cobaltstrike | e7c08d39449bcde60e4261447b753ad6d39865704b1be1263237401f09aba043

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/12/2024, 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

99062b37bd580e0bb22a5f868ee299ad
SHA1

5cffc459472e331c11b97e326cdf9033ed176b12
SHA256

e7c08d39449bcde60e4261447b753ad6d39865704b1be1263237401f09aba043
SHA512

e354a3a182badc99bc70eef9151b8cdc8a060a53e542ba331fc5d8c6b67eae456d8c575bae3c1f8af1e5df771775f83e1f1bb706fdcadbb474980128fa55a098
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUf:T+q56utgpPF8u/7f

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000e000000012280-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f41-7.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016140-23.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001620e-33.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001650a-46.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d2e-54.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d50-81.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173aa-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-186.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018678-182.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001866d-177.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001752f-172.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001748f-162.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174ac-167.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001747b-157.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017409-152.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-147.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fb-142.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173e4-137.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739c-127.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739a-123.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f9c-109.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016e74-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dc8-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dad-93.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-87.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3f-64.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d47-71.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d36-62.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016409-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016031-9.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2672-0-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x000e000000012280-3.dat	xmrig
behavioral1/files/0x0008000000015f41-7.dat	xmrig
behavioral1/memory/2960-21-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016140-23.dat	xmrig
behavioral1/files/0x000700000001620e-33.dat	xmrig
behavioral1/memory/2564-36-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x000800000001650a-46.dat	xmrig
behavioral1/files/0x0006000000016d2e-54.dat	xmrig
behavioral1/memory/2732-67-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d50-81.dat	xmrig
behavioral1/memory/2584-95-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x00060000000173aa-132.dat	xmrig
behavioral1/memory/1708-1011-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2672-1010-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/3016-898-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2916-568-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/1240-567-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/1640-351-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/1920-350-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2672-233-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/files/0x000500000001879b-192.dat	xmrig
behavioral1/files/0x0005000000018690-186.dat	xmrig
behavioral1/files/0x0009000000018678-182.dat	xmrig
behavioral1/files/0x001500000001866d-177.dat	xmrig
behavioral1/files/0x000600000001752f-172.dat	xmrig
behavioral1/files/0x000600000001748f-162.dat	xmrig
behavioral1/files/0x00060000000174ac-167.dat	xmrig
behavioral1/files/0x000600000001747b-157.dat	xmrig
behavioral1/files/0x0006000000017409-152.dat	xmrig
behavioral1/files/0x0006000000017403-147.dat	xmrig
behavioral1/files/0x00060000000173fb-142.dat	xmrig
behavioral1/files/0x00060000000173e4-137.dat	xmrig
behavioral1/files/0x000600000001739c-127.dat	xmrig
behavioral1/files/0x000600000001739a-123.dat	xmrig
behavioral1/files/0x0006000000016f9c-109.dat	xmrig
behavioral1/files/0x0006000000016e74-105.dat	xmrig
behavioral1/memory/2092-102-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/files/0x0006000000016dc8-100.dat	xmrig
behavioral1/memory/1708-97-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x0006000000016dad-93.dat	xmrig
behavioral1/memory/3016-90-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2596-88-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d9f-87.dat	xmrig
behavioral1/memory/2916-86-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d3f-64.dat	xmrig
behavioral1/memory/1240-78-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2672-75-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/1640-74-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/1920-73-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2092-57-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2160-55-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2672-72-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d47-71.dat	xmrig
behavioral1/files/0x0006000000016d36-62.dat	xmrig
behavioral1/memory/2672-50-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2584-49-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2596-41-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x0008000000016409-39.dat	xmrig
behavioral1/memory/2732-28-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x0007000000016031-9.dat	xmrig
behavioral1/memory/2160-19-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2764-17-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/3016-4122-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2764	bioELvz.exe
2160	krSQAhm.exe
2960	svOJEHy.exe
2732	iYwEDlr.exe
2564	dEtSwPs.exe
2596	rXlUJVN.exe
2584	lAEjLsR.exe
2092	tXkPsjJ.exe
1920	kZDJpSD.exe
1640	qspcQWY.exe
1240	sNceWnU.exe
2916	neLIHqM.exe
3016	AzyxWXz.exe
1708	riyNIUR.exe
1904	QfIkcEG.exe
1872	sJbNYZJ.exe
664	cqQDUjI.exe
2808	VOfowLK.exe
1212	qtBUtCA.exe
1544	EETnxCK.exe
2768	AekTMCB.exe
2452	efBuDBe.exe
1704	eeLREqJ.exe
2124	CNsBMkK.exe
2188	xTWYXia.exe
2340	iXXsIuK.exe
1092	vmWjkdv.exe
2200	OCWikuB.exe
1264	nzkQqEh.exe
372	fQXkkYn.exe
832	yYZyZbq.exe
1472	cfJtOCq.exe
1932	XIqtYjb.exe
1288	oQaCrWX.exe
1648	xaiIEyT.exe
1596	UpuoAxr.exe
1564	SWwGxtl.exe
596	iRteeIk.exe
564	qvhaGJI.exe
3064	ijDXAHh.exe
236	DdoXdwF.exe
2136	ThVAtha.exe
2500	BIUJmtw.exe
1672	pdiSkfM.exe
2480	YnZEoSz.exe
1256	wzytRhR.exe
1824	YKTsAwc.exe
996	MTsYpNl.exe
872	ehEmxtn.exe
1500	OkfAqbl.exe
1508	cyLmtqQ.exe
2668	gpBVezD.exe
2408	tHDfbkY.exe
2900	lIctUhy.exe
2556	AKsBzTV.exe
2360	LTgyvuo.exe
2580	CzufdBz.exe
2936	cTThgNG.exe
2292	WxuwSMZ.exe
2856	CakPXmD.exe
1656	XaGaMVr.exe
1232	EexrJAg.exe
2984	PhylWsB.exe
2192	BhNKtPG.exe

