Windows\System\ilIaEcu.exe
  2⤵
  PID:2828
- C:\Windows\System\YFPNcQS.exe
  C:\Windows\System\YFPNcQS.exe
  2⤵
  PID:3412
- C:\Windows\System\GIFLodL.exe
  C:\Windows\System\GIFLodL.exe
  2⤵
  PID:3488
- C:\Windows\System\mbwXzqA.exe
  C:\Windows\System\mbwXzqA.exe
  2⤵
  PID:1944
- C:\Windows\System\zFNUpoD.exe
  C:\Windows\System\zFNUpoD.exe
  2⤵
  PID:3608
- C:\Windows\System\TRXIThT.exe
  C:\Windows\System\TRXIThT.exe
  2⤵
  PID:592
- C:\Windows\System\aJHCkrH.exe
  C:\Windows\System\aJHCkrH.exe
  2⤵
  PID:1432
- C:\Windows\System\pQLucnI.exe
  C:\Windows\System\pQLucnI.exe
  2⤵
  PID:3852
- C:\Windows\System\ITvmLYz.exe
  C:\Windows\System\ITvmLYz.exe
  2⤵
  PID:2152
- C:\Windows\System\kCRDkoD.exe
  C:\Windows\System\kCRDkoD.exe
  2⤵
  PID:4012
- C:\Windows\System\YFMCDxG.exe
  C:\Windows\System\YFMCDxG.exe
  2⤵
  PID:3920
- C:\Windows\System\XWynNiX.exe
  C:\Windows\System\XWynNiX.exe
  2⤵
  PID:3216
- C:\Windows\System\XDhKVzY.exe
  C:\Windows\System\XDhKVzY.exe
  2⤵
  PID:3992
- C:\Windows\System\rKnNgpi.exe
  C:\Windows\System\rKnNgpi.exe
  2⤵
  PID:3296
- C:\Windows\System\JntPSOn.exe
  C:\Windows\System\JntPSOn.exe
  2⤵
  PID:2412
- C:\Windows\System\eHqRdan.exe
  C:\Windows\System\eHqRdan.exe
  2⤵
  PID:1628
- C:\Windows\System\kdULPPo.exe
  C:\Windows\System\kdULPPo.exe
  2⤵
  PID:3400
- C:\Windows\System\suPpwBu.exe
  C:\Windows\System\suPpwBu.exe
  2⤵
  PID:3552
- C:\Windows\System\AuOCXCY.exe
  C:\Windows\System\AuOCXCY.exe
  2⤵
  PID:1720
- C:\Windows\System\zRtvnxV.exe
  C:\Windows\System\zRtvnxV.exe
  2⤵
  PID:3700
- C:\Windows\System\axbOSpc.exe
  C:\Windows\System\axbOSpc.exe
  2⤵
  PID:3716
- C:\Windows\System\WGzDiMU.exe
  C:\Windows\System\WGzDiMU.exe
  2⤵
  PID:3792
- C:\Windows\System\mEFDPgk.exe
  C:\Windows\System\mEFDPgk.exe
  2⤵
  PID:3076
- C:\Windows\System\DuTvyzv.exe
  C:\Windows\System\DuTvyzv.exe
  2⤵
  PID:3900
- C:\Windows\System\AvRnEig.exe
  C:\Windows\System\AvRnEig.exe
  2⤵
  PID:3972
- C:\Windows\System\OdlzZYs.exe
  C:\Windows\System\OdlzZYs.exe
  2⤵
  PID:1356
- C:\Windows\System\CXDVdKY.exe
  C:\Windows\System\CXDVdKY.exe
  2⤵
  PID:2772
- C:\Windows\System\NNmuTqe.exe
  C:\Windows\System\NNmuTqe.exe
  2⤵
  PID:2784
- C:\Windows\System\VAxlPqx.exe
  C:\Windows\System\VAxlPqx.exe
  2⤵
  PID:4080
- C:\Windows\System\mBsNTNp.exe
  C:\Windows\System\mBsNTNp.exe
  2⤵
  PID:320
- C:\Windows\System\wuhOIiO.exe
  C:\Windows\System\wuhOIiO.exe
  2⤵
  PID:3248
- C:\Windows\System\GdLupzv.exe
  C:\Windows\System\GdLupzv.exe
  2⤵
  PID:3360
- C:\Windows\System\bHONlWW.exe
  C:\Windows\System\bHONlWW.exe
  2⤵
  PID:3196
- C:\Windows\System\rQnxYLO.exe
  C:\Windows\System\rQnxYLO.exe
  2⤵
  PID:3616
- C:\Windows\System\WBuKtDp.exe
  C:\Windows\System\WBuKtDp.exe
  2⤵
  PID:2096
- C:\Windows\System\tqgYdlv.exe
  C:\Windows\System\tqgYdlv.exe
  2⤵
  PID:3656
- C:\Windows\System\HaeqMuh.exe
  C:\Windows\System\HaeqMuh.exe
  2⤵
  PID:3820
- C:\Windows\System\QyweHaf.exe
  C:\Windows\System\QyweHaf.exe
  2⤵
  PID:2576
- C:\Windows\System\sOzoUxX.exe
  C:\Windows\System\sOzoUxX.exe
  2⤵
  PID:2648
- C:\Windows\System\qdEkcaX.exe
  C:\Windows\System\qdEkcaX.exe
  2⤵
  PID:4020
- C:\Windows\System\hxWEIhJ.exe
  C:\Windows\System\hxWEIhJ.exe
  2⤵
  PID:4108
- C:\Windows\System\cgVjrnP.exe
  C:\Windows\System\cgVjrnP.exe
  2⤵
  PID:4128
- C:\Windows\System\RgwRKKW.exe
  C:\Windows\System\RgwRKKW.exe
  2⤵
  PID:4148
- C:\Windows\System\QEGkErz.exe
  C:\Windows\System\QEGkErz.exe
  2⤵
  PID:4168
- C:\Windows\System\xaTzqsY.exe
  C:\Windows\System\xaTzqsY.exe
  2⤵
  PID:4184
- C:\Windows\System\ViCrJax.exe
  C:\Windows\System\ViCrJax.exe
  2⤵
  PID:4204
- C:\Windows\System\UIHlWUh.exe
  C:\Windows\System\UIHlWUh.exe
  2⤵
  PID:4244
- C:\Windows\System\DkYdiAM.exe
  C:\Windows\System\DkYdiAM.exe
  2⤵
  PID:4272
- C:\Windows\System\UmGFjOw.exe
  C:\Windows\System\UmGFjOw.exe
  2⤵
  PID:4292
- C:\Windows\System\OFgoQgU.exe
  C:\Windows\System\OFgoQgU.exe
  2⤵
  PID:4312
- C:\Windows\System\DrdzhRZ.exe
  C:\Windows\System\DrdzhRZ.exe
  2⤵
  PID:4332
- C:\Windows\System\QtkPIPo.exe
  C:\Windows\System\QtkPIPo.exe
  2⤵
  PID:4348
- C:\Windows\System\OkdMbwB.exe
  C:\Windows\System\OkdMbwB.exe
  2⤵
  PID:4364
- C:\Windows\System\yZQGjBc.exe
  C:\Windows\System\yZQGjBc.exe
  2⤵
  PID:4384
- C:\Windows\System\tuqLiNE.exe
  C:\Windows\System\tuqLiNE.exe
  2⤵
  PID:4404
- C:\Windows\System\WIzrnvg.exe
  C:\Windows\System\WIzrnvg.exe
  2⤵
  PID:4424
- C:\Windows\System\vRpcioH.exe
  C:\Windows\System\vRpcioH.exe
  2⤵
  PID:4444
- C:\Windows\System\yDRnCDg.exe
  C:\Windows\System\yDRnCDg.exe
  2⤵
  PID:4468
- C:\Windows\System\bqgymwZ.exe
  C:\Windows\System\bqgymwZ.exe
  2⤵
  PID:4484
- C:\Windows\System\fHFAGoR.exe
  C:\Windows\System\fHFAGoR.exe
  2⤵
  PID:4508
- C:\Windows\System\iYfpWtR.exe
  C:\Windows\System\iYfpWtR.exe
  2⤵
  PID:4528
- C:\Windows\System\qpTFxYE.exe
  C:\Windows\System\qpTFxYE.exe
  2⤵
  PID:4548
- C:\Windows\System\fXabygK.exe
  C:\Windows\System\fXabygK.exe
  2⤵
  PID:4568
- C:\Windows\System\XPDNFYj.exe
  C:\Windows\System\XPDNFYj.exe
  2⤵
  PID:4592
- C:\Windows\System\hRzPxaL.exe
  C:\Windows\System\hRzPxaL.exe
  2⤵
  PID:4612
- C:\Windows\System\nixuIeo.exe
  C:\Windows\System\nixuIeo.exe
  2⤵
  PID:4632
- C:\Windows\System\DBsgzPV.exe
  C:\Windows\System\DBsgzPV.exe
  2⤵
  PID:4652
- C:\Windows\System\EmriHzD.exe
  C:\Windows\System\EmriHzD.exe
  2⤵
  PID:4668
- C:\Windows\System\fRcGvWE.exe
  C:\Windows\System\fRcGvWE.exe
  2⤵
  PID:4688
- C:\Windows\System\KjEBsKG.exe
  C:\Windows\System\KjEBsKG.exe
  2⤵
  PID:4712
- C:\Windows\System\SRqYZsZ.exe
  C:\Windows\System\SRqYZsZ.exe
  2⤵
  PID:4732
- C:\Windows\System\csMmDMB.exe
  C:\Windows\System\csMmDMB.exe
  2⤵
  PID:4748
- C:\Windows\System\kLQaoRm.exe
  C:\Windows\System\kLQaoRm.exe
  2⤵
  PID:4764
- C:\Windows\System\PDbqOeR.exe
  C:\Windows\System\PDbqOeR.exe
  2⤵
  PID:4788
- C:\Windows\System\JDBXxgj.exe
  C:\Windows\System\JDBXxgj.exe
  2⤵
  PID:4804
- C:\Windows\System\dHqbvjL.exe
  C:\Windows\System\dHqbvjL.exe
  2⤵
  PID:4828
- C:\Windows\System\bruvIeW.exe
  C:\Windows\System\bruvIeW.exe
  2⤵
  PID:4844
- C:\Windows\System\WePgTlj.exe
  C:\Windows\System\WePgTlj.exe
  2⤵
  PID:4864
- C:\Windows\System\GfeHuBP.exe
  C:\Windows\System\GfeHuBP.exe
  2⤵
  PID:4880
- C:\Windows\System\fgjxDgj.exe
  C:\Windows\System\fgjxDgj.exe
  2⤵
  PID:4904
- C:\Windows\System\lNoFAVW.exe
  C:\Windows\System\lNoFAVW.exe
  2⤵
  PID:4924
- C:\Windows\System\mFhvjOO.exe
  C:\Windows\System\mFhvjOO.exe
  2⤵
  PID:4940
- C:\Windows\System\UVAWSYr.exe
  C:\Windows\System\UVAWSYr.exe
  2⤵
  PID:4956
- C:\Windows\System\VkMUPKx.exe
  C:\Windows\System\VkMUPKx.exe
  2⤵
  PID:4980
- C:\Windows\System\DFMDhJO.exe
  C:\Windows\System\DFMDhJO.exe
  2⤵
  PID:4996
- C:\Windows\System\OLifUkS.exe
  C:\Windows\System\OLifUkS.exe
  2⤵
  PID:5020
- C:\Windows\System\qYaCsdU.exe
  C:\Windows\System\qYaCsdU.exe
  2⤵
  PID:5036
- C:\Windows\System\ZZkacZY.exe
  C:\Windows\System\ZZkacZY.exe
  2⤵
  PID:5060
- C:\Windows\System\HgTgtaY.exe
  C:\Windows\System\HgTgtaY.exe
  2⤵
  PID:5076
- C:\Windows\System\TfjiCNP.exe
  C:\Windows\System\TfjiCNP.exe
  2⤵
  PID:5096
- C:\Windows\System\lyvktlt.exe
  C:\Windows\System\lyvktlt.exe
  2⤵
  PID:5116
- C:\Windows\System\YIYFbTw.exe
  C:\Windows\System\YIYFbTw.exe
  2⤵
  PID:3640
- C:\Windows\System\qFEOkcy.exe
  C:\Windows\System\qFEOkcy.exe
  2⤵
  PID:3752
- C:\Windows\System\IPMPFDX.exe
  C:\Windows\System\IPMPFDX.exe
  2⤵
  PID:3124
- C:\Windows\System\EbBLXvK.exe
  C:\Windows\System\EbBLXvK.exe
  2⤵
  PID:3256
- C:\Windows\System\idBaHrF.exe
  C:\Windows\System\idBaHrF.exe
  2⤵
  PID:3540
- C:\Windows\System\FBnwbsG.exe
  C:\Windows\System\FBnwbsG.exe
  2⤵
  PID:4136
- C:\Windows\System\PWgGqiI.exe
  C:\Windows\System\PWgGqiI.exe
  2⤵
  PID:1980
- C:\Windows\System\PVTuSIH.exe
  C:\Windows\System\PVTuSIH.exe
  2⤵
  PID:3888
- C:\Windows\System\ttOtfjX.exe
  C:\Windows\System\ttOtfjX.exe
  2⤵
  PID:800
- C:\Windows\System\jzPgqaT.exe
  C:\Windows\System\jzPgqaT.exe
  2⤵
  PID:1704
- C:\Windows\System\StrsQVM.exe
  C:\Windows\System\StrsQVM.exe
  2⤵
  PID:3192
- C:\Windows\System\xFaqDTa.exe
  C:\Windows\System\xFaqDTa.exe
  2⤵
  PID:3696
- C:\Windows\System\BdMLIXz.exe
  C:\Windows\System\BdMLIXz.exe
  2⤵
  PID:4196
- C:\Windows\System\ONvVnXw.exe
  C:\Windows\System\ONvVnXw.exe
  2⤵
  PID:4160
- C:\Windows\System\BAVhRdl.exe
  C:\Windows\System\BAVhRdl.exe
  2⤵
  PID:4036
- C:\Windows\System\wbKofjU.exe
  C:\Windows\System\wbKofjU.exe
  2⤵
  PID:4212
- C:\Windows\System\KjYDnGl.exe
  C:\Windows\System\KjYDnGl.exe
  2⤵
  PID:4232
- C:\Windows\System\RBnTvSi.exe
  C:\Windows\System\RBnTvSi.exe
  2⤵
  PID:4284
- C:\Windows\System\UtoRJfL.exe
  C:\Windows\System\UtoRJfL.exe
  2⤵
  PID:4252
- C:\Windows\System\UquUOao.exe
  C:\Windows\System\UquUOao.exe
  2⤵
  PID:4264
- C:\Windows\System\taenToL.exe
  C:\Windows\System\taenToL.exe
  2⤵
  PID:4400
- C:\Windows\System\VkTFIXQ.exe
  C:\Windows\System\VkTFIXQ.exe
  2⤵
  PID:4340
- C:\Windows\System\dsqOeqE.exe
  C:\Windows\System\dsqOeqE.exe
  2⤵
  PID:4476
- C:\Windows\System\EBDuWws.exe
  C:\Windows\System\EBDuWws.exe
  2⤵
  PID:4420
- C:\Windows\System\LVbsmBh.exe
  C:\Windows\System\LVbsmBh.exe
  2⤵
  PID:4464
- C:\Windows\System\BuiXVCp.exe
  C:\Windows\System\BuiXVCp.exe
  2⤵
  PID:4604
- C:\Windows\System\gMwHULX.exe
  C:\Windows\System\gMwHULX.exe
  2⤵
  PID:4544
- C:\Windows\System\aLeaFPk.exe
  C:\Windows\System\aLeaFPk.exe
  2⤵
  PID:4684
- C:\Windows\System\kqIlCVZ.exe
  C:\Windows\System\kqIlCVZ.exe
  2⤵
  PID:4536
- C:\Windows\System\gmLONtE.exe
  C:\Windows\System\gmLONtE.exe
  2⤵
  PID:4760
- C:\Windows\System\OKYkUHe.exe
  C:\Windows\System\OKYkUHe.exe
  2⤵
  PID:4588
- C:\Windows\System\ovxLOBw.exe
  C:\Windows\System\ovxLOBw.exe
  2⤵
  PID:4872
- C:\Windows\System\eYRRGIi.exe
  C:\Windows\System\eYRRGIi.exe
  2⤵
  PID:4700
- C:\Windows\System\TYRCUGy.exe
  C:\Windows\System\TYRCUGy.exe
  2⤵
  PID:4708
- C:\Windows\System\gKNqdZK.exe
  C:\Windows\System\gKNqdZK.exe
  2⤵
  PID:4744
- C:\Windows\System\nVcKSwu.exe
  C:\Windows\System\nVcKSwu.exe
  2⤵
  PID:4952
- C:\Windows\System\CMPfHWj.exe
  C:\Windows\System\CMPfHWj.exe
  2⤵
  PID:5028
- C:\Windows\System\KECBPnZ.exe
  C:\Windows\System\KECBPnZ.exe
  2⤵
  PID:4784
- C:\Windows\System\QoVkgqf.exe
  C:\Windows\System\QoVkgqf.exe
  2⤵
  PID:4824
- C:\Windows\System\kAQUtIb.exe
  C:\Windows\System\kAQUtIb.exe
  2⤵
  PID:5032
- C:\Windows\System\YkmDTSn.exe
  C:\Windows\System\YkmDTSn.exe
  2⤵
  PID:5112
- C:\Windows\System\pAFuYQT.exe
  C:\Windows\System\pAFuYQT.exe
  2⤵
  PID:4072
- C:\Windows\System\arXwMnp.exe
  C:\Windows\System\arXwMnp.exe
  2⤵
  PID:4104
- C:\Windows\System\hMxCPbd.exe
  C:\Windows\System\hMxCPbd.exe
  2⤵
  PID:848
- C:\Windows\System\LrfiEFU.exe
  C:\Windows\System\LrfiEFU.exe
  2⤵
  PID:4896
- C:\Windows\System\yfVIhQj.exe
  C:\Windows\System\yfVIhQj.exe
  2⤵
  PID:4972
- C:\Windows\System\YVwBtPm.exe
  C:\Windows\System\YVwBtPm.exe
  2⤵
  PID:4192
- C:\Windows\System\iSLrdLL.exe
