cobaltstrike | 905a46ddf4c39f26fb29e7585e3c4bb6a10d726082c0ca884b0c7f70cd82f065

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 04:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

6df4f052da698ef5eead6394fac96c6a
SHA1

cfe6f9f56173fbe9e06e4ed5705ba05339f8a676
SHA256

905a46ddf4c39f26fb29e7585e3c4bb6a10d726082c0ca884b0c7f70cd82f065
SHA512

ffd9fdb716490ad30e4bb102689f93739d026c952f65c5139029ad78ec59258a761a2a187bbecb83829ac046accd0fff45f4ffe8162f3528c1f601c983aab5a1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUg:T+q56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00070000000120fc-3.dat	cobalt_reflective_dll
behavioral1/files/0x0003000000018334-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019394-13.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b8-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019470-25.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019489-30.dat	cobalt_reflective_dll
behavioral1/files/0x0031000000018bbf-52.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019490-47.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a404-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44d-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44f-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a479-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a475-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a473-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a459-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a457-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a438-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-98.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-84.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195bb-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-72.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194eb-64.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2936-0-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x00070000000120fc-3.dat	xmrig
behavioral1/files/0x0003000000018334-9.dat	xmrig
behavioral1/files/0x0008000000019394-13.dat	xmrig
behavioral1/files/0x00070000000193b8-21.dat	xmrig
behavioral1/files/0x0007000000019470-25.dat	xmrig
behavioral1/memory/1480-29-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x0006000000019489-30.dat	xmrig
behavioral1/memory/2984-31-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2616-42-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2780-51-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/files/0x0031000000018bbf-52.dat	xmrig
behavioral1/files/0x0006000000019490-47.dat	xmrig
behavioral1/memory/2880-38-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2204-36-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2936-35-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2952-34-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2612-59-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3f8-94.dat	xmrig
behavioral1/files/0x000500000001a400-103.dat	xmrig
behavioral1/files/0x000500000001a404-108.dat	xmrig
behavioral1/files/0x000500000001a44d-119.dat	xmrig
behavioral1/files/0x000500000001a44f-124.dat	xmrig
behavioral1/files/0x000500000001a463-138.dat	xmrig
behavioral1/files/0x000500000001a469-144.dat	xmrig
behavioral1/files/0x000500000001a471-161.dat	xmrig
behavioral1/files/0x000500000001a479-184.dat	xmrig
behavioral1/memory/1116-384-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/1660-355-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2612-698-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2936-803-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/1660-891-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/1480-1527-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2616-1606-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2780-1616-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2880-1550-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2952-1546-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2204-1544-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2984-1525-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2732-1640-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2612-1639-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2380-1644-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/1532-1655-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/1116-1654-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2156-1657-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2156-379-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/1532-365-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a475-174.dat	xmrig
behavioral1/files/0x000500000001a477-178.dat	xmrig
behavioral1/files/0x000500000001a473-168.dat	xmrig
behavioral1/files/0x000500000001a46f-158.dat	xmrig
behavioral1/files/0x000500000001a46d-154.dat	xmrig
behavioral1/files/0x000500000001a46b-148.dat	xmrig
behavioral1/files/0x000500000001a459-133.dat	xmrig
behavioral1/files/0x000500000001a457-128.dat	xmrig
behavioral1/files/0x000500000001a438-113.dat	xmrig
behavioral1/files/0x000500000001a3fd-98.dat	xmrig
behavioral1/files/0x000500000001a3f6-88.dat	xmrig
behavioral1/files/0x000500000001a3ab-84.dat	xmrig
behavioral1/memory/2936-83-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/files/0x00070000000195bb-82.dat	xmrig
behavioral1/memory/2616-81-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2380-80-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2936-75-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1480	hobOWwD.exe
2984	opFFXIf.exe
2952	YaShWeI.exe
2204	CMMVFoM.exe
2880	TlTswnC.exe
2616	HSfmjRs.exe
2780	GsdKPIH.exe
2612	kQHuDUy.exe
2732	hkvYdIU.exe
2380	OUQoPhV.exe
1660	QKYazNA.exe
1116	jCrnsgL.exe
1532	OjRhGiH.exe
2156	WGFCmxq.exe
3056	HhyzexC.exe
2340	pFsjHrX.exe
2368	ZUzeXgn.exe
3032	nwxuURT.exe
2736	ogveiWl.exe
2516	ygFFAed.exe
1640	CyJPuDB.exe
692	nwNsxuz.exe
1548	ntCTthn.exe
2116	cjHhQVB.exe
2456	MGVwghT.exe
2500	xKnmGxe.exe
396	DkkpmCk.exe
2272	TLXGjBf.exe
908	ypyjgEi.exe
1844	eGghEQH.exe
1020	zerrAdY.exe
1992	eORfSgV.exe
2084	aPfhNnk.exe
1724	DTRcleC.exe
948	haUTHpW.exe
236	bbwmnYB.exe
1748	bKaCZXu.exe
2388	jgBCgWJ.exe
1836	pVYBheA.exe
1216	oubWDZw.exe
776	Curphtp.exe
1464	wYrwowF.exe
964	cIoWxfU.exe
1068	BLcaCzQ.exe
1088	OqYvPiT.exe
1384	elDPWEW.exe
596	QQgbqVC.exe
2396	NzCCuJZ.exe
2684	aMmFVFp.exe
1168	JlaUFgQ.exe
1664	SVDkSSd.exe
752	YRtWBiM.exe
892	kbBiCYy.exe
2148	PKbvtRt.exe
1780	exQLzEJ.exe
1608	pLzstXG.exe
2236	VNqNzVm.exe
2856	kOSPkSh.exe
2168	LcaeDec.exe
2840	szlwrLh.exe
2768	YcqEmqU.exe
868	oTubbhI.exe
2776	tIQJzSK.exe
592	sowiIhk.exe