Loads dropped DLL 64 IoCs

pid	Process
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2672-0-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x000e000000012280-3.dat	upx
behavioral1/files/0x0008000000015f41-7.dat	upx
behavioral1/memory/2960-21-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/files/0x0007000000016140-23.dat	upx
behavioral1/files/0x000700000001620e-33.dat	upx
behavioral1/memory/2564-36-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x000800000001650a-46.dat	upx
behavioral1/files/0x0006000000016d2e-54.dat	upx
behavioral1/memory/2732-67-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x0006000000016d50-81.dat	upx
behavioral1/memory/2584-95-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x00060000000173aa-132.dat	upx
behavioral1/memory/1708-1011-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/3016-898-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2916-568-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/1240-567-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/1640-351-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/1920-350-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x000500000001879b-192.dat	upx
behavioral1/files/0x0005000000018690-186.dat	upx
behavioral1/files/0x0009000000018678-182.dat	upx
behavioral1/files/0x001500000001866d-177.dat	upx
behavioral1/files/0x000600000001752f-172.dat	upx
behavioral1/files/0x000600000001748f-162.dat	upx
behavioral1/files/0x00060000000174ac-167.dat	upx
behavioral1/files/0x000600000001747b-157.dat	upx
behavioral1/files/0x0006000000017409-152.dat	upx
behavioral1/files/0x0006000000017403-147.dat	upx
behavioral1/files/0x00060000000173fb-142.dat	upx
behavioral1/files/0x00060000000173e4-137.dat	upx
behavioral1/files/0x000600000001739c-127.dat	upx
behavioral1/files/0x000600000001739a-123.dat	upx
behavioral1/files/0x0006000000016f9c-109.dat	upx
behavioral1/files/0x0006000000016e74-105.dat	upx
behavioral1/memory/2092-102-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/files/0x0006000000016dc8-100.dat	upx
behavioral1/memory/1708-97-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x0006000000016dad-93.dat	upx
behavioral1/memory/3016-90-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2596-88-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x0006000000016d9f-87.dat	upx
behavioral1/memory/2916-86-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x0006000000016d3f-64.dat	upx
behavioral1/memory/1240-78-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/1640-74-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/1920-73-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2092-57-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2160-55-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/files/0x0006000000016d47-71.dat	upx
behavioral1/files/0x0006000000016d36-62.dat	upx
behavioral1/memory/2672-50-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2584-49-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2596-41-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x0008000000016409-39.dat	upx
behavioral1/memory/2732-28-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x0007000000016031-9.dat	upx
behavioral1/memory/2160-19-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2764-17-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/3016-4122-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2960-4121-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/1920-4124-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2564-4123-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/1640-4127-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\svOJEHy.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iQwBHfc.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JpFblLD.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FhvTmqF.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oAYLJvt.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qbLMjhc.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CFdaFHy.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pHjEPTr.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UPwkANe.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hmTgcIK.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\grDsmMe.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zaeEOKO.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bKZhUNC.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OlaIXWn.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFgoSqq.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dOLtRbv.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fidIajX.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KSfOKJm.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FiPJZnH.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfDipwr.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gnLBsZR.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ORJeuOt.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ysIhIHP.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zQcEdVH.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hGttLnU.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZGOiSjk.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mLupMbX.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YlvZRHk.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xpcIyLx.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RMIofjW.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CfGHYur.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ULGiNUF.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMxrcxT.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rutSGip.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SWwGxtl.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rpUbqXO.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fOVoQys.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rOuvNUk.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sKFfDKB.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rXUdxvZ.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RdtMpIp.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\keQQmsK.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SpfvFbU.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tzGynkD.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YofCxRh.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kecCXDk.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\islpoCf.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lhaPPGN.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SSMjCZF.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\udTurlA.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bcCuCbF.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\irhJWcj.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qDKYLoy.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Smkpxos.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lNTasIL.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gIxxPGw.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HwURkiv.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YGzwvai.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\taJVlBX.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SnLcQlJ.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JdNgZGb.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dOcrwzp.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yojKxGy.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DyMdGUx.exe	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2764	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2672 wrote to memory of 2764	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2672 wrote to memory of 2764	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2672 wrote to memory of 2160	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2672 wrote to memory of 2160	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2672 wrote to memory of 2160	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2672 wrote to memory of 2960	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2672 wrote to memory of 2960	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2672 wrote to memory of 2960	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2672 wrote to memory of 2732	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2672 wrote to memory of 2732	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2672 wrote to memory of 2732	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2672 wrote to memory of 2564	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2672 wrote to memory of 2564	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2672 wrote to memory of 2564	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2672 wrote to memory of 2596	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2672 wrote to memory of 2596	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2672 wrote to memory of 2596	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2672 wrote to memory of 2584	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2672 wrote to memory of 2584	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2672 wrote to memory of 2584	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2672 wrote to memory of 2092	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2672 wrote to memory of 2092	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2672 wrote to memory of 2092	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2672 wrote to memory of 1920	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2672 wrote to memory of 1920	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2672 wrote to memory of 1920	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2672 wrote to memory of 1240	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2672 wrote to memory of 1240	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2672 wrote to memory of 1240	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2672 wrote to memory of 1640	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2672 wrote to memory of 1640	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2672 wrote to memory of 1640	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2672 wrote to memory of 2916	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2672 wrote to memory of 2916	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2672 wrote to memory of 2916	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2672 wrote to memory of 3016	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2672 wrote to memory of 3016	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2672 wrote to memory of 3016	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2672 wrote to memory of 1708	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2672 wrote to memory of 1708	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2672 wrote to memory of 1708	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2672 wrote to memory of 1904	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2672 wrote to memory of 1904	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2672 wrote to memory of 1904	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2672 wrote to memory of 1872	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2672 wrote to memory of 1872	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2672 wrote to memory of 1872	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2672 wrote to memory of 664	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2672 wrote to memory of 664	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2672 wrote to memory of 664	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2672 wrote to memory of 2808	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2672 wrote to memory of 2808	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2672 wrote to memory of 2808	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2672 wrote to memory of 1212	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2672 wrote to memory of 1212	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2672 wrote to memory of 1212	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2672 wrote to memory of 1544	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2672 wrote to memory of 1544	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2672 wrote to memory of 1544	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2672 wrote to memory of 2768	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2672 wrote to memory of 2768	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2672 wrote to memory of 2768	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2672 wrote to memory of 2452	2672	2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-20_99062b37bd580e0bb22a5f868ee299ad_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\System\bioELvz.exe
  C:\Windows\System\bioELvz.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\krSQAhm.exe
  C:\Windows\System\krSQAhm.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\svOJEHy.exe
  C:\Windows\System\svOJEHy.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\iYwEDlr.exe
  C:\Windows\System\iYwEDlr.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\dEtSwPs.exe
  C:\Windows\System\dEtSwPs.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\rXlUJVN.exe
  C:\Windows\System\rXlUJVN.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\lAEjLsR.exe
  C:\Windows\System\lAEjLsR.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\tXkPsjJ.exe
  C:\Windows\System\tXkPsjJ.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\kZDJpSD.exe
  C:\Windows\System\kZDJpSD.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\sNceWnU.exe
  C:\Windows\System\sNceWnU.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\qspcQWY.exe
  C:\Windows\System\qspcQWY.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\neLIHqM.exe
  C:\Windows\System\neLIHqM.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\AzyxWXz.exe
  C:\Windows\System\AzyxWXz.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\riyNIUR.exe
  C:\Windows\System\riyNIUR.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\QfIkcEG.exe
  C:\Windows\System\QfIkcEG.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\sJbNYZJ.exe
  C:\Windows\System\sJbNYZJ.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\cqQDUjI.exe
  C:\Windows\System\cqQDUjI.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\VOfowLK.exe
  C:\Windows\System\VOfowLK.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\qtBUtCA.exe
  C:\Windows\System\qtBUtCA.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\EETnxCK.exe
  C:\Windows\System\EETnxCK.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\AekTMCB.exe
  C:\Windows\System\AekTMCB.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\efBuDBe.exe
  C:\Windows\System\efBuDBe.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\eeLREqJ.exe
  C:\Windows\System\eeLREqJ.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\CNsBMkK.exe
  C:\Windows\System\CNsBMkK.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\xTWYXia.exe
  C:\Windows\System\xTWYXia.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\iXXsIuK.exe
  C:\Windows\System\iXXsIuK.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\vmWjkdv.exe
  C:\Windows\System\vmWjkdv.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\OCWikuB.exe
  C:\Windows\System\OCWikuB.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\nzkQqEh.exe
  C:\Windows\System\nzkQqEh.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\fQXkkYn.exe
  C:\Windows\System\fQXkkYn.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\yYZyZbq.exe
  C:\Windows\System\yYZyZbq.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\cfJtOCq.exe
  C:\Windows\System\cfJtOCq.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\XIqtYjb.exe