  C:\Windows\System\iSLrdLL.exe
  2⤵
  PID:5008
- C:\Windows\System\ugCsPed.exe
  C:\Windows\System\ugCsPed.exe
  2⤵
  PID:3440
- C:\Windows\System\XOxnqBk.exe
  C:\Windows\System\XOxnqBk.exe
  2⤵
  PID:4260
- C:\Windows\System\ussCYKc.exe
  C:\Windows\System\ussCYKc.exe
  2⤵
  PID:4344
- C:\Windows\System\CXrVfSN.exe
  C:\Windows\System\CXrVfSN.exe
  2⤵
  PID:5056
- C:\Windows\System\XyaIUaz.exe
  C:\Windows\System\XyaIUaz.exe
  2⤵
  PID:5092
- C:\Windows\System\Zkfjdcp.exe
  C:\Windows\System\Zkfjdcp.exe
  2⤵
  PID:3736
- C:\Windows\System\iUGSEZD.exe
  C:\Windows\System\iUGSEZD.exe
  2⤵
  PID:2732
- C:\Windows\System\ljxoMnx.exe
  C:\Windows\System\ljxoMnx.exe
  2⤵
  PID:3096
- C:\Windows\System\pQgCPAT.exe
  C:\Windows\System\pQgCPAT.exe
  2⤵
  PID:1928
- C:\Windows\System\VLrTyBH.exe
  C:\Windows\System\VLrTyBH.exe
  2⤵
  PID:4060
- C:\Windows\System\ireeIzi.exe
  C:\Windows\System\ireeIzi.exe
  2⤵
  PID:2516
- C:\Windows\System\wdRiVnF.exe
  C:\Windows\System\wdRiVnF.exe
  2⤵
  PID:4124
- C:\Windows\System\zeMEtzh.exe
  C:\Windows\System\zeMEtzh.exe
  2⤵
  PID:4228
- C:\Windows\System\RaNnLBO.exe
  C:\Windows\System\RaNnLBO.exe
  2⤵
  PID:4436
- C:\Windows\System\GhgSEQA.exe
  C:\Windows\System\GhgSEQA.exe
  2⤵
  PID:4120
- C:\Windows\System\JPxzssy.exe
  C:\Windows\System\JPxzssy.exe
  2⤵
  PID:4324
- C:\Windows\System\SHBUTfE.exe
  C:\Windows\System\SHBUTfE.exe
  2⤵
  PID:1972
- C:\Windows\System\rcpXXVu.exe
  C:\Windows\System\rcpXXVu.exe
  2⤵
  PID:4648
- C:\Windows\System\enKTioZ.exe
  C:\Windows\System\enKTioZ.exe
  2⤵
  PID:4580
- C:\Windows\System\zHOsTLk.exe
  C:\Windows\System\zHOsTLk.exe
  2⤵
  PID:4836
- C:\Windows\System\HvqhprD.exe
  C:\Windows\System\HvqhprD.exe
  2⤵
  PID:4664
- C:\Windows\System\xeIdWIc.exe
  C:\Windows\System\xeIdWIc.exe
  2⤵
  PID:4912
- C:\Windows\System\pAxtgGB.exe
  C:\Windows\System\pAxtgGB.exe
  2⤵
  PID:4776
- C:\Windows\System\dTOZpOU.exe
  C:\Windows\System\dTOZpOU.exe
  2⤵
  PID:4820
- C:\Windows\System\DANKiIg.exe
  C:\Windows\System\DANKiIg.exe
  2⤵
  PID:3872
- C:\Windows\System\HjAeSuc.exe
  C:\Windows\System\HjAeSuc.exe
  2⤵
  PID:3272
- C:\Windows\System\IKmJTkd.exe
  C:\Windows\System\IKmJTkd.exe
  2⤵
  PID:4180
- C:\Windows\System\ZRBpLLD.exe
  C:\Windows\System\ZRBpLLD.exe
  2⤵
  PID:4936
- C:\Windows\System\YimyTwm.exe
  C:\Windows\System\YimyTwm.exe
  2⤵
  PID:5004
- C:\Windows\System\itzvzvK.exe
  C:\Windows\System\itzvzvK.exe
  2⤵
  PID:5048
- C:\Windows\System\ejcDsUs.exe
  C:\Windows\System\ejcDsUs.exe
  2⤵
  PID:2352
- C:\Windows\System\XURerkD.exe
  C:\Windows\System\XURerkD.exe
  2⤵
  PID:4412
- C:\Windows\System\GOlWape.exe
  C:\Windows\System\GOlWape.exe
  2⤵
  PID:4644
- C:\Windows\System\CSkvOVf.exe
  C:\Windows\System\CSkvOVf.exe
  2⤵
  PID:4756
- C:\Windows\System\UmYCAbL.exe
  C:\Windows\System\UmYCAbL.exe
  2⤵
  PID:2228
- C:\Windows\System\DBAYTew.exe
  C:\Windows\System\DBAYTew.exe
  2⤵
  PID:4740
- C:\Windows\System\gBqIHVk.exe
  C:\Windows\System\gBqIHVk.exe
  2⤵
  PID:3800
- C:\Windows\System\whXfypa.exe
  C:\Windows\System\whXfypa.exe
  2⤵
  PID:2956
- C:\Windows\System\fLXaFbS.exe
  C:\Windows\System\fLXaFbS.exe
  2⤵
  PID:5044
- C:\Windows\System\AqycZav.exe
  C:\Windows\System\AqycZav.exe
  2⤵
  PID:4416
- C:\Windows\System\clHTlZz.exe
  C:\Windows\System\clHTlZz.exe
  2⤵
  PID:2960
- C:\Windows\System\pxxUxsp.exe
  C:\Windows\System\pxxUxsp.exe
  2⤵
  PID:4200
- C:\Windows\System\jUFwwYG.exe
  C:\Windows\System\jUFwwYG.exe
  2⤵
  PID:4116
- C:\Windows\System\avxDJbX.exe
  C:\Windows\System\avxDJbX.exe
  2⤵
  PID:2712
- C:\Windows\System\jCiqlju.exe
  C:\Windows\System\jCiqlju.exe
  2⤵
  PID:4992
- C:\Windows\System\XTEelZm.exe
  C:\Windows\System\XTEelZm.exe
  2⤵
  PID:4696
- C:\Windows\System\RCbzWCe.exe
  C:\Windows\System\RCbzWCe.exe
  2⤵
  PID:3268
- C:\Windows\System\OJvXUmq.exe
  C:\Windows\System\OJvXUmq.exe
  2⤵
  PID:3392
- C:\Windows\System\DFdzTPR.exe
  C:\Windows\System\DFdzTPR.exe
  2⤵
  PID:5132
- C:\Windows\System\JCBesAO.exe
  C:\Windows\System\JCBesAO.exe
  2⤵
  PID:5148
- C:\Windows\System\PSJynnY.exe
  C:\Windows\System\PSJynnY.exe
  2⤵
  PID:5164
- C:\Windows\System\ocvamvT.exe
  C:\Windows\System\ocvamvT.exe
  2⤵
  PID:5180
- C:\Windows\System\hbALsUj.exe
  C:\Windows\System\hbALsUj.exe
  2⤵
  PID:5196
- C:\Windows\System\CottCfR.exe
  C:\Windows\System\CottCfR.exe
  2⤵
  PID:5212
- C:\Windows\System\vKKIVXd.exe
  C:\Windows\System\vKKIVXd.exe
  2⤵
  PID:5228
- C:\Windows\System\COVripY.exe
  C:\Windows\System\COVripY.exe
  2⤵
  PID:5244
- C:\Windows\System\UfIdMoV.exe
  C:\Windows\System\UfIdMoV.exe
  2⤵
  PID:5260
- C:\Windows\System\vFgVzqP.exe
  C:\Windows\System\vFgVzqP.exe
  2⤵
  PID:5276
- C:\Windows\System\ztUnPBb.exe
  C:\Windows\System\ztUnPBb.exe
  2⤵
  PID:5296
- C:\Windows\System\moHqxsz.exe
  C:\Windows\System\moHqxsz.exe
  2⤵
  PID:5312
- C:\Windows\System\fnMEIyk.exe
  C:\Windows\System\fnMEIyk.exe
  2⤵
  PID:5328
- C:\Windows\System\nnZmvtx.exe
  C:\Windows\System\nnZmvtx.exe
  2⤵
  PID:5344
- C:\Windows\System\LbZToKo.exe
  C:\Windows\System\LbZToKo.exe
  2⤵
  PID:5360
- C:\Windows\System\gcvrUSb.exe
  C:\Windows\System\gcvrUSb.exe
  2⤵
  PID:5376
- C:\Windows\System\qdJeSDM.exe
  C:\Windows\System\qdJeSDM.exe
  2⤵
  PID:5392
- C:\Windows\System\weNeWzJ.exe
  C:\Windows\System\weNeWzJ.exe
  2⤵
  PID:5408
- C:\Windows\System\WguqIHx.exe
  C:\Windows\System\WguqIHx.exe
  2⤵
  PID:5424
- C:\Windows\System\knnQkil.exe
  C:\Windows\System\knnQkil.exe
  2⤵
  PID:5440
- C:\Windows\System\tnXCLcz.exe
  C:\Windows\System\tnXCLcz.exe
  2⤵
  PID:5456
- C:\Windows\System\gsVfTeZ.exe
  C:\Windows\System\gsVfTeZ.exe
  2⤵
  PID:5472
- C:\Windows\System\OjATJGl.exe
  C:\Windows\System\OjATJGl.exe
  2⤵
  PID:5488
- C:\Windows\System\azPOwlA.exe
  C:\Windows\System\azPOwlA.exe
  2⤵
  PID:5504
- C:\Windows\System\YkbtcCG.exe
  C:\Windows\System\YkbtcCG.exe
  2⤵
  PID:5520
- C:\Windows\System\rcfWaJN.exe
  C:\Windows\System\rcfWaJN.exe
  2⤵
  PID:5536
- C:\Windows\System\DEctUeP.exe
  C:\Windows\System\DEctUeP.exe
  2⤵
  PID:5552
- C:\Windows\System\tOlTwsQ.exe
  C:\Windows\System\tOlTwsQ.exe
  2⤵
  PID:5568
- C:\Windows\System\etZppxB.exe
  C:\Windows\System\etZppxB.exe
  2⤵
  PID:5584
- C:\Windows\System\enKPFRx.exe
  C:\Windows\System\enKPFRx.exe
  2⤵
  PID:5600
- C:\Windows\System\BHVHuZL.exe
  C:\Windows\System\BHVHuZL.exe
  2⤵
  PID:5616
- C:\Windows\System\xXAsRLC.exe
  C:\Windows\System\xXAsRLC.exe
  2⤵
  PID:5632
- C:\Windows\System\KizNsRC.exe
  C:\Windows\System\KizNsRC.exe
  2⤵
  PID:5648
- C:\Windows\System\dpMTdTy.exe
  C:\Windows\System\dpMTdTy.exe
  2⤵
  PID:5664
- C:\Windows\System\eiYLWur.exe
  C:\Windows\System\eiYLWur.exe
  2⤵
  PID:5680
- C:\Windows\System\cDGTzpY.exe
  C:\Windows\System\cDGTzpY.exe
  2⤵
  PID:5696
- C:\Windows\System\sjkXBYB.exe
  C:\Windows\System\sjkXBYB.exe
  2⤵
  PID:5712
- C:\Windows\System\Nktotim.exe
  C:\Windows\System\Nktotim.exe
  2⤵
  PID:5728
- C:\Windows\System\aSxBrlj.exe
  C:\Windows\System\aSxBrlj.exe
  2⤵
  PID:5744
- C:\Windows\System\oAugDrZ.exe
  C:\Windows\System\oAugDrZ.exe
  2⤵
  PID:5760
- C:\Windows\System\DnPQhWi.exe
  C:\Windows\System\DnPQhWi.exe
  2⤵
  PID:5780
- C:\Windows\System\jhoHsWS.exe
  C:\Windows\System\jhoHsWS.exe
  2⤵
  PID:5796
- C:\Windows\System\vlQdwUV.exe
  C:\Windows\System\vlQdwUV.exe
  2⤵
  PID:5812
- C:\Windows\System\QBjZTiB.exe
  C:\Windows\System\QBjZTiB.exe
  2⤵
  PID:5828
- C:\Windows\System\xKKcAJF.exe
  C:\Windows\System\xKKcAJF.exe
  2⤵
  PID:5844
- C:\Windows\System\EeDebNo.exe
  C:\Windows\System\EeDebNo.exe
  2⤵
  PID:5860
- C:\Windows\System\ZnvXgWl.exe
  C:\Windows\System\ZnvXgWl.exe
  2⤵
  PID:5876
- C:\Windows\System\Mvunlhx.exe
  C:\Windows\System\Mvunlhx.exe
  2⤵
  PID:5892
- C:\Windows\System\mtDbjBA.exe
  C:\Windows\System\mtDbjBA.exe
  2⤵
  PID:5908
- C:\Windows\System\fmbxXoE.exe
  C:\Windows\System\fmbxXoE.exe
  2⤵
  PID:5924
- C:\Windows\System\YtGHZAA.exe
  C:\Windows\System\YtGHZAA.exe
  2⤵
  PID:5940
- C:\Windows\System\VzytVlD.exe
  C:\Windows\System\VzytVlD.exe
  2⤵
  PID:5956
- C:\Windows\System\gboEStW.exe
  C:\Windows\System\gboEStW.exe
  2⤵
  PID:5972
- C:\Windows\System\ePopkeu.exe
  C:\Windows\System\ePopkeu.exe
  2⤵
  PID:5988
- C:\Windows\System\bqALMxh.exe
  C:\Windows\System\bqALMxh.exe
  2⤵
  PID:6004
- C:\Windows\System\iNDlegV.exe
  C:\Windows\System\iNDlegV.exe
  2⤵
  PID:6020
- C:\Windows\System\gkleFfD.exe
  C:\Windows\System\gkleFfD.exe
  2⤵
  PID:6036
- C:\Windows\System\GLSNQSY.exe
  C:\Windows\System\GLSNQSY.exe
  2⤵
  PID:6056
- C:\Windows\System\qLEgTVA.exe
  C:\Windows\System\qLEgTVA.exe
  2⤵
  PID:6072
- C:\Windows\System\MQlkSlK.exe
  C:\Windows\System\MQlkSlK.exe
  2⤵
  PID:6088
- C:\Windows\System\KQyvRJW.exe
  C:\Windows\System\KQyvRJW.exe
  2⤵
  PID:6104
- C:\Windows\System\NpCiarL.exe
  C:\Windows\System\NpCiarL.exe
  2⤵
  PID:6120
- C:\Windows\System\KKCPsqD.exe
  C:\Windows\System\KKCPsqD.exe
  2⤵
  PID:6136
- C:\Windows\System\ApcipgA.exe
  C:\Windows\System\ApcipgA.exe
  2⤵
  PID:2776
- C:\Windows\System\vagWgkK.exe
  C:\Windows\System\vagWgkK.exe
  2⤵
  PID:4620
- C:\Windows\System\QGmyYyW.exe
  C:\Windows\System\QGmyYyW.exe
  2⤵
  PID:4224
- C:\Windows\System\LgXxsVt.exe
  C:\Windows\System\LgXxsVt.exe
  2⤵
  PID:2316
- C:\Windows\System\JWNwjAR.exe
  C:\Windows\System\JWNwjAR.exe
  2⤵
  PID:5128
- C:\Windows\System\ZwTjfuO.exe
  C:\Windows\System\ZwTjfuO.exe
  2⤵
  PID:5140
- C:\Windows\System\pjbmZAL.exe
  C:\Windows\System\pjbmZAL.exe
  2⤵
  PID:5160
- C:\Windows\System\BgWQnbv.exe
  C:\Windows\System\BgWQnbv.exe
  2⤵
  PID:5192
- C:\Windows\System\hFIthTR.exe
  C:\Windows\System\hFIthTR.exe
  2⤵
  PID:5220
- C:\Windows\System\uqGweAQ.exe
  C:\Windows\System\uqGweAQ.exe
  2⤵
  PID:5236
- C:\Windows\System\uMcYtIa.exe
  C:\Windows\System\uMcYtIa.exe
  2⤵
  PID:5272
- C:\Windows\System\BhydgWt.exe
  C:\Windows\System\BhydgWt.exe
  2⤵
  PID:5304
- C:\Windows\System\STWfLIm.exe
  C:\Windows\System\STWfLIm.exe
  2⤵
  PID:5352
- C:\Windows\System\sKyFOnP.exe
  C:\Windows\System\sKyFOnP.exe
  2⤵
  PID:5368
- C:\Windows\System\vQBamsl.exe
  C:\Windows\System\vQBamsl.exe
  2⤵
  PID:5416
- C:\Windows\System\JpGBgiU.exe
  C:\Windows\System\JpGBgiU.exe
  2⤵
  PID:5448
- C:\Windows\System\iAxiVRL.exe
  C:\Windows\System\iAxiVRL.exe
  2⤵
  PID:5480
- C:\Windows\System\JOsVXeV.exe
  C:\Windows\System\JOsVXeV.exe
  2⤵
  PID:5512
- C:\Windows\System\iJbYZqF.exe
  C:\Windows\System\iJbYZqF.exe
  2⤵
  PID:5544
- C:\Windows\System\HiGiTfh.exe
  C:\Windows\System\HiGiTfh.exe
  2⤵
  PID:5560
- C:\Windows\System\pMzHKje.exe
  C:\Windows\System\pMzHKje.exe
  2⤵
  PID:5608
- C:\Windows\System\mtlARry.exe
  C:\Windows\System\mtlARry.exe
  2⤵
  PID:5624
- C:\Windows\System\JsDclmb.exe
  C:\Windows\System\JsDclmb.exe
  2⤵
  PID:5672
- C:\Windows\System\XOZMPKd.exe
  C:\Windows\System\XOZMPKd.exe
  2⤵
  PID:2004
- C:\Windows\System\UZCrzMu.exe
  C:\Windows\System\UZCrzMu.exe
  2⤵
  PID:3220
- C:\Windows\System\dPeWiZL.exe
  C:\Windows\System\dPeWiZL.exe
  2⤵
  PID:2328