Loads dropped DLL 64 IoCs

pid	Process
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2936-0-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x00070000000120fc-3.dat	upx
behavioral1/files/0x0003000000018334-9.dat	upx
behavioral1/files/0x0008000000019394-13.dat	upx
behavioral1/files/0x00070000000193b8-21.dat	upx
behavioral1/files/0x0007000000019470-25.dat	upx
behavioral1/memory/1480-29-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x0006000000019489-30.dat	upx
behavioral1/memory/2984-31-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2616-42-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2780-51-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x0031000000018bbf-52.dat	upx
behavioral1/files/0x0006000000019490-47.dat	upx
behavioral1/memory/2880-38-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2204-36-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2952-34-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2612-59-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2936-76-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x000500000001a3f8-94.dat	upx
behavioral1/files/0x000500000001a400-103.dat	upx
behavioral1/files/0x000500000001a404-108.dat	upx
behavioral1/files/0x000500000001a44d-119.dat	upx
behavioral1/files/0x000500000001a44f-124.dat	upx
behavioral1/files/0x000500000001a463-138.dat	upx
behavioral1/files/0x000500000001a469-144.dat	upx
behavioral1/files/0x000500000001a471-161.dat	upx
behavioral1/files/0x000500000001a479-184.dat	upx
behavioral1/memory/1116-384-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/1660-355-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2612-698-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/1660-891-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/1480-1527-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2616-1606-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2780-1616-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2880-1550-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2952-1546-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2204-1544-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2984-1525-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2732-1640-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2612-1639-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2380-1644-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/1532-1655-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/1116-1654-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2156-1657-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2156-379-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/1532-365-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x000500000001a475-174.dat	upx
behavioral1/files/0x000500000001a477-178.dat	upx
behavioral1/files/0x000500000001a473-168.dat	upx
behavioral1/files/0x000500000001a46f-158.dat	upx
behavioral1/files/0x000500000001a46d-154.dat	upx
behavioral1/files/0x000500000001a46b-148.dat	upx
behavioral1/files/0x000500000001a459-133.dat	upx
behavioral1/files/0x000500000001a457-128.dat	upx
behavioral1/files/0x000500000001a438-113.dat	upx
behavioral1/files/0x000500000001a3fd-98.dat	upx
behavioral1/files/0x000500000001a3f6-88.dat	upx
behavioral1/files/0x000500000001a3ab-84.dat	upx
behavioral1/files/0x00070000000195bb-82.dat	upx
behavioral1/memory/2616-81-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2380-80-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2732-74-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x000500000001a309-72.dat	upx
behavioral1/files/0x00080000000194eb-64.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gBpaelX.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pIctvfz.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kNWdQcE.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EXkCZpO.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DCrnlcO.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BUrVBRx.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvJcQOt.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yGYUSYl.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UBcvhyx.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TiHCWzG.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uxgyvrc.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uwEFKoI.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\opbTjzc.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QKoSMou.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GOlgsln.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\voPnUpJ.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ACsJlDl.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxgprWr.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGBTpYS.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xpQAHTc.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJSmfjH.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZkSHri.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVgGtto.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NNitLxm.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LwhwOrC.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aWYeqDV.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\deOEVdk.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IpDtfiS.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEUPNZa.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZMHnVVo.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhntbKY.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zoJrSos.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HQMQiRh.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XVXJowc.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\alYpZYS.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BHWIrdW.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tlmdLuU.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\njdOaoA.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oOCDebb.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\APCiINX.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhhrswy.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LlpOjbO.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYHxMlf.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVaVkDC.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BivnMrY.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dvBSOif.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWDKiMv.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hlpBeBv.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYqzxJZ.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RwHeNky.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SlDxBGq.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FbDRBtR.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cYaUndd.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHfbrIp.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QdyLbmN.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PKbvtRt.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTJKxue.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DjSARGQ.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nlMDfzo.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ppOEyIm.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yPZaNEZ.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JCkbztw.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqjpgWO.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Rjiqbcb.exe	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 1480	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2936 wrote to memory of 1480	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2936 wrote to memory of 1480	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2936 wrote to memory of 2984	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2936 wrote to memory of 2984	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2936 wrote to memory of 2984	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2936 wrote to memory of 2952	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2936 wrote to memory of 2952	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2936 wrote to memory of 2952	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2936 wrote to memory of 2204	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2936 wrote to memory of 2204	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2936 wrote to memory of 2204	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2936 wrote to memory of 2880	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2936 wrote to memory of 2880	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2936 wrote to memory of 2880	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2936 wrote to memory of 2616	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2936 wrote to memory of 2616	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2936 wrote to memory of 2616	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2936 wrote to memory of 2780	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2936 wrote to memory of 2780	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2936 wrote to memory of 2780	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2936 wrote to memory of 2612	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2936 wrote to memory of 2612	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2936 wrote to memory of 2612	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2936 wrote to memory of 2732	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2936 wrote to memory of 2732	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2936 wrote to memory of 2732	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2936 wrote to memory of 1660	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2936 wrote to memory of 1660	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2936 wrote to memory of 1660	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2936 wrote to memory of 2380	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2936 wrote to memory of 2380	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2936 wrote to memory of 2380	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2936 wrote to memory of 1116	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2936 wrote to memory of 1116	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2936 wrote to memory of 1116	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2936 wrote to memory of 1532	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2936 wrote to memory of 1532	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2936 wrote to memory of 1532	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2936 wrote to memory of 2156	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2936 wrote to memory of 2156	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2936 wrote to memory of 2156	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2936 wrote to memory of 3056	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2936 wrote to memory of 3056	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2936 wrote to memory of 3056	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2936 wrote to memory of 2340	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2936 wrote to memory of 2340	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2936 wrote to memory of 2340	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2936 wrote to memory of 2368	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2936 wrote to memory of 2368	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2936 wrote to memory of 2368	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2936 wrote to memory of 3032	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2936 wrote to memory of 3032	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2936 wrote to memory of 3032	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2936 wrote to memory of 2736	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2936 wrote to memory of 2736	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2936 wrote to memory of 2736	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2936 wrote to memory of 2516	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2936 wrote to memory of 2516	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2936 wrote to memory of 2516	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2936 wrote to memory of 1640	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2936 wrote to memory of 1640	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2936 wrote to memory of 1640	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2936 wrote to memory of 692	2936	2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_6df4f052da698ef5eead6394fac96c6a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\System\hobOWwD.exe
  C:\Windows\System\hobOWwD.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\opFFXIf.exe
  C:\Windows\System\opFFXIf.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\YaShWeI.exe
  C:\Windows\System\YaShWeI.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\CMMVFoM.exe
  C:\Windows\System\CMMVFoM.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\TlTswnC.exe
  C:\Windows\System\TlTswnC.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\HSfmjRs.exe
  C:\Windows\System\HSfmjRs.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\GsdKPIH.exe
  C:\Windows\System\GsdKPIH.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\kQHuDUy.exe
  C:\Windows\System\kQHuDUy.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\hkvYdIU.exe
  C:\Windows\System\hkvYdIU.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\QKYazNA.exe
  C:\Windows\System\QKYazNA.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\OUQoPhV.exe
  C:\Windows\System\OUQoPhV.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\jCrnsgL.exe
  C:\Windows\System\jCrnsgL.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\OjRhGiH.exe
  C:\Windows\System\OjRhGiH.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\WGFCmxq.exe
  C:\Windows\System\WGFCmxq.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\HhyzexC.exe
  C:\Windows\System\HhyzexC.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\pFsjHrX.exe
  C:\Windows\System\pFsjHrX.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\ZUzeXgn.exe
  C:\Windows\System\ZUzeXgn.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\nwxuURT.exe
  C:\Windows\System\nwxuURT.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\ogveiWl.exe
  C:\Windows\System\ogveiWl.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\ygFFAed.exe
  C:\Windows\System\ygFFAed.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\CyJPuDB.exe
  C:\Windows\System\CyJPuDB.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\nwNsxuz.exe
  C:\Windows\System\nwNsxuz.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\ntCTthn.exe
  C:\Windows\System\ntCTthn.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\cjHhQVB.exe
  C:\Windows\System\cjHhQVB.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\MGVwghT.exe
  C:\Windows\System\MGVwghT.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\xKnmGxe.exe
  C:\Windows\System\xKnmGxe.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\DkkpmCk.exe
  C:\Windows\System\DkkpmCk.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\TLXGjBf.exe
  C:\Windows\System\TLXGjBf.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\ypyjgEi.exe
  C:\Windows\System\ypyjgEi.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\eGghEQH.exe
  C:\Windows\System\eGghEQH.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\zerrAdY.exe
  C:\Windows\System\zerrAdY.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\eORfSgV.exe
  C:\Windows\System\eORfSgV.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\aPfhNnk.exe