  C:\Windows\System\XIqtYjb.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\oQaCrWX.exe
  C:\Windows\System\oQaCrWX.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\xaiIEyT.exe
  C:\Windows\System\xaiIEyT.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\UpuoAxr.exe
  C:\Windows\System\UpuoAxr.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\SWwGxtl.exe
  C:\Windows\System\SWwGxtl.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\iRteeIk.exe
  C:\Windows\System\iRteeIk.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\qvhaGJI.exe
  C:\Windows\System\qvhaGJI.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\ijDXAHh.exe
  C:\Windows\System\ijDXAHh.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\DdoXdwF.exe
  C:\Windows\System\DdoXdwF.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\YnZEoSz.exe
  C:\Windows\System\YnZEoSz.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\ThVAtha.exe
  C:\Windows\System\ThVAtha.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\YKTsAwc.exe
  C:\Windows\System\YKTsAwc.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\BIUJmtw.exe
  C:\Windows\System\BIUJmtw.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\MTsYpNl.exe
  C:\Windows\System\MTsYpNl.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\pdiSkfM.exe
  C:\Windows\System\pdiSkfM.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\ehEmxtn.exe
  C:\Windows\System\ehEmxtn.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\wzytRhR.exe
  C:\Windows\System\wzytRhR.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\OkfAqbl.exe
  C:\Windows\System\OkfAqbl.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\cyLmtqQ.exe
  C:\Windows\System\cyLmtqQ.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\gpBVezD.exe
  C:\Windows\System\gpBVezD.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\tHDfbkY.exe
  C:\Windows\System\tHDfbkY.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\lIctUhy.exe
  C:\Windows\System\lIctUhy.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\AKsBzTV.exe
  C:\Windows\System\AKsBzTV.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\LTgyvuo.exe
  C:\Windows\System\LTgyvuo.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\CzufdBz.exe
  C:\Windows\System\CzufdBz.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\cTThgNG.exe
  C:\Windows\System\cTThgNG.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\WxuwSMZ.exe
  C:\Windows\System\WxuwSMZ.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\CakPXmD.exe
  C:\Windows\System\CakPXmD.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\XaGaMVr.exe
  C:\Windows\System\XaGaMVr.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\EexrJAg.exe
  C:\Windows\System\EexrJAg.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\PhylWsB.exe
  C:\Windows\System\PhylWsB.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\OyJhuCF.exe
  C:\Windows\System\OyJhuCF.exe
  2⤵
  PID:2208
- C:\Windows\System\BhNKtPG.exe
  C:\Windows\System\BhNKtPG.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\xpcIyLx.exe
  C:\Windows\System\xpcIyLx.exe
  2⤵
  PID:2424
- C:\Windows\System\KsUgISB.exe
  C:\Windows\System\KsUgISB.exe
  2⤵
  PID:1696
- C:\Windows\System\wVgzAbU.exe
  C:\Windows\System\wVgzAbU.exe
  2⤵
  PID:2508
- C:\Windows\System\nnQxvlP.exe
  C:\Windows\System\nnQxvlP.exe
  2⤵
  PID:980
- C:\Windows\System\vlxfbSe.exe
  C:\Windows\System\vlxfbSe.exe
  2⤵
  PID:1688
- C:\Windows\System\frltwvo.exe
  C:\Windows\System\frltwvo.exe
  2⤵
  PID:1624
- C:\Windows\System\qJzJSTt.exe
  C:\Windows\System\qJzJSTt.exe
  2⤵
  PID:1120
- C:\Windows\System\EBbBXVS.exe
  C:\Windows\System\EBbBXVS.exe
  2⤵
  PID:1684
- C:\Windows\System\qKGIHFE.exe
  C:\Windows\System\qKGIHFE.exe
  2⤵
  PID:1616
- C:\Windows\System\ItDKnXX.exe
  C:\Windows\System\ItDKnXX.exe
  2⤵
  PID:2232
- C:\Windows\System\KJKGEgM.exe
  C:\Windows\System\KJKGEgM.exe
  2⤵
  PID:2464
- C:\Windows\System\ypkmDqq.exe
  C:\Windows\System\ypkmDqq.exe
  2⤵
  PID:984
- C:\Windows\System\LPPEfWc.exe
  C:\Windows\System\LPPEfWc.exe
  2⤵
  PID:1608
- C:\Windows\System\ivmJbEr.exe
  C:\Windows\System\ivmJbEr.exe
  2⤵
  PID:988
- C:\Windows\System\rpkkrlD.exe
  C:\Windows\System\rpkkrlD.exe
  2⤵
  PID:2052
- C:\Windows\System\lNTasIL.exe
  C:\Windows\System\lNTasIL.exe
  2⤵
  PID:3068
- C:\Windows\System\ksgmhdH.exe
  C:\Windows\System\ksgmhdH.exe
  2⤵
  PID:2680
- C:\Windows\System\XYdnmoP.exe
  C:\Windows\System\XYdnmoP.exe
  2⤵
  PID:2844
- C:\Windows\System\QbWFeOx.exe
  C:\Windows\System\QbWFeOx.exe
  2⤵
  PID:2008
- C:\Windows\System\rUyfurp.exe
  C:\Windows\System\rUyfurp.exe
  2⤵
  PID:3056
- C:\Windows\System\VQWynqT.exe
  C:\Windows\System\VQWynqT.exe
  2⤵
  PID:2800
- C:\Windows\System\FdSGnfA.exe
  C:\Windows\System\FdSGnfA.exe
  2⤵
  PID:1892
- C:\Windows\System\AQrEJFE.exe
  C:\Windows\System\AQrEJFE.exe
  2⤵
  PID:1496
- C:\Windows\System\wEMRHLl.exe
  C:\Windows\System\wEMRHLl.exe
  2⤵
  PID:2216
- C:\Windows\System\axdZtmd.exe
  C:\Windows\System\axdZtmd.exe
  2⤵
  PID:1732
- C:\Windows\System\ncczEIp.exe
  C:\Windows\System\ncczEIp.exe
  2⤵
  PID:904
- C:\Windows\System\pFLWfed.exe
  C:\Windows\System\pFLWfed.exe
  2⤵
  PID:268
- C:\Windows\System\yGdXLwp.exe
  C:\Windows\System\yGdXLwp.exe
  2⤵
  PID:1720
- C:\Windows\System\nmupNXL.exe
  C:\Windows\System\nmupNXL.exe
  2⤵
  PID:1444
- C:\Windows\System\WQPJavD.exe
  C:\Windows\System\WQPJavD.exe
  2⤵
  PID:1856
- C:\Windows\System\zTIlsil.exe
  C:\Windows\System\zTIlsil.exe
  2⤵
  PID:2492
- C:\Windows\System\NRwrOqg.exe
  C:\Windows\System\NRwrOqg.exe
  2⤵
  PID:3080
- C:\Windows\System\aVRDOrk.exe
  C:\Windows\System\aVRDOrk.exe
  2⤵
  PID:3100
- C:\Windows\System\HZZEixM.exe
  C:\Windows\System\HZZEixM.exe
  2⤵
  PID:3124
- C:\Windows\System\nATftdo.exe
  C:\Windows\System\nATftdo.exe
  2⤵
  PID:3140
- C:\Windows\System\HdjYXAF.exe
  C:\Windows\System\HdjYXAF.exe
  2⤵
  PID:3156
- C:\Windows\System\ijFxxfG.exe
  C:\Windows\System\ijFxxfG.exe
  2⤵
  PID:3172
- C:\Windows\System\SsgraAi.exe
  C:\Windows\System\SsgraAi.exe
  2⤵
  PID:3200
- C:\Windows\System\kwYikaj.exe
  C:\Windows\System\kwYikaj.exe
  2⤵
  PID:3220
- C:\Windows\System\ctqYKzq.exe
  C:\Windows\System\ctqYKzq.exe
  2⤵
  PID:3244
- C:\Windows\System\lMlJJij.exe
  C:\Windows\System\lMlJJij.exe
  2⤵
  PID:3264
- C:\Windows\System\UDaobgJ.exe
  C:\Windows\System\UDaobgJ.exe
  2⤵
  PID:3284
- C:\Windows\System\JtXYbjK.exe
  C:\Windows\System\JtXYbjK.exe
  2⤵
  PID:3300
- C:\Windows\System\XZPzAYs.exe
  C:\Windows\System\XZPzAYs.exe
  2⤵
  PID:3320
- C:\Windows\System\mnaBeYn.exe
  C:\Windows\System\mnaBeYn.exe
  2⤵
  PID:3340
- C:\Windows\System\WbcnIeu.exe
  C:\Windows\System\WbcnIeu.exe
  2⤵
  PID:3360
- C:\Windows\System\YKgTwnd.exe
  C:\Windows\System\YKgTwnd.exe
  2⤵
  PID:3380
- C:\Windows\System\dEhERot.exe
  C:\Windows\System\dEhERot.exe
  2⤵
  PID:3400
- C:\Windows\System\dNmzJII.exe
  C:\Windows\System\dNmzJII.exe
  2⤵
  PID:3416
- C:\Windows\System\JTYGEHt.exe
  C:\Windows\System\JTYGEHt.exe
  2⤵
  PID:3436
- C:\Windows\System\QBVzvyX.exe
  C:\Windows\System\QBVzvyX.exe
  2⤵
  PID:3460
- C:\Windows\System\uSFRJbs.exe
  C:\Windows\System\uSFRJbs.exe
  2⤵
  PID:3480
- C:\Windows\System\QWhIZRH.exe
  C:\Windows\System\QWhIZRH.exe
  2⤵
  PID:3504
- C:\Windows\System\coZDtns.exe
  C:\Windows\System\coZDtns.exe
  2⤵
  PID:3520
- C:\Windows\System\qYQyeaw.exe
  C:\Windows\System\qYQyeaw.exe
  2⤵
  PID:3544
- C:\Windows\System\vLNeFeZ.exe
  C:\Windows\System\vLNeFeZ.exe
  2⤵
  PID:3564
- C:\Windows\System\nhgQNOR.exe
  C:\Windows\System\nhgQNOR.exe
  2⤵
  PID:3584
- C:\Windows\System\tDXTVpb.exe
  C:\Windows\System\tDXTVpb.exe
  2⤵
  PID:3604
- C:\Windows\System\TVfxFGr.exe
  C:\Windows\System\TVfxFGr.exe
  2⤵
  PID:3620
- C:\Windows\System\brJtCda.exe
  C:\Windows\System\brJtCda.exe
  2⤵
  PID:3636
- C:\Windows\System\aXmSYtL.exe
  C:\Windows\System\aXmSYtL.exe
  2⤵
  PID:3656
- C:\Windows\System\HLFArmz.exe
  C:\Windows\System\HLFArmz.exe
  2⤵
  PID:3672
- C:\Windows\System\reYTUEA.exe
  C:\Windows\System\reYTUEA.exe
  2⤵
  PID:3696
- C:\Windows\System\usrIkQM.exe
  C:\Windows\System\usrIkQM.exe
  2⤵
  PID:3712
- C:\Windows\System\HTsjSfI.exe
  C:\Windows\System\HTsjSfI.exe
  2⤵
  PID:3732
- C:\Windows\System\VBxhGMM.exe
  C:\Windows\System\VBxhGMM.exe
  2⤵
  PID:3764
- C:\Windows\System\SZBubaf.exe
  C:\Windows\System\SZBubaf.exe
  2⤵
  PID:3780
- C:\Windows\System\XiGetZS.exe
  C:\Windows\System\XiGetZS.exe
  2⤵
  PID:3796
- C:\Windows\System\ypdiXTV.exe
  C:\Windows\System\ypdiXTV.exe
  2⤵
  PID:3824
- C:\Windows\System\tgurHTO.exe
  C:\Windows\System\tgurHTO.exe
  2⤵
  PID:3840
- C:\Windows\System\gIxxPGw.exe
  C:\Windows\System\gIxxPGw.exe
  2⤵
  PID:3864
- C:\Windows\System\mcewjhD.exe
  C:\Windows\System\mcewjhD.exe
  2⤵
  PID:3880
- C:\Windows\System\sHxsLTQ.exe
  C:\Windows\System\sHxsLTQ.exe
  2⤵
  PID:3896
- C:\Windows\System\LWHGdUP.exe
  C:\Windows\System\LWHGdUP.exe
  2⤵
  PID:3920
- C:\Windows\System\diUMaQC.exe
  C:\Windows\System\diUMaQC.exe
  2⤵
  PID:3940
- C:\Windows\System\gsYxoUM.exe
  C:\Windows\System\gsYxoUM.exe
  2⤵
  PID:3964
- C:\Windows\System\zbfeWyZ.exe
  C:\Windows\System\zbfeWyZ.exe
  2⤵
  PID:3984
- C:\Windows\System\rXonUku.exe
  C:\Windows\System\rXonUku.exe
  2⤵
  PID:4004
- C:\Windows\System\bvHApxR.exe
  C:\Windows\System\bvHApxR.exe
  2⤵
  PID:4024
- C:\Windows\System\ZPlFkFs.exe
  C:\Windows\System\ZPlFkFs.exe
  2⤵
  PID:4040
- C:\Windows\System\PHTaCNs.exe
  C:\Windows\System\PHTaCNs.exe
  2⤵
  PID:4064
- C:\Windows\System\SvAvvgG.exe
  C:\Windows\System\SvAvvgG.exe
  2⤵
  PID:4080
- C:\Windows\System\nwmHHrl.exe
  C:\Windows\System\nwmHHrl.exe
  2⤵
  PID:1004
- C:\Windows\System\DffMfjJ.exe
  C:\Windows\System\DffMfjJ.exe
  2⤵
  PID:280
- C:\Windows\System\vomNoER.exe
  C:\Windows\System\vomNoER.exe
  2⤵
  PID:2832
- C:\Windows\System\ezdqAgy.exe
  C:\Windows\System\ezdqAgy.exe
  2⤵
  PID:3036
- C:\Windows\System\sbpduEi.exe
  C:\Windows\System\sbpduEi.exe
  2⤵
  PID:2816
- C:\Windows\System\OLOGlsr.exe
  C:\Windows\System\OLOGlsr.exe
  2⤵
  PID:2880
- C:\Windows\System\TQVrqtU.exe
  C:\Windows\System\TQVrqtU.exe
  2⤵
  PID:1488
- C:\Windows\System\YahZryL.exe
  C:\Windows\System\YahZryL.exe
  2⤵
  PID:2144
- C:\Windows\System\PIItjSk.exe
  C:\Windows\System\PIItjSk.exe
  2⤵
  PID:2476
- C:\Windows\System\qhUPzHa.exe
  C:\Windows\System\qhUPzHa.exe
  2⤵
  PID:952
- C:\Windows\System\KGBeXgZ.exe
  C:\Windows\System\KGBeXgZ.exe
  2⤵
  PID:2320
- C:\Windows\System\OwWbosx.exe
  C:\Windows\System\OwWbosx.exe
  2⤵
  PID:2784
- C:\Windows\System\nEqxtIc.exe
  C:\Windows\System\nEqxtIc.exe
  2⤵
  PID:3108
- C:\Windows\System\mlBVqBa.exe
  C:\Windows\System\mlBVqBa.exe
  2⤵
  PID:3168
- C:\Windows\System\tptOYCl.exe
  C:\Windows\System\tptOYCl.exe
  2⤵
  PID:3260
- C:\Windows\System\HsnxOqh.exe
  C:\Windows\System\HsnxOqh.exe
  2⤵
  PID:3180
- C:\Windows\System\cMsmgSA.exe
  C:\Windows\System\cMsmgSA.exe
  2⤵
  PID:3152
- C:\Windows\System\xlcQBJw.exe
  C:\Windows\System\xlcQBJw.exe
  2⤵
  PID:3236
- C:\Windows\System\YdQzCDC.exe
  C:\Windows\System\YdQzCDC.exe
  2⤵
  PID:3308
- C:\Windows\System\BxEjfgz.exe
  C:\Windows\System\BxEjfgz.exe
  2⤵
  PID:3376
- C:\Windows\System\neHyScp.exe
  C:\Windows\System\neHyScp.exe
  2⤵
  PID:3408
- C:\Windows\System\YDcVNDi.exe
  C:\Windows\System\YDcVNDi.exe
  2⤵
  PID:3456
- C:\Windows\System\mqcEMkz.exe
  C:\Windows\System\mqcEMkz.exe
  2⤵
  PID:3396
- C:\Windows\System\FUpTZGw.exe
  C:\Windows\System\FUpTZGw.exe
  2⤵
  PID:3468
- C:\Windows\System\paQTQaw.exe
  C:\Windows\System\paQTQaw.exe
  2⤵
  PID:3512
- C:\Windows\System\SSMjCZF.exe
  C:\Windows\System\SSMjCZF.exe
  2⤵
  PID:3540
- C:\Windows\System\aSFFgsH.exe
  C:\Windows\System\aSFFgsH.exe
  2⤵
  PID:3576
- C:\Windows\System\DAlMuMO.exe
  C:\Windows\System\DAlMuMO.exe
  2⤵
  PID:3648
- C:\Windows\System\msGfaLb.exe
  C:\Windows\System\msGfaLb.exe
  2⤵
  PID:3692
- C:\Windows\System\NvMTuLX.exe
  C:\Windows\System\NvMTuLX.exe
  2⤵
  PID:3704
- C:\Windows\System\xOSTHII.exe
  C:\Windows\System\xOSTHII.exe
  2⤵
  PID:3628
- C:\Windows\System\UhTCrXT.exe
  C:\Windows\System\UhTCrXT.exe
  2⤵
  PID:3748
- C:\Windows\System\mktlppo.exe
  C:\Windows\System\mktlppo.exe
  2⤵
  PID:3804
- C:\Windows\System\hVMRNwR.exe
  C:\Windows\System\hVMRNwR.exe
  2⤵
  PID:3816
- C:\Windows\System\tXuwShP.exe
  C:\Windows\System\tXuwShP.exe
  2⤵
  PID:3860
- C:\Windows\System\bVHtwIt.exe
  C:\Windows\System\bVHtwIt.exe
  2⤵
  PID:3872
- C:\Windows\System\eWbUZlk.exe
  C:\Windows\System\eWbUZlk.exe
  2⤵
  PID:3912
- C:\Windows\System\nadJVfy.exe
  C:\Windows\System\nadJVfy.exe
  2⤵
  PID:3976
- C:\Windows\System\OEPhNuQ.exe
  C:\Windows\System\OEPhNuQ.exe
  2⤵
  PID:3956
- C:\Windows\System\RieogIl.exe
  C:\Windows\System\RieogIl.exe
  2⤵
  PID:3996
- C:\Windows\System\XKhnEap.exe
  C:\Windows\System\XKhnEap.exe
  2⤵
  PID:4060
- C:\Windows\System\HUVaAjN.exe
  C:\Windows\System\HUVaAjN.exe
  2⤵
  PID:4092
- C:\Windows\System\jLXwohE.exe
  C:\Windows\System\jLXwohE.exe
  2⤵
  PID:1612
- C:\Windows\System\zPPqCJe.exe
  C:\Windows\System\zPPqCJe.exe
  2⤵
  PID:1000
- C:\Windows\System\qXVPgIs.exe
  C:\Windows\System\qXVPgIs.exe
  2⤵
  PID:2560
- C:\Windows\System\HwURkiv.exe
  C:\Windows\System\HwURkiv.exe
  2⤵
  PID:1008
- C:\Windows\System\HfWjiNc.exe
  C:\Windows\System\HfWjiNc.exe
  2⤵
  PID:2348
- C:\Windows\System\prIXAsr.exe
  C:\Windows\System\prIXAsr.exe
  2⤵
  PID:2040
- C:\Windows\System\oTytOuY.exe
  C:\Windows\System\oTytOuY.exe
  2⤵
  PID:3088
- C:\Windows\System\zmiRioO.exe
  C:\Windows\System\zmiRioO.exe
  2⤵
  PID:3132
- C:\Windows\System\UPwkANe.exe
  C:\Windows\System\UPwkANe.exe
  2⤵
  PID:3252
- C:\Windows\System\GPIVCPO.exe
  C:\Windows\System\GPIVCPO.exe
  2⤵
  PID:3272
- C:\Windows\System\TcOSvTQ.exe
  C:\Windows\System\TcOSvTQ.exe
  2⤵
  PID:3328
- C:\Windows\System\wqKOPCe.exe
  C:\Windows\System\wqKOPCe.exe
  2⤵
  PID:3368
- C:\Windows\System\YhmNWOI.exe
  C:\Windows\System\YhmNWOI.exe
  2⤵
  PID:3356
- C:\Windows\System\rpUbqXO.exe
  C:\Windows\System\rpUbqXO.exe
  2⤵
  PID:3428
- C:\Windows\System\bbntBja.exe
  C:\Windows\System\bbntBja.exe
  2⤵
  PID:3536
- C:\Windows\System\MjGBXxX.exe
  C:\Windows\System\MjGBXxX.exe
  2⤵
  PID:3612
- C:\Windows\System\xNdtDWd.exe
  C:\Windows\System\xNdtDWd.exe
  2⤵
  PID:3684
- C:\Windows\System\nFJMmOH.exe
  C:\Windows\System\nFJMmOH.exe
  2⤵
  PID:3600
- C:\Windows\System\MlAaOKP.exe
  C:\Windows\System\MlAaOKP.exe
  2⤵
  PID:3744
- C:\Windows\System\EconWjr.exe
  C:\Windows\System\EconWjr.exe
  2⤵
  PID:3812
- C:\Windows\System\ISdztBe.exe
  C:\Windows\System\ISdztBe.exe
  2⤵
  PID:3856
- C:\Windows\System\RMIofjW.exe
  C:\Windows\System\RMIofjW.exe
  2⤵
  PID:3936
- C:\Windows\System\xsyluxE.exe
  C:\Windows\System\xsyluxE.exe
  2⤵
  PID:4032
- C:\Windows\System\IWRLnau.exe
  C:\Windows\System\IWRLnau.exe
  2⤵
  PID:4020
- C:\Windows\System\YGzwvai.exe
  C:\Windows\System\YGzwvai.exe
  2⤵
  PID:4072
- C:\Windows\System\XnhpuZP.exe
  C:\Windows\System\XnhpuZP.exe
  2⤵
  PID:1592
- C:\Windows\System\kDYHSqz.exe
  C:\Windows\System\kDYHSqz.exe
  2⤵
  PID:2888
- C:\Windows\System\cCofstK.exe
  C:\Windows\System\cCofstK.exe
  2⤵
  PID:3092
- C:\Windows\System\lnavymg.exe
  C:\Windows\System\lnavymg.exe
  2⤵
  PID:2952
- C:\Windows\System\HOnpofa.exe
  C:\Windows\System\HOnpofa.exe
  2⤵
  PID:3296
- C:\Windows\System\FNQplTp.exe
  C:\Windows\System\FNQplTp.exe
  2⤵
  PID:3136
- C:\Windows\System\LcGdyIj.exe
  C:\Windows\System\LcGdyIj.exe
  2⤵
  PID:3292
- C:\Windows\System\wNIGppB.exe
  C:\Windows\System\wNIGppB.exe
  2⤵
  PID:3500
- C:\Windows\System\dBVdPVa.exe
  C:\Windows\System\dBVdPVa.exe
  2⤵
  PID:3476
- C:\Windows\System\JdNgZGb.exe
  C:\Windows\System\JdNgZGb.exe
  2⤵
  PID:3592
- C:\Windows\System\yLLODBb.exe
  C:\Windows\System\yLLODBb.exe
  2⤵
  PID:3756
- C:\Windows\System\ZDQDegv.exe
  C:\Windows\System\ZDQDegv.exe
  2⤵
  PID:3792
- C:\Windows\System\ARzgKeW.exe
  C:\Windows\System\ARzgKeW.exe