- C:\Windows\System\SeQtUZy.exe
  C:\Windows\System\SeQtUZy.exe
  2⤵
  PID:5756
- C:\Windows\System\FoMSFWX.exe
  C:\Windows\System\FoMSFWX.exe
  2⤵
  PID:5836
- C:\Windows\System\ROEVvLd.exe
  C:\Windows\System\ROEVvLd.exe
  2⤵
  PID:5824
- C:\Windows\System\yfIVTjB.exe
  C:\Windows\System\yfIVTjB.exe
  2⤵
  PID:5872
- C:\Windows\System\FhPbQYG.exe
  C:\Windows\System\FhPbQYG.exe
  2⤵
  PID:5884
- C:\Windows\System\eROmVVP.exe
  C:\Windows\System\eROmVVP.exe
  2⤵
  PID:5932
- C:\Windows\System\ZUVsmHB.exe
  C:\Windows\System\ZUVsmHB.exe
  2⤵
  PID:5964
- C:\Windows\System\NpgyuYJ.exe
  C:\Windows\System\NpgyuYJ.exe
  2⤵
  PID:5968
- C:\Windows\System\EMQWNhZ.exe
  C:\Windows\System\EMQWNhZ.exe
  2⤵
  PID:6000
- C:\Windows\System\ibhmsvM.exe
  C:\Windows\System\ibhmsvM.exe
  2⤵
  PID:6032
- C:\Windows\System\fkOvtBe.exe
  C:\Windows\System\fkOvtBe.exe
  2⤵
  PID:6068
- C:\Windows\System\yBIswki.exe
  C:\Windows\System\yBIswki.exe
  2⤵
  PID:1664
- C:\Windows\System\vGxPcvP.exe
  C:\Windows\System\vGxPcvP.exe
  2⤵
  PID:6116
- C:\Windows\System\NBtmPSq.exe
  C:\Windows\System\NBtmPSq.exe
  2⤵
  PID:4556
- C:\Windows\System\zSQxklq.exe
  C:\Windows\System\zSQxklq.exe
  2⤵
  PID:4392
- C:\Windows\System\OBcoJfa.exe
  C:\Windows\System\OBcoJfa.exe
  2⤵
  PID:5124
- C:\Windows\System\glRTVri.exe
  C:\Windows\System\glRTVri.exe
  2⤵
  PID:5156
- C:\Windows\System\LKfJZnd.exe
  C:\Windows\System\LKfJZnd.exe
  2⤵
  PID:5252
- C:\Windows\System\NQRzECZ.exe
  C:\Windows\System\NQRzECZ.exe
  2⤵
  PID:5320
- C:\Windows\System\GgTosiw.exe
  C:\Windows\System\GgTosiw.exe
  2⤵
  PID:5336
- C:\Windows\System\xiDCAFB.exe
  C:\Windows\System\xiDCAFB.exe
  2⤵
  PID:5400
- C:\Windows\System\qTWYoeo.exe
  C:\Windows\System\qTWYoeo.exe
  2⤵
  PID:2968
- C:\Windows\System\YYcDxCC.exe
  C:\Windows\System\YYcDxCC.exe
  2⤵
  PID:5548
- C:\Windows\System\LUrRzjc.exe
  C:\Windows\System\LUrRzjc.exe
  2⤵
  PID:5612
- C:\Windows\System\VrQfHrN.exe
  C:\Windows\System\VrQfHrN.exe
  2⤵
  PID:5656
- C:\Windows\System\lShipZo.exe
  C:\Windows\System\lShipZo.exe
  2⤵
  PID:5692
- C:\Windows\System\RugLTdv.exe
  C:\Windows\System\RugLTdv.exe
  2⤵
  PID:5752
- C:\Windows\System\suLfghn.exe
  C:\Windows\System\suLfghn.exe
  2⤵
  PID:2028
- C:\Windows\System\TNIpLBj.exe
  C:\Windows\System\TNIpLBj.exe
  2⤵
  PID:5856
- C:\Windows\System\yahZolO.exe
  C:\Windows\System\yahZolO.exe
  2⤵
  PID:5920
- C:\Windows\System\QmFifHO.exe
  C:\Windows\System\QmFifHO.exe
  2⤵
  PID:3000
- C:\Windows\System\LEgPlLJ.exe
  C:\Windows\System\LEgPlLJ.exe
  2⤵
  PID:5984
- C:\Windows\System\nWNdSsu.exe
  C:\Windows\System\nWNdSsu.exe
  2⤵
  PID:6044
- C:\Windows\System\WrsDozC.exe
  C:\Windows\System\WrsDozC.exe
  2⤵
  PID:4372
- C:\Windows\System\FhrzDlg.exe
  C:\Windows\System\FhrzDlg.exe
  2⤵
  PID:4840
- C:\Windows\System\SErLpDq.exe
  C:\Windows\System\SErLpDq.exe
  2⤵
  PID:2756
- C:\Windows\System\KfuDjKx.exe
  C:\Windows\System\KfuDjKx.exe
  2⤵
  PID:5324
- C:\Windows\System\myVYQVC.exe
  C:\Windows\System\myVYQVC.exe
  2⤵
  PID:5484
- C:\Windows\System\joxwUtZ.exe
  C:\Windows\System\joxwUtZ.exe
  2⤵
  PID:5576
- C:\Windows\System\FbeqGSI.exe
  C:\Windows\System\FbeqGSI.exe
  2⤵
  PID:5660
- C:\Windows\System\joFcxIt.exe
  C:\Windows\System\joFcxIt.exe
  2⤵
  PID:2868
- C:\Windows\System\DbyUTuK.exe
  C:\Windows\System\DbyUTuK.exe
  2⤵
  PID:5820
- C:\Windows\System\cFuOcPW.exe
  C:\Windows\System\cFuOcPW.exe
  2⤵
  PID:6052
- C:\Windows\System\tnHOZlF.exe
  C:\Windows\System\tnHOZlF.exe
  2⤵
  PID:5936
- C:\Windows\System\qbpbODz.exe
  C:\Windows\System\qbpbODz.exe
  2⤵
  PID:296
- C:\Windows\System\OPmNxdU.exe
  C:\Windows\System\OPmNxdU.exe
  2⤵
  PID:5144
- C:\Windows\System\wbNqzIh.exe
  C:\Windows\System\wbNqzIh.exe
  2⤵
  PID:2660
- C:\Windows\System\uJfocNl.exe
  C:\Windows\System\uJfocNl.exe
  2⤵
  PID:2900
- C:\Windows\System\pJyKhSQ.exe
  C:\Windows\System\pJyKhSQ.exe
  2⤵
  PID:5720
- C:\Windows\System\zPuGjQz.exe
  C:\Windows\System\zPuGjQz.exe
  2⤵
  PID:684
- C:\Windows\System\pvXFfNC.exe
  C:\Windows\System\pvXFfNC.exe
  2⤵
  PID:5868
- C:\Windows\System\ZbauPNS.exe
  C:\Windows\System\ZbauPNS.exe
  2⤵
  PID:5224
- C:\Windows\System\JMlGtpG.exe
  C:\Windows\System\JMlGtpG.exe
  2⤵
  PID:5564
- C:\Windows\System\SfmUExF.exe
  C:\Windows\System\SfmUExF.exe
  2⤵
  PID:5888
- C:\Windows\System\GGsotYa.exe
  C:\Windows\System\GGsotYa.exe
  2⤵
  PID:6152
- C:\Windows\System\OPDKgzP.exe
  C:\Windows\System\OPDKgzP.exe
  2⤵
  PID:6168
- C:\Windows\System\stSuOxq.exe
  C:\Windows\System\stSuOxq.exe
  2⤵
  PID:6184
- C:\Windows\System\wScisIB.exe
  C:\Windows\System\wScisIB.exe
  2⤵
  PID:6204
- C:\Windows\System\BRWsVTt.exe
  C:\Windows\System\BRWsVTt.exe
  2⤵
  PID:6228
- C:\Windows\System\dWxoCdB.exe
  C:\Windows\System\dWxoCdB.exe
  2⤵
  PID:6288
- C:\Windows\System\RLhelgT.exe
  C:\Windows\System\RLhelgT.exe
  2⤵
  PID:6304
- C:\Windows\System\kdFzJvn.exe
  C:\Windows\System\kdFzJvn.exe
  2⤵
  PID:6320
- C:\Windows\System\KtDrRqj.exe
  C:\Windows\System\KtDrRqj.exe
  2⤵
  PID:6336
- C:\Windows\System\KTwbJit.exe
  C:\Windows\System\KTwbJit.exe
  2⤵
  PID:6352
- C:\Windows\System\GjQiJWK.exe
  C:\Windows\System\GjQiJWK.exe
  2⤵
  PID:6368
- C:\Windows\System\nNNLxVu.exe
  C:\Windows\System\nNNLxVu.exe
  2⤵
  PID:6384
- C:\Windows\System\rjHNSQT.exe
  C:\Windows\System\rjHNSQT.exe
  2⤵
  PID:6400
- C:\Windows\System\DGMoUZs.exe
  C:\Windows\System\DGMoUZs.exe
  2⤵
  PID:6416
- C:\Windows\System\fWnVLZF.exe
  C:\Windows\System\fWnVLZF.exe
  2⤵
  PID:6432
- C:\Windows\System\NPeFZiB.exe
  C:\Windows\System\NPeFZiB.exe
  2⤵
  PID:6448
- C:\Windows\System\zAYgQmY.exe
  C:\Windows\System\zAYgQmY.exe
  2⤵
  PID:6464
- C:\Windows\System\fVEtAmO.exe
  C:\Windows\System\fVEtAmO.exe
  2⤵
  PID:6484
- C:\Windows\System\HxWUMnd.exe
  C:\Windows\System\HxWUMnd.exe
  2⤵
  PID:6500
- C:\Windows\System\StPbJNh.exe
  C:\Windows\System\StPbJNh.exe
  2⤵
  PID:6516
- C:\Windows\System\uRFZiTZ.exe
  C:\Windows\System\uRFZiTZ.exe
  2⤵
  PID:6532
- C:\Windows\System\dehdFlj.exe
  C:\Windows\System\dehdFlj.exe
  2⤵
  PID:6548
- C:\Windows\System\vYITpxN.exe
  C:\Windows\System\vYITpxN.exe
  2⤵
  PID:6564
- C:\Windows\System\TnEQYJY.exe
  C:\Windows\System\TnEQYJY.exe
  2⤵
  PID:6580
- C:\Windows\System\aTYqzav.exe
  C:\Windows\System\aTYqzav.exe
  2⤵
  PID:6596
- C:\Windows\System\EFWUqaA.exe
  C:\Windows\System\EFWUqaA.exe
  2⤵
  PID:6612
- C:\Windows\System\iEUbVDb.exe
  C:\Windows\System\iEUbVDb.exe
  2⤵
  PID:6628
- C:\Windows\System\UlLLYnk.exe
  C:\Windows\System\UlLLYnk.exe
  2⤵
  PID:6644
- C:\Windows\System\hQDmSFG.exe
  C:\Windows\System\hQDmSFG.exe
  2⤵
  PID:6660
- C:\Windows\System\LMSBizD.exe
  C:\Windows\System\LMSBizD.exe
  2⤵
  PID:6676
- C:\Windows\System\UrTDaYv.exe
  C:\Windows\System\UrTDaYv.exe
  2⤵
  PID:6692
- C:\Windows\System\ubsadoA.exe
  C:\Windows\System\ubsadoA.exe
  2⤵
  PID:6708
- C:\Windows\System\OPITZkr.exe
  C:\Windows\System\OPITZkr.exe
  2⤵
  PID:6724
- C:\Windows\System\sckMNzN.exe
  C:\Windows\System\sckMNzN.exe
  2⤵
  PID:6740
- C:\Windows\System\zjukeWl.exe
  C:\Windows\System\zjukeWl.exe
  2⤵
  PID:6756
- C:\Windows\System\vlltgmM.exe
  C:\Windows\System\vlltgmM.exe
  2⤵
  PID:6772
- C:\Windows\System\oYtzeEs.exe
  C:\Windows\System\oYtzeEs.exe
  2⤵
  PID:6788
- C:\Windows\System\xwclvWA.exe
  C:\Windows\System\xwclvWA.exe
  2⤵
  PID:6804
- C:\Windows\System\ezjtqOp.exe
  C:\Windows\System\ezjtqOp.exe
  2⤵
  PID:6820
- C:\Windows\System\YRitpkV.exe
  C:\Windows\System\YRitpkV.exe
  2⤵
  PID:6836
- C:\Windows\System\ztRRSeg.exe
  C:\Windows\System\ztRRSeg.exe
  2⤵
  PID:6852
- C:\Windows\System\dhixByg.exe
  C:\Windows\System\dhixByg.exe
  2⤵
  PID:6868
- C:\Windows\System\xANgeyx.exe
  C:\Windows\System\xANgeyx.exe
  2⤵
  PID:6884
- C:\Windows\System\feiKnlD.exe
  C:\Windows\System\feiKnlD.exe
  2⤵
  PID:6900
- C:\Windows\System\EKuncPb.exe
  C:\Windows\System\EKuncPb.exe
  2⤵
  PID:6916
- C:\Windows\System\DbbBfRd.exe
  C:\Windows\System\DbbBfRd.exe
  2⤵
  PID:6932
- C:\Windows\System\hYrqNoM.exe
  C:\Windows\System\hYrqNoM.exe
  2⤵
  PID:6948
- C:\Windows\System\turikZj.exe
  C:\Windows\System\turikZj.exe
  2⤵
  PID:6964
- C:\Windows\System\npFFSeC.exe
  C:\Windows\System\npFFSeC.exe
  2⤵
  PID:6980
- C:\Windows\System\OZVXUjj.exe
  C:\Windows\System\OZVXUjj.exe
  2⤵
  PID:6996
- C:\Windows\System\ukCqaiI.exe
  C:\Windows\System\ukCqaiI.exe
  2⤵
  PID:7012
- C:\Windows\System\ENvVKAz.exe
  C:\Windows\System\ENvVKAz.exe
  2⤵
  PID:7028
- C:\Windows\System\xIruaYo.exe
  C:\Windows\System\xIruaYo.exe
  2⤵
  PID:7044
- C:\Windows\System\qZyEqEM.exe
  C:\Windows\System\qZyEqEM.exe
  2⤵
  PID:7060
- C:\Windows\System\WTviSlE.exe
  C:\Windows\System\WTviSlE.exe
  2⤵
  PID:7076
- C:\Windows\System\hFpsMSS.exe
  C:\Windows\System\hFpsMSS.exe
  2⤵
  PID:7092
- C:\Windows\System\wSHWECO.exe
  C:\Windows\System\wSHWECO.exe
  2⤵
  PID:7112
- C:\Windows\System\dosdfJc.exe
  C:\Windows\System\dosdfJc.exe
  2⤵
  PID:7128
- C:\Windows\System\mJCGUdq.exe
  C:\Windows\System\mJCGUdq.exe
  2⤵
  PID:7144
- C:\Windows\System\yADyylF.exe
  C:\Windows\System\yADyylF.exe
  2⤵
  PID:7160
- C:\Windows\System\iblAXRd.exe
  C:\Windows\System\iblAXRd.exe
  2⤵
  PID:5372
- C:\Windows\System\fqYRfCI.exe
  C:\Windows\System\fqYRfCI.exe
  2⤵
  PID:6212
- C:\Windows\System\GpsgBRJ.exe
  C:\Windows\System\GpsgBRJ.exe
  2⤵
  PID:1616
- C:\Windows\System\uFPRpLc.exe
  C:\Windows\System\uFPRpLc.exe
  2⤵
  PID:5708
- C:\Windows\System\ZONEUoF.exe
  C:\Windows\System\ZONEUoF.exe
  2⤵
  PID:6196
- C:\Windows\System\lhRXGXA.exe
  C:\Windows\System\lhRXGXA.exe
  2⤵
  PID:6224
- C:\Windows\System\nAHqWRi.exe
  C:\Windows\System\nAHqWRi.exe
  2⤵
  PID:2252
- C:\Windows\System\WEcEchU.exe
  C:\Windows\System\WEcEchU.exe
  2⤵
  PID:6244
- C:\Windows\System\jdhfoIN.exe
  C:\Windows\System\jdhfoIN.exe
  2⤵
  PID:540
- C:\Windows\System\ABHoJkL.exe
  C:\Windows\System\ABHoJkL.exe
  2⤵
  PID:6268
- C:\Windows\System\PnqJQUt.exe
  C:\Windows\System\PnqJQUt.exe
  2⤵
  PID:6276
- C:\Windows\System\vhircnf.exe
  C:\Windows\System\vhircnf.exe
  2⤵
  PID:2988
- C:\Windows\System\aHqKpJw.exe
  C:\Windows\System\aHqKpJw.exe
  2⤵
  PID:820
- C:\Windows\System\kMOdYqV.exe
  C:\Windows\System\kMOdYqV.exe
  2⤵
  PID:6328
- C:\Windows\System\GyJblCK.exe
  C:\Windows\System\GyJblCK.exe
  2⤵
  PID:6392
- C:\Windows\System\apsXINB.exe
  C:\Windows\System\apsXINB.exe
  2⤵
  PID:6424
- C:\Windows\System\ksFZeMD.exe
  C:\Windows\System\ksFZeMD.exe
  2⤵
  PID:6472
- C:\Windows\System\sjSijEs.exe
  C:\Windows\System\sjSijEs.exe
  2⤵
  PID:6476
- C:\Windows\System\AkUtgAi.exe
  C:\Windows\System\AkUtgAi.exe
  2⤵
  PID:5804
- C:\Windows\System\HJeuJqo.exe
  C:\Windows\System\HJeuJqo.exe
  2⤵
  PID:6508
- C:\Windows\System\xyETOKv.exe
  C:\Windows\System\xyETOKv.exe
  2⤵
  PID:6540
- C:\Windows\System\DkYxvuY.exe
  C:\Windows\System\DkYxvuY.exe
  2⤵
  PID:6732
- C:\Windows\System\coRdmtr.exe
  C:\Windows\System\coRdmtr.exe
  2⤵
  PID:6956
- C:\Windows\System\nKrAtLJ.exe
  C:\Windows\System\nKrAtLJ.exe