  C:\Windows\System\aPfhNnk.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\DTRcleC.exe
  C:\Windows\System\DTRcleC.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\haUTHpW.exe
  C:\Windows\System\haUTHpW.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\bbwmnYB.exe
  C:\Windows\System\bbwmnYB.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\bKaCZXu.exe
  C:\Windows\System\bKaCZXu.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\jgBCgWJ.exe
  C:\Windows\System\jgBCgWJ.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\pVYBheA.exe
  C:\Windows\System\pVYBheA.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\Curphtp.exe
  C:\Windows\System\Curphtp.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\oubWDZw.exe
  C:\Windows\System\oubWDZw.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\OqYvPiT.exe
  C:\Windows\System\OqYvPiT.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\wYrwowF.exe
  C:\Windows\System\wYrwowF.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\elDPWEW.exe
  C:\Windows\System\elDPWEW.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\cIoWxfU.exe
  C:\Windows\System\cIoWxfU.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\QQgbqVC.exe
  C:\Windows\System\QQgbqVC.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\BLcaCzQ.exe
  C:\Windows\System\BLcaCzQ.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\NzCCuJZ.exe
  C:\Windows\System\NzCCuJZ.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\aMmFVFp.exe
  C:\Windows\System\aMmFVFp.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\JlaUFgQ.exe
  C:\Windows\System\JlaUFgQ.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\SVDkSSd.exe
  C:\Windows\System\SVDkSSd.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\YRtWBiM.exe
  C:\Windows\System\YRtWBiM.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\kbBiCYy.exe
  C:\Windows\System\kbBiCYy.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\PKbvtRt.exe
  C:\Windows\System\PKbvtRt.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\exQLzEJ.exe
  C:\Windows\System\exQLzEJ.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\pLzstXG.exe
  C:\Windows\System\pLzstXG.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\VNqNzVm.exe
  C:\Windows\System\VNqNzVm.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\kOSPkSh.exe
  C:\Windows\System\kOSPkSh.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\LcaeDec.exe
  C:\Windows\System\LcaeDec.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\szlwrLh.exe
  C:\Windows\System\szlwrLh.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\YcqEmqU.exe
  C:\Windows\System\YcqEmqU.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\oTubbhI.exe
  C:\Windows\System\oTubbhI.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\tIQJzSK.exe
  C:\Windows\System\tIQJzSK.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\sowiIhk.exe
  C:\Windows\System\sowiIhk.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\URxPHgy.exe
  C:\Windows\System\URxPHgy.exe
  2⤵
  PID:2196
- C:\Windows\System\xQUisaR.exe
  C:\Windows\System\xQUisaR.exe
  2⤵
  PID:3028
- C:\Windows\System\mtzweBk.exe
  C:\Windows\System\mtzweBk.exe
  2⤵
  PID:2508
- C:\Windows\System\sbkFnmo.exe
  C:\Windows\System\sbkFnmo.exe
  2⤵
  PID:2696
- C:\Windows\System\sMLTPkB.exe
  C:\Windows\System\sMLTPkB.exe
  2⤵
  PID:836
- C:\Windows\System\IzbWgNc.exe
  C:\Windows\System\IzbWgNc.exe
  2⤵
  PID:612
- C:\Windows\System\PMxxGyG.exe
  C:\Windows\System\PMxxGyG.exe
  2⤵
  PID:2308
- C:\Windows\System\yAfNsyp.exe
  C:\Windows\System\yAfNsyp.exe
  2⤵
  PID:2252
- C:\Windows\System\JjvMZhW.exe
  C:\Windows\System\JjvMZhW.exe
  2⤵
  PID:2568
- C:\Windows\System\JpitXhk.exe
  C:\Windows\System\JpitXhk.exe
  2⤵
  PID:1204
- C:\Windows\System\kxHHmMA.exe
  C:\Windows\System\kxHHmMA.exe
  2⤵
  PID:2060
- C:\Windows\System\xFhkSlO.exe
  C:\Windows\System\xFhkSlO.exe
  2⤵
  PID:560
- C:\Windows\System\Sjivnyl.exe
  C:\Windows\System\Sjivnyl.exe
  2⤵
  PID:704
- C:\Windows\System\XAGreAo.exe
  C:\Windows\System\XAGreAo.exe
  2⤵
  PID:2644
- C:\Windows\System\ONubbNT.exe
  C:\Windows\System\ONubbNT.exe
  2⤵
  PID:524
- C:\Windows\System\wZHtkzc.exe
  C:\Windows\System\wZHtkzc.exe
  2⤵
  PID:1504
- C:\Windows\System\ScJkMvZ.exe
  C:\Windows\System\ScJkMvZ.exe
  2⤵
  PID:2100
- C:\Windows\System\EmDXYTr.exe
  C:\Windows\System\EmDXYTr.exe
  2⤵
  PID:1572
- C:\Windows\System\plpsuzD.exe
  C:\Windows\System\plpsuzD.exe
  2⤵
  PID:1812
- C:\Windows\System\MZPvISC.exe
  C:\Windows\System\MZPvISC.exe
  2⤵
  PID:2912
- C:\Windows\System\uDjZkWc.exe
  C:\Windows\System\uDjZkWc.exe
  2⤵
  PID:2364
- C:\Windows\System\OjuDClm.exe
  C:\Windows\System\OjuDClm.exe
  2⤵
  PID:1092
- C:\Windows\System\GpjjKPe.exe
  C:\Windows\System\GpjjKPe.exe
  2⤵
  PID:1740
- C:\Windows\System\yGUZfrm.exe
  C:\Windows\System\yGUZfrm.exe
  2⤵
  PID:1152
- C:\Windows\System\SZxYamx.exe
  C:\Windows\System\SZxYamx.exe
  2⤵
  PID:1928
- C:\Windows\System\fuFjqKf.exe
  C:\Windows\System\fuFjqKf.exe
  2⤵
  PID:1716
- C:\Windows\System\yqDGsxJ.exe
  C:\Windows\System\yqDGsxJ.exe
  2⤵
  PID:1720
- C:\Windows\System\vOGrfty.exe
  C:\Windows\System\vOGrfty.exe
  2⤵
  PID:2164
- C:\Windows\System\ucyeXjR.exe
  C:\Windows\System\ucyeXjR.exe
  2⤵
  PID:1612
- C:\Windows\System\ewXPYDd.exe
  C:\Windows\System\ewXPYDd.exe
  2⤵
  PID:2748
- C:\Windows\System\AxPyFUn.exe
  C:\Windows\System\AxPyFUn.exe
  2⤵
  PID:2720
- C:\Windows\System\sAPMOUy.exe
  C:\Windows\System\sAPMOUy.exe
  2⤵
  PID:3004
- C:\Windows\System\TwacckC.exe
  C:\Windows\System\TwacckC.exe
  2⤵
  PID:2176
- C:\Windows\System\OuXDOtR.exe
  C:\Windows\System\OuXDOtR.exe
  2⤵
  PID:2820
- C:\Windows\System\OmIlnRe.exe
  C:\Windows\System\OmIlnRe.exe
  2⤵
  PID:2076
- C:\Windows\System\eOfMUKN.exe
  C:\Windows\System\eOfMUKN.exe
  2⤵
  PID:2136
- C:\Windows\System\ATvuCDD.exe
  C:\Windows\System\ATvuCDD.exe
  2⤵
  PID:1976
- C:\Windows\System\CYEULOg.exe
  C:\Windows\System\CYEULOg.exe
  2⤵
  PID:2484
- C:\Windows\System\NnAwtuZ.exe
  C:\Windows\System\NnAwtuZ.exe
  2⤵
  PID:1184
- C:\Windows\System\rGOTCpA.exe
  C:\Windows\System\rGOTCpA.exe
  2⤵
  PID:1768
- C:\Windows\System\TiCiUwH.exe
  C:\Windows\System\TiCiUwH.exe
  2⤵
  PID:676
- C:\Windows\System\bLHcRxR.exe
  C:\Windows\System\bLHcRxR.exe
  2⤵
  PID:1240
- C:\Windows\System\aQIgcmm.exe
  C:\Windows\System\aQIgcmm.exe
  2⤵
  PID:1108
- C:\Windows\System\jWFfkWX.exe
  C:\Windows\System\jWFfkWX.exe
  2⤵
  PID:1704
- C:\Windows\System\LwhwOrC.exe
  C:\Windows\System\LwhwOrC.exe
  2⤵
  PID:3024
- C:\Windows\System\kLtEWGp.exe
  C:\Windows\System\kLtEWGp.exe
  2⤵
  PID:2956
- C:\Windows\System\yXtgBXc.exe
  C:\Windows\System\yXtgBXc.exe
  2⤵
  PID:940
- C:\Windows\System\ItLMdFY.exe
  C:\Windows\System\ItLMdFY.exe
  2⤵
  PID:2452
- C:\Windows\System\gLFoIFV.exe
  C:\Windows\System\gLFoIFV.exe
  2⤵
  PID:1680
- C:\Windows\System\MDrIYOw.exe
  C:\Windows\System\MDrIYOw.exe
  2⤵
  PID:2648
- C:\Windows\System\NWfMygX.exe
  C:\Windows\System\NWfMygX.exe
  2⤵
  PID:1128
- C:\Windows\System\DYuGZug.exe
  C:\Windows\System\DYuGZug.exe
  2⤵
  PID:1652
- C:\Windows\System\JHvZUnX.exe
  C:\Windows\System\JHvZUnX.exe
  2⤵
  PID:2256
- C:\Windows\System\ERVQBQa.exe
  C:\Windows\System\ERVQBQa.exe
  2⤵
  PID:3080
- C:\Windows\System\ViZrQkZ.exe
  C:\Windows\System\ViZrQkZ.exe
  2⤵
  PID:3104
- C:\Windows\System\WXQqoay.exe
  C:\Windows\System\WXQqoay.exe
  2⤵
  PID:3120
- C:\Windows\System\TlDyuwx.exe
  C:\Windows\System\TlDyuwx.exe
  2⤵
  PID:3136
- C:\Windows\System\LjUlhKU.exe
  C:\Windows\System\LjUlhKU.exe
  2⤵
  PID:3152
- C:\Windows\System\eoGPXRj.exe
  C:\Windows\System\eoGPXRj.exe
  2⤵
  PID:3168
- C:\Windows\System\tbTWbWF.exe
  C:\Windows\System\tbTWbWF.exe
  2⤵
  PID:3188
- C:\Windows\System\OzpBpen.exe
  C:\Windows\System\OzpBpen.exe
  2⤵
  PID:3204
- C:\Windows\System\IOpVoKG.exe
  C:\Windows\System\IOpVoKG.exe
  2⤵
  PID:3220
- C:\Windows\System\QXpTyxM.exe
  C:\Windows\System\QXpTyxM.exe
  2⤵
  PID:3248
- C:\Windows\System\fpCUgoD.exe
  C:\Windows\System\fpCUgoD.exe
  2⤵
  PID:3264
- C:\Windows\System\LoDAFFs.exe
  C:\Windows\System\LoDAFFs.exe
  2⤵
  PID:3284
- C:\Windows\System\DrhMtuk.exe
  C:\Windows\System\DrhMtuk.exe
  2⤵
  PID:3300
- C:\Windows\System\JiWJNPb.exe
  C:\Windows\System\JiWJNPb.exe
  2⤵
  PID:3320
- C:\Windows\System\xukhjpT.exe
  C:\Windows\System\xukhjpT.exe
  2⤵
  PID:3336
- C:\Windows\System\fnFvxXk.exe
  C:\Windows\System\fnFvxXk.exe
  2⤵
  PID:3352
- C:\Windows\System\NSkxmxe.exe
  C:\Windows\System\NSkxmxe.exe
  2⤵
  PID:3372
- C:\Windows\System\PHRwqkY.exe
  C:\Windows\System\PHRwqkY.exe
  2⤵
  PID:3388
- C:\Windows\System\VUgysIB.exe
  C:\Windows\System\VUgysIB.exe
  2⤵
  PID:3404
- C:\Windows\System\HsCHDeP.exe
  C:\Windows\System\HsCHDeP.exe
  2⤵
  PID:3420
- C:\Windows\System\qVmrjkn.exe
  C:\Windows\System\qVmrjkn.exe
  2⤵
  PID:3488
- C:\Windows\System\OTRYUuo.exe
  C:\Windows\System\OTRYUuo.exe
  2⤵
  PID:3504
- C:\Windows\System\SHeERtM.exe
  C:\Windows\System\SHeERtM.exe
  2⤵
  PID:3520
- C:\Windows\System\TPJjDEL.exe
  C:\Windows\System\TPJjDEL.exe
  2⤵
  PID:3536
- C:\Windows\System\HFsAqok.exe
  C:\Windows\System\HFsAqok.exe
  2⤵
  PID:3552
- C:\Windows\System\NYxOxCp.exe
  C:\Windows\System\NYxOxCp.exe
  2⤵
  PID:3576
- C:\Windows\System\htVwJvt.exe
  C:\Windows\System\htVwJvt.exe
  2⤵
  PID:3592
- C:\Windows\System\qarMqPp.exe
  C:\Windows\System\qarMqPp.exe
  2⤵
  PID:3608
- C:\Windows\System\OIqqwfL.exe
  C:\Windows\System\OIqqwfL.exe
  2⤵
  PID:3624
- C:\Windows\System\ufNjeCF.exe
  C:\Windows\System\ufNjeCF.exe
  2⤵
  PID:3640
- C:\Windows\System\BoClaOW.exe
  C:\Windows\System\BoClaOW.exe
  2⤵
  PID:3656
- C:\Windows\System\kNWdQcE.exe
  C:\Windows\System\kNWdQcE.exe
  2⤵
  PID:3672
- C:\Windows\System\MqOCQcn.exe
  C:\Windows\System\MqOCQcn.exe
  2⤵
  PID:3688
- C:\Windows\System\BnUrrpP.exe
  C:\Windows\System\BnUrrpP.exe
  2⤵
  PID:3704
- C:\Windows\System\lyoLaAG.exe
  C:\Windows\System\lyoLaAG.exe
  2⤵
  PID:3720
- C:\Windows\System\QOCxhcZ.exe
  C:\Windows\System\QOCxhcZ.exe
  2⤵
  PID:3736
- C:\Windows\System\GGMadlk.exe
  C:\Windows\System\GGMadlk.exe
  2⤵
  PID:3752
- C:\Windows\System\alYpZYS.exe
  C:\Windows\System\alYpZYS.exe
  2⤵
  PID:3768
- C:\Windows\System\zvdojCD.exe
  C:\Windows\System\zvdojCD.exe
  2⤵
  PID:3784
- C:\Windows\System\rvQmyxY.exe
  C:\Windows\System\rvQmyxY.exe
  2⤵
  PID:3800
- C:\Windows\System\dMdBeXJ.exe
  C:\Windows\System\dMdBeXJ.exe
  2⤵
  PID:3816
- C:\Windows\System\lKLSzEc.exe
  C:\Windows\System\lKLSzEc.exe
  2⤵
  PID:3832
- C:\Windows\System\AfGXwCI.exe
  C:\Windows\System\AfGXwCI.exe
  2⤵
  PID:3848
- C:\Windows\System\bmuDdJr.exe
  C:\Windows\System\bmuDdJr.exe
  2⤵
  PID:3864
- C:\Windows\System\HijICSA.exe
  C:\Windows\System\HijICSA.exe
  2⤵
  PID:3880
- C:\Windows\System\ETWIJAZ.exe
  C:\Windows\System\ETWIJAZ.exe
  2⤵
  PID:3896
- C:\Windows\System\dvBSOif.exe
  C:\Windows\System\dvBSOif.exe
  2⤵
  PID:3912
- C:\Windows\System\fdmjets.exe
  C:\Windows\System\fdmjets.exe
  2⤵
  PID:3936
- C:\Windows\System\MfbRjHO.exe
  C:\Windows\System\MfbRjHO.exe
  2⤵
  PID:3984
- C:\Windows\System\VbwShrD.exe
  C:\Windows\System\VbwShrD.exe
  2⤵
  PID:4000
- C:\Windows\System\APiLRbY.exe
  C:\Windows\System\APiLRbY.exe
  2⤵
  PID:4016
- C:\Windows\System\SRiVWLZ.exe
  C:\Windows\System\SRiVWLZ.exe
  2⤵
  PID:4032
- C:\Windows\System\qVIOXDq.exe
  C:\Windows\System\qVIOXDq.exe
  2⤵
  PID:4048
- C:\Windows\System\FEjuzPw.exe
  C:\Windows\System\FEjuzPw.exe
  2⤵
  PID:4064
- C:\Windows\System\kRKLMhZ.exe
  C:\Windows\System\kRKLMhZ.exe
  2⤵
  PID:4080
- C:\Windows\System\CFXDZvc.exe
  C:\Windows\System\CFXDZvc.exe
  2⤵
  PID:2152
- C:\Windows\System\sdjNLAS.exe
  C:\Windows\System\sdjNLAS.exe
  2⤵
  PID:3012
- C:\Windows\System\KNDpOki.exe
  C:\Windows\System\KNDpOki.exe
  2⤵
  PID:2028
- C:\Windows\System\VUiNnMw.exe
  C:\Windows\System\VUiNnMw.exe
  2⤵
  PID:3076
- C:\Windows\System\moROlOB.exe
  C:\Windows\System\moROlOB.exe
  2⤵
  PID:2140
- C:\Windows\System\VqdiTvc.exe
  C:\Windows\System\VqdiTvc.exe
  2⤵
  PID:3148
- C:\Windows\System\FESauZG.exe
  C:\Windows\System\FESauZG.exe
  2⤵
  PID:3180
- C:\Windows\System\hDrJJWn.exe
  C:\Windows\System\hDrJJWn.exe
  2⤵
  PID:2024
- C:\Windows\System\XzEyCQF.exe
  C:\Windows\System\XzEyCQF.exe
  2⤵
  PID:3256
- C:\Windows\System\geYVxkq.exe
  C:\Windows\System\geYVxkq.exe
  2⤵
  PID:3296
- C:\Windows\System\nemeitn.exe
  C:\Windows\System\nemeitn.exe
  2⤵
  PID:2712
- C:\Windows\System\EfjfaNT.exe
  C:\Windows\System\EfjfaNT.exe
  2⤵
  PID:3364
- C:\Windows\System\RwHeNky.exe
  C:\Windows\System\RwHeNky.exe
  2⤵
  PID:2120
- C:\Windows\System\vNllONc.exe
  C:\Windows\System\vNllONc.exe
  2⤵
  PID:2804
- C:\Windows\System\TshyGGv.exe
  C:\Windows\System\TshyGGv.exe
  2⤵
  PID:2764
- C:\Windows\System\ESquzJP.exe
  C:\Windows\System\ESquzJP.exe
  2⤵
  PID:2624
- C:\Windows\System\NjmhrJy.exe
  C:\Windows\System\NjmhrJy.exe
  2⤵
  PID:2608
- C:\Windows\System\LAXfrVX.exe
  C:\Windows\System\LAXfrVX.exe
  2⤵
  PID:2636
- C:\Windows\System\GMjYfxh.exe
  C:\Windows\System\GMjYfxh.exe
  2⤵
  PID:2656
- C:\Windows\System\zuPANlH.exe
  C:\Windows\System\zuPANlH.exe
  2⤵
  PID:3100
- C:\Windows\System\cKVJcDH.exe
  C:\Windows\System\cKVJcDH.exe
  2⤵
  PID:3200
- C:\Windows\System\CTAQwlD.exe
  C:\Windows\System\CTAQwlD.exe
  2⤵
  PID:3240
- C:\Windows\System\mjEjjLz.exe
  C:\Windows\System\mjEjjLz.exe
  2⤵
  PID:3280
- C:\Windows\System\ufRxsIQ.exe
  C:\Windows\System\ufRxsIQ.exe
  2⤵
  PID:3344
- C:\Windows\System\afVeThD.exe
  C:\Windows\System\afVeThD.exe
  2⤵
  PID:3416
- C:\Windows\System\tJZIsKD.exe
  C:\Windows\System\tJZIsKD.exe
  2⤵
  PID:3088
- C:\Windows\System\ycVXXPI.exe
  C:\Windows\System\ycVXXPI.exe
  2⤵
  PID:2200
- C:\Windows\System\tuMdrUx.exe
  C:\Windows\System\tuMdrUx.exe
  2⤵
  PID:2096
- C:\Windows\System\WFanygx.exe
  C:\Windows\System\WFanygx.exe
  2⤵
  PID:1636
- C:\Windows\System\lJMeRui.exe
  C:\Windows\System\lJMeRui.exe
  2⤵
  PID:2104
- C:\Windows\System\yaVbQmz.exe
  C:\Windows\System\yaVbQmz.exe
  2⤵
  PID:3516
- C:\Windows\System\KsQgpHT.exe
  C:\Windows\System\KsQgpHT.exe
  2⤵
  PID:3560
- C:\Windows\System\kwvlaVZ.exe
  C:\Windows\System\kwvlaVZ.exe
  2⤵
  PID:3584
- C:\Windows\System\LYyRwQj.exe
  C:\Windows\System\LYyRwQj.exe
  2⤵
  PID:3620
- C:\Windows\System\SKJBoLm.exe
  C:\Windows\System\SKJBoLm.exe
  2⤵
  PID:3684
- C:\Windows\System\mKtWhVf.exe
  C:\Windows\System\mKtWhVf.exe
  2⤵
  PID:3748
- C:\Windows\System\JTZpVIL.exe
  C:\Windows\System\JTZpVIL.exe
  2⤵
  PID:3604
- C:\Windows\System\FksuCtf.exe
  C:\Windows\System\FksuCtf.exe
  2⤵
  PID:3840
- C:\Windows\System\NJvXVcw.exe
  C:\Windows\System\NJvXVcw.exe
  2⤵
  PID:3876
- C:\Windows\System\RBIupmz.exe
  C:\Windows\System\RBIupmz.exe
  2⤵
  PID:3948
- C:\Windows\System\rLQTLUf.exe
  C:\Windows\System\rLQTLUf.exe
  2⤵
  PID:3760
- C:\Windows\System\ivjVLpS.exe
  C:\Windows\System\ivjVLpS.exe
  2⤵
  PID:3972
- C:\Windows\System\jIhKxAm.exe
  C:\Windows\System\jIhKxAm.exe
  2⤵
  PID:4012
- C:\Windows\System\OifqoIf.exe
  C:\Windows\System\OifqoIf.exe
  2⤵
  PID:3700
- C:\Windows\System\ZCLRxmH.exe
  C:\Windows\System\ZCLRxmH.exe
  2⤵
  PID:4072
- C:\Windows\System\myySEPO.exe
  C:\Windows\System\myySEPO.exe
  2⤵
  PID:3184
- C:\Windows\System\vIcRWZA.exe
  C:\Windows\System\vIcRWZA.exe
  2⤵
  PID:3144
- C:\Windows\System\ykgdsLG.exe
  C:\Windows\System\ykgdsLG.exe
  2⤵
  PID:3212
- C:\Windows\System\pLIgsSf.exe
  C:\Windows\System\pLIgsSf.exe
  2⤵
  PID:1804
- C:\Windows\System\oLsrpsn.exe
  C:\Windows\System\oLsrpsn.exe
  2⤵
  PID:2944
- C:\Windows\System\wfHJaMf.exe
  C:\Windows\System\wfHJaMf.exe
  2⤵
  PID:3096
- C:\Windows\System\RqkwCGd.exe
  C:\Windows\System\RqkwCGd.exe
  2⤵
  PID:3920
- C:\Windows\System\ComVyTl.exe
  C:\Windows\System\ComVyTl.exe
  2⤵
  PID:3664
- C:\Windows\System\oSCTpSb.exe
  C:\Windows\System\oSCTpSb.exe
  2⤵
  PID:3944
- C:\Windows\System\HhXlLWV.exe
  C:\Windows\System\HhXlLWV.exe