  2⤵
  PID:4104
- C:\Windows\System\FQZkwAv.exe
  C:\Windows\System\FQZkwAv.exe
  2⤵
  PID:4128
- C:\Windows\System\RevRCWT.exe
  C:\Windows\System\RevRCWT.exe
  2⤵
  PID:4152
- C:\Windows\System\ekUdvrI.exe
  C:\Windows\System\ekUdvrI.exe
  2⤵
  PID:4176
- C:\Windows\System\EYDallK.exe
  C:\Windows\System\EYDallK.exe
  2⤵
  PID:4196
- C:\Windows\System\WQkMcQX.exe
  C:\Windows\System\WQkMcQX.exe
  2⤵
  PID:4212
- C:\Windows\System\voOJQUA.exe
  C:\Windows\System\voOJQUA.exe
  2⤵
  PID:4236
- C:\Windows\System\QwwcjdH.exe
  C:\Windows\System\QwwcjdH.exe
  2⤵
  PID:4252
- C:\Windows\System\EjePOSM.exe
  C:\Windows\System\EjePOSM.exe
  2⤵
  PID:4276
- C:\Windows\System\BlNSebH.exe
  C:\Windows\System\BlNSebH.exe
  2⤵
  PID:4296
- C:\Windows\System\iAzgbBi.exe
  C:\Windows\System\iAzgbBi.exe
  2⤵
  PID:4316
- C:\Windows\System\WXVdLsC.exe
  C:\Windows\System\WXVdLsC.exe
  2⤵
  PID:4336
- C:\Windows\System\zjfZgYo.exe
  C:\Windows\System\zjfZgYo.exe
  2⤵
  PID:4352
- C:\Windows\System\COurGKR.exe
  C:\Windows\System\COurGKR.exe
  2⤵
  PID:4372
- C:\Windows\System\sRudovT.exe
  C:\Windows\System\sRudovT.exe
  2⤵
  PID:4392
- C:\Windows\System\ysIhIHP.exe
  C:\Windows\System\ysIhIHP.exe
  2⤵
  PID:4416
- C:\Windows\System\wvxtklM.exe
  C:\Windows\System\wvxtklM.exe
  2⤵
  PID:4436
- C:\Windows\System\LdxeQds.exe
  C:\Windows\System\LdxeQds.exe
  2⤵
  PID:4456
- C:\Windows\System\ooWjFMF.exe
  C:\Windows\System\ooWjFMF.exe
  2⤵
  PID:4476
- C:\Windows\System\uSDahxx.exe
  C:\Windows\System\uSDahxx.exe
  2⤵
  PID:4492
- C:\Windows\System\GlcLgyo.exe
  C:\Windows\System\GlcLgyo.exe
  2⤵
  PID:4516
- C:\Windows\System\TMwXuOg.exe
  C:\Windows\System\TMwXuOg.exe
  2⤵
  PID:4532
- C:\Windows\System\enNzXZw.exe
  C:\Windows\System\enNzXZw.exe
  2⤵
  PID:4548
- C:\Windows\System\zQcEdVH.exe
  C:\Windows\System\zQcEdVH.exe
  2⤵
  PID:4572
- C:\Windows\System\eunSdOU.exe
  C:\Windows\System\eunSdOU.exe
  2⤵
  PID:4596
- C:\Windows\System\OPgswsE.exe
  C:\Windows\System\OPgswsE.exe
  2⤵
  PID:4616
- C:\Windows\System\puctUrj.exe
  C:\Windows\System\puctUrj.exe
  2⤵
  PID:4636
- C:\Windows\System\CZEXmjP.exe
  C:\Windows\System\CZEXmjP.exe
  2⤵
  PID:4656
- C:\Windows\System\VGmDRNk.exe
  C:\Windows\System\VGmDRNk.exe
  2⤵
  PID:4672
- C:\Windows\System\iJzsIrn.exe
  C:\Windows\System\iJzsIrn.exe
  2⤵
  PID:4696
- C:\Windows\System\mwqiuod.exe
  C:\Windows\System\mwqiuod.exe
  2⤵
  PID:4716
- C:\Windows\System\POdwcrr.exe
  C:\Windows\System\POdwcrr.exe
  2⤵
  PID:4732
- C:\Windows\System\mFVPeHm.exe
  C:\Windows\System\mFVPeHm.exe
  2⤵
  PID:4748
- C:\Windows\System\UovvaSw.exe
  C:\Windows\System\UovvaSw.exe
  2⤵
  PID:4768
- C:\Windows\System\FHRJLWp.exe
  C:\Windows\System\FHRJLWp.exe
  2⤵
  PID:4796
- C:\Windows\System\mIkKvcR.exe
  C:\Windows\System\mIkKvcR.exe
  2⤵
  PID:4812
- C:\Windows\System\umGyvsD.exe
  C:\Windows\System\umGyvsD.exe
  2⤵
  PID:4836
- C:\Windows\System\UkYpKzo.exe
  C:\Windows\System\UkYpKzo.exe
  2⤵
  PID:4852
- C:\Windows\System\dOLtRbv.exe
  C:\Windows\System\dOLtRbv.exe
  2⤵
  PID:4872
- C:\Windows\System\FUuYcxQ.exe
  C:\Windows\System\FUuYcxQ.exe
  2⤵
  PID:4896
- C:\Windows\System\wkEGjkS.exe
  C:\Windows\System\wkEGjkS.exe
  2⤵
  PID:4920
- C:\Windows\System\EKqKWUd.exe
  C:\Windows\System\EKqKWUd.exe
  2⤵
  PID:4936
- C:\Windows\System\VvKfNIe.exe
  C:\Windows\System\VvKfNIe.exe
  2⤵
  PID:4956
- C:\Windows\System\HSmjkmr.exe
  C:\Windows\System\HSmjkmr.exe
  2⤵
  PID:4972
- C:\Windows\System\qCrYpbS.exe
  C:\Windows\System\qCrYpbS.exe
  2⤵
  PID:5000
- C:\Windows\System\KsvyGHV.exe
  C:\Windows\System\KsvyGHV.exe
  2⤵
  PID:5020
- C:\Windows\System\XbXNYpk.exe
  C:\Windows\System\XbXNYpk.exe
  2⤵
  PID:5036
- C:\Windows\System\OusKYDI.exe
  C:\Windows\System\OusKYDI.exe
  2⤵
  PID:5056
- C:\Windows\System\ycubylN.exe
  C:\Windows\System\ycubylN.exe
  2⤵
  PID:5072
- C:\Windows\System\OyGmdbB.exe
  C:\Windows\System\OyGmdbB.exe
  2⤵
  PID:5088
- C:\Windows\System\yOGgCHS.exe
  C:\Windows\System\yOGgCHS.exe
  2⤵
  PID:5104
- C:\Windows\System\grcLCRs.exe
  C:\Windows\System\grcLCRs.exe
  2⤵
  PID:3972
- C:\Windows\System\rCtpgTJ.exe
  C:\Windows\System\rCtpgTJ.exe
  2⤵
  PID:4076
- C:\Windows\System\OwSPJGS.exe
  C:\Windows\System\OwSPJGS.exe
  2⤵
  PID:4088
- C:\Windows\System\MeWXUvc.exe
  C:\Windows\System\MeWXUvc.exe
  2⤵
  PID:2892
- C:\Windows\System\wHewVjP.exe
  C:\Windows\System\wHewVjP.exe
  2⤵
  PID:3216
- C:\Windows\System\KmPuSaw.exe
  C:\Windows\System\KmPuSaw.exe
  2⤵
  PID:3348
- C:\Windows\System\ZolkAxf.exe
  C:\Windows\System\ZolkAxf.exe
  2⤵
  PID:3432
- C:\Windows\System\dhSgosn.exe
  C:\Windows\System\dhSgosn.exe
  2⤵
  PID:3332
- C:\Windows\System\uWrKtvL.exe
  C:\Windows\System\uWrKtvL.exe
  2⤵
  PID:3664
- C:\Windows\System\zSQKsDF.exe
  C:\Windows\System\zSQKsDF.exe
  2⤵
  PID:4124
- C:\Windows\System\rLLsgOL.exe
  C:\Windows\System\rLLsgOL.exe
  2⤵
  PID:3752
- C:\Windows\System\lEFzteN.exe
  C:\Windows\System\lEFzteN.exe
  2⤵
  PID:4144
- C:\Windows\System\aJNWyxN.exe
  C:\Windows\System\aJNWyxN.exe
  2⤵
  PID:4188
- C:\Windows\System\eVVhIMD.exe
  C:\Windows\System\eVVhIMD.exe
  2⤵
  PID:4244
- C:\Windows\System\lOSXtLv.exe
  C:\Windows\System\lOSXtLv.exe
  2⤵
  PID:4292
- C:\Windows\System\lnAMhxH.exe
  C:\Windows\System\lnAMhxH.exe
  2⤵
  PID:4304
- C:\Windows\System\vbcyWAE.exe
  C:\Windows\System\vbcyWAE.exe
  2⤵
  PID:4312
- C:\Windows\System\BhvFQeu.exe
  C:\Windows\System\BhvFQeu.exe
  2⤵
  PID:4348
- C:\Windows\System\nSgEtHd.exe
  C:\Windows\System\nSgEtHd.exe
  2⤵
  PID:4380
- C:\Windows\System\pnMNQqx.exe
  C:\Windows\System\pnMNQqx.exe
  2⤵
  PID:4432
- C:\Windows\System\ALzGVBs.exe
  C:\Windows\System\ALzGVBs.exe
  2⤵
  PID:4484
- C:\Windows\System\omJkxFH.exe
  C:\Windows\System\omJkxFH.exe
  2⤵
  PID:4500
- C:\Windows\System\bYatJLE.exe
  C:\Windows\System\bYatJLE.exe
  2⤵
  PID:4560
- C:\Windows\System\Lmgrvzj.exe
  C:\Windows\System\Lmgrvzj.exe
  2⤵
  PID:2956
- C:\Windows\System\iXMxXJj.exe
  C:\Windows\System\iXMxXJj.exe
  2⤵
  PID:4592
- C:\Windows\System\ZupRXUB.exe
  C:\Windows\System\ZupRXUB.exe
  2⤵
  PID:4644
- C:\Windows\System\vlUCCsE.exe
  C:\Windows\System\vlUCCsE.exe
  2⤵
  PID:4680
- C:\Windows\System\SxVfzYl.exe
  C:\Windows\System\SxVfzYl.exe
  2⤵
  PID:4724
- C:\Windows\System\UaZRUUb.exe
  C:\Windows\System\UaZRUUb.exe
  2⤵
  PID:4804
- C:\Windows\System\ZuQpsap.exe
  C:\Windows\System\ZuQpsap.exe
  2⤵
  PID:4708
- C:\Windows\System\UVtfFiK.exe
  C:\Windows\System\UVtfFiK.exe
  2⤵
  PID:4744
- C:\Windows\System\JttCTHO.exe
  C:\Windows\System\JttCTHO.exe
  2⤵
  PID:4820
- C:\Windows\System\WlYhtOg.exe
  C:\Windows\System\WlYhtOg.exe
  2⤵
  PID:4888
- C:\Windows\System\HvGUOIp.exe
  C:\Windows\System\HvGUOIp.exe
  2⤵
  PID:4864
- C:\Windows\System\xfDsDig.exe
  C:\Windows\System\xfDsDig.exe
  2⤵
  PID:4968
- C:\Windows\System\YjulFMd.exe
  C:\Windows\System\YjulFMd.exe
  2⤵
  PID:4916
- C:\Windows\System\FofIkHL.exe
  C:\Windows\System\FofIkHL.exe
  2⤵
  PID:4952
- C:\Windows\System\geXGyPP.exe
  C:\Windows\System\geXGyPP.exe
  2⤵
  PID:5044
- C:\Windows\System\QtDhJGa.exe
  C:\Windows\System\QtDhJGa.exe
  2⤵
  PID:5084
- C:\Windows\System\TwMBYiO.exe
  C:\Windows\System\TwMBYiO.exe
  2⤵
  PID:5116
- C:\Windows\System\dGCUMRA.exe
  C:\Windows\System\dGCUMRA.exe
  2⤵
  PID:4000
- C:\Windows\System\vsFBiZE.exe
  C:\Windows\System\vsFBiZE.exe
  2⤵
  PID:440
- C:\Windows\System\XnELOcK.exe
  C:\Windows\System\XnELOcK.exe
  2⤵
  PID:5096
- C:\Windows\System\dOcrwzp.exe
  C:\Windows\System\dOcrwzp.exe
  2⤵
  PID:3120
- C:\Windows\System\VzUzWXH.exe
  C:\Windows\System\VzUzWXH.exe
  2⤵
  PID:3388
- C:\Windows\System\BxUwOlq.exe
  C:\Windows\System\BxUwOlq.exe
  2⤵
  PID:3776
- C:\Windows\System\PrUloCZ.exe
  C:\Windows\System\PrUloCZ.exe
  2⤵
  PID:4112
- C:\Windows\System\kcZyuKB.exe
  C:\Windows\System\kcZyuKB.exe
  2⤵
  PID:4184
- C:\Windows\System\yUsrqkO.exe
  C:\Windows\System\yUsrqkO.exe
  2⤵
  PID:4224
- C:\Windows\System\JTMLMqn.exe
  C:\Windows\System\JTMLMqn.exe
  2⤵
  PID:4228
- C:\Windows\System\ddwFEtp.exe
  C:\Windows\System\ddwFEtp.exe
  2⤵
  PID:4328
- C:\Windows\System\lQDiIlW.exe
  C:\Windows\System\lQDiIlW.exe
  2⤵
  PID:4344
- C:\Windows\System\zXThyyh.exe
  C:\Windows\System\zXThyyh.exe
  2⤵
  PID:4452
- C:\Windows\System\HDmyqFt.exe
  C:\Windows\System\HDmyqFt.exe
  2⤵
  PID:4508
- C:\Windows\System\gvhTjBt.exe
  C:\Windows\System\gvhTjBt.exe
  2⤵
  PID:4468
- C:\Windows\System\akdfrWp.exe
  C:\Windows\System\akdfrWp.exe
  2⤵
  PID:4608
- C:\Windows\System\rdrgrwy.exe
  C:\Windows\System\rdrgrwy.exe
  2⤵
  PID:4628
- C:\Windows\System\kKdspSz.exe
  C:\Windows\System\kKdspSz.exe
  2⤵
  PID:4692
- C:\Windows\System\NzJXyek.exe
  C:\Windows\System\NzJXyek.exe
  2⤵
  PID:4848
- C:\Windows\System\QhiOQUL.exe
  C:\Windows\System\QhiOQUL.exe
  2⤵
  PID:4792
- C:\Windows\System\RHCDRnd.exe
  C:\Windows\System\RHCDRnd.exe
  2⤵
  PID:4928
- C:\Windows\System\rergAZY.exe
  C:\Windows\System\rergAZY.exe
  2⤵
  PID:2588
- C:\Windows\System\yfmjyWY.exe
  C:\Windows\System\yfmjyWY.exe
  2⤵
  PID:4908
- C:\Windows\System\xPtecrH.exe
  C:\Windows\System\xPtecrH.exe
  2⤵
  PID:4996
- C:\Windows\System\bvJpnxt.exe
  C:\Windows\System\bvJpnxt.exe
  2⤵
  PID:4012
- C:\Windows\System\CghzMWR.exe
  C:\Windows\System\CghzMWR.exe
  2⤵
  PID:2932
- C:\Windows\System\lBmxThw.exe
  C:\Windows\System\lBmxThw.exe
  2⤵
  PID:3948
- C:\Windows\System\weQbBCo.exe
  C:\Windows\System\weQbBCo.exe
  2⤵
  PID:680
- C:\Windows\System\obhXwpq.exe
  C:\Windows\System\obhXwpq.exe
  2⤵
  PID:3596
- C:\Windows\System\LjOpqsf.exe
  C:\Windows\System\LjOpqsf.exe
  2⤵
  PID:4100
- C:\Windows\System\ROWyHzk.exe
  C:\Windows\System\ROWyHzk.exe
  2⤵
  PID:4272
- C:\Windows\System\gZsxNXM.exe
  C:\Windows\System\gZsxNXM.exe
  2⤵
  PID:4524
- C:\Windows\System\ymXNyRH.exe
  C:\Windows\System\ymXNyRH.exe
  2⤵
  PID:5128
- C:\Windows\System\EZfbZmR.exe
  C:\Windows\System\EZfbZmR.exe
  2⤵
  PID:5144
- C:\Windows\System\npjWWNi.exe
  C:\Windows\System\npjWWNi.exe
  2⤵
  PID:5160
- C:\Windows\System\vrfPwzm.exe
  C:\Windows\System\vrfPwzm.exe
  2⤵
  PID:5180
- C:\Windows\System\YkoedMu.exe
  C:\Windows\System\YkoedMu.exe
  2⤵
  PID:5200
- C:\Windows\System\VTJbSRZ.exe
  C:\Windows\System\VTJbSRZ.exe
  2⤵
  PID:5216
- C:\Windows\System\jLPMzOF.exe
  C:\Windows\System\jLPMzOF.exe
  2⤵
  PID:5236
- C:\Windows\System\LkDYoaL.exe
  C:\Windows\System\LkDYoaL.exe
  2⤵
  PID:5256
- C:\Windows\System\bgcMWWH.exe
  C:\Windows\System\bgcMWWH.exe
  2⤵
  PID:5272
- C:\Windows\System\uRnYQoV.exe
  C:\Windows\System\uRnYQoV.exe
  2⤵
  PID:5288
- C:\Windows\System\taJVlBX.exe
  C:\Windows\System\taJVlBX.exe
  2⤵
  PID:5304
- C:\Windows\System\DNmRuYj.exe
  C:\Windows\System\DNmRuYj.exe
  2⤵
  PID:5320
- C:\Windows\System\QrnlCTc.exe
  C:\Windows\System\QrnlCTc.exe
  2⤵
  PID:5336
- C:\Windows\System\ZOqzkPT.exe
  C:\Windows\System\ZOqzkPT.exe
  2⤵
  PID:5356
- C:\Windows\System\twTQJpL.exe
  C:\Windows\System\twTQJpL.exe
  2⤵
  PID:5384
- C:\Windows\System\yNYQeEI.exe
  C:\Windows\System\yNYQeEI.exe
  2⤵
  PID:5408
- C:\Windows\System\oaPMMOG.exe
  C:\Windows\System\oaPMMOG.exe
  2⤵
  PID:5432
- C:\Windows\System\bqotMlP.exe
  C:\Windows\System\bqotMlP.exe
  2⤵
  PID:5452
- C:\Windows\System\phhWVkq.exe
  C:\Windows\System\phhWVkq.exe
  2⤵
  PID:5508
- C:\Windows\System\XNoMAWa.exe
  C:\Windows\System\XNoMAWa.exe
  2⤵
  PID:5528
- C:\Windows\System\kRoXnED.exe
  C:\Windows\System\kRoXnED.exe
  2⤵
  PID:5548
- C:\Windows\System\oeGGkqH.exe
  C:\Windows\System\oeGGkqH.exe
  2⤵
  PID:5568
- C:\Windows\System\MvusCDG.exe
  C:\Windows\System\MvusCDG.exe
  2⤵
  PID:5588
- C:\Windows\System\nBvHNsX.exe
  C:\Windows\System\nBvHNsX.exe
  2⤵
  PID:5608
- C:\Windows\System\lZRrXAq.exe
  C:\Windows\System\lZRrXAq.exe
  2⤵
  PID:5628
- C:\Windows\System\cQcsErt.exe
  C:\Windows\System\cQcsErt.exe
  2⤵
  PID:5648
- C:\Windows\System\IHIPyUg.exe
  C:\Windows\System\IHIPyUg.exe
  2⤵
  PID:5668
- C:\Windows\System\FGmXtrU.exe
  C:\Windows\System\FGmXtrU.exe
  2⤵
  PID:5688
- C:\Windows\System\DhcCKvC.exe
  C:\Windows\System\DhcCKvC.exe
  2⤵
  PID:5708
- C:\Windows\System\rPlARaR.exe
  C:\Windows\System\rPlARaR.exe
  2⤵
  PID:5728
- C:\Windows\System\VzOJvIS.exe
  C:\Windows\System\VzOJvIS.exe
  2⤵
  PID:5748
- C:\Windows\System\vsLTDkZ.exe
  C:\Windows\System\vsLTDkZ.exe
  2⤵
  PID:5764
- C:\Windows\System\PNDZkgw.exe
  C:\Windows\System\PNDZkgw.exe
  2⤵
  PID:5788
- C:\Windows\System\bVJmMSS.exe
  C:\Windows\System\bVJmMSS.exe
  2⤵
  PID:5808
- C:\Windows\System\hmTgcIK.exe
  C:\Windows\System\hmTgcIK.exe
  2⤵
  PID:5828
- C:\Windows\System\XnObkSa.exe
  C:\Windows\System\XnObkSa.exe
  2⤵
  PID:5848
- C:\Windows\System\gcgQnVb.exe
  C:\Windows\System\gcgQnVb.exe
  2⤵
  PID:5868
- C:\Windows\System\EsVnpZl.exe
  C:\Windows\System\EsVnpZl.exe
  2⤵
  PID:5888
- C:\Windows\System\CBmDPYE.exe
  C:\Windows\System\CBmDPYE.exe
  2⤵
  PID:5908
- C:\Windows\System\ZnLaRtl.exe
  C:\Windows\System\ZnLaRtl.exe
  2⤵
  PID:5928
- C:\Windows\System\WvhovMO.exe
  C:\Windows\System\WvhovMO.exe
  2⤵
  PID:5948
- C:\Windows\System\AmmMTsF.exe
  C:\Windows\System\AmmMTsF.exe
  2⤵
  PID:5968
- C:\Windows\System\EXDHWiF.exe
  C:\Windows\System\EXDHWiF.exe
  2⤵
  PID:5988
- C:\Windows\System\IKXEgPs.exe
  C:\Windows\System\IKXEgPs.exe
  2⤵
  PID:6008
- C:\Windows\System\TLjbuhV.exe
  C:\Windows\System\TLjbuhV.exe
  2⤵
  PID:6028
- C:\Windows\System\yTiYZMV.exe
  C:\Windows\System\yTiYZMV.exe
  2⤵
  PID:6048
- C:\Windows\System\rLgXejL.exe
  C:\Windows\System\rLgXejL.exe
  2⤵
  PID:6068
- C:\Windows\System\WdlcIig.exe
  C:\Windows\System\WdlcIig.exe
  2⤵
  PID:6088
- C:\Windows\System\zXMJftk.exe
  C:\Windows\System\zXMJftk.exe
  2⤵
  PID:6108
- C:\Windows\System\mwswWhv.exe
  C:\Windows\System\mwswWhv.exe
  2⤵
  PID:6128
- C:\Windows\System\ibwSRDf.exe
  C:\Windows\System\ibwSRDf.exe
  2⤵
  PID:2840
- C:\Windows\System\RdtMpIp.exe
  C:\Windows\System\RdtMpIp.exe
  2⤵
  PID:4668
- C:\Windows\System\VAexOKP.exe
  C:\Windows\System\VAexOKP.exe
  2⤵
  PID:4828
- C:\Windows\System\yHenhoU.exe
  C:\Windows\System\yHenhoU.exe
  2⤵
  PID:5064
- C:\Windows\System\FjjTshV.exe
  C:\Windows\System\FjjTshV.exe
  2⤵
  PID:1148
- C:\Windows\System\aQJpyiE.exe
  C:\Windows\System\aQJpyiE.exe
  2⤵
  PID:2012
- C:\Windows\System\ixKLtxA.exe
  C:\Windows\System\ixKLtxA.exe
  2⤵
  PID:4364
- C:\Windows\System\AAtqtZo.exe
  C:\Windows\System\AAtqtZo.exe
  2⤵
  PID:5156
- C:\Windows\System\FPEBEza.exe
  C:\Windows\System\FPEBEza.exe
  2⤵
  PID:4284
- C:\Windows\System\zQHWIiW.exe
  C:\Windows\System\zQHWIiW.exe
  2⤵
  PID:4360
- C:\Windows\System\eIFEROK.exe
  C:\Windows\System\eIFEROK.exe
  2⤵
  PID:4760
- C:\Windows\System\lkjJRNe.exe
  C:\Windows\System\lkjJRNe.exe
  2⤵
  PID:5268
- C:\Windows\System\wnPEIuD.exe
  C:\Windows\System\wnPEIuD.exe
  2⤵
  PID:5296
- C:\Windows\System\grDsmMe.exe
  C:\Windows\System\grDsmMe.exe
  2⤵
  PID:4944
- C:\Windows\System\elOxUsy.exe
  C:\Windows\System\elOxUsy.exe
  2⤵
  PID:5100
- C:\Windows\System\QriYXdM.exe
  C:\Windows\System\QriYXdM.exe
  2⤵
  PID:5368
- C:\Windows\System\LZBVUOy.exe
  C:\Windows\System\LZBVUOy.exe
  2⤵
  PID:3808
- C:\Windows\System\JhdTwpl.exe
  C:\Windows\System\JhdTwpl.exe
  2⤵
  PID:4444
- C:\Windows\System\IPGLsmY.exe
  C:\Windows\System\IPGLsmY.exe
  2⤵
  PID:5424
- C:\Windows\System\lNnbzlu.exe
  C:\Windows\System\lNnbzlu.exe
  2⤵
  PID:5344
- C:\Windows\System\KGMaKxi.exe
  C:\Windows\System\KGMaKxi.exe
  2⤵
  PID:5400
- C:\Windows\System\GzZimOP.exe
  C:\Windows\System\GzZimOP.exe
  2⤵
  PID:5284
- C:\Windows\System\rUdIbAz.exe
  C:\Windows\System\rUdIbAz.exe
  2⤵
  PID:5212
- C:\Windows\System\yojKxGy.exe
  C:\Windows\System\yojKxGy.exe
  2⤵
  PID:5448
- C:\Windows\System\IOtYMBm.exe
  C:\Windows\System\IOtYMBm.exe
  2⤵
  PID:5472
- C:\Windows\System\fOVoQys.exe
  C:\Windows\System\fOVoQys.exe
  2⤵
  PID:5488
- C:\Windows\System\mnqOWUV.exe
  C:\Windows\System\mnqOWUV.exe
  2⤵
  PID:5536