  2⤵
  PID:6972
- C:\Windows\System\iCUDdTu.exe
  C:\Windows\System\iCUDdTu.exe
  2⤵
  PID:6944
- C:\Windows\System\wgUIlJj.exe
  C:\Windows\System\wgUIlJj.exe
  2⤵
  PID:7068
- C:\Windows\System\KOQliyd.exe
  C:\Windows\System\KOQliyd.exe
  2⤵
  PID:6176
- C:\Windows\System\wJbbtey.exe
  C:\Windows\System\wJbbtey.exe
  2⤵
  PID:6296
- C:\Windows\System\CxBmFoD.exe
  C:\Windows\System\CxBmFoD.exe
  2⤵
  PID:4440
- C:\Windows\System\JUrOLDs.exe
  C:\Windows\System\JUrOLDs.exe
  2⤵
  PID:6264
- C:\Windows\System\wIctDnL.exe
  C:\Windows\System\wIctDnL.exe
  2⤵
  PID:6380
- C:\Windows\System\VHGBBPY.exe
  C:\Windows\System\VHGBBPY.exe
  2⤵
  PID:6496
- C:\Windows\System\MkQZYua.exe
  C:\Windows\System\MkQZYua.exe
  2⤵
  PID:6444
- C:\Windows\System\BSioHxN.exe
  C:\Windows\System\BSioHxN.exe
  2⤵
  PID:6588
- C:\Windows\System\LIeCYsP.exe
  C:\Windows\System\LIeCYsP.exe
  2⤵
  PID:6572
- C:\Windows\System\hHqdqtO.exe
  C:\Windows\System\hHqdqtO.exe
  2⤵
  PID:6636
- C:\Windows\System\woixfFw.exe
  C:\Windows\System\woixfFw.exe
  2⤵
  PID:6688
- C:\Windows\System\fvoEriw.exe
  C:\Windows\System\fvoEriw.exe
  2⤵
  PID:6672
- C:\Windows\System\XdCwPlI.exe
  C:\Windows\System\XdCwPlI.exe
  2⤵
  PID:6796
- C:\Windows\System\pjrXRrH.exe
  C:\Windows\System\pjrXRrH.exe
  2⤵
  PID:2044
- C:\Windows\System\FnanGgX.exe
  C:\Windows\System\FnanGgX.exe
  2⤵
  PID:1516
- C:\Windows\System\jkWKqDQ.exe
  C:\Windows\System\jkWKqDQ.exe
  2⤵
  PID:6896
- C:\Windows\System\wlvnTta.exe
  C:\Windows\System\wlvnTta.exe
  2⤵
  PID:6864
- C:\Windows\System\YVuZeNJ.exe
  C:\Windows\System\YVuZeNJ.exe
  2⤵
  PID:6748
- C:\Windows\System\WffAXRV.exe
  C:\Windows\System\WffAXRV.exe
  2⤵
  PID:6912
- C:\Windows\System\tJMsziR.exe
  C:\Windows\System\tJMsziR.exe
  2⤵
  PID:6976
- C:\Windows\System\IYPCBhj.exe
  C:\Windows\System\IYPCBhj.exe
  2⤵
  PID:6828
- C:\Windows\System\cLKXNGs.exe
  C:\Windows\System\cLKXNGs.exe
  2⤵
  PID:7020
- C:\Windows\System\avgUTHP.exe
  C:\Windows\System\avgUTHP.exe
  2⤵
  PID:7100
- C:\Windows\System\snsXEIs.exe
  C:\Windows\System\snsXEIs.exe
  2⤵
  PID:7120
- C:\Windows\System\DGqKPYl.exe
  C:\Windows\System\DGqKPYl.exe
  2⤵
  PID:6180
- C:\Windows\System\PCVagYp.exe
  C:\Windows\System\PCVagYp.exe
  2⤵
  PID:3048
- C:\Windows\System\TTuNTAH.exe
  C:\Windows\System\TTuNTAH.exe
  2⤵
  PID:2952
- C:\Windows\System\SmvKgih.exe
  C:\Windows\System\SmvKgih.exe
  2⤵
  PID:1572
- C:\Windows\System\vCcfVVf.exe
  C:\Windows\System\vCcfVVf.exe
  2⤵
  PID:696
- C:\Windows\System\ZxCeyqr.exe
  C:\Windows\System\ZxCeyqr.exe
  2⤵
  PID:6332
- C:\Windows\System\FGgPtgD.exe
  C:\Windows\System\FGgPtgD.exe
  2⤵
  PID:6240
- C:\Windows\System\cMRNVWS.exe
  C:\Windows\System\cMRNVWS.exe
  2⤵
  PID:6220
- C:\Windows\System\kjIyUoK.exe
  C:\Windows\System\kjIyUoK.exe
  2⤵
  PID:6768
- C:\Windows\System\fgEwPsZ.exe
  C:\Windows\System\fgEwPsZ.exe
  2⤵
  PID:6608
- C:\Windows\System\BIfWTsi.exe
  C:\Windows\System\BIfWTsi.exe
  2⤵
  PID:2080
- C:\Windows\System\fXRnaHo.exe
  C:\Windows\System\fXRnaHo.exe
  2⤵
  PID:6480
- C:\Windows\System\WKrKabQ.exe
  C:\Windows\System\WKrKabQ.exe
  2⤵
  PID:6752
- C:\Windows\System\JqvZWDJ.exe
  C:\Windows\System\JqvZWDJ.exe
  2⤵
  PID:6716
- C:\Windows\System\egilPDd.exe
  C:\Windows\System\egilPDd.exe
  2⤵
  PID:6844
- C:\Windows\System\SPXIRXK.exe
  C:\Windows\System\SPXIRXK.exe
  2⤵
  PID:6992
- C:\Windows\System\KeHnGPe.exe
  C:\Windows\System\KeHnGPe.exe
  2⤵
  PID:7088
- C:\Windows\System\QHCyPOx.exe
  C:\Windows\System\QHCyPOx.exe
  2⤵
  PID:348
- C:\Windows\System\Cdfhpcs.exe
  C:\Windows\System\Cdfhpcs.exe
  2⤵
  PID:6344
- C:\Windows\System\YKXmIIR.exe
  C:\Windows\System\YKXmIIR.exe
  2⤵
  PID:7036
- C:\Windows\System\mJCaFQh.exe
  C:\Windows\System\mJCaFQh.exe
  2⤵
  PID:7040
- C:\Windows\System\dBNxmKH.exe
  C:\Windows\System\dBNxmKH.exe
  2⤵
  PID:1744
- C:\Windows\System\UGsyUsb.exe
  C:\Windows\System\UGsyUsb.exe
  2⤵
  PID:6148
- C:\Windows\System\IeqHbrN.exe
  C:\Windows\System\IeqHbrN.exe
  2⤵
  PID:6668
- C:\Windows\System\wocaRGI.exe
  C:\Windows\System\wocaRGI.exe
  2⤵
  PID:6560
- C:\Windows\System\ooRUPtw.exe
  C:\Windows\System\ooRUPtw.exe
  2⤵
  PID:2848
- C:\Windows\System\BIDQMUR.exe
  C:\Windows\System\BIDQMUR.exe
  2⤵
  PID:6812
- C:\Windows\System\igUpbnP.exe
  C:\Windows\System\igUpbnP.exe
  2⤵
  PID:6720
- C:\Windows\System\nLnubfW.exe
  C:\Windows\System\nLnubfW.exe
  2⤵
  PID:6348
- C:\Windows\System\BThyCxk.exe
  C:\Windows\System\BThyCxk.exe
  2⤵
  PID:6300
- C:\Windows\System\LOXnLpg.exe
  C:\Windows\System\LOXnLpg.exe
  2⤵
  PID:6656
- C:\Windows\System\RTGQpmy.exe
  C:\Windows\System\RTGQpmy.exe
  2⤵
  PID:6784
- C:\Windows\System\raLlclw.exe
  C:\Windows\System\raLlclw.exe
  2⤵
  PID:5776
- C:\Windows\System\UjSkuoB.exe
  C:\Windows\System\UjSkuoB.exe
  2⤵
  PID:388
- C:\Windows\System\ryiVqhS.exe
  C:\Windows\System\ryiVqhS.exe
  2⤵
  PID:6236
- C:\Windows\System\iMkCmQQ.exe
  C:\Windows\System\iMkCmQQ.exe
  2⤵
  PID:7108
- C:\Windows\System\sKeaqYW.exe
  C:\Windows\System\sKeaqYW.exe
  2⤵
  PID:1400
- C:\Windows\System\FpllTqp.exe
  C:\Windows\System\FpllTqp.exe
  2⤵
  PID:7184
- C:\Windows\System\miHbQSQ.exe
  C:\Windows\System\miHbQSQ.exe
  2⤵
  PID:7200
- C:\Windows\System\URFbPGP.exe
  C:\Windows\System\URFbPGP.exe
  2⤵
  PID:7216
- C:\Windows\System\AoPHPgP.exe
  C:\Windows\System\AoPHPgP.exe
  2⤵
  PID:7232
- C:\Windows\System\DkGnyaD.exe
  C:\Windows\System\DkGnyaD.exe
  2⤵
  PID:7248
- C:\Windows\System\rmAtVae.exe
  C:\Windows\System\rmAtVae.exe
  2⤵
  PID:7264
- C:\Windows\System\APvFVyh.exe
  C:\Windows\System\APvFVyh.exe
  2⤵
  PID:7280
- C:\Windows\System\rnKrYce.exe
  C:\Windows\System\rnKrYce.exe
  2⤵
  PID:7296
- C:\Windows\System\GOOmhDK.exe
  C:\Windows\System\GOOmhDK.exe
  2⤵
  PID:7312
- C:\Windows\System\FFxWLNL.exe
  C:\Windows\System\FFxWLNL.exe
  2⤵
  PID:7328
- C:\Windows\System\UqQSjiP.exe
  C:\Windows\System\UqQSjiP.exe
  2⤵
  PID:7344
- C:\Windows\System\Uxghjns.exe
  C:\Windows\System\Uxghjns.exe
  2⤵
  PID:7360
- C:\Windows\System\eknFgLd.exe
  C:\Windows\System\eknFgLd.exe
  2⤵
  PID:7376
- C:\Windows\System\zkZbrvc.exe
  C:\Windows\System\zkZbrvc.exe
  2⤵
  PID:7396
- C:\Windows\System\YLwxlPM.exe
  C:\Windows\System\YLwxlPM.exe
  2⤵
  PID:7412
- C:\Windows\System\qNfTLBM.exe
  C:\Windows\System\qNfTLBM.exe
  2⤵
  PID:7428
- C:\Windows\System\ASrvpAS.exe
  C:\Windows\System\ASrvpAS.exe
  2⤵
  PID:7444
- C:\Windows\System\KKTdurI.exe
  C:\Windows\System\KKTdurI.exe
  2⤵
  PID:7460
- C:\Windows\System\dTKDnco.exe
  C:\Windows\System\dTKDnco.exe
  2⤵
  PID:7476
- C:\Windows\System\cblSrKT.exe
  C:\Windows\System\cblSrKT.exe
  2⤵
  PID:7492
- C:\Windows\System\TURLMAX.exe
  C:\Windows\System\TURLMAX.exe
  2⤵
  PID:7508
- C:\Windows\System\OSmaDoZ.exe
  C:\Windows\System\OSmaDoZ.exe
  2⤵
  PID:7524
- C:\Windows\System\HthQhRL.exe
  C:\Windows\System\HthQhRL.exe
  2⤵
  PID:7540
- C:\Windows\System\XayvDUo.exe
  C:\Windows\System\XayvDUo.exe
  2⤵
  PID:7556
- C:\Windows\System\CiDkCUF.exe
  C:\Windows\System\CiDkCUF.exe
  2⤵
  PID:7572
- C:\Windows\System\zoKWKdN.exe
  C:\Windows\System\zoKWKdN.exe
  2⤵
  PID:7588
- C:\Windows\System\WqaYjKP.exe
  C:\Windows\System\WqaYjKP.exe
  2⤵
  PID:7604
- C:\Windows\System\UAOGjvc.exe
  C:\Windows\System\UAOGjvc.exe
  2⤵
  PID:7620
- C:\Windows\System\XfKuBNN.exe
  C:\Windows\System\XfKuBNN.exe
  2⤵
  PID:7636
- C:\Windows\System\EMthaCH.exe
  C:\Windows\System\EMthaCH.exe
  2⤵
  PID:7652
- C:\Windows\System\UYYtvMT.exe
  C:\Windows\System\UYYtvMT.exe
  2⤵
  PID:7668
- C:\Windows\System\ArsPzLV.exe
  C:\Windows\System\ArsPzLV.exe
  2⤵
  PID:7684
- C:\Windows\System\LbuhOBz.exe
  C:\Windows\System\LbuhOBz.exe
  2⤵
  PID:7700
- C:\Windows\System\kZtZVNE.exe
  C:\Windows\System\kZtZVNE.exe
  2⤵
  PID:7716
- C:\Windows\System\qCztLtY.exe
  C:\Windows\System\qCztLtY.exe
  2⤵
  PID:7732
- C:\Windows\System\xIgYlaT.exe
  C:\Windows\System\xIgYlaT.exe
  2⤵
  PID:7748
- C:\Windows\System\AiyxvoT.exe
  C:\Windows\System\AiyxvoT.exe
  2⤵
  PID:7764
- C:\Windows\System\OolcBmV.exe
  C:\Windows\System\OolcBmV.exe
  2⤵
  PID:7780
- C:\Windows\System\frtbqIy.exe
  C:\Windows\System\frtbqIy.exe
  2⤵
  PID:7796
- C:\Windows\System\UyKBeSu.exe
  C:\Windows\System\UyKBeSu.exe
  2⤵
  PID:7812
- C:\Windows\System\VjzPOBu.exe
  C:\Windows\System\VjzPOBu.exe
  2⤵
  PID:7828
- C:\Windows\System\EIbmAPX.exe
  C:\Windows\System\EIbmAPX.exe
  2⤵
  PID:7844
- C:\Windows\System\VucWqpj.exe
  C:\Windows\System\VucWqpj.exe
  2⤵
  PID:7860
- C:\Windows\System\YDVzTaA.exe
  C:\Windows\System\YDVzTaA.exe
  2⤵
  PID:7876
- C:\Windows\System\xyhpdDn.exe
  C:\Windows\System\xyhpdDn.exe
  2⤵
  PID:7892
- C:\Windows\System\nlAYZXC.exe
  C:\Windows\System\nlAYZXC.exe
  2⤵
  PID:7908
- C:\Windows\System\tQtWDYJ.exe
  C:\Windows\System\tQtWDYJ.exe
  2⤵
  PID:7924
- C:\Windows\System\XIGdWXk.exe
  C:\Windows\System\XIGdWXk.exe
  2⤵
  PID:7940
- C:\Windows\System\oPPKwoG.exe
  C:\Windows\System\oPPKwoG.exe
  2⤵
  PID:7956
- C:\Windows\System\DLrGger.exe
  C:\Windows\System\DLrGger.exe
  2⤵
  PID:7972
- C:\Windows\System\QdPNrmz.exe
  C:\Windows\System\QdPNrmz.exe
  2⤵
  PID:7988
- C:\Windows\System\swIPumo.exe
  C:\Windows\System\swIPumo.exe
  2⤵
  PID:8004
- C:\Windows\System\VspSkZm.exe
  C:\Windows\System\VspSkZm.exe
  2⤵
  PID:8020
- C:\Windows\System\qORhVzR.exe
  C:\Windows\System\qORhVzR.exe
  2⤵
  PID:8036
- C:\Windows\System\CkVWrXW.exe
  C:\Windows\System\CkVWrXW.exe
  2⤵
  PID:8052
- C:\Windows\System\sasNIPx.exe
  C:\Windows\System\sasNIPx.exe
  2⤵
  PID:8068
- C:\Windows\System\ZPbUapP.exe
  C:\Windows\System\ZPbUapP.exe
  2⤵
  PID:8084
- C:\Windows\System\RXBCIEP.exe
  C:\Windows\System\RXBCIEP.exe
  2⤵
  PID:8100
- C:\Windows\System\QFnZRtB.exe
  C:\Windows\System\QFnZRtB.exe
  2⤵
  PID:8116
- C:\Windows\System\lQnqaJD.exe
  C:\Windows\System\lQnqaJD.exe
  2⤵
  PID:8132
- C:\Windows\System\DuhnLIs.exe
  C:\Windows\System\DuhnLIs.exe
  2⤵
  PID:8148
- C:\Windows\System\OMmishE.exe
  C:\Windows\System\OMmishE.exe
  2⤵
  PID:8164
- C:\Windows\System\AngAyRu.exe
  C:\Windows\System\AngAyRu.exe
  2⤵
  PID:8180
- C:\Windows\System\daZVtOs.exe
  C:\Windows\System\daZVtOs.exe
  2⤵
  PID:2136
- C:\Windows\System\QusEPoR.exe
  C:\Windows\System\QusEPoR.exe
  2⤵
  PID:1144
- C:\Windows\System\IQlbrKM.exe
  C:\Windows\System\IQlbrKM.exe
  2⤵
  PID:7288
- C:\Windows\System\BsPhRvX.exe
  C:\Windows\System\BsPhRvX.exe
  2⤵
  PID:7352
- C:\Windows\System\MOVHqBC.exe
  C:\Windows\System\MOVHqBC.exe
  2⤵
  PID:1496
- C:\Windows\System\lbocBvh.exe
  C:\Windows\System\lbocBvh.exe
  2⤵
  PID:7456
- C:\Windows\System\JRcHlUW.exe
  C:\Windows\System\JRcHlUW.exe
  2⤵
  PID:7308
- C:\Windows\System\JqbhrAj.exe
  C:\Windows\System\JqbhrAj.exe
  2⤵
  PID:7240
- C:\Windows\System\LDiXUpq.exe
  C:\Windows\System\LDiXUpq.exe
  2⤵
  PID:6988
- C:\Windows\System\tgneADN.exe
  C:\Windows\System\tgneADN.exe
  2⤵
  PID:7180
- C:\Windows\System\oRKsrad.exe
  C:\Windows\System\oRKsrad.exe
  2⤵
  PID:7580
- C:\Windows\System\rYgjdYU.exe