  2⤵
  PID:2960
- C:\Windows\System\XIwvVBD.exe
  C:\Windows\System\XIwvVBD.exe
  2⤵
  PID:2208
- C:\Windows\System\TjTjNCK.exe
  C:\Windows\System\TjTjNCK.exe
  2⤵
  PID:3668
- C:\Windows\System\WYKKBwB.exe
  C:\Windows\System\WYKKBwB.exe
  2⤵
  PID:2320
- C:\Windows\System\bWolHUU.exe
  C:\Windows\System\bWolHUU.exe
  2⤵
  PID:3812
- C:\Windows\System\HZpVUAP.exe
  C:\Windows\System\HZpVUAP.exe
  2⤵
  PID:2716
- C:\Windows\System\bTSgqcE.exe
  C:\Windows\System\bTSgqcE.exe
  2⤵
  PID:3164
- C:\Windows\System\dYXGvgf.exe
  C:\Windows\System\dYXGvgf.exe
  2⤵
  PID:2092
- C:\Windows\System\aWYeqDV.exe
  C:\Windows\System\aWYeqDV.exe
  2⤵
  PID:3616
- C:\Windows\System\YfkHoNi.exe
  C:\Windows\System\YfkHoNi.exe
  2⤵
  PID:2356
- C:\Windows\System\WegbEFm.exe
  C:\Windows\System\WegbEFm.exe
  2⤵
  PID:2480
- C:\Windows\System\DSUBBPO.exe
  C:\Windows\System\DSUBBPO.exe
  2⤵
  PID:3780
- C:\Windows\System\FelGQeu.exe
  C:\Windows\System\FelGQeu.exe
  2⤵
  PID:3632
- C:\Windows\System\PMLXVFL.exe
  C:\Windows\System\PMLXVFL.exe
  2⤵
  PID:4008
- C:\Windows\System\TxyMzXy.exe
  C:\Windows\System\TxyMzXy.exe
  2⤵
  PID:3064
- C:\Windows\System\beKJhzo.exe
  C:\Windows\System\beKJhzo.exe
  2⤵
  PID:2760
- C:\Windows\System\KejmYwA.exe
  C:\Windows\System\KejmYwA.exe
  2⤵
  PID:3272
- C:\Windows\System\zrbpmXX.exe
  C:\Windows\System\zrbpmXX.exe
  2⤵
  PID:2604
- C:\Windows\System\ujSNzAG.exe
  C:\Windows\System\ujSNzAG.exe
  2⤵
  PID:3856
- C:\Windows\System\jWTazxg.exe
  C:\Windows\System\jWTazxg.exe
  2⤵
  PID:1140
- C:\Windows\System\gpbGVCo.exe
  C:\Windows\System\gpbGVCo.exe
  2⤵
  PID:4024
- C:\Windows\System\vkApYpr.exe
  C:\Windows\System\vkApYpr.exe
  2⤵
  PID:1972
- C:\Windows\System\hVIqqgl.exe
  C:\Windows\System\hVIqqgl.exe
  2⤵
  PID:3652
- C:\Windows\System\MQQeKXH.exe
  C:\Windows\System\MQQeKXH.exe
  2⤵
  PID:3332
- C:\Windows\System\YSRvovG.exe
  C:\Windows\System\YSRvovG.exe
  2⤵
  PID:3232
- C:\Windows\System\DINTNFL.exe
  C:\Windows\System\DINTNFL.exe
  2⤵
  PID:2284
- C:\Windows\System\ioduJbx.exe
  C:\Windows\System\ioduJbx.exe
  2⤵
  PID:316
- C:\Windows\System\YoWQycS.exe
  C:\Windows\System\YoWQycS.exe
  2⤵
  PID:3276
- C:\Windows\System\vLdltiz.exe
  C:\Windows\System\vLdltiz.exe
  2⤵
  PID:2752
- C:\Windows\System\gPpyENG.exe
  C:\Windows\System\gPpyENG.exe
  2⤵
  PID:1536
- C:\Windows\System\lbvNspF.exe
  C:\Windows\System\lbvNspF.exe
  2⤵
  PID:2288
- C:\Windows\System\qwZGbii.exe
  C:\Windows\System\qwZGbii.exe
  2⤵
  PID:1172
- C:\Windows\System\bAQjgib.exe
  C:\Windows\System\bAQjgib.exe
  2⤵
  PID:1668
- C:\Windows\System\deOEVdk.exe
  C:\Windows\System\deOEVdk.exe
  2⤵
  PID:3680
- C:\Windows\System\zQrmoxX.exe
  C:\Windows\System\zQrmoxX.exe
  2⤵
  PID:2836
- C:\Windows\System\UuiKsAp.exe
  C:\Windows\System\UuiKsAp.exe
  2⤵
  PID:3872
- C:\Windows\System\oMdpFCe.exe
  C:\Windows\System\oMdpFCe.exe
  2⤵
  PID:1968
- C:\Windows\System\uEdKFis.exe
  C:\Windows\System\uEdKFis.exe
  2⤵
  PID:2472
- C:\Windows\System\rjShmre.exe
  C:\Windows\System\rjShmre.exe
  2⤵
  PID:1756
- C:\Windows\System\uOImzaJ.exe
  C:\Windows\System\uOImzaJ.exe
  2⤵
  PID:3116
- C:\Windows\System\nObXAlG.exe
  C:\Windows\System\nObXAlG.exe
  2⤵
  PID:1544
- C:\Windows\System\KbSHWkd.exe
  C:\Windows\System\KbSHWkd.exe
  2⤵
  PID:2976
- C:\Windows\System\HCfFssL.exe
  C:\Windows\System\HCfFssL.exe
  2⤵
  PID:1776
- C:\Windows\System\hSLRbRj.exe
  C:\Windows\System\hSLRbRj.exe
  2⤵
  PID:2112
- C:\Windows\System\TGZkUZF.exe
  C:\Windows\System\TGZkUZF.exe
  2⤵
  PID:1616
- C:\Windows\System\tgEIUuA.exe
  C:\Windows\System\tgEIUuA.exe
  2⤵
  PID:3380
- C:\Windows\System\DKfNSKk.exe
  C:\Windows\System\DKfNSKk.exe
  2⤵
  PID:3828
- C:\Windows\System\awooMmb.exe
  C:\Windows\System\awooMmb.exe
  2⤵
  PID:3892
- C:\Windows\System\ZcPhPNn.exe
  C:\Windows\System\ZcPhPNn.exe
  2⤵
  PID:3908
- C:\Windows\System\QNHopUP.exe
  C:\Windows\System\QNHopUP.exe
  2⤵
  PID:2132
- C:\Windows\System\mSPuGLG.exe
  C:\Windows\System\mSPuGLG.exe
  2⤵
  PID:3860
- C:\Windows\System\juUoEVT.exe
  C:\Windows\System\juUoEVT.exe
  2⤵
  PID:3316
- C:\Windows\System\MIqttsA.exe
  C:\Windows\System\MIqttsA.exe
  2⤵
  PID:1104
- C:\Windows\System\rUTHFKQ.exe
  C:\Windows\System\rUTHFKQ.exe
  2⤵
  PID:3960
- C:\Windows\System\NhglmYH.exe
  C:\Windows\System\NhglmYH.exe
  2⤵
  PID:4060
- C:\Windows\System\gUSIWsj.exe
  C:\Windows\System\gUSIWsj.exe
  2⤵
  PID:2928
- C:\Windows\System\yPZaNEZ.exe
  C:\Windows\System\yPZaNEZ.exe
  2⤵
  PID:4116
- C:\Windows\System\dGvdnNf.exe
  C:\Windows\System\dGvdnNf.exe
  2⤵
  PID:4132
- C:\Windows\System\UYGYJVi.exe
  C:\Windows\System\UYGYJVi.exe
  2⤵
  PID:4152
- C:\Windows\System\JhjsxJH.exe
  C:\Windows\System\JhjsxJH.exe
  2⤵
  PID:4168
- C:\Windows\System\TlrAjtF.exe
  C:\Windows\System\TlrAjtF.exe
  2⤵
  PID:4188
- C:\Windows\System\aaseuyL.exe
  C:\Windows\System\aaseuyL.exe
  2⤵
  PID:4204
- C:\Windows\System\IAPjlmi.exe
  C:\Windows\System\IAPjlmi.exe
  2⤵
  PID:4228
- C:\Windows\System\XrigLRa.exe
  C:\Windows\System\XrigLRa.exe
  2⤵
  PID:4244
- C:\Windows\System\jKKkYaA.exe
  C:\Windows\System\jKKkYaA.exe
  2⤵
  PID:4264
- C:\Windows\System\MrXgFax.exe
  C:\Windows\System\MrXgFax.exe
  2⤵
  PID:4280
- C:\Windows\System\QuLrjOH.exe
  C:\Windows\System\QuLrjOH.exe
  2⤵
  PID:4296
- C:\Windows\System\ucZibmn.exe
  C:\Windows\System\ucZibmn.exe
  2⤵
  PID:4316
- C:\Windows\System\xfYSiCv.exe
  C:\Windows\System\xfYSiCv.exe
  2⤵
  PID:4332
- C:\Windows\System\jrusSIj.exe
  C:\Windows\System\jrusSIj.exe
  2⤵
  PID:4352
- C:\Windows\System\EDWvGtC.exe
  C:\Windows\System\EDWvGtC.exe
  2⤵
  PID:4372
- C:\Windows\System\KfobunZ.exe
  C:\Windows\System\KfobunZ.exe
  2⤵
  PID:4432
- C:\Windows\System\bPnbDZr.exe
  C:\Windows\System\bPnbDZr.exe
  2⤵
  PID:4448
- C:\Windows\System\zbSGGNp.exe
  C:\Windows\System\zbSGGNp.exe
  2⤵
  PID:4468
- C:\Windows\System\wcTheaI.exe
  C:\Windows\System\wcTheaI.exe
  2⤵
  PID:4484
- C:\Windows\System\RxidVWf.exe
  C:\Windows\System\RxidVWf.exe
  2⤵
  PID:4500
- C:\Windows\System\klTLagA.exe
  C:\Windows\System\klTLagA.exe
  2⤵
  PID:4532
- C:\Windows\System\nYzGtxX.exe
  C:\Windows\System\nYzGtxX.exe
  2⤵
  PID:4548
- C:\Windows\System\fzuSeRp.exe
  C:\Windows\System\fzuSeRp.exe
  2⤵
  PID:4564
- C:\Windows\System\qaxaiGE.exe
  C:\Windows\System\qaxaiGE.exe
  2⤵
  PID:4580
- C:\Windows\System\VmiXayn.exe
  C:\Windows\System\VmiXayn.exe
  2⤵
  PID:4596
- C:\Windows\System\QnMkZEa.exe
  C:\Windows\System\QnMkZEa.exe
  2⤵
  PID:4624
- C:\Windows\System\XMnhHeg.exe
  C:\Windows\System\XMnhHeg.exe
  2⤵
  PID:4640
- C:\Windows\System\xtaSKCI.exe
  C:\Windows\System\xtaSKCI.exe
  2⤵
  PID:4656
- C:\Windows\System\tagExoS.exe
  C:\Windows\System\tagExoS.exe
  2⤵
  PID:4672
- C:\Windows\System\blLohlE.exe
  C:\Windows\System\blLohlE.exe
  2⤵
  PID:4716
- C:\Windows\System\thZGoGu.exe
  C:\Windows\System\thZGoGu.exe
  2⤵
  PID:4732
- C:\Windows\System\SkZlqTC.exe
  C:\Windows\System\SkZlqTC.exe
  2⤵
  PID:4764
- C:\Windows\System\vQMuZmu.exe
  C:\Windows\System\vQMuZmu.exe
  2⤵
  PID:4780
- C:\Windows\System\RgAbkFS.exe
  C:\Windows\System\RgAbkFS.exe
  2⤵
  PID:4800
- C:\Windows\System\YFzwCvF.exe
  C:\Windows\System\YFzwCvF.exe
  2⤵
  PID:4816
- C:\Windows\System\hDFRPjD.exe
  C:\Windows\System\hDFRPjD.exe
  2⤵
  PID:4832
- C:\Windows\System\nRjZgPY.exe
  C:\Windows\System\nRjZgPY.exe
  2⤵
  PID:4856
- C:\Windows\System\TxOlGkO.exe
  C:\Windows\System\TxOlGkO.exe
  2⤵
  PID:4876
- C:\Windows\System\sPhhFEJ.exe
  C:\Windows\System\sPhhFEJ.exe
  2⤵
  PID:4896
- C:\Windows\System\bRBxtGS.exe
  C:\Windows\System\bRBxtGS.exe
  2⤵
  PID:4912
- C:\Windows\System\GLNsVQm.exe
  C:\Windows\System\GLNsVQm.exe
  2⤵
  PID:4928
- C:\Windows\System\voPnUpJ.exe
  C:\Windows\System\voPnUpJ.exe
  2⤵
  PID:4944
- C:\Windows\System\QhfTQwa.exe
  C:\Windows\System\QhfTQwa.exe
  2⤵
  PID:4960
- C:\Windows\System\SlDxBGq.exe
  C:\Windows\System\SlDxBGq.exe
  2⤵
  PID:4988
- C:\Windows\System\RDVGZLa.exe
  C:\Windows\System\RDVGZLa.exe
  2⤵
  PID:5008
- C:\Windows\System\JqRQXLo.exe
  C:\Windows\System\JqRQXLo.exe
  2⤵
  PID:5028
- C:\Windows\System\TVOAvuB.exe
  C:\Windows\System\TVOAvuB.exe
  2⤵
  PID:5048
- C:\Windows\System\jUjEwAl.exe
  C:\Windows\System\jUjEwAl.exe
  2⤵
  PID:5064
- C:\Windows\System\ZCAdXzO.exe
  C:\Windows\System\ZCAdXzO.exe
  2⤵
  PID:5092
- C:\Windows\System\QhJOgjN.exe
  C:\Windows\System\QhJOgjN.exe
  2⤵
  PID:5116
- C:\Windows\System\nYEuOWF.exe
  C:\Windows\System\nYEuOWF.exe
  2⤵
  PID:3236
- C:\Windows\System\LjFpjnm.exe
  C:\Windows\System\LjFpjnm.exe
  2⤵
  PID:4160
- C:\Windows\System\TdJCyXa.exe
  C:\Windows\System\TdJCyXa.exe
  2⤵
  PID:4108
- C:\Windows\System\UqEhihO.exe
  C:\Windows\System\UqEhihO.exe
  2⤵
  PID:308
- C:\Windows\System\JcFVTsG.exe
  C:\Windows\System\JcFVTsG.exe
  2⤵
  PID:2884
- C:\Windows\System\QsyMMWr.exe
  C:\Windows\System\QsyMMWr.exe
  2⤵
  PID:1096
- C:\Windows\System\KXhRkEm.exe
  C:\Windows\System\KXhRkEm.exe
  2⤵
  PID:4260
- C:\Windows\System\yYKIqiJ.exe
  C:\Windows\System\yYKIqiJ.exe
  2⤵
  PID:4236
- C:\Windows\System\DeFnXxq.exe
  C:\Windows\System\DeFnXxq.exe
  2⤵
  PID:4308
- C:\Windows\System\uwVOFbW.exe
  C:\Windows\System\uwVOFbW.exe
  2⤵
  PID:4140
- C:\Windows\System\IizMSIr.exe
  C:\Windows\System\IizMSIr.exe
  2⤵
  PID:4396
- C:\Windows\System\mZVxGXR.exe
  C:\Windows\System\mZVxGXR.exe
  2⤵
  PID:4408
- C:\Windows\System\kaZcgcq.exe
  C:\Windows\System\kaZcgcq.exe
  2⤵
  PID:4540
- C:\Windows\System\eVgwuHp.exe
  C:\Windows\System\eVgwuHp.exe
  2⤵
  PID:4604
- C:\Windows\System\JHBdcDD.exe
  C:\Windows\System\JHBdcDD.exe
  2⤵
  PID:4180
- C:\Windows\System\yUGRqYe.exe
  C:\Windows\System\yUGRqYe.exe
  2⤵
  PID:4224
- C:\Windows\System\JuTiSDl.exe
  C:\Windows\System\JuTiSDl.exe
  2⤵
  PID:4328
- C:\Windows\System\hZpxLqJ.exe
  C:\Windows\System\hZpxLqJ.exe
  2⤵
  PID:4712
- C:\Windows\System\Qjvugvs.exe
  C:\Windows\System\Qjvugvs.exe
  2⤵
  PID:4756
- C:\Windows\System\VSNCCcU.exe
  C:\Windows\System\VSNCCcU.exe
  2⤵
  PID:4368
- C:\Windows\System\FbDRBtR.exe
  C:\Windows\System\FbDRBtR.exe
  2⤵
  PID:4796
- C:\Windows\System\LFpWcmt.exe
  C:\Windows\System\LFpWcmt.exe
  2⤵
  PID:4508
- C:\Windows\System\sJigftA.exe
  C:\Windows\System\sJigftA.exe
  2⤵
  PID:4824
- C:\Windows\System\EMapLvi.exe
  C:\Windows\System\EMapLvi.exe
  2⤵
  PID:4864
- C:\Windows\System\LmYCdYp.exe
  C:\Windows\System\LmYCdYp.exe
  2⤵
  PID:4592
- C:\Windows\System\WrAmbti.exe
  C:\Windows\System\WrAmbti.exe
  2⤵
  PID:4724
- C:\Windows\System\mXYEOYk.exe
  C:\Windows\System\mXYEOYk.exe
  2⤵
  PID:4908
- C:\Windows\System\IKkNnjP.exe
  C:\Windows\System\IKkNnjP.exe
  2⤵
  PID:4940
- C:\Windows\System\MSOFsOK.exe
  C:\Windows\System\MSOFsOK.exe
  2⤵
  PID:4980
- C:\Windows\System\EXkCZpO.exe
  C:\Windows\System\EXkCZpO.exe
  2⤵
  PID:4840
- C:\Windows\System\WCEFkuM.exe
  C:\Windows\System\WCEFkuM.exe
  2⤵
  PID:5076
- C:\Windows\System\pnBxdGq.exe
  C:\Windows\System\pnBxdGq.exe
  2⤵
  PID:5112
- C:\Windows\System\WiwtXRb.exe
  C:\Windows\System\WiwtXRb.exe
  2⤵
  PID:3568
- C:\Windows\System\WDYtpir.exe
  C:\Windows\System\WDYtpir.exe
  2⤵
  PID:1388
- C:\Windows\System\VgNjCbk.exe
  C:\Windows\System\VgNjCbk.exe
  2⤵
  PID:4128
- C:\Windows\System\nEIoFgy.exe
  C:\Windows\System\nEIoFgy.exe
  2⤵
  PID:1188
- C:\Windows\System\aBqkybm.exe
  C:\Windows\System\aBqkybm.exe
  2⤵
  PID:3968
- C:\Windows\System\CvCYeXt.exe
  C:\Windows\System\CvCYeXt.exe
  2⤵
  PID:4344
- C:\Windows\System\oNIVyrW.exe
  C:\Windows\System\oNIVyrW.exe
  2⤵
  PID:4424
- C:\Windows\System\bJZiBXX.exe
  C:\Windows\System\bJZiBXX.exe
  2⤵
  PID:4576
- C:\Windows\System\gSyfajB.exe
  C:\Windows\System\gSyfajB.exe
  2⤵
  PID:4648
- C:\Windows\System\ODaqiAL.exe
  C:\Windows\System\ODaqiAL.exe
  2⤵
  PID:4680
- C:\Windows\System\EaGzPDn.exe
  C:\Windows\System\EaGzPDn.exe
  2⤵
  PID:4348
- C:\Windows\System\oXFGEnZ.exe
  C:\Windows\System\oXFGEnZ.exe
  2⤵
  PID:4460
- C:\Windows\System\nfKFzHy.exe
  C:\Windows\System\nfKFzHy.exe
  2⤵
  PID:4212
- C:\Windows\System\hMcVYxG.exe
  C:\Windows\System\hMcVYxG.exe
  2⤵
  PID:4904
- C:\Windows\System\jyNuWLl.exe
  C:\Windows\System\jyNuWLl.exe
  2⤵
  PID:4636
- C:\Windows\System\pCIHsmS.exe
  C:\Windows\System\pCIHsmS.exe
  2⤵
  PID:4556
- C:\Windows\System\DWmVdvQ.exe
  C:\Windows\System\DWmVdvQ.exe
  2⤵
  PID:4812
- C:\Windows\System\JMYmJbX.exe
  C:\Windows\System\JMYmJbX.exe
  2⤵
  PID:4728
- C:\Windows\System\KWFtwRG.exe
  C:\Windows\System\KWFtwRG.exe
  2⤵
  PID:4976
- C:\Windows\System\ysVaHdi.exe
  C:\Windows\System\ysVaHdi.exe
  2⤵
  PID:5056
- C:\Windows\System\zZEcLcH.exe
  C:\Windows\System\zZEcLcH.exe
  2⤵
  PID:5104
- C:\Windows\System\WzKeCRd.exe
  C:\Windows\System\WzKeCRd.exe
  2⤵
  PID:4952
- C:\Windows\System\WaNPEsu.exe
  C:\Windows\System\WaNPEsu.exe
  2⤵
  PID:4176
- C:\Windows\System\lloSoTs.exe
  C:\Windows\System\lloSoTs.exe
  2⤵
  PID:4292
- C:\Windows\System\vwGyTSW.exe
  C:\Windows\System\vwGyTSW.exe
  2⤵
  PID:4608
- C:\Windows\System\frMuYNJ.exe
  C:\Windows\System\frMuYNJ.exe
  2⤵
  PID:5088
- C:\Windows\System\ugpQlfM.exe
  C:\Windows\System\ugpQlfM.exe
  2⤵
  PID:2852
- C:\Windows\System\opbTjzc.exe
  C:\Windows\System\opbTjzc.exe
  2⤵
  PID:4444
- C:\Windows\System\fRSatiO.exe
  C:\Windows\System\fRSatiO.exe
  2⤵
  PID:4776
- C:\Windows\System\tSToIWp.exe
  C:\Windows\System\tSToIWp.exe
  2⤵
  PID:4340
- C:\Windows\System\xDmklji.exe
  C:\Windows\System\xDmklji.exe
  2⤵
  PID:4588
- C:\Windows\System\GFHBEWb.exe
  C:\Windows\System\GFHBEWb.exe
  2⤵
  PID:4828
- C:\Windows\System\BnkwajU.exe
  C:\Windows\System\BnkwajU.exe
  2⤵
  PID:5108
- C:\Windows\System\UiXYoFe.exe
  C:\Windows\System\UiXYoFe.exe
  2⤵
  PID:4996
- C:\Windows\System\KuFlQSR.exe
  C:\Windows\System\KuFlQSR.exe
  2⤵
  PID:4196
- C:\Windows\System\hdzXXzU.exe
  C:\Windows\System\hdzXXzU.exe
  2⤵
  PID:2012
- C:\Windows\System\ydQwyWG.exe
  C:\Windows\System\ydQwyWG.exe
  2⤵
  PID:4492
- C:\Windows\System\exqJUII.exe
  C:\Windows\System\exqJUII.exe
  2⤵
  PID:3060
- C:\Windows\System\ETOjYSJ.exe
  C:\Windows\System\ETOjYSJ.exe
  2⤵
  PID:1736
- C:\Windows\System\AOhZJgt.exe
  C:\Windows\System\AOhZJgt.exe
  2⤵
  PID:2360
- C:\Windows\System\OuluQVJ.exe
  C:\Windows\System\OuluQVJ.exe
  2⤵
  PID:432
- C:\Windows\System\dxrLjFP.exe
  C:\Windows\System\dxrLjFP.exe
  2⤵
  PID:4620
- C:\Windows\System\nbRuYdV.exe
  C:\Windows\System\nbRuYdV.exe
  2⤵
  PID:4256
- C:\Windows\System\toGlRGK.exe
  C:\Windows\System\toGlRGK.exe
  2⤵
  PID:4520
- C:\Windows\System\KNyjwsC.exe
  C:\Windows\System\KNyjwsC.exe
  2⤵
  PID:4524
- C:\Windows\System\ekgVapm.exe
  C:\Windows\System\ekgVapm.exe
  2⤵
  PID:2404
- C:\Windows\System\OAjyaIt.exe
  C:\Windows\System\OAjyaIt.exe
  2⤵
  PID:1444
- C:\Windows\System\HEtBrXE.exe
  C:\Windows\System\HEtBrXE.exe
  2⤵
  PID:388
- C:\Windows\System\ewtBNvt.exe
  C:\Windows\System\ewtBNvt.exe
  2⤵
  PID:4848
- C:\Windows\System\hENxBxh.exe
  C:\Windows\System\hENxBxh.exe
  2⤵
  PID:2280
- C:\Windows\System\VffofBy.exe
  C:\Windows\System\VffofBy.exe
  2⤵
  PID:5016
- C:\Windows\System\FzhjhUy.exe
  C:\Windows\System\FzhjhUy.exe
  2⤵
  PID:1708
- C:\Windows\System\qMHuhBC.exe
  C:\Windows\System\qMHuhBC.exe
  2⤵
  PID:4956
- C:\Windows\System\obRFVeJ.exe
  C:\Windows\System\obRFVeJ.exe
  2⤵
  PID:2444
- C:\Windows\System\LohiuOA.exe
  C:\Windows\System\LohiuOA.exe
  2⤵
  PID:4632
- C:\Windows\System\bsNldJY.exe
  C:\Windows\System\bsNldJY.exe
  2⤵
  PID:1932
- C:\Windows\System\mGcuRNe.exe
  C:\Windows\System\mGcuRNe.exe
  2⤵
  PID:4704
- C:\Windows\System\MxLyMUc.exe
  C:\Windows\System\MxLyMUc.exe
  2⤵
  PID:4420
- C:\Windows\System\GyZxvrs.exe
  C:\Windows\System\GyZxvrs.exe
  2⤵
  PID:1556
- C:\Windows\System\uhtfnMP.exe
  C:\Windows\System\uhtfnMP.exe
  2⤵
  PID:4892
- C:\Windows\System\zXSPHkA.exe
  C:\Windows\System\zXSPHkA.exe
  2⤵
  PID:4920
- C:\Windows\System\TgRXWuc.exe
  C:\Windows\System\TgRXWuc.exe
  2⤵
  PID:2292