- C:\Windows\System\fidIajX.exe
  C:\Windows\System\fidIajX.exe
  2⤵
  PID:5520
- C:\Windows\System\dswWyLR.exe
  C:\Windows\System\dswWyLR.exe
  2⤵
  PID:5584
- C:\Windows\System\NpFqcAh.exe
  C:\Windows\System\NpFqcAh.exe
  2⤵
  PID:5624
- C:\Windows\System\tkLbXNL.exe
  C:\Windows\System\tkLbXNL.exe
  2⤵
  PID:5656
- C:\Windows\System\gqupiGA.exe
  C:\Windows\System\gqupiGA.exe
  2⤵
  PID:5660
- C:\Windows\System\EJDkPzp.exe
  C:\Windows\System\EJDkPzp.exe
  2⤵
  PID:5680
- C:\Windows\System\rWYRxQo.exe
  C:\Windows\System\rWYRxQo.exe
  2⤵
  PID:5736
- C:\Windows\System\VEMKJTf.exe
  C:\Windows\System\VEMKJTf.exe
  2⤵
  PID:5720
- C:\Windows\System\biWyzAQ.exe
  C:\Windows\System\biWyzAQ.exe
  2⤵
  PID:5772
- C:\Windows\System\momYhxs.exe
  C:\Windows\System\momYhxs.exe
  2⤵
  PID:5760
- C:\Windows\System\afHVycU.exe
  C:\Windows\System\afHVycU.exe
  2⤵
  PID:5816
- C:\Windows\System\PpmZRza.exe
  C:\Windows\System\PpmZRza.exe
  2⤵
  PID:5836
- C:\Windows\System\DHyhQzW.exe
  C:\Windows\System\DHyhQzW.exe
  2⤵
  PID:5860
- C:\Windows\System\ZPXLldl.exe
  C:\Windows\System\ZPXLldl.exe
  2⤵
  PID:5904
- C:\Windows\System\dbuoCLd.exe
  C:\Windows\System\dbuoCLd.exe
  2⤵
  PID:5936
- C:\Windows\System\wCvpjBy.exe
  C:\Windows\System\wCvpjBy.exe
  2⤵
  PID:5924
- C:\Windows\System\HVEjAMw.exe
  C:\Windows\System\HVEjAMw.exe
  2⤵
  PID:5984
- C:\Windows\System\evZpjXE.exe
  C:\Windows\System\evZpjXE.exe
  2⤵
  PID:5996
- C:\Windows\System\IrAPVZh.exe
  C:\Windows\System\IrAPVZh.exe
  2⤵
  PID:6020
- C:\Windows\System\xHYOgXx.exe
  C:\Windows\System\xHYOgXx.exe
  2⤵
  PID:6036
- C:\Windows\System\jokqPTS.exe
  C:\Windows\System\jokqPTS.exe
  2⤵
  PID:6104
- C:\Windows\System\JlUyxLm.exe
  C:\Windows\System\JlUyxLm.exe
  2⤵
  PID:6136
- C:\Windows\System\wmYblHK.exe
  C:\Windows\System\wmYblHK.exe
  2⤵
  PID:6124
- C:\Windows\System\QSOPjuH.exe
  C:\Windows\System\QSOPjuH.exe
  2⤵
  PID:2272
- C:\Windows\System\Zxwwcwx.exe
  C:\Windows\System\Zxwwcwx.exe
  2⤵
  PID:3192
- C:\Windows\System\TWPUrSG.exe
  C:\Windows\System\TWPUrSG.exe
  2⤵
  PID:5008
- C:\Windows\System\uBgbCyZ.exe
  C:\Windows\System\uBgbCyZ.exe
  2⤵
  PID:4192
- C:\Windows\System\BcptwQb.exe
  C:\Windows\System\BcptwQb.exe
  2⤵
  PID:2440
- C:\Windows\System\xQsUfnN.exe
  C:\Windows\System\xQsUfnN.exe
  2⤵
  PID:5244
- C:\Windows\System\btDTGSd.exe
  C:\Windows\System\btDTGSd.exe
  2⤵
  PID:5556
- C:\Windows\System\aCkRFiL.exe
  C:\Windows\System\aCkRFiL.exe
  2⤵
  PID:2788
- C:\Windows\System\bnNHGoO.exe
  C:\Windows\System\bnNHGoO.exe
  2⤵
  PID:1780
- C:\Windows\System\rEZMGlx.exe
  C:\Windows\System\rEZMGlx.exe
  2⤵
  PID:5856
- C:\Windows\System\FyTDqBA.exe
  C:\Windows\System\FyTDqBA.exe
  2⤵
  PID:5124
- C:\Windows\System\aPEHrmL.exe
  C:\Windows\System\aPEHrmL.exe
  2⤵
  PID:4448
- C:\Windows\System\igGqwIw.exe
  C:\Windows\System\igGqwIw.exe
  2⤵
  PID:5864
- C:\Windows\System\DAOnswR.exe
  C:\Windows\System\DAOnswR.exe
  2⤵
  PID:5916
- C:\Windows\System\nEKjqwh.exe
  C:\Windows\System\nEKjqwh.exe
  2⤵
  PID:2148
- C:\Windows\System\FEQsLEs.exe
  C:\Windows\System\FEQsLEs.exe
  2⤵
  PID:1020
- C:\Windows\System\qWspuYV.exe
  C:\Windows\System\qWspuYV.exe
  2⤵
  PID:3028
- C:\Windows\System\uqSbZCA.exe
  C:\Windows\System\uqSbZCA.exe
  2⤵
  PID:6004
- C:\Windows\System\nprvbhQ.exe
  C:\Windows\System\nprvbhQ.exe
  2⤵
  PID:2920
- C:\Windows\System\nmVvmfl.exe
  C:\Windows\System\nmVvmfl.exe
  2⤵
  PID:5976
- C:\Windows\System\DJQccup.exe
  C:\Windows\System\DJQccup.exe
  2⤵
  PID:1644
- C:\Windows\System\pytYslE.exe
  C:\Windows\System\pytYslE.exe
  2⤵
  PID:864
- C:\Windows\System\edUSBrB.exe
  C:\Windows\System\edUSBrB.exe
  2⤵
  PID:2184
- C:\Windows\System\REZRPmW.exe
  C:\Windows\System\REZRPmW.exe
  2⤵
  PID:2648
- C:\Windows\System\IGnaKiu.exe
  C:\Windows\System\IGnaKiu.exe
  2⤵
  PID:2812
- C:\Windows\System\kGGLzkl.exe
  C:\Windows\System\kGGLzkl.exe
  2⤵
  PID:4588
- C:\Windows\System\yroKaBM.exe
  C:\Windows\System\yroKaBM.exe
  2⤵
  PID:1912
- C:\Windows\System\mBKMVLn.exe
  C:\Windows\System\mBKMVLn.exe
  2⤵
  PID:2928
- C:\Windows\System\cOajEAi.exe
  C:\Windows\System\cOajEAi.exe
  2⤵
  PID:2976
- C:\Windows\System\AjmgXJi.exe
  C:\Windows\System\AjmgXJi.exe
  2⤵
  PID:2352
- C:\Windows\System\FoxSYeB.exe
  C:\Windows\System\FoxSYeB.exe
  2⤵
  PID:1280
- C:\Windows\System\FqwfVDe.exe
  C:\Windows\System\FqwfVDe.exe
  2⤵
  PID:2016
- C:\Windows\System\cTFPaTu.exe
  C:\Windows\System\cTFPaTu.exe
  2⤵
  PID:2804
- C:\Windows\System\iQwBHfc.exe
  C:\Windows\System\iQwBHfc.exe
  2⤵
  PID:5604
- C:\Windows\System\vImffJZ.exe
  C:\Windows\System\vImffJZ.exe
  2⤵
  PID:2552
- C:\Windows\System\JasCIhD.exe
  C:\Windows\System\JasCIhD.exe
  2⤵
  PID:5516
- C:\Windows\System\FipRRHm.exe
  C:\Windows\System\FipRRHm.exe
  2⤵
  PID:1116
- C:\Windows\System\JSPIoBS.exe
  C:\Windows\System\JSPIoBS.exe
  2⤵
  PID:5956
- C:\Windows\System\xKiwioc.exe
  C:\Windows\System\xKiwioc.exe
  2⤵
  PID:5480
- C:\Windows\System\vhDvMGi.exe
  C:\Windows\System\vhDvMGi.exe
  2⤵
  PID:4704
- C:\Windows\System\FQHNiUa.exe
  C:\Windows\System\FQHNiUa.exe
  2⤵
  PID:4948
- C:\Windows\System\CfGHYur.exe
  C:\Windows\System\CfGHYur.exe
  2⤵
  PID:4408
- C:\Windows\System\tKtsgdd.exe
  C:\Windows\System\tKtsgdd.exe
  2⤵
  PID:2700
- C:\Windows\System\mFlNBTO.exe
  C:\Windows\System\mFlNBTO.exe
  2⤵
  PID:5600
- C:\Windows\System\SrWSmLq.exe
  C:\Windows\System\SrWSmLq.exe
  2⤵
  PID:4288
- C:\Windows\System\JoMIBIm.exe
  C:\Windows\System\JoMIBIm.exe
  2⤵
  PID:5420
- C:\Windows\System\EeUrVBo.exe
  C:\Windows\System\EeUrVBo.exe
  2⤵
  PID:4632
- C:\Windows\System\uvPWcOF.exe
  C:\Windows\System\uvPWcOF.exe
  2⤵
  PID:2660
- C:\Windows\System\eBzebMP.exe
  C:\Windows\System\eBzebMP.exe
  2⤵
  PID:5500
- C:\Windows\System\ojYOBhC.exe
  C:\Windows\System\ojYOBhC.exe
  2⤵
  PID:6040
- C:\Windows\System\wQioQDk.exe
  C:\Windows\System\wQioQDk.exe
  2⤵
  PID:2568
- C:\Windows\System\CVRSiKd.exe
  C:\Windows\System\CVRSiKd.exe
  2⤵
  PID:5800
- C:\Windows\System\QXriAOw.exe
  C:\Windows\System\QXriAOw.exe
  2⤵
  PID:2744
- C:\Windows\System\GVkApTC.exe
  C:\Windows\System\GVkApTC.exe
  2⤵
  PID:5700
- C:\Windows\System\XfIdPZh.exe
  C:\Windows\System\XfIdPZh.exe
  2⤵
  PID:3932
- C:\Windows\System\xLbdMPs.exe
  C:\Windows\System\xLbdMPs.exe
  2⤵
  PID:5392
- C:\Windows\System\JItOPKO.exe
  C:\Windows\System\JItOPKO.exe
  2⤵
  PID:4140
- C:\Windows\System\tfOEyYD.exe
  C:\Windows\System\tfOEyYD.exe
  2⤵
  PID:6060
- C:\Windows\System\hGttLnU.exe
  C:\Windows\System\hGttLnU.exe
  2⤵
  PID:1876
- C:\Windows\System\qAbECYk.exe
  C:\Windows\System\qAbECYk.exe
  2⤵
  PID:5524
- C:\Windows\System\ZEqrKzl.exe
  C:\Windows\System\ZEqrKzl.exe
  2⤵
  PID:1192
- C:\Windows\System\udTurlA.exe
  C:\Windows\System\udTurlA.exe
  2⤵
  PID:5504
- C:\Windows\System\JJrGtQh.exe
  C:\Windows\System\JJrGtQh.exe
  2⤵
  PID:4564
- C:\Windows\System\cgLrKrZ.exe
  C:\Windows\System\cgLrKrZ.exe
  2⤵
  PID:5716
- C:\Windows\System\dgvLPmz.exe
  C:\Windows\System\dgvLPmz.exe
  2⤵
  PID:2388
- C:\Windows\System\HyCipaN.exe
  C:\Windows\System\HyCipaN.exe
  2⤵
  PID:2908
- C:\Windows\System\UNFVYwC.exe
  C:\Windows\System\UNFVYwC.exe
  2⤵
  PID:692
- C:\Windows\System\YMeNTnh.exe
  C:\Windows\System\YMeNTnh.exe
  2⤵
  PID:2860
- C:\Windows\System\jnhZjCz.exe
  C:\Windows\System\jnhZjCz.exe
  2⤵
  PID:2720
- C:\Windows\System\qBuYsuf.exe
  C:\Windows\System\qBuYsuf.exe
  2⤵
  PID:696
- C:\Windows\System\ooukeAy.exe
  C:\Windows\System\ooukeAy.exe
  2⤵
  PID:1936
- C:\Windows\System\jtsOkGN.exe
  C:\Windows\System\jtsOkGN.exe
  2⤵
  PID:1228
- C:\Windows\System\sBZFRZf.exe
  C:\Windows\System\sBZFRZf.exe
  2⤵
  PID:6076
- C:\Windows\System\IhphPZx.exe
  C:\Windows\System\IhphPZx.exe
  2⤵
  PID:5964
- C:\Windows\System\iPyTqob.exe
  C:\Windows\System\iPyTqob.exe
  2⤵
  PID:1300
- C:\Windows\System\fSscOHq.exe
  C:\Windows\System\fSscOHq.exe
  2⤵
  PID:1736
- C:\Windows\System\UPormbr.exe
  C:\Windows\System\UPormbr.exe
  2⤵
  PID:4784
- C:\Windows\System\eANektc.exe
  C:\Windows\System\eANektc.exe
  2⤵
  PID:5468
- C:\Windows\System\apxdbfs.exe
  C:\Windows\System\apxdbfs.exe
  2⤵
  PID:1772
- C:\Windows\System\MSktWJS.exe
  C:\Windows\System\MSktWJS.exe
  2⤵
  PID:2112
- C:\Windows\System\NIUidhz.exe
  C:\Windows\System\NIUidhz.exe
  2⤵
  PID:2640
- C:\Windows\System\bFlINeb.exe
  C:\Windows\System\bFlINeb.exe
  2⤵
  PID:480
- C:\Windows\System\liUvgKJ.exe
  C:\Windows\System\liUvgKJ.exe
  2⤵
  PID:5636
- C:\Windows\System\GkGqmDm.exe
  C:\Windows\System\GkGqmDm.exe
  2⤵
  PID:392
- C:\Windows\System\cNNCMDY.exe
  C:\Windows\System\cNNCMDY.exe
  2⤵
  PID:2396
- C:\Windows\System\qoRuTan.exe
  C:\Windows\System\qoRuTan.exe
  2⤵
  PID:1928
- C:\Windows\System\wFyYYOD.exe
  C:\Windows\System\wFyYYOD.exe
  2⤵
  PID:5560
- C:\Windows\System\SsoEkPs.exe
  C:\Windows\System\SsoEkPs.exe
  2⤵
  PID:2152
- C:\Windows\System\QQsKxFS.exe
  C:\Windows\System\QQsKxFS.exe
  2⤵
  PID:5676
- C:\Windows\System\YcjzdCk.exe
  C:\Windows\System\YcjzdCk.exe
  2⤵
  PID:5640
- C:\Windows\System\HNeUtdM.exe
  C:\Windows\System\HNeUtdM.exe
  2⤵
  PID:2940
- C:\Windows\System\YcqSwyE.exe
  C:\Windows\System\YcqSwyE.exe
  2⤵
  PID:5684
- C:\Windows\System\uGCiMoJ.exe
  C:\Windows\System\uGCiMoJ.exe
  2⤵
  PID:5168
- C:\Windows\System\CGNoYNJ.exe
  C:\Windows\System\CGNoYNJ.exe
  2⤵
  PID:5372
- C:\Windows\System\cRrFsgh.exe
  C:\Windows\System\cRrFsgh.exe
  2⤵
  PID:5940
- C:\Windows\System\tOSmozh.exe
  C:\Windows\System\tOSmozh.exe
  2⤵
  PID:5616
- C:\Windows\System\aInYOuU.exe
  C:\Windows\System\aInYOuU.exe
  2⤵
  PID:1436
- C:\Windows\System\wXmoqce.exe
  C:\Windows\System\wXmoqce.exe
  2⤵
  PID:2608
- C:\Windows\System\zZLbESV.exe
  C:\Windows\System\zZLbESV.exe
  2⤵
  PID:5176
- C:\Windows\System\etWkkjn.exe
  C:\Windows\System\etWkkjn.exe
  2⤵
  PID:2600
- C:\Windows\System\SzJlFXj.exe
  C:\Windows\System\SzJlFXj.exe
  2⤵
  PID:6176
- C:\Windows\System\XGoavRj.exe
  C:\Windows\System\XGoavRj.exe
  2⤵
  PID:6192
- C:\Windows\System\OweirOD.exe
  C:\Windows\System\OweirOD.exe
  2⤵
  PID:6208
- C:\Windows\System\erilpGP.exe
  C:\Windows\System\erilpGP.exe
  2⤵
  PID:6224
- C:\Windows\System\xJutQau.exe
  C:\Windows\System\xJutQau.exe
  2⤵
  PID:6244
- C:\Windows\System\yJinITH.exe
  C:\Windows\System\yJinITH.exe
  2⤵
  PID:6280
- C:\Windows\System\IPGxEgb.exe
  C:\Windows\System\IPGxEgb.exe
  2⤵
  PID:6296
- C:\Windows\System\oueDuYI.exe
  C:\Windows\System\oueDuYI.exe
  2⤵
  PID:6312
- C:\Windows\System\luSwnXj.exe
  C:\Windows\System\luSwnXj.exe
  2⤵
  PID:6328
- C:\Windows\System\YcrDNaz.exe
  C:\Windows\System\YcrDNaz.exe
  2⤵
  PID:6344
- C:\Windows\System\lgnQhRa.exe
  C:\Windows\System\lgnQhRa.exe
  2⤵
  PID:6364
- C:\Windows\System\JiOGvyM.exe
  C:\Windows\System\JiOGvyM.exe
  2⤵
  PID:6384
- C:\Windows\System\llsVIbX.exe
  C:\Windows\System\llsVIbX.exe
  2⤵
  PID:6400
- C:\Windows\System\BtwlKxI.exe
  C:\Windows\System\BtwlKxI.exe
  2⤵
  PID:6420
- C:\Windows\System\ZGzcdKm.exe
  C:\Windows\System\ZGzcdKm.exe
  2⤵
  PID:6436
- C:\Windows\System\DsaHFvO.exe
  C:\Windows\System\DsaHFvO.exe
  2⤵
  PID:6480
- C:\Windows\System\MTZXNWB.exe
  C:\Windows\System\MTZXNWB.exe
  2⤵
  PID:6496
- C:\Windows\System\UmzsbkY.exe
  C:\Windows\System\UmzsbkY.exe
  2⤵
  PID:6512
- C:\Windows\System\RJLEIHm.exe
  C:\Windows\System\RJLEIHm.exe
  2⤵
  PID:6528
- C:\Windows\System\QeMBXQF.exe
  C:\Windows\System\QeMBXQF.exe
  2⤵
  PID:6544
- C:\Windows\System\PbkdOyu.exe
  C:\Windows\System\PbkdOyu.exe
  2⤵
  PID:6564
- C:\Windows\System\LGWXnMu.exe
  C:\Windows\System\LGWXnMu.exe
  2⤵
  PID:6584
- C:\Windows\System\IjYghPv.exe
  C:\Windows\System\IjYghPv.exe
  2⤵
  PID:6604
- C:\Windows\System\hpRKnpz.exe
  C:\Windows\System\hpRKnpz.exe
  2⤵
  PID:6620
- C:\Windows\System\wzAblkv.exe
  C:\Windows\System\wzAblkv.exe
  2⤵
  PID:6636
- C:\Windows\System\YiHuQgM.exe
  C:\Windows\System\YiHuQgM.exe
  2⤵
  PID:6652
- C:\Windows\System\HShDAYp.exe
  C:\Windows\System\HShDAYp.exe
  2⤵
  PID:6668
- C:\Windows\System\TVpOupZ.exe
  C:\Windows\System\TVpOupZ.exe
  2⤵
  PID:6684
- C:\Windows\System\bvxthhT.exe
  C:\Windows\System\bvxthhT.exe
  2⤵
  PID:6700
- C:\Windows\System\aHFGmSl.exe
  C:\Windows\System\aHFGmSl.exe
  2⤵
  PID:6716
- C:\Windows\System\kDCCGww.exe
  C:\Windows\System\kDCCGww.exe
  2⤵
  PID:6732
- C:\Windows\System\cYvNLhx.exe
  C:\Windows\System\cYvNLhx.exe
  2⤵
  PID:6752
- C:\Windows\System\EOWhbMh.exe
  C:\Windows\System\EOWhbMh.exe
  2⤵
  PID:6772
- C:\Windows\System\FQUjKmE.exe
  C:\Windows\System\FQUjKmE.exe
  2⤵
  PID:6792
- C:\Windows\System\GYfDNVz.exe
  C:\Windows\System\GYfDNVz.exe
  2⤵
  PID:6812
- C:\Windows\System\sWVevyc.exe
  C:\Windows\System\sWVevyc.exe
  2⤵
  PID:6832
- C:\Windows\System\nmfEnwY.exe
  C:\Windows\System\nmfEnwY.exe
  2⤵
  PID:6852
- C:\Windows\System\rTAsbcR.exe
  C:\Windows\System\rTAsbcR.exe
  2⤵
  PID:6872
- C:\Windows\System\fjuWQLI.exe
  C:\Windows\System\fjuWQLI.exe
  2⤵
  PID:6888
- C:\Windows\System\RxPSEsG.exe
  C:\Windows\System\RxPSEsG.exe
  2⤵
  PID:6904
- C:\Windows\System\JpFblLD.exe
  C:\Windows\System\JpFblLD.exe
  2⤵
  PID:6920
- C:\Windows\System\lKrhsZW.exe
  C:\Windows\System\lKrhsZW.exe
  2⤵
  PID:6936
- C:\Windows\System\WvvpvQD.exe
  C:\Windows\System\WvvpvQD.exe
  2⤵
  PID:6952
- C:\Windows\System\mmDxHDe.exe
  C:\Windows\System\mmDxHDe.exe
  2⤵
  PID:6968
- C:\Windows\System\oIuKbQe.exe
  C:\Windows\System\oIuKbQe.exe
  2⤵
  PID:6984
- C:\Windows\System\CViAPtv.exe
  C:\Windows\System\CViAPtv.exe
  2⤵
  PID:7000
- C:\Windows\System\mygCNcA.exe
  C:\Windows\System\mygCNcA.exe
  2⤵
  PID:7016
- C:\Windows\System\ebZWwxL.exe
  C:\Windows\System\ebZWwxL.exe
  2⤵
  PID:7036
- C:\Windows\System\ETTeBdS.exe
  C:\Windows\System\ETTeBdS.exe
  2⤵
  PID:7056
- C:\Windows\System\BARrjjY.exe
  C:\Windows\System\BARrjjY.exe
  2⤵
  PID:7076
- C:\Windows\System\zYTBboO.exe
  C:\Windows\System\zYTBboO.exe
  2⤵
  PID:7096
- C:\Windows\System\iqOOewI.exe
  C:\Windows\System\iqOOewI.exe
  2⤵
  PID:7116
- C:\Windows\System\hjuUEGi.exe
  C:\Windows\System\hjuUEGi.exe
  2⤵
  PID:7132
- C:\Windows\System\FzmYCWH.exe
  C:\Windows\System\FzmYCWH.exe
  2⤵
  PID:7156
- C:\Windows\System\INHdOip.exe
  C:\Windows\System\INHdOip.exe
  2⤵
  PID:4664
- C:\Windows\System\UbotCvW.exe
  C:\Windows\System\UbotCvW.exe
  2⤵
  PID:1516
- C:\Windows\System\DVhAedG.exe
  C:\Windows\System\DVhAedG.exe
  2⤵
  PID:6164
- C:\Windows\System\AYFMNmG.exe
  C:\Windows\System\AYFMNmG.exe
  2⤵
  PID:6220
- C:\Windows\System\pmohLGV.exe
  C:\Windows\System\pmohLGV.exe
  2⤵
  PID:6256
- C:\Windows\System\wvYNLiX.exe
  C:\Windows\System\wvYNLiX.exe
  2⤵
  PID:6268
- C:\Windows\System\htiCqTr.exe
  C:\Windows\System\htiCqTr.exe
  2⤵
  PID:6308
- C:\Windows\System\YffQtfI.exe
  C:\Windows\System\YffQtfI.exe
  2⤵
  PID:6372
- C:\Windows\System\qIVIHIE.exe
  C:\Windows\System\qIVIHIE.exe
  2⤵
  PID:6448
- C:\Windows\System\oianITn.exe
  C:\Windows\System\oianITn.exe
  2⤵
  PID:6456
- C:\Windows\System\bvudRfh.exe
  C:\Windows\System\bvudRfh.exe
  2⤵
  PID:6472
- C:\Windows\System\QYQDsxi.exe
  C:\Windows\System\QYQDsxi.exe
  2⤵
  PID:6536
- C:\Windows\System\RVYyAmN.exe
  C:\Windows\System\RVYyAmN.exe
  2⤵
  PID:6580
- C:\Windows\System\Eodgzqq.exe
  C:\Windows\System\Eodgzqq.exe
  2⤵
  PID:6612
- C:\Windows\System\CUjzWDX.exe
  C:\Windows\System\CUjzWDX.exe
  2⤵
  PID:6680
- C:\Windows\System\DnfoIXz.exe
  C:\Windows\System\DnfoIXz.exe
  2⤵
  PID:6748
- C:\Windows\System\KCMyMoC.exe
  C:\Windows\System\KCMyMoC.exe
  2⤵
  PID:6428
- C:\Windows\System\bcCuCbF.exe
  C:\Windows\System\bcCuCbF.exe
  2⤵
  PID:6828
- C:\Windows\System\ITCSxfO.exe
  C:\Windows\System\ITCSxfO.exe
  2⤵
  PID:6896
- C:\Windows\System\aEilOqO.exe
  C:\Windows\System\aEilOqO.exe
  2⤵
  PID:6964
- C:\Windows\System\IWcDdQh.exe
  C:\Windows\System\IWcDdQh.exe
  2⤵
  PID:7064
- C:\Windows\System\urOegpc.exe
  C:\Windows\System\urOegpc.exe
  2⤵
  PID:7108
- C:\Windows\System\Zrshzyr.exe