  C:\Windows\System\rYgjdYU.exe
  2⤵
  PID:7468
- C:\Windows\System\jCGeXYY.exe
  C:\Windows\System\jCGeXYY.exe
  2⤵
  PID:7500
- C:\Windows\System\qIQmbnW.exe
  C:\Windows\System\qIQmbnW.exe
  2⤵
  PID:7368
- C:\Windows\System\aNCUfBM.exe
  C:\Windows\System\aNCUfBM.exe
  2⤵
  PID:7616
- C:\Windows\System\FWfUxle.exe
  C:\Windows\System\FWfUxle.exe
  2⤵
  PID:7536
- C:\Windows\System\DzCKeMH.exe
  C:\Windows\System\DzCKeMH.exe
  2⤵
  PID:7680
- C:\Windows\System\AUtULNJ.exe
  C:\Windows\System\AUtULNJ.exe
  2⤵
  PID:7744
- C:\Windows\System\Ahjcnwy.exe
  C:\Windows\System\Ahjcnwy.exe
  2⤵
  PID:7596
- C:\Windows\System\rrImLNP.exe
  C:\Windows\System\rrImLNP.exe
  2⤵
  PID:7804
- C:\Windows\System\zuUWhWT.exe
  C:\Windows\System\zuUWhWT.exe
  2⤵
  PID:7664
- C:\Windows\System\RstNmxu.exe
  C:\Windows\System\RstNmxu.exe
  2⤵
  PID:7788
- C:\Windows\System\LwLfCzJ.exe
  C:\Windows\System\LwLfCzJ.exe
  2⤵
  PID:7840
- C:\Windows\System\dODibiI.exe
  C:\Windows\System\dODibiI.exe
  2⤵
  PID:7900
- C:\Windows\System\zmvQvCB.exe
  C:\Windows\System\zmvQvCB.exe
  2⤵
  PID:7884
- C:\Windows\System\IfOzWyN.exe
  C:\Windows\System\IfOzWyN.exe
  2⤵
  PID:7904
- C:\Windows\System\nePxaqd.exe
  C:\Windows\System\nePxaqd.exe
  2⤵
  PID:7968
- C:\Windows\System\NjOtZJZ.exe
  C:\Windows\System\NjOtZJZ.exe
  2⤵
  PID:8032
- C:\Windows\System\XWJcqLl.exe
  C:\Windows\System\XWJcqLl.exe
  2⤵
  PID:8092
- C:\Windows\System\lLHMvAm.exe
  C:\Windows\System\lLHMvAm.exe
  2⤵
  PID:8156
- C:\Windows\System\inlHEQn.exe
  C:\Windows\System\inlHEQn.exe
  2⤵
  PID:7920
- C:\Windows\System\NmuSMLU.exe
  C:\Windows\System\NmuSMLU.exe
  2⤵
  PID:7984
- C:\Windows\System\hGRavqn.exe
  C:\Windows\System\hGRavqn.exe
  2⤵
  PID:8048
- C:\Windows\System\aLUwQXn.exe
  C:\Windows\System\aLUwQXn.exe
  2⤵
  PID:8144
- C:\Windows\System\ChtsQJH.exe
  C:\Windows\System\ChtsQJH.exe
  2⤵
  PID:6260
- C:\Windows\System\RKmpskV.exe
  C:\Windows\System\RKmpskV.exe
  2⤵
  PID:7260
- C:\Windows\System\FAZuAyE.exe
  C:\Windows\System\FAZuAyE.exe
  2⤵
  PID:7516
- C:\Windows\System\rlhqEDC.exe
  C:\Windows\System\rlhqEDC.exe
  2⤵
  PID:7404
- C:\Windows\System\cmAKlwQ.exe
  C:\Windows\System\cmAKlwQ.exe
  2⤵
  PID:7552
- C:\Windows\System\SetADGB.exe
  C:\Windows\System\SetADGB.exe
  2⤵
  PID:7776
- C:\Windows\System\RDCAtFD.exe
  C:\Windows\System\RDCAtFD.exe
  2⤵
  PID:7696
- C:\Windows\System\dVedYnK.exe
  C:\Windows\System\dVedYnK.exe
  2⤵
  PID:7936
- C:\Windows\System\lUbJCNy.exe
  C:\Windows\System\lUbJCNy.exe
  2⤵
  PID:8188
- C:\Windows\System\scPTyTI.exe
  C:\Windows\System\scPTyTI.exe
  2⤵
  PID:7224
- C:\Windows\System\VQLcVYI.exe
  C:\Windows\System\VQLcVYI.exe
  2⤵
  PID:1548
- C:\Windows\System\AAUtADn.exe
  C:\Windows\System\AAUtADn.exe
  2⤵
  PID:8028
- C:\Windows\System\YAxOUTY.exe
  C:\Windows\System\YAxOUTY.exe
  2⤵
  PID:7612
- C:\Windows\System\oWyfyWW.exe
  C:\Windows\System\oWyfyWW.exe
  2⤵
  PID:5640
- C:\Windows\System\DScqOvr.exe
  C:\Windows\System\DScqOvr.exe
  2⤵
  PID:7440
- C:\Windows\System\UssljFd.exe
  C:\Windows\System\UssljFd.exe
  2⤵
  PID:7740
- C:\Windows\System\xlVwKyA.exe
  C:\Windows\System\xlVwKyA.exe
  2⤵
  PID:7868
- C:\Windows\System\hXZGztA.exe
  C:\Windows\System\hXZGztA.exe
  2⤵
  PID:8128
- C:\Windows\System\mIRiINf.exe
  C:\Windows\System\mIRiINf.exe
  2⤵
  PID:7324
- C:\Windows\System\IowlQbf.exe
  C:\Windows\System\IowlQbf.exe
  2⤵
  PID:7272
- C:\Windows\System\bDAOhCd.exe
  C:\Windows\System\bDAOhCd.exe
  2⤵
  PID:8060
- C:\Windows\System\QNKcIln.exe
  C:\Windows\System\QNKcIln.exe
  2⤵
  PID:7820
- C:\Windows\System\qbhzAgw.exe
  C:\Windows\System\qbhzAgw.exe
  2⤵
  PID:7320
- C:\Windows\System\eSiVdNh.exe
  C:\Windows\System\eSiVdNh.exe
  2⤵
  PID:7424
- C:\Windows\System\OcCpyqA.exe
  C:\Windows\System\OcCpyqA.exe
  2⤵
  PID:8112
- C:\Windows\System\KhqUZYv.exe
  C:\Windows\System\KhqUZYv.exe
  2⤵
  PID:8064
- C:\Windows\System\BGeJcqF.exe
  C:\Windows\System\BGeJcqF.exe
  2⤵
  PID:7756
- C:\Windows\System\tEcfdic.exe
  C:\Windows\System\tEcfdic.exe
  2⤵
  PID:8208
- C:\Windows\System\aQPWNJJ.exe
  C:\Windows\System\aQPWNJJ.exe
  2⤵
  PID:8224
- C:\Windows\System\kjnjrHB.exe
  C:\Windows\System\kjnjrHB.exe
  2⤵
  PID:8240
- C:\Windows\System\zfFQjNm.exe
  C:\Windows\System\zfFQjNm.exe
  2⤵
  PID:8256
- C:\Windows\System\XeMqzac.exe
  C:\Windows\System\XeMqzac.exe
  2⤵
  PID:8272
- C:\Windows\System\RZDhUFi.exe
  C:\Windows\System\RZDhUFi.exe
  2⤵
  PID:8288
- C:\Windows\System\msXBMMq.exe
  C:\Windows\System\msXBMMq.exe
  2⤵
  PID:8304
- C:\Windows\System\rpPQAoW.exe
  C:\Windows\System\rpPQAoW.exe
  2⤵
  PID:8320
- C:\Windows\System\uGyvAjV.exe
  C:\Windows\System\uGyvAjV.exe
  2⤵
  PID:8336
- C:\Windows\System\DKOcyGh.exe
  C:\Windows\System\DKOcyGh.exe
  2⤵
  PID:8352
- C:\Windows\System\iCPGeTc.exe
  C:\Windows\System\iCPGeTc.exe
  2⤵
  PID:8368
- C:\Windows\System\XqPTuuV.exe
  C:\Windows\System\XqPTuuV.exe
  2⤵
  PID:8384
- C:\Windows\System\roGROPr.exe
  C:\Windows\System\roGROPr.exe
  2⤵
  PID:8400
- C:\Windows\System\HtiLjRx.exe
  C:\Windows\System\HtiLjRx.exe
  2⤵
  PID:8416
- C:\Windows\System\rRBEyaN.exe
  C:\Windows\System\rRBEyaN.exe
  2⤵
  PID:8432
- C:\Windows\System\pbkfTbQ.exe
  C:\Windows\System\pbkfTbQ.exe
  2⤵
  PID:8448
- C:\Windows\System\thhtOiV.exe
  C:\Windows\System\thhtOiV.exe
  2⤵
  PID:8464
- C:\Windows\System\yxBXATs.exe
  C:\Windows\System\yxBXATs.exe
  2⤵
  PID:8480
- C:\Windows\System\UGWXwOW.exe
  C:\Windows\System\UGWXwOW.exe
  2⤵
  PID:8496
- C:\Windows\System\wPvLHoR.exe
  C:\Windows\System\wPvLHoR.exe
  2⤵
  PID:8512
- C:\Windows\System\McQHAfH.exe
  C:\Windows\System\McQHAfH.exe
  2⤵
  PID:8528
- C:\Windows\System\KNDAMUy.exe
  C:\Windows\System\KNDAMUy.exe
  2⤵
  PID:8544
- C:\Windows\System\HVvpOuf.exe
  C:\Windows\System\HVvpOuf.exe
  2⤵
  PID:8560
- C:\Windows\System\xYiLfTM.exe
  C:\Windows\System\xYiLfTM.exe
  2⤵
  PID:8576
- C:\Windows\System\NkrNBob.exe
  C:\Windows\System\NkrNBob.exe
  2⤵
  PID:8592
- C:\Windows\System\YfhHHKl.exe
  C:\Windows\System\YfhHHKl.exe
  2⤵
  PID:8608
- C:\Windows\System\lSjcqph.exe
  C:\Windows\System\lSjcqph.exe
  2⤵
  PID:8624
- C:\Windows\System\bpOTGpq.exe
  C:\Windows\System\bpOTGpq.exe
  2⤵
  PID:8640
- C:\Windows\System\Tnrqsxl.exe
  C:\Windows\System\Tnrqsxl.exe
  2⤵
  PID:8656
- C:\Windows\System\JzkKeRn.exe
  C:\Windows\System\JzkKeRn.exe
  2⤵
  PID:8672
- C:\Windows\System\YmgYVoj.exe
  C:\Windows\System\YmgYVoj.exe
  2⤵
  PID:8688
- C:\Windows\System\JwwHXZT.exe
  C:\Windows\System\JwwHXZT.exe
  2⤵
  PID:8704
- C:\Windows\System\nIsKCxp.exe
  C:\Windows\System\nIsKCxp.exe
  2⤵
  PID:8728
- C:\Windows\System\cBvBwmr.exe
  C:\Windows\System\cBvBwmr.exe
  2⤵
  PID:8744
- C:\Windows\System\xcHQhUi.exe
  C:\Windows\System\xcHQhUi.exe
  2⤵
  PID:8768
- C:\Windows\System\QqwMSok.exe
  C:\Windows\System\QqwMSok.exe
  2⤵
  PID:8784
- C:\Windows\System\qOwqRVS.exe
  C:\Windows\System\qOwqRVS.exe
  2⤵
  PID:8800
- C:\Windows\System\mUBNJeo.exe
  C:\Windows\System\mUBNJeo.exe
  2⤵
  PID:8816
- C:\Windows\System\oUCXHbO.exe
  C:\Windows\System\oUCXHbO.exe
  2⤵
  PID:8840
- C:\Windows\System\rtJtXIE.exe
  C:\Windows\System\rtJtXIE.exe
  2⤵
  PID:8860
- C:\Windows\System\pEWSFrm.exe
  C:\Windows\System\pEWSFrm.exe
  2⤵
  PID:8876
- C:\Windows\System\aOZrwOD.exe
  C:\Windows\System\aOZrwOD.exe
  2⤵
  PID:8892
- C:\Windows\System\ECxBMSG.exe
  C:\Windows\System\ECxBMSG.exe
  2⤵
  PID:8908
- C:\Windows\System\YPoZyon.exe
  C:\Windows\System\YPoZyon.exe
  2⤵
  PID:8924
- C:\Windows\System\PmqZtem.exe
  C:\Windows\System\PmqZtem.exe
  2⤵
  PID:8940
- C:\Windows\System\ZJrEJhP.exe
  C:\Windows\System\ZJrEJhP.exe
  2⤵
  PID:8976
- C:\Windows\System\JjbXcBJ.exe
  C:\Windows\System\JjbXcBJ.exe
  2⤵
  PID:9136
- C:\Windows\System\wVxPYYV.exe
  C:\Windows\System\wVxPYYV.exe
  2⤵
  PID:9156
- C:\Windows\System\SXfWoNc.exe
  C:\Windows\System\SXfWoNc.exe
  2⤵
  PID:9196
- C:\Windows\System\PkJchrJ.exe
  C:\Windows\System\PkJchrJ.exe
  2⤵
  PID:8280
- C:\Windows\System\DUjhjmM.exe
  C:\Windows\System\DUjhjmM.exe
  2⤵
  PID:7856
- C:\Windows\System\NVDzhHh.exe
  C:\Windows\System\NVDzhHh.exe
  2⤵
  PID:7488
- C:\Windows\System\snSEuez.exe
  C:\Windows\System\snSEuez.exe
  2⤵
  PID:8204
- C:\Windows\System\miyiDsr.exe
  C:\Windows\System\miyiDsr.exe
  2⤵
  PID:8300
- C:\Windows\System\DaJqksp.exe
  C:\Windows\System\DaJqksp.exe
  2⤵
  PID:8364
- C:\Windows\System\TxEOyJH.exe
  C:\Windows\System\TxEOyJH.exe
  2⤵
  PID:1716
- C:\Windows\System\hADaWzZ.exe
  C:\Windows\System\hADaWzZ.exe
  2⤵
  PID:8396
- C:\Windows\System\wtyZgRp.exe
  C:\Windows\System\wtyZgRp.exe
  2⤵
  PID:8232
- C:\Windows\System\OiaDeBW.exe
  C:\Windows\System\OiaDeBW.exe
  2⤵
  PID:7888
- C:\Windows\System\JyZAOdP.exe
  C:\Windows\System\JyZAOdP.exe
  2⤵
  PID:8428
- C:\Windows\System\zOsWylb.exe
  C:\Windows\System\zOsWylb.exe
  2⤵
  PID:8504
- C:\Windows\System\tqPCZeW.exe
  C:\Windows\System\tqPCZeW.exe
  2⤵
  PID:8540
- C:\Windows\System\ufXDfnJ.exe
  C:\Windows\System\ufXDfnJ.exe
  2⤵
  PID:8572
- C:\Windows\System\EtQsjqA.exe
  C:\Windows\System\EtQsjqA.exe
  2⤵
  PID:8664
- C:\Windows\System\uHiEMau.exe
  C:\Windows\System\uHiEMau.exe
  2⤵
  PID:8556
- C:\Windows\System\eOpJdpf.exe
  C:\Windows\System\eOpJdpf.exe
  2⤵
  PID:8668
- C:\Windows\System\zXtgUDu.exe
  C:\Windows\System\zXtgUDu.exe
  2⤵
  PID:8700
- C:\Windows\System\evnCzEX.exe
  C:\Windows\System\evnCzEX.exe
  2⤵
  PID:8776
- C:\Windows\System\GrzQVFj.exe
  C:\Windows\System\GrzQVFj.exe
  2⤵
  PID:8720
- C:\Windows\System\wyRMhxp.exe
  C:\Windows\System\wyRMhxp.exe
  2⤵
  PID:8712
- C:\Windows\System\MLAlXSF.exe
  C:\Windows\System\MLAlXSF.exe
  2⤵
  PID:8796
- C:\Windows\System\dbFucdN.exe
  C:\Windows\System\dbFucdN.exe
  2⤵
  PID:8852
- C:\Windows\System\RQYzHlG.exe
  C:\Windows\System\RQYzHlG.exe
  2⤵
  PID:8868
- C:\Windows\System\eaeBvFD.exe
  C:\Windows\System\eaeBvFD.exe
  2⤵
  PID:8900
- C:\Windows\System\pqyhekG.exe
  C:\Windows\System\pqyhekG.exe
  2⤵
  PID:8932
- C:\Windows\System\wzGGXzT.exe
  C:\Windows\System\wzGGXzT.exe
  2⤵
  PID:8956
- C:\Windows\System\LGPzGbo.exe
  C:\Windows\System\LGPzGbo.exe
  2⤵
  PID:8972
- C:\Windows\System\QqaMoCX.exe
  C:\Windows\System\QqaMoCX.exe
  2⤵
  PID:8996
- C:\Windows\System\knoIFgu.exe
  C:\Windows\System\knoIFgu.exe
  2⤵
  PID:9012
- C:\Windows\System\uAqKIkz.exe
  C:\Windows\System\uAqKIkz.exe
  2⤵
  PID:9028
- C:\Windows\System\CuBkWHJ.exe
  C:\Windows\System\CuBkWHJ.exe
  2⤵
  PID:9044
- C:\Windows\System\DjNCxNj.exe
  C:\Windows\System\DjNCxNj.exe
  2⤵
  PID:9060
- C:\Windows\System\dGxMpRw.exe
  C:\Windows\System\dGxMpRw.exe
  2⤵
  PID:9080
- C:\Windows\System\SKRUrIn.exe
  C:\Windows\System\SKRUrIn.exe
  2⤵
  PID:9096
- C:\Windows\System\lKBVEwl.exe
  C:\Windows\System\lKBVEwl.exe
  2⤵
  PID:9112
- C:\Windows\System\acqhyxE.exe
  C:\Windows\System\acqhyxE.exe
  2⤵
  PID:9148
- C:\Windows\System\POAbPbh.exe
  C:\Windows\System\POAbPbh.exe
  2⤵
  PID:9120
- C:\Windows\System\hLQlxPz.exe
  C:\Windows\System\hLQlxPz.exe
  2⤵
  PID:9164
- C:\Windows\System\QoGmpFe.exe