- C:\Windows\System\qhYKLOS.exe
  C:\Windows\System\qhYKLOS.exe
  2⤵
  PID:4304
- C:\Windows\System\nYPXdgd.exe
  C:\Windows\System\nYPXdgd.exe
  2⤵
  PID:4544
- C:\Windows\System\qtTHnXt.exe
  C:\Windows\System\qtTHnXt.exe
  2⤵
  PID:4220
- C:\Windows\System\XnKYrHZ.exe
  C:\Windows\System\XnKYrHZ.exe
  2⤵
  PID:5124
- C:\Windows\System\uwrPDKi.exe
  C:\Windows\System\uwrPDKi.exe
  2⤵
  PID:5140
- C:\Windows\System\wqsPYNW.exe
  C:\Windows\System\wqsPYNW.exe
  2⤵
  PID:5156
- C:\Windows\System\IpDtfiS.exe
  C:\Windows\System\IpDtfiS.exe
  2⤵
  PID:5188
- C:\Windows\System\woZslGZ.exe
  C:\Windows\System\woZslGZ.exe
  2⤵
  PID:5208
- C:\Windows\System\pifBeSV.exe
  C:\Windows\System\pifBeSV.exe
  2⤵
  PID:5224
- C:\Windows\System\GyKcaem.exe
  C:\Windows\System\GyKcaem.exe
  2⤵
  PID:5240
- C:\Windows\System\fZjStrX.exe
  C:\Windows\System\fZjStrX.exe
  2⤵
  PID:5260
- C:\Windows\System\rTBavan.exe
  C:\Windows\System\rTBavan.exe
  2⤵
  PID:5280
- C:\Windows\System\LkjZlOt.exe
  C:\Windows\System\LkjZlOt.exe
  2⤵
  PID:5300
- C:\Windows\System\qaMwzEW.exe
  C:\Windows\System\qaMwzEW.exe
  2⤵
  PID:5324
- C:\Windows\System\lcLATCf.exe
  C:\Windows\System\lcLATCf.exe
  2⤵
  PID:5340
- C:\Windows\System\lZlDZay.exe
  C:\Windows\System\lZlDZay.exe
  2⤵
  PID:5360
- C:\Windows\System\UFYblIx.exe
  C:\Windows\System\UFYblIx.exe
  2⤵
  PID:5376
- C:\Windows\System\lUbSOAs.exe
  C:\Windows\System\lUbSOAs.exe
  2⤵
  PID:5392
- C:\Windows\System\zNEakcM.exe
  C:\Windows\System\zNEakcM.exe
  2⤵
  PID:5408
- C:\Windows\System\kIbOYIQ.exe
  C:\Windows\System\kIbOYIQ.exe
  2⤵
  PID:5424
- C:\Windows\System\xqPxWkv.exe
  C:\Windows\System\xqPxWkv.exe
  2⤵
  PID:5440
- C:\Windows\System\rkWkkFB.exe
  C:\Windows\System\rkWkkFB.exe
  2⤵
  PID:5492
- C:\Windows\System\FNWPPAH.exe
  C:\Windows\System\FNWPPAH.exe
  2⤵
  PID:5508
- C:\Windows\System\eumISSh.exe
  C:\Windows\System\eumISSh.exe
  2⤵
  PID:5524
- C:\Windows\System\vpDcnri.exe
  C:\Windows\System\vpDcnri.exe
  2⤵
  PID:5544
- C:\Windows\System\uNJgOJW.exe
  C:\Windows\System\uNJgOJW.exe
  2⤵
  PID:5560
- C:\Windows\System\viOHhKe.exe
  C:\Windows\System\viOHhKe.exe
  2⤵
  PID:5592
- C:\Windows\System\fYqEDtt.exe
  C:\Windows\System\fYqEDtt.exe
  2⤵
  PID:5608
- C:\Windows\System\xgORzJA.exe
  C:\Windows\System\xgORzJA.exe
  2⤵
  PID:5624
- C:\Windows\System\NhbhXqA.exe
  C:\Windows\System\NhbhXqA.exe
  2⤵
  PID:5640
- C:\Windows\System\tsOwBWV.exe
  C:\Windows\System\tsOwBWV.exe
  2⤵
  PID:5668
- C:\Windows\System\ZtamDmU.exe
  C:\Windows\System\ZtamDmU.exe
  2⤵
  PID:5692
- C:\Windows\System\lwyRmyG.exe
  C:\Windows\System\lwyRmyG.exe
  2⤵
  PID:5708
- C:\Windows\System\PIFLIGj.exe
  C:\Windows\System\PIFLIGj.exe
  2⤵
  PID:5724
- C:\Windows\System\rSOUOaW.exe
  C:\Windows\System\rSOUOaW.exe
  2⤵
  PID:5740
- C:\Windows\System\koJPist.exe
  C:\Windows\System\koJPist.exe
  2⤵
  PID:5772
- C:\Windows\System\UeaGEaq.exe
  C:\Windows\System\UeaGEaq.exe
  2⤵
  PID:5792
- C:\Windows\System\zRrbbPK.exe
  C:\Windows\System\zRrbbPK.exe
  2⤵
  PID:5808
- C:\Windows\System\xcqDVKp.exe
  C:\Windows\System\xcqDVKp.exe
  2⤵
  PID:5824
- C:\Windows\System\GvYEbBo.exe
  C:\Windows\System\GvYEbBo.exe
  2⤵
  PID:5848
- C:\Windows\System\TMQekic.exe
  C:\Windows\System\TMQekic.exe
  2⤵
  PID:5872
- C:\Windows\System\EmkBIbT.exe
  C:\Windows\System\EmkBIbT.exe
  2⤵
  PID:5892
- C:\Windows\System\prjaIIx.exe
  C:\Windows\System\prjaIIx.exe
  2⤵
  PID:5908
- C:\Windows\System\vgkhToS.exe
  C:\Windows\System\vgkhToS.exe
  2⤵
  PID:5928
- C:\Windows\System\djqwfnp.exe
  C:\Windows\System\djqwfnp.exe
  2⤵
  PID:5952
- C:\Windows\System\eTIzDQH.exe
  C:\Windows\System\eTIzDQH.exe
  2⤵
  PID:5968
- C:\Windows\System\csjawwl.exe
  C:\Windows\System\csjawwl.exe
  2⤵
  PID:5984
- C:\Windows\System\DjSARGQ.exe
  C:\Windows\System\DjSARGQ.exe
  2⤵
  PID:6004
- C:\Windows\System\jeDhfjT.exe
  C:\Windows\System\jeDhfjT.exe
  2⤵
  PID:6040
- C:\Windows\System\WHNopPA.exe
  C:\Windows\System\WHNopPA.exe
  2⤵
  PID:6056
- C:\Windows\System\BCatzak.exe
  C:\Windows\System\BCatzak.exe
  2⤵
  PID:6076
- C:\Windows\System\DNUlRMr.exe
  C:\Windows\System\DNUlRMr.exe
  2⤵
  PID:6092
- C:\Windows\System\dePtTce.exe
  C:\Windows\System\dePtTce.exe
  2⤵
  PID:6112
- C:\Windows\System\nlMDfzo.exe
  C:\Windows\System\nlMDfzo.exe
  2⤵
  PID:1936
- C:\Windows\System\BcMPblJ.exe
  C:\Windows\System\BcMPblJ.exe
  2⤵
  PID:2424
- C:\Windows\System\yqsToJF.exe
  C:\Windows\System\yqsToJF.exe
  2⤵
  PID:5176
- C:\Windows\System\qwCJpuh.exe
  C:\Windows\System\qwCJpuh.exe
  2⤵
  PID:5220
- C:\Windows\System\NDYplDh.exe
  C:\Windows\System\NDYplDh.exe
  2⤵
  PID:5256
- C:\Windows\System\bTRHdRQ.exe
  C:\Windows\System\bTRHdRQ.exe
  2⤵
  PID:5204
- C:\Windows\System\mVLttQU.exe
  C:\Windows\System\mVLttQU.exe
  2⤵
  PID:5276
- C:\Windows\System\xLVmVbR.exe
  C:\Windows\System\xLVmVbR.exe
  2⤵
  PID:5316
- C:\Windows\System\FptvWYT.exe
  C:\Windows\System\FptvWYT.exe
  2⤵
  PID:5352
- C:\Windows\System\dDWUPbY.exe
  C:\Windows\System\dDWUPbY.exe
  2⤵
  PID:5400
- C:\Windows\System\DBdhnlW.exe
  C:\Windows\System\DBdhnlW.exe
  2⤵
  PID:5480
- C:\Windows\System\zoJrSos.exe
  C:\Windows\System\zoJrSos.exe
  2⤵
  PID:5460
- C:\Windows\System\LFBleqi.exe
  C:\Windows\System\LFBleqi.exe
  2⤵
  PID:5384
- C:\Windows\System\TZYirso.exe
  C:\Windows\System\TZYirso.exe
  2⤵
  PID:5456
- C:\Windows\System\emgTegh.exe
  C:\Windows\System\emgTegh.exe
  2⤵
  PID:5584
- C:\Windows\System\RYxShai.exe
  C:\Windows\System\RYxShai.exe
  2⤵
  PID:5556
- C:\Windows\System\HkxfGZu.exe
  C:\Windows\System\HkxfGZu.exe
  2⤵
  PID:5620
- C:\Windows\System\JPPmpxM.exe
  C:\Windows\System\JPPmpxM.exe
  2⤵
  PID:5656
- C:\Windows\System\qyOCIJq.exe
  C:\Windows\System\qyOCIJq.exe
  2⤵
  PID:5664
- C:\Windows\System\HjJnxwc.exe
  C:\Windows\System\HjJnxwc.exe
  2⤵
  PID:5732
- C:\Windows\System\AFveMtn.exe
  C:\Windows\System\AFveMtn.exe
  2⤵
  PID:5748
- C:\Windows\System\vEOXmFZ.exe
  C:\Windows\System\vEOXmFZ.exe
  2⤵
  PID:5768
- C:\Windows\System\KNgFpdR.exe
  C:\Windows\System\KNgFpdR.exe
  2⤵
  PID:4428
- C:\Windows\System\hltWsGe.exe
  C:\Windows\System\hltWsGe.exe
  2⤵
  PID:5836
- C:\Windows\System\SdOlpTz.exe
  C:\Windows\System\SdOlpTz.exe
  2⤵
  PID:5904
- C:\Windows\System\acRCIwr.exe
  C:\Windows\System\acRCIwr.exe
  2⤵
  PID:5948
- C:\Windows\System\uOEbuaK.exe
  C:\Windows\System\uOEbuaK.exe
  2⤵
  PID:6020
- C:\Windows\System\rpVjPqt.exe
  C:\Windows\System\rpVjPqt.exe
  2⤵
  PID:6064
- C:\Windows\System\JcvlICx.exe
  C:\Windows\System\JcvlICx.exe
  2⤵
  PID:6108
- C:\Windows\System\IEnaWYn.exe
  C:\Windows\System\IEnaWYn.exe
  2⤵
  PID:5920
- C:\Windows\System\HnKWAFX.exe
  C:\Windows\System\HnKWAFX.exe
  2⤵
  PID:5992
- C:\Windows\System\GAihgbq.exe
  C:\Windows\System\GAihgbq.exe
  2⤵
  PID:5072
- C:\Windows\System\FEBAcgR.exe
  C:\Windows\System\FEBAcgR.exe
  2⤵
  PID:5288
- C:\Windows\System\CNtWDlp.exe
  C:\Windows\System\CNtWDlp.exe
  2⤵
  PID:5452
- C:\Windows\System\qxIQROg.exe
  C:\Windows\System\qxIQROg.exe
  2⤵
  PID:5184
- C:\Windows\System\xJDScYn.exe
  C:\Windows\System\xJDScYn.exe
  2⤵
  PID:5296
- C:\Windows\System\tjutMHS.exe
  C:\Windows\System\tjutMHS.exe
  2⤵
  PID:5432
- C:\Windows\System\EFJqCJq.exe
  C:\Windows\System\EFJqCJq.exe
  2⤵
  PID:5476
- C:\Windows\System\qXLdTZw.exe
  C:\Windows\System\qXLdTZw.exe
  2⤵
  PID:5540
- C:\Windows\System\MTXlKXC.exe
  C:\Windows\System\MTXlKXC.exe
  2⤵
  PID:5652
- C:\Windows\System\KiBfOLl.exe
  C:\Windows\System\KiBfOLl.exe
  2⤵
  PID:5800
- C:\Windows\System\vhblFjm.exe
  C:\Windows\System\vhblFjm.exe
  2⤵
  PID:5856
- C:\Windows\System\JRPhOwA.exe
  C:\Windows\System\JRPhOwA.exe
  2⤵
  PID:5720
- C:\Windows\System\LeNkTsi.exe
  C:\Windows\System\LeNkTsi.exe
  2⤵
  PID:5880
- C:\Windows\System\LaYhyCp.exe
  C:\Windows\System\LaYhyCp.exe
  2⤵
  PID:5900
- C:\Windows\System\LOreJEh.exe
  C:\Windows\System\LOreJEh.exe
  2⤵
  PID:6012
- C:\Windows\System\jEomhjW.exe
  C:\Windows\System\jEomhjW.exe
  2⤵
  PID:6100
- C:\Windows\System\dtqfYOW.exe
  C:\Windows\System\dtqfYOW.exe
  2⤵
  PID:6088
- C:\Windows\System\WpeUnCk.exe
  C:\Windows\System\WpeUnCk.exe
  2⤵
  PID:5752
- C:\Windows\System\AGpNCKy.exe
  C:\Windows\System\AGpNCKy.exe
  2⤵
  PID:5716
- C:\Windows\System\vlEdVFx.exe
  C:\Windows\System\vlEdVFx.exe
  2⤵
  PID:5040
- C:\Windows\System\UBdmGSv.exe
  C:\Windows\System\UBdmGSv.exe
  2⤵
  PID:5268
- C:\Windows\System\wFUwpDP.exe
  C:\Windows\System\wFUwpDP.exe
  2⤵
  PID:6128
- C:\Windows\System\hAMQvFp.exe
  C:\Windows\System\hAMQvFp.exe
  2⤵
  PID:5472
- C:\Windows\System\oeeaQDs.exe
  C:\Windows\System\oeeaQDs.exe
  2⤵
  PID:5820
- C:\Windows\System\jZUpntn.exe
  C:\Windows\System\jZUpntn.exe
  2⤵
  PID:5168
- C:\Windows\System\QiFGlJM.exe
  C:\Windows\System\QiFGlJM.exe
  2⤵
  PID:5736
- C:\Windows\System\ophYiSm.exe
  C:\Windows\System\ophYiSm.exe
  2⤵
  PID:5688
- C:\Windows\System\BHWIrdW.exe
  C:\Windows\System\BHWIrdW.exe
  2⤵
  PID:5844
- C:\Windows\System\ekhtbNt.exe
  C:\Windows\System\ekhtbNt.exe
  2⤵
  PID:5616
- C:\Windows\System\ZYkjAMJ.exe
  C:\Windows\System\ZYkjAMJ.exe
  2⤵
  PID:5788
- C:\Windows\System\hJEkBws.exe
  C:\Windows\System\hJEkBws.exe
  2⤵
  PID:5832
- C:\Windows\System\BJHhZUY.exe
  C:\Windows\System\BJHhZUY.exe
  2⤵
  PID:6140
- C:\Windows\System\QPIzYss.exe
  C:\Windows\System\QPIzYss.exe
  2⤵
  PID:5216
- C:\Windows\System\FEUPNZa.exe
  C:\Windows\System\FEUPNZa.exe
  2⤵
  PID:5308
- C:\Windows\System\cPZPXyu.exe
  C:\Windows\System\cPZPXyu.exe
  2⤵
  PID:4760
- C:\Windows\System\eCZKDSo.exe
  C:\Windows\System\eCZKDSo.exe
  2⤵
  PID:5868
- C:\Windows\System\HdFuGBx.exe
  C:\Windows\System\HdFuGBx.exe
  2⤵
  PID:5764
- C:\Windows\System\qErpKqA.exe
  C:\Windows\System\qErpKqA.exe
  2⤵
  PID:6164
- C:\Windows\System\wJpLUvW.exe
  C:\Windows\System\wJpLUvW.exe
  2⤵
  PID:6180
- C:\Windows\System\nTCIQUm.exe
  C:\Windows\System\nTCIQUm.exe
  2⤵
  PID:6208
- C:\Windows\System\DDeCZkI.exe
  C:\Windows\System\DDeCZkI.exe
  2⤵
  PID:6232
- C:\Windows\System\hKWFhaE.exe
  C:\Windows\System\hKWFhaE.exe
  2⤵
  PID:6248
- C:\Windows\System\SCryYum.exe
  C:\Windows\System\SCryYum.exe
  2⤵
  PID:6276
- C:\Windows\System\MzHNrHk.exe
  C:\Windows\System\MzHNrHk.exe
  2⤵
  PID:6292
- C:\Windows\System\BZBncNK.exe
  C:\Windows\System\BZBncNK.exe
  2⤵
  PID:6324
- C:\Windows\System\mYcboMZ.exe
  C:\Windows\System\mYcboMZ.exe
  2⤵
  PID:6348
- C:\Windows\System\hazGdHG.exe
  C:\Windows\System\hazGdHG.exe
  2⤵
  PID:6364
- C:\Windows\System\BgDpNyD.exe
  C:\Windows\System\BgDpNyD.exe
  2⤵
  PID:6384
- C:\Windows\System\ACsJlDl.exe
  C:\Windows\System\ACsJlDl.exe
  2⤵
  PID:6408
- C:\Windows\System\qKNdPEy.exe
  C:\Windows\System\qKNdPEy.exe
  2⤵
  PID:6424
- C:\Windows\System\SFUqlyn.exe
  C:\Windows\System\SFUqlyn.exe
  2⤵
  PID:6440
- C:\Windows\System\iZuhpmy.exe
  C:\Windows\System\iZuhpmy.exe
  2⤵
  PID:6456
- C:\Windows\System\KQErjgI.exe
  C:\Windows\System\KQErjgI.exe
  2⤵
  PID:6484
- C:\Windows\System\SLxcDZj.exe
  C:\Windows\System\SLxcDZj.exe
  2⤵
  PID:6516
- C:\Windows\System\kUPmfWP.exe
  C:\Windows\System\kUPmfWP.exe
  2⤵
  PID:6532
- C:\Windows\System\RbEXwFm.exe
  C:\Windows\System\RbEXwFm.exe
  2⤵
  PID:6556
- C:\Windows\System\mYfUpjN.exe
  C:\Windows\System\mYfUpjN.exe
  2⤵
  PID:6572
- C:\Windows\System\aBiDSlN.exe
  C:\Windows\System\aBiDSlN.exe
  2⤵
  PID:6600
- C:\Windows\System\CGeUWEJ.exe
  C:\Windows\System\CGeUWEJ.exe
  2⤵
  PID:6620
- C:\Windows\System\lsRktNK.exe
  C:\Windows\System\lsRktNK.exe
  2⤵
  PID:6636
- C:\Windows\System\SigYhkV.exe
  C:\Windows\System\SigYhkV.exe
  2⤵
  PID:6652
- C:\Windows\System\vCyIgRE.exe
  C:\Windows\System\vCyIgRE.exe
  2⤵
  PID:6672
- C:\Windows\System\OHdDUTb.exe
  C:\Windows\System\OHdDUTb.exe
  2⤵
  PID:6692
- C:\Windows\System\AAGpdzZ.exe
  C:\Windows\System\AAGpdzZ.exe
  2⤵
  PID:6708
- C:\Windows\System\bQkbEXT.exe
  C:\Windows\System\bQkbEXT.exe
  2⤵
  PID:6724
- C:\Windows\System\YRXtmpS.exe
  C:\Windows\System\YRXtmpS.exe
  2⤵
  PID:6744
- C:\Windows\System\KjPYtOp.exe
  C:\Windows\System\KjPYtOp.exe
  2⤵
  PID:6772
- C:\Windows\System\AtgmLtw.exe
  C:\Windows\System\AtgmLtw.exe
  2⤵
  PID:6792
- C:\Windows\System\weRGJAX.exe
  C:\Windows\System\weRGJAX.exe
  2⤵
  PID:6808
- C:\Windows\System\IYvTbyH.exe
  C:\Windows\System\IYvTbyH.exe
  2⤵
  PID:6824
- C:\Windows\System\WdeSOmS.exe
  C:\Windows\System\WdeSOmS.exe
  2⤵
  PID:6840
- C:\Windows\System\ZltBdOe.exe
  C:\Windows\System\ZltBdOe.exe
  2⤵
  PID:6860
- C:\Windows\System\CMXReBb.exe
  C:\Windows\System\CMXReBb.exe
  2⤵
  PID:6880
- C:\Windows\System\RLOAYyR.exe
  C:\Windows\System\RLOAYyR.exe
  2⤵
  PID:6900
- C:\Windows\System\gJfOThB.exe
  C:\Windows\System\gJfOThB.exe
  2⤵
  PID:6920
- C:\Windows\System\nVmNDVU.exe
  C:\Windows\System\nVmNDVU.exe
  2⤵
  PID:6944
- C:\Windows\System\ppOEyIm.exe
  C:\Windows\System\ppOEyIm.exe
  2⤵
  PID:6972
- C:\Windows\System\OGmXlkl.exe
  C:\Windows\System\OGmXlkl.exe
  2⤵
  PID:7000
- C:\Windows\System\DLBefVo.exe
  C:\Windows\System\DLBefVo.exe
  2⤵
  PID:7024
- C:\Windows\System\JfCVSga.exe
  C:\Windows\System\JfCVSga.exe
  2⤵
  PID:7040
- C:\Windows\System\CWLYWjz.exe
  C:\Windows\System\CWLYWjz.exe
  2⤵
  PID:7056
- C:\Windows\System\DCrnlcO.exe
  C:\Windows\System\DCrnlcO.exe
  2⤵
  PID:7072
- C:\Windows\System\ibksAOl.exe
  C:\Windows\System\ibksAOl.exe
  2⤵
  PID:7108
- C:\Windows\System\aEfnaPK.exe
  C:\Windows\System\aEfnaPK.exe
  2⤵
  PID:7124
- C:\Windows\System\NbEpgja.exe
  C:\Windows\System\NbEpgja.exe
  2⤵
  PID:7140
- C:\Windows\System\uCfgCbS.exe
  C:\Windows\System\uCfgCbS.exe
  2⤵
  PID:7156
- C:\Windows\System\PCmQdOF.exe
  C:\Windows\System\PCmQdOF.exe
  2⤵
  PID:5632
- C:\Windows\System\RbHqOnM.exe
  C:\Windows\System\RbHqOnM.exe
  2⤵
  PID:5704
- C:\Windows\System\DmaWEYn.exe
  C:\Windows\System\DmaWEYn.exe
  2⤵
  PID:5636
- C:\Windows\System\veQHGce.exe
  C:\Windows\System\veQHGce.exe
  2⤵
  PID:6048
- C:\Windows\System\UpeuxMZ.exe
  C:\Windows\System\UpeuxMZ.exe
  2⤵
  PID:6156
- C:\Windows\System\cTpeIOI.exe
  C:\Windows\System\cTpeIOI.exe
  2⤵
  PID:6176
- C:\Windows\System\aDRXiSf.exe
  C:\Windows\System\aDRXiSf.exe
  2⤵
  PID:6224
- C:\Windows\System\LEQZgNN.exe
  C:\Windows\System\LEQZgNN.exe
  2⤵
  PID:6260
- C:\Windows\System\aVRMWoE.exe
  C:\Windows\System\aVRMWoE.exe
  2⤵
  PID:6288
- C:\Windows\System\SMaULYX.exe
  C:\Windows\System\SMaULYX.exe
  2⤵
  PID:6332
- C:\Windows\System\SjsjCcs.exe
  C:\Windows\System\SjsjCcs.exe
  2⤵
  PID:6392
- C:\Windows\System\lzaeBWA.exe
  C:\Windows\System\lzaeBWA.exe
  2⤵
  PID:6436
- C:\Windows\System\yodfjwe.exe
  C:\Windows\System\yodfjwe.exe
  2⤵
  PID:6344
- C:\Windows\System\ueMatys.exe
  C:\Windows\System\ueMatys.exe
  2⤵
  PID:6524
- C:\Windows\System\dWbBOGZ.exe
  C:\Windows\System\dWbBOGZ.exe
  2⤵
  PID:6420
- C:\Windows\System\foHskNZ.exe
  C:\Windows\System\foHskNZ.exe
  2⤵
  PID:6544
- C:\Windows\System\PnjnCYc.exe
  C:\Windows\System\PnjnCYc.exe
  2⤵
  PID:6568
- C:\Windows\System\nVumVZa.exe
  C:\Windows\System\nVumVZa.exe
  2⤵
  PID:6608
- C:\Windows\System\wGHadVq.exe
  C:\Windows\System\wGHadVq.exe
  2⤵
  PID:6648
- C:\Windows\System\eUdMWvg.exe
  C:\Windows\System\eUdMWvg.exe
  2⤵
  PID:6764
- C:\Windows\System\nrPqSjL.exe
  C:\Windows\System\nrPqSjL.exe
  2⤵
  PID:6800
- C:\Windows\System\TiHCWzG.exe
  C:\Windows\System\TiHCWzG.exe
  2⤵
  PID:6872
- C:\Windows\System\AGLcxcA.exe
  C:\Windows\System\AGLcxcA.exe
  2⤵
  PID:6660
- C:\Windows\System\dlLlAoa.exe
  C:\Windows\System\dlLlAoa.exe
  2⤵
  PID:6704
- C:\Windows\System\orsdzhB.exe
  C:\Windows\System\orsdzhB.exe
  2⤵
  PID:6732
- C:\Windows\System\fwtQmEX.exe
  C:\Windows\System\fwtQmEX.exe
  2⤵
  PID:6780
- C:\Windows\System\uqGwpMR.exe
  C:\Windows\System\uqGwpMR.exe
  2⤵
  PID:6968
- C:\Windows\System\TJTJHdO.exe
  C:\Windows\System\TJTJHdO.exe
  2⤵
  PID:6892
- C:\Windows\System\VhdWRbV.exe
  C:\Windows\System\VhdWRbV.exe
  2⤵
  PID:7052
- C:\Windows\System\XALuaZn.exe