  C:\Windows\System\Zrshzyr.exe
  2⤵
  PID:7144
- C:\Windows\System\MnyFePW.exe
  C:\Windows\System\MnyFePW.exe
  2⤵
  PID:2496
- C:\Windows\System\WHojTmj.exe
  C:\Windows\System\WHojTmj.exe
  2⤵
  PID:6240
- C:\Windows\System\ubwDPXH.exe
  C:\Windows\System\ubwDPXH.exe
  2⤵
  PID:6352
- C:\Windows\System\kPXoHCv.exe
  C:\Windows\System\kPXoHCv.exe
  2⤵
  PID:6744
- C:\Windows\System\tNVzxWY.exe
  C:\Windows\System\tNVzxWY.exe
  2⤵
  PID:6928
- C:\Windows\System\VXNRAgv.exe
  C:\Windows\System\VXNRAgv.exe
  2⤵
  PID:7104
- C:\Windows\System\drIxrGV.exe
  C:\Windows\System\drIxrGV.exe
  2⤵
  PID:6324
- C:\Windows\System\WGKScJC.exe
  C:\Windows\System\WGKScJC.exe
  2⤵
  PID:6824
- C:\Windows\System\XtAbARu.exe
  C:\Windows\System\XtAbARu.exe
  2⤵
  PID:7176
- C:\Windows\System\iHHbsYz.exe
  C:\Windows\System\iHHbsYz.exe
  2⤵
  PID:7192
- C:\Windows\System\tXQXCeL.exe
  C:\Windows\System\tXQXCeL.exe
  2⤵
  PID:7208
- C:\Windows\System\TlSPxNn.exe
  C:\Windows\System\TlSPxNn.exe
  2⤵
  PID:7232
- C:\Windows\System\BJfxTDf.exe
  C:\Windows\System\BJfxTDf.exe
  2⤵
  PID:7248
- C:\Windows\System\CXQGXKd.exe
  C:\Windows\System\CXQGXKd.exe
  2⤵
  PID:7264
- C:\Windows\System\ycAZiHz.exe
  C:\Windows\System\ycAZiHz.exe
  2⤵
  PID:7280
- C:\Windows\System\uHKceWb.exe
  C:\Windows\System\uHKceWb.exe
  2⤵
  PID:7296
- C:\Windows\System\GGjDOpt.exe
  C:\Windows\System\GGjDOpt.exe
  2⤵
  PID:7312
- C:\Windows\System\vIImNzE.exe
  C:\Windows\System\vIImNzE.exe
  2⤵
  PID:7328
- C:\Windows\System\IBSbmjV.exe
  C:\Windows\System\IBSbmjV.exe
  2⤵
  PID:7344
- C:\Windows\System\ELCMQyB.exe
  C:\Windows\System\ELCMQyB.exe
  2⤵
  PID:7360
- C:\Windows\System\UyXiZjy.exe
  C:\Windows\System\UyXiZjy.exe
  2⤵
  PID:7376
- C:\Windows\System\FoyPTVf.exe
  C:\Windows\System\FoyPTVf.exe
  2⤵
  PID:7392
- C:\Windows\System\PiGSUHa.exe
  C:\Windows\System\PiGSUHa.exe
  2⤵
  PID:7408
- C:\Windows\System\TtfUIGt.exe
  C:\Windows\System\TtfUIGt.exe
  2⤵
  PID:7424
- C:\Windows\System\LWgMGRB.exe
  C:\Windows\System\LWgMGRB.exe
  2⤵
  PID:7440
- C:\Windows\System\qSJJIzv.exe
  C:\Windows\System\qSJJIzv.exe
  2⤵
  PID:7456
- C:\Windows\System\dZQaSzi.exe
  C:\Windows\System\dZQaSzi.exe
  2⤵
  PID:7472
- C:\Windows\System\SRvmerl.exe
  C:\Windows\System\SRvmerl.exe
  2⤵
  PID:7488
- C:\Windows\System\ziKjOPa.exe
  C:\Windows\System\ziKjOPa.exe
  2⤵
  PID:7504
- C:\Windows\System\jRnyuki.exe
  C:\Windows\System\jRnyuki.exe
  2⤵
  PID:7520
- C:\Windows\System\DhPtAFY.exe
  C:\Windows\System\DhPtAFY.exe
  2⤵
  PID:7536
- C:\Windows\System\BriWMOY.exe
  C:\Windows\System\BriWMOY.exe
  2⤵
  PID:7552
- C:\Windows\System\xxSNNuj.exe
  C:\Windows\System\xxSNNuj.exe
  2⤵
  PID:7568
- C:\Windows\System\VkNtgCi.exe
  C:\Windows\System\VkNtgCi.exe
  2⤵
  PID:7584
- C:\Windows\System\vHipuml.exe
  C:\Windows\System\vHipuml.exe
  2⤵
  PID:7600
- C:\Windows\System\bTYPHkN.exe
  C:\Windows\System\bTYPHkN.exe
  2⤵
  PID:7616
- C:\Windows\System\ofKMRZP.exe
  C:\Windows\System\ofKMRZP.exe
  2⤵
  PID:7632
- C:\Windows\System\LBdPJIF.exe
  C:\Windows\System\LBdPJIF.exe
  2⤵
  PID:7648
- C:\Windows\System\JaVckeX.exe
  C:\Windows\System\JaVckeX.exe
  2⤵
  PID:7664
- C:\Windows\System\rjvDqGS.exe
  C:\Windows\System\rjvDqGS.exe
  2⤵
  PID:7680
- C:\Windows\System\TnrfqNi.exe
  C:\Windows\System\TnrfqNi.exe
  2⤵
  PID:7696
- C:\Windows\System\TNlmbLF.exe
  C:\Windows\System\TNlmbLF.exe
  2⤵
  PID:7712
- C:\Windows\System\lDNrnCf.exe
  C:\Windows\System\lDNrnCf.exe
  2⤵
  PID:7728
- C:\Windows\System\PaRtwTJ.exe
  C:\Windows\System\PaRtwTJ.exe
  2⤵
  PID:7744
- C:\Windows\System\dYZnYkC.exe
  C:\Windows\System\dYZnYkC.exe
  2⤵
  PID:7760
- C:\Windows\System\GLGftNx.exe
  C:\Windows\System\GLGftNx.exe
  2⤵
  PID:7776
- C:\Windows\System\eQjksnG.exe
  C:\Windows\System\eQjksnG.exe
  2⤵
  PID:7792
- C:\Windows\System\kXgmpQJ.exe
  C:\Windows\System\kXgmpQJ.exe
  2⤵
  PID:7808
- C:\Windows\System\sMhrCKC.exe
  C:\Windows\System\sMhrCKC.exe
  2⤵
  PID:7824
- C:\Windows\System\VePkruJ.exe
  C:\Windows\System\VePkruJ.exe
  2⤵
  PID:7840
- C:\Windows\System\gKALuVY.exe
  C:\Windows\System\gKALuVY.exe
  2⤵
  PID:7856
- C:\Windows\System\bZPMvYm.exe
  C:\Windows\System\bZPMvYm.exe
  2⤵
  PID:7872
- C:\Windows\System\hesUKWE.exe
  C:\Windows\System\hesUKWE.exe
  2⤵
  PID:7888
- C:\Windows\System\kEIvjxI.exe
  C:\Windows\System\kEIvjxI.exe
  2⤵
  PID:7904
- C:\Windows\System\dTUJqLD.exe
  C:\Windows\System\dTUJqLD.exe
  2⤵
  PID:7920
- C:\Windows\System\cOnbSuJ.exe
  C:\Windows\System\cOnbSuJ.exe
  2⤵
  PID:7936
- C:\Windows\System\GWngGOE.exe
  C:\Windows\System\GWngGOE.exe
  2⤵
  PID:7952
- C:\Windows\System\LkqKuJh.exe
  C:\Windows\System\LkqKuJh.exe
  2⤵
  PID:7968
- C:\Windows\System\DiomIqD.exe
  C:\Windows\System\DiomIqD.exe
  2⤵
  PID:7984
- C:\Windows\System\WDycUgI.exe
  C:\Windows\System\WDycUgI.exe
  2⤵
  PID:8000
- C:\Windows\System\cuYfYJb.exe
  C:\Windows\System\cuYfYJb.exe
  2⤵
  PID:8016
- C:\Windows\System\zNfzfNp.exe
  C:\Windows\System\zNfzfNp.exe
  2⤵
  PID:8032
- C:\Windows\System\zExJSSj.exe
  C:\Windows\System\zExJSSj.exe
  2⤵
  PID:8048
- C:\Windows\System\OxVmuLk.exe
  C:\Windows\System\OxVmuLk.exe
  2⤵
  PID:8064
- C:\Windows\System\sVKvRoQ.exe
  C:\Windows\System\sVKvRoQ.exe
  2⤵
  PID:8080
- C:\Windows\System\xeJKCad.exe
  C:\Windows\System\xeJKCad.exe
  2⤵
  PID:8096
- C:\Windows\System\tHgotaJ.exe
  C:\Windows\System\tHgotaJ.exe
  2⤵
  PID:8112
- C:\Windows\System\mZIkKzs.exe
  C:\Windows\System\mZIkKzs.exe
  2⤵
  PID:8132
- C:\Windows\System\JPQGCwW.exe
  C:\Windows\System\JPQGCwW.exe
  2⤵
  PID:8148
- C:\Windows\System\qxQQYcI.exe
  C:\Windows\System\qxQQYcI.exe
  2⤵
  PID:8164
- C:\Windows\System\SjpJVsO.exe
  C:\Windows\System\SjpJVsO.exe
  2⤵
  PID:8180
- C:\Windows\System\zaeEOKO.exe
  C:\Windows\System\zaeEOKO.exe
  2⤵
  PID:5328
- C:\Windows\System\sFxUrSx.exe
  C:\Windows\System\sFxUrSx.exe
  2⤵
  PID:6492
- C:\Windows\System\jCbFQOq.exe
  C:\Windows\System\jCbFQOq.exe
  2⤵
  PID:6560
- C:\Windows\System\zRWtNtD.exe
  C:\Windows\System\zRWtNtD.exe
  2⤵
  PID:6628
- C:\Windows\System\lJcKPHd.exe
  C:\Windows\System\lJcKPHd.exe
  2⤵
  PID:6692
- C:\Windows\System\Kqfcmzf.exe
  C:\Windows\System\Kqfcmzf.exe
  2⤵
  PID:6764
- C:\Windows\System\JZqDkXh.exe
  C:\Windows\System\JZqDkXh.exe
  2⤵
  PID:6808
- C:\Windows\System\TaGDfpU.exe
  C:\Windows\System\TaGDfpU.exe
  2⤵
  PID:7200
- C:\Windows\System\fDVBjpc.exe
  C:\Windows\System\fDVBjpc.exe
  2⤵
  PID:6912
- C:\Windows\System\TZvTRqd.exe
  C:\Windows\System\TZvTRqd.exe
  2⤵
  PID:6976
- C:\Windows\System\hruZhgW.exe
  C:\Windows\System\hruZhgW.exe
  2⤵
  PID:7044
- C:\Windows\System\amTbALK.exe
  C:\Windows\System\amTbALK.exe
  2⤵
  PID:7088
- C:\Windows\System\jGrzCpn.exe
  C:\Windows\System\jGrzCpn.exe
  2⤵
  PID:7164
- C:\Windows\System\irhJWcj.exe
  C:\Windows\System\irhJWcj.exe
  2⤵
  PID:6160
- C:\Windows\System\CpfNUbA.exe
  C:\Windows\System\CpfNUbA.exe
  2⤵
  PID:6276
- C:\Windows\System\awrCRAW.exe
  C:\Windows\System\awrCRAW.exe
  2⤵
  PID:6408
- C:\Windows\System\jsqPULG.exe
  C:\Windows\System\jsqPULG.exe
  2⤵
  PID:6572
- C:\Windows\System\wZjiEBe.exe
  C:\Windows\System\wZjiEBe.exe
  2⤵
  PID:6784
- C:\Windows\System\dbdfsIs.exe
  C:\Windows\System\dbdfsIs.exe
  2⤵
  PID:6080
- C:\Windows\System\eGzLKwR.exe
  C:\Windows\System\eGzLKwR.exe
  2⤵
  PID:7024
- C:\Windows\System\ZhRSnQy.exe
  C:\Windows\System\ZhRSnQy.exe
  2⤵
  PID:6236
- C:\Windows\System\MdZZxZM.exe
  C:\Windows\System\MdZZxZM.exe
  2⤵
  PID:6740
- C:\Windows\System\pNKpQTJ.exe
  C:\Windows\System\pNKpQTJ.exe
  2⤵
  PID:6396
- C:\Windows\System\LnigfUs.exe
  C:\Windows\System\LnigfUs.exe
  2⤵
  PID:6412
- C:\Windows\System\akYddqi.exe
  C:\Windows\System\akYddqi.exe
  2⤵
  PID:6320
- C:\Windows\System\JrbnyjI.exe
  C:\Windows\System\JrbnyjI.exe
  2⤵
  PID:7220
- C:\Windows\System\UZmAjsy.exe
  C:\Windows\System\UZmAjsy.exe
  2⤵
  PID:7304
- C:\Windows\System\FXqUfqy.exe
  C:\Windows\System\FXqUfqy.exe
  2⤵
  PID:7368
- C:\Windows\System\BTivODP.exe
  C:\Windows\System\BTivODP.exe
  2⤵
  PID:7432
- C:\Windows\System\Zsftgfk.exe
  C:\Windows\System\Zsftgfk.exe
  2⤵
  PID:7260
- C:\Windows\System\ZGOiSjk.exe
  C:\Windows\System\ZGOiSjk.exe
  2⤵
  PID:7292
- C:\Windows\System\cxIVIhz.exe
  C:\Windows\System\cxIVIhz.exe
  2⤵
  PID:7384
- C:\Windows\System\qDKYLoy.exe
  C:\Windows\System\qDKYLoy.exe
  2⤵
  PID:7288
- C:\Windows\System\ybGDgba.exe
  C:\Windows\System\ybGDgba.exe
  2⤵
  PID:7480
- C:\Windows\System\KSfOKJm.exe
  C:\Windows\System\KSfOKJm.exe
  2⤵
  PID:7516
- C:\Windows\System\zwvZHFZ.exe
  C:\Windows\System\zwvZHFZ.exe
  2⤵
  PID:7548
- C:\Windows\System\TuRqoxW.exe
  C:\Windows\System\TuRqoxW.exe
  2⤵
  PID:7624
- C:\Windows\System\dztSQez.exe
  C:\Windows\System\dztSQez.exe
  2⤵
  PID:7608
- C:\Windows\System\YKrCmUe.exe
  C:\Windows\System\YKrCmUe.exe
  2⤵
  PID:7660
- C:\Windows\System\bXWGeIg.exe
  C:\Windows\System\bXWGeIg.exe
  2⤵
  PID:7640
- C:\Windows\System\xyscXHE.exe
  C:\Windows\System\xyscXHE.exe
  2⤵
  PID:7724
- C:\Windows\System\qFurjuQ.exe
  C:\Windows\System\qFurjuQ.exe
  2⤵
  PID:7768
- C:\Windows\System\ryNfQBA.exe
  C:\Windows\System\ryNfQBA.exe
  2⤵
  PID:7740
- C:\Windows\System\UkUmEno.exe
  C:\Windows\System\UkUmEno.exe
  2⤵
  PID:7788
- C:\Windows\System\uWgHFeW.exe
  C:\Windows\System\uWgHFeW.exe
  2⤵
  PID:7852
- C:\Windows\System\kGNZBMD.exe
  C:\Windows\System\kGNZBMD.exe
  2⤵
  PID:7916
- C:\Windows\System\NrKOavf.exe
  C:\Windows\System\NrKOavf.exe
  2⤵
  PID:7836
- C:\Windows\System\JZLXOZq.exe
  C:\Windows\System\JZLXOZq.exe
  2⤵
  PID:7896
- C:\Windows\System\keQQmsK.exe
  C:\Windows\System\keQQmsK.exe
  2⤵
  PID:7976
- C:\Windows\System\myJBUHw.exe
  C:\Windows\System\myJBUHw.exe
  2⤵
  PID:7996
- C:\Windows\System\sgLbZih.exe
  C:\Windows\System\sgLbZih.exe
  2⤵
  PID:8040
- C:\Windows\System\UVgUmOd.exe
  C:\Windows\System\UVgUmOd.exe
  2⤵
  PID:8104
- C:\Windows\System\zKaVoBb.exe
  C:\Windows\System\zKaVoBb.exe
  2⤵
  PID:8144
- C:\Windows\System\YWvhjqC.exe
  C:\Windows\System\YWvhjqC.exe
  2⤵
  PID:7172
- C:\Windows\System\MIYxRBM.exe
  C:\Windows\System\MIYxRBM.exe
  2⤵
  PID:8060
- C:\Windows\System\rPdkZzl.exe
  C:\Windows\System\rPdkZzl.exe
  2⤵
  PID:8128
- C:\Windows\System\VUYFcjk.exe
  C:\Windows\System\VUYFcjk.exe
  2⤵
  PID:8188
- C:\Windows\System\NxUiPHu.exe
  C:\Windows\System\NxUiPHu.exe
  2⤵
  PID:6760
- C:\Windows\System\fRyIWjy.exe
  C:\Windows\System\fRyIWjy.exe
  2⤵
  PID:6520
- C:\Windows\System\SUfmJfK.exe
  C:\Windows\System\SUfmJfK.exe
  2⤵
  PID:6944
- C:\Windows\System\MhakNNu.exe
  C:\Windows\System\MhakNNu.exe
  2⤵
  PID:6660
- C:\Windows\System\FkCwHjm.exe
  C:\Windows\System\FkCwHjm.exe
  2⤵
  PID:6880
- C:\Windows\System\IxmBmex.exe
  C:\Windows\System\IxmBmex.exe
  2⤵
  PID:6676
- C:\Windows\System\OVqFrru.exe
  C:\Windows\System\OVqFrru.exe
  2⤵
  PID:7124
- C:\Windows\System\BCMXyVm.exe
  C:\Windows\System\BCMXyVm.exe
  2⤵
  PID:6468
- C:\Windows\System\ymXMipZ.exe
  C:\Windows\System\ymXMipZ.exe
  2⤵
  PID:7224
- C:\Windows\System\XbPfpAm.exe
  C:\Windows\System\XbPfpAm.exe
  2⤵
  PID:6728
- C:\Windows\System\BgdQuab.exe
  C:\Windows\System\BgdQuab.exe
  2⤵
  PID:7216
- C:\Windows\System\ZwaBFtR.exe
  C:\Windows\System\ZwaBFtR.exe
  2⤵
  PID:7272
- C:\Windows\System\RejrHEu.exe
  C:\Windows\System\RejrHEu.exe
  2⤵
  PID:7464
- C:\Windows\System\OYKFdTW.exe
  C:\Windows\System\OYKFdTW.exe
  2⤵
  PID:7352
- C:\Windows\System\UjhlpBO.exe
  C:\Windows\System\UjhlpBO.exe
  2⤵
  PID:7528
- C:\Windows\System\EwWrjAM.exe
  C:\Windows\System\EwWrjAM.exe
  2⤵
  PID:7532
- C:\Windows\System\msMfvWx.exe
  C:\Windows\System\msMfvWx.exe
  2⤵
  PID:7692
- C:\Windows\System\SBMVflq.exe
  C:\Windows\System\SBMVflq.exe
  2⤵
  PID:7800
- C:\Windows\System\ZsWAVlX.exe
  C:\Windows\System\ZsWAVlX.exe
  2⤵
  PID:7676
- C:\Windows\System\qsQyJRH.exe
  C:\Windows\System\qsQyJRH.exe
  2⤵
  PID:7708
- C:\Windows\System\TqcjXeO.exe
  C:\Windows\System\TqcjXeO.exe
  2⤵
  PID:7832
- C:\Windows\System\HGGNMcd.exe
  C:\Windows\System\HGGNMcd.exe
  2⤵
  PID:7912
- C:\Windows\System\QxgBcyl.exe
  C:\Windows\System\QxgBcyl.exe
  2⤵
  PID:8044
- C:\Windows\System\pAaTIuc.exe
  C:\Windows\System\pAaTIuc.exe
  2⤵
  PID:8088
- C:\Windows\System\ytguxgG.exe
  C:\Windows\System\ytguxgG.exe
  2⤵
  PID:8056
- C:\Windows\System\HvNVFyj.exe
  C:\Windows\System\HvNVFyj.exe
  2⤵
  PID:6552
- C:\Windows\System\LboClEV.exe
  C:\Windows\System\LboClEV.exe
  2⤵
  PID:6804
- C:\Windows\System\cuoRuyh.exe
  C:\Windows\System\cuoRuyh.exe
  2⤵
  PID:7012
- C:\Windows\System\wzQrcoh.exe
  C:\Windows\System\wzQrcoh.exe
  2⤵
  PID:7188
- C:\Windows\System\wsWyGct.exe
  C:\Windows\System\wsWyGct.exe
  2⤵
  PID:7404
- C:\Windows\System\DLmnWfa.exe
  C:\Windows\System\DLmnWfa.exe
  2⤵
  PID:6232
- C:\Windows\System\xBNJclF.exe
  C:\Windows\System\xBNJclF.exe
  2⤵
  PID:6168
- C:\Windows\System\LwGgGBQ.exe
  C:\Windows\System\LwGgGBQ.exe
  2⤵
  PID:7244
- C:\Windows\System\yVXOgHH.exe
  C:\Windows\System\yVXOgHH.exe
  2⤵
  PID:7324
- C:\Windows\System\YQguzMM.exe
  C:\Windows\System\YQguzMM.exe
  2⤵
  PID:7580
- C:\Windows\System\iQEnfjC.exe
  C:\Windows\System\iQEnfjC.exe
  2⤵
  PID:7592
- C:\Windows\System\ecvBbyU.exe
  C:\Windows\System\ecvBbyU.exe
  2⤵
  PID:7948
- C:\Windows\System\wTtLCwb.exe
  C:\Windows\System\wTtLCwb.exe
  2⤵
  PID:6488
- C:\Windows\System\ZPfztoe.exe
  C:\Windows\System\ZPfztoe.exe
  2⤵
  PID:7052
- C:\Windows\System\aITePBq.exe
  C:\Windows\System\aITePBq.exe
  2⤵
  PID:6664
- C:\Windows\System\nQMZrXt.exe
  C:\Windows\System\nQMZrXt.exe
  2⤵
  PID:8160
- C:\Windows\System\zncGxEG.exe
  C:\Windows\System\zncGxEG.exe
  2⤵
  PID:8252
- C:\Windows\System\GVoiuZX.exe
  C:\Windows\System\GVoiuZX.exe
  2⤵
  PID:8276
- C:\Windows\System\VYmrtYp.exe
  C:\Windows\System\VYmrtYp.exe
  2⤵
  PID:8368
- C:\Windows\System\YgVAapP.exe
  C:\Windows\System\YgVAapP.exe
  2⤵
  PID:8476
- C:\Windows\System\chqMyhu.exe
  C:\Windows\System\chqMyhu.exe
  2⤵
  PID:8496
- C:\Windows\System\DZpshNv.exe
  C:\Windows\System\DZpshNv.exe
  2⤵
  PID:8512
- C:\Windows\System\oJKrNQG.exe
  C:\Windows\System\oJKrNQG.exe
  2⤵
  PID:8528
- C:\Windows\System\djFAeyL.exe
  C:\Windows\System\djFAeyL.exe
  2⤵
  PID:8548
- C:\Windows\System\fiHmuQG.exe
  C:\Windows\System\fiHmuQG.exe
  2⤵
  PID:8564
- C:\Windows\System\pOyBNjZ.exe
  C:\Windows\System\pOyBNjZ.exe
  2⤵
  PID:8580
- C:\Windows\System\IClJloj.exe
  C:\Windows\System\IClJloj.exe
  2⤵
  PID:8596
- C:\Windows\System\HESVBKZ.exe
  C:\Windows\System\HESVBKZ.exe
  2⤵
  PID:8612
- C:\Windows\System\fjPnIHG.exe
  C:\Windows\System\fjPnIHG.exe
  2⤵
  PID:8628
- C:\Windows\System\xxSwDkn.exe
  C:\Windows\System\xxSwDkn.exe
  2⤵
  PID:8644
- C:\Windows\System\ciMzlxX.exe
  C:\Windows\System\ciMzlxX.exe
  2⤵
  PID:8660
- C:\Windows\System\WOdDFnt.exe
  C:\Windows\System\WOdDFnt.exe
  2⤵
  PID:8676
- C:\Windows\System\zkhHZAT.exe
  C:\Windows\System\zkhHZAT.exe
  2⤵
  PID:8692
- C:\Windows\System\XIXQXiT.exe
  C:\Windows\System\XIXQXiT.exe
  2⤵
  PID:8708
- C:\Windows\System\LDCmhPd.exe
  C:\Windows\System\LDCmhPd.exe
  2⤵
  PID:8724
- C:\Windows\System\sNqeMLU.exe
  C:\Windows\System\sNqeMLU.exe
  2⤵
  PID:8740
- C:\Windows\System\KILZuAP.exe
  C:\Windows\System\KILZuAP.exe
  2⤵
  PID:8756
- C:\Windows\System\uAFfWtw.exe
  C:\Windows\System\uAFfWtw.exe
  2⤵
  PID:8772
- C:\Windows\System\kPGSlll.exe
  C:\Windows\System\kPGSlll.exe
  2⤵
  PID:8788
- C:\Windows\System\bFhbVRB.exe
  C:\Windows\System\bFhbVRB.exe
  2⤵
  PID:8804
- C:\Windows\System\hRzSUdR.exe
  C:\Windows\System\hRzSUdR.exe
  2⤵
  PID:8820
- C:\Windows\System\UlsHtSc.exe
  C:\Windows\System\UlsHtSc.exe
  2⤵
  PID:8836
- C:\Windows\System\toUbjLL.exe
  C:\Windows\System\toUbjLL.exe
  2⤵
  PID:8852
- C:\Windows\System\jXVqhms.exe
  C:\Windows\System\jXVqhms.exe
  2⤵
  PID:8868
- C:\Windows\System\ftGKIPW.exe
  C:\Windows\System\ftGKIPW.exe
  2⤵
  PID:8884
- C:\Windows\System\xbUfzPE.exe
  C:\Windows\System\xbUfzPE.exe