  C:\Windows\System\QoGmpFe.exe
  2⤵
  PID:9184
- C:\Windows\System\ilVWsRt.exe
  C:\Windows\System\ilVWsRt.exe
  2⤵
  PID:9212
- C:\Windows\System\bjIQaiZ.exe
  C:\Windows\System\bjIQaiZ.exe
  2⤵
  PID:8216
- C:\Windows\System\MlyqnwX.exe
  C:\Windows\System\MlyqnwX.exe
  2⤵
  PID:7452
- C:\Windows\System\fMVQYTp.exe
  C:\Windows\System\fMVQYTp.exe
  2⤵
  PID:8344
- C:\Windows\System\FhBLbJG.exe
  C:\Windows\System\FhBLbJG.exe
  2⤵
  PID:8376
- C:\Windows\System\YHfuobk.exe
  C:\Windows\System\YHfuobk.exe
  2⤵
  PID:8264
- C:\Windows\System\VPvYsiD.exe
  C:\Windows\System\VPvYsiD.exe
  2⤵
  PID:7276
- C:\Windows\System\PlEyNAi.exe
  C:\Windows\System\PlEyNAi.exe
  2⤵
  PID:8332
- C:\Windows\System\OMmWHgq.exe
  C:\Windows\System\OMmWHgq.exe
  2⤵
  PID:8632
- C:\Windows\System\nqvHSAW.exe
  C:\Windows\System\nqvHSAW.exe
  2⤵
  PID:8360
- C:\Windows\System\yZBBznF.exe
  C:\Windows\System\yZBBznF.exe
  2⤵
  PID:8760
- C:\Windows\System\KihTUcg.exe
  C:\Windows\System\KihTUcg.exe
  2⤵
  PID:8696
- C:\Windows\System\cHEeqqS.exe
  C:\Windows\System\cHEeqqS.exe
  2⤵
  PID:7712
- C:\Windows\System\gIBlQjz.exe
  C:\Windows\System\gIBlQjz.exe
  2⤵
  PID:8524
- C:\Windows\System\oVtyLgt.exe
  C:\Windows\System\oVtyLgt.exe
  2⤵
  PID:8848
- C:\Windows\System\mzwSbqU.exe
  C:\Windows\System\mzwSbqU.exe
  2⤵
  PID:8952
- C:\Windows\System\FhIrGBJ.exe
  C:\Windows\System\FhIrGBJ.exe
  2⤵
  PID:9024
- C:\Windows\System\QeMoqJF.exe
  C:\Windows\System\QeMoqJF.exe
  2⤵
  PID:9092
- C:\Windows\System\DlAhbbc.exe
  C:\Windows\System\DlAhbbc.exe
  2⤵
  PID:9172
- C:\Windows\System\JxnBQMm.exe
  C:\Windows\System\JxnBQMm.exe
  2⤵
  PID:9208
- C:\Windows\System\rFGVIjF.exe
  C:\Windows\System\rFGVIjF.exe
  2⤵
  PID:1708
- C:\Windows\System\KNVKlvK.exe
  C:\Windows\System\KNVKlvK.exe
  2⤵
  PID:9004
- C:\Windows\System\ubzCbCI.exe
  C:\Windows\System\ubzCbCI.exe
  2⤵
  PID:9068
- C:\Windows\System\uSVQgkX.exe
  C:\Windows\System\uSVQgkX.exe
  2⤵
  PID:2548
- C:\Windows\System\inqwZbW.exe
  C:\Windows\System\inqwZbW.exe
  2⤵
  PID:2092
- C:\Windows\System\PiXILIQ.exe
  C:\Windows\System\PiXILIQ.exe
  2⤵
  PID:8920
- C:\Windows\System\niUbCnj.exe
  C:\Windows\System\niUbCnj.exe
  2⤵
  PID:8988
- C:\Windows\System\SUZqzEY.exe
  C:\Windows\System\SUZqzEY.exe
  2⤵
  PID:8296
- C:\Windows\System\lnPuulv.exe
  C:\Windows\System\lnPuulv.exe
  2⤵
  PID:8460
- C:\Windows\System\ZwnmFrm.exe
  C:\Windows\System\ZwnmFrm.exe
  2⤵
  PID:9020
- C:\Windows\System\zxEiZYo.exe
  C:\Windows\System\zxEiZYo.exe
  2⤵
  PID:9144
- C:\Windows\System\NcxXQdY.exe
  C:\Windows\System\NcxXQdY.exe
  2⤵
  PID:8472
- C:\Windows\System\KyhEOFc.exe
  C:\Windows\System\KyhEOFc.exe
  2⤵
  PID:8268
- C:\Windows\System\yqHDgDq.exe
  C:\Windows\System\yqHDgDq.exe
  2⤵
  PID:8620
- C:\Windows\System\IQupvCl.exe
  C:\Windows\System\IQupvCl.exe
  2⤵
  PID:9088
- C:\Windows\System\NpDtmOo.exe
  C:\Windows\System\NpDtmOo.exe
  2⤵
  PID:8968
- C:\Windows\System\rEngkEO.exe
  C:\Windows\System\rEngkEO.exe
  2⤵
  PID:8140
- C:\Windows\System\WnhlnOa.exe
  C:\Windows\System\WnhlnOa.exe
  2⤵
  PID:7340
- C:\Windows\System\qHzpabQ.exe
  C:\Windows\System\qHzpabQ.exe
  2⤵
  PID:8248
- C:\Windows\System\RGYbQIB.exe
  C:\Windows\System\RGYbQIB.exe
  2⤵
  PID:8316
- C:\Windows\System\rSuvktA.exe
  C:\Windows\System\rSuvktA.exe
  2⤵
  PID:8856
- C:\Windows\System\lPIBKuN.exe
  C:\Windows\System\lPIBKuN.exe
  2⤵
  PID:8916
- C:\Windows\System\JNKrefY.exe
  C:\Windows\System\JNKrefY.exe
  2⤵
  PID:9056
- C:\Windows\System\HTvQlra.exe
  C:\Windows\System\HTvQlra.exe
  2⤵
  PID:9220
- C:\Windows\System\OHKcmQW.exe
  C:\Windows\System\OHKcmQW.exe
  2⤵
  PID:9236
- C:\Windows\System\ShMxsng.exe
  C:\Windows\System\ShMxsng.exe
  2⤵
  PID:9252
- C:\Windows\System\JGHFwgh.exe
  C:\Windows\System\JGHFwgh.exe
  2⤵
  PID:9268
- C:\Windows\System\XEdbQIt.exe
  C:\Windows\System\XEdbQIt.exe
  2⤵
  PID:9284
- C:\Windows\System\ZjbMWrV.exe
  C:\Windows\System\ZjbMWrV.exe
  2⤵
  PID:9300
- C:\Windows\System\Ouyoiwt.exe
  C:\Windows\System\Ouyoiwt.exe
  2⤵
  PID:9316
- C:\Windows\System\mmCEqMx.exe
  C:\Windows\System\mmCEqMx.exe
  2⤵
  PID:9336
- C:\Windows\System\DuawMsK.exe
  C:\Windows\System\DuawMsK.exe
  2⤵
  PID:9360
- C:\Windows\System\vXpBNtK.exe
  C:\Windows\System\vXpBNtK.exe
  2⤵
  PID:9376
- C:\Windows\System\pgFmnye.exe
  C:\Windows\System\pgFmnye.exe
  2⤵
  PID:9392
- C:\Windows\System\hSXmdHi.exe
  C:\Windows\System\hSXmdHi.exe
  2⤵
  PID:9408
- C:\Windows\System\muRNHWz.exe
  C:\Windows\System\muRNHWz.exe
  2⤵
  PID:9424
- C:\Windows\System\sDLFgHS.exe
  C:\Windows\System\sDLFgHS.exe
  2⤵
  PID:9440
- C:\Windows\System\ZiLieCH.exe
  C:\Windows\System\ZiLieCH.exe
  2⤵
  PID:9456
- C:\Windows\System\gidHOLl.exe
  C:\Windows\System\gidHOLl.exe
  2⤵
  PID:9472
- C:\Windows\System\mCTWiCi.exe
  C:\Windows\System\mCTWiCi.exe
  2⤵
  PID:9492
- C:\Windows\System\RjBQVwP.exe
  C:\Windows\System\RjBQVwP.exe
  2⤵
  PID:9508
- C:\Windows\System\bkzQGcg.exe
  C:\Windows\System\bkzQGcg.exe
  2⤵
  PID:9524
- C:\Windows\System\wdFhVob.exe
  C:\Windows\System\wdFhVob.exe
  2⤵
  PID:9540
- C:\Windows\System\NowkiEf.exe
  C:\Windows\System\NowkiEf.exe
  2⤵
  PID:9556
- C:\Windows\System\pVDAyBY.exe
  C:\Windows\System\pVDAyBY.exe
  2⤵
  PID:9572
- C:\Windows\System\NonYbFq.exe
  C:\Windows\System\NonYbFq.exe
  2⤵
  PID:9588
- C:\Windows\System\WnUcwbP.exe
  C:\Windows\System\WnUcwbP.exe
  2⤵
  PID:9604
- C:\Windows\System\zkJdYxk.exe
  C:\Windows\System\zkJdYxk.exe
  2⤵
  PID:9620
- C:\Windows\System\cupisMP.exe
  C:\Windows\System\cupisMP.exe
  2⤵
  PID:9636
- C:\Windows\System\QqEcGaO.exe
  C:\Windows\System\QqEcGaO.exe
  2⤵
  PID:9652
- C:\Windows\System\gpJxdtw.exe
  C:\Windows\System\gpJxdtw.exe
  2⤵
  PID:9668
- C:\Windows\System\huYztak.exe
  C:\Windows\System\huYztak.exe
  2⤵
  PID:9684
- C:\Windows\System\iZIuReR.exe
  C:\Windows\System\iZIuReR.exe
  2⤵
  PID:9700
- C:\Windows\System\QMzTlqf.exe
  C:\Windows\System\QMzTlqf.exe
  2⤵
  PID:9716
- C:\Windows\System\iyDicim.exe
  C:\Windows\System\iyDicim.exe
  2⤵
  PID:9936
- C:\Windows\System\GtwDeDb.exe
  C:\Windows\System\GtwDeDb.exe
  2⤵
  PID:9952
- C:\Windows\System\KfbVUUt.exe
  C:\Windows\System\KfbVUUt.exe
  2⤵
  PID:9968
- C:\Windows\System\RSVBtOn.exe
  C:\Windows\System\RSVBtOn.exe
  2⤵
  PID:9992
- C:\Windows\System\oKskTOk.exe
  C:\Windows\System\oKskTOk.exe
  2⤵
  PID:10008
- C:\Windows\System\taZjpDE.exe
  C:\Windows\System\taZjpDE.exe
  2⤵
  PID:10028
- C:\Windows\System\ZJgKibH.exe
  C:\Windows\System\ZJgKibH.exe
  2⤵
  PID:10044
- C:\Windows\System\vSzodem.exe
  C:\Windows\System\vSzodem.exe
  2⤵
  PID:10060
- C:\Windows\System\ftNZxiA.exe
  C:\Windows\System\ftNZxiA.exe
  2⤵
  PID:10080
- C:\Windows\System\jyeIKOp.exe
  C:\Windows\System\jyeIKOp.exe
  2⤵
  PID:10096
- C:\Windows\System\kCaLboR.exe
  C:\Windows\System\kCaLboR.exe
  2⤵
  PID:10112
- C:\Windows\System\zUcgkli.exe
  C:\Windows\System\zUcgkli.exe
  2⤵
  PID:10140
- C:\Windows\System\LIkzrHZ.exe
  C:\Windows\System\LIkzrHZ.exe
  2⤵
  PID:10156
- C:\Windows\System\aQbTNCg.exe
  C:\Windows\System\aQbTNCg.exe
  2⤵
  PID:10172
- C:\Windows\System\VgYozkT.exe
  C:\Windows\System\VgYozkT.exe
  2⤵
  PID:9040
- C:\Windows\System\XgzNtcm.exe
  C:\Windows\System\XgzNtcm.exe
  2⤵
  PID:9292
- C:\Windows\System\tOPnSOd.exe
  C:\Windows\System\tOPnSOd.exe
  2⤵
  PID:7772
- C:\Windows\System\jnejamO.exe
  C:\Windows\System\jnejamO.exe
  2⤵
  PID:9312
- C:\Windows\System\LZUfdnp.exe
  C:\Windows\System\LZUfdnp.exe
  2⤵
  PID:9404
- C:\Windows\System\gsKwkzK.exe
  C:\Windows\System\gsKwkzK.exe
  2⤵
  PID:9468
- C:\Windows\System\tWvYFMo.exe
  C:\Windows\System\tWvYFMo.exe
  2⤵
  PID:9532
- C:\Windows\System\IgninuF.exe
  C:\Windows\System\IgninuF.exe
  2⤵
  PID:9600
- C:\Windows\System\JVpuBob.exe
  C:\Windows\System\JVpuBob.exe
  2⤵
  PID:9664
- C:\Windows\System\EzOAHHk.exe
  C:\Windows\System\EzOAHHk.exe
  2⤵
  PID:9680
- C:\Windows\System\kAtsqAP.exe
  C:\Windows\System\kAtsqAP.exe
  2⤵
  PID:9416
- C:\Windows\System\oVvotCB.exe
  C:\Windows\System\oVvotCB.exe
  2⤵
  PID:9480
- C:\Windows\System\oFrcMgI.exe
  C:\Windows\System\oFrcMgI.exe
  2⤵
  PID:9616
- C:\Windows\System\PNRKGVL.exe
  C:\Windows\System\PNRKGVL.exe
  2⤵
  PID:9724
- C:\Windows\System\ayALKnC.exe
  C:\Windows\System\ayALKnC.exe
  2⤵
  PID:9744
- C:\Windows\System\zZeaohH.exe
  C:\Windows\System\zZeaohH.exe
  2⤵
  PID:9760
- C:\Windows\System\xRwFhyU.exe
  C:\Windows\System\xRwFhyU.exe
  2⤵
  PID:9776
- C:\Windows\System\VbOYdfV.exe
  C:\Windows\System\VbOYdfV.exe
  2⤵
  PID:9796
- C:\Windows\System\pRYzEFk.exe
  C:\Windows\System\pRYzEFk.exe
  2⤵
  PID:9812
- C:\Windows\System\owYkpeM.exe
  C:\Windows\System\owYkpeM.exe
  2⤵
  PID:9828
- C:\Windows\System\zRPxIxk.exe
  C:\Windows\System\zRPxIxk.exe
  2⤵
  PID:9848
- C:\Windows\System\loIToUy.exe
  C:\Windows\System\loIToUy.exe
  2⤵
  PID:9864
- C:\Windows\System\kVMxxeu.exe
  C:\Windows\System\kVMxxeu.exe
  2⤵
  PID:9876
- C:\Windows\System\rHmpECW.exe
  C:\Windows\System\rHmpECW.exe
  2⤵
  PID:9916
- C:\Windows\System\hXGjbGH.exe
  C:\Windows\System\hXGjbGH.exe
  2⤵
  PID:9932
- C:\Windows\System\OyYIjSS.exe
  C:\Windows\System\OyYIjSS.exe
  2⤵
  PID:9964
- C:\Windows\System\EzpVQNr.exe
  C:\Windows\System\EzpVQNr.exe
  2⤵
  PID:9988
- C:\Windows\System\wwSNCgu.exe
  C:\Windows\System\wwSNCgu.exe
  2⤵
  PID:10016
- C:\Windows\System\uAYHvzn.exe
  C:\Windows\System\uAYHvzn.exe
  2⤵
  PID:10072
- C:\Windows\System\LyzgwwO.exe
  C:\Windows\System\LyzgwwO.exe
  2⤵
  PID:10108
- C:\Windows\System\LvEgrkg.exe
  C:\Windows\System\LvEgrkg.exe
  2⤵
  PID:10148
- C:\Windows\System\Nndjobv.exe
  C:\Windows\System\Nndjobv.exe
  2⤵
  PID:10132
- C:\Windows\System\GNaGiZp.exe
  C:\Windows\System\GNaGiZp.exe
  2⤵
  PID:10168
- C:\Windows\System\sedRAaP.exe
  C:\Windows\System\sedRAaP.exe
  2⤵
  PID:8752
- C:\Windows\System\TZnSDfz.exe
  C:\Windows\System\TZnSDfz.exe
  2⤵
  PID:8568
- C:\Windows\System\REvjjAP.exe
  C:\Windows\System\REvjjAP.exe
  2⤵
  PID:9248
- C:\Windows\System\SnYboGA.exe
  C:\Windows\System\SnYboGA.exe
  2⤵
  PID:9308
- C:\Windows\System\hdjIhCG.exe
  C:\Windows\System\hdjIhCG.exe
  2⤵
  PID:9372
- C:\Windows\System\eUaddcl.exe
  C:\Windows\System\eUaddcl.exe
  2⤵
  PID:9352
- C:\Windows\System\pgazzex.exe
  C:\Windows\System\pgazzex.exe
  2⤵
  PID:9596
- C:\Windows\System\EbOKPAK.exe
  C:\Windows\System\EbOKPAK.exe
  2⤵
  PID:10024
- C:\Windows\System\AlneoSQ.exe
  C:\Windows\System\AlneoSQ.exe
  2⤵
  PID:9612
- C:\Windows\System\wEItSza.exe
  C:\Windows\System\wEItSza.exe
  2⤵
  PID:9388
- C:\Windows\System\IJKRqcP.exe
  C:\Windows\System\IJKRqcP.exe
  2⤵
  PID:9452
- C:\Windows\System\OEFeGNR.exe
  C:\Windows\System\OEFeGNR.exe
  2⤵
  PID:9736
- C:\Windows\System\BfflDNy.exe
  C:\Windows\System\BfflDNy.exe
  2⤵
  PID:9804
- C:\Windows\System\KAGDXSL.exe
  C:\Windows\System\KAGDXSL.exe
  2⤵
  PID:9648
- C:\Windows\System\mnHBlFQ.exe
  C:\Windows\System\mnHBlFQ.exe
  2⤵
  PID:9788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EBxqkmj.exe