  C:\Windows\System\XALuaZn.exe
  2⤵
  PID:7096
- C:\Windows\System\WKWMAjj.exe
  C:\Windows\System\WKWMAjj.exe
  2⤵
  PID:6984
- C:\Windows\System\uMqVzmk.exe
  C:\Windows\System\uMqVzmk.exe
  2⤵
  PID:7132
- C:\Windows\System\mgzKqJh.exe
  C:\Windows\System\mgzKqJh.exe
  2⤵
  PID:6188
- C:\Windows\System\fXMegVx.exe
  C:\Windows\System\fXMegVx.exe
  2⤵
  PID:6024
- C:\Windows\System\qrstDgy.exe
  C:\Windows\System\qrstDgy.exe
  2⤵
  PID:6016
- C:\Windows\System\cScDHOG.exe
  C:\Windows\System\cScDHOG.exe
  2⤵
  PID:7116
- C:\Windows\System\pPImykR.exe
  C:\Windows\System\pPImykR.exe
  2⤵
  PID:5196
- C:\Windows\System\xXpXwmK.exe
  C:\Windows\System\xXpXwmK.exe
  2⤵
  PID:5568
- C:\Windows\System\aHleCEx.exe
  C:\Windows\System\aHleCEx.exe
  2⤵
  PID:6220
- C:\Windows\System\kYSGcxJ.exe
  C:\Windows\System\kYSGcxJ.exe
  2⤵
  PID:6268
- C:\Windows\System\inxSERr.exe
  C:\Windows\System\inxSERr.exe
  2⤵
  PID:6476
- C:\Windows\System\skNknKp.exe
  C:\Windows\System\skNknKp.exe
  2⤵
  PID:5416
- C:\Windows\System\vAXOEHa.exe
  C:\Windows\System\vAXOEHa.exe
  2⤵
  PID:6564
- C:\Windows\System\oympwsa.exe
  C:\Windows\System\oympwsa.exe
  2⤵
  PID:6376
- C:\Windows\System\OfWWYkw.exe
  C:\Windows\System\OfWWYkw.exe
  2⤵
  PID:6616
- C:\Windows\System\vdetRCM.exe
  C:\Windows\System\vdetRCM.exe
  2⤵
  PID:6540
- C:\Windows\System\BXKHVjb.exe
  C:\Windows\System\BXKHVjb.exe
  2⤵
  PID:6628
- C:\Windows\System\CrZIMSz.exe
  C:\Windows\System\CrZIMSz.exe
  2⤵
  PID:6832
- C:\Windows\System\ueNvySe.exe
  C:\Windows\System\ueNvySe.exe
  2⤵
  PID:6632
- C:\Windows\System\ziiWYfF.exe
  C:\Windows\System\ziiWYfF.exe
  2⤵
  PID:6960
- C:\Windows\System\yMAdbRy.exe
  C:\Windows\System\yMAdbRy.exe
  2⤵
  PID:7104
- C:\Windows\System\pUgWNVN.exe
  C:\Windows\System\pUgWNVN.exe
  2⤵
  PID:6980
- C:\Windows\System\UokzdjH.exe
  C:\Windows\System\UokzdjH.exe
  2⤵
  PID:6876
- C:\Windows\System\SKjAkJh.exe
  C:\Windows\System\SKjAkJh.exe
  2⤵
  PID:6816
- C:\Windows\System\xAhWRfG.exe
  C:\Windows\System\xAhWRfG.exe
  2⤵
  PID:7092
- C:\Windows\System\kZBgRNU.exe
  C:\Windows\System\kZBgRNU.exe
  2⤵
  PID:6036
- C:\Windows\System\NoNXsEn.exe
  C:\Windows\System\NoNXsEn.exe
  2⤵
  PID:5684
- C:\Windows\System\qVNXbAT.exe
  C:\Windows\System\qVNXbAT.exe
  2⤵
  PID:6192
- C:\Windows\System\JSntphn.exe
  C:\Windows\System\JSntphn.exe
  2⤵
  PID:6136
- C:\Windows\System\UcSwrJg.exe
  C:\Windows\System\UcSwrJg.exe
  2⤵
  PID:5488
- C:\Windows\System\nGDtHfl.exe
  C:\Windows\System\nGDtHfl.exe
  2⤵
  PID:6340
- C:\Windows\System\ZsvXaMD.exe
  C:\Windows\System\ZsvXaMD.exe
  2⤵
  PID:6492
- C:\Windows\System\MWUlUcS.exe
  C:\Windows\System\MWUlUcS.exe
  2⤵
  PID:6716
- C:\Windows\System\MmujpUy.exe
  C:\Windows\System\MmujpUy.exe
  2⤵
  PID:7048
- C:\Windows\System\FJWpmQN.exe
  C:\Windows\System\FJWpmQN.exe
  2⤵
  PID:6528
- C:\Windows\System\AmBytDR.exe
  C:\Windows\System\AmBytDR.exe
  2⤵
  PID:6400
- C:\Windows\System\vizzSbt.exe
  C:\Windows\System\vizzSbt.exe
  2⤵
  PID:6868
- C:\Windows\System\zXlSZaD.exe
  C:\Windows\System\zXlSZaD.exe
  2⤵
  PID:6504
- C:\Windows\System\PzorpKe.exe
  C:\Windows\System\PzorpKe.exe
  2⤵
  PID:6700
- C:\Windows\System\MchOVfj.exe
  C:\Windows\System\MchOVfj.exe
  2⤵
  PID:6736
- C:\Windows\System\DKsShqx.exe
  C:\Windows\System\DKsShqx.exe
  2⤵
  PID:6852
- C:\Windows\System\UqELZbf.exe
  C:\Windows\System\UqELZbf.exe
  2⤵
  PID:7064
- C:\Windows\System\guwJSnU.exe
  C:\Windows\System\guwJSnU.exe
  2⤵
  PID:7020
- C:\Windows\System\edKvaZL.exe
  C:\Windows\System\edKvaZL.exe
  2⤵
  PID:7152
- C:\Windows\System\kWxYVVu.exe
  C:\Windows\System\kWxYVVu.exe
  2⤵
  PID:6360
- C:\Windows\System\JebyEdi.exe
  C:\Windows\System\JebyEdi.exe
  2⤵
  PID:6996
- C:\Windows\System\mYqHASD.exe
  C:\Windows\System\mYqHASD.exe
  2⤵
  PID:6908
- C:\Windows\System\QbtgSlE.exe
  C:\Windows\System\QbtgSlE.exe
  2⤵
  PID:6316
- C:\Windows\System\gHWFuuG.exe
  C:\Windows\System\gHWFuuG.exe
  2⤵
  PID:5860
- C:\Windows\System\zXejPdw.exe
  C:\Windows\System\zXejPdw.exe
  2⤵
  PID:6508
- C:\Windows\System\rWfabra.exe
  C:\Windows\System\rWfabra.exe
  2⤵
  PID:5916
- C:\Windows\System\DYWImLl.exe
  C:\Windows\System\DYWImLl.exe
  2⤵
  PID:6452
- C:\Windows\System\ZDIeXSC.exe
  C:\Windows\System\ZDIeXSC.exe
  2⤵
  PID:5964
- C:\Windows\System\hpflLXt.exe
  C:\Windows\System\hpflLXt.exe
  2⤵
  PID:6684
- C:\Windows\System\aLkPpfR.exe
  C:\Windows\System\aLkPpfR.exe
  2⤵
  PID:6928
- C:\Windows\System\ehhBkqM.exe
  C:\Windows\System\ehhBkqM.exe
  2⤵
  PID:6688
- C:\Windows\System\wTHfFKT.exe
  C:\Windows\System\wTHfFKT.exe
  2⤵
  PID:7180
- C:\Windows\System\fhKqUcy.exe
  C:\Windows\System\fhKqUcy.exe
  2⤵
  PID:7196
- C:\Windows\System\JwMdjSM.exe
  C:\Windows\System\JwMdjSM.exe
  2⤵
  PID:7212
- C:\Windows\System\DrANJLJ.exe
  C:\Windows\System\DrANJLJ.exe
  2⤵
  PID:7228
- C:\Windows\System\PKpevaY.exe
  C:\Windows\System\PKpevaY.exe
  2⤵
  PID:7244
- C:\Windows\System\FdDnWYH.exe
  C:\Windows\System\FdDnWYH.exe
  2⤵
  PID:7260
- C:\Windows\System\UbymjoN.exe
  C:\Windows\System\UbymjoN.exe
  2⤵
  PID:7276
- C:\Windows\System\cEbxyzE.exe
  C:\Windows\System\cEbxyzE.exe
  2⤵
  PID:7292
- C:\Windows\System\zJuLIJL.exe
  C:\Windows\System\zJuLIJL.exe
  2⤵
  PID:7308
- C:\Windows\System\ZTcVtDk.exe
  C:\Windows\System\ZTcVtDk.exe
  2⤵
  PID:7324
- C:\Windows\System\JpUgtvT.exe
  C:\Windows\System\JpUgtvT.exe
  2⤵
  PID:7340
- C:\Windows\System\khfIGGZ.exe
  C:\Windows\System\khfIGGZ.exe
  2⤵
  PID:7356
- C:\Windows\System\BjKVKVm.exe
  C:\Windows\System\BjKVKVm.exe
  2⤵
  PID:7372
- C:\Windows\System\PbMcqtc.exe
  C:\Windows\System\PbMcqtc.exe
  2⤵
  PID:7388
- C:\Windows\System\cTyPiZb.exe
  C:\Windows\System\cTyPiZb.exe
  2⤵
  PID:7404
- C:\Windows\System\tWncKOS.exe
  C:\Windows\System\tWncKOS.exe
  2⤵
  PID:7420
- C:\Windows\System\YstCOHC.exe
  C:\Windows\System\YstCOHC.exe
  2⤵
  PID:7436
- C:\Windows\System\BMWQCNM.exe
  C:\Windows\System\BMWQCNM.exe
  2⤵
  PID:7452
- C:\Windows\System\qwjyHFP.exe
  C:\Windows\System\qwjyHFP.exe
  2⤵
  PID:7468
- C:\Windows\System\ALdXrBn.exe
  C:\Windows\System\ALdXrBn.exe
  2⤵
  PID:7484
- C:\Windows\System\hBugyUT.exe
  C:\Windows\System\hBugyUT.exe
  2⤵
  PID:7500
- C:\Windows\System\FMAZBXG.exe
  C:\Windows\System\FMAZBXG.exe
  2⤵
  PID:7516
- C:\Windows\System\gCJfIDM.exe
  C:\Windows\System\gCJfIDM.exe
  2⤵
  PID:7532
- C:\Windows\System\zPyORWc.exe
  C:\Windows\System\zPyORWc.exe
  2⤵
  PID:7548
- C:\Windows\System\SdgicUE.exe
  C:\Windows\System\SdgicUE.exe
  2⤵
  PID:7564
- C:\Windows\System\ABPUlnN.exe
  C:\Windows\System\ABPUlnN.exe
  2⤵
  PID:7580
- C:\Windows\System\qbyTglu.exe
  C:\Windows\System\qbyTglu.exe
  2⤵
  PID:7596
- C:\Windows\System\HJoOHJi.exe
  C:\Windows\System\HJoOHJi.exe
  2⤵
  PID:7612
- C:\Windows\System\yXlxtpe.exe
  C:\Windows\System\yXlxtpe.exe
  2⤵
  PID:7628
- C:\Windows\System\yTJKxue.exe
  C:\Windows\System\yTJKxue.exe
  2⤵
  PID:7644
- C:\Windows\System\PZJHhai.exe
  C:\Windows\System\PZJHhai.exe
  2⤵
  PID:7660
- C:\Windows\System\ivCQLfN.exe
  C:\Windows\System\ivCQLfN.exe
  2⤵
  PID:7680
- C:\Windows\System\SsxmesS.exe
  C:\Windows\System\SsxmesS.exe
  2⤵
  PID:7696
- C:\Windows\System\VSkxeQR.exe
  C:\Windows\System\VSkxeQR.exe
  2⤵
  PID:7712
- C:\Windows\System\EGMuImi.exe
  C:\Windows\System\EGMuImi.exe
  2⤵
  PID:7728
- C:\Windows\System\DJHIeeK.exe
  C:\Windows\System\DJHIeeK.exe
  2⤵
  PID:7744
- C:\Windows\System\MZEhlrJ.exe
  C:\Windows\System\MZEhlrJ.exe
  2⤵
  PID:7760
- C:\Windows\System\aGXKkAy.exe
  C:\Windows\System\aGXKkAy.exe
  2⤵
  PID:7776
- C:\Windows\System\LwSzQRh.exe
  C:\Windows\System\LwSzQRh.exe
  2⤵
  PID:7792
- C:\Windows\System\RUeAhbs.exe
  C:\Windows\System\RUeAhbs.exe
  2⤵
  PID:7808
- C:\Windows\System\wJTaEDd.exe
  C:\Windows\System\wJTaEDd.exe
  2⤵
  PID:7824
- C:\Windows\System\BZCNtWt.exe
  C:\Windows\System\BZCNtWt.exe
  2⤵
  PID:7840
- C:\Windows\System\dgdjXKK.exe
  C:\Windows\System\dgdjXKK.exe
  2⤵
  PID:7856
- C:\Windows\System\vYTqRRV.exe
  C:\Windows\System\vYTqRRV.exe
  2⤵
  PID:7872
- C:\Windows\System\ycGDSHR.exe
  C:\Windows\System\ycGDSHR.exe
  2⤵
  PID:7888
- C:\Windows\System\xxsicTR.exe
  C:\Windows\System\xxsicTR.exe
  2⤵
  PID:7904
- C:\Windows\System\oAqNuJd.exe
  C:\Windows\System\oAqNuJd.exe
  2⤵
  PID:7920
- C:\Windows\System\FqcQQCp.exe
  C:\Windows\System\FqcQQCp.exe
  2⤵
  PID:7936
- C:\Windows\System\lSsDWEv.exe
  C:\Windows\System\lSsDWEv.exe
  2⤵
  PID:7952
- C:\Windows\System\QIwVXaj.exe
  C:\Windows\System\QIwVXaj.exe
  2⤵
  PID:7968
- C:\Windows\System\nrNwlMc.exe
  C:\Windows\System\nrNwlMc.exe
  2⤵
  PID:7984
- C:\Windows\System\ZNGliKi.exe
  C:\Windows\System\ZNGliKi.exe
  2⤵
  PID:8000
- C:\Windows\System\wjWEueG.exe
  C:\Windows\System\wjWEueG.exe
  2⤵
  PID:8016
- C:\Windows\System\DnRTfKl.exe
  C:\Windows\System\DnRTfKl.exe
  2⤵
  PID:8032
- C:\Windows\System\SWHqXRP.exe
  C:\Windows\System\SWHqXRP.exe
  2⤵
  PID:8048
- C:\Windows\System\KwgIuGk.exe
  C:\Windows\System\KwgIuGk.exe
  2⤵
  PID:8064
- C:\Windows\System\gaIvEZG.exe
  C:\Windows\System\gaIvEZG.exe
  2⤵
  PID:8080
- C:\Windows\System\BMqBTCp.exe
  C:\Windows\System\BMqBTCp.exe
  2⤵
  PID:8096
- C:\Windows\System\cBRCndx.exe
  C:\Windows\System\cBRCndx.exe
  2⤵
  PID:8112
- C:\Windows\System\tbeKEpt.exe
  C:\Windows\System\tbeKEpt.exe
  2⤵
  PID:8128
- C:\Windows\System\oTFdKQU.exe
  C:\Windows\System\oTFdKQU.exe
  2⤵
  PID:8144
- C:\Windows\System\cYaUndd.exe
  C:\Windows\System\cYaUndd.exe
  2⤵
  PID:8160
- C:\Windows\System\tWZjigu.exe
  C:\Windows\System\tWZjigu.exe
  2⤵
  PID:8184
- C:\Windows\System\zghGBAf.exe
  C:\Windows\System\zghGBAf.exe
  2⤵
  PID:7172
- C:\Windows\System\SZhjgvR.exe
  C:\Windows\System\SZhjgvR.exe
  2⤵
  PID:7204
- C:\Windows\System\EIcOiQs.exe
  C:\Windows\System\EIcOiQs.exe
  2⤵
  PID:7240
- C:\Windows\System\qjmeTJj.exe
  C:\Windows\System\qjmeTJj.exe
  2⤵
  PID:6888
- C:\Windows\System\DtnfIPm.exe
  C:\Windows\System\DtnfIPm.exe
  2⤵
  PID:7224
- C:\Windows\System\jXMABFV.exe
  C:\Windows\System\jXMABFV.exe
  2⤵
  PID:7304
- C:\Windows\System\MyZuIzH.exe
  C:\Windows\System\MyZuIzH.exe
  2⤵
  PID:7320
- C:\Windows\System\CsTFWaX.exe
  C:\Windows\System\CsTFWaX.exe
  2⤵
  PID:7352
- C:\Windows\System\vNhBpwS.exe
  C:\Windows\System\vNhBpwS.exe
  2⤵
  PID:7400
- C:\Windows\System\yNgXQtq.exe
  C:\Windows\System\yNgXQtq.exe
  2⤵
  PID:7464
- C:\Windows\System\gRSiDll.exe
  C:\Windows\System\gRSiDll.exe
  2⤵
  PID:7416
- C:\Windows\System\pfgvbMx.exe
  C:\Windows\System\pfgvbMx.exe
  2⤵
  PID:7524
- C:\Windows\System\oqHVxng.exe
  C:\Windows\System\oqHVxng.exe
  2⤵
  PID:7560
- C:\Windows\System\IflNigL.exe
  C:\Windows\System\IflNigL.exe
  2⤵
  PID:7588
- C:\Windows\System\qpeDVXO.exe
  C:\Windows\System\qpeDVXO.exe
  2⤵
  PID:7512
- C:\Windows\System\dFrUIXX.exe
  C:\Windows\System\dFrUIXX.exe
  2⤵
  PID:7540
- C:\Windows\System\LmySDkr.exe
  C:\Windows\System\LmySDkr.exe
  2⤵
  PID:7668
- C:\Windows\System\LPOEVki.exe
  C:\Windows\System\LPOEVki.exe
  2⤵
  PID:7176
- C:\Windows\System\ZyailqB.exe
  C:\Windows\System\ZyailqB.exe
  2⤵
  PID:7724
- C:\Windows\System\EuDkqUn.exe
  C:\Windows\System\EuDkqUn.exe
  2⤵
  PID:7672
- C:\Windows\System\vIoJflj.exe
  C:\Windows\System\vIoJflj.exe
  2⤵
  PID:7820
- C:\Windows\System\XSVmhmb.exe
  C:\Windows\System\XSVmhmb.exe
  2⤵
  PID:7884
- C:\Windows\System\PXzkSMj.exe
  C:\Windows\System\PXzkSMj.exe
  2⤵
  PID:7964
- C:\Windows\System\iAwwNmT.exe
  C:\Windows\System\iAwwNmT.exe
  2⤵
  PID:7992
- C:\Windows\System\xoINZYQ.exe
  C:\Windows\System\xoINZYQ.exe
  2⤵
  PID:8044
- C:\Windows\System\lMNzeER.exe
  C:\Windows\System\lMNzeER.exe
  2⤵
  PID:8028
- C:\Windows\System\klUpMoy.exe
  C:\Windows\System\klUpMoy.exe
  2⤵
  PID:8060
- C:\Windows\System\slBQefC.exe
  C:\Windows\System\slBQefC.exe
  2⤵
  PID:8120
- C:\Windows\System\HjKJUMK.exe
  C:\Windows\System\HjKJUMK.exe
  2⤵
  PID:8156
- C:\Windows\System\esCUwhd.exe
  C:\Windows\System\esCUwhd.exe
  2⤵
  PID:5648
- C:\Windows\System\sqsTYhj.exe
  C:\Windows\System\sqsTYhj.exe
  2⤵
  PID:7192
- C:\Windows\System\xdtXuOI.exe
  C:\Windows\System\xdtXuOI.exe
  2⤵
  PID:7288
- C:\Windows\System\fZXVaEF.exe
  C:\Windows\System\fZXVaEF.exe
  2⤵
  PID:7432
- C:\Windows\System\UYJvHIb.exe
  C:\Windows\System\UYJvHIb.exe
  2⤵
  PID:7368
- C:\Windows\System\azbBUSH.exe
  C:\Windows\System\azbBUSH.exe
  2⤵
  PID:7396
- C:\Windows\System\UxJmkCF.exe
  C:\Windows\System\UxJmkCF.exe
  2⤵
  PID:7608
- C:\Windows\System\GkWlKUM.exe
  C:\Windows\System\GkWlKUM.exe
  2⤵
  PID:7880
- C:\Windows\System\uWZZaCN.exe
  C:\Windows\System\uWZZaCN.exe
  2⤵
  PID:7528
- C:\Windows\System\qBeqMBl.exe
  C:\Windows\System\qBeqMBl.exe
  2⤵
  PID:7576
- C:\Windows\System\nwFgRbG.exe
  C:\Windows\System\nwFgRbG.exe
  2⤵
  PID:7704
- C:\Windows\System\HFXDUhJ.exe
  C:\Windows\System\HFXDUhJ.exe
  2⤵
  PID:8008
- C:\Windows\System\JZIdzwZ.exe
  C:\Windows\System\JZIdzwZ.exe
  2⤵
  PID:7736
- C:\Windows\System\hKevisJ.exe
  C:\Windows\System\hKevisJ.exe
  2⤵
  PID:7768
- C:\Windows\System\ucuwyKy.exe
  C:\Windows\System\ucuwyKy.exe
  2⤵
  PID:7900
- C:\Windows\System\EItlaWL.exe
  C:\Windows\System\EItlaWL.exe
  2⤵
  PID:7804
- C:\Windows\System\shgjeQQ.exe
  C:\Windows\System\shgjeQQ.exe
  2⤵
  PID:7916
- C:\Windows\System\LzRALqH.exe
  C:\Windows\System\LzRALqH.exe
  2⤵
  PID:8136
- C:\Windows\System\JfvNgFW.exe
  C:\Windows\System\JfvNgFW.exe
  2⤵
  PID:7284
- C:\Windows\System\bIhivwH.exe
  C:\Windows\System\bIhivwH.exe
  2⤵
  PID:8024
- C:\Windows\System\kDTGHka.exe
  C:\Windows\System\kDTGHka.exe
  2⤵
  PID:8152
- C:\Windows\System\fbUaLFB.exe
  C:\Windows\System\fbUaLFB.exe
  2⤵
  PID:7476
- C:\Windows\System\fZVhDAM.exe
  C:\Windows\System\fZVhDAM.exe
  2⤵
  PID:7496
- C:\Windows\System\UAdnfAr.exe
  C:\Windows\System\UAdnfAr.exe
  2⤵
  PID:7720
- C:\Windows\System\AHfbrIp.exe
  C:\Windows\System\AHfbrIp.exe
  2⤵
  PID:7912
- C:\Windows\System\acuTVnT.exe
  C:\Windows\System\acuTVnT.exe
  2⤵
  PID:7740
- C:\Windows\System\ynlZWNp.exe
  C:\Windows\System\ynlZWNp.exe
  2⤵
  PID:780
- C:\Windows\System\melxdmc.exe
  C:\Windows\System\melxdmc.exe
  2⤵
  PID:8040
- C:\Windows\System\NZnzyez.exe
  C:\Windows\System\NZnzyez.exe
  2⤵
  PID:7220
- C:\Windows\System\rcuTlYo.exe
  C:\Windows\System\rcuTlYo.exe
  2⤵
  PID:7692
- C:\Windows\System\ShBAWyb.exe
  C:\Windows\System\ShBAWyb.exe
  2⤵
  PID:8076
- C:\Windows\System\WcivssM.exe
  C:\Windows\System\WcivssM.exe
  2⤵
  PID:7676
- C:\Windows\System\TVqoBHw.exe
  C:\Windows\System\TVqoBHw.exe
  2⤵
  PID:7624
- C:\Windows\System\tnQMViy.exe
  C:\Windows\System\tnQMViy.exe
  2⤵
  PID:8204
- C:\Windows\System\XjSaXGB.exe
  C:\Windows\System\XjSaXGB.exe
  2⤵
  PID:8220
- C:\Windows\System\YpAAaoJ.exe
  C:\Windows\System\YpAAaoJ.exe
  2⤵
  PID:8240
- C:\Windows\System\QsJlrCD.exe
  C:\Windows\System\QsJlrCD.exe
  2⤵
  PID:8256
- C:\Windows\System\oSQeRKT.exe
  C:\Windows\System\oSQeRKT.exe
  2⤵
  PID:8272
- C:\Windows\System\ZVhJiez.exe
  C:\Windows\System\ZVhJiez.exe
  2⤵
  PID:8292
- C:\Windows\System\OtpcQLE.exe
  C:\Windows\System\OtpcQLE.exe
  2⤵
  PID:8312
- C:\Windows\System\zkLKxAk.exe
  C:\Windows\System\zkLKxAk.exe
  2⤵
  PID:8332
- C:\Windows\System\gLFqyMI.exe
  C:\Windows\System\gLFqyMI.exe
  2⤵
  PID:8348
- C:\Windows\System\TIgQOpw.exe
  C:\Windows\System\TIgQOpw.exe
  2⤵
  PID:8364
- C:\Windows\System\redrHjT.exe
  C:\Windows\System\redrHjT.exe
  2⤵
  PID:8384
- C:\Windows\System\NVEtWka.exe
  C:\Windows\System\NVEtWka.exe
  2⤵
  PID:8400
- C:\Windows\System\FyDGXER.exe
  C:\Windows\System\FyDGXER.exe
  2⤵
  PID:8416
- C:\Windows\System\zNWYEzE.exe
  C:\Windows\System\zNWYEzE.exe
  2⤵
  PID:8432
- C:\Windows\System\PmAvgOR.exe
  C:\Windows\System\PmAvgOR.exe
  2⤵
  PID:8448
- C:\Windows\System\VRTZvjL.exe
  C:\Windows\System\VRTZvjL.exe
  2⤵
  PID:8464
- C:\Windows\System\jvmMGof.exe
  C:\Windows\System\jvmMGof.exe
  2⤵
  PID:8480
- C:\Windows\System\SeVtDJl.exe
  C:\Windows\System\SeVtDJl.exe