  2⤵
  PID:8900
- C:\Windows\System\bYIgewX.exe
  C:\Windows\System\bYIgewX.exe
  2⤵
  PID:8916
- C:\Windows\System\BbUNTSI.exe
  C:\Windows\System\BbUNTSI.exe
  2⤵
  PID:8932
- C:\Windows\System\KLvZnPh.exe
  C:\Windows\System\KLvZnPh.exe
  2⤵
  PID:8948
- C:\Windows\System\JILSzCq.exe
  C:\Windows\System\JILSzCq.exe
  2⤵
  PID:8964
- C:\Windows\System\VWsUUYX.exe
  C:\Windows\System\VWsUUYX.exe
  2⤵
  PID:8980
- C:\Windows\System\IlHxVFX.exe
  C:\Windows\System\IlHxVFX.exe
  2⤵
  PID:8996
- C:\Windows\System\YPMhNZy.exe
  C:\Windows\System\YPMhNZy.exe
  2⤵
  PID:9012
- C:\Windows\System\wGMLBJv.exe
  C:\Windows\System\wGMLBJv.exe
  2⤵
  PID:9028
- C:\Windows\System\DRhoCdR.exe
  C:\Windows\System\DRhoCdR.exe
  2⤵
  PID:9044
- C:\Windows\System\tUQSMJh.exe
  C:\Windows\System\tUQSMJh.exe
  2⤵
  PID:9060
- C:\Windows\System\ShSwNvI.exe
  C:\Windows\System\ShSwNvI.exe
  2⤵
  PID:9076
- C:\Windows\System\xqjuCTr.exe
  C:\Windows\System\xqjuCTr.exe
  2⤵
  PID:9096
- C:\Windows\System\LZVFiFl.exe
  C:\Windows\System\LZVFiFl.exe
  2⤵
  PID:9112
- C:\Windows\System\YIbpKhC.exe
  C:\Windows\System\YIbpKhC.exe
  2⤵
  PID:9128
- C:\Windows\System\WQAuwXH.exe
  C:\Windows\System\WQAuwXH.exe
  2⤵
  PID:9144
- C:\Windows\System\sBlkgtR.exe
  C:\Windows\System\sBlkgtR.exe
  2⤵
  PID:9160
- C:\Windows\System\IExNCsJ.exe
  C:\Windows\System\IExNCsJ.exe
  2⤵
  PID:9176
- C:\Windows\System\uFLDKFb.exe
  C:\Windows\System\uFLDKFb.exe
  2⤵
  PID:9192
- C:\Windows\System\gihLQMY.exe
  C:\Windows\System\gihLQMY.exe
  2⤵
  PID:9208
- C:\Windows\System\SwnPoPF.exe
  C:\Windows\System\SwnPoPF.exe
  2⤵
  PID:7484
- C:\Windows\System\JbqLucp.exe
  C:\Windows\System\JbqLucp.exe
  2⤵
  PID:8072
- C:\Windows\System\kgfAlLD.exe
  C:\Windows\System\kgfAlLD.exe
  2⤵
  PID:6204
- C:\Windows\System\BdARqQE.exe
  C:\Windows\System\BdARqQE.exe
  2⤵
  PID:7008
- C:\Windows\System\VqGRfLq.exe
  C:\Windows\System\VqGRfLq.exe
  2⤵
  PID:7072
- C:\Windows\System\ZyTWrGs.exe
  C:\Windows\System\ZyTWrGs.exe
  2⤵
  PID:7420
- C:\Windows\System\mLkRJzw.exe
  C:\Windows\System\mLkRJzw.exe
  2⤵
  PID:6724
- C:\Windows\System\HTdMqjT.exe
  C:\Windows\System\HTdMqjT.exe
  2⤵
  PID:8204
- C:\Windows\System\sWntCZO.exe
  C:\Windows\System\sWntCZO.exe
  2⤵
  PID:8220
- C:\Windows\System\LtCmVQc.exe
  C:\Windows\System\LtCmVQc.exe
  2⤵
  PID:8236
- C:\Windows\System\yagJQyd.exe
  C:\Windows\System\yagJQyd.exe
  2⤵
  PID:8284
- C:\Windows\System\nNmylxW.exe
  C:\Windows\System\nNmylxW.exe
  2⤵
  PID:8300
- C:\Windows\System\KgXjIAD.exe
  C:\Windows\System\KgXjIAD.exe
  2⤵
  PID:8316
- C:\Windows\System\YNiCmNb.exe
  C:\Windows\System\YNiCmNb.exe
  2⤵
  PID:8332
- C:\Windows\System\AyfNwex.exe
  C:\Windows\System\AyfNwex.exe
  2⤵
  PID:8348
- C:\Windows\System\kKuVuns.exe
  C:\Windows\System\kKuVuns.exe
  2⤵
  PID:8360
- C:\Windows\System\SnLcQlJ.exe
  C:\Windows\System\SnLcQlJ.exe
  2⤵
  PID:8392
- C:\Windows\System\yFSgHTG.exe
  C:\Windows\System\yFSgHTG.exe
  2⤵
  PID:8400
- C:\Windows\System\KxJCsQp.exe
  C:\Windows\System\KxJCsQp.exe
  2⤵
  PID:8416
- C:\Windows\System\UcjyZFm.exe
  C:\Windows\System\UcjyZFm.exe
  2⤵
  PID:8436
- C:\Windows\System\eKEdZnx.exe
  C:\Windows\System\eKEdZnx.exe
  2⤵
  PID:8468
- C:\Windows\System\XdSYJJl.exe
  C:\Windows\System\XdSYJJl.exe
  2⤵
  PID:8464
- C:\Windows\System\lNSgtsl.exe
  C:\Windows\System\lNSgtsl.exe
  2⤵
  PID:8540
- C:\Windows\System\rvBZJIR.exe
  C:\Windows\System\rvBZJIR.exe
  2⤵
  PID:8604
- C:\Windows\System\kBujVBq.exe
  C:\Windows\System\kBujVBq.exe
  2⤵
  PID:8640
- C:\Windows\System\xAmYaGm.exe
  C:\Windows\System\xAmYaGm.exe
  2⤵
  PID:8732
- C:\Windows\System\tWftCJV.exe
  C:\Windows\System\tWftCJV.exe
  2⤵
  PID:8800
- C:\Windows\System\GXZBoWO.exe
  C:\Windows\System\GXZBoWO.exe
  2⤵
  PID:8864
- C:\Windows\System\rwtNuva.exe
  C:\Windows\System\rwtNuva.exe
  2⤵
  PID:8956
- C:\Windows\System\OmpwjUJ.exe
  C:\Windows\System\OmpwjUJ.exe
  2⤵
  PID:9020
- C:\Windows\System\YznDhGC.exe
  C:\Windows\System\YznDhGC.exe
  2⤵
  PID:9084
- C:\Windows\System\ySXaaGL.exe
  C:\Windows\System\ySXaaGL.exe
  2⤵
  PID:8244
- C:\Windows\System\uknCPAd.exe
  C:\Windows\System\uknCPAd.exe
  2⤵
  PID:8340
- C:\Windows\System\qCvqPFN.exe
  C:\Windows\System\qCvqPFN.exe
  2⤵
  PID:8384
- C:\Windows\System\bjGfVtv.exe
  C:\Windows\System\bjGfVtv.exe
  2⤵
  PID:8448
- C:\Windows\System\dFVKapH.exe
  C:\Windows\System\dFVKapH.exe
  2⤵
  PID:8488
- C:\Windows\System\MoROTzN.exe
  C:\Windows\System\MoROTzN.exe
  2⤵
  PID:8892
- C:\Windows\System\lzCdtmu.exe
  C:\Windows\System\lzCdtmu.exe
  2⤵
  PID:9168
- C:\Windows\System\HxfuFyL.exe
  C:\Windows\System\HxfuFyL.exe
  2⤵
  PID:8520
- C:\Windows\System\WxkEmLK.exe
  C:\Windows\System\WxkEmLK.exe
  2⤵
  PID:9200
- C:\Windows\System\zPvJQom.exe
  C:\Windows\System\zPvJQom.exe
  2⤵
  PID:8120
- C:\Windows\System\wOmatCa.exe
  C:\Windows\System\wOmatCa.exe
  2⤵
  PID:8620
- C:\Windows\System\oFcIdGh.exe
  C:\Windows\System\oFcIdGh.exe
  2⤵
  PID:8684
- C:\Windows\System\oloioGf.exe
  C:\Windows\System\oloioGf.exe
  2⤵
  PID:8748
- C:\Windows\System\cutuUHs.exe
  C:\Windows\System\cutuUHs.exe
  2⤵
  PID:8812
- C:\Windows\System\DhSzVxX.exe
  C:\Windows\System\DhSzVxX.exe
  2⤵
  PID:8876
- C:\Windows\System\ZxePIHA.exe
  C:\Windows\System\ZxePIHA.exe
  2⤵
  PID:8940
- C:\Windows\System\ttnnSLW.exe
  C:\Windows\System\ttnnSLW.exe
  2⤵
  PID:9004
- C:\Windows\System\SIHdfdT.exe
  C:\Windows\System\SIHdfdT.exe
  2⤵
  PID:9068
- C:\Windows\System\gKXCRIT.exe
  C:\Windows\System\gKXCRIT.exe
  2⤵
  PID:7356
- C:\Windows\System\ZLPfTfi.exe
  C:\Windows\System\ZLPfTfi.exe
  2⤵
  PID:8292
- C:\Windows\System\APbjTuT.exe
  C:\Windows\System\APbjTuT.exe
  2⤵
  PID:8356
- C:\Windows\System\nATIuNm.exe
  C:\Windows\System\nATIuNm.exe
  2⤵
  PID:8428
- C:\Windows\System\nviKIUW.exe
  C:\Windows\System\nviKIUW.exe
  2⤵
  PID:8456
- C:\Windows\System\KljuNKm.exe
  C:\Windows\System\KljuNKm.exe
  2⤵
  PID:9052
- C:\Windows\System\aMhCNBB.exe
  C:\Windows\System\aMhCNBB.exe
  2⤵
  PID:7336
- C:\Windows\System\SpfvFbU.exe
  C:\Windows\System\SpfvFbU.exe
  2⤵
  PID:8992
- C:\Windows\System\YJmXbee.exe
  C:\Windows\System\YJmXbee.exe
  2⤵
  PID:8380
- C:\Windows\System\zpCjmQt.exe
  C:\Windows\System\zpCjmQt.exe
  2⤵
  PID:8908
- C:\Windows\System\hvjNKpE.exe
  C:\Windows\System\hvjNKpE.exe
  2⤵
  PID:8200
- C:\Windows\System\sfuaJYL.exe
  C:\Windows\System\sfuaJYL.exe
  2⤵
  PID:9104
- C:\Windows\System\xpZEEhX.exe
  C:\Windows\System\xpZEEhX.exe
  2⤵
  PID:8592
- C:\Windows\System\WnUaxBs.exe
  C:\Windows\System\WnUaxBs.exe
  2⤵
  PID:8976
- C:\Windows\System\ILZYrGg.exe
  C:\Windows\System\ILZYrGg.exe
  2⤵
  PID:8472
- C:\Windows\System\SzFFGlt.exe
  C:\Windows\System\SzFFGlt.exe
  2⤵
  PID:8672
- C:\Windows\System\yWgmGLE.exe
  C:\Windows\System\yWgmGLE.exe
  2⤵
  PID:8736
- C:\Windows\System\mLupMbX.exe
  C:\Windows\System\mLupMbX.exe
  2⤵
  PID:8656
- C:\Windows\System\CKthSro.exe
  C:\Windows\System\CKthSro.exe
  2⤵
  PID:8560
- C:\Windows\System\HHucRcN.exe
  C:\Windows\System\HHucRcN.exe
  2⤵
  PID:8232
- C:\Windows\System\OlsxVLX.exe
  C:\Windows\System\OlsxVLX.exe
  2⤵
  PID:8412
- C:\Windows\System\iVwdPvF.exe
  C:\Windows\System\iVwdPvF.exe
  2⤵
  PID:8848
- C:\Windows\System\ULGiNUF.exe
  C:\Windows\System\ULGiNUF.exe
  2⤵
  PID:8796
- C:\Windows\System\WMNWdMk.exe
  C:\Windows\System\WMNWdMk.exe
  2⤵
  PID:7868
- C:\Windows\System\KcQBfZA.exe
  C:\Windows\System\KcQBfZA.exe
  2⤵
  PID:8784
- C:\Windows\System\pcdouKs.exe
  C:\Windows\System\pcdouKs.exe
  2⤵
  PID:9124
- C:\Windows\System\YQVuDvV.exe
  C:\Windows\System\YQVuDvV.exe
  2⤵
  PID:8444
- C:\Windows\System\GjeUnhK.exe
  C:\Windows\System\GjeUnhK.exe
  2⤵
  PID:8396
- C:\Windows\System\KbXchbs.exe
  C:\Windows\System\KbXchbs.exe
  2⤵
  PID:8328
- C:\Windows\System\LsxrkIt.exe
  C:\Windows\System\LsxrkIt.exe
  2⤵
  PID:9332
- C:\Windows\System\MoMlUTQ.exe
  C:\Windows\System\MoMlUTQ.exe
  2⤵
  PID:9352
- C:\Windows\System\HmwcOPv.exe
  C:\Windows\System\HmwcOPv.exe
  2⤵
  PID:9404
- C:\Windows\System\rlmUOLi.exe
  C:\Windows\System\rlmUOLi.exe
  2⤵
  PID:9424
- C:\Windows\System\zbFQrxV.exe
  C:\Windows\System\zbFQrxV.exe
  2⤵
  PID:9440
- C:\Windows\System\WAKHHjP.exe
  C:\Windows\System\WAKHHjP.exe
  2⤵
  PID:9456
- C:\Windows\System\FhvTmqF.exe
  C:\Windows\System\FhvTmqF.exe
  2⤵
  PID:9472
- C:\Windows\System\rBobZjU.exe
  C:\Windows\System\rBobZjU.exe
  2⤵
  PID:9488
- C:\Windows\System\GAuQrQs.exe
  C:\Windows\System\GAuQrQs.exe
  2⤵
  PID:9504
- C:\Windows\System\uUoPBND.exe
  C:\Windows\System\uUoPBND.exe
  2⤵
  PID:9520
- C:\Windows\System\YsRKQuL.exe
  C:\Windows\System\YsRKQuL.exe
  2⤵
  PID:9536
- C:\Windows\System\VgXlIKE.exe
  C:\Windows\System\VgXlIKE.exe
  2⤵
  PID:9552
- C:\Windows\System\ONgwUtH.exe
  C:\Windows\System\ONgwUtH.exe
  2⤵
  PID:9568
- C:\Windows\System\WgKdovV.exe
  C:\Windows\System\WgKdovV.exe
  2⤵
  PID:9584
- C:\Windows\System\dShlGiQ.exe
  C:\Windows\System\dShlGiQ.exe
  2⤵
  PID:9600
- C:\Windows\System\lERmcCf.exe
  C:\Windows\System\lERmcCf.exe
  2⤵
  PID:9616
- C:\Windows\System\PkLFoDS.exe
  C:\Windows\System\PkLFoDS.exe
  2⤵
  PID:9644
- C:\Windows\System\bKZhUNC.exe
  C:\Windows\System\bKZhUNC.exe
  2⤵
  PID:9672
- C:\Windows\System\LJFFjpD.exe
  C:\Windows\System\LJFFjpD.exe
  2⤵
  PID:9704
- C:\Windows\System\pBDeTRr.exe
  C:\Windows\System\pBDeTRr.exe
  2⤵
  PID:9720
- C:\Windows\System\xfdQYjx.exe
  C:\Windows\System\xfdQYjx.exe
  2⤵
  PID:9736
- C:\Windows\System\hmwdtVm.exe
  C:\Windows\System\hmwdtVm.exe
  2⤵
  PID:9752
- C:\Windows\System\RnxgeWd.exe
  C:\Windows\System\RnxgeWd.exe
  2⤵
  PID:9768
- C:\Windows\System\CXDtVhz.exe
  C:\Windows\System\CXDtVhz.exe
  2⤵
  PID:9784
- C:\Windows\System\vzYuNpy.exe
  C:\Windows\System\vzYuNpy.exe
  2⤵
  PID:9800
- C:\Windows\System\tTqdmel.exe
  C:\Windows\System\tTqdmel.exe
  2⤵
  PID:9816
- C:\Windows\System\vhQwZNY.exe
  C:\Windows\System\vhQwZNY.exe
  2⤵
  PID:9832
- C:\Windows\System\DHxxwhb.exe
  C:\Windows\System\DHxxwhb.exe
  2⤵
  PID:9852
- C:\Windows\System\FiPJZnH.exe
  C:\Windows\System\FiPJZnH.exe
  2⤵
  PID:9880
- C:\Windows\System\RusDgMI.exe
  C:\Windows\System\RusDgMI.exe
  2⤵
  PID:9900
- C:\Windows\System\ZpeIWEW.exe
  C:\Windows\System\ZpeIWEW.exe
  2⤵
  PID:9936
- C:\Windows\System\sAmkPUs.exe
  C:\Windows\System\sAmkPUs.exe
  2⤵
  PID:9952
- C:\Windows\System\CobzkZY.exe
  C:\Windows\System\CobzkZY.exe
  2⤵
  PID:9996
- C:\Windows\System\SuHgvzp.exe
  C:\Windows\System\SuHgvzp.exe
  2⤵
  PID:10012
- C:\Windows\System\TFhlmDj.exe
  C:\Windows\System\TFhlmDj.exe
  2⤵
  PID:10100
- C:\Windows\System\uVJIrEW.exe
  C:\Windows\System\uVJIrEW.exe
  2⤵
  PID:10116
- C:\Windows\System\qrLxrlX.exe
  C:\Windows\System\qrLxrlX.exe
  2⤵
  PID:10148
- C:\Windows\System\AYmStmr.exe
  C:\Windows\System\AYmStmr.exe
  2⤵
  PID:10196
- C:\Windows\System\ZQmNzmr.exe
  C:\Windows\System\ZQmNzmr.exe
  2⤵
  PID:10220
- C:\Windows\System\YyhVFuP.exe
  C:\Windows\System\YyhVFuP.exe
  2⤵
  PID:10236
- C:\Windows\System\PqjnweX.exe
  C:\Windows\System\PqjnweX.exe
  2⤵
  PID:9260
- C:\Windows\System\NGbJOwr.exe
  C:\Windows\System\NGbJOwr.exe
  2⤵
  PID:9320
- C:\Windows\System\lBslExZ.exe
  C:\Windows\System\lBslExZ.exe
  2⤵
  PID:9376
- C:\Windows\System\MLkoaks.exe
  C:\Windows\System\MLkoaks.exe
  2⤵
  PID:9412
- C:\Windows\System\RoNYnYj.exe
  C:\Windows\System\RoNYnYj.exe
  2⤵
  PID:9436
- C:\Windows\System\yKBuwah.exe
  C:\Windows\System\yKBuwah.exe
  2⤵
  PID:9592
- C:\Windows\System\AQUQbEU.exe
  C:\Windows\System\AQUQbEU.exe
  2⤵
  PID:9528
- C:\Windows\System\Smkpxos.exe
  C:\Windows\System\Smkpxos.exe
  2⤵
  PID:9636
- C:\Windows\System\gQsngUt.exe
  C:\Windows\System\gQsngUt.exe
  2⤵
  PID:9692
- C:\Windows\System\LTRdgOe.exe
  C:\Windows\System\LTRdgOe.exe
  2⤵
  PID:9732
- C:\Windows\System\UKUdOFp.exe
  C:\Windows\System\UKUdOFp.exe
  2⤵
  PID:9764
- C:\Windows\System\SrDvgOR.exe
  C:\Windows\System\SrDvgOR.exe
  2⤵
  PID:9796
- C:\Windows\System\YRmJzQy.exe
  C:\Windows\System\YRmJzQy.exe
  2⤵
  PID:9776
- C:\Windows\System\hfDipwr.exe
  C:\Windows\System\hfDipwr.exe
  2⤵
  PID:9544
- C:\Windows\System\gnLBsZR.exe
  C:\Windows\System\gnLBsZR.exe
  2⤵
  PID:9608
- C:\Windows\System\kDbGZxm.exe
  C:\Windows\System\kDbGZxm.exe
  2⤵
  PID:9660
- C:\Windows\System\nJFyAZK.exe
  C:\Windows\System\nJFyAZK.exe
  2⤵
  PID:9716
- C:\Windows\System\jzHrJpZ.exe
  C:\Windows\System\jzHrJpZ.exe
  2⤵
  PID:9864
- C:\Windows\System\kDJwCfW.exe
  C:\Windows\System\kDJwCfW.exe
  2⤵
  PID:9908
- C:\Windows\System\ZyjDPbC.exe
  C:\Windows\System\ZyjDPbC.exe
  2⤵
  PID:9840
- C:\Windows\System\EHGjqvG.exe
  C:\Windows\System\EHGjqvG.exe
  2⤵
  PID:9892
- C:\Windows\System\iQqhUpR.exe
  C:\Windows\System\iQqhUpR.exe
  2⤵
  PID:9924
- C:\Windows\System\VIWQzmb.exe
  C:\Windows\System\VIWQzmb.exe
  2⤵
  PID:9964
- C:\Windows\System\SOXjOgQ.exe
  C:\Windows\System\SOXjOgQ.exe
  2⤵
  PID:9980
- C:\Windows\System\fbZWXMN.exe
  C:\Windows\System\fbZWXMN.exe
  2⤵
  PID:10020
- C:\Windows\System\jkHDjbq.exe
  C:\Windows\System\jkHDjbq.exe
  2⤵
  PID:10004
- C:\Windows\System\upHhDAl.exe
  C:\Windows\System\upHhDAl.exe
  2⤵
  PID:10040
- C:\Windows\System\fHrkyQH.exe
  C:\Windows\System\fHrkyQH.exe
  2⤵
  PID:10056
- C:\Windows\System\TZJRMhn.exe
  C:\Windows\System\TZJRMhn.exe
  2⤵
  PID:10068
- C:\Windows\System\NZzJdEc.exe
  C:\Windows\System\NZzJdEc.exe
  2⤵
  PID:10092
- C:\Windows\System\yvWzBCH.exe
  C:\Windows\System\yvWzBCH.exe
  2⤵
  PID:10112
- C:\Windows\System\JeNbnBz.exe
  C:\Windows\System\JeNbnBz.exe
  2⤵
  PID:10156
- C:\Windows\System\JEbDYsT.exe
  C:\Windows\System\JEbDYsT.exe
  2⤵
  PID:10172
- C:\Windows\System\VPqJXeG.exe
  C:\Windows\System\VPqJXeG.exe
  2⤵
  PID:10180
- C:\Windows\System\xYNnymI.exe
  C:\Windows\System\xYNnymI.exe
  2⤵
  PID:10192
- C:\Windows\System\oAQvLmz.exe
  C:\Windows\System\oAQvLmz.exe
  2⤵
  PID:10216
- C:\Windows\System\CMxrcxT.exe
  C:\Windows\System\CMxrcxT.exe
  2⤵
  PID:8228
- C:\Windows\System\YqYqYPx.exe
  C:\Windows\System\YqYqYPx.exe
  2⤵
  PID:8972
- C:\Windows\System\pGktyjf.exe
  C:\Windows\System\pGktyjf.exe
  2⤵
  PID:8636
- C:\Windows\System\YlvZRHk.exe
  C:\Windows\System\YlvZRHk.exe
  2⤵
  PID:9272
- C:\Windows\System\guWIarD.exe
  C:\Windows\System\guWIarD.exe
  2⤵
  PID:9252
- C:\Windows\System\kJsofFn.exe
  C:\Windows\System\kJsofFn.exe
  2⤵
  PID:9280
- C:\Windows\System\NOmRlkR.exe
  C:\Windows\System\NOmRlkR.exe
  2⤵
  PID:9292
- C:\Windows\System\OugCnYn.exe
  C:\Windows\System\OugCnYn.exe
  2⤵
  PID:9312
- C:\Windows\System\mSAsgyY.exe
  C:\Windows\System\mSAsgyY.exe
  2⤵
  PID:9372
- C:\Windows\System\aUuhMEy.exe
  C:\Windows\System\aUuhMEy.exe
  2⤵
  PID:9396
- C:\Windows\System\qcWNhym.exe
  C:\Windows\System\qcWNhym.exe
  2⤵
  PID:9680
- C:\Windows\System\ddjSbTM.exe
  C:\Windows\System\ddjSbTM.exe
  2⤵
  PID:9760
- C:\Windows\System\xpTIEPt.exe
  C:\Windows\System\xpTIEPt.exe
  2⤵
  PID:9668
- C:\Windows\System\wTfuKhG.exe
  C:\Windows\System\wTfuKhG.exe
  2⤵
  PID:9848
- C:\Windows\System\klXFatW.exe
  C:\Windows\System\klXFatW.exe
  2⤵
  PID:9464
- C:\Windows\System\aGjHVJu.exe
  C:\Windows\System\aGjHVJu.exe
  2⤵
  PID:9700
- C:\Windows\System\FJWqnQQ.exe
  C:\Windows\System\FJWqnQQ.exe
  2⤵
  PID:9728
- C:\Windows\System\YkiiXBy.exe
  C:\Windows\System\YkiiXBy.exe
  2⤵
  PID:9500
- C:\Windows\System\qugihNq.exe
  C:\Windows\System\qugihNq.exe
  2⤵
  PID:9972
- C:\Windows\System\uPFaADt.exe
  C:\Windows\System\uPFaADt.exe
  2⤵
  PID:9452
- C:\Windows\System\pXyRDTQ.exe
  C:\Windows\System\pXyRDTQ.exe
  2⤵
  PID:9916
- C:\Windows\System\fqHsUgj.exe
  C:\Windows\System\fqHsUgj.exe
  2⤵
  PID:10096
- C:\Windows\System\uqJfALj.exe
  C:\Windows\System\uqJfALj.exe
  2⤵
  PID:10188
- C:\Windows\System\AXASilr.exe
  C:\Windows\System\AXASilr.exe
  2⤵
  PID:10088
- C:\Windows\System\uVASdBG.exe
  C:\Windows\System\uVASdBG.exe
  2⤵
  PID:10132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AekTMCB.exe