Filesize
6.0MB

MD5
5b43bbeab44dc2702f52e76d5efae796

SHA1
ec89d5b605c6db749f3363a40cc6d55677e9db56

SHA256
bbf8f25510d7149d3b6cf46cb475e81a2bf888372965963f2da1cc5fe463989f

SHA512
8aafeb7bfbdf7f2a492420ab2bf8a8b9107dbbe65b48cca33112f3f7c6bd6e5d2134ecfc2918b0ee39e49153d2dab2700ab897b0c9df2d1a20a3cb6982f51a6e

Download Submit
C:\Windows\system\EEJPryy.exe

Filesize
6.0MB

MD5
15b18a11b7cc8b5dabcba5daa74cea88

SHA1
35ac4ddee6d0ad567e169a687f50efa240b18d4c

SHA256
08cf0a0f24c01ae527c5c7bd457f25cb987db92e87d0c465b57fbbb9595ec1d1

SHA512
5bc9b4dff2566537efedb66d991482e0014315a44cd14bcbb5cc0b95e936f9d8ca9458b77c19293eaef4f25f5119783eb06993b4863eb76044b75c10f7c102b5

Download Submit
C:\Windows\system\GfvXbjE.exe

Filesize
6.0MB

MD5
4727396d830b1e180aa8c12baf1b545f

SHA1
77af4c17807f864132e139a237388861e979460d

SHA256
3dd640534a0a2de1e08f4cba6d9edb8951c9a60312b4b7e4230c5ada21718c0f

SHA512
0a8cebe985ac0b5d1261ece3385ba0ecead6160c6933729912a43a867f697715a2db016a92d1c2752bf9fad34f11305c93b10cadb108689522daeb9c2682179e

Download Submit
C:\Windows\system\HbQPsUl.exe

Filesize
6.0MB

MD5
0e2879a3bf4855a42fc19496fc65acc0

SHA1
fbbdc7b74128bdcaff88ef62af9edf130ad5ad6d

SHA256
14c97b78dbfd545df9fff5034c5b4888c96e22390a8b232be0cba1b8a747ac06

SHA512
354ceb265408f3b4661653bbdb19682afd83a2e8442c2956ff9dc1b7a512bcb0867fec0d475944ff572e39d8a13f5c3790406c53c1dba068cedf899af4ea22e2

Download Submit
C:\Windows\system\NSxpmtI.exe

Filesize
6.0MB

MD5
07a01f37f26a0e06b9669e9f8eb10282

SHA1
26a654a7f61a58b37b5ae28bd2af7d763e17d7ed

SHA256
93614c7c902c795524a03e376c339dbc556ccb0a95eb66bf4fd225236d3388cd

SHA512
9e60df0f4ebbdbbccc17517775ffc243c532f620b90ec6fb16652c94f1a473589f1a643cde70090fefb6d1a66a0d787e2b33738fc05d3ae6615c961ac79eddd5