  2⤵
  PID:8496
- C:\Windows\System\uXkSHdT.exe
  C:\Windows\System\uXkSHdT.exe
  2⤵
  PID:8516
- C:\Windows\System\HWSkXoz.exe
  C:\Windows\System\HWSkXoz.exe
  2⤵
  PID:8532
- C:\Windows\System\TPynJvU.exe
  C:\Windows\System\TPynJvU.exe
  2⤵
  PID:8556
- C:\Windows\System\TwOocdb.exe
  C:\Windows\System\TwOocdb.exe
  2⤵
  PID:8572
- C:\Windows\System\ZoEvpNV.exe
  C:\Windows\System\ZoEvpNV.exe
  2⤵
  PID:8592
- C:\Windows\System\RpQoRII.exe
  C:\Windows\System\RpQoRII.exe
  2⤵
  PID:8608
- C:\Windows\System\HGZgRfH.exe
  C:\Windows\System\HGZgRfH.exe
  2⤵
  PID:8624
- C:\Windows\System\WEQRvGM.exe
  C:\Windows\System\WEQRvGM.exe
  2⤵
  PID:8640
- C:\Windows\System\jzUlUhR.exe
  C:\Windows\System\jzUlUhR.exe
  2⤵
  PID:8656
- C:\Windows\System\svPmYTO.exe
  C:\Windows\System\svPmYTO.exe
  2⤵
  PID:8672
- C:\Windows\System\PxKUcSI.exe
  C:\Windows\System\PxKUcSI.exe
  2⤵
  PID:8688
- C:\Windows\System\KPmqDXP.exe
  C:\Windows\System\KPmqDXP.exe
  2⤵
  PID:8704
- C:\Windows\System\ePkEmXf.exe
  C:\Windows\System\ePkEmXf.exe
  2⤵
  PID:8720
- C:\Windows\System\YTcOZmC.exe
  C:\Windows\System\YTcOZmC.exe
  2⤵
  PID:8736
- C:\Windows\System\cpcSrjg.exe
  C:\Windows\System\cpcSrjg.exe
  2⤵
  PID:8752
- C:\Windows\System\WjCOEmE.exe
  C:\Windows\System\WjCOEmE.exe
  2⤵
  PID:8768
- C:\Windows\System\iAPQUsS.exe
  C:\Windows\System\iAPQUsS.exe
  2⤵
  PID:8784
- C:\Windows\System\bBiaDDD.exe
  C:\Windows\System\bBiaDDD.exe
  2⤵
  PID:8800
- C:\Windows\System\tlmdLuU.exe
  C:\Windows\System\tlmdLuU.exe
  2⤵
  PID:8824
- C:\Windows\System\JAQYSNc.exe
  C:\Windows\System\JAQYSNc.exe
  2⤵
  PID:8840
- C:\Windows\System\VRhGjOD.exe
  C:\Windows\System\VRhGjOD.exe
  2⤵
  PID:8860
- C:\Windows\System\XmKcFqT.exe
  C:\Windows\System\XmKcFqT.exe
  2⤵
  PID:8876
- C:\Windows\System\vsvjvGw.exe
  C:\Windows\System\vsvjvGw.exe
  2⤵
  PID:8892
- C:\Windows\System\FDAsfXR.exe
  C:\Windows\System\FDAsfXR.exe
  2⤵
  PID:8908
- C:\Windows\System\NLaAdCy.exe
  C:\Windows\System\NLaAdCy.exe
  2⤵
  PID:8924
- C:\Windows\System\jJcSRAB.exe
  C:\Windows\System\jJcSRAB.exe
  2⤵
  PID:9124
- C:\Windows\System\kOyNcLA.exe
  C:\Windows\System\kOyNcLA.exe
  2⤵
  PID:8488
- C:\Windows\System\EpJKBAj.exe
  C:\Windows\System\EpJKBAj.exe
  2⤵
  PID:8528
- C:\Windows\System\NYHxMlf.exe
  C:\Windows\System\NYHxMlf.exe
  2⤵
  PID:8508
- C:\Windows\System\NoSzopI.exe
  C:\Windows\System\NoSzopI.exe
  2⤵
  PID:8584
- C:\Windows\System\ntEnsEw.exe
  C:\Windows\System\ntEnsEw.exe
  2⤵
  PID:8632
- C:\Windows\System\xBNOkxV.exe
  C:\Windows\System\xBNOkxV.exe
  2⤵
  PID:8728
- C:\Windows\System\zfMPlgS.exe
  C:\Windows\System\zfMPlgS.exe
  2⤵
  PID:8744
- C:\Windows\System\NUIGqsR.exe
  C:\Windows\System\NUIGqsR.exe
  2⤵
  PID:8816
- C:\Windows\System\VaUrPcS.exe
  C:\Windows\System\VaUrPcS.exe
  2⤵
  PID:1696
- C:\Windows\System\oruwYno.exe
  C:\Windows\System\oruwYno.exe
  2⤵
  PID:8916
- C:\Windows\System\hlFxdjK.exe
  C:\Windows\System\hlFxdjK.exe
  2⤵
  PID:8944
- C:\Windows\System\GxcHajh.exe
  C:\Windows\System\GxcHajh.exe
  2⤵
  PID:8960
- C:\Windows\System\mVxoaWC.exe
  C:\Windows\System\mVxoaWC.exe
  2⤵
  PID:8976
- C:\Windows\System\cXWMrpY.exe
  C:\Windows\System\cXWMrpY.exe
  2⤵
  PID:8988
- C:\Windows\System\fFJgUoZ.exe
  C:\Windows\System\fFJgUoZ.exe
  2⤵
  PID:8996
- C:\Windows\System\LcRofug.exe
  C:\Windows\System\LcRofug.exe
  2⤵
  PID:9028
- C:\Windows\System\IPyVbKJ.exe
  C:\Windows\System\IPyVbKJ.exe
  2⤵
  PID:9040
- C:\Windows\System\NCIXQRO.exe
  C:\Windows\System\NCIXQRO.exe
  2⤵
  PID:9056
- C:\Windows\System\fQaEcgw.exe
  C:\Windows\System\fQaEcgw.exe
  2⤵
  PID:9072
- C:\Windows\System\FSzuGHG.exe
  C:\Windows\System\FSzuGHG.exe
  2⤵
  PID:9100
- C:\Windows\System\DPsCjyH.exe
  C:\Windows\System\DPsCjyH.exe
  2⤵
  PID:9104
- C:\Windows\System\AzXeWpi.exe
  C:\Windows\System\AzXeWpi.exe
  2⤵
  PID:8856
- C:\Windows\System\nyYIVTg.exe
  C:\Windows\System\nyYIVTg.exe
  2⤵
  PID:2908
- C:\Windows\System\AbDtMsm.exe
  C:\Windows\System\AbDtMsm.exe
  2⤵
  PID:9132
- C:\Windows\System\XSTyFMF.exe
  C:\Windows\System\XSTyFMF.exe
  2⤵
  PID:9196
- C:\Windows\System\ApHeoXW.exe
  C:\Windows\System\ApHeoXW.exe
  2⤵
  PID:9212
- C:\Windows\System\FEEAKYp.exe
  C:\Windows\System\FEEAKYp.exe
  2⤵
  PID:8252
- C:\Windows\System\lnejmYd.exe
  C:\Windows\System\lnejmYd.exe
  2⤵
  PID:8280
- C:\Windows\System\RkwFTfg.exe
  C:\Windows\System\RkwFTfg.exe
  2⤵
  PID:8236
- C:\Windows\System\TyBinsi.exe
  C:\Windows\System\TyBinsi.exe
  2⤵
  PID:8696
- C:\Windows\System\tYXOkaA.exe
  C:\Windows\System\tYXOkaA.exe
  2⤵
  PID:332
- C:\Windows\System\uSntgFG.exe
  C:\Windows\System\uSntgFG.exe
  2⤵
  PID:2036
- C:\Windows\System\qtZRMzH.exe
  C:\Windows\System\qtZRMzH.exe
  2⤵
  PID:8884
- C:\Windows\System\hEmrQlu.exe
  C:\Windows\System\hEmrQlu.exe
  2⤵
  PID:8600
- C:\Windows\System\CpczhkR.exe
  C:\Windows\System\CpczhkR.exe
  2⤵
  PID:8444
- C:\Windows\System\aWBJliA.exe
  C:\Windows\System\aWBJliA.exe
  2⤵
  PID:8980
- C:\Windows\System\quMaHbB.exe
  C:\Windows\System\quMaHbB.exe
  2⤵
  PID:9084
- C:\Windows\System\tRcxbPC.exe
  C:\Windows\System\tRcxbPC.exe
  2⤵
  PID:8604
- C:\Windows\System\aIYvflw.exe
  C:\Windows\System\aIYvflw.exe
  2⤵
  PID:8792
- C:\Windows\System\kVoZgDD.exe
  C:\Windows\System\kVoZgDD.exe
  2⤵
  PID:8652
- C:\Windows\System\BvaYCBy.exe
  C:\Windows\System\BvaYCBy.exe
  2⤵
  PID:1312
- C:\Windows\System\zTWBEVf.exe
  C:\Windows\System\zTWBEVf.exe
  2⤵
  PID:2372
- C:\Windows\System\qLkhAWJ.exe
  C:\Windows\System\qLkhAWJ.exe
  2⤵
  PID:9008
- C:\Windows\System\lzfJeDY.exe
  C:\Windows\System\lzfJeDY.exe
  2⤵
  PID:9064
- C:\Windows\System\HiVmHSs.exe
  C:\Windows\System\HiVmHSs.exe
  2⤵
  PID:1476
- C:\Windows\System\CLbayKH.exe
  C:\Windows\System\CLbayKH.exe
  2⤵
  PID:8268
- C:\Windows\System\raHzuFF.exe
  C:\Windows\System\raHzuFF.exe
  2⤵
  PID:8392
- C:\Windows\System\pnsCgsv.exe
  C:\Windows\System\pnsCgsv.exe
  2⤵
  PID:8580
- C:\Windows\System\qWYUlsU.exe
  C:\Windows\System\qWYUlsU.exe
  2⤵
  PID:8300
- C:\Windows\System\SKeyDxM.exe
  C:\Windows\System\SKeyDxM.exe
  2⤵
  PID:8308
- C:\Windows\System\MOvvuXn.exe
  C:\Windows\System\MOvvuXn.exe
  2⤵
  PID:8396
- C:\Windows\System\hWFdOQp.exe
  C:\Windows\System\hWFdOQp.exe
  2⤵
  PID:8504
- C:\Windows\System\khDrYAB.exe
  C:\Windows\System\khDrYAB.exe
  2⤵
  PID:8320
- C:\Windows\System\LAUpcbi.exe
  C:\Windows\System\LAUpcbi.exe
  2⤵
  PID:8196
- C:\Windows\System\hDEVpqn.exe
  C:\Windows\System\hDEVpqn.exe
  2⤵
  PID:8248
- C:\Windows\System\njdOaoA.exe
  C:\Windows\System\njdOaoA.exe
  2⤵
  PID:8836
- C:\Windows\System\sfppcST.exe
  C:\Windows\System\sfppcST.exe
  2⤵
  PID:8476
- C:\Windows\System\rolssrY.exe
  C:\Windows\System\rolssrY.exe
  2⤵
  PID:9060
- C:\Windows\System\CmUDBuB.exe
  C:\Windows\System\CmUDBuB.exe
  2⤵
  PID:9048
- C:\Windows\System\bkHLcWH.exe
  C:\Windows\System\bkHLcWH.exe
  2⤵
  PID:8620
- C:\Windows\System\AYfqZBi.exe
  C:\Windows\System\AYfqZBi.exe
  2⤵
  PID:2344
- C:\Windows\System\bxgprWr.exe
  C:\Windows\System\bxgprWr.exe
  2⤵
  PID:9036
- C:\Windows\System\lxjGemY.exe
  C:\Windows\System\lxjGemY.exe
  2⤵
  PID:8712
- C:\Windows\System\CyNhDjd.exe
  C:\Windows\System\CyNhDjd.exe
  2⤵
  PID:7976
- C:\Windows\System\HwOmMjR.exe
  C:\Windows\System\HwOmMjR.exe
  2⤵
  PID:8380
- C:\Windows\System\DOSZeeD.exe
  C:\Windows\System\DOSZeeD.exe
  2⤵
  PID:8324
- C:\Windows\System\dhhrswy.exe
  C:\Windows\System\dhhrswy.exe
  2⤵
  PID:8544
- C:\Windows\System\ducyvHP.exe
  C:\Windows\System\ducyvHP.exe
  2⤵
  PID:8832
- C:\Windows\System\AhuwMxC.exe
  C:\Windows\System\AhuwMxC.exe
  2⤵
  PID:8564
- C:\Windows\System\xOwSYWb.exe
  C:\Windows\System\xOwSYWb.exe
  2⤵
  PID:7336
- C:\Windows\System\oixtZrp.exe
  C:\Windows\System\oixtZrp.exe
  2⤵
  PID:8808
- C:\Windows\System\iWrIZtH.exe
  C:\Windows\System\iWrIZtH.exe
  2⤵
  PID:2000
- C:\Windows\System\DPIoNlI.exe
  C:\Windows\System\DPIoNlI.exe
  2⤵
  PID:8972
- C:\Windows\System\jmZMIsB.exe
  C:\Windows\System\jmZMIsB.exe
  2⤵
  PID:7800
- C:\Windows\System\aFFCwPo.exe
  C:\Windows\System\aFFCwPo.exe
  2⤵
  PID:8328
- C:\Windows\System\sKBCeuc.exe
  C:\Windows\System\sKBCeuc.exe
  2⤵
  PID:8668
- C:\Windows\System\DvyuWTZ.exe
  C:\Windows\System\DvyuWTZ.exe
  2⤵
  PID:8460
- C:\Windows\System\FazypOe.exe
  C:\Windows\System\FazypOe.exe
  2⤵
  PID:8904
- C:\Windows\System\BUrVBRx.exe
  C:\Windows\System\BUrVBRx.exe
  2⤵
  PID:8344
- C:\Windows\System\jANTzFd.exe
  C:\Windows\System\jANTzFd.exe
  2⤵
  PID:8552
- C:\Windows\System\oYyKPoN.exe
  C:\Windows\System\oYyKPoN.exe
  2⤵
  PID:8852
- C:\Windows\System\eDsEqDs.exe
  C:\Windows\System\eDsEqDs.exe
  2⤵
  PID:9204
- C:\Windows\System\bSKRuwj.exe
  C:\Windows\System\bSKRuwj.exe
  2⤵
  PID:8408
- C:\Windows\System\WWxNZry.exe
  C:\Windows\System\WWxNZry.exe
  2⤵
  PID:9236
- C:\Windows\System\SUqdhos.exe
  C:\Windows\System\SUqdhos.exe
  2⤵
  PID:9260
- C:\Windows\System\QhQByoZ.exe
  C:\Windows\System\QhQByoZ.exe
  2⤵
  PID:9280
- C:\Windows\System\jrjGIBb.exe
  C:\Windows\System\jrjGIBb.exe
  2⤵
  PID:9300
- C:\Windows\System\xXcSxVZ.exe
  C:\Windows\System\xXcSxVZ.exe
  2⤵
  PID:9316
- C:\Windows\System\tBWSSWF.exe
  C:\Windows\System\tBWSSWF.exe
  2⤵
  PID:9336
- C:\Windows\System\JhDpJyZ.exe
  C:\Windows\System\JhDpJyZ.exe
  2⤵
  PID:9352
- C:\Windows\System\iKDhIyY.exe
  C:\Windows\System\iKDhIyY.exe
  2⤵
  PID:9368
- C:\Windows\System\XdJAgII.exe
  C:\Windows\System\XdJAgII.exe
  2⤵
  PID:9384
- C:\Windows\System\ELMMydF.exe
  C:\Windows\System\ELMMydF.exe
  2⤵
  PID:9400
- C:\Windows\System\CnPcNcH.exe
  C:\Windows\System\CnPcNcH.exe
  2⤵
  PID:9416
- C:\Windows\System\vyLDUWu.exe
  C:\Windows\System\vyLDUWu.exe
  2⤵
  PID:9432
- C:\Windows\System\TfHKJmG.exe
  C:\Windows\System\TfHKJmG.exe
  2⤵
  PID:9452
- C:\Windows\System\WjXMhXb.exe
  C:\Windows\System\WjXMhXb.exe
  2⤵
  PID:9472
- C:\Windows\System\tvIIvKp.exe
  C:\Windows\System\tvIIvKp.exe
  2⤵
  PID:9488
- C:\Windows\System\LWAgXkq.exe
  C:\Windows\System\LWAgXkq.exe
  2⤵
  PID:9504
- C:\Windows\System\xtoMZng.exe
  C:\Windows\System\xtoMZng.exe
  2⤵
  PID:9520
- C:\Windows\System\dOpqLFA.exe
  C:\Windows\System\dOpqLFA.exe
  2⤵
  PID:9536
- C:\Windows\System\IMaNsDA.exe
  C:\Windows\System\IMaNsDA.exe
  2⤵
  PID:9552
- C:\Windows\System\fqOCxjt.exe
  C:\Windows\System\fqOCxjt.exe
  2⤵
  PID:9568
- C:\Windows\System\CNUflEA.exe
  C:\Windows\System\CNUflEA.exe
  2⤵
  PID:9584
- C:\Windows\System\OJSsgox.exe
  C:\Windows\System\OJSsgox.exe
  2⤵
  PID:9600
- C:\Windows\System\kOdIowk.exe
  C:\Windows\System\kOdIowk.exe
  2⤵
  PID:9620
- C:\Windows\System\ukMusUf.exe
  C:\Windows\System\ukMusUf.exe
  2⤵
  PID:9636
- C:\Windows\System\cXqpcfG.exe
  C:\Windows\System\cXqpcfG.exe
  2⤵
  PID:9652
- C:\Windows\System\xSvZVPZ.exe
  C:\Windows\System\xSvZVPZ.exe
  2⤵
  PID:9668
- C:\Windows\System\VZvGXYs.exe
  C:\Windows\System\VZvGXYs.exe
  2⤵
  PID:9684
- C:\Windows\System\DpUrLzu.exe
  C:\Windows\System\DpUrLzu.exe
  2⤵
  PID:9708
- C:\Windows\System\fwvTwIs.exe
  C:\Windows\System\fwvTwIs.exe
  2⤵
  PID:9732
- C:\Windows\System\gzWfLPf.exe
  C:\Windows\System\gzWfLPf.exe
  2⤵
  PID:9768
- C:\Windows\System\LSTgaKg.exe
  C:\Windows\System\LSTgaKg.exe
  2⤵
  PID:9788
- C:\Windows\System\ioRFGnB.exe
  C:\Windows\System\ioRFGnB.exe
  2⤵
  PID:9804
- C:\Windows\System\efTHBvf.exe
  C:\Windows\System\efTHBvf.exe
  2⤵
  PID:9824
- C:\Windows\System\OSAFVcy.exe
  C:\Windows\System\OSAFVcy.exe
  2⤵
  PID:9840
- C:\Windows\System\msZQMsC.exe
  C:\Windows\System\msZQMsC.exe
  2⤵
  PID:9856
- C:\Windows\System\RXIMJTT.exe
  C:\Windows\System\RXIMJTT.exe
  2⤵
  PID:9872
- C:\Windows\System\hVnhIMN.exe
  C:\Windows\System\hVnhIMN.exe
  2⤵
  PID:9888
- C:\Windows\System\SvhIhjA.exe
  C:\Windows\System\SvhIhjA.exe
  2⤵
  PID:9904
- C:\Windows\System\iwYpEfz.exe
  C:\Windows\System\iwYpEfz.exe
  2⤵
  PID:9924
- C:\Windows\System\vwrTYdJ.exe
  C:\Windows\System\vwrTYdJ.exe
  2⤵
  PID:9940
- C:\Windows\System\mdQudel.exe
  C:\Windows\System\mdQudel.exe
  2⤵
  PID:9956
- C:\Windows\System\PVgDySt.exe
  C:\Windows\System\PVgDySt.exe
  2⤵
  PID:9976
- C:\Windows\System\oNfdMiW.exe
  C:\Windows\System\oNfdMiW.exe
  2⤵
  PID:9992
- C:\Windows\System\KMmauHR.exe
  C:\Windows\System\KMmauHR.exe
  2⤵
  PID:10008
- C:\Windows\System\WMtVPhh.exe
  C:\Windows\System\WMtVPhh.exe
  2⤵
  PID:10028
- C:\Windows\System\kRqvYjM.exe
  C:\Windows\System\kRqvYjM.exe
  2⤵
  PID:10048
- C:\Windows\System\rotqDio.exe
  C:\Windows\System\rotqDio.exe
  2⤵
  PID:10072
- C:\Windows\System\QKoSMou.exe
  C:\Windows\System\QKoSMou.exe
  2⤵
  PID:10092
- C:\Windows\System\EjzZfGk.exe
  C:\Windows\System\EjzZfGk.exe
  2⤵
  PID:10112
- C:\Windows\System\lJSbQwp.exe
  C:\Windows\System\lJSbQwp.exe
  2⤵
  PID:10132
- C:\Windows\System\XCmZuIi.exe
  C:\Windows\System\XCmZuIi.exe
  2⤵
  PID:10152
- C:\Windows\System\OCIJVEI.exe
  C:\Windows\System\OCIJVEI.exe
  2⤵
  PID:10176
- C:\Windows\System\Zwobbia.exe
  C:\Windows\System\Zwobbia.exe
  2⤵
  PID:10200
- C:\Windows\System\TvJcQOt.exe
  C:\Windows\System\TvJcQOt.exe
  2⤵
  PID:10224
- C:\Windows\System\mOPFoMp.exe
  C:\Windows\System\mOPFoMp.exe
  2⤵
  PID:9220
- C:\Windows\System\xXmzlPv.exe
  C:\Windows\System\xXmzlPv.exe
  2⤵
  PID:8288
- C:\Windows\System\JuuEbKJ.exe
  C:\Windows\System\JuuEbKJ.exe
  2⤵
  PID:7620
- C:\Windows\System\FeVSBPY.exe
  C:\Windows\System\FeVSBPY.exe
  2⤵
  PID:9272
- C:\Windows\System\iKJkAHX.exe
  C:\Windows\System\iKJkAHX.exe
  2⤵
  PID:9256
- C:\Windows\System\ggevepm.exe
  C:\Windows\System\ggevepm.exe
  2⤵
  PID:9312
- C:\Windows\System\vdjLiWi.exe
  C:\Windows\System\vdjLiWi.exe
  2⤵
  PID:9376
- C:\Windows\System\YwmvDMG.exe
  C:\Windows\System\YwmvDMG.exe
  2⤵
  PID:9444
- C:\Windows\System\PxHXboz.exe
  C:\Windows\System\PxHXboz.exe
  2⤵
  PID:9324
- C:\Windows\System\ZHDVhBc.exe
  C:\Windows\System\ZHDVhBc.exe
  2⤵
  PID:9468
- C:\Windows\System\GYySkTc.exe
  C:\Windows\System\GYySkTc.exe
  2⤵
  PID:9528
- C:\Windows\System\uNmKVot.exe
  C:\Windows\System\uNmKVot.exe
  2⤵
  PID:9580
- C:\Windows\System\jGqbOUy.exe
  C:\Windows\System\jGqbOUy.exe
  2⤵
  PID:6480
- C:\Windows\System\sGsJGRN.exe
  C:\Windows\System\sGsJGRN.exe
  2⤵
  PID:9716
- C:\Windows\System\bcqtFwc.exe
  C:\Windows\System\bcqtFwc.exe
  2⤵
  PID:9776
- C:\Windows\System\SqqBQxn.exe
  C:\Windows\System\SqqBQxn.exe
  2⤵
  PID:9816
- C:\Windows\System\bSVFpfZ.exe
  C:\Windows\System\bSVFpfZ.exe
  2⤵
  PID:9836
- C:\Windows\System\XyfRckN.exe
  C:\Windows\System\XyfRckN.exe
  2⤵
  PID:9880
- C:\Windows\System\PxhkXtS.exe
  C:\Windows\System\PxhkXtS.exe
  2⤵
  PID:9800
- C:\Windows\System\fWnutOu.exe
  C:\Windows\System\fWnutOu.exe
  2⤵
  PID:9868
- C:\Windows\System\MrsuIBB.exe
  C:\Windows\System\MrsuIBB.exe
  2⤵
  PID:9920
- C:\Windows\System\XBxibtv.exe
  C:\Windows\System\XBxibtv.exe
  2⤵
  PID:9932
- C:\Windows\System\SliFFAW.exe
  C:\Windows\System\SliFFAW.exe
  2⤵
  PID:10016
- C:\Windows\System\pfWzwDF.exe
  C:\Windows\System\pfWzwDF.exe
  2⤵
  PID:10056
- C:\Windows\System\GrACaVg.exe
  C:\Windows\System\GrACaVg.exe
  2⤵
  PID:10104
- C:\Windows\System\cldAzQF.exe
  C:\Windows\System\cldAzQF.exe
  2⤵
  PID:10184
- C:\Windows\System\MDuOBAq.exe
  C:\Windows\System\MDuOBAq.exe
  2⤵
  PID:10120
- C:\Windows\System\VqEjSpq.exe
  C:\Windows\System\VqEjSpq.exe
  2⤵
  PID:10040
- C:\Windows\System\SMkgaHd.exe
  C:\Windows\System\SMkgaHd.exe
  2⤵
  PID:10088
- C:\Windows\System\WkXrzsJ.exe
  C:\Windows\System\WkXrzsJ.exe
  2⤵
  PID:10164
- C:\Windows\System\VqqUIcB.exe
  C:\Windows\System\VqqUIcB.exe
  2⤵
  PID:10192
- C:\Windows\System\WODcMjz.exe
  C:\Windows\System\WODcMjz.exe
  2⤵
  PID:10208
- C:\Windows\System\CehoTZh.exe
  C:\Windows\System\CehoTZh.exe
  2⤵
  PID:9232
- C:\Windows\System\VMJLVek.exe
  C:\Windows\System\VMJLVek.exe
  2⤵
  PID:9268
- C:\Windows\System\nqVaMja.exe
  C:\Windows\System\nqVaMja.exe
  2⤵
  PID:9292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CMMVFoM.exe