Filesize
6.0MB

MD5
583d65469d3854c083153ab89d1d8df3

SHA1
acd607f67fb730658efad19cf20f4ef85c93eb63

SHA256
8177b4910e51f0f76a101f1143b3c6e311ec564ceab78f910e2c2880e9a6ce95

SHA512
eb21b12ce077c1ff94d796c81978880347f4a8df3aa6d2f624803ab3ad879163ab0d89271cec129a5c1526fe431e198afbb8a1472ab64e8c6d9e7418e2cc7864

Download Submit
C:\Windows\system\AzyxWXz.exe

Filesize
6.0MB

MD5
eab6552ae6cb24a82a3546532ef1ed34

SHA1
f5a60264bbcd60d02451a8a335a49e86497ab33f

SHA256
0510a8e305f4d39ed3da483d2dd550c6a5bfda5b6007af887e6c8ee095bad5e8

SHA512
3bd9b33959fa5dbb1f2f094992b77f952d3c2fa4bd68772a257f389cabd47ed165b8112ad0ae61b10b50e4b5b8f44e814f4274edcdc75c8656039e92a2db5482

Download Submit
C:\Windows\system\CNsBMkK.exe

Filesize
6.0MB

MD5
d48d676f8a8202f3207859458ef9307a

SHA1
e6ab4f20863cbb88860c41b7da79661f5131ec56

SHA256
52e28f8880a8e9afa20778a4cf3cb85ebba380d864aad3561a0a46903caed787

SHA512
7b509ca0fbb559f251e15a99bb3232fccce814b8e239ee5fbd1e770379069684f524b23b5403842a6982f728a512a2547eb2abecb6a07dea63019881fc10a1cb

Download Submit
C:\Windows\system\EETnxCK.exe

Filesize
6.0MB

MD5
6638f1f6962f5cefaafa691b7fac4f7e

SHA1
136a4355dac3d99429bea9793ff87fceb7584992

SHA256
659ed71397caa6f6aea2b0e1752f9ff273bc67de06f5f3a8314adc363470f15e

SHA512
c467408b2921ce3f0ba18839f088b7cc4ac1e268e67f2d5e837e8fae5d6b10c18ddcec7da6e5fec85696d39c358ba58b08ac0fa78de471f8c2ef42bf10991fcb

Download Submit
C:\Windows\system\OCWikuB.exe

Filesize
6.0MB

MD5
02844785af7782599718938d85826e89

SHA1
f1a332b931f5cc987b53a45a672a2b2215620e98

SHA256
366f220e2e13110cec85a5b411a8c2bf6b383b285f6b0ac6300f272f72940cf7

SHA512
3f01b6cd40af8a65921d2702f6611dc283a5dba23ca547588c5fea50ad27bdc3db073513c3596c05af953b404667608290e2d5799865267945e215272cedc017

Download Submit
C:\Windows\system\QfIkcEG.exe

Filesize
6.0MB

MD5
3cf0cccd514c7f2f54c5965cc8556476

SHA1
385b16ce5cc2aeb8078ef705aea8fdfade837382

SHA256
10308e3904e096badeddf253f76b54caf14eb27910b061fb0875ff5872e93209

SHA512
496292922a894151987925c4a04f6f6d43f87225e3daa9d3a642c52e7a2e745ccae8430f20a44ccfc6ed1406fd2beb39fa9825ba823693f230eaeb521ffd8a41

Download Submit
C:\Windows\system\VOfowLK.exe

Filesize
6.0MB

MD5
63616bdc032d3d163a0c37c4a94f6e2b

SHA1
c3e0a68540eccd94ecfb3998a3daf064d5ccf131

SHA256
519abd77e2849d65cb39017fe7b72726f6546ba755001d4bc5458edf431cba4b

SHA512
e608f1c23835f175c515e79623b094b1c1a118bac1ff5b2252c61ab72c88b8aeb670b093ab1980acae2b505123092d7551a0a822d59ba0814619c0aef99423fa

Download Submit
C:\Windows\system\cfJtOCq.exe

Filesize
6.0MB

MD5
69bbe5af0e5307e295215f4865d389e9

SHA1
e65a305c2477c29a5c58bd5fc87945105255a2e0

SHA256
5945c9f644e889721db48365ce29be1d473d9201c42910956bef79529ca3e4a3

SHA512
3ab4517a8a81b8114475615fdbe52214a48929845927b5873a4763a03775db2f96b2c7b956a9175cfdfc2ef5418b1ea736dfdc2f9ffd02c4cf6ff74f15d24b24

Download Submit
C:\Windows\system\cqQDUjI.exe

Filesize
6.0MB

MD5
5b819a3da24409dbba2f36f541037c8f

SHA1
a8c8480da75c2c79d52d8728e31e577fa6444be1

SHA256
2106737fcd25b36c153f4f6e5aee6b324410c18b313aa74fcd0573f9a1f2287d

SHA512
2ab106d4d1573e3f6cb3a7b3a188edbeeb0a3ab51e81d76c89974aa9a5347eacbeee855eaac33485feb3193ea51a2e4773da3a70d31ac225283618909a4d4b10

Download Submit
C:\Windows\system\dEtSwPs.exe

Filesize
6.0MB

MD5
e5c11353e48be28a507c5ebcf29e3a36

SHA1
826a45986e56fcd6fe71492ee64dcc2106b869c8

SHA256
97dd3f64d285ad38cc5c8bf4a085f1ed1cef0f6f7ff33aa12ebcdbae8dfbf192

SHA512
2ed4afb335fbaf808f709a50dfe91a68863cb916e73752a4039c4f969ed470a952de2f2e37ea8d31d7d8e62980cb42c892c28d4cb748d170da55f69aa57701db

Download Submit
C:\Windows\system\eeLREqJ.exe

Filesize
6.0MB

MD5
8728603daeb383eaf18eecf052866052

SHA1
b096f068373dfc28a1496c67469127a843c9fe61

SHA256
c5698c8f0793a256573a94710bdb863a321f51e32c6b3ff1dc9f123b0a42528d

SHA512
a684750ec8ed91c0f39cfffd4b0abd3d003fa5cadcf0943709ed03baa123520dccbe50961b80131762c943eb892b212f9413bd95e4261337797ce26c179f3e13

Download Submit
C:\Windows\system\efBuDBe.exe

Filesize
6.0MB

MD5
581643a7477a02564e9c71e9cfa02eb9

SHA1
b5a71629dc4b3068f98eff0cda831fe34ad6fef1

SHA256
021f6b45c11c01f7328f28175275a7c8c98ddaf4ee1336b6dadead7df424b34b

SHA512
d2437da9569d80fde844094a3651da934e478e78e4f3e42a8581c845762967fb8a7e893741325329e6d5b847ace07ecbc369c2ccf1193ba83aeb79f1e242e8a0

Download Submit
C:\Windows\system\fQXkkYn.exe

Filesize
6.0MB

MD5
7b265caa4afcd3367d46668face92823

SHA1
53823d2f8e1d327df788685da13eb592896aa0be

SHA256
41a76a338e6a7d0f1571d904239f5849da2f8d5ab9462253f8d460d4b679c76f

SHA512
951a35e18390b7e10d3954e344ef51e82116bb00f929af711a3f40dd30f8db107b56a0bd990c04be5460e25335affe7f75083204e9c59315bfdaf7ce772f137c

Download Submit
C:\Windows\system\iXXsIuK.exe

Filesize
6.0MB

MD5
0b90b3e78b44f296304f731fe43be9fb

SHA1
0555c782dcdce6e21a87c8f257f3c96cfa2d3487

SHA256
8e6ec090ace3656d04ea9efbab1249988625b0d33edc55d219f527603ddbf123

SHA512
5f55d56f7810f9ecad73056be5f191200b820b9f8cded9a38e45fac29de0cb96087ba1d9a051ad53da8b516d113f2aaeabe8c971811f19ca0e3aa667811449d4

Download Submit
C:\Windows\system\kZDJpSD.exe

Filesize
6.0MB

MD5
70c227b15b146697c0c1f08ff6516975

SHA1
f47233715fe35c8ada97e68756daf4d9c3dcda6f

SHA256
73944b7a598ca081df53b39733a5f2e37cc77921d1994fbe131df3b034983a04

SHA512
ca60ab9ae9686d76698819c6c59aa4235b8b164a91ea9db9e79adef2b467198ddcb0d896039414e8696115803a76b89da6702287306f138ae3e9864cb4d814e8

Download Submit
C:\Windows\system\lAEjLsR.exe

Filesize
6.0MB

MD5
184d16894d18a1073e816c9d53a7a75d

SHA1
32ca471fef74944c58a0d4465d0d1cec1cbc3048

SHA256
4939485c5664fde723132bbaa23d563c4964fedacb10596ed82c1aa14e51473c

SHA512
9ccb421e6e2c6b8af1644b47d032628352c05ac7edc59e0aec9066f9a2ab347c68e400b181acb3b38fe2c20af332e18a03cfec1b6f599c130c8a07006d435497

Download Submit
C:\Windows\system\neLIHqM.exe

Filesize
6.0MB

MD5
f464c2fe924e9ae9e4d0daca886158fe

SHA1
25a85d2579d29e885145573aa015c1a968549697

SHA256
5acb99f83b7a917e286b9ffafac0f19a217cefd2ff0a6c26f87fb4cfa21fc897

SHA512
6248c0a3802f3e9f29c2c749d56608c6eb90ff1a56a41311c70147dd7823bca95104592789ac11a973a31ba719a68ad5c435c642d440fd3b7fdb4faf229273d1

Download Submit
C:\Windows\system\nzkQqEh.exe

Filesize
6.0MB

MD5
5ce31debd68537186c95ca68d87606f1

SHA1
c57ebb8f34935a22445fb82661f1daeb78c51da5

SHA256
5f5e9f5ed57ac958187968d0b25302127af8428b4915ea30e1cf031bfd954911

SHA512
5b45d9fa018972a8dc023062103b5bc9a994ae894de47f708f3d4a4ebd77cf3fa43f87f586e4c272de9f5b23716519137d49c840d414e7b7ddae35ee400df7ec

Download Submit
C:\Windows\system\qspcQWY.exe

Filesize
6.0MB

MD5
a40cc9e01f262c858603e2fb1e1af538

SHA1
2f932e180125e81e29befc3bdee877c07f50d47b

SHA256
abd5c4fe4bb4fe31fc9ea11d0be68c478b79404f18f660a7fcf29703caa88b27

SHA512
f30120d3d2f1f16f904465f85f19757a15696e3ea9f73ec6e38ee7dc7d403ae30f8702091ed7ba7ea172252ff72709ae22bc8a810dbf26438ff5fd4cec84d3fb

Download Submit
C:\Windows\system\qtBUtCA.exe

Filesize
6.0MB

MD5
4f84def31686148018088e44335225c6

SHA1
894585a2335a8fb8aac1a425b485c29e78daad59

SHA256
d956d49e1ce8f3d9560d9723866abe879f28f31f31f6234fc3ab5f0c9a2aaa07

SHA512
3f4b87cc6e89320d794107a798868b0b2d74aa27e2cd308724bc8a2d27d5e9d4c25ceb8b0a9619a901b746246df12ce6213c70fd7dea2d4af7066d74ed6729ed

Download Submit
C:\Windows\system\rXlUJVN.exe

Filesize
6.0MB

MD5
f670df043673865f8fd39ed497e3add1

SHA1
fc3f3bfcac6dc0b9e85bcb31278ccf7d694b7a9f

SHA256
c89144bf4f6c204ceb2a99329739be9e0c6a5ec67b33a6cc7433f5a819355c2b

SHA512
a610237c2a3109d0b047e42ef3d2a24fedec81b83ebbe08f725b5aebc3ac7da3a9fa546fc0b6377ebdeec136e4d70068ef2d0b77c020531ccbb199d1fb019e86

Download Submit
C:\Windows\system\riyNIUR.exe

Filesize
6.0MB

MD5
0d6bfe575cacc2c93df6d26062255a43

SHA1
d0b02b6b507012cbd256fdd200e8a1dde211b791

SHA256
eea36d1f5c806b507ec8da214372180558847f3e02cc41d724fbb3bff070f07c

SHA512
cb35b1b9d0183b32ab6949fe91df5a0a82cbea915e851c7dce18e6e0197c18038ba4036dc76f5d1e2b4520f1175cc277eb44f2c9a8072a57fe3d89c8647e90f9

Download Submit
C:\Windows\system\sJbNYZJ.exe

Filesize
6.0MB

MD5
14dc0c4de96dee4996ec3a286cb58d79

SHA1
cf7c1d6c4e15efbcfc31672d4df1aa2bf83fb1de

SHA256
d27690930bb5c185448726cb189e3e0d4df0bd854bea05ae516a0805dd747e2c

SHA512
807f0d9ecc2ae8544fd379e7bf3dc4a7e17a1a9bc9db46ff8891a38a215d151dec28d75a96af2754c056b548eea962acf64425dc91f1ffba838997b2336936f6

Download Submit
C:\Windows\system\svOJEHy.exe

Filesize
6.0MB

MD5
6a87be14a30cb12bf86f0a0f1cb29d5d

SHA1
a8ac6ba44b7bcbe6c087a1b67e7b074c2286b4b1

SHA256
e0a44775da922e7abd5dda04ee1654b4e38b5aa710f17ea2e362fe47ddcb9d6f

SHA512
d43d204cb12a13cf7d8f6331e59d0ead1d794a3c002befc52495b26b52ed9d2e291326c5285414a6d18aa90f6029a23391e3690b61206790cb02f3ba97d749cf

Download Submit
C:\Windows\system\tXkPsjJ.exe

Filesize
6.0MB

MD5
c7c0d79e47812bcd0818110978e8ba6f

SHA1
f355258e04e1cba1d37fcc0d08cde62cec8dcded

SHA256
98f6171011b024ea148df7b6625eca9927747582c645ce1b14431cd3b07f5b6e

SHA512
c65ecbacac89b36d70230817ff17fefd8dbbf16a93d015e65679e6c7fee0d170ee67605a5c66002f02a8cf1e41449cf40ce81d7a6b59d843c1774e0f1a624d48

Download Submit
C:\Windows\system\vmWjkdv.exe

Filesize
6.0MB

MD5
35d3c0c67c44857178b0a6b91f3c5c07

SHA1
f5aee5173001d3ef513b519f42a7cc8116563d5b

SHA256
2602a929c583e4fd7b945a4538aa22c0e684330da8ae265771c460a3c497b44b

SHA512
17817ec234a0ff6220ed4ae43f071faa5b23128233e82f4097a72cba68c6f6681620e8e62f66805742a6d0bbbfb764e281b17a48da70b003c028daa55351f40c

Download Submit
C:\Windows\system\xTWYXia.exe

Filesize
6.0MB

MD5
9ee6b386c9c5934e5fcc2cd2c3bd464e

SHA1
6be960bbe6654d8c2bc7a662fb0a127f1d1882ab

SHA256
5fe097be4e78f8d55a33853632746eb2a44b1e688175be251c07740083abe920

SHA512
a4c079bd313322954e64cd4237f7b27ac61e7e901774505d6aeb3d85565b3cc235d01cbe129a3b4cc2cd0499099467b3bcbe2d58109db8f12107b1ee77ed8da2

Download Submit
C:\Windows\system\yYZyZbq.exe

Filesize
6.0MB

MD5
3827dd9e40b424f34cd6f98e0dcbd172

SHA1
b2a8bf54007fa0536642c3ab6e08b922ce69980d

SHA256
16804154df2d24923e64b8525aa235f0ef74890f82a6ab22527440d7efe20564

SHA512
60b1e2e2cce3b1bb0b52c7c885124880745cb1c0a6350bd9d24e8a8dead1b47babe72ec5de64275e13eb4428c6251f45d1a458bba6b07d8628944808a8add3b4

Download Submit
\Windows\system\bioELvz.exe

Filesize
6.0MB

MD5
f54cfb859f952489dd5dc2050426a3a5

SHA1
523651c71adc9ce2bf55d70118e50bb8618db180

SHA256
bfaf91c6d6fe79bd1849eef849dbef5ee29008f1a32e11d5549362c6365cc0fd

SHA512
cc728a76da2304eee4dc59de9bbf089fdfff9d3c0aa493e3cc48e54875719ad7ddbf3c2f7fced696e0a9a0ecde453aa7dd9c2a17ac0d1679bd8e8e302045678a

Download Submit
\Windows\system\iYwEDlr.exe

Filesize
6.0MB

MD5
f329a46a45cd970b849e065595923b66

SHA1
4f39be48432770bb8a689dc23902da951d8db3ee

SHA256
9e9e287abfd2f901eb053d7859412f15742cfd793b93d627c0d76bd257567d9a

SHA512
f7b44b9e2db8dcec3fdf870cbde359e2c39b5933f6199f287d05fc50d5b1adab378fe2c2b063a990d93c7d58017e4863461a08494f77afb7a7afc270384a7494

Download Submit
\Windows\system\krSQAhm.exe

Filesize
6.0MB

MD5
1522450b749122b149716e872a667677

SHA1
c6a5e06f43672714396b24327487044f9fa84daf

SHA256
98a8bbb286f98360eb03968c991732a3aed09181ca88d45c460e38cee526af7d

SHA512
25aa2a3af33bbc62d3149707403a63a843dc191b3872c61926ae98b34bc2faaa3a69d65df3cadbd18140ddf9318b62ccb3c39f4805e239aa09f69d13909822f6

Download Submit
\Windows\system\sNceWnU.exe

Filesize
6.0MB

MD5
50ddf5d2320f1327431f02aa12d13361

SHA1
0b6975190f85b7bec608b8fbab58887244485fbf

SHA256
65db7005c4d09b1370a63c69933c32b96e708d5b64c29938f90bf66eb377b7a2

SHA512
9384c3b29c613a5010321d1d828176b1df1db05539bc4d329a474edee6b36734fc21320ed84d6428cc5a89efccb830ea9e9da95f8dee3cda52232ddb2f4ed99e

Download Submit
memory/1240-4135-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1240-78-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1240-567-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1640-4127-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1640-351-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1640-74-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1708-97-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1708-4134-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1708-1011-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1920-350-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1920-4124-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1920-73-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2092-4137-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2092-102-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2092-57-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2160-55-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2160-4136-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2160-19-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2564-36-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-4123-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-95-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2584-4125-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2584-49-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2596-41-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2596-88-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2596-4140-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2672-680-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2672-0-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2672-89-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2672-72-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2672-96-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2672-50-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2672-233-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2672-786-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1010-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2672-22-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2672-35-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-40-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2672-27-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2672-56-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2672-76-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2672-48-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2672-20-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2672-75-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-67-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2732-28-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2732-4175-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2764-17-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4129-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2916-4138-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2916-568-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2916-86-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2960-4121-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-21-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-898-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/3016-4122-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/3016-90-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download