Download Submit
C:\Windows\system\NbWwsKs.exe

Filesize
6.0MB

MD5
af3dddc2c7382241c2593849c7080b56

SHA1
44b2a91fc6a7c4e30b97ee787387ee46d6610c56

SHA256
4816110d8d05e18864773ee3158fcd37abbb7945e46a7248b4c45830aa02deb6

SHA512
15b212c2ba13920c8acef37e2fa7f6ab8142484e598ae0e74522cd5f578cdab868c29750a697cbb35bde9f8e5ab063304f74912eb106c8ca4761d5f26f61367b

Download Submit
C:\Windows\system\NvXqneN.exe

Filesize
6.0MB

MD5
54b45eff58ba97b704b38813986f1f93

SHA1
f9382425d5098ae2f659425a23f8a863cb81bd49

SHA256
6741d629d99a7de0a394c2ccfe240c1b394ae52b0035622da3662d6efd6d2a3d

SHA512
a055f0bb3d11c67d8652657a626000ac243383233340edc2c3d02340546d593b685d4580520984ef20f536a930b8dbec3d5bb9c4a27f0768a834662d5d8f91c1

Download Submit
C:\Windows\system\OYLAvcF.exe

Filesize
6.0MB

MD5
a92e942b10c0c12f48260b7c3d6a2d53

SHA1
e166af1dbc952c602e62625dcb520216ffa7b861

SHA256
121b735159cf2ec9c4f6a6dbe1ceeec5cee92ee61a95ed0f96252c4653f4e210

SHA512
2e2504c774c5b04f6ec660a073032922a3ae2d0d7928d5bb9e528adc7d53f307cdee95d9983512b85907c4f277f78341ba7068a47099dee0cc97dbcb8b6c30f6

Download Submit
C:\Windows\system\PxckxPu.exe

Filesize
6.0MB

MD5
18d528d70b92b8f7478c62eaab6d887e

SHA1
a9d3a2f4886172ff483ae0a19a0f76e73a810c3a

SHA256
651b82ee6eac32dd3a14750c7d3eaa94e98e65593103dc07739ceea665aa1b1a

SHA512
d7275d90c0863e3e7d97fbf8fae477aee3d9fa17d211c9ef8c192270ab423a83aee2dda943b651c0d315106e067843a5271b4da61057de6c84b159aeddc4332d

Download Submit
C:\Windows\system\RDkEVJQ.exe

Filesize
6.0MB

MD5
6d93dae54c1f4388001490cae71a8789

SHA1
78e967c31b5eff38d65dc678f67190af88ca74bc

SHA256
88a064f6bf225e414bef591b67e1943dfba24647f612135db9bd3475a16028bd

SHA512
1a61216ad5917ce7e9a2c07f6d78a7cb7f63d74369f45b129d1d81f10b481dbe604b88ec704f384279e48dedc07e754924759bff3c10cc620b2297024de36232

Download Submit
C:\Windows\system\VBNJpBl.exe

Filesize
6.0MB

MD5
2ce981fb92ffad373732593927de4519

SHA1
e3bd2e0636b0d26cfdd70bea657378212b679701

SHA256
0a88383a8d14d9930ee8e1363dad6b6cff5d4ec83f7f49f5054e01fd74190b19

SHA512
d6ea642c1fe16ef149ce31a82893e2e06c4426d287f4d956356fd36ef60cbaac8683b69385579a7989e3748a6047860e32edadabc848320b2d1fcaa64c134ec6

Download Submit
C:\Windows\system\XsEnTID.exe

Filesize
6.0MB

MD5
5dd0165a4badeaed0529b30dca8b505f

SHA1
ec1bb041925b2ccb12ee1ae840a65033a330246b

SHA256
18f82ee78e197e1ddeaf1b531670460ecd18b93d05f833d199a6a461a1a20a8c

SHA512
347cb39765537bef010ad0d8e0080832d44220449b7b29d94f2df5bec0da02d122985d48a26c0d9179a2f4584c6f70457ec9d679b963c6cd8ce1e138e2407d5f

Download Submit
C:\Windows\system\aCGNEWm.exe

Filesize
6.0MB

MD5
c27e8b15b269512895b25f7919129c7f

SHA1
79e58bfeef72d4b84602ca43ba21c923325fabcc

SHA256
f814e7e5f338c68493be22c484c87e8c1fba0ccfaa411b84f403c12d9e2370c3

SHA512
d7ce39f82792bfa1c5e749cf6ff90cc0fbd18c3952a9d02b0d1095e4be36a07c0b0876f7518f7c600d3d2ba05eb582220ff15390bfa927af2e8c408d8e7f5bf4

Download Submit
C:\Windows\system\fVLdpMB.exe

Filesize
6.0MB

MD5
75d1c2a0ef8aa069be63ef9253afae80

SHA1
fe3e8ed20f6c023d060f8a34660a14c328cf8382

SHA256
cca1f65246b9cb459411bbfff7bf4a672a8efb9612f0c1e33b2cb07f0d0cf1cf

SHA512
6be5b1b40e804bff6c12ccb063a69ba6106882ebeb12d71299aac1dca60ed438d2db671d49eb473bf3b826637665cfd1c8f4883b06b921762339fe520b6e317d

Download Submit
C:\Windows\system\nbskzzl.exe

Filesize
6.0MB

MD5
abbaf9d8a22febc00cabc013543ce702

SHA1
94cab649eac986f38d4ea937ecb54c277407fa8e

SHA256
080441aa0be5178659c9904c8f35e9894493c9d99162a9ef8cc17cba70749863

SHA512
71c632a0ef6e5fe9740913ad62ccf261eedd32090cad283c74b68eb542ebcc7411fd5099d383987ef6f6adea942c834e2a33aaef1be15a0eb64bcd399bf376aa

Download Submit
C:\Windows\system\pcCZpxq.exe

Filesize
6.0MB

MD5
5194cecd11b961db00a8bb8dc7c2b2c9

SHA1
9359731231d868be1d5921a3451a6f9ad5687b6a

SHA256
d06f648685a8deadbc656ef3b2f8f7bfff59e7c18820f3df866587ace718df40

SHA512
5bfff67cf7ffd7799fe48c0ee309ea58c872987a1f0654d526e88a94cdd9942806c4a4f72a98a75f12f2015a52484a80fc67a4e886df5e58a2ccc8c686e6774e

Download Submit
C:\Windows\system\qvnEkBL.exe

Filesize
6.0MB

MD5
606f203507adf4a0a60420910eb0ff0b

SHA1
7beb7675d414e493f83e0e131f20829c1462fa20

SHA256
5d4b48896eeffe1f526cc41d33316dbbfd246f2a7084a48dfce6978c3cb8e96e

SHA512
7b73c4fb0ac8253da8486d586be45ea19ac7ae7150eb43215dd2a7880d0bf2c14e1fd45bd686849e97d929f97f553ec273ead99572b7f80f4436370e66aa738c

Download Submit
C:\Windows\system\qzhpVUf.exe

Filesize
6.0MB

MD5
b926ae309225308b29ef359e10f85e6a

SHA1
2754a5eba849c806168e2bb7baec24cd0ab7b4c7

SHA256
d05e15ddf1542c535564e7509faa2bac590fa843bf30fb3e253d3166b5f5c059

SHA512
dd9404dbe529022e9b983f72897ae333153653da5b3f31e297033f66beeaad839cf6668c8a1f9abb0958ba2e227e373e982b67c67f0d0364af27bf12ae08e39c

Download Submit
C:\Windows\system\raHDkbY.exe

Filesize
6.0MB

MD5
59bbe9007cbe2d43317df1dfc46aa130

SHA1
099f5bdff3112a7dbe5cca83307016ce64b4991a

SHA256
67eb99a64a5bdf1925ff13cb4f341bb06a2e8595671e18e39524032d9412e543

SHA512
261008a86c8c0b7dd967302b7794710726d1d2e78f4e5ae617772dc4362e9750ec4abebe469015d0f40c6d173ac55a2479af8e1ed3781f1412937236122ea5f4

Download Submit
C:\Windows\system\uOArUuw.exe

Filesize
6.0MB

MD5
d6e31a9ba7f84f0a5ccf19d9db00d35b

SHA1
2f23c0f048d2e2eccfa1e049d51bef271600d60d

SHA256
df828b3a017472c928a68dac5125157f7ecb21ed973e7f60f320958269940487

SHA512
e5736d0f36a0811ab2aaf6db24c661cec437f3236811b959a2e4b8aff73ba91c4b051d7a2dc6cfd6de4169b0c3358ceb4527d13f4130c7d2932d5074f4c21d60

Download Submit
C:\Windows\system\vTmlYbH.exe

Filesize
6.0MB

MD5
94ad442e0f490416dfd9f0ef0d0dcf4f

SHA1
1ea130bc0c580ec3e2bcf979050a7e0af8167a36

SHA256
6592e3e612d42817ed467500f91d21b94031990e0bff596843395b0de1252aa4

SHA512
93ae684ed9135cbce3c9cb9181d7466013b216f0a887f352234562f0b2155431b43f40566cd445b2c7785eced10c404bf20c7bdfb75de84b4171e6e9a4901576

Download Submit
C:\Windows\system\ylkQutt.exe

Filesize
6.0MB

MD5
98cbfbdc0b2f04e2d6c222d50ec012d1

SHA1
6b727eb54ee267526bdd8ba83755de0e2f9c626a

SHA256
d64fdcf878c18a39d60c487a9e2c3ac707fc4016e51a318e504d46e2c8fe84a8

SHA512
16e135733cb451ce1a2b35fb47aca0830e79657dc2b5395437950eac34b37b2a25ef9c3d4e1029a1228daa6600263a8bd95fbaf74e46db6051af106cb8a1f964

Download Submit
C:\Windows\system\yvzfewX.exe

Filesize
6.0MB

MD5
a215531cc75319ab0e6a09a1670a6ac3

SHA1
deea3397d0e1df2e4c833df63375d63d46107e09

SHA256
43b27482d641e102dfba74911564ca4bc39bf3a2bd5765caa56f9c0b86c18b11

SHA512
3e92d59081dcca0334c5fadfd92eafd2ca134f425d531936453ebad4d951e3bd3e09207c408a347d72163052976aa387f075b3395e567799f6af807ca345c1fa

Download Submit
C:\Windows\system\zquENJo.exe

Filesize
6.0MB

MD5
80f9836a6dfacd12cd778139d81c4d5e

SHA1
164193c843bc2eff1c3c2570203597bbbcfc55c7

SHA256
a0b5ad7c87ec2c6ddeab1c45abf5b01fcfd78d0d5387fd7e67e210a1ac251211

SHA512
5218c2549981d3c70be6db9b2f32921533c7122575d1b6b217fe1d816f8f07c8465f88075f5f932f168a9fcb626cac1fabf01b07d8e5a0a6d48235d933192937

Download Submit
\Windows\system\IkPrFlY.exe

Filesize
6.0MB

MD5
761229e0aff70bf735dc30ae0c7d5c75

SHA1
0b95e5db9ba8713edca9060d2c3c66046d30eed6

SHA256
baffac821c1fb2b2687e222ba7f5c6bfadd9f07eebfbc356ee9c8f38a2f1b611

SHA512
37240085c0dc76b039c92f128cd3be4a097bcaac9fba2eed753cd47268c28c120e7740869080e74f03b365a31da12cdac2e7ef1a97429fcbf4fc8594558b82cd

Download Submit
\Windows\system\KNddErM.exe

Filesize
6.0MB

MD5
1368428f586150eb2f7c478210279e97

SHA1
659bd36fe34bad37f2ddbf510e83a0afa9127777

SHA256
a5e01983087e9dac4ff95dbb52243f8ebeb5fa884c1c814512662927ab1abf2d

SHA512
c4d4bb47cfcf92279fa079a84b4182351bdb1e6822f209033bb4366dd5e58026f1abbe589a58d2011a285849c8ffb3f14736af9a35fece5cab9391e60fadbdda

Download Submit
\Windows\system\PIQJlkS.exe

Filesize
6.0MB

MD5
4c35da8c7abcb0d8c365de741c3879af

SHA1
87c1bf719957c8bc41d3d91f319738095958174a

SHA256
8fc6be2a11616d63faf4265b1474a8b1b42dccf88fe7a7032778e500b598bbee

SHA512
b4e8136a0e5f60cfebdd9d143ed8df821ef1f406241a7a222c4d8a7e210e3e28a34126cd75ef625a28c2c742a122f216887b02ce08bef8a2911bd086df3f51ac

Download Submit
\Windows\system\RLrlSih.exe

Filesize
6.0MB

MD5
4b23e4bd0b582d32af1b1a977fcd00d4

SHA1
1fb4e1b2edb2fc9f2085fea8e8f1abac19bbeea2

SHA256
cc78dd9dbd44ce05cc95efc09fb9f085fdf0cd13e724712e30a822b30e58afa0

SHA512
a3567f49b2ddac0dc4328a3bd8eb6b24ba1daf6c52e7a1bd39895f8696da088657e3c5ebef4fa5a135b3e71c37f84b562852a045e2adb904563d6acaa5cd5eb1

Download Submit
\Windows\system\aZrqaXM.exe

Filesize
6.0MB

MD5
5148e914142d81f3b8bc7714969c294f

SHA1
121a9be659fee4d20ec73cbb49c63a436b66f0b7

SHA256
aa413baf0d5a309e34e1d38cbf54d1da0ce3bca77fb138a1ddd615f5d107e4f1

SHA512
f748a4f17da5a99bed8efe972d1498c14dc9d5256f6861686ce8e13ef76aab9f071fb204ef13cb2ee5282d6441294978550195cdf97766c90e8f3724f001122d

Download Submit
\Windows\system\pcIJcaW.exe

Filesize
6.0MB

MD5
6f924dd8e179356e8eeffb1b87b012b8

SHA1
052cb3a8f758a0e346c9cc46644ddf16d6bf0c52

SHA256
e7755971b56c539db29e6a423e09c68fc39f4f19f779406181169b3145be12e3

SHA512
93103a582f1336e53e7d9072cf849470ae691e679d8eac10a1a6f7f487e45dedc72c22c13f71ff2fc701840dd6ab1c1f4735c530989854e1a36416ba0da1fa98

Download Submit
\Windows\system\sRWgYvN.exe

Filesize
6.0MB

MD5
4e8582d32756281bb82002716f750654

SHA1
ec5feaa0875ebba0d45e10c560f445457b780ce8

SHA256
ebe957a9237f421410bf8d3892d5c38dde5e7a861de213737326534a18d56003

SHA512
d1b590c5ccb538ebd73b3531d094bba4b6f4f57b80f7a5c1ce3dbcaf7845040bcc08e5bd8384c66cd7c6c327e4199916d05b6ababd37403f29f3b6b6fe97f526

Download Submit
\Windows\system\yEiYegK.exe

Filesize
6.0MB

MD5
762718ebff918e9c7cf3a5646dfd42fd

SHA1
b1400fc8f745e86d3ed55197f3e588f25d1659e6

SHA256
b4e0818cf8b1f2dc7dc11f08d3e3e452b14d71e790b4744af2afabbc6cab4902

SHA512
4478ff2f5f2ea26fdb6142837bc841b63ed710b1fdf1481f01628cb0eb05c706156a2faad1ed2f5c1d2e1e8c466cee64c46e5554756d4fd274145e3f4e556183

Download Submit
memory/628-4049-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/628-87-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-4048-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1644-27-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1660-4050-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1660-95-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-65-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1736-4043-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1856-37-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1856-86-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1856-4047-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2088-29-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2088-4046-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2396-19-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-0-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1210-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2396-703-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2396-96-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2396-59-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2396-67-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2396-120-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2396-62-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2396-92-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-79-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-30-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-63-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2396-35-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2396-78-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-43-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2396-16-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1315-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2396-25-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2496-28-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-4055-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-24-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-4056-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-72-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2652-4054-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2692-4052-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2692-115-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2728-64-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2728-4051-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2816-61-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-4045-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-54-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2840-4053-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/3068-4044-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-80-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download