Filesize
6.0MB

MD5
b3e3132c3d0be3f9eeca05fffeb0b0a5

SHA1
bd93ff581f922e033af5760bf01730655b9c5812

SHA256
33c5e5ec0d57db9f1fddff8448864c5622a3930bb6b11179c5db87a73fcda5b6

SHA512
7004fbcb482345a4074271d48cce3f100b5836016543fd791823455ae8ac902bff77750f0fc21a15c2bc61f430ab68dacc623e564517e5e350f381c7b073c89b

Download Submit
C:\Windows\system\CyJPuDB.exe

Filesize
6.0MB

MD5
3cdd7bce8ee661d76f2d53bc9507d471

SHA1
9f194752dced1a28d250f0ee60b473eee234fba9

SHA256
63488fe752a407831996040dab6170b975dde79327f0be71f475e1015ab879f7

SHA512
ca23a1d426307f1f2c49abfa53b11f0e3cbb7185d17e54b00a36d9cdadad438635051704eec0d59e7ed733c6f6e2b5703c824717b76756a3f7d9ee1ae412cd92

Download Submit
C:\Windows\system\DkkpmCk.exe

Filesize
6.0MB

MD5
25e64b598808f8052fac36868985fcec

SHA1
bf8977e4444a372d033d53e581dd9fa8e0682081

SHA256
096e1b4faaa6276db027817d7a11bda5dd17193c4ea342edceba67858fb930a9

SHA512
b1b846f396a21612cb2a7eafad261df15094ff7dc46adab2dbce96987a73e90dd10a914577dd00a653210af53d28e215d9a21917ad0e284590c7a9b6d9467974

Download Submit
C:\Windows\system\GsdKPIH.exe

Filesize
6.0MB

MD5
7c71c1377144f3d90d976c1a6af454e1

SHA1
1b1b45dfbeca3ae8af64d34a59456b44d1df6df3

SHA256
a01aacc0a6d5b4200f1af9fc9ee13c6a57756f0257cab51f5a6b6c30dbec47cd

SHA512
bd20b55df744cdd868126197c56a838f2dafc5e2361ca490a871411a0320550cd62f4ef386a237b5b54156192ec9878c087d8580d3c011489f40faff2ba47781

Download Submit
C:\Windows\system\HhyzexC.exe

Filesize
6.0MB

MD5
50e6ceaaf65e17425b34c646459b2487

SHA1
a65486a250f8dbce39e093c7ea71045fa673d3b6

SHA256
14bc9e0909a909a7872d81c6d4dc8e009ee02c62c82e7793fb5130aa5e845f07

SHA512
ce73d304cd1911f212ea617adec338c394bc80e9475749508031acba9123ef68c7efced6811c281a6ead18686787180ac39b77878ceccd92ef50b080ff7f9756

Download Submit
C:\Windows\system\MGVwghT.exe

Filesize
6.0MB

MD5
719aac3293fa8135b42fd01334eaacd1

SHA1
028e9dda5a085e94a0fe2377c1e43c2763a95000

SHA256
0337823a85c1585cf251d810c520d415d8cf57ed7f2b94cc710b18eaca2216fc

SHA512
d1754683abb88ad528a483684a182fea574b89adb5b94bcf01102fe6ddd40f693838e24f14bb060d41aec8f8b90c8bc3ea698bcb5ecae311e64b2735daa6229a

Download Submit
C:\Windows\system\OUQoPhV.exe

Filesize
6.0MB

MD5
f38231b8c70331e4116e800e1b3bfd5c

SHA1
acfe7b4e037d602ff15777ae250400b08ab58359

SHA256
c3f70a1d7f337a8e693f3ff997b1778192ee4540dddfeb9065035ee1303331fc

SHA512
75b2289dd6f92d0b15dc743e6c75c5f893d43339da269714ec275a8e7da8f9d45931e1683551523dfcb64826320fcda068e7929b6bb5710a214cd002bf7161e9

Download Submit
C:\Windows\system\OjRhGiH.exe

Filesize
6.0MB

MD5
46a6b643383c860caa12e2852f0a66a2

SHA1
e6f2f6bd64ce15cfb751a18ad3bb2c69b73c0730

SHA256
0e3fe26f14f7a2d26d510fd48c329807e834ef48e42f852a6de8d5b7b61f88bb

SHA512
576e35b89582f2369541b731a868abb92d663d89037dfbe0d76313e8768be097d80ec2f5cabea5eb4cb8b8bb6f1b18c29b474c8f256f24e706e4577374ea3e00

Download Submit
C:\Windows\system\QKYazNA.exe

Filesize
6.0MB

MD5
21d03eefc73f40df81d20741fff01fd6

SHA1
f611b4abc8e93fee0788da84b95a107239a21b0b

SHA256
ed1c0e7851129c14edb5f22d48570b4aae70bb198335624bc0920b6f5bffd808

SHA512
f11fb9e4e65948a952525389d59fac96d2f531516f1829a4aa1ecab3c254949931b4bf91f3747b592f52629d6c2c701672f43be5571e13afa08f78947e3ba5ee

Download Submit
C:\Windows\system\TlTswnC.exe

Filesize
6.0MB

MD5
8ddcf78161383cc5ae4f6bd8b0e207cc

SHA1
6671fc8a1a6508ae9338652511a492ca1c73c4eb

SHA256
c3bfe4b293e16c429329c0c756259cf43b11bbd44c16413bdf29cbab2df9ebf8

SHA512
8737f260e66a74d958aa21723baea799cb7e7882f15e212e61d6950e1d21266e6dcd3c27e22c2d8c950becaf4b2e88550336f2251454f2489cb24220e8624f73

Download Submit
C:\Windows\system\WGFCmxq.exe

Filesize
6.0MB

MD5
8300db8f5755dc20c59fa451c586dff2

SHA1
cb8c8061f7a6b7381e2dd4174bf6bd3e53d11fe7

SHA256
bdbbd3d144c7bffd991778388ae1f4953ede7e96e0f8f8df7547bce24ae56642

SHA512
675cf319e7064b5f7068b7d90a25ba8b1765f60d1ab4fe19ca5cad7e42ff344dfb7e0fe5ea8e497d15c79213d1b20c382697c3d5646139a1bd671221341af871

Download Submit
C:\Windows\system\ZUzeXgn.exe

Filesize
6.0MB

MD5
820b00a3467d429124fdb2ebdd05fec8

SHA1
bc331cc5cad3a6fd14095acc7857ba351ba38914

SHA256
ccd65830cca34512bfe9b9344a7dea4b916af23e29987c97b70d3c89dca6d537

SHA512
f00bfc66db16b47dacaaac136bab2b314f2ebea0fece64dadc4a80e83db9f73c15aae94f7eb0c6188703fdc05c6f6ce829aa3b7ddf02462e67c9634d20c47618

Download Submit
C:\Windows\system\cjHhQVB.exe

Filesize
6.0MB

MD5
265b74e41e5c5da0a9cb5fbca9b28689

SHA1
42859952027a1fbe15fc981c10a0788139946e0d

SHA256
3e99190778bce5faf87a21787c1093ff9d6fa586b0858bb979c91727dffcc477

SHA512
968f3506906d60eecbb337d7df4ac782f8e7509471d9da692d913b7914dcf708f0e4ea36ab6d50b6c88bb216bbae532afea7c68bca279c075b7728b182e1c374

Download Submit
C:\Windows\system\eGghEQH.exe

Filesize
6.0MB

MD5
c6ee295279078671071b5d837d5e26db

SHA1
19699e582c0db3a7cd0d215d156b28a4c9c3aa20

SHA256
f88ffd8e9d1bd6db2a0c82d4312109734e9a7b006551a5d8b5cce3aa2eacbeb2

SHA512
7db2cdd124fb72899d483f04ffb8a8361ab0d5f32979f2edd5f3c47a3c1bafb1b98a53ded14eec2c816f0997b1bac16f1686195fa191556203e0bdd835305a30

Download Submit
C:\Windows\system\eORfSgV.exe

Filesize
6.0MB

MD5
3889ee47fe5c816ee62c8114a23613d5

SHA1
0e76c93ef673a3dc1901c0cf2d78ad4d9426be82

SHA256
cf6f1a128f7aeed4adfa106ddcc3229323923a2b957e7646415a722e261117db

SHA512
b11797d93ae79071cd4e287e8880b63f0ed55b4c13c4ced21c7c07fdbe1999577d96b02176453d9d00f29d730ec1a7f15d9acb15288b78138111bdd79f15c24e

Download Submit
C:\Windows\system\hkvYdIU.exe

Filesize
6.0MB

MD5
3c8cb4e1986c0703e539b38e534edd4f

SHA1
495c4e2723ab78bff2f5a3f80c837d2ad680deb5

SHA256
f2129833b5d043df4bc0b6531aece4ef6a925dbd875bdabd521835a25cbe2398

SHA512
60a847c390506669f70ff26ba29d9eb36cf11a7632c108ef505001e59863d45fb48ca5cc646f1bf0909eed3c0171f76a41267b191b8907304e96a9fa454cf7c0

Download Submit
C:\Windows\system\jCrnsgL.exe

Filesize
6.0MB

MD5
38e7636cde3f61b0d11564bd9d63cf7f

SHA1
0a2fb14382a526b5b2e202bdbb1a57b411082d14

SHA256
403b1ac04e554e8c4f941947f7b7374ed502e59aec39c2de02de3ecd4f4cd2c0

SHA512
ded613ea9474d6c8c626ec70bdc7c48f5e405fa08c361203ca7c2e9794b9e774e0d671f932c6c17543488d09085e597ca1d8510b28f79af21d061c54c48cd81e

Download Submit
C:\Windows\system\ntCTthn.exe

Filesize
6.0MB

MD5
623f10b5c502d5fbb46c66243ecc7353

SHA1
a563f3b7b3715b87319d8c580c04fe8acca59790

SHA256
c5cea999dd6d92c81dd456378763a6c5e16030b5b889314f8696753d3b5824fc

SHA512
95965543501a230122a4c20e8174b9a00c77311e02a4b96f4e2783bbd6b2d0a230dbe7c0abe095fee1500df8c6aaec09802a85d596ca2f86397cf2e9d23152d6

Download Submit
C:\Windows\system\nwNsxuz.exe

Filesize
6.0MB

MD5
068fdce3290c1651f591942efbe17832

SHA1
b28908857fb7c765a67ad0dce97a00aa12f447ce

SHA256
cc97bc9ed58e0f9ded3137b49e9e3e3110f85d2f9d2844e664a1e35c67037f2e

SHA512
d13ec472737dd86a402b8915d576ac8ff0725ec06df30f148f8cc1584b564381c689baebb7535076b8836d8d17c571663e23054f086c3dec2d3de921e302469a

Download Submit
C:\Windows\system\nwxuURT.exe

Filesize
6.0MB

MD5
0c242bb972b4a51be65135a9cbd7591a

SHA1
da2c19f87eaff69f054afcb0f35a9ee66a6dc663

SHA256
4cbe44ee38c4553f06bf8bc00516702103b3cf15eb0296847ef8222258826dab

SHA512
ad098217b61a82b1d04f89e80c84881e94dc92ab9c7ff2b90285c4f2878157428762ee12fd1a416d14fbbb8638c521a375799190eb62efca9cc8c3a722e00168

Download Submit
C:\Windows\system\ogveiWl.exe

Filesize
6.0MB

MD5
ef412723ea6d090fecc6bd6510b7fa65

SHA1
5052ba3d7d5c0bde0809c7067cb13429ffca4d39

SHA256
629c96b3f51992550ff1d6502cef7aedc10a5b44d3eb2ef69b63960ed4a6fddf

SHA512
9cff6ec99c6ad34c7bebfb3ef465578d2c0551f21c448786ae9ec161d93b56502f077aa43e5d7127b18fc5614383ad67cf05163a79b6329e2233eac35dfeae2a

Download Submit
C:\Windows\system\pFsjHrX.exe

Filesize
6.0MB

MD5
18bf9bc33af68faa17e6abf1a7767e6a

SHA1
52623203e975d2b7efc1ad00b6dfdc83e258aa58

SHA256
75c90bff5b67640884a26f61682d90e2cb85951b72bba47087ab5828fe62f198

SHA512
6f11e9247389584c3882767a17071e0c652094b52df458901c1c25abd6e0f57a646b0f3d3d246d45581ef564b21045fb5bc94686a2105770b66207369dd480a6

Download Submit
C:\Windows\system\xKnmGxe.exe

Filesize
6.0MB

MD5
5b157897ae2ebe0a20213c7040c6cebd

SHA1
c7372b3ce3cd4340409fa9df674328f0c3e2eac8

SHA256
0b2fc6603728580d3386f1348124693a7d17cc2c8ca4d62b33f6b60637edfcd8

SHA512
b5c556e9f64c2b4a8940522a5a6f6e5a2a7252817ecc63cb84f401405502832bf2e5611952b41704fd1eaed28e08cb7853824ff89175b1557f7d9549a437ba75

Download Submit
C:\Windows\system\ygFFAed.exe

Filesize
6.0MB

MD5
db647dc94a4689fc8556a0cc48a62d65

SHA1
ee5d8c77381b2c802f74f67ab77ad465aa3874a2

SHA256
36900eed76234ea09b2d3d44a492c0f3b2f9e20dece00b910d2e4adb0b1bd3cc

SHA512
f37e3b95107e3ab63c8d8b03dd8137bb2edf33c05487317ac875340c5c9c228a76919902fbfcc4c913ac03edc0de94c6e3a59708d65976a5d68c7c9cfc83a75c

Download Submit
C:\Windows\system\ypyjgEi.exe

Filesize
6.0MB

MD5
63548f1dc0188cc3cae1889c71161526

SHA1
1a596f44ffe9f8073a331397030f874b9c0424bd

SHA256
db11ad005c385b69b7d5670def6625c78023506df21372dc7795a8c758d6ec6c

SHA512
6b24af6377a2a43a0d2445b345a9d3ac6a74b1a81d27ac6c8102ecfc05c3875207232ef120b265a27c3db47027239f3a14878a021d3f648f6e4269b11aa00ca4

Download Submit
C:\Windows\system\zerrAdY.exe

Filesize
6.0MB

MD5
4156e8c064404663f25821ea1345b2e9

SHA1
f49f6bd48ea902cec92f9283caf3200b541868fb

SHA256
9e98affbdc84bdfeaff1c754f231ec23fac474edcf856283407876b5efbc32a4

SHA512
683f7f60404e930845ea8acb17ff73d593fc6ff27fe6ceeb6f288ae88f124850420e209d37d7047021ed23d56de8912615647eb8e33d7214ff2a78362e51940b

Download Submit
\Windows\system\HSfmjRs.exe

Filesize
6.0MB

MD5
b3692cb32e2669c5e9539251691bb1be

SHA1
0463c02aa3482edb7ba327a13977573a07e99b61

SHA256
0e234529f164467a33226e8cd9e7c3da054df046d77daa2aa8e1fa998b64a39f

SHA512
0dcc0f23308f0130e356ee8a324bae0eaf206e15ef56ebdcb26c36f47fb0eec5b3b988326fdda71f7dbdfe341ec13625a4d6fedc0e48bf94794c71bd01afc264

Download Submit
\Windows\system\TLXGjBf.exe

Filesize
6.0MB

MD5
1cb0096dad0d62a04b762b9984c7417a

SHA1
4e55ea756f1fdb0512a54ca667ec9c43291432d8

SHA256
099063194b5b6d989bb9f69c69ab1617f7eff8a94b236c251d12f0021bba4a39

SHA512
fe0f22a9184c0555824af5704c3235ca54db1042865564ca87d5bb978e76e949db781aa526592ecb8ea80894246b2f86dcbc0c1ec3cc5a39cad9ee61900d170a

Download Submit
\Windows\system\YaShWeI.exe

Filesize
6.0MB

MD5
9691fddfed292970ecfb3128e894cc67

SHA1
7deefde3ba01e3d60af32c6329200a043a681339

SHA256
15c341b0abfafd9609a072e90e10af2a44f5dcab199d88cbf26b7aac5fd220bd

SHA512
2a21e996e2828346f5b7c81c38bd43555de58ab7b191cc28afdb3460222bda0e177200ac91bcf412b57a1d1d9d7d7e56fe54c633a0dfa79eedc79f82655a5c27

Download Submit
\Windows\system\hobOWwD.exe

Filesize
6.0MB

MD5
64940df73cc559749dcc3f6a640ce9de

SHA1
ee3707f079ad6c36823bda9940fbbf2f43f60696

SHA256
8e13b9e1891c7fc581922753e20d4af8c458bdf68628f049a3f39a565c1ae027

SHA512
8800b143dc9dcbd7a8226c3bc81438d2be49c5ca3adffd45db9b3037debb0cab27a8f5857fdda72bab1ef86aa78445bb1470f1bf15c41bc484125e705b45e23a

Download Submit
\Windows\system\kQHuDUy.exe

Filesize
6.0MB

MD5
66a0aa2299ccf509207dc197a069a550

SHA1
4267ce7cff8ea86194630b577890ec0a707cf6cf

SHA256
2598ab0fa841323a350ad8c0adbdd8e1f692bbec45e54ffa72a0a26e84bdef56

SHA512
5837dca2284f126a4e322aeea41e96f7a23f695885ab0190da9d00ec260288f96910439bbba590cc69b7664ce0bae6af8f8a73e7df6588ff23f9ab1f90fde233

Download Submit
\Windows\system\opFFXIf.exe

Filesize
6.0MB

MD5
ff2a0c1cc4de89534d0685b49be71781

SHA1
857243dccdf7c6aca98089d503a43a979cd8706c

SHA256
8f4929d81379180c37ad22ecd0f2ece82a87ab47da5cc401876141ea3b62ad3b

SHA512
88c9e6b78599d332ccc9e6d6026f938f78eb4bd5d79c040393c5289802f1a313ff99dcfc71f81cba02a035a938638827e92355fab59f6a1ebe76a53c136e39b0

Download Submit
memory/1116-384-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1116-1654-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1480-29-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1480-1527-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1532-365-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1532-1655-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1660-891-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1660-355-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1660-1998-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2156-379-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2156-1657-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2204-1544-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2204-36-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1644-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2380-80-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2612-59-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2612-1639-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2612-698-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2616-1606-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2616-42-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2616-81-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2732-74-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2732-1640-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2780-1616-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-51-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-1550-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-38-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-35-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2936-75-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2936-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/2936-369-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2936-54-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2936-364-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-990-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-1037-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2936-1039-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2936-809-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2936-805-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2936-803-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2936-380-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2936-76-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2936-33-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-57-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2936-0-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2936-37-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2936-83-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2936-53-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2936-49-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-41-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2936-807-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2936-40-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2936-7-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2952-34-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-1546-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-31-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2984-1525-